From nobody Tue Oct 1 00:02:30 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD9C11200A3 for ; Tue, 1 Oct 2019 00:02:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V19qqVuFapnZ for ; Tue, 1 Oct 2019 00:02:26 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 60776120019 for ; Tue, 1 Oct 2019 00:02:26 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id CC78A1AE0383; Tue, 1 Oct 2019 09:02:23 +0200 (CEST) Date: Tue, 01 Oct 2019 09:01:59 +0200 (CEST) Message-Id: <20191001.090159.1030761714187442745.mbj@tail-f.com> To: J.Schoenwaelder@jacobs-university.de Cc: kent+ietf@watsen.net, rwilton@cisco.com, wang.haiguang.shieldlab@huawei.com, netconf@ietf.org, rifaat.ietf@gmail.com From: Martin Bjorklund In-Reply-To: <20191001064054.2g4ujuoy7lsbgjm2@anna.jacobs.jacobs-university.de> References: <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <20191001064054.2g4ujuoy7lsbgjm2@anna.jacobs.jacobs-university.de> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 07:02:29 -0000 Sch=F6nw=E4lder, J=FCrgen wrote:= > On Tue, Oct 01, 2019 at 12:38:08AM +0000, Kent Watsen wrote: > > > = > > > It may make sense to split by security protocol. > > = > > That would go some towards addressing Rich's concern. Presumably w= e would have one module each for SSH and TLS algorithms. That said, t= o Rich's concern, there is a constant churn with them. This churn conc= erns two activities: the removal and addition of algorithms. Both occ= ur at protocol-version boundaries and, perhaps, other times as well. T= his suggests to me that we could further refine the identities by proto= col version, something like this: > > = > > In ietf-crypto-types: > > = > > identity base-alg {} > > identity tls-alg { base "base-alg" } > > identity ssh-alg { base "base-alg" } > > = > > In ietf-tls-1.1-types: > > = > > identity tls-1.1-alg { base "ct:tls-alg" } > > > > = > > In ietf-tls-1.2-types: > > = > > identity tls-1.2-alg { base "ct:tls-alg" } > > > > = > > etc. > > = > > Updates only to the specific module would be needed. The updates = would only need to support new algorithms (not to remove support for le= gacy algorithms), as a different mechanism can be used for a server to = advertise which algorithms it actually supports (on a more granular lev= el). > = > I do not know whether this helps solving a problem or creates other > problems as side effects. I think we have > = > a) a set of named algorithms that is changing over time > b) a set of algorithms that are "blessed" for use a certain protocol > version (and the set may change over time) > c) a set of algorithms supported by a protocol implementation (may ch= ange > with over time as well, i.e., with firmware updates) > d) a set of algorithms configured to be used by a protocol implementa= tion > (this is really what we want to get at) > = > Perhaps it is best to use identities for a) Yes. > and to expose the other > sets via data leafs. I am not even sure exposing b) is required since= > b) is input to the protocol implementer and a client can (only) > configure what is implemented anyway. I think c) could be exposed as > config false data and d) is then config true data. While I agree that this would probably work, I'm not convinced it is required for now, to get this document done. I think it can be ok to declare this as out of scope for now. > = > > >> If advertising the specific identities is important, then a per = identity if-feature could be used, although I'm not entirely sure that = one feature per identity is really a great option either, but I think t= hat this would be better than one per module. > > > = > > > Why not instead have a config false list of algorithms supported?= Once > > > we have solved this problem generically, this list may get deprec= ated. > > = > > I like this idea, but it means that ietf-crypto-types, where this c= onfig false list would be defined, presumably, would then have protocol= accessible nodes and, to the point, may be odd for a "types" module to= define. Thoughts? - a "config false" list okay? > > > = > Such a config false list should go where the protocol specifics are > defined. And it likely has to be protocol version specific for > implementations that do support multiple versions of a security > protocol. Yes. > I am generally not a fan of overloading names (or concepts in > general). A YANG identity simply gives a name to something and a > module simply puts a collection of named definitions into a common > namespace. We should stay away from associating additional semantics > with how an identity is named or how a module is named. If additional= > information is needed, model that additional information as data. I agree. /martin > = > /js > = > -- = > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | German= y > Fax: +49 421 200 3103 > = From nobody Tue Oct 1 03:58:39 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E6D6120137 for ; Tue, 1 Oct 2019 03:58:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.247 X-Spam-Level: X-Spam-Status: No, score=0.247 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mSyzvCGxF7_y for ; Tue, 1 Oct 2019 03:58:35 -0700 (PDT) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20100.outbound.protection.outlook.com [40.107.2.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0077120127 for ; Tue, 1 Oct 2019 03:58:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OikP/n8JEDd2fQBrgpCFpMYk4Blg2kLu6pjnBRJ36cXoIV/pGEwWL3D+VvubUEeHpRi5JSW6jH19lHnOP4N8PChSY5s3/eQW0Kl/lTnEdcY6nec67xe+iXrDE0I0qHIE3VQG7mPtYd78IXedcuZ6GzeKHLs4JmbR/2J1dvhEBYHvZZRkZl4kjy0MeaUWXeohFHc+AHZ02GIyGc/9sRcHr97JAACis09PO+5dcxjQWpKqm8N96c40//IqoiiFWDdC6mOirehDvmVgzPJ4mCSsye87jqjT5zyOM9r6OvFTp0KVxKhD/DOC/CrvyYFP5sPV3pTChbQLadpxmwMrEqRdqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kASPEowH0XYT404PU6iGZVs2bXClrxh19pToy2uYgsI=; b=VDpgSo/gtGaX9jC2mSfvD3WRvEv9JSJFlryTinJ1AUpvEkCDMnvzSY0xjqfzvwVB60rsb0RtGjl1L9BLwkWD5u1XDOp3Lkp19IyHGzhqa6U6nRbr2mPMW0MCcRT5OS3zFfKqgUVETjdyBtDblJxBNIM6GI6vA+gRCqMIOreVpqtufbBN1KXKhIzzjO//+YX1eVmNE5IeSibTxwH8eiJH2Qo/VkP+drhCs7xtXto1qqpOzQvJVxqoSY/0QjMD/8eJz8FCsVkCtZcl9W8NteoAZsE1/0seJcM2uB0K76cKHm3qzZXCtod+819ohXJ5L25/liikoCCGW53x80kMe7VkhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kASPEowH0XYT404PU6iGZVs2bXClrxh19pToy2uYgsI=; b=wdvRjY0xoBhpKyyGdU5jnlGWXRjJ2JyYaM2iP5hlYBbdt8B2wYXZFRom9t5UVFO4gUdi4g3W4GCUmSFI49khWP32IUF3AzrGS8eCpPCZ8+KVf7dB1nCECnN6exuZd9COsDUq+4P9gmcw5V5iI9D5AAkntKakvMHx0Hq7PvveYeg= Received: from AM6PR07MB5944.eurprd07.prod.outlook.com (20.178.91.205) by AM6PR07MB5059.eurprd07.prod.outlook.com (20.177.118.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.15; Tue, 1 Oct 2019 10:58:32 +0000 Received: from AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142]) by AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142%7]) with mapi id 15.20.2327.004; Tue, 1 Oct 2019 10:58:32 +0000 From: tom petch To: Kent Watsen , Juergen Schoenwaelder CC: "netconf@ietf.org" Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVeEcpxg99sP1vx0ePyapv0CmMzw== Date: Tue, 1 Oct 2019 10:58:31 +0000 Message-ID: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: CWLP123CA0111.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:5f::27) To AM6PR07MB5944.eurprd07.prod.outlook.com (2603:10a6:20b:90::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Microsoft Outlook Express 6.00.2800.1106 x-originating-ip: [86.139.211.103] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0f706f79-ca5c-4397-26d6-08d7465e4bbf x-ms-traffictypediagnostic: AM6PR07MB5059: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 0177904E6B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(376002)(346002)(136003)(396003)(366004)(39860400002)(13464003)(51444003)(199004)(189003)(8676002)(66066001)(81166006)(81156014)(61296003)(3846002)(6116002)(9686003)(6512007)(6306002)(66574012)(186003)(4326008)(305945005)(2906002)(7736002)(44736005)(66556008)(66476007)(8936002)(5660300002)(14444005)(256004)(66946007)(99286004)(66446008)(64756008)(6486002)(62236002)(1556002)(229853002)(44716002)(71190400001)(71200400001)(316002)(6436002)(4720700003)(52116002)(81816011)(81686011)(966005)(14496001)(478600001)(76176011)(50226002)(386003)(6506007)(53546011)(6246003)(14454004)(476003)(26005)(486006)(446003)(102836004)(86362001)(25786009)(110136005)(74416001)(7726001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR07MB5059; H:AM6PR07MB5944.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1; received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Om+hJGwDUYU422Z0GLG6zryYbXiHiLnyJSxL0TFo+TKIjIwie1+TM7zhNXTOPcUTmuDf13t78rT+TJteZi9BC91YqX6e/bB6UpZKbQwXTjLMklhecKbXu+tIXBOj3PQDpNYQNGTGc36TetH25mPbrQLIffl6tQPlKNTdSBdAWCOJurMW47sW9QkPFykrhX11Tuzwm0Rf50qctMqCuiGY2y3jDLmNtIw0PxQnOAFBT1MYG8KqiG1fs2gyP5TUYujgnwkFEyMEdBp1+FIYhIHlyoCoNY5Old+o3vrF6BE410uIDiC3IShLRZ6wiYcYV7iRVeuQuHpRWs9SkHjewB99jbodmjyjpZxdbJ6SvCaQxtyoxrXpA2lItWM5ZylckZL3wcp/jKrf7I+jhw03RSkKAMbp2mo+YYWYiTYvq5/P7xzXCfqAYRl3Xxm+lrEHGHHGfMmcaKXpAr3ck0Fd/ch+9w== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <32A2B77F812E0D4B80FE3D5F902C9620@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: btconnect.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0f706f79-ca5c-4397-26d6-08d7465e4bbf X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2019 10:58:31.2350 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 1g43MHX0LYpFUsoEVXsavQ5zVjJpbtpqBtN3yLKdGhWYv2Z3QcKL8KLWbGEVfy5nYurTl+SGrlEPyn3DrFEcXg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5059 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 10:58:38 -0000 PGlubGluZSB0cD4NCg0KLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLQ0KRnJvbTogIktlbnQg V2F0c2VuIiA8a2VudCtpZXRmQHdhdHNlbi5uZXQ+DQpUbzogIkp1ZXJnZW4gU2Nob2Vud2FlbGRl ciIgPEouU2Nob2Vud2FlbGRlckBqYWNvYnMtdW5pdmVyc2l0eS5kZT4NCkNjOiA8bmV0Y29uZkBp ZXRmLm9yZz47IDx3YW5nLmhhaWd1YW5nLnNoaWVsZGxhYkBodWF3ZWkuY29tPjsNCjxyaWZhYXQu aWV0ZkBnbWFpbC5jb20+DQpTZW50OiBUdWVzZGF5LCBPY3RvYmVyIDAxLCAyMDE5IDE6MzggQU0N Cg0KPiBPbiBTZXAgMjcsIDIwMTksIGF0IDE6NDYgUE0sIFNjaMO2bnfDpGxkZXIsIErDvHJnZW4N CjxKLlNjaG9lbndhZWxkZXJAamFjb2JzLXVuaXZlcnNpdHkuZGU+IHdyb3RlOg0KPg0KPiBPbiBG cmksIFNlcCAyNywgMjAxOSBhdCAwMzo1Mzo1MVBNICswMDAwLCBSb2IgV2lsdG9uIChyd2lsdG9u KSB3cm90ZToNCj4+IEkgYmFzaWNhbGx5IGFncmVlIHdpdGggd2hhdCBNYXJ0aW4gaXMgc2F5aW5n Lg0KPg0KPiBTbyBkbyBJLg0KDQpIbW1tLi4uDQoNCj4+IEVpdGhlciBvbmUgWUFORyBtb2R1bGUg Y29udGFpbmluZyBhbGwgb2YgdGhlIGNyeXB0byBpZGVudGl0aWVzLCBvciBhDQpmZXcgWUFORyBt b2R1bGVzIGFzIHByZXZpb3VzbHkgc3VnZ2VzdGVkLg0KPg0KPiBJdCBtYXkgbWFrZSBzZW5zZSB0 byBzcGxpdCBieSBzZWN1cml0eSBwcm90b2NvbC4NCg0KVGhhdCB3b3VsZCBnbyBzb21lIHRvd2Fy ZHMgYWRkcmVzc2luZyBSaWNoJ3MgY29uY2Vybi4gIFByZXN1bWFibHkgd2UNCndvdWxkIGhhdmUg b25lIG1vZHVsZSBlYWNoIGZvciBTU0ggIGFuZCBUTFMgYWxnb3JpdGhtcy4gIFRoYXQgc2FpZCwg dG8NClJpY2gncyBjb25jZXJuLCB0aGVyZSBpcyBhIGNvbnN0YW50IGNodXJuIHdpdGggdGhlbS4g IFRoaXMgY2h1cm4NCmNvbmNlcm5zIHR3byBhY3Rpdml0aWVzOiAgdGhlIHJlbW92YWwgYW5kIGFk ZGl0aW9uIG9mIGFsZ29yaXRobXMuICBCb3RoDQpvY2N1ciBhdCBwcm90b2NvbC12ZXJzaW9uIGJv dW5kYXJpZXMgYW5kLCBwZXJoYXBzLCBvdGhlciB0aW1lcyBhcyB3ZWxsLg0KVGhpcyBzdWdnZXN0 cyB0byBtZSB0aGF0IHdlIGNvdWxkIGZ1cnRoZXIgcmVmaW5lIHRoZSBpZGVudGl0aWVzIGJ5DQpw cm90b2NvbCB2ZXJzaW9uLCBzb21ldGhpbmcgbGlrZSB0aGlzOg0KDQpJbiBpZXRmLWNyeXB0by10 eXBlczoNCg0KICAgIGlkZW50aXR5IGJhc2UtYWxnIHt9DQogICAgaWRlbnRpdHkgdGxzLWFsZyB7 IGJhc2UgImJhc2UtYWxnIiB9DQogICAgaWRlbnRpdHkgc3NoLWFsZyB7IGJhc2UgImJhc2UtYWxn IiB9DQoNCkluIGlldGYtdGxzLTEuMS10eXBlczoNCg0KICAgIGlkZW50aXR5IHRscy0xLjEtYWxn IHsgYmFzZSAiY3Q6dGxzLWFsZyIgfQ0KICAgIDxhIGJ1bmNoIG9mIHRscy0xLjEgaWRlbnRpdGll cyBoZXJlPg0KDQpJbiBpZXRmLXRscy0xLjItdHlwZXM6DQoNCiAgICBpZGVudGl0eSB0bHMtMS4y LWFsZyB7IGJhc2UgImN0OnRscy1hbGciIH0NCiAgICA8YSBidW5jaCBvZiB0bHMtMS4yIGlkZW50 aXRpZXMgaGVyZT4NCg0KZXRjLg0KDQo8dHA+DQoNCktlbnQNCg0KSSBhbSBub3Qgc3VyZSBob3cg dGhpcyBjYW4gd29yay4gVExTIGhhcyBjaXBoZXJzdWl0ZXMsIHJhdGhlciB0aGFuDQphbGdvcml0 aG1zLCBhbGJlaXQgd2hpY2ggYXJlIGNvbWJpbmF0aW9ucyBvZiBhbGdvcml0aG1zLiAgVGFraW5n IFRMUzEuMiwNClJGQzUyNDYsIHRoZSBjaXBoZXJzdWl0ZSBpcyBhIGNvbWJpbmF0aW9uIG9mIEtF WCwgY2lwaGVyLCBNQUMgbGVhZGluZyB0bw0KZS5nLiBUTFNfUlNBX1dJVEhfQUVTXzEyOF9DQkNf U0hBDQood2hpY2ggaXMgTVRJKS4NCg0KU2VwYXJhdGVseSwgaXQgaGFzIGEgc2lnbmF0dXJlIGFs Z29yaXRobSBhbmQgaGFzaCBhbGdvcml0aG0gcmVnaXN0cnkNCndoaWNoIG1heSBiZSByZWxldmFu dCwgZGVwZW5kaW5nIG9uIHRoZSBjaXBoZXJzdWl0ZTsgdGhlc2UgZml0IHJhdGhlcg0KYmV0dGVy IHdpdGggdGhlIGFwcHJvYWNoIG9mIHRoaXMgbW9kZWwuDQoNCkxvb2tpbmcgYXQgdGhlIElBTkEg cmVnaXN0cnkgb2YgVHJhbnNwb3J0IExheWVyIFNlY3VyaXR5IENpcGhlciBTdWl0ZXMNCmdpdmVz ICh0byBtZSkgYSBnb29kIHNlbnNlIG9mIGhvdyB0aGlzIGhhcyBldm9sdmVkIGZyb20gYSBiYXNl IGxpc3QgZm9yDQpUTFMxLjIgaW4gUkZDNTI0NiB3aXRoIFJGQzU5MzIgdGhlbiBhZGRpbmcgQ2Ft ZWxsaWEsIFJGQzUyODggQUVTIEdDTQ0Kd2hpbGUgUkZDNjI4OSB1cGRhdGVzIHRoZSB1c2Ugb2Yg RUNDLCBSRkM1NDg3IGFkZHMgUFNLIHdpdGggQUVTIEdDTSwNClJGQzcyNTEgYWRkcyBBRVMtQ0NN LCBSRkM3OTA1IGFkZHMgQ0hBQ0hBMjAgYW5kIHNvIG9uLiAgSXQgaXMgYSBsb25nDQpsaXN0LCBl eHRlbmRlZCBtYW55IHRpbWVzLiAgVExTIDEuMyBpcywgc28gZmFyLCBhIHNob3J0ZXIgbGlzdC4N Cg0KU28gaXMgeW91ciBsaXN0IG9mIGFsbCB0aGUgY2lwaGVyc3VpdGVzIG9yIG11bHRpcGxlIGxp c3RzIG9mIHRoZQ0KYWxnb3JpdGhtcyB0aGF0DQp1bmRlcnBpbiB0aGVtPw0KDQpJdCBjb21lcyBi YWNrIHRvIHdoYXQgaXMgZ29pbmcgdG8gdXNlIHRoaXMgbW9kdWxlLiBXaGVuZXZlciBJIHNlZSBU TFMsIEkNCnNlZSBjaXBoZXJzdWl0ZXMgZmlyc3QgYW5kIGZvcmVtb3N0LCBub3QgYWxnb3JpdGht cy4NCg0KU1NIIGlzIGRpZmZlcmVudCwgd2l0aCBLRVggbWV0aG9kIG5hbWVzLCBhdXRoZW50aWNh dGlvbiBtZXRob2QgbmFtZXMNCmVuY3J5cHRpb24gYWxnb3JpdGhtIG5hbWVzIGFuZCBzbyBvbiwg d2l0aCBmYXIgZmV3ZXIgb2YgdGhlbSwgYSBiZXR0ZXINCmZpdCBmb3IgdGhpcyBtb2RlbC4gIEJ1 dCB0aGVuIFNTSCBpbmNsdWRlcyB0aGUgRGlmZmllLUhlbGxtYW4gZ3JvdXAgaW4NCnRoZSBLRVgg bmFtZSB3aGVyZSBUTFMgcHV0cyB0aGF0IGluIGFuIGV4dGVuc2lvbiAtIG5vdCB0aGUNCmNpcGhl cnN1aXRlIC1mb3IgVExTMS4zIHNvIHRoZSBjb25jZXB0IG9mIGEgS0VYIGlzIGEgYml0IGRpZmZl cmVudC4NCg0KVG9tIFBldGNoDQoNClVwZGF0ZXMgb25seSB0byB0aGUgc3BlY2lmaWMgbW9kdWxl IHdvdWxkIGJlIG5lZWRlZC4gICBUaGUgdXBkYXRlcyB3b3VsZA0Kb25seSBuZWVkIHRvIHN1cHBv cnQgbmV3IGFsZ29yaXRobXMgKG5vdCB0byByZW1vdmUgc3VwcG9ydCBmb3IgbGVnYWN5DQphbGdv cml0aG1zKSwgYXMgYSBkaWZmZXJlbnQgbWVjaGFuaXNtIGNhbiBiZSB1c2VkIGZvciBhIHNlcnZl ciB0bw0KYWR2ZXJ0aXNlIHdoaWNoIGFsZ29yaXRobXMgaXQgYWN0dWFsbHkgc3VwcG9ydHMgKG9u IGEgbW9yZSBncmFudWxhcg0KbGV2ZWwpLg0KDQpPbmUgaXNzdWUgbm90IGFkZHJlc3NlZCBpcyBk ZWZpbmluZyB0aGUgaWRlbnRpdGllcyBmb3IgdGhlIGFsZ29yaXRobXMNCnVzZWQgdG8gZW5jcnlw dCBvdGhlciBrZXlzIGluIHRoZSBrZXlzdG9yZS4gICBBdCBsZWFzdCwgbmVpdGhlciBTU0ggb3IN ClRMUyBhcmUgaW52b2x2ZWQuICBIb3dldmVyLCBib3RoIHRoZSBrZXlzdG9yZSBhbmQgVExTIHVz ZSAiQVNOLjEiIGFuZA0Kc28sIHNvbWVob3csIHRoZSBrZXlzdG9yZSBtYXkgYmUgZW5jcnlwdGlu ZyB3aXRoICJUTFMiIChyZWFsbHkgQVNOLjEpDQprZXlzIGFscmVhZHkuLi4gKHJlcXVpcmVzIG1v cmUgYW5hbHlzaXMpDQoNCg0KPj4gSWYgYWR2ZXJ0aXNpbmcgdGhlIHNwZWNpZmljIGlkZW50aXRp ZXMgaXMgaW1wb3J0YW50LCB0aGVuIGEgcGVyDQppZGVudGl0eSBpZi1mZWF0dXJlIGNvdWxkIGJl IHVzZWQsIGFsdGhvdWdoIEknbSBub3QgZW50aXJlbHkgc3VyZSB0aGF0DQpvbmUgZmVhdHVyZSBw ZXIgaWRlbnRpdHkgaXMgcmVhbGx5IGEgZ3JlYXQgb3B0aW9uIGVpdGhlciwgYnV0IEkgdGhpbmsN CnRoYXQgdGhpcyB3b3VsZCBiZSBiZXR0ZXIgdGhhbiBvbmUgcGVyIG1vZHVsZS4NCj4NCj4gV2h5 IG5vdCBpbnN0ZWFkIGhhdmUgYSBjb25maWcgZmFsc2UgbGlzdCBvZiBhbGdvcml0aG1zIHN1cHBv cnRlZD8gT25jZQ0KPiB3ZSBoYXZlIHNvbHZlZCB0aGlzIHByb2JsZW0gZ2VuZXJpY2FsbHksIHRo aXMgbGlzdCBtYXkgZ2V0IGRlcHJlY2F0ZWQuDQoNCkkgbGlrZSB0aGlzIGlkZWEsIGJ1dCBpdCBt ZWFucyB0aGF0IGlldGYtY3J5cHRvLXR5cGVzLCB3aGVyZSB0aGlzIGNvbmZpZw0KZmFsc2UgbGlz dCB3b3VsZCBiZSBkZWZpbmVkLCBwcmVzdW1hYmx5LCB3b3VsZCB0aGVuIGhhdmUgcHJvdG9jb2wN CmFjY2Vzc2libGUgbm9kZXMgYW5kLCB0byB0aGUgcG9pbnQsIG1heSBiZSBvZGQgZm9yIGEgInR5 cGVzIiBtb2R1bGUgdG8NCmRlZmluZS4gICBUaG91Z2h0cz8gIC0gYSAiY29uZmlnIGZhbHNlIiBs aXN0IG9rYXk/DQoNCg0KUmljaCwgZG9lcyBhbnkgb2YgdGhpcyBsaW5lIG9mIHRoaW5raW5nIGFk ZHJlc3MgeW91ciBjb25jZXJuPyAgLSBvcg0KbWF5YmUgeW91IGxpa2VkIG1vcmUgbXkgcHJldmlv dXMgaWRlYSBvZiB1c2luZyBJQU5BIHJlZ2lzdHJpZXM/DQoNCktlbnQgLy8gY29udHJpYnV0b3IN Cg0KDQoNCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KLS0tLS0tLS0NCg0KDQo+IF9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IG5ldGNvbmYgbWFpbGluZyBs aXN0DQo+IG5ldGNvbmZAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9uZXRjb25mDQo+DQoNCg== From nobody Tue Oct 1 09:44:11 2019 Return-Path: <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCEB112087A for ; Tue, 1 Oct 2019 09:44:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZHJ9FAhOFIE for ; Tue, 1 Oct 2019 09:44:04 -0700 (PDT) Received: from a8-88.smtp-out.amazonses.com (a8-88.smtp-out.amazonses.com [54.240.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4E1E120A99 for ; Tue, 1 Oct 2019 09:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1569948231; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=4gkRxIATdlfKZqTKZXPuqC18LmnSGA7o7TTcqGpZPuI=; b=LUglehm4tVESn6DhA/I2fdVZiKPflzzZpCXQCCSLLtRZhXtRxizo8xYYav1vQVyg qdHgyAMtsV9JGxHWW0xrVi0xiKZFxDj9ywg+Ez7nG8Mo30JVXr3DmCdiqTzaNyo6Bk5 5qcAi4D6Et9HHO2EW29je1lx/u+lsushsOpvpnZ0= From: Kent Watsen Message-ID: <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_C241ACA0-321D-45E0-B815-2B13DB6EA9C1" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 1 Oct 2019 16:43:51 +0000 In-Reply-To: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> Cc: Juergen Schoenwaelder , "netconf@ietf.org" To: tom petch References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.01-54.240.8.88 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 16:44:08 -0000 --Apple-Mail=_C241ACA0-321D-45E0-B815-2B13DB6EA9C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Thanks for pointing that out, Tom. I was going to say something along = these lines in a response to Juergen. The net is that partitioning = identities along protocol boundaries is misdirected. We need to focus = on the algorithms, not the cipher suites. =20 Going back to the primary goal, we care about is how to use the = "algorithm" field to identify the format of the public and private key = fields. To this end, the field could be called a "key-format" instead. = There is a secondary goal to pass an "algorithm" parameter into the = 'generate-symmetric-key' and 'generate-asymmetric-key' actions, but = maybe the problems can be separated? In OpenSSL, the commands are: 1) `openssl genrsa -out rsa_private_key.pem 2048` creates an = RSAPrivateKey (from RFC3447) 2) `openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem` = creates a SubjectPublicKeyInfo (from RFC5280) 3) `openssl ecparam -genkey -name prime256v1 -out ec_private_key.pem` = creates an ECPrivateKey (from RFC5915) 4) `openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem` = creates a SubjectPublicKeyInfo (from RFC5280) OpenSSH, the commands are: 1) `ssh-keygen -t rsa -b 4096 -C "your_email@example.com"` creates an = RSAPrivateKey (from RFC3447) and a proprietary public key file format. 2) `ssh-keygen -t ed25519 -b 4096 -C "your_email@example.com"` creates = an ECPrivateKey (from RFC5915) and a proprietary public key file format. 3) `ssh-keygen -e [-m RFC4716] -f ` exports the public = key format described by RFC 4716. Disclaimer: (2) is just a guess, based on (1), which I haven't tested = myself yet. In order to just identify the format, perhaps we use something like the = following, which could be in ietf-crypto-types: (Note I added = OneSymmetricKey and OneAsymmetricKey formats as well. That is, with = this approach, it's not an "either-or" tradeoff, both can be defined.) /*** all key format types ****/ identity key-format-base {} identity public-key-format { base "key-format-base" } identity private-key-format { base "key-format-base" } identity symmetric-key-format { base "key-format-base" } /**** for private keys ****/ identity rsa-private-key-format { // used by SSH and TLS base "private-key-format"; description "An RSAPrivateKey (from RFC 3447)."; } identity ec-private-key-format { // used by SSH and TLS base "private-key-format"; description "An ECPrivateKey (from RFC 5915)"; } identity one-asymmetric-key-format { base "private-key-format"; description "A OneAsymmetricKey (from RFC 5958)."; }=20 identity encrypted-private-key-format { base "private-key-format"; description "A CMS EncryptedData structure (RFC 5652) = containing a OneAsymmetricKey (RFC 5958)."; } /**** for public keys ****/ identity ssh-public-key-format { base "public-key-format"; description "The public key format described by RFC = 4716."; } identity subject-public-key-info-format { base "public-key-format"; description "A SubjectPublicKeyInfo (from RFC 5280)."; } /**** for symmetric keys ****/ identity symmetric-key-format { base "symmetric-key-format"; description "An OctetString from ASN.1."; =20 // Knowing that it is an "OctetString" isn't really = helpful. =20 // Knowing the length of the octet string would help = a little, as it relates to the algorithm's block size // We may want to only (for now) use = "one-symmetric-key-format" for symmetric keys. // ^---- the usability issues Juergen mentioned = before only applies to asymmetric keys? } identity one-symmetric-key-format { base "symmetric-key-format"; description "A OneSymmetricKey (from RFC6031)."; }=20 identity encrypted-symmetric-key-format { base "symmetric-key-format"; description "A CMS EncryptedData structure (RFC 5652) = containing an OneSymmetricKey (RFC 6031)."; }=20 then, the public-key grouping might look like: grouping public-key-grouping { description "A public key and its associated algorithm."; leaf key-format { nacm:default-deny-write; type public-key-format; mandatory true; description "Identifies the format key's binary data = value."; } leaf public-key { nacm:default-deny-write; type binary; mandatory true; description "The binary value of the public key. The interpretation of the value is defined by the 'key-format' field."; } } and the key-pair grouping might look like: grouping asymmetric-key-pair-grouping { description "A private key and its associated public key."; uses public-key-grouping; choice private-key-type { mandatory true; description "Choice between key types."; leaf private-key { nacm:default-deny-all; type binary; description "The binary value of the private key. The = interpretation of the value is defined by the 'key-format' field."; } leaf hidden-private-key { nacm:default-deny-write; type empty; description "A permanently hidden key. How such keys are created is outside the scope of this module."; } } } and the symmetric grouping might look like: grouping symmetric-key-grouping { description "A symmetric key and algorithm."; leaf key-format { nacm:default-deny-write; type public-key-format; mandatory true; description "Identifies the symmetric key's format."; } choice key-type { mandatory true; description "Choice between key types."; leaf key { nacm:default-deny-all; type binary; description "The binary value of the key. The interpretation of the value is defined by the 'key-format' field."; } leaf hidden-key { nacm:default-deny-write; type empty; description "A permanently hidden key. How such keys are created is outside the scope of this module."; } } } To put an end to this email, recall above it was said that the secondary = goal is to pass an "algorithm" parameter into the = 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what = kind of key to generate, right?). Most of the above regards the key = formats (not algorithms, though the OneSymmetricKey and OneAsymmetricKey = structs do self-identify their algorithms). I don't have an answer for = this yet, but maybe we can mimic some aspect of the above for it? Comments? Kent // contributor > On Oct 1, 2019, at 6:58 AM, tom petch wrote: >=20 > >=20 > ----- Original Message ----- > From: "Kent Watsen" > To: "Juergen Schoenwaelder" > Cc: ; ; > > Sent: Tuesday, October 01, 2019 1:38 AM >=20 >> On Sep 27, 2019, at 1:46 PM, Sch=C3=B6nw=C3=A4lder, J=C3=BCrgen > wrote: >>=20 >> On Fri, Sep 27, 2019 at 03:53:51PM +0000, Rob Wilton (rwilton) wrote: >>> I basically agree with what Martin is saying. >>=20 >> So do I. >=20 > Hmmm... >=20 >>> Either one YANG module containing all of the crypto identities, or a > few YANG modules as previously suggested. >>=20 >> It may make sense to split by security protocol. >=20 > That would go some towards addressing Rich's concern. Presumably we > would have one module each for SSH and TLS algorithms. That said, to > Rich's concern, there is a constant churn with them. This churn > concerns two activities: the removal and addition of algorithms. = Both > occur at protocol-version boundaries and, perhaps, other times as = well. > This suggests to me that we could further refine the identities by > protocol version, something like this: >=20 > In ietf-crypto-types: >=20 > identity base-alg {} > identity tls-alg { base "base-alg" } > identity ssh-alg { base "base-alg" } >=20 > In ietf-tls-1.1-types: >=20 > identity tls-1.1-alg { base "ct:tls-alg" } > >=20 > In ietf-tls-1.2-types: >=20 > identity tls-1.2-alg { base "ct:tls-alg" } > >=20 > etc. >=20 > >=20 > Kent >=20 > I am not sure how this can work. TLS has ciphersuites, rather than > algorithms, albeit which are combinations of algorithms. Taking = TLS1.2, > RFC5246, the ciphersuite is a combination of KEX, cipher, MAC leading = to > e.g. TLS_RSA_WITH_AES_128_CBC_SHA > (which is MTI). >=20 > Separately, it has a signature algorithm and hash algorithm registry > which may be relevant, depending on the ciphersuite; these fit rather > better with the approach of this model. >=20 > Looking at the IANA registry of Transport Layer Security Cipher Suites > gives (to me) a good sense of how this has evolved from a base list = for > TLS1.2 in RFC5246 with RFC5932 then adding Camellia, RFC5288 AES GCM > while RFC6289 updates the use of ECC, RFC5487 adds PSK with AES GCM, > RFC7251 adds AES-CCM, RFC7905 adds CHACHA20 and so on. It is a long > list, extended many times. TLS 1.3 is, so far, a shorter list. >=20 > So is your list of all the ciphersuites or multiple lists of the > algorithms that > underpin them? >=20 > It comes back to what is going to use this module. Whenever I see TLS, = I > see ciphersuites first and foremost, not algorithms. >=20 > SSH is different, with KEX method names, authentication method names > encryption algorithm names and so on, with far fewer of them, a better > fit for this model. But then SSH includes the Diffie-Hellman group in > the KEX name where TLS puts that in an extension - not the > ciphersuite -for TLS1.3 so the concept of a KEX is a bit different. >=20 > Tom Petch --Apple-Mail=_C241ACA0-321D-45E0-B815-2B13DB6EA9C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Thanks for pointing that out, Tom.  I was going to = say something along these lines in a response to Juergen.   =  The net is that partitioning identities along protocol boundaries = is misdirected.  We need to focus on the algorithms, not the cipher = suites.  

Going back to the = primary goal, we care about is how to use the "algorithm" field to = identify the format of the public and private key fields.  To this = end, the field could be called a "key-format" instead.   There is a = secondary goal to pass an "algorithm" parameter into the = 'generate-symmetric-key' and 'generate-asymmetric-key' actions, but = maybe the problems can be separated?

In OpenSSL, the commands are:

1) `openssl genrsa -out rsa_private_key.pem 2048` = creates an RSAPrivateKey (from RFC3447)
2) `openssl rsa = -in rsa_private_key.pem -pubout -out rsa_public_key.pem` creates a = SubjectPublicKeyInfo (from RFC5280)
3) `openssl ecparam = -genkey -name prime256v1 -out ec_private_key.pem` creates an = ECPrivateKey (from RFC5915)
4) `openssl ec -in = ec_private_key.pem -pubout -out ec_public_key.pem` creates a = SubjectPublicKeyInfo (from RFC5280)

OpenSSH, the commands are:

1) `ssh-keygen -t rsa -b 4096 -C "your_email@example.com"` creates an RSAPrivateKey (from = RFC3447) and a proprietary public key file format.
2) = `ssh-keygen -t ed25519 -b 4096 -C "your_email@example.com"` creates an ECPrivateKey = (from RFC5915) and a proprietary public key file = format.
3) `ssh-keygen -e [-m RFC4716] -f = <private-key-file>` exports the public key format described by RFC = 4716.

Disclaimer: (2) is just a = guess, based on (1), which I haven't tested myself yet.


In order to just = identify the format, perhaps we use something like the following, which = could be in ietf-crypto-types:  (Note I added OneSymmetricKey and = OneAsymmetricKey formats as well.  That is, with this approach, = it's not an "either-or" tradeoff, both can be defined.)


    /*** all key format = types ****/

  =   identity key-format-base {}
  =   identity public-key-format { base "key-format-base" }
  =   identity private-key-format { base "key-format-base" }
    identity = symmetric-key-format { base "key-format-base" }


  =   /**** for private keys ****/

    identity = rsa-private-key-format { // used by SSH and TLS
  =       base "private-key-format";
  =       description "An RSAPrivateKey (from RFC = 3447).";
    }

    identity = ec-private-key-format { // used by SSH and TLS
  =       base "private-key-format";
  =       description "An ECPrivateKey (from RFC = 5915)";
    }

    identity = one-asymmetric-key-format {
      =   base "private-key-format";
  =       description "A OneAsymmetricKey (from RFC = 5958).";
    } 

  =   identity encrypted-private-key-format {
  =       base "private-key-format";
  =       description "A CMS EncryptedData structure (RFC = 5652) containing a OneAsymmetricKey (RFC 5958).";
  =    }


=     /**** for public keys ****/

    identity = ssh-public-key-format {
      =   base "public-key-format";
  =       description "The public key format described by RFC = 4716.";
    }

    identity = subject-public-key-info-format {
      =   base "public-key-format";
  =       description "A SubjectPublicKeyInfo (from RFC = 5280).";
  =   }


  =   /**** for symmetric keys ****/

    = identity symmetric-key-format {
  =       base "symmetric-key-format";
  =               description "An = OctetString from ASN.1.";  
        =     // Knowing that it is an "OctetString" isn't really = helpful.  
  =           // Knowing the length of = the octet string would help a little, as it relates to the algorithm's = block size
        =     // We may want to only (for now) use = "one-symmetric-key-format" for symmetric keys.
  =           //     ^---- the usability = issues Juergen mentioned before only applies to asymmetric = keys?
  =   }

    = identity one-symmetric-key-format {
  =       base "symmetric-key-format";
  =       description "A OneSymmetricKey (from = RFC6031).";
    } 

    identity = encrypted-symmetric-key-format {
      =   base "symmetric-key-format";
  =       description "A CMS EncryptedData structure = (RFC 5652) containing an OneSymmetricKey (RFC 6031).";
  =   } 


then, the public-key grouping might look = like:

=   grouping public-key-grouping {
=     description
  =     "A public key and its associated algorithm.";
=     leaf key-format {
  =     nacm:default-deny-write;
  =     type public-key-format;
  =     mandatory true;
  =     description "Identifies = the format key's binary data value.";
  =   }
  =   leaf public-key {
  =     nacm:default-deny-write;
  =     type binary;
  =     mandatory true;
  =     description
  =       "The binary value of the public = key.  The interpretation
  =        of the value is defined by the 'key-format' = field.";
    }
=   }

and = the key-pair grouping might look like:

=   grouping asymmetric-key-pair-grouping {
=     description
  =     "A private key and its associated public key.";
=     uses public-key-grouping;
=     choice private-key-type {
=       mandatory true;
  =     description
  =       "Choice between key types.";
  =     leaf private-key {
  =       nacm:default-deny-all;
  =       type binary;
  =       description
  =         "The binary value of the private = key.  The interpretation
  =          of the value is defined by the = 'key-format' field.";
      }
=       leaf hidden-private-key {
=         nacm:default-deny-write;
=         type empty;
=         description
  =         "A permanently hidden = key.  How such keys are created
  =          is outside the scope of this = module.";
      }
=     }
  }

and the symmetric grouping might = look like:

=   grouping symmetric-key-grouping {
=     description
  =     "A symmetric key and algorithm.";
=     leaf key-format {
  =     nacm:default-deny-write;
  =     type public-key-format;
  =     mandatory true;
  =     description "Identifies = the symmetric key's format.";
  =   }
  =   choice key-type {
  =     mandatory true;
  =     description
  =       "Choice between key types.";
  =     leaf key {
  =       nacm:default-deny-all;
  =       type binary;
  =       description
  =         "The binary value of the = key.  The interpretation
  =          of the value is defined by the = 'key-format' field.";
      }
=       leaf hidden-key {
=         nacm:default-deny-write;
=         type empty;
=         description
  =         "A permanently hidden = key.  How such keys are created
  =          is outside the scope of this = module.";
      }
=     }
  }



To put an end to this email, recall above it was = said that the secondary goal is to pass an "algorithm" parameter into = the 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what = kind of key to generate, right?).   Most of the above regards the = key formats (not algorithms, though the OneSymmetricKey and = OneAsymmetricKey structs do self-identify their algorithms).   I = don't have an answer for this yet, but maybe we can mimic some aspect of = the above for it?

Comments?



Kent // = contributor



On Oct 1, 2019, at 6:58 AM, tom petch <ietfc@btconnect.com>= wrote:

<inline tp>

----- Original = Message -----
From: "Kent Watsen" <kent+ietf@watsen.net>
To: "Juergen = Schoenwaelder" <J.Schoenwaelder@jacobs-university.de>
Cc:= <netconf@ietf.org>; <wang.haiguang.shieldlab@huawei.com>;
<rifaat.ietf@gmail.com>
Sent: Tuesday, = October 01, 2019 1:38 AM

On Sep 27, 2019, at 1:46 PM, Sch=C3=B6nw=C3=A4lde= r, J=C3=BCrgen
<J.Schoenwaelder@jacobs-university.de> wrote:

On Fri, = Sep 27, 2019 at 03:53:51PM +0000, Rob Wilton (rwilton) wrote:
I basically agree with = what Martin is saying.

So do = I.

Hmmm...

Either one YANG module containing all of the crypto = identities, or a
few YANG = modules as previously suggested.

It may make sense to split by security = protocol.

That would go some = towards addressing Rich's concern.  Presumably we
would= have one module each for SSH  and TLS algorithms.  That said, = to
Rich's concern, there is a constant churn with them. =  This churn
concerns two activities:  the = removal and addition of algorithms.  Both
occur at = protocol-version boundaries and, perhaps, other times as well.
This suggests to me that we could further refine the = identities by
protocol version, something like this:

In ietf-crypto-types:

   identity base-alg {}
=    identity tls-alg { base "base-alg" }
=    identity ssh-alg { base "base-alg" }

In ietf-tls-1.1-types:

=    identity tls-1.1-alg { base "ct:tls-alg" }
   <a bunch of tls-1.1 identities = here>

In ietf-tls-1.2-types:

   identity tls-1.2-alg { base = "ct:tls-alg" }
   <a bunch of tls-1.2 = identities here>

etc.

<tp>

Kent

I am not sure how this can work. TLS has ciphersuites, rather = than
algorithms, albeit which are combinations of = algorithms.  Taking TLS1.2,
RFC5246, the ciphersuite = is a combination of KEX, cipher, MAC leading to
e.g. = TLS_RSA_WITH_AES_128_CBC_SHA
(which is MTI).

Separately, it has a signature algorithm and = hash algorithm registry
which may be relevant, depending = on the ciphersuite; these fit rather
better with the = approach of this model.

Looking at the IANA = registry of Transport Layer Security Cipher Suites
gives = (to me) a good sense of how this has evolved from a base list for
TLS1.2 in RFC5246 with RFC5932 then adding Camellia, RFC5288 = AES GCM
while RFC6289 updates the use of ECC, RFC5487 adds = PSK with AES GCM,
RFC7251 adds AES-CCM, RFC7905 adds = CHACHA20 and so on.  It is a long
list, extended many = times.  TLS 1.3 is, so far, a shorter list.

So is your list of all the ciphersuites or multiple lists of = the
algorithms that
underpin them?

It comes back to what is going to use this = module. Whenever I see TLS, I
see ciphersuites first and = foremost, not algorithms.

SSH is different, = with KEX method names, authentication method names
encryption algorithm names and so on, with far fewer of them, = a better
fit for this model.  But then SSH includes = the Diffie-Hellman group in
the KEX name where TLS puts = that in an extension - not the
ciphersuite -for TLS1.3 so = the concept of a KEX is a bit different.

Tom = Petch

= --Apple-Mail=_C241ACA0-321D-45E0-B815-2B13DB6EA9C1-- From nobody Tue Oct 1 16:00:09 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB06120168 for ; Tue, 1 Oct 2019 16:00:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDCeJJRwX_q7 for ; Tue, 1 Oct 2019 16:00:04 -0700 (PDT) Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9F4A12011E for ; Tue, 1 Oct 2019 16:00:03 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id c17so10762902pgg.4 for ; Tue, 01 Oct 2019 16:00:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YCIaEVrf2Iqt4lNHSWAc6/rqEXD0b8cOykvM10QF4rI=; b=XtEErsbtbKXnyhcTNqNJkbtbRKBeughUW1eqwyHmE976Cumv5M3I7XsbLjKl1TutLa 1EFaadC5szxMXO4A+F6Bhddtd+Y6nZAgrtOQ+UZR07GXL1MJEFVIxYkbq1i0mVbA/Vse CHmoUGlLdtTMpj7wuk946/YsMEfh5uKb2Txqm2EnbpgDUnQ2akUyjzCiA2Yo0/+Wg1Sq 2bDltwOmqDu5xQO5Q8c98kmmjzMAE9xSSKAByWaP2bmQFTHoEtl9K5l3e3/gwUU9po1h k7aajm9O751fgZlhzGLNADBU/urHKlN7JFKYCH0tJYG+CoKZdwbqQ6VWSihw1KLORkeW Uh2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YCIaEVrf2Iqt4lNHSWAc6/rqEXD0b8cOykvM10QF4rI=; b=pv3NH2/Y8zTodY4gXJXX1ZjNUoOYHnJ+zWb9n1P1L2hrnwxll5KkiacW1/Mi9KpzXA UP/xwXLXf3+wQbhBu0o5PHhYaNgHo7Oi2rOZfH/RmedY/GtbDnHEkANd0hI6u1JfwgBR i3RZ0msFZkBCqg4SyucKVBu7XYICpi89GkJlLZQFRW6+LzqulgKrKoUh3RBbXvX8MwiX wcZM/bi6jhFapiFR/GkgtsJT7py7/vpX9duVhwfdN+k68E/5JCyN5DT2lXFy732s/Vyx SJNWtNcco4KWRTIpH2TZXkfWZ4BnRLYlZBIbB+ZbQ26T3T91KBYMjDntjU3r5FjECv3t RuDQ== X-Gm-Message-State: APjAAAVkMVaNgY2DwiBGhOdnKunLmFBN//XDf2Yx35hoWjrd2Gvcktoj pSgqU3OCiWYKVxz0ieZwdfU= X-Google-Smtp-Source: APXvYqzmTH7XevP00HghFKIQeO27uFz1gtavn2aRoDpndDgWpiXfVGNOdvY9B4tiss9fpVaUWzF3Iw== X-Received: by 2002:a63:e114:: with SMTP id z20mr306343pgh.278.1569970803198; Tue, 01 Oct 2019 16:00:03 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id q29sm10273015pgc.88.2019.10.01.16.00.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Oct 2019 16:00:02 -0700 (PDT) From: Mahesh Jethanandani Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_C83F2D19-6638-4A25-9A34-9F1E502D9CF7" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Tue, 1 Oct 2019 16:00:01 -0700 In-Reply-To: Cc: "Eric Voit (evoit)" , Alexander Clemm , Benoit Claise , Netconf To: =?utf-8?Q?Bal=C3=A1zs_Lengyel?= References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 23:00:08 -0000 --Apple-Mail=_C83F2D19-6638-4A25-9A34-9F1E502D9CF7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Balasz, I have reviewed your preliminary next version of the document (-05), and = have the following comments. Some of these comments might be duplicates = or overlap with comments provided by others. Minor issues: - Please fix the sub-title of the draft as it refers to -04 version of = the document. - Can we get a consistent view in the draft using either = publisher/subscriber or server/client in the document. I see = Publisher/Receiver, client/management combinations also used in the = document. - Can we use 'on-change consistently' in the document. I see both = "on-change" and "on change=E2=80=9D - I still see reference to Yang instead of YANG in the document. - Remove Section 6. Remaining comments: Introduction s/identify for which objects/identify which objects OLD: During NMS implementation for any functionality that depends on the notifications the information about on change notification capability is needed. NEW: A NMS implementation that wants to support notifications, needs the = information about on-change notification capability. Can you explain the following statement. What does it mean for the = =E2=80=9Cnetwork node to be ready=E2=80=9D? Exchange capability = information? Also, if that capability is exchanged at run-time what = would the subscriber do? Per your explanation, the =E2=80=9Cimplementation= time=E2=80=9D capability requires an implementation, and therefore an = implementation not knowing it would have to discard this capability???=20= "If the information is not documented in a way available to the NMS designer, but only as instance data from the network node once it is deployed, the NMS implementation will be delayed, because it has to wait for the network node to be ready." The rest of the explanation on that paragraph of not having a = =E2=80=9Dcorrectly configured network node available to retrieve data=E2=80= =9D could use an example. I am not clear in what way an incorrectly = configured network node would create a problem specifically in this = situation, other than the fact that any incorrectly configured node is a = problem. Thanks. > On Sep 30, 2019, at 2:20 AM, Bal=C3=A1zs Lengyel = wrote: >=20 > Hello, > Here is a preliminary next version (not submitted yet). See also = below. > Regards Balazs > =20 > From: Eric Voit (evoit) >=20 > Sent: 2019. szeptember 27., p=C3=A9ntek 21:42 > To: Bal=C3=A1zs Lengyel >; Mahesh Jethanandani = >; Alexander = Clemm >; Benoit Claise = (bclaise) > > Cc: Netconf > > Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities > =20 > Hi Balazs, > =20 > Some more thoughts in-line. I cut out those I think closed. > =20 > From: Bal=C3=A1zs Lengyel >=20 > Sent: Friday, September 27, 2019 8:48 AM > To: Eric Voit (evoit) >; = Mahesh Jethanandani >; Alexander Clemm >; Benoit Claise (bclaise) > > Cc: Netconf > > Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities > =20 > Thanks for the comments. See answers below.=20 > I hope the group will be ok with using the term publisher instead of = server. IMHO it is clearer as the client server relationship can be = reversed e.g. for https notification transport. > Balazs > =20 > From: Eric Voit (evoit) >=20 > Sent: 2019. szeptember 24., kedd 23:15 > To: Mahesh Jethanandani >; Bal=C3=A1zs Lengyel = >; = Alexander Clemm >; Benoit = Claise (bclaise) > > Cc: Netconf > > Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities > =20 > Here are some comments... > =20 > On-change Notification Capability: Is this different from support for = RFC-8641 feature "on-change"? If they are the same, it might be = possible to remove the term. Especially as this term is used = inconsistently. > BALAZS: In RFC 8641 on-change is not defined as a capability. It is = used for many more things (e.g. On-change subscription, trigger = condition, type of push updates, a feature.) In this draft the on change = capability is just the servers capability to send on-change notification = globally, for a specific datastore or a specific data node. Description = will be reworded. > It will be good to see the reword. I still am not clear how = this different from the RFC-8641 feature "on-change", along with this = feature being associated with specific nodes. =20 > BALAZS2:=20 > On-change Notification Capability: The capability of the server to > send on-change notifications for a specific datastore or a specific > data node. > =20 > =20 > Section 3 > =20 > Paragraph 2, bullet 2: Instead of "amount of notifications the server = can send out", do you mean "the minimum periodicity of updates which a = server can send out for an object" > BALAZS: That too, but also the max-objects-per-update. I was told not = to repeat information in the main text and in the YANG module, so I = tried to find a wording that covers both. Also its not always the = minimum times. Some servers support a specific set of times, not a = anything over a minimum. > Ok, so this bullet is a bucket of various types of information. = Which is fine with me. > =20 > =20 > Paragraph 2, bullets 3 & 4: I don't think these should be indented as = bullets are they are more about proper behavior of a correctly populated = model. > BALAZS: I don=E2=80=99t really understand this comment. Please = explain. > Looking at the text, bullets 3 is written to say how = capabilities value can be set (i.e., how) rather than that they can be = set for different levels (i.e., what). Getting consistency so that the = bullets are all 'how' or all 'what' items would help readability. =20 > BALAZS2: OK, I get it. You are right, to be corrected. > =20 > =20 > Paragraph 3, bullets 2: why isn't SHALL instead MUST? Also, = shouldn't this point out that both NETCONF and RESTCONF MUST be = supported if on-change is advertised, and this draft is supported? > BALAZS: As I understand RFC 2119 MUST and SHALL both mean the same, = but I will change to MUST. No I do not want to mandate implementing both = Netconf AND Restconf. IMO a server with just Netconf would work just = fine; or maybe I misunderstand your comment? > The second part of my comment was about ensuring that IF this = model was available, and the publisher supports both RFC-8640 & = draft-ietf-netconf-restconf-notif, then this specification MUST be able = to push changes over both NETCONF and RESTCONF. Thinking more, this = is actually a generic question which is likely already answered: how do = you know which models are supported for which transports. As = advertisement is by transport, I withdraw this question. =20 > BALAZS2: Some implementations have a yang extension statement to = specify whether a model is visible on specific interfaces > =20 > Section 4 > =20 > I suspect that you will need to do a security analysis per YANG = object. This has been done the other YANG push family. > BALAZS: The full module is readOnly and not sensitive or private in = any manner. The security text for the readOnly parts of YangPush is the = exact same text: not very informative, but gives you the illusion of = security awareness. > You can ignore my comment. In doing RFC-8639, I needed to put = in read/write analysis for each object. And this did sometime include = the risks of internally setting values which were read-only from the = model. Perhaps this will not be required during later draft reviews in = the publication process. > =20 > I suspect that manipulating the reporting intervals could have some = security implications. E.g., a hacker could push up the damping period = or periodic interval to a level where the information they are changing = then becomes invisible to a monitoring system. > BALAZS: The full YAM is read-only so manipulating the data is not a = concern. > Per my previous point, if the IETF process says you don't need = to highlight such possibilities, then I am good. > BALAZS2: > In rfc8639 the text says for readOnly data nodes something like:=20 > If access control is not properly configured, can expose > system internals to those who should not have access to this > information. > That is true for any bit of data, so I do not understand what = information does it add. It does not hurt, so I will add the same = sentence to my draft. > =20 > If you have something else in mind please describe the attack method = that I should mention. > > =20 > Thanks,=20 > Eric=20 > =20 > =20 > From: netconf > On Behalf Of Mahesh Jethanandani > Sent: Tuesday, September 24, 2019 1:50 PM > To: Netconf > > Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities > =20 > We were supposed to have closed on the WGLC today. However, between = the document becoming a WG item and it going into LC, we have not = received too many comments on the draft. As such, we are extending the = LC by another week. Please review the draft and provide any comments you = might have. > =20 > Mahesh & Kent (as co-chairs) > =20 > =20 >=20 > On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani = > wrote: > =20 > Authors have published -04 = version of the draft, which addresses comments they received in IETF = 105. If you provided comments please check to make sure your comments = have been addressed. At this point, the authors believe that the = document is ready for WGLC. > =20 > This therefore starts a two week LC, ending on September 24th. Please = provide any technical comments you might have on the document. If you = believe the document is not ready for LC, please state your reasons. > =20 > We will issue a IPR poll separately.=20 > =20 > Mahesh & Kent (as co-chairs) > =20 > =20 > =20 > =20 > Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_C83F2D19-6638-4A25-9A34-9F1E502D9CF7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Hi Balasz,

I have reviewed your preliminary next = version of the document (-05), and have the following comments. Some of = these comments might be duplicates or overlap with comments provided by = others.

Minor = issues:

- = Please fix the sub-title of the draft as it refers to -04 version of the = document.

- Can we get a = consistent view in the draft using either publisher/subscriber or = server/client in the document. I see Publisher/Receiver, = client/management combinations also used in the document.

- Can we use 'on-change consistently' in the = document. I see both "on-change" and "on change=E2=80=9D

- I still see reference to Yang instead of YANG in = the document.

- Remove Section = 6.

Remaining comments:

Introduction

s/identify for which objects/identify which = objects

OLD:

   During NMS implementation for = any
   functionality that depends on the = notifications the information about
   on change = notification capability is needed.

NEW:

 =  A NMS implementation that wants to support notifications, needs = the information about
   on-change notification = capability.

Can you explain the = following statement. What does it mean for the =E2=80=9Cnetwork node to = be ready=E2=80=9D? Exchange capability information? Also, if that = capability is exchanged at run-time what would the subscriber do? Per = your explanation, the =E2=80=9Cimplementation time=E2=80=9D capability = requires an implementation, and therefore an implementation not knowing = it would have to discard this capability??? 

  "If the information = is
   not documented in a way = available to the NMS designer, but only as
   instance data from the network node once it is = deployed, the NMS
  =  implementation will be delayed, because it has to wait for = the
   network node to be = ready."

The rest of the = explanation on that paragraph of not having a =E2=80=9Dcorrectly = configured network node available to retrieve data=E2=80=9D could use an = example. I am not clear in what way an incorrectly configured network = node would create a problem specifically in this situation, other than = the fact that any incorrectly configured node is a = problem.

Thanks.


On Sep 30, 2019, at 2:20 AM, Bal=C3=A1zs = Lengyel <balazs.lengyel@ericsson.com> wrote:

Hello,
Here is a = preliminary next version (not submitted yet). See also below.
Regards = Balazs
 
From: Eric Voit (evoit) <evoit@cisco.com> 
Sent: 2019. szeptember 27., = p=C3=A9ntek 21:42
To: Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com>; Mahesh Jethanandani = <mjethanandani@gmail.com>; = Alexander Clemm <ludwig@clemm.org>; = Benoit Claise (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities
 
Hi Balazs,
 
Some more thoughts in-line.   I cut out those I = think closed.
 
From: Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com> 
Sent: Friday, September 27, 2019 = 8:48 AM
To: Eric Voit (evoit) <evoit@cisco.com>; Mahesh Jethanandani = <mjethanandani@gmail.com>; = Alexander Clemm <ludwig@clemm.org>; = Benoit Claise (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities
 
Thanks for the comments. See answers below. 
I hope the group will be = ok with using the term publisher instead of server. IMHO it is clearer = as the client server relationship can be reversed e.g. for https = notification transport.
Balazs
 
From: Eric Voit (evoit) <evoit@cisco.com> 
Sent: 2019. szeptember 24., kedd = 23:15
To: Mahesh Jethanandani <mjethanandani@gmail.com>; = Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com>; Alexander Clemm <ludwig@clemm.org>; Benoit = Claise (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities
 
Here are some comments...
 
On-change Notification Capability: Is = this different from support for RFC-8641 feature "on-change"?  If = they are the same, it might be possible to remove the term.  = Especially as this term is used inconsistently.
BALAZS: In RFC 8641 = on-change is not defined as a capability. It is used for many more = things (e.g. On-change subscription,  trigger condition, type of = push updates, a feature.) In this draft the on change capability is just = the servers capability to send on-change notification globally, for a = specific datastore or a specific data node. Description will be = reworded.
<Eric> It will be good to see the reword.   I = still am not clear how this different from the RFC-8641 feature = "on-change", along with this feature being associated with specific = nodes.  
BALAZS2: 
On-change = Notification Capability: The capability of the server to
   send on-change notifications for a specific = datastore or a specific
   data node.
 
 
Section = 3
 
Paragraph = 2, bullet 2: Instead of  "amount of notifications the server can = send out", do you mean "the minimum periodicity of updates which a = server can send out for an object"
BALAZS: That too, but also the max-objects-per-update. = I was told not to repeat information in the main text and in the YANG = module, so I tried to find a wording that covers both. Also  its = not always the minimum times. Some servers support  a specific set = of times, not a anything over a minimum.
<Eric> Ok, so this bullet is a bucket of various types = of information.  Which is fine with me.
 
 
Paragraph = 2, bullets 3 & 4: I don't think these should be indented as bullets = are they are more about proper behavior of a correctly populated = model.
BALAZS: I = don=E2=80=99t really understand this comment.  Please explain.
<Eric> Looking at the text, bullets 3 is written to say = how capabilities value can be set (i.e., how) rather than that they can = be set for different levels (i.e., what).  Getting consistency so = that the bullets are all 'how' or all 'what' items would help = readability.  
BALAZS2: = OK, I get it. You are right, to be corrected.
 
 
Paragraph = 3, bullets 2: why isn't SHALL instead MUST?   Also, shouldn't = this point out that both NETCONF and RESTCONF MUST be supported if = on-change is advertised, and this draft is supported?
BALAZS: As I understand = RFC 2119 MUST and SHALL both mean the same, but I will change to MUST. = No I do not want to mandate implementing both Netconf AND Restconf. IMO = a server with just Netconf would work just fine; or maybe I = misunderstand your comment?
<Eric> The second part of my = comment was about ensuring that IF this model was available, and the = publisher supports both RFC-8640 & = draft-ietf-netconf-restconf-notif, then this specification MUST be able = to push changes over both NETCONF and RESTCONF.    = Thinking more, this is actually a generic question which is likely = already answered: how do you know which models are supported for which = transports.   As advertisement is by transport, I withdraw = this question.  
BALAZS2: Some = implementations have a yang extension statement to specify whether =  a model is visible on specific interfaces
 
Section = 4
 
I suspect = that you will need to do a security analysis per YANG = object.   This has been done the other YANG push family.
BALAZS: The full module is = readOnly and not sensitive or private in any manner.  The security = text for the readOnly parts of YangPush is the exact same text: not very = informative, but gives you the illusion of security awareness.
<Eric> You can ignore my comment.  In doing = RFC-8639, I needed to put in read/write analysis for each object.  = And this did sometime include the risks of internally setting values = which were read-only from the model.  Perhaps this will not be = required during later draft reviews in the publication process.
 
I suspect = that manipulating the reporting intervals could have some security = implications.   E.g., a hacker could push up the damping = period or periodic interval to a level where the information they are = changing then becomes invisible to a monitoring system.
BALAZS: The full YAM is = read-only so manipulating the data is not a concern.
<Eric> Per my previous point, if the IETF process says = you don't need to highlight such possibilities, then I am good.
BALAZS2:
In rfc8639 the text says = for readOnly data nodes something like: 
If access control is not properly = configured, can expose
      system internals to those who = should not have access to this
      information.
That is true for any bit = of data, so I do not understand what information does it add. It does = not hurt, so I will add the same sentence to my draft.
 
If you = have something else in mind please describe the attack method that I = should mention.
</Eric>
 
Thanks, 
Eric 
 
 
From: netconf <netconf-bounces@ietf.org> On Behalf = Of Mahesh = Jethanandani
Sent: Tuesday, September 24, 2019 = 1:50 PM
To: Netconf <netconf@ietf.org>
Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities
 
We were supposed to have closed on the = WGLC today. However, between the document becoming a WG item and it = going into LC, we have not received too many comments on the draft. As = such, we are extending the LC by another week. Please review the draft = and provide any comments you might have.
 
Mahesh & Kent (as co-chairs)
 

 

On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani <mjethanandani@gmail.com> = wrote:
 
Authors have = published -04 version of the draft, which addresses comments = they received in IETF 105. If you provided comments please check to make = sure your comments have been addressed. At this point, the authors = believe that the document is ready for WGLC.
 
This therefore starts a two week LC, = ending on September 24th. Please provide any technical comments you = might have on the document. If you believe the document is not ready for = LC, please state your reasons.
 
We will issue a IPR poll separately. 
 
Mahesh & Kent (as = co-chairs)
 
 
 
 
<draft-i= etf-netconf-notification-capabilities-05b.txt>

Mahesh Jethanandani
mjethanandani@gmail.com



= --Apple-Mail=_C83F2D19-6638-4A25-9A34-9F1E502D9CF7-- From nobody Wed Oct 2 06:43:05 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22484120074 for ; Wed, 2 Oct 2019 06:43:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqAHSQHI1U0J for ; Wed, 2 Oct 2019 06:42:57 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00062.outbound.protection.outlook.com [40.107.0.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2552120048 for ; Wed, 2 Oct 2019 06:42:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iUCvACYUg6UJ1F6P3cKsshW47cvfaAAqr87kEPL6Dnd9eXNrV9Kjx5+AGDO3pU+y62HvEDka8jVLsF5g6JXhDWgSqleIcV/By+pLmWuCwG5AAylf2ZYitY/1xZ4lxea+yX9PbGwj7134Haz7cSIZ85ISFoBKarM7xV+RVL3eS9xdKj38dNtFdgrycBPab1p4LCiYFVdOntnUoBJ8JOOOAOS7ndzFNsMJPszhzlUOs4uTSSL1stTF2mvUNFtNkWE7f836igckqj+6xZpBBCCWkz9RmLlVU0mYgrKj1cH0VohlPZ//ny22M7sD18g4aSOhknSaIFqwZWKinMetwxoJVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GyvK1VaBtpWLWu4bkruDRb9v3yDNexu6xCc8jrETbcE=; b=fnDp/ha6mT3K1aDddnTDYlbunGGrTbBo3FF03cWNdMjtJUkgCQyiA164SpVoGs/VtHWcJ91cXZdolBD/cDrVzIYTYKTCcem3BWcE8g7/y7OoheFFQL7gQevc0AsCW4F9CKK0UPjvBAlpMSF5T8Zy5FbcORW3lbAQREyo3oCs2rJ+oeR+6ybDjCJV8HmfAY0zsGqk0UmcGjqyB47J9LLlsyrAmTFusAE7qtb2iXYvphkuI4ku+WwrUh9SkB3kkiPqOuCfO06U4eduTUt3Ds/nci7CFCHAve7uFKt1j4fYPqzVqU1d1/pbjnZxfFWb9TCQaW15oS3ugwNrgrQCp/S1ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GyvK1VaBtpWLWu4bkruDRb9v3yDNexu6xCc8jrETbcE=; b=JDkMPi7WoCFQSHAABdmrQFMH+GYjTASDXz/C8A6Wxu2LlWk7JKBzoOayPPmO/HPy2HfHG4xk8/+SoKrVC0iCk2zH65NlESejUogCdhg1rOZq9PudZ7LLgFTRWIXoA/If3bEUDbIuOs3EijH8XbLi8wcvAaDIaPb9NW84R3P/NSw= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB3022.eurprd07.prod.outlook.com (10.173.73.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.12; Wed, 2 Oct 2019 13:42:53 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f%7]) with mapi id 15.20.2305.017; Wed, 2 Oct 2019 13:42:53 +0000 From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= To: Mahesh Jethanandani CC: "Eric Voit (evoit)" , Alexander Clemm , Benoit Claise , Netconf Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAA5KYCAA/LsEIAAqhsAgAP1+uCAAoq2gIAA7Gqw Date: Wed, 2 Oct 2019 13:42:53 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8cb78137-5f64-4dbe-bcf6-08d7473e6ca3 x-ms-traffictypediagnostic: VI1PR0701MB3022: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2399; x-forefront-prvs: 0178184651 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(346002)(136003)(376002)(39860400002)(51914003)(189003)(199004)(64756008)(66616009)(7736002)(6436002)(66476007)(229853002)(81156014)(54906003)(52536014)(478600001)(33656002)(6246003)(66946007)(316002)(8676002)(81166006)(30864003)(446003)(1411001)(486006)(186003)(66066001)(66556008)(66446008)(71200400001)(71190400001)(66574012)(6916009)(99936001)(476003)(11346002)(102836004)(7110500001)(76176011)(14444005)(256004)(86362001)(85202003)(26005)(53546011)(8936002)(6506007)(14454004)(2420400007)(7696005)(2906002)(15650500001)(5660300002)(74316002)(25786009)(76116006)(99286004)(4326008)(85182001)(606006)(790700001)(6116002)(3846002)(54896002)(236005)(55016002)(9686003)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB3022; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: hDxel0b156RrGbu4VstYa5d3vfTs8uPl/XgDj8pMGZCob+3L3pVeQUHokv+JAAZMen+9HF90j3Qhr5KWYvAwiV7FMsRKUArP07gJyDHYn9fE/ylY/QmIiT1En5sKoprZaZAJLjzBiqV9alwLf7AKNtLY9blGL4MSSw7J/1E3Z2HpmXVJQfvaOajdds5Kte95yEITdR1PcGG0XN2a3N19PKjOpr3K4I7Rf96PjJ4pf2aY4bCmKxaurB+dsWxauErkqvBu3sH0wwmYJmdZWJBb7ATeiG8NZcHw8A9rb4yILeOBBY4mxN+Zg3UL0XzKdxTWdQV72rCmpVpMyrSYLPi2XbJSwFIH4zhISjWMg5LBvgZ3EMX1BJ1ztw81uzoBYZDeZKNGKUNVa/VQ9sYyBokC1sSpUCRW4q8ROhEfOyoWCyY= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_06FA_01D57938.0BC384B0" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8cb78137-5f64-4dbe-bcf6-08d7473e6ca3 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2019 13:42:53.1329 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4d+j9Ml1SwfhLMsEV0fuihJdPwOWfEwqTAVtDtpIzjSsaB2BtAP1xWoBa4B1bho9RQjRwdj/ygK9cO6tsEERiBp3SWdtOg0q/OW69D3VVok= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB3022 Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 13:43:03 -0000 ------=_NextPart_000_06FA_01D57938.0BC384B0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_06FB_01D57938.0BC384B0" ------=_NextPart_001_06FB_01D57938.0BC384B0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =20 =20 From: Mahesh Jethanandani =20 Sent: 2019. okt=C3=B3ber 2., szerda 1:00 To: Bal=C3=A1zs Lengyel Cc: Eric Voit (evoit) ; Alexander Clemm = ; Benoit Claise ; Netconf = Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Hi Balasz, =20 I have reviewed your preliminary next version of the document (-05), and = have the following comments. Some of these comments might be duplicates = or overlap with comments provided by others. =20 Minor issues: =20 - Please fix the sub-title of the draft as it refers to -04 version of = the document. BALAZS: OK, done =20 - Can we get a consistent view in the draft using either = publisher/subscriber or server/client in the document. I see = Publisher/Receiver, client/management combinations also used in the = document. BALAZS: I changed to use subscriber/publisher except in cases where we = speak about datastores and functionality based on get, getconfig operations. In this latter case it is really the server = functionality that is discussed. =20 - Can we use 'on-change consistently' in the document. I see both = "on-change" and "on change=E2=80=9D BALAZS:OK, Found 1 =E2=80=9Con change=E2=80=9D replaced with = =E2=80=9Con-change=E2=80=9D =20 - I still see reference to Yang instead of YANG in the document. BALAZS: OK, corrected. =20 - Remove Section 6. BALAZS: OK =20 Remaining comments: =20 Introduction =20 s/identify for which objects/identify which objects BALAZS: OK =20 OLD: =20 During NMS implementation for any functionality that depends on the notifications the information about on change notification capability is needed. =20 NEW: =20 A NMS implementation that wants to support notifications, needs the = information about on-change notification capability. BALAZS: OK =20 Can you explain the following statement. What does it mean for the = =E2=80=9Cnetwork node to be ready=E2=80=9D?=20 BALAZS: In Ericsson and our customers usually start designing the = management system for a node even before it is ready or fully = implemented or released or handed over to the customer. That=E2=80=99s = what I to shorten to =E2=80=9Cready=E2=80=9D. Exchange capability information? Also, if that capability is exchanged = at run-time what would the subscriber do? Per your explanation, the = =E2=80=9Cimplementation time=E2=80=9D capability requires an = implementation, and therefore an implementation not knowing it would = have to discard this capability???=20 =20 "If the information is not documented in a way available to the NMS designer, but only as instance data from the network node once it is deployed, the NMS implementation will be delayed, because it has to wait for the network node to be ready." =20 The rest of the explanation on that paragraph of not having a = =E2=80=9Dcorrectly configured network node available to retrieve = data=E2=80=9D could use an example. I am not clear in what way an = incorrectly configured network node would create a problem specifically = in this situation, other than the fact that any incorrectly configured = node is a problem. BALAZS: The point is that if you do not have the capabilities = documented in implementation-time and available off-line,=20 =20 you need a fully implemented live server/publisher network node to read = that information from. A NMS can handle 10-100 node types. To get this = information from each you would need these network nodes up and running = in your lab. Usually you also need to configure the network node to get = access to its Netconf interface/CLI. In some cases specific information = is only available if the correct licenses are installed for the network = node.=20 So to get the information from a live server in run-time, you may need = to 1. Have the network node available 2. Need to configure the node to some level 3. Need authentication information for it 4. Need licenses for it. =20 Thanks. =20 On Sep 30, 2019, at 2:20 AM, Bal=C3=A1zs Lengyel = > = wrote: =20 Hello, Here is a preliminary next version (not submitted yet). See also below. Regards Balazs =20 From: Eric Voit (evoit) < evoit@cisco.com>=20 Sent: 2019. szeptember 27., p=C3=A9ntek 21:42 To: Bal=C3=A1zs Lengyel < = balazs.lengyel@ericsson.com>; Mahesh Jethanandani < = mjethanandani@gmail.com>; Alexander = Clemm < ludwig@clemm.org>; Benoit Claise = (bclaise) < bclaise@cisco.com> Cc: Netconf < netconf@ietf.org> Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Hi Balazs, =20 Some more thoughts in-line. I cut out those I think closed. =20 From: Bal=C3=A1zs Lengyel < = balazs.lengyel@ericsson.com>=20 Sent: Friday, September 27, 2019 8:48 AM To: Eric Voit (evoit) < evoit@cisco.com>; = Mahesh Jethanandani < = mjethanandani@gmail.com>; Alexander Clemm < = ludwig@clemm.org>; Benoit Claise (bclaise) < = bclaise@cisco.com> Cc: Netconf < netconf@ietf.org> Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Thanks for the comments. See answers below.=20 I hope the group will be ok with using the term publisher instead of = server. IMHO it is clearer as the client server relationship can be = reversed e.g. for https notification transport. Balazs =20 From: Eric Voit (evoit) < evoit@cisco.com>=20 Sent: 2019. szeptember 24., kedd 23:15 To: Mahesh Jethanandani < = mjethanandani@gmail.com>; Bal=C3=A1zs Lengyel < = balazs.lengyel@ericsson.com>; = Alexander Clemm < ludwig@clemm.org>; Benoit = Claise (bclaise) < bclaise@cisco.com> Cc: Netconf < netconf@ietf.org> Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Here are some comments... =20 On-change Notification Capability: Is this different from support for = RFC-8641 feature "on-change"? If they are the same, it might be = possible to remove the term. Especially as this term is used = inconsistently. BALAZS: In RFC 8641 on-change is not defined as a capability. It is used = for many more things (e.g. On-change subscription, trigger condition, = type of push updates, a feature.) In this draft the on change capability = is just the servers capability to send on-change notification globally, = for a specific datastore or a specific data node. Description will be = reworded. It will be good to see the reword. I still am not clear how = this different from the RFC-8641 feature "on-change", along with this = feature being associated with specific nodes. =20 BALAZS2:=20 On-change Notification Capability: The capability of the server to send on-change notifications for a specific datastore or a specific data node. =20 =20 Section 3 =20 Paragraph 2, bullet 2: Instead of "amount of notifications the server = can send out", do you mean "the minimum periodicity of updates which a = server can send out for an object" BALAZS: That too, but also the max-objects-per-update. I was told not to = repeat information in the main text and in the YANG module, so I tried = to find a wording that covers both. Also its not always the minimum = times. Some servers support a specific set of times, not a anything = over a minimum. Ok, so this bullet is a bucket of various types of information. = Which is fine with me. =20 =20 Paragraph 2, bullets 3 & 4: I don't think these should be indented as = bullets are they are more about proper behavior of a correctly populated = model. BALAZS: I don=E2=80=99t really understand this comment. Please explain. Looking at the text, bullets 3 is written to say how capabilities = value can be set (i.e., how) rather than that they can be set for = different levels (i.e., what). Getting consistency so that the bullets = are all 'how' or all 'what' items would help readability. =20 BALAZS2: OK, I get it. You are right, to be corrected. =20 =20 Paragraph 3, bullets 2: why isn't SHALL instead MUST? Also, shouldn't = this point out that both NETCONF and RESTCONF MUST be supported if = on-change is advertised, and this draft is supported? BALAZS: As I understand RFC 2119 MUST and SHALL both mean the same, but = I will change to MUST. No I do not want to mandate implementing both = Netconf AND Restconf. IMO a server with just Netconf would work just = fine; or maybe I misunderstand your comment? The second part of my comment was about ensuring that IF this = model was available, and the publisher supports both RFC-8640 & = draft-ietf-netconf-restconf-notif, then this specification MUST be able = to push changes over both NETCONF and RESTCONF. Thinking more, this = is actually a generic question which is likely already answered: how do = you know which models are supported for which transports. As = advertisement is by transport, I withdraw this question. =20 BALAZS2: Some implementations have a yang extension statement to specify = whether a model is visible on specific interfaces =20 Section 4 =20 I suspect that you will need to do a security analysis per YANG object. = This has been done the other YANG push family. BALAZS: The full module is readOnly and not sensitive or private in any = manner. The security text for the readOnly parts of YangPush is the = exact same text: not very informative, but gives you the illusion of = security awareness. You can ignore my comment. In doing RFC-8639, I needed to put in = read/write analysis for each object. And this did sometime include the = risks of internally setting values which were read-only from the model. = Perhaps this will not be required during later draft reviews in the = publication process. =20 I suspect that manipulating the reporting intervals could have some = security implications. E.g., a hacker could push up the damping period = or periodic interval to a level where the information they are changing = then becomes invisible to a monitoring system. BALAZS: The full YAM is read-only so manipulating the data is not a = concern. Per my previous point, if the IETF process says you don't need to = highlight such possibilities, then I am good. BALAZS2: In rfc8639 the text says for readOnly data nodes something like:=20 If access control is not properly configured, can expose system internals to those who should not have access to this information. That is true for any bit of data, so I do not understand what = information does it add. It does not hurt, so I will add the same = sentence to my draft. =20 If you have something else in mind please describe the attack method = that I should mention. =20 Thanks,=20 Eric=20 =20 =20 From: netconf < = netconf-bounces@ietf.org> On Behalf Of Mahesh Jethanandani Sent: Tuesday, September 24, 2019 1:50 PM To: Netconf < netconf@ietf.org> Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 We were supposed to have closed on the WGLC today. However, between the = document becoming a WG item and it going into LC, we have not received = too many comments on the draft. As such, we are extending the LC by = another week. Please review the draft and provide any comments you might = have. =20 Mahesh & Kent (as co-chairs) =20 =20 On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani < = mjethanandani@gmail.com> wrote: =20 Authors have published = -04 version of the draft, which addresses comments they received in = IETF 105. If you provided comments please check to make sure your = comments have been addressed. At this point, the authors believe that = the document is ready for WGLC. =20 This therefore starts a two week LC, ending on September 24th. Please = provide any technical comments you might have on the document. If you = believe the document is not ready for LC, please state your reasons. =20 We will issue a IPR poll separately.=20 =20 Mahesh & Kent (as co-chairs) =20 =20 =20 =20 =20 Mahesh Jethanandani mjethanandani@gmail.com =20 =20 =20 =20 ------=_NextPart_001_06FB_01D57938.0BC384B0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

 

From: Mahesh Jethanandani = <mjethanandani@gmail.com>
Sent: 2019. okt=C3=B3ber 2., = szerda 1:00
To: Bal=C3=A1zs Lengyel = <balazs.lengyel@ericsson.com>
Cc: Eric Voit (evoit) = <evoit@cisco.com>; Alexander Clemm <ludwig@clemm.org>; = Benoit Claise <bclaise@cisco.com>; Netconf = <netconf@ietf.org>
Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

Hi = Balasz,

 

I = have reviewed your preliminary next version of the document (-05), and = have the following comments. Some of these comments might be duplicates = or overlap with comments provided by others.

 

Minor issues:

 

- = Please fix the sub-title of the draft as it refers to -04 version of the = document.

BALAZS: OK, done

 

- = Can we get a consistent view in the draft using either = publisher/subscriber or server/client in the document. I see = Publisher/Receiver, client/management combinations also used in the = document.

BALAZS: I changed to use subscriber/publisher = except in cases where we speak about datastores and functionality based = on

get, getconfig operations. In this latter case = it is really the server functionality that is = discussed.

 

- = Can we use 'on-change consistently' in the document. I see both = "on-change" and "on change=E2=80=9D

BALAZS:OK, =C2=A0Found 1 = =E2=80=9Con change=E2=80=9D replaced with = =E2=80=9Con-change=E2=80=9D

 

- = I still see reference to Yang instead of YANG in the = document.

BALAZS: OK, = corrected.

 

- = Remove Section 6.

BALAZS: OK

 

Remaining comments:

 

Introduction

 

s/identify for which objects/identify which = objects

BALAZS: OK

 

OLD:

 

   During NMS implementation for = any

  =  functionality that depends on the notifications the information = about

   on = change notification capability is = needed.

 

NEW:

 

   A NMS implementation that wants to = support notifications, needs the information = about

  =  on-change notification capability.

BALAZS: = OK

 

Can you explain the following statement. What does it = mean for the =E2=80=9Cnetwork node to be ready=E2=80=9D? =

BALAZS: In Ericsson and our customers usually = start designing the management system for a node even before it is ready = or fully implemented or released or handed over to the customer. = That=E2=80=99s what I to shorten to = =E2=80=9Cready=E2=80=9D.

Exchange capability information? Also, if that = capability is exchanged at run-time what would the subscriber do? Per = your explanation, the =E2=80=9Cimplementation time=E2=80=9D capability = requires an implementation, and therefore an implementation not knowing = it would have to discard this = capability??? 

 

  "If the information = is

   not = documented in a way available to the NMS designer, but only = as

  =  instance data from the network node once it is deployed, the = NMS

  =  implementation will be delayed, because it has to wait for = the

  =  network node to be = ready."

 

The rest of the explanation on that paragraph of not = having a =E2=80=9Dcorrectly configured network node available to = retrieve data=E2=80=9D could use an example. I am not clear in what way = an incorrectly configured network node would create a problem = specifically in this situation, other than the fact that any incorrectly = configured node is a problem.

BALAZS: The point is that if you do not = have=C2=A0 the capabilities documented in implementation-time and = available off-line,

 

you need a fully = implemented live server/publisher network node to read that information = from. A NMS can handle 10-100 node types. To get this information from = each you would need these network nodes up and running in your lab. = Usually you also need to configure the network node to get access to its = Netconf interface/CLI. In some cases specific information is only = available if the correct licenses are installed for the network node. =

So to get the information from a live server in = run-time, you may need to

  1. Have the = network node available
  2. Need to = configure the node to some level
  3. Need = authentication information for it
  4. Need = licenses for it.

 

Thanks.

 



On Sep 30, 2019, at 2:20 AM, Bal=C3=A1zs Lengyel = <balazs.lengyel@ericsson.com> wrote:

 

From: Eric Voit (evoit) <evoit@cisco.com> 
Sent: 2019. szeptember 27., = p=C3=A9ntek 21:42
To: Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com>; = Mahesh Jethanandani <mjethanandani@gmail.com>; Alexander = Clemm <ludwig@clemm.org>; Benoit Claise = (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject:=  RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

Hi Balazs,

 

Some more thoughts in-line.   I cut out = those I think closed.

 

From: Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com> 
Sent: Friday, September 27, 2019 = 8:48 AM
To: Eric Voit (evoit) <evoit@cisco.com>; Mahesh = Jethanandani <mjethanandani@gmail.com>; Alexander = Clemm <ludwig@clemm.org>; Benoit Claise = (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject:=  RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

Thanks for the comments. = See answers below. 

I hope the group = will be ok with using the term publisher instead of server. IMHO it is = clearer as the client server relationship can be reversed e.g. for https = notification transport.

Balazs

 

From: Eric Voit (evoit) <evoit@cisco.com> 
Sent: 2019. szeptember 24., kedd = 23:15
To: Mahesh Jethanandani <mjethanandani@gmail.com>; = Bal=C3=A1zs Lengyel <balazs.lengyel@ericsson.com>; = Alexander Clemm <ludwig@clemm.org>; Benoit Claise = (bclaise) <bclaise@cisco.com>
Cc: Netconf <netconf@ietf.org>
Subject:=  RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

Here are some comments...

 

On-change Notification Capability: Is this different = from support for RFC-8641 feature "on-change"?  If they = are the same, it might be possible to remove the term.  Especially = as this term is used inconsistently.

BALAZS: In RFC 8641 = on-change is not defined as a capability. It is used for many more = things (e.g. On-change subscription,  trigger condition, type of = push updates, a feature.) In this draft the on change capability is just = the servers capability to send on-change notification globally, for a = specific datastore or a specific data node. Description will be = reworded.

<Eric> It will be good to see the = reword.   I still am not clear how this different from the = RFC-8641 feature "on-change", along with this feature being = associated with specific nodes.  

BALAZS2: 

On-change Notification Capability: The = capability of the server to

   send on-change notifications for a = specific datastore or a specific

   data = node.

 

 

Section 3

 

Paragraph 2, bullet 2: Instead of  "amount = of notifications the server can send out", do you mean "the = minimum periodicity of updates which a server can send out for an = object"

BALAZS: That too, but also the = max-objects-per-update. I was told not to repeat information in the main = text and in the YANG module, so I tried to find a wording that covers = both. Also  its not always the minimum times. Some servers support =  a specific set of times, not a anything over a = minimum.

<Eric> Ok, so this bullet is a bucket of various = types of information.  Which is fine with = me.

 

 

Paragraph 2, bullets 3 & 4: I don't think these = should be indented as bullets are they are more about proper behavior of = a correctly populated model.

BALAZS: I don=E2=80=99t = really understand this comment.  Please = explain.

<Eric> Looking at the text, bullets 3 is written = to say how capabilities value can be set (i.e., how) rather than that = they can be set for different levels (i.e., what).  Getting = consistency so that the bullets are all 'how' or all 'what' items would = help readability.  

BALAZS2: OK, I get it. = You are right, to be corrected.

 

 

Paragraph 3, bullets 2: why isn't SHALL instead = MUST?   Also, shouldn't this point out that both NETCONF and = RESTCONF MUST be supported if on-change is advertised, and this draft is = supported?

BALAZS: As I understand RFC 2119 MUST and SHALL = both mean the same, but I will change to MUST. No I do not want to = mandate implementing both Netconf AND Restconf. IMO a server with just = Netconf would work just fine; or maybe I misunderstand your = comment?

<Eric> The second part of my comment was about = ensuring that IF this model was available, and the publisher supports = both RFC-8640 & draft-ietf-netconf-restconf-notif, then this = specification MUST be able to push changes over both NETCONF and = RESTCONF.    Thinking more, this is actually a generic = question which is likely already answered: how do you know which models = are supported for which transports.   As advertisement is by = transport, I withdraw this question.  

BALAZS2: Some = implementations have a yang extension statement to specify whether =  a model is visible on specific = interfaces

 

Section 4

 

I = suspect that you will need to do a security analysis per YANG = object.   This has been done the other YANG push = family.

BALAZS: The full module is readOnly and not = sensitive or private in any manner.  The security text for the = readOnly parts of YangPush is the exact same text: not very informative, = but gives you the illusion of security = awareness.

<Eric> You can ignore my comment.  In doing = RFC-8639, I needed to put in read/write analysis for each object.  = And this did sometime include the risks of internally setting values = which were read-only from the model.  Perhaps this will not be = required during later draft reviews in the publication = process.

 

I = suspect that manipulating the reporting intervals could have some = security implications.   E.g., a hacker could push up the = damping period or periodic interval to a level where the information = they are changing then becomes invisible to a monitoring = system.

BALAZS: The full YAM is read-only so = manipulating the data is not a = concern.

<Eric> Per my previous point, if the IETF = process says you don't need to highlight such possibilities, then I am = good.

BALAZS2:

In rfc8639 the text says = for readOnly data nodes something like: 

If access control is not properly configured, = can expose

      system = internals to those who should not have access to = this

      = information.

That is true for any bit of data, so I do not = understand what information does it add. It does not hurt, so I will add = the same sentence to my draft.

 

If you have something = else in mind please describe the attack method that I should = mention.

</Eric>

 

Thanks, 

Eric 

 

 

From: netconf <netconf-bounces@ietf.org> On Behalf Of Mahesh = Jethanandani
Sent: Tuesday, September 24, 2019 = 1:50 PM
To: Netconf <netconf@ietf.org>
Subject:=  Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

We were supposed to have closed on the WGLC today. = However, between the document becoming a WG item and it going into LC, = we have not received too many comments on the draft. As such, we are = extending the LC by another week. Please review the draft and provide = any comments you might have.

 

Mahesh & Kent (as = co-chairs)

 

 

On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani = <mjethanandani@gmail.com> = wrote:

 

Authors have published -04 version of = the draft, which addresses comments they received in IETF 105. If you = provided comments please check to make sure your comments have been = addressed. At this point, the authors believe that the document is ready = for WGLC.

 

This therefore starts a two week LC, ending on = September 24th. Please provide any technical comments you might have on = the document. If you believe the document is not ready for LC, please = state your reasons.

 

We will issue a IPR poll = separately. 

 

Mahesh & Kent (as = co-chairs)

 

 

 

 

<draft-ietf-netconf-notification-capabilities-05b.tx= t>

 

Mahesh Jethanandani

 

 

 

------=_NextPart_001_06FB_01D57938.0BC384B0-- ------=_NextPart_000_06FA_01D57938.0BC384B0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAwMjEzNDI0OVowIwYJKoZIhvcNAQkEMRYEFIFCXj0VJltRoDm2Rag669D1CTkeMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQA5bnrDPvElh/1iQGCnPeKajwAtzctyL1vAW10Wk52LIoaMFs4FiDFa CPJ3zH/gcsvkSJHaxtOLzALpfNZBvfNNFmHG5UmUVd803FH8Ycd5j5r4Rekkvn1kzvOl/CQeFPse PUbXjWMMWQ8KQNQgJquJtBLNIQMpCXm9+wh4dTa9WKjt4tDe6Rdr3grl8YjrQG0soTVDY3McqqLQ COAYi14TR8EAD7/tBVI4pg0R3QRlhF+0vOT0LQkbRtXMdh/ipfFI3q35M1EeDgDon6nnb9R3uveS duR7nNol+Y9tJyhk77R/N+S7XuXmHC/N6aLOGjjhsaURxyUS/qjTLrrVVD0OAAAAAAAA ------=_NextPart_000_06FA_01D57938.0BC384B0-- From nobody Wed Oct 2 09:53:06 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4851202DD for ; Wed, 2 Oct 2019 09:53:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=epjC+FQL; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=YB6VY9Y2 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S56GcfpSHMFM for ; Wed, 2 Oct 2019 09:53:00 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E371A12016E for ; Wed, 2 Oct 2019 09:52:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=55889; q=dns/txt; s=iport; t=1570035179; x=1571244779; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=v7gp487f08xRKGHSl1GwEsIkhHjPLNYe1wdTFa5WIQY=; b=epjC+FQL0mf9AnLqZuvY0k3SXaXbrT9PyIKoeHyW6xenBs1UQHTbRr6M li0L2VkN/55Y4Vfp3zvFJ7jMUsExUGaDLdcqZEw/f1WP2qfNn7vqRnnCP 8LBzLzGmXRGFhwI/hLIp//1GYpbTKVhH0nqp/l4idzuJRsl8rlnH+A1Ot s=; IronPort-PHdr: =?us-ascii?q?9a23=3ATcM/KRXxFaVMstRmZL1Bx0HqpvzV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank4F8BLTlxo13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AGAAA21ZRd/49dJa1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQwBAQEBAQGBUwQBAQEBAQsBgRsvUANtViAECyoKhBiDRwOEVIVqgly?= =?us-ascii?q?JZ44QgS6BJANQBAkBAQEMAQEYAQwIAgEBg3tFAheCJiM0CQ4CAwkBAQQBAQE?= =?us-ascii?q?CAQUEbYUtDIVLAQEBBAEBEBEdAQEsBAUCAQ8CAQgRBAEBDhMBBgMCAgIfBgs?= =?us-ascii?q?UCQgCBA4FIoMAAYEdTQMdAQIMpVMCgTiIYXWBMoJ9AQEFgTgCg00NC4IXAwa?= =?us-ascii?q?BNAGFFYQvgkkYgUA/gREnH4JMPoIaRwEBAgGBSEMJAoJVMoImjQwmgX83hTC?= =?us-ascii?q?JK44rQQqCIoYkZIoIhAYbgjiHToQqiSqBX49jhmGCDIsog1oCBAIEBQIOAQE?= =?us-ascii?q?FgVI5gVhwFTsqAYJBUBAUgU8MF4NQhRSFP3QBAYEnjngBgSIBAQ?= X-IronPort-AV: E=Sophos;i="5.67,249,1566864000"; d="scan'208,217";a="419935008" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Oct 2019 16:52:57 +0000 Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x92Gqu33002619 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Oct 2019 16:52:57 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 11:52:56 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 11:52:55 -0500 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 2 Oct 2019 11:52:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gtxxxokuphvSL+J/hT8gGSWJ+yoWtIsLhRLfdM6MoEyXU1KwGaYioqc5aImzyVJGP8UDNFnXky+lDriyrcTHLIV8pShmgrXQlByUAVsrmHFJemwYn9pz5OGJql0FCM0uXsEL5N4EHhxnd12+0qtsqr8z0EAF+scYxV2JTy/e1hz9TKq37t0JXJq4OD5OHHIJsqDrqrTezO1GIDW5ZYOMcqX9MSRUOKUHaYxmmeYdyqURxgQd9C6L+17ED1GFqhlHiCGl3AmvUobUD3RXUeoSZib/pktZSiAkH/Fi4mbxNyZ3jjH4Xc5QB4WEZHjI+3JRFXAbo5xQw6Sir80oHSjL0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v7gp487f08xRKGHSl1GwEsIkhHjPLNYe1wdTFa5WIQY=; b=BGqY7J0Hn4U7XEwYU7/8wU0UlMff178zV+9STSccLQsJ+P/nY0LCYlIamrcTKA/WEyGq2Cup6S3OnVfQ/ypFrF87HnehfWhx0dQK3mVlVa8RSnAPLtVcmkfbU+IU0JGsUL7a4LRE/EdlADWV6GSlAbh6f0VzhgzY5atGBPHK6AwQ6SBhlJZVv6WW2SDXFTFiPFVxM874E7evNuufwomydWdMDVQYgIybu27hdxms0x0sCyxVJgEtMAhySHeOuBtKuLaYucDo8nmH/0+j/tmrHeRtkcEuGnkMq4COFnXG2topMF1FBaZaRIebFMDWeYyfi/Csxb6O1k5TrrObJ05/3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v7gp487f08xRKGHSl1GwEsIkhHjPLNYe1wdTFa5WIQY=; b=YB6VY9Y2pH+/quGZiOgEhU9PmPwEuQl8V/zOBYXvO1FtiBu9DWKdAJSZwfo+v0WPxYtybS615yYDllfD4xxIySpy8ZMMYAhobw9iw4Si4vDW6wWrakuo0Lh2c6Q+6/yZSDXheKNUvkhJu+8/SZEwpwHqQMJbnVk21xlmA6nW1GE= Received: from DM6PR11MB3418.namprd11.prod.outlook.com (20.177.219.223) by DM6PR11MB3337.namprd11.prod.outlook.com (20.176.122.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Wed, 2 Oct 2019 16:52:54 +0000 Received: from DM6PR11MB3418.namprd11.prod.outlook.com ([fe80::3848:4383:2407:7fdf]) by DM6PR11MB3418.namprd11.prod.outlook.com ([fe80::3848:4383:2407:7fdf%5]) with mapi id 15.20.2305.022; Wed, 2 Oct 2019 16:52:54 +0000 From: "Joe Clarke (jclarke)" To: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= CC: "Eric Voit (evoit)" , Mahesh Jethanandani , Alexander Clemm , "Benoit Claise (bclaise)" , Netconf Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiuj3L8+VDGQ0WrhdW5flWlRKc7MLcAgAA5KYCABClNAIAAc7oAgAQJhYCAA6LrAA== Date: Wed, 2 Oct 2019 16:52:54 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jclarke@cisco.com; x-originating-ip: [173.38.117.78] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a08ce805-a0e3-490d-5b6f-08d74758f85d x-ms-traffictypediagnostic: DM6PR11MB3337: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0178184651 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(346002)(396003)(39860400002)(366004)(199004)(189003)(51914003)(11346002)(6306002)(186003)(6512007)(316002)(66066001)(486006)(26005)(54896002)(15650500001)(6246003)(6436002)(66574012)(229853002)(2906002)(6486002)(25786009)(236005)(446003)(53546011)(966005)(478600001)(76176011)(2616005)(102836004)(6506007)(476003)(5660300002)(66446008)(76116006)(14444005)(36756003)(7736002)(91956017)(14454004)(99286004)(64756008)(66556008)(71190400001)(66476007)(66946007)(71200400001)(606006)(3846002)(6116002)(4326008)(81156014)(8676002)(33656002)(81166006)(86362001)(54906003)(8936002)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB3337; H:DM6PR11MB3418.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OyFnGh6JqrrG5JrWt11vfoageppymh18lq+52V0lnXSZMTG1OI9zKxmUgavL/nysIoP6029bnl5AayFoCqg15h25D0/RrL1iNqLHtsqUbMKNinNEg+2WRM4HUWFVTCvj7a+9nnVWnNH/SmEUrbAWyR98VIUfajHVLbVrfar8lvKr8WxTnRYLgmhbyWx1Lvt4/1lubrA5qobJqHpQVcphTRquJyMJ51WieLl4my3EPH8Xj7+xBKdVjOujk5z1CqAbtpJR6R5QMBbJib7N+18eR1wZwbEQFqcpTEXStq9bEC1cU3Ijo1dMKjbphjGJCH2pnuVssGsBYCFJ1nlYd2whB9Klo6MJSFk50H9LRtVtrcSjo6PWJQXB8Emsy6pVCoKphGhczDw+4Nm3m6q6ZdQpKpNMlhjtv3Y+x+QfohS1SVT43O74r4dfpzStfxbrGSFHJ6IRuhbozJTG6vF82vSI/A== Content-Type: multipart/alternative; boundary="_000_B7C05E213B4B481D949F45FD6B2D1103ciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: a08ce805-a0e3-490d-5b6f-08d74758f85d X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2019 16:52:54.4287 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: DSCQX4XswccIXuH5ZANegJQrziy7TtzCEALlAY5C8U9ODOmgW266/hwSr3kxNgmzI7/nqFjhneJDggfz5WugEA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3337 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.22, xch-aln-012.cisco.com X-Outbound-Node: rcdn-core-7.cisco.com Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 16:53:05 -0000 --_000_B7C05E213B4B481D949F45FD6B2D1103ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQoNCk9uIFNlcCAzMCwgMjAxOSwgYXQgMDU6MjAsIEJhbMOhenMgTGVuZ3llbCA8YmFsYXpzLmxl bmd5ZWw9NDBlcmljc3Nvbi5jb21AZG1hcmMuaWV0Zi5vcmc8bWFpbHRvOmJhbGF6cy5sZW5neWVs PTQwZXJpY3Nzb24uY29tQGRtYXJjLmlldGYub3JnPj4gd3JvdGU6DQoNCkhlbGxvLA0KSGVyZSBp cyBhIHByZWxpbWluYXJ5IG5leHQgdmVyc2lvbiAobm90IHN1Ym1pdHRlZCB5ZXQpLiBTZWUgYWxz byBiZWxvdy4NCg0KSSBoYXZlIHJldmlld2VkIHRoaXMgdmVyc2lvbiBhbmQgbG9va2VkIGF0IG90 aGVyc+KAmSBjb21tZW50cy4gIEkgdGhpbmsgdGhpcyBkb2N1bWVudCBpcyByZWFkeSAoYmFzZWQg b24gdGhlIGFkZHJlc3Npbmcgb2Ygb3RoZXJz4oCZIGNvbW1lbnRzKSwgYW5kIEkgc3VwcG9ydCBp dHMgZ29hbHMuICBUaGlzIHdpbGwgbWFrZSB0aGUgY29uc3VtcHRpb24gb2YgdGVsZW1ldHJ5IG11 Y2ggZWFzaWVyIGZvciBvcGVyYXRvcnMuDQoNCkpvZQ0KDQpSZWdhcmRzIEJhbGF6cw0KDQpGcm9t OiBFcmljIFZvaXQgKGV2b2l0KSA8ZXZvaXRAY2lzY28uY29tPG1haWx0bzpldm9pdEBjaXNjby5j b20+Pg0KU2VudDogMjAxOS4gc3plcHRlbWJlciAyNy4sIHDDqW50ZWsgMjE6NDINClRvOiBCYWzD oXpzIExlbmd5ZWwgPGJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTxtYWlsdG86YmFsYXpzLmxl bmd5ZWxAZXJpY3Nzb24uY29tPj47IE1haGVzaCBKZXRoYW5hbmRhbmkgPG1qZXRoYW5hbmRhbmlA Z21haWwuY29tPG1haWx0bzptamV0aGFuYW5kYW5pQGdtYWlsLmNvbT4+OyBBbGV4YW5kZXIgQ2xl bW0gPGx1ZHdpZ0BjbGVtbS5vcmc8bWFpbHRvOmx1ZHdpZ0BjbGVtbS5vcmc+PjsgQmVub2l0IENs YWlzZSAoYmNsYWlzZSkgPGJjbGFpc2VAY2lzY28uY29tPG1haWx0bzpiY2xhaXNlQGNpc2NvLmNv bT4+DQpDYzogTmV0Y29uZiA8bmV0Y29uZkBpZXRmLm9yZzxtYWlsdG86bmV0Y29uZkBpZXRmLm9y Zz4+DQpTdWJqZWN0OiBSRTogW25ldGNvbmZdIFdHTEMgZm9yIGRyYWZ0LWlldGYtbmV0Y29uZi1u b3RpZmljYXRpb24tY2FwYWJpbGl0aWVzDQoNCkhpIEJhbGF6cywNCg0KU29tZSBtb3JlIHRob3Vn aHRzIGluLWxpbmUuICAgSSBjdXQgb3V0IHRob3NlIEkgdGhpbmsgY2xvc2VkLg0KDQpGcm9tOiBC YWzDoXpzIExlbmd5ZWwgPGJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTxtYWlsdG86YmFsYXpz Lmxlbmd5ZWxAZXJpY3Nzb24uY29tPj4NClNlbnQ6IEZyaWRheSwgU2VwdGVtYmVyIDI3LCAyMDE5 IDg6NDggQU0NClRvOiBFcmljIFZvaXQgKGV2b2l0KSA8ZXZvaXRAY2lzY28uY29tPG1haWx0bzpl dm9pdEBjaXNjby5jb20+PjsgTWFoZXNoIEpldGhhbmFuZGFuaSA8bWpldGhhbmFuZGFuaUBnbWFp bC5jb208bWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21haWwuY29tPj47IEFsZXhhbmRlciBDbGVtbSA8 bHVkd2lnQGNsZW1tLm9yZzxtYWlsdG86bHVkd2lnQGNsZW1tLm9yZz4+OyBCZW5vaXQgQ2xhaXNl IChiY2xhaXNlKSA8YmNsYWlzZUBjaXNjby5jb208bWFpbHRvOmJjbGFpc2VAY2lzY28uY29tPj4N CkNjOiBOZXRjb25mIDxuZXRjb25mQGlldGYub3JnPG1haWx0bzpuZXRjb25mQGlldGYub3JnPj4N ClN1YmplY3Q6IFJFOiBbbmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRjb25mLW5vdGlm aWNhdGlvbi1jYXBhYmlsaXRpZXMNCg0KVGhhbmtzIGZvciB0aGUgY29tbWVudHMuIFNlZSBhbnN3 ZXJzIGJlbG93Lg0KSSBob3BlIHRoZSBncm91cCB3aWxsIGJlIG9rIHdpdGggdXNpbmcgdGhlIHRl cm0gcHVibGlzaGVyIGluc3RlYWQgb2Ygc2VydmVyLiBJTUhPIGl0IGlzIGNsZWFyZXIgYXMgdGhl IGNsaWVudCBzZXJ2ZXIgcmVsYXRpb25zaGlwIGNhbiBiZSByZXZlcnNlZCBlLmcuIGZvciBodHRw cyBub3RpZmljYXRpb24gdHJhbnNwb3J0Lg0KQmFsYXpzDQoNCkZyb206IEVyaWMgVm9pdCAoZXZv aXQpIDxldm9pdEBjaXNjby5jb208bWFpbHRvOmV2b2l0QGNpc2NvLmNvbT4+DQpTZW50OiAyMDE5 LiBzemVwdGVtYmVyIDI0Liwga2VkZCAyMzoxNQ0KVG86IE1haGVzaCBKZXRoYW5hbmRhbmkgPG1q ZXRoYW5hbmRhbmlAZ21haWwuY29tPG1haWx0bzptamV0aGFuYW5kYW5pQGdtYWlsLmNvbT4+OyBC YWzDoXpzIExlbmd5ZWwgPGJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTxtYWlsdG86YmFsYXpz Lmxlbmd5ZWxAZXJpY3Nzb24uY29tPj47IEFsZXhhbmRlciBDbGVtbSA8bHVkd2lnQGNsZW1tLm9y ZzxtYWlsdG86bHVkd2lnQGNsZW1tLm9yZz4+OyBCZW5vaXQgQ2xhaXNlIChiY2xhaXNlKSA8YmNs YWlzZUBjaXNjby5jb208bWFpbHRvOmJjbGFpc2VAY2lzY28uY29tPj4NCkNjOiBOZXRjb25mIDxu ZXRjb25mQGlldGYub3JnPG1haWx0bzpuZXRjb25mQGlldGYub3JnPj4NClN1YmplY3Q6IFJFOiBb bmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRjb25mLW5vdGlmaWNhdGlvbi1jYXBhYmls aXRpZXMNCg0KSGVyZSBhcmUgc29tZSBjb21tZW50cy4uLg0KDQpPbi1jaGFuZ2UgTm90aWZpY2F0 aW9uIENhcGFiaWxpdHk6IElzIHRoaXMgZGlmZmVyZW50IGZyb20gc3VwcG9ydCBmb3IgUkZDLTg2 NDEgZmVhdHVyZSAib24tY2hhbmdlIj8gIElmIHRoZXkgYXJlIHRoZSBzYW1lLCBpdCBtaWdodCBi ZSBwb3NzaWJsZSB0byByZW1vdmUgdGhlIHRlcm0uICBFc3BlY2lhbGx5IGFzIHRoaXMgdGVybSBp cyB1c2VkIGluY29uc2lzdGVudGx5Lg0KQkFMQVpTOiBJbiBSRkMgODY0MSBvbi1jaGFuZ2UgaXMg bm90IGRlZmluZWQgYXMgYSBjYXBhYmlsaXR5LiBJdCBpcyB1c2VkIGZvciBtYW55IG1vcmUgdGhp bmdzIChlLmcuIE9uLWNoYW5nZSBzdWJzY3JpcHRpb24sICB0cmlnZ2VyIGNvbmRpdGlvbiwgdHlw ZSBvZiBwdXNoIHVwZGF0ZXMsIGEgZmVhdHVyZS4pIEluIHRoaXMgZHJhZnQgdGhlIG9uIGNoYW5n ZSBjYXBhYmlsaXR5IGlzIGp1c3QgdGhlIHNlcnZlcnMgY2FwYWJpbGl0eSB0byBzZW5kIG9uLWNo YW5nZSBub3RpZmljYXRpb24gZ2xvYmFsbHksIGZvciBhIHNwZWNpZmljIGRhdGFzdG9yZSBvciBh IHNwZWNpZmljIGRhdGEgbm9kZS4gRGVzY3JpcHRpb24gd2lsbCBiZSByZXdvcmRlZC4NCjxFcmlj PiBJdCB3aWxsIGJlIGdvb2QgdG8gc2VlIHRoZSByZXdvcmQuICAgSSBzdGlsbCBhbSBub3QgY2xl YXIgaG93IHRoaXMgZGlmZmVyZW50IGZyb20gdGhlIFJGQy04NjQxIGZlYXR1cmUgIm9uLWNoYW5n ZSIsIGFsb25nIHdpdGggdGhpcyBmZWF0dXJlIGJlaW5nIGFzc29jaWF0ZWQgd2l0aCBzcGVjaWZp YyBub2Rlcy4NCkJBTEFaUzI6DQpPbi1jaGFuZ2UgTm90aWZpY2F0aW9uIENhcGFiaWxpdHk6IFRo ZSBjYXBhYmlsaXR5IG9mIHRoZSBzZXJ2ZXIgdG8NCiAgIHNlbmQgb24tY2hhbmdlIG5vdGlmaWNh dGlvbnMgZm9yIGEgc3BlY2lmaWMgZGF0YXN0b3JlIG9yIGEgc3BlY2lmaWMNCiAgIGRhdGEgbm9k ZS4NCg0KDQpTZWN0aW9uIDMNCg0KUGFyYWdyYXBoIDIsIGJ1bGxldCAyOiBJbnN0ZWFkIG9mICAi YW1vdW50IG9mIG5vdGlmaWNhdGlvbnMgdGhlIHNlcnZlciBjYW4gc2VuZCBvdXQiLCBkbyB5b3Ug bWVhbiAidGhlIG1pbmltdW0gcGVyaW9kaWNpdHkgb2YgdXBkYXRlcyB3aGljaCBhIHNlcnZlciBj YW4gc2VuZCBvdXQgZm9yIGFuIG9iamVjdCINCkJBTEFaUzogVGhhdCB0b28sIGJ1dCBhbHNvIHRo ZSBtYXgtb2JqZWN0cy1wZXItdXBkYXRlLiBJIHdhcyB0b2xkIG5vdCB0byByZXBlYXQgaW5mb3Jt YXRpb24gaW4gdGhlIG1haW4gdGV4dCBhbmQgaW4gdGhlIFlBTkcgbW9kdWxlLCBzbyBJIHRyaWVk IHRvIGZpbmQgYSB3b3JkaW5nIHRoYXQgY292ZXJzIGJvdGguIEFsc28gIGl0cyBub3QgYWx3YXlz IHRoZSBtaW5pbXVtIHRpbWVzLiBTb21lIHNlcnZlcnMgc3VwcG9ydCAgYSBzcGVjaWZpYyBzZXQg b2YgdGltZXMsIG5vdCBhIGFueXRoaW5nIG92ZXIgYSBtaW5pbXVtLg0KPEVyaWM+IE9rLCBzbyB0 aGlzIGJ1bGxldCBpcyBhIGJ1Y2tldCBvZiB2YXJpb3VzIHR5cGVzIG9mIGluZm9ybWF0aW9uLiAg V2hpY2ggaXMgZmluZSB3aXRoIG1lLg0KDQoNClBhcmFncmFwaCAyLCBidWxsZXRzIDMgJiA0OiBJ IGRvbid0IHRoaW5rIHRoZXNlIHNob3VsZCBiZSBpbmRlbnRlZCBhcyBidWxsZXRzIGFyZSB0aGV5 IGFyZSBtb3JlIGFib3V0IHByb3BlciBiZWhhdmlvciBvZiBhIGNvcnJlY3RseSBwb3B1bGF0ZWQg bW9kZWwuDQpCQUxBWlM6IEkgZG9u4oCZdCByZWFsbHkgdW5kZXJzdGFuZCB0aGlzIGNvbW1lbnQu ICBQbGVhc2UgZXhwbGFpbi4NCjxFcmljPiBMb29raW5nIGF0IHRoZSB0ZXh0LCBidWxsZXRzIDMg aXMgd3JpdHRlbiB0byBzYXkgaG93IGNhcGFiaWxpdGllcyB2YWx1ZSBjYW4gYmUgc2V0IChpLmUu LCBob3cpIHJhdGhlciB0aGFuIHRoYXQgdGhleSBjYW4gYmUgc2V0IGZvciBkaWZmZXJlbnQgbGV2 ZWxzIChpLmUuLCB3aGF0KS4gIEdldHRpbmcgY29uc2lzdGVuY3kgc28gdGhhdCB0aGUgYnVsbGV0 cyBhcmUgYWxsICdob3cnIG9yIGFsbCAnd2hhdCcgaXRlbXMgd291bGQgaGVscCByZWFkYWJpbGl0 eS4NCkJBTEFaUzI6IE9LLCBJIGdldCBpdC4gWW91IGFyZSByaWdodCwgdG8gYmUgY29ycmVjdGVk Lg0KDQoNClBhcmFncmFwaCAzLCBidWxsZXRzIDI6IHdoeSBpc24ndCBTSEFMTCBpbnN0ZWFkIE1V U1Q/ICAgQWxzbywgc2hvdWxkbid0IHRoaXMgcG9pbnQgb3V0IHRoYXQgYm90aCBORVRDT05GIGFu ZCBSRVNUQ09ORiBNVVNUIGJlIHN1cHBvcnRlZCBpZiBvbi1jaGFuZ2UgaXMgYWR2ZXJ0aXNlZCwg YW5kIHRoaXMgZHJhZnQgaXMgc3VwcG9ydGVkPw0KQkFMQVpTOiBBcyBJIHVuZGVyc3RhbmQgUkZD IDIxMTkgTVVTVCBhbmQgU0hBTEwgYm90aCBtZWFuIHRoZSBzYW1lLCBidXQgSSB3aWxsIGNoYW5n ZSB0byBNVVNULiBObyBJIGRvIG5vdCB3YW50IHRvIG1hbmRhdGUgaW1wbGVtZW50aW5nIGJvdGgg TmV0Y29uZiBBTkQgUmVzdGNvbmYuIElNTyBhIHNlcnZlciB3aXRoIGp1c3QgTmV0Y29uZiB3b3Vs ZCB3b3JrIGp1c3QgZmluZTsgb3IgbWF5YmUgSSBtaXN1bmRlcnN0YW5kIHlvdXIgY29tbWVudD8N CjxFcmljPiBUaGUgc2Vjb25kIHBhcnQgb2YgbXkgY29tbWVudCB3YXMgYWJvdXQgZW5zdXJpbmcg dGhhdCBJRiB0aGlzIG1vZGVsIHdhcyBhdmFpbGFibGUsIGFuZCB0aGUgcHVibGlzaGVyIHN1cHBv cnRzIGJvdGggUkZDLTg2NDAgJiBkcmFmdC1pZXRmLW5ldGNvbmYtcmVzdGNvbmYtbm90aWYsIHRo ZW4gdGhpcyBzcGVjaWZpY2F0aW9uIE1VU1QgYmUgYWJsZSB0byBwdXNoIGNoYW5nZXMgb3ZlciBi b3RoIE5FVENPTkYgYW5kIFJFU1RDT05GLiAgICBUaGlua2luZyBtb3JlLCB0aGlzIGlzIGFjdHVh bGx5IGEgZ2VuZXJpYyBxdWVzdGlvbiB3aGljaCBpcyBsaWtlbHkgYWxyZWFkeSBhbnN3ZXJlZDog aG93IGRvIHlvdSBrbm93IHdoaWNoIG1vZGVscyBhcmUgc3VwcG9ydGVkIGZvciB3aGljaCB0cmFu c3BvcnRzLiAgIEFzIGFkdmVydGlzZW1lbnQgaXMgYnkgdHJhbnNwb3J0LCBJIHdpdGhkcmF3IHRo aXMgcXVlc3Rpb24uDQpCQUxBWlMyOiBTb21lIGltcGxlbWVudGF0aW9ucyBoYXZlIGEgeWFuZyBl eHRlbnNpb24gc3RhdGVtZW50IHRvIHNwZWNpZnkgd2hldGhlciAgYSBtb2RlbCBpcyB2aXNpYmxl IG9uIHNwZWNpZmljIGludGVyZmFjZXMNCg0KU2VjdGlvbiA0DQoNCkkgc3VzcGVjdCB0aGF0IHlv dSB3aWxsIG5lZWQgdG8gZG8gYSBzZWN1cml0eSBhbmFseXNpcyBwZXIgWUFORyBvYmplY3QuICAg VGhpcyBoYXMgYmVlbiBkb25lIHRoZSBvdGhlciBZQU5HIHB1c2ggZmFtaWx5Lg0KQkFMQVpTOiBU aGUgZnVsbCBtb2R1bGUgaXMgcmVhZE9ubHkgYW5kIG5vdCBzZW5zaXRpdmUgb3IgcHJpdmF0ZSBp biBhbnkgbWFubmVyLiAgVGhlIHNlY3VyaXR5IHRleHQgZm9yIHRoZSByZWFkT25seSBwYXJ0cyBv ZiBZYW5nUHVzaCBpcyB0aGUgZXhhY3Qgc2FtZSB0ZXh0OiBub3QgdmVyeSBpbmZvcm1hdGl2ZSwg YnV0IGdpdmVzIHlvdSB0aGUgaWxsdXNpb24gb2Ygc2VjdXJpdHkgYXdhcmVuZXNzLg0KPEVyaWM+ IFlvdSBjYW4gaWdub3JlIG15IGNvbW1lbnQuICBJbiBkb2luZyBSRkMtODYzOSwgSSBuZWVkZWQg dG8gcHV0IGluIHJlYWQvd3JpdGUgYW5hbHlzaXMgZm9yIGVhY2ggb2JqZWN0LiAgQW5kIHRoaXMg ZGlkIHNvbWV0aW1lIGluY2x1ZGUgdGhlIHJpc2tzIG9mIGludGVybmFsbHkgc2V0dGluZyB2YWx1 ZXMgd2hpY2ggd2VyZSByZWFkLW9ubHkgZnJvbSB0aGUgbW9kZWwuICBQZXJoYXBzIHRoaXMgd2ls bCBub3QgYmUgcmVxdWlyZWQgZHVyaW5nIGxhdGVyIGRyYWZ0IHJldmlld3MgaW4gdGhlIHB1Ymxp Y2F0aW9uIHByb2Nlc3MuDQoNCkkgc3VzcGVjdCB0aGF0IG1hbmlwdWxhdGluZyB0aGUgcmVwb3J0 aW5nIGludGVydmFscyBjb3VsZCBoYXZlIHNvbWUgc2VjdXJpdHkgaW1wbGljYXRpb25zLiAgIEUu Zy4sIGEgaGFja2VyIGNvdWxkIHB1c2ggdXAgdGhlIGRhbXBpbmcgcGVyaW9kIG9yIHBlcmlvZGlj IGludGVydmFsIHRvIGEgbGV2ZWwgd2hlcmUgdGhlIGluZm9ybWF0aW9uIHRoZXkgYXJlIGNoYW5n aW5nIHRoZW4gYmVjb21lcyBpbnZpc2libGUgdG8gYSBtb25pdG9yaW5nIHN5c3RlbS4NCkJBTEFa UzogVGhlIGZ1bGwgWUFNIGlzIHJlYWQtb25seSBzbyBtYW5pcHVsYXRpbmcgdGhlIGRhdGEgaXMg bm90IGEgY29uY2Vybi4NCjxFcmljPiBQZXIgbXkgcHJldmlvdXMgcG9pbnQsIGlmIHRoZSBJRVRG IHByb2Nlc3Mgc2F5cyB5b3UgZG9uJ3QgbmVlZCB0byBoaWdobGlnaHQgc3VjaCBwb3NzaWJpbGl0 aWVzLCB0aGVuIEkgYW0gZ29vZC4NCkJBTEFaUzI6DQpJbiByZmM4NjM5IHRoZSB0ZXh0IHNheXMg Zm9yIHJlYWRPbmx5IGRhdGEgbm9kZXMgc29tZXRoaW5nIGxpa2U6DQpJZiBhY2Nlc3MgY29udHJv bCBpcyBub3QgcHJvcGVybHkgY29uZmlndXJlZCwgY2FuIGV4cG9zZQ0KICAgICAgc3lzdGVtIGlu dGVybmFscyB0byB0aG9zZSB3aG8gc2hvdWxkIG5vdCBoYXZlIGFjY2VzcyB0byB0aGlzDQogICAg ICBpbmZvcm1hdGlvbi4NClRoYXQgaXMgdHJ1ZSBmb3IgYW55IGJpdCBvZiBkYXRhLCBzbyBJIGRv IG5vdCB1bmRlcnN0YW5kIHdoYXQgaW5mb3JtYXRpb24gZG9lcyBpdCBhZGQuIEl0IGRvZXMgbm90 IGh1cnQsIHNvIEkgd2lsbCBhZGQgdGhlIHNhbWUgc2VudGVuY2UgdG8gbXkgZHJhZnQuDQoNCklm IHlvdSBoYXZlIHNvbWV0aGluZyBlbHNlIGluIG1pbmQgcGxlYXNlIGRlc2NyaWJlIHRoZSBhdHRh Y2sgbWV0aG9kIHRoYXQgSSBzaG91bGQgbWVudGlvbi4NCjwvRXJpYz4NCg0KVGhhbmtzLA0KRXJp Yw0KDQoNCkZyb206IG5ldGNvbmYgPG5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86bmV0 Y29uZi1ib3VuY2VzQGlldGYub3JnPj4gT24gQmVoYWxmIE9mIE1haGVzaCBKZXRoYW5hbmRhbmkN ClNlbnQ6IFR1ZXNkYXksIFNlcHRlbWJlciAyNCwgMjAxOSAxOjUwIFBNDQpUbzogTmV0Y29uZiA8 bmV0Y29uZkBpZXRmLm9yZzxtYWlsdG86bmV0Y29uZkBpZXRmLm9yZz4+DQpTdWJqZWN0OiBSZTog W25ldGNvbmZdIFdHTEMgZm9yIGRyYWZ0LWlldGYtbmV0Y29uZi1ub3RpZmljYXRpb24tY2FwYWJp bGl0aWVzDQoNCldlIHdlcmUgc3VwcG9zZWQgdG8gaGF2ZSBjbG9zZWQgb24gdGhlIFdHTEMgdG9k YXkuIEhvd2V2ZXIsIGJldHdlZW4gdGhlIGRvY3VtZW50IGJlY29taW5nIGEgV0cgaXRlbSBhbmQg aXQgZ29pbmcgaW50byBMQywgd2UgaGF2ZSBub3QgcmVjZWl2ZWQgdG9vIG1hbnkgY29tbWVudHMg b24gdGhlIGRyYWZ0LiBBcyBzdWNoLCB3ZSBhcmUgZXh0ZW5kaW5nIHRoZSBMQyBieSBhbm90aGVy IHdlZWsuIFBsZWFzZSByZXZpZXcgdGhlIGRyYWZ0IGFuZCBwcm92aWRlIGFueSBjb21tZW50cyB5 b3UgbWlnaHQgaGF2ZS4NCg0KTWFoZXNoICYgS2VudCAoYXMgY28tY2hhaXJzKQ0KDQoNCk9uIFNl cCAxMCwgMjAxOSwgYXQgMzozOSBQTSwgTWFoZXNoIEpldGhhbmFuZGFuaSA8bWpldGhhbmFuZGFu aUBnbWFpbC5jb208bWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21haWwuY29tPj4gd3JvdGU6DQoNCkF1 dGhvcnMgaGF2ZSBwdWJsaXNoZWQgLTA0PGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1pZXRmLW5ldGNvbmYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllcy0wND4gdmVyc2lvbiBvZiB0 aGUgZHJhZnQsIHdoaWNoIGFkZHJlc3NlcyBjb21tZW50cyB0aGV5IHJlY2VpdmVkIGluIElFVEYg MTA1LiBJZiB5b3UgcHJvdmlkZWQgY29tbWVudHMgcGxlYXNlIGNoZWNrIHRvIG1ha2Ugc3VyZSB5 b3VyIGNvbW1lbnRzIGhhdmUgYmVlbiBhZGRyZXNzZWQuIEF0IHRoaXMgcG9pbnQsIHRoZSBhdXRo b3JzIGJlbGlldmUgdGhhdCB0aGUgZG9jdW1lbnQgaXMgcmVhZHkgZm9yIFdHTEMuDQoNClRoaXMg dGhlcmVmb3JlIHN0YXJ0cyBhIHR3byB3ZWVrIExDLCBlbmRpbmcgb24gU2VwdGVtYmVyIDI0dGgu IFBsZWFzZSBwcm92aWRlIGFueSB0ZWNobmljYWwgY29tbWVudHMgeW91IG1pZ2h0IGhhdmUgb24g dGhlIGRvY3VtZW50LiBJZiB5b3UgYmVsaWV2ZSB0aGUgZG9jdW1lbnQgaXMgbm90IHJlYWR5IGZv ciBMQywgcGxlYXNlIHN0YXRlIHlvdXIgcmVhc29ucy4NCg0KV2Ugd2lsbCBpc3N1ZSBhIElQUiBw b2xsIHNlcGFyYXRlbHkuDQoNCk1haGVzaCAmIEtlbnQgKGFzIGNvLWNoYWlycykNCg0KDQoNCg0K PGRyYWZ0LWlldGYtbmV0Y29uZi1ub3RpZmljYXRpb24tY2FwYWJpbGl0aWVzLTA1Yi50eHQ+X19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCm5ldGNvbmYgbWFp bGluZyBsaXN0DQpuZXRjb25mQGlldGYub3JnPG1haWx0bzpuZXRjb25mQGlldGYub3JnPg0KaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9uZXRjb25mDQoNCg== --_000_B7C05E213B4B481D949F45FD6B2D1103ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+PGJyIGNsYXNz PSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9u IFNlcCAzMCwgMjAxOSwgYXQgMDU6MjAsIEJhbMOhenMgTGVuZ3llbCAmbHQ7PGEgaHJlZj0ibWFp bHRvOmJhbGF6cy5sZW5neWVsPTQwZXJpY3Nzb24uY29tQGRtYXJjLmlldGYub3JnIiBjbGFzcz0i Ij5iYWxhenMubGVuZ3llbD00MGVyaWNzc29uLmNvbUBkbWFyYy5pZXRmLm9yZzwvYT4mZ3Q7IHdy b3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4NCjxkaXYg Y2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiIHN0eWxlPSJwYWdlOiBXb3JkU2Vj dGlvbjE7IGNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7 IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczog bm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0 LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdo aXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tl LXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiPg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpIZWxsbyw8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpIZXJlIGlzIGEg cHJlbGltaW5hcnkgbmV4dCB2ZXJzaW9uIChub3Qgc3VibWl0dGVkIHlldCkuPHNwYW4gY2xhc3M9 IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjog cmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPlNlZSBhbHNvIGJlbG93Ljwvc3Bhbj48L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2 Pg0KPGRpdj5JIGhhdmUgcmV2aWV3ZWQgdGhpcyB2ZXJzaW9uIGFuZCBsb29rZWQgYXQgb3RoZXJz 4oCZIGNvbW1lbnRzLiAmbmJzcDtJIHRoaW5rIHRoaXMgZG9jdW1lbnQgaXMgcmVhZHkgKGJhc2Vk IG9uIHRoZSBhZGRyZXNzaW5nIG9mIG90aGVyc+KAmSBjb21tZW50cyksIGFuZCBJIHN1cHBvcnQg aXRzIGdvYWxzLiAmbmJzcDtUaGlzIHdpbGwgbWFrZSB0aGUgY29uc3VtcHRpb24gb2YgdGVsZW1l dHJ5IG11Y2ggZWFzaWVyIGZvciBvcGVyYXRvcnMuPC9kaXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGRpdj5Kb2U8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9 ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u MSIgc3R5bGU9InBhZ2U6IFdvcmRTZWN0aW9uMTsgY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsg Zm9udC1mYW1pbHk6IEhlbHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3Jt YWw7IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRl ci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0 ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAw cHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25l OyI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NClJlZ2FyZHMgQmFsYXpzPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8 L286cD48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJib3JkZXItc3R5bGU6IHNv bGlkIG5vbmUgbm9uZTsgYm9yZGVyLXRvcC13aWR0aDogMXB0OyBib3JkZXItdG9wLWNvbG9yOiBy Z2IoMjI1LCAyMjUsIDIyNSk7IHBhZGRpbmc6IDNwdCAwY20gMGNtOyIgY2xhc3M9IiI+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPkZyb206 PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5Fcmlj IFZvaXQgKGV2b2l0KSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmV2b2l0QGNpc2NvLmNvbSIgc3R5bGU9 ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+ZXZv aXRAY2lzY28uY29tPC9hPiZndDs8c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4m bmJzcDs8L3NwYW4+PGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+U2VudDo8L2I+PHNwYW4gY2xh c3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjIwMTkuIHN6ZXB0ZW1iZXIg MjcuLCBww6ludGVrIDIxOjQyPGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+VG86PC9iPjxzcGFu IGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5CYWzDoXpzIExlbmd5 ZWwgJmx0OzxhIGhyZWY9Im1haWx0bzpiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20iIHN0eWxl PSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPmJh bGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTwvYT4mZ3Q7OyBNYWhlc2ggSmV0aGFuYW5kYW5pICZs dDs8YSBocmVmPSJtYWlsdG86bWpldGhhbmFuZGFuaUBnbWFpbC5jb20iIHN0eWxlPSJjb2xvcjog cHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPm1qZXRoYW5hbmRh bmlAZ21haWwuY29tPC9hPiZndDs7DQogQWxleGFuZGVyIENsZW1tICZsdDs8YSBocmVmPSJtYWls dG86bHVkd2lnQGNsZW1tLm9yZyIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlv bjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+bHVkd2lnQGNsZW1tLm9yZzwvYT4mZ3Q7OyBCZW5vaXQg Q2xhaXNlIChiY2xhaXNlKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmJjbGFpc2VAY2lzY28uY29tIiBz dHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0i Ij5iY2xhaXNlQGNpc2NvLmNvbTwvYT4mZ3Q7PGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+Q2M6 PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5OZXRj b25mICZsdDs8YSBocmVmPSJtYWlsdG86bmV0Y29uZkBpZXRmLm9yZyIgc3R5bGU9ImNvbG9yOiBw dXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+bmV0Y29uZkBpZXRm Lm9yZzwvYT4mZ3Q7PGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+U3ViamVjdDo8L2I+PHNwYW4g Y2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPlJFOiBbbmV0Y29uZl0g V0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRjb25mLW5vdGlmaWNhdGlvbi1jYXBhYmlsaXRpZXM8bzpw IGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdp bjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJy aSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rp dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KSGkgQmFsYXpz LDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20g MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy aWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClNvbWUgbW9yZSB0aG91Z2h0cyBp bi1saW5lLiZuYnNwOyZuYnNwOyBJIGN1dCBvdXQgdGhvc2UgSSB0aGluayBjbG9zZWQuPG86cCBj bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFw dDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNs YXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImJv cmRlci1zdHlsZTogbm9uZSBub25lIG5vbmUgc29saWQ7IGJvcmRlci1sZWZ0LXdpZHRoOiAxLjVw dDsgYm9yZGVyLWxlZnQtY29sb3I6IGJsdWU7IHBhZGRpbmc6IDBjbSAwY20gMGNtIDRwdDsiIGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImJvcmRlci1zdHlsZTogc29saWQg bm9uZSBub25lOyBib3JkZXItdG9wLXdpZHRoOiAxcHQ7IGJvcmRlci10b3AtY29sb3I6IHJnYigy MjUsIDIyNSwgMjI1KTsgcGFkZGluZzogM3B0IDBjbSAwY207IiBjbGFzcz0iIj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+RnJvbTo8L2I+ PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPkJhbMOhenMg TGVuZ3llbCAmbHQ7PGEgaHJlZj0ibWFpbHRvOmJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbSIg c3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9 IiI+YmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29tPC9hPiZndDs8c3BhbiBjbGFzcz0iQXBwbGUt Y29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+ U2VudDo8L2I+PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFu PkZyaWRheSwgU2VwdGVtYmVyIDI3LCAyMDE5IDg6NDggQU08YnIgY2xhc3M9IiI+DQo8YiBjbGFz cz0iIj5Ubzo8L2I+PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9z cGFuPkVyaWMgVm9pdCAoZXZvaXQpICZsdDs8YSBocmVmPSJtYWlsdG86ZXZvaXRAY2lzY28uY29t IiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFz cz0iIj5ldm9pdEBjaXNjby5jb208L2E+Jmd0OzsgTWFoZXNoIEpldGhhbmFuZGFuaSAmbHQ7PGEg aHJlZj0ibWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21haWwuY29tIiBzdHlsZT0iY29sb3I6IHB1cnBs ZTsgdGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5tamV0aGFuYW5kYW5pQGdt YWlsLmNvbTwvYT4mZ3Q7Ow0KIEFsZXhhbmRlciBDbGVtbSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmx1 ZHdpZ0BjbGVtbS5vcmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVu ZGVybGluZTsiIGNsYXNzPSIiPmx1ZHdpZ0BjbGVtbS5vcmc8L2E+Jmd0OzsgQmVub2l0IENsYWlz ZSAoYmNsYWlzZSkgJmx0OzxhIGhyZWY9Im1haWx0bzpiY2xhaXNlQGNpc2NvLmNvbSIgc3R5bGU9 ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+YmNs YWlzZUBjaXNjby5jb208L2E+Jmd0OzxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPkNjOjwvYj48 c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+TmV0Y29uZiAm bHQ7PGEgaHJlZj0ibWFpbHRvOm5ldGNvbmZAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVycGxl OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPm5ldGNvbmZAaWV0Zi5vcmc8 L2E+Jmd0OzxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPlN1YmplY3Q6PC9iPjxzcGFuIGNsYXNz PSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5SRTogW25ldGNvbmZdIFdHTEMg Zm9yIGRyYWZ0LWlldGYtbmV0Y29uZi1ub3RpZmljYXRpb24tY2FwYWJpbGl0aWVzPG86cCBjbGFz cz0iIj48L286cD48L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj bSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNh bnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClRoYW5rcyBmb3IgdGhl IGNvbW1lbnRzPHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+ LiBTZWUgYW5zd2VycyBiZWxvdy48c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4m bmJzcDs8L3NwYW4+PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxl PSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6 IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdi KDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPkkgaG9wZSB0aGUgZ3JvdXAgd2lsbCBiZSBvayB3aXRo IHVzaW5nIHRoZSB0ZXJtIHB1Ymxpc2hlciBpbnN0ZWFkIG9mIHNlcnZlci4gSU1ITyBpdCBpcyBj bGVhcmVyIGFzIHRoZSBjbGllbnQgc2VydmVyIHJlbGF0aW9uc2hpcCBjYW4gYmUgcmV2ZXJzZWQg ZS5nLiBmb3IgaHR0cHMgbm90aWZpY2F0aW9uIHRyYW5zcG9ydC48bzpwIGNsYXNzPSIiPjwvbzpw Pjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9u dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi Pg0KPHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+QmFsYXpz PC9zcGFuPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj bSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNh bnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iYm9yZGVyLXN0eWxlOiBzb2xpZCBub25lIG5vbmU7 IGJvcmRlci10b3Atd2lkdGg6IDFwdDsgYm9yZGVyLXRvcC1jb2xvcjogcmdiKDIyNSwgMjI1LCAy MjUpOyBwYWRkaW5nOiAzcHQgMGNtIDBjbTsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8YiBjbGFzcz0iIj5Gcm9tOjwvYj48c3BhbiBjbGFz cz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+RXJpYyBWb2l0IChldm9pdCkg Jmx0OzxhIGhyZWY9Im1haWx0bzpldm9pdEBjaXNjby5jb20iIHN0eWxlPSJjb2xvcjogcHVycGxl OyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPmV2b2l0QGNpc2NvLmNvbTwv YT4mZ3Q7PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxi ciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPlNlbnQ6PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252 ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj4yMDE5LiBzemVwdGVtYmVyIDI0Liwga2VkZCAyMzox NTxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPlRvOjwvYj48c3BhbiBjbGFzcz0iQXBwbGUtY29u dmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+TWFoZXNoIEpldGhhbmFuZGFuaSAmbHQ7PGEgaHJl Zj0ibWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21haWwuY29tIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsg dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5tamV0aGFuYW5kYW5pQGdtYWls LmNvbTwvYT4mZ3Q7OyBCYWzDoXpzIExlbmd5ZWwgJmx0OzxhIGhyZWY9Im1haWx0bzpiYWxhenMu bGVuZ3llbEBlcmljc3Nvbi5jb20iIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRp b246IHVuZGVybGluZTsiIGNsYXNzPSIiPmJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTwvYT4m Z3Q7Ow0KIEFsZXhhbmRlciBDbGVtbSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmx1ZHdpZ0BjbGVtbS5v cmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNs YXNzPSIiPmx1ZHdpZ0BjbGVtbS5vcmc8L2E+Jmd0OzsgQmVub2l0IENsYWlzZSAoYmNsYWlzZSkg Jmx0OzxhIGhyZWY9Im1haWx0bzpiY2xhaXNlQGNpc2NvLmNvbSIgc3R5bGU9ImNvbG9yOiBwdXJw bGU7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+YmNsYWlzZUBjaXNjby5j b208L2E+Jmd0OzxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPkNjOjwvYj48c3BhbiBjbGFzcz0i QXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+TmV0Y29uZiAmbHQ7PGEgaHJlZj0i bWFpbHRvOm5ldGNvbmZAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29y YXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPm5ldGNvbmZAaWV0Zi5vcmc8L2E+Jmd0OzxiciBj bGFzcz0iIj4NCjxiIGNsYXNzPSIiPlN1YmplY3Q6PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252 ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5SRTogW25ldGNvbmZdIFdHTEMgZm9yIGRyYWZ0LWll dGYtbmV0Y29uZi1ub3RpZmljYXRpb24tY2FwYWJpbGl0aWVzPG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJt YXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENh bGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkhlcmUgYXJlIHNvbWUgY29tbWVudHMuLi48 bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpPbi1jaGFuZ2UgTm90aWZpY2F0aW9u IENhcGFiaWxpdHk6IElzIHRoaXMgZGlmZmVyZW50IGZyb20gc3VwcG9ydCBmb3IgUkZDLTg2NDEg ZmVhdHVyZSAmcXVvdDtvbi1jaGFuZ2UmcXVvdDs/Jm5ic3A7IElmIHRoZXkgYXJlIHRoZSBzYW1l LCBpdCBtaWdodCBiZSBwb3NzaWJsZSB0byByZW1vdmUgdGhlIHRlcm0uJm5ic3A7IEVzcGVjaWFs bHkgYXMgdGhpcyB0ZXJtIGlzIHVzZWQgaW5jb25zaXN0ZW50bHkuPG86cCBjbGFzcz0iIj48L286 cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXpl OiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNw YW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+QkFMQVpTOiBJbiBS RkMgODY0MSBvbi1jaGFuZ2UgaXMgbm90IGRlZmluZWQgYXMgYSBjYXBhYmlsaXR5LiBJdCBpcyB1 c2VkIGZvciBtYW55IG1vcmUgdGhpbmdzIChlLmcuIE9uLWNoYW5nZSBzdWJzY3JpcHRpb24sICZu YnNwO3RyaWdnZXIgY29uZGl0aW9uLCB0eXBlIG9mIHB1c2ggdXBkYXRlcywgYSBmZWF0dXJlLikg SW4gdGhpcyBkcmFmdCB0aGUgb24gY2hhbmdlIGNhcGFiaWxpdHkNCiBpcyBqdXN0IHRoZSBzZXJ2 ZXJzIGNhcGFiaWxpdHkgdG8gc2VuZCBvbi1jaGFuZ2Ugbm90aWZpY2F0aW9uIGdsb2JhbGx5LCBm b3IgYSBzcGVjaWZpYyBkYXRhc3RvcmUgb3IgYSBzcGVjaWZpYyBkYXRhIG5vZGUuIERlc2NyaXB0 aW9uIHdpbGwgYmUgcmV3b3JkZWQuPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZsdDtFcmljJmd0OyBJ dCB3aWxsIGJlIGdvb2QgdG8gc2VlIHRoZSByZXdvcmQuJm5ic3A7Jm5ic3A7IEkgc3RpbGwgYW0g bm90IGNsZWFyIGhvdyB0aGlzIGRpZmZlcmVudCBmcm9tIHRoZSBSRkMtODY0MSBmZWF0dXJlICZx dW90O29uLWNoYW5nZSZxdW90OywgYWxvbmcgd2l0aCB0aGlzIGZlYXR1cmUgYmVpbmcgYXNzb2Np YXRlZCB3aXRoIHNwZWNpZmljIG5vZGVzLiZuYnNwOzxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0 ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBz dHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFt aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iY29sb3I6 IHJnYigwLCAxNzYsIDI0MCk7IiBjbGFzcz0iIj5CQUxBWlMyOjxzcGFuIGNsYXNzPSJBcHBsZS1j b252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdCA0LjlwdDsgZm9udC1z aXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0K PHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+T24tY2hhbmdl IE5vdGlmaWNhdGlvbiBDYXBhYmlsaXR5OiBUaGUgY2FwYWJpbGl0eSBvZiB0aGUgc2VydmVyIHRv PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj bSAwY20gMC4wMDAxcHQgNC45cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGli cmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDE3 NiwgMjQwKTsiIGNsYXNzPSIiPiZuYnNwOyZuYnNwOyBzZW5kIG9uLWNoYW5nZSBub3RpZmljYXRp b25zIGZvciBhIHNwZWNpZmljIGRhdGFzdG9yZSBvciBhIHNwZWNpZmljPG86cCBjbGFzcz0iIj48 L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPiZu YnNwOyZuYnNwOyBkYXRhIG5vZGUuPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+ Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7 IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz cz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn aW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGli cmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClNlY3Rpb24gMzxvOnAgY2xhc3M9IiI+PC9vOnA+ PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAg Y2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20g MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy aWY7IiBjbGFzcz0iIj4NClBhcmFncmFwaCAyLCBidWxsZXQgMjogSW5zdGVhZCBvZiAmbmJzcDsm cXVvdDthbW91bnQgb2Ygbm90aWZpY2F0aW9ucyB0aGUgc2VydmVyIGNhbiBzZW5kIG91dCZxdW90 OywgZG8geW91IG1lYW4gJnF1b3Q7dGhlIG1pbmltdW0gcGVyaW9kaWNpdHkgb2YgdXBkYXRlcyB3 aGljaCBhIHNlcnZlciBjYW4gc2VuZCBvdXQgZm9yIGFuIG9iamVjdCZxdW90OzxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i Ij4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPkJBTEFa UzogVGhhdCB0b28sIGJ1dCBhbHNvIHRoZSBtYXgtb2JqZWN0cy1wZXItdXBkYXRlLiBJIHdhcyB0 b2xkIG5vdCB0byByZXBlYXQgaW5mb3JtYXRpb24gaW4gdGhlIG1haW4gdGV4dCBhbmQgaW4gdGhl IFlBTkcgbW9kdWxlLCBzbyBJIHRyaWVkIHRvIGZpbmQgYSB3b3JkaW5nIHRoYXQgY292ZXJzIGJv dGguIEFsc28mbmJzcDsgaXRzIG5vdCBhbHdheXMgdGhlIG1pbmltdW0NCiB0aW1lcy4gU29tZSBz ZXJ2ZXJzIHN1cHBvcnQgJm5ic3A7YSBzcGVjaWZpYyBzZXQgb2YgdGltZXMsIG5vdCBhIGFueXRo aW5nIG92ZXIgYSBtaW5pbXVtLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRp diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQombHQ7RXJpYyZndDsgT2ss IHNvIHRoaXMgYnVsbGV0IGlzIGEgYnVja2V0IG9mIHZhcmlvdXMgdHlwZXMgb2YgaW5mb3JtYXRp b24uJm5ic3A7IFdoaWNoIGlzIGZpbmUgd2l0aCBtZS48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7 IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNz PSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw MXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIg Y2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i bWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpQYXJhZ3JhcGggMiwgYnVsbGV0cyAzICZh bXA7IDQ6IEkgZG9uJ3QgdGhpbmsgdGhlc2Ugc2hvdWxkIGJlIGluZGVudGVkIGFzIGJ1bGxldHMg YXJlIHRoZXkgYXJlIG1vcmUgYWJvdXQgcHJvcGVyIGJlaGF2aW9yIG9mIGEgY29ycmVjdGx5IHBv cHVsYXRlZCBtb2RlbC48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IHJnYigwLCAx NzYsIDI0MCk7IiBjbGFzcz0iIj5CQUxBWlM6IEkgZG9u4oCZdCByZWFsbHkgdW5kZXJzdGFuZCB0 aGlzIGNvbW1lbnQuJm5ic3A7IFBsZWFzZSBleHBsYWluLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9z cGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNp emU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQom bHQ7RXJpYyZndDsgTG9va2luZyBhdCB0aGUgdGV4dCwgYnVsbGV0cyAzIGlzIHdyaXR0ZW4gdG8g c2F5IGhvdyBjYXBhYmlsaXRpZXMgdmFsdWUgY2FuIGJlIHNldCAoaS5lLiwgaG93KSByYXRoZXIg dGhhbiB0aGF0IHRoZXkgY2FuIGJlIHNldCBmb3IgZGlmZmVyZW50IGxldmVscyAoaS5lLiwgd2hh dCkuJm5ic3A7IEdldHRpbmcgY29uc2lzdGVuY3kgc28gdGhhdCB0aGUgYnVsbGV0cyBhcmUgYWxs ICdob3cnIG9yIGFsbCAnd2hhdCcgaXRlbXMgd291bGQgaGVscCByZWFkYWJpbGl0eS4NCiAmbmJz cDs8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNt IDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IHJnYigwLCAxNzYsIDI0MCk7IiBj bGFzcz0iIj5CQUxBWlMyOiBPSywgSSBnZXQgaXQuIFlvdSBhcmUgcmlnaHQsIHRvIGJlIGNvcnJl Y3RlZC48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdp bjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJy aSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rp dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFz cz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KUGFyYWdyYXBoIDMsIGJ1bGxldHMgMjogd2h5IGlzbid0IFNIQUxMIGluc3Rl YWQgTVVTVD8mbmJzcDsmbmJzcDsgQWxzbywgc2hvdWxkbid0IHRoaXMgcG9pbnQgb3V0IHRoYXQg Ym90aCBORVRDT05GIGFuZCBSRVNUQ09ORiBNVVNUIGJlIHN1cHBvcnRlZCBpZiBvbi1jaGFuZ2Ug aXMgYWR2ZXJ0aXNlZCwgYW5kIHRoaXMgZHJhZnQgaXMgc3VwcG9ydGVkPzxvOnAgY2xhc3M9IiI+ PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQt c2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4N CjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPkJBTEFaUzog QXMgSSB1bmRlcnN0YW5kIFJGQyAyMTE5IE1VU1QgYW5kIFNIQUxMIGJvdGggbWVhbiB0aGUgc2Ft ZSwgYnV0IEkgd2lsbCBjaGFuZ2UgdG8gTVVTVC4gTm8gSSBkbyBub3Qgd2FudCB0byBtYW5kYXRl IGltcGxlbWVudGluZyBib3RoIE5ldGNvbmYgQU5EIFJlc3Rjb25mLiBJTU8gYSBzZXJ2ZXIgd2l0 aCBqdXN0IE5ldGNvbmYgd291bGQgd29yayBqdXN0DQogZmluZTsgb3IgbWF5YmUgSSBtaXN1bmRl cnN0YW5kIHlvdXIgY29tbWVudD88bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KJmx0O0VyaWMmZ3Q7IFRo ZSBzZWNvbmQgcGFydCBvZiBteSBjb21tZW50IHdhcyBhYm91dCBlbnN1cmluZyB0aGF0IElGIHRo aXMgbW9kZWwgd2FzIGF2YWlsYWJsZSwgYW5kIHRoZSBwdWJsaXNoZXIgc3VwcG9ydHMgYm90aCBS RkMtODY0MCAmYW1wOyBkcmFmdC1pZXRmLW5ldGNvbmYtcmVzdGNvbmYtbm90aWYsIHRoZW4gdGhp cyBzcGVjaWZpY2F0aW9uIE1VU1QgYmUgYWJsZSB0byBwdXNoIGNoYW5nZXMgb3ZlciBib3RoIE5F VENPTkYgYW5kIFJFU1RDT05GLiZuYnNwOyZuYnNwOyZuYnNwOyBUaGlua2luZw0KIG1vcmUsIHRo aXMgaXMgYWN0dWFsbHkgYSBnZW5lcmljIHF1ZXN0aW9uIHdoaWNoIGlzIGxpa2VseSBhbHJlYWR5 IGFuc3dlcmVkOiBob3cgZG8geW91IGtub3cgd2hpY2ggbW9kZWxzIGFyZSBzdXBwb3J0ZWQgZm9y IHdoaWNoIHRyYW5zcG9ydHMuJm5ic3A7Jm5ic3A7IEFzIGFkdmVydGlzZW1lbnQgaXMgYnkgdHJh bnNwb3J0LCBJIHdpdGhkcmF3IHRoaXMgcXVlc3Rpb24uJm5ic3A7PHNwYW4gY2xhc3M9IkFwcGxl LWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+ DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsg Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxl PSJjb2xvcjogcmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPkJBTEFaUzI6IFNvbWUgaW1wbGVt ZW50YXRpb25zIGhhdmUgYSB5YW5nIGV4dGVuc2lvbiBzdGF0ZW1lbnQgdG8gc3BlY2lmeSB3aGV0 aGVyICZuYnNwO2EgbW9kZWwgaXMgdmlzaWJsZSBvbiBzcGVjaWZpYyBpbnRlcmZhY2VzPG86cCBj bGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20g MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy aWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClNlY3Rpb24gNDxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i Ij4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkkgc3VzcGVjdCB0aGF0IHlvdSB3aWxsIG5lZWQgdG8g ZG8gYSBzZWN1cml0eSBhbmFseXNpcyBwZXIgWUFORyBvYmplY3QuJm5ic3A7Jm5ic3A7IFRoaXMg aGFzIGJlZW4gZG9uZSB0aGUgb3RoZXIgWUFORyBwdXNoIGZhbWlseS48bzpwIGNsYXNzPSIiPjwv bzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNp emU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8 c3BhbiBzdHlsZT0iY29sb3I6IHJnYigwLCAxNzYsIDI0MCk7IiBjbGFzcz0iIj5CQUxBWlM6IFRo ZSBmdWxsIG1vZHVsZSBpcyByZWFkT25seSBhbmQgbm90IHNlbnNpdGl2ZSBvciBwcml2YXRlIGlu IGFueSBtYW5uZXIuJm5ic3A7IFRoZSBzZWN1cml0eSB0ZXh0IGZvciB0aGUgcmVhZE9ubHkgcGFy dHMgb2YgWWFuZ1B1c2ggaXMgdGhlIGV4YWN0IHNhbWUgdGV4dDogbm90IHZlcnkgaW5mb3JtYXRp dmUsIGJ1dCBnaXZlcyB5b3UgdGhlIGlsbHVzaW9uIG9mDQogc2VjdXJpdHkgYXdhcmVuZXNzLjxv OnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20g MGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z LXNlcmlmOyIgY2xhc3M9IiI+DQombHQ7RXJpYyZndDsgWW91IGNhbiBpZ25vcmUgbXkgY29tbWVu dC4mbmJzcDsgSW4gZG9pbmcgUkZDLTg2MzksIEkgbmVlZGVkIHRvIHB1dCBpbiByZWFkL3dyaXRl IGFuYWx5c2lzIGZvciBlYWNoIG9iamVjdC4mbmJzcDsgQW5kIHRoaXMgZGlkIHNvbWV0aW1lIGlu Y2x1ZGUgdGhlIHJpc2tzIG9mIGludGVybmFsbHkgc2V0dGluZyB2YWx1ZXMgd2hpY2ggd2VyZSBy ZWFkLW9ubHkgZnJvbSB0aGUgbW9kZWwuJm5ic3A7IFBlcmhhcHMgdGhpcyB3aWxsIG5vdCBiZSBy ZXF1aXJlZCBkdXJpbmcNCiBsYXRlciBkcmFmdCByZXZpZXdzIGluIHRoZSBwdWJsaWNhdGlvbiBw cm9jZXNzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj bSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNh bnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkkgc3VzcGVjdCB0aGF0 IG1hbmlwdWxhdGluZyB0aGUgcmVwb3J0aW5nIGludGVydmFscyBjb3VsZCBoYXZlIHNvbWUgc2Vj dXJpdHkgaW1wbGljYXRpb25zLiZuYnNwOyZuYnNwOyBFLmcuLCBhIGhhY2tlciBjb3VsZCBwdXNo IHVwIHRoZSBkYW1waW5nIHBlcmlvZCBvciBwZXJpb2RpYyBpbnRlcnZhbCB0byBhIGxldmVsIHdo ZXJlIHRoZSBpbmZvcm1hdGlvbiB0aGV5IGFyZSBjaGFuZ2luZyB0aGVuIGJlY29tZXMgaW52aXNp YmxlIHRvIGEgbW9uaXRvcmluZyBzeXN0ZW0uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImNv bG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+QkFMQVpTOiBUaGUgZnVsbCBZQU0gaXMg cmVhZC1vbmx5IHNvIG1hbmlwdWxhdGluZyB0aGUgZGF0YSBpcyBub3QgYSBjb25jZXJuLjwvc3Bh bj48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNt IDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyIgY2xhc3M9IiI+DQombHQ7RXJpYyZndDsgUGVyIG15IHByZXZpb3VzIHBvaW50LCBpZiB0 aGUgSUVURiBwcm9jZXNzIHNheXMgeW91IGRvbid0IG5lZWQgdG8gaGlnaGxpZ2h0IHN1Y2ggcG9z c2liaWxpdGllcywgdGhlbiBJIGFtIGdvb2QuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImNv bG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+QkFMQVpTMjo8bzpwIGNsYXNzPSIiPjwv bzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsg Zm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNz PSIiPg0KPHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMCwgMTc2LCAyNDApOyIgY2xhc3M9IiI+SW4g cmZjODYzOSB0aGUgdGV4dCBzYXlzIGZvciByZWFkT25seSBkYXRhIG5vZGVzIHNvbWV0aGluZyBs aWtlOjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48bzpw IGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsgZm9udC1mYW1p bHk6ICZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7LCBzZXJpZjsgY29sb3I6IHJnYigwLCAxNzYsIDI0 MCk7IiBjbGFzcz0iIj5JZiBhY2Nlc3MgY29udHJvbCBpcyBub3QgcHJvcGVybHkgY29uZmlndXJl ZCwgY2FuIGV4cG9zZTxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXpl OiAxMHB0OyBmb250LWZhbWlseTogJnF1b3Q7Q291cmllciBOZXcmcXVvdDssIHNlcmlmOyBjb2xv cjogcmdiKDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyBzeXN0ZW0gaW50ZXJuYWxzIHRvIHRob3NlIHdobyBzaG91bGQgbm90IGhhdmUgYWNjZXNz IHRvIHRoaXM8bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2Fs aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTBw dDsgZm9udC1mYW1pbHk6ICZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7LCBzZXJpZjsgY29sb3I6IHJn YigwLCAxNzYsIDI0MCk7IiBjbGFzcz0iIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg aW5mb3JtYXRpb24uPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxl PSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6 IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdi KDAsIDE3NiwgMjQwKTsiIGNsYXNzPSIiPlRoYXQgaXMgdHJ1ZSBmb3IgYW55IGJpdCBvZiBkYXRh LCBzbyBJIGRvIG5vdCB1bmRlcnN0YW5kIHdoYXQgaW5mb3JtYXRpb24gZG9lcyBpdCBhZGQuIEl0 IGRvZXMgbm90IGh1cnQsIHNvIEkgd2lsbCBhZGQgdGhlIHNhbWUgc2VudGVuY2UgdG8gbXkgZHJh ZnQuPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAsIDE3Niwg MjQwKTsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvZGl2Pg0K PGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0i Y29sb3I6IHJnYigwLCAxNzYsIDI0MCk7IiBjbGFzcz0iIj5JZiB5b3UgaGF2ZSBzb21ldGhpbmcg ZWxzZSBpbiBtaW5kIHBsZWFzZSBkZXNjcmliZSB0aGUgYXR0YWNrIG1ldGhvZCB0aGF0IEkgc2hv dWxkIG1lbnRpb24uPG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxl PSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6 IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiZsdDsvRXJpYyZndDs8bzpwIGNsYXNz PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBm b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9 IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpUaGFua3MsPHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZl cnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkVyaWM8c3BhbiBjbGFzcz0i QXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PG86cCBjbGFzcz0iIj48L286cD48 L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBj bGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAw LjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5 bGU9ImJvcmRlci1zdHlsZTogbm9uZSBub25lIG5vbmUgc29saWQ7IGJvcmRlci1sZWZ0LXdpZHRo OiAxLjVwdDsgYm9yZGVyLWxlZnQtY29sb3I6IGJsdWU7IHBhZGRpbmc6IDBjbSAwY20gMGNtIDRw dDsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImJvcmRlci1zdHlsZTog c29saWQgbm9uZSBub25lOyBib3JkZXItdG9wLXdpZHRoOiAxcHQ7IGJvcmRlci10b3AtY29sb3I6 IHJnYigyMjUsIDIyNSwgMjI1KTsgcGFkZGluZzogM3B0IDBjbSAwY207IiBjbGFzcz0iIj4NCjxk aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250 LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+RnJv bTo8L2I+PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPm5l dGNvbmYgJmx0OzxhIGhyZWY9Im1haWx0bzpuZXRjb25mLWJvdW5jZXNAaWV0Zi5vcmciIHN0eWxl PSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsiIGNsYXNzPSIiPm5l dGNvbmYtYm91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRl ZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjxiIGNsYXNzPSIiPk9uDQogQmVoYWxmIE9mPHNwYW4gY2xh c3M9IkFwcGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjwvYj5NYWhlc2ggSmV0aGFu YW5kYW5pPGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+U2VudDo8L2I+PHNwYW4gY2xhc3M9IkFw cGxlLWNvbnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPlR1ZXNkYXksIFNlcHRlbWJlciAyNCwg MjAxOSAxOjUwIFBNPGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+VG86PC9iPjxzcGFuIGNsYXNz PSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5OZXRjb25mICZsdDs8YSBocmVm PSJtYWlsdG86bmV0Y29uZkBpZXRmLm9yZyIgc3R5bGU9ImNvbG9yOiBwdXJwbGU7IHRleHQtZGVj b3JhdGlvbjogdW5kZXJsaW5lOyIgY2xhc3M9IiI+bmV0Y29uZkBpZXRmLm9yZzwvYT4mZ3Q7PGJy IGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+U3ViamVjdDo8L2I+PHNwYW4gY2xhc3M9IkFwcGxlLWNv bnZlcnRlZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPlJlOiBbbmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQt aWV0Zi1uZXRjb25mLW5vdGlmaWNhdGlvbi1jYXBhYmlsaXRpZXM8bzpwIGNsYXNzPSIiPjwvbzpw PjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAw MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCldlIHdlcmUg c3VwcG9zZWQgdG8gaGF2ZSBjbG9zZWQgb24gdGhlIFdHTEMgdG9kYXkuIEhvd2V2ZXIsIGJldHdl ZW4gdGhlIGRvY3VtZW50IGJlY29taW5nIGEgV0cgaXRlbSBhbmQgaXQgZ29pbmcgaW50byBMQywg d2UgaGF2ZSBub3QgcmVjZWl2ZWQgdG9vIG1hbnkgY29tbWVudHMgb24gdGhlIGRyYWZ0LiBBcyBz dWNoLCB3ZSBhcmUgZXh0ZW5kaW5nIHRoZSBMQyBieSBhbm90aGVyIHdlZWsuIFBsZWFzZSByZXZp ZXcgdGhlIGRyYWZ0IGFuZCBwcm92aWRlDQogYW55IGNvbW1lbnRzIHlvdSBtaWdodCBoYXZlLjxv OnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwv ZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNt IDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl cmlmOyIgY2xhc3M9IiI+DQpNYWhlc2ggJmFtcDsgS2VudCAoYXMgY28tY2hhaXJzKTxvOnAgY2xh c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw Y20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW46IDBjbSAw Y20gMTJwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp ZjsiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0i bWFyZ2luLXRvcDogNXB0OyBtYXJnaW4tYm90dG9tOiA1cHQ7IiBjbGFzcz0iIj4NCjxkaXYgY2xh c3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCk9uIFNl cCAxMCwgMjAxOSwgYXQgMzozOSBQTSwgTWFoZXNoIEpldGhhbmFuZGFuaSAmbHQ7PGEgaHJlZj0i bWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21haWwuY29tIiBzdHlsZT0iY29sb3I6IHB1cnBsZTsgdGV4 dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj5tamV0aGFuYW5kYW5pQGdtYWlsLmNv bTwvYT4mZ3Q7IHdyb3RlOjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8L2Rpdj4NCjxkaXYg c3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJz cDs8L286cD48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpBdXRob3JzIGhhdmUgcHVibGlzaGVk Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtbmV0 Y29uZi1ub3RpZmljYXRpb24tY2FwYWJpbGl0aWVzLTA0IiBzdHlsZT0iY29sb3I6IHB1cnBsZTsg dGV4dC1kZWNvcmF0aW9uOiB1bmRlcmxpbmU7IiBjbGFzcz0iIj4tMDQ8L2E+Jm5ic3A7dmVyc2lv biBvZiB0aGUgZHJhZnQsIHdoaWNoIGFkZHJlc3NlcyBjb21tZW50cyB0aGV5IHJlY2VpdmVkIGlu IElFVEYgMTA1LiBJZiB5b3UNCiBwcm92aWRlZCBjb21tZW50cyBwbGVhc2UgY2hlY2sgdG8gbWFr ZSBzdXJlIHlvdXIgY29tbWVudHMgaGF2ZSBiZWVuIGFkZHJlc3NlZC4gQXQgdGhpcyBwb2ludCwg dGhlIGF1dGhvcnMgYmVsaWV2ZSB0aGF0IHRoZSBkb2N1bWVudCBpcyByZWFkeSBmb3IgV0dMQy48 bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1h cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2Fs aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48 L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z ZXJpZjsiIGNsYXNzPSIiPg0KVGhpcyB0aGVyZWZvcmUgc3RhcnRzIGEgdHdvIHdlZWsgTEMsIGVu ZGluZyBvbiBTZXB0ZW1iZXIgMjR0aC4gUGxlYXNlIHByb3ZpZGUgYW55IHRlY2huaWNhbCBjb21t ZW50cyB5b3UgbWlnaHQgaGF2ZSBvbiB0aGUgZG9jdW1lbnQuIElmIHlvdSBiZWxpZXZlIHRoZSBk b2N1bWVudCBpcyBub3QgcmVhZHkgZm9yIExDLCBwbGVhc2Ugc3RhdGUgeW91ciByZWFzb25zLjxv OnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7 PC9vOnA+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46 IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmks IHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCldlIHdpbGwgaXNzdWUgYSBJUFIgcG9sbCBzZXBhcmF0 ZWx5LiZuYnNwOzxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRp diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZu YnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0 eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCk1haGVzaCAmYW1wOyBLZW50IChh cyBjby1jaGFpcnMpPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAx MXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBj bGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw Y20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0K PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAg Y2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPHNwYW4gaWQ9ImNpZDo2RkNF QjNGQS04QjgzLTRERTgtODNBNi0zMDhERkJDNTUzQkYiPiZsdDtkcmFmdC1pZXRmLW5ldGNvbmYt bm90aWZpY2F0aW9uLWNhcGFiaWxpdGllcy0wNWIudHh0Jmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0i Y2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IEhlbHZldGljYTsgZm9udC1z aXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7 IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246 IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3Bh Y2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6 IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBmbG9hdDogbm9uZTsgZGlzcGxheTogaW5saW5l ICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXzwvc3Bhbj48YnIgc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7 IGZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9y bWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0 ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsg dGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzog MHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9u ZTsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZv bnQtZmFtaWx5OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFs OyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXIt c3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4 dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4 OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsg ZmxvYXQ6IG5vbmU7IGRpc3BsYXk6IGlubGluZSAhaW1wb3J0YW50OyIgY2xhc3M9IiI+bmV0Y29u Zg0KIG1haWxpbmcgbGlzdDwvc3Bhbj48YnIgc3R5bGU9ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwg MCk7IGZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTog bm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBs ZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBw eDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2lu ZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjog bm9uZTsiIGNsYXNzPSIiPg0KPGEgaHJlZj0ibWFpbHRvOm5ldGNvbmZAaWV0Zi5vcmciIHN0eWxl PSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsgZm9udC1mYW1pbHk6 IEhlbHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFy aWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBu b3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4 OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRv OyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiBhdXRvOyAtd2Vi a2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IiBjbGFzcz0iIj5uZXRjb25mQGlldGYub3JnPC9h PjxiciBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IEhlbHZl dGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1j YXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7 IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9u ZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1z dHJva2Utd2lkdGg6IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyIgY2xhc3M9IiI+DQo8YSBo cmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL25ldGNvbmYiIHN0eWxl PSJjb2xvcjogcHVycGxlOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsgZm9udC1mYW1pbHk6 IEhlbHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFy aWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBu b3JtYWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4 OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRv OyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiBhdXRvOyAtd2Vi a2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IiBjbGFzcz0iIj5odHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL25ldGNvbmY8L2E+PC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rp dj4NCjxiciBjbGFzcz0iIj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_B7C05E213B4B481D949F45FD6B2D1103ciscocom_-- From nobody Wed Oct 2 12:17:49 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA03E1200F9 for ; Wed, 2 Oct 2019 12:17:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1kdHVF0E2ED4 for ; Wed, 2 Oct 2019 12:17:44 -0700 (PDT) Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC950120052 for ; Wed, 2 Oct 2019 12:17:44 -0700 (PDT) Received: by mail-pf1-x434.google.com with SMTP id b128so11071237pfa.1 for ; Wed, 02 Oct 2019 12:17:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:date:subject:message-id :references:in-reply-to:to; bh=cD2VsM4uvQrJ6w5euTAyjw36ssB+IfODACf6BQzqC48=; b=TdeO+c82f5Imv9wnyhQExSZEhaCM+MjNRczFxWI84njb6JLVSF33d1ymsJ6IO+pmba XDeGGHtnoJm3CtmwQxQyhC4boZLfPyEv2XUSZfyvqmWTd1CmPPBJpGz4wGXz+1mQN7ZR az/TGmhvdKjqmBvh2r2sa93n/ufxhB5TtDHhtmHlfI0gHKTcQtsVGAZTlJmKAO4hD40l efQVwqQ8zil9xTOf4GcH2MxnhWWErDm+IqOMSSnP2npyiilo+L8MtAanWDC7l7vcLMTF +oW8H9imYabJUyoNXufy64C0UgGLcK+3C3a6YoGLg8Lu7tja6FlPkMl8Apmy71oPDLjl 7mMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version:date :subject:message-id:references:in-reply-to:to; bh=cD2VsM4uvQrJ6w5euTAyjw36ssB+IfODACf6BQzqC48=; b=KNRfaQUl3xqB5LW//vtGA747lRAetzditOYcsVCYHJ3zu8qSdsw1Q0SuVa9nVU74XU voCflNGg4gMY01yPChpA7Lz7NI2t4exOxWOaROPNV106OMQ5VwfxzTk5D6Ig94iaNssy jAPEPKkDxX4Ef8Wc49RfeRPR+U6tzjIEsUvvD8yJ3zkD2NC64BGVpneoypZm37y70b3Q TGS1yYC4rlm10aM1/8QArapOy9vqIbCFbRTiesOa0CvDTlx1HAME7BrGvs99EQRKUX8O DtZ3yiW5j6BTZUow6y7nielLfvByhOq0OY44fgkKbzF9Vl/yThAlR274SzoGGUrAFpKf +WJQ== X-Gm-Message-State: APjAAAVXisqnvXOXntMY+xJAeNkjctEdrrksNwiEdBUoNep+W40LOJmx qO0qojF33lTm5HzGGvBQX63Gpzp4 X-Google-Smtp-Source: APXvYqwDF3uofLNiJCj88qW2t+E2rPXKfMmuhflhLDJHK7Ain3VKd6g3jjSHst6qgMYB97c4H62E8w== X-Received: by 2002:a63:ed08:: with SMTP id d8mr5547466pgi.239.1570043863898; Wed, 02 Oct 2019 12:17:43 -0700 (PDT) Received: from ?IPv6:2607:fb90:276f:4537:3474:afdc:eea6:c699? ([2607:fb90:276f:4537:3474:afdc:eea6:c699]) by smtp.gmail.com with ESMTPSA id v9sm222034pfe.1.2019.10.02.12.17.42 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Oct 2019 12:17:43 -0700 (PDT) From: Mahesh Jethanandani Content-Type: multipart/alternative; boundary=Apple-Mail-E30073E0-7D86-422E-930A-2FA8629279EE Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) Date: Wed, 2 Oct 2019 12:17:41 -0700 Message-Id: <6234A83E-D730-4978-BD0D-7E8085F949B5@gmail.com> References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> To: Netconf X-Mailer: iPhone Mail (16F203) Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 19:17:47 -0000 --Apple-Mail-E30073E0-7D86-422E-930A-2FA8629279EE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable This concludes the LC on the draft. Authors, please address all the comments= provided as part of LC, and post the updated draft.=20 Thanks.=20 Mahesh & Kent.=20 > On Sep 24, 2019, at 10:50 AM, Mahesh Jethanandani wrote: >=20 > We were supposed to have closed on the WGLC today. However, between the do= cument becoming a WG item and it going into LC, we have not received too man= y comments on the draft. As such, we are extending the LC by another week. P= lease review the draft and provide any comments you might have. >=20 > Mahesh & Kent (as co-chairs) >=20 >=20 >> On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani wrote: >>=20 >> Authors have published -04 version of the draft, which addresses comments= they received in IETF 105. If you provided comments please check to make su= re your comments have been addressed. At this point, the authors believe tha= t the document is ready for WGLC. >>=20 >> This therefore starts a two week LC, ending on September 24th. Please pro= vide any technical comments you might have on the document. If you believe t= he document is not ready for LC, please state your reasons. >>=20 >> We will issue a IPR poll separately.=20 >>=20 >> Mahesh & Kent (as co-chairs) >>=20 >>=20 >>=20 >=20 --Apple-Mail-E30073E0-7D86-422E-930A-2FA8629279EE Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable This concludes the LC on the draft. Authors= , please address all the comments provided as part of LC, and post the updat= ed draft. 

Thanks. 

Mah= esh & Kent. 

On Sep 24, 2019, at 10:50 AM= , Mahesh Jethanandani <mjethan= andani@gmail.com> wrote:

We were supposed= to have closed on the WGLC today. However, between the document becoming a W= G item and it going into LC, we have not received too many comments on the d= raft. As such, we are extending the LC by another week. Please review the dr= aft and provide any comments you might have.

Mahesh &= Kent (as co-chairs)


On Sep 10, 2019, at 3:3= 9 PM, Mahesh Jethanandani <mje= thanandani@gmail.com> wrote:

Authors have published&nb= sp;-04 version of the draft, which addresses= comments they received in IETF 105. If you provided comments please check t= o make sure your comments have been addressed. At this point, the authors be= lieve that the document is ready for WGLC.

This therefore starts a two week LC, ending on September 2= 4th. Please provide any technical comments you might have on the document. I= f you believe the document is not ready for LC, please state your reasons.

We will issue a IPR= poll separately. 

Mahesh & Kent (as co-chairs)




= --Apple-Mail-E30073E0-7D86-422E-930A-2FA8629279EE-- From nobody Wed Oct 2 12:24:29 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6478312084C for ; Wed, 2 Oct 2019 12:24:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8Qpz3Byozya for ; Wed, 2 Oct 2019 12:24:26 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F438120052 for ; Wed, 2 Oct 2019 12:24:26 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x92JHeYj007562; Wed, 2 Oct 2019 20:24:13 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=Pv67xMhGAnBQbKKAcAvct7yyGIijJmthKiS1kG7s/9k=; b=iFDoBM8rXBEOxXaA7w+kdALH9iphqa12VvfTgzM8GcJQfnf7IGTqf0bMGsfom/OWFR5/ 1kMeVC4bGcyqqdV3w5SmlkpmRWQyT7l3GMEIt0zOfAX/lXFv7q3LTyE1bqNSphVD9CQU IcYgvLWuWiAsAVXhYkDlNBtH7ZzIBdXo70bYGyh9a1vz7GmFQB7np8lA1J2akLoksPgp caxf6W74FoZxEDvBoYLZrsjCCgchZsN+brVBzSDFb30rvE66h1nQ+G5qZUlE2O1U3k0w xdEQcBQk0bgXP+qwibAkb+DFi2ivMpFZcCe4thHl1I7Q3VS4yXovBxfbDgOYF7aqKj2H XQ== Received: from prod-mail-ppoint8 (prod-mail-ppoint8.akamai.com [96.6.114.122] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2vcefsvd81-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 02 Oct 2019 20:24:13 +0100 Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x92JHU5B010266; Wed, 2 Oct 2019 15:24:12 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint8.akamai.com with ESMTP id 2va2uxc0u9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 02 Oct 2019 15:24:12 -0400 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 15:24:07 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 2 Oct 2019 15:24:06 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Wed, 2 Oct 2019 15:24:06 -0400 From: "Salz, Rich" To: Kent Watsen , Juergen Schoenwaelder CC: "netconf@ietf.org" , "wang.haiguang.shieldlab@huawei.com" , "rifaat.ietf@gmail.com" Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAU9agCAASLxgP//+5oAgABHL4D//+j+AIAARomA//+/BAAAKuwGgP//8LyAgABEJYCAABougIAAFdoAgAAQsoCAAAnmgIABJdcAgAzTTICAAAlgAIAADIWAgAAfcwCABSoHAIACid8A Date: Wed, 2 Oct 2019 19:24:06 +0000 Message-ID: <398D975D-8591-4785-B959-F1EECEF18EC8@akamai.com> References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> In-Reply-To: <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.38] Content-Type: multipart/alternative; boundary="_000_398D975D85914785B959F1EECEF18EC8akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-02_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910020152 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-02_08:2019-10-01,2019-10-02 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1015 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910020152 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 19:24:28 -0000 --_000_398D975D85914785B959F1EECEF18EC8akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WWVzIHRoZXJlIGlzIGNodXJuLiAgV2UgcHJlZmVyIHRvIGNhbGwgaXQg4oCcY2hhbmdl4oCdIG9y IOKAnGV2b2x1dGlvbuKAnSA6KSAgV2UgaG9wZSB0aGF0IG91ciBwcm90b2NvbHMgYW5kIGRhdGEg c3RydWN0dXJlcyBoYXZlIGVub3VnaCBmbGV4aWJpbGl0eSwga25vd24gYXMgY3J5cHRvIGFnaWxp dHksIHNvIHRoYXQgd2UgZG9u4oCZdCBoYXZlIHRvIGRvIGh1Z2UgcmV2aXNpb25zIChhcyB3YXMg dGhlIGNhc2Ugd2hlbiB0aGUgTUQ1IGRpZ2VzdCB3YXMgYnJva2VuLCBmb3IgZXhhbXBsZSkuDQoN ClByZWRpY3RpbmcgdGhlIGZ1dHVyZSBpcyBoYXJkLCBlc3BlY2lhbGx5IGZvciBjcnlwdG8sIGFu ZCB0aGlzIFdHIHNob3VsZG7igJl0IHRyeS4gIFRoYXQgbWVhbnMgdGhhdCBpZiB0aGUgV0cgd2Fu dHMgdG8ga2VlcCBjdXJyZW50IHdpdGggYmVzdCBjcnlwdG8gcHJhY3RpY2VzLCBpdCBwcm9iYWJs eSBzaG91bGQgaGF2ZSBzbWFsbGVyIGVhc3ktdG8tcmV2aXNlIGRvY3VtZW50cyByYXRoZXIgdGhh biBhIHNpbmdsZSBlbmN5Y2xvcGVkaWEuIChBcG9sb2dpZXMgZm9yIHJlcGVhdGluZyBteXNlbGYu KSBJIGRvbuKAmXQga25vdyB0aGUgYmVzdCB3YXkgZm9yIHRoaXMgV0cgdG8gZG8gdGhhdCBhcyBJ IGFtIGEgbmV0Y29uZiBuZXdiaWUuDQoNCkFzIGZvciB0aGUgVExTIGNpcGhlcnN1aXRlIGV2b2x1 dGlvbiBUb20gbWVudGlvbmVkLCBJIGNhbiBjb21tZW50LiAgSSBhbSBvbmUgb2YgdGhlIFRMUyBy ZWdpc3RyeSDigJxleHBlcnQgcmV2aWV3ZXJzLuKAnSAgWWVzLCBUTFMgMS4yIGhhcyBkb3plbnMg b2YgYWxnb3JpdGhtcyBzdXBwb3J0ZWQ7IFRMUyAxLjMgaGFzIGVpZ2h0LiAgV2hpbGUgb3RoZXJz IG1heSBiZSBhZGRlZCwgdGhleSB3aWxsIGJlIOKAnG5vdCBjb21tZW5kZWTigJ0gKGEgbmV3IGNv bHVtbiBhZGRlZCkuIE15IHF1ZXN0aW9uIGlzLCBkbyB0aGUgY2lwaGVyc3VpdGVzIG1hdHRlciBp biBUTFMgY29uZmlndXJhdGlvbj8gIEZvciBtb3N0IGNvbmZpZ3VyYXRpb25zIHRoYXQgSSBzZWUg KGluY2x1ZGluZyBBa2FtYWkgY3VzdG9tZXJzIGluIG15IGRheSBqb2IpLCBpdOKAmXMgYSByYW5k b20gdGV4dCBzdHJpbmcuIFdoeSBkb2VzIFRMUyBjb25maWd1cmF0aW9uIG5lZWQgbW9yZSB0aGFu IGEgY2VydCBvciB0d28gKFJTQSBhbmQgRUNEU0EpLCB0aGUgY29ycmVzcG9uZGluZyBwcml2YXRl IGtleXMsIGFuZCBhIHRleHQgbGlzdCBvZiBjaXBoZXJzdWl0ZXM/DQoNClNpbWlsYXJseSwgaW4g bXkgZXhwZXJpZW5jZXMgd2l0aCBTU0gsIGl04oCZcyBhYm91dCBwdWJsaWMga2V5cyAoZm9yIGhv c3RzIHlvdSB0YWxrIHRvKSBhbmQgcHJpdmF0ZSBrZXlzLg0KDQpJIGRvbuKAmXQgdGhpbmsgdGhp cyBXRyBuZWVkcyB0byB0aGluayBhYm91dCBzeW1tZXRyaWMvYnVsayBlbmNyeXB0aW9uIGtleXMg YXQgdGhpcyBwb2ludC4gT2YgY291cnNlLCBJIGNvdWxkIGJlIHdyb25nIGFuZCB3b3VsZCBsb3Zl IHRvIHVuZGVyc3RhbmQgd2h5LCBpZiBzby4NCg0K --_000_398D975D85914785B959F1EECEF18EC8akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <94A82950408F5247A4DC3BAD61DAC567@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4g MS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUi IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPlllcyB0aGVyZSBpcyBjaHVybi4mbmJzcDsgV2UgcHJlZmVyIHRvIGNhbGwgaXQg 4oCcY2hhbmdl4oCdIG9yIOKAnGV2b2x1dGlvbuKAnSA6KSZuYnNwOyBXZSBob3BlIHRoYXQgb3Vy IHByb3RvY29scyBhbmQgZGF0YSBzdHJ1Y3R1cmVzIGhhdmUgZW5vdWdoIGZsZXhpYmlsaXR5LCBr bm93biBhcyBjcnlwdG8gYWdpbGl0eSwgc28gdGhhdCB3ZSBkb27igJl0IGhhdmUgdG8gZG8gaHVn ZSByZXZpc2lvbnMgKGFzIHdhcyB0aGUgY2FzZSB3aGVuIHRoZQ0KIE1ENSBkaWdlc3Qgd2FzIGJy b2tlbiwgZm9yIGV4YW1wbGUpLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5QcmVkaWN0aW5nIHRo ZSBmdXR1cmUgaXMgaGFyZCwgZXNwZWNpYWxseSBmb3IgY3J5cHRvLCBhbmQgdGhpcyBXRyBzaG91 bGRu4oCZdCB0cnkuJm5ic3A7IFRoYXQgbWVhbnMgdGhhdCBpZiB0aGUgV0cgd2FudHMgdG8ga2Vl cCBjdXJyZW50IHdpdGggYmVzdCBjcnlwdG8gcHJhY3RpY2VzLCBpdCBwcm9iYWJseSBzaG91bGQg aGF2ZSBzbWFsbGVyIGVhc3ktdG8tcmV2aXNlIGRvY3VtZW50cyByYXRoZXIgdGhhbiBhIHNpbmds ZQ0KIGVuY3ljbG9wZWRpYS4gKEFwb2xvZ2llcyBmb3IgcmVwZWF0aW5nIG15c2VsZi4pIEkgZG9u 4oCZdCBrbm93IHRoZSBiZXN0IHdheSBmb3IgdGhpcyBXRyB0byBkbyB0aGF0IGFzIEkgYW0gYSBu ZXRjb25mIG5ld2JpZS4NCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BcyBmb3IgdGhlIFRMUyBj aXBoZXJzdWl0ZSBldm9sdXRpb24gVG9tIG1lbnRpb25lZCwgSSBjYW4gY29tbWVudC4mbmJzcDsg SSBhbSBvbmUgb2YgdGhlIFRMUyByZWdpc3RyeSDigJxleHBlcnQgcmV2aWV3ZXJzLuKAnSZuYnNw OyBZZXMsIFRMUyAxLjIgaGFzIGRvemVucyBvZiBhbGdvcml0aG1zIHN1cHBvcnRlZDsgVExTIDEu MyBoYXMgZWlnaHQuJm5ic3A7IFdoaWxlIG90aGVycyBtYXkgYmUgYWRkZWQsIHRoZXkgd2lsbCBi ZSDigJxub3QgY29tbWVuZGVk4oCdDQogKGEgbmV3IGNvbHVtbiBhZGRlZCkuIE15IHF1ZXN0aW9u IGlzLCBkbyB0aGUgY2lwaGVyc3VpdGVzIG1hdHRlciBpbiBUTFMgY29uZmlndXJhdGlvbj8mbmJz cDsgRm9yIG1vc3QgY29uZmlndXJhdGlvbnMgdGhhdCBJIHNlZSAoaW5jbHVkaW5nIEFrYW1haSBj dXN0b21lcnMgaW4gbXkgZGF5IGpvYiksIGl04oCZcyBhIHJhbmRvbSB0ZXh0IHN0cmluZy4gV2h5 IGRvZXMgVExTIGNvbmZpZ3VyYXRpb24gbmVlZCBtb3JlIHRoYW4gYSBjZXJ0IG9yIHR3byAoUlNB IGFuZA0KIEVDRFNBKSwgdGhlIGNvcnJlc3BvbmRpbmcgcHJpdmF0ZSBrZXlzLCBhbmQgYSB0ZXh0 IGxpc3Qgb2YgY2lwaGVyc3VpdGVzPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TaW1pbGFybHks IGluIG15IGV4cGVyaWVuY2VzIHdpdGggU1NILCBpdOKAmXMgYWJvdXQgcHVibGljIGtleXMgKGZv ciBob3N0cyB5b3UgdGFsayB0bykgYW5kIHByaXZhdGUga2V5cy48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+SSBkb27igJl0IHRoaW5rIHRoaXMgV0cgbmVlZHMgdG8gdGhpbmsgYWJvdXQgc3ltbWV0 cmljL2J1bGsgZW5jcnlwdGlvbiBrZXlzIGF0IHRoaXMgcG9pbnQuIE9mIGNvdXJzZSwgSSBjb3Vs ZCBiZSB3cm9uZyBhbmQgd291bGQgbG92ZSB0byB1bmRlcnN0YW5kIHdoeSwgaWYgc28uPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_398D975D85914785B959F1EECEF18EC8akamaicom_-- From nobody Thu Oct 3 07:20:45 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8E2212091A for ; Thu, 3 Oct 2019 07:20:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MYTzDGI54yB8 for ; Thu, 3 Oct 2019 07:20:31 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 951C5120955 for ; Thu, 3 Oct 2019 07:20:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W+vTIqfsVjImBztOyqTW9wasHzIOFYmSwoCIjakXj2poyWrulUwVCbrSZchdmsIHuoSaYZlF4fSa3+446qBon7QHemjFPrE7JIkUwN1TISPiqwBYxKs4OOnJBIk1x/6xOvuS2inj7MuftmqBgkhTdykQFREOxPFGt6mzXt3wHnG01SrHxB7+zqDK6rAPBjMkGekobJOe/gD1o4u9biW4w84n03yY8QhoWhgYSKQJK+mtFdYmFe5liQ2noCKnETQeg5zua1Ut3aqxb0XbTcfO7+IOxSA/CLN5PLFr0ARhybgGuIcHQQ/S4Qukv48d+M0X0LUzhwanq6ur7XS+NqEwxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wy4A1HOzSrguSeVAdSo8CuT/8h0bTe9NFcXhZbAoKTs=; b=g8NR8fvUFiOMKd0pWfZhMJRx9YVexiK14KSPPGl3Iw/XVzCclRv7EiHFKFIKNil0LQS7NLuCAg15jS5ksIFhYRPbqlRDU7Chay7byFwdRvJ1F0P/84aWUbKEoQStjs+Y9JpqjNccznif5KUJVD+8gsMYLo8ZCHmHZx/F1ZU3Upjg8fgBQjX1qgshOWNWA/h8VB0R/lOBRWE36rXpODePjs5iqKyH96X+TpPzuFHHJBk+IklGSD8vbyChAf6OOd9ZZITWwmx8cWDgcDYEZEoj+1DgY3VvcS2aqjTGIXdLEeld1NZYdwY5QzbWjXol2G8TIUq/wZ3DNPJqTDlrDUIJSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wy4A1HOzSrguSeVAdSo8CuT/8h0bTe9NFcXhZbAoKTs=; b=NFj54jcGylO5NPnLlcAwOtryyh61XW3KaIa3EGCqKSuRYkhu3i1j+idLc4frfw6948OqRM4Ht8YoRGACF63kQa9XKhKszT9nnKJpvgUUmDoULb0Rb2X1nKENDDO6oAG86ngBIISaoBJlbXTsmBheGPXe6pFYMJDYQvWLK2nVH0o= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2655.eurprd07.prod.outlook.com (10.173.84.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.9; Thu, 3 Oct 2019 14:20:27 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f%7]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 14:20:27 +0000 From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= To: "Rob Wilton (rwilton)" , Mahesh Jethanandani , Netconf Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAk6LgCAAxRsYA== Date: Thu, 3 Oct 2019 14:20:27 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5f830963-d9f5-4af1-6449-08d7480cd6d0 x-ms-traffictypediagnostic: VI1PR0701MB2655: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01792087B6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(39860400002)(136003)(366004)(376002)(51444003)(199004)(189003)(66574012)(7110500001)(606006)(66446008)(76176011)(76116006)(8936002)(81156014)(8676002)(81166006)(64756008)(229853002)(236005)(86362001)(55016002)(6306002)(33656002)(9686003)(54896002)(966005)(6436002)(99936001)(99286004)(85182001)(71190400001)(71200400001)(14444005)(6246003)(66066001)(256004)(2420400007)(7736002)(6506007)(11346002)(53546011)(486006)(446003)(3846002)(6116002)(790700001)(74316002)(476003)(66556008)(66476007)(2906002)(7696005)(102836004)(186003)(26005)(15650500001)(110136005)(316002)(25786009)(478600001)(66946007)(5660300002)(52536014)(66616009)(14454004)(85202003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2655; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: kJhrwLcM9P+oLps2UU7BwHQYtXW0U9Qj16XPDQLeVh1oQ8yMRJFZE8+vD/fWkP5yJ0ccUrtU1UUx/omCQotcTUMvCXmIY5P1+H+qUKjqZrKdkuK27RWCWhBkxiFrmJ9ugAv/GbaNHtNylpvkc0iWLF9Ww2EtVeUkF55cB9qkmXHUN8uIDw4dj6yIJ6QFwBRLLqhhN5czUiy/cRCyiY4b26O7f6PRYxL29cRiD+psERe1axfrYSVZfdadmSXjwXSffw7AU1i69f15Ay/CJ17CrASXu8egYGVsdbzDexWULig3qT7Z6i+hsNlNt0zAFl9jpjeX+s/HcwGMrDvQj5naTAgAIlFHdKprPCkLbJs8kq/8SFpEmjMvrtwRLFfG7/RcmntC0tPT4IIqT6982ItOYjMAYXkKFX0ncoD+rOydaHc= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0740_01D57A06.769D9950" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5f830963-d9f5-4af1-6449-08d7480cd6d0 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 14:20:27.4714 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZoXOgMiaPBmXKZ/zxSDxG/oKcRRclaMKOw6uZBN05Sl3vZkssHrsCeaWHllRr1xfLdaKt6ek57u89EFBiZpOltFbAbisDZE1UHU7GkR86e8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2655 Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 14:20:36 -0000 ------=_NextPart_000_0740_01D57A06.769D9950 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0741_01D57A06.769D9950" ------=_NextPart_001_0741_01D57A06.769D9950 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable =20 =20 From: Rob Wilton (rwilton) =20 Sent: 2019. szeptember 30., h=C3=A9tf=C5=91 16:45 To: Mahesh Jethanandani ; Netconf = ; Bal=C3=A1zs Lengyel Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Hi, =20 I have reviewed version -05b of this document. =20 I am supportive of this document, and its general approach of making = subscription capability information available both online and offline. = I believe that this information is valuable to making YANG-Push more = usable. =20 A few comments: 1. Terminology and Introduction. I wasn=E2=80=99t sure whether = =E2=80=9Cimplementation-time information=E2=80=9D is the best = description, or whether =E2=80=9Coffline information=E2=80=9D would be a = better description. I believe that the key is that the information is = available offline without requiring access to all the network devices. = Although I can see that providing this information at implementation = time is useful and should be RECOMMENDED, I don=E2=80=99t think that it = should be a MUST/SHALL (e.g. as per section 3).=20 BALAZS: I would like to keep the term = =E2=80=9Cimplementation-time=E2=80=9D, as we had a number of debates = about the correct term and this is one term people seemed to agree upon. = In practice it is often important to provide the information early, = before the network node is fully implemented as NMS planning and design = often begins early as well. In practice the capabilities are decided in = implementation time. 2. Another benefit of having information available offline is that if = there are classes of devices running the same software and hardware then = they should all have the same capabilities without having to check each = and every one. To this end, it would be nice if there was some sort of = simple checksum mechanism that could be used to ensure that the = information stored in the instance-data file exactly matches the = equivalent information provided by the server. This would allows NMS = implementations to be coded to the instance-data document, and then just = validate that the checksums match those provided by the server without = having to fetch and check that a portion of the data tree matches. As a = side note =E2=80=93 YANG packages has a similar requirement. BALAZS: This seems like a requirement to implement an Entity-tag similar = to = https://tools.ietf.org/html/rfc8040#section-3.5.2 but with a = deterministic algorithm to generate the tag value. While the idea is = interesting/worthwhile, IMHO it should be handled in a generic manner, = not for each YANG module separately. Also I was instructed to remove the = entity tag from draft-ietf-netmod-yang-instance-file-format. 3. Section 3, by =E2=80=9Cformal=E2=80=9D, do you mean =E2=80=9Cmachine = readable=E2=80=9D? Otherwise expanding what is meant by formal might be = useful. BALAZS: OK, changed text 4. Section 3, instead of =E2=80=9Camount of notifications=E2=80=9D would = =E2=80=9Cthroughput of notification data=E2=80=9D be better?=20 BALAZS: As you wish, changed text. =20 In terms of the YANG model, I think that it is possible to design this = in a slightly more regular (and arguably simpler) way: * Rename =E2=80=9Cdatastore-subscription-throughput-capabilities = grouping=E2=80=9D to = =E2=80=9Csubscription-throughput-capabilities=E2=80=9D (since the = grouping is also used at the subscription level) BALAZS: OK, renamed BALAZS:: IMHO the other changes look more simple, but will actually make = the model more complicated. * Add =E2=80=9Con-change-supported=E2=80=9D leaf to = =E2=80=9Csubscription-throughput-capabilities=E2=80=9D grouping, but = change its type to an enum of =E2=80=9Call-nodes, config-only, = state-only=E2=80=9D =E2=80=93 this could then work in a fully = hierarchical way. (I.e. the existing on-change-supported-for-config, = on-change-supported-for-state , on-change-supported could be removed). BALAZS: The enum will need much more explanation e.g. what does it mean = to have the =E2=80=9Cconfig-only=E2=80=9D value on a config=3Dfalse data = node? It can be explained, it will just need more text.=20 * Instead of having a set of =E2=80=9Cdatastore=E2=80=9D level = parameters, could these just be expressed as the set of parameters that = apply to =E2=80=9C/=E2=80=9D within a datastore (e.g. as described in = NACM YANG module =E2=80=9Cleaf path=E2=80=9C)? I.e. given that you = support hierarchical paths within a datastore, it just means that you = need two levels, per device and per datastore. BALAZS: It looks simpler, but we would have to have longer explanations: * The =E2=80=9C/=E2=80=9D is not well defined or well known, so its use = must be described * The extra case when there is no per-node-capabilities list-entry needs = to be explained/specified * Ideally, it would be better to have a dependency on RFC6991-bis for = node-instance-identify rather than on NACM. Although I guess that you = may not want to delay this RFC. BALAZS: Agreed, but please no delay.=20 * Currently =E2=80=9Cleaf on-change-supported=E2=80=9D is marked as = mandatory true, but I=E2=80=99m not sure why it should be so. BALAZS: OK. made it mandatory false; There is a use-case where the per = leaf dampening period needs to be specified, but the on-change-supported = is inherited from the containing parent/datastore. * Is =E2=80=9Cmax-objects-per-update=E2=80=9D optional. What if the = server doesn=E2=80=99t have any hard limit - can they just not return a = value here? If so, perhaps assigning a default value of uint32_max = might make sense? BALAZS: It is optional. If there is no hard limit or the limit is not = known the leaf must be absent. The module description include the text: Any capability value MAY be absent ... if the publisher is not = capable of=20 providing a value. =20 In the security section, are these capabilities sensitive information? = E.g. could it be used by an attacker to more effectively DDOS a server = (by knowing which paths to target subscriptions towards)? BALAZS: IMHO the information is not security sensitive. The minimum = dampening period and minimum-update-period can be used to find schema = sections that might generate more notifications, but this is really a = corner-case and we usually don=E2=80=99t describe such details. However = the security section now includes: The Network Configuration Access Control Model (NACM) [RFC8341] = provides the means to restrict access for particular NETCONF or = RESTCONF users to a preconfigured subset of all available = NETCONF or=20 RESTCONF protocol operations and content.=20 If access control is not properly configured, it can expose system internals to those who should not have access to this information. =20 Thanks, Rob =20 =20 From: netconf > On Behalf Of Mahesh Jethanandani Sent: 24 September 2019 18:50 To: Netconf > Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 We were supposed to have closed on the WGLC today. However, between the = document becoming a WG item and it going into LC, we have not received = too many comments on the draft. As such, we are extending the LC by = another week. Please review the draft and provide any comments you might = have. =20 Mahesh & Kent (as co-chairs) =20 =20 On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani = > wrote: =20 Authors have published -04 = version of the draft, which addresses comments they received in = IETF 105. If you provided comments please check to make sure your = comments have been addressed. At this point, the authors believe that = the document is ready for WGLC. =20 This therefore starts a two week LC, ending on September 24th. Please = provide any technical comments you might have on the document. If you = believe the document is not ready for LC, please state your reasons. =20 We will issue a IPR poll separately.=20 =20 Mahesh & Kent (as co-chairs) =20 =20 =20 =20 ------=_NextPart_001_0741_01D57A06.769D9950 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

 

 

From: Rob Wilton (rwilton) = <rwilton@cisco.com>
Sent: 2019. szeptember 30., = h=C3=A9tf=C5=91 16:45
To: Mahesh Jethanandani = <mjethanandani@gmail.com>; Netconf <netconf@ietf.org>; = Bal=C3=A1zs Lengyel = <balazs.lengyel@ericsson.com>
Subject: RE: [netconf] = WGLC for = draft-ietf-netconf-notification-capabilities

 

Hi,

 

I have reviewed version -05b of this = document.

 

I am supportive of this document, and its general approach = of making subscription capability information available both online and = offline.  I believe that this information is valuable to making = YANG-Push more usable.

 

A few comments:

  1. Terminology and Introduction.  I wasn=E2=80=99t sure = whether =E2=80=9Cimplementation-time information=E2=80=9D is the best = description, or whether =E2=80=9Coffline information=E2=80=9D would be a = better description.   I believe that the key is that the = information is available offline without requiring access to all the = network devices.  Although I can see that providing this = information at implementation time is useful and should be RECOMMENDED, = I don=E2=80=99t think that it should be a MUST/SHALL (e.g. as per = section 3).

BALAZS: I would like to keep the = term =E2=80=9Cimplementation-time=E2=80=9D, as we had a number of = debates about the correct term and this is one term people seemed to = agree upon. =C2=A0In practice it is often important to provide the = information early, before the network node is fully implemented as NMS = planning and design often begins early as well. In practice the = capabilities are decided in implementation = time.

  1. Another benefit of having information available offline is = that if there are classes of devices running the same software and = hardware then they should all have the same capabilities without having = to check each and every one.  To this end, it would be nice if = there was some sort of simple checksum mechanism that could be used to = ensure that the information stored in the instance-data file exactly = matches the equivalent information provided by the server.  This = would allows NMS implementations to be coded to the instance-data = document, and then just validate that the checksums match those provided = by the server without having to fetch and check that a portion of the = data tree matches.  As a side note =E2=80=93 YANG packages has a = similar requirement.

BALAZS: = This seems like a requirement to implement an Entity-tag similar to = =C2=A0https://tools.ietf.org/html/rfc8040#section-3.5.2= but with a deterministic algorithm to generate the tag = value. While the idea is interesting/worthwhile, IMHO it should be = handled in a generic manner, not for each YANG module separately. Also I = was instructed to remove the entity tag from = draft-ietf-netmod-yang-instance-file-format.

  1. Section 3, by =E2=80=9Cformal=E2=80=9D, do you mean = =E2=80=9Cmachine readable=E2=80=9D?  Otherwise expanding what is = meant by formal might be useful.

BALAZS: OK, = changed text

  1. Section 3, instead of =E2=80=9Camount of = notifications=E2=80=9D would =E2=80=9Cthroughput of notification = data=E2=80=9D be better?

BALAZS: As = you wish, changed text.

 

In terms of the YANG model, I think that it is possible to = design this in a slightly more regular (and arguably simpler) = way:

  • Rename = =E2=80=9Cdatastore-subscription-throughput-capabilities = grouping=E2=80=9D to = =E2=80=9Csubscription-throughput-capabilities=E2=80=9D (since the = grouping is also used at the subscription = level)

BALAZS: OK, = renamed

BALAZS:: IMHO the other changes look more = simple, but will actually make the model more = complicated.

  • Add =E2=80=9Con-change-supported=E2=80=9D leaf to = =E2=80=9Csubscription-throughput-capabilities=E2=80=9D grouping, but = change its type to an enum of =E2=80=9Call-nodes, config-only, = state-only=E2=80=9D =E2=80=93 this could then work in a fully = hierarchical way.  (I.e. the existing = on-change-supported-for-config, on-change-supported-for-state , = on-change-supported could be removed).

BALAZS: The = enum will need much more explanation e.g. what does it mean to have the = =E2=80=9Cconfig-only=E2=80=9D value on a config=3Dfalse data node? It = can be explained, it will just need more text.

  • Instead of having a set of =E2=80=9Cdatastore=E2=80=9D = level parameters, could these just be expressed as the set of parameters = that apply to =E2=80=9C/=E2=80=9D within a datastore (e.g. as described = in NACM YANG module =E2=80=9Cleaf = path=E2=80=9C)?  I.e. given that you support hierarchical = paths within a datastore, it just means that you need two levels, per = device and per datastore.

BALAZS: It = looks simpler, but we would have to have longer = explanations:

    • The =E2=80=9C/=E2=80=9D is not well defined or = well known, so its use must be described
    • The extra case when there is no = per-node-capabilities list-entry needs to be = explained/specified
  • Ideally, it would be better to have a = dependency on RFC6991-bis for node-instance-identify rather than on = NACM.  Although I guess that you may not want to delay this = RFC.

BALAZS: Agreed, but please no delay. =

  • Currently =E2=80=9Cleaf = on-change-supported=E2=80=9D is marked as mandatory true, but = I=E2=80=99m not sure why it should be so.

BALAZS: OK. = made it mandatory false; There is a use-case where the per leaf = dampening period needs to be specified, but the on-change-supported is = inherited from the containing parent/datastore.

  • Is =E2=80=9Cmax-objects-per-update=E2=80=9D optional.  = What if the server doesn=E2=80=99t have any hard limit - can they just = not return a value here?  If so, perhaps assigning a default value = of uint32_max might make sense?

BALAZS: It = is optional. If there is no hard limit or the limit is not known the = leaf must be absent. The module description include the = text:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Any capability = value MAY be absent ... if the publisher is not capable of =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0providing a = value.

 

In the security section, are these capabilities sensitive = information?  E.g. could it be used by an attacker to more = effectively DDOS a server (by knowing which paths to target = subscriptions towards)?

BALAZS: IMHO the information is not = security sensitive. The minimum dampening period and = minimum-update-period can be used to find schema sections that might = generate more notifications, but this is really a corner-case and we = usually don=E2=80=99t describe such details. However the security = section now includes:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = The Network Configuration Access Control Model (NACM) [RFC8341] =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0provides the means to restrict access for particular NETCONF or =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0RESTCONF users to a preconfigured subset of all available NETCONF or =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0RESTCONF protocol operations and content.

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0If access control is not properly configured, it can = expose

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = system internals to those who should not have access to = this

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = information.

 

Thanks,

Rob

 

 

From: = netconf <netconf-bounces@ietf.org>= On Behalf Of Mahesh Jethanandani
Sent: 24 September = 2019 18:50
To: Netconf <netconf@ietf.org>
Subject:<= /b> Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

We were supposed to have closed on the WGLC today. However, = between the document becoming a WG item and it going into LC, we have = not received too many comments on the draft. As such, we are extending = the LC by another week. Please review the draft and provide any comments = you might have.

 

Mahesh & Kent (as = co-chairs)

 

 

On Sep 10, 2019, at 3:39 PM, Mahesh = Jethanandani <mjethanandani@gmail.com> = wrote:

 

Authors have published -04 version of the draft, which addresses comments = they received in IETF 105. If you provided comments please check to make = sure your comments have been addressed. At this point, the authors = believe that the document is ready for = WGLC.

 

This therefore starts a two week = LC, ending on September 24th. Please provide any technical comments you = might have on the document. If you believe the document is not ready for = LC, please state your reasons.

 

We will issue a IPR poll = separately. 

 

Mahesh & Kent (as = co-chairs)

 

 

 

 

------=_NextPart_001_0741_01D57A06.769D9950-- ------=_NextPart_000_0740_01D57A06.769D9950 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAwMzE0MjAyNVowIwYJKoZIhvcNAQkEMRYEFBI7kHpN4JZf0E7O1Zb4J8ydllVsMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQAtns7hLPTOAxlkmtaflqzHI/lGn1g6xAWGSAH0X1sRHzpvD5wOxI9n 8Fhx0a0Wuuxo4X/208LXddMTfezlPqkpXBfI8NLPFaPrkyWCexJIL2gKkNZA8hHIyIQfH0iFsaak HPQ4PhNjwAlou+yzfcpoeya7xL6Qk0m/mDd/n0yPc6MI6V8a7TPNB5ierzMFeSv0YQP2PLX4HZOW qoEiZF4XJOEmyrCaJgiUgSCJTO4e74fvO5EeMwIq34kSBPQOeJHwhcOP91rNuJ+RMfzS8NEZMHN1 0/GSFjMj3gIhA0S+Ky0g6e1al8zkwpxBUdhpWL0fDVlt1HspKJvQW0uOOXXmAAAAAAAA ------=_NextPart_000_0740_01D57A06.769D9950-- From nobody Thu Oct 3 07:48:16 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 063CE120938 for ; Thu, 3 Oct 2019 07:48:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuJF-58rJeSG for ; Thu, 3 Oct 2019 07:48:08 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60042.outbound.protection.outlook.com [40.107.6.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1606612090B for ; Thu, 3 Oct 2019 07:48:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ahSUkENTbP/DVzH9zHTbRBsvLUNjkh+AjVRlLCyJx+jABijgGZVG+geXBAuP6v53MCM57uc2XJ+jD81tb6YFoF9dt7V9H1X1w48NJFvwe2mlcmumMUTB9+U+R+CZQg43UJivZ3VQtQrgHfncg774dvLJQHGrxNiB0RA2mpr/cAJggRwARsoRGDk+/1Cg5242xva35WhBI6I7E115eK+x839DU8/LdP4kQSFoGEIkPfiDIhWDnPxN2gPwf4CkeU1f5QrJkmuIYoXCZhuSsbb/fuNA8cd0dcV6T8HsgmhM06xvqGv7otrGamSPtl3x6zGUVzZclswKsUAcDwpa2xDn6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uBsMYZ6CESu/i+kDt7px0K4pDOIjFVilkgapY7P73Kw=; b=fELstn1Go7FSu+5EHc1XmZL1Gj4mwKe0sC+t3iwhDnMtQHkodHdym92pKdZ13HQ2QuAzg1Q2UVBbrD96zrl+HCjOUKCw+f2UvodGMBdwKAW2qpRoWupI3DMBlDFdazuZ0gnZoXF72d7zJmf+xvDI9mobZ/hXgdtEl8nkIkSBnjhShVhSp4WOsrr4qCVaLrzoCIYDDDkQ76c85d1scuYtB2JuMF2XHBBPDZMaShkzBAFz4/UnCJi7jo7q+Ho62/GDRHMNQtkcgE1lwjelbrgxR3CCkVpekthFxRoVH+pQqPIoQm9ZSi/6tBydjWn6hRAz3ggchlPYJOPG9JflW88kzQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uBsMYZ6CESu/i+kDt7px0K4pDOIjFVilkgapY7P73Kw=; b=K/hZsm0wN/RJdENJtx69iW8uyYJtGwHYHMXgHftw34g4xoJJSAOmVRft6azpmyW9W0yJm6JwfBaJz8kj2oPN15w3Y4tgiP2XAvqqC60W/PwWta7Zw3cwayaphDPqJPPWxMqAjBsE74ul7el5vgt8+bJ1x4KiowU0kF0xK7VzxgA= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2318.eurprd07.prod.outlook.com (10.168.137.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.9; Thu, 3 Oct 2019 14:48:03 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::f44b:854c:51cf:c69f%7]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 14:48:03 +0000 From: =?iso-8859-2?Q?Bal=E1zs_Lengyel?= To: Kent Watsen CC: "Eric Voit (evoit)" , Mahesh Jethanandani , Alexander Clemm , Benoit Claise , "netconf@ietf.org" Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAA5KYCAA/LsEIAFZuYAgARZyDA= Date: Thu, 3 Oct 2019 14:48:03 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <0100016d83c486c9-83aece79-684a-4999-b382-dd9c09f24c62-000000@email.amazonses.com> In-Reply-To: <0100016d83c486c9-83aece79-684a-4999-b382-dd9c09f24c62-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ad023396-d264-446d-2fd8-08d74810b1ec x-ms-traffictypediagnostic: VI1PR0701MB2318: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01792087B6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(376002)(366004)(199004)(189003)(7110500001)(54896002)(102836004)(14454004)(74316002)(8936002)(33656002)(99286004)(7736002)(81166006)(8676002)(81156014)(486006)(76176011)(7696005)(478600001)(476003)(66066001)(26005)(53546011)(25786009)(11346002)(6246003)(5660300002)(3846002)(790700001)(2906002)(6116002)(66574012)(15650500001)(2420400007)(14444005)(256004)(4326008)(6506007)(54906003)(52536014)(71200400001)(64756008)(6306002)(66556008)(66446008)(229853002)(316002)(66946007)(66476007)(86362001)(66616009)(71190400001)(55016002)(76116006)(9686003)(6436002)(99936001)(446003)(186003)(45776006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2318; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JZJ/eE+jVfY5CUqtQi6yxMx0w6p8ZajHI35pLxovoCgeSOCkMiAKW3wyEPmqUqwX2hxtPYi60MLxxm+Spn2Tbv/Xi6f3zrA5SxR0Ji3C8SY2KNB0iZ7zEpa2Z2sef6CV5EMoKZcTKcflgqm4QP4O0sIDViEQikmCOy9Zfm+o3/qpo8xpVr7Xgg9YCGBMrmECciL9KzhVulmHk82919MX4oEoIBmub0TeulTFFxLPj9qVv7KQ3X6MCsvV4Vgu5aXcCBWh8DWEl2I6yLrPNqFSN6pqety/lo7hcaNc/kru30HaWS3Ld5wysW32iTXCv/Ul71+gaoq9XsPGTh61C2pv1yfq1OEYEAXaXPmfv6j7juVvniJH/b59YUZCQjISOfgb4bPYd2SGxtdHy3RryLw5qnT5ND19VUBagS9tBoWzz6E= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0771_01D57A0A.51E2D720" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad023396-d264-446d-2fd8-08d74810b1ec X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 14:48:03.6137 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Mf6UUmK0lzJngfA30l8erfv/RApt6apSdt0SC8YM7ZrfIZkFe1aqvty7hsPB5sSsxQkc+8ktX8Oq7fV+PfeGpj3n5El/apTHna0X30IL6H8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2318 Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 14:48:15 -0000 ------=_NextPart_000_0771_01D57A0A.51E2D720 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0772_01D57A0A.51E2D720" ------=_NextPart_001_0772_01D57A0A.51E2D720 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable From: Kent Watsen =20 Sent: 2019. szeptember 30., h=E9tf=F5 22:03 To: Bal=E1zs Lengyel Cc: Eric Voit (evoit) ; Mahesh Jethanandani ; Alexander Clemm ; Benoit = Claise ; netconf@ietf.org Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 =20 In reviewing the draft, I don't see where the file format is defined. = I understand the module defining a 'container' for protocol-accessible = nodes, but shouldn't it define an 'sx:structure' for the file format? I = suggest moving the contents of the "datastore-subscription-capabilities" = container to a 'grouping' and then have both the container and an 'sx:structure' = use that grouping. BALAZS2: This drafts does not want to define a file format. It intends = to use the "generic" file format defined in draft-ietf-netmod-yang-instance-file-format. IMHO the whole aim of draft-ietf-netmod-yang-instance-file-format is to avoid individual = drafts defining file formats. =20 On the below: I suspect that you will need to do a security analysis per YANG object. This has been done the other YANG push family. BALAZS: The full module is readOnly and not sensitive or private in any manner. The security text for the readOnly parts of YangPush is the = exact same text: not very informative, but gives you the illusion of security awareness. =20 I suspect that manipulating the reporting intervals could have some = security implications. E.g., a hacker could push up the damping period or = periodic interval to a level where the information they are changing then becomes invisible to a monitoring system. BALAZS: The full YAM is read-only so manipulating the data is not a = concern. =20 =20 The draft should say something like: =20 1. All protocol-accessible are read-only and cannot be modified. The = nature of the read-only data is not deemed to be sensitive in a way = necessitating access-control restrictions (e.g., NACM) beyond the client being authenticated. BALAZS2: OK, Updated with first part, but Rob has asked for an extra sentence about the dangers of revealing read-only data, I added that = too. "All protocol-accessible data are read-only and cannot be modified.=20 The data in this module is not security sensitive. Access control may be configured, to avoid exposing=20 the read-only data." =20 2. When a file format, the protection afforded by a mutually = authenticated transport protocol. Protection of the data must be performed manually, = so as to ensure that the data is neither seen nor modified in transit. Reword as needed. BALAZS2: Agreed. This is part of normal file handling, transport. So I reworded this to: "When that data is in file format, data should be protected against=20 modification or unauthorized access using normal file handling = and=20 secure and mutually authenticated file transport mechanisms." =20 Kent // contributor =20 =20 ------=_NextPart_001_0772_01D57A0A.51E2D720 Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable

From: Kent Watsen <kent+ietf@watsen.net> =
Sent: 2019. szeptember 30., h=E9tf=F5 22:03
To: = Bal=E1zs Lengyel <balazs.lengyel@ericsson.com>
Cc: Eric = Voit (evoit) <evoit@cisco.com>; Mahesh Jethanandani = <mjethanandani@gmail.com>; Alexander Clemm = <ludwig@clemm.org>; Benoit Claise <bclaise@cisco.com>; = netconf@ietf.org
Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

 

In reviewing the draft, I don't see where the file = format is defined.    I understand the module defining a = 'container' for protocol-accessible nodes, but shouldn't it define an = 'sx:structure' for the file format?  I suggest moving the contents = of the "datastore-subscription-capabilities" container to a = 'grouping' and then have both the container and an 'sx:structure' use = that grouping.

BALAZS2: This drafts does not want to define a = file format. It intends to use the “generic” file format = defined in draft-ietf-netmod-yang-instance-file-format. IMHO the whole = aim of draft-ietf-netmod-yang-instance-file-format is to avoid = individual drafts defining file = formats.

 

On the = below:



I suspect that you will need to do a security analysis = per YANG object.   This has been done the other YANG push = family.

BALAZS: The full module is readOnly and not = sensitive or private in any manner.  The security text for the = readOnly parts of YangPush is the exact same text: not very informative, = but gives you the illusion of security = awareness.

 

I = suspect that manipulating the reporting intervals could have some = security implications.   E.g., a hacker could push up the = damping period or periodic interval to a level where the information = they are changing then becomes invisible to a monitoring = system.

BALAZS: The full YAM is read-only so = manipulating the data is not a = concern.

 

 

The = draft should say something like:

 

1. All protocol-accessible are read-only and cannot be = modified.  The nature of the read-only data is not deemed to be = sensitive in a way necessitating access-control restrictions (e.g., = NACM) beyond the client being authenticated.

BALAZS2: OK, =A0Updated = with first part, but Rob has asked for an extra sentence about the = dangers of revealing read-only data, I added that = too.

“All protocol-accessible data are = read-only and cannot be modified.

=A0=A0=A0=A0=A0=A0=A0=A0The data in this module = is not security sensitive.

=A0=A0=A0=A0=A0=A0=A0 = Access control may be configured, to avoid exposing =

=A0=A0=A0=A0=A0=A0=A0=A0the read-only = data.”

 

2. When a file format, the protection afforded by a = mutually authenticated transport protocol.  Protection of the data = must be performed manually, so as to ensure that the data is neither = seen nor modified in transit.

Reword = as needed.

BALAZS2: Agreed. This is part of normal file = handling, transport. So I reworded this to:

“When that data = is in file format, data should be protected against =

=A0=A0=A0=A0=A0=A0=A0=A0modification or = unauthorized access using normal file handling and =

=A0=A0=A0=A0=A0=A0=A0=A0secure and mutually = authenticated file transport = mechanisms.”

 

Kent // contributor

 

 

------=_NextPart_001_0772_01D57A0A.51E2D720-- ------=_NextPart_000_0771_01D57A0A.51E2D720 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAwMzE0NDgwMVowIwYJKoZIhvcNAQkEMRYEFDeCpzEw2TS+exI9SBxIre3BsV2aMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQDKL4XsYZgJKEGin+BAHthQIFK2DsDhyIqeUOthWNBPUcyragBlQP4s WjfB8IxLrqq2b2wqu7+DBdFDJMEO4wKrPC24XzigbnzmwAt7WOOb7bP+tKYWTETpyyrr3jWjjPqs 7ZDPOYPvK/yWAjyynuunPaavai0ByJAFY89+4yDkilneYDhx+1U64FQtuu3jOoUH9gD700GG4IGC B5mSqSrQjxAWQoCu3jN6wRzAYJibwy6Jnkv9bbz/7bLs6IE5prvfUPgPXNzoLFxtAoDnMxEJ9CU+ Bo1rQqzZ6PKf5a5Gk4tYY0YxX+YDDFNPid+CLoWRtMN9ioXURL6Xr+S8cT+7AAAAAAAA ------=_NextPart_000_0771_01D57A0A.51E2D720-- From nobody Thu Oct 3 09:13:23 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE86912013F for ; Thu, 3 Oct 2019 09:13:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=AL6iUY5b; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bcYgsB8x Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvzdBFQ4ZI1Y for ; Thu, 3 Oct 2019 09:13:16 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF82120104 for ; Thu, 3 Oct 2019 09:13:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=85224; q=dns/txt; s=iport; t=1570119196; x=1571328796; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=AL6iUY5bq3XCE33vaD4UlgkJz/LR0MbmyqEZjVse4vz1FUMK+kQy7Wjb 39+6szMH1DrsZhFy72SJPNIwngVoUQMdQqH0sVFea/gSn1zOQMYUa/QXw J8oGb9yebX4hWrYUeTYSixuGeVdXTObAfNvsQqo6fxLkhvT4BYBtvuhN2 c=; IronPort-PHdr: =?us-ascii?q?9a23=3AIVjD4B0wrrgtIRQasmDT+zVfbzU7u7jyIg8e44?= =?us-ascii?q?YmjLQLaKm44pD+JxKHt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSw?= =?us-ascii?q?dDjMwXmwI6B8vQE1L6KOLtaQQxHd9JUxlu+HToeUU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AWAABFHZZd/5pdJa1cChoBAQEBAQI?= =?us-ascii?q?BAQEBDAIBAQEBgVQEAQEBAQsBgRsvJCwDbVYgBAsqCoQYg0cDikVNgg9+iGm?= =?us-ascii?q?OEYEuFIEQA1QJAQEBDAEBJQgCAQGBTIJ0AheCLiM1CA4CAwkBAQQBAQECAQU?= =?us-ascii?q?EbYUtDIVLAQEBAQMSCAkKEwEBNQMPAgEGAhEEAQEOEwEGAwICAh8RFAkIAgQ?= =?us-ascii?q?BEggWBIMBgR1NAx0BAgySf5BhAoE4iGF1gTKCfQEBBYE4AoNPDQuCFwMGgTQ?= =?us-ascii?q?BimKBKxiBQD+BEUaBTkk1PoIaRwEBAgGBMwUOAhgrCYJXMoImjHMOATIDgjS?= =?us-ascii?q?FNYksji9BCoIjhwiKCYQigjqHTo1ZgV+OK4E+hmKCDY8EAgQCBAUCDgEBBYF?= =?us-ascii?q?TATcqgS5wFTuCbFAQFIFPCxiDUIUUhT90AQGBJ41hASQHgQQBgSIBAQ?= X-IronPort-AV: E=Sophos;i="5.67,253,1566864000"; d="scan'208,217";a="343924299" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Oct 2019 16:13:15 +0000 Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x93GDFIq031295 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Oct 2019 16:13:15 GMT Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 11:13:14 -0500 Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 12:13:11 -0400 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 3 Oct 2019 12:13:06 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pv5pSaM3MwVMxT0WUrenThHlF8wDiakFxYeuxUT4Yonde5otagvTqpk6s083R57UUKphZpekn3857RQh6EAmb+V1LjBGcE9Fku3eNgT9wgxrvURUvrEJz8JuIlHXK96EyD9chGMEzmDsMXZJISl0ou0u3mDTGa9XTx37dadFU5UQXDANN2WVK4jAgHk7lS548xRKMQGiaFfm49ZvQu1Tm8xryCpppbgMDlYD7dEtyXG9OUWCNCQNqNxlYoEVIeUidt9xLuL9mN2cAswlk7PCKfWdYt3I3WIBKOAC5g4gOG22iy6sT8f2jVIjdtfv/9FCghLpXbSou7e/Z7O5SYGjCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=lIvLEyCvZPjn1FRClyegpOndOxdxqIwF9KFhbTBgkPrW3VaVH0KH3+tUR7HT9jAz6FbrhNDeifOGnRDpaZeyPH0C3+hqpMrkH2K17qvkEb7re1UtSqKfQqkyFzgY8XZXzuPWMYOH6dMkFnuZB+MgLMwHQNtqt5T/3PUrSZQShnxqbz6vIVuu+sfFyii18fQZkt0yykiVxTgz2i7Au+GLqKXbIpoejoA0psfC3Wj+bwh/MrX+lnZgnGstG/iGdSekq7piK6rv1QVgNg2Igp6NixEPIHeQb3rFsqfSmSm20YRL82jzQzDXS97c0jeIRoHzXbtTkzpENb7p1JxGAEx+cA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s7GZsAPlkwMJntiSUkOqPq6VRDPZGhv4T21dNedbCMs=; b=bcYgsB8x4frzYi90Qa5bnxPCliLamkGmw9Y0g0nbD2A+LGt9mq6GW3/PSuFdYeWneouNxC/TK6HiYNr62fI7mEuSRVuRP0VrGNAXSpOA+jZeRIlmxAkf03QrGjyT8oV101QBfUyFeV1SBzAnq9MPMIvdBaTf9qosHEy8A+NQ/ug= Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3775.namprd11.prod.outlook.com (20.178.253.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Thu, 3 Oct 2019 16:12:53 +0000 Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 16:12:53 +0000 From: "Rob Wilton (rwilton)" To: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= , "Mahesh Jethanandani" , Netconf Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiuRGm9KKbjG02ELVvMwRO/n6c7MLcAgAkj1tCABMaJgIAABczQ Date: Thu, 3 Oct 2019 16:12:52 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com; x-originating-ip: [173.38.220.43] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c3695096-4210-4159-7434-08d7481c8b67 x-ms-traffictypediagnostic: MN2PR11MB3775: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01792087B6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(396003)(366004)(376002)(199004)(189003)(51444003)(52314003)(7736002)(606006)(66946007)(2906002)(6116002)(790700001)(3846002)(8676002)(966005)(66066001)(486006)(186003)(476003)(81166006)(81156014)(7110500001)(99286004)(7696005)(76176011)(30864003)(256004)(26005)(53546011)(478600001)(55016002)(6506007)(316002)(6306002)(54896002)(236005)(9686003)(6436002)(11346002)(229853002)(2420400007)(110136005)(76116006)(446003)(33656002)(14454004)(64756008)(66556008)(66446008)(74316002)(66476007)(15650500001)(6246003)(25786009)(14444005)(86362001)(9326002)(71200400001)(5660300002)(66574012)(52536014)(102836004)(71190400001)(8936002)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3775; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: L1+qkUGz+CDc3psK3D1F5qwzvDHkJui0tiyYoIoMH+lZWcDJZqvm5L2XtkTblt88uGymErKOnr0S+eKa7PpSNA9SuQ+BLxMQuOxMedrrYsgJzAVQ6UpEFtp3LMZv3wn4k5xDZajhNIZGJ2pKAm+fMOp+4D2DW7HhRYVHSADOr3XjsjtRPV3u6UPLPMSOL7ht5hWSMxU1cl2/nLHnuLGE78rWh1nP7qPdsaJ6gdz6Dj3jJyqzlxBZrsyhADOLiISGmQ8ABPpGqeeoWtjfOQC0RStzVsFrNy3xXkOWn845Pp8h1q/KieHkas2t/sxDW6M05k6br7zpBixMJSqAE8udcooZYM2W6KjsT1AG2utlV+gnOusj8q4spH5nccs+oyFljQqSz4uf4QFrDylQWB5xdvaDJPjH8B4Y4karPsFKprMgTzPfYcGvcASxkwie8CPij32HNgD609aLvlDaPgnJvQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366904781E2542E148636BCB59F0MN2PR11MB4366namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: c3695096-4210-4159-7434-08d7481c8b67 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 16:12:53.0212 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vHBZ5zTES6v+ZRcmqdretPfk5hTb2sLsRsZI7BfNxSEqR75o0/knb4nJcaVPvuwjQoWKsLwV4wlN0THFqAC96Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3775 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 16:13:22 -0000 --_000_MN2PR11MB4366904781E2542E148636BCB59F0MN2PR11MB4366namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQmFsYXpzLA0KDQpGcm9tOiBCYWzDoXpzIExlbmd5ZWwgPGJhbGF6cy5sZW5neWVsQGVyaWNz c29uLmNvbT4NClNlbnQ6IDAzIE9jdG9iZXIgMjAxOSAxNToyMA0KVG86IFJvYiBXaWx0b24gKHJ3 aWx0b24pIDxyd2lsdG9uQGNpc2NvLmNvbT47IE1haGVzaCBKZXRoYW5hbmRhbmkgPG1qZXRoYW5h bmRhbmlAZ21haWwuY29tPjsgTmV0Y29uZiA8bmV0Y29uZkBpZXRmLm9yZz4NClN1YmplY3Q6IFJF OiBbbmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRjb25mLW5vdGlmaWNhdGlvbi1jYXBh YmlsaXRpZXMNCg0KDQoNCkZyb206IFJvYiBXaWx0b24gKHJ3aWx0b24pIDxyd2lsdG9uQGNpc2Nv LmNvbTxtYWlsdG86cndpbHRvbkBjaXNjby5jb20+Pg0KU2VudDogMjAxOS4gc3plcHRlbWJlciAz MC4sIGjDqXRmxZEgMTY6NDUNClRvOiBNYWhlc2ggSmV0aGFuYW5kYW5pIDxtamV0aGFuYW5kYW5p QGdtYWlsLmNvbTxtYWlsdG86bWpldGhhbmFuZGFuaUBnbWFpbC5jb20+PjsgTmV0Y29uZiA8bmV0 Y29uZkBpZXRmLm9yZzxtYWlsdG86bmV0Y29uZkBpZXRmLm9yZz4+OyBCYWzDoXpzIExlbmd5ZWwg PGJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTxtYWlsdG86YmFsYXpzLmxlbmd5ZWxAZXJpY3Nz b24uY29tPj4NClN1YmplY3Q6IFJFOiBbbmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRj b25mLW5vdGlmaWNhdGlvbi1jYXBhYmlsaXRpZXMNCg0KSGksDQoNCkkgaGF2ZSByZXZpZXdlZCB2 ZXJzaW9uIC0wNWIgb2YgdGhpcyBkb2N1bWVudC4NCg0KSSBhbSBzdXBwb3J0aXZlIG9mIHRoaXMg ZG9jdW1lbnQsIGFuZCBpdHMgZ2VuZXJhbCBhcHByb2FjaCBvZiBtYWtpbmcgc3Vic2NyaXB0aW9u IGNhcGFiaWxpdHkgaW5mb3JtYXRpb24gYXZhaWxhYmxlIGJvdGggb25saW5lIGFuZCBvZmZsaW5l LiAgSSBiZWxpZXZlIHRoYXQgdGhpcyBpbmZvcm1hdGlvbiBpcyB2YWx1YWJsZSB0byBtYWtpbmcg WUFORy1QdXNoIG1vcmUgdXNhYmxlLg0KDQpBIGZldyBjb21tZW50czoNCg0KMS4gICAgICAgVGVy bWlub2xvZ3kgYW5kIEludHJvZHVjdGlvbi4gIEkgd2FzbuKAmXQgc3VyZSB3aGV0aGVyIOKAnGlt cGxlbWVudGF0aW9uLXRpbWUgaW5mb3JtYXRpb27igJ0gaXMgdGhlIGJlc3QgZGVzY3JpcHRpb24s IG9yIHdoZXRoZXIg4oCcb2ZmbGluZSBpbmZvcm1hdGlvbuKAnSB3b3VsZCBiZSBhIGJldHRlciBk ZXNjcmlwdGlvbi4gICBJIGJlbGlldmUgdGhhdCB0aGUga2V5IGlzIHRoYXQgdGhlIGluZm9ybWF0 aW9uIGlzIGF2YWlsYWJsZSBvZmZsaW5lIHdpdGhvdXQgcmVxdWlyaW5nIGFjY2VzcyB0byBhbGwg dGhlIG5ldHdvcmsgZGV2aWNlcy4gIEFsdGhvdWdoIEkgY2FuIHNlZSB0aGF0IHByb3ZpZGluZyB0 aGlzIGluZm9ybWF0aW9uIGF0IGltcGxlbWVudGF0aW9uIHRpbWUgaXMgdXNlZnVsIGFuZCBzaG91 bGQgYmUgUkVDT01NRU5ERUQsIEkgZG9u4oCZdCB0aGluayB0aGF0IGl0IHNob3VsZCBiZSBhIE1V U1QvU0hBTEwgKGUuZy4gYXMgcGVyIHNlY3Rpb24gMykuDQpCQUxBWlM6IEkgd291bGQgbGlrZSB0 byBrZWVwIHRoZSB0ZXJtIOKAnGltcGxlbWVudGF0aW9uLXRpbWXigJ0sIGFzIHdlIGhhZCBhIG51 bWJlciBvZiBkZWJhdGVzIGFib3V0IHRoZSBjb3JyZWN0IHRlcm0gYW5kIHRoaXMgaXMgb25lIHRl cm0gcGVvcGxlIHNlZW1lZCB0byBhZ3JlZSB1cG9uLiAgSW4gcHJhY3RpY2UgaXQgaXMgb2Z0ZW4g aW1wb3J0YW50IHRvIHByb3ZpZGUgdGhlIGluZm9ybWF0aW9uIGVhcmx5LCBiZWZvcmUgdGhlIG5l dHdvcmsgbm9kZSBpcyBmdWxseSBpbXBsZW1lbnRlZCBhcyBOTVMgcGxhbm5pbmcgYW5kIGRlc2ln biBvZnRlbiBiZWdpbnMgZWFybHkgYXMgd2VsbC4gSW4gcHJhY3RpY2UgdGhlIGNhcGFiaWxpdGll cyBhcmUgZGVjaWRlZCBpbiBpbXBsZW1lbnRhdGlvbiB0aW1lLg0KW1JXXQ0KT0suICBCdXQgSeKA mW0gbm90IHJlYWxseSBjb252aW5jZWQgdGhhdCBhbGwgdmVuZG9ycyB3aWxsIGJlIGFibGUgdG8g cHJvdmlkZSB0aGlzIGluZm9ybWF0aW9uIGF0IGltcGxlbWVudGF0aW9uIHRpbWUuICBJIHdvdWxk IG5vcm1hbGx5IGV4cGVjdCBhIHZlbmRvciB0byBkZWxheSBwcm92aWRpbmcgdGhpcyBpbmZvcm1h dGlvbiB1bnRpbCB0aGUgaW1wbGVtZW50YXRpb24gaXMgY29tcGxldGUsIHRoZXkgaGF2ZSB0ZXN0 ZWQgaXQgYW5kIHZlcmlmaWVkIHRoYXQgdGhleSBjYW4gbWFrZSB0aGUgc3Vic2NyaXB0aW9uIGd1 YXJhbnRlZXMgdGhhdCBhcmUgYmVpbmcgc3RhdGVkLiAgSSB0aGluayB0aGF0IGEgY29tbW9uIGNh c2Ugd291bGQgYmUgcHJvdmlkZSB0aGlzIGluZm9ybWF0aW9uIHdoZW4gdGhlIHNvZnR3YXJlIGlz IGF2YWlsYWJsZSAod2hpY2ggY291bGQgYmUgYWhlYWQgb2YgdGhlIGhhcmR3YXJlIGF2YWlsYWJp bGl0eSkuICBCdXQgaWYgeW91IHdhbnQgdG8gY2FsbCBpdCDigJxpbXBsZW1lbnRhdGlvbiB0aW1l 4oCdIHRoZW4gSSBjYW4gbGl2ZSB3aXRoIHRoYXQuDQpJbiBzZWN0aW9uIDMsIEkgdGhpbmsNCg0K ICAgVGhlIGluZm9ybWF0aW9uIFNIQUxMIGJlIHByb3ZpZGVkIGluIHR3byB3YXlzIGJvdGggZm9s bG93aW5nIHRoZQ0KICAgaWV0Zi1ub3RpZmljYXRpb24tY2FwYWJpbGl0aWVzIG1vZHVsZToNCg0K c2hvdWxkIGJlOg0KDQogICBUaGUgaW5mb3JtYXRpb24gU0hPVUxEIGJlIHByb3ZpZGVkIGluIHR3 byB3YXlzIGJvdGggZm9sbG93aW5nIHRoZQ0KICAgaWV0Zi1ub3RpZmljYXRpb24tY2FwYWJpbGl0 aWVzIG1vZHVsZToNCg0KDQoNCjIuICAgICAgIEFub3RoZXIgYmVuZWZpdCBvZiBoYXZpbmcgaW5m b3JtYXRpb24gYXZhaWxhYmxlIG9mZmxpbmUgaXMgdGhhdCBpZiB0aGVyZSBhcmUgY2xhc3NlcyBv ZiBkZXZpY2VzIHJ1bm5pbmcgdGhlIHNhbWUgc29mdHdhcmUgYW5kIGhhcmR3YXJlIHRoZW4gdGhl eSBzaG91bGQgYWxsIGhhdmUgdGhlIHNhbWUgY2FwYWJpbGl0aWVzIHdpdGhvdXQgaGF2aW5nIHRv IGNoZWNrIGVhY2ggYW5kIGV2ZXJ5IG9uZS4gIFRvIHRoaXMgZW5kLCBpdCB3b3VsZCBiZSBuaWNl IGlmIHRoZXJlIHdhcyBzb21lIHNvcnQgb2Ygc2ltcGxlIGNoZWNrc3VtIG1lY2hhbmlzbSB0aGF0 IGNvdWxkIGJlIHVzZWQgdG8gZW5zdXJlIHRoYXQgdGhlIGluZm9ybWF0aW9uIHN0b3JlZCBpbiB0 aGUgaW5zdGFuY2UtZGF0YSBmaWxlIGV4YWN0bHkgbWF0Y2hlcyB0aGUgZXF1aXZhbGVudCBpbmZv cm1hdGlvbiBwcm92aWRlZCBieSB0aGUgc2VydmVyLiAgVGhpcyB3b3VsZCBhbGxvd3MgTk1TIGlt cGxlbWVudGF0aW9ucyB0byBiZSBjb2RlZCB0byB0aGUgaW5zdGFuY2UtZGF0YSBkb2N1bWVudCwg YW5kIHRoZW4ganVzdCB2YWxpZGF0ZSB0aGF0IHRoZSBjaGVja3N1bXMgbWF0Y2ggdGhvc2UgcHJv dmlkZWQgYnkgdGhlIHNlcnZlciB3aXRob3V0IGhhdmluZyB0byBmZXRjaCBhbmQgY2hlY2sgdGhh dCBhIHBvcnRpb24gb2YgdGhlIGRhdGEgdHJlZSBtYXRjaGVzLiAgQXMgYSBzaWRlIG5vdGUg4oCT IFlBTkcgcGFja2FnZXMgaGFzIGEgc2ltaWxhciByZXF1aXJlbWVudC4NCkJBTEFaUzogVGhpcyBz ZWVtcyBsaWtlIGEgcmVxdWlyZW1lbnQgdG8gaW1wbGVtZW50IGFuIEVudGl0eS10YWcgc2ltaWxh ciB0byAgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzgwNDAjc2VjdGlvbi0zLjUuMiBi dXQgd2l0aCBhIGRldGVybWluaXN0aWMgYWxnb3JpdGhtIHRvIGdlbmVyYXRlIHRoZSB0YWcgdmFs dWUuIFdoaWxlIHRoZSBpZGVhIGlzIGludGVyZXN0aW5nL3dvcnRod2hpbGUsIElNSE8gaXQgc2hv dWxkIGJlIGhhbmRsZWQgaW4gYSBnZW5lcmljIG1hbm5lciwgbm90IGZvciBlYWNoIFlBTkcgbW9k dWxlIHNlcGFyYXRlbHkuIEFsc28gSSB3YXMgaW5zdHJ1Y3RlZCB0byByZW1vdmUgdGhlIGVudGl0 eSB0YWcgZnJvbSBkcmFmdC1pZXRmLW5ldG1vZC15YW5nLWluc3RhbmNlLWZpbGUtZm9ybWF0Lg0K W1JXXQ0KSSBhZ3JlZSB0aGF0IGl0IGlzIGJldHRlciB0byBoYW5kbGUgZ2VuZXJpY2FsbHksIGFs dGhvdWdoIGluIHRoZSBZQU5HIHBhY2thZ2VzIGNhc2UsIEkgZG9u4oCZdCB0aGluayB0aGF0IHRo aXMgd291bGQgd29yaywgYmVjYXVzZSBub3QgZXZlcnl0aGluZyBpcyBwYXJ0IG9mIGFuIGluc3Rh bmNlLWRhdGEgZG9jdW1lbnQgKGUuZy4gYSBjaGVja3N1bSBmb3IgYSBtb2R1bGUpLiAgVGhlIGRl dGVybWluaXN0aWMgYWxnb3JpdGhtIHRoYXQgdGhlIHBhY2thZ2VzIGRyYWZ0IGlzIGN1cnJlbnRs eSB1c2luZyBpcyBhIFNIQS0yNTYgaGFzaC4NCg0KDQozLiAgICAgICBTZWN0aW9uIDMsIGJ5IOKA nGZvcm1hbOKAnSwgZG8geW91IG1lYW4g4oCcbWFjaGluZSByZWFkYWJsZeKAnT8gIE90aGVyd2lz ZSBleHBhbmRpbmcgd2hhdCBpcyBtZWFudCBieSBmb3JtYWwgbWlnaHQgYmUgdXNlZnVsLg0KQkFM QVpTOiBPSywgY2hhbmdlZCB0ZXh0DQoNCjQuICAgICAgIFNlY3Rpb24gMywgaW5zdGVhZCBvZiDi gJxhbW91bnQgb2Ygbm90aWZpY2F0aW9uc+KAnSB3b3VsZCDigJx0aHJvdWdocHV0IG9mIG5vdGlm aWNhdGlvbiBkYXRh4oCdIGJlIGJldHRlcj8NCkJBTEFaUzogQXMgeW91IHdpc2gsIGNoYW5nZWQg dGV4dC4NCg0KSW4gdGVybXMgb2YgdGhlIFlBTkcgbW9kZWwsIEkgdGhpbmsgdGhhdCBpdCBpcyBw b3NzaWJsZSB0byBkZXNpZ24gdGhpcyBpbiBhIHNsaWdodGx5IG1vcmUgcmVndWxhciAoYW5kIGFy Z3VhYmx5IHNpbXBsZXIpIHdheToNCg0KLSAgICAgICAgICBSZW5hbWUg4oCcZGF0YXN0b3JlLXN1 YnNjcmlwdGlvbi10aHJvdWdocHV0LWNhcGFiaWxpdGllcyBncm91cGluZ+KAnSB0byDigJxzdWJz Y3JpcHRpb24tdGhyb3VnaHB1dC1jYXBhYmlsaXRpZXPigJ0gKHNpbmNlIHRoZSBncm91cGluZyBp cyBhbHNvIHVzZWQgYXQgdGhlIHN1YnNjcmlwdGlvbiBsZXZlbCkNCkJBTEFaUzogT0ssIHJlbmFt ZWQNCkJBTEFaUzo6IElNSE8gdGhlIG90aGVyIGNoYW5nZXMgbG9vayBtb3JlIHNpbXBsZSwgYnV0 IHdpbGwgYWN0dWFsbHkgbWFrZSB0aGUgbW9kZWwgbW9yZSBjb21wbGljYXRlZC4NCltSV10NClNv LCB0aGUgY3VycmVudCB0cmVlIG91dHB1dCBpcyB0aGlzOg0KDQptb2R1bGU6IGlldGYtbm90aWZp Y2F0aW9uLWNhcGFiaWxpdGllcw0KICArLS1ybyBkYXRhc3RvcmUtc3Vic2NyaXB0aW9uLWNhcGFi aWxpdGllcw0KICAgICArLS1ybyAodXBkYXRlLXBlcmlvZCk/DQogICAgIHwgICstLToobWluaW11 bS11cGRhdGUtcGVyaW9kKQ0KICAgICB8ICB8ICArLS1ybyBtaW5pbXVtLXVwZGF0ZS1wZXJpb2Q/ ICAgICB1aW50MzINCiAgICAgfCAgKy0tOihzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCkNCiAgICAg fCAgICAgKy0tcm8gc3VwcG9ydGVkLXVwZGF0ZS1wZXJpb2QqICAgdWludDMyDQogICAgKy0tcm8g bWF4LW9iamVjdHMtcGVyLXVwZGF0ZT8gICAgICAgICAgdWludDMyDQogICAgICstLXJvIG1pbmlt dW0tZGFtcGVuaW5nLXBlcmlvZD8gICAgICAgIHVpbnQzMiB7eXA6b24tY2hhbmdlfT8NCiAgICAg Ky0tcm8gZGF0YXN0b3JlLWNhcGFiaWxpdGllcyogW2RhdGFzdG9yZV0NCiAgICAgICAgKy0tcm8g ZGF0YXN0b3JlICAgICAgICAgICAgICAgICAgICAgICAgICB1bmlvbg0KICAgICAgICArLS1ybyAo dXBkYXRlLXBlcmlvZCk/DQogICAgICAgIHwgICstLToobWluaW11bS11cGRhdGUtcGVyaW9kKQ0K ICAgICAgICB8ICB8ICArLS1ybyBtaW5pbXVtLXVwZGF0ZS1wZXJpb2Q/ICAgICAgIHVpbnQzMg0K ICAgICAgICB8ICArLS06KHN1cHBvcnRlZC11cGRhdGUtcGVyaW9kKQ0KICAgICAgICB8ICAgICAr LS1ybyBzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCogICAgIHVpbnQzMg0KICAgICAgICArLS1ybyBt YXgtb2JqZWN0cy1wZXItdXBkYXRlPyAgICAgICAgICAgIHVpbnQzMg0KICAgICAgICArLS1ybyBt aW5pbXVtLWRhbXBlbmluZy1wZXJpb2Q/ICAgICAgICAgIHVpbnQzMiB7eXA6b24tY2hhbmdlfT8N CiAgICAgICAgKy0tcm8gb24tY2hhbmdlLXN1cHBvcnRlZC1mb3ItY29uZmlnPyAgICBib29sZWFu IHt5cDpvbi1jaGFuZ2V9Pw0KICAgICAgICArLS1ybyBvbi1jaGFuZ2Utc3VwcG9ydGVkLWZvci1z dGF0ZT8gICAgIGJvb2xlYW4ge3lwOm9uLWNoYW5nZX0/DQogICAgICAgICstLXJvIHBlci1ub2Rl LWNhcGFiaWxpdGllcyogW25vZGUtc2VsZWN0b3JdDQogICAgICAgICAgICstLXJvIG5vZGUtc2Vs ZWN0b3IgICAgICAgICAgICAgbmFjbTpub2RlLWluc3RhbmNlLWlkZW50aWZpZXINCiAgICAgICAg ICAgKy0tcm8gKHVwZGF0ZS1wZXJpb2QpPw0KICAgICAgICAgICB8ICArLS06KG1pbmltdW0tdXBk YXRlLXBlcmlvZCkNCiAgICAgICAgICAgfCAgfCAgKy0tcm8gbWluaW11bS11cGRhdGUtcGVyaW9k PyAgICB1aW50MzINCiAgICAgICAgICAgfCAgKy0tOihzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCkN CiAgICAgICAgICAgfCAgICAgKy0tcm8gc3VwcG9ydGVkLXVwZGF0ZS1wZXJpb2QqICB1aW50MzIN CiAgICAgICAgICAgKy0tcm8gbWF4LW9iamVjdHMtcGVyLXVwZGF0ZT8gICAgICAgICB1aW50MzIN CiAgICAgICAgICAgKy0tcm8gbWluaW11bS1kYW1wZW5pbmctcGVyaW9kPyAgICAgICB1aW50MzIg e3lwOm9uLWNoYW5nZX0/DQogICAgICAgICAgICstLXJvIG9uLWNoYW5nZS1zdXBwb3J0ZWQgICAg ICAgICAgICAgYm9vbGVhbiB7eXA6b24tY2hhbmdlfT8NCg0KVGhlIG1vZGVsIHRoYXQgSSBwcm9w b3NlZCB3b3VsZCBsb29rIGxpa2UgdGhpczoNCg0KbW9kdWxlOiBpZXRmLW5vdGlmaWNhdGlvbi1j YXBhYmlsaXRpZXMNCiAgKy0tcm8gZGF0YXN0b3JlLXN1YnNjcmlwdGlvbi1jYXBhYmlsaXRpZXMN CiAgICAgKy0tcm8gKHVwZGF0ZS1wZXJpb2QpPw0KICAgICB8ICArLS06KG1pbmltdW0tdXBkYXRl LXBlcmlvZCkNCiAgICAgfCAgfCAgKy0tcm8gbWluaW11bS11cGRhdGUtcGVyaW9kPyAgICAgdWlu dDMyDQogICAgIHwgICstLTooc3VwcG9ydGVkLXVwZGF0ZS1wZXJpb2QpDQogICAgIHwgICAgICst LXJvIHN1cHBvcnRlZC11cGRhdGUtcGVyaW9kKiAgIHVpbnQzMg0KICAgICstLXJvIG1heC1vYmpl Y3RzLXBlci11cGRhdGU/ICAgICAgICAgIHVpbnQzMg0KICAgICArLS1ybyBtaW5pbXVtLWRhbXBl bmluZy1wZXJpb2Q/ICAgICAgICB1aW50MzIge3lwOm9uLWNoYW5nZX0/DQogICAgICstLXJvIG9u LWNoYW5nZS1zdXBwb3J0ZWQ/ICAgICAgICAgICAgIEVudW0gb2YgKGNvbmZpZ3xzdGF0ZXxib3Ro KQ0KICAgICArLS1ybyBkYXRhc3RvcmUtY2FwYWJpbGl0aWVzKiBbZGF0YXN0b3JlXQ0KICAgICAg ICArLS1ybyBkYXRhc3RvcmUgICAgICAgICAgICAgICAgICAgICAgICAgIHVuaW9uDQogICAgICAg ICstLXJvIHBlci1ub2RlLWNhcGFiaWxpdGllcyogW25vZGUtc2VsZWN0b3JdDQogICAgICAgICAg ICstLXJvIG5vZGUtc2VsZWN0b3IgICAgICAgICAgICAgbmFjbTpub2RlLWluc3RhbmNlLWlkZW50 aWZpZXINCiAgICAgICAgICAgKy0tcm8gKHVwZGF0ZS1wZXJpb2QpPw0KICAgICAgICAgICB8ICAr LS06KG1pbmltdW0tdXBkYXRlLXBlcmlvZCkNCiAgICAgICAgICAgfCAgfCAgKy0tcm8gbWluaW11 bS11cGRhdGUtcGVyaW9kPyAgICB1aW50MzINCiAgICAgICAgICAgfCAgKy0tOihzdXBwb3J0ZWQt dXBkYXRlLXBlcmlvZCkNCiAgICAgICAgICAgfCAgICAgKy0tcm8gc3VwcG9ydGVkLXVwZGF0ZS1w ZXJpb2QqICB1aW50MzINCiAgICAgICAgICAgKy0tcm8gbWF4LW9iamVjdHMtcGVyLXVwZGF0ZT8g ICAgICAgICB1aW50MzINCiAgICAgICAgICAgKy0tcm8gbWluaW11bS1kYW1wZW5pbmctcGVyaW9k PyAgICAgICB1aW50MzIge3lwOm9uLWNoYW5nZX0/DQogICAgICAgICAgICstLXJvIG9uLWNoYW5n ZS1zdXBwb3J0ZWQ/ICAgICAgICAgICAgRW51bSBvZiAoY29uZmlnfHN0YXRlfGJvdGgpDQoNCg0K VGhlIGNvZGUgaW50ZXJhY3Rpbmcgd2l0aCB0aGlzIGlzIG1vcmUgZ2VuZXJpYyAsIHdpdGggbGVz cyBjb3JuZXIgY2FzZXMuDQoNCkJ1dCBJIHRoaW5rIHRoYXQgeW91IGNvdWxkIGdvIGEgc3RlcCBm dXJ0aGVyIGFuZCBkZWZpbmUgaXQgbGlrZSB0aGlzLCBhbGxvd2luZyAoZGF0YXN0b3JlPeKAmWFs bOKAmSArIG5vZGUtc2VsZWN0b3IgPSDigJgv4oCZKSB0byBkZWZpbmUgdGhlIGRlZmF1bHQgZ2xv YmFsIGNhcGFiaWxpdGllcy4gIEFueSBjYXBhYmlsaXRpZXMgZm9yIGEgc3BlY2lmaWMgZGF0YXN0 b3JlIGlzIG1vcmUgc3BlY2lmaWMgdGhhbiDigJxhbGzigJ0uICBDYXBhYmlsaXRpZXMgZm9yIGEg bW9yZSBzcGVjaWZpYyBwYXRoIHdpbiBvdmVyIGEgbGVzcyBzcGVjaWZpYyBwYXRoLiAgUGVyc29u YWxseSwgSSB3b3VsZCBleHBlY3QgdGhpcyB0byBiZSBzaW1wbGVyIHRvIGltcGxlbWVudCBiZWNh dXNlIHRoZXJlIGFyZSBsZXNzIHNwZWNpYWwgY2FzZXMgdG8gaGFuZGxlLg0KDQptb2R1bGU6IGll dGYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllcw0KICArLS1ybyBkYXRhc3RvcmUtc3Vic2NyaXB0 aW9uLWNhcGFiaWxpdGllcw0KICAgICArLS1ybyBkYXRhc3RvcmUtY2FwYWJpbGl0aWVzKiBbZGF0 YXN0b3JlXQ0KICAgICAgICArLS1ybyBkYXRhc3RvcmUgICAgICAgICAgICAgICAgICAgICAgICAg IHVuaW9uDQogICAgICAgICstLXJvIHBlci1ub2RlLWNhcGFiaWxpdGllcyogW25vZGUtc2VsZWN0 b3JdDQogICAgICAgICAgICstLXJvIG5vZGUtc2VsZWN0b3IgICAgICAgICAgICAgbmFjbTpub2Rl LWluc3RhbmNlLWlkZW50aWZpZXINCiAgICAgICAgICAgKy0tcm8gKHVwZGF0ZS1wZXJpb2QpPw0K ICAgICAgICAgICB8ICArLS06KG1pbmltdW0tdXBkYXRlLXBlcmlvZCkNCiAgICAgICAgICAgfCAg fCAgKy0tcm8gbWluaW11bS11cGRhdGUtcGVyaW9kPyAgICB1aW50MzINCiAgICAgICAgICAgfCAg Ky0tOihzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCkNCiAgICAgICAgICAgfCAgICAgKy0tcm8gc3Vw cG9ydGVkLXVwZGF0ZS1wZXJpb2QqICB1aW50MzINCiAgICAgICAgICAgKy0tcm8gbWF4LW9iamVj dHMtcGVyLXVwZGF0ZT8gICAgICAgICB1aW50MzINCiAgICAgICAgICAgKy0tcm8gbWluaW11bS1k YW1wZW5pbmctcGVyaW9kPyAgICAgICB1aW50MzIge3lwOm9uLWNoYW5nZX0/DQogICAgICAgICAg ICstLXJvIG9uLWNoYW5nZS1zdXBwb3J0ZWQ/ICAgICAgICAgICAgRW51bSBvZiAoY29uZmlnfHN0 YXRlfGJvdGgpDQoNCg0KDQoNCg0KDQotICAgICAgICAgIEFkZCDigJxvbi1jaGFuZ2Utc3VwcG9y dGVk4oCdIGxlYWYgdG8g4oCcc3Vic2NyaXB0aW9uLXRocm91Z2hwdXQtY2FwYWJpbGl0aWVz4oCd IGdyb3VwaW5nLCBidXQgY2hhbmdlIGl0cyB0eXBlIHRvIGFuIGVudW0gb2Yg4oCcYWxsLW5vZGVz LCBjb25maWctb25seSwgc3RhdGUtb25seeKAnSDigJMgdGhpcyBjb3VsZCB0aGVuIHdvcmsgaW4g YSBmdWxseSBoaWVyYXJjaGljYWwgd2F5LiAgKEkuZS4gdGhlIGV4aXN0aW5nIG9uLWNoYW5nZS1z dXBwb3J0ZWQtZm9yLWNvbmZpZywgb24tY2hhbmdlLXN1cHBvcnRlZC1mb3Itc3RhdGUgLCBvbi1j aGFuZ2Utc3VwcG9ydGVkIGNvdWxkIGJlIHJlbW92ZWQpLg0KQkFMQVpTOiBUaGUgZW51bSB3aWxs IG5lZWQgbXVjaCBtb3JlIGV4cGxhbmF0aW9uIGUuZy4gd2hhdCBkb2VzIGl0IG1lYW4gdG8gaGF2 ZSB0aGUg4oCcY29uZmlnLW9ubHnigJ0gdmFsdWUgb24gYSBjb25maWc9ZmFsc2UgZGF0YSBub2Rl PyBJdCBjYW4gYmUgZXhwbGFpbmVkLCBpdCB3aWxsIGp1c3QgbmVlZCBtb3JlIHRleHQuDQpbUldd DQpJ4oCZbSBub3QgY29udmluY2VkIHRoYXQgdGhpcyB3b3VsZCB0YWtlIHRoYXQgbXVjaCB0ZXh0 IHRvIGV4cGxhaW4g4oCmIGUuZy4gcG9zc2libHkgc29tZXRoaW5nIGxpa2UNCg0K4oCcT24gY2hh bmdlIG5vdGlmaWNhdGlvbnMgY2FuIGJlIHN1cHBvcnRlZCBmb3IgKGkpIG9ubHkg4oCYY29uZmln OiB0cnVl4oCZIG5vZGVzLCBvciAoaWkpIG9ubHkg4oCYY29uZmlnOiBmYWxzZeKAmSBub2Rlcywg b3IgKGlpaSkgYWxsIG5vZGVzIHJlZ2FyZGxlc3Mgb2YgdGhlIOKAmGNvbmZpZ+KAmSBmbGFn4oCd DQoNCg0KDQotICAgICAgICAgIEluc3RlYWQgb2YgaGF2aW5nIGEgc2V0IG9mIOKAnGRhdGFzdG9y ZeKAnSBsZXZlbCBwYXJhbWV0ZXJzLCBjb3VsZCB0aGVzZSBqdXN0IGJlIGV4cHJlc3NlZCBhcyB0 aGUgc2V0IG9mIHBhcmFtZXRlcnMgdGhhdCBhcHBseSB0byDigJwv4oCdIHdpdGhpbiBhIGRhdGFz dG9yZSAoZS5nLiBhcyBkZXNjcmliZWQgaW4gTkFDTSBZQU5HIG1vZHVsZSDigJxsZWFmIHBhdGji gJwpPyAgSS5lLiBnaXZlbiB0aGF0IHlvdSBzdXBwb3J0IGhpZXJhcmNoaWNhbCBwYXRocyB3aXRo aW4gYSBkYXRhc3RvcmUsIGl0IGp1c3QgbWVhbnMgdGhhdCB5b3UgbmVlZCB0d28gbGV2ZWxzLCBw ZXIgZGV2aWNlIGFuZCBwZXIgZGF0YXN0b3JlLg0KQkFMQVpTOiBJdCBsb29rcyBzaW1wbGVyLCBi dXQgd2Ugd291bGQgaGF2ZSB0byBoYXZlIGxvbmdlciBleHBsYW5hdGlvbnM6DQoNCm8gICBUaGUg 4oCcL+KAnSBpcyBub3Qgd2VsbCBkZWZpbmVkIG9yIHdlbGwga25vd24sIHNvIGl0cyB1c2UgbXVz dCBiZSBkZXNjcmliZWQNCltSV10NCkJ1dCBpdCBpcyBkZWZpbmVkL3VzZWQgaW4gdGhpcyB3YXkg Zm9yIE5BQ00uICBJLmUuIHlvdXIgbW9kZWwgd291bGQgYmUgbW9yZSBjb25zaXN0ZW50IHdpdGgg dGhlIGFwcHJvYWNoIGRlZmluZWQgaW4gTkFDTSByYXRoZXIgdGhhbiB1c2luZyBhIGRpZmZlcmVu dCBhcHByb2FjaC4gIEkgdGhpbmsgdGhhdCB5b3UgYWxzbyBhbHJlYWR5IG5lZWQgdG8gaGFuZGxl IHRoZSDigJwv4oCdIGNhc2UgYW55d2F5LCBvciBleHBsaWNpdGx5IGluZGljYXRlIHRoYXQgaXQg aXMgbm90IGFsbG93ZWQuDQoNCg0KbyAgIFRoZSBleHRyYSBjYXNlIHdoZW4gdGhlcmUgaXMgbm8g cGVyLW5vZGUtY2FwYWJpbGl0aWVzIGxpc3QtZW50cnkgbmVlZHMgdG8gYmUgZXhwbGFpbmVkL3Nw ZWNpZmllZA0KW1JXXQ0KSSBkb27igJl0IGZvbGxvdyB5b3VyIGNvbW1lbnQuICBJ4oCZbSBwcm9w b3NpbmcgY2hhbmdpbmcgZnJvbSBhIG1vZGVsIHRoYXQgaGFzIDMgbGV2ZWxzIG9mIGhpZXJhcmNo eSAoZ2xvYmFsLCBwZXItZGF0YXN0b3JlLCBwZXIgZGF0YXN0b3JlIHNjaGVtYSBzdWJ0cmVlKSB0 byBvbmUgdGhhdCBvbmx5IGhhcyAyIChnbG9iYWwsIHBlciBkYXRhc3RvcmUgc2NoZW1hIHN1YnRy ZWUpLg0KDQoNCg0KDQotICAgICAgICAgIElkZWFsbHksIGl0IHdvdWxkIGJlIGJldHRlciB0byBo YXZlIGEgZGVwZW5kZW5jeSBvbiBSRkM2OTkxLWJpcyBmb3Igbm9kZS1pbnN0YW5jZS1pZGVudGlm eSByYXRoZXIgdGhhbiBvbiBOQUNNLiAgQWx0aG91Z2ggSSBndWVzcyB0aGF0IHlvdSBtYXkgbm90 IHdhbnQgdG8gZGVsYXkgdGhpcyBSRkMuDQpCQUxBWlM6IEFncmVlZCwgYnV0IHBsZWFzZSBubyBk ZWxheS4NCltSV10NClllcywgT0suICBUaGUgcGxhbiB3YXMgdG8gZ2V0IFJGQzY5OTFiaXMgZG9u ZSBmYXN0LCBJ4oCZbSBub3Qgc3VyZSBob3cgY2xvc2UgdGhhdCBkb2N1bWVudCBjYW4gYmUgdG8g V0cgTEMuICBQZXJoYXBzIHdlIGNvdWxkIGNoZWNrIHdpdGggSnVlZ2VuPw0KDQoNCi0gICAgICAg ICAgQ3VycmVudGx5IOKAnGxlYWYgb24tY2hhbmdlLXN1cHBvcnRlZOKAnSBpcyBtYXJrZWQgYXMg bWFuZGF0b3J5IHRydWUsIGJ1dCBJ4oCZbSBub3Qgc3VyZSB3aHkgaXQgc2hvdWxkIGJlIHNvLg0K QkFMQVpTOiBPSy4gbWFkZSBpdCBtYW5kYXRvcnkgZmFsc2U7IFRoZXJlIGlzIGEgdXNlLWNhc2Ug d2hlcmUgdGhlIHBlciBsZWFmIGRhbXBlbmluZyBwZXJpb2QgbmVlZHMgdG8gYmUgc3BlY2lmaWVk LCBidXQgdGhlIG9uLWNoYW5nZS1zdXBwb3J0ZWQgaXMgaW5oZXJpdGVkIGZyb20gdGhlIGNvbnRh aW5pbmcgcGFyZW50L2RhdGFzdG9yZS4NCltSV10NClN1cmUuDQoNCg0KLSAgICAgICAgICBJcyDi gJxtYXgtb2JqZWN0cy1wZXItdXBkYXRl4oCdIG9wdGlvbmFsLiAgV2hhdCBpZiB0aGUgc2VydmVy IGRvZXNu4oCZdCBoYXZlIGFueSBoYXJkIGxpbWl0IC0gY2FuIHRoZXkganVzdCBub3QgcmV0dXJu IGEgdmFsdWUgaGVyZT8gIElmIHNvLCBwZXJoYXBzIGFzc2lnbmluZyBhIGRlZmF1bHQgdmFsdWUg b2YgdWludDMyX21heCBtaWdodCBtYWtlIHNlbnNlPw0KQkFMQVpTOiBJdCBpcyBvcHRpb25hbC4g SWYgdGhlcmUgaXMgbm8gaGFyZCBsaW1pdCBvciB0aGUgbGltaXQgaXMgbm90IGtub3duIHRoZSBs ZWFmIG11c3QgYmUgYWJzZW50LiBUaGUgbW9kdWxlIGRlc2NyaXB0aW9uIGluY2x1ZGUgdGhlIHRl eHQ6DQogICAgICBBbnkgY2FwYWJpbGl0eSB2YWx1ZSBNQVkgYmUgYWJzZW50IC4uLiBpZiB0aGUg cHVibGlzaGVyIGlzIG5vdCBjYXBhYmxlIG9mDQogICAgICBwcm92aWRpbmcgYSB2YWx1ZS4NCltS V10NCk9LLiAgVGhlbiBJIHRoaW5rIHRoYXQgdGhlcmUgc2hvdWxkIGJlIGEgYml0IG1vcmUgdGV4 dCBhYm91dCB3aGF0IHZhbHVlcyBtZWFuIGlmIHRoZXkgYXJlIG5vdCBzcGVjaWZpZWQuICBFLmcu IHBlcmhhcHMgdGhlIGZvbGxvd2luZyAoaWYgdGhpcyBpcyB0aGUgcmlnaHQgYmVoYXZpb3VyIGZv ciBhbGwgcHJvcGVydGllcykuDQoNCk9sZDoNCiAgICAgIEFueSBjYXBhYmlsaXR5IHZhbHVlIE1B WSBiZSBhYnNlbnQgaWYgYSBtb3JlIGdlbmVyaWMgY2FwYWJpbGl0eQ0KICAgICAgdmFsdWUgaXMg YWxyZWFkeSBwcm92aWRlZCBvciBpZiB0aGUgcHVibGlzaGVyIGlzIG5vdCBjYXBhYmxlIG9mDQog ICAgICBwcm92aWRpbmcgYSB2YWx1ZS4NCg0KTmV3Og0KICAgICAgQW55IGNhcGFiaWxpdHkgdmFs dWUgTUFZIGJlIGFic2VudCBpZiBhIG1vcmUgZ2VuZXJpYyBjYXBhYmlsaXR5DQogICAgICB2YWx1 ZSBpcyBhbHJlYWR5IHByb3ZpZGVkIG9yIGlmIHRoZSBwdWJsaXNoZXIgaXMgbm90IGNhcGFibGUg b2YNCiAgICAgIHByb3ZpZGluZyBhIHZhbHVlLiAgSWYgbm90IHByb3ZpZGVkIHRoZW4gaXQgc2hv dWxkIGJlDQogICAgICBpbnRlcnByZXRlZCB0aGF0IHRoZSBwcm9wZXJ0eSBpcyB1bmNvbnN0cmFp bmVkLg0KDQoNCkluIHRoZSBzZWN1cml0eSBzZWN0aW9uLCBhcmUgdGhlc2UgY2FwYWJpbGl0aWVz IHNlbnNpdGl2ZSBpbmZvcm1hdGlvbj8gIEUuZy4gY291bGQgaXQgYmUgdXNlZCBieSBhbiBhdHRh Y2tlciB0byBtb3JlIGVmZmVjdGl2ZWx5IERET1MgYSBzZXJ2ZXIgKGJ5IGtub3dpbmcgd2hpY2gg cGF0aHMgdG8gdGFyZ2V0IHN1YnNjcmlwdGlvbnMgdG93YXJkcyk/DQpCQUxBWlM6IElNSE8gdGhl IGluZm9ybWF0aW9uIGlzIG5vdCBzZWN1cml0eSBzZW5zaXRpdmUuIFRoZSBtaW5pbXVtIGRhbXBl bmluZyBwZXJpb2QgYW5kIG1pbmltdW0tdXBkYXRlLXBlcmlvZCBjYW4gYmUgdXNlZCB0byBmaW5k IHNjaGVtYSBzZWN0aW9ucyB0aGF0IG1pZ2h0IGdlbmVyYXRlIG1vcmUgbm90aWZpY2F0aW9ucywg YnV0IHRoaXMgaXMgcmVhbGx5IGEgY29ybmVyLWNhc2UgYW5kIHdlIHVzdWFsbHkgZG9u4oCZdCBk ZXNjcmliZSBzdWNoIGRldGFpbHMuIEhvd2V2ZXIgdGhlIHNlY3VyaXR5IHNlY3Rpb24gbm93IGlu Y2x1ZGVzOg0KICAgICAgICAgVGhlIE5ldHdvcmsgQ29uZmlndXJhdGlvbiBBY2Nlc3MgQ29udHJv bCBNb2RlbCAoTkFDTSkgW1JGQzgzNDFdDQogICAgICAgICBwcm92aWRlcyB0aGUgbWVhbnMgdG8g cmVzdHJpY3QgYWNjZXNzIGZvciBwYXJ0aWN1bGFyIE5FVENPTkYgb3INCiAgICAgICAgIFJFU1RD T05GIHVzZXJzIHRvIGEgcHJlY29uZmlndXJlZCBzdWJzZXQgb2YgYWxsIGF2YWlsYWJsZSBORVRD T05GIG9yDQogICAgICAgICBSRVNUQ09ORiBwcm90b2NvbCBvcGVyYXRpb25zIGFuZCBjb250ZW50 Lg0KICAgICAgICAgSWYgYWNjZXNzIGNvbnRyb2wgaXMgbm90IHByb3Blcmx5IGNvbmZpZ3VyZWQs IGl0IGNhbiBleHBvc2UNCiAgICAgICAgIHN5c3RlbSBpbnRlcm5hbHMgdG8gdGhvc2Ugd2hvIHNo b3VsZCBub3QgaGF2ZSBhY2Nlc3MgdG8gdGhpcw0KICAgICAgICAgaW5mb3JtYXRpb24uDQpbUldd DQpUaGlua2luZyBhYm91dCB0aGlzIHNvbWUgbW9yZSwgSSB3b25kZXIgd2hldGhlciB0aGUgc2Vj dXJpdHkgc2VjdGlvbiBjb3VsZC9zaG91bGQgcmVmZXIgYmFjayB0byBZQU5HLVB1c2gsIHdoaWNo IGFsbG93cyBhIHNlcnZlciB0byByZWplY3Qgc3Vic2NyaXB0aW9ucyBpZiBpdCB3b3VsZCBjYXVz ZSB0aGUgc2VydmVyIHRvIGJlY29tZSBvdmVybG9hZGVkLg0KDQpUaGFua3MsDQpSb2INCg0KDQpU aGFua3MsDQpSb2INCg0KDQpGcm9tOiBuZXRjb25mIDxuZXRjb25mLWJvdW5jZXNAaWV0Zi5vcmc8 bWFpbHRvOm5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZz4+IE9uIEJlaGFsZiBPZiBNYWhlc2ggSmV0 aGFuYW5kYW5pDQpTZW50OiAyNCBTZXB0ZW1iZXIgMjAxOSAxODo1MA0KVG86IE5ldGNvbmYgPG5l dGNvbmZAaWV0Zi5vcmc8bWFpbHRvOm5ldGNvbmZAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtu ZXRjb25mXSBXR0xDIGZvciBkcmFmdC1pZXRmLW5ldGNvbmYtbm90aWZpY2F0aW9uLWNhcGFiaWxp dGllcw0KDQpXZSB3ZXJlIHN1cHBvc2VkIHRvIGhhdmUgY2xvc2VkIG9uIHRoZSBXR0xDIHRvZGF5 LiBIb3dldmVyLCBiZXR3ZWVuIHRoZSBkb2N1bWVudCBiZWNvbWluZyBhIFdHIGl0ZW0gYW5kIGl0 IGdvaW5nIGludG8gTEMsIHdlIGhhdmUgbm90IHJlY2VpdmVkIHRvbyBtYW55IGNvbW1lbnRzIG9u IHRoZSBkcmFmdC4gQXMgc3VjaCwgd2UgYXJlIGV4dGVuZGluZyB0aGUgTEMgYnkgYW5vdGhlciB3 ZWVrLiBQbGVhc2UgcmV2aWV3IHRoZSBkcmFmdCBhbmQgcHJvdmlkZSBhbnkgY29tbWVudHMgeW91 IG1pZ2h0IGhhdmUuDQoNCk1haGVzaCAmIEtlbnQgKGFzIGNvLWNoYWlycykNCg0KDQpPbiBTZXAg MTAsIDIwMTksIGF0IDM6MzkgUE0sIE1haGVzaCBKZXRoYW5hbmRhbmkgPG1qZXRoYW5hbmRhbmlA Z21haWwuY29tPG1haWx0bzptamV0aGFuYW5kYW5pQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpBdXRo b3JzIGhhdmUgcHVibGlzaGVkIC0wNDxodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQt aWV0Zi1uZXRjb25mLW5vdGlmaWNhdGlvbi1jYXBhYmlsaXRpZXMtMDQ+IHZlcnNpb24gb2YgdGhl IGRyYWZ0LCB3aGljaCBhZGRyZXNzZXMgY29tbWVudHMgdGhleSByZWNlaXZlZCBpbiBJRVRGIDEw NS4gSWYgeW91IHByb3ZpZGVkIGNvbW1lbnRzIHBsZWFzZSBjaGVjayB0byBtYWtlIHN1cmUgeW91 ciBjb21tZW50cyBoYXZlIGJlZW4gYWRkcmVzc2VkLiBBdCB0aGlzIHBvaW50LCB0aGUgYXV0aG9y cyBiZWxpZXZlIHRoYXQgdGhlIGRvY3VtZW50IGlzIHJlYWR5IGZvciBXR0xDLg0KDQpUaGlzIHRo ZXJlZm9yZSBzdGFydHMgYSB0d28gd2VlayBMQywgZW5kaW5nIG9uIFNlcHRlbWJlciAyNHRoLiBQ bGVhc2UgcHJvdmlkZSBhbnkgdGVjaG5pY2FsIGNvbW1lbnRzIHlvdSBtaWdodCBoYXZlIG9uIHRo ZSBkb2N1bWVudC4gSWYgeW91IGJlbGlldmUgdGhlIGRvY3VtZW50IGlzIG5vdCByZWFkeSBmb3Ig TEMsIHBsZWFzZSBzdGF0ZSB5b3VyIHJlYXNvbnMuDQoNCldlIHdpbGwgaXNzdWUgYSBJUFIgcG9s bCBzZXBhcmF0ZWx5Lg0KDQpNYWhlc2ggJiBLZW50IChhcyBjby1jaGFpcnMpDQoNCg0KDQoNCg== --_000_MN2PR11MB4366904781E2542E148636BCB59F0MN2PR11MB4366namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMg MiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1 IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0K CXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICov DQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207 DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXtt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5k ZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5 bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxp bmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRN TCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAx cHQ7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciLHNlcmlm O30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQ YXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6MGNtOw0KCW1h cmdpbi1yaWdodDowY207DQoJbWFyZ2luLWJvdHRvbTowY207DQoJbWFyZ2luLWxlZnQ6MzYuMHB0 Ow0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFt aWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uSFRNTFByZWZvcm1hdHRlZENoYXINCgl7 bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1zby1zdHlsZS1wcmlv cml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQiOw0KCWZvbnQtZmFt aWx5OiJDb3VyaWVyIE5ldyIsc2VyaWY7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBk aXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5bGUt dHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xv cjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIyDQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3Rl eHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjMNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9u dC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFu LkVtYWlsU3R5bGUyNQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBE ZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7 fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3 Mi4wcHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldv cmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlz dC1pZDoxNTU0MTQ4NzcyOw0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBs YXRlLWlkczotNjAwNTUwNzc2IDEzMzQ3MjUwNTAgMTM0ODA3NTU1IDEzNDgwNzU1NyAxMzQ4MDc1 NTMgMTM0ODA3NTU1IDEzNDgwNzU1NyAxMzQ4MDc1NTMgMTM0ODA3NTU1IDEzNDgwNzU1Nzt9DQpA bGlzdCBsMDpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Oi07DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjIwLjVwdDsNCgl0ZXh0LWluZGVudDotMTgu MHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCW1zby1mYXJlYXN0LWZv bnQtZmFtaWx5OkNhbGlicmk7fQ0KQGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDo1Ni41 cHQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciLHNl cmlmO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDo5Mi41cHQ7DQoJdGV4dC1p bmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0 DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7 DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCW1hcmdpbi1sZWZ0OjEyOC41cHQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250 LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9y bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDoxNjQuNXB0 Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IixzZXJp Zjt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJbWFyZ2luLWxlZnQ6MjAwLjVwdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDcN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7DQoJbWFyZ2luLWxlZnQ6MjM2LjVwdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQt ZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0OjI3Mi41cHQ7 DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciLHNlcmlm O30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgltYXJnaW4tbGVmdDozMDguNXB0Ow0KCXRleHQtaW5k ZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxDQoJe21zby1s aXN0LWlkOjE5MDY5MTU3MzQ7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVt cGxhdGUtaWRzOjMzMDMzNzg5OCAxMzQ4MDc1NjcgMTM0ODA3NTc3IDEzNDgwNzU3OSAxMzQ4MDc1 NjcgMTM0ODA3NTc3IDEzNDgwNzU3OSAxMzQ4MDc1NjcgMTM0ODA3NTc3IDEzNDgwNzU3OTt9DQpA bGlzdCBsMTpsZXZlbDENCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7fQ0KQGxpc3QgbDE6bGV2 ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10 YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0O30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9DQpAbGlzdCBsMTpsZXZl bDQNCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7fQ0KQGxpc3QgbDE6bGV2ZWw1DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0 O30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dl cjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9DQpAbGlzdCBsMTpsZXZlbDcNCgl7bXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0xOC4wcHQ7fQ0KQGxpc3QgbDE6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGwx OmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRl eHQtaW5kZW50Oi05LjBwdDt9DQpvbA0KCXttYXJnaW4tYm90dG9tOjBjbTt9DQp1bA0KCXttYXJn aW4tYm90dG9tOjBjbTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86 c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2Vu ZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVk aXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+ PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1HQiIgbGluaz0iYmx1 ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IaSBC YWxhenMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAj RTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiPkZy b206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IEJhbMOhenMgTGVuZ3llbCAmbHQ7YmFs YXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29tJmd0Ow0KPGJyPg0KPGI+U2VudDo8L2I+IDAzIE9jdG9i ZXIgMjAxOSAxNToyMDxicj4NCjxiPlRvOjwvYj4gUm9iIFdpbHRvbiAocndpbHRvbikgJmx0O3J3 aWx0b25AY2lzY28uY29tJmd0OzsgTWFoZXNoIEpldGhhbmFuZGFuaSAmbHQ7bWpldGhhbmFuZGFu aUBnbWFpbC5jb20mZ3Q7OyBOZXRjb25mICZsdDtuZXRjb25mQGlldGYub3JnJmd0Ozxicj4NCjxi PlN1YmplY3Q6PC9iPiBSRTogW25ldGNvbmZdIFdHTEMgZm9yIGRyYWZ0LWlldGYtbmV0Y29uZi1u b3RpZmljYXRpb24tY2FwYWJpbGl0aWVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFu IGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdiBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6 My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiPkZyb206PC9zcGFuPjwvYj48c3BhbiBs YW5nPSJFTi1VUyI+IFJvYiBXaWx0b24gKHJ3aWx0b24pICZsdDs8YSBocmVmPSJtYWlsdG86cndp bHRvbkBjaXNjby5jb20iPnJ3aWx0b25AY2lzY28uY29tPC9hPiZndDsNCjxicj4NCjxiPlNlbnQ6 PC9iPiAyMDE5LiBzemVwdGVtYmVyIDMwLiwgaMOpdGbFkSAxNjo0NTxicj4NCjxiPlRvOjwvYj4g TWFoZXNoIEpldGhhbmFuZGFuaSAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1qZXRoYW5hbmRhbmlAZ21h aWwuY29tIj5tamV0aGFuYW5kYW5pQGdtYWlsLmNvbTwvYT4mZ3Q7OyBOZXRjb25mICZsdDs8YSBo cmVmPSJtYWlsdG86bmV0Y29uZkBpZXRmLm9yZyI+bmV0Y29uZkBpZXRmLm9yZzwvYT4mZ3Q7OyBC YWzDoXpzIExlbmd5ZWwgJmx0OzxhIGhyZWY9Im1haWx0bzpiYWxhenMubGVuZ3llbEBlcmljc3Nv bi5jb20iPmJhbGF6cy5sZW5neWVsQGVyaWNzc29uLmNvbTwvYT4mZ3Q7PGJyPg0KPGI+U3ViamVj dDo8L2I+IFJFOiBbbmV0Y29uZl0gV0dMQyBmb3IgZHJhZnQtaWV0Zi1uZXRjb25mLW5vdGlmaWNh dGlvbi1jYXBhYmlsaXRpZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gbGFu Zz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkhpLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5J IGhhdmUgcmV2aWV3ZWQgdmVyc2lvbiAtMDViIG9mIHRoaXMgZG9jdW1lbnQuPG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPkkgYW0gc3VwcG9ydGl2ZSBvZiB0aGlzIGRvY3VtZW50LCBhbmQgaXRzIGdlbmVy YWwgYXBwcm9hY2ggb2YgbWFraW5nIHN1YnNjcmlwdGlvbiBjYXBhYmlsaXR5IGluZm9ybWF0aW9u IGF2YWlsYWJsZSBib3RoIG9ubGluZSBhbmQgb2ZmbGluZS4mbmJzcDsgSSBiZWxpZXZlIHRoYXQg dGhpcyBpbmZvcm1hdGlvbiBpcyB2YWx1YWJsZSB0byBtYWtpbmcgWUFORy1QdXNoIG1vcmUNCiB1 c2FibGUuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkEgZmV3IGNvbW1lbnRzOjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDo3Mi4wcHQ7 dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMSBsZXZlbDEgbGZvMSI+DQo8IVtpZiAhc3Vw cG9ydExpc3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4xLjxzcGFuIHN0eWxlPSJm b250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT5UZXJtaW5vbG9neSBh bmQgSW50cm9kdWN0aW9uLiZuYnNwOyBJIHdhc27igJl0IHN1cmUgd2hldGhlciDigJxpbXBsZW1l bnRhdGlvbi10aW1lIGluZm9ybWF0aW9u4oCdIGlzIHRoZSBiZXN0IGRlc2NyaXB0aW9uLCBvciB3 aGV0aGVyIOKAnG9mZmxpbmUgaW5mb3JtYXRpb27igJ0gd291bGQgYmUgYSBiZXR0ZXIgZGVzY3Jp cHRpb24uICZuYnNwOyZuYnNwO0kgYmVsaWV2ZSB0aGF0IHRoZSBrZXkgaXMgdGhhdCB0aGUgaW5m b3JtYXRpb24gaXMgYXZhaWxhYmxlDQogb2ZmbGluZSB3aXRob3V0IHJlcXVpcmluZyBhY2Nlc3Mg dG8gYWxsIHRoZSBuZXR3b3JrIGRldmljZXMuICZuYnNwO0FsdGhvdWdoIEkgY2FuIHNlZSB0aGF0 IHByb3ZpZGluZyB0aGlzIGluZm9ybWF0aW9uIGF0IGltcGxlbWVudGF0aW9uIHRpbWUgaXMgdXNl ZnVsIGFuZCBzaG91bGQgYmUgUkVDT01NRU5ERUQsIEkgZG9u4oCZdCB0aGluayB0aGF0IGl0IHNo b3VsZCBiZSBhIE1VU1QvU0hBTEwgKGUuZy4gYXMgcGVyIHNlY3Rpb24gMykuDQo8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxz cGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj5CQUxBWlM6IEkgd291bGQgbGlrZSB0byBrZWVwIHRo ZSB0ZXJtIOKAnGltcGxlbWVudGF0aW9uLXRpbWXigJ0sIGFzIHdlIGhhZCBhIG51bWJlciBvZiBk ZWJhdGVzIGFib3V0IHRoZSBjb3JyZWN0IHRlcm0gYW5kIHRoaXMgaXMgb25lIHRlcm0gcGVvcGxl IHNlZW1lZCB0byBhZ3JlZSB1cG9uLiAmbmJzcDtJbiBwcmFjdGljZSBpdCBpcw0KIG9mdGVuIGlt cG9ydGFudCB0byBwcm92aWRlIHRoZSBpbmZvcm1hdGlvbiBlYXJseSwgYmVmb3JlIHRoZSBuZXR3 b3JrIG5vZGUgaXMgZnVsbHkgaW1wbGVtZW50ZWQgYXMgTk1TIHBsYW5uaW5nIGFuZCBkZXNpZ24g b2Z0ZW4gYmVnaW5zIGVhcmx5IGFzIHdlbGwuIEluIHByYWN0aWNlIHRoZSBjYXBhYmlsaXRpZXMg YXJlIGRlY2lkZWQgaW4gaW1wbGVtZW50YXRpb24gdGltZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT5bUlddPG86cD48L286cD48L2k+PC9iPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPk9LLiZuYnNwOyBCdXQgSeKAmW0gbm90IHJlYWxs eSBjb252aW5jZWQgdGhhdCBhbGwgdmVuZG9ycyB3aWxsIGJlIGFibGUgdG8gcHJvdmlkZSB0aGlz IGluZm9ybWF0aW9uIGF0IGltcGxlbWVudGF0aW9uIHRpbWUuJm5ic3A7IEkgd291bGQgbm9ybWFs bHkgZXhwZWN0IGEgdmVuZG9yIHRvIGRlbGF5IHByb3ZpZGluZyB0aGlzIGluZm9ybWF0aW9uIHVu dGlsIHRoZSBpbXBsZW1lbnRhdGlvbiBpcyBjb21wbGV0ZSwgdGhleSBoYXZlDQogdGVzdGVkIGl0 IGFuZCB2ZXJpZmllZCB0aGF0IHRoZXkgY2FuIG1ha2UgdGhlIHN1YnNjcmlwdGlvbiBndWFyYW50 ZWVzIHRoYXQgYXJlIGJlaW5nIHN0YXRlZC4mbmJzcDsgSSB0aGluayB0aGF0IGEgY29tbW9uIGNh c2Ugd291bGQgYmUgcHJvdmlkZSB0aGlzIGluZm9ybWF0aW9uIHdoZW4gdGhlIHNvZnR3YXJlIGlz IGF2YWlsYWJsZSAod2hpY2ggY291bGQgYmUgYWhlYWQgb2YgdGhlIGhhcmR3YXJlIGF2YWlsYWJp bGl0eSkuJm5ic3A7IEJ1dCBpZiB5b3Ugd2FudA0KIHRvIGNhbGwgaXQg4oCcaW1wbGVtZW50YXRp b24gdGltZeKAnSB0aGVuIEkgY2FuIGxpdmUgd2l0aCB0aGF0LjxvOnA+PC9vOnA+PC9pPjwvYj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT48bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+SW4gc2VjdGlvbiAzLCBJIHRoaW5rIDxvOnA+PC9v OnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT48bzpwPiZuYnNwOzwv bzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+Jm5ic3A7Jm5ic3A7 IFRoZSBpbmZvcm1hdGlvbiBTSEFMTCBiZSBwcm92aWRlZCBpbiB0d28gd2F5cyBib3RoIGZvbGxv d2luZyB0aGU8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PGk+Jm5ic3A7Jm5ic3A7IGlldGYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllcyBtb2R1bGU6PG86 cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPjxvOnA+Jm5i c3A7PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT5zaG91bGQg YmU6PG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPjxv OnA+Jm5ic3A7PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT4m bmJzcDsmbmJzcDsgVGhlIGluZm9ybWF0aW9uIFNIT1VMRCBiZSBwcm92aWRlZCBpbiB0d28gd2F5 cyBib3RoIGZvbGxvd2luZyB0aGU8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+PGk+Jm5ic3A7Jm5ic3A7IGlldGYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGll cyBtb2R1bGU6PG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxi PjxpPjxvOnA+Jm5ic3A7PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0i bWFyZ2luLWxlZnQ6NzIuMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDEgbGV2ZWwx IGxmbzEiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9y ZSI+Mi48c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48IVtl bmRpZl0+QW5vdGhlciBiZW5lZml0IG9mIGhhdmluZyBpbmZvcm1hdGlvbiBhdmFpbGFibGUgb2Zm bGluZSBpcyB0aGF0IGlmIHRoZXJlIGFyZSBjbGFzc2VzIG9mIGRldmljZXMgcnVubmluZyB0aGUg c2FtZSBzb2Z0d2FyZSBhbmQgaGFyZHdhcmUgdGhlbiB0aGV5IHNob3VsZCBhbGwgaGF2ZSB0aGUg c2FtZSBjYXBhYmlsaXRpZXMgd2l0aG91dCBoYXZpbmcgdG8gY2hlY2sgZWFjaCBhbmQgZXZlcnkg b25lLiZuYnNwOyBUbyB0aGlzDQogZW5kLCBpdCB3b3VsZCBiZSBuaWNlIGlmIHRoZXJlIHdhcyBz b21lIHNvcnQgb2Ygc2ltcGxlIGNoZWNrc3VtIG1lY2hhbmlzbSB0aGF0IGNvdWxkIGJlIHVzZWQg dG8gZW5zdXJlIHRoYXQgdGhlIGluZm9ybWF0aW9uIHN0b3JlZCBpbiB0aGUgaW5zdGFuY2UtZGF0 YSBmaWxlIGV4YWN0bHkgbWF0Y2hlcyB0aGUgZXF1aXZhbGVudCBpbmZvcm1hdGlvbiBwcm92aWRl ZCBieSB0aGUgc2VydmVyLiZuYnNwOyBUaGlzIHdvdWxkIGFsbG93cyBOTVMgaW1wbGVtZW50YXRp b25zDQogdG8gYmUgY29kZWQgdG8gdGhlIGluc3RhbmNlLWRhdGEgZG9jdW1lbnQsIGFuZCB0aGVu IGp1c3QgdmFsaWRhdGUgdGhhdCB0aGUgY2hlY2tzdW1zIG1hdGNoIHRob3NlIHByb3ZpZGVkIGJ5 IHRoZSBzZXJ2ZXIgd2l0aG91dCBoYXZpbmcgdG8gZmV0Y2ggYW5kIGNoZWNrIHRoYXQgYSBwb3J0 aW9uIG9mIHRoZSBkYXRhIHRyZWUgbWF0Y2hlcy4mbmJzcDsgQXMgYSBzaWRlIG5vdGUg4oCTIFlB TkcgcGFja2FnZXMgaGFzIGEgc2ltaWxhciByZXF1aXJlbWVudC48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxl PSJjb2xvcjojMDBCMEYwIj5CQUxBWlM6IFRoaXMgc2VlbXMgbGlrZSBhIHJlcXVpcmVtZW50IHRv IGltcGxlbWVudCBhbiBFbnRpdHktdGFnIHNpbWlsYXIgdG8gJm5ic3A7PGEgaHJlZj0iaHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzgwNDAjc2VjdGlvbi0zLjUuMiI+PHNwYW4gc3R5bGU9 ImNvbG9yOiMwMEIwRjAiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM4MDQwI3NlY3Rp b24tMy41LjI8L3NwYW4+PC9hPg0KIGJ1dCB3aXRoIGEgZGV0ZXJtaW5pc3RpYyBhbGdvcml0aG0g dG8gZ2VuZXJhdGUgdGhlIHRhZyB2YWx1ZS4gV2hpbGUgdGhlIGlkZWEgaXMgaW50ZXJlc3Rpbmcv d29ydGh3aGlsZSwgSU1ITyBpdCBzaG91bGQgYmUgaGFuZGxlZCBpbiBhIGdlbmVyaWMgbWFubmVy LCBub3QgZm9yIGVhY2ggWUFORyBtb2R1bGUgc2VwYXJhdGVseS4gQWxzbyBJIHdhcyBpbnN0cnVj dGVkIHRvIHJlbW92ZSB0aGUgZW50aXR5IHRhZyBmcm9tIGRyYWZ0LWlldGYtbmV0bW9kLXlhbmct aW5zdGFuY2UtZmlsZS1mb3JtYXQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+PGk+W1JXXSA8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+PGk+SSBhZ3JlZSB0aGF0IGl0IGlzIGJldHRlciB0byBoYW5kbGUgZ2VuZXJp Y2FsbHksIGFsdGhvdWdoIGluIHRoZSBZQU5HIHBhY2thZ2VzIGNhc2UsIEkgZG9u4oCZdCB0aGlu ayB0aGF0IHRoaXMgd291bGQgd29yaywgYmVjYXVzZSBub3QgZXZlcnl0aGluZyBpcyBwYXJ0IG9m IGFuIGluc3RhbmNlLWRhdGEgZG9jdW1lbnQgKGUuZy4gYSBjaGVja3N1bSBmb3IgYSBtb2R1bGUp LiZuYnNwOyBUaGUgZGV0ZXJtaW5pc3RpYw0KIGFsZ29yaXRobSB0aGF0IHRoZSBwYWNrYWdlcyBk cmFmdCBpcyBjdXJyZW50bHkgdXNpbmcgaXMgYSBTSEEtMjU2IGhhc2guPG86cD48L286cD48L2k+ PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDo3Mi4wcHQ7dGV4dC1p bmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMSBsZXZlbDEgbGZvMSI+DQo8IVtpZiAhc3VwcG9ydExp c3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4zLjxzcGFuIHN0eWxlPSJmb250Ojcu MHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT5TZWN0aW9uIDMsIGJ5IOKAnGZv cm1hbOKAnSwgZG8geW91IG1lYW4g4oCcbWFjaGluZSByZWFkYWJsZeKAnT8mbmJzcDsgT3RoZXJ3 aXNlIGV4cGFuZGluZyB3aGF0IGlzIG1lYW50IGJ5IGZvcm1hbCBtaWdodCBiZSB1c2VmdWwuPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYu MHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+QkFMQVpTOiBPSywgY2hhbmdlZCB0ZXh0 PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxl PSJtYXJnaW4tbGVmdDo3Mi4wcHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMSBsZXZl bDEgbGZvMSI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdu b3JlIj40LjxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90 OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwh W2VuZGlmXT5TZWN0aW9uIDMsIGluc3RlYWQgb2Yg4oCcYW1vdW50IG9mIG5vdGlmaWNhdGlvbnPi gJ0gd291bGQg4oCcdGhyb3VnaHB1dCBvZiBub3RpZmljYXRpb24gZGF0YeKAnSBiZSBiZXR0ZXI/ DQo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj5CQUxBWlM6IEFzIHlvdSB3aXNo LCBjaGFuZ2VkIHRleHQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5JbiB0ZXJtcyBvZiB0 aGUgWUFORyBtb2RlbCwgSSB0aGluayB0aGF0IGl0IGlzIHBvc3NpYmxlIHRvIGRlc2lnbiB0aGlz IGluIGEgc2xpZ2h0bHkgbW9yZSByZWd1bGFyIChhbmQgYXJndWFibHkgc2ltcGxlcikgd2F5Ojxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4t bGVmdDo1Ni41cHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZvMiI+ DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4tPHNw YW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48 L3NwYW4+PCFbZW5kaWZdPlJlbmFtZSDigJxkYXRhc3RvcmUtc3Vic2NyaXB0aW9uLXRocm91Z2hw dXQtY2FwYWJpbGl0aWVzIGdyb3VwaW5n4oCdIHRvIOKAnHN1YnNjcmlwdGlvbi10aHJvdWdocHV0 LWNhcGFiaWxpdGllc+KAnSAoc2luY2UgdGhlIGdyb3VwaW5nIGlzIGFsc28gdXNlZCBhdCB0aGUg c3Vic2NyaXB0aW9uIGxldmVsKTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMEIwRjAiPkJB TEFaUzogT0ssIHJlbmFtZWQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBG MCI+QkFMQVpTOjogSU1ITyB0aGUgb3RoZXIgY2hhbmdlcyBsb29rIG1vcmUgc2ltcGxlLCBidXQg d2lsbCBhY3R1YWxseSBtYWtlIHRoZSBtb2RlbCBtb3JlIGNvbXBsaWNhdGVkLjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPltSV10gPG86cD48L286cD48 L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPlNvLCB0aGUgY3VycmVudCB0 cmVlIG91dHB1dCBpcyB0aGlzOjxvOnA+PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48Yj48aT48bzpwPiZuYnNwOzwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5tb2R1bGU6IGll dGYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllczxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMi PiZuYnNwOyAmIzQzOy0tcm8gZGF0YXN0b3JlLXN1YnNjcmlwdGlvbi1jYXBhYmlsaXRpZXM8bzpw PjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0Mzst LXJvICh1cGRhdGUtcGVyaW9kKT88bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyAmIzQzOy0tOihtaW5pbXVtLXVwZGF0ZS1wZXJpb2Qp PG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwm bmJzcDsgfCZuYnNwOyAmIzQzOy0tcm8gbWluaW11bS11cGRhdGUtcGVyaW9kPyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyAmIzQzOy0tOihzdXBwb3J0ZWQtdXBkYXRlLXBlcmlv ZCk8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gc3VwcG9ydGVkLXVwZGF0ZS1wZXJp b2QqJm5ic3A7Jm5ic3A7IHVpbnQzMjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS1ybyBtYXgtb2JqZWN0cy1wZXItdXBkYXRlPyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1aW50MzI8 bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0 MzstLXJvIG1pbmltdW0tZGFtcGVuaW5nLXBlcmlvZD8mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgdWludDMyIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gZGF0YXN0b3Jl LWNhcGFiaWxpdGllcyogW2RhdGFzdG9yZV08bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIGRhdGFz dG9yZSZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1bmlvbjxvOnA+PC9vOnA+ PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyAmIzQzOy0tcm8gKHVwZGF0ZS1wZXJpb2QpPzxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29s YXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDt8Jm5ic3A7ICYj NDM7LS06KG1pbmltdW0tdXBkYXRlLXBlcmlvZCk8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFz Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyB8Jm5i c3A7ICYjNDM7LS1ybyBtaW5pbXVtLXVwZGF0ZS1wZXJpb2Q/Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IHVpbnQzMjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7ICYjNDM7LS06KHN1 cHBvcnRlZC11cGRhdGUtcGVyaW9kKTxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7ICYjNDM7LS1ybyBzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCombmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgdWludDMyPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBtYXgtb2JqZWN0cy1wZXIt dXBkYXRlPyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIG1pbmltdW0t ZGFtcGVuaW5nLXBlcmlvZD8mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgdWludDMyIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFuPjwv Yj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQz Oy0tcm8gb24tY2hhbmdlLXN1cHBvcnRlZC1mb3ItY29uZmlnPyZuYnNwOyZuYnNwOyZuYnNwOyBi b29sZWFuIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gb24tY2hhbmdl LXN1cHBvcnRlZC1mb3Itc3RhdGU/Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGJvb2xlYW4ge3lw Om9uLWNoYW5nZX0/PG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBwZXItbm9kZS1jYXBhYmlsaXRp ZXMqIFtub2RlLXNlbGVjdG9yXTxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQz Oy0tcm8gbm9kZS1zZWxlY3RvciZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBuYWNtOm5vZGUtaW5zdGFuY2UtaWRl bnRpZmllcjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gKHVwZGF0 ZS1wZXJpb2QpPzxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7ICYjNDM7 LS06KG1pbmltdW0tdXBkYXRlLXBlcmlvZCk8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4m bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgfCZuYnNwOyB8Jm5ic3A7ICYjNDM7LS1ybyBtaW5pbXVtLXVwZGF0ZS1wZXJpb2Q/Jm5ic3A7 Jm5ic3A7Jm5ic3A7IHVpbnQzMjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5i c3A7ICYjNDM7LS06KHN1cHBvcnRlZC11cGRhdGUtcGVyaW9kKTxvOnA+PC9vOnA+PC9zcGFuPjwv Yj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBzdXBwb3J0 ZWQtdXBkYXRlLXBlcmlvZCombmJzcDsgdWludDMyPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xh cyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7ICYjNDM7LS1ybyBtYXgtb2JqZWN0cy1wZXItdXBkYXRlPyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48 L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIG1pbmltdW0tZGFtcGVuaW5nLXBlcmlvZD8mbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgdWludDMyIHt5cDpvbi1jaGFuZ2V9PzxvOnA+ PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHls ZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tcm8gb24tY2hhbmdlLXN1cHBvcnRl ZCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyBib29sZWFuIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPlRoZSBtb2RlbCB0aGF0IEkgcHJvcG9zZWQgd291bGQg bG9vayBsaWtlIHRoaXM6PG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5tb2R1bGU6IGlldGYtbm90aWZpY2F0aW9uLWNh cGFiaWxpdGllczxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyAmIzQzOy0tcm8g ZGF0YXN0b3JlLXN1YnNjcmlwdGlvbi1jYXBhYmlsaXRpZXM8bzpwPjwvbzpwPjwvc3Bhbj48L2I+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNv bnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvICh1cGRhdGUtcGVyaW9k KT88bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCZuYnNwOyAmIzQzOy0tOihtaW5pbXVtLXVwZGF0ZS1wZXJpb2QpPG86cD48L286cD48L3NwYW4+ PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsgfCZuYnNwOyAmIzQz Oy0tcm8gbWluaW11bS11cGRhdGUtcGVyaW9kPyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1aW50 MzI8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNw YW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg fCZuYnNwOyAmIzQzOy0tOihzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCk8bzpwPjwvbzpwPjwvc3Bh bj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFt aWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyAmIzQzOy0tcm8gc3VwcG9ydGVkLXVwZGF0ZS1wZXJpb2QqJm5ic3A7Jm5ic3A7IHVp bnQzMjxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyYjNDM7LS1ybyBtYXgtb2JqZWN0cy1wZXItdXBkYXRlPyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48 L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIG1pbmltdW0tZGFt cGVuaW5nLXBlcmlvZD8mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg dWludDMyIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gb24tY2hhbmdlLXN1cHBvcnRlZD8mbmJzcDsm bmJzcDsmbmJzcDsgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7RW51bSBvZiAoY29uZmlnfHN0YXRlfGJvdGgpPG86cD48L286cD48L3NwYW4+PC9i PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpD b25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBkYXRhc3RvcmUtY2Fw YWJpbGl0aWVzKiBbZGF0YXN0b3JlXTxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gZGF0YXN0b3Jl Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHVuaW9uPG86cD48L286cD48L3Nw YW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZh bWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 ICYjNDM7LS1ybyBwZXItbm9kZS1jYXBhYmlsaXRpZXMqIFtub2RlLXNlbGVjdG9yXTxvOnA+PC9v OnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gbm9kZS1zZWxlY3RvciZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyBuYWNtOm5vZGUtaW5zdGFuY2UtaWRlbnRpZmllcjxvOnA+PC9vOnA+PC9zcGFuPjwv Yj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gKHVwZGF0ZS1wZXJpb2QpPzxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7ICYjNDM7LS06KG1pbmltdW0tdXBkYXRlLXBlcmlvZCk8 bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgfCZuYnNwOyB8Jm5ic3A7ICYjNDM7LS1y byBtaW5pbXVtLXVwZGF0ZS1wZXJpb2Q/Jm5ic3A7Jm5ic3A7Jm5ic3A7IHVpbnQzMjxvOnA+PC9v OnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7ICYjNDM7LS06KHN1cHBvcnRlZC11cGRh dGUtcGVyaW9kKTxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB8Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBzdXBwb3J0ZWQtdXBkYXRlLXBlcmlvZCombmJzcDsgdWlu dDMyPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyBtYXgtb2JqZWN0 cy1wZXItdXBkYXRlPyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIG1p bmltdW0tZGFtcGVuaW5nLXBlcmlvZD8mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgdWludDMyIHt5cDpvbi1jaGFuZ2V9PzxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZu YnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmIzQzOy0tcm8gb24tY2hhbmdlLXN1cHBvcnRlZD8mbmJzcDsmbmJzcDsmbmJzcDsgJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7RW51bSBvZiAoY29uZmln fHN0YXRlfGJvdGgpPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxpPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBz dHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvYj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT5UaGUgY29kZSBpbnRlcmFjdGluZyB3aXRo IHRoaXMgaXMgbW9yZSBnZW5lcmljICwgd2l0aCBsZXNzIGNvcm5lciBjYXNlcy48bzpwPjwvbzpw PjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+PG86cD4mbmJzcDs8L286 cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPkJ1dCBJIHRoaW5rIHRo YXQgeW91IGNvdWxkIGdvIGEgc3RlcCBmdXJ0aGVyIGFuZCBkZWZpbmUgaXQgbGlrZSB0aGlzLCBh bGxvd2luZyAoZGF0YXN0b3JlPeKAmWFsbOKAmSAmIzQzOyBub2RlLXNlbGVjdG9yID0g4oCYL+KA mSkgdG8gZGVmaW5lIHRoZSBkZWZhdWx0IGdsb2JhbCBjYXBhYmlsaXRpZXMuJm5ic3A7IEFueSBj YXBhYmlsaXRpZXMgZm9yIGEgc3BlY2lmaWMgZGF0YXN0b3JlIGlzIG1vcmUgc3BlY2lmaWMgdGhh biDigJxhbGzigJ0uJm5ic3A7DQogQ2FwYWJpbGl0aWVzIGZvciBhIG1vcmUgc3BlY2lmaWMgcGF0 aCB3aW4gb3ZlciBhIGxlc3Mgc3BlY2lmaWMgcGF0aC4mbmJzcDsgUGVyc29uYWxseSwgSSB3b3Vs ZCBleHBlY3QgdGhpcyB0byBiZSBzaW1wbGVyIHRvIGltcGxlbWVudCBiZWNhdXNlIHRoZXJlIGFy ZSBsZXNzIHNwZWNpYWwgY2FzZXMgdG8gaGFuZGxlLjxvOnA+PC9vOnA+PC9pPjwvYj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT48bzpwPiZuYnNwOzwvbzpwPjwvaT48L2I+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFz Ij5tb2R1bGU6IGlldGYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllczxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6Q29uc29sYXMiPiZuYnNwOyAmIzQzOy0tcm8gZGF0YXN0b3JlLXN1YnNjcmlwdGlvbi1jYXBh YmlsaXRpZXM8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgJiM0MzstLXJvIGRhdGFzdG9yZS1jYXBhYmlsaXRpZXMqIFtkYXRhc3RvcmVdPG86cD48 L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7ICYjNDM7LS1ybyBkYXRhc3RvcmUmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgdW5pb248bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj4mbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIHBlci1ub2RlLWNhcGFiaWxp dGllcyogW25vZGUtc2VsZWN0b3JdPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYj NDM7LS1ybyBub2RlLXNlbGVjdG9yJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IG5hY206bm9kZS1pbnN0YW5jZS1p ZGVudGlmaWVyPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7ICYjNDM7LS1ybyAodXBk YXRlLXBlcmlvZCk/PG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsgJiM0 MzstLToobWluaW11bS11cGRhdGUtcGVyaW9kKTxvOnA+PC9vOnA+PC9zcGFuPjwvYj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyB8Jm5ic3A7IHwmbmJzcDsgJiM0MzstLXJvIG1pbmltdW0tdXBkYXRlLXBlcmlvZD8mbmJz cDsmbmJzcDsmbmJzcDsgdWludDMyPG86cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHwm bmJzcDsgJiM0MzstLTooc3VwcG9ydGVkLXVwZGF0ZS1wZXJpb2QpPG86cD48L286cD48L3NwYW4+ PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IHwmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgJiM0MzstLXJvIHN1cHBv cnRlZC11cGRhdGUtcGVyaW9kKiZuYnNwOyB1aW50MzI8bzpwPjwvbzpwPjwvc3Bhbj48L2I+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNv bGFzIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsgJiM0MzstLXJvIG1heC1vYmplY3RzLXBlci11cGRhdGU/Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHVpbnQzMjxvOnA+PC9vOnA+PC9zcGFu PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyAmIzQzOy0tcm8gbWluaW11bS1kYW1wZW5pbmctcGVyaW9kPyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB1aW50MzIge3lwOm9uLWNoYW5nZX0/PG86 cD48L286cD48L3NwYW4+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7ICZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS1ybyBvbi1jaGFuZ2Utc3VwcG9y dGVkPyZuYnNwOyZuYnNwOyZuYnNwOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDtFbnVtIG9mIChjb25maWd8c3RhdGV8Ym90aCk8bzpwPjwvbzpwPjwvc3Bh bj48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+PG86cD4mbmJzcDs8L286cD48 L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJn aW4tbGVmdDo1Ni41cHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZv MiI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4t PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bh bj48L3NwYW4+PCFbZW5kaWZdPkFkZCDigJxvbi1jaGFuZ2Utc3VwcG9ydGVk4oCdIGxlYWYgdG8g 4oCcc3Vic2NyaXB0aW9uLXRocm91Z2hwdXQtY2FwYWJpbGl0aWVz4oCdIGdyb3VwaW5nLCBidXQg Y2hhbmdlIGl0cyB0eXBlIHRvIGFuIGVudW0gb2Yg4oCcYWxsLW5vZGVzLCBjb25maWctb25seSwg c3RhdGUtb25seeKAnSDigJMgdGhpcyBjb3VsZCB0aGVuIHdvcmsgaW4gYSBmdWxseSBoaWVyYXJj aGljYWwgd2F5LiZuYnNwOyAoSS5lLiB0aGUgZXhpc3Rpbmcgb24tY2hhbmdlLXN1cHBvcnRlZC1m b3ItY29uZmlnLA0KIG9uLWNoYW5nZS1zdXBwb3J0ZWQtZm9yLXN0YXRlICwgb24tY2hhbmdlLXN1 cHBvcnRlZCBjb3VsZCBiZSByZW1vdmVkKS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDBC MEYwIj5CQUxBWlM6IFRoZSBlbnVtIHdpbGwgbmVlZCBtdWNoIG1vcmUgZXhwbGFuYXRpb24gZS5n LiB3aGF0IGRvZXMgaXQgbWVhbiB0byBoYXZlIHRoZSDigJxjb25maWctb25seeKAnSB2YWx1ZSBv biBhIGNvbmZpZz1mYWxzZSBkYXRhIG5vZGU/IEl0IGNhbiBiZSBleHBsYWluZWQsIGl0IHdpbGwg anVzdCBuZWVkIG1vcmUgdGV4dC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxpPltSV10gPG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxpPknigJltIG5vdCBjb252aW5jZWQgdGhhdCB0aGlzIHdvdWxkIHRha2Ug dGhhdCBtdWNoIHRleHQgdG8gZXhwbGFpbiDigKYgZS5nLiBwb3NzaWJseSBzb21ldGhpbmcgbGlr ZTxvOnA+PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT48bzpw PiZuYnNwOzwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+4oCc T24gY2hhbmdlIG5vdGlmaWNhdGlvbnMgY2FuIGJlIHN1cHBvcnRlZCBmb3IgKGkpIG9ubHkg4oCY Y29uZmlnOiB0cnVl4oCZIG5vZGVzLCBvciAoaWkpIG9ubHkg4oCYY29uZmlnOiBmYWxzZeKAmSBu b2Rlcywgb3IgKGlpaSkgYWxsIG5vZGVzIHJlZ2FyZGxlc3Mgb2YgdGhlIOKAmGNvbmZpZ+KAmSBm bGFn4oCdPG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxp PjxvOnA+Jm5ic3A7PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFy Z2luLWxlZnQ6NTYuNXB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxm bzIiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+ LTxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3Nw YW4+PC9zcGFuPjwhW2VuZGlmXT5JbnN0ZWFkIG9mIGhhdmluZyBhIHNldCBvZiDigJxkYXRhc3Rv cmXigJ0gbGV2ZWwgcGFyYW1ldGVycywgY291bGQgdGhlc2UganVzdCBiZSBleHByZXNzZWQgYXMg dGhlIHNldCBvZiBwYXJhbWV0ZXJzIHRoYXQgYXBwbHkgdG8g4oCcL+KAnSB3aXRoaW4gYSBkYXRh c3RvcmUgKGUuZy4gYXMgZGVzY3JpYmVkIGluIE5BQ00gWUFORyBtb2R1bGUg4oCcPHNwYW4gc3R5 bGU9ImNvbG9yOmJsYWNrIj5sZWFmIHBhdGg8L3NwYW4+4oCcKT8mbmJzcDsNCiBJLmUuIGdpdmVu IHRoYXQgeW91IHN1cHBvcnQgaGllcmFyY2hpY2FsIHBhdGhzIHdpdGhpbiBhIGRhdGFzdG9yZSwg aXQganVzdCBtZWFucyB0aGF0IHlvdSBuZWVkIHR3byBsZXZlbHMsIHBlciBkZXZpY2UgYW5kIHBl ciBkYXRhc3RvcmUuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+QkFMQVpTOiBJ dCBsb29rcyBzaW1wbGVyLCBidXQgd2Ugd291bGQgaGF2ZSB0byBoYXZlIGxvbmdlciBleHBsYW5h dGlvbnM6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgi IHN0eWxlPSJtYXJnaW4tbGVmdDo5Mi41cHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDps MCBsZXZlbDIgbGZvMiI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDssc2VyaWY7Y29sb3I6IzAwQjBGMCI+PHNwYW4g c3R5bGU9Im1zby1saXN0Oklnbm9yZSI+bzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1Rp bWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48 IVtlbmRpZl0+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMEIwRjAiPlRoZSDigJwv4oCdIGlzIG5vdCB3 ZWxsIGRlZmluZWQgb3Igd2VsbCBrbm93biwgc28gaXRzIHVzZSBtdXN0IGJlIGRlc2NyaWJlZDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPltSV10gPG86 cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPkJ1dCBpdCBp cyBkZWZpbmVkL3VzZWQgaW4gdGhpcyB3YXkgZm9yIE5BQ00uJm5ic3A7IEkuZS4geW91ciBtb2Rl bCB3b3VsZCBiZSBtb3JlIGNvbnNpc3RlbnQgd2l0aCB0aGUgYXBwcm9hY2ggZGVmaW5lZCBpbiBO QUNNIHJhdGhlciB0aGFuIHVzaW5nIGEgZGlmZmVyZW50IGFwcHJvYWNoLiZuYnNwOyBJIHRoaW5r IHRoYXQgeW91IGFsc28gYWxyZWFkeSBuZWVkIHRvIGhhbmRsZSB0aGUg4oCcL+KAnSBjYXNlIGFu eXdheSwgb3INCiBleHBsaWNpdGx5IGluZGljYXRlIHRoYXQgaXQgaXMgbm90IGFsbG93ZWQuPG86 cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDo5 Mi41cHQ7dGV4dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDIgbGZvMiI+DQo8IVtp ZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBO ZXcmcXVvdDssc2VyaWY7Y29sb3I6IzAwQjBGMCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9y ZSI+bzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+ Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gc3R5bGU9 ImNvbG9yOiMwMEIwRjAiPlRoZSBleHRyYSBjYXNlIHdoZW4gdGhlcmUgaXMgbm8gcGVyLW5vZGUt Y2FwYWJpbGl0aWVzIGxpc3QtZW50cnkgbmVlZHMgdG8gYmUgZXhwbGFpbmVkL3NwZWNpZmllZDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPltSV10gPG86 cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPkkgZG9u4oCZ dCBmb2xsb3cgeW91ciBjb21tZW50LiZuYnNwOyBJ4oCZbSBwcm9wb3NpbmcgY2hhbmdpbmcgZnJv bSBhIG1vZGVsIHRoYXQgaGFzIDMgbGV2ZWxzIG9mIGhpZXJhcmNoeSAoZ2xvYmFsLCBwZXItZGF0 YXN0b3JlLCBwZXIgZGF0YXN0b3JlIHNjaGVtYSBzdWJ0cmVlKSB0byBvbmUgdGhhdCBvbmx5IGhh cyAyIChnbG9iYWwsIHBlciBkYXRhc3RvcmUgc2NoZW1hIHN1YnRyZWUpLjxvOnA+PC9vOnA+PC9p PjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT48bzpwPiZuYnNwOzwvbzpwPjwv aT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+PG86cD4mbmJzcDs8L286cD48 L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDo1Ni41cHQ7dGV4 dC1pbmRlbnQ6LTE4LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZvMiI+DQo8IVtpZiAhc3VwcG9y dExpc3RzXT48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4tPHNwYW4gc3R5bGU9ImZvbnQ6 Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZd PklkZWFsbHksIGl0IHdvdWxkIGJlIGJldHRlciB0byBoYXZlIGEgZGVwZW5kZW5jeSBvbiBSRkM2 OTkxLWJpcyBmb3Igbm9kZS1pbnN0YW5jZS1pZGVudGlmeSByYXRoZXIgdGhhbiBvbiBOQUNNLiZu YnNwOyBBbHRob3VnaCBJIGd1ZXNzIHRoYXQgeW91IG1heSBub3Qgd2FudCB0byBkZWxheSB0aGlz IFJGQy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj5CQUxBWlM6IEFncmVlZCwg YnV0IHBsZWFzZSBubyBkZWxheS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxpPltSV10gPG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxiPjxpPlllcywgT0suJm5ic3A7IFRoZSBwbGFuIHdhcyB0byBnZXQgUkZDNjk5 MWJpcyBkb25lIGZhc3QsIEnigJltIG5vdCBzdXJlIGhvdyBjbG9zZSB0aGF0IGRvY3VtZW50IGNh biBiZSB0byBXRyBMQy4mbmJzcDsgUGVyaGFwcyB3ZSBjb3VsZCBjaGVjayB3aXRoIEp1ZWdlbj88 bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjU2LjVwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxldmVsMSBsZm8yIj4NCjwh W2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPi08c3BhbiBz dHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bh bj48IVtlbmRpZl0+Q3VycmVudGx5IOKAnGxlYWYgb24tY2hhbmdlLXN1cHBvcnRlZOKAnSBpcyBt YXJrZWQgYXMgbWFuZGF0b3J5IHRydWUsIGJ1dCBJ4oCZbSBub3Qgc3VyZSB3aHkgaXQgc2hvdWxk IGJlIHNvLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMEIwRjAiPkJBTEFaUzogT0suIG1h ZGUgaXQgbWFuZGF0b3J5IGZhbHNlOyBUaGVyZSBpcyBhIHVzZS1jYXNlIHdoZXJlIHRoZSBwZXIg bGVhZiBkYW1wZW5pbmcgcGVyaW9kIG5lZWRzIHRvIGJlIHNwZWNpZmllZCwgYnV0IHRoZSBvbi1j aGFuZ2Utc3VwcG9ydGVkIGlzIGluaGVyaXRlZCBmcm9tIHRoZSBjb250YWluaW5nIHBhcmVudC9k YXRhc3RvcmUuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PGk+W1JXXSA8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PGk+U3VyZS48bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1h cmdpbi1sZWZ0OjU2LjVwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxldmVsMSBs Zm8yIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUi Pi08c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9z cGFuPjwvc3Bhbj48IVtlbmRpZl0+SXMg4oCcbWF4LW9iamVjdHMtcGVyLXVwZGF0ZeKAnSBvcHRp b25hbC4mbmJzcDsgV2hhdCBpZiB0aGUgc2VydmVyIGRvZXNu4oCZdCBoYXZlIGFueSBoYXJkIGxp bWl0IC0gY2FuIHRoZXkganVzdCBub3QgcmV0dXJuIGEgdmFsdWUgaGVyZT8mbmJzcDsgSWYgc28s IHBlcmhhcHMgYXNzaWduaW5nIGEgZGVmYXVsdCB2YWx1ZSBvZiB1aW50MzJfbWF4IG1pZ2h0IG1h a2Ugc2Vuc2U/PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+QkFMQVpTOiBJdCBp cyBvcHRpb25hbC4gSWYgdGhlcmUgaXMgbm8gaGFyZCBsaW1pdCBvciB0aGUgbGltaXQgaXMgbm90 IGtub3duIHRoZSBsZWFmIG11c3QgYmUgYWJzZW50LiBUaGUgbW9kdWxlIGRlc2NyaXB0aW9uIGlu Y2x1ZGUgdGhlIHRleHQ6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMEIwRjAi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBBbnkgY2FwYWJpbGl0eSB2YWx1ZSBNQVkg YmUgYWJzZW50IC4uLiBpZiB0aGUgcHVibGlzaGVyIGlzIG5vdCBjYXBhYmxlIG9mDQo8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7cHJvdmlkaW5nIGEgdmFsdWUuPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+W1JXXSA8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+T0suJm5ic3A7IFRoZW4gSSB0aGluayB0aGF0IHRo ZXJlIHNob3VsZCBiZSBhIGJpdCBtb3JlIHRleHQgYWJvdXQgd2hhdCB2YWx1ZXMgbWVhbiBpZiB0 aGV5IGFyZSBub3Qgc3BlY2lmaWVkLiZuYnNwOyBFLmcuIHBlcmhhcHMgdGhlIGZvbGxvd2luZyAo aWYgdGhpcyBpcyB0aGUgcmlnaHQgYmVoYXZpb3VyIGZvciBhbGwgcHJvcGVydGllcykuPG86cD48 L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPjxvOnA+Jm5ic3A7 PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48aT5PbGQ6PG86cD48 L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IEFueSBjYXBh YmlsaXR5IHZhbHVlIE1BWSBiZSBhYnNlbnQgaWYgYSBtb3JlIGdlbmVyaWMgY2FwYWJpbGl0eTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHZhbHVl IGlzIGFscmVhZHkgcHJvdmlkZWQgb3IgaWYgdGhlIHB1Ymxpc2hlciBpcyBub3QgY2FwYWJsZSBv ZjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHBy b3ZpZGluZyBhIHZhbHVlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxpPjxvOnA+Jm5ic3A7PC9vOnA+PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48Yj48aT5OZXc6PG86cD48L286cD48L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7IEFueSBjYXBhYmlsaXR5IHZhbHVlIE1BWSBiZSBhYnNlbnQgaWYgYSBtb3Jl IGdlbmVyaWMgY2FwYWJpbGl0eTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IHZhbHVlIGlzIGFscmVhZHkgcHJvdmlkZWQgb3IgaWYgdGhlIHB1Ymxp c2hlciBpcyBub3QgY2FwYWJsZSBvZjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IHByb3ZpZGluZyBhIHZhbHVlLiZuYnNwOyBJZiBub3QgcHJvdmlk ZWQgdGhlbiBpdCBzaG91bGQgYmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyBpbnRlcnByZXRlZCB0aGF0IHRoZSBwcm9wZXJ0eSBpcyB1bmNvbnN0 cmFpbmVkLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkluIHRoZSBzZWN1cml0eSBzZWN0aW9uLCBhcmUgdGhl c2UgY2FwYWJpbGl0aWVzIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbj8mbmJzcDsgRS5nLiBjb3VsZCBp dCBiZSB1c2VkIGJ5IGFuIGF0dGFja2VyIHRvIG1vcmUgZWZmZWN0aXZlbHkgRERPUyBhIHNlcnZl ciAoYnkga25vd2luZyB3aGljaCBwYXRocyB0byB0YXJnZXQgc3Vic2NyaXB0aW9ucyB0b3dhcmRz KT88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj5CQUxBWlM6IElNSE8gdGhlIGlu Zm9ybWF0aW9uIGlzIG5vdCBzZWN1cml0eSBzZW5zaXRpdmUuIFRoZSBtaW5pbXVtIGRhbXBlbmlu ZyBwZXJpb2QgYW5kIG1pbmltdW0tdXBkYXRlLXBlcmlvZCBjYW4gYmUgdXNlZCB0byBmaW5kIHNj aGVtYSBzZWN0aW9ucyB0aGF0IG1pZ2h0IGdlbmVyYXRlIG1vcmUgbm90aWZpY2F0aW9ucywNCiBi dXQgdGhpcyBpcyByZWFsbHkgYSBjb3JuZXItY2FzZSBhbmQgd2UgdXN1YWxseSBkb27igJl0IGRl c2NyaWJlIHN1Y2ggZGV0YWlscy4gSG93ZXZlciB0aGUgc2VjdXJpdHkgc2VjdGlvbiBub3cgaW5j bHVkZXM6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMwMEIwRjAiPiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBUaGUgTmV0d29yayBDb25m aWd1cmF0aW9uIEFjY2VzcyBDb250cm9sIE1vZGVsIChOQUNNKSBbUkZDODM0MV0NCjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPjxzcGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtwcm92aWRlcyB0aGUgbWVhbnMgdG8gcmVz dHJpY3QgYWNjZXNzIGZvciBwYXJ0aWN1bGFyIE5FVENPTkYgb3INCjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxz cGFuIHN0eWxlPSJjb2xvcjojMDBCMEYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtSRVNUQ09ORiB1c2VycyB0byBhIHByZWNvbmZpZ3VyZWQg c3Vic2V0IG9mIGFsbCBhdmFpbGFibGUgTkVUQ09ORiBvcg0KPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4g c3R5bGU9ImNvbG9yOiMwMEIwRjAiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwO1JFU1RDT05GIHByb3RvY29sIG9wZXJhdGlvbnMgYW5kIGNvbnRl bnQuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7SWYgYWNjZXNzIGNv bnRyb2wgaXMgbm90IHByb3Blcmx5IGNvbmZpZ3VyZWQsIGl0IGNhbiBleHBvc2U8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYu MHB0Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwQjBGMCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHN5c3RlbSBpbnRlcm5hbHMgdG8gdGhvc2Ugd2hvIHNo b3VsZCBub3QgaGF2ZSBhY2Nlc3MgdG8gdGhpczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJj b2xvcjojMDBCMEYwIj4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgaW5mb3JtYXRpb24uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PGI+PGk+W1JXXSA8bzpwPjwvbzpwPjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PGI+PGk+VGhpbmtpbmcgYWJvdXQgdGhpcyBzb21lIG1vcmUsIEkgd29uZGVyIHdoZXRo ZXIgdGhlIHNlY3VyaXR5IHNlY3Rpb24gY291bGQvc2hvdWxkIHJlZmVyIGJhY2sgdG8gWUFORy1Q dXNoLCB3aGljaCBhbGxvd3MgYSBzZXJ2ZXIgdG8gcmVqZWN0IHN1YnNjcmlwdGlvbnMgaWYgaXQg d291bGQgY2F1c2UgdGhlIHNlcnZlciB0byBiZWNvbWUgb3ZlcmxvYWRlZC48bzpwPjwvbzpwPjwv aT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+PG86cD4mbmJzcDs8L286cD48 L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPlRoYW5rcyw8bzpwPjwvbzpw PjwvaT48L2I+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PGk+Um9iPG86cD48L286cD48 L2k+PC9iPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxpPjxvOnA+Jm5ic3A7PC9vOnA+ PC9pPjwvYj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPlRoYW5rcyw8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPlJvYjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxk aXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGlu ZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PGI+PHNwYW4g bGFuZz0iRU4tVVMiPkZyb206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IG5ldGNvbmYg Jmx0OzxhIGhyZWY9Im1haWx0bzpuZXRjb25mLWJvdW5jZXNAaWV0Zi5vcmciPm5ldGNvbmYtYm91 bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7DQo8Yj5PbiBCZWhhbGYgT2YgPC9iPk1haGVzaCBKZXRoYW5h bmRhbmk8YnI+DQo8Yj5TZW50OjwvYj4gMjQgU2VwdGVtYmVyIDIwMTkgMTg6NTA8YnI+DQo8Yj5U bzo8L2I+IE5ldGNvbmYgJmx0OzxhIGhyZWY9Im1haWx0bzpuZXRjb25mQGlldGYub3JnIj5uZXRj b25mQGlldGYub3JnPC9hPiZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtuZXRjb25mXSBX R0xDIGZvciBkcmFmdC1pZXRmLW5ldGNvbmYtbm90aWZpY2F0aW9uLWNhcGFiaWxpdGllczxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5XZSB3ZXJlIHN1 cHBvc2VkIHRvIGhhdmUgY2xvc2VkIG9uIHRoZSBXR0xDIHRvZGF5LiBIb3dldmVyLCBiZXR3ZWVu IHRoZSBkb2N1bWVudCBiZWNvbWluZyBhIFdHIGl0ZW0gYW5kIGl0IGdvaW5nIGludG8gTEMsIHdl IGhhdmUgbm90IHJlY2VpdmVkIHRvbyBtYW55IGNvbW1lbnRzIG9uIHRoZSBkcmFmdC4gQXMgc3Vj aCwgd2UgYXJlIGV4dGVuZGluZyB0aGUgTEMgYnkNCiBhbm90aGVyIHdlZWsuIFBsZWFzZSByZXZp ZXcgdGhlIGRyYWZ0IGFuZCBwcm92aWRlIGFueSBjb21tZW50cyB5b3UgbWlnaHQgaGF2ZS48bzpw PjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPk1haGVzaCAmYW1wOyBLZW50 IChhcyBjby1jaGFpcnMpPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFy Z2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjEyLjBwdDttYXJnaW4tbGVmdDozNi4wcHQiPg0K PG86cD4mbmJzcDs8L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBw dDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5PbiBTZXAgMTAsIDIwMTksIGF0IDM6MzkgUE0sIE1haGVz aCBKZXRoYW5hbmRhbmkgJmx0OzxhIGhyZWY9Im1haWx0bzptamV0aGFuYW5kYW5pQGdtYWlsLmNv bSI+bWpldGhhbmFuZGFuaUBnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkF1dGhvcnMgaGF2ZSBwdWJsaXNoZWQmbmJzcDs8 YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1uZXRjb25mLW5v dGlmaWNhdGlvbi1jYXBhYmlsaXRpZXMtMDQiPi0wNDwvYT4mbmJzcDt2ZXJzaW9uIG9mIHRoZSBk cmFmdCwgd2hpY2ggYWRkcmVzc2VzIGNvbW1lbnRzIHRoZXkgcmVjZWl2ZWQgaW4gSUVURiAxMDUu IElmIHlvdSBwcm92aWRlZCBjb21tZW50cw0KIHBsZWFzZSBjaGVjayB0byBtYWtlIHN1cmUgeW91 ciBjb21tZW50cyBoYXZlIGJlZW4gYWRkcmVzc2VkLiBBdCB0aGlzIHBvaW50LCB0aGUgYXV0aG9y cyBiZWxpZXZlIHRoYXQgdGhlIGRvY3VtZW50IGlzIHJlYWR5IGZvciBXR0xDLjxvOnA+PC9vOnA+ PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+VGhpcyB0aGVyZWZvcmUgc3RhcnRzIGEg dHdvIHdlZWsgTEMsIGVuZGluZyBvbiBTZXB0ZW1iZXIgMjR0aC4gUGxlYXNlIHByb3ZpZGUgYW55 IHRlY2huaWNhbCBjb21tZW50cyB5b3UgbWlnaHQgaGF2ZSBvbiB0aGUgZG9jdW1lbnQuIElmIHlv dSBiZWxpZXZlIHRoZSBkb2N1bWVudCBpcyBub3QgcmVhZHkgZm9yIExDLCBwbGVhc2Ugc3RhdGUg eW91ciByZWFzb25zLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij5XZSB3aWxsIGlzc3VlIGEgSVBSIHBvbGwgc2VwYXJhdGVseS4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+TWFoZXNoICZhbXA7IEtlbnQgKGFz IGNvLWNoYWlycyk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_MN2PR11MB4366904781E2542E148636BCB59F0MN2PR11MB4366namp_-- From nobody Fri Oct 4 04:57:03 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9AA9120826 for ; Fri, 4 Oct 2019 04:57:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cenrYSbWMHnt for ; Fri, 4 Oct 2019 04:56:58 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60046.outbound.protection.outlook.com [40.107.6.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8625A120123 for ; Fri, 4 Oct 2019 04:56:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZjMpVeg72Pg1S8hEqHdiCGazxfNiollk+24dxjHSgPKhUdu5+TKCSUmI30w04e/ZivQVb02NDk9iHr82+PxO5mezVlsc2S++UsmetlPKYTd8/SWKuQ9C9KwRA32z20+vxsMgU0xtGwWLyISp6AdcjfIHYbFHsSD+TusEoDYgBjaxUaQJnBeHhGvnGgdz9b0/1tsvlje5eQH8L1Cm8aFaVhCrG4EKnYrS7dqHgSvnBeXZvQgpjrBn6gAgMymQHIqYjxZWXto7ZXHsi72MOprN/s5GI3lrt6U1PCjp8K5qY0rT+QVrRinq6vS5CIeqF4aze53gzpW3cTIjqGoA41x2cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7S9t+EiHH5Vw/Rk6rvxcXUipa9uyUj0J1U2Bg+ClvJY=; b=la1E76IZF6Kw8lcJb8a20/vfELnAuneBTZvQzOY+IK0AHLgU2uqvc9SuRvAlnL9hYrYDysCTMJrSOy9Beq6Vva8ZubZIf2XL2F/fimnai8gKNelTMXK5QePTsXj5tcHZIqXSsfpaAjpxiEABVzVg4kjZjUbEgvJld5yWhUT5r52l9WhTjrw8saT8i3zAhE1nIVq1iUygVoQQ+fBYoHgqjDnmbn7Pl/zpfKTbuh1u6hCCdGWqGLQ4KOOvM1Qso2XJ9eRSSL61ytmDOaZUKhogT0JTpHDl8iHuX1Oa2hImVZ/vJl4nX8fG9b94PHrn0Qnvy3K6adxqGhBwjTk3g8gITQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7S9t+EiHH5Vw/Rk6rvxcXUipa9uyUj0J1U2Bg+ClvJY=; b=EMLedrJF9IsLAYE89ErcTfwVAxUyB/YYBXtKo5eEIKRA6jziwPs/PFlzJD9zcNFEry81Hf1dcEmvlF+c1ap9Jku3pdKYPlOwNZMem+sGdvFFJcYLsv8tjrAajpzJlw199bpwg8WrU9HhAED2Tq3cvYEvftIoMLrxFLKHt3zbcTM= Received: from AM0PR07MB5187.eurprd07.prod.outlook.com (20.178.20.74) by AM0PR07MB6227.eurprd07.prod.outlook.com (10.186.173.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.7; Fri, 4 Oct 2019 11:56:46 +0000 Received: from AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::79ab:b6a3:2209:64a3]) by AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::79ab:b6a3:2209:64a3%7]) with mapi id 15.20.2305.023; Fri, 4 Oct 2019 11:56:46 +0000 From: =?iso-8859-1?Q?Bal=E1zs_Kov=E1cs?= To: Kent Watsen , "netconf@ietf.org" Thread-Topic: truststore usage in ietf-ssh/tls-client/server Thread-Index: AdV6qssoOPhu3prpR26CPrmHv0Da1Q== Date: Fri, 4 Oct 2019 11:56:46 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com; x-originating-ip: [192.176.1.83] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6cd0c1a7-03c2-47c7-3a20-08d748c1ee97 x-ms-traffictypediagnostic: AM0PR07MB6227: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 018093A9B5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(366004)(346002)(136003)(396003)(199004)(189003)(6506007)(110136005)(14454004)(45776006)(76116006)(186003)(66946007)(478600001)(102836004)(7696005)(99286004)(64756008)(66446008)(66476007)(66556008)(26005)(25786009)(86362001)(486006)(316002)(52536014)(5660300002)(66066001)(476003)(33656002)(4744005)(2501003)(81166006)(81156014)(790700001)(3846002)(6116002)(7736002)(8936002)(256004)(14444005)(2906002)(9326002)(8676002)(71190400001)(71200400001)(55016002)(6436002)(9686003)(6306002)(54896002)(74316002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB6227; H:AM0PR07MB5187.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EKFBC6RVxvh1m4CWhhlG2HkR5/c1WiiCLFM78Zjgjj/1Hsfa5H/iQyygemMGs1RRMNGpUFbl4wcF67O73+PAOdByZMmPEgeG0O85X3VAFx89JAphcW2HTX1iLQW4K5zWl5MjyNP/2z/5AyFl7IFBOta2l6QnKiB8DvHv8KOi4C9n49s/in3W976Okgbp9nzAfGy8R3lTXvtp2u64xhirSTfsUEGKWAloSW18G+oZAOgMmatrYqPMUuzM0XVe9SnSIp/jgL47dBygLXnM6F1GRocqwXvhVVQeiL+uZByE59ihbPLeRT8ZE8QFjRDv77bY+8TvlLYsP/B5fR7N6kg1GHAZKtboT4ibjcx5p59l1QDx4iT6pk2vXnvFOjzcSWlo9WOimdMBlJVy5qgL54x5E5LEHsscsAHy3MF9oi7BlJk= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM0PR07MB51879334FAD36D55675307E3839E0AM0PR07MB5187eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6cd0c1a7-03c2-47c7-3a20-08d748c1ee97 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2019 11:56:46.3751 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YyE658ZOp3eguU6xHzDausz8zThMJHAuA88yGRNxXARBeA/pEEnNd73ik0tcbVpgQQlcRwwFsnf5zBFnPMxzQl0ZyP+RPWCr4fFqrIfXNB4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6227 Archived-At: Subject: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 11:57:01 -0000 --_000_AM0PR07MB51879334FAD36D55675307E3839E0AM0PR07MB5187eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Kent, Can you confirm that in the ietf-tls-client and ietf-tls-server models the = direct use of truststore references in server-authentication and client-aut= hentication containers will change to using local-or-truststore-certs-group= ing? Similarly in ssh models, will they change to local-or-truststore-host-keys-= grouping? Br, Balazs --_000_AM0PR07MB51879334FAD36D55675307E3839E0AM0PR07MB5187eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi Kent,

 

Can you confirm that in the ietf-tls-client and ietf= -tls-server models the direct use of truststore references in server-authen= tication and client-authentication containers will change to using local-or= -truststore-certs-grouping?

 

Similarly in ssh models, will they change to local-o= r-truststore-host-keys-grouping?

 

Br,

Balazs

--_000_AM0PR07MB51879334FAD36D55675307E3839E0AM0PR07MB5187eurp_-- From nobody Fri Oct 4 05:10:18 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305BA120864 for ; Fri, 4 Oct 2019 05:10:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.246 X-Spam-Level: X-Spam-Status: No, score=0.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zo5rKeEnJ7BC for ; Fri, 4 Oct 2019 05:10:14 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30112.outbound.protection.outlook.com [40.107.3.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85DD112084F for ; Fri, 4 Oct 2019 05:10:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GvXly9rNLayfdLpetPp8/Y1js9wEXmNL+m6+Q63AIu5UvrfC5zdFXJbGKiBz7EjHwpUz/lKENnf3nPb8vfMqDk072jij6xsdR26999PZbw+p12sfREx2s7hKfw7RH6SWIkFiiVzA0uSCvJIqD9Ab1y0Jhpj8ODKcTKpJetJjn7GsWd1BGIa2XB6eAoHcyKaaghG3paeajlMhIycMgeMaczIt81dh83qy2p8YV6tvVxehChSsEVi5E7VaMYW05yzgmv0RcZRzlQ5jJjBZN5AEq4UcSOXzi4NvYECncoAKNsvLlQSPhlncWId7s9iDgbBoY42X1KANbc4dyTlnz6cRaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=GTx1gEaN+LYDUy/ll24PPIHiK5J4Z0ZFk8Me2XEnQ5gEI8LIFIo44CcK/3UQqexoQDkJy3/z0BKp0dIMdIqU6rBMGQ3ZgQlPRQmCEKFhW8Xx4aOa/SnMyN9D/EFwaJGoC0e9/NQnJkfp0vd0ycIutaFeR2P4NRpr1bRALBo4WaCuQ2z6qesqjVI5nKLjdQ5JcUxZCS6CJg/LEu0UossX+IEmGQ1axkAlKuW+fiXSbr1BRFLSi5qGCPreZINs0FeabVpnqrtSh2LO1VoY2E+IjB+0oapHkfXGPS5fdde5Q0Wp4h29Q/7QSEAOo92uAJse7rw77fb76dYV7+LKasP5XQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6ZdlcxJJpPkh9eeB1th/hkpEgeYvru4sBU9bwoaH4k=; b=o1eBwR0bw0DNCoFoW5bna7Cs9o5Wba7sriWf7ViZXcwOxELwxQWj/s+SIi1KLhroDuNDZpg/FxDpLGPxY5v7vAGUNlcQHqhHdQg4y39Jfv65NUkk1UwUqP5AXaBj6dCUEkAJlfaGgTB9tbQ3EXoeBgLv7SajzxAJBbpGTP1dFtE= Received: from AM6PR07MB5944.eurprd07.prod.outlook.com (20.178.91.205) by AM6PR07MB5141.eurprd07.prod.outlook.com (20.177.191.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.21; Fri, 4 Oct 2019 12:10:10 +0000 Received: from AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142]) by AM6PR07MB5944.eurprd07.prod.outlook.com ([fe80::c01e:2ff4:7649:142%7]) with mapi id 15.20.2327.004; Fri, 4 Oct 2019 12:10:10 +0000 From: tom petch To: Kent Watsen CC: "netconf@ietf.org" Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVeEcpxg99sP1vx0ePyapv0CmMzw== Date: Fri, 4 Oct 2019 12:10:10 +0000 Message-ID: <01d701d57aac$6160e000$4001a8c0@gateway.2wire.net> References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: LO2P265CA0243.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::15) To AM6PR07MB5944.eurprd07.prod.outlook.com (2603:10a6:20b:90::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Microsoft Outlook Express 6.00.2800.1106 x-originating-ip: [86.139.211.103] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a x-ms-traffictypediagnostic: AM6PR07MB5141: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 018093A9B5 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(396003)(346002)(376002)(13464003)(199004)(189003)(44736005)(66946007)(66476007)(66556008)(5660300002)(66446008)(6436002)(64756008)(14496001)(99286004)(14444005)(229853002)(81686011)(486006)(76176011)(81816011)(2906002)(1556002)(14454004)(66066001)(86362001)(8936002)(52116002)(53546011)(6506007)(386003)(44716002)(4326008)(62236002)(476003)(50226002)(8676002)(446003)(25786009)(6486002)(4720700003)(9686003)(186003)(26005)(66574012)(3846002)(6116002)(256004)(81156014)(102836004)(61296003)(6246003)(81166006)(478600001)(6512007)(71190400001)(71200400001)(316002)(305945005)(7736002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM6PR07MB5141; H:AM6PR07MB5944.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1; received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: CuBPpb43jo0qgCBi2+Q7vCMwpcW6cENTrDVVUB73DQb10Abk8fSfQGhZP1RLVvfyyoTvY+LhnEpFZsicdCo4dnhTy5A7GSXrqaKJ/s4WsdBdPtJekKHNqTaecxAVTp7pWNEr9jYugk/0fcfzpLML9QYkBOR9FTcpTfL7XMNmwaMmcug4lx6vVP4dO38E/dECsIJZu1xtvubyFat4Ng5UJLFYN6R0fBJRP7NDarEi+dStZ6AcJnaQTBzBQkF5s8ksIIA/bv3IyN+wiTqZVg5uiYA11jLEe57J9+mQ5nJngW1BFPikNBIACOYmxd9wur49yhSN8jZ49uyvam4LyNk6HiDy5vJUz5l0liEwjLLUlCf6kDxJld8CzjBTFCVtWTaRhBENLPhuLXBZXpTW+0JMamciZhh+QB8E/qQfZRskhTE= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: btconnect.com X-MS-Exchange-CrossTenant-Network-Message-Id: 16b8dc29-174e-460b-0d7d-08d748c3cd7a X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2019 12:10:10.2473 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N/FeM6M/kkRENh/BsC0zf9V4cNYAcqWY99bFirKaHHITjRWBMKuimRkwCkSNpgrWbr5Yakv79p7kIT3NGTkCMg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5141 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 12:10:16 -0000 PGlubGluZSB0cD4NCg0KLS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLQ0KRnJvbTogIktlbnQg V2F0c2VuIiA8a2VudCtpZXRmQHdhdHNlbi5uZXQ+DQpTZW50OiBUdWVzZGF5LCBPY3RvYmVyIDAx LCAyMDE5IDU6NDMgUE0NCg0KVGhhbmtzIGZvciBwb2ludGluZyB0aGF0IG91dCwgVG9tLiAgSSB3 YXMgZ29pbmcgdG8gc2F5IHNvbWV0aGluZyBhbG9uZw0KdGhlc2UgbGluZXMgaW4gYSByZXNwb25z ZSB0byBKdWVyZ2VuLiAgICBUaGUgbmV0IGlzIHRoYXQgcGFydGl0aW9uaW5nDQppZGVudGl0aWVz IGFsb25nIHByb3RvY29sIGJvdW5kYXJpZXMgaXMgbWlzZGlyZWN0ZWQuICBXZSBuZWVkIHRvIGZv Y3VzDQpvbiB0aGUgYWxnb3JpdGhtcywgbm90IHRoZSBjaXBoZXIgc3VpdGVzLg0KDQpHb2luZyBi YWNrIHRvIHRoZSBwcmltYXJ5IGdvYWwsIHdlIGNhcmUgYWJvdXQgaXMgaG93IHRvIHVzZSB0aGUN CiJhbGdvcml0aG0iIGZpZWxkIHRvIGlkZW50aWZ5IHRoZSBmb3JtYXQgb2YgdGhlIHB1YmxpYyBh bmQgcHJpdmF0ZSBrZXkNCmZpZWxkcy4gIFRvIHRoaXMgZW5kLCB0aGUgZmllbGQgY291bGQgYmUg Y2FsbGVkIGEgImtleS1mb3JtYXQiIGluc3RlYWQuDQpUaGVyZSBpcyBhIHNlY29uZGFyeSBnb2Fs IHRvIHBhc3MgYW4gImFsZ29yaXRobSIgcGFyYW1ldGVyIGludG8gdGhlDQonZ2VuZXJhdGUtc3lt bWV0cmljLWtleScgYW5kICdnZW5lcmF0ZS1hc3ltbWV0cmljLWtleScgYWN0aW9ucywgYnV0DQpt YXliZSB0aGUgcHJvYmxlbXMgY2FuIGJlIHNlcGFyYXRlZD8NCg0KSW4gT3BlblNTTCwgdGhlIGNv bW1hbmRzIGFyZToNCg0KMSkgYG9wZW5zc2wgZ2VucnNhIC1vdXQgcnNhX3ByaXZhdGVfa2V5LnBl bSAyMDQ4YCBjcmVhdGVzIGFuDQpSU0FQcml2YXRlS2V5IChmcm9tIFJGQzM0NDcpDQoyKSBgb3Bl bnNzbCByc2EgLWluIHJzYV9wcml2YXRlX2tleS5wZW0gLXB1Ym91dCAtb3V0IHJzYV9wdWJsaWNf a2V5LnBlbWANCmNyZWF0ZXMgYSBTdWJqZWN0UHVibGljS2V5SW5mbyAoZnJvbSBSRkM1MjgwKQ0K MykgYG9wZW5zc2wgZWNwYXJhbSAtZ2Vua2V5IC1uYW1lIHByaW1lMjU2djEgLW91dCBlY19wcml2 YXRlX2tleS5wZW1gDQpjcmVhdGVzIGFuIEVDUHJpdmF0ZUtleSAoZnJvbSBSRkM1OTE1KQ0KNCkg YG9wZW5zc2wgZWMgLWluIGVjX3ByaXZhdGVfa2V5LnBlbSAtcHVib3V0IC1vdXQgZWNfcHVibGlj X2tleS5wZW1gDQpjcmVhdGVzIGEgU3ViamVjdFB1YmxpY0tleUluZm8gKGZyb20gUkZDNTI4MCkN Cg0KT3BlblNTSCwgdGhlIGNvbW1hbmRzIGFyZToNCg0KMSkgYHNzaC1rZXlnZW4gLXQgcnNhIC1i IDQwOTYgLUMgInlvdXJfZW1haWxAZXhhbXBsZS5jb20iYCBjcmVhdGVzIGFuDQpSU0FQcml2YXRl S2V5IChmcm9tIFJGQzM0NDcpIGFuZCBhIHByb3ByaWV0YXJ5IHB1YmxpYyBrZXkgZmlsZSBmb3Jt YXQuDQoyKSBgc3NoLWtleWdlbiAtdCBlZDI1NTE5IC1iIDQwOTYgLUMgInlvdXJfZW1haWxAZXhh bXBsZS5jb20iYCBjcmVhdGVzDQphbiBFQ1ByaXZhdGVLZXkgKGZyb20gUkZDNTkxNSkgYW5kIGEg cHJvcHJpZXRhcnkgcHVibGljIGtleSBmaWxlIGZvcm1hdC4NCjMpIGBzc2gta2V5Z2VuIC1lIFst bSBSRkM0NzE2XSAtZiA8cHJpdmF0ZS1rZXktZmlsZT5gIGV4cG9ydHMgdGhlIHB1YmxpYw0Ka2V5 IGZvcm1hdCBkZXNjcmliZWQgYnkgUkZDIDQ3MTYuDQoNCkRpc2NsYWltZXI6ICgyKSBpcyBqdXN0 IGEgZ3Vlc3MsIGJhc2VkIG9uICgxKSwgd2hpY2ggSSBoYXZlbid0IHRlc3RlZA0KbXlzZWxmIHll dC4NCg0KDQpJbiBvcmRlciB0byBqdXN0IGlkZW50aWZ5IHRoZSBmb3JtYXQsIHBlcmhhcHMgd2Ug dXNlIHNvbWV0aGluZyBsaWtlIHRoZQ0KZm9sbG93aW5nLCB3aGljaCBjb3VsZCBiZSBpbiBpZXRm LWNyeXB0by10eXBlczogIChOb3RlIEkgYWRkZWQNCk9uZVN5bW1ldHJpY0tleSBhbmQgT25lQXN5 bW1ldHJpY0tleSBmb3JtYXRzIGFzIHdlbGwuICBUaGF0IGlzLCB3aXRoDQp0aGlzIGFwcHJvYWNo LCBpdCdzIG5vdCBhbiAiZWl0aGVyLW9yIiB0cmFkZW9mZiwgYm90aCBjYW4gYmUgZGVmaW5lZC4p DQoNCg0KICAgIC8qKiogYWxsIGtleSBmb3JtYXQgdHlwZXMgKioqKi8NCg0KICAgIGlkZW50aXR5 IGtleS1mb3JtYXQtYmFzZSB7fQ0KICAgIGlkZW50aXR5IHB1YmxpYy1rZXktZm9ybWF0IHsgYmFz ZSAia2V5LWZvcm1hdC1iYXNlIiB9DQogICAgaWRlbnRpdHkgcHJpdmF0ZS1rZXktZm9ybWF0IHsg YmFzZSAia2V5LWZvcm1hdC1iYXNlIiB9DQogICAgaWRlbnRpdHkgc3ltbWV0cmljLWtleS1mb3Jt YXQgeyBiYXNlICJrZXktZm9ybWF0LWJhc2UiIH0NCg0KDQogICAgLyoqKiogZm9yIHByaXZhdGUg a2V5cyAqKioqLw0KDQogICAgaWRlbnRpdHkgcnNhLXByaXZhdGUta2V5LWZvcm1hdCB7IC8vIHVz ZWQgYnkgU1NIIGFuZCBUTFMNCiAgICAgICAgYmFzZSAicHJpdmF0ZS1rZXktZm9ybWF0IjsNCiAg ICAgICAgZGVzY3JpcHRpb24gIkFuIFJTQVByaXZhdGVLZXkgKGZyb20gUkZDIDM0NDcpLiI7DQog ICAgfQ0KDQogICAgaWRlbnRpdHkgZWMtcHJpdmF0ZS1rZXktZm9ybWF0IHsgLy8gdXNlZCBieSBT U0ggYW5kIFRMUw0KICAgICAgICBiYXNlICJwcml2YXRlLWtleS1mb3JtYXQiOw0KICAgICAgICBk ZXNjcmlwdGlvbiAiQW4gRUNQcml2YXRlS2V5IChmcm9tIFJGQyA1OTE1KSI7DQogICAgfQ0KDQog ICAgaWRlbnRpdHkgb25lLWFzeW1tZXRyaWMta2V5LWZvcm1hdCB7DQogICAgICAgIGJhc2UgInBy aXZhdGUta2V5LWZvcm1hdCI7DQogICAgICAgIGRlc2NyaXB0aW9uICJBIE9uZUFzeW1tZXRyaWNL ZXkgKGZyb20gUkZDIDU5NTgpLiI7DQogICAgfQ0KDQogICAgaWRlbnRpdHkgZW5jcnlwdGVkLXBy aXZhdGUta2V5LWZvcm1hdCB7DQogICAgICAgIGJhc2UgInByaXZhdGUta2V5LWZvcm1hdCI7DQog ICAgICAgIGRlc2NyaXB0aW9uICJBIENNUyBFbmNyeXB0ZWREYXRhIHN0cnVjdHVyZSAoUkZDIDU2 NTIpIGNvbnRhaW5pbmcNCmEgT25lQXN5bW1ldHJpY0tleSAoUkZDIDU5NTgpLiI7DQogICAgIH0N Cg0KDQogICAgLyoqKiogZm9yIHB1YmxpYyBrZXlzICoqKiovDQoNCiAgICBpZGVudGl0eSBzc2gt cHVibGljLWtleS1mb3JtYXQgew0KICAgICAgICBiYXNlICJwdWJsaWMta2V5LWZvcm1hdCI7DQog ICAgICAgIGRlc2NyaXB0aW9uICJUaGUgcHVibGljIGtleSBmb3JtYXQgZGVzY3JpYmVkIGJ5IFJG QyA0NzE2LiI7DQogICAgfQ0KDQogICAgaWRlbnRpdHkgc3ViamVjdC1wdWJsaWMta2V5LWluZm8t Zm9ybWF0IHsNCiAgICAgICAgYmFzZSAicHVibGljLWtleS1mb3JtYXQiOw0KICAgICAgICBkZXNj cmlwdGlvbiAiQSBTdWJqZWN0UHVibGljS2V5SW5mbyAoZnJvbSBSRkMgNTI4MCkuIjsNCiAgICB9 DQoNCg0KICAgIC8qKioqIGZvciBzeW1tZXRyaWMga2V5cyAqKioqLw0KDQogICAgaWRlbnRpdHkg c3ltbWV0cmljLWtleS1mb3JtYXQgew0KICAgICAgICBiYXNlICJzeW1tZXRyaWMta2V5LWZvcm1h dCI7DQogICAgICAgICAgICAgICAgZGVzY3JpcHRpb24gIkFuIE9jdGV0U3RyaW5nIGZyb20gQVNO LjEuIjsNCiAgICAgICAgICAgIC8vIEtub3dpbmcgdGhhdCBpdCBpcyBhbiAiT2N0ZXRTdHJpbmci IGlzbid0IHJlYWxseSBoZWxwZnVsLg0KICAgICAgICAgICAgLy8gS25vd2luZyB0aGUgbGVuZ3Ro IG9mIHRoZSBvY3RldCBzdHJpbmcgd291bGQgaGVscCBhDQpsaXR0bGUsIGFzIGl0IHJlbGF0ZXMg dG8gdGhlIGFsZ29yaXRobSdzIGJsb2NrIHNpemUNCiAgICAgICAgICAgIC8vIFdlIG1heSB3YW50 IHRvIG9ubHkgKGZvciBub3cpIHVzZQ0KIm9uZS1zeW1tZXRyaWMta2V5LWZvcm1hdCIgZm9yIHN5 bW1ldHJpYyBrZXlzLg0KICAgICAgICAgICAgLy8gICAgIF4tLS0tIHRoZSB1c2FiaWxpdHkgaXNz dWVzIEp1ZXJnZW4gbWVudGlvbmVkIGJlZm9yZQ0Kb25seSBhcHBsaWVzIHRvIGFzeW1tZXRyaWMg a2V5cz8NCiAgICB9DQoNCiAgICBpZGVudGl0eSBvbmUtc3ltbWV0cmljLWtleS1mb3JtYXQgew0K ICAgICAgICBiYXNlICJzeW1tZXRyaWMta2V5LWZvcm1hdCI7DQogICAgICAgIGRlc2NyaXB0aW9u ICJBIE9uZVN5bW1ldHJpY0tleSAoZnJvbSBSRkM2MDMxKS4iOw0KICAgIH0NCg0KICAgIGlkZW50 aXR5IGVuY3J5cHRlZC1zeW1tZXRyaWMta2V5LWZvcm1hdCB7DQogICAgICAgIGJhc2UgInN5bW1l dHJpYy1rZXktZm9ybWF0IjsNCiAgICAgICAgZGVzY3JpcHRpb24gIkEgQ01TIEVuY3J5cHRlZERh dGEgc3RydWN0dXJlIChSRkMgNTY1MikgY29udGFpbmluZw0KYW4gT25lU3ltbWV0cmljS2V5IChS RkMgNjAzMSkuIjsNCiAgICB9DQoNCg0KdGhlbiwgdGhlIHB1YmxpYy1rZXkgZ3JvdXBpbmcgbWln aHQgbG9vayBsaWtlOg0KDQogIGdyb3VwaW5nIHB1YmxpYy1rZXktZ3JvdXBpbmcgew0KICAgIGRl c2NyaXB0aW9uDQogICAgICAiQSBwdWJsaWMga2V5IGFuZCBpdHMgYXNzb2NpYXRlZCBhbGdvcml0 aG0uIjsNCiAgICBsZWFmIGtleS1mb3JtYXQgew0KICAgICAgbmFjbTpkZWZhdWx0LWRlbnktd3Jp dGU7DQogICAgICB0eXBlIHB1YmxpYy1rZXktZm9ybWF0Ow0KICAgICAgbWFuZGF0b3J5IHRydWU7 DQogICAgICBkZXNjcmlwdGlvbiAiSWRlbnRpZmllcyB0aGUgZm9ybWF0IGtleSdzIGJpbmFyeSBk YXRhIHZhbHVlLiI7DQogICAgfQ0KICAgIGxlYWYgcHVibGljLWtleSB7DQogICAgICBuYWNtOmRl ZmF1bHQtZGVueS13cml0ZTsNCiAgICAgIHR5cGUgYmluYXJ5Ow0KICAgICAgbWFuZGF0b3J5IHRy dWU7DQogICAgICBkZXNjcmlwdGlvbg0KICAgICAgICAiVGhlIGJpbmFyeSB2YWx1ZSBvZiB0aGUg cHVibGljIGtleS4gIFRoZSBpbnRlcnByZXRhdGlvbg0KICAgICAgICAgb2YgdGhlIHZhbHVlIGlz IGRlZmluZWQgYnkgdGhlICdrZXktZm9ybWF0JyBmaWVsZC4iOw0KICAgIH0NCiAgfQ0KDQphbmQg dGhlIGtleS1wYWlyIGdyb3VwaW5nIG1pZ2h0IGxvb2sgbGlrZToNCg0KICBncm91cGluZyBhc3lt bWV0cmljLWtleS1wYWlyLWdyb3VwaW5nIHsNCiAgICBkZXNjcmlwdGlvbg0KICAgICAgIkEgcHJp dmF0ZSBrZXkgYW5kIGl0cyBhc3NvY2lhdGVkIHB1YmxpYyBrZXkuIjsNCiAgICB1c2VzIHB1Ymxp Yy1rZXktZ3JvdXBpbmc7DQogICAgY2hvaWNlIHByaXZhdGUta2V5LXR5cGUgew0KICAgICAgbWFu ZGF0b3J5IHRydWU7DQogICAgICBkZXNjcmlwdGlvbg0KICAgICAgICAiQ2hvaWNlIGJldHdlZW4g a2V5IHR5cGVzLiI7DQogICAgICBsZWFmIHByaXZhdGUta2V5IHsNCiAgICAgICAgbmFjbTpkZWZh dWx0LWRlbnktYWxsOw0KICAgICAgICB0eXBlIGJpbmFyeTsNCiAgICAgICAgZGVzY3JpcHRpb24N CiAgICAgICAgICAiVGhlIGJpbmFyeSB2YWx1ZSBvZiB0aGUgcHJpdmF0ZSBrZXkuICBUaGUgaW50 ZXJwcmV0YXRpb24NCiAgICAgICAgICAgb2YgdGhlIHZhbHVlIGlzIGRlZmluZWQgYnkgdGhlICdr ZXktZm9ybWF0JyBmaWVsZC4iOw0KICAgICAgfQ0KICAgICAgbGVhZiBoaWRkZW4tcHJpdmF0ZS1r ZXkgew0KICAgICAgICBuYWNtOmRlZmF1bHQtZGVueS13cml0ZTsNCiAgICAgICAgdHlwZSBlbXB0 eTsNCiAgICAgICAgZGVzY3JpcHRpb24NCiAgICAgICAgICAiQSBwZXJtYW5lbnRseSBoaWRkZW4g a2V5LiAgSG93IHN1Y2gga2V5cyBhcmUgY3JlYXRlZA0KICAgICAgICAgICBpcyBvdXRzaWRlIHRo ZSBzY29wZSBvZiB0aGlzIG1vZHVsZS4iOw0KICAgICAgfQ0KICAgIH0NCiAgfQ0KDQphbmQgdGhl IHN5bW1ldHJpYyBncm91cGluZyBtaWdodCBsb29rIGxpa2U6DQoNCiAgZ3JvdXBpbmcgc3ltbWV0 cmljLWtleS1ncm91cGluZyB7DQogICAgZGVzY3JpcHRpb24NCiAgICAgICJBIHN5bW1ldHJpYyBr ZXkgYW5kIGFsZ29yaXRobS4iOw0KICAgIGxlYWYga2V5LWZvcm1hdCB7DQogICAgICBuYWNtOmRl ZmF1bHQtZGVueS13cml0ZTsNCiAgICAgIHR5cGUgcHVibGljLWtleS1mb3JtYXQ7DQogICAgICBt YW5kYXRvcnkgdHJ1ZTsNCiAgICAgIGRlc2NyaXB0aW9uICJJZGVudGlmaWVzIHRoZSBzeW1tZXRy aWMga2V5J3MgZm9ybWF0LiI7DQogICAgfQ0KICAgIGNob2ljZSBrZXktdHlwZSB7DQogICAgICBt YW5kYXRvcnkgdHJ1ZTsNCiAgICAgIGRlc2NyaXB0aW9uDQogICAgICAgICJDaG9pY2UgYmV0d2Vl biBrZXkgdHlwZXMuIjsNCiAgICAgIGxlYWYga2V5IHsNCiAgICAgICAgbmFjbTpkZWZhdWx0LWRl bnktYWxsOw0KICAgICAgICB0eXBlIGJpbmFyeTsNCiAgICAgICAgZGVzY3JpcHRpb24NCiAgICAg ICAgICAiVGhlIGJpbmFyeSB2YWx1ZSBvZiB0aGUga2V5LiAgVGhlIGludGVycHJldGF0aW9uDQog ICAgICAgICAgIG9mIHRoZSB2YWx1ZSBpcyBkZWZpbmVkIGJ5IHRoZSAna2V5LWZvcm1hdCcgZmll bGQuIjsNCiAgICAgIH0NCiAgICAgIGxlYWYgaGlkZGVuLWtleSB7DQogICAgICAgIG5hY206ZGVm YXVsdC1kZW55LXdyaXRlOw0KICAgICAgICB0eXBlIGVtcHR5Ow0KICAgICAgICBkZXNjcmlwdGlv bg0KICAgICAgICAgICJBIHBlcm1hbmVudGx5IGhpZGRlbiBrZXkuICBIb3cgc3VjaCBrZXlzIGFy ZSBjcmVhdGVkDQogICAgICAgICAgIGlzIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMgbW9kdWxl LiI7DQogICAgICB9DQogICAgfQ0KICB9DQoNCg0KDQpUbyBwdXQgYW4gZW5kIHRvIHRoaXMgZW1h aWwsIHJlY2FsbCBhYm92ZSBpdCB3YXMgc2FpZCB0aGF0IHRoZSBzZWNvbmRhcnkNCmdvYWwgaXMg dG8gcGFzcyBhbiAiYWxnb3JpdGhtIiBwYXJhbWV0ZXIgaW50byB0aGUNCidnZW5lcmF0ZS1zeW1t ZXRyaWMta2V5JyBhbmQgJ2dlbmVyYXRlLWFzeW1tZXRyaWMta2V5JyBhY3Rpb25zICh3aGF0DQpr aW5kIG9mIGtleSB0byBnZW5lcmF0ZSwgcmlnaHQ/KS4gICBNb3N0IG9mIHRoZSBhYm92ZSByZWdh cmRzIHRoZSBrZXkNCmZvcm1hdHMgKG5vdCBhbGdvcml0aG1zLCB0aG91Z2ggdGhlIE9uZVN5bW1l dHJpY0tleSBhbmQgT25lQXN5bW1ldHJpY0tleQ0Kc3RydWN0cyBkbyBzZWxmLWlkZW50aWZ5IHRo ZWlyIGFsZ29yaXRobXMpLiAgIEkgZG9uJ3QgaGF2ZSBhbiBhbnN3ZXIgZm9yDQp0aGlzIHlldCwg YnV0IG1heWJlIHdlIGNhbiBtaW1pYyBzb21lIGFzcGVjdCBvZiB0aGUgYWJvdmUgZm9yIGl0Pw0K DQpDb21tZW50cz8NCg0KPHRwPg0KDQpLZW50DQoNCkkgYW0gc3RpbGwgdW5jbGVhciBhYm91dCB0 aGUgYmlnIHBpY3R1cmUuICBBcmUgeW91IHNheWluZyB0aGF0IHRoZSBvdGhlcg0KbGlzdHMgb2Yg YWxnb3JpdGhtcyAtIE1BQywgaGFzaCwgc2lnbmF0dXJlIGV0YyAtIHdvdWxkIG5vIGxvbmdlciBi ZSBpbg0KdGhpcyBJLUQ/ICBPciBpZiB0aGV5IGFyZSBzdGlsbCB0aGVyZSwgaG93IGFyZSB0aGV5 IGdvaW5nIHRvIGJlIHVzZWQNCg0KSSBzZWUgdGhlIHJvbGUgb2Ygd2hhdCB5b3UgbGlzdCBhYm92 ZSBpbiB0aGUgY2xpZW50LXNlcnZlciBtb2R1bGVzIGJ1dA0Kbm90IGEgdXNhZ2UgZm9yIHRoZSBv dGhlciBsaXN0cy4NCg0KVG9tIFBldGNoDQoNCktlbnQgLy8gY29udHJpYnV0b3INCg0KDQoNCj4g T24gT2N0IDEsIDIwMTksIGF0IDY6NTggQU0sIHRvbSBwZXRjaCA8aWV0ZmNAYnRjb25uZWN0LmNv bT4gd3JvdGU6DQo+DQo+IDxpbmxpbmUgdHA+DQo+DQo+IC0tLS0tIE9yaWdpbmFsIE1lc3NhZ2Ug LS0tLS0NCj4gRnJvbTogIktlbnQgV2F0c2VuIiA8a2VudCtpZXRmQHdhdHNlbi5uZXQ+DQo+IFRv OiAiSnVlcmdlbiBTY2hvZW53YWVsZGVyIiA8Si5TY2hvZW53YWVsZGVyQGphY29icy11bml2ZXJz aXR5LmRlPg0KPiBDYzogPG5ldGNvbmZAaWV0Zi5vcmc+OyA8d2FuZy5oYWlndWFuZy5zaGllbGRs YWJAaHVhd2VpLmNvbT47DQo+IDxyaWZhYXQuaWV0ZkBnbWFpbC5jb20+DQo+IFNlbnQ6IFR1ZXNk YXksIE9jdG9iZXIgMDEsIDIwMTkgMTozOCBBTQ0KPg0KPj4gT24gU2VwIDI3LCAyMDE5LCBhdCAx OjQ2IFBNLCBTY2jDtm53w6RsZGVyLCBKw7xyZ2VuDQo+IDxKLlNjaG9lbndhZWxkZXJAamFjb2Jz LXVuaXZlcnNpdHkuZGU+IHdyb3RlOg0KPj4NCj4+IE9uIEZyaSwgU2VwIDI3LCAyMDE5IGF0IDAz OjUzOjUxUE0gKzAwMDAsIFJvYiBXaWx0b24gKHJ3aWx0b24pIHdyb3RlOg0KPj4+IEkgYmFzaWNh bGx5IGFncmVlIHdpdGggd2hhdCBNYXJ0aW4gaXMgc2F5aW5nLg0KPj4NCj4+IFNvIGRvIEkuDQo+ DQo+IEhtbW0uLi4NCj4NCj4+PiBFaXRoZXIgb25lIFlBTkcgbW9kdWxlIGNvbnRhaW5pbmcgYWxs IG9mIHRoZSBjcnlwdG8gaWRlbnRpdGllcywgb3IgYQ0KPiBmZXcgWUFORyBtb2R1bGVzIGFzIHBy ZXZpb3VzbHkgc3VnZ2VzdGVkLg0KPj4NCj4+IEl0IG1heSBtYWtlIHNlbnNlIHRvIHNwbGl0IGJ5 IHNlY3VyaXR5IHByb3RvY29sLg0KPg0KPiBUaGF0IHdvdWxkIGdvIHNvbWUgdG93YXJkcyBhZGRy ZXNzaW5nIFJpY2gncyBjb25jZXJuLiAgUHJlc3VtYWJseSB3ZQ0KPiB3b3VsZCBoYXZlIG9uZSBt b2R1bGUgZWFjaCBmb3IgU1NIICBhbmQgVExTIGFsZ29yaXRobXMuICBUaGF0IHNhaWQsIHRvDQo+ IFJpY2gncyBjb25jZXJuLCB0aGVyZSBpcyBhIGNvbnN0YW50IGNodXJuIHdpdGggdGhlbS4gIFRo aXMgY2h1cm4NCj4gY29uY2VybnMgdHdvIGFjdGl2aXRpZXM6ICB0aGUgcmVtb3ZhbCBhbmQgYWRk aXRpb24gb2YgYWxnb3JpdGhtcy4NCkJvdGgNCj4gb2NjdXIgYXQgcHJvdG9jb2wtdmVyc2lvbiBi b3VuZGFyaWVzIGFuZCwgcGVyaGFwcywgb3RoZXIgdGltZXMgYXMNCndlbGwuDQo+IFRoaXMgc3Vn Z2VzdHMgdG8gbWUgdGhhdCB3ZSBjb3VsZCBmdXJ0aGVyIHJlZmluZSB0aGUgaWRlbnRpdGllcyBi eQ0KPiBwcm90b2NvbCB2ZXJzaW9uLCBzb21ldGhpbmcgbGlrZSB0aGlzOg0KPg0KPiBJbiBpZXRm LWNyeXB0by10eXBlczoNCj4NCj4gICAgaWRlbnRpdHkgYmFzZS1hbGcge30NCj4gICAgaWRlbnRp dHkgdGxzLWFsZyB7IGJhc2UgImJhc2UtYWxnIiB9DQo+ICAgIGlkZW50aXR5IHNzaC1hbGcgeyBi YXNlICJiYXNlLWFsZyIgfQ0KPg0KPiBJbiBpZXRmLXRscy0xLjEtdHlwZXM6DQo+DQo+ICAgIGlk ZW50aXR5IHRscy0xLjEtYWxnIHsgYmFzZSAiY3Q6dGxzLWFsZyIgfQ0KPiAgICA8YSBidW5jaCBv ZiB0bHMtMS4xIGlkZW50aXRpZXMgaGVyZT4NCj4NCj4gSW4gaWV0Zi10bHMtMS4yLXR5cGVzOg0K Pg0KPiAgICBpZGVudGl0eSB0bHMtMS4yLWFsZyB7IGJhc2UgImN0OnRscy1hbGciIH0NCj4gICAg PGEgYnVuY2ggb2YgdGxzLTEuMiBpZGVudGl0aWVzIGhlcmU+DQo+DQo+IGV0Yy4NCj4NCj4gPHRw Pg0KPg0KPiBLZW50DQo+DQoNCg== From nobody Fri Oct 4 06:37:38 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FEBB12087B for ; Fri, 4 Oct 2019 06:37:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qCkbhb0oge98 for ; Fri, 4 Oct 2019 06:37:36 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A3EB120046 for ; Fri, 4 Oct 2019 06:37:36 -0700 (PDT) Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x94Db47I005848 for ; Fri, 4 Oct 2019 14:37:29 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=cNmhAxgYQGaXp3vdTceoGuFHMwV+FspbivHIYRJN+Bw=; b=bwZk/sINIQBzfOO9R5FqgQVq/HXg7r0tRWEPnuPrkonAaB/oM4q7JRO+wQn9FT5M8dyG cnLLpD+3+fW0aobf+MuG2NjDQ9TKAWC9l38nYRGLJPEAS/JziB+CSrqji/WuM7kz0tzC +bDZKsLzIoco2rrMqzyUmVwPpaQog7UGX6hQ6xv66om8P7w+y8t0u7uX6QqvCJ8g/XcW 4RjuiN5yq6/seIq6v2VSjXDQMNcBY/jYQ1Bcj0/8kUbrg0irsEvG3V1zJVqivKTvjvxZ f6q/g63BELvi12IyWDsx6HMZo2kwVDyGz/g/mGoktUEVm58TObdcGGEgDa8qxvkHP5zm iA== Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2v9vcuutgn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 04 Oct 2019 14:37:29 +0100 Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x94DVt0w005620 for ; Fri, 4 Oct 2019 06:37:27 -0700 Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint5.akamai.com with ESMTP id 2va5g9abmr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 04 Oct 2019 06:37:27 -0700 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 4 Oct 2019 09:37:27 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Fri, 4 Oct 2019 09:37:27 -0400 From: "Salz, Rich" To: "netconf@ietf.org" Thread-Topic: crypto-types: why symmetric keys? Thread-Index: AQHVerjc4I0mNpxxdEmkYSi/07A3og== Date: Fri, 4 Oct 2019 13:37:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191003 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.36.233] Content-Type: multipart/alternative; boundary="_000_B840CB4A3DF94C1B825DF24A72EFC90Fakamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-04_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=754 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910040126 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-04_06:2019-10-03,2019-10-04 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 suspectscore=0 bulkscore=0 mlxlogscore=730 mlxscore=0 clxscore=1015 spamscore=0 impostorscore=0 adultscore=0 malwarescore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910040127 Archived-At: Subject: [netconf] crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 13:37:37 -0000 --_000_B840CB4A3DF94C1B825DF24A72EFC90Fakamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 V2hhdOKAmXMgdGhlIHVzZS1jYXNlIGZvciBuZWVkaW5nIHRvIGNvbmZpZ3VyZSBzeW1tZXRyaWMg a2V5cz8NCg== --_000_B840CB4A3DF94C1B825DF24A72EFC90Fakamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij5XaGF04oCZcyB0aGUgdXNlLWNhc2UgZm9yIG5lZWRpbmcgdG8gY29uZmlndXJl IHN5bW1ldHJpYyBrZXlzPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0K PC9odG1sPg0K --_000_B840CB4A3DF94C1B825DF24A72EFC90Fakamaicom_-- From nobody Fri Oct 4 09:43:18 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35A32120086 for ; Fri, 4 Oct 2019 09:43:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQCkPj8IICbF for ; Fri, 4 Oct 2019 09:43:15 -0700 (PDT) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7AA21200A1 for ; Fri, 4 Oct 2019 09:43:15 -0700 (PDT) Received: by mail-pl1-f180.google.com with SMTP id d22so3399268pls.0 for ; Fri, 04 Oct 2019 09:43:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=PEwATx2PDguszEHxa3MkIsf1m0QKnciwQ75gh6ouyj8=; b=GUTpLlxLoOlaucUvgDv6gVmGMjT5thGtH+BFbmSnwNtKl3EJ84n3+4lXKnmS7vOBft ZirLtYxY0blG2QRlqwGwRPCocYkR7FDEnoYWSwBxgqu4gHKbNTU53K8W+1ZreHcosFxy ijxinW/iYfMF0MyQpULy4zKs3G5PfYIl3JtCdYfPrCmczobax3/IoAOVZBsciQzv4O0q sORPU6qBsy4cvtJF72HVne2iFlRvj7t/87Ei3Bdvd02Nkf1rVRMRt0GX12KyUjyM/+2d ser9ACqPxrOf/LanVUBelTyiUPQ+LsdcDTv3xA9DhxWdJRuTctYp3Wyh92bwMLLCFK+f wROQ== X-Gm-Message-State: APjAAAXcu4Rn/03nfka9fbAppplJ9kawgkp8AdHmSfUmnC18MqHNSd43 u73heSyFmnXHHV0GbrgqqQuzXXn+yrY= X-Google-Smtp-Source: APXvYqwS+dwqhaUo2plj93H6OV6cm4we6cIz7eHBKiZWr4u0pYivhNTB7xjl2vZhX7CaSZWzfx3nig== X-Received: by 2002:a17:902:7885:: with SMTP id q5mr15146628pll.299.1570207395156; Fri, 04 Oct 2019 09:43:15 -0700 (PDT) Received: from [192.168.1.105] (c-73-231-235-186.hsd1.ca.comcast.net. [73.231.235.186]) by smtp.gmail.com with ESMTPSA id 202sm8749496pfu.161.2019.10.04.09.43.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 09:43:14 -0700 (PDT) To: netconf@ietf.org References: From: Randy Presuhn Message-ID: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> Date: Fri, 4 Oct 2019 09:43:12 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Antivirus: Avast (VPS 191004-0, 10/03/2019), Outbound message X-Antivirus-Status: Clean Archived-At: Subject: Re: [netconf] crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 16:43:17 -0000 Hi - On 10/4/2019 6:37 AM, Salz, Rich wrote: > > What’s the use-case for needing to configure symmetric keys? > Provisioning SNMPv3 USM comes to mind. Randy From nobody Fri Oct 4 09:59:04 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E78A120910 for ; Fri, 4 Oct 2019 09:59:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASGfqr5j5vHe for ; Fri, 4 Oct 2019 09:58:58 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CECD81208D9 for ; Fri, 4 Oct 2019 09:58:58 -0700 (PDT) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x94GqSsv012509; Fri, 4 Oct 2019 17:58:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=w+EUwTAWzyd9NEK832Y0mYhZjY2MeUzpBnK2XJy0Bdk=; b=JwxjOPhjHKk4WawrgUE0EcX+zamtu5/P+mGHh1kPbcJoLlpdbXdfTPPz2AwXsO/ZN5se wRtspPKwh7gd8GZhzqcEhNOBheEMx6xMRxuqkisgfS+gfKi6sSWRDs1y6PowD7BYBSmF 2Kdr5Nct463agSCilO4SHeNNnKt82YQ1FaTXzUCaoVBxOuoD2C34TP8B+8xpmmlzl/3q 7GeV5UAjmO4BrSN5AOJFhjcZq89qeo5/kDgY7Rz1VxEzYjesklZyIlb9lbwAPXglEWGK xn+AH447VELQHOh3NpJppuRtNPYMhpMPUcsrgpS79USHHgwgq0AGIt/Noy6iXt2RKMpA WQ== Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 2ve6gvru27-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 Oct 2019 17:58:54 +0100 Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x94GW9Wf026124; Fri, 4 Oct 2019 12:58:54 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint6.akamai.com with ESMTP id 2va2uw98cc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 04 Oct 2019 12:58:54 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 4 Oct 2019 12:58:53 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Fri, 4 Oct 2019 12:58:53 -0400 From: "Salz, Rich" To: Randy Presuhn , "netconf@ietf.org" Thread-Topic: [netconf] crypto-types: why symmetric keys? Thread-Index: AQHVerjc4I0mNpxxdEmkYSi/07A3oqdK8zsA///BUgA= Date: Fri, 4 Oct 2019 16:58:52 +0000 Message-ID: <017A9541-641B-4826-983B-7C47AFA1A3AD@akamai.com> References: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> In-Reply-To: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191003 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.36.233] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-04_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910040145 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-04_09:2019-10-03,2019-10-04 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 impostorscore=0 mlxlogscore=999 priorityscore=1501 malwarescore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 clxscore=1011 phishscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910040146 Archived-At: Subject: Re: [netconf] crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 16:59:03 -0000 ICAgID4gV2hhdOKAmXMgdGhlIHVzZS1jYXNlIGZvciBuZWVkaW5nIHRvIGNvbmZpZ3VyZSBzeW1t ZXRyaWMga2V5cz8NCiAgICA+DQogICAgDQo+ICAgIFByb3Zpc2lvbmluZyBTTk1QdjMgVVNNIGNv bWVzIHRvIG1pbmQuDQogIA0KVGhhbmtzLg0KDQpJZiB3ZSBhcmUgZ29pbmcgdG8gcGFydGl0aW9u IGNyeXB0by10eXBlcyBpbnRvIHNtYWxsZXIgcGllY2VzLCB0aGVuIGl0IHNlZW1zIHdlIGhhdmUg dGhyZWUgdGhpbmdzIG5vdzoNCglUTFMgKGh0dHBzIHNlcnZlcnMsIGNlcnRzIGFuZCBrZXlzIGZv ciBSU0EgYW5kIEVDRFNBKQ0KCVNTSCAoInJhdyIgcHVibGljIGFuZCBwcml2YXRlIGtleXMpDQoJ U05NUCAoc3ltbWV0cmljIGtleXMpDQoNCg0K From nobody Fri Oct 4 10:57:48 2019 Return-Path: <0100016d97eb99fe-d6ce4ac2-7c9d-4653-833b-cb9471591e68-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5CD51208F1 for ; Fri, 4 Oct 2019 10:57:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ucIg6r_0TEdU for ; Fri, 4 Oct 2019 10:57:44 -0700 (PDT) Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF81120129 for ; Fri, 4 Oct 2019 10:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570211863; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=6a453PNOfRi53uLo8ThLg/WUAjEeWTIjerG7wmvKNkA=; b=EAKif3g/u5rr7bzJWp/+A508Yw9lllq9cr/ToWHd0AuR5Z5eVT8Ag8vCEK9EYAsu 57bNlyn8BgBMgw9k6tBVFds4T5nxhgi8yA9gXPhQAQRyyHWapDarOWX4drt9njEGx35 MR0G9j/iI9RgjQMtR/p6XBsrYlQHa5PPn/gbT9MY= From: Kent Watsen Message-ID: <0100016d97eb99fe-d6ce4ac2-7c9d-4653-833b-cb9471591e68-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_05817CF7-5984-4859-9928-832DD5143F61" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Fri, 4 Oct 2019 17:57:43 +0000 In-Reply-To: <017A9541-641B-4826-983B-7C47AFA1A3AD@akamai.com> Cc: Randy Presuhn , "netconf@ietf.org" , Henk Birkholz To: "Salz, Rich" References: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> <017A9541-641B-4826-983B-7C47AFA1A3AD@akamai.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.04-54.240.8.83 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 17:57:47 -0000 --Apple-Mail=_05817CF7-5984-4859-9928-832DD5143F61 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Rich, The introduction of the symmetric-keys to the model was primarily to = resolve an issue for how to support device-generated keys, whereby the = keys would subsequently be present in the device's configuration and = referenced by other configuration. The current `generate-symmetric-key` = and `generate-asymmetric-key` 'action' statements are the 4th iteration = for an approach for how to do this. The idea, in order to maintain the = security of the key (i.e., so it cannot be known even to the = administrator using it), is to encrypt the private or symmetric key = returned from the 'action' statement. The administrator then turns = around and configures the [encrypted] key back onto the device. Use of = a symmetric key to encrypt keys has been shown as a being helpful to = supported RMA (device swaps), discussed here: = https://mailarchive.ietf.org/arch/msg/netconf/pn0LucnWx3Xz0rfBRqB31BVg-Bk = . That said, Henk Birkholz (CC-ed) pointed out in Montreal that the = current TLS model on supports X.509 certificates, but it needs to also = support pre-shared keys (PSKs) and raw public keys. Henk has already = added PSK and RPK to an unpublished version of the Truststore (see the = trust-anchors draft). That being the case, it makes sense that the = symmetric keys in Keystore could be used as/for the PSKs in TLS. Is so, = then please add this use case to the list. Kent > On Oct 4, 2019, at 12:58 PM, Salz, Rich wrote: >=20 >> What=E2=80=99s the use-case for needing to configure symmetric keys? >>=20 >=20 >> Provisioning SNMPv3 USM comes to mind. >=20 > Thanks. >=20 > If we are going to partition crypto-types into smaller pieces, then it = seems we have three things now: > TLS (https servers, certs and keys for RSA and ECDSA) > SSH ("raw" public and private keys) > SNMP (symmetric keys) >=20 >=20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf --Apple-Mail=_05817CF7-5984-4859-9928-832DD5143F61 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Rich,

The = introduction of the symmetric-keys to the model was primarily to resolve = an issue for how to support device-generated keys, whereby the keys = would subsequently be present in the device's configuration and = referenced by other configuration.  The current = `generate-symmetric-key` and `generate-asymmetric-key` 'action' = statements are the 4th iteration for an approach for how to do this. =  The idea, in order to maintain the security of the key (i.e., so = it cannot be known even to the administrator using it), is to encrypt = the private or symmetric key returned from the 'action' statement. =  The administrator then turns around and configures the [encrypted] = key back onto the device.  Use of a symmetric key to encrypt keys = has been shown as a being helpful to supported RMA (device swaps), = discussed here: https://mailarchive.ietf.org/arch/msg/netconf/pn0LucnWx3Xz0rfBR= qB31BVg-Bk.

That said, Henk Birkholz (CC-ed) pointed out in Montreal that = the current TLS model on supports X.509 certificates, but it needs to = also support pre-shared keys (PSKs) and raw public keys.  Henk has = already added PSK and RPK to an unpublished version of the Truststore = (see the trust-anchors draft).  That being the case, it makes sense = that the symmetric keys in Keystore could be used as/for the PSKs in = TLS.  Is so, then please add this use case to the list.

Kent


On Oct 4, 2019, at 12:58 PM, Salz, Rich = <rsalz@akamai.com> wrote:

What=E2=80=99s the = use-case for needing to configure symmetric keys?


  Provisioning SNMPv3 USM comes to mind.

Thanks.

If we are going to partition crypto-types into smaller = pieces, then it seems we have three things now:
TLS = (https servers, certs and keys for RSA and ECDSA)
SSH = ("raw" public and private keys)
SNMP = (symmetric keys)


_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

= --Apple-Mail=_05817CF7-5984-4859-9928-832DD5143F61-- From nobody Fri Oct 4 11:06:53 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3838F1208F8 for ; Fri, 4 Oct 2019 11:06:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fw946JwYOENR for ; Fri, 4 Oct 2019 11:06:49 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88ABB12089D for ; Fri, 4 Oct 2019 11:06:49 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x94I3BuK027727; Fri, 4 Oct 2019 19:06:42 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=ok3JetJAl01k4h+aGUJ8nrDl9/BFrXmGNjfsbfde5Dk=; b=BdX228yIkS5JDF58L29/31A6byydBWrg0Ir//gI2NDFWXBbdhkgTaMyyo8jeVFkVGXct NhslIGsgtwsHtWavUAvR3mDfTD0qc5DP4nbUxeH29fZoMWQ+Dl7e9iQcVtJjoEdX5VBW pSIMB5HGvVDJdR+z4/OEv2VQ3So0S4ZUazA/aFx8ecqqRmX9DqDczp8E0qLJUc6SgzHZ qvIi+tduLpex0i/r9g3n1CjDbsXGm0HOd6i1+klB35/AOGrzgcE0YIKDZ9fJK4SUbn5e dWx1eTi7+JMfIY1m9s0ztb8TPoscCRo6hEYVJF4655uJcWi6gUxAUP7b9b9yGVpNm0V/ Cg== Received: from prod-mail-ppoint7 (prod-mail-ppoint7.akamai.com [96.6.114.121] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2vceft5sb2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 Oct 2019 19:06:41 +0100 Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x94I3tqU015686; Fri, 4 Oct 2019 14:06:38 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint7.akamai.com with ESMTP id 2va2v1gwqj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 04 Oct 2019 14:06:37 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 4 Oct 2019 14:06:36 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Fri, 4 Oct 2019 14:06:36 -0400 From: "Salz, Rich" To: Kent Watsen CC: Randy Presuhn , "netconf@ietf.org" , Henk Birkholz Thread-Topic: [netconf] crypto-types: why symmetric keys? Thread-Index: AQHVerjc4I0mNpxxdEmkYSi/07A3oqdK8zsA///BUgCAAFOAgP//v2yA Date: Fri, 4 Oct 2019 18:06:35 +0000 Message-ID: <13627E1C-A6D0-49B9-8277-55713E1958BD@akamai.com> References: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> <017A9541-641B-4826-983B-7C47AFA1A3AD@akamai.com> <0100016d97eb99fe-d6ce4ac2-7c9d-4653-833b-cb9471591e68-000000@email.amazonses.com> In-Reply-To: <0100016d97eb99fe-d6ce4ac2-7c9d-4653-833b-cb9471591e68-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191003 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.36.233] Content-Type: multipart/alternative; boundary="_000_13627E1CA6D049B9827755713E1958BDakamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-04_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=977 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910040149 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-04_11:2019-10-03,2019-10-04 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=0 clxscore=1011 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=962 malwarescore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910040149 Archived-At: Subject: Re: [netconf] crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 18:06:51 -0000 --_000_13627E1CA6D049B9827755713E1958BDakamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi4NCg0KSSBjb250aW51ZSB0byB1cmdlIGRldmVs b3BtZW50IG9mIHNtYWxsIG1vZGVscyB0aGF0IG1lZXQgbW9zdCAoKm5vdCBhbGwqKSBuZWVkcyBv ZiBzZXJ2aWNlIGNvbmZpZ3VyYXRpb24uICBUTFPigJlzIFBTSyBrZXlzIG5lZWQgdG8gYmUgc2hh cmVkIGJ5IHRoZSBzZXJ2ZXIgYW5kIGNsaWVudChzKSwgc28gSSBhbSBub3Qgc3VyZSBhYm91dCB0 aGUgdXRpbGl0eSBvZiDigJxzbyBub3QgZXZlbiB0aGUgYWRtaW5pc3RyYXRvciBrbm93cyBpdOKA nSAgSSBhbSBpZ25vcmFudCBpZiBQU0vigJlzIGFyZSBhY3R1YWxseSBuZWVkZWQgZm9yIGVudGVy cHJpc2UgdXNlIG9mIFRMUy4NCg0KDQo= --_000_13627E1CA6D049B9827755713E1958BDakamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <8B591B48F259F24A91F4BDD88E744A53@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5h cHBsZS10YWItc3Bhbg0KCXttc28tc3R5bGUtbmFtZTphcHBsZS10YWItc3Bhbjt9DQpzcGFuLkVt YWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0K QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAx LjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24x O30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIg dmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+VGhhbmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+SSBjb250aW51ZSB0byB1cmdlIGRldmVsb3BtZW50IG9mIHNtYWxsIG1vZGVscyB0aGF0 IG1lZXQgbW9zdCAoKm5vdCBhbGwqKSBuZWVkcyBvZiBzZXJ2aWNlIGNvbmZpZ3VyYXRpb24uJm5i c3A7IFRMU+KAmXMgUFNLIGtleXMgbmVlZCB0byBiZSBzaGFyZWQgYnkgdGhlIHNlcnZlciBhbmQg Y2xpZW50KHMpLCBzbyBJIGFtIG5vdCBzdXJlIGFib3V0IHRoZSB1dGlsaXR5IG9mIOKAnHNvIG5v dCBldmVuIHRoZSBhZG1pbmlzdHJhdG9yDQoga25vd3MgaXTigJ0mbmJzcDsgSSBhbSBpZ25vcmFu dCBpZiBQU0vigJlzIGFyZSBhY3R1YWxseSBuZWVkZWQgZm9yIGVudGVycHJpc2UgdXNlIG9mIFRM Uy48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_13627E1CA6D049B9827755713E1958BDakamaicom_-- From nobody Sat Oct 5 18:12:16 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FCB012001E for ; Sat, 5 Oct 2019 18:12:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3NUsegt8Jq_d for ; Sat, 5 Oct 2019 18:12:12 -0700 (PDT) Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43B7712000F for ; Sat, 5 Oct 2019 18:12:12 -0700 (PDT) Received: by mail-lj1-x22c.google.com with SMTP id v24so10103881ljj.3 for ; Sat, 05 Oct 2019 18:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=OePn6ZdQMCK5QTfq6VzOcPK1HQX3NJ6BzL87EY3cXvo=; b=l32KOlUcL2rQR18LkL6wREb5I1mrnIabcPqiz1Cpk5ODdn+BfcG0C2F8Spq0DnT+Y6 Y596TWQQJzq4ApIailUm9Zbew/FxLMfb9bWYLJyDA/9psa7n4Fic3ThjH40G1zvdXB8J DpxHau5oyUYcSUm+NX4KenObKzBccIc3fHCqxPe/pQLLxPxHNboIcGeUOz+XqmPg4j+1 B/I1GYYTgAmbrYv6JE1+8xYZr7dOEhJpGwiIY3D4+S4fLosm8eK5bhChcyd0Fwwie+l4 8KVX3YWMaiBvSAxJx7EzG5TUQgqUrMn3as9CZ/W8AvAVfajFjAJ4gzNXKxey2dzaRpnl XpMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OePn6ZdQMCK5QTfq6VzOcPK1HQX3NJ6BzL87EY3cXvo=; b=spTpLPQgitRXdVeyKhG+5ajryl6wEneWoYaVCN/rJbDSzUqr27avhCK3fM0lpj+kqK FyAPO+BJ2C1Wc2SY5x9SSrzj7f8RxHQnT1tBiWk4XF8moz9m2V5h8RflrVQRLYsTIink 0YgiWMGH9dTe8WoUGrgZswCbxwqXcMV05a3Jxbvbuf1aIx9RyqUfr2K4A9fXsI99vMTO o99XbUPAwXBP5d7VA/RRx984QSzhtKtYQzdYepc+zMd7D0Wr8v7Avi6mJTvxOsmp3daz iTQQzwp370ijfmYcqTsTqYe/XT9/o4DVJkzr5AZIXXdTs9pe/HB4Op4F72+VQLAXvhKD HZzw== X-Gm-Message-State: APjAAAXyd0QKqzlZu/nXxHB0MozPfD3j24/B/HhPll2shXiP1C7rKGGQ AKVXraUR2gMJ2MWN7D9Fn+dDT1greAflBewOW9kqkDeSalc= X-Google-Smtp-Source: APXvYqzvZdspzlaxTcWWMDu5Dh/+0aPw1xl8pXPiPqGYKBtToaoVbIXMGcxjEqNiBolBDK//H1OR0xh5K6TG8VktJRY= X-Received: by 2002:a2e:b607:: with SMTP id r7mr14105375ljn.100.1570324329873; Sat, 05 Oct 2019 18:12:09 -0700 (PDT) MIME-Version: 1.0 From: Andy Bierman Date: Sat, 5 Oct 2019 18:11:59 -0700 Message-ID: To: Netconf Content-Type: multipart/alternative; boundary="000000000000dd5cbf0594339fb2" Archived-At: Subject: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 01:12:14 -0000 --000000000000dd5cbf0594339fb2 Content-Type: text/plain; charset="UTF-8" Hi, I am trying to figure out how to use the origin-filter and negated-origin-filter in the operation in RFC 8526. leaf-list origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is derived from or equal to any of the given filter values."; } These filters seem kind of worthless if implemented according to the text. Consider a simple example where there is 1 learned leaf within a list: module: address +--rw addresses +--rw address* [last-name first-name] +--rw last-name string +--rw first-name string +--rw street? string +--rw city? string +--rw zipcode? string +--rw phone* [phone-type] +--rw phone-type enumeration +--rw phone-number string Let's say the "zipcode" field is learned in (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 digit zipcode). So /addresses and /addresses/address have origin "intended". Only the /addresses/address/zipcode leaf has origin "learned". So how does origin-filter=learned find all the learned leafs? What filters are required to return only the learned entries + ancestors + ancestor-or-self keys? Seems like this filter mechanism has to be used to retrieve the exact leaf that might be learned, and the client needs to know in advance all the possible nodes that might be learned. Want to be able to retrieve an ancestor that is intended and still find the learned entries get-data xpath-filter=/addresses/address origin-filtter=learned The draft shows an example where both "intended" and "system" are given as filters. This will work but will include all the "intended" leafs as well. What if a "learned" node is within a "system" node within an "intended" node? Seems like the client needs to know a lot about the server implementation details in order to use the origin filters. Andy --000000000000dd5cbf0594339fb2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

I am trying to figure out how t= o use the origin-filter and negated-origin-filter
in the <get-= data> operation in RFC 8526.


leaf-list origin= -filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin= 9; annotation is derived from or equal to any of the given filter values."; }

<=
/pre>These filters seem kind of worthless if implemented according to the t=
ext.
Consider a simple example where there is 1 learned leaf with= in a list:

module: address
=C2=A0 +--rw address= es
=C2=A0 =C2=A0 =C2=A0+--rw address* [last-name first-name]
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 +--rw last-name =C2=A0 =C2=A0 string
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 +--rw first-name =C2=A0 =C2=A0string
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 +--rw street? =C2=A0 =C2=A0 =C2=A0 string
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 +--rw city? =C2=A0 =C2=A0 =C2=A0 =C2=A0 string
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 +--rw zipcode? =C2=A0 =C2=A0 =C2=A0string
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 +--rw phone* [phone-type]
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0+--rw phone-type =C2=A0 =C2=A0 =C2=A0enumeration
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0+--rw phone-number =C2=A0 =C2=A0string

Let's say the "zipcode" field is learned in = <operational>
(e.g. ZIP code lookup expands missing or 5 di= git zipcode=C2=A0to full 9 digit zipcode).
So /addresses and /add= resses/address have origin "intended".
Only the /addres= ses/address/zipcode leaf has origin "learned".

So how does origin-filter=3Dlearned find all the learned leafs?
What filters are required to return only the learned entries=C2=A0+ a= ncestors=C2=A0+
ancestor-or-self keys?=C2=A0 Seems like this filt= er mechanism has to be used
to retrieve the exact leaf that might= be learned, and the client
needs to know in advance all the poss= ible nodes that might be learned.

Want to be able = to retrieve an ancestor that is intended and still find the learned entries=

=C2=A0 =C2=A0get-data xpath-filter=3D/addresses/a= ddress origin-filtter=3Dlearned

The draft shows an= example where both "intended" and "system" are given
as filters.=C2=A0 This will work but will include all the "in= tended" leafs as well.
What if a "learned" node is= within a "system" node within an "intended" node?
Seems like the client needs to know a lot about the server implementa= tion details
in order to use the origin filters.


Andy


--000000000000dd5cbf0594339fb2-- From nobody Sun Oct 6 08:33:02 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AA45120044 for ; Sun, 6 Oct 2019 08:33:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3VfuF9tiWK34 for ; Sun, 6 Oct 2019 08:32:59 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id B0572120043 for ; Sun, 6 Oct 2019 08:32:59 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id C6FFF1AE018B; Sun, 6 Oct 2019 17:32:56 +0200 (CEST) Date: Sun, 06 Oct 2019 17:32:56 +0200 (CEST) Message-Id: <20191006.173256.1788347482117819951.mbj@tail-f.com> To: andy@yumaworks.com Cc: netconf@ietf.org From: Martin Bjorklund In-Reply-To: References: X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 15:33:01 -0000 Hi, Andy Bierman wrote: > Hi, > > I am trying to figure out how to use the origin-filter and > negated-origin-filter > in the operation in RFC 8526. > > > leaf-list origin-filter { > type or:origin-ref; > description > "Filter based on the 'origin' annotation. A > configuration node matches the filter if its 'origin' > annotation is derived from or equal to any of the given > filter values."; > } > > > These filters seem kind of worthless if implemented according to the text. > Consider a simple example where there is 1 learned leaf within a list: > > module: address > +--rw addresses > +--rw address* [last-name first-name] > +--rw last-name string > +--rw first-name string > +--rw street? string > +--rw city? string > +--rw zipcode? string > +--rw phone* [phone-type] > +--rw phone-type enumeration > +--rw phone-number string > > Let's say the "zipcode" field is learned in > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 digit > zipcode). > So /addresses and /addresses/address have origin "intended". > Only the /addresses/address/zipcode leaf has origin "learned". > > So how does origin-filter=learned find all the learned leafs? Perhaps I don't understand your question; IMO you give the answer to this question below: > What filters are required to return only the learned entries + ancestors + > ancestor-or-self keys? Seems like this filter mechanism has to be used > to retrieve the exact leaf that might be learned, and the client > needs to know in advance all the possible nodes that might be learned. > > Want to be able to retrieve an ancestor that is intended and still find the > learned entries > > get-data xpath-filter=/addresses/address origin-filtter=learned ... here. So this request will return:
... ... ...
... > The draft shows an example where both "intended" and "system" are given > as filters. This will work but will include all the "intended" leafs as > well. > What if a "learned" node is within a "system" node within an "intended" > node? This works as well. Note that the get-data description says: Any ancestor nodes (including list keys) of nodes selected by the filters are included in the response. /martin > Seems like the client needs to know a lot about the server implementation > details > in order to use the origin filters. > > > Andy From nobody Sun Oct 6 09:19:01 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 783B412011E for ; Sun, 6 Oct 2019 09:18:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sxlhmIK6i-G0 for ; Sun, 6 Oct 2019 09:18:55 -0700 (PDT) Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF5C12004F for ; Sun, 6 Oct 2019 09:18:55 -0700 (PDT) Received: by mail-lf1-x131.google.com with SMTP id r134so7552450lff.12 for ; Sun, 06 Oct 2019 09:18:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kFxHVhR+srYH5Q4ZLklBN+HOI/4/DV2oqrv8CeENM4Y=; b=wh/rawFym5w2At2N5FWGRAt7JTWsFuyi41yA2ggHWXtCDKukExRIm8d6yREy82m1El b2Rw0KFJWBCAtWD2uslcGEkdHLNcj7hCgdIWi3zCX7MfipqWOm9CuigmLZBYRXBUI5rS LWFCvi7Uv6nEcRKCbwz24DYQ9mgVO6aR+jpOgGDL4GUoK63nHPkU7/keRfhjuFDpeZU+ 9JLE6jRlHNLgqjUVMMOYz214n75nRvkdEWDn1iAtESWrC72jl2fSpR7go2p8bdK0SdOl f6VU8IcJGqDVR2OTKKzoImfpTJFxbItw5Yvw7/8QylsmjfkqgHKHUI8LCF5woAsVK8G7 Cfyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kFxHVhR+srYH5Q4ZLklBN+HOI/4/DV2oqrv8CeENM4Y=; b=X86Vi6Je6cKvfn+Fm9k5BiUxPMczhUDjLkwsY2L5djoNuJEn6JU+/sLqrth11N6TAF f1jgLe03sDfaVQDUDVb/MH6gVtQNtD9PG4GOAix/Y4Bh3btHBc1XNKUUnMUCbym3OvH2 HHAgjynrrsQx8IUm0VdRXbKjd25v+fptmdQMUVx9ETIfqVnPB4qbNJu2J/Bo4cTr3F1S zhl+b8kqZDd8ZHMLWfVWoGx/CP3z9PFUsXYz24Qs/+ESx0r373yQHkBx7YUb325fX7AZ MIqKCIBbNyw27xOqt0pOawY0OSmY9jRkbGEIVsaJ56z+C5ONLw/i+puSUKaS5d1lcT2x RSSw== X-Gm-Message-State: APjAAAWZVnhNT8UGR5vrf+3DZmi9WPY62hth0oYyMhN23GPEzNE/upDB h/7G/7XEjiC6Ef4Z/PTrycDwzycpDoNynovTQKkgnTV9Fug= X-Google-Smtp-Source: APXvYqxw2agdCJjEI7RUEkCLt6ZNQhQOBOL3noh06FDe9dqWaxQh0L6Pshmz0/ysNn3TetELHpxZDaubkt9sqERCNFM= X-Received: by 2002:ac2:5148:: with SMTP id q8mr13769078lfd.84.1570378733481; Sun, 06 Oct 2019 09:18:53 -0700 (PDT) MIME-Version: 1.0 References: <20191006.173256.1788347482117819951.mbj@tail-f.com> In-Reply-To: <20191006.173256.1788347482117819951.mbj@tail-f.com> From: Andy Bierman Date: Sun, 6 Oct 2019 09:18:42 -0700 Message-ID: To: Martin Bjorklund Cc: Netconf Content-Type: multipart/alternative; boundary="000000000000928bf50594404aef" Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 16:18:58 -0000 --000000000000928bf50594404aef Content-Type: text/plain; charset="UTF-8" On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund wrote: > Hi, > > Andy Bierman wrote: > > Hi, > > > > I am trying to figure out how to use the origin-filter and > > negated-origin-filter > > in the operation in RFC 8526. > > > > > > leaf-list origin-filter { > > type or:origin-ref; > > description > > "Filter based on the 'origin' annotation. A > > configuration node matches the filter if its 'origin' > > annotation is derived from or equal to any of the given > > filter values."; > > } > > > > > > These filters seem kind of worthless if implemented according to the > text. > > Consider a simple example where there is 1 learned leaf within a list: > > > > module: address > > +--rw addresses > > +--rw address* [last-name first-name] > > +--rw last-name string > > +--rw first-name string > > +--rw street? string > > +--rw city? string > > +--rw zipcode? string > > +--rw phone* [phone-type] > > +--rw phone-type enumeration > > +--rw phone-number string > > > > Let's say the "zipcode" field is learned in > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 digit > > zipcode). > > So /addresses and /addresses/address have origin "intended". > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > So how does origin-filter=learned find all the learned leafs? > > Perhaps I don't understand your question; IMO you give the answer to > this question below: > > > What filters are required to return only the learned entries + ancestors > + > > ancestor-or-self keys? Seems like this filter mechanism has to be used > > to retrieve the exact leaf that might be learned, and the client > > needs to know in advance all the possible nodes that might be learned. > > > > Want to be able to retrieve an ancestor that is intended and still find > the > > learned entries > > > > get-data xpath-filter=/addresses/address origin-filtter=learned > > ... here. So this request will return: > > >
> ... > ... > ... >
> ... > > > I do not interpret the text the same way as you. The content returned by get-data must satisfy all filters, i.e., the filter criteria are logically ANDed. leaf-list origin-filter { type or:origin-ref; description "Filter based on the 'origin' annotation. A configuration node matches the filter if its 'origin' annotation is derived from or equal to any of the given filter values."; } Configuration nodes that do not have an 'origin' annotation are treated as if they have the 'origin' annotation 'or:unknown'. > The draft shows an example where both "intended" and "system" are given > > as filters. This will work but will include all the "intended" leafs as > > well. > > What if a "learned" node is within a "system" node within an "intended" > > node? > > This works as well. Note that the get-data description says: > > Any ancestor nodes (including list keys) of nodes selected by > the filters are included in the response. > > > The issue is how the /iaddresses and /addresses/address nodes match the origin "learned". The leafs in list "address" are a mixture of "intended" and "learned" origin. The text clearly says that a node has a single origin property, coupled to the annotation. Issue 1: mixed origin descendant nodes So how does a search on /addresses/address match origin-filter=learned? I cannot find any text that says what the origin of a list or P-container is if it contains nodes of mixed origin. Issue 2: NP-containers Also from RFC 8342: The origin applies to all configuration nodes except non-presence containers. What if the top-level node is an NP-container in this case. I thought the top-level node MUST have an origin attribute. The text is not clear how NP-containers are handled. Do they have an origin attribute? If not then RFC 8526 says they have origin "unknown". Is the intent that NP-containers always pass the origin-filter tests (test skipped)? /martin > > Andy > > > Seems like the client needs to know a lot about the server implementation > > details > > in order to use the origin filters. > > > > > > Andy > --000000000000928bf50594404aef Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Sun, Oct 6, 2019 at 8:32 AM Martin= Bjorklund <mbj@tail-f.com> wro= te:
Hi,

Andy Bierman <an= dy@yumaworks.com> wrote:
> Hi,
>
> I am trying to figure out how to use the origin-filter and
> negated-origin-filter
> in the <get-data> operation in RFC 8526.
>
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-filter {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:origin-ref; >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "Filter ba= sed on the 'origin' annotation.=C2=A0 A
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0configura= tion node matches the filter if its 'origin'
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0annotatio= n is derived from or equal to any of the given
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0filter va= lues.";
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>
>
> These filters seem kind of worthless if implemented according to the t= ext.
> Consider a simple example where there is 1 learned leaf within a list:=
>
> module: address
>=C2=A0 =C2=A0+--rw addresses
>=C2=A0 =C2=A0 =C2=A0 +--rw address* [last-name first-name]
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw last-name=C2=A0 =C2=A0 =C2=A0st= ring
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw first-name=C2=A0 =C2=A0 string<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw street?=C2=A0 =C2=A0 =C2=A0 =C2= =A0string
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw city?=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0string
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw zipcode?=C2=A0 =C2=A0 =C2=A0 st= ring
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw phone* [phone-type]
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-type=C2=A0 =C2=A0= =C2=A0 enumeration
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-number=C2=A0 =C2= =A0 string
>
> Let's say the "zipcode" field is learned in <operatio= nal>
> (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 dig= it
> zipcode).
> So /addresses and /addresses/address have origin "intended".=
> Only the /addresses/address/zipcode leaf has origin "learned"= ;.
>
> So how does origin-filter=3Dlearned find all the learned leafs?

Perhaps I don't understand your question; IMO you give the answer to this question below:

> What filters are required to return only the learned entries + ancesto= rs +
> ancestor-or-self keys?=C2=A0 Seems like this filter mechanism has to b= e used
> to retrieve the exact leaf that might be learned, and the client
> needs to know in advance all the possible nodes that might be learned.=
>
> Want to be able to retrieve an ancestor that is intended and still fin= d the
> learned entries
>
>=C2=A0 =C2=A0 get-data xpath-filter=3D/addresses/address origin-filtter= =3Dlearned

... here.=C2=A0 So this request will return:

=C2=A0 =C2=A0<addresses or:origin=3D"or:intended">
=C2=A0 =C2=A0 =C2=A0<address>
=C2=A0 =C2=A0 =C2=A0 =C2=A0<last-name>...</last-name>
=C2=A0 =C2=A0 =C2=A0 =C2=A0<first-name>...</first-name>
=C2=A0 =C2=A0 =C2=A0 =C2=A0<zipcode or:origin=3D"or:learned"&g= t;...</zipcode>
=C2=A0 =C2=A0 =C2=A0</address>
=C2=A0 =C2=A0 =C2=A0...
=C2=A0 =C2=A0</addresses>


I do not interpret the text the same w= ay as you.

=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 The content returned
          by get-data must satisfy all filters, i.=
e., the filter
          criteria are logically ANDed.

          leaf-list origin-filt=
er {
             type or:origin-ref;
             description
               "Filter based on the 'origin' annotation.  A
                configuration node matches the filter if its 'origin=
9;
                annotation is derived from or equal to any of the given
                filter values.";
           }

              Configuration nodes that do not have=
 an
              'origin' annotation are treated as if they have the
              'origin' annotation 'or:unknown'.


> The draft shows an example where both "intended" and "s= ystem" are given
> as filters.=C2=A0 This will work but will include all the "intend= ed" leafs as
> well.
> What if a "learned" node is within a "system" node= within an "intended"
> node?

This works as well.=C2=A0 Note that the get-data description says:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Any ancestor nodes (including list keys)= of nodes selected by
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 the filters are included in the response= .




The issue is how the /i= addresses=C2=A0and /addresses/address nodes match the origin "learned&= quot;.
The leafs in list "address" are a mixture of &qu= ot;intended" and "learned" origin.
The text clearl= y says that a node has a single origin property, coupled to the annotation.=

Issue 1: mixed origin descendant nodes
= So how does a search on /addresses/address match origin-filter=3Dlearned?
I cannot find any text that says what the origin of a list or P-co= ntainer is if it
contains nodes of mixed origin.

Issue 2: NP-containers

Also from RFC = 8342:

   The origin applies to all configuration nodes except non-presenc=
e
   containers.

What if the top-level node is an NP-container in th= is case.
I thought the top-level node MUST have an origin attribute.

The text is not clear how NP-containers are handled.<= /div>
Do they have an origin attribute? If not then RFC 8526 says they = have origin "unknown".
Is the intent that NP= -containers always pass the origin-filter tests (test skipped)?
<= br>


<=
/pre>
/martin


Andy
=C2=A0

> Seems like the client needs to know a lot about the server implementat= ion
> details
> in order to use the origin filters.
>
>
> Andy
--000000000000928bf50594404aef-- From nobody Mon Oct 7 00:43:59 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD66412002F for ; Mon, 7 Oct 2019 00:43:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hEV-Hv4RvDlv for ; Mon, 7 Oct 2019 00:43:56 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 00391120020 for ; Mon, 7 Oct 2019 00:43:55 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 9EBF31AE018A; Mon, 7 Oct 2019 09:43:53 +0200 (CEST) Date: Mon, 07 Oct 2019 09:43:27 +0200 (CEST) Message-Id: <20191007.094327.1923088106819713441.mbj@tail-f.com> To: andy@yumaworks.com Cc: netconf@ietf.org From: Martin Bjorklund In-Reply-To: References: <20191006.173256.1788347482117819951.mbj@tail-f.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 07:43:58 -0000 Andy Bierman wrote: > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund wrote: > > > Hi, > > > > Andy Bierman wrote: > > > Hi, > > > > > > I am trying to figure out how to use the origin-filter and > > > negated-origin-filter > > > in the operation in RFC 8526. > > > > > > > > > leaf-list origin-filter { > > > type or:origin-ref; > > > description > > > "Filter based on the 'origin' annotation. A > > > configuration node matches the filter if its 'origin' > > > annotation is derived from or equal to any of the given > > > filter values."; > > > } > > > > > > > > > These filters seem kind of worthless if implemented according to the > > text. > > > Consider a simple example where there is 1 learned leaf within a list: > > > > > > module: address > > > +--rw addresses > > > +--rw address* [last-name first-name] > > > +--rw last-name string > > > +--rw first-name string > > > +--rw street? string > > > +--rw city? string > > > +--rw zipcode? string > > > +--rw phone* [phone-type] > > > +--rw phone-type enumeration > > > +--rw phone-number string > > > > > > Let's say the "zipcode" field is learned in > > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 digit > > > zipcode). > > > So /addresses and /addresses/address have origin "intended". > > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > > > So how does origin-filter=learned find all the learned leafs? > > > > Perhaps I don't understand your question; IMO you give the answer to > > this question below: > > > > > What filters are required to return only the learned entries + ancestors > > + > > > ancestor-or-self keys? Seems like this filter mechanism has to be used > > > to retrieve the exact leaf that might be learned, and the client > > > needs to know in advance all the possible nodes that might be learned. > > > > > > Want to be able to retrieve an ancestor that is intended and still find > > the > > > learned entries > > > > > > get-data xpath-filter=/addresses/address origin-filtter=learned > > > > ... here. So this request will return: > > > > > >
> > ... > > ... > > ... > >
> > ... > > > > > > > I do not interpret the text the same way as you. Does this mean that you think that the reply is different from what I show above? If so, what would it be, and why? > > The content returned > > by get-data must satisfy all filters, i.e., the filter > criteria are logically ANDed. > > > leaf-list origin-filter { > type or:origin-ref; > description > "Filter based on the 'origin' annotation. A > configuration node matches the filter if its 'origin' > annotation is derived from or equal to any of the given > filter values."; > } > > > Configuration nodes that do not have an > 'origin' annotation are treated as if they have the > 'origin' annotation 'or:unknown'. > > > > > The draft shows an example where both "intended" and "system" are given > > > as filters. This will work but will include all the "intended" leafs as > > > well. > > > What if a "learned" node is within a "system" node within an "intended" > > > node? > > > > This works as well. Note that the get-data description says: > > > > Any ancestor nodes (including list keys) of nodes selected by > > the filters are included in the response. > > > > > > > > The issue is how the /iaddresses and /addresses/address nodes match the > origin "learned". They don't, but they are included b/c of the quoted text above (i.e.: Any ancestor nodes (including list keys) of nodes selected by the filters are included in the response.) > The leafs in list "address" are a mixture of "intended" and "learned" > origin. > The text clearly says that a node has a single origin property, coupled to > the annotation. > > Issue 1: mixed origin descendant nodes > So how does a search on /addresses/address match origin-filter=learned? > I cannot find any text that says what the origin of a list or P-container > is if it > contains nodes of mixed origin. See above. > Issue 2: NP-containers > > Also from RFC 8342: > > The origin applies to all configuration nodes except non-presence > containers. > > > What if the top-level node is an NP-container in this case. > I thought the top-level node MUST have an origin attribute. > > The text is not clear how NP-containers are handled. > Do they have an origin attribute? If not then RFC 8526 says they have > origin "unknown". > Is the intent that NP-containers always pass the origin-filter tests (test > skipped)? No, since they don't have an origin value they will not be selected by the filter. But an NP-container will be included in the reply if it is the ancestor of a node that is selected by the filter. /martin > > > > /martin > > > > > Andy > > > > > > > Seems like the client needs to know a lot about the server implementation > > > details > > > in order to use the origin filters. > > > > > > > > > Andy > > From nobody Mon Oct 7 01:30:14 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C00120020 for ; Mon, 7 Oct 2019 01:30:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.1 X-Spam-Level: X-Spam-Status: No, score=-4.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbDmXun1fBlI for ; Mon, 7 Oct 2019 01:30:07 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A304D1207FE for ; Mon, 7 Oct 2019 01:30:07 -0700 (PDT) Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 936D7A6BAC1A8D93DD01; Mon, 7 Oct 2019 09:30:04 +0100 (IST) Received: from sineml703-chm.china.huawei.com (10.223.161.110) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 7 Oct 2019 09:30:04 +0100 Received: from sineml706-chm.china.huawei.com (10.223.161.113) by sineml703-chm.china.huawei.com (10.223.161.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 7 Oct 2019 16:30:02 +0800 Received: from sineml706-chm.china.huawei.com ([10.223.161.113]) by sineml706-chm.china.huawei.com ([10.223.161.113]) with mapi id 15.01.1713.004; Mon, 7 Oct 2019 16:30:02 +0800 From: Wang Haiguang To: "Salz, Rich" , Kent Watsen CC: "netconf@ietf.org" , Rifaat Shekh-Yusef Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVaNykQ+AWDonnw0K18K8BnfwgSqcoyBWAgAU9agCAASLxgIAAPqgAgAAEIYCAACwMAIAAA3qAgAACEwCAARRSgIAAM8kAgAABGICAABougIAABpcAgAAikgCAAANggIAd04nA Date: Mon, 7 Oct 2019 08:30:02 +0000 Message-ID: <1c08a27c27ea4177b9cfc524c92042f0@huawei.com> References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <0100016d3afa694e-ce58ee3a-792f-4c0e-89bb-83d0128a5194-000000@email.amazonses.com> <8053FDA0-77EA-488F-B5A7-F203359105E0@akamai.com> <6924CAD5-F740-4512-8689-E0307AF0BD88@akamai.com> <99BFF357-6A2A-49E0-BB38-37C25DB04213@akamai.com> <0100016d44bda220-51590a9a-0a15-4b63-a49d-47efe712e82e-000000@email.amazonses.com> <2614C1E8-A015-4816-AA3B-F75D02F5701C@akamai.com> <0100016d45447f68-68073ae2-3f96-4c6d-846d-7c661c1cdb0c-000000@email.amazonses.com> <7AE47512-8974-4A8C-9756-699CAE220EF9@akamai.com> In-Reply-To: <7AE47512-8974-4A8C-9756-699CAE220EF9@akamai.com> Accept-Language: en-SG, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.37.205] Content-Type: multipart/alternative; boundary="_000_1c08a27c27ea4177b9cfc524c92042f0huaweicom_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 08:30:11 -0000 --_000_1c08a27c27ea4177b9cfc524c92042f0huaweicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U29ycnkgdG8gYnJpbmcgeW91IGFsbCBiYWNrIHRvIGFuIGVtYWlsIHR3byB3ZWVrcyBhZ28uDQoN CklmIEkgYW0gbm90IHdyb25nLCBUTFMgMS4zIHN1cHBvcnQgdG8gdXNlIHJhdyBwdWJsaWMga2V5 IGJldHdlZW4gY2xpZW50IGFuZCBzZXJ2ZXIuDQpJIHRoaW5rIFRMUyArIFJhdyBwdWJsaWMga2V5 IGhhcyBiZWVuIHNwZWNpZmllZCBpbiBSRkMgNzI1MCBhbmQgbGF0ZXIgbWVyZ2UgaW4gUkZDIDg0 NDYgKFRMUyAxLjMpDQoNCkJlc3QgcmVnYXJkcy4NCg0KSGFpZ3VhbmcNCg0KRnJvbTogbmV0Y29u ZiBbbWFpbHRvOm5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFNhbHosIFJp Y2gNClNlbnQ6IFRodXJzZGF5LCBTZXB0ZW1iZXIgMTksIDIwMTkgMTI6NTggQU0NClRvOiBLZW50 IFdhdHNlbiA8a2VudCtpZXRmQHdhdHNlbi5uZXQ+DQpDYzogbmV0Y29uZkBpZXRmLm9yZzsgUmlm YWF0IFNoZWtoLVl1c2VmIDxyaWZhYXQuaWV0ZkBnbWFpbC5jb20+DQpTdWJqZWN0OiBSZTogW25l dGNvbmZdIGNyeXB0by10eXBlcyBmYWxsYmFjayBzdHJhdGVneQ0KDQoNCsOYICBUaGUgZGVzaXJl IHRvIHVzZSBTdWJqZWN0UHVibGljS2V5SW5mbyBpcyBwZXIgdGVzdHMgKDIpIGFuZCAoNCkgZGVz Y3JpYmVkIGhlcmU6IGh0dHBzOi8vbWFpbGFyY2hpdmUuaWV0Zi5vcmcvYXJjaC9tc2cvbmV0Y29u Zi95c3VrRGRiQ0EwYTcwaGVGMWFfbGRaTnI0eUU8aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9p bnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19tYWlsYXJjaGl2ZS5pZXRmLm9yZ19hcmNoX21zZ19u ZXRjb25mX3lzdWtEZGJDQTBhNzBoZUYxYS01RmxkWk5yNHlFJmQ9RHdNRkFnJmM9OTZaYlpaY2FN RjR3MEY0anBONkxaZyZyPTRMTTBHYlIwaDlGdng4NkZ0c0tJLXcmbT0yV2pHQTdIWkNkZ08zUHVO SUdjU2hmMmlzN0pXMDZMQ1FkYmpIbllGTnM4JnM9MmE0NjdRZXBpM1puT01jNmJvbVhqcDN5c1Rz ZUYwRVVYeXR1YWhOSFpOdyZlPT4uDQoNClRob3NlIGV4cGVyaW1lbnRzIGRvIG5vdCBtYXR0ZXIu ICBUTFMgc2VuZHMgWDUwOSBjZXJ0aWZpY2F0ZXMuICBJIGFtIG5vdCBhd2FyZSBvZiBhbnkgcHJv dG9jb2wgKGFuZCBJIGRvbuKAmXQga25vdyBhbGwgb2YgdGhlbSwgb2YgY291cnNlKSB0aGF0IHNl bmRzIHJhdyBwdWJsaWMga2V5cy4gIFdoYXQgcHJvdG9jb2xzIGFyZSB5b3UgdGhpbmtpbmcgb2Y/ DQoNCklmIHlvdSB3YW50IHRvIGNvbmZpZ3VyZSBhbiBIVFRQUyBzZXJ2ZXIgdXNpbmcgbmV0Y29u Zi95YW5nLCB5b3Ugd2lsbCBuZWVkIHRvIGdpdmUgdGhhdCBzZXJ2ZXIgWDUwOSBjZXJ0aWZpY2F0 ZXMuDQoNCg0KPiBkb24ndCB1bmRlcnN0YW5kIHRoZSBxdWVzdGlvbi4gIEkgdGhpbmsgeW91ciB0 aXAtdG9laW5nIG9uIGEgY29uY2VybiB0aGF0IGEga2V5IHNob3VsZCBvbmx5IGJlIGVuY3J5cHRl ZCB3aXRoIGEgY2VydGFpbiBvdGhlciBrZXksIGlmIG9ubHkgdGhlIGVuc3VyZSB0aGF0IHRoZSBz dHJlbmd0aCBvZiB0aGUgZW5jcnlwdGluZyBrZXkgaXMgbm90IGxlc3MgdGhhbiB0aGUga2V5IGJl aW5nIGVuY3J5cHRlZC4gIElzIHRoaXMgd2hhdCB5b3UgbWVhbj8NCg0KTm8sIEkgd2FzIGFza2lu ZyBpZiDigJxlbmNyeXB0ZWQgcHJpdmF0ZSBrZXnigJ0gaXMgYSBzZXBhcmF0ZSB0aGluZyBmcm9t IOKAnHBsYWludGV4dCBwcml2YXRlIGtleS7igJ0NCg0K --_000_1c08a27c27ea4177b9cfc524c92042f0huaweicom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseTpTaW1TdW47DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1 IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBh bm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IlxAU2ltU3VuIjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30NCi8qIFN0eWxlIERl ZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJ e21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7 DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5 cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6IzA1NjNDMTsNCgl0ZXh0 LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xs b3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Izk1NEY3MjsNCgl0ZXh0LWRl Y29yYXRpb246dW5kZXJsaW5lO30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFn cmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1h cmdpbi10b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJ bWFyZ2luLWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEx LjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpwLm1zb25vcm1hbDAs IGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1h bDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEu MHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHls ZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjANCgl7bXNv LXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5bGUtdHlw ZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCglj b2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1v bmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41 aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNl Y3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBs aXN0IGwwDQoJe21zby1saXN0LWlkOjQyMzk1NzQ4NjsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 LTE2OTYyODQ2NTg7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0 OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOi41aW47 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlz dCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6MS41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt ZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi4w aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp bjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpA bGlzdCBsMDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250 LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6My4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZv bnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 My41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9 DQpAbGlzdCBsMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z by1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NC4waW47DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1m b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDkN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6NC41aW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMQ0KCXttc28tbGlzdC1pZDoxNTAxMDQ2NjEx Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoyMDE0NzM2 MjIyIDgwOTI5ODM5OCA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5 MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMTpsZXZlbDENCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+DmDsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczsNCgltc28tZmFyZWFzdC1m b250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjsNCgltc28tYmlkaS1mb250LWZhbWlseTpDYWxp YnJpO30NCkBsaXN0IGwxOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7 DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFt aWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXIt Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u MjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDE6bGV2ZWw0DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWw1 DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0K CW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm dDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpA bGlzdCBsMTpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s ZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5Oldp bmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs bGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZv bnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5v bmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp bjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsOQ0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1s ZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJe21hcmdp bi1ib3R0b206MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5bGU+PCEt LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlk bWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+ DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0 YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxi b2R5IGxhbmc9IkVOLVVTIiBsaW5rPSIjMDU2M0MxIiB2bGluaz0iIzk1NEY3MiI+DQo8ZGl2IGNs YXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNv bG9yOiMxRjQ5N0QiPlNvcnJ5IHRvIGJyaW5nIHlvdSBhbGwgYmFjayB0byBhbiBlbWFpbCB0d28g d2Vla3MgYWdvLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5JZiBJIGFt IG5vdCB3cm9uZywgVExTIDEuMyBzdXBwb3J0IHRvIHVzZSByYXcgcHVibGljIGtleSBiZXR3ZWVu IGNsaWVudCBhbmQgc2VydmVyLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkkgdGhpbmsgVExTICYjNDM7IFJh dyBwdWJsaWMga2V5IGhhcyBiZWVuIHNwZWNpZmllZCBpbiBSRkMgNzI1MCBhbmQgbGF0ZXIgbWVy Z2UgaW4gUkZDIDg0NDYgKFRMUyAxLjMpPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0 OTdEIj5CZXN0IHJlZ2FyZHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5I YWlndWFuZzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2 Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0 O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+RnJv bTo8L2I+IG5ldGNvbmYgW21haWx0bzpuZXRjb25mLWJvdW5jZXNAaWV0Zi5vcmddIDxiPk9uIEJl aGFsZiBPZg0KPC9iPlNhbHosIFJpY2g8YnI+DQo8Yj5TZW50OjwvYj4gVGh1cnNkYXksIFNlcHRl bWJlciAxOSwgMjAxOSAxMjo1OCBBTTxicj4NCjxiPlRvOjwvYj4gS2VudCBXYXRzZW4gJmx0O2tl bnQmIzQzO2lldGZAd2F0c2VuLm5ldCZndDs8YnI+DQo8Yj5DYzo8L2I+IG5ldGNvbmZAaWV0Zi5v cmc7IFJpZmFhdCBTaGVraC1ZdXNlZiAmbHQ7cmlmYWF0LmlldGZAZ21haWwuY29tJmd0Ozxicj4N CjxiPlN1YmplY3Q6PC9iPiBSZTogW25ldGNvbmZdIGNyeXB0by10eXBlcyBmYWxsYmFjayBzdHJh dGVneTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0 Oi41aW47dGV4dC1pbmRlbnQ6LS4yNWluO21zby1saXN0OmwxIGxldmVsMSBsZm8zIj4NCjwhW2lm ICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpXaW5nZGluZ3MiPjxzcGFu IHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsOYPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7 VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2Vu ZGlmXT5UaGUgZGVzaXJlIHRvIHVzZSBTdWJqZWN0UHVibGljS2V5SW5mbyBpcyBwZXIgdGVzdHMg KDIpIGFuZCAoNCkgZGVzY3JpYmVkIGhlcmU6Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly91cmxkZWZl bnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19tYWlsYXJjaGl2ZS5pZXRmLm9y Z19hcmNoX21zZ19uZXRjb25mX3lzdWtEZGJDQTBhNzBoZUYxYS01RmxkWk5yNHlFJmFtcDtkPUR3 TUZBZyZhbXA7Yz05NlpiWlpjYU1GNHcwRjRqcE42TFpnJmFtcDtyPTRMTTBHYlIwaDlGdng4NkZ0 c0tJLXcmYW1wO209MldqR0E3SFpDZGdPM1B1TklHY1NoZjJpczdKVzA2TENRZGJqSG5ZRk5zOCZh bXA7cz0yYTQ2N1FlcGkzWm5PTWM2Ym9tWGpwM3lzVHNlRjBFVVh5dHVhaE5IWk53JmFtcDtlPSI+ aHR0cHM6Ly9tYWlsYXJjaGl2ZS5pZXRmLm9yZy9hcmNoL21zZy9uZXRjb25mL3lzdWtEZGJDQTBh NzBoZUYxYV9sZFpOcjR5RTwvYT4uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPlRob3NlIGV4cGVyaW1lbnRzIGRvIG5vdCBtYXR0ZXIuJm5ic3A7IFRMUyBzZW5kcyBYNTA5 IGNlcnRpZmljYXRlcy4mbmJzcDsgSSBhbSBub3QgYXdhcmUgb2YgYW55IHByb3RvY29sIChhbmQg SSBkb27igJl0IGtub3cgYWxsIG9mIHRoZW0sIG9mIGNvdXJzZSkgdGhhdCBzZW5kcyByYXcgcHVi bGljIGtleXMuJm5ic3A7IFdoYXQgcHJvdG9jb2xzIGFyZSB5b3UgdGhpbmtpbmcgb2Y/PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPklmIHlvdSB3YW50IHRvIGNvbmZpZ3VyZSBhbiBIVFRQUyBzZXJ2 ZXIgdXNpbmcgbmV0Y29uZi95YW5nLCB5b3Ugd2lsbCBuZWVkIHRvIGdpdmUgdGhhdCBzZXJ2ZXIg WDUwOSBjZXJ0aWZpY2F0ZXMuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+Jmd0OyBkb24ndCB1bmRlcnN0YW5kIHRoZSBxdWVzdGlvbi4gJm5ic3A7SSB0aGluayB5b3Vy IHRpcC10b2Vpbmcgb24gYSBjb25jZXJuIHRoYXQgYSBrZXkgc2hvdWxkIG9ubHkgYmUgZW5jcnlw dGVkIHdpdGggYSBjZXJ0YWluIG90aGVyIGtleSwgaWYgb25seSB0aGUgZW5zdXJlIHRoYXQgdGhl IHN0cmVuZ3RoIG9mIHRoZSBlbmNyeXB0aW5nIGtleSBpcyBub3QgbGVzcyB0aGFuIHRoZSBrZXkg YmVpbmcgZW5jcnlwdGVkLiAmbmJzcDtJcw0KIHRoaXMgd2hhdCB5b3UgbWVhbj88bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Tm8sIEkgd2FzIGFza2luZyBpZiDigJxlbmNy eXB0ZWQgcHJpdmF0ZSBrZXnigJ0gaXMgYSBzZXBhcmF0ZSB0aGluZyBmcm9tIOKAnHBsYWludGV4 dCBwcml2YXRlIGtleS7igJ08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_1c08a27c27ea4177b9cfc524c92042f0huaweicom_-- From nobody Mon Oct 7 04:28:43 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DCA012007A for ; Mon, 7 Oct 2019 04:28:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sedonasys.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlhdtWttS7Z1 for ; Mon, 7 Oct 2019 04:28:39 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130122.outbound.protection.outlook.com [40.107.13.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6B07120052 for ; Mon, 7 Oct 2019 04:28:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f/rSizDkVILftPSYWX52C0CFUm4R2ARfcFaG4FKkE2b+Y5PLmxC+vOzolkrQnS7j2o9ZLIfuCCWWZmfw5c96aM39pqk0GB9svqx5xyvLvKOoJLOs0giwXC2XeV+SITwyruyjzRZWgfcdJKuhtybrjNecyxdV5EEj1/jls2N4qUBcVyVw+uHdMvz65UhZgJPiHSvXER9a8Ql3yoAic/LugLPOcGL9nX4A6K767pazSROpJ2d6ZMFNueFbfPj+8xT6kPx/jtnep8FFQy02S5ghd+QOPoeTo7mub1/hh3HRH0qW1M7RaVAxD6cpgtKlI/pW02BuXPGyGE+nJ7gZZGcXYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fORZPhiE9FDyTokrHor2cy52e0drKbjQN5w8HBxBo2c=; b=Bd3EbM0sK2lMufy4FXrVYpZhSWk2oJix09UcBbcMOH3UqtUi3XYxlXDo9Kv3VYmYNSeUES5ZFK+WeprwrYuqmGarn5U27bKO3gQ1yrhdl9COHgHqZJTczM2VBitsT6NEjHcr2WR135HWZipDkGiXd9+U+q6oFRI/H9VXsx9UBipPsJeN9gZzEinh9pRsnddkjOYjM25llYSvMPszbqEzP4A9v+w15ES8bDvlql4jJFoCLJuayxxBQAMoXtKD9zcEPS496SNYntl5DOIH57hWC6xQ/qteK5VwTjtpCy4A4hZb+5kmzvVng1DNrpNse5AXTQ8UuNxbShKqhLj1vRS+fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sedonasys.com; dmarc=pass action=none header.from=sedonasys.com; dkim=pass header.d=sedonasys.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sedonasys.onmicrosoft.com; s=selector2-sedonasys-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fORZPhiE9FDyTokrHor2cy52e0drKbjQN5w8HBxBo2c=; b=fwdNz/iZUXmanY+exxb/X/+UNMFKuqVkQWXYJahOk8UDKBlvOyPF/UkJKlhfGrP4tVCYoqjuGeg2TEPcd5WexHcwNJd5RVuClQpDzqGozhlKCfNnv61Grp2Gq+/TerRBnVNBNsJI/7ZRfhqmPtqz/OqYgRrb39SCWv+NvruhGbw= Received: from DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM (10.255.17.204) by DB8PR10MB2764.EURPRD10.PROD.OUTLOOK.COM (20.179.9.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Mon, 7 Oct 2019 11:28:35 +0000 Received: from DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97f:fdcb:cd01:c7b5]) by DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97f:fdcb:cd01:c7b5%7]) with mapi id 15.20.2327.023; Mon, 7 Oct 2019 11:28:35 +0000 From: Anton Snitser To: "andy@yumaworks.com" , "mbj@tail-f.com" , "kwatsen@juniper.net" , "netconf@ietf.org" CC: Liviu Cohen Thread-Topic: RFC8040 inquiries Thread-Index: AQHVePX19zmZMGveE0a2YmIbFCjzPadPNFAA Date: Mon, 7 Oct 2019 11:28:35 +0000 Message-ID: <85070ED8-38A7-4C0D-B9C5-BC53252AB800@sedonasys.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=antons@sedonasys.com; x-originating-ip: [37.142.40.85] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6d4e3f3a-72c2-4cd8-592c-08d74b197e28 x-ms-traffictypediagnostic: DB8PR10MB2764: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(396003)(136003)(346002)(366004)(376002)(53754006)(199004)(189003)(66946007)(256004)(555904003)(66066001)(186003)(7116003)(6436002)(7066003)(606006)(66556008)(64756008)(66616009)(66476007)(66446008)(229853002)(76116006)(91956017)(14454004)(71190400001)(71200400001)(25786009)(316002)(6486002)(33656002)(6246003)(36756003)(107886003)(45080400002)(99286004)(3846002)(790700001)(236005)(6116002)(6506007)(81166006)(81156014)(2201001)(486006)(8676002)(54896002)(6306002)(5660300002)(102836004)(6512007)(733005)(508600001)(446003)(11346002)(26005)(1941001)(4326008)(99936001)(2501003)(2906002)(9326002)(8936002)(476003)(86362001)(7736002)(2616005)(76176011)(110136005)(36394004); DIR:OUT; SFP:1102; SCL:1; SRVR:DB8PR10MB2764; H:DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: sedonasys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Tqf4aoE5+h5q2/OJEJVEbxgx70iEg7JZAlQ/bvQCBXHCC5bofYi7PKtUjSUs0sKWSzRDhJhaaTnJWbho7G2oBsKMlrEpTwKgis5jCARdinoBVzpLDqEotabPZRIFkdUR1sclDLLYOSWotcC/WtTTQ91ii4IIC78fEe2teZZfvz4z/Ww37xUVzsxVjz4OjU/oWXAFYV+GurLlDXw2NyPqLAALHqGYuXfopyOL+a9qgTL6+Px/tGUtrKgJCQfivFXT2oyOmxti9UEZH4S7iOHGV/XXUr7l5YtYkbsqiPd4M2oBBwY6Kj/lpt7e1aCs/R8OJNkFmhjkU6YMLVA7MRMfrcRos5gro6BUU4DI+Gg3XLhswaZk1UQQPqBLvXKnOCCa5KICMk7BDKaCsiPR7Nl3E+1hS1K1ln1vR6IKYAOxanqkc+Z6YHHCxPlMJ68Is9ZSaUl1BfWmlsQztlKopxR6sg== Content-Type: multipart/related; boundary="_004_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_"; type="multipart/alternative" MIME-Version: 1.0 X-OriginatorOrg: sedonasys.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6d4e3f3a-72c2-4cd8-592c-08d74b197e28 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 11:28:35.8234 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d7c5624d-c76e-473e-9a79-91d374431ce8 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: W2Syt7vNxu15wH7XRgaRj5dXiEbNUUVxjpjdXaz8/pKQgmVoncS8jPq6yznkARHL3CL4PoS9uamzDbfrPND6Eg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB2764 Archived-At: Subject: Re: [netconf] RFC8040 inquiries X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 11:28:41 -0000 --_004_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_ Content-Type: multipart/alternative; boundary="_000_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_" --_000_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGVsbG8gRXZlcnlvbmUsDQoNCk15IG5hbWUgSXMgQW50b24gU25pemFyLCBJIGFtIGEgU3lzdGVt IGVuZ2luZWVyIHdvcmtpbmcgZm9yIFNlZG9uYSBTeXN0ZW1zLg0KDQpJIGhhdmUgYSBmb3VuZGF0 aW9uYWwgcXVlc3Rpb24gcmVnYXJkaW5nIHRoZSBSRVNUQ09ORiBzcGVjaWZpY2F0aW9uLiBJIGhh dmUgbm90IHNlZW4gYW55d2hlcmUgaW4gdGhlIGRvY3VtZW50IHdoZXRoZXIgaXQgaXMgcmVxdWly ZWQgdG8gcHJvdmlkZSBhIHN5bmNocm9ub3VzIG9yIGFzeW5jaHJvbm91cyBpbnRlcmZhY2U/IE9y IG1heWJlIHlvdSBoYXZlIGxlZnQgaXQgZm9yIHRoZSBpbXBsZW1lbnRvciB0byBkZWNpZGU/DQoN CkZvciBOb24tTk1EQSAodW5pZmllZCBkYXRhc3RvcmUpIFJFU1RDT05GIChSRkMgODA0MCkgaXQg aXMgc3RhdGVkIHRoYXQgb25seSBhIDIwMSBjcmVhdGVkIHN0YXR1cyBjb2RlIHdpbGwgdmFsaWQg dG8gYmUgdXNlZCB3aGVuIG5ldyBvYmplY3RzIGFyZSBjcmVhdGVkL2NvbmZpZ3VyZWQuIFdpdGgg dGhhdCBpbiBtaW5kLCBzaG91bGQgb25lIHRyZWF0IHRoaXMgYXMgYW4gaW1wbGljaXQgZGVmaW5p dGlvbiB0byBtYWtlIHRoZSBpbnRlcmZhY2Ugc3luY2hyb25vdXM/IEUuZy4sIG9ubHkgdXBvbiBy ZXNvdXJjZSBjcmVhdGlvbiBpbiB0aGUgbmV0d29yayB3aWxsIGEgMjAxIGJlIHNlbnQgdG8gdGhl IE5CSSBjbGllbnQ/DQoNCkF0IHRoZSBtb21lbnQgd2UgaW1wbGVtZW50IGEgc3luY2hyb25vdXMg UkVTVENPTkYgaW50ZXJmYWNlIGJ1dCBhdCB0aGUgc2FtZSB0aW1lIHdvbmRlcmluZyBzdXBwb3J0 IGZvciBhc3luYyBmb3Igc29tZSBvcHRpbWl6YXRpb24gY29uc2lkZXJhdGlvbnMuIEFzIHdlcmUg d29uZGVyaW5nIHdoZXRoZXIgaXQgd291bGQgc3RpbGwgYmUgY29tcGxpYW50IHRvIHRoZSBzdGFu ZGFyZCBvciBub3QuLiBBbnkgY2xhcmlmaWNhdGlvbiB3b3VsZCBiZSBoZWxwZnVsLg0KDQpIYW5r cywNCkJlc3QgcmVnYXJkcw0KDQpbaWQ6aW1hZ2UwMDEucG5nQDAxRDNENEVDLkFGRDgxMjYwXQ0K QW50b24gU25pemFyIHwgU3lzdGVtcyBFbmdpbmVlcuKAqA0KbTogKzk3Mi01MDQwNDI3NDQNCmU6 IGFudG9uc0BzZWRvbmFzeXMuY29tPG1haWx0bzphbnRvbnNAc2Vkb25hc3lzLmNvbT4NCnc6IHNl ZG9uYXN5cy5jb208aHR0cHM6Ly9zZWRvbmFzeXMuY29tLz4NCmw6IExpbmtlZGluPGh0dHA6Ly9s aW5rZWRpbi5jb20vaW4vYW50b24tc25pemFyLTRhYTU3NjQ2Lz4NCg0K --_000_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_ Content-Type: text/html; charset="utf-8" Content-ID: <00CACC8F7ACFAD468B194AF06A22D348@EURPRD10.PROD.OUTLOOK.COM> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OiJNUyBNaW5jaG8iOw0KCXBhbm9zZS0xOjIgMiA2IDkgNCAyIDUgOCAz IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2Ut MToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJy aTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQt ZmFtaWx5OiJcQE1TIE1pbmNobyI7DQoJcGFub3NlLTE6MiAyIDYgOSA0IDIgNSA4IDMgNDt9DQov KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywg c3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYz QzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlw ZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7 DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1h bDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1z dHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0K CWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29s b3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQt b25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYx Mi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0O30NCmRp di5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lm IGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9 IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxv OnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIx IiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkg bGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9 IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdCI+SGVsbG8gRXZlcnlvbmUsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0Ij5NeSBuYW1lIElzIEFudG9uIFNuaXphciwgSSBhbSBhIFN5c3RlbSBlbmdp bmVlciB3b3JraW5nIGZvciBTZWRvbmEgU3lzdGVtcy48L3NwYW4+PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7 PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQiPkkgaGF2ZSBhIGZvdW5kYXRpb25hbCBxdWVzdGlvbiByZWdhcmRp bmcgdGhlIFJFU1RDT05GIHNwZWNpZmljYXRpb24uIEkgaGF2ZSBub3Qgc2VlbiBhbnl3aGVyZSBp biB0aGUgZG9jdW1lbnQgd2hldGhlciBpdCBpcyByZXF1aXJlZCB0byBwcm92aWRlIGEgc3luY2hy b25vdXMgb3IgYXN5bmNocm9ub3VzIGludGVyZmFjZT8gT3IgbWF5YmUgeW91IGhhdmUgbGVmdA0K IGl0IGZvciB0aGUgaW1wbGVtZW50b3IgdG8gZGVjaWRlPzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Rm9yIE5vbi1OTURBICh1bmlmaWVkIGRhdGFzdG9yZSkgUkVT VENPTkYgKFJGQyA4MDQwKSBpdCBpcyBzdGF0ZWQgdGhhdCBvbmx5IGEgMjAxIGNyZWF0ZWQgc3Rh dHVzIGNvZGUgd2lsbCB2YWxpZCB0byBiZSB1c2VkIHdoZW4gbmV3IG9iamVjdHMgYXJlIGNyZWF0 ZWQvY29uZmlndXJlZC4gV2l0aCB0aGF0IGluIG1pbmQsIHNob3VsZCBvbmUgdHJlYXQgdGhpcw0K IGFzIGFuIGltcGxpY2l0IGRlZmluaXRpb24gdG8gbWFrZSB0aGUgaW50ZXJmYWNlIHN5bmNocm9u b3VzPyBFLmcuLCBvbmx5IHVwb24gcmVzb3VyY2UgY3JlYXRpb24gaW4gdGhlIG5ldHdvcmsgd2ls bCBhIDIwMSBiZSBzZW50IHRvIHRoZSBOQkkgY2xpZW50Pzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+QXQgdGhlIG1vbWVudCB3ZSBpbXBsZW1lbnQgYSBzeW5jaHJv bm91cyBSRVNUQ09ORiBpbnRlcmZhY2UgYnV0IGF0IHRoZSBzYW1lIHRpbWUgd29uZGVyaW5nIHN1 cHBvcnQgZm9yIGFzeW5jIGZvciBzb21lIG9wdGltaXphdGlvbiBjb25zaWRlcmF0aW9ucy4gQXMg d2VyZSB3b25kZXJpbmcgd2hldGhlciBpdCB3b3VsZCBzdGlsbCBiZSBjb21wbGlhbnQgdG8gdGhl DQogc3RhbmRhcmQgb3Igbm90Li4gPGI+QW55IGNsYXJpZmljYXRpb24gd291bGQgYmUgaGVscGZ1 bC48L2I+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5IYW5rcyw8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdCI+QmVzdCByZWdhcmRzIDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDs8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+PGltZyB3aWR0aD0iMTMyIiBoZWlnaHQ9IjUw IiBzdHlsZT0id2lkdGg6MS4zNzVpbjtoZWlnaHQ6LjUyMDhpbiIgaWQ9IlBpY3R1cmVfeDAwMjBf MSIgc3JjPSJjaWQ6aW1hZ2UwMDEucG5nQDAxRDU3RDFCLjdGRDkxNUUwIiBhbHQ9ImlkOmltYWdl MDAxLnBuZ0AwMUQzRDRFQy5BRkQ4MTI2MCI+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6Ymxh Y2siPkFudG9uIFNuaXphciA8L3NwYW4+DQo8L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Y29sb3I6YmxhY2siPnw8Yj4gU3lzdGVtcyBFbmdpbmVlcjwvYj48L3NwYW4+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7TVMgTWluY2hvJnF1b3Q7O2Nv bG9yOmJsYWNrIj7igKg8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+bTogJiM0Mzs5NzIt NTA0MDQyNzQ0PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPmU6IDxhIGhyZWY9Im1haWx0 bzphbnRvbnNAc2Vkb25hc3lzLmNvbSI+DQphbnRvbnNAc2Vkb25hc3lzLmNvbTwvYT48L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtjb2xvcjpibGFjayI+dzogPGEgaHJlZj0iaHR0cHM6Ly9zZWRvbmFzeXMuY29t LyI+DQpzZWRvbmFzeXMuY29tPC9hPjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOmJsYWNrIj5sOiA8 YSBocmVmPSJodHRwOi8vbGlua2VkaW4uY29tL2luL2FudG9uLXNuaXphci00YWE1NzY0Ni8iPg0K TGlua2VkaW48L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_-- --_004_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=9345; creation-date="Mon, 07 Oct 2019 11:28:35 GMT"; modification-date="Mon, 07 Oct 2019 11:28:35 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAIQAAAAyCAYAAACd13PPAAAEDWlDQ1BJQ0MgUHJvZmlsZQAAOI2N VV1oHFUUPrtzZyMkzlNsNIV0qD8NJQ2TVjShtLp/3d02bpZJNtoi6GT27s6Yyc44M7v9oU9FUHwx 6psUxL+3gCAo9Q/bPrQvlQol2tQgKD60+INQ6Ium65k7M5lpurHeZe58853vnnvuuWfvBei5qliW kRQBFpquLRcy4nOHj4g9K5CEh6AXBqFXUR0rXalMAjZPC3e1W99Dwntf2dXd/p+tt0YdFSBxH2Kz 5qgLiI8B8KdVy3YBevqRHz/qWh72Yui3MUDEL3q44WPXw3M+fo1pZuQs4tOIBVVTaoiXEI/MxfhG DPsxsNZfoE1q66ro5aJim3XdoLFw72H+n23BaIXzbcOnz5mfPoTvYVz7KzUl5+FRxEuqkp9G/Aji a219thzg25abkRE/BpDc3pqvphHvRFys2weqvp+krbWKIX7nhDbzLOItiM8358pTwdirqpPFnMF2 xLc1WvLyOwTAibpbmvHHcvttU57y5+XqNZrLe3lE/Pq8eUj2fXKfOe3pfOjzhJYtB/yll5SDFcSD iH+hRkH25+L+sdxKEAMZahrlSX8ukqMOWy/jXW2m6M9LDBc31B9LFuv6gVKg/0Szi3KAr1kGq1GM jU/aLbnq6/lRxc4XfJ98hTargX++DbMJBSiYMIe9Ck1YAxFkKEAG3xbYaKmDDgYyFK0UGYpfoWYX G+fAPPI6tJnNwb7ClP7IyF+D+bjOtCpkhz6CFrIa/I6sFtNl8auFXGMTP34sNwI/JhkgEtmDz14y SfaRcTIBInmKPE32kxyyE2Tv+thKbEVePDfW/byMM1Kmm0XdObS7oGD/MypMXFPXrCwOtoYjyyn7 BV29/MZfsVzpLDdRtuIZnbpXzvlf+ev8MvYr/Gqk4H/kV/G3csdazLuyTMPsbFhzd1UabQbjFvDR mcWJxR3zcfHkVw9GfpbJmeev9F08WW8uDkaslwX6avlWGU6NRKz0g/SHtCy9J30o/ca9zX3Kfc19 zn3BXQKRO8ud477hLnAfc1/G9mrzGlrfexZ5GLdn6ZZrrEohI2wVHhZywjbhUWEy8icMCGNCUdiB lq3r+xafL549HQ5jH+an+1y+LlYBifuxAvRN/lVVVOlwlCkdVm9NOL5BE4wkQ2SMlDZU97hX86Ei lU/lUmkQUztTE6mx1EEPh7OmdqBtAvv8HdWpbrJS6tJj3n0CWdM6busNzRV3S9KTYhqvNiqWmuro iKgYhshMjmhTh9ptWhsF7970j/SbMrsPE1suR5z7DMC+P/Hs+y7ijrQAlhyAgccjbhjPygfeBTjz hNqy28EdkUh8C+DU9+z2v/oyeH791OncxHOs5y2AtTc7nb/f73TWPkD/qwBnjX8BoJ98VVBg/m8A ACAqSURBVHgB7ZxpkF5llcfPu/eaXpJ00lk7G1kZlrCHHWFYRAdGGHREv2Hph7EsP/jFKqusYcqx 9JtIiSVVOoCMrKKjWIIo5cAAAZJAErKvnU6nO71v7z7/37nvE96EhCGJJGbME27f7bnPcs7//M95 zr0vsbKKHVcpqXZOW/VjMZ0nrGRxK/oW87vUDLUSOqYWheuhhOsJVYzrYowH2Pwk1Dq7P1USSB5/ R5Hy31d1aIHrQAJtAo7YIQCgW65Tg7vvQ8NPonqVm2XtYxyfLadFArHjZwjUHimXEUdcEJl1OVyX VsvSaqR8gQEthxNXvP+JcFFRPgAKYGEfmOO0SOVvuNPjBgTKCq6gossKu+tOuai77JFoqMmhiKgU yIinCwKD6uIfaAQK0Z+SYFDwvVlS+2TEHdw8W06RBIKWPnJ36C8AITwUxQS4CFSIkmEQACE7J0SJ aY/SueQHtMAJT2pzP+E3dU6JHE90fPbvqZTAcQOCwWHLUYkUxxncUHKkRJCJ/qquDriPurkGLhLl lDDDmZjCn9ROd2ICUNxr8Jf7Z8uplsAxXUZYfMSOjPBwCyWtMuJ4eaCRtIJ0l9cZimf9kdXBhA4m JvJWKJZc5YVyyWpqMtZcH7cm1a9RPdAY0136KhXLlkxEK5WS0JMQck4nJBjTB+au8R6tlEqKqlQ/ ofGf6eVDGYKJVpd4HLutUL120qEVJYOsKvWr6o7OUdvbO2w9A+PWNzRhg0OjlssXLVabsnJNwtKi i5a6pLVNStnc5kab0dykrdaaMyhfjYk14oQWaiuWVqOnERFHAgJZABA27rEhD8pHBY5X/iv/c0yG COMuFnEG4gLA4MLAogsWiycFhIQNFsq2df+4vb2107bu7bOugyPWN5qzcjxtsVRCahYHpAScVN6K 2ayVJiYslp2wyZmUzWyeZEtntdvVFyy0xTPqLa2ukmAQILhvoefTX1B+AEQAQWCFAAbOYYhwfvpH fWIjOCYgmCAlCIBjBJMTn5fE52My6B0HRm31xl22VmDY0zdh+USt3EdGC4oaS2VqLJ6UOxGgiqUJ uZERGx9XnfGsZUdH8SfWIHZpKOTsinMX2z/fcoUtac9Ymm6hHgCRPI0UwYRVAhtwHGQRwBHuA4Iz HQjMhXJMl8GkgwBgCSbMeSkRsy7FB6u399nqdVts855uGy4kLDmpzXIKFstxtqSNFgoKNSYkURaT OctPjFt/b69lc2VLpWutYVKTZWrSNty7z97YtM0uv2CpzWufbmnccJFgU6Aw/MbpKYEV6D3MnWOu UwIAwjky+n8dQyRl3dUlLkCUNOl9AxP2izVd9saWLusfGbdE3TQrp+vkOnRfy8tESv6hVFSAWbZ0 JmkpPZcbHLbhzr0WL8StobbJYplGgSdhA+NFS6YaLBsbtaKQQCxSo5VHKkVoenj/1WM5FccoPCi9 2jCycnujYrhcLmf19fXW3NzswwkGFJ45FWP8OPpIuiHS8pHsrDiBQgxQ0ooir/u7ekftTxs6bfXm PjuQlb/MtFgpVWdZ+X7iCYVZltCx7lgmmbBMrGATwwM22LPfiuM5ywg4GbmbslYW+VLenyASWbJg js2f3SLwiBx0N+UJLtU7YkxHnLq1HlUBWLEUeqhg1JxGxv3BuVYqBmsPbQYgcDswxs6dO+273/2u ZTIZO//88+2Tn/ykzZ49W91FAeaRbVSa/sCOeqEfNX5ovNXXq48/0MDHdCGpaEmDqUymIkNBQCkC 0b0uy15tXMHSrnGzJ9/cb6+9t9+yqWYxAdyueCKf18TEDHInDh61FysVdK6cY2HEin1dlh/uV7Ky 1nKFotUUxgWUcWvU0rU2UbLzl82zW6690OY0kZs09SaGUVtFtVOWu0HQJe0pycoxgkrouCDXEtee lBhCjQE2LXOx1mRarkvxDkJ3OqdNMZwuOLXDdnGWuapLO+l02vKaCyUc4wLcTVJHLpDru3btsid+ 8QstkZPW13vQ7rn7n7xPF530mhODeHCpsZQ0Fp6HXRkHeCyrLa7lcllLJlNet5AnSI+Cdp6vqatF tJabyHqfjNnBozkyXgr1acuf03VeFcRI+pxkiXhZnZfRBiMObeIyPOOYsmHJ8X82dtvaPQM2kmjU BOXbva5u6AAosOUk2JSei8vCi9kRi5fGrDw2aBP9B9xNpBR/JPNiCk1g4ex2u/T8JbZyyWybO63R 6tRSUULPyd0kNZaEhAUi6QaBoHZEAUAQLcFqKiGl80/tAYwAAMDgD1YJkDYSBLnqg344ByBF9YcC QwwQjnGZtItrSMkNAgbOKc2Tmv0aynFFqa2y2irpfqamRvVKAoZyMIW8lFt36DlXop6nzUw642NB kQ4ajQEw0A8AoW1kyTgBL3vqwZrRXAUsPcOYitoA3V+iRIBQW7xWeJ+i1bF8vKYr/x63zbv77OXX 1ln3gOKClpkSHg9wN3oGZtADVl9XY6PDQ1avVhvE/50bN9tI1w6b1tpk09oabXJLsy2cP8cWz59t 58xpselNtVYn5Y/LnXT29dj4UL8VsmOyvpg1T26zhqZWq62pleKjYbpCEIy2hCyQkpfQEVBcdbAQ hJnTCqa2ttYZo4T1VQmLMXMel0sbHRn1Z4KyUQLK8vsSPsWtXfUBDGBqaWmxCS2b05ko4AU4tIly XCk6AbRxjQUgJehbY81lc554C0ygSs5iALcEQCU/2sqr/7RAxXmsAtSkxprXPKJ5CwRivshQKnN5 X3E+5pP5E0n6iBboTHZjRU2sW/Tw1qZd1j2oALJ+mjKSGhAC9Wd8WH4UB6WyjKRijySIzo9ag7JM y/9uiV1x4TJbunC+dcxstjoJMpOOm0hRLqRsnZ37rKe7y0b6eySYnBQqhWi6NT191tQ61ebMmWNT W6dIPlgCKxYpXYqDslFSSkyCzHds226vv/GGde7d60qdPHmy+/aZM2fa8nNXuMUhUFzR2jVrbPXq 1UaAmFV/8+fPt+XLl9vixYsjpbgblGWq7vr16+3111/3/gHHjh07rE5WDzhQIHVgq2QqaRNj47Zm 7VrbuHGj9R444H0RX5x77rm2fMUKBw3CgkmefuopGxkZsSuuuMLaZ8ywP770ku3V2A/ouZmzZtl1 115rHR0dPhfT6m2gv982bdpkvVqpTQjwAwMDHscsXLjQVqj9ltYW18PJ/qkAAsW6J46YVmdFWQhR /+bOXlu/Y59WAQ0Wr2m0US0bM7JgzSl6Al+Da5Gwx0aGrV4Kj4/3WzI3Yrdev8puumSJzW+vdwAo 6aFn5P/Vbk6I79y9y/bu3ilBjqhDqFtjgAYl5D5NeGh0wi0UlqiHemUZMj0HQ0lUPzY2Zo2NjbZ1 yxa7/1/vt5dfftn6JTgsnnuwxE033WTf+ta3bOE5i6xrX5c99KMf2W9/+1vbtm2bK5W4g/pXXnml ffnLX7brrrvOFT00NGSPPfaYb9SFOXICT0tTs1LwNcZ9CkAFDMQTP/3pT+0pKfqdd97xNrlP3XPO Oce++tWv2m0KQGGOzVLst7/9bdu9e7fde++91tbWZg8++KCYcjxyGQLbrbfeat///vdtSttU2751 m/3gBz+wP/7pT7ZbMQxgnDRpkgMawDPHr3/96zZ1WhtdnlQR38m8IgKqNBT5atYYg3LaG5Rn6Owf t9jkaUouyX/LIsu+ChDSefRQkfXGpXAFiymxxKI5M+yGy8+1xW1pS0mRabkY6BDKxNI6d223vTt3 2cjoiPISKbUlWpVwE7L8strJ6BOqCQmos7PTWppbrE7KTfL+RHVgCuDrFqrzl176oz333HNuuQgK q8SC9u3b53uuYVXP/fKXDoicGABFzZBl5uRy6OOFF16whoYGmzdvns2dO9fPf/zjHzsjABiWlwSf uNasgj365joMwZiefvppVxr90h+uBQZgibpGjPS9733PpkyZYldcucpjGQJY2mDcyAMlNzU1OcA4 fkmMwZjuuvsunxdtwDyNGmPr5FYPqmE4D3KfeMKuuuoqu+W2Wz3OOKSSEzgQQ1S0KiFHwFB0LOUQ Lm7ZPWCb9vRZWbmDXEwZAthACKcqYEA40ePYvaJzchC5Mb3NLNoCAWJGa9pTS0k9oDWB1SpdTRC3 e88u27Jls43r5Vc8mXb3VBIw5UG8D9rKKIedVC4bt9B9oNumTW2zOikxLwW4X8aPShEwAbTOMYr4 9Kc/bfd+4Qt+vnXrVgdS2/Rp9uYbq92CR1V/0aJF9gXVueGGG+xgf5/9qMIaMMzbb79tra2t9tBD D9mePXucZS677DK3cBQG1T/8k4c1QslAYwEUuwTsxx9/3NkJINxxxx121113Oas88MADzlybN292 9jj/ggsUF9U4GAAEwFghd/KNb3zDAfSTn/zE/vCHPzgAcVW33XabTZ/R7kzCOG6++WYHDmzCGAEN IKTuTTf//ckDwhWryUW8EFE6awbgcWBwzAbGxBVyF3lVLAsMJSkbhbEFLHFIQUBJoQTqr0vLgmTQ vlbgbZVXjlv/QJ91dnXLMqVYpbfLWrL6RzECYVn0TbxKdFsoR8EdQmPyWCcFdwJ4CDSxcqi8qWmS +9ODBw86K/Rpf+HKlbZs+TLFJUDbbK18OxSNpcMEt3/qU84ko2OjtmDBAr/O81h0T0+P9fX1udKm TZtm99xzj1199dXeTpdY58EfPuj3ACGAgGGILchNAKbPfe5zduFFK70+MQGABVzU6VXbxBAU5AXl 33333Xbl1VdZPqvgWm298sor7g5QdJ2SX8yBOjzF8h5GgeWIfQApYwZY1cGzd3ACf/xdEj7dC6Yv xaCTUfU+MJ630XzZsuIRPnoiBhCbq0QT8mcAj5OMAKP7ZSmTASelXOEiwoyql5TOnsjlbde+/ba/ r1+Ao47YQQ+jYDbWvkAyesgbdYZgOQZTUGib4JC+WIYh1EXy0QwJ5fz+97+3NxRcXnrppXbLLbfY qlWrbMasma5g2ATaJrn0b/ffHwlSQAMAtM9Gm4ODgzY8POz329vbbaXARaHPGsUz1AOM9M01gMQz xCzTp0+3jo4OuRWtRLS0JHkFawBGQEFfzTpHebRDDLRkyRJvn1hk6tSp3iZtcx+3WS8AMx7Yi/hk i2Im7tMmdXAxbHrQ2zmZP8mIIaREUbDUpi1SxLASUf3DORunMykXgZNscn15XeorUYJy/Ej3dZMW CuJ+No2Vi5q84gLV6xsatgM9B/U+Q+5Dwiti9WII1iwATU8IdOpLR8Klj4SJYw0wAf1EeQiC0mgZ R8QP9d/3pfvsySefdIFjWb/61a/s1VdftS9+8Yv2LwroAIuv96VwWOfXv/61K4XlJ0qloEzYA3bA 4hgjCuNZCkrUfw5KjvHhPj6NjTapRxuUdEpve8Wo9MkYYQ8seVxAaa70F5TOnkJ8BRtGrCc3rXZZ 3hIL/ft3vmO/+c1vfJXBeAE2YGBjeQszxYmxTrIcetscNYVgovzCRLZgIxp8njWuBhpnJVFxF5Gq pLZKEOGgUL24lMtn+Fm5gwkpHdD6kkKCgR16e/skFGUqFZimRfkjE6OK0HEqgDACog68xIKQJHgy fggHqkUh7FlukvihEHR+7Wtf82j7d7/7nftT4ofu7m575pln7AL5bWcWzQOWuOiiiwSgL7kg4wI7 CkHBKPW8886zt956y+8BCsCFIkNh2Up9lAIAaBe2YI8Vd3V1+VhZvVAcBLg8CYOAkODYpVzpkzZQ aEiqARw2+qZNDIC45dFHHzWW0p/4xCc8npghV/Os5vaEAkqCV545QoRhyMe1T0a2EZ7hLLoC8pg4 CZeYUodFmTBLPdwGC0en9vAYIwEMcjkkoPlWwtEaEYvXyunN5/DooFyEomuBoVTUXo95+gtFh4EQ b+A6ULyexMIQPmMhhS1oOh3XiI4RJIXMYI3ikVVXXWkrL77INq7fYPfLJRBwsQxFqbO0toe6Wcej pIvkBljShUIfgIISrB2FQPEEhOQoAOXWLVu9X+RDPepA87RNXwDivffe80Awq9f969atc6AwflYv xCSwBOc8G+ZGz6zCKLQNgHh5tkdugfY4ByTXXnut3X777a6llxR8Updxc9/1JXmdTJGqUS3a0JCU AHEVuTII7HRdQPA+BAbohBRtUUtCViIlBRbsy9p7Ll33GA5Lxpp0TF9I0SrWpDeeGnBuAspgwrBQ XoKN0sNcczx48KkT7X1EdKzJBrAAxqTYpiBqLCrQiqsDKBbF4wKuu+Zat/CgdFLVtXovAHUvW7bM SOLAGgR33xEFf0qBJRE8fvnFF1/0eIOAEOWjYOri98kv4D6IFX72Hz/zcRfUPwpASW1SMoEpLmp/ 93574Ic/dHfCUpdVw/79+125CxYttCkCD74fJbppaYxkW1m9peQeQiod5qLtRq2cAEaUEi97DgUg de3vsl9qGY17m8RylX/o6ySLFn0aDO2U5DQABLiQHsqy4qyjTi9ryvKV2ZhN0vITV5CMyaeLBcqK DQgOWSloNP6JXKqQtfpEwVobpQy1wwIWsOTlRrICDHXJNZB/92yC7nnxXSVPxnCKyvfXKBCVleFe uE24y6Q5P5THV5svvPiCPfLYo/Kx/yVfOtkDPNrM6gUS1Eomb9Hic+zmW2+xt9eu8dzDz//zcXvy 6aec9hE8qwGYg0CUlQhxCb4bq3/zzTftvvvucwDQf73iCuoPKRHXN9Bvc+bOsX+48w7bsm2rg+aV V1+xt95+65Clk+sgML1RCaSMvit1AEjhLIHHxpVAU4wRCi6J+jEttzCLZqX7l61Y7noZV8p8zbq1 9u6G9W4IBLwtyklgAAMKagEo5WjACOwX+jnWXqxdhSo3y6hqnbTZUAdjaFEoS40JyeN5lnxKxui1 9qGVgWrEcBUlUVxKk+kfsOlzm23+9CYlo2gLBoJNIgRrF/WI5Tu7VPVPdYqec7CICVhmATZ/L1AJ mjybSUNUVTvLtI5fefHFtmnDRqds4gSSTp/5zGc8H9DR0eF1Q26A4IzUNc/ie8lf3Hjjje6fg7v4 kmIMgsFHHnnEmQJ2mDdvnn3+8593wDz88MO+h7KRz2c/+1kHF4EtbZPJREEsC1nxfPOb3/QUNtRO HzOkTF6y0SbBKQVFwkSsOgAnsQn1GdtXvvIVe/bZZ51tuE5+4s4777Tnn3/er3sDf4E/Ma33lRiU ckgAKBMJdeVkqPsEtp+/tN6ef3ODJZpnK4tYr/cMKbfMYkwBHjGFqCSul2CAKqXP5OrLE5YaO2C3 Xb7C/nGV1shqMqPMJZ5/X/+QrZfCWJ4F33lM1DIUWUltXdqyej8AI1x2yaXWNnmKbkTxBMLDJUCV WOpmBZG9+7s9I4nFQ7MkoKBy+kGwBHAIeqeWnbgNFEFcwMoCl0KGkzrBFzNWcgiwBG0CkAsvvNDH j18HCJyHWIY6tEtAS9wCWGgTBRNnhDHgSrZv3+6yYJzEFrASc8La6ZPrgInxc52xEsvgxuiP4JeV Bf0BVurj6pDt0coxZX1E5Viu7PlHfdhSMV1RekEJhAOq+Oyrm+yZ/15nOX0VlUtOFUNkLKFgriDF x/TLK15zJ8QO6bKEVRwzG+6xxWKGu2+8xC6YWRd9aq860GDP8JiobqMLCkEGejvqQCuASCuzRQ6i qb7RLhUDNDdOsqLegQAELxJUXktXBMRn/kATYYfonzoIE8VQ2MMIwarDdYTIOKiL0gJgw542sdxQ qEd9ng/jZ07Uo32uBVDxDPXDfDmnLiU8G8YYxse90AcgY0z0DyhCIBsYhLqMkzq0G9rkenU51vXq OhzHPQaQBUuW2hCc0smyaX430Tap1lpqM1bWoMqi97zAklfskI9LAdC9Jp4UGDLFCaspjlh7Q9JW Lp5jHVPrpJxKkzpK6rsFBMIkw6bbxy7CpgdVmiT1QybSl2YaqH8foOuavbdRUMDr7YotAAOT5zwo PAAwCCUomnPcC0KnPmNE4KEeQuY6ygj32cMqtE07tM01ClRO4T7g4DobyqNN2g/HMAgKpo/QFsCm Dhtt8CzX6J8xhnoBINwP7VaP2wdxgn/IB3nxnALhvF5Zx/RyCnton1Rv0+r1PUJegaViBFwDS0uJ Tp5FCZFSVi5B1qMvqtPjfXaxwLDqvLnWojyOLwjVXF6/y6APfp/BJJkMEw6TiXo/8m8kCNLUlCbR aaZC5awYeJZkFe0gMDk8jYeonDFG96kTgMAxAmNDsEHoXCd+AETVBSGj7FCohzJCe4GBUC4rCPIA rHbYAAJjwr1wn3Pq40Y45zpLUbKOPBf6gvbZACj9ICfu4ULoI/TNCiWAjfvEKlwjB8I4T7YoT4cl 658EGjGEh3NSaMlmtTbb4pnTbeeB7aLqMWuqq7f+sSG9pBLaJ4atIRO3VHbY0rkhW6XvHq6/eKFN rxMjVEZF6lovHfQlVdHf9eOLgxUxQbaA+iB0Jsm0mBvHLLua9crZFc1Y9QyBJokr/yCFazyjvlA4 bVaXcO511Giw6nCdfrnHVg0C2qA9CnXCvfAcCvjzn//sCgbofE+BYoj8iQl4J8FKhGQS8QJKJKdB HoJ7LGeJXfhWgtUMbzKJAwDr5Zdf7nELL6yCEQEywAuzwBgXy4Vy/O677/r4eIVODIHLCmNk7Mzr eIqLj0dYC4geKs+ScCjbZCn3kqUL7Nw57ZYaPWixkW5rTer3FIUhq5sYsFJfp7UqnX3leUvs5quW W7t+hUULsAN7vqHsHRi0t9a8Yxs2bjhkpQyYgWIFYfCBNRzlAgM5fNgAgWJVFL4lCMWfq0zWFarx h7ZCHfZ+r6rekXU+isCObIMxAgiUjIJRIEEhDMFHLswlMAesQLKK4HDp0qWH5kN98iKwBErlRRV1 AAcfwmA8WD/XCUhhD9LoJNgILLnPq2/cDkAggIaJmF/1eF2e1QL5P46T/J9bKMQDrAZkJ9pkEZp0 neS/bFadjV20VK5ii23TSiEnFxFTrmF6m97L1zfbivnT7eIls2yK3CfES+LqoALIQQ14ryxh8+Yt tnPPbv94gzd7TCAMMgwcluA4WCTHuey4XIV+6qflI+leirOYH53+P1g342VFwL6jo8MV/tprrzkz ME8sHsUDaBgBy2Y+MAiWzzlswWomuAwSYhgKhedRNOACBKxYkB3nKJ8xACA22IP6yO5kCpklSfp9 QMjbChLyvwogFbpbvazysgWN1j7tfNvaM2q9eiXeIEczVd9DtrXU2NTGhDNCb69+wnfwgD4d6/LP x4aGokkeONCjlYl+ticwUFA+k0FgIeJnkggVdCMojUbJn3qbOWOmTVGiKcpjEP4GBvOmTssfrJ84 BAXwlRVugCUo82F5yZzIQwQGoN7111/vVs9rbRJUtMF8UR6uADcK0wAGXBPXYBruIxv21GcLYIFZ YBye4+0nWdJrrrnGwYccq43ueASllKGqV+InGAJ8wBM4ZU8ZC6xKGNqCxri1ibLypUar1W3iAx4b 1Y9ttu/eY7vEAj093TY0PKicvKJnRf4TyiU06vebUB6TJmACDAEQCLaawjknM8kXVLNmzfA3hwkB k8kRYOIy+He6C4qBzgE3Lg1XEYI6QEEqnTowA0Eh46ceMQYFQFAfMAEgQIBrIf6gXSydtinskQsb oKMuAKENQME5bz5pizpc5/6JlkrUFD2O9wigCK7E70yIMXShoUYWqvcMCd4jCMXD+kXW1s1bbdPW bdanr63Tmlxa3wskpPSRkSHlCKL3/ZOnTHXLZ7AAAN+LFTBZcvdByZyTkgZAc+fM1dvBRnEFbKUa CMIXHR5tnuh8T/q5AGBAgGUCctigo6PDQcDYOSfIoy6KJnkE83GN+zyLLAgk+V6CpBhJJ5RKHViF eAEgASyOYVgMiTYBAKDBDe1Uko1j3AkuiPuBWU5ksrFyXr1Kz7y/wHMBCh1aku/ZOHG20AFJbt0g gxjXZHho86bN9va6d/QaO6cXTSSHtByUgqG1wZFBTyrxccpM+U2CxJQmxAphXEKsE3D4HgJ3EH1p LfrUK21yDgvmL5CL4k0kY1A8oxUQY3Ia1KXDLKBiDAz1xO1CDx9HYRzMEb+P1WLZWCqFQI+gkK+p yTSifKweRcEGKBcwEDfQBucokiCRtmDSEAsAJtqgP46pRz8YVOiPMSAPspYYWXVxeenCYfKqrnCU Y71AVG+VEg4OE+zRJK1r/QcH7bXX3nBX0TCpUS+u9HpWE8zptfaohED2AaRPnjpFk8zIfeiLGxVP LqlLXlelhf6SXnrx66+6mjoBp93mzJ5jTXouLCkrQzsjdiwD+RgWS+abC/awXlDemTCJkDLwsR4G hDD6o12sXIPqmTDpZX76jxLDz9caGxv8UzG+W4i+oxDzuBGJaQQCCs8WBIapLa02v2OetbdNcyEG FxKGcKbsiRmIIQBCsNYqezsjpnEYQ3yUETPBQk5Rcipuu3d26nXyWqdOGIGPcJWH9J+pNeuHI2l9 iwC9ZfVxjPDiluI+Tt9DuBsQjc6ZqSWrVhJtCrr47Awv4eVoQPwoAzyNdYLyqyka0HPOvM+EcoKA UNpaX1UX9Dq8W8vKLq2Lew722rC+YPZfV0n7/L6SxFL45CyutyZ8PYxwGhQEzdC3h5ObW22ywFCj D2U8x1ASGvBgCO8MBET1KgDln0muIoD1uAHhD0pnsAQvoPSuS9Rf1v9PSvl8fcCRVTQ9oqBxWD/A IabAMuJ6Y5IQOJqUSCGuqK9vsHoFlcQQhwrM4FslMaL6ZxooAkOEfTVTVB8fmvNf4cEJAULvt9yS mWRBYPCPXvleToWVhscGokr/VbJXZaWgIFJRMP+nOYz/kNA4gxV8q4BAdb0SFc+gwuqBEtzDmeYu GPsJAYIHQ0GPXo5QXjB4LoetUjPaheeqL1ZfO+pD1ZXPHn8cEqji7BNrHmMO5Uh9cr3qdqgmNnj/ 8LCjUPlY9w+rfPbk45DASQOielBBn+HaYecfpuRQkTrhOOxDY2f3p0QCf1FAHNPymcqHKDhgBbZx THxI3VMilb/hTk774jiAAR2E47D/G9bLaZv6/wKfbJa0ghDEsgAAAABJRU5ErkJgggAAAAAA --_004_85070ED838A74C0DB9C5BC53252AB800sedonasyscom_-- From nobody Mon Oct 7 05:22:11 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D221812007C for ; Mon, 7 Oct 2019 05:22:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-vhvd_SoHgH for ; Mon, 7 Oct 2019 05:22:08 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 17F6E120052 for ; Mon, 7 Oct 2019 05:22:08 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id ADEA91AE018A; Mon, 7 Oct 2019 14:22:05 +0200 (CEST) Date: Mon, 07 Oct 2019 14:21:39 +0200 (CEST) Message-Id: <20191007.142139.1024121209074847392.mbj@tail-f.com> To: antons@sedonasys.com Cc: andy@yumaworks.com, kwatsen@juniper.net, netconf@ietf.org, liviuc@sedonasys.com From: Martin Bjorklund In-Reply-To: <85070ED8-38A7-4C0D-B9C5-BC53252AB800@sedonasys.com> References: <85070ED8-38A7-4C0D-B9C5-BC53252AB800@sedonasys.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: base64 Archived-At: Subject: Re: [netconf] RFC8040 inquiries X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 12:22:10 -0000 SGksDQoNCkFudG9uIFNuaXRzZXIgPGFudG9uc0BzZWRvbmFzeXMuY29tPiB3cm90ZToNCj4gSGVs bG8gRXZlcnlvbmUsDQo+IA0KPiBNeSBuYW1lIElzIEFudG9uIFNuaXphciwgSSBhbSBhIFN5c3Rl bSBlbmdpbmVlciB3b3JraW5nIGZvciBTZWRvbmENCj4gU3lzdGVtcy4NCj4gDQo+IEkgaGF2ZSBh IGZvdW5kYXRpb25hbCBxdWVzdGlvbiByZWdhcmRpbmcgdGhlIFJFU1RDT05GIHNwZWNpZmljYXRp b24uIEkNCj4gaGF2ZSBub3Qgc2VlbiBhbnl3aGVyZSBpbiB0aGUgZG9jdW1lbnQgd2hldGhlciBp dCBpcyByZXF1aXJlZCB0bw0KPiBwcm92aWRlIGEgc3luY2hyb25vdXMgb3IgYXN5bmNocm9ub3Vz IGludGVyZmFjZT8gT3IgbWF5YmUgeW91IGhhdmUNCj4gbGVmdCBpdCBmb3IgdGhlIGltcGxlbWVu dG9yIHRvIGRlY2lkZT8NCj4gDQo+IEZvciBOb24tTk1EQSAodW5pZmllZCBkYXRhc3RvcmUpIFJF U1RDT05GIChSRkMgODA0MCkgaXQgaXMgc3RhdGVkIHRoYXQNCj4gb25seSBhIDIwMSBjcmVhdGVk IHN0YXR1cyBjb2RlIHdpbGwgdmFsaWQgdG8gYmUgdXNlZCB3aGVuIG5ldyBvYmplY3RzDQo+IGFy ZSBjcmVhdGVkL2NvbmZpZ3VyZWQuIFdpdGggdGhhdCBpbiBtaW5kLCBzaG91bGQgb25lIHRyZWF0 IHRoaXMgYXMgYW4NCj4gaW1wbGljaXQgZGVmaW5pdGlvbiB0byBtYWtlIHRoZSBpbnRlcmZhY2Ug c3luY2hyb25vdXM/IEUuZy4sIG9ubHkgdXBvbg0KPiByZXNvdXJjZSBjcmVhdGlvbiBpbiB0aGUg bmV0d29yayB3aWxsIGEgMjAxIGJlIHNlbnQgdG8gdGhlIE5CSSBjbGllbnQ/DQoNCkl0IGRlcGVu ZHMgb24gd2hhdCB5b3UgbWVhbiB3aXRoIHN5bmNocm9ub3VzLiAgQW4gaW1wbGVtZW50YXRpb24g bWF5DQp3cml0ZSB0aGUgbmV3IHJlc291cmNlIHRvIGl0cyBpbnRlcm5hbCBkYiBhbmQgdGhlbiBy ZXBseSB3aXRoIDIwMS4NCkJ1dCB0aGF0IGRvZXNuJ3QgbWVhbiB0aGF0IHRoZSBuZXcgcmVzb3Vy Y2UgaXMgInVzZWQiIG9yICJhcHBsaWVkIiBhdA0KdGhhdCBwb2ludCBpbiB0aW1lLCBzbyBpbiB0 aGF0IHNlbnNlIGl0IGNhbiBiZSB2aWV3ZWQgYXMNCmFzeW5jaHJvbm91cy4gIFNvbWUgb3RoZXIg aW1wbGVtZW50YXRpb24gbWlnaHQgbm90IHJldHVybiAyMDEgdW50aWwNCnRoZSByZXNvdXJjZSBp cyByZWFsbHkgYXBwbGllZC4NCg0KDQovbWFydGluDQoNCg0KDQo+IEF0IHRoZSBtb21lbnQgd2Ug aW1wbGVtZW50IGEgc3luY2hyb25vdXMgUkVTVENPTkYgaW50ZXJmYWNlIGJ1dCBhdCB0aGUNCj4g c2FtZSB0aW1lIHdvbmRlcmluZyBzdXBwb3J0IGZvciBhc3luYyBmb3Igc29tZSBvcHRpbWl6YXRp b24NCj4gY29uc2lkZXJhdGlvbnMuIEFzIHdlcmUgd29uZGVyaW5nIHdoZXRoZXIgaXQgd291bGQg c3RpbGwgYmUgY29tcGxpYW50DQo+IHRvIHRoZSBzdGFuZGFyZCBvciBub3QuLiBBbnkgY2xhcmlm aWNhdGlvbiB3b3VsZCBiZSBoZWxwZnVsLg0KPiANCj4gSGFua3MsDQo+IEJlc3QgcmVnYXJkcw0K PiANCj4gW2lkOmltYWdlMDAxLnBuZ0AwMUQzRDRFQy5BRkQ4MTI2MF0NCj4gQW50b24gU25pemFy IHwgU3lzdGVtcyBFbmdpbmVlcuKAqA0KPiBtOiArOTcyLTUwNDA0Mjc0NA0KPiBlOiBhbnRvbnNA c2Vkb25hc3lzLmNvbTxtYWlsdG86YW50b25zQHNlZG9uYXN5cy5jb20+DQo+IHc6IHNlZG9uYXN5 cy5jb208aHR0cHM6Ly9zZWRvbmFzeXMuY29tLz4NCj4gbDogTGlua2VkaW48aHR0cDovL2xpbmtl ZGluLmNvbS9pbi9hbnRvbi1zbml6YXItNGFhNTc2NDYvPg0KPiANCg== From nobody Mon Oct 7 05:22:25 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202C412084C for ; Mon, 7 Oct 2019 05:22:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id anvUs80TmwxQ for ; Mon, 7 Oct 2019 05:22:14 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AD86120842 for ; Mon, 7 Oct 2019 05:22:14 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x97CHJMj027561; Mon, 7 Oct 2019 13:22:08 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=BtdE+XyOdhcVHHmuB4O0WKd1KrP2GUYRp5O2heP4z7o=; b=gYPnqxVL4/ULDIYP9isLFsIKXTixrHhse8Vs4nPRqM/TgZRyJJJD8DyjWHE2ay+FTILv GWnr0qi3F0i8Kw3aQXSCKBlmpclZBLPhrpZ2nw3Le5r8nm4fk2ZMrv86ggQRwy5IB4SL NSrjB8H+H4bdQ8UjjdXljSW0e0zrLf2zg3CWEHpq8tLyy7LgOhXyEXupYJ0vjNQAlpfh Me88WRSme0Tvdy2zsCBpsbv6ov19CFApTjtqMXeWm81sPA0FxmGRECngmj5ikEz4KG3s DoV05x/NQSOZr5kKpMTbCLw6EKQGkcr0rQsu44+TKvuI0rUgqIX/MZrJ4ilMUBgSH4DY Kg== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2vejq4kcsy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 07 Oct 2019 13:22:08 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x97CGqQe007574; Mon, 7 Oct 2019 08:22:07 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 2vepgwymre-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 07 Oct 2019 08:22:06 -0400 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 08:22:06 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 08:22:06 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Mon, 7 Oct 2019 08:22:06 -0400 From: "Salz, Rich" To: Wang Haiguang , Kent Watsen CC: "netconf@ietf.org" , Rifaat Shekh-Yusef Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVaNxGVhFlbERW30moo9Q8WhnpJqcpkUCAgAU9agCAASLxgP//+5oAgABHL4D//+j+AIAARomA//+/BAAAKuwGgP//8LyAgABEJYCAABougP//w4kAgABloAD//8BRAIAdkVAA///9yIA= Date: Mon, 7 Oct 2019 12:22:06 +0000 Message-ID: References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <0100016d3afa694e-ce58ee3a-792f-4c0e-89bb-83d0128a5194-000000@email.amazonses.com> <8053FDA0-77EA-488F-B5A7-F203359105E0@akamai.com> <6924CAD5-F740-4512-8689-E0307AF0BD88@akamai.com> <99BFF357-6A2A-49E0-BB38-37C25DB04213@akamai.com> <0100016d44bda220-51590a9a-0a15-4b63-a49d-47efe712e82e-000000@email.amazonses.com> <2614C1E8-A015-4816-AA3B-F75D02F5701C@akamai.com> <0100016d45447f68-68073ae2-3f96-4c6d-846d-7c661c1cdb0c-000000@email.amazonses.com> <7AE47512-8974-4A8C-9756-699CAE220EF9@akamai.com> <1c08a27c27ea4177b9cfc524c92042f0@huawei.com> In-Reply-To: <1c08a27c27ea4177b9cfc524c92042f0@huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191003 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.34.174] Content-Type: multipart/alternative; boundary="_000_F87DD88BE73C4A8999E770247E9C5E62akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-07_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=943 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910070123 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-07_02:2019-10-07,2019-10-07 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 phishscore=0 suspectscore=0 priorityscore=1501 bulkscore=0 adultscore=0 mlxlogscore=928 spamscore=0 clxscore=1015 impostorscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910070123 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 12:22:24 -0000 --_000_F87DD88BE73C4A8999E770247E9C5E62akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 PklmIEkgYW0gbm90IHdyb25nLCBUTFMgMS4zIHN1cHBvcnQgdG8gdXNlIHJhdyBwdWJsaWMga2V5 IGJldHdlZW4gY2xpZW50IGFuZCBzZXJ2ZXIuDQpJIHRoaW5rIFRMUyArIFJhdyBwdWJsaWMga2V5 IGhhcyBiZWVuIHNwZWNpZmllZCBpbiBSRkMgNzI1MCBhbmQgbGF0ZXIgbWVyZ2UgaW4gUkZDIDg0 NDYgKFRMUyAxLjMpDQoNCllvdSBhcmUgbm90IHdyb25nLiAgQnV0IHB1YmxpYyBrZXlzIGRvIG5v dCBuZWVkIHRvIGJlIGVuY3J5cHRlZCBvciBwcm90ZWN0ZWQgYnkgb3RoZXIgcHJpdmFjeSBtZWFu cy4gIFByaXZhdGUga2V5cyBzdGlsbCBkby4gIFNvIOKAnFRMUyB3aXRoIHJhdyBrZXlz4oCdIGRv ZXMgbm90IGNoYW5nZSB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGNvbXBhcmVkIHRvIOKAnFRM UyB3aXRoIGNlcnRpZmljYXRlcy7igJ0NCg0KTXkgaXNzdWUgaXMgdGhhdCBJIGRvIG5vdCB0aGlu ayDigJxUTFMgd2l0aCByYXcga2V5c+KAnSBpcyB1c2VkIHZlcnkgbXVjaCwgYW5kIHdlIGRvIG5v dCBoYXZlIHRvIHN1cHBvcnQgaXQgaW4gdGhlIGZpcnN0IHZlcnNpb25zIG9mIHRoZXNlIGRvY3Vt ZW50cy4NCg0K --_000_F87DD88BE73C4A8999E770247E9C5E62akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <6A7E5BEA47962A40905716966E494636@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow aW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0K CXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6IzA1NjNDMTsNCgl0ZXh0LWRlY29yYXRp b246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXtt c28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Izk1NEY3MjsNCgl0ZXh0LWRlY29yYXRpb246 dW5kZXJsaW5lO30NCnAuTXNvTGlzdFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2 Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6 MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2luLWJvdHRvbTowaW47DQoJbWFyZ2luLWxl ZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm Ow0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjANCgl7bXNvLXN0eWxlLXR5 cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6 d2luZG93dGV4dDt9DQpzcGFuLkVtYWlsU3R5bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25h bDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0OTdEO30N CnNwYW4uRW1haWxTdHlsZTIyDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEw LjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2lu OjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3Qt aWQ6MTUwMTA0NjYxMTsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0 ZS1pZHM6MjAxNDczNjIyMiA4MDkyOTgzOTggNjc2OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2 OTg2OTEgNjc2OTg2OTMgNjc2OTg2ODkgNjc2OTg2OTEgNjc2OTg2OTM7fQ0KQGxpc3QgbDA6bGV2 ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv g5g7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJ bXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7DQoJbXNvLWJpZGktZm9u dC1mYW1pbHk6Q2FsaWJyaTt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5v bmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVp bjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1s ZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxl dmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBs aXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl dmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3Vy aWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglm b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1i ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDps ZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0 Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9 DQpvbA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQot LT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEiIHZs aW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdCI+Jmd0Ozwvc3Bhbj48L2I+ PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPklmIEkgYW0gbm90IHdyb25nLCBUTFMgMS4zIHN1 cHBvcnQgdG8gdXNlIHJhdyBwdWJsaWMga2V5IGJldHdlZW4gY2xpZW50IGFuZCBzZXJ2ZXIuDQo8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Y29sb3I6IzFGNDk3RCI+SSB0aGluayBUTFMgJiM0MzsgUmF3IHB1YmxpYyBrZXkgaGFzIGJlZW4g c3BlY2lmaWVkIGluIFJGQyA3MjUwIGFuZCBsYXRlciBtZXJnZSBpbiBSRkMgODQ0NiAoVExTIDEu Myk8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iY29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+WW91IGFyZSBub3Qgd3JvbmcuJm5ic3A7IEJ1dCBwdWJsaWMga2V5cyBkbyBu b3QgbmVlZCB0byBiZSBlbmNyeXB0ZWQgb3IgcHJvdGVjdGVkIGJ5IG90aGVyIHByaXZhY3kgbWVh bnMuJm5ic3A7IFByaXZhdGUga2V5cyBzdGlsbCBkby4mbmJzcDsgU28g4oCcVExTIHdpdGggcmF3 IGtleXPigJ0gZG9lcyBub3QgY2hhbmdlIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgY29tcGFy ZWQgdG8g4oCcVExTIHdpdGggY2VydGlmaWNhdGVzLuKAnTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5NeSBpc3N1ZSBpcyB0aGF0IEkgZG8gbm90IHRoaW5rIOKAnFRMUyB3aXRoIHJhdyBrZXlz4oCd IGlzIHVzZWQgdmVyeSBtdWNoLCBhbmQgd2UgZG8gbm90IGhhdmUgdG8gc3VwcG9ydCBpdCBpbiB0 aGUgZmlyc3QgdmVyc2lvbnMgb2YgdGhlc2UgZG9jdW1lbnRzLjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4N CjwvaHRtbD4NCg== --_000_F87DD88BE73C4A8999E770247E9C5E62akamaicom_-- From nobody Mon Oct 7 05:37:48 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9DE6120099 for ; Mon, 7 Oct 2019 05:37:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sedonasys.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRJozY2IG-ia for ; Mon, 7 Oct 2019 05:37:45 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60092.outbound.protection.outlook.com [40.107.6.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B36E7120018 for ; Mon, 7 Oct 2019 05:37:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VKUB9ePXvEk5ALaZluvv/KIhXI+YHHbJ21XueTPXI2hazZC9sb5/oKLB+EcBs7ZMRE2BOT2+YK2DV0DndNRNfkCDPszqDXImgtfFlB4ggUFPJfgwBFO8lmwiORJ2ieH9odcjQMvHzpUZwQj6/qWEp7it0fMgg2b6qVBJDVItY86t2feFCXPXUghnuNyRTnnEcpg0IBOBmtkPICbtKRedGpZkhyAy4eR2btUii8ZmVr3s4D2bhadAqWiq2CEaFqiFf5GD1nm1+L8WuRsVNppp0rp8/v9ooIVVNbliUqGhZNDISPT8WTOuWPL6a/YVS0gphBw/n3zrtfuPUfd48s8YYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1AqVmAi8EuajfSndb4FNbW/yZoaWdi0BBGvo1MJkH3o=; b=moVch4PjDDQszZoRARRpeI6S1tIbqyA9xO/SP2rkIVJ4aVLvF+MAdazHC7h3+SJmXR+Ihg3aguKU8Dly05b1oO1VtAjgtjXGDiKYSUJ35mVGGLkfBEZKnNbXGv2/r3A5bRkWrd3E2A8x0EVCR5MfinPoS05/g/5AYZb/XtQWUgfL0YXwVmMyLXQmlZtOyqRcosCYa+wtoOm5mbZ0FPI3Q9W9bDVya7Ce92eFuEZiRndktEir/XVh2ZJl0UrcVC60GbyxxiHw7xFuMOgP8aMPSItxEAWpjlipZ6DbQsLhLIEQtqsErdLrgGaZgMUsanIbgZUmXiYnCNVNZBUMqTJOgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sedonasys.com; dmarc=pass action=none header.from=sedonasys.com; dkim=pass header.d=sedonasys.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sedonasys.onmicrosoft.com; s=selector2-sedonasys-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1AqVmAi8EuajfSndb4FNbW/yZoaWdi0BBGvo1MJkH3o=; b=hd1ey4CmjLG2Rjw+r5WBDljnbRF4HTi60lihIgGMyP6O536fi8Ao2l67ZNEpj/e2MDWbS9Tj+Ahr9Y45rBE8CjiD7hm7ZGzAuzKhh/hIRZLQiSp0Dh41GIABvh4xcRyg/Cop773o2x71aMgMQYaMQrVHy9VC0duxSKc4G1UbyYM= Received: from DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM (10.255.17.204) by DB8PR10MB2731.EURPRD10.PROD.OUTLOOK.COM (20.179.9.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Mon, 7 Oct 2019 12:37:42 +0000 Received: from DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97f:fdcb:cd01:c7b5]) by DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM ([fe80::f97f:fdcb:cd01:c7b5%7]) with mapi id 15.20.2327.023; Mon, 7 Oct 2019 12:37:42 +0000 From: Anton Snitser To: Martin Bjorklund CC: "andy@yumaworks.com" , "kwatsen@juniper.net" , "netconf@ietf.org" , Liviu Cohen Thread-Topic: RFC8040 inquiries Thread-Index: AQHVePX19zmZMGveE0a2YmIbFCjzPadPNFAA///tToCAACYBgA== Date: Mon, 7 Oct 2019 12:37:42 +0000 Message-ID: <4CD91E36-288A-44B5-A1DA-64A943DB97AF@sedonasys.com> References: <85070ED8-38A7-4C0D-B9C5-BC53252AB800@sedonasys.com> <20191007.142139.1024121209074847392.mbj@tail-f.com> In-Reply-To: <20191007.142139.1024121209074847392.mbj@tail-f.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=antons@sedonasys.com; x-originating-ip: [37.142.40.85] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a1f4c4ac-71d6-4884-b7b0-08d74b2325a1 x-ms-traffictypediagnostic: DB8PR10MB2731: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39830400003)(136003)(346002)(366004)(396003)(189003)(199004)(53754006)(555904003)(6246003)(6506007)(4326008)(76176011)(107886003)(54906003)(102836004)(6306002)(6512007)(14454004)(508600001)(7116003)(45080400002)(36756003)(33656002)(5660300002)(8936002)(71190400001)(71200400001)(8676002)(81156014)(6916009)(81166006)(316002)(76116006)(7736002)(99286004)(66066001)(305945005)(91956017)(26005)(186003)(25786009)(2906002)(86362001)(3846002)(6116002)(6486002)(2616005)(476003)(486006)(11346002)(446003)(66556008)(64756008)(66446008)(256004)(66946007)(229853002)(66476007)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB8PR10MB2731; H:DB8PR10MB3387.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: sedonasys.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qtxmUoNRHyowseeSJUIqKsPllKCpvwlfT6Ul+uA5iS6U5+F/WmuG8ft6sW1sU3ZLm5lH784hKBS1n+WZrzl6ZZ2VZ74/VHKqh8Ll+bEMPoXKxUUdxB8KGKVhgPdEvtQRTzUSy0h+Ifbno/MPL0ch/EvcoGtmGTQrr9aBxCD3pbN0pOpTBRJm1or5d+Q15dow9MopNY6VrpUPq3g2fERZtHICIdtAew3HFsjhTcF1OjJXemSuOaq99eacoyYmgVCwlnZSXno2t9M1d6rYj4Yejl0G6rMwYKaFcg3sdlrBsKKv4QejYZAV3YrsARHazmSSK97hXDhbQCX4bTb92miNs/T4uifrXTlsX771vough5OVErwmgWu5OEYLlPRvXbk6BuTPkw1EjsUUaroDvpjow55iLFQ6hsNv0emO4pDlKLFj3sIVhIwfO0tI4r4FhOEYKN9xhtM9WrPuyGeF61QHxg== Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: sedonasys.com X-MS-Exchange-CrossTenant-Network-Message-Id: a1f4c4ac-71d6-4884-b7b0-08d74b2325a1 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 12:37:42.2728 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d7c5624d-c76e-473e-9a79-91d374431ce8 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FXDMfptSTfs2+QO1ihKvgHe1FFzUyvnacQbNLXpLgbM62zr7LWCN7mpzZ/wznmM9VQWF87fGZF1kqWqkpLBk8g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB2731 Archived-At: Subject: Re: [netconf] RFC8040 inquiries X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 12:37:47 -0000 SGVsbG8gTWFydGluLA0KDQpUaGFuayB5b3UgZm9yIHRoZSByZXBseS4uDQoNClllcy4gVGhpcyBp cyBleGFjdGx5IHdoYXQgSSBtZWFuIGJ5IHN5bmMvYXN5bmMuIEF0IHRoZSBtb21lbnQgd2UgcmVw bHkgd2l0aCBhIDIwMSB3aGVuIHRoZSByZXNvdXJjZSBpcyBhcHBsaWVkL2NyZWF0ZWQgb24gdGhl IG5ldHdvcmsgZGV2aWNlcyBhcyB0byByZW1haW4gaW4gc3luYyB3aXRoIHRoZSBuZXR3b3JrIHN0 YXRlLiBJIHdhbnQgdG8gdW5kZXJzdGFuZCB3aGV0aGVyIHRoZSBkZWNpc2lvbiB0byBkbyBvbmUg YXBwcm9hY2ggb3IgdGhlIG90aGVyIGlzIGEgTVVTVCB0byBiZSBjb21wbGlhbnQgb3IgbGVmdCB0 byB0aGUgaW1wbGVtZW50b3IgYXQgdGhlIGltcGxlbWVudGF0aW9uIHN0YWdlPyANCg0KVG8gbWFr ZSBteSBxdWVzdGlvbiBzaW1wbGVyLCBpcyB0aGVyZSBhcmUgZGVmaW5pdGl2ZSBvbmUgd2F5PyBP ciBib3RoIGFyZSB2YWxpZD8NCg0KQWdhaW4sIEkgYXBwcmVjaWF0ZSB5b3UgdGFraW5nIHRoZSB0 aW1lIHRvIGFuc3dlci4NCg0KQmVzdCByZWdhcmRzDQoNCu+7v09uIDA3LzEwLzIwMTksIDE1OjIy LCAiTWFydGluIEJqb3JrbHVuZCIgPG1iakB0YWlsLWYuY29tPiB3cm90ZToNCg0KICAgIEhpLA0K ICAgIA0KICAgIEFudG9uIFNuaXRzZXIgPGFudG9uc0BzZWRvbmFzeXMuY29tPiB3cm90ZToNCiAg ICA+IEhlbGxvIEV2ZXJ5b25lLA0KICAgID4gDQogICAgPiBNeSBuYW1lIElzIEFudG9uIFNuaXph ciwgSSBhbSBhIFN5c3RlbSBlbmdpbmVlciB3b3JraW5nIGZvciBTZWRvbmENCiAgICA+IFN5c3Rl bXMuDQogICAgPiANCiAgICA+IEkgaGF2ZSBhIGZvdW5kYXRpb25hbCBxdWVzdGlvbiByZWdhcmRp bmcgdGhlIFJFU1RDT05GIHNwZWNpZmljYXRpb24uIEkNCiAgICA+IGhhdmUgbm90IHNlZW4gYW55 d2hlcmUgaW4gdGhlIGRvY3VtZW50IHdoZXRoZXIgaXQgaXMgcmVxdWlyZWQgdG8NCiAgICA+IHBy b3ZpZGUgYSBzeW5jaHJvbm91cyBvciBhc3luY2hyb25vdXMgaW50ZXJmYWNlPyBPciBtYXliZSB5 b3UgaGF2ZQ0KICAgID4gbGVmdCBpdCBmb3IgdGhlIGltcGxlbWVudG9yIHRvIGRlY2lkZT8NCiAg ICA+IA0KICAgID4gRm9yIE5vbi1OTURBICh1bmlmaWVkIGRhdGFzdG9yZSkgUkVTVENPTkYgKFJG QyA4MDQwKSBpdCBpcyBzdGF0ZWQgdGhhdA0KICAgID4gb25seSBhIDIwMSBjcmVhdGVkIHN0YXR1 cyBjb2RlIHdpbGwgdmFsaWQgdG8gYmUgdXNlZCB3aGVuIG5ldyBvYmplY3RzDQogICAgPiBhcmUg Y3JlYXRlZC9jb25maWd1cmVkLiBXaXRoIHRoYXQgaW4gbWluZCwgc2hvdWxkIG9uZSB0cmVhdCB0 aGlzIGFzIGFuDQogICAgPiBpbXBsaWNpdCBkZWZpbml0aW9uIHRvIG1ha2UgdGhlIGludGVyZmFj ZSBzeW5jaHJvbm91cz8gRS5nLiwgb25seSB1cG9uDQogICAgPiByZXNvdXJjZSBjcmVhdGlvbiBp biB0aGUgbmV0d29yayB3aWxsIGEgMjAxIGJlIHNlbnQgdG8gdGhlIE5CSSBjbGllbnQ/DQogICAg DQogICAgSXQgZGVwZW5kcyBvbiB3aGF0IHlvdSBtZWFuIHdpdGggc3luY2hyb25vdXMuICBBbiBp bXBsZW1lbnRhdGlvbiBtYXkNCiAgICB3cml0ZSB0aGUgbmV3IHJlc291cmNlIHRvIGl0cyBpbnRl cm5hbCBkYiBhbmQgdGhlbiByZXBseSB3aXRoIDIwMS4NCiAgICBCdXQgdGhhdCBkb2Vzbid0IG1l YW4gdGhhdCB0aGUgbmV3IHJlc291cmNlIGlzICJ1c2VkIiBvciAiYXBwbGllZCIgYXQNCiAgICB0 aGF0IHBvaW50IGluIHRpbWUsIHNvIGluIHRoYXQgc2Vuc2UgaXQgY2FuIGJlIHZpZXdlZCBhcw0K ICAgIGFzeW5jaHJvbm91cy4gIFNvbWUgb3RoZXIgaW1wbGVtZW50YXRpb24gbWlnaHQgbm90IHJl dHVybiAyMDEgdW50aWwNCiAgICB0aGUgcmVzb3VyY2UgaXMgcmVhbGx5IGFwcGxpZWQuDQogICAg DQogICAgDQogICAgL21hcnRpbg0KICAgIA0KICAgIA0KICAgIA0KICAgID4gQXQgdGhlIG1vbWVu dCB3ZSBpbXBsZW1lbnQgYSBzeW5jaHJvbm91cyBSRVNUQ09ORiBpbnRlcmZhY2UgYnV0IGF0IHRo ZQ0KICAgID4gc2FtZSB0aW1lIHdvbmRlcmluZyBzdXBwb3J0IGZvciBhc3luYyBmb3Igc29tZSBv cHRpbWl6YXRpb24NCiAgICA+IGNvbnNpZGVyYXRpb25zLiBBcyB3ZXJlIHdvbmRlcmluZyB3aGV0 aGVyIGl0IHdvdWxkIHN0aWxsIGJlIGNvbXBsaWFudA0KICAgID4gdG8gdGhlIHN0YW5kYXJkIG9y IG5vdC4uIEFueSBjbGFyaWZpY2F0aW9uIHdvdWxkIGJlIGhlbHBmdWwuDQogICAgPiANCiAgICA+ IEhhbmtzLA0KICAgID4gQmVzdCByZWdhcmRzDQogICAgPiANCiAgICA+IFtpZDppbWFnZTAwMS5w bmdAMDFEM0Q0RUMuQUZEODEyNjBdDQogICAgPiBBbnRvbiBTbml6YXIgfCBTeXN0ZW1zIEVuZ2lu ZWVy4oCoDQogICAgPiBtOiArOTcyLTUwNDA0Mjc0NA0KICAgID4gZTogYW50b25zQHNlZG9uYXN5 cy5jb208bWFpbHRvOmFudG9uc0BzZWRvbmFzeXMuY29tPg0KICAgID4gdzogc2Vkb25hc3lzLmNv bTxodHRwczovL3NlZG9uYXN5cy5jb20vPg0KICAgID4gbDogTGlua2VkaW48aHR0cDovL2xpbmtl ZGluLmNvbS9pbi9hbnRvbi1zbml6YXItNGFhNTc2NDYvPg0KICAgID4gDQogICAgDQoNCg== From nobody Mon Oct 7 05:47:02 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82225120020 for ; Mon, 7 Oct 2019 05:47:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9Xg2pSxZJ69 for ; Mon, 7 Oct 2019 05:46:58 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 89E46120018 for ; Mon, 7 Oct 2019 05:46:58 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id CCC9E1AE018A; Mon, 7 Oct 2019 14:46:56 +0200 (CEST) Date: Mon, 07 Oct 2019 14:46:31 +0200 (CEST) Message-Id: <20191007.144631.660053512553089069.mbj@tail-f.com> To: antons@sedonasys.com Cc: andy@yumaworks.com, kwatsen@juniper.net, netconf@ietf.org, liviuc@sedonasys.com From: Martin Bjorklund In-Reply-To: <4CD91E36-288A-44B5-A1DA-64A943DB97AF@sedonasys.com> References: <85070ED8-38A7-4C0D-B9C5-BC53252AB800@sedonasys.com> <20191007.142139.1024121209074847392.mbj@tail-f.com> <4CD91E36-288A-44B5-A1DA-64A943DB97AF@sedonasys.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: base64 Archived-At: Subject: Re: [netconf] RFC8040 inquiries X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 12:47:01 -0000 SGksDQoNCkFudG9uIFNuaXRzZXIgPGFudG9uc0BzZWRvbmFzeXMuY29tPiB3cm90ZToNCj4gSGVs bG8gTWFydGluLA0KPiANCj4gVGhhbmsgeW91IGZvciB0aGUgcmVwbHkuLg0KPiANCj4gWWVzLiBU aGlzIGlzIGV4YWN0bHkgd2hhdCBJIG1lYW4gYnkgc3luYy9hc3luYy4gQXQgdGhlIG1vbWVudCB3 ZSByZXBseQ0KPiB3aXRoIGEgMjAxIHdoZW4gdGhlIHJlc291cmNlIGlzIGFwcGxpZWQvY3JlYXRl ZCBvbiB0aGUgbmV0d29yayBkZXZpY2VzDQo+IGFzIHRvIHJlbWFpbiBpbiBzeW5jIHdpdGggdGhl IG5ldHdvcmsgc3RhdGUuIEkgd2FudCB0byB1bmRlcnN0YW5kDQo+IHdoZXRoZXIgdGhlIGRlY2lz aW9uIHRvIGRvIG9uZSBhcHByb2FjaCBvciB0aGUgb3RoZXIgaXMgYSBNVVNUIHRvIGJlDQo+IGNv bXBsaWFudCBvciBsZWZ0IHRvIHRoZSBpbXBsZW1lbnRvciBhdCB0aGUgaW1wbGVtZW50YXRpb24g c3RhZ2U/DQo+IA0KPiBUbyBtYWtlIG15IHF1ZXN0aW9uIHNpbXBsZXIsIGlzIHRoZXJlIGFyZSBk ZWZpbml0aXZlIG9uZSB3YXk/IE9yIGJvdGgNCj4gYXJlIHZhbGlkPw0KDQpBdCB0aGUgbW9tZW50 LCB0aGlzIGlzIG5vdCBkZWZpbmVkIGluIGFueSBSRkMsIHdoaWNoIG1lYW5zIHRoYXQgYm90aA0K YmVoYXZpb3VycyBhcmUgb2suDQoNCldoZW4gd2UgZGlkIHRoZSBORE1BLCB0aGVyZSB3ZXJlIHNv bWUgZGlzY3Vzc2lvbnMgYXJvdW5kIHRoaXMgKGUuZy4sDQphZGRpbmcgYSBwYXJhbWV0ZXIgdG8g bGV0IHRoZSBjbGllbnQgY29udHJvbCB0aGUgYmVoYXZpb3VyKSwgYnV0DQpub3RoaW5nIGhhcyBi ZWVuIGRvbmUuICBIb3dldmVyLCB3aXRoIHRoZSBOTURBLCB0aGUgY2xpZW50IGNhbiBhdA0KbGVh c3QgZGV0ZWN0IGlmIGEgY2VydGFpbiBwaWVjZSBvZiBjb25maWcgaGFzIGJlZW4gYXBwbGllZCwg YnV0DQpjaGVja2luZyB0aGUgdmFsdWUgb2YgdGhlIGNvbmZpZyBub2RlIGluIDxvcGVyYXRpb25h bD4uDQoNCg0KL21hcnRpbg0KDQoNCj4gDQo+IEFnYWluLCBJIGFwcHJlY2lhdGUgeW91IHRha2lu ZyB0aGUgdGltZSB0byBhbnN3ZXIuDQo+IA0KPiBCZXN0IHJlZ2FyZHMNCj4gDQo+IO+7v09uIDA3 LzEwLzIwMTksIDE1OjIyLCAiTWFydGluIEJqb3JrbHVuZCIgPG1iakB0YWlsLWYuY29tPiB3cm90 ZToNCj4gDQo+ICAgICBIaSwNCj4gICAgIA0KPiAgICAgQW50b24gU25pdHNlciA8YW50b25zQHNl ZG9uYXN5cy5jb20+IHdyb3RlOg0KPiAgICAgPiBIZWxsbyBFdmVyeW9uZSwNCj4gICAgID4gDQo+ ICAgICA+IE15IG5hbWUgSXMgQW50b24gU25pemFyLCBJIGFtIGEgU3lzdGVtIGVuZ2luZWVyIHdv cmtpbmcgZm9yIFNlZG9uYQ0KPiAgICAgPiBTeXN0ZW1zLg0KPiAgICAgPiANCj4gICAgID4gSSBo YXZlIGEgZm91bmRhdGlvbmFsIHF1ZXN0aW9uIHJlZ2FyZGluZyB0aGUgUkVTVENPTkYgc3BlY2lm aWNhdGlvbi4gSQ0KPiAgICAgPiBoYXZlIG5vdCBzZWVuIGFueXdoZXJlIGluIHRoZSBkb2N1bWVu dCB3aGV0aGVyIGl0IGlzIHJlcXVpcmVkIHRvDQo+ICAgICA+IHByb3ZpZGUgYSBzeW5jaHJvbm91 cyBvciBhc3luY2hyb25vdXMgaW50ZXJmYWNlPyBPciBtYXliZSB5b3UgaGF2ZQ0KPiAgICAgPiBs ZWZ0IGl0IGZvciB0aGUgaW1wbGVtZW50b3IgdG8gZGVjaWRlPw0KPiAgICAgPiANCj4gICAgID4g Rm9yIE5vbi1OTURBICh1bmlmaWVkIGRhdGFzdG9yZSkgUkVTVENPTkYgKFJGQyA4MDQwKSBpdCBp cyBzdGF0ZWQgdGhhdA0KPiAgICAgPiBvbmx5IGEgMjAxIGNyZWF0ZWQgc3RhdHVzIGNvZGUgd2ls bCB2YWxpZCB0byBiZSB1c2VkIHdoZW4gbmV3IG9iamVjdHMNCj4gICAgID4gYXJlIGNyZWF0ZWQv Y29uZmlndXJlZC4gV2l0aCB0aGF0IGluIG1pbmQsIHNob3VsZCBvbmUgdHJlYXQgdGhpcyBhcyBh bg0KPiAgICAgPiBpbXBsaWNpdCBkZWZpbml0aW9uIHRvIG1ha2UgdGhlIGludGVyZmFjZSBzeW5j aHJvbm91cz8gRS5nLiwgb25seSB1cG9uDQo+ICAgICA+IHJlc291cmNlIGNyZWF0aW9uIGluIHRo ZSBuZXR3b3JrIHdpbGwgYSAyMDEgYmUgc2VudCB0byB0aGUgTkJJIGNsaWVudD8NCj4gICAgIA0K PiAgICAgSXQgZGVwZW5kcyBvbiB3aGF0IHlvdSBtZWFuIHdpdGggc3luY2hyb25vdXMuICBBbiBp bXBsZW1lbnRhdGlvbiBtYXkNCj4gICAgIHdyaXRlIHRoZSBuZXcgcmVzb3VyY2UgdG8gaXRzIGlu dGVybmFsIGRiIGFuZCB0aGVuIHJlcGx5IHdpdGggMjAxLg0KPiAgICAgQnV0IHRoYXQgZG9lc24n dCBtZWFuIHRoYXQgdGhlIG5ldyByZXNvdXJjZSBpcyAidXNlZCIgb3IgImFwcGxpZWQiIGF0DQo+ ICAgICB0aGF0IHBvaW50IGluIHRpbWUsIHNvIGluIHRoYXQgc2Vuc2UgaXQgY2FuIGJlIHZpZXdl ZCBhcw0KPiAgICAgYXN5bmNocm9ub3VzLiAgU29tZSBvdGhlciBpbXBsZW1lbnRhdGlvbiBtaWdo dCBub3QgcmV0dXJuIDIwMSB1bnRpbA0KPiAgICAgdGhlIHJlc291cmNlIGlzIHJlYWxseSBhcHBs aWVkLg0KPiAgICAgDQo+ICAgICANCj4gICAgIC9tYXJ0aW4NCj4gICAgIA0KPiAgICAgDQo+ICAg ICANCj4gICAgID4gQXQgdGhlIG1vbWVudCB3ZSBpbXBsZW1lbnQgYSBzeW5jaHJvbm91cyBSRVNU Q09ORiBpbnRlcmZhY2UgYnV0IGF0IHRoZQ0KPiAgICAgPiBzYW1lIHRpbWUgd29uZGVyaW5nIHN1 cHBvcnQgZm9yIGFzeW5jIGZvciBzb21lIG9wdGltaXphdGlvbg0KPiAgICAgPiBjb25zaWRlcmF0 aW9ucy4gQXMgd2VyZSB3b25kZXJpbmcgd2hldGhlciBpdCB3b3VsZCBzdGlsbCBiZSBjb21wbGlh bnQNCj4gICAgID4gdG8gdGhlIHN0YW5kYXJkIG9yIG5vdC4uIEFueSBjbGFyaWZpY2F0aW9uIHdv dWxkIGJlIGhlbHBmdWwuDQo+ICAgICA+IA0KPiAgICAgPiBIYW5rcywNCj4gICAgID4gQmVzdCBy ZWdhcmRzDQo+ICAgICA+IA0KPiAgICAgPiBbaWQ6aW1hZ2UwMDEucG5nQDAxRDNENEVDLkFGRDgx MjYwXQ0KPiAgICAgPiBBbnRvbiBTbml6YXIgfCBTeXN0ZW1zIEVuZ2luZWVy4oCoDQo+ICAgICA+ IG06ICs5NzItNTA0MDQyNzQ0DQo+ICAgICA+IGU6IGFudG9uc0BzZWRvbmFzeXMuY29tPG1haWx0 bzphbnRvbnNAc2Vkb25hc3lzLmNvbT4NCj4gICAgID4gdzogc2Vkb25hc3lzLmNvbTxodHRwczov L3NlZG9uYXN5cy5jb20vPg0KPiAgICAgPiBsOiBMaW5rZWRpbjxodHRwOi8vbGlua2VkaW4uY29t L2luL2FudG9uLXNuaXphci00YWE1NzY0Ni8+DQo+ICAgICA+IA0KPiAgICAgDQo+IA0K From nobody Mon Oct 7 07:11:53 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01016120020 for ; Mon, 7 Oct 2019 07:11:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQfDEDl8hc5s for ; Mon, 7 Oct 2019 07:11:51 -0700 (PDT) Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A908120013 for ; Mon, 7 Oct 2019 07:11:50 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id m13so13793122ljj.11 for ; Mon, 07 Oct 2019 07:11:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0xyh5trcVYnO3wupgUkMlQ227DY/VYnhYJzXEAA3AdA=; b=dNTbVQrEe1963WCjZTryY49qU4UN75rXESCa5Ttsc0P+qU73LA3oSe9RaKFeBdL5JA ZFKPjI687ymGwDeDYmf74ZyPGoUxNqEQs+E3CyGgRbb6mgiNtPnbTxxrNukpDLbOAaX4 bNvcn5ACH9MI3E++bvVl5ltwSFPhm30xfs2wPAJQgzOag1KwX3dkJFO57cgbwlqA9K/6 otrI2ki8RQE/g/ywfH3Z7SgKU/yrjOHr8f2DMwLQW+G7lol3oXpS7Fd4/bSTLt9q1ef6 H1cQvoTpSSA21lrkhrCi5RDz8JlvsySFIsDG1Ib9P9Ed2uug6VfNF54Tt4FMKNRnJo2n tJFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0xyh5trcVYnO3wupgUkMlQ227DY/VYnhYJzXEAA3AdA=; b=X1c+Gf2JtolqoXPGXJDro1qmm39DGaAbhP4wuZSeC89WUc3kStVN4DLyVPWg0Paq65 Tyj8wsqslXc6svtzbqxLROhIxpQVZXM2OviNldz8sgsIWxKnFV50J20zk0xAI/wQ074R yXvO6q1+kUBK+Veg1sofPBSZvfpDdQuS9gn9bKdddeOoa54Z8oA+iskl2CJkmiUsA5iv sZa3Pht0gWWMepnlN1YJ/G7X8yDRLDQZ9a1Is1AAOXt5nJ9wAIZHVaM+nl2ixW8/NQYK uc2Qnme23PqlNzW2vGZD6xkDNAvnQ2XBHbcKmNFlz27BxGhijEidgqLN9hWLfIAW5gmP 9bCg== X-Gm-Message-State: APjAAAXkHEW+XGHjpmbliYxryAIB0pjtDiXgj68XYVZ4i1nw1SwCIYfD j0ZHznRCfaOW2wVqHJl7Evu/aGeQLzdiHvw5TO/E1WLu X-Google-Smtp-Source: APXvYqyveSgOm0gYjXPAophvVy0Y5YnWoTtmIaJh0J3v2gW9+mOiR2awPj28D32AUB4A3eeVb2VGbKHLFbJ7LHFUzjs= X-Received: by 2002:a2e:9d50:: with SMTP id y16mr9468564ljj.70.1570457508444; Mon, 07 Oct 2019 07:11:48 -0700 (PDT) MIME-Version: 1.0 References: <20191006.173256.1788347482117819951.mbj@tail-f.com> <20191007.094327.1923088106819713441.mbj@tail-f.com> In-Reply-To: <20191007.094327.1923088106819713441.mbj@tail-f.com> From: Andy Bierman Date: Mon, 7 Oct 2019 07:11:37 -0700 Message-ID: To: Martin Bjorklund Cc: Netconf Content-Type: multipart/alternative; boundary="000000000000ed0f1f059452a10e" Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 14:11:53 -0000 --000000000000ed0f1f059452a10e Content-Type: text/plain; charset="UTF-8" On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund wrote: > Andy Bierman wrote: > > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund wrote: > > > > > Hi, > > > > > > Andy Bierman wrote: > > > > Hi, > > > > > > > > I am trying to figure out how to use the origin-filter and > > > > negated-origin-filter > > > > in the operation in RFC 8526. > > > > > > > > > > > > leaf-list origin-filter { > > > > type or:origin-ref; > > > > description > > > > "Filter based on the 'origin' annotation. A > > > > configuration node matches the filter if its 'origin' > > > > annotation is derived from or equal to any of the > given > > > > filter values."; > > > > } > > > > > > > > > > > > These filters seem kind of worthless if implemented according to the > > > text. > > > > Consider a simple example where there is 1 learned leaf within a > list: > > > > > > > > module: address > > > > +--rw addresses > > > > +--rw address* [last-name first-name] > > > > +--rw last-name string > > > > +--rw first-name string > > > > +--rw street? string > > > > +--rw city? string > > > > +--rw zipcode? string > > > > +--rw phone* [phone-type] > > > > +--rw phone-type enumeration > > > > +--rw phone-number string > > > > > > > > Let's say the "zipcode" field is learned in > > > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 > digit > > > > zipcode). > > > > So /addresses and /addresses/address have origin "intended". > > > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > > > > > So how does origin-filter=learned find all the learned leafs? > > > > > > Perhaps I don't understand your question; IMO you give the answer to > > > this question below: > > > > > > > What filters are required to return only the learned entries + > ancestors > > > + > > > > ancestor-or-self keys? Seems like this filter mechanism has to be > used > > > > to retrieve the exact leaf that might be learned, and the client > > > > needs to know in advance all the possible nodes that might be > learned. > > > > > > > > Want to be able to retrieve an ancestor that is intended and still > find > > > the > > > > learned entries > > > > > > > > get-data xpath-filter=/addresses/address origin-filtter=learned > > > > > > ... here. So this request will return: > > > > > > > > >
> > > ... > > > ... > > > ... > > >
> > > ... > > > > > > > > > > > I do not interpret the text the same way as you. > > Does this mean that you think that the reply is different from what I > show above? If so, what would it be, and why? > > > Explain how the list address node has origin "learned". The filter is for /addresses/address and only origin=learned. How does the list node have origin=learned? It can only have 1 value. It has child nodes with both intended and learned as origin. I do no understand how the origin=learned matched this node. > > > > The content returned > > > > by get-data must satisfy all filters, i.e., the filter > > criteria are logically ANDed. > > > > > > leaf-list origin-filter { > > type or:origin-ref; > > description > > "Filter based on the 'origin' annotation. A > > configuration node matches the filter if its 'origin' > > annotation is derived from or equal to any of the given > > filter values."; > > } > > > > > > Configuration nodes that do not have an > > 'origin' annotation are treated as if they have the > > 'origin' annotation 'or:unknown'. > > > > > > > > > The draft shows an example where both "intended" and "system" are given > > > > as filters. This will work but will include all the "intended" > leafs as > > > > well. > > > > What if a "learned" node is within a "system" node within an > "intended" > > > > node? > > > > > > This works as well. Note that the get-data description says: > > > > > > Any ancestor nodes (including list keys) of nodes selected by > > > the filters are included in the response. > > > > > > > > > > > > > The issue is how the /iaddresses and /addresses/address nodes match the > > origin "learned". > > They don't, but they are included b/c of the quoted text above (i.e.: > Any ancestor nodes (including list keys) of nodes selected by > the filters are included in the response.) > > No. If the filter was for /addresses/address/zipcode then maybe that text applies. It is still unclear that the XPath is fully processed and then the origin-filter is processed. The RFC just says they are ANDed together. > > > The leafs in list "address" are a mixture of "intended" and "learned" > > origin. > > The text clearly says that a node has a single origin property, coupled > to > > the annotation. > > > > Issue 1: mixed origin descendant nodes > > So how does a search on /addresses/address match origin-filter=learned? > > I cannot find any text that says what the origin of a list or P-container > > is if it > > contains nodes of mixed origin. > > See above. > No text above explains how the list origin is tagged if it has multiple types of child nodes. > > > Issue 2: NP-containers > > > > Also from RFC 8342: > > > > The origin applies to all configuration nodes except non-presence > > containers. > > > > > > What if the top-level node is an NP-container in this case. > > I thought the top-level node MUST have an origin attribute. > > > > The text is not clear how NP-containers are handled. > > Do they have an origin attribute? If not then RFC 8526 says they have > > origin "unknown". > > Is the intent that NP-containers always pass the origin-filter tests > (test > > skipped)? > > No, since they don't have an origin value they will not be selected by > the filter. But an NP-container will be included in the reply if it > is the ancestor of a node that is selected by the filter. > > The RFC text does not really say that. Since it is very difficult to know if a data node 5 layers deep is going to match, implementing these filters according to this vague interpretation is unlikely. > > /martin > > Andy > > > > > > > > > > /martin > > > > > > > > Andy > > > > > > > > > > > Seems like the client needs to know a lot about the server > implementation > > > > details > > > > in order to use the origin filters. > > > > > > > > > > > > Andy > > > > --000000000000ed0f1f059452a10e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Oct 7, 2019 at 12:43 AM Marti= n Bjorklund <mbj@tail-f.com> wr= ote:
Andy Bierma= n <andy@yumawork= s.com> wrote:
> On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund <mbj@tail-f.com> wrote:
>
> > Hi,
> >
> > Andy Bierman <andy@yumaworks.com> wrote:
> > > Hi,
> > >
> > > I am trying to figure out how to use the origin-filter and > > > negated-origin-filter
> > > in the <get-data> operation in RFC 8526.
> > >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-fil= ter {
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:orig= in-ref;
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description<= br> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "= ;Filter based on the 'origin' annotation.=C2=A0 A
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0configuration node matches the filter if its 'origin'
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0annotation is derived from or equal to any of the given
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0filter values.";
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> > >
> > >
> > > These filters seem kind of worthless if implemented accordin= g to the
> > text.
> > > Consider a simple example where there is 1 learned leaf with= in a list:
> > >
> > > module: address
> > >=C2=A0 =C2=A0+--rw addresses
> > >=C2=A0 =C2=A0 =C2=A0 +--rw address* [last-name first-name] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw last-name=C2=A0 =C2= =A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw first-name=C2=A0 =C2= =A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw street?=C2=A0 =C2=A0 = =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw city?=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw zipcode?=C2=A0 =C2=A0= =C2=A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw phone* [phone-type] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-type=C2= =A0 =C2=A0 =C2=A0 enumeration
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-number= =C2=A0 =C2=A0 string
> > >
> > > Let's say the "zipcode" field is learned in &l= t;operational>
> > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to = full 9 digit
> > > zipcode).
> > > So /addresses and /addresses/address have origin "inten= ded".
> > > Only the /addresses/address/zipcode leaf has origin "le= arned".
> > >
> > > So how does origin-filter=3Dlearned find all the learned lea= fs?
> >
> > Perhaps I don't understand your question; IMO you give the an= swer to
> > this question below:
> >
> > > What filters are required to return only the learned entries= + ancestors
> > +
> > > ancestor-or-self keys?=C2=A0 Seems like this filter mechanis= m has to be used
> > > to retrieve the exact leaf that might be learned, and the cl= ient
> > > needs to know in advance all the possible nodes that might b= e learned.
> > >
> > > Want to be able to retrieve an ancestor that is intended and= still find
> > the
> > > learned entries
> > >
> > >=C2=A0 =C2=A0 get-data xpath-filter=3D/addresses/address orig= in-filtter=3Dlearned
> >
> > ... here.=C2=A0 So this request will return:
> >
> >=C2=A0 =C2=A0 <addresses or:origin=3D"or:intended">= ;
> >=C2=A0 =C2=A0 =C2=A0 <address>
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <last-name>...</last-name>=
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <first-name>...</first-name&g= t;
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <zipcode or:origin=3D"or:learn= ed">...</zipcode>
> >=C2=A0 =C2=A0 =C2=A0 </address>
> >=C2=A0 =C2=A0 =C2=A0 ...
> >=C2=A0 =C2=A0 </addresses>
> >
> >
> I do not interpret the text the same way as you.

Does this mean that you think that the reply is different from what I
show above?=C2=A0 If so, what would it be, and why?





Explain = how the list address node has origin "learned".

The filter is for /addresses/address and only origin=3Dlearned.
How does the list node have origin=3Dlearned?
It can only = have 1 value.
It has child nodes with both intended and learned a= s origin.
I do no understand=C2=A0how the origin=3Dlearned matche= d this node.



=C2=A0<= /div>
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 The content returned
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0by get-data must satisfy all f= ilters, i.e., the filter
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0criteria are logically ANDed.<= br> >
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-filter {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:origin-ref; >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "Filter ba= sed on the 'origin' annotation.=C2=A0 A
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0configura= tion node matches the filter if its 'origin'
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0annotatio= n is derived from or equal to any of the given
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0filter va= lues.";
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Configuration no= des that do not have an
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation are treated as if they have the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation 'or:unknown'.
>
>
>
> > The draft shows an example where both "intended" and &q= uot;system" are given
> > > as filters.=C2=A0 This will work but will include all the &q= uot;intended" leafs as
> > > well.
> > > What if a "learned" node is within a "system&= quot; node within an "intended"
> > > node?
> >
> > This works as well.=C2=A0 Note that the get-data description says= :
> >
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Any ancestor nodes (inclu= ding list keys) of nodes selected by
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the filters are included = in the response.
> >
> >
> >
>
> The issue is how the /iaddresses and /addresses/address nodes match th= e
> origin "learned".

They don't, but they are included b/c of the quoted text above (i.e.: =C2=A0 =C2=A0 =C2=A0 Any ancestor nodes (including list keys) of nodes sele= cted by
=C2=A0 =C2=A0 =C2=A0 the filters are included in the response.)



No.

If the filter was for /addresses/address/zipcode then maybe that text= applies.
It is still unclear that the XPath is fully processed a= nd then the origin-filter is processed.
The RFC just says they ar= e ANDed together.

=C2=A0

> The leafs in list "address" are a mixture of "intended&= quot; and "learned"
> origin.
> The text clearly says that a node has a single origin property, couple= d to
> the annotation.
>
> Issue 1: mixed origin descendant nodes
> So how does a search on /addresses/address match origin-filter=3Dlearn= ed?
> I cannot find any text that says what the origin of a list or P-contai= ner
> is if it
> contains nodes of mixed origin.

See above.

No text above explains how t= he list origin is tagged if it has multiple types of child nodes.

=C2=A0

> Issue 2: NP-containers
>
> Also from RFC 8342:
>
>=C2=A0 =C2=A0 The origin applies to all configuration nodes except non-= presence
>=C2=A0 =C2=A0 containers.
>
>
> What if the top-level node is an NP-container in this case.
> I thought the top-level node MUST have an origin attribute.
>
> The text is not clear how NP-containers are handled.
> Do they have an origin attribute? If not then RFC 8526 says they have<= br> > origin "unknown".
> Is the intent that NP-containers always pass the origin-filter tests (= test
> skipped)?

No, since they don't have an origin value they will not be selected by<= br> the filter.=C2=A0 But an NP-container will be included in the reply if it is the ancestor of a node that is selected by the filter.


The RFC text does not really say that.=
Since it is very difficult to know if a data node 5 layers deep = is going to match,
implementing these filters according to this v= ague interpretation is unlikely.
=C2=A0

/martin


Andy
=C2=A0


>
>
>
> /martin
> >
> >
> Andy
>
>
> >
> > > Seems like the client needs to know a lot about the server i= mplementation
> > > details
> > > in order to use the origin filters.
> > >
> > >
> > > Andy
> >
--000000000000ed0f1f059452a10e-- From nobody Mon Oct 7 07:36:50 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F2912087E for ; Mon, 7 Oct 2019 07:36:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.49 X-Spam-Level: X-Spam-Status: No, score=-14.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Udf1mg6U; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=A9hEQ+zj Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSsEw0UxDdAL for ; Mon, 7 Oct 2019 07:36:39 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDDA9120874 for ; Mon, 7 Oct 2019 07:36:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=34948; q=dns/txt; s=iport; t=1570458999; x=1571668599; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=P8+fWcVolSmUVwhUz4Bm7DGUVDoIhFYgpjhL9C8Iwl4=; b=Udf1mg6UL75hjqCkTVWGC7IWcgNmyQcCW8WyoL0MoGbQRqMrHZYvQVF4 Gb1l5lFFZbG88uM3n5DpvJdTAzGBz4CTee/y0GZGm9DmQ+kxbWrHAlILo udlyc+pfhzvr1dojolrtQo5nddhPV75sRZHqNd96BjXKdxALHCUk3wwfs I=; IronPort-PHdr: =?us-ascii?q?9a23=3AxvPKcxMmS8kqcL+SARcl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu60/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjhM//ucys8NM9DT1RiuXq8NBsdFQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CwAABeTJtd/5hdJa1mGgEBAQEBAgE?= =?us-ascii?q?BAQEMAgEBAQGBZ4EcL1ADbVYgBAsqCoQZg0cDikmCXJd8glIDVAkBAQEMAQE?= =?us-ascii?q?tAgEBhEACF4JFIzgTAgMJAQEEAQEBAgEFBG2FLQyFSwEBAQMBEhEKEwEBNwE?= =?us-ascii?q?ECwIBCBEEAQEBIAcDAgICMBQJCAIEAQ0FCBqDAYEdTQMODwECo0sCgTiIYXW?= =?us-ascii?q?BMoJ9AQEFhQkYghcJgTSMDhiBQD+BEUaCTD6ELhg0glcygiaMdQ+CaYU1JIk?= =?us-ascii?q?IjnIKgiKMIIkTmT+OLJkyAgQCBAUCDgEBBYFpIoFYcBU7gmxQEBSBT4NzilN?= =?us-ascii?q?0gSmPIAGBIgEB?= X-IronPort-AV: E=Sophos;i="5.67,268,1566864000"; d="scan'208,217";a="346103309" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2019 14:36:38 +0000 Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x97Eabxc000465 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Oct 2019 14:36:37 GMT Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 09:36:37 -0500 Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 09:36:36 -0500 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 7 Oct 2019 09:36:36 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cE1GEuHhbOOoiD0HVlRyo3BonQwwIU+aBXzED58gsR6fhTPLBTLYvSzoPejUqqDS5ZB2FP7qwrscOtW6v3M56TctDzWrVzxA3Dx2YP1CTeroPeYSshhPzVeq2Dsh7v+jOm1rSV8tNa56u9GlM1+F1QCgxf3KuZtiuSROMacwygc9Afo01lnwR72N3Wkxtdielny3clH1rkthvJd8fNRXMNtY03KpdcD311gqMSylm3pvS3sI1RLQavglSy6rZbg3uM14oWk51pXpVGv1Yah5eMOKTPjEk5CbX0ZLR0C7WU+KIt+GBV1YRkgp1mzn75LkjG8N46mpUJdAiqj/OZEupg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P8+fWcVolSmUVwhUz4Bm7DGUVDoIhFYgpjhL9C8Iwl4=; b=RRwGfN6o3TX1Y61gsiuxNCUOJD7S0X52LhMVnG3xRyiEVczLCHg9Mpg8/yRWbc/3EM9zSm265njVXKaKWVLLkUkOIZRm0oDE620H88m9RhsUyZe/w4RiKKaW2QkQ7iYuD1G2B5Ugd58ulmXVJfjX1bUD5/A56R6cgMdTikSD4ssV8faJL80wtJl9KQUucxlWeM6zd3mxAK0oCah7dF1prcrVrJaKBCr6b8ekTBust6xWql33uSes+uTbtlgoAgVXTt0Sk7q28BC0Bl9DauiwENhobBOK4IQ9IirV+emu0l114GtO7A3AuqD5J46DrXN02rXufVKss5oww4SEZfn4cA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P8+fWcVolSmUVwhUz4Bm7DGUVDoIhFYgpjhL9C8Iwl4=; b=A9hEQ+zju4V5uuQXJksX9kFmr9NZVn/FkGECbPRYFva/qEnKWYUHYv/vsNo3BR+goBi84CEo1Q1tprdoQCCbPaJoHBkn/XuzhW/tqGe//oVpGFZYTdYd6bIal9NWpe2K68tos5zP/Ej9nZbtA36Vryzj4EPj2B3wbOEi1nVIaUQ= Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB4144.namprd11.prod.outlook.com (20.179.150.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.23; Mon, 7 Oct 2019 14:36:35 +0000 Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2327.023; Mon, 7 Oct 2019 14:36:35 +0000 From: "Rob Wilton (rwilton)" To: Andy Bierman , Martin Bjorklund CC: Netconf Thread-Topic: [netconf] get-data origin filters Thread-Index: AQHVe+MoAYKZiUAaf0ueOxvsgdbYHKdNvuAAgAAMyQCAAQJggIAAbHSAgAAFLAA= Date: Mon, 7 Oct 2019 14:36:35 +0000 Message-ID: References: <20191006.173256.1788347482117819951.mbj@tail-f.com> <20191007.094327.1923088106819713441.mbj@tail-f.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com; x-originating-ip: [173.38.220.47] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e678ff50-f740-469b-7e54-08d74b33c12c x-ms-traffictypediagnostic: MN2PR11MB4144: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(366004)(136003)(396003)(376002)(189003)(199004)(8676002)(9326002)(6436002)(74316002)(25786009)(55016002)(476003)(81156014)(110136005)(446003)(53546011)(6506007)(316002)(8936002)(229853002)(76176011)(7736002)(54896002)(11346002)(81166006)(7696005)(6306002)(6246003)(186003)(14444005)(26005)(256004)(2906002)(9686003)(33656002)(86362001)(4326008)(71200400001)(71190400001)(76116006)(66556008)(99286004)(102836004)(478600001)(790700001)(236005)(66946007)(52536014)(5660300002)(66066001)(486006)(14454004)(3846002)(66446008)(6116002)(66476007)(64756008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4144; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aadskABYDa6K7GUYQLWoU1VzMw9ktJ8RIK7GiDKMhUosNE/P3ambWd9PE8iGjgSv35ajSNM21vzCHIGhzOgiwmLaQ79evUz9r654JHeTFjpb4o2xcU/MbtYpFZ+EO3WQ+sWSsrMPdkiG59JJfLdcHUvOhbrSbyaAFyNtrBdh9uOrDoqqRdPhqYj1cIEfzIworNovXLTFkOK5yWzfLsUVSlsCuwYxUl1huE4MtTZA5zPE6jYCM/ee0XfF0NGSOyL/oCqf1K2lKQ9mlWAY5uM1Y37MGUtQUozRfLe1RyFPu5zVa+0/rdDwmIC7m11c+dD2secPTybVhkqacp/Ih2hVcmPJxAeyA4yY86enyO540Tb8SHPWrfhSgl5j5BchDYOOYj1tH+krdjRqxSkf5516X1WqZjky3mNwjh6v55xP35Q= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366BB8F556DE7DC866FE27BB59B0MN2PR11MB4366namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: e678ff50-f740-469b-7e54-08d74b33c12c X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 14:36:35.0909 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9wSBjHPjof6bCMs6EnpV6PdaD6Kjyxqr4i0j+HR+MQ8cJ4WiK8u2GFc8RgNIyFi2dZFnFnDKDkKDazNW4Pxpmw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4144 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.25, xch-aln-015.cisco.com X-Outbound-Node: rcdn-core-1.cisco.com Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 14:36:50 -0000 --_000_MN2PR11MB4366BB8F556DE7DC866FE27BB59B0MN2PR11MB4366namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQW5keSwNCg0KRG9u4oCZdCBhbGwgdGhlIGZpbHRlcnMgZWZmZWN0aXZlbHkgd29yayB0aGlz IHdheT8NCg0KVGhleSBzZWxlY3QgYSBzdWJzZXQgb2YgdGhlIG5vZGVzIHRvIGluY2x1ZGUgaW4g dGhlIHJlc3BvbnNlLCBhbmQgbXVzdCBhbHNvIGluY2x1ZGUgYWxsIGFuY2VzdG9yIG5vZGVzIGFu ZCByZXF1aXJlZCBsaXN0IGtleXMgdG8gdGhlIHNlbGVjdGVkIG5vZGVzLCByZWdhcmRsZXNzIG9m IHdoZXRoZXIgdGhvc2UgYW5jZXN0b3Iva2V5IG5vZGVzIHdlcmUgYWxzbyBzZWxlY3RlZCBieSB0 aGUgcXVlcnkuDQoNCkUuZy4gYSDigJxjb25maWcgZmFsc2XigJ0gZmlsdGVyIHdpbGwgc3RpbGwg cmV0dXJuIOKAnGNvbmZpZyB0cnVl4oCdIG5vZGVzIGlmIHRoZXkgYXJlIGFuY2VzdG9ycyBvciBs aXN0IGtleXMgdG8gYSBkZXNjZW5kYW50IGNvbmZpZyBmYWxzZSBub2RlLiAgVGhlIHNhbWUgbG9n aWMgYXBwbGllcyBmb3IgeHBhdGggYW5kIG9yaWdpbiBmaWx0ZXJzIGFzIHdlbGwuDQoNClRoYW5r cywNClJvYg0KDQoNCkZyb206IG5ldGNvbmYgPG5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZz4gT24g QmVoYWxmIE9mIEFuZHkgQmllcm1hbg0KU2VudDogMDcgT2N0b2JlciAyMDE5IDE1OjEyDQpUbzog TWFydGluIEJqb3JrbHVuZCA8bWJqQHRhaWwtZi5jb20+DQpDYzogTmV0Y29uZiA8bmV0Y29uZkBp ZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbbmV0Y29uZl0gZ2V0LWRhdGEgb3JpZ2luIGZpbHRlcnMN Cg0KDQoNCk9uIE1vbiwgT2N0IDcsIDIwMTkgYXQgMTI6NDMgQU0gTWFydGluIEJqb3JrbHVuZCA8 bWJqQHRhaWwtZi5jb208bWFpbHRvOm1iakB0YWlsLWYuY29tPj4gd3JvdGU6DQpBbmR5IEJpZXJt YW4gPGFuZHlAeXVtYXdvcmtzLmNvbTxtYWlsdG86YW5keUB5dW1hd29ya3MuY29tPj4gd3JvdGU6 DQo+IE9uIFN1biwgT2N0IDYsIDIwMTkgYXQgODozMiBBTSBNYXJ0aW4gQmpvcmtsdW5kIDxtYmpA dGFpbC1mLmNvbTxtYWlsdG86bWJqQHRhaWwtZi5jb20+PiB3cm90ZToNCj4NCj4gPiBIaSwNCj4g Pg0KPiA+IEFuZHkgQmllcm1hbiA8YW5keUB5dW1hd29ya3MuY29tPG1haWx0bzphbmR5QHl1bWF3 b3Jrcy5jb20+PiB3cm90ZToNCj4gPiA+IEhpLA0KPiA+ID4NCj4gPiA+IEkgYW0gdHJ5aW5nIHRv IGZpZ3VyZSBvdXQgaG93IHRvIHVzZSB0aGUgb3JpZ2luLWZpbHRlciBhbmQNCj4gPiA+IG5lZ2F0 ZWQtb3JpZ2luLWZpbHRlcg0KPiA+ID4gaW4gdGhlIDxnZXQtZGF0YT4gb3BlcmF0aW9uIGluIFJG QyA4NTI2Lg0KPiA+ID4NCj4gPiA+DQo+ID4gPiAgICAgICAgICAgbGVhZi1saXN0IG9yaWdpbi1m aWx0ZXIgew0KPiA+ID4gICAgICAgICAgICAgIHR5cGUgb3I6b3JpZ2luLXJlZjsNCj4gPiA+ICAg ICAgICAgICAgICBkZXNjcmlwdGlvbg0KPiA+ID4gICAgICAgICAgICAgICAgIkZpbHRlciBiYXNl ZCBvbiB0aGUgJ29yaWdpbicgYW5ub3RhdGlvbi4gIEENCj4gPiA+ICAgICAgICAgICAgICAgICBj b25maWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0aGUgZmlsdGVyIGlmIGl0cyAnb3JpZ2luJw0KPiA+ ID4gICAgICAgICAgICAgICAgIGFubm90YXRpb24gaXMgZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRv IGFueSBvZiB0aGUgZ2l2ZW4NCj4gPiA+ICAgICAgICAgICAgICAgICBmaWx0ZXIgdmFsdWVzLiI7 DQo+ID4gPiAgICAgICAgICAgIH0NCj4gPiA+DQo+ID4gPg0KPiA+ID4gVGhlc2UgZmlsdGVycyBz ZWVtIGtpbmQgb2Ygd29ydGhsZXNzIGlmIGltcGxlbWVudGVkIGFjY29yZGluZyB0byB0aGUNCj4g PiB0ZXh0Lg0KPiA+ID4gQ29uc2lkZXIgYSBzaW1wbGUgZXhhbXBsZSB3aGVyZSB0aGVyZSBpcyAx IGxlYXJuZWQgbGVhZiB3aXRoaW4gYSBsaXN0Og0KPiA+ID4NCj4gPiA+IG1vZHVsZTogYWRkcmVz cw0KPiA+ID4gICArLS1ydyBhZGRyZXNzZXMNCj4gPiA+ICAgICAgKy0tcncgYWRkcmVzcyogW2xh c3QtbmFtZSBmaXJzdC1uYW1lXQ0KPiA+ID4gICAgICAgICArLS1ydyBsYXN0LW5hbWUgICAgIHN0 cmluZw0KPiA+ID4gICAgICAgICArLS1ydyBmaXJzdC1uYW1lICAgIHN0cmluZw0KPiA+ID4gICAg ICAgICArLS1ydyBzdHJlZXQ/ICAgICAgIHN0cmluZw0KPiA+ID4gICAgICAgICArLS1ydyBjaXR5 PyAgICAgICAgIHN0cmluZw0KPiA+ID4gICAgICAgICArLS1ydyB6aXBjb2RlPyAgICAgIHN0cmlu Zw0KPiA+ID4gICAgICAgICArLS1ydyBwaG9uZSogW3Bob25lLXR5cGVdDQo+ID4gPiAgICAgICAg ICAgICstLXJ3IHBob25lLXR5cGUgICAgICBlbnVtZXJhdGlvbg0KPiA+ID4gICAgICAgICAgICAr LS1ydyBwaG9uZS1udW1iZXIgICAgc3RyaW5nDQo+ID4gPg0KPiA+ID4gTGV0J3Mgc2F5IHRoZSAi emlwY29kZSIgZmllbGQgaXMgbGVhcm5lZCBpbiA8b3BlcmF0aW9uYWw+DQo+ID4gPiAoZS5nLiBa SVAgY29kZSBsb29rdXAgZXhwYW5kcyBtaXNzaW5nIG9yIDUgZGlnaXQgemlwY29kZSB0byBmdWxs IDkgZGlnaXQNCj4gPiA+IHppcGNvZGUpLg0KPiA+ID4gU28gL2FkZHJlc3NlcyBhbmQgL2FkZHJl c3Nlcy9hZGRyZXNzIGhhdmUgb3JpZ2luICJpbnRlbmRlZCIuDQo+ID4gPiBPbmx5IHRoZSAvYWRk cmVzc2VzL2FkZHJlc3MvemlwY29kZSBsZWFmIGhhcyBvcmlnaW4gImxlYXJuZWQiLg0KPiA+ID4N Cj4gPiA+IFNvIGhvdyBkb2VzIG9yaWdpbi1maWx0ZXI9bGVhcm5lZCBmaW5kIGFsbCB0aGUgbGVh cm5lZCBsZWFmcz8NCj4gPg0KPiA+IFBlcmhhcHMgSSBkb24ndCB1bmRlcnN0YW5kIHlvdXIgcXVl c3Rpb247IElNTyB5b3UgZ2l2ZSB0aGUgYW5zd2VyIHRvDQo+ID4gdGhpcyBxdWVzdGlvbiBiZWxv dzoNCj4gPg0KPiA+ID4gV2hhdCBmaWx0ZXJzIGFyZSByZXF1aXJlZCB0byByZXR1cm4gb25seSB0 aGUgbGVhcm5lZCBlbnRyaWVzICsgYW5jZXN0b3JzDQo+ID4gKw0KPiA+ID4gYW5jZXN0b3Itb3It c2VsZiBrZXlzPyAgU2VlbXMgbGlrZSB0aGlzIGZpbHRlciBtZWNoYW5pc20gaGFzIHRvIGJlIHVz ZWQNCj4gPiA+IHRvIHJldHJpZXZlIHRoZSBleGFjdCBsZWFmIHRoYXQgbWlnaHQgYmUgbGVhcm5l ZCwgYW5kIHRoZSBjbGllbnQNCj4gPiA+IG5lZWRzIHRvIGtub3cgaW4gYWR2YW5jZSBhbGwgdGhl IHBvc3NpYmxlIG5vZGVzIHRoYXQgbWlnaHQgYmUgbGVhcm5lZC4NCj4gPiA+DQo+ID4gPiBXYW50 IHRvIGJlIGFibGUgdG8gcmV0cmlldmUgYW4gYW5jZXN0b3IgdGhhdCBpcyBpbnRlbmRlZCBhbmQg c3RpbGwgZmluZA0KPiA+IHRoZQ0KPiA+ID4gbGVhcm5lZCBlbnRyaWVzDQo+ID4gPg0KPiA+ID4g ICAgZ2V0LWRhdGEgeHBhdGgtZmlsdGVyPS9hZGRyZXNzZXMvYWRkcmVzcyBvcmlnaW4tZmlsdHRl cj1sZWFybmVkDQo+ID4NCj4gPiAuLi4gaGVyZS4gIFNvIHRoaXMgcmVxdWVzdCB3aWxsIHJldHVy bjoNCj4gPg0KPiA+ICAgIDxhZGRyZXNzZXMgb3I6b3JpZ2luPSJvcjppbnRlbmRlZCI+DQo+ID4g ICAgICA8YWRkcmVzcz4NCj4gPiAgICAgICAgPGxhc3QtbmFtZT4uLi48L2xhc3QtbmFtZT4NCj4g PiAgICAgICAgPGZpcnN0LW5hbWU+Li4uPC9maXJzdC1uYW1lPg0KPiA+ICAgICAgICA8emlwY29k ZSBvcjpvcmlnaW49Im9yOmxlYXJuZWQiPi4uLjwvemlwY29kZT4NCj4gPiAgICAgIDwvYWRkcmVz cz4NCj4gPiAgICAgIC4uLg0KPiA+ICAgIDwvYWRkcmVzc2VzPg0KPiA+DQo+ID4NCj4gSSBkbyBu b3QgaW50ZXJwcmV0IHRoZSB0ZXh0IHRoZSBzYW1lIHdheSBhcyB5b3UuDQoNCkRvZXMgdGhpcyBt ZWFuIHRoYXQgeW91IHRoaW5rIHRoYXQgdGhlIHJlcGx5IGlzIGRpZmZlcmVudCBmcm9tIHdoYXQg SQ0Kc2hvdyBhYm92ZT8gIElmIHNvLCB3aGF0IHdvdWxkIGl0IGJlLCBhbmQgd2h5Pw0KDQoNCg0K DQpFeHBsYWluIGhvdyB0aGUgbGlzdCBhZGRyZXNzIG5vZGUgaGFzIG9yaWdpbiAibGVhcm5lZCIu DQoNClRoZSBmaWx0ZXIgaXMgZm9yIC9hZGRyZXNzZXMvYWRkcmVzcyBhbmQgb25seSBvcmlnaW49 bGVhcm5lZC4NCkhvdyBkb2VzIHRoZSBsaXN0IG5vZGUgaGF2ZSBvcmlnaW49bGVhcm5lZD8NCkl0 IGNhbiBvbmx5IGhhdmUgMSB2YWx1ZS4NCkl0IGhhcyBjaGlsZCBub2RlcyB3aXRoIGJvdGggaW50 ZW5kZWQgYW5kIGxlYXJuZWQgYXMgb3JpZ2luLg0KSSBkbyBubyB1bmRlcnN0YW5kIGhvdyB0aGUg b3JpZ2luPWxlYXJuZWQgbWF0Y2hlZCB0aGlzIG5vZGUuDQoNCg0KDQoNCj4NCj4gICAgICAgICAg ICAgICAgICAgICAgVGhlIGNvbnRlbnQgcmV0dXJuZWQNCj4NCj4gICAgICAgICAgIGJ5IGdldC1k YXRhIG11c3Qgc2F0aXNmeSBhbGwgZmlsdGVycywgaS5lLiwgdGhlIGZpbHRlcg0KPiAgICAgICAg ICAgY3JpdGVyaWEgYXJlIGxvZ2ljYWxseSBBTkRlZC4NCj4NCj4NCj4gICAgICAgICAgIGxlYWYt bGlzdCBvcmlnaW4tZmlsdGVyIHsNCj4gICAgICAgICAgICAgIHR5cGUgb3I6b3JpZ2luLXJlZjsN Cj4gICAgICAgICAgICAgIGRlc2NyaXB0aW9uDQo+ICAgICAgICAgICAgICAgICJGaWx0ZXIgYmFz ZWQgb24gdGhlICdvcmlnaW4nIGFubm90YXRpb24uICBBDQo+ICAgICAgICAgICAgICAgICBjb25m aWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0aGUgZmlsdGVyIGlmIGl0cyAnb3JpZ2luJw0KPiAgICAg ICAgICAgICAgICAgYW5ub3RhdGlvbiBpcyBkZXJpdmVkIGZyb20gb3IgZXF1YWwgdG8gYW55IG9m IHRoZSBnaXZlbg0KPiAgICAgICAgICAgICAgICAgZmlsdGVyIHZhbHVlcy4iOw0KPiAgICAgICAg ICAgIH0NCj4NCj4NCj4gICAgICAgICAgICAgICBDb25maWd1cmF0aW9uIG5vZGVzIHRoYXQgZG8g bm90IGhhdmUgYW4NCj4gICAgICAgICAgICAgICAnb3JpZ2luJyBhbm5vdGF0aW9uIGFyZSB0cmVh dGVkIGFzIGlmIHRoZXkgaGF2ZSB0aGUNCj4gICAgICAgICAgICAgICAnb3JpZ2luJyBhbm5vdGF0 aW9uICdvcjp1bmtub3duJy4NCj4NCj4NCj4NCj4gPiBUaGUgZHJhZnQgc2hvd3MgYW4gZXhhbXBs ZSB3aGVyZSBib3RoICJpbnRlbmRlZCIgYW5kICJzeXN0ZW0iIGFyZSBnaXZlbg0KPiA+ID4gYXMg ZmlsdGVycy4gIFRoaXMgd2lsbCB3b3JrIGJ1dCB3aWxsIGluY2x1ZGUgYWxsIHRoZSAiaW50ZW5k ZWQiIGxlYWZzIGFzDQo+ID4gPiB3ZWxsLg0KPiA+ID4gV2hhdCBpZiBhICJsZWFybmVkIiBub2Rl IGlzIHdpdGhpbiBhICJzeXN0ZW0iIG5vZGUgd2l0aGluIGFuICJpbnRlbmRlZCINCj4gPiA+IG5v ZGU/DQo+ID4NCj4gPiBUaGlzIHdvcmtzIGFzIHdlbGwuICBOb3RlIHRoYXQgdGhlIGdldC1kYXRh IGRlc2NyaXB0aW9uIHNheXM6DQo+ID4NCj4gPiAgICAgICAgICAgQW55IGFuY2VzdG9yIG5vZGVz IChpbmNsdWRpbmcgbGlzdCBrZXlzKSBvZiBub2RlcyBzZWxlY3RlZCBieQ0KPiA+ICAgICAgICAg ICB0aGUgZmlsdGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIHJlc3BvbnNlLg0KPiA+DQo+ID4NCj4g Pg0KPg0KPiBUaGUgaXNzdWUgaXMgaG93IHRoZSAvaWFkZHJlc3NlcyBhbmQgL2FkZHJlc3Nlcy9h ZGRyZXNzIG5vZGVzIG1hdGNoIHRoZQ0KPiBvcmlnaW4gImxlYXJuZWQiLg0KDQpUaGV5IGRvbid0 LCBidXQgdGhleSBhcmUgaW5jbHVkZWQgYi9jIG9mIHRoZSBxdW90ZWQgdGV4dCBhYm92ZSAoaS5l LjoNCiAgICAgIEFueSBhbmNlc3RvciBub2RlcyAoaW5jbHVkaW5nIGxpc3Qga2V5cykgb2Ygbm9k ZXMgc2VsZWN0ZWQgYnkNCiAgICAgIHRoZSBmaWx0ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgcmVz cG9uc2UuKQ0KDQoNCk5vLg0KDQpJZiB0aGUgZmlsdGVyIHdhcyBmb3IgL2FkZHJlc3Nlcy9hZGRy ZXNzL3ppcGNvZGUgdGhlbiBtYXliZSB0aGF0IHRleHQgYXBwbGllcy4NCkl0IGlzIHN0aWxsIHVu Y2xlYXIgdGhhdCB0aGUgWFBhdGggaXMgZnVsbHkgcHJvY2Vzc2VkIGFuZCB0aGVuIHRoZSBvcmln aW4tZmlsdGVyIGlzIHByb2Nlc3NlZC4NClRoZSBSRkMganVzdCBzYXlzIHRoZXkgYXJlIEFORGVk IHRvZ2V0aGVyLg0KDQoNCg0KPiBUaGUgbGVhZnMgaW4gbGlzdCAiYWRkcmVzcyIgYXJlIGEgbWl4 dHVyZSBvZiAiaW50ZW5kZWQiIGFuZCAibGVhcm5lZCINCj4gb3JpZ2luLg0KPiBUaGUgdGV4dCBj bGVhcmx5IHNheXMgdGhhdCBhIG5vZGUgaGFzIGEgc2luZ2xlIG9yaWdpbiBwcm9wZXJ0eSwgY291 cGxlZCB0bw0KPiB0aGUgYW5ub3RhdGlvbi4NCj4NCj4gSXNzdWUgMTogbWl4ZWQgb3JpZ2luIGRl c2NlbmRhbnQgbm9kZXMNCj4gU28gaG93IGRvZXMgYSBzZWFyY2ggb24gL2FkZHJlc3Nlcy9hZGRy ZXNzIG1hdGNoIG9yaWdpbi1maWx0ZXI9bGVhcm5lZD8NCj4gSSBjYW5ub3QgZmluZCBhbnkgdGV4 dCB0aGF0IHNheXMgd2hhdCB0aGUgb3JpZ2luIG9mIGEgbGlzdCBvciBQLWNvbnRhaW5lcg0KPiBp cyBpZiBpdA0KPiBjb250YWlucyBub2RlcyBvZiBtaXhlZCBvcmlnaW4uDQoNClNlZSBhYm92ZS4N Cg0KTm8gdGV4dCBhYm92ZSBleHBsYWlucyBob3cgdGhlIGxpc3Qgb3JpZ2luIGlzIHRhZ2dlZCBp ZiBpdCBoYXMgbXVsdGlwbGUgdHlwZXMgb2YgY2hpbGQgbm9kZXMuDQoNCg0KDQo+IElzc3VlIDI6 IE5QLWNvbnRhaW5lcnMNCj4NCj4gQWxzbyBmcm9tIFJGQyA4MzQyOg0KPg0KPiAgICBUaGUgb3Jp Z2luIGFwcGxpZXMgdG8gYWxsIGNvbmZpZ3VyYXRpb24gbm9kZXMgZXhjZXB0IG5vbi1wcmVzZW5j ZQ0KPiAgICBjb250YWluZXJzLg0KPg0KPg0KPiBXaGF0IGlmIHRoZSB0b3AtbGV2ZWwgbm9kZSBp cyBhbiBOUC1jb250YWluZXIgaW4gdGhpcyBjYXNlLg0KPiBJIHRob3VnaHQgdGhlIHRvcC1sZXZl bCBub2RlIE1VU1QgaGF2ZSBhbiBvcmlnaW4gYXR0cmlidXRlLg0KPg0KPiBUaGUgdGV4dCBpcyBu b3QgY2xlYXIgaG93IE5QLWNvbnRhaW5lcnMgYXJlIGhhbmRsZWQuDQo+IERvIHRoZXkgaGF2ZSBh biBvcmlnaW4gYXR0cmlidXRlPyBJZiBub3QgdGhlbiBSRkMgODUyNiBzYXlzIHRoZXkgaGF2ZQ0K PiBvcmlnaW4gInVua25vd24iLg0KPiBJcyB0aGUgaW50ZW50IHRoYXQgTlAtY29udGFpbmVycyBh bHdheXMgcGFzcyB0aGUgb3JpZ2luLWZpbHRlciB0ZXN0cyAodGVzdA0KPiBza2lwcGVkKT8NCg0K Tm8sIHNpbmNlIHRoZXkgZG9uJ3QgaGF2ZSBhbiBvcmlnaW4gdmFsdWUgdGhleSB3aWxsIG5vdCBi ZSBzZWxlY3RlZCBieQ0KdGhlIGZpbHRlci4gIEJ1dCBhbiBOUC1jb250YWluZXIgd2lsbCBiZSBp bmNsdWRlZCBpbiB0aGUgcmVwbHkgaWYgaXQNCmlzIHRoZSBhbmNlc3RvciBvZiBhIG5vZGUgdGhh dCBpcyBzZWxlY3RlZCBieSB0aGUgZmlsdGVyLg0KDQpUaGUgUkZDIHRleHQgZG9lcyBub3QgcmVh bGx5IHNheSB0aGF0Lg0KU2luY2UgaXQgaXMgdmVyeSBkaWZmaWN1bHQgdG8ga25vdyBpZiBhIGRh dGEgbm9kZSA1IGxheWVycyBkZWVwIGlzIGdvaW5nIHRvIG1hdGNoLA0KaW1wbGVtZW50aW5nIHRo ZXNlIGZpbHRlcnMgYWNjb3JkaW5nIHRvIHRoaXMgdmFndWUgaW50ZXJwcmV0YXRpb24gaXMgdW5s aWtlbHkuDQoNCg0KL21hcnRpbg0KDQpBbmR5DQoNCg0KDQo+DQo+DQo+DQo+IC9tYXJ0aW4NCj4g Pg0KPiA+DQo+IEFuZHkNCj4NCj4NCj4gPg0KPiA+ID4gU2VlbXMgbGlrZSB0aGUgY2xpZW50IG5l ZWRzIHRvIGtub3cgYSBsb3QgYWJvdXQgdGhlIHNlcnZlciBpbXBsZW1lbnRhdGlvbg0KPiA+ID4g ZGV0YWlscw0KPiA+ID4gaW4gb3JkZXIgdG8gdXNlIHRoZSBvcmlnaW4gZmlsdGVycy4NCj4gPiA+ DQo+ID4gPg0KPiA+ID4gQW5keQ0KPiA+DQo= --_000_MN2PR11MB4366BB8F556DE7DC866FE27BB59B0MN2PR11MB4366namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxl LXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJ bXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6 NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0K ZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1b aWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1h eD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0K PG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9 IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9k eSBsYW5nPSJFTi1HQiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJX b3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJl YXN0LWxhbmd1YWdlOkVOLVVTIj5IaSBBbmR5LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5Eb27igJl0IGFsbCB0aGUgZmlsdGVy cyBlZmZlY3RpdmVseSB3b3JrIHRoaXMgd2F5PzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5UaGV5IHNlbGVjdCBhIHN1YnNldCBv ZiB0aGUgbm9kZXMgdG8gaW5jbHVkZSBpbiB0aGUgcmVzcG9uc2UsIGFuZCBtdXN0IGFsc28gaW5j bHVkZSBhbGwgYW5jZXN0b3Igbm9kZXMgYW5kIHJlcXVpcmVkIGxpc3Qga2V5cyB0byB0aGUgc2Vs ZWN0ZWQgbm9kZXMsIHJlZ2FyZGxlc3Mgb2Ygd2hldGhlciB0aG9zZSBhbmNlc3Rvci9rZXkgbm9k ZXMNCiB3ZXJlIGFsc28gc2VsZWN0ZWQgYnkgdGhlIHF1ZXJ5LjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFn ZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5FLmcuIGEg4oCcY29u ZmlnIGZhbHNl4oCdIGZpbHRlciB3aWxsIHN0aWxsIHJldHVybiDigJxjb25maWcgdHJ1ZeKAnSBu b2RlcyBpZiB0aGV5IGFyZSBhbmNlc3RvcnMgb3IgbGlzdCBrZXlzIHRvIGEgZGVzY2VuZGFudCBj b25maWcgZmFsc2Ugbm9kZS4mbmJzcDsgVGhlIHNhbWUgbG9naWMgYXBwbGllcyBmb3IgeHBhdGgg YW5kIG9yaWdpbiBmaWx0ZXJzIGFzIHdlbGwuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPlRoYW5rcyw8YnI+DQpSb2I8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZh cmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9y ZGVyLWxlZnQ6c29saWQgYmx1ZSAxLjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxk aXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4w cHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48 c3BhbiBsYW5nPSJFTi1VUyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj4gbmV0 Y29uZiAmbHQ7bmV0Y29uZi1ib3VuY2VzQGlldGYub3JnJmd0Ow0KPGI+T24gQmVoYWxmIE9mIDwv Yj5BbmR5IEJpZXJtYW48YnI+DQo8Yj5TZW50OjwvYj4gMDcgT2N0b2JlciAyMDE5IDE1OjEyPGJy Pg0KPGI+VG86PC9iPiBNYXJ0aW4gQmpvcmtsdW5kICZsdDttYmpAdGFpbC1mLmNvbSZndDs8YnI+ DQo8Yj5DYzo8L2I+IE5ldGNvbmYgJmx0O25ldGNvbmZAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+U3Vi amVjdDo8L2I+IFJlOiBbbmV0Y29uZl0gZ2V0LWRhdGEgb3JpZ2luIGZpbHRlcnM8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gTW9uLCBP Y3QgNywgMjAxOSBhdCAxMjo0MyBBTSBNYXJ0aW4gQmpvcmtsdW5kICZsdDs8YSBocmVmPSJtYWls dG86bWJqQHRhaWwtZi5jb20iPm1iakB0YWlsLWYuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWJvdHRvbToxMi4wcHQiPkFuZHkgQmllcm1hbiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFu ZHlAeXVtYXdvcmtzLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFuZHlAeXVtYXdvcmtzLmNvbTwvYT4m Z3Q7IHdyb3RlOjxicj4NCiZndDsgT24gU3VuLCBPY3QgNiwgMjAxOSBhdCA4OjMyIEFNIE1hcnRp biBCam9ya2x1bmQgJmx0OzxhIGhyZWY9Im1haWx0bzptYmpAdGFpbC1mLmNvbSIgdGFyZ2V0PSJf YmxhbmsiPm1iakB0YWlsLWYuY29tPC9hPiZndDsgd3JvdGU6PGJyPg0KJmd0OyA8YnI+DQomZ3Q7 ICZndDsgSGksPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IEFuZHkgQmllcm1hbiAmbHQ7 PGEgaHJlZj0ibWFpbHRvOmFuZHlAeXVtYXdvcmtzLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPmFuZHlA eXVtYXdvcmtzLmNvbTwvYT4mZ3Q7IHdyb3RlOjxicj4NCiZndDsgJmd0OyAmZ3Q7IEhpLDxicj4N CiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsgSSBhbSB0cnlpbmcgdG8gZmlndXJl IG91dCBob3cgdG8gdXNlIHRoZSBvcmlnaW4tZmlsdGVyIGFuZDxicj4NCiZndDsgJmd0OyAmZ3Q7 IG5lZ2F0ZWQtb3JpZ2luLWZpbHRlcjxicj4NCiZndDsgJmd0OyAmZ3Q7IGluIHRoZSAmbHQ7Z2V0 LWRhdGEmZ3Q7IG9wZXJhdGlvbiBpbiBSRkMgODUyNi48YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4N CiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwO2xlYWYtbGlzdCBvcmlnaW4tZmlsdGVyIHs8YnI+DQomZ3Q7ICZn dDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyB0 eXBlIG9yOm9yaWdpbi1yZWY7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgZGVzY3JpcHRpb248YnI+DQomZ3Q7ICZndDsg Jmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJnF1b3Q7RmlsdGVyIGJhc2VkIG9uIHRoZSAnb3JpZ2luJyBhbm5vdGF0aW9uLiZuYnNwOyBB PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2NvbmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVzIHRoZSBm aWx0ZXIgaWYgaXRzICdvcmlnaW4nPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2Fubm90YXRpb24g aXMgZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRvIGFueSBvZiB0aGUgZ2l2ZW48YnI+DQomZ3Q7ICZn dDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ZmlsdGVyIHZhbHVlcy4mcXVvdDs7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyB9PGJyPg0KJmd0OyAmZ3Q7ICZn dDs8YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IFRoZXNlIGZpbHRlcnMg c2VlbSBraW5kIG9mIHdvcnRobGVzcyBpZiBpbXBsZW1lbnRlZCBhY2NvcmRpbmcgdG8gdGhlPGJy Pg0KJmd0OyAmZ3Q7IHRleHQuPGJyPg0KJmd0OyAmZ3Q7ICZndDsgQ29uc2lkZXIgYSBzaW1wbGUg ZXhhbXBsZSB3aGVyZSB0aGVyZSBpcyAxIGxlYXJuZWQgbGVhZiB3aXRoaW4gYSBsaXN0Ojxicj4N CiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsgbW9kdWxlOiBhZGRyZXNzPGJyPg0K Jmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7JiM0MzstLXJ3IGFkZHJlc3Nlczxicj4NCiZndDsg Jmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJiM0MzstLXJ3IGFkZHJlc3MqIFtsYXN0LW5h bWUgZmlyc3QtbmFtZV08YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsmIzQzOy0tcncgbGFzdC1uYW1lJm5ic3A7ICZuYnNwOyAmbmJzcDtzdHJpbmc8 YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsmIzQz Oy0tcncgZmlyc3QtbmFtZSZuYnNwOyAmbmJzcDsgc3RyaW5nPGJyPg0KJmd0OyAmZ3Q7ICZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7JiM0MzstLXJ3IHN0cmVldD8mbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDtzdHJpbmc8YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsmIzQzOy0tcncgY2l0eT8mbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7c3RyaW5nPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7JiM0MzstLXJ3IHppcGNvZGU/Jm5ic3A7ICZuYnNwOyAmbmJzcDsg c3RyaW5nPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7JiM0MzstLXJ3IHBob25lKiBbcGhvbmUtdHlwZV08YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICYjNDM7LS1ydyBwaG9uZS10eXBl Jm5ic3A7ICZuYnNwOyAmbmJzcDsgZW51bWVyYXRpb248YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICYjNDM7LS1ydyBwaG9uZS1udW1i ZXImbmJzcDsgJm5ic3A7IHN0cmluZzxicj4NCiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7 ICZndDsgTGV0J3Mgc2F5IHRoZSAmcXVvdDt6aXBjb2RlJnF1b3Q7IGZpZWxkIGlzIGxlYXJuZWQg aW4gJmx0O29wZXJhdGlvbmFsJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IChlLmcuIFpJUCBjb2Rl IGxvb2t1cCBleHBhbmRzIG1pc3Npbmcgb3IgNSBkaWdpdCB6aXBjb2RlIHRvIGZ1bGwgOSBkaWdp dDxicj4NCiZndDsgJmd0OyAmZ3Q7IHppcGNvZGUpLjxicj4NCiZndDsgJmd0OyAmZ3Q7IFNvIC9h ZGRyZXNzZXMgYW5kIC9hZGRyZXNzZXMvYWRkcmVzcyBoYXZlIG9yaWdpbiAmcXVvdDtpbnRlbmRl ZCZxdW90Oy48YnI+DQomZ3Q7ICZndDsgJmd0OyBPbmx5IHRoZSAvYWRkcmVzc2VzL2FkZHJlc3Mv emlwY29kZSBsZWFmIGhhcyBvcmlnaW4gJnF1b3Q7bGVhcm5lZCZxdW90Oy48YnI+DQomZ3Q7ICZn dDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IFNvIGhvdyBkb2VzIG9yaWdpbi1maWx0ZXI9bGVh cm5lZCBmaW5kIGFsbCB0aGUgbGVhcm5lZCBsZWFmcz88YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7 ICZndDsgUGVyaGFwcyBJIGRvbid0IHVuZGVyc3RhbmQgeW91ciBxdWVzdGlvbjsgSU1PIHlvdSBn aXZlIHRoZSBhbnN3ZXIgdG88YnI+DQomZ3Q7ICZndDsgdGhpcyBxdWVzdGlvbiBiZWxvdzo8YnI+ DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyBXaGF0IGZpbHRlcnMgYXJlIHJlcXVpcmVk IHRvIHJldHVybiBvbmx5IHRoZSBsZWFybmVkIGVudHJpZXMgJiM0MzsgYW5jZXN0b3JzPGJyPg0K Jmd0OyAmZ3Q7ICYjNDM7PGJyPg0KJmd0OyAmZ3Q7ICZndDsgYW5jZXN0b3Itb3Itc2VsZiBrZXlz PyZuYnNwOyBTZWVtcyBsaWtlIHRoaXMgZmlsdGVyIG1lY2hhbmlzbSBoYXMgdG8gYmUgdXNlZDxi cj4NCiZndDsgJmd0OyAmZ3Q7IHRvIHJldHJpZXZlIHRoZSBleGFjdCBsZWFmIHRoYXQgbWlnaHQg YmUgbGVhcm5lZCwgYW5kIHRoZSBjbGllbnQ8YnI+DQomZ3Q7ICZndDsgJmd0OyBuZWVkcyB0byBr bm93IGluIGFkdmFuY2UgYWxsIHRoZSBwb3NzaWJsZSBub2RlcyB0aGF0IG1pZ2h0IGJlIGxlYXJu ZWQuPGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyBXYW50IHRvIGJlIGFi bGUgdG8gcmV0cmlldmUgYW4gYW5jZXN0b3IgdGhhdCBpcyBpbnRlbmRlZCBhbmQgc3RpbGwgZmlu ZDxicj4NCiZndDsgJmd0OyB0aGU8YnI+DQomZ3Q7ICZndDsgJmd0OyBsZWFybmVkIGVudHJpZXM8 YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyBnZXQt ZGF0YSB4cGF0aC1maWx0ZXI9L2FkZHJlc3Nlcy9hZGRyZXNzIG9yaWdpbi1maWx0dGVyPWxlYXJu ZWQ8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgLi4uIGhlcmUuJm5ic3A7IFNvIHRoaXMg cmVxdWVzdCB3aWxsIHJldHVybjo8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsmbmJzcDsg Jm5ic3A7ICZsdDthZGRyZXNzZXMgb3I6b3JpZ2luPSZxdW90O29yOmludGVuZGVkJnF1b3Q7Jmd0 Ozxicj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZsdDthZGRyZXNzJmd0Ozxicj4N CiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbHQ7bGFzdC1uYW1lJmd0Oy4u LiZsdDsvbGFzdC1uYW1lJmd0Ozxicj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbHQ7Zmlyc3QtbmFtZSZndDsuLi4mbHQ7L2ZpcnN0LW5hbWUmZ3Q7PGJyPg0KJmd0OyAm Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZsdDt6aXBjb2RlIG9yOm9yaWdpbj0mcXVv dDtvcjpsZWFybmVkJnF1b3Q7Jmd0Oy4uLiZsdDsvemlwY29kZSZndDs8YnI+DQomZ3Q7ICZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbHQ7L2FkZHJlc3MmZ3Q7PGJyPg0KJmd0OyAmZ3Q7Jm5ic3A7 ICZuYnNwOyAmbmJzcDsgLi4uPGJyPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbHQ7L2FkZHJl c3NlcyZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7IEkgZG8gbm90 IGludGVycHJldCB0aGUgdGV4dCB0aGUgc2FtZSB3YXkgYXMgeW91Ljxicj4NCjxicj4NCkRvZXMg dGhpcyBtZWFuIHRoYXQgeW91IHRoaW5rIHRoYXQgdGhlIHJlcGx5IGlzIGRpZmZlcmVudCBmcm9t IHdoYXQgSTxicj4NCnNob3cgYWJvdmU/Jm5ic3A7IElmIHNvLCB3aGF0IHdvdWxkIGl0IGJlLCBh bmQgd2h5Pzxicj4NCjxicj4NCjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkV4cGxhaW4gaG93IHRoZSBsaXN0IGFkZHJlc3Mg bm9kZSBoYXMgb3JpZ2luICZxdW90O2xlYXJuZWQmcXVvdDsuPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZSBmaWx0ZXIgaXMgZm9yIC9hZGRy ZXNzZXMvYWRkcmVzcyBhbmQgb25seSBvcmlnaW49bGVhcm5lZC48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhvdyBkb2VzIHRoZSBsaXN0IG5vZGUg aGF2ZSBvcmlnaW49bGVhcm5lZD88bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPkl0IGNhbiBvbmx5IGhhdmUgMSB2YWx1ZS48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkl0IGhhcyBjaGlsZCBub2RlcyB3 aXRoIGJvdGggaW50ZW5kZWQgYW5kIGxlYXJuZWQgYXMgb3JpZ2luLjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBkbyBubyB1bmRlcnN0YW5kJm5i c3A7aG93IHRoZSBvcmlnaW49bGVhcm5lZCBtYXRjaGVkIHRoaXMgbm9kZS48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdp bi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij4mZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7IFRoZSBjb250ZW50IHJldHVybmVkPGJyPg0KJmd0OyA8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtieSBnZXQtZGF0YSBtdXN0IHNhdGlzZnkgYWxs IGZpbHRlcnMsIGkuZS4sIHRoZSBmaWx0ZXI8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDtjcml0ZXJpYSBhcmUgbG9naWNhbGx5IEFORGVkLjxicj4NCiZn dDsgPGJyPg0KJmd0OyA8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDtsZWFmLWxpc3Qgb3JpZ2luLWZpbHRlciB7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyB0eXBlIG9yOm9yaWdpbi1yZWY7PGJy Pg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBk ZXNjcmlwdGlvbjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZxdW90O0ZpbHRlciBiYXNlZCBvbiB0aGUgJ29yaWdpbicgYW5u b3RhdGlvbi4mbmJzcDsgQTxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2NvbmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVz IHRoZSBmaWx0ZXIgaWYgaXRzICdvcmlnaW4nPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7YW5ub3RhdGlvbiBpcyBk ZXJpdmVkIGZyb20gb3IgZXF1YWwgdG8gYW55IG9mIHRoZSBnaXZlbjxicj4NCiZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2Zp bHRlciB2YWx1ZXMuJnF1b3Q7Ozxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyB9PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7Q29uZmlndXJhdGlv biBub2RlcyB0aGF0IGRvIG5vdCBoYXZlIGFuPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsnb3JpZ2luJyBhbm5vdGF0aW9uIGFy ZSB0cmVhdGVkIGFzIGlmIHRoZXkgaGF2ZSB0aGU8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOydvcmlnaW4nIGFubm90YXRpb24g J29yOnVua25vd24nLjxicj4NCiZndDsgPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsg Jmd0OyBUaGUgZHJhZnQgc2hvd3MgYW4gZXhhbXBsZSB3aGVyZSBib3RoICZxdW90O2ludGVuZGVk JnF1b3Q7IGFuZCAmcXVvdDtzeXN0ZW0mcXVvdDsgYXJlIGdpdmVuPGJyPg0KJmd0OyAmZ3Q7ICZn dDsgYXMgZmlsdGVycy4mbmJzcDsgVGhpcyB3aWxsIHdvcmsgYnV0IHdpbGwgaW5jbHVkZSBhbGwg dGhlICZxdW90O2ludGVuZGVkJnF1b3Q7IGxlYWZzIGFzPGJyPg0KJmd0OyAmZ3Q7ICZndDsgd2Vs bC48YnI+DQomZ3Q7ICZndDsgJmd0OyBXaGF0IGlmIGEgJnF1b3Q7bGVhcm5lZCZxdW90OyBub2Rl IGlzIHdpdGhpbiBhICZxdW90O3N5c3RlbSZxdW90OyBub2RlIHdpdGhpbiBhbiAmcXVvdDtpbnRl bmRlZCZxdW90Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IG5vZGU/PGJyPg0KJmd0OyAmZ3Q7PGJyPg0K Jmd0OyAmZ3Q7IFRoaXMgd29ya3MgYXMgd2VsbC4mbmJzcDsgTm90ZSB0aGF0IHRoZSBnZXQtZGF0 YSBkZXNjcmlwdGlvbiBzYXlzOjxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7QW55IGFuY2VzdG9yIG5vZGVzIChpbmNs dWRpbmcgbGlzdCBrZXlzKSBvZiBub2RlcyBzZWxlY3RlZCBieTxicj4NCiZndDsgJmd0OyZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7dGhlIGZpbHRlcnMgYXJlIGluY2x1 ZGVkIGluIHRoZSByZXNwb25zZS48YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQom Z3Q7ICZndDs8YnI+DQomZ3Q7IDxicj4NCiZndDsgVGhlIGlzc3VlIGlzIGhvdyB0aGUgL2lhZGRy ZXNzZXMgYW5kIC9hZGRyZXNzZXMvYWRkcmVzcyBub2RlcyBtYXRjaCB0aGU8YnI+DQomZ3Q7IG9y aWdpbiAmcXVvdDtsZWFybmVkJnF1b3Q7Ljxicj4NCjxicj4NClRoZXkgZG9uJ3QsIGJ1dCB0aGV5 IGFyZSBpbmNsdWRlZCBiL2Mgb2YgdGhlIHF1b3RlZCB0ZXh0IGFib3ZlIChpLmUuOjxicj4NCiZu YnNwOyAmbmJzcDsgJm5ic3A7IEFueSBhbmNlc3RvciBub2RlcyAoaW5jbHVkaW5nIGxpc3Qga2V5 cykgb2Ygbm9kZXMgc2VsZWN0ZWQgYnk8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyB0aGUgZmls dGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIHJlc3BvbnNlLik8bzpwPjwvbzpwPjwvcD4NCjwvYmxv Y2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Tm8uPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPklmIHRoZSBmaWx0ZXIg d2FzIGZvciAvYWRkcmVzc2VzL2FkZHJlc3MvemlwY29kZSB0aGVuIG1heWJlIHRoYXQgdGV4dCBh cHBsaWVzLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+SXQgaXMgc3RpbGwgdW5jbGVhciB0aGF0IHRoZSBYUGF0aCBpcyBmdWxseSBwcm9jZXNzZWQg YW5kIHRoZW4gdGhlIG9yaWdpbi1maWx0ZXIgaXMgcHJvY2Vzc2VkLjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIFJGQyBqdXN0IHNheXMgdGhl eSBhcmUgQU5EZWQgdG9nZXRoZXIuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2tx dW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtw YWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDow Y20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0KJmd0OyBUaGUgbGVhZnMgaW4gbGlzdCAm cXVvdDthZGRyZXNzJnF1b3Q7IGFyZSBhIG1peHR1cmUgb2YgJnF1b3Q7aW50ZW5kZWQmcXVvdDsg YW5kICZxdW90O2xlYXJuZWQmcXVvdDs8YnI+DQomZ3Q7IG9yaWdpbi48YnI+DQomZ3Q7IFRoZSB0 ZXh0IGNsZWFybHkgc2F5cyB0aGF0IGEgbm9kZSBoYXMgYSBzaW5nbGUgb3JpZ2luIHByb3BlcnR5 LCBjb3VwbGVkIHRvPGJyPg0KJmd0OyB0aGUgYW5ub3RhdGlvbi48YnI+DQomZ3Q7IDxicj4NCiZn dDsgSXNzdWUgMTogbWl4ZWQgb3JpZ2luIGRlc2NlbmRhbnQgbm9kZXM8YnI+DQomZ3Q7IFNvIGhv dyBkb2VzIGEgc2VhcmNoIG9uIC9hZGRyZXNzZXMvYWRkcmVzcyBtYXRjaCBvcmlnaW4tZmlsdGVy PWxlYXJuZWQ/PGJyPg0KJmd0OyBJIGNhbm5vdCBmaW5kIGFueSB0ZXh0IHRoYXQgc2F5cyB3aGF0 IHRoZSBvcmlnaW4gb2YgYSBsaXN0IG9yIFAtY29udGFpbmVyPGJyPg0KJmd0OyBpcyBpZiBpdDxi cj4NCiZndDsgY29udGFpbnMgbm9kZXMgb2YgbWl4ZWQgb3JpZ2luLjxicj4NCjxicj4NClNlZSBh Ym92ZS48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPk5vIHRleHQgYWJvdmUgZXhwbGFpbnMgaG93IHRoZSBsaXN0IG9yaWdpbiBpcyB0 YWdnZWQgaWYgaXQgaGFzIG11bHRpcGxlIHR5cGVzIG9mIGNoaWxkIG5vZGVzLjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4t bGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PGJyPg0KJmd0OyBJc3N1ZSAyOiBOUC1jb250YWluZXJz PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IEFsc28gZnJvbSBSRkMgODM0Mjo8YnI+DQomZ3Q7IDxicj4N CiZndDsmbmJzcDsgJm5ic3A7IFRoZSBvcmlnaW4gYXBwbGllcyB0byBhbGwgY29uZmlndXJhdGlv biBub2RlcyBleGNlcHQgbm9uLXByZXNlbmNlPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgY29udGFp bmVycy48YnI+DQomZ3Q7IDxicj4NCiZndDsgPGJyPg0KJmd0OyBXaGF0IGlmIHRoZSB0b3AtbGV2 ZWwgbm9kZSBpcyBhbiBOUC1jb250YWluZXIgaW4gdGhpcyBjYXNlLjxicj4NCiZndDsgSSB0aG91 Z2h0IHRoZSB0b3AtbGV2ZWwgbm9kZSBNVVNUIGhhdmUgYW4gb3JpZ2luIGF0dHJpYnV0ZS48YnI+ DQomZ3Q7IDxicj4NCiZndDsgVGhlIHRleHQgaXMgbm90IGNsZWFyIGhvdyBOUC1jb250YWluZXJz IGFyZSBoYW5kbGVkLjxicj4NCiZndDsgRG8gdGhleSBoYXZlIGFuIG9yaWdpbiBhdHRyaWJ1dGU/ IElmIG5vdCB0aGVuIFJGQyA4NTI2IHNheXMgdGhleSBoYXZlPGJyPg0KJmd0OyBvcmlnaW4gJnF1 b3Q7dW5rbm93biZxdW90Oy48YnI+DQomZ3Q7IElzIHRoZSBpbnRlbnQgdGhhdCBOUC1jb250YWlu ZXJzIGFsd2F5cyBwYXNzIHRoZSBvcmlnaW4tZmlsdGVyIHRlc3RzICh0ZXN0PGJyPg0KJmd0OyBz a2lwcGVkKT88YnI+DQo8YnI+DQpObywgc2luY2UgdGhleSBkb24ndCBoYXZlIGFuIG9yaWdpbiB2 YWx1ZSB0aGV5IHdpbGwgbm90IGJlIHNlbGVjdGVkIGJ5PGJyPg0KdGhlIGZpbHRlci4mbmJzcDsg QnV0IGFuIE5QLWNvbnRhaW5lciB3aWxsIGJlIGluY2x1ZGVkIGluIHRoZSByZXBseSBpZiBpdDxi cj4NCmlzIHRoZSBhbmNlc3RvciBvZiBhIG5vZGUgdGhhdCBpcyBzZWxlY3RlZCBieSB0aGUgZmls dGVyLjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+VGhlIFJGQyB0ZXh0IGRvZXMgbm90IHJlYWxseSBzYXkgdGhhdC48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlNpbmNlIGl0IGlzIHZl cnkgZGlmZmljdWx0IHRvIGtub3cgaWYgYSBkYXRhIG5vZGUgNSBsYXllcnMgZGVlcCBpcyBnb2lu ZyB0byBtYXRjaCw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPmltcGxlbWVudGluZyB0aGVzZSBmaWx0ZXJzIGFjY29yZGluZyB0byB0aGlzIHZhZ3Vl IGludGVycHJldGF0aW9uIGlzIHVubGlrZWx5LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEu MHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJp Z2h0OjBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4w cHQiPjxicj4NCi9tYXJ0aW48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFuZHk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8Ymxv Y2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBw dDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdo dDowY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0KPGJyPg0KJmd0OyA8YnI+DQomZ3Q7 IDxicj4NCiZndDsgPGJyPg0KJmd0OyAvbWFydGluPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAm Z3Q7PGJyPg0KJmd0OyBBbmR5PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsgJmd0Ozxi cj4NCiZndDsgJmd0OyAmZ3Q7IFNlZW1zIGxpa2UgdGhlIGNsaWVudCBuZWVkcyB0byBrbm93IGEg bG90IGFib3V0IHRoZSBzZXJ2ZXIgaW1wbGVtZW50YXRpb248YnI+DQomZ3Q7ICZndDsgJmd0OyBk ZXRhaWxzPGJyPg0KJmd0OyAmZ3Q7ICZndDsgaW4gb3JkZXIgdG8gdXNlIHRoZSBvcmlnaW4gZmls dGVycy48YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAm Z3Q7ICZndDsgQW5keTxicj4NCiZndDsgJmd0OzxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3Rl Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_MN2PR11MB4366BB8F556DE7DC866FE27BB59B0MN2PR11MB4366namp_-- From nobody Mon Oct 7 07:52:06 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A0EC12006A for ; Mon, 7 Oct 2019 07:52:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.789 X-Spam-Level: X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_BOUND_DIGITS_15=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PVi_YPCFfl-c for ; Mon, 7 Oct 2019 07:52:01 -0700 (PDT) Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40AFC120058 for ; Mon, 7 Oct 2019 07:52:01 -0700 (PDT) Received: by mail-lf1-x12f.google.com with SMTP id x80so9507295lff.3 for ; Mon, 07 Oct 2019 07:52:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tmRXmybQ/o96XhU6QRN5XjR8d3GSDIfIrU6+ihuKXic=; b=VVl02wnRECLdDXGgofvB5ugCUSr5YL5vL3FBgJXg7ga0TpQLrfryuYcLR9poeKJdIP yXvPoYyVf4vBv63rSKpPaiH1n6IrpOqqQo13nhc3wN/x3ZeWFdYFmqd/zREcyjTp9Z2M ZpCQ7A/PDud1ueTP7TqpBrWw98fiOmKF6x/VJVIb7JkG8Zk3wX+/nNc3SNH0rForC2Ee SRsCYvOv7VtFrosnDOgyiBLMyLLhgI4Ph7r+FwVz8zIbawam3xsjeNFTbSZI7gQuE0fX BhgN8dDqFGCd+Nxh5xYW7vjfJ6eEc+6IEh3oZsHFHRAPiq33K9vR5t4C8LIGt2CUBYxP mMEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tmRXmybQ/o96XhU6QRN5XjR8d3GSDIfIrU6+ihuKXic=; b=PKURuOL+kV9JCBRes9VIhpIIp4ksXSorVx+xAeZh9wHdu7e1MGRO3WO5+GrwI3RM7+ J2XnfHgn1cTEPk0Y7YCegkJmBBtAVMb5EnFLnUTnXWDbypnjNUGa/JLTAmMlLpGEwtnN sUs3ALdCd+H5chagHNjVZD9LSbBxjj9kcwElw3++VjEC3OSjEiske4BQYPkTe4L8cb6A frg0LcH24seqf/71sTo3cIt5P1rwOGkFpzhpXHCsGaPsJVgS2g92LkdBQrmLh58j9QSz A/mylX5/fi2iJiUCMd4EL0GZqQTpPQDyZrm1pKd7C1cjHfBvbVX9Nwf2y61Yikbb6pvU XwmA== X-Gm-Message-State: APjAAAVJU7PcBAC+rfU0CA5tXx96lXxMHladfMI2rV/GI4IfpAJb7TKU yNU0wWAROhIpTzp2CxXDBWzfhah7BKUZ/GtmZYbMtA== X-Google-Smtp-Source: APXvYqxzP4jX0aZhMGLn8exVHWcLP15G21joQKBjYv+kVVDia52wHsBV2Ng7Xzg1xDmIDloAKd01OixLg4zBiyYeFCo= X-Received: by 2002:ac2:44b9:: with SMTP id c25mr18017261lfm.112.1570459918477; Mon, 07 Oct 2019 07:51:58 -0700 (PDT) MIME-Version: 1.0 References: <20191006.173256.1788347482117819951.mbj@tail-f.com> <20191007.094327.1923088106819713441.mbj@tail-f.com> In-Reply-To: From: Andy Bierman Date: Mon, 7 Oct 2019 07:51:47 -0700 Message-ID: To: "Rob Wilton (rwilton)" Cc: Martin Bjorklund , Netconf Content-Type: multipart/alternative; boundary="0000000000009341760594533127" Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 14:52:05 -0000 --0000000000009341760594533127 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Oct 7, 2019 at 7:36 AM Rob Wilton (rwilton) wrote: > Hi Andy, > > > > Don=E2=80=99t all the filters effectively work this way? > I do not see the text that explains origin-filter and negated-origin-filter working the way Martin describes it. These filters do not say anywhere to select a node because it has descendants that match the origin filters. It says very clearly that the filter test is on the specified node. It also says the origin is derived from the origin annotation for that node= . Since only 1 instance of the origin annotation is allowed per node, there is no way to tag a node with multiple origins. If implementation is too complex then people will just leave it out (w/ a deviation). It is unlikely that the instrumentation knows at any given instant all the origin values of all the descendant dynamic data at the instant the request is processed. > > They select a subset of the nodes to include in the response, and must > also include all ancestor nodes and required list keys to the selected > nodes, regardless of whether those ancestor/key nodes were also selected = by > the query. > > > Yes. Understood. Still does not explain how a filter for the list node selects descendant nodes that match the origin filters. > E.g. a =E2=80=9Cconfig false=E2=80=9D filter will still return =E2=80=9Cc= onfig true=E2=80=9D nodes if they > are ancestors or list keys to a descendant config false node. The same > logic applies for xpath and origin filters as well. > > > No they won't. Where is that text? get-data config=3Dfilter=3Dfalse This starts from top-level YANG nodes. If the top-level YANG node is not config=3Dfalse then the server will not keep looking for descendants that match. > Thanks, > Rob > > Andy > > > > > *From:* netconf *On Behalf Of *Andy Bierman > *Sent:* 07 October 2019 15:12 > *To:* Martin Bjorklund > *Cc:* Netconf > *Subject:* Re: [netconf] get-data origin filters > > > > > > > > On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund wrote: > > Andy Bierman wrote: > > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund wrote: > > > > > Hi, > > > > > > Andy Bierman wrote: > > > > Hi, > > > > > > > > I am trying to figure out how to use the origin-filter and > > > > negated-origin-filter > > > > in the operation in RFC 8526. > > > > > > > > > > > > leaf-list origin-filter { > > > > type or:origin-ref; > > > > description > > > > "Filter based on the 'origin' annotation. A > > > > configuration node matches the filter if its 'origi= n' > > > > annotation is derived from or equal to any of the > given > > > > filter values."; > > > > } > > > > > > > > > > > > These filters seem kind of worthless if implemented according to th= e > > > text. > > > > Consider a simple example where there is 1 learned leaf within a > list: > > > > > > > > module: address > > > > +--rw addresses > > > > +--rw address* [last-name first-name] > > > > +--rw last-name string > > > > +--rw first-name string > > > > +--rw street? string > > > > +--rw city? string > > > > +--rw zipcode? string > > > > +--rw phone* [phone-type] > > > > +--rw phone-type enumeration > > > > +--rw phone-number string > > > > > > > > Let's say the "zipcode" field is learned in > > > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 > digit > > > > zipcode). > > > > So /addresses and /addresses/address have origin "intended". > > > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > > > > > So how does origin-filter=3Dlearned find all the learned leafs? > > > > > > Perhaps I don't understand your question; IMO you give the answer to > > > this question below: > > > > > > > What filters are required to return only the learned entries + > ancestors > > > + > > > > ancestor-or-self keys? Seems like this filter mechanism has to be > used > > > > to retrieve the exact leaf that might be learned, and the client > > > > needs to know in advance all the possible nodes that might be > learned. > > > > > > > > Want to be able to retrieve an ancestor that is intended and still > find > > > the > > > > learned entries > > > > > > > > get-data xpath-filter=3D/addresses/address origin-filtter=3Dlear= ned > > > > > > ... here. So this request will return: > > > > > > > > >
> > > ... > > > ... > > > ... > > >
> > > ... > > > > > > > > > > > I do not interpret the text the same way as you. > > Does this mean that you think that the reply is different from what I > show above? If so, what would it be, and why? > > > > > > > > Explain how the list address node has origin "learned". > > > > The filter is for /addresses/address and only origin=3Dlearned. > > How does the list node have origin=3Dlearned? > > It can only have 1 value. > > It has child nodes with both intended and learned as origin. > > I do no understand how the origin=3Dlearned matched this node. > > > > > > > > > > > > > The content returned > > > > by get-data must satisfy all filters, i.e., the filter > > criteria are logically ANDed. > > > > > > leaf-list origin-filter { > > type or:origin-ref; > > description > > "Filter based on the 'origin' annotation. A > > configuration node matches the filter if its 'origin' > > annotation is derived from or equal to any of the given > > filter values."; > > } > > > > > > Configuration nodes that do not have an > > 'origin' annotation are treated as if they have the > > 'origin' annotation 'or:unknown'. > > > > > > > > > The draft shows an example where both "intended" and "system" are giv= en > > > > as filters. This will work but will include all the "intended" > leafs as > > > > well. > > > > What if a "learned" node is within a "system" node within an > "intended" > > > > node? > > > > > > This works as well. Note that the get-data description says: > > > > > > Any ancestor nodes (including list keys) of nodes selected = by > > > the filters are included in the response. > > > > > > > > > > > > > The issue is how the /iaddresses and /addresses/address nodes match the > > origin "learned". > > They don't, but they are included b/c of the quoted text above (i.e.: > Any ancestor nodes (including list keys) of nodes selected by > the filters are included in the response.) > > > > > > No. > > > > If the filter was for /addresses/address/zipcode then maybe that text > applies. > > It is still unclear that the XPath is fully processed and then the > origin-filter is processed. > > The RFC just says they are ANDed together. > > > > > > > > The leafs in list "address" are a mixture of "intended" and "learned" > > origin. > > The text clearly says that a node has a single origin property, coupled > to > > the annotation. > > > > Issue 1: mixed origin descendant nodes > > So how does a search on /addresses/address match origin-filter=3Dlearne= d? > > I cannot find any text that says what the origin of a list or P-contain= er > > is if it > > contains nodes of mixed origin. > > See above. > > > > No text above explains how the list origin is tagged if it has multiple > types of child nodes. > > > > > > > > Issue 2: NP-containers > > > > Also from RFC 8342: > > > > The origin applies to all configuration nodes except non-presence > > containers. > > > > > > What if the top-level node is an NP-container in this case. > > I thought the top-level node MUST have an origin attribute. > > > > The text is not clear how NP-containers are handled. > > Do they have an origin attribute? If not then RFC 8526 says they have > > origin "unknown". > > Is the intent that NP-containers always pass the origin-filter tests > (test > > skipped)? > > No, since they don't have an origin value they will not be selected by > the filter. But an NP-container will be included in the reply if it > is the ancestor of a node that is selected by the filter. > > > > The RFC text does not really say that. > > Since it is very difficult to know if a data node 5 layers deep is going > to match, > > implementing these filters according to this vague interpretation is > unlikely. > > > > > /martin > > > > Andy > > > > > > > > > > > > > /martin > > > > > > > > Andy > > > > > > > > > > > Seems like the client needs to know a lot about the server > implementation > > > > details > > > > in order to use the origin filters. > > > > > > > > > > > > Andy > > > > > --0000000000009341760594533127 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Oct 7, 2019 at 7:36 AM Rob Wi= lton (rwilton) <rwilton@cisco.com> wrote:

Hi Andy,

=C2=A0

Don=E2=80=99t all the filters effectively work= this way?



If implementa= tion is too complex then people will just leave it out (w/ a deviation).
It is unlikely that the instrumentation knows at any given instant = all the origin values
of all the descendant dynamic data at the i= nstant the <get-data> request is processed.

=

=
=

=C2=A0

They select a subset of the nodes to include i= n the response, and must also include all ancestor nodes and required list = keys to the selected nodes, regardless of whether those ancestor/key nodes were also selected by the query.

=C2=A0


Yes. Understood.
Still does not explain ho= w a filter for the list node selects descendant nodes that match the origin= filters.

=C2=A0

E.g. a =E2=80=9Cconfig false=E2=80=9D filter w= ill still return =E2=80=9Cconfig true=E2=80=9D nodes if they are ancestors = or list keys to a descendant config false node.=C2=A0 The same logic applie= s for xpath and origin filters as well.

=C2=A0


No they won't.
Where is that text?

=C2=A0 =C2=A0 get-data config=3Dfilter=3Dfalse

This starts from top-level YANG nodes.
If = the top-level YANG node is not config=3Dfalse then the server will not keep= looking for descendants that match.

=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">

Thanks,
Rob




<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">

=C2=A0

=C2=A0

From: netconf <netconf-bounces@ietf.org> On Behalf Of Andy Bierman
Sent: 07 October 2019 15:12
To: Martin Bjorklund <mbj@tail-f.com>
Cc: Netconf <netconf@ietf.org>
Subject: Re: [netconf] get-data origin filters<= /p>

=C2=A0

=C2=A0

=C2=A0

On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund <= ;mbj@tail-f.com>= wrote:

Andy Bierman <andy@yumaworks.com>= ; wrote:
> On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund <mbj@tail-f.com> wrote:
>
> > Hi,
> >
> > Andy Bierman <andy@yumaworks.com> wrote:
> > > Hi,
> > >
> > > I am trying to figure out how to use the origin-filter and > > > negated-origin-filter
> > > in the <get-data> operation in RFC 8526.
> > >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-fil= ter {
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:orig= in-ref;
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description<= br> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "= ;Filter based on the 'origin' annotation.=C2=A0 A
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0configuration node matches the filter if its 'origin'
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0annotation is derived from or equal to any of the given
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0filter values.";
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> > >
> > >
> > > These filters seem kind of worthless if implemented accordin= g to the
> > text.
> > > Consider a simple example where there is 1 learned leaf with= in a list:
> > >
> > > module: address
> > >=C2=A0 =C2=A0+--rw addresses
> > >=C2=A0 =C2=A0 =C2=A0 +--rw address* [last-name first-name] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw last-name=C2=A0 =C2= =A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw first-name=C2=A0 =C2= =A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw street?=C2=A0 =C2=A0 = =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw city?=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw zipcode?=C2=A0 =C2=A0= =C2=A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw phone* [phone-type] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-type=C2= =A0 =C2=A0 =C2=A0 enumeration
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-number= =C2=A0 =C2=A0 string
> > >
> > > Let's say the "zipcode" field is learned in &l= t;operational>
> > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to = full 9 digit
> > > zipcode).
> > > So /addresses and /addresses/address have origin "inten= ded".
> > > Only the /addresses/address/zipcode leaf has origin "le= arned".
> > >
> > > So how does origin-filter=3Dlearned find all the learned lea= fs?
> >
> > Perhaps I don't understand your question; IMO you give the an= swer to
> > this question below:
> >
> > > What filters are required to return only the learned entries= + ancestors
> > +
> > > ancestor-or-self keys?=C2=A0 Seems like this filter mechanis= m has to be used
> > > to retrieve the exact leaf that might be learned, and the cl= ient
> > > needs to know in advance all the possible nodes that might b= e learned.
> > >
> > > Want to be able to retrieve an ancestor that is intended and= still find
> > the
> > > learned entries
> > >
> > >=C2=A0 =C2=A0 get-data xpath-filter=3D/addresses/address orig= in-filtter=3Dlearned
> >
> > ... here.=C2=A0 So this request will return:
> >
> >=C2=A0 =C2=A0 <addresses or:origin=3D"or:intended">= ;
> >=C2=A0 =C2=A0 =C2=A0 <address>
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <last-name>...</last-name>=
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <first-name>...</first-name&g= t;
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <zipcode or:origin=3D"or:learn= ed">...</zipcode>
> >=C2=A0 =C2=A0 =C2=A0 </address>
> >=C2=A0 =C2=A0 =C2=A0 ...
> >=C2=A0 =C2=A0 </addresses>
> >
> >
> I do not interpret the text the same way as you.

Does this mean that you think that the reply is different from what I
show above?=C2=A0 If so, what would it be, and why?

=C2=A0

=C2=A0

=C2=A0

Explain how the list address node has origin "l= earned".

=C2=A0

The filter is for /addresses/address and only origin= =3Dlearned.

How does the list node have origin=3Dlearned?=

It can only have 1 value.

It has child nodes with both intended and learned as= origin.

I do no understand=C2=A0how the origin=3Dlearned mat= ched this node.

=C2=A0

=C2=A0

=C2=A0

=C2=A0

>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 The content returned
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0by get-data must satisfy all f= ilters, i.e., the filter
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0criteria are logically ANDed.<= br> >
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-filter {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:origin-ref; >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "Filter ba= sed on the 'origin' annotation.=C2=A0 A
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0configura= tion node matches the filter if its 'origin'
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0annotatio= n is derived from or equal to any of the given
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0filter va= lues.";
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Configuration no= des that do not have an
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation are treated as if they have the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation 'or:unknown'.
>
>
>
> > The draft shows an example where both "intended" and &q= uot;system" are given
> > > as filters.=C2=A0 This will work but will include all the &q= uot;intended" leafs as
> > > well.
> > > What if a "learned" node is within a "system&= quot; node within an "intended"
> > > node?
> >
> > This works as well.=C2=A0 Note that the get-data description says= :
> >
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Any ancestor nodes (inclu= ding list keys) of nodes selected by
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the filters are included = in the response.
> >
> >
> >
>
> The issue is how the /iaddresses and /addresses/address nodes match th= e
> origin "learned".

They don't, but they are included b/c of the quoted text above (i.e.: =C2=A0 =C2=A0 =C2=A0 Any ancestor nodes (including list keys) of nodes sele= cted by
=C2=A0 =C2=A0 =C2=A0 the filters are included in the response.)

=C2=A0

=C2=A0

No.

=C2=A0

If the filter was for /addresses/address/zipcode the= n maybe that text applies.

It is still unclear that the XPath is fully processe= d and then the origin-filter is processed.

The RFC just says they are ANDed together.=

=C2=A0

=C2=A0


> The leafs in list "address" are a mixture of "intended&= quot; and "learned"
> origin.
> The text clearly says that a node has a single origin property, couple= d to
> the annotation.
>
> Issue 1: mixed origin descendant nodes
> So how does a search on /addresses/address match origin-filter=3Dlearn= ed?
> I cannot find any text that says what the origin of a list or P-contai= ner
> is if it
> contains nodes of mixed origin.

See above.

=C2=A0

No text above explains how the list origin is tagged= if it has multiple types of child nodes.

=C2=A0

=C2=A0


> Issue 2: NP-containers
>
> Also from RFC 8342:
>
>=C2=A0 =C2=A0 The origin applies to all configuration nodes except non-= presence
>=C2=A0 =C2=A0 containers.
>
>
> What if the top-level node is an NP-container in this case.
> I thought the top-level node MUST have an origin attribute.
>
> The text is not clear how NP-containers are handled.
> Do they have an origin attribute? If not then RFC 8526 says they have<= br> > origin "unknown".
> Is the intent that NP-containers always pass the origin-filter tests (= test
> skipped)?

No, since they don't have an origin value they will not be selected by<= br> the filter.=C2=A0 But an NP-container will be included in the reply if it is the ancestor of a node that is selected by the filter.

=C2=A0

The RFC text does not really say that.=

Since it is very difficult to know if a data node 5 = layers deep is going to match,

implementing these filters according to this vague i= nterpretation is unlikely.

=C2=A0


/martin

=C2=A0

Andy

=C2=A0



>
>
>
> /martin
> >
> >
> Andy
>
>
> >
> > > Seems like the client needs to know a lot about the server i= mplementation
> > > details
> > > in order to use the origin filters.
> > >
> > >
> > > Andy
> >

--0000000000009341760594533127-- From nobody Mon Oct 7 09:35:06 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7E1412006D for ; Mon, 7 Oct 2019 09:35:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.49 X-Spam-Level: X-Spam-Status: No, score=-14.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HN2laJok; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xGzOk4yY Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6i8knJvEGSr6 for ; Mon, 7 Oct 2019 09:35:01 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 154ED120043 for ; Mon, 7 Oct 2019 09:35:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=56422; q=dns/txt; s=iport; t=1570466100; x=1571675700; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=nyR9n0qLrPJz+J7yjJa7hcDccaAIiJxf3Wg02e7aW3w=; b=HN2laJok19leOz6l6W2U0EOm38lJjop4Zxr2CwlqCWTUt7Qrik7l2A9p reMrfLkiPzhEo/mSiE648LNxigClL3KOA8xf+PlWnpr6QySjp49qOAVPE iDwYpPNzy6eQjsJNJ7Alxmp+xMFrohmowoDdQ96vrZaDGMtzQsOXoDLHu 8=; IronPort-PHdr: =?us-ascii?q?9a23=3AOK1vjhXgWvgxX6VC9USx1ax93APV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtankgA8VGSFhj13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DeAQDkaJtd/5RdJa1mGwEBAQEDAQE?= =?us-ascii?q?BDAMBAQGBZ4EcL1ADbVYgBAsqCoQZYoJlA4pJglyXfIJSA1QJAQEBDAEBLQI?= =?us-ascii?q?BAYRAAheCRSM4EwIDCQEBBAEBAQIBBQRthS0MhUsBAQEDARIRChMBATcBBAs?= =?us-ascii?q?CAQgRBAEBASABBgMCAgIwFAkIAgQOBQgagwGBHU0DDg8BAqQvAoE4iGF1gTK?= =?us-ascii?q?CfQEBBYUIGIIXCYE0jA4YgUA/gRFGgkw+hC4YNIJXMoImjHUPgmmFNSSJCI5?= =?us-ascii?q?yCoIijCCJE5k/p14CBAIEBQIOAQEFgWkigVhwFTuCbFAQFIFPg3OKU3SBKY8?= =?us-ascii?q?gAYEiAQE?= X-IronPort-AV: E=Sophos;i="5.67,268,1566864000"; d="scan'208,217";a="645801092" Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2019 16:34:59 +0000 Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x97GYx1X032225 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Oct 2019 16:34:59 GMT Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 11:34:58 -0500 Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 11:34:57 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 7 Oct 2019 11:34:57 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EmQjBAM0+v9zOmi8OjhetTB0grUr2c9CwE1kTovaRjIz4R1MtSK/vpKhMziLa5LUqBGtvt7xIue84m30z2aaQT1irDxYAZEuWRnKng9Dy+1zGFIJYNIFBjKmHksjxkTo7F3LsydlNa2N3yTrf4qulSiieh1TWhSWHXpvuUosuAj/+buzzcXfuIUHIKny5j6qa65UDzQeH15nVuikr1fNy8RZSzRkM+afKnD8mkhUztyeW6v+yKdOctXEg94AsNSRZPU5RYKyGwDkWl13VTroETOyYE25TE55tSROVcZM4GGtNhbAXBAGbDFytj3ztdaHUCID7Ea5E4sQyEm7hSj8vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nyR9n0qLrPJz+J7yjJa7hcDccaAIiJxf3Wg02e7aW3w=; b=CHPF0BuUMsD+1KA5vaeh2nVnAm57E8+L0yq7r6ezYeL4IqTnnlH7p1iMPW/jkvrfrSaoAgEf60ptDDRK8Wc+q0G2f3na0Mtt1ZZaR68WON2Dbt91ohff2gqLeC59GYpEwY4ekY9GN99p+x6921/eYp45tQbgtCJEQuV7DHuEABNsauj5+w1J0QgldkiHS/LUVtV5Vn3gJ4YoAQ9rHZg5qZOu0FA3nzvFfZRlAkFrAJll6CGpZgN8vxZiQtm1b0NnuMSZMf+9jd+zbvJZziOTAuqokGOnGnY7ZS8mNYk/p1KqQx2moE7dHRMWCdONBuZVKCxSa9OdFSubSVbDULgyCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nyR9n0qLrPJz+J7yjJa7hcDccaAIiJxf3Wg02e7aW3w=; b=xGzOk4yY+zjHwUm4HL3vqnm7zE4Qm79g27/CAPTFGMGRTCeB0o4mr1UbGXm1jQcYvw91s1Tvhic/lWNXEhArVQrs0xzKJ3EKCN+Ze/k+E23huqxLNwVhy3kdCaahI7oqMCZMJJq2K5Fl2aoMxr3oSFwknUV7Q5soc6dUbVRbBWo= Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3677.namprd11.prod.outlook.com (20.178.253.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Mon, 7 Oct 2019 16:34:56 +0000 Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2327.023; Mon, 7 Oct 2019 16:34:56 +0000 From: "Rob Wilton (rwilton)" To: Andy Bierman CC: Martin Bjorklund , Netconf Thread-Topic: [netconf] get-data origin filters Thread-Index: AQHVe+MoAYKZiUAaf0ueOxvsgdbYHKdNvuAAgAAMyQCAAQJggIAAbHSAgAAFLACAAAYMgIAAGHEw Date: Mon, 7 Oct 2019 16:34:56 +0000 Message-ID: References: <20191006.173256.1788347482117819951.mbj@tail-f.com> <20191007.094327.1923088106819713441.mbj@tail-f.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com; x-originating-ip: [173.38.220.47] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f29314cd-d9ae-4d13-bfa9-08d74b444a09 x-ms-traffictypediagnostic: MN2PR11MB3677: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(366004)(39860400002)(136003)(376002)(51444003)(189003)(199004)(81156014)(446003)(81166006)(6116002)(7736002)(66446008)(316002)(14444005)(256004)(11346002)(8676002)(54906003)(8936002)(66556008)(33656002)(66946007)(14454004)(6916009)(71200400001)(64756008)(52536014)(66476007)(5660300002)(71190400001)(74316002)(76116006)(3846002)(790700001)(7696005)(26005)(53546011)(25786009)(6506007)(102836004)(186003)(66066001)(6436002)(4326008)(99286004)(6246003)(55016002)(9686003)(76176011)(236005)(54896002)(6306002)(478600001)(229853002)(2906002)(476003)(486006)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3677; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: dcsshUaWsHBE/5+mZigjrdvHbTe9iPerVS99KBs3eJ1G82qSeYmhz0Q+szEp1JLMQ7rylFDrqh+0y8hJGUrcD5+DfUtvUrqboANYoBAxYMjjaieEOfEERhEdKCtHC426x8w8W3JGrz6l7ziOMyHMUEJksbvhYFPf/Q8SGL6IMX4DQ0TOZ9Q1OW91gsx3tjXp413CMU4y9FiLgmiCnBpEtHTiab0YrygSv7lI46lqTT57O+TllRegkHdpsN2Q5r2VSbciUC64BrQaOT16Ea3BSqAVTZ6WLIeSHUiEZ6oKCZ4nH4Wm8Jaa/4CoHtYJ4A0F3YfTJ2of+U82hxO1oACXyYsfSB0LcfA8rHAyXgCOhrHCBHSog/r1xfXcKo8OuMkJpQFP2HNFRJJ4eDy45vG/m6xL+URJa0r6H5OrXtdM8hs= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_MN2PR11MB436685D0EBE9F89D7E69EB84B59B0MN2PR11MB4366namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: f29314cd-d9ae-4d13-bfa9-08d74b444a09 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 16:34:56.4628 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PtNuF8/AqAe68h3VNzNuabHNW+qtIrZ+AVlU3KDcKQc/NUHKyaVFqzHvQyjxKYtrTGAn7KlkVFtZPdpmCo+rww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3677 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com X-Outbound-Node: rcdn-core-12.cisco.com Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 16:35:05 -0000 --_000_MN2PR11MB436685D0EBE9F89D7E69EB84B59B0MN2PR11MB4366namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TXkgdW5kZXJzdGFuZGluZyBvZiB0aGUgaW50ZW50aW9uIG9mIHRoZSB3YXkgdGhlIGZpbHRlcnMg YXJlIGxvZ2ljYWxseSBtZWFudCB0byB3b3JrIGFyZToNCg0KDQogIDEuICBDb25zdHJ1Y3QgdGhl IGZ1bGwgcmVzcG9uc2UgdG8gdGhlIHJlcXVlc3QgKGFzIGlmIG5vIGZpbHRlcnMgYXJlIHRvIGJl IHJldHVybmVkKToNCiAgMi4gIFJlc3RyaWN0IHRoZSByZXNwb25zZSwgc28gdGhhdCB0aGUgc2Vs ZWN0ZWQgZWxlbWVudHMgbWF0Y2ggYW55IHN1YnRyZWUgZmlsdGVyLg0KICAzLiAgUmVzdHJpY3Qg dGhlIHJlc3BvbnNlLCBzbyB0aGF0IHRoZSBzZWxlY3RlZCBlbGVtZW50cyBtYXRjaCBhbnkgeHBh dGggZmlsdGVyLg0KICA0LiAgUmVzdHJpY3QgdGhlIHJlc3BvbnNlLCBzbyB0aGF0IHRoZSBzZWxl Y3RlZCBlbGVtZW50cyBtYXRjaCBhbnkgY29uZmlnIHRydWUvZmFsc2UgZmlsdGVyLg0KICA1LiAg UmVzdHJpY3QgdGhlIHJlc3BvbnNlLCBzbyB0aGF0IHRoZSBzZWxlY3RlZCBlbGVtZW50cyBtYXRj aCBhbnkgb3JpZ2luIGZpbHRlci4NCiAgNi4gIENvbnN0cmFpbiB0byB0aGUgcmVxdWVzdGVkIGRl cHRoDQogIDcuICBBZGQgaW4gcmVxdWlyZWQgYW5jZXN0b3JzIGFuZCBsaXN0IGtleXMuDQogIDgu ICBSZXR1cm4gdGhlIHJlc3VsdC4NCg0KDQpJIGRvbuKAmXQgc2VlIHRleHQgaW4gdGhlIGZpbHRl cnMgdGhhdCBzdGF0ZXMgdGhhdCBpZiBhIG5vZGUgaXMgZmlsdGVyZWQgdGhlbiBhbGwgb2YgaXRz IGRlc2NlbmRhbnRzIGFyZSBhdXRvbWF0aWNhbGx5IGZpbHRlcmVkIGFzIHdlbGwuICBJIHRoaW5r IHRoYXQgeW91IGFyZSBhc3N1bWluZyB0aGlzIGJlaGF2aW91ci4NCg0KQSBub2RlIGFsd2F5cyBv bmx5IGhhcyBhIHNpbmdsZSBvcmlnaW4sIGFsdGhvdWdoIGl0IGNvdWxkIGNoYW5nZS4gIEUuZy4g aWYgYSBzeXN0ZW0gY29uZmlndXJlZCB3YXMgZXhwbGljaXRseSBjb25maWd1cmVkLCB0aGVuIGl0 IHdvdWxkIG1ha2Ugc2Vuc2UgdG8gY2hhbmdlIGl0cyBvcmlnaW4gdG8gY29uZmlndXJlZCBiZWNh dXNlIGl0IHdvdWxkIGV4aXN0IHJlZ2FyZGxlc3Mgb2Ygd2hldGhlciBpdCB3YXMgb3JpZ2luYWxs eSBhZGRlZCBieSB0aGUgc3lzdGVtLg0KDQpUaGFua3MsDQpSb2INCg0KDQpGcm9tOiBBbmR5IEJp ZXJtYW4gPGFuZHlAeXVtYXdvcmtzLmNvbT4NClNlbnQ6IDA3IE9jdG9iZXIgMjAxOSAxNTo1Mg0K VG86IFJvYiBXaWx0b24gKHJ3aWx0b24pIDxyd2lsdG9uQGNpc2NvLmNvbT4NCkNjOiBNYXJ0aW4g QmpvcmtsdW5kIDxtYmpAdGFpbC1mLmNvbT47IE5ldGNvbmYgPG5ldGNvbmZAaWV0Zi5vcmc+DQpT dWJqZWN0OiBSZTogW25ldGNvbmZdIGdldC1kYXRhIG9yaWdpbiBmaWx0ZXJzDQoNCg0KDQpPbiBN b24sIE9jdCA3LCAyMDE5IGF0IDc6MzYgQU0gUm9iIFdpbHRvbiAocndpbHRvbikgPHJ3aWx0b25A Y2lzY28uY29tPG1haWx0bzpyd2lsdG9uQGNpc2NvLmNvbT4+IHdyb3RlOg0KSGkgQW5keSwNCg0K RG9u4oCZdCBhbGwgdGhlIGZpbHRlcnMgZWZmZWN0aXZlbHkgd29yayB0aGlzIHdheT8NCg0KDQpJ IGRvIG5vdCBzZWUgdGhlIHRleHQgdGhhdCBleHBsYWlucyBvcmlnaW4tZmlsdGVyIGFuZCBuZWdh dGVkLW9yaWdpbi1maWx0ZXIgd29ya2luZyB0aGUgd2F5IE1hcnRpbg0KZGVzY3JpYmVzIGl0LiAg VGhlc2UgZmlsdGVycyBkbyBub3Qgc2F5IGFueXdoZXJlIHRvIHNlbGVjdCBhIG5vZGUgYmVjYXVz ZSBpdCBoYXMgZGVzY2VuZGFudHMNCnRoYXQgbWF0Y2ggdGhlIG9yaWdpbiBmaWx0ZXJzLiAgSXQg c2F5cyB2ZXJ5IGNsZWFybHkgdGhhdCB0aGUgZmlsdGVyIHRlc3QgaXMgb24gdGhlIHNwZWNpZmll ZCBub2RlLg0KSXQgYWxzbyBzYXlzIHRoZSBvcmlnaW4gaXMgZGVyaXZlZCBmcm9tIHRoZSBvcmln aW4gYW5ub3RhdGlvbiBmb3IgdGhhdCBub2RlLg0KU2luY2Ugb25seSAxIGluc3RhbmNlIG9mIHRo ZSBvcmlnaW4gYW5ub3RhdGlvbiBpcyBhbGxvd2VkIHBlciBub2RlLCB0aGVyZSBpcyBubyB3YXkg dG8gdGFnDQphIG5vZGUgd2l0aCBtdWx0aXBsZSBvcmlnaW5zLg0KDQpJZiBpbXBsZW1lbnRhdGlv biBpcyB0b28gY29tcGxleCB0aGVuIHBlb3BsZSB3aWxsIGp1c3QgbGVhdmUgaXQgb3V0ICh3LyBh IGRldmlhdGlvbikuDQpJdCBpcyB1bmxpa2VseSB0aGF0IHRoZSBpbnN0cnVtZW50YXRpb24ga25v d3MgYXQgYW55IGdpdmVuIGluc3RhbnQgYWxsIHRoZSBvcmlnaW4gdmFsdWVzDQpvZiBhbGwgdGhl IGRlc2NlbmRhbnQgZHluYW1pYyBkYXRhIGF0IHRoZSBpbnN0YW50IHRoZSA8Z2V0LWRhdGE+IHJl cXVlc3QgaXMgcHJvY2Vzc2VkLg0KDQoNCg0KDQpUaGV5IHNlbGVjdCBhIHN1YnNldCBvZiB0aGUg bm9kZXMgdG8gaW5jbHVkZSBpbiB0aGUgcmVzcG9uc2UsIGFuZCBtdXN0IGFsc28gaW5jbHVkZSBh bGwgYW5jZXN0b3Igbm9kZXMgYW5kIHJlcXVpcmVkIGxpc3Qga2V5cyB0byB0aGUgc2VsZWN0ZWQg bm9kZXMsIHJlZ2FyZGxlc3Mgb2Ygd2hldGhlciB0aG9zZSBhbmNlc3Rvci9rZXkgbm9kZXMgd2Vy ZSBhbHNvIHNlbGVjdGVkIGJ5IHRoZSBxdWVyeS4NCg0KDQpZZXMuIFVuZGVyc3Rvb2QuDQpTdGls bCBkb2VzIG5vdCBleHBsYWluIGhvdyBhIGZpbHRlciBmb3IgdGhlIGxpc3Qgbm9kZSBzZWxlY3Rz IGRlc2NlbmRhbnQgbm9kZXMgdGhhdCBtYXRjaCB0aGUgb3JpZ2luIGZpbHRlcnMuDQoNCg0KRS5n LiBhIOKAnGNvbmZpZyBmYWxzZeKAnSBmaWx0ZXIgd2lsbCBzdGlsbCByZXR1cm4g4oCcY29uZmln IHRydWXigJ0gbm9kZXMgaWYgdGhleSBhcmUgYW5jZXN0b3JzIG9yIGxpc3Qga2V5cyB0byBhIGRl c2NlbmRhbnQgY29uZmlnIGZhbHNlIG5vZGUuICBUaGUgc2FtZSBsb2dpYyBhcHBsaWVzIGZvciB4 cGF0aCBhbmQgb3JpZ2luIGZpbHRlcnMgYXMgd2VsbC4NCg0KDQpObyB0aGV5IHdvbid0Lg0KV2hl cmUgaXMgdGhhdCB0ZXh0Pw0KDQogICAgZ2V0LWRhdGEgY29uZmlnPWZpbHRlcj1mYWxzZQ0KDQpU aGlzIHN0YXJ0cyBmcm9tIHRvcC1sZXZlbCBZQU5HIG5vZGVzLg0KSWYgdGhlIHRvcC1sZXZlbCBZ QU5HIG5vZGUgaXMgbm90IGNvbmZpZz1mYWxzZSB0aGVuIHRoZSBzZXJ2ZXIgd2lsbCBub3Qga2Vl cCBsb29raW5nIGZvciBkZXNjZW5kYW50cyB0aGF0IG1hdGNoLg0KDQoNClRoYW5rcywNClJvYg0K DQoNCkFuZHkNCg0KDQoNCg0KRnJvbTogbmV0Y29uZiA8bmV0Y29uZi1ib3VuY2VzQGlldGYub3Jn PG1haWx0bzpuZXRjb25mLWJvdW5jZXNAaWV0Zi5vcmc+PiBPbiBCZWhhbGYgT2YgQW5keSBCaWVy bWFuDQpTZW50OiAwNyBPY3RvYmVyIDIwMTkgMTU6MTINClRvOiBNYXJ0aW4gQmpvcmtsdW5kIDxt YmpAdGFpbC1mLmNvbTxtYWlsdG86bWJqQHRhaWwtZi5jb20+Pg0KQ2M6IE5ldGNvbmYgPG5ldGNv bmZAaWV0Zi5vcmc8bWFpbHRvOm5ldGNvbmZAaWV0Zi5vcmc+Pg0KU3ViamVjdDogUmU6IFtuZXRj b25mXSBnZXQtZGF0YSBvcmlnaW4gZmlsdGVycw0KDQoNCg0KT24gTW9uLCBPY3QgNywgMjAxOSBh dCAxMjo0MyBBTSBNYXJ0aW4gQmpvcmtsdW5kIDxtYmpAdGFpbC1mLmNvbTxtYWlsdG86bWJqQHRh aWwtZi5jb20+PiB3cm90ZToNCkFuZHkgQmllcm1hbiA8YW5keUB5dW1hd29ya3MuY29tPG1haWx0 bzphbmR5QHl1bWF3b3Jrcy5jb20+PiB3cm90ZToNCj4gT24gU3VuLCBPY3QgNiwgMjAxOSBhdCA4 OjMyIEFNIE1hcnRpbiBCam9ya2x1bmQgPG1iakB0YWlsLWYuY29tPG1haWx0bzptYmpAdGFpbC1m LmNvbT4+IHdyb3RlOg0KPg0KPiA+IEhpLA0KPiA+DQo+ID4gQW5keSBCaWVybWFuIDxhbmR5QHl1 bWF3b3Jrcy5jb208bWFpbHRvOmFuZHlAeXVtYXdvcmtzLmNvbT4+IHdyb3RlOg0KPiA+ID4gSGks DQo+ID4gPg0KPiA+ID4gSSBhbSB0cnlpbmcgdG8gZmlndXJlIG91dCBob3cgdG8gdXNlIHRoZSBv cmlnaW4tZmlsdGVyIGFuZA0KPiA+ID4gbmVnYXRlZC1vcmlnaW4tZmlsdGVyDQo+ID4gPiBpbiB0 aGUgPGdldC1kYXRhPiBvcGVyYXRpb24gaW4gUkZDIDg1MjYuDQo+ID4gPg0KPiA+ID4NCj4gPiA+ ICAgICAgICAgICBsZWFmLWxpc3Qgb3JpZ2luLWZpbHRlciB7DQo+ID4gPiAgICAgICAgICAgICAg dHlwZSBvcjpvcmlnaW4tcmVmOw0KPiA+ID4gICAgICAgICAgICAgIGRlc2NyaXB0aW9uDQo+ID4g PiAgICAgICAgICAgICAgICAiRmlsdGVyIGJhc2VkIG9uIHRoZSAnb3JpZ2luJyBhbm5vdGF0aW9u LiAgQQ0KPiA+ID4gICAgICAgICAgICAgICAgIGNvbmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVzIHRo ZSBmaWx0ZXIgaWYgaXRzICdvcmlnaW4nDQo+ID4gPiAgICAgICAgICAgICAgICAgYW5ub3RhdGlv biBpcyBkZXJpdmVkIGZyb20gb3IgZXF1YWwgdG8gYW55IG9mIHRoZSBnaXZlbg0KPiA+ID4gICAg ICAgICAgICAgICAgIGZpbHRlciB2YWx1ZXMuIjsNCj4gPiA+ICAgICAgICAgICAgfQ0KPiA+ID4N Cj4gPiA+DQo+ID4gPiBUaGVzZSBmaWx0ZXJzIHNlZW0ga2luZCBvZiB3b3J0aGxlc3MgaWYgaW1w bGVtZW50ZWQgYWNjb3JkaW5nIHRvIHRoZQ0KPiA+IHRleHQuDQo+ID4gPiBDb25zaWRlciBhIHNp bXBsZSBleGFtcGxlIHdoZXJlIHRoZXJlIGlzIDEgbGVhcm5lZCBsZWFmIHdpdGhpbiBhIGxpc3Q6 DQo+ID4gPg0KPiA+ID4gbW9kdWxlOiBhZGRyZXNzDQo+ID4gPiAgICstLXJ3IGFkZHJlc3Nlcw0K PiA+ID4gICAgICArLS1ydyBhZGRyZXNzKiBbbGFzdC1uYW1lIGZpcnN0LW5hbWVdDQo+ID4gPiAg ICAgICAgICstLXJ3IGxhc3QtbmFtZSAgICAgc3RyaW5nDQo+ID4gPiAgICAgICAgICstLXJ3IGZp cnN0LW5hbWUgICAgc3RyaW5nDQo+ID4gPiAgICAgICAgICstLXJ3IHN0cmVldD8gICAgICAgc3Ry aW5nDQo+ID4gPiAgICAgICAgICstLXJ3IGNpdHk/ICAgICAgICAgc3RyaW5nDQo+ID4gPiAgICAg ICAgICstLXJ3IHppcGNvZGU/ICAgICAgc3RyaW5nDQo+ID4gPiAgICAgICAgICstLXJ3IHBob25l KiBbcGhvbmUtdHlwZV0NCj4gPiA+ICAgICAgICAgICAgKy0tcncgcGhvbmUtdHlwZSAgICAgIGVu dW1lcmF0aW9uDQo+ID4gPiAgICAgICAgICAgICstLXJ3IHBob25lLW51bWJlciAgICBzdHJpbmcN Cj4gPiA+DQo+ID4gPiBMZXQncyBzYXkgdGhlICJ6aXBjb2RlIiBmaWVsZCBpcyBsZWFybmVkIGlu IDxvcGVyYXRpb25hbD4NCj4gPiA+IChlLmcuIFpJUCBjb2RlIGxvb2t1cCBleHBhbmRzIG1pc3Np bmcgb3IgNSBkaWdpdCB6aXBjb2RlIHRvIGZ1bGwgOSBkaWdpdA0KPiA+ID4gemlwY29kZSkuDQo+ ID4gPiBTbyAvYWRkcmVzc2VzIGFuZCAvYWRkcmVzc2VzL2FkZHJlc3MgaGF2ZSBvcmlnaW4gImlu dGVuZGVkIi4NCj4gPiA+IE9ubHkgdGhlIC9hZGRyZXNzZXMvYWRkcmVzcy96aXBjb2RlIGxlYWYg aGFzIG9yaWdpbiAibGVhcm5lZCIuDQo+ID4gPg0KPiA+ID4gU28gaG93IGRvZXMgb3JpZ2luLWZp bHRlcj1sZWFybmVkIGZpbmQgYWxsIHRoZSBsZWFybmVkIGxlYWZzPw0KPiA+DQo+ID4gUGVyaGFw cyBJIGRvbid0IHVuZGVyc3RhbmQgeW91ciBxdWVzdGlvbjsgSU1PIHlvdSBnaXZlIHRoZSBhbnN3 ZXIgdG8NCj4gPiB0aGlzIHF1ZXN0aW9uIGJlbG93Og0KPiA+DQo+ID4gPiBXaGF0IGZpbHRlcnMg YXJlIHJlcXVpcmVkIHRvIHJldHVybiBvbmx5IHRoZSBsZWFybmVkIGVudHJpZXMgKyBhbmNlc3Rv cnMNCj4gPiArDQo+ID4gPiBhbmNlc3Rvci1vci1zZWxmIGtleXM/ICBTZWVtcyBsaWtlIHRoaXMg ZmlsdGVyIG1lY2hhbmlzbSBoYXMgdG8gYmUgdXNlZA0KPiA+ID4gdG8gcmV0cmlldmUgdGhlIGV4 YWN0IGxlYWYgdGhhdCBtaWdodCBiZSBsZWFybmVkLCBhbmQgdGhlIGNsaWVudA0KPiA+ID4gbmVl ZHMgdG8ga25vdyBpbiBhZHZhbmNlIGFsbCB0aGUgcG9zc2libGUgbm9kZXMgdGhhdCBtaWdodCBi ZSBsZWFybmVkLg0KPiA+ID4NCj4gPiA+IFdhbnQgdG8gYmUgYWJsZSB0byByZXRyaWV2ZSBhbiBh bmNlc3RvciB0aGF0IGlzIGludGVuZGVkIGFuZCBzdGlsbCBmaW5kDQo+ID4gdGhlDQo+ID4gPiBs ZWFybmVkIGVudHJpZXMNCj4gPiA+DQo+ID4gPiAgICBnZXQtZGF0YSB4cGF0aC1maWx0ZXI9L2Fk ZHJlc3Nlcy9hZGRyZXNzIG9yaWdpbi1maWx0dGVyPWxlYXJuZWQNCj4gPg0KPiA+IC4uLiBoZXJl LiAgU28gdGhpcyByZXF1ZXN0IHdpbGwgcmV0dXJuOg0KPiA+DQo+ID4gICAgPGFkZHJlc3NlcyBv cjpvcmlnaW49Im9yOmludGVuZGVkIj4NCj4gPiAgICAgIDxhZGRyZXNzPg0KPiA+ICAgICAgICA8 bGFzdC1uYW1lPi4uLjwvbGFzdC1uYW1lPg0KPiA+ICAgICAgICA8Zmlyc3QtbmFtZT4uLi48L2Zp cnN0LW5hbWU+DQo+ID4gICAgICAgIDx6aXBjb2RlIG9yOm9yaWdpbj0ib3I6bGVhcm5lZCI+Li4u PC96aXBjb2RlPg0KPiA+ICAgICAgPC9hZGRyZXNzPg0KPiA+ICAgICAgLi4uDQo+ID4gICAgPC9h ZGRyZXNzZXM+DQo+ID4NCj4gPg0KPiBJIGRvIG5vdCBpbnRlcnByZXQgdGhlIHRleHQgdGhlIHNh bWUgd2F5IGFzIHlvdS4NCg0KRG9lcyB0aGlzIG1lYW4gdGhhdCB5b3UgdGhpbmsgdGhhdCB0aGUg cmVwbHkgaXMgZGlmZmVyZW50IGZyb20gd2hhdCBJDQpzaG93IGFib3ZlPyAgSWYgc28sIHdoYXQg d291bGQgaXQgYmUsIGFuZCB3aHk/DQoNCg0KDQpFeHBsYWluIGhvdyB0aGUgbGlzdCBhZGRyZXNz IG5vZGUgaGFzIG9yaWdpbiAibGVhcm5lZCIuDQoNClRoZSBmaWx0ZXIgaXMgZm9yIC9hZGRyZXNz ZXMvYWRkcmVzcyBhbmQgb25seSBvcmlnaW49bGVhcm5lZC4NCkhvdyBkb2VzIHRoZSBsaXN0IG5v ZGUgaGF2ZSBvcmlnaW49bGVhcm5lZD8NCkl0IGNhbiBvbmx5IGhhdmUgMSB2YWx1ZS4NCkl0IGhh cyBjaGlsZCBub2RlcyB3aXRoIGJvdGggaW50ZW5kZWQgYW5kIGxlYXJuZWQgYXMgb3JpZ2luLg0K SSBkbyBubyB1bmRlcnN0YW5kIGhvdyB0aGUgb3JpZ2luPWxlYXJuZWQgbWF0Y2hlZCB0aGlzIG5v ZGUuDQoNCg0KDQoNCj4NCj4gICAgICAgICAgICAgICAgICAgICAgVGhlIGNvbnRlbnQgcmV0dXJu ZWQNCj4NCj4gICAgICAgICAgIGJ5IGdldC1kYXRhIG11c3Qgc2F0aXNmeSBhbGwgZmlsdGVycywg aS5lLiwgdGhlIGZpbHRlcg0KPiAgICAgICAgICAgY3JpdGVyaWEgYXJlIGxvZ2ljYWxseSBBTkRl ZC4NCj4NCj4NCj4gICAgICAgICAgIGxlYWYtbGlzdCBvcmlnaW4tZmlsdGVyIHsNCj4gICAgICAg ICAgICAgIHR5cGUgb3I6b3JpZ2luLXJlZjsNCj4gICAgICAgICAgICAgIGRlc2NyaXB0aW9uDQo+ ICAgICAgICAgICAgICAgICJGaWx0ZXIgYmFzZWQgb24gdGhlICdvcmlnaW4nIGFubm90YXRpb24u ICBBDQo+ICAgICAgICAgICAgICAgICBjb25maWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0aGUgZmls dGVyIGlmIGl0cyAnb3JpZ2luJw0KPiAgICAgICAgICAgICAgICAgYW5ub3RhdGlvbiBpcyBkZXJp dmVkIGZyb20gb3IgZXF1YWwgdG8gYW55IG9mIHRoZSBnaXZlbg0KPiAgICAgICAgICAgICAgICAg ZmlsdGVyIHZhbHVlcy4iOw0KPiAgICAgICAgICAgIH0NCj4NCj4NCj4gICAgICAgICAgICAgICBD b25maWd1cmF0aW9uIG5vZGVzIHRoYXQgZG8gbm90IGhhdmUgYW4NCj4gICAgICAgICAgICAgICAn b3JpZ2luJyBhbm5vdGF0aW9uIGFyZSB0cmVhdGVkIGFzIGlmIHRoZXkgaGF2ZSB0aGUNCj4gICAg ICAgICAgICAgICAnb3JpZ2luJyBhbm5vdGF0aW9uICdvcjp1bmtub3duJy4NCj4NCj4NCj4NCj4g PiBUaGUgZHJhZnQgc2hvd3MgYW4gZXhhbXBsZSB3aGVyZSBib3RoICJpbnRlbmRlZCIgYW5kICJz eXN0ZW0iIGFyZSBnaXZlbg0KPiA+ID4gYXMgZmlsdGVycy4gIFRoaXMgd2lsbCB3b3JrIGJ1dCB3 aWxsIGluY2x1ZGUgYWxsIHRoZSAiaW50ZW5kZWQiIGxlYWZzIGFzDQo+ID4gPiB3ZWxsLg0KPiA+ ID4gV2hhdCBpZiBhICJsZWFybmVkIiBub2RlIGlzIHdpdGhpbiBhICJzeXN0ZW0iIG5vZGUgd2l0 aGluIGFuICJpbnRlbmRlZCINCj4gPiA+IG5vZGU/DQo+ID4NCj4gPiBUaGlzIHdvcmtzIGFzIHdl bGwuICBOb3RlIHRoYXQgdGhlIGdldC1kYXRhIGRlc2NyaXB0aW9uIHNheXM6DQo+ID4NCj4gPiAg ICAgICAgICAgQW55IGFuY2VzdG9yIG5vZGVzIChpbmNsdWRpbmcgbGlzdCBrZXlzKSBvZiBub2Rl cyBzZWxlY3RlZCBieQ0KPiA+ICAgICAgICAgICB0aGUgZmlsdGVycyBhcmUgaW5jbHVkZWQgaW4g dGhlIHJlc3BvbnNlLg0KPiA+DQo+ID4NCj4gPg0KPg0KPiBUaGUgaXNzdWUgaXMgaG93IHRoZSAv aWFkZHJlc3NlcyBhbmQgL2FkZHJlc3Nlcy9hZGRyZXNzIG5vZGVzIG1hdGNoIHRoZQ0KPiBvcmln aW4gImxlYXJuZWQiLg0KDQpUaGV5IGRvbid0LCBidXQgdGhleSBhcmUgaW5jbHVkZWQgYi9jIG9m IHRoZSBxdW90ZWQgdGV4dCBhYm92ZSAoaS5lLjoNCiAgICAgIEFueSBhbmNlc3RvciBub2RlcyAo aW5jbHVkaW5nIGxpc3Qga2V5cykgb2Ygbm9kZXMgc2VsZWN0ZWQgYnkNCiAgICAgIHRoZSBmaWx0 ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgcmVzcG9uc2UuKQ0KDQoNCk5vLg0KDQpJZiB0aGUgZmls dGVyIHdhcyBmb3IgL2FkZHJlc3Nlcy9hZGRyZXNzL3ppcGNvZGUgdGhlbiBtYXliZSB0aGF0IHRl eHQgYXBwbGllcy4NCkl0IGlzIHN0aWxsIHVuY2xlYXIgdGhhdCB0aGUgWFBhdGggaXMgZnVsbHkg cHJvY2Vzc2VkIGFuZCB0aGVuIHRoZSBvcmlnaW4tZmlsdGVyIGlzIHByb2Nlc3NlZC4NClRoZSBS RkMganVzdCBzYXlzIHRoZXkgYXJlIEFORGVkIHRvZ2V0aGVyLg0KDQoNCg0KPiBUaGUgbGVhZnMg aW4gbGlzdCAiYWRkcmVzcyIgYXJlIGEgbWl4dHVyZSBvZiAiaW50ZW5kZWQiIGFuZCAibGVhcm5l ZCINCj4gb3JpZ2luLg0KPiBUaGUgdGV4dCBjbGVhcmx5IHNheXMgdGhhdCBhIG5vZGUgaGFzIGEg c2luZ2xlIG9yaWdpbiBwcm9wZXJ0eSwgY291cGxlZCB0bw0KPiB0aGUgYW5ub3RhdGlvbi4NCj4N Cj4gSXNzdWUgMTogbWl4ZWQgb3JpZ2luIGRlc2NlbmRhbnQgbm9kZXMNCj4gU28gaG93IGRvZXMg YSBzZWFyY2ggb24gL2FkZHJlc3Nlcy9hZGRyZXNzIG1hdGNoIG9yaWdpbi1maWx0ZXI9bGVhcm5l ZD8NCj4gSSBjYW5ub3QgZmluZCBhbnkgdGV4dCB0aGF0IHNheXMgd2hhdCB0aGUgb3JpZ2luIG9m IGEgbGlzdCBvciBQLWNvbnRhaW5lcg0KPiBpcyBpZiBpdA0KPiBjb250YWlucyBub2RlcyBvZiBt aXhlZCBvcmlnaW4uDQoNClNlZSBhYm92ZS4NCg0KTm8gdGV4dCBhYm92ZSBleHBsYWlucyBob3cg dGhlIGxpc3Qgb3JpZ2luIGlzIHRhZ2dlZCBpZiBpdCBoYXMgbXVsdGlwbGUgdHlwZXMgb2YgY2hp bGQgbm9kZXMuDQoNCg0KDQo+IElzc3VlIDI6IE5QLWNvbnRhaW5lcnMNCj4NCj4gQWxzbyBmcm9t IFJGQyA4MzQyOg0KPg0KPiAgICBUaGUgb3JpZ2luIGFwcGxpZXMgdG8gYWxsIGNvbmZpZ3VyYXRp b24gbm9kZXMgZXhjZXB0IG5vbi1wcmVzZW5jZQ0KPiAgICBjb250YWluZXJzLg0KPg0KPg0KPiBX aGF0IGlmIHRoZSB0b3AtbGV2ZWwgbm9kZSBpcyBhbiBOUC1jb250YWluZXIgaW4gdGhpcyBjYXNl Lg0KPiBJIHRob3VnaHQgdGhlIHRvcC1sZXZlbCBub2RlIE1VU1QgaGF2ZSBhbiBvcmlnaW4gYXR0 cmlidXRlLg0KPg0KPiBUaGUgdGV4dCBpcyBub3QgY2xlYXIgaG93IE5QLWNvbnRhaW5lcnMgYXJl IGhhbmRsZWQuDQo+IERvIHRoZXkgaGF2ZSBhbiBvcmlnaW4gYXR0cmlidXRlPyBJZiBub3QgdGhl biBSRkMgODUyNiBzYXlzIHRoZXkgaGF2ZQ0KPiBvcmlnaW4gInVua25vd24iLg0KPiBJcyB0aGUg aW50ZW50IHRoYXQgTlAtY29udGFpbmVycyBhbHdheXMgcGFzcyB0aGUgb3JpZ2luLWZpbHRlciB0 ZXN0cyAodGVzdA0KPiBza2lwcGVkKT8NCg0KTm8sIHNpbmNlIHRoZXkgZG9uJ3QgaGF2ZSBhbiBv cmlnaW4gdmFsdWUgdGhleSB3aWxsIG5vdCBiZSBzZWxlY3RlZCBieQ0KdGhlIGZpbHRlci4gIEJ1 dCBhbiBOUC1jb250YWluZXIgd2lsbCBiZSBpbmNsdWRlZCBpbiB0aGUgcmVwbHkgaWYgaXQNCmlz IHRoZSBhbmNlc3RvciBvZiBhIG5vZGUgdGhhdCBpcyBzZWxlY3RlZCBieSB0aGUgZmlsdGVyLg0K DQpUaGUgUkZDIHRleHQgZG9lcyBub3QgcmVhbGx5IHNheSB0aGF0Lg0KU2luY2UgaXQgaXMgdmVy eSBkaWZmaWN1bHQgdG8ga25vdyBpZiBhIGRhdGEgbm9kZSA1IGxheWVycyBkZWVwIGlzIGdvaW5n IHRvIG1hdGNoLA0KaW1wbGVtZW50aW5nIHRoZXNlIGZpbHRlcnMgYWNjb3JkaW5nIHRvIHRoaXMg dmFndWUgaW50ZXJwcmV0YXRpb24gaXMgdW5saWtlbHkuDQoNCg0KL21hcnRpbg0KDQpBbmR5DQoN Cg0KDQo+DQo+DQo+DQo+IC9tYXJ0aW4NCj4gPg0KPiA+DQo+IEFuZHkNCj4NCj4NCj4gPg0KPiA+ ID4gU2VlbXMgbGlrZSB0aGUgY2xpZW50IG5lZWRzIHRvIGtub3cgYSBsb3QgYWJvdXQgdGhlIHNl cnZlciBpbXBsZW1lbnRhdGlvbg0KPiA+ID4gZGV0YWlscw0KPiA+ID4gaW4gb3JkZXIgdG8gdXNl IHRoZSBvcmlnaW4gZmlsdGVycy4NCj4gPiA+DQo+ID4gPg0KPiA+ID4gQW5keQ0KPiA+DQo= --_000_MN2PR11MB436685D0EBE9F89D7E69EB84B59B0MN2PR11MB4366namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxp Lk1zb0xpc3RQYXJhZ3JhcGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlv cml0eTozNDsNCgltYXJnaW4tdG9wOjBjbTsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1hcmdpbi1i b3R0b206MGNtOw0KCW1hcmdpbi1sZWZ0OjM2LjBwdDsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7 DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9 DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHls ZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmln aHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsN Cglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30N CnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBh Z2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQg NzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0 aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDox NjkzMDUyODsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6 LTU5ODY5MzQ4NiAxMzQ4MDc1NjkgMTM0ODA3NTc3IDEzNDgwNzU3OSAxMzQ4MDc1NjcgMTM0ODA3 NTc3IDEzNDgwNzU3OSAxMzQ4MDc1NjcgMTM0ODA3NTc3IDEzNDgwNzU3OTt9DQpAbGlzdCBsMDps ZXZlbDENCgl7bXNvLWxldmVsLXRleHQ6IiUxXCkiOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0 O30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dl cjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxl dmVsLW51bWJlci1mb3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7 fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGww OmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LTE4LjBwdDt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6 bGV2ZWw3DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGwwOmxldmVsOA0KCXtt c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4 LjBwdDt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4t bG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTow Y207fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBt c28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYi IC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBl bGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0K PC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0i RU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rp b24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5n dWFnZTpFTi1VUyI+TXkgdW5kZXJzdGFuZGluZyBvZiB0aGUgaW50ZW50aW9uIG9mIHRoZSB3YXkg dGhlIGZpbHRlcnMgYXJlIGxvZ2ljYWxseSBtZWFudCB0byB3b3JrIGFyZTo8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxvbCBzdHlsZT0i bWFyZ2luLXRvcDowY20iIHN0YXJ0PSIxIiB0eXBlPSIxIj4NCjxsaSBjbGFzcz0iTXNvTGlzdFBh cmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjBjbTttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+ PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5Db25zdHJ1Y3QgdGhlIGZ1 bGwgcmVzcG9uc2UgdG8gdGhlIHJlcXVlc3QgKGFzIGlmIG5vIGZpbHRlcnMgYXJlIHRvIGJlIHJl dHVybmVkKTo8bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFw aCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjBjbTttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4g c3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5SZXN0cmljdCB0aGUgcmVzcG9uc2Us IHNvIHRoYXQgdGhlIHNlbGVjdGVkIGVsZW1lbnRzIG1hdGNoIGFueSBzdWJ0cmVlIGZpbHRlci48 bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9 Im1hcmdpbi1sZWZ0OjBjbTttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4gc3R5bGU9Im1z by1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5SZXN0cmljdCB0aGUgcmVzcG9uc2UsIHNvIHRoYXQg dGhlIHNlbGVjdGVkIGVsZW1lbnRzIG1hdGNoIGFueSB4cGF0aCBmaWx0ZXIuPG86cD48L286cD48 L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVm dDowY207bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s YW5ndWFnZTpFTi1VUyI+UmVzdHJpY3QgdGhlIHJlc3BvbnNlLCBzbyB0aGF0IHRoZSBzZWxlY3Rl ZCBlbGVtZW50cyBtYXRjaCBhbnkgY29uZmlnIHRydWUvZmFsc2UgZmlsdGVyLjxvOnA+PC9vOnA+ PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MGNtO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPlJlc3RyaWN0IHRoZSByZXNwb25zZSwgc28gdGhhdCB0aGUgc2VsZWN0 ZWQgZWxlbWVudHMgbWF0Y2ggYW55IG9yaWdpbiBmaWx0ZXIuPG86cD48L286cD48L3NwYW4+PC9s aT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDowY207bXNv LWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+Q29uc3RyYWluIHRvIHRoZSByZXF1ZXN0ZWQgZGVwdGg8bzpwPjwvbzpwPjwvc3Bhbj48 L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjBjbTtt c28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdl OkVOLVVTIj5BZGQgaW4gcmVxdWlyZWQgYW5jZXN0b3JzIGFuZCBsaXN0IGtleXMuPG86cD48L286 cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4t bGVmdDowY207bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFz dC1sYW5ndWFnZTpFTi1VUyI+UmV0dXJuIHRoZSByZXN1bHQuPG86cD48L286cD48L3NwYW4+PC9s aT48L29sPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxh bmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJt c28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+SSBkb27igJl0IHNlZSB0ZXh0IGluIHRoZSBmaWx0 ZXJzIHRoYXQgc3RhdGVzIHRoYXQgaWYgYSBub2RlIGlzIGZpbHRlcmVkIHRoZW4gYWxsIG9mIGl0 cyBkZXNjZW5kYW50cyBhcmUgYXV0b21hdGljYWxseSBmaWx0ZXJlZCBhcyB3ZWxsLiZuYnNwOyBJ IHRoaW5rIHRoYXQgeW91IGFyZSBhc3N1bWluZyB0aGlzIGJlaGF2aW91ci48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+QSBub2Rl IGFsd2F5cyBvbmx5IGhhcyBhIHNpbmdsZSBvcmlnaW4sIGFsdGhvdWdoIGl0IGNvdWxkIGNoYW5n ZS4mbmJzcDsgRS5nLiBpZiBhIHN5c3RlbSBjb25maWd1cmVkIHdhcyBleHBsaWNpdGx5IGNvbmZp Z3VyZWQsIHRoZW4gaXQgd291bGQgbWFrZSBzZW5zZSB0byBjaGFuZ2UgaXRzIG9yaWdpbiB0byBj b25maWd1cmVkIGJlY2F1c2UgaXQgd291bGQNCiBleGlzdCByZWdhcmRsZXNzIG9mIHdoZXRoZXIg aXQgd2FzIG9yaWdpbmFsbHkgYWRkZWQgYnkgdGhlIHN5c3RlbS48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3Vh Z2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+VGhhbmtzLDxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28t ZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+Um9iPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41 cHQ7cGFkZGluZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVy Om5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBj bSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiPkZyb206 PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyI+IEFuZHkgQmllcm1hbiAmbHQ7YW5keUB5dW1h d29ya3MuY29tJmd0Ow0KPGJyPg0KPGI+U2VudDo8L2I+IDA3IE9jdG9iZXIgMjAxOSAxNTo1Mjxi cj4NCjxiPlRvOjwvYj4gUm9iIFdpbHRvbiAocndpbHRvbikgJmx0O3J3aWx0b25AY2lzY28uY29t Jmd0Ozxicj4NCjxiPkNjOjwvYj4gTWFydGluIEJqb3JrbHVuZCAmbHQ7bWJqQHRhaWwtZi5jb20m Z3Q7OyBOZXRjb25mICZsdDtuZXRjb25mQGlldGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6PC9i PiBSZTogW25ldGNvbmZdIGdldC1kYXRhIG9yaWdpbiBmaWx0ZXJzPG86cD48L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIE1vbiwgT2N0IDcsIDIw MTkgYXQgNzozNiBBTSBSb2IgV2lsdG9uIChyd2lsdG9uKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnJ3 aWx0b25AY2lzY28uY29tIj5yd2lsdG9uQGNpc2NvLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxl ZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1s ZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowY20iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPkhpIEFuZHksPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5Eb27igJl0IGFs bCB0aGUgZmlsdGVycyBlZmZlY3RpdmVseSB3b3JrIHRoaXMgd2F5PzxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+SSBkbyBub3Qgc2VlIHRoZSB0ZXh0IHRoYXQgZXhwbGFpbnMgb3JpZ2luLWZpbHRlciBh bmQgbmVnYXRlZC1vcmlnaW4tZmlsdGVyIHdvcmtpbmcgdGhlIHdheSBNYXJ0aW48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPmRlc2NyaWJlcyBpdC4m bmJzcDsgVGhlc2UgZmlsdGVycyBkbyBub3Qgc2F5IGFueXdoZXJlIHRvIHNlbGVjdCBhIG5vZGUg YmVjYXVzZSBpdCBoYXMgZGVzY2VuZGFudHM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPnRoYXQgbWF0Y2ggdGhlIG9yaWdpbiBmaWx0ZXJzLiZuYnNw OyBJdCBzYXlzIHZlcnkgY2xlYXJseSB0aGF0IHRoZSBmaWx0ZXIgdGVzdCBpcyBvbiB0aGUgc3Bl Y2lmaWVkIG5vZGUuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5JdCBhbHNvIHNheXMgdGhlIG9yaWdpbiBpcyBkZXJpdmVkIGZyb20gdGhlIG9yaWdp biBhbm5vdGF0aW9uIGZvciB0aGF0IG5vZGUuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5TaW5jZSBvbmx5IDEgaW5zdGFuY2Ugb2YgdGhlIG9yaWdp biBhbm5vdGF0aW9uIGlzIGFsbG93ZWQgcGVyIG5vZGUsIHRoZXJlIGlzIG5vIHdheSB0byB0YWc8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPmEgbm9k ZSB3aXRoIG11bHRpcGxlIG9yaWdpbnMuJm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPklmIGltcGxlbWVudGF0aW9uIGlzIHRvbyBjb21w bGV4IHRoZW4gcGVvcGxlIHdpbGwganVzdCBsZWF2ZSBpdCBvdXQgKHcvIGEgZGV2aWF0aW9uKS48 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkl0IGlz IHVubGlrZWx5IHRoYXQgdGhlIGluc3RydW1lbnRhdGlvbiBrbm93cyBhdCBhbnkgZ2l2ZW4gaW5z dGFudCBhbGwgdGhlIG9yaWdpbiB2YWx1ZXM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPm9mIGFsbCB0aGUgZGVzY2VuZGFudCBkeW5hbWljIGRhdGEg YXQgdGhlIGluc3RhbnQgdGhlICZsdDtnZXQtZGF0YSZndDsgcmVxdWVzdCBpcyBwcm9jZXNzZWQu PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20g Ni4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPlRoZXkgc2VsZWN0IGEgc3Vic2V0IG9mIHRoZSBub2RlcyB0byBpbmNsdWRl IGluIHRoZSByZXNwb25zZSwgYW5kIG11c3QgYWxzbyBpbmNsdWRlIGFsbCBhbmNlc3RvciBub2Rl cyBhbmQgcmVxdWlyZWQgbGlzdCBrZXlzIHRvIHRoZSBzZWxlY3RlZCBub2RlcywgcmVnYXJkbGVz cyBvZiB3aGV0aGVyIHRob3NlDQogYW5jZXN0b3Iva2V5IG5vZGVzIHdlcmUgYWxzbyBzZWxlY3Rl ZCBieSB0aGUgcXVlcnkuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZu YnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlllcy4gVW5kZXJzdG9vZC48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlN0aWxsIGRvZXMgbm90IGV4cGxh aW4gaG93IGEgZmlsdGVyIGZvciB0aGUgbGlzdCBub2RlIHNlbGVjdHMgZGVzY2VuZGFudCBub2Rl cyB0aGF0IG1hdGNoIHRoZSBvcmlnaW4gZmlsdGVycy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0ND Q0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFy Z2luLXJpZ2h0OjBjbSI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+RS5n LiBhIOKAnGNvbmZpZyBmYWxzZeKAnSBmaWx0ZXIgd2lsbCBzdGlsbCByZXR1cm4g4oCcY29uZmln IHRydWXigJ0gbm9kZXMgaWYgdGhleSBhcmUgYW5jZXN0b3JzIG9yIGxpc3Qga2V5cyB0byBhIGRl c2NlbmRhbnQgY29uZmlnIGZhbHNlIG5vZGUuJm5ic3A7IFRoZSBzYW1lIGxvZ2ljIGFwcGxpZXMg Zm9yIHhwYXRoIGFuZCBvcmlnaW4NCiBmaWx0ZXJzIGFzIHdlbGwuPG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk5vIHRoZXkg d29uJ3QuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5XaGVyZSBpcyB0aGF0IHRleHQ/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDsgZ2V0LWRhdGEgY29uZmlnPWZpbHRlcj1m YWxzZTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5UaGlzIHN0YXJ0cyBmcm9tIHRvcC1sZXZlbCBZQU5HIG5vZGVzLjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SWYgdGhlIHRvcC1sZXZlbCBZQU5H IG5vZGUgaXMgbm90IGNvbmZpZz1mYWxzZSB0aGVuIHRoZSBzZXJ2ZXIgd2lsbCBub3Qga2VlcCBs b29raW5nIGZvciBkZXNjZW5kYW50cyB0aGF0IG1hdGNoLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICND Q0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDtt YXJnaW4tcmlnaHQ6MGNtIj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5U aGFua3MsPGJyPg0KUm9iPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BbmR5PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6 c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0 OjQuOHB0O21hcmdpbi1yaWdodDowY20iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNv bGlkIGJsdWUgMS41cHQ7cGFkZGluZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBz dHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6 My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48Yj48c3BhbiBsYW5n PSJFTi1VUyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIj4gbmV0Y29uZiAmbHQ7 PGEgaHJlZj0ibWFpbHRvOm5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsi Pm5ldGNvbmYtYm91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7DQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkFu ZHkgQmllcm1hbjxicj4NCjxiPlNlbnQ6PC9iPiAwNyBPY3RvYmVyIDIwMTkgMTU6MTI8YnI+DQo8 Yj5Ubzo8L2I+IE1hcnRpbiBCam9ya2x1bmQgJmx0OzxhIGhyZWY9Im1haWx0bzptYmpAdGFpbC1m LmNvbSIgdGFyZ2V0PSJfYmxhbmsiPm1iakB0YWlsLWYuY29tPC9hPiZndDs8YnI+DQo8Yj5DYzo8 L2I+IE5ldGNvbmYgJmx0OzxhIGhyZWY9Im1haWx0bzpuZXRjb25mQGlldGYub3JnIiB0YXJnZXQ9 Il9ibGFuayI+bmV0Y29uZkBpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJl OiBbbmV0Y29uZl0gZ2V0LWRhdGEgb3JpZ2luIGZpbHRlcnM8L3NwYW4+PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBNb24sIE9jdCA3 LCAyMDE5IGF0IDEyOjQzIEFNIE1hcnRpbiBCam9ya2x1bmQgJmx0OzxhIGhyZWY9Im1haWx0bzpt YmpAdGFpbC1mLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPm1iakB0YWlsLWYuY29tPC9hPiZndDsgd3Jv dGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21h cmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21hcmdpbi1ib3R0b206MTIuMHB0Ij5BbmR5IEJpZXJtYW4gJmx0Ozxh IGhyZWY9Im1haWx0bzphbmR5QHl1bWF3b3Jrcy5jb20iIHRhcmdldD0iX2JsYW5rIj5hbmR5QHl1 bWF3b3Jrcy5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7IE9uIFN1biwgT2N0IDYsIDIwMTkg YXQgODozMiBBTSBNYXJ0aW4gQmpvcmtsdW5kICZsdDs8YSBocmVmPSJtYWlsdG86bWJqQHRhaWwt Zi5jb20iIHRhcmdldD0iX2JsYW5rIj5tYmpAdGFpbC1mLmNvbTwvYT4mZ3Q7IHdyb3RlOjxicj4N CiZndDsgPGJyPg0KJmd0OyAmZ3Q7IEhpLDxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBB bmR5IEJpZXJtYW4gJmx0OzxhIGhyZWY9Im1haWx0bzphbmR5QHl1bWF3b3Jrcy5jb20iIHRhcmdl dD0iX2JsYW5rIj5hbmR5QHl1bWF3b3Jrcy5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7ICZn dDsgJmd0OyBIaSw8YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IEkgYW0g dHJ5aW5nIHRvIGZpZ3VyZSBvdXQgaG93IHRvIHVzZSB0aGUgb3JpZ2luLWZpbHRlciBhbmQ8YnI+ DQomZ3Q7ICZndDsgJmd0OyBuZWdhdGVkLW9yaWdpbi1maWx0ZXI8YnI+DQomZ3Q7ICZndDsgJmd0 OyBpbiB0aGUgJmx0O2dldC1kYXRhJmd0OyBvcGVyYXRpb24gaW4gUkZDIDg1MjYuPGJyPg0KJmd0 OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtsZWFmLWxpc3Qgb3JpZ2luLWZpbHRl ciB7PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgdHlwZSBvcjpvcmlnaW4tcmVmOzxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IGRlc2NyaXB0aW9u PGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZxdW90O0ZpbHRlciBiYXNlZCBvbiB0aGUgJ29yaWdpbicgYW5u b3RhdGlvbi4mbmJzcDsgQTxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtjb25maWd1cmF0aW9uIG5v ZGUgbWF0Y2hlcyB0aGUgZmlsdGVyIGlmIGl0cyAnb3JpZ2luJzxicj4NCiZndDsgJmd0OyAmZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDthbm5vdGF0aW9uIGlzIGRlcml2ZWQgZnJvbSBvciBlcXVhbCB0byBhbnkgb2YgdGhlIGdp dmVuPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2ZpbHRlciB2YWx1ZXMuJnF1b3Q7Ozxicj4NCiZn dDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgfTxi cj4NCiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0 OyBUaGVzZSBmaWx0ZXJzIHNlZW0ga2luZCBvZiB3b3J0aGxlc3MgaWYgaW1wbGVtZW50ZWQgYWNj b3JkaW5nIHRvIHRoZTxicj4NCiZndDsgJmd0OyB0ZXh0Ljxicj4NCiZndDsgJmd0OyAmZ3Q7IENv bnNpZGVyIGEgc2ltcGxlIGV4YW1wbGUgd2hlcmUgdGhlcmUgaXMgMSBsZWFybmVkIGxlYWYgd2l0 aGluIGEgbGlzdDo8YnI+DQomZ3Q7ICZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IG1vZHVs ZTogYWRkcmVzczxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyYjNDM7LS1ydyBhZGRy ZXNzZXM8YnI+DQomZ3Q7ICZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICYjNDM7LS1ydyBh ZGRyZXNzKiBbbGFzdC1uYW1lIGZpcnN0LW5hbWVdPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7JiM0MzstLXJ3IGxhc3QtbmFtZSZuYnNwOyAmbmJz cDsgJm5ic3A7c3RyaW5nPGJyPg0KJmd0OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7JiM0MzstLXJ3IGZpcnN0LW5hbWUmbmJzcDsgJm5ic3A7IHN0cmluZzxicj4N CiZndDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyYjNDM7LS1y dyBzdHJlZXQ/Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7c3RyaW5nPGJyPg0KJmd0OyAmZ3Q7 ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7JiM0MzstLXJ3IGNpdHk/Jm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO3N0cmluZzxicj4NCiZndDsgJmd0OyAmZ3Q7 Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyYjNDM7LS1ydyB6aXBjb2RlPyZuYnNw OyAmbmJzcDsgJm5ic3A7IHN0cmluZzxicj4NCiZndDsgJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7ICZuYnNwOyYjNDM7LS1ydyBwaG9uZSogW3Bob25lLXR5cGVdPGJyPg0KJmd0 OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmIzQz Oy0tcncgcGhvbmUtdHlwZSZuYnNwOyAmbmJzcDsgJm5ic3A7IGVudW1lcmF0aW9uPGJyPg0KJmd0 OyAmZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmIzQz Oy0tcncgcGhvbmUtbnVtYmVyJm5ic3A7ICZuYnNwOyBzdHJpbmc8YnI+DQomZ3Q7ICZndDsgJmd0 Ozxicj4NCiZndDsgJmd0OyAmZ3Q7IExldCdzIHNheSB0aGUgJnF1b3Q7emlwY29kZSZxdW90OyBm aWVsZCBpcyBsZWFybmVkIGluICZsdDtvcGVyYXRpb25hbCZndDs8YnI+DQomZ3Q7ICZndDsgJmd0 OyAoZS5nLiBaSVAgY29kZSBsb29rdXAgZXhwYW5kcyBtaXNzaW5nIG9yIDUgZGlnaXQgemlwY29k ZSB0byBmdWxsIDkgZGlnaXQ8YnI+DQomZ3Q7ICZndDsgJmd0OyB6aXBjb2RlKS48YnI+DQomZ3Q7 ICZndDsgJmd0OyBTbyAvYWRkcmVzc2VzIGFuZCAvYWRkcmVzc2VzL2FkZHJlc3MgaGF2ZSBvcmln aW4gJnF1b3Q7aW50ZW5kZWQmcXVvdDsuPGJyPg0KJmd0OyAmZ3Q7ICZndDsgT25seSB0aGUgL2Fk ZHJlc3Nlcy9hZGRyZXNzL3ppcGNvZGUgbGVhZiBoYXMgb3JpZ2luICZxdW90O2xlYXJuZWQmcXVv dDsuPGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyBTbyBob3cgZG9lcyBv cmlnaW4tZmlsdGVyPWxlYXJuZWQgZmluZCBhbGwgdGhlIGxlYXJuZWQgbGVhZnM/PGJyPg0KJmd0 OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IFBlcmhhcHMgSSBkb24ndCB1bmRlcnN0YW5kIHlvdXIgcXVl c3Rpb247IElNTyB5b3UgZ2l2ZSB0aGUgYW5zd2VyIHRvPGJyPg0KJmd0OyAmZ3Q7IHRoaXMgcXVl c3Rpb24gYmVsb3c6PGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDsgV2hhdCBmaWx0 ZXJzIGFyZSByZXF1aXJlZCB0byByZXR1cm4gb25seSB0aGUgbGVhcm5lZCBlbnRyaWVzICYjNDM7 IGFuY2VzdG9yczxicj4NCiZndDsgJmd0OyAmIzQzOzxicj4NCiZndDsgJmd0OyAmZ3Q7IGFuY2Vz dG9yLW9yLXNlbGYga2V5cz8mbmJzcDsgU2VlbXMgbGlrZSB0aGlzIGZpbHRlciBtZWNoYW5pc20g aGFzIHRvIGJlIHVzZWQ8YnI+DQomZ3Q7ICZndDsgJmd0OyB0byByZXRyaWV2ZSB0aGUgZXhhY3Qg bGVhZiB0aGF0IG1pZ2h0IGJlIGxlYXJuZWQsIGFuZCB0aGUgY2xpZW50PGJyPg0KJmd0OyAmZ3Q7 ICZndDsgbmVlZHMgdG8ga25vdyBpbiBhZHZhbmNlIGFsbCB0aGUgcG9zc2libGUgbm9kZXMgdGhh dCBtaWdodCBiZSBsZWFybmVkLjxicj4NCiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZn dDsgV2FudCB0byBiZSBhYmxlIHRvIHJldHJpZXZlIGFuIGFuY2VzdG9yIHRoYXQgaXMgaW50ZW5k ZWQgYW5kIHN0aWxsIGZpbmQ8YnI+DQomZ3Q7ICZndDsgdGhlPGJyPg0KJmd0OyAmZ3Q7ICZndDsg bGVhcm5lZCBlbnRyaWVzPGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0OyZu YnNwOyAmbmJzcDsgZ2V0LWRhdGEgeHBhdGgtZmlsdGVyPS9hZGRyZXNzZXMvYWRkcmVzcyBvcmln aW4tZmlsdHRlcj1sZWFybmVkPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IC4uLiBoZXJl LiZuYnNwOyBTbyB0aGlzIHJlcXVlc3Qgd2lsbCByZXR1cm46PGJyPg0KJmd0OyAmZ3Q7PGJyPg0K Jmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbHQ7YWRkcmVzc2VzIG9yOm9yaWdpbj0mcXVvdDtvcjpp bnRlbmRlZCZxdW90OyZndDs8YnI+DQomZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbHQ7 YWRkcmVzcyZndDs8YnI+DQomZ3Q7ICZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJmx0 O2xhc3QtbmFtZSZndDsuLi4mbHQ7L2xhc3QtbmFtZSZndDs8YnI+DQomZ3Q7ICZndDsmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmx0O2ZpcnN0LW5hbWUmZ3Q7Li4uJmx0Oy9maXJzdC1uYW1l Jmd0Ozxicj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbHQ7emlwY29k ZSBvcjpvcmlnaW49JnF1b3Q7b3I6bGVhcm5lZCZxdW90OyZndDsuLi4mbHQ7L3ppcGNvZGUmZ3Q7 PGJyPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJmx0Oy9hZGRyZXNzJmd0Ozxicj4N CiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7IC4uLjxicj4NCiZndDsgJmd0OyZuYnNwOyAm bmJzcDsgJmx0Oy9hZGRyZXNzZXMmZ3Q7PGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7PGJy Pg0KJmd0OyBJIGRvIG5vdCBpbnRlcnByZXQgdGhlIHRleHQgdGhlIHNhbWUgd2F5IGFzIHlvdS48 YnI+DQo8YnI+DQpEb2VzIHRoaXMgbWVhbiB0aGF0IHlvdSB0aGluayB0aGF0IHRoZSByZXBseSBp cyBkaWZmZXJlbnQgZnJvbSB3aGF0IEk8YnI+DQpzaG93IGFib3ZlPyZuYnNwOyBJZiBzbywgd2hh dCB3b3VsZCBpdCBiZSwgYW5kIHdoeT88bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkV4cGxhaW4gaG93IHRoZSBs aXN0IGFkZHJlc3Mgbm9kZSBoYXMgb3JpZ2luICZxdW90O2xlYXJuZWQmcXVvdDsuPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGUgZmls dGVyIGlzIGZvciAvYWRkcmVzc2VzL2FkZHJlc3MgYW5kIG9ubHkgb3JpZ2luPWxlYXJuZWQuPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhvdyBk b2VzIHRoZSBsaXN0IG5vZGUgaGF2ZSBvcmlnaW49bGVhcm5lZD88bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SXQgY2FuIG9ubHkgaGF2ZSAxIHZh bHVlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij5JdCBoYXMgY2hpbGQgbm9kZXMgd2l0aCBib3RoIGludGVuZGVkIGFuZCBsZWFybmVkIGFzIG9y aWdpbi48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 byI+SSBkbyBubyB1bmRlcnN0YW5kJm5ic3A7aG93IHRoZSBvcmlnaW49bGVhcm5lZCBtYXRjaGVk IHRoaXMgbm9kZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9j a3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0 O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1 LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21hcmdpbi1ib3R0b206MTIu MHB0Ij4mZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IFRoZSBjb250ZW50IHJldHVy bmVkPGJyPg0KJmd0OyA8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDtieSBnZXQtZGF0YSBtdXN0IHNhdGlzZnkgYWxsIGZpbHRlcnMsIGkuZS4sIHRoZSBm aWx0ZXI8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtj cml0ZXJpYSBhcmUgbG9naWNhbGx5IEFORGVkLjxicj4NCiZndDsgPGJyPg0KJmd0OyA8YnI+DQom Z3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDtsZWFmLWxpc3Qgb3Jp Z2luLWZpbHRlciB7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyB0eXBlIG9yOm9yaWdpbi1yZWY7PGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBkZXNjcmlwdGlvbjxicj4NCiZndDsm bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZx dW90O0ZpbHRlciBiYXNlZCBvbiB0aGUgJ29yaWdpbicgYW5ub3RhdGlvbi4mbmJzcDsgQTxicj4N CiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwO2NvbmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVzIHRoZSBmaWx0ZXIgaWYgaXRzICdv cmlnaW4nPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgJm5ic3A7YW5ub3RhdGlvbiBpcyBkZXJpdmVkIGZyb20gb3IgZXF1YWwg dG8gYW55IG9mIHRoZSBnaXZlbjxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO2ZpbHRlciB2YWx1ZXMuJnF1b3Q7Ozxi cj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyB9PGJyPg0K Jmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7Q29uZmlndXJhdGlvbiBub2RlcyB0aGF0IGRvIG5vdCBo YXZlIGFuPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsnb3JpZ2luJyBhbm5vdGF0aW9uIGFyZSB0cmVhdGVkIGFzIGlmIHRoZXkg aGF2ZSB0aGU8YnI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOydvcmlnaW4nIGFubm90YXRpb24gJ29yOnVua25vd24nLjxicj4NCiZn dDsgPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IDxicj4NCiZndDsgJmd0OyBUaGUgZHJhZnQgc2hvd3Mg YW4gZXhhbXBsZSB3aGVyZSBib3RoICZxdW90O2ludGVuZGVkJnF1b3Q7IGFuZCAmcXVvdDtzeXN0 ZW0mcXVvdDsgYXJlIGdpdmVuPGJyPg0KJmd0OyAmZ3Q7ICZndDsgYXMgZmlsdGVycy4mbmJzcDsg VGhpcyB3aWxsIHdvcmsgYnV0IHdpbGwgaW5jbHVkZSBhbGwgdGhlICZxdW90O2ludGVuZGVkJnF1 b3Q7IGxlYWZzIGFzPGJyPg0KJmd0OyAmZ3Q7ICZndDsgd2VsbC48YnI+DQomZ3Q7ICZndDsgJmd0 OyBXaGF0IGlmIGEgJnF1b3Q7bGVhcm5lZCZxdW90OyBub2RlIGlzIHdpdGhpbiBhICZxdW90O3N5 c3RlbSZxdW90OyBub2RlIHdpdGhpbiBhbiAmcXVvdDtpbnRlbmRlZCZxdW90Ozxicj4NCiZndDsg Jmd0OyAmZ3Q7IG5vZGU/PGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IFRoaXMgd29ya3Mg YXMgd2VsbC4mbmJzcDsgTm90ZSB0aGF0IHRoZSBnZXQtZGF0YSBkZXNjcmlwdGlvbiBzYXlzOjxi cj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm bmJzcDsgJm5ic3A7QW55IGFuY2VzdG9yIG5vZGVzIChpbmNsdWRpbmcgbGlzdCBrZXlzKSBvZiBu b2RlcyBzZWxlY3RlZCBieTxicj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7dGhlIGZpbHRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSByZXNwb25zZS48 YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7IDxi cj4NCiZndDsgVGhlIGlzc3VlIGlzIGhvdyB0aGUgL2lhZGRyZXNzZXMgYW5kIC9hZGRyZXNzZXMv YWRkcmVzcyBub2RlcyBtYXRjaCB0aGU8YnI+DQomZ3Q7IG9yaWdpbiAmcXVvdDtsZWFybmVkJnF1 b3Q7Ljxicj4NCjxicj4NClRoZXkgZG9uJ3QsIGJ1dCB0aGV5IGFyZSBpbmNsdWRlZCBiL2Mgb2Yg dGhlIHF1b3RlZCB0ZXh0IGFib3ZlIChpLmUuOjxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7IEFu eSBhbmNlc3RvciBub2RlcyAoaW5jbHVkaW5nIGxpc3Qga2V5cykgb2Ygbm9kZXMgc2VsZWN0ZWQg Ynk8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyB0aGUgZmlsdGVycyBhcmUgaW5jbHVkZWQgaW4g dGhlIHJlc3BvbnNlLik8bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Tm8uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JZiB0aGUgZmlsdGVyIHdhcyBmb3IgL2Fk ZHJlc3Nlcy9hZGRyZXNzL3ppcGNvZGUgdGhlbiBtYXliZSB0aGF0IHRleHQgYXBwbGllcy48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SXQgaXMg c3RpbGwgdW5jbGVhciB0aGF0IHRoZSBYUGF0aCBpcyBmdWxseSBwcm9jZXNzZWQgYW5kIHRoZW4g dGhlIG9yaWdpbi1maWx0ZXIgaXMgcHJvY2Vzc2VkLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGUgUkZDIGp1c3Qgc2F5cyB0aGV5IGFyZSBB TkRlZCB0b2dldGhlci48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRk aW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+PGJyPg0KJmd0OyBUaGUgbGVhZnMgaW4gbGlzdCAmcXVvdDthZGRyZXNzJnF1b3Q7IGFy ZSBhIG1peHR1cmUgb2YgJnF1b3Q7aW50ZW5kZWQmcXVvdDsgYW5kICZxdW90O2xlYXJuZWQmcXVv dDs8YnI+DQomZ3Q7IG9yaWdpbi48YnI+DQomZ3Q7IFRoZSB0ZXh0IGNsZWFybHkgc2F5cyB0aGF0 IGEgbm9kZSBoYXMgYSBzaW5nbGUgb3JpZ2luIHByb3BlcnR5LCBjb3VwbGVkIHRvPGJyPg0KJmd0 OyB0aGUgYW5ub3RhdGlvbi48YnI+DQomZ3Q7IDxicj4NCiZndDsgSXNzdWUgMTogbWl4ZWQgb3Jp Z2luIGRlc2NlbmRhbnQgbm9kZXM8YnI+DQomZ3Q7IFNvIGhvdyBkb2VzIGEgc2VhcmNoIG9uIC9h ZGRyZXNzZXMvYWRkcmVzcyBtYXRjaCBvcmlnaW4tZmlsdGVyPWxlYXJuZWQ/PGJyPg0KJmd0OyBJ IGNhbm5vdCBmaW5kIGFueSB0ZXh0IHRoYXQgc2F5cyB3aGF0IHRoZSBvcmlnaW4gb2YgYSBsaXN0 IG9yIFAtY29udGFpbmVyPGJyPg0KJmd0OyBpcyBpZiBpdDxicj4NCiZndDsgY29udGFpbnMgbm9k ZXMgb2YgbWl4ZWQgb3JpZ2luLjxicj4NCjxicj4NClNlZSBhYm92ZS48bzpwPjwvbzpwPjwvcD4N CjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5ObyB0ZXh0 IGFib3ZlIGV4cGxhaW5zIGhvdyB0aGUgbGlzdCBvcmlnaW4gaXMgdGFnZ2VkIGlmIGl0IGhhcyBt dWx0aXBsZSB0eXBlcyBvZiBjaGlsZCBub2Rlcy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0ND Q0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21h cmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4t Ym90dG9tOjEyLjBwdCI+PGJyPg0KJmd0OyBJc3N1ZSAyOiBOUC1jb250YWluZXJzPGJyPg0KJmd0 OyA8YnI+DQomZ3Q7IEFsc28gZnJvbSBSRkMgODM0Mjo8YnI+DQomZ3Q7IDxicj4NCiZndDsmbmJz cDsgJm5ic3A7IFRoZSBvcmlnaW4gYXBwbGllcyB0byBhbGwgY29uZmlndXJhdGlvbiBub2RlcyBl eGNlcHQgbm9uLXByZXNlbmNlPGJyPg0KJmd0OyZuYnNwOyAmbmJzcDsgY29udGFpbmVycy48YnI+ DQomZ3Q7IDxicj4NCiZndDsgPGJyPg0KJmd0OyBXaGF0IGlmIHRoZSB0b3AtbGV2ZWwgbm9kZSBp cyBhbiBOUC1jb250YWluZXIgaW4gdGhpcyBjYXNlLjxicj4NCiZndDsgSSB0aG91Z2h0IHRoZSB0 b3AtbGV2ZWwgbm9kZSBNVVNUIGhhdmUgYW4gb3JpZ2luIGF0dHJpYnV0ZS48YnI+DQomZ3Q7IDxi cj4NCiZndDsgVGhlIHRleHQgaXMgbm90IGNsZWFyIGhvdyBOUC1jb250YWluZXJzIGFyZSBoYW5k bGVkLjxicj4NCiZndDsgRG8gdGhleSBoYXZlIGFuIG9yaWdpbiBhdHRyaWJ1dGU/IElmIG5vdCB0 aGVuIFJGQyA4NTI2IHNheXMgdGhleSBoYXZlPGJyPg0KJmd0OyBvcmlnaW4gJnF1b3Q7dW5rbm93 biZxdW90Oy48YnI+DQomZ3Q7IElzIHRoZSBpbnRlbnQgdGhhdCBOUC1jb250YWluZXJzIGFsd2F5 cyBwYXNzIHRoZSBvcmlnaW4tZmlsdGVyIHRlc3RzICh0ZXN0PGJyPg0KJmd0OyBza2lwcGVkKT88 YnI+DQo8YnI+DQpObywgc2luY2UgdGhleSBkb24ndCBoYXZlIGFuIG9yaWdpbiB2YWx1ZSB0aGV5 IHdpbGwgbm90IGJlIHNlbGVjdGVkIGJ5PGJyPg0KdGhlIGZpbHRlci4mbmJzcDsgQnV0IGFuIE5Q LWNvbnRhaW5lciB3aWxsIGJlIGluY2x1ZGVkIGluIHRoZSByZXBseSBpZiBpdDxicj4NCmlzIHRo ZSBhbmNlc3RvciBvZiBhIG5vZGUgdGhhdCBpcyBzZWxlY3RlZCBieSB0aGUgZmlsdGVyLjxvOnA+ PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPlRoZSBSRkMgdGV4dCBkb2VzIG5vdCByZWFsbHkgc2F5IHRoYXQuPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlNpbmNlIGl0IGlzIHZlcnkg ZGlmZmljdWx0IHRvIGtub3cgaWYgYSBkYXRhIG5vZGUgNSBsYXllcnMgZGVlcCBpcyBnb2luZyB0 byBtYXRjaCw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+aW1wbGVtZW50aW5nIHRoZXNlIGZpbHRlcnMgYWNjb3JkaW5nIHRvIHRoaXMgdmFndWUg aW50ZXJwcmV0YXRpb24gaXMgdW5saWtlbHkuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAx LjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi10 b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9t OjEyLjBwdCI+PGJyPg0KL21hcnRpbjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkFuZHk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAj Q0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7 bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj48YnI+DQo8YnI+DQomZ3Q7IDxicj4NCiZndDsgPGJyPg0K Jmd0OyA8YnI+DQomZ3Q7IC9tYXJ0aW48YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDs8YnI+ DQomZ3Q7IEFuZHk8YnI+DQomZ3Q7IDxicj4NCiZndDsgPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0 OyAmZ3Q7ICZndDsgU2VlbXMgbGlrZSB0aGUgY2xpZW50IG5lZWRzIHRvIGtub3cgYSBsb3QgYWJv dXQgdGhlIHNlcnZlciBpbXBsZW1lbnRhdGlvbjxicj4NCiZndDsgJmd0OyAmZ3Q7IGRldGFpbHM8 YnI+DQomZ3Q7ICZndDsgJmd0OyBpbiBvcmRlciB0byB1c2UgdGhlIG9yaWdpbiBmaWx0ZXJzLjxi cj4NCiZndDsgJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsgJmd0 OyBBbmR5PGJyPg0KJmd0OyAmZ3Q7PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rp dj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_MN2PR11MB436685D0EBE9F89D7E69EB84B59B0MN2PR11MB4366namp_-- From nobody Mon Oct 7 09:55:10 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFA4F120073 for ; Mon, 7 Oct 2019 09:55:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1j3RdqTmMqYa for ; Mon, 7 Oct 2019 09:55:04 -0700 (PDT) Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1888C1200D6 for ; Mon, 7 Oct 2019 09:55:04 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id q12so4838358lfc.11 for ; Mon, 07 Oct 2019 09:55:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0psC+TbsjbGIq8RX0r0cZDqaxB6UlJic8TJKH0QbUv8=; b=RpwPmGcZz0AieLcdNaHkVl7H0WGr+EvKv+P1kEq4ICdFtfG2JQ2wbQKNkvxVBO6fNZ hqwzbOJj6W7DcRS/vcFZa3nrvF2qSVhSc60XhqFX9PI9td1kntu1oEW9xXBuR/oEr+YH bLfaXHlwHb73L+TI6MxOPXkz7OTqUdJQXiLFDa5IruSajEDAdPOeeyazKCA6+twDFEMo v0lBclG8mlhAXHCN1u32HHun39HlmvnRzpxg+r0FjcMZH/fb6mW0l10wp46Dh4Nsall1 mSVWR8mIO+PimkzG+kIymGxxy7OnIxdAQnD5FWTGSrOqIEZKIbmMjfQrVQ0mHaYNjLZu 0FQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0psC+TbsjbGIq8RX0r0cZDqaxB6UlJic8TJKH0QbUv8=; b=mvGIOiD40UDLN59egUgY1TE0dPUhWpy80VnZ32pfAhXJTDRQuMRUkSUwnhK0POxhkH hM4spoXUxXzL7g+L0lQL5VVeSjZon+/RLorHBx/r6DmVQlD6WFSPIJE70Fkno0nEyChh uEs+cigR1Wqh5z916Ll2//qUmYJZ1Klim3ZBMBOB4Idr1CSYiopcBXybfd6CYUkCdkfL cKEgKvGsuHMg46VSxxwZWfAp8tn00MiKl+BY9qO0ejEp7UIg3bxxn7/c0oL/lz9Gsv32 bzyvxUte/u2QpdqZsbcbaB5AaE4pj2Ztjzn/WixHqnghvJti/XbX9T4jWK0JcDOiecjB cCmw== X-Gm-Message-State: APjAAAXitakOBM0LwlhUGKky1o70NzcVKfEom40CF7eT/Timlmpz5JKI frTwsozW7+Lxdzy9Nb5gBcyVUnqLrYCmZ2WpDqESig== X-Google-Smtp-Source: APXvYqz0x9av4/5qGW5E4g1nU4HYPopOzdWp7rQw7eQywkAtfpmHBfwJv/ny77P8Y9s7k6LfofWVPaKo/2kYYQY+TMI= X-Received: by 2002:ac2:44b9:: with SMTP id c25mr18360776lfm.112.1570467302118; Mon, 07 Oct 2019 09:55:02 -0700 (PDT) MIME-Version: 1.0 References: <20191006.173256.1788347482117819951.mbj@tail-f.com> <20191007.094327.1923088106819713441.mbj@tail-f.com> In-Reply-To: From: Andy Bierman Date: Mon, 7 Oct 2019 09:54:50 -0700 Message-ID: To: "Rob Wilton (rwilton)" Cc: Martin Bjorklund , Netconf Content-Type: multipart/alternative; boundary="000000000000acb45d059454e9c2" Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 16:55:09 -0000 --000000000000acb45d059454e9c2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Oct 7, 2019 at 9:35 AM Rob Wilton (rwilton) wrote: > My understanding of the intention of the way the filters are logically > meant to work are: > > > > 1. Construct the full response to the request (as if no filters are to > be returned): > 2. Restrict the response, so that the selected elements match any > subtree filter. > 3. Restrict the response, so that the selected elements match any > xpath filter. > 4. Restrict the response, so that the selected elements match any > config true/false filter. > 5. Restrict the response, so that the selected elements match any > origin filter. > 6. Constrain to the requested depth > 7. Add in required ancestors and list keys. > 8. Return the result. > > The RFC has no such procedure defined. The text that is there says nothing about matching descendant nodes. Andy > > > > > I don=E2=80=99t see text in the filters that states that if a node is fil= tered > then all of its descendants are automatically filtered as well. I think > that you are assuming this behaviour. > > > > A node always only has a single origin, although it could change. E.g. i= f > a system configured was explicitly configured, then it would make sense t= o > change its origin to configured because it would exist regardless of > whether it was originally added by the system. > > > > Thanks, > > Rob > > > > > > *From:* Andy Bierman > *Sent:* 07 October 2019 15:52 > *To:* Rob Wilton (rwilton) > *Cc:* Martin Bjorklund ; Netconf > *Subject:* Re: [netconf] get-data origin filters > > > > > > > > On Mon, Oct 7, 2019 at 7:36 AM Rob Wilton (rwilton) > wrote: > > Hi Andy, > > > > Don=E2=80=99t all the filters effectively work this way? > > > > > > I do not see the text that explains origin-filter and > negated-origin-filter working the way Martin > > describes it. These filters do not say anywhere to select a node because > it has descendants > > that match the origin filters. It says very clearly that the filter test > is on the specified node. > > It also says the origin is derived from the origin annotation for that > node. > > Since only 1 instance of the origin annotation is allowed per node, there > is no way to tag > > a node with multiple origins. > > > > If implementation is too complex then people will just leave it out (w/ a > deviation). > > It is unlikely that the instrumentation knows at any given instant all th= e > origin values > > of all the descendant dynamic data at the instant the request > is processed. > > > > > > > > > > They select a subset of the nodes to include in the response, and must > also include all ancestor nodes and required list keys to the selected > nodes, regardless of whether those ancestor/key nodes were also selected = by > the query. > > > > > > Yes. Understood. > > Still does not explain how a filter for the list node selects descendant > nodes that match the origin filters. > > > > > > E.g. a =E2=80=9Cconfig false=E2=80=9D filter will still return =E2=80=9Cc= onfig true=E2=80=9D nodes if they > are ancestors or list keys to a descendant config false node. The same > logic applies for xpath and origin filters as well. > > > > > > No they won't. > > Where is that text? > > > > get-data config=3Dfilter=3Dfalse > > > > This starts from top-level YANG nodes. > > If the top-level YANG node is not config=3Dfalse then the server will not > keep looking for descendants that match. > > > > > > Thanks, > Rob > > > > > > Andy > > > > > > > > > > *From:* netconf *On Behalf Of *Andy Bierman > *Sent:* 07 October 2019 15:12 > *To:* Martin Bjorklund > *Cc:* Netconf > *Subject:* Re: [netconf] get-data origin filters > > > > > > > > On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund wrote: > > Andy Bierman wrote: > > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund wrote: > > > > > Hi, > > > > > > Andy Bierman wrote: > > > > Hi, > > > > > > > > I am trying to figure out how to use the origin-filter and > > > > negated-origin-filter > > > > in the operation in RFC 8526. > > > > > > > > > > > > leaf-list origin-filter { > > > > type or:origin-ref; > > > > description > > > > "Filter based on the 'origin' annotation. A > > > > configuration node matches the filter if its 'origi= n' > > > > annotation is derived from or equal to any of the > given > > > > filter values."; > > > > } > > > > > > > > > > > > These filters seem kind of worthless if implemented according to th= e > > > text. > > > > Consider a simple example where there is 1 learned leaf within a > list: > > > > > > > > module: address > > > > +--rw addresses > > > > +--rw address* [last-name first-name] > > > > +--rw last-name string > > > > +--rw first-name string > > > > +--rw street? string > > > > +--rw city? string > > > > +--rw zipcode? string > > > > +--rw phone* [phone-type] > > > > +--rw phone-type enumeration > > > > +--rw phone-number string > > > > > > > > Let's say the "zipcode" field is learned in > > > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to full 9 > digit > > > > zipcode). > > > > So /addresses and /addresses/address have origin "intended". > > > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > > > > > So how does origin-filter=3Dlearned find all the learned leafs? > > > > > > Perhaps I don't understand your question; IMO you give the answer to > > > this question below: > > > > > > > What filters are required to return only the learned entries + > ancestors > > > + > > > > ancestor-or-self keys? Seems like this filter mechanism has to be > used > > > > to retrieve the exact leaf that might be learned, and the client > > > > needs to know in advance all the possible nodes that might be > learned. > > > > > > > > Want to be able to retrieve an ancestor that is intended and still > find > > > the > > > > learned entries > > > > > > > > get-data xpath-filter=3D/addresses/address origin-filtter=3Dlear= ned > > > > > > ... here. So this request will return: > > > > > > > > >
> > > ... > > > ... > > > ... > > >
> > > ... > > > > > > > > > > > I do not interpret the text the same way as you. > > Does this mean that you think that the reply is different from what I > show above? If so, what would it be, and why? > > > > > > > > Explain how the list address node has origin "learned". > > > > The filter is for /addresses/address and only origin=3Dlearned. > > How does the list node have origin=3Dlearned? > > It can only have 1 value. > > It has child nodes with both intended and learned as origin. > > I do no understand how the origin=3Dlearned matched this node. > > > > > > > > > > > > > The content returned > > > > by get-data must satisfy all filters, i.e., the filter > > criteria are logically ANDed. > > > > > > leaf-list origin-filter { > > type or:origin-ref; > > description > > "Filter based on the 'origin' annotation. A > > configuration node matches the filter if its 'origin' > > annotation is derived from or equal to any of the given > > filter values."; > > } > > > > > > Configuration nodes that do not have an > > 'origin' annotation are treated as if they have the > > 'origin' annotation 'or:unknown'. > > > > > > > > > The draft shows an example where both "intended" and "system" are giv= en > > > > as filters. This will work but will include all the "intended" > leafs as > > > > well. > > > > What if a "learned" node is within a "system" node within an > "intended" > > > > node? > > > > > > This works as well. Note that the get-data description says: > > > > > > Any ancestor nodes (including list keys) of nodes selected = by > > > the filters are included in the response. > > > > > > > > > > > > > The issue is how the /iaddresses and /addresses/address nodes match the > > origin "learned". > > They don't, but they are included b/c of the quoted text above (i.e.: > Any ancestor nodes (including list keys) of nodes selected by > the filters are included in the response.) > > > > > > No. > > > > If the filter was for /addresses/address/zipcode then maybe that text > applies. > > It is still unclear that the XPath is fully processed and then the > origin-filter is processed. > > The RFC just says they are ANDed together. > > > > > > > > The leafs in list "address" are a mixture of "intended" and "learned" > > origin. > > The text clearly says that a node has a single origin property, coupled > to > > the annotation. > > > > Issue 1: mixed origin descendant nodes > > So how does a search on /addresses/address match origin-filter=3Dlearne= d? > > I cannot find any text that says what the origin of a list or P-contain= er > > is if it > > contains nodes of mixed origin. > > See above. > > > > No text above explains how the list origin is tagged if it has multiple > types of child nodes. > > > > > > > > Issue 2: NP-containers > > > > Also from RFC 8342: > > > > The origin applies to all configuration nodes except non-presence > > containers. > > > > > > What if the top-level node is an NP-container in this case. > > I thought the top-level node MUST have an origin attribute. > > > > The text is not clear how NP-containers are handled. > > Do they have an origin attribute? If not then RFC 8526 says they have > > origin "unknown". > > Is the intent that NP-containers always pass the origin-filter tests > (test > > skipped)? > > No, since they don't have an origin value they will not be selected by > the filter. But an NP-container will be included in the reply if it > is the ancestor of a node that is selected by the filter. > > > > The RFC text does not really say that. > > Since it is very difficult to know if a data node 5 layers deep is going > to match, > > implementing these filters according to this vague interpretation is > unlikely. > > > > > /martin > > > > Andy > > > > > > > > > > > > > /martin > > > > > > > > Andy > > > > > > > > > > > Seems like the client needs to know a lot about the server > implementation > > > > details > > > > in order to use the origin filters. > > > > > > > > > > > > Andy > > > > > --000000000000acb45d059454e9c2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Oct 7, 2019 at 9:35 AM Rob Wi= lton (rwilton) <rwilton@cisco.com> wrote:

My understanding of the intention of the way t= he filters are logically meant to work are:

=C2=A0

  1. Construct the full response to the request (as if no filters = are to be returned):
  2. Restrict the re= sponse, so that the selected elements match any subtree filter.
  3. Restrict the response, so that the selected ele= ments match any xpath filter.
  4. Restri= ct the response, so that the selected elements match any config true/false = filter.
  5. Restrict the response, so th= at the selected elements match any origin filter.
    6. =
  6. Constrain to the requested depth
    7. Add in required ancestors and list keys.
  7. Return the result.



<= /div>
Andy
=C2=A0

=C2=A0

=C2=A0

I don=E2=80=99t see text in the filters that s= tates that if a node is filtered then all of its descendants are automatica= lly filtered as well.=C2=A0 I think that you are assuming this behaviour.

=C2=A0

A node always only has a single origin, althou= gh it could change.=C2=A0 E.g. if a system configured was explicitly config= ured, then it would make sense to change its origin to configured because i= t would exist regardless of whether it was originally added by the system.<= u>

=C2=A0

Thanks,

Rob

=C2=A0

=C2=A0

From: Andy Bierman <andy@yumaworks.com>
Sent: 07 October 2019 15:52
To: Rob Wilton (rwilton) <rwilton@cisco.com>
Cc: Martin Bjorklund <mbj@tail-f.com>; Netconf <netconf@ietf.org>
Subject: Re: [netconf] get-data origin filters<= /p>

=C2=A0

=C2=A0

=C2=A0

On Mon, Oct 7, 2019 at 7:36 AM Rob Wilton (rwilton) = <rwilton@cisco.co= m> wrote:

Hi Andy,

=C2=A0

Don=E2=80=99t all the filters effectively work this = way?

=C2=A0

=C2=A0

I do not see the text that explains origin-filter an= d negated-origin-filter working the way Martin

describes it.=C2=A0 These filters do not say anywher= e to select a node because it has descendants

that match the origin filters.=C2=A0 It says very cl= early that the filter test is on the specified node.

It also says the origin is derived from the origin a= nnotation for that node.

Since only 1 instance of the origin annotation is al= lowed per node, there is no way to tag

a node with multiple origins.=C2=A0

=C2=A0

If implementation is too complex then people will ju= st leave it out (w/ a deviation).

It is unlikely that the instrumentation knows at any= given instant all the origin values

of all the descendant dynamic data at the instant th= e <get-data> request is processed.

=C2=A0

=C2=A0

=C2=A0

=C2=A0

They select a subset of the nodes to include in the = response, and must also include all ancestor nodes and required list keys t= o the selected nodes, regardless of whether those ancestor/key nodes were also selected by the query.

=C2=A0

=C2=A0

Yes. Understood.

Still does not explain how a filter for the list nod= e selects descendant nodes that match the origin filters.

=C2=A0

=C2=A0

E.g. a =E2=80=9Cconfig false=E2=80=9D filter will st= ill return =E2=80=9Cconfig true=E2=80=9D nodes if they are ancestors or lis= t keys to a descendant config false node.=C2=A0 The same logic applies for = xpath and origin filters as well.

=C2=A0

=C2=A0

No they won't.

Where is that text?

=C2=A0

=C2=A0 =C2=A0 get-data config=3Dfilter=3Dfalse

=C2=A0

This starts from top-level YANG nodes.=

If the top-level YANG node is not config=3Dfalse the= n the server will not keep looking for descendants that match.

=C2=A0

=C2=A0

Thanks,
Rob

=C2=A0

=C2=A0

Andy

=C2=A0

=C2=A0

=C2=A0

=C2=A0

From: netconf <netconf-bounces@ietf.org> On Behalf Of Andy Bierman
Sent: 07 October 2019 15:12
To: Martin Bjorklund <mbj@tail-f.com>
Cc: Netconf <netconf@ietf.org>
Subject: Re: [netconf] get-data origin filters<= /p>

=C2=A0

=C2=A0

=C2=A0

On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund <= ;mbj@tail-f.com>= wrote:

Andy Bierman <andy@yumaworks.com>= ; wrote:
> On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund <mbj@tail-f.com> wrote:
>
> > Hi,
> >
> > Andy Bierman <andy@yumaworks.com> wrote:
> > > Hi,
> > >
> > > I am trying to figure out how to use the origin-filter and > > > negated-origin-filter
> > > in the <get-data> operation in RFC 8526.
> > >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-fil= ter {
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:orig= in-ref;
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description<= br> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "= ;Filter based on the 'origin' annotation.=C2=A0 A
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0configuration node matches the filter if its 'origin'
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0annotation is derived from or equal to any of the given
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0filter values.";
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> > >
> > >
> > > These filters seem kind of worthless if implemented accordin= g to the
> > text.
> > > Consider a simple example where there is 1 learned leaf with= in a list:
> > >
> > > module: address
> > >=C2=A0 =C2=A0+--rw addresses
> > >=C2=A0 =C2=A0 =C2=A0 +--rw address* [last-name first-name] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw last-name=C2=A0 =C2= =A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw first-name=C2=A0 =C2= =A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw street?=C2=A0 =C2=A0 = =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw city?=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw zipcode?=C2=A0 =C2=A0= =C2=A0 string
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw phone* [phone-type] > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-type=C2= =A0 =C2=A0 =C2=A0 enumeration
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw phone-number= =C2=A0 =C2=A0 string
> > >
> > > Let's say the "zipcode" field is learned in &l= t;operational>
> > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to = full 9 digit
> > > zipcode).
> > > So /addresses and /addresses/address have origin "inten= ded".
> > > Only the /addresses/address/zipcode leaf has origin "le= arned".
> > >
> > > So how does origin-filter=3Dlearned find all the learned lea= fs?
> >
> > Perhaps I don't understand your question; IMO you give the an= swer to
> > this question below:
> >
> > > What filters are required to return only the learned entries= + ancestors
> > +
> > > ancestor-or-self keys?=C2=A0 Seems like this filter mechanis= m has to be used
> > > to retrieve the exact leaf that might be learned, and the cl= ient
> > > needs to know in advance all the possible nodes that might b= e learned.
> > >
> > > Want to be able to retrieve an ancestor that is intended and= still find
> > the
> > > learned entries
> > >
> > >=C2=A0 =C2=A0 get-data xpath-filter=3D/addresses/address orig= in-filtter=3Dlearned
> >
> > ... here.=C2=A0 So this request will return:
> >
> >=C2=A0 =C2=A0 <addresses or:origin=3D"or:intended">= ;
> >=C2=A0 =C2=A0 =C2=A0 <address>
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <last-name>...</last-name>=
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <first-name>...</first-name&g= t;
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <zipcode or:origin=3D"or:learn= ed">...</zipcode>
> >=C2=A0 =C2=A0 =C2=A0 </address>
> >=C2=A0 =C2=A0 =C2=A0 ...
> >=C2=A0 =C2=A0 </addresses>
> >
> >
> I do not interpret the text the same way as you.

Does this mean that you think that the reply is different from what I
show above?=C2=A0 If so, what would it be, and why?

=C2=A0

=C2=A0

=C2=A0

Explain how the list address node has origin "l= earned".

=C2=A0

The filter is for /addresses/address and only origin= =3Dlearned.

How does the list node have origin=3Dlearned?=

It can only have 1 value.

It has child nodes with both intended and learned as= origin.

I do no understand=C2=A0how the origin=3Dlearned mat= ched this node.

=C2=A0

=C2=A0

=C2=A0

=C2=A0

>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 The content returned
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0by get-data must satisfy all f= ilters, i.e., the filter
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0criteria are logically ANDed.<= br> >
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-filter {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:origin-ref; >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "Filter ba= sed on the 'origin' annotation.=C2=A0 A
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0configura= tion node matches the filter if its 'origin'
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0annotatio= n is derived from or equal to any of the given
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0filter va= lues.";
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
>
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Configuration no= des that do not have an
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation are treated as if they have the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'origin'= annotation 'or:unknown'.
>
>
>
> > The draft shows an example where both "intended" and &q= uot;system" are given
> > > as filters.=C2=A0 This will work but will include all the &q= uot;intended" leafs as
> > > well.
> > > What if a "learned" node is within a "system&= quot; node within an "intended"
> > > node?
> >
> > This works as well.=C2=A0 Note that the get-data description says= :
> >
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Any ancestor nodes (inclu= ding list keys) of nodes selected by
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the filters are included = in the response.
> >
> >
> >
>
> The issue is how the /iaddresses and /addresses/address nodes match th= e
> origin "learned".

They don't, but they are included b/c of the quoted text above (i.e.: =C2=A0 =C2=A0 =C2=A0 Any ancestor nodes (including list keys) of nodes sele= cted by
=C2=A0 =C2=A0 =C2=A0 the filters are included in the response.)

=C2=A0

=C2=A0

No.

=C2=A0

If the filter was for /addresses/address/zipcode the= n maybe that text applies.

It is still unclear that the XPath is fully processe= d and then the origin-filter is processed.

The RFC just says they are ANDed together.=

=C2=A0

=C2=A0


> The leafs in list "address" are a mixture of "intended&= quot; and "learned"
> origin.
> The text clearly says that a node has a single origin property, couple= d to
> the annotation.
>
> Issue 1: mixed origin descendant nodes
> So how does a search on /addresses/address match origin-filter=3Dlearn= ed?
> I cannot find any text that says what the origin of a list or P-contai= ner
> is if it
> contains nodes of mixed origin.

See above.

=C2=A0

No text above explains how the list origin is tagged= if it has multiple types of child nodes.

=C2=A0

=C2=A0


> Issue 2: NP-containers
>
> Also from RFC 8342:
>
>=C2=A0 =C2=A0 The origin applies to all configuration nodes except non-= presence
>=C2=A0 =C2=A0 containers.
>
>
> What if the top-level node is an NP-container in this case.
> I thought the top-level node MUST have an origin attribute.
>
> The text is not clear how NP-containers are handled.
> Do they have an origin attribute? If not then RFC 8526 says they have<= br> > origin "unknown".
> Is the intent that NP-containers always pass the origin-filter tests (= test
> skipped)?

No, since they don't have an origin value they will not be selected by<= br> the filter.=C2=A0 But an NP-container will be included in the reply if it is the ancestor of a node that is selected by the filter.

=C2=A0

The RFC text does not really say that.=

Since it is very difficult to know if a data node 5 = layers deep is going to match,

implementing these filters according to this vague i= nterpretation is unlikely.

=C2=A0


/martin

=C2=A0

Andy

=C2=A0



>
>
>
> /martin
> >
> >
> Andy
>
>
> >
> > > Seems like the client needs to know a lot about the server i= mplementation
> > > details
> > > in order to use the origin filters.
> > >
> > >
> > > Andy
> >

--000000000000acb45d059454e9c2-- From nobody Mon Oct 7 10:39:15 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8FD51200F5 for ; Mon, 7 Oct 2019 10:39:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qja4nRw2eD_F for ; Mon, 7 Oct 2019 10:39:12 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 36DEA1200E0 for ; Mon, 7 Oct 2019 10:39:12 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 265081AE018A; Mon, 7 Oct 2019 19:39:10 +0200 (CEST) Date: Mon, 07 Oct 2019 19:39:09 +0200 (CEST) Message-Id: <20191007.193909.1640793317135302246.mbj@tail-f.com> To: andy@yumaworks.com Cc: rwilton@cisco.com, netconf@ietf.org From: Martin Bjorklund In-Reply-To: References: X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: base64 Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 17:39:15 -0000 QW5keSBCaWVybWFuIDxhbmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiBPbiBNb24sIE9jdCA3 LCAyMDE5IGF0IDc6MzYgQU0gUm9iIFdpbHRvbiAocndpbHRvbikgPHJ3aWx0b25AY2lzY28uY29t Pg0KPiB3cm90ZToNCj4gDQo+ID4gSGkgQW5keSwNCj4gPg0KPiA+DQo+ID4NCj4gPiBEb27igJl0 IGFsbCB0aGUgZmlsdGVycyBlZmZlY3RpdmVseSB3b3JrIHRoaXMgd2F5Pw0KPiA+DQo+IA0KPiAN Cj4gSSBkbyBub3Qgc2VlIHRoZSB0ZXh0IHRoYXQgZXhwbGFpbnMgb3JpZ2luLWZpbHRlciBhbmQg bmVnYXRlZC1vcmlnaW4tZmlsdGVyDQo+IHdvcmtpbmcgdGhlIHdheSBNYXJ0aW4NCj4gZGVzY3Jp YmVzIGl0LiAgVGhlc2UgZmlsdGVycyBkbyBub3Qgc2F5IGFueXdoZXJlIHRvIHNlbGVjdCBhIG5v ZGUgYmVjYXVzZQ0KPiBpdCBoYXMgZGVzY2VuZGFudHMNCj4gdGhhdCBtYXRjaCB0aGUgb3JpZ2lu IGZpbHRlcnMuICBJdCBzYXlzIHZlcnkgY2xlYXJseSB0aGF0IHRoZSBmaWx0ZXIgdGVzdA0KPiBp cyBvbiB0aGUgc3BlY2lmaWVkIG5vZGUuDQoNCkxldCdzIHNpbXBsaWZ5IHRoZSBleGFtcGxlIHNv bWV3aGF0LiAgU3VwcG9zZSB0aGUgY2xpZW50IHNlbmRzOg0KDQogIDxnZXQtZGF0YT4NCiAgICA8 ZGF0YXN0b3JlPmRzOm9wZXJhdGlvbmFsPC9kYXRhc3RvcmU+DQogICAgPG9yaWdpbi1maWx0ZXI+ b3I6bGVhcm5lZDwvb3JpZ2luLWZpbHRlcj4NCiAgICA8d2l0aC1vcmlnaW4vPg0KICA8L2dldC1k YXRhPg0KDQpBcmUgeW91IHNheWluZyB0aGF0IGIvYyB0aGUgdG9wLWxldmVsIG5vZGUgZG9lc24n dCBoYXZlIG9yOmxlYXJuZWQsDQp0aGlzIGZpbHRlciB3aWxsIHJldHVybiBub3RoaW5nPw0KDQpJ dCBzZWVtcyB5b3UgYXJlIGFzc3VtaW5nIHRoYXQgdGhlIHNlcnZlciBmaXJzdCBtYXRjaGVzIHRo ZSB0b3AtbGV2ZWwNCm5vZGVzLCBhbmQgaWYgdGhleSBtYXRjaCwgdGhlbiBtYXRjaCBkZXNjZW5k YW50cyBhbmQgc28gb25lLiAgVGhlIHRleHQNCmRvZXNuJ3Qgc2F5IHRoYXQsIGhvd2V2ZXIuICBJ dCBzYXlzOg0KDQogICAgICAgICAgICAgICAgQSBjb25maWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0 aGUgZmlsdGVyIGlmIGl0cw0KICAgICAgICAgICAgICAgICdvcmlnaW4nIGFubm90YXRpb24gaXMg ZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRvIGFueSBvZg0KICAgICAgICAgICAgICAgIHRoZSBnaXZl biBmaWx0ZXIgdmFsdWVzLg0KDQphbmQ6DQoNCiAgICAgICAgICBBbnkgYW5jZXN0b3Igbm9kZXMg KGluY2x1ZGluZyBsaXN0IGtleXMpIG9mIG5vZGVzIHNlbGVjdGVkIGJ5DQogICAgICAgICAgdGhl IGZpbHRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSByZXNwb25zZS4NCg0KU28gSSB0aGluayBpdCBp cyBwcmV0dHkgY2xlYXIgdGhhdCB0aGUgb3JpZ2luIGZpbHRlciBtYXRjaGVzIHRoZQ0KemlwY29k ZSBub2RlcyBpbiB0aGUgZXhhbXBsZSwgYW5kIHRoZW4gdGhlIGFuY2VzdG9ycyBhcmUgaW5jbHVk ZWQgaW4NCnRoZSByZXBseS4NCg0KDQo+IEl0IGFsc28gc2F5cyB0aGUgb3JpZ2luIGlzIGRlcml2 ZWQgZnJvbSB0aGUgb3JpZ2luIGFubm90YXRpb24gZm9yIHRoYXQgbm9kZS4NCj4gU2luY2Ugb25s eSAxIGluc3RhbmNlIG9mIHRoZSBvcmlnaW4gYW5ub3RhdGlvbiBpcyBhbGxvd2VkIHBlciBub2Rl LCB0aGVyZQ0KPiBpcyBubyB3YXkgdG8gdGFnDQo+IGEgbm9kZSB3aXRoIG11bHRpcGxlIG9yaWdp bnMuDQoNCkFncmVlZC4NCg0KDQovbWFydGluDQoNCg0KPiBJZiBpbXBsZW1lbnRhdGlvbiBpcyB0 b28gY29tcGxleCB0aGVuIHBlb3BsZSB3aWxsIGp1c3QgbGVhdmUgaXQgb3V0ICh3LyBhDQo+IGRl dmlhdGlvbikuDQo+IEl0IGlzIHVubGlrZWx5IHRoYXQgdGhlIGluc3RydW1lbnRhdGlvbiBrbm93 cyBhdCBhbnkgZ2l2ZW4gaW5zdGFudCBhbGwgdGhlDQo+IG9yaWdpbiB2YWx1ZXMNCj4gb2YgYWxs IHRoZSBkZXNjZW5kYW50IGR5bmFtaWMgZGF0YSBhdCB0aGUgaW5zdGFudCB0aGUgPGdldC1kYXRh PiByZXF1ZXN0IGlzDQo+IHByb2Nlc3NlZC4NCj4gDQo+IA0KPiANCj4gDQo+ID4NCj4gPiBUaGV5 IHNlbGVjdCBhIHN1YnNldCBvZiB0aGUgbm9kZXMgdG8gaW5jbHVkZSBpbiB0aGUgcmVzcG9uc2Us IGFuZCBtdXN0DQo+ID4gYWxzbyBpbmNsdWRlIGFsbCBhbmNlc3RvciBub2RlcyBhbmQgcmVxdWly ZWQgbGlzdCBrZXlzIHRvIHRoZSBzZWxlY3RlZA0KPiA+IG5vZGVzLCByZWdhcmRsZXNzIG9mIHdo ZXRoZXIgdGhvc2UgYW5jZXN0b3Iva2V5IG5vZGVzIHdlcmUgYWxzbyBzZWxlY3RlZCBieQ0KPiA+ IHRoZSBxdWVyeS4NCj4gPg0KPiA+DQo+ID4NCj4gDQo+IFllcy4gVW5kZXJzdG9vZC4NCj4gU3Rp bGwgZG9lcyBub3QgZXhwbGFpbiBob3cgYSBmaWx0ZXIgZm9yIHRoZSBsaXN0IG5vZGUgc2VsZWN0 cyBkZXNjZW5kYW50DQo+IG5vZGVzIHRoYXQgbWF0Y2ggdGhlIG9yaWdpbiBmaWx0ZXJzLg0KPiAN Cj4gDQo+IA0KPiA+IEUuZy4gYSDigJxjb25maWcgZmFsc2XigJ0gZmlsdGVyIHdpbGwgc3RpbGwg cmV0dXJuIOKAnGNvbmZpZyB0cnVl4oCdIG5vZGVzIGlmIHRoZXkNCj4gPiBhcmUgYW5jZXN0b3Jz IG9yIGxpc3Qga2V5cyB0byBhIGRlc2NlbmRhbnQgY29uZmlnIGZhbHNlIG5vZGUuICBUaGUgc2Ft ZQ0KPiA+IGxvZ2ljIGFwcGxpZXMgZm9yIHhwYXRoIGFuZCBvcmlnaW4gZmlsdGVycyBhcyB3ZWxs Lg0KPiA+DQo+ID4NCj4gPg0KPiANCj4gTm8gdGhleSB3b24ndC4NCj4gV2hlcmUgaXMgdGhhdCB0 ZXh0Pw0KPiANCj4gICAgIGdldC1kYXRhIGNvbmZpZz1maWx0ZXI9ZmFsc2UNCj4gDQo+IFRoaXMg c3RhcnRzIGZyb20gdG9wLWxldmVsIFlBTkcgbm9kZXMuDQo+IElmIHRoZSB0b3AtbGV2ZWwgWUFO RyBub2RlIGlzIG5vdCBjb25maWc9ZmFsc2UgdGhlbiB0aGUgc2VydmVyIHdpbGwgbm90DQo+IGtl ZXAgbG9va2luZyBmb3IgZGVzY2VuZGFudHMgdGhhdCBtYXRjaC4NCj4gDQo+IA0KPiANCj4gPiBU aGFua3MsDQo+ID4gUm9iDQo+ID4NCj4gPg0KPiANCj4gQW5keQ0KPiANCj4gDQo+IA0KPiA+DQo+ ID4NCj4gPg0KPiA+DQo+ID4gKkZyb206KiBuZXRjb25mIDxuZXRjb25mLWJvdW5jZXNAaWV0Zi5v cmc+ICpPbiBCZWhhbGYgT2YgKkFuZHkgQmllcm1hbg0KPiA+ICpTZW50OiogMDcgT2N0b2JlciAy MDE5IDE1OjEyDQo+ID4gKlRvOiogTWFydGluIEJqb3JrbHVuZCA8bWJqQHRhaWwtZi5jb20+DQo+ ID4gKkNjOiogTmV0Y29uZiA8bmV0Y29uZkBpZXRmLm9yZz4NCj4gPiAqU3ViamVjdDoqIFJlOiBb bmV0Y29uZl0gZ2V0LWRhdGEgb3JpZ2luIGZpbHRlcnMNCj4gPg0KPiA+DQo+ID4NCj4gPg0KPiA+ DQo+ID4NCj4gPg0KPiA+IE9uIE1vbiwgT2N0IDcsIDIwMTkgYXQgMTI6NDMgQU0gTWFydGluIEJq b3JrbHVuZCA8bWJqQHRhaWwtZi5jb20+IHdyb3RlOg0KPiA+DQo+ID4gQW5keSBCaWVybWFuIDxh bmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiA+ID4gT24gU3VuLCBPY3QgNiwgMjAxOSBhdCA4 OjMyIEFNIE1hcnRpbiBCam9ya2x1bmQgPG1iakB0YWlsLWYuY29tPiB3cm90ZToNCj4gPiA+DQo+ ID4gPiA+IEhpLA0KPiA+ID4gPg0KPiA+ID4gPiBBbmR5IEJpZXJtYW4gPGFuZHlAeXVtYXdvcmtz LmNvbT4gd3JvdGU6DQo+ID4gPiA+ID4gSGksDQo+ID4gPiA+ID4NCj4gPiA+ID4gPiBJIGFtIHRy eWluZyB0byBmaWd1cmUgb3V0IGhvdyB0byB1c2UgdGhlIG9yaWdpbi1maWx0ZXIgYW5kDQo+ID4g PiA+ID4gbmVnYXRlZC1vcmlnaW4tZmlsdGVyDQo+ID4gPiA+ID4gaW4gdGhlIDxnZXQtZGF0YT4g b3BlcmF0aW9uIGluIFJGQyA4NTI2Lg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4NCj4gPiA+ID4gPiAg ICAgICAgICAgbGVhZi1saXN0IG9yaWdpbi1maWx0ZXIgew0KPiA+ID4gPiA+ICAgICAgICAgICAg ICB0eXBlIG9yOm9yaWdpbi1yZWY7DQo+ID4gPiA+ID4gICAgICAgICAgICAgIGRlc2NyaXB0aW9u DQo+ID4gPiA+ID4gICAgICAgICAgICAgICAgIkZpbHRlciBiYXNlZCBvbiB0aGUgJ29yaWdpbicg YW5ub3RhdGlvbi4gIEENCj4gPiA+ID4gPiAgICAgICAgICAgICAgICAgY29uZmlndXJhdGlvbiBu b2RlIG1hdGNoZXMgdGhlIGZpbHRlciBpZiBpdHMgJ29yaWdpbicNCj4gPiA+ID4gPiAgICAgICAg ICAgICAgICAgYW5ub3RhdGlvbiBpcyBkZXJpdmVkIGZyb20gb3IgZXF1YWwgdG8gYW55IG9mIHRo ZQ0KPiA+IGdpdmVuDQo+ID4gPiA+ID4gICAgICAgICAgICAgICAgIGZpbHRlciB2YWx1ZXMuIjsN Cj4gPiA+ID4gPiAgICAgICAgICAgIH0NCj4gPiA+ID4gPg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4g VGhlc2UgZmlsdGVycyBzZWVtIGtpbmQgb2Ygd29ydGhsZXNzIGlmIGltcGxlbWVudGVkIGFjY29y ZGluZyB0byB0aGUNCj4gPiA+ID4gdGV4dC4NCj4gPiA+ID4gPiBDb25zaWRlciBhIHNpbXBsZSBl eGFtcGxlIHdoZXJlIHRoZXJlIGlzIDEgbGVhcm5lZCBsZWFmIHdpdGhpbiBhDQo+ID4gbGlzdDoN Cj4gPiA+ID4gPg0KPiA+ID4gPiA+IG1vZHVsZTogYWRkcmVzcw0KPiA+ID4gPiA+ICAgKy0tcncg YWRkcmVzc2VzDQo+ID4gPiA+ID4gICAgICArLS1ydyBhZGRyZXNzKiBbbGFzdC1uYW1lIGZpcnN0 LW5hbWVdDQo+ID4gPiA+ID4gICAgICAgICArLS1ydyBsYXN0LW5hbWUgICAgIHN0cmluZw0KPiA+ ID4gPiA+ICAgICAgICAgKy0tcncgZmlyc3QtbmFtZSAgICBzdHJpbmcNCj4gPiA+ID4gPiAgICAg ICAgICstLXJ3IHN0cmVldD8gICAgICAgc3RyaW5nDQo+ID4gPiA+ID4gICAgICAgICArLS1ydyBj aXR5PyAgICAgICAgIHN0cmluZw0KPiA+ID4gPiA+ICAgICAgICAgKy0tcncgemlwY29kZT8gICAg ICBzdHJpbmcNCj4gPiA+ID4gPiAgICAgICAgICstLXJ3IHBob25lKiBbcGhvbmUtdHlwZV0NCj4g PiA+ID4gPiAgICAgICAgICAgICstLXJ3IHBob25lLXR5cGUgICAgICBlbnVtZXJhdGlvbg0KPiA+ ID4gPiA+ICAgICAgICAgICAgKy0tcncgcGhvbmUtbnVtYmVyICAgIHN0cmluZw0KPiA+ID4gPiA+ DQo+ID4gPiA+ID4gTGV0J3Mgc2F5IHRoZSAiemlwY29kZSIgZmllbGQgaXMgbGVhcm5lZCBpbiA8 b3BlcmF0aW9uYWw+DQo+ID4gPiA+ID4gKGUuZy4gWklQIGNvZGUgbG9va3VwIGV4cGFuZHMgbWlz c2luZyBvciA1IGRpZ2l0IHppcGNvZGUgdG8gZnVsbCA5DQo+ID4gZGlnaXQNCj4gPiA+ID4gPiB6 aXBjb2RlKS4NCj4gPiA+ID4gPiBTbyAvYWRkcmVzc2VzIGFuZCAvYWRkcmVzc2VzL2FkZHJlc3Mg aGF2ZSBvcmlnaW4gImludGVuZGVkIi4NCj4gPiA+ID4gPiBPbmx5IHRoZSAvYWRkcmVzc2VzL2Fk ZHJlc3MvemlwY29kZSBsZWFmIGhhcyBvcmlnaW4gImxlYXJuZWQiLg0KPiA+ID4gPiA+DQo+ID4g PiA+ID4gU28gaG93IGRvZXMgb3JpZ2luLWZpbHRlcj1sZWFybmVkIGZpbmQgYWxsIHRoZSBsZWFy bmVkIGxlYWZzPw0KPiA+ID4gPg0KPiA+ID4gPiBQZXJoYXBzIEkgZG9uJ3QgdW5kZXJzdGFuZCB5 b3VyIHF1ZXN0aW9uOyBJTU8geW91IGdpdmUgdGhlIGFuc3dlciB0bw0KPiA+ID4gPiB0aGlzIHF1 ZXN0aW9uIGJlbG93Og0KPiA+ID4gPg0KPiA+ID4gPiA+IFdoYXQgZmlsdGVycyBhcmUgcmVxdWly ZWQgdG8gcmV0dXJuIG9ubHkgdGhlIGxlYXJuZWQgZW50cmllcyArDQo+ID4gYW5jZXN0b3JzDQo+ ID4gPiA+ICsNCj4gPiA+ID4gPiBhbmNlc3Rvci1vci1zZWxmIGtleXM/ICBTZWVtcyBsaWtlIHRo aXMgZmlsdGVyIG1lY2hhbmlzbSBoYXMgdG8gYmUNCj4gPiB1c2VkDQo+ID4gPiA+ID4gdG8gcmV0 cmlldmUgdGhlIGV4YWN0IGxlYWYgdGhhdCBtaWdodCBiZSBsZWFybmVkLCBhbmQgdGhlIGNsaWVu dA0KPiA+ID4gPiA+IG5lZWRzIHRvIGtub3cgaW4gYWR2YW5jZSBhbGwgdGhlIHBvc3NpYmxlIG5v ZGVzIHRoYXQgbWlnaHQgYmUNCj4gPiBsZWFybmVkLg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gV2Fu dCB0byBiZSBhYmxlIHRvIHJldHJpZXZlIGFuIGFuY2VzdG9yIHRoYXQgaXMgaW50ZW5kZWQgYW5k IHN0aWxsDQo+ID4gZmluZA0KPiA+ID4gPiB0aGUNCj4gPiA+ID4gPiBsZWFybmVkIGVudHJpZXMN Cj4gPiA+ID4gPg0KPiA+ID4gPiA+ICAgIGdldC1kYXRhIHhwYXRoLWZpbHRlcj0vYWRkcmVzc2Vz L2FkZHJlc3Mgb3JpZ2luLWZpbHR0ZXI9bGVhcm5lZA0KPiA+ID4gPg0KPiA+ID4gPiAuLi4gaGVy ZS4gIFNvIHRoaXMgcmVxdWVzdCB3aWxsIHJldHVybjoNCj4gPiA+ID4NCj4gPiA+ID4gICAgPGFk ZHJlc3NlcyBvcjpvcmlnaW49Im9yOmludGVuZGVkIj4NCj4gPiA+ID4gICAgICA8YWRkcmVzcz4N Cj4gPiA+ID4gICAgICAgIDxsYXN0LW5hbWU+Li4uPC9sYXN0LW5hbWU+DQo+ID4gPiA+ICAgICAg ICA8Zmlyc3QtbmFtZT4uLi48L2ZpcnN0LW5hbWU+DQo+ID4gPiA+ICAgICAgICA8emlwY29kZSBv cjpvcmlnaW49Im9yOmxlYXJuZWQiPi4uLjwvemlwY29kZT4NCj4gPiA+ID4gICAgICA8L2FkZHJl c3M+DQo+ID4gPiA+ICAgICAgLi4uDQo+ID4gPiA+ICAgIDwvYWRkcmVzc2VzPg0KPiA+ID4gPg0K PiA+ID4gPg0KPiA+ID4gSSBkbyBub3QgaW50ZXJwcmV0IHRoZSB0ZXh0IHRoZSBzYW1lIHdheSBh cyB5b3UuDQo+ID4NCj4gPiBEb2VzIHRoaXMgbWVhbiB0aGF0IHlvdSB0aGluayB0aGF0IHRoZSBy ZXBseSBpcyBkaWZmZXJlbnQgZnJvbSB3aGF0IEkNCj4gPiBzaG93IGFib3ZlPyAgSWYgc28sIHdo YXQgd291bGQgaXQgYmUsIGFuZCB3aHk/DQo+ID4NCj4gPg0KPiA+DQo+ID4NCj4gPg0KPiA+DQo+ ID4NCj4gPiBFeHBsYWluIGhvdyB0aGUgbGlzdCBhZGRyZXNzIG5vZGUgaGFzIG9yaWdpbiAibGVh cm5lZCIuDQo+ID4NCj4gPg0KPiA+DQo+ID4gVGhlIGZpbHRlciBpcyBmb3IgL2FkZHJlc3Nlcy9h ZGRyZXNzIGFuZCBvbmx5IG9yaWdpbj1sZWFybmVkLg0KPiA+DQo+ID4gSG93IGRvZXMgdGhlIGxp c3Qgbm9kZSBoYXZlIG9yaWdpbj1sZWFybmVkPw0KPiA+DQo+ID4gSXQgY2FuIG9ubHkgaGF2ZSAx IHZhbHVlLg0KPiA+DQo+ID4gSXQgaGFzIGNoaWxkIG5vZGVzIHdpdGggYm90aCBpbnRlbmRlZCBh bmQgbGVhcm5lZCBhcyBvcmlnaW4uDQo+ID4NCj4gPiBJIGRvIG5vIHVuZGVyc3RhbmQgaG93IHRo ZSBvcmlnaW49bGVhcm5lZCBtYXRjaGVkIHRoaXMgbm9kZS4NCj4gPg0KPiA+DQo+ID4NCj4gPg0K PiA+DQo+ID4NCj4gPg0KPiA+DQo+ID4NCj4gPiA+DQo+ID4gPiAgICAgICAgICAgICAgICAgICAg ICBUaGUgY29udGVudCByZXR1cm5lZA0KPiA+ID4NCj4gPiA+ICAgICAgICAgICBieSBnZXQtZGF0 YSBtdXN0IHNhdGlzZnkgYWxsIGZpbHRlcnMsIGkuZS4sIHRoZSBmaWx0ZXINCj4gPiA+ICAgICAg ICAgICBjcml0ZXJpYSBhcmUgbG9naWNhbGx5IEFORGVkLg0KPiA+ID4NCj4gPiA+DQo+ID4gPiAg ICAgICAgICAgbGVhZi1saXN0IG9yaWdpbi1maWx0ZXIgew0KPiA+ID4gICAgICAgICAgICAgIHR5 cGUgb3I6b3JpZ2luLXJlZjsNCj4gPiA+ICAgICAgICAgICAgICBkZXNjcmlwdGlvbg0KPiA+ID4g ICAgICAgICAgICAgICAgIkZpbHRlciBiYXNlZCBvbiB0aGUgJ29yaWdpbicgYW5ub3RhdGlvbi4g IEENCj4gPiA+ICAgICAgICAgICAgICAgICBjb25maWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0aGUg ZmlsdGVyIGlmIGl0cyAnb3JpZ2luJw0KPiA+ID4gICAgICAgICAgICAgICAgIGFubm90YXRpb24g aXMgZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRvIGFueSBvZiB0aGUgZ2l2ZW4NCj4gPiA+ICAgICAg ICAgICAgICAgICBmaWx0ZXIgdmFsdWVzLiI7DQo+ID4gPiAgICAgICAgICAgIH0NCj4gPiA+DQo+ ID4gPg0KPiA+ID4gICAgICAgICAgICAgICBDb25maWd1cmF0aW9uIG5vZGVzIHRoYXQgZG8gbm90 IGhhdmUgYW4NCj4gPiA+ICAgICAgICAgICAgICAgJ29yaWdpbicgYW5ub3RhdGlvbiBhcmUgdHJl YXRlZCBhcyBpZiB0aGV5IGhhdmUgdGhlDQo+ID4gPiAgICAgICAgICAgICAgICdvcmlnaW4nIGFu bm90YXRpb24gJ29yOnVua25vd24nLg0KPiA+ID4NCj4gPiA+DQo+ID4gPg0KPiA+ID4gPiBUaGUg ZHJhZnQgc2hvd3MgYW4gZXhhbXBsZSB3aGVyZSBib3RoICJpbnRlbmRlZCIgYW5kICJzeXN0ZW0i IGFyZSBnaXZlbg0KPiA+ID4gPiA+IGFzIGZpbHRlcnMuICBUaGlzIHdpbGwgd29yayBidXQgd2ls bCBpbmNsdWRlIGFsbCB0aGUgImludGVuZGVkIg0KPiA+IGxlYWZzIGFzDQo+ID4gPiA+ID4gd2Vs bC4NCj4gPiA+ID4gPiBXaGF0IGlmIGEgImxlYXJuZWQiIG5vZGUgaXMgd2l0aGluIGEgInN5c3Rl bSIgbm9kZSB3aXRoaW4gYW4NCj4gPiAiaW50ZW5kZWQiDQo+ID4gPiA+ID4gbm9kZT8NCj4gPiA+ ID4NCj4gPiA+ID4gVGhpcyB3b3JrcyBhcyB3ZWxsLiAgTm90ZSB0aGF0IHRoZSBnZXQtZGF0YSBk ZXNjcmlwdGlvbiBzYXlzOg0KPiA+ID4gPg0KPiA+ID4gPiAgICAgICAgICAgQW55IGFuY2VzdG9y IG5vZGVzIChpbmNsdWRpbmcgbGlzdCBrZXlzKSBvZiBub2RlcyBzZWxlY3RlZCBieQ0KPiA+ID4g PiAgICAgICAgICAgdGhlIGZpbHRlcnMgYXJlIGluY2x1ZGVkIGluIHRoZSByZXNwb25zZS4NCj4g PiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+DQo+ID4gPiBUaGUgaXNzdWUgaXMgaG93IHRo ZSAvaWFkZHJlc3NlcyBhbmQgL2FkZHJlc3Nlcy9hZGRyZXNzIG5vZGVzIG1hdGNoIHRoZQ0KPiA+ ID4gb3JpZ2luICJsZWFybmVkIi4NCj4gPg0KPiA+IFRoZXkgZG9uJ3QsIGJ1dCB0aGV5IGFyZSBp bmNsdWRlZCBiL2Mgb2YgdGhlIHF1b3RlZCB0ZXh0IGFib3ZlIChpLmUuOg0KPiA+ICAgICAgIEFu eSBhbmNlc3RvciBub2RlcyAoaW5jbHVkaW5nIGxpc3Qga2V5cykgb2Ygbm9kZXMgc2VsZWN0ZWQg YnkNCj4gPiAgICAgICB0aGUgZmlsdGVycyBhcmUgaW5jbHVkZWQgaW4gdGhlIHJlc3BvbnNlLikN Cj4gPg0KPiA+DQo+ID4NCj4gPg0KPiA+DQo+ID4gTm8uDQo+ID4NCj4gPg0KPiA+DQo+ID4gSWYg dGhlIGZpbHRlciB3YXMgZm9yIC9hZGRyZXNzZXMvYWRkcmVzcy96aXBjb2RlIHRoZW4gbWF5YmUg dGhhdCB0ZXh0DQo+ID4gYXBwbGllcy4NCj4gPg0KPiA+IEl0IGlzIHN0aWxsIHVuY2xlYXIgdGhh dCB0aGUgWFBhdGggaXMgZnVsbHkgcHJvY2Vzc2VkIGFuZCB0aGVuIHRoZQ0KPiA+IG9yaWdpbi1m aWx0ZXIgaXMgcHJvY2Vzc2VkLg0KPiA+DQo+ID4gVGhlIFJGQyBqdXN0IHNheXMgdGhleSBhcmUg QU5EZWQgdG9nZXRoZXIuDQo+ID4NCj4gPg0KPiA+DQo+ID4NCj4gPg0KPiA+DQo+ID4gPiBUaGUg bGVhZnMgaW4gbGlzdCAiYWRkcmVzcyIgYXJlIGEgbWl4dHVyZSBvZiAiaW50ZW5kZWQiIGFuZCAi bGVhcm5lZCINCj4gPiA+IG9yaWdpbi4NCj4gPiA+IFRoZSB0ZXh0IGNsZWFybHkgc2F5cyB0aGF0 IGEgbm9kZSBoYXMgYSBzaW5nbGUgb3JpZ2luIHByb3BlcnR5LCBjb3VwbGVkDQo+ID4gdG8NCj4g PiA+IHRoZSBhbm5vdGF0aW9uLg0KPiA+ID4NCj4gPiA+IElzc3VlIDE6IG1peGVkIG9yaWdpbiBk ZXNjZW5kYW50IG5vZGVzDQo+ID4gPiBTbyBob3cgZG9lcyBhIHNlYXJjaCBvbiAvYWRkcmVzc2Vz L2FkZHJlc3MgbWF0Y2ggb3JpZ2luLWZpbHRlcj1sZWFybmVkPw0KPiA+ID4gSSBjYW5ub3QgZmlu ZCBhbnkgdGV4dCB0aGF0IHNheXMgd2hhdCB0aGUgb3JpZ2luIG9mIGEgbGlzdCBvciBQLWNvbnRh aW5lcg0KPiA+ID4gaXMgaWYgaXQNCj4gPiA+IGNvbnRhaW5zIG5vZGVzIG9mIG1peGVkIG9yaWdp bi4NCj4gPg0KPiA+IFNlZSBhYm92ZS4NCj4gPg0KPiA+DQo+ID4NCj4gPiBObyB0ZXh0IGFib3Zl IGV4cGxhaW5zIGhvdyB0aGUgbGlzdCBvcmlnaW4gaXMgdGFnZ2VkIGlmIGl0IGhhcyBtdWx0aXBs ZQ0KPiA+IHR5cGVzIG9mIGNoaWxkIG5vZGVzLg0KPiA+DQo+ID4NCj4gPg0KPiA+DQo+ID4NCj4g Pg0KPiA+ID4gSXNzdWUgMjogTlAtY29udGFpbmVycw0KPiA+ID4NCj4gPiA+IEFsc28gZnJvbSBS RkMgODM0MjoNCj4gPiA+DQo+ID4gPiAgICBUaGUgb3JpZ2luIGFwcGxpZXMgdG8gYWxsIGNvbmZp Z3VyYXRpb24gbm9kZXMgZXhjZXB0IG5vbi1wcmVzZW5jZQ0KPiA+ID4gICAgY29udGFpbmVycy4N Cj4gPiA+DQo+ID4gPg0KPiA+ID4gV2hhdCBpZiB0aGUgdG9wLWxldmVsIG5vZGUgaXMgYW4gTlAt Y29udGFpbmVyIGluIHRoaXMgY2FzZS4NCj4gPiA+IEkgdGhvdWdodCB0aGUgdG9wLWxldmVsIG5v ZGUgTVVTVCBoYXZlIGFuIG9yaWdpbiBhdHRyaWJ1dGUuDQo+ID4gPg0KPiA+ID4gVGhlIHRleHQg aXMgbm90IGNsZWFyIGhvdyBOUC1jb250YWluZXJzIGFyZSBoYW5kbGVkLg0KPiA+ID4gRG8gdGhl eSBoYXZlIGFuIG9yaWdpbiBhdHRyaWJ1dGU/IElmIG5vdCB0aGVuIFJGQyA4NTI2IHNheXMgdGhl eSBoYXZlDQo+ID4gPiBvcmlnaW4gInVua25vd24iLg0KPiA+ID4gSXMgdGhlIGludGVudCB0aGF0 IE5QLWNvbnRhaW5lcnMgYWx3YXlzIHBhc3MgdGhlIG9yaWdpbi1maWx0ZXIgdGVzdHMNCj4gPiAo dGVzdA0KPiA+ID4gc2tpcHBlZCk/DQo+ID4NCj4gPiBObywgc2luY2UgdGhleSBkb24ndCBoYXZl IGFuIG9yaWdpbiB2YWx1ZSB0aGV5IHdpbGwgbm90IGJlIHNlbGVjdGVkIGJ5DQo+ID4gdGhlIGZp bHRlci4gIEJ1dCBhbiBOUC1jb250YWluZXIgd2lsbCBiZSBpbmNsdWRlZCBpbiB0aGUgcmVwbHkg aWYgaXQNCj4gPiBpcyB0aGUgYW5jZXN0b3Igb2YgYSBub2RlIHRoYXQgaXMgc2VsZWN0ZWQgYnkg dGhlIGZpbHRlci4NCj4gPg0KPiA+DQo+ID4NCj4gPiBUaGUgUkZDIHRleHQgZG9lcyBub3QgcmVh bGx5IHNheSB0aGF0Lg0KPiA+DQo+ID4gU2luY2UgaXQgaXMgdmVyeSBkaWZmaWN1bHQgdG8ga25v dyBpZiBhIGRhdGEgbm9kZSA1IGxheWVycyBkZWVwIGlzIGdvaW5nDQo+ID4gdG8gbWF0Y2gsDQo+ ID4NCj4gPiBpbXBsZW1lbnRpbmcgdGhlc2UgZmlsdGVycyBhY2NvcmRpbmcgdG8gdGhpcyB2YWd1 ZSBpbnRlcnByZXRhdGlvbiBpcw0KPiA+IHVubGlrZWx5Lg0KPiA+DQo+ID4NCj4gPg0KPiA+DQo+ ID4gL21hcnRpbg0KPiA+DQo+ID4NCj4gPg0KPiA+IEFuZHkNCj4gPg0KPiA+DQo+ID4NCj4gPg0K PiA+DQo+ID4gPg0KPiA+ID4NCj4gPiA+DQo+ID4gPiAvbWFydGluDQo+ID4gPiA+DQo+ID4gPiA+ DQo+ID4gPiBBbmR5DQo+ID4gPg0KPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4gPiBTZWVtcyBsaWtl IHRoZSBjbGllbnQgbmVlZHMgdG8ga25vdyBhIGxvdCBhYm91dCB0aGUgc2VydmVyDQo+ID4gaW1w bGVtZW50YXRpb24NCj4gPiA+ID4gPiBkZXRhaWxzDQo+ID4gPiA+ID4gaW4gb3JkZXIgdG8gdXNl IHRoZSBvcmlnaW4gZmlsdGVycy4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gQW5k eQ0KPiA+ID4gPg0KPiA+DQo+ID4NCg== From nobody Mon Oct 7 10:48:17 2019 Return-Path: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70856120105 for ; Mon, 7 Oct 2019 10:48:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_Ico2DF53qb for ; Mon, 7 Oct 2019 10:48:12 -0700 (PDT) Received: from a8-32.smtp-out.amazonses.com (a8-32.smtp-out.amazonses.com [54.240.8.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F21E4120111 for ; Mon, 7 Oct 2019 10:48:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570470485; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=mmwVwCIonctIBBtgAUQREurMyN9q/6jYLJMzvqhrCuc=; b=jEpj0uaEqq+/HaFXDF2IWuLPywD6uI612ul2qroBpjroQRguxvXICa0j0FwJd6m2 C4UeJk63Jp+81vj7pixp7yJrJS7EKKOaqU0Npf+Zf+f/6i/o6B85SceM7lCn6Su88r3 Vx1SkFHZK2cvArH5OhLv5lMyaOMr6Nkbr9tRX3Sc= From: Kent Watsen Message-ID: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_CD57418A-FCBE-4979-86EA-7C9B15EEC12F" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 7 Oct 2019 17:48:05 +0000 In-Reply-To: Cc: "netconf@ietf.org" To: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= References: X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.07-54.240.8.32 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 17:48:16 -0000 --Apple-Mail=_CD57418A-FCBE-4979-86EA-7C9B15EEC12F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Balazs, > Hi Kent, > =20 > Can you confirm that in the ietf-tls-client and ietf-tls-server models = the direct use of truststore references in server-authentication and = client-authentication containers will change to using = local-or-truststore-certs-grouping? > =20 > Similarly in ssh models, will they change to = local-or-truststore-host-keys-grouping? Yes, it would make sense to use those groupings. I just committed the following updates: SSH: = https://github.com/netconf-wg/ssh-client-server/commit/5292d87ef47aafd2475= 241f82e76d8ac11defd11 = TLS: = https://github.com/netconf-wg/tls-client-server/commit/d7b8c81bbd2dbbe5812= e5519e4129abaf8012eb1 = What do you think? All good? Kent // contributor --Apple-Mail=_CD57418A-FCBE-4979-86EA-7C9B15EEC12F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Balazs,

Hi Kent,
 
Can you = confirm that in the ietf-tls-client and ietf-tls-server models the = direct use of truststore references in server-authentication and = client-authentication containers will change to using = local-or-truststore-certs-grouping?
 
Similarly in ssh models, will they = change to = local-or-truststore-host-keys-grouping?

Yes, it would make sense to use those = groupings.

I just committed the = following updates:


What do you think?  All good?

Kent  // contributor


= --Apple-Mail=_CD57418A-FCBE-4979-86EA-7C9B15EEC12F-- From nobody Mon Oct 7 10:50:36 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05A512010F for ; Mon, 7 Oct 2019 10:50:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KegbhF72KFYp for ; Mon, 7 Oct 2019 10:50:31 -0700 (PDT) Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B7012088E for ; Mon, 7 Oct 2019 10:50:30 -0700 (PDT) Received: by mail-lf1-x134.google.com with SMTP id r2so9897336lfn.8 for ; Mon, 07 Oct 2019 10:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mPYbuyzaot960tCqRnmoRRA/eWBMjFzpN+aGSJSoea0=; b=J5qxL9ernBX3eYa/qWtvYAkGln7jrQ9ZUYJYnjOxms20xTfcC9a7bHb6kekCY9t4Z4 ABVzYgS5xUN9JWVIB3zoiR8+CnNvB29JtR1edMsk+9Z65KhWR1Z+fjDxbnE20yqbEDQM pchDogHzktNi94ZNGe83MIos1CeLHpm7PVpxcDVTf3jHAgYMFlnMc93/6KmQiHreaHif yqDIt75IADxyY4fKOSjc+pUoUsbg+QODQ+/tpDRHPgp7dKEdps01ey/Ke5s4uABGPycv jRw3bIAmkB7ZzTfAtTqKFGZ5Slb8n6V3nEzfurOS/Ezj1P0Nk93mjsxWj0ADff54CsjC d+4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mPYbuyzaot960tCqRnmoRRA/eWBMjFzpN+aGSJSoea0=; b=G7ARhZ47cyP2y507/ARjW4cF7379TW6fXt2XQ9gx9rfq+LkEhqS4RRyZItI5l64StG fAUAydz6OlmRX7uu2J8ELl4Uy2oTrysWEOEr8Aco5Oi5NxZY01CbOCDdIgoslgwKRn9d VNDGPYfG+XqsfsSCiZyxy+VjC7KESDzeXSOnQl0FarKs9qV0i46jqu3BsLXZH4mX8jfG QFMkixE64Oft0oHR5BDyWAwKX+LUddxQUtyQffZFr2a3jIgP1b28XHADOezA3GgjZ6O+ 9XEkrpTcLPQ/yjcINc0gVWNCkIt9eW+/YmbzX+dTS1QkZlflpCVqvLo8S3e4Ci6AC1AD f0Hg== X-Gm-Message-State: APjAAAVgcPr1QlMoo7gVpkR/tX1ywFrErvYPl5FeAdydbzSgu2BZ5rvU nkaiR7H18Z0PDQwWrSiME9GDpPbSN84MKb7DCyd35w== X-Google-Smtp-Source: APXvYqzXDZpa7qY8qLjWpmtrfeVezRXe/8TbHOVYWWrC117FBZcC6/+qDGvrmNQCkiFqmpsTeo4EKB7aeg3Bw9SI4P4= X-Received: by 2002:a19:7610:: with SMTP id c16mr14681656lff.51.1570470628398; Mon, 07 Oct 2019 10:50:28 -0700 (PDT) MIME-Version: 1.0 References: <20191007.193909.1640793317135302246.mbj@tail-f.com> In-Reply-To: <20191007.193909.1640793317135302246.mbj@tail-f.com> From: Andy Bierman Date: Mon, 7 Oct 2019 10:50:17 -0700 Message-ID: To: Martin Bjorklund Cc: Robert Wilton , Netconf Content-Type: multipart/alternative; boundary="000000000000efb1b7059455afb6" Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 17:50:35 -0000 --000000000000efb1b7059455afb6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Oct 7, 2019 at 10:39 AM Martin Bjorklund wrote: > Andy Bierman wrote: > > On Mon, Oct 7, 2019 at 7:36 AM Rob Wilton (rwilton) > > wrote: > > > > > Hi Andy, > > > > > > > > > > > > Don=E2=80=99t all the filters effectively work this way? > > > > > > > > > I do not see the text that explains origin-filter and > negated-origin-filter > > working the way Martin > > describes it. These filters do not say anywhere to select a node becau= se > > it has descendants > > that match the origin filters. It says very clearly that the filter te= st > > is on the specified node. > > Let's simplify the example somewhat. Suppose the client sends: > > > ds:operational > or:learned > > > > Are you saying that b/c the top-level node doesn't have or:learned, > this filter will return nothing? > > Yes -- the origin for addresses is "intended". The text clearly says the origin-filter has to match the origin annotation for the node. The annotation for "address" can have only 1 value. I don't think this is implementable so I will just use deviation(not-supported) and ignore it Andy It seems you are assuming that the server first matches the top-level > nodes, and if they match, then match descendants and so one. The text > doesn't say that, however. It says: > > A configuration node matches the filter if its > 'origin' annotation is derived from or equal to any of > the given filter values. > > and: > > Any ancestor nodes (including list keys) of nodes selected by > the filters are included in the response. > > So I think it is pretty clear that the origin filter matches the > zipcode nodes in the example, and then the ancestors are included in > the reply. > > > > It also says the origin is derived from the origin annotation for that > node. > > Since only 1 instance of the origin annotation is allowed per node, the= re > > is no way to tag > > a node with multiple origins. > > Agreed. > > > /martin > > > > If implementation is too complex then people will just leave it out (w/= a > > deviation). > > It is unlikely that the instrumentation knows at any given instant all > the > > origin values > > of all the descendant dynamic data at the instant the reques= t > is > > processed. > > > > > > > > > > > > > > They select a subset of the nodes to include in the response, and mus= t > > > also include all ancestor nodes and required list keys to the selecte= d > > > nodes, regardless of whether those ancestor/key nodes were also > selected by > > > the query. > > > > > > > > > > > > > Yes. Understood. > > Still does not explain how a filter for the list node selects descendan= t > > nodes that match the origin filters. > > > > > > > > > E.g. a =E2=80=9Cconfig false=E2=80=9D filter will still return =E2=80= =9Cconfig true=E2=80=9D nodes if > they > > > are ancestors or list keys to a descendant config false node. The sa= me > > > logic applies for xpath and origin filters as well. > > > > > > > > > > > > > No they won't. > > Where is that text? > > > > get-data config=3Dfilter=3Dfalse > > > > This starts from top-level YANG nodes. > > If the top-level YANG node is not config=3Dfalse then the server will n= ot > > keep looking for descendants that match. > > > > > > > > > Thanks, > > > Rob > > > > > > > > > > Andy > > > > > > > > > > > > > > > > > > > > > *From:* netconf *On Behalf Of *Andy Bierma= n > > > *Sent:* 07 October 2019 15:12 > > > *To:* Martin Bjorklund > > > *Cc:* Netconf > > > *Subject:* Re: [netconf] get-data origin filters > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund > wrote: > > > > > > Andy Bierman wrote: > > > > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund > wrote: > > > > > > > > > Hi, > > > > > > > > > > Andy Bierman wrote: > > > > > > Hi, > > > > > > > > > > > > I am trying to figure out how to use the origin-filter and > > > > > > negated-origin-filter > > > > > > in the operation in RFC 8526. > > > > > > > > > > > > > > > > > > leaf-list origin-filter { > > > > > > type or:origin-ref; > > > > > > description > > > > > > "Filter based on the 'origin' annotation. A > > > > > > configuration node matches the filter if its > 'origin' > > > > > > annotation is derived from or equal to any of t= he > > > given > > > > > > filter values."; > > > > > > } > > > > > > > > > > > > > > > > > > These filters seem kind of worthless if implemented according t= o > the > > > > > text. > > > > > > Consider a simple example where there is 1 learned leaf within = a > > > list: > > > > > > > > > > > > module: address > > > > > > +--rw addresses > > > > > > +--rw address* [last-name first-name] > > > > > > +--rw last-name string > > > > > > +--rw first-name string > > > > > > +--rw street? string > > > > > > +--rw city? string > > > > > > +--rw zipcode? string > > > > > > +--rw phone* [phone-type] > > > > > > +--rw phone-type enumeration > > > > > > +--rw phone-number string > > > > > > > > > > > > Let's say the "zipcode" field is learned in > > > > > > (e.g. ZIP code lookup expands missing or 5 digit zipcode to ful= l > 9 > > > digit > > > > > > zipcode). > > > > > > So /addresses and /addresses/address have origin "intended". > > > > > > Only the /addresses/address/zipcode leaf has origin "learned". > > > > > > > > > > > > So how does origin-filter=3Dlearned find all the learned leafs? > > > > > > > > > > Perhaps I don't understand your question; IMO you give the answer > to > > > > > this question below: > > > > > > > > > > > What filters are required to return only the learned entries + > > > ancestors > > > > > + > > > > > > ancestor-or-self keys? Seems like this filter mechanism has to > be > > > used > > > > > > to retrieve the exact leaf that might be learned, and the clien= t > > > > > > needs to know in advance all the possible nodes that might be > > > learned. > > > > > > > > > > > > Want to be able to retrieve an ancestor that is intended and > still > > > find > > > > > the > > > > > > learned entries > > > > > > > > > > > > get-data xpath-filter=3D/addresses/address > origin-filtter=3Dlearned > > > > > > > > > > ... here. So this request will return: > > > > > > > > > > > > > > >
> > > > > ... > > > > > ... > > > > > ... > > > > >
> > > > > ... > > > > > > > > > > > > > > > > > > > I do not interpret the text the same way as you. > > > > > > Does this mean that you think that the reply is different from what I > > > show above? If so, what would it be, and why? > > > > > > > > > > > > > > > > > > > > > > > > Explain how the list address node has origin "learned". > > > > > > > > > > > > The filter is for /addresses/address and only origin=3Dlearned. > > > > > > How does the list node have origin=3Dlearned? > > > > > > It can only have 1 value. > > > > > > It has child nodes with both intended and learned as origin. > > > > > > I do no understand how the origin=3Dlearned matched this node. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The content returned > > > > > > > > by get-data must satisfy all filters, i.e., the filter > > > > criteria are logically ANDed. > > > > > > > > > > > > leaf-list origin-filter { > > > > type or:origin-ref; > > > > description > > > > "Filter based on the 'origin' annotation. A > > > > configuration node matches the filter if its 'origi= n' > > > > annotation is derived from or equal to any of the > given > > > > filter values."; > > > > } > > > > > > > > > > > > Configuration nodes that do not have an > > > > 'origin' annotation are treated as if they have the > > > > 'origin' annotation 'or:unknown'. > > > > > > > > > > > > > > > > > The draft shows an example where both "intended" and "system" are > given > > > > > > as filters. This will work but will include all the "intended" > > > leafs as > > > > > > well. > > > > > > What if a "learned" node is within a "system" node within an > > > "intended" > > > > > > node? > > > > > > > > > > This works as well. Note that the get-data description says: > > > > > > > > > > Any ancestor nodes (including list keys) of nodes > selected by > > > > > the filters are included in the response. > > > > > > > > > > > > > > > > > > > > > > > The issue is how the /iaddresses and /addresses/address nodes match > the > > > > origin "learned". > > > > > > They don't, but they are included b/c of the quoted text above (i.e.: > > > Any ancestor nodes (including list keys) of nodes selected by > > > the filters are included in the response.) > > > > > > > > > > > > > > > > > > No. > > > > > > > > > > > > If the filter was for /addresses/address/zipcode then maybe that text > > > applies. > > > > > > It is still unclear that the XPath is fully processed and then the > > > origin-filter is processed. > > > > > > The RFC just says they are ANDed together. > > > > > > > > > > > > > > > > > > > > > > The leafs in list "address" are a mixture of "intended" and "learne= d" > > > > origin. > > > > The text clearly says that a node has a single origin property, > coupled > > > to > > > > the annotation. > > > > > > > > Issue 1: mixed origin descendant nodes > > > > So how does a search on /addresses/address match > origin-filter=3Dlearned? > > > > I cannot find any text that says what the origin of a list or > P-container > > > > is if it > > > > contains nodes of mixed origin. > > > > > > See above. > > > > > > > > > > > > No text above explains how the list origin is tagged if it has multip= le > > > types of child nodes. > > > > > > > > > > > > > > > > > > > > > > Issue 2: NP-containers > > > > > > > > Also from RFC 8342: > > > > > > > > The origin applies to all configuration nodes except non-presenc= e > > > > containers. > > > > > > > > > > > > What if the top-level node is an NP-container in this case. > > > > I thought the top-level node MUST have an origin attribute. > > > > > > > > The text is not clear how NP-containers are handled. > > > > Do they have an origin attribute? If not then RFC 8526 says they ha= ve > > > > origin "unknown". > > > > Is the intent that NP-containers always pass the origin-filter test= s > > > (test > > > > skipped)? > > > > > > No, since they don't have an origin value they will not be selected b= y > > > the filter. But an NP-container will be included in the reply if it > > > is the ancestor of a node that is selected by the filter. > > > > > > > > > > > > The RFC text does not really say that. > > > > > > Since it is very difficult to know if a data node 5 layers deep is > going > > > to match, > > > > > > implementing these filters according to this vague interpretation is > > > unlikely. > > > > > > > > > > > > > > > /martin > > > > > > > > > > > > Andy > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > /martin > > > > > > > > > > > > > > Andy > > > > > > > > > > > > > > > > > > > Seems like the client needs to know a lot about the server > > > implementation > > > > > > details > > > > > > in order to use the origin filters. > > > > > > > > > > > > > > > > > > Andy > > > > > > > > > > > > --000000000000efb1b7059455afb6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Oct 7, 2019 at 10:39 AM Marti= n Bjorklund <mbj@tail-f.com> wr= ote:
Andy Bierma= n <andy@yumawork= s.com> wrote:
> On Mon, Oct 7, 2019 at 7:36 AM Rob Wilton (rwilton) <rwilton@cisco.com>
> wrote:
>
> > Hi Andy,
> >
> >
> >
> > Don=E2=80=99t all the filters effectively work this way?
> >
>
>
> I do not see the text that explains origin-filter and negated-origin-f= ilter
> working the way Martin
> describes it.=C2=A0 These filters do not say anywhere to select a node= because
> it has descendants
> that match the origin filters.=C2=A0 It says very clearly that the fil= ter test
> is on the specified node.

Let's simplify the example somewhat.=C2=A0 Suppose the client sends:
=C2=A0 <get-data>
=C2=A0 =C2=A0 <datastore>ds:operational</datastore>
=C2=A0 =C2=A0 <origin-filter>or:learned</origin-filter>
=C2=A0 =C2=A0 <with-origin/>
=C2=A0 </get-data>

Are you saying that b/c the top-level node doesn't have or:learned,
this filter will return nothing?



Yes -- the origin for a= ddresses is "intended".
The text clearly says the origi= n-filter has to match the origin annotation for the node.
The ann= otation for "address" can have only 1 value.

=
I don't think this is implementable so I will just use deviation(n= ot-supported) and ignore it


Andy

It seems you are assuming that the server first matches the top-level
nodes, and if they match, then match descendants and so one.=C2=A0 The text=
doesn't say that, however.=C2=A0 It says:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 A configuration nod= e matches the filter if its
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 'origin' an= notation is derived from or equal to any of
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 the given filter va= lues.

and:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Any ancestor nodes (including list keys)= of nodes selected by
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 the filters are included in the response= .

So I think it is pretty clear that the origin filter matches the
zipcode nodes in the example, and then the ancestors are included in
the reply.


> It also says the origin is derived from the origin annotation for that= node.
> Since only 1 instance of the origin annotation is allowed per node, th= ere
> is no way to tag
> a node with multiple origins.

Agreed.


/martin


> If implementation is too complex then people will just leave it out (w= / a
> deviation).
> It is unlikely that the instrumentation knows at any given instant all= the
> origin values
> of all the descendant dynamic data at the instant the <get-data>= request is
> processed.
>
>
>
>
> >
> > They select a subset of the nodes to include in the response, and= must
> > also include all ancestor nodes and required list keys to the sel= ected
> > nodes, regardless of whether those ancestor/key nodes were also s= elected by
> > the query.
> >
> >
> >
>
> Yes. Understood.
> Still does not explain how a filter for the list node selects descenda= nt
> nodes that match the origin filters.
>
>
>
> > E.g. a =E2=80=9Cconfig false=E2=80=9D filter will still return = =E2=80=9Cconfig true=E2=80=9D nodes if they
> > are ancestors or list keys to a descendant config false node.=C2= =A0 The same
> > logic applies for xpath and origin filters as well.
> >
> >
> >
>
> No they won't.
> Where is that text?
>
>=C2=A0 =C2=A0 =C2=A0get-data config=3Dfilter=3Dfalse
>
> This starts from top-level YANG nodes.
> If the top-level YANG node is not config=3Dfalse then the server will = not
> keep looking for descendants that match.
>
>
>
> > Thanks,
> > Rob
> >
> >
>
> Andy
>
>
>
> >
> >
> >
> >
> > *From:* netconf <netconf-bounces@ietf.org> *On Behalf Of *Andy Bierm= an
> > *Sent:* 07 October 2019 15:12
> > *To:* Martin Bjorklund <mbj@tail-f.com>
> > *Cc:* Netconf <netconf@ietf.org>
> > *Subject:* Re: [netconf] get-data origin filters
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Oct 7, 2019 at 12:43 AM Martin Bjorklund <mbj@tail-f.com> wrote:
> >
> > Andy Bierman <andy@yumaworks.com> wrote:
> > > On Sun, Oct 6, 2019 at 8:32 AM Martin Bjorklund <mbj@tail-f.com> wrote:<= br> > > >
> > > > Hi,
> > > >
> > > > Andy Bierman <andy@yumaworks.com> wrote:
> > > > > Hi,
> > > > >
> > > > > I am trying to figure out how to use the origin-fi= lter and
> > > > > negated-origin-filter
> > > > > in the <get-data> operation in RFC 8526.
> > > > >
> > > > >
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list = origin-filter {
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ty= pe or:origin-ref;
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 de= scription
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 "Filter based on the 'origin' annotation.=C2=A0 A
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0configuration node matches the filter if its 'origin'<= br> > > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0annotation is derived from or equal to any of the
> > given
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0filter values.";
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> > > > >
> > > > >
> > > > > These filters seem kind of worthless if implemente= d according to the
> > > > text.
> > > > > Consider a simple example where there is 1 learned= leaf within a
> > list:
> > > > >
> > > > > module: address
> > > > >=C2=A0 =C2=A0+--rw addresses
> > > > >=C2=A0 =C2=A0 =C2=A0 +--rw address* [last-name firs= t-name]
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw last-name= =C2=A0 =C2=A0 =C2=A0string
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw first-name= =C2=A0 =C2=A0 string
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw street?=C2= =A0 =C2=A0 =C2=A0 =C2=A0string
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw city?=C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0string
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw zipcode?=C2= =A0 =C2=A0 =C2=A0 string
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+--rw phone* [pho= ne-type]
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw pho= ne-type=C2=A0 =C2=A0 =C2=A0 enumeration
> > > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 +--rw pho= ne-number=C2=A0 =C2=A0 string
> > > > >
> > > > > Let's say the "zipcode" field is lea= rned in <operational>
> > > > > (e.g. ZIP code lookup expands missing or 5 digit z= ipcode to full 9
> > digit
> > > > > zipcode).
> > > > > So /addresses and /addresses/address have origin &= quot;intended".
> > > > > Only the /addresses/address/zipcode leaf has origi= n "learned".
> > > > >
> > > > > So how does origin-filter=3Dlearned find all the l= earned leafs?
> > > >
> > > > Perhaps I don't understand your question; IMO you g= ive the answer to
> > > > this question below:
> > > >
> > > > > What filters are required to return only the learn= ed entries +
> > ancestors
> > > > +
> > > > > ancestor-or-self keys?=C2=A0 Seems like this filte= r mechanism has to be
> > used
> > > > > to retrieve the exact leaf that might be learned, = and the client
> > > > > needs to know in advance all the possible nodes th= at might be
> > learned.
> > > > >
> > > > > Want to be able to retrieve an ancestor that is in= tended and still
> > find
> > > > the
> > > > > learned entries
> > > > >
> > > > >=C2=A0 =C2=A0 get-data xpath-filter=3D/addresses/ad= dress origin-filtter=3Dlearned
> > > >
> > > > ... here.=C2=A0 So this request will return:
> > > >
> > > >=C2=A0 =C2=A0 <addresses or:origin=3D"or:intende= d">
> > > >=C2=A0 =C2=A0 =C2=A0 <address>
> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <last-name>...</las= t-name>
> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <first-name>...</fi= rst-name>
> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 <zipcode or:origin=3D&quo= t;or:learned">...</zipcode>
> > > >=C2=A0 =C2=A0 =C2=A0 </address>
> > > >=C2=A0 =C2=A0 =C2=A0 ...
> > > >=C2=A0 =C2=A0 </addresses>
> > > >
> > > >
> > > I do not interpret the text the same way as you.
> >
> > Does this mean that you think that the reply is different from wh= at I
> > show above?=C2=A0 If so, what would it be, and why?
> >
> >
> >
> >
> >
> >
> >
> > Explain how the list address node has origin "learned".=
> >
> >
> >
> > The filter is for /addresses/address and only origin=3Dlearned. > >
> > How does the list node have origin=3Dlearned?
> >
> > It can only have 1 value.
> >
> > It has child nodes with both intended and learned as origin.
> >
> > I do no understand how the origin=3Dlearned matched this node. > >
> >
> >
> >
> >
> >
> >
> >
> >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 The content returned
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0by get-data must sat= isfy all filters, i.e., the filter
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0criteria are logical= ly ANDed.
> > >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0leaf-list origin-fil= ter {
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 type or:orig= in-ref;
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 description<= br> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 "= ;Filter based on the 'origin' annotation.=C2=A0 A
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0configuration node matches the filter if its 'origin'
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0annotation is derived from or equal to any of the given
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0filter values.";
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> > >
> > >
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Config= uration nodes that do not have an
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'o= rigin' annotation are treated as if they have the
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0'o= rigin' annotation 'or:unknown'.
> > >
> > >
> > >
> > > > The draft shows an example where both "intended&qu= ot; and "system" are given
> > > > > as filters.=C2=A0 This will work but will include = all the "intended"
> > leafs as
> > > > > well.
> > > > > What if a "learned" node is within a &qu= ot;system" node within an
> > "intended"
> > > > > node?
> > > >
> > > > This works as well.=C2=A0 Note that the get-data descri= ption says:
> > > >
> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Any ancestor no= des (including list keys) of nodes selected by
> > > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the filters are= included in the response.
> > > >
> > > >
> > > >
> > >
> > > The issue is how the /iaddresses and /addresses/address node= s match the
> > > origin "learned".
> >
> > They don't, but they are included b/c of the quoted text abov= e (i.e.:
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0Any ancestor nodes (including list keys= ) of nodes selected by
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0the filters are included in the respons= e.)
> >
> >
> >
> >
> >
> > No.
> >
> >
> >
> > If the filter was for /addresses/address/zipcode then maybe that = text
> > applies.
> >
> > It is still unclear that the XPath is fully processed and then th= e
> > origin-filter is processed.
> >
> > The RFC just says they are ANDed together.
> >
> >
> >
> >
> >
> >
> > > The leafs in list "address" are a mixture of "= ;intended" and "learned"
> > > origin.
> > > The text clearly says that a node has a single origin proper= ty, coupled
> > to
> > > the annotation.
> > >
> > > Issue 1: mixed origin descendant nodes
> > > So how does a search on /addresses/address match origin-filt= er=3Dlearned?
> > > I cannot find any text that says what the origin of a list o= r P-container
> > > is if it
> > > contains nodes of mixed origin.
> >
> > See above.
> >
> >
> >
> > No text above explains how the list origin is tagged if it has mu= ltiple
> > types of child nodes.
> >
> >
> >
> >
> >
> >
> > > Issue 2: NP-containers
> > >
> > > Also from RFC 8342:
> > >
> > >=C2=A0 =C2=A0 The origin applies to all configuration nodes e= xcept non-presence
> > >=C2=A0 =C2=A0 containers.
> > >
> > >
> > > What if the top-level node is an NP-container in this case.<= br> > > > I thought the top-level node MUST have an origin attribute.<= br> > > >
> > > The text is not clear how NP-containers are handled.
> > > Do they have an origin attribute? If not then RFC 8526 says = they have
> > > origin "unknown".
> > > Is the intent that NP-containers always pass the origin-filt= er tests
> > (test
> > > skipped)?
> >
> > No, since they don't have an origin value they will not be se= lected by
> > the filter.=C2=A0 But an NP-container will be included in the rep= ly if it
> > is the ancestor of a node that is selected by the filter.
> >
> >
> >
> > The RFC text does not really say that.
> >
> > Since it is very difficult to know if a data node 5 layers deep i= s going
> > to match,
> >
> > implementing these filters according to this vague interpretation= is
> > unlikely.
> >
> >
> >
> >
> > /martin
> >
> >
> >
> > Andy
> >
> >
> >
> >
> >
> > >
> > >
> > >
> > > /martin
> > > >
> > > >
> > > Andy
> > >
> > >
> > > >
> > > > > Seems like the client needs to know a lot about th= e server
> > implementation
> > > > > details
> > > > > in order to use the origin filters.
> > > > >
> > > > >
> > > > > Andy
> > > >
> >
> >
--000000000000efb1b7059455afb6-- From nobody Mon Oct 7 12:04:09 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 279CE12008A for ; Mon, 7 Oct 2019 12:04:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSItKG81f8FO for ; Mon, 7 Oct 2019 12:04:04 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 054D61200E9 for ; Mon, 7 Oct 2019 12:04:03 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 221F61AE018A; Mon, 7 Oct 2019 21:04:02 +0200 (CEST) Date: Mon, 07 Oct 2019 21:04:01 +0200 (CEST) Message-Id: <20191007.210401.1161655948996670044.mbj@tail-f.com> To: andy@yumaworks.com Cc: rwilton@cisco.com, netconf@ietf.org From: Martin Bjorklund In-Reply-To: References: <20191007.193909.1640793317135302246.mbj@tail-f.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: base64 Archived-At: Subject: Re: [netconf] get-data origin filters X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 19:04:07 -0000 QW5keSBCaWVybWFuIDxhbmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiBPbiBNb24sIE9jdCA3 LCAyMDE5IGF0IDEwOjM5IEFNIE1hcnRpbiBCam9ya2x1bmQgPG1iakB0YWlsLWYuY29tPiB3cm90 ZToNCj4gDQo+ID4gQW5keSBCaWVybWFuIDxhbmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiA+ ID4gT24gTW9uLCBPY3QgNywgMjAxOSBhdCA3OjM2IEFNIFJvYiBXaWx0b24gKHJ3aWx0b24pIDxy d2lsdG9uQGNpc2NvLmNvbT4NCj4gPiA+IHdyb3RlOg0KPiA+ID4NCj4gPiA+ID4gSGkgQW5keSwN Cj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4gRG9u4oCZdCBhbGwgdGhlIGZpbHRl cnMgZWZmZWN0aXZlbHkgd29yayB0aGlzIHdheT8NCj4gPiA+ID4NCj4gPiA+DQo+ID4gPg0KPiA+ ID4gSSBkbyBub3Qgc2VlIHRoZSB0ZXh0IHRoYXQgZXhwbGFpbnMgb3JpZ2luLWZpbHRlciBhbmQN Cj4gPiBuZWdhdGVkLW9yaWdpbi1maWx0ZXINCj4gPiA+IHdvcmtpbmcgdGhlIHdheSBNYXJ0aW4N Cj4gPiA+IGRlc2NyaWJlcyBpdC4gIFRoZXNlIGZpbHRlcnMgZG8gbm90IHNheSBhbnl3aGVyZSB0 byBzZWxlY3QgYSBub2RlIGJlY2F1c2UNCj4gPiA+IGl0IGhhcyBkZXNjZW5kYW50cw0KPiA+ID4g dGhhdCBtYXRjaCB0aGUgb3JpZ2luIGZpbHRlcnMuICBJdCBzYXlzIHZlcnkgY2xlYXJseSB0aGF0 IHRoZSBmaWx0ZXIgdGVzdA0KPiA+ID4gaXMgb24gdGhlIHNwZWNpZmllZCBub2RlLg0KPiA+DQo+ ID4gTGV0J3Mgc2ltcGxpZnkgdGhlIGV4YW1wbGUgc29tZXdoYXQuICBTdXBwb3NlIHRoZSBjbGll bnQgc2VuZHM6DQo+ID4NCj4gPiAgIDxnZXQtZGF0YT4NCj4gPiAgICAgPGRhdGFzdG9yZT5kczpv cGVyYXRpb25hbDwvZGF0YXN0b3JlPg0KPiA+ICAgICA8b3JpZ2luLWZpbHRlcj5vcjpsZWFybmVk PC9vcmlnaW4tZmlsdGVyPg0KPiA+ICAgICA8d2l0aC1vcmlnaW4vPg0KPiA+ICAgPC9nZXQtZGF0 YT4NCj4gPg0KPiA+IEFyZSB5b3Ugc2F5aW5nIHRoYXQgYi9jIHRoZSB0b3AtbGV2ZWwgbm9kZSBk b2Vzbid0IGhhdmUgb3I6bGVhcm5lZCwNCj4gPiB0aGlzIGZpbHRlciB3aWxsIHJldHVybiBub3Ro aW5nPw0KPiA+DQo+ID4NCj4gDQo+IFllcyAtLSB0aGUgb3JpZ2luIGZvciBhZGRyZXNzZXMgaXMg ImludGVuZGVkIi4NCj4gVGhlIHRleHQgY2xlYXJseSBzYXlzIHRoZSBvcmlnaW4tZmlsdGVyIGhh cyB0byBtYXRjaCB0aGUgb3JpZ2luIGFubm90YXRpb24NCj4gZm9yIHRoZSBub2RlLg0KPiBUaGUg YW5ub3RhdGlvbiBmb3IgImFkZHJlc3MiIGNhbiBoYXZlIG9ubHkgMSB2YWx1ZS4NCj4gDQo+IEkg ZG9uJ3QgdGhpbmsgdGhpcyBpcyBpbXBsZW1lbnRhYmxlIHNvIEkgd2lsbCBqdXN0IHVzZQ0KPiBk ZXZpYXRpb24obm90LXN1cHBvcnRlZCkgYW5kIGlnbm9yZSBpdA0KDQpGaW5lOyB1cCB0byB5b3Uh DQoNCkJ1dCB0aGUgcXVlc3Rpb24gaXMgaWYgdGhlIHNwZWMgaXMgdW5jbGVhciBvciBub3QuICBG cm9tIHdoYXQgSSBjYW4NCnRlbGwgc28gZmFyLCBpdCBzZWVtcyBpdCBpcyBub3QgaW5jb3JyZWN0 LCBidXQgY2FuIHByb2JhYmx5IGJlDQpjbGFyaWZpZWQsIHBlcmhhcHMgYWxvbmcgdGhlIGxpbmVz IG9mIFJvYidzIGV4cGxhbmF0aW9uLg0KDQoNCi9tYXJ0aW4NCg0KDQoNCg0KPiANCj4gDQo+IEFu ZHkNCj4gDQo+IEl0IHNlZW1zIHlvdSBhcmUgYXNzdW1pbmcgdGhhdCB0aGUgc2VydmVyIGZpcnN0 IG1hdGNoZXMgdGhlIHRvcC1sZXZlbA0KPiA+IG5vZGVzLCBhbmQgaWYgdGhleSBtYXRjaCwgdGhl biBtYXRjaCBkZXNjZW5kYW50cyBhbmQgc28gb25lLiAgVGhlIHRleHQNCj4gPiBkb2Vzbid0IHNh eSB0aGF0LCBob3dldmVyLiAgSXQgc2F5czoNCj4gPg0KPiA+ICAgICAgICAgICAgICAgICBBIGNv bmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVzIHRoZSBmaWx0ZXIgaWYgaXRzDQo+ID4gICAgICAgICAg ICAgICAgICdvcmlnaW4nIGFubm90YXRpb24gaXMgZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRvIGFu eSBvZg0KPiA+ICAgICAgICAgICAgICAgICB0aGUgZ2l2ZW4gZmlsdGVyIHZhbHVlcy4NCj4gPg0K PiA+IGFuZDoNCj4gPg0KPiA+ICAgICAgICAgICBBbnkgYW5jZXN0b3Igbm9kZXMgKGluY2x1ZGlu ZyBsaXN0IGtleXMpIG9mIG5vZGVzIHNlbGVjdGVkIGJ5DQo+ID4gICAgICAgICAgIHRoZSBmaWx0 ZXJzIGFyZSBpbmNsdWRlZCBpbiB0aGUgcmVzcG9uc2UuDQo+ID4NCj4gPiBTbyBJIHRoaW5rIGl0 IGlzIHByZXR0eSBjbGVhciB0aGF0IHRoZSBvcmlnaW4gZmlsdGVyIG1hdGNoZXMgdGhlDQo+ID4g emlwY29kZSBub2RlcyBpbiB0aGUgZXhhbXBsZSwgYW5kIHRoZW4gdGhlIGFuY2VzdG9ycyBhcmUg aW5jbHVkZWQgaW4NCj4gPiB0aGUgcmVwbHkuDQo+ID4NCj4gPg0KPiA+ID4gSXQgYWxzbyBzYXlz IHRoZSBvcmlnaW4gaXMgZGVyaXZlZCBmcm9tIHRoZSBvcmlnaW4gYW5ub3RhdGlvbiBmb3IgdGhh dA0KPiA+IG5vZGUuDQo+ID4gPiBTaW5jZSBvbmx5IDEgaW5zdGFuY2Ugb2YgdGhlIG9yaWdpbiBh bm5vdGF0aW9uIGlzIGFsbG93ZWQgcGVyIG5vZGUsIHRoZXJlDQo+ID4gPiBpcyBubyB3YXkgdG8g dGFnDQo+ID4gPiBhIG5vZGUgd2l0aCBtdWx0aXBsZSBvcmlnaW5zLg0KPiA+DQo+ID4gQWdyZWVk Lg0KPiA+DQo+ID4NCj4gPiAvbWFydGluDQo+ID4NCj4gPg0KPiA+ID4gSWYgaW1wbGVtZW50YXRp b24gaXMgdG9vIGNvbXBsZXggdGhlbiBwZW9wbGUgd2lsbCBqdXN0IGxlYXZlIGl0IG91dCAody8g YQ0KPiA+ID4gZGV2aWF0aW9uKS4NCj4gPiA+IEl0IGlzIHVubGlrZWx5IHRoYXQgdGhlIGluc3Ry dW1lbnRhdGlvbiBrbm93cyBhdCBhbnkgZ2l2ZW4gaW5zdGFudCBhbGwNCj4gPiB0aGUNCj4gPiA+ IG9yaWdpbiB2YWx1ZXMNCj4gPiA+IG9mIGFsbCB0aGUgZGVzY2VuZGFudCBkeW5hbWljIGRhdGEg YXQgdGhlIGluc3RhbnQgdGhlIDxnZXQtZGF0YT4gcmVxdWVzdA0KPiA+IGlzDQo+ID4gPiBwcm9j ZXNzZWQuDQo+ID4gPg0KPiA+ID4NCj4gPiA+DQo+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiBUaGV5 IHNlbGVjdCBhIHN1YnNldCBvZiB0aGUgbm9kZXMgdG8gaW5jbHVkZSBpbiB0aGUgcmVzcG9uc2Us IGFuZCBtdXN0DQo+ID4gPiA+IGFsc28gaW5jbHVkZSBhbGwgYW5jZXN0b3Igbm9kZXMgYW5kIHJl cXVpcmVkIGxpc3Qga2V5cyB0byB0aGUgc2VsZWN0ZWQNCj4gPiA+ID4gbm9kZXMsIHJlZ2FyZGxl c3Mgb2Ygd2hldGhlciB0aG9zZSBhbmNlc3Rvci9rZXkgbm9kZXMgd2VyZSBhbHNvDQo+ID4gc2Vs ZWN0ZWQgYnkNCj4gPiA+ID4gdGhlIHF1ZXJ5Lg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0K PiA+ID4NCj4gPiA+IFllcy4gVW5kZXJzdG9vZC4NCj4gPiA+IFN0aWxsIGRvZXMgbm90IGV4cGxh aW4gaG93IGEgZmlsdGVyIGZvciB0aGUgbGlzdCBub2RlIHNlbGVjdHMgZGVzY2VuZGFudA0KPiA+ ID4gbm9kZXMgdGhhdCBtYXRjaCB0aGUgb3JpZ2luIGZpbHRlcnMuDQo+ID4gPg0KPiA+ID4NCj4g PiA+DQo+ID4gPiA+IEUuZy4gYSDigJxjb25maWcgZmFsc2XigJ0gZmlsdGVyIHdpbGwgc3RpbGwg cmV0dXJuIOKAnGNvbmZpZyB0cnVl4oCdIG5vZGVzIGlmDQo+ID4gdGhleQ0KPiA+ID4gPiBhcmUg YW5jZXN0b3JzIG9yIGxpc3Qga2V5cyB0byBhIGRlc2NlbmRhbnQgY29uZmlnIGZhbHNlIG5vZGUu ICBUaGUgc2FtZQ0KPiA+ID4gPiBsb2dpYyBhcHBsaWVzIGZvciB4cGF0aCBhbmQgb3JpZ2luIGZp bHRlcnMgYXMgd2VsbC4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+DQo+ID4gPiBO byB0aGV5IHdvbid0Lg0KPiA+ID4gV2hlcmUgaXMgdGhhdCB0ZXh0Pw0KPiA+ID4NCj4gPiA+ICAg ICBnZXQtZGF0YSBjb25maWc9ZmlsdGVyPWZhbHNlDQo+ID4gPg0KPiA+ID4gVGhpcyBzdGFydHMg ZnJvbSB0b3AtbGV2ZWwgWUFORyBub2Rlcy4NCj4gPiA+IElmIHRoZSB0b3AtbGV2ZWwgWUFORyBu b2RlIGlzIG5vdCBjb25maWc9ZmFsc2UgdGhlbiB0aGUgc2VydmVyIHdpbGwgbm90DQo+ID4gPiBr ZWVwIGxvb2tpbmcgZm9yIGRlc2NlbmRhbnRzIHRoYXQgbWF0Y2guDQo+ID4gPg0KPiA+ID4NCj4g PiA+DQo+ID4gPiA+IFRoYW5rcywNCj4gPiA+ID4gUm9iDQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4g Pg0KPiA+ID4gQW5keQ0KPiA+ID4NCj4gPiA+DQo+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiAqRnJvbToqIG5ldGNvbmYgPG5ldGNvbmYtYm91bmNlc0Bp ZXRmLm9yZz4gKk9uIEJlaGFsZiBPZiAqQW5keSBCaWVybWFuDQo+ID4gPiA+ICpTZW50OiogMDcg T2N0b2JlciAyMDE5IDE1OjEyDQo+ID4gPiA+ICpUbzoqIE1hcnRpbiBCam9ya2x1bmQgPG1iakB0 YWlsLWYuY29tPg0KPiA+ID4gPiAqQ2M6KiBOZXRjb25mIDxuZXRjb25mQGlldGYub3JnPg0KPiA+ ID4gPiAqU3ViamVjdDoqIFJlOiBbbmV0Y29uZl0gZ2V0LWRhdGEgb3JpZ2luIGZpbHRlcnMNCj4g PiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ ID4NCj4gPiA+ID4gT24gTW9uLCBPY3QgNywgMjAxOSBhdCAxMjo0MyBBTSBNYXJ0aW4gQmpvcmts dW5kIDxtYmpAdGFpbC1mLmNvbT4NCj4gPiB3cm90ZToNCj4gPiA+ID4NCj4gPiA+ID4gQW5keSBC aWVybWFuIDxhbmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiA+ID4gPiA+IE9uIFN1biwgT2N0 IDYsIDIwMTkgYXQgODozMiBBTSBNYXJ0aW4gQmpvcmtsdW5kIDxtYmpAdGFpbC1mLmNvbT4NCj4g PiB3cm90ZToNCj4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gSGksDQo+ID4gPiA+ID4gPg0KPiA+ID4g PiA+ID4gQW5keSBCaWVybWFuIDxhbmR5QHl1bWF3b3Jrcy5jb20+IHdyb3RlOg0KPiA+ID4gPiA+ ID4gPiBIaSwNCj4gPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiA+ID4gSSBhbSB0cnlpbmcgdG8gZmln dXJlIG91dCBob3cgdG8gdXNlIHRoZSBvcmlnaW4tZmlsdGVyIGFuZA0KPiA+ID4gPiA+ID4gPiBu ZWdhdGVkLW9yaWdpbi1maWx0ZXINCj4gPiA+ID4gPiA+ID4gaW4gdGhlIDxnZXQtZGF0YT4gb3Bl cmF0aW9uIGluIFJGQyA4NTI2Lg0KPiA+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gPg0KPiA+ID4g PiA+ID4gPiAgICAgICAgICAgbGVhZi1saXN0IG9yaWdpbi1maWx0ZXIgew0KPiA+ID4gPiA+ID4g PiAgICAgICAgICAgICAgdHlwZSBvcjpvcmlnaW4tcmVmOw0KPiA+ID4gPiA+ID4gPiAgICAgICAg ICAgICAgZGVzY3JpcHRpb24NCj4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgIkZpbHRlciBi YXNlZCBvbiB0aGUgJ29yaWdpbicgYW5ub3RhdGlvbi4gIEENCj4gPiA+ID4gPiA+ID4gICAgICAg ICAgICAgICAgIGNvbmZpZ3VyYXRpb24gbm9kZSBtYXRjaGVzIHRoZSBmaWx0ZXIgaWYgaXRzDQo+ ID4gJ29yaWdpbicNCj4gPiA+ID4gPiA+ID4gICAgICAgICAgICAgICAgIGFubm90YXRpb24gaXMg ZGVyaXZlZCBmcm9tIG9yIGVxdWFsIHRvIGFueSBvZiB0aGUNCj4gPiA+ID4gZ2l2ZW4NCj4gPiA+ ID4gPiA+ID4gICAgICAgICAgICAgICAgIGZpbHRlciB2YWx1ZXMuIjsNCj4gPiA+ID4gPiA+ID4g ICAgICAgICAgICB9DQo+ID4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiA+ IFRoZXNlIGZpbHRlcnMgc2VlbSBraW5kIG9mIHdvcnRobGVzcyBpZiBpbXBsZW1lbnRlZCBhY2Nv cmRpbmcgdG8NCj4gPiB0aGUNCj4gPiA+ID4gPiA+IHRleHQuDQo+ID4gPiA+ID4gPiA+IENvbnNp ZGVyIGEgc2ltcGxlIGV4YW1wbGUgd2hlcmUgdGhlcmUgaXMgMSBsZWFybmVkIGxlYWYgd2l0aGlu IGENCj4gPiA+ID4gbGlzdDoNCj4gPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiA+ID4gbW9kdWxlOiBh ZGRyZXNzDQo+ID4gPiA+ID4gPiA+ICAgKy0tcncgYWRkcmVzc2VzDQo+ID4gPiA+ID4gPiA+ICAg ICAgKy0tcncgYWRkcmVzcyogW2xhc3QtbmFtZSBmaXJzdC1uYW1lXQ0KPiA+ID4gPiA+ID4gPiAg ICAgICAgICstLXJ3IGxhc3QtbmFtZSAgICAgc3RyaW5nDQo+ID4gPiA+ID4gPiA+ICAgICAgICAg Ky0tcncgZmlyc3QtbmFtZSAgICBzdHJpbmcNCj4gPiA+ID4gPiA+ID4gICAgICAgICArLS1ydyBz dHJlZXQ/ICAgICAgIHN0cmluZw0KPiA+ID4gPiA+ID4gPiAgICAgICAgICstLXJ3IGNpdHk/ICAg ICAgICAgc3RyaW5nDQo+ID4gPiA+ID4gPiA+ICAgICAgICAgKy0tcncgemlwY29kZT8gICAgICBz dHJpbmcNCj4gPiA+ID4gPiA+ID4gICAgICAgICArLS1ydyBwaG9uZSogW3Bob25lLXR5cGVdDQo+ ID4gPiA+ID4gPiA+ICAgICAgICAgICAgKy0tcncgcGhvbmUtdHlwZSAgICAgIGVudW1lcmF0aW9u DQo+ID4gPiA+ID4gPiA+ICAgICAgICAgICAgKy0tcncgcGhvbmUtbnVtYmVyICAgIHN0cmluZw0K PiA+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gPiBMZXQncyBzYXkgdGhlICJ6aXBjb2RlIiBmaWVs ZCBpcyBsZWFybmVkIGluIDxvcGVyYXRpb25hbD4NCj4gPiA+ID4gPiA+ID4gKGUuZy4gWklQIGNv ZGUgbG9va3VwIGV4cGFuZHMgbWlzc2luZyBvciA1IGRpZ2l0IHppcGNvZGUgdG8gZnVsbA0KPiA+ IDkNCj4gPiA+ID4gZGlnaXQNCj4gPiA+ID4gPiA+ID4gemlwY29kZSkuDQo+ID4gPiA+ID4gPiA+ IFNvIC9hZGRyZXNzZXMgYW5kIC9hZGRyZXNzZXMvYWRkcmVzcyBoYXZlIG9yaWdpbiAiaW50ZW5k ZWQiLg0KPiA+ID4gPiA+ID4gPiBPbmx5IHRoZSAvYWRkcmVzc2VzL2FkZHJlc3MvemlwY29kZSBs ZWFmIGhhcyBvcmlnaW4gImxlYXJuZWQiLg0KPiA+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gPiBT byBob3cgZG9lcyBvcmlnaW4tZmlsdGVyPWxlYXJuZWQgZmluZCBhbGwgdGhlIGxlYXJuZWQgbGVh ZnM/DQo+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gUGVyaGFwcyBJIGRvbid0IHVuZGVyc3RhbmQg eW91ciBxdWVzdGlvbjsgSU1PIHlvdSBnaXZlIHRoZSBhbnN3ZXINCj4gPiB0bw0KPiA+ID4gPiA+ ID4gdGhpcyBxdWVzdGlvbiBiZWxvdzoNCj4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiA+IFdoYXQg ZmlsdGVycyBhcmUgcmVxdWlyZWQgdG8gcmV0dXJuIG9ubHkgdGhlIGxlYXJuZWQgZW50cmllcyAr DQo+ID4gPiA+IGFuY2VzdG9ycw0KPiA+ID4gPiA+ID4gKw0KPiA+ID4gPiA+ID4gPiBhbmNlc3Rv ci1vci1zZWxmIGtleXM/ICBTZWVtcyBsaWtlIHRoaXMgZmlsdGVyIG1lY2hhbmlzbSBoYXMgdG8N Cj4gPiBiZQ0KPiA+ID4gPiB1c2VkDQo+ID4gPiA+ID4gPiA+IHRvIHJldHJpZXZlIHRoZSBleGFj dCBsZWFmIHRoYXQgbWlnaHQgYmUgbGVhcm5lZCwgYW5kIHRoZSBjbGllbnQNCj4gPiA+ID4gPiA+ ID4gbmVlZHMgdG8ga25vdyBpbiBhZHZhbmNlIGFsbCB0aGUgcG9zc2libGUgbm9kZXMgdGhhdCBt aWdodCBiZQ0KPiA+ID4gPiBsZWFybmVkLg0KPiA+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gPiBX YW50IHRvIGJlIGFibGUgdG8gcmV0cmlldmUgYW4gYW5jZXN0b3IgdGhhdCBpcyBpbnRlbmRlZCBh bmQNCj4gPiBzdGlsbA0KPiA+ID4gPiBmaW5kDQo+ID4gPiA+ID4gPiB0aGUNCj4gPiA+ID4gPiA+ ID4gbGVhcm5lZCBlbnRyaWVzDQo+ID4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiA+ICAgIGdldC1k YXRhIHhwYXRoLWZpbHRlcj0vYWRkcmVzc2VzL2FkZHJlc3MNCj4gPiBvcmlnaW4tZmlsdHRlcj1s ZWFybmVkDQo+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gLi4uIGhlcmUuICBTbyB0aGlzIHJlcXVl c3Qgd2lsbCByZXR1cm46DQo+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gICAgPGFkZHJlc3NlcyBv cjpvcmlnaW49Im9yOmludGVuZGVkIj4NCj4gPiA+ID4gPiA+ICAgICAgPGFkZHJlc3M+DQo+ID4g PiA+ID4gPiAgICAgICAgPGxhc3QtbmFtZT4uLi48L2xhc3QtbmFtZT4NCj4gPiA+ID4gPiA+ICAg ICAgICA8Zmlyc3QtbmFtZT4uLi48L2ZpcnN0LW5hbWU+DQo+ID4gPiA+ID4gPiAgICAgICAgPHpp cGNvZGUgb3I6b3JpZ2luPSJvcjpsZWFybmVkIj4uLi48L3ppcGNvZGU+DQo+ID4gPiA+ID4gPiAg ICAgIDwvYWRkcmVzcz4NCj4gPiA+ID4gPiA+ICAgICAgLi4uDQo+ID4gPiA+ID4gPiAgICA8L2Fk ZHJlc3Nlcz4NCj4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPg0KPiA+ID4gPiA+IEkgZG8gbm90IGlu dGVycHJldCB0aGUgdGV4dCB0aGUgc2FtZSB3YXkgYXMgeW91Lg0KPiA+ID4gPg0KPiA+ID4gPiBE b2VzIHRoaXMgbWVhbiB0aGF0IHlvdSB0aGluayB0aGF0IHRoZSByZXBseSBpcyBkaWZmZXJlbnQg ZnJvbSB3aGF0IEkNCj4gPiA+ID4gc2hvdyBhYm92ZT8gIElmIHNvLCB3aGF0IHdvdWxkIGl0IGJl LCBhbmQgd2h5Pw0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0K PiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiBFeHBsYWluIGhvdyB0aGUgbGlzdCBhZGRyZXNzIG5v ZGUgaGFzIG9yaWdpbiAibGVhcm5lZCIuDQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4g PiA+IFRoZSBmaWx0ZXIgaXMgZm9yIC9hZGRyZXNzZXMvYWRkcmVzcyBhbmQgb25seSBvcmlnaW49 bGVhcm5lZC4NCj4gPiA+ID4NCj4gPiA+ID4gSG93IGRvZXMgdGhlIGxpc3Qgbm9kZSBoYXZlIG9y aWdpbj1sZWFybmVkPw0KPiA+ID4gPg0KPiA+ID4gPiBJdCBjYW4gb25seSBoYXZlIDEgdmFsdWUu DQo+ID4gPiA+DQo+ID4gPiA+IEl0IGhhcyBjaGlsZCBub2RlcyB3aXRoIGJvdGggaW50ZW5kZWQg YW5kIGxlYXJuZWQgYXMgb3JpZ2luLg0KPiA+ID4gPg0KPiA+ID4gPiBJIGRvIG5vIHVuZGVyc3Rh bmQgaG93IHRoZSBvcmlnaW49bGVhcm5lZCBtYXRjaGVkIHRoaXMgbm9kZS4NCj4gPiA+ID4NCj4g PiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ ID4NCj4gPiA+ID4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+ICAgICAgICAgICAgICAgICAgICAgIFRo ZSBjb250ZW50IHJldHVybmVkDQo+ID4gPiA+ID4NCj4gPiA+ID4gPiAgICAgICAgICAgYnkgZ2V0 LWRhdGEgbXVzdCBzYXRpc2Z5IGFsbCBmaWx0ZXJzLCBpLmUuLCB0aGUgZmlsdGVyDQo+ID4gPiA+ ID4gICAgICAgICAgIGNyaXRlcmlhIGFyZSBsb2dpY2FsbHkgQU5EZWQuDQo+ID4gPiA+ID4NCj4g PiA+ID4gPg0KPiA+ID4gPiA+ICAgICAgICAgICBsZWFmLWxpc3Qgb3JpZ2luLWZpbHRlciB7DQo+ ID4gPiA+ID4gICAgICAgICAgICAgIHR5cGUgb3I6b3JpZ2luLXJlZjsNCj4gPiA+ID4gPiAgICAg ICAgICAgICAgZGVzY3JpcHRpb24NCj4gPiA+ID4gPiAgICAgICAgICAgICAgICAiRmlsdGVyIGJh c2VkIG9uIHRoZSAnb3JpZ2luJyBhbm5vdGF0aW9uLiAgQQ0KPiA+ID4gPiA+ICAgICAgICAgICAg ICAgICBjb25maWd1cmF0aW9uIG5vZGUgbWF0Y2hlcyB0aGUgZmlsdGVyIGlmIGl0cyAnb3JpZ2lu Jw0KPiA+ID4gPiA+ICAgICAgICAgICAgICAgICBhbm5vdGF0aW9uIGlzIGRlcml2ZWQgZnJvbSBv ciBlcXVhbCB0byBhbnkgb2YgdGhlDQo+ID4gZ2l2ZW4NCj4gPiA+ID4gPiAgICAgICAgICAgICAg ICAgZmlsdGVyIHZhbHVlcy4iOw0KPiA+ID4gPiA+ICAgICAgICAgICAgfQ0KPiA+ID4gPiA+DQo+ ID4gPiA+ID4NCj4gPiA+ID4gPiAgICAgICAgICAgICAgIENvbmZpZ3VyYXRpb24gbm9kZXMgdGhh dCBkbyBub3QgaGF2ZSBhbg0KPiA+ID4gPiA+ICAgICAgICAgICAgICAgJ29yaWdpbicgYW5ub3Rh dGlvbiBhcmUgdHJlYXRlZCBhcyBpZiB0aGV5IGhhdmUgdGhlDQo+ID4gPiA+ID4gICAgICAgICAg ICAgICAnb3JpZ2luJyBhbm5vdGF0aW9uICdvcjp1bmtub3duJy4NCj4gPiA+ID4gPg0KPiA+ID4g PiA+DQo+ID4gPiA+ID4NCj4gPiA+ID4gPiA+IFRoZSBkcmFmdCBzaG93cyBhbiBleGFtcGxlIHdo ZXJlIGJvdGggImludGVuZGVkIiBhbmQgInN5c3RlbSIgYXJlDQo+ID4gZ2l2ZW4NCj4gPiA+ID4g PiA+ID4gYXMgZmlsdGVycy4gIFRoaXMgd2lsbCB3b3JrIGJ1dCB3aWxsIGluY2x1ZGUgYWxsIHRo ZSAiaW50ZW5kZWQiDQo+ID4gPiA+IGxlYWZzIGFzDQo+ID4gPiA+ID4gPiA+IHdlbGwuDQo+ID4g PiA+ID4gPiA+IFdoYXQgaWYgYSAibGVhcm5lZCIgbm9kZSBpcyB3aXRoaW4gYSAic3lzdGVtIiBu b2RlIHdpdGhpbiBhbg0KPiA+ID4gPiAiaW50ZW5kZWQiDQo+ID4gPiA+ID4gPiA+IG5vZGU/DQo+ ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4gVGhpcyB3b3JrcyBhcyB3ZWxsLiAgTm90ZSB0aGF0IHRo ZSBnZXQtZGF0YSBkZXNjcmlwdGlvbiBzYXlzOg0KPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiA+ICAg ICAgICAgICBBbnkgYW5jZXN0b3Igbm9kZXMgKGluY2x1ZGluZyBsaXN0IGtleXMpIG9mIG5vZGVz DQo+ID4gc2VsZWN0ZWQgYnkNCj4gPiA+ID4gPiA+ICAgICAgICAgICB0aGUgZmlsdGVycyBhcmUg aW5jbHVkZWQgaW4gdGhlIHJlc3BvbnNlLg0KPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiA+DQo+ID4g PiA+ID4gPg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gVGhlIGlzc3VlIGlzIGhvdyB0aGUgL2lhZGRy ZXNzZXMgYW5kIC9hZGRyZXNzZXMvYWRkcmVzcyBub2RlcyBtYXRjaA0KPiA+IHRoZQ0KPiA+ID4g PiA+IG9yaWdpbiAibGVhcm5lZCIuDQo+ID4gPiA+DQo+ID4gPiA+IFRoZXkgZG9uJ3QsIGJ1dCB0 aGV5IGFyZSBpbmNsdWRlZCBiL2Mgb2YgdGhlIHF1b3RlZCB0ZXh0IGFib3ZlIChpLmUuOg0KPiA+ ID4gPiAgICAgICBBbnkgYW5jZXN0b3Igbm9kZXMgKGluY2x1ZGluZyBsaXN0IGtleXMpIG9mIG5v ZGVzIHNlbGVjdGVkIGJ5DQo+ID4gPiA+ICAgICAgIHRoZSBmaWx0ZXJzIGFyZSBpbmNsdWRlZCBp biB0aGUgcmVzcG9uc2UuKQ0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ ID4gPg0KPiA+ID4gPiBOby4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4gSWYg dGhlIGZpbHRlciB3YXMgZm9yIC9hZGRyZXNzZXMvYWRkcmVzcy96aXBjb2RlIHRoZW4gbWF5YmUg dGhhdCB0ZXh0DQo+ID4gPiA+IGFwcGxpZXMuDQo+ID4gPiA+DQo+ID4gPiA+IEl0IGlzIHN0aWxs IHVuY2xlYXIgdGhhdCB0aGUgWFBhdGggaXMgZnVsbHkgcHJvY2Vzc2VkIGFuZCB0aGVuIHRoZQ0K PiA+ID4gPiBvcmlnaW4tZmlsdGVyIGlzIHByb2Nlc3NlZC4NCj4gPiA+ID4NCj4gPiA+ID4gVGhl IFJGQyBqdXN0IHNheXMgdGhleSBhcmUgQU5EZWQgdG9nZXRoZXIuDQo+ID4gPiA+DQo+ID4gPiA+ DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+ID4gVGhlIGxlYWZz IGluIGxpc3QgImFkZHJlc3MiIGFyZSBhIG1peHR1cmUgb2YgImludGVuZGVkIiBhbmQgImxlYXJu ZWQiDQo+ID4gPiA+ID4gb3JpZ2luLg0KPiA+ID4gPiA+IFRoZSB0ZXh0IGNsZWFybHkgc2F5cyB0 aGF0IGEgbm9kZSBoYXMgYSBzaW5nbGUgb3JpZ2luIHByb3BlcnR5LA0KPiA+IGNvdXBsZWQNCj4g PiA+ID4gdG8NCj4gPiA+ID4gPiB0aGUgYW5ub3RhdGlvbi4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+ IElzc3VlIDE6IG1peGVkIG9yaWdpbiBkZXNjZW5kYW50IG5vZGVzDQo+ID4gPiA+ID4gU28gaG93 IGRvZXMgYSBzZWFyY2ggb24gL2FkZHJlc3Nlcy9hZGRyZXNzIG1hdGNoDQo+ID4gb3JpZ2luLWZp bHRlcj1sZWFybmVkPw0KPiA+ID4gPiA+IEkgY2Fubm90IGZpbmQgYW55IHRleHQgdGhhdCBzYXlz IHdoYXQgdGhlIG9yaWdpbiBvZiBhIGxpc3Qgb3INCj4gPiBQLWNvbnRhaW5lcg0KPiA+ID4gPiA+ IGlzIGlmIGl0DQo+ID4gPiA+ID4gY29udGFpbnMgbm9kZXMgb2YgbWl4ZWQgb3JpZ2luLg0KPiA+ ID4gPg0KPiA+ID4gPiBTZWUgYWJvdmUuDQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4g PiA+IE5vIHRleHQgYWJvdmUgZXhwbGFpbnMgaG93IHRoZSBsaXN0IG9yaWdpbiBpcyB0YWdnZWQg aWYgaXQgaGFzIG11bHRpcGxlDQo+ID4gPiA+IHR5cGVzIG9mIGNoaWxkIG5vZGVzLg0KPiA+ID4g Pg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiA+ IElzc3VlIDI6IE5QLWNvbnRhaW5lcnMNCj4gPiA+ID4gPg0KPiA+ID4gPiA+IEFsc28gZnJvbSBS RkMgODM0MjoNCj4gPiA+ID4gPg0KPiA+ID4gPiA+ICAgIFRoZSBvcmlnaW4gYXBwbGllcyB0byBh bGwgY29uZmlndXJhdGlvbiBub2RlcyBleGNlcHQgbm9uLXByZXNlbmNlDQo+ID4gPiA+ID4gICAg Y29udGFpbmVycy4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gV2hhdCBpZiB0aGUg dG9wLWxldmVsIG5vZGUgaXMgYW4gTlAtY29udGFpbmVyIGluIHRoaXMgY2FzZS4NCj4gPiA+ID4g PiBJIHRob3VnaHQgdGhlIHRvcC1sZXZlbCBub2RlIE1VU1QgaGF2ZSBhbiBvcmlnaW4gYXR0cmli dXRlLg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4gVGhlIHRleHQgaXMgbm90IGNsZWFyIGhvdyBOUC1j b250YWluZXJzIGFyZSBoYW5kbGVkLg0KPiA+ID4gPiA+IERvIHRoZXkgaGF2ZSBhbiBvcmlnaW4g YXR0cmlidXRlPyBJZiBub3QgdGhlbiBSRkMgODUyNiBzYXlzIHRoZXkgaGF2ZQ0KPiA+ID4gPiA+ IG9yaWdpbiAidW5rbm93biIuDQo+ID4gPiA+ID4gSXMgdGhlIGludGVudCB0aGF0IE5QLWNvbnRh aW5lcnMgYWx3YXlzIHBhc3MgdGhlIG9yaWdpbi1maWx0ZXIgdGVzdHMNCj4gPiA+ID4gKHRlc3QN Cj4gPiA+ID4gPiBza2lwcGVkKT8NCj4gPiA+ID4NCj4gPiA+ID4gTm8sIHNpbmNlIHRoZXkgZG9u J3QgaGF2ZSBhbiBvcmlnaW4gdmFsdWUgdGhleSB3aWxsIG5vdCBiZSBzZWxlY3RlZCBieQ0KPiA+ ID4gPiB0aGUgZmlsdGVyLiAgQnV0IGFuIE5QLWNvbnRhaW5lciB3aWxsIGJlIGluY2x1ZGVkIGlu IHRoZSByZXBseSBpZiBpdA0KPiA+ID4gPiBpcyB0aGUgYW5jZXN0b3Igb2YgYSBub2RlIHRoYXQg aXMgc2VsZWN0ZWQgYnkgdGhlIGZpbHRlci4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4g PiA+ID4gVGhlIFJGQyB0ZXh0IGRvZXMgbm90IHJlYWxseSBzYXkgdGhhdC4NCj4gPiA+ID4NCj4g PiA+ID4gU2luY2UgaXQgaXMgdmVyeSBkaWZmaWN1bHQgdG8ga25vdyBpZiBhIGRhdGEgbm9kZSA1 IGxheWVycyBkZWVwIGlzDQo+ID4gZ29pbmcNCj4gPiA+ID4gdG8gbWF0Y2gsDQo+ID4gPiA+DQo+ ID4gPiA+IGltcGxlbWVudGluZyB0aGVzZSBmaWx0ZXJzIGFjY29yZGluZyB0byB0aGlzIHZhZ3Vl IGludGVycHJldGF0aW9uIGlzDQo+ID4gPiA+IHVubGlrZWx5Lg0KPiA+ID4gPg0KPiA+ID4gPg0K PiA+ID4gPg0KPiA+ID4gPg0KPiA+ID4gPiAvbWFydGluDQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4g PiA+DQo+ID4gPiA+IEFuZHkNCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4gPiA+ID4NCj4g PiA+ID4NCj4gPiA+ID4gPg0KPiA+ID4gPiA+DQo+ID4gPiA+ID4NCj4gPiA+ID4gPiAvbWFydGlu DQo+ID4gPiA+ID4gPg0KPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiBBbmR5DQo+ID4gPiA+ID4NCj4g PiA+ID4gPg0KPiA+ID4gPiA+ID4NCj4gPiA+ID4gPiA+ID4gU2VlbXMgbGlrZSB0aGUgY2xpZW50 IG5lZWRzIHRvIGtub3cgYSBsb3QgYWJvdXQgdGhlIHNlcnZlcg0KPiA+ID4gPiBpbXBsZW1lbnRh dGlvbg0KPiA+ID4gPiA+ID4gPiBkZXRhaWxzDQo+ID4gPiA+ID4gPiA+IGluIG9yZGVyIHRvIHVz ZSB0aGUgb3JpZ2luIGZpbHRlcnMuDQo+ID4gPiA+ID4gPiA+DQo+ID4gPiA+ID4gPiA+DQo+ID4g PiA+ID4gPiA+IEFuZHkNCj4gPiA+ID4gPiA+DQo+ID4gPiA+DQo+ID4gPiA+DQo+ID4NCg== From nobody Mon Oct 7 16:34:03 2019 Return-Path: <0100016da8925c87-fabe62a7-897d-4cbe-98ea-7b4cff7c1c7d-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A7B120112 for ; Mon, 7 Oct 2019 16:33:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLyJspLMBKkz for ; Mon, 7 Oct 2019 16:33:49 -0700 (PDT) Received: from a8-32.smtp-out.amazonses.com (a8-32.smtp-out.amazonses.com [54.240.8.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC7BC120110 for ; Mon, 7 Oct 2019 16:33:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570491227; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=89uh9w22ff0F7Hkm6DEccy9VxJV2f1JOLSTr5crqlRk=; b=X+y+/zpuewU449NPWVh0S8R2Mm6b8qFVCw14Sjtzn4BeMeUu5MkUICx8z9XgnUcy YhJGDUlDBvtfmiZyUHpD5CJktmXycvVS5vzqvdcd6frEegGkxwkvbIy2SjR36Ir78Tr G0OelPa4kTDEPC6rs9cSaxJdmWONIoFFHfGTlLSM= From: Kent Watsen Message-ID: <0100016da8925c87-fabe62a7-897d-4cbe-98ea-7b4cff7c1c7d-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_991A6319-AA5C-4601-85FA-512D8CF06A64" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 7 Oct 2019 23:33:47 +0000 In-Reply-To: Cc: Wang Haiguang , "netconf@ietf.org" , Rifaat Shekh-Yusef To: "Salz, Rich" , Henk Birkholz References: <0100016d21ee2101-fb4f3288-1975-4a7d-a499-cb42ff8d9e14-000000@email.amazonses.com> <0100016d3afa694e-ce58ee3a-792f-4c0e-89bb-83d0128a5194-000000@email.amazonses.com> <8053FDA0-77EA-488F-B5A7-F203359105E0@akamai.com> <6924CAD5-F740-4512-8689-E0307AF0BD88@akamai.com> <99BFF357-6A2A-49E0-BB38-37C25DB04213@akamai.com> <0100016d44bda220-51590a9a-0a15-4b63-a49d-47efe712e82e-000000@email.amazonses.com> <2614C1E8-A015-4816-AA3B-F75D02F5701C@akamai.com> <0100016d45447f68-68073ae2-3f96-4c6d-846d-7c661c1cdb0c-000000@email.amazonses.com> <7AE47512-8974-4A8C-9756-699CAE220EF9@akamai.com> <1c08a27c27ea4177b9cfc524c92042f0@huawei.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.07-54.240.8.32 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 23:34:02 -0000 --Apple-Mail=_991A6319-AA5C-4601-85FA-512D8CF06A64 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 [CC-ing Henk, who lobbied for adding PSK and raw public keys to the = trust store draft] > >If I am not wrong, TLS 1.3 support to use raw public key between = client and server. > I think TLS + Raw public key has been specified in RFC 7250 and later = merge in RFC 8446 (TLS 1.3) > =20 > You are not wrong. But public keys do not need to be encrypted or = protected by other privacy means. Private keys still do. So =E2=80=9CTLS= with raw keys=E2=80=9D does not change the security requirements = compared to =E2=80=9CTLS with certificates.=E2=80=9D > =20 > My issue is that I do not think =E2=80=9CTLS with raw keys=E2=80=9D is = used very much, and we do not have to support it in the first versions = of these documents. I'd like to get Henk's opinion on this. =20 Henk, we're talking about modifying the tls-client-server draft to = reference all private-key types in Keystore. Specifically, a PSK is = effectively a /keystore:asymmetric-keys/asymmetric-key, and a raw = public-key is effectively a /keystore:symmetric-keys/symmetric-key, = right? So the question is, when requesting the ability to authenticate = TLS servers using those mechanisms, is there also a need to configure = the private keys? All, looking at ietf-tls-client.yang and ietf-tls-server.yang, adding = the ability to configure the "private" half of a PSK or raw public key = would be something like: OLD container { uses = ks:local-or-keystore-end-entity-cert-with-key-grouping; NEW container { choice auth-type { uses = ks:local-or-keystore-end-entity-cert-with-key-grouping; uses ks:local-or-keystore-raw-public-key-grouping; uses ks:local-or-keystore-pre-shared-key-grouping; Kent --Apple-Mail=_991A6319-AA5C-4601-85FA-512D8CF06A64 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 [CC-ing Henk, who lobbied for adding PSK and raw public keys = to the trust store draft]


>If I am not wrong, TLS 1.3 support to = use raw public key between client and server.
I think TLS + Raw public key has been = specified in RFC 7250 and later merge in RFC 8446 (TLS 1.3)
 
You are not wrong.  = But public keys do not need to be encrypted or protected by other = privacy means.  Private keys still do.  So =E2=80=9CTLS with = raw keys=E2=80=9D does not change the security requirements compared to = =E2=80=9CTLS with certificates.=E2=80=9D
 
My issue is that I do not think =E2=80=9CTLS with = raw keys=E2=80=9D is used very much, and we do not have to support it in = the first versions of these documents.

I'd like to get Henk's opinion on = this.   

Henk, we're = talking about modifying the tls-client-server draft to reference all = private-key types in Keystore. Specifically, a PSK is effectively a = /keystore:asymmetric-keys/asymmetric-key, and a raw public-key is = effectively a /keystore:symmetric-keys/symmetric-key, right?  So = the question is, when requesting the ability to authenticate TLS servers = using those mechanisms, is there also a need to configure the private = keys?


All, looking at ietf-tls-client.yang = and ietf-tls-server.yang, adding the ability to configure the = "private" half of a PSK or raw public key would be something = like:

= OLD
    container = <client-identity or server-identity> {
=     =   uses ks:local-or-keystore-end-entity-cert-with-key-groupi= ng;

= NEW
  =   container <client-identity or server-identit= y> {
  =     choice auth-type {
  =       =  uses ks:local-or-keystore-end-entity-cert-with-key-grouping; =         =  uses ks:local-or-keystore-raw-public-key-grouping;
=         =  uses ks:local-or-keystore-pre-shared-key-grouping;

Kent

= --Apple-Mail=_991A6319-AA5C-4601-85FA-512D8CF06A64-- From nobody Mon Oct 7 17:12:21 2019 Return-Path: <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0B1D120025 for ; Mon, 7 Oct 2019 17:12:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJ6IqvFJzoni for ; Mon, 7 Oct 2019 17:12:18 -0700 (PDT) Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB9EF120019 for ; Mon, 7 Oct 2019 17:12:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570493536; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=pDRRa0q1SXTiTlCAhqu0Ta+ruINrr3fLDa8JShiruw8=; b=IP1K2pfIUeeB7R+Y4hNgSxJzGen8l1IY+04ews6xs0lbmMHOAuzlayLWDqce5vuv bvrrAjZuWGZzuT13eBvFXfhutomJyk7B/UtW0aChuTtOYLCKXXuv0pYKFao67JjxMWE nBzSWX3J3iJwrURhV//maC7YX6EqqgKOm9vgUOm4= From: Kent Watsen Message-ID: <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_39C32504-4753-4D5D-A795-7C8C91D74062" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 8 Oct 2019 00:12:16 +0000 In-Reply-To: <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> Cc: "netconf@ietf.org" To: tom petch References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.08-54.240.8.31 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 00:12:20 -0000 --Apple-Mail=_39C32504-4753-4D5D-A795-7C8C91D74062 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > To put an end to this email, recall above it was said that the = secondary goal is to pass an "algorithm" parameter into the = 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what = kind of key to generate, right?). Most of the above regards the key = formats (not algorithms, though the OneSymmetricKey and OneAsymmetricKey = structs do self-identify their algorithms). I don't have an answer for = this yet, but maybe we can mimic some aspect of the above for it? >=20 > Comments? Answering myself here. Having identities for "key formats" is useful = and maybe helpfully decouples things, but how to support the actions = remains open and yet critical to support. Other than the "IANA registry" based proposal I gave Sep 27th (which I = still think is pretty good), I don't see any other way to do this other = than by going half-way back towards the old identity approach. By = "halfway", I mean to say that it doesn't define all the algorithm types, = just the subset needed for our immediate needs. So, either in addition = or as a replacement to the identities for key formats, I think we should = do the following: In ietf-crypto-types: // define base identities so they can be referenced by = groupings identity asymmetric-key-algorithm; identity symmetric-key-algorithm; identity hash-algorithm; In ietf-asymmetric-key-algs.yang: identity foo { base "asymmetric-key-algorithm" } ... =20 In ietf-symmetric-key-algs.yang identity bar { base "symmetric-key-algorithm" } ... In ietf-hash-algs.yang identity baz { base "hash-algorithm" } ... The three new modules can also be defined in the crypto-types draft, but = by putting each algorithm-type into a distinct module, and by only = defining a minimum number of algorithm types (there were many more = before), it gets closer to what Rich wants, some modularity and no = grand-unified solution. On the downside, servers would have to = implement more than one module and it we continue to need some = config-false list of algorithms supported by the server (i.e., = implementing the module !=3D supporting all identities in the module). Thoughts? Is this something everyone can get behind? Do you think we = should continue to have an identity for the "key format", or combine it = with the definition of the "algorithm" node? PS: Tom, I think this email answers your "big picture" question. Kent // contributor --Apple-Mail=_39C32504-4753-4D5D-A795-7C8C91D74062 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

To put an end to this email, recall above it was said = that the secondary goal is to pass an "algorithm" parameter into the = 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what = kind of key to generate, right?).   Most of the above regards the = key formats (not algorithms, though the OneSymmetricKey and = OneAsymmetricKey structs do self-identify their algorithms).   I = don't have an answer for this yet, but maybe we can mimic some aspect of = the above for it?

Comments?


Answering = myself here.  Having identities for "key formats" is useful and = maybe helpfully decouples things, but how to support the actions remains = open and yet critical to support.

Other than the "IANA registry" based = proposal I gave Sep 27th (which I still think is pretty good), I don't = see any other way to do this other than by going half-way back towards = the old identity approach.  By "halfway", I mean to say that it = doesn't define all the algorithm types, just the subset needed for our = immediate needs.  So, either in addition or as a replacement to the = identities for key formats, I think we should do the = following:

   In ietf-crypto-types:

   // define base = identities so they can be referenced by groupings
=    identity asymmetric-key-algorithm;
=    identity symmetric-key-algorithm;
=    identity hash-algorithm;
   In = ietf-asymmetric-key-algs.yang:

=   =   identity foo { base "asymmetric-key-algorithm" }
      =       ...
    
   In ietf-symmetric-key-algs.yang

=   =   identity bar { base "symmetric-key-algorithm" }
      =       ...

   In = ietf-hash-algs.yang

    identity baz { base = "hash-algorithm" }
            = ...


The= three new modules can also be defined in the crypto-types draft, but by = putting each algorithm-type into a distinct module, and by only defining = a minimum number of algorithm types (there were many more before), it = gets closer to what Rich wants, some modularity and no grand-unified = solution.  On the downside, servers would have to implement more = than one module and it we continue to need some config-false list = of algorithms supported by the server (i.e., implementing = the module !=3D supporting all identities in the = module).

Thoughts?  Is this something everyone can get behind? Do = you think we should continue to have an identity for the "key = format", or combine it with the definition of the "algorithm" = node?

PS: Tom, I think this email = answers your "big picture" question.

Kent // contributor


= --Apple-Mail=_39C32504-4753-4D5D-A795-7C8C91D74062-- From nobody Tue Oct 8 00:40:53 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4832F1200F8 for ; Tue, 8 Oct 2019 00:40:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmdaLRy1rGEf for ; Tue, 8 Oct 2019 00:40:49 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60088.outbound.protection.outlook.com [40.107.6.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 785A81200D5 for ; Tue, 8 Oct 2019 00:40:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R+uKVI0m3iBHVewkMYopGxis6RTOFlZrrrBVWIEAdHwl664SLEQC2MeOFDSUgtApciLHShLI3BmuDoj+XRNg2iS6UuzD+/yFC7NselX2moh7JlSZjyRSXkTGOno4pXLEC1ZMAHe/TPk+PiUQJcWWV7rF16SFp2ZdhrirB20st7J+BAG/icK6AYvV23xGu7Rs3+O8cZ2KJSf1uf0leNYAmr9uucRt2+YKSAYwqyI4SVzQBUcRbiDx+MWCW+g6oPohKrPYAan9/mifoctVi5dn5SA+9qt4iNk68UrKdfy2RJbtnKWCB7tGIkjGW8mEzKYJFI07cvKcZnp/z5LQou3k5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JA/dOFkxPnRo1XLoouzqtzK95Eh3dMBVe5+9Fb9RGgM=; b=jMkuy9WvNxUeEpk+ugbf8jbqT8RKPfxl6RgDKIZjlJ/ZFxPZmznbKtHeh8j8cg5M0gbkt4DNv3qwYPILJlgAEA8J7kMGrD3apmW46QowBSGzz4Qp/eJuwfyMvMDEwO+KrHDW4MBJpjuHD7MRh6feZV0bfPqlbS6AVVmKfV1Abapu7hLLrFPRv+UMidBKvZBFnnVszg6J0c7BPgtx22t7sts1fIfuqFDv77TV71Fxx3FvKhBVpsE9opQY07YPPIU1MonQ1UY2AxgFSoEQHVNPEgCACqQiyO7L69slti6IGEGAR6Q9lmllYgq5dI1GsWLwT8z2FxHMLOeKDEHo0i+22w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JA/dOFkxPnRo1XLoouzqtzK95Eh3dMBVe5+9Fb9RGgM=; b=nDDQBYMsjr1pV0czUKzJsJ745guhgjiH8PH28H21ZsusOaPUi0T0/ZwlEUa4oRsCxaenMtlAvfHifVUEZaMJ0S4aTibnkEsThuSt6XP0DsPqpsNwN6sjMaLLmNGpdjxYrRxVoTdMPqIwbO5iZUCj0WchLeMop1D+VAs5JFBj4mo= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2173.eurprd07.prod.outlook.com (10.169.135.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Tue, 8 Oct 2019 07:40:46 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc%12]) with mapi id 15.20.2347.016; Tue, 8 Oct 2019 07:40:46 +0000 From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= To: "Rob Wilton (rwilton)" , Mahesh Jethanandani , Netconf Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAk6LgCAAxRsYIABuy4AgAF9B/A= Date: Tue, 8 Oct 2019 07:40:45 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd8a5a4d-c57c-4c35-1b84-08d74bc2d4b2 x-ms-traffictypediagnostic: VI1PR0701MB2173: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 01842C458A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(366004)(39860400002)(136003)(376002)(189003)(199004)(51444003)(5660300002)(86362001)(76116006)(99936001)(85182001)(74316002)(7736002)(66446008)(64756008)(66556008)(66476007)(66616009)(66946007)(66066001)(2906002)(6116002)(3846002)(790700001)(316002)(85202003)(66574012)(110136005)(8676002)(81156014)(476003)(81166006)(8936002)(7110500001)(33656002)(11346002)(15650500001)(2420400007)(486006)(102836004)(14444005)(25786009)(55016002)(14454004)(9686003)(54896002)(6306002)(478600001)(186003)(26005)(6246003)(256004)(446003)(99286004)(6436002)(71190400001)(71200400001)(53546011)(6506007)(76176011)(229853002)(52536014)(7696005)(9326002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2173; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: dY1Q7kHRpxUWF1acmcTeASuDtZpF6cSIJq0rW0vJ+tbqYQ6AEYHpEux/t/aAGk1ALCWMqnvUXJuqIYCnRWgQkvCf/9A7lx0xP5cINtloizZJNrV+A0y6sRFZx7MhKAw9Rm5ooxlH+dzrZ888q4lNRojE75D9xmibH286G0SkfFJSg3QGY+kxX9YwQi2iimNNR9wmyXPkNuHQ9G9vuA0XcX7SWp7Zi5aA6bzwPtQT5hDyx4IuJUY60EjZ4VuyuLElp+7uDLt8M7eIcsRjYnwBXBnION9xXdqbI8Hh7+L+iHnjF/gtEEc9bsdGhOoOo9I5gXhRnnYviCGe1XEWL4L0Fg0XiehsyviKUt/9GGnUoJXbcfxuvI5PmRI4JNtPykzxNMOlDrRbXZXq8tcCpzH/MbhlvqWom+QoFzT0Xy/Rjhw= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0050_01D57DBC.74583880" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd8a5a4d-c57c-4c35-1b84-08d74bc2d4b2 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 07:40:45.9445 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YXW8yaDtuRdic4hODbVPLPUviUVJcvuNzsA5AD600YEXUkM63C1HAqCCRZN7XeCd1xzkOy5yoqWGZQ7dQZK9Wim3toMwKB1GVY01g/kn7Rk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2173 Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 07:40:51 -0000 ------=_NextPart_000_0050_01D57DBC.74583880 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0051_01D57DBC.74583880" ------=_NextPart_001_0051_01D57DBC.74583880 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Rob, See below. I only kept the parts we are discussing. I will answer model = related issues in a separate mail. Regards Balazs =20 From: Rob Wilton (rwilton) =20 Sent: 2019. okt=C3=B3ber 3., cs=C3=BCt=C3=B6rt=C3=B6k 18:13 To: Bal=C3=A1zs Lengyel ; Mahesh = Jethanandani ; Netconf Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 Hi Balazs, In section 3, I think=20 =20 The information SHALL be provided in two ways both following the ietf-notification-capabilities module: =20 should be: =20 The information SHOULD be provided in two ways both following the ietf-notification-capabilities module: BALAZS2: OK. But in this case I will need to use SHOULD in the following = 2 bullets too. =20 =20 - Is =E2=80=9Cmax-objects-per-update=E2=80=9D optional. What if = the server doesn=E2=80=99t have any hard limit - can they just not = return a value here? If so, perhaps assigning a default value of = uint32_max might make sense? BALAZS: It is optional. If there is no hard limit or the limit is not = known the leaf must be absent. The module description include the text: Any capability value MAY be absent ... if the publisher is not = capable of=20 providing a value. [RW]=20 OK. Then I think that there should be a bit more text about what values = mean if they are not specified. E.g. perhaps the following (if this is = the right behaviour for all properties). =20 Old: Any capability value MAY be absent if a more generic capability value is already provided or if the publisher is not capable of providing a value. =20 New: Any capability value MAY be absent if a more generic capability value is already provided or if the publisher is not capable of providing a value. If not provided then it should be interpreted that the property is unconstrained.=20 BALAZS2: Don=E2=80=99t agree. Someone requested earlier and I agreed, = that there is a use case where there is actually a limit, just it is not = known, or not easily calculated, or changing during time. Anyway IMHO = specifying unlimited is not really meaningful. Nothing is unlimited in = reality. Also it is explicitly stated that the publisher is allowed to = limit individual subscriptions to a lower throughput. So my view is that if we don=E2=80=99t have a value that means nothing = more than that we could not provide a meaningful limit. =20 =20 In the security section, are these capabilities sensitive information? = E.g. could it be used by an attacker to more effectively DDOS a server = (by knowing which paths to target subscriptions towards)? BALAZS: IMHO the information is not security sensitive. The minimum = dampening period and minimum-update-period can be used to find schema = sections that might generate more notifications, but this is really a = corner-case and we usually don=E2=80=99t describe such details. However = the security section now includes: The Network Configuration Access Control Model (NACM) [RFC8341] = provides the means to restrict access for particular NETCONF or = RESTCONF users to a preconfigured subset of all available = NETCONF or=20 RESTCONF protocol operations and content.=20 If access control is not properly configured, it can expose system internals to those who should not have access to this information. [RW]=20 Thinking about this some more, I wonder whether the security section = could/should refer back to YANG-Push, which allows a server to reject = subscriptions if it would cause the server to become overloaded. BALAZS2: Kent wanted just to state, not modifiable, not sensitive. I = updated this to:=20 All protocol-accessible data are read-only and cannot be modified. = The data in this module is not security sensitive. Access control may be configured, to avoid exposing=20 the read-only data. When that data is in file format, data should be protected against=20 modification or unauthorized access using normal file handling = and=20 secure and mutually authenticated file transport mechanisms. I hope that will be OK =20 Thanks, Rob =20 =20 Thanks, Rob =20 =20 ------=_NextPart_001_0051_01D57DBC.74583880 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Hello = Rob,

See below. I only kept the parts we are = discussing. I will answer model related issues in a separate = mail.

Regards Balazs

 

From: Rob Wilton (rwilton) = <rwilton@cisco.com>
Sent: 2019. okt=C3=B3ber 3., = cs=C3=BCt=C3=B6rt=C3=B6k 18:13
To: Bal=C3=A1zs Lengyel = <balazs.lengyel@ericsson.com>; Mahesh Jethanandani = <mjethanandani@gmail.com>; Netconf = <netconf@ietf.org>
Subject: RE: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

Hi Balazs,

In section 3, I think =

 

   The information = SHALL be provided in two ways both following = the

   ietf-notification-capabilities = module:

 

should = be:

 

   The information = SHOULD be provided in two ways both following = the

   ietf-notification-capabilities = module:

BALAZS2: OK. But in this case I will need to = use SHOULD in the following 2 bullets too.

 

 

-        = Is = =E2=80=9Cmax-objects-per-update=E2=80=9D optional.  What if the = server doesn=E2=80=99t have any hard limit - can they just not return a = value here?  If so, perhaps assigning a default value of uint32_max = might make sense?

BALAZS: It is optional. If there is no hard = limit or the limit is not known the leaf must be absent. The module = description include the text:

      Any capability = value MAY be absent ... if the publisher is not capable of =

      providing a = value.

[RW]

OK.  Then I think that = there should be a bit more text about what values mean if they are not = specified.  E.g. perhaps the following (if this is the right = behaviour for all properties).

 

Old:

      Any = capability value MAY be absent if a more generic = capability

      value is = already provided or if the publisher is not capable = of

      providing = a value.

 

New:

      Any = capability value MAY be absent if a more generic = capability

      value is = already provided or if the publisher is not capable = of

      providing = a value.  If not provided then it should be

      = interpreted that the property is unconstrained.

BALAZS2: Don=E2=80=99t agree. Someone = requested earlier and I agreed, that there is a use case where there is = actually a limit, just it is not known, or not easily calculated, or = changing during time. Anyway IMHO specifying unlimited is not really = meaningful. Nothing is unlimited in reality. Also it is explicitly = stated that the publisher is allowed to limit individual subscriptions = to a lower throughput.

So my view is that if we don=E2=80=99t have a = value that means nothing more than that we could not provide a = meaningful limit.

 

 

In the security section, = are these capabilities sensitive information?  E.g. could it be = used by an attacker to more effectively DDOS a server (by knowing which = paths to target subscriptions towards)?

BALAZS: IMHO the information is not security = sensitive. The minimum dampening period and minimum-update-period can be = used to find schema sections that might generate more notifications, but = this is really a corner-case and we usually don=E2=80=99t describe such = details. However the security section now = includes:

         = The Network Configuration Access Control Model (NACM) [RFC8341] =

        &= nbsp;provides the means to restrict access for particular NETCONF or =

        &= nbsp;RESTCONF users to a preconfigured subset of all available NETCONF = or

        &= nbsp;RESTCONF protocol operations and content.

        &= nbsp;If access control is not properly configured, it can = expose

         = system internals to those who should not have access to = this

         = information.

[RW]

Thinking about this some = more, I wonder whether the security section could/should refer back to = YANG-Push, which allows a server to reject subscriptions if it would = cause the server to become overloaded.

BALAZS2: Kent wanted just to state, not = modifiable, not sensitive. I updated this to:

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0All = protocol-accessible data are read-only and cannot be modified. =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= The data in this module is not security = sensitive.

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 = Access control may be configured, to avoid exposing =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= the read-only data.

When that data is in file format, data should = be protected against

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= modification or unauthorized access using normal file handling and =

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= secure and mutually authenticated file transport = mechanisms.

I hope that will be OK

 

Thanks,

Rob

 

 

Thanks,

Rob

 

 

------=_NextPart_001_0051_01D57DBC.74583880-- ------=_NextPart_000_0050_01D57DBC.74583880 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAwODA3NDA0M1owIwYJKoZIhvcNAQkEMRYEFLnOyrqJLGE2KolW+KeDCXCS0xKMMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQDOFyLvDxx1S9BhHN0L/zKHkLAKi6J+r8blwkcQ8BzqRaq2kSnborbk jmbycpevJ4yw87J9RczOqUvxbKNIw6QEyxQ1eXZ5bXxP8i9R8g70H96aSOOHilPNRcC1iaef5gOe cW/OLtPLj7O9EEb2aGqfsIQcpcUUUUCFYrISFgswKx1dhi87PcvJBaZJxq+wJa35IE/t24D9wlW1 iQg/l+6TD9UnDzNHPlN6Ll6EQHbmVDuMdNoWPyeF6cn/F+DpbnBMyOJQnUh1cIDitk1PnsAL3vwV 8MOLc2vQPqdqu9r+HQbE+Vg5hZ+nOL4YHCJLzn16QNlPMmifjhhPe9QPTOnnAAAAAAAA ------=_NextPart_000_0050_01D57DBC.74583880-- From nobody Tue Oct 8 03:06:43 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBAA01200D7 for ; Tue, 8 Oct 2019 03:06:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.247 X-Spam-Level: X-Spam-Status: No, score=0.247 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3agISnjDZjX7 for ; Tue, 8 Oct 2019 03:06:39 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70110.outbound.protection.outlook.com [40.107.7.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 880181200C3 for ; Tue, 8 Oct 2019 03:06:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EO4tFy2/FuxeCXaDXStHRqgRJjLo881lmK4+roboHJgl5iHf29K+SILEknVjvYJcDAsUTRGKuhjFCz4d9GloZTh0YjszU43iSJj3ndKGUxHYWJ0Swj4DDzAMbXhBoIcDVK290px53LdCvDbLwtbgTMp94tAX8uii23RL/6pAacQlVtsk2VDITgtETps2DB17UR4trFR8lpjAE4CtSmcx5bRpZry3LjbObGmz6vjoLl13McSslOGXhjN+mB40vxv1aRwqIej8JM17Z/VdtlC2OWPXyYHSZlQ3m0i3CCrlHRDMKhSAkeVHrbrIWiQNZWNMl1PJ9mVOpm6XNQ/riemqkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+qqYpnIG5zHhb6wSf8s28nPmo/s6jRfop6dtP91ei5s=; b=GS3Ex5/e0oDzMZqTEIj2GYTBYWao5yjA65fzl0zr0CMgicNTdFei8K7VNCC95bpC9Gxz3e3IyLSTsyIA7vIRfAXEbvXyNf6RRntDBwkybwFwvuSNin2MQQyYDSCuOX7XGU2kViR4wochC4xoxfAVQobARYflHgbd4M0dXMy6j5FdCrBfnwcsz0035572elbgYgqGS/dePzGx+lGkO3gzf2LroqebvMbs9ZujIJ78CHsqMnWLLg/LTNUtg3ohgUUc0Aw7j5xUSgNVzcPmHHLKxGiow2b6bkHTVBxmQxrI/K97OXqPgk39lrBgBpkERVaTQ29Lc1tB/4iywNsyA2CE4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+qqYpnIG5zHhb6wSf8s28nPmo/s6jRfop6dtP91ei5s=; b=F8mxyZN1sRDF8wGznxTOoF05nrOsLoz5rK8lqDgTgM5uqpkpqrWOZLWe01VMwFD80lo5tCA+tn0g+mVpFvhYdHad+hQYSBKLOREBaXvEddV05agg9/pV7mojOg5cfXmk0dLJ659sk/+yBSUiGlyDX0QEYMn0BYL0xzcHoVJt3DY= Received: from DB7PR07MB5147.eurprd07.prod.outlook.com (20.178.42.32) by DB7PR07MB6185.eurprd07.prod.outlook.com (20.178.43.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.15; Tue, 8 Oct 2019 10:06:35 +0000 Received: from DB7PR07MB5147.eurprd07.prod.outlook.com ([fe80::d5a9:784f:d667:ef14]) by DB7PR07MB5147.eurprd07.prod.outlook.com ([fe80::d5a9:784f:d667:ef14%4]) with mapi id 15.20.2347.016; Tue, 8 Oct 2019 10:06:35 +0000 From: tom petch To: "Salz, Rich" , Kent Watsen CC: "netconf@ietf.org" Thread-Topic: Enterprise was Re: [netconf] crypto-types: why symmetric keys? Thread-Index: AQHVfcARvDXLmYc9z0ap0qpoWC22Cg== Date: Tue, 8 Oct 2019 10:06:35 +0000 Message-ID: <053801d57dbf$c4887380$4001a8c0@gateway.2wire.net> References: <84a2ff74-67fb-069b-a9bc-4bd4187ee1bc@alumni.stanford.edu> <017A9541-641B-4826-983B-7C47AFA1A3AD@akamai.com> <0100016d97eb99fe-d6ce4ac2-7c9d-4653-833b-cb9471591e68-000000@email.amazonses.com> <13627E1C-A6D0-49B9-8277-55713E1958BD@akamai.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: LO2P265CA0471.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a2::27) To DB7PR07MB5147.eurprd07.prod.outlook.com (2603:10a6:10:68::32) authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Microsoft Outlook Express 6.00.2800.1106 x-originating-ip: [86.139.211.103] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5af82308-5ee2-4d90-1873-08d74bd733b5 x-ms-traffictypediagnostic: DB7PR07MB6185: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 01842C458A x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39860400002)(376002)(396003)(366004)(136003)(51914003)(199004)(189003)(13464003)(86362001)(14444005)(1556002)(6512007)(5660300002)(99286004)(64756008)(66556008)(66946007)(66476007)(66446008)(71190400001)(6506007)(71200400001)(44736005)(6486002)(8676002)(386003)(14454004)(52116002)(6436002)(256004)(478600001)(6306002)(81816011)(81686011)(9686003)(76176011)(966005)(476003)(26005)(4720700003)(66066001)(316002)(102836004)(110136005)(486006)(8936002)(7736002)(50226002)(25786009)(14496001)(186003)(305945005)(4326008)(81156014)(446003)(2906002)(81166006)(6116002)(44716002)(3846002)(61296003)(62236002)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR07MB6185; H:DB7PR07MB5147.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1; received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: k+tl5SBzLr8iC5dQZvjTLWwadTnwIRuI9YrL7cMFiIYRZ62U8wjCb0T1Exy6c+5v9MOEFtujc9hCv1xMRNIK4j+GTje6qQ/lFRumNOCuP5Y+ykvKn+HR3SPSTlkcxNzZRUrL61Sjsb2Tcc7v+t5aHgviEtOYn3elqVSSJjFSt2DiwbL2zr9lipJcTvEeb2dvTVOEG04Rr7bDH+rfy3A8342UHTpMjxL9dv/xV86PxxDlJejfF0pwO1UQ52bvqD7rQyM4Vt2+/zgjIi9UyLtg9HIwDEyC+r/X1NU+6GXJeh9HBPuoflKqMhgNKHwMDMm3knxYvuuZCKX0TXy+oVzPIDi3ozlACGc4vIyYdn/K7rkZD6iiLderEQziF5nbf4Tgqv3h6OsOxludtlVySPAOnsI+DLVUbjuGQ5UgQnz204vxqeyMD3EUUCYWdz0sDH1Bb9CG1JbSmDZ5TT/CYX3qkw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: btconnect.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5af82308-5ee2-4d90-1873-08d74bd733b5 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 10:06:35.7820 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +kNXzAZ/c36o/4lQvdLdiyTezmBqNVk7qlIsZsZ4tkhOuN62bQWwCa/QT5Wi3f3fPcaIe7PWeIoifVoOvuTYew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB6185 Archived-At: Subject: [netconf] Enterprise was Re: crypto-types: why symmetric keys? X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 10:06:41 -0000 LS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLQ0KRnJvbTogIlNhbHosIFJpY2giIDxyc2FsekBh a2FtYWkuY29tPg0KU2VudDogRnJpZGF5LCBPY3RvYmVyIDA0LCAyMDE5IDc6MDYgUE0NCg0KPiBU aGFua3MgZm9yIHRoZSBjbGFyaWZpY2F0aW9uLg0KPg0KPiBJIGNvbnRpbnVlIHRvIHVyZ2UgZGV2 ZWxvcG1lbnQgb2Ygc21hbGwgbW9kZWxzIHRoYXQgbWVldCBtb3N0ICgqbm90DQphbGwqKSBuZWVk cyBvZiBzZXJ2aWNlIGNvbmZpZ3VyYXRpb24uICBUTFPigJlzIFBTSyBrZXlzIG5lZWQgdG8gYmUg c2hhcmVkDQpieSB0aGUgc2VydmVyIGFuZCBjbGllbnQocyksIHNvIEkgYW0gbm90IHN1cmUgYWJv dXQgdGhlIHV0aWxpdHkgb2Yg4oCcc28NCm5vdCBldmVuIHRoZSBhZG1pbmlzdHJhdG9yIGtub3dz IGl04oCdICBJIGFtIGlnbm9yYW50IGlmIFBTS+KAmXMgYXJlDQphY3R1YWxseSBuZWVkZWQgZm9y IGVudGVycHJpc2UgdXNlIG9mIFRMUy4NCg0KDQpSaWNoDQoNCkZyb20gbXkgKGxpbWl0ZWQpIGV4 cGVyaWVuY2Ugb2YgRW50ZXJwcmlzZSwgYW5kIGFzc3VtaW5nIHRoYXQgUFNLIGlzDQpQcmUtU2hh cmVkIEtleSwgYSBzdHJpbmcgb2YgdW5zcGVjaWZlZCBsZW5ndGgsIEkgc2VlIFNTSCB1c2VkLA0K bW9zdGx5LCBmb3IgU3lzdGVtcyBhbmQgTmV0d29yayBNYW5hZ2VtZW50IHdpdGggSFRUUFMgdXNl ZCwgbW9zdGx5LCBmb3INCm9wZXJhdGlvbmFsIHN5c3RlbXMsIHVzZXIgYWNjZXNzLCB3aXRoIHR3 by1mYWN0b3IgYXV0aGVudGljYXRpb24gd2hlcmUNCnVzZXIgYXV0aGVudGljYXRpb24gIGlzIG5l ZWRlZC4gIEFsbW9zdCBhbGwgdXNlciBhY2Nlc3MgaXMgdG8gYSB3ZWINCnNlcnZlciB3aXRoIGxp dHRsZSBvciBubyByYXcgZS1tYWlsLCBmaWxlIHRyYW5zZmVyIG9yIHN1Y2ggbGlrZQ0KcHJvdG9j b2xzLg0KDQpJIHNlZSBkZXZpY2UgLSBub3QgdXNlciAtIGNlcnRpZmljYXRlcyB1c2VkIHRvIHNl Y3VyZSBWUE4gYWNjZXNzLg0KDQpJIGRvIGFsc28gc2VlIGNvbmZpZ3VyYXRpb24gb2YgUFNLIHdo ZW4gYSBuZXcgZGVwYXJ0bWVudGFsIHNlcnZlciBjb21lcw0KYWxvbmcsIGFuZCBpcyBjb25maWd1 cmVkIHdpdGggdXNlci1pZCBhbmQgb25lLXRpbWUgcGFzc3dvcmRzIHdoaWNoIGFyZQ0KZS1tYWls ZWQgb3V0IHRvIHRoZSB1c2Vyczsgc29tZXRpbWVzIHRoZSBQU0sgaXMgYSBmb3VyLWRpZ2l0IHBp bi4NCihSZWFsLXdvcmxkIHNlY3VyaXR5IGFzIG9wcG9zZWQgdG8gSUVURiBzdGFuZGFyZHMgc2Vj dXJpdHk6LSkNCg0KT25lIG90aGVyIHRob3VnaHQuICBUaGUgRW50ZXJwcmlzZXMgSSBrbm93IGFy ZSBqdXN0IG1pZ3JhdGluZyBmcm9tDQpXaW5kb3dzIDcgdG8gV2luZG93cyAxMCBzaW5jZSBzdXBw b3J0IGZvciB0aGUgZm9ybWVyIGV4cGlyZXMgdGhpcyB5ZWFyLg0KT3ZlciB0aGUgcGFzdCB5ZWFy IG9yIHNvLCB0aGV5IGhhdmUgbWlncmF0ZWQgZnJvbSBUTFMgMS4wIHRvIFRMUzEuMi4NClRoaXMg c3VnZ2VzdHMgdG8gbWUgdGhhdCBUTFMgMS4zLCB3aGljaCBpcyByYXRoZXIgZGlmZmVyZW50LCBm b3IgUFNLIGFuZA0KZXZlcnl0aGluZyBlbHNlLCBpcyBzb21lIHdheSBvZmYgYW5kIHRoYXQgb3Vy IGZvY3VzIHNob3VsZCBiZSBvbiBUTFMgMS4yDQpidXQgSSBkbyBub3Qga25vdyBpZiB0aGF0IHdv dWxkIGdldCBwYXN0IGEgU2VjdWlydHkgQUQgLSB0aGUgWUFORw0KYm9pbGVycGxhdGUgbm93IG1h bmRhdGVzIFRMUyAxLjMuDQoNClRvbSBQZXRjaA0KDQoNCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K LS0tLS0tLS0NCg0KDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fDQo+IG5ldGNvbmYgbWFpbGluZyBsaXN0DQo+IG5ldGNvbmZAaWV0Zi5vcmcNCj4gaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9uZXRjb25mDQo+DQoNCg== From nobody Tue Oct 8 03:22:39 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D73B6120169 for ; Tue, 8 Oct 2019 03:22:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbBvl_reSVn4 for ; Tue, 8 Oct 2019 03:22:36 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 07EED1200B8 for ; Tue, 8 Oct 2019 03:22:36 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 58E951AE018B; Tue, 8 Oct 2019 12:22:34 +0200 (CEST) Date: Tue, 08 Oct 2019 12:22:08 +0200 (CEST) Message-Id: <20191008.122208.2297815182441890483.mbj@tail-f.com> To: kent+ietf@watsen.net Cc: ietfc@btconnect.com, netconf@ietf.org From: Martin Bjorklund In-Reply-To: <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> References: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 10:22:38 -0000 Hi, Kent Watsen wrote: > > > > To put an end to this email, recall above it was said that the > > secondary goal is to pass an "algorithm" parameter into the > > 'generate-symmetric-key' and 'generate-asymmetric-key' actions (what > > kind of key to generate, right?). Most of the above regards the key > > formats (not algorithms, though the OneSymmetricKey and > > OneAsymmetricKey structs do self-identify their algorithms). I don't > > have an answer for this yet, but maybe we can mimic some aspect of the > > above for it? > > > > Comments? > > > Answering myself here. Having identities for "key formats" is useful > and maybe helpfully decouples things, but how to support the actions > remains open and yet critical to support. > > Other than the "IANA registry" based proposal I gave Sep 27th (which I > still think is pretty good), I don't see any other way to do this > other than by going half-way back towards the old identity approach. > By "halfway", I mean to say that it doesn't define all the algorithm > types, just the subset needed for our immediate needs. So, either in > addition or as a replacement to the identities for key formats, I > think we should do the following: > > In ietf-crypto-types: > > // define base identities so they can be referenced by groupings > identity asymmetric-key-algorithm; > identity symmetric-key-algorithm; > identity hash-algorithm; > > In ietf-asymmetric-key-algs.yang: > > identity foo { base "asymmetric-key-algorithm" } > ... > > In ietf-symmetric-key-algs.yang > > identity bar { base "symmetric-key-algorithm" } > ... > > In ietf-hash-algs.yang > > identity baz { base "hash-algorithm" } > ... But isn't this again a bit too much? Why can't we define the base identities in ietf-crypto-types, and then just the algs we need for ssh in a separate module, and the algs we need for tls in another. > The three new modules can also be defined in the crypto-types draft, > but by putting each algorithm-type into a distinct module, and by only > defining a minimum number of algorithm types (there were many more > before), it gets closer to what Rich wants, some modularity and no > grand-unified solution. On the downside, servers would have to > implement more than one module and it we continue to need some > config-false list of algorithms supported by the server (i.e., > implementing the module != supporting all identities in the module). Note that in general, a server may support one set of algs for node A and another set of algs for node B. So just listing the supported set of identities is not sufficient. Which is why I suggest (again) that we don't try to solve this problem here and now. /martin > > Thoughts? Is this something everyone can get behind? Do you think we > should continue to have an identity for the "key format", or combine > it with the definition of the "algorithm" node? > > > PS: Tom, I think this email answers your "big picture" question. > > Kent // contributor > > > > From nobody Tue Oct 8 05:57:32 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5785E120033 for ; Tue, 8 Oct 2019 05:57:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYl2j37T2ors for ; Tue, 8 Oct 2019 05:57:28 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40042.outbound.protection.outlook.com [40.107.4.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86EAC120807 for ; Tue, 8 Oct 2019 05:57:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IfWbeGgtSeyHpWKLF5gh3GctnK92jA8OuZLUk1lDZQXlna7jNJ+p23rYskFVWY6bB32CvtazXyWs1diUQHh/h7nNBtp7DwH+GMkIJuYVoMpROD25/ElQkFnjzD0ZOwkuTUav6T+qoBN22uVq3hEFs0qdLH3r7Ump2/NVlib+lozi9v9mIWBJ63h1JzGkh5nWOBqlmTniN3l4jyiUOqLShwYD0uneqOICcuLxuz5VmsdoWbpeqDk9UQkdClLHh3/W2E3cOYtABylEZqmbIpQf2jNpX7f7uRun6UFT5ELqMVwZ4c+4P4gV7P8S0yqS+03MibzheYWSpp3r6R/aUqIXfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1qeY4WbImpPJeTXGSBReK/gbzXXq5yIO8fqofv1QKrs=; b=AH6Ejl5ryw4RWzmz/RC5gbsVfDdQppgv86zVrAwb0mbDHtnJNzW4x/929ACVVXgIzUk7ErsobCzU4RINnxpPYT80k0XVB+1BQr4Z4zJNx9lZaWVCWKTTHNXxLNoQV/mKdK7lMurzF5+4DUTPPG5rKKnpISqGQiO2/xj36Y8JH0BvL3KLEW38OjVMwsFgdfEzklI8nj5bJSJIqbrm/fJvgkNH7+L+Ow/7fL7O5s3ayj0GjD9qazknIR74q/sWz9+KME+9akUYvuQ9w54jlaGMal0T77lfbAZwlMdG5Cn9vsmX4uSwmnTObphCVI8xeaK3yNaDO+fN5udQXfZT2kmgfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1qeY4WbImpPJeTXGSBReK/gbzXXq5yIO8fqofv1QKrs=; b=gLlfVsidZQTgndQTNfGK9fgYKFg5w18itvTHXuaGTaENde60SXn5T1SQSbV6l5DzaeOR81TRMWj/zGhR8hZPdLIUtsaSxf+zcxlmwNLFc8rQdABvbQSlMs+TOB1sbu8Yi5gyF5Op/jcaDcLXfoYFZKeAVTbeoMVtCAq6CMOB3Qk= Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6P190MB0085.EURP190.PROD.OUTLOOK.COM (10.172.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Tue, 8 Oct 2019 12:57:25 +0000 Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::3031:b318:b167:f8ee]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::3031:b318:b167:f8ee%12]) with mapi id 15.20.2327.026; Tue, 8 Oct 2019 12:57:24 +0000 From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= To: Kent Watsen CC: tom petch , "netconf@ietf.org" Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVbjbxVhFlbERW30moo9Q8WhnpJg== Date: Tue, 8 Oct 2019 12:57:24 +0000 Message-ID: <20191008125723.7zyaacswkpenlefl@anna.jacobs.jacobs-university.de> References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> In-Reply-To: <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR05CA0121.eurprd05.prod.outlook.com (2603:10a6:207:2::23) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:638:709:5::7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3e05be35-21d8-4318-60e5-08d74bef10a8 x-ms-traffictypediagnostic: DB6P190MB0085: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01842C458A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(346002)(396003)(376002)(136003)(189003)(199004)(6116002)(4326008)(316002)(71190400001)(43066004)(786003)(386003)(6506007)(186003)(52116002)(71200400001)(14454004)(46003)(229853002)(6246003)(2906002)(5660300002)(81166006)(81156014)(102836004)(8676002)(66946007)(66476007)(478600001)(486006)(99286004)(446003)(66446008)(86362001)(66556008)(25786009)(3450700001)(14444005)(305945005)(8936002)(64756008)(256004)(1076003)(45776006)(476003)(6486002)(76176011)(54906003)(561944003)(7736002)(6512007)(6436002)(11346002)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P190MB0085; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Y51y1lZxFGc7hlsQOPSo6WAdyg91jM7zVChUqi+OgvRVHj8H3HSWCmJEWDnRfD5bh2PEhBlpzqGu2NfrObf1t9ePpBi23UtnajX+yxr6PeQpoUdCbrSqfttam+Zc5oLD+0ZFk4wQhj8qJODrJNCvJ7dVAHKmzGVZ3DxseGw6jcypY7mY1ttG2LDNnwXEFWMpZtfnD7wHEt+6xfdrzJPYAD2c8BE5hd0gXlp47+xlugNSHRkXlZWbCtf6dqdeSOc/RdQNMwqdwouBQn6SkMb3XfwLXCjVgz1CHRksaUkSCrKiJbPIFnxnX9T9ik0xmD1xD7+l1rptIemCnwhpmImaYqcW+QgoMkmX4cckX+PrDK3jyWiez5nKQJMF/G5BGZ5CfEhrjqiCKNu0vHGoUVC9ErxAYgJbGy3N37bGHx2FpArxrXa/crpE55CSBdgzA30cy5PFEY/A6BSe4qwuiKS5Xw== Content-Type: text/plain; charset="iso-8859-1" Content-ID: <2E3F5B64DFD8A143BE5CCA0C9A64FB3D@EURP190.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: jacobs-university.de X-MS-Exchange-CrossTenant-Network-Message-Id: 3e05be35-21d8-4318-60e5-08d74bef10a8 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 12:57:24.8080 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: V5BCpOvduwQUcWLbGrmP9TpWr1hIAoLxXSwKJuQ639udYsFCjK+G2zJLTZIw1C8dqP9B3B2/i8Vc7MMXmoTLwysY7qbpoQZN2ProdI9EgLI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0085 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 12:57:31 -0000 On Tue, Oct 08, 2019 at 12:12:16AM +0000, Kent Watsen wrote: >=20 > Other than the "IANA registry" based proposal I gave Sep 27th (which I st= ill think is pretty good), I don't see any other way to do this other than = by going half-way back towards the old identity approach. By "halfway", I = mean to say that it doesn't define all the algorithm types, just the subset= needed for our immediate needs. So, either in addition or as a replacemen= t to the identities for key formats, I think we should do the following: >=20 > In ietf-crypto-types: >=20 > // define base identities so they can be referenced by groupings > identity asymmetric-key-algorithm; > identity symmetric-key-algorithm; > identity hash-algorithm; >=20 > In ietf-asymmetric-key-algs.yang: >=20 > identity foo { base "asymmetric-key-algorithm" } > ... > =20 > In ietf-symmetric-key-algs.yang >=20 > identity bar { base "symmetric-key-algorithm" } > ... >=20 > In ietf-hash-algs.yang >=20 > identity baz { base "hash-algorithm" } > ... >=20 I think there are a) cryptographic algorithms (the primitives) b) operating modes for symmetric algorithms etc. c) combinations of a) and b) used by certain security protocols or sub-protocols (keyex vs data transfer) d) key formats that are used together to combinations from b) and we seem to sometimes confuse these things. If this is a proposal for a), then fine. But these registries do not help much with b)-d), I believe b) and d) tend to be security protocol specific (and may even be security protocol version specific). Looking at things from a management perspective, I assume the relevance for configuration is d) to a). Hence, I believe it makes sense to create a module with definitions specifically needed for SSH and a module with definitions specifically needed for TLS. (The SNMP model in RFCC 7407 has a several choices to deal with different security "algorithms". This does not really matter except that we also back then went for a security protocol specific solution.) /js --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Tue Oct 8 06:02:31 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C96120052 for ; Tue, 8 Oct 2019 06:02:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1D__JK1Ja89a for ; Tue, 8 Oct 2019 06:02:26 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50044.outbound.protection.outlook.com [40.107.5.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F4D120033 for ; Tue, 8 Oct 2019 06:02:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XfJesC8wAa6dYHEJBLX2EM88elMK4Wl76h38Qrg7C1yDdnkHof/GBXSy2iAMlx8Em7WQVzlIAHyd5Pt8SL/D5dYlccaIO6poyb4CJ67soooHsBxIQ483Wqi2mvKQv+5/lRya4BSMuElH4NzvLFNzuB5B02+OurHo6ovF3zRdiwWCVmbQcQBcJoEHyD1muqmoCJ0anQ2FKyunnXvts50xvAnDJsFg4BOdKyGjowsccgzZSretOceMG5ydxnhCYZTzgosc3DFIZQVoO9dDKVlbP8CA7Cal0C3vn+uignfMP12z1+Y2/MXW/HQGNP8Wtw7zLWzqInMOA3eWw+DhSvP2wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hu70yFH3pjrlC5TPlnzOHfnay0R+o1SDwoebemsnJ3w=; b=bbYpJaYIncBm7cHet6HOfHPOZRFdCLoJfw/tplbe2ZpencUDeR22tVkAYfrquliqV2TDlTVrEi5fH9hSYhFg11TS4BnfO93FqcekdliT/LKed+feooqN7zjFPL48aSylkdElIPCoplGE8SodPjYytiOBlVGxIIM4NSG95aOLw0dopcHoS11Q1AJlB1/bvOcEALX8u1/Inu7tWFC4/FPao0Gh9wBxAwAEyDff+xv7Vpra5hVJv/XpXu0EXdWs37QpLkd2e3mKip/Qe5zU4a0AWXq8opT/uWKHPwD2+00BzOd6p3Hf9TuSQ73IjXrCRBhwPdyrF/bLXWBqwaBIm/fxPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hu70yFH3pjrlC5TPlnzOHfnay0R+o1SDwoebemsnJ3w=; b=XOKFLHJu2MWuf3oA6dCMNEMMNGheMQSCTCyV1JA0WKbaf0/Am86ZSvZL+29mLjgIs25Ya40K5f58ALeTcY1G1aDIkx5ZlQc1wavxYLjsXduKBFHdy4W5on42LO+f48D+seZZoFBKqOqO3CnWYXOOmQV4Ez7GBZK+5qIU4/35eHc= Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6P190MB0504.EURP190.PROD.OUTLOOK.COM (10.175.241.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Tue, 8 Oct 2019 13:02:23 +0000 Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::3031:b318:b167:f8ee]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::3031:b318:b167:f8ee%12]) with mapi id 15.20.2327.026; Tue, 8 Oct 2019 13:02:23 +0000 From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= To: Martin Bjorklund CC: "kent+ietf@watsen.net" , "netconf@ietf.org" Thread-Topic: [netconf] crypto-types fallback strategy Thread-Index: AQHVfcJcQSS5BIxD8Um+uO2HDtXgK6dQtboA Date: Tue, 8 Oct 2019 13:02:22 +0000 Message-ID: <20191008130222.5v77yqytgcxytxzc@anna.jacobs.jacobs-university.de> References: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> <20191008.122208.2297815182441890483.mbj@tail-f.com> In-Reply-To: <20191008.122208.2297815182441890483.mbj@tail-f.com> Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM0PR02CA0095.eurprd02.prod.outlook.com (2603:10a6:208:154::36) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:638:709:5::7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c260e47e-bb2c-44fb-b6da-08d74befc27e x-ms-traffictypediagnostic: DB6P190MB0504: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 01842C458A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(396003)(39850400004)(136003)(346002)(189003)(199004)(1076003)(446003)(6246003)(229853002)(6306002)(6486002)(64756008)(66476007)(66556008)(66946007)(43066004)(66446008)(6116002)(6436002)(3450700001)(2906002)(4326008)(486006)(46003)(476003)(11346002)(6512007)(102836004)(256004)(14454004)(186003)(6506007)(478600001)(386003)(71190400001)(71200400001)(5660300002)(45776006)(6916009)(86362001)(316002)(54906003)(786003)(7736002)(25786009)(81166006)(8676002)(81156014)(8936002)(99286004)(76176011)(52116002)(305945005)(4744005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P190MB0504; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: IxKJWoJ37Y2GttsSWyUY7kSDhtbXXWi0Gp8BpPur6mVghrrGvI3TbBMt1i0dj2+eJXyl0dkP+6ETjPqTtcXPUQjR+MmLOGeDrRU6GgHkHDRmSImNRZFHaH+XdlsdqixJOjWSf7cTbutryVMQ2bZ7pQWaav5xZMkSPa2VTSXYZO89YKyOFWo5Z+ry07ZixLwhQkKhYCadGJmk0gho4FPTU89knjSXhwIcEzEgLK3WoTk2c9ItkLLsWSub35+s7x2qrnZnCgOciBDftj/oUF/uwHyl3gRBCqtiO80e/D8cUsibAxlhvjoJu2XpPvjFSosc6fC4jEAb3U0VfYRsU7DMCDuPnu6c7vRTAgWnchKiMVpOa2Y5jidFh6ySOXi+noJEIXJubqapu7UosYHWkhqKr7d8ySQNjLKHnZrr5SBjQIVjYBME4reM+wBobvfkLXv5yTdneMcc2AV2bksD6CAq9g== Content-Type: text/plain; charset="iso-8859-1" Content-ID: <0621B3E467C4814D8677332A05B304B0@EURP190.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: jacobs-university.de X-MS-Exchange-CrossTenant-Network-Message-Id: c260e47e-bb2c-44fb-b6da-08d74befc27e X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 13:02:23.0015 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZakKT8hd61hov6dv701xX2yNwG0vFNL5+uO97EQCHwD6uf9Gdpqh3699IjU+5nY6xuFrxMoWwjCoQx4G5c8Xmqlru03cyua1JruKvGNSal0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0504 Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 13:02:28 -0000 On Tue, Oct 08, 2019 at 12:22:08PM +0200, Martin Bjorklund wrote: >=20 > Note that in general, a server may support one set of algs for node A > and another set of algs for node B. So just listing the supported set > of identities is not sufficient. Which is why I suggest (again) that > we don't try to solve this problem here and now. > We either solve the problem or we have to accept the people create workarounds. It is no solution to say "we do this next year" over and over again. And yes, the number of config false lists you need depends on the number of config knobs. /js --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Tue Oct 8 06:55:42 2019 Return-Path: <0100016daba764f6-86d561df-1a18-4c40-a55c-de44bfcdd934-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45C911200B2 for ; Tue, 8 Oct 2019 06:55:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKLr6YqZtJuR for ; Tue, 8 Oct 2019 06:55:39 -0700 (PDT) Received: from a8-33.smtp-out.amazonses.com (a8-33.smtp-out.amazonses.com [54.240.8.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6C951200A3 for ; Tue, 8 Oct 2019 06:55:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570542937; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=OGlDm0L+I5LZ6LcRLaE22bWxymqpsPEN90utiy2rn3M=; b=cU6wH9s9dMDVOXMyMtj5RcTpoFMG63OWug72Y57Rxhlgo1wEPNyHy7XbxrffNwV7 xsr37m1ONRzfsYuVA9yJHoklXQD1ARtb+TKtHccBnB2eLvkvDeEuhV2cuL6NXOydpKG dsCZNYYonOVoXtPPCSiZtHkzDSFiZPs29G7Y9sB8= From: Kent Watsen Message-ID: <0100016daba764f6-86d561df-1a18-4c40-a55c-de44bfcdd934-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_DCA92ECB-06FD-49C0-9311-705942F86E68" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 8 Oct 2019 13:55:37 +0000 In-Reply-To: <20191008125723.7zyaacswkpenlefl@anna.jacobs.jacobs-university.de> Cc: tom petch , "netconf@ietf.org" To: Juergen Schoenwaelder References: <0100016d455c6145-844c669e-8f31-4203-a827-7368d33cdee4-000000@email.amazonses.com> <0100016d7325f06e-00613ab7-413c-4d97-972c-858cf4886b65-000000@email.amazonses.com> <20190927.170902.142773301948727896.mbj@tail-f.com> <20190927174623.jhvpudof6yfs2m4k@anna.jacobs.jacobs-university.de> <0100016d84c0c469-e57fd7aa-dcba-4079-9b37-22720f7a4500-000000@email.amazonses.com> <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> <20191008125723.7zyaacswkpenlefl@anna.jacobs.jacobs-university.de> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.08-54.240.8.33 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 13:55:41 -0000 --Apple-Mail=_DCA92ECB-06FD-49C0-9311-705942F86E68 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii >=20 > I think there are >=20 > a) cryptographic algorithms (the primitives) > b) operating modes for symmetric algorithms etc. > c) combinations of a) and b) used by certain security protocols or > sub-protocols (keyex vs data transfer) > d) key formats that are used together to combinations from b) >=20 > and we seem to sometimes confuse these things. If this is a proposal > for a), then fine. But these registries do not help much with b)-d), >=20 > I believe b) and d) tend to be security protocol specific (and may > even be security protocol version specific). >=20 > Looking at things from a management perspective, I assume the > relevance for configuration is d) to a). >=20 > Hence, I believe it makes sense to create a module with definitions > specifically needed for SSH and a module with definitions specifically > needed for TLS. (The SNMP model in RFCC 7407 has a several choices to > deal with different security "algorithms". This does not really matter > except that we also back then went for a security protocol specific > solution.) An attempt to do this already exists. Please look at: - = https://tools.ietf.org/html/draft-ietf-netconf-ssh-client-server-14#sectio= n-5.3 = - = https://tools.ietf.org/html/draft-ietf-netconf-tls-client-server-14#sectio= n-5.3 = As well as the tables in Section 5 in both drafts. Admittedly, my co-authors decided to put this effort on hold while = crypto-types issue is resolved, as the WG's focus is on the first three = drafts of the client/server suite of drafts. But the point is that the = plan is to address the protocol-specific issue within these drafts. Kent --Apple-Mail=_DCA92ECB-06FD-49C0-9311-705942F86E68 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

I think there are

a) cryptographic algorithms (the primitives)
b) = operating modes for symmetric algorithms etc.
c) = combinations of a) and b) used by certain security protocols or
  sub-protocols (keyex vs data transfer)
d) key formats that are used together to combinations from = b)

and we seem to sometimes confuse these = things. If this is a proposal
for a), then fine. But these = registries do not help much with b)-d),

I = believe b) and d) tend to be security protocol specific (and may
even be security protocol version specific).

Looking at things from a management perspective, I assume = the
relevance for configuration is d) to a).

Hence, I believe it makes sense to create a = module with definitions
specifically needed for SSH and a = module with definitions specifically
needed for TLS. (The = SNMP model in RFCC 7407 has a several choices to
deal with = different security "algorithms". This does not really matter
except that we also back then went for a security protocol = specific
solution.)


An attempt to do this already exists.  Please = look at:


As well as the = tables in Section 5 in both drafts.

Admittedly, my co-authors decided to put this = effort on hold while crypto-types issue is resolved, as the WG's focus = is on the first three drafts of the client/server suite of drafts. =   But the point is that the plan is to address the = protocol-specific issue within these drafts.

Kent




= --Apple-Mail=_DCA92ECB-06FD-49C0-9311-705942F86E68-- From nobody Tue Oct 8 06:57:34 2019 Return-Path: <0100016daba8d265-d3b2a0f3-24a6-4898-b57b-729202844650-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6901200A3 for ; Tue, 8 Oct 2019 06:57:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5kpTa2haMxT for ; Tue, 8 Oct 2019 06:57:32 -0700 (PDT) Received: from a8-32.smtp-out.amazonses.com (a8-32.smtp-out.amazonses.com [54.240.8.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 473DB12007C for ; Tue, 8 Oct 2019 06:57:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570543031; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=hLMdMAV3/2rT/jfZTW2wJj36yGl6NjLUWxgkS/0rRhM=; b=G1g/fbVOW/KmLqwAWVExx2+ARTV6CiX/l8MRQ8lOOX6iNw8DB7WISkMh2/DUoEOw ImUZ5W1nXnwU/oFFSwp4T9aLVPKabes/+wH/o8CVpq8e5gfkbP81aRCrLStyEpWXpiP ybOotoovpsKycs8QXtUgOFjfqelGS7dP4OMqGkn0= From: Kent Watsen Message-ID: <0100016daba8d265-d3b2a0f3-24a6-4898-b57b-729202844650-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_4CC40007-C2B7-447B-B3B3-CE0117C3DEB6" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 8 Oct 2019 13:57:10 +0000 In-Reply-To: <20191008130222.5v77yqytgcxytxzc@anna.jacobs.jacobs-university.de> Cc: Martin Bjorklund , "netconf@ietf.org" To: Juergen Schoenwaelder References: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> <20191008.122208.2297815182441890483.mbj@tail-f.com> <20191008130222.5v77yqytgcxytxzc@anna.jacobs.jacobs-university.de> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.08-54.240.8.32 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 13:57:34 -0000 --Apple-Mail=_4CC40007-C2B7-447B-B3B3-CE0117C3DEB6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii >> Note that in general, a server may support one set of algs for node A >> and another set of algs for node B. So just listing the supported = set >> of identities is not sufficient. Which is why I suggest (again) = that >> we don't try to solve this problem here and now. >>=20 >=20 > We either solve the problem or we have to accept the people create > workarounds. It is no solution to say "we do this next year" over and > over again. And yes, the number of config false lists you need depends > on the number of config knobs. Right, it doesn't help to pretend that implementing a module !=3D = supporting all identities in the module. Kent --Apple-Mail=_4CC40007-C2B7-447B-B3B3-CE0117C3DEB6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Note that in general, a = server may support one set of algs for node A
and another = set of algs for node B.  So just listing the supported set
of identities is not sufficient.   Which is why I = suggest (again) that
we don't try to solve this problem = here and now.


We = either solve the problem or we have to accept the people create
workarounds. It is no solution to say "we do this next year" = over and
over again. And yes, the number of config false = lists you need depends
on the number of config knobs.

Right, = it doesn't help to pretend that implementing a module !=3D supporting all = identities in the module.

Kent

= --Apple-Mail=_4CC40007-C2B7-447B-B3B3-CE0117C3DEB6-- From nobody Tue Oct 8 07:07:37 2019 Return-Path: <0100016dabb24e1e-ce4ee331-cf37-4f51-a342-930c95d7a963-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52FBD12007C for ; Tue, 8 Oct 2019 07:07:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LE5ttUen2pq0 for ; Tue, 8 Oct 2019 07:07:34 -0700 (PDT) Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79F5120052 for ; Tue, 8 Oct 2019 07:07:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570543652; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=CJ5hq+otV0bumeBU0VTViFVkW9HybS5fozYw4baaB/k=; b=URLnhEZYInc+mALGUp7lYGAlTOhKu0wP9TEmWNVZvRwp08gbDl6EvO8z1x8hSeut rjd684CIE2Akt07/nDgA6E3Fb33U68V63S0FGhdqAsHTkqh5nKNCfghtxKGDHXs/4X0 H6RhRuFYVAFkRQeiRopxcM9OKsWvV87GMpCZi5ec= From: Kent Watsen Message-ID: <0100016dabb24e1e-ce4ee331-cf37-4f51-a342-930c95d7a963-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_2227B056-5157-4E4C-A738-57C594EBD4F3" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 8 Oct 2019 14:07:32 +0000 In-Reply-To: <20191008.122208.2297815182441890483.mbj@tail-f.com> Cc: ietfc@btconnect.com, "netconf@ietf.org" To: Martin Bjorklund References: <02f501d57846$e29a3b20$4001a8c0@gateway.2wire.net> <0100016d8834e6b1-d2301e8e-89e5-4fb1-ae58-057e82c4cf7f-000000@email.amazonses.com> <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> <20191008.122208.2297815182441890483.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.08-54.240.8.83 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 14:07:36 -0000 --Apple-Mail=_2227B056-5157-4E4C-A738-57C594EBD4F3 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii >> Answering myself here. Having identities for "key formats" is useful >> and maybe helpfully decouples things, but how to support the actions >> remains open and yet critical to support. >> >> Other than the "IANA registry" based proposal I gave Sep 27th (which I >> still think is pretty good), I don't see any other way to do this >> other than by going half-way back towards the old identity approach. >> By "halfway", I mean to say that it doesn't define all the algorithm >> types, just the subset needed for our immediate needs. So, either in >> addition or as a replacement to the identities for key formats, I >> think we should do the following: >> >> In ietf-crypto-types: >> >> // define base identities so they can be referenced by groupings >> identity asymmetric-key-algorithm; >> identity symmetric-key-algorithm; >> identity hash-algorithm; >> >> In ietf-asymmetric-key-algs.yang: >> >> identity foo { base "asymmetric-key-algorithm" } >> ... >> >> In ietf-symmetric-key-algs.yang >> >> identity bar { base "symmetric-key-algorithm" } >> ... >> >> In ietf-hash-algs.yang >> >> identity baz { base "hash-algorithm" } >> ... > > But isn't this again a bit too much? Why can't we define the base > identities in ietf-crypto-types, and then just the algs we need for > ssh in a separate module, and the algs we need for tls in another. There is a difference between algorithm primitives and cipher suites used by protocols. In crypto types we're trying to define the primitives that are used by the cipher suites. Please see my email to Juergen just now about how the "common" modules in the SSH and TLS drafts portend to do this. As for the primitives, the proposal above is to keep the primitives down to the minimum needed for our immediate goals. >> Thoughts? Is this something everyone can get behind? Do you think we >> should continue to have an identity for the "key format", or combine >> it with the definition of the "algorithm" node? Some of these questions are still hanging in the air... Kent // --Apple-Mail=_2227B056-5157-4E4C-A738-57C594EBD4F3 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Answering myself here. =  Having identities for "key formats" is useful
and = maybe helpfully decouples things, but how to support the actions
remains open and yet critical to support.

Other than the "IANA registry" based proposal I gave Sep 27th = (which I
still think is pretty good), I don't see any = other way to do this
other than by going half-way back = towards the old identity approach.
By "halfway", I mean to = say that it doesn't define all the algorithm
types, just = the subset needed for our immediate needs.  So, either in
addition or as a replacement to the identities for key = formats, I
think we should do the following:

  In ietf-crypto-types:

  // define base = identities so they can be referenced by groupings
=   identity asymmetric-key-algorithm;
=   identity symmetric-key-algorithm;
=   identity hash-algorithm;

=   In ietf-asymmetric-key-algs.yang:

=    identity foo { base "asymmetric-key-algorithm" = }
=            ...

  In = ietf-symmetric-key-algs.yang

=    identity bar { base "symmetric-key-algorithm" }
=            ...

  In ietf-hash-algs.yang

   identity baz { = base "hash-algorithm" }
=            ...

But isn't this again a bit too = much?  Why can't we define the base
identities in = ietf-crypto-types, and then just the algs we need for
ssh = in a separate module, and the algs we need for tls in another.

There = is a difference between algorithm primitives and cipher = suites
used by protocols.  In crypto types we're trying = to define the primitives
that are used by the cipher suites. =  Please see my email to Juergen
just now about how the = "common" modules in the SSH and TLS
drafts portend to do this. =  As for the primitives, the proposal above
is to keep the = primitives down to the minimum needed for our 
immediate = goals. 


Thoughts?  Is this = something everyone can get behind? Do you think we
should = continue to have an identity for the "key format", or combine
it with the definition of the "algorithm" node?

Some of these questions are still hanging in the = air...


Kent //

= --Apple-Mail=_2227B056-5157-4E4C-A738-57C594EBD4F3-- From nobody Tue Oct 8 07:31:51 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5305E120033 for ; Tue, 8 Oct 2019 07:31:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2K0LIPTn1ZtX for ; Tue, 8 Oct 2019 07:31:47 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 830CA12008F for ; Tue, 8 Oct 2019 07:31:47 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id BDFA31AE018B; Tue, 8 Oct 2019 16:31:45 +0200 (CEST) Date: Tue, 08 Oct 2019 16:31:19 +0200 (CEST) Message-Id: <20191008.163119.27018851686472950.mbj@tail-f.com> To: J.Schoenwaelder@jacobs-university.de Cc: kent+ietf@watsen.net, netconf@ietf.org From: Martin Bjorklund In-Reply-To: <20191008130222.5v77yqytgcxytxzc@anna.jacobs.jacobs-university.de> References: <0100016da8b59883-9c9c21fa-5030-4dd5-867e-5e33bf7b379d-000000@email.amazonses.com> <20191008.122208.2297815182441890483.mbj@tail-f.com> <20191008130222.5v77yqytgcxytxzc@anna.jacobs.jacobs-university.de> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [netconf] crypto-types fallback strategy X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 14:31:50 -0000 Sch=F6nw=E4lder, J=FCrgen wrote:= > On Tue, Oct 08, 2019 at 12:22:08PM +0200, Martin Bjorklund wrote: > > = > > Note that in general, a server may support one set of algs for node= A > > and another set of algs for node B. So just listing the supported = set > > of identities is not sufficient. Which is why I suggest (again) t= hat > > we don't try to solve this problem here and now. > > > = > We either solve the problem or we have to accept the people create > workarounds. It is no solution to say "we do this next year" over and= > over again. I didn't mean it that way. I meant that there will be more details to work out for this workaround, and I don't think it is (very) important to have a workaround. Hence my suggestion to leave this out for now. /martin > And yes, the number of config false lists you need depends > on the number of config knobs. > = > /js > = > -- = > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | German= y > Fax: +49 421 200 3103 > = From nobody Tue Oct 8 12:38:39 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12AD120043 for ; Tue, 8 Oct 2019 12:38:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Li5A3JnzylED for ; Tue, 8 Oct 2019 12:38:35 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80058.outbound.protection.outlook.com [40.107.8.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D46A120033 for ; Tue, 8 Oct 2019 12:38:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j/dLVvgKOKv9TTm3x2NSJZejCM0vHd6YdHIcMVTFFBPp1tBMbzZYx1XOc2ShDy7Am3ZUwbqhpGUp566uiEr87n8Y7EqRz4MIK2ZfUTltHTNHGy+yHtV5qYHNdwB6nLFNme30F0vp715arU8Tp4RB7Tt9kuIeMfz7BocmFb06RTGNTdDFj9ZkO/0g6KbxeiuxKjnRpO2ZjDyBXaaF2yH3rEHguxXBKpZ0Wjpdfjmh2XvFPDAPtly/DZSIr+SbqHIf52SDTtTsQZ9K+cUGuAhwPB/arZ8H/RNl7GnbuGVZkyaBCj1wcrOEM28QSrz/aAsLRn8NFxhPq510Z58rLuX6bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrjPzMn+mwjnI6ChzA6gaCGyv/0qt7UAl2tsp28ViNI=; b=PeW0pJjydMUL2tICEIDnUR/Svvd2uOa7m8tcJKLtqLSXPydntoT+G+LxPaUwJzJlp241a8wCKKzyMGmiraReiH9F1gUqTw+RIxd7LbYhXBixoXYaabwa2U/m6Keq2aXHZXGiOg8pclonWXSOuYx7AA6ysZnZT1d4Aj6OXNdiMazlNldI5Vh8/RgUoStgiK1t4RvvFZGAQ4T1o0EVqcXt9WAqnIRFrnVQUobfDtoNZF3cEn8/ohPVxfkICjPUJ1fSgC5BNWBYxg4L4lQmQKD1ZOsLhNLJx6AqK5JjU1Ki5VEE9IaQ80Y1b4INE8qBYdjlysg81Msqrjv++y3gpymsxw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BrjPzMn+mwjnI6ChzA6gaCGyv/0qt7UAl2tsp28ViNI=; b=FPqAE3Wovr2HBGeu1j8AWwhJsiJ9Zd8Wp1WceqTM/H/26mzbsxiv5lfHqJyL64uUCiW0sxDro7z9ujVWYgkkI0vLkdIws/6KMmRAc3TYZO1fbFbgjDsERuK67aqsQcDQ0yH8CfICZmfzDCn8NePwCKE8mP/5o+QzCgjBtFXD2kA= Received: from AM0PR07MB5187.eurprd07.prod.outlook.com (20.178.20.74) by AM0PR07MB6049.eurprd07.prod.outlook.com (20.178.115.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Tue, 8 Oct 2019 19:38:32 +0000 Received: from AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::f016:8dc4:2887:cacd]) by AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::f016:8dc4:2887:cacd%3]) with mapi id 15.20.2347.016; Tue, 8 Oct 2019 19:38:32 +0000 From: =?iso-8859-1?Q?Bal=E1zs_Kov=E1cs?= To: Kent Watsen CC: "netconf@ietf.org" Thread-Topic: truststore usage in ietf-ssh/tls-client/server Thread-Index: AdV6qssoOPhu3prpR26CPrmHv0Da1QCjJP6AADXTaaA= Date: Tue, 8 Oct 2019 19:38:32 +0000 Message-ID: References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> In-Reply-To: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com; x-originating-ip: [176.63.23.159] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e38f59da-83d5-4276-7304-08d74c271a7d x-ms-traffictypediagnostic: AM0PR07MB6049: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01842C458A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(376002)(39860400002)(396003)(366004)(136003)(189003)(199004)(25786009)(66446008)(486006)(102836004)(7736002)(186003)(76116006)(476003)(66946007)(9686003)(54896002)(236005)(8936002)(6306002)(446003)(55016002)(11346002)(86362001)(45776006)(6506007)(8676002)(6436002)(66066001)(26005)(9326002)(81166006)(81156014)(74316002)(66476007)(33656002)(14444005)(256004)(66556008)(229853002)(7696005)(64756008)(3846002)(6246003)(99286004)(790700001)(6116002)(52536014)(4326008)(316002)(2906002)(5660300002)(14454004)(478600001)(71200400001)(71190400001)(966005)(606006)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB6049; H:AM0PR07MB5187.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gNAAUUZ1zwRM53PHFTT6UqynHPi4uxO33Krhp1DJJas5XyjWQRy17pVvoIlPUPfBBIJKiwzFRzzKFoRWQwrYKDaW/tb5NuKFtNJRCWUnmxRQpvLLrWSoBrjHM+STpugO5i4wU+tAChA5/QxWxkx2q/XrpsKOPQ0Ge7K/9b7Pz4BucNntL+zA1V1I5EQN94DnG60vhNc4iSwOsvok38njY5Paa0wfIxBWSRfvfd3CrahORYhhyk6Rp5R2n/VbUXuAJSkDGNL656Z7Or6xSkRQ/dWiqRLngENfQT83hHQ+nigqoaP5l5esB2mZ/g2wseXTqmWyGXmHVmdfVsOIDJwnfFmDPxPz5u6W12vwM4txxMIk68/ff4gErHH1dvCYwHDtWm2JbIW5tXvPKitRTr9XpnFuQz+ZlKK0QiNVWsqIMZcktVoRMcLFXsEvx/Of8ykJRC6InL/r5iAUTDl9lgHEww== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM0PR07MB51877236CE073078C5B90F9A839A0AM0PR07MB5187eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: e38f59da-83d5-4276-7304-08d74c271a7d X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 19:38:32.7379 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Tq5518aJeNLkEWBbAOwMMdbo+Gfax0Kkto/WWHY7s/OxeshrUQVmpum278t+nfHMmcafPtt6PXsty7xLwqEGDBee0L6Ja6BV4ahPc9I868w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6049 Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 19:38:38 -0000 --_000_AM0PR07MB51877236CE073078C5B90F9A839A0AM0PR07MB5187eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Kent, Can you confirm that in the ietf-tls-client and ietf-tls-server models the = direct use of truststore references in server-authentication and client-aut= hentication containers will change to using local-or-truststore-certs-group= ing? Similarly in ssh models, will they change to local-or-truststore-host-keys-= grouping? Yes, it would make sense to use those groupings. I just committed the following updates: SSH: https://github.com/netconf-wg/ssh-client-server/commit/5292d87ef47a= afd2475241f82e76d8ac11defd11 TLS: https://github.com/netconf-wg/tls-client-server/commit/d7b8c81bbd2= dbbe5812e5519e4129abaf8012eb1 What do you think? All good? 1. In ssh-client and ssh-server: "Indicates that the client can authenticate servers using the configured trust anchor certificates."; "Indicates that the server can authenticate this user using the configured trust anchor certificates."; Do you prefer 'trust anchor' or could it be changed to 'certificate authori= ty'? 2. What's the rationale of the new presence containers in ssh models but not i= n the tls models? Br, Balazs --_000_AM0PR07MB51877236CE073078C5B90F9A839A0AM0PR07MB5187eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi Kent,

 

Can you confirm that in t= he ietf-tls-client and ietf-tls-server models the direct use of truststore = references in server-authentication and client-authentication containers wi= ll change to using local-or-truststore-certs-grouping?

 

Similarly in ssh models, = will they change to local-or-truststore-host-keys-grouping?

 

Yes, it would make sense = to use those groupings.

 

I just committed the foll= owing updates:

 

   SSH: https://github.com/netconf-wg/ssh-client-server/commit/5292d87ef47aa= fd2475241f82e76d8ac11defd11

    TLS: <= a href=3D"https://protect2.fireeye.com/url?k=3D70df6aa5-2c55a066-70df2a3e-8= 6e1ed4002b1-d8431043a52ea433&q=3D1&u=3Dhttps%3A%2F%2Fgithub.com%2Fn= etconf-wg%2Ftls-client-server%2Fcommit%2Fd7b8c81bbd2dbbe5812e5519e4129abaf8= 012eb1">https://github.com/netconf-wg/tls-client-server/commit/d7b8c81bbd2d= bbe5812e5519e4129abaf8012eb1

 

What do you think?  = All good?

 

1.

 

In ssh-client and ssh-server:

 

"Indicates that the client can authenticate ser= vers

using the configured trust anchor certificates."= ;;

 

"Indicates that the server can authenticate thi= s user

using the configured trust anchor certificates."= ;;

 

Do you prefer ‘trust anchor’ or could it= be changed to ‘certificate authority’?

 

2.

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            

What’s the rationale of the new presence conta= iners in ssh models but not in the tls models?

 

Br,

Balazs

 

 

 

--_000_AM0PR07MB51877236CE073078C5B90F9A839A0AM0PR07MB5187eurp_-- From nobody Tue Oct 8 13:56:07 2019 Return-Path: <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CDE8120046 for ; Tue, 8 Oct 2019 13:56:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRz3e61gI2Ai for ; Tue, 8 Oct 2019 13:56:04 -0700 (PDT) Received: from a8-32.smtp-out.amazonses.com (a8-32.smtp-out.amazonses.com [54.240.8.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2C6A120033 for ; Tue, 8 Oct 2019 13:56:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570568162; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=DjMAOjPuVWtxli5DmNj6HQ23D2uYwM//U6ENO0D0p0c=; b=Rn3wnK3Es0nvtCQoL33OUl5mE04BLPMUhPDFtwrh0xK/Xk8tmA2fAJ4Fs8ib60mM P6qcU1vN+STVZS0t2gJies0soxGf+fAP8zQDI7/HCfbAJZ/I3RgXU3IjXVGvkS8YzhK mskKuUIFnWYLOh9tO6IYav2QAxp9ulLgFB8SS4XM= From: Kent Watsen Message-ID: <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_E51F2018-2D72-4DEC-89B9-C268C4023B24" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 8 Oct 2019 20:56:02 +0000 In-Reply-To: Cc: "netconf@ietf.org" To: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.08-54.240.8.32 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 20:56:06 -0000 --Apple-Mail=_E51F2018-2D72-4DEC-89B9-C268C4023B24 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Balazs, > 1. > =20 > In ssh-client and ssh-server: > =20 > "Indicates that the client can authenticate servers > using the configured trust anchor certificates."; > =20 > "Indicates that the server can authenticate this user > using the configured trust anchor certificates."; > =20 > Do you prefer =E2=80=98trust anchor=E2=80=99 or could it be changed to = =E2=80=98certificate authority=E2=80=99? Good question. I was cognizant of the fact the the surrounding nodes = and text uses CA (e.g., ca-certs). But crypto-types uses the term = "trust-anchor" (in contrast to "end-entity"), which seems more exact. I = was half-thinking to swap "ca-cert" for "trust-anchor" everywhere in the = SSH and TLS models. I think the result would be more consistent, but = haven't looked carefully. Thoughts? > 2. > =20= > What=E2=80=99s the rationale of the new presence containers in ssh = models but not in the tls models? Good catch. The examples didn't test this "case" and hence the issue = was missed. I added this to the TLS models here: = https://github.com/netconf-wg/tls-client-server/commit/0eb86e7c9644cc396de= 7ab49037ed9ea40d5a75b = . FWIW, ts:local-or-truststore-certs-grouping contains a mandatory choice = that was forcing the nodes to be defined all the time... Kent // contributor --Apple-Mail=_E51F2018-2D72-4DEC-89B9-C268C4023B24 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

Hi Balazs,


1.
 
In = ssh-client and ssh-server:
 
"Indicates that the = client can authenticate servers
using the configured trust anchor certificates.";
 
"Indicates that the server can authenticate this user
using the configured trust anchor certificates.";
 
Do you = prefer =E2=80=98trust anchor=E2=80=99 or could it be changed to = =E2=80=98certificate = authority=E2=80=99?

Good question.  I was cognizant of the fact = the the surrounding nodes and text uses CA (e.g., ca-certs).  But = crypto-types uses the term "trust-anchor" (in contrast to "end-entity"), = which seems more exact.  I was half-thinking to swap "ca-cert" for = "trust-anchor" everywhere in the SSH and TLS models.  I think the = result would be more consistent, but haven't looked carefully. =  Thoughts?



 2.
          &nb= sp;            = ;            &= nbsp;           &nb= sp;            = ;           
What=E2=80=99= s the rationale of the new presence containers in ssh models but not in = the tls models?

Good catch.  The examples didn't test this = "case" and hence the issue was missed.  I added this to the TLS = models here: https://github.com/netconf-wg/tls-client-server/commit/0eb86e7c= 9644cc396de7ab49037ed9ea40d5a75b.

FWIW, ts:local-or-truststore-certs-grouping = contains a mandatory choice that was forcing the nodes to be defined all = the time...



Kent // = contributor


= --Apple-Mail=_E51F2018-2D72-4DEC-89B9-C268C4023B24-- From nobody Tue Oct 8 14:01:18 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E118120046 for ; Tue, 8 Oct 2019 14:01:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2X77Mes6hZAc for ; Tue, 8 Oct 2019 14:01:14 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA231120033 for ; Tue, 8 Oct 2019 14:01:14 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x98Kvpna032509; Tue, 8 Oct 2019 22:01:05 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=Kn4wPHIQzQ08yCPG3S7JqtcQFpcICllXwbGbA9GCUUo=; b=bC2QJXlTIoPepkQ6bII9LDaXgMBbAQkpOdjmm9m0mPigzL23J5MBbYGjuVm3+vGkaAMJ fFutUeCfvHjB9f+8OI4GRiSl6nZt48vDf+QPg3MK6G/SK6tGmmTcNx00qkn8LBSTcb6C MZYGMk0LbSPYQNjamXlqY7d1+tzxElZcXQC25fBYzRMWP+5liXI2q8iYpsZ6LG/4+ldt EsbtuQStSO1cSV7z8rIJdguavqlLWBU3OXGL2B0NDmRC6XaWNvFAmCrjIGWQwYWU5GVd 952Hu5JA/JUcXGafTyPwqdMhDCNMkp9KfqlPygGHZlrz12EOzBQ6B2g2bqU3VPKii1Ww IA== Received: from prod-mail-ppoint3 (prod-mail-ppoint3.akamai.com [96.6.114.86] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2vejtv8dgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 08 Oct 2019 22:01:05 +0100 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x98KYTLN020247; Tue, 8 Oct 2019 17:01:04 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint3.akamai.com with ESMTP id 2vepgyheed-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 08 Oct 2019 17:00:59 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 8 Oct 2019 17:00:53 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Tue, 8 Oct 2019 17:00:53 -0400 From: "Salz, Rich" To: Kent Watsen , =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= CC: "netconf@ietf.org" Thread-Topic: [netconf] truststore usage in ietf-ssh/tls-client/server Thread-Index: AQHVfhAAjMosYGycTEO6SrZc0dHKpKdRfIQA//++TYA= Date: Tue, 8 Oct 2019 21:00:53 +0000 Message-ID: References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> In-Reply-To: <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191003 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.33.58] Content-Type: multipart/alternative; boundary="_000_E2A52BEBFDA04F3BA11F052BD7A68120akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-08_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=876 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910080160 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-08_08:2019-10-08,2019-10-08 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 adultscore=0 priorityscore=1501 impostorscore=0 phishscore=0 spamscore=0 mlxlogscore=862 malwarescore=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910080162 Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 21:01:16 -0000 --_000_E2A52BEBFDA04F3BA11F052BD7A68120akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIOKAnHRydXN0IGFuY2hvcuKAnSBpcyB0aGUgcm9vdG1vc3QgQ0EgaW4gYSBjaGFpbiBvZiBj ZXJ0aWZpY2F0ZXMuDQoNCihSQVRTL0VBVCBoYXMgb3RoZXIgZGVmaW5pdGlvbnMgb2YgdGhlIHRl cm0sIGJ1dCBmb3IgWDUwOSBjZXJ0aWZpY2F0ZXMgYW5kIFRMUyBjb25maWd1cmF0aW9uLCB0aGlz IGNvcnJlY3QuKQ0KDQpJIHRoaW5rIHRoaXMgbWVhbnMgdGhhdCB5b3Ugc2hvdWxkIHVzZSB0aGUg dGVybSDigJxDQeKAnQ0K --_000_E2A52BEBFDA04F3BA11F052BD7A68120akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <384C6EC22DDDD545AFF8841BD335BA32@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4g MS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUi IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPlRoZSDigJx0cnVzdCBhbmNob3LigJ0gaXMgdGhlIHJvb3Rtb3N0IENBIGluIGEg Y2hhaW4gb2YgY2VydGlmaWNhdGVzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4oUkFUUy9FQVQg aGFzIG90aGVyIGRlZmluaXRpb25zIG9mIHRoZSB0ZXJtLCBidXQgZm9yIFg1MDkgY2VydGlmaWNh dGVzIGFuZCBUTFMgY29uZmlndXJhdGlvbiwgdGhpcyBjb3JyZWN0Lik8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+SSB0aGluayB0aGlzIG1lYW5zIHRoYXQgeW91IHNob3VsZCB1c2UgdGhlIHRlcm0g 4oCcQ0HigJ08bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_E2A52BEBFDA04F3BA11F052BD7A68120akamaicom_-- From nobody Tue Oct 8 23:52:25 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237F9120108 for ; Tue, 8 Oct 2019 23:52:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OMkukO0Fm2E for ; Tue, 8 Oct 2019 23:52:20 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80073.outbound.protection.outlook.com [40.107.8.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936151200E3 for ; Tue, 8 Oct 2019 23:52:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E/+fg8fMo27FGFaFns65+fuVY7jnHUFC0uCirQIsjN4q2sprPdlVQxG4ktoPhsH+d6lELje+o2v2duBjYaXxK+qHsOJouwJnv6xvum7EjWJE7P39Zd8DxdRr878j45UEYebwHlGISdQ9ms71Nksb5woHaVZe+x18sK71eEThnOl8xsOeOY20ke/P6WxoU22Vn+mlAh9TZQwme4tsKxf1tpTdT+mu0QNYbyqPvc2EG5R0W09r7JxM/5vOqrh+5+YJMb4BagfhfjmsG+x/M8R++jBDP+7UL/FtMRp6qI5yLTk+gyEasFlAm/d/cb4v6YxOYHicn2lD3pzrInZhNu6I9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sr1xuEanPKZ/8ASXmCAJctIUMqXKpV53ZQPK6R8WC9Y=; b=hVhe85GjLjxW5a+G2fu3YAMtSFAjSuHK5yiTwjkLqL8+0EqWlmkWy79VOyYdX/5Y+Cw8HBewTG1su2eTpstnIRlEQsNwqFI0nkOZAaYQA4B0AJ+xOUY+DIf3hNhwuNrJCKSeDT2s5d7K9migtaf66rvIH0NVC4X339y4kRenBp6yKTLnROgwYMl4xt2b05Kym8M+9PxIQHYPZUgbHp1F3pHufy9ZA8JN8txMJbMw+Wms+RZu22ifKAYYtC3J0+HQqaMWQ3Ign/XPao+/QbNUDFHhGC/JbJMDW4B5iN5dFGJ2zGFDDsafNVmL0QmiJ/tE95ZONQDQiDVeSOIccjw6kA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Sr1xuEanPKZ/8ASXmCAJctIUMqXKpV53ZQPK6R8WC9Y=; b=URvZkCgGensJMpy7iZn53HFNnj2Z4AfRuA9wKVlgGBAmn+x4U20b0YjvGtFtP/nyVTWszJM0tDl5YJeOL7Bzkj12FB5e628eF9ot7zQvSd/DGGPvOtYwc9zP81ubWHCRXuO5ylCCwOoMfqQDnDWykS2pz4hcu9Xdgr6tXdtGB7M= Received: from AM0PR07MB5187.eurprd07.prod.outlook.com (20.178.20.74) by AM0PR07MB6419.eurprd07.prod.outlook.com (10.186.175.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Wed, 9 Oct 2019 06:52:18 +0000 Received: from AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::f016:8dc4:2887:cacd]) by AM0PR07MB5187.eurprd07.prod.outlook.com ([fe80::f016:8dc4:2887:cacd%3]) with mapi id 15.20.2347.016; Wed, 9 Oct 2019 06:52:18 +0000 From: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= To: "Salz, Rich" , Kent Watsen CC: "netconf@ietf.org" Thread-Topic: [netconf] truststore usage in ietf-ssh/tls-client/server Thread-Index: AdV6qssoOPhu3prpR26CPrmHv0Da1QCjJP6AADXTaaAAAweZAAAAK1yAABR5ZIA= Date: Wed, 9 Oct 2019 06:52:18 +0000 Message-ID: References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com; x-originating-ip: [176.63.22.230] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0da0bc33-c2ff-4ec1-0386-08d74c8539dd x-ms-traffictypediagnostic: AM0PR07MB6419: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3968; x-forefront-prvs: 018577E36E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(396003)(366004)(136003)(346002)(199004)(189003)(52536014)(74316002)(86362001)(25786009)(7736002)(256004)(2906002)(33656002)(55016002)(6436002)(71200400001)(71190400001)(81166006)(81156014)(66946007)(8676002)(76116006)(66446008)(66556008)(66476007)(186003)(64756008)(11346002)(446003)(85202003)(6506007)(7696005)(26005)(76176011)(102836004)(229853002)(9326002)(66066001)(99286004)(8936002)(476003)(486006)(85182001)(4744005)(478600001)(14454004)(790700001)(6116002)(4326008)(3846002)(5660300002)(316002)(6246003)(110136005)(54896002)(6306002)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR07MB6419; H:AM0PR07MB5187.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JFoepK1IqRUSD4cEYfy8q/rFRk1sNoPiKxKYPpuEWW/JdmoPaE0JV4i96WLvGWcCK+qikp3q853rPwF/kBg6u+kCTvjOI1bBJ/HVH9/ESp38ReFy3IjHznGrD82jmMsABfMThGGevRvfxtcJDyVwWzpqKYdqJX7xvMshF1To40sfscKqj8oIJA3lEJUyHop5HE0Zwqf7bJJNMKNdW7L1ESrzjfq8UAoCjDHIlN6LVAdJ4nD7BLrIt+7+4A7+dJzuYcEdvGs+W1irBMHOHNhotyexoBIPc1HlOD11E7sYXCmCm2rwsYggvf6uWk/ZPrtC6inhZce1WRAMCG3fO+aZfOwY37mhIaPiMda/xAsAr88Kq9+8c0NqDEXsXVOvPRhA/X54bJxmXb9mQJxgCNvb+ze6a0YXWY++t4k3AnKGYFk= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM0PR07MB51875014434A6F0676198C7283950AM0PR07MB5187eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0da0bc33-c2ff-4ec1-0386-08d74c8539dd X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2019 06:52:18.0861 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: q+YrJ/qdVCuhCGB5l4jGbM/QrVscZBuxSwdLf/6b349Wx2RQ5e0ONYT2TY/kKl935baRMkVQEgWhwv8igAxVXWZ0SuCKTu/zKqltqceEEPk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6419 Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 06:52:23 -0000 --_000_AM0PR07MB51875014434A6F0676198C7283950AM0PR07MB5187eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNClRoZSDigJx0cnVzdCBhbmNob3LigJ0gaXMgdGhlIHJvb3Rtb3N0IENBIGluIGEgY2hh aW4gb2YgY2VydGlmaWNhdGVzLg0KDQooUkFUUy9FQVQgaGFzIG90aGVyIGRlZmluaXRpb25zIG9m IHRoZSB0ZXJtLCBidXQgZm9yIFg1MDkgY2VydGlmaWNhdGVzIGFuZCBUTFMgY29uZmlndXJhdGlv biwgdGhpcyBjb3JyZWN0LikNCg0KSSB0aGluayB0aGlzIG1lYW5zIHRoYXQgeW91IHNob3VsZCB1 c2UgdGhlIHRlcm0g4oCcQ0HigJ0NCg0KSeKAmW0gYWxzbyByYXRoZXIgaW4gZmF2b3Igb2YgY2Et Y2VydHMsIGVzcGVjaWFsbHkgaWYg4oCcdHJ1c3QgYW5jaG9y4oCdIG1lYW5zIHRoZSByb290IENB LiBBbHNvIGluIGRldmVsb3BtZW50IHRoZSB0ZXJtIENBIGNlcnRpZmljYXRlIGlzIG11Y2ggbW9y ZSB1bmRlcnN0YW5kYWJsZS4gSSB0aGluayB0aGUgdHlwZSBhbGxvd3MgYSBDQSBjaGFpbiBvciBv bmUgY291bGQgdXNlIHRoZXNlIGxlYXZlcyBmb3IgcGFydGlhbCBjaGFpbiB2YWxpZGF0aW9uIHRv by4NCg0KUmVnYXJkaW5nIHRoZSBwcmVzZW5jZSBjb250YWluZXJzLCBpZiBsb2NhbC1vci10cnVz dHN0b3JlLSogaGF2ZSBtYW5kYXRvcnkgY2hvaWNlIHRoZW4gSSB0aGluayB5b3UgbmVlZCB0byBt YWtlIHRoZSBsb2NhbC1vci1rZXlzdG9yZS0qIGNvbnRhaW5lcnMgYWxzbyBwcmVzZW5jZS4NCg0K QnIsDQpCYWxhenMNCg== --_000_AM0PR07MB51875014434A6F0676198C7283950AM0PR07MB5187eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm Ow0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5 cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJ Y29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBv cnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXpl OjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2Lldv cmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3Rl IG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAy NiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hh cGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+ DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5n PSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2Vj dGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGksPG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj5UaGUg4oCcdHJ1c3QgYW5jaG9y4oCdIGlzIHRoZSBy b290bW9zdCBDQSBpbiBhIGNoYWluIG9mIGNlcnRpZmljYXRlcy48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj4o UkFUUy9FQVQgaGFzIG90aGVyIGRlZmluaXRpb25zIG9mIHRoZSB0ZXJtLCBidXQgZm9yIFg1MDkg Y2VydGlmaWNhdGVzIGFuZCBUTFMgY29uZmlndXJhdGlvbiwgdGhpcyBjb3JyZWN0Lik8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDouNWluIj5JIHRoaW5rIHRoaXMgbWVhbnMgdGhhdCB5b3Ugc2hvdWxkIHVzZSB0aGUgdGVy bSDigJxDQeKAnTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5J4oCZbSBhbHNvIHJhdGhlciBpbiBm YXZvciBvZiBjYS1jZXJ0cywgZXNwZWNpYWxseSBpZiDigJx0cnVzdCBhbmNob3LigJ0gbWVhbnMg dGhlIHJvb3QgQ0EuIEFsc28gaW4gZGV2ZWxvcG1lbnQgdGhlIHRlcm0gQ0EgY2VydGlmaWNhdGUg aXMgbXVjaCBtb3JlIHVuZGVyc3RhbmRhYmxlLiBJIHRoaW5rIHRoZSB0eXBlIGFsbG93cyBhIENB IGNoYWluIG9yIG9uZSBjb3VsZCB1c2UgdGhlc2UgbGVhdmVzIGZvciBwYXJ0aWFsDQogY2hhaW4g dmFsaWRhdGlvbiB0b28uPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJlZ2FyZGluZyB0aGUgcHJl c2VuY2UgY29udGFpbmVycywgaWYgbG9jYWwtb3ItdHJ1c3RzdG9yZS0qIGhhdmUgbWFuZGF0b3J5 IGNob2ljZSB0aGVuIEkgdGhpbmsgeW91IG5lZWQgdG8gbWFrZSB0aGUgbG9jYWwtb3Ita2V5c3Rv cmUtKiBjb250YWluZXJzIGFsc28gcHJlc2VuY2UuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJy LDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QmFsYXpzPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_AM0PR07MB51875014434A6F0676198C7283950AM0PR07MB5187eurp_-- From nobody Wed Oct 9 00:03:43 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6248B12010C for ; Wed, 9 Oct 2019 00:03:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rNabcM9zoQZ for ; Wed, 9 Oct 2019 00:03:38 -0700 (PDT) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150044.outbound.protection.outlook.com [40.107.15.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36282120108 for ; Wed, 9 Oct 2019 00:03:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GqsRD1tTdzs64orNS69lfMQteoyRg2kyawC3xWY50+moMw0YozIdnPRuipMTDzVSiW67AMeViR8qZZiYp8WoJJFMlZGq9ufOwFURAD7VOo75TIwOXJx5m46DAYupcbr8bszSIhrbxwFJSn5mKBAJClaBg99yft9hC9e6Q6lP7WIArVqG1EmzMN3p2ORCXj9iGUpQSzaEr4SHAE+iGCUoypeQPhTrYP2qGtIBNYwf18E7kuCfy+5k3xgDxTxKRRZd+FsauUf501Cla4dQnGCJb0Ygrd+IvOOsiRDOFLmsYPRYXDqvzuH5cRqfJYCFpF6KAHJkStbmMuSmPUTSb7eueA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5scfhNXd+qJGZCJ0p+VlOT50fmgcDZj1qjdkbMhu4E=; b=F3eCaWhXaJJhOpj2b2QEhVZJ6jR6LsmgVeJb48SBgQ1gEFSz5iRrc7nAK1Gez1Wj8PVZCzcV9K6aYI5t5i2RlnUI1swKnCXqboeYPDxQcXpj2+axnUdwRi9GQpOMq7Jnbms2KhH00vPJdNlzQLIIrwd8JK7NtwrH87Xb5OpLltVSvx+MLbhj/6f0V2Q8HEOA5jVqXc5vbq14uVqMCuc/9pwxt8VvQPeYvMYdNTaA18aCYOn1gXgL9DMF6x6nmgbJ75+FdMxxtM+y+cPH7aKNhtl8hGhiNTPXV43JgU0NiD7/LcULh3P+Gs4S1jBoeZiwOXQ6G9ri9Cv5Q5cWc44OvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5scfhNXd+qJGZCJ0p+VlOT50fmgcDZj1qjdkbMhu4E=; b=bAUas6PwNHoJP6WUO6RTrgSaMfMMISqTUmNVqi3tZ91cXwEhPrdfgcBBUquM205nUXcLoLt9Gcuycg4757ymVuqkNwfZpbbTN3L1s6grNti4+sNv9HXlVqHHoXayWIKkHDpzK26TVsw4BhHF4HR3xxXPo2sPlHZ/a2jirrrBbAs= Received: from AM4P190MB0179.EURP190.PROD.OUTLOOK.COM (10.172.220.12) by AM4P190MB0035.EURP190.PROD.OUTLOOK.COM (10.172.215.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Wed, 9 Oct 2019 07:03:36 +0000 Received: from AM4P190MB0179.EURP190.PROD.OUTLOOK.COM ([fe80::e1ed:15cb:ad74:db5c]) by AM4P190MB0179.EURP190.PROD.OUTLOOK.COM ([fe80::e1ed:15cb:ad74:db5c%7]) with mapi id 15.20.2327.026; Wed, 9 Oct 2019 07:03:36 +0000 From: =?utf-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= To: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= CC: "Salz, Rich" , Kent Watsen , "netconf@ietf.org" Thread-Topic: [netconf] truststore usage in ietf-ssh/tls-client/server Thread-Index: AdV6qssoOPhu3prpR26CPrmHv0Da1QCjJP6AADXTaaAAAweZAAAAK1yAABR5ZIAAAJMFAA== Date: Wed, 9 Oct 2019 07:03:35 +0000 Message-ID: <20191009070334.tzpxb6wfvlwvyvks@anna.jacobs.jacobs-university.de> References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> In-Reply-To: Reply-To: =?utf-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM0PR06CA0034.eurprd06.prod.outlook.com (2603:10a6:208:ab::47) To AM4P190MB0179.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:63::12) authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:638:709:5::7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3ba00091-eba1-4f75-c8bd-08d74c86cdbf x-ms-traffictypediagnostic: AM4P190MB0035: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2958; x-forefront-prvs: 018577E36E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(366004)(39850400004)(396003)(189003)(199004)(446003)(6116002)(229853002)(6306002)(786003)(966005)(6512007)(76176011)(316002)(1076003)(6436002)(6246003)(71200400001)(71190400001)(6486002)(54906003)(102836004)(85202003)(46003)(85182001)(256004)(66476007)(478600001)(25786009)(66556008)(305945005)(5660300002)(3450700001)(7736002)(66446008)(43066004)(386003)(66946007)(64756008)(6506007)(4326008)(8676002)(186003)(486006)(2906002)(99286004)(8936002)(81166006)(81156014)(14454004)(52116002)(86362001)(476003)(11346002)(777600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4P190MB0035; H:AM4P190MB0179.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: k5HJkr8EAZTLrIrWnlWK+wqZEk13RiW7tzFRc0HmR2ZDT0J2Z5q9NC0Q4s3I84tR9eO0msS2pXwn/kiI/l1jWYqUZJQ2YHp0IDTZ/BFuN8Rf7olKvpCrX1u0bZ3OZgsTG9L/gXdCHaXFvSKDFwx3BxVGOqrYD/b3Hqq+Xx6OdZRY92rrIpVMKeN9/4uJnlQfAO8NyVnmN+vq2E2Oy39GyxisgujaAMHl2NU1yDUsbSp06Abbq92CjgSEF/1rETUsXLB3L+BBX+Zc1XU/Wh8QZx3IpKtR/G2W1d9/9s4QkXhRZ9q5nGsUfYBoov3BnUmeh2xrM2wJ5Xoxb4mQ9M+1Ob0J7rFLocZuwcTr/LDdV3VlsQXT/GiPNHbLbI7/Ae2cNVcbfweGhK8Lh39NK5fAB3vMwbRpy6XZl2OK/uqFZecP2215C0hsWt/e5Xy3AVtyIlNIJuRhpdzYADqdkk3Skg== Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: jacobs-university.de X-MS-Exchange-CrossTenant-Network-Message-Id: 3ba00091-eba1-4f75-c8bd-08d74c86cdbf X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2019 07:03:35.9990 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +7T/fBZuK9LnvO8iqtX5szfg3yhrE/xpPp/tpZ5U5uzAWtManZn5vue5nOLbvYneufFy2OWUnfAJxi9/49MH3fUzY8rsoPxPktozn5VuMWE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0035 Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 07:03:42 -0000 SGksDQoNCml0IG1heSBoZWxwIHRvIGFkb3B0IHRlcm1pbm9sb2d5IGRlZmluZWQgaW4gUkZDIDQ5 NDkuIFJGQyA0OTQ5IGZvcg0KZXhhbXBsZSBzYXlzOg0KDQogICAkIHRydXN0IGFuY2hvciBjZXJ0 aWZpY2F0ZQ0KICAgICAgKEkpIEEgcHVibGljLWtleSBjZXJ0aWZpY2F0ZSB0aGF0IGlzIHVzZWQg dG8gcHJvdmlkZSB0aGUgZmlyc3QNCiAgICAgIHB1YmxpYyBrZXkgaW4gYSBjZXJ0aWZpY2F0aW9u IHBhdGguIChTZWU6IHJvb3QgY2VydGlmaWNhdGUsIHRydXN0DQogICAgICBhbmNob3IsIHRydXN0 ZWQgY2VydGlmaWNhdGUuKQ0KDQovanMNCg0KT24gV2VkLCBPY3QgMDksIDIwMTkgYXQgMDY6NTI6 MThBTSArMDAwMCwgQmFsw6F6cyBLb3bDoWNzIHdyb3RlOg0KPiBIaSwNCj4gDQo+IFRoZSDigJx0 cnVzdCBhbmNob3LigJ0gaXMgdGhlIHJvb3Rtb3N0IENBIGluIGEgY2hhaW4gb2YgY2VydGlmaWNh dGVzLg0KPiANCj4gKFJBVFMvRUFUIGhhcyBvdGhlciBkZWZpbml0aW9ucyBvZiB0aGUgdGVybSwg YnV0IGZvciBYNTA5IGNlcnRpZmljYXRlcyBhbmQgVExTIGNvbmZpZ3VyYXRpb24sIHRoaXMgY29y cmVjdC4pDQo+IA0KPiBJIHRoaW5rIHRoaXMgbWVhbnMgdGhhdCB5b3Ugc2hvdWxkIHVzZSB0aGUg dGVybSDigJxDQeKAnQ0KPiANCj4gSeKAmW0gYWxzbyByYXRoZXIgaW4gZmF2b3Igb2YgY2EtY2Vy dHMsIGVzcGVjaWFsbHkgaWYg4oCcdHJ1c3QgYW5jaG9y4oCdIG1lYW5zIHRoZSByb290IENBLiBB bHNvIGluIGRldmVsb3BtZW50IHRoZSB0ZXJtIENBIGNlcnRpZmljYXRlIGlzIG11Y2ggbW9yZSB1 bmRlcnN0YW5kYWJsZS4gSSB0aGluayB0aGUgdHlwZSBhbGxvd3MgYSBDQSBjaGFpbiBvciBvbmUg Y291bGQgdXNlIHRoZXNlIGxlYXZlcyBmb3IgcGFydGlhbCBjaGFpbiB2YWxpZGF0aW9uIHRvby4N Cj4gDQo+IFJlZ2FyZGluZyB0aGUgcHJlc2VuY2UgY29udGFpbmVycywgaWYgbG9jYWwtb3ItdHJ1 c3RzdG9yZS0qIGhhdmUgbWFuZGF0b3J5IGNob2ljZSB0aGVuIEkgdGhpbmsgeW91IG5lZWQgdG8g bWFrZSB0aGUgbG9jYWwtb3Ita2V5c3RvcmUtKiBjb250YWluZXJzIGFsc28gcHJlc2VuY2UuDQo+ IA0KPiBCciwNCj4gQmFsYXpzDQoNCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18NCj4gbmV0Y29uZiBtYWlsaW5nIGxpc3QNCj4gbmV0Y29uZkBpZXRmLm9y Zw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL25ldGNvbmYNCg0KDQot LSANCkp1ZXJnZW4gU2Nob2Vud2FlbGRlciAgICAgICAgICAgSmFjb2JzIFVuaXZlcnNpdHkgQnJl bWVuIGdHbWJIDQpQaG9uZTogKzQ5IDQyMSAyMDAgMzU4NyAgICAgICAgIENhbXB1cyBSaW5nIDEg fCAyODc1OSBCcmVtZW4gfCBHZXJtYW55DQpGYXg6ICAgKzQ5IDQyMSAyMDAgMzEwMyAgICAgICAg IDxodHRwczovL3d3dy5qYWNvYnMtdW5pdmVyc2l0eS5kZS8+DQo= From nobody Wed Oct 9 00:24:18 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FA95120115 for ; Wed, 9 Oct 2019 00:24:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qP1svqvaK6oz for ; Wed, 9 Oct 2019 00:24:14 -0700 (PDT) Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A473120114 for ; Wed, 9 Oct 2019 00:24:14 -0700 (PDT) Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id x997O2eS000500 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Wed, 9 Oct 2019 09:24:03 +0200 Received: from [192.168.16.50] (79.234.112.245) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Wed, 9 Oct 2019 09:23:57 +0200 To: =?UTF-8?B?QmFsw6F6cyBLb3bDoWNz?= , "Salz, Rich" , Kent Watsen CC: "netconf@ietf.org" References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> From: Henk Birkholz Message-ID: <3d692778-dc0b-c5dd-3c99-1f2b5c5e75e3@sit.fraunhofer.de> Date: Wed, 9 Oct 2019 09:23:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [79.234.112.245] Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 07:24:17 -0000 Hi Balazs, RATS tries to avoid using the concept TA actually. In any case, if used/spoken of, it is the definition of RFC4949. Rephrasing that: An entity outside the device, that you can put trust into (or not) that provides you with a pub-key root certificate associated via a certification path with other certificates that are presented to you. In RATS they are used, for example, to be able to trust endorsement certificates about sub-components in a composite device (the things you cannot create attestation evidence for, such as roots of trusts). Viele Grüße, Henk On 09.10.19 08:52, Balázs Kovács wrote: > Hi, > > The “trust anchor” is the rootmost CA in a chain of certificates. > > (RATS/EAT has other definitions of the term, but for X509 certificates > and TLS configuration, this correct.) > > I think this means that you should use the term “CA” > > I’m also rather in favor of ca-certs, especially if “trust anchor” means > the root CA. Also in development the term CA certificate is much more > understandable. I think the type allows a CA chain or one could use > these leaves for partial chain validation too. > > Regarding the presence containers, if local-or-truststore-* have > mandatory choice then I think you need to make the local-or-keystore-* > containers also presence. > > Br, > > Balazs > > > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf > From nobody Wed Oct 9 07:33:34 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79C9512010E for ; Wed, 9 Oct 2019 07:33:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, TRACKER_ID=0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1haqT11S-Bha for ; Wed, 9 Oct 2019 07:33:30 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50063.outbound.protection.outlook.com [40.107.5.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0703E12006E for ; Wed, 9 Oct 2019 07:33:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hF24kHYkYeezsNL/5bjH7SuR65Qch6ZT/anxVLA79C8ymwtKGHRPOsia61IoosCpyCYWjArTmUC4PrBjMEcTZnByNzUHWrCJeVX3RjB/u6O7EuvQONEosY3D6q6Roui9HGuW3LfcTKidgCPXIW9wPOWBp3HTkP9E7dVdTJ4a2X43sIxu4wNC7fW2nTp2H9BhXK4o58Q29zNvrW/y9NDM/wfESrM/Y1ELQXToOcdsAjQsXQk/SE5XqlGD1+vuuQQV9iwPqPY3Fc+8JSBza0vd0pf/fycZuW/xIjzD4AVzEmG0iL418DpHE1vTxg1dUjRbXw5yyZg5c/QLtC87JNTIOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hhTlShLQ2UHGY5sAwQjySB6RLBq6novxUJKfjjxHV5w=; b=kcHOjCzVrhZil4RTzaepNQJCJMwvzC0wlNXn8hltCQ8lyiDPoqVsrBw39TgUOgHvR+rPFjSyHLYTcN5TDjQ/5k4xQAfhPzkoUJHgzq2V79IFTqN1bjtgQ/kJ13CqUIFZ85F+cxUJM8AqQqyRQQxf+W7tsebr0IFAKS1ndOvKpCYFdEzWCJSD3JHzqH0HrosLlCxkHRkk4AJvLNUb+R+O9UlLEimn+PePCt8lZnT1y3YIjpKxU1fS/FpsIBDTd+awfZogp4z8aIPUqoZw2d16LOzDuEOa6NoeMbOuxo6AKnlMTPLh1fICOuVduLL7m8/YE+9f7+vaYgOZ6e8k/vgEAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hhTlShLQ2UHGY5sAwQjySB6RLBq6novxUJKfjjxHV5w=; b=S5hkZlgxV8MBPmZvs8BKJu7yHfMTjy094ZoljiINX09Kqa4oGzSzfIqdRKj8D06xEZeuA1+St5NC82q9dXS50H7X4ybCrahj0nIXfZwzazFoBsJ0CMBbjM6KGzqeFNG4Szgq6ntyf26TPw628qJyQh07OmToEBjitIDY0EMyZI4= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2158.eurprd07.prod.outlook.com (10.169.133.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Wed, 9 Oct 2019 14:33:27 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc%12]) with mapi id 15.20.2347.016; Wed, 9 Oct 2019 14:33:27 +0000 From: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= To: Netconf , Alexander Clemm , "Eric Voit (evoit)" , "Rob Wilton (rwilton)" Thread-Topic: More capabilities for ietf-notification-capabilities (WGLC) Thread-Index: AdV+rn5v2Ucx0GJ9Tj2SEjVbMpaBTA== Date: Wed, 9 Oct 2019 14:33:27 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: aec34cdc-4c5d-4722-c653-08d74cc5a5fd x-ms-traffictypediagnostic: VI1PR0701MB2158: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 018577E36E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(39860400002)(366004)(346002)(136003)(189003)(199004)(256004)(86362001)(8936002)(81166006)(26005)(33656002)(186003)(8676002)(81156014)(14454004)(966005)(14444005)(606006)(9326002)(478600001)(476003)(99936001)(316002)(4744005)(486006)(7110500001)(110136005)(7696005)(6116002)(790700001)(3846002)(55016002)(66946007)(66066001)(7736002)(15650500001)(5660300002)(66476007)(66446008)(102836004)(74316002)(66616009)(66556008)(76116006)(2420400007)(99286004)(2906002)(45776006)(64756008)(71200400001)(71190400001)(6436002)(52536014)(25786009)(54896002)(9686003)(236005)(6506007)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2158; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lXVaHrxJF3HUpA00E5nNz9NCdwLevh90AjytyXATUlIU24JXk//lOV8Nibzqtw14FulyQWnF6Ulgt4SOUftjXH+8y0SxF0GrJU9stwQ5VhjyhS36twIMzkZu4a8qLO4Stf4DcX2fI3kRP0zPLW54FqhU/I4mW8eJ7mW/NFL+ZHQ6pflzgkIBz9jRRIaaezZhCxdgcynjWvw/5LUi0v7yWyDSxUbLa5mPSneLzcZ6I23R7gpoUAbwAuo3yo6A/PwU2vKyoYta7EMBt+frVKqnQA4q/BdJ1+qbJluj/3VSz6VFwicEfmbfuFuaTBF2MANaWBYuYHMYkI6aSJYG9FuMEICGUFdoMcfJfzdUDUr2REPJwUsOEVh+UG37BZMSGUkNsHj6BHmjk9sfyZDZQR7ofoBAnL1KfLgaEup/1WEoRgQ= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0245_01D57EBF.46223D40" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: aec34cdc-4c5d-4722-c653-08d74cc5a5fd X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2019 14:33:27.1915 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xBU47C4XnGPaaUs/CDwPL4Hpcp6Y+bN4Bgp3WF3907dM6hLt+2IhtLegOXbaQX16ZKF93bt0/UyDaTby86OCMLAmZfCd6kBm3kzDzGXiCyc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2158 Archived-At: Subject: [netconf] More capabilities for ietf-notification-capabilities (WGLC) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 14:33:33 -0000 ------=_NextPart_000_0245_01D57EBF.46223D40 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0246_01D57EBF.46223D40" ------=_NextPart_001_0246_01D57EBF.46223D40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello, During WGLC it was asked that we could/should add some more capabilities to the ietf-notification-capabilities model. In https://tools.ietf.org/html/rfc8641#appendix-A.1 there are two more error conditions mentioned. cant-exclude datastore-not-subscribable The publisher might be able to declare which change types can be used in the leaf-list excluded-change The publisher might want to declare that not even periodic subscriptions are supported for a specific datastore. Some people stated that supporting periodic subscriptions is mandatory if RFC8641 (Yang-Push) is supported, so we should not add this capability. But is it really mandatory to support periodic subscriptions for e.g. the start-up datastore? I intend to add these 2 to the model. Opinions? Regards Balazs -- Balazs Lengyel Senior Specialist Ericsson Hungary Ltd. Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com ------=_NextPart_001_0246_01D57EBF.46223D40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

During WGLC = it was asked that =A0we could/should add some more capabilities to the = ietf-notification-capabilities model.

In https://tools.i= etf.org/html/rfc8641#appendix-A.1 there are two more error = conditions mentioned.

cant-exclude =

datastore-not-subscribable

 

The publisher = might be able to declare which change types can be used in the =A0leaf-list = excluded-change

The publisher = might want to declare that not even periodic subscriptions are supported = for a specific datastore. Some people stated that supporting periodic = subscriptions is mandatory if RFC8641 (Yang-Push) is supported, so we = should not add this capability. But is it really mandatory to support = periodic subscriptions for e.g. the start-up datastore?

 

I intend to = add these 2 to the model.

 

Opinions?

 

Regards = Balazs

 

 

-- =

Balazs = Lengyel=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Senior = Specialist=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 = =A0=A0=A0Ericsson Hungary Ltd.

Mobile: = +36-70-330-7909=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 email: = Balazs.Lengyel@ericsson.com

 

------=_NextPart_001_0246_01D57EBF.46223D40-- ------=_NextPart_000_0245_01D57EBF.46223D40 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAwOTE0MzMyNVowIwYJKoZIhvcNAQkEMRYEFGMXiudj99nnbc7Sy54+4o8HtsArMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQACRiE0ps8bpo/994la6r9VRKXmynDxDDtfLJ00TBB+A2NZkmci5aR2 niEgSnhnscIuDSGuMMVkoWE76PBb3tjaDfxQV0J105bw4ZUx2v7t8foAfOFVo4QrxOjPXQDagscT zr7FCpJ53Zq/EVDw+5YHE3JKJgeHmHAofPFJ55M25pciVkLM2f6SLmDWQlIypUHnVbMych3juH+x PBahPfZG67HI5Qa6WqFJ37CY2/LRt8KqwMzLsjp0sLKOrf86PmKANPyWzgB3txxTUPNd0CmLcMZn 6tDBr/oFsTVfPb+ne7LH4oMmQpHLxIW9JCPg/audYMpnzkxr6MVtDQGyczgLAAAAAAAA ------=_NextPart_000_0245_01D57EBF.46223D40-- From nobody Wed Oct 9 07:56:25 2019 Return-Path: <0100016db1055a53-f9a7573e-5f0b-4d43-a952-959977378d2f-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65A851200E0 for ; Wed, 9 Oct 2019 07:56:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98NzyL20Eb1Z for ; Wed, 9 Oct 2019 07:56:22 -0700 (PDT) Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C39812008B for ; Wed, 9 Oct 2019 07:56:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570632981; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=5BdwqGpDh7vWHahp02YaFWlaSfeyyQ93BsrkT8F13Qg=; b=hjTJxSflBNPOoWN+kTlCjXUKfYFfXvFZ1X6oSeTBMYMRwCjtYUZdPQl7LcF78dj7 Pecm58sGNaBAvpMIPX+SCHwuhQeJ1OB23rdE/Z6HOLvDEgFEvqZZD6jZHiOdQwGXqRT 9Jh1n1rGr2Eye6vk1SAoEyzJA9Qcg57dsMLRTK0c= From: Kent Watsen Message-ID: <0100016db1055a53-f9a7573e-5f0b-4d43-a952-959977378d2f-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_5BF284BE-7310-4AFB-A164-E5EA10ED731B" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 9 Oct 2019 14:56:21 +0000 In-Reply-To: Cc: "Salz, Rich" , "netconf@ietf.org" To: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.09-54.240.8.96 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] truststore usage in ietf-ssh/tls-client/server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 14:56:24 -0000 --Apple-Mail=_5BF284BE-7310-4AFB-A164-E5EA10ED731B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Balazs, > I=E2=80=99m also rather in favor of ca-certs, especially if =E2=80=9Ctru= st anchor=E2=80=9D means the root CA. Also in development the term CA = certificate is much more understandable. I think the type allows a CA = chain or one could use these leaves for partial chain validation too. Noted. > Regarding the presence containers, if local-or-truststore-* have = mandatory choice then I think you need to make the local-or-keystore-* = containers also presence. I just looked and all seems proper. The local-or-keystore-* containers = are required, as they hold or reference the obligatory private key. Kent // contributor --Apple-Mail=_5BF284BE-7310-4AFB-A164-E5EA10ED731B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Balazs,

I=E2=80= =99m also rather in favor of ca-certs, especially if =E2=80=9Ctrust = anchor=E2=80=9D means the root CA. Also in development the term CA = certificate is much more understandable. I think the type allows a CA = chain or one could use these leaves for partial chain validation = too.

Noted.


 Regarding the presence containers, if = local-or-truststore-* have mandatory choice then I think you need to = make the local-or-keystore-* containers also = presence.

I just = looked and all seems proper.  The local-or-keystore-* = containers are required, as they hold or reference the obligatory = private key.


Kent // contributor


= --Apple-Mail=_5BF284BE-7310-4AFB-A164-E5EA10ED731B-- From nobody Wed Oct 9 08:49:12 2019 Return-Path: <0100016db135a50c-8e6fd140-fad9-4e05-81db-b1b37785a9a2-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83142120104 for ; Wed, 9 Oct 2019 08:49:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5qemGT5g23i for ; Wed, 9 Oct 2019 08:49:07 -0700 (PDT) Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725A61200C1 for ; Wed, 9 Oct 2019 08:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570636146; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=fuKzzOlg61AyjC+ySZu1vVelUvsz/+v4hpEVcRbWeNM=; b=bGedt47QeBp5wLOKzpf2fQolEcmNKVSBuEcChi/79uyGOzvicqk17uSvkg2iY3oZ TKvh7StOAyY73SKGPtYTbH/PdO9pcNKfh9JG4cOn1BAFAAO9M7KBMjXs7HnK677KLbQ JDTL2RckcFUabJzJzFenLs1RCq9cEnOsuuyPw/24= From: Kent Watsen Message-ID: <0100016db135a50c-8e6fd140-fad9-4e05-81db-b1b37785a9a2-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_F7C0283B-7E3C-4736-8CC2-BAD049812A3D" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 9 Oct 2019 15:49:06 +0000 In-Reply-To: <20191009070334.tzpxb6wfvlwvyvks@anna.jacobs.jacobs-university.de> Cc: =?utf-8?B?QmFsw6F6cyBLb3bDoWNz?= , "Salz, Rich" , "netconf@ietf.org" To: Juergen Schoenwaelder References: <0100016da755ddce-18e94501-441b-471d-af1e-03ba88fde0ba-000000@email.amazonses.com> <0100016dad284c4d-821b1403-49d4-41bb-87bf-275f611e6fe1-000000@email.amazonses.com> <20191009070334.tzpxb6wfvlwvyvks@anna.jacobs.jacobs-university.de> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.09-54.240.8.96 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: [netconf] "trust-anchor" usage (was: truststore usage in ietf-ssh/tls-client/server) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 15:49:10 -0000 --Apple-Mail=_F7C0283B-7E3C-4736-8CC2-BAD049812A3D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii [changing the subject line] > it may help to adopt terminology defined in RFC 4949. Indeed, but let's start this inquisition with crypto-types: $ grep trust-anchor ietf-crypto-types.yang typedef trust-anchor-cert-x509 { typedef trust-anchor-cert-cms { grouping trust-anchor-cert-grouping { type trust-anchor-cert-cms; grouping trust-anchor-certs-grouping { type trust-anchor-cert-cms; But also note: $ grep end-entity ietf-crypto-types.yang=20 typedef end-entity-cert-x509 { typedef end-entity-cert-cms { grouping end-entity-cert-grouping { type end-entity-cert-cms; grouping end-entity-certs-grouping { type end-entity-cert-cms; uses end-entity-cert-grouping; uses end-entity-cert-grouping; Note in particular the "cms" types, as they hold a partial sequence of = certificates. The "trust-anchor" sequence always leads to a root = certificate. The "end-entity" sequence always leads to a "CA False" = certificate. These types are meaningfully used in the client/server = suite of drafts. For instance, a TLS server can present a partial = end-entity certificate chain which the client stitches into a partial = trust-anchor certificate chain. It is important to support partial = chains for operational reasons, not to mention a number of crypto = libraries don't support partial certificate path validation. In RFC 4949, "certification path" or "trust chain" or "trusted CA" seem = close. Kent // contributor --Apple-Mail=_F7C0283B-7E3C-4736-8CC2-BAD049812A3D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii [changing the subject line]


it may help to adopt terminology defined in = RFC 4949.

Indeed, = but let's start this inquisition with crypto-types:

$ grep trust-anchor = ietf-crypto-types.yang

=   typedef trust-anchor-cert-x509 {
=   typedef trust-anchor-cert-cms {
=   grouping trust-anchor-cert-grouping {
=       type trust-anchor-cert-cms;
=   grouping trust-anchor-certs-grouping {
=       type trust-anchor-cert-cms;

But also note:

$ grep end-entity = ietf-crypto-types.yang 

=   typedef end-entity-cert-x509 {
=   typedef end-entity-cert-cms {
=   grouping end-entity-cert-grouping {
  =     type end-entity-cert-cms;
=   grouping end-entity-certs-grouping {
=       type end-entity-cert-cms;
=     uses end-entity-cert-grouping;
=         uses = end-entity-cert-grouping;

Note = in particular the "cms" types, as they hold a partial sequence of = certificates.  The "trust-anchor" sequence always leads to a root = certificate.  The "end-entity" sequence always leads to a "CA = False" certificate.  These types are meaningfully used in the = client/server suite of drafts.  For instance, a TLS server can = present a partial end-entity certificate chain which the client stitches = into a partial trust-anchor certificate chain.  It is important to = support partial chains for operational reasons, not to mention a number = of crypto libraries don't support partial certificate path = validation.

In RFC 4949, = "certification path" or "trust chain" or "trusted CA" seem = close.


Kent = // contributor

= --Apple-Mail=_F7C0283B-7E3C-4736-8CC2-BAD049812A3D-- From nobody Wed Oct 9 09:01:37 2019 Return-Path: <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DDB12018D for ; Wed, 9 Oct 2019 09:01:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpqL4irxmkh1 for ; Wed, 9 Oct 2019 09:01:31 -0700 (PDT) Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FA45120145 for ; Wed, 9 Oct 2019 09:01:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570636889; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=RcUDhz1P3nzz+OCvB8A13+Eo7MF1wEEd+3fjmr2ho6E=; b=jgkDCGD/R55ozbMrryznzaOgaM/fPVoSOgb0mEB9QCXYI8qC0Nz9Yf6KAyFlEyn8 +uZfXeYovXXYmWMPuKEKZ1HS3DSMKJ3G/2gtyad9q8foQ7yErNDUeTx+W2K/jRHlX4o lFxX7gRHV4qowX7UR47dHrPDGFjfcvAvVBRU7sNo= From: Kent Watsen Message-ID: <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_54815D30-8FB5-488F-BC5E-E03A1B28AB5A" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 9 Oct 2019 16:01:29 +0000 In-Reply-To: Cc: "Eric Voit (evoit)" , Mahesh Jethanandani , Alexander Clemm , Benoit Claise , "netconf@ietf.org" To: =?utf-8?Q?Bal=C3=A1zs_Lengyel?= References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <0100016d83c486c9-83aece79-684a-4999-b382-dd9c09f24c62-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.09-54.240.8.31 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:01:34 -0000 --Apple-Mail=_54815D30-8FB5-488F-BC5E-E03A1B28AB5A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 H Balazs, > BALAZS2: This drafts does not want to define a file format. It intends = to use the =E2=80=9Cgeneric=E2=80=9D file format defined in = draft-ietf-netmod-yang-instance-file-format. IMHO the whole aim of = draft-ietf-netmod-yang-instance-file-format is to avoid individual = drafts defining file formats. Okay. I see it in Section 3 now. > On the below: >=20 >=20 > I suspect that you will need to do a security analysis per YANG = object. This has been done the other YANG push family. > BALAZS: The full module is readOnly and not sensitive or private in = any manner. The security text for the readOnly parts of YangPush is the = exact same text: not very informative, but gives you the illusion of = security awareness. > =20 > I suspect that manipulating the reporting intervals could have some = security implications. E.g., a hacker could push up the damping period = or periodic interval to a level where the information they are changing = then becomes invisible to a monitoring system. > BALAZS: The full YAM is read-only so manipulating the data is not a = concern. > =20 > =20 > The draft should say something like: > =20 > 1. All protocol-accessible are read-only and cannot be modified. The = nature of the read-only data is not deemed to be sensitive in a way = necessitating access-control restrictions (e.g., NACM) beyond the client = being authenticated. > BALAZS2: OK, Updated with first part, but Rob has asked for an extra = sentence about the dangers of revealing read-only data, I added that = too. > =E2=80=9CAll protocol-accessible data are read-only and cannot be = modified.=20 > The data in this module is not security sensitive. > Access control may be configured, to avoid exposing=20 > the read-only data.=E2=80=9D Okay. s/protocol-accessible data/protocol-accessible data nodes/ > 2. When a file format, the protection afforded by a mutually = authenticated transport protocol. Protection of the data must be = performed manually, so as to ensure that the data is neither seen nor = modified in transit. > Reword as needed. > BALAZS2: Agreed. This is part of normal file handling, transport. So I = reworded this to: > =E2=80=9CWhen that data is in file format, data should be protected = against=20 > modification or unauthorized access using normal file handling = and=20 > secure and mutually authenticated file transport = mechanisms.=E2=80=9D Okay. The end can be shortened, i.e., just "file handling mechanisms". Kent // contributor --Apple-Mail=_54815D30-8FB5-488F-BC5E-E03A1B28AB5A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 H = Balazs,


BALAZS2: This drafts does not = want to define a file format. It intends to use the =E2=80=9Cgeneric=E2=80= =9D file format defined in draft-ietf-netmod-yang-instance-file-format. = IMHO the whole aim of draft-ietf-netmod-yang-instance-file-format is to = avoid individual drafts defining file = formats.

Okay. I see = it in Section 3 now.


On the = below:


I suspect that you will need to do a = security analysis per YANG object.   This has been done the = other YANG push family.
BALAZS: The full module is readOnly and = not sensitive or private in any manner.  The security text for the = readOnly parts of YangPush is the exact same text: not very informative, = but gives you the illusion of security awareness.
 
I suspect that manipulating the = reporting intervals could have some security implications.   = E.g., a hacker could push up the damping period or periodic interval to = a level where the information they are changing then becomes invisible = to a monitoring system.
BALAZS: The full YAM is read-only so = manipulating the data is not a concern.
 
 
The draft should say something like:
 
1. All protocol-accessible are = read-only and cannot be modified.  The nature of the read-only data = is not deemed to be sensitive in a way necessitating access-control = restrictions (e.g., NACM) beyond the client being authenticated.
BALAZS2: OK,  Updated = with first part, but Rob has asked for an extra sentence about the = dangers of revealing read-only data, I added that too.
=E2=80=9CAl= l protocol-accessible data are read-only and cannot be modified. 
        The data in = this module is not security sensitive.
        Access control may = be configured, to avoid exposing 
        the read-only = data.=E2=80=9D

Okay.  s/protocol-accessible = data/protocol-accessible data nodes/


2. When a file format, the protection afforded by a mutually = authenticated transport protocol.  Protection of the data must be = performed manually, so as to ensure that the data is neither seen nor = modified in transit.
Reword as needed.
BALAZS2: Agreed. This is part of normal = file handling, transport. So I reworded this to:
=E2=80=9CWh= en that data is in file format, data should be protected against 
        modification = or unauthorized access using normal file handling and 
        secure and = mutually authenticated file transport = mechanisms.=E2=80=9D

Okay.  The end can be shortened, i.e., just "file = handling mechanisms".


Kent // contributor


= --Apple-Mail=_54815D30-8FB5-488F-BC5E-E03A1B28AB5A-- From nobody Wed Oct 9 09:12:03 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 139AF1208A5 for ; Wed, 9 Oct 2019 09:11:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.401 X-Spam-Level: X-Spam-Status: No, score=-14.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, TRACKER_ID=0.1, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=E0gN+Cbu; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=bemIcmQk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJgaRnGXRTqT for ; Wed, 9 Oct 2019 09:11:53 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD291208DA for ; Wed, 9 Oct 2019 09:11:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13321; q=dns/txt; s=iport; t=1570637513; x=1571847113; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=J5zfk5jYrKbsbsmms4T6f465L0I8jz5dojWqZyuJSu0=; b=E0gN+CbuqY9QZ5W1e29ZkOk5jqCa+uZbi6Zw85L58lSirk1E55XQR9D+ 77umbwoJ8pjYMUNOwvFmoF3WZYHnPXqZoKXkQgWGImPAUWZrHdyPseaeA yieYgeZzMsUJzQkTdC4ovkT8utXqax5h6qeeGrGM2Y/NsEJB7HGI5+qQT 8=; X-Files: smime.p7s : 3975 IronPort-PHdr: =?us-ascii?q?9a23=3AVK2/Ex8Svr/v8P9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+/bB7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcObDkznBPXrdCc9Ws9FUQwt8g=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAADNBZ5d/5pdJa1lGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFoBAEBAQELAYEbL1ADbVYgBAsqCodgA4pFTYI?= =?us-ascii?q?PkxyEYYEuFIEQA1QCBwEBAQkDAQEjCgIBAYRAAoJPIzUIDgIDAQMCAwEBBAE?= =?us-ascii?q?BAQIBBQRthS0MhUsBAQEEEhsTAQE1Aw8CAQgRBAEBKAcCMBQJCAEBBAESCAY?= =?us-ascii?q?UgwGBHU0DHQECDKU3AoE4iGGCJ4J9AQEFhQcYghAHAwaBNAGBUoNDhngYgUA?= =?us-ascii?q?/gRFGgkw+gmEBAQIBgSsBEgEhFRYJgwqCJo0SiRiXHQqCIoNCgjAyZI4smUC?= =?us-ascii?q?OLYgikRQCBAIEBQIOAQEFgVMBN2dxcBU7gmxQEBSBT4NzhRSFP3QBgSiQd4E?= =?us-ascii?q?iAYEiAQE?= X-IronPort-AV: E=Sophos;i="5.67,276,1566864000"; d="p7s'?scan'208,217";a="353700946" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Oct 2019 16:11:52 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x99GBqv7024579 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 9 Oct 2019 16:11:52 GMT Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 9 Oct 2019 11:11:51 -0500 Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 9 Oct 2019 11:11:50 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 9 Oct 2019 12:11:50 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ARBBG6CJ/dcsoTIH0C6cJraThKCb4uXkHA0bQwPL1YmRlJHA5ipDYBSalmEM8jCdr1v6z5Zmh/fmNHgAJi1o60ro3ZQGgH9kEhUAbAucr3Xg1zUR3Iy2bhmVh89AcyXWneimYLpciimMcgWWlL5IeF6Qjzfws7L2SgOxflG/ZlV0UC0aYQnENjPhQ7LZbfsXQYPHwhO0xYoq58eIPPSZMZRoicb/P1DO33VTtAdz0wwENtFVfm4FlTA2uxWBZ7odNltD3j73kZvHcBF2Qd3i4DKXzUAOLQYG8oACjDJbsFE5S4VsCiZKgncDKvqXvLwT3Svik2XZjpPT/3bzt5STQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZI2++GZTuF/QVzAAiRLXDq6ZChdpVXqa4MSimS/ESuk=; b=JP4tNnvjcN+dARA4V96FEvOlGPSVeWlQKcnVm+gIszYM9qw9jyTbhrUCWNO52uQKh7YKgJX7MfUjL9t6FhJSuh5z6lZ+ie8PYBETYYLzRGFJRP6NAxRrtpTMn0+iQMUadt9x9Bn8MXv3UYk2M9bYaqKm10DOhTjYMRm8ha+9D6Ze9384b2+4FQ/5KDEcOEaqBSJuIopnO9TFnuvdlni/CkhakQNSel/70GZttDeQrWos/z9GU5CT0hO3vO9xc+yn0gZfBvs07Ya0b/8haWy+/xFOLAw/E6d/TjzyoaQgdOSaCurblxX09dmSI9goBH25Bs5ITHn2bBjt2N1MiQcPGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZI2++GZTuF/QVzAAiRLXDq6ZChdpVXqa4MSimS/ESuk=; b=bemIcmQk9JOnTVapM+Zx5USm9nO6aKoUz092xlEFnjoWlbRz+hzJkVzv6Bvjz2nbPgT8heDGVqNI2yTLt7yd45aKTG4xW8k9v7+3J9L8We8dv5+7leemFjDEMPcHRPHM6kjRUZAuTnemTdDuymlGJtENb0Xw09wd30s8Y73du5A= Received: from BN7PR11MB2627.namprd11.prod.outlook.com (52.135.255.31) by BN7PR11MB2612.namprd11.prod.outlook.com (52.135.246.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Wed, 9 Oct 2019 16:11:49 +0000 Received: from BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::f067:b6d2:8855:b605]) by BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::f067:b6d2:8855:b605%6]) with mapi id 15.20.2347.016; Wed, 9 Oct 2019 16:11:49 +0000 From: "Eric Voit (evoit)" To: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= , Netconf , Alexander Clemm , "Rob Wilton (rwilton)" Thread-Topic: More capabilities for ietf-notification-capabilities (WGLC) Thread-Index: AdV+rn5v2Ucx0GJ9Tj2SEjVbMpaBTAAB6UTQ Date: Wed, 9 Oct 2019 16:11:49 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com; x-originating-ip: [173.38.117.86] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a0aa6e7d-88b8-4a44-324a-08d74cd363e4 x-ms-traffictypediagnostic: BN7PR11MB2612: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 018577E36E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(39860400002)(396003)(366004)(376002)(189003)(199004)(55016002)(66574012)(14444005)(478600001)(71190400001)(66066001)(99936001)(99286004)(71200400001)(81156014)(15650500001)(316002)(7696005)(8676002)(66446008)(2420400007)(2906002)(110136005)(81166006)(33656002)(256004)(26005)(6436002)(6506007)(8936002)(5660300002)(76176011)(64756008)(53546011)(6306002)(9686003)(236005)(66616009)(66476007)(66556008)(76116006)(186003)(54896002)(102836004)(66946007)(606006)(25786009)(86362001)(6116002)(6636002)(790700001)(966005)(229853002)(52536014)(6246003)(7110500001)(3846002)(14454004)(486006)(446003)(11346002)(476003)(7736002)(74316002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2612; H:BN7PR11MB2627.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vthvQRZ0CkNKVFrMiO2mKHymEBszGjs5XOzfdYYXhaBTDY3nlxyapoWy3/NtFYQtGp47oRPEQgUJPvmpGWDtSRlNPgNLdIWAwWhA/pFkEFoNdb5wy4yvY3J8IDa3ZFaqdEDJ1Jimjf0oSx1Mzc+XoTdTsbRuJhx4yfV47ZLJDh5gfo6aCRwLUeSZoh0ifJ7XsfVTPz/VyJzMM/wgvYRcyde9BlTsjXguAOyA1taGLt7aKDojOzJdMKbFhOAXcCvSw5qwtlrVRmyrxLYjBLCJyhmBjHFP3yWmFL56BzNmId0iE3Tjo7GaFWCEab30WSVrqMxE5AKDAWxWulpk76XbAZLipFQsBoX5BlbbXal2aAWBPPIFkV0RsskEemDNvqDxnQI72f/C4tz9vhvdLjRbTNOHF8IjOqDJ/9o0g3JvlSE= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_068E_01D57E9A.B8724EA0"; micalg=SHA1 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: a0aa6e7d-88b8-4a44-324a-08d74cd363e4 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2019 16:11:49.2265 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: R5IwLMcvHQ5SVqjtKGko0ytdlj4/3IV/VPS2Xgj/r96pCxX3yLNLMkBRWwDTfZOn X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2612 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [netconf] More capabilities for ietf-notification-capabilities (WGLC) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:12:00 -0000 ------=_NextPart_000_068E_01D57E9A.B8724EA0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_068F_01D57E9A.B8724EA0" ------=_NextPart_001_068F_01D57E9A.B8724EA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have no objection to these additions. =20 Eric =20 From: Bal=E1zs Lengyel =20 Sent: Wednesday, October 9, 2019 10:33 AM To: Netconf ; Alexander Clemm ; Eric Voit (evoit) ; Rob Wilton (rwilton) Subject: More capabilities for ietf-notification-capabilities (WGLC) =20 Hello, During WGLC it was asked that we could/should add some more = capabilities to the ietf-notification-capabilities model. In https://tools.ietf.org/html/rfc8641#appendix-A.1 there are two more = error conditions mentioned. cant-exclude=20 datastore-not-subscribable =20 The publisher might be able to declare which change types can be used in = the leaf-list excluded-change=20 The publisher might want to declare that not even periodic subscriptions = are supported for a specific datastore. Some people stated that supporting periodic subscriptions is mandatory if RFC8641 (Yang-Push) is supported, = so we should not add this capability. But is it really mandatory to support periodic subscriptions for e.g. the start-up datastore? =20 I intend to add these 2 to the model. =20 Opinions? =20 Regards Balazs =20 =20 --=20 Balazs Lengyel Senior Specialist Ericsson Hungary Ltd.=20 Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com =20 =20 ------=_NextPart_001_068F_01D57E9A.B8724EA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I have no objection to these = additions.

 

Eric

 

From: = Bal=E1zs Lengyel <balazs.lengyel@ericsson.com>
Sent: = Wednesday, October 9, 2019 10:33 AM
To: Netconf = <netconf@ietf.org>; Alexander Clemm <ludwig@clemm.org>; Eric = Voit (evoit) <evoit@cisco.com>; Rob Wilton (rwilton) = <rwilton@cisco.com>
Subject: More capabilities for = ietf-notification-capabilities (WGLC)

 

Hello,

During WGLC = it was asked that  we could/should add some more capabilities to = the ietf-notification-capabilities model.

In https://tools.i= etf.org/html/rfc8641#appendix-A.1 there are two more error = conditions mentioned.

cant-exclude =

datastore-not-subscribable

 

The publisher = might be able to declare which change types can be used in the =  leaf-list excluded-change

The publisher might want to declare that not even = periodic subscriptions are supported for a specific datastore. Some = people stated that supporting periodic subscriptions is mandatory if = RFC8641 (Yang-Push) is supported, so we should not add this capability. = But is it really mandatory to support periodic subscriptions for e.g. = the start-up datastore?

 

I intend to = add these 2 to the model.

 

Opinions?

 

Regards = Balazs

 

 

-- =

Balazs = Lengyel           =          Senior = Specialist          &nb= sp;         =    Ericsson Hungary Ltd.

Mobile: = +36-70-330-7909         &nbs= p;    email: Balazs.Lengyel@ericsson.com

 

------=_NextPart_001_068F_01D57E9A.B8724EA0-- ------=_NextPart_000_068E_01D57E9A.B8724EA0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMWTCCA0Mw ggIroAMCAQICEF/4eygrVNyNQqMVtWjJrf8wDQYJKoZIhvcNAQEFBQAwNTEWMBQGA1UEChMNQ2lz Y28gU3lzdGVtczEbMBkGA1UEAxMSQ2lzY28gUm9vdCBDQSAyMDQ4MB4XDTA0MDUxNDIwMTcxMloX DTI5MDUxNDIwMjU0MlowNTEWMBQGA1UEChMNQ2lzY28gU3lzdGVtczEbMBkGA1UEAxMSQ2lzY28g Um9vdCBDQSAyMDQ4MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAsJq5q6evCnen4nG2 tGZilHiIR8ZiVYRAMr/Aqy6lHHHWvG57qKq6btIViEhFnaL8g9DMuYzgJmhwSnjfIRee9GEFyRXI zxbaNWGJlEOohKgxmHibuU5vLFMSbM0drSskuzHEK/+DRG+2PSR3Ceq/Kqgfalb2IA8RVJeBdacl zllqgmXvt+rn4o11i27y3U+mXmKczxAKZNBObc4rzFv1YKUnR41p9H/OG3DecBsg1m7NpgGoPBLS qT+ga167jiCLepHjtWjuoOfEAXSoUwsrSpoPZRIOgk2OY/3v65sa21OmE2Cvwn3Xx2wXJdRz+0dk UIGAlEzhv65LHN+S7S4F3wIBA6NRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYD VR0OBBYEFCfzyBUebpoCCRatK6CJYF/aey+qMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEB BQUAA4IBAQCdnYSEo0GpfHcMt1PKTkRQYu9UfNN1Fxzo4MZIS7b+TDoZgVawVu4ZlmKqWqNkwfZO VDPGd/7FHLrlXSXK9fCTmoMRLubL+HRF/ucFuKvn38tL4TeE2rmLl3Ae8OKL17DYDp2xadYqkXup SU9+5o6V2IMnPNVoSQ7UnfYu66e+6zCkrB9E/JWrMwb7fWAK3rSKY7CcqfKkuVMBh9BopCd/q//p +slAOIhntDnGhG9XyVPbuo7uwEOy+AmDbv9mzz7vF7NYGCUJNF7jy9YUtuzykm905C+BKtWSkeDg lzwyaAWFS9H3V+JSHZMaVJ8FcMBKcWAeQwtgHv6jzoEZ4Qs1MIIEbjCCA1agAwIBAgIKYRCAbQAA AAAADjANBgkqhkiG9w0BAQUFADA1MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJD aXNjbyBSb290IENBIDIwNDgwHhcNMTQwNDA0MjAyNDE4WhcNMjkwNTE0MjAyNTQyWjAsMQ4wDAYD VQQKEwVDaXNjbzEaMBgGA1UEAxMRQ2lzY28gRW1wbG95ZWUgQ0EwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDK334WTFMV+yNWzca5ZQoEleXeTEVnjAzHBuCrH21fNyp75+2jrYB/Ecjz guvun1DZyb89oS+7PBEHNe+4pdlRTtmw91OglIAsLJJlrRBvoYZrX0AKmaVQRBqQTc/mTPtGBo1I 4wfX4a1j19XoJwAVv24HskO7ZQYvffZZXZsSxSx9vetEsFLhwvwe7Z1Z9x2Tp6sxpkJCOSfTgWLG VCwmjNs9FNCojhXqKKQb/r2sPJ5N1tVMr4zL/0ufBWwPcYEyJGHtGau+6nG0aIy7yPTkiz93U6J+ FZ5zC+NXdF6D0uiTxsw0kQwCl53XB5N1VLRfgywCF6iwkGV32VLk7iJ3AgMBAAGjggGHMIIBgzAQ BgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQUn5U2tI5d1UvDCsGnKZNDUQb9iVEwGQYJKwYBBAGC NxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0j BBgwFoAUJ/PIFR5umgIJFq0roIlgX9p7L6owQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL3d3dy5j aXNjby5jb20vc2VjdXJpdHkvcGtpL2NybC9jcmNhMjA0OC5jcmwwUAYIKwYBBQUHAQEERDBCMEAG CCsGAQUFBzAChjRodHRwOi8vd3d3LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY2VydHMvY3JjYTIw NDguY2VyMFwGA1UdIARVMFMwUQYKKwYBBAEJFQEVADBDMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3 LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvcG9saWNpZXMvaW5kZXguaHRtbDANBgkqhkiG9w0BAQUF AAOCAQEAPk6+IxpGAo1ea9uKAjQLY5vlATwmXYxwsiTrYF7sioRkLhtZFaNnGuEW4/3gTX1EmiMo 0u2296If50TN7W3qhiFUKKxsYbz7yGVQBECKKov8n24YnvXFPqWiqRwArnGmF7tJMktKWBOTTDbp 9y8N6IDrOF1UecqFUqSk4lZ30w0HIU6cJDIM4r6lw3EtTog31PAvVmhGR0VrXVCIJfc6KaTxiEGt U35XMYYq1uBnh9hTq4GjdXe+2yHIOke0aSfV7t/39NZxjbp60XMvfd3NpniUKGXDiXdeQuroB8IQ MXl2OkF2IJGPCkFQghsJKbIRIG8D6wviPyLW+j+4Rqu2sDCCBJwwggOEoAMCAQICCgGGHkPWlB04 96IwDQYJKoZIhvcNAQELBQAwLDEOMAwGA1UEChMFQ2lzY28xGjAYBgNVBAMTEUNpc2NvIEVtcGxv eWVlIENBMB4XDTE5MDYxNDEyMTIzNFoXDTIxMDYxMzEyMjIzNFowgZIxGjAYBgNVBAMTEUVyaWMg Vm9pdCAoZXZvaXQpMRQwEgYDVQQLEwtDaXNjbyBVc2VyczESMBAGA1UECxMJRW1wbG95ZWVzMRMw EQYKCZImiZPyLGQBGRMDY29tMRUwEwYKCZImiZPyLGQBGRMFY2lzY28xHjAcBgkqhkiG9w0BCQEM D2V2b2l0QGNpc2NvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIAZHOvN3UgE S1WSqNst+IZ44ptBZ+BHmyDmrLdjDiSuB5huzYxbcUFiN8ocvyAUFPS0s495oI/wnNvfUlomi5KO yJMvOdComHEquPtofQIIMn2FhYOlMZEJj4eC1nWI7DpnTChuIVoRj6bTcZNlOjX/Gxk8wcFJh64M mV58sSvHftNDUKDBYOQUmGmCiieGKI+MrIuhpxdNJQuljC18Jj+hq3Y+E1tI9Z0MqdaBEAUF97+v Z/iRZE1YFAOv78XSYFRzb+/g42/GzWBUCKSQDfwACXh89JsSNoXoVvvM3rZvYzEuQhZvTyHqi9pp W+70bkbEF9M7cX1yTPDc1Yr6PfkCAwEAAaOCAVcwggFTMA4GA1UdDwEB/wQEAwIE8DAMBgNVHRMB Af8EAjAAMHoGCCsGAQUFBwEBBG4wbDA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5jaXNjby5jb20v c2VjdXJpdHkvcGtpL2NlcnRzL2NlY2EuY2VyMCwGCCsGAQUFBzABhiBodHRwOi8vcGtpY3ZzLmNp c2NvLmNvbS9wa2kvb2NzcDAfBgNVHSMEGDAWgBSflTa0jl3VS8MKwacpk0NRBv2JUTA6BgNVHR8E MzAxMC+gLaArhilodHRwOi8vY2lzY29jZXJ0cy5jaXNjby5jb20vZmlsZS9jZWNhLmNybDAaBgNV HREEEzARgQ9ldm9pdEBjaXNjby5jb20wHQYDVR0OBBYEFIDTgXbBj6x3IEXvxtrJTbJFjKDbMB8G A1UdJQQYMBYGCisGAQQBgjcKAwwGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAowdP8izTr +GtcksOcgtT7KFPnW2Pcz7vMei6CMnGC4pAU4LUtHKBHKBJdr05RkV5wSDSeXsCmUQcj7PgeXwzQ KbDA6D3/6gRGBkMLZJQvqRiAXi+1CfXpg7mUr2B7IFC4mnm0V7MpCg8TU3jLKMB4Gidqh4Tmure0 JEOD1AgOsAtxW+x2+hPm+HpGOv/wuxoEXK0uB8snFLRRyTQYGR5AtqLDJGvk6Ref3uHseaZYGD2f 1XK05BfTdsNnjBjPeVI6vmRSdTCLr/kTO2dQG6q+LisAl4rA+4iHEgky3LeWj4T+pLa1g9Gj02qG +gKA5g05T5NUsRlPSx6+YGbSxA+bMYIC8DCCAuwCAQEwOjAsMQ4wDAYDVQQKEwVDaXNjbzEaMBgG A1UEAxMRQ2lzY28gRW1wbG95ZWUgQ0ECCgGGHkPWlB0496IwCQYFKw4DAhoFAKCCAYswGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkxMDA5MTYxMTQ2WjAjBgkqhkiG 9w0BCQQxFgQUIRTRJK9IK9s+d689IQJZayp8hvgwSQYJKwYBBAGCNxAEMTwwOjAsMQ4wDAYDVQQK EwVDaXNjbzEaMBgGA1UEAxMRQ2lzY28gRW1wbG95ZWUgQ0ECCgGGHkPWlB0496IwSwYLKoZIhvcN AQkQAgsxPKA6MCwxDjAMBgNVBAoTBUNpc2NvMRowGAYDVQQDExFDaXNjbyBFbXBsb3llZSBDQQIK AYYeQ9aUHTj3ojCBkwYJKoZIhvcNAQkPMYGFMIGCMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYw CgYIKoZIhvcNAwcwCwYJYIZIAWUDBAECMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAH BgUrDgMCGjALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAsGCWCGSAFlAwQCATANBgkqhkiG9w0B AQEFAASCAQA9tNhmN0D2BvejSha2Qce0j4RoTYhrkHELyiHYXolwIsESQ9NLW2jaYPNrNJxP1EHP pTKD5c3MsR4l3gRjj3wlGfIGdTLcz/ZWRw9D8NQFvmnj3AgIjXdEsC1h4LfnprMsGDCayEAAEQEw WXsj7/9BJyfRgk81NQDOXDOrt4mMBW6BRakSTXWgcr1MhEditXUZJTCuKglH9O0HNpOwbUtWeziE /aHFIVn4MM31KQStv/Ukl2Iqa8izszxDlHJnKDoV2X8b4JTjUrpw/sVmyygBfYISafP6oZuAxhxp 73DDS7BkNaMHYDRi3OIoFmzXVljJnn1x+MnXap0OE6vREXD6AAAAAAAA ------=_NextPart_000_068E_01D57E9A.B8724EA0-- From nobody Thu Oct 10 01:37:49 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3618120BFF for ; Thu, 10 Oct 2019 01:37:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8Y4LR6LJyXl for ; Thu, 10 Oct 2019 01:37:41 -0700 (PDT) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10088.outbound.protection.outlook.com [40.107.1.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E05EF1200CE for ; Thu, 10 Oct 2019 01:37:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=obtjVskrPPJUQmkcsBPdcNHYtUsVsdi7qpXP8z1t8vjaCYWNi+nTPw0lS3apiV27ksSdD/vbc6azDjgkki9bZ6W9hCDfPt2xRiGL3lq3Y2LwfBh4/Lsqd8VMrU45DqzLjguzjuSkqj3vVnT8IfnPAxvsbwB09RsC1oDd/qEUWw219HKXfgTW+tFUmT5ktv288mtzCMIFrUzn9AEauJCUkONlIf2EjyvSWoqPw/a2k/RinSQiujgAIwgK3IJ8is31N5Qe/kdkKWnYUmjsuntkJ3lLPvuBXODdZFW0T63x7jx9QycTBZb3xV05ZdcpIvI6uFvO+psd7D20Y04D1QnlzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=puk3m8iRN5vJgdpZv+TvOjOEzkpiLEPXR6Ip7UzgciA=; b=KXLODAVBXYSZt9seaLSSCerDMckq5PdHulvR3Ck47iBMmQs/d3CCkTM5qAKwGTsTFToWKyjJLVwae/l6uK4oP8qCzgeicwessdyTmjsGGbXSHUjAvXjKRAavvL1qpXGswigtaP60Gl+HlP9pLBXJ7+Vqio6tJSAnzGcZ+9AfAr48mDi+urOjoLAjqVw/Jp3KNaML6oMTwsg+RqA+RG1jVmx0HZFCkuxMTGyKyp/bEPNczopN23MWmLNq0JtTFw59wplBZXYNDimi0INodTPqoTJjU63qkGcyUUI7TD207ZLMhDTigOrXJAlmXEti1qNv4vxiNiTg+gh2k/w2+zlvpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=puk3m8iRN5vJgdpZv+TvOjOEzkpiLEPXR6Ip7UzgciA=; b=R17nq5VWyhyrzX+e/iP/ZRkeizAu/LUK0BoI1NOhfBCOWvyfaM8+CgtuSp9Jv13Mj54ZcT5Vhh+YfaZw7wfTkmgB5mnvC/VMCwooFQ3q5jLltJnfQMb5qTH3UiBneBNQW+UuJTQkvPiOFyV3YQzFBNaXnHSGhPD02m63JkTiOKk= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2126.eurprd07.prod.outlook.com (10.169.136.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.15; Thu, 10 Oct 2019 08:37:38 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc%12]) with mapi id 15.20.2347.016; Thu, 10 Oct 2019 08:37:36 +0000 From: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= To: Kent Watsen CC: "Eric Voit (evoit)" , Mahesh Jethanandani , Alexander Clemm , Benoit Claise , "netconf@ietf.org" Thread-Topic: [netconf] WGLC for draft-ietf-netconf-notification-capabilities Thread-Index: AQHVaCiq/P3ytjAdYEi7Gp+LSYgUDqc7MLcAgAA5KYCAA/LsEIAFZuYAgARZyDCACYfTgIABFhoA Date: Thu, 10 Oct 2019 08:37:35 +0000 Message-ID: References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <0100016d83c486c9-83aece79-684a-4999-b382-dd9c09f24c62-000000@email.amazonses.com> <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@email.amazonses.com> In-Reply-To: <0100016db140fe70-7564d937-87d1-450c-9267-2e1235e3fbb4-000000@email.amazonses.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 90ac9691-b20b-4836-30a4-08d74d5d1a7b x-ms-traffictypediagnostic: VI1PR0701MB2126: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2803; x-forefront-prvs: 018632C080 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(39860400002)(136003)(376002)(346002)(189003)(199004)(99936001)(66574012)(478600001)(11346002)(76116006)(8676002)(7110500001)(486006)(66446008)(6116002)(229853002)(64756008)(66556008)(66476007)(66616009)(8936002)(66946007)(790700001)(476003)(76176011)(6436002)(3846002)(15650500001)(81156014)(2420400007)(81166006)(33656002)(446003)(71200400001)(71190400001)(4326008)(2906002)(6246003)(316002)(26005)(186003)(55016002)(14454004)(66066001)(99286004)(9686003)(52536014)(6306002)(54896002)(102836004)(85182001)(25786009)(85202003)(74316002)(256004)(6506007)(14444005)(53546011)(7696005)(5660300002)(86362001)(9326002)(54906003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2126; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Mzopx0B/0WKKBWURmCv2VXsFs/M4kpnFSPuglxQl/e2flY+uqLmfj4yaSS6pKs2WknhuZsDf7/evP+Cdvg7i05zgD31U1co2AQLq9B7aEgxGzILsYNp/ggu+E1kbRHJ+YorP4XfRHeX+g7OEiD0sGrix+z6Tsx8m2/roGvjcxQ0ZgQljer3cw61Ni5cun+c8mQB0Cw5D/F8i5WA29p68AoZepy/QuqsCemcyeZDQR0C90HETl4GqUEyMJ2V6QTy21gu/i68L7NArCoOjC8WZg8n6d+RZvFynGARE0mO5phfBWQakWded47qqtiith4SeJC+mkJ2zZDkmKaTE+5KZk5+Hr1KuR01Tx9F0nAZYTZA3QhzsGGL471K+G1JJsquy6ya+qL3ElzQDAjmX66W2xM0tCyfgi2DInxu0pzi6rys= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_02D2_01D57F56.BA41B100" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 90ac9691-b20b-4836-30a4-08d74d5d1a7b X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 08:37:35.9196 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: sP8tfJRQgceqSCQFE47W7dSW/7mBucLnt7eFMZQVE9KepeJLjxmU6SbHQTH0WGdRJB5vuam9ERiHML+yMjserTw5qm3iFqi1Oh6/AjY6sXQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2126 Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2019 08:37:49 -0000 ------=_NextPart_000_02D2_01D57F56.BA41B100 Content-Type: multipart/alternative; boundary="----=_NextPart_001_02D3_01D57F56.BA41B100" ------=_NextPart_001_02D3_01D57F56.BA41B100 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I added your comments to the upcoming next version of the draft. Regards Balazs =20 From: Kent Watsen =20 Sent: 2019. okt=C3=B3ber 9., szerda 18:01 To: Bal=C3=A1zs Lengyel Cc: Eric Voit (evoit) ; Mahesh Jethanandani = ; Alexander Clemm ; Benoit = Claise ; netconf@ietf.org Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities =20 H Balazs, =20 BALAZS2: This drafts does not want to define a file format. It intends = to use the =E2=80=9Cgeneric=E2=80=9D file format defined in = draft-ietf-netmod-yang-instance-file-format. IMHO the whole aim of = draft-ietf-netmod-yang-instance-file-format is to avoid individual = drafts defining file formats. =20 Okay. I see it in Section 3 now. =20 On the below: I suspect that you will need to do a security analysis per YANG object. = This has been done the other YANG push family. BALAZS: The full module is readOnly and not sensitive or private in any = manner. The security text for the readOnly parts of YangPush is the = exact same text: not very informative, but gives you the illusion of = security awareness. =20 I suspect that manipulating the reporting intervals could have some = security implications. E.g., a hacker could push up the damping period = or periodic interval to a level where the information they are changing = then becomes invisible to a monitoring system. BALAZS: The full YAM is read-only so manipulating the data is not a = concern. =20 =20 The draft should say something like: =20 1. All protocol-accessible are read-only and cannot be modified. The = nature of the read-only data is not deemed to be sensitive in a way = necessitating access-control restrictions (e.g., NACM) beyond the client = being authenticated. BALAZS2: OK, Updated with first part, but Rob has asked for an extra = sentence about the dangers of revealing read-only data, I added that = too. =E2=80=9CAll protocol-accessible data are read-only and cannot be = modified.=20 The data in this module is not security sensitive. Access control may be configured, to avoid exposing=20 the read-only data.=E2=80=9D =20 Okay. s/protocol-accessible data/protocol-accessible data nodes/ 2. When a file format, the protection afforded by a mutually = authenticated transport protocol. Protection of the data must be = performed manually, so as to ensure that the data is neither seen nor = modified in transit. Reword as needed. BALAZS2: Agreed. This is part of normal file handling, transport. So I = reworded this to: =E2=80=9CWhen that data is in file format, data should be protected = against=20 modification or unauthorized access using normal file handling = and=20 secure and mutually authenticated file transport = mechanisms.=E2=80=9D =20 Okay. The end can be shortened, i.e., just "file handling mechanisms". =20 =20 Kent // contributor =20 ------=_NextPart_001_02D3_01D57F56.BA41B100 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Hello,

I added = =C2=A0your comments to the upcoming next version of the = draft.

Regards = Balazs

 

From: Kent Watsen = <kent+ietf@watsen.net>
Sent: 2019. okt=C3=B3ber 9., = szerda 18:01
To: Bal=C3=A1zs Lengyel = <balazs.lengyel@ericsson.com>
Cc: Eric Voit (evoit) = <evoit@cisco.com>; Mahesh Jethanandani = <mjethanandani@gmail.com>; Alexander Clemm = <ludwig@clemm.org>; Benoit Claise <bclaise@cisco.com>; = netconf@ietf.org
Subject: Re: [netconf] WGLC for = draft-ietf-netconf-notification-capabilities

 

H = Balazs,

 



BALAZS2: This drafts = does not want to define a file format. It intends to use the = =E2=80=9Cgeneric=E2=80=9D file format defined in = draft-ietf-netmod-yang-instance-file-format. IMHO the whole aim of = draft-ietf-netmod-yang-instance-file-format is to avoid individual = drafts defining file = formats.

 

Okay. = I see it in Section 3 now.

 



On the below:




I suspect that you will need to do a security analysis = per YANG object.   This has been done the other YANG push = family.

BALAZS: The full module is readOnly and not = sensitive or private in any manner.  The security text for the = readOnly parts of YangPush is the exact same text: not very informative, = but gives you the illusion of security = awareness.

 

I suspect that manipulating the reporting intervals = could have some security implications.   E.g., a hacker could = push up the damping period or periodic interval to a level where the = information they are changing then becomes invisible to a monitoring = system.

BALAZS: The full YAM is read-only so = manipulating the data is not a = concern.

 

 

The draft should say something = like:

 

1. All protocol-accessible are read-only and cannot be = modified.  The nature of the read-only data is not deemed to be = sensitive in a way necessitating access-control restrictions (e.g., = NACM) beyond the client being authenticated.

BALAZS2: OK, =  Updated with first part, but Rob has asked for an extra sentence = about the dangers of revealing read-only data, I added that = too.

=E2=80=9CAll = protocol-accessible data are read-only and cannot be modified. 

        T= he data in this module is not security = sensitive.

        = Access control may be configured, to avoid exposing 

        t= he read-only = data.=E2=80=9D

 

Okay. =  s/protocol-accessible data/protocol-accessible data = nodes/




2. When a file format, the protection afforded by a = mutually authenticated transport protocol.  Protection of the data = must be performed manually, so as to ensure that the data is neither = seen nor modified in transit.

Reword as = needed.

BALAZS2: Agreed. This is part of normal file = handling, transport. So I reworded this = to:

=E2=80=9CWhen that data = is in file format, data should be protected against 

        m= odification or unauthorized access using normal file handling and 

        s= ecure and mutually authenticated file transport = mechanisms.=E2=80=9D

Okay.  The end can be shortened, i.e., just = "file handling mechanisms".

 

------=_NextPart_001_02D3_01D57F56.BA41B100-- ------=_NextPart_000_02D2_01D57F56.BA41B100 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAxMDA4MzczNFowIwYJKoZIhvcNAQkEMRYEFHhcXsI8wRBGc57yjJuQgTgqIvXiMEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQCvbhzByx7T8jIVJcHtQs8ooQ9bOmXzyajaybO/dJi2q4q6Qys+fI4v P4vxWqRLcTJOLF0ZttpCNq+gpNB/CM5z6pexQp7eg8BeowA+D+yw0FDHxceIpBWOcEAjY2H4kbk8 b7W+t3rKWquHXHA4FqO/UI/BIbxbXL5+1agYbQl9E6K8mh/GLb0gV1IYZy5xyqLHcHYKwvU/okEk mZTaamGToIkLWER6JthDxLGBQmlqjSzDhz4ITOBGThJNKwJ/tPNI/van0E4fwIPF48hQjHWfa+PA bkN5TDDBcNZXK/Qsp4TDi74bprlzdAcPHecb9x2jYI7Lc4eKprNbLEiJSKIFAAAAAAAA ------=_NextPart_000_02D2_01D57F56.BA41B100-- From nobody Fri Oct 11 02:43:45 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C618612004D for ; Fri, 11 Oct 2019 02:43:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.99 X-Spam-Level: X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZsHTLetI6sH for ; Fri, 11 Oct 2019 02:43:40 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140088.outbound.protection.outlook.com [40.107.14.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51870120046 for ; Fri, 11 Oct 2019 02:43:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X/iH0Txw3Myd1DQ0gsgNZvUpQxCPJzqtkbIfcARqWjK87yHUbxRLXa6CaZlLogeuLId+oS4SApXHf2ujIxVQaIb6tJWw0amfB2BplvigohkvN1r6G4h/pbUhVZivoNsyRGlOXiDveRU0TY68BIliFgkUjJxMxNSjObotfEKJVpzA2NC0JkD+E7rmQ5Hd/bEWzClp3Fh0QPzXGJQtlf1H1PYijhoBpWXZL3VMSEvOwPIQAFBkouRa544gbOdS0NWZmV95+XyHo+Iq4pKms+bNaKssJLAzwV4uFGPUHWOQ5xDnzEBvZI5ZI2wWxwjpwKEcuL9iEmxtEu11j36+Tbwp+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XY66xn22tnHk03c/jU1zYlSYIdpUfSXoKk/EAGrsG90=; b=aF2/5nDIxJY8D07HHbqPIShCogeXhSv1BsWafbgq1p6ZkPKGaojsvI2Yf3ftOjZwq/NI3FnA23hGO7bruI24ulHhexYCdEIRi5aTwThVakkmpKFHlm1Z4VqDd2ETyanzCXjFnjIutWFwLo5qml70zfsQYAFIHMmzZfoqB3ITuYYqILUW/K4UrssS7MSJId0AHslEGMND5m/yq+6lgmg8h5xbNlnsqK1+unbxi+LYf/6smGOLk+aCPzRO6oFSzMPn2FS2Rmeh3/8jMthDhhW4EjHs7oljFGbFWRe4HhikEQf+HPIHITqWkpKSWPIeqRvu4qo1HDRLHoO6u2QJgRZcNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XY66xn22tnHk03c/jU1zYlSYIdpUfSXoKk/EAGrsG90=; b=EQ0Kqm+Yf93R9m0sp8OKn/p3cdX1caxM2LrxhNcvH8EBS5a0SSlMi3FkJGJHVsc44NCB6VcCceGKWVhVRI2e3yRkDKzsRrcBH6TydHf/+q/NyNGr/VIEGAmKeSbQPVgsCDg9JB9MM2ovzeVbCFKiLMcqxlWg4WpOcWHHM8uKro8= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2126.eurprd07.prod.outlook.com (10.169.136.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.15; Fri, 11 Oct 2019 09:43:38 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::2d49:4ace:81d8:2fbc%12]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 09:43:38 +0000 From: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= To: "netconf@ietf.org" Thread-Topic: UserId for authentication in https-notif Thread-Index: AdWAGFY5+dlP7d4qSc+cRmg/x1uo9g== Date: Fri, 11 Oct 2019 09:43:38 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0714c667-18ca-48f2-7961-08d74e2f7e25 x-ms-traffictypediagnostic: VI1PR0701MB2126: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2958; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(346002)(396003)(136003)(376002)(189003)(199004)(26005)(476003)(6506007)(478600001)(9686003)(1730700003)(81166006)(81156014)(54896002)(6306002)(102836004)(7696005)(8676002)(486006)(2501003)(71200400001)(99286004)(316002)(9326002)(186003)(71190400001)(33656002)(8936002)(74316002)(66446008)(2906002)(6916009)(66556008)(66476007)(64756008)(66616009)(99936001)(25786009)(5660300002)(52536014)(66066001)(66946007)(45776006)(5640700003)(14454004)(7736002)(76116006)(55016002)(2351001)(256004)(558084003)(14444005)(86362001)(3846002)(6436002)(6116002)(790700001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2126; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pmZGIN1K3ZGRoFxky7Ws1hn/22uWMSY+qoys9VJtja7adRVL2rENQOiY9mPI/1YRuevVTOczzzSSUhh41tYMu32ICgsDQSn+mIbfBxMBeI01kEiwMPuSghpGYzLz4ZbRlvZoihQCdBQrVFv2U3DUcaW9q3f1R0C1IvGjBG22PZ+9fDIS7kt//ut74zcxWutZfmryEXPPCIt1nj8JHBlajpqhry9pgt0dUrwm7N0Qx5mbIk3i+F1ldLfmtijfd/voNj3NOYJxeSNFI0XZGq4VqFBBC6il8yK94HbRbs8HfZk7Po3Uz5YZj2YuYRiliPgO7a+FwBfSB9Zs+1RZymuMG39oJAT5rkLii3WDiTNrxuUhPZfoLcKmpxnEGYP8eYRvIQLj+HKNcsXnpEB1s1UKyiGbPjlvhUJHEKCjUsfWNiU= x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0467_01D58029.1E5C2F30" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0714c667-18ca-48f2-7961-08d74e2f7e25 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 09:43:38.2739 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FSjB0B7WB023DJcsxIAvM2dz3bxoDaOzMfbOpVudpymxsen5Bn5/fgiWgHz6LgvcWoTJFrLpNZXx/Qv5FMelU/2UwjMKikMqZ2oxmfdoVSI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2126 Archived-At: Subject: [netconf] UserId for authentication in https-notif X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 09:43:43 -0000 ------=_NextPart_000_0467_01D58029.1E5C2F30 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0468_01D58029.1E5C2F30" ------=_NextPart_001_0468_01D58029.1E5C2F30 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hello, What userId will be used to perform access control on outgoing notifications transferred via https? regards Balazs -- Balazs Lengyel Senior Specialist Ericsson Hungary Ltd. Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com ------=_NextPart_001_0468_01D58029.1E5C2F30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

What userId = will be used to perform access control on outgoing notifications = transferred via https?

 

regards = Balazs

 

--

Balazs = Lengyel=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 Senior = Specialist=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0 Ericsson Hungary Ltd.

Mobile: = +36-70-330-7909=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 email: = Balazs.Lengyel@ericsson.com

 

------=_NextPart_001_0468_01D58029.1E5C2F30-- ------=_NextPart_000_0467_01D58029.1E5C2F30 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAxMTA5NDMzNlowIwYJKoZIhvcNAQkEMRYEFH4yrT3mVHd6FcZZcLL71BDWo683MEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQBiCA3m8Su0/BGTC3cN7Pilr6q1Tn7Mx2S6v937EOwwhox1IvFCzC9v caJPCPRGD6YiCBjoDsVWq47uI0xmJghVG4pu4BOu1oBuHirycxVGHrBinTng4hXXVcCoLP9xvCBQ 3UgIUV49MVLQnlK5Fep5Z4NfOP7fSQqowbSzExwmIJxohg1OZ7Lti/nwfrr7x4MnmaIKFsRi1rbB NaqxA9Kt59Q9A4Mc9dJxegFI74PiCPYcG3Smnssw0L+5H5bp/cFhIAjtexTpkSJt7xOcg5AC/TiQ NKUE9wV4PyPrnfjLpi+rMNcFZQ2yWFctRTBuspgpCgsr7yXcfnbSnY5DA/IEAAAAAAAA ------=_NextPart_000_0467_01D58029.1E5C2F30-- From nobody Fri Oct 11 05:46:11 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3EE3120073 for ; Fri, 11 Oct 2019 05:46:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.4 X-Spam-Level: X-Spam-Status: No, score=-14.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, TRACKER_ID=0.1, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bwMAYajJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=LvrG7+Et Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nf9NAI-Msoht for ; Fri, 11 Oct 2019 05:46:06 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 591C1120019 for ; Fri, 11 Oct 2019 05:46:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9913; q=dns/txt; s=iport; t=1570797966; x=1572007566; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=IctBamhOrakugnlZ9BGMjsuNzvCVv9AZnd1ioj5tbI0=; b=bwMAYajJOBtJW3ARbxtCmgv6IZJ61sCuEt9KRpxwFPyYCIBwtFwKSsPb CgGms++hmur8+DbCt7/6doaOt33Xj0hjUuHmERCotO29P+CTJYhHdxigR Ky27TU5ajkJ7lklIgMTgU7RNyhJQF3VOxg/iP3Lns/pWbG0OxGrOJgM7b g=; IronPort-PHdr: =?us-ascii?q?9a23=3AdscuthB7mA4xAVXAmrhIUyQJPHJ1sqjoPgMT9p?= =?us-ascii?q?ssgq5PdaLm5Zn5IUjD/qs13kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHw?= =?us-ascii?q?QAld1QmgUhBMCfDkiuNuHrazA9GuxJVURu+DewNk0GUMs=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0APAADPeKBd/49dJa1mGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFnBQEBAQELAYEbLyQsBWxWIAQLKgqHYAOEWIV?= =?us-ascii?q?vTYIPkxyEYYEuFIEQA1QJAQEBDAEBIwoCAQGEQAKCXiM0CQ4CAwkBAQQBAQE?= =?us-ascii?q?CAQUEbYUtDIVLAQEBBBIbEwEBNQMPAgEIEQQBASgHMhQJCAEBBAESCBqDAYF?= =?us-ascii?q?5TQMuAQIMpwQCgTiIYYIngn0BAQWFCxiCFwMGgTQBhRWGeBiBQD+BEUaCTD6?= =?us-ascii?q?CYQEBAgGBKwESAQkYKwmDCoIsjRKIFIEEiCqOcwqCIoYkZI4smUCOLYgikRU?= =?us-ascii?q?CBAIEBQIOAQEFgVI5Z3FwFTuCbFAQFIFPg3OFFIU/dAGBKI1jgSIBgSIBAQ?= X-IronPort-AV: E=Sophos;i="5.67,284,1566864000"; d="scan'208,217";a="646009688" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Oct 2019 12:46:03 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x9BCk3L5002176 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 11 Oct 2019 12:46:03 GMT Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 11 Oct 2019 07:46:03 -0500 Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 11 Oct 2019 07:46:02 -0500 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 11 Oct 2019 08:46:02 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fi6TANMoE+eciNiZ087TDP6f/YU0Oiu0T8Up7gd6Z5PoEbOYL91v2EK3D6KF4bA6uyxCzpOUgTgGl3oIVjTnoMe9qzzfH+XDLcw2+tNNvwAFQGjW1I1FhRkFh0HQy2Mq9yNB/NeOPZBSc8aVpr5nq+B5sbL8IDAqp+nUBXTLVVx4oJQMCQIs9qaL9hfSDSIUHjZlmtIb99rdRFACcU+HPlVWRh5tj8J0c8niNde/XDnXMtwRxN9v9Sg6A93D/1KiUWezzHn/f83YSm+0tdJ2DguseNj7RvPvYLi5mAb1dw+nNE3DkVNkA8r33n6GziBJiEvAxvXf0lwGdEvyDS4QCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HlvHewO7nqyQeqbRQNJPh70sbx51AMsjTTHVmBku1+s=; b=i98XtsxE/gVISjHr9T1bDGnlmYhKCIJT0MqXNx/jJFWev3aM2f0n2L3cgRG9Mu+NuWol167RR4DfMSrgtxHMomQRoy3AkqQPCGrhHAnYrgUSN7FlMAdKU/Fb3ZAKYiZxuD+Zws85JMIMdxacZ13WGBSYOhSkVGdoGDX+7u2r6ZGMYrNGhyOlKQj8obio1pjhbPQwkD/iFx3V3+MctHmRyotD1EkDpOzkVAN64fef93RH7AKF3OqaTU3Lyth/tymF4JHo6zuk+oIE4RJHKY2FbsXW27mtbyYln2CQ3BFGtoDKSxmpDOUQ7rKax5zOPrJYxKv6Obs5UZeeTokaGsB/Jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HlvHewO7nqyQeqbRQNJPh70sbx51AMsjTTHVmBku1+s=; b=LvrG7+Et3/BUGaHfOeB3ZgNEtl59D4Bl3Y4yd/YWvIBwtxwuaUS6G/lH0wsXqr9S/VXlXV2mLxuY85Mvo3Jq33acuAvrYDslIjKPsULLYFRp7MKyZyl2tnp4Q5qP0UNk7FFH/Hx3MBpJdznyb5abvsb2t20UXtpoevM/ytQS6ys= Received: from MN2PR11MB4366.namprd11.prod.outlook.com (52.135.38.209) by MN2PR11MB3886.namprd11.prod.outlook.com (20.179.150.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Fri, 11 Oct 2019 12:46:01 +0000 Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::cca:41bd:b0bb:c549%2]) with mapi id 15.20.2327.026; Fri, 11 Oct 2019 12:46:01 +0000 From: "Rob Wilton (rwilton)" To: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= , Netconf , Alexander Clemm , "Eric Voit (evoit)" Thread-Topic: More capabilities for ietf-notification-capabilities (WGLC) Thread-Index: AdV+rn5v2Ucx0GJ9Tj2SEjVbMpaBTABgwrdg Date: Fri, 11 Oct 2019 12:46:01 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com; x-originating-ip: [173.38.220.41] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 989248c4-ac7d-4bd5-2476-08d74e48f8ab x-ms-traffictypediagnostic: MN2PR11MB3886: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(376002)(136003)(39860400002)(346002)(366004)(396003)(199004)(189003)(51444003)(74316002)(99286004)(229853002)(52536014)(7696005)(5660300002)(966005)(6306002)(54896002)(9686003)(236005)(478600001)(55016002)(7736002)(606006)(6436002)(6636002)(25786009)(66574012)(14454004)(64756008)(66556008)(6246003)(66476007)(33656002)(86362001)(66946007)(66446008)(76116006)(6506007)(2906002)(3846002)(6116002)(790700001)(15650500001)(7110500001)(2420400007)(110136005)(316002)(71200400001)(71190400001)(81156014)(81166006)(8676002)(26005)(186003)(102836004)(66066001)(53546011)(446003)(76176011)(11346002)(14444005)(486006)(476003)(8936002)(256004)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3886; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +FujwLJMPhM02BFEnvmg7IvHIzPiwNuGDSD61tWR4K4AncFgKPQE5noh5axGRW/x7QC2Q9+CRnhc8faPIlRQCnBAmfpFDP0X1ZBsM0WZDhrQKvR51Jtp4VrLwG17j92qRQIkLt4FjQSNvUqaF9K27dn4VxuGdgNuLBqm+kTPNTLt+Qw9sNn1MOBKNgTaWPGLFmyx+dTkeopwOu0UNPS4VVmogBGMX2wAUtj101eV38pVcupdRBvyIs2qpLrDYaA1akIuHZLdPA0YV6BwZBgFIV+/48UVycKrVNVRm7pr+qoCxuoYGqq0we2UdtCtmPQYJRHW1AIw4Zpn7cOVa/KLx92NuIxLY7WLjHMFRjvn92XGHCwSDUVHvm0aQ7FCpX8XVJHeEu9lVkNbB4aNHzuabhnWXjCBl/olRV6oSmklxXkiLglrlYPMs9KW7LYZDFgBOC0KHQ/Jp5QrnDlhejtZEA== Content-Type: multipart/alternative; boundary="_000_MN2PR11MB43669E19CC3B19C503C3D539B5970MN2PR11MB4366namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 989248c4-ac7d-4bd5-2476-08d74e48f8ab X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 12:46:01.0893 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JfJPH5cyAOV4h7pd423U6GjY7U2VuEOEeUsUzV1vKStd06c6PzN0nd1x7RZYu7uZX/+sWc2wtusMup/BhfVKDQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3886 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com X-Outbound-Node: rcdn-core-7.cisco.com Archived-At: Subject: Re: [netconf] More capabilities for ietf-notification-capabilities (WGLC) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 12:46:09 -0000 --_000_MN2PR11MB43669E19CC3B19C503C3D539B5970MN2PR11MB4366namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I support adding these. I think that it is plausible that a server may not support periodic subscri= ptions on either "candidate" or "startup" datastores, hence the ability to = clearly express this in the capabilities model is important. I think that it also has the benefit of making the model slightly more regu= lar. Thanks, Rob From: Bal=E1zs Lengyel Sent: 09 October 2019 15:33 To: Netconf ; Alexander Clemm ; Eric Vo= it (evoit) ; Rob Wilton (rwilton) Subject: More capabilities for ietf-notification-capabilities (WGLC) Hello, During WGLC it was asked that we could/should add some more capabilities t= o the ietf-notification-capabilities model. In https://tools.ietf.org/html/rfc8641#appendix-A.1 there are two more erro= r conditions mentioned. cant-exclude datastore-not-subscribable The publisher might be able to declare which change types can be used in th= e leaf-list excluded-change The publisher might want to declare that not even periodic subscriptions ar= e supported for a specific datastore. Some people stated that supporting pe= riodic subscriptions is mandatory if RFC8641 (Yang-Push) is supported, so w= e should not add this capability. But is it really mandatory to support per= iodic subscriptions for e.g. the start-up datastore? I intend to add these 2 to the model. Opinions? Regards Balazs -- Balazs Lengyel Senior Specialist E= ricsson Hungary Ltd. Mobile: +36-70-330-7909 email: Balazs.Lengyel@ericsson.com --_000_MN2PR11MB43669E19CC3B19C503C3D539B5970MN2PR11MB4366namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I support= adding these.

&nbs= p;

I think t= hat it is plausible that a server may not support periodic subscriptions on= either “candidate” or “startup” datastores, hence = the ability to clearly express this in the capabilities model is important.

&nbs= p;

I think t= hat it also has the benefit of making the model slightly more regular.=

&nbs= p;

Thanks,

Rob<= /o:p>

&nbs= p;

&nbs= p;

From: Bal=E1zs Lengyel <balazs.lengyel@= ericsson.com>
Sent: 09 October 2019 15:33
To: Netconf <netconf@ietf.org>; Alexander Clemm <ludwig@cle= mm.org>; Eric Voit (evoit) <evoit@cisco.com>; Rob Wilton (rwilton)= <rwilton@cisco.com>
Subject: More capabilities for ietf-notification-capabilities (WGLC)=

 

He= llo,

Du= ring WGLC it was asked that  we could/should add some more capabilitie= s to the ietf-notification-capabilities model.

In= https://tools.ietf.org/html/rfc8641#appendix-A.1 there are two more err= or conditions mentioned.

cant-exclude

datastore-not-= subscribable

 

Th= e publisher might be able to declare which change types can be used in the =  leaf-list excluded-change

Th= e publisher might want to declare that not even periodic subscriptions are = supported for a specific datastore. Some people stated that supporting peri= odic subscriptions is mandatory if RFC8641 (Yang-Push) is supported, so we should not add this capability. But is it = really mandatory to support periodic subscriptions for e.g. the start-up da= tastore?

 

I = intend to add these 2 to the model.

 

Op= inions?

 

Re= gards Balazs

 

 

--=

Ba= lazs Lengyel          &nb= sp;         Senior Specialist =             &nb= sp;         Ericsson Hungary Ltd.

Mo= bile: +36-70-330-7909        &n= bsp;     email: Balazs.Lengyel@ericsson.com<= /a>

 

--_000_MN2PR11MB43669E19CC3B19C503C3D539B5970MN2PR11MB4366namp_-- From nobody Fri Oct 11 12:15:11 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51FE5120018 for ; Fri, 11 Oct 2019 12:15:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0idPqjBSsLWn for ; Fri, 11 Oct 2019 12:15:05 -0700 (PDT) Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E22201200B8 for ; Fri, 11 Oct 2019 12:15:04 -0700 (PDT) Received: by mail-pl1-x634.google.com with SMTP id f21so4879820plj.10 for ; Fri, 11 Oct 2019 12:15:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=mKQgh9fV7TOoqK9mxDhZ65uOcEiDeitHJkgkpngTtmE=; b=ggJLApdnY6slY4m0OqXtDRW59pFrUDnwnLkXCtOS0glQeubkYolwsO54HLPBGFL332 KqPyPBhmctBRg7Dakg4o8ezjxRuVbxtqS6yHtKjxAQ08/Xo9T4jebKsCcjEuKoicNouM nH0idWeS8RebnRTI8pbg02hRHumuT1LHJr+0tqaHe/v7/KJBGpwB7mrlIf5PGDXy9s8T dOLoXAnWKBDIp1Yk7LcuuPrxqa4fPIaCtetXpu5ssKxLb2lCCm8aodZp40WCpqRSf/zR v16OjW3NuMBqCJQJIf+jmnYWDR/X/bIZrZtJuAuVAbF8bLpFdPJRJvrip9XtIBVXdsvT arRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=mKQgh9fV7TOoqK9mxDhZ65uOcEiDeitHJkgkpngTtmE=; b=W9rASusQnei9qLI6GKgSRZPzso2A2N/V0/qUWwBxyCUWXKmUjTH2Z3s90M9tJOE8tk 2z+mYryR26mywXziqV41levk3eTnQ8Emsdz6VvI01fkaraz6aZy/71aRwUNS+gavnOU+ BaqMqXLvJBR6nWxc3bXuQhqyRHCj4aRltlchfyBsiH0BESPWirGp10tC152KNlhQndgT Vp4+yLdPa4UZx04ldmtOi2tm7z9idimdgwy0QknyFH0FSXTsW5DVdumZnc5zdNsvNF80 zKxjZHlZ3Ps5ohRLTCSmv96kkPSsHsN+/ExOZdK46PuSFXMPTitp2tF/RIbU1BhQMtP1 QmHw== X-Gm-Message-State: APjAAAXQHPHvdaISx2gDI74dDC5PhsozIR55uQRKjpIIPQQ+HAUpbEwH urpWmjv7ZGlX1/rb2hMdmqA= X-Google-Smtp-Source: APXvYqyAM7zn24aVhAGaG76xLyuYGZ4SMDtTlEKIc/8LBEqlj5KOufSWto7PWcROJbf2vwfIDgZ3yw== X-Received: by 2002:a17:902:9002:: with SMTP id a2mr16948600plp.147.1570821304230; Fri, 11 Oct 2019 12:15:04 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id t68sm8708083pgt.61.2019.10.11.12.15.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Oct 2019 12:15:02 -0700 (PDT) From: Mahesh Jethanandani Message-Id: <82EF0CC8-3112-47C1-8DB0-94BF118E5BAC@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_F336EF95-29DB-491D-91D3-EBFF8A92CBC1" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Fri, 11 Oct 2019 12:15:01 -0700 In-Reply-To: Cc: "netconf@ietf.org" To: =?utf-8?Q?Bal=C3=A1zs_Lengyel?= References: X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] UserId for authentication in https-notif X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 19:15:09 -0000 --Apple-Mail=_F336EF95-29DB-491D-91D3-EBFF8A92CBC1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Balasz, > On Oct 11, 2019, at 2:43 AM, Bal=C3=A1zs Lengyel = wrote: >=20 > Hello, > What userId will be used to perform access control on outgoing = notifications transferred via https? This was also discussed in an earlier thread, when Martin brought up the = broader question of whether we are planning on using PUT or POST, to = which URI, and authorization.=20 Kent suggested that user-id will be part of http-params supported by the = http client/server draft, and will be the user-id used by NACM. The = example in the draft will be augmented thus: foo my-receiver.my-domain.com = 443 explicitly-trusted-server-ca-certs explicitly-trusted-server-certs my-name my-passsord /some/path Cheers. > =20 > regards Balazs > =20 > --=20 > Balazs Lengyel Senior Specialist = Ericsson Hungary Ltd.=20 > Mobile: +36-70-330-7909 email: = Balazs.Lengyel@ericsson.com > =20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf = Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_F336EF95-29DB-491D-91D3-EBFF8A92CBC1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Balasz,

On Oct 11, 2019, at 2:43 AM, Bal=C3=A1zs = Lengyel <balazs.lengyel=3D40ericsson.com@dmarc.ietf.org> = wrote:

Hello,
What = userId will be used to perform access control on outgoing notifications = transferred via https?

This was also discussed in an earlier thread, when = Martin brought up the broader question of whether we are planning on = using PUT or POST, to which URI, and authorization. 

Kent suggested that user-id will be part of = http-params supported by the http client/server draft, and will be the = user-id used by NACM. The example in the draft will be augmented = thus:

<receivers     xmlns=3D"urn:ietf:params:xml:ns:y= ang:ietf-https-notif">
     <receiver>
       <name>foo</n= ame>
       <tcp-params>         <remot= e-address>my-receiver.my-domain.com</remote-address>
         <remot= e-port>443</remote-port>
       </tcp-params>       <tls-params>         <serve= r-authentication>
          &nb= sp;<ca-certs>explicitly-trusted-server-ca-certs</ca-certs>
          &nb= sp;<server-certs>explicitly-trusted-server-certs</server-certs>= ;
         </serv= er-authentication>
       </tls-params>       <http-params>         <clien= t-identity>
          &nb= sp;<basic>
          &nb= sp;  <user-id>my-name</user-id>
          &nb= sp;  <password>my-passsord</password>
          &nb= sp;</basic>
        </client-ide= ntity>
        <path>/so= me/path</path>
       <http-params>     </receiver>
 </receivers>

Cheers.

 
regards = Balazs
 
-- 
Balazs = Lengyel           &= nbsp;        Senior = Specialist          &nbs= p;            = Ericsson Hungary Ltd. 
Mobile: = +36-70-330-7909          = ;    email: Balazs.Lengyel@ericsson.com
 
_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

Mahesh Jethanandani
mjethanandani@gmail.com



= --Apple-Mail=_F336EF95-29DB-491D-91D3-EBFF8A92CBC1-- From nobody Fri Oct 11 12:42:24 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEED5120096 for ; Fri, 11 Oct 2019 12:42:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwMOqfCoEChG for ; Fri, 11 Oct 2019 12:42:18 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57D9D12002E for ; Fri, 11 Oct 2019 12:42:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTvU+phQoPPal4zRRXu4bl0E+cxgPEkbS7mZcGlJNnB7zPmzdwBAC2ULtofrr/vFpfPA4w1Ng+khaEKM+ICwqRSTgo1KU05wLwScxr1H7Inr0LywM0Q1o1GNMzNa0dA2t/xgc2AvNxhj49puNNvnTTwc3u1m0KVNJdGciCEQWCZTZxKNlzPYaZynkvOwNIBF69y3S55Pz4AUbCQr/D8J7Iy4nW+KIN8LOQrYMhLyhu7BhxMTKDkeMF4/Wvz6d80WkHiuwD2gxtW/Fd+X6IH1OglKgZm+S/8lvg3jKeLhl/eiFEV9haMGAQT7HAkUxWwL/Df7Y7k4OszXmzVb8NgAhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wzKuIpaSc64lMeZfQ+T86y0r2plbFja7PqAla5zyuKs=; b=O/GCQfPggyp3UmeE+Zu4A5sLBBU4D5BeuuXfTb+yyg1tGRrkM/eSWfePG5pqgBYyGf6zGRkTJ0jsGXo0RlwHm4PcvAg7O0Q+r3os7UPiyDgKSa0q/YtKYm7d610hlJAgXV4oeLiTXY8p5pqB1Witmqn5XNZDW94ceoaf2BHSSF0JbPgli4O/vkOg06GeBm7GdUi5ke7ncoP94YwZaYBQ8YRz1vJhfVZYuR7HV3v8WNK6Fsgfp8zmDqKijr1yj7zGFwVXN/9u1x6uG7BL9NnytKkf0pdXSwtDp37UFtRqpo5DE/dbaLOYetThzPgH2zFdP24vjKL7gsP9oyimGBSTcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wzKuIpaSc64lMeZfQ+T86y0r2plbFja7PqAla5zyuKs=; b=Din0VHfn5Nf/YUQPA91hP5qApwqFLgm/8Idywx08bIBKeW+7qZ278oR/NGMs53UJ8aBAPYvPpqgCmtlkRGD7zhgfs1LOvr5SigUC/y1eUZKdMeGCFEdQTHi4hKvy0Bzw0sNGZFr66cQhl0RA7THLMsftTLorl2H5xogYfMGvUFY= Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6SPR00MB250.EURP190.PROD.OUTLOOK.COM (10.169.227.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Fri, 11 Oct 2019 19:42:15 +0000 Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 19:42:15 +0000 From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= To: Mahesh Jethanandani CC: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= , "netconf@ietf.org" Thread-Topic: [netconf] UserId for authentication in https-notif Thread-Index: AQHVgGhAwhHAHCNTOk6mw7OMqq8oCqdV1yUA Date: Fri, 11 Oct 2019 19:42:15 +0000 Message-ID: <20191011194214.lyqsqnqmtvpyfvf5@anna.jacobs.jacobs-university.de> References: <82EF0CC8-3112-47C1-8DB0-94BF118E5BAC@gmail.com> In-Reply-To: <82EF0CC8-3112-47C1-8DB0-94BF118E5BAC@gmail.com> Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM0PR07CA0009.eurprd07.prod.outlook.com (2603:10a6:208:ac::22) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:638:709:5::7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1ec318de-c453-41b3-fc6d-08d74e831e77 x-ms-traffictypediagnostic: DB6SPR00MB250: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4502; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(136003)(396003)(366004)(39850400004)(189003)(199004)(3450700001)(6506007)(86362001)(46003)(486006)(76176011)(99286004)(476003)(102836004)(54906003)(11346002)(316002)(786003)(446003)(52116002)(5660300002)(2906002)(256004)(14444005)(71200400001)(71190400001)(43066004)(53546011)(1076003)(66446008)(66556008)(66476007)(64756008)(386003)(66574012)(45776006)(7736002)(6916009)(6246003)(81166006)(81156014)(4326008)(25786009)(186003)(66946007)(6486002)(305945005)(8936002)(6116002)(229853002)(6306002)(8676002)(6512007)(6436002)(14454004)(1411001)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6SPR00MB250; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: HLrMxYHcabEylaPTVo23peEeyJQtlmfzAoIE9mtNCBscLtHU+SKQqpPRZ5w6vrTs5/UbKny/03cyBStvuLa+OIW8/YlzfR9y8VLwrbFrdAXimZteJkj/hNC7ce64PfKXYhuhjSg0wxfOuqL7rZXEbX5NIJAhKZQqoKpmOnvMbFbWMqcjZ40NGanyvaDdv4ZH53DTkBMIfzdHDl2G0jUshfDK0qyXo6GhB4defOoVJJo7BXcT1LF+s8LjXUfMbmP7k+MnhMJHlee+N8oUor9N82ewYA82QD0cXEyVBKJz321GncJWBlVNnAJ5LqKNP58ZGDCN2yrC2LSDJVTwFruE3QXEt6sYKFosl3xpz9lGJyZ7eYanrwvvomahfHngVD6JV7Tp6hHHf70eVG0wf8CXq48EQRd8lbf/L94OFEbJXsVfxA8BKHnyd0YdzfVCC8gI Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: jacobs-university.de X-MS-Exchange-CrossTenant-Network-Message-Id: 1ec318de-c453-41b3-fc6d-08d74e831e77 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 19:42:15.6855 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3KXsw2ORlE0Da4LDejmg8jmLdaY0hWfUPJ6WPBuJ0guRp82KslUOmmHoSQv/r/xc1rsnfj8g2+wlWsYnAuIvctkqqZREs2NUG2V7gfy+ing= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6SPR00MB250 Archived-At: Subject: Re: [netconf] UserId for authentication in https-notif X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 19:42:22 -0000 On Fri, Oct 11, 2019 at 12:15:01PM -0700, Mahesh Jethanandani wrote: > Hi Balasz, >=20 > > On Oct 11, 2019, at 2:43 AM, Bal=E1zs Lengyel wrote: > >=20 > > Hello, > > What userId will be used to perform access control on outgoing notifica= tions transferred via https? >=20 > This was also discussed in an earlier thread, when Martin brought up the = broader question of whether we are planning on using PUT or POST, to which = URI, and authorization.=20 >=20 > Kent suggested that user-id will be part of http-params supported by the = http client/server draft, and will be the user-id used by NACM. The example= in the draft will be augmented thus: >=20 > xmlns=3D"urn:ietf:params:xml:ns:yang:ietf-https-notif"> > > foo > > my-receiver.my-domain.com > 443 > > > > explicitly-trusted-server-ca-certs > explicitly-trusted-server-certs > > > > > > my-name > my-passsord > > > /some/path > > > > Are you saying that the idea is to configure a user id on the local RC server pushing notifications to a remote receiver, i.e., the user id is by config related to the certs used to protect the communication channel? Note that RFC 7589 (NC over TLS) suggests an algorithm mapping certificates to user names. RFC 8040 (RC) also refers to this algorithm for obtaining the client identity. [Is this algorithm actually taken care of in the configuration IDs?] /js --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Fri Oct 11 15:14:33 2019 Return-Path: <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1390A120106 for ; Fri, 11 Oct 2019 15:14:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xjo2x4_RZ2va for ; Fri, 11 Oct 2019 15:14:29 -0700 (PDT) Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D37120059 for ; Fri, 11 Oct 2019 15:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1570832068; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=30vImueCMdYiurZdCUJbhhuZFi/pEIv+rV+wD8U6C5o=; b=WBaYBE2zJhQGI+9RFpx/JRf/PlpPk29ZVWZ8l5cdR+PwoDoXI8RwUbeSmgytn90/ +TETezT8QCWPNRARVJwItEelYkDcAYnHZcE5ezBElA574FSv+2Ja4c+E4mXe+pUESGh uSEzbKEmMl0zh7oMFPV2tSspkUKt7IKV2BIfPdZQ= From: Kent Watsen Message-ID: <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_1D48B3E8-222B-4798-AE89-51C4DDFF6FEB" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Fri, 11 Oct 2019 22:14:28 +0000 In-Reply-To: Cc: "netconf@ietf.org" To: =?utf-8?Q?Bal=C3=A1zs_Lengyel?= References: X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.11-54.240.8.83 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] UserId for authentication in https-notif X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 22:14:31 -0000 --Apple-Mail=_1D48B3E8-222B-4798-AE89-51C4DDFF6FEB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 What does Syslog configuration and processing like? - it seems that = this effort could (should?) mimic Syslog... Note: the client-credentials (client-cert or basic auth) used to log = into the remote system (i.e., the receiver) reflect a user that exists = on that remote system and hence cannot be used as a local user id. FWIW, this is new protocol (i.e., not NETCONF or RESTCONF) such that the = concept of NACM may not necessarily apply. Kent // contributor > On Oct 11, 2019, at 5:43 AM, Bal=C3=A1zs Lengyel = wrote: >=20 > Hello, > What userId will be used to perform access control on outgoing = notifications transferred via https? > =20 > regards Balazs --Apple-Mail=_1D48B3E8-222B-4798-AE89-51C4DDFF6FEB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

What does Syslog = configuration and processing like?  - it seems that this effort = could (should?) mimic Syslog...

Note: the client-credentials = (client-cert or basic auth) used to log into the remote system (i.e., = the receiver) reflect a user that exists on that remote system and hence = cannot be used as a local user id.

FWIW, this is new protocol (i.e., not = NETCONF or RESTCONF) such that the concept of NACM may not necessarily = apply.

Kent // = contributor


On Oct 11, 2019, at 5:43 AM, Bal=C3=A1zs Lengyel <balazs.lengyel=3D40ericsson.com@dmarc.ietf.org> = wrote:

Hello,
What = userId will be used to perform access control on outgoing notifications = transferred via https?
 
regards = Balazs
= --Apple-Mail=_1D48B3E8-222B-4798-AE89-51C4DDFF6FEB-- From nobody Fri Oct 11 16:00:39 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C5F120059 for ; Fri, 11 Oct 2019 16:00:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2YPQ733r6wcy for ; Fri, 11 Oct 2019 16:00:36 -0700 (PDT) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150040.outbound.protection.outlook.com [40.107.15.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B506F120106 for ; Fri, 11 Oct 2019 16:00:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dhqua8IlfIyvikvqeSqcnmMgyvbBPl5LQ8xFwqx/VJJkDi8ebfPu9+B3UgnYS9OEOefikuaKQDVyCARVlGKERzDxLFLiAun9bMp1CQoK1aK0G/x38LFmLc/NCFs2iMIyghjeIrfm7013MptAj1QMxNgYHaIEL4M5ILZ7MOJJhPwMW1uqSih7RQc3xnk1eFFSvec3eApm0jG/5q/ACdF8towxhBbsOFHWoI9ikM6r4RcJkyNEt7ya9pnaeMATVjxU/R9kpw/2rVFZE79CxHM/A1cpUUxXngabH4kMSp7bbLIiWiEnD4QAUu+aYWRt8HbTiB9elEYcY2OnM9vjt3zioQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z8gbCEVQM1R5EIoph1Gl5dVCZQ+2n87SurHsJeC1BIU=; b=F6QV20bzeQtAosZ73MNrSQGBoR+g1x2EtijZj0hJf77ak0rJCJM3EIAqNdu5xxOn4Lv+NbBzyZ/o1C7uSd5hal8nV7PQCCjt4MKK16HeKrremxrOevQ9u7Dn8UipvelFtthnCZxUJ3g9bi62J70f1cKBjdCwgN+FGtdJr5BOMcG/tqX+5wolE2Zsm/kAjqOBQJEBMQ6suINjJoKFdQeLhNqHm0JD3CiqHLVLGrcnnAa65jL7kBbBnsojn0Jul8PVFNaKRZQ/sL7Zm5958ijI0YqmLwrHk1wKpRelUhYT00q06mWFcILVPJ+hXLuhQCnmtPE1YQu3WwNDn076kGolcQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z8gbCEVQM1R5EIoph1Gl5dVCZQ+2n87SurHsJeC1BIU=; b=GQCrS59UWkwomhoE4m7Aj5gpqsjor3+nhy/cgmSDtxN0VNNsQE9VREUbjRxb7yg4xrTz9EH4wbhWdq8jXjAgo4r8NpR0M1TKx6vMRmsIzPx1emsC29hOWBPVc0vKGti1ZAhLX9BHaeJJjMKshQGWwMg053GV5p5nPi3gWP+xSgg= Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6SPR00MB248.EURP190.PROD.OUTLOOK.COM (10.169.227.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Fri, 11 Oct 2019 23:00:33 +0000 Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 23:00:33 +0000 From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= To: Kent Watsen CC: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= , "netconf@ietf.org" Thread-Topic: [netconf] UserId for authentication in https-notif Thread-Index: AQHVgIE/whHAHCNTOk6mw7OMqq8oCqdWDlqA Date: Fri, 11 Oct 2019 23:00:32 +0000 Message-ID: <20191011230031.eqq3ydbam7f6olyu@anna.jacobs.jacobs-university.de> References: <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@email.amazonses.com> In-Reply-To: <0100016dbce32ea3-ea8a4576-f71e-45f2-91dd-ac4d1cae0f86-000000@email.amazonses.com> Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM3PR05CA0145.eurprd05.prod.outlook.com (2603:10a6:207:3::23) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [2001:638:709:5::7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3744d5a0-9e7e-4f3a-a0ed-08d74e9ed1bf x-ms-traffictypediagnostic: DB6SPR00MB248: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(376002)(366004)(136003)(346002)(396003)(189003)(199004)(11346002)(446003)(46003)(386003)(786003)(71200400001)(6116002)(71190400001)(476003)(4744005)(6246003)(14454004)(5660300002)(486006)(6506007)(186003)(54906003)(3450700001)(316002)(8676002)(66946007)(64756008)(66556008)(66476007)(8936002)(66446008)(81156014)(81166006)(45776006)(99286004)(256004)(6486002)(4326008)(86362001)(229853002)(1076003)(7736002)(43066004)(305945005)(6512007)(52116002)(25786009)(2906002)(76176011)(6436002)(478600001)(6306002)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6SPR00MB248; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: RM4XF+TGdQQ/rlmpR1BsWRCdYx3ZDc52lRq8qtZ7JEMxzXGXgRgIYlTEIq12ZAOFau/abdyhPUtXE/L8kolZeeJtNofReVqdXm1T8//D6WeU72v+446yW5FO112xl/5Hi+vx36hMtdPcBjNNehOLO92um2Db26JHjCgcTpUxLVi85yY8uAHY1qi0KEEWnMDtG5ha+n1yRG2Tn+PjIKmw5WR8vpbqcJhFkPhwVOpRPXioKHeV8k1poQCIG1rcw8nYmZU5mPpP15qhb5twW85xYt6MLYXF5usSqXF8Gp4Br/0yilejP/BcFj+7dSEeaXw26sB2j7V+ezapnMN4dLGcrN8oZtknirO0xzNadBd54FC4victjVRvTwNm+StY7eLgWA6wuPHe7JFAAhOeCKLQbCHOH7+lUVf7IJfQggjPuZJYwaJCvaBj1HCcaQu/z7wgbiJG5W/5wVW3lhbqnGlMlg== Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: jacobs-university.de X-MS-Exchange-CrossTenant-Network-Message-Id: 3744d5a0-9e7e-4f3a-a0ed-08d74e9ed1bf X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 23:00:32.9089 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Y9cy1Q3vPBTdlimJGc4a2wq7n17D0awzBlM6laXAbNO+Kc0yqPUo+KjlbR0d9fYw5eIxK6KvHVqDMO0FBDZ5oPPRMjQ+0r6OToxhgmtZmr4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6SPR00MB248 Archived-At: Subject: Re: [netconf] UserId for authentication in https-notif X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 23:00:38 -0000 On Fri, Oct 11, 2019 at 10:14:28PM +0000, Kent Watsen wrote: >=20 > What does Syslog configuration and processing like? - it seems that this= effort could (should?) mimic Syslog... > > Note: the client-credentials (client-cert or basic auth) used to log into= the remote system (i.e., the receiver) reflect a user that exists on that = remote system and hence cannot be used as a local user id. >=20 > FWIW, this is new protocol (i.e., not NETCONF or RESTCONF) such that the = concept of NACM may not necessarily apply. > For deployments using RC/NC implementations that support NACM, a backdoor protocol side-stepping NACM may not be a desirable feature. /js --=20 Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 From nobody Tue Oct 15 06:05:55 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7BF12004C for ; Tue, 15 Oct 2019 06:05:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.4 X-Spam-Level: X-Spam-Status: No, score=-14.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, TRACKER_ID=0.1, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ZLilvBu7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vzGR7RAO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9sdYG8MBT4e for ; Tue, 15 Oct 2019 06:05:50 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1FA2120026 for ; Tue, 15 Oct 2019 06:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9939; q=dns/txt; s=iport; t=1571144749; x=1572354349; h=from:to:subject:date:message-id:mime-version; bh=3oyC1oNI07PpxtPN8mbUr7vGdul2klq2N6y8KelLBhI=; b=ZLilvBu7ucXqn39szp/SHknKe7axe0lBTBHrYVQXJYsKMn0xIlLuYsQr 5mVWwRW3aPk7iRDPhotwdDi2JGqBtmJlObHizNpl+CGHnThr8jdMzrCn9 PtufMEwfQs7looE3ykNovm6X1glNQZONHL9R0jzN6QkgKwYjCvRoHbojm g=; IronPort-PHdr: =?us-ascii?q?9a23=3AaK8V9xLlVhiox2YlHNmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvad2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXFfhJf7vZioSF8VZX1gj9Ha+YgBY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AeCADXwqVd/5FdJa1mHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXuBHC8kLAVsVyAECyqEJYNHA4pJTYFqJZMdhGGBQoEQA1QJAQE?= =?us-ascii?q?BDAEBIwoCAQGEQBmCUyQ4EwIDCQEBBAEBAQIBBQRthS0MhUsBAwMSER0BATU?= =?us-ascii?q?DEQEIEQMBAisCBDAdCgQBEiKDAAGBeU0DLgEOo34CgTiIYXWBMoJ9AQEFhQU?= =?us-ascii?q?YghcDBoE0hRaGeBiBQD+BEScME4JMPoJhAQECAYErARIBNgkNgmEygiyNFIJ?= =?us-ascii?q?dhTmJLo52CoIihiZkjhEUB5lBjjGII5EYAgQCBAUCDgEBBYFpImdxcBU7KgG?= =?us-ascii?q?CQVAQFIFPg3OFFIU/dAEBgSeNW4JFAQE?= X-IronPort-AV: E=Sophos;i="5.67,300,1566864000"; d="scan'208,217";a="426224778" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Oct 2019 13:05:47 +0000 Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x9FD5ltx031079 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 15 Oct 2019 13:05:47 GMT Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 08:05:47 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 08:05:46 -0500 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 15 Oct 2019 08:05:46 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WNWgev3dfyODKDtUALsM813Xycb+QXH/w2KFLommXgYTYaEOUxB3QKUrYIKd5BCes9wr0G07RgVrnl+1ilfdtb6OMnpw1J39AkoYI+Q33r6JZgtgdtTS3Rpth9HkMR2hNqI35jGefzbeXJM0X8eKlo8rMJX/eZQZOdj6JfRYQVrSHC8nWprPVXp4eTj6/4Du9asuQsKFZzkCRzMgqzYqZtN9FR33tKgw4alRbqWEHzDerz+6NMV2eNgdRhGQ0FakV5YIfUBHlvPLuBaFV3uqMxtljP7wfcLmjPl5e9DQELNr8F9IBu5QQkS70lHO3lGed6kfSRPpZfufhGjGmW4N1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3oyC1oNI07PpxtPN8mbUr7vGdul2klq2N6y8KelLBhI=; b=BacnoKlvS/eoyhwrEVIYnMBtPGEBukQzTn3ZmfVkbuIQuTfO4QnZ1RT7HpCVcwM69qr3N/k4AUswOgtceavqQL9vE6zgr6ZI+JgNO7fF6lMKhBC2h7MDNnU7Mi9fJT0aUSZwQEU7vImSlsSPJ+/LAqu8ea/dBj7Rmpz2u5pWAaQv9upfkHzhRi/n6XgXiftERCK9zVQV82pxucm+3eC31i5NoY5dd6lVUqcqdU8FGgxHp55osomF472cYccrUbJCHH+D3085X0JghOekuWdJ3YWVMAiTogLPz/xlsmHGAmunml8M8N8eWyRfnZs5AjZcnz7Rqw6IAXz1qQJ8go8sRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3oyC1oNI07PpxtPN8mbUr7vGdul2klq2N6y8KelLBhI=; b=vzGR7RAOOxl+PNpgycTQN3qgZMXqHUr69sX5RTnmXbaIs3rxco+Wr5uYPW+XNRaKYcAaFRsRjTUNdmVtowESWrby/RC0xj4zasPWcucWT1VOBr9tJx0Ua4RHuGA42SvwffRQFosN894SZkl9jAnHVWf5IWTtZWxS3jYXyE2Rxf8= Received: from MN2PR11MB4157.namprd11.prod.outlook.com (10.255.181.213) by MN2PR11MB3776.namprd11.prod.outlook.com (20.178.251.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.21; Tue, 15 Oct 2019 13:05:45 +0000 Received: from MN2PR11MB4157.namprd11.prod.outlook.com ([fe80::88cb:fcc7:df90:124]) by MN2PR11MB4157.namprd11.prod.outlook.com ([fe80::88cb:fcc7:df90:124%5]) with mapi id 15.20.2347.023; Tue, 15 Oct 2019 13:05:45 +0000 From: "Reshad Rahman (rrahman)" To: =?utf-8?B?QmFsw6F6cyBMZW5neWVs?= , Netconf , Alexander Clemm , "Eric Voit (evoit)" , "Rob Wilton (rwilton)" Thread-Topic: [netconf] More capabilities for ietf-notification-capabilities (WGLC) Thread-Index: AQHVg1lAAARw273KyEqcZKK29W2wpw== Date: Tue, 15 Oct 2019 13:05:45 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1c.0.190812 authentication-results: spf=none (sender IP is ) smtp.mailfrom=rrahman@cisco.com; x-originating-ip: [2001:420:2840:1250:6900:eb73:e481:aee6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fdfe70ea-b3bf-459a-ba66-08d75170643d x-ms-traffictypediagnostic: MN2PR11MB3776: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01917B1794 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(136003)(39860400002)(346002)(396003)(199004)(189003)(6636002)(476003)(236005)(6246003)(25786009)(86362001)(36756003)(64756008)(66446008)(66556008)(66476007)(8936002)(81166006)(81156014)(9326002)(6486002)(2616005)(486006)(53546011)(6512007)(186003)(110136005)(46003)(58126008)(5660300002)(102836004)(99286004)(6506007)(66574012)(478600001)(966005)(14454004)(256004)(71200400001)(8676002)(6116002)(7736002)(2420400007)(14444005)(6306002)(7110500001)(229853002)(6436002)(66946007)(54896002)(316002)(33656002)(606006)(2906002)(15650500001)(76116006)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3776; H:MN2PR11MB4157.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: T6nK/479dNxsWzztFXOHmRnHImqBb0HeW8vP3wldhgqXVRJARaF6JPVGHccKKmv5WMTk4TvEs9nT4zxO90i/bVd4H0Tu1w/HUukB4s45ydwZydlKi9jlkCE65UUTZBI8X+LIuQa8nkB3cDk/5B4rEnfn/jof3rPebHWI28ywt6wpGIt0cF+RZVWBL2TEbU2gWzpQZzmBjUyCoCP/3q7tBJcAFaymlNeEvwyCcWxEvx+FwBXZuO3Ka1jD0CrNpehIfZaoOgoqBOQnuR7H+/OMRTds1s/q6BTQr1EYleICYMLsKxuWw++1DmsxZ/wY2m+tibq0qr426N+71Sm66rQLu5til689SJuXc1pvM5uLfiiYif4gPYh2cOLQaWgvTymJwVzLdUtrzI6VcjfGo65x5dCk3Qwtg32c2ORZSh5fIqo/GkPbb1WAGjV9oSlJNs0rcWbTqV5Q7oKL9e6HcZoqRQ== Content-Type: multipart/alternative; boundary="_000_EED73BFD2D5A47B189158DF151F70F92ciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: fdfe70ea-b3bf-459a-ba66-08d75170643d X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 13:05:45.4749 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jLP7wI0QEKos/JLp24JswrRRXM0ehmVzmPT/+HFjzOgvup+QKKw2NhW5V5NYq8mP35fC8nbPZ0Ki5mWgWwACbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3776 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com X-Outbound-Node: rcdn-core-9.cisco.com Archived-At: Subject: Re: [netconf] More capabilities for ietf-notification-capabilities (WGLC) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2019 13:05:54 -0000 --_000_EED73BFD2D5A47B189158DF151F70F92ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQmFsYXpzLA0KDQpNYWtlcyBzZW5zZSB0byBhZGQgdGhlc2UgY2FwYWJpbGl0aWVzLg0KDQpS ZWdhcmRzLA0KUmVzaGFkLg0KDQpGcm9tOiBuZXRjb25mIDxuZXRjb25mLWJvdW5jZXNAaWV0Zi5v cmc+IG9uIGJlaGFsZiBvZiBCYWzDoXpzIExlbmd5ZWwgPGJhbGF6cy5sZW5neWVsPTQwZXJpY3Nz b24uY29tQGRtYXJjLmlldGYub3JnPg0KRGF0ZTogV2VkbmVzZGF5LCBPY3RvYmVyIDksIDIwMTkg YXQgMTA6MzMgQU0NClRvOiBOZXRjb25mIDxuZXRjb25mQGlldGYub3JnPiwgQWxleGFuZGVyIENs ZW1tIDxsdWR3aWdAY2xlbW0ub3JnPiwgIkVyaWMgVm9pdCAoZXZvaXQpIiA8ZXZvaXRAY2lzY28u Y29tPiwgIlJvYiBXaWx0b24gKHJ3aWx0b24pIiA8cndpbHRvbkBjaXNjby5jb20+DQpTdWJqZWN0 OiBbbmV0Y29uZl0gTW9yZSBjYXBhYmlsaXRpZXMgZm9yIGlldGYtbm90aWZpY2F0aW9uLWNhcGFi aWxpdGllcyAoV0dMQykNCg0KSGVsbG8sDQpEdXJpbmcgV0dMQyBpdCB3YXMgYXNrZWQgdGhhdCAg d2UgY291bGQvc2hvdWxkIGFkZCBzb21lIG1vcmUgY2FwYWJpbGl0aWVzIHRvIHRoZSBpZXRmLW5v dGlmaWNhdGlvbi1jYXBhYmlsaXRpZXMgbW9kZWwuDQpJbiBodHRwczovL3Rvb2xzLmlldGYub3Jn L2h0bWwvcmZjODY0MSNhcHBlbmRpeC1BLjEgdGhlcmUgYXJlIHR3byBtb3JlIGVycm9yIGNvbmRp dGlvbnMgbWVudGlvbmVkLg0KY2FudC1leGNsdWRlDQpkYXRhc3RvcmUtbm90LXN1YnNjcmliYWJs ZQ0KDQpUaGUgcHVibGlzaGVyIG1pZ2h0IGJlIGFibGUgdG8gZGVjbGFyZSB3aGljaCBjaGFuZ2Ug dHlwZXMgY2FuIGJlIHVzZWQgaW4gdGhlICBsZWFmLWxpc3QgZXhjbHVkZWQtY2hhbmdlDQpUaGUg cHVibGlzaGVyIG1pZ2h0IHdhbnQgdG8gZGVjbGFyZSB0aGF0IG5vdCBldmVuIHBlcmlvZGljIHN1 YnNjcmlwdGlvbnMgYXJlIHN1cHBvcnRlZCBmb3IgYSBzcGVjaWZpYyBkYXRhc3RvcmUuIFNvbWUg cGVvcGxlIHN0YXRlZCB0aGF0IHN1cHBvcnRpbmcgcGVyaW9kaWMgc3Vic2NyaXB0aW9ucyBpcyBt YW5kYXRvcnkgaWYgUkZDODY0MSAoWWFuZy1QdXNoKSBpcyBzdXBwb3J0ZWQsIHNvIHdlIHNob3Vs ZCBub3QgYWRkIHRoaXMgY2FwYWJpbGl0eS4gQnV0IGlzIGl0IHJlYWxseSBtYW5kYXRvcnkgdG8g c3VwcG9ydCBwZXJpb2RpYyBzdWJzY3JpcHRpb25zIGZvciBlLmcuIHRoZSBzdGFydC11cCBkYXRh c3RvcmU/DQoNCkkgaW50ZW5kIHRvIGFkZCB0aGVzZSAyIHRvIHRoZSBtb2RlbC4NCg0KT3Bpbmlv bnM/DQoNClJlZ2FyZHMgQmFsYXpzDQoNCg0KLS0NCkJhbGF6cyBMZW5neWVsICAgICAgICAgICAg ICAgICAgICBTZW5pb3IgU3BlY2lhbGlzdCAgICAgICAgICAgICAgICAgICAgICAgRXJpY3Nzb24g SHVuZ2FyeSBMdGQuDQpNb2JpbGU6ICszNi03MC0zMzAtNzkwOSAgICAgICAgICAgICAgZW1haWw6 IEJhbGF6cy5MZW5neWVsQGVyaWNzc29uLmNvbQ0KDQo= --_000_EED73BFD2D5A47B189158DF151F70F92ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJ bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnNwYW4uSFRNTFByZWZvcm1hdHRlZENoYXIN Cgl7bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1zby1zdHlsZS1w cmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQiOw0KCWZvbnQt ZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYu bXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3At YWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0 bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToi Q2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlw ZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3 aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7 fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1z aXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7 DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24x DQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5n PSJFTi1DQSIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29y ZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5IaSBC YWxhenMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5NYWtlcyBzZW5zZSB0byBhZGQgdGhlc2UgY2FwYWJp bGl0aWVzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+UmVzaGFkLjxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xv cjpibGFjayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtj b2xvcjpibGFjayI+bmV0Y29uZiAmbHQ7bmV0Y29uZi1ib3VuY2VzQGlldGYub3JnJmd0OyBvbiBi ZWhhbGYgb2YgQmFsw6F6cyBMZW5neWVsICZsdDtiYWxhenMubGVuZ3llbD00MGVyaWNzc29uLmNv bUBkbWFyYy5pZXRmLm9yZyZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+V2VkbmVzZGF5LCBPY3RvYmVy IDksIDIwMTkgYXQgMTA6MzMgQU08YnI+DQo8Yj5UbzogPC9iPk5ldGNvbmYgJmx0O25ldGNvbmZA aWV0Zi5vcmcmZ3Q7LCBBbGV4YW5kZXIgQ2xlbW0gJmx0O2x1ZHdpZ0BjbGVtbS5vcmcmZ3Q7LCAm cXVvdDtFcmljIFZvaXQgKGV2b2l0KSZxdW90OyAmbHQ7ZXZvaXRAY2lzY28uY29tJmd0OywgJnF1 b3Q7Um9iIFdpbHRvbiAocndpbHRvbikmcXVvdDsgJmx0O3J3aWx0b25AY2lzY28uY29tJmd0Ozxi cj4NCjxiPlN1YmplY3Q6IDwvYj5bbmV0Y29uZl0gTW9yZSBjYXBhYmlsaXRpZXMgZm9yIGlldGYt bm90aWZpY2F0aW9uLWNhcGFiaWxpdGllcyAoV0dMQyk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVsbG8sPC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+RHVyaW5nIFdHTEMgaXQgd2FzIGFza2VkIHRoYXQgJm5ic3A7d2UgY291bGQvc2hvdWxk IGFkZCBzb21lIG1vcmUgY2FwYWJpbGl0aWVzIHRvIHRoZSBpZXRmLW5vdGlmaWNhdGlvbi1jYXBh YmlsaXRpZXMgbW9kZWwuPC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SW4gPGEgaHJlZj0iaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzg2NDEjYXBwZW5kaXgtQS4xIj4NCmh0dHBzOi8v dG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM4NjQxI2FwcGVuZGl4LUEuMTwvYT4gdGhlcmUgYXJlIHR3 byBtb3JlIGVycm9yIGNvbmRpdGlvbnMgbWVudGlvbmVkLjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJp ZXIgTmV3JnF1b3Q7Ij5jYW50LWV4Y2x1ZGUNCjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3Vy aWVyIE5ldyZxdW90OyI+ZGF0YXN0b3JlLW5vdC1zdWJzY3JpYmFibGU8L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDsiPiZuYnNwOzwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5UaGUgcHVibGlzaGVyIG1pZ2h0IGJlIGFibGUgdG8gZGVjbGFyZSB3aGljaCBj aGFuZ2UgdHlwZXMgY2FuIGJlIHVzZWQgaW4gdGhlICZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXNp emU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7Ij5sZWFmLWxpc3Qg ZXhjbHVkZWQtY2hhbmdlDQo8L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIHB1 Ymxpc2hlciBtaWdodCB3YW50IHRvIGRlY2xhcmUgdGhhdCBub3QgZXZlbiBwZXJpb2RpYyBzdWJz Y3JpcHRpb25zIGFyZSBzdXBwb3J0ZWQgZm9yIGEgc3BlY2lmaWMgZGF0YXN0b3JlLiBTb21lIHBl b3BsZSBzdGF0ZWQgdGhhdCBzdXBwb3J0aW5nIHBlcmlvZGljIHN1YnNjcmlwdGlvbnMgaXMgbWFu ZGF0b3J5IGlmIFJGQzg2NDEgKFlhbmctUHVzaCkgaXMgc3VwcG9ydGVkLCBzbyB3ZSBzaG91bGQg bm90DQogYWRkIHRoaXMgY2FwYWJpbGl0eS4gQnV0IGlzIGl0IHJlYWxseSBtYW5kYXRvcnkgdG8g c3VwcG9ydCBwZXJpb2RpYyBzdWJzY3JpcHRpb25zIGZvciBlLmcuIHRoZSBzdGFydC11cCBkYXRh c3RvcmU/PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+SSBpbnRlbmQgdG8gYWRkIHRoZXNlIDIgdG8gdGhlIG1vZGVsLjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPiZuYnNwOzwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9waW5pb25z PzwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPlJlZ2FyZHMgQmFsYXpzPC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LS0g PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QmFsYXpzIExlbmd5ZWwmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgU2VuaW9yIFNwZWNpYWxp c3QmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgJm5ic3A7Jm5ic3A7Jm5ic3A7RXJpY3Nzb24gSHVuZ2FyeSBMdGQuDQo8L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5Nb2JpbGU6ICYjNDM7MzYtNzAtMzMwLTc5MDkmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsgZW1haWw6IEJhbGF6cy5MZW5neWVsQGVyaWNzc29uLmNvbTwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPiZuYnNwOzwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_EED73BFD2D5A47B189158DF151F70F92ciscocom_-- From nobody Wed Oct 16 01:54:11 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77253120882; Wed, 16 Oct 2019 01:54:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HjZcedexOs8X; Wed, 16 Oct 2019 01:54:06 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7676E12087E; Wed, 16 Oct 2019 01:54:06 -0700 (PDT) Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 89B9F7B969236B1F1FBC; Wed, 16 Oct 2019 09:54:02 +0100 (IST) Received: from lhreml727-chm.china.huawei.com (10.201.108.78) by LHREML711-CAH.china.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 16 Oct 2019 09:54:02 +0100 Received: from lhreml727-chm.china.huawei.com (10.201.108.78) by lhreml727-chm.china.huawei.com (10.201.108.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 16 Oct 2019 09:54:02 +0100 Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml727-chm.china.huawei.com (10.201.108.78) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Wed, 16 Oct 2019 09:54:01 +0100 Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0439.000; Wed, 16 Oct 2019 16:53:58 +0800 From: Tianran Zhou To: Netconf CC: "netconf-chairs@ietf.org" Thread-Topic: New Version Notification for draft-zhou-netconf-multi-stream-originators-07.txt Thread-Index: AQHVg/4uVb6xP3AadkmzKI1cSZnd+qdc9SEA Date: Wed, 16 Oct 2019 08:53:58 +0000 Message-ID: References: <157121557297.7928.11794164379470070002.idtracker@ietfa.amsl.com> In-Reply-To: <157121557297.7928.11794164379470070002.idtracker@ietfa.amsl.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.111.156.116] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: [netconf] FW: New Version Notification for draft-zhou-netconf-multi-stream-originators-07.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 08:54:10 -0000 SGkgV0csDQoNCldlIGp1c3QgdXBkYXRlZCB0aGUgZHJhZnQgb24gU3Vic2NyaXB0aW9uIHRvIE11 bHRpcGxlIFN0cmVhbSBPcmlnaW5hdG9ycy4NCkluIHRoaXMgcmV2aXNpb24sIHdlIG1hZGUgY2hh bmdlIG9uOg0KMS4gUmVtb3ZlIHRoZSBJb1QgdXNlIGNhc2UgYmFzZWQgb24gdGhlIGZlZWRiYWNr IGZyb20gSUVURjEwNSBtZWV0aW5nLg0KMi4gUmV2aXNlIGV4YW1wbGVzIGFuZCBhZGQgY2FsbCBm bG93cy4NCjMuIEFkZCBkaXNjdXNzaW9uIG9uIFB1Ymxpc2hlciBDb25maWd1cmF0aW9ucyBpbiBz ZWN0aW9uIDguDQoNCkFueSBjb21tZW50IGFuZCBmZWVkYmFjayBpcyB3ZWxjb21lLg0KDQpUaGFu a3MsDQpUaWFucmFuDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBpbnRlcm5l dC1kcmFmdHNAaWV0Zi5vcmcgW21haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmddIA0KU2Vu dDogV2VkbmVzZGF5LCBPY3RvYmVyIDE2LCAyMDE5IDQ6NDYgUE0NClRvOiBBbmR5IEJpZXJtYW4g PGFuZHlAeXVtYXdvcmtzLmNvbT47IEVyaWMgVm9pdCA8ZXZvaXRAY2lzY28uY29tPjsgWmhlbmdn dWFuZ3lpbmcgKFdhbGtlcikgPHpoZW5nZ3Vhbmd5aW5nQGh1YXdlaS5jb20+OyBBbGV4YW5kZXIg Q2xlbW0gPGx1ZHdpZ0BjbGVtbS5vcmc+OyBUaWFucmFuIFpob3UgPHpob3V0aWFucmFuQGh1YXdl aS5jb20+DQpTdWJqZWN0OiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXpob3Ut bmV0Y29uZi1tdWx0aS1zdHJlYW0tb3JpZ2luYXRvcnMtMDcudHh0DQoNCg0KQSBuZXcgdmVyc2lv biBvZiBJLUQsIGRyYWZ0LXpob3UtbmV0Y29uZi1tdWx0aS1zdHJlYW0tb3JpZ2luYXRvcnMtMDcu dHh0DQpoYXMgYmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0dGVkIGJ5IFRpYW5yYW4gWmhvdSBhbmQg cG9zdGVkIHRvIHRoZSBJRVRGIHJlcG9zaXRvcnkuDQoNCk5hbWU6CQlkcmFmdC16aG91LW5ldGNv bmYtbXVsdGktc3RyZWFtLW9yaWdpbmF0b3JzDQpSZXZpc2lvbjoJMDcNClRpdGxlOgkJU3Vic2Ny aXB0aW9uIHRvIE11bHRpcGxlIFN0cmVhbSBPcmlnaW5hdG9ycw0KRG9jdW1lbnQgZGF0ZToJMjAx OS0xMC0xNg0KR3JvdXA6CQlJbmRpdmlkdWFsIFN1Ym1pc3Npb24NClBhZ2VzOgkJMjMNClVSTDog ICAgICAgICAgICBodHRwczovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtemhv dS1uZXRjb25mLW11bHRpLXN0cmVhbS1vcmlnaW5hdG9ycy0wNy50eHQNClN0YXR1czogICAgICAg ICBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC16aG91LW5ldGNvbmYtbXVs dGktc3RyZWFtLW9yaWdpbmF0b3JzLw0KSHRtbGl6ZWQ6ICAgICAgIGh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC16aG91LW5ldGNvbmYtbXVsdGktc3RyZWFtLW9yaWdpbmF0b3JzLTA3 DQpIdG1saXplZDogICAgICAgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9k cmFmdC16aG91LW5ldGNvbmYtbXVsdGktc3RyZWFtLW9yaWdpbmF0b3JzDQpEaWZmOiAgICAgICAg ICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LXpob3UtbmV0Y29uZi1t dWx0aS1zdHJlYW0tb3JpZ2luYXRvcnMtMDcNCg0KQWJzdHJhY3Q6DQogICBUaGlzIGRvY3VtZW50 IGRlc2NyaWJlcyB0aGUgZGlzdHJpYnV0ZWQgZGF0YSBleHBvcnQgbWVjaGFuaXNtIHRoYXQNCiAg IGFsbG93cyBtdWx0aXBsZSBkYXRhIHN0cmVhbXMgdG8gYmUgbWFuYWdlZCB1c2luZyBhIHNpbmds ZQ0KICAgc3Vic2NyaXB0aW9uLiAgU3BlY2lmaWNhbGx5LCBtdWx0aXBsZSBkYXRhIHN0cmVhbXMg YXJlIHB1c2hlZA0KICAgZGlyZWN0bHkgdG8gdGhlIGNvbGxlY3RvciB3aXRob3V0IHBhc3Npbmcg dGhyb3VnaCBhIGJyb2tlciBmb3INCiAgIGludGVybmFsIGNvbnNvbGlkYXRpb24uDQoNCg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIA0KDQoNClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2Ug YSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb24gdW50aWwgdGhl IGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRmLm9y Zy4NCg0KVGhlIElFVEYgU2VjcmV0YXJpYXQNCg0K From nobody Thu Oct 17 06:08:16 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D631200E9 for ; Thu, 17 Oct 2019 06:08:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kv2TSTDmiWBa for ; Thu, 17 Oct 2019 06:08:11 -0700 (PDT) Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD621200C5 for ; Thu, 17 Oct 2019 06:08:11 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id r22so1854874lfm.1 for ; Thu, 17 Oct 2019 06:08:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kee2JUQlb8D/wYG0iqE8flmaZccAcnMxULydaavDOok=; b=AJ5FfFzVV3thafrK+vVzacVb1F3rqfnWCeMl+oQmrwNLWLku3v+TP/pIeSHkL0Hxp+ DVewNUz3SGgQbNk1o3z2vBITSt1eLSw39R44uIgtCqbNaUV5KVp9kISmaARNzfSgVSFq BPdiPnN4/EngUGdkKlocr+wqtShAEf4JXgak2K3B1GclWAFmUS7gRY24GFHsYf4vZJdk Qq4jSKmZ4gCcj9LaUONDdTJJFB5LgJJTAsn9pyyg9BOP27P56peNNxl49ue6XSgRLdRp KxWDyvBPM5Nu40Utuo1CUdcr3oGx0tdCHxYLwdeQHsVruLHuDI2yYjDXO6TdmcxvK5lZ +ZgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kee2JUQlb8D/wYG0iqE8flmaZccAcnMxULydaavDOok=; b=sq/7aynHtMTA6eZGG+l+mH9mSodVD+Dhv4wEMOLSRdReMCuM8f3GIG2/H/BiY0zQCL MKOwSuONxixF66NrzdJbB82TQ5c5RssjNJqCckmfQM+TMUE9HpTgd+DG/4JFQKSFsgV4 Z+GHSoFaU7AtdMgBO/oj53Ai8nMgatPwnBO/EtLD63Jce1EKdHjMn5c9jriWsoA/FEE4 8ctRu73YK+Ucl1s5HfQOVlTrd7pf2gduB5sS3P/Vqxwbb6bGhj0kudfLoepFH1lWsbCA pnLZqtYa0EtN1Nl4EDbi2VmK6ZERp6SRbf1eJePzgSWbp1EOu2YGM/utLYzYD4NEzBHw Kafw== X-Gm-Message-State: APjAAAVB+u0HxhKdEdW6AtfP2DCQqnf8EqyXoLYqTNYMv3cPVRbnntZA ZBBetiB9uACbVOhhGUaqx9tezOF7B2QcsqmeFEg= X-Google-Smtp-Source: APXvYqzjZNpUQMEefXJ17sGpBH8bXY3XqQ/WhKYt7y8orNeOzO+GMOK7PlOBZ9efGw5x/Tmm1yjWUKZR4AaEiE1mmM0= X-Received: by 2002:a19:6759:: with SMTP id e25mr2289795lfj.80.1571317689552; Thu, 17 Oct 2019 06:08:09 -0700 (PDT) MIME-Version: 1.0 References: <20190211101359.A9449B82486@rfc-editor.org> In-Reply-To: <20190211101359.A9449B82486@rfc-editor.org> From: Ignas Bagdonas Date: Thu, 17 Oct 2019 14:07:58 +0100 Message-ID: To: RFC Errata System Cc: Andy Bierman , Martin Bjorklund , Kent Watsen , Warren Kumari , Kent Watsen , Mahesh Jethanandani , Qin Wu , netconf@ietf.org Content-Type: multipart/alternative; boundary="000000000000b71f1805951ae81f" Archived-At: Subject: Re: [netconf] [Technical Errata Reported] RFC8040 (5633) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 13:08:15 -0000 --000000000000b71f1805951ae81f Content-Type: text/plain; charset="UTF-8" Hi there, This applies to an example, and while factually correct, it does not seem to be a technical errata as such, it is an editorial one A nit - a Date: header also needs to be changed. Any objections? On Mon, Feb 11, 2019 at 10:14 AM RFC Errata System < rfc-editor@rfc-editor.org> wrote: > The following errata report has been submitted for RFC8040, > "RESTCONF Protocol". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5633 > > -------------------------------------- > Type: Technical > Reported by: Qin WU > > Section: B.2.2. > > Original Text > ------------- > PATCH /restconf/data/example-jukebox:jukebox/\ > library/artist=Foo%20Fighters/album=Wasting%20Light/\ > genre HTTP/1.1 > Host: example.com > If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT > Content-Type: application/yang-data+json > > { "example-jukebox:genre" : "example-jukebox:alternative" } > > In this example, the datastore resource has changed since the time > specified in the "If-Unmodified-Since" header. The server might > respond as follows: > > HTTP/1.1 412 Precondition Failed > Date: Thu, 26 Jan 2017 20:56:30 GMT > Server: example-server > Last-Modified: Thu, 26 Jan 2017 19:41:00 GMT > ETag: "b34aed893a4c" > > > Corrected Text > -------------- > PATCH /restconf/data/example-jukebox:jukebox/\ > library/artist=Foo%20Fighters/album=Wasting%20Light/\ > genre HTTP/1.1 > Host: example.com > If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT > Content-Type: application/yang-data+json > > { "example-jukebox:genre" : "example-jukebox:alternative" } > > In this example, the datastore resource has changed since the time > specified in the "If-Unmodified-Since" header. The server might > respond as follows: > > HTTP/1.1 412 Precondition Failed > Date: Thu, 26 Jan 2017 20:56:30 GMT > Server: example-server > Last-Modified: Thu, 26 Jan 2017 20:57:10 GMT > ETag: "b34aed893a4c" > > > Notes > ----- > The date in the Last-Modified field of the response HTTP header should be > greater than the date in the If-Unmodified-Since field of the request HTTP > header. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8040 (draft-ietf-netconf-restconf-18) > -------------------------------------- > Title : RESTCONF Protocol > Publication Date : January 2017 > Author(s) : A. Bierman, M. Bjorklund, K. Watsen > Category : PROPOSED STANDARD > Source : Network Configuration > Area : Operations and Management > Stream : IETF > Verifying Party : IESG > --000000000000b71f1805951ae81f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi there,

This applies to an= example, and while factually correct, it does not seem to be a technical e= rrata as such, it is an editorial one

A nit -= =C2=A0 a Date: header also needs to be changed.

Any objections?



On Mon, Feb 11, = 2019 at 10:14 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote:
The following errata report has been subm= itted for RFC8040,
"RESTCONF Protocol".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5633

--------------------------------------
Type: Technical
Reported by: Qin WU <bill.wu@huawei.com>

Section: B.2.2.

Original Text
-------------
=C2=A0 =C2=A0 =C2=A0 PATCH /restconf/data/example-jukebox:jukebox/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 library/artist=3DFoo%20Fighters/album=3D= Wasting%20Light/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 genre HTTP/1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Content-Type: application/yang-data+json

=C2=A0 =C2=A0 =C2=A0 { "example-jukebox:genre" : "example-ju= kebox:alternative" }

=C2=A0 =C2=A0In this example, the datastore resource has changed since the = time
=C2=A0 =C2=A0specified in the "If-Unmodified-Since" header.=C2=A0= The server might
=C2=A0 =C2=A0respond as follows:

=C2=A0 =C2=A0 =C2=A0 HTTP/1.1 412 Precondition Failed
=C2=A0 =C2=A0 =C2=A0 Date: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Server: example-server
=C2=A0 =C2=A0 =C2=A0 Last-Modified: Thu, 26 Jan 2017 19:41:00 GMT
=C2=A0 =C2=A0 =C2=A0 ETag: "b34aed893a4c"


Corrected Text
--------------
=C2=A0 =C2=A0 =C2=A0 PATCH /restconf/data/example-jukebox:jukebox/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 library/artist=3DFoo%20Fighters/album=3D= Wasting%20Light/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 genre HTTP/1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Content-Type: application/yang-data+json

=C2=A0 =C2=A0 =C2=A0 { "example-jukebox:genre" : "example-ju= kebox:alternative" }

=C2=A0 =C2=A0In this example, the datastore resource has changed since the = time
=C2=A0 =C2=A0specified in the "If-Unmodified-Since" header.=C2=A0= The server might
=C2=A0 =C2=A0respond as follows:

=C2=A0 =C2=A0 =C2=A0 HTTP/1.1 412 Precondition Failed
=C2=A0 =C2=A0 =C2=A0 Date: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Server: example-server
=C2=A0 =C2=A0 =C2=A0 Last-Modified: Thu, 26 Jan 2017 20:57:10 GMT
=C2=A0 =C2=A0 =C2=A0 ETag: "b34aed893a4c"


Notes
-----
The date in the Last-Modified field of the response HTTP header should be g= reater than the date in the If-Unmodified-Since field of the request HTTP h= eader.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, ple= ase
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party=C2=A0
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8040 (draft-ietf-netconf-restconf-18)
--------------------------------------
Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: RESTCONF Prot= ocol
Publication Date=C2=A0 =C2=A0 : January 2017
Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: A. Bierman, M. Bjorklun= d, K. Watsen
Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED STANDARD
Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Network Configurat= ion
Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Operations an= d Management
Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IETF
Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
--000000000000b71f1805951ae81f-- From nobody Thu Oct 17 06:57:35 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A803F1207FF; Thu, 17 Oct 2019 06:57:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzUR4P7dznUe; Thu, 17 Oct 2019 06:57:27 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 287201202DD; Thu, 17 Oct 2019 06:57:27 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 78DBAB80EDC; Thu, 17 Oct 2019 06:57:23 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191017135723.78DBAB80EDC@rfc-editor.org> Date: Thu, 17 Oct 2019 06:57:23 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC8040 (5761) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 13:57:29 -0000 The following errata report has been rejected for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5761 -------------------------------------- Status: Rejected Type: Technical Reported by: Qin WU Date Reported: 2019-06-24 Rejected by: Ignas Bagdonas (IESG) Section: 4.4.1 Original Text ------------- If the data resource already exists, then the POST request MUST fail and a "409 Conflict" status-line MUST be returned. The error-tag value "resource-denied" is used in this case Corrected Text -------------- If the data resource already exists, then the POST request MUST fail and a "409 Conflict" status-line MUST be returned. The error-tag value "data-exists" is used in this case Notes ----- The error-tag value should be corrected as "data-exists" in this case based on the context. According to error-tag definition in RFC6241: error-tag: resource-denied error-type: transport, rpc, protocol, application error-severity: error error-info: none Description: Request could not be completed because of insufficient resources. It is apparent error-tag value "data-exists" should be corresponding to the data resource already exists condition. --VERIFIER NOTES-- Rejected based on the discussion on WG mailing list: https://mailarchive.ietf.org/arch/msg/netconf/LNYNKiK7RYhTeita4oCte0HVcLA -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Thu Oct 17 07:04:17 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C2B12029C; Thu, 17 Oct 2019 07:04:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U2dNbSNC43ZO; Thu, 17 Oct 2019 07:04:13 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F6012000F; Thu, 17 Oct 2019 07:04:13 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 5EC0AB81028; Thu, 17 Oct 2019 07:04:09 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191017140409.5EC0AB81028@rfc-editor.org> Date: Thu, 17 Oct 2019 07:04:09 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC8040 (5857) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 14:04:15 -0000 The following errata report has been rejected for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5857 -------------------------------------- Status: Rejected Type: Technical Reported by: Qin WU Date Reported: 2019-09-11 Rejected by: Ignas Bagdonas (IESG) Section: 3.1 Original Text ------------- The server might respond as follows: HTTP/1.1 200 OK Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Cache-Control: no-cache Last-Modified: Thu, 26 Jan 2017 16:00:14 GMT Content-Type: application/yang-data+json { "operations" : { "example-jukebox:play" : [null] } } Corrected Text -------------- The server might respond as follows: HTTP/1.1 200 OK Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Cache-Control: no-cache Last-Modified: Thu, 26 Jan 2017 16:00:14 GMT Content-Type: application/yang-data+json { "operations" :[ { "example-jukebox:play" : [null] } ]} Notes ----- Returned operations in the RESTCONF response should be an array of the particular type, therefore the brackets are needed to enclose a list of operations associated with example-jukebox. --VERIFIER NOTES-- Rejected based on mailing list discussion: https://mailarchive.ietf.org/arch/msg/netconf/T9y2CxELL4gmvkbBischAUtnYMg -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Thu Oct 17 11:41:00 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E081120B93 for ; Thu, 17 Oct 2019 11:40:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qju6jBgCgatz for ; Thu, 17 Oct 2019 11:40:54 -0700 (PDT) Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AF6D120B90 for ; Thu, 17 Oct 2019 11:40:53 -0700 (PDT) Received: by mail-lj1-x22e.google.com with SMTP id b20so3628386ljj.5 for ; Thu, 17 Oct 2019 11:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HlRaR7PTAUqtXqw1cJSQuIUhpqAoDZ9GI1lLdZa3KFs=; b=co3htEe6XacRmp/FybGBaNkwi+TUQop+slaD1SE1HiUCU2P89hdAA0LNEIQtaFeW5u UbPa9ied+Br2/AFkZMTkbkQ8JTK0+zorm59uLcQYAW4YkkDj0ev3B5skDHdUHM6zoZ73 DEef+Y04kFgdb6UaQ1p++hRXjyiRn/nJZN3mv2g2p7Cx5xScpINoRjvmOUg/KiuSfKVM y/t6kzjwPsDEoNPAjlFL/PnvyJgGZhgRXCEXAkym0cKDiJyDVqwoirDfrCyJI3IMM0up xtq0vh4JRdb6YQAZDZPgrwjKJMW9631Tmohajh2KiZqF3VonK4HsVCERJHntX86EpW5E z1qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HlRaR7PTAUqtXqw1cJSQuIUhpqAoDZ9GI1lLdZa3KFs=; b=s+rWOrIFau6GpvJs5Hd61baLvw5VMBWlNOmHrjXMMlkBa/62GLbrC/1kOMEeb8TRfW anPWKJWr4X+XVVinC4SVxW4YdGt5wXi1gE63EMju5Hx7Nx8iLtZ8dnjb3fDak22bF9Bh B+4TWWyUvJJx2V8zTVFHFO+WzJ4DhqFfQwbBGpThd5qMp156GN2v4ClpVuyMiXv96s01 GV3mOLc4LP2RI74B+y1i45RNj8uXacHfvJp7GMw/vkIvQBF7Y8dTgpTPgWQxyLU7IxeJ rlIM9XzpGgJlXZsI6zEyFUG3LsvN/3Yx/M8igQV+tbFPkkb8ZAkk7J5PC1rgqxoMgV7s RMWA== X-Gm-Message-State: APjAAAUxu7TbFSrBHch3n80pJafU3/mIkQ1RuXovyID1mkASsYPllKME luVJCGHdJQ0kEi9ZbV2xpihPTOEr7rD/4HR6804= X-Google-Smtp-Source: APXvYqyWty3zyjIh3OwKFizwxaHpj5Cmj3w42GiSpWkxdoXnqDNhgyY5YCC4QTigTEVOH+dWh4sKK11k2KuA56/J0Ho= X-Received: by 2002:a2e:9981:: with SMTP id w1mr3410527lji.205.1571337651915; Thu, 17 Oct 2019 11:40:51 -0700 (PDT) MIME-Version: 1.0 References: <20190911040238.4CD72B81289@rfc-editor.org> In-Reply-To: <20190911040238.4CD72B81289@rfc-editor.org> From: Ignas Bagdonas Date: Thu, 17 Oct 2019 19:40:40 +0100 Message-ID: To: RFC Errata System Cc: Andy Bierman , Martin Bjorklund , Kent Watsen , Warren Kumari , Kent Watsen , Mahesh Jethanandani , Qin Wu , netconf@ietf.org Content-Type: multipart/alternative; boundary="0000000000009097fd05951f8eb9" Archived-At: Subject: Re: [netconf] [Technical Errata Reported] RFC8040 (5858) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 18:40:58 -0000 --0000000000009097fd05951f8eb9 Content-Type: text/plain; charset="UTF-8" This appears to be factually incorrect - there examples in sections 5.3.1 and 5.3.2 do not refer to ietf-interfaces, instead they use an example module defined in RFC 6243 section A.1. The prefix therefore should be example: instead. On Wed, Sep 11, 2019 at 5:02 AM RFC Errata System wrote: > The following errata report has been submitted for RFC8040, > "RESTCONF Protocol". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid5858 > > -------------------------------------- > Type: Technical > Reported by: Qin WU > > Section: 5.3.1,5.3.2 > > Original Text > ------------- > GET /restconf/data/interfaces/interface=eth1 > ?with-defaults=report-all-tagged HTTP/1.1 > Host: example.com > Accept: application/yang-data+xml > > GET /restconf/data/interfaces/interface=eth1\ > ?with-defaults=report-all-tagged HTTP/1.1 > Host: example.com > Accept: application/yang-data+json > > Corrected Text > -------------- > GET /restconf/data/ietf-interfaces:interfaces/interface=eth1 > ?with-defaults=report-all-tagged HTTP/1.1 > Host: example.com > Accept: application/yang-data+xml > > GET /restconf/data/ietf-interfaces:interfaces/interface=eth1\ > ?with-defaults=report-all-tagged HTTP/1.1 > Host: example.com > Accept: application/yang-data+json > > Notes > ----- > Based on the rule defined in section 3.5.3 of RFC8040, the module name > ietf-interface followed by a colon character (":") should be prepended to > the node name interfaces. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8040 (draft-ietf-netconf-restconf-18) > -------------------------------------- > Title : RESTCONF Protocol > Publication Date : January 2017 > Author(s) : A. Bierman, M. Bjorklund, K. Watsen > Category : PROPOSED STANDARD > Source : Network Configuration > Area : Operations and Management > Stream : IETF > Verifying Party : IESG > --0000000000009097fd05951f8eb9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This appears to be factually incorrect - there exampl= es in sections 5.3.1 and 5.3.2 do not refer to ietf-interfaces, instead the= y use an example module defined in RFC 6243 section A.1. The prefix therefo= re should be example: instead.



=


On Wed, Sep 11, 2019 at 5:02 AM RFC Errata System <= rfc-editor@rfc-editor.org&= gt; wrote:
The f= ollowing errata report has been submitted for RFC8040,
"RESTCONF Protocol".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid5858

--------------------------------------
Type: Technical
Reported by: Qin WU <bill.wu@huawei.com>

Section: 5.3.1,5.3.2

Original Text
-------------
=C2=A0 =C2=A0 =C2=A0 GET /restconf/data/interfaces/interface=3Deth1
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ?with-defaults=3Dreport-all-tagged HTTP/= 1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 Accept: application/yang-data+xml

=C2=A0 =C2=A0 =C2=A0 GET /restconf/data/interfaces/interface=3Deth1\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ?with-defaults=3Dreport-all-tagged HTTP/= 1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 Accept: application/yang-data+json

Corrected Text
--------------
=C2=A0 =C2=A0 =C2=A0 GET /restconf/data/ietf-interfaces:interfaces/interfac= e=3Deth1
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ?with-defaults=3Dreport-all-tagged HTTP/= 1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 Accept: application/yang-data+xml

=C2=A0 =C2=A0 =C2=A0 GET /restconf/data/ietf-interfaces:interfaces/interfac= e=3Deth1\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ?with-defaults=3Dreport-all-tagged HTTP/= 1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 Accept: application/yang-data+json

Notes
-----
Based on the rule defined in section 3.5.3 of RFC8040,=C2=A0 the module nam= e ietf-interface followed by a colon character (":") should be pr= epended to the node name interfaces.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, ple= ase
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party=C2=A0
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8040 (draft-ietf-netconf-restconf-18)
--------------------------------------
Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: RESTCONF Prot= ocol
Publication Date=C2=A0 =C2=A0 : January 2017
Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: A. Bierman, M. Bjorklun= d, K. Watsen
Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED STANDARD
Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Network Configurat= ion
Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Operations an= d Management
Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IETF
Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
--0000000000009097fd05951f8eb9-- From nobody Thu Oct 17 12:57:46 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B63F120241 for ; Thu, 17 Oct 2019 12:57:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yumaworks-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xFK36V8I2rVd for ; Thu, 17 Oct 2019 12:57:42 -0700 (PDT) Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9290C1200FA for ; Thu, 17 Oct 2019 12:57:41 -0700 (PDT) Received: by mail-lf1-x12d.google.com with SMTP id u28so2862195lfc.5 for ; Thu, 17 Oct 2019 12:57:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yumaworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T+nhmrJ+GabRhAjD2+dgts4X6FUI4DE9gn89o+BGsL8=; b=JduU+ZZILwV5TuWRWr5PIGV7C5LYSEPU1sVsmQa8p6016vzc3eRmmvzQSxEe8tFZUF W0Ck0+EZfU6aVgd5SiYj1YKtsxPgoiqUPbrUyEhJqPxnnI5wCtPFhsH893Nbe5OG41Qy YWBnHpEr4jrYNywG5m6dt7ijVeWWCVLv2G/f5S+1qtVehNRqqnotFTHg4PfKxkgekFZy MkyUTAQ7MipNsxJH4Vf6Bd3/uyJ3UxvBCLNgw166hU5NAVCnAtwvWWxPAbVpp10c2c6C Z6C1RG8N2BYxIZpz0e3ipYD95OMnTxh55F9QibQgBuNg2z6yKRgaN/BO9oNGEdUVFUh9 0+NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T+nhmrJ+GabRhAjD2+dgts4X6FUI4DE9gn89o+BGsL8=; b=LA86wPGxPkZg7xcqZnGK5TAjWqDipi7JtwFV19nhj9Vi+adg6Yd/+OccSnB4X05e/8 dJSzSYjSjzYdftqYgOr6a12wt/uoaPmMF741xl06bil2+1T4M24Az/18QRh1xB/O3yAo eEaPzi3CqR7jZLohXvuNTLwlhm6WTf0uz9+8Zm23Qhh4+kriH3KIFCnKyvLjKyK1Dvcd UOG4VdwKna+JSV1Dn50d/urA8aJowDY58dXnW8egJjrtyNvBtRcqz+5PZN+dYeFCbRhg k5mbpY24nw8azJy2bKnvGR4EUisrFPiEBM9kwyfrU5uZXMKUWYiu8gO+yNSfKRsoWBRe wFcg== X-Gm-Message-State: APjAAAXvdtEmwpIWZx/jUQwXNzjFR5dVnaZm1Y4py4mrrwSB+AHadZMz 40J1wY6xbOqwAgARTMqx6RWtoxwEuFEYpPhycIzp9Q== X-Google-Smtp-Source: APXvYqw0Y7peU1oNopGM7361U4jW5936JTLpAiGbqWZ5dB5zDLc6PFSOlcXKuHMC/DFSGHuTvagHUsyiM6b2Km3gzpc= X-Received: by 2002:ac2:4650:: with SMTP id s16mr3736244lfo.32.1571342259447; Thu, 17 Oct 2019 12:57:39 -0700 (PDT) MIME-Version: 1.0 References: <20190211101359.A9449B82486@rfc-editor.org> In-Reply-To: From: Andy Bierman Date: Thu, 17 Oct 2019 12:57:28 -0700 Message-ID: To: Ignas Bagdonas Cc: RFC Errata System , Martin Bjorklund , Kent Watsen , Warren Kumari , Kent Watsen , Mahesh Jethanandani , Qin Wu , Netconf Content-Type: multipart/alternative; boundary="00000000000031fe79059520a182" Archived-At: Subject: Re: [netconf] [Technical Errata Reported] RFC8040 (5633) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 19:57:45 -0000 --00000000000031fe79059520a182 Content-Type: text/plain; charset="UTF-8" On Thu, Oct 17, 2019 at 6:08 AM Ignas Bagdonas wrote: > Hi there, > > This applies to an example, and while factually correct, it does not seem > to be a technical errata as such, it is an editorial one > > A nit - a Date: header also needs to be changed. > > Any objections? > > I agree the example is wrong -- probably a cut-and-paste from If-Modified-Since. In the example shown where 412 Precondition Failed is sent as the response, the server Date should be later than Last-Modified date returned. The fixed example looks like the resource was changed in the future. Andy > > > On Mon, Feb 11, 2019 at 10:14 AM RFC Errata System < > rfc-editor@rfc-editor.org> wrote: > >> The following errata report has been submitted for RFC8040, >> "RESTCONF Protocol". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata/eid5633 >> >> -------------------------------------- >> Type: Technical >> Reported by: Qin WU >> >> Section: B.2.2. >> >> Original Text >> ------------- >> PATCH /restconf/data/example-jukebox:jukebox/\ >> library/artist=Foo%20Fighters/album=Wasting%20Light/\ >> genre HTTP/1.1 >> Host: example.com >> If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT >> Content-Type: application/yang-data+json >> >> { "example-jukebox:genre" : "example-jukebox:alternative" } >> >> In this example, the datastore resource has changed since the time >> specified in the "If-Unmodified-Since" header. The server might >> respond as follows: >> >> HTTP/1.1 412 Precondition Failed >> Date: Thu, 26 Jan 2017 20:56:30 GMT >> Server: example-server >> Last-Modified: Thu, 26 Jan 2017 19:41:00 GMT >> ETag: "b34aed893a4c" >> >> >> Corrected Text >> -------------- >> PATCH /restconf/data/example-jukebox:jukebox/\ >> library/artist=Foo%20Fighters/album=Wasting%20Light/\ >> genre HTTP/1.1 >> Host: example.com >> If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT >> Content-Type: application/yang-data+json >> >> { "example-jukebox:genre" : "example-jukebox:alternative" } >> >> In this example, the datastore resource has changed since the time >> specified in the "If-Unmodified-Since" header. The server might >> respond as follows: >> >> HTTP/1.1 412 Precondition Failed >> Date: Thu, 26 Jan 2017 20:56:30 GMT >> Server: example-server >> Last-Modified: Thu, 26 Jan 2017 20:57:10 GMT >> ETag: "b34aed893a4c" >> >> >> Notes >> ----- >> The date in the Last-Modified field of the response HTTP header should be >> greater than the date in the If-Unmodified-Since field of the request HTTP >> header. >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8040 (draft-ietf-netconf-restconf-18) >> -------------------------------------- >> Title : RESTCONF Protocol >> Publication Date : January 2017 >> Author(s) : A. Bierman, M. Bjorklund, K. Watsen >> Category : PROPOSED STANDARD >> Source : Network Configuration >> Area : Operations and Management >> Stream : IETF >> Verifying Party : IESG >> > --00000000000031fe79059520a182 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, Oct 17, 2019 at 6:08 AM Ignas= Bagdonas <ibagdona@gmail.com&= gt; wrote:
Hi there,

This applies to an exam= ple, and while factually correct, it does not seem to be a technical errata= as such, it is an editorial one

A nit -=C2= =A0 a Date: header also needs to be changed.

= Any objections?


=

I agree the example is wrong -- probably a cut-and-past= e from If-Modified-Since.
In the example shown where 412 Precondi= tion Failed is sent as the response, the
server Date should be la= ter than Last-Modified date returned.
The fixed example looks lik= e the resource was changed in the future.


Andy
=C2=A0


On Mon, Feb 11, 2019= at 10:14 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote:
The following errata report= has been submitted for RFC8040,
"RESTCONF Protocol".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5633

--------------------------------------
Type: Technical
Reported by: Qin WU <bill.wu@huawei.com>

Section: B.2.2.

Original Text
-------------
=C2=A0 =C2=A0 =C2=A0 PATCH /restconf/data/example-jukebox:jukebox/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 library/artist=3DFoo%20Fighters/album=3D= Wasting%20Light/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 genre HTTP/1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Content-Type: application/yang-data+json

=C2=A0 =C2=A0 =C2=A0 { "example-jukebox:genre" : "example-ju= kebox:alternative" }

=C2=A0 =C2=A0In this example, the datastore resource has changed since the = time
=C2=A0 =C2=A0specified in the "If-Unmodified-Since" header.=C2=A0= The server might
=C2=A0 =C2=A0respond as follows:

=C2=A0 =C2=A0 =C2=A0 HTTP/1.1 412 Precondition Failed
=C2=A0 =C2=A0 =C2=A0 Date: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Server: example-server
=C2=A0 =C2=A0 =C2=A0 Last-Modified: Thu, 26 Jan 2017 19:41:00 GMT
=C2=A0 =C2=A0 =C2=A0 ETag: "b34aed893a4c"


Corrected Text
--------------
=C2=A0 =C2=A0 =C2=A0 PATCH /restconf/data/example-jukebox:jukebox/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 library/artist=3DFoo%20Fighters/album=3D= Wasting%20Light/\
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 genre HTTP/1.1
=C2=A0 =C2=A0 =C2=A0 Host: example.com
=C2=A0 =C2=A0 =C2=A0 If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Content-Type: application/yang-data+json

=C2=A0 =C2=A0 =C2=A0 { "example-jukebox:genre" : "example-ju= kebox:alternative" }

=C2=A0 =C2=A0In this example, the datastore resource has changed since the = time
=C2=A0 =C2=A0specified in the "If-Unmodified-Since" header.=C2=A0= The server might
=C2=A0 =C2=A0respond as follows:

=C2=A0 =C2=A0 =C2=A0 HTTP/1.1 412 Precondition Failed
=C2=A0 =C2=A0 =C2=A0 Date: Thu, 26 Jan 2017 20:56:30 GMT
=C2=A0 =C2=A0 =C2=A0 Server: example-server
=C2=A0 =C2=A0 =C2=A0 Last-Modified: Thu, 26 Jan 2017 20:57:10 GMT
=C2=A0 =C2=A0 =C2=A0 ETag: "b34aed893a4c"


Notes
-----
The date in the Last-Modified field of the response HTTP header should be g= reater than the date in the If-Unmodified-Since field of the request HTTP h= eader.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, ple= ase
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party=C2=A0
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8040 (draft-ietf-netconf-restconf-18)
--------------------------------------
Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: RESTCONF Prot= ocol
Publication Date=C2=A0 =C2=A0 : January 2017
Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: A. Bierman, M. Bjorklun= d, K. Watsen
Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED STANDARD
Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Network Configurat= ion
Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Operations an= d Management
Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IETF
Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
--00000000000031fe79059520a182-- From nobody Thu Oct 17 13:17:41 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B76B4120A2E for ; Thu, 17 Oct 2019 13:17:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ax7oE92SHZDK for ; Thu, 17 Oct 2019 13:17:36 -0700 (PDT) Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0100A120974 for ; Thu, 17 Oct 2019 13:17:36 -0700 (PDT) Received: by mail-lj1-x229.google.com with SMTP id f5so3881630ljg.8 for ; Thu, 17 Oct 2019 13:17:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=h0BbV77Y9/j/KgoAB+DYQ40x0aSryIGSdk/NKDfE8rk=; b=pGPFHU1jvXn0TlEgHKDesOwI9iUr7rSDynI9O/EBHLomx/u0AW2jJQENsm1tSJuoVG I4QRe4sl0WVK+muBbPq1C2UJwVnPYmhkqvTDQBiOhRgl2RIoYJwkGlXGu7A9GwzOOFCM kpUa7i+fd1wz/mg+QYuiGbNDJYbTZUaTzLYmGPVZDUHTXlN/jTXf1kfTaSJjrQY+l1QH ZDGgZ76AUTUmNjGCljGHWVZ7nW4E30Vvw5QdkdcDuSvv0NtE++cqwWuOO58KtHsagg1W RbLx2sWaWbNEOC8th+4i7+e1htj+ftZJTqF7JL5owcGSomJUQWwZijLYjj8jaJLCJpKO CuSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=h0BbV77Y9/j/KgoAB+DYQ40x0aSryIGSdk/NKDfE8rk=; b=W+YwDOhwavos6KGTI9fXg9e9AJSQbsPTsGBkgELK/zYZMEAy8m+5XaEGGc2LNrRTCh qz80J2QDgz0R/i2ODFDyLLUcg9qJxuHRO/Wnb71n01tXBLmOw5lCa80ZU996KFAPSCO/ SvsFuZVs+D5BYNmevEJKGAzcACX6dU21O7vGosPy1MxTRqBXPu37vKYco8WQqY+T2Hvl hkU7+pTIespeI0LhuPXta8RuroaqIP8TxaxndK1ct7iCyp709kCow0wScOS6xui4MExI 9+ngoSuQ28WgtxzcQBYW0mujllVu+PTThgrP2oMpeHPVgD2DZeJqrUv+zWs0NdYuOgxs W/7w== X-Gm-Message-State: APjAAAXlmcm+A0SRAu8VFFA1a3W+TjsIGD7v/ufg/7AqGKSA9zsLg13W AURTiQFBarajtmjlm1wBwuVscm0EZ/N8HhsatOw= X-Google-Smtp-Source: APXvYqyKOMs4HSomWGLZFUm1GH2XsGt3Yyk1jIlVt0D5RTxin6Q5kqU2+s+BuKkP9FkuvLrESLoFoTClKJT0KgiT+Bo= X-Received: by 2002:a2e:b4a8:: with SMTP id q8mr3680334ljm.106.1571343454266; Thu, 17 Oct 2019 13:17:34 -0700 (PDT) MIME-Version: 1.0 References: <20180906011251.C52D7B80E22@rfc-editor.org> In-Reply-To: <20180906011251.C52D7B80E22@rfc-editor.org> From: Ignas Bagdonas Date: Thu, 17 Oct 2019 21:17:22 +0100 Message-ID: To: RFC Errata System Cc: Andy Bierman , Martin Bjorklund , Kent Watsen , Warren Kumari , Mahesh Jethanandani , Qin Wu , netconf@ietf.org Content-Type: multipart/alternative; boundary="000000000000696bc2059520e829" Archived-At: Subject: Re: [netconf] [Editorial Errata Reported] RFC8040 (5493) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 20:17:40 -0000 --000000000000696bc2059520e829 Content-Type: text/plain; charset="UTF-8" This appears to be a name change that got missed starting from draft -14. Held for an update if no objections. On Thu, Sep 6, 2018 at 2:12 AM RFC Errata System wrote: > The following errata report has been submitted for RFC8040, > "RESTCONF Protocol". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5493 > > -------------------------------------- > Type: Editorial > Reported by: Qin Wu > > Section: 6 > > Original Text > ------------- > Note that the YANG definitions within this module do not > represent configuration data of any kind. > The 'restconf-media-type' YANG extension statement > provides a normative syntax for XML and JSON > message-encoding purposes. > > > > Corrected Text > -------------- > Note that the YANG definitions within this module do not > represent configuration data of any kind. > The yang-data extension statement > provides a normative syntax for XML and JSON > message-encoding purposes. > > > > Notes > ----- > The 'restconf-media-type' YANG extension has been replaced by more generic > yang-data extension. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8040 (draft-ietf-netconf-restconf-18) > -------------------------------------- > Title : RESTCONF Protocol > Publication Date : January 2017 > Author(s) : A. Bierman, M. Bjorklund, K. Watsen > Category : PROPOSED STANDARD > Source : Network Configuration > Area : Operations and Management > Stream : IETF > Verifying Party : IESG > --000000000000696bc2059520e829 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
This appears to be a name change that got missed star= ting from draft -14. Held for an update if no objections.

On Thu, Sep 6, 2018 at 2:12 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote:
The following erra= ta report has been submitted for RFC8040,
"RESTCONF Protocol".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5493

--------------------------------------
Type: Editorial
Reported by: Qin Wu <bill.wu@huawei.com>

Section: 6

Original Text
-------------
Note that the YANG definitions within this module do not
represent configuration data of any kind.
The 'restconf-media-type' YANG extension statement
provides a normative syntax for XML and JSON
message-encoding purposes.



Corrected Text
--------------
Note that the YANG definitions within this module do not
represent configuration data of any kind.
The yang-data extension statement
provides a normative syntax for XML and JSON
message-encoding purposes.



Notes
-----
The 'restconf-media-type' YANG extension has been replaced by more = generic yang-data extension.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, ple= ase
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party=C2=A0
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8040 (draft-ietf-netconf-restconf-18)
--------------------------------------
Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: RESTCONF Prot= ocol
Publication Date=C2=A0 =C2=A0 : January 2017
Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: A. Bierman, M. Bjorklun= d, K. Watsen
Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED STANDARD
Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Network Configurat= ion
Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Operations an= d Management
Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IETF
Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
--000000000000696bc2059520e829-- From nobody Fri Oct 18 06:25:39 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9E9120C87; Fri, 18 Oct 2019 06:25:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZeOkOicxSaP; Fri, 18 Oct 2019 06:25:35 -0700 (PDT) Received: from mta7.iomartmail.com (mta7.iomartmail.com [62.128.193.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F3A012002F; Fri, 18 Oct 2019 06:25:35 -0700 (PDT) Received: from vs3.iomartmail.com (vs3.iomartmail.com [10.12.10.124]) by mta7.iomartmail.com (8.14.4/8.14.4) with ESMTP id x9IDPAXr031061; Fri, 18 Oct 2019 14:25:11 +0100 Received: from vs3.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 65ABB2203A; Fri, 18 Oct 2019 14:25:10 +0100 (BST) Received: from asmtp3.iomartmail.com (unknown [10.12.10.224]) by vs3.iomartmail.com (Postfix) with ESMTPS id 504BF2203C; Fri, 18 Oct 2019 14:25:10 +0100 (BST) Received: from LAPTOPK7AS653V ([84.93.46.229]) (authenticated bits=0) by asmtp3.iomartmail.com (8.14.4/8.14.4) with ESMTP id x9IDP8iB000388 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 18 Oct 2019 14:25:09 +0100 Reply-To: From: "Adrian Farrel" To: "'Netconf'" Cc: "'Tianran Zhou'" , References: In-Reply-To: Date: Fri, 18 Oct 2019 14:25:09 +0100 Organization: Old Dog Consulting Message-ID: <004701d585b7$77941340$66bc39c0$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQJsx9lkK6eqNifg4Col2gu/KS3qoaYx3Ilw Content-Language: en-gb X-Originating-IP: 84.93.46.229 X-Thinkmail-Auth: adrian@olddog.co.uk X-TM-AS-GCONF: 00 X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-24984.007 X-TM-AS-Result: No--7.235-10.0-31-10 X-imss-scan-details: No--7.235-10.0-31-10 X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-24984.007 X-TMASE-Result: 10--7.234700-10.000000 X-TMASE-MatchedRID: scwq2vQP8OFor4mPA3EMtnFPUrVDm6jtekMgTOQbVFsL9Tj77wy87Bm2 jXxDuI1j1CqfekvKVrO4J/0rbWPtA7rHY8Lbk0RmOGJyJBH/4NClAfiiC1VA/dq5ITwZnenBYEk tmBDrF/2vPQm+Ju9w8CE7Yfg4CIx8vpqBrThv61PIAZuQZThlLjVfUuzvrtym+S5C/08hWc0jqj dFusfoJFNeWceWn9+J+9AI+LLwgRy/WXZS/HqJ2ioocBHeIeWltHIYYgLGbjZQSFbL1bvQAXnN0 DN7HnFmRaUDfajEjoajXJVYXPO/5NEED0HThFyour4rr/COzi2rfBIxBakiIZRMZUCEHkRt X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0 Archived-At: Subject: Re: [netconf] New Version Notification for draft-zhou-netconf-multi-stream-originators-07.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 13:25:38 -0000 Hi all, Thanks for the update, Tianran. IIRC (and the minutes seem to support this) there was an intention to = adopt this work. There was also suggestion of a DT to push it forward. What's the plan? Thanks, Adrian > We just updated the draft on Subscription to Multiple Stream = Originators. > In this revision, we made change on: > 1. Remove the IoT use case based on the feedback from IETF105 meeting. > 2. Revise examples and add call flows. > 3. Add discussion on Publisher Configurations in section 8. > > Any comment and feedback is welcome. From nobody Fri Oct 18 08:03:32 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0CF21202DD for ; Fri, 18 Oct 2019 08:03:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dRKNRlNTPQOo for ; Fri, 18 Oct 2019 08:03:25 -0700 (PDT) Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 980E9120CB3 for ; Fri, 18 Oct 2019 08:03:24 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id m7so6586693lji.2 for ; Fri, 18 Oct 2019 08:03:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MusNR0sbuxs2wm3VUD1RvTyaBQ2Emhv9vTjSeyIIFPo=; b=JtEzqimZHBEFuk83pmI/vbVYO3zGwpN1sW2MBpKj5nY4gCKOVAc/YK7xD1G8nfMew+ iqNoOzM3D/blJ6v6VtJ5mfUj+Vw5PYQyYJSe0aj5i8bYNL+Pk6FUZ0If5g75/kImQ3XA 3LASWmf66RHtCDWVXWzGvHhnmskT68ZtuStGnPXX8zcOMPLMbsAHnNZLM5nPLyeLvFur 7Fc5rFkcFZTh7yhzxUjQTU2WVd+tclPw/WXW/EhT/T5ixZ15Q/r2RK+74fzstucslo58 PF4WJ4BcuotyPUdPkp0M0kYEXXdXEWIpqaWKpdFKFZxPyStvz3pfZvjZNF5I1+U2+d7G zp6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MusNR0sbuxs2wm3VUD1RvTyaBQ2Emhv9vTjSeyIIFPo=; b=jxBRTCFYdwhhGjzS2BvscaZ1zmwue2pIkPRwLg8x8VTQtVvj6swcVifVfe03EAJ7Ze T13/MKDFuZDWyNZPUxD5tjrA42tkFF2sC0Hsbr824cuInLIZnBXNtx20J9R62WTQA01e ZR++kEmOv6vcfKseQPSoJ78iGB9C5jltq7EoRfeUOKYRoMtIwWUZuy2UWMQBArzO5AX8 5tpDkvwRnRCZDABeZLcVIQj3QY6cflDSOqmElWaJQmFvI3krEdO16+pfk5AD/toSf1VC A+GCDA2fyzFmu0w8wNbBhfOVN+gDkxTEMWA5aSfPrcYSHrC2LyPAdDyDeJj50m1ntPBn +ePQ== X-Gm-Message-State: APjAAAVvG425TOWcF67Zk+hP8IbIlbm+oKQkuWZf0F/g6sAmOFGye/uy KHOex4KEAwn/of305SGvZrl5ao2qufTi+UUQsEM= X-Google-Smtp-Source: APXvYqy/XlEZcuGdAtJFTwydQc+1Z9T5eZ0k0sovG2BdLPdRtq+YchuBdVDm00RVZbN2QoneYN2XkrOPTRzQPOdqG0w= X-Received: by 2002:a2e:b4a8:: with SMTP id q8mr6489462ljm.106.1571411002291; Fri, 18 Oct 2019 08:03:22 -0700 (PDT) MIME-Version: 1.0 References: <20181203.104808.838283353261944785.mbj@tail-f.com> <20181218.124653.2050609264975088634.mbj@tail-f.com> In-Reply-To: <20181218.124653.2050609264975088634.mbj@tail-f.com> From: Ignas Bagdonas Date: Fri, 18 Oct 2019 16:03:10 +0100 Message-ID: To: Martin Bjorklund Cc: Qin Wu , RFC Errata System , Andy Bierman , Kent Watsen , Warren Kumari , Mahesh Jethanandani , netconf@ietf.org Content-Type: multipart/alternative; boundary="000000000000967cf7059530a225" Archived-At: Subject: Re: [netconf] [Technical Errata Reported] RFC8040 (5565) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 15:03:28 -0000 --000000000000967cf7059530a225 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Let's split the discussion into two parts - 8040 and 8072. For RFC 8072 a separate errata would need to be raised. Or likely a document on error handling clarifications, or a -bis to a base document. For RFC 8040 section 7 status codes, it does not appear to be practical to require full equivalence of protocol semantics and error handling between 8040 and 6241 at the cost of additional ambiguities and complexity. What might be of value is to look at the existing implementations and how do they treat such error cases, and publish either an implementation recommendation document, or a -bis for a base specification. Errata is not a suitable mechanism for this. Rejected if no objections? On Tue, Dec 18, 2018 at 11:46 AM Martin Bjorklund wrote: > Qin Wu wrote: > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Martin Bjorklund [mailto:mbj@tail-f.com] > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2018=E5=B9=B412=E6=9C=883=E6=97= =A5 17:48 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu > > =E6=8A=84=E9=80=81: rfc-editor@rfc-editor.org; andy@yumaworks.com; kwat= sen@juniper.net; > ibagdona@gmail.com; warren@kumari.net; mjethanandani@gmail.com; > netconf@ietf.org > > =E4=B8=BB=E9=A2=98: Re: [Technical Errata Reported] RFC8040 (5565) > > > > Qin Wu wrote: > > > See data-missing definition in RFC6241: > > > " > > > error-tag: data-missing > > > error-type: application > > > error-severity: error > > > error-info: none > > > Description: Request could not be completed because the relevan= t > > > data model content does not exist. For example, > > > a "delete" operation was attempted on > > > data that does not exist. > > > > > > " > > > And status code 409 definition in RFC7231 " > > > 6.5.8. 409 Conflict > > > > > > The 409 (Conflict) status code indicates that the request could no= t > > > be completed due to a conflict with the current state of the targe= t > > > resource. This code is used in situations where the user might be > > > able to resolve the conflict and resubmit the request. The server > > > SHOULD generate a payload that includes enough information for a > user > > > to recognize the source of the conflict. > > > > > > 6.5.4. 404 Not Found > > > > > > The 404 (Not Found) status code indicates that the origin server d= id > > > not find a current representation for the target resource or is no= t > > > willing to disclose that one exists. A 404 status code does not > > > indicate whether this lack of representation is temporary or > > > permanent; the 410 (Gone) status code is preferred over 404 if the > > > origin server knows, presumably through some configurable means, > that > > > the condition is likely to be permanent. > > > > > > " > > > Which make me feel data missing is more related to 404 instead of 409= . > Wrong? > > > > 404 means that *the requested resource* doesn't exist. > > > > The example "delete" operation in 6241 refers to an edit-config with > operation "delete". The corresponding RESTCONF operation is "delete" > > within a YANG PATCH. In this case, the requested resource exists, so a > 404 would not be correct. > > > > So there are certainly cases where "data-missing" does not mean 404. > > > > But I guess there are also cases where "data-missing" will actually > correspond to a 404. For example an edit-config that just tries to delet= e > a non-existing node will be a "data-missing", and if the corresponding > RESTCONF request is a DELETE on the resource, it will be > > 404 - but if the corresponding RESTCONF request is a YANG PATCH with a > "delete" edit, it will be 409. > > > > > > So, maybe the proper fix is > > > > | data-missing | 404, 409 | > > > > [Qin]: Tend to agree, but YANG patch supporting the ability to delete > child resources defined in RFC8072 also support return 404, > > See section 2.2 of RFC8072: > > " > > If the edit does not identify > > any existing resource instance and the operation for the edit is not > > "create", then the request MUST NOT be processed and a "404 Not > > Found" error response MUST be sent by the server. > > " > > This seems to be an error. RFC 5789 (HTTP PATCH) has this: > > Conflicting state: Can be specified with a 409 (Conflict) status > code when the request cannot be applied given the state of the > resource. For example, if the client attempted to apply a > structural modification and the structures assumed to exist did > not exist (with XML, a patch might specify changing element 'foo' > to element 'bar' but element 'foo' might not exist). > > > /martin > > > > > > > /martin > > > > > > > > > > > > -Qin > > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Martin Bjorklund [mailto:mbj@tail-f.com] > > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2018=E5=B9=B412=E6=9C=883=E6=97= =A5 16:54 > > > =E6=94=B6=E4=BB=B6=E4=BA=BA: rfc-editor@rfc-editor.org > > > =E6=8A=84=E9=80=81: andy@yumaworks.com; kwatsen@juniper.net; ibagdona= @gmail.com; > > > warren@kumari.net; mjethanandani@gmail.com; Qin Wu; netconf@ietf.org > > > =E4=B8=BB=E9=A2=98: Re: [Technical Errata Reported] RFC8040 (5565) > > > > > > Hi, > > > > > > I don't think this errata should be accepted. 404 means that the > requested resource doesn't exist, but "data-missing" can be returned e.g. > if you try to patch an existing resource of type leafref to point to a > non-existing leaf. > > > > > > > > > /martin > > > > > > > > > RFC Errata System wrote: > > > > The following errata report has been submitted for RFC8040, > > > > "RESTCONF Protocol". > > > > > > > > -------------------------------------- > > > > You may review the report below and at: > > > > http://www.rfc-editor.org/errata/eid5565 > > > > > > > > -------------------------------------- > > > > Type: Technical > > > > Reported by: Qin Wu > > > > > > > > Section: 7 > > > > > > > > Original Text > > > > ------------- > > > > +-------------------------+------------------+ > > > > | error-tag | status code | > > > > +-------------------------+------------------+ > > > > | in-use | 409 | > > > > | lock-denied | 409 | > > > > | resource-denied | 409 | > > > > | data-exists | 409 | > > > > | data-missing | 409 | > > > > > > > > > > > > Corrected Text > > > > -------------- > > > > +-------------------------+------------------+ > > > > | error-tag | status code | > > > > +-------------------------+------------------+ > > > > | in-use | 409 | > > > > | lock-denied | 409 | > > > > | resource-denied | 409 | > > > > | data-exists | 409 | > > > > | data-missing | 404 | > > > > > > > > > > > > Notes > > > > ----- > > > > The data missing should be mapped to status code '404' > instead of '409' to get consistent with the defintion of data-missing in > RFC6241. > > > > > > > > Instructions: > > > > ------------- > > > > This erratum is currently posted as "Reported". If necessary, pleas= e > > > > use "Reply All" to discuss whether it should be verified or rejecte= d. > > > > When a decision is reached, the verifying party can log in to chang= e > > > > the status and edit the report, if necessary. > > > > > > > > -------------------------------------- > > > > RFC8040 (draft-ietf-netconf-restconf-18) > > > > -------------------------------------- > > > > Title : RESTCONF Protocol > > > > Publication Date : January 2017 > > > > Author(s) : A. Bierman, M. Bjorklund, K. Watsen > > > > Category : PROPOSED STANDARD > > > > Source : Network Configuration > > > > Area : Operations and Management > > > > Stream : IETF > > > > Verifying Party : IESG > > > > > --000000000000967cf7059530a225 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Let's split the discussion into two parts - 8040 = and 8072.

For RFC 8072 a separate errata woul= d need to be raised. Or likely a document on error handling clarifications,= or a -bis to a base document.

For RFC 8040 s= ection 7 status codes, it does not appear to be practical to require full e= quivalence of protocol semantics and error handling between 8040 and 6241 a= t the cost of additional ambiguities and complexity. What might be of value= is to look at the existing implementations and how do they treat such erro= r cases, and publish either an implementation recommendation document, or a= -bis for a base specification. Errata is not a suitable mechanism for this= .

Rejected if no objections?
<= br>




On Tue, Dec 18, 2018= at 11:46 AM Martin Bjorklund <mbj@tai= l-f.com> wrote:
Qin Wu <b= ill.wu@huawei.com> wrote:
> -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> =E5=8F=91=E4=BB=B6=E4=BA=BA: Martin Bjorklund [mailto:mbj@tail-f.com]
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2018=E5=B9=B412=E6=9C=883=E6=97= =A5 17:48
> =E6=94=B6=E4=BB=B6=E4=BA=BA: Qin Wu
> =E6=8A=84=E9=80=81: rfc-editor@rfc-editor.org; andy@yumaworks.com; kwatsen@juniper.net; ibagdona@gmail.com; warren@kumari.net; mjethanandani@gmail.com; netconf@ietf.org<= /a>
> =E4=B8=BB=E9=A2=98: Re: [Technical Errata Reported] RFC8040 (5565)
>
> Qin Wu <bil= l.wu@huawei.com> wrote:
> > See data-missing definition in RFC6241:
> > "
> >=C2=A0 =C2=A0 error-tag:=C2=A0 =C2=A0 =C2=A0 data-missing
> >=C2=A0 =C2=A0 error-type:=C2=A0 =C2=A0 =C2=A0application
> >=C2=A0 =C2=A0 error-severity: error
> >=C2=A0 =C2=A0 error-info:=C2=A0 =C2=A0 =C2=A0none
> >=C2=A0 =C2=A0 Description:=C2=A0 =C2=A0 Request could not be compl= eted because the relevant
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 data model content does not exist.=C2=A0 For example,
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 a "delete" operation was attempted on
> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 data that does not exist.
> >
> > "
> > And status code 409 definition in RFC7231 "
> > 6.5.8.=C2=A0 409 Conflict
> >
> >=C2=A0 =C2=A0 The 409 (Conflict) status code indicates that the re= quest could not
> >=C2=A0 =C2=A0 be completed due to a conflict with the current stat= e of the target
> >=C2=A0 =C2=A0 resource.=C2=A0 This code is used in situations wher= e the user might be
> >=C2=A0 =C2=A0 able to resolve the conflict and resubmit the reques= t.=C2=A0 The server
> >=C2=A0 =C2=A0 SHOULD generate a payload that includes enough infor= mation for a user
> >=C2=A0 =C2=A0 to recognize the source of the conflict.
> >
> > 6.5.4.=C2=A0 404 Not Found
> >
> >=C2=A0 =C2=A0 The 404 (Not Found) status code indicates that the o= rigin server did
> >=C2=A0 =C2=A0 not find a current representation for the target res= ource or is not
> >=C2=A0 =C2=A0 willing to disclose that one exists.=C2=A0 A 404 sta= tus code does not
> >=C2=A0 =C2=A0 indicate whether this lack of representation is temp= orary or
> >=C2=A0 =C2=A0 permanent; the 410 (Gone) status code is preferred o= ver 404 if the
> >=C2=A0 =C2=A0 origin server knows, presumably through some configu= rable means, that
> >=C2=A0 =C2=A0 the condition is likely to be permanent.
> >
> > "
> > Which make me feel data missing is more related to 404 instead of= 409. Wrong?
>
> 404 means that *the requested resource* doesn't exist.
>
> The example "delete" operation in 6241 refers to an edit-con= fig with operation "delete".=C2=A0 The corresponding RESTCONF ope= ration is "delete"
> within a YANG PATCH.=C2=A0 In this case, the requested resource exists= , so a 404 would not be correct.
>
> So there are certainly cases where "data-missing" does not m= ean 404.
>
> But I guess there are also cases where "data-missing" will a= ctually correspond to a 404.=C2=A0 For example an edit-config that just tri= es to delete a non-existing node will be a "data-missing", and if= the corresponding RESTCONF request is a DELETE on the resource, it will be=
> 404 - but if the corresponding RESTCONF request is a YANG PATCH with a= "delete" edit, it will be 409.
>
>
> So, maybe the proper fix is
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | data-missing= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 404, 409=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0|
>
> [Qin]: Tend to agree, but YANG patch supporting the ability to delete = child resources defined in RFC8072 also support return 404,
> See section 2.2 of RFC8072:
> "
>=C2=A0 =C2=A0 If the edit does not identify
>=C2=A0 =C2=A0 any existing resource instance and the operation for the = edit is not
>=C2=A0 =C2=A0 "create", then the request MUST NOT be processe= d and a "404 Not
>=C2=A0 =C2=A0 Found" error response MUST be sent by the server. > "

This seems to be an error.=C2=A0 RFC 5789 (HTTP PATCH) has this:

=C2=A0 =C2=A0Conflicting state:=C2=A0 Can be specified with a 409 (Conflict= ) status
=C2=A0 =C2=A0 =C2=A0 code when the request cannot be applied given the stat= e of the
=C2=A0 =C2=A0 =C2=A0 resource.=C2=A0 For example, if the client attempted t= o apply a
=C2=A0 =C2=A0 =C2=A0 structural modification and the structures assumed to = exist did
=C2=A0 =C2=A0 =C2=A0 not exist (with XML, a patch might specify changing el= ement 'foo'
=C2=A0 =C2=A0 =C2=A0 to element 'bar' but element 'foo' mig= ht not exist).


/martin



>
> /martin
>
>
>
> >
> > -Qin
> > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6-----
> > =E5=8F=91=E4=BB=B6=E4=BA=BA: Martin Bjorklund [mailto:mbj@tail-f.com]
> > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2018=E5=B9=B412=E6=9C=883= =E6=97=A5 16:54
> > =E6=94=B6=E4=BB=B6=E4=BA=BA: rfc-editor@rfc-editor.org
> > =E6=8A=84=E9=80=81: andy@yumaworks.com; kwatsen@juniper.net; ibagdona@gmail.com;
> > warren@kum= ari.net; m= jethanandani@gmail.com; Qin Wu; netconf@ietf.org
> > =E4=B8=BB=E9=A2=98: Re: [Technical Errata Reported] RFC8040 (5565= )
> >
> > Hi,
> >
> > I don't think this errata should be accepted.=C2=A0 404 means= that the requested resource doesn't exist, but "data-missing"= ; can be returned e.g. if you try to patch an existing resource of type lea= fref to point to a non-existing leaf.
> >
> >
> > /martin
> >
> >
> > RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> > > The following errata report has been submitted for RFC8040, =
> > > "RESTCONF Protocol".
> > >
> > > --------------------------------------
> > > You may review the report below and at:
> > > http://www.rfc-editor.org/errata/eid5565<= br> > > >
> > > --------------------------------------
> > > Type: Technical
> > > Reported by: Qin Wu <bill.wu@huawei.com>
> > >
> > > Section: 7
> > >
> > > Original Text
> > > -------------
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+-----= --------------------+------------------+
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| erro= r-tag=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| status code= =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+-----= --------------------+------------------+
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| in-u= se=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 409=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| lock= -denied=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| reso= urce-denied=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| data= -exists=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| data= -missing=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 409=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >
> > >
> > > Corrected Text
> > > --------------
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+-----= --------------------+------------------+
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| erro= r-tag=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| status code= =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+-----= --------------------+------------------+
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| in-u= se=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 409=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| lock= -denied=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| reso= urce-denied=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| data= -exists=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 409=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| data= -missing=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | 404=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> > >
> > >
> > > Notes
> > > -----
> > > The <error-tag> data missing should be mapped to statu= s code '404' instead of '409' to get consistent with the de= fintion of data-missing in RFC6241.
> > >
> > > Instructions:
> > > -------------
> > > This erratum is currently posted as "Reported". If= necessary, please
> > > use "Reply All" to discuss whether it should be ve= rified or rejected.
> > > When a decision is reached, the verifying party can log in t= o change
> > > the status and edit the report, if necessary.
> > >
> > > --------------------------------------
> > > RFC8040 (draft-ietf-netconf-restconf-18)
> > > --------------------------------------
> > > Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= : RESTCONF Protocol
> > > Publication Date=C2=A0 =C2=A0 : January 2017
> > > Author(s)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: A. Bierm= an, M. Bjorklund, K. Watsen
> > > Category=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : PROPOSED= STANDARD
> > > Source=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Net= work Configuration
> > > Area=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = : Operations and Management
> > > Stream=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : IET= F
> > > Verifying Party=C2=A0 =C2=A0 =C2=A0: IESG
> > >
--000000000000967cf7059530a225-- From nobody Fri Oct 18 11:34:29 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497EF120926; Fri, 18 Oct 2019 11:34:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9SmMe5hXGDl; Fri, 18 Oct 2019 11:34:18 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65D031208C0; Fri, 18 Oct 2019 11:34:18 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id CB50FB80CB2; Fri, 18 Oct 2019 11:34:13 -0700 (PDT) To: jonathan@hansfords.net, rob.enns@gmail.com, mbj@tail-f.com, j.schoenwaelder@jacobs-university.de, andy@yumaworks.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191018183413.CB50FB80CB2@rfc-editor.org> Date: Fri, 18 Oct 2019 11:34:13 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Verified] RFC6241 (5388) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 18:34:21 -0000 The following errata report has been verified for RFC6241, "Network Configuration Protocol (NETCONF)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5388 -------------------------------------- Status: Verified Type: Technical Reported by: Jonathan Hansford Date Reported: 2018-06-11 Verified by: Ignas Bagdonas (IESG) Section: 8.3.4.2 Original Text ------------- 8.3.4.2. If the client decides that the candidate configuration is not to be committed, the operation can be used to revert the candidate configuration to the current running configuration. This operation discards any uncommitted changes by resetting the candidate configuration with the content of the running configuration. Corrected Text -------------- 8.3.4.2. Description: If the client decides that the candidate configuration is not to be committed, the operation can be used to revert the candidate configuration to the current running configuration. This operation discards any uncommitted changes by resetting the candidate configuration with the content of the running configuration. Positive Response: If the device was able to satisfy the request, an is sent that contains an element. Negative Response: An element is included in the if the request cannot be completed for any reason. Example: Notes ----- RFC 6241 section 1.1 includes the following two definitions: o protocol operation: A specific remote procedure call, as used within the NETCONF protocol. o remote procedure call (RPC): Realized by exchanging and messages. Positive and negative responses are detailed for all instances of an operation within the RFC with the exception of . Section 8.3.4.2 identifies as an operation, and appendices A and C identify "rollback-failed" as an error-tag to be used when the "Request to roll back some configuration change (via rollback-on-error or operations) was not completed for some reason." This change clarifies that requires an . -------------------------------------- RFC6241 (draft-ietf-netconf-4741bis-10) -------------------------------------- Title : Network Configuration Protocol (NETCONF) Publication Date : June 2011 Author(s) : R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. Bierman, Ed. Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Fri Oct 18 12:39:30 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35B1120817; Fri, 18 Oct 2019 12:39:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dpx1reQtfom5; Fri, 18 Oct 2019 12:39:19 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E35991200DE; Fri, 18 Oct 2019 12:39:19 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 40FB3B80C3C; Fri, 18 Oct 2019 12:39:15 -0700 (PDT) To: rohitrranade@huawei.com, rob.enns@gmail.com, mbj@tail-f.com, j.schoenwaelder@jacobs-university.de, andy@yumaworks.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191018193915.40FB3B80C3C@rfc-editor.org> Date: Fri, 18 Oct 2019 12:39:15 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Held for Document Update] RFC6241 (5401) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 19:39:22 -0000 The following errata report has been held for document update for RFC6241, "Network Configuration Protocol (NETCONF)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5401 -------------------------------------- Status: Held for Document Update Type: Technical Reported by: Rohit R Ranade Date Reported: 2018-06-21 Held by: Ignas Bagdonas (IESG) Section: 8.9.1 Original Text ------------- The XPath expression MUST return a node set. If it does not return a node set, the operation fails with an "invalid-value" error. Corrected Text -------------- The XPath expression MUST return a node set. If it does not return a node set, the operation fails with an value of "invalid-value". Notes ----- It is unclear what is the meaning of "invalid-value" "error". Since the xpath will be part of "select" attribute, we can assume that a server can return a "bad-attribute" error-tag and having error-message indicating invalid-value for the attribute. This clarifies the to be used in such cases. In other places, where error-tag has been mentioned, it is clear that "invalid-value" must be used. -------------------------------------- RFC6241 (draft-ietf-netconf-4741bis-10) -------------------------------------- Title : Network Configuration Protocol (NETCONF) Publication Date : June 2011 Author(s) : R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. Bierman, Ed. Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Fri Oct 18 13:35:58 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70D24120959; Fri, 18 Oct 2019 13:35:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMILnuI55mPA; Fri, 18 Oct 2019 13:35:54 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98B93120804; Fri, 18 Oct 2019 13:35:54 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id F110CB808FF; Fri, 18 Oct 2019 13:35:49 -0700 (PDT) To: jnatale@juniper.net, rob.enns@gmail.com, mbj@tail-f.com, j.schoenwaelder@jacobs-university.de, andy@yumaworks.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191018203549.F110CB808FF@rfc-editor.org> Date: Fri, 18 Oct 2019 13:35:49 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC6241 (5443) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 20:35:56 -0000 The following errata report has been rejected for RFC6241, "Network Configuration Protocol (NETCONF)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5443 -------------------------------------- Status: Rejected Type: Editorial Reported by: Jonathan Natale Date Reported: 2018-07-27 Rejected by: Ignas Bagdonas (IESG) Section: 4.4 Original Text ------------- The element is sent in messages if no errors or warnings occurred during the processing of an request, and no data was returned from the operation. Corrected Text -------------- The element is sent in messages if and only if no errors or warnings occurred during the processing of an request, and no data was returned from the operation. Notes ----- I have been informed that an element should not include any errors or warnings, even in the event of the associated operation completing because the error's severity was only at warning level). --VERIFIER NOTES-- Rejected based on WG mailing list discussion: https://mailarchive.ietf.org/arch/msg/netconf/nQYVm8sm5pZamtRAIhbcB9cOuos -------------------------------------- RFC6241 (draft-ietf-netconf-4741bis-10) -------------------------------------- Title : Network Configuration Protocol (NETCONF) Publication Date : June 2011 Author(s) : R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. Bierman, Ed. Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Fri Oct 18 14:06:14 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 48D4C1208CD; Fri, 18 Oct 2019 14:06:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143276721.3996.6359315129394232826@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:06:07 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-crypto-types-11.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:06:07 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : Common YANG Data Types for Cryptography Authors : Kent Watsen Wang Haiguang Filename : draft-ietf-netconf-crypto-types-11.txt Pages : 66 Date : 2019-10-18 Abstract: This document defines YANG identities, typedefs, the groupings useful for cryptographic applications. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-crypto-types/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-crypto-types-11 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-crypto-types-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-crypto-types-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:32:00 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A5B8D120074; Fri, 18 Oct 2019 14:31:52 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143431259.3973.16777087220048193967@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:31:52 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-trust-anchors-06.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:31:53 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : A YANG Data Model for a Truststore Author : Kent Watsen Filename : draft-ietf-netconf-trust-anchors-06.txt Pages : 18 Date : 2019-10-18 Abstract: This document defines a YANG 1.1 data model for configuring global sets of X.509 certificates and SSH host-keys that can be referenced by other data models for trust. While the SSH host-keys are uniquely for the SSH protocol, the X.509 certificates may have multiple uses, including authenticating protocol peers and verifying signatures. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "XXXX" --> the assigned RFC value for this draft o "YYYY" --> the assigned RFC value for draft-ietf-netconf-crypto- types Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-10-18" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix A. Change Log The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-trust-anchors/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-trust-anchors-06 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-trust-anchors-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-trust-anchors-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:34:48 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EC6F1200B6; Fri, 18 Oct 2019 14:34:41 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143448157.4000.14552309086064230659@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:34:41 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-keystore-13.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:34:42 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : A YANG Data Model for a Keystore Author : Kent Watsen Filename : draft-ietf-netconf-keystore-13.txt Pages : 38 Date : 2019-10-18 Abstract: This document defines a YANG 1.1 module called "ietf-keystore" that enables centralized configuration of both symmetric and asymmetric keys. The secret value for both key types may be encrypted. Asymmetric keys may be associated with certificates. Notifications are sent when certificates are about to expire. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-keystore/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-keystore-13 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-keystore-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-keystore-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:37:26 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F001200B5; Fri, 18 Oct 2019 14:37:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143464315.3928.4269275531788641004@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:37:23 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-tcp-client-server-03.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:37:23 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG Groupings for TCP Clients and TCP Servers Authors : Kent Watsen Michael Scharf Filename : draft-ietf-netconf-tcp-client-server-03.txt Pages : 19 Date : 2019-10-18 Abstract: This document defines three YANG modules: the first defines a grouping for configuring a generic TCP client, the second defines a grouping for configuring a generic TCP server, and the third defines a grouping common to the TCP clients and TCP servers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-tcp-client-server/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-tcp-client-server-03 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-tcp-client-server-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-tcp-client-server-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:39:47 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A0E1200B5; Fri, 18 Oct 2019 14:39:40 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143478054.3858.9042526399048912776@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:39:40 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-ssh-client-server-15.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:39:41 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG Groupings for SSH Clients and SSH Servers Authors : Kent Watsen Gary Wu Liang Xia Filename : draft-ietf-netconf-ssh-client-server-15.txt Pages : 48 Date : 2019-10-18 Abstract: This document defines three YANG modules: the first defines groupings for a generic SSH client, the second defines groupings for a generic SSH server, and the third defines common identities and groupings used by both the client and the server. It is intended that these groupings will be used by applications using the SSH protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-ssh-client-server/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-ssh-client-server-15 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-ssh-client-server-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-ssh-client-server-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:43:39 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC7E1200B6; Fri, 18 Oct 2019 14:43:32 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143501232.3893.8166738353535286806@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:43:32 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-tls-client-server-15.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:43:32 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG Groupings for TLS Clients and TLS Servers Authors : Kent Watsen Gary Wu Liang Xia Filename : draft-ietf-netconf-tls-client-server-15.txt Pages : 46 Date : 2019-10-18 Abstract: This document defines three YANG modules: the first defines groupings for a generic TLS client, the second defines groupings for a generic TLS server, and the third defines common identities and groupings used by both the client and the server. It is intended that these groupings will be used by applications using the TLS protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-tls-client-server/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-tls-client-server-15 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-tls-client-server-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-tls-client-server-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:48:56 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C53120074; Fri, 18 Oct 2019 14:48:49 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143532939.3964.13132602014199312732@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:48:49 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-netconf-client-server-15.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:48:49 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : NETCONF Client and Server Models Author : Kent Watsen Filename : draft-ietf-netconf-netconf-client-server-15.txt Pages : 82 Date : 2019-10-18 Abstract: This document defines two YANG modules, one module to configure a NETCONF client and the other module to configure a NETCONF server. Both modules support both the SSH and TLS transport protocols, and support both standard NETCONF and NETCONF Call Home connections. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. This document contains references to other drafts in progress, both in the Normative References section, as well as in body text throughout. Please update the following references to reflect their final RFC assignments: o I-D.ietf-netconf-keystore o I-D.ietf-netconf-tcp-client-server o I-D.ietf-netconf-ssh-client-server o I-D.ietf-netconf-tls-client-server Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "XXXX" --> the assigned RFC value for this draft o "AAAA" --> the assigned RFC value for I-D.ietf-netconf-tcp-client- server o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-ssh-client- server o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-tls-client- server Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-10-18" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix B. Change Log The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-netconf-client-server/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-netconf-client-server-15 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-netconf-client-server-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-netconf-client-server-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 14:51:35 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E79C9120074; Fri, 18 Oct 2019 14:51:27 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157143548785.3996.15080883418460842432@ietfa.amsl.com> Date: Fri, 18 Oct 2019 14:51:27 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-restconf-client-server-15.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 21:51:28 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : RESTCONF Client and Server Models Author : Kent Watsen Filename : draft-ietf-netconf-restconf-client-server-15.txt Pages : 67 Date : 2019-10-18 Abstract: This document defines two YANG modules, one module to configure a RESTCONF client and the other module to configure a RESTCONF server. Both modules support the TLS transport protocol with both standard RESTCONF and RESTCONF Call Home connections. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. This document contains references to other drafts in progress, both in the Normative References section, as well as in body text throughout. Please update the following references to reflect their final RFC assignments: o I-D.ietf-netconf-keystore o I-D.ietf-netconf-tcp-client-server o I-D.ietf-netconf-tls-client-server o I-D.ietf-netconf-http-client-server Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "XXXX" --> the assigned RFC value for this draft o "AAAA" --> the assigned RFC value for I-D.ietf-netconf-tcp-client- server o "BBBB" --> the assigned RFC value for I-D.ietf-netconf-tls-client- server o "CCCC" --> the assigned RFC value for I-D.ietf-netconf-http- client-server Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-10-18" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix B. Change Log The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-restconf-client-server/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-restconf-client-server-15 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-restconf-client-server-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-restconf-client-server-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Oct 18 15:27:56 2019 Return-Path: <0100016de0fbf0b3-98fbdb4a-8f25-44ed-b35b-b58a8912aad6-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D79AE120074 for ; Fri, 18 Oct 2019 15:27:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QBLVJ5FYt0Xp for ; Fri, 18 Oct 2019 15:27:52 -0700 (PDT) Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 165F7120046 for ; Fri, 18 Oct 2019 15:27:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571437670; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Message-Id:Date:Cc:To:Feedback-ID; bh=9qIDA8bKyjVPGlIGIJFy1Q7aid0KgXxIKHUtv6tRAA8=; b=a1PtsqT72uHZFSLsZTk6mejSJpmnYwfr24vCi73zYqHOG6Ls6q1IgO5VwwM1Ktsx 38TLyoHIn0Ck4j3U56q3nxibEr/yX2H1lIMeDCRfX3KJQpSAr/2VCN/8OTArw/cqWaY WuUVFP5ELEdVja79IYVEmSJ/RW99ua3eaZDlymiI= From: Kent Watsen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-ID: <0100016de0fbf0b3-98fbdb4a-8f25-44ed-b35b-b58a8912aad6-000000@email.amazonses.com> Date: Fri, 18 Oct 2019 22:27:50 +0000 Cc: "Scharf, Michael" , Wang Haiguang , Frank Xialiang To: "netconf@ietf.org" X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.18-54.240.8.96 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: [netconf] updates to the client/server suite of drafts X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2019 22:27:54 -0000 Below are the change-logs for the updates just posted. Not yet incorporated: 1. a resolution to the "algorithms" problem in the crypto-types draft. (IANA templates?) 2. an update to the Truststore draft to add support for PSK and raw keys. 3. an update to the Keystore draft to add support for PSK and raw keys. (Henk's response pending) 4. an update to the SSH and TLS drafts to reflect the final outcome to (1). Kent ===== change logs ===== crypto-types: - Added a "key-format" identity. - Added symmetric keys to the example in the Examples section. truststore: - Editorial changes only. keystore: - Updated examples to incorporate new "key-format" identities. - Made the two "generate-*-key" RPCs be "action" statements instead. tcp-client-server: (changes from co-author Micheal Scharf) - Moved the common model section to be before the client and server specific sections. - Added sections "Model Scope" and "Usage Guidelines for Configuring TCP Keep-Alives" to the Common Model section. ssh-client-server: - Updated examples to reflect ietf-crypto-types change (e.g., identities --> enumerations) - Updated "server-authentication" and "client-authentication" nodes from being a leaf of type "ts:host-keys-ref" or "ts:certificates-ref" to a container that uses "ts:local-or-truststore-host-keys-grouping" or "ts:local-or-truststore-certs-grouping". tls-client-server: - Updated "server-authentication" and "client-authentication" nodes from being a leaf of type "ts:certificates-ref" to a container that uses "ts:local-or-truststore-certs-grouping". - Note: this update needed by the TCPM WG. http-client-server: - in ietf-http-client, removed all but the "basic" authentication scheme. - in ietf-http-client, factored out a "client-identity-grouping" grouping, which is now used in both the primary and proxy configuration models. - in ietf-http-server under /client-authentication/local, added an ability to configure authentication credentials for the "basic" authentication scheme. - Note: this update was blocking the adoption call from before. netconf-client-server: - Refactored both the client and server modules similar to how the ietf-restconf-server module was refactored in -13 presented in Montreal. restconf-client-server: - Refactored both the client and server modules similar to how the ietf-restconf-server module was refactored in -13 presented in Montreal. - Added missing "or https-listen" clause in a "must" expression. Kent // contributor From nobody Sat Oct 19 07:31:33 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1DA12002F; Sat, 19 Oct 2019 07:31:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rs72nzxB3X-G; Sat, 19 Oct 2019 07:31:29 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61D1F120013; Sat, 19 Oct 2019 07:31:29 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 22111B80C7F; Sat, 19 Oct 2019 07:31:24 -0700 (PDT) To: jonathan@hansfords.net, rob.enns@gmail.com, mbj@tail-f.com, j.schoenwaelder@jacobs-university.de, andy@yumaworks.com X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191019143124.22111B80C7F@rfc-editor.org> Date: Sat, 19 Oct 2019 07:31:24 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC6241 (5596) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2019 14:31:31 -0000 The following errata report has been rejected for RFC6241, "Network Configuration Protocol (NETCONF)". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5596 -------------------------------------- Status: Rejected Type: Editorial Reported by: Jonathan Hansford Date Reported: 2019-01-09 Rejected by: Ignas Bagdonas (IESG) Section: 7.5 Original Text ------------- The duration of the lock is defined as beginning when the lock is acquired and lasting until either the lock is released or the NETCONF session closes. The session closure can be explicitly performed by the client, or implicitly performed by the server based on criteria such as failure of the underlying transport, simple inactivity timeout, or detection of abusive behavior on the part of the client. These criteria are dependent on the implementation and the underlying transport. Corrected Text -------------- The duration of the lock is defined as beginning when the lock is acquired and lasting until either the lock is released or the NETCONF session closes. The session closure can be explicitly performed by the client, or implicitly performed by the server based on criteria such as failure of the underlying transport, simple inactivity timeout, or detection of abusive behavior on the part of the client. These criteria are dependent on the implementation and the underlying transport. Note that a lock associated with a persistent confirmed commit will be released if the NETCONF session closes and, if required, a new lock will have to be acquired. Notes ----- A persistent confirmed commit can survive a session termination, however any lock on that same session cannot. If a new session is established between the client and server, the client will need to acquire new locks if it wishes to protect the ongoing persistent confirmed commit. --VERIFIER NOTES-- Rejected based on WG mailing list discussion: https://mailarchive.ietf.org/arch/msg/netconf/lNr91W5aK-abxDaqzadftjoE2Pg -------------------------------------- RFC6241 (draft-ietf-netconf-4741bis-10) -------------------------------------- Title : Network Configuration Protocol (NETCONF) Publication Date : June 2011 Author(s) : R. Enns, Ed., M. Bjorklund, Ed., J. Schoenwaelder, Ed., A. Bierman, Ed. Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Mon Oct 21 05:08:10 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 088C51200EB for ; Mon, 21 Oct 2019 05:08:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4-_r8JrrX-V for ; Mon, 21 Oct 2019 05:08:05 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 8475F120073 for ; Mon, 21 Oct 2019 05:08:05 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 09C031AE018A; Mon, 21 Oct 2019 14:08:03 +0200 (CEST) Date: Mon, 21 Oct 2019 14:07:35 +0200 (CEST) Message-Id: <20191021.140735.219423443110079719.mbj@tail-f.com> To: kent+ietf@watsen.net Cc: netconf@ietf.org, wang.haiguang.shieldlab@huawei.com From: Martin Bjorklund In-Reply-To: <0100016de0fbf0b3-98fbdb4a-8f25-44ed-b35b-b58a8912aad6-000000@email.amazonses.com> References: <0100016de0fbf0b3-98fbdb4a-8f25-44ed-b35b-b58a8912aad6-000000@email.amazonses.com> X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] updates to the client/server suite of drafts X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 12:08:07 -0000 Hi, Kent Watsen wrote: > ===== change logs ===== > > crypto-types: > > - Added a "key-format" identity. > - Added symmetric keys to the example in the Examples section. I note that the issue with the union of enum and uint16 is not resolved (see thread https://mailarchive.ietf.org/arch/msg/netconf/p8oBYkx7Ps7J8ATsqFslX4ApvWg) Also, there is no explanation of what a "key-format" really is. There are just a bunch of identities. /martin From nobody Mon Oct 21 09:39:42 2019 Return-Path: <0100016def3037d2-786844fa-da22-40de-a017-334b8382f005-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECA9F12010F for ; Mon, 21 Oct 2019 09:39:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcuNlOsoTB0r for ; Mon, 21 Oct 2019 09:39:39 -0700 (PDT) Received: from a8-32.smtp-out.amazonses.com (a8-32.smtp-out.amazonses.com [54.240.8.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E79B120108 for ; Mon, 21 Oct 2019 09:39:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571675977; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=9WDFzIA59SCnMBJFo6FbLB9kli7YF/ENlDw+t1zVyQI=; b=Kfze9feYK9PX8ujdw3qtlJpk4P3HhnZAIY3i7idK4la34ly5nHcwqygsj4/Twdjp 3GLSnkiHXSBx43I/pQGcrjvzxJOwVsALN+bBlv/hfyQZ8HyZSiCRC1gcrdZKt3Hs1GL orWAP01RBIjJqbyiR9YRp3D2JjcKmgAK5gNRpHvQ= From: Kent Watsen Message-ID: <0100016def3037d2-786844fa-da22-40de-a017-334b8382f005-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_B7D56481-6B23-4D0A-8015-CE0E01E68F4F" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 21 Oct 2019 16:39:37 +0000 In-Reply-To: <20191021.140735.219423443110079719.mbj@tail-f.com> Cc: "netconf@ietf.org" , wang.haiguang.shieldlab@huawei.com To: Martin Bjorklund References: <0100016de0fbf0b3-98fbdb4a-8f25-44ed-b35b-b58a8912aad6-000000@email.amazonses.com> <20191021.140735.219423443110079719.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.21-54.240.8.32 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] updates to the client/server suite of drafts X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 16:39:41 -0000 --Apple-Mail=_B7D56481-6B23-4D0A-8015-CE0E01E68F4F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Martin, Thanks for double-checking on such things. > I note that the issue with the union of enum and uint16 is not > resolved (see thread > = https://mailarchive.ietf.org/arch/msg/netconf/p8oBYkx7Ps7J8ATsqFslX4ApvWg)= Right, but tentative (pending the IANA template discussion) plan is = replace the enumeration with an identity, or perhaps a string. This was what was meant by: Not yet incorporated: 1. a resolution to the "algorithms" problem in the crypto-types draft. (IANA templates?) > Also, there is no explanation of what a "key-format" really is. > There are just a bunch of identities. Not completely true, for instance: leaf key-format { nacm:default-deny-write; when "../key"; type identityref { base symmetric-key-format; } description "Identifies the symmetric key's format."; } That said, if we choose to pursue this approach (using a "key-format" = leaf), we should add more detail to its definition to improve = understandability. Kent // contributor --Apple-Mail=_B7D56481-6B23-4D0A-8015-CE0E01E68F4F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Martin,

Thanks for = double-checking on such things.

I note that the issue with the union of enum and uint16 is = not
resolved (see thread
https://mailarchive.ietf.org/arch/msg/netconf/p8oBYkx7Ps7J8ATsq= FslX4ApvWg)

Right, but tentative (pending the IANA template = discussion) plan is replace the enumeration with an identity, or perhaps = a string.

This was what was meant = by:

Not yet incorporated:

=  1. a resolution to the "algorithms" problem in = the
=     crypto-types draft.  (IANA = templates?)



Also, there is no explanation of what a "key-format" really = is.
There are just a bunch of identities.

Not = completely true, for instance:

  =   leaf key-format {
    =   nacm:default-deny-write;
    =   when "../key";
    =   type identityref {
    =     base symmetric-key-format;
  =     }
    =   description "Identifies the symmetric key's = format.";
    }


That said, if we choose = to pursue this approach (using a "key-format" leaf), we should add more = detail to its definition to improve = understandability.


Kent // contributor

= --Apple-Mail=_B7D56481-6B23-4D0A-8015-CE0E01E68F4F-- From nobody Mon Oct 21 15:52:44 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B68212083B; Mon, 21 Oct 2019 15:52:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddlS_c06oAq1; Mon, 21 Oct 2019 15:52:42 -0700 (PDT) Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED82120018; Mon, 21 Oct 2019 15:52:42 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id q12so9338975pff.9; Mon, 21 Oct 2019 15:52:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=E4OnUPz69yTZLyoos+6p7JBnZgkq0U06GZZGU49obKU=; b=NP6bhVSlhXC20F2JwJNkFF8jNrPW53OT6pf3AjP15rDEU0TP+JHI3wqOJlRs6REvYz 6q2M+w4HUbYdaMqTx2BArTIkFLqRe9a9NwuzVp7Za/TrjEgm/w146d/LrqZtYpMuB/Qu aH53Cf+9IEBC7a2bEkYdsXt7mhBqhb/v/5cn/ZB8/RIGB+pQDKrfQfXBApdnyywMNB9n qGz0czJTU178k/KW666W/9XssUqM3D9GOxup3KvG1Wcmx2PE5CCyQRyxq/WiL7EZTYsh pGzXlTybPKbsO51/YXcAfUMA37hSQXRmKRzijD+iCuV/OS4Q3x9lwCUMNSeGGqire/f+ F3KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=E4OnUPz69yTZLyoos+6p7JBnZgkq0U06GZZGU49obKU=; b=e+YGENY3CvVrDuBTWbt7AK+Vz77lOsRnaIxH2/+LYf3u7DrPXgCi5L5UcCgkhs7h7m ru+COJ6NBTAjafIL2/J9CpjF0wtmnCJWxL8giqMYrxwc+O0xNAmYoXMB5eSzcESY83qC xjbMSFAdCcj1sEweC9LRb5xYja70PVvzBDLBiS+96Pw/66akucmE0HiTY9xzEvSxvXL7 nWd99I6FkFmhAFaK0G0hIoxtgM6oLW4YmD9gbr7iSSemtWmbfgNCG+ftGdSnSd7s+4Hp I7ybdRQPx7auHg9ImC70uGQHoNT6tIajt+6PImcjhhO30mJbd447zIY+l0DqizqDeKP1 nEMA== X-Gm-Message-State: APjAAAUySVFQxjVtIhOpwAqhLzgmbX1Nq8p6kUUu4xuTQyYooYAcmAR6 l+QAFkuBkwLwpVYn357arQoAKz7z X-Google-Smtp-Source: APXvYqxDPCJw3z4OO86r3cEbjIQcFh/aB90SEa6bscr9K9tiMQ744Rpe08s0JHTBj2ZwJ97Q6g82Ug== X-Received: by 2002:a65:5cc8:: with SMTP id b8mr320120pgt.38.1571698361367; Mon, 21 Oct 2019 15:52:41 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id d5sm15539722pjw.31.2019.10.21.15.52.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Oct 2019 15:52:40 -0700 (PDT) From: Mahesh Jethanandani Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Message-Id: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> Date: Mon, 21 Oct 2019 15:52:40 -0700 Cc: httpbis-chairs@ietf.org To: Netconf X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 22:52:43 -0000 Hi WG, The author has posted a -04 version of the draft, and believes that it = ready for WG adoption. This starts a 2 week poll ending on November 4, to decide whether this = document should be made a WG document or not. Please reply to this email = whether or not you support adoption of this draft by the WG. Indications = that the draft has been read will be also be appreciated. Thanks. Mahesh Jethanandani mjethanandani@gmail.com From nobody Mon Oct 21 16:35:03 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E15D4120A7A; Mon, 21 Oct 2019 16:35:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=o/7uuixf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=LAejHjzM Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i176njX1PU03; Mon, 21 Oct 2019 16:34:58 -0700 (PDT) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A25F12083B; Mon, 21 Oct 2019 16:34:58 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 8755C69B; Mon, 21 Oct 2019 19:34:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 21 Oct 2019 19:34:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=q d3ZtEQf5i/wkRG2/ehTQ5dsmQ30iySVn1zjOALh4H4=; b=o/7uuixf1U9T8QaD1 +MpaGV1j2oM5Ay8ysSpTsy6ibaslQHgwt33DdwbTQm35Biotm7qAXHtQe4hMDW7k 5T/HJph+j25ROJo08tPGayAp8TUxWcI9rkfB7/paMIicP2k7oVT05QYzBK9csUFl nE+R1fz8GrJSBd/rOzaPekZnYIXqY/dUSTaAneianixzGhMFs631czcECxxzjKGG huX3+YaqQGc02E4dG/niFxvIuIZSIFCM6hAG9mhMo32tgOZdxLF+tA/idqgJZrJ6 Q9IxKFejuesdZkhdiowbxJ2QZb5kSWBkyRhqZu+iLDldImVvx5+nRVxDU9l7R66j QL/GQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=qd3ZtEQf5i/wkRG2/ehTQ5dsmQ30iySVn1zjOALh4 H4=; b=LAejHjzMHAOScXqannB6W/3B4k95hloft8njX3DCrqGutQe94iBX65Fpc G2RROplP8yK2iQloSqTUJh9JD0pjhzH3b5Jek9yVYjZEOkC9l1lsZitVmmLkPNzp UfQTJT+Tz4CUv4MmJMgh4IxIqkdRKFwAooN6tRiEZpRcJ7UNOrMvXl0DBenJED59 Tmi/5pQNEokaVmHnpJcpy6kycuStfY/iacCtpk3H228WjRO6holOa3RYaOUcJvXx SKSMXzDhbRC77TFRY3qjyTweNGydf9pXaodOn8uMKqQ9Ty7XU8PzHL7kzT9oQz1o QvmW+6UA2Cg5cqhQEhT7ZvKmzK2Sw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrkeeigddvfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeforghrkhcu pfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuffhomhgrihhnpe hmnhhothdrnhgvthdphhhtthhprghnuggvmhgsohguihgvshhsvghvvghrrghlrghnthhi qdhprghtthgvrhhnshhfohhrihhtshhushgvrdgrshenucfkphepuddvuddrvddttddrie drvddvieenucfrrghrrghmpehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvthen ucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from macbook-pro.mnot.net (121-200-6-226.79c806.syd.nbn.aussiebb.net [121.200.6.226]) by mail.messagingengine.com (Postfix) with ESMTPA id AE1AF8005B; Mon, 21 Oct 2019 19:34:54 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) From: Mark Nottingham In-Reply-To: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> Date: Tue, 22 Oct 2019 10:34:51 +1100 Cc: Netconf , httpbis-chairs@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <802B82C7-56D8-4341-9416-2C2CFFECAA3C@mnot.net> References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> To: Mahesh Jethanandani X-Mailer: Apple Mail (2.3594.4.19) Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 23:35:01 -0000 Mahesh, I've had a quick look at the draft, and I don't think it substantially = addresses the feedback we gave earlier. It appears to create an = arbitrary profile of HTTP and embodies several anti-patterns for its = use. As a result, I personally do not support the adoption of this draft. Regards, > On 22 Oct 2019, at 9:52 am, Mahesh Jethanandani = wrote: >=20 > Hi WG, >=20 > The author has posted a -04 version of the draft, and believes that it = ready for WG adoption. >=20 > This starts a 2 week poll ending on November 4, to decide whether this = document should be made a WG document or not. Please reply to this email = whether or not you support adoption of this draft by the WG. Indications = that the draft has been read will be also be appreciated. >=20 > Thanks. >=20 > Mahesh Jethanandani > mjethanandani@gmail.com >=20 >=20 >=20 -- Mark Nottingham https://www.mnot.net/ From nobody Mon Oct 21 17:07:18 2019 Return-Path: <0100016df0c9ff38-b0c4a946-ea4a-4262-99b1-77709edb856e-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FAFC120A83; Mon, 21 Oct 2019 17:07:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGAtoiYKJjQO; Mon, 21 Oct 2019 17:07:14 -0700 (PDT) Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7A2120A7E; Mon, 21 Oct 2019 17:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571702833; h=Content-Type:Content-Transfer-Encoding:From:Mime-Version:Subject:Date:Message-Id:References:Cc:In-Reply-To:To:Feedback-ID; bh=zm54+mnUtyEaUMYJoOAykdtLApPe0PE47fIEeieSIEI=; b=EaSZW+Yo2smwI7IzgSRzzdMuCQmpBZ5j/j4DqCD+hbiMmHGZBJHVZH2OWC+eMPBZ OzUlDFNhaFifOzvw954TLqRhI+lRyWnSbQs+xzngcpkfRYwjTd7O1UYaBeZdSf2FJN1 WGUKWT14lU6dgesD/T3hDl0qUzcGbb5ZiaB3S3bo= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Kent Watsen Mime-Version: 1.0 (1.0) Date: Tue, 22 Oct 2019 00:07:13 +0000 Message-ID: <0100016df0c9ff38-b0c4a946-ea4a-4262-99b1-77709edb856e-000000@email.amazonses.com> References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> Cc: Netconf , httpbis-chairs@ietf.org In-Reply-To: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> To: Mahesh Jethanandani X-Mailer: iPhone Mail (17A878) X-SES-Outgoing: 2019.10.22-54.240.8.31 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 00:07:16 -0000 As co-author, I support this adoption, especially given how it is a normativ= e dependency for both: draft-ietf-netconf-restconf-client-server and: draft-mahesh-netconf-https-notif Kent > On Oct 21, 2019, at 7:31 PM, Mahesh Jethanandani = wrote: >=20 > =EF=BB=BFHi WG, >=20 > The author has posted a -04 version of the draft, and believes that it rea= dy for WG adoption. >=20 > This starts a 2 week poll ending on November 4, to decide whether this doc= ument should be made a WG document or not. Please reply to this email whethe= r or not you support adoption of this draft by the WG. Indications that the d= raft has been read will be also be appreciated. >=20 > Thanks. >=20 > Mahesh Jethanandani > mjethanandani@gmail.com >=20 >=20 >=20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf From nobody Mon Oct 21 18:22:19 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB7A120ABD; Mon, 21 Oct 2019 18:22:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIuXxjl5wreh; Mon, 21 Oct 2019 18:22:16 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 421D1120AB8; Mon, 21 Oct 2019 18:22:16 -0700 (PDT) Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id B18665B3FDE0FBA4A6D2; Tue, 22 Oct 2019 02:22:13 +0100 (IST) Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 22 Oct 2019 02:22:12 +0100 Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0439.000; Tue, 22 Oct 2019 09:22:06 +0800 From: Tianran Zhou To: "adrian@olddog.co.uk" , 'Netconf' CC: "netconf-chairs@ietf.org" Thread-Topic: request to working group adoption//RE: New Version Notification for draft-zhou-netconf-multi-stream-originators-07.txt Thread-Index: AdWIdpGd8o+3nA9vT1+pQ6achaXOsw== Date: Tue, 22 Oct 2019 01:22:05 +0000 Message-ID: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.111.156.116] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: [netconf] request to working group adoption//RE: New Version Notification for draft-zhou-netconf-multi-stream-originators-07.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 01:22:18 -0000 SGkgQ2hhaXJzIGFuZCB0aGUgV0csDQoNCldlIGhhdmUgYWRkcmVzc2VkIGFsbCB0aGUgaXNzdWVz LCBhbmQgdGhpbmsgaXQncyBtYXR1cmUgdG8gYmUgYWRvcHRlZC4NCldlIHdhbnQgdG8gbW92ZSBm b3J3YXJkLCBhbmQga2VlcCB3b3JraW5nIG9uIHRoaXMuDQoNClRoYW5rcywNClRpYW5yYW4NCg0K PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBBZHJpYW4gRmFycmVsIFttYWls dG86YWRyaWFuQG9sZGRvZy5jby51a10NCj4gU2VudDogRnJpZGF5LCBPY3RvYmVyIDE4LCAyMDE5 IDk6MjUgUE0NCj4gVG86ICdOZXRjb25mJyA8bmV0Y29uZkBpZXRmLm9yZz4NCj4gQ2M6IFRpYW5y YW4gWmhvdSA8emhvdXRpYW5yYW5AaHVhd2VpLmNvbT47IG5ldGNvbmYtY2hhaXJzQGlldGYub3Jn DQo+IFN1YmplY3Q6IFJFOiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yDQo+IGRyYWZ0LXpo b3UtbmV0Y29uZi1tdWx0aS1zdHJlYW0tb3JpZ2luYXRvcnMtMDcudHh0DQo+IA0KPiBIaSBhbGws DQo+IA0KPiBUaGFua3MgZm9yIHRoZSB1cGRhdGUsIFRpYW5yYW4uDQo+IA0KPiBJSVJDIChhbmQg dGhlIG1pbnV0ZXMgc2VlbSB0byBzdXBwb3J0IHRoaXMpIHRoZXJlIHdhcyBhbiBpbnRlbnRpb24g dG8gYWRvcHQNCj4gdGhpcyB3b3JrLiBUaGVyZSB3YXMgYWxzbyBzdWdnZXN0aW9uIG9mIGEgRFQg dG8gcHVzaCBpdCBmb3J3YXJkLg0KPiANCj4gV2hhdCdzIHRoZSBwbGFuPw0KPiANCj4gVGhhbmtz LA0KPiBBZHJpYW4NCj4gDQo+ID4gV2UganVzdCB1cGRhdGVkIHRoZSBkcmFmdCBvbiBTdWJzY3Jp cHRpb24gdG8gTXVsdGlwbGUgU3RyZWFtIE9yaWdpbmF0b3JzLg0KPiA+IEluIHRoaXMgcmV2aXNp b24sIHdlIG1hZGUgY2hhbmdlIG9uOg0KPiA+IDEuIFJlbW92ZSB0aGUgSW9UIHVzZSBjYXNlIGJh c2VkIG9uIHRoZSBmZWVkYmFjayBmcm9tIElFVEYxMDUgbWVldGluZy4NCj4gPiAyLiBSZXZpc2Ug ZXhhbXBsZXMgYW5kIGFkZCBjYWxsIGZsb3dzLg0KPiA+IDMuIEFkZCBkaXNjdXNzaW9uIG9uIFB1 Ymxpc2hlciBDb25maWd1cmF0aW9ucyBpbiBzZWN0aW9uIDguDQo+ID4NCj4gPiBBbnkgY29tbWVu dCBhbmQgZmVlZGJhY2sgaXMgd2VsY29tZS4NCg0K From nobody Tue Oct 22 03:07:09 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B87BF1200C5; Tue, 22 Oct 2019 03:07:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUdjCaATt45n; Tue, 22 Oct 2019 03:07:05 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3945F120111; Tue, 22 Oct 2019 03:07:05 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 88180F4071E; Tue, 22 Oct 2019 03:07:02 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191022100702.88180F4071E@rfc-editor.org> Date: Tue, 22 Oct 2019 03:07:02 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Held for Document Update] RFC8040 (5633) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 10:07:07 -0000 The following errata report has been held for document update for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5633 -------------------------------------- Status: Held for Document Update Type: Editorial Reported by: Qin WU Date Reported: 2019-02-11 Held by: Ignas Bagdonas (IESG) Section: B.2.2. Original Text ------------- PATCH /restconf/data/example-jukebox:jukebox/\ library/artist=Foo%20Fighters/album=Wasting%20Light/\ genre HTTP/1.1 Host: example.com If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT Content-Type: application/yang-data+json { "example-jukebox:genre" : "example-jukebox:alternative" } In this example, the datastore resource has changed since the time specified in the "If-Unmodified-Since" header. The server might respond as follows: HTTP/1.1 412 Precondition Failed Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Last-Modified: Thu, 26 Jan 2017 19:41:00 GMT ETag: "b34aed893a4c" Corrected Text -------------- PATCH /restconf/data/example-jukebox:jukebox/\ library/artist=Foo%20Fighters/album=Wasting%20Light/\ genre HTTP/1.1 Host: example.com If-Unmodified-Since: Thu, 26 Jan 2017 20:56:30 GMT Content-Type: application/yang-data+json { "example-jukebox:genre" : "example-jukebox:alternative" } In this example, the datastore resource has changed since the time specified in the "If-Unmodified-Since" header. The server might respond as follows: HTTP/1.1 412 Precondition Failed Date: Thu, 26 Jan 2017 20:56:30 GMT Server: example-server Last-Modified: Thu, 26 Jan 2017 20:57:10 GMT ETag: "b34aed893a4c" Notes ----- The date in the Last-Modified field of the response HTTP header should be greater than the date in the If-Unmodified-Since field of the request HTTP header. -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Tue Oct 22 05:13:36 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A4AD120822; Tue, 22 Oct 2019 05:13:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rX62Ng6mYGWR; Tue, 22 Oct 2019 05:13:33 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5B2712081F; Tue, 22 Oct 2019 05:13:33 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 21E55F4071E; Tue, 22 Oct 2019 05:13:31 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191022121331.21E55F4071E@rfc-editor.org> Date: Tue, 22 Oct 2019 05:13:31 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Held for Document Update] RFC8040 (5493) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 12:13:35 -0000 The following errata report has been held for document update for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5493 -------------------------------------- Status: Held for Document Update Type: Editorial Reported by: Qin Wu Date Reported: 2018-09-06 Held by: Ignas Bagdonas (IESG) Section: 6 Original Text ------------- Note that the YANG definitions within this module do not represent configuration data of any kind. The 'restconf-media-type' YANG extension statement provides a normative syntax for XML and JSON message-encoding purposes. Corrected Text -------------- Note that the YANG definitions within this module do not represent configuration data of any kind. The yang-data extension statement provides a normative syntax for XML and JSON message-encoding purposes. Notes ----- The 'restconf-media-type' YANG extension has been replaced by more generic yang-data extension. -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Tue Oct 22 05:25:32 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D57F0120255; Tue, 22 Oct 2019 05:25:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-z9FnOn5MZL; Tue, 22 Oct 2019 05:25:29 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96F811200E6; Tue, 22 Oct 2019 05:25:29 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id C56AFF4071E; Tue, 22 Oct 2019 05:25:26 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191022122526.C56AFF4071E@rfc-editor.org> Date: Tue, 22 Oct 2019 05:25:26 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC8040 (5858) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 12:25:31 -0000 The following errata report has been rejected for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5858 -------------------------------------- Status: Rejected Type: Technical Reported by: Qin WU Date Reported: 2019-09-11 Rejected by: Ignas Bagdonas (IESG) Section: 5.3.1,5.3.2 Original Text ------------- GET /restconf/data/interfaces/interface=eth1 ?with-defaults=report-all-tagged HTTP/1.1 Host: example.com Accept: application/yang-data+xml GET /restconf/data/interfaces/interface=eth1\ ?with-defaults=report-all-tagged HTTP/1.1 Host: example.com Accept: application/yang-data+json Corrected Text -------------- GET /restconf/data/ietf-interfaces:interfaces/interface=eth1 ?with-defaults=report-all-tagged HTTP/1.1 Host: example.com Accept: application/yang-data+xml GET /restconf/data/ietf-interfaces:interfaces/interface=eth1\ ?with-defaults=report-all-tagged HTTP/1.1 Host: example.com Accept: application/yang-data+json Notes ----- Based on the rule defined in section 3.5.3 of RFC8040, the module name ietf-interface followed by a colon character (":") should be prepended to the node name interfaces. --VERIFIER NOTES-- Examples in sections 5.3.1 and 5.3.2 are not based on ietf-intrefaces module. -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Tue Oct 22 08:07:36 2019 Return-Path: <0100016df40225ff-4853b440-cb03-4edb-a9f4-4fd24a9adf90-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8E712087A; Tue, 22 Oct 2019 08:07:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWho1yiCGAME; Tue, 22 Oct 2019 08:07:26 -0700 (PDT) Received: from a8-64.smtp-out.amazonses.com (a8-64.smtp-out.amazonses.com [54.240.8.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0623A1208A7; Tue, 22 Oct 2019 08:07:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571756844; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Message-Id:Date:Cc:To:Feedback-ID; bh=INep1dThnJXq0HQbMrDCvst3DdFm8w17kTP7Bu6izTU=; b=HfUHp9U/Y00/W8FtXm3E7snZ/LYWsHianc7r7tJv2v9fK5HozeFodiMTIGY9AtMv B1YYeS4c5zreiTFMiNfj3yW48vRTeNmeN5/ubq/wdqlLH6CkB7BlDeEnHgWv9Keapnm OGnTMTVYyFoizOf2u6EGqeeAW0KXdN3BexppFGFc= From: Kent Watsen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-ID: <0100016df40225ff-4853b440-cb03-4edb-a9f4-4fd24a9adf90-000000@email.amazonses.com> Date: Tue, 22 Oct 2019 15:07:24 +0000 Cc: "netconf-chairs@ietf.org" To: "netconf@ietf.org" X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.22-54.240.8.64 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: [netconf] NETCONF 106 Schedule and Call for Presentations X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 15:07:35 -0000 The preliminary IETF 106 meeting agenda has been posted [1]. - The final agenda will be posted this Friday at the same location. - NETCONF is currently scheduled to meet once on Monday for 2 hours. Authors, per [2], the draft submission cutoff is in about two weeks, on Monday Nov 4th. Please update your drafts before then. If you are interested in presenting to the WG, please send your presentation requests to the "netconf-chairs" alias (CC-ed) with the following information, for each presentation request, if more than one: - name of the drafts (if any) - name of presentation (usually the title of the draft) - name of the presenter(s) - desired time request (in minutes) - local or remote Presenters, please be advised that, due to issues with the Chromebook displaying PowerPoint, and issues with chairs converting presentations to PDF themselves, it is now strongly recommended that presenters only submit PDF versions of their slides. [1] https://datatracker.ietf.org/meeting/106/agenda.html [2] https://datatracker.ietf.org/meeting/106/important-dates/ PS: Please respond to *this* thread (removing the "netconf" alias) so that it's easier for the chairs to track all the requests. Thanks! Kent (and Mahesh) From nobody Tue Oct 22 11:14:20 2019 Return-Path: <0100016df4ad340a-3b990c99-95f8-40c3-9ff0-6f627826bd94-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFA2812087B; Tue, 22 Oct 2019 11:14:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMQQKylANgNF; Tue, 22 Oct 2019 11:14:16 -0700 (PDT) Received: from a8-88.smtp-out.amazonses.com (a8-88.smtp-out.amazonses.com [54.240.8.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 478AE1207FE; Tue, 22 Oct 2019 11:14:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571768055; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=KGb7UWT+muARmFCXLeaOhEcrQtSG/VAQUiOpYF9yTgY=; b=kItdbwDithhLUVtlOcrPL33hd11XzW8Zu5Z1HQoACG48bhE1i7XE00HrXGQa3m5m ebjmZqsk9dJqgml9zLsFyJnDucFWNN+H7I0m75wxHKonYXpH7fR+i6x2pi1D0wocsm7 zDJFyR2SWhIJHOPkU6XhS8hhrWaCpO/LzJj8Azew= From: Kent Watsen Message-ID: <0100016df4ad340a-3b990c99-95f8-40c3-9ff0-6f627826bd94-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_C309C98B-D4F6-4A9E-8594-7D88644BE988" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Tue, 22 Oct 2019 18:14:14 +0000 In-Reply-To: <802B82C7-56D8-4341-9416-2C2CFFECAA3C@mnot.net> Cc: Mahesh Jethanandani , httpbis-chairs@ietf.org, "netconf@ietf.org" To: Mark Nottingham References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> <802B82C7-56D8-4341-9416-2C2CFFECAA3C@mnot.net> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.22-54.240.8.88 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 18:14:19 -0000 --Apple-Mail=_C309C98B-D4F6-4A9E-8594-7D88644BE988 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Mark, I just re-read all your (and Patrick's) messages from before and was = unable to see anything actionable that wasn't addressed. Can you please = provide concrete examples for the concerns you have? Since last time, there is now a second consumer of this draft: = draft-ietf-netconf-https-notif. Hopefully, now looking at both = consumers (the other being draft-ietf-netconf-restconf-client-server) = you will get a clearer picture of what is trying to be accomplished = here. =20 While not stated anywhere, the goal is somewhat restricted to support = HTTP-based APIs (e.g., RESTful protocols) more so than webservers or = browsers. Maybe this is what you're perceiving as being "an arbitrary = profile"? FWIW, there are implementations (running code), which = suggests the model here is close to what is needed for HTTP-based APIs. This draft defines only YANG "grouping" statements. Grouping statements = don't define protocol-accessible nodes, just a potential for its nodes = to exist. The grouping statements MUST be "used" by another YANG = module, which MAY augment/refine the grouping as needed. The model is = purposely incomplete for this reason. As an example, assume a higher-level model wishes to define = configuration for an HTTP client, but wishes to use some other = (potentially proprietary) authentication scheme, not Basic. To achieve = this, the higher-level model could 1) "use" the `ietf-http-client` = grouping, 2) NOT define the "basic-auth" feature (and hence Basic is = not configurable), while 3) augmenting-in the data model for configuring = the client-specific authentication scheme (enabling that authentication = model to be configured). Kent // contributor > On Oct 21, 2019, at 7:34 PM, Mark Nottingham wrote: >=20 > Mahesh, >=20 > I've had a quick look at the draft, and I don't think it substantially = addresses the feedback we gave earlier. It appears to create an = arbitrary profile of HTTP and embodies several anti-patterns for its = use. >=20 > As a result, I personally do not support the adoption of this draft. >=20 > Regards, >=20 >=20 >> On 22 Oct 2019, at 9:52 am, Mahesh Jethanandani = wrote: >>=20 >> Hi WG, >>=20 >> The author has posted a -04 version of the draft, and believes that = it ready for WG adoption. >>=20 >> This starts a 2 week poll ending on November 4, to decide whether = this document should be made a WG document or not. Please reply to this = email whether or not you support adoption of this draft by the WG. = Indications that the draft has been read will be also be appreciated. >>=20 >> Thanks. >>=20 >> Mahesh Jethanandani >> mjethanandani@gmail.com >>=20 >>=20 >>=20 >=20 > -- > Mark Nottingham https://www.mnot.net/ >=20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf --Apple-Mail=_C309C98B-D4F6-4A9E-8594-7D88644BE988 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Mark,

I just re-read = all your (and Patrick's) messages from before and was unable to see = anything actionable that wasn't addressed.  Can you please provide = concrete examples for the concerns you have?

Since last time, there is now a second = consumer of this draft: draft-ietf-netconf-https-notif.  Hopefully, = now looking at both consumers (the other = being draft-ietf-netconf-restconf-client-server) you will get a = clearer picture of what is trying to be accomplished here. =  

While = not stated anywhere, the goal is somewhat restricted to support = HTTP-based APIs (e.g., RESTful protocols) more so than webservers or = browsers.  Maybe this is what you're perceiving as being "an = arbitrary profile"?   FWIW, there are implementations (running = code), which suggests the model here is close to what is needed for = HTTP-based APIs.

This draft defines only YANG "grouping" statements. =  Grouping statements don't define protocol-accessible nodes, just a = potential for its nodes to exist.  The grouping statements MUST be = "used" by another YANG module, which MAY augment/refine the grouping as = needed.  The model is purposely incomplete for this = reason.

As an = example, assume a higher-level model wishes to define configuration for = an HTTP client, but wishes to use some other (potentially proprietary) = authentication scheme, not Basic.   To achieve this, the = higher-level model could 1) "use" the `ietf-http-client` grouping, =  2) NOT define the "basic-auth" feature (and hence Basic is not = configurable), while 3) augmenting-in the data model for configuring the = client-specific authentication scheme (enabling that authentication = model to be configured).

Kent // contributor



On Oct = 21, 2019, at 7:34 PM, Mark Nottingham <mnot@mnot.net> wrote:

Mahesh,

I've had a quick look at = the draft, and I don't think it substantially addresses the feedback we = gave earlier. It appears to create an arbitrary profile of HTTP and = embodies several anti-patterns for its use.

As a result, I personally do not support the adoption of this = draft.

Regards,


On 22 Oct = 2019, at 9:52 am, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:

Hi WG,

The author has posted a = -04 version of the draft, and believes that it ready for WG adoption.

This starts a 2 week poll ending on November = 4, to decide whether this document should be made a WG document or not. = Please reply to this email whether or not you support adoption of this = draft by the WG. Indications that the draft has been read will be also = be appreciated.

Thanks.

Mahesh Jethanandani
mjethanandani@gmail.com




--
Mark Nottingham   https://www.mnot.net/

_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

= --Apple-Mail=_C309C98B-D4F6-4A9E-8594-7D88644BE988-- From nobody Wed Oct 23 00:37:22 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C182120058 for ; Wed, 23 Oct 2019 00:37:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dgdYLo0sYVM for ; Wed, 23 Oct 2019 00:37:19 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 00BA4120024 for ; Wed, 23 Oct 2019 00:37:18 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 8F97F1AE018B for ; Wed, 23 Oct 2019 09:37:16 +0200 (CEST) Date: Wed, 23 Oct 2019 09:37:15 +0200 (CEST) Message-Id: <20191023.093715.2094043256766716320.mbj@tail-f.com> To: netconf@ietf.org From: Martin Bjorklund X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: [netconf] a comment on draft-ietf-netconf-tls-client-server-15 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 07:37:20 -0000 Hi, This is not a full review, just one thing that I stubmled upon. The model has (pruned to illustrate my point): container server-authentication { nacm:default-deny-write; must 'ca-certs or server-certs'; container ca-certs { if-feature "ts:x509-certificates"; presence ...; ... } container server-certs { if-feature "ts:x509-certificates"; presence ...; ... } } 1. If a server doesn't implement the feature ts:x509-certificates, the model effectively becomes: container server-authentication { nacm:default-deny-write; must 'ca-certs or server-certs'; } This must expression will never be true, which means that it is not possible to configure anything! 2. When this grouping is used in ietf-https-notifs, it looks like this: +--rw receivers +--rw receiver* [name] +--rw name string ... | +--rw server-authentication | | +--rw ca-certs! {ts:x509-certificates}? ... | | +--rw server-certs! {ts:x509-certificates}? ... Now, the container 'server-authentication' has nacm:default-deny-write, and its contents is mandatory (due to the must expression). This means that it is not possible to configure a single receiver without explicit NACM rules for this container. Is that really the intention? /martin From nobody Wed Oct 23 01:00:41 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D6712002F for ; Wed, 23 Oct 2019 01:00:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7xPP0tebnEO for ; Wed, 23 Oct 2019 01:00:39 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 3A4B6120024 for ; Wed, 23 Oct 2019 01:00:39 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id 96B1E1AE018B for ; Wed, 23 Oct 2019 10:00:37 +0200 (CEST) Date: Wed, 23 Oct 2019 10:00:37 +0200 (CEST) Message-Id: <20191023.100037.513870875503945841.mbj@tail-f.com> To: netconf@ietf.org From: Martin Bjorklund In-Reply-To: <20191023.093715.2094043256766716320.mbj@tail-f.com> References: <20191023.093715.2094043256766716320.mbj@tail-f.com> X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] a comment on draft-ietf-netconf-tls-client-server-15 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 08:00:41 -0000 Hi, two more comments below. Martin Bjorklund wrote: > Hi, > > This is not a full review, just one thing that I stubmled upon. > > The model has (pruned to illustrate my point): > > container server-authentication { > nacm:default-deny-write; > must 'ca-certs or server-certs'; > container ca-certs { > if-feature "ts:x509-certificates"; > presence ...; > ... > } > container server-certs { > if-feature "ts:x509-certificates"; > presence ...; > ... > } > } > > 1. If a server doesn't implement the feature ts:x509-certificates, > the model effectively becomes: > > container server-authentication { > nacm:default-deny-write; > must 'ca-certs or server-certs'; > } > > This must expression will never be true, which means that it is > not possible to configure anything! > > > 2. When this grouping is used in ietf-https-notifs, it looks like > this: > > +--rw receivers > +--rw receiver* [name] > +--rw name string > ... > | +--rw server-authentication > | | +--rw ca-certs! {ts:x509-certificates}? > ... > | | +--rw server-certs! {ts:x509-certificates}? > ... > > Now, the container 'server-authentication' has > nacm:default-deny-write, and its contents is mandatory (due to the > must expression). This means that it is not possible to configure > a single receiver without explicit NACM rules for this container. Is > that really the intention? 3. You don't have a choice between ca-certs and server-certs, which I assume is intentional (they can both exist). I think you need to explain what happens when both these are configured. 4. The description of ca-certs and server-certs has: "A server certificate is authenticated if ..." But you don't specify what it means for a certificate to be authenticated. If the intention is that the meaning depends on where it is used, the description of the grouping should specify this requirement. /martin From nobody Wed Oct 23 09:29:14 2019 Return-Path: <0100016df97342cf-58f4f854-4372-4da7-aab6-86959cc275d7-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDA091201B7 for ; Wed, 23 Oct 2019 09:29:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NmTAPbOkDS7h for ; Wed, 23 Oct 2019 09:29:09 -0700 (PDT) Received: from a8-33.smtp-out.amazonses.com (a8-33.smtp-out.amazonses.com [54.240.8.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A19C1200A3 for ; Wed, 23 Oct 2019 09:29:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571848143; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=YAK08mog1YDpkQfiMC8UPLQmc6dp49K/aUdKkI8IlQo=; b=Gc6Hp7BYyzoc/xryRCWMtUnN7i0G6m9SKhFLeq6Z9G3vh6hAp1VB4bjkX8Yid147 3QnQw+RcViCZIpShm/3AW6neGObZGvpm/qyKhZCyzyVQ2XFzlxWpK5EiN88BwlqBgwi zLeW38toeJqWY+49V6IzIQE8Um5HEZ1n9DRY68TY= From: Kent Watsen Message-ID: <0100016df97342cf-58f4f854-4372-4da7-aab6-86959cc275d7-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_F866A6DF-FBFF-43B8-8706-C56366780321" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 23 Oct 2019 16:29:03 +0000 In-Reply-To: <20191023.093715.2094043256766716320.mbj@tail-f.com> Cc: "netconf@ietf.org" To: Martin Bjorklund References: <20191023.093715.2094043256766716320.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.23-54.240.8.33 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] a comment on draft-ietf-netconf-tls-client-server-15 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 16:29:12 -0000 --Apple-Mail=_F866A6DF-FBFF-43B8-8706-C56366780321 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Martin, Thanks for digging into this. > The model has (pruned to illustrate my point): >=20 > container server-authentication { > nacm:default-deny-write; > must 'ca-certs or server-certs'; > container ca-certs { > if-feature "ts:x509-certificates"; > presence ...; > ... > } > container server-certs { > if-feature "ts:x509-certificates"; > presence ...; > ... > } > } This is in ietf-tls-client.yang, for those interested. > 1. If a server doesn't implement the feature ts:x509-certificates, > the model effectively becomes: >=20 > container server-authentication { > nacm:default-deny-write; > must 'ca-certs or server-certs'; > } >=20 > This must expression will never be true, which means that it is > not possible to configure anything! The "if-feature" statements above are no longer valid since now "local" = configuration is supported (i.e., = `ts:local-or-truststore-certs-grouping`), so the truststore no longer is = required to be implemented. Simply removing the two "if-feature" statements in ietf-tls-client.yang = resolves the issue. Note that ts:local-or-truststore-certs-grouping = have within it if-feature statements that prune the "truststore" half = out. Checking the other models, there were also instances of this in = ietf-tls-server.yang and in both the ssh client and server modules. > 2. When this grouping is used in ietf-https-notifs, it looks like > this: >=20 > +--rw receivers > +--rw receiver* [name] > +--rw name string > ... > | +--rw server-authentication > | | +--rw ca-certs! {ts:x509-certificates}? > ... =20 > | | +--rw server-certs! {ts:x509-certificates}? > ... >=20 > Now, the container 'server-authentication' has > nacm:default-deny-write, and its contents is mandatory (due to the > must expression). This means that it is not possible to configure > a single receiver without explicit NACM rules for this container. = Is > that really the intention? Yes, these are security parameters. Read access is okay, but only = authorized clients should be able to configure them. > 3. You don't have a choice between ca-certs and server-certs, which I > assume is intentional (they can both exist). I think you need to > explain what happens when both these are configured. OLD: container server-authentication { ... description "Trusted server identities."; NEW: container server-authentication { ... description "Trusted server identities. Any combination of trusted server identities is additive and unordered."; Is this okay? > 4. The description of ca-certs and server-certs has: >=20 > "A server certificate is authenticated if ..." >=20 > But you don't specify what it means for a certificate to be > authenticated. If the intention is that the meaning depends on > where it is used, the description of the grouping should specify > this requirement. For "ca-certs", the full sentence is:=20 A server certificate is authenticated if it has a valid chain of trust to a configured CA certificate."; For server-certs, the full sentence is: A server certificate is authenticated if it is an exact match to a configured server certificate."; How is the 2nd-half of these sentences not doing just what you're asking = for? Kent // contributor --Apple-Mail=_F866A6DF-FBFF-43B8-8706-C56366780321 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Martin,

Thanks for = digging into this.


The = model has (pruned to illustrate my point):

      container = server-authentication {
=         nacm:default-deny-write;         must = 'ca-certs or server-certs';
=         container ca-certs {
=           if-feature = "ts:x509-certificates";
=           presence = ...;
=           ...
        }
        container = server-certs {
=           if-feature = "ts:x509-certificates";
=           presence = ...;
=           ...
        }
      }


This is in ietf-tls-client.yang, for those = interested.



1.  If a server doesn't implement the feature = ts:x509-certificates,
   the model = effectively becomes:

=       container server-authentication {
=         nacm:default-deny-write;         must = 'ca-certs or server-certs';
=       }

=    This must expression will never be true, which means = that it is
   not possible to configure = anything!


The "if-feature" = statements above are no longer valid since now "local" configuration is = supported (i.e., `ts:local-or-truststore-certs-grouping`), so the = truststore no longer is required to be implemented.

Simply removing the two "if-feature" statements = in ietf-tls-client.yang resolves the issue.  Note that = ts:local-or-truststore-certs-grouping have within it if-feature = statements that  prune the "truststore" half out.  Checking = the other models, there were also instances of this in = ietf-tls-server.yang and in both the ssh client and server = modules.


2.  When this grouping is used in = ietf-https-notifs, it looks like
=    this:

 +--rw = receivers
    +--rw receiver* = [name]
       +--rw = name =           string
       ...
=        |  +--rw = server-authentication
=        |  |  +--rw = ca-certs! {ts:x509-certificates}?
=             &n= bsp;   ... =            
       |  | =  +--rw server-certs! {ts:x509-certificates}?
=             &n= bsp;   ...

  Now, = the container 'server-authentication' has
=   nacm:default-deny-write, and its contents is mandatory (due = to the
  must expression).  This means = that it is not possible to configure
  a single = receiver without explicit NACM rules for this container.  Is
  that really the intention?

Yes, these = are security parameters.  Read access is okay, but only authorized = clients should be able to configure them.


3.  You don't have a choice between ca-certs and = server-certs, which I
   assume is = intentional (they can both exist).  I think you need to
   explain what happens when both these are = configured.

OLD:
  =   container server-authentication {
  =     ...
      description
        "Trusted server = identities.";

NEW:
  =   container server-authentication {
  =     ...
    =   description
      =   "Trusted server identities.  Any combination of = trusted
         server = identities is additive and unordered.";

Is this okay?


4.  The description of ca-certs and server-certs has:

     "A server = certificate is authenticated if ..."

   But you don't specify what it means for a = certificate to be
   authenticated. =  If the intention is that the meaning depends on
   where it is used, the description of the = grouping should specify
   this = requirement.

For = "ca-certs", the full sentence is: 

          A server = certificate is authenticated if it has a valid
  =          chain of trust to a configured CA = certificate.";

For server-certs, = the full sentence is:

    =        A server
      =      certificate is authenticated if it is an exact = match
           to a = configured server certificate.";

How is the 2nd-half of these sentences not doing = just what you're asking for?



Kent // = contributor


= --Apple-Mail=_F866A6DF-FBFF-43B8-8706-C56366780321-- From nobody Wed Oct 23 10:18:45 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B00EA12086F for ; Wed, 23 Oct 2019 10:18:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsY8XnNNogMM for ; Wed, 23 Oct 2019 10:18:40 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 852081208A7 for ; Wed, 23 Oct 2019 10:18:40 -0700 (PDT) Received: from localhost (h-4-44.A165.priv.bahnhof.se [158.174.4.44]) by mail.tail-f.com (Postfix) with ESMTPSA id EDE041AE018B; Wed, 23 Oct 2019 19:18:37 +0200 (CEST) Date: Wed, 23 Oct 2019 19:18:37 +0200 (CEST) Message-Id: <20191023.191837.484006721829897329.mbj@tail-f.com> To: kent@watsen.net Cc: netconf@ietf.org From: Martin Bjorklund In-Reply-To: <0100016df97342cf-58f4f854-4372-4da7-aab6-86959cc275d7-000000@email.amazonses.com> References: <20191023.093715.2094043256766716320.mbj@tail-f.com> <0100016df97342cf-58f4f854-4372-4da7-aab6-86959cc275d7-000000@email.amazonses.com> X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] a comment on draft-ietf-netconf-tls-client-server-15 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 17:18:43 -0000 Kent Watsen wrote: > Hi Martin, > > Thanks for digging into this. > > > > The model has (pruned to illustrate my point): > > > > container server-authentication { > > nacm:default-deny-write; > > must 'ca-certs or server-certs'; > > container ca-certs { > > if-feature "ts:x509-certificates"; > > presence ...; > > ... > > } > > container server-certs { > > if-feature "ts:x509-certificates"; > > presence ...; > > ... > > } > > } > > > This is in ietf-tls-client.yang, for those interested. > > > > > 1. If a server doesn't implement the feature ts:x509-certificates, > > the model effectively becomes: > > > > container server-authentication { > > nacm:default-deny-write; > > must 'ca-certs or server-certs'; > > } > > > > This must expression will never be true, which means that it is > > not possible to configure anything! > > > The "if-feature" statements above are no longer valid since now > "local" configuration is supported (i.e., > `ts:local-or-truststore-certs-grouping`), so the truststore no longer > is required to be implemented. > > Simply removing the two "if-feature" statements in > ietf-tls-client.yang resolves the issue. Note that > ts:local-or-truststore-certs-grouping have within it if-feature > statements that prune the "truststore" half out. Checking the other > models, there were also instances of this in ietf-tls-server.yang and > in both the ssh client and server modules. Ok. > > 2. When this grouping is used in ietf-https-notifs, it looks like > > this: > > > > +--rw receivers > > +--rw receiver* [name] > > +--rw name string > > ... > > | +--rw server-authentication > > | | +--rw ca-certs! {ts:x509-certificates}? > > ... > > | | +--rw server-certs! {ts:x509-certificates}? > > ... > > > > Now, the container 'server-authentication' has > > nacm:default-deny-write, and its contents is mandatory (due to the > > must expression). This means that it is not possible to configure > > a single receiver without explicit NACM rules for this container. Is > > that really the intention? > > Yes, these are security parameters. Read access is okay, but only > authorized clients should be able to configure them. I think it is odd that if I am trusted to configure a tls client, I can't fully configure it w/o additional rules. For example, suppose the security admin has set up a certificate trustore (/truststore/certificate) with trusted certificates. Now if I want to create a receiver of notifications, I want to point to this list. But I can't do that w/o special NACM rules. > > 3. You don't have a choice between ca-certs and server-certs, which I > > assume is intentional (they can both exist). I think you need to > > explain what happens when both these are configured. > > OLD: > container server-authentication { > ... > description > "Trusted server identities."; > > NEW: > container server-authentication { > ... > description > "Trusted server identities. Any combination of trusted > server identities is additive and unordered."; > > Is this okay? Ok, but see below. > > 4. The description of ca-certs and server-certs has: > > > > "A server certificate is authenticated if ..." > > > > But you don't specify what it means for a certificate to be > > authenticated. If the intention is that the meaning depends on > > where it is used, the description of the grouping should specify > > this requirement. > > For "ca-certs", the full sentence is: > > A server certificate is authenticated if it has a valid > chain of trust to a configured CA certificate."; > > For server-certs, the full sentence is: > > A server > certificate is authenticated if it is an exact match > to a configured server certificate."; > > How is the 2nd-half of these sentences not doing just what you're > asking for? So the text explains when a server certificate is authenticated. But what is supposed to happen when a server certificate is not authenticated? BTW, should it rather be "A server is authenticated if its certificate is an exact match..." etc? /martin From nobody Wed Oct 23 11:31:15 2019 Return-Path: <0100016df9e30ad6-bb72f12b-c334-4d8f-a5a1-ca997a3bbe97-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940CD120047 for ; Wed, 23 Oct 2019 11:31:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qumyCeKDTj8n for ; Wed, 23 Oct 2019 11:31:11 -0700 (PDT) Received: from a8-96.smtp-out.amazonses.com (a8-96.smtp-out.amazonses.com [54.240.8.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA390120020 for ; Wed, 23 Oct 2019 11:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1571855469; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=9VF8x+79Nlzszfc6c1f2u+GStfhcWkUynF8g5FzbYo4=; b=hc8ycdbYnrWvQJshGsJQUABjj0LcK74A2/IP1VEXWj8e0bivEbcuCU8fU+gIYXj/ f9PhD2Cv2lj1tQZz4GJ7T28mVRn//d2C1qVH13cku9GMa5rc+QJcWQU0bqV1RfJt0b4 IvLqfBDzx/Bz3B95NiErmO8iyBJpSDglwqRc5EhA= From: Kent Watsen Message-ID: <0100016df9e30ad6-bb72f12b-c334-4d8f-a5a1-ca997a3bbe97-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_652444B9-F522-45DF-BC28-40DDAFD034C1" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 23 Oct 2019 18:31:09 +0000 In-Reply-To: <20191023.191837.484006721829897329.mbj@tail-f.com> Cc: "netconf@ietf.org" To: Martin Bjorklund References: <20191023.093715.2094043256766716320.mbj@tail-f.com> <0100016df97342cf-58f4f854-4372-4da7-aab6-86959cc275d7-000000@email.amazonses.com> <20191023.191837.484006721829897329.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.23-54.240.8.96 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] a comment on draft-ietf-netconf-tls-client-server-15 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 18:31:13 -0000 --Apple-Mail=_652444B9-F522-45DF-BC28-40DDAFD034C1 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii [reducing to open parts] >>> 2. When this grouping is used in ietf-https-notifs, it looks like >>> this: >>> >>> +--rw receivers >>> +--rw receiver* [name] >>> +--rw name string >>> ... >>> | +--rw server-authentication >>> | | +--rw ca-certs! {ts:x509-certificates}? >>> ... >>> | | +--rw server-certs! {ts:x509-certificates}? >>> ... >>> >>> Now, the container 'server-authentication' has >>> nacm:default-deny-write, and its contents is mandatory (due to the >>> must expression). This means that it is not possible to configure >>> a single receiver without explicit NACM rules for this container. Is >>> that really the intention? >> >> Yes, these are security parameters. Read access is okay, but only >> authorized clients should be able to configure them. > > I think it is odd that if I am trusted to configure a tls client, I > can't fully configure it w/o additional rules. > > For example, suppose the security admin has set up a certificate > trustore (/truststore/certificate) with trusted certificates. Now if > I want to create a receiver of notifications, I want to point to this > list. But I can't do that w/o special NACM rules. Without this default-deny-write, the second administrator could configure a `local` setting that didn't point to the truststore, or modify the `truststore` setting to point to potentially improper truststore definitions. >>> 4. The description of ca-certs and server-certs has: >>> >>> "A server certificate is authenticated if ..." >>> >>> But you don't specify what it means for a certificate to be >>> authenticated. If the intention is that the meaning depends on >>> where it is used, the description of the grouping should specify >>> this requirement. >> >> For "ca-certs", the full sentence is: >> >> A server certificate is authenticated if it has a valid >> chain of trust to a configured CA certificate."; >> >> For server-certs, the full sentence is: >> >> A server >> certificate is authenticated if it is an exact match >> to a configured server certificate."; >> >> How is the 2nd-half of these sentences not doing just what you're >> asking for? > > So the text explains when a server certificate is authenticated. But > what is supposed to happen when a server certificate is not > authenticated? What happens is TLS/SSH specific, but generally entails the server sending the client a failure message followed by closing the TCP connection. > BTW, should it rather be "A server is authenticated if its certificate > is an exact match..." etc? Yes. Language fixed in all four modules. Kent // contributor --Apple-Mail=_652444B9-F522-45DF-BC28-40DDAFD034C1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

[reducing to open = parts]


2. =  When this grouping is used in ietf-https-notifs, it looks like
  this:

+--rw = receivers
   +--rw receiver* [name]
      +--rw name =           string
      ...
=       |  +--rw = server-authentication
=       |  |  +--rw ca-certs! = {ts:x509-certificates}?
=             &n= bsp;  ... =            
      |  |  +--rw = server-certs! {ts:x509-certificates}?
=             &n= bsp;  ...

 Now, the = container 'server-authentication' has
=  nacm:default-deny-write, and its contents is mandatory (due to = the
 must expression).  This means that it is = not possible to configure
 a single receiver without = explicit NACM rules for this container.  Is
=  that really the intention?

Yes, these are security parameters.  Read access is = okay, but only
authorized clients should be able to = configure them.

I think it is = odd that if I am trusted to configure a tls client, I
can't = fully configure it w/o additional rules.

For = example, suppose the security admin has set up a certificate
trustore (/truststore/certificate) with trusted certificates. =  Now if
I want to create a receiver of notifications, = I want to point to this
list.  But I can't do that = w/o special NACM rules.

Without this default-deny-write, the second = administrator could
configure a `local` setting that didn't = point to the truststore, or
modify the `truststore` setting to = point to potentially improper
truststore = definitions.


4.  The description of ca-certs and server-certs = has:

    "A server = certificate is authenticated if ..."

=   But you don't specify what it means for a certificate to = be
  authenticated.  If the intention is = that the meaning depends on
  where it is used, = the description of the grouping should specify
=   this requirement.

For "ca-certs", the full sentence is:

         A = server certificate is authenticated if it has a valid
=           chain of = trust to a configured CA certificate.";

For = server-certs, the full sentence is:

=           A server
=           certificate = is authenticated if it is an exact match
=           to a = configured server certificate.";

How is the = 2nd-half of these sentences not doing just what you're
asking for?

So the = text explains when a server certificate is authenticated.  But
what is supposed to happen when a server certificate is = not
authenticated?

What = happens is TLS/SSH specific, but generally entails the = server
sending the client a failure message followed by = closing the TCP
connection.


BTW, should it rather be "A server is authenticated if its = certificate
is an exact match..." etc?

Yes. =  Language fixed in all four modules.


Kent // contributor





= --Apple-Mail=_652444B9-F522-45DF-BC28-40DDAFD034C1-- From nobody Wed Oct 23 14:45:45 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34CAB120106; Wed, 23 Oct 2019 14:45:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id buLGXRRy_6Fx; Wed, 23 Oct 2019 14:45:41 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1069120100; Wed, 23 Oct 2019 14:45:41 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 7CFB9F40740; Wed, 23 Oct 2019 14:45:37 -0700 (PDT) To: bill.wu@huawei.com, andy@yumaworks.com, mbj@tail-f.com, kwatsen@juniper.net X-PHP-Originating-Script: 30:errata_mail_lib.php From: RFC Errata System Cc: ibagdona@gmail.com, iesg@ietf.org, netconf@ietf.org, rfc-editor@rfc-editor.org Content-Type: text/plain; charset=UTF-8 Message-Id: <20191023214537.7CFB9F40740@rfc-editor.org> Date: Wed, 23 Oct 2019 14:45:37 -0700 (PDT) Archived-At: Subject: [netconf] [Errata Rejected] RFC8040 (5565) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 21:45:43 -0000 The following errata report has been rejected for RFC8040, "RESTCONF Protocol". -------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid5565 -------------------------------------- Status: Rejected Type: Technical Reported by: Qin Wu Date Reported: 2018-12-03 Rejected by: Ignas Bagdonas (IESG) Section: 7 Original Text ------------- +-------------------------+------------------+ | error-tag | status code | +-------------------------+------------------+ | in-use | 409 | | lock-denied | 409 | | resource-denied | 409 | | data-exists | 409 | | data-missing | 409 | Corrected Text -------------- +-------------------------+------------------+ | error-tag | status code | +-------------------------+------------------+ | in-use | 409 | | lock-denied | 409 | | resource-denied | 409 | | data-exists | 409 | | data-missing | 404 | Notes ----- The data missing should be mapped to status code '404' instead of '409' to get consistent with the defintion of data-missing in RFC6241. --VERIFIER NOTES-- Rejected based on WG discussion: https://mailarchive.ietf.org/arch/msg/netconf/XfoOpKslbdbGbX8HZrQHtNRvVkw -------------------------------------- RFC8040 (draft-ietf-netconf-restconf-18) -------------------------------------- Title : RESTCONF Protocol Publication Date : January 2017 Author(s) : A. Bierman, M. Bjorklund, K. Watsen Category : PROPOSED STANDARD Source : Network Configuration Area : Operations and Management Stream : IETF Verifying Party : IESG From nobody Thu Oct 24 03:58:06 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B6D3120104; Thu, 24 Oct 2019 03:57:58 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157191467827.11535.3730533016531165375@ietfa.amsl.com> Date: Thu, 24 Oct 2019 03:57:58 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-notification-capabilities-05.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 10:57:59 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG-Push Notification Capabilities Authors : Balazs Lengyel Alexander Clemm Benoit Claise Filename : draft-ietf-netconf-notification-capabilities-05.txt Pages : 19 Date : 2019-10-24 Abstract: This document proposes a YANG module that allows a publisher to specify capabilities related to "Subscription to YANG Datastores" (YANG-Push). It proposes to use YANG Instance Data to document this information and make it already available at implementation-time, but also allow it to be reported at run-time. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capabilities/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-notification-capabilities-05 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-notification-capabilities-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-notification-capabilities-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Oct 24 04:03:07 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C05301200DE for ; Thu, 24 Oct 2019 04:03:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FEGI3gYPvNB for ; Thu, 24 Oct 2019 04:03:03 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on062e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 857AF12004E for ; Thu, 24 Oct 2019 04:03:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XOuKDpC6R/ZBK43X6PWuB6pXX8lAhXI/i9tV6z9heNneJFm5K3OrzfDvPrzDyOcflrbaEz4GGVGILxUV9DX3ENVP8bmnyqfSUm9GWngp0XXV9c8aQVoYRCaJwMcgjCQ42yvG+IMdmOWPCMC5+XUZqUEzTj+g019VTfrWJeSZoXWC2M/lmRewxGexPLRSRVI/o4H+k0cnc8aXBD5ZxXoKIHXjkGKkOYB5k6NQmeCUJ52+iOS52DC7j7xfbXi1i5YpPS32/1R5pEmVyqy+On0T/B+rM18/RKQZ0CRHKCd1xLiNUTYhFc3CUCXDoWw1cWaV/oUIIu1F8ZSiTFqwtVQ8kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0nzQj5nqYesNrfrHln6qCd6j6o8k4wLpKxkdag+nRCE=; b=YGGEpsOjogkDWIaqOKX7IjhA4jwZX5xSo9HjTfA77BLZ0ESjG6zXR+x1Ai3Y16QGtS4ZaF0Q9WybyuNZVJCLlZtxzrrx2DMO1oQ6b8whDcZgvb6pDqkihLhkMhSxTjM+o2P9mHtcdmIndBVX8RT2T2VhXbyqoRNIF39Nm4OlBcCi6Jqi+Zt2axmH5iLPnXA49KAk1TAS81M8WePgMjpnkReYc2lPF6YSjUj9wLwjZJGZ4UNoZ1y1qYyg5Ar8eEhe7WxkfAABZppyLQIZZfMkSQ306qZ6uq5Bzp5UspCNphNAlPUiG7o7PxrJ2DpWzh4gblMtbHeEF6FPjsvSgFNjbw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0nzQj5nqYesNrfrHln6qCd6j6o8k4wLpKxkdag+nRCE=; b=RaV2hzAmDSc3F0cEwFGmsKY3OJlKzzvL4wISUx0a9WOCVNJSfoyEeQQpTS7MC5fWYla7XmMN7JwEtvWVayk3JLHUs1hcNQKOOVi/xBeW415sK9uSMqNDx4AtdYzEXfXcCphZg7bEJ8osrv6gycxu8msQ7b+3yHV5agvWZOoHbS0= Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com (10.169.137.153) by VI1PR0701MB2191.eurprd07.prod.outlook.com (10.169.130.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.17; Thu, 24 Oct 2019 11:03:00 +0000 Received: from VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::6058:31bd:e6f1:e143]) by VI1PR0701MB2286.eurprd07.prod.outlook.com ([fe80::6058:31bd:e6f1:e143%11]) with mapi id 15.20.2387.021; Thu, 24 Oct 2019 11:02:59 +0000 From: =?iso-8859-1?Q?Bal=E1zs_Lengyel?= To: "netconf@ietf.org" Thread-Topic: [netconf] I-D Action: draft-ietf-netconf-notification-capabilities-05.txt Thread-Index: AQHViln7NJc/AgPc+Uez/D2i8kerk6dpn2BA Date: Thu, 24 Oct 2019 11:02:59 +0000 Message-ID: References: <157191467827.11535.3730533016531165375@ietfa.amsl.com> In-Reply-To: <157191467827.11535.3730533016531165375@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.lengyel@ericsson.com; x-originating-ip: [89.135.192.225] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 250f38e7-ce1e-4c39-9739-08d75871bb96 x-ms-traffictypediagnostic: VI1PR0701MB2191: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0200DDA8BE x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(366004)(396003)(136003)(39860400002)(199004)(189003)(13464003)(76116006)(66616009)(66476007)(2351001)(316002)(66446008)(71190400001)(64756008)(66556008)(45776006)(71200400001)(5660300002)(74316002)(55016002)(15650500001)(66946007)(6436002)(66066001)(6246003)(476003)(6306002)(81166006)(81156014)(486006)(8676002)(52536014)(229853002)(25786009)(7736002)(305945005)(1730700003)(8936002)(66574012)(11346002)(186003)(2501003)(99286004)(7696005)(5640700003)(102836004)(26005)(86362001)(446003)(9686003)(6506007)(53546011)(2906002)(99936001)(3846002)(6116002)(14454004)(6916009)(4001150100001)(33656002)(256004)(14444005)(966005)(478600001)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2191; H:VI1PR0701MB2286.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: xDSEk52Dn7EP+WwqdxN3Z23Ajq1OutZqfcqvoa3oAtrI39x4Gpe0XfPWftrbKwOMNogB3rXkYMPTLMT2Rkb9tht90i51HH3arjI+YxG1UxI5gFNy8XxhiZjl6BBgiZvuUL82L5JdGCSIPTvbQoX9hMwo686xA5QfF0XFrbqAWn5XRVFsUFeJ/9bOH+NfDC103b4U0acOh8Zumx5V+TTCfJ8SjJKAVQMZ3XTjx6ZYzkcr7KMW4Yw5krnGciXc8UUV4p/9mtlHZmK7r124kO+DzUe/a0/V6Xwe5JM99k7y2jsVWrOZrjFdw3Imzsg4LgP9SY83TdkOgtdk7DPSkBVzMEH8g0hOi8irLAO21FYAmGzz7FG3ZvguW+ea9b+mKKq7C9YsXvwQhefgVsLev7RM8UEj0niJWmcm9RLl7IhfPBafjIqF3y28JcFp4ek/as6v x-ms-exchange-transport-forked: True Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_004E_01D58A6B.5B98C510" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 250f38e7-ce1e-4c39-9739-08d75871bb96 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2019 11:02:59.4463 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UqMYEn8M0Hl9q8hQJqaXF0mRuYTTDeeQnfnXTf+3hgX/WPLITujrOiug2B6WBjDYFMrshZocWPxTqy5ptxXD5s5YkjR7ZiTEw7C6u4Iq03w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2191 Archived-At: Subject: Re: [netconf] I-D Action: draft-ietf-netconf-notification-capabilities-05.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 11:03:06 -0000 ------=_NextPart_000_004E_01D58A6B.5B98C510 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, The draft is updated with all agreed comments from WGLC.=20 - Added 2 new capabilities - restructured YANG module. Functionality is the same, but it now uses = the node-selector the same way as ietf-netconf-acm Regards Balazs -----Original Message----- From: netconf On Behalf Of internet-drafts@ietf.org Sent: 2019. okt=F3ber 24., cs=FCt=F6rt=F6k 12:58 To: i-d-announce@ietf.org Cc: netconf@ietf.org Subject: [netconf] I-D Action: draft-ietf-netconf-notification-capabilities-05.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : YANG-Push Notification Capabilities Authors : Balazs Lengyel Alexander Clemm Benoit Claise Filename : draft-ietf-netconf-notification-capabilities-05.txt Pages : 19 Date : 2019-10-24 Abstract: This document proposes a YANG module that allows a publisher to specify capabilities related to "Subscription to YANG Datastores" (YANG-Push). It proposes to use YANG Instance Data to document this information and make it already available at implementation-time, but also allow it to be reported at run-time. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-notification-capabili= tie s/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-notification-capabilities-= 05 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-notification-cap= abi lities-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-netconf-notification-capab= iliti es-05 Please note that it may take a couple of minutes from the time of = submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ netconf mailing list netconf@ietf.org https://www.ietf.org/mailman/listinfo/netconf ------=_NextPart_000_004E_01D58A6B.5B98C510 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIVbjCCAyAw ggIIoAMCAQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVy YTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5 NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFz czIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoWN/xIvb1/ gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05dfBsm03V57eaE 41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO7N05lU6DBn/nSUDI xQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50CldG2uXE6aQg/D7ThQseI 9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY6LST6nVEawRgIHFXh53zvqCQ Iz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEqgqliE0148MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4 pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3W NEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuDwyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+ch dQYH2BK0ISBwQnGB2jyaNr6mWw1qbJofkXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuo Lp0UWgV1t+zXY+K6NbYECJHo2p2c9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzf TDCCBX0wggRloAMCAQICEQCH7S4aKCZKxRmqOuu5DaLLMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV BAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBDbGFzczIgQ0EwHhcNMTQx MjA1MDgxOTE1WhcNMjEwNDA1MTAyOTAwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UE AwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMK+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65I tqwA3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75L jo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJ jmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c 3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+J Wov3F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0h ADnJoWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTw EhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVN AgMBAAGjggGAMIIBfDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYS50cnVz dC50ZWxpYXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY2VyMA8GA1UdEwEB/wQFMAMBAf8wGQYD VR0gBBIwEDAOBgwrBgEEAYIPAgMBAQIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1 j5qWDNXr+nuqF+gTEjCBuQYDVR0fBIGxMIGuMG+gbaBrhmlsZGFwOi8vY3JsLTEudHJ1c3QudGVs aWFzb25lcmEuY29tL2NuPVNvbmVyYSUyMENsYXNzMiUyMENBLG89U29uZXJhLGM9Rkk/Y2VydGlm aWNhdGVyZXZvY2F0aW9ubGlzdDtiaW5hcnkwO6A5oDeGNWh0dHA6Ly9jcmwtMi50cnVzdC50ZWxp YXNvbmVyYS5jb20vc29uZXJhY2xhc3MyY2EuY3JsMBMGA1UdIwQMMAqACEqgqliE0148MA0GCSqG SIb3DQEBCwUAA4IBAQAQ1elFTM6fGkQ/aRKdkUZicO3Cb9uzBJOpOtFctw+1El0/17lsjoVvJkZB D3KnUobnrriFdAa+7FAN55KLmZeB/3Y2bG0bB4toSyaVHjOQnQY9M0dv8U852w0Q7GwchKfebLUI bh9TMt2hI3Xc6j4knFTBUo7C1WAfO51K4bn1irmX6/Ej2VTgiOFsvOAny28W6enFSEQpSHw60VhN fSttSqTOxyrRR/7kW7Y8yb/3DZDZ/dH6ZCfx/y+BNIv2NuSd85M9HXUzplXXohti4Ql/qeaMn6by Ius6XlMWZZfkdVRvTuk2PkeC7UmAJ2+/DUWOPpawaytMXVfF4Hvxk34NMIIF/zCCA+egAwIBAgIR AOm+1xFswMzmixU1jNT/MSEwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoM CEVyaWNzc29uMSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzMB4XDTE3MTAw OTE1MjQ1OFoXDTIwMTAwOTE1MjQ1N1owajERMA8GA1UECgwIRXJpY3Nzb24xGDAWBgNVBAMMD0Jh bMOhenMgTGVuZ3llbDEqMCgGCSqGSIb3DQEJARYbYmFsYXpzLmxlbmd5ZWxAZXJpY3Nzb24uY29t MQ8wDQYDVQQFEwZFVEhCTEwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUtnneUfH i428YPkvW+AsCNeKCCKq72SzUZpBggijy+oLVO0cgTXXHygrZ+KT8TbyEkPwuHi+V4TQxWAyMhGa nWZHWZXe9ghEZrJDJbCzFMHOqR+wEDnI1vM3sfQQ68iSsWQLd9opnb2/ihiJlt9up75VRpyj5lea bvzxOLQimJgZiXaZzsPPT2nROyytKxOsE5KbfT3mNof3bMG1bggZtGGA1GBJchwdFJwQKIShfPVm 1CdulvJV1hPVecxttMJNPzSfSfryb/b64QnR5yc/pSx8SxD0h0rnNT73Al3Af2iRghdXN4omDKZY OcdK/sE5HTmLTFuWoZAnL/RntOK9AgMBAAGjggHBMIIBvTBIBgNVHR8EQTA/MD2gO6A5hjdodHRw Oi8vY3JsLnRydXN0LnRlbGlhLmNvbS9lcmljc3Nvbm5saW5kaXZpZHVhbGNhdjMuY3JsMIGCBggr BgEFBQcBAQR2MHQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwMi50cnVzdC50ZWxpYS5jb20wSAYI KwYBBQUHMAKGPGh0dHA6Ly9jYS50cnVzdC50ZWxpYXNvbmVyYS5jb20vZXJpY3Nzb25ubGluZGl2 aWR1YWxjYXYzLmNlcjAmBgNVHREEHzAdgRtiYWxhenMubGVuZ3llbEBlcmljc3Nvbi5jb20wVQYD VR0gBE4wTDBKBgwrBgEEAYIPAgMBARIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly9yZXBvc2l0b3J5 LnRydXN0LnRlbGlhc29uZXJhLmNvbS9DUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMC MB0GA1UdDgQWBBSkJw2vbyMFmf9tY1urk9NeYfiMgTAfBgNVHSMEGDAWgBQcexmel5x2rCA92Nzj kWrj2y2mUzAOBgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAD1RCVf5Df2uCXwPveXz LBGIjsz3k2la5UUlioC+i4Ms6vGstqXIX7K24+Wc41npi+G5xFhvkAkmuTP/j29F5xJJuJcy3OcL 0br02vKe2WJJnlivB+X9plPg0kMUBS0lLq7kHPUrO/BLeIIFRuaky05eZlTnGNcLbn5VpZdjX4Ic XZV78qpZI3L67Po1UgHzOTiWolc75jrKOx3UOw98fWRrgJPBUIeqDeD1NDfF7PlM4Cqlad062o6L lM9wfAnoLzz0z04dPXtJkOcTiZgOLdPoKIm7LR1wZ9c6mYw4sgtoVAs16Y2cCPBxqWpsW+9ZCcDK PPZzeBezCKyicpDJbTqCVMILd3j38HWUPWFuVITZNgANzHW1CpgqmiLIAADiznCCtudTE+fcB3O9 duuu/yuEME17LMy1GYMKXs1QCXmTq2hrqTJQ2AA2TsWZtoxl3ViqJgNBWjnQiMwdCl5Dural2jZP /iU6MmiauUNYn9YW/ViUluoBBdaUHMpnP/7kM0Wk8j3Wzhcggx+Biml2gCopMaK1EJYjQH/2J95N GEkSdZfVzFUmwV3yMd4mOhIaxW0SEq9b1eWICZ/BAcVBpSyU0sE1gpnBO5wLxj+IpSdiGlS4jc37 qCr/39xdv1Unu93glCmHq0xgX54N8EsyMBPC3+zSSu1qhCbU7VJWIz2aMIIGwjCCBKqgAwIBAgIQ U7h+g+GcmSiTsJtJHOy46zANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEf MB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2MTAeFw0xNTEwMjcxMjE2NDZaFw0yNTEwMjcx MjE2NDZaMEcxCzAJBgNVBAYTAlNFMREwDwYDVQQKDAhFcmljc3NvbjElMCMGA1UEAwwcRXJpY3Nz b24gTkwgSW5kaXZpZHVhbCBDQSB2MzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOzy 3wAAuFDyp7vYVLfGk/fjwao71MNGNLSzzl5DtjQtMtl2ZLPZyX6ViqzTN9JOb7uZ6KxuGSpReQvt 8XOh7iIhkKH9W5hRpbjTsJmUMJd6zifhOpNK6iSU3q44+FjsQL1lVtcguUuFG6aZN0N3GFVbgt6j RrASF8t/3wy9bHPAIfMyPybpg6Y2PH5/1NwkTepoDSmK69LGV+lV2IK6U9OWayZXZFIFIDCoGyFl hFxAEgN+qZ2+Rqg/0TM0oCHvKO2ELSGmAdnJkwizR42ji/Y9SYTSuG75mzSe6OfCGWM8Db/xvy/2 0aLEPXNu1PvOgzY63WZ6cmkWnjMlVJ90pWC2haqDm3Yf8TRdjUvAl7Pz1bTuexwShzIGakL7MkCY rEqHMRaojI/VStloQgW76E76zQ2byw5QxrhOUbisBSKRzlTlOZQgYFFAbG6ViF8DOpJh/ygtQwuT LUM5r15G7eynQV1AMTNCWcX+HUvgArUw6RfW9L58uA68GjktFTV8s9RlDsUqsNcLqeXaV28S2WMd ay0YGaq/bloS8AD7KuumUKH+Ri9IGO9mJvP05tvDHjKpLvv80c3WLJnJU/aznYHYEt2+jjKHOTqd GTxL/zMdpRSQFSuu+KM8NoYrkU1VJqKga+QLsgqKghMp99gu1P1e6KsqseWHdXORrMbjqkBXAgMB AAGjggG4MIIBtDCBigYIKwYBBQUHAQEEfjB8MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC50cnVz dC50ZWxpYXNvbmVyYS5jb20wSwYIKwYBBQUHMAKGP2h0dHA6Ly9yZXBvc2l0b3J5LnRydXN0LnRl bGlhc29uZXJhLmNvbS90ZWxpYXNvbmVyYXJvb3RjYXYxLmNlcjASBgNVHRMBAf8ECDAGAQH/AgEA MFUGA1UdIAROMEwwSgYMKwYBBAGCDwIDAQECMDowOAYIKwYBBQUHAgEWLGh0dHBzOi8vcmVwb3Np dG9yeS50cnVzdC50ZWxpYXNvbmVyYS5jb20vQ1BTMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j cmwtMy50cnVzdC50ZWxpYXNvbmVyYS5jb20vdGVsaWFzb25lcmFyb290Y2F2MS5jcmwwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUHHsZnpec dqwgPdjc45Fq49stplMwHwYDVR0jBBgwFoAU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcN AQELBQADggIBAFBYa/HVjDu0LqtXQ8iMp8PLFpqchf41ksQY6R1AsoZbaBUu0NQlAQ9GzlC1pmI5 s0cJnuaZI0xV6TiWS3/R2p9UgW61XD9CTIUbAL31mY3BdJf3P46gzKgQEca/DlFjq9GVmuPS4q90 BLNgvgoxoHubc3C6s0OaY1sbnay5EhnvrAE4Q511FlxmJPLnRmQGpieeXa3cPegFfY1kJDKyyFRy pF1RuRLXcdMIgKEy5NX1bS3M9dQ4mgmUmVT2d33UiKSEYQ6s/B+LFaaz4LywXSv2o3W4kbHoQs86 IWst821ww0wxsCpEfClIvF7fBw2QkbG/1PwuzAuLVStEhDzkAqOrMGctKyNEaBsyAn7Eq2eCa8QD Xnkmagp9QPsNFs/oqnXj9j1cVtH9a4OPzhtg0pd7gd0NzU/5QxibXqbYvouQgihGXHQDmaL4ruN7 C4arMUqRo82YnREsKL7h3j/jtmzcMLc9Q07F04QQd/iSR1Y5pIi6PdNBiE2/4uyAXS6KOIGZrPbN QUNrZtwiQpqQNl8AUzgegfPwrYFlFocpaF3d1m5r+2VKKqiRQVfYPGYeZnWfkcz06JoAhc/9mjbH XSP9hvWYzeLRuoZqHGUdjOX9DIQb926OneV7C5WMIjSY8ORkamG/HKqngmjypL3gSc6oG/E6B+1i 6Ds5j0Qpj5aQMYIDBTCCAwECAQEwXDBHMQswCQYDVQQGEwJTRTERMA8GA1UECgwIRXJpY3Nzb24x JTAjBgNVBAMMHEVyaWNzc29uIE5MIEluZGl2aWR1YWwgQ0EgdjMCEQDpvtcRbMDM5osVNYzU/zEh MAkGBSsOAwIaBQCgggF+MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MTAyNDExMDI1OFowIwYJKoZIhvcNAQkEMRYEFEiIoU1keynV0sdUf/Palg7krRb/MEMGCSqG SIb3DQEJDzE2MDQwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcG BSsOAwIaMGsGCSsGAQQBgjcQBDFeMFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29u MSUwIwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8x ITBtBgsqhkiG9w0BCRACCzFeoFwwRzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEVyaWNzc29uMSUw IwYDVQQDDBxFcmljc3NvbiBOTCBJbmRpdmlkdWFsIENBIHYzAhEA6b7XEWzAzOaLFTWM1P8xITAN BgkqhkiG9w0BAQEFAASCAQCNx6rRbqDEsac6mM8OXFqz9lJt1OzGCzR0oZn/XqTz2jL5WtRGPMu8 cZ4xBftUIxP8ltc8Pjq/D9TXyK2R897q9refSeizIFIsXgtMw8pkNnhUSoGldG5/XHHSZFIV0Kn8 m98LShXXk+oeshO9mj35ZgbKU9yaehszA2b5enYx4t0fxnhVTHF9ecREzVFQss7YpVwzg0XkPUrW QLscfWEHxW0YhXMycnUkzCmttUr+ljYcEAj+2pBpRthgGd4fr/pj6sQtY61YtTT/ai5SRK+VzCSI n5cmTEBZENMGoLSUpQVGqBrgvMK9GC22Lbw844xUNbqXmqoDyexwkeJm7NpmAAAAAAAA ------=_NextPart_000_004E_01D58A6B.5B98C510-- From nobody Thu Oct 24 12:26:02 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 275FC120047 for ; Thu, 24 Oct 2019 12:26:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-YotXK3oXaQ for ; Thu, 24 Oct 2019 12:25:59 -0700 (PDT) Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A73120025 for ; Thu, 24 Oct 2019 12:25:59 -0700 (PDT) Received: by mail-pf1-x434.google.com with SMTP id x28so2278454pfi.12 for ; Thu, 24 Oct 2019 12:25:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=7529M5+LKZOzS2/dh5eqRJrAK6wF5LVQ25zxUvKDcpM=; b=abV4f9jKajeDmoMZDVOMsh27O/IPShu6WuOV7Im9fLFylZOWMrDhmtP6ei7DwWT8Sg idt4PDB7CBETEnO8YD4FKt8feSmpvyks5tqQWLchQJGigrIyTTWEHdyoAKDoZfNx8jT+ TcLRkh3wCEZlIU8FBKMsmLJ4MXMYQXfrMGOyky6lHR8/BHO4kWzWzUgwgmJFF88IXced R0+XN7nHv+6L4GQ19M2zF424s7cBF+R54TXleXEWSJSa6xRNK22YuVmBgcqd1uFsecRb Prfh+BV5yslhS0UfweUHdB1TCBYcMX7aVXPO3O8GQj65P1OERdZTS6FduMVoScSJeZsB novA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=7529M5+LKZOzS2/dh5eqRJrAK6wF5LVQ25zxUvKDcpM=; b=gDa+qHAIuL/kncJlXtH6FbM8e1vrqAuY0E5QE2xdt/GzHFx8o4lc6Ld+yZc7JIVbky Q4MGaSb5RYYjWZXrOHleyeSnzuraGel5vZ80neTjm9RxQ1ywK4bvmoVqfpuESC2tK0zY YWR8EnodjGLUpy5axeo3z7QGGiA7amthCo9LbRAlYIvCOn5DkqvZrAavxka4zvZxUJh0 syaIsVOMvNvspjxFEadIctpXlq8HLuP73xBNdkYAX+skzuI91SfxM+Ssi8K8ceXhlPLr bxobG09TTWlkgiD+8sPtGWRSf6DckGmghxObKG/kn7cBDyCRY3EE0M5i32e+Ryoz2E/E Ou3w== X-Gm-Message-State: APjAAAXeZ6RrrhaARRRq2I2IwvNIbuN/FIlQVGCimh59pnUWGziaxbtl pXAOQ8BH6lCcBNwQJXuI+HLBIm2m X-Google-Smtp-Source: APXvYqzaMfT58fJeIvi/UFkU1RIO+eqvVWJp+/a62q90U9ucRVH98C2jYUZJuG0kWpd7diPfKlclAA== X-Received: by 2002:a63:6c49:: with SMTP id h70mr3363498pgc.123.1571945157958; Thu, 24 Oct 2019 12:25:57 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id k9sm26330869pfk.72.2019.10.24.12.25.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 24 Oct 2019 12:25:56 -0700 (PDT) From: Mahesh Jethanandani Content-Type: multipart/alternative; boundary="Apple-Mail=_73F500CC-CF7B-436B-AB59-4D6A091B7FCA" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Thu, 24 Oct 2019 12:25:55 -0700 References: <4F49DF08-B7FC-4EBD-9D6B-7BC329E50334@gmail.com> <6234A83E-D730-4978-BD0D-7E8085F949B5@gmail.com> To: Netconf In-Reply-To: <6234A83E-D730-4978-BD0D-7E8085F949B5@gmail.com> Message-Id: <974EB590-9D43-4454-BC85-37D607E0B75D@gmail.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] WGLC for draft-ietf-netconf-notification-capabilities X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 19:26:01 -0000 --Apple-Mail=_73F500CC-CF7B-436B-AB59-4D6A091B7FCA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Balasz has posted an update to the draft that addresses comments = received during LC. If you provided comments during that period, please = evaluate if your comments have been addressed. Thanks Mahesh (and Kent). > On Oct 2, 2019, at 12:17 PM, Mahesh Jethanandani = wrote: >=20 > This concludes the LC on the draft. Authors, please address all the = comments provided as part of LC, and post the updated draft.=20 >=20 > Thanks.=20 >=20 > Mahesh & Kent.=20 >=20 > On Sep 24, 2019, at 10:50 AM, Mahesh Jethanandani = > wrote: >=20 >> We were supposed to have closed on the WGLC today. However, between = the document becoming a WG item and it going into LC, we have not = received too many comments on the draft. As such, we are extending the = LC by another week. Please review the draft and provide any comments you = might have. >>=20 >> Mahesh & Kent (as co-chairs) >>=20 >>=20 >>> On Sep 10, 2019, at 3:39 PM, Mahesh Jethanandani = > wrote: >>>=20 >>> Authors have published -04 = version of the draft, which addresses comments they received in IETF = 105. If you provided comments please check to make sure your comments = have been addressed. At this point, the authors believe that the = document is ready for WGLC. >>>=20 >>> This therefore starts a two week LC, ending on September 24th. = Please provide any technical comments you might have on the document. If = you believe the document is not ready for LC, please state your reasons. >>>=20 >>> We will issue a IPR poll separately.=20 >>>=20 >>> Mahesh & Kent (as co-chairs) >>>=20 >>>=20 >>>=20 >>=20 --Apple-Mail=_73F500CC-CF7B-436B-AB59-4D6A091B7FCA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Balasz has posted an update to the draft that addresses = comments received during LC. If you provided comments during that = period, please evaluate if your comments have been addressed.

Thanks

Mahesh (and Kent).

On Oct 2, 2019, at 12:17 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:

This concludes the LC on the = draft. Authors, please address all the comments provided as part of LC, = and post the updated draft. 

Thanks. 

Mahesh & Kent. 

On Sep 24, 2019, at 10:50 AM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:

We were supposed to = have closed on the WGLC today. However, between the document becoming a = WG item and it going into LC, we have not received too many comments on = the draft. As such, we are extending the LC by another week. Please = review the draft and provide any comments you might have.

Mahesh & Kent (as = co-chairs)


On Sep 10, 2019, at 3:39 PM, = Mahesh Jethanandani <mjethanandani@gmail.com> wrote:

Authors have = published -04 version of the draft, which addresses = comments they received in IETF 105. If you provided comments please = check to make sure your comments have been addressed. At this point, the = authors believe that the document is ready for WGLC.

This therefore starts a two week LC, = ending on September 24th. Please provide any technical comments you = might have on the document. If you believe the document is not ready for = LC, please state your reasons.

We will issue a IPR poll = separately. 

Mahesh & Kent (as co-chairs)






= --Apple-Mail=_73F500CC-CF7B-436B-AB59-4D6A091B7FCA-- From nobody Fri Oct 25 14:12:31 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 89254120807; Fri, 25 Oct 2019 14:12:00 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: ibagdona@gmail.com, netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <157203792055.2724.10761242385741854057.idtracker@ietfa.amsl.com> Date: Fri, 25 Oct 2019 14:12:00 -0700 Archived-At: Subject: [netconf] netconf - Requested session has been scheduled for IETF 106 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 21:12:01 -0000 Dear Mahesh Jethanandani, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. netconf Session 1 (2:00 requested) Monday, 18 November 2019, Afternoon Session II 1550-1750 Room Name: Olivia size: 150 --------------------------------------------- iCalendar: https://datatracker.ietf.org/meeting/106/sessions/netconf.ics Request Information: --------------------------------------------------------- Working Group Name: Network Configuration Area Name: Operations and Management Area Session Requester: Mahesh Jethanandani Number of Sessions: 1 Length of Session(s): 2 Hours Number of Attendees: 65 Conflicts to Avoid: Chair Conflict: netmod Technology Overlap: opsarea opsawg Key Participant Conflict: babel tcpm bfd anima idr rats People who must be present: Mahesh Jethanandani Kent Watsen Ignas Bagdonas Resources Requested: Special Requests: One of the key participants has requested for this WG session to be in the early part of the week, preferably Monday or Tuesday. --------------------------------------------------------- From nobody Sun Oct 27 19:22:54 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAE26120090 for ; Sun, 27 Oct 2019 19:22:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNiJ3ew1yXQo for ; Sun, 27 Oct 2019 19:22:50 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9004D120089 for ; Sun, 27 Oct 2019 19:22:50 -0700 (PDT) Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 067C93B48D0A69E1A1B9 for ; Mon, 28 Oct 2019 02:22:48 +0000 (GMT) Received: from lhreml726-chm.china.huawei.com (10.201.108.77) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 28 Oct 2019 02:22:47 +0000 Received: from lhreml726-chm.china.huawei.com (10.201.108.77) by lhreml726-chm.china.huawei.com (10.201.108.77) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 28 Oct 2019 02:22:47 +0000 Received: from NKGEML414-HUB.china.huawei.com (10.98.56.75) by lhreml726-chm.china.huawei.com (10.201.108.77) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Mon, 28 Oct 2019 02:22:47 +0000 Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml414-hub.china.huawei.com ([10.98.56.75]) with mapi id 14.03.0439.000; Mon, 28 Oct 2019 10:22:44 +0800 From: Tianran Zhou To: 'Netconf' Thread-Topic: New Version Notification for draft-zhou-netconf-multi-stream-originators-08.txt Thread-Index: AQHVjTVfZDkIzfrNS0ms/LL2YSCGi6dvULEw Date: Mon, 28 Oct 2019 02:22:43 +0000 Message-ID: References: <157222883867.17172.10783539642308684114.idtracker@ietfa.amsl.com> In-Reply-To: <157222883867.17172.10783539642308684114.idtracker@ietfa.amsl.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.111.156.116] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: [netconf] FW: New Version Notification for draft-zhou-netconf-multi-stream-originators-08.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 02:22:53 -0000 SGkgV0csDQoNCldlIHVwZGF0ZWQgZG9jdW1lbnQgYmFzZWQgb24gdGhlIGNvbW1lbnRzIGZyb20g dGhlIGNoYWlycy4gVGhhbmtzLg0KVGhlIG1haW4gY2hhbmdlcyBpbmNsdWRlOg0KMS4gQ2xlYXJl ZCB1cCB0aGUgZG9jdW1lbnQgdG8gZml4IFRlcm1zLCBuaXRzLg0KMi4gUmVkdWNlZCBpbnRlcm5h bCBpbXBsZW1lbnRhdGlvbiBkZXNjcmlwdGlvbnMuDQozLiBDbGFyaWZpZWQgTWVzc2FnZSBHZW5l cmF0b3IgSUQuDQoNClJldmlldyBhbmQgY29tbWVudHMgYXJlIHdlbGNvbWUuDQoNClRoYW5rcywN ClRpYW5yYW4NCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBpbnRlcm5ldC1kcmFm dHNAaWV0Zi5vcmcgW21haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmddIA0KU2VudDogTW9u ZGF5LCBPY3RvYmVyIDI4LCAyMDE5IDEwOjE0IEFNDQpUbzogQW5keSBCaWVybWFuIDxhbmR5QHl1 bWF3b3Jrcy5jb20+OyBFcmljIFZvaXQgPGV2b2l0QGNpc2NvLmNvbT47IFpoZW5nZ3Vhbmd5aW5n IChXYWxrZXIpIDx6aGVuZ2d1YW5neWluZ0BodWF3ZWkuY29tPjsgQWxleGFuZGVyIENsZW1tIDxs dWR3aWdAY2xlbW0ub3JnPjsgVGlhbnJhbiBaaG91IDx6aG91dGlhbnJhbkBodWF3ZWkuY29tPg0K U3ViamVjdDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC16aG91LW5ldGNvbmYt bXVsdGktc3RyZWFtLW9yaWdpbmF0b3JzLTA4LnR4dA0KDQoNCkEgbmV3IHZlcnNpb24gb2YgSS1E LCBkcmFmdC16aG91LW5ldGNvbmYtbXVsdGktc3RyZWFtLW9yaWdpbmF0b3JzLTA4LnR4dA0KaGFz IGJlZW4gc3VjY2Vzc2Z1bGx5IHN1Ym1pdHRlZCBieSBUaWFucmFuIFpob3UgYW5kIHBvc3RlZCB0 byB0aGUgSUVURiByZXBvc2l0b3J5Lg0KDQpOYW1lOgkJZHJhZnQtemhvdS1uZXRjb25mLW11bHRp LXN0cmVhbS1vcmlnaW5hdG9ycw0KUmV2aXNpb246CTA4DQpUaXRsZToJCVN1YnNjcmlwdGlvbiB0 byBNdWx0aXBsZSBTdHJlYW0gT3JpZ2luYXRvcnMNCkRvY3VtZW50IGRhdGU6CTIwMTktMTAtMjYN Ckdyb3VwOgkJSW5kaXZpZHVhbCBTdWJtaXNzaW9uDQpQYWdlczoJCTIyDQpVUkw6ICAgICAgICAg ICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LXpob3UtbmV0Y29u Zi1tdWx0aS1zdHJlYW0tb3JpZ2luYXRvcnMtMDgudHh0DQpTdGF0dXM6ICAgICAgICAgaHR0cHM6 Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtemhvdS1uZXRjb25mLW11bHRpLXN0cmVh bS1vcmlnaW5hdG9ycy8NCkh0bWxpemVkOiAgICAgICBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0 bWwvZHJhZnQtemhvdS1uZXRjb25mLW11bHRpLXN0cmVhbS1vcmlnaW5hdG9ycy0wOA0KSHRtbGl6 ZWQ6ICAgICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtemhv dS1uZXRjb25mLW11bHRpLXN0cmVhbS1vcmlnaW5hdG9ycw0KRGlmZjogICAgICAgICAgIGh0dHBz Oi8vd3d3LmlldGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC16aG91LW5ldGNvbmYtbXVsdGktc3Ry ZWFtLW9yaWdpbmF0b3JzLTA4DQoNCkFic3RyYWN0Og0KICAgVGhpcyBkb2N1bWVudCBkZXNjcmli ZXMgdGhlIGRpc3RyaWJ1dGVkIGRhdGEgZXhwb3J0IG1lY2hhbmlzbSB0aGF0DQogICBhbGxvd3Mg bXVsdGlwbGUgZGF0YSBzdHJlYW1zIHRvIGJlIG1hbmFnZWQgdXNpbmcgYSBzaW5nbGUNCiAgIHN1 YnNjcmlwdGlvbi4gIFNwZWNpZmljYWxseSwgbXVsdGlwbGUgZGF0YSBzdHJlYW1zIGFyZSBwdXNo ZWQNCiAgIGRpcmVjdGx5IHRvIHRoZSBjb2xsZWN0b3Igd2l0aG91dCBwYXNzaW5nIHRocm91Z2gg YSBicm9rZXIgZm9yDQogICBpbnRlcm5hbCBjb25zb2xpZGF0aW9uLg0KDQoNCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICANCg0KDQpQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEgY291cGxl IG9mIG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNzaW9uIHVudGlsIHRoZSBodG1saXpl ZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQgdG9vbHMuaWV0Zi5vcmcuDQoNClRo ZSBJRVRGIFNlY3JldGFyaWF0DQoNCg== From nobody Mon Oct 28 13:51:41 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2312C120086 for ; Mon, 28 Oct 2019 13:51:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FRELy-FeoH5 for ; Mon, 28 Oct 2019 13:51:38 -0700 (PDT) Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A1B3120024 for ; Mon, 28 Oct 2019 13:51:38 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id p5so1091867plr.7 for ; Mon, 28 Oct 2019 13:51:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=K9fM6CEvMMfDwStR5of5vX1uyGNBdk00wFH6wbX0b24=; b=PXTNb+If/8JT0vYbynuJEc6ly8Z675LE6AmKTeow5h3/V4PvpLnPIpOzcEdJjRpwCy iZKwY9emWLKAtT/byAso7NFITN/XFzbJ0uKrPfhAMV39be8IZwhIfvafEZslBYtQuYO9 fqKZvh81004LRQM2+K/QVUz0ErnkSADJhTD2f+hmisAvbCpil6nv87qQO4IINjfxC2tZ GS0595eLeHw/jtGKj5F1PrQGsWQqDSEFWP9ukgyB4nVrzI7TkCGFnDIAoMtaCVMLzHwU WUysAubCMUJDoU9QaPe62LQugSnEv5xugXahiO2Az13crKQqJxnU/Z5AriLghz7tYbDC d6fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=K9fM6CEvMMfDwStR5of5vX1uyGNBdk00wFH6wbX0b24=; b=aQ0yAI6EIwY5EffUkCsyvRtd1h/A6ZCWdImV9tv43Cx28QlgCa6gq2kcX0M759xk5/ FhMzCaeStZbTw+D9m/ob1HLSRYMILHWrbQOU0Hv/cfc/OgGDAESeNerKfcUXsTI4qbzh UCtOoN1aDCcoGnc90m7JsEE87/AZSTv24JFGLifjJxniIAJ7qZJu7Ch7eF75yidSrq6w PyZWU9wicSJeRQYWMGnFnua3EhtT8xoCQJSceGhnQOtgUhMdr4Nc2IYkx3xDboIM4Cv5 dOaeTlSD0qOBangUhaU4RyuLcG0seqk3aQmgyoHWOAgZcO/SrV3BVg+0yV0ULJM3cINu Zc+g== X-Gm-Message-State: APjAAAU3/h3qzsd93r4oyF/jynu5a2g/ignGynV3edU7beizll3rlEem HwEOXr54mNW6BdZgdgSdVTs= X-Google-Smtp-Source: APXvYqyNqrV1UFiJMi5O0WBrNcG/veiD7PHinSwnrh3pidzXRtNzUgsww1NNo1vE3UB7rhhqAQZLdQ== X-Received: by 2002:a17:902:441:: with SMTP id 59mr34911ple.300.1572295897430; Mon, 28 Oct 2019 13:51:37 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id y20sm12799322pge.48.2019.10.28.13.51.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Oct 2019 13:51:36 -0700 (PDT) From: Mahesh Jethanandani Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_626CAC55-6F05-4C8B-BD67-1D972128630E" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Mon, 28 Oct 2019 13:51:35 -0700 In-Reply-To: Cc: Kent Watsen , "netconf@ietf.org" To: "Eric Voit (evoit)" References: <0100016ccff35064-9da3c8b6-263c-47f6-a4f2-4db9495bc8b7-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] Adoption Call for draft-mahesh-netconf-https-notif-00 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 20:51:40 -0000 --Apple-Mail=_626CAC55-6F05-4C8B-BD67-1D972128630E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Eric, Picking up on this thread ... > On Sep 3, 2019, at 8:00 AM, Eric Voit (evoit) wrote: >=20 > Building upon that, there are a few elements which would be good to = consider in future iterations. > =20 > (1) Understanding the capabilities of the configured receiver is = important. One or more publishers of configured subscriptions could be = used to overwhelm a receiver which doesn't even support subscriptions. = This document should include ways to ensure a configured stream won't = be established with an endpoint unequipped to deal with the inbound = notifications. As a starting point for these discussions, there are = mechanisms in draft-ietf-netconf-restconf-notif v5 to address this. = E.g., the HTTP transport augmentation on the receiver must send an = "HTTP OK" to a "subscription-started" notification before the publisher = starts streaming any subscribed content. You bring up some interesting points. > =20 > (2) Multiple versions of draft-ietf-netconf-restconf-notif include = topics/text which might be useful, even as an appendix. For example = Section B.2 of v5 includes example config operations and interaction = models. Our motivation with the draft is to keep the =E2=80=9Cprotocol=E2=80=9D = simple. The draft does not assume HTTP2, and therefore cannot assume a = state of =E2=80=9Csubscription-started=E2=80=9D as described in = draft-ietf-netconf-restconf-notif-05.=20 What it can do, however, is to use the HTTP Response, much as you show = in your draft, to indicate that the receiver could not process the = notification for whatever reason. > =20 > Side comment: there are advantages in subscriptions over HTTP2 = transports, which I don't believe it will be covered in this draft. = GRPC has the ability to optimize based its leverage of HTTP2. To = examples from draft-ietf-netconf-restconf-notif v5 which are good to = think about are: > (a) optimizing multiple configured subscription streams to a single = receiver (such as a controller).=20 This has been discussed on the thread, where Martin suggested the notion = of =E2=80=9Cpipelining=E2=80=9D of notifications. As far as = =E2=80=9Csubscription stream=E2=80=9D is concerned, the idea was to use = =E2=80=9Cbundled-messages=E2=80=9D structure defined in = draft-ietf-netconf-notification-messages. > (b) it can be easier overwhelm a receiver which is unable to control = or handle the volume of Event Notifications received =20 > It would be good to somehow capture the implications of using = different underlying HTTP capabilities as part of these discussions. I have opened an issue titled "Supporting discovery of receiver = capabilities=E2=80=9D for this in GitHub here = . I am not clear on = how a receiver can document its capability in a way that is meaningful = to each stream across all the streams of messages it is receiving. Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_626CAC55-6F05-4C8B-BD67-1D972128630E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Eric,

Picking up on = this thread ...

On Sep 3, 2019, at 8:00 AM, = Eric Voit (evoit) <evoit@cisco.com> wrote:

Building upon that, there are a few elements which = would be good to consider in future iterations.
 
(1) =  Understanding the capabilities of the configured receiver is = important.  One or more publishers of configured subscriptions = could be used to overwhelm a receiver which doesn't even support = subscriptions.    This document should include ways to = ensure a configured stream won't be established with an endpoint = unequipped to deal with the inbound notifications.  As a starting = point for these discussions, there are mechanisms in = draft-ietf-netconf-restconf-notif v5 to address this.   E.g., = the  HTTP transport augmentation on the receiver must send an "HTTP = OK" to a "subscription-started" notification before the publisher starts = streaming any subscribed content.

You bring up some interesting points.

 
(2)  Multiple versions of = draft-ietf-netconf-restconf-notif include topics/text which might be = useful, even as an appendix.   For example Section B.2 of v5 = includes example config operations and interaction = models.

Our motivation = with the draft is to keep the =E2=80=9Cprotocol=E2=80=9D simple. The = draft does not assume HTTP2, and therefore cannot assume a state of = =E2=80=9Csubscription-started=E2=80=9D as described in = draft-ietf-netconf-restconf-notif-05. 

What it can do, however, is to use the HTTP = Response, much as you show in your draft, to indicate that the receiver = could not process the notification for whatever reason.

 
Side comment:  there are = advantages in subscriptions over HTTP2 transports, which I don't believe = it will be covered in this draft.  GRPC has the ability to optimize = based its leverage of HTTP2.    To examples from = draft-ietf-netconf-restconf-notif v5 which are good to think about = are:
(a) = optimizing multiple configured subscription streams to a single receiver = (such as a controller). 

This has been discussed on the thread, where = Martin suggested the notion of =E2=80=9Cpipelining=E2=80=9D of = notifications. As far as =E2=80=9Csubscription stream=E2=80=9D is = concerned, the idea was to use =E2=80=9Cbundled-messages=E2=80=9D = structure defined in = draft-ietf-netconf-notification-messages.

(b) it can be easier overwhelm a = receiver which is unable to control or handle the volume of Event = Notifications received  
It = would be good to somehow capture the implications of using different = underlying HTTP capabilities as part of these = discussions.

I have opened an issue titled "Supporting discovery of = receiver capabilities=E2=80=9D for this in = GitHub here. I am not clear on how a receiver can document its = capability in a way that is meaningful to each stream across all the = streams of messages it is receiving.

Mahesh Jethanandani
mjethanandani@gmail.com



= --Apple-Mail=_626CAC55-6F05-4C8B-BD67-1D972128630E-- From nobody Tue Oct 29 00:10:32 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E9FB71200CE; Tue, 29 Oct 2019 00:10:21 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Ladislav Lhotka via Datatracker To: Cc: last-call@ietf.org, netconf@ietf.org, draft-ietf-netconf-notification-capabilities.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Ladislav Lhotka Message-ID: <157233302184.6593.3869700028694968875@ietfa.amsl.com> Date: Tue, 29 Oct 2019 00:10:21 -0700 Archived-At: Subject: [netconf] Yangdoctors last call review of draft-ietf-netconf-notification-capabilities-05 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 07:10:22 -0000 Reviewer: Ladislav Lhotka Review result: Ready with Nits ***** Section 2. Introduction - Paragraph 3: the use of MAY is inappropriate: publishers indeed may have limitations, but this should follow from RFC 8641, and this document should take it as a fact. ***** Section 3. Notification Capability Model - The use of RFC 2119 terms is again questionable: I understand the ietf-notification-capabilities data as an optional aid for the implementors, but requiring that "The file SHALL be available in implementation time ..." is way too strict. ***** Section 3.2. YANG Module - This is one of the cases where it would be helpful to know which of the imported modules, such as ietf-netconf-acm, is also intended to be implemented. This may be addressed in a future YANG version (see issue #95 in yang-next), until then I would suggest to include YANG library data describing a minimum implementation. ***** Appendix A. Instance data examples - Example in Fig. 2: the element has an incorrect XML namespace (of the ietf-datastores module). - Many enum values are invalid because they contain leading/trailing whitespace. It would be better to encode the examples in JSON. From nobody Tue Oct 29 05:07:02 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497631201DC for ; Tue, 29 Oct 2019 05:07:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.248 X-Spam-Level: X-Spam-Status: No, score=0.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RATWARE_MS_HASH=2.148, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVbviwqPRwCE for ; Tue, 29 Oct 2019 05:06:58 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130139.outbound.protection.outlook.com [40.107.13.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 340DB120041 for ; Tue, 29 Oct 2019 05:06:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Sys8HojIpeewHxWz9Lu8TxEhPdvOwuvhkm3IIU2MYlwdyw2Zit19MCAh73SS2LJZfG3dK64LY24Bu0IkB5AcwlPQSnD8miWmuWSMDvtGLFBc9AJS6Q0XQhhXL1pzM6DK+q5IgI3pQKmoHZLSkKDB6IQWdEGsKrT0GM9+XsTej9I3HN+MG+LCcnQh1wZmLugyJEDR4AFSx9cEcReC+QqCI2xJIX52x9nY5xXNFaEpsc7Y+lm18Q6QEkBgs54oCZHcYdsFUXo5+aVrlcnsHE08tCy7Cq9sun0AlPIrtecWLsezeGj3LUyhARwe2xhsKmzgJNH6fve3hLWkNfm5uzTZKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CTGtWncX+cWIt+QA2WfDxCULKPZaJTJKOToDWkmRe2Y=; b=FwoSS0R/vz3si2YVH4lefTtqgGqiIXlgnBQ7ZnXVGBzRT4RurwYfLrG9NuxN4ulujPnCNwLHSRwNTLGAajtJjF3Z059gSbjIfwUuExJO1dVqtZxx3gapeCgtlWnXQYC87n3BhqD+r5T6rRVYDp3RE3kQg6MDQn0xhLZYoXGxB05L9gGAko7t+LjzV+jFVaB0Ru1EJrVILKOqbqHI0s3ydJykQf73TLSB5WNk8n9gz94I7CHNwAdwga5fcmgIHFeL57YXFzbWkX6edOxhp+/nUkt6PHt5Lr5XAHZ9e6FoZi0jHtUus0qzemzUQAvHD6at60GiQCF8VeHP9s3BC+Zm3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CTGtWncX+cWIt+QA2WfDxCULKPZaJTJKOToDWkmRe2Y=; b=ObilyUwwvXrQN8wt+oy83UYtspXapo/QIgk/nxzoajr3ZVvvxtz77cf7PXUagxGr7oLdTRBUJ+4M4A+crmuouJQStmJpfnx0d1IknwKLElh7clohURIVrBAn+P6oLZjzR8Z8sNMG3xNu19O2Zf+Zi8F8ixPvrtbOuqOeZP7bU0s= Received: from DB7PR07MB5147.eurprd07.prod.outlook.com (20.178.42.32) by DB7PR07MB4715.eurprd07.prod.outlook.com (52.135.137.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.13; Tue, 29 Oct 2019 12:06:55 +0000 Received: from DB7PR07MB5147.eurprd07.prod.outlook.com ([fe80::99a:1592:683a:ab85]) by DB7PR07MB5147.eurprd07.prod.outlook.com ([fe80::99a:1592:683a:ab85%5]) with mapi id 15.20.2387.021; Tue, 29 Oct 2019 12:06:55 +0000 From: tom petch To: "netconf@ietf.org" Thread-Topic: I-D Action: draft-dai-quic-netconf-01.txt Thread-Index: AQHVjlFbiaTtR3HgdEye2OU6iX7e+g== Date: Tue, 29 Oct 2019 12:06:55 +0000 Message-ID: <06a501d58e50$fa7b2540$4001a8c0@gateway.2wire.net> References: <157227295327.19834.10106980669998711276@ietfa.amsl.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: LO2P265CA0370.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a3::22) To DB7PR07MB5147.eurprd07.prod.outlook.com (2603:10a6:10:68::32) authentication-results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Microsoft Outlook Express 6.00.2800.1106 x-originating-ip: [86.139.211.103] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5b7add17-1550-463c-d45f-08d75c687dc6 x-ms-traffictypediagnostic: DB7PR07MB4715: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0205EDCD76 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(396003)(136003)(366004)(13464003)(189003)(199004)(6436002)(99286004)(966005)(256004)(14444005)(6506007)(386003)(305945005)(3846002)(14496001)(71200400001)(71190400001)(4720700003)(26005)(5640700003)(6116002)(478600001)(102836004)(81816011)(44736005)(1556002)(52116002)(76176011)(6486002)(229853002)(7736002)(2906002)(81686011)(316002)(6916009)(5660300002)(66574012)(6512007)(2351001)(64756008)(6306002)(62236002)(2501003)(66946007)(9686003)(14454004)(66446008)(186003)(25786009)(44716002)(66476007)(476003)(486006)(6246003)(8676002)(446003)(1730700003)(81156014)(81166006)(4326008)(8936002)(50226002)(4001150100001)(66556008)(66066001)(86362001)(61296003)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR07MB4715; H:DB7PR07MB5147.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0; received-spf: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bsHcUr9WctY/dgebq67OOm60O+a1nwdCugpejcoGK5Cyv3+ugZfp/g9pvyb91ADpYOkNZS+BKTTT0akf8mXaGXajKrUCe9O7oGgV0SqepNJoxp1+BH+6lFTv97Tq6Y/rqRGvBfmmG2KAfKO3ghY7rbi1PcsS6c7sYHuxrc1w20ROfvRty9QFV0kLQeGo9QIk1gUbQCMLYE4RY+4Ndkz3fl2/lJluvq68rtQiQoD0wO/nXzAucRlWdH9dTl042VA/GhUP3SciWplXpBLtbxuDqMBi+teJ2qij1o+NeQYjI88zHaf4cS/OBAFRTsIGU1hBOWEiEjIZq81s+gDEtnHrrYfhiNHOSukDyrFllWPD8rJetCeDg09FIvr3HXGEpCipVP4oldk+rOh+w27Z9RSLq6UyeB8VlQ5tEeBZxHM08fcY/bs2NkWLX9yEEiZzSJZPi2nr/xnNXhKnTZLx1c3b7YPkvjSXGvXbEY0/rvhaa+M= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: btconnect.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b7add17-1550-463c-d45f-08d75c687dc6 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2019 12:06:55.5269 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ulfnfbnQAjWHz1lT7H+TyHsyFXNAfrQKeYs+8srSAZSXlcRcM/rtTdveQgO3jY/bBzaNenBr6POJd7FuVS62Vg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB4715 Archived-At: Subject: Re: [netconf] I-D Action: draft-dai-quic-netconf-01.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 12:07:00 -0000 Dai There is something wrong with the formatting of this I-D which, for me, makes it too hard to read. The text is littered with additional spaces, like tab characters gone wild or a malign word processor. I would like that fixed before I try and read it (extra spaces inserted for effect:-). Tom Petch ----- Original Message ----- From: To: Sent: Monday, October 28, 2019 2:29 PM > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : Using NETCONF over QUIC connection > Authors : Jinyou Dai > Xueshun Wang > Yang Kou > Lifen Zhou > Filename : draft-dai-quic-netconf-01.txt > Pages : 13 > Date : 2019-10-28 > > Abstract: > The Network Configuration Protocol (NETCONF) provides mechanisms to > install, manipulate, and delete the configuration of network devices. > At present, almost all implementations of NETCONF are based on TCP > protocol. QUIC, a new UDP-based transport protocol, can facilitate to > improve the transportation performance when being used as an > infrastructure layer of NETCONF. This document describes how to use > the QUIC protocol as the transport protocol of > NETCONF(NETCONFoQUIC). > > > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-dai-quic-netconf/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-dai-quic-netconf-01 > https://datatracker.ietf.org/doc/html/draft-dai-quic-netconf-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-dai-quic-netconf-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt From nobody Tue Oct 29 11:53:43 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6B391209D4 for ; Tue, 29 Oct 2019 11:53:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yq6KoFRgyfzO for ; Tue, 29 Oct 2019 11:53:35 -0700 (PDT) Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 926D612088A for ; Tue, 29 Oct 2019 11:53:35 -0700 (PDT) Received: by mail-pl1-x62f.google.com with SMTP id k7so8107101pll.1 for ; Tue, 29 Oct 2019 11:53:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=tipdjot2Z7EKqdgkClTCHutL/mqeSdVKFX5OKwDkl3I=; b=K2c2/u/6KgvroSpWu8Wz6hvJALAP/w0/hT7lupxhK6o4XpA7T0P83urquhR5NXjx3F 59alDgqiIEqjYrkFDw6NaSp3YKn+OEt/OpyNdsGr2z9d385+blEqeruqis5WGtVVDlVe 2VnIb23T6h4rFfDM6XqkUiiEoJse5dEg+Fc+B7rYo4Bg4CoxRy7wK2SwWBcOI3h1+aJ6 nOZqyP792619fPZ6kwtgPiu0te3s/tWqAN8lx+1RQ39fhFQV+RX5w3yYftu/ayzKUwlF s1AegwUYLAb83iqO8lhJUKfD41J8tXMIQFGWTtAo5KR3pEitFWN6tTBDd4KQq/QahHXC FtWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=tipdjot2Z7EKqdgkClTCHutL/mqeSdVKFX5OKwDkl3I=; b=ssOQ3c/QjAc6BYK7dRdU3W7k+MpsmZZrqHxZyJhTZJXZjQnFib6003ckA5KZCRcRZn /NlsTWW+A7qWOe0lQG0HDJ8W0gggygPcSXE35cjPHfnk6evIh2zsA4gPg6jhjVVQ2kTj p+wzDh5P4DYM+quP92M8jHRDq7gTS4+LTKrroB36xE7nUnRK3EUbzcvbvh6CQ0W8AWFe 9z6rY3M0Lvl1xnR50Oabngx1+VAhom3eGqRquuE02z/cEx3OV5hWt8HVEDY5bupW8j+j 24y15xhAKui5HDnLO4kLoEq/EUNEF9yZl3m173kqgpORAxZllODEfECwICeK4t0XYUSN crWw== X-Gm-Message-State: APjAAAX/rYaSLMMle2OmuKSDSoaM+PJIiJlpeeoKfiFz/vaT2rozlVVR 4Xx1ukmNalpNtpLrVwulq9c= X-Google-Smtp-Source: APXvYqxhDwawQVhGH8DO1UOHRSMOblRE1jgdQLeeiN5FE1vtUVgFywf0UlD5CNGniQG10CxAXq6/BQ== X-Received: by 2002:a17:902:b20b:: with SMTP id t11mr140256plr.89.1572375214834; Tue, 29 Oct 2019 11:53:34 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id d10sm14001671pfh.8.2019.10.29.11.53.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Oct 2019 11:53:33 -0700 (PDT) From: Mahesh Jethanandani Message-Id: <01C76D74-D327-4AA7-9824-7FC90434A22B@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_2CD182DB-2D92-469F-8E6E-BF26662EA741" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Tue, 29 Oct 2019 11:53:32 -0700 In-Reply-To: <06a501d58e50$fa7b2540$4001a8c0@gateway.2wire.net> Cc: "netconf@ietf.org" To: tom petch References: <157227295327.19834.10106980669998711276@ietfa.amsl.com> <06a501d58e50$fa7b2540$4001a8c0@gateway.2wire.net> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] I-D Action: draft-dai-quic-netconf-01.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 18:53:40 -0000 --Apple-Mail=_2CD182DB-2D92-469F-8E6E-BF26662EA741 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Thanks Tom for bringing it to the NETCONF mailing list. Authors, have you considered presenting this draft in the NETCONF WG? Some quick comment: s/This document specifies how to use QUIC as the secure transport = protocol for QUIC./This document specifies how to use QUIC as the secure = transport protocol for NETCONF./ Can you also expand on the following statement, in light of the fact = that NETCONF is a client/server protocol, and that each NETCONF session = is a separate TCP connection? As is well know, TCP has some shortcomings such as head-of-line blocking Thanks. > On Oct 29, 2019, at 5:06 AM, tom petch wrote: >=20 > Dai >=20 > There is something wrong with the formatting of this I-D which, for = me, > makes it too hard to read. The text is littered with additional > spaces, like tab characters gone wild or a malign word processor. I > would like that fixed before I try and read it (extra spaces > inserted for effect:-). >=20 > Tom Petch >=20 > ----- Original Message ----- > From: > To: > Sent: Monday, October 28, 2019 2:29 PM >=20 >> A New Internet-Draft is available from the on-line Internet-Drafts > directories. >>=20 >>=20 >> Title : Using NETCONF over QUIC connection >> Authors : Jinyou Dai >> Xueshun Wang >> Yang Kou >> Lifen Zhou >> Filename : draft-dai-quic-netconf-01.txt >> Pages : 13 >> Date : 2019-10-28 >>=20 >> Abstract: >> The Network Configuration Protocol (NETCONF) provides mechanisms to >> install, manipulate, and delete the configuration of network > devices. >> At present, almost all implementations of NETCONF are based on TCP >> protocol. QUIC, a new UDP-based transport protocol, can facilitate > to >> improve the transportation performance when being used as an >> infrastructure layer of NETCONF. This document describes how to > use >> the QUIC protocol as the transport protocol of >> NETCONF(NETCONFoQUIC). >>=20 >>=20 >>=20 >>=20 >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-dai-quic-netconf/ >>=20 >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-dai-quic-netconf-01 >> https://datatracker.ietf.org/doc/html/draft-dai-quic-netconf-01 >>=20 >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=3Ddraft-dai-quic-netconf-01 >>=20 >>=20 >> Please note that it may take a couple of minutes from the time of > submission >> until the htmlized version and diff are available at tools.ietf.org. >>=20 >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >>=20 >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >=20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_2CD182DB-2D92-469F-8E6E-BF26662EA741 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Thanks Tom for bringing it to the NETCONF mailing list.

Authors, have you = considered presenting this draft in the NETCONF WG?

Some quick = comment:

s/This document specifies how = to use QUIC as the secure transport protocol for QUIC./This document specifies how to use QUIC as = the secure transport protocol for NETCONF./

Can = you also expand on the following statement, in light of the fact that = NETCONF is a client/server protocol, and that each NETCONF session is a = separate TCP connection?

As is well know, TCP has some =
shortcomings such as head-of-line blocking


Thanks.

On Oct 29, 2019, at 5:06 AM, tom petch <ietfc@btconnect.com>= wrote:

Dai

There is something wrong = with the formatting of this I-D which, for me,
makes it = too hard to read.  The  text is littered =     with additional
spaces, like tab = characters gone wild or a malign word processor.  I
would like that    fixed before I try =    and read it (extra spaces
inserted for =     effect:-).

Tom = Petch

----- Original Message -----
From: <internet-drafts@ietf.org>
To: <i-d-announce@ietf.org>
Sent: Monday, = October 28, 2019 2:29 PM

A New Internet-Draft is available from the = on-line Internet-Drafts
directories.


       Title =           : Using = NETCONF over QUIC connection
=        Authors =         : Jinyou Dai
=             &n= bsp;           &nbs= p;Xueshun Wang
=             &n= bsp;           &nbs= p;Yang Kou
=             &n= bsp;           &nbs= p;Lifen Zhou
Filename =        : = draft-dai-quic-netconf-01.txt
Pages =           : 13
Date =            : = 2019-10-28

Abstract:
=   The Network Configuration Protocol (NETCONF) provides = mechanisms to
  install, manipulate, and delete = the configuration of network
devices.
  At present, = almost all implementations of NETCONF are based on TCP
=   protocol. QUIC, a new UDP-based transport protocol, can = facilitate
to
  improve the transportation = performance when being used as an
=   infrastructure layer of NETCONF.   This document = describes how to
use
  the QUIC protocol as the transport =   protocol of
=   NETCONF(NETCONFoQUIC).




The IETF datatracker status = page for this draft is:
https://datatracker.ietf.org/doc/draft-dai-quic-netconf/
There are also htmlized versions available = at:
https://tools.ietf.org/html/draft-dai-quic-netconf-01https://datatracker.ietf.org/doc/html/draft-dai-quic-netconf-01=

A diff from the previous version is = available at:
https://www.ietf.org/rfcdiff?url2=3Ddraft-dai-quic-netconf-01

Please note that it may take = a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by = anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: = http://www.ietf.org/shadow.html
or = ftp://ftp.ietf.org/ietf/1shadow-sites.txt

_______________________________________________
netconf mailing list
netconf@ietf.org
https://www.ietf.org/mailman/listinfo/netconf

Mahesh Jethanandani
mjethanandani@gmail.com



= --Apple-Mail=_2CD182DB-2D92-469F-8E6E-BF26662EA741-- From nobody Wed Oct 30 01:32:41 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 480DE1200F4 for ; Wed, 30 Oct 2019 01:32:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oakwwj_KTaGn for ; Wed, 30 Oct 2019 01:32:34 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 4FA501200B5 for ; Wed, 30 Oct 2019 01:32:34 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 34FAE1AE0388; Wed, 30 Oct 2019 09:32:30 +0100 (CET) Date: Wed, 30 Oct 2019 09:32:00 +0100 (CET) Message-Id: <20191030.093200.966070125623058715.mbj@tail-f.com> To: kent+ietf@watsen.net Cc: mnot@mnot.net, netconf@ietf.org From: Martin Bjorklund In-Reply-To: <0100016df4ad340a-3b990c99-95f8-40c3-9ff0-6f627826bd94-000000@email.amazonses.com> References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> <802B82C7-56D8-4341-9416-2C2CFFECAA3C@mnot.net> <0100016df4ad340a-3b990c99-95f8-40c3-9ff0-6f627826bd94-000000@email.amazonses.com> X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 08:32:38 -0000 Hi, Kent Watsen wrote: > Hi Mark, > > I just re-read all your (and Patrick's) messages from before and was > unable to see anything actionable that wasn't addressed. I have searched the archives but couldn't find these messages. Can you send a link to them? I would like to understand Mark's concerns. /martin > Can you > please provide concrete examples for the concerns you have? > > Since last time, there is now a second consumer of this draft: > draft-ietf-netconf-https-notif. Hopefully, now looking at both > consumers (the other being draft-ietf-netconf-restconf-client-server) > you will get a clearer picture of what is trying to be accomplished > here. > > While not stated anywhere, the goal is somewhat restricted to support > HTTP-based APIs (e.g., RESTful protocols) more so than webservers or > browsers. Maybe this is what you're perceiving as being "an arbitrary > profile"? FWIW, there are implementations (running code), which > suggests the model here is close to what is needed for HTTP-based > APIs. > > This draft defines only YANG "grouping" statements. Grouping > statements don't define protocol-accessible nodes, just a potential > for its nodes to exist. The grouping statements MUST be "used" by > another YANG module, which MAY augment/refine the grouping as needed. > The model is purposely incomplete for this reason. > > As an example, assume a higher-level model wishes to define > configuration for an HTTP client, but wishes to use some other > (potentially proprietary) authentication scheme, not Basic. To > achieve this, the higher-level model could 1) "use" the > `ietf-http-client` grouping, 2) NOT define the "basic-auth" feature > (and hence Basic is not configurable), while 3) augmenting-in the data > model for configuring the client-specific authentication scheme > (enabling that authentication model to be configured). > > Kent // contributor > > > > > On Oct 21, 2019, at 7:34 PM, Mark Nottingham wrote: > > > > Mahesh, > > > > I've had a quick look at the draft, and I don't think it substantially > > addresses the feedback we gave earlier. It appears to create an > > arbitrary profile of HTTP and embodies several anti-patterns for its > > use. > > > > As a result, I personally do not support the adoption of this draft. > > > > Regards, > > > > > >> On 22 Oct 2019, at 9:52 am, Mahesh Jethanandani > >> wrote: > >> > >> Hi WG, > >> > >> The author has posted a -04 version of the draft, and believes that it > >> ready for WG adoption. > >> > >> This starts a 2 week poll ending on November 4, to decide whether this > >> document should be made a WG document or not. Please reply to this > >> email whether or not you support adoption of this draft by the > >> WG. Indications that the draft has been read will be also be > >> appreciated. > >> > >> Thanks. > >> > >> Mahesh Jethanandani > >> mjethanandani@gmail.com > >> > >> > >> > > > > -- > > Mark Nottingham https://www.mnot.net/ > > > > _______________________________________________ > > netconf mailing list > > netconf@ietf.org > > https://www.ietf.org/mailman/listinfo/netconf > From nobody Wed Oct 30 07:56:29 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E92120108 for ; Wed, 30 Oct 2019 07:56:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id We9t_WX3DhOE for ; Wed, 30 Oct 2019 07:56:26 -0700 (PDT) Received: from mail.tail-f.com (mail.tail-f.com [46.21.102.45]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4D51200C4 for ; Wed, 30 Oct 2019 07:56:26 -0700 (PDT) Received: from localhost (unknown [173.38.220.41]) by mail.tail-f.com (Postfix) with ESMTPSA id 827171AE0388 for ; Wed, 30 Oct 2019 15:56:24 +0100 (CET) Date: Wed, 30 Oct 2019 15:55:54 +0100 (CET) Message-Id: <20191030.155554.1912259150134728652.mbj@tail-f.com> To: netconf@ietf.org From: Martin Bjorklund X-Mailer: Mew version 6.8 on Emacs 25.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Archived-At: Subject: [netconf] client identification in ietf-netconf-server X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 14:56:28 -0000 Hi, The ietf-netconf-server module has this: grouping netconf-server-grouping { ... container client-identification { ... container cert-maps { when "../../../../tls"; uses x509c2n:cert-to-name; ... } } } Note the "when" expression. This means that the grouping has a strong depency on where is it used. We should try to avoid such a design. But should't this cert-to-name list be available when x509-certs are used also with SSH? The current data model for ssh specifies certs on a per-user basis. But this requires lots of configuration in the case that the cert encodes the user name (even though the name is in the cert you have to configure each user on each device). I suggest we align the model for SSH with the TLS model for cert identification. For TLS, the data model has the following structure: +--rw netconf-server +--rw listen! {ssh-listen or tls-listen}? +--rw idle-timeout? uint16 +--rw endpoint* [name] +--rw name string +--rw (transport) ... +--:(tls) {tls-listen}? [ reset indentation to make the diagram easier to read ] +--rw tls +--rw tcp-server-parameters ... +--rw tls-server-parameters | +--rw server-identity ... | +--rw client-authentication! | | +--rw (required-or-optional) | | | +--:(required) | | | | +--rw required? empty | | | +--:(optional) | | | +--rw optional? empty | | +--rw (local-or-external) | | +--:(local) {local-client-auth-supported}? | | | +--rw ca-certs! {ts:x509-certificates}? | | | | +--rw (local-or-truststore) | | | | +--:(local) {local-definitions-supported}? | | | | | +--rw local-definition | | | | | +--rw cert* trust-anchor-cert-cms | | | | | +---n certificate-expiration | | | | | +-- expiration-date | | | | | yang:date-and-time | | | | +--:(truststore) | | | | {truststore-supported,x509-certificates}? | | | | +--rw truststore-reference? | | | | ts:certificates-ref | | | +--rw client-certs! {ts:x509-certificates}? | | | +--rw (local-or-truststore) | | | +--:(local) {local-definitions-supported}? | | | | +--rw local-definition | | | | +--rw cert* trust-anchor-cert-cms | | | | +---n certificate-expiration | | | | +-- expiration-date | | | | yang:date-and-time | | | +--:(truststore) | | | {truststore-supported,x509-certificates}? | | | +--rw truststore-reference? | | | ts:certificates-ref | | +--:(external) | | {external-client-auth-supported}? | | +--rw client-auth-defined-elsewhere? | | empty ... +--rw netconf-server-parameters +--rw client-identification +--rw cert-maps +--rw cert-to-name* [id] +--rw id uint32 +--rw fingerprint | x509c2n:tls-fingerprint +--rw map-type identityref +--rw name string It is not clear how this is used by the server to end up either with an authenticated user name or failed authentication. First of all, how is the "required-or-optional" choice used in a NETCONF server? What happens if an operation configures this to "optional"? (side note: why is this a choice of empty leafs instead of a leaf?) Second, I assume that the idea is that the server uses the config params in "local-or-external" and the certificate presented by the client and after this step is either accepted or rejected. It is not clear what is supposed to happen if someone configures "client-auth-defined-elsewhere". I think it is better to not define this case, but (perhaps) keep the choice and explain that other modules can augment additional config params here for other authentication mechanisms. Next, my guess is that the intention is that if the cert was accepted in the step above, it is checked in cert-to-name to see if a user name can be derived. In another thread you mentioned that if a local cert is configured, it seems redundant to also configure the cert as a fingerprint in cert-to-name. I'm not sure about this. But perhaps you can use the same "map-type" and "name" leafs in the "client-cert" container? It is not as easy for the "truststore-reference"; perhaps you'd have to augment the truststore with these leafs in this case. /martin From nobody Wed Oct 30 09:56:27 2019 Return-Path: <0100016e1d98c767-57716d36-7f50-41d9-9641-360626517728-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA17A120933 for ; Wed, 30 Oct 2019 09:56:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sa9oMAgM7bDX for ; Wed, 30 Oct 2019 09:56:23 -0700 (PDT) Received: from a8-31.smtp-out.amazonses.com (a8-31.smtp-out.amazonses.com [54.240.8.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F67A120888 for ; Wed, 30 Oct 2019 09:56:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1572454582; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=7vgXMi0IAjtNvnOI/UCVbxVppNPitJDdcx40ld1UalQ=; b=MYHLddobLEgLtcZZ9k0ZadjR1tDmhwwyF28KQRQ0SSa0dUNXMmZ/Q1bYjeQODi6m cl1oJi+m8+M5blqkTJsZ2jLyNrRafhzASghv9pGWory3Yf3rnEOOhczKOWbWWIfrQs9 17kVJrgkanbOwOB47SpjE4LHjLGKCVuCT1wFE83c= From: Kent Watsen Message-ID: <0100016e1d98c767-57716d36-7f50-41d9-9641-360626517728-000000@email.amazonses.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_3F7EAEE1-F591-48D3-89A1-733C675E088C" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 30 Oct 2019 16:56:22 +0000 In-Reply-To: <20191030.132839.500650494712032488.mbj@tail-f.com> Cc: "netconf@ietf.org" To: Martin Bjorklund References: <0100016e18283926-a00d7d13-4539-4ab0-afe8-9b9575659f6c-000000@email.amazonses.com> <20191029.211356.1886721657930464996.mbj@tail-f.com> <0100016e1a0d419b-b221bfcc-d3cd-4386-a016-474e2303fba0-000000@email.amazonses.com> <20191030.132839.500650494712032488.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.30-54.240.8.31 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: [netconf] x509c2n:cert-to-name problem (was [netmod]) X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 16:56:25 -0000 --Apple-Mail=_3F7EAEE1-F591-48D3-89A1-733C675E088C Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii [moving this fork in the 'netmod' discussion to the 'netconf' list] >> The "tls-server-parameters" container defines the certificates used to >> authenticate the client's cert. In many deployments, regardless how >> the client cert is authenticated, the "client-identification" section only >> needs to explain how to extract the "name" from the cert, a fingerprint >> isn't needed to identify either the client's end-entity or some >> intermediate cert. > > Ok. To me this sounds like you need a more complex^wsophisticated > client identification mechansim than what a plain cert-to-name gives > you. I don't think there is anything wrong with the current > cert-to-name grouping. So let's continue this discussion in the > netconf ML, where this model is being developed. In an attempt to resolve this issue, I modified both ietf-netconf-server and ietf-restconf-server as follows: OLD: uses x509c2n:cert-to-name; NEW: uses x509c2n:cert-to-name { refine "cert-to-name/fingerprint" { mandatory false; description "A 'fingerprint' value does not need to be specified when the 'cert-to-name' mapping is independent of fingerprint matching. A 'cert-to-name' having no fingerprint value will match any client certificate and therefore should only be present at the end of the user-ordered 'cert-to-name' list."; } } Kent // contributor --Apple-Mail=_3F7EAEE1-F591-48D3-89A1-733C675E088C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii [moving this fork in the 'netmod' discussion to the 'netconf' = list]


The = "tls-server-parameters" container defines the certificates used to
authenticate the client's cert.  In many deployments, = regardless how
the client cert is authenticated, the = "client-identification" section only
needs to explain how = to extract the "name" from the cert, a fingerprint
isn't = needed to identify either the client's end-entity or some
intermediate cert.

Ok.  To me this sounds like you need a more = complex^wsophisticated
client identification mechansim = than what a plain cert-to-name gives
you.  I don't = think there is anything wrong with the current
cert-to-name = grouping.  So let's continue this discussion in the
netconf ML, where this model is being developed.

In an attempt to resolve this issue, I modified both = ietf-netconf-server
and ietf-restconf-server as = follows:

OLD:
  =       uses x509c2n:cert-to-name;

NEW:
      =   uses x509c2n:cert-to-name {
  =       =   refine "cert-to-name/fingerprint" {
          =   mandatory false;
      =       description
      =         "A 'fingerprint' value does not need to = be specified
            =    when the 'cert-to-name' mapping is independent of
              =  fingerprint matching.  A 'cert-to-name' having no
              =  fingerprint value will match any client certificate
               and = therefore should only be present at the end of
  =              the user-ordered = 'cert-to-name' list.";
        =   }
        }


Kent // = contributor
= --Apple-Mail=_3F7EAEE1-F591-48D3-89A1-733C675E088C-- From nobody Wed Oct 30 10:48:04 2019 Return-Path: X-Original-To: netconf@ietf.org Delivered-To: netconf@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DEEED12000F; Wed, 30 Oct 2019 10:47:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: netconf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: netconf@ietf.org Message-ID: <157245767382.32502.9136025896189394041@ietfa.amsl.com> Date: Wed, 30 Oct 2019 10:47:53 -0700 Archived-At: Subject: [netconf] I-D Action: draft-ietf-netconf-https-notif-01.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:47:54 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Network Configuration WG of the IETF. Title : An HTTPS-based Transport for Configured Subscriptions Authors : Mahesh Jethanandani Kent Watsen Filename : draft-ietf-netconf-https-notif-01.txt Pages : 16 Date : 2019-10-30 Abstract: This document defines a YANG data module for configuring HTTPS based configured subscription, as defined in Subscribed Notifications (RFC8639). The use of HTTPS maximizes transport-level interoperability, while allowing for encoding selection from text, e.g. XML or JSON, to binary. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-netconf-https-notif/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-netconf-https-notif-01 https://datatracker.ietf.org/doc/html/draft-ietf-netconf-https-notif-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-netconf-https-notif-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Oct 30 10:59:32 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E9BD12013C for ; Wed, 30 Oct 2019 10:59:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TVYV2xdE6XD for ; Wed, 30 Oct 2019 10:59:28 -0700 (PDT) Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 434DA120124 for ; Wed, 30 Oct 2019 10:59:28 -0700 (PDT) Received: by mail-pg1-x530.google.com with SMTP id l24so1961583pgh.10 for ; Wed, 30 Oct 2019 10:59:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=ytQXVkUoLLM0LgJadpCZFgbfdR1oEB5etJ5tMwFMx1U=; b=MKYDLd1YKSlABTkkBbLx0McbyCZLgw4AXo2Yicm+JFt/D7ayd/bk6LVoc4ATZrJ+2X utNxVZhz3+ZXt0NiOd8O5vQVVo/tXLBZPLXDG6a6OGfdAYMx5j6lWGukDCkiedX044Wx SaoXkg1WDAPLxC47aJ3K1oGhqQA98wHTf8otiRbJfWXZstJDqSdK0JIqYBfbE88bcpdc pxJvIKpNnllxis7NLl5W5t7w5wWRxh22PHe4fevzQoN2YvRaozA9JRQpm6g7xEcZDDr2 jRodHTwDy505XrzrGk5M16FhdDs8rm4CUHI7YvLxa8h0IXO4Vvbw4KMGawXhIy6P2W/e MUTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=ytQXVkUoLLM0LgJadpCZFgbfdR1oEB5etJ5tMwFMx1U=; b=IKXbA7lJDfihMEq8Q8DTQwcREkqKutpESl8jZfcKDDisS2BkZvIdNCi9A0yqs0fEoS 3maf8AWjFRiKEIAN8MpUOrbJ6onx231dQFiEXueB1SSTziA9X4Qt4vmAARMJu79orRL4 7KOjF5IKfqjVPgwVyR2ga103a2Pxabmo7rXOFW/m5dXwiWN/M7tbY6TNakPN9g3BEDId KvzAPaxq4zi+JruRoVXLXMvvzHdwJHzHF+TYbnHLuDoZtfH7AYyxQx1/8R993PGTuw+y +2jQSb74K72ZAHLpOksyOHybXH/KKPmkFgn5srldAM6RO57aG/yrQS7YBw8IY7+cHknw +t7Q== X-Gm-Message-State: APjAAAWcvqbGcNYhTTus/+kzFAjDgTrZBopkiBmIHMA7IDg1B3hoqp8u Hyw0NTN42IqLErxLzhyTGmu3SgiA X-Google-Smtp-Source: APXvYqyapWjVJ/puD5s9ZVtZ0r2i7hbPqCTm9pZNLLnfWI4YjMnVHKCrMF55AHe9KStpsrBpzrZivw== X-Received: by 2002:a63:9208:: with SMTP id o8mr780589pgd.256.1572458367290; Wed, 30 Oct 2019 10:59:27 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id q26sm436131pgk.60.2019.10.30.10.59.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Oct 2019 10:59:26 -0700 (PDT) From: Mahesh Jethanandani Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Wed, 30 Oct 2019 10:59:25 -0700 References: <157245767382.32502.9136025896189394041@ietfa.amsl.com> To: netconf@ietf.org In-Reply-To: <157245767382.32502.9136025896189394041@ietfa.amsl.com> Message-Id: <77904D13-1780-4D7B-BF26-BC0DE2DE6839@gmail.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] I-D Action: draft-ietf-netconf-https-notif-01.txt X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:59:30 -0000 This version of the draft addresses two issues raised on the mailing = list, and clarifies a few points. The issues addressed include a definition for a =E2=80=98path=E2=80=99 = attribute that identifies the resource on the receiver for receiving the = notification. In addition, the module identifies the user-id that will = be used for sending the notification. Comments are welcome.=20 Discussion of the remaining open issues will be brought up on the = mailing list or in 106. Cheers. > On Oct 30, 2019, at 10:47 AM, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the Network Configuration WG of the IETF. >=20 > Title : An HTTPS-based Transport for Configured = Subscriptions > Authors : Mahesh Jethanandani > Kent Watsen > Filename : draft-ietf-netconf-https-notif-01.txt > Pages : 16 > Date : 2019-10-30 >=20 > Abstract: > This document defines a YANG data module for configuring HTTPS based > configured subscription, as defined in Subscribed Notifications > (RFC8639). The use of HTTPS maximizes transport-level > interoperability, while allowing for encoding selection from text, > e.g. XML or JSON, to binary. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-netconf-https-notif/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-netconf-https-notif-01 > = https://datatracker.ietf.org/doc/html/draft-ietf-netconf-https-notif-01 >=20 > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-netconf-https-notif-01 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > netconf mailing list > netconf@ietf.org > https://www.ietf.org/mailman/listinfo/netconf Mahesh & Kent (as authors) From nobody Wed Oct 30 11:57:24 2019 Return-Path: <0100016e1e077c63-b847f803-c3f5-40b0-9e4d-d495936773a3-000000@amazonses.watsen.net> X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44EB612011F for ; Wed, 30 Oct 2019 11:57:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnTtlweCbbzK for ; Wed, 30 Oct 2019 11:57:19 -0700 (PDT) Received: from a8-83.smtp-out.amazonses.com (a8-83.smtp-out.amazonses.com [54.240.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26E1F120115 for ; Wed, 30 Oct 2019 11:57:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1572461837; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:Feedback-ID; bh=f07D3WqmjEku4oqASTFmDQYyQC7T1mMRqdorNNNk4mE=; b=fGQi48oaokcff1qpJA/6iSCGz2hQjnES858NN615VzygZbu5pHcwsn16EOEkn0M4 4xUS5dfsxu7uobL/U18rWRTQLH5Ew8e+XNhKS3vyuqLDjYobuJ78VVD8OMT7wy3MNgF ArVcUbXT6sh2/ONZc75yolOYYNDjQtTPleFmQmGQ= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Kent Watsen In-Reply-To: <20191030.093200.966070125623058715.mbj@tail-f.com> Date: Wed, 30 Oct 2019 18:57:17 +0000 Cc: Mark Nottingham , "netconf@ietf.org" Content-Transfer-Encoding: 7bit Message-ID: <0100016e1e077c63-b847f803-c3f5-40b0-9e4d-d495936773a3-000000@email.amazonses.com> References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> <802B82C7-56D8-4341-9416-2C2CFFECAA3C@mnot.net> <0100016df4ad340a-3b990c99-95f8-40c3-9ff0-6f627826bd94-000000@email.amazonses.com> <20191030.093200.966070125623058715.mbj@tail-f.com> To: Martin Bjorklund X-Mailer: Apple Mail (2.3445.104.11) X-SES-Outgoing: 2019.10.30-54.240.8.83 Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 18:57:21 -0000 Hi Martin, > I have searched the archives but couldn't find these messages. Can > you send a link to them? The messages were on the 'netconf-chairs- list, which has no archive. I could attach the thread here, but I feel that I shouldn't without securing all party's consent first. FWIW, the exchange took place during IETF 104, as the NETCONF chairs wanted to solicit HTTPBIS-chair input on the http-client-server draft, in the same way the NETCONF chairs reached out to the TCPM chairs on the tcp-client-server draft. > I would like to understand Mark's concerns. I'll try to summarize what I see: - There was a lot of context-setting. Actually, I'm unsure if the context was ever fully understood, especially with regards to limited scope and how models (like those found in the restconf-client-server and https-notif draft's) can extend it as needed. - There were issues with the 'keepalives' node, which was since removed (in -01). - It was mentioned that other industry efforts to abstract out underlying protocols have failed (e.g., Web Services, and more recently TAPS). Presumably because attributes of the underlying protocols are "leaky" and hence affect things running above them, and so cannot be abstracted out and replaced at will. So far we don't have an example for where this might occur here. - There was a concern for the model defining a 'protocol- version' field in that, generally, clients and servers should dynamically negotiate the version used. This never made sense to me, exactly, as I know many http-servers enable configuring which HTTP versions it supports (usually used to trim-out support for legacy versions), and http-clients (e.g., `curl`) can be configured to use a specific HTTP protocol version, though the practical application of this beyond debugging eludes me. That being the case, the likely resolution is to remove "leaf protocol-version" from ietf-http-client. - There was a concern that HTTP carries a variety of schemes beyond http:// and https:// and that probably needs to be explored. I don't understand this or even if support is needed in the base model. - There was a concern that the line this model is trying to draw between protocol layers isn't as clear as one might hope. This comment seemed to revolve around how HTTP/2 cares very much about the cipher suites that TLS uses and hence may want to use mechanisms like TLS exported authenticators to manage things like the H2 level origin mechanism. Presumably, it's even crazier in HTTP/3. - With regards to not statically configuring authentication schemes because "they are negotiated at request time", I don't think either model is doing that. Rather, the client model enables configuring a client to use a specific combo of auth-scheme + credentials. Similarly, the server model enables configuring a server to authenticate clients using a client-database, which may be either local and external and it is only when 'local' that the 'basic-auth' scheme is considered. Kent // pick a hat From nobody Thu Oct 31 13:51:14 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F74A12084F; Thu, 31 Oct 2019 13:51:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_Er3Sb8sg_6; Thu, 31 Oct 2019 13:51:12 -0700 (PDT) Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC6FF120826; Thu, 31 Oct 2019 13:51:11 -0700 (PDT) Received: by mail-pg1-x533.google.com with SMTP id e10so4841111pgd.11; Thu, 31 Oct 2019 13:51:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b3pa2Y+sMa6PIvEzRcz28Tm6JU/ipI8ugvk2bR57QCg=; b=Xx4Cs3idYtQmhWvWLsbW0aV/PzMVYngFMggrTpYOEndAkhBI0+JiIgKgYMLqRjmhj3 lKyT5ZuXmFyKheSGonsknck/mcSJ/yZHWXsjzNA04OzTFtaLV5LAZw01lP0MO4Rwi/bl 02zTJiIIfOJ7wGLevOwbVamuMfn6TibH3sFe259Xwq7SdA6AOG+RMXUoPqbYdaqVkSfW D8H74li7MaSCZBF1Hi1twW1f4/x4dJzSVbInP7Nd0chAEdCZAmtzFT9iDAJbpLzaju9k kuzkTWe1HB1DuTdPDqHdWNWyTIypy9qflXevXiDuTnID480oaiNuH/P4HiLgDozVjJor +7qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b3pa2Y+sMa6PIvEzRcz28Tm6JU/ipI8ugvk2bR57QCg=; b=IqgEDX2lV0rw9mYjWoPskuGE2QbXM9zgREAnj5K4b5Yxmc9IjEPhQhMdH9JNJY1XLr wN/xhZzoX2ds9NGjKM40dV+iR9B47Gn/Xja31NUTwrUX08hpxx7iD7jQEiUVZQvDl9X3 OmKt+w/Kj2UC6VxXxPgRKxQI3wgJ5KrVgS/lKYubyiSO73i2F3JF8IRIse0LI93gVMrE NQQbt7xNW00t/Kxt6TM4LlNwV6fWYug+wEMmR4Y6iB9aj+PUxq8VS6Wx99glx9ZxVl5x T/NiPR6nk//Icd3uz41wmc1lpsxiNRY4giM0ndnWnb6tEei2irDvnhX9uIYYv7hpSs5Y 4t9A== X-Gm-Message-State: APjAAAU6Ht7gaq0qcFbIvVsuNzdsoP01fU4ociAqxKVLQNaDUeTsc/hI lzqkQHV6TO/0kzNlEq86aSmVnVTD X-Google-Smtp-Source: APXvYqwyIpfOMKykI/A2nw+LdphIJoTUi/Rmm+IaH+2beJZj5C//z3YLluZLwBjUHPxmkrXLKTRtOw== X-Received: by 2002:aa7:93cd:: with SMTP id y13mr8894984pff.240.1572555071195; Thu, 31 Oct 2019 13:51:11 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id a11sm3985359pgw.64.2019.10.31.13.51.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Oct 2019 13:51:10 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Mahesh Jethanandani In-Reply-To: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> Date: Thu, 31 Oct 2019 13:51:09 -0700 Cc: httpbis-chairs@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <704A1489-3BC0-4EFF-A5B0-7D664EA05970@gmail.com> To: Netconf X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] Adoption call for draft-kwatsen-netconf-http-client-server-04 X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 20:51:14 -0000 I support the adoption of this draft. > On Oct 21, 2019, at 3:52 PM, Mahesh Jethanandani = wrote: >=20 > Hi WG, >=20 > The author has posted a -04 version of the draft, and believes that it = ready for WG adoption. >=20 > This starts a 2 week poll ending on November 4, to decide whether this = document should be made a WG document or not. Please reply to this email = whether or not you support adoption of this draft by the WG. Indications = that the draft has been read will be also be appreciated. >=20 > Thanks. >=20 > Mahesh Jethanandani > mjethanandani@gmail.com >=20 >=20 >=20 Mahesh Jethanandani (contributor hat on) mjethanandani@gmail.com From nobody Thu Oct 31 18:35:10 2019 Return-Path: X-Original-To: netconf@ietfa.amsl.com Delivered-To: netconf@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6F3B120111 for ; Thu, 31 Oct 2019 18:35:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rIpJIshlln4U for ; Thu, 31 Oct 2019 18:35:07 -0700 (PDT) Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28D23120071 for ; Thu, 31 Oct 2019 18:35:07 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id x195so2362396pfd.1 for ; Thu, 31 Oct 2019 18:35:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=SgG4/tJ+UCf/l1vjGJZQGytQ/RBiy6lCLXzGEX402Lg=; b=GfqqOhdyfw4bwXApDAJQEz1RVBc8vMmI69+68hBv65vT+qL7tT5DZXzQRqpMyuJ4a7 hp6dsv8H2D94AXSjWCnPAUXeCqzXWYlyk5tr9t5Dmxq8csuV0EpcB9e/E8/GrjKORrLO KewaihBkeD/oKoZy3iGKD7SfubUBio3YiXUx0vfA4df/o0p4EI0EclkITIQJqp1i6cpd iDcjBpVQfzwdVxOStrU3Ahi5O7ca7O5gpN3myzg2PZkyD4gIW0bC0qF2saqootFEZFLW VTzecVwir4SqS6KLpS0ECJ/m2o3S+nxedybHpJJ8QGznu0Ssqny/FlMXqrRQqfsozzSC y8Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=SgG4/tJ+UCf/l1vjGJZQGytQ/RBiy6lCLXzGEX402Lg=; b=Bg2pHOhcW+PwpqGyXwYpeH5Q2PRRtZahCQtLijzHIPbcD20PvfvQZ0z1sMvBCUb11p cvnYBP7m7i/0cqxF2hDgMmvAa6mEwNUWDvGBmgqqA5/nJ/PIPwHyFLwuCBqUWScEkU7q CWzHx6uj84IpgeISsEC3ZiDyia1r/L3A+YSGaAuD9TQwEcuIMXlvEee5K045cxWNKJrn oyNL2ssvLRa82emlRyNGG1MRwvZIgQre8Yomy/1uari7ZY/IQ0uEWtFT6i60f97OSRmC XUoam2qS09pLBUCb/FRkuxt+YGafYhJdIQGbHV4eAGk79JCRcNX5Teww8+aPe4yz+Jjt 1KGw== X-Gm-Message-State: APjAAAUQvOchTtDNPW9p+TaWHAEiZffufyboRzKK3/8vw9w2ee3+AGD6 onr50b1ldS7zwM3lVgOtvdg= X-Google-Smtp-Source: APXvYqy01DVMlBaxSq8aozrnrb3D7/es3oU0Lie5n/icewFDegA6A6GQ3msliyPzMLzR1k6aKMkkww== X-Received: by 2002:a63:c74e:: with SMTP id v14mr10510381pgg.334.1572572106585; Thu, 31 Oct 2019 18:35:06 -0700 (PDT) Received: from [10.33.123.155] ([66.170.99.2]) by smtp.gmail.com with ESMTPSA id c184sm5173912pfc.159.2019.10.31.18.35.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Oct 2019 18:35:05 -0700 (PDT) From: Mahesh Jethanandani Message-Id: <73B7A5FF-BF33-45D6-A020-5FE783AC8144@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_24AA08A1-A8BA-4C03-BC4A-8A342367A158" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Thu, 31 Oct 2019 18:35:04 -0700 In-Reply-To: <20190830.170342.347117436400694093.mbj@tail-f.com> Cc: Kent Watsen , netconf@ietf.org To: Martin Bjorklund References: <0100016ce21ab15a-16b3c8d4-0722-4ea7-a6c0-081689ae42f4-000000@email.amazonses.com> <20190830.142405.429358952690470664.mbj@tail-f.com> <0100016ce2c0c48e-c11076b5-b119-4509-b83e-4206d9699b72-000000@email.amazonses.com> <20190830.170342.347117436400694093.mbj@tail-f.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [netconf] SN and indirection X-BeenThere: netconf@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: NETCONF WG list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Nov 2019 01:35:09 -0000 --Apple-Mail=_24AA08A1-A8BA-4C03-BC4A-8A342367A158 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 [Trimming down the thread to one issue] Hi Martin, > On Aug 30, 2019, at 8:03 AM, Martin Bjorklund wrote: >=20 >> My personal opinion is that the indirection introduced in https-notif >> is likely to be desired by all notif transports for configured >> subscriptions >=20 > I agree. >=20 >> but it's unclear to me if the leverage to be had by >> consolidating the pattern into SN is significantly better than the >> copy/pasting the pattern into each notif draft, especially when >> considering that we're not likely to ever have more than a few such >> notif drafts. >=20 > If we don't have a generic indirection, I would like the current > https-notif solution better if it didn't put 'receivers' at the > top-level, but instead augmented it into '/sn:subscribers', and > renamed it to 'https-receivers'. Further, the 'receiver-ref' should > probably be called 'https-receiver-ref' or something. What would be the motivation to rename the receiver-ref to be = https-receiver-ref? The receiver-ref is being declared in the = 'ietf-https-notif=E2=80=99 namespace, which indicates the type of = receiver it is, and prevents any name conflict with other receivers = being declared in other namespaces.=20 Thanks. Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_24AA08A1-A8BA-4C03-BC4A-8A342367A158 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
[Trimming down the thread to one issue]

Hi Martin,

On Aug = 30, 2019, at 8:03 AM, Martin Bjorklund <mbj@tail-f.com> = wrote:

My = personal opinion is that the indirection introduced in https-notif
is likely to be desired by all notif transports for = configured
subscriptions

I agree.

but = it's unclear to me if the leverage to be had by
consolidating the pattern into SN is significantly better = than the
copy/pasting the pattern into each notif draft, = especially when
considering that we're not likely to ever = have more than a few such
notif drafts.

If we don't have a generic indirection, I would like the = current
https-notif = solution better if it didn't put 'receivers' at the
top-level, but instead augmented = it into '/sn:subscribers', and
renamed it to 'https-receivers'.  Further, the = 'receiver-ref' should
probably be called 'https-receiver-ref' or = something.

What = would be the motivation to rename the receiver-ref to be = https-receiver-ref? The receiver-ref is being declared in the = 'ietf-https-notif=E2=80=99 namespace, which indicates the type of = receiver it is, and prevents any name conflict with other receivers = being declared in other namespaces. 

Thanks.

Mahesh Jethanandani
mjethanandani@gmail.com



= --Apple-Mail=_24AA08A1-A8BA-4C03-BC4A-8A342367A158--