From nobody Mon Nov  1 05:57:24 2021
Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 912123A12B4; Mon,  1 Nov 2021 05:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KRRImY-3oLx; Mon,  1 Nov 2021 05:57:17 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0105.outbound.protection.office365.us [23.103.208.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C41D3A1292; Mon,  1 Nov 2021 05:57:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=0968XZQqxqV/NCY7gHn7WB/tg4uPGNlHm2gNrBdv2Rmx3VT2zlQ2VNCsMSTTB4FbPTOjFBDDP+yhVPjvYfLXU7N1uSJEDbpefPLonrujYzqAidjN17Xc6utWf2gRizwIovkzm/9LpcYKt/8kCpHcnCtQQRCKqULhuhLydRUeB0GL7nATxtdvrw/REH8qH1b+rgGUQcmOLr1DYbVv2V2Y+iq9tQ1EixctfbepdMRbRup3FlDPJwhysKoA7JDb9Oj8888l467+r2z6FKfUqxeBF6uN+QjjjSpWOEmIHfq0frniIFO1LSBx7vrlGBgnfHHPSrh8A+qPR1utjpQsByXGoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=LOJuZxp2wcdBE5P35L/G/3GUjTzH27l/OB9kw0E5GbA=; b=baO50cfBXToJgK2aetddlk4/J529YeIIle85QwrN25K2ZIWjpvCiE8S/RaAo8+o2gLun58rpwk9/BtFS9NEWF7MHjqQCnsN8y46Y/DUsr2hhlYWnBYEU2qy5pd+HC86hdzBbz9VmN0ZDenBrr3EcDmUbb0EePHe9ClWpU4E+MsjYJcC2DowBq5LgOmEI0DC+vmSaWReJ6hbI1YgsfAetOrudKf2SarVJeBZoOvQexWKrcuBTzUj2d2zwDns72s5Hj3OMc44TgrMLX6LXzy5JIFA8+qjM1stAg7mGs5qAaskyjjDgtmqGrU/DY4hhW7JcTFWdLN25nK0z9RdqbgslkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LOJuZxp2wcdBE5P35L/G/3GUjTzH27l/OB9kw0E5GbA=; b=gyv2JZn7A2sDr7c08pbTnS6Gg/rRhYWoyhbVlb7blIJ8WWOjdAP6Sh33Fdg5RXeTGBuzc2P5hX2jLWZqPXcyEvPVBjWfgA9vQsYkBiXxrLhzorpVyTBed3ZV9pRCXy4W9A5HMVDcV7R5gh6Ca5ESL86p/6iABHqAHMxTXoA8bi0=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0881.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:133::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Mon, 1 Nov 2021 12:55:53 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Mon, 1 Nov 2021 12:55:53 +0000
From: Roman Danyliw <rdd@cert.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>, saag <saag@ietf.org>, IETF SecDispatch <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] [saag] Two sessions?
Thread-Index: AQHXzljOk1e2F43DnE6RD3AYHb64FqvtUCUAgAFSMkA=
Date: Mon, 1 Nov 2021 12:55:53 +0000
Message-ID: <BN1P110MB0939C58318D245DA519E0FE8DC8A9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <2AAD27E7-53DF-44BD-9C80-6ABE7679E6AE@akamai.com> <25FD63E5-1CD2-44C8-B526-185ADB249AEB@vpnc.org>
In-Reply-To: <25FD63E5-1CD2-44C8-B526-185ADB249AEB@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: vpnc.org; dkim=none (message not signed) header.d=none;vpnc.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 523cb638-91cd-4b3c-e27e-08d99d36f03a
x-ms-traffictypediagnostic: BN1P110MB0881:
x-microsoft-antispam-prvs: <BN1P110MB0881676BE65CF5098E9D4EEADC8A9@BN1P110MB0881.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: GJzymDWfdzEgIGx2BQMwcFlErDXVzwfXuStl8YBg24wYTWBkGYGCaYz/V2XwnhUPLtwC/8weOibDdlFYy+Q4NC1YEdhufkJBaKt3H9LkLqzW1JIZaHNTFycC02WZa4d4fK5ETLF7OCEkeWYa0T3oCCJplDZTWKEVUfIknWwWQ5nGCqSKB5c8561POoHv2mg1toUQC4iZphRJgcKPTUvv5WUf6qBh5i8IpM+k8Y0TVY/5cNx+Ury41YIWcPTcXiequCXdzCO5m2tN4NOj4ZuYqIDvJ4aIOIpWwo4FdS43RxqCRaPXCeBq4VZwjIFPTaRtpfqXqdbYqpz8XylFL2NcViXkyZzY4CH27Mf9WdmicCwu1IEklK237KkdKGGMCwfm31Le8rgjMDsyaNN4lAHyzfE0ndldn1WWaThD1xDPKd3MwUS0f+89Syv2Ner4t9G+o5eUlK0ZLOg7SpnpY6udB7E75j+o9yl1hroXLEOKwbaHK0gVH6J+cH+QAaPYVJbCmB7nXpmm3m/sEpkKjFVWhgQ8Oy85dcLRBCEAeHxTwW6mHFpuU3s+RWfUbiF5lf4xahjjZ/Pzn+wJV0wfZ2nGtnQbS/VmA2+SEO3eeOhEMIabW15klk9eZK3mFWlBmAS+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(66446008)(76116006)(66556008)(66476007)(66946007)(64756008)(4744005)(122000001)(38070700005)(53546011)(6506007)(38100700002)(7696005)(8936002)(71200400001)(86362001)(110136005)(2906002)(9686003)(33656002)(186003)(5660300002)(498600001)(55016002)(52536014)(26005)(82960400001)(8676002); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kk6wUmEFf2HmzoXwQyZpKp5wJPnR1ZiqnOf8aHAnFmOjl0/zhRmLDP0EgKUmWvrLPCbsrCWu4gGY8AdzvZlQu83BFmRRqRfEdOV2vbA5JpCfMN5EPPTy1D6IgkJ+KXgPj4N4jp/0bwViLf9PtXyu3j9PYGNdAqNFHQ+qY5rCkCaKr9uyaCmUM1yWealmOg9aDWWBkCWZM2TJi69NpwjX4WPR21mhf5HpITXDa3BJqFLekaPi122TAXxD8LrTaaFsM3Kr9cHJxfeVM3Ul6TO2QiK/fqmQco/5j7DGUgXqx2kUs0yHBdPZlLeV27RF30UyK8f+GlpiNjjzn9Gp2/JeOJewXYrTZpNPFMLdnNZ7xkJP0EY/ETBj5DHYpx6KoQAYgzdR6lvUuaBdxLRgnIkdcALNQp6C9ZKbsq+B52HYyVgURAwLcqBhJrk5xaYN7ujw53bIH5USSiQGV57718KDdNRRy5mSc9S3AoRPyN5NQPZte5wyEnm5olo3hinTWufWqxg3yC5rzbbQ2ON4k43aY13EC1iY67LiBnFCi9WumGBJ8ObcdEmIYJRENc7K8vc+7swyjH8a3hpk+7Nhlirvrj5rpjoDqc1lljgqd6H/yc3Xw6Yh2BTDWI1/u/5L8TdehebVUk2Hq06TphDUfQiBfQf+Q6U+NorLlVCcLqaJelao+9jlxw5FmdGSH55j1KtyB0OWzyGi23n5DOJMxhSJjZE1Xz6YiT6clg7CrIBYoIo=
Content-Type: multipart/alternative; boundary="_000_BN1P110MB0939C58318D245DA519E0FE8DC8A9BN1P110MB0939NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 523cb638-91cd-4b3c-e27e-08d99d36f03a
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2021 12:55:53.3161 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0881
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/7nq7cJSNLaPXJUE8ZZ3OPyjbbYs>
Subject: Re: [saag] [Secdispatch]  Two sessions?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 12:57:23 -0000

--_000_BN1P110MB0939C58318D245DA519E0FE8DC8A9BN1P110MB0939NAMP_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkhDQoNCkZyb206IFNlY2Rpc3BhdGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBP
biBCZWhhbGYgT2YgUGF1bCBIb2ZmbWFuDQpTZW50OiBTdW5kYXksIE9jdG9iZXIgMzEsIDIwMjEg
MTI6NDMgUE0NClRvOiBzYWFnIDxzYWFnQGlldGYub3JnPjsgSUVURiBTZWNEaXNwYXRjaCA8c2Vj
ZGlzcGF0Y2hAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNoXSBbc2FhZ10gVHdv
IHNlc3Npb25zPw0KDQoNCk9uIDMxIE9jdCAyMDIxLCBhdCA2OjExLCBTYWx6LCBSaWNoIHdyb3Rl
Og0KDQpUaGVyZSBhcmUgdHdvIHNlc3Npb25zIGZvciBTQUFHL1NlY0Rpc3BhdGNoLCBlYWNoIHNw
bGl0IGFzIG9uZSBob3VyPyAgSXMgdGhhdCBjb3JyZWN0Pw0KDQpBbHNvOiB3aGVuIHdpbGwgdGhl
IGFnZW5kYXMgZm9yIFNBQUcgYW5kIFNlY0Rpc3BhdGNoIGJlIHBvc3RlZD8gU29tZSBvZiB1cyBh
cmUgdHJ5aW5nIHRvIGp1Z2dsZSBjb25mbGljdHMuDQoNCltSb21hbl0gQWdlbmRhcyBwb3N0ZWQu
ICBUbyBhY2NvbW1vZGF0ZSBzY2hlZHVsZXMgZm9yIFNBQUcsIHdlIGhhZCB0byBjcmVhdGUgYSBz
cGxpdCBtZWV0aW5nLiAgVGhhbmtzIGZvciBldmVyeW9uZeKAmXMgZmxleGliaWxpdHkuDQoNClJl
Z2FyZHMsDQoNClJvbWFuDQoNCg0K

--_000_BN1P110MB0939C58318D245DA519E0FE8DC8A9BN1P110MB0939NAMP_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQt
ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1z
dHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl
cmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5
cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjEN
Cgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30N
CmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0t
W2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRt
YXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4N
CjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRh
PSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJv
ZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIiBzdHlsZT0id29y
ZC13cmFwOmJyZWFrLXdvcmQiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPkhpITxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86
cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpz
b2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0KPGRpdj4NCjxkaXYg
c3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5n
OjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBT
ZWNkaXNwYXRjaCAmbHQ7c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZyZndDsgPGI+T24gQmVo
YWxmIE9mDQo8L2I+UGF1bCBIb2ZmbWFuPGJyPg0KPGI+U2VudDo8L2I+IFN1bmRheSwgT2N0b2Jl
ciAzMSwgMjAyMSAxMjo0MyBQTTxicj4NCjxiPlRvOjwvYj4gc2FhZyAmbHQ7c2FhZ0BpZXRmLm9y
ZyZndDs7IElFVEYgU2VjRGlzcGF0Y2ggJmx0O3NlY2Rpc3BhdGNoQGlldGYub3JnJmd0Ozxicj4N
CjxiPlN1YmplY3Q6PC9iPiBSZTogW1NlY2Rpc3BhdGNoXSBbc2FhZ10gVHdvIHNlc3Npb25zPzxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cD48c3BhbiBzdHlsZT0iZm9udC1mYW1p
bHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+T24gMzEgT2N0IDIwMjEsIGF0IDY6MTEs
IFNhbHosIFJpY2ggd3JvdGU6DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxibG9j
a3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjNzc3Nzc3IDEuNXB0
O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQ7bWFyZ2luLWxlZnQ6MGluO21hcmdpbi1yaWdodDow
aW47bWFyZ2luLWJvdHRvbTozLjc1cHQiPg0KPGRpdiBpZD0iM0I5NkE5NEItMDZGQS00NDBBLTg4
RjItRjdCMzcxMDQ2OUMzIj4NCjxkaXY+DQo8cCBzdHlsZT0ibWFyZ2luOjBpbiI+PHNwYW4gc3R5
bGU9ImNvbG9yOiM3Nzc3NzciPlRoZXJlIGFyZSB0d28gc2Vzc2lvbnMgZm9yIFNBQUcvU2VjRGlz
cGF0Y2gsIGVhY2ggc3BsaXQgYXMgb25lIGhvdXI/Jm5ic3A7IElzIHRoYXQgY29ycmVjdD88L3Nw
YW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6Izc3Nzc3NyI+PG86cD48L286
cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cD48
c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZiI+PGJy
Pg0KQWxzbzogd2hlbiB3aWxsIHRoZSBhZ2VuZGFzIGZvciBTQUFHIGFuZCBTZWNEaXNwYXRjaCBi
ZSBwb3N0ZWQ/IFNvbWUgb2YgdXMgYXJlIHRyeWluZyB0byBqdWdnbGUgY29uZmxpY3RzLg0KPG86
cD48L286cD48L3NwYW4+PC9wPg0KPHA+W1JvbWFuXSBBZ2VuZGFzIHBvc3RlZC4mbmJzcDsgVG8g
YWNjb21tb2RhdGUgc2NoZWR1bGVzIGZvciBTQUFHLCB3ZSBoYWQgdG8gY3JlYXRlIGEgc3BsaXQg
bWVldGluZy4mbmJzcDsgVGhhbmtzIGZvciBldmVyeW9uZeKAmXMgZmxleGliaWxpdHkuPG86cD48
L286cD48L3A+DQo8cD5SZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPHA+Um9tYW48bzpwPjwvbzpw
PjwvcD4NCjxwPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K
PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_BN1P110MB0939C58318D245DA519E0FE8DC8A9BN1P110MB0939NAMP_--


From nobody Mon Nov  1 07:15:56 2021
Return-Path: <mcr@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C358A3A1330; Mon,  1 Nov 2021 07:15:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vmHu3pWUGj9D; Mon,  1 Nov 2021 07:15:45 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F37C03A132C; Mon,  1 Nov 2021 07:15:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 4676C182B0; Mon,  1 Nov 2021 10:17:08 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Qm2VKZwH9t4a; Mon,  1 Nov 2021 10:17:07 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 41DB7182AF; Mon,  1 Nov 2021 10:17:07 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0286B48F; Mon,  1 Nov 2021 10:15:42 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Thomas Hardjono <hardjono@mit.edu>
cc: "saag@ietf.org" <saag@ietf.org>, "din@irtf.org" <din@irtf.org>, "blockchain-interop@ietf.org" <blockchain-interop@ietf.org>, Martin Hargreaves <martin.hargreaves@quant.network>
In-Reply-To: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu>
References: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8783.1635776141.1@localhost>
Date: Mon, 01 Nov 2021 10:15:41 -0400
Message-ID: <8785.1635776141@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/iae3Fa1rI6wy8NxgGuVCsdBmNgM>
Subject: Re: [saag] IETF112 Side Meeting on DLT Gateway Interop protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 14:15:50 -0000

Have you seen, btw, that MATTER is using a ledger for distribution of
Endorsements for their remote attestation system?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


From nobody Mon Nov  1 09:14:19 2021
Return-Path: <hardjono@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1F63A3314; Mon,  1 Nov 2021 09:14:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level: 
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9TmI4LIFthk; Mon,  1 Nov 2021 09:14:12 -0700 (PDT)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D32033A32FF; Mon,  1 Nov 2021 09:14:11 -0700 (PDT)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 1A1GE1Yp020135; Mon, 1 Nov 2021 12:14:06 -0400
Received: from w92expo23.exchange.mit.edu (18.7.74.77) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Mon, 1 Nov 2021 12:13:49 -0400
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by w92expo23.exchange.mit.edu (18.7.74.77) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Mon, 1 Nov 2021 12:13:57 -0400
Received: from oc11expo23.exchange.mit.edu ([18.9.4.88]) by oc11expo23.exchange.mit.edu ([18.9.4.88]) with mapi id 15.00.1497.023; Mon, 1 Nov 2021 12:13:57 -0400
From: Thomas Hardjono <hardjono@mit.edu>
To: Michael Richardson <mcr@sandelman.ca>
CC: "saag@ietf.org" <saag@ietf.org>, "din@irtf.org" <din@irtf.org>, "blockchain-interop@ietf.org" <blockchain-interop@ietf.org>, "Martin Hargreaves" <martin.hargreaves@quant.network>
Thread-Topic: [saag] IETF112 Side Meeting on DLT Gateway Interop protocol
Thread-Index: AQHXzsPpAJ5/dSqWqkioklwKWfqT+Kvu+22A///cD9k=
Date: Mon, 1 Nov 2021 16:13:57 +0000
Message-ID: <cf5e32071fbd4d529707442356bc1e6a@oc11expo23.exchange.mit.edu>
References: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu>, <8785.1635776141@localhost>
In-Reply-To: <8785.1635776141@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.54.222.146]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/1vvqtUWqztPEBQT3hzUt1L8AU9E>
Subject: Re: [saag] IETF112 Side Meeting on DLT Gateway Interop protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 16:14:17 -0000

Hi Michael,

I have not heard about Matter specifically, but there has been some discuss=
ion in the TCG and the Global Semiconductor Alliance of using a DLT to help=
 validate endorsements from the manufacturers.

In context of RATS WG and Endorsements, the challenge is not just about val=
idating signatures over SBOM files and firmware/software files,  but also e=
nsuring that "integrity measurements" for specific hardwares (e.g. TPM PCRs=
) are correct.


BTW. Here is a link to a presentation from Intel about using DLTs for Endor=
sements (I think there is also al older RSA and NIST presentations):

https://trustedcomputinggroup.org/wp-content/uploads/Session-3-TSC-Intel-JR=
F-WS2020_RV.pdf


--thomas




________________________________________
From: Michael Richardson [mcr@sandelman.ca]
Sent: Monday, November 1, 2021 10:15 AM
To: Thomas Hardjono
Cc: saag@ietf.org; din@irtf.org; blockchain-interop@ietf.org; Martin Hargre=
aves
Subject: Re: [saag] IETF112 Side Meeting on DLT Gateway Interop protocol

Have you seen, btw, that MATTER is using a ledger for distribution of
Endorsements for their remote attestation system?

--
]               Never tell me the odds!                 | ipv6 mesh network=
s [
]   Michael Richardson, Sandelman Software Works        |    IoT architect =
  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails  =
  [


From nobody Sun Nov  7 08:34:17 2021
Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7B13A07D7 for <saag@ietfa.amsl.com>; Sun,  7 Nov 2021 08:34:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_k55CQXIWOq for <saag@ietfa.amsl.com>; Sun,  7 Nov 2021 08:34:10 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0722.outbound.protection.office365.us [IPv6:2001:489a:2202:d::722]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC43A3A07CC for <saag@ietf.org>; Sun,  7 Nov 2021 08:34:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=T0Y/v7GGxuii0wjTyy2akSZ1NceIwwchzKpU20JFyXDJw/KfZPFCkEK/C22evg9nv6CDbT0lsMI+HIOA3UXluYJIIWIwPHKVyGTRBQx+hy7grPp+JEIxa8x/w8tTkeiUewINf/vmuRfCq/L3t8camHxID09fqK4ijxLUd64fo95Y4xCyQqJO5qffKpRM8HBD3O3crYk9SaQD+fUWm7ZdEL+eI+o7XBPu8uejm08xOjpvbBsk+RKBdkoKO2dsRYU3srWNWiB1AyYdzaBITLSGY5vSh1mU0hZom+VfkmhB61VZdWgAU25hRhvgplYsd+CJMwzwDCOwWUTpliARMPaLBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=P6j62qkHShhybRmsMTabiAhiIQYfjp9+1IVoMUQ+uJ4=; b=dMbsOz6+7KBrY8GQSG7s0wcZtqe+HwMjNO4A5cZozXlq+nOtnpMVoWcbelTCdqTX4b12IIsduiWwXeBzo8um9SXSpqVS0xoQ/GVaPJ16FcW4aoy6lQNdzhIm12D6v/CFLOw5+tlqCsUdopNlL74zr+WsCD6LE2XtmTKgHlFZ4tTJY8TZCMJesDeTz7362Yfl5Iq3WrmQpw6tugaVDT82AeisxUIv8x4+IitobZrU9mHQC82th0ErAPeUZnQ01jk+ijjeVpy12aMCtvM9WVWQs2aqvMvP3ixYFtZQpiWi8tW0ycnTHHHKuts6JfjJfnfurpZjH30Nk9fvMMnS8sHgIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P6j62qkHShhybRmsMTabiAhiIQYfjp9+1IVoMUQ+uJ4=; b=H35INI+wcv+ySO14oOqnLPRMep2uSDzllB27PmbLM2jqHoVEF1q5FjxXJFFf8BIxE3Zy67Eg6y8x/z10+k6eQrl9fC27tBZR6NeNPo11FPpsFP/MQQ5t2UWUO8EnpFj0WERfzs43SDrWKLXFjdvdmYP17vPMWNqwkllM+bbKaEM=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0625.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.15; Sun, 7 Nov 2021 16:32:46 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Sun, 7 Nov 2021 16:32:46 +0000
From: Roman Danyliw <rdd@cert.org>
To: saag <saag@ietf.org>
Thread-Topic: AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
Thread-Index: AdfT8rebsCj/8p2TSsqotCOBk3DMGA==
Date: Sun, 7 Nov 2021 16:32:46 +0000
Message-ID: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b739b9e6-3b27-48c8-d6bb-08d9a20c3b22
x-ms-traffictypediagnostic: BN1P110MB0625:
x-microsoft-antispam-prvs: <BN1P110MB0625DB4C27C3D757CDAEA6B9DC909@BN1P110MB0625.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Bn8h3iHuPV2oxRpN+aJvUjeZoOnzdVwiMIZsUYxnyxk3FW17QgjFnWKpf0R9j03MKZ/ZyCLkhFZ4gtcTrVtn3GF2JFayVGr7n2rnhlygPJyoxMgaPgZcy9/3cH2FzEcVQH9Rrn6IIIPIQBfDtgXtyYyaxW/q9d6Vk0N6ea+QRHGa7gwZaUwVwasldYkJ9Z+EWUYiGUtSPFSXGwrxqaMSWnI22rriLbC9q+7ZZT4j44yPioSlj7VxJ1ZeBCEIVAzSqKVLU172g4HHf8JRjklC4ubic35zrX2/tEpcdlZp3rbhBF1iZrwPTQVCTAwtHS/m56P23I+rYOVpyF2c4ak7gg2A5DGwnfSjoKiD3ZU4Saot4UolGs8biqX1A0oxSHPZiD1fHJVOAGScMId8iJoRKVuq8UHtzxFNQpgx95IeQaFI3lvSZ9SGE/6Z4ZMpYX1TByx+EKxXqRo0stXjTxY5161rjwj6v07iSE21xjX9WMW5spUa9cY+YGWw5D9EGpLljDpCuckVMGGE4Kq4dUODLczpZ5AEB/8kVgPX/wyMzy00p5YGJUr2hV1G5lkFvfXVLEkQgJrnUwklmZndHyzPhE4wWnAC0ZA2qZWz+i2itTkhUsHNv3wVFLCfD0wB7KEANLB6dTKs1WKfzdqSr/iVNyM5engY8t3LPpBUNQFocc4Cf88gL1fm830TY75LyHL6KCeBJD57tcHJamNo+QmaidVPz2gY7+GKDyO2hnFFX6p9iBkj2cEILnANets9qSu3o2xsnApWwcycHRkgDuO5fA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(86362001)(33656002)(498600001)(38070700005)(122000001)(966005)(71200400001)(38100700002)(76116006)(2906002)(7696005)(55016002)(66556008)(9686003)(66476007)(26005)(66446008)(82960400001)(64756008)(66946007)(6506007)(83380400001)(186003)(5660300002)(6916009)(52536014)(8676002)(8936002); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?KFG2rKlrTdAkV/7hZcdlPyb4SkUiFR5oi+7zsQcJJuNctXySR9tUFMynOECR?= =?us-ascii?Q?ukZ8Pxdu74OvJTa6xJBmy1jVJCRyHjiHYAWqTpCw0TTq6J7MSgTR/832EHS6?= =?us-ascii?Q?k0kx2ZVliA5pxwJ/zahrEh1GvhBmil3QYsOKTGjVIg7oE+JFVTJuWUY0Hupl?= =?us-ascii?Q?iaSgzZj3C+3Klh4XA9i5wlSwfvVWaD6azgHwWoPrp3hpajSv8i2FFxJqckZl?= =?us-ascii?Q?7Fhvkrn7lf63fKNEvfxDEa5l5KazMuJU3juzKALLXuqr1hDazoV3tRspO6Oc?= =?us-ascii?Q?0vgLuSvr3acfDz2U3G5KqM9OCYmTbUStwnU9J68MYfU4xtQk39qIlAIkneGL?= =?us-ascii?Q?7gmOjhZkufi/vsUi+1urpPuQEs/BRHo7B3Zx/eT9Ts6MT8r6gK8xDCo2INkt?= =?us-ascii?Q?CpdMgmTys7uIoKY9um5IiTNMerO+F9e7OlqNozprS2BkjEJ/6gGvaOoG0pRg?= =?us-ascii?Q?MykHKyB8zRFcbXBR1fkGQ1t9/iI2J24/AkIhCtJTjLihVg7yeZzQ1Y0IAZRD?= =?us-ascii?Q?zVWI4++ac2M/ubRS4H/QFwHHlqRx98KudRN4I7Jst94JSktUZjOywWEIAsC3?= =?us-ascii?Q?uvxV1IHE/YCZmfgmbi7JUEG7yoJFyxp/FxGPlWVLJr63p8UlfcnOVhM4dUJw?= =?us-ascii?Q?uFADgRjkgXi8KEPp9oC/CJ5vxM5gYPBEfdgeafigjTQupXay3PpusL/bwbS+?= =?us-ascii?Q?TThFVnI+zlSOuRxP5/Z++ZOgZYZCab1c4gKGKwOJQMd7S1BFP/uTeSPs+bmt?= =?us-ascii?Q?F7xKoP2/EmttSkBimfM35DWMx0yp8odoVOwQcCjTx3HuU5XHK88aw/iGoH4b?= =?us-ascii?Q?wiqto2Ek3+kdK8C3wJdmJRhjJaijSdTlpXUG/nx8Qr2+GeU7UvdYJGF2GWKr?= =?us-ascii?Q?5rprGdE2asWo61tXCJkd6gFgZ99Be5OWTLxuzImTz+vM20T4lu+1z2t3vYI0?= =?us-ascii?Q?E69iYEkD34Svwaql1NC/MKzL3uGKt+4wsngBVME8IEWEogAxjrzng9H2rO6J?= =?us-ascii?Q?ORvS5RXHRFaZzQ4R9N2EbQwoRDSlTFGMQTByJHM43ZDphhD7sGn1U1FL0Wf+?= =?us-ascii?Q?h4H8U7OQjcDj7qKJTURhWHhDnu/vp4Y2zXIqyscr6B6C7pp574h1g5OtB9dR?= =?us-ascii?Q?Vyl7B+6xgZ/al7/DgiCCbqIQqsenT65YFnXNXbFrBw8Y8bM5on+XLCYjDBy9?= =?us-ascii?Q?FVXnG9+XBgu2GHXNu42SrOsu+BVOAZZV41LTQckP/Foy/b7HF7+TyBtVJ8I?= =?us-ascii?Q?=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b739b9e6-3b27-48c8-d6bb-08d9a20c3b22
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2021 16:32:46.4122 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0625
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/MQffU2ntJEHhKPU-bJ-pdlVmNqc>
Subject: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2021 16:34:16 -0000

Hi!

I performed an AD review on draft-eastlake-rfc6931bis-xmlsec-uris-17.  As t=
his document is AD-sponsored, I would also appreciate additional reviewer e=
ither now or when the document enters IETF LC.  My feedback is below:

** I checked all of the new URIs listed in the document.  Generally, they r=
eturned a page saying that these identifiers are reserved and pointed back =
to this document.  The following URIs demonstrated different behavior.  Is =
this expected or a sign that further coordination with W3C is required?

-- Returns a 404:
http://www.w3.org/2021/04/xmldsg-more#siphash-2-4

-- Returns a generic page on namespaces (but I'll note that these URI are a=
lso already defined in [GENERIC], aka https://www.w3.org/TR/xmlsec-generic-=
hybrid/):

http://www.w3.org/2010/xmlsec-ghc#rsaes-kem
http://www.w3.org/2010/xmlsec-ghc#ecies-kem

** Editorial.  Why do only of some the algorithms have examples?  For examp=
le, in the original RFC6931 text, Section 2.1.3 (SHA-384) has one, but Sect=
ion 2.1.4 (Whirlpool) does not.  Section 2.1.5 (SHA3) was originally in RFC=
6931 and in this bis got an example (for SHA3-224).  Of the newly added alg=
orithms, Section 2.2.4 (Poly1305), 2.2.5 (SipHash-2-4), 2.2.6 (XMSS), 2.6.7=
 (ChaCha20) didn't get examples (not an exhaustive list), but Section 2.3.1=
2 (Edwards-Curve) and Section 2.6.8 (ChaCha20+Poly1305) did.

** Abstract.  Editorial.

OLD
   This document updates and corrects the IANA registry for the list of
   URIs intended for use with XML digital signatures, encryption,
   canonicalization, and key management.  These URIs identify algorithms
   and types of information. =20

NEW
This document updates and corrects the IANA "XML Security URIs" registry th=
at lists the URIs intended for use with XML digital signatures, encryption,=
 canonicalization, and key management.  These URIs identify algorithms and =
their associated type information. =20

** Section 1.  Typo. s/has has/has/

** Section 1.  Typo. s/elemets/elements/

** Section 2.  This section discusses the namespace change from #xmldsig to=
 #xmldsig-more.  It seems like an introduction of #xmlsec-ghc should also b=
e added here.

** Section 2.2.3. Editorial.  s/is here used/is used here/

** Section 2.2.4.  Typo in the identifier URI:

OLD
http://www.w3.org/2021/04/xml6dsig-more#poly1305
NEW
http://www.w3.org/2021/04/xmldsig-more#poly1305

** Section 2.2.6.  Is there a reason there isn't more narrative text point =
out the different variants of XMSS the same way that Section 2.1.5 or 2.2.2=
 ?

** Section 2.6.4.  This is comment on the original text from RFC6931 copied=
 into this document. Why doesn't the full namespace from the "identifiers" =
list match the example for #psec-kem?  The latter says "xmldsig-more#psec-k=
em" but the example says "xmlenc#psec-kem". =20

** Section 2.6.7.  Typo. s/repreented/represented/

** Section 2.6.7.  Typo. /nexted/nested/

** Section 2.7.2.  Typo. s/specificed/specified/

** Section 2.7.2.  Typo.  In the example:
OLD
/AgreementMethod>

NEW
</AgreementMethod>

** Section 4.2.  Typo in the fragment name of the table (used to update the=
 IANA registry)

OLD
2021/04/xmldsig-more#po1305             =20

NEW
2021/04/xmldsig-more#po1y305             =20

** Section 5.1
   The W3C has assigned "http://www.w3.org/2021/04/xmldsig-more#" for
   additional new URIs specified in this document.

"xmlsec-ghc#" is also used.  Perhaps we should ls

** Section 5.2.  Why loosen the registration procedure from specification r=
equired to expert review?  The documentation requirement seems nearly equiv=
alent to "specification required".  Given how little churn this gets (espec=
ially in new Types), what would be the circumstances where the rigor of a W=
3C or IETF wouldn't be appropriate?

Regards,
Roman


From nobody Sun Nov  7 18:31:54 2021
Return-Path: <d3e3e3@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC3873A0798 for <saag@ietfa.amsl.com>; Sun,  7 Nov 2021 18:31:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level: 
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t_pNjeH-ErOM for <saag@ietfa.amsl.com>; Sun,  7 Nov 2021 18:31:40 -0800 (PST)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEF423A086E for <saag@ietf.org>; Sun,  7 Nov 2021 18:31:39 -0800 (PST)
Received: by mail-io1-xd35.google.com with SMTP id e144so17317382iof.3 for <saag@ietf.org>; Sun, 07 Nov 2021 18:31:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=PUWUt1smgjmae7RrFK8XHeTrwWalHcCl6HZ+OhrFzn4=; b=ajsSaRweBvgJA1T6NBMgU29Uw4GjcG4/TQevk6aoi63Cbv94r5ufdxGvwdXmNdKPXd hXIVGGF22/Pnksh2FRPdr4Jytjnr0MR7GZNJRawZdi30TT5P73q7htwGd4apFULCZDzr 0nwfK2m+gazDoBZp626+XaO9EEilbVwYgS+OA5ThQwsxv/fV2VHKvTwyRZdVfXo+qUk+ xs/Q5ree/zUdH9icwuouo1vt1bb1wmSrU2N7nWEq+j6c/BnamKpQmqhRRRdgzRM2JTA9 zRmicGLYfhXEh9sJG+VTKFZac20aNM5t26AAR1PuKIglmwHP6XT2+2g+rPCcfPKBdMJ8 xqPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=PUWUt1smgjmae7RrFK8XHeTrwWalHcCl6HZ+OhrFzn4=; b=5IzrIQOzdYo+0H7gzG9S+tLY7aJbiWdw8DXsyEgcavGDrHwHUC8QFKN9mR9ISIGRls 9S6e5AuTPkVDv7UYYr9IsezcYw053lQAwNM2cA3CUNdEbFL2sAQm9VT7Qboe+ZREo/zH uEiQ3xrF9LzwQMm30O8jZyCaRleHCPMWO8+eiADKJ3X0Yqmn2n/rqL+Kn4UMP/pQ6KXf H1Rj0vEn7rC0vKi77gB/xKJCmZmpj80kFA3DHSZd8NDcaFDeMzjw+pT343I8x1z+F/O5 Bx15gknWwxtHSRo7bLbkBtwDvBlEXvX2ue5wLO2thCjTSpfi9THBbfGkX9FeAOkCuZpj v2tg==
X-Gm-Message-State: AOAM531s94C1AEhmTYEV8HSh1fwRzsAqbcCgIwDW/uk5PjKvoPYNaHxs JhkUd0zgS6BgDhFVEw7RF4wN5Rn5f5tmsCXDtINh4cRwHTI=
X-Google-Smtp-Source: ABdhPJzApYxAZq1yVquFYow9JGPW79DJnXITvnjTqKxic24cZl/v3eb+E6rp3/Sg7jguYImlcUhP0qgw90nCHnXdZQM=
X-Received: by 2002:a02:b790:: with SMTP id f16mr13206813jam.2.1636338698172;  Sun, 07 Nov 2021 18:31:38 -0800 (PST)
MIME-Version: 1.0
References: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 7 Nov 2021 21:31:27 -0500
Message-ID: <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/kUFWgxlflJcIyVzyJzGjuHQt764>
Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 02:31:53 -0000

Hi Roman,

Thanks for the review. See below:

On Sun, Nov 7, 2021 at 11:34 AM Roman Danyliw <rdd@cert.org> wrote:
> Hi!
>
> I performed an AD review on draft-eastlake-rfc6931bis-xmlsec-uris-17.  As=
 this document is AD-sponsored, I would also appreciate additional reviewer=
 either now or when the document enters IETF LC.  My feedback is below:
>
> ** I checked all of the new URIs listed in the document.  Generally, they=
 returned a page saying that these identifiers are reserved and pointed bac=
k to this document.  The following URIs demonstrated different behavior.  I=
s this expected or a sign that further coordination with W3C is required?
>
> -- Returns a 404:
> http://www.w3.org/2021/04/xmldsg-more#siphash-2-4

I believe the W3C will set up web pages or fix them as needed for UIRs
defined by this document or its predecessors. I've suggested to them
that we might as well wait until the document is a bit further through
the process.

> -- Returns a generic page on namespaces (but I'll note that these URI are=
 also already defined in [GENERIC], aka https://www.w3.org/TR/xmlsec-generi=
c-hybrid/):
>
> http://www.w3.org/2010/xmlsec-ghc#rsaes-kem
> http://www.w3.org/2010/xmlsec-ghc#ecies-kem

URIs defined in other documents but included in this draft for
convenience are somewhat of a different matter.

> ** Editorial.  Why do only of some the algorithms have examples?  For exa=
mple, in the original RFC6931 text, Section 2.1.3 (SHA-384) has one, but Se=
ction 2.1.4 (Whirlpool) does not.  Section 2.1.5 (SHA3) was originally in R=
FC6931 and in this bis got an example (for SHA3-224).  Of the newly added a=
lgorithms, Section 2.2.4 (Poly1305), 2.2.5 (SipHash-2-4), 2.2.6 (XMSS), 2.6=
.7 (ChaCha20) didn't get examples (not an exhaustive list), but Section 2.3=
.12 (Edwards-Curve) and Section 2.6.8 (ChaCha20+Poly1305) did.

There is no particularly good reason. I can add some examples.

> ** Abstract.  Editorial.
>
> OLD
>    This document updates and corrects the IANA registry for the list of
>    URIs intended for use with XML digital signatures, encryption,
>    canonicalization, and key management.  These URIs identify algorithms
>    and types of information.
>
> NEW
> This document updates and corrects the IANA "XML Security URIs" registry =
that lists the URIs intended for use with XML digital signatures, encryptio=
n, canonicalization, and key management.  These URIs identify algorithms an=
d their associated type information.

OK on the change of the first sentence. However, at least the URIs in
Section 3.2 seem to me to identify types of information and I'm not
sure they can be said to be associated with a crypto algorithm.

> ** Section 1.  Typo. s/has has/has/
>
> ** Section 1.  Typo. s/elemets/elements/
>
> ** Section 2.  This section discusses the namespace change from #xmldsig =
to #xmldsig-more.  It seems like an introduction of #xmlsec-ghc should also=
 be added here.
>
> ** Section 2.2.3. Editorial.  s/is here used/is used here/
>
> ** Section 2.2.4.  Typo in the identifier URI:
>
> OLD
> http://www.w3.org/2021/04/xml6dsig-more#poly1305
> NEW
> http://www.w3.org/2021/04/xmldsig-more#poly1305

OK on the above.

> ** Section 2.2.6.  Is there a reason there isn't more narrative text poin=
t out the different variants of XMSS the same way that Section 2.1.5 or 2.2=
.2 ?

This is one of the algorithms added in this version of the draft. I'll
see if I can add some more useful text.

> ** Section 2.6.4.  This is comment on the original text from RFC6931 copi=
ed into this document. Why doesn't the full namespace from the "identifiers=
" list match the example for #psec-kem?  The latter says "xmldsig-more#psec=
-kem" but the example says "xmlenc#psec-kem".

The namespace from specific W3C documents, such as in this case,
<https://www.w3.org/TR/xmlsec-generic-hybrid/>, should dominate name
spaces created for this draft or its predecessors. I'll check into
this case.

> ** Section 2.6.7.  Typo. s/repreented/represented/
>
> ** Section 2.6.7.  Typo. /nexted/nested/
>
> ** Section 2.7.2.  Typo. s/specificed/specified/
>
> ** Section 2.7.2.  Typo.  In the example:
> OLD
> /AgreementMethod>
>
> NEW
> </AgreementMethod>
>
> ** Section 4.2.  Typo in the fragment name of the table (used to update t=
he IANA registry)
>
> OLD
> 2021/04/xmldsig-more#po1305
>
> NEW
> 2021/04/xmldsig-more#po1y305

OK on the above.

> ** Section 5.1
>    The W3C has assigned "http://www.w3.org/2021/04/xmldsig-more#" for
>    additional new URIs specified in this document.
>
> "xmlsec-ghc#" is also used.  Perhaps we should ls

I think xmlsec-ghc is not an added namespace for this draft, it's from
https://www.w3.org/TR/xmlsec-generic-hybrid/. I'll say something about
it.

> ** Section 5.2.  Why loosen the registration procedure from specification=
 required to expert review?  The documentation requirement seems nearly equ=
ivalent to "specification required".  Given how little churn this gets (esp=
ecially in new Types), what would be the circumstances where the rigor of a=
 W3C or IETF wouldn't be appropriate?

This text was just carried forward from RFC 6931. The question is why
did the IANA Registry not use the registration procedure specified by
RFC 6931? In any case, I'd be happy to change this in the draft
Specification Required.

Thanks,
Donald
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

> Regards,
> Roman


From nobody Mon Nov  8 07:04:41 2021
Return-Path: <kivinen@iki.fi>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC4D3A10CF for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 07:04:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8f7sE63oQu6y for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 07:04:29 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [IPv6:2a0b:5c81:1c1::37]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FB283A1060 for <saag@ietf.org>; Mon,  8 Nov 2021 07:04:28 -0800 (PST)
Received: from fireball.acr.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 531AF1B0008C for <saag@ietf.org>; Mon,  8 Nov 2021 17:04:22 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu;  t=1636383862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g8GWJUj8ZG+3+BtaJPtNT6Iu0NW7lYywOBw8zw1QPPs=; b=foirvjl6QUpF98biBOthseHVuhP3C0c2Za5A9gyAqK1mqgheSlJXQqoZaJ+ElJuHXX9fdu JxIEAOiLQ1tLLTfxi0A1DwGKJlN2V3tKDYNiRuoyb4Hw/Xi8vLCbfj2aeZVzb+0nHyjK+a 1yWCKtKuMWl3XXYKyYztTIISMZ7ID4D2aSgkbAODSDu6je9QOrswpbh052hCRhVSafvMLS B7Kjtj4PBw5Wkpgeg6/OSqyLUBLQFcNMHGZsy0QqA7pDSCg08KxJcMNV6df0G+VDY7djya 8diXzN8HGyhh/bKVgE/j8G2Z41K3NJUuhOowugdHxfr0arbwkzF6BztC2cqQqA==
Received: by fireball.acr.fi (Postfix, from userid 15204) id E4E1A25C12C4; Mon,  8 Nov 2021 17:04:21 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <24969.15477.882496.297841@fireball.acr.fi>
Date: Mon, 8 Nov 2021 17:04:21 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: saag@ietf.org
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 3 min
X-Total-Time: 2 min
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1636383862; a=rsa-sha256; cv=none; b=IaPwYs6wp3yv8sSBu642BEtitXe7E0fJQHTaJvxVhLpitTr+9zao59JNkOgfbZCC8vJrY9 Ud7Azr8s6EHKqDgJT7DgYnQ9Kf9WPAQuuD77vg3UDeqPE10VkHW9QomTP9/HhYFC4eRvHE t19qMaawNtOEpIlGFWR4/hFI68m+HSxh8tPJMSdW4v15tLbhR3ecpyWci8jr6RSLeZojUc y2fo2qIQOyzlBQ1bguaGlvkRND/JOiNMEy/jfDnaD5gcYPsfLGe2rjIVoZWACAXhn/WmC/ cX8BV1y7RRW7WUt+TDV5O2ShFDrREbH3vSlVTTehCeK1pceqSlE1VXZ1pv2tYw==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1636383862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g8GWJUj8ZG+3+BtaJPtNT6Iu0NW7lYywOBw8zw1QPPs=; b=myPEjcz0CR7/a+2oPd0kzB7UDn+rumz+/ykXs3sU4+8/Ob2AHfTOyKbA132VnzWM6lzg00 q0H9Oc0YMis2P0ClIBmu9q/vZz9/HIf85Pn9TJ36wUThqs1wNGMDTNqXjTGob9ADh9G7lf 6Epkzgm25SGG023F29NgNiTO7hjXnKtUFcGAGO552qh5BILf2nNx79XmzDMbhnIpvjECHS QrEVdNW2XMw9C8ReYwvxK1paXXC875AbQQwAqoMEwbT973VGL3R6DJnh7xrFNgaETsvP9w 7ynNtE9T3AnrCPr6B1o+UvzuUf4NpCPAMZOiEEPLmFgQQMy1xN7QikRRYfB78A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/P8MR9_T8666PZBCNaa7WBkhCPFg>
Subject: [saag] IPsecME report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 15:04:38 -0000

IPsecME WG got its tradional session kicking of the IETF 112, i.e.,
first session on Monday morning. We had two hours and used most of
them. Here is the status update [1] already updated to the datatracker:
----------------------------------------------------------------------
Publication has been requested for Intermediate draft. Base IPTFS
draft had long discussion during the IETF 112 WG session and the final
issues on it was resolved, so now the IPTFS drafts (base, yang and
mib) should be ready for publication. Multiple Key Exchanges draft
should also be ready for publication. Labeled IPsec and Deprecation of
IKEv1 and obsoleted algorithms drafts are past WGLC and are getting
ready for publication soon.  

Group Key Management using IKEv2 did not get any reviews yet, but is
now in the WGLC to get more reviews. RFC8229bis has been adopted as
working group draft, but there has not been that much discussion about
it yet. IKEv2 configuration for Encrypted DNS and Announcing Supported
Authentication Methods in IKEv2 drafts are now in the progress of
being adopted to the WG.  

There has not been that much happening with other new work, like
Optional SA & TS Payload in Child Exchange. modifying the base IKEv2
payload format, both to make it more compact for constrained devices,
and allow it to go over 64kB payload limit. 
----------------------------------------------------------------------
[1] https://datatracker.ietf.org/group/ipsecme/about/status/
-- 
kivinen@iki.fi


From nobody Mon Nov  8 15:06:05 2021
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFF7F3A0E0E for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 15:06:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EldklxlwBFGf for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 15:06:01 -0800 (PST)
Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A913A0E11 for <saag@ietf.org>; Mon,  8 Nov 2021 15:06:01 -0800 (PST)
Received: by mail-ua1-x931.google.com with SMTP id l43so34795719uad.4 for <saag@ietf.org>; Mon, 08 Nov 2021 15:06:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:from:date:message-id:subject:to; bh=tqHUp9aCjv1ucXSbvMxXFl0yeFpLlBYRxyn6NwrhS5o=; b=hpykdm89xAxX/OYHvSrjYvvReevDubzOqztNH2++DAS8fbMJboVNxO5ANiaufFSrFr enNGgrpfhFzmgwe+BcJUyKOkcDONqVbeofE+2uln64U00/9PJ9qS1E7JWVnyx22VOmT2 P0segGyz8gULzwCrZAryuA12v4h/ijpjCI/VwuCDJKOeFI0uoKSVr8r1b7xchbUA8DJD jNoqiCW17e5mjvrT9DPaSBD3XhwCU7wv7ewTWV59rTkfNDyzyT1+d6w0vFy+qOFxmovk Z4avz/QvAHIklaAIWGuYB7vRYSHMxOKLze8No/opkvA2FYQHEkdAjxsfL2yo/dpIwUNp G8Tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tqHUp9aCjv1ucXSbvMxXFl0yeFpLlBYRxyn6NwrhS5o=; b=F6YXI4sENdooB+ug3WrGoL0JcLjySwtvFM8u3hzYGhxA0L4On3RNzbq9nQ7nT0iNfX ySmFvO1smtRVXKWBj3rnachqpAKtRBkJDPwfwYGHAih503tVuIjFjyWgjGMZePwN62XA jyplNUS34jmjGesOxoTlOrKG7SkbHu2K3Ej+nU+x6vVrLVYkhS9ZMrHOSkgWlPGGdAQ3 rgPE7IF8CGUC8rbTnONGXSDv2f59kanpwLQV9ajdxcIqV8ghHIP1nnTyjdj4V258nhe/ 3dfQCpp54dXa0CA7g+6WhAU8zFHx+xoTqDMUlNLZaaCLFNp7MWYIcQAJWW+E8tnNoPUX X62g==
X-Gm-Message-State: AOAM530shgfWnqXy7zpRKpVERjr8sDNtgnjJ63FiPZ1LFPAWe+TQYcQ/ KN9G+EJR5KLcQZ0lFLbPjd+XnYa/+lhQfGzdwhbVuXFodIE=
X-Google-Smtp-Source: ABdhPJwNpkfH7Cco4AAEdj/aT3I/H5hWy6jnHG13LPyQVpP93+tQ0h6NrBwQ2qwjxdAvVs5wy9C9SswMPXVdKwOLIH8=
X-Received: by 2002:a67:fc91:: with SMTP id x17mr22818114vsp.23.1636412756982;  Mon, 08 Nov 2021 15:05:56 -0800 (PST)
MIME-Version: 1.0
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 8 Nov 2021 18:05:46 -0500
Message-ID: <CADZyTkmsjAgF+HU=ixmPXB6NPN7Hv8K8m3Uk-c=fXsKbhRtyjQ@mail.gmail.com>
To: saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001600d405d04f09e3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/l6eQgA8CSpxeISBSw5JXZ8-wH8w>
Subject: [saag] ACE WG
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 23:06:04 -0000

--0000000000001600d405d04f09e3
Content-Type: text/plain; charset="UTF-8"

The ACE WG is meeting after SAAG today.

The current WG status is as follows:
RFC queue
  * coap-est
  * dlts-authorize
  * oauth-authz
  * oauth-params
  * oscore-profile
IESG Evaluation
  * aif
  * cmpv2-coap-transport
  * mqtt-tls-profile
WGLC
  * key-groupcomm
  * wg-coap-eap
WG documents
  * pusub-profile
  * key-groupcomm-oscore
  * oscore-gm-admin
  * pusub-profile

yours,
Logan and Daniel
-- 
Daniel Migault
Ericsson

--0000000000001600d405d04f09e3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">The ACE WG is meeting after SAAG today.<div>=C2=A0<div>The=
 current WG status is as follows:</div><div>RFC queue<br>=C2=A0 * coap-est<=
br>=C2=A0 * dlts-authorize<br>=C2=A0 * oauth-authz<br>=C2=A0 * oauth-params=
<br>=C2=A0 * oscore-profile<br>IESG Evaluation<br>=C2=A0 * aif<br>=C2=A0 * =
cmpv2-coap-transport<br>=C2=A0 * mqtt-tls-profile<br>WGLC<br>=C2=A0 * key-g=
roupcomm<br>=C2=A0 * wg-coap-eap<br>WG documents<br>=C2=A0 * pusub-profile<=
br>=C2=A0 * key-groupcomm-oscore<br>=C2=A0 * oscore-gm-admin<br>=C2=A0 * pu=
sub-profile<br></div><div><div><br></div><div>yours,=C2=A0</div><div>Logan =
and Daniel</div>-- <br><div dir=3D"ltr" class=3D"gmail_signature" data-smar=
tmail=3D"gmail_signature"><div dir=3D"ltr"><div>Daniel Migault<br></div><di=
v>Ericsson</div></div></div></div></div></div>

--0000000000001600d405d04f09e3--


From nobody Mon Nov  8 15:10:57 2021
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB4833A0E1A for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 15:10:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3NhmJSvSjMK for <saag@ietfa.amsl.com>; Mon,  8 Nov 2021 15:10:53 -0800 (PST)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474B83A0E19 for <saag@ietf.org>; Mon,  8 Nov 2021 15:10:53 -0800 (PST)
Received: by mail-ua1-x92a.google.com with SMTP id l43so34815964uad.4 for <saag@ietf.org>; Mon, 08 Nov 2021 15:10:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:from:date:message-id:subject:to; bh=iT56OEzSZO2YOYVjcJJHZlAPvhmN1vDcCUJR+jYC85o=; b=ljsjd3m/dQqiN/z9bioOvO9VipW6Xf6bqCRDiGzDtAlYhBHf7aW61wGrpKvkLFopn1 7GKrUjxACdGWlhPf5EWeqBsVYc/qVAzdIZbmjY3ZTzzsSuDc7k/lMEyszTsuELo9f9ZJ Drfv49anDHlEY9+KndMttg74f0hW7dB709jE8a/OIcpm9YPbKVoZIm8DEZlJxtk4pasB 58WrwqLdf4U431x8Te9nZlcbCCULzG7LqHRRI+5Rup7Ua+M9jwsSduXwy2zbdW+MA7yr jzd+vmBtdBaIfITi8mp+rPHtKB8ke7+xttYbCzjWgUA2ixhgD/qaufQaqIuzoQhhPLfh /FuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=iT56OEzSZO2YOYVjcJJHZlAPvhmN1vDcCUJR+jYC85o=; b=mjiYoa2t/sG48wIIi0pXkkuQ5k+Q7xW1MnTqpryqaVKZz36Zkt9bBCyl0Bg/tsnpFi LiculDobxyvPOUivwbey7zHxRLhpFmX+VxRlLZCmGzo0fqNhHMpnFXLxRUmJq3fGIed2 pxHiWAag1nW7pi5AT02XVMX4+2SDyXgOjHPeCDyZUOYpksvpYQDsJWxTKbBiNhCg4TNw aLssQY0jnsbW+9iiXW6JzTjI2btPBzNRdwqKQNwXGHHlzARDasV37FPedYS+aJStlfGI 6MnbMHH4DUrY+7edOVE+IsjtYBrLtCDonapZJLjwrjwQ8yyeRYmlqzojVUp6Gc4lfmIE NahQ==
X-Gm-Message-State: AOAM531FmMo2YQ2Si/L39S9Af225qw34aqONBJgGkpf5WZO3eGgDZWji ZIVGMOR420nSGp5W07yPD17yHnb7FJgpa7F8fhEP60W2
X-Google-Smtp-Source: ABdhPJzy1k8iAdQvQKvNk5z43eW4M+jntRfRRHHaDLu7OpSbGfUgi4IvgOnsub99ikjZ712qJA8fdk7MhFtG76zRo3c=
X-Received: by 2002:ab0:484:: with SMTP id 4mr3625746uaw.71.1636413050330; Mon, 08 Nov 2021 15:10:50 -0800 (PST)
MIME-Version: 1.0
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 8 Nov 2021 18:10:39 -0500
Message-ID: <CADZyTknRbL8iiJbMk7UOpYxV7ZCM==S3rsbeS8KWwqqfu_Yb_w@mail.gmail.com>
To: saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000092233105d04f1a36"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/aisSjyR5QVkMYM-5Ex5bV22v4w8>
Subject: [saag] CURDLE
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 23:10:56 -0000

--00000000000092233105d04f1a36
Content-Type: text/plain; charset="UTF-8"

CURDLE did not meet this week. The last draft ssh-kex-sha2 is in the RFC
Editor queue.

Yours,
Rich and Daniel

-- 
Daniel Migault
Ericsson

--00000000000092233105d04f1a36
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">CURDLE did not meet this week. The last draft ssh-kex-sha2=
 is in the RFC Editor queue.<div><br></div><div>Yours,=C2=A0</div><div>Rich=
 and Daniel=C2=A0<br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr" c=
lass=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr=
"><div>Daniel Migault<br></div><div>Ericsson</div></div></div></div></div>

--00000000000092233105d04f1a36--


From nobody Tue Nov  9 00:01:09 2021
Return-Path: <valery@smyslov.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BBD53A0DC7; Tue,  9 Nov 2021 00:01:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.611
X-Spam-Level: 
X-Spam-Status: No, score=0.611 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL=1.31, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1XCTxyUsf5I; Tue,  9 Nov 2021 00:01:01 -0800 (PST)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04B1A3A0AB5; Tue,  9 Nov 2021 00:01:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=HFV2p0A9ZWvFo7JBN6/R2xsEKUILGGGBEIEWYT3iddI=; b=LYqLvHMPYEg1WrsRJOQ0Eys6up x9DgXXzcKbKJUIB76xvGjnmz9OuCJHM1AB2B432t86NMV5U4fIHhi05kU67XypnPiu+tZoI5+F0e5 i5c9CHUwgVW164UQTuXE2c0JWuXUvoMRS85HVPdPI4P+cWPFNOc/6Nx1Xl1kRpOq37bdnz5vZh7Ww jzNNb6x0V93PGFtcPtLBDrIQxkar/tVG42l7sP1YjkDC95zKP2ftrCUd3CPrw0YKmm6NuiSc9ZLAx qBT6gFYz0JSNbpxEGzq6bIUjbf+sHyTTh6FdoDcFXY2LeaSQk4MxChWdAhUyiJMlAAms2s1+Tr3KO N9rsB+3w==;
Received: from [93.188.44.204] (port=50595 helo=buildpc) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1mkM3t-0003OS-17; Tue, 09 Nov 2021 03:00:57 -0500
From: "Valery Smyslov" <valery@smyslov.net>
To: <saag@ietf.org>
Cc: <uta-chairs@ietf.org>
Date: Tue, 9 Nov 2021 11:00:55 +0300
Message-ID: <0d4701d7d53f$ee281860$ca784920$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AdfVPowWbLMh8F1mTHuotzy/EwF97Q==
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/RBXTJWHGCX7PUD_SH9s2cVPBdEE>
Subject: [saag] UTA WG report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 08:01:07 -0000

UTA is meeting on Friday, November 12th.

We are going to discuss the issues of the working documents:

1. draft-ietf-uta-rfc7525bis is very close to WGLC, few issues remain
2. draft-ietf-uta-rfc6125bis is being actively discussed, WGLC is expected in January 2022
3. draft-ietf-uta-tls13-iot-profile waits for more discussions

Leif & Valery


From nobody Tue Nov  9 00:22:42 2021
Return-Path: <valery@smyslov.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007333A053E; Tue,  9 Nov 2021 00:22:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.789
X-Spam-Level: 
X-Spam-Status: No, score=-0.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL=1.31, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOscI9LTjTjJ; Tue,  9 Nov 2021 00:22:36 -0800 (PST)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E7D33A041C; Tue,  9 Nov 2021 00:22:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=M064tynQ0ixFw9pGVt87QyDtRlvPnDTU7k1HXwOkC4s=; b=wFPEfKb+hQQKa2/bX/KdgYclEf 59mCyti/kh6HkSvkJ4tCHvtN6AqeJlkvA2Qbvab4rCN/MAJmZPgdajMfLQHL5BD2oA/YX3lz6/k3B SvS05DlGJmvH/oXvu6u6mM8h6qvmbP0LS16b5S2QZYNugPiGlVY2w0XY4Ca3rPV2ZgrW0r8PlAMuL dHipj56ESNEJ4jAHQjYjsFyJf1nX9iT3QYQcLUZiaFC5sJZTl7UKyFizu2Jq3D/mmxYItZch5C/yR 17qa+c6QFUYXKSV1yHs9zlGnacr/7r8nICBAQLqww636NMY0f2SaB6cYystelL7mYJSxoTfJyZAk9 GrjIpkkw==;
Received: from [93.188.44.204] (port=57497 helo=buildpc) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1mkMOn-0007IK-Cj; Tue, 09 Nov 2021 03:22:33 -0500
From: "Valery Smyslov" <valery@smyslov.net>
To: <saag@ietf.org>
Cc: <dots-chairs@ietf.org>
Date: Tue, 9 Nov 2021 11:22:32 +0300
Message-ID: <0d4e01d7d542$f2d9b230$d88d1690$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AdfVQA7sp9wosmBnTaGW8ZqbbEc1nA==
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/f0sYJjSfbtsNDK0WngIab-Wsl_U>
Subject: [saag] DOTS WG report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 08:22:41 -0000

DOTS is not meeting at IETF 112.

Since last IETF we have made a significant progress in publication process:

- RFC 9132 (DOTS Signal Channel) has been published
- RFC 9133 (Controlling DOTS Filtering Rules) has been published (at last)
- draft-ietf-dots-signal-call-home (RFC-to-be 9066) is in the AUTH48-DONE state
- draft-ietf-dots-telemetry has being requested for publication, is waiting for AD review

We have some progress with other WG documents:
- draft-ietf-dots-multihoming  is in the WGLC state waiting for external reviews and for resolution of found issues
- draft-ietf-dots-telemetry-use-cases is close to WGLC, but more discussions are needed
- draft-ietf-dots-robust-blocks has been adopted as WG document

Regards,
Frank & Valery


From nobody Tue Nov  9 01:07:05 2021
Return-Path: <smyshsv@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C023A0C64; Tue,  9 Nov 2021 01:07:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kv4GnrlqGTkR; Tue,  9 Nov 2021 01:07:02 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 138583A0B9E; Tue,  9 Nov 2021 01:07:02 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id z21so28595111edb.5; Tue, 09 Nov 2021 01:07:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:from:date:message-id:subject:to:cc; bh=f2/kwxZZZsurD2z9pbC0mHvzpBxAUyMEGs1u4wJq0rY=; b=SX9TUAix/VeM7QVbiarGndGxvTal/L4JVkDdGjeuNHD3Vww2cqdrGTDR+Fwy40nwgZ rFFkQ38IZli2io6l4KiB8sgsaztjSZ1OpA9QviGf911epiI1y722sdZ8lID3KtYw6s8W 7RetsWRRQzk2zPEh1btiUOGCyVUmMGJecXYz+YqpOo9LRBVWae4mcsCQ6eK02d0IXTTv fE2Fnqx+MdEkhxJRvJ8vwPFd7KE829a3lOPZq0cy3KN7k+jTRb63e16MGd1pXVcrRX1j iz8/SfF2/rmR5anRgyZfjKmZ5E8TYrAiwVxJV4+vm7XzTRnwHqKym4Za3D5tAPFtVn4N L1/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=f2/kwxZZZsurD2z9pbC0mHvzpBxAUyMEGs1u4wJq0rY=; b=oPR993N/h6EoF92GmlIbCnh6vXWWA/A0M49awLYwbSAQoQJRzdlviFCNz4afGsVbjJ h1zIdbidBxAkCKB6X0XpciRfFe3x96bAWLVgvnqbaLCiYm2P3eboWN1aEmMFhyLNvO+U xzSelCVojP7mdY0JGAE4U7svv/zmcMQVOxqSGBwWxp60cWoUCMD9dN7YdoOYmJ/ocOhb Ec8dM2aWhy/lSF4sP9cibSZN9ChbpcVSD+x//hPyeV5Tb5Vle9ziGpie723ok7/R5v53 +72jFzRuB47wpLgbH7FYdZMVqZlT+XnuqrPdl19sKn96nyXIsgpkFYI+qzCwZNY3FA7m BDqQ==
X-Gm-Message-State: AOAM533KBcSHSO1Rkzl5T76zGXemDE2wJ/wUwy2wvEjH5VKtJf9eEQrL K+wZlxh0gvAEQbgWtXLg5p0oOC5u6TV1yA68YPy5HgBsNEk=
X-Google-Smtp-Source: ABdhPJyHjULzA5JH7eZNtPhQQTt1dzig6FwVzHkq2Wg5CTZO+hAZAhH1Cxog9de3CSukZ5eQeTG7QuecxZ7qz50Dnf8=
X-Received: by 2002:aa7:ccd8:: with SMTP id y24mr8007929edt.76.1636448818313;  Tue, 09 Nov 2021 01:06:58 -0800 (PST)
MIME-Version: 1.0
From: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>
Date: Tue, 9 Nov 2021 12:06:12 +0300
Message-ID: <CAMr0u6mdYFuwmxYsMhZRXbLxVZyOV4LCf3i9gmg4=EbqAbdciA@mail.gmail.com>
To: saag@ietf.org
Cc: cfrg-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000823db605d0576e82"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/cN4WQS_NV1aWH6uwArAFfqwEAMQ>
Subject: [saag] CFRG report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 09:07:04 -0000

--000000000000823db605d0576e82
Content-Type: text/plain; charset="UTF-8"

CFRG is meeting on Thursday, November 11th.

We have a new RFC (RFC 9106, Argon2), one draft (draft-irtf-cfrg-hpke) in
IESG review and one draft (draft-irtf-cfrg-spake2) in IRSG review; one
draft (draft-irtf-cfrg-hash-to-curve) is going to be moved forward (to the
IRTF Chair) very soon.


We are going to discuss the following topics during the meeting:

- Verifiable Distributed Aggregation Functions
- Status of CPace draft.
- 'Short' hash and KMAC as a KDF
- Status of VOPRF draft.
- Private Access Tokens Crypto.

Regards,
Stanislav (on behalf of CFRG chairs)

--000000000000823db605d0576e82
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">CFRG is meeting on Thursday, November 11th.<br><br>We have=
 a new RFC (RFC 9106, Argon2), one draft (draft-irtf-cfrg-hpke) in IESG rev=
iew and one draft (draft-irtf-cfrg-spake2) in IRSG review; one draft (draft=
-irtf-cfrg-hash-to-curve) is going to be moved forward (to the IRTF Chair) =
very soon.<div><br></div><div><br></div><div>We are going to discuss the fo=
llowing topics during the meeting:</div><div><br>- Verifiable Distributed A=
ggregation Functions<br>- Status of CPace draft.<br>- &#39;Short&#39; hash =
and KMAC as a KDF<br>- Status of VOPRF draft.<br>- Private Access Tokens Cr=
ypto.<br><div><br></div><div>Regards,</div><div>Stanislav (on behalf of CFR=
G chairs)</div></div></div>

--000000000000823db605d0576e82--


From nobody Tue Nov  9 01:36:39 2021
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54F0A3A0E24 for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 01:36:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgZImvlzhNwu for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 01:36:29 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 412DB3A0D70 for <saag@ietf.org>; Tue,  9 Nov 2021 01:36:29 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id o8so74053752edc.3 for <saag@ietf.org>; Tue, 09 Nov 2021 01:36:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=PSJtupVGft/fW5ftYFPkV4kRrOPzgtl1b/rOICTpZXg=; b=HRg1SbcQtFb4PxDnIGdOQC+eKxH/P4HqlXxibSAOyLI8muLU1pnAyNZf5+KlbD/6uk 51iGOKh2L6AwGXgFWtBzVy50eSLmBEonM4ZOD4XKsPi+1dQ9JUsRp1ruKt3tP0cwkOrO auaCoeRAm6NoCfqVOhTZfQroGxsJaFvkecb0LAA4Y2h4wr63BDkAF4xweNzCjrbnvAkZ qa6i/f1kUopJ44r1w+Wxnqwnms6/9BvWXtxi2rG4bkp+MHpXVxNg1LL44+xYykmYNIvA 4/tZU5lv9KhbLEKLhld/ukeIryq+lOBg0mwvMAJld/sMuLMC49d/by7bc/a5RUkG9mUt Ue/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=PSJtupVGft/fW5ftYFPkV4kRrOPzgtl1b/rOICTpZXg=; b=MfkfTc7HzxVKibvP0KznhoWzcqJWzsc7w8upNvoT/6FH25MDXzZwap8I+/bJoOh7tC i8yRrnawZNN0s2EMsLlsphkSR9vqLpFvIkdEuGVOqKz2/iTmsktH9D6U4swpSuTtTEBJ 4j6gSyYjND0J+tAx5OyqPjrvbzW+1d4yYkB94VBOAaANGyIeTIF4cubUsXeZV7QQYAFu NXZEUQ+0AdKpjhweGI7aKQepp7YxpdIiZ4atid1EWFUIN0AVefyvA8A8nx75+ptt8iwP 6Yp/46YEpl1EKORGFy1nxn9ngASNog+F5JODEDcd0PDTA0fg08lcq7m9x2n6qdmotXc0 1Vag==
X-Gm-Message-State: AOAM532RRKY1DwP0Rwh89qgIc6M2527XB2q+BHFwO18SbjEJuyC1n1wi PxpR5sOGXCcc+/qfu2pBXJ1b1MqAGvY=
X-Google-Smtp-Source: ABdhPJy/SCWrLDrY4oSMXNnkCBzbf4HwFiAggZkXvsR87RTekfVfMa7kR2JlVAO342zkzYgQV49P1g==
X-Received: by 2002:a17:907:1dd5:: with SMTP id og21mr8124507ejc.233.1636450585402;  Tue, 09 Nov 2021 01:36:25 -0800 (PST)
Received: from smtpclient.apple ([87.69.209.176]) by smtp.gmail.com with ESMTPSA id e20sm10534462edv.64.2021.11.09.01.36.24 for <saag@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Nov 2021 01:36:24 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
Message-Id: <7E4AE35F-2B75-4355-B2D8-8CB67F49CE2C@gmail.com>
Date: Tue, 9 Nov 2021 11:36:23 +0200
To: Security Area Advisory Group <saag@ietf.org>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vmBHY18oGfP-4onfA4f17ApBIIU>
Subject: [saag] ACME report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 09:36:37 -0000

ACME is meeting on Thursday.

We have several drafts in process (DTN node id, subdomains, and integrations)

We also have a new, not-yet-adopted item, the renewal information extension. 

All these will be discussed in our meeting.



From nobody Tue Nov  9 02:34:21 2021
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 780823A0E8E for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 02:34:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PwJazDfIRR0W for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 02:34:11 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on071a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::71a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CF583A0E2E for <saag@ietf.org>; Tue,  9 Nov 2021 02:34:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QgzyxaA0lbj9XgxyDKw+kJTy3FR9a1UJDEACkhYJWywMufCTSPVewlrHsl1kLoCH0mXPUqcLJWnLt8s55U9jUUw8gbBv8W+DOsuAhduLK5tAODOF1FUQx8gVnOBAqxV/+nRrfiun5tPP0XOo8zIXewW3P/aLvzH6V/9Qvk0GhqP/Zu9RxxA5x2xBNpYUwOVZ894E+9iLEYW3aBeSbPy2NevLrwLoyWd8vNQVaW2pf36UyuWezRKc7vXIrWDxs1+lAzQbFxs9oF6ywBpUw8MRdvb4rVOFITzg1g9ROcqidTQeYM/ezQTZ/jC1uEQrZXz7ZfA2Js9aYUIysJlvjt/65w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DPd/0Udg2gX4Q2SY2Za30gmdTOnrVRsnL2O6cNJJuXQ=; b=WWXWrdiqtgdU/N9/n9X29F1Kg8VCFJehdFmzOCVWVA/ZiOkeHfUrEAnejqPLZtl3V9UTvb4EyzeLbcmx6LpvlNQe+3lXOyk0AUjcbuzMFnd150j+ZTgXyGulGRJ3gPRTq60f8WMDm7YS+sH1SSDPNzwn9SqY6DIoD4oCkKeo8dm9O5dKooLY5PUfpGulUKb+ItksgFnafpElGle1C2Fey6Y1scHgwrotTgXYhGu5yCiXI4Exz8FblCK1VPa3L6jH9CvXFI58dDQQ59oCOul4uVyOnye2a1JSL6dqZBaVYoH0bfqmR02r1EyY79ozGA6ravwt3Q4kpkb1PnncCYk9IA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DPd/0Udg2gX4Q2SY2Za30gmdTOnrVRsnL2O6cNJJuXQ=; b=GFbots1rnHsX/mUJIhQh7Xay8jWv2TM/801R4G/kEk141I/mMu+pg3jdryX9jt91YPvfGNo3DI+18ttF1mCpDpSRHFr2FwQBTTDDlOMpHgCvT3uKsKlUWvCbESa3imsDJ7Fgwa52Ima0bLhaXy0rYdCnboYWQtKFPtbyQ+sKVDpI1hJEFYr3GF1CnoJcnnuCrdYQKJk7bbqwHJpgciV4amoO75Xzq9w6jFOBXrvHe770bMLrQVXSD+BKOR+NiiE3xORaS0rnEA039o18KxrOtuEDggWnWC+6SBZjLHhGO9EISORdeglRv5QXnpVY86aVprYaXC4mi3gXd/xhaYw3mQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB9PR02MB7129.eurprd02.prod.outlook.com (2603:10a6:10:1fe::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11; Tue, 9 Nov 2021 10:33:59 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672%3]) with mapi id 15.20.4669.016; Tue, 9 Nov 2021 10:33:59 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: "saag@ietf.org" <saag@ietf.org>
Cc: =?UTF-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
Message-ID: <95616955-6d29-96fc-bdec-a1126e410e24@cs.tcd.ie>
Date: Tue, 9 Nov 2021 10:33:57 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4U7mpYtxGHrdRpnF2zIUm5vVUArzH6hQg"
X-ClientProxiedBy: DU2PR04CA0009.eurprd04.prod.outlook.com (2603:10a6:10:3b::14) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.124] (95.45.153.252) by DU2PR04CA0009.eurprd04.prod.outlook.com (2603:10a6:10:3b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11 via Frontend Transport; Tue, 9 Nov 2021 10:33:59 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: cc6ec13c-f4e9-4df9-16fa-08d9a36c70a2
X-MS-TrafficTypeDiagnostic: DB9PR02MB7129:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB9PR02MB7129591B52C2B86632FCD052A8929@DB9PR02MB7129.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:826;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: i3VKNLotcC14kKBJxJGe6dEiRxJlLmVUKoBxixNaxcWfGvOGJMsS6orLit8fQH2TS2vTRZC+avIQoX3krYXXi3S+l+Ua+hgMy723xRNqptHiw1PJOxbpkBmc+o5z0HlD/R0UQoC72fg0EjWZbUqnxrsOEsDdYUIrS+x2KvvRO7Nc2cyqe6aUlLhXZ5A5l92QaHKbbHbRwdGTQSU8yWPHRKBlR9fmc2N8p0b4cjREVdFRmt26eZmew4i/F+UUEchV8gUENmi4yjxxZ0bPrJUFR1VzNylhB1Skg8wGRRryZ7PDqxafiRkkuh2mib4UiIujT3mo9M/51QjjSKP32qwTTsG+KEoq9wHJ/AZsytdQ2rmGOc4wXfgfRYe2QWIM6r5l+iVGtMaaFwgmbvm0WAFy1wRTepjPYPyVk01VaIW1P+GK8ksONBCoTCOm9MKXUDM6i4EWeWinwxkTxQkraz+R2KcHfYyLZBSD8coR2GqbJUxdJ+gb+/qmT5Rs86a6JmfyVhGGNtdOrCYYsYpzNuyuPht7b04cfrcmMnd/O2DtPsAUJUUPWF0MyMU694P0W27g8zpyEEOW325izzBK8p8/dVSn9Ojr7pPutVNPa1dw2ZWxB6mU7DPd2csjUgJxMjRknJzpSancIKN7YQUT/nPqhZ4cp/wcMKYXNPBkzC3Zeuqjjkw0VDZg+v6PizCUclskwGkIbHytY0fT0MpHXERUqHrVfAJ0W+WuFI0dRL182S4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE;  SFS:(4636009)(366004)(44832011)(66556008)(564344004)(31696002)(316002)(33964004)(786003)(16576012)(3480700007)(86362001)(38100700002)(956004)(83380400001)(2616005)(66476007)(4326008)(2906002)(66946007)(6486002)(26005)(508600001)(31686004)(235185007)(8676002)(4300700001)(8936002)(186003)(6916009)(21480400003)(36756003)(5660300002)(45980500001)(43740500002); DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?R25iZHFRMytSNnBsdFpZZDV4eWhpakxPVlNnbFFVMjdPWnU3UlJJSm9OVU5X?= =?utf-8?B?VndYWjFid25RaFFialowQ01KZ3dBMTFOUG9xbmY3WmpiUTRGaWk4eVlhUTJC?= =?utf-8?B?NTN3TUN0Z0ZzeU9JSUczbFBIUmpYS2JCN1ZvZlQxTkZPMWVzcEYrUW1UUE5R?= =?utf-8?B?ZC9lc2FTSFh5RXNLUVRKNGRUODIvNC9kVlc4eDBHZnNpanR4a3kyalZWdU1u?= =?utf-8?B?M2todVRmZVREaTAvQkJJTlcwbWhKS0QzV0J1dlYyVm81ZHJlU2YzZkNmckNi?= =?utf-8?B?WHg1VkVIT3gzZy9oempQVjVLRkZBV3V4ZHc3VU1NNEZmQzhHOHVETUhQU3ow?= =?utf-8?B?OGFGY3MzOGxWOXE5cHJobjhZNFlFa1NPS2tWZ2FVTVU1QWh5T2k3NE9HejFL?= =?utf-8?B?TlNaaXZydzFyL1RxMDdEdTlPMHJMZlIvOUtxblpNVmYzNzk2dnJyb0dyazdY?= =?utf-8?B?dy8yeTNVd2ZJZGZjSHJPdDhmQWQwcERuWTZxMllqazNsNGkwOTcrTklqVi9v?= =?utf-8?B?bHBIczFDei9KZmtVanJ2eEVibGNxTWdNcndYWUxFdHpsemJ5S3EwSThvMHU1?= =?utf-8?B?OEJBUEltc0NLMUFTam82UE03aDMvbVAxK1d0S0d2WERnZ2hKanpnc2d5ZVJt?= =?utf-8?B?bGNsQWt5ZDhvbWFuTThDcFZ3M2pmb2RXWE5OWDZkaktsc1NFRmZSZStSWTF2?= =?utf-8?B?ZEFDVGRoYUpoR29DRy92ZitobVNuNzV1MUZML3dFSENEeWZsTWx2MWNRRmNM?= =?utf-8?B?dlQ0cXhmM2RqbTdFQk1OYUQ0RWpJVW9IdFlmWHdvUitSdXdsM2NXSHpNVFU1?= =?utf-8?B?K1gxYXZuYTNUYUkwSW1jOVFqNTloR3NOc2N0OWlWUHgvL3d1eFVsUHBSbExD?= =?utf-8?B?Wjl2TitER081TE1ZalFvei8zQlNZVExFbW5XcGtWSFM5d1hnaE55SDd6V0Mz?= =?utf-8?B?QUUzbitkZWM4a2R5ZWwrUTlNaTZNRmJuUExHZFJUaTJYZllMY0ZOUitDZVBC?= =?utf-8?B?Wm45MEZPVDRVWmtuUzliaGVpVzFkZmtOU1QvNFFRR05WbzZWaXdyR04yVmRr?= =?utf-8?B?VFBtYmxMZmxueGJPTFRneExmRmt3NXNUL3QzN1NMTWZZaTJnRy9lcjAvNXJ3?= =?utf-8?B?NGt6L096dzBKMmxDOVRlcnJraDBRcnNuVmNSb2pERkFyZVR0bGRDWExCVHZi?= =?utf-8?B?UXFsdE4zZWRTYlRjRUxJeUlocnNHVVpaVjhnTVJDcGtqYmM2eFljU0lOL3pV?= =?utf-8?B?S0swb1ZlTENocStUVVBGL0lrSjRLZ1BxRDRGZDBicGFXK0VCOXdncUVCUlU4?= =?utf-8?B?K1AySkxLcnd0bzcveHN4NHBqQjVNa1FzNzZPMTNKQ1lEWmRzZkxaZi8ySzZB?= =?utf-8?B?a2RIWWhZc3pMMTVmdXV2VG4rTENNOThWVExqUytnWmwxMkFiYjgxWk01dDV1?= =?utf-8?B?QjNkTXk5bkoxcVJ1TFRNS0R2emN6eWxnZS9sUElKZEVWZnl5REJLNzVoanVV?= =?utf-8?B?MUdXb1pVMUpBOFZwa0w0SVd4T3IvMWhrUlF4OFdzR1o0ZmFsS2x4TEpYN1Jo?= =?utf-8?B?RWlINjVDZzdGNGFUVENwVHJybm84NjY4QjVJVEZkYTZwdWoyVU95Yk5IWENh?= =?utf-8?B?VHk3a3JPWXZLcHk1TUl5T1NuSWNZM3ZsQU1pVy8wWDNGUm5uMGk3OXlZVUlx?= =?utf-8?B?d3VDcW00L0wzVmpoampDSlBNRGNxbksyZTkyVzZLL1FUaFpyMzFwTDlwQVR3?= =?utf-8?B?eXBiSjhwOGRwRjBxbFhyNVhIYjExVitueEhOc25TWnBCV01SckFUU1dIaEZ0?= =?utf-8?B?bm5UR280VzRqMVc0QVBUMy9tc1gza0l6bjFrREVPOG5wTVpYejZYK2hDSXZh?= =?utf-8?B?OEpMd2tDSkxrN3BTa1p1M005NXFLWEw1U2NoL3ZDcEFaeCtFSnFMYVlNdm9O?= =?utf-8?B?TmYrZTlsSUFUaGVCbGJwSGlGSHBnOFVEaHdQRzlxQVltMUtmOHZ6N2I1RlJk?= =?utf-8?B?STYrUTE0MVFzVHAvcjRUUTZYeEQwMWpiRkgwY1Z5aDVNbDJWM1V0U3dGVVVr?= =?utf-8?B?UmtWTEtqbUlMdGFhRXZFelF2alRmZHhZOUZBTTZ1WmxvYkIvNEZpMjE5VUp0?= =?utf-8?Q?4gEs=3D?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: cc6ec13c-f4e9-4df9-16fa-08d9a36c70a2
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Nov 2021 10:33:59.4170 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 7FqAF8Tf/4mYEkWmEiVrNsZKYuDDHirjevJ1p8Dapsb8ZyK17ypm8GIh5UM+4kbj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB7129
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Jl98rI071VEaUmDulsUkWwu_uPc>
Subject: [saag] lake report for saag
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 10:34:21 -0000

--4U7mpYtxGHrdRpnF2zIUm5vVUArzH6hQg
Content-Type: multipart/mixed; boundary="JFBqMNdERTkZMeVL9xNfYJo5m6qhDsEsk";
 protected-headers="v1"
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: "saag@ietf.org" <saag@ietf.org>
Cc: =?UTF-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
Message-ID: <95616955-6d29-96fc-bdec-a1126e410e24@cs.tcd.ie>
Subject: lake report for saag

--JFBqMNdERTkZMeVL9xNfYJo5m6qhDsEsk
Content-Type: multipart/mixed;
 boundary="------------396BA6A4CB6BA4EC9EA2871D"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------396BA6A4CB6BA4EC9EA2871D
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


The LAKE WG meets Friday. We mostly plan to review the
work done at and between interims and catch up with the
ongoing interop work. We'll likely cover some of the open
issues as well of course. It'll be fun:-)

Cheers,
M&S.

PS: Yes, the above is the same text as last time:-)

--------------396BA6A4CB6BA4EC9EA2871D
Content-Type: application/pgp-keys;
 name="OpenPGP_0x5AB2FAF17B172BEA.asc"
Content-Transfer-Encoding: quoted-printable
Content-Description: OpenPGP public key
Content-Disposition: attachment;
 filename="OpenPGP_0x5AB2FAF17B172BEA.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh5=
Cg8
gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+QtaFq=
978
CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGu=
D/Q
9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4=
tNn
cejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqB=
wV+
4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghVB5Uir=
1GC
YChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5FmBKjG7cGcpBGmWav=
ACY
Ea7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK7uB7E7HlVE1IM1zNkVTYYGkKreU8D=
VQu
8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER=
8la
5lsEEPbU/cDTcwARAQABzSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EE=
wEI
ACcFAlo9UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qGC=
xAA
pYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKkrRl8beJ7j1CWX=
Az9
+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBrsjC+1uULaTU8zYEyET//GOGPL=
F+X
+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZsdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4=
g1U
QAcCA4xlucY8QkJEyCrSNGpGnvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advre=
k3U
P71CKxpgtPmkd3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2=
niv
Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBGFEZYJGuaL=
4Nw
tBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wVN3p46RyBQuXqJV8ccE11m=
6vt
ZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8vovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7=
+8A
CcxRU3b9Ihd7WYjJ+pQPCoWYKozvtEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQ=
LvC
wFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8=
rpK
o9OkCz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqmuKhYr=
qJs
CcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMTAAr2p7PSaHgo+hIVa=
W/r
KSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQIAQlFxtgvOqpPOZNzeKBa/+KbE8TG=
gMW
rkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3u=
rqR
1cLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/=
0A9
J9nrnBMqZpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5hc=
JBD
EN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPpMyEs04zvsbsl4=
vrp
2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouBur45UDKTZkMZrr9FGrtkyXCGA=
xvK
dcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQyoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaK=
xlf
tjO+Bj3Jj73Cr5eqej3qB5+V4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjg=
Uky
o1s4vjUOY8DyI+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIO=
aHv
X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg2YVf0izSp=
yyz
JeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc/MoSjTS65vNWbpzONZWMZ=
uLE
FraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5w=
sDc
BBABCgAGBQJbxcflAAoJEGo7ETk8pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer=
3UM
TVQg10vpa7pmqOGhjIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCP=
jt5
uAxmbBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6+uWyK=
171
RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh5EQsn0pIh9wZIAbMR=
Lpg
RKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6KLChn2aEHQd+PdY1GBpZEcmNEUPuov=
wza
tM0h64hCzTm41eDqRfihZVBT7TbfXQnv8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0=
zG3
6VdZTQF7TF/4Lz7/3cJ56jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQ=
eah
r2ez3DRBg3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxsQ=
GNz
LnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AFAlo+o=
3cC
GQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeOM3P7SW3C3UQYdCgZ/TlvxGgKo=
w5o
DSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3h=
Rcs
RvuPKHfl5+6oOi0+xqx3jX/s/69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmC=
Y98
iD+EeiIMAWBjMw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jd=
h2k
4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSlAblGjwZe4=
EIk
CXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNgvDxZvuXssEjvz9X5JfcIZ=
DIJ
pdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/rwWcpGr/MfVPTOik4H7F8rcVJelceZTzC4=
tvy
a7M+jM4fyFWWt8Y4atTixUiP7U9o4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4=
ul3
qvjYe8ye8DXEDjKAxo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIc=
G9g
ivQd8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6NXEGt=
w/r
1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYcJf+RyiH1nMoqUIZiZ=
Jaf
3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbYtWgsYtRqHLD4IWi37MZrVyjBuF7u1=
4Q0
7+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGf=
qtu
Sw6CPBYLdbikqML6FZ7EDuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/C=
gHw
26293tlve2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkKC=
wIE
FgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiPGYnh/CXxIF8eL=
rfb
e5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dTMrEGn8QWKx2iNuz9rZMXyOSWF=
etu
O01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8=
v39
+qIHHRjuiwxBBCAOhHtHRsZXripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr=
1oD
3RxYNhuWgyGFL64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Pr=
m2D
Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCbhrC3+yoby=
y/A
UOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10MSU8GEZu9ayU4M3o3N9yxO=
jao
P0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXtGKvJtFAEppGEYezB+bLKIm6XlpPkhnwYz=
leL
Z7AMEco2C6QM8QPB3g3JpS3sqRhA5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC=
2X4
pbZDRvGIUKaGSB4+ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g=
1MS
BQJbtySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/l//34=
YT0
auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX4Iec8+9ot6tIVg4sb=
edD
Sgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo7kD9FDHCjRN8XfhHQ4Q9cYyt06uF3=
1qG
/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZjCROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcV=
YW6
R0a3Ra8KudX+nt25H5DRGd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg=
4Im
VOLGqsUgVm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGxm=
qyH
eLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88zllsqhZAFQjNx=
qnk
SzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2EtMBhgojWwrGMvdLN6X3mnzNJ=
Esc
YyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezIz60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n=
2Hw
xyRL5dVMyMdyQmntubbctfqrZ0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4F=
eIY
jlIXGghFWzsB4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8E=
AuF
CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwlvpNwiiBr4=
2AY
R751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGkbPlPkztahsFqktgacIgXH=
X5v
aT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joBp823L7r5KfpqWTPpSCzVstQKZUGmmoE1q=
Csw
Y/Ud5wvp9SccpIILkRXj0rZRtfnE5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tq=
yA4
3niUMy2n6q690of3berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7m=
Eer
0rCL3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJyZWxsI=
Dxz
dGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1RWgIbAwUJCZQmAAULC=
QgH
AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jscEADEcB0WQEZn2AkrzDs1RhL0Lp6cZ=
i0B
igofkbcGfdhJyMSs19C0dhvncrAFClVI6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhn=
i9g
OJLlUpXViQtgrlstjk7hqVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTy=
sIg
pMw0bA1yBU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1n=
66v
xxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIqhCljJ9x40Fkn/=
3r2
BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw2AbeXfr57f5zYsN3IqfbQLUjM=
YtU
N1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nYm2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr=
5iW
XO3qx1HtEiGEqkporMQCTh3T5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/=
zek
ZyXRdS/oDKrBLUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78b=
a0H
Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1SoAAKCRAvP=
Ic2
gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06TQgW5wsqtNcrwn81yZTq6=
XE6
i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I1=
16u
/HwA9/FXsPo5isbh4ZqD4t0VHpWkmfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/J=
G9a
SSYvk3lznNiH41x9M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IW=
OMq
N2woDjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcKBFyEz=
0YO
K3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0H6FJ23A9Ftpy+aXZ4=
vYl
zkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQOJSSHbQ49BFRLwb1J/wBZG4bbmrkLx=
nNb
KDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrhB+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+=
5HN
HltSL3DF1c2fFOf2JrgBKVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq=
4hn
l5+VC/48ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPwn=
Zbg
JO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2MvoolsW08FiZh3Ej4d=
nJj
j25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJlMbVLrMo2GXeo03OzNyvbs+u8=
WLI
aGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilc=
dPC
Yk4BsOlzpwwO74hNG7iyl0KdAlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTX=
o4+
Ira2JUErL2cYzQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsRO=
Tyk
rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04fZ2Ry4nF9=
hZM
0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4NkC9JMpecfq62/teOAU2e5=
P3f
WYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOosp=
cL2
lJTmy8e3r79R24hPlSB4LDe0wEN8AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbk=
etP
GRmWvx5xUvb2ALFBBdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3=
zRq
k3mttto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+QgevYE0=
20q
pKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7vxflUEDuzsFNBFo9U=
DIB
EAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuBHmpvceBRZgRasdbaMc4HJee+R9+5x=
/nL
PCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHE=
hOV
fBZO59ipSeZL5iQC6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1D=
VI9
DYo2D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7PbT=
uW/
eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3vDUew1h5QU1yD=
aWT
3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcmoazpiKZt91CrFPOaoXDPck/Q6=
1df
mr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8=
MAv
2TGXmxpVJ8Nu4je6wf96Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOA=
HZR
5iCunYghx8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQo=
qj1
gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF6TeR83xD6=
Mas
qXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfdn3BmvqGyh8+ouHX9jMOxi=
RkM
dNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB=
++/
KAmi5UJV7zsZ7uYJ5jm97LV5SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lX=
xMD
rvKnXMkjseQ2oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrf=
ZtA
ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqYo3pcN=
2OE
0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQkd0YjcqlB1E0svODHT=
zcS
oRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7=
IKP
3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeW=
Iys
s6uTiyF+ZbJSo2XOKVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST
=3D40Nd
-----END PGP PUBLIC KEY BLOCK-----

--------------396BA6A4CB6BA4EC9EA2871D--

--JFBqMNdERTkZMeVL9xNfYJo5m6qhDsEsk--

--4U7mpYtxGHrdRpnF2zIUm5vVUArzH6hQg
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAmGKTpUFAwAAAAAACgkQWrL68XsXK+rY
sw//aClb4AxblFPyDu70wcW5TYV+X8Of62M7FmcTxlVpzINEJJr766/SAPYILOY0Mll3GOjGYx+1
w1AQCTioGFKoJBiaBv8yN0YJh3zUpqfJdjb7sF+NeIJGZdlfrBQNtcEEIF5EwPghe4R3EzLk5sq7
suB9rrn01hbVKfT5hG3TSjr46Mzz6k8yWzY7agMFivyr92rvP/SHYkUhRNYYnYamJQIQKJNiWNO8
OWF2KBz179Yv6Xd7Lr+B6QhTZJNZiI+J2WXNF6iBrhNLMm4yNxpJFYMZypN+EehSnBCWigAVTEZd
74d1MXy4ZeGN61wcSVH1g+yPIhmI+q486oRFS9nOYLjxcnJfKTQD3qs1J8LNCOQr5jmRnpmNiR/L
dz+D4x3ey4I18dRTxyMgo0NiD9ZdNYyWTsNzL3WqDWZsrOViAvKIP2O1w0Sf0InRaLoK0eAXTQJv
V+acnL4DSo9/3sZLUbJTPYBxnHCp/hDvWshv1oId+arDF0zxGm3mzLs1rkeh5S8FPp6xiRcqP1dz
MXEHFpTB5jQJbbDSP13qX17RjGDN5Gh7kzyKNEPF6TmkK1JPlaiCqtKzg9gWcqrpNnhT4ssjCd8H
4A6/pMrCk1FtNYth7ksMqIq5i2YCz04HFztvNXeVtZvssuM7tmsVwzEOza/pioTqmPBMuil9CQDI
yUo=
=G8gU
-----END PGP SIGNATURE-----

--4U7mpYtxGHrdRpnF2zIUm5vVUArzH6hQg--


From nobody Tue Nov  9 03:39:21 2021
Return-Path: <ncamwing@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD28A3A0F01 for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:39:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level: 
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Z2STCew0; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=E7ThLN7z
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3JlUOgnqYlE for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:39:14 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAD173A0EF8 for <saag@ietf.org>; Tue,  9 Nov 2021 03:39:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2535; q=dns/txt; s=iport; t=1636457954; x=1637667554; h=from:to:subject:date:message-id:mime-version; bh=5KOQ/8icypEKDaY9q2kk/91ISoBkxP1KJ09TPiW0/TI=; b=Z2STCew0P9dbAt0Umna7mfTQNyR2RQfKsTdb2FaSffCz3b4fmmVfuupI phU81RJDQ0AzxBVePyqdoH4F52Sycl1SsLPEu4De1hL4xMMf4mduALIKB dIP5oW/hEpX/T7qAQ+olwn/cqoIeTX7kaGq2M9gGq+OqvmyIBquuTH9zr U=;
IronPort-PHdr: =?us-ascii?q?A9a23=3AXeyKuRw0HmimoELXCzPFngc9DxPP8531MxIbr?= =?us-ascii?q?J09hOEGfqei+sHkO0rSrbVogUTSVIrWo/RDl6LNsq/mVGBBhPTJsH0LfJFWE?= =?us-ascii?q?RNQj8IQkl8hDdKLT0rhI62iYykzBs8XUlhj8jmyOlRUH8CrYVrUrzWy4DceF?= =?us-ascii?q?w+5OxByI7H+G5XZiIK80OXhk6A=3D?=
IronPort-Data: =?us-ascii?q?A9a23=3AUfrrBazQHUiuVSF6Rjd6t+ckxCrEfRIJ4+Muj?= =?us-ascii?q?C+fZmUNrF6WrkUByWZJWjvTbq6PYWTyLtt0aYnjoU1UscLRm9Y1GlFlrVhgH?= =?us-ascii?q?ilAwSbn6Xt1DatR0xt/paQvdWo/hyklQoSGfJ9cokP0/E/3a+G49Sgkj8lke?= =?us-ascii?q?5KlYAL6EnEpLeNbYH9JZSJLw4bVs6Yw6TSLK1rlVeDa+6UzDGSYNwtcaQr43?= =?us-ascii?q?U4sRCRH55wesBtA1rA3iGsiUFX2zxH5B7pHTU29wueRf2VaIgK6b76rILCR5?= =?us-ascii?q?GjV+VImDcmo1+29eUwRSbmUNg+L4pZUc/H92V4Z+WpjieBiaaZ0hUR/011lm?= =?us-ascii?q?/h3w9xIqp22Ri8iP7bHn6IWVBww/yRWbPEXqOKYfybi2SCU5wicG5f2+N11B?= =?us-ascii?q?Ug5FYwV5ugxBntBncH0ghhlggurnem6xvewTfNhw59lJ8jwN4RZsXZlpQw1x?= =?us-ascii?q?M0OGfjrK5gmL/cBtNvouv1zIA=3D=3D?=
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3AbBYM2a/cxvfdkNJMKu1uk+Fodb1zdoMgy1?= =?us-ascii?q?knxilNoENuE/BwxvrBoB1E73DJYW4qKQsdcKO7SdS9qBLnhNJICOwqXYtKMz?= =?us-ascii?q?OWwFdAQLsSiLcKoAeQVBEWlNQtrpuIGpIWYLabYDQK7reZ3ODSKadG/DDzyt?= =?us-ascii?q?HQuQ6o9QYKcegFUdAF0y5JTiKgVmFmTghPApQ0ULCG4NBcmjamcXMLKuymG3?= =?us-ascii?q?gsRYH41pP2vaOjRSRDKw8s6QGIgz/twqX9CQKk0hAXVC4K6as+8FLCjxfy6s?= =?us-ascii?q?yYwrCGI17npi/uBqZt6ZncI+h4dYmxYw8uW3HRYzOTFcdcsnu5zXcISa+UmR?= =?us-ascii?q?AXeZL30msd1oxImgzslyeO0ELQM82K6kd015ckomXo2UcL6PaJNQ7TQaB69P?= =?us-ascii?q?xkWwqc5Ew6sN5m1qVXm2qfqppMFBvF2D/w/t7SSnhR5wGJSFcZ4KcuZkZkIM?= =?us-ascii?q?MjgX5q3Pki1VIQFI1FEDPx6YghHuUrBMbA5OxOeVffa3zCpGFgzNGlQ3x2R3?= =?us-ascii?q?69MwU/k93Q1yITkGFyzkMeysBalnAc9IglQ50B4+jfKKxnmLxHU8dTZ6NgA+?= =?us-ascii?q?UKR9exFwX2MFjxGXPXJU6iGLAMOnrLpZKy6LIp5PuycJhN15c2kISpaiIviY?= =?us-ascii?q?fzQTOYNSSj5uw5zvn9ehTIYd228LAv23FQgMyPeIbW?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DqBgAhXYph/5pdJa1aHgErCwYMgXu?= =?us-ascii?q?BITFRB3daNzGER4NFAgOFOYVsmCCFCoEugSUDVAsBAQENAQFBBAEBhRuCPwI?= =?us-ascii?q?lNAkOAQIEAQEBEgEBBQEBAQIBBgSBEROFaAEMhlsRHQEBOBEBDAE9AgQwDxg?= =?us-ascii?q?ENYJPAYF+VwMvAZ8rAYE6AoofeoExgQGCCAEBBgQEglGCORiCNQmBOoMLhBg?= =?us-ascii?q?BAYIAfIQvHIINgRUnHIQOhnQ3gi6ofokUoAcKgziefgUtpyiFV4RUi2UfpWQ?= =?us-ascii?q?CBAIEBQIOAQEGgWE7gVlwFWUBgj5RGQ+SEopedDgCBgsBAQMJkHUBAQ?=
X-IronPort-AV: E=Sophos;i="5.87,220,1631577600";  d="scan'208,217";a="949857665"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Nov 2021 11:39:11 +0000
Received: from mail.cisco.com (xbe-aln-004.cisco.com [173.36.7.19]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 1A9BdB3S002244 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <saag@ietf.org>; Tue, 9 Nov 2021 11:39:11 GMT
Received: from xfe-rcd-004.cisco.com (173.37.227.252) by xbe-aln-004.cisco.com (173.36.7.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:39:11 -0600
Received: from xfe-aln-001.cisco.com (173.37.135.121) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:39:10 -0600
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Tue, 9 Nov 2021 05:39:10 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O6w4LrE9QU1X33t2XyyySx8pJKcMELyFbA57+pKpU03h9F08pK4PYXHs7prcDStLEt54zMPoexepVCnOZjs0wQZUETKXDp/Sy9RBXvvW50azGhCODLWr4lqvlftADynL7jglFkcyycAoj5LH/fyJIQ2A4N4JorczlGlVztvBRT5qMwqDECTORhJYYN2lSplgX+hP5EkCP5IJwGQDdMSNYXzs9u7JHwwPOc5dh7kx4061ZrcfP33BBoCJCgENtcPK6+BGw2FEB7VmgPQRZ6wD2Pt+j7EbRBenp5kMM7CZ3i/XJ497oV0lzwoGrgIeLM1wv00b2sa0N/tsVkTc7ETbCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5KOQ/8icypEKDaY9q2kk/91ISoBkxP1KJ09TPiW0/TI=; b=UoolBA/sGi/Cwhd7EiDCTSxDcDHnFDgZqOLtBWSeF34LZQiRWa/G9Ro2GYljm3H6r4dUht9VwtQBwJTIRix6dKAnipR3srEUmil7oIAAzCG4RXXU144vjqIk7oMBJ+cC+25mw1zi2Qjhh/3nuDaYo4JTuMGwZ/GCv4cRgPCxav7hPfWj2NmdYYrRlL88wMo12/qDAYClWTz1PUXlycO01YpnWg/h8YAch4DYKHt8+JhreFaJ06DtM+ckHE7icZs+RleBOVqYflDnwkKLvT4EWGPEzILrCJkLJonHGISuWd5Ki2BUVa0TbQFf1odgA0wecxV+NSlBfvwJDhrDjFQ25g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com;  s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5KOQ/8icypEKDaY9q2kk/91ISoBkxP1KJ09TPiW0/TI=; b=E7ThLN7z8lPv82A3T2z/j1Ve+0ULFflbzLS5nz9Ur3E7B0yoaCVn2PysKV6PO+9+vkwJsFknvlyeJkB5nRsVuSRKLCOJYUulS8Fm+Yaflbyips0nbdNXQL7BzELkoadQmncBlDaj82drsX8aIl7O9P4ZHRAHSinOopzgFHzlMS0=
Received: from BYAPR11MB2919.namprd11.prod.outlook.com (2603:10b6:a03:8d::21) by BYAPR11MB2838.namprd11.prod.outlook.com (2603:10b6:a02:cc::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.13; Tue, 9 Nov 2021 11:39:04 +0000
Received: from BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f]) by BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f%7]) with mapi id 15.20.4669.016; Tue, 9 Nov 2021 11:39:04 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: SCIM report
Thread-Index: AQHX1V5lX31YzryLwkyHCq3BMO2DAA==
Date: Tue, 9 Nov 2021 11:39:04 +0000
Message-ID: <766FC227-59E7-4CC6-ADBE-32D8D8AD60B1@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1cc8868a-a19e-4fad-5d28-08d9a375886c
x-ms-traffictypediagnostic: BYAPR11MB2838:
x-microsoft-antispam-prvs: <BYAPR11MB2838CF17EFF57A850546C765D6929@BYAPR11MB2838.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1751;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qNp1qSWhzGvyXF5+BK8GsssjGWIsbZtP9Xe9Nd0+Rit5D4SbHzFvIboMB0eeIfc8ZYXqLFlm/UUste1hKr9Ux0FBNRT3FVWneLlTnpTqVhUYt/uPlkucyG7RWeZsbGSE8JI6jhiJbYIlT8/bH+obNT1Wvz9XAn+SRORn002Mvv9a9e8eD//lCS5ZF0M1eyxjeP8XW5VJ+1CvZz1FGPS2YS1LeYB/FH9yCsCf6jdu14c6V0xi/U3vo0b3+5yrO4JbcF49zaLoorCDFKlSs3X1UMAPlNi1pJtHRYgNwlxzwfoDRM8Uujx6c5wPkqUKcx/07lpE5hNOwFkDog7fPXybz30FGEWQDDmlQckJr9w3TD8moCR2Tw0AzH0kfuPumFR+1wz+JL4oHXlD+WsNwAiYbNKhwcxh9rSJoHMnCid058cSh1letukR8bKrdW5CI3cL8jFJN0EbHZS4OT5MjskSyL283D1bBhyElYHvVnGeLhz4xHV0De1zofluxPFcR5LBD4N6dcvSYnaDuBVG9jsk7JqJXNt3w0RnWzHDWo1A9djJEKQnv1b5tXNngiNxqJZQEIGFywEld7HuRXyT8M7SQ0g/zbOXaT9iTzbTV72T0QkVx9R5Rj9mu/GPARPHKC4/+YMgLyflxzNxMrRNr5h8E1CU1L4Vzm1EkXAGAyVWg6135BiBTMBTzUUgvc9oCT8Tai1D3HnAjSLWX56Iwc3mFiPNbSPa883g+LUGpJdPcas+21cooxD4DCJHwYtMHu+r
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BYAPR11MB2919.namprd11.prod.outlook.com; PTR:; CAT:NONE;  SFS:(366004)(8676002)(8936002)(66946007)(66476007)(76116006)(38100700002)(66556008)(71200400001)(558084003)(5660300002)(6916009)(6512007)(64756008)(66446008)(3480700007)(122000001)(86362001)(36756003)(508600001)(38070700005)(2906002)(7116003)(186003)(316002)(2616005)(26005)(33656002)(6506007)(6486002)(45980500001); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?dFhTWUNIakx3eGdnZGdXZkdISFlEN1A3S05yRUg0OFhFSEdqNEhGK1JLNSsz?= =?utf-8?B?NHdYT2FuYUVRN0plV3RKWCtyUitqdmIvRGpzVHNCa0lWMjduQ0lNUjFuWk9a?= =?utf-8?B?VmZBSGFmZDVvOFh1WC8vOHhic2IvYTlaSU5VckNPQzBKR21VL3M0cWFJdkxj?= =?utf-8?B?RzE3dzRkWW4za3kvc3dJYkFSeE5vNGJCVFRVMWdPeS9MUEhjL3phMEFqbncz?= =?utf-8?B?aGdyTlVwd1U5ak1keEk0cTNVQlZBb2lrTklRcGpBRU9JMW5DODFMRU51UUNj?= =?utf-8?B?a20vM2VLdUdMTE9XVlBiOG5udnBDZEtCb0IwUmhvQkpZVWwxWnRpMnVjWFJQ?= =?utf-8?B?eVVya2Yvc1RGU2x5V2VVa0F2YkpGa0hNRmlQWmVXekNZa2g1dDAvRm5aaGVB?= =?utf-8?B?ZnZGNDJSOEZVMW1wS082QWlLNVh6d0ppbzIrejA4aGFzMCs3eGZrRGwwYWx4?= =?utf-8?B?SDJlV0xOOUZUTkpUMjE4aE5JSVBjOGRKZThWcW9EcXQwTjB3N1p5MWY5QzVU?= =?utf-8?B?VnowRHljdlpYdXEvTmVsSXkwZXc4Umplb2dySjNFZGF0WGVhVHorcTZGVDR6?= =?utf-8?B?YlQrSkVwNnhoaGIvTWNRa1UxeGFsK1p4NnBKMjE2NWVCaXpZMTlRSWMveWVY?= =?utf-8?B?QjhZRjA4VlZOcEhsRVRFa1VHczE4OG5VZEcvSEhQc2cyV0lFNnhMNWRXRnh2?= =?utf-8?B?di9WdVRkL0VRd01wa0dVblAzZmtpKy9ENGZSNy84VjZHZ05sQnZVSi9oVzhC?= =?utf-8?B?Vm41M3hZU212d1JvNkJxSG9ab2JONVRiaGR1SmNQZU5GcFN5ajhrY1hhL3Fy?= =?utf-8?B?bFQ4MVk0UDZjWEVSbzVZQUtPai9jWEliTDlkNDl0REp1TXpBcFp1d1RmdFRR?= =?utf-8?B?MUROeEZtUXFWcGZBazBCbEQ2T0JVWktpdmhYaTJ2YXo5RmE3NG9TZVVKa3ov?= =?utf-8?B?bmIzOVExUzJZZW5Wa0U0aVdpaEIrME5jR09VMXJiMkMvRDNGQnE3ME9FS3VP?= =?utf-8?B?cW90TWlOVkdCOCtocGdwanNuSVBpa3ZRK0hVM1RGbStZL1hLZHhONDdyTExp?= =?utf-8?B?clJtYzJDZ2RCdHREYVFNaTZGSENkcjlFVHZHYXh5Y0tRWHlhSG1velN2MFc1?= =?utf-8?B?dnl1UmlZL3U1RTdFUk83cmc0MlhncFNPRjJGYzh1enNncnEzUUh2ZG1rbHJN?= =?utf-8?B?OTQ0aEpVcHl3elI3MnZPR05qMStMTWFjWFR2dGpHNm5TYW1tN05kU242RGE5?= =?utf-8?B?UnRTTHQ4eVNTM3cxQ0hTdVJ3SkR3aWtvZG5wRlpDNFE1MEJDU0Y0SGg4T2dF?= =?utf-8?B?NFdscDhaYXZlQ2JFUm1zaEJFNUhBTkI0TVFZUHQ2WTZ3R3F5Ny9YR2ZTRFlK?= =?utf-8?B?cTUrbklIM3U5bGI1RUpkbWtnZWtsTllGR2pyZUNuZzJOd0daTS9XalRMcGg5?= =?utf-8?B?ZHVjbWdvL1JWUStLeG5COFRwbWZMdGtiNkN6MGFYdkNSUE5acGpnLy9nUTll?= =?utf-8?B?QkpQand6WmsyanZwMW0vd3h1T3lCZkNidjZiWW1kVGdZcWVldDN2bmFlQzhO?= =?utf-8?B?RXU0L2FUTU9TNGs5ajFCMWZ0WTBxN0R4dSsxZ1p3UXVBbmFIM2ttVWhjeGIz?= =?utf-8?B?VkRPUE5iVlJqRnNhYWxoc0diamlGNzhRejRIQU5TOG1SNkRXczlIUTZTTFR0?= =?utf-8?B?VU16QUtLU2s3cFg0TytYSUUrSDNXdGRqc3JNRUt5MEZlY0toL2ZxdmpoSEZn?= =?utf-8?B?R1ZNM056NGpYK041Ynpwc0szdVpHK3p3Vktta1AzeTZMT21VcEw0MWdHVnE0?= =?utf-8?B?bjNaRHlPVkdQeTRDdElTZG01VHJHbkEwRW14UGJtVFVEcFo5dEt2NTRYa2Y3?= =?utf-8?B?RXgvVXdsMEI3cnplOFZNRkxxaDVmK0dWNGE0aHBQMXBSTWJVbWVsMHN1RVFa?= =?utf-8?B?SXhvY2xBWEthRXNUeFNVT3l6T0FCRjk2SHU2cjhObC9oVy94eXcxVlZ4REN1?= =?utf-8?B?MGNpek90ZnRwdTF2aDJiTlNGSEJkZExwaEJzYzhrQk5SbitvTjhqeUVaMlA4?= =?utf-8?B?anBSU0tNc2hqUVhhYkczWmhzcTdhS01peUszVDEvb3QrUisrbEdwd2dkU1hH?= =?utf-8?B?ZGJiR1pPaytlVVBkTUhlZEt1a1I0b1VDcTJsMnIxTm8rUFAyTlRtNS9XR1B3?= =?utf-8?Q?r9fJ2lom9VJdILrJ4S7N7V1+Bn3H0zr1O7cGXfkOeGry?=
Content-Type: multipart/alternative; boundary="_000_766FC22759E74CC6ADBE32D8D8AD60B1ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2919.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1cc8868a-a19e-4fad-5d28-08d9a375886c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2021 11:39:04.3720 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: x3B0/vju3a95MhpnmJDny+BqhZp53OEFkrg82Tu3YREJyn7d4aWxP5CWVgJgUObgwa6NUXaK2AReMwImSaR6VQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2838
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.19, xbe-aln-004.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/nzzfd8QpigcLeXxrcxiL7m_wCfQ>
Subject: [saag] SCIM report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:39:20 -0000

--_000_766FC22759E74CC6ADBE32D8D8AD60B1ciscocom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

U0NJTSB3aWxsIG1lZXQgYXMgYSB3b3JraW5nIGdyb3VwIHRoaXMgVGh1cnNkYXkgTm92LiAxMSwg
U2Vzc2lvbiBJDQo=

--_000_766FC22759E74CC6ADBE32D8D8AD60B1ciscocom_
Content-Type: text/html; charset="utf-8"
Content-ID: <36A7A164DB26844FAEF9CAA2F6AAB189@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz
cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z
b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g
MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp
b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs
YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i
V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0Ij5TQ0lNIHdpbGwgbWVldCBhcyBhIHdvcmtpbmcgZ3JvdXAgdGhpcyBUaHVyc2Rh
eSBOb3YuIDExLCBTZXNzaW9uIEk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYm9k
eT4NCjwvaHRtbD4NCg==

--_000_766FC22759E74CC6ADBE32D8D8AD60B1ciscocom_--


From nobody Tue Nov  9 03:43:16 2021
Return-Path: <ncamwing@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C72233A0F2F for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:43:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level: 
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=e+yOPmfI; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=LmCRQazj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUdflOZi5mWa for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:43:10 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 162103A0EFA for <saag@ietf.org>; Tue,  9 Nov 2021 03:43:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3449; q=dns/txt; s=iport; t=1636458190; x=1637667790; h=from:to:subject:date:message-id:mime-version; bh=F4wIePGt20cpSW6YOhXUhE6xiqnmvSNHi5IVGj8mANI=; b=e+yOPmfIw0GbXgSpnjf7N2nyOtz1oqgLadCj/cCuL/b+dykkmm9H60iJ lL8vmzfaadNG9/nImF1qCZ3wPVh0alnj8lsVI6MgZPdhH0IDeCVqMHsuO 2faGV8HTwg3a09HZ1gX3QCmS3kH0NFE5FxEOTqRymmmuP8y8n7eF8tPf+ o=;
IronPort-PHdr: =?us-ascii?q?A9a23=3Ar3FHGxYZIjI5QE8ygE1LbsP/LTA1hN3EVzX9o?= =?us-ascii?q?rImhq5ANKO58MeqME/e4KBri1nEFcXe5ulfguXb+6bnRSQb4JmHvXxDFf4EV?= =?us-ascii?q?xIMhcgM2QB1BsmDBB76IeLkKSsgE5cKWFps5XruN09TFY73bEHTpXvn6zkUF?= =?us-ascii?q?13/OAN5K/6zFJTVipG81vu5/NvYZAAb7Ac=3D?=
IronPort-Data: =?us-ascii?q?A9a23=3AWBrZV6zT7uh5cL5yXht6t+ckxCrEfRIJ4+Muj?= =?us-ascii?q?C+fZmUNrF6WrkVTmzAYDW6OaP2MNjDwet1yYNiyoE5QvZeGyNJkTAQ5rlhgH?= =?us-ascii?q?ilAwSbn6Xt1DatR0xt/paQvdWo/hyklQoSGfJ9cokP0/E/3a+G49Sgkj8lke?= =?us-ascii?q?5KlYAL6EnEpLeNbYH9JZSJLw4bVs6Yw6TSLK1rlVeDa+6UzDGSYNwtcaQr43?= =?us-ascii?q?U4sRCRH55wesBtA1rA3iGsiUFX2zxH5B7pHTU29wueRf2VaIgK6b76rILCR5?= =?us-ascii?q?GjV+VImDcmo1+a9eUwRSbmUNg+L4pZUc/H92V4Z+WpjieBiaKZ0hUR/011lm?= =?us-ascii?q?/h3w9xIqp22Ri8iP7bHn6IWVBww/yRWbPAWo+6WfyHl2SCU5wicG5f2+N11B?= =?us-ascii?q?Ug5FYwV5ugxBntBncH0ghhlggurnem6xvewTfNhw5RlJ8jwN4RZsXZlpQw1x?= =?us-ascii?q?M0OGfjrK5gmL/cCtNvouv1zIA=3D=3D?=
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3ALX1bN64d4hP6wnXNRQPXwXiBI+orL9Y04l?= =?us-ascii?q?Q7vn2ZFiY1TiXIra6TdaoguiMc0AxhIk3I6urwRZVoIEmsuaKdhLNwAV7MZn?= =?us-ascii?q?ifhILFFvAG0WKA+UyuJ8SdzJ8n6U4IScEXY7ecYSkY/KTHCWKDYrEdKay8gd?= =?us-ascii?q?mVbJDlvhFQpG9RGsVdxjY8LjzePlx9RQFAC5Z8PoGb/NB7qz2pfmlSRtinB1?= =?us-ascii?q?EeNtKz6eHjpdbDW1orFhQn4A6BgXeD87jhCSWV2R8YTndm3aoiy27YiAb0j5?= =?us-ascii?q?/T8s1TiyWsl1M73a4m2ucJ+eEzQfBkTfJlbgkEvzzYJ7iJnYfy+wzd7tvfrm?= =?us-ascii?q?rC2+O83yvId/4DlE85OFvF+CcEH2LboW0TA7iI8y7BvZKrm72JeNpxYfAx+7?= =?us-ascii?q?5xY1/X7VEts8p7178O12WFt4BPBReFhyjl4cPUPisa3XZcjEBS2NL7tUYvGb?= =?us-ascii?q?f2qYUh2LA37QdQCtMNDSj64IcoHK1nC9zd/u9fdRefY2rCtmdizdSwVjBrdy?= =?us-ascii?q?32D3Qqq4iQyXxbjXp5x0wXyIgWmWoB7os0T91B6/7fOqplmblSRosdbL57Bu?= =?us-ascii?q?0GXcyrY1a9Cy7kISaXOxDqBasHM3XCp9r+56g0/vijfNgSwJ47iP36ISVlXK?= =?us-ascii?q?4JCjXT4OG1re52GyH2MRGAtG7Wu7FjDrBCy8/BeIY=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DsBgDmXYph/5BdJa1aHgErCwYMgXu?= =?us-ascii?q?BITFRB3daNzGER4NFAgOFOYVsmCCFCoEugSUDVAsBAQENAQFBBAEBhRuCPwI?= =?us-ascii?q?lNAkOAQIEAQEBEgEBBQEBAQIBBgSBEROFaAEMhlsRHQEBOBEBDA4wAgQwDwg?= =?us-ascii?q?QBDWCTwGBflcDLwGfKAGBOgKKH3qBMYEBgggBAQYEBIJRgjkYgjUJgTqDC4Q?= =?us-ascii?q?YAQGCfIQvHIINgRUnDBCEDoZ0N4IukBKYbIkUoAcKgziefgUtpyiFV4RUi2U?= =?us-ascii?q?fpWQCBAIEBQIOAQEGgWE7gVlwFWUBgj5RGQ+SEopedDgCBgEKAQEDCZB1AQE?=
X-IronPort-AV: E=Sophos;i="5.87,220,1631577600";  d="scan'208,217";a="958399612"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Nov 2021 11:43:08 +0000
Received: from mail.cisco.com (xbe-aln-001.cisco.com [173.36.7.16]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 1A9Bh8Ds012658 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <saag@ietf.org>; Tue, 9 Nov 2021 11:43:08 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xbe-aln-001.cisco.com (173.36.7.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:43:07 -0600
Received: from xfe-aln-005.cisco.com (173.37.135.125) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:43:07 -0600
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-005.cisco.com (173.37.135.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Tue, 9 Nov 2021 05:43:07 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CPdwFGOdlu1pizKTNY/h3Aw87misDsDUk+O4aQqUvtgyuOy09QWRWjQ9oeWZfHiZxllEqBfXNWBkpelxQTTd7p6eOYX8dUFbFCONYKx0zd+SmPDytpf++dBpyOfpVwRqq9wz7yrGwad2y9f7JojNc0hc2ZJJjOOEXxEVOWlDOkCEXFvDi+ZV8LORhIA8U5D6p7K0EixkP8+dpuvN4jYLm18JMqlTdyi8KAAwJYlcNj9oLrtnBzgTBBl1AYrJ99i8dSRGf/odJM/acZDIGhmRH2Pd8mJ8H+ayHgx8KutIjs7s/yQ4IzIEIvVru2EuYet4OE0W2hmrjj8cw0qrwfU9FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F4wIePGt20cpSW6YOhXUhE6xiqnmvSNHi5IVGj8mANI=; b=SREjKRsxpN4Ny2NWuNu8K250J/o84f5KgHqI45dDCPvUV8CJI4MEMzWOFUnv+4zKPnYffyzQSTmVCbZahA20C8XY9wVwg6WBUi4FYdY/7aos74cnaWuipPUNi0zm/l8R7m3IKIMW0cucbWf6VMsUd5rUIBjJ+yd4dfHI6rSimgHODj6yyqbSLk3g3bue++PJmiBZL+B3o1dHGyX7hAxuZ4NO4K8vkA7RhmMSBgTkQCyKbj1sRn5LAUD6ojnxUEV9XmVx0xAxh0W0ySj/Z4VWWq3ktNFXugK1/LRMZudCBff+QS1yMjZeP7MCxQDVfCQeGccvOn2IjkMiklnDQEcPiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com;  s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F4wIePGt20cpSW6YOhXUhE6xiqnmvSNHi5IVGj8mANI=; b=LmCRQazj07wJAOyoyke4q7GaJdTObeMmCmKsuWvK4wEva5/UL2O+1cB//HkkTUQrMNwvyV5OXymb05lp+SubjqfClQeOl5FYZygkGvVuxxlftCa8x5vA3sSDKKscp+36zsJ0e87TADMYJWZekmjka7G5ZIJL9OsO/y0zuUcCUQc=
Received: from BYAPR11MB2919.namprd11.prod.outlook.com (2603:10b6:a03:8d::21) by BYAPR11MB2838.namprd11.prod.outlook.com (2603:10b6:a02:cc::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.13; Tue, 9 Nov 2021 11:43:06 +0000
Received: from BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f]) by BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f%7]) with mapi id 15.20.4669.016; Tue, 9 Nov 2021 11:43:06 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: TEEP report 
Thread-Index: AQHX1V725J2sX/ABFk+LtvY34xJ2VA==
Date: Tue, 9 Nov 2021 11:43:06 +0000
Message-ID: <162608C2-E995-4994-B224-BA36223FD0E1@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bf0fbfa4-bedd-423a-ac24-08d9a37618a9
x-ms-traffictypediagnostic: BYAPR11MB2838:
x-microsoft-antispam-prvs: <BYAPR11MB28386DB5ECE3B8437A502302D6929@BYAPR11MB2838.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hkA828PbpGmKDVlXEaWVFt6pdkpRxdwmVOs1A+a3JSI7aHZOs8H0CzkkG77AwTLQ4r1M39eUVJBmNXGx87qaj6ms4h9nmQaBOCcz0SUwts6ew7P9cV3GBTr/liNWMk1BAtOE5HQeqwnlIczguS8tgyPwfZqsHpoV4dWhl4Q8ImYmPrmztoamLu0mpXAonh1dnhNcxv6Welc8+Slk3FC0VbDyGdXuPn3sdgfv/LSGNigjU8n/XnP2Byr2Eh+r8xIZ6HqAr1N5Y7NFrbvZFakvU2CIFVkeD6OQXFRkL9ZdFyU+8YTRYXXrg1jiMdG6OJuXBLaU4ROiMxjAxQp6Z8qQYfSxQFEz/EDwQAZbKlpotpwfES2FFzj4eqlTfLYcFKAifHFk07GoybK9AyVd209CLhiKXg6mUat78jA3/qFcMeGpskod6SAVpJl7Qie6mPYv46yy7Nn7UsS2MWc2PnFgg2DO2nVvqU8tGSPNoLopJ7JFNYLnkEGB+elZ08CEvB5ubxkCwXZftzp5sbFRJcV+GQwmjXzj4JIRzL7GEOjPyNrNAScW4iVYeDz5gGbwdACpIPDGbf+nuUk6uAnddijOHY6FO3uQTnytkdRlxlUhxQL8hwwvupX+w0bICKRhLPaoVnofFW4864iWwsquNNrDRuPT/od9dLtPOapP+MJBPS7duUjE/pkCf2CFmpS0ZZYXPW9B8OtNfze/SbpExTi7z7Gm8xMzvkqvoX4b/CCBSWh7pP5RNk4toVn/XU+Nf83U
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BYAPR11MB2919.namprd11.prod.outlook.com; PTR:; CAT:NONE;  SFS:(366004)(8676002)(8936002)(66946007)(66476007)(76116006)(38100700002)(66556008)(71200400001)(558084003)(5660300002)(6916009)(6512007)(64756008)(66446008)(3480700007)(122000001)(86362001)(36756003)(508600001)(38070700005)(4743002)(2906002)(7116003)(186003)(316002)(2616005)(26005)(33656002)(6506007)(6486002)(45980500001); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?OFB6bTF5TTJPMWZDeTIyZWV5ZDQ4UUZrVkRqcjJsdVlUcEpwdnF4UEdSOVpa?= =?utf-8?B?SUZSUC9GZkJDK2hjRDdXWWxGUlh4K3Q5VFZJZ1Y5Ylh4RU1Ub0FtcGxIMW5n?= =?utf-8?B?bjJ5eHJKN0NmcDRKNW5ZdXcvbkwrM1NUTWlGaEZnWnlhc3JraGJKRWk0UmFZ?= =?utf-8?B?cWJ2YzhSUGx2Uk13ZC9ncFhxOFhFN0RiSGpqR1Fab0ltS00zcVljY0VBQ2s0?= =?utf-8?B?b0FkWWlDNnVvVUJmRWdsVktYcExKK1BpSDhyVThWL21rcDdzR0V0aGZhN0lT?= =?utf-8?B?VnE2bkFYUk95NFVENnhUSi80cVFrc3hqQTQvVGdRM053VmNheHhRdG5PbVpH?= =?utf-8?B?T3dyQ0xHVUIrTHJja0kwMy9NZlczV2ZKRkpFbnNQTEgxSnZVdXp6UU1CNm5t?= =?utf-8?B?bGJSL0dFYi9ZNGlYOVJnVUtGSXltOHArcUE2NnJPK1R4QkRtUTFlYjFDTnJX?= =?utf-8?B?K1FoZk1IV2FRdVZLTVJndlNndStodFlwdC9vTTlsdkdGMmJaZnBUOWJSQlVF?= =?utf-8?B?cTc3TnlsOVJDZzM5VkVGSGlQSmJtV1pFQjRRTGdVKzVocDk0WW0vMWxQK3Rp?= =?utf-8?B?empOUm5IQ3VNR0x1TE1vRDVEdVhnSVJEb25XQU40VWFnRU1vOFVMOUttc0xT?= =?utf-8?B?S1lxL3ZCSFdaUjc5cUMrUUVFVE1ZOS9RRzVyR1ZiV2lNZmlEVDNuZzZsdjNn?= =?utf-8?B?MzhDNnhJU1FzNjVKQlZVTTllMXcweVJaZjVEWDJwa0U2bGZWdFlCVzRxYmFL?= =?utf-8?B?emZwS0kzNVE5ak9VNmxHRGhxL3JWbEx4SU93a1FVazg5TG9oS1gyWkVzWXlC?= =?utf-8?B?VmhOOEtBTWNkY05MYjh5VndOT1g0eFNMek9VQXlJUk94aXVyeGcyMzUrWURC?= =?utf-8?B?dGh0TTJTaHVCMG5hajR5REg2bkhGMWQ3S3pKMzVlM2xUQXZ4NEY2enhXa211?= =?utf-8?B?TTVYenFJZ09MNG5SQnNKYjRUNFAxNGYrdTI1SzZCZktHOW40VDZvKzJ5ZTl4?= =?utf-8?B?bmtuWGhORmUzNWlYNnFGUVBvQWdzRlFZOE42Wm4vaWY4NmRocUxGaEJtY3J2?= =?utf-8?B?QXkyc3F6cUxvcTN6RkpPMytUNFo1Tmtpcms4Vm9lN3RWMUJ2SVN1dFpxMTd4?= =?utf-8?B?Q0w1ZjBMNFJyVzI2VXNDaHRwTGdJK3ZtbXBycXpUNVlUL1poWnl3eWI2ZVM0?= =?utf-8?B?d08rd1grQ0tlT1RKVWROaDFGblIyNjUxYk9SWFAvSW4wWk02QisyRWFDeDgy?= =?utf-8?B?anNEUC95alBWZWJpQVJXNGY0aHVXZFFJVW9aUVp2ZjZOdnVzRVI0Q1FQWGNQ?= =?utf-8?B?dERqODR2MGl1OEM5Ym9uOVQ2SWFPV1VkWGVVV1h4K3ZiZStZV0NKOTV3RnBw?= =?utf-8?B?L0pIeWhHVjNQWG1zMWphTlR3TDFmQzRxNStuZFlidWUzTHNHazlmVEtlVnVU?= =?utf-8?B?N3lvb0NFb051MytFWGtIbzhSS1lqUllOUlI1OVM2RVdvR21zQ3VTaVdYT3BW?= =?utf-8?B?TmFUeUlXM1hwNzR1bFp1NGpaNlBRcWNTZHorN2pudVNZUkhPYUMzeVREQUpV?= =?utf-8?B?UzZEK3BVaHZJOXNGZHkvY0Y2Vm9zbXFuWEtsU3ZFckhyOUZJS3Y4U291R0t1?= =?utf-8?B?R3h6TVlXYlQwTXVIV0lud0J5TS9ZdDFvUndNUUxBWHVkVmFYZDVIdjVBVzJu?= =?utf-8?B?allrV0x3amh5aExpbWJLQXF1cHBEV29ydnhJVlpZQ1JmVmxwU1hkVzRhZlhi?= =?utf-8?B?ZVozUC80WTl3MTlGN2NKVjgwem1nbFdXdWpqeXVwenBDRXlzM1YrMHI5RHdS?= =?utf-8?B?dm5HSWJZUWJXREpoTlhzemo0NlBhaWlBanA3QzRLbnRmQjJrNVlJNE1ycDJ1?= =?utf-8?B?ek9rcXRjbjcyTHYvakhQSHVBLzJhTE9sZjJYMEY2bllyMWNJNW44TzlPckNy?= =?utf-8?B?NUZGdlM5aCs0ZncxS3ovM0I3OGZhcnEreTZPaGtCVzFXdGJTNVdsbnZSTHFk?= =?utf-8?B?TStPL2tWZVpTWG8zRXp2Q240ckN4bFFwbWdpL0lPdmFRSklSNVBzMk9OYmh0?= =?utf-8?B?YlZnWDhqRTVOL0NJOUJNSWtHNEN4L3ZTUDJQRlc5QmhHbllVajRneDVVV0xh?= =?utf-8?B?OFVJOFlMYnVDZ2J4b25KdTh5MTZYaVZTT0xTRWhPRGl0R1k4dm9IUzg4NDZq?= =?utf-8?Q?TbMhgYS0LrHcZzvXv3nUu9jdWFqAZvSZWrjUOb7bFM5J?=
Content-Type: multipart/alternative; boundary="_000_162608C2E9954994B224BA36223FD0E1ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2919.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bf0fbfa4-bedd-423a-ac24-08d9a37618a9
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2021 11:43:06.3907 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NtsfOJngzOFHlnpcTOVe4UFufvOuM7hEyiSQZuHWqErzBtFG6kWC93+mJcuR2rSopEGq6vcmSRXHPV53YTgXYw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2838
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xbe-aln-001.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/F7bnRATHMXltN68G14cnG0JimgA>
Subject: [saag] TEEP report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:43:15 -0000

--_000_162608C2E9954994B224BA36223FD0E1ciscocom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

VEVFUCB3aWxsIG1lZXQgb24gRnJpZGF5IE5vdiAxMiwgMjAyMSBTZXNzaW9uIEkuICBUaGUgYXJj
aGl0ZWN0dXJlIGFuZCB0cmFuc3BvcnQgZHJhZnRzIGhhdmUgYmVlbiBzdWJtaXR0ZWQgdG8gSUVT
RyBmb3IgcHVibGljYXRpb24gYW5kIHdl4oCZcmUgbm93IGZvY3VzZWQgb24gdGhlIHByb3RvY29s
IGRyYWZ0Lg0KDQpCZXN0LCBOYW5jeQ0KDQoNCg0K

--_000_162608C2E9954994B224BA36223FD0E1ciscocom_
Content-Type: text/html; charset="utf-8"
Content-ID: <AA3533714373AE4CA8997FF2D99A55B6@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz
cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z
b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g
MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp
b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs
YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i
V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0Ij5URUVQIHdpbGwgbWVldCBvbiBGcmlkYXkgTm92IDEyLCAyMDIxIFNlc3Npb24g
SS4mbmJzcDsgVGhlIGFyY2hpdGVjdHVyZSBhbmQgdHJhbnNwb3J0IGRyYWZ0cyBoYXZlIGJlZW4g
c3VibWl0dGVkIHRvIElFU0cgZm9yIHB1YmxpY2F0aW9uIGFuZCB3ZeKAmXJlIG5vdyBmb2N1c2Vk
IG9uIHRoZSBwcm90b2NvbCBkcmFmdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQiPkJlc3QsIE5hbmN5ICZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+
PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_162608C2E9954994B224BA36223FD0E1ciscocom_--


From nobody Tue Nov  9 03:48:50 2021
Return-Path: <ncamwing@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65B7A3A0F49 for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:48:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.617
X-Spam-Level: 
X-Spam-Status: No, score=-9.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IHgaG3lg; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=tTVrGzYc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PGi79J8Eph0E for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 03:48:44 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB1613A0F48 for <saag@ietf.org>; Tue,  9 Nov 2021 03:48:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4739; q=dns/txt; s=iport; t=1636458523; x=1637668123; h=from:to:subject:date:message-id:mime-version; bh=hVWZdXOdRsFGlw00WhmXusT78aAbErWGXJtEFykomXg=; b=IHgaG3lgv9P4q3CAlL6Y5dK6gpn0l1I85S41ALG+I/r1Zt4spwHa5xUx VJEnQuijYXDGzJwUrQ3/njM3pU+cuOEae6YPL6k6oyMQ3ZDoYxaDAhjrr SINwLnmkcTazSgGpwe2tKoJsJCCVbaiEkkR4TW0RCszz1ibNlXha3JDz9 w=;
IronPort-PHdr: =?us-ascii?q?A9a23=3AGXVDwRVWRpZxsmH3cjDmutxSbQHV8K36AWYlg?= =?us-ascii?q?6HPw5pCcaWmqpLlOkGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW?= =?us-ascii?q?0oDjsMbzAAlCdSOXEv8KvOiZicmHcNEAVli+XzzMUVcFMvkIVPIpXjn5j8JE?= =?us-ascii?q?RK5Pg1wdYzI?=
IronPort-Data: =?us-ascii?q?A9a23=3AIBoPcaD5qQOSURVW/zThw5YqxClBgxIJ4kV8j?= =?us-ascii?q?S/XYbTApG9x1mRRn2McXW+CMqzeMGHxf4skOYXjpxgE75bcz9QyOVdlrnsFo?= =?us-ascii?q?1CmBibm6XV1Fqp7Vs+rBpWroHlPsoNONbEsEOhuFiWF/071Y+C7xZVB/fjgq?= =?us-ascii?q?oTUWbas1h9ZHWeIeA954f5Ss7ZRbrxA2LBVMCvV0T/GmPAzDXf+s9JC3s343?= =?us-ascii?q?IrYwP9nlKyaVDr1JTXSb9gT1LPVvyF94J7yuciMw3XErol8RoZWRs7Zx72/u?= =?us-ascii?q?2je5RpoU4njmbfgeUpMSbnXVeSMoiMJAO753V4T/WprjvZT2Pk0MS+7jx2Pl?= =?us-ascii?q?Nl019RLurS7SBwiOevHn+F1vxxwQn0lY/Idp+edSZS4mYnJp6HcSFP3yvxhJ?= =?us-ascii?q?EA7IYNe/fx4aVyiX9RwxCsldBuPgae9x6i2D7A2wM8iN8LseogYvxldIfjiJ?= =?us-ascii?q?a5Oafj+r2/ivLe0BAsNu/0=3D?=
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3A2wBrvqkjd5Dxw4Ltc+Fro7LUZebpDfOcim?= =?us-ascii?q?dD5ihNYBxZY6Wkfp+V/cjzhCWbtN9OYh4dcIi7SdO9qADnhONICOgqTPuftW?= =?us-ascii?q?zd2FdAQ7sSlbcKrweQfhEWldQtmpuIEZIOc+EYZGIS5a2RjWXIcKdD/DDtyt?= =?us-ascii?q?HOuQ6q9QYVcegcUdAH0+4WMHf+LmRGAC19QbYpHpuV4cRK4xC6f24MU8i9Dn?= =?us-ascii?q?4ZG8DeutzijvvdEFA7Li9izDPLoSKj6bb8HRTd9AwZSSlzzbAr9nWAuxDl55?= =?us-ascii?q?+kr+qwxnbnpi7uBtVt6ZvcI+l4dY6xY/suW3DRY8GTFcBcsoi5zXMISSeUmR?= =?us-ascii?q?EXeZf30lEd1o9Img/slymO0GTQMk/boW8TA7uI8y7CvZMlyvaJHA7SQvAx9L?= =?us-ascii?q?6wOHHimjQdlcA536RR022DsZ1LSRvGgSTm/tDNEwpnj0yuvBMZ4KUuZlFkIM?= =?us-ascii?q?IjgYVq3MQiFYJuYeI9NTO/7JpiHPhlDcna6voTeVSGb2rBtm0qxNC3RHw8Eh?= =?us-ascii?q?qPX0BH46WuonVrtWE8y1FdyN0Un38G+p54Q55Y5/7cOqAtkL1VVMcZYa90Ge?= =?us-ascii?q?9ES8qqDW7GRw7KLQupUB7aPbBCP2iIp4/84b0z6u3vcJsUzIEqkJCES19cvX?= =?us-ascii?q?5aQTOZNSRP5uw9zvngehTPYd3d8LAr23EigMyNeFPCC1zwdGwT?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AtVACYX4ph/5RdJa1aGgEBAQEBKwE?= =?us-ascii?q?BAQEDAQEBAQEFAQEBAQICAQEBAYF7AoEfMVEHd1o3MYRHg0UCA4U5hQ9dmCC?= =?us-ascii?q?FCoEugSUDVAsBAQENAQESAiMKBAEBhQIZOgmBfAIlNAkOAQIEAQEBEgEBBQE?= =?us-ascii?q?BAQIBBgSBEROFaAEMhlsRHQEBOBEBDD4CBDAPGAQ1gk8BgX5XAy8BDp8gAYE?= =?us-ascii?q?6AoofeoExgQGCCAEBBgQEgUpBRoI5GII1AwaBOgGDCoQYAQGCfIQvHIINgRU?= =?us-ascii?q?nHIQOgXoCA4IKgms3gi6PWDpTghOWBokUoAcKgziKTpQwBSILpyiFV4RUi2U?= =?us-ascii?q?fjFWZDwIEAgQFAg4BAQaBYTuBWXAVZQGCPlEZD5IShRSFSnQ4AgYLAQEDCZB?= =?us-ascii?q?1AQE?=
X-IronPort-AV: E=Sophos;i="5.87,220,1631577600";  d="scan'208,217";a="943673702"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Nov 2021 11:48:42 +0000
Received: from mail.cisco.com (xbe-aln-005.cisco.com [173.36.7.20]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 1A9BmgxK018675 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <saag@ietf.org>; Tue, 9 Nov 2021 11:48:42 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xbe-aln-005.cisco.com (173.36.7.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:48:42 -0600
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Tue, 9 Nov 2021 05:48:41 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Tue, 9 Nov 2021 06:48:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DqTd7GZH+pAi8OnNZbFiUEEhYocCv8WOOntFhyfgFbmmjOOOWLQMa6lUNZHdAo9+KzNn3Cf2MEaiyf5VSGvxUHy449v3zt3q3yOb3iBRn4/UBVLnt0hNY69oNTaMd7+THl7dgsAS+LmuRwL1ssEkA2KcPyrTtmAyPDbUrp20bSJpY7322jISYx01hfSlFvLYRh0z/RcGAoTjzsbYBQHyRAkJGQtheYfDr7skkx7AGzP9dblsYUvWgBy6sCNRBZZbdJClfIceSpyhY5BCQhyPNgwGjpMYrGqfsW+qckNg1GEWDlAE/z57qowjOrpxnwEYqs1v9PQKWgVduZaibrrJ8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hVWZdXOdRsFGlw00WhmXusT78aAbErWGXJtEFykomXg=; b=G+tWcKR5JGg5aJVPWD6Ey5VwZd7MGsgaMGIyPmWEtiToBmRQ6q0Q/bzu/2UFXMyno2u3Up4bQwrLrlbXPxIj8gUj0irz43XKaNzjMBE2yfIruMIct9YuSm8eue3t0Fx0vPJKX2Pin+SSdJGan6I4tXOqENP3aJ2krvo8J3BHvdE+qAemAYUljIEdFGqNEUQTFdV3eBxC4SRuVx5Igni+T19ugbuEYJJqSy67rCCcoIgt+AtYF5F+hnscvqnoewKtvxB9p6SzmffM2ZzQJJuApWmPL/70tyM+em61cS+GTn0628FGkxWZcbj/5DcneTIaaEUeBU59cgWV51z/oGJOlw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com;  s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hVWZdXOdRsFGlw00WhmXusT78aAbErWGXJtEFykomXg=; b=tTVrGzYcUgiXIpSTNQhT3HtcNnd3Xs0X89oS0lzQdXxknL4KM1mKk+9/DTgUxx92pwR6GPiDYCgWG+6pghtwYgFkEWGiabr5IlYwr3KUaRkPhLCw4N/XV5a1vE+8n1vDcM6EHA3N8qdBhIXwPLiXC0IXWKZSFjokkNNjunc4SIM=
Received: from BYAPR11MB2919.namprd11.prod.outlook.com (2603:10b6:a03:8d::21) by BYAPR11MB3622.namprd11.prod.outlook.com (2603:10b6:a03:fe::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15; Tue, 9 Nov 2021 11:48:40 +0000
Received: from BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f]) by BYAPR11MB2919.namprd11.prod.outlook.com ([fe80::3044:28c7:86ef:464f%7]) with mapi id 15.20.4669.016; Tue, 9 Nov 2021 11:48:39 +0000
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: RATS report
Thread-Index: AQHX1V+81RyoB3Zd9k6Lmbj9WEtapw==
Date: Tue, 9 Nov 2021 11:48:39 +0000
Message-ID: <EFCB38DD-074F-43FE-82AE-95BA942D4759@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e00f7356-2dca-41aa-4bba-08d9a376df69
x-ms-traffictypediagnostic: BYAPR11MB3622:
x-microsoft-antispam-prvs: <BYAPR11MB3622BECDA4F2DDB11F3F8C04D6929@BYAPR11MB3622.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: k4K7vlXwmsjUT6qHV+PKrUBm6MXlx82KWTtGH5lTwEwRNqj8S+BsrXGMpwp3F0uzMfo27IYy18q28xJpWzSTX/8evmn0jfM3w58JUFYpXijZ7N1peSY4Xm8MLNxugbZy3vbHztkQnf6nR6c6uWqCDX6d5amozyEqrNNb/PHUb5DOvhgf0/9O4soKCSM+EzPkqyglIF9WjNpQNWCMKv5uaKEulQXlBTtVM1/KWKEH7oLgGxjFRF8JbrvmgvNz1A430N8EqQgHrIcRKH8oZz9+dmvy0LDyA+P95+SF8w9/zNIQP94egpgMdorIgYeXHRAT1Xj5daONjVGsMiHY0HaK9KS+SQ9HkJ1B2COPD5B8eZmhdzT5ogH6mGCeVW3e7ARUmxEuAOe5a5yPdwtv35Q4SqkERMGS0sDNC0qO2QTpD9XuRoZXqIYt6TcHO3iXf7sBUpUS4m3z1Y4s5NM42e2P4qHGezBkbzcY7q7gw5aS/1YUtNRUMmAip3ynHO/uaQVUYLRz0SjQmjs0sLwneHE69DQm7gxbygm7tmb/hLzNnUnUSEZUazFQcn5Wa/3tY5IVgy2Z7FAgI9Cg9MHPeHEdSIdQjvduti5lV/KHGSRrVYiVpL0adzihYbWv4EbiqC0E4NdkAVCobT7QKDo33UEiwNXTMi3n5+kIoe9ROYPtVgnJ+4p9hGXdlSxx25WzlZJRf3fj3Va9E9yIXcFjAHf69SGqo5/jsXe6XFjWXgGKEeQqHAJvgeix+RJdyRW4l5op1iDr+MUDqefwFtA9T356keGP3Hi97M4XiR5Yobi4ggYwfPQAdZc3QV5MoGX6iI8DXK9nW+pD3mjjyuPlwUwwuHBwNbQ1XiBS7AIwhbRIL0o=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BYAPR11MB2919.namprd11.prod.outlook.com; PTR:; CAT:NONE;  SFS:(366004)(38100700002)(122000001)(38070700005)(66556008)(3480700007)(86362001)(6506007)(66476007)(66946007)(64756008)(186003)(66446008)(71200400001)(76116006)(26005)(2906002)(6916009)(316002)(508600001)(33656002)(8936002)(2616005)(4744005)(6512007)(8676002)(6486002)(166002)(36756003)(5660300002)(7116003)(45980500001); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?SXB1ZVBvb1JXcUhlaGJIUGFjQ1I2L2syWjJXS3VPMkZyVk1Qd0lKam9WM2hV?= =?utf-8?B?K09SZ0FiNmRqaFc0cmJZU0trcjZuamRJZG1BRHAxWEF6ajhaQjdVWVZCVmMy?= =?utf-8?B?ZzhxemYrTkppelMyWVp6R2JuOHNXZ214T1NRdlM3d1hCSzFlL01TMkJ2TExk?= =?utf-8?B?N0dWWmhIZ3RkeWE4ZWJKNk1IaWdJRnhQTVZXRzBJSC8vMHpiMTlVQlZQNjN0?= =?utf-8?B?VzYxN1hHWHc1UnB2eXRBVnhKMHVNcDhvWXBCZFhtbjhtV2tTeStQZ3FMZ1lZ?= =?utf-8?B?cjB2NHNRc1g3UU0wblBSOW5vMmM2UmZNWDJNSGFPQzYveXpsdkpscVV2Yjdp?= =?utf-8?B?MkpES2dFWUllNEVRNEpTK1FzNm9Ua0ZZSVI5QkNReEpMYlZvS2xEcGZwaGU1?= =?utf-8?B?ZjcwbmVLVU1MK282QWhGR1ExV0dqNnhMbEE3Ulo5b2Ntcnl6aStGVDd2RVVZ?= =?utf-8?B?SE12RVY4U2gyN3VJc25IbzZka0h6S0lkRW56TXRmQVRGZ25uS29IVHIwVkk3?= =?utf-8?B?MmJKZE1JNVhuNm5DZ3ZVajNtRGdtbFFIeUpBYzFtUG5PVmNBaDJ5WWN5M3cx?= =?utf-8?B?TzYzblVud2V5dDVodVZxZjYrdysrcWFTcUxSVzQzTkVTYVk2UjRvRFNobjd6?= =?utf-8?B?NnViWHVTWkI2MHVFdS9xNVRjZ1owaEUxWkFsVFAvOWZFb0NWSUgvNzBkMVlv?= =?utf-8?B?UE14Y2lrUEpqdEY4RnR2bVhkWnZSeDJ1ZWN6WEMvU2NmcTlMNitXQkZxdlRQ?= =?utf-8?B?dEtSbjc1Z0drZTZTbGZKOHVyNXQrbzQ5dzZKY01XWVRlZ091SEk4MGFiWmxJ?= =?utf-8?B?ZXM1dG4rc2x4S0tReXVMTDVJTGg0TXBuLytqOWp4Y3g5WnlXTkRPTWU4RU9p?= =?utf-8?B?VWxYL1NBY0ZBWEc2VVZuSUs3T2pWL00wL3k5NEorQkxuclBlMHh6cXhGelBT?= =?utf-8?B?a2F0Q0pmOUNyUC8xWTAwUTZqelB1Q0F1V24xZHRMQ2dpcWZqZlZ3ZnZ3b0dJ?= =?utf-8?B?UFU1VWE3d0Zoa1VnVVdydzMzbCtoSklJMENYTS9JUGp1emcvKzd6dTdJVVhy?= =?utf-8?B?ZmJYSWJ6OEN0TGdDWWN5UVFsdG1GT2NlRDRnRW1YQjBwWFo3c1RpNG1tQWJU?= =?utf-8?B?MHVCK1gyL1gzcTFXM1puRng3SE5QaHBZMldIbmZyK2tlaHRRZllhc1oweG1r?= =?utf-8?B?NVdmdk9iYUMrVm9jN3lRTTFRYTBvSU41dGJRU1FLK2NMZEdBSWpyN0Q3ZUtX?= =?utf-8?B?NUF6c2dQUExNT1dja2tjcVpTUGtyWEZ3UXNGWC9PUjByQ0JPaXlycVhGSk1C?= =?utf-8?B?YVo1b0cvaEh6REpWbmJnV1d5SVpLZ1lmOWlDTmk4cDFCdnd4amZzdjB5dUxB?= =?utf-8?B?Rlh1TnRUbTBMbGpsTitYajNwNHVyU0E2bWtvcGM0K0xIL3pyMURQNnZxZzJx?= =?utf-8?B?SkNZZ2w0UjVHU3VZVStiTUNib1dIeXU3OGlPOW9sWDVsRVhHMTZqbWQwd2xL?= =?utf-8?B?MHByVWZGVmhGbTRlWTk3dlJyaUd0bEJiU0lKL3d0YWJsTEdVUFAzVUl6U3Q5?= =?utf-8?B?WlV2cFhZV2V6RGt1WldEV1Nxa2YrUlRtUmYrMTFwSjh5enV3WXVWZU5XSG1N?= =?utf-8?B?WlN2c2U5cGVyM0d0VGhDMUhzUjlDa2dtMERtNnA3VkxSYnJuK01kZk9CYW4y?= =?utf-8?B?S2d6RjBJNjdybFFGdnJxS3NsYmQvUXB3ZUxZWkpJSkgyanhhN3VybkMrVHUw?= =?utf-8?B?WWJFQk5OTktzT29scThxbytpTHJiK2hLMndjMU5hZk9NWXBtWkNsYkY2V3d5?= =?utf-8?B?bzRMWjQ3VFRiVE1DY0RESENPN0o2MEJzcjdPdmJRay9Ba0hCK1VrU0xuaDVi?= =?utf-8?B?K0J1RXJlWnNpcFhCcnhwUndXdithTFkybTkwOFZXL0YrZ2l3cklOekkva3BG?= =?utf-8?B?Tk5IR1ppODdDRXQzMmhhRG4rNSt5S3V2YTFsQzlrem80K0dwZ0w4OHAzdTA3?= =?utf-8?B?ekVZRng2SDBNMXc1ZUxrYWdsajlaUGZpM2dvM21YQW5QTlpDNTc5eTJCZ3RM?= =?utf-8?B?aXVRL1RPNG9WOFh0aXhlY1ZqQ1lQdjY5QUdzUDZieWNiTWVRNzJiOW5TbXda?= =?utf-8?B?TzBWOEhob0haWUNXdEdCbzgrSVNQUkM2eDl6L3FFanA5RlFDTlA5bUNiTEdY?= =?utf-8?Q?mQvhhI/R42SSY03H8NAwWBDWgfcJcxhiXosmhNPcRDHX?=
Content-Type: multipart/alternative; boundary="_000_EFCB38DD074F43FE82AE95BA942D4759ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2919.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e00f7356-2dca-41aa-4bba-08d9a376df69
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2021 11:48:39.6255 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CjWKbLLuzrexQ1bUgK27YYKKYer819Gqn+N6sOkXZLnj98gyqJ+5L5BbdJWmakZYAZncaCDUF71wN8bFQAY3hg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3622
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xbe-aln-005.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/3Gn_AsYvMc7D7zHmDRfYkpjaJVA>
Subject: [saag] RATS report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 11:48:48 -0000

--_000_EFCB38DD074F43FE82AE95BA942D4759ciscocom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

UkFUUyBtZXQgeWVzdGVyZGF5IE5vdiA4IGR1cmluZyBTZXNzaW9uIEkgYW5kIHdpbGwgbWVldCBh
Z2FpbiBvbiBGcmlkYXkgTm92IDEyIGR1cmluZyBTZXNzaW9uIElJDQoNClRoZSBOZXR3b3JrIERl
dmljZSBBdHRlc3RhdGlvbiAoaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQt
aWV0Zi1yYXRzLXRwbS1iYXNlZC1uZXR3b3JrLWRldmljZS1hdHRlc3QvKSBhbmQgQ2hhbGxlbmdl
LVJlc3BvbnNlIHVzaW5nIFRQTXMgKGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry
YWZ0LWlldGYtcmF0cy15YW5nLXRwbS1jaGFycmEvKSBoYXZlIGJlZW4gc3VibWl0dGVkIHRvIElF
U0cgZm9yIHB1YmxpY2F0aW9uIGFuZCBpcyB1bmRlcmdvaW5nIEFEIHJldmlldyBhbmQgZmVlZGJh
Y2suDQoNClRoZXJlIGFyZSBzZXZlcmFsIG1vcmUgYWRvcHRlZCBkcmFmdHMgYmVpbmcgd29ya2Vk
IG9uIGFzIHdlbGwgYXMgb25lcyB0byBiZSBhZG9wdGVkLiAgRGlzY3Vzc2lvbnMgd2lsbCBjb250
aW51ZSB0aGlzIEZyaWRheS4NCg0KQmVzdCwgIE5hbmN5DQo=

--_000_EFCB38DD074F43FE82AE95BA942D4759ciscocom_
Content-Type: text/html; charset="utf-8"
Content-ID: <01ABD966D819B94285C87B6C35673006@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz
cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z
b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g
MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp
b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs
YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i
V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0Ij5SQVRTIG1ldCB5ZXN0ZXJkYXkgTm92IDggZHVyaW5nIFNlc3Npb24gSSBhbmQg
d2lsbCBtZWV0IGFnYWluIG9uIEZyaWRheSBOb3YgMTIgZHVyaW5nIFNlc3Npb24gSUk8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlRoZSBOZXR3b3JrIERldmljZSBB
dHRlc3RhdGlvbiAoPGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJh
ZnQtaWV0Zi1yYXRzLXRwbS1iYXNlZC1uZXR3b3JrLWRldmljZS1hdHRlc3QvIj5odHRwczovL2Rh
dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXJhdHMtdHBtLWJhc2VkLW5ldHdvcmst
ZGV2aWNlLWF0dGVzdC88L2E+KQ0KIGFuZCBDaGFsbGVuZ2UtUmVzcG9uc2UgdXNpbmcgVFBNcyAo
PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1yYXRz
LXlhbmctdHBtLWNoYXJyYS8iPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0
LWlldGYtcmF0cy15YW5nLXRwbS1jaGFycmEvPC9hPikgaGF2ZSBiZWVuIHN1Ym1pdHRlZCB0byBJ
RVNHIGZvciBwdWJsaWNhdGlvbiBhbmQgaXMgdW5kZXJnb2luZyBBRCByZXZpZXcgYW5kDQogZmVl
ZGJhY2suPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5UaGVyZSBh
cmUgc2V2ZXJhbCBtb3JlIGFkb3B0ZWQgZHJhZnRzIGJlaW5nIHdvcmtlZCBvbiBhcyB3ZWxsIGFz
IG9uZXMgdG8gYmUgYWRvcHRlZC4mbmJzcDsgRGlzY3Vzc2lvbnMgd2lsbCBjb250aW51ZSB0aGlz
IEZyaWRheS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkJlc3Qs
Jm5ic3A7IE5hbmN5PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0
bWw+DQo=

--_000_EFCB38DD074F43FE82AE95BA942D4759ciscocom_--


From nobody Tue Nov  9 04:48:04 2021
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 122CC3A08B0 for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 04:48:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level: 
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B4_TJhvWzujX for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 04:47:57 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A596E3A08AE for <saag@ietf.org>; Tue,  9 Nov 2021 04:47:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 11617300BF4 for <saag@ietf.org>; Tue,  9 Nov 2021 07:47:59 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GtaNxeuSRy2s for <saag@ietf.org>; Tue,  9 Nov 2021 07:47:57 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id A54E83005D8 for <saag@ietf.org>; Tue,  9 Nov 2021 07:47:57 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Message-Id: <3778DDDF-04BB-4E68-A29B-622912692F44@vigilsec.com>
Date: Tue, 9 Nov 2021 07:47:54 -0500
To: IETF SAAG <saag@ietf.org>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/s6dyxxpjYpWzvv8sDyAyJbeyEUY>
Subject: [saag] SUIT Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 12:48:02 -0000

Re-charter is in progress.  See =
https://datatracker.ietf.org/doc/charter-ietf-suit/

The SUIT Manifest specification was broken into several documents.  The =
first document (draft-ietf-suit-manifest) contains the core features =
that need to be supported by all implementations.  There are several =
optional extensions that include features that are needed by some =
implementations (draft-ietf-suit-firmware-encryption, =
draft-moran-suit-trust-domains, draft-moran-suit-update-management).  In =
the next few months, we expect all of these to reach WG Last Call.

The SUIT Secure Reporting of Update Status specification =
(draft-ietf-suit-report) is getting attention as the SUIT Manifest =
specification is becoming stable.

Once the re-charter is finished, an addition optional SUIT Manifest =
extensions will be adopted to distribute a MUD file along with the =
manifest.



From nobody Tue Nov  9 05:26:46 2021
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D766A3A0C9D for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 05:26:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level: 
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GAHIg8FZlRwb for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 05:26:41 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE3423A0C93 for <saag@ietf.org>; Tue,  9 Nov 2021 05:26:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9BF51300BF4 for <saag@ietf.org>; Tue,  9 Nov 2021 08:26:42 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oGoC92viWvA8 for <saag@ietf.org>; Tue,  9 Nov 2021 08:26:41 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 61A61300B25 for <saag@ietf.org>; Tue,  9 Nov 2021 08:26:41 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Message-Id: <18C0BD72-8034-474D-9A55-3D5578E84E8D@vigilsec.com>
Date: Tue, 9 Nov 2021 08:26:38 -0500
To: IETF SAAG <saag@ietf.org>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dvaepQD5VYjJbz86SNhHrxulrYA>
Subject: [saag] LAMPS Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 13:26:44 -0000

Three documents are with the RFC Editor or the IESG:
  a)  draft-ietf-lamps-rfc7299-update
  b)  draft-ietf-lamps-cmp-algorithms
  c)  draft-ietf-lamps-samples

The CMP-related documents need one more revision, and then they will be =
ready for WG Last Call:
  a)  draft-ietf-lamps-cmp-updates
  b)  draft-ietf-lamps-lightweight-cmp-profile

The S/MIME-related documents are moving slowly, but during IETF 112, a =
way forward was selected:
  a)  draft-ietf-lamps-header-protection
  b)  draft-dkg-lamps-e2e-mail-guidance

The assignment for a document-signing extended key usage object =
identifier is under consideration.  It has strong support and strong =
opposition too.  A call for adoption will determine whether there is =
consensus to move forward:
  a)  draft-ito-documentsigning-eku

Clarification is needed to RFC 7030 and the handling of attributes in =
the certificate signing request (CSR).  During IETF 112, a way forward =
was selected:
  a)  draft-richardson-lamps-rfc7030-csrattrs (Michael)

Documents for using PQC in certificates and CMS are getting started.  =
The first one failed to meet the cut-off deadline; it is related to NIST =
PQC KEM public keys in certificates.  Others are looking at the =
combination of traditional algorithms with PQC algorithms:
  a)  draft-ounsworth-pq-composite-encryption
  b)  draft-ounsworth-pq-composite-keys
  c)  draft-ounsworth-pq-composite-sigs
  d)  draft-ounsworth-pq-explicit-composite-keys


From nobody Tue Nov  9 06:13:09 2021
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E66003A0D36 for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 06:13:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level: 
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNA0sG1A9uLK for <saag@ietfa.amsl.com>; Tue,  9 Nov 2021 06:13:06 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2060.outbound.protection.outlook.com [40.107.21.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D4FE3A0D30 for <saag@ietf.org>; Tue,  9 Nov 2021 06:13:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UTjkcnNl94UyPsJ8IQ83/egPT4Oq6sopjwQbpZbQS5/XHyUqDYfOEmcvX4LGy59FA+7I1FeuN/QVRC5JYyzhDf587g2ie9ERtpUizyJ8oQwahVpukb4ShV0hWaMvWzKcrkpL6OTbMtUVKfLziw++pr7o51NNOeLfYlW5ccTg7uqvVz1yEYc8f+JWYPbwRgsvn/Vgz6+WCsoxgpsHh7jV8HYJYg8iGPAzYG4qo1DY6U+ZRcXtDVKGgyNxoodU9FInssniuvzVOPzsOntTSOS4CPuAKsoFK07Nnr94gOoXNSPDmbcQuB2rA8RnnWD8Th/VmbrWr3kyp2uIqyP26+FFFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WxA2PxTFxZRnTNL4KwvQQkCqy51LEK+hDdzwPD2+qqY=; b=Na9en8hh2S+2R4S12Hbg9GeVNTQb2dyzXHIMpruEANvYewSxB4SwlIaUdqeBHC/cAcWWD6nFPv66RLi5vE1EDjwto2M9rkQbdLbYRc/roNgjUAl7j1Q7VDEULzrATNltC9Ngat/0ND0EK/Yy9cIjG5FtAsejBIGBTGZxggFIKKQwShGzTiZSeLUVXqR35rQ5rAe+qR0sMmcw+/jSIugET0Y8p98Vx8OfBeJa4bZgOazszNfL33sqygxjS9yVtgzqb4JWsFF1/uY9rrt1qbG2RbVKH64HTEp72RAS/fpjndjYcFUTspz4s3s6StyjYrYxXX4H78xLag9Q6J9ecQZCUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WxA2PxTFxZRnTNL4KwvQQkCqy51LEK+hDdzwPD2+qqY=; b=Cs8kAZN0WHiVajXa75LLaPCPotfLygeKSzo/YpVJgmLpWrkSrhZBY2zZG+44qDkRo+01dIXYKY0GQlNylX9FJgz2tz6a6SpfWQaQxoD12F5iDPGNsUwZIGtvuBjdYjUKlWxcmpe8+Vscyw6VJh/CPENzXJZK61qLgJPc/dGZeuE=
Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com (2603:10a6:3:75::7) by HE1PR07MB3305.eurprd07.prod.outlook.com (2603:10a6:7:2b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.8; Tue, 9 Nov 2021 14:13:03 +0000
Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::1c07:e237:53ed:b46f]) by HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::1c07:e237:53ed:b46f%7]) with mapi id 15.20.4690.015; Tue, 9 Nov 2021 14:13:02 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: Secdispatch report @ IETF 112
Thread-Index: AQHX1XPoOPIsBe6jn0yBiaLqbITexw==
Date: Tue, 9 Nov 2021 14:13:02 +0000
Message-ID: <8daa46bf-98f0-5888-3153-08f2f7ab758e@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6ed66c5d-af1d-4749-49fb-08d9a38b0aff
x-ms-traffictypediagnostic: HE1PR07MB3305:
x-microsoft-antispam-prvs: <HE1PR07MB3305437D13023BDFDF3C9C30D0929@HE1PR07MB3305.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: K+h4WXBpDj2S5tOQp14yqzR9akDFbQ7a5AG1rh/HId5/HuqXzywgY1COio5Ds3QIriO3aduu5gGfmKoL/2Scbp0zs3fh6Y9M1ZjgPOmG6SSJXeYKM08AJwCrD1nKEydrbIeIo6N4a+r5pr/FcLEpYAUTjbRJjUHsOXLorUOTEOuiZUN8qdDSNqgMVNZnNJ+pVoXPW50ceCa0msgJIpvbys+qW98WUiCk4rhZh6HbcL8HohzhwUrC1kh2Lzx6A0qrUqBfEVnbuwigPHdlB3iwAovRuX7QiG0VMR3Rno/Hun5AunHH89q3bw5bsDGWXivWoIpDI1kNGLyK1rYS0q806Lq8yNztSa0vAhD+5OFWqEgcq8tIGUHz1rK3wyGsAg0d/F+x2ypmLPOIvPZkhEDeAUthII5J9TRGYDoE8UNcqnRxWMm3j/yD5jaViPX9iUp0b7IX9SwgtMwopIoIRCPK++RpsRfPUR7NI0sGGNw6UPt+DXvRQKJrw5JR5QG7ybw25Et/O5VfTzJkya0S44gglf1VvPAg7Mz+zolW9th2Nz7VM5C0eChH5PnQzx3abPysSQYFEbI4NIJeHcMJsb5lGPEY8SeL6AtinbVBI1q+7s5wUbCP5C8iEqIoia4JwaT/viiKv7PJ1A8ai/r8BV4u7fYgsT7h6jB2TZDXQZhssL1hVlitwsS5Zubj5nuT4PhxOfb2Zc2W33Zp9fjZcFxSBPLiwV1a8hEi0ZBo39z4lo0idj7o75wyh2BWQcAQEJH5KWt+9KqxEAfIjHQ0/vR+JuwZGnbKlW0fQ3XrzKpt523FpQtn/g7wK4GnINKF97baydtUKuT/ImmCgBKY6jTSKMkHSKssdkyo4aDeIumclA4ZIJoiDKcwcON/auzFQPfL6gnfHRcSeXeA73hAtPtfPA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:HE1PR0701MB2474.eurprd07.prod.outlook.com; PTR:; CAT:NONE;  SFS:(4636009)(366004)(38100700002)(508600001)(5660300002)(83380400001)(6506007)(64756008)(71200400001)(82960400001)(2906002)(122000001)(6916009)(316002)(66556008)(36756003)(76116006)(38070700005)(66476007)(4744005)(31686004)(66946007)(86362001)(6486002)(2616005)(8936002)(186003)(6512007)(31696002)(8676002)(66446008)(45980500001)(43740500002); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?cXlYVFJZaklVTHRoS0NjZUxiUDlNWUJuUzFOcWVEWTI3QnR5Q2hYWU9HWGtK?= =?utf-8?B?MGtZUUM4MjQveUVSNXo1K2czOEtyRmk4QUczaCttRDJrNWRPb0orS3d1VHhO?= =?utf-8?B?UWtOOWNQNHJPTGZpa2plWWNCMFNrK2doOUliVWMwVzdNVkg1c1ZUVWVjTllS?= =?utf-8?B?d0VXcEprK0JUQVNpNlhuR0F5NUxUUnM0NnlxT2NSeS80UFA4YnZjQVFLTThh?= =?utf-8?B?YnpJS05ka0FnOCtUM3RabmFEZ09kSFNTSFN5eGtsRWtxRElqbnBhTTV5Qy8z?= =?utf-8?B?YnZpRmdXRTgxcHZHM1liQjUzblZDWWpjVXZERUVLVFFxVnYwekpXSnpVak9i?= =?utf-8?B?NHJ0SFNyb3N6eE82NzFRRVBsanVQU0VhS2JXbEw1UUx4NWtkemVYNmJvZG01?= =?utf-8?B?cmdoWC9QREdISitZQjFtSVhHd2RRSkJGRUt0M1FlTFNJb0RpSXRZcHIza2Q2?= =?utf-8?B?VkJJZTBXS3JrUC8rZW5PdCtWSHpiODlvQnNiS1U5L3BHSnlCK3JJTEdkdXlW?= =?utf-8?B?R1VRTXNtbWFYUUJ3aURpWXErUDVuR3dnQ01MT2ViNlpXTUd5eExVME5RRXd4?= =?utf-8?B?VVBaeUVxeXJaZnBUaThqOXhaYm5GNXJFOTVqc2l0WEI1Sm55eGFab1JCYlIr?= =?utf-8?B?czR3RCt1M2JFK1k4UkVhY2FCbjVpZXNuR3RCckVrdWdSOWFFZkx0YW1haEly?= =?utf-8?B?czZGRkhCRmdhKzFiRkZKSmprSE9veExMRkY4RVpZK3hVdmo2TVY0TGRZa1Jz?= =?utf-8?B?TEI2bmkzTWYvazNDcjlzMlpqS1NWeFRiZ2ZIcGFGNzFkejVLK2NQRzFIQXpE?= =?utf-8?B?U1F2Zk1IbTdoSnJTdSt0dEZnMHRYdm1kWUNoWFlJVFhXeU5xdzRNdER1OTlP?= =?utf-8?B?V1lZSmcwelpQSkxyM3FZRmhJT1NwQUdLQ0huZFdYWlU2YVN3M3FVdXhNWkJ5?= =?utf-8?B?cmUxYSt1OS9hVmZFbW95ZmltV01ZTDBQdXRIOGNrSzYvYlFDZnJHZzZ1Tkkv?= =?utf-8?B?ckViUEppQ1VjNjBuUmRYL0htNUFsLy8vTGZtT0ZUa3RRdlNNSndYVHR5YSt1?= =?utf-8?B?ZnBsOU1vaGJTcHB5MFJtd0NFUEFSM1VsdFpLbjRtVVUreFFsbVB3c09RQVNn?= =?utf-8?B?M0tqTEZVL01WaXVLeHFGUE42OXhCeTIyUzZLTlVaVjBRSDI3TzhDZCs5QWtC?= =?utf-8?B?cFd2Q2tVUzJvbmlodnc5enlqcVBxSTRocGtvNUFIOW9yUkJkd1J3NEZBZ2lj?= =?utf-8?B?MGt1T2hudjdkdTY4Q1o2eFhRMERUdU9nazBucHFRaGNkRjdpejVGejZEOXJP?= =?utf-8?B?aE1WMWd5MjR3b25uK1MxR3c4M21hbHFiNTZKMVB5NmRLdzRZNzBPc0hTYm1E?= =?utf-8?B?OXdNb3dHdFRqRk1BYVdMTUwzakMzMG9HYkZPRi9rbC9oUnRYYytHZjR1QXZ1?= =?utf-8?B?TXlCYlUrTlR0NkxaS1B0dTlBdUpoVU5CK1d3ZGxHTzJoUlQzSnh6QytpYXRI?= =?utf-8?B?Snp3L013aXNhRUo1R3hNU3R1SWY4M2p4L1ZhTUNEa1IzVlg2VGI2d1A5RFNO?= =?utf-8?B?bXNobG1EcWh2VThYMjNsT25HQWtFNmdRc2xmVzJIYXE0eUtSVFNRdUdQRk1o?= =?utf-8?B?RXN2OFJkZ0thYkJKNjNIRDdObWljQlo2OGJid2ZtaFFqc29rT0hlUmJoRTZl?= =?utf-8?B?eithVUZBREpKUXJTdW9xL0sveHdhNFNISkVhRlhDOGt1VkRBSHBZUVl2aTVs?= =?utf-8?B?cXVHeVZubk9mdWdhMUF4dHcxZmNYc0ZEWThpNzE2WnF3ZmlZVUVsQ1hhVDRm?= =?utf-8?B?cXlIblFydWlrTTVTWEFyRTZJQ3ZGaU9RMVhrbUxFR0RGMWdaYmI3N09Sd2VD?= =?utf-8?B?UnFnam9WalBZU0xkVUlQY1U2VVAyVW5laktwR1p5Z2Y1dW1QUm5uT1N6NW1n?= =?utf-8?B?Nkc1VVM5MWxieEZqc2VDaGh1ZkFaMlhVMmpVNWNVL1gxS3RISG1OZjJsbzVs?= =?utf-8?B?ZVhUQ3BGN2pEdFpqVW5jbm9iMUJCbHFBcW9SY3NIaHd4VFJ2MlJJMVprbHdX?= =?utf-8?B?b2F4VjM5dWRnWmVjNEhGZUVPUDZFNWZIaU84RE9wTnFReFNCSzdTTEhCdU5X?= =?utf-8?B?YStvUHZRWXdrT1BQM0p3aGh2WlE4dVR6dmhHOFJMVTBnZ0YrMTh0dFN4VnFm?= =?utf-8?B?MjIzK0lvbEo3VmxLYjBaT1ZPZm1YQVM1V1RFVU9NcnRrMzF3eFcwRk9JSmgy?= =?utf-8?B?SVJCSXorVnFrUkJpUGhrYW04eVBuOWJYcVhGZnUrS1VDY1VtVDRUNW9hN3Fm?= =?utf-8?B?OGVBRnZ4OG5WSFJjNEVLNWxuT2dSTVFPT2xlWWJHWkdHOC8rcFcyQT09?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D195C8AF1F638479DF40088A967A9EF@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2474.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ed66c5d-af1d-4749-49fb-08d9a38b0aff
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2021 14:13:02.8510 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sGaROqnZMfi6akx4K7NdasX3Qg7UN5+blyRlPhoLjnF3If6FRuSq10Y6d//EgKE/vfVd0vlFfVSSp+AwX1Ief0jNr7NO9zGVnDQEG6W79X0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3305
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/W8UZxFOYw3Gmo6jral7igta_Yts>
Subject: [saag] Secdispatch report @ IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 14:13:08 -0000

U2VjZGlzcGF0Y2ggV0cgbWV0IG9uIFR1ZXNkYXksIE5vdmVtYmVyIDksIDEyOjAwLTE0OjAwIFVU
Qy4gVGhlIGZpcnN0IA0KaG91ciB3YXMgYSBhIGEgam9pbnQgc2Vzc2lvbiB3aXRoIFNBQUcuDQoN
ClRoZSBmb2xsb3dpbmcgZHJhZnRzIHdlcmUgZGlzY3Vzc2VkIGFuZCBkaXNwYXRjaGVkOg0KDQox
LiBQcml2YXRlIEFjY2VzcyBUb2tlbnMgDQooaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k
b2MvaHRtbC9kcmFmdC1wcml2YXRlLWFjY2Vzcy10b2tlbnMtMDEpIA0KLT4gRGlzcGF0Y2hlZCB0
byBwcml2YWN5cGFzcy4gUHJpdmFjeXBhc3Mgd2lsbCBkaXNjdXNzIGFuZCBkZWNpZGUgDQp3aGV0
aGVyIHRvIGFkb3B0L21lcmdlIHRoZSBkcmFmdCB3aXRoIGV4aXN0aW5nIHdvcmsvc2VuZCBpdCBi
YWNrIHRvIA0KU2VjZGlzcGF0Y2ggZXRjLg0KDQoyLiBTZWN1cml0eSBhbmQgUHJpdmFjeSBDb25z
aWRlcmF0aW9ucyBmb3IgTXVsdGljYXN0IFRyYW5zcG9ydHMgDQooaHR0cHM6Ly9kYXRhdHJhY2tl
ci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1rcm9zZS1tdWx0aWNhc3Qtc2VjdXJpdHktMDEpIA0K
LT4gRGlzY3Vzc2lvbiB0byBjb250aW51ZSBvbiBtc2VjIChvciBzb21lIG90aGVyKSBtYWlsaW5n
IGxpc3QuDQoNCkthdGhsZWVuLCBSaWNoYXJkLCBhbmQgTW9oaXQNCg0K


From nobody Wed Nov 10 07:15:38 2021
Return-Path: <caw@heapingbits.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 656BD3A10F1; Wed, 10 Nov 2021 07:15:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level: 
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=XXPd9AGw; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SuIHx+Lq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4wrCU_3CTjJ; Wed, 10 Nov 2021 07:15:31 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25C183A10EB; Wed, 10 Nov 2021 07:15:31 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 85A115C01E4; Wed, 10 Nov 2021 10:15:30 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute1.internal (MEProxy); Wed, 10 Nov 2021 10:15:30 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:date:from:to:cc:subject:content-type; s=fm2; bh=UMX5jlAJShaCBzqUiat5Mi8Sn2fuN9BL8KnNhABFjDI=; b=XXPd9 AGw3HYYRcivaRxcYidTH7WnFnFvyeYJIP43oi0FNyexnaIjOdgQTMvTeet+yfvi1 ykikYEJBeD1SZS5cU0m14BMUqqrjiOd4DaWqT4qyaEI3HJ7NyJL0KKpAyUfk8Gqc MXKsjiQivjsDnnFIqKGTUG+0G3ueHhtjWg1R+rdggHb2zqnj3kyBMubY8qL2hubZ KaK3Nz5k5N7E9MP4b71Gcx2tUwgpxVhOWWNMfWC/JS6RLShokrnRX/TZzucMCEA+ plDpXWjxJdWdB4M0FyDg5iNO06iW9YFrojflmcG+ifvG3B1Ef9o8TrfAmPQm1N/6 YbKZ/6Qwp5dVxi83Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=UMX5jlAJShaCBzqUiat5Mi8Sn2fuN 9BL8KnNhABFjDI=; b=SuIHx+LqUm0mCECuD80Vhhn/t96Nh5XmPNT99e5XDraAs 8pX8BANPXal+RKbV8Gc9CAx8WTxzI/P298JS6X40pBIsnSkJZFaDBPPhSSf5vVtp ByWvMMFpHrT81OV89IEc/cAohWOj+lZtnkzO7sMZ35PP+V9MHzSBmULu7YtXfbGm OzKURiY/4Zqaa8xgTcaMQ9MwBQQvfxFb0AMRIG5Hc+jKbCTMK+K1iNsfzW+EHj22 0islQarIb9U0HwWKAiqhUpzVM074hEZkySRrOEBXxDLCAq7B0RewUy1XRA/ShQK3 kmk/dcp2WIZFNY1FrW7C1TzCT41S+pkNxwU5LUIKA==
X-ME-Sender: <xms:EuKLYQrX7mlkPMT4B5C2MUb44hqFGRuIfKfGaC59jxNdsoV2-RD8_A> <xme:EuKLYWqnEuFVoMuXw4Y8ozHJ3wPK1agUkyt-yxsxTbhHKW4qvQaTsrAjgmh7fT46D w5KDNH0N-b3G-JgbRA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrudejgdejfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfffhffvufgtsehttdertderredtnecuhfhrohhmpedfvehhrhhishht ohhphhgvrhcuhghoohgufdcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqeenuc ggtffrrghtthgvrhhnpeduhedugeeljeevudevieehhefhteffgfeijeehuefhgffgfffh udfhtdelleeiheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:EuKLYVPcctCbsjhG9NWmmqqKwABDTQX5gXx1AHkymQvIubD4qC5W4A> <xmx:EuKLYX7NQU5KDQ0VoCZqeZDhDAQiNqL5XjPWe9kPX3b6-u5t-pwfkA> <xmx:EuKLYf52D2EBPPpy696ovZ0-CVxQtyzqsFRNZ22qw2qqhYdC352RcA> <xmx:EuKLYYWdeBG7tcBRHHBVqAcKYC4H28A450ocjyrC4t8Qi3tPs9hc3w>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 5144C3C0AEC; Wed, 10 Nov 2021 10:15:30 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1371-g2296cc3491-fm-20211109.003-g2296cc34
Mime-Version: 1.0
Message-Id: <9649611d-d8aa-425a-80ea-4be674b7f0d3@www.fastmail.com>
Date: Wed, 10 Nov 2021 07:15:10 -0800
From: "Christopher Wood" <caw@heapingbits.net>
To: saag@ietf.org
Cc: "TLS Chairs" <tls-chairs@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/4_nnPazSHC4Wcvl8tAzT6RR-a78>
Subject: [saag] TLS report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 15:15:36 -0000

The TLS WG met on Tuesday. We worked through some open issues on the Exported Authenticators, TLS Flags, and DTLS 1.3 documents. We expect to update all of these soon, moving DTLS 1.3 forward in AUTH48, and Exported Authenticators and TLS Flags to the IESG. A status update on ECH and its implementation status was also presented.

Several new work items were presented to the group, including an update to RFC8447, deployment-related drafts for ECH, and extensions built on top of cTLS. We expect to issue an adoption call for RFC8447bis soon. Next steps for the other drafts are still under discussion.

To conclude, Paul Grubbs (University of Michigan) presented research on zero-knowledge proof applications for addressing TLS visibility problems in practice. New research questions and directions were raised during the meeting, which may lead to future work in the TLS WG.

Best,
Chris, for the TLS chairs


From nobody Thu Nov 11 06:44:16 2021
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C2A3A046A for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 06:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QqGOnMgm3Ofn for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 06:44:09 -0800 (PST)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 942263A0407 for <saag@ietf.org>; Thu, 11 Nov 2021 06:44:09 -0800 (PST)
Received: by mail-wr1-x429.google.com with SMTP id t30so10174314wra.10 for <saag@ietf.org>; Thu, 11 Nov 2021 06:44:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:date:from:subject:thread-topic:message-id:to :content-transfer-encoding; bh=eSWYe31g4XsMpsTZoUqzf+7WadNd6SyMPl2xBG+0sys=; b=UDJMZwD4/dALpS76jKQfuxndYUNmw4hq7yle7T5yhKOCBW5mlTlZSPRvLOxJ2QPBfc 3OhKd0B7KkbZRw2iZmKunPLIdEZntNQ2A7ltaWFxFM2CHgQ3fH3cwfwM93ifbbRhpGwW kMMVnY3iXiKcZXAi0i1ilfHTrMsL9aiyuHnNu7EuKqOivKUbMGLgz7vtNYDe/dsv4Lnb XGyF7iDpk+8R5uiDjBSt87yH/ZdTjKui3VrzYZI3SvScVuH3m49FlB1fDMPpHSOBYxUc 74i0VSrZGFDDjhUhy6KnYuz8Wr7QCCCXEt4XBsxXEqJmgMAp/6gTpn98qzr4TJMy/Wuu Fk0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:date:from:subject:thread-topic :message-id:to:content-transfer-encoding; bh=eSWYe31g4XsMpsTZoUqzf+7WadNd6SyMPl2xBG+0sys=; b=2ZHu+HYQ+0IQ54LOU4m0baUUbU1Wjy+5gz2XlJFfjXm0oF/fgTxxdaknrRAcoQ8arO Oh9NqOkyeav4H+89m3i42MJAPrqyGAbjtRIWR4MOipOiz3o/1VhOLchX6aRLYAM5r8gS P/iGw52//RvIw4y3C8iHK6eeNfYiwe20NvJCxHaCQh5LqamiIu2baaXWLhXHiqu3THG0 +/yGRqVprqiFHpZemVIClS2ryHIDB3CRgp9/uPHmexdsgsVg07JUbx+LAh3diHiwhow/ Vi0WGjCzQI74BT0HDekO5330YNdu1ZDp43Zu9ZoupksA1iRwchhHKwhEkRo+DHA2oWKk 5k0w==
X-Gm-Message-State: AOAM530WbaUbvwLd74DqqtgBaI9/SuAf70VSe3aqFE5XQ+FbxLq6oleM jgRvMWLljWM61QeRvrQz1aErd0K8xmY=
X-Google-Smtp-Source: ABdhPJxGVWvoi8/hAvNEaEtX+cjKpMK/L4Sj7LQxKiQ3zYjYw2Eaf2amTF6nVK5QzS5DBVniwkYtQw==
X-Received: by 2002:a5d:6d0c:: with SMTP id e12mr9654864wrq.94.1636641847095;  Thu, 11 Nov 2021 06:44:07 -0800 (PST)
Received: from MacBook-Pro.local (IGLD-84-229-147-189.inter.net.il. [84.229.147.189]) by smtp.gmail.com with ESMTPSA id a10sm4926311wmq.27.2021.11.11.06.44.05 for <saag@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Nov 2021 06:44:06 -0800 (PST)
MIME-Version: 1.0
Date: Thu, 11 Nov 2021 16:44:03 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: GNAP report
Message-ID: <9EEEB5A9-0546-144A-BF34-1656A77256B7@hxcore.ol>
To: "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/C8m-v8qIP0bDCgc6SRZE6CRHTFc>
Subject: [saag] GNAP report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 14:44:16 -0000

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta ht=
tp-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta name=
=3DGenerator content=3D"Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style></head><body lang=3DEN-US link=3D"#0563C1" vlink=3D"#954F72" sty=
le=3D'word-wrap:break-word'><div class=3DWordSection1><p class=3DMsoNormal>=
<span style=3D'font-size:11.0pt'>The GNAP WG met today. We continued to dis=
cuss the core protocol. The protocol is getting more and more stable, with =
the most significant additions to the draft since IETF-111 being Security a=
nd Privacy Considerations that have been added. We also see early involveme=
nt by the academic security community with initial formal analysis of the p=
rotocol.<o:p></o:p></span></p><p class=3DMsoNormal><span style=3D'font-size=
:11.0pt'><o:p>&nbsp;</o:p></span></p><p class=3DMsoNormal><span style=3D'fo=
nt-size:11.0pt'>Thanks,<o:p></o:p></span></p><p class=3DMsoNormal><span sty=
le=3D'font-size:11.0pt'><o:p>&nbsp;</o:p></span></p><p class=3DMsoNormal><s=
pan style=3D'font-size:11.0pt'>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Leif and Yaron<o:p></o:p><=
/span></p></div></body></html>=


From nobody Thu Nov 11 07:19:54 2021
Return-Path: <hardjono@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 434CA3A081B; Thu, 11 Nov 2021 07:19:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level: 
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0vxVMrb2Ifr; Thu, 11 Nov 2021 07:19:48 -0800 (PST)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 524443A0819; Thu, 11 Nov 2021 07:19:48 -0800 (PST)
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-1.mit.edu (8.14.7/8.12.4) with ESMTP id 1ABFJXkS019123; Thu, 11 Nov 2021 10:19:44 -0500
Received: from w92expo23.exchange.mit.edu (18.7.74.77) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1497.26; Thu, 11 Nov 2021 10:19:18 -0500
Received: from oc11expo23.exchange.mit.edu (18.9.4.88) by w92expo23.exchange.mit.edu (18.7.74.77) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Thu, 11 Nov 2021 10:19:23 -0500
Received: from oc11expo23.exchange.mit.edu ([18.9.4.88]) by oc11expo23.exchange.mit.edu ([18.9.4.88]) with mapi id 15.00.1497.023; Thu, 11 Nov 2021 10:19:23 -0500
From: Thomas Hardjono <hardjono@mit.edu>
To: "saag@ietf.org" <saag@ietf.org>, "din@irtf.org" <din@irtf.org>, "blockchain-interop@ietf.org" <blockchain-interop@ietf.org>
Thread-Topic: IETF112 Side Meeting on DLT Gateway Interop protocol
Thread-Index: AQHXzsPpAJ5/dSqWqkioklwKWfqT+Kv+c88y
Date: Thu, 11 Nov 2021 15:19:23 +0000
Message-ID: <00c9b37b7a7a46cfb0d61568f598e293@oc11expo23.exchange.mit.edu>
References: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu>
In-Reply-To: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [73.100.88.16]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/w97JMCSsAcggj5QHKBA_1ReTtmA>
Subject: Re: [saag] IETF112 Side Meeting on DLT Gateway Interop protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 15:19:53 -0000

Folks,

Just a reminder of Friday's Side-Meeting on DLT Gateways, and a minor corre=
ction to the Zoom information.

We will be observing the IETF rules on Public Side Meetings and the IETF IP=
R Rules (Note Well slide).=20

https://www.ietf.org/how/meetings/side-meetings/

-- The meeting will not be recorded.

-- No attendance registration required (i.e. no blue sheet).

https://trac.ietf.org/trac/ietf/meeting/wiki/112sidemeetings


Here are the logistics of the meeting:

(a) Name of group:  DLT Gateway Interop protocol

(b) Date: Friday 12 November 2021.

(c) Time:  16:00 PM UTC/London (shortly after RATS WG).

(d) Duration:  2 hours.

(e) Zoom link: https://bit.ly/3C1Jshc

(f) Zoom Meeting ID: 875 3224 7380.

(g) Meeting Material (GitHub):  https://bit.ly/3c4Ajtv

(h) Mailing-list:  https://www.ietf.org/mailman/listinfo/blockchain-interop



Best

Martin Hargreaves
Thomas Hardjono




________________________________________
From: Thomas Hardjono
Sent: Sunday, October 31, 2021 10:15 PM
To: saag@ietf.org
Cc: din@irtf.org; blockchain-interop@ietf.org; Martin Hargreaves
Subject: IETF112 Side Meeting on DLT Gateway Interop protocol

Folks,

We are planning to have a public Side Meeting at the coming IETF112 to repo=
rt on the work we have been conducting in the group over the past year (sin=
ce our introduction to the problem scope in SecDispath in IETF109).

We have tried to select a time-slot that does not conflict with any SEC Are=
a working group meetings.

https://trac.ietf.org/trac/ietf/meeting/wiki/112sidemeetings


The details of Side Meeting is as follows:

(a) Name of group:  DLT Gateway Interop protocol

(b) Date: Friday 12 November.

(c) Time:  16:00 PM UTC/London (shortly after RATS WG)

(d) Duration:  2 hours.

(e) The zoom information is here:  https://bit.ly/3mjvDWF


The preliminary reading is here:

-- https://datatracker.ietf.org/doc/draft-hardjono-blockchain-interop-arch/

-- https://datatracker.ietf.org/doc/draft-hargreaves-odap/

-- The IETF109 slides defining problem-scope is here: https://bit.ly/3GDHqX=
U


Looking forward to getting your inputs and to a great discussion.


Best

Martin Hargreaves
Thomas Hardjono









From nobody Thu Nov 11 07:25:07 2021
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD313A083F for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:25:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-s0EA0sAX7A for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:24:59 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150114.outbound.protection.outlook.com [40.107.15.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 550763A0B6F for <saag@ietf.org>; Thu, 11 Nov 2021 07:24:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oH/NbFpZDoZDlwsqLqkTJJgYJTuVK1JqolYYVpcuLC+Z5xgnWkYY0WNuxCA9A5nCDKHL/YcT2LNiPg0X7rM0niH5io0b29ru7bUyuxxacC5zASZfCIXRyv3iq5C7LXhmEVfg1Zd6sRNzCUOfGHYkWA/IQQVDl4LnEKXEbQKr1OLmA2OU9MNMZsmAZb56XzCs8B4N5yMWBeBdIk+xXqcrlEh5AsCL1McNaKvuwp8+AZR/6E8/Oogv7iAX60yKk9kdoZGXc6FwWsEOwGHRYu3zwaThfd5yUtSLFprLh0Ixw5kW711mZWT/BQrybZA9D3J9+HBxIeRMct4JQrPUyIAU2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YMdwQ7FYttTS6P7P5JKwEkqHkrnPWtbfSg08QBSC55Q=; b=KG02iFjJYnspqFC9DJBBtyDMeuEwsIraURooq1jzMRe7OsgvWn/6lvENHQeqF7+u/muy4MeH/d74tCZ2f0MWZ1tvjyrUOwqjkafX29AZxOqhcvCF0sPHgmdSbKU97b+3Jj+4E+YelVZZKZn7Rlz4ZqvDYzam7SEHqM8UzHzBKOSdPSqwW8mkUO+0dCof8rKgRZcs4G6H3IfQwZXTwux8M51NYDSwxu/XnJV3sgEm0gJ8VJLKgmjXNpzHyTF1KAexgLvRFSrkxlaxblRItUlHR5s+0t3Z3K7vc5vLX7/KasKND0/fd8ytsy2udiQrjyKoccAbn6elmmYCI/oVYnv7ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YMdwQ7FYttTS6P7P5JKwEkqHkrnPWtbfSg08QBSC55Q=; b=cR3gE1AEsyMGdyL9Far4iktJm9UB6rQ40FEvqSW9Dy8rRaNvfEJ8S6HTNDJq6ugvyGgMWBdh6WMBvKtI7YXbu3v+3nlDag0HwxsFjGOvFZ2aoZOHEQ/kQxOOxqnDGBZubiYdXbV1CSY6H29yFZcwoXW1NxNcmrVMjoqMU+eTcLneQLXCKHIb0ABCkGmNe2MsyzPwjl6/aXhU/DchG3okdsvkht1+G181gIfjbZU6tp7ux+V3rPx0oSIDLa1qHwqybMEW/eXQqqOgy6iEcKDMC/1egX66jHiMv7Iz74VjK2YOquuqTogHP2M5hccCbwVczWKUcFGQxmNpVkKI6HCcIw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB9PR02MB7113.eurprd02.prod.outlook.com (2603:10a6:10:222::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.13; Thu, 11 Nov 2021 15:24:50 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672%3]) with mapi id 15.20.4669.016; Thu, 11 Nov 2021 15:24:50 +0000
To: "saag@ietf.org" <saag@ietf.org>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <c90314b7-c0dd-49ff-d8d3-922106ffb271@cs.tcd.ie>
Date: Thu, 11 Nov 2021 15:24:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="FocQJkpsWvsguGfSFuX16OblrPNzYRF9d"
X-ClientProxiedBy: DU2PR04CA0264.eurprd04.prod.outlook.com (2603:10a6:10:28e::29) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.119] (95.45.153.252) by DU2PR04CA0264.eurprd04.prod.outlook.com (2603:10a6:10:28e::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.11 via Frontend Transport; Thu, 11 Nov 2021 15:24:49 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0f8e2aa9-8692-48d2-fd7a-08d9a5276707
X-MS-TrafficTypeDiagnostic: DB9PR02MB7113:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB9PR02MB711338B34C1E8BD8C991000BA8949@DB9PR02MB7113.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:826;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: PF2RE/CF1Lvcw9itzq0U6zBVksaOR94xylgawZ74BHuW0FGlgoYtahCjPuVZyZt/BZhtOmS5mZ9O4rpFbz97RnzYFQ744/rWk4Je0bIxzEtTgccK3oq5mepUFbmBMy6l1wYmz2HG07iI/Ox+VVr0D0b7aXHkWZ0EyBhQ/4i91rrFtcTNoYlbeqT/yVS8zIkoio4LGF5O86IIEa1QFYkl1WW//cUiZ6zzFSET5Q8l7uMNjLQ1kxYv101rDBZKOgAOvrl1l0JhZpHYWVwlRs+Ot4pJ4CkPVSh2EHslys50qWdLKJhrDCWpB/C3nbedRkbYglkQueGDFa8hFJLdkajEIbt2kfsTfZ/6TTDfJ/hH4sAWaXJU5l8rJV8WcMhhrSwW2PQOPwXMI/Y9JQDJnZLe6fRmOe/KlowpVAyeIybpD2FibZVRKqfurdcIsIGnl3vwR+e/XpYD9l0FTKACiK+5WGdQjBhycDLaHl7KGB8laNV2LCiHU6eFQbePJYfExIN6kymHdQwJkfP4Be7cWXJOS8lENMrjN1GEXjfgsIFKOASXNu8c1ES5hEqKv/Lrbz6khYgIxy5HVHPZwj30KIYLpgPe2yHYODJvZcnvqLfzM1q6+wZet8G+iy4xj4LvapzZLFEbQZHtg+Em/qXJoeqR/kS1imlvTimBhqSuGYt40nt38VT0Dg26M9MIj2LPW08w+zaqNkigGT+ruoWWX2fhhcDbCvbhf6lOJx3eb0oD7mNnK5ANho/i3sZrkhdHSvD1iwIRoGmkkN/UJr77hcGmmErpNsYj6jdXwZjkGxM7zP2Z8j/CXo2YykZzvnk0KAyW
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE;  SFS:(4636009)(366004)(5660300002)(4326008)(66946007)(66556008)(31686004)(86362001)(26005)(21480400003)(6916009)(66476007)(38100700002)(8676002)(6486002)(8936002)(83380400001)(186003)(508600001)(16576012)(36756003)(316002)(31696002)(235185007)(786003)(2616005)(2906002)(33964004)(966005)(44832011)(956004)(45980500001)(43740500002); DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bHVzSDZTcWU3Y0M3aEkxTThGNTFwdzZYR1JDdFg4UHhzR2ZSYWFId1NZeWVD?= =?utf-8?B?Y1NsWXU1U0RmSWp5dTZPYzVNekNSM2ozZzJDRFhIR3VqTUNNdnFpVnRnakVv?= =?utf-8?B?WjNlNE91d3htSEpLWHZjVFhYMWk3c05XSXlhYWIrbXlXV1F3d0JPTkg4TXRl?= =?utf-8?B?NGxNZnEwekJBYm9YN0N3dHFwZHRDcVJBN0xvT1FTM0hwNHlyRmxXOHFmZXo2?= =?utf-8?B?d21DcC9sQ2VzOWlqSUhsb0RRalZ4bEZxUExrTUNTMTlBbE5aOEVsUE1TT3B4?= =?utf-8?B?TmtqUzZiUzhGT08rQzYvZDUralgydE9JL2k3MVk4dUJ5RnpSNnlMSCtPVFlY?= =?utf-8?B?UTBxd0F6MDRjVWJCL2RBTUY3WnlvMXhuUVdiQnZQZnZ1TkNxZDcrVW5IUTNs?= =?utf-8?B?ZEF6dWtUbnA4aytKbEd1VURRU0c1OWpFMk03dm1SSE9sSlBuU004cUNGWHBD?= =?utf-8?B?S3FNZHQyYTl2c3haQlhDZk5kNlRFbmtoZTlVaG0xamtHQytIRDdoTEprRk5T?= =?utf-8?B?ZlhaYjM1Y2RudVFrbnFuRzlLdEpUMkZENW1pM2Q4enFaU1RJY2RQQzB5S0VF?= =?utf-8?B?N01ZS2l1SWt2Sk4zYTY1cHFyWDl5dUdxUUdFbU1ZMU8xVGI5RDJjcU16K1dj?= =?utf-8?B?RjYzTFdiZ0lKQURJK3prQUkvN0NvZXFlc3RPZWxaeGZndWdPNmlwb25JRDlp?= =?utf-8?B?VlJLTG1jUWdBazgvVmN1cEc3VW8xMzhnOEp5T3E1TmRQOVFuQVIweDNWaSs3?= =?utf-8?B?ZjdwaVoxU3pId1FURHBjMWZZbTByYjBzMTFkWk5CS2IzWmErUFZMZnlKM2Ix?= =?utf-8?B?a3p5c0E5QWhyVHc1YkQ0bVNZMC8rQk5meFlaT0ExMGRDYmlDYXlNZFVMNm9t?= =?utf-8?B?citWZ1d0QWFRK2l0Vml6bE9ObnNsOWZpb25vMElLMWFkRjlHODBKVW9sb3lV?= =?utf-8?B?NzVrZDFpdU1vdGJ5Qnk4cFR0SEw0Wnp0aG5zVENxZ01zcTErVGdBOEEzUC9B?= =?utf-8?B?TTVUVEw1Z0R4SUwydjVKZkNBTDFVZ1BNbytSdUFuUzhRRzhZNEY1ZzRXTVlz?= =?utf-8?B?MU1rR1hxZ0FsQVUvUWp3alBxeW9GYTczc3JYUmFyNlhjd0wxS2hRaFF3UEpN?= =?utf-8?B?SVNkK1FvaVVzSk9kdWVPZmkrUjFKTlkvZDE0OHlvN0p2OG03ZExsdmZ1bGdC?= =?utf-8?B?N0JFVERwZkFZd1VxbUZ0a2ZyN1NkZjRhSU9qNkpoQ0FKemtKK3kvTW02SnFG?= =?utf-8?B?RkE4M3VDbEhpWlVXK2hzNUthVTVReTc1T3RZUkxhQXMwYVk4eDZtYWhoRTM5?= =?utf-8?B?T3kyNzFWSnF5Um5QVkxjcU1XWll1R1pkWTFvRWJYWlNNenF4d0FIa05XOERB?= =?utf-8?B?N1BiMzVBM1dLVzNmTDhHd0lIOXplZ205QlUzc3BjTUNneWVWNmpLVzA3NENu?= =?utf-8?B?RzNjL3hLVGNOTVZncVppVEtmbjhYbFBtc2hHY2E0V3FsYm9heDJEelArd0xP?= =?utf-8?B?YTgvZmxIdlZ3Y3RETnRreDQ2ZklqQjJld1dkVDlUc1hTdmpWTm1SclpERSt3?= =?utf-8?B?YVpEQWZSQStJMmNuanhFMFhiUHBEQzVQWjBleWhiTzBxTCtoRHM0VUdRSFg5?= =?utf-8?B?ZEhWVHlvTUdUQ0pNM05uQnByQjRXNEsrNG1FNjhkSXNpTmd3ZUszK1l6L3Ux?= =?utf-8?B?WDBBTERqUmxWYjRjL3BmelBMUkxQR2VBT1NoVURtRFRQcVBtOFFHVVJ0ZTds?= =?utf-8?B?ek9zYkYyVkRnY05MNXZFUUNBY3RUSUs3SnB6U3JHSDJ6bFB4MStCdWJPSWc2?= =?utf-8?B?VlMvYys0NENwRG5ZZGJEMmxLZ1F0eWJTWDZhdnlBWVc3ckt5Q3k2UFdUWUdq?= =?utf-8?B?VU1sSmpLS2s1QUNFY2N5NFhYWmVkazh5T0Fnek1oWTFibktmQU00cFhWM3Fi?= =?utf-8?B?WWdUWXE2Y0p0ZGppbWROdnprZkQ1RUtiek1aTzZ5RkZMTWd4VmEwZFBVcWpF?= =?utf-8?B?VENIeXZpZ1VlRW9iTlVkTFJ2RW53dGhmcU1pNHlzY2ZQSEJhUkJ0ZHp2UFJN?= =?utf-8?B?RG0rNjZRN1ZDL3l5NzNvaEtvY2xnZGIzWGJoSGc1ZzBlUm1lWVRiSEgrSGxk?= =?utf-8?Q?ibTw=3D?=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f8e2aa9-8692-48d2-fd7a-08d9a5276707
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2021 15:24:50.1689 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: +s5S81YqlqAZRK9ZVpYuWzuWYPmqragXyE6jyqbE7mCYbFE0pcjOoLcdb8Cd8u8G
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR02MB7113
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Swr_3nUY6vJILMrrBSxybAWgekA>
Subject: [saag] OpenPGP WG report for saag
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 15:25:05 -0000

--FocQJkpsWvsguGfSFuX16OblrPNzYRF9d
Content-Type: multipart/mixed; boundary="0DMc8m1L40Tfjh9SySF4LjMlAKFtcaVVu";
 protected-headers="v1"
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: "saag@ietf.org" <saag@ietf.org>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Message-ID: <c90314b7-c0dd-49ff-d8d3-922106ffb271@cs.tcd.ie>
Subject: OpenPGP WG report for saag

--0DMc8m1L40Tfjh9SySF4LjMlAKFtcaVVu
Content-Type: multipart/mixed;
 boundary="------------08B082462C4259D7C9944494"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------08B082462C4259D7C9944494
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


The OpenPGP WG met Tuesday. We mostly reviewed the
good work the design team have done on the crypto
refresh and what remains before we think we're done.
We had some discussion if MTI algorithms that'll be
brought to the list by the chairs. In the meantime
feedback on the current draft [1] is very welcome.

Cheers,
Stephen & DKG.

[1] https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/

--------------08B082462C4259D7C9944494
Content-Type: application/pgp-keys;
 name="OpenPGP_0x5AB2FAF17B172BEA.asc"
Content-Transfer-Encoding: quoted-printable
Content-Description: OpenPGP public key
Content-Disposition: attachment;
 filename="OpenPGP_0x5AB2FAF17B172BEA.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh5=
Cg8
gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+QtaFq=
978
CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGu=
D/Q
9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4=
tNn
cejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqB=
wV+
4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghVB5Uir=
1GC
YChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5FmBKjG7cGcpBGmWav=
ACY
Ea7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK7uB7E7HlVE1IM1zNkVTYYGkKreU8D=
VQu
8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER=
8la
5lsEEPbU/cDTcwARAQABzSFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT7CwX0EE=
wEI
ACcFAlo9UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qGC=
xAA
pYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKkrRl8beJ7j1CWX=
Az9
+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBrsjC+1uULaTU8zYEyET//GOGPL=
F+X
+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZsdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4=
g1U
QAcCA4xlucY8QkJEyCrSNGpGnvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advre=
k3U
P71CKxpgtPmkd3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2=
niv
Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBGFEZYJGuaL=
4Nw
tBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wVN3p46RyBQuXqJV8ccE11m=
6vt
ZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8vovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7=
+8A
CcxRU3b9Ihd7WYjJ+pQPCoWYKozvtEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQ=
LvC
wFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8=
rpK
o9OkCz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqmuKhYr=
qJs
CcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMTAAr2p7PSaHgo+hIVa=
W/r
KSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQIAQlFxtgvOqpPOZNzeKBa/+KbE8TG=
gMW
rkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3u=
rqR
1cLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/=
0A9
J9nrnBMqZpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5hc=
JBD
EN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPpMyEs04zvsbsl4=
vrp
2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouBur45UDKTZkMZrr9FGrtkyXCGA=
xvK
dcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQyoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaK=
xlf
tjO+Bj3Jj73Cr5eqej3qB5+V4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjg=
Uky
o1s4vjUOY8DyI+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIO=
aHv
X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg2YVf0izSp=
yyz
JeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc/MoSjTS65vNWbpzONZWMZ=
uLE
FraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5w=
sDc
BBABCgAGBQJbxcflAAoJEGo7ETk8pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer=
3UM
TVQg10vpa7pmqOGhjIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCP=
jt5
uAxmbBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6+uWyK=
171
RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh5EQsn0pIh9wZIAbMR=
Lpg
RKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6KLChn2aEHQd+PdY1GBpZEcmNEUPuov=
wza
tM0h64hCzTm41eDqRfihZVBT7TbfXQnv8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0=
zG3
6VdZTQF7TF/4Lz7/3cJ56jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQ=
eah
r2ez3DRBg3qsHEjBV80yU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxsQ=
GNz
LnRjZC5pZT7CwYAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AFAlo+o=
3cC
GQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeOM3P7SW3C3UQYdCgZ/TlvxGgKo=
w5o
DSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3h=
Rcs
RvuPKHfl5+6oOi0+xqx3jX/s/69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmC=
Y98
iD+EeiIMAWBjMw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jd=
h2k
4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSlAblGjwZe4=
EIk
CXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNgvDxZvuXssEjvz9X5JfcIZ=
DIJ
pdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/rwWcpGr/MfVPTOik4H7F8rcVJelceZTzC4=
tvy
a7M+jM4fyFWWt8Y4atTixUiP7U9o4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4=
ul3
qvjYe8ye8DXEDjKAxo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIc=
G9g
ivQd8MxYNAbNYgSPtkbhZ8TCwFwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6NXEGt=
w/r
1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYcJf+RyiH1nMoqUIZiZ=
Jaf
3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbYtWgsYtRqHLD4IWi37MZrVyjBuF7u1=
4Q0
7+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGf=
qtu
Sw6CPBYLdbikqML6FZ7EDuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/C=
gHw
26293tlve2Q6UTrmHxP5U22DlsLBfQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkKC=
wIE
FgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiPGYnh/CXxIF8eL=
rfb
e5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dTMrEGn8QWKx2iNuz9rZMXyOSWF=
etu
O01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8=
v39
+qIHHRjuiwxBBCAOhHtHRsZXripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr=
1oD
3RxYNhuWgyGFL64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Pr=
m2D
Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCbhrC3+yoby=
y/A
UOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10MSU8GEZu9ayU4M3o3N9yxO=
jao
P0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXtGKvJtFAEppGEYezB+bLKIm6XlpPkhnwYz=
leL
Z7AMEco2C6QM8QPB3g3JpS3sqRhA5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC=
2X4
pbZDRvGIUKaGSB4+ksZgUUnNyvfQr2p7jsLBcwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g=
1MS
BQJbtySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/l//34=
YT0
auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX4Iec8+9ot6tIVg4sb=
edD
Sgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo7kD9FDHCjRN8XfhHQ4Q9cYyt06uF3=
1qG
/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZjCROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcV=
YW6
R0a3Ra8KudX+nt25H5DRGd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg=
4Im
VOLGqsUgVm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGxm=
qyH
eLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88zllsqhZAFQjNx=
qnk
SzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2EtMBhgojWwrGMvdLN6X3mnzNJ=
Esc
YyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezIz60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n=
2Hw
xyRL5dVMyMdyQmntubbctfqrZ0tIwsDcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4F=
eIY
jlIXGghFWzsB4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8E=
AuF
CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwlvpNwiiBr4=
2AY
R751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGkbPlPkztahsFqktgacIgXH=
X5v
aT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joBp823L7r5KfpqWTPpSCzVstQKZUGmmoE1q=
Csw
Y/Ud5wvp9SccpIILkRXj0rZRtfnE5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tq=
yA4
3niUMy2n6q690of3berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7m=
Eer
0rCL3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP80uU3RlcGhlbiBGYXJyZWxsI=
Dxz
dGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPsLBfQQTAQgAJwUCWj1RWgIbAwUJCZQmAAULC=
QgH
AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jscEADEcB0WQEZn2AkrzDs1RhL0Lp6cZ=
i0B
igofkbcGfdhJyMSs19C0dhvncrAFClVI6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhn=
i9g
OJLlUpXViQtgrlstjk7hqVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTy=
sIg
pMw0bA1yBU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1n=
66v
xxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIqhCljJ9x40Fkn/=
3r2
BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw2AbeXfr57f5zYsN3IqfbQLUjM=
YtU
N1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nYm2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr=
5iW
XO3qx1HtEiGEqkporMQCTh3T5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/=
zek
ZyXRdS/oDKrBLUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78b=
a0H
Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdMLAXAQQAQgABgUCWj1SoAAKCRAvP=
Ic2
gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06TQgW5wsqtNcrwn81yZTq6=
XE6
i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I1=
16u
/HwA9/FXsPo5isbh4ZqD4t0VHpWkmfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/J=
G9a
SSYvk3lznNiH41x9M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IW=
OMq
N2woDjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBwsFzBBABCAAdFiEEfhcKBFyEz=
0YO
K3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0H6FJ23A9Ftpy+aXZ4=
vYl
zkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQOJSSHbQ49BFRLwb1J/wBZG4bbmrkLx=
nNb
KDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrhB+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+=
5HN
HltSL3DF1c2fFOf2JrgBKVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq=
4hn
l5+VC/48ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPwn=
Zbg
JO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2MvoolsW08FiZh3Ej4d=
nJj
j25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJlMbVLrMo2GXeo03OzNyvbs+u8=
WLI
aGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilc=
dPC
Yk4BsOlzpwwO74hNG7iyl0KdAlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTX=
o4+
Ira2JUErL2cYzQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YvCwNwEEAEKAAYFAlvFx+UACgkQajsRO=
Tyk
rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04fZ2Ry4nF9=
hZM
0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4NkC9JMpecfq62/teOAU2e5=
P3f
WYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOosp=
cL2
lJTmy8e3r79R24hPlSB4LDe0wEN8AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbk=
etP
GRmWvx5xUvb2ALFBBdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3=
zRq
k3mttto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+QgevYE0=
20q
pKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7vxflUEDuzsFNBFo9U=
DIB
EAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuBHmpvceBRZgRasdbaMc4HJee+R9+5x=
/nL
PCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHE=
hOV
fBZO59ipSeZL5iQC6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1D=
VI9
DYo2D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7PbT=
uW/
eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3vDUew1h5QU1yD=
aWT
3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcmoazpiKZt91CrFPOaoXDPck/Q6=
1df
mr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8=
MAv
2TGXmxpVJ8Nu4je6wf96Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOA=
HZR
5iCunYghx8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQo=
qj1
gwARAQABwsFlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF6TeR83xD6=
Mas
qXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfdn3BmvqGyh8+ouHX9jMOxi=
RkM
dNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB=
++/
KAmi5UJV7zsZ7uYJ5jm97LV5SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lX=
xMD
rvKnXMkjseQ2oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrf=
ZtA
ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqYo3pcN=
2OE
0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQkd0YjcqlB1E0svODHT=
zcS
oRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7=
IKP
3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeW=
Iys
s6uTiyF+ZbJSo2XOKVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST
=3D40Nd
-----END PGP PUBLIC KEY BLOCK-----

--------------08B082462C4259D7C9944494--

--0DMc8m1L40Tfjh9SySF4LjMlAKFtcaVVu--

--FocQJkpsWvsguGfSFuX16OblrPNzYRF9d
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAmGNNcAFAwAAAAAACgkQWrL68XsXK+ps
hA/+Jh6wJZ6a/XPbiL9sTyBS4Zw5U1trOsYZO1K45goOh4i9ehAEYKm62TktPYySmHQHgaM/Vj04
LYZ2owiarY3p5jDnmZVKFrCq64ny2N9j+YZ1mJW+0QglloZdRsiQVECsJz/VwlPAAnHMv/8jYsrE
orz0YfnUO0czrcyprIP1+HRKhGRwJFO6chs5YYG/S4VxvQOhC5NXKRraqT1YSZQsGwUwKd4yRkZv
h8aLxkBvXDSe94H/mkJeRuF08ebvfjaTAl9WIo04I0Ew9AhFSz8xsm1ptrDn+CbuKQNJCCuUmfeE
syAmwSAdxQeGlXUOUJlFgPcvq0mdxM0UbOLHncr1rVUEkUzcb4RFzdRrtZqk9TasPn2iLbd4Nioz
BY8AVs1fZZYmGSEAKSH03guoZFKXAmvcLtrTbl15VvlWGuz9sIdg8ttNIZpvkw7zHidB4gM90ypK
v0w845P6UdAXkytYGMuq+AYcqhDlzlZTzw67SVm3eRfRM2rydafmkzUMH7M72jmZRyY0sNtrQB1r
ezg//qqCXUrssfVsiwLDm8ziD3jHU7gqdvJJwhIZwzgKkbivHmL172wIYJJ5ruu7vCGZMWlNrgdw
IqT+Ryd2IFObL4TT2BgyMUZ16Ifbg89gozmKm9Xxct5oe6DqPEr44k+d4lHfxlm5EsuB7q5J3e+6
Dl8=
=IYPw
-----END PGP SIGNATURE-----

--FocQJkpsWvsguGfSFuX16OblrPNzYRF9d--


From nobody Thu Nov 11 07:35:34 2021
Return-Path: <inacio@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2ECB3A08AE for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level: 
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ITLd-kwNhL5p for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:35:29 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0728.outbound.protection.office365.us [IPv6:2001:489a:2202:d::728]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11AAF3A088C for <saag@ietf.org>; Thu, 11 Nov 2021 07:35:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=s2j8tfp4yQyhBfSHlirzsb7T0MACmJMGVD0rUteG82wXhCCCYqGe7KiRFj/cjXJoTlVmH+zzGVbzdhWBxW1TKTsCmm7fD+Baltr/n6m4gFpymvihQ1xEGPAfsH2z2WTQ/7F8TbdGaEqYtFqEceIF/6TTI0eU5jdnBODCmNXqbrlrErkDF2qY8H/r6TwbDpqboH+Cf3eXPWQXutbO6TY6ja+my92nynloG18gL8wSWac2GbGZ+fBb/CPDqzH/1EiHnfNalSe0+sbvO+ytsjPzd/lwdN/BdaQ8yMBooug2pLMf0435J9F+iwA5XDCk2QcU5PrV7tcrLO9IkmWC/YB3zQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=msFSZFsIO5gXVEkiyB6XXniuEjgsrTb8CbKOjFtnaA8=; b=x6mkii32cuXeAmtAGzQdzVVYOwNO3YBQF7w6CxZfNbO16mLZ5zVBSWNiIts3Nv8htCPsuXHSrOVVt235fqLHUPr/1UJKWXO5JArdRd/mTfamvu0bWz1r4SjL3JLQ+0qgg2swS0xndBWJhF+mY1u8WVybj/98nMpvtQmBMqnEZCr1VBZNqkj8WwJ4YP4h+ePQDDe1LtO4JJ+a1iqpVvyuRExx/EAjW6kRpZKzE4F4lUdMguoW46e6KRsMooo6N30V0kie/jmthcz1dAqUKLCXfKno6Vh9lEqzcGazNEp+395cN1xzeBkEvhtlhPMzX4RdZOrCARTnura5nUTCHn10BA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=msFSZFsIO5gXVEkiyB6XXniuEjgsrTb8CbKOjFtnaA8=; b=Gcqdl1ItltXZyvDgHyWboMXwnwa99qxOEKeTItgP3nH86ldS7iG/xnySGv7+gDSZs4p9JPE9BwTGcWygG6bPx724CKj+ohm815VulYH9p0Y28G1Cd2ZJcCt+ZPOCKEV0SL0rC1i3LEtTAo3A9I9eO8R1AB8U/mLzBGjpeBB3VGs=
Received: from BN1P110MB0897.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::15) by BN1P110MB0833.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:132::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Thu, 11 Nov 2021 15:35:20 +0000
Received: from BN1P110MB0897.NAMP110.PROD.OUTLOOK.COM ([fe80::a0bc:e6b5:466d:e905]) by BN1P110MB0897.NAMP110.PROD.OUTLOOK.COM ([fe80::a0bc:e6b5:466d:e905%7]) with mapi id 15.20.4649.015; Thu, 11 Nov 2021 15:35:20 +0000
From: Chris Inacio <inacio@cert.org>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: SACM @ IETF 112
Thread-Index: AQHX1xG8hvWUp+OtPUK8l8Rcc0lP2Q==
Date: Thu, 11 Nov 2021 15:35:20 +0000
Message-ID: <1258A368-3ECE-4C12-B5A9-D66F51139C08@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3654.120.0.1.13)
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ef6b2e2d-73d5-4fdb-8864-08d9a528deb2
x-ms-traffictypediagnostic: BN1P110MB0833:
x-microsoft-antispam-prvs: <BN1P110MB0833A18C04F19DA4FDE40FA6AD949@BN1P110MB0833.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u/wXrjgVuHxfYSSjjOHP912UqjIMnJY7a9PrVf/Ra6m0krORv4eip/SUwgyvVgnevRfSRARWG8ZEKOCSJKU0cTb092lvYVCDx6Tdw4X8QbcqiMmXiHjMtAG84R8ukx/k9Z6OCu+UWDs9IITCJpA3GWTdZydvNwV+zkrFjahmLVLjXdxXyiHrLwj3WL8hS65N9Nj+IquhvI7nE4y+BnZOzBfd7v7WeHsiYHThFFtkuJhkBSmjnQcSg0LRQxizcAJ+AQGCnneWy2yrOyQErXkHY0kSRL0fqOciipPWIFSTUjLI/3XklOqz7ikXBfHz1RVv656iNd7ypA5Gn059ov9bKOq/aaM691wn3rxOJpXOs1KL0lpJA1jEb3RgN7mMTeEIvD6qyiSif+kvpBzaIUGQs8kq379NeH5YcI9m+pzKhKO01Vezf9Yrcx869nuxqL616O2+D2DL9yaTxRQOs0T0EQnB4q5V29ggtYFHA7b4NqNPy3K2XdBqqBCDIxStQtg+RqynemrMSXKAREUhI8CExzgvhhlHbqIkPR6scrBHvP83O5PJZFOrpJ95PCHW9NgyBnaFsRIIlTMxyr3LTJ4H+XF35Ic6sudl7ihdOaQ79Z1r0IHTL1mEPEVOiUV5evk1h8Yi+WL5pXE06bjfJzEbj680PwDMADy6aa2KmQXPuOQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0897.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(5660300002)(6506007)(2906002)(66476007)(66556008)(64756008)(82960400001)(6916009)(66946007)(4744005)(33656002)(83380400001)(38070700005)(38100700002)(66446008)(76116006)(122000001)(36756003)(99936003)(71200400001)(2616005)(498600001)(186003)(8676002)(6512007)(6486002)(8936002)(26005)(4326008)(86362001)(45980500001); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nViGjPxxU0DV4xIam+lcuNL8hXDpvueex2EMlyvcobGQOFtmTn7PiDcUKdA4SR1aF3gtzAmj7DgOD/2/nh74qlZMHbc0eCeB3Acz+h5g2N9/5hHVH9+ejbGkngd/DFhsj05s6Qm/q7a2t2iPAz2c8Na75BvotEjjxq7pnEHQHaI2GZphOZjHau0OrXJ533mm+JjmNyLPXM/bF2OpRh/3LJ8WykCH2FlAyuW7Yj/pQvh3reLtDFayf+f5ht55chf3rJSfK6Of+DWd/Q2mrKiwcymyrQY0NXbHIsP6W5lH3R0GKATjifD1R7bDlPzIB5PL09n6DgJMkLeQQptYyZ4N2owPj/FrI2FggGFq2CxvwTpFky3FLSpNh0twd+Ho5Ydg8EUjObDRIlZ6MI6rtKcwVG3YAd5tZ1ygsfBeFO61ACTa6k7KiRv/GJgZC7qKkWExRsPvQStokKAlH8HXwsa1jthW3OkEcIwdFg9PdfDvylbYu96z+SA9BF5adU3yaOi8t91bEkGYMyGpMPNHP9bWVBbIs+50LUlQxyfBx22qdjU6a0VNgeQAr1oNcr+8K1RZozB6RHCz8HE0ywbZQ4MUeX/+aFnaxi8COtnUvbakaulouF1X+bxBeShqKyDLowgu6wHfyk1MsWQvO2KRmP6X5YeQNFgNkmooYbr+04QH8cjqne9AxggG2OG+TZHTZradIa9xwKO4WaLQk6hsVFhNIw==
Content-Type: multipart/signed; boundary="Apple-Mail=_08F82479-91C7-4963-8248-4656EDBE6A4B"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0897.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ef6b2e2d-73d5-4fdb-8864-08d9a528deb2
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2021 15:35:20.2083 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0833
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/EqffAA7JTRPEeKMthOPRqABUI6s>
Subject: [saag] SACM @ IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 15:35:34 -0000

--Apple-Mail=_08F82479-91C7-4963-8248-4656EDBE6A4B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


SACM met at IETF-112, Tuesday 9-Nov-2021.

* COSWID draft outstanding area review feedback was discussed, new draft =
resolving all remaining issues is promised by 19-Nov.

* Architecture draft was discussed with progress and working happening =
outside IETF at Open Cybersecurity Alliance.

* Way ahead: SACM WG is planning to close ~Jan 2022 per existing =
milestone plans.

Karen and Chris
SACM Chairs






--Apple-Mail=_08F82479-91C7-4963-8248-4656EDBE6A4B
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCC/cw
ggXsMIIE1KADAgECAhEA6/fTJgzoAOMFLzfsLtmFbDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAoTCUludGVybmV0
MjERMA8GA1UECxMISW5Db21tb24xMjAwBgNVBAMTKUluQ29tbW9uIFJTQSBTdGFuZGFyZCBBc3N1
cmFuY2UgQ2xpZW50IENBMB4XDTIxMDkwMTAwMDAwMFoXDTI0MDgzMTIzNTk1OVowgecxDjAMBgNV
BBETBTE1MjEzMSMwIQYDVQQLExpDRVJUIFByb2dyYW0gLSBQZXJzb25hbCBJRDEjMCEGA1UEChMa
Q2FybmVnaWUgTWVsbG9uIFVuaXZlcnNpdHkxGzAZBgNVBAkTEjUwMDAgRm9yYmVzIEF2ZW51ZTEV
MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMQswCQYDVQQGEwJVUzEV
MBMGA1UEAxMMQ2hyaXMgSW5hY2lvMR4wHAYJKoZIhvcNAQkBFg9pbmFjaW9AY2VydC5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW9LNPYn51JKJWbilOZQqiBDLTJXY3JUyp43WF
iQK120DEXL/zMzZHzGyGL3cT5PmfeTPrGGpCYHGtU00IrbvsU5IR7CRS8ZaActYak50Nm5bI4vke
24cK2uRKwBsfHeXCHL5NPWhRRjxciySdJ4gSceEaXGlsWx2QBwIEdO69DgrjT93zQNxgBWXfuBCq
9OQG10/cZ7f6ajKMfV3uogQEWTj0CJ0qhdVmEELyfahiDAv7aDCVthn7+CDizL5li6Vjc4UYa+8u
dxygXuawAiOVlH1Cy7Vpv1DmRvs5GNT9+4FT5ZHZxlgCXohXnPGOC8UWc/e6dgOzRSAVMeir68CJ
AgMBAAGjggHtMIIB6TAfBgNVHSMEGDAWgBR97nHQH+upYW2PZoStDysH4jHbvDAdBgNVHQ4EFgQU
U41WAoKgog04KQ2JpFEfQ6UdSMowDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
BBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMGoGA1UdIARjMGEwXwYNKwYBBAGuIwEEAwMAATBOMEwG
CCsGAQUFBwIBFkBodHRwczovL3d3dy5pbmNvbW1vbi5vcmcvY2VydC9yZXBvc2l0b3J5L2Nwc19z
dGFuZGFyZF9jbGllbnQucGRmMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9jcmwuaW5jb21tb24t
cnNhLm9yZy9JbkNvbW1vblJTQVN0YW5kYXJkQXNzdXJhbmNlQ2xpZW50Q0EuY3JsMIGKBggrBgEF
BQcBAQR+MHwwUAYIKwYBBQUHMAKGRGh0dHA6Ly9jcnQuaW5jb21tb24tcnNhLm9yZy9JbkNvbW1v
blJTQVN0YW5kYXJkQXNzdXJhbmNlQ2xpZW50Q0EuY3J0MCgGCCsGAQUFBzABhhxodHRwOi8vb2Nz
cC5pbmNvbW1vbi1yc2Eub3JnMBoGA1UdEQQTMBGBD2luYWNpb0BjZXJ0Lm9yZzANBgkqhkiG9w0B
AQsFAAOCAQEAWv994AbsdDjjJHbJryl+WeZN5lHoOFy0IM5AzQJhxJSmvjacL9sfXj5o0OR9PzVB
oRz6UWJobCL69Hs3xZ8op91IZDShKfb1GxibOvRKqBw9tgXE8Xci+yFVwAbXA/bTAuC+vaO4GbgG
30JikU53th5SnK+lfzqJGuxUGxi5T1ovcea3A7F1aw2hSmDs7rNDc8WvmACpbGpaAOCR2lD43+0g
VPIO8E7LZrYKr3FCC5UYICTvYogWJyZb6TMvf4bvT2GTYR5OteqQGKOVelKtl0RfJxG9eB8+B4hE
WVXx5sNHOMnP1cL9/yHGzE1nmwJwtRz5zWwhgrkDS9W5kwvvuTCCBgMwggProAMCAQICED+9NPK6
UvwO0wpXo4HhvmQwDQYJKoZIhvcNAQENBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcg
SmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0
MDkxOTAwMDAwMFoXDTI0MDkxODIzNTk1OVowgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNSTES
MBAGA1UEBxMJQW5uIEFyYm9yMRIwEAYDVQQKEwlJbnRlcm5ldDIxETAPBgNVBAsTCEluQ29tbW9u
MTIwMAYDVQQDEylJbkNvbW1vbiBSU0EgU3RhbmRhcmQgQXNzdXJhbmNlIENsaWVudCBDQTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAID+ylt3d8Yf7IL751mKVa3A6p6xB+gmKzYJovEv
TDpZQJyrnPJAKUAlknIpeI+bBmoQfLdkB/8Y/FDbqBggxucRGcYBaEc/2ZLs3TSSuGSfG/XSJtlz
1Eym4CMJbj6d/PqC1eT+pKVGeQBl5T1u6LZOfovh6/RmqnXR24du4RWqHYvyTJyGXvoT5Qxp7IXW
YPiobYhzA5WnwnvS8ZKO+3pjqZGoZrq1/bMt0n/8y4Obi4k0vVddCnWXZoCVvJfRuhoYwWy4fetG
jHVo/bCa+L6z7Vk/MrdxBkBVd3KlLzdJAYArq4ve7NlNir1eX64PMwWVvzQl0WKsNfGWg4vD26cC
AwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBR9
7nHQH+upYW2PZoStDysH4jHbvDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJ
MEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0
aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQu
dXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0
cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQ0FAAOCAgEAdtOnxJK15L21ll2tmbfV
StSZ/45E30VSTkN7in1pPNM8jKYh6X3RhWS2sgW45/05mYSrgmvFe9yUrVTwZqPphjLPcRmxqULB
Fi1tJj5Kyo5SYwX1C31yfIMirJ10eQnwg0JYijIMWN4xPRxsl1TTcgloyu6NbEALVDAFb281ZD7x
y2l8Antz5VSa7j2v6bt77LSCUEJK4C7Ym6eiSulXAg3zk2N/k4h2F5E4ry3LC3f0FPOTbWHy3YQt
SPAYDJ9EfGTJZoneaKpo6UAWKkTLMZyIqmpP2NKcq280GIjGKt/e1KYQaleX4U6RpAkOTWGxxiB3
0NSRXnIDmLchCVFDZCBVUfPJH98J+UwwX9yzIw3nOCmjV6Wb+FSCmBVnQG7gwLXj6GuA7hsnzMtq
LP3Ww8Z7dyyqF3EuUqj6Q7utW5utfcotyZphypT+5P+phFCgEMW1rhjhRLjKAxks56sWGVcw5Vhu
9diWT+IGM+oi1FQQskyNmBujqF8cUMOAS8ZjKaOzAozIh91yS9TuhOVacSaJSt64uDWlQe7h+GCm
jXze/fW8heXJo0tpv/BKdmajibmDiWld2bGfotmCIPmR69mzLseVcPafkuxIkLusGRMuCjJFzWCq
jWbsIxbkl1HFPrN03dS4N4hh2Y7XW6CWLXlOeQR9Zln0p5DeCuOSHnMxggOgMIIDnAIBATCBnzCB
iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAoT
CUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xMjAwBgNVBAMTKUluQ29tbW9uIFJTQSBTdGFu
ZGFyZCBBc3N1cmFuY2UgQ2xpZW50IENBAhEA6/fTJgzoAOMFLzfsLtmFbDANBglghkgBZQMEAgEF
AKCCAdEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjExMTExMTUz
NTE5WjAvBgkqhkiG9w0BCQQxIgQgTY3Gv6IgzbvQF+YI7utMzXY3fhT64Cw14eImiUNPpkAwgbAG
CSsGAQQBgjcQBDGBojCBnzCBiTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlB
bm4gQXJib3IxEjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xMjAwBgNVBAMT
KUluQ29tbW9uIFJTQSBTdGFuZGFyZCBBc3N1cmFuY2UgQ2xpZW50IENBAhEA6/fTJgzoAOMFLzfs
LtmFbDCBsgYLKoZIhvcNAQkQAgsxgaKggZ8wgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNSTES
MBAGA1UEBxMJQW5uIEFyYm9yMRIwEAYDVQQKEwlJbnRlcm5ldDIxETAPBgNVBAsTCEluQ29tbW9u
MTIwMAYDVQQDEylJbkNvbW1vbiBSU0EgU3RhbmRhcmQgQXNzdXJhbmNlIENsaWVudCBDQQIRAOv3
0yYM6ADjBS837C7ZhWwwDQYJKoZIhvcNAQELBQAEggEAF2E6bSq07SLJAAAScBvi45qhCiZFTpx1
/XG6hUBM2vGZ0yfBGmE5jMLVNyGnmsdhHX7Bx0BEvb0zm5ncylFKHREWfeRchHFz3yTqdaqVzVfJ
KdbjjYf5IlS4Ac5hsGtJl2Md4t6SCvJsEDanqpnlb3Q0ARa53abqX4Q9ZCkmZmBuxFCC7baY/5hb
SdEvKoz5IYWIbrN7qhnj2uARlCLipTINxVk7mNAlSqEpY67yH8rCbVW7xwUCY/GhUe8nyg40C4xg
FgDhcIjW+dzdZ1EW/2g76TvXHXzfX53DFEgE270dAjPCAOdohYzQg7nAql4G/hD1HFAR6OdEzihb
ZKcFtgAAAAAAAA==

--Apple-Mail=_08F82479-91C7-4963-8248-4656EDBE6A4B--


From nobody Thu Nov 11 07:58:13 2021
Return-Path: <sean@sn3rd.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D14C83A0743 for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:58:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVFAY5KvAhd1 for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 07:58:03 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BB9A3A0A70 for <saag@ietf.org>; Thu, 11 Nov 2021 07:58:03 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id l8so5715533qtk.6 for <saag@ietf.org>; Thu, 11 Nov 2021 07:58:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=sMbOjXDWVJA4zeIsn/a53CzjWWS6RA6iVxu0ejF3U7E=; b=Lth9HE4qu0O/gOoOKd5cnV8l5Xs4HMsGdDpC3cCV++gyOVl6E8rAFjb+8sx3vaH/wV GYxQ58KtXNHDXine8rb/N6lLPjtEDkePUWa6r/6Y3chNZn1nhjC8ko5Nrn5666XB6eWB c8gRUAkfRpA7cIFbk6QxLnYkrB5xTprhG/+BI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=sMbOjXDWVJA4zeIsn/a53CzjWWS6RA6iVxu0ejF3U7E=; b=MRlXl7DFPCoMlDo3DIh0vSq/cNV9ho2dySTwyVSzCJGu/TElwKhz/DrPoDerIuUlYw u3qG5wVXdTCjRO01kyj1MV3qIwRbJR7+06m/gAH6MWH7XwkAPaPbTtX0cftqRAOuRRav LbAo00URdRuINobDKyoaWchx6BSOl+7336O4fA7yChRzT/X9zxWje04aDJElP5E7+eXD VtOMsbr0DW5VtiE/dCwACDH7nyCTqUcw0g3EbUoq+E2mradeuXmRGpkYUHU8mOstZRUE pG2VGn8LMZuHsfeX6HBvLKNouc60XtHFUp0FVFZzeRuWSTJp/cBAZ4jdRb2C4nzhZrlq mpYw==
X-Gm-Message-State: AOAM530RE4rh5nYuolkP21PLqEApmghXwUCYI41PTGZu2wKsJ3SKRLXw 8SCz9Z168bgRCUkbNO/VhAPa/HfFRNbfOQ==
X-Google-Smtp-Source: ABdhPJwDva+yy0/GCe12+sqaEIeyWAQX86xxSIHzyrtY0xzCWoQl6+gCHVRGio6AbSSys0H98EM3LQ==
X-Received: by 2002:a05:622a:88:: with SMTP id o8mr8407370qtw.41.1636646280851;  Thu, 11 Nov 2021 07:58:00 -0800 (PST)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id q185sm1483938qke.64.2021.11.11.07.58.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Nov 2021 07:58:00 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-Id: <332D77A2-F389-430F-83AB-B5537E09D4C3@sn3rd.com>
Date: Thu, 11 Nov 2021 10:57:59 -0500
Cc: MLS List <mls@ietf.org>
To: IETF SAAG <saag@ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/xVGAuIgsftyt3fN_SBzAvvS2Wng>
Subject: [saag] mls@ietf112: saag report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 15:58:08 -0000

MLS did not meet at IETF112, but there was a virtual interim on =
2021-10-04. At that meeting we discussed a number of PRs and open issues =
related to -mls-protocol. The -12 version was published to the list. We =
expect that a WGLC for this I-D to happen in December.

The -mls-architecture I-D still needs reviews.

As a reminder, the MLS GitHub repos for the I-Ds can be found here:
https://github.com/mlswg/

Cheers,
spt=


From nobody Thu Nov 11 08:07:42 2021
Return-Path: <weiler@w3.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3441B3A0AD1 for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 08:07:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level: 
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tB9GIkp2fut5 for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 08:07:37 -0800 (PST)
Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by ietfa.amsl.com (Postfix) with ESMTP id BAD133A0AB5 for <saag@ietf.org>; Thu, 11 Nov 2021 08:07:37 -0800 (PST)
Received: from sams-2020-air (unknown [73.238.229.70]) by cyrus.watson.org (Postfix) with ESMTPSA id 78A629139B for <saag@ietf.org>; Thu, 11 Nov 2021 16:07:36 +0000 (UTC)
Date: Thu, 11 Nov 2021 11:07:36 -0500 (EST)
From: Samuel Weiler <weiler@w3.org>
To: Security Area Advisory Group <saag@ietf.org>
Message-ID: <2361e57b-59b6-56a6-3e1-d9c03a222fc@watson.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_20PU80TuBD4pg6kIuNrcHlM46A>
Subject: [saag] W3C Update for IETF112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 16:07:40 -0000

W3C has several new Community Groups (CGs) which are open to all - no 
W3C membership needed.

Two are focused on problems that are made more challenging by the 
demise of 3rd party cookies:

Federated Identity Community Group
https://www.w3.org/community/fed-id/

Anti Fraud Community Group
https://www.w3.org/community/antifraud/
Minutes of breakout meeting (think "BOF"): 
https://github.com/WICG/trust-token-api/blob/main/meetings/tpac2021-antifraud-breakout.md

We also have a new Private Advertising Technology Community Group 
looking at technologies that support advertising while acting in the 
interests of users, using technical - not legal or policy - 
mechanisms to provide strong privacy assurances.
https://www.w3.org/community/patcg/
Minutes of first meeting:
https://www.w3.org/2021/10/29-patcg-minutes.html

And we have a Privacy Community Group working on storage partitioning 
and similar broader privacy measures:
https://www.w3.org/community/privacycg/
(n.b. some work is migrating from this group to the new Private 
Advertising Technology CG)

As above, all of these are open to the entire community, with no W3C 
membership needed.

The Web Applications Security WG (WebAppSec) continues to make 
progress on site isolation primitives such as COEP and COOP.
https://www.w3.org/2011/webappsec/

I am also looking for additional security reviewers for W3C specs, 
similar to the work done by the IETF's SecDir.  If you would like to 
occasionally review a spec, please send me a note.

-- Sam


From nobody Thu Nov 11 08:09:53 2021
Return-Path: <jari.arkko@piuha.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8463A0B7D for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 08:09:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.103
X-Spam-Level: 
X-Spam-Status: No, score=-1.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9l--T3iqgNe for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 08:09:46 -0800 (PST)
Received: from p130.piuha.net (unknown [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id BD46A3A03F3 for <saag@ietf.org>; Thu, 11 Nov 2021 08:09:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 0DFA46601FE for <saag@ietf.org>; Thu, 11 Nov 2021 18:09:40 +0200 (EET)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jf2xpjR0QL1 for <saag@ietf.org>; Thu, 11 Nov 2021 18:09:38 +0200 (EET)
Received: from smtpclient.apple (unknown [193.234.219.226]) by p130.piuha.net (Postfix) with ESMTPS id 35C286601E2 for <saag@ietf.org>; Thu, 11 Nov 2021 18:09:38 +0200 (EET)
From: Jari Arkko <jari.arkko@piuha.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8F7D10EA-338E-474D-B4A5-F43D199BDC4C"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-Id: <60834829-F3E8-4C2C-ACBA-BD29F4909787@piuha.net>
Date: Thu, 11 Nov 2021 18:08:37 +0200
To: saag@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ako4eNGoRRhWCmwug73kWEiRw5g>
Subject: [saag] IETF-112 Model-T report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 16:09:51 -0000

--Apple-Mail=_8F7D10EA-338E-474D-B4A5-F43D199BDC4C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Model T IAB program did not meet at this IETF, but we are planning a =
meeting. Current proposal is Thursday December 2nd, but the date =
selection is still being discussed.

Unfortunately, the group has not made much progress, due to the =
leadership (me) not organising meetings in 2021, and due to the perhaps =
difficult scope selection in beginning. The situation was discussed in =
previous IABOPEN session meeting in the summer, the IAB also discussed =
it subsequently. We have an ongoing discussion on the list to discuss =
what would make sense to do. My personal wish is that the we should =
rather not focus on RFC 3552 revision but rather document some =
principles that can be published in an IAB RFC. Martin Thomsom=E2=80=99s =
draft on intermediaries is one candidate for taking forward.

More information in the thread that starts here.

=
https://mailarchive.ietf.org/arch/msg/model-t/EottyUUoohN3BcXT9ltdUnL7FOg/=
 =
<https://mailarchive.ietf.org/arch/msg/model-t/EottyUUoohN3BcXT9ltdUnL7FOg=
/>

There is also a dozen or so documents, including some recent ones. They =
can be found here:

https://datatracker.ietf.org/group/model-t/documents/ =
<https://datatracker.ietf.org/group/model-t/documents/>

Jari


--Apple-Mail=_8F7D10EA-338E-474D-B4A5-F43D199BDC4C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div =
class=3D"">Model T IAB program did not meet at this IETF, but we are =
planning a meeting. Current proposal is Thursday December 2nd, but the =
date selection is still being discussed.</div><div class=3D""><br =
class=3D""></div><div class=3D""><div class=3D"">Unfortunately, the =
group has not made much progress, due to the leadership (me) not =
organising meetings in 2021, and due to the perhaps difficult scope =
selection in beginning. The situation was discussed in previous IABOPEN =
session meeting in the summer, the IAB also discussed it subsequently. =
We have an ongoing discussion on the list to discuss what would make =
sense to do. My personal wish is that the we should rather not focus on =
RFC 3552 revision but rather document some principles that can be =
published in an IAB RFC. Martin Thomsom=E2=80=99s draft on =
intermediaries is one candidate for taking forward.</div></div><div =
class=3D""><br class=3D""></div>More information in the thread that =
starts here.<div class=3D""><br class=3D""></div><div class=3D""><a =
href=3D"https://mailarchive.ietf.org/arch/msg/model-t/EottyUUoohN3BcXT9ltd=
UnL7FOg/" =
class=3D"">https://mailarchive.ietf.org/arch/msg/model-t/EottyUUoohN3BcXT9=
ltdUnL7FOg/</a></div><div class=3D""><br class=3D""></div><div =
class=3D"">There is also a dozen or so documents, including some recent =
ones. They can be found here:</div><div class=3D""><br =
class=3D""></div><div class=3D""><a =
href=3D"https://datatracker.ietf.org/group/model-t/documents/" =
class=3D"">https://datatracker.ietf.org/group/model-t/documents/</a></div>=
<div class=3D""><br class=3D""></div><div class=3D"">Jari</div><div =
class=3D""><br class=3D""></div></body></html>=

--Apple-Mail=_8F7D10EA-338E-474D-B4A5-F43D199BDC4C--


From nobody Thu Nov 11 09:08:54 2021
Return-Path: <shivankaul.1993@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CAB53A0E2A for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 09:08:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level: 
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GmSYrPnRBdKa for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 09:08:45 -0800 (PST)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A54C03A0DFB for <saag@ietf.org>; Thu, 11 Nov 2021 09:08:40 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id x15so26846826edv.1 for <saag@ietf.org>; Thu, 11 Nov 2021 09:08:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:from:date:message-id:subject:to; bh=D/VcJbdJkCD2EqJWd7oth/atR4Wwo7xKzVy3nwZkny8=; b=Clde73QV4gi5xgz5B10tKkd8xLUcZBj+FvJlCbhfLdg8oE5OA/wXpHrD3M6U7mreHQ cH9AL8tVTqplTwhWjUfL2j1/KJ9VREgCuyPV4+QpYRa3e6yjrUolW39Cm8g8T6+88F4q SkXfayIEW0IP/K99Yp9WFZhpqLzdFATVNd3ODTpowMx6sNU+G4Eg9oG1W5gyGGchWheM rXnJO2SUUB+FAuEnPGpmf+As8M+M+neCG6pg7yBsLQXxdNoDXDqq83GyYmIAbtYD6Of2 XF69v+AR+gqywN/KV0fEtBna8o3hgsuxJ1MoGLwF+O/DvPqAjpCAzjTHxsUxd5Kk5Mj7 6pKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=D/VcJbdJkCD2EqJWd7oth/atR4Wwo7xKzVy3nwZkny8=; b=zb/wg/tcb/3vkUgqPXQmv5MqcmWw7wRwgZ6BvD+1+l4RHkSf8bc1hiQOgU9SKvJDT3 hHvjLFlRFVSbDMpFBih9HxmktHWpdERyJSg73D6TImRjPYNK7vTaYD1l3hCf5E88xujp R8BVfbUIUs1kcVvBWzVZnoTjBoLkNqmhBkiQmj9vX0KvE4X1DhfMoM34qyq/knvGA15J 2awIeYFiNx+817jVakDYma7I11LiK2CIIOvOfl6fTuQOuP4HAvY1z9msTmaFzwXLbMfR eZ4sNxXqWNebw3R8Rny9lQF2AJrnU4cYaGx0Xw7UBoPmQuMZlzceGJM6dvuE6wqWWdw9 fg/A==
X-Gm-Message-State: AOAM5313Wq1PSIK2w7u1dsiRsyq6kPoTqYtc6haYAlH6fcisyQ9Dcy2f OK+lRlsl5miFBVHajIRxrTjBtoESf39+K3fumB7YSkzNNF8v/A==
X-Google-Smtp-Source: ABdhPJzxvKn7ehV1SJQmL4i1y0ffSOpbLDpxsw3KgrbfzsR+4vQU0ToORr+XP1XMvGJICf9TNsli0gg8Pk0vaFZqJy8=
X-Received: by 2002:a17:907:72c7:: with SMTP id du7mr11349229ejc.424.1636650517865;  Thu, 11 Nov 2021 09:08:37 -0800 (PST)
MIME-Version: 1.0
From: Shivan Kaul Sahib <shivankaulsahib@gmail.com>
Date: Thu, 11 Nov 2021 09:08:01 -0800
Message-ID: <CAG3f7MiY_L2X5PO3SrW3LTFMPHdYmpDKzFKNmmvDT3NnFhFYnQ@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bd29b305d08664f9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/-PM1Z4gVJU1iZl-uo57qj8B2Reo>
Subject: [saag] OHAI report for IETF 112
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 17:08:52 -0000

--000000000000bd29b305d08664f9
Content-Type: text/plain; charset="UTF-8"

OHAI had its first WG meeting at this IETF. draft-thomson-ohai-ohttp was
presented and there was consensus to adopt, which the chairs have issued a
call for on the mailing list:
https://mailarchive.ietf.org/arch/msg/ohai/Bf-KD4TPrxTfnAMu6fOuwSYJfcw/.

The HTTP WG has also issued a call for
adoption for draft-thomson-http-binary-message which is a dependency:
https://lists.w3.org/Archives/Public/ietf-http-wg/2021OctDec/0114.html

The rest of the time was spent discussing open issues on
https://github.com/unicorn-wg/oblivious-http/issues.

Thanks,
Shivan

--000000000000bd29b305d08664f9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#333333">OHAI had its first WG mee=
ting at this IETF. draft-thomson-ohai-ohttp was presented and there was con=
sensus=C2=A0to adopt, which=C2=A0the chairs have issued a call for on the m=
ailing list:=C2=A0<a href=3D"https://mailarchive.ietf.org/arch/msg/ohai/Bf-=
KD4TPrxTfnAMu6fOuwSYJfcw/">https://mailarchive.ietf.org/arch/msg/ohai/Bf-KD=
4TPrxTfnAMu6fOuwSYJfcw/</a>.=C2=A0</div><div class=3D"gmail_default" style=
=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#333333"><=
br></div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,=
sans-serif;font-size:small;color:#333333">The HTTP WG has also issued=C2=A0=
a call for adoption=C2=A0for=C2=A0draft-thomson-http-binary-message which i=
s a dependency:=C2=A0<a href=3D"https://lists.w3.org/Archives/Public/ietf-h=
ttp-wg/2021OctDec/0114.html">https://lists.w3.org/Archives/Public/ietf-http=
-wg/2021OctDec/0114.html</a></div><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif;font-size:small;color:#333333"><br></di=
v><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-se=
rif;font-size:small;color:#333333">The rest of the time was spent discussin=
g open issues on=C2=A0<a href=3D"https://github.com/unicorn-wg/oblivious-ht=
tp/issues">https://github.com/unicorn-wg/oblivious-http/issues</a>.</div><d=
iv class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;=
font-size:small;color:#333333"><br></div><div class=3D"gmail_default" style=
=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#333333">T=
hanks,</div><div class=3D"gmail_default" style=3D"font-family:arial,helveti=
ca,sans-serif;font-size:small;color:#333333">Shivan=C2=A0</div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-siz=
e:small;color:#333333"><br></div></div>

--000000000000bd29b305d08664f9--


From nobody Thu Nov 11 11:26:44 2021
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E326D3A0BDE for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 11:26:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level: 
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOSu4LBHo_tB for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 11:26:37 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80083.outbound.protection.outlook.com [40.107.8.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658EA3A0BD6 for <saag@ietf.org>; Thu, 11 Nov 2021 11:26:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=myL0ymP+jdo+KtBumsxbVlZS8T0bDYhjdEHuh0hynAwoj6QgInAkbzAIOicUyMq5sSJBg9iG5pA9fXpph3CtcqFPWtfSTmA27qIVfQxwHM67XyGf5brse7gnei4cA4wlKkEd4gRtbbEzvVqoGBFoDOOTTygR9pTrmVRtT4meLqhZPRtjEirDOtimFoNJy6Vhn/SBWA+xwRJecv+5eQpReU6neQLbOvSU025qoRR8fzSQGFKM57jpajRWGzbboc5GpYgNB3H/dEpqGBj9h84lRtCVs2yOEqK8C9lgZ/YuxytfbPVWTSF1cBBhmJ9ofzyvYPhxWhcdng/3SNwLKBWI1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ut8LEGKUR5clKH6fRtXVYd2TVTCqhIhqOCYRoMGz01g=; b=Ic3PfPEvVYMEK/DBVInL6fJVeuFvYNvEbchmK3FMcFPcl/NLXpkEv19V7CqvpjwOYQLzegfdrKXmGsSKt451easXxu7dw3R6cWGV6vQlGrWMwdk7/xJPG+xIwVpxGcdZTIZFF1uY7y5l5ClCfSNkWTwNnEu6SPaTbK7mwX53FrxbS81mi6Qvpt8qIjkyRffCvqmLOpfVBx7z670op4RPzfkVSJqXvlXIydsTABu9P0WOU6XTf93yARPVE3mgXm+Z8RnzTgirUqJldRpMYR31iqJzHkxIPjN/ScLfXkodUf3KmlVk0bEKUU/9m0+iRos5hTfIB9UyQB33GBk1YRZ9ng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ut8LEGKUR5clKH6fRtXVYd2TVTCqhIhqOCYRoMGz01g=; b=dLlwZjhINjsiXoteZDQzAkJlkCECHj/zGfeQLozI18KmBQlCMJuJR2N5acQwq4HWDC6vVNzsF6Vs5LYuj0XeYqoUpG/W7G+BJjxOrW7msyRjIc7ZjH/Lmyu8R5ygZ+S5pmYMCWXpGfVUq9wNjy7CZFseSA++TP3VSUdbBH8bmoo=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR0701MB2204.eurprd07.prod.outlook.com (2603:10a6:3:2c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.8; Thu, 11 Nov 2021 19:26:34 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::acd7:51e8:bdfe:c133]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::acd7:51e8:bdfe:c133%7]) with mapi id 15.20.4690.022; Thu, 11 Nov 2021 19:26:34 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>, Benjamin Kaduk <kaduk@mit.edu>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Perfect Forward Secrecy vs Forward Secrecy
Thread-Index: AQHV/TKso06RfdooQkCEChEDnwyrYahOjM+AgAbbCwCAARbGAIOr6ek1
Date: Thu, 11 Nov 2021 19:26:33 +0000
Message-ID: <HE1PR0701MB3050B68DC4D7481382DCC4EA89949@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <7231a98e-e4a2-55c9-3a51-d62886d7d061@htt-consult.com> <BAFBB844-0AB4-41A5-9A15-B9CED6F6602C@icloud.com> <20200323011940.GI50174@kduck.mit.edu> <117849db-3b7a-d0ec-ccf7-7315e935a13b@htt-consult.com>
In-Reply-To: <117849db-3b7a-d0ec-ccf7-7315e935a13b@htt-consult.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 14b26e12-cc8e-43c5-5040-08d9a5492c16
x-ms-traffictypediagnostic: HE1PR0701MB2204:
x-microsoft-antispam-prvs: <HE1PR0701MB2204F88D9273D7E39046A27289949@HE1PR0701MB2204.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7Dk+ymnZGDaWwXWosy9s9GCCSuOpyhQk6p9ntmi4PE8+b8OI7OnjGkSQiEx1+G47ASDxWHggwnbYvdknPAVTiLPtkcBYTVbuVnUZ+0pIO3fwq8cvvfuHgoqDNS7iBReGEmQKPdgWkDeVZI6J6s2xKMMCt43J/nA5ehbmzxaDrY+ig+ye3ERQj/PKunfYJIckDsLxB1QL0vA1KbgHUnYNp7XsnxekeeUdPBdLkDHvItOFxaRMDIprr2GVJs9eJkeJzel5o36juLtGZssQFzY4o2X5wvLbGtVIWAZijX+xt1wkJkLB0zNggztNkvym6CdCw5UHGyxWNjXqmK9NY5qI1SbmyZduC/0Q12svLD87Ul13cniMTbTLqRjbyCgUHM1XuvODtv35UtOwdahrtTHSp+SUv4z8YMqEygHJpOuVUst3zZmQIAHXz4zLc8NmIOCaxwh/E9kjM6UFtkbJWmNLQCEte5EcoiloFaLOC8NzuufFOzuoeUhRrcIH/Dgq0W3QGRaBaKBNnWsQ4Zsn8KytLpPB63OSG17AP/J+BPOCd/fIi0X4Ciengv7HaH71ieuVNFdkfqVmKooXUU7rpp4a6Mt+TgFY2W59mz406Ibtk2aoz0sF+1tZeSUC24rP+AeJ14oc5WeMqSDqzIgzpZQFC7PAzmxAM6zTFSjU/kT9r/dhPRFi6beYfLScYyV0n0AZD646w6ICfiMZFBfIHw6hk92VZVpCQ5/yslkYf/UKjSp3qTQS5vVqYIT5x9n32z8mynUXa5sSNCcYAxvMxexM3QaPMKHGRiPHsaJLpLQyO76UO7cEjd5gdySN4S5LQik5
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE;  SFS:(4636009)(366004)(53546011)(186003)(66476007)(33656002)(66556008)(26005)(8936002)(66446008)(8676002)(38070700005)(82960400001)(64756008)(44832011)(6506007)(91956017)(55016002)(2906002)(316002)(110136005)(508600001)(9686003)(86362001)(76116006)(52536014)(166002)(38100700002)(7696005)(71200400001)(66946007)(5660300002)(83380400001)(966005)(122000001)(554374003); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?QVRQefhZXjZemriiQst/o2m1DQ0QtnkazIPh6lwgFZpO6pTHVTS6+TFhSdCB?= =?us-ascii?Q?BgjVAnFi1flS6vVDC8CGGAf4wSVICDV+mp5wHU3D5FMn5CeeOsdyt/bMH1e+?= =?us-ascii?Q?6IJjXbl9oRmlI6IAxLBaf8RUDoC2/3gbjAfomr67KlH8b2fQjVW/aAMXPPBP?= =?us-ascii?Q?Q+Bn1MmneCt5u72Swip/5Ooetyf/YmbCHVdvfLRa36ZXMhacomLh7Fk7v0ur?= =?us-ascii?Q?V2NWE3D26tQNtBrXLwpLcun5j2Sbm2xUxAd6vsPJYC5xgoOUVNYXoaVWI4TI?= =?us-ascii?Q?NfB9P8d1b2rvEssFrPyiXSIKQJSWelPUAm+SvmDgAebeZBbWjI2rs0EKOPwe?= =?us-ascii?Q?M1epMN/e/JFzT3cd3az/XdYvEhPAzZmofTrRZykE/Ne5JU/U+3pGRrllWlQ9?= =?us-ascii?Q?pqV0N4Ph196E/kO5O+FA1VzQnA6RTEg4ofNqkaNj18YwRGaIhmXtv2+uGk52?= =?us-ascii?Q?9Av01J/Rb/kniS2ExvgZkgMYa8rcwelJ1LEm6EsWX6p8iOG4iirFhnjirvuf?= =?us-ascii?Q?rGH/dDp2qz671QT1uLpu2Jefk4zurNsqM3ZQJUrR0Ici+PZi6bCFxsp1VmLx?= =?us-ascii?Q?58BGIL3glpi1ZZ4k1l3cFuT6vfg6mjW7ToMwmJdlalJHZinRcPjOzIhjLbZ7?= =?us-ascii?Q?O0IvwyQo8u/tEF2jibXtX8gPIrj1CpXK89MajiRzi1pifSE3iXBuXvso/bOS?= =?us-ascii?Q?srULGzLO8uKHkgDb9tC5TcFOMmfRvi46kS+31ev07+OjFyfU9Srh+hQY1xIE?= =?us-ascii?Q?pVQd4nDfrNSTkYJZ/5H6mDsucpEM+lZFwDOGaQjWiPSHV5op2fgwCM8Yp1d+?= =?us-ascii?Q?0JFPgrD0nRZ82dJOF3+a4tfHh90uwRQFuKOA7unWHU3I7FNxa3cg8V9dSj3K?= =?us-ascii?Q?Apyqpmc0ZinfYhgmaGZWFDEWRsirmPltOx8lUMUxdcUjZ9gn3hxK0SPUA6+j?= =?us-ascii?Q?OT2Dnj/kv5zmP8B3iv5QNzEMXvz0gLzdaPCY7KsQyAKdqpLL998iSPuNhjPd?= =?us-ascii?Q?oavWnZg6RtlfcJD1WcCmw8nul0fn753e/da8hmCvjHhtvzoCWb9y19BFh5cp?= =?us-ascii?Q?JavmciBLmKxKL9qPegC9+nfUgGVq/abMPxn1jC7cukiPiEllclKQQaG212Kr?= =?us-ascii?Q?2XtzfygO72OF3EjubiZpvF0j1+FqjObaCAVpYG1jurvbtgSUR5ny8ykOxFgg?= =?us-ascii?Q?Hp5WBemI/8rHefvBfn3KGsHEsr6Tux9RpDuQCjwGtMchOaBMWBqO4iPSdU7b?= =?us-ascii?Q?In6M6q6TQXrY/+AX1E58vccZb25pdACSLOXFC3s/rCCWIFkY9PnUX/PFJ7tn?= =?us-ascii?Q?aYGRJwiq6dm9DSSeGhk4+Otzep93S9xO34CHoNtwyzp1u14Xp6ZJeeqGXL4Q?= =?us-ascii?Q?KXdo18va4RK5Aq4aMsc5H73dkMAgsY6YiAXaJTj9xPHlT9D9Ll/T16qfJD97?= =?us-ascii?Q?gO3xeTeW/jkHJDzCsjj8QqqHamVgnPA/qExFPuXbpkpXHliDe5nVUgd2fqwv?= =?us-ascii?Q?ACxj4eW3IJq8zBl+lkJQuL2oZQanIA2nvnw3dGTdHLtVCCTMxoNOHgb4Xl33?= =?us-ascii?Q?IFm92TdoZFGa693X0kph5Hmjh6XdA7H4ohXPzaSykypRuOz6yzggC2AiQl2J?= =?us-ascii?Q?o/IwEbO/EniMnOcHMCoDUM1RPRfkBmb912EynRozvzlrsMzsa2SDn8JmXwlY?= =?us-ascii?Q?Jpi61k/l68a2Lu/ZAOf0pz/veyM=3D?=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050B68DC4D7481382DCC4EA89949HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14b26e12-cc8e-43c5-5040-08d9a5492c16
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2021 19:26:33.7312 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4fyMHDvQkDUnUhTh7Xm4I+z3bM2i+vKvMvJzTbMaRcPxXKlrESyEiehO8yPJatexhwN62JpYyWgQe2eTA9HnS0MEc9oCoFicXtPzapRYL9k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2204
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/6ImeENhteXGdLsnaJHRoN6LW1zk>
Subject: Re: [saag] Perfect Forward Secrecy vs Forward Secrecy
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 19:26:43 -0000

--_000_HE1PR0701MB3050B68DC4D7481382DCC4EA89949HE1PR0701MB3050_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

I see that I am six months late to this discussion.

I agree that it is good to stop using the term PFS. PFS have been used in s=
o many different meanings that you basically need to define the term if you=
 want to use it. The term "forward secrecy" is less muddled.

But as PFS has been used to mean so many different things, I think it is pr=
oblematic and dangerous to just say that we shall now use the term "forward=
 secrecy" instead of PFS.

Examples from the discussion in RFC 4949:

"given some of the session keys derived from those protocol
  runs, you cannot derive unknown past session keys or future
  session keys."

"There also is the idea that compromise of a single key will
  compromise only the data protected by the single key."

PFS is quite often used to mean frequently rerunning Diffie-Hellman:

NIST SP 800-77r1 (2020):

  "Perfect Forward Secrecy (PFS). IPsec endpoints create session
    keys that are changed frequently, typically once an hour."

ANSSI DAT-NT-003-EN (2015):

"It is recommended to force the periodic renewal of the keys,
   e.g. every hour and every 100 GB of data, in order to limit the
   impact of a key compromise.

The property "forward secrecy" does not imply that an attacker has to do "d=
ynamic key exfiltration" [RFC 7624]. If symmetric cryptography is used to a=
chieve "forward secrecy" an attacker can still do "static key exfiltration"=
 [RFC 7624].

Frequently rerunning Diffie-Hellman forces an attacker to do "dynamic key e=
xfiltration" (or content exfiltration). Every protocol does not need to enf=
orce "dynamic key exfiltration" by itself but I think most systems should, =
unless they are constrained IoT where rerunning Diffie-Hellman every few ho=
urs is not realistic.

It is sad to see that RFC 7624 has so few citations. I think it is an excel=
lent and very useful document, especially the discussion and definition of =
various types of key exfiltration. I think most work in the security area s=
hould consider if an attacker can get away with static key exfiltration and=
 if it is possible to add mechanisms or guidance to force attackers to do d=
ynamic key exfiltration.

Cheers,
John

From: saag <saag-bounces@ietf.org> on behalf of Robert Moskowitz <rgm-sec@h=
tt-consult.com>
Date: Monday, 23 March 2020 at 19:01
To: Benjamin Kaduk <kaduk@mit.edu>, saag@ietf.org <saag@ietf.org>
Subject: Re: [saag] Perfect Forward Secrecy vs Forward Secrecy


On 3/22/20 9:19 PM, Benjamin Kaduk wrote:
> On Wed, Mar 18, 2020 at 09:38:07AM -0700, Jon Callas wrote:
>> We don't do "perfect" security in our fundamentals, because, as the unna=
med AD said, it's hard to achieve.
> For what little it's worth, the AD doesn't have to be unnamed; I'm happy =
to
> own up to making the request of Bob.  I just haven't gotten fully caught =
up
> on mail yet.

And draft 17 reflects this view of Forward Secrecy.

Thanks, Ben.


_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

--_000_HE1PR0701MB3050B68DC4D7481382DCC4EA89949HE1PR0701MB3050_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"en-SE" link=3D"blue" vlink=3D"purple" style=3D"word-wrap:brea=
k-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US">Hi,</span><span lang=3D"EN-US" =
style=3D"font-size:12.0pt"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I see that I am six months late=
 to this discussion.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I agree that it is good to stop=
 using the term PFS. PFS have been used in so many different meanings that =
you basically need to define the term if you want to use it. The term &quot=
;forward secrecy&quot; is less muddled.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">But as PFS has been used to mea=
n so many different things, I think it is problematic and dangerous to just=
 say that we shall now use the term &quot;forward secrecy&quot; instead of =
PFS.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Examples from the discussion in=
 RFC 4949:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;given some of the session=
 keys derived from those protocol<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp; runs, you cannot derive =
unknown past session keys or future<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp; session keys.&quot;<o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;There also is the idea th=
at compromise of a single key will<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp; compromise only the data=
 protected by the single key.&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">PFS is quite often used to mean=
 frequently rerunning Diffie-Hellman:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">NIST SP 800-77r1 (2020):<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp; &quot;Perfect Forward Se=
crecy (PFS). IPsec endpoints create session<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp;&nbsp;&nbsp; keys that ar=
e changed frequently, typically once an hour.&quot;
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">ANSSI DAT-NT-003-EN (2015):<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;It is recommended to forc=
e the periodic renewal of the keys,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp;&nbsp; e.g. every hour an=
d every 100 GB of data, in order to limit the<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&nbsp;&nbsp; impact of a key co=
mpromise.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">The property &quot;forward secr=
ecy&quot; does not imply that an attacker has to do &quot;dynamic key exfil=
tration&quot; [RFC 7624]. If symmetric cryptography is used to achieve &quo=
t;forward secrecy&quot; an attacker can still do &quot;static key exfiltrat=
ion&quot;
 [RFC 7624].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Frequently rerunning Diffie-Hel=
lman forces an attacker to do &quot;dynamic key exfiltration&quot; (or cont=
ent exfiltration). Every protocol does not need to enforce &quot;dynamic ke=
y exfiltration&quot; by itself but I think most systems
 should, unless they are constrained IoT where rerunning Diffie-Hellman eve=
ry few hours is not realistic.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">It is sad to see that RFC 7624 =
has so few citations. I think it is an excellent and very useful document, =
especially the discussion and definition of various types of key exfiltrati=
on. I think most work in the security
 area should consider if an attacker can get away with static key exfiltrat=
ion and if it is possible to add mechanisms or guidance to force attackers =
to do dynamic key exfiltration.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Co=
urier New&quot;"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Cheers,</span><span lang=3D"EN-=
US" style=3D"font-size:12.0pt;mso-fareast-language:EN-US"><o:p></o:p></span=
></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">John<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-fareast-language:EN-US"><o:p>&nbs=
p;</o:p></span></p>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:0cm;margin-right:0cm;mar=
gin-bottom:12.0pt;margin-left:36.0pt">
<b><span style=3D"font-size:12.0pt;color:black">From: </span></b><span styl=
e=3D"font-size:12.0pt;color:black">saag &lt;saag-bounces@ietf.org&gt; on be=
half of Robert Moskowitz &lt;rgm-sec@htt-consult.com&gt;<br>
<b>Date: </b>Monday, 23 March 2020 at 19:01<br>
<b>To: </b>Benjamin Kaduk &lt;kaduk@mit.edu&gt;, saag@ietf.org &lt;saag@iet=
f.org&gt;<br>
<b>Subject: </b>Re: [saag] Perfect Forward Secrecy vs Forward Secrecy<o:p><=
/o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal" style=3D"margin-left:36.0pt"><br>
<br>
On 3/22/20 9:19 PM, Benjamin Kaduk wrote:<br>
&gt; On Wed, Mar 18, 2020 at 09:38:07AM -0700, Jon Callas wrote:<br>
&gt;&gt; We don't do &quot;perfect&quot; security in our fundamentals, beca=
use, as the unnamed AD said, it's hard to achieve.<br>
&gt; For what little it's worth, the AD doesn't have to be unnamed; I'm hap=
py to<br>
&gt; own up to making the request of Bob.&nbsp; I just haven't gotten fully=
 caught up<br>
&gt; on mail yet.<br>
<br>
And draft 17 reflects this view of Forward Secrecy.<br>
<br>
Thanks, Ben.<br>
<br>
<br>
_______________________________________________<br>
saag mailing list<br>
saag@ietf.org<br>
<a href=3D"https://www.ietf.org/mailman/listinfo/saag">https://www.ietf.org=
/mailman/listinfo/saag</a><o:p></o:p></p>
</div>
</div>
</body>
</html>

--_000_HE1PR0701MB3050B68DC4D7481382DCC4EA89949HE1PR0701MB3050_--


From nobody Thu Nov 11 13:04:27 2021
Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C63DD3A0C67 for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 13:04:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_W-w5-iodLI for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 13:04:20 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0130.outbound.protection.office365.us [23.103.209.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5F073A0B83 for <saag@ietf.org>; Thu, 11 Nov 2021 13:04:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=WKRon7DUySrgbDF3yD1AaUEaOvotfc9e2E8QyqfMbM4yBrNdMRbZf1lCbhhkPYsU4+aduBoJYA1SqYo0UTuZAaXS4l6Rp9NykZuP36r3AbOU1bj8atW6PZg4Fmp42F7nmA0LayNWGgaXEo/mo5nPVzeRtz8DazQTEoheF7d+jKdW6KDOpNnGk10YayvkLSLOq+ljiu1eLUoJ/eZszaKwDmglwp3vDM7YGEtposUHIvTZQeu9dWwyqDBlTZI8LZscxqPI9XmO8CoLp60IgM/2mR6OL4RckMKomorUl+KXQPtd3+qy49SPYT2NvIHIzCur3p1WuOaBJ2a1lNMlMEacDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=6sAz6RkjI+qpeguqxFSkLRpYfKAWBesUaVRoOJO36Ss=; b=LBROjm3jgSccjZo6nTY95oLzALM9bECKMFC1D+k5Ctho2OWQnTyuBJ/pOGTrLMpf8lZEZNs++BJe05DDVdWsPnGDqknZHAERP0ZplZB1W60z55Bm0kuxUidv/dOn2h7ZGoa7IQQm4miZgTaDyOcek+8r1HHVnYATCPggIoAX7ZSDR3aTw7aJG6pkArMo1q4JQLKzTukVA4dPhkoMkwF7LT51PRDmNfV0Iof9eBmhQV7Fg5OZo98rtthCzmfEiEu8yFiSSiwHNfG8W9W/dy8QSRwGEGOKaLvMlxs3WjZhz3k5APvMPzl7IWIcCtVlsoIir0gmvFwQnwMkLNpfGiM1pA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6sAz6RkjI+qpeguqxFSkLRpYfKAWBesUaVRoOJO36Ss=; b=dXLztrYMrpIoeZC8SSTuy6h7Unp6/kY/KRHP09aGh9z2agTDv0DSCoUI+DHFb1oq+QqPtGciUI6Vb+gjbnNOGREL9YE3BIHCEzb8tg7rwYocWQhMyDi3RcdhJQLpeIgh6fnOvTc9JHJX2dcYzhc0w196Wu3O55COH371hwS0dA0=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0610.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Thu, 11 Nov 2021 21:04:05 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Thu, 11 Nov 2021 21:04:05 +0000
From: Roman Danyliw <rdd@cert.org>
To: Donald Eastlake <d3e3e3@gmail.com>
CC: saag <saag@ietf.org>
Thread-Topic: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
Thread-Index: AdfT8rebsCj/8p2TSsqotCOBk3DMGAAVgNaAAL0Et5A=
Date: Thu, 11 Nov 2021 21:04:05 +0000
Message-ID: <BN1P110MB093959C922FC5F8C85C0C831DC949@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com>
In-Reply-To: <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 485789cd-bdcf-4a83-868f-08d9a556cbc5
x-ms-traffictypediagnostic: BN1P110MB0610:
x-microsoft-antispam-prvs: <BN1P110MB0610FB0D1B9DE11909982CDEDC949@BN1P110MB0610.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7EeG5U6bWgOsyeVyWJcVvqrjOXDtbqEMHdeFoTJxtO+ELsSG3D6LAbRRPYZ1Jz+aNZ2FuafX5hSM6nBD8sggSsWsKJ+156CtOqPbQchmCJz9gNZj/ppnwJYfAr0eBYac4AWuogYuVheEKarHMN5G6YJHeiL852iCPL1NHK5XhpPFpAgPcoUKBTda/iE7t3U3U5G2ucSYGtmx439T19cfY7UpY1Imb+7P8C+0abXcQnHEs6bpykWAtrEX3ewzR9xmPas2Zlu1zC+1+80y2fw7c+8nVyRFMxqvMDFCjKJRtDzPWNeLbgtdbhazAMl9UCZEZpXXdfxq7CMVR1WXQNuAu4IOsn21hGTF89XocMrxmpDg0qbfO1p3rjXuDff0ChNaXdEEvVkoHP9nkp1G0k4/ZR0k3Zb3j2VUsgFn+Wzjh9mn+hHtsTT9Bu5ue8O2qR1bNUGWv2ITtryaA7x+QakNw81Z9KdxhCzoGgWR2h6vDIdIrhnICwCJ6VUiulLftWOViXjOgrvyQgFB/x66vYw9TQ2desqiC3J6+hl9ZYGqESyj3xI7MLXupwBf3GFuNfV0puYMzoDTZg2lINGtw3QImvE39GKh4G5lL0abVfpa13Mgjm3YJ/L56mN9OwXWOIJQz0uOg49CoBEDQpjpGFW8VOhMdSnEZ90P1xiLyiewuciZ8bhgoCo8bD+/kIPsVWGiLPFUg2p/u29W6lPxgFquEg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(52536014)(38100700002)(5660300002)(55016002)(33656002)(38070700005)(71200400001)(40140700001)(66446008)(83380400001)(6506007)(53546011)(4326008)(2906002)(6916009)(82960400001)(7696005)(76116006)(26005)(66946007)(966005)(8936002)(8676002)(498600001)(9686003)(186003)(86362001)(122000001)(66476007)(64756008)(66556008); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JC2z/kTDcUTOjNTeFPQ5YmFTGYOjK3ATVJ8eoCtfn+1FvszhhrIhvsC1p04guLnaYRoTDavAXhlvnK8sVy7oVu5g36WPBSRzTMpXh68B79CfHZ0WBGA5ii72rrY10EKzQMicNZ2IgpG+2Ui64FHzL6wA402xKxlC5EDM/y8v/lMPyu8w7XKZ7cMHPmDp+ckMK4O0yR8OdbUAqm3RYF4Z6g5FDu+quKbUMOrJFsC9n/OoNyr1IDv8DAJ9Tmo7UegPaAgZtGmkpoEjdqOm7IMwumsdCAanDEJA6dbIXncWcs2Vro+KB66UAKpAHk7kYw5IHFxG/PLT+zlA1EkPPBs4AsV3EZAlvppBCMyE6rD2WYJenKUekva2bJC3JXMuGgLYIWuO9p47W91bHo7QRAwjjjNaS9rR5P6wIXtgjJ19kT7VsfdyCCMwCo874/7RLTpJLt0xejmXQZY/eRNb94tgbdpFxz06gDXboSViyASqeBhtSPki8sE0ycy4d1T8FixQqveMuaNnSVK4ibE1/nxI3WYr1NSC9XL0t/CW+FcYY/Cs5QpR9NJ0EONVDzBg62RSiqlhnRyoghGkf3fYGrJtZve8dqqwRiGyFBUJVzaqAKCLomMspx0h+lmXTDgJJpZd2BAvPowQxhwrJ20jzNjycWfNZGjfiwN+uyErzjNoKkTUSGxlTVNNQ168+HgU9lz1tiuj7a+1zzVMpK1HbbQc8zO971a4vLzT0fbaGx/p9CA=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 485789cd-bdcf-4a83-868f-08d9a556cbc5
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2021 21:04:05.3286 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0610
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5mNxQliNCh0x-441FNW_i6C3NAg>
Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2021 21:04:25 -0000

SGkgRG9uYWxkDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogRG9uYWxk
IEVhc3RsYWtlIDxkM2UzZTNAZ21haWwuY29tPg0KPiBTZW50OiBTdW5kYXksIE5vdmVtYmVyIDcs
IDIwMjEgOTozMSBQTQ0KPiBUbzogUm9tYW4gRGFueWxpdyA8cmRkQGNlcnQub3JnPg0KPiBDYzog
c2FhZyA8c2FhZ0BpZXRmLm9yZz4NCj4gU3ViamVjdDogUmU6IFtzYWFnXSBBRCBSZXZpZXcgb2Yg
ZHJhZnQtZWFzdGxha2UtcmZjNjkzMWJpcy14bWxzZWMtdXJpcy0xNw0KDQpbc25pcF0NCg0KPiA+
ICoqIFNlY3Rpb24gNS4yLiAgV2h5IGxvb3NlbiB0aGUgcmVnaXN0cmF0aW9uIHByb2NlZHVyZSBm
cm9tIHNwZWNpZmljYXRpb24NCj4gcmVxdWlyZWQgdG8gZXhwZXJ0IHJldmlldz8gIFRoZSBkb2N1
bWVudGF0aW9uIHJlcXVpcmVtZW50IHNlZW1zIG5lYXJseQ0KPiBlcXVpdmFsZW50IHRvICJzcGVj
aWZpY2F0aW9uIHJlcXVpcmVkIi4gIEdpdmVuIGhvdyBsaXR0bGUgY2h1cm4gdGhpcyBnZXRzDQo+
IChlc3BlY2lhbGx5IGluIG5ldyBUeXBlcyksIHdoYXQgd291bGQgYmUgdGhlIGNpcmN1bXN0YW5j
ZXMgd2hlcmUgdGhlIHJpZ29yIG9mDQo+IGEgVzNDIG9yIElFVEYgd291bGRuJ3QgYmUgYXBwcm9w
cmlhdGU/DQo+IA0KPiBUaGlzIHRleHQgd2FzIGp1c3QgY2FycmllZCBmb3J3YXJkIGZyb20gUkZD
IDY5MzEuIFRoZSBxdWVzdGlvbiBpcyB3aHkgZGlkIHRoZQ0KPiBJQU5BIFJlZ2lzdHJ5IG5vdCB1
c2UgdGhlIHJlZ2lzdHJhdGlvbiBwcm9jZWR1cmUgc3BlY2lmaWVkIGJ5IFJGQyA2OTMxPyBJbiBh
bnkNCj4gY2FzZSwgSSdkIGJlIGhhcHB5IHRvIGNoYW5nZSB0aGlzIGluIHRoZSBkcmFmdCBTcGVj
aWZpY2F0aW9uIFJlcXVpcmVkLg0KDQpEb2luZyB0aGUgZGlmZiB3aXRoIFJGQzY5MzEsICBJIHNl
ZSB3aGF0IHlvdSBtZWFuLiAgQWxtb3N0IG5vIHRleHQgY2hhbmdlZC4gIA0KDQpXaHkgSSBmbGFn
Z2VkIHRoaXMgdGV4dCAoYXNzdW1pbmcgdGhhdCBzb21ldGhpbmcgY2hhbmdlZCBpbiB0aGUgYmlz
KSB3YXMgdGhhdCB0aGUgU2VjdGlvbiA1LjIgdGV4dCBkb2Vzbid0IG1hdGNoIHdoYXQgSSBzZWUg
aW4gdGhlIHJlZ2lzdHJ5LiAgSW4gUkZDNjkzMSBhbmQgdGhpcyB1cGRhdGUsIHRoZSB0ZXh0IHNh
eXMgdGhhdCAiTmV3IGVudHJpZXMsIGluY2x1ZGluZyBuZXcgVHlwZXMsIHdpbGwgYmUgYWRkZWQg
YmFzZWQgb24gRXhwZXJ0IFJldmlldyBbUkZDODEyNl0uIiAgVGhlIHN1YnNlcXVlbnQgdGV4dCBw
cm92aWRlcyBndWlkYW5jZSB0byB0aGUgZXhwZXJ0IHJldmlld2VyLiAgIFdoZW4gSSBjaGVjayBo
dHRwczovL3d3dy5pYW5hLm9yZy9hc3NpZ25tZW50cy94bWwtc2VjdXJpdHktdXJpcy94bWwtc2Vj
dXJpdHktdXJpcy54aHRtbCwgdGhlIGxpc3RlZCByZWdpc3RyYXRpb24gcHJvY2VkdXJlIGlzICJz
cGVjaWZpY2F0aW9uIHJlcXVpcmVkIi4gIEl0J3Mgbm90IHRoYXQgdGhlIHRleHQgaXMgd3Jvbmcs
ICJzcGVjaWZpY2F0aW9uIHJlcXVpcmVkIiBhbHNvIGluY2x1ZGVzIGFuIGV4cGVydCByZXZpZXcg
YW5kIGZ1cnRoZXIgZ3VpZGFuY2UgaXMgZmluZSB0byBnaXZlIHRvIHRoZSBleHBlcnQuICBIb3dl
dmVyLCB0aGUgdG9wLWxpbmUgcG9saWN5IGluIHRoZSB0ZXh0IHNlZW1zIGxpa2UgaXQgc2hvdWxk
IHNheSAic3BlY2lmaWNhdGlvbiByZXF1aXJlZCIgKyBndWlkYW5jZSB0byB0aGUgZXhwZXJ0LiAg
UmF0aGVyIHRoYW4gd2hhdCBJIHJlYWRzIGxpa2Ugbm93IHdoaWNoIGlzIGVmZmVjdGl2ZWx5ICJz
cGVjIHJlcXVpcmVkIiBlbmZvcmNlZCBieSB0aGUgZXhwZXJ0Lg0KDQpSZWdhcmRzLA0KUm9tYW4N
Cg0KPiANCj4gVGhhbmtzLA0KPiBEb25hbGQNCj4gPT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PQ0KPiAgRG9uYWxkIEUuIEVhc3RsYWtlIDNyZCAgICsxLTUwOC0zMzMtMjI3MCAoY2VsbCkN
Cj4gIDIzODYgUGFub3JhbWljIENpcmNsZSwgQXBvcGthLCBGTCAzMjcwMyBVU0EgIGQzZTNlM0Bn
bWFpbC5jb20NCj4gDQo+ID4gUmVnYXJkcywNCj4gPiBSb21hbg0K


From nobody Thu Nov 11 20:02:27 2021
Return-Path: <d3e3e3@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D4A93A117A for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 20:02:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level: 
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NBcdc6VS6WQE for <saag@ietfa.amsl.com>; Thu, 11 Nov 2021 20:02:21 -0800 (PST)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309493A0EA4 for <saag@ietf.org>; Thu, 11 Nov 2021 20:02:21 -0800 (PST)
Received: by mail-io1-xd31.google.com with SMTP id w22so9628415ioa.1 for <saag@ietf.org>; Thu, 11 Nov 2021 20:02:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=HaEFaYo47WSbBkoXSVJ/tb4juJt37dFW/yy9CfQwso0=; b=TnKFCyiTQQF48SfgMFz6ZVhgxfnThK61R0ZLjdiUhtj/k4XUKe0pAkDNkNRWt+7gqx vzUmXl3Lnm1xjjauzv6Ep9hPZfPemlxpRnTPhMYgINND6w/BXcGAoxDhKhGemk6e6Spl 7tHudFuxzr1o3MzPcMhrcgT3qdwe24iZ6briI4YJDEmVelEm0B9ppesO7hXvzJaS9Tdx 3nKyAPZ/fO8myzerVzT2jGo7EjtGuz3aUgvC4kaJjupc6gK+B50Uy9RxenmIPeiWVHHD oLXiCtsQ/k743MAXFeYbEx2lFzPEVXjmlCnzvRlAejtfPBrYnePv7r41OsTkT7I6mj7l i17Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=HaEFaYo47WSbBkoXSVJ/tb4juJt37dFW/yy9CfQwso0=; b=4v3B75CBgVcv1hb2Comes7tiATZTZeBEaXvQsI2yNPg6PWds0uSroGuBgQrmLBMLRy bJE6IeQNp6bTKRxdHss3YgIRc4ZgLo/Qf1F/nJKiGypYerY3HvRkKrlcvrrCC9ITJJxg kYjn+f0i07GMdQQlC4ElHCdb258kYebyOS/vSLHK/l0CpQN3lb/x7qn2a6BmCRYAINkL reTMQW9K3JXt15EF+Dj3bPnmN80GJMuTvfV5JzQ9S5KqB9PrIUDTEPNyajlnvayzMGUx 9gewzvnx2jLf58unEyji24/oWl+dT9ETDqs06OQtmZpLtR64osxwuSRImg6ErCcsRVhn sKHw==
X-Gm-Message-State: AOAM533R+kZ382hdctllbi9V1O5zI9UbM3dArK4ZMgd13Cn9j7bkzHg2 xQZ8I1LSWWBg5f1DR9Mwc/M4khLOpWLfjLa2pZw=
X-Google-Smtp-Source: ABdhPJzRy51WPyUV4/qrVWwhw1n4jnPyHm0SBB47U/KQ+t1m/N3lpK9PwhDG38V0qkLCDSj/hnCVYwvx2dp7O414aQE=
X-Received: by 2002:a05:6602:3417:: with SMTP id n23mr8130401ioz.205.1636689738259;  Thu, 11 Nov 2021 20:02:18 -0800 (PST)
MIME-Version: 1.0
References: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com> <BN1P110MB093959C922FC5F8C85C0C831DC949@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN1P110MB093959C922FC5F8C85C0C831DC949@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Thu, 11 Nov 2021 23:02:07 -0500
Message-ID: <CAF4+nEHKSsnvbmrD6=vEcE7UqNcZvUgmU8b7UgFSW9=WtXad2Q@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/c2EDIdfmG5zpJbEuTJFJdiHnqv4>
Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 04:02:26 -0000

OK, as I said I'm fine with changing this to say Specification
Required instead of Expert Review.

This draft originally said Expert Review for historic reasons that are
no longer relevant.

Thanks,
Donald
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

On Thu, Nov 11, 2021 at 4:04 PM Roman Danyliw <rdd@cert.org> wrote:
>
> Hi Donald
>
> > -----Original Message-----
> > From: Donald Eastlake <d3e3e3@gmail.com>
> > Sent: Sunday, November 7, 2021 9:31 PM
> > To: Roman Danyliw <rdd@cert.org>
> > Cc: saag <saag@ietf.org>
> > Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-=
17
>
> [snip]
>
> > > ** Section 5.2.  Why loosen the registration procedure from specifica=
tion
> > required to expert review?  The documentation requirement seems nearly
> > equivalent to "specification required".  Given how little churn this ge=
ts
> > (especially in new Types), what would be the circumstances where the ri=
gor of
> > a W3C or IETF wouldn't be appropriate?
> >
> > This text was just carried forward from RFC 6931. The question is why d=
id the
> > IANA Registry not use the registration procedure specified by RFC 6931?=
 In any
> > case, I'd be happy to change this in the draft Specification Required.
>
> Doing the diff with RFC6931,  I see what you mean.  Almost no text change=
d.
>
> Why I flagged this text (assuming that something changed in the bis) was =
that the Section 5.2 text doesn't match what I see in the registry.  In RFC=
6931 and this update, the text says that "New entries, including new Types,=
 will be added based on Expert Review [RFC8126]."  The subsequent text prov=
ides guidance to the expert reviewer.   When I check https://www.iana.org/a=
ssignments/xml-security-uris/xml-security-uris.xhtml, the listed registrati=
on procedure is "specification required".  It's not that the text is wrong,=
 "specification required" also includes an expert review and further guidan=
ce is fine to give to the expert.  However, the top-line policy in the text=
 seems like it should say "specification required" + guidance to the expert=
.  Rather than what I reads like now which is effectively "spec required" e=
nforced by the expert.
>
> Regards,
> Roman
>
> >
> > Thanks,
> > Donald
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
> >  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
> >  2386 Panoramic Circle, Apopka, FL 32703 USA  d3e3e3@gmail.com
> >
> > > Regards,
> > > Roman


From nobody Fri Nov 12 03:22:46 2021
Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0FD23A0EB3 for <saag@ietfa.amsl.com>; Fri, 12 Nov 2021 03:22:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UPqAGWwiiTg for <saag@ietfa.amsl.com>; Fri, 12 Nov 2021 03:22:34 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0111.outbound.protection.office365.us [23.103.208.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC1C3A0E90 for <saag@ietf.org>; Fri, 12 Nov 2021 03:22:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=g0VgZwwUzUwJMHR3rylvqVhfsiAVKICz5eFR6bbacZBLHilAdVdvPjJEX3t14rTsb5YjJ2eq9iLQiHm1GmG5hdy7BVPAB++8fM5If5Pa3wEtrQSGLyrGLFaWhvP+cG/M6J4BeCANBjPrWyZDHYWPhISpcvfoGMqkCVkpKs4qOH/xDTFnPfsFKyApJjkvd4i5afF5UlfaeDhJ4O3JeQaPDyIAtbHsZuUgOfMaeWwAynzCWKt5yRkjPngmR4VI3Ub+Z6Txr/KLQih8Db8MYsmNGvln4yQeHR5f5FcAVFtwx47X8zhQLvBVfHbPhTrM3OSn7uDqAW8QKb8zQk/3gPjcfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=HK+yPXeP/Ckjk4u5OE2RpPfCs3Z7HbX6lQyTI6qBtI0=; b=xATx8DNe/2KUy2QOUx/jU9QD+WLhvKOTaZuH5qtFMGK2clRQvI2nANEw6qyzr/7sEFDHpIDDLBGaOWpSMcjKvtthzNUFCN6N9pr+OH+fZoiLoHuqFZrZVCIXPJYGlMMKjsEwc+WR349VdfkgsLOhBHlgQ7ie3hpCghapRhu7A9tbVb6VVQrMfkSgZvRDeub+jHTDht6Gew+IAxz0rMKHkdcAPMpZbEsXNt9MBBBVGiAsDTd/NqCEycWxNskrrabCtmSe40i5h3lGGx7JkHhzs4ezbtaFtPUZ8ZW6exfkkAwC8Xa1SqjCQ7ABVbmN0XXcpy/L/p0a3Cqd3yEm8psgTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HK+yPXeP/Ckjk4u5OE2RpPfCs3Z7HbX6lQyTI6qBtI0=; b=Ic2cVs7hQkaU3hmhI5I/QNhWrFa76Y0squvzae8Eo6JDqSVm0bBkc6tapv/dUAqVwMp4fTuzpzPJj0v5UEOZDhIfFy8jYGeC4IBtA6nL1XRKf/Al/cfEQzukdvE91Uvi5pSTLYI4xDLNu+H04UAEgj2UBMGZ64y44uHfTcxosL0=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0690.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:133::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Fri, 12 Nov 2021 11:21:15 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Fri, 12 Nov 2021 11:21:15 +0000
From: Roman Danyliw <rdd@cert.org>
To: Donald Eastlake <d3e3e3@gmail.com>
CC: saag <saag@ietf.org>
Thread-Topic: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
Thread-Index: AdfT8rebsCj/8p2TSsqotCOBk3DMGAAVgNaAAL0Et5AAD1BSgAAPR7AA
Date: Fri, 12 Nov 2021 11:21:15 +0000
Message-ID: <BN1P110MB093913BD2CC19446CCEB5A74DC959@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com> <BN1P110MB093959C922FC5F8C85C0C831DC949@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <CAF4+nEHKSsnvbmrD6=vEcE7UqNcZvUgmU8b7UgFSW9=WtXad2Q@mail.gmail.com>
In-Reply-To: <CAF4+nEHKSsnvbmrD6=vEcE7UqNcZvUgmU8b7UgFSW9=WtXad2Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec18eed4-0c8e-4ce9-60d5-08d9a5ce8a97
x-ms-traffictypediagnostic: BN1P110MB0690:
x-microsoft-antispam-prvs: <BN1P110MB0690A5DB66DFCE23E1351E21DC959@BN1P110MB0690.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +Hb81HT2O+Xs1Aphzr07wu3Cue2ByMRu1lRsE27JoyUS2ZeQCiMKeXbTQpE+96Wh7lKow7Vz29h95f/8X5vk60WC/KJ3gl9GP+YzCtRaNb5XpIymcWYgNunjcQHFybg5o/CofIUh5koiocV5wT0pMKXxaSrxVrjHcmjZTP9Pb/ztwN+r7KsowyAZxL9C7o2gOD0OaopyJVlMoBt2v+EciiLsw6xkZ1sD+OvD2zSAseA2yaOg6kaxtj8f8/W+6GswSYzzOojiC3O10GekXsjJbAEX7V9C992NipLeAxDlRaqgGKUjmcvvFUQuMfhiy2/73m/Vtf1dPV3zLdoYnmio99ilpX31mh6eEsmEfWVFhVCDLosXbWdAJSwfgc1RQhgcpQErx2g497aTIhXF/jSrFCUc8s2fYG2H/MmfVkhk1cCXB6IRAKWEfjvQs5yKLnmQAEsW++zt4HqpUdTZzzle+Tie+pa5exQiUlcsDtz2FCiokf2C8xBeGzwOuIZRMjE44zC0F+YpZNzuzFmr4QSEtzF9jB40NsUd/tIFGTIHds/Q8SJb/UHv2r5TM+GcH8URaFHTJ28Km5tBfAo0nV7HeWSrOl5dXyIW/XRZHMP3nFVkvSxqR8hC1IoyFiDHJgw2uxvCsYU11L20Z99Cjz+gteaDyl5q/4jBLzNmffsTlVRixb0eR58Z6IY1sQRj63YgLDrr4PO/K9XQ6sqQoCQh6w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(33656002)(2906002)(53546011)(966005)(52536014)(55016002)(83380400001)(40140700001)(66946007)(8936002)(7696005)(9686003)(186003)(38070700005)(71200400001)(38100700002)(86362001)(498600001)(76116006)(5660300002)(6916009)(122000001)(82960400001)(66446008)(64756008)(26005)(8676002)(66476007)(6506007)(4326008)(66556008); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ziDVcF9946O/qLDZudUcszJjMHHMkq6ExhdbicVPI6YiFJOim74h9mQgFDW5gKzZTKz7evYwgQ3SNMba/9ChNVUkkSUA5BWCavtOuIdQbxNYeiCXETzhIbuGOUCxxY33PiFfyyfoKrXm7CjsNZca8NxMgu1BVc5uwsA2BJ0LyPhJxwy9NORkanHdL+AiWCiPDUMsW6xRkUlgh6lw8uBSh2lI3LbvM9XdIzF6Dbd9RAjkXBuc2jC7fANl+6kbH3RMVFuSIDhztOzfnzymCeUxlgV2s9+LIwuMsU37lsEP/0YVeNa8FKvpkixYTbA9nfxJZM9xIxMvlFe2v0J0bpEXIEF4oUxRt5s3dKYI4KCIkTk+UjUeWr5A93sXPJhgfHMnyfPgdyRwdTCAbGtGEyV0xg5VJUhtx1jZzvdl1FD+DQ1NfYi+slNf17jRmS08X7NYkX53dpJFHWKIMAdtI33fot644gP5iYFn33TMoZndg9usLchA65UGl7/BuWH62W5uyng7m2TFghIEKa/bOzdSwsnhvsDuVv/Js10pWH6IgVyRsf8XnBMMuVSRCPCcsgmO+7+3zEhjtS74EEi5mSTzdzF0IBh1OfJ8upxv+fl+ywZi7rdgkSHG/Xh7IsLl0vPJShagCMQpJkQbO9jW+zg9/liG6GHHQyreDgaP4M15J5xeN0bSH2UpQrxOfhimBBRdpWJyOUk/Pix7eQTLBjV01FW1rM3D/dnPclStZtx0nFk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ec18eed4-0c8e-4ce9-60d5-08d9a5ce8a97
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2021 11:21:15.6138 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0690
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/tA_Jya8XgUGJu_Pcx4vbi2y9PFw>
Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 11:22:45 -0000

SGkgRG9uYWxkIQ0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IERvbmFs
ZCBFYXN0bGFrZSA8ZDNlM2UzQGdtYWlsLmNvbT4NCj4gU2VudDogVGh1cnNkYXksIE5vdmVtYmVy
IDExLCAyMDIxIDExOjAyIFBNDQo+IFRvOiBSb21hbiBEYW55bGl3IDxyZGRAY2VydC5vcmc+DQo+
IENjOiBzYWFnIDxzYWFnQGlldGYub3JnPg0KPiBTdWJqZWN0OiBSZTogW3NhYWddIEFEIFJldmll
dyBvZiBkcmFmdC1lYXN0bGFrZS1yZmM2OTMxYmlzLXhtbHNlYy11cmlzLTE3DQo+IA0KPiBPSywg
YXMgSSBzYWlkIEknbSBmaW5lIHdpdGggY2hhbmdpbmcgdGhpcyB0byBzYXkgU3BlY2lmaWNhdGlv
biBSZXF1aXJlZCBpbnN0ZWFkIG9mDQo+IEV4cGVydCBSZXZpZXcuDQoNCkdyZWF0Lg0KDQo+IFRo
aXMgZHJhZnQgb3JpZ2luYWxseSBzYWlkIEV4cGVydCBSZXZpZXcgZm9yIGhpc3RvcmljIHJlYXNv
bnMgdGhhdCBhcmUgbm8gbG9uZ2VyDQo+IHJlbGV2YW50Lg0KDQpVbmRlcnN0b29kLiAgVGhhbmtz
IGZvciBjbGFyaWZ5aW5nLg0KDQpSZWdhcmRzLA0KUm9tYW4NCg0KIA0KPiBUaGFua3MsDQo+IERv
bmFsZA0KPiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQo+ICBEb25hbGQgRS4gRWFz
dGxha2UgM3JkICAgKzEtNTA4LTMzMy0yMjcwIChjZWxsKQ0KPiAgMjM4NiBQYW5vcmFtaWMgQ2ly
Y2xlLCBBcG9wa2EsIEZMIDMyNzAzIFVTQSAgZDNlM2UzQGdtYWlsLmNvbQ0KPiANCj4gT24gVGh1
LCBOb3YgMTEsIDIwMjEgYXQgNDowNCBQTSBSb21hbiBEYW55bGl3IDxyZGRAY2VydC5vcmc+IHdy
b3RlOg0KPiA+DQo+ID4gSGkgRG9uYWxkDQo+ID4NCj4gPiA+IC0tLS0tT3JpZ2luYWwgTWVzc2Fn
ZS0tLS0tDQo+ID4gPiBGcm9tOiBEb25hbGQgRWFzdGxha2UgPGQzZTNlM0BnbWFpbC5jb20+DQo+
ID4gPiBTZW50OiBTdW5kYXksIE5vdmVtYmVyIDcsIDIwMjEgOTozMSBQTQ0KPiA+ID4gVG86IFJv
bWFuIERhbnlsaXcgPHJkZEBjZXJ0Lm9yZz4NCj4gPiA+IENjOiBzYWFnIDxzYWFnQGlldGYub3Jn
Pg0KPiA+ID4gU3ViamVjdDogUmU6IFtzYWFnXSBBRCBSZXZpZXcgb2YNCj4gPiA+IGRyYWZ0LWVh
c3RsYWtlLXJmYzY5MzFiaXMteG1sc2VjLXVyaXMtMTcNCj4gPg0KPiA+IFtzbmlwXQ0KPiA+DQo+
ID4gPiA+ICoqIFNlY3Rpb24gNS4yLiAgV2h5IGxvb3NlbiB0aGUgcmVnaXN0cmF0aW9uIHByb2Nl
ZHVyZSBmcm9tDQo+ID4gPiA+IHNwZWNpZmljYXRpb24NCj4gPiA+IHJlcXVpcmVkIHRvIGV4cGVy
dCByZXZpZXc/ICBUaGUgZG9jdW1lbnRhdGlvbiByZXF1aXJlbWVudCBzZWVtcw0KPiA+ID4gbmVh
cmx5IGVxdWl2YWxlbnQgdG8gInNwZWNpZmljYXRpb24gcmVxdWlyZWQiLiAgR2l2ZW4gaG93IGxp
dHRsZQ0KPiA+ID4gY2h1cm4gdGhpcyBnZXRzIChlc3BlY2lhbGx5IGluIG5ldyBUeXBlcyksIHdo
YXQgd291bGQgYmUgdGhlDQo+ID4gPiBjaXJjdW1zdGFuY2VzIHdoZXJlIHRoZSByaWdvciBvZiBh
IFczQyBvciBJRVRGIHdvdWxkbid0IGJlIGFwcHJvcHJpYXRlPw0KPiA+ID4NCj4gPiA+IFRoaXMg
dGV4dCB3YXMganVzdCBjYXJyaWVkIGZvcndhcmQgZnJvbSBSRkMgNjkzMS4gVGhlIHF1ZXN0aW9u
IGlzDQo+ID4gPiB3aHkgZGlkIHRoZSBJQU5BIFJlZ2lzdHJ5IG5vdCB1c2UgdGhlIHJlZ2lzdHJh
dGlvbiBwcm9jZWR1cmUNCj4gPiA+IHNwZWNpZmllZCBieSBSRkMgNjkzMT8gSW4gYW55IGNhc2Us
IEknZCBiZSBoYXBweSB0byBjaGFuZ2UgdGhpcyBpbiB0aGUgZHJhZnQNCj4gU3BlY2lmaWNhdGlv
biBSZXF1aXJlZC4NCj4gPg0KPiA+IERvaW5nIHRoZSBkaWZmIHdpdGggUkZDNjkzMSwgIEkgc2Vl
IHdoYXQgeW91IG1lYW4uICBBbG1vc3Qgbm8gdGV4dCBjaGFuZ2VkLg0KPiA+DQo+ID4gV2h5IEkg
ZmxhZ2dlZCB0aGlzIHRleHQgKGFzc3VtaW5nIHRoYXQgc29tZXRoaW5nIGNoYW5nZWQgaW4gdGhl
IGJpcykgd2FzIHRoYXQNCj4gdGhlIFNlY3Rpb24gNS4yIHRleHQgZG9lc24ndCBtYXRjaCB3aGF0
IEkgc2VlIGluIHRoZSByZWdpc3RyeS4gIEluIFJGQzY5MzEgYW5kDQo+IHRoaXMgdXBkYXRlLCB0
aGUgdGV4dCBzYXlzIHRoYXQgIk5ldyBlbnRyaWVzLCBpbmNsdWRpbmcgbmV3IFR5cGVzLCB3aWxs
IGJlIGFkZGVkDQo+IGJhc2VkIG9uIEV4cGVydCBSZXZpZXcgW1JGQzgxMjZdLiIgIFRoZSBzdWJz
ZXF1ZW50IHRleHQgcHJvdmlkZXMgZ3VpZGFuY2UgdG8NCj4gdGhlIGV4cGVydCByZXZpZXdlci4g
ICBXaGVuIEkgY2hlY2sgaHR0cHM6Ly93d3cuaWFuYS5vcmcvYXNzaWdubWVudHMveG1sLQ0KPiBz
ZWN1cml0eS11cmlzL3htbC1zZWN1cml0eS11cmlzLnhodG1sLCB0aGUgbGlzdGVkIHJlZ2lzdHJh
dGlvbiBwcm9jZWR1cmUgaXMNCj4gInNwZWNpZmljYXRpb24gcmVxdWlyZWQiLiAgSXQncyBub3Qg
dGhhdCB0aGUgdGV4dCBpcyB3cm9uZywgInNwZWNpZmljYXRpb24gcmVxdWlyZWQiDQo+IGFsc28g
aW5jbHVkZXMgYW4gZXhwZXJ0IHJldmlldyBhbmQgZnVydGhlciBndWlkYW5jZSBpcyBmaW5lIHRv
IGdpdmUgdG8gdGhlDQo+IGV4cGVydC4gIEhvd2V2ZXIsIHRoZSB0b3AtbGluZSBwb2xpY3kgaW4g
dGhlIHRleHQgc2VlbXMgbGlrZSBpdCBzaG91bGQgc2F5DQo+ICJzcGVjaWZpY2F0aW9uIHJlcXVp
cmVkIiArIGd1aWRhbmNlIHRvIHRoZSBleHBlcnQuICBSYXRoZXIgdGhhbiB3aGF0IEkgcmVhZHMg
bGlrZQ0KPiBub3cgd2hpY2ggaXMgZWZmZWN0aXZlbHkgInNwZWMgcmVxdWlyZWQiIGVuZm9yY2Vk
IGJ5IHRoZSBleHBlcnQuDQo+ID4NCj4gPiBSZWdhcmRzLA0KPiA+IFJvbWFuDQo+ID4NCj4gPiA+
DQo+ID4gPiBUaGFua3MsDQo+ID4gPiBEb25hbGQNCj4gPiA+ID09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT0NCj4gPiA+ICBEb25hbGQgRS4gRWFzdGxha2UgM3JkICAgKzEtNTA4LTMzMy0y
MjcwIChjZWxsKQ0KPiA+ID4gIDIzODYgUGFub3JhbWljIENpcmNsZSwgQXBvcGthLCBGTCAzMjcw
MyBVU0EgIGQzZTNlM0BnbWFpbC5jb20NCj4gPiA+DQo+ID4gPiA+IFJlZ2FyZHMsDQo+ID4gPiA+
IFJvbWFuDQo=


From nobody Fri Nov 12 10:33:29 2021
Return-Path: <ietf@dkutscher.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71F63A1051; Fri, 12 Nov 2021 10:33:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level: 
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFCNV9J24YED; Fri, 12 Nov 2021 10:33:15 -0800 (PST)
Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFE353A104E; Fri, 12 Nov 2021 10:33:14 -0800 (PST)
Received: from [192.168.1.69] ([95.89.114.110]) by mrelayeu.kundenserver.de (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id 1MqJVd-1mP8Vr09VD-00nSLM; Fri, 12 Nov 2021 19:33:00 +0100
From: "Dirk Kutscher" <ietf@dkutscher.net>
To: "Michael Richardson" <mcr@sandelman.ca>
Cc: "Thomas Hardjono" <hardjono@mit.edu>, din@irtf.org, saag@ietf.org, "Martin Hargreaves" <martin.hargreaves@quant.network>, blockchain-interop@ietf.org
Date: Fri, 12 Nov 2021 19:32:56 +0100
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <F24F4076-71C7-400F-B754-3EC481D6BE2A@dkutscher.net>
In-Reply-To: <8785.1635776141@localhost>
References: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu> <8785.1635776141@localhost>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Provags-ID: V03:K1:S5O5WJ1qQUNnCd9R0G776JqXlrOoL4sOjH0Tsbno/uEA5kk++S6 4AKlm64psiQU81zAv3X3jV1kejSbnXS9E7ZELQbfGk9VtyWftaeWsvpUBYbHvzV2tK/o637 XmO1WxhnqRRA1PpUVrTjPlKt4w4sizYMNjYTSCw04KjW6Ja31wY3HE3zX9dXMlL786joF3e 4X8LkMtkf5b5pzNSWpuEA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:kN74dw0sjpM=:lOuIMLBonjMr9ehx4fVa3c nCT4hBTPyeOJYOsc48ERUsk5aAQaOdiiz7aKqmPZr9a6aelbw4nbLdEepvgaVxdj0Z7ZKhArd P3qmbj8C/e7gSO/lD4eFwH7BPFXOP6WPWniSmpyLu2llQcM3+ihltFnWGR3ucMkX8dbebMmhr ofpoYr5SukdzvhkqR7AVz6dmFGihxyh6HyKEDjDFaaQgoEQVUmouOltwa9pQnqCpNWARruO+i Q2sNHRlm3oG13j/7F6ufwCuOZezql7P8yPNIvDbCTpDtz3xjUZOWln3rnucq+7GCc0Yet4SDA 6JnXJpFqRD3ExrA0JTVZmlnbmO2r71GFCAm02Iu2jnierN+2z9c5z40YG81XONZLORh+zL/Lh qv9yZ+YkzqCvlLOnTQULr4ZNLdIs0mQWeOOo/D52legeiYadCsmHW9DzEy4i/sJMCvihSFYjh Oo9CUcxO9Ezf6oHYGdY81c9BcPxsKX2kyX93JatnuGDHucUECT2AH2hq26rJdUrxpFd1APbbU LIOBmNAQFlfM1GyN09cRxvPTCItgXkd0Q0Bby9av+QkWnwtulgFBdL0yx1IgkKzhKnGH2k1Ym sSqNpHNLIzY65ZozAUo6UED4kjMCBbQqJOirTOPVrqviFMckGfAohCKk8OWs7WK5zyf5iDMc2 XcNamX7gR3WVuEKs10spj/Zr7cNroDzaay0kLyrMCGblwZh5Ae5WoBHJFxwSB4p/Wqxw=
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vF7VasL9ClRluhcFHAoeX6iP6nI>
Subject: Re: [saag] [Din] IETF112 Side Meeting on DLT Gateway Interop protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 18:33:20 -0000

Michael,

do you have a pointer?

Thanks,
Dirk

On 1 Nov 2021, at 15:15, Michael Richardson wrote:

> Have you seen, btw, that MATTER is using a ledger for distribution of
> Endorsements for their remote attestation system?
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh 
> networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT 
> architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on 
> rails    [
>
> _______________________________________________
> Din mailing list
> Din@irtf.org
> https://www.irtf.org/mailman/listinfo/din


From nobody Fri Nov 12 15:48:19 2021
Return-Path: <mcr@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32FBD3A0B2A; Fri, 12 Nov 2021 15:48:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.589
X-Spam-Level: 
X-Spam-Status: No, score=-0.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL=1.31, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5HKkfCMnR3zR; Fri, 12 Nov 2021 15:48:13 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9193A0B41; Fri, 12 Nov 2021 15:48:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A2C6D18029; Fri, 12 Nov 2021 18:50:17 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id b91L8gTr6msV; Fri, 12 Nov 2021 18:50:14 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 8791918023; Fri, 12 Nov 2021 18:50:14 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7520440; Fri, 12 Nov 2021 18:48:06 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: "Dirk Kutscher" <ietf@dkutscher.net>
cc: "Thomas Hardjono" <hardjono@mit.edu>, din@irtf.org, saag@ietf.org, "Martin Hargreaves" <martin.hargreaves@quant.network>, blockchain-interop@ietf.org
In-Reply-To: <F24F4076-71C7-400F-B754-3EC481D6BE2A@dkutscher.net>
References: <82db011335f74bf2978bdd11dbd547b6@oc11expo23.exchange.mit.edu> <8785.1635776141@localhost> <F24F4076-71C7-400F-B754-3EC481D6BE2A@dkutscher.net>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6110.1636760886.1@localhost>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 12 Nov 2021 18:48:06 -0500
Message-ID: <6111.1636760886@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/e9vsGG7ZG3USYYtPbT5M0V_GYtk>
Subject: Re: [saag] [Din] IETF112 Side Meeting on DLT Gateway Interop protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 23:48:18 -0000

Dirk Kutscher <ietf@dkutscher.net> wrote:
    > do you have a pointer?

MATTER has not yet released their document.
There are presentations at IOTOPS (last IETF), and a few things on youtube=
.

    > On 1 Nov 2021, at 15:15, Michael Richardson wrote:

    >> Have you seen, btw, that MATTER is using a ledger for distribution =
of
    >> Endorsements for their remote attestation system?
    >>
    >> --
    >> ]               Never tell me the odds!                 | ipv6 mesh
    >> networks [
    >> ]   Michael Richardson, Sandelman Software Works        |    IoT ar=
chitect
    >> [
    >> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on=
 rails
    >> [
    >>
    >> _______________________________________________
    >> Din mailing list
    >> Din@irtf.org
    >> https://www.irtf.org/mailman/listinfo/din


From nobody Sat Nov 13 08:02:38 2021
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2600E3A0773 for <saag@ietfa.amsl.com>; Sat, 13 Nov 2021 08:02:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVckxvlAJjsB for <saag@ietfa.amsl.com>; Sat, 13 Nov 2021 08:02:34 -0800 (PST)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACFDF3A076C for <saag@ietf.org>; Sat, 13 Nov 2021 08:02:34 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id o8so50650505edc.3 for <saag@ietf.org>; Sat, 13 Nov 2021 08:02:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:from:date:message-id:subject:to; bh=F1XeaXChN5K91uJhKWMMa0yB51wxuCStDYPejWojuBI=; b=jmWxRX9E2+FcFXqGq6zdFXUISFSoOstkyInTOD36evQwjzf2ahcX2r0cXL09Osn/Fl x1j/UV9RVi05nadzYJpoyF+1mr4eZhm5J05DuCe4ri5DAaY9H4LIBM6Qft4aF0UFaQKL cv2RLmSHXl4oTmgjiiU78qRN8H087yDWs+mLRoKvC7VcFtGwwCTN/WIZZgarBvSQJU/I 8Dy+7pUvlfrDYXrrqAHzO9wuacCe3gJuE4gvVmWIvaKfZr42y+ase32fXv2rlQ5GDWM0 qdqkXG9BjgTUqNOO12LxIjmjW+6/b1WePtYarATGiee1uRUYj9I77bZB+yfPURUBzjss O7hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=F1XeaXChN5K91uJhKWMMa0yB51wxuCStDYPejWojuBI=; b=J9734t3HG1q0EzgnS0Ty61V6OjjgTPamtAfie8CiXO8pT2Fln42NBx7oBYsZkqF6vC R8lsF8qxIJTaXtJ66u+2O5qyXdHHr8UXIck5EHIaAy0yE1erxzBNB81yY6DKdD3K3jCP 22MxViiHXn0XMntreELGfnmEIgF1Q1AKmr6iMPRZQTlfKDjK2bV9KFhLbeVzC0zZCSXh 8a95o7raxULHXri7d2niTOkoZbMohdvzw7V/luss+n05eA55vhgRWAErlDdQiSQCos+2 DriIWk6Wzg5Nr0BAQatsSZSg4vBIX5oEKIm1l+uAcEZGBLQ+qTMGW/jfgYCW/lMp4lXA hvHQ==
X-Gm-Message-State: AOAM531v17DkuMyq0fh146ohGuJfndZpO5QLlA3zg3gLZ34IVTA/Qzi8 i79K+xI0Yg2sxJpd48MINEs9o8oxb/z0qZNW4WQXoXcO
X-Google-Smtp-Source: ABdhPJw7pqhMDmT4nWP70wQgW2PZVvFNapn/o5HiZtm+3VfSg4kGux6xWWyoXrjkyic5AofYWzVo2Rr+XzKQMUDkgJ8=
X-Received: by 2002:a50:ee19:: with SMTP id g25mr10302977eds.162.1636819020376;  Sat, 13 Nov 2021 07:57:00 -0800 (PST)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 13 Nov 2021 07:56:49 -0800
Message-ID: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qg_2YucVOpDmvm_Z5a5j31_I320>
Subject: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Nov 2021 16:02:36 -0000

Dear Saag,

It seems that a large number of proposals, from OHAI, DOH, Privacy
Pass and most recently some IP privacy work have received the same
kind of pushback around 'discovery': the argument that we need a
mechanism for clients to find a large list of available and willing
intermediaries. The challenge here is that we have not seen a
proposal, and it doesn't seem to answer the real issues about
diversity of intermediates, user trust in what they discover, or
address any of the very real issues around user experience.

I think this is a necessary discussion to have once rather than
constantly relitigate.

Sincerely,
Watson Ladd

--
Astra mortemque praestare gradatim


From nobody Sun Nov 14 18:51:05 2021
Return-Path: <d3e3e3@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 962D63A0D32 for <saag@ietfa.amsl.com>; Sun, 14 Nov 2021 18:51:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level: 
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YinsXgzaSr1 for <saag@ietfa.amsl.com>; Sun, 14 Nov 2021 18:51:02 -0800 (PST)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 944163A0D2A for <saag@ietf.org>; Sun, 14 Nov 2021 18:51:02 -0800 (PST)
Received: by mail-il1-x12a.google.com with SMTP id w15so15009628ill.2 for <saag@ietf.org>; Sun, 14 Nov 2021 18:51:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hLYOBfBpJC18gupSpXZuR+i7OWExQRdW+A6U9+Nk+Rg=; b=ZB5r1fin0XGc4h3PswUhA0sgBu6sFQbyQxx+zBqq6UQcDJ7PlwDf/S5PCIe93iF34a 6AMQ2cUYVE2zq0BfEmyOGhz+oQfJDaIbdnjLjOKvVNHBYDl6qjEXuf8TSjf+975Roz/A K2eN9iC0qjSuYx8m/V/I04+zT9/kImcHFMU22O/XhwlB4FTj+as2HvUC1N/8sdfa//Om +V26/FJ8i5Yfvvvg62I7YOniaZXZbYoeyl32IkpLYSe8WfTryZMhuodzOL45v2EkuQTw GEhs2m1Brb+XMZp0UN3sBui+q7+SJwal2bjfCxp1k9L6bsXzTW2ywVfxpf08K7OihoXS pmMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hLYOBfBpJC18gupSpXZuR+i7OWExQRdW+A6U9+Nk+Rg=; b=7BiYbJaGfXs1oOuijkLAf1yKlOUcyd76tp/Wd75ULYrNvNq5WkkHumjGUfGz/FTYGT pkmptKq8xBC4jBMbJn59pR7VdBkujR3HTvxK8l5mJ522W2aqXeOd7+7RB6I8CvQoUa5i f7JJYTr/ADsCfZeGCTcsiBFK7+johx8GAw+4uHD7i5Z0O6Fu0vbmwQd2meP9I9tI37oy V1A12MoLycSEelmlOrtAC9xy0v8nBgaNOnQi35UAKIqiGoHKNnqziDDOyvOdoyx3ig8U CI9d/aNdvwPWBJRu6ixYq2U8PrK1MwreMJVUR6J/4cj4sODk96IKXX50+jRlNa1Mo6At 2MgQ==
X-Gm-Message-State: AOAM5315XRo/zNSq2WdxscqOuO+7g2zjWcUmttrjkjIusC6TXKQLUNSU 6UVGHqagWfKUrjSoM9WBa/GEmKMSoEJ4WkcGHM0=
X-Google-Smtp-Source: ABdhPJxMn0DODo2NHyLlUpBJN2CDhgT/5Wg2FDEVNPQJZ8Fw2QZRq4SZZcXx4VO2Rh0H/lJNkq+frqSBD+riHqkaVxU=
X-Received: by 2002:a05:6e02:1ca3:: with SMTP id x3mr19165415ill.103.1636944660444;  Sun, 14 Nov 2021 18:51:00 -0800 (PST)
MIME-Version: 1.0
References: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com>
In-Reply-To: <CAF4+nEFZUJMR75h3KtjSNncogDwUxWkBqOkPvX1wmJ-05zxY-A@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 14 Nov 2021 21:50:49 -0500
Message-ID: <CAF4+nEFHG3=13MKpGd=g+jr5BgYgL2=V-vKJxxvyPXGL3SC0hw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/6d8KMmVrqBAEl0n6tJsa-46v1bk>
Subject: Re: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 02:51:04 -0000

Hi Roman,

On Sun, Nov 7, 2021 at 9:31 PM Donald Eastlake <d3e3e3@gmail.com> wrote:
> Hi Roman,
>...
>
> > ** Section 2.6.4.  This is comment on the original text from RFC6931 co=
pied into this document. Why doesn't the full namespace from the "identifie=
rs" list match the example for #psec-kem?  The latter says "xmldsig-more#ps=
ec-kem" but the example says "xmlenc#psec-kem".
>
> The namespace from specific W3C documents, such as in this case,
> <https://www.w3.org/TR/xmlsec-generic-hybrid/>, should dominate name
> spaces created for this draft or its predecessors. I'll check into
> this case.

On further investigation, I believe the identifiers given are correct
and the example xml was wrong.

Thanks,
Donald
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

>...
> > Regards,
> > Roman


From nobody Sun Nov 14 18:57:39 2021
Return-Path: <d3e3e3@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5C373A0D35 for <saag@ietfa.amsl.com>; Sun, 14 Nov 2021 18:57:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level: 
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ha4wuWOL2DJI for <saag@ietfa.amsl.com>; Sun, 14 Nov 2021 18:57:33 -0800 (PST)
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68CEB3A0D2F for <saag@ietf.org>; Sun, 14 Nov 2021 18:57:33 -0800 (PST)
Received: by mail-il1-x129.google.com with SMTP id x9so14978560ilu.6 for <saag@ietf.org>; Sun, 14 Nov 2021 18:57:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to;  bh=K4nSEKa6p2fGVpn+B2Uy8JWMIUQKfVUgZ+MhsDcK/Kk=; b=GSP1koLQ+lfuPPV978s0qBF7RAugPsVozQNQKk1eZwvpXQBl1pRSik3aSTWXSwZ79k NlNAgVk2mP2rP6B3WM2EC4S0+obXOZQ7Ka+BVPxzpMqaMSC3sZvPe3fOd+8Cp1AwUoPM UDvK9eQK2A84bvoyYgYk1DKibbp527XXUWOCo5Bfx3lkzx+zHHNBxPFOOE/YCnBj6c0S R73xU3iT4es2OksOo8Lv965wRV41QVFm1kVOlam4D6rdjoe1whdLld2rRBLkiwlhHXXU zBXtpOMR95Qe3GmDJ+v9tX8cytrgQwdcyiOgI8v9TbUl93TdqtYRxEvXTIoGesRn7qwD m1rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=K4nSEKa6p2fGVpn+B2Uy8JWMIUQKfVUgZ+MhsDcK/Kk=; b=6hcpPDcoFDq+Bp2ONgA4qVdxEEOzy0GjvwYtc+z/k/UcLVm3NFMTTw5L/4fHESaXM9 L1idDjoPOGwHuI34H9T/TLvAgILMpj4f3pjZhu22DmJqfYvtZRBFsXLKNqE70rr998O6 oHqeYuIlCHeZ2+Ieqaz6PSmc91VVLQTfkNzpNJsWpH9Rgr6O6/jyW/2MSQUByGcvi37n rvs4fGgHbs+e17EbfeQ/+5hoiL9dQAe9zqnm5nqSogqshfyA+aV3Oh/C7fSsPsB3J0X+ SIJpRlBxrGFBcs8XBkJ+DJT4jSlXYfFaZ8oCuvb/xXxe7i+kMPOoD2MLDLR9U2ChkCas imzA==
X-Gm-Message-State: AOAM530M7wWoKuyawj/da41Abm0cernS9cAi3Ekm6MnkthoNR0QpyPCj GNCHX0RjtsN7Mjy0MxaJk6kkwktj8hhXm96ILS7CzmC3
X-Google-Smtp-Source: ABdhPJwIxbT1NNfRwOsmR4aNo9jOpX8z/glOhRKrngJYIy9CU6bSy5HI0BxomJpDRFkEKNq7emdWds1PHHmvz1Z1kX8=
X-Received: by 2002:a05:6e02:1ca3:: with SMTP id x3mr19184202ill.103.1636945051869;  Sun, 14 Nov 2021 18:57:31 -0800 (PST)
MIME-Version: 1.0
References: <163694484848.16343.2365153538921279144@ietfa.amsl.com>
In-Reply-To: <163694484848.16343.2365153538921279144@ietfa.amsl.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 14 Nov 2021 21:57:21 -0500
Message-ID: <CAF4+nEF4yrDL6YvyZYZz=sNAk2GKvOscTU7KYwJgE=6Jnzu+vg@mail.gmail.com>
To: saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qk2qVznCZ94FnaoiO8M6T6cgkNo>
Subject: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 02:57:38 -0000

This revision is intended to resolve Roman's AD Review comments and
make a few other very minor improvements.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Sun, Nov 14, 2021 at 9:54 PM
Subject: New Version Notification for
draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
To: Donald E. Eastlake <d3e3e3@gmail.com>

A new version of I-D, draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
has been successfully submitted by Donald E. Eastlake and posted to the
IETF repository.

Name:           draft-eastlake-rfc6931bis-xmlsec-uris
Revision:       18
Title:          Additional XML Security Uniform Resource Identifiers (URIs)
Document date:  2021-11-14
Group:          Individual Submission
Pages:          50
URL:
https://www.ietf.org/archive/id/draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
Status:
https://datatracker.ietf.org/doc/draft-eastlake-rfc6931bis-xmlsec-uris/
Htmlized:
https://datatracker.ietf.org/doc/html/draft-eastlake-rfc6931bis-xmlsec-uris
Diff:
https://www.ietf.org/rfcdiff?url2=draft-eastlake-rfc6931bis-xmlsec-uris-18

Abstract:
   This document updates and corrects the IANA "XML Security URIs"
   registry that lists URIs intended for use with XML digital
   signatures, encryption, canonicalization, and key management.  These
   URIs identify algorithms and types of information.  This document
   also updates, corrects three errata against, and obsoletes RFC 6931.






The IETF Secretariat


From nobody Mon Nov 15 04:48:31 2021
Return-Path: <antoine.fressancourt@huawei.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EFCF3A0A97 for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 04:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level: 
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FScIVovKr_5 for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 04:48:25 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D3E73A0A8E for <saag@ietf.org>; Mon, 15 Nov 2021 04:48:25 -0800 (PST)
Received: from fraeml743-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Ht8606CCKz6867c for <saag@ietf.org>; Mon, 15 Nov 2021 20:44:40 +0800 (CST)
Received: from lhreml725-chm.china.huawei.com (10.201.108.76) by fraeml743-chm.china.huawei.com (10.206.15.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 15 Nov 2021 13:48:22 +0100
Received: from lhreml726-chm.china.huawei.com (10.201.108.77) by lhreml725-chm.china.huawei.com (10.201.108.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 15 Nov 2021 12:48:21 +0000
Received: from lhreml726-chm.china.huawei.com ([10.201.108.77]) by lhreml726-chm.china.huawei.com ([10.201.108.77]) with mapi id 15.01.2308.020;  Mon, 15 Nov 2021 12:48:21 +0000
From: Antoine FRESSANCOURT <antoine.fressancourt@huawei.com>
To: IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] Discovery: can it be solved
Thread-Index: AQHX2Kfv8TK92t3HgEu0JuOd8Z9ga6wEikBQ
Date: Mon, 15 Nov 2021 12:48:21 +0000
Message-ID: <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com>
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com>
In-Reply-To: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.206.215.39]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ilzH_UagGv2UYKBjyJP7Y96DyWY>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 12:48:30 -0000

Hello Watson,

I agree with you that discovery is a topic to address in the development an=
d deployment of privacy-preserving solutions. Indeed, if we want to avoid h=
aving to retrieve a full view of a network's topology to discover intermedi=
aries / trusted peers, we need a way to make a more targeted discovery secu=
re against deanonymization attacks.

I think I mentioned this during the Q&A of the talk I gave during the PEARG=
 meeting at the last IETF, but some people in the Tor community have presen=
ted a way to retrieve information about intermediaries without having to re=
trieve the whole topology. This work called PIR-Tor can be read here:
https://www.usenix.org/legacy/events/sec11/tech/full_papers/Mittal.pdf

I think private information retrieval is an interesting potential solution =
to the private discovery problem, in particular in its information-theoreti=
c form. All in all, I am really interested in investigating this question, =
and I think PEARG is a good working group to make progress on the matter.

Best regards,

Antoine Fressancourt


-----Original Message-----
From: saag [mailto:saag-bounces@ietf.org] On Behalf Of Watson Ladd
Sent: Saturday, November 13, 2021 4:57 PM
To: IETF SAAG <saag@ietf.org>
Subject: [saag] Discovery: can it be solved

Dear Saag,

It seems that a large number of proposals, from OHAI, DOH, Privacy Pass and=
 most recently some IP privacy work have received the same kind of pushback=
 around 'discovery': the argument that we need a mechanism for clients to f=
ind a large list of available and willing intermediaries. The challenge her=
e is that we have not seen a proposal, and it doesn't seem to answer the re=
al issues about diversity of intermediates, user trust in what they discove=
r, or address any of the very real issues around user experience.

I think this is a necessary discussion to have once rather than constantly =
relitigate.

Sincerely,
Watson Ladd

--
Astra mortemque praestare gradatim

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


From nobody Mon Nov 15 12:45:40 2021
Return-Path: <mt@lowentropy.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1D793A0952 for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 12:45:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level: 
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=pNpdrXK2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JZNyMThK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3cx6UbTEx7E for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 12:45:33 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6056F3A0945 for <saag@ietf.org>; Mon, 15 Nov 2021 12:45:33 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 75D613201D0C for <saag@ietf.org>; Mon, 15 Nov 2021 15:45:32 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Mon, 15 Nov 2021 15:45:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=Rtljlcfr5I8TV2TQ8HCpj3Hx4ycDu45 ZzIMPi+qo7co=; b=pNpdrXK2X5QX2g6KHhLLmwTkLZRHXIrYmLomtTeME7HiKhU 4JmonYuU6vP3kUMcCXik/THL72nfCgJSJxl8tCyGFkkgcbOGvuEFbtelfSP3sbfk DWtFfRa5D1V9zsoBG28Z9CfnUaJyMpKeAAUG7PZWmF+EdLqzxvlj5zUGjw4GDVYZ f73h/FtWjtf84Fr31chDDHkBRAzGEbCrQ/d2QhfXi2Pq17EPpqbhckYy1it0AJQm IAM+stZeS03fY/47HuYF3epSUxJ3seZL+RMeGE8rQbuUDOr8IJ4g104aWKruVGuE 3KHifIldWvl8+KL7ezSoxjU9xLYnK9q7C9Pb4FQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Rtljlc fr5I8TV2TQ8HCpj3Hx4ycDu45ZzIMPi+qo7co=; b=JZNyMThK8YFdLkVRRCEFiR V+zKfjBH9TrauUji3hg8njyNEQeWLk2Lj4Bv8i1mamwudBa1oypvq3YnLyOIMtbp nWtaSvv31klMsrMU41jyD1WgQ2fyaBpq9g4jfxeYOaREjN/ey3N770YdaEz6KdAn Za2LyaHZ1k3dPKLNM7X1VrCAGekWbaCYFdFf5A5XC0PE8yi/hq8p0EL4l4zvnROV MiiY9wparbBzSvn1Yy491cFg2/3P4QDlc1wbrHw0/An2lOwEW4ikiHvV235cwcYm RvKkWnpFktZO2XYqHmQPRp7CR4bLssUmHNEpDJA16KhFzXZc59R54zj1o0qMnNxA ==
X-ME-Sender: <xms:68aSYTVbJ-K0jbxCzvyQqTUSm51wv9zCMOJqiQXVadl9DXnubGJSZg> <xme:68aSYbmPhfmBHuMXuH2OfSDJwxL6FLIbP6tBXLQ14OxiV9qMzJ_RH8UCEgkDz5Wwx yZp_C6U4ZgV7KtEV5U>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrfedtgdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpedtgedvieduffelveduve duleeivdegleekhfeifefhieevtdetvedvfeefledukeenucffohhmrghinhepuhhsvghn ihigrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:7MaSYfa_6iAT3Hbki8dQrCaDTVTBdTe9-2fUzKeB9qxwYmSCXlPzxw> <xmx:7MaSYeUrFnyw9LMzSvklbgY6SvVEPg4U1hJ9bRPR753i_kioGR6eMw> <xmx:7MaSYdkyQArzf2p0emZlhqNSdUCWjW7ZcSGXR-o3XbATPSgKWkD7fg> <xmx:7MaSYZwXsj4c4Lg8BmMpsL0VUXS-3HVSnATJm9v6jShIGKixwAaXpQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id E8CA73C0C6F; Mon, 15 Nov 2021 15:45:31 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1371-g2296cc3491-fm-20211109.003-g2296cc34
Mime-Version: 1.0
Message-Id: <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com>
In-Reply-To: <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com>
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com>
Date: Tue, 16 Nov 2021 07:45:11 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: saag@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/iOAmPZIHehdFUcZLe_rwhXoUCrg>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 20:45:39 -0000

I'm personally not interested in more novel techniques for getting bits from point A to point B.  PIR has applications - it might be that Tor is one - but I don't think that framing this as sampling from a larger dataset is the right way to approach the problem. Maybe global and globally consistent knowledge is part of an answer, but if topological information were sufficient, then I suspect we'd not be discussing this.  For example, DHCP/RA provides information that is very topologically relevant.

The questions here are more fundamental.  What security basis do we have for clients retrieving critical information from the network? How does that affect the security of those clients? How might that shape how the services that are discovered can be deployed? What does that do to the diversity of those services?

At some level, the question of IP intermediation (aka routing) has been solved.  We assume virtually nothing from IP forwarding and routing, but also expect very little from those providing that service.  (The same is largely true for Tor, with some interesting caveats.)  The services Watson lists provide more advanced capabilities and come with associated risks. For example, DNS resolution creates a privacy exposure for clients. That means that it isn't so easy to allow arbitrary others to provide these services.

On Mon, Nov 15, 2021, at 23:48, Antoine FRESSANCOURT wrote:
> Hello Watson,
>
> I agree with you that discovery is a topic to address in the 
> development and deployment of privacy-preserving solutions. Indeed, if 
> we want to avoid having to retrieve a full view of a network's topology 
> to discover intermediaries / trusted peers, we need a way to make a 
> more targeted discovery secure against deanonymization attacks.
>
> I think I mentioned this during the Q&A of the talk I gave during the 
> PEARG meeting at the last IETF, but some people in the Tor community 
> have presented a way to retrieve information about intermediaries 
> without having to retrieve the whole topology. This work called PIR-Tor 
> can be read here:
> https://www.usenix.org/legacy/events/sec11/tech/full_papers/Mittal.pdf
>
> I think private information retrieval is an interesting potential 
> solution to the private discovery problem, in particular in its 
> information-theoretic form. All in all, I am really interested in 
> investigating this question, and I think PEARG is a good working group 
> to make progress on the matter.
>
> Best regards,
>
> Antoine Fressancourt
>
>
> -----Original Message-----
> From: saag [mailto:saag-bounces@ietf.org] On Behalf Of Watson Ladd
> Sent: Saturday, November 13, 2021 4:57 PM
> To: IETF SAAG <saag@ietf.org>
> Subject: [saag] Discovery: can it be solved
>
> Dear Saag,
>
> It seems that a large number of proposals, from OHAI, DOH, Privacy Pass 
> and most recently some IP privacy work have received the same kind of 
> pushback around 'discovery': the argument that we need a mechanism for 
> clients to find a large list of available and willing intermediaries. 
> The challenge here is that we have not seen a proposal, and it doesn't 
> seem to answer the real issues about diversity of intermediates, user 
> trust in what they discover, or address any of the very real issues 
> around user experience.
>
> I think this is a necessary discussion to have once rather than 
> constantly relitigate.
>
> Sincerely,
> Watson Ladd
>
> --
> Astra mortemque praestare gradatim
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Mon Nov 15 13:14:30 2021
Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1F83A09EE for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 13:14:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06hubfeIyoRU for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 13:14:24 -0800 (PST)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0122.outbound.protection.office365.us [23.103.208.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6638D3A09E8 for <saag@ietf.org>; Mon, 15 Nov 2021 13:14:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=V7RyCrsrcP2LHCL+R8M4I7yl3u43iDjTIDQwhpblEz5scUsfX5NChxVlJv2XNpVPUR4qPd33E8f9YJEs/q9zXw4pV8cPhFoM/VIGFi3MdFVXh3nCUJ2KZGu3RsrgGWJgMcUmWb5UllEmipx8ZNOGTlc/zQyVYMVfBhxZF4jzDyxMImMMBqqZ4FHSIKZG6ghmN2RlP1IUjjaVgYD1eQxD3R0DqDhfPBef+2ZDIkVs6K0ygAHQ42LPhEg4Z9oaXHglgpRWjC/wSXbSIdG/USKzTs4fUiH1qLNmspmBObgBuLCu6h6mgLwFmzd2gWZSoYWFTOs1SlU2ctWUacncnLGQdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;  bh=i9MROllgT0RNFwGCS+AAU6FFl0YUYOfWff1JcrcL704=; b=iRZODIhq56fa0rZJ18Q6RjrP7GCGGx1pRhhx2E3PALn3hHXUB90vwo0AXOu/D2QS39oEnDqhnWTZ+36IrDb0iwBb0zLR3eH1aTHLymo5oDbQ0HWMRQWI0WjMiMUmRsiV0x4tPqjTpDXdTMwLnDMmS14OXzeGjlVHfJZrtce0gesxXRqGNbDdyq7BkHeTBHVcGfaU33/CEeAlMG1+0zD6XHyLJxGZUu6wmsbX2cvXxp4zSjslTlsJIhLCufOQbeYrmgIwW2LaIGOsvOhZweGZJgA/Lu2ycxGzjEXvuwl/uuqKDPv6kAMoAFsE/NNxBjtHkRakYjcSVtXpKEP+njqItA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i9MROllgT0RNFwGCS+AAU6FFl0YUYOfWff1JcrcL704=; b=O+CRWDnu1GRVhJKXoAlTK2+jrwR+JdBveN+WmtinaXxNkk0gAXE5nBwUlVMqnZx4lhN4Zm5dJpFUUpLLGLkx79NpXzbuWrNdLNCRESzUgYq/JQJyFVt6Nuqo10BXA8CCz/FP2/1DiSFelMw4jCrpdXhdeumv+Dldhv8ooG5iiSM=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0801.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:132::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.26; Mon, 15 Nov 2021 21:14:17 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4690.027; Mon, 15 Nov 2021 21:14:17 +0000
From: Roman Danyliw <rdd@cert.org>
To: Donald Eastlake <d3e3e3@gmail.com>, saag <saag@ietf.org>
Thread-Topic: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
Thread-Index: AQHX2cyUqjNPTiVgREKSrx6b41MEfKwFE1DA
Date: Mon, 15 Nov 2021 21:14:16 +0000
Message-ID: <BN1P110MB09399632827B3E880D394577DC989@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <163694484848.16343.2365153538921279144@ietfa.amsl.com> <CAF4+nEF4yrDL6YvyZYZz=sNAk2GKvOscTU7KYwJgE=6Jnzu+vg@mail.gmail.com>
In-Reply-To: <CAF4+nEF4yrDL6YvyZYZz=sNAk2GKvOscTU7KYwJgE=6Jnzu+vg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4958e20e-a53d-4a49-a6b3-08d9a87ce1fe
x-ms-traffictypediagnostic: BN1P110MB0801:
x-microsoft-antispam-prvs: <BN1P110MB0801D8CC8703D1626E12D358DC989@BN1P110MB0801.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eTqG9fu7iKeKJBUffIrpNKAC+Zbju21C+DmSTPWPGyPlEg/TcYLxvgThG3TSeZSw4umwirHM0W20J3PQutQ6jlk+qw1RvjtdwFVT+MosjwUAUV7YnXgQdyK/pJwMXT6YDDuOkuzCi7SGuoHllS2q7s1ic1TBKNS90osLhJgZZ0269bSRWAWq4uys2IufXmxNW7+GiYZO+NqvIfZsDIl4YcmD6gif89A+Ftt21k6FaWkCBqiCHZ+/TNod3e4C+5zUWeHv7oSB9lHwYeUM/9Axb3CMMIPhK94awnKfAU+7eROEk3IEviZkeQcN2ueB2AESrecq+v/Lepj9l6WmmsLHPQUMtwC9p2xbats57Kaxx7h1cXgS9DMafPyJYI9ay72r8/5m/YVE8Kx2CQcyL2OF5lKEWtgF/0/3uo1BAd5xTlArTZMufREJn/ooQuWdePqJ8KAl09iTJDQbsggj5zoX1DqJpVr7O7ziB1K7+R8VRMOXRqX2MyqXVDO0Zn0u0n9XAimNuPHwOiq5Yc5I0HsmN0BKGo6FU1aT64jymTGAtzpk8Z4k0Z5DA9rY6LH9CScDHT0vSHHbWj+wwyvBC5dTCYrk+8P05pIphyrdosfNhuUAXUW+XXb0g+A6AuJKmV7u/T55xz+PzRNDerekSbKobPlw2/dw01un3VKIQFathi0iHkTFtsU688KNwAD0OB+qgVy4Np7mgZcz+HndbjoqRg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;  SFS:(366004)(7696005)(110136005)(71200400001)(15650500001)(122000001)(53546011)(186003)(76116006)(66946007)(55016002)(40140700001)(38070700005)(52536014)(26005)(6506007)(38100700002)(966005)(8936002)(5660300002)(64756008)(86362001)(66556008)(66476007)(66446008)(83380400001)(498600001)(82960400001)(2906002)(33656002)(8676002)(9686003)(4001150100001); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: pHwqzblPXYhgbmnJz2B0cf7kEdYjehEDc6/FDLzGd6tV6lTKKPNhmN0WAwD5jAC+HIQXL1+B8TNWal2OK+Oif2Uw3Oci+5akEdARHlp9q3w+loEidVqmD/mYwFMDyWVycabh9uYfxqUk7Q7dGJrhKfDb9Qjy43+OBMegGj56mQtvT61Gc3C/tQx+T5R+2EsR9/GNIuiDvbxZFCgUJVKFEwHjb95kz6vgadicAlT0xWOFpSomzKechx8kBnJuhNmnOSSQwYNEJDMAyT3NAGjWEJhlsbv7iyOU5x1Xf2DsveRx5eGvScKVYXKE1BN6IQc2cC6/WWOLfYaAIcyBz0JcWCFDVYbC539bVmcFut76tPhEi+Wbl1NLVR2BLwEO7kWeT9dXaz7Ku03fQGlhI9d6suYyYkFrlHjCkx3FsM/yRfx3IVmmNo865i3GvMumrtIzrOXO5ijhjYJfTjL+GTZP95rkGM/ZPf0QIaNA1GLiav8XruTR9I4DekVkuSRfyUEbBbzmLpHOmGVg9Cz3Y7pv+CcSFaqtbO9wWvio/Cso3MPxNwI6JQC2trRnGwQdNLrCpnZ7ukeeD5nazNogHVMnRrCQp3dtAc6GI4zfr1ScefmGXJy40GOzzTHq337H8aJ2qp8dL7qcx8iikYElUelmgAsy/LHOSKKbLRkketZASIO0DoIaATprFkoonQqixy+IgKE+GQQyUb3nwt97cWO5FgwG5mFmjqK+kN1kreyC3Ak=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 4958e20e-a53d-4a49-a6b3-08d9a87ce1fe
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2021 21:14:16.9270 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0801
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vdtpqIxasjfJ5iohB8BZE7EMo2Q>
Subject: Re: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 21:14:29 -0000

Hi Donald!

Thanks for this -18 draft and the quick turn-around.  It addresses my AD re=
view.  As such, I'm advancing the document to IETF LC.

Based on the new text, there are two nits.  Please catch them with whatever=
 other feedback comes during IETF LC.

** Section 2.6.4.  Editorial.  There is a typo in the KEM name for the exam=
ple.  s/PAEC-KEM/PSEC-KEM/.

** Section 5.2.  Editorial.  Making clear that the advice is for the DE.

OLD
New entries, including new Types, will be added based on
   Specification Required [RFC8126].  Criterion for inclusion are (1)

NEW
New entries, including new Types, will be added based on Specification Requ=
ired [RFC8126].  Criterion for the designated expert for inclusion are (1)

Regards,
Roman

> -----Original Message-----
> From: saag <saag-bounces@ietf.org> On Behalf Of Donald Eastlake
> Sent: Sunday, November 14, 2021 9:57 PM
> To: saag <saag@ietf.org>
> Subject: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931b=
is-
> xmlsec-uris-18.txt
>=20
> This revision is intended to resolve Roman's AD Review comments and make =
a
> few other very minor improvements.
>=20
> Thanks,
> Donald
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  2386 Panoramic Circle, Apopka, FL 32703 USA  d3e3e3@gmail.com
>=20
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Sun, Nov 14, 2021 at 9:54 PM
> Subject: New Version Notification for
> draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
> To: Donald E. Eastlake <d3e3e3@gmail.com>
>=20
> A new version of I-D, draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
> has been successfully submitted by Donald E. Eastlake and posted to the I=
ETF
> repository.
>=20
> Name:           draft-eastlake-rfc6931bis-xmlsec-uris
> Revision:       18
> Title:          Additional XML Security Uniform Resource Identifiers (URI=
s)
> Document date:  2021-11-14
> Group:          Individual Submission
> Pages:          50
> URL:
> https://www.ietf.org/archive/id/draft-eastlake-rfc6931bis-xmlsec-uris-18.=
txt
> Status:
> https://datatracker.ietf.org/doc/draft-eastlake-rfc6931bis-xmlsec-uris/
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-eastlake-rfc6931bis-xmlsec-ur=
is
> Diff:
> https://www.ietf.org/rfcdiff?url2=3Ddraft-eastlake-rfc6931bis-xmlsec-uris=
-18
>=20
> Abstract:
>    This document updates and corrects the IANA "XML Security URIs"
>    registry that lists URIs intended for use with XML digital
>    signatures, encryption, canonicalization, and key management.  These
>    URIs identify algorithms and types of information.  This document
>    also updates, corrects three errata against, and obsoletes RFC 6931.
>=20
>=20
>=20
>=20
>=20
>=20
> The IETF Secretariat
>=20
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


From nobody Mon Nov 15 18:33:35 2021
Return-Path: <d3e3e3@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE4D3A0433 for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 18:33:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level: 
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1R7VX0Tkvi9 for <saag@ietfa.amsl.com>; Mon, 15 Nov 2021 18:33:28 -0800 (PST)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E8843A041B for <saag@ietf.org>; Mon, 15 Nov 2021 18:33:28 -0800 (PST)
Received: by mail-il1-x133.google.com with SMTP id l8so18784014ilv.3 for <saag@ietf.org>; Mon, 15 Nov 2021 18:33:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BgUWt2v1UoEK55PRWrwB9O+UT5ZjD/Qmfrjyt002j7U=; b=gFARQLLBKrabt7pR+GBDv6xFt5AHRsxvIxDcMdka3P14sxupaFjPMUbgi/mL9WY4fG 8CCyLAALcIJJckXV5YabKENhIQS7hN4rRLxqjjIohAC2VrBg+p+h70J9Ozv7H43r+PgJ CNr5qO+RUAvWfrhjo8i9bMonbxS14NPn6thZr0jZLCf+K99fxuknI2aHkCuZ7fid8I/K fQc3x/0OofdHV52HZelIiczmvC8KV9GpiOYT04d1gy/hzR0sRVa1OV+KkkVXn+b5huko /fCGIElk+qkDb/e1XyLvx/Ly4cB4CFCKnf2RVraMGWDkId2X2GKUwsDEx8uUtzzL6E7t hsqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BgUWt2v1UoEK55PRWrwB9O+UT5ZjD/Qmfrjyt002j7U=; b=0l3ubDRwSKXgJCfuVbl3JcmY7cdJf6Eo8GtVBe4EmbVKTGGEFyD/M/QF/F06J/picr 6lo3t7IwzqUw57MTayh94ZjSxntlS/Xta6C5P5BOa+rOnzQ0PbFUnpsqcX8dIOfiosb+ PZ2eWCgnCXz85GG1ZDxUHLBFv3nfaAzPg1vM9IR2q4LxAOfIRPJWpv0it2wPSGT3SPaB jbXqcqoXW613wstQu19FsBitFSPe7ZjEq4MAGj8MWplhNUCCFdhK6/EE4L4w3mmSl+i1 JU2IbcWk1sR9kcSNBUGns7O1g2yusceY2wYCLOd2LjK5x1qGhVVzWJAfmlYNjnj8Ko6T 8jzw==
X-Gm-Message-State: AOAM530y66r1PXoAgU7VkKZFsWC78lfZ3d6MmMEn8B+Y/VqiJY1jXOLg B5/1h3Ew6uu1lEr5f1WIeq/AUu2/nvFzfrZS/9E=
X-Google-Smtp-Source: ABdhPJxn7VO6nQp+aoARI2xWTDFVgyNETm5ODW4a8PRP/GIdGjy5BcfRN+qmaX3xaa9iI4SsxGC2yuZniPhliUZeQ0c=
X-Received: by 2002:a92:c263:: with SMTP id h3mr2311793ild.322.1637030007072;  Mon, 15 Nov 2021 18:33:27 -0800 (PST)
MIME-Version: 1.0
References: <163694484848.16343.2365153538921279144@ietfa.amsl.com> <CAF4+nEF4yrDL6YvyZYZz=sNAk2GKvOscTU7KYwJgE=6Jnzu+vg@mail.gmail.com> <BN1P110MB09399632827B3E880D394577DC989@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN1P110MB09399632827B3E880D394577DC989@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Mon, 15 Nov 2021 21:33:15 -0500
Message-ID: <CAF4+nEHFym=ZUb98Ri01gxGH7Rqk_B2UjX3Os4uzbYFzwfKfAQ@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: saag <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/bSRUfObKWrusC3BbY_W8GvhmHNM>
Subject: Re: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 02:33:33 -0000

Hi Roman,

On Mon, Nov 15, 2021 at 4:14 PM Roman Danyliw <rdd@cert.org> wrote:
>
> Hi Donald!
>
> Thanks for this -18 draft and the quick turn-around.  It addresses my AD review.  As such, I'm advancing the document to IETF LC.

You're welcome. I've included the two changes below in my working copy
so they will be included in future versions.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com

> Based on the new text, there are two nits.  Please catch them with whatever other feedback comes during IETF LC.
>
> ** Section 2.6.4.  Editorial.  There is a typo in the KEM name for the example.  s/PAEC-KEM/PSEC-KEM/.
>
> ** Section 5.2.  Editorial.  Making clear that the advice is for the DE.
>
> OLD
> New entries, including new Types, will be added based on
>    Specification Required [RFC8126].  Criterion for inclusion are (1)
>
> NEW
> New entries, including new Types, will be added based on Specification Required [RFC8126].  Criterion for the designated expert for inclusion are (1)
>
> Regards,
> Roman
>
> > -----Original Message-----
> > From: saag <saag-bounces@ietf.org> On Behalf Of Donald Eastlake
> > Sent: Sunday, November 14, 2021 9:57 PM
> > To: saag <saag@ietf.org>
> > Subject: [saag] Fwd: New Version Notification for draft-eastlake-rfc6931bis-
> > xmlsec-uris-18.txt
> >
> > This revision is intended to resolve Roman's AD Review comments and make a
> > few other very minor improvements.
> >
> > Thanks,
> > Donald
> > ===============================
> >  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
> >  2386 Panoramic Circle, Apopka, FL 32703 USA  d3e3e3@gmail.com
> >
> > ---------- Forwarded message ---------
> > From: <internet-drafts@ietf.org>
> > Date: Sun, Nov 14, 2021 at 9:54 PM
> > Subject: New Version Notification for
> > draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
> > To: Donald E. Eastlake <d3e3e3@gmail.com>
> >
> > A new version of I-D, draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
> > has been successfully submitted by Donald E. Eastlake and posted to the IETF
> > repository.
> >
> > Name:           draft-eastlake-rfc6931bis-xmlsec-uris
> > Revision:       18
> > Title:          Additional XML Security Uniform Resource Identifiers (URIs)
> > Document date:  2021-11-14
> > Group:          Individual Submission
> > Pages:          50
> > URL:
> > https://www.ietf.org/archive/id/draft-eastlake-rfc6931bis-xmlsec-uris-18.txt
> > Status:
> > https://datatracker.ietf.org/doc/draft-eastlake-rfc6931bis-xmlsec-uris/
> > Htmlized:
> > https://datatracker.ietf.org/doc/html/draft-eastlake-rfc6931bis-xmlsec-uris
> > Diff:
> > https://www.ietf.org/rfcdiff?url2=draft-eastlake-rfc6931bis-xmlsec-uris-18
> >
> > Abstract:
> >    This document updates and corrects the IANA "XML Security URIs"
> >    registry that lists URIs intended for use with XML digital
> >    signatures, encryption, canonicalization, and key management.  These
> >    URIs identify algorithms and types of information.  This document
> >    also updates, corrects three errata against, and obsoletes RFC 6931.
> >
> >
> >
> >
> >
> >
> > The IETF Secretariat
> >
> > _______________________________________________
> > saag mailing list
> > saag@ietf.org
> > https://www.ietf.org/mailman/listinfo/saag


From nobody Tue Nov 16 05:15:12 2021
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1643A08E6 for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 05:15:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2XWkRMtYYWk for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 05:15:05 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CE193A08E7 for <saag@ietf.org>; Tue, 16 Nov 2021 05:15:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id D5F6418022; Tue, 16 Nov 2021 08:17:22 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8YlKuabbh7dE; Tue, 16 Nov 2021 08:17:19 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6E51818017; Tue, 16 Nov 2021 08:17:19 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1637068639; bh=JWUgP4Pjs9tz3b2fUevDD1XFLSDs0TIvTILxjM/OvD4=; h=From:To:Subject:In-Reply-To:References:Date:From; b=AZgWRbAFbuHN1gXkNwSP6Won9RmfnFXCE0T4FRVk37SpKsDVHEf7DParwNP4Y8XsG usWHKP1kTYVI9SVgg8s9JyCZ1k1kf9ezVznhzzaNVradJaaGqefDOw/gY0Ui0Ei3A8 mBr9LhHg3CaPsgQk8qHlb7cHrHgHV2/cOYEC8LuWou5GxPWtWAwykFXTFL+ueesp9z VhJHK2TlV8W8A0E4MGPp3ioDMLCcfj8eufcvOnWa3YH0BChtly5MwOgV2wGu31Xvrm Ouyjq/O5D6uC+4EGIcdfGgfVkqC/cmgm+8/VS6P3+ZeN4n0v+sSfdY4cbKnHO2z74f dWsIZv+Ipf5Pg==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 00A1665; Tue, 16 Nov 2021 08:14:57 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Martin Thomson" <mt@lowentropy.net>, saag@ietf.org
In-Reply-To: <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com>
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Tue, 16 Nov 2021 08:14:57 -0500
Message-ID: <19101.1637068497@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/QzTgl6RNTPKkDcvZssrZ0zue7Yo>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 13:15:10 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Martin Thomson <mt@lowentropy.net> wrote:
    > The questions here are more fundamental.  What security basis do we
    > have for clients retrieving critical information from the network? How
    > does that affect the security of those clients? How might that shape
    > how the services that are discovered can be deployed? What does that =
do
    > to the diversity of those services?

I think that this is a pretty good question.

1) IoT LLN networks would like to avoid multicast, and so we have a move fr=
om
   multicast everything to register.

2) It's not a big-yellow-coax anyway, multicast is not real (its emulated),
   MLD is broken in many places, we can't continue to play L2 tricks.
   We need to acknowledge the real L1 topology, and we can do this in IPv6.

3) SEND failed due to lack of network/node/node trust relationships.

4) How many temporary addresses can the network sustain for each node?
   We have no way in current RA/RS ND/NA for the routers to put any kind
   of limit, and we already have documents that deal with pre-populating
   NCE in routers to lower latency on initial connections.
   If nodes need to register, then maybe the authentication can be mutual.

    > At some level, the question of IP intermediation (aka routing) has be=
en
    > solved.  We assume virtually nothing from IP forwarding and routing,
    > but also expect very little from those providing that service.

I don't really agree with this statement.  I don't think it's been solved.
I think that we have paved over this relationship (think: little child with
fingers in their ears.... "I can't hear you"), and it's exactly this relati=
on
that we need to fix.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 I=C3=B8T consulti=
ng )
           Sandelman Software Works Inc, Ottawa and Worldwide





--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAmGTrtEACgkQgItw+93Q
3WXWGwf/d+AGgvLcbAlQxhtm0iSh9MG7h/HTGuBG5Ss/2NL33ARofaMiJpDHdOar
jcY17DOqVFGCcByUvZOmlq9hFozZlMrr2l5xhbDRICR09f2Ojk5tPcxUdFUjkKwI
Tbbg++C0zxJckY6hPDL+QlbA4anznNz0kzCRki43BtUt+X57VGy7gaBSgDgH3hK+
zu9WVnr67aeP2UzHHVTdw4JiYYHu6kF6it15B6vw1cwGe4Litd1XoFgY3nTOW7+s
ZvE4Znq1bzyUyOvOACLU5JpNJ7o0jrYGkh+TFwRK31Z0lNkfuNLL7kZohGcdQFUe
G9MQC9QUIKkTVkZ0fiac8LuGZZ4bpg==
=zItw
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov 16 13:25:34 2021
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2363A0961 for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:25:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level: 
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id leNTF7seDGlX for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B1C3A095E for <saag@ietf.org>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
Received: by mail-pl1-x62d.google.com with SMTP id y7so350222plp.0 for <saag@ietf.org>; Tue, 16 Nov 2021 13:25:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to;  bh=OEhVlk9/yPW6T9XcOlZE7E4Oi5pMVpNPpOwcjolL48I=; b=HzfINLOpFBlFfYiYuFK8o8YkSa8b4ivKy9LrrOyxSmqqStJAzlrz8ILqIzWVrr7jDq nhCj7l6ozr7MaauRhehzoxqWedghCbagw60hkKB6X5PZUl2cAw/Xj21iCxBfUVBzkR4z 1bV1/UPUkHHc+8fYFCGh+wy5Xu2sbAnq9mA5WdDsj7pvKhh9eIkICsCRgxjEz7jLw5fz Sgxw5bRhGNzH9TFQcCTEY3InNp6YUTKx0tteNGEXmporzitgvIigXTFyyJgyzNSZ3Vzu huVYa4iSzzBGBKfOnjeXiSwoQUqyhXO2mYqHGm3473wG0o5XjdgRg12CNFEo61F4euUk EvMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=OEhVlk9/yPW6T9XcOlZE7E4Oi5pMVpNPpOwcjolL48I=; b=T8DIxxqWktJhwoQAR5QJbtitlHbF7+rbQ22AkM+B1GGv9sQFCWrc3N4Mhd8h/e5IsN 7hnUQSI7Njj2Wm8YwSkPEagmQnPdmudZxK4gfXmwn70eHgwiMbEVWdNXpxPWSBhSXtLK cawbRAvy6vQPJqxpp3RwPKrMOYXoqTFZKTodwE5ymDI/BuLDCkc7Tjz8qiq8iRic7Y+w YtByucY3LeeJKPPZvoZe5Gv5PGMsx96jvdTpO2Z4X4Xe+hhxEKIzvhPhm2OK6F8Qw2/C XKgJePjNgih19zHC4qyxMgLeJMYA9aLw1W/cuWipZx/JvBeTegUB+XVF3i1XauQa+g4Y 7LrA==
X-Gm-Message-State: AOAM533SLanoD985vWKYZmtrePCRi85JuPMieCIbjhHI5jsMwo8XUPiT pcgtBnGT+uZw/XrfFGwvL2BmmYCZ/MOiKJRPBtCGiPnT
X-Google-Smtp-Source: ABdhPJy//w/jCEDKkTUweSEoVpOSr6tEqxGA+VdSAlDeM/If0CbIZKmrgoZT4AfB7dVAd1HuXHqmzj2VVIt//ldgL0A=
X-Received: by 2002:a17:902:bd88:b0:143:d318:76e6 with SMTP id q8-20020a170902bd8800b00143d31876e6mr6094285pls.66.1637097926568; Tue, 16 Nov 2021 13:25:26 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost>
In-Reply-To: <19101.1637068497@localhost>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Tue, 16 Nov 2021 13:25:15 -0800
Message-ID: <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000602ddf05d0ee90a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dPeTMqnSnBanHzJ0BpTn6yllGsk>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 21:25:33 -0000

--000000000000602ddf05d0ee90a2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I don't see any value in standardizing discovery of privacy-related
services.
When a client device (a user agent, if you will) ships a feature that is
marketed at improving user privacy, the vendor makes some promises to its
users. For example, it could say "your IP address is hidden from websites".
The vendor needs to follow through on that claim, and the way it does that
is
by using specific proxies that it trusts. If the vendor is fancy, it might
even build
a two-hop system with some cool privacy properties - but those properties
still
rely on the contractual agreements the vendor has with the other proxy
operators.
The vendor simply isn't going to let the local network recommend a proxy
provider,
because then the vendor would be lying to its users.

David

On Tue, Nov 16, 2021 at 5:15 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Martin Thomson <mt@lowentropy.net> wrote:
>     > The questions here are more fundamental.  What security basis do we
>     > have for clients retrieving critical information from the network?
> How
>     > does that affect the security of those clients? How might that shap=
e
>     > how the services that are discovered can be deployed? What does tha=
t
> do
>     > to the diversity of those services?
>
> I think that this is a pretty good question.
>
> 1) IoT LLN networks would like to avoid multicast, and so we have a move
> from
>    multicast everything to register.
>
> 2) It's not a big-yellow-coax anyway, multicast is not real (its emulated=
),
>    MLD is broken in many places, we can't continue to play L2 tricks.
>    We need to acknowledge the real L1 topology, and we can do this in IPv=
6.
>
> 3) SEND failed due to lack of network/node/node trust relationships.
>
> 4) How many temporary addresses can the network sustain for each node?
>    We have no way in current RA/RS ND/NA for the routers to put any kind
>    of limit, and we already have documents that deal with pre-populating
>    NCE in routers to lower latency on initial connections.
>    If nodes need to register, then maybe the authentication can be mutual=
.
>
>     > At some level, the question of IP intermediation (aka routing) has
> been
>     > solved.  We assume virtually nothing from IP forwarding and routing=
,
>     > but also expect very little from those providing that service.
>
> I don't really agree with this statement.  I don't think it's been solved=
.
> I think that we have paved over this relationship (think: little child wi=
th
> fingers in their ears.... "I can't hear you"), and it's exactly this
> relation
> that we need to fix.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 I=C3=B8T consul=
ting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

--000000000000602ddf05d0ee90a2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I don&#39;t see any value in standardizing discovery of pr=
ivacy-related services.<div>When a client device (a user agent, if you will=
) ships a feature that is</div><div>marketed at improving user privacy, the=
 vendor makes some promises to its</div><div>users. For example, it could s=
ay &quot;your IP address is hidden from websites&quot;.</div><div>The vendo=
r needs to follow through on that claim, and the way it does that is</div><=
div>by using specific proxies that it trusts. If the vendor is fancy, it mi=
ght even build</div><div>a two-hop system with some cool privacy properties=
 - but those properties still</div><div>rely on the contractual agreements =
the vendor has with the other proxy operators.</div><div>The vendor simply =
isn&#39;t going to let the local network recommend a proxy provider,</div><=
div>because then the vendor would be lying to its users.</div><div><br></di=
v><div>David</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cla=
ss=3D"gmail_attr">On Tue, Nov 16, 2021 at 5:15 AM Michael Richardson &lt;<a=
 href=3D"mailto:mcr%2Bietf@sandelman.ca">mcr+ietf@sandelman.ca</a>&gt; wrot=
e:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Martin Thomson &lt;<a href=3D"mailto:mt@lowentropy.net" target=3D"_blank">m=
t@lowentropy.net</a>&gt; wrote:<br>
=C2=A0 =C2=A0 &gt; The questions here are more fundamental.=C2=A0 What secu=
rity basis do we<br>
=C2=A0 =C2=A0 &gt; have for clients retrieving critical information from th=
e network? How<br>
=C2=A0 =C2=A0 &gt; does that affect the security of those clients? How migh=
t that shape<br>
=C2=A0 =C2=A0 &gt; how the services that are discovered can be deployed? Wh=
at does that do<br>
=C2=A0 =C2=A0 &gt; to the diversity of those services?<br>
<br>
I think that this is a pretty good question.<br>
<br>
1) IoT LLN networks would like to avoid multicast, and so we have a move fr=
om<br>
=C2=A0 =C2=A0multicast everything to register.<br>
<br>
2) It&#39;s not a big-yellow-coax anyway, multicast is not real (its emulat=
ed),<br>
=C2=A0 =C2=A0MLD is broken in many places, we can&#39;t continue to play L2=
 tricks.<br>
=C2=A0 =C2=A0We need to acknowledge the real L1 topology, and we can do thi=
s in IPv6.<br>
<br>
3) SEND failed due to lack of network/node/node trust relationships.<br>
<br>
4) How many temporary addresses can the network sustain for each node?<br>
=C2=A0 =C2=A0We have no way in current RA/RS ND/NA for the routers to put a=
ny kind<br>
=C2=A0 =C2=A0of limit, and we already have documents that deal with pre-pop=
ulating<br>
=C2=A0 =C2=A0NCE in routers to lower latency on initial connections.<br>
=C2=A0 =C2=A0If nodes need to register, then maybe the authentication can b=
e mutual.<br>
<br>
=C2=A0 =C2=A0 &gt; At some level, the question of IP intermediation (aka ro=
uting) has been<br>
=C2=A0 =C2=A0 &gt; solved.=C2=A0 We assume virtually nothing from IP forwar=
ding and routing,<br>
=C2=A0 =C2=A0 &gt; but also expect very little from those providing that se=
rvice.<br>
<br>
I don&#39;t really agree with this statement.=C2=A0 I don&#39;t think it&#3=
9;s been solved.<br>
I think that we have paved over this relationship (think: little child with=
<br>
fingers in their ears.... &quot;I can&#39;t hear you&quot;), and it&#39;s e=
xactly this relation<br>
that we need to fix.<br>
<br>
--<br>
Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca" target=3D=
"_blank">mcr+IETF@sandelman.ca</a>&gt;=C2=A0 =C2=A0. o O ( IPv6 I=C3=B8T co=
nsulting )<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Sandelman Software Works Inc, Otta=
wa and Worldwide<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
saag mailing list<br>
<a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/saag" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</blockquote></div>

--000000000000602ddf05d0ee90a2--


From nobody Tue Nov 16 13:31:54 2021
Return-Path: <johan.pascal@linphone.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71243A096A for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:31:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linphone.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VGk1jQkx9DPz for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:31:48 -0800 (PST)
Received: from smtp.belledonne-communications.com (smtp.belledonne-communications.com [178.32.112.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 294E73A090B for <saag@ietf.org>; Tue, 16 Nov 2021 13:31:47 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.belledonne-communications.com (Postfix) with ESMTP id C3AA3C01531 for <saag@ietf.org>; Tue, 16 Nov 2021 22:31:45 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.belledonne-communications.com C3AA3C01531
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linphone.org; s=default; t=1637098305; bh=NUjyWG6f3Z2cnM2jxXHMaQNazxU+/q1xnZY8EFmpsI4=; h=Date:From:Subject:To:From; b=WJAgqpNbCANNAAdaPyA9lS/uZzSueuIEZU1CmFEY2I35jlQ2gHBNZKqYCQN8/fbOH SUqxIvBjyuj+d3907v48rjMRkcEtGjSNjxhRU0o9LemW1jWrdSvCp7f/QU7hxCSlPh Ez1xhlf45CMbbubO5waUtUND1kQVxX3WZdAOW+w2UgoT9Bz3YY44Syrfkkpawn5tdd H/nlCdRpMU8JfP1GuDKHfAGnAOqm4GNkEfiN9psJ5cNwn3Xj8/AL/V/ukE3wJapeBg 0YL1AEh/jaqljqMdFQlhfgzBuYeeFiENeK9bQAq+itiMniMYC5LpkAmjQO8reePidb MLCYzrkPF/QdA==
X-Virus-Scanned: amavisd-new at belledonne-communications.com
Received: from smtp.belledonne-communications.com ([127.0.0.1]) by localhost (smtp.belledonne-communications.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id S2wmhnSlr_d9 for <saag@ietf.org>; Tue, 16 Nov 2021 22:31:45 +0100 (CET)
Received: from [192.168.1.100] (unknown [80.214.212.226]) by smtp.belledonne-communications.com (Postfix) with ESMTPSA id 45D95C0118A for <saag@ietf.org>; Tue, 16 Nov 2021 22:31:45 +0100 (CET)
Message-ID: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org>
Date: Tue, 16 Nov 2021 22:31:44 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.2
Content-Language: en-US
From: Johan Pascal <johan.pascal@linphone.org>
To: saag@ietf.org
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/HjxX-4QcqbgO6pshPsPozbhxTV0>
Subject: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 21:31:53 -0000

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><font face="Clean">Dear Saag,</font></p>
    <p><font face="Clean">on Roman's advice, I post on this list to
        mention the need for an update to ZRTP in order to support
        Post-Quantum Crytography. RFC6189 was an individual submission
        and as far as I know no active WG is maintaining this protocol.</font></p>
    <p><font face="Clean">ZRTP is based on (EC)DH and requires a deep
        rework to support the KEM interface used by the NIST PQ key
        exchange algorithms. I started working on this topic, my next
        step would be to submit am I-D updating RFC6189 but I'm far from
        it so if someone is interested let me know and I can share the
        preliminary analysis to start a discussion.</font></p>
    <p><font face="Clean"><br>
      </font></p>
    <p><font face="Clean">Side note: The PQC version of ZRTP should
        actually use an hybrid key exchange using both (EC)DH and PQ-KEM
        in parallel. Every protocol using key exchange/encapsulation
        algorithm and willing to transition toward PQC have to deal with
        this problem so I think it would be more effective to address it
        in a specific document that would describe:</font></p>
    <p><font face="Clean">- how to implement a KEM from X25519/X448 or
        others (EC)DH algorithms</font></p>
    <p><font face="Clean">- how to combine the output of two or more
        KEMs to provide an hybrid one that would be seen from the
        protocol level (like ZRTP for example) as a single KEM.</font></p>
    <p><font face="Clean">Some combiners suggestions can be found for
        example in this publication <a class="moz-txt-link-freetext" href="https://eprint.iacr.org/2018/903.pdf">https://eprint.iacr.org/2018/903.pdf</a></font></p>
    <p><font face="Clean">The idea would be to avoid repeating the
        hybrid KEM description in various documents and focus the
        discussions on that specific matter in one central point.<br>
      </font></p>
    <p><font face="Clean">Regards,</font></p>
    <p><font face="Clean">Johan<br>
      </font></p>
  </body>
</html>


From nobody Tue Nov 16 13:52:17 2021
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5443A09C2 for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:52:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level: 
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o38-RdvhHIeb for <saag@ietfa.amsl.com>; Tue, 16 Nov 2021 13:52:11 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E6803A09C0 for <saag@ietf.org>; Tue, 16 Nov 2021 13:52:11 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id e144so469142iof.3 for <saag@ietf.org>; Tue, 16 Nov 2021 13:52:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UOWhF7CGJQUYYqudy4IZ658ir4dFWkmWQ+LKHLej63s=; b=HqWbRzMuSxgt3Hz7DQe36MahoMfPtJuqTiWhwbaQcCTEHZOU2CnjpzSjGgxK4snU7k XwIU0L2vy+N2Sow74Dgwazqb1oT0074GFPNBKIORVq6JNZBhxw9I4kPaKsMCmxxPguEP 4IKGqU6jKqPOFdfgDwXk6x+Dst7ol7pFymI44NxaDGgYlwlR/dTMLJaTxF6BXkINOSVw IkeLm/y0+901ph30JloxUm7eAIDJo+4WJvNqdShxscy3VJNzBcysyfTh8s0e/KgPTWbm GK+mBBLgXvOciS7yQ59xzYy7G+H0RIQ1g4QWCXrcd5XD8sDWUENF92t98JIfS9CC1MBQ o/zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UOWhF7CGJQUYYqudy4IZ658ir4dFWkmWQ+LKHLej63s=; b=wMoSS1kq3Eatzt7tMwPew7OlE3Idm/Xl9C4nb8XfK1KrnYqgiXg2eEGqr59bN/TK14 HQqxtg6ehiX7UK9lz5WZpuGwOVHduPZbHEau9AeAecaKa/lYkniUO8jKDBGE5FhUa/PJ 3Nz8Hqx4dzMwBdYZ9jow8dnM7HnnPTiNb5MpfwdtQREn6LqkJRL/70VY3VvUe3jtk0Aw cKFuFjisrt/XtxSO823YHSUvT7z1eBi3jvjrJ5r3Lff5vJncLSbsgrklzxxrQKjHsKV2 NquX25c4S8EdGgWHhM4stiPVjABMIClt0K20uLySyGs+3CwkRhkot9Gp0JqinAo/ACYe 3bmw==
X-Gm-Message-State: AOAM532j2PkraKsP5EKyfL+gz4Nnfpr1lXuLy0xMehTWgrdXHdNqNjEz vpkB0IQFmzveSxw9eE1cP3MnPsfxKnci65CSaogFnb6iMWUH4w==
X-Google-Smtp-Source: ABdhPJyNtGkr9v6cAXBpVVl+ZV97fo/Xe8mWJYos2jFKfgjFHP1El5Bz840WJAs6DjEsyzk8c9moc5hbdIcmx4zIPwE=
X-Received: by 2002:a6b:b4cc:: with SMTP id d195mr7383470iof.0.1637099529776;  Tue, 16 Nov 2021 13:52:09 -0800 (PST)
MIME-Version: 1.0
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org>
In-Reply-To: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Nov 2021 13:51:34 -0800
Message-ID: <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com>
To: Johan Pascal <johan.pascal@linphone.org>
Cc: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ef477205d0eeef1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/BrwJ23C_AIUI-0YSsEtQ3JnRZnQ>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 21:52:16 -0000

--000000000000ef477205d0eeef1f
Content-Type: text/plain; charset="UTF-8"

Hi Johann,

As you say, there are some common design questions with any protocol which
wants to graft PQ onto DH in a hybrid mode. There is already a fair amount
of work in this in TLS (
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/), though it
looks less like making ECDH act like a KEM and more often making the KEMs
act like ECDH. I'm honestly not sure how much new work there is to do here;
over in TLS we're mostly waiting for NIST. I do think it would be helpful
to have CFRG or the like specific a PQ algorithm but I'm not sure a generic
algorithm describing hybrid will help that much, as opposed to having that
last mile be protocol specific

Process-wise, the IETF is not maintaining ZRTP, so you would probably need
to do an individual submission or send it to the ISE if you want to update
it.

-Ekr




On Tue, Nov 16, 2021 at 1:32 PM Johan Pascal <johan.pascal@linphone.org>
wrote:

> Dear Saag,
>
> on Roman's advice, I post on this list to mention the need for an update
> to ZRTP in order to support Post-Quantum Crytography. RFC6189 was an
> individual submission and as far as I know no active WG is maintaining this
> protocol.
>
> ZRTP is based on (EC)DH and requires a deep rework to support the KEM
> interface used by the NIST PQ key exchange algorithms. I started working on
> this topic, my next step would be to submit am I-D updating RFC6189 but I'm
> far from it so if someone is interested let me know and I can share the
> preliminary analysis to start a discussion.
>
>
> Side note: The PQC version of ZRTP should actually use an hybrid key
> exchange using both (EC)DH and PQ-KEM in parallel. Every protocol using key
> exchange/encapsulation algorithm and willing to transition toward PQC have
> to deal with this problem so I think it would be more effective to address
> it in a specific document that would describe:
>
> - how to implement a KEM from X25519/X448 or others (EC)DH algorithms
>
> - how to combine the output of two or more KEMs to provide an hybrid one
> that would be seen from the protocol level (like ZRTP for example) as a
> single KEM.
>
> Some combiners suggestions can be found for example in this publication
> https://eprint.iacr.org/2018/903.pdf
>
> The idea would be to avoid repeating the hybrid KEM description in various
> documents and focus the discussions on that specific matter in one central
> point.
>
> Regards,
>
> Johan
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

--000000000000ef477205d0eeef1f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Johann,</div><div><br></div><div>As you say, there=
 are some common design questions with any protocol which wants to graft PQ=
 onto DH in a hybrid mode. There is already a fair amount of work in this i=
n TLS (<a href=3D"https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-de=
sign/">https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/</a>),=
 though it looks less like making ECDH act like a KEM and more often making=
 the KEMs act like ECDH. I&#39;m honestly not sure how much new work there =
is to do here; over in TLS we&#39;re mostly waiting for NIST. I do think it=
 would be helpful to have CFRG or the like specific a PQ algorithm but I&#3=
9;m not sure a generic algorithm describing hybrid will help that much, as =
opposed to having that last mile be protocol specific<br></div><div><br></d=
iv><div>Process-wise, the IETF is not maintaining ZRTP, so you would probab=
ly need to do an individual submission or send it to the ISE if you want to=
 update it.</div><div><br></div><div>-Ekr</div><div><br></div><div><br></di=
v><div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" clas=
s=3D"gmail_attr">On Tue, Nov 16, 2021 at 1:32 PM Johan Pascal &lt;<a href=
=3D"mailto:johan.pascal@linphone.org">johan.pascal@linphone.org</a>&gt; wro=
te:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px =
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
 =20

   =20
 =20
  <div>
    <p><font face=3D"Clean">Dear Saag,</font></p>
    <p><font face=3D"Clean">on Roman&#39;s advice, I post on this list to
        mention the need for an update to ZRTP in order to support
        Post-Quantum Crytography. RFC6189 was an individual submission
        and as far as I know no active WG is maintaining this protocol.</fo=
nt></p>
    <p><font face=3D"Clean">ZRTP is based on (EC)DH and requires a deep
        rework to support the KEM interface used by the NIST PQ key
        exchange algorithms. I started working on this topic, my next
        step would be to submit am I-D updating RFC6189 but I&#39;m far fro=
m
        it so if someone is interested let me know and I can share the
        preliminary analysis to start a discussion.</font></p>
    <p><font face=3D"Clean"><br>
      </font></p>
    <p><font face=3D"Clean">Side note: The PQC version of ZRTP should
        actually use an hybrid key exchange using both (EC)DH and PQ-KEM
        in parallel. Every protocol using key exchange/encapsulation
        algorithm and willing to transition toward PQC have to deal with
        this problem so I think it would be more effective to address it
        in a specific document that would describe:</font></p>
    <p><font face=3D"Clean">- how to implement a KEM from X25519/X448 or
        others (EC)DH algorithms</font></p>
    <p><font face=3D"Clean">- how to combine the output of two or more
        KEMs to provide an hybrid one that would be seen from the
        protocol level (like ZRTP for example) as a single KEM.</font></p>
    <p><font face=3D"Clean">Some combiners suggestions can be found for
        example in this publication <a href=3D"https://eprint.iacr.org/2018=
/903.pdf" target=3D"_blank">https://eprint.iacr.org/2018/903.pdf</a></font>=
</p>
    <p><font face=3D"Clean">The idea would be to avoid repeating the
        hybrid KEM description in various documents and focus the
        discussions on that specific matter in one central point.<br>
      </font></p>
    <p><font face=3D"Clean">Regards,</font></p>
    <p><font face=3D"Clean">Johan<br>
      </font></p>
  </div>


_______________________________________________<br>
saag mailing list<br>
<a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/saag" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</blockquote></div>

--000000000000ef477205d0eeef1f--


From nobody Wed Nov 17 02:14:06 2021
Return-Path: <ted.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2CBD3A0BC5 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 02:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level: 
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNe9nUqDADYA for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5EE53A0BB4 for <saag@ietf.org>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id f9so2325889ioo.11 for <saag@ietf.org>; Wed, 17 Nov 2021 02:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4ESn8JXw9wlHwB0IiNJTErZze12gdaUE9rK3xf3SV48=; b=o4/kPHmqRcfoHlyzsvO7HmR/E40PtCxbnbAxhg8lGpPM0aKcEfYrcIJwjicA5tmSLw POFiFMfPDAZc/bU0QRA/WdE/O5TF2JLtLkmIKCyWajphN2KL9hq3Cs1JmGrh0/sZ3WW/ 1Sy0PXe8BTqJwg1jRObo6wvaFTHRoZMsEXOZHkMbjdJX9atpf5rTfUH00EwmSou2US1M voyXqC5C1UjqcVbHybRLHXAIHYHd+MRaI7cAxfqNtMcC5i6BR9IhUor7LKVex/Flp9kB Ixcauticp9Qk54eVsPADSyzVNhHIsexdraFnoNqd4HNpzsjBkT59MkbBHiXxZJDohyk3 HhTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4ESn8JXw9wlHwB0IiNJTErZze12gdaUE9rK3xf3SV48=; b=2zgF7K4e103QZUh2qLzsCVX7f4cxCB+nLdtTTEhFRHkNIaFaai9804PkwAhb1zQf17 ZhVj2HjUtYk2qrlHivKnki2xGcvR7990SGEu0iaASMNTCsOC1cANxN77A8XPuiZVQmfY fuuMXMoqVRWO7lKrC6ht81CetDlBX4lRQEoNrHvwt/fUIUf6qJdLzqEADN8R9oEAyafQ 1UfuJHSJfb88z5gu20uM6ZxfKmO0ULgJfLtUpYAXSljSxXXLAFVA3SZm8U/2KfTKrYLr hB5/F+5enEE+syxWYNNE1+qX01J3rOsv/2De9HUpnmQEjbr+MfIJCgJoSzcvbMy+b4Vr 2eEg==
X-Gm-Message-State: AOAM531vXeHkn2B1uyschKBiZOUJvhtIAyykIy870eBN9JN2ms/So9s0 As5oTCTicZKFkVtYcpYClBOuCUZ4uyQ+quP+WFklM6neDnsPkw==
X-Google-Smtp-Source: ABdhPJwQYwZjrQ5pxAlwmiXm7xOMg13i62jbIufxQyuNfZc9yy9iqA8SruZr0tfTXfIwaJTf/P9mRqwkjbAmAcU1Sto=
X-Received: by 2002:a05:6638:11cb:: with SMTP id g11mr11308052jas.139.1637144038079;  Wed, 17 Nov 2021 02:13:58 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
In-Reply-To: <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 17 Nov 2021 10:13:31 +0000
Message-ID: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Cc: saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d6017105d0f94c88"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_qIzxvDXrHwhyoPQ2Ka4doYXK4M>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 10:14:05 -0000

--000000000000d6017105d0f94c88
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi David,

On Tue, Nov 16, 2021 at 9:25 PM David Schinazi <dschinazi.ietf@gmail.com>
wrote:

> I don't see any value in standardizing discovery of privacy-related
> services.
> When a client device (a user agent, if you will) ships a feature that is
> marketed at improving user privacy, the vendor makes some promises to its
> users. For example, it could say "your IP address is hidden from websites=
".
> The vendor needs to follow through on that claim, and the way it does tha=
t
> is
> by using specific proxies that it trusts.
>

Put differently, the need for discovery depends on what claim the folks
shipping the feature put forward.  I can imagine claims that work with
discovery, like "This software protects from on-the-wire observers
collecting your DNS traffic by using any locally available DoH or DoQ
services.  It falls back to a globally configured service when no local
services are available."  I can imagine claims that do not.

As Martin put it:

What security basis do we have for clients retrieving critical information
from the network? How does that affect the security of those clients? How
might that shape how the services that are discovered can be deployed? What
does that do to the diversity of those services?

Unless we somehow establish a consensus security basis for clients
retrieving critical information from the network, it  seems likely to me
that at least some deployments will use discovered services.



> If the vendor is fancy, it might even build
> a two-hop system with some cool privacy properties - but those properties
> still
> rely on the contractual agreements the vendor has with the other proxy
> operators.
> The vendor simply isn't going to let the local network recommend a proxy
> provider,
> because then the vendor would be lying to its users.
>

Your model is presuming a pretty powerful vendor, who can establish trust
with multiple proxies and who is maintaining contracts with them to achieve
its goals.  Less powerful (or wealthy) software providers will likely rely
on shared infrastructure for this, and there are models in which an
organization rather than a vendor provides them (a university might stand
up an OHAI-like proxy, for example, to protect the data of its students).

One size is not going to fit all here, I'm afraid.

regards,

Ted Hardie



>
> David
>
> On Tue, Nov 16, 2021 at 5:15 AM Michael Richardson <mcr+ietf@sandelman.ca=
>
> wrote:
>
>>
>> Martin Thomson <mt@lowentropy.net> wrote:
>>     > The questions here are more fundamental.  What security basis do w=
e
>>     > have for clients retrieving critical information from the network?
>> How
>>     > does that affect the security of those clients? How might that sha=
pe
>>     > how the services that are discovered can be deployed? What does
>> that do
>>     > to the diversity of those services?
>>
>> I think that this is a pretty good question.
>>
>> 1) IoT LLN networks would like to avoid multicast, and so we have a move
>> from
>>    multicast everything to register.
>>
>> 2) It's not a big-yellow-coax anyway, multicast is not real (its
>> emulated),
>>    MLD is broken in many places, we can't continue to play L2 tricks.
>>    We need to acknowledge the real L1 topology, and we can do this in
>> IPv6.
>>
>> 3) SEND failed due to lack of network/node/node trust relationships.
>>
>> 4) How many temporary addresses can the network sustain for each node?
>>    We have no way in current RA/RS ND/NA for the routers to put any kind
>>    of limit, and we already have documents that deal with pre-populating
>>    NCE in routers to lower latency on initial connections.
>>    If nodes need to register, then maybe the authentication can be mutua=
l.
>>
>>     > At some level, the question of IP intermediation (aka routing) has
>> been
>>     > solved.  We assume virtually nothing from IP forwarding and routin=
g,
>>     > but also expect very little from those providing that service.
>>
>> I don't really agree with this statement.  I don't think it's been solve=
d.
>> I think that we have paved over this relationship (think: little child
>> with
>> fingers in their ears.... "I can't hear you"), and it's exactly this
>> relation
>> that we need to fix.
>>
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 I=C3=B8T consu=
lting
>> )
>>            Sandelman Software Works Inc, Ottawa and Worldwide
>>
>>
>>
>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

--000000000000d6017105d0f94c88
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-size:large">Hi David,<br></div></div><br><div class=3D"gmail_quote"><div =
dir=3D"ltr" class=3D"gmail_attr">On Tue, Nov 16, 2021 at 9:25 PM David Schi=
nazi &lt;<a href=3D"mailto:dschinazi.ietf@gmail.com">dschinazi.ietf@gmail.c=
om</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex=
"><div dir=3D"ltr">I don&#39;t see any value in standardizing discovery of =
privacy-related services.<div>When a client device (a user agent, if you wi=
ll) ships a feature that is</div><div>marketed at improving user privacy, t=
he vendor makes some promises to its</div><div>users. For example, it could=
 say &quot;your IP address is hidden from websites&quot;.</div><div>The ven=
dor needs to follow through on that claim, and the way it does that is</div=
><div>by using specific proxies that it trusts. </div></div></blockquote><d=
iv><br></div><div><div style=3D"font-size:large" class=3D"gmail_default">Pu=
t differently, the need for discovery depends on what claim the folks shipp=
ing the feature put forward.=C2=A0 I can imagine claims that work with disc=
overy, like &quot;This software protects from on-the-wire observers collect=
ing your DNS traffic by using any locally available DoH or DoQ services.=C2=
=A0 It falls back to a globally configured service when no local services a=
re available.&quot;=C2=A0 I can imagine claims that do not.</div><div style=
=3D"font-size:large" class=3D"gmail_default"><br></div><div style=3D"font-s=
ize:large" class=3D"gmail_default">As Martin put it:</div><div style=3D"fon=
t-size:large" class=3D"gmail_default"><br></div><div style=3D"font-size:lar=
ge;margin-left:40px" class=3D"gmail_default">What security basis do we have=
 for clients retrieving critical=20
information from the network? How does that affect the security of those
 clients? How might that shape how the services that are discovered can=20
be deployed? What does that do to the diversity of those services?</div><di=
v style=3D"font-size:large" class=3D"gmail_default"><br></div><div style=3D=
"font-size:large" class=3D"gmail_default">Unless we somehow establish a con=
sensus security basis for clients retrieving critical information from the =
network, it=C2=A0 seems likely to me that at least some deployments will us=
e discovered services.=C2=A0 </div><br></div><div>=C2=A0</div><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>If the vendor is=
 fancy, it might even build</div><div>a two-hop system with some cool priva=
cy properties - but those properties still</div><div>rely on the contractua=
l agreements the vendor has with the other proxy operators.</div><div>The v=
endor simply isn&#39;t going to let the local network recommend a proxy pro=
vider,</div><div>because then the vendor would be lying to its users.</div>=
</div></blockquote><div><br></div><div><div style=3D"font-size:large" class=
=3D"gmail_default">Your model is presuming a pretty powerful vendor, who ca=
n establish trust with multiple proxies and who is maintaining contracts wi=
th them to achieve its goals.=C2=A0 Less powerful (or wealthy) software pro=
viders will likely rely on shared infrastructure for this, and there are mo=
dels in which an organization rather than a vendor provides them (a univers=
ity might stand up an OHAI-like proxy, for example, to protect the data of =
its students).</div><div style=3D"font-size:large" class=3D"gmail_default">=
<br></div><div style=3D"font-size:large" class=3D"gmail_default">One size i=
s not going to fit all here, I&#39;m afraid.</div><div style=3D"font-size:l=
arge" class=3D"gmail_default"><br></div><div style=3D"font-size:large" clas=
s=3D"gmail_default">regards,</div><div style=3D"font-size:large" class=3D"g=
mail_default"><br></div><div style=3D"font-size:large" class=3D"gmail_defau=
lt">Ted Hardie<br></div><br></div><div>=C2=A0</div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex"><div dir=3D"ltr"><div><br></div><div>David</div><=
/div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">O=
n Tue, Nov 16, 2021 at 5:15 AM Michael Richardson &lt;<a href=3D"mailto:mcr=
%2Bietf@sandelman.ca" target=3D"_blank">mcr+ietf@sandelman.ca</a>&gt; wrote=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Martin Thomson &lt;<a href=3D"mailto:mt@lowentropy.net" target=3D"_blank">m=
t@lowentropy.net</a>&gt; wrote:<br>
=C2=A0 =C2=A0 &gt; The questions here are more fundamental.=C2=A0 What secu=
rity basis do we<br>
=C2=A0 =C2=A0 &gt; have for clients retrieving critical information from th=
e network? How<br>
=C2=A0 =C2=A0 &gt; does that affect the security of those clients? How migh=
t that shape<br>
=C2=A0 =C2=A0 &gt; how the services that are discovered can be deployed? Wh=
at does that do<br>
=C2=A0 =C2=A0 &gt; to the diversity of those services?<br>
<br>
I think that this is a pretty good question.<br>
<br>
1) IoT LLN networks would like to avoid multicast, and so we have a move fr=
om<br>
=C2=A0 =C2=A0multicast everything to register.<br>
<br>
2) It&#39;s not a big-yellow-coax anyway, multicast is not real (its emulat=
ed),<br>
=C2=A0 =C2=A0MLD is broken in many places, we can&#39;t continue to play L2=
 tricks.<br>
=C2=A0 =C2=A0We need to acknowledge the real L1 topology, and we can do thi=
s in IPv6.<br>
<br>
3) SEND failed due to lack of network/node/node trust relationships.<br>
<br>
4) How many temporary addresses can the network sustain for each node?<br>
=C2=A0 =C2=A0We have no way in current RA/RS ND/NA for the routers to put a=
ny kind<br>
=C2=A0 =C2=A0of limit, and we already have documents that deal with pre-pop=
ulating<br>
=C2=A0 =C2=A0NCE in routers to lower latency on initial connections.<br>
=C2=A0 =C2=A0If nodes need to register, then maybe the authentication can b=
e mutual.<br>
<br>
=C2=A0 =C2=A0 &gt; At some level, the question of IP intermediation (aka ro=
uting) has been<br>
=C2=A0 =C2=A0 &gt; solved.=C2=A0 We assume virtually nothing from IP forwar=
ding and routing,<br>
=C2=A0 =C2=A0 &gt; but also expect very little from those providing that se=
rvice.<br>
<br>
I don&#39;t really agree with this statement.=C2=A0 I don&#39;t think it&#3=
9;s been solved.<br>
I think that we have paved over this relationship (think: little child with=
<br>
fingers in their ears.... &quot;I can&#39;t hear you&quot;), and it&#39;s e=
xactly this relation<br>
that we need to fix.<br>
<br>
--<br>
Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca" target=3D=
"_blank">mcr+IETF@sandelman.ca</a>&gt;=C2=A0 =C2=A0. o O ( IPv6 I=C3=B8T co=
nsulting )<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Sandelman Software Works Inc, Otta=
wa and Worldwide<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
saag mailing list<br>
<a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/saag" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</blockquote></div>
_______________________________________________<br>
saag mailing list<br>
<a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/saag" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</blockquote></div></div>

--000000000000d6017105d0f94c88--


From nobody Wed Nov 17 11:20:47 2021
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9088F3A00D7 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 11:20:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMSrB6-KfGpg for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCA8E3A00D6 for <saag@ietf.org>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id nh10-20020a17090b364a00b001a69adad5ebso3445913pjb.2 for <saag@ietf.org>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iEf2osrGOiDgSiOqWcl/YRrWARMh0c1qBoMbu+XoOEA=; b=ccWzjArDiOCxItp4zHDtiw+8bKgEAF2DZ+arj2NLUS0fFvGqmvHDIw4lbV6LdR+3Q1 6fsj1BhGBdS9nBbq93bsUj94EI4QHzNWFBXKsAE0us0ETmIUyUCm/+egGX1MhfhN2vIL X2K1Pe4kPaC2aaUcL5eVmjvAHqP7W/r+vS0mtgSetTarsVvv4J9jg4ySySWox7X2CD80 BBI8idmhgKUpbxMn2oSnbP7tNWYIpkgGb9PxsccI/Znrz8oUrsb6i4IOhdSXliYNKZ83 1t1jqDHQPIcZmAztC9piJU0/nDhmlNd8thCG2FqBPB0YmqsLz0jwfkGV8aNjV4lhPGo7 6swg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iEf2osrGOiDgSiOqWcl/YRrWARMh0c1qBoMbu+XoOEA=; b=Az7cnJb5QvhaxmrENQz0CEn+mrdrCuwVjWAE3VqO3JEEckrOX1+HusGXDNfa2Ul0Ez A+yxC1AJrd05qvcEc9OvWVtUKPax7AlhXYPmiALMEqrzJg/70N1HMR6lSXrL2R8aWoQt gBT2EepoAEAV2Ef6/iSYJWJKwavINxP8wYSzJxFA1vI+77CqFXiOXyux8YLyfvU2cUT1 aNMubLlfB7qDiFy9ZiQ0897dHwN8WSPoGckJXXA31qg0suH3iyVsHOvzQNLacrHZYFj7 lYgQ1dIho027RVYii5VdOW8SGhABmXxxDzgKfOwEDRgVD1zdZu5hnRtGXm3w4pkNdBmU XTIg==
X-Gm-Message-State: AOAM533lxFvSc46Sgp6AlXSTYlrLVsYIhR/H+j/4j8m2JW8RX/65Vy+m ikRDxDSKMiY8P6J2M8yCXAIxXbDVR39G2/0y22zKqACU
X-Google-Smtp-Source: ABdhPJzjdsutrVTCgfnfDsmTYQS8I3E1nGVWykknEyXLVOVUb2RFV9/92rYP2FjjIEWe/iS4B70HbosonDcwweUPA6M=
X-Received: by 2002:a17:90b:110a:: with SMTP id gi10mr2600179pjb.124.1637176842408;  Wed, 17 Nov 2021 11:20:42 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com> <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
In-Reply-To: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 17 Nov 2021 11:20:31 -0800
Message-ID: <CAPDSy+6etGy6an2SjBkbYJXwm+rXGfrwJHyDyrhfbrTry+Kddw@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000020579105d100f09b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/I94yyO0YkA0-nvGJaRvCEjXQqm0>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 19:20:47 -0000

--00000000000020579105d100f09b
Content-Type: text/plain; charset="UTF-8"

On Wed, Nov 17, 2021 at 2:13 AM Ted Hardie <ted.ietf@gmail.com> wrote:

> Your model is presuming a pretty powerful vendor, who can establish trust
> with multiple proxies and who is maintaining contracts with them to achieve
> its goals.  Less powerful (or wealthy) software providers will likely rely
> on shared infrastructure for this, and there are models in which an
> organization rather than a vendor provides them (a university might stand
> up an OHAI-like proxy, for example, to protect the data of its students).
>

I'd like to understand this example better. Who is the university
protecting the student from? How does the client device discover the OHAI
server?

Thanks,
David

--00000000000020579105d100f09b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><div class=3D"gmail_quote"><div=
 dir=3D"ltr" class=3D"gmail_attr">On Wed, Nov 17, 2021 at 2:13 AM Ted Hardi=
e &lt;<a href=3D"mailto:ted.ietf@gmail.com">ted.ietf@gmail.com</a>&gt; wrot=
e:</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">=
<div class=3D"gmail_quote"><div><div style=3D"font-size:large">Your model i=
s presuming a pretty powerful vendor, who can establish trust with multiple=
 proxies and who is maintaining contracts with them to achieve its goals.=
=C2=A0 Less powerful (or wealthy) software providers will likely rely on sh=
ared infrastructure for this, and there are models in which an organization=
 rather than a vendor provides them (a university might stand up an OHAI-li=
ke proxy, for example, to protect the data of its students).</div></div></d=
iv></div></blockquote><div><br></div><div>I&#39;d like to understand this e=
xample better. Who is the university protecting the student from? How does =
the client device discover the OHAI server?</div><div><br></div><div>Thanks=
,</div><div>David</div></div></div>

--00000000000020579105d100f09b--


From nobody Wed Nov 17 15:51:53 2021
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 717BF3A00E2 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 15:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KLMBoQcwUTS for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 15:51:48 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C83923A00DF for <saag@ietf.org>; Wed, 17 Nov 2021 15:51:47 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id x15so18608234edv.1 for <saag@ietf.org>; Wed, 17 Nov 2021 15:51:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZWKtwDAb0q7FJDwAMkUc0D8kXd1V6XzCe4O1yQNChfU=; b=XF1nH2cRAchufou1UleS/Mfs/JMleusVig3Ef/ySo3Oi4b4mc3nlTxaGlAUEbwQ1Xn RicHZg5sIH2vLy6rpHEJw/KOymoQGYiNgTTVfTQLa+jq7yBfJrKYuhUg7GzHKgt0lbWE avBsUwY8UZGwYayyXtDKTfuPcQQsCfClftvyy02bq7NbHhHLzVVSxfkmhVHchY15e8Hw Hu3IqGgjmfhMci2/kHaWzg+eHJrLGLKpFIAgL5f7leZirtzS8aC3ZQeDQ/sHQ0Kt2rZV G3uzjEGlffPn+N/Idzgwvny51clRjs1J5yw7mM4AK5ib+c13sgUKXUVpK9k4ZN6tLRNQ CVxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZWKtwDAb0q7FJDwAMkUc0D8kXd1V6XzCe4O1yQNChfU=; b=2JAngxLWqI1voleWyf8Etz3JCF6AmsiVZacDJx5Rp6lEGk9wxic1H1XRnx4OJd2NpI GIbz0fT6iAI5PpgWPB4aXWN2S/Cx5BaetWbWR/FEGe/PYK9TTkW1gieZ3lwt0R/hla88 XbdqNFeQfHb4ygZF0tX5yQ8IpLKrwVLPviIsKc4/6dLctFAsnHXj4hyWwDGAm+fDURJc DFXd+GDh6acAvlRUgc0cAimkKyIrk0TdvbDTzpIeuXAvX/U6e0Z+5IqXtu6Cu4DqvZ1Q Q1TlqHZM4q1OZb7M0nVl50MGwZc42StUh32ij0KN0DwTZSZBGYCermCCfMBi9UQ7TYPX rIRA==
X-Gm-Message-State: AOAM531Zv5rues6k9bp7/CX5qAWRRS3hOuDRw3VibU4jM4suQpp0FhiU QUBmP1UO9nvCKujYku2sabvNpTXOYJqBY3tw91+9lp6P
X-Google-Smtp-Source: ABdhPJz1WZfJCXu/1bHoKlod7T85aBGs28atZtpZWqpR0JwqLvLrrQ5lZp/Y8pxpt3HYZz933wNovu/C543pGVIWt7Q=
X-Received: by 2002:a17:907:7d8b:: with SMTP id oz11mr27574744ejc.507.1637193101327;  Wed, 17 Nov 2021 15:51:41 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com> <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
In-Reply-To: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 17 Nov 2021 18:51:29 -0500
Message-ID: <CACsn0c=8E5GQ4dJ8WnibfoRb-j2OJakJmH+t5TBU8gdje9=Xag@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/BUyvhvTkgXNCZPTkmLiCpnSs1b4>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 23:51:51 -0000

On Wed, Nov 17, 2021, 5:14 AM Ted Hardie <ted.ietf@gmail.com> wrote:
>
> Hi David,
>
> On Tue, Nov 16, 2021 at 9:25 PM David Schinazi <dschinazi.ietf@gmail.com>=
 wrote:
>>
>> I don't see any value in standardizing discovery of privacy-related serv=
ices.
>> When a client device (a user agent, if you will) ships a feature that is
>> marketed at improving user privacy, the vendor makes some promises to it=
s
>> users. For example, it could say "your IP address is hidden from website=
s".
>> The vendor needs to follow through on that claim, and the way it does th=
at is
>> by using specific proxies that it trusts.
>
>
> Put differently, the need for discovery depends on what claim the folks s=
hipping the feature put forward.  I can imagine claims that work with disco=
very, like "This software protects from on-the-wire observers collecting yo=
ur DNS traffic by using any locally available DoH or DoQ services.  It fall=
s back to a globally configured service when no local services are availabl=
e."  I can imagine claims that do not.

Local services are also unlikely to have the same degree of
independence from adversaries. Would you trust your ISP to delink your
identity from itself?

To be clear I don't think these problems are surmountable. I'm asking
the people who think they do to raise, hold, or fold, rather than make
the same arguments across working groups (often simplifying very
different trust and deployment models).

Sincerely,
Watson Ladd


From nobody Thu Nov 18 14:44:03 2021
Return-Path: <csp@csperkins.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F2323A0B26 for <saag@ietfa.amsl.com>; Thu, 18 Nov 2021 14:44:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBkCEojh4715 for <saag@ietfa.amsl.com>; Thu, 18 Nov 2021 14:43:56 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 917743A0B25 for <saag@ietf.org>; Thu, 18 Nov 2021 14:43:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=T+3dzPncUog7YUR7kk4yvXdc3EPI/+fMenoPW190irY=; b=lilRsEaVzH3RVcIsfAJm759udW Q+2yGVOJLkkSF7RCeHqqR400pOqXSnuwqJGzakp3cFJ5l0BXFXvCdzr/FQ3nwln55n0cmlgJ6LRHg TBK7tpZSyxtUK1Mb6U1TMBYT7g5n+bV42ZFTWuHRHC0m+oVU7S4JM1gMKJO4mdMiKXD8Quzty98kW RP4CRz6eSlm2tTpa9PgU9gqTzSJXTDGzFtP6HqEy9CQy9MMIsN0LHdnQtEYgOQ+lSl98NNWHIddXL wwdSHRq/j6Lfr9FM9EHZX1CasjETOp9m4+6ttz8OydnZrAFegOWvxUB606K7JXxdWn1eQ4aAfV+DN fBTxFCQA==;
Received: from [81.187.2.149] (port=48523 helo=[192.168.0.67]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1mnq8C-0000OK-BO; Thu, 18 Nov 2021 22:43:52 +0000
From: Colin Perkins <csp@csperkins.org>
Message-Id: <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1E6674FC-0DA1-4EAB-8F21-5ACA38F1FB00"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Thu, 18 Nov 2021 22:43:40 +0000
In-Reply-To: <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF SAAG <saag@ietf.org>
To: Johan Pascal <johan.pascal@linphone.org>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dH5TY7mPQbPejwderhODBs6OOYA>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 22:44:03 -0000

--Apple-Mail=_1E6674FC-0DA1-4EAB-8F21-5ACA38F1FB00
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Hi Johan,

ZRTP was never adopted as a working group item, but the draft was =
presented several times in the AVT working group. You might get useful =
feedback from AVTCORE.

Colin



> On 16 Nov 2021, at 21:51, Eric Rescorla <ekr@rtfm.com> wrote:
>=20
> Hi Johann,
>=20
> As you say, there are some common design questions with any protocol =
which wants to graft PQ onto DH in a hybrid mode. There is already a =
fair amount of work in this in TLS =
(https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/ =
<https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/>), =
though it looks less like making ECDH act like a KEM and more often =
making the KEMs act like ECDH. I'm honestly not sure how much new work =
there is to do here; over in TLS we're mostly waiting for NIST. I do =
think it would be helpful to have CFRG or the like specific a PQ =
algorithm but I'm not sure a generic algorithm describing hybrid will =
help that much, as opposed to having that last mile be protocol specific
>=20
> Process-wise, the IETF is not maintaining ZRTP, so you would probably =
need to do an individual submission or send it to the ISE if you want to =
update it.
>=20
> -Ekr
>=20
>=20
>=20
>=20
> On Tue, Nov 16, 2021 at 1:32 PM Johan Pascal =
<johan.pascal@linphone.org <mailto:johan.pascal@linphone.org>> wrote:
> Dear Saag,
>=20
> on Roman's advice, I post on this list to mention the need for an =
update to ZRTP in order to support Post-Quantum Crytography. RFC6189 was =
an individual submission and as far as I know no active WG is =
maintaining this protocol.
>=20
> ZRTP is based on (EC)DH and requires a deep rework to support the KEM =
interface used by the NIST PQ key exchange algorithms. I started working =
on this topic, my next step would be to submit am I-D updating RFC6189 =
but I'm far from it so if someone is interested let me know and I can =
share the preliminary analysis to start a discussion.
>=20
>=20
>=20
> Side note: The PQC version of ZRTP should actually use an hybrid key =
exchange using both (EC)DH and PQ-KEM in parallel. Every protocol using =
key exchange/encapsulation algorithm and willing to transition toward =
PQC have to deal with this problem so I think it would be more effective =
to address it in a specific document that would describe:
>=20
> - how to implement a KEM from X25519/X448 or others (EC)DH algorithms
>=20
> - how to combine the output of two or more KEMs to provide an hybrid =
one that would be seen from the protocol level (like ZRTP for example) =
as a single KEM.
>=20
> Some combiners suggestions can be found for example in this =
publication https://eprint.iacr.org/2018/903.pdf =
<https://eprint.iacr.org/2018/903.pdf>
> The idea would be to avoid repeating the hybrid KEM description in =
various documents and focus the discussions on that specific matter in =
one central point.
>=20
> Regards,
>=20
> Johan
>=20
> _______________________________________________
> saag mailing list
> saag@ietf.org <mailto:saag@ietf.org>
> https://www.ietf.org/mailman/listinfo/saag =
<https://www.ietf.org/mailman/listinfo/saag>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


--Apple-Mail=_1E6674FC-0DA1-4EAB-8F21-5ACA38F1FB00
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">Hi =
Johan,<div class=3D""><br class=3D""></div><div class=3D"">ZRTP was =
never adopted as a working group item, but the draft was presented =
several times in the AVT working group. You might get useful feedback =
from AVTCORE.<div class=3D""><br class=3D""></div><div =
class=3D"">Colin</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""><div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D"">On 16 Nov 2021, at 21:51, Eric Rescorla =
&lt;<a href=3D"mailto:ekr@rtfm.com" class=3D"">ekr@rtfm.com</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div =
dir=3D"ltr" class=3D""><div class=3D"">Hi Johann,</div><div class=3D""><br=
 class=3D""></div><div class=3D"">As you say, there are some common =
design questions with any protocol which wants to graft PQ onto DH in a =
hybrid mode. There is already a fair amount of work in this in TLS (<a =
href=3D"https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/" =
class=3D"">https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/<=
/a>), though it looks less like making ECDH act like a KEM and more =
often making the KEMs act like ECDH. I'm honestly not sure how much new =
work there is to do here; over in TLS we're mostly waiting for NIST. I =
do think it would be helpful to have CFRG or the like specific a PQ =
algorithm but I'm not sure a generic algorithm describing hybrid will =
help that much, as opposed to having that last mile be protocol =
specific<br class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">Process-wise, the IETF is not maintaining ZRTP, so you would =
probably need to do an individual submission or send it to the ISE if =
you want to update it.</div><div class=3D""><br class=3D""></div><div =
class=3D"">-Ekr</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div></div><br class=3D""><div class=3D"gmail_quote"><div =
dir=3D"ltr" class=3D"gmail_attr">On Tue, Nov 16, 2021 at 1:32 PM Johan =
Pascal &lt;<a href=3D"mailto:johan.pascal@linphone.org" =
class=3D"">johan.pascal@linphone.org</a>&gt; wrote:<br =
class=3D""></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
 =20

   =20
 =20
  <div class=3D""><p class=3D""><font face=3D"Clean" class=3D"">Dear =
Saag,</font></p><p class=3D""><font face=3D"Clean" class=3D"">on Roman's =
advice, I post on this list to
        mention the need for an update to ZRTP in order to support
        Post-Quantum Crytography. RFC6189 was an individual submission
        and as far as I know no active WG is maintaining this =
protocol.</font></p><p class=3D""><font face=3D"Clean" class=3D"">ZRTP =
is based on (EC)DH and requires a deep
        rework to support the KEM interface used by the NIST PQ key
        exchange algorithms. I started working on this topic, my next
        step would be to submit am I-D updating RFC6189 but I'm far from
        it so if someone is interested let me know and I can share the
        preliminary analysis to start a discussion.</font></p><p =
class=3D""><font face=3D"Clean" class=3D""><br class=3D"">
      </font></p><p class=3D""><font face=3D"Clean" class=3D"">Side =
note: The PQC version of ZRTP should
        actually use an hybrid key exchange using both (EC)DH and PQ-KEM
        in parallel. Every protocol using key exchange/encapsulation
        algorithm and willing to transition toward PQC have to deal with
        this problem so I think it would be more effective to address it
        in a specific document that would describe:</font></p><p =
class=3D""><font face=3D"Clean" class=3D"">- how to implement a KEM from =
X25519/X448 or
        others (EC)DH algorithms</font></p><p class=3D""><font =
face=3D"Clean" class=3D"">- how to combine the output of two or more
        KEMs to provide an hybrid one that would be seen from the
        protocol level (like ZRTP for example) as a single =
KEM.</font></p><p class=3D""><font face=3D"Clean" class=3D"">Some =
combiners suggestions can be found for
        example in this publication <a =
href=3D"https://eprint.iacr.org/2018/903.pdf" target=3D"_blank" =
class=3D"">https://eprint.iacr.org/2018/903.pdf</a></font></p><p =
class=3D""><font face=3D"Clean" class=3D"">The idea would be to avoid =
repeating the
        hybrid KEM description in various documents and focus the
        discussions on that specific matter in one central point.<br =
class=3D"">
      </font></p><p class=3D""><font face=3D"Clean" =
class=3D"">Regards,</font></p><p class=3D""><font face=3D"Clean" =
class=3D"">Johan<br class=3D"">
      </font></p>
  </div>


_______________________________________________<br class=3D"">
saag mailing list<br class=3D"">
<a href=3D"mailto:saag@ietf.org" target=3D"_blank" =
class=3D"">saag@ietf.org</a><br class=3D"">
<a href=3D"https://www.ietf.org/mailman/listinfo/saag" rel=3D"noreferrer" =
target=3D"_blank" =
class=3D"">https://www.ietf.org/mailman/listinfo/saag</a><br class=3D"">
</blockquote></div>
_______________________________________________<br class=3D"">saag =
mailing list<br class=3D""><a href=3D"mailto:saag@ietf.org" =
class=3D"">saag@ietf.org</a><br =
class=3D"">https://www.ietf.org/mailman/listinfo/saag<br =
class=3D""></div></blockquote></div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_1E6674FC-0DA1-4EAB-8F21-5ACA38F1FB00--


From nobody Mon Nov 22 09:28:20 2021
Return-Path: <johan.pascal@linphone.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4573A0CB0 for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 09:28:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.85
X-Spam-Level: 
X-Spam-Status: No, score=-3.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linphone.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pHPkXHizEALA for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 09:28:14 -0800 (PST)
Received: from smtp.belledonne-communications.com (smtp.belledonne-communications.com [IPv6:2001:41d0:1:fec2::]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8B723A0CAE for <saag@ietf.org>; Mon, 22 Nov 2021 09:28:13 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.belledonne-communications.com (Postfix) with ESMTP id 4523DC0116B; Mon, 22 Nov 2021 18:28:10 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.belledonne-communications.com 4523DC0116B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linphone.org; s=default; t=1637602090; bh=GOapAvdxAu3ZDuAgWTO5vS19WzKOLQYw/c6r4OEbb0Q=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=eVoE4Yh0SjG1uSY8O88HVnVWSv2hUJG2FIPV577cE7gGJSBf/prnucIX4yaCrDWLu SGlj1nMj1kTCq3s5g2N5IeqFxQ8erUpwDjFRHOs2T4NFYngYw23gZ3euWjcPgGI63W V1SFK+op0nNx0QPFzGYPZ7Ata2yhXD1H4G4oBp1OF+r4Nf7Boln1eIkI7keKbTvEXo SfrF852HkqcDN/m3Y1XlwBEH7+ukFcJN0wsJsyvEMgLlSeRZ9Lm3l0q+PtJwAUXFow Att2qpcvQAYcGfB7SUaFMtxWoJNxV1L3Abqlb4g/iAo5N8R2wmrum33vYwnryEwe3u 3i2MCKwmXl9SA==
X-Virus-Scanned: amavisd-new at belledonne-communications.com
Received: from smtp.belledonne-communications.com ([127.0.0.1]) by localhost (smtp.belledonne-communications.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id MX8ceQKr6kCx; Mon, 22 Nov 2021 18:28:10 +0100 (CET)
Received: from [192.168.1.100] (unknown [80.214.147.122]) by smtp.belledonne-communications.com (Postfix) with ESMTPSA id D30F6C01081; Mon, 22 Nov 2021 18:28:09 +0100 (CET)
Message-ID: <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org>
Date: Mon, 22 Nov 2021 18:28:08 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
Content-Language: en-US
To: Colin Perkins <csp@csperkins.org>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF SAAG <saag@ietf.org>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org>
From: Johan Pascal <johan.pascal@linphone.org>
In-Reply-To: <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org>
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/itwZRqzh0lUmmUJNndFAJAe1-Sg>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2021 17:28:19 -0000

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><font face="Clean">Hi,</font></p>
    <p><font face="Clean">thanks for your suggestions. I know the work
        on hybrid design is already done in TLS and others . While
        looking for some documentation on that specific problem I found
        several protocols addressing it, each of them with specific
        details related to the protocol and that is mainly what led me
        to think that a document dedicated to hybrid scheme might make
        sense: it would save the next person trying to achieve exactly
        what I'm trying to do for ZRTP the work of reading the different
        specifications, parting what is protocol related and what is
        not. But the hybrid mechanism can be described in the PQC-ZRTP
        I-D itself.<br>
      </font></p>
    <p><font face="Clean">Colin, as the problem of updating ZRTP to a
        PQ-KEM scheme is mostly security related it made more sense to
        me to post it on Saag. The perfect list to discuss it would be
        the potential "PQC Agility" WG if it is charted at some point
(<a class="moz-txt-link-freetext" href="https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/">https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/</a>).
        Is there any update on this?</font></p>
    <p><font face="Clean">Regards,</font></p>
    <p><font face="Clean">Johan</font></p>
    <div class="moz-cite-prefix">On 18/11/2021 23:43, Colin Perkins
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      Hi Johan,
      <div class=""><br class="">
      </div>
      <div class="">ZRTP was never adopted as a working group item, but
        the draft was presented several times in the AVT working group.
        You might get useful feedback from AVTCORE.
        <div class=""><br class="">
        </div>
        <div class="">Colin</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">On 16 Nov 2021, at 21:51, Eric Rescorla &lt;<a
                  href="mailto:ekr@rtfm.com"
                  class="moz-txt-link-freetext" moz-do-not-send="true">ekr@rtfm.com</a>&gt;
                wrote:</div>
              <br class="Apple-interchange-newline">
              <div class="">
                <div dir="ltr" class="">
                  <div class="">Hi Johann,</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">As you say, there are some common design
                    questions with any protocol which wants to graft PQ
                    onto DH in a hybrid mode. There is already a fair
                    amount of work in this in TLS (<a
                      href="https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/"
                      class="moz-txt-link-freetext"
                      moz-do-not-send="true">https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/</a>),
                    though it looks less like making ECDH act like a KEM
                    and more often making the KEMs act like ECDH. I'm
                    honestly not sure how much new work there is to do
                    here; over in TLS we're mostly waiting for NIST. I
                    do think it would be helpful to have CFRG or the
                    like specific a PQ algorithm but I'm not sure a
                    generic algorithm describing hybrid will help that
                    much, as opposed to having that last mile be
                    protocol specific<br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <div class="">Process-wise, the IETF is not
                    maintaining ZRTP, so you would probably need to do
                    an individual submission or send it to the ISE if
                    you want to update it.</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">-Ekr</div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                </div>
                <br class="">
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">On Tue, Nov 16, 2021
                    at 1:32 PM Johan Pascal &lt;<a
                      href="mailto:johan.pascal@linphone.org"
                      class="moz-txt-link-freetext"
                      moz-do-not-send="true">johan.pascal@linphone.org</a>&gt;
                    wrote:<br class="">
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px
                    0px 0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex">
                    <div class="">
                      <p class=""><font class="" face="Clean">Dear Saag,</font></p>
                      <p class=""><font class="" face="Clean">on Roman's
                          advice, I post on this list to mention the
                          need for an update to ZRTP in order to support
                          Post-Quantum Crytography. RFC6189 was an
                          individual submission and as far as I know no
                          active WG is maintaining this protocol.</font></p>
                      <p class=""><font class="" face="Clean">ZRTP is
                          based on (EC)DH and requires a deep rework to
                          support the KEM interface used by the NIST PQ
                          key exchange algorithms. I started working on
                          this topic, my next step would be to submit am
                          I-D updating RFC6189 but I'm far from it so if
                          someone is interested let me know and I can
                          share the preliminary analysis to start a
                          discussion.</font></p>
                      <p class=""><font class="" face="Clean"><br
                            class="">
                        </font></p>
                      <p class=""><font class="" face="Clean">Side note:
                          The PQC version of ZRTP should actually use an
                          hybrid key exchange using both (EC)DH and
                          PQ-KEM in parallel. Every protocol using key
                          exchange/encapsulation algorithm and willing
                          to transition toward PQC have to deal with
                          this problem so I think it would be more
                          effective to address it in a specific document
                          that would describe:</font></p>
                      <p class=""><font class="" face="Clean">- how to
                          implement a KEM from X25519/X448 or others
                          (EC)DH algorithms</font></p>
                      <p class=""><font class="" face="Clean">- how to
                          combine the output of two or more KEMs to
                          provide an hybrid one that would be seen from
                          the protocol level (like ZRTP for example) as
                          a single KEM.</font></p>
                      <p class=""><font class="" face="Clean">Some
                          combiners suggestions can be found for example
                          in this publication <a
                            href="https://eprint.iacr.org/2018/903.pdf"
                            target="_blank"
                            class="moz-txt-link-freetext"
                            moz-do-not-send="true">https://eprint.iacr.org/2018/903.pdf</a></font></p>
                      <p class=""><font class="" face="Clean">The idea
                          would be to avoid repeating the hybrid KEM
                          description in various documents and focus the
                          discussions on that specific matter in one
                          central point.<br class="">
                        </font></p>
                      <p class=""><font class="" face="Clean">Regards,</font></p>
                      <p class=""><font class="" face="Clean">Johan<br
                            class="">
                        </font></p>
                    </div>
                    _______________________________________________<br
                      class="">
                    saag mailing list<br class="">
                    <a href="mailto:saag@ietf.org" target="_blank"
                      class="moz-txt-link-freetext"
                      moz-do-not-send="true">saag@ietf.org</a><br
                      class="">
                    <a href="https://www.ietf.org/mailman/listinfo/saag"
                      rel="noreferrer" target="_blank"
                      class="moz-txt-link-freetext"
                      moz-do-not-send="true">https://www.ietf.org/mailman/listinfo/saag</a><br
                      class="">
                  </blockquote>
                </div>
                _______________________________________________<br
                  class="">
                saag mailing list<br class="">
                <a href="mailto:saag@ietf.org"
                  class="moz-txt-link-freetext" moz-do-not-send="true">saag@ietf.org</a><br
                  class="">
                <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/saag">https://www.ietf.org/mailman/listinfo/saag</a><br class="">
              </div>
            </blockquote>
          </div>
          <br class="">
        </div>
      </div>
    </blockquote>
  </body>
</html>


From nobody Mon Nov 22 14:24:50 2021
Return-Path: <csp@csperkins.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEC2F3A087B for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 14:24:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D-wAe1Xe5jq for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 14:24:42 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D7463A087E for <saag@ietf.org>; Mon, 22 Nov 2021 14:24:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=+Djhy2043VXsGlpD4G6kVwslBKoTKXoG2iuZniF2Z8g=; b=h4k3TlSpHQM6f6TNhhA36aM3dY m6d+QE9E3xB7STo659mtvJBPNgX5C8gg0CpkC90b0hsRjepF3ft6bx3kSOmENxTAXb+Ri/7/uyWf3 bBN+wAnyo6D+U7pNz7M0xDjfuYlZGCatB8WtIbUg9eZxnfP4y64LueM/A/IXHDVAeRtWrw+IifAzF LBFf9MiEBhH1IKfDPvSEAcbCYW23xROsD2thVXkrUbZ5ttmHK7LMklroZZnWGkmNS4SSvFP/CllZj 1Xs1DVlfguES2rZBCWK5EZAPLlNPz4C6HDSVVSh4ABLuYhcEHxAzhbBDn7hQuEhWmQFH2g2EnJRBV 0sMQWDOw==;
Received: from [81.187.2.149] (port=39137 helo=[192.168.0.67]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1mpHjn-0002fX-6U; Mon, 22 Nov 2021 22:24:39 +0000
From: Colin Perkins <csp@csperkins.org>
Message-Id: <07B3853F-906A-4A68-B7B1-D1FF699AA83B@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_95F7D844-2052-424F-81E8-B15A7D2F15FC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Mon, 22 Nov 2021 22:24:27 +0000
In-Reply-To: <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org>
Cc: Eric Rescorla <ekr@rtfm.com>, IETF SAAG <saag@ietf.org>
To: Johan Pascal <johan.pascal@linphone.org>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org>
X-Mailer: Apple Mail (2.3445.104.21)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/IW9V51yyqw4W_rH06ZuHpIJ9RjA>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2021 22:24:49 -0000

--Apple-Mail=_95F7D844-2052-424F-81E8-B15A7D2F15FC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

It would be useful to get review from AVTCORE, if only to (try to) =
ensure the thinking about post-quantum crypto for SRTP aligns with ZRTP, =
to the extent possible.

Colin



> On 22 Nov 2021, at 17:28, Johan Pascal <johan.pascal@linphone.org> =
wrote:
>=20
> Hi,
>=20
> thanks for your suggestions. I know the work on hybrid design is =
already done in TLS and others . While looking for some documentation on =
that specific problem I found several protocols addressing it, each of =
them with specific details related to the protocol and that is mainly =
what led me to think that a document dedicated to hybrid scheme might =
make sense: it would save the next person trying to achieve exactly what =
I'm trying to do for ZRTP the work of reading the different =
specifications, parting what is protocol related and what is not. But =
the hybrid mechanism can be described in the PQC-ZRTP I-D itself.
>=20
> Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly =
security related it made more sense to me to post it on Saag. The =
perfect list to discuss it would be the potential "PQC Agility" WG if it =
is charted at some point =
(https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/ =
<https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/>)=
. Is there any update on this?
>=20
> Regards,
>=20
> Johan
>=20
> On 18/11/2021 23:43, Colin Perkins wrote:
>> Hi Johan,
>>=20
>> ZRTP was never adopted as a working group item, but the draft was =
presented several times in the AVT working group. You might get useful =
feedback from AVTCORE.
>>=20
>> Colin
>>=20
>>=20
>>=20
>>> On 16 Nov 2021, at 21:51, Eric Rescorla <ekr@rtfm.com =
<mailto:ekr@rtfm.com>> wrote:
>>>=20
>>> Hi Johann,
>>>=20
>>> As you say, there are some common design questions with any protocol =
which wants to graft PQ onto DH in a hybrid mode. There is already a =
fair amount of work in this in TLS =
(https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/ =
<https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/>), =
though it looks less like making ECDH act like a KEM and more often =
making the KEMs act like ECDH. I'm honestly not sure how much new work =
there is to do here; over in TLS we're mostly waiting for NIST. I do =
think it would be helpful to have CFRG or the like specific a PQ =
algorithm but I'm not sure a generic algorithm describing hybrid will =
help that much, as opposed to having that last mile be protocol specific
>>>=20
>>> Process-wise, the IETF is not maintaining ZRTP, so you would =
probably need to do an individual submission or send it to the ISE if =
you want to update it.
>>>=20
>>> -Ekr
>>>=20
>>>=20
>>>=20
>>>=20
>>> On Tue, Nov 16, 2021 at 1:32 PM Johan Pascal =
<johan.pascal@linphone.org <mailto:johan.pascal@linphone.org>> wrote:
>>> Dear Saag,
>>>=20
>>> on Roman's advice, I post on this list to mention the                =
           need for an update to ZRTP in order to support Post-Quantum =
Crytography. RFC6189 was an individual submission and as far as I know =
no active WG is maintaining this protocol.
>>>=20
>>> ZRTP is based on (EC)DH and requires a deep rework to                =
           support the KEM interface used by the NIST PQ key exchange =
algorithms. I started working on this topic, my next step would be to =
submit am I-D updating RFC6189 but I'm far from it so if someone is =
interested let me know and I can share the preliminary analysis to start =
a discussion.
>>>=20
>>>=20
>>>=20
>>> Side note: The PQC version of ZRTP should actually use an hybrid key =
exchange using both (EC)DH and PQ-KEM in parallel. Every protocol using =
key exchange/encapsulation algorithm and willing to transition toward =
PQC have to deal with this problem so I think it would be more effective =
to address it in a specific document that would describe:
>>>=20
>>> - how to implement a KEM from X25519/X448 or others (EC)DH =
algorithms
>>>=20
>>> - how to combine the output of two or more KEMs to provide an hybrid =
one that would be seen from the protocol level (like ZRTP for example) =
as a single KEM.
>>>=20
>>> Some combiners suggestions can be found for example in this =
publication https://eprint.iacr.org/2018/903.pdf =
<https://eprint.iacr.org/2018/903.pdf>
>>> The idea would be to avoid repeating the hybrid KEM description in =
various documents and focus the discussions on that specific matter in =
one central point.
>>>=20
>>> Regards,
>>>=20
>>> Johan
>>>=20
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org <mailto:saag@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/saag =
<https://www.ietf.org/mailman/listinfo/saag>
>>> _______________________________________________
>>> saag mailing list
>>> saag@ietf.org <mailto:saag@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/saag =
<https://www.ietf.org/mailman/listinfo/saag>


--Apple-Mail=_95F7D844-2052-424F-81E8-B15A7D2F15FC
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">It would be useful to get review from AVTCORE, if only to (try to) ensure the thinking about post-quantum crypto for SRTP aligns with ZRTP, to the extent possible.<div class=""><br class=""></div><div class="">Colin</div><div class=""><br class=""></div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 22 Nov 2021, at 17:28, Johan Pascal &lt;<a href="mailto:johan.pascal@linphone.org" class="">johan.pascal@linphone.org</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class="">
  
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
  
  <div class=""><p class=""><font face="Clean" class="">Hi,</font></p><p class=""><font face="Clean" class="">thanks for your suggestions. I know the work
        on hybrid design is already done in TLS and others . While
        looking for some documentation on that specific problem I found
        several protocols addressing it, each of them with specific
        details related to the protocol and that is mainly what led me
        to think that a document dedicated to hybrid scheme might make
        sense: it would save the next person trying to achieve exactly
        what I'm trying to do for ZRTP the work of reading the different
        specifications, parting what is protocol related and what is
        not. But the hybrid mechanism can be described in the PQC-ZRTP
        I-D itself.<br class="">
      </font></p><p class=""><font face="Clean" class="">Colin, as the problem of updating ZRTP to a
        PQ-KEM scheme is mostly security related it made more sense to
        me to post it on Saag. The perfect list to discuss it would be
        the potential "PQC Agility" WG if it is charted at some point
(<a class="moz-txt-link-freetext" href="https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/">https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/</a>).
        Is there any update on this?</font></p><p class=""><font face="Clean" class="">Regards,</font></p><p class=""><font face="Clean" class="">Johan</font></p>
    <div class="moz-cite-prefix">On 18/11/2021 23:43, Colin Perkins
      wrote:<br class="">
    </div>
    <blockquote type="cite" cite="mid:B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org" class="">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
      Hi Johan,
      <div class=""><br class="">
      </div>
      <div class="">ZRTP was never adopted as a working group item, but
        the draft was presented several times in the AVT working group.
        You might get useful feedback from AVTCORE.
        <div class=""><br class="">
        </div>
        <div class="">Colin</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
          <div class=""><br class="">
            <blockquote type="cite" class="">
              <div class="">On 16 Nov 2021, at 21:51, Eric Rescorla &lt;<a href="mailto:ekr@rtfm.com" class="moz-txt-link-freetext" moz-do-not-send="true">ekr@rtfm.com</a>&gt;
                wrote:</div>
              <br class="Apple-interchange-newline">
              <div class="">
                <div dir="ltr" class="">
                  <div class="">Hi Johann,</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">As you say, there are some common design
                    questions with any protocol which wants to graft PQ
                    onto DH in a hybrid mode. There is already a fair
                    amount of work in this in TLS (<a href="https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/" class="moz-txt-link-freetext" moz-do-not-send="true">https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/</a>),
                    though it looks less like making ECDH act like a KEM
                    and more often making the KEMs act like ECDH. I'm
                    honestly not sure how much new work there is to do
                    here; over in TLS we're mostly waiting for NIST. I
                    do think it would be helpful to have CFRG or the
                    like specific a PQ algorithm but I'm not sure a
                    generic algorithm describing hybrid will help that
                    much, as opposed to having that last mile be
                    protocol specific<br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <div class="">Process-wise, the IETF is not
                    maintaining ZRTP, so you would probably need to do
                    an individual submission or send it to the ISE if
                    you want to update it.</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">-Ekr</div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                </div>
                <br class="">
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">On Tue, Nov 16, 2021
                    at 1:32 PM Johan Pascal &lt;<a href="mailto:johan.pascal@linphone.org" class="moz-txt-link-freetext" moz-do-not-send="true">johan.pascal@linphone.org</a>&gt;
                    wrote:<br class="">
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px
                    0px 0.8ex;border-left:1px solid
                    rgb(204,204,204);padding-left:1ex">
                    <div class=""><p class=""><font class="" face="Clean">Dear Saag,</font></p><p class=""><font class="" face="Clean">on Roman's
                          advice, I post on this list to mention the
                          need for an update to ZRTP in order to support
                          Post-Quantum Crytography. RFC6189 was an
                          individual submission and as far as I know no
                          active WG is maintaining this protocol.</font></p><p class=""><font class="" face="Clean">ZRTP is
                          based on (EC)DH and requires a deep rework to
                          support the KEM interface used by the NIST PQ
                          key exchange algorithms. I started working on
                          this topic, my next step would be to submit am
                          I-D updating RFC6189 but I'm far from it so if
                          someone is interested let me know and I can
                          share the preliminary analysis to start a
                          discussion.</font></p><p class=""><font class="" face="Clean"><br class="">
                        </font></p><p class=""><font class="" face="Clean">Side note:
                          The PQC version of ZRTP should actually use an
                          hybrid key exchange using both (EC)DH and
                          PQ-KEM in parallel. Every protocol using key
                          exchange/encapsulation algorithm and willing
                          to transition toward PQC have to deal with
                          this problem so I think it would be more
                          effective to address it in a specific document
                          that would describe:</font></p><p class=""><font class="" face="Clean">- how to
                          implement a KEM from X25519/X448 or others
                          (EC)DH algorithms</font></p><p class=""><font class="" face="Clean">- how to
                          combine the output of two or more KEMs to
                          provide an hybrid one that would be seen from
                          the protocol level (like ZRTP for example) as
                          a single KEM.</font></p><p class=""><font class="" face="Clean">Some
                          combiners suggestions can be found for example
                          in this publication <a href="https://eprint.iacr.org/2018/903.pdf" target="_blank" class="moz-txt-link-freetext" moz-do-not-send="true">https://eprint.iacr.org/2018/903.pdf</a></font></p><p class=""><font class="" face="Clean">The idea
                          would be to avoid repeating the hybrid KEM
                          description in various documents and focus the
                          discussions on that specific matter in one
                          central point.<br class="">
                        </font></p><p class=""><font class="" face="Clean">Regards,</font></p><p class=""><font class="" face="Clean">Johan<br class="">
                        </font></p>
                    </div>
                    _______________________________________________<br class="">
                    saag mailing list<br class="">
                    <a href="mailto:saag@ietf.org" target="_blank" class="moz-txt-link-freetext" moz-do-not-send="true">saag@ietf.org</a><br class="">
                    <a href="https://www.ietf.org/mailman/listinfo/saag" rel="noreferrer" target="_blank" class="moz-txt-link-freetext" moz-do-not-send="true">https://www.ietf.org/mailman/listinfo/saag</a><br class="">
                  </blockquote>
                </div>
                _______________________________________________<br class="">
                saag mailing list<br class="">
                <a href="mailto:saag@ietf.org" class="moz-txt-link-freetext" moz-do-not-send="true">saag@ietf.org</a><br class="">
                <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/saag">https://www.ietf.org/mailman/listinfo/saag</a><br class="">
              </div>
            </blockquote>
          </div>
          </div></div></blockquote></div></div></blockquote></div><br class=""></div></body></html>
--Apple-Mail=_95F7D844-2052-424F-81E8-B15A7D2F15FC--


From nobody Mon Nov 22 21:48:33 2021
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 120433A0788 for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 21:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level: 
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIXeyuxV3ox8 for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 21:48:25 -0800 (PST)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D699E3A0785 for <saag@ietf.org>; Mon, 22 Nov 2021 21:48:24 -0800 (PST)
Received: by mail-io1-xd34.google.com with SMTP id f9so26258712ioo.11 for <saag@ietf.org>; Mon, 22 Nov 2021 21:48:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=siWvEtBie/eBdOw1mFBu0uLk5jn4daghzezVbdL9K2g=; b=07meSjLg7x4eFS6Ggc2PidBUF7oGDU36ybRzXFX/5Oq0O8yvy09VZCAFfZqWSGlL6M C6BtjQ3aVkqoIs+1EY8s9P672jPXJLzieGXFHQgpP9NxwtAq9JEfbckOSnjyvXln2hqI 6za8/eNl5COLjHZ8rd4DlT6WJOl4yT/cxUQOvIfTkIpBpoREDyPqipqDx2JiporVs09Q BGv/NCs54kI9pSY1Nj3NDZRjLtHxO0JWJJ6fIz1gjB04wKaqm+mV3MM2bWomMKssk47H svNDAdTmFoKtkoc6+X/jD+4JPntcogEsVBJZJfPYlP2bUPN8Ih5nEvcVtrN62lUd4POH /r/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=siWvEtBie/eBdOw1mFBu0uLk5jn4daghzezVbdL9K2g=; b=6LE1heXE11ZZHMSKb3QcXyA0xRkq0Xh1a0sUm7/IYFpVMbSNsql8oTYtjqJZKRVHDD R1VRMgAaD/X/TFz3jhV9VYsFV3RaZM3ZMyX48r+i0KQdOabuSFMAIpyB1Vj6OxhPbiS6 q9PvNsFZcPLbDFdqfJMBlHCGQgDYR1UMaZkceyXZXreERtf/+HGZM0/EuoHOT7v72ijc dnns3zTdLQgKG/dTbaTW5DVWK372aZaA895QVv2XgPEmqsxun0izEiGcg4bLu4IAwKwe R/dL6n/OKCMpmarI5S3efBW1bu8HhJrCKQfA1jf6Gl6G8bsT63wY6wRE50jB0vUPQua6 P16A==
X-Gm-Message-State: AOAM5333oF8InNAQxr2fBRWPW5nOGhDJmlQhE2l5m8kGL8jmq2Us8CFD wJCMJa7SyTmi1nXmvl3iHbqVJA2ZGwyRXx29k4qwXY2zCqg=
X-Google-Smtp-Source: ABdhPJwKKsbr8UifSS1sHqZmLlDX6I1PNqYYpWeR4Um1GTcTllV3Aw4GtiZDqy0L2B7ypY+kdSHjWIrvjd64hPNJgjA=
X-Received: by 2002:a5d:854a:: with SMTP id b10mr3171005ios.213.1637646503294;  Mon, 22 Nov 2021 21:48:23 -0800 (PST)
MIME-Version: 1.0
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org>
In-Reply-To: <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 22 Nov 2021 21:47:46 -0800
Message-ID: <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com>
To: Johan Pascal <johan.pascal@linphone.org>
Cc: Colin Perkins <csp@csperkins.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000018cbf005d16e4a9b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sjmWtzEXYTY0kFgNNHD-YR4gxC4>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 05:48:30 -0000

--00000000000018cbf005d16e4a9b
Content-Type: text/plain; charset="UTF-8"

On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org>
wrote:

> Hi,
>
> thanks for your suggestions. I know the work on hybrid design is already
> done in TLS and others . While looking for some documentation on that
> specific problem I found several protocols addressing it, each of them with
> specific details related to the protocol and that is mainly what led me to
> think that a document dedicated to hybrid scheme might make sense: it would
> save the next person trying to achieve exactly what I'm trying to do for
> ZRTP the work of reading the different specifications, parting what is
> protocol related and what is not. But the hybrid mechanism can be described
> in the PQC-ZRTP I-D itself.
>
> Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly
> security related it made more sense to me to post it on Saag. The perfect
> list to discuss it would be the potential "PQC Agility" WG if it is charted
> at some point (
> https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/).
> Is there any update on this?
>
Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol, we
generally would not publish this document out of that group.

-Ekr

Regards,
>
> Johan
> On 18/11/2021 23:43, Colin Perkins wrote:
>
> Hi Johan,
>
> ZRTP was never adopted as a working group item, but the draft was
> presented several times in the AVT working group. You might get useful
> feedback from AVTCORE.
>
> Colin
>
>
>
> On 16 Nov 2021, at 21:51, Eric Rescorla <ekr@rtfm.com> wrote:
>
> Hi Johann,
>
> As you say, there are some common design questions with any protocol which
> wants to graft PQ onto DH in a hybrid mode. There is already a fair amount
> of work in this in TLS (
> https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/), though
> it looks less like making ECDH act like a KEM and more often making the
> KEMs act like ECDH. I'm honestly not sure how much new work there is to do
> here; over in TLS we're mostly waiting for NIST. I do think it would be
> helpful to have CFRG or the like specific a PQ algorithm but I'm not sure a
> generic algorithm describing hybrid will help that much, as opposed to
> having that last mile be protocol specific
>
> Process-wise, the IETF is not maintaining ZRTP, so you would probably need
> to do an individual submission or send it to the ISE if you want to update
> it.
>
> -Ekr
>
>
>
>
> On Tue, Nov 16, 2021 at 1:32 PM Johan Pascal <johan.pascal@linphone.org>
> wrote:
>
>> Dear Saag,
>>
>> on Roman's advice, I post on this list to mention the need for an update
>> to ZRTP in order to support Post-Quantum Crytography. RFC6189 was an
>> individual submission and as far as I know no active WG is maintaining this
>> protocol.
>>
>> ZRTP is based on (EC)DH and requires a deep rework to support the KEM
>> interface used by the NIST PQ key exchange algorithms. I started working on
>> this topic, my next step would be to submit am I-D updating RFC6189 but I'm
>> far from it so if someone is interested let me know and I can share the
>> preliminary analysis to start a discussion.
>>
>>
>> Side note: The PQC version of ZRTP should actually use an hybrid key
>> exchange using both (EC)DH and PQ-KEM in parallel. Every protocol using key
>> exchange/encapsulation algorithm and willing to transition toward PQC have
>> to deal with this problem so I think it would be more effective to address
>> it in a specific document that would describe:
>>
>> - how to implement a KEM from X25519/X448 or others (EC)DH algorithms
>>
>> - how to combine the output of two or more KEMs to provide an hybrid one
>> that would be seen from the protocol level (like ZRTP for example) as a
>> single KEM.
>>
>> Some combiners suggestions can be found for example in this publication
>> https://eprint.iacr.org/2018/903.pdf
>>
>> The idea would be to avoid repeating the hybrid KEM description in
>> various documents and focus the discussions on that specific matter in one
>> central point.
>>
>> Regards,
>>
>> Johan
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
>
>

--00000000000018cbf005d16e4a9b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Nov 22, 2021 at 9:28 AM Johan=
 Pascal &lt;<a href=3D"mailto:johan.pascal@linphone.org">johan.pascal@linph=
one.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-lef=
t:1ex">
 =20
   =20
 =20
  <div>
    <p><font face=3D"Clean">Hi,</font></p>
    <p><font face=3D"Clean">thanks for your suggestions. I know the work
        on hybrid design is already done in TLS and others . While
        looking for some documentation on that specific problem I found
        several protocols addressing it, each of them with specific
        details related to the protocol and that is mainly what led me
        to think that a document dedicated to hybrid scheme might make
        sense: it would save the next person trying to achieve exactly
        what I&#39;m trying to do for ZRTP the work of reading the differen=
t
        specifications, parting what is protocol related and what is
        not. But the hybrid mechanism can be described in the PQC-ZRTP
        I-D itself.<br>
      </font></p>
    <p><font face=3D"Clean">Colin, as the problem of updating ZRTP to a
        PQ-KEM scheme is mostly security related it made more sense to
        me to post it on Saag. The perfect list to discuss it would be
        the potential &quot;PQC Agility&quot; WG if it is charted at some p=
oint
(<a href=3D"https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5=
VrNyK-c/" target=3D"_blank">https://mailarchive.ietf.org/arch/msg/saag/5uV7=
2m80X9PTGFWFyDY5VrNyK-c/</a>).
        Is there any update on this?</font></p></div></blockquote><div>Well=
, discuss it, perhaps, but given that ZRTP is not an IETF protocol, we gene=
rally would not publish this document out of that group.<br></div><div><br>=
</div><div>-Ekr</div><div><br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex"><div>
    <p><font face=3D"Clean">Regards,</font></p>
    <p><font face=3D"Clean">Johan</font></p>
    <div>On 18/11/2021 23:43, Colin Perkins
      wrote:<br>
    </div>
    <blockquote type=3D"cite">
     =20
      Hi Johan,
      <div><br>
      </div>
      <div>ZRTP was never adopted as a working group item, but
        the draft was presented several times in the AVT working group.
        You might get useful feedback from AVTCORE.
        <div><br>
        </div>
        <div>Colin</div>
        <div><br>
        </div>
        <div><br>
          <div><br>
            <blockquote type=3D"cite">
              <div>On 16 Nov 2021, at 21:51, Eric Rescorla &lt;<a href=3D"m=
ailto:ekr@rtfm.com" target=3D"_blank">ekr@rtfm.com</a>&gt;
                wrote:</div>
              <br>
              <div>
                <div dir=3D"ltr">
                  <div>Hi Johann,</div>
                  <div><br>
                  </div>
                  <div>As you say, there are some common design
                    questions with any protocol which wants to graft PQ
                    onto DH in a hybrid mode. There is already a fair
                    amount of work in this in TLS (<a href=3D"https://datat=
racker.ietf.org/doc/draft-ietf-tls-hybrid-design/" target=3D"_blank">https:=
//datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/</a>),
                    though it looks less like making ECDH act like a KEM
                    and more often making the KEMs act like ECDH. I&#39;m
                    honestly not sure how much new work there is to do
                    here; over in TLS we&#39;re mostly waiting for NIST. I
                    do think it would be helpful to have CFRG or the
                    like specific a PQ algorithm but I&#39;m not sure a
                    generic algorithm describing hybrid will help that
                    much, as opposed to having that last mile be
                    protocol specific<br>
                  </div>
                  <div><br>
                  </div>
                  <div>Process-wise, the IETF is not
                    maintaining ZRTP, so you would probably need to do
                    an individual submission or send it to the ISE if
                    you want to update it.</div>
                  <div><br>
                  </div>
                  <div>-Ekr</div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                </div>
                <br>
                <div class=3D"gmail_quote">
                  <div dir=3D"ltr" class=3D"gmail_attr">On Tue, Nov 16, 202=
1
                    at 1:32 PM Johan Pascal &lt;<a href=3D"mailto:johan.pas=
cal@linphone.org" target=3D"_blank">johan.pascal@linphone.org</a>&gt;
                    wrote:<br>
                  </div>
                  <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                    <div>
                      <p><font face=3D"Clean">Dear Saag,</font></p>
                      <p><font face=3D"Clean">on Roman&#39;s
                          advice, I post on this list to mention the
                          need for an update to ZRTP in order to support
                          Post-Quantum Crytography. RFC6189 was an
                          individual submission and as far as I know no
                          active WG is maintaining this protocol.</font></p=
>
                      <p><font face=3D"Clean">ZRTP is
                          based on (EC)DH and requires a deep rework to
                          support the KEM interface used by the NIST PQ
                          key exchange algorithms. I started working on
                          this topic, my next step would be to submit am
                          I-D updating RFC6189 but I&#39;m far from it so i=
f
                          someone is interested let me know and I can
                          share the preliminary analysis to start a
                          discussion.</font></p>
                      <p><font face=3D"Clean"><br>
                        </font></p>
                      <p><font face=3D"Clean">Side note:
                          The PQC version of ZRTP should actually use an
                          hybrid key exchange using both (EC)DH and
                          PQ-KEM in parallel. Every protocol using key
                          exchange/encapsulation algorithm and willing
                          to transition toward PQC have to deal with
                          this problem so I think it would be more
                          effective to address it in a specific document
                          that would describe:</font></p>
                      <p><font face=3D"Clean">- how to
                          implement a KEM from X25519/X448 or others
                          (EC)DH algorithms</font></p>
                      <p><font face=3D"Clean">- how to
                          combine the output of two or more KEMs to
                          provide an hybrid one that would be seen from
                          the protocol level (like ZRTP for example) as
                          a single KEM.</font></p>
                      <p><font face=3D"Clean">Some
                          combiners suggestions can be found for example
                          in this publication <a href=3D"https://eprint.iac=
r.org/2018/903.pdf" target=3D"_blank">https://eprint.iacr.org/2018/903.pdf<=
/a></font></p>
                      <p><font face=3D"Clean">The idea
                          would be to avoid repeating the hybrid KEM
                          description in various documents and focus the
                          discussions on that specific matter in one
                          central point.<br>
                        </font></p>
                      <p><font face=3D"Clean">Regards,</font></p>
                      <p><font face=3D"Clean">Johan<br>
                        </font></p>
                    </div>
                    _______________________________________________<br>
                    saag mailing list<br>
                    <a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag=
@ietf.org</a><br>
                    <a href=3D"https://www.ietf.org/mailman/listinfo/saag" =
rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/mailman/listinfo/=
saag</a><br>
                  </blockquote>
                </div>
                _______________________________________________<br>
                saag mailing list<br>
                <a href=3D"mailto:saag@ietf.org" target=3D"_blank">saag@iet=
f.org</a><br>
                <a href=3D"https://www.ietf.org/mailman/listinfo/saag" targ=
et=3D"_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
              </div>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
  </div>

</blockquote></div></div>

--00000000000018cbf005d16e4a9b--


From nobody Mon Nov 22 22:27:26 2021
Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99FA93A07E0 for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 22:27:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level: 
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27q39niqfGpU for <saag@ietfa.amsl.com>; Mon, 22 Nov 2021 22:27:19 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40A053A07DD for <saag@ietf.org>; Mon, 22 Nov 2021 22:27:19 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1AN6RCUp024963 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Nov 2021 01:27:16 -0500
Date: Mon, 22 Nov 2021 22:27:12 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Johan Pascal <johan.pascal@linphone.org>, IETF SAAG <saag@ietf.org>
Message-ID: <20211123062712.GB93060@kduck.mit.edu>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/AYh9ZUqXN3doVOH4bdJDEK_5la4>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 06:27:25 -0000

On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote:
> On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org>
> wrote:
> 
> > Hi,
> >
> > thanks for your suggestions. I know the work on hybrid design is already
> > done in TLS and others . While looking for some documentation on that
> > specific problem I found several protocols addressing it, each of them with
> > specific details related to the protocol and that is mainly what led me to
> > think that a document dedicated to hybrid scheme might make sense: it would
> > save the next person trying to achieve exactly what I'm trying to do for
> > ZRTP the work of reading the different specifications, parting what is
> > protocol related and what is not. But the hybrid mechanism can be described
> > in the PQC-ZRTP I-D itself.
> >
> > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly
> > security related it made more sense to me to post it on Saag. The perfect
> > list to discuss it would be the potential "PQC Agility" WG if it is charted
> > at some point (
> > https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/).
> > Is there any update on this?
> >
> Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol, we
> generally would not publish this document out of that group.

Sorry for splitting hairs, but RFC 6189 does have the "represents the
consensus of the IETF community" boilerplate, that would seem to  make it
an IETF protocol by at least some definitions.

-Ben


From nobody Tue Nov 23 04:17:01 2021
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1A03A067A for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:16:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level: 
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i_S_eO6RKHy2 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:16:53 -0800 (PST)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F0043A064B for <saag@ietf.org>; Tue, 23 Nov 2021 04:16:53 -0800 (PST)
Received: by mail-io1-xd2e.google.com with SMTP id k21so27660364ioh.4 for <saag@ietf.org>; Tue, 23 Nov 2021 04:16:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Fc68S8d7qyU22XYlSK7xi6pQTr7tNDHRIoPy8s2Bskc=; b=BS1QLuX6mdYHA6fUp81fA+Na6Pf1K9mNsGJruw6Uf0DM9h60TGlrmV9U3B1sQN7PRZ y7M1tbkkMiX6v6tfXyjqKmQRVqbU3xFTufngQOl0fstAvKTMOT0Y97SH7i8rA9UOrPBb Q5lCnjSwQXT0rZRZeWEtdHxdYRdzVRaSoprvXHVZ9EyhF+9yv/pXtVjshOhzrN61cAa4 PIx/ponc/1NhpzNr7IkGq21f2auKK0CM0G6DffAMD4E3k+BGLJiQSng+w6GXTr/gK3NP Xv5BQ0ejC/I3Tdj0uGflnPPAgEGtJqaGEoRHd+tZk6j6S8QrOMfMqMoQx3VoQY8PsOnj EuAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Fc68S8d7qyU22XYlSK7xi6pQTr7tNDHRIoPy8s2Bskc=; b=KcTw8anjxOTNm7lgrzb1Ji82toO03pTz9KOzvcxKfrlnDGe5OVQIeeJuhMpXbLyj7w ozzl9o+rUmVhpCWsULP7WjUo3tlZTvlfL7z3x9J4NFykkVlMS3CjswoffQ/UFoX/OSW+ ggEiu5DzL0FyhhBZqWhJscpnUTJVlNujHatxItiKLGyfuqrVUbSlv0du+FSs0G3SOsym oYyX9Fa8Z3XsbD/9oNwKL39DvERno2VpT/rZDLtvf5xq0dosr+ze75A5tnhDlul97zoW +Imv9/n1EGSCpOSKghp/ZzeYazwxQxptrBtiMcXy5soW7TAqEatOrVUcNtgQJFe5eupj 3hng==
X-Gm-Message-State: AOAM5304TxF4gkALNVqA4ZyEtiOrWO/MRQBSE0j53s0l+Wa+m9qq3U7n i9yh9no5JBMZLXSvbMIcxZ+f4IRu+XdFmyC4/kg8OA==
X-Google-Smtp-Source: ABdhPJyjLoaj/tJ6lkEK9BReQS29DCiqYH89ry4Jp0KX7xF7qe//IzBUvufJRjbx55TNSHmccgfpeyQ8sJZ4JNtGCq8=
X-Received: by 2002:a05:6638:130f:: with SMTP id r15mr5488394jad.19.1637669811570;  Tue, 23 Nov 2021 04:16:51 -0800 (PST)
MIME-Version: 1.0
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu>
In-Reply-To: <20211123062712.GB93060@kduck.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 23 Nov 2021 04:16:13 -0800
Message-ID: <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Johan Pascal <johan.pascal@linphone.org>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000060e02e05d173b798"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/JWVH22AAECCoQCvos9rNZuJDvwo>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 12:16:59 -0000

--00000000000060e02e05d173b798
Content-Type: text/plain; charset="UTF-8"

On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote:
> > On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org>
> > wrote:
> >
> > > Hi,
> > >
> > > thanks for your suggestions. I know the work on hybrid design is
> already
> > > done in TLS and others . While looking for some documentation on that
> > > specific problem I found several protocols addressing it, each of them
> with
> > > specific details related to the protocol and that is mainly what led
> me to
> > > think that a document dedicated to hybrid scheme might make sense: it
> would
> > > save the next person trying to achieve exactly what I'm trying to do
> for
> > > ZRTP the work of reading the different specifications, parting what is
> > > protocol related and what is not. But the hybrid mechanism can be
> described
> > > in the PQC-ZRTP I-D itself.
> > >
> > > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly
> > > security related it made more sense to me to post it on Saag. The
> perfect
> > > list to discuss it would be the potential "PQC Agility" WG if it is
> charted
> > > at some point (
> > >
> https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/).
> > > Is there any update on this?
> > >
> > Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol,
> we
> > generally would not publish this document out of that group.
>
> Sorry for splitting hairs, but RFC 6189 does have the "represents the
> consensus of the IETF community" boilerplate, that would seem to  make it
> an IETF protocol by at least some definitions.
>

Without taking a position on whether this was hair splitting, ZRTP was not
developed by an IETF WG. It was externally developed and then published
as Informational.

-Ekr

--00000000000060e02e05d173b798
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Nov 22, 2021 at 10:27 PM Benj=
amin Kaduk &lt;<a href=3D"mailto:kaduk@mit.edu">kaduk@mit.edu</a>&gt; wrote=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, Nov 22=
, 2021 at 09:47:46PM -0800, Eric Rescorla wrote:<br>
&gt; On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal &lt;<a href=3D"mailto:joh=
an.pascal@linphone.org" target=3D"_blank">johan.pascal@linphone.org</a>&gt;=
<br>
&gt; wrote:<br>
&gt; <br>
&gt; &gt; Hi,<br>
&gt; &gt;<br>
&gt; &gt; thanks for your suggestions. I know the work on hybrid design is =
already<br>
&gt; &gt; done in TLS and others . While looking for some documentation on =
that<br>
&gt; &gt; specific problem I found several protocols addressing it, each of=
 them with<br>
&gt; &gt; specific details related to the protocol and that is mainly what =
led me to<br>
&gt; &gt; think that a document dedicated to hybrid scheme might make sense=
: it would<br>
&gt; &gt; save the next person trying to achieve exactly what I&#39;m tryin=
g to do for<br>
&gt; &gt; ZRTP the work of reading the different specifications, parting wh=
at is<br>
&gt; &gt; protocol related and what is not. But the hybrid mechanism can be=
 described<br>
&gt; &gt; in the PQC-ZRTP I-D itself.<br>
&gt; &gt;<br>
&gt; &gt; Colin, as the problem of updating ZRTP to a PQ-KEM scheme is most=
ly<br>
&gt; &gt; security related it made more sense to me to post it on Saag. The=
 perfect<br>
&gt; &gt; list to discuss it would be the potential &quot;PQC Agility&quot;=
 WG if it is charted<br>
&gt; &gt; at some point (<br>
&gt; &gt; <a href=3D"https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9P=
TGFWFyDY5VrNyK-c/" rel=3D"noreferrer" target=3D"_blank">https://mailarchive=
.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/</a>).<br>
&gt; &gt; Is there any update on this?<br>
&gt; &gt;<br>
&gt; Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol=
, we<br>
&gt; generally would not publish this document out of that group.<br>
<br>
Sorry for splitting hairs, but RFC 6189 does have the &quot;represents the<=
br>
consensus of the IETF community&quot; boilerplate, that would seem to=C2=A0=
 make it<br>
an IETF protocol by at least some definitions.<br></blockquote><div><br></d=
iv><div>Without taking a position on whether this was hair splitting, ZRTP =
was not</div><div>developed by an IETF WG. It was externally developed and =
then published</div><div>as Informational.<br></div><div><br></div><div>-Ek=
r</div></div></div>

--00000000000060e02e05d173b798--


From nobody Tue Nov 23 04:55:23 2021
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC65E3A07BC for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ATg4Jd6p; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ATg4Jd6p
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EphYlZuoko0D for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:55:15 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2071.outbound.protection.outlook.com [40.107.21.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D013A07B8 for <saag@ietf.org>; Tue, 23 Nov 2021 04:55:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=ATg4Jd6py7s5djZtl6yuOtLHrM1hfo3DRwaoZ6A0mLhm+91d8t2Ox7sfSm9viQsBA3j4LXM2H1rWF7IJgRrT860BAqfA7o/0hMaFUtKm/i4ocfDtNy80iPf50M0wLlFGNqsPQ1E0EdLfyioaFOBvnW373862m++q9SZ/ESWTYAc=
Received: from AM6P194CA0014.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:90::27) by PAXPR08MB6944.eurprd08.prod.outlook.com (2603:10a6:102:135::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.10; Tue, 23 Nov 2021 12:55:08 +0000
Received: from VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:90:cafe::85) by AM6P194CA0014.outlook.office365.com (2603:10a6:209:90::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.21 via Frontend Transport; Tue, 23 Nov 2021 12:55:08 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT011.mail.protection.outlook.com (10.152.18.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Tue, 23 Nov 2021 12:55:08 +0000
Received: ("Tessian outbound 157533e214a9:v110"); Tue, 23 Nov 2021 12:55:07 +0000
X-CR-MTA-TID: 64aa7808
Received: from 8c38ec98ff15.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 437FA937-C854-40B4-B0F4-2C07CB7D00D5.1;  Tue, 23 Nov 2021 12:55:01 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8c38ec98ff15.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 23 Nov 2021 12:55:01 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lR1FZiaDiGngNv4XfR0MW0/MXkj22gio7HXn2V+hYz10VWVXAiPF74TX81fPHjup1erar7nI6BUNalJx7A94EGBsv+VXz+WvF3RXjZURY37sCXN9CjKD7yj3WIHu8d8x2sMrp92F9Wh3Z1mOPFnM4s5ka4/fq1liB+ItBLlL4ktsYZ7nOLTwR7RId91/2eUrVAO+b95pw8fuCy5xLzvj/AIe95fqsK0Wh9baiNRuFdRRhJmoSy7wSZx6NUW0rvdYg0nah55N3LSVNQX0TUh570JQKxfhjEPrqbXBVZxkB3VcSf0uxl4U3o+ZLIc+tYr0NdbPBQQ15sj120RDK6GFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=SN2CGBG4mK18wHTOgBdyl7ECkxoc2YSa1fcFimHaGwwfuXrvRp3nUQ68V9vjv36eXL5Yyg6LmiWAgAeK8jVZ9YRbMkyVppI84bJ93Fq9ALB8UDEhIoTkLLbNp0Q7FepT+5pNYULxJ2vJxJu2jgkIKyAeM2s2eiFKVhIr1O5ID79jrhx/SQ2y9HiGcu20VSy41eV2ipg50sq5ydeabmUSUug86utYxuF03niHQ3ncNZOqd2dpOS81r3XdJdrvWgmAhP8JhRxjO4MYI9Hkf3ffgFVpFyMpgIuVFpWLAD3SdtWZka06t2sRSXYXkpNKw//HFfck4T5etNWWxSnWqnlpig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=ATg4Jd6py7s5djZtl6yuOtLHrM1hfo3DRwaoZ6A0mLhm+91d8t2Ox7sfSm9viQsBA3j4LXM2H1rWF7IJgRrT860BAqfA7o/0hMaFUtKm/i4ocfDtNy80iPf50M0wLlFGNqsPQ1E0EdLfyioaFOBvnW373862m++q9SZ/ESWTYAc=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DBBPR08MB4792.eurprd08.prod.outlook.com (2603:10a6:10:df::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.20; Tue, 23 Nov 2021 12:54:58 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55%9]) with mapi id 15.20.4713.026; Tue, 23 Nov 2021 12:54:58 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
Thread-Index: AQHX2zGAlmuoDbQj5U6no/pifdCekKwGsdsAgAMzOACABfErAIAAzqYAgAALBQCAAGGEgIAACaYQ
Date: Tue, 23 Nov 2021 12:54:58 +0000
Message-ID: <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
In-Reply-To: <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ts-tracking-id: 4FA75D31FBB6264686970C23E0C80E84.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: bba4cbd2-1e66-4fea-2f40-08d9ae807a65
x-ms-traffictypediagnostic: DBBPR08MB4792:|PAXPR08MB6944:
X-Microsoft-Antispam-PRVS: <PAXPR08MB6944AD87B88F66E652EF48BFFA609@PAXPR08MB6944.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: IgTl8ykztE/L10kCYH9WWLvrmwO8Ox2I1lSCnrRJjGeZt5k/34sner+Ys9Yp/UKcIRgO6u6ISkODCXEV2qh5FPATbJfuFeTHcehx2ybzTYBcSPE0FcMg4ch9a+DWibV7N6Jokor0QhhdrhdM5Y4tMuYAxs6AGNXzbCDdbC/jdJD72gUZ/PXfKZdjZcOKm1x45ZRDau4M4+Vz2T/mve4NWZuBqu/e15vqXMNWBWaet8kTkdWwjGvgRx7itktjWmrHCERLvxsiUAT2YuGCvusjcw3bRPaZbiDlRyqJAgCfdb2g/mXLjFk8wbO2AGCx4izp+fcRvH99HgCjtHLhKepaLggTlCHJkH/uFQZLXMi89j5XRAzIt1n96FQbyV3NIaztFFn3YhNVJyctj7HzPXjPx0OM1frb5R3C6o9b2CvDxEA5z6W2/HCAhLAzWmPJ9jGTiic7nVgMRWYlB/KkwBGr57NhwGG9+6tOFEpSGBD4Q06mFv0KTlVaZMMT+xH+ZykumS61e/uZAVhyDUVXWnNdPGFCrqyA9udRubhM3r84pyZQSEJafo0HHMSQuoByjyGq3FyNmS4vVAbhKKd5A2trPVTpeW969JIJ2YXvNGmjFkDJfz9M+KtCh8cDUzk5/vIzeQwUIJqymCuPoIF9kZ7PIBNcLH/l7XG6HvriwQMMSbNShInShI+Pa3HDaqa2dCRvRnqxNZXh4jYS8oIua/IbEPd0HWaGxY20PunNWlXL8pNVy6Qz8ZwZPx6Vl5jGR6/WLuAlDSH/FmSQN/FNJfAJdYbG+XTPRbfgetp80sn7GN4=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(71200400001)(316002)(7696005)(186003)(4326008)(33656002)(76116006)(66946007)(64756008)(66446008)(110136005)(5660300002)(26005)(2906002)(6506007)(53546011)(52536014)(66556008)(66476007)(508600001)(9686003)(966005)(8936002)(38100700002)(86362001)(83380400001)(122000001)(55016003)(166002)(38070700005); DIR:OUT; SFP:1101; 
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915BA7BF9B7D3E115B974DBFA609DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4792
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: c0cfa2b4-60b2-431a-533d-08d9ae8074a9
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: CWORfNgW9q/8X/MmnxJwBVbDX/JMfqd0kebZUXFfctkqMnEdOvfrZlkJyQVHv9xXeGbESe5cb3ubf4ntyOSzBYE9BBYjbMPBnlbGT6XS8a2d9pQDZG68lhCda+tlbneMkeca5Fw8meaLgrxitFWAWT1Vmzh7B8CcpzPy9pUTS6JrGkyjlVsCCBxjsgQvkIltD9J0gm8gGtBXtgFVn8leX4WPK03tMNSDJIPxaDBrVvFlvmSM3YKlkJaHrno5zcdHoujyFc5p9vUrLNyV1auLRLIzQpAEbGgYIQQsmyPC6puLLFjAxnnsLmK/M2tEDiu3A+kEKEAeLdJacpSwFv2UhxQrXl7c0+gpsS+8o0n9CUhbU46Qz7s3goU4kO4YQIj2bXmg/lCwhcVBZijhSTVB+RIyiudCrsI4ieiC6jhLod0+7d3wAOCelEwPTGstoSHjIgIpEAD5kMriGRHLvk70v+m2ReiiMwicYLWK2NLCMAziFgiLcHDh08eVOVJ/UmWi6zupZXWPTuIfsGJMRKMhTpl0CLQesgqn7ELjgnVhG76fEHThqNmOGRVP63mkXhoiKBj/kOhqk0ONvYyfI4vlJxYdKamZba5kAgJHQHn7fk7j68dnV1uM/IJUxTjPcUmnbJSEQ/2Xh4szA3WE1LfqwYJ/6YZ+xqUbBUi16VmAZZZX7/xoJNlMuD0zcT+jk+YR3Xo3fUtrDXoEHELbzSUtVUis7b4Aqwy8EssCEadCMn9c6sIn0xEiNhtiGtd+BJ9mVcyb1EQ4NF4+eGV5uHND2v5QhCMNkfSCCQySlW8OhBE=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;  IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;  PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(26005)(8936002)(2906002)(33964004)(47076005)(186003)(8676002)(86362001)(7696005)(110136005)(53546011)(82310400004)(166002)(4326008)(6506007)(316002)(5660300002)(52536014)(81166007)(83380400001)(966005)(9686003)(508600001)(33656002)(70586007)(356005)(70206006)(336012)(36860700001)(55016003); DIR:OUT; SFP:1101; 
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Nov 2021 12:55:08.0704 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bba4cbd2-1e66-4fea-2f40-08d9ae807a65
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];  Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6944
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/P3bg3Ng3MNv6Xf51vxT9usNAsD8>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 12:55:21 -0000

--_000_DBBPR08MB5915BA7BF9B7D3E115B974DBFA609DBBPR08MB5915eurp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

QmVuLA0KDQp0aGlzIHNob3dzIHRoYXQgZXZlbiBJRVRGIGV4cGVydHMgaGF2ZSBhIGhhcmQgdGlt
ZSBkaWZmZXJlbnRpYXRpbmcgSUVURiBjb25zZW5zdXMgZG9jdW1lbnRzIGZyb20gdGhvc2Ugd2hv
IGFyZW7igJl0Lg0KSSB3b25kZXIgaG93IG9mdGVuIHBlb3BsZSBiZWxpZXZlZCB0aGF0IFpSVFAg
d2FzIHRoZSBwcm9kdWN0IG9mIGFuIElFVEYgd29ya2luZyBncm91cC4NCg0KQSBmZXcgeWVhcnMg
aGF2ZSBwYXNzZWQgc2luY2UgdGhlIHB1YmxpY2F0aW9uIG9mIFpSVFAgYW5kIGF0dGFja2VyIGNh
cGFiaWxpdGllcyBoYXZlIGNoYW5nZWQuIEkgYW0gd29uZGVyaW5nIHdoZXRoZXIgdGhlIHNlY3Vy
aXR5IG1vZGVsIG9mIFpSVFAgaXMgc3RpbGwgbWVhbmluZ2Z1bCB0b2RheS4NCg0KQ2lhbw0KSGFu
bmVzDQoNCg0KRnJvbTogc2FhZyA8c2FhZy1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2Yg
RXJpYyBSZXNjb3JsYQ0KU2VudDogVHVlc2RheSwgTm92ZW1iZXIgMjMsIDIwMjEgMToxNiBQTQ0K
VG86IEJlbmphbWluIEthZHVrIDxrYWR1a0BtaXQuZWR1Pg0KQ2M6IElFVEYgU0FBRyA8c2FhZ0Bp
ZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbc2FhZ10gUFFDIGluIFpSVFAgKFJGQzYxODkpIGFuZCBo
eWJyaWQgS0VNDQoNCg0KDQpPbiBNb24sIE5vdiAyMiwgMjAyMSBhdCAxMDoyNyBQTSBCZW5qYW1p
biBLYWR1ayA8a2FkdWtAbWl0LmVkdTxtYWlsdG86a2FkdWtAbWl0LmVkdT4+IHdyb3RlOg0KT24g
TW9uLCBOb3YgMjIsIDIwMjEgYXQgMDk6NDc6NDZQTSAtMDgwMCwgRXJpYyBSZXNjb3JsYSB3cm90
ZToNCj4gT24gTW9uLCBOb3YgMjIsIDIwMjEgYXQgOToyOCBBTSBKb2hhbiBQYXNjYWwgPGpvaGFu
LnBhc2NhbEBsaW5waG9uZS5vcmc8bWFpbHRvOmpvaGFuLnBhc2NhbEBsaW5waG9uZS5vcmc+Pg0K
PiB3cm90ZToNCj4NCj4gPiBIaSwNCj4gPg0KPiA+IHRoYW5rcyBmb3IgeW91ciBzdWdnZXN0aW9u
cy4gSSBrbm93IHRoZSB3b3JrIG9uIGh5YnJpZCBkZXNpZ24gaXMgYWxyZWFkeQ0KPiA+IGRvbmUg
aW4gVExTIGFuZCBvdGhlcnMgLiBXaGlsZSBsb29raW5nIGZvciBzb21lIGRvY3VtZW50YXRpb24g
b24gdGhhdA0KPiA+IHNwZWNpZmljIHByb2JsZW0gSSBmb3VuZCBzZXZlcmFsIHByb3RvY29scyBh
ZGRyZXNzaW5nIGl0LCBlYWNoIG9mIHRoZW0gd2l0aA0KPiA+IHNwZWNpZmljIGRldGFpbHMgcmVs
YXRlZCB0byB0aGUgcHJvdG9jb2wgYW5kIHRoYXQgaXMgbWFpbmx5IHdoYXQgbGVkIG1lIHRvDQo+
ID4gdGhpbmsgdGhhdCBhIGRvY3VtZW50IGRlZGljYXRlZCB0byBoeWJyaWQgc2NoZW1lIG1pZ2h0
IG1ha2Ugc2Vuc2U6IGl0IHdvdWxkDQo+ID4gc2F2ZSB0aGUgbmV4dCBwZXJzb24gdHJ5aW5nIHRv
IGFjaGlldmUgZXhhY3RseSB3aGF0IEknbSB0cnlpbmcgdG8gZG8gZm9yDQo+ID4gWlJUUCB0aGUg
d29yayBvZiByZWFkaW5nIHRoZSBkaWZmZXJlbnQgc3BlY2lmaWNhdGlvbnMsIHBhcnRpbmcgd2hh
dCBpcw0KPiA+IHByb3RvY29sIHJlbGF0ZWQgYW5kIHdoYXQgaXMgbm90LiBCdXQgdGhlIGh5YnJp
ZCBtZWNoYW5pc20gY2FuIGJlIGRlc2NyaWJlZA0KPiA+IGluIHRoZSBQUUMtWlJUUCBJLUQgaXRz
ZWxmLg0KPiA+DQo+ID4gQ29saW4sIGFzIHRoZSBwcm9ibGVtIG9mIHVwZGF0aW5nIFpSVFAgdG8g
YSBQUS1LRU0gc2NoZW1lIGlzIG1vc3RseQ0KPiA+IHNlY3VyaXR5IHJlbGF0ZWQgaXQgbWFkZSBt
b3JlIHNlbnNlIHRvIG1lIHRvIHBvc3QgaXQgb24gU2FhZy4gVGhlIHBlcmZlY3QNCj4gPiBsaXN0
IHRvIGRpc2N1c3MgaXQgd291bGQgYmUgdGhlIHBvdGVudGlhbCAiUFFDIEFnaWxpdHkiIFdHIGlm
IGl0IGlzIGNoYXJ0ZWQNCj4gPiBhdCBzb21lIHBvaW50ICgNCj4gPiBodHRwczovL21haWxhcmNo
aXZlLmlldGYub3JnL2FyY2gvbXNnL3NhYWcvNXVWNzJtODBYOVBUR0ZXRnlEWTVWck55Sy1jLyku
DQo+ID4gSXMgdGhlcmUgYW55IHVwZGF0ZSBvbiB0aGlzPw0KPiA+DQo+IFdlbGwsIGRpc2N1c3Mg
aXQsIHBlcmhhcHMsIGJ1dCBnaXZlbiB0aGF0IFpSVFAgaXMgbm90IGFuIElFVEYgcHJvdG9jb2ws
IHdlDQo+IGdlbmVyYWxseSB3b3VsZCBub3QgcHVibGlzaCB0aGlzIGRvY3VtZW50IG91dCBvZiB0
aGF0IGdyb3VwLg0KDQpTb3JyeSBmb3Igc3BsaXR0aW5nIGhhaXJzLCBidXQgUkZDIDYxODkgZG9l
cyBoYXZlIHRoZSAicmVwcmVzZW50cyB0aGUNCmNvbnNlbnN1cyBvZiB0aGUgSUVURiBjb21tdW5p
dHkiIGJvaWxlcnBsYXRlLCB0aGF0IHdvdWxkIHNlZW0gdG8gIG1ha2UgaXQNCmFuIElFVEYgcHJv
dG9jb2wgYnkgYXQgbGVhc3Qgc29tZSBkZWZpbml0aW9ucy4NCg0KV2l0aG91dCB0YWtpbmcgYSBw
b3NpdGlvbiBvbiB3aGV0aGVyIHRoaXMgd2FzIGhhaXIgc3BsaXR0aW5nLCBaUlRQIHdhcyBub3QN
CmRldmVsb3BlZCBieSBhbiBJRVRGIFdHLiBJdCB3YXMgZXh0ZXJuYWxseSBkZXZlbG9wZWQgYW5k
IHRoZW4gcHVibGlzaGVkDQphcyBJbmZvcm1hdGlvbmFsLg0KDQotRWtyDQpJTVBPUlRBTlQgTk9U
SUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBj
b25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRo
ZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVs
eSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1
c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBp
biBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=

--_000_DBBPR08MB5915BA7BF9B7D3E115B974DBFA609DBBPR08MB5915eurp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx
IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg
NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i
Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg
Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp
bjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm
O30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K
CWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLkVtYWlsU3R5
bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2Fs
aWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJ
e21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z
LXNlcmlmO30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJn
aW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldv
cmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hh
cGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlm
XS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQi
Pg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94
bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIg
dmxpbms9InB1cnBsZSIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYgY2xhc3M9
IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5CZW4sIDxvOnA+PC9vOnA+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj50aGlzIHNob3dzIHRoYXQgZXZlbiBJRVRGIGV4cGVydHMgaGF2ZSBhIGhhcmQg
dGltZSBkaWZmZXJlbnRpYXRpbmcgSUVURiBjb25zZW5zdXMgZG9jdW1lbnRzIGZyb20gdGhvc2Ug
d2hvIGFyZW7igJl0Lg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIHdv
bmRlciBob3cgb2Z0ZW4gcGVvcGxlIGJlbGlldmVkIHRoYXQgWlJUUCB3YXMgdGhlIHByb2R1Y3Qg
b2YgYW4gSUVURiB3b3JraW5nIGdyb3VwLg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkEgZmV3
IHllYXJzIGhhdmUgcGFzc2VkIHNpbmNlIHRoZSBwdWJsaWNhdGlvbiBvZiBaUlRQIGFuZCBhdHRh
Y2tlciBjYXBhYmlsaXRpZXMgaGF2ZSBjaGFuZ2VkLiBJIGFtIHdvbmRlcmluZyB3aGV0aGVyIHRo
ZSBzZWN1cml0eSBtb2RlbCBvZiBaUlRQIGlzIHN0aWxsIG1lYW5pbmdmdWwgdG9kYXkuPG86cD48
L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPkNpYW88bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPkhhbm5lczxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtw
YWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206
PC9iPiBzYWFnICZsdDtzYWFnLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IDxiPk9uIEJlaGFsZiBPZiA8
L2I+DQpFcmljIFJlc2NvcmxhPGJyPg0KPGI+U2VudDo8L2I+IFR1ZXNkYXksIE5vdmVtYmVyIDIz
LCAyMDIxIDE6MTYgUE08YnI+DQo8Yj5Ubzo8L2I+IEJlbmphbWluIEthZHVrICZsdDtrYWR1a0Bt
aXQuZWR1Jmd0Ozxicj4NCjxiPkNjOjwvYj4gSUVURiBTQUFHICZsdDtzYWFnQGlldGYub3JnJmd0
Ozxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW3NhYWddIFBRQyBpbiBaUlRQIChSRkM2MTg5KSBh
bmQgaHlicmlkIEtFTTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5P
biBNb24sIE5vdiAyMiwgMjAyMSBhdCAxMDoyNyBQTSBCZW5qYW1pbiBLYWR1ayAmbHQ7PGEgaHJl
Zj0ibWFpbHRvOmthZHVrQG1pdC5lZHUiPmthZHVrQG1pdC5lZHU8L2E+Jmd0OyB3cm90ZTo8bzpw
PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl
ci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJn
aW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9u
IE1vbiwgTm92IDIyLCAyMDIxIGF0IDA5OjQ3OjQ2UE0gLTA4MDAsIEVyaWMgUmVzY29ybGEgd3Jv
dGU6PGJyPg0KJmd0OyBPbiBNb24sIE5vdiAyMiwgMjAyMSBhdCA5OjI4IEFNIEpvaGFuIFBhc2Nh
bCAmbHQ7PGEgaHJlZj0ibWFpbHRvOmpvaGFuLnBhc2NhbEBsaW5waG9uZS5vcmciIHRhcmdldD0i
X2JsYW5rIj5qb2hhbi5wYXNjYWxAbGlucGhvbmUub3JnPC9hPiZndDs8YnI+DQomZ3Q7IHdyb3Rl
Ojxicj4NCiZndDsgPGJyPg0KJmd0OyAmZ3Q7IEhpLDxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsg
Jmd0OyB0aGFua3MgZm9yIHlvdXIgc3VnZ2VzdGlvbnMuIEkga25vdyB0aGUgd29yayBvbiBoeWJy
aWQgZGVzaWduIGlzIGFscmVhZHk8YnI+DQomZ3Q7ICZndDsgZG9uZSBpbiBUTFMgYW5kIG90aGVy
cyAuIFdoaWxlIGxvb2tpbmcgZm9yIHNvbWUgZG9jdW1lbnRhdGlvbiBvbiB0aGF0PGJyPg0KJmd0
OyAmZ3Q7IHNwZWNpZmljIHByb2JsZW0gSSBmb3VuZCBzZXZlcmFsIHByb3RvY29scyBhZGRyZXNz
aW5nIGl0LCBlYWNoIG9mIHRoZW0gd2l0aDxicj4NCiZndDsgJmd0OyBzcGVjaWZpYyBkZXRhaWxz
IHJlbGF0ZWQgdG8gdGhlIHByb3RvY29sIGFuZCB0aGF0IGlzIG1haW5seSB3aGF0IGxlZCBtZSB0
bzxicj4NCiZndDsgJmd0OyB0aGluayB0aGF0IGEgZG9jdW1lbnQgZGVkaWNhdGVkIHRvIGh5YnJp
ZCBzY2hlbWUgbWlnaHQgbWFrZSBzZW5zZTogaXQgd291bGQ8YnI+DQomZ3Q7ICZndDsgc2F2ZSB0
aGUgbmV4dCBwZXJzb24gdHJ5aW5nIHRvIGFjaGlldmUgZXhhY3RseSB3aGF0IEknbSB0cnlpbmcg
dG8gZG8gZm9yPGJyPg0KJmd0OyAmZ3Q7IFpSVFAgdGhlIHdvcmsgb2YgcmVhZGluZyB0aGUgZGlm
ZmVyZW50IHNwZWNpZmljYXRpb25zLCBwYXJ0aW5nIHdoYXQgaXM8YnI+DQomZ3Q7ICZndDsgcHJv
dG9jb2wgcmVsYXRlZCBhbmQgd2hhdCBpcyBub3QuIEJ1dCB0aGUgaHlicmlkIG1lY2hhbmlzbSBj
YW4gYmUgZGVzY3JpYmVkPGJyPg0KJmd0OyAmZ3Q7IGluIHRoZSBQUUMtWlJUUCBJLUQgaXRzZWxm
Ljxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0OyBDb2xpbiwgYXMgdGhlIHByb2JsZW0gb2Yg
dXBkYXRpbmcgWlJUUCB0byBhIFBRLUtFTSBzY2hlbWUgaXMgbW9zdGx5PGJyPg0KJmd0OyAmZ3Q7
IHNlY3VyaXR5IHJlbGF0ZWQgaXQgbWFkZSBtb3JlIHNlbnNlIHRvIG1lIHRvIHBvc3QgaXQgb24g
U2FhZy4gVGhlIHBlcmZlY3Q8YnI+DQomZ3Q7ICZndDsgbGlzdCB0byBkaXNjdXNzIGl0IHdvdWxk
IGJlIHRoZSBwb3RlbnRpYWwgJnF1b3Q7UFFDIEFnaWxpdHkmcXVvdDsgV0cgaWYgaXQgaXMgY2hh
cnRlZDxicj4NCiZndDsgJmd0OyBhdCBzb21lIHBvaW50ICg8YnI+DQomZ3Q7ICZndDsgPGEgaHJl
Zj0iaHR0cHM6Ly9tYWlsYXJjaGl2ZS5pZXRmLm9yZy9hcmNoL21zZy9zYWFnLzV1VjcybTgwWDlQ
VEdGV0Z5RFk1VnJOeUstYy8iIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vbWFpbGFyY2hpdmUu
aWV0Zi5vcmcvYXJjaC9tc2cvc2FhZy81dVY3Mm04MFg5UFRHRldGeURZNVZyTnlLLWMvPC9hPiku
PGJyPg0KJmd0OyAmZ3Q7IElzIHRoZXJlIGFueSB1cGRhdGUgb24gdGhpcz88YnI+DQomZ3Q7ICZn
dDs8YnI+DQomZ3Q7IFdlbGwsIGRpc2N1c3MgaXQsIHBlcmhhcHMsIGJ1dCBnaXZlbiB0aGF0IFpS
VFAgaXMgbm90IGFuIElFVEYgcHJvdG9jb2wsIHdlPGJyPg0KJmd0OyBnZW5lcmFsbHkgd291bGQg
bm90IHB1Ymxpc2ggdGhpcyBkb2N1bWVudCBvdXQgb2YgdGhhdCBncm91cC48YnI+DQo8YnI+DQpT
b3JyeSBmb3Igc3BsaXR0aW5nIGhhaXJzLCBidXQgUkZDIDYxODkgZG9lcyBoYXZlIHRoZSAmcXVv
dDtyZXByZXNlbnRzIHRoZTxicj4NCmNvbnNlbnN1cyBvZiB0aGUgSUVURiBjb21tdW5pdHkmcXVv
dDsgYm9pbGVycGxhdGUsIHRoYXQgd291bGQgc2VlbSB0byZuYnNwOyBtYWtlIGl0PGJyPg0KYW4g
SUVURiBwcm90b2NvbCBieSBhdCBsZWFzdCBzb21lIGRlZmluaXRpb25zLjxvOnA+PC9vOnA+PC9w
Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7
PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+V2l0aG91dCB0
YWtpbmcgYSBwb3NpdGlvbiBvbiB3aGV0aGVyIHRoaXMgd2FzIGhhaXIgc3BsaXR0aW5nLCBaUlRQ
IHdhcyBub3Q8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPmRldmVsb3BlZCBieSBhbiBJRVRGIFdHLiBJdCB3YXMgZXh0ZXJuYWxseSBkZXZlbG9wZWQg
YW5kIHRoZW4gcHVibGlzaGVkPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj5hcyBJbmZvcm1hdGlvbmFsLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tRWtyPG86cD48L286cD48L3A+DQo8L2Rpdj4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhh
bmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_DBBPR08MB5915BA7BF9B7D3E115B974DBFA609DBBPR08MB5915eurp_--


From nobody Tue Nov 23 08:20:46 2021
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 261273A03FF for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 08:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level: 
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXBYZw1aGtE6 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 08:20:40 -0800 (PST)
Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDE9F3A03EA for <saag@ietf.org>; Tue, 23 Nov 2021 08:20:40 -0800 (PST)
Received: by mail-il1-x12e.google.com with SMTP id w4so11115311ilv.12 for <saag@ietf.org>; Tue, 23 Nov 2021 08:20:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=j6e6hPiMy9MD2viQ1KNY7oNOVSUXSqx89F6Dbib6vVs=; b=fPD9YeB2a8z+NmEq0qFF8B8MLhKxCiUQsdwPVLWLv7aimmOFgj2c9/50+Q3Gd5BOMg 3UrYXJD8SKnJj1wfJY/epXd+e7UlFZ1Ylz4SMxu70yXF+OM3SB4rt44eQkuS3IlBTnLi hubisXZdFYikd8OFFphx99NvP02u7dNwRdlUtftPbV4N3KTODx/oYRwSfn0fPVLXFDlW eJXr9me3lB5Ar814RGD25RNa4ShdqGryGQ18vWugWHCtvmaK0rC+gbXFmJ3uJGNukxh8 mSjwfD1G1aJPnj9+SmSK+kvVpA8ogYl+W2zOfZbeDTBFQnk+uC9qrCY799Hc3Tl4yHs1 uKYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=j6e6hPiMy9MD2viQ1KNY7oNOVSUXSqx89F6Dbib6vVs=; b=7nOLbY66b9Vk6VpnYYfRFbXOFEjuPnbPXYDUiVXSoZ5+KrLAFG23ARGabqys4NkGU4 xQvfTRO8zUIirBMGSHphE87BAtjFSInbTTzSEmGMVR1Yix9qBVy2Kr3uFmygUmZ/8XQ9 57oeLZIdGy00CoPPH72X5R/8+3E9dWbq8nkiZRH5WGCD5vrQz89r3TyWZAuC13WviULH eCLuM9QaTrKhCHQ5ZddjZ55bD5dpIRg7SFE8Cvtr8AY6N51IVW/u0jsVe+cdDXTk/N32 y6YMGKqutVm47W2HenLTPb6AeM7D+u5M7wl1gxzEZVSwZ+4wD/RwqyFhVHfDyBamUTy0 OZJg==
X-Gm-Message-State: AOAM5300H7kU7sq359HawEirXFKbRK1R4ua0oY2dbxqUtk7wbpF8V5rR pXwPirNJQnTzCodhYvMRicXRbqTxi7f3Ji1/XJdzZPa9jXmAyQ==
X-Google-Smtp-Source: ABdhPJxLLDQYaTsX4d9od7BdC8Stl2wDXGbIWXiTzPXcIIPKOxoGOEkjMynSy3G7N9DHjTuVTpAlqW4DACqucQuk/b0=
X-Received: by 2002:a05:6e02:1bc3:: with SMTP id x3mr6402982ilv.39.1637684438384;  Tue, 23 Nov 2021 08:20:38 -0800 (PST)
MIME-Version: 1.0
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com> <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 23 Nov 2021 08:20:01 -0800
Message-ID: <CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000034575e05d1771f6b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/HTvFXjUOrcZyx52wPyyZpUydonA>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 16:20:45 -0000

--00000000000034575e05d1771f6b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 23, 2021 at 4:55 AM Hannes Tschofenig <Hannes.Tschofenig@arm.co=
m>
wrote:

> Ben,
>
>
>
> this shows that even IETF experts have a hard time differentiating IETF
> consensus documents from those who aren=E2=80=99t.
>
> I wonder how often people believed that ZRTP was the product of an IETF
> working group.
>
>
>
> A few years have passed since the publication of ZRTP and attacker
> capabilities have changed. I am wondering whether the security model of
> ZRTP is still meaningful today.
>

I think at this point we have fairly strong evidence that of in-band
confirmation of SAS codes is fairly subject to impersonation via modern
voice synthesis techniques.

See: https://www.rfc-editor.org/rfc/rfc8826.html#section-4.3.2.2

-Ekr


>
> Ciao
>
> Hannes
>
>
>
>
>
> *From:* saag <saag-bounces@ietf.org> *On Behalf Of * Eric Rescorla
> *Sent:* Tuesday, November 23, 2021 1:16 PM
> *To:* Benjamin Kaduk <kaduk@mit.edu>
> *Cc:* IETF SAAG <saag@ietf.org>
> *Subject:* Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
>
>
>
>
>
>
>
> On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>
> On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote:
> > On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org=
>
> > wrote:
> >
> > > Hi,
> > >
> > > thanks for your suggestions. I know the work on hybrid design is
> already
> > > done in TLS and others . While looking for some documentation on that
> > > specific problem I found several protocols addressing it, each of the=
m
> with
> > > specific details related to the protocol and that is mainly what led
> me to
> > > think that a document dedicated to hybrid scheme might make sense: it
> would
> > > save the next person trying to achieve exactly what I'm trying to do
> for
> > > ZRTP the work of reading the different specifications, parting what i=
s
> > > protocol related and what is not. But the hybrid mechanism can be
> described
> > > in the PQC-ZRTP I-D itself.
> > >
> > > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly
> > > security related it made more sense to me to post it on Saag. The
> perfect
> > > list to discuss it would be the potential "PQC Agility" WG if it is
> charted
> > > at some point (
> > >
> https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/).
> > > Is there any update on this?
> > >
> > Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol,
> we
> > generally would not publish this document out of that group.
>
> Sorry for splitting hairs, but RFC 6189 does have the "represents the
> consensus of the IETF community" boilerplate, that would seem to  make it
> an IETF protocol by at least some definitions.
>
>
>
> Without taking a position on whether this was hair splitting, ZRTP was no=
t
>
> developed by an IETF WG. It was externally developed and then published
>
> as Informational.
>
>
>
> -Ekr
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>

--00000000000034575e05d1771f6b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Tue, Nov 23, 2021 at 4:55 AM Hanne=
s Tschofenig &lt;<a href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_bl=
ank">Hannes.Tschofenig@arm.com</a>&gt; wrote:<br></div><blockquote class=3D=
"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(2=
04,204,204);padding-left:1ex">





<div lang=3D"EN-US">
<div>
<p class=3D"MsoNormal">Ben, <u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">this shows that even IETF experts have a hard time d=
ifferentiating IETF consensus documents from those who aren=E2=80=99t.
<u></u><u></u></p>
<p class=3D"MsoNormal">I wonder how often people believed that ZRTP was the=
 product of an IETF working group.
<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">A few years have passed since the publication of ZRT=
P and attacker capabilities have changed. I am wondering whether the securi=
ty model of ZRTP is still meaningful today.</p></div></div></blockquote><di=
v><br></div><div>I think at this point we have fairly strong evidence that =
of in-band confirmation of SAS codes is fairly subject to impersonation via=
 modern voice synthesis techniques.</div><div><br></div><div>See: <a href=
=3D"https://www.rfc-editor.org/rfc/rfc8826.html#section-4.3.2.2">https://ww=
w.rfc-editor.org/rfc/rfc8826.html#section-4.3.2.2</a></div><div><br></div><=
div>-Ekr</div><div><br></div><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1=
ex"><div lang=3D"EN-US"><div><p class=3D"MsoNormal"><u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">Ciao<u></u><u></u></p>
<p class=3D"MsoNormal">Hannes<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div style=3D"border-color:rgb(225,225,225) currentcolor currentcolor;borde=
r-style:solid none none;border-width:1pt medium medium;padding:3pt 0in 0in"=
>
<p class=3D"MsoNormal"><b>From:</b> saag &lt;<a href=3D"mailto:saag-bounces=
@ietf.org" target=3D"_blank">saag-bounces@ietf.org</a>&gt; <b>On Behalf Of =
</b>
Eric Rescorla<br>
<b>Sent:</b> Tuesday, November 23, 2021 1:16 PM<br>
<b>To:</b> Benjamin Kaduk &lt;<a href=3D"mailto:kaduk@mit.edu" target=3D"_b=
lank">kaduk@mit.edu</a>&gt;<br>
<b>Cc:</b> IETF SAAG &lt;<a href=3D"mailto:saag@ietf.org" target=3D"_blank"=
>saag@ietf.org</a>&gt;<br>
<b>Subject:</b> Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM<u></u><u></=
u></p>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<div>
<p class=3D"MsoNormal">On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk &lt;=
<a href=3D"mailto:kaduk@mit.edu" target=3D"_blank">kaduk@mit.edu</a>&gt; wr=
ote:<u></u><u></u></p>
</div>
<blockquote style=3D"border-color:currentcolor currentcolor currentcolor rg=
b(204,204,204);border-style:none none none solid;border-width:medium medium=
 medium 1pt;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<p class=3D"MsoNormal">On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Resco=
rla wrote:<br>
&gt; On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal &lt;<a href=3D"mailto:joh=
an.pascal@linphone.org" target=3D"_blank">johan.pascal@linphone.org</a>&gt;=
<br>
&gt; wrote:<br>
&gt; <br>
&gt; &gt; Hi,<br>
&gt; &gt;<br>
&gt; &gt; thanks for your suggestions. I know the work on hybrid design is =
already<br>
&gt; &gt; done in TLS and others . While looking for some documentation on =
that<br>
&gt; &gt; specific problem I found several protocols addressing it, each of=
 them with<br>
&gt; &gt; specific details related to the protocol and that is mainly what =
led me to<br>
&gt; &gt; think that a document dedicated to hybrid scheme might make sense=
: it would<br>
&gt; &gt; save the next person trying to achieve exactly what I&#39;m tryin=
g to do for<br>
&gt; &gt; ZRTP the work of reading the different specifications, parting wh=
at is<br>
&gt; &gt; protocol related and what is not. But the hybrid mechanism can be=
 described<br>
&gt; &gt; in the PQC-ZRTP I-D itself.<br>
&gt; &gt;<br>
&gt; &gt; Colin, as the problem of updating ZRTP to a PQ-KEM scheme is most=
ly<br>
&gt; &gt; security related it made more sense to me to post it on Saag. The=
 perfect<br>
&gt; &gt; list to discuss it would be the potential &quot;PQC Agility&quot;=
 WG if it is charted<br>
&gt; &gt; at some point (<br>
&gt; &gt; <a href=3D"https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9P=
TGFWFyDY5VrNyK-c/" target=3D"_blank">
https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/</a>=
).<br>
&gt; &gt; Is there any update on this?<br>
&gt; &gt;<br>
&gt; Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol=
, we<br>
&gt; generally would not publish this document out of that group.<br>
<br>
Sorry for splitting hairs, but RFC 6189 does have the &quot;represents the<=
br>
consensus of the IETF community&quot; boilerplate, that would seem to=C2=A0=
 make it<br>
an IETF protocol by at least some definitions.<u></u><u></u></p>
</blockquote>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">Without taking a position on whether this was hair s=
plitting, ZRTP was not<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">developed by an IETF WG. It was externally developed=
 and then published<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">as Informational.<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">-Ekr<u></u><u></u></p>
</div>
</div>
</div>
</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</div>

</blockquote></div></div>

--00000000000034575e05d1771f6b--


From nobody Tue Nov 23 11:22:23 2021
Return-Path: <csp@csperkins.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E26113A0891 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 11:22:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRurteEL1Xh1 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 11:22:16 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E73E83A088D for <saag@ietf.org>; Tue, 23 Nov 2021 11:22:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=+/fza4PSiVu4qkQjplTFpLeFSiQeSUephyay7NVP2e0=; b=bs7UP2jim1wSz4Sj5xB2sm80QU b3N4kNEtm1JxjVzpBlrPR6ajQOWexNccpVhSgVfJGPACUt2iN65wlQJKxx4L9/UextbKoP1xq4wBk qu689akTwXeqiIffUJYjSUr4UqSgAMrNuG7SB/uQyR7ZyOd3bKTRyRyRi/BuKriX5honb3n/5/W6u YyEXWQuIfh2haDX85PkR1QarBnad6VH7TTk3C58yOgHiJmJFH0JNY05CIU3fiRANUpsC2u9vj1OyE CZK7QiDb+0lgifn6cG+Pf6sbCw9EpPCk5RszE1tjXm/2THE8RgY50kaENDjAsb77Pq49ZIGAyL7D3 Fm5R9VMg==;
Received: from [81.187.2.149] (port=33147 helo=[192.168.0.67]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1mpbMm-0005MQ-OX; Tue, 23 Nov 2021 19:22:13 +0000
From: Colin Perkins <csp@csperkins.org>
Message-Id: <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_718B4B4C-C984-41D3-97DA-8ECE8B822A34"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 23 Nov 2021 19:22:06 +0000
In-Reply-To: <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, IETF SAAG <saag@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-BlackCat-Spam-Score: 14
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/6XZfgz6IL-cpQEqy4__zOB1g0fY>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 19:22:22 -0000

--Apple-Mail=_718B4B4C-C984-41D3-97DA-8ECE8B822A34
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

> On 23 Nov 2021, at 12:16, Eric Rescorla <ekr@rtfm.com> wrote:
> On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu =
<mailto:kaduk@mit.edu>> wrote:
> On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote:
> > On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal =
<johan.pascal@linphone.org <mailto:johan.pascal@linphone.org>>
> > wrote:
> >=20
> > > Hi,
> > >
> > > thanks for your suggestions. I know the work on hybrid design is =
already
> > > done in TLS and others . While looking for some documentation on =
that
> > > specific problem I found several protocols addressing it, each of =
them with
> > > specific details related to the protocol and that is mainly what =
led me to
> > > think that a document dedicated to hybrid scheme might make sense: =
it would
> > > save the next person trying to achieve exactly what I'm trying to =
do for
> > > ZRTP the work of reading the different specifications, parting =
what is
> > > protocol related and what is not. But the hybrid mechanism can be =
described
> > > in the PQC-ZRTP I-D itself.
> > >
> > > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is =
mostly
> > > security related it made more sense to me to post it on Saag. The =
perfect
> > > list to discuss it would be the potential "PQC Agility" WG if it =
is charted
> > > at some point (
> > > =
https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/ =
<https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/>)=
.
> > > Is there any update on this?
> > >
> > Well, discuss it, perhaps, but given that ZRTP is not an IETF =
protocol, we
> > generally would not publish this document out of that group.
>=20
> Sorry for splitting hairs, but RFC 6189 does have the "represents the
> consensus of the IETF community" boilerplate, that would seem to  make =
it
> an IETF protocol by at least some definitions.
>=20
> Without taking a position on whether this was hair splitting, ZRTP was =
not
> developed by an IETF WG. It was externally developed and then =
published
> as Informational.

It was externally developed, but did get some reasonable amount of =
review in IETF, and was discussed in WG meetings on several occasions.=20=


If I remember correctly, this review didn=E2=80=99t change the core =
security mechanism, but did result in fixes to a number of issues around =
how ZRTP integrates with RTP and signalling.

--=20
Colin Perkins
https://csperkins.org/





--Apple-Mail=_718B4B4C-C984-41D3-97DA-8ECE8B822A34
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
23 Nov 2021, at 12:16, Eric Rescorla &lt;<a href=3D"mailto:ekr@rtfm.com" =
class=3D"">ekr@rtfm.com</a>&gt; wrote:</div><div class=3D""><div =
dir=3D"ltr" class=3D""><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk =
&lt;<a href=3D"mailto:kaduk@mit.edu" class=3D"">kaduk@mit.edu</a>&gt; =
wrote:<br class=3D""></div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid =
rgb(204,204,204);padding-left:1ex">On Mon, Nov 22, 2021 at 09:47:46PM =
-0800, Eric Rescorla wrote:<br class=3D"">
&gt; On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal &lt;<a =
href=3D"mailto:johan.pascal@linphone.org" target=3D"_blank" =
class=3D"">johan.pascal@linphone.org</a>&gt;<br class=3D"">
&gt; wrote:<br class=3D"">
&gt; <br class=3D"">
&gt; &gt; Hi,<br class=3D"">
&gt; &gt;<br class=3D"">
&gt; &gt; thanks for your suggestions. I know the work on hybrid design =
is already<br class=3D"">
&gt; &gt; done in TLS and others . While looking for some documentation =
on that<br class=3D"">
&gt; &gt; specific problem I found several protocols addressing it, each =
of them with<br class=3D"">
&gt; &gt; specific details related to the protocol and that is mainly =
what led me to<br class=3D"">
&gt; &gt; think that a document dedicated to hybrid scheme might make =
sense: it would<br class=3D"">
&gt; &gt; save the next person trying to achieve exactly what I'm trying =
to do for<br class=3D"">
&gt; &gt; ZRTP the work of reading the different specifications, parting =
what is<br class=3D"">
&gt; &gt; protocol related and what is not. But the hybrid mechanism can =
be described<br class=3D"">
&gt; &gt; in the PQC-ZRTP I-D itself.<br class=3D"">
&gt; &gt;<br class=3D"">
&gt; &gt; Colin, as the problem of updating ZRTP to a PQ-KEM scheme is =
mostly<br class=3D"">
&gt; &gt; security related it made more sense to me to post it on Saag. =
The perfect<br class=3D"">
&gt; &gt; list to discuss it would be the potential "PQC Agility" WG if =
it is charted<br class=3D"">
&gt; &gt; at some point (<br class=3D"">
&gt; &gt; <a =
href=3D"https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrN=
yK-c/" rel=3D"noreferrer" target=3D"_blank" =
class=3D"">https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5=
VrNyK-c/</a>).<br class=3D"">
&gt; &gt; Is there any update on this?<br class=3D"">
&gt; &gt;<br class=3D"">
&gt; Well, discuss it, perhaps, but given that ZRTP is not an IETF =
protocol, we<br class=3D"">
&gt; generally would not publish this document out of that group.<br =
class=3D"">
<br class=3D"">
Sorry for splitting hairs, but RFC 6189 does have the "represents the<br =
class=3D"">
consensus of the IETF community" boilerplate, that would seem to&nbsp; =
make it<br class=3D"">
an IETF protocol by at least some definitions.<br =
class=3D""></blockquote><div class=3D""><br class=3D""></div><div =
class=3D"">Without taking a position on whether this was hair splitting, =
ZRTP was not</div><div class=3D"">developed by an IETF WG. It was =
externally developed and then published</div><div class=3D"">as =
Informational.<br =
class=3D""></div></div></div></div></blockquote></div><br class=3D""><div =
class=3D"">
It was externally developed, but did get some reasonable amount of =
review in IETF, and was discussed in WG meetings on several =
occasions.&nbsp;</div><div class=3D""><br class=3D""></div><div =
class=3D"">If I remember correctly, this review didn=E2=80=99t change =
the core security mechanism, but did result in fixes to a number of =
issues around how ZRTP integrates with RTP and signalling.</div><div =
class=3D""><br class=3D"">--&nbsp;<br class=3D"">Colin Perkins<br =
class=3D""><a href=3D"https://csperkins.org/" =
class=3D"">https://csperkins.org/</a><br class=3D""><br class=3D""><br =
class=3D""><br class=3D"">

</div>
<br class=3D""></body></html>=

--Apple-Mail=_718B4B4C-C984-41D3-97DA-8ECE8B822A34--


From nobody Tue Nov 23 12:22:51 2021
Return-Path: <joncallas@icloud.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6354B3A0596 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 12:22:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZXHuacxCSBy for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 12:22:45 -0800 (PST)
Received: from mr85p00im-ztdg06021201.me.com (mr85p00im-ztdg06021201.me.com [17.58.23.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8D223A05AA for <saag@ietf.org>; Tue, 23 Nov 2021 12:22:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1637698965; bh=tvSpyo6X0zwbwF/FuNEHNN/wFPn3lVP5BbFaDoSZxG4=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=ZFBfBUGsttT91gi650z0tM0GyH1gmfptFMry3XaBtosMPKXGwewxF+1cKOM4Aa2Jm MTKXBs81MrirZTzr5N7DVjd1+d1OOcEbLkMD9zDX7aKiyeQEUY6QRPCq9G0+5kmiaj H2AQuPpi6VeBWTUnviR4jt/rfYBnjzfIoPupBg+M4GfLESFQvXWkqzUga+1OtzpOgr l13M3LlE97fLqZI/cUCpBjdNXFmwyMso8W4rpQHc/Rb9pNHQM6VmgNloOB5i48kvgw cLCFC9eVytIL6scFLmMD8dMsNaUce4Ct1fP7GGO/TrbrgKrsgQxaCjAVab39VFpsP0 PW+k7cMD3FQoA==
Received: from smtpclient.apple (70-228-76-163.lightspeed.sntcca.sbcglobal.net [70.228.76.163]) by mr85p00im-ztdg06021201.me.com (Postfix) with ESMTPSA id 07B8712078A; Tue, 23 Nov 2021 20:22:44 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
Date: Tue, 23 Nov 2021 12:22:44 -0800
Cc: Jon Callas <joncallas@icloud.com>, Eric Rescorla <ekr@rtfm.com>, IETF SAAG <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9462228E-3FC8-4070-BC7B-03E4ED508334@icloud.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com> <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
To: Colin Perkins <csp@csperkins.org>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.425,18.0.790,17.0.607.475.0000000_definitions?= =?UTF-8?Q?=3D2021-11-23=5F07:2021-11-23=5F01,2021-11-23=5F07,2020-04-07?= =?UTF-8?Q?=5F01_signatures=3D0?=
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 clxscore=1011 phishscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2111230099
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/inZ8ABP8zJeyjcVSTTQzh_w24_Y>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 20:22:50 -0000

> On Nov 23, 2021, at 11:22, Colin Perkins <csp@csperkins.org> wrote:
>=20
> It was externally developed, but did get some reasonable amount of =
review in IETF, and was discussed in WG meetings on several occasions.=20=


Yeah, there was a lot of going back and forth on many things that were =
at least layer 9 issues. The result of that being that it's =
Informational.

>=20
> If I remember correctly, this review didn=E2=80=99t change the core =
security mechanism, but did result in fixes to a number of issues around =
how ZRTP integrates with RTP and signalling.

That's what I (a co-author) remember as well, too.

Anyway, if someone wants to put PQC into ZRTP anyway, I think it's a =
great idea, and an Informational Track addendum, I'd be happy to help. =
Note, however, _help_. If I wanted to do the heavy lifting, I'd have =
done it, myself. Also, one of the main questions is whether this is =
still the right time to put it in. The NIST PQC work still seems to be =
aflutter with this and that.

	Jon=


From nobody Tue Nov 23 14:48:14 2021
Return-Path: <johan.pascal@linphone.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573E73A08B9 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 14:48:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.851
X-Spam-Level: 
X-Spam-Status: No, score=-1.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_DOTEDU=1.999] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linphone.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nY3prRnvHyzK for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 14:48:08 -0800 (PST)
Received: from smtp.belledonne-communications.com (smtp.belledonne-communications.com [178.32.112.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F1B93A08B0 for <saag@ietf.org>; Tue, 23 Nov 2021 14:48:08 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.belledonne-communications.com (Postfix) with ESMTP id 7A89DC00DFD for <saag@ietf.org>; Tue, 23 Nov 2021 23:48:05 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.belledonne-communications.com 7A89DC00DFD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linphone.org; s=default; t=1637707685; bh=nIeEE5YIWDQfnRUZY+Gp0cOZ15psjraKhEQU451SI/A=; h=Date:Subject:To:References:From:In-Reply-To:From; b=Ed7RZtxrhOoRCjRGRT57jCuqg5BnEgviisROs1TiDFUV1tw08VW3u/rMDBt6MdEvk 8CNaOe8IbMXPyL4jqRq4/7Bj5HDAiEou8z0gNeuXmqEWPOF/v3omupm5K8pEYBw7z+ Bjec2hMqoz3AF+Sdm7dCYkym8urRj7h7oXxSZd4ySEFBq+l0lNmBDOecK9KjtBrEOB lSona2PY78h+K/IxwPlRNCwBe31uvbFVryY2JJjWn5CoRi5Ysdeg3AydbEWdjgBxSj AYMM/B9QLHfS8Q7xf4eEtm7+2MNDVVhclfbVkGClgMHAs8s4nNCx52n/folEy0ObqM 5NPkHmGnVuqZg==
X-Virus-Scanned: amavisd-new at belledonne-communications.com
Received: from smtp.belledonne-communications.com ([127.0.0.1]) by localhost (smtp.belledonne-communications.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id qOy_emlWmYPt for <saag@ietf.org>; Tue, 23 Nov 2021 23:48:05 +0100 (CET)
Received: from [192.168.1.100] (unknown [80.215.117.89]) by smtp.belledonne-communications.com (Postfix) with ESMTPSA id 26D18C00A27 for <saag@ietf.org>; Tue, 23 Nov 2021 23:48:05 +0100 (CET)
Message-ID: <aa5dba05-dd9f-663d-0dce-782af0037271@linphone.org>
Date: Tue, 23 Nov 2021 23:48:04 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
Content-Language: en-US
To: saag@ietf.org
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com> <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com> <CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmail.com>
From: Johan Pascal <johan.pascal@linphone.org>
In-Reply-To: <CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmail.com>
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/r5G-2KSDiRgOGzID5JAbZ9qGhSA>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 22:48:13 -0000

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body>
    <p><font face=3D"Clean">Thanks all for your replies,</font></p>
    <p><font face=3D"Clean">Ekr, I think ZRTP is still relevant despite
        progress in voice synthesis. Yes it is easy to generate a SAS
        code impersonating someone voice but then you have to insert it
        with the right timing in a live conversation.</font></p>
    <p><font face=3D"Clean">This publication
<a class=3D"moz-txt-link-freetext" href=3D"https://nsaxena.engr.tamu.edu/=
wp-content/uploads/sites/238/2019/12/ss-ccs14-1.pdf">https://nsaxena.engr=
.tamu.edu/wp-content/uploads/sites/238/2019/12/ss-ccs14-1.pdf</a>
        is I think the one addressing the more directly the subject and
        indeed prove that speech synthesis can easily fool real people
        in the context of SAS comparison. However I don't think they
        fully cover the SAS insertion without introducing painful delay
        in a live call.</font></p>
    <p><font face=3D"Clean">Jon, Colin, I just posted both on this list
        and on avtcore a small synthesis of how I plan to modify ZRTP to
        use KEM instead of (EC)DH. I have two slightly different
        solutions, any comments will be more than welcome.</font></p>
    <p><font face=3D"Clean">Regards,</font></p>
    <p><font face=3D"Clean">Johan<br>
      </font></p>
    <div class=3D"moz-cite-prefix">On 23/11/2021 17:20, Eric Rescorla
      wrote:<br>
    </div>
    <blockquote type=3D"cite"
cite=3D"mid:CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmai=
l.com">
      <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DU=
TF-8">
      <div dir=3D"ltr">
        <div dir=3D"ltr"><br>
        </div>
        <br>
        <div class=3D"gmail_quote">
          <div dir=3D"ltr" class=3D"gmail_attr">On Tue, Nov 23, 2021 at 4=
:55
            AM Hannes Tschofenig &lt;<a
              href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank"
              moz-do-not-send=3D"true" class=3D"moz-txt-link-freetext">Ha=
nnes.Tschofenig@arm.com</a>&gt;
            wrote:<br>
          </div>
          <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px
            0.8ex;border-left:1px solid
            rgb(204,204,204);padding-left:1ex">
            <div lang=3D"EN-US">
              <div>
                <p class=3D"MsoNormal">Ben, </p>
                <p class=3D"MsoNormal">=C2=A0</p>
                <p class=3D"MsoNormal">this shows that even IETF experts
                  have a hard time differentiating IETF consensus
                  documents from those who aren=E2=80=99t.
                </p>
                <p class=3D"MsoNormal">I wonder how often people believed
                  that ZRTP was the product of an IETF working group.
                </p>
                <p class=3D"MsoNormal">=C2=A0</p>
                <p class=3D"MsoNormal">A few years have passed since the
                  publication of ZRTP and attacker capabilities have
                  changed. I am wondering whether the security model of
                  ZRTP is still meaningful today.</p>
              </div>
            </div>
          </blockquote>
          <div><br>
          </div>
          <div>I think at this point we have fairly strong evidence that
            of in-band confirmation of SAS codes is fairly subject to
            impersonation via modern voice synthesis techniques.</div>
          <div><br>
          </div>
          <div>See: <a
              href=3D"https://www.rfc-editor.org/rfc/rfc8826.html#section=
-4.3.2.2"
              moz-do-not-send=3D"true" class=3D"moz-txt-link-freetext">ht=
tps://www.rfc-editor.org/rfc/rfc8826.html#section-4.3.2.2</a></div>
          <div><br>
          </div>
          <div>-Ekr</div>
          <div><br>
          </div>
          <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px
            0.8ex;border-left:1px solid
            rgb(204,204,204);padding-left:1ex">
            <div lang=3D"EN-US">
              <div>
                <p class=3D"MsoNormal">=C2=A0</p>
                <p class=3D"MsoNormal">Ciao</p>
                <p class=3D"MsoNormal">Hannes</p>
                <p class=3D"MsoNormal">=C2=A0</p>
                <p class=3D"MsoNormal">=C2=A0</p>
                <div style=3D"border-color:rgb(225,225,225) currentcolor
                  currentcolor;border-style:solid none
                  none;border-width:1pt medium medium;padding:3pt 0in
                  0in">
                  <p class=3D"MsoNormal"><b>From:</b> saag &lt;<a
                      href=3D"mailto:saag-bounces@ietf.org"
                      target=3D"_blank" moz-do-not-send=3D"true"
                      class=3D"moz-txt-link-freetext">saag-bounces@ietf.o=
rg</a>&gt;
                    <b>On Behalf Of </b>
                    Eric Rescorla<br>
                    <b>Sent:</b> Tuesday, November 23, 2021 1:16 PM<br>
                    <b>To:</b> Benjamin Kaduk &lt;<a
                      href=3D"mailto:kaduk@mit.edu" target=3D"_blank"
                      moz-do-not-send=3D"true"
                      class=3D"moz-txt-link-freetext">kaduk@mit.edu</a>&g=
t;<br>
                    <b>Cc:</b> IETF SAAG &lt;<a
                      href=3D"mailto:saag@ietf.org" target=3D"_blank"
                      moz-do-not-send=3D"true"
                      class=3D"moz-txt-link-freetext">saag@ietf.org</a>&g=
t;<br>
                    <b>Subject:</b> Re: [saag] PQC in ZRTP (RFC6189) and
                    hybrid KEM</p>
                </div>
                <p class=3D"MsoNormal">=C2=A0</p>
                <div>
                  <div>
                    <p class=3D"MsoNormal">=C2=A0</p>
                  </div>
                  <p class=3D"MsoNormal">=C2=A0</p>
                  <div>
                    <div>
                      <p class=3D"MsoNormal">On Mon, Nov 22, 2021 at 10:2=
7
                        PM Benjamin Kaduk &lt;<a
                          href=3D"mailto:kaduk@mit.edu" target=3D"_blank"
                          moz-do-not-send=3D"true"
                          class=3D"moz-txt-link-freetext">kaduk@mit.edu</=
a>&gt;
                        wrote:</p>
                    </div>
                    <blockquote style=3D"border-color:currentcolor
                      currentcolor currentcolor
                      rgb(204,204,204);border-style:none none none
                      solid;border-width:medium medium medium
                      1pt;padding:0in 0in 0in
                      6pt;margin-left:4.8pt;margin-right:0in">
                      <p class=3D"MsoNormal">On Mon, Nov 22, 2021 at
                        09:47:46PM -0800, Eric Rescorla wrote:<br>
                        &gt; On Mon, Nov 22, 2021 at 9:28 AM Johan
                        Pascal &lt;<a
                          href=3D"mailto:johan.pascal@linphone.org"
                          target=3D"_blank" moz-do-not-send=3D"true"
                          class=3D"moz-txt-link-freetext">johan.pascal@li=
nphone.org</a>&gt;<br>
                        &gt; wrote:<br>
                        &gt; <br>
                        &gt; &gt; Hi,<br>
                        &gt; &gt;<br>
                        &gt; &gt; thanks for your suggestions. I know
                        the work on hybrid design is already<br>
                        &gt; &gt; done in TLS and others . While looking
                        for some documentation on that<br>
                        &gt; &gt; specific problem I found several
                        protocols addressing it, each of them with<br>
                        &gt; &gt; specific details related to the
                        protocol and that is mainly what led me to<br>
                        &gt; &gt; think that a document dedicated to
                        hybrid scheme might make sense: it would<br>
                        &gt; &gt; save the next person trying to achieve
                        exactly what I'm trying to do for<br>
                        &gt; &gt; ZRTP the work of reading the different
                        specifications, parting what is<br>
                        &gt; &gt; protocol related and what is not. But
                        the hybrid mechanism can be described<br>
                        &gt; &gt; in the PQC-ZRTP I-D itself.<br>
                        &gt; &gt;<br>
                        &gt; &gt; Colin, as the problem of updating ZRTP
                        to a PQ-KEM scheme is mostly<br>
                        &gt; &gt; security related it made more sense to
                        me to post it on Saag. The perfect<br>
                        &gt; &gt; list to discuss it would be the
                        potential "PQC Agility" WG if it is charted<br>
                        &gt; &gt; at some point (<br>
                        &gt; &gt; <a
href=3D"https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5Vr=
NyK-c/"
                          target=3D"_blank" moz-do-not-send=3D"true"
                          class=3D"moz-txt-link-freetext">
https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/</=
a>).<br>
                        &gt; &gt; Is there any update on this?<br>
                        &gt; &gt;<br>
                        &gt; Well, discuss it, perhaps, but given that
                        ZRTP is not an IETF protocol, we<br>
                        &gt; generally would not publish this document
                        out of that group.<br>
                        <br>
                        Sorry for splitting hairs, but RFC 6189 does
                        have the "represents the<br>
                        consensus of the IETF community" boilerplate,
                        that would seem to=C2=A0 make it<br>
                        an IETF protocol by at least some definitions.</p=
>
                    </blockquote>
                    <div>
                      <p class=3D"MsoNormal">=C2=A0</p>
                    </div>
                    <div>
                      <p class=3D"MsoNormal">Without taking a position on
                        whether this was hair splitting, ZRTP was not</p>
                    </div>
                    <div>
                      <p class=3D"MsoNormal">developed by an IETF WG. It
                        was externally developed and then published</p>
                    </div>
                    <div>
                      <p class=3D"MsoNormal">as Informational.</p>
                    </div>
                    <div>
                      <p class=3D"MsoNormal">=C2=A0</p>
                    </div>
                    <div>
                      <p class=3D"MsoNormal">-Ekr</p>
                    </div>
                  </div>
                </div>
              </div>
              IMPORTANT NOTICE: The contents of this email and any
              attachments are confidential and may also be privileged.
              If you are not the intended recipient, please notify the
              sender immediately and do not disclose the contents to any
              other person, use it for any purpose, or store or copy the
              information in any medium. Thank you.
            </div>
          </blockquote>
        </div>
      </div>
      <br>
      <fieldset class=3D"moz-mime-attachment-header"></fieldset>
      <pre class=3D"moz-quote-pre" wrap=3D"">____________________________=
___________________
saag mailing list
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:saag@ietf.org">saag@=
ietf.org</a>
<a class=3D"moz-txt-link-freetext" href=3D"https://www.ietf.org/mailman/l=
istinfo/saag">https://www.ietf.org/mailman/listinfo/saag</a>
</pre>
    </blockquote>
  </body>
</html>


From nobody Tue Nov 23 14:50:37 2021
Return-Path: <johan.pascal@linphone.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA8443A08C4; Tue, 23 Nov 2021 14:50:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linphone.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WpKHI7oadlO; Tue, 23 Nov 2021 14:50:31 -0800 (PST)
Received: from smtp.belledonne-communications.com (smtp.belledonne-communications.com [IPv6:2001:41d0:1:fec2::]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC413A08C2; Tue, 23 Nov 2021 14:50:30 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.belledonne-communications.com (Postfix) with ESMTP id 7106CC00DFD; Tue, 23 Nov 2021 23:50:27 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.belledonne-communications.com 7106CC00DFD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linphone.org; s=default; t=1637707827; bh=RqPYPEMNUkC2P2tyaKdr+66qEmHjDHJgGPLI5Nop1DI=; h=Date:To:From:Subject:From; b=sEXq5nLeUgPZJqiDoO5Op4BoAo07pC5NluQ5dn/MLnzPECzB0ijttSYxclU1Xf8Qh ovu06UHfjjrAdUu/DrqOfqtyznRrAM2trPPb3kxkfKF+tOLdYu8IiCP+eRNkW3UZdI F+jCK0HVXOc6GKFXnqEvncyVurSdKbdPC294r0WwFJ+OEWPCMRfFx2VLhaRXIdvmnq 1pYdvwCvaTUWVfoAiuPk4l76JarnuL0m/VsCj601VyuKIDZ9ukKHGvDjcyn+ZaWsK4 BU2ZOtAUiZRXwakQjmhIGhmDAhyU6+UUX7r6pDXacmIhX0em+yr/djqUQRAE8+nsjd hhaLH7aChdQzg==
X-Virus-Scanned: amavisd-new at belledonne-communications.com
Received: from smtp.belledonne-communications.com ([127.0.0.1]) by localhost (smtp.belledonne-communications.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id eGNSn9J2vszy; Tue, 23 Nov 2021 23:50:27 +0100 (CET)
Received: from [192.168.1.100] (unknown [80.215.117.89]) by smtp.belledonne-communications.com (Postfix) with ESMTPSA id 105D3C00A27; Tue, 23 Nov 2021 23:50:27 +0100 (CET)
Message-ID: <b8909eef-eb6f-714b-92d8-c28ad686a31d@linphone.org>
Date: Tue, 23 Nov 2021 23:50:26 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.2
Content-Language: en-US
To: IETF SAAG <saag@ietf.org>, avt@ietf.org
From: Johan Pascal <johan.pascal@linphone.org>
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/7IOfzFwltRB7U3h5KRaZF2t35L8>
Subject: [saag] PQC in ZRTP (RFC6189)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 22:50:36 -0000

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p> </p>
    <div class="moz-text-html" lang="x-unicode">
      <p><font face="Clean">Dear Saag and AvtCore,</font></p>
      <p><font face="Clean">as already discussed on Saag
          (<a class="moz-txt-link-freetext"
href="https://mailarchive.ietf.org/arch/msg/saag/HjxX-4QcqbgO6pshPsPozbhxTV0/">https://mailarchive.ietf.org/arch/msg/saag/HjxX-4QcqbgO6pshPsPozbhxTV0/</a>)
          I'm working on introducing PQC in ZRTP. On Colin Perkins'
          advice, I post this also on avtcore. I'm not yet ready to
          publish an I-D, but eager to get external eyes on the solution
          I figured to solve the problem of substituting DH with PQC-KEM
          in ZRTP.</font></p>
      <p><font face="Clean">For those not familiar with ZRTP, it's a key
          exchange protocol with authentication over a voice channel
          using a Short-Authentication-String(SAS). Stripping it to the
          very core of the key exchange it basically does:</font></p>
      <p><font face="Clean">Alice and Bob generates DH key pairs (Pka,
          Ska) and (PKb, Skb).</font></p>
      <p><font face="Clean">1) Bob sends a Commit packet holding
          hash(Pkb)<br>
        </font></p>
      <p><font face="Clean">2) Alice sends DH1 packet holding Pka</font></p>
      <p><font face="Clean">3) Bob sends DH2 packet holding PKb</font></p>
      <p><font face="Clean">They both compute a shared secret DHab using
          the peer's public key and their secret one. They then derive
          s0 from DHab and a transcript of the exchange. From this, a
          20bits hash is generated and turned into a human readable
          string(the SAS) to be compared over a voice channel.<br>
        </font></p>
      <p><font face="Clean">Bob sending hash(Pkb) prevent an attacker to
          put himself in a position of choosing the final SAS(by
          generating his key pair leading to the desired SAS) trying to
          find a collision (on 20 bits it is not difficult) starting
          from two different Pka.</font></p>
      <p><font face="Clean">Whole details in the RFC: <a
            class="moz-txt-link-freetext"
            href="https://datatracker.ietf.org/doc/html/rfc6189">https://datatracker.ietf.org/doc/html/rfc6189</a><br>
        </font></p>
      <p><font face="Clean"><br>
        </font></p>
      <p><font face="Clean">In order to introduce PQC to this scheme, it
          must be adapted to KEM interface:</font></p>
      <p><font face="Clean">Pk,Sk = KEM_keyGen()</font></p>
      <p><font face="Clean">Ct,Secret = KEM_encaps(Pk)</font></p>
      <p><font face="Clean">Secret = KEM_decaps(Ct, Sk)</font></p>
      <p><font face="Clean">This cannot be used directly in the current
          ZRTP scheme: if Alice sends her Pk in DH1 packet, Bob can't
          commit to Ct before receiving it.</font></p>
      <p><font face="Clean"><br>
        </font></p>
      <p><font face="Clean">Two solutions to solve this problem :</font></p>
      <p><font face="Clean"><br>
        </font></p>
      <p><font face="Clean">A - Both parties encapsulate a secret.</font></p>
      <p><font face="Clean">Alice and Bob both generate a key pair
          (Pka,Ska) and (Pkb,Skb)</font></p>
      <p><font face="Clean">1) Bob sends Pkb</font></p>
      <p><font face="Clean">2) Alice generates Cta,Secreta =
          KEM_encaps(Pkb) then sends Pka and hash(Cta)</font></p>
      <p><font face="Clean">3) Bob generates Ctb,Secretb =
          KEM_encaps(Pka) then sends Ctb</font></p>
      <p><font face="Clean">4) Alice sends Cta</font></p>
      <p><font face="Clean">They both derive s0 using Secreta, Secretb
          and a transcript of the exchange</font></p>
      <p><font face="Clean">In this version there is one additional
          packet, Alice sending hash(Cta) plays the role of hash(Pkb)
          from the original ZRTP.</font></p>
      <p><font face="Clean"><br>
        </font></p>
      <p><font face="Clean">B - Only Alice encapsulates a secret</font></p>
      <p><font face="Clean">1) Bob generates Pkb,Skb and a random nonce
          then sends Pkb and hash(nonce) to Alice</font></p>
      <p><font face="Clean">2) Alice generate Ct, Secret =
          KEM_encaps(Pkb) then sends Ct to Bob</font></p>
      <p><font face="Clean">3) Bob sends the nonce</font></p>
      <p><font face="Clean">They both derive s0 using Secret, nonce and
          a transcript of the exchange. No extra packets, the exchange
          is still safe against simple wiretapping thanks to the KEM and
          no parties gets to choose the SAS after getting the other
          party material involved in its generation: Alice doesn't have
          the nonce when she generates Ct and Secret, Bob commits to use
          the nonce before receiving Ct.<br>
        </font></p>
      <p><font face="Clean"><br>
        </font></p>
      <p><font face="Clean">The second solution seems simpler and have
          my preference. Anyone read this long email until here and have
          comments on these schemes?</font></p>
      <p><font face="Clean">Note: Hybrid key exchange would be addressed
          inside the KEM itself performing both a PQC-KEM and a DH-based
          KEM.</font></p>
      <p><font face="Clean">Thanks</font></p>
      <p><font face="Clean">Johan<br>
        </font></p>
      <p><font face="Clean"><br>
        </font></p>
    </div>
  </body>
</html>


From nobody Tue Nov 23 15:06:13 2021
Return-Path: <joncallas@icloud.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD1753A08D9 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 15:06:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PY5MU2DLpS79 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 15:06:06 -0800 (PST)
Received: from mr85p00im-ztdg06021201.me.com (mr85p00im-ztdg06021201.me.com [17.58.23.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BF353A08D6 for <saag@ietf.org>; Tue, 23 Nov 2021 15:06:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1637708765; bh=vBKiMTlE5GgzxCpDcVyAib+yA30yp9lkR+TEt+eyCHg=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=mhOWUXmvJrVBrQnUzpCXtE7PIs4pzC2Zfo65Eu6sKTYinIkRnMdIVPIF6T4FJl/tP ZNJyniiZnZa/Nd6i2nLy5nWctYB+reEdb2/RGWT0yohvQx4bCDxZNOh5APQzMSGBcC ykxOf6HYu0aAlhgCCR+h0xNI2euxGMAT79Lt1SV553Z8hIAUGIjFWXVZm7KBGy6KBl W6L6vAgxAZlSUUcg3UT/h+N967LFwMKyHSK5GbSA/B84Bptu8vu8YkbUsjNi6AQr+A lFc93scz67ZUgiOiZKMxebv7Odx6FDq3MjVyRipQc1pz463WpY8Ywxs0lMFE5rY8BY wivWrlog7cmuw==
Received: from smtpclient.apple (70-228-76-163.lightspeed.sntcca.sbcglobal.net [70.228.76.163]) by mr85p00im-ztdg06021201.me.com (Postfix) with ESMTPSA id 596D51203F3; Tue, 23 Nov 2021 23:06:03 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: Jon Callas <joncallas@icloud.com>
In-Reply-To: <CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmail.com>
Date: Tue, 23 Nov 2021 15:06:02 -0800
Cc: Jon Callas <joncallas@icloud.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, IETF SAAG <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FB80DFB7-90DE-4688-9F44-927C65FBA6F3@icloud.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com> <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com> <CABcZeBPyNzj5NMZbSqEEJ2tdrRWvtOrtnuSvF8WdJvNoJuWYFA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.425,18.0.790,17.0.607.475.0000000_definitions?= =?UTF-8?Q?=3D2021-11-23=5F08:2021-11-23=5F01,2021-11-23=5F08,2020-04-07?= =?UTF-8?Q?=5F01_signatures=3D0?=
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 clxscore=1011 phishscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2111230112
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vlOb_fW1RUyISBR06X5Dv-mgG_4>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 23:06:11 -0000

> On Nov 23, 2021, at 08:20, Eric Rescorla <ekr@rtfm.com> wrote:
>=20
> I think at this point we have fairly strong evidence that of in-band =
confirmation of SAS codes is fairly subject to impersonation via modern =
voice synthesis techniques.
>=20

I don't quite know how to respond because on the one hand, yeah, deep =
fakes are only going to get better but it's not like that's a problem =
unique to ZRTP.

This is a place where I've always diverged with my co-authors, and think =
that the SAS isn't really as cool as they think it is.

However, when one argues against the SAS, there are a number things to =
keep in mind, because their over-enthusiasm for it tends to distort how =
to think about it.

In my opinion, the best thing about ZRTP is not the SAS, but its key =
continuity aspects. Key continuity between calls lets you know a useful =
thing: that the end point you're talking to now is the same endpoint you =
were talking to before. Regardless of how you verify the authentication =
with SAS or whatever, we know this from the cryptography.

This is subtle, because you can verify a call at the beginning. Or you =
can talk with someone and then decide you want to verify. Or you can end =
the call, call them back, and then verify. This flexibility makes the =
attacker's job a lot harder. They can't just spoof the authentication =
and go away, the spying infrastructure they create has to be brought up =
and kept active throughout a *history* of calls. This means especially =
that a deep-faked attacker has a hard job ahead of them.

Another thing to remember is that the SAS doesn't *have* to go through =
the voice channel. My co-authors, in their enthusiasm, can distract =
someone from using another mechanism. Sure, if the only thing you have =
is a voice line and nothing else, it's fine. That's not a MUST, though, =
it's a MAY. You can use whatever texting system you have (even SMS) with =
a high degree of security because it's out-of-band from the voice. I =
know that last flourish I made about SMS is going to annoy some people, =
so yeah! Use your favorite MLS messenger to send the thing securely. =
That works too. However, unless you verified *that* transaction by =
reading off its fingerprint through an out-of-band channel, then it's =
just as insecure as the ZRTP connection or even the SMS.

And this brings me to the last bit. The reality is that people don't =
verify connections. Humans just plain suck at that. I can't remember the =
last time I verified a Signal safety number. Most people I now kinda =
joke about them, especially in long-standing group chats where someone =
seems to be getting a new phone all the time.

It's important that we not fall into the security nihilism of saying =
that verification is hard, therefore this thing is worthless. The =
verification problem exists throughout most of our systems, not just =
ZRTP. I probably use a dozen WebRTC sessions a week that never really =
verify themselves, and for all we know have some totally YOLOed =
self-signed cert underneath, if anything at all.

The SAS is nice. It's cute. It's got value to it, just not what its =
proponents are so enthusiastic about. Key continuity is much better =
because it places a burden on an attacker. And in the real world, we =
seem to do just fine with a gazillion protocols that don't verify their =
trust anchors, or create a turtle-tower that extends out of sight.

	Jon


From nobody Tue Nov 23 23:24:42 2021
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 159D33A0C40 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 23:24:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=x2z3wRJg; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=x2z3wRJg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kT4vbD1BOTej for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 23:24:36 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20089.outbound.protection.outlook.com [40.107.2.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 171993A0C3E for <saag@ietf.org>; Tue, 23 Nov 2021 23:24:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I1StO2R+WAbA5l8Posn9gFTvOTtZIeTPtYjuW958rek=; b=x2z3wRJgvUItx0I7xFTmt+w9ejVjrk/DzDYPejTKiZB44jFaWJrfUwjYWyocMHG2LAyslYVBKjtgmcqdYZJ53U3JpQlUyZOE1aPHqHRKFt9mv9GahRczCaHSJhTstIo/aRs1xoVy4fFCRMihZlns5O4Ed0ZvZIUmv2i+VboddQU=
Received: from AM6PR04CA0027.eurprd04.prod.outlook.com (2603:10a6:20b:92::40) by DB6PR0801MB1942.eurprd08.prod.outlook.com (2603:10a6:4:75::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.22; Wed, 24 Nov 2021 07:24:32 +0000
Received: from VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:92:cafe::6e) by AM6PR04CA0027.outlook.office365.com (2603:10a6:20b:92::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Wed, 24 Nov 2021 07:24:32 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT035.mail.protection.outlook.com (10.152.18.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Wed, 24 Nov 2021 07:24:30 +0000
Received: ("Tessian outbound dbb52aec1fa6:v110"); Wed, 24 Nov 2021 07:24:30 +0000
X-CR-MTA-TID: 64aa7808
Received: from 1fdc26dc6883.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id A7A7F51E-8D25-4E19-8075-5D9895968A41.1;  Wed, 24 Nov 2021 07:24:24 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 1fdc26dc6883.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 24 Nov 2021 07:24:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SUskHAlBJAPx25uT6KFldqJgTWdSO4YLrbu+TXKpE+Zhe/qdRbyLcJ0Y+cikFDVzgeaoH6qmWWEawNd+WLMzxT42Pra0Q/zFQrbyRdMC+SFJ4BU7D3ozrYXGWXBUjMWAkQlqs6zmHIUE0HBm6kyLc/UGQ3zv0lfowWi1RDVK44I82KUt78NA1nJR/W6cSQyBJEmItS52OQz5wwd9eAi+AKjeFIPzHus8R6f8sowM4vAqFVflWXG1/oYRL0zmqYJDx19PYrlTUpVKAEUYpwS0DkP2a/pCVYmmdDf6fNSm7oixDgj/6+hiZ3B90uNWAvNNQPIBgD/P/szzRkLOeLy+OQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I1StO2R+WAbA5l8Posn9gFTvOTtZIeTPtYjuW958rek=; b=Hj7BUklgGijHGkOWASmmP5icadwAF/d2nrWK4bjisGK0H5h+NXojqeZYZ+LfnNanAVBG3VRVTUzH20cW3veZCsp2OWYyxTE9swnNqKC7A8sU/hPcePKOWK709OX0qy5tCv2PWxhYmfXvEfYy6XOGAFn+kodhZjK0yp1zRkL16Kc06IbJYniN1EAnaUZCjz5tdYmqh98pDTOFppbooxRo5LqFnhjl9gc+deepVZcljlIDej26EbgSSmQ/MwxW8fJpzYi0z8vn9UD0W2+ngEm+LslhywssCDN/5YZ9c9qmtZ6mz4vUgV6HZBia2qRgkeS+xZuEb44OfRFIBuYw9uGFwg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I1StO2R+WAbA5l8Posn9gFTvOTtZIeTPtYjuW958rek=; b=x2z3wRJgvUItx0I7xFTmt+w9ejVjrk/DzDYPejTKiZB44jFaWJrfUwjYWyocMHG2LAyslYVBKjtgmcqdYZJ53U3JpQlUyZOE1aPHqHRKFt9mv9GahRczCaHSJhTstIo/aRs1xoVy4fFCRMihZlns5O4Ed0ZvZIUmv2i+VboddQU=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DBAPR08MB5846.eurprd08.prod.outlook.com (2603:10a6:10:1b0::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.20; Wed, 24 Nov 2021 07:24:23 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55%9]) with mapi id 15.20.4713.026; Wed, 24 Nov 2021 07:24:23 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Colin Perkins <csp@csperkins.org>, Eric Rescorla <ekr@rtfm.com>
CC: IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
Thread-Index: AQHX2zGAlmuoDbQj5U6no/pifdCekKwGsdsAgAMzOACABfErAIAAzqYAgAALBQCAAGGEgIAAdv0AgADJRuA=
Date: Wed, 24 Nov 2021 07:24:23 +0000
Message-ID: <DBBPR08MB5915112DF7FB631B4BA9D98DFA619@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com> <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
In-Reply-To: <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ts-tracking-id: E124223DA4D0C44CB20914DCB3D90CDB.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: b13b620c-54b4-41a6-c45c-08d9af1b74e7
x-ms-traffictypediagnostic: DBAPR08MB5846:|DB6PR0801MB1942:
X-Microsoft-Antispam-PRVS: <DB6PR0801MB19421E3CCB98B24D178EF000FA619@DB6PR0801MB1942.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:5236;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: LfSV9ZIvDcy5Stz83fcor8n+am/4jcC8ZxxLQArzgO1+iSVGt3rICxFfFsJWT1YyyE4mGs95W9c8yC7ojKgzXjZCRqP319/xrRtASgX59l20dhnzwk1BSUdPBGHiQKEZXDZlyxpfDw8/FQzmLuuvxC4cNvGFHFGZaIcBo5E7y8qdNRrb43TEVjOPjdBkXhC6gmtP/v3OqyRPE1CP4oLqkv3G+CUjVb+ixST9eSgV+a1xMf6pzfsXHXQdnM0Y+74FoO67/BMJ+3mRR7IHSZACwL7KffV5JcdmYWU7g7uvAbnsgTVMbTdlY/sCjzvbURy1TSZgACyCLTLfaoJWJ0fHceKQ6cIyZGC+gsFJDvxuERZ3Fwv3bHXAw9n2lqhTSkb+h7w3lIpdQCJmTb1LHsUo3hMNr4Wit4igGSgNzsgqw6EEI6WFcTazBiIH7cSS30fs3JWm47/Lb2MDX6mZCJgzLuZYMfJXQvdPIvGN17U8Bs2y2DNs/tcJJ9/WYcwjxrntL3hyEdRuvfmqZmxXuKvvB09YwbuBQSgAbXSzY6KKlhO0JSTgFssQoQHdgLIvyXm1XgKTJj2GHCJd33rfZwThoHuIZPOe1biT1+nDmSMdfyH+ynD3hJHM5l63qs3tD9EOB6FiWDEN4SpP+V3+S7CpsIh6Kl+1gOqmL0rOjBndVkk3W7MTcUEYMqRE0auaEmUybHFBkdWf9f7oiwcUQCFuhQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(110136005)(8676002)(26005)(316002)(7696005)(508600001)(6506007)(186003)(33656002)(38100700002)(5660300002)(83380400001)(9686003)(2906002)(4744005)(4326008)(122000001)(38070700005)(52536014)(76116006)(55016003)(66946007)(64756008)(66446008)(66556008)(66476007)(86362001)(71200400001)(8936002); DIR:OUT; SFP:1101; 
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915112DF7FB631B4BA9D98DFA619DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR08MB5846
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 7700e663-bf86-4a74-fd04-08d9af1b7049
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 7PRcc73xzv2MbXe0r9UiQF2W7q6OQGnpJ45kzunt8i0O/nh+VkUmXBQiuIlPs+XRtnTE+b7HEOy6Ji9EK1YZBs9MqeKRUzXtoGsXHJtoQ4gumYXR0zMtF5QMOfMAybIlPiSGRgkanFrV/LJmBmq9D/nh58j4qBFLONWs4Yoq2DKuCevGz2brudBsoh742J9UUgtxVPvlF+QLTat9nZPQwDh2RWAbK2B3aDu+Y1IAnYKWbFV8duzA6QFaFHI+5byOMZkQlPO0VEUmBvrVXnvvGyRBy7sWkDfAsBTEGUkq66Bd9CYPE0Z6KWxNCmQoGLnMv882/7cfYPcrLYpE+x+wPvgQB9NwryeGUij7d5CEht1CZ5AaikHFAPo8DQqDjk4f8pD93KGWoAlCEEWX6/cO5wIriuYs0Syms19TfJyU+gQvSDeFljJoJG/ULXH/4I2KUkUGkCx4llMrN7j2awwWXQJ6E5Oik/GuZhrzAjvDQZdVCfpO8AuSr/RthCqMuz+UI0BtE+VM5fGo63EYag5g4oB4uWwFDl5R70lLUjURAKPsn+J7fw2XCCq1gmXw5mi0JPl6MRyjlXv2YS0eUropplVpiq4cVKwhRuFRTKMG3sUcQM057mF9WF0h3XoUi8xhOUWWrYNmDH68ZAJYa1/6EEHDAX0YBRd+TOqANj0lgOUrtQtClZwMSeAjNDQHV9UtFojOp28PTKN6bIk00fcgDw==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;  IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;  PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(36840700001)(46966006)(86362001)(316002)(4326008)(336012)(81166007)(33656002)(2906002)(356005)(33964004)(83380400001)(7696005)(110136005)(8676002)(70206006)(26005)(5660300002)(82310400004)(55016003)(8936002)(508600001)(52536014)(47076005)(36860700001)(9686003)(186003)(6506007)(70586007); DIR:OUT; SFP:1101; 
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2021 07:24:30.8500 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b13b620c-54b4-41a6-c45c-08d9af1b74e7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];  Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1942
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Gw1Hge7Scki7XX2X1d1pketKrBk>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Nov 2021 07:24:41 -0000

--_000_DBBPR08MB5915112DF7FB631B4BA9D98DFA619DBBPR08MB5915eurp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

ICAqICAgSXQgd2FzIGV4dGVybmFsbHkgZGV2ZWxvcGVkLCBidXQgZGlkIGdldCBzb21lIHJlYXNv
bmFibGUgYW1vdW50IG9mIHJldmlldyBpbiBJRVRGLCBhbmQgd2FzIGRpc2N1c3NlZCBpbiBXRyBt
ZWV0aW5ncyBvbiBzZXZlcmFsIG9jY2FzaW9ucy4NCg0KRWl0aGVyIGl0IGlzIGEgcHJvZHVjdCBv
ZiB0aGUgSUVURiBvciBpdCBpc27igJl0LiBKdXN0IGJlY2F1c2UgeW91IGdldCBzb21lIGZlZWRi
YWNrIGRvZXMgbm90IG1ha2UgaXQgYW4gSUVURiBjb25zZW5zdXMgZG9jdW1lbnQuIEp1c3QgdGhp
bmsgYWJvdXQgZVRMUzogd2FzIHByZXNlbnRlZCBtYW55IHRpbWVzLCBnb3QgYSBsb3Qgb2YgZmVl
ZGJhY2suDQoNCkNpYW8NCkhhbm5lcw0KDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50
cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQg
bWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lw
aWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlz
Y2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1
cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRo
YW5rIHlvdS4NCg==

--_000_DBBPR08MB5915112DF7FB631B4BA9D98DFA619DBBPR08MB5915eurp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMg
MiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6RGVuZ1hpYW47DQoJcGFub3NlLTE6MiAx
IDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJ
cGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls
eToiXEBEZW5nWGlhbiI7DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQovKiBTdHls
ZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1h
bA0KCXttYXJnaW46MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGli
cmkiLHNhbnMtc2VyaWY7fQ0KcC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdyYXBo
LCBkaXYuTXNvTGlzdFBhcmFncmFwaA0KCXttc28tc3R5bGUtcHJpb3JpdHk6MzQ7DQoJbWFyZ2lu
LXRvcDowaW47DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltYXJnaW4tYm90dG9tOjBpbjsNCgltYXJn
aW4tbGVmdDouNWluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki
LHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29u
YWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2lu
ZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsN
Cglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDEx
LjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9u
MQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBs
MA0KCXttc28tbGlzdC1pZDoyNzU0NTEzOTk7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNv
LWxpc3QtdGVtcGxhdGUtaWRzOi0yOTYxODkwMiAyMDMzNzY3ODQwIDY3Njk4NjkxIDY3Njk4Njkz
IDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30N
CkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtc3RhcnQtYXQ6MDsNCgltc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674OYOw0KCW1zby1sZXZlbC10YWIt
c3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFt
aWx5OiJUaW1lcyBOZXcgUm9tYW4iOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OkNhbGlicmk7fQ0K
QGxpc3QgbDA6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1i
ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNv
dXJpZXIgTmV3Ijt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6
YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN
Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0K
CWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51
bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDUNCgl7bXNv
LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxl
dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl
eHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGww
OmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1p
bHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZv
bnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1u
dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDENCgl7bXNvLWxp
c3QtaWQ6MTU0NzMzMjQ0MTsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1w
bGF0ZS1pZHM6MzcyNDc2NCAxNjk0NjY1OTM4IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3
Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwxOmxl
dmVsMQ0KCXttc28tbGV2ZWwtc3RhcnQtYXQ6MDsNCgltc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674OYOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFtaWx5OiJUaW1lcyBO
ZXcgUm9tYW4iOw0KCW1zby1iaWRpLWZvbnQtZmFtaWx5OkNhbGlicmk7fQ0KQGxpc3QgbDE6bGV2
ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpv
Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9
DQpAbGlzdCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt
bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5
OldpbmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6
YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN
Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0K
CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJl
ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9w
Om5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0u
MjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwxOmxldmVsNg0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z
by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwx
OmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30N
CkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv
LWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJD
b3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KdWwN
Cgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHht
bD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3ht
bD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6
ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBl
bGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxp
bms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiIHN0eWxlPSJ3b3JkLXdyYXA6YnJlYWstd29yZCI+DQo8
ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPGRpdj4NCjx1bCBzdHlsZT0ibWFyZ2luLXRvcDow
aW4iIHR5cGU9ImRpc2MiPg0KPGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFy
Z2luLWxlZnQ6MGluO21zby1saXN0OmwxIGxldmVsMSBsZm8yIj5JdCB3YXMgZXh0ZXJuYWxseSBk
ZXZlbG9wZWQsIGJ1dCBkaWQgZ2V0IHNvbWUgcmVhc29uYWJsZSBhbW91bnQgb2YgcmV2aWV3IGlu
IElFVEYsIGFuZCB3YXMgZGlzY3Vzc2VkIGluIFdHIG1lZXRpbmdzIG9uIHNldmVyYWwgb2NjYXNp
b25zLiZuYnNwOzxvOnA+PC9vOnA+PC9saT48L3VsPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPkVpdGhlciBpdCBpcyBhIHByb2R1Y3Qgb2YgdGhlIElFVEYgb3IgaXQgaXNu4oCZdC4g
SnVzdCBiZWNhdXNlIHlvdSBnZXQgc29tZSBmZWVkYmFjayBkb2VzIG5vdCBtYWtlIGl0IGFuIElF
VEYgY29uc2Vuc3VzIGRvY3VtZW50LiBKdXN0IHRoaW5rIGFib3V0IGVUTFM6IHdhcyBwcmVzZW50
ZWQgbWFueSB0aW1lcywgZ290IGEgbG90IG9mIGZlZWRiYWNrLjxvOnA+PC9vOnA+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj5DaWFvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IYW5uZXM8bzpw
PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCklNUE9S
VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu
dHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy
ZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGlt
bWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBw
ZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5m
b3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_DBBPR08MB5915112DF7FB631B4BA9D98DFA619DBBPR08MB5915eurp_--


From nobody Sat Nov 27 08:28:45 2021
Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30963A040C for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 16:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.62
X-Spam-Level: 
X-Spam-Status: No, score=-1.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59pJe8ZaSO2c for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD2E3A040A for <saag@ietf.org>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
Received: by mail-wr1-x435.google.com with SMTP id i5so8006239wrb.2 for <saag@ietf.org>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;  h=from:date:subject:message-id:in-reply-to:to:cc:importance :mime-version:content-transfer-encoding; bh=xbecjBKZWxSMzse4Tlk6IiTXuJ84SrH9Z1qeQoxKXno=; b=fwHS2o8SIDYqpSE0I3Dvb1UMS6f3eEW3gzPIA4KfiKjpwS/FvG097nqkkoX1Zc/bYA 7awlBS3IgGk4GXMqQxdwqEKpaBoadU7hMWbOxZBBy4aLA1m79az2sJuqssPc23Nw8Rbx 12pqE620TGLbRPiXioAJiLIv0cPX/7/DfbJtKzuZROc+qTu7HM5sOgqQ97O7V/XhZ3me oBAx8F7ho6tq79t4ewl6Yhz3fEcO7qMVKxY5wE0UHy43ndoVH+IBXi/dre8S4gGx0Dk+ LMdkdeWD9zKY549f6Pl4FPKqVqadq6Bl2190CGkFJULpaWcKOV3Hm6rZhHNjWFjFsNFo iRmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:subject:message-id:in-reply-to:to:cc :importance:mime-version:content-transfer-encoding; bh=xbecjBKZWxSMzse4Tlk6IiTXuJ84SrH9Z1qeQoxKXno=; b=EmnnydFBKYIK0wAUc4KhUtxZQIm7D9bkMuixgeE6i5HjfRO673302QhUNm+yTaRnQg PGOUE2eQQSn2QwwL5i8GAZYTDUkKQk+AupEmCQMH44NummCMKKFHoBwfnrRkJ5AVA/W3 mLJWM0EfczbTpryep2//B30r7eiUPXAoKOi5BVNuyHjrI2E5fb+AY2lhe6HuJ9lsJoKK AoUQ7dwGejKd7A8qvcW7hAj4cKKPF+nl9bL3TjREe72a1I+2UByiBWCRcd+t36Oj9h6v mEbz3L4x0eQ3KXZQMsHpHBDY7dT/aaF0nyzdPbLc2yByKXJXBI05ueXKFG4YYKj1gLNJ WYvA==
X-Gm-Message-State: AOAM533J4hFFlO6aasM8NOzoXw7//jv8wvIMacfgVZg36JqPF0gk6otr tl1usf0ys6afCCOLh2uUQs4=
X-Google-Smtp-Source: ABdhPJxF/EeJewqz4UkoxaQx5cFexQPskn1I8VTY5DpuBKrvRLp3Oj+kWWcdG8JbILVZd6MwQ14SEA==
X-Received: by 2002:a5d:6843:: with SMTP id o3mr25109597wrw.174.1637195232535;  Wed, 17 Nov 2021 16:27:12 -0800 (PST)
Received: from [172.17.1.196] ([92.173.110.141]) by smtp.gmail.com with ESMTPSA id x1sm1315684wru.40.2021.11.17.16.27.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Nov 2021 16:27:12 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Date: Thu, 18 Nov 2021 01:27:13 +0100
Message-ID: <50e4c7c9-c35b-4f16-9246-3f57fe291311@email.android.com>
X-Android-Message-ID: <50e4c7c9-c35b-4f16-9246-3f57fe291311@email.android.com>
In-Reply-To: <CACsn0c=8E5GQ4dJ8WnibfoRb-j2OJakJmH+t5TBU8gdje9=Xag@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, IETF SAAG <saag@ietf.org>
Importance: Normal
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/VjxUMbUCfKLwDbOpERIr8EKMqYU>
X-Mailman-Approved-At: Sat, 27 Nov 2021 08:28:45 -0800
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 00:27:24 -0000

PGRpdiBkaXI9J2F1dG8nPjxkaXY+VGhpcyBPU0kgaW50ZXJuZXQgY29tbXVuaXR5IHRob3VnaHQg
dGhleSBzb2x2ZWQgdGhlIHByb2JsZW0gMzUgeWVhcnMgYWdvIHdpdGggdGhlaXIgT0lEIHN5c3Rl
bS4gQm9iIEthaG4gdGhvdWdodCBoZSB3b3VsZCBzb2x2ZSB0aGlzIHByb2JsZW0gMjUgeWVhcnMg
YWdvIHdpdGggdGhlIEhhbmRsZSBTeXN0ZW0uJm5ic3A7IEhlIGdvdCBoYWxmd2F5IHRoZXJlIHdp
dGggdGhlIERPSSBzeXN0ZW0uJm5ic3A7IEhlIHRoZW4gd2VudCB0byB0aGUgSVRVLVQgYW5kIHRp
ZWQgSGFuZGxlcyBpbnRvIFguMTI1NS4gV2hlbiB0aGF0IGRpZG4ndCB3b3JrLCBoZSBjcmVhdGVk
IGhpcyBvd24gaW50ZXJuYXRpb25hbCBvcmdhbml6YXRpb24sIERPTkEuJm5ic3A7IFN0aWxsIG5v
IHJlYWwgdGFrZS11cC4gVGhlIGluY2VudGl2ZXMgdG8gc29sdmUgaXQgYXJlIG92ZXJ3aGVsbWVk
IGJ5IHRoZSBkaXNpbmNlbnRpdmVzIGFuZCBjaGFvcyBvZiBuZXR3b3JrIGFuZCBpbmZvcm1hdGlv
biBhcmNoaXRlY3R1cmUgYXV0b25vbXkuPGRpdiBkaXI9ImF1dG8iPjxicj48L2Rpdj48ZGl2IGRp
cj0iYXV0byI+V2F0c29uIHNlZW1zIGFib3V0IHJpZ2h0LiZuYnNwOzwvZGl2Pjxicj48ZGl2IGNs
YXNzPSJnbWFpbF9leHRyYSI+PGJyPjxkaXYgY2xhc3M9ImdtYWlsX3F1b3RlIj5PbiBOb3YgMTgs
IDIwMjEgMTI6NTEgQU0sIFdhdHNvbiBMYWRkICZsdDt3YXRzb25ibGFkZEBnbWFpbC5jb20mZ3Q7
IHdyb3RlOjxiciB0eXBlPSJhdHRyaWJ1dGlvbiI+PGJsb2NrcXVvdGUgY2xhc3M9InF1b3RlIiBz
dHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGlu
Zy1sZWZ0OjFleCI+PHAgZGlyPSJsdHIiPk9uIFdlZCwgTm92IDE3LCAyMDIxLCA1OjE0IEFNIFRl
ZCBIYXJkaWUgJmx0O3RlZC5pZXRmQGdtYWlsLmNvbSZndDsgd3JvdGU6Cjxicj4KJmd0Owo8YnI+
CiZndDsgSGkgRGF2aWQsCjxicj4KJmd0Owo8YnI+CiZndDsgT24gVHVlLCBOb3YgMTYsIDIwMjEg
YXQgOToyNSBQTSBEYXZpZCBTY2hpbmF6aSAmbHQ7ZHNjaGluYXppLmlldGZAZ21haWwuY29tJmd0
OyB3cm90ZToKPGJyPgomZ3Q7Jmd0Owo8YnI+CiZndDsmZ3Q7IEkgZG9uJ3Qgc2VlIGFueSB2YWx1
ZSBpbiBzdGFuZGFyZGl6aW5nIGRpc2NvdmVyeSBvZiBwcml2YWN5LXJlbGF0ZWQgc2VydmljZXMu
Cjxicj4KJmd0OyZndDsgV2hlbiBhIGNsaWVudCBkZXZpY2UgKGEgdXNlciBhZ2VudCwgaWYgeW91
IHdpbGwpIHNoaXBzIGEgZmVhdHVyZSB0aGF0IGlzCjxicj4KJmd0OyZndDsgbWFya2V0ZWQgYXQg
aW1wcm92aW5nIHVzZXIgcHJpdmFjeSwgdGhlIHZlbmRvciBtYWtlcyBzb21lIHByb21pc2VzIHRv
IGl0cwo8YnI+CiZndDsmZ3Q7IHVzZXJzLiBGb3IgZXhhbXBsZSwgaXQgY291bGQgc2F5ICJ5b3Vy
IElQIGFkZHJlc3MgaXMgaGlkZGVuIGZyb20gd2Vic2l0ZXMiLgo8YnI+CiZndDsmZ3Q7IFRoZSB2
ZW5kb3IgbmVlZHMgdG8gZm9sbG93IHRocm91Z2ggb24gdGhhdCBjbGFpbSwgYW5kIHRoZSB3YXkg
aXQgZG9lcyB0aGF0IGlzCjxicj4KJmd0OyZndDsgYnkgdXNpbmcgc3BlY2lmaWMgcHJveGllcyB0
aGF0IGl0IHRydXN0cy4KPGJyPgomZ3Q7Cjxicj4KJmd0Owo8YnI+CiZndDsgUHV0IGRpZmZlcmVu
dGx5LCB0aGUgbmVlZCBmb3IgZGlzY292ZXJ5IGRlcGVuZHMgb24gd2hhdCBjbGFpbSB0aGUgZm9s
a3Mgc2hpcHBpbmcgdGhlIGZlYXR1cmUgcHV0IGZvcndhcmQuJm5ic3A7IEkgY2FuIGltYWdpbmUg
Y2xhaW1zIHRoYXQgd29yayB3aXRoIGRpc2NvdmVyeSwgbGlrZSAiVGhpcyBzb2Z0d2FyZSBwcm90
ZWN0cyBmcm9tIG9uLXRoZS13aXJlIG9ic2VydmVycyBjb2xsZWN0aW5nIHlvdXIgRE5TIHRyYWZm
aWMgYnkgdXNpbmcgYW55IGxvY2FsbHkgYXZhaWxhYmxlIERvSCBvciBEb1Egc2VydmljZXMuJm5i
c3A7IEl0IGZhbGxzIGJhY2sgdG8gYSBnbG9iYWxseSBjb25maWd1cmVkIHNlcnZpY2Ugd2hlbiBu
byBsb2NhbCBzZXJ2aWNlcyBhcmUgYXZhaWxhYmxlLiImbmJzcDsgSSBjYW4gaW1hZ2luZSBjbGFp
bXMgdGhhdCBkbyBub3QuCjxicj4KCjxicj4KTG9jYWwgc2VydmljZXMgYXJlIGFsc28gdW5saWtl
bHkgdG8gaGF2ZSB0aGUgc2FtZSBkZWdyZWUgb2YKPGJyPgppbmRlcGVuZGVuY2UgZnJvbSBhZHZl
cnNhcmllcy4gV291bGQgeW91IHRydXN0IHlvdXIgSVNQIHRvIGRlbGluayB5b3VyCjxicj4KaWRl
bnRpdHkgZnJvbSBpdHNlbGY/Cjxicj4KCjxicj4KVG8gYmUgY2xlYXIgSSBkb24ndCB0aGluayB0
aGVzZSBwcm9ibGVtcyBhcmUgc3VybW91bnRhYmxlLiBJJ20gYXNraW5nCjxicj4KdGhlIHBlb3Bs
ZSB3aG8gdGhpbmsgdGhleSBkbyB0byByYWlzZSwgaG9sZCwgb3IgZm9sZCwgcmF0aGVyIHRoYW4g
bWFrZQo8YnI+CnRoZSBzYW1lIGFyZ3VtZW50cyBhY3Jvc3Mgd29ya2luZyBncm91cHMgKG9mdGVu
IHNpbXBsaWZ5aW5nIHZlcnkKPGJyPgpkaWZmZXJlbnQgdHJ1c3QgYW5kIGRlcGxveW1lbnQgbW9k
ZWxzKS4KPGJyPgoKPGJyPgpTaW5jZXJlbHksCjxicj4KV2F0c29uIExhZGQKPGJyPgoKPGJyPgpf
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwo8YnI+CnNhYWcg
bWFpbGluZyBsaXN0Cjxicj4Kc2FhZ0BpZXRmLm9yZwo8YnI+Cmh0dHBzOi8vd3d3LmlldGYub3Jn
L21haWxtYW4vbGlzdGluZm8vc2FhZwo8YnI+CjwvcD4KPC9ibG9ja3F1b3RlPjwvZGl2Pjxicj48
L2Rpdj48L2Rpdj48L2Rpdj4=