From nobody Fri Oct 15 15:40:19 2021 Return-Path: X-Original-To: secdispatch@ietf.org Delivered-To: secdispatch@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 780F23A0DC5; Fri, 15 Oct 2021 15:33:59 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: rdd@cert.org, secdispatch@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 7.39.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <163433723947.17026.12823025965769592852@ietfa.amsl.com> Date: Fri, 15 Oct 2021 15:33:59 -0700 Archived-At: Subject: [Secdispatch] secdispatch - Requested session has been scheduled for IETF 112 X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2021 22:34:08 -0000 Dear Liz Flynn, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. secdispatch Session 1 (2:00 requested) Tuesday, 9 November 2021, Session I 1200-1400 Room Name: Room 7 size: 507 --------------------------------------------- iCalendar: https://datatracker.ietf.org/meeting/112/sessions/secdispatch.ics Request Information: --------------------------------------------------------- Working Group Name: Security Dispatch Area Name: Security Area Session Requester: Liz Flynn Number of Sessions: 1 Length of Session(s): 2 Hours Number of Attendees: 200 Conflicts to Avoid: People who must be present: Benjamin Kaduk Kathleen Moriarty Mohit Sethi Richard Barnes Roman Danyliw Resources Requested: Special Requests: Please avoid conflict with any Security related BoF. --------------------------------------------------------- From nobody Mon Oct 25 13:01:33 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 069F33A084B for ; Mon, 25 Oct 2021 13:01:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A7G7514Oxgqs for ; Mon, 25 Oct 2021 13:01:27 -0700 (PDT) Received: from rn-mailsvcp-ppex-lapp14.apple.com (rn-mailsvcp-ppex-lapp14.rno.apple.com [17.179.253.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D82D73A0AA8 for ; Mon, 25 Oct 2021 13:00:38 -0700 (PDT) Received: from pps.filterd (rn-mailsvcp-ppex-lapp14.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp14.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 19PJtLww029882; Mon, 25 Oct 2021 13:00:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : content-type : mime-version : subject : date : references : cc : to : message-id; s=20180706; bh=qOr1XLbF1lXeSxc9YdBgHcAlybV66HZoiM6wgvff5dY=; b=MS7T6nUl8egnunVTQqSyyfcmraznpvd96Od4P1yS6vxb5lLv2ypzqAakaLq1VNcTTzc7 D68mSvxVCXLNPp6j1LQerhEwsmjNUSofWD+Klu5Fvw2IYLT+q/Ruv5BZmZM2QkAL+pQl wngYULF6P4hdF4PyXubSvC/ZFzE80hVDf9Y1xQR43QnafCkezOyHHBjZJwn6FPXMk2mB 7vZzZGSRFj5jtkWdIh0eYUMe4BvK3Og03FqZ5fddFBBsfTF/Mhndf7YmBZzwI4uja38X PBDU8mjWYqXFUSMmiZquYHbUiYXvdROSDwZAfAZGHcjoFzbhuiVKEGYqmyneuG0GKeKZ pA== Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by rn-mailsvcp-ppex-lapp14.rno.apple.com with ESMTP id 3bvf9cn97n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Oct 2021 13:00:31 -0700 Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPS id <0R1J00N6KU8VVE50@rn-mailsvcp-mta-lapp03.rno.apple.com>; Mon, 25 Oct 2021 13:00:31 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) id <0R1J00G00TY60X00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Mon, 25 Oct 2021 13:00:31 -0700 (PDT) X-Va-A: X-Va-T-CD: 1780dac9747bf9c074f60db715b1dfd5 X-Va-E-CD: 4bc6be1c35d4be9a4bba8cba9b3dd459 X-Va-R-CD: 6dfd681be5934ef149a0f40ca129b643 X-Va-CD: 0 X-Va-ID: 991d75c5-5d93-42a9-a26e-c8feeed3d71c X-V-A: X-V-T-CD: 1780dac9747bf9c074f60db715b1dfd5 X-V-E-CD: 4bc6be1c35d4be9a4bba8cba9b3dd459 X-V-R-CD: 6dfd681be5934ef149a0f40ca129b643 X-V-CD: 0 X-V-ID: 1dbde46c-dab0-4989-b840-752c948336eb X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-25_07:2021-10-25, 2021-10-25 signatures=0 Received: from smtpclient.apple (unknown [17.234.59.124]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.12.20210903 64bit (built Sep 3 2021)) with ESMTPSA id <0R1J008GYU8UYO00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Mon, 25 Oct 2021 13:00:30 -0700 (PDT) From: Tommy Pauly Content-type: multipart/alternative; boundary="Apple-Mail=_CD68181E-84C0-49C8-B47D-0D889025378C" MIME-version: 1.0 (Mac OS X Mail 15.0 \(3691.0.3\)) Date: Mon, 25 Oct 2021 13:00:29 -0700 References: <163519158647.7470.5967840992186527470@ietfa.amsl.com> Cc: Jana Iyengar , Christopher Wood , Steven Valdez , Scott Hendrickson To: Secdispatch@ietf.org Message-id: X-Mailer: Apple Mail (2.3691.0.3) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-25_07:2021-10-25, 2021-10-25 signatures=0 Archived-At: Subject: [Secdispatch] Requesting agenda time for draft-private-access-tokens X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2021 20:01:32 -0000 --Apple-Mail=_CD68181E-84C0-49C8-B47D-0D889025378C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi SECDISPATCH, Several of us have been developing a new protocol spec called Private = Access Tokens. This is a publicly verifiable anonymous token (based on = RSA blind signatures) that can be presented to origins as HTTP = authentication, based on a system of token issuance that allows = anonymous per-origin rate limiting. The goal here is to make it possible = to work with metered paywalls and fraud prevention systems even when = clients are using anonymous IP addresses to access origins. We=E2=80=99d like to discuss this at IETF 112, and we=E2=80=99d love to = hear thoughts on comments on this list before then as well. https://www.ietf.org/archive/id/draft-private-access-tokens-00.html = Best, Tommy, Chris, Jana, Steven, & Scott > Begin forwarded message: >=20 > From: internet-drafts@ietf.org > Subject: New Version Notification for = draft-private-access-tokens-00.txt > Date: October 25, 2021 at 12:53:06 PM PDT > To: "Christopher A. Wood" , Christopher Wood = , Jana Iyengar , Scott Hendrickson = , Steven Valdez , Tommy = Pauly >=20 >=20 > A new version of I-D, draft-private-access-tokens-00.txt > has been successfully submitted by Tommy Pauly and posted to the > IETF repository. >=20 > Name: draft-private-access-tokens > Revision: 00 > Title: Private Access Tokens > Document date: 2021-10-25 > Group: Individual Submission > Pages: 37 > URL: = https://www.ietf.org/archive/id/draft-private-access-tokens-00.txt > Status: = https://datatracker.ietf.org/doc/draft-private-access-tokens/ > Html: = https://www.ietf.org/archive/id/draft-private-access-tokens-00.html > Htmlized: = https://datatracker.ietf.org/doc/html/draft-private-access-tokens >=20 >=20 > Abstract: > This document defines a protocol for issuing and redeeming privacy- > preserving access tokens. These tokens can adhere to an issuance > policy, allowing a service to limit access according to the policy > without tracking client identity. >=20 > Discussion Venues >=20 > This note is to be removed before publishing as an RFC. >=20 > Source for this draft and an issue tracker can be found at > https://github.com/tfpauly/privacy-proxy. >=20 >=20 >=20 >=20 > The IETF Secretariat >=20 >=20 --Apple-Mail=_CD68181E-84C0-49C8-B47D-0D889025378C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Hi SECDISPATCH,

Several of us have been developing a new protocol spec called = Private Access Tokens. This is a publicly verifiable anonymous token = (based on RSA blind signatures) that can be presented to origins as HTTP = authentication, based on a system of token issuance that allows = anonymous per-origin rate limiting. The goal here is to make it possible = to work with metered paywalls and fraud prevention systems even when = clients are using anonymous IP addresses to access origins.

We=E2=80=99d like to = discuss this at IETF 112, and we=E2=80=99d love to hear thoughts on = comments on this list before then as well.

https://www.ietf.org/archive/id/draft-private-access-tokens-00.= html

Best,
Tommy, Chris, Jana, Steven, & = Scott

Begin forwarded message:

From: = internet-drafts@ietf.org
Subject: = New Version = Notification for draft-private-access-tokens-00.txt
Date: = October 25, 2021 at 12:53:06 PM = PDT
To: = "Christopher A. Wood" <caw@heapingbits.net>, Christopher Wood <caw@heapingbits.net>, Jana Iyengar <jri@fastly.com>, Scott = Hendrickson <scott@shendrickson.com>, Steven Valdez <svaldez@chromium.org>, Tommy Pauly <tpauly@apple.com>

A new version of I-D, draft-private-access-tokens-00.txt
has been successfully submitted by Tommy Pauly and posted to = the
IETF repository.

Name: = draft-private-access-tokens
Revision: 00
Title:= = Private Access Tokens
Document date: = 2021-10-25
Group: Individual Submission
Pages:= = 37
URL: =            https://www.ietf.org/archive/id/draft-private-access-tokens-00.= txt
Status: =         https://datatracker.ietf.org/doc/draft-private-access-tokens/
Html: =           https://www.ietf.org/archive/id/draft-private-access-tokens-00.= html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-private-access-toke= ns


Abstract:
  This document defines a protocol for issuing and = redeeming privacy-
  preserving access tokens. =  These tokens can adhere to an issuance
=   policy, allowing a service to limit access according to the = policy
  without tracking client identity.

Discussion Venues

=   This note is to be removed before publishing as an RFC.

  Source for this draft and an = issue tracker can be found at
  https://github.com/tfpauly/privacy-proxy.



The IETF = Secretariat



= --Apple-Mail=_CD68181E-84C0-49C8-B47D-0D889025378C-- From nobody Tue Oct 26 17:17:00 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC5A3A195C for ; Tue, 26 Oct 2021 17:16:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcwV8JElTyu3 for ; Tue, 26 Oct 2021 17:16:54 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 801AC3A195A for ; Tue, 26 Oct 2021 17:16:54 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.1.2/8.16.1.2) with SMTP id 19R07jIo016183 for ; Wed, 27 Oct 2021 01:16:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=MBmmnOOwVqzY9fk/Ip8w/zeEb9tLYwNmaIfCJ/c9y9Y=; b=A/y8V0wcAF4Zi7eJoj+m3iZHy1OvUtLq4FBL+xEmiiA+aWk+FWEz/a8OSnd5YM1GtsF5 htlwfqcUny+tX91t/MmWy7R/CaHkojq+JD5/AHwOFXMT7IYNrBcCjdobbPdYGBqwt4+S zi1PlN7ki/NNBT+3xuwRJIAUNjYsQpzkA8I6FJXRGvejRR9tGe6wAQUxloEaMqiBn6ve 2OfAFhuQqzuJMNJFOiCUS1BnicUqRLIjLj/iChvnMznsr51JIL94my+/1E6tbE4xWf9g hezdrySzGorIysBxhoTQ79NjvO8UY2BbQu+56FmI+DTPV5+K2lf/U3CIuVwHl6dcdP8M bw== Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 3bxsbfdafp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 27 Oct 2021 01:16:51 +0100 Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 19R04DeQ019882 for ; Tue, 26 Oct 2021 20:16:50 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint7.akamai.com with ESMTP id 3bx573yx9a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 26 Oct 2021 20:16:50 -0400 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.165.122) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.165.120) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Tue, 26 Oct 2021 19:16:49 -0500 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.165.122]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.165.122]) with mapi id 15.00.1497.024; Tue, 26 Oct 2021 19:16:49 -0500 From: "Holland, Jake" To: "secdispatch@ietf.org" Thread-Topic: Requesting agenda time for draft-krose-multicast-security Thread-Index: AQHXysfvqNU+fYdr3U6RFCkpKpFXZQ== Date: Wed, 27 Oct 2021 00:16:49 +0000 Message-ID: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.53.21091200 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.164.43] Content-Type: text/plain; charset="utf-8" Content-ID: <93DDBA9CF90C88498F3605D52848F395@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-26_07:2021-10-26, 2021-10-26 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=780 mlxscore=0 adultscore=0 bulkscore=0 phishscore=1 malwarescore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110260130 X-Proofpoint-ORIG-GUID: jZnIULhgj40ZlVcQrGNZM5PM8Jfj4Bki X-Proofpoint-GUID: jZnIULhgj40ZlVcQrGNZM5PM8Jfj4Bki X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-26_07,2021-10-26_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 adultscore=0 clxscore=1011 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=660 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110260131 Archived-At: Subject: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Oct 2021 00:16:59 -0000 SGkgc2VjZGlzcGF0Y2gsDQoNCkkgaG9wZSBzb21lIG9mIHlvdSBoYWQgYSBjaGFuY2UgdG8gdGFr ZSBhIGxvb2sgYXQgdGhlIGRvY3VtZW50DQpLeWxlIHNlbnQgYWJvdXQgdGhlIHNlY3VyaXR5IG1v ZGVsIGZvciBtdWx0aWNhc3QgZm9yIHdlYiB0cmFmZmljWzBdOg0KaHR0cHM6Ly9kYXRhdHJhY2tl ci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1rcm9zZS1tdWx0aWNhc3Qtc2VjdXJpdHkNCg0KSSdt IHJlcXVlc3RpbmcgYSBzbG90IHRvIHRhbGsgYWJvdXQgaXQgZm9yIElFVEYgMTEyLCBhbmQgaG9w aW5nIHdlDQpjYW4gZ2V0IGl0IGRpc3BhdGNoZWQgdG8gYW4gYXBwcm9wcmlhdGUgdmVudWUuDQoN ClNvbWUgYmFja2dyb3VuZDoNCg0KV2UndmUgYmVlbiBkb2luZyBzb21lIHdvcmsgb24gbWFraW5n IG11bHRpY2FzdCB2aWFibGUgZm9yIHdlYg0KdHJhZmZpYy4gIEknbSBjaGFpcmluZyBhIFczQyBj b21tdW5pdHkgZ3JvdXAgY2hhcnRlcmVkIHRvIGluY3ViYXRlDQppdFsxXS4gIFdlIGhhdmUgYSBz dHJhdy1tYW4gQVBJWzJdIHdpdGggYSBkZW1vIGltcGxlbWVudGF0aW9uWzNdDQood2l0aG91dCB0 aGUgcHJvcG9zZWQgYXV0aGVudGljYXRpb24gc2NoZW1lWzRdIGltcGxlbWVudGVkIHlldCkNCnRo YXQgY2FuIHN1cHBvcnQgYW4gYXBwIHBvcnRlZCB0byB3YXNtIHBsYXlpbmcgdmlkZW9bNV0uICBB cyB0aGUNCmNoYXJ0ZXIgc3RhdGVzLCB3ZSdyZSBhaW1pbmcgdG8gZ2V0IGludG8gd2VidHJhbnNw b3J0IGZpcnN0IGluIGENCndheSBmdW5jdGlvbmFsbHkgc2ltaWxhciB0byB0aGUgZGVtbyAoc2Vy dmVyLXRvLWNsaWVudCBkYXRhZ3JhbXMpLCANCmFuZCBpbnRvIG90aGVyIEFQSXMgbGlrZSBmZXRj aC94aHIsIHRoZSBoNSBkb3dubG9hZCBhdHRyaWJ1dGUsIGFuZA0Kd2VicnRjIGFmdGVyd2FyZHMu DQoNCldlIGhhZCBob3BlZCB0byBkbyBzb21lIGZ1cnRoZXIgZXhwZXJpbWVudGF0aW9uIGJlaGlu ZCBhIGNvbW1hbmQtDQpsaW5lIGZsYWcsIGJ1dCBteSB1bmRlcnN0YW5kaW5nIG9mIHRoZSBrZXkg ZmVlZGJhY2sgd2UgZ290IHdoZW4gd2UNCnN1Z2dlc3RlZCB0aGlzIHRvIGNocm9taXVtWzZdIHdh cyB0aGF0IHdlIG5lZWQgYSBiZXR0ZXIgc2VjdXJpdHkNCm1vZGVsIHdpdGggd2lkZXIgY29uc2Vu c3VzIGJlZm9yZSB3ZSBjYW4gZG8gYW55dGhpbmcgbGlrZSB0aGlzLg0KSW4gcGFydGljdWxhciwg cHJvcG9zYWxzIGZvciB3ZWIgdHJhZmZpYyB0aGF0IGhhdmUgZGlmZmVyZW50DQpzZWN1cml0eSBw cm9wZXJ0aWVzIGZyb20gVExTIHdpbGwgbmVlZCByb2J1c3QgcmV2aWV3Lg0KDQpTbyB3ZSdyZSBs b29raW5nIGZvciB0aGUgcmlnaHQgdmVudWUgKGFuZCByZXZpZXdlcnMhKSB0byBlc3RhYmxpc2gN CmEgd2VsbC1jb25zaWRlcmVkIElFVEYgY29uc2Vuc3VzIG9uIHdoYXQgaXQgdGFrZXMgdG8gbWFr ZSBtdWx0aWNhc3QNCnNhZmUgZW5vdWdoIGZvciB0aGUgbW9kZXJuIGludGVybmV0LCBwYXJ0aWN1 bGFybHkgaW5jbHVkaW5nIHdlYg0KdHJhZmZpYy4NCg0KV2UncmUgaG9waW5nIHRoZSBmaW5hbCB2 ZXJzaW9uIG9mIHRoaXMgZG9jIHdpbGwgc2VydmUgYXMgdGhlDQpmb3VuZGF0aW9uIGZvciBndWlk aW5nIGFueSBuZWNlc3NhcnkgZXh0ZW5zaW9ucyB0byB0aGUgYXBwcm9wcmlhdGUNCnByb3RvY29s cywgaW4gbXVjaCB0aGUgc2FtZSByb2xlIHRoYXQgUkZDIDg4MjYgcGxheWVkIGZvciBXZWJSVEMu DQoNClRoYW5rcyBhbmQgcmVnYXJkcywNCkpha2UNCg0KUFM6ICBQbGVhc2Ugbm90ZSB0aGF0IGl0 IG1heSBhbHNvIGJlIGFwcHJvcHJpYXRlIGFuZCB2YWx1YWJsZSwNCmRlcGVuZGluZyBvbiB0aGUg YW5zd2VyLCB0byBtb3ZlIGRyYWZ0LWlldGYtbWJvbmVkLWFtYmkgdG8gdGhlIHNhbWUNCnZlbnVl LCBhcyBzb21lIG9mIHRoZSBkaXNjdXNzaW9uIGluIG1ib25lZCBtYWRlIG1lIHN1c3BlY3QgaXQg bWF5DQpub3QgYmUgdGhlIHJpZ2h0IGhvbWUgZm9yIGRpc2N1c3Npb24gb2YgaXRzIHNlY3VyaXR5 IHByb3BlcnRpZXMuDQoNClswXSBodHRwczovL21haWxhcmNoaXZlLmlldGYub3JnL2FyY2gvbXNn L3NlY2Rpc3BhdGNoL0xSTUhSS2lIZmszdmdWNDNLUmJHMzF4LXk0SS8NClsxXSBodHRwczovL3d3 dy53My5vcmcvY29tbXVuaXR5L211bHRpY2FzdC8NClsyXSBodHRwczovL2dpdGh1Yi5jb20vR3J1 bXB5T2xkVHJvbGwvd2ljZy1tdWx0aWNhc3QtcmVjZWl2ZXItYXBpL2Jsb2IvbWFzdGVyL2V4cGxh aW5lci5tZCANClszXSBodHRwczovL2dpdGh1Yi5jb20vR3J1bXB5T2xkVHJvbGwvY2hyb21pdW1f Zm9yaw0KWzRdIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0 Zi1tYm9uZWQtYW1iaQ0KWzVdIGh0dHBzOi8vd3d3LnczLm9yZy8yMDIxLzEwL1RQQUMvZGVtb3Mv bXVsdGljYXN0Lmh0bWwNCls2XSBodHRwczovL2dyb3Vwcy5nb29nbGUuY29tL2EvY2hyb21pdW0u b3JnL2cvbmV0LWRldi9jL1RqYk15UEt1UkhzL20vX1N5ZmhyaTdBQUFKDQoNCg0K From nobody Tue Oct 26 19:01:00 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA22A3A0061 for ; Tue, 26 Oct 2021 19:00:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAoTXrVxTeFg for ; Tue, 26 Oct 2021 19:00:53 -0700 (PDT) Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9013A0063 for ; Tue, 26 Oct 2021 19:00:53 -0700 (PDT) Received: by mail-io1-xd30.google.com with SMTP id b188so1734768iof.8 for ; Tue, 26 Oct 2021 19:00:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sMvtFGqvchfc4qbLTz74RUdXPmu4rE3EhfSbuYibqAc=; b=W/wEjAuuOTkT0rIPzCC5OJez0A2b8ZQk/AcNLWpeRXHMrjpKldwejAe/gP4R+IVxY2 05M/jqc/wzp9Eaut7wxaeFW4J1bxrAby6ayNAHTV+ar3mVLV10R/LG+GAzS3A2xqFeEK HJnn8oQj0t6PijPaLQrHwVTSK8QidlAa3mTaFN9WBKAqJcsxVjRYSl+wvlUvdkIU9Ga3 EnAOE17Yt6+gLJEByx5OIQiEUimuYAuxRSedvTRwREB16y2SiruYvFtGY7Kv8hJrpRV8 nukoTRyupVtpVxkqnoGp2vb2PODE0/YbAnO7L2L+YpBhSW/YqMXqn3xg/yYlhxUhB5AI vPZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sMvtFGqvchfc4qbLTz74RUdXPmu4rE3EhfSbuYibqAc=; b=JjT5RJT9q1g5PMArPN5wOlRnvjDfkSsc4RpSdp6I47YJXY0hwLSThNOXWZD4FhnbVw DmIMd8+peOQt2U+jTEndcGxBjXjzSrHmUxZZKd6MWrsjSj44p+/0BOwYhfLEEnGjuI2Y V9gYR1Y5i7KnUCMy4cOlmTFfyFdo3H00dYnfweRBliTslxFszsb4FrnOnPr3dYjO6E0P noWbs1xsA/38N4jErL7jjEv6woTthfdNPs7eAhiM9AbxXj4iTvFt+alIO/et6CLHc+yy wnPS5dG7HI5l2PFk/E+n5f5zmaCwzNNpdOGVEiDVnADYI2ets+qm9U7ZYnKi5LT0l1A3 15IQ== X-Gm-Message-State: AOAM531ChoSWrddDDh29QG8kdsJN/ZSLHZSvJR3IZYJefsHqZMFr3pY7 1o/vUkj+LbZeIGgQnd+ar5sx3QwBOYEUlDhL45JKZ8bTRkxseA== X-Google-Smtp-Source: ABdhPJz+W5OXEjyPeDxLTxxKWwnWEPSeC6SgGw6Eol/vgaSs32B8FVep+HcGs5o4zOI130x05Ze6vIPvc941AmgdWqQ= X-Received: by 2002:a5e:8f01:: with SMTP id c1mr17339220iok.148.1635300051904; Tue, 26 Oct 2021 19:00:51 -0700 (PDT) MIME-Version: 1.0 References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> In-Reply-To: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> From: Eric Rescorla Date: Tue, 26 Oct 2021 19:00:16 -0700 Message-ID: To: "Holland, Jake" Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000b200c005cf4bf634" Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Oct 2021 02:00:59 -0000 --000000000000b200c005cf4bf634 Content-Type: text/plain; charset="UTF-8" I have reviewed this document. While I have some technical comments below, my bigger comment is that this is the wrong place to start. The right place to start is what the application use cases are and whether there is demand. Once that is done, we can discuss the security properties and whether they are feasible. You make the comparison to 8826, but that was written *after* there was agreement that we wanted to do something like WebRTC. IOW, this belongs in DISPATCH. S 3.2. The Web security model requires that content be authenticated cryptographically. In the context of unicast transport security, authentication means that content is known to have originated from the trusted peer, something that is typically enforced via a cryptographic authentication tag: This is true, but I think misses an important property of Web authentication, which is the binding between the request and the response. I.e., the property is not just that the message came from the peer but also that it came in response to a given request. Viewed in this context, this text is misleading: Asymmetric verification of content delivered through multicast is conceptually identical to the unicast case, owing to the asymmetry of access to the signing key; but the symmetric case does not directly apply given that multiple receivers need access to the same key used for both signing and verification, which in a naive implementation opens up the possibility of forgery by a receiver on-path or with the ability to spoof the source. S 3.3. A baseline for multicast transport integrity that makes sense within the Web security model requires that we first define the minimally acceptable integrity requirements for data that may be presented to a user or otherwise input to the browser's trusted computing base. We propose that the proper minimal standard given the variety of potential use cases, including many that have no need for reliable or in-order delivery, is to require protection against replay, injection, and modification and the ability to detect deletion, loss, or reordering. This standard will necessarily constrain conformant application-layer protocol design, just as the Web security model adds constraints to vanilla TCP. This also seems like the wrong layer of abstraction, as it talks about comsec properties, but those aren't the ones that the Web depends on. i would start from the top and ask what it is the Web wants, not what it is TLS provides. S 3.4.1. In contrast to (say) unicast TLS, on-path monitoring can trivially prove that identical content was delivered to multiple receivers, irrespective of payload encryption. Furthermore, since those receivers all require the same keying material to decrypt the received payload, a compromise of any single receiver's device exposes decryption keys, and therefore the plaintext content, to the attacker. This isn't just about compromise by an attacker but also attacks by other legitimate receivers. The Web doesn't currently allow that but you would introduce that. -Ekr On Tue, Oct 26, 2021 at 5:17 PM Holland, Jake wrote: > Hi secdispatch, > > I hope some of you had a chance to take a look at the document > Kyle sent about the security model for multicast for web traffic[0]: > https://datatracker.ietf.org/doc/html/draft-krose-multicast-security > > I'm requesting a slot to talk about it for IETF 112, and hoping we > can get it dispatched to an appropriate venue. > > Some background: > > We've been doing some work on making multicast viable for web > traffic. I'm chairing a W3C community group chartered to incubate > it[1]. We have a straw-man API[2] with a demo implementation[3] > (without the proposed authentication scheme[4] implemented yet) > that can support an app ported to wasm playing video[5]. As the > charter states, we're aiming to get into webtransport first in a > way functionally similar to the demo (server-to-client datagrams), > and into other APIs like fetch/xhr, the h5 download attribute, and > webrtc afterwards. > > We had hoped to do some further experimentation behind a command- > line flag, but my understanding of the key feedback we got when we > suggested this to chromium[6] was that we need a better security > model with wider consensus before we can do anything like this. > In particular, proposals for web traffic that have different > security properties from TLS will need robust review. > > So we're looking for the right venue (and reviewers!) to establish > a well-considered IETF consensus on what it takes to make multicast > safe enough for the modern internet, particularly including web > traffic. > > We're hoping the final version of this doc will serve as the > foundation for guiding any necessary extensions to the appropriate > protocols, in much the same role that RFC 8826 played for WebRTC. > > Thanks and regards, > Jake > > PS: Please note that it may also be appropriate and valuable, > depending on the answer, to move draft-ietf-mboned-ambi to the same > venue, as some of the discussion in mboned made me suspect it may > not be the right home for discussion of its security properties. > > [0] > https://mailarchive.ietf.org/arch/msg/secdispatch/LRMHRKiHfk3vgV43KRbG31x-y4I/ > [1] https://www.w3.org/community/multicast/ > [2] > https://github.com/GrumpyOldTroll/wicg-multicast-receiver-api/blob/master/explainer.md > [3] https://github.com/GrumpyOldTroll/chromium_fork > [4] https://datatracker.ietf.org/doc/html/draft-ietf-mboned-ambi > [5] https://www.w3.org/2021/10/TPAC/demos/multicast.html > [6] > https://groups.google.com/a/chromium.org/g/net-dev/c/TjbMyPKuRHs/m/_Syfhri7AAAJ > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000b200c005cf4bf634 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I have reviewed this document. While I have some technical= comments
below, my bigger comment is that this is the wrong place to st= art.

The right place to start is what the application use cases are = and
whether there is demand. Once that is done, we can discuss the
se= curity properties and whether they are feasible. You make the
comparison= to 8826, but that was written *after* there was agreement
that we wante= d to do something like WebRTC. IOW, this belongs in
DISPATCH.

S 3.2.

=C2=A0 =C2=A0The Web security model requires that content be= authenticated
=C2=A0 =C2=A0cryptographically.=C2=A0 In the context of u= nicast transport security,
=C2=A0 =C2=A0authentication means that conten= t is known to have originated from
=C2=A0 =C2=A0the trusted peer, someth= ing that is typically enforced via a
=C2=A0 =C2=A0cryptographic authenti= cation tag:

This is true, but I think misses an important property o= f Web
authentication, which is the binding between the request and
th= e response. I.e., the property is not just that the message
came from th= e peer but also that it came in response to a given
request.

View= ed in this context, this text is misleading:

=C2=A0 =C2=A0Asymmetric= verification of content delivered through multicast is
=C2=A0 =C2=A0con= ceptually identical to the unicast case, owing to the asymmetry of
=C2= =A0 =C2=A0access to the signing key; but the symmetric case does not direct= ly
=C2=A0 =C2=A0apply given that multiple receivers need access to the s= ame key used
=C2=A0 =C2=A0for both signing and verification, which in a = naive implementation
=C2=A0 =C2=A0opens up the possibility of forgery by= a receiver on-path or with the
=C2=A0 =C2=A0ability to spoof the source= .


S 3.3.

=C2=A0 =C2=A0A baseline for multicast transport = integrity that makes sense within
=C2=A0 =C2=A0the Web security model re= quires that we first define the minimally
=C2=A0 =C2=A0acceptable integr= ity requirements for data that may be presented to a
=C2=A0 =C2=A0user o= r otherwise input to the browser's trusted computing base.=C2=A0 We
= =C2=A0 =C2=A0propose that the proper minimal standard given the variety of<= br>=C2=A0 =C2=A0potential use cases, including many that have no need for r= eliable or
=C2=A0 =C2=A0in-order delivery, is to require protection agai= nst replay,
=C2=A0 =C2=A0injection, and modification and the ability to = detect deletion, loss,
=C2=A0 =C2=A0or reordering.=C2=A0 This standard w= ill necessarily constrain conformant
=C2=A0 =C2=A0application-layer prot= ocol design, just as the Web security model
=C2=A0 =C2=A0adds constraint= s to vanilla TCP.

This also seems like the wrong layer of abstractio= n, as it talks
about comsec properties, but those aren't the ones th= at the Web
depends on. i would start from the top and ask what it is the=
Web wants, not what it is TLS provides.


S 3.4.1.
=C2=A0 = =C2=A0In contrast to (say) unicast TLS, on-path monitoring can trivially=C2=A0 =C2=A0prove that identical content was delivered to multiple receiv= ers,
=C2=A0 =C2=A0irrespective of payload encryption.=C2=A0 Furthermore,= since those
=C2=A0 =C2=A0receivers all require the same keying material= to decrypt the
=C2=A0 =C2=A0received payload, a compromise of any singl= e receiver's device
=C2=A0 =C2=A0exposes decryption keys, and theref= ore the plaintext content, to the
=C2=A0 =C2=A0attacker.

This isn= 't just about compromise by an attacker but also attacks
by other le= gitimate receivers. The Web doesn't currently allow that
but you wou= ld introduce that.

-Ekr

On Tue, Oct 26, 2021 at 5:17 PM Holland, = Jake <jholland=3D40akamai= .com@dmarc.ietf.org> wrote:
Hi secdispatch,

I hope some of you had a chance to take a look at the document
Kyle sent about the security model for multicast for web traffic[0]:
https://datatracker.ietf.org/doc= /html/draft-krose-multicast-security

I'm requesting a slot to talk about it for IETF 112, and hoping we
can get it dispatched to an appropriate venue.

Some background:

We've been doing some work on making multicast viable for web
traffic.=C2=A0 I'm chairing a W3C community group chartered to incubate=
it[1].=C2=A0 We have a straw-man API[2] with a demo implementation[3]
(without the proposed authentication scheme[4] implemented yet)
that can support an app ported to wasm playing video[5].=C2=A0 As the
charter states, we're aiming to get into webtransport first in a
way functionally similar to the demo (server-to-client datagrams),
and into other APIs like fetch/xhr, the h5 download attribute, and
webrtc afterwards.

We had hoped to do some further experimentation behind a command-
line flag, but my understanding of the key feedback we got when we
suggested this to chromium[6] was that we need a better security
model with wider consensus before we can do anything like this.
In particular, proposals for web traffic that have different
security properties from TLS will need robust review.

So we're looking for the right venue (and reviewers!) to establish
a well-considered IETF consensus on what it takes to make multicast
safe enough for the modern internet, particularly including web
traffic.

We're hoping the final version of this doc will serve as the
foundation for guiding any necessary extensions to the appropriate
protocols, in much the same role that RFC 8826 played for WebRTC.

Thanks and regards,
Jake

PS:=C2=A0 Please note that it may also be appropriate and valuable,
depending on the answer, to move draft-ietf-mboned-ambi to the same
venue, as some of the discussion in mboned made me suspect it may
not be the right home for discussion of its security properties.

[0] https://mailarchiv= e.ietf.org/arch/msg/secdispatch/LRMHRKiHfk3vgV43KRbG31x-y4I/
[1] https://www.w3.org/community/multicast/
[2] https://gi= thub.com/GrumpyOldTroll/wicg-multicast-receiver-api/blob/master/explainer.m= d
[3] https://github.com/GrumpyOldTroll/chromium_fork
[4] https://datatracker.ietf.org/doc/htm= l/draft-ietf-mboned-ambi
[5] https://www.w3.org/2021/10/TPAC/demos/multic= ast.html
[6] https://groups.go= ogle.com/a/chromium.org/g/net-dev/c/TjbMyPKuRHs/m/_Syfhri7AAAJ


_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000b200c005cf4bf634-- From nobody Tue Oct 26 22:19:08 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D24C13A0A39 for ; Tue, 26 Oct 2021 22:19:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5qO7NdnZrJM for ; Tue, 26 Oct 2021 22:19:01 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 446813A0A1D for ; Tue, 26 Oct 2021 22:19:01 -0700 (PDT) Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19R4YDfI023648; Wed, 27 Oct 2021 06:18:59 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=UHaLrvZsV/vSGeoM8X0WL/gGGaBd0Q0mq2xqBIxU0z0=; b=mkqnX0+zJDTndeI9Y2vVDXUJf/jKA4TVuBnAQSEzzBq4ySlpB+54WKwVgaqXKcJq+wx5 gI6eyGm8K5l4wL1D6IlMrj5CXcrM8D0u5w9gOfWVE4nUYFd00darY2ex2yrNz6sOiv20 hYV7l6BjtPYosLbMr7JjltE4BqaDZ5z8P9aQjlT+UCCKj3FgyqJtv8SMu+DX92er+oJc J6oxaTj0MoNaCRC/wOxo6B3yqlJDDLXuSl1+ooFSvbwEFmwm2j8m/SYfr381Uvu1s5Vi SEtdb661ZUuy40F+RXma2K/0d88//6SPvUcOhzvvT5QkwUQWzUkEIoDrdGyAFDrS9LJo cA== Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 3bxyv0rg9b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Oct 2021 06:18:59 +0100 Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 19R54Ddk027351; Wed, 27 Oct 2021 01:18:58 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.116]) by prod-mail-ppoint7.akamai.com with ESMTP id 3bx574179c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 27 Oct 2021 01:18:58 -0400 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.165.122) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Wed, 27 Oct 2021 00:18:57 -0500 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.165.122]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.165.122]) with mapi id 15.00.1497.024; Wed, 27 Oct 2021 00:18:57 -0500 From: "Holland, Jake" To: Eric Rescorla CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Requesting agenda time for draft-krose-multicast-security Thread-Index: AQHXysfvqNU+fYdr3U6RFCkpKpFXZavmawcA///CJYA= Date: Wed, 27 Oct 2021 05:18:56 +0000 Message-ID: References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.53.21091200 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.164.43] Content-Type: text/plain; charset="utf-8" Content-ID: <684019DC2CEBD144936422A1CA653E8F@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-27_01:2021-10-26, 2021-10-27 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 mlxscore=0 adultscore=0 bulkscore=0 phishscore=0 malwarescore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110270029 X-Proofpoint-ORIG-GUID: Pa1sqjiYZcetjI2zhgYajTXQzhAn_Fwf X-Proofpoint-GUID: Pa1sqjiYZcetjI2zhgYajTXQzhAn_Fwf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-27_01,2021-10-26_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 impostorscore=0 mlxscore=0 malwarescore=0 bulkscore=0 adultscore=0 spamscore=0 priorityscore=1501 mlxlogscore=999 clxscore=1011 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110270031 Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Oct 2021 05:19:06 -0000 SGkgRXJpYywNCg0KVGhhbmtzIGZvciB0aGUgcmV2aWV3IGFuZCBjb21tZW50cyENCg0KSSBoYXZl IGEgZmV3IHJlc3BvbnNlczoNCg0KRnJvbTogRXJpYyBSZXNjb3JsYSA8ZWtyQHJ0Zm0uY29tPg0K RGF0ZTogVHVlLDIwMjEtMTAtMjYgYXQgNzowMSBQTQ0KDQo+IFRoZSByaWdodCBwbGFjZSB0byBz dGFydCBpcyB3aGF0IHRoZSBhcHBsaWNhdGlvbiB1c2UgY2FzZXMgYXJlIGFuZA0KPiB3aGV0aGVy IHRoZXJlIGlzIGRlbWFuZC4gT25jZSB0aGF0IGlzIGRvbmUsIHdlIGNhbiBkaXNjdXNzIHRoZQ0K PiBzZWN1cml0eSBwcm9wZXJ0aWVzIGFuZCB3aGV0aGVyIHRoZXkgYXJlIGZlYXNpYmxlLiBZb3Ug bWFrZSB0aGUNCj4gY29tcGFyaXNvbiB0byA4ODI2LCBidXQgdGhhdCB3YXMgd3JpdHRlbiAqYWZ0 ZXIqIHRoZXJlIHdhcyBhZ3JlZW1lbnQNCj4gdGhhdCB3ZSB3YW50ZWQgdG8gZG8gc29tZXRoaW5n IGxpa2UgV2ViUlRDLiBJT1csIHRoaXMgYmVsb25ncyBpbg0KPiBESVNQQVRDSC4NCg0KSSBndWVz cyB0aGlzIGhhZCBub3Qgb2NjdXJyZWQgdG8gbWUuDQoNCkkgc2VlIHdoeSB0aGlzIHdvdWxkIGJl IGEgbmVjZXNzYXJ5IHN0ZXAgZm9yIFdlYlJUQywgYnV0IGZvciBtdWx0aWNhc3QNCnRoZSBwcm9i bGVtIGlzIG5vdCBhcHBsaWNhdGlvbiB1c2UgY2FzZXMgKHdlIGRvbid0IHByb3Bvc2UgdG8gYWRk IGFueSksDQpidXQgcmF0aGVyIHNjYWxhYmlsaXR5IHVzZSBjYXNlcywgYW5kIGhlcmUgSSBiZWxp ZXZlIHRoZSBudW1iZXJzDQpzcGVhayBmb3IgdGhlbXNlbHZlcy4NCg0KSSd2ZSBwdWJsaXNoZWQg YSBmZXcgc2ltcGxlIGFuYWx5c2VzIG9uIHRoaXMgc3ViamVjdCBiZWZvcmUuICBTb3JyeQ0KSSBk aWRuJ3QgaW5jbHVkZSB0aGVtIGluIHRoZSBpbml0aWFsIG1lc3NhZ2UsIEkgdGhvdWdodCB0aGUg Z2VuZXJhbA0KbmF0dXJlIG9mIHRoZSBpc3N1ZSB3YXMgcmVhc29uYWJseSB3ZWxsLWtub3duIGZy b20gdGhlIHByaW9yIGF0dGVtcHRzDQp0byBnZXQgbXVsdGljYXN0IHdvcmtpbmcsIGJ1dCBpbiBy ZXRyb3NwZWN0IG1heWJlIEkgc2hvdWxkIGhhdmUNCmluY2x1ZGVkIHNvbWUuICBIZXJlIGFyZSBh IGZldyB3aXRoIHJlYXNvbmFibHkgbW9kZXJuIG51bWJlcnM6DQoNCjEuIEV4cGxhaW5lciBmb3Ig dGhlIGZpcnN0IGRyYWZ0IEFQSSBwcm9wb3NhbDoNCmh0dHBzOi8vZ2l0aHViLmNvbS9HcnVtcHlP bGRUcm9sbC93aWNnLW11bHRpY2FzdC1yZWNlaXZlci1hcGkvYmxvYi9tYXN0ZXIvZXhwbGFpbmVy Lm1kI3NjYWxpbmctcHJvYmxlbS1leGFtcGxlcw0KDQoyLiBTaW1pbGFyIG51bWJlcnMgaGVyZToN Cmh0dHBzOi8vYmxvZy5hcG5pYy5uZXQvMjAyMC8wNy8yOC93aHktaW50ZXItZG9tYWluLW11bHRp Y2FzdC1ub3ctbWFrZXMtc2Vuc2UvDQoNCjMuIEEgYmFyLWJvZiBhdCBJRVRGIDExMSwgd2hlcmUg SSBjb3ZlcmVkIHNvbWUgb2YgdGhlIGVmZmVjdHMgYW5kDQppbXBhY3Qgb2YgcGVhayBpbnRlcm5l dCBkYXlzOg0KaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj12S0hkVHJoUUhMbw0Kc2xp ZGVzOiBodHRwczovL3RyYWMuaWV0Zi5vcmcvdHJhYy9pZXRmL21lZXRpbmcvYXR0YWNobWVudC93 aWtpLzExMXNpZGVtZWV0aW5ncy9zbGlkZXMtaWV0ZjExMS1zaWRlLW1lZXRpbmctd2ViLW11bHRp Y2FzdC5wZGYNCg0KVGhlcmUncyBwcm9iYWJseSBhIGZldyBvdGhlcnMgSSBjYW4gZGlnIHVwIGlm IHlvdSdkIGxpa2UgbW9yZSwgYnV0DQpJIHRoaW5rIHRoYXQgc2hvdWxkIGdpdmUgdGhlIGdpc3Qu DQoNCkFkZGl0aW9uYWxseSwgdGhlcmUncyBzZXZlcmFsIGFkb3B0ZWQgZHJhZnRzIGluIG1ib25l ZCwgd2hlcmUgaXQNCnNlZW1zIHRoZXJlJ3MgYWxyZWFkeSBjb25zZW5zdXMgb24gdGhlIGxvbmct b3ZlcmR1ZSBuZWVkIHRvDQpkZXBsb3kgc29tZSB1c2FibGUgbXVsdGljYXN0IGRlbGl2ZXJ5IGZv ciBzY2FsYWJpbGl0eSByZWFzb25zLg0KDQpXaGlsZSBJIGRvIHRoaW5rIHRoZXJlJ3MgZ29vZCBl dmlkZW5jZSBvZiBhIHNjYWxhYmlsaXR5IHByb2JsZW0NCndpdGggdGhlIGN1cnJlbnQgbW9zdGx5 LXVuaWNhc3Qtb25seSBpbnRlcm5ldCBhbmQgcHJlLWV4aXN0aW5nDQpJRVRGIGNvbnNlbnN1cyB0 aGF0IGl0J3Mgd29ydGggYWRkcmVzc2luZywgSSBkbyB0aGluayB0aGF0IHRoZSANCndvcmsgc28g ZmFyIGxhY2tzIHN1ZmZpY2llbnQgc2VjdXJpdHkgcmV2aWV3IHRvIHRha2UgaXQgZnVydGhlciwN CndoaWNoIGlzIHdoeSBJJ20gcmVhY2hpbmcgb3V0IG5vdyB0byBzZWNkaXNwYXRjaC4NCg0KSSBk b24ndCBiZWxpZXZlIHRoaXMgaXMgYW4gQVJUIGFyZWEgaXNzdWUsIHNpbmNlIHdoYXQgSSdtIGFp bWluZw0KZm9yIGlzIHRvIGtlZXAgcm91Z2hseSB0aGUgc2FtZSBhcHAgb2JqZWN0aXZlcyBhcyB0 b2RheSwgYnV0IHRvDQpkZWxpdmVyIGNvbnRlbnQgbW9yZSBlZmZpY2llbnRseSB3aGVuIHRoZXJl J3MgaGlnaCBjb25jdXJyZW5jeQ0KaW4gdGhlIGRhdGEgdG8gYmUgZGVsaXZlcmVkIGluIHJlc3Bv bnNlIHRvIHVzZXIgZGVtYW5kLg0KDQo+IFMgMy4yLg0KPg0KPsKgICDCoFRoZSBXZWIgc2VjdXJp dHkgbW9kZWwgcmVxdWlyZXMgdGhhdCBjb250ZW50IGJlIGF1dGhlbnRpY2F0ZWQNCj7CoCAgwqBj cnlwdG9ncmFwaGljYWxseS7CoCBJbiB0aGUgY29udGV4dCBvZiB1bmljYXN0IHRyYW5zcG9ydCBz ZWN1cml0eSwNCj4gwqAgwqBhdXRoZW50aWNhdGlvbiBtZWFucyB0aGF0IGNvbnRlbnQgaXMga25v d24gdG8gaGF2ZSBvcmlnaW5hdGVkIGZyb20NCj4gwqAgwqB0aGUgdHJ1c3RlZCBwZWVyLCBzb21l dGhpbmcgdGhhdCBpcyB0eXBpY2FsbHkgZW5mb3JjZWQgdmlhIGENCj4gwqAgwqBjcnlwdG9ncmFw aGljIGF1dGhlbnRpY2F0aW9uIHRhZzoNCj4NCj4gVGhpcyBpcyB0cnVlLCBidXQgSSB0aGluayBt aXNzZXMgYW4gaW1wb3J0YW50IHByb3BlcnR5IG9mIFdlYg0KPiBhdXRoZW50aWNhdGlvbiwgd2hp Y2ggaXMgdGhlIGJpbmRpbmcgYmV0d2VlbiB0aGUgcmVxdWVzdCBhbmQNCj4gdGhlIHJlc3BvbnNl LiBJLmUuLCB0aGUgcHJvcGVydHkgaXMgbm90IGp1c3QgdGhhdCB0aGUgbWVzc2FnZQ0KPiBjYW1l IGZyb20gdGhlIHBlZXIgYnV0IGFsc28gdGhhdCBpdCBjYW1lIGluIHJlc3BvbnNlIHRvIGEgZ2l2 ZW4NCj4gcmVxdWVzdC4NCg0KVGhhbmtzLCB0aGF0J3MgYW4gZXhjZWxsZW50IHBvaW50IGFuZCBJ IGFncmVlIHRoZSB0ZXh0IHNob3VsZCBiZQ0KdXBkYXRlZCB0byByZWZsZWN0IHRoaXMgcHJvcGVy dHkuICBJIG9wZW5lZCBhbiBpc3N1ZSB0byB0cmFjayBpdDoNCmh0dHBzOi8vZ2l0aHViLmNvbS9z cXVhcm9vdGljdXMvZHJhZnQta3Jvc2UtbXVsdGljYXN0LXNlY3VyaXR5L2lzc3Vlcy8xMg0KDQpU aGlzIGlzIGV4YWN0bHkgdGhlIGtpbmQgb2YgZmVlZGJhY2sgSSBob3BlZCB0byBnZXQgYnkgYnJp bmdpbmcNCml0IGhlcmUsIG11Y2ggb2JsaWdlZC4NCg0KPiBWaWV3ZWQgaW4gdGhpcyBjb250ZXh0 LCB0aGlzIHRleHQgaXMgbWlzbGVhZGluZzoNCj4NCj4gwqAgwqBBc3ltbWV0cmljIHZlcmlmaWNh dGlvbiBvZiBjb250ZW50IGRlbGl2ZXJlZCB0aHJvdWdoIG11bHRpY2FzdCBpcw0KPiDCoCDCoGNv bmNlcHR1YWxseSBpZGVudGljYWwgdG8gdGhlIHVuaWNhc3QgY2FzZSwgb3dpbmcgdG8gdGhlIGFz eW1tZXRyeSBvZg0KPiDCoCDCoGFjY2VzcyB0byB0aGUgc2lnbmluZyBrZXk7IGJ1dCB0aGUgc3lt bWV0cmljIGNhc2UgZG9lcyBub3QgZGlyZWN0bHkNCj4gwqAgwqBhcHBseSBnaXZlbiB0aGF0IG11 bHRpcGxlIHJlY2VpdmVycyBuZWVkIGFjY2VzcyB0byB0aGUgc2FtZSBrZXkgdXNlZA0KPiDCoCDC oGZvciBib3RoIHNpZ25pbmcgYW5kIHZlcmlmaWNhdGlvbiwgd2hpY2ggaW4gYSBuYWl2ZSBpbXBs ZW1lbnRhdGlvbg0KPiDCoCDCoG9wZW5zIHVwIHRoZSBwb3NzaWJpbGl0eSBvZiBmb3JnZXJ5IGJ5 IGEgcmVjZWl2ZXIgb24tcGF0aCBvciB3aXRoIHRoZQ0KPiDCoCDCoGFiaWxpdHkgdG8gc3Bvb2Yg dGhlIHNvdXJjZS4NCg0KSWYgSSB1bmRlcnN0YW5kIGNvcnJlY3RseSwgaWYgd2UgY2FuIHByb3Zp ZGUgdGhlIGFwcHJvcHJpYXRlIHRleHQNCmFib3V0IGJpbmRpbmcgdG8gdGhlIHJlcXVlc3QsIHRo ZW4gdGhpcyB3b3VsZCBubyBsb25nZXIgYmUgbWlzbGVhZGluZz8NCg0KQWx0aG91Z2ggdGhlcmUg cmVtYWluIHNvbWUgcG90ZW50aWFsIGRpZmZlcmVuY2VzLCBJIHRoaW5rIHRoZXJlIGFyZQ0Kc29t ZSBhbmFsb2dvdXMgY2FzZXMgaW4gd2VidHJhbnNwb3J0IGFuZCBoMiBzZXJ2ZXIgcHVzaCwgZm9y IGV4YW1wbGUsDQp3aGVyZSBpdCdzIHBvc3NpYmxlIGZvciBhIHJlY2VpdmVyIHRvIGdldCBzb21l IHRoaW5ncyB0aGF0IGl0J3Mgbm90DQppbnRlcmVzdGVkIGluIHByb2Nlc3NpbmcsIGJ1dCBuZXZl cnRoZWxlc3MgYXJlIGFzc29jaWF0ZWQgd2l0aCBhDQpyZXNvdXJjZSB0aGF0IHdhcyBhY3R1YWxs eSByZXF1ZXN0ZWQuICBNYXliZSB0aGVyZSdzIHNvbWUgZ29vZCB0ZXh0DQpvbiB0aG9zZSBzdWJq ZWN0cyB3ZSBjb3VsZCBhZGFwdCBoZXJlIHRvIHJlZmluZSB0aGlzIHBvaW50LCBpZiBpdCdzDQpu ZWNlc3Nhcnk/DQoNCg0KPiBTIDMuMy4NCj4NCj4gwqAgwqBBIGJhc2VsaW5lIGZvciBtdWx0aWNh c3QgdHJhbnNwb3J0IGludGVncml0eSB0aGF0IG1ha2VzIHNlbnNlIHdpdGhpbg0KPiDCoCDCoHRo ZSBXZWIgc2VjdXJpdHkgbW9kZWwgcmVxdWlyZXMgdGhhdCB3ZSBmaXJzdCBkZWZpbmUgdGhlIG1p bmltYWxseQ0KPiDCoCDCoGFjY2VwdGFibGUgaW50ZWdyaXR5IHJlcXVpcmVtZW50cyBmb3IgZGF0 YSB0aGF0IG1heSBiZSBwcmVzZW50ZWQgdG8gYQ0KPiDCoCDCoHVzZXIgb3Igb3RoZXJ3aXNlIGlu cHV0IHRvIHRoZSBicm93c2VyJ3MgdHJ1c3RlZCBjb21wdXRpbmcgYmFzZS7CoCBXZQ0KPiDCoCDC oHByb3Bvc2UgdGhhdCB0aGUgcHJvcGVyIG1pbmltYWwgc3RhbmRhcmQgZ2l2ZW4gdGhlIHZhcmll dHkgb2YNCj4gwqAgwqBwb3RlbnRpYWwgdXNlIGNhc2VzLCBpbmNsdWRpbmcgbWFueSB0aGF0IGhh dmUgbm8gbmVlZCBmb3IgcmVsaWFibGUgb3INCj4gwqAgwqBpbi1vcmRlciBkZWxpdmVyeSwgaXMg dG8gcmVxdWlyZSBwcm90ZWN0aW9uIGFnYWluc3QgcmVwbGF5LA0KPiDCoCDCoGluamVjdGlvbiwg YW5kIG1vZGlmaWNhdGlvbiBhbmQgdGhlIGFiaWxpdHkgdG8gZGV0ZWN0IGRlbGV0aW9uLCBsb3Nz LA0KPiDCoCDCoG9yIHJlb3JkZXJpbmcuwqAgVGhpcyBzdGFuZGFyZCB3aWxsIG5lY2Vzc2FyaWx5 IGNvbnN0cmFpbiBjb25mb3JtYW50DQo+IMKgIMKgYXBwbGljYXRpb24tbGF5ZXIgcHJvdG9jb2wg ZGVzaWduLCBqdXN0IGFzIHRoZSBXZWIgc2VjdXJpdHkgbW9kZWwNCj4gwqAgwqBhZGRzIGNvbnN0 cmFpbnRzIHRvIHZhbmlsbGEgVENQLg0KPg0KPiBUaGlzIGFsc28gc2VlbXMgbGlrZSB0aGUgd3Jv bmcgbGF5ZXIgb2YgYWJzdHJhY3Rpb24sIGFzIGl0IHRhbGtzDQo+IGFib3V0IGNvbXNlYyBwcm9w ZXJ0aWVzLCBidXQgdGhvc2UgYXJlbid0IHRoZSBvbmVzIHRoYXQgdGhlIFdlYg0KPiBkZXBlbmRz IG9uLiBpIHdvdWxkIHN0YXJ0IGZyb20gdGhlIHRvcCBhbmQgYXNrIHdoYXQgaXQgaXMgdGhlDQo+ IFdlYiB3YW50cywgbm90IHdoYXQgaXQgaXMgVExTIHByb3ZpZGVzLg0KDQpJIHRoaW5rIEkndmUg Z290dGVuIGFuIGFuc3dlciB0byB0aGlzIHF1ZXN0aW9uLCBmb3IgZXhhbXBsZSBoZXJlOg0KaHR0 cHM6Ly9ncm91cHMuZ29vZ2xlLmNvbS9hL2Nocm9taXVtLm9yZy9nL25ldC1kZXYvYy9UamJNeVBL dVJIcy9tL0dZRnFweXMzR3dBSg0KDQoiVGhlIHdlYiBzZWN1cml0eSBjb21tdW5pdHkgaGFzIHdv cmtlZCBmb3IgbW9yZSB0aGFuIGEgZGVjYWRlIHRvIGdldA0KdXMgdG8gdGhpcyBnb29kIHBsYWNl IHdpdGggdHJhbnNwb3J0IHNlY3VyaXR5LiBJIGRvbid0IHRoaW5rIHdlIHNob3VsZA0KZXhwZXJp bWVudCB3aXRoIGEgbmV3IGZvcm0gb2YgbWl4ZWQgY29udGVudC4gVGhlIHNlY3VyaXR5IHByb3Bl cnRpZXMNCm9mIFRMUyBhcmUgdGhlIG1pbmltdW0gYmFzZWxpbmUgZ29pbmcgZm9yd2FyZC4iDQoN CihJJ3ZlIGhlYXJkIHRoaXMgcGhyYXNlZCB2ZXJ5IHNpbWlsYXJseSBpbiBzZXZlcmFsIG90aGVy IGluLXBlcnNvbg0KY29udmVyc2F0aW9ucy4pDQoNCkhlbmNlLCB3ZSB0cnkgaGVyZSB0byBzcGVh ayB0byB0aGUgc2VjdXJpdHkgcHJvcGVydGllcyBvZiBUTFMsIHNpbmNlDQp0aGV5J3ZlIGJlZW4g ZGVtb25zdHJhdGVkIGFzIHNhdGlzZmFjdG9yeSB0byB0aGUgYmVzdCBvZiBvdXIgY3VycmVudA0K a25vd2xlZGdlIGZvciB3ZWIgdHJhZmZpYy4NCg0KSSBkb24ndCBrbm93IGEgYmV0dGVyIGFuc3dl ciB0byB0aGUgcXVlc3Rpb24gb2Ygd2hhdCBzZWN1cml0eQ0KcHJvcGVydGllcyB0aGUgd2ViIHdh bnRzLiAgSWYgeW91IGNhbiBwb2ludCBtZSB0byBvbmUgSSdkIGJlDQpncmF0ZWZ1bCwgYnV0IEkg dGhvdWdodCB0aGlzIHdhcyBlbm91Z2ggdG8gd29yayB3aXRoLg0KDQo+IFMgMy40LjEuDQo+IMKg IMKgSW4gY29udHJhc3QgdG8gKHNheSkgdW5pY2FzdCBUTFMsIG9uLXBhdGggbW9uaXRvcmluZyBj YW4gdHJpdmlhbGx5DQo+IMKgIMKgcHJvdmUgdGhhdCBpZGVudGljYWwgY29udGVudCB3YXMgZGVs aXZlcmVkIHRvIG11bHRpcGxlIHJlY2VpdmVycywNCj4gwqAgwqBpcnJlc3BlY3RpdmUgb2YgcGF5 bG9hZCBlbmNyeXB0aW9uLsKgIEZ1cnRoZXJtb3JlLCBzaW5jZSB0aG9zZQ0KPiDCoCDCoHJlY2Vp dmVycyBhbGwgcmVxdWlyZSB0aGUgc2FtZSBrZXlpbmcgbWF0ZXJpYWwgdG8gZGVjcnlwdCB0aGUN Cj4gwqAgwqByZWNlaXZlZCBwYXlsb2FkLCBhIGNvbXByb21pc2Ugb2YgYW55IHNpbmdsZSByZWNl aXZlcidzIGRldmljZQ0KPiDCoCDCoGV4cG9zZXMgZGVjcnlwdGlvbiBrZXlzLCBhbmQgdGhlcmVm b3JlIHRoZSBwbGFpbnRleHQgY29udGVudCwgdG8gdGhlDQo+IMKgIMKgYXR0YWNrZXIuDQo+DQo+ IFRoaXMgaXNuJ3QganVzdCBhYm91dCBjb21wcm9taXNlIGJ5IGFuIGF0dGFja2VyIGJ1dCBhbHNv IGF0dGFja3MNCj4gYnkgb3RoZXIgbGVnaXRpbWF0ZSByZWNlaXZlcnMuIFRoZSBXZWIgZG9lc24n dCBjdXJyZW50bHkgYWxsb3cgdGhhdA0KPiBidXQgeW91IHdvdWxkIGludHJvZHVjZSB0aGF0Lg0K DQpUaGlzIGlzIHRoZSBrZXkgcmVhc29uIHdlIHByb3Bvc2UgdG8gZGVjb3VwbGUgdGhlIGF1dGhl bnRpY2F0aW9uDQpmdW5jdGlvbmFsaXR5IGZyb20gdGhlIGVuY3J5cHRpb24gZnVuY3Rpb25hbGl0 eSwgc28gdGhhdCB3ZSBhdm9pZA0KaW50cm9kdWNpbmcgaW50ZWdyaXR5LWJhc2VkIGF0dGFja3Mg YnkgYW55b25lIHdobydzIG5vdCBhIGxlZ2l0aW1hdGUNCnNlbmRlciAoaW5jbHVkaW5nIGxlZ2l0 aW1hdGUgcmVjZWl2ZXJzKS4NCg0KRm9yIGRlY3J5cHRpb24tYmFzZWQgYXR0YWNrcyAoZS5nLiBw ZXJ2YXNpdmUgbW9uaXRvcmluZyB2aWEgZGlzY292ZXJ5DQpvZiB0aGUgY29udGVudHMgYmVpbmcg dHJhbnNwb3J0ZWQpLCBJIHRoaW5rIHRoaXMgaXMgb25lIG9mIHRoZSBrZXkNCmFyZWFzIHdoZXJl IHdlJ2QgbGlrZSB0byBnZXQgbW9yZSBleWViYWxscyBvbiB0aGUgcHJvYmxlbSwgYW5kDQphcnRp Y3VsYXRlIHRoZSB0aHJlYXQgbW9kZWxzIGFuZCB0aGUgc2NvcGUgb2YgdGhlIGlzc3VlcyBiZXR0 ZXIgdGhhbg0KdGhleSd2ZSB5ZXQgYmVlbiBhcnRpY3VsYXRlZC4NCg0KT3ZlciBhbmQgb3Zlciwg SSBzZWUgdGhlIGhhcmQgcmVxdWlyZW1lbnQgZm9yIGVuY3J5cHRpb24ganVzdGlmaWVkIGJ5DQph IHRocmVhdCBtb2RlbCB0aGF0IGluY2x1ZGVzIGV4cG9zaW5nIHBlcnNvbmFsIGluZm9ybWF0aW9u IHN1Y2ggYXMNCmJhbmsgYWNjb3VudCBpbmZvLiAgV2hpbGUgSSBhZ3JlZSB0aGlzIGlzIGFuIGlt cG9ydGFudCB0aHJlYXQgbW9kZWwNCnRoYXQganVzdGlmaWVzIHN0cm9uZyBlbmNyeXB0aW9uIGlu IG1hbnkgc2l0dWF0aW9ucywgaXQncyBub3QgY2xlYXINCnRoYXQgaXQgYXBwbGllcyBxdWl0ZSB0 aGUgc2FtZSB3YXkgdG8gYSB2aWRlbyBmcmFtZSBmcm9tIHRoZSBTdXBlcmJvd2wsDQp3aGVyZSB3 ZSdkIGJlIHBhcnRpY3VsYXJseSBpbnRlcmVzdGVkIGluIGxldmVyYWdpbmcgdGhlIHNjYWxpbmcg b2YNCm11bHRpY2FzdC4NCg0KVGVhc2luZyBhcGFydCBhbmQgcGlubmluZyBkb3duIHRoYXQgZGlm ZmVyZW5jZSB0byB0aGUgc2F0aXNmYWN0aW9uIG9mDQp0aGUgSUVURidzIGJlc3Qgc2VjdXJpdHkg ZXhwZXJ0aXNlIGlzIG9uZSBvZiB0aGUgbW9zdCBpbXBvcnRhbnQgdGhpbmdzDQpJJ2QgbGlrZSB0 byBhY2NvbXBsaXNoIGJ5IGdldHRpbmcgdGhlIHJpZ2h0IGV5ZWJhbGxzIG9uIHRoaXMgZG9jLiAg SQ0KdGhpbmsgd2UgaGF2ZSBhIHN0YXJ0IGF0IHRoaXMgaW4gdGhlIFByaXZhY3kgc2VjdGlvbiwg YnV0IHRvIG1lIHRoaXMNCnNlZW1zIGxpa2Ugb25lIG9mIHRoZSBtb3N0IGNvbXBsZXggcXVlc3Rp b25zIGluIHRoaXMgc3BhY2UsIGFuZCBpdA0Kc2VlbXMgbGlrZWx5IHRvIG1lIHRoYXQgc29tZSBw ZW9wbGUgaW4gdGhlIElFVEYgc2VjdXJpdHkgYXJlYSB3aWxsDQpoYXZlIHZhbHVhYmxlIGluc2ln aHRzIHRoYXQgSSBob3BlIGNhbiBiZSBhcnRpY3VsYXRlZCBhbmQgY2FwdHVyZWQuDQoNCi0tDQoN Ck11bHRpY2FzdCBpcyBvZiBjb3Vyc2UgaW4gdXNlIHdpZGVseSB0b2RheSBhbHJlYWR5LCB3aXRo IElTUHMgZGlyZWN0bHkNCnByb3ZpZGluZyBjb250ZW50IHRvIHRoZWlyIGN1c3RvbWVycywgYW5k IHRoZXJlYnkgZ2FpbmluZyBpbnRpbWF0ZQ0Ka25vd2xlZGdlIG9mIGV4YWN0bHkgd2hhdCBjb250 ZW50ICh0aGF0IHRoZXkgcHJvdmlkZSkgaXMgZGVsaXZlcmVkIHRvDQp3aGljaCBob3VzZWhvbGRz LCBvZnRlbiB3aXRoIGEgY2FwdGl2ZSBhdWRpZW5jZSB3aG8gZG9lc24ndCBoYXZlIGFueQ0KYWx0 ZXJuYXRpdmVzLiANCg0KT25lIGtleSBxdWVzdGlvbiB0aGF0IEkgd2lzaCB3ZSBoYWQgYXJ0aWN1 bGF0ZWQgYmV0dGVyIGluIHRoZSBmaXJzdA0KdmVyc2lvbiBvZiB0aGlzIGRvYyBpcyB3aGV0aGVy IHVzaW5nIG11bHRpY2FzdCB0byBtb3ZlIHNvbWUgb2YgdGhhdA0KY29udGVudCB0byBhbiBlcXVh bGx5LXNjYWxhYmxlIGJ1dCBleHRlcm5hbGx5IHNvdXJjZWQgcHJvdmlkZXIgKHdpdGgNCnBlcmhh cHMgYSB3aWRlciBjaG9pY2Ugb2YgcHJvdmlkZXJzIGZvciB0aGUgdmlld2VyKSB3aG8gaXMgTk9U IHRoZQ0KSVNQIHdvdWxkIGltcHJvdmUgbWF0dGVycywga2VlcCB0aGVtIHRoZSBzYW1lLCBvciBt YWtlIHRoZW0gd29yc2UNCihhbmQgd2hpY2ggc3BlY2lmaWMgbWF0dGVycywgd2l0aCB3aGF0IGtp bmRzIG9mIHRyYWRlb2ZmcyBpZiB0aGUNCmFuc3dlciBpcyBtaXhlZCkuICBJJ20gaG9wZWZ1bCB0 aGF0IHNvbWUgY29udGludWVkIGZvY3VzIG9uIHRoZQ0KcXVlc3Rpb25zIGluIHRoaXMgZG9jIHdp bGwgYnJpbmcgc29tZSBpbnNpZ2h0cyB0byBsaWdodC4NCg0KQnV0IEkgZ3Vlc3MgdGhlIGhpZ2hl ci1sZXZlbCBpc3N1ZSBpcyB0aGF0IGlmIHRoZSByaWdodCBhbnN3ZXIgcmVhbGx5DQppcyB0aGF0 IG11bHRpY2FzdCBmdW5kYW1lbnRhbGx5IGNhbm5vdCBiZSBtYWRlIGNvbXBhdGlibGUgd2l0aCB3 ZWINCnRyYWZmaWMgYmVjYXVzZSBvZiBpdHMgc2VjdXJpdHkgY29uc3RyYWludHMsIHRoZW4gSSB3 YW50IHRvIGtub3cgdGhhdA0KYXMgcXVpY2tseSBhcyBwb3NzaWJsZSAoYW5kIGlmIHNvIHdoZXRo ZXIgYSBkaWZmZXJlbnQgYXBwcm9hY2ggY291bGQNCnJlYWNoIHRoZSBzYW1lIGtpbmQgb2Ygc2Nh bGFiaWxpdHkgd2l0aG91dCB0aGUgc2FtZSBpbXBlZGltZW50cykuDQoNCkJ1dCBhcyBpdCBzdGFu ZHMsIEkgZG9uJ3QgYmVsaWV2ZSBpdCdzIHRydWUsIEkganVzdCB0aGluayBpdCBoYXNuJ3QNCmJl ZW4gcHJvcGVybHkgaGFtbWVyZWQgb3V0IHlldC4NCg0KV2hpY2ggYnJpbmdzIGl0IGJhY2sgdG8g d2h5IEkndmUgcmVxdWVzdGVkIHRoZSBhdHRlbnRpb24gb2YgdGhlDQpzZWN1cml0eSBhcmVhIHRv IHRoaXMgdG9waWMgYW5kIHRoaXMgZHJhZnQuDQoNCj4gLUVrcg0KDQpUaGFua3MgYWdhaW4sIEkg dmVyeSBtdWNoIGFwcHJlY2lhdGUgdGhlIHJldmlldyBhbmQgd2UnbGwgYWRkIHlvdQ0KdG8gdGhl IGFja25vd2xlZGdlbWVudHMgaW4gdGhlIG5leHQgdmVyc2lvbi4NCg0KSSBob3BlIEkndmUgYWRk cmVzc2VkIHRoZSBwb2ludHMgcmFpc2VkIGhlcmUgYW5kIG1hZGUgdGhlIGNhc2UgdGhhdA0KdGhp cyBkb2MgaXMgYXBwcm9wcmlhdGUgZm9yIHNlY2Rpc3BhdGNoLCBidXQgaWYgYW55b25lIGhhcyBm dXJ0aGVyDQpvYmplY3Rpb25zIG9yIHRoaW5rcyBJIG1pc3NlZCBhbiBpbXBvcnRhbnQgcG9pbnQg aGVyZSwgcGxlYXNlIGxldA0KbWUga25vdyBhbmQgSSdsbCB0cnkgdG8gZG8gYmV0dGVyLg0KDQpC ZXN0IHJlZ2FyZHMsDQpKYWtlDQoNCg0K From nobody Thu Oct 28 11:26:11 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66CE43A0BDC for ; Thu, 28 Oct 2021 11:26:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCc00fjB_Bv9 for ; Thu, 28 Oct 2021 11:26:04 -0700 (PDT) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280243A0BD4 for ; Thu, 28 Oct 2021 11:26:04 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id z144so8224025iof.0 for ; Thu, 28 Oct 2021 11:26:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1oVtQreJHw+HHBIOBMhBTV5Paj3EoV5CSyvr4kVGYuE=; b=B9vJNjk3KH+GE4z6IdqayDsr7LNCC8tAfIu5ULZYF504I240Gqz3JR46U87uvGBSzZ wzlofm8qqlcN0Bye4Tt0P6/VlreygtP6MzXjDHPLNNZBXBnQ9uPMA7MQNCBxKsU0WcR4 HVmJXgLdKY/avfY8JxzncU+x4wDAZA6Ik3QcfjbvUMFsx0i+r7Hw+vHwzEmMIRBSRaG+ DHAaoKzR6sip0GOWA3SkvKv5kvHQ4UPV0mmEhcXzz58wDkDDg8LOa9ohUjFBudmndn9N jnV1sI9Hqx/EM16k5hXCrimY0DEIt9BxA4KbSy5Gj2CuXQ8/3JsXkgDJNScVVp/A4WY2 v6jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1oVtQreJHw+HHBIOBMhBTV5Paj3EoV5CSyvr4kVGYuE=; b=eI2tdBFbrDSQLv0ZY6WOMTYhLeQFPBnWrpJZa8Ifp/WqEocm1vzR8gNepQSffobvw0 PEAObV49q2PhM+JjlSrRcvW48R1SfyLgwcHmmfHA9s1QNfURSd613fEnl+j0EWf878Q/ rDji495ctN/2jLiwpplMAtRJWJDs259uUGAyjnBGB1USJt4D6ObncwHRh1u5J/Nbb1jT BttTse1WM313e9MOTM3Lci8eGTVhJTWf1ysegCHujxRbGG5GbmniyWILd+J21aVHMSZC H7EOBjSXdAINoAe7v1AfrVFPJVMC33Gh9efa61E6rVdIubNWaBKsq3/BNpA4svIWDmnM pA1w== X-Gm-Message-State: AOAM530xufhSPjJo5zMDSUQtKNrs0Yd9G38cuBiUQl/wzNKK+Kv6KIv1 RxNoIHy4XCHtj0o+/tJS5bHP0+BVjFHTzN/xVoppuo/yXzo= X-Google-Smtp-Source: ABdhPJy1HYxuM7x8DumQT0cF6+KoES0Y0tkIEem4ONT4/UAnvrUVCpKm9ESzA0jQ8EIP+mLi07nqDFGsUkH4ed6rG58= X-Received: by 2002:a05:6638:4195:: with SMTP id az21mr4533241jab.11.1635445560884; Thu, 28 Oct 2021 11:26:00 -0700 (PDT) MIME-Version: 1.0 References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> In-Reply-To: From: Eric Rescorla Date: Thu, 28 Oct 2021 11:25:24 -0700 Message-ID: To: "Holland, Jake" Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000b4d2a605cf6dd745" Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2021 18:26:10 -0000 --000000000000b4d2a605cf6dd745 Content-Type: text/plain; charset="UTF-8" On Tue, Oct 26, 2021 at 10:19 PM Holland, Jake wrote: > Hi Eric, > > Thanks for the review and comments! > > I have a few responses: > > From: Eric Rescorla > Date: Tue,2021-10-26 at 7:01 PM > > > The right place to start is what the application use cases are and > > whether there is demand. Once that is done, we can discuss the > > security properties and whether they are feasible. You make the > > comparison to 8826, but that was written *after* there was agreement > > that we wanted to do something like WebRTC. IOW, this belongs in > > DISPATCH. > > I guess this had not occurred to me. > > I see why this would be a necessary step for WebRTC, but for multicast > the problem is not application use cases (we don't propose to add any), > but rather scalability use cases, and here I believe the numbers > speak for themselves. > I think I'm asking a different question: specifically "What web sites and/or browsers are interested in deploying this technology and for what uses"? > > Viewed in this context, this text is misleading: > > > > Asymmetric verification of content delivered through multicast is > > conceptually identical to the unicast case, owing to the asymmetry of > > access to the signing key; but the symmetric case does not directly > > apply given that multiple receivers need access to the same key used > > for both signing and verification, which in a naive implementation > > opens up the possibility of forgery by a receiver on-path or with the > > ability to spoof the source. > > If I understand correctly, if we can provide the appropriate text > about binding to the request, then this would no longer be misleading? > I don't know. I'd need to see the text. > Although there remain some potential differences, I think there are > some analogous cases in webtransport and h2 server push, for example, > where it's possible for a receiver to get some things that it's not > interested in processing, but nevertheless are associated with a > resource that was actually requested. Maybe there's some good text > on those subjects we could adapt here to refine this point, if it's > necessary? > These are still tied to the connection. > S 3.3. > > > > A baseline for multicast transport integrity that makes sense within > > the Web security model requires that we first define the minimally > > acceptable integrity requirements for data that may be presented to a > > user or otherwise input to the browser's trusted computing base. We > > propose that the proper minimal standard given the variety of > > potential use cases, including many that have no need for reliable or > > in-order delivery, is to require protection against replay, > > injection, and modification and the ability to detect deletion, loss, > > or reordering. This standard will necessarily constrain conformant > > application-layer protocol design, just as the Web security model > > adds constraints to vanilla TCP. > > > > This also seems like the wrong layer of abstraction, as it talks > > about comsec properties, but those aren't the ones that the Web > > depends on. i would start from the top and ask what it is the > > Web wants, not what it is TLS provides. > > I think I've gotten an answer to this question, for example here: > > https://groups.google.com/a/chromium.org/g/net-dev/c/TjbMyPKuRHs/m/GYFqpys3GwAJ > > "The web security community has worked for more than a decade to get > us to this good place with transport security. I don't think we should > experiment with a new form of mixed content. The security properties > of TLS are the minimum baseline going forward." > > (I've heard this phrased very similarly in several other in-person > conversations.) > > Hence, we try here to speak to the security properties of TLS, since > they've been demonstrated as satisfactory to the best of our current > knowledge for web traffic. > Well, ISTM that you are clearly not delivering the same properties as TLS, so if that's the benchmark, I don't see how this can make progress. Over and over, I see the hard requirement for encryption justified by > a threat model that includes exposing personal information such as > bank account info. While I agree this is an important threat model > that justifies strong encryption in many situations, it's not clear > that it applies quite the same way to a video frame from the Superbowl, > where we'd be particularly interested in leveraging the scaling of > multicast. > This seems like a regression to me. Which content people are consuming should *also* be confidential, even if multiple people can see that content. That's a property they largely have with respect to the network now, and we should be looking to extend it, not to regress it. -Ekr --000000000000b4d2a605cf6dd745 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Oct 26, 2021 at 10:19 PM Holl= and, Jake <jholland@akamai.com> wrote:
Hi = Eric,

Thanks for the review and comments!

I have a few responses:

From: Eric Rescorla <e= kr@rtfm.com>
Date: Tue,2021-10-26 at 7:01 PM

> The right place to start is what the application use cases are and
> whether there is demand. Once that is done, we can discuss the
> security properties and whether they are feasible. You make the
> comparison to 8826, but that was written *after* there was agreement > that we wanted to do something like WebRTC. IOW, this belongs in
> DISPATCH.

I guess this had not occurred to me.

I see why this would be a necessary step for WebRTC, but for multicast
the problem is not application use cases (we don't propose to add any),=
but rather scalability use cases, and here I believe the numbers
speak for themselves.

I think I'm a= sking a different question: specifically "What web sites and/or
<= div>browsers are interested in deploying this technology and for what uses&= quot;?

=C2=A0
> Viewed in this context, this text is misleading:
>
> =C2=A0 =C2=A0Asymmetric verification of content delivered through mult= icast is
> =C2=A0 =C2=A0conceptually identical to the unicast case, owing to the = asymmetry of
> =C2=A0 =C2=A0access to the signing key; but the symmetric case does no= t directly
> =C2=A0 =C2=A0apply given that multiple receivers need access to the sa= me key used
> =C2=A0 =C2=A0for both signing and verification, which in a naive imple= mentation
> =C2=A0 =C2=A0opens up the possibility of forgery by a receiver on-path= or with the
> =C2=A0 =C2=A0ability to spoof the source.

If I understand correctly, if we can provide the appropriate text
about binding to the request, then this would no longer be misleading?
<= /blockquote>

I don't know. I'd need to see the t= ext.

=C2=A0
Although there remain some potential differences, I think there are
some analogous cases in webtransport and h2 server push, for example,
where it's possible for a receiver to get some things that it's not=
interested in processing, but nevertheless are associated with a
resource that was actually requested.=C2=A0 Maybe there's some good tex= t
on those subjects we could adapt here to refine this point, if it's
necessary?

These are still tied to the = connection.

> S 3.3.
>
> =C2=A0 =C2=A0A baseline for multicast transport integrity that makes s= ense within
> =C2=A0 =C2=A0the Web security model requires that we first define the = minimally
> =C2=A0 =C2=A0acceptable integrity requirements for data that may be pr= esented to a
> =C2=A0 =C2=A0user or otherwise input to the browser's trusted comp= uting base.=C2=A0 We
> =C2=A0 =C2=A0propose that the proper minimal standard given the variet= y of
> =C2=A0 =C2=A0potential use cases, including many that have no need for= reliable or
> =C2=A0 =C2=A0in-order delivery, is to require protection against repla= y,
> =C2=A0 =C2=A0injection, and modification and the ability to detect del= etion, loss,
> =C2=A0 =C2=A0or reordering.=C2=A0 This standard will necessarily const= rain conformant
> =C2=A0 =C2=A0application-layer protocol design, just as the Web securi= ty model
> =C2=A0 =C2=A0adds constraints to vanilla TCP.
>
> This also seems like the wrong layer of abstraction, as it talks
> about comsec properties, but those aren't the ones that the Web > depends on. i would start from the top and ask what it is the
> Web wants, not what it is TLS provides.

I think I've gotten an answer to this question, for example here:
https://groups.google= .com/a/chromium.org/g/net-dev/c/TjbMyPKuRHs/m/GYFqpys3GwAJ

"The web security community has worked for more than a decade to get us to this good place with transport security. I don't think we should<= br> experiment with a new form of mixed content. The security properties
of TLS are the minimum baseline going forward."

(I've heard this phrased very similarly in several other in-person
conversations.)

Hence, we try here to speak to the security properties of TLS, since
they've been demonstrated as satisfactory to the best of our current knowledge for web traffic.

Well, ISTM t= hat you are clearly not delivering the same properties
as TLS, so= if that's the benchmark, I don't see how this can make
p= rogress.


Over and over, I see the hard requirement for encryption justified by
a threat model that includes exposing personal information such as
bank account info.=C2=A0 While I agree this is an important threat model that justifies strong encryption in many situations, it's not clear
that it applies quite the same way to a video frame from the Superbowl,
where we'd be particularly interested in leveraging the scaling of
multicast.

This seems like a regression= to me. Which content people are consuming
should *also* be confi= dential, even if multiple people can see that content.
That's= a property they largely have with respect to the network now, and we
=
should be looking to extend it, not to regress it.

<= /div>
-Ekr


--000000000000b4d2a605cf6dd745-- From nobody Fri Oct 29 13:04:05 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F323A168A for ; Fri, 29 Oct 2021 13:04:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.1 X-Spam-Level: X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EUNUUlk4yuhD for ; Fri, 29 Oct 2021 13:03:59 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D14E93A1685 for ; Fri, 29 Oct 2021 13:03:58 -0700 (PDT) Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19TJ51L6028679; Fri, 29 Oct 2021 21:03:57 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=3LWg1g2o0YhXx0q/Vfqwfhd1dfZA3uv6mD41BAAGqvc=; b=X1ttXgrvgYR8LSqpauYWfdv4GDOWyhvlWKg0MQIzu0FZgvN1gP03O2L61dYYIVnD2+k+ TCzKk01ZQa/d9+1ufi5kA4UEno41Nnkxsg+/7SvebF3VYJ9ibODEg79L6vceTz05+9yF BWg3+qb2Jk/m3E/Hk3HWDRdqK+WfxaTPKbWQ0/lpWBFewrYNVUAlfTLfyJPxODFWfjsz 40rdjMDbKlitjs+yrPjyT28u1UQGGNrYGMo4k+O9Qf8cbd+ISxCtK0iEdidt1KwvNCy6 D3P0zLrgtWO76/5WspB+neAIYt1zDZR6ZKEVgQI+MI5Qiqfc5vqH6cSZCO0kwwM3deDc NQ== Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 3c0pt615ga-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 Oct 2021 21:03:56 +0100 Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 19TJnl1L025248; Fri, 29 Oct 2021 16:03:55 -0400 Received: from email.msg.corp.akamai.com ([172.27.165.118]) by prod-mail-ppoint8.akamai.com with ESMTP id 3c0fmxtqxv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 29 Oct 2021 16:03:55 -0400 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.165.122) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Fri, 29 Oct 2021 15:03:54 -0500 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.165.122]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.165.122]) with mapi id 15.00.1497.024; Fri, 29 Oct 2021 15:03:54 -0500 From: "Holland, Jake" To: Eric Rescorla CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Requesting agenda time for draft-krose-multicast-security Thread-Index: AQHXysfvqNU+fYdr3U6RFCkpKpFXZavmawcA///CJYCAAuNuAIABOHuA Date: Fri, 29 Oct 2021 20:03:53 +0000 Message-ID: <9BA8CB7F-E2EB-4888-8DE9-0D784E7EBB7C@akamai.com> References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.53.21091200 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.164.43] Content-Type: text/plain; charset="utf-8" Content-ID: <1B555E0F7829C14284156D4352DF5830@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-29_04:2021-10-29, 2021-10-29 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 spamscore=0 bulkscore=0 mlxscore=0 suspectscore=0 phishscore=0 malwarescore=0 mlxlogscore=691 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110290109 X-Proofpoint-GUID: f877syqNkjB_bS5zUOUDbPUzm1eIdZfI X-Proofpoint-ORIG-GUID: f877syqNkjB_bS5zUOUDbPUzm1eIdZfI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-29_04,2021-10-29_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 suspectscore=0 adultscore=0 mlxlogscore=627 mlxscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 spamscore=0 phishscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110290111 Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2021 20:04:04 -0000 RnJvbTogRXJpYyBSZXNjb3JsYSA8ZWtyQHJ0Zm0uY29tPg0KRGF0ZTogVGh1LDIwMjEtMTAtMjgg YXQgMTE6MjYgQU0NCg0KPiBJIHRoaW5rIEknbSBhc2tpbmcgYSBkaWZmZXJlbnQgcXVlc3Rpb246 IHNwZWNpZmljYWxseSAiV2hhdCB3ZWIgc2l0ZXMgYW5kL29yDQo+IGJyb3dzZXJzIGFyZSBpbnRl cmVzdGVkIGluIGRlcGxveWluZyB0aGlzIHRlY2hub2xvZ3kgYW5kIGZvciB3aGF0IHVzZXMiPw0K DQpXZSdyZSBpbnRlcmVzdGVkIGluIHVzaW5nIHRoaXMgd2l0aCBhIHdpZGUgc2V0IG9mIG91ciBj dXN0b21lcidzDQp3ZWJzaXRlcywgbWFpbmx5IGZvciB2aWRlbyB0aGF0IGlzIHBvcHVsYXIgYW5k L29yIGxpdmUuICBBbHNvIGZvcg0KcG9wdWxhciBmaWxlIGRvd25sb2FkcyBhbmQgc29mdHdhcmUg dXBkYXRlcy4NCg0KSSBjYW4ndCByZWFsbHkgZGlzY2xvc2UgYWxsIG91ciBwYXJ0bmVyIGRpc2N1 c3Npb25zIGluIHRoaXMgcHVibGljDQpmb3J1bSwgYnV0IGluIGdlbmVyYWwgcGVvcGxlIGFyZSBl YWdlciB0byBnZXQgdGhlIGRpc2NvdW50IHRoaXMgd291bGQNCmNvbWUgd2l0aCBpZiBpdCB3b3Jr cyBhbmQgZG9lc24ndCBodXJ0IHBlcmZvcm1hbmNlIChhbmQgbW9yZSBzbyBpZiBpdA0KaGVscHMg cGVyZm9ybWFuY2UpLCBlc3BlY2lhbGx5IGlmIGl0IGRvZXNuJ3QgbmVlZCBiaWcgY2hhbmdlcyBp biB0aGVpcg0KcGxheWVyIGltcGxlbWVudGF0aW9ucy4NCg0KSSBzZW50IG91dCBhIGZldyBpbnZp dGF0aW9ucyB0byBjb21tZW50IG9uIHRoaXMgdGhyZWFkLCBtYXliZSBzb21lIG9mDQp0aGVtIG9y IHNvbWUgb3RoZXIgaW50ZXJlc3RlZCBwZW9wbGUgd2lsbCBiZSB3aWxsaW5nIHRvIGNoaW1lIGlu Lg0KDQpJJ20gbm90IHN1cmUgd2hhdCB0aGUgZmlsdGVyaW5nIHJ1bGVzIGZvciB0aGlzIGxpc3Qg YXJlLCBiZWNhdXNlIG9uZQ0KKERBWk4pIGRpZCByZXNwb25kIHNvIGZhciB0aGF0IEkgZ290IG9u IHByaXZhdGUgbWFpbCwgYnV0IEkgZGlkbid0IHNlZQ0KdGhlIG1lc3NhZ2UgY29tZSB0aHJvdWdo IG9uIHRoZSBsaXN0LiAgQWxzbyBCQkMgaGFzIHB1YmxpY2x5IGV4cHJlc3NlZA0Kc3VwcG9ydCBm b3Igd29yayBpbiB0aGlzIGRpcmVjdGlvbiBiZWZvcmUuDQoNCkkgdGhpbmsgbm8gYnJvd3NlciB3 aWxsIHRha2UgdGhpcyB1bnRpbCB0aGUgc2VjdXJpdHkgbW9kZWwgaXMgYmV0dGVyDQphcnRpY3Vs YXRlZCwgYW5kIHNvIG9mIGNvdXJzZSBub25lIGhhdmUgY29tbWl0dGVkLCBzaW5jZSBjb25zZW5z dXMgb24gYQ0KZG9jIGxpa2UgdGhpcyBpcyBhIGJsb2NrZXIuDQoNCkJ1dCB0aGUgY2hyb21pdW0g ZGlzY3Vzc2lvbiB3YXNuJ3QgImdvIGF3YXksIHRoaXMgd2lsbCBuZXZlciB3b3JrIiwgYnV0DQpy YXRoZXIgInRoaXMgbmVlZHMgZW5jcnlwdGlvbiBhdCBsZWFzdC0tZXZlbiBpZiBtdWx0aXBsZSBw ZW9wbGUgY2FuDQpkZWNvZGUgaXQsIHRob3NlIHdpdGhvdXQgYSBrZXkgY2Fubm90LCBzbyBpdCBw cm92aWRlcyBzb21lIGltcHJvdmVtZW50DQpvdmVyIG5vbi1lbmNyeXB0ZWQiLiAgVGhhdCB3YXMg YW4gZXhjZWxsZW50IHBvaW50IHRoYXQgY29tZXMgd2l0aCBzb21lDQpjb21wbGV4aXR5LCBzb21l IG9mIHdoaWNoIHdlJ3JlIHRyeWluZyB0byBnZXQgd3JpdHRlbiBkb3duIGhlcmUuICBUaGF0J3MN Cm5vdCB0aGUgc2FtZSBhcyAieWVzIHdlJ2xsIHNoaXAgaXQiLCBidXQgaXQncyBhcyBwb3NpdGl2 ZSBhcyBjb3VsZCBiZQ0KaG9wZWQgZm9yIGF0IHRoaXMgc3RhZ2UuDQoNClRoZSBXM0MgZGlzY3Vz c2lvbiBpcyBhbHNvIGdldHRpbmcgdW5kZXIgd2F5LCB0aGlzIGFsaWducyB3ZWxsIHdpdGggc29t ZQ0Kc3VzdGFpbmFiaWxpdHkgaW5pdGlhdGl2ZXMgdGhhdCBhcmUgcmFtcGluZyB1cC4gIFRoZSBX ZWIgTmV0d29ya3MgSUcgYXQNCnRoZWlyIFRQQUMgbWVldGluZyBzYWlkIHRoZXknbGwgYmUgYWRk aW5nIGl0IGFzIGEgdXNlIGNhc2UgYW5kDQpzdXBwb3J0aW5nIGFuZCBlbmNvdXJhZ2luZyB0aGUg d29yay4gIEkndmUgcHV0IGluIGEgcmVxdWVzdCB0byBhZGQgaXQgdG8NCnRoZSB3ZWJ0cmFuc3Bv cnQgdXNlIGNhc2VzIHRoYXQncyBzdGlsbCB0byBiZSBkaXNjdXNzZWQuDQoNClRoZXJlJ3MgZ29v ZCByZWFzb24gdG8gYmVsaWV2ZSB0aGF0IGF0IGxlYXN0IG9uZSBnb29kIHVzZSBjYXNlIGNhbiBi ZQ0KaGFzaGVkIG91dCwgc28gdW5sZXNzIGl0IHR1cm5zIG91dCB0byBiZSBpbXBvc3NpYmxlIHRv IGRvIHRoaXMgc2FmZWx5IG9uDQpjbG9zZSBleGFtaW5hdGlvbiwgd2UgY2FuIGV4cGVjdCBldmVu dHVhbGx5IGFsbCB0aGUgbWFqb3IgYnJvd3NlcnMNCm91dHNpZGUgb2YgdGhpbmdzIGxpa2UgVG9y IHdpbGwgYmUgaW50ZXJlc3RlZC4NCg0KQnV0IG9mIGNvdXJzZSwgdXNlciBzYWZldHkgY29tZXMg Zmlyc3QsIGhlbmNlIHRoZSB1cmdlbnQgbmVlZCB0byBwaW4NCmRvd24gdGhlIHJpZ2h0IHNlY3Vy aXR5IG1vZGVsLiAgSXQncyBhbGwgZWFybHkgc3RhZ2VzLCBidXQgYWxzbyBlbnRpcmVseQ0KZGVw ZW5kZW50IG9uIGdldHRpbmcgY29uc2Vuc3VzIG9uIHRoZSByaWdodCBjb25zdHJhaW50cyB1bmRl ciB3aGljaCB0bw0Kb3BlcmF0ZSBhIHNlcnZpY2UgbGlrZSB0aGlzLg0KDQo+PiBIZW5jZSwgd2Ug dHJ5IGhlcmUgdG8gc3BlYWsgdG8gdGhlIHNlY3VyaXR5IHByb3BlcnRpZXMgb2YgVExTLCBzaW5j ZQ0KPj4gdGhleSd2ZSBiZWVuIGRlbW9uc3RyYXRlZCBhcyBzYXRpc2ZhY3RvcnkgdG8gdGhlIGJl c3Qgb2Ygb3VyIGN1cnJlbnQNCj4+IGtub3dsZWRnZSBmb3Igd2ViIHRyYWZmaWMuDQo+DQo+IFdl bGwsIElTVE0gdGhhdCB5b3UgYXJlIGNsZWFybHkgbm90IGRlbGl2ZXJpbmcgdGhlIHNhbWUgcHJv cGVydGllcw0KPiBhcyBUTFMsIHNvIGlmIHRoYXQncyB0aGUgYmVuY2htYXJrLCBJIGRvbid0IHNl ZSBob3cgdGhpcyBjYW4gbWFrZQ0KPiBwcm9ncmVzcy4NCg0KV2VsbCwgImV4YWN0bHkgVExTIiBp cyBzbGlnaHRseSBvZmYsIGFzIGV2aWRlbmNlZCBmb3IgaW5zdGFuY2UgYnkgdGhlDQpzdXBwb3J0 IGZvciBEVExTLCB3aGljaCByZWxheGVzIGEgbWluaW1hbCBzZXQgb2YgVExTJ3MgZ3VhcmFudGVl cyB0bw0KbWF0Y2ggdGhlIG5hdHVyZSBvZiBpdHMgdW5kZXJseWluZyB0cmFuc3BvcnQgYW5kIHRo ZSB1c2UgY2FzZXMgZm9yIHdoaWNoDQppdCdzIGFwcGxpY2FibGUuDQoNCk11bHRpY2FzdCB3b3Vs ZCBiZSBhIGRpZmZlcmVudCBraW5kIG9mIHRyYW5zcG9ydCB3aXRoIHNvbWUgZGlmZmVyZW50DQpw cm9wZXJ0aWVzIHRoYXQgbWlnaHQgcHV0IGNvbnN0cmFpbnRzIG9uIHVzZSwgc28gaXQncyBpbXBv cnRhbnQgdG8NCmFydGljdWxhdGUgd2hhdCB0aG9zZSBjb25zdHJhaW50cyBhcmUgYW5kIGdldCB0 aGUgcHJvcGVyIGV4cGVydCByZXZpZXcNCnRvIGF2b2lkIGFzIG1hbnkgcHJvYmxlbXMgYXMgd2Ug Y2FuIHVwIGZyb250Lg0KDQo+PiBPdmVyIGFuZCBvdmVyLCBJIHNlZSB0aGUgaGFyZCByZXF1aXJl bWVudCBmb3IgZW5jcnlwdGlvbiBqdXN0aWZpZWQgYnkNCj4+IGEgdGhyZWF0IG1vZGVsIHRoYXQg aW5jbHVkZXMgZXhwb3NpbmcgcGVyc29uYWwgaW5mb3JtYXRpb24gc3VjaCBhcw0KPj4gYmFuayBh Y2NvdW50IGluZm8uwqAgV2hpbGUgSSBhZ3JlZSB0aGlzIGlzIGFuIGltcG9ydGFudCB0aHJlYXQg bW9kZWwNCj4+IHRoYXQganVzdGlmaWVzIHN0cm9uZyBlbmNyeXB0aW9uIGluIG1hbnkgc2l0dWF0 aW9ucywgaXQncyBub3QgY2xlYXINCj4+IHRoYXQgaXQgYXBwbGllcyBxdWl0ZSB0aGUgc2FtZSB3 YXkgdG8gYSB2aWRlbyBmcmFtZSBmcm9tIHRoZSBTdXBlcmJvd2wsDQo+PiB3aGVyZSB3ZSdkIGJl IHBhcnRpY3VsYXJseSBpbnRlcmVzdGVkIGluIGxldmVyYWdpbmcgdGhlIHNjYWxpbmcgb2YNCj4+ IG11bHRpY2FzdC4NCj4NCj4gVGhpcyBzZWVtcyBsaWtlIGEgcmVncmVzc2lvbiB0byBtZS4gV2hp Y2ggY29udGVudCBwZW9wbGUgYXJlIGNvbnN1bWluZw0KPiBzaG91bGQgKmFsc28qIGJlIGNvbmZp ZGVudGlhbCwgZXZlbiBpZiBtdWx0aXBsZSBwZW9wbGUgY2FuIHNlZSB0aGF0IGNvbnRlbnQuDQo+ IFRoYXQncyBhIHByb3BlcnR5IHRoZXkgbGFyZ2VseSBoYXZlIHdpdGggcmVzcGVjdCB0byB0aGUg bmV0d29yayBub3csIGFuZCB3ZQ0KPiBzaG91bGQgYmUgbG9va2luZyB0byBleHRlbmQgaXQsIG5v dCB0byByZWdyZXNzIGl0Lg0KDQpNdWx0aWNhc3QgaW4gcGFydGljdWxhciBhbHNvIGNvbWVzIHdp dGggYSByZW1vdmFsIG9mIGFuIGluZGl2aWR1YWxpemVkDQpkZXN0aW5hdGlvbiBJUCBhZGRyZXNz IGFuZCBwb3J0LCB3aGljaCBtYWtlcyBpdCBtdWNoIGhhcmRlciB0byB0aWUgdGhlDQpjb250ZW50 IHRvIHRoZSBpbmRpdmlkdWFsIHdobydzIGNvbnN1bWluZyBpdCwgZnJvbSBhbiBvbi1wYXRoIG9i c2VydmVyJ3MNCnBvaW50IG9mIHZpZXcuICBJcyBpdCByZWFsbHkgdGhlICJjb250ZW50IGJlaW5n IGNvbnN1bWVkIiB0aGF0IGhhcyB0byBiZQ0KY29uZmlkZW50aWFsLCBvciB0aGUga25vd2xlZGdl IHRoYXQgYSBzcGVjaWZpYyBpbmRpdmlkdWFsIGlzIHdhdGNoaW5nDQppdD8NCg0KVGhlcmUncyBh bHNvIHNvbWUgbW9yZSBob2xpc3RpYyBjb25zaWRlcmF0aW9ucy4gIFRoZSB2YXN0IGltcHJvdmVt ZW50IHRvDQplZmZpY2llbmN5IGFuZCBzY2FsZSB0aGF0IGlzIHBvc3NpYmxlIGhlcmUgY2FuIGJl IGV4cGVjdGVkIHRvIGltcHJvdmUNCmVuZCB1c2VyIGNvc3RzIGFuZCBwcm92aWRlciBjaG9pY2Us IGFuZCBmb3IgbWFueSB0aGlzIG1pZ2h0IGJlIGEgaGlnaGx5DQpkZXNpcmFibGUgdHJhZGVvZmYg Zm9yIGEgbG90IG9mIGNhc2VzLiAgVGhlIHJlYWwgcXVlc3Rpb24gaXMgdG8gZmlndXJlDQpvdXQg aW4gd2hhdCBzaXR1YXRpb25zIGl0J3Mgb2suDQoNCkl0J3MgaGFyZCB0byBiZWxpZXZlIHRoZSBh bnN3ZXIgaXMgJ25ldmVyJyB3aGVuIHRoZSBhbHRlcm5hdGl2ZSBpcyB0bw0Kc2VuZCB0aGF0IGNv bnRlbnQgdGhyb3VnaCBhIFRWIHN0YXRpb24gYW5kIGhhdmUgdGhlaXIgcHJvdmlkZXIsIHRoZSBz YW1lDQpvbmUgcHJvdmlkaW5nIHRoZSBpbnRlcm5ldCBzZXJ2aWNlcyBpbiBtb3N0IGNhc2VzLCBr bm93IGFsbCBhYm91dA0KZXhhY3RseSB3aGVyZSBpdCdzIGdvaW5nLCBiZWNhdXNlIHRoZSBkZWxp dmVyeSAqZG9lcyBub3Qgc2NhbGUqIHRvIHdlYg0KZGVsaXZlcnkgd2l0aG91dCBtdWx0aWNhc3Qg YW5kIGNhbid0IHRha2UgYWR2YW50YWdlIG9mIHRoZSBiZW5lZml0cyBvZg0Kd2ViIHNlY3VyaXR5 IGFueXdheS4NCg0KU2VydmljZSBwcm92aWRlcnMgbmVlZCB0byB1bmRlcnN0YW5kIHRoZSBpc3N1 ZXMgYW5kIG1ha2UgdGhlIHJpZ2h0DQp0cmFkZW9mZnMsIGJ1dCBwZXJmb3JtYW5jZSBpcyBvbmUg b2YgdGhlbSwgYW5kIGluIHNvbWUgc2l0dWF0aW9ucyBpdCdzDQpub3Qgd29ydGggYSBmYWN0b3Ig b2YgMTBrIG9uIGVmZmljaWVuY3kgdG8gbWFpbnRhaW4gYSBzZWN1cml0eSBwcm9wZXJ0eQ0KdGhh dCdzIG5vdCB2ZXJ5IGltcG9ydGFudCB0byB0aGUgc2FmZXR5IG9mIHRoZSB1c2VycyB3aG8gYXJl IHVzaW5nIHRoYXQNCnBhcnRpY3VsYXIgc2VydmljZSwgcGFydGljdWxhcmx5IHdoZW4gdGhlIHZp YWJsZSBhbHRlcm5hdGl2ZXMsIHdoaWNoIHdlDQprbm93IGZyb20gaGlzdG9yeSB0aGV5J2xsIHdp bGxpbmdseSB1c2UgZW4gbWFzc2UsIGFyZSBhcyBiYWQgb3Igd29yc2UuDQoNCkkgZ3Vlc3Mgd2Ug Y2FuIGFuZCBwcm9iYWJseSBzaG91bGQgcmF0aG9sZSBvbiB0aGlzIGZvciBzb21lIHRpbWUsIGFu ZCBpdA0Kd291bGQgYmUgZ29vZCB0byBnZXQgbW9yZSB2b2ljZXMgaW4gdGhlIGRpc2N1c3Npb24u ICBUaGF0J3Mgd2h5IEknbQ0KYXNraW5nIHNlY2Rpc3BhdGNoIHRvIGNvbnNpZGVyIHRoaXMgd29y ayBhbmQgYWR2aXNlIHVzIG9uIHRoZSBiZXN0DQp2ZW51ZS4NCg0KQmVzdCwNCkpha2UNCg0KDQo= From nobody Fri Oct 29 13:42:41 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38C9C3A1729 for ; Fri, 29 Oct 2021 13:42:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.847 X-Spam-Level: X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPHwzTyRyRUP for ; Fri, 29 Oct 2021 13:42:34 -0700 (PDT) Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A45743A16D8 for ; Fri, 29 Oct 2021 13:42:33 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id ee16so29562038edb.10 for ; Fri, 29 Oct 2021 13:42:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9gfUT1Uj6mxBWE2OhPO3/oYRmSosaZ7lHmC9vbrbYdY=; b=aOzI0E4mHwngZH63e4Pg8e/+SWYvKtV/6VyVgMAjbodUfhqUAbONjlQwlX/n5eDY6K z4bVdEo4tnKy8GMT59AwgLBvO5VpfI2L1MTKtRVZh5O5XOYuKz3qjpSAkgbCbusrxBdf kPbm8b/rYE3arBT10jUxOWzSJWy22fCwVQQbIvVVamNAtKlIbkfQt5N61escvOukM4iU H5M+3EntG6fMyOW9pGfcHr30SEThB41TwiXX/JlX8a9f4GNg83CS9P3E0WJMFznO9tJf cTywg0R4qpDCLjvvnjbLc/Nv6C5uZ6wQVGmlKQVI7jQDXGKCuvq1ww/MIAKSTQFnkWqs d4dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9gfUT1Uj6mxBWE2OhPO3/oYRmSosaZ7lHmC9vbrbYdY=; b=KrMn93azwtkP2/CDwqwu2fEAdWZ6ntdSBA7RfjEkzXA68GIqC23QnbsI2uIS12sTU1 UGtRsffAfrB80mmwikKBTutSyV4DyoHFQqE53RpP1iYzg8fwEzcpRSLnm9E+xVNU/sQ2 PUZzBPMbcLmzEBs0cw/SUNAlgcAyrsmCIRTzx1egtIJuGVBSr+WgQqGTaIZbseOM+YzV U09W+v70Vmx2lmZanedhc1zy69lG7DlwwyY5B7/LT4X4PpeCjVlKx4xTAstA+BTWg1MI Z8vGnVIOsOs2s+ZJjmImD85NBZIai/Rc3PM3sUh96iOTyKu62BKdvwtrTjcJSxfYkFA0 yiRw== X-Gm-Message-State: AOAM5301cBQuXpaFQjqpGEIZMECuY8sfYxBhxWSbOQeepJKn80qpsSwS xfxNepDw2uwwNrlYJhXOFsb3AFcFr99T5uCDufoCkfgYkFo= X-Google-Smtp-Source: ABdhPJysZXa3vHoO2MjbAXLDl3GnhGplsjzU1w+cY8Df4OFwePHIZs9Lykf1JRMo3huhMSZYrrPAG2Ew52Buyzg/3pY= X-Received: by 2002:a17:906:fc0a:: with SMTP id ov10mr422735ejb.94.1635540150784; Fri, 29 Oct 2021 13:42:30 -0700 (PDT) MIME-Version: 1.0 References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> <9BA8CB7F-E2EB-4888-8DE9-0D784E7EBB7C@akamai.com> In-Reply-To: <9BA8CB7F-E2EB-4888-8DE9-0D784E7EBB7C@akamai.com> From: Lucas Pardue Date: Fri, 29 Oct 2021 21:42:19 +0100 Message-ID: To: "Holland, Jake" Cc: Eric Rescorla , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000b415d405cf83dd80" Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2021 20:42:40 -0000 --000000000000b415d405cf83dd80 Content-Type: text/plain; charset="UTF-8" Hello, This is a very good discussion and I can't possibly hope to address the fine points that have been made by the different sides. What I will add as a point of reference is that a while ago when penning draft-pardue-quic-http-mcast, me, co-authors and associates tried hard to think about and capture the security and privacy aspects of using multicast for delivery of HTTP [1]. In the meantime, Jake, Kyle and co. have continued to work on addressing some of the questions; AMBI for integrity at the packets-level for example. The interesting higher-level question I'm getting from this discussion (and the ones in other venues) is whether there is any form of "secure multicast" can address the sorts of confidentiality/privacy questions that EKR raises. Work on secure multicast is not brand new, there was the MSEC WG [2] who produced 18 documents on the topic. However, the design choices for draft-pardue-quic-http-mcast imagined a world where there is not IP-layer security, and so security needed to be provided by either the transport or the application. As noted in the document, the ability for someone with the key to produce QUIC packets weakens those assurances, so additional asymmetric protections are added at the HTTP layer (digests and signatures). I'm not suggesting it solved all the problems, but it was demonstrably more secure that other multicast-based delivery methods that I am aware of. As Jake indicated, and as I can't speak for because I'm no longer close to the domain, multicast is widely used in several domains where real people at home consume it. That's typically done as part of a service that they pay for and they are likely to have no idea that the provider is doing this. If there's a problem with privacy of multicast-delivered services, we are in the thick of it. This bears some striking resemblence to DNS of yonder, where there was no notion in the general populace of more secure DNS or DNS provider agility. It would be nice to create a world where over-the-top IP multicast services are just as widespread as unicast ones (where networks allow that to be feasible) and answering the security/privacy question is important to getting there. Cheers, Lucas [1] - https://datatracker.ietf.org/doc/html/draft-pardue-quic-http-mcast-09#section-11 [2] - https://datatracker.ietf.org/wg/msec/about/ --000000000000b415d405cf83dd80 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

This= is a very good discussion and I can't possibly hope to address the fin= e points that have been made by the different sides.

What I will add as a point of reference is that a while ago when pe= nning draft-pardue-quic-http-mcast, me, co-authors and associates tried har= d to think about and capture the security and privacy aspects of using mult= icast for delivery of HTTP [1]. In the meantime, Jake, Kyle and co. have co= ntinued to work on addressing some of the questions; AMBI for integrity at = the packets-level for example.

The interestin= g higher-level question I'm getting from this discussion (and the ones = in other venues) is whether there is any form of "secure multicast&quo= t; can address the sorts of confidentiality/privacy questions that EKR rais= es. Work on secure multicast is not brand new, there was the MSEC WG [2] wh= o produced 18 documents on the topic. However, the design choices for draft= -pardue-quic-http-mcast imagined a world where there is not IP-layer securi= ty, and so security needed to be provided by either the transport or the ap= plication. As noted in the document, the ability for someone with the key t= o produce QUIC packets weakens those assurances, so additional asymmetric p= rotections are added at the HTTP layer (digests and signatures). I'm no= t suggesting it solved all the problems, but it was demonstrably more secur= e that other multicast-based delivery methods that I am aware of.

As Jake indicated, and as I can't speak for because I&#= 39;m no longer close to the domain, multicast is widely used in several dom= ains where real people at home consume it. That's typically done as par= t of a service that they pay for and they are likely to have no idea that t= he provider is doing this. If there's a problem with privacy of multica= st-delivered services, we are in the thick of it. This bears some striking = resemblence to DNS of yonder, where there was no notion in the general popu= lace of more secure DNS or DNS provider agility. It would be nice to create= a world where over-the-top IP multicast services are just as widespread as= unicast ones (where networks allow that to be feasible) and answering the = security/privacy question is important to getting there.
--000000000000b415d405cf83dd80-- From nobody Sat Oct 30 08:00:30 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1113A0E9E for ; Sat, 30 Oct 2021 08:00:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOypPLsF3gTa for ; Sat, 30 Oct 2021 08:00:24 -0700 (PDT) Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FAF03A0EC2 for ; Sat, 30 Oct 2021 08:00:24 -0700 (PDT) Received: by mail-io1-xd34.google.com with SMTP id f9so16024974ioo.11 for ; Sat, 30 Oct 2021 08:00:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7TW26IhskS0/1dG61VGi9GVxH38RmOYcU0+0PrTW3t8=; b=kDJtrqQa358znxLrrtIVTw0CZuea9WZFHRzsmd4HG7ckF5nQUknrcRtmpgn+2NVNN9 9JzLabf7s43Pz/LwcPENsOlrzaSrrP4woTsSSRZ+Zp9kbbqxr2jMTAR/BXvyNgDDxC0o DjE4soaygOKHhF2Qwb+3gIjHTuaso2aMSZZoWkFn4+iUorFW0DjrDmKoorSmGnpix2Oh gUH9q0pye4NnNcQIrBi1+ICNGqYTmY+JigNK6ccWNTeAIXVaNKUSi37FpOEEO9T1X/N5 ATnACLbEck2StkwbcXXV3EYhsgHsGFPkyneovSlRks/EU2kQf/sEOw/JEvaxg8gplJlv Hg2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7TW26IhskS0/1dG61VGi9GVxH38RmOYcU0+0PrTW3t8=; b=oE03MZsYscB71XaonJ/ySrcS7NpywRJcMVB0U6lLf5gnlZmk4dnVeFz0/8F2DwMBJZ XiLsZeMesRtZw3Vq9w5pI3UWTlt0+bGUDdv3G9R2XhOAyC30ejrzNKr8hkMebaYPsNQ3 tn9XvgDXto/iFwKnwNZPGy+lQJPMLUeWw9PFG6DpPpA8Nv7nE4UKX/c6gXdzsuTebR6A /cgWf/ci121k1ZrVaCS/LNz32TILjOWM2tnNC907fpHuvnpJS7HS57KyHpNq1XG0ISi1 UaRVEsjUOWnkVCIr7cf2jlWhXgDac6JLGDvUxIMSzRBfiYcHj2+iqMBc/ZN2MsCeT5tO ClLQ== X-Gm-Message-State: AOAM533srITn5bLOrJgJGG8IM2Jv2EJI5H8Ppe1ddbM9e7qYyaiO4WP9 tHEK5fRHno5ooovzx/SVG7ggkUaHMG1+vQx8De3F9Q== X-Google-Smtp-Source: ABdhPJyE2+XytIh+9R038krRJhIKdbS0aMQ+Wah7Q0zRANBfQgdqKhemp+Hgtk6zSQsXueFgSU4vdNN1GlS36k2ppWU= X-Received: by 2002:a6b:6e04:: with SMTP id d4mr12481186ioh.213.1635606023245; Sat, 30 Oct 2021 08:00:23 -0700 (PDT) MIME-Version: 1.0 References: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com> <9BA8CB7F-E2EB-4888-8DE9-0D784E7EBB7C@akamai.com> In-Reply-To: <9BA8CB7F-E2EB-4888-8DE9-0D784E7EBB7C@akamai.com> From: Eric Rescorla Date: Sat, 30 Oct 2021 08:00:00 -0700 Message-ID: To: "Holland, Jake" Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="00000000000002297105cf93344b" Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Oct 2021 15:00:29 -0000 --00000000000002297105cf93344b Content-Type: text/plain; charset="UTF-8" On Fri, Oct 29, 2021 at 1:03 PM Holland, Jake wrote: > From: Eric Rescorla > Date: Thu,2021-10-28 at 11:26 AM > > > I think I'm asking a different question: specifically "What web sites > and/or > > browsers are interested in deploying this technology and for what uses"? > > We're interested in using this with a wide set of our customer's > websites, mainly for video that is popular and/or live. Also for > popular file downloads and software updates. > > I can't really disclose all our partner discussions in this public > forum, but in general people are eager to get the discount this would > come with if it works and doesn't hurt performance (and more so if it > helps performance), especially if it doesn't need big changes in their > player implementations. > > I sent out a few invitations to comment on this thread, maybe some of > them or some other interested people will be willing to chime in. > OK, well, I think some significant showing of interest from other people is a prerequisite for serious consideration of this idea. > I think no browser will take this until the security model is better > articulated, and so of course none have committed, since consensus on a > doc like this is a blocker. > Well, I agree about commitment, but there have been plenty of efforts (WebRTC, QUIC, MLS, etc.) with far more active levels of enthusiasm from browsers than this seems to have But the chromium discussion wasn't "go away, this will never work", but > rather "this needs encryption at least--even if multiple people can > decode it, those without a key cannot, so it provides some improvement > over non-encrypted". That was an excellent point that comes with some > complexity, some of which we're trying to get written down here. That's > not the same as "yes we'll ship it", but it's as positive as could be > hoped for at this stage. > I think you're reading this as a greater showing of interest than I do, but I guess Chris Palmer can speak for himself. Or maybe David Schinazi or David Benjamin would like to clarify Chrome's thinking. >> Hence, we try here to speak to the security properties of TLS, since > >> they've been demonstrated as satisfactory to the best of our current > >> knowledge for web traffic. > > > > Well, ISTM that you are clearly not delivering the same properties > > as TLS, so if that's the benchmark, I don't see how this can make > > progress. > > Well, "exactly TLS" is slightly off, as evidenced for instance by the > support for DTLS, which relaxes a minimal set of TLS's guarantees to > match the nature of its underlying transport and the use cases for which > it's applicable. > Well, browsers don't support DTLS in the sense that they support TLS. What they support is a new API surface that is designed to serve a different set of application use cases from content delivery, i.e., WebRTC. >> Over and over, I see the hard requirement for encryption justified by > >> a threat model that includes exposing personal information such as > >> bank account info. While I agree this is an important threat model > >> that justifies strong encryption in many situations, it's not clear > >> that it applies quite the same way to a video frame from the Superbowl, > >> where we'd be particularly interested in leveraging the scaling of > >> multicast. > > > > This seems like a regression to me. Which content people are consuming > > should *also* be confidential, even if multiple people can see that > content. > > That's a property they largely have with respect to the network now, and > we > > should be looking to extend it, not to regress it. > > Multicast in particular also comes with a removal of an individualized > destination IP address and port, which makes it much harder to tie the > content to the individual who's consuming it, from an on-path observer's > point of view. I'm not sure about "much harder". If you can observe the routing information you know a lot. -Ekr --00000000000002297105cf93344b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Fri, Oct 29, 2021 at 1:03 PM Holla= nd, Jake <jholland@akamai.com= > wrote:
From= : Eric Rescorla <ekr@r= tfm.com>
Date: Thu,2021-10-28 at 11:26 AM

> I think I'm asking a different question: specifically "What w= eb sites and/or
> browsers are interested in deploying this technology and for what uses= "?

We're interested in using this with a wide set of our customer's websites, mainly for video that is popular and/or live.=C2=A0 Also for
popular file downloads and software updates.

I can't really disclose all our partner discussions in this public
forum, but in general people are eager to get the discount this would
come with if it works and doesn't hurt performance (and more so if it helps performance), especially if it doesn't need big changes in their<= br> player implementations.

I sent out a few invitations to comment on this thread, maybe some of
them or some other interested people will be willing to chime in.

OK, well, I think some significant showing of in= terest from other people
is a prerequisite for serious considerat= ion of this idea.

=C2=A0
I think no browser will take this until the s= ecurity model is better
articulated, and so of course none have committed, since consensus on a
doc like this is a blocker.

Well, I agr= ee about commitment, but there have been plenty of efforts
(WebRT= C, QUIC, MLS, etc.) with far more active levels of enthusiasm
fro= m browsers than this seems to have


But the chromium discussion wasn't "go away, this will never work&= quot;, but
rather "this needs encryption at least--even if multiple people can decode it, those without a key cannot, so it provides some improvement
over non-encrypted".=C2=A0 That was an excellent point that comes with= some
complexity, some of which we're trying to get written down here.=C2=A0 = That's
not the same as "yes we'll ship it", but it's as positive= as could be
hoped for at this stage.

I think you= 9;re reading this as a greater showing of interest than I do,
but= I guess Chris Palmer can speak for himself. Or maybe David
Schin= azi or David Benjamin would like to clarify Chrome's thinking.


>> Hence, we try here to speak to the security properties of TLS, sin= ce
>> they've been demonstrated as satisfactory to the best of our c= urrent
>> knowledge for web traffic.
>
> Well, ISTM that you are clearly not delivering the same properties
> as TLS, so if that's the benchmark, I don't see how this can m= ake
> progress.

Well, "exactly TLS" is slightly off, as evidenced for instance by= the
support for DTLS, which relaxes a minimal set of TLS's guarantees to match the nature of its underlying transport and the use cases for which it's applicable.

Well, browsers don= 't support DTLS in the sense that they support
TLS. What they= support is a new API surface that is designed to
serve a differe= nt set of application use cases from content delivery,
i.e., WebR= TC.


>> Over and over, I see the hard requirement for encryption justified= by
>> a threat model that includes exposing personal information such as=
>> bank account info.=C2=A0 While I agree this is an important threat= model
>> that justifies strong encryption in many situations, it's not = clear
>> that it applies quite the same way to a video frame from the Super= bowl,
>> where we'd be particularly interested in leveraging the scalin= g of
>> multicast.
>
> This seems like a regression to me. Which content people are consuming=
> should *also* be confidential, even if multiple people can see that co= ntent.
> That's a property they largely have with respect to the network no= w, and we
> should be looking to extend it, not to regress it.

Multicast in particular also comes with a removal of an individualized
destination IP address and port, which makes it much harder to tie the
content to the individual who's consuming it, from an on-path observer&= #39;s
point of view.=C2=A0

I'm not sure about= "much harder". If you can observe the routing
informat= ion you know a lot.

=C2=A0-Ekr

--00000000000002297105cf93344b-- From nobody Sun Oct 31 06:11:41 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B7D63A00B2; Sun, 31 Oct 2021 06:11:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GgvSmTYadyf7; Sun, 31 Oct 2021 06:11:30 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 328F23A003F; Sun, 31 Oct 2021 06:11:29 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 19VC1WDw011123; Sun, 31 Oct 2021 13:11:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=SLowgDEsxBfpWLvH/rpZUAt5IZ4xaBXs4xZzI7XJglM=; b=gVcM3re5hkaIwXsuz+nKp5xaKZvkDmLb/i+HwNvCILo23Y9sKP8Ec07GnBklRqM1cnqL 5HVuS7H71v8gIyN1MAqpFqPTjeDe4e3KBM/NQP3Ny+eVA6mOtBwZQJCyuSn4MMFbOqDt thJmvL2arIlH+sAyYE9PZ1HHSZfrFmo8LR1pj1zhZ9XQ7MoHh7pDyO6CSydubMkVw/Gd rIPBs4bIR+Zk+g9Cy4lKwdd+TzQenfrGo+eDhpIC4TVq4yS7ObF54lGmwQv7A+Kma0XK l90+9YkO2pMXPnYEmpBqFBzpiP7eAUQTurK8saTvBOv4tbPvK/rjRJ7eV6TqEUk9CDS7 2w== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0b-00190b01.pphosted.com (PPS) with ESMTPS id 3c1314ys3b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 31 Oct 2021 13:11:26 +0000 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 19VD6FrN015994; Sun, 31 Oct 2021 09:11:25 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint1.akamai.com with ESMTP id 3c11cyj0uf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 31 Oct 2021 09:11:25 -0400 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Sun, 31 Oct 2021 09:11:24 -0400 Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1497.024; Sun, 31 Oct 2021 09:11:24 -0400 From: "Salz, Rich" To: saag , IETF SecDispatch Thread-Topic: Two sessions? Thread-Index: AQHXzljOk1e2F43DnE6RD3AYHb64Fg== Date: Sun, 31 Oct 2021 13:11:24 +0000 Message-ID: <2AAD27E7-53DF-44BD-9C80-6ABE7679E6AE@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.54.21101001 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.27.118.139] Content-Type: multipart/alternative; boundary="_000_2AAD27E753DF44BD9C806ABE7679E6AEakamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-31_03:2021-10-29, 2021-10-31 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=656 bulkscore=0 suspectscore=0 adultscore=0 malwarescore=0 mlxscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110310083 X-Proofpoint-ORIG-GUID: BEfS7pQ8PM8UEP2aQ5CjuQ5A5gnG__Le X-Proofpoint-GUID: BEfS7pQ8PM8UEP2aQ5CjuQ5A5gnG__Le X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-31_03,2021-10-29_03,2020-04-07_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 impostorscore=0 spamscore=0 mlxscore=0 phishscore=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=603 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110310084 Archived-At: Subject: [Secdispatch] Two sessions? X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2021 13:11:35 -0000 --_000_2AAD27E753DF44BD9C806ABE7679E6AEakamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlcmUgYXJlIHR3byBzZXNzaW9ucyBmb3IgU0FBRy9TZWNEaXNwYXRjaCwgZWFjaCBzcGxpdCBh cyBvbmUgaG91cj8gIElzIHRoYXQgY29ycmVjdD8NCg== --_000_2AAD27E753DF44BD9C806ABE7679E6AEakamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCWZvbnQtc2l6 ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFp bFN0eWxlMTcNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtY29tcG9zZTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJ Zm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJ e3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpk aXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hl YWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiIHN0 eWxlPSJ3b3JkLXdyYXA6YnJlYWstd29yZCI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlRoZXJl IGFyZSB0d28gc2Vzc2lvbnMgZm9yIFNBQUcvU2VjRGlzcGF0Y2gsIGVhY2ggc3BsaXQgYXMgb25l IGhvdXI/Jm5ic3A7IElzIHRoYXQgY29ycmVjdD88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_2AAD27E753DF44BD9C806ABE7679E6AEakamaicom_-- From nobody Sun Oct 31 09:43:38 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8C83A0E29; Sun, 31 Oct 2021 09:43:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.497 X-Spam-Level: X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.4, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjRCo2zJ4Tpn; Sun, 31 Oct 2021 09:43:27 -0700 (PDT) Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90BD93A0DF0; Sun, 31 Oct 2021 09:43:27 -0700 (PDT) Received: from [10.10.10.227] (76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id 19VGgxSq008950 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 31 Oct 2021 09:43:00 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: mail.proper.com: Host 76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70] claimed to be [10.10.10.227] From: Paul Hoffman To: saag , IETF SecDispatch Date: Sun, 31 Oct 2021 09:43:24 -0700 X-Mailer: MailMate (1.14r5798) Message-ID: <25FD63E5-1CD2-44C8-B526-185ADB249AEB@vpnc.org> In-Reply-To: <2AAD27E7-53DF-44BD-9C80-6ABE7679E6AE@akamai.com> References: <2AAD27E7-53DF-44BD-9C80-6ABE7679E6AE@akamai.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_3E34AD6E-DD11-4730-8010-2E360A7CF448_=" Embedded-HTML: [{"plain":[44, 89], "uuid":"3B96A94B-06FA-440A-88F2-F7B3710469C3"}] Archived-At: Subject: Re: [Secdispatch] [saag] Two sessions? X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2021 16:43:33 -0000 --=_MailMate_3E34AD6E-DD11-4730-8010-2E360A7CF448_= Content-Type: text/plain; format=flowed On 31 Oct 2021, at 6:11, Salz, Rich wrote: > There are two sessions for SAAG/SecDispatch, each split as one hour? > Is that correct? Also: when will the agendas for SAAG and SecDispatch be posted? Some of us are trying to juggle conflicts. --Paul Hoffman --=_MailMate_3E34AD6E-DD11-4730-8010-2E360A7CF448_= Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
<= p dir=3D"auto">On 31 Oct 2021, at 6:11, Salz, Rich wrote:

= There are two sessions for SAAG/SecDispa= tch, each split as one hour?=C2=A0 Is that correct?


Also: when will the agendas for SAAG and SecDispatch be posted? Some of u= s are trying to juggle conflicts.

--Paul Hoffman

--=_MailMate_3E34AD6E-DD11-4730-8010-2E360A7CF448_=-- From nobody Sun Oct 31 12:12:30 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC9323A1219 for ; Sun, 31 Oct 2021 12:12:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.889 X-Spam-Level: X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07phS8G9o9gI for ; Sun, 31 Oct 2021 12:12:24 -0700 (PDT) Received: from mailout-taastrup.gigahost.dk (mailout-taastrup.gigahost.dk [46.183.139.199]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F8043A121A for ; Sun, 31 Oct 2021 12:12:22 -0700 (PDT) Received: from mailout.gigahost.dk (mailout.gigahost.dk [89.186.169.112]) by mailout-taastrup.gigahost.dk (Postfix) with ESMTP id 332BA1884DB5 for ; Sun, 31 Oct 2021 19:12:20 +0000 (UTC) Received: from smtp.gigahost.dk (smtp.gigahost.dk [89.186.169.109]) by mailout.gigahost.dk (Postfix) with ESMTP id 233977801BF for ; Sun, 31 Oct 2021 19:12:20 +0000 (UTC) Received: by smtp.gigahost.dk (Postfix, from userid 1000) id 1C0D2916DED6; Sun, 31 Oct 2021 19:12:20 +0000 (UTC) X-Screener-Id: f8b5956341cafa01bc0fc2c7b7d4a245e1dff3de Received: from [192.168.1.184] (D470943A.rev.sefiber.dk [212.112.148.58]) by smtp.gigahost.dk (Postfix) with ESMTPSA id 02885916DECF for ; Sun, 31 Oct 2021 19:12:19 +0000 (UTC) Message-ID: <642bb5b8-0980-1fcd-a424-74b3f2118699@steinwurf.com> Date: Sun, 31 Oct 2021 20:12:18 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.2 Content-Language: en-US To: secdispatch@ietf.org From: "Morten V. Pedersen" Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Secdispatch] Requesting agenda time for draft-krose-multicast-security X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2021 19:12:29 -0000 Hi all, Have been monitoring this (and the drafts e.g. in MBONED) for a while. Since Eric brought up the question of use-cases I just wanted to share my view. We definitely have use-cases (often within entertainment or educational scenarios) for multicast to the browser. We've for several years been working on multicasting e.g. over local 802.11 networks (see some of our demos here: https://youtu.be/LuHRXIRZu-s). Having no multicast to the browser means that these solutions can only function with dedicated apps. I'm personally no security expert, but I truly hope this group will find the resources to work on this, as we clearly need a solid security model for these types of solution. All the best, Morten From nobody Sun Oct 31 13:59:52 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02C793A08C1; Sun, 31 Oct 2021 13:59:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.431 X-Spam-Level: X-Spam-Status: No, score=-5.431 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-3.33, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPof_f8g-XqF; Sun, 31 Oct 2021 13:59:40 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70047.outbound.protection.outlook.com [40.107.7.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E74C23A08CE; Sun, 31 Oct 2021 13:59:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y/FIl4tjzRHNymOBe1tsm7BJW4ad8kpIF5XnncjGAepqBTq8AgZZx2os32U4PjFA8Gk4KIXQxOu0pi17txBETmbpe7XBGbZeIbV4N7NGs7D+yZjsv2s0Y8N4emn6Xh1VAGESqcTvX0PWojkVI+NMXmNgYv7OswWT7jwe97e8eBTC1gWFif6y5chHA3bo7ERKS5jjdFf7pcUL9LYzRPaR+pLbYOhgIn8icT1Q0tIbuVQRqsMhVqZfZPeTzdM4ZfrInqUkKDwPwpN+BOT0EkXl9CiDLlWfW3uM93K6L9IYIow+n2leU06Z0uYdjSkHo271OFrTvd6U4/mmgvNckmO/wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MhvhCJV3NeD5v57x7xodjB5YP6mPKqwBtfQanR7AtYY=; b=OnN5F/NfSWggCwKtrnvHHu2Qnf5lbSbAncP/+FyfWvnOp3r2uWfybTj2zBEX4f44skGfrvDLPmtSqmQcb21Aw51KvGvr4i63kFDz8lWEXI3QdLBIMIxksEH6E5kn2vvo+8bQlYaiq1obwmgvzqakaJDsNhfeAZchAh/mWTtwqPxLv24znL2A7904Vr8jDzmwcn0xFwOMzSrCJ7Zl+rCCwnXCB8fe9I6opXoAvGLgyZbi+2jsRSVdD2BeVqfnHU+ksOW63FEMq+5/WFTRaEJ63S9UUrP/VISC4nc+bg/Jt64Sr/A+wvEEH4VDQ1dZA3Z6LwYwsAgOHWpQh52HOoFY3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MhvhCJV3NeD5v57x7xodjB5YP6mPKqwBtfQanR7AtYY=; b=FmeAtf/rjYGFj0uclLyGVancEVGFV3T2Yyz42SN1cbdk2g/QF9zT7lKxRO40p9yYa3NSb89Mass5pvGtUMEIAS5Ii7W1ZDRe54yEAMjSAcZEFeMePz2C9vMR1+3wX6ligrJ0gldM3UtvEOkdoDXo3+5N/RNfqgz82JtNo9FO2f0= Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com (2603:10a6:3:75::7) by HE1PR0701MB2412.eurprd07.prod.outlook.com (2603:10a6:3:70::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.5; Sun, 31 Oct 2021 20:59:36 +0000 Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::c458:53bc:ef37:6d62]) by HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::c458:53bc:ef37:6d62%12]) with mapi id 15.20.4669.009; Sun, 31 Oct 2021 20:59:36 +0000 From: Mohit Sethi M To: Paul Hoffman , saag , IETF SecDispatch Thread-Topic: [Secdispatch] [saag] Two sessions? Thread-Index: AQHXzpo2ZWPSqW3CBUWOzDS7ndzAMQ== Date: Sun, 31 Oct 2021 20:59:36 +0000 Message-ID: <672228fb-3659-29d6-51d7-be070d6127fe@ericsson.com> References: <2AAD27E7-53DF-44BD-9C80-6ABE7679E6AE@akamai.com> <25FD63E5-1CD2-44C8-B526-185ADB249AEB@vpnc.org> In-Reply-To: <25FD63E5-1CD2-44C8-B526-185ADB249AEB@vpnc.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f43d1ebc-65e8-4f1c-e272-08d99cb158e4 x-ms-traffictypediagnostic: HE1PR0701MB2412: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pDrbiL3vtIzkF23qz1T1nwXRqT+rQ1BVWhvG8mqRJaMTU8N7ndznp3aacVjPiaNG+bIR/Vp7HwePxb69IhzVJqCR8RBoJB+/0ptNTCIimoF7IJUYRVEtitS0CsWiEE4T0QZT+dVLHJmlOCSPOrUSt6k2+OMlmt6nbjLMLpHupqvu4J+yg72MdZto52SGSEaZoo/PC0FOvJb9TRiaxUhVNf8HLhF9/H34NZtmLaxoDgp99dhLIAZG7FG7cW+wA9zBvtyvKfPLeTs1VESRcL5onSDsSssr2NS8Bl38vIW1ijEmOPNkCq7PHqAavu6RiZz6P3cLyt0kjrpUOrDKBY/fKJ/a8xZk6K7CZ3na4cszA7Jw1zxFVzJSTgCQjfi56iYUM3Gu+wtee9S80zeeX3i21Hq2DhnFkqfW9zkLbw06lJOw4yrdoKPcsB5hOL9Ox0Z6HSvzdcPoogS3t+PWBw8e9SfbBGUIEult6CaMpdEZaBrN3wbZr7kYe8eXizHuu6CvgQaAjdbegiiTqupgrQrd6MkSV26243MbodsuVgJTvvb2ssgG4ENBNA/qQxQ/DjLmcYrKY1iUvcHJY17LkB4AiD2IdTbZq7Xm6RVg5fnikawvR1lcHZIpBeBu7We5+fIkNvscsOyPPja5JmZxsaRH9SAZuHz77fgaM7Zjx50ATOV4qYLbG/nK1GfVeke4h+xSvEWnZPZmS2srlZTvMD627UG2Fmwy3pQJmaUytk67HTJcx92Wp5lSavc8L+yJrIaIznDpO0G6eSKnrUFdxhLR/A+sk9T+FLj6BwlR8/2KHxfR5wuD8ShkQqyjHCm7hxoaJO/m9MhRvSWma4S8PP4PQ+lOi3f+5skFn/yoXc8Cy1A1jvjY7tldSUtuHUldIZAqx9zC7SVRYdgrjZEBdqNGDw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2474.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(110136005)(64756008)(8676002)(2616005)(6506007)(122000001)(166002)(186003)(53546011)(83380400001)(76116006)(66476007)(66946007)(66556008)(66446008)(4744005)(2906002)(508600001)(71200400001)(316002)(31696002)(82960400001)(36756003)(38100700002)(38070700005)(8936002)(966005)(31686004)(6486002)(5660300002)(86362001)(6512007)(43740500002)(45980500001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?UGNQRExOUGd2Y1V4MVFjRU00WElIajRpQ0RIdW1IZ21SbEsvc1Z3RlBuNVdH?= =?utf-8?B?YmNaUndIWWFUcGlpU3psdGI5bHVoYk1BL2lIL3lMVW1tbzZsVjlobklmZThF?= =?utf-8?B?aXlUQmdEdmNKZGVmSHQ4WEowNVd6N1BxKzl0SGtsRkQxYTBqQi9rWWlmZXBk?= =?utf-8?B?a3BPYnJsSGZES0pIQ200VjNxNDJsenZXVE5pcDZ4UjFzMldET3gySVNNNE5h?= =?utf-8?B?YXhOa2hmT2NwZjh3WUYyK01tQlNkWWk5Q1NaZmdUek45dmZDbDRiWU53Uy96?= =?utf-8?B?aTZiQlBqTS8yY0kyc0VvQndMWFgzZHY0VGFrQS9hSzJPRWdEM041K3J2UlFB?= =?utf-8?B?aTV5ZThOaS8rQ2gwSmtsQ1BWWG5oNk0rMXdrdWt5eHRXVmZsblJ6dm1ObzVv?= =?utf-8?B?VENvdGRVc0tPS3hPNGV1TVB3WE9sWTNCS3QxcjRQbUxRMVdOUys5ejIxUm1s?= =?utf-8?B?emd3WnZITnZablJhWUozMGlabFM0b2VKY3dZaXhsUC9qNnRScCtRRXIveFY4?= =?utf-8?B?eEdnNDNBYnQ2RDdSKzA5RDIrcFJHbWRjVFRwTE40ZXM2b1pNaEFPNW9qQ0s2?= =?utf-8?B?TjdKMjlWajZ6NktVclE4WlZYRWkxMVVWNnZDRGhvTUszNDRnSFZLWXdGd1Av?= =?utf-8?B?TnkwWWtFN0d1T1B2WVFOdjN6NDd6VlVyY1U3elZPcUxoNE56bENxV2pGY2tG?= =?utf-8?B?TnBUVmdLdXBXVitQUFdhWGZVbHEweU1OdlNvZ2ZvNnB5QW9Saldwd095WURT?= =?utf-8?B?V0l6TXc2RzhQUU9xUWNld1hLNGNrbVhxZ1R0Z0dLSDhvRFAxc21zMkZNemlP?= =?utf-8?B?SXVaeUoybEZHemtlbm0wQWcrWk1RaHltUVJuOG0xOEVuWGhDcTdCbERya21V?= =?utf-8?B?RXEyVkpIYVBDTTF0YjVNR1poa0REeThwN29HMUp0WHFOSHR3ekdsL2ROTnZ5?= =?utf-8?B?SzRJSXFoTXpQZktXME56ZXM5cXcxN0ZLb0FLRUJtYWtsRWdxdTJiS0J1Z0ds?= =?utf-8?B?WTZ4cU1SVXlXTkhhb2thdnBKQk43TDd1ZTlodXNlZjlUdHRDQmlrT2I0bSti?= =?utf-8?B?NEtHanA2ajRBWVR2c1R1ekM2MjU1U0dFc1pmOGV4bmNnaUxNRWRwdVorKzFQ?= =?utf-8?B?YStyaGowdkh3VGNTbFBVYVdHREJOUXFsb3dSRjhHM2N5djNxZzkwemhxcTRD?= =?utf-8?B?VExrVEFUeWxRY0ZETHNHMkRySmFtWVZORzhTRHRYQTNRVUtmbDdKZFdvU2wr?= =?utf-8?B?V2kzb0c4QjJHSnp0QkNZUUpHb3M3MnVib0wwYmpoVHExZlFHSnVjbENuNXpq?= =?utf-8?B?d0x4VXl6dkVGdkhNUGx6R2k1aGJzdGtFbFlKaWtRWmtDazhuaTRJZ254d0RU?= =?utf-8?B?TkhuUi9SRHFWZDN5WmdaTm1NRW1FdUJ4VTgwV0pILzBWaFRiaFg4d09qdm1H?= =?utf-8?B?Y1RXQWczLzVHaDBnK1BRM2xjMTg4RldJTlZwMk1ZYkJqeTZ1NUgyVWw3L0JQ?= =?utf-8?B?OWVqTlFCcFhNOXA0cXFqZDJGb2QwWWR1REFnaXhwTlhWUGlyRGRadzh4MEE2?= =?utf-8?B?THc5NDVHWTJTcEpBREJiK20yMXoxMWdrRmE1VlZSTjVEWUprbGtpaE8xeHVi?= =?utf-8?B?QUo4bjRGbXNOTXBSTlZPWGtTYjRRSnAxaHkzQkludUpvaU5rMTJlS2ZkQW1P?= =?utf-8?B?cm5BNXp6V1VEdHBrMlhGV0V3RWVzRlpRcUpJN3hIT2FXYWU5ZUtFR2xWZjJs?= =?utf-8?B?K3QxaVNzOVBWVDA4Zmt1Ukt0bmZBMzEvOW90TkkyVzQ3eDhjMGZvdTl4bWRY?= =?utf-8?B?ZGorbjg1VmVxN2tKbXpXOGZyVjhJR0N6bEI1OFFwajNWcStQc05SNXBLdnhn?= =?utf-8?B?VSthWFZJT0UrYndhTndyQkxEMER3SGhtQk1HL3NVTWh4eFd4Zm5sVUVua01Q?= =?utf-8?B?RnJuYW1ESUtrck1JRm1VSGp6YVhGRnhvUEVpYkV3ZkZxd1pJUEVEa0tjTUJl?= =?utf-8?B?a3FGeGZHekIzNCt1L2lIOW9yVGozNWhnQ3psbGs1VnpMSmhiSHVnRGFqRzF0?= =?utf-8?B?TGdqMy82MDh6Z3BESTFnMlFCS2E0ZDRxbkdUWHRpbDVPM2VmT2YyQ05VS0h0?= =?utf-8?B?MEhlT2gwWGljc1JBdnBuTGZJZ2xlZ21SQStOMUhzanc1bm8yME1BUXdUOGxr?= =?utf-8?B?bGdXTnJKS3MweVdVeWFGZEZsYkYyNCtncStOZldzZytwenRKQlBaM1FQUjlJ?= =?utf-8?B?YmZFM3dMWnV0Z2F6a2RzdTZMWTR6M3N0b2tvOXhhSnRGN3Z2MGVVY3ltVDUz?= =?utf-8?B?RldRMGttL0ZyZ0sreloyQ0p6bmZjUFdJWE8yYzBoQmFMbnZTTFlNQT09?= Content-Type: multipart/alternative; boundary="_000_672228fb365929d651d7be070d6127feericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2474.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f43d1ebc-65e8-4f1c-e272-08d99cb158e4 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2021 20:59:36.2516 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: p6AQ+hgc84nc/M4FKh9/hfs/f+JNGxcpe85+Ps/rgomFTp/otstii7ud74CeZPgdCbwSMP9RAuk2HBe0nhsF+5qJR6KeEUDcbUwf1zAqyjo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2412 Archived-At: Subject: Re: [Secdispatch] [saag] Two sessions? X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2021 20:59:45 -0000 --_000_672228fb365929d651d7be070d6127feericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBhbGwsDQoNClRoZSBwcmVsaW1pbmFyeSBhZ2VuZGEgZm9yIHRoZSBUdWVzZGF5IGpvaW50 IFNBQUcrU2VjZGlzcGF0Y2ggc2Vzc2lvbiBpcyBvbmxpbmU6IGh0dHBzOi8vbm90ZXMuaWV0Zi5v cmcvbm90ZXMtaWV0Zi0xMTItc2VjZGlzcGF0Y2guIFdlIGFyZSB3YWl0aW5nIHRvIHJlY2VpdmUg aW5mbyBvbiB0aGUgU0FBRyBwcmVzZW50YXRpb25zIGZvciBUdWVzZGF5IGZyb20gdGhlIHNlY3Vy aXR5IEFEcy4gSSB0aGluayB0aGV5IGFyZSB0cnlpbmcgdG8gYXJyYW5nZSBzb21lIGV4Y2l0aW5n IGludml0ZWQgdGFsa3Mgc28gcGxlYXNlIGJlYXIgd2l0aCB0aGVtLg0KDQpPbmNlIHdlIGhhdmUg dGhlIGZ1bGwgYWdlbmRhLCB3ZSdsbCB1cGxvYWQgaXQgdG8gdGhlIElFVEYgMTEyIG1hdGVyaWFs cyBwYWdlOiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL21lZXRpbmcvMTEyL21hdGVyaWFs cy8gYW5kIGFsc28gaW5mb3JtIHRoZSBtYWlsaW5nIGxpc3RzLg0KDQotLU1vaGl0DQoNCk9uIDEw LzMxLzIxIDY6NDMgUE0sIFBhdWwgSG9mZm1hbiB3cm90ZToNCg0KT24gMzEgT2N0IDIwMjEsIGF0 IDY6MTEsIFNhbHosIFJpY2ggd3JvdGU6DQoNClRoZXJlIGFyZSB0d28gc2Vzc2lvbnMgZm9yIFNB QUcvU2VjRGlzcGF0Y2gsIGVhY2ggc3BsaXQgYXMgb25lIGhvdXI/ICBJcyB0aGF0IGNvcnJlY3Q/ DQoNCkFsc286IHdoZW4gd2lsbCB0aGUgYWdlbmRhcyBmb3IgU0FBRyBhbmQgU2VjRGlzcGF0Y2gg YmUgcG9zdGVkPyBTb21lIG9mIHVzIGFyZSB0cnlpbmcgdG8ganVnZ2xlIGNvbmZsaWN0cy4NCg0K LS1QYXVsIEhvZmZtYW4NCg0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQpTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNClNlY2Rpc3BhdGNoQGlldGYu b3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0K --_000_672228fb365929d651d7be070d6127feericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPHA+RGVhciBhbGws PC9wPg0KPHA+VGhlIHByZWxpbWluYXJ5IGFnZW5kYSBmb3IgdGhlIFR1ZXNkYXkgam9pbnQgU0FB RytTZWNkaXNwYXRjaCBzZXNzaW9uIGlzIG9ubGluZToNCjxhIGNsYXNzPSJtb3otdHh0LWxpbmst ZnJlZXRleHQiIGhyZWY9Imh0dHBzOi8vbm90ZXMuaWV0Zi5vcmcvbm90ZXMtaWV0Zi0xMTItc2Vj ZGlzcGF0Y2giPg0KaHR0cHM6Ly9ub3Rlcy5pZXRmLm9yZy9ub3Rlcy1pZXRmLTExMi1zZWNkaXNw YXRjaDwvYT4uIFdlIGFyZSB3YWl0aW5nIHRvIHJlY2VpdmUgaW5mbyBvbiB0aGUgU0FBRyBwcmVz ZW50YXRpb25zIGZvciBUdWVzZGF5IGZyb20gdGhlIHNlY3VyaXR5IEFEcy4gSSB0aGluayB0aGV5 IGFyZSB0cnlpbmcgdG8gYXJyYW5nZSBzb21lIGV4Y2l0aW5nIGludml0ZWQgdGFsa3Mgc28gcGxl YXNlIGJlYXIgd2l0aCB0aGVtLg0KPGJyPg0KPC9wPg0KPHA+T25jZSB3ZSBoYXZlIHRoZSBmdWxs IGFnZW5kYSwgd2UnbGwgdXBsb2FkIGl0IHRvIHRoZSBJRVRGIDExMiBtYXRlcmlhbHMgcGFnZTog PGEgY2xhc3M9Im1vei10eHQtbGluay1mcmVldGV4dCIgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tl ci5pZXRmLm9yZy9tZWV0aW5nLzExMi9tYXRlcmlhbHMvIj4NCmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvbWVldGluZy8xMTIvbWF0ZXJpYWxzLzwvYT4gYW5kIGFsc28gaW5mb3JtIHRoZSBt YWlsaW5nIGxpc3RzLg0KPGJyPg0KPC9wPg0KPHA+LS1Nb2hpdDwvcD4NCjxkaXYgY2xhc3M9Im1v ei1jaXRlLXByZWZpeCI+T24gMTAvMzEvMjEgNjo0MyBQTSwgUGF1bCBIb2ZmbWFuIHdyb3RlOjxi cj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2l0ZT0ibWlkOjI1RkQ2M0U1LTFD RDItNDRDOC1CNTI2LTE4NUFEQjI0OUFFQkB2cG5jLm9yZyI+DQo8ZGl2IHN0eWxlPSJmb250LWZh bWlseTpzYW5zLXNlcmlmIj4NCjxkaXYgc3R5bGU9IndoaXRlLXNwYWNlOm5vcm1hbCI+DQo8cCBk aXI9ImF1dG8iPk9uIDMxIE9jdCAyMDIxLCBhdCA2OjExLCBTYWx6LCBSaWNoIHdyb3RlOiA8L3A+ DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXItbGVmdDoycHggc29saWQgIzc3Nzsg Y29sb3I6Izc3NzsNCiAgICAgICAgICBtYXJnaW46MCAwIDVweDsgcGFkZGluZy1sZWZ0OjVweCI+ DQo8ZGl2IGlkPSIzQjk2QTk0Qi0wNkZBLTQ0MEEtODhGMi1GN0IzNzEwNDY5QzMiPg0KPGRpdiBs aW5rPSIjMDU2M0MxIiB2bGluaz0iIzk1NEY3MiIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3Jk IiBsYW5nPSJFTi1VUyI+DQo8ZGl2IHN0eWxlPSJwYWdlOldvcmRTZWN0aW9uMSI+DQo8cCBzdHls ZT0iZm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywgc2Fucy1zZXJpZjsNCiAgICAgICAg ICAgICAgICAgIGZvbnQtc2l6ZToxMnB0OyBtYXJnaW46MCI+DQo8c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdCI+VGhlcmUgYXJlIHR3byBzZXNzaW9ucyBmb3IgU0FBRy9TZWNEaXNwYXRjaCwg ZWFjaCBzcGxpdCBhcyBvbmUgaG91cj8mbmJzcDsgSXMgdGhhdCBjb3JyZWN0Pzwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2IHN0eWxlPSJ3aGl0 ZS1zcGFjZTpub3JtYWwiPg0KPHAgZGlyPSJhdXRvIj48YnI+DQpBbHNvOiB3aGVuIHdpbGwgdGhl IGFnZW5kYXMgZm9yIFNBQUcgYW5kIFNlY0Rpc3BhdGNoIGJlIHBvc3RlZD8gU29tZSBvZiB1cyBh cmUgdHJ5aW5nIHRvIGp1Z2dsZSBjb25mbGljdHMuDQo8L3A+DQo8cCBkaXI9ImF1dG8iPi0tUGF1 bCBIb2ZmbWFuIDwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8YnI+DQo8ZmllbGRzZXQgY2xhc3M9Im1p bWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0Pg0KPHByZSBjbGFzcz0ibW96LXF1b3RlLXBy ZSIgd3JhcD0iIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xw0KU2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJl dmlhdGVkIiBocmVmPSJtYWlsdG86U2VjZGlzcGF0Y2hAaWV0Zi5vcmciPlNlY2Rpc3BhdGNoQGll dGYub3JnPC9hPg0KPGEgY2xhc3M9Im1vei10eHQtbGluay1mcmVldGV4dCIgaHJlZj0iaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaCI+aHR0cHM6Ly93d3cu aWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaDwvYT4NCjwvcHJlPg0KPC9ibG9j a3F1b3RlPg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_672228fb365929d651d7be070d6127feericssoncom_-- From nobody Sun Oct 31 14:10:17 2021 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E5C93A0900 for ; Sun, 31 Oct 2021 14:10:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EAunl1SBmB98 for ; Sun, 31 Oct 2021 14:10:11 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60087.outbound.protection.outlook.com [40.107.6.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EDBA3A08FF for ; Sun, 31 Oct 2021 14:10:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JE+oRJY1Cb6nLoU0eUs2Zh8Yyhhe9IAdS/qHsPsVXp4DHRLu17q94GZzL4+28XkrWIZUABGLR9JQloRrKtfvF8bpWNXGHITqrCQiAWSwwmN9O7x13bwzsFJC5rPPzc43IZwwWYnpxFxYXM1kD4hvI6BupZKnAdseo28THxvc7TV31HuK+IzHokHULFoXOx6KKA7QV7iKHiBjUtBaRnCarDtOO62gy1twgPvv3u9RQqTZ6uCe90NII+8tAPpafYpAkLUNeH7nDii4ZiImjBkTq+hPaxeYjFv4evwr1YQCOxmH92irfQicM/KdXCnSUbtMzP+MsquwXKNKly3HgENHyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=94OacIeF8S7yxWqAv9WxXO63lzJdaRZVZQR6iHFj6gg=; b=ltrPzPzenlUXIA08vEQzEjjuHlubZ9IgqOAjmghJvgFxzwhLDpUr0fFJyMArfchZvL1trfoofFvrmu6Z67GmX1Z5x4w9mPR6EwdY6BN2yHx90OF2Jb4msLA4MSCSrTcrXy++KL+k8MxG+egYdQv9tlfjclD0eHuUT2M4Bi6jNNFTvSXLF/Q0pB6Iy+0+Z38B/cUTAyp7lYutsoLU/+VVqt/GdZyW79wiM0uhG+R8qR4OkrS0y0E9aQsmCdcpDySER5HuZLCTXdfCRmww8K66QuuGeo0CNJpERzrgqfCR1gf2ZWuU1vsNB+sAUTVFsqodnL1rtONY2UrbJav1ReBHng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=94OacIeF8S7yxWqAv9WxXO63lzJdaRZVZQR6iHFj6gg=; b=DFA4j3UE+3UdjFWrjt2AbRkWk8dgGm4JY4EWdJotk2IEpVLsC5MPFmRbT7xhRpiBwLzgjnPJ71xlUylamBYpMkem4wdN+UwH+l1OM9SXpNM16JNifozA+Wcjf9BxhPbdDmq21UMm25C8NyTIEn8lDkL4EwJ9HIZ5d/qIo9QGXQs= Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com (2603:10a6:3:75::7) by HE1PR07MB3065.eurprd07.prod.outlook.com (2603:10a6:7:35::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.8; Sun, 31 Oct 2021 21:10:03 +0000 Received: from HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::c458:53bc:ef37:6d62]) by HE1PR0701MB2474.eurprd07.prod.outlook.com ([fe80::c458:53bc:ef37:6d62%12]) with mapi id 15.20.4669.009; Sun, 31 Oct 2021 21:10:03 +0000 From: Mohit Sethi M To: IETF SecDispatch Thread-Topic: Call for agenda items Thread-Index: AQHXzpusgrw1vV5TaEuLV9a+2B7yHg== Date: Sun, 31 Oct 2021 21:10:03 +0000 Message-ID: <58c2979d-79f1-d759-21ea-f5df74d0a965@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 131fece1-db9b-4718-4aee-08d99cb2cee0 x-ms-traffictypediagnostic: HE1PR07MB3065: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ynSKy4EpyJQLcT2iGW97UtBTC1PcRMO/u9k14SsbtRCAtUpxu3WLLdPgD9dFLWFibLxvmN0sUYTpyLfKGEUPXCfBGVQTuf1CTWnU8nKQWlACHOIML4WR/KvoZfuowwPBcEW6+7B8+eJqAvWjMqA7Us8P2vGP6EMo9hb2jC89NlXhtT/mjVXkZPXJ1X7xkXQUAJg3jZq+fTobFE3x1ujxe0gha1HzQAtUW2/6tTegp/9hIZ4GJqyK/Ha4FWubWSQ2WVjh0A6kChSz3HE7t1tJRPhtJzThrq0WFuIfCKvjGVqmpkYtYaEzYfeFe8/oIyKrXIbuffW2Yj7eu0lqNl9C+EVHzOnK0fmvn8TZIU8LglM6Rw04+LRlteamJUl6dPX81Js+tKBnMnc83zCFgRSoQI76ZViya3oo9m8NIMwBq3+EZRzRPc7VOhnO5ZzjG3gUmNRO+sj7lGfWzSp3FsU/l7RFpNiNGTNXe/IkslzfQjkiISJEcDiwxN9mPtrkevIrChSxSOZB/oq1C+Z4QivCEiDlGym9OtvmpT55C2CkXpL7AKS8yc7wmn8rE8YkWY0pRtxF562il8Zs/8nTZ6D8BgHTuatYke4RxYi9Ha1b9QyV1A8+MnRDvBq2e2D6vdUTZCDWmoxYnIRV9Ec6zYFEqeX2cKpQ1XM/aOlpI0C/yoQKAvp153EkRYjZ/viYM9ApPKZhas6dtVT0HPs41qPQKF6K5EHA28aiX7rXAAVFrBoqrVWmdK5Op1tkxwFDAfDv4NLoW1TNQw3D8Y0tzdgPiCrtdau4Q5e1DeHwVZZDheLZ7iEOC6y9M5r/Z1PLHt6BmE+CXOGKPPkJnAbLRl561L5wwFBXQTFN0Bn+n5I4Pb1NoAnh5zCyL/XnmEZaz/94FS6xAECXazGna2rNdU0vXw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB2474.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(36756003)(86362001)(966005)(31696002)(2616005)(6916009)(2906002)(71200400001)(6486002)(186003)(508600001)(6506007)(122000001)(3480700007)(8936002)(82960400001)(38100700002)(6512007)(83380400001)(5660300002)(316002)(38070700005)(76116006)(8676002)(31686004)(66446008)(66946007)(64756008)(66476007)(66556008)(43740500002)(45980500001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?UlF3Z1Q4NFloWU1JSS9INVVxbE1SYzBpQzVJVjcvZ2hRZmRqckRRY2EzellX?= =?utf-8?B?V3NzUm11enIxV1hrUHBWcng4RWo0NXBidkpwU0tzcVN1VlFHODRxbHJtQzZ5?= =?utf-8?B?Wkp4QmxRZG9SWWZSMCtwemg3UW1SKy80R25EZnF1UnhIWk1ZMDNuN0s3SExJ?= =?utf-8?B?S0N2TTBoQjZkUnZ5dWZUTGsrUWNzMUlNOVdYVUExcldDZG1vZkErT0o5c3Fw?= =?utf-8?B?c2sycWtkSVJ0RGoxV0xDUmNyOXBwSWh2cVptTHZRZjZiNElyb0JrOHNzUGFi?= =?utf-8?B?K1BkZVVtdHhqY2hwSkVpWGljcDYyRDFVRTkwdGdsZkxlWDV6cFljZllkVzBl?= =?utf-8?B?OWJyVVc1Ti9CYW92VDRUSVRQRW4xZUpRbnR3OFdUcmh2UzUrQXFQYjQvQ2lw?= =?utf-8?B?N05heU8zVDdPK2Rya2VOMmlYeUZkcDQ1NUdFeVNKNkJFVHZQZWl6ZXVHVDRH?= =?utf-8?B?NlNyRXhlM29JR0tFaTkxeEVlejIwRFk1NFJMRk5ScU13QjNNNEM0T1JwWWpZ?= =?utf-8?B?MUpOK3FxdTRqandBK0VvdkN0UktydzJXdHBrUkV4eTI5V1FLQWtmL3dIU1o5?= =?utf-8?B?TGVjN09ReTJySlVydjNGei82Z2NhOGpFZGV5SWtqUDZQM3hyalhDQ1FuQ05x?= =?utf-8?B?N042YmNxallyVGxlQlBtb0pWS2xoWm14c2VRR3oveGx2R2ZTTjYxalczam5C?= =?utf-8?B?aDFyT0VPVS9HN1FWUWxzUGpHUjBYQUI5L1p0M1lCaXVjSSs2bVllaVJYa0hV?= =?utf-8?B?elFWOU92eVFBeTUwUGQycy9GellSVzNLWjg2dUUycmN5ZzJnY3JmOEh6VlZC?= =?utf-8?B?dnBsWlJiZVNieUp0OFJ3KzY1OWhFSmpBN0dEUjVjZmlTNXkrQUVqNStHRE5a?= =?utf-8?B?RHBORzdOWEVRdjNKNGxvMG9rUGtIWHVCbXNNdlExSWRIZkZXSnZYczZEazZL?= =?utf-8?B?RlhaOGZQRTd0bVFFdERwaEtsc1pvbDAybWhIVCsrM1p6M3dCcnREeVRwZTdO?= =?utf-8?B?aWlxSi8yU0JxekRDcDVWZU5SVEo0Nlp6UGw0WXo1MlpCeVpYWWN6U00ySFE5?= =?utf-8?B?SjVPWDNBZzVyTzhFUVhYdEtZNXlZZ3dwNkFpbjk2MnZacThma0JwQjVoRjlW?= =?utf-8?B?enhJak9obkJXQlV4WmUvQzJPYVpHUU1DcGVGM2dENUllYWRxdDdYR0FXMEgz?= =?utf-8?B?RGFacjc1QXNHdHVDb2d0UmtobFFGbHBBZW5YOUhpa0tUMWM0UU9rekcwbFZm?= =?utf-8?B?K05RNzYxYWVSdkNkYXB4WFhiUWlmaGR1RW5oZzVPTnk1NXhINXRRUkEvQXVv?= =?utf-8?B?cnlKVUtaQi9MTytsK3RTUW9RNXFsYTRZbjhYR3M3bFdXWUJyVjZJajRhb2hW?= =?utf-8?B?U3p1cWhUUG8yUmU5OER3TFB1dXgwWnRBUUQ1MEFBRlF4VWhxWkc1M0hXL2RL?= =?utf-8?B?dGxxMFhHV1BjbHlWMXh3TGU4WWVtTEh2ZEM5c1l2dzJlRXRjaXo5M2p2R2tZ?= =?utf-8?B?WUhxTGpFVnZ5UDBEbWJRRWZjUXNMSEFBZ3YxWlhYSjlVSlgrdEphK0o3TDhC?= =?utf-8?B?OW9pMkY4c0NjdjdFb2pNbUh6MlcwdGM1Y05LQW5BQ3JmdzdFcVlqWGEwSVZa?= =?utf-8?B?bGt4YTVVOXl0OXNRS21pQTFteXg3WDZJMUFOTFdQN3F2VnBsUkJ6K090MkFW?= =?utf-8?B?T2JIQ0prVUtOSlFHZWVKQ1ROZW9Oa0ZtWU03aXhNaVdXbG95S2pxYjhrQTlz?= =?utf-8?B?YWtLNGIxbFcvendtNHFMTkRjbnpiRlZFUEI1cFZtbjlWSUpYVjhudnA2Q0Rq?= =?utf-8?B?eEJxTG1MYXhCS2ZkZ2VMTXdQd2djeDJ5ZTdMenU0SnNnRUx4VCs5U0t2Tjlv?= =?utf-8?B?a1dtdERoMHd2b1BrMjNTTDIyL0FvbFR6Y24rTkZXdXRrYVNXTElweFBvbUc4?= =?utf-8?B?S2lmdDR6QVpiMnFiak9pLzZmS2s3OFlub3N1L2VKbS9yQ05yQnFRMU83K1hC?= =?utf-8?B?V2tIaUNuVklRalVPOGc4Z09iUExGdkg0dE42SC9OWHdFRlVUMnhnT3dtdDRv?= =?utf-8?B?NHllajlSTnMxK1hSWk1yUEtzell1LzhYVUtzRHdvUVQ3UWVETm51QU5HcHZy?= =?utf-8?B?M3RXZXM4RzNkU0oyRm5IeXhxUys2WjdVekV0b21Fd1F0ZUZIc1UyYk8xTnIr?= =?utf-8?B?NTNtUVRwSzd5MUl4SDNrRG5QMERyUlRxR094YXB5UnQyNU8yZUNhNGs3MHFC?= =?utf-8?B?N2NrQUgycGVoUWxTZGQxM0p3SlFtR2Jwem83YUVjdzI1WnhVOW1NeTByL2dK?= =?utf-8?B?WGxqVURZUHFQbCtXb2o3UGNvcU9udTE4R3lpc245bjllUmQvMC93dz09?= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB2474.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 131fece1-db9b-4718-4aee-08d99cb2cee0 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2021 21:10:03.7423 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3rbO/XO7M116qEnfU50p3R+IPeIXttLWGkdvQu3XFTV9zbbK5yskgxG0HrAxmtngcnnYEPvODhW5cPPtYXBgCe+i+UblTS1uQ7u9tJSNDfc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3065 Archived-At: Subject: [Secdispatch] Call for agenda items X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2021 21:10:16 -0000 RGVhciBhbGwsDQoNCkFzIG90aGVycyBoYXZlIHBvaW50ZWQgb3V0IG9uIHRoZSBsaXN0LCBTQUFH IGFuZCBTZWNkaXNwYXRjaCB3aWxsIGhhdmUgDQp0d28gam9pbnQgc2Vzc2lvbnMgb24gVHVlc2Rh eSBhbmQgVGh1cnNkYXkuIFRoZSB0d28gam9pbnQgc2Vzc2lvbnMgd2VyZSANCmRvbmUgdG8gYWNj b21tb2RhdGUgdGhlIGF2YWlsYWJpbGl0eSBvZiBleHRlcm5hbCBzcGVha2VycyBmb3IgaW52aXRl ZCANCnRhbGtzIGluIFNBQUcuDQoNCkZvciBTZWNkaXNwYXRjaCwgc28gZmFyLCB3ZSBoYXZlIHJl Y2VpdmVkIHByZXNlbnRhdGlvbiByZXF1ZXN0cyBmb3IgdGhlIA0KZm9sbG93aW5nIGRyYWZ0czoN Cg0KMS4gZHJhZnQtcHJpdmF0ZS1hY2Nlc3MtdG9rZW5zIDogDQpodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9odG1sL2RyYWZ0LXByaXZhdGUtYWNjZXNzLXRva2Vucy0wMA0KDQoyLiBk cmFmdC1rcm9zZS1tdWx0aWNhc3Qtc2VjdXJpdHkgOiANCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2h0bWwvZHJhZnQta3Jvc2UtbXVsdGljYXN0LXNlY3VyaXR5LTAxDQoNCklmIHlv dXIgZHJhZnQvdG9waWMgaXMgbm90IG9uIHRoZSBsaXN0IGFuZCB5b3Ugd291bGQgbGlrZSB0byBw cmVzZW50IGluIA0KU2VjZGlzcGF0Y2ggYXQgdGhlIHVwY29taW5nIHZpcnR1YWwgSUVURiBtZWV0 aW5nLCBub3cgaXMgdGhlIHRpbWUgdG8gDQpzdGFydCBhIHRocmVhZCBvbiB0aGUgU2VjZGlzcGF0 Y2ggbWFpbGluZyBsaXN0LiBUaGUgU2VjZGlzcGF0Y2ggd2lraSANCmNvbnRhaW5zIGluZm9ybWF0 aW9uDQphYm91dCB3aGF0IHdlIGV4cGVjdCB0byBzZWUgaW4gdGhlIG1haWwgdGhyZWFkIGZvciBl YWNoIGFnZW5kYSBpdGVtOiANCmh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL3NlY2Rpc3BhdGNo L3dpa2kjUmVxdWVzdGluZ1RpbWVvbnRoZUFnZW5kYQ0KDQpJbiB0aGUgbGlrZWx5IGNhc2Ugb2Yg bm8gbmV3IGxhc3QgbWludXRlIHJlcXVlc3RzLCBTZWNkaXNwYXRjaCBtaWdodCANCmZpbmlzaCBp biB0aGUgbGF0dGVyIDEgaG91ciBvZiB0aGUgam9pbnQgc2Vzc2lvbiBvbiBUdWVzZGF5LCBOb3Zl bWJlciA5LCANCjIwMjEsIDEyOjAwLTE0OjAwIFVUQy4gVGh1cywgU2VjZGlzcGF0Y2ggbWlnaHQg bm90IG5lZWQgdGhlIHNlY29uZCANCnNlc3Npb24gb24gVGh1cnNkYXkuDQoNClRoYW5rcyENCkth dGhsZWVuLCBSaWNoYXJkLCBhbmQgTW9oaXQNCg0KDQo=