From nobody Tue Oct 1 07:02:31 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B557512083F; Tue, 1 Oct 2019 07:02:20 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Roman Danyliw via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, Brian Rosen , sipcore-chairs@ietf.org, br@brianrosen.net, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.103.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Roman Danyliw Message-ID: <156993854073.23764.6952952932730939348.idtracker@ietfa.amsl.com> Date: Tue, 01 Oct 2019 07:02:20 -0700 Archived-At: Subject: [sipcore] Roman Danyliw's No Objection on draft-ietf-sipcore-callinfo-spam-04: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 14:02:31 -0000 Roman Danyliw has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 1. Per the reference to “the historical precedent of the ‘blue pages’”, is that a references understandable outside of the US/Canada? Section 1. Per “In the United States, industry organizations have proposed …”, is there a citation for this activity? Section 4. Typo. s/equipement/equipment/ Section 8.1. ‘Confidence’ appears to be missing from the list of new parameters to register in "Header Field Parameters and Parameter Values" under “Call-Info”. Section 8.3. Per idnits, RFC 5226 is obsoleted by RFC 8126 Section 9. Per “Thus, a UAS SHOULD NOT trust the information … unless … the UAS is protected by TLS [RFC8446]”, is this text explicitly saying only TLS v1.3 is trusted (i.e., TLS v1.2 or a future TLS v2 would not be trusted)? I’d recommend indicating a TLS version number (e.g., TLS 1.2+ or per RFC7525) Section 9. Nit. /the called party is mislead/the called party is misled/ From nobody Tue Oct 1 08:23:21 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB2F12089D; Tue, 1 Oct 2019 08:23:14 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Magnus Westerlund via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, Brian Rosen , sipcore-chairs@ietf.org, br@brianrosen.net, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.103.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Magnus Westerlund Message-ID: <156994339417.23785.17592549456460131068.idtracker@ietfa.amsl.com> Date: Tue, 01 Oct 2019 08:23:14 -0700 Archived-At: Subject: [sipcore] Magnus Westerlund's Discuss on draft-ietf-sipcore-callinfo-spam-04: (with DISCUSS and COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Oct 2019 15:23:15 -0000 Magnus Westerlund has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 7: Which ABNF is used here, please provide a reference. I also very much would appreciate that the normative reference for "iana-token" was provided in this section rather than 8.3. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 8.3: So I am slightly worried that there are no recommendations on the criteria the expert should have for accepting or rejecting an registration request. Well there is always the possibility for appealing a registration request if it gets rejected. Considering that these labels are very much social constructs they will be culture dependent and what may be acceptable in one culture may not be in another. I would expect that being very liberal is the only way forward here. At the same time allowing many overlapping labels could enable attacks on the system. Was these aspects discussed in the WG? From nobody Wed Oct 2 13:53:32 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D8D11120018; Wed, 2 Oct 2019 13:53:30 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alissa Cooper via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, Brian Rosen , sipcore-chairs@ietf.org, br@brianrosen.net, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alissa Cooper Message-ID: <157004961078.8961.7729070037801244717.idtracker@ietfa.amsl.com> Date: Wed, 02 Oct 2019 13:53:30 -0700 Archived-At: Subject: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-callinfo-spam-04: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 20:53:31 -0000 Alissa Cooper has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (1) It seems to me that there is a privacy consideration that is not discussed in this document, namely the unwanted exposure of the call types to third parties. If I'm receiving a lot of calls from the debt collection agency and my UA displays that information in my call log for anyone who might have access to my phone, or an eavesdropper can glean that information from intercepting my SIP signaling, as a user I probably want to be able to tell my SIP provider to disable this. Perhaps this capability to request that certain Call-Info headers not be sent is captured generically in RFC 3261 (I don't remember), in which case pointing that out here would be good. Or if not, I think something needs to be said about the ability for callees to turn off the transmission of these type labels. (2) I'm a little uncomfortable with this document being the definitive source for call types for all phone systems everywhere, since presumably these types have other uses in telephony beyond the use envisioned by this spec. Is there another document that could be cited as the definitive source for these types? From nobody Wed Oct 2 13:55:20 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A5B481208D2; Wed, 2 Oct 2019 13:55:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alissa Cooper via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, Brian Rosen , sipcore-chairs@ietf.org, br@brianrosen.net, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alissa Cooper Message-ID: <157004971067.8884.9413215821629997671.idtracker@ietfa.amsl.com> Date: Wed, 02 Oct 2019 13:55:10 -0700 Archived-At: Subject: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-callinfo-spam-04: (with DISCUSS and COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 20:55:11 -0000 Alissa Cooper has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (1) It seems to me that there is a privacy consideration that is not discussed in this document, namely the unwanted exposure of the call types to third parties. If I'm receiving a lot of calls from the debt collection agency and my UA displays that information in my call log for anyone who might have access to my phone, or an eavesdropper can glean that information from intercepting my SIP signaling, as a user I probably want to be able to tell my SIP provider to disable this. Perhaps this capability to request that certain Call-Info headers not be sent is captured generically in RFC 3261 (I don't remember), in which case pointing that out here would be good. Or if not, I think something needs to be said about the ability for callees to turn off the transmission of these type labels. (2) I'm a little uncomfortable with this document being the definitive source for call types for all phone systems everywhere, since presumably these types have other uses in telephony beyond the use envisioned by this spec. Is there another document that could be cited as the definitive source for these types? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Please respond to the Gen-ART review. From nobody Wed Oct 2 13:56:28 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3D012002F; Wed, 2 Oct 2019 13:56:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=imPH9mvO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=xzHFYQp5 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id elx3erkztxkk; Wed, 2 Oct 2019 13:56:08 -0700 (PDT) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8DD8120018; Wed, 2 Oct 2019 13:56:04 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 2FA2B221B6; Wed, 2 Oct 2019 16:56:04 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 02 Oct 2019 16:56:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=M JQ/YxsncM35YDRb+nSWTjILW7/JkAkvFiU8yXn+YZ8=; b=imPH9mvO2kJ7Zuv/f 5luLKfjPFdlposHx8Vfo5oTq1pNp+EqRxx/xZW7WV8D50n7cujdUylkWkkjKpdqv AU/57oSd4KvtWcoyKtp7FkmEh5XWxB8LEAASjm4q718rXCsahfC+4kpwEgpruQIO VvP9KpA2rCSB/KlKOpOWHuwSc4dmoYlC6+PAQlkMhXKGYCWfIYpjVqGFuV2DUC9E pfNbK9F3zi2alr/Qi93VZyMGGccMabHoWmI2z5FpPLz+gQBIcGPgjRX1RQwSNhiW h5KP3Op7i86r3mvDpE9YuoTBdEpgx8EPHDrdtiet+cnLuX3HbSIdNVDnwfLYO7VO P/yig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=MJQ/YxsncM35YDRb+nSWTjILW7/JkAkvFiU8yXn+Y Z8=; b=xzHFYQp5WXKBWIYIZheqPeGcxO1qsnpIlK6ZTo2K8ilDIOdppc9/KhR30 RuCZ3jf5659oYc+RVNoJ/LAD2bk7kqdZ1TVQCMXeOvNjMsDyTxmuMJqzCAlXzjmR XVihHUhwCvS1fV9LvUOvtu4kyDEJBBhKUAO+MgT07eiQIgzMe8CZ4vjmzrn2V/HD FKxCfbiDqKLCZx3zfAZTOtNkUK6aZjUjt4rpK/IbqFGXQqiOUqgmaAupQ/D5Bu6D NGOatO9CD/JIDL3PlKDP78+Bm5PuI2mjIESnasFDVLGiZrZooaYCHkEbxkGxt4xM xgjtnpQNFC433yhvd3vvrsENSXF1Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrgeeigdduheegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtggfuhfgjfffgkfhfvffosehtqh hmtdhhtddvnecuhfhrohhmpeetlhhishhsrgcuvehoohhpvghruceorghlihhsshgrsegt ohhophgvrhifrdhinheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfkphepudejfe drfeekrdduudejrdejheenucfrrghrrghmpehmrghilhhfrhhomheprghlihhsshgrsegt ohhophgvrhifrdhinhenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from rtp-alcoop-nitro3.cisco.com (unknown [173.38.117.75]) by mail.messagingengine.com (Postfix) with ESMTPA id 60D2480065; Wed, 2 Oct 2019 16:56:03 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Alissa Cooper In-Reply-To: <156799498109.25390.17063977634118014127@ietfa.amsl.com> Date: Wed, 2 Oct 2019 16:56:02 -0400 Cc: gen-art@ietf.org, draft-ietf-sipcore-callinfo-spam.all@ietf.org, sipcore@ietf.org, ietf@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <156799498109.25390.17063977634118014127@ietfa.amsl.com> To: Joel Halpern X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [sipcore] [Gen-art] Genart last call review of draft-ietf-sipcore-callinfo-spam-04 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 20:56:11 -0000 Joel, thanks for your review. I entered a DISCUSS ballot on a couple of = other points and asked the authors to address your review in my COMMENT. Alissa > On Sep 8, 2019, at 10:09 PM, Joel Halpern via Datatracker = wrote: >=20 > Reviewer: Joel Halpern > Review result: Ready with Nits >=20 > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. >=20 > For more information, please see the FAQ at >=20 > . >=20 > Document: draft-ietf-sipcore-callinfo-spam-04 > Reviewer: Joel Halpern > Review Date: 2019-09-08 > IETF LC End Date: 2019-09-14 > IESG Telechat date: Not scheduled for a telechat >=20 > Summary: This document is ready for publication as a Proposed Standard = RFC >=20 > Major issues: N/A >=20 > Minor issues: > ID Nits and inspection of the txt show that the ABNF is formatted = with > lines that are too long. While I expect that the RFC Editor can = fix this, > it seems safer for the authors to do the repairs themselves. (The = shepherd > has indicated they will be fixed, so I am merely including this = here to > make sure it is not forgotten.) >=20 > Nits/editorial comments: N/A >=20 >=20 > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art From nobody Wed Oct 2 14:21:04 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DDBCA120018; Wed, 2 Oct 2019 14:21:02 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benjamin Kaduk via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-callinfo-spam@ietf.org, Brian Rosen , sipcore-chairs@ietf.org, br@brianrosen.net, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Benjamin Kaduk Message-ID: <157005126286.8872.9458257549648550825.idtracker@ietfa.amsl.com> Date: Wed, 02 Oct 2019 14:21:02 -0700 Archived-At: Subject: [sipcore] Benjamin Kaduk's No Objection on draft-ietf-sipcore-callinfo-spam-04: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 21:21:03 -0000 Benjamin Kaduk has entered the following ballot position for draft-ietf-sipcore-callinfo-spam-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-callinfo-spam/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Alissa about the missing privacy considerations. Section 1 In many countries, an increasing number of calls are unwanted [RFC5039], as they might be fraudulent, telemarketing or the receiving party does not want to be disturbed by, say, surveys or solicitation by charities. nit: the list structure is not parallel, as "fraudulent" and "telemarketing" apply to the call themselves, but "the receiving party does not want to be disturbed" describes the callee. if the registrar is part of a PBX. Thus, the entity inserting the Call-Info header field and the UAS relying on it SHOULD be part of the same trust domain [RFC3324]. Conversely, the entity signing the I'm not sure if this ("SHOULD") is an attribute that one or more parties is expected to take action to ensure is the case, or merely a description of what the scenario is already expected to be. Section 4 confidence The 'confidence' parameter carries an estimated [...] specification. If a 'type' is not specified, this parameter estimates the likelihood that the call is unwanted spam by the called party. If the confidence level is not specified, the The 'type' parameter is mandatory, so I don't see how this situation could arise. Section 5 treated as a hint or estimate. Each entity inserting type information will need to define its own policy as to the level of certainty it requires before it inserts type information. It's probably okay to leave this unspecified, since the header is in some sense largely for use between callees and their SIP providers, but do we want to give some indication that these two parties could exchange information about what policy is being used? business Calls placed by businesses, i.e., an entity or enterprise entered into for profit. This type is used if no other, more precise, category fits. Aren't we supposed to have some reasonable level of confidence in classification before applying any label at all? It's not clear to me that this text about catch-all/fallback usage is appropriate. Section 7 If we felt like it, we could tighten up ci-confidence to not allow, e.g., a percentage value of 999. Section 9 capability. B2BUAs or proxies that maintain user registrations MUST remove any parameters defined in this document that were provided by untrusted third parties. Is the intent to impose this requirement on all B2BUAs globally (including those that do not otherwise implement this specification) or just ones that are adding Call-Info header fields or something else? Thus, a UAS SHOULD NOT trust the information in the "Call-Info" header field unless the SIP session between the entity inserting the header field and the UAS is protected by TLS [RFC8446]. I agree with the secdir reviewer that we need to say more about how the server is authenticated for this TLS connection. If we describe this as "SIPS" then the RFC 3261 requirement for "mutual TLS authentication" (still underspecified, but no longer this document's responsibility) kicks in. From nobody Thu Oct 3 05:59:40 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 773FF1200F8; Thu, 3 Oct 2019 05:59:37 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: sipcore@ietf.org, adam@nostrum.com, mahoney@nostrum.com, sipcore-chairs@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <157010757745.16148.3082080071137239756.idtracker@ietfa.amsl.com> Date: Thu, 03 Oct 2019 05:59:37 -0700 Archived-At: Subject: [sipcore] sipcore - Not having a session at IETF 106 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 12:59:38 -0000 Jean Mahoney, a chair of the sipcore working group, indicated that the sipcore working group does not plan to hold a session at IETF 106. This message was generated and sent by the IETF Meeting Session Request Tool. From nobody Thu Oct 3 08:17:00 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 953FC120930 for ; Thu, 3 Oct 2019 08:16:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.748 X-Spam-Level: X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fr5bXatoG1s5 for ; Thu, 3 Oct 2019 08:16:56 -0700 (PDT) Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD306120817 for ; Thu, 3 Oct 2019 08:16:53 -0700 (PDT) Received: by mail-io1-xd2c.google.com with SMTP id c6so6303484ioo.13 for ; Thu, 03 Oct 2019 08:16:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=PRmjl8wl2xKQygGOqSHIi68BaVvp+0fQjSXRfffnxno=; b=QYV5yPxkIoD0s1gmQ4vegGtzIXsUcvMqV36VUH9muvS9zjirCYlR3kZppVghiZ8iDT OQoiZNL3uZfbEVsWQ9ZdIYA11sgYgkvKIhVIis2QsVpqQAN/eUxkb2mxj86+BYu30y7+ DM5RTJKAPEoUH1tUpJUZWnHRRlbxCOdUYOtQ970W9cvMp/vRCiZU7sIok7d+s2Ttl85u N9xLShs9xgKpG+aysY5xMSZ82FNY2NjtzU38HagtWQAvKPhhawlkG5bO5sS63CJIrgei wuzNYfi8Gnia2gkCx0ChsOIsYqgsET+Q6h0cVC0mnTDthOPU34lCGlNE7RZ5WTiH5vfg vtWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PRmjl8wl2xKQygGOqSHIi68BaVvp+0fQjSXRfffnxno=; b=IBGS1jtrYmHaUNZIaYERZoKsqti0dWOtPk889szsZcEjoRkp977uanldw7nH3gL3Ge yJ94tWJn0lGdvX4s2ExCWhv7d8gjNpT2iDa/cILsAU0AXkIoG22gt6eVW6tbA0Nsv0tD jS4++lYaPo/drJAFg3bBY30BEzpeJZ8XZpHVA9G+TgkFORbei6UPor/AxoDxoMX8UdE7 tQCM94Cj2lgGHhziVRkgvK9sLP/1s1owsXMdZKW/Ib1Xo5vsNRIDFXKCVRO32a2t6KRR qELSMOZ4XVfOScVSEmRXPJ3H3xGQ67hRZ2ra0qfHMwyGt2LY9hc0ddM5ix0e7Az9sEYX 2SOQ== X-Gm-Message-State: APjAAAWkbNB2XO3YbXSbjPHOXRbXzQd9DgmlOOfkhjaYdOSvVGQ4o31U 13SlAWLbn6qNkLfSln9m0dRNLzW1Z4oEC6O69tE= X-Google-Smtp-Source: APXvYqyEghnhGYBLzTtKOhmO0vivrb5s04J4+kYpkqpZooenmhWP7F3qO6pF00hl1gGozd25sqoWvl6NqjdWA7+P3qA= X-Received: by 2002:a92:af0d:: with SMTP id n13mr10519000ili.87.1570115813000; Thu, 03 Oct 2019 08:16:53 -0700 (PDT) MIME-Version: 1.0 From: Ranjit Avasarala Date: Thu, 3 Oct 2019 10:16:42 -0500 Message-ID: To: sip-implementors@lists.columbia.edu, sipcore@ietf.org Content-Type: multipart/alternative; boundary="0000000000004a604005940313b3" Archived-At: Subject: [sipcore] ue-addr parameter in SIP Contact header X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 15:16:58 -0000 --0000000000004a604005940313b3 Content-Type: text/plain; charset="UTF-8" Hello SIP experts I have a scenario where, the S-CSCF is ignoring ue-addr=x.y.z.a;transport=udp parameter in INVITE request. Ignoring in the sense that it is not adding the "ue-addr" parameter in the INVITE it forwards to next hop but in another scenario, when the "ue-addr" is of the format ue-addr=x.y.z.x> i.e there is no transport=udp parameter added, then the S-CSCF is adding the "ue-addr" in the INVITE it forwards to next hop. So what could be the issue - is it presence of transport=udp next to ue-addr parameter that S-CSCF is not liking and ignoring? Thank you Ranjit --0000000000004a604005940313b3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello SIP experts

I have a scenario whe= re, the S-CSCF is ignoring ue-addr=3Dx.y.z.a;transport=3Dudp parameter in I= NVITE request.=C2=A0 Ignoring in the sense that it is not adding the "= ue-addr" parameter in the INVITE it forwards to next hop
but in another scenario, when the "ue-addr" is of the= format ue-addr=3Dx.y.z.x>=C2=A0 i.e there is no transport=3Dudp paramet= er added, then the S-CSCF is adding the "ue-addr" in the INVITE i= t forwards to next hop.

So what could be the issue= - is it presence of transport=3Dudp next to ue-addr parameter that S-CSCF = is not liking and ignoring?

Thank you
Ra= njit
--0000000000004a604005940313b3-- From nobody Thu Oct 3 10:31:44 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BFCB12012E for ; Thu, 3 Oct 2019 10:31:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6pR-0ZbXxq5D for ; Thu, 3 Oct 2019 10:31:39 -0700 (PDT) Received: from outgoing-alum.mit.edu (outgoing-alum.mit.edu [18.7.68.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16E9A12012A for ; Thu, 3 Oct 2019 10:31:38 -0700 (PDT) Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x93HVa3D027296 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Thu, 3 Oct 2019 13:31:37 -0400 To: sipcore@ietf.org References: From: Paul Kyzivat Message-ID: <0257476a-d5f9-8c24-8abf-c7b305f9cc55@alum.mit.edu> Date: Thu, 3 Oct 2019 13:31:36 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sipcore] ue-addr parameter in SIP Contact header X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 17:31:43 -0000 Ranjit, On 10/3/19 11:16 AM, Ranjit Avasarala wrote: > Hello SIP experts > > I have a scenario where, the S-CSCF is ignoring > ue-addr=x.y.z.a;transport=udp parameter in INVITE request.  Ignoring in > the sense that it is not adding the "ue-addr" parameter in the INVITE it > forwards to next hop > > but in another scenario, when the "ue-addr" is of the format > ue-addr=x.y.z.x>  i.e there is no transport=udp parameter added, then > the S-CSCF is adding the "ue-addr" in the INVITE it forwards to next hop. > > So what could be the issue - is it presence of transport=udp next to > ue-addr parameter that S-CSCF is not liking and ignoring? Yesterday you asked a similar question on the dispatch list. I replied to you and suggested that is a more appropriate place to ask this kind of question. Today you are trying sipcore. I still say that sip-implementors is a better place. Now that you identify an S-CSCF it is obvious that this pertains to 3GPP IMS. You may have better luck asking some IMS forum. Also, if you expect to get an answer anywhere you need to provide better information. What you provided today is marginally more helpful than what you said yesterday, but is still very unclear. Please provide the context (in the form of a call flow), and copies of the sip message(s) of concern. Based on the little you provide above, I *guess* that you are using "ue-addr" as a SIP URI parameter in a sip header field - perhaps the Request-URI. If so, please note that "ue-addr" is *not* registered as a SIP URI parameter in the iana registry. See: https://www.iana.org/assignments/sip-parameters/sip-parameters.xhtml#sip-parameters-11 Note that Standards Action is required to define new SIP URI parameters. 3GPP is pretty good about following IETF rules for SIP and registering their unique parameters in appropriate IANA registries. So I am guessing that "ue-addr" is proprietary to one 3GPP vendor's implementation. If you send a request containing a URI parameter to a server that doesn't know about that parameter, then it is quite plausible that the parameter will be ignored and not passed along on the next hop. If you have more questions, please provide sufficient detail so that they may be answered. Good luck, Paul From nobody Thu Oct 3 23:14:05 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 451791200FD for ; Thu, 3 Oct 2019 23:14:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.003 X-Spam-Level: X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYAd9RwERvTg for ; Thu, 3 Oct 2019 23:14:02 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60080.outbound.protection.outlook.com [40.107.6.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B1931200C1 for ; Thu, 3 Oct 2019 23:14:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VmN++pZNfODOqOBCb6YRD55yNl7s8UGwxQUwha8SbUMdaz4tsAzwITIHYp/LvxtU3XjxtKME57atleN8p8L1QFEhS/b5//4bhwzk6T1wRtPrDEiXfsHy12voZX1QQgztFjtNLT8Abglw094bYmHbw4mhnqCAePmDR1Al3zOip4YV/H2Ya5JEiZ1nOXheALqBZB66fJB57+Ou7RmbAs/zYV2jYCAPt0YpV90soJ6vQTx3sS7bDExK9wMpMPqyb7fjHugS6UMQtusr+mKbr2fyRaK5Z4mAQrJ4ANS9vPvbPr36UVw5VSjrNUsyurY8pcEyWlVztTUTZuHcRYXVaavQSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lK5OIh7bnesvjwEqpoR1BlCucDSUiYWuI7Ny+5XucCs=; b=MFooa6d15xKjtPbMM94N0+zXrYgGz1fDj0Cs6NlcPWGCkQPm3tCH2D8b8zuKnQFAVb7tEnkZD6L6TlyDKxaXl0Yp1JmO7CkD1/VgEEIB2lPxXssmvcw6AKXTk88WXi07hlbTWK53coqM9jLJSLABr9856acqLN3HnLL2b24zCh8cn/3pit5Ud+J2xy9JVCfToFiiJc1E1heCc7beKUxp6Zy6iiexHq6dyfS0rR9/WGtLscWKMGLt4xEJyK2XkCrHn6ZpY4dPqk//BBPByuax2oFiS4Zr2YbOj+zekDB6EjiSPINRrXYYoL9gUJh1o0zVpaF/QK4vXk69cn+nBKBCYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lK5OIh7bnesvjwEqpoR1BlCucDSUiYWuI7Ny+5XucCs=; b=XHDkSHf4iw1iMcshI0+aTxm3MA0SNDFNVJ34G29VxsNAT4Rc4llu53gTN5dQ7sjdKxBNIPu+mN7ndFno9y+j+848jFDcTKnh2VF+tYmfEqurKxrjXO+ox8h7zLeFiGGVRLxE5GcWG3mUhuC1Vi97Cg8eDLl4hFN0UvXCdoAXTtM= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4425.eurprd07.prod.outlook.com (20.176.162.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.10; Fri, 4 Oct 2019 06:13:58 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9%3]) with mapi id 15.20.2327.017; Fri, 4 Oct 2019 06:13:58 +0000 From: Christer Holmberg To: Paul Kyzivat , "sipcore@ietf.org" Thread-Topic: [sipcore] ue-addr parameter in SIP Contact header Thread-Index: AQHVef2jEGirkUEgqU28Q1qKr/jQ+qdJLNQAgAEHTAA= Date: Fri, 4 Oct 2019 06:13:58 +0000 Message-ID: References: <0257476a-d5f9-8c24-8abf-c7b305f9cc55@alum.mit.edu> In-Reply-To: <0257476a-d5f9-8c24-8abf-c7b305f9cc55@alum.mit.edu> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24847e1f-fc3a-4be1-5ed8-08d748920b32 x-ms-traffictypediagnostic: HE1PR07MB4425: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 018093A9B5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(346002)(396003)(366004)(39860400002)(199004)(189003)(229853002)(186003)(486006)(6486002)(6506007)(6116002)(3846002)(86362001)(5660300002)(71200400001)(71190400001)(11346002)(316002)(446003)(110136005)(8676002)(81156014)(81166006)(2616005)(76176011)(8936002)(6436002)(44832011)(476003)(99286004)(305945005)(4744005)(7736002)(256004)(6246003)(36756003)(66066001)(66446008)(66556008)(6512007)(76116006)(64756008)(58126008)(478600001)(25786009)(66946007)(2501003)(66476007)(102836004)(2906002)(26005)(14454004)(2171002)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4425; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aZoJEca1k0xyeXioBc4H6fky5U1Zz1J6VMqYmUrDJGvq2OM71l64xyX7D1+qFYAzE3f3YeTgbA+yW387hstgwtRxlLVtT7ASJivbeNe9y1+25oL8YHWAmT5ptddZTQ71YJ2pMdJVwkBG5TmEBpIKWyoJO9ei/0wlBh5hGslR07BcWrOYcqq1qp/+6AXGpAU63Z9fU7nqQ22x9LjfRkRE9WLyEiTLMH5PSfEk553aJ6E6hkc0yYAWLbZm/nbf1OS5+EeJlWUJxd/9bLOO44KZpVdNPrtLsSd9XCqJe5hMO2S3yaQOhlNB9k5SozCR1Jk1qqH7kF1gk9FaHwtp7tAqFHIHFRwzqnZ6yjBf3R75oZVP2liGJE+n5GPcj8t9EdL9XxttX+o1rLULIan2tlqZkwWWxxQZt7kHfBzI2MpkBcw= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <90959A0F673CB545903860EC196A63F0@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24847e1f-fc3a-4be1-5ed8-08d748920b32 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2019 06:13:58.5610 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RkRkPh7BFm8HvZJC7jfASnkQC4NMVrP9722tzBihsvpVADDLWg4KojW+8+iAnYwBQs/W3hn1mTse3v6/bcd9g/hM4ocC1EKSzfbTlTXvZ+k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4425 Archived-At: Subject: Re: [sipcore] ue-addr parameter in SIP Contact header X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 06:14:03 -0000 SGksDQoNCi4uLg0KDQo+IE5vdGUgdGhhdCBTdGFuZGFyZHMgQWN0aW9uIGlzIHJlcXVpcmVkIHRv IGRlZmluZSBuZXcgU0lQIFVSSSBwYXJhbWV0ZXJzLiANCj4gM0dQUCBpcyBwcmV0dHkgZ29vZCBh Ym91dCBmb2xsb3dpbmcgSUVURiBydWxlcyBmb3IgU0lQIGFuZCByZWdpc3RlcmluZyANCj4gdGhl aXIgdW5pcXVlIHBhcmFtZXRlcnMgaW4gYXBwcm9wcmlhdGUgSUFOQSByZWdpc3RyaWVzLiBTbyBJ IGFtIGd1ZXNzaW5nIA0KPiB0aGF0ICJ1ZS1hZGRyIiBpcyBwcm9wcmlldGFyeSB0byBvbmUgM0dQ UCB2ZW5kb3IncyBpbXBsZW1lbnRhdGlvbi4NCg0KSSB0aGluayBzbyB0b28uIE15IDNHUFAgY29s bGVhZ3VlIHRvbGQgbWUgdGhhdCwgYXMgZmFyIGFzIGhlIGtub3dzLCAzR1BQIGRvZXMgbm90IGRl ZmluZSBzdWNoIHBhcmFtZXRlci4NCg0KUmVnYXJkcywNCg0KQ2hyaXN0ZXINCiAgICAgDQoNCg== From nobody Sun Oct 6 12:46:05 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23D8D120048; Sun, 6 Oct 2019 12:46:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.98 X-Spam-Level: X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HnC4HU4Y3S6i; Sun, 6 Oct 2019 12:46:02 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B9E81200B6; Sun, 6 Oct 2019 12:46:02 -0700 (PDT) Received: from mutabilis-2.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x96Jk01D040066 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 6 Oct 2019 14:46:01 -0500 (CDT) (envelope-from mahoney@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1570391161; bh=M4xZD0lUdk6F6YWGgy2BImAlCf4SodEyz6QqAgwUtEs=; h=To:From:Subject:Date; b=CTiku/WFfECTbEmQyU5+m03htLGSSuPA7CNX3GQDuTacyNhbTSPZEK5/hFxc6Fp3T JEiyfA9RcMTkxpaZ4otqgjG0S7rPmh979JjSQ2sfS5mndKnFFPZrsqgBLuSuuy9S/H HlBQb8u4e6NE4Cty+MO/6gGS1LxdEwPcsBkDhbRA= X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be mutabilis-2.local To: draft-ietf-sipcore-locparam@ietf.org, SIPCORE From: "A. Jean Mahoney" Message-ID: Date: Sun, 6 Oct 2019 14:46:00 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [sipcore] Doc Shepherd review of draft-ietf-sipcore-locparam-03 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 19:46:05 -0000 Hi all, Below is my review of the version that incorporates the WGLC feedback. Thanks for addressing the feedback so far! Jean ------------- Minor issues: S4. There should be a stronger tie-in to the ABNF given in RFC6442. Current: The mechanism employed adds a parameter to the location value defined in [RFC6442] that identifies the hostname of the entity adding the location value to the Geolocation header field. Suggested: The mechanism adds a geoloc-param parameter to the locationValue defined in [RFC6442] that identifies the hostname of the entity adding the location value to the Geolocation header field. To make the terminology in this draft consistent with RFC6442: s/location value/locationValue When referring to header field parameters, SIP specs usually use the token in quotes ("expires", "qop") rather than the ABNF rule name (c-p-expires, message-qop) in text. Also, IANA lists header field parameters by their tokens in the "Header Field Parameters and Parameter Values" sub-registry. Instead of location-source, "loc-src" should be used in this draft's text. S8. The IANA Considerations section needs a bit more clarification. Current: 8.1. Registration of location-source parameter for Geolocation header field This document calls for IANA to register a new SIP header parameter as per the guidelines in [RFC3261], which will be added to header sub-registry under http://www.iana.org/assignments/sip-parameters. Header Field: Geolocation Parameter Name: loc-src Suggested: 8.1. Registration of "loc-src" parameter for the Geolocation header field The IANA is asked to add a new SIP header field parameter for the Geolocation header field in the "Header Field Parameters and Parameter Values" subregistry (created by [RFC3968]) of the "Session Initiation Protocol (SIP) Parameters" registry found at https://www.iana.org/assignments/sip-parameters/. Header Field: Geolocation Parameter Name: loc-src Predefined Values: No Reference: This RFC ----- Nits: Header: Use just the RFC number in the Updates: field - that is, 6442. Abstract: Add the sentence (but not a cite, though): "This document updates RFC 6442." S1. s/edge-proxies/edge proxies Current: ...it does not provide any indication of which node actually added the location value. Suggested: ...it does not identify which node added the location value. S3. Current: This document makes no attempt to comment on these various architectures or the rationale for them wishing to include multiple location values. Suggested: This document does not comment on these various architectures or on the rationale for including multiple location values. s/The The/The Current: The functional architecture described within ETSI [M493] is an example of architecture where this parameter makes sense to be used. Suggested: The functional architecture described within ETSI [M493] is an example of an architecture where it makes sense to use this parameter. S4. s/intermediarity/intermediary (multiple instances) S5. s/URI the provided/URI provided S6. Current: While the addition of the location-source parameter does provide an indicator of the entity that added the location in the signaling path this provides little more exposure than a proxy identity being added to the record-route header field. Suggested: While the addition of the "loc-src" parameter identifies the entity that added the location in the signaling path, this addition provides little more exposure than adding a proxy identity to the Record-Route header field. S7. Current: To avoid problems of wrong interpretation of loc-src the value may be removed when passed to an other domain. Suggested: To avoid problems with misinterpretation of the "loc-src" parameter, the value may be removed when passed to an other domain. S9. s/draft The/draft. The From nobody Mon Oct 7 02:05:55 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3BE01200B1 for ; Mon, 7 Oct 2019 02:05:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telekom.de Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id myEhUOED9_kN for ; Mon, 7 Oct 2019 02:05:51 -0700 (PDT) Received: from mailout41.telekom.de (mailout41.telekom.de [194.25.225.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D499120052 for ; Mon, 7 Oct 2019 02:05:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1; t=1570439141; x=1601975141; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=BcORU6kp+QOxNX3l61ARF8xD23nZgmlZfjW+smurkRM=; b=n6gmoDtm9P39DQMc9ae8Le43ZwKKGDBoBsalfYCLERpUugpJpQ4w+KXC SliL/ko/VjePkCUIARcTRJL1CZSoGyJzWQdkK77WU1kAk+ElFpaWSuNi5 nc0KOaJrTngOUzw2fCe2p14/22i1tToZENVRDSPKbpJhY5L1h4u0ih7Zl OEO3wl2+/WO0retC+/c9YYtWcxTj8Ot8fPCV8oE7wCh7i+Ic2q8KGTLVI rZwa6gtL6ylAbmlet9dNudINyJeAofLS0VgSOY3p/zasNAwtuyu9LhRYr E9vcoIpZlrGX8LOG9YSVcLUpbX+9P3n97FPQ9ZBuN7qFCPXdNfxCwsZcQ A==; Received: from qdezc2.de.t-internal.com ([10.171.255.37]) by MAILOUT41.dmznet.de.t-internal.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 11:05:39 +0200 X-IronPort-AV: E=Sophos;i="5.67,267,1566856800"; d="scan'208";a="161680300" X-MGA-submission: =?us-ascii?q?MDGcADW8rAaTQ5U2Nu2S0gs12dZwE+aa0FzUDO?= =?us-ascii?q?qHRha9F8Zs1UZImePnrGAxJnqkmicTrliuz1h2zZcTvv/bESqAgLTQ9I?= =?us-ascii?q?o6qxpITIGOPE5XD4L2gUGsaIjC05bFMXcKq9Ciz0mVsdxlo3xucFXa0p?= =?us-ascii?q?wDsdAxD6rSIl4Cx2jwfJI78Q=3D=3D?= Received: from he199744.emea1.cds.t-internal.com ([10.169.119.52]) by qde0ps.de.t-internal.com with ESMTP/TLS/AES256-SHA; 07 Oct 2019 11:04:38 +0200 Received: from HE199743.EMEA1.cds.t-internal.com (10.169.119.51) by HE199744.emea1.cds.t-internal.com (10.169.119.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 7 Oct 2019 11:04:21 +0200 Received: from HE104163.emea1.cds.t-internal.com (10.171.40.38) by HE199743.EMEA1.cds.t-internal.com (10.169.119.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 7 Oct 2019 11:04:21 +0200 Received: from GER01-LEJ-obe.outbound.protection.outlook.de (51.5.80.18) by O365mail05.telekom.de (172.30.0.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 7 Oct 2019 11:04:21 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nHAIrkMSNAtTlimvljaimJM4G9D0yGiqjnQBFm7Dvxvi6BcbwzqpzzsfU/Aqsm/ZtHddS2Ij8m1svgaCwAVbVSj6+NsM7NgjNhAVmUAkvaN9OpTmARulPZGQKQHpIjuXh+9K4FaAKfAB45k2muIflhz0l37o4yjsn7E6JjyytORpmHPvZNRnzyPaBeCmS16MLD6xjVrslHidYVP6lMQUxhoxvT5/jyXX71Xuu2f8MMcv48YdO4+U+U4p7GhZm+T8PZl2gzoTeUTvS+GCILmLjcG0mBiVz8ZaR70q13fgni8f+XH7hkZmg4m4TKqCKIjfidf84nxFdLGsfESX2TD9DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BcORU6kp+QOxNX3l61ARF8xD23nZgmlZfjW+smurkRM=; b=khjLRDKolq6ra+xeHlyQDfD24n4wi6LUbTILvjCHAryxFfLcgWomWYHp+PaTECCgvO1w6wHgp+CJkKlcl1m3n9dkNtRWuFM5VSTzYWYTpCavjY8/13kziwOVXw4j1Rma+gZui+6m0l8cbgl+5uSav3es5Fbakm9i8YC65ItgjG5XuBTkBv7EpUXMY1UnMFQMhcy5lr1iTYQydchMolRAy42qJkIM5agGZQYv889Mwujzmi88YqGFalJSNKsJI13S0RLg+2v4oNX1YM2FW0mEbV9rCqIaAHjVoebOQdwvsm5XIH2saGBV/+P1SzAXSYFpG2h9eFAIZEfRVx2dYOYB+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=telekom.de; dmarc=pass action=none header.from=telekom.de; dkim=pass header.d=telekom.de; arc=none Received: from FRXPR01MB0743.DEUPRD01.PROD.OUTLOOK.DE (10.158.154.143) by FRXPR01MB0568.DEUPRD01.PROD.OUTLOOK.DE (10.158.153.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.25; Mon, 7 Oct 2019 09:04:20 +0000 Received: from FRXPR01MB0743.DEUPRD01.PROD.OUTLOOK.DE ([fe80::3534:1684:4958:d565]) by FRXPR01MB0743.DEUPRD01.PROD.OUTLOOK.DE ([fe80::3534:1684:4958:d565%7]) with mapi id 15.20.2327.025; Mon, 7 Oct 2019 09:04:20 +0000 From: To: , , Thread-Topic: Doc Shepherd review of draft-ietf-sipcore-locparam-03 Thread-Index: AQHVfH6z+yjF5fipkkGbDaFwCktGHKdOy93A Date: Mon, 7 Oct 2019 09:04:20 +0000 Message-ID: References: In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=R.Jesske@telekom.de; x-originating-ip: [80.146.191.222] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cd91de59-dc99-4d2d-f51b-08d74b05570d x-ms-traffictypediagnostic: FRXPR01MB0568: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(366004)(39860400002)(136003)(199004)(189003)(53754006)(478600001)(476003)(5660300002)(86362001)(8936002)(7736002)(8676002)(305945005)(81166006)(81156014)(186003)(486006)(446003)(11346002)(26005)(76176011)(102836004)(7696005)(316002)(110136005)(33656002)(71190400001)(71200400001)(2501003)(256004)(66556008)(66446008)(66946007)(6306002)(64756008)(66476007)(55016002)(9686003)(76116006)(2906002)(966005)(14454004)(66066001)(3846002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:FRXPR01MB0568; H:FRXPR01MB0743.DEUPRD01.PROD.OUTLOOK.DE; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: telekom.de does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 8ZAuREj/rfpksZTxWxEFZBgEBzIUdpDXtRaStF7mTAbycEgA9dsf9b7yK1gMj6fYbFMb8fK0EDwiyFGYMRCo08oykT0+FH2iUuHsf8n5wpNFWEdAq4X6CML1jLk29aNf5b7P+QPwRnMhEpk5J7M/JIaG7xFVcNVEAHOZkFCr2tleTOGubhy3DApgB+AUQNkWZj2LY9ScgHTWOJhTsaB0qmNXYnTLZEroKgFSbcfrLId+tCu1zwrZIcxfH35rPmfuV9YMQILo7G002l6yPrlc4WS8nQgs4eCUtT5TAcuwcW7u3SPct1Uy2z6Tl9aTULag2t6qp8oOlIY13f15tLh/uyVUizxwYZStf44C5iqFcRUeLGR16GmOfjDkMeegVxQZVefrBdcYMbH/iDm+t8oO3SUlUQTvBLT0gJqnC6FPBcakRuBM9hJj/s7SIlXeAVLZiS538E4IcT7WYTEcTN+0vw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: cd91de59-dc99-4d2d-f51b-08d74b05570d X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 09:04:20.2907 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bde4dffc-4b60-4cf6-8b04-a5eeb25f5c4f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0rzsSIW1v3wGqeukT8g6f7+P9mTFOfE3JDzgc3PXfi08INDNrkcEl2nUa5UptBzl2cEtJs3o0NoGaK7bJNlCSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRXPR01MB0568 X-OriginatorOrg: telekom.de Archived-At: Subject: Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-locparam-03 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 09:05:53 -0000 SGkgSmVhbiwNCnRoYW5rIHlvdSBmb3IgdGhlIHJldmlldyBhbmQgY29tbWVudHMuDQpJIGhhdmUg dGhlbSBpbmNvcnBvcmF0ZWQgaW4gbXkgZHJhZnQuDQpJZiBub3RoaW5nIGVsc2UgbmVlZHMgdG8g YmUgZG9uZSB3aXRoaW4gdGhlIGRyYWZ0IEkgY2FuIHJlbGVhc2UgdGhlIG5leHQgZHJhZnQgdmVy c2lvbi4NCg0KQmVzdCBSZWdhcmRzDQoNClJvbGFuZA0KDQotLS0tLVVyc3Byw7xuZ2xpY2hlIE5h Y2hyaWNodC0tLS0tDQpWb246IEEuIEplYW4gTWFob25leSA8bWFob25leUBub3N0cnVtLmNvbT4g DQpHZXNlbmRldDogU29ubnRhZywgNi4gT2t0b2JlciAyMDE5IDIxOjQ2DQpBbjogZHJhZnQtaWV0 Zi1zaXBjb3JlLWxvY3BhcmFtQGlldGYub3JnOyBTSVBDT1JFIDxzaXBjb3JlQGlldGYub3JnPg0K QmV0cmVmZjogRG9jIFNoZXBoZXJkIHJldmlldyBvZiBkcmFmdC1pZXRmLXNpcGNvcmUtbG9jcGFy YW0tMDMNCg0KSGkgYWxsLA0KDQpCZWxvdyBpcyBteSByZXZpZXcgb2YgdGhlIHZlcnNpb24gdGhh dCBpbmNvcnBvcmF0ZXMgdGhlIFdHTEMgZmVlZGJhY2suIA0KVGhhbmtzIGZvciBhZGRyZXNzaW5n IHRoZSBmZWVkYmFjayBzbyBmYXIhDQoNCkplYW4NCg0KLS0tLS0tLS0tLS0tLQ0KTWlub3IgaXNz dWVzOg0KDQpTNC4gVGhlcmUgc2hvdWxkIGJlIGEgc3Ryb25nZXIgdGllLWluIHRvIHRoZSBBQk5G IGdpdmVuIGluIFJGQzY0NDIuDQoNCkN1cnJlbnQ6DQoNCiAgICBUaGUgbWVjaGFuaXNtIGVtcGxv eWVkIGFkZHMgYSBwYXJhbWV0ZXIgdG8gdGhlIGxvY2F0aW9uIHZhbHVlIGRlZmluZWQNCiAgICBp biBbUkZDNjQ0Ml0gdGhhdCBpZGVudGlmaWVzIHRoZSBob3N0bmFtZSBvZiB0aGUgZW50aXR5IGFk ZGluZyB0aGUNCiAgICBsb2NhdGlvbiB2YWx1ZSB0byB0aGUgR2VvbG9jYXRpb24gaGVhZGVyIGZp ZWxkLg0KDQpTdWdnZXN0ZWQ6DQoNCiAgICBUaGUgbWVjaGFuaXNtIGFkZHMgYSBnZW9sb2MtcGFy YW0gcGFyYW1ldGVyIHRvIHRoZSBsb2NhdGlvblZhbHVlDQogICAgZGVmaW5lZCBpbiBbUkZDNjQ0 Ml0gdGhhdCBpZGVudGlmaWVzIHRoZSBob3N0bmFtZSBvZiB0aGUgZW50aXR5DQogICAgYWRkaW5n IHRoZSBsb2NhdGlvbiB2YWx1ZSB0byB0aGUgR2VvbG9jYXRpb24gaGVhZGVyIGZpZWxkLg0KDQpb UkpdIGRvbmUNCg0KVG8gbWFrZSB0aGUgdGVybWlub2xvZ3kgaW4gdGhpcyBkcmFmdCBjb25zaXN0 ZW50IHdpdGggUkZDNjQ0MjoNCnMvbG9jYXRpb24gdmFsdWUvbG9jYXRpb25WYWx1ZQ0KDQpbUkpd IGRvbmUgSSBjaGFuZ2VkIGFsc28gImxvY2F0aW9uIHZhbHVlcyIgdG8gImxvY2F0aW9uVmFsdWVz Ig0KDQpXaGVuIHJlZmVycmluZyB0byBoZWFkZXIgZmllbGQgcGFyYW1ldGVycywgU0lQIHNwZWNz IHVzdWFsbHkgdXNlIHRoZSB0b2tlbiBpbiBxdW90ZXMgKCJleHBpcmVzIiwgInFvcCIpIHJhdGhl ciB0aGFuIHRoZSBBQk5GIHJ1bGUgbmFtZSAoYy1wLWV4cGlyZXMsIG1lc3NhZ2UtcW9wKSBpbiB0 ZXh0LiBBbHNvLCBJQU5BIGxpc3RzIGhlYWRlciBmaWVsZCBwYXJhbWV0ZXJzIGJ5IHRoZWlyIHRv a2VucyBpbiB0aGUgIkhlYWRlciBGaWVsZCBQYXJhbWV0ZXJzIGFuZCBQYXJhbWV0ZXIgVmFsdWVz IiBzdWItcmVnaXN0cnkuIEluc3RlYWQgb2YgbG9jYXRpb24tc291cmNlLCAibG9jLXNyYyIgc2hv dWxkIGJlIHVzZWQgaW4gdGhpcyBkcmFmdCdzIHRleHQuDQoNCg0KUzguIFRoZSBJQU5BIENvbnNp ZGVyYXRpb25zIHNlY3Rpb24gbmVlZHMgYSBiaXQgbW9yZSBjbGFyaWZpY2F0aW9uLg0KDQpDdXJy ZW50Og0KDQogICAgOC4xLiBSZWdpc3RyYXRpb24gb2YgbG9jYXRpb24tc291cmNlIHBhcmFtZXRl ciBmb3IgR2VvbG9jYXRpb24gaGVhZGVyDQogICAgICAgICBmaWVsZA0KDQogICAgVGhpcyBkb2N1 bWVudCBjYWxscyBmb3IgSUFOQSB0byByZWdpc3RlciBhIG5ldyBTSVAgaGVhZGVyIHBhcmFtZXRl cg0KICAgIGFzIHBlciB0aGUgZ3VpZGVsaW5lcyBpbiBbUkZDMzI2MV0sIHdoaWNoIHdpbGwgYmUg YWRkZWQgdG8gaGVhZGVyDQogICAgc3ViLXJlZ2lzdHJ5IHVuZGVyIGh0dHA6Ly93d3cuaWFuYS5v cmcvYXNzaWdubWVudHMvc2lwLXBhcmFtZXRlcnMuDQoNCiAgICBIZWFkZXIgRmllbGQ6ICBHZW9s b2NhdGlvbg0KDQogICAgUGFyYW1ldGVyIE5hbWU6ICBsb2Mtc3JjDQoNCg0KU3VnZ2VzdGVkOg0K DQogICAgOC4xLiBSZWdpc3RyYXRpb24gb2YgImxvYy1zcmMiIHBhcmFtZXRlciBmb3IgdGhlIEdl b2xvY2F0aW9uIGhlYWRlcg0KICAgICAgICAgZmllbGQNCg0KICAgIFRoZSBJQU5BIGlzIGFza2Vk IHRvIGFkZCBhIG5ldyBTSVAgaGVhZGVyIGZpZWxkIHBhcmFtZXRlciBmb3INCiAgICB0aGUgR2Vv bG9jYXRpb24gaGVhZGVyIGZpZWxkIGluIHRoZSAiSGVhZGVyIEZpZWxkIFBhcmFtZXRlcnMgYW5k DQogICAgUGFyYW1ldGVyIFZhbHVlcyIgc3VicmVnaXN0cnkgKGNyZWF0ZWQgYnkgW1JGQzM5Njhd KSBvZiB0aGUNCiAgICAiU2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIChTSVApIFBhcmFtZXRl cnMiIHJlZ2lzdHJ5IGZvdW5kIGF0DQogICAgaHR0cHM6Ly93d3cuaWFuYS5vcmcvYXNzaWdubWVu dHMvc2lwLXBhcmFtZXRlcnMvLg0KDQogICAgSGVhZGVyIEZpZWxkOiAgR2VvbG9jYXRpb24NCg0K ICAgIFBhcmFtZXRlciBOYW1lOiAgbG9jLXNyYw0KDQogICAgUHJlZGVmaW5lZCBWYWx1ZXM6ICBO bw0KDQogICAgUmVmZXJlbmNlOiAgVGhpcyBSRkMNCg0KW1JKXSBkb25lDQoNCi0tLS0tDQpOaXRz Og0KDQpIZWFkZXI6ICBVc2UganVzdCB0aGUgUkZDIG51bWJlciBpbiB0aGUgVXBkYXRlczogZmll bGQgLSB0aGF0IGlzLCA2NDQyLg0KDQpBYnN0cmFjdDogIEFkZCB0aGUgc2VudGVuY2UgKGJ1dCBu b3QgYSBjaXRlLCB0aG91Z2gpOiAiVGhpcyBkb2N1bWVudCB1cGRhdGVzIFJGQyA2NDQyLiINCltS Sl0gZG9uZQ0KDQoNClMxLg0KDQpzL2VkZ2UtcHJveGllcy9lZGdlIHByb3hpZXMNCg0KQ3VycmVu dDogLi4uaXQgZG9lcyBub3QgcHJvdmlkZSBhbnkgaW5kaWNhdGlvbiBvZiB3aGljaA0KICAgIG5v ZGUgYWN0dWFsbHkgYWRkZWQgdGhlIGxvY2F0aW9uIHZhbHVlLg0KDQpTdWdnZXN0ZWQ6IC4uLml0 IGRvZXMgbm90IGlkZW50aWZ5IHdoaWNoIG5vZGUgYWRkZWQgdGhlDQogICAgbG9jYXRpb24gdmFs dWUuDQpbUkpdIGRvbmUNCg0KUzMuDQoNCkN1cnJlbnQ6DQoNCiAgICBUaGlzIGRvY3VtZW50IG1h a2VzIG5vIGF0dGVtcHQgdG8gY29tbWVudCBvbiB0aGVzZSB2YXJpb3VzDQogICAgYXJjaGl0ZWN0 dXJlcyBvciB0aGUgcmF0aW9uYWxlIGZvciB0aGVtIHdpc2hpbmcgdG8gaW5jbHVkZSBtdWx0aXBs ZQ0KICAgIGxvY2F0aW9uIHZhbHVlcy4NCg0KU3VnZ2VzdGVkOg0KDQogICAgVGhpcyBkb2N1bWVu dCBkb2VzIG5vdCBjb21tZW50IG9uIHRoZXNlIHZhcmlvdXMNCiAgICBhcmNoaXRlY3R1cmVzIG9y IG9uIHRoZSByYXRpb25hbGUgZm9yIGluY2x1ZGluZyBtdWx0aXBsZQ0KICAgIGxvY2F0aW9uIHZh bHVlcy4NCg0KW1JKXSBkb25lDQoNCnMvVGhlIFRoZS9UaGUNCltSSl0gZG9uZQ0KDQpDdXJyZW50 Og0KDQogICAgVGhlIGZ1bmN0aW9uYWwgYXJjaGl0ZWN0dXJlIGRlc2NyaWJlZCB3aXRoaW4gRVRT SSBbTTQ5M10gaXMgYW4NCiAgICBleGFtcGxlIG9mIGFyY2hpdGVjdHVyZSB3aGVyZSB0aGlzIHBh cmFtZXRlciBtYWtlcyBzZW5zZSB0byBiZSB1c2VkLg0KDQpTdWdnZXN0ZWQ6DQoNCiAgICBUaGUg ZnVuY3Rpb25hbCBhcmNoaXRlY3R1cmUgZGVzY3JpYmVkIHdpdGhpbiBFVFNJIFtNNDkzXSBpcyBh bg0KICAgIGV4YW1wbGUgb2YgYW4gYXJjaGl0ZWN0dXJlIHdoZXJlIGl0IG1ha2VzIHNlbnNlIHRv IHVzZSB0aGlzDQogICAgcGFyYW1ldGVyLg0KW1JKXSBkb25lDQoNClM0Lg0KDQpzL2ludGVybWVk aWFyaXR5L2ludGVybWVkaWFyeSAobXVsdGlwbGUgaW5zdGFuY2VzKQ0KW1JKXSBkb25lDQoNClM1 Lg0KDQpzL1VSSSB0aGUgcHJvdmlkZWQvVVJJIHByb3ZpZGVkDQpbUkpdIGRvbmUNCg0KUzYuDQoN CkN1cnJlbnQ6DQoNCiAgICBXaGlsZSB0aGUgYWRkaXRpb24gb2YgdGhlIGxvY2F0aW9uLXNvdXJj ZQ0KICAgIHBhcmFtZXRlciBkb2VzIHByb3ZpZGUgYW4gaW5kaWNhdG9yIG9mIHRoZSBlbnRpdHkg dGhhdCBhZGRlZCB0aGUNCiAgICBsb2NhdGlvbiBpbiB0aGUgc2lnbmFsaW5nIHBhdGggdGhpcyBw cm92aWRlcyBsaXR0bGUgbW9yZSBleHBvc3VyZQ0KICAgIHRoYW4gYSBwcm94eSBpZGVudGl0eSBi ZWluZyBhZGRlZCB0byB0aGUgcmVjb3JkLXJvdXRlIGhlYWRlciBmaWVsZC4NCg0KU3VnZ2VzdGVk Og0KDQogICAgV2hpbGUgdGhlIGFkZGl0aW9uIG9mIHRoZSAibG9jLXNyYyINCiAgICBwYXJhbWV0 ZXIgaWRlbnRpZmllcyB0aGUgZW50aXR5IHRoYXQgYWRkZWQgdGhlIGxvY2F0aW9uIGluIHRoZQ0K ICAgIHNpZ25hbGluZyBwYXRoLCB0aGlzIGFkZGl0aW9uIHByb3ZpZGVzIGxpdHRsZSBtb3JlIGV4 cG9zdXJlDQogICAgdGhhbiBhZGRpbmcgYSBwcm94eSBpZGVudGl0eSB0byB0aGUgUmVjb3JkLVJv dXRlIGhlYWRlciBmaWVsZC4NCltSSl0gZG9uZQ0KDQpTNy4NCg0KQ3VycmVudDoNCg0KICAgIFRv IGF2b2lkIHByb2JsZW1zIG9mIHdyb25nIGludGVycHJldGF0aW9uIG9mDQogICAgbG9jLXNyYyB0 aGUgdmFsdWUgbWF5IGJlIHJlbW92ZWQgd2hlbiBwYXNzZWQgdG8gYW4gb3RoZXIgZG9tYWluLg0K DQpTdWdnZXN0ZWQ6DQoNCiAgICBUbyBhdm9pZCBwcm9ibGVtcyB3aXRoIG1pc2ludGVycHJldGF0 aW9uIG9mIHRoZQ0KICAgICJsb2Mtc3JjIiBwYXJhbWV0ZXIsIHRoZSB2YWx1ZSBtYXkgYmUgcmVt b3ZlZCB3aGVuIHBhc3NlZCB0byBhbg0KICAgIG90aGVyIGRvbWFpbi4NCltSSl0gZG9uZQ0KDQpT OS4NCg0Kcy9kcmFmdCBUaGUvZHJhZnQuIFRoZQ0KDQpbUkpdIGRvbmUNCg0K From nobody Mon Oct 7 06:20:09 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09BE120096; Mon, 7 Oct 2019 06:20:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.28 X-Spam-Level: X-Spam-Status: No, score=-1.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, KHOP_HELO_FCRDNS=0.4, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GigxR898-WaQ; Mon, 7 Oct 2019 06:20:06 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F1C6120020; Mon, 7 Oct 2019 06:20:06 -0700 (PDT) Received: from mutabilis-2.local ([47.186.30.41]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x97DK10l029341 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 7 Oct 2019 08:20:02 -0500 (CDT) (envelope-from mahoney@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1570454405; bh=Jakw4A09DWRPYXP10Chd8V6nwlxR2b7mgtQkUuXLo8s=; h=Subject:To:References:From:Date:In-Reply-To; b=kt1RQOrXeB+R3OW1fmczvx02SVbSuEwb80FGdU8tvf3u+JxbUWD6uD2srVNaQptet f93Cof4ZtAFYwPd+xLZnLM1r/xYqXy2tpkQdacjVuhQnrmyByGPDc71m7HZOEK41XV +kbAasRpOPVQj9RCbiy0UeaY+e24yPvwJrNQwrXU= X-Authentication-Warning: raven.nostrum.com: Host [47.186.30.41] claimed to be mutabilis-2.local To: R.Jesske@telekom.de, draft-ietf-sipcore-locparam@ietf.org, sipcore@ietf.org References: From: "A. Jean Mahoney" Message-ID: <46c6f004-5ed5-3464-8db0-96e28afc24a9@nostrum.com> Date: Mon, 7 Oct 2019 08:20:00 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sipcore] Doc Shepherd review of draft-ietf-sipcore-locparam-03 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 13:20:08 -0000 Thanks, Roland, please submit your new version. Jean On 10/7/19 4:04 AM, R.Jesske@telekom.de wrote: > Hi Jean, > thank you for the review and comments. > I have them incorporated in my draft. > If nothing else needs to be done within the draft I can release the next draft version. > > Best Regards > > Roland > > -----Ursprüngliche Nachricht----- > Von: A. Jean Mahoney > Gesendet: Sonntag, 6. Oktober 2019 21:46 > An: draft-ietf-sipcore-locparam@ietf.org; SIPCORE > Betreff: Doc Shepherd review of draft-ietf-sipcore-locparam-03 > > Hi all, > > Below is my review of the version that incorporates the WGLC feedback. > Thanks for addressing the feedback so far! > > Jean > > ------------- > Minor issues: > > S4. There should be a stronger tie-in to the ABNF given in RFC6442. > > Current: > > The mechanism employed adds a parameter to the location value defined > in [RFC6442] that identifies the hostname of the entity adding the > location value to the Geolocation header field. > > Suggested: > > The mechanism adds a geoloc-param parameter to the locationValue > defined in [RFC6442] that identifies the hostname of the entity > adding the location value to the Geolocation header field. > > [RJ] done > > To make the terminology in this draft consistent with RFC6442: > s/location value/locationValue > > [RJ] done I changed also "location values" to "locationValues" > > When referring to header field parameters, SIP specs usually use the token in quotes ("expires", "qop") rather than the ABNF rule name (c-p-expires, message-qop) in text. Also, IANA lists header field parameters by their tokens in the "Header Field Parameters and Parameter Values" sub-registry. Instead of location-source, "loc-src" should be used in this draft's text. > > > S8. The IANA Considerations section needs a bit more clarification. > > Current: > > 8.1. Registration of location-source parameter for Geolocation header > field > > This document calls for IANA to register a new SIP header parameter > as per the guidelines in [RFC3261], which will be added to header > sub-registry under http://www.iana.org/assignments/sip-parameters. > > Header Field: Geolocation > > Parameter Name: loc-src > > > Suggested: > > 8.1. Registration of "loc-src" parameter for the Geolocation header > field > > The IANA is asked to add a new SIP header field parameter for > the Geolocation header field in the "Header Field Parameters and > Parameter Values" subregistry (created by [RFC3968]) of the > "Session Initiation Protocol (SIP) Parameters" registry found at > https://www.iana.org/assignments/sip-parameters/. > > Header Field: Geolocation > > Parameter Name: loc-src > > Predefined Values: No > > Reference: This RFC > > [RJ] done > > ----- > Nits: > > Header: Use just the RFC number in the Updates: field - that is, 6442. > > Abstract: Add the sentence (but not a cite, though): "This document updates RFC 6442." > [RJ] done > > > S1. > > s/edge-proxies/edge proxies > > Current: ...it does not provide any indication of which > node actually added the location value. > > Suggested: ...it does not identify which node added the > location value. > [RJ] done > > S3. > > Current: > > This document makes no attempt to comment on these various > architectures or the rationale for them wishing to include multiple > location values. > > Suggested: > > This document does not comment on these various > architectures or on the rationale for including multiple > location values. > > [RJ] done > > s/The The/The > [RJ] done > > Current: > > The functional architecture described within ETSI [M493] is an > example of architecture where this parameter makes sense to be used. > > Suggested: > > The functional architecture described within ETSI [M493] is an > example of an architecture where it makes sense to use this > parameter. > [RJ] done > > S4. > > s/intermediarity/intermediary (multiple instances) > [RJ] done > > S5. > > s/URI the provided/URI provided > [RJ] done > > S6. > > Current: > > While the addition of the location-source > parameter does provide an indicator of the entity that added the > location in the signaling path this provides little more exposure > than a proxy identity being added to the record-route header field. > > Suggested: > > While the addition of the "loc-src" > parameter identifies the entity that added the location in the > signaling path, this addition provides little more exposure > than adding a proxy identity to the Record-Route header field. > [RJ] done > > S7. > > Current: > > To avoid problems of wrong interpretation of > loc-src the value may be removed when passed to an other domain. > > Suggested: > > To avoid problems with misinterpretation of the > "loc-src" parameter, the value may be removed when passed to an > other domain. > [RJ] done > > S9. > > s/draft The/draft. The > > [RJ] done > From nobody Tue Oct 8 00:59:34 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2738A120130; Tue, 8 Oct 2019 00:59:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157052155706.17097.14024180731709447919@ietfa.amsl.com> Date: Tue, 08 Oct 2019 00:59:17 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-locparam-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 07:59:25 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Location Source Parameter for the SIP Geolocation Header Field Authors : James Winterbottom Roland Jesske Bruno Chatras Andrew Hutton Filename : draft-ietf-sipcore-locparam-04.txt Pages : 8 Date : 2019-10-08 Abstract: There are some circumstances where a Geolocation header field may contain more than one locationValue. Knowing the identity of the node adding the locationValue allows the recipient more freedom in selecting the value to look at first rather than relying solely on the order of the locationValues. This document defines the "loc-src" parameter so that the entity adding the locationValue to Geolocation header field can identify itself using its hostname. This document updates RFC 6442. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-locparam/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-locparam-04 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-locparam-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-locparam-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Oct 12 14:12:30 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5DF12002E; Sat, 12 Oct 2019 14:12:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.105.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157091474371.1468.16209110185411880307@ietfa.amsl.com> Date: Sat, 12 Oct 2019 14:12:23 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-03.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Oct 2019 21:12:24 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-03.txt Pages : 14 Date : 2019-10-12 Abstract: This document defines a mechanism for SIP, that is based on the OAuth 2.0 and OpenID Connect Core 1.0 specifications, to enable the delegation of the user authentication and SIP registration authorization to a dedicated third-party entity that is separate from the SIP network elements that provide the SIP service. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-03 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Oct 12 14:17:45 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87815120096 for ; Sat, 12 Oct 2019 14:17:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UcPmaegXsyTg for ; Sat, 12 Oct 2019 14:17:41 -0700 (PDT) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0632D12002E for ; Sat, 12 Oct 2019 14:17:41 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id c25so28768417iot.12 for ; Sat, 12 Oct 2019 14:17:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=RieamrrYx0jXfXmZUEvom8kOqMKPujyYkVR5GaVbY+A=; b=k9FgsA/pQw3sdxJ9d13l/XfLStA6Zq6OMk/Sxi74QgZbQPISgKMh8ftRt4IxlWqMQd CgLvm2IDPNQSJBRf9tF3GU346HqhBeq5ze2GZp2XkdEmdQg5gcx9KwGrwttruT3EeiOA WMZtZY1narjD0Esqes8IGyBcoo0qrwCrA8u6j4yxY0kD7pt4AyG6ucfGJ9nKJx8/UDM+ G3Jgvtm6pclfcKe9qORymYkqY1TuwEmzzT+mI8H8k9M/5Ze0iDEOA/VqhtihZz9qk5KH 53pNnnz/zdttyN/QTjEo3i1ljDflF8pBnazyV8qK2t1WHjsPxK3Q5wxAEwf6Kckf+34p vLRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=RieamrrYx0jXfXmZUEvom8kOqMKPujyYkVR5GaVbY+A=; b=ngm+nraZwjhwtSad/zoaDheFxpcgCmpJuT6f8rafkd08gYUNlXLblocpuAqb2m/0cL AVOmIA5Y2fg/aqft9k4HVtt8zdtyTzgFfNA4AOt2fIMgokygG2LqpTzsW1MzI/QvaW++ opHmy6DcEAVxlA82tRNzXb9lTgYS+Nn1I0JEVwVdTV+LRqewrMMdFa6JULzwQEOqoCFF j/TRtFBhx+cpwjUrb7z7Touorpr7g+vUrV63didRauVU46ARrk0q8DNabACIxrQOvQ3d UPuojm6QtOr+H7Qu8XB7C/LZEoEaknBZipImYzwCgEFyV6kXmJZN71h9VD7dsZoHDKdc XYGQ== X-Gm-Message-State: APjAAAUGyjlIzFeaTQKLr0IqAWU/yxIHHjLtOjMNUPbqPH62TPtrX4+7 teqPkOge5E//ETEhrUrPnVG9Evwu71cTG8h9OCALLQ== X-Google-Smtp-Source: APXvYqxMp20hqOHduUkx0Qyct5nGc+rHRGILNvcBnerJxoS7Ci2WzS3BrS47860VkByjm0Q/EVebs1C2cO2BgsRr1YM= X-Received: by 2002:a02:40c6:: with SMTP id n189mr27618241jaa.121.1570915059885; Sat, 12 Oct 2019 14:17:39 -0700 (PDT) MIME-Version: 1.0 References: <157091474371.1468.16209110185411880307@ietfa.amsl.com> In-Reply-To: <157091474371.1468.16209110185411880307@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Sat, 12 Oct 2019 17:17:28 -0400 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="0000000000001de9350594bd2a3f" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-03.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Oct 2019 21:17:44 -0000 --0000000000001de9350594bd2a3f Content-Type: text/plain; charset="UTF-8" Hi, We have submitted a new version of the draft that hopefully addresses the comments we received on the previous version. Please, take a look and let us know what you think. Regards, Rifaat On Sat, Oct 12, 2019 at 5:13 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-03.txt > Pages : 14 > Date : 2019-10-12 > > Abstract: > This document defines a mechanism for SIP, that is based on the OAuth > 2.0 and OpenID Connect Core 1.0 specifications, to enable the > delegation of the user authentication and SIP registration > authorization to a dedicated third-party entity that is separate from > the SIP network elements that provide the SIP service. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-03 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-03 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --0000000000001de9350594bd2a3f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

We have submitted a new version=C2= =A0of the draft that hopefully addresses the comments we received on the pr= evious version.
Please, take a look and let us=C2=A0know what you= think.

Regards,
=C2=A0Rifaat
=

On Sat, Oct 12, 2019 at 5:13 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-03.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2019-10-12

Abstract:
=C2=A0 =C2=A0This document defines a mechanism for SIP, that is based on th= e OAuth
=C2=A0 =C2=A02.0 and OpenID Connect Core 1.0 specifications, to enable the<= br> =C2=A0 =C2=A0delegation of the user authentication and SIP registration
=C2=A0 =C2=A0authorization to a dedicated third-party entity that is separa= te from
=C2=A0 =C2=A0the SIP network elements that provide the SIP service.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-03
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-03


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--0000000000001de9350594bd2a3f-- From nobody Sun Oct 13 15:15:23 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D57F612006A for ; Sun, 13 Oct 2019 15:15:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXEWPMiLEQNj for ; Sun, 13 Oct 2019 15:15:19 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790080.outbound.protection.outlook.com [40.107.79.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1BC5120024 for ; Sun, 13 Oct 2019 15:15:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iOK8UMClbrdB7aEeN2grZE4VBmJv58/+ph/nxDB7TWrlKYyHyor3OfdcXZA/ERGOs54YmQdIwrX6UQYGnzVliZNwS9y8gTROd1yfMOLJvphhKIXauztgv6FktYdFvQTuVeGCNM3i1R+NPm/B9LmxP0jSiW4EF7Ndc910fIm1Sy9nzcVZfGLF9uWUtIImdyx/ucxgyY3/EsB4hFl6vBqj5jo6pYatOjgPvVS53WSfQUyeB9rUwdQDTSlqRWegbqnKUz/HnsDUG916TsWNf+7goUWPTd52CuEj26yCER1dZgdaY67zCmEcNX9KaGabqAtZGIrbkqyFjOyUe0DCVSRi+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6UWUOYnp2F9C1Ycy564OLjU+QW+HwIgUnQYJFdygyBo=; b=aCEp/2Ffp5BtLZ0IgDJk31Y0FH3PtIYr73/on9BuxQe4VWCFM1/YqJU+Y6/zw9/9LwCZJyfNS19E4mkkRZTX9O1kfFhoSXj7BT/DgPDC/N74zvlyC0gs1SjzDNllkB4t3mNMX9M37e6zsA256IiGunFd9uywNgwy/wNMspIUEeuOy4+gtH4VQ+ltQVZZHqgnZzIkf5jtJWzd6/cLhkyKp6tbMTP7oFjgWa3QZAooC6KrQ6hi5/pPAEZVSMPlXP/BWcRTGPwTfz7A9fl/GD0fA9sJvdaAyfg7r9+6KpJvohlEZsS/SfDvNsx7jluj+Nq7oyqLGuRLK+9a3AgmYGR0CQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6UWUOYnp2F9C1Ycy564OLjU+QW+HwIgUnQYJFdygyBo=; b=MiODVy0rOOlLHaeIzelPG7ZIg0WAb7JFiv0mApg7sEXTdzhZd8tET9rqLRdNPJ4wnb5EAqac9H62hzoz3aR5DNGhgR0LaS3orcYYZhaHIVy95ucJ9rExh65RcwHVJ1XT0GWXc5JTN5wV1bh5L4axyle4zGDn/Tc4ZozH1C4Etmk= Received: from MWHPR1201CA0010.namprd12.prod.outlook.com (2603:10b6:301:4a::20) by DM6PR12MB4108.namprd12.prod.outlook.com (2603:10b6:5:220::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Sun, 13 Oct 2019 22:15:17 +0000 Received: from CY1NAM02FT038.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e45::209) by MWHPR1201CA0010.outlook.office365.com (2603:10b6:301:4a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16 via Frontend Transport; Sun, 13 Oct 2019 22:15:17 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT038.mail.protection.outlook.com (10.152.74.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16 via Frontend Transport; Sun, 13 Oct 2019 22:15:16 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9DMFEKg018896 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Sun, 13 Oct 2019 18:15:15 -0400 To: sipcore@ietf.org References: <157091474371.1468.16209110185411880307@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <346454a3-0231-416e-9199-93e7f9624336@alum.mit.edu> Date: Sun, 13 Oct 2019 18:15:14 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <157091474371.1468.16209110185411880307@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(396003)(136003)(346002)(39860400002)(189003)(199004)(6916009)(486006)(70206006)(70586007)(2906002)(476003)(126002)(76176011)(446003)(66574012)(47776003)(65806001)(65956001)(336012)(2351001)(75432002)(88552002)(956004)(11346002)(2616005)(76130400001)(2361001)(26826003)(478600001)(36906005)(7596002)(305945005)(14444005)(58126008)(31686004)(316002)(786003)(106002)(230700001)(229853002)(50466002)(5660300002)(2486003)(23676004)(186003)(8676002)(356004)(8936002)(246002)(6246003)(86362001)(31696002)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB4108; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d2749320-9947-445c-5fdb-08d7502ad3d8 X-MS-TrafficTypeDiagnostic: DM6PR12MB4108: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 01894AD3B8 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SHi/EKE4mph+RMhHWHD/LZ6cFRCxXFCYGwQZLY4Cv8uvL9PTwLfhxvrbynW87pn/QPA0UbFDuCACnmabZ4aFAjX8VWvjhq6MksNPKPmnaOJs1K9hCzBBmopoKwpe8r4H3xdovKfQ9f5Znmr5NHhB/YaTVwHU/kH2MNEhKQB1rcBg6sNfRjZKk8bwh6/xhJ0GnzS0JXmpNBW6Gg7h7Kk99FHgCyGK9FefonmqsLt5k8Cv6AM+LC7yHRekgXwMzZWaSeqtccwCy4aPKy0eKLd1tvAmS2Y3vUFoN+xcGOfXRaIIQDih2wZx/fioUlyq99rvACprp5RPI9GOp3AMpf7Yyw88kZDbWepZh9oW3V1ayhU7UUj6mUTMDPqJn68zHAkWQoWzWJrndKMX0oBhlz/VEse1fOGh+uGwdNeukB3q/nw= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Oct 2019 22:15:16.6313 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d2749320-9947-445c-5fdb-08d7502ad3d8 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4108 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-03.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Oct 2019 22:15:21 -0000 This version is better. But I still have some concerns: 1) the syntax says that the value of the 'authz_server' parameter of a bearer challenge is a quoted-string. The diagram in section 5.1 shows an HTTP POST request being sent to the Authorization Server. I find no text saying the authz_server value should be an HTTP URL. If this is the expectation then make it clear in the syntax. OTOH, if the expectation is that the value can be something else, then you need some explanation of what it can be and how the UA knows how to use it. 2) section 2.1.1 says: The tokens returned to the UA depend on the type of server: with an OAuth AS, the tokens provided are the access token and refresh token. With an OpenID Connect server, an additional ID-Token is returned, which contains the SIP URI and other user specific details. The method used to authenticate the user and obtain these tokens is out of scope for this document, with one potential method is the Native App mechanism defined in [RFC8252]. How is it that the UA, using only information from the challenge (namely the realm, scope, and authz-server params) works out how to do this? Is the distinction between OpenID and OAuth AS needed in advance, or can the UAC simply open a browser to the AS URL and the end user will be able to figure it out. And when the result is returned, are the different kinds of results self identifying or not? Please add some text to clarify this. 3) RFC3261 indicates (not clearly) the need to handle multiple challenges in a response and consequent need to include multiple credentials in subsequent requests. With only digest as an authentication scheme it is presumably the case that multiple challenges will contain *different* realms. With the addition of bearer as another authentication scheme, there is also the possibility of multiple challenges for the *same* realm, one for digest and another for bearer. (A given server might support both.) In this case presumably the UAC should choose to provide credentials for one or the other. (It might defer the choice of which to use to the end user through the GUI.) Because RFC3261 neglected to discuss this possibility I think this draft needs to take that on. It could be specified in some way unique to bearer, or (better) as a revision to 3261 covering all cases where there are multiple challenges for the same realm. Thanks, Paul From nobody Mon Oct 14 09:24:10 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF8B9120828 for ; Mon, 14 Oct 2019 09:24:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYKcIQzIwGez for ; Mon, 14 Oct 2019 09:24:05 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60060.outbound.protection.outlook.com [40.107.6.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BABF12081C for ; Mon, 14 Oct 2019 09:24:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fIc1fcXGFexbuNddYHCtLRD2eDlWawTgk6IUW2nAqOBlgCqCPXIKq06E1dyLs6YopCor2XRgpzuvtMzjkER3W2624dZwPBZFb/pPDcf9bRobVGGDEa31r+4Mk8vYWq48EnM2msgIE+T02zy0y1TGXwaqrhhiqO2t9GN3cCYttyDEIhQr9WAzRV/PiBOVzfk7/OKlN68nEF+lodrdzgxRw7POBAUKIPkfWBk0Q+m3gtizUqwITcnkg64G9DAaE6JKO2HuhhDZVOU9WZhvsc+MfTPaUsF0xqQjKNWmXXZP91CEblPD2BqDipVtUQgeyLk0k777xr+B7l9m8GLMcoh8WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=49A0Qr8crmkw1THY7aVw8X0aBRaRTv1lz4cv23ebdgY=; b=ja6MVbG1XlITz3bX1nj40Kg0wfm4/mlLKWgX7v3i317JT1KJdt07I+k2643E/PGAVUlQoEccadyFNb2vjBbprtg7+XWpg23eVWsBzZwZh35OooXSKC/uYa91JYoroFd60890WaxWxoPx7nIH5/JUouF2LHg3ZBxFyr2K2Hb78gBK5kGdXiASwIgaKRq7MKc1Kmgtfu7Wz1nd/HK32OyZGzvY6DgGx0PKiRT6ehAPUEskJrrfDU9b+eEmuW4EXaz0wN/Raa+x9EaKJ7m9Z0JjOdmsPv00uJp0lxZofXXbDvXOvd/BVYqRuo/jiK+cHcEHad2SZdHbac3Ic45ZA4eh+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=49A0Qr8crmkw1THY7aVw8X0aBRaRTv1lz4cv23ebdgY=; b=gmKvP6ftpc4aKgqf8l8Qk9FLcU7eemoBO2LRKm5+4osBgWPI2A3BC9ewNisx/n+wsi+ubhDJuDryWgYVn8KMuB6LzKe7V5jk3bweA7j54xU9rnz0X/9xTNhHHOyhyXTTWPQLCzwJAt0Hl+3kpnO1/dDmIpSdMM3eRDyYL3LsyE0= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3370.eurprd07.prod.outlook.com (10.170.247.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Mon, 14 Oct 2019 16:24:03 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::14d0:5c4f:26b7:b6e9%3]) with mapi id 15.20.2347.021; Mon, 14 Oct 2019 16:24:03 +0000 From: Christer Holmberg To: Paul Kyzivat , "sipcore@ietf.org" Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-03.txt Thread-Index: AQHVghOvPkgMOwFYE0iaBR4iUuRFaqdahbcA Date: Mon, 14 Oct 2019 16:24:02 +0000 Message-ID: References: <157091474371.1468.16209110185411880307@ietfa.amsl.com> <346454a3-0231-416e-9199-93e7f9624336@alum.mit.edu> In-Reply-To: <346454a3-0231-416e-9199-93e7f9624336@alum.mit.edu> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 33af5bf9-4ca5-462c-1606-08d750c2ed4b x-ms-traffictypediagnostic: HE1PR07MB3370: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01901B3451 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(346002)(39860400002)(366004)(136003)(199004)(189003)(14444005)(26005)(33656002)(66574012)(256004)(478600001)(186003)(25786009)(2171002)(229853002)(6246003)(76176011)(6486002)(305945005)(7736002)(99286004)(6436002)(6506007)(102836004)(81166006)(81156014)(14454004)(5660300002)(2501003)(6512007)(2616005)(66446008)(6116002)(476003)(66066001)(316002)(8676002)(36756003)(11346002)(91956017)(446003)(486006)(76116006)(3846002)(86362001)(110136005)(66476007)(64756008)(66556008)(66946007)(2906002)(44832011)(71190400001)(71200400001)(58126008)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3370; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7b4scdfBPjnei0aSTkh3635EcLS8AWp98Yit62ncmKykQWwGJQr47w82Ki8GJAtD41P3LcgpTCDHFOkU7lmL85WIVRbBmCaJIc7F3omY75PUPT2Kzi9Bws5YUs1ZeHb9pB6+RzkgRjofDUcbQL4NBQJQ9sZOoYuYeFfLEaVo89ITZd4Fy35xvElvvT6CMyYu10WzGZJMIfW0sm972KLCSBvCenYOKQmfdtf85kVxEDBUauXszFUg0TrA9fNjW//FxbF0TCbsqSquwKjADW4zXqarxmj/PM19wS6GuMv6y3X+3uY/VDoTk0XjDtj8jK+CI5/hTCG3y1pEYKZEGKB6rtrNLO1eykdUaZi4+cJhegxbiQzuOGyYalMt1UzENXZbGmjoX/U85vEon5fBoT6fxOz5l4X8HaTBZ4nt+GR4r68= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 33af5bf9-4ca5-462c-1606-08d750c2ed4b X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2019 16:24:03.0123 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: K6pvmz+w9rGcYuVdAZRcq4ECssLB570xxpBwusN8zwUfTU8xRaZGhK0jV2GDL8g3dJYa1IKQOugej2bIDt6HiLAEml9WY7i8Fy2+ctr2sv4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3370 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-03.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 16:24:08 -0000 SGkgUGF1bCwgDQoNClBsZWFzZSBzZWUgaW5saW5lLg0KICAgIA0KPiAgICAxKSB0aGUgc3ludGF4 IHNheXMgdGhhdCB0aGUgdmFsdWUgb2YgdGhlICdhdXRoel9zZXJ2ZXInIHBhcmFtZXRlciBvZiBh IA0KPiAgICBiZWFyZXIgY2hhbGxlbmdlIGlzIGEgcXVvdGVkLXN0cmluZy4gVGhlIGRpYWdyYW0g aW4gc2VjdGlvbiA1LjEgc2hvd3MgYW4gDQo+ICAgIEhUVFAgUE9TVCByZXF1ZXN0IGJlaW5nIHNl bnQgdG8gdGhlIEF1dGhvcml6YXRpb24gU2VydmVyLiBJIGZpbmQgbm8gdGV4dCANCj4gICAgc2F5 aW5nIHRoZSBhdXRoel9zZXJ2ZXIgdmFsdWUgc2hvdWxkIGJlIGFuIEhUVFAgVVJMLiBJZiB0aGlz IGlzIHRoZSANCj4gICAgZXhwZWN0YXRpb24gdGhlbiBtYWtlIGl0IGNsZWFyIGluIHRoZSBzeW50 YXguIE9UT0gsIGlmIHRoZSBleHBlY3RhdGlvbiANCj4gICAgaXMgdGhhdCB0aGUgdmFsdWUgY2Fu IGJlIHNvbWV0aGluZyBlbHNlLCB0aGVuIHlvdSBuZWVkIHNvbWUgZXhwbGFuYXRpb24gDQo+ICAg IG9mIHdoYXQgaXQgY2FuIGJlIGFuZCBob3cgdGhlIFVBIGtub3dzIGhvdyB0byB1c2UgaXQuDQog IA0KT0F1dGggdXNlcyBIVFRQUywgc28gd2UgY2FuIGluZGljYXRlIHRoYXQuDQoNCi0tLQ0KICAN CiA+ICAgMikgc2VjdGlvbiAyLjEuMSBzYXlzOg0KID4gICANCiA+ICAgICAgIFRoZSB0b2tlbnMg cmV0dXJuZWQgdG8gdGhlIFVBIGRlcGVuZCBvbiB0aGUNCiA+ICAgICAgIHR5cGUgb2Ygc2VydmVy OiB3aXRoIGFuIE9BdXRoIEFTLCB0aGUgdG9rZW5zIHByb3ZpZGVkIGFyZSB0aGUgYWNjZXNzDQog PiAgICAgICB0b2tlbiBhbmQgcmVmcmVzaCB0b2tlbi4gIFdpdGggYW4gT3BlbklEIENvbm5lY3Qg c2VydmVyLCBhbg0KID4gICAgICAgYWRkaXRpb25hbCBJRC1Ub2tlbiBpcyByZXR1cm5lZCwgd2hp Y2ggY29udGFpbnMgdGhlIFNJUCBVUkkgYW5kIG90aGVyDQogPiAgICAgICB1c2VyIHNwZWNpZmlj IGRldGFpbHMuICBUaGUgbWV0aG9kIHVzZWQgdG8gYXV0aGVudGljYXRlIHRoZSB1c2VyIGFuZA0K ID4gICAgICAgb2J0YWluIHRoZXNlIHRva2VucyBpcyBvdXQgb2Ygc2NvcGUgZm9yIHRoaXMgZG9j dW1lbnQsIHdpdGggb25lDQogPiAgICAgICBwb3RlbnRpYWwgbWV0aG9kIGlzIHRoZSBOYXRpdmUg QXBwIG1lY2hhbmlzbSBkZWZpbmVkIGluIFtSRkM4MjUyXS4NCiA+ICAgDQogPiAgIEhvdyBpcyBp dCB0aGF0IHRoZSBVQSwgdXNpbmcgb25seSBpbmZvcm1hdGlvbiBmcm9tIHRoZSBjaGFsbGVuZ2Ug KG5hbWVseSANCiA+ICAgdGhlIHJlYWxtLCBzY29wZSwgYW5kIGF1dGh6LXNlcnZlciBwYXJhbXMp IHdvcmtzIG91dCBob3cgdG8gZG8gdGhpcz8NCiA+ICAgDQogPiAgIElzIHRoZSBkaXN0aW5jdGlv biBiZXR3ZWVuIE9wZW5JRCBhbmQgT0F1dGggQVMgbmVlZGVkIGluIGFkdmFuY2UsIG9yIGNhbiAN CiA+ICAgdGhlIFVBQyBzaW1wbHkgb3BlbiBhIGJyb3dzZXIgdG8gdGhlIEFTIFVSTCBhbmQgdGhl IGVuZCB1c2VyIHdpbGwgYmUgDQogPiAgIGFibGUgdG8gZmlndXJlIGl0IG91dC4gQW5kIHdoZW4g dGhlIHJlc3VsdCBpcyByZXR1cm5lZCwgYXJlIHRoZSANCiA+ICAgZGlmZmVyZW50IGtpbmRzIG9m IHJlc3VsdHMgc2VsZiBpZGVudGlmeWluZyBvciBub3Q/IFBsZWFzZSBhZGQgc29tZSB0ZXh0IA0K ID4gICB0byBjbGFyaWZ5IHRoaXMuDQogICANClJpZmFhdD8NCg0KLS0tDQoNCj4gICAgMykgUkZD MzI2MSBpbmRpY2F0ZXMgKG5vdCBjbGVhcmx5KSB0aGUgbmVlZCB0byBoYW5kbGUgbXVsdGlwbGUg DQo+ICAgIGNoYWxsZW5nZXMgaW4gYSByZXNwb25zZSBhbmQgY29uc2VxdWVudCBuZWVkIHRvIGlu Y2x1ZGUgbXVsdGlwbGUgDQo+ICAgIGNyZWRlbnRpYWxzIGluIHN1YnNlcXVlbnQgcmVxdWVzdHMu IFdpdGggb25seSBkaWdlc3QgYXMgYW4gDQo+ICAgIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSBpdCBp cyBwcmVzdW1hYmx5IHRoZSBjYXNlIHRoYXQgbXVsdGlwbGUgY2hhbGxlbmdlcyANCj4gICAgd2ls bCBjb250YWluICpkaWZmZXJlbnQqIHJlYWxtcy4NCj4gICAgDQo+ICAgIFdpdGggdGhlIGFkZGl0 aW9uIG9mIGJlYXJlciBhcyBhbm90aGVyIGF1dGhlbnRpY2F0aW9uIHNjaGVtZSwgdGhlcmUgaXMg DQo+ICAgIGFsc28gdGhlIHBvc3NpYmlsaXR5IG9mIG11bHRpcGxlIGNoYWxsZW5nZXMgZm9yIHRo ZSAqc2FtZSogcmVhbG0sIG9uZSANCj4gICAgZm9yIGRpZ2VzdCBhbmQgYW5vdGhlciBmb3IgYmVh cmVyLiAoQSBnaXZlbiBzZXJ2ZXIgbWlnaHQgc3VwcG9ydCBib3RoLikgDQo+ICAgIEluIHRoaXMg Y2FzZSBwcmVzdW1hYmx5IHRoZSBVQUMgc2hvdWxkIGNob29zZSB0byBwcm92aWRlIGNyZWRlbnRp YWxzIGZvciANCj4gICAgb25lIG9yIHRoZSBvdGhlci4gKEl0IG1pZ2h0IGRlZmVyIHRoZSBjaG9p Y2Ugb2Ygd2hpY2ggdG8gdXNlIHRvIHRoZSBlbmQgDQo+ICAgIHVzZXIgdGhyb3VnaCB0aGUgR1VJ LikNCj4gICAgDQo+ICAgIEJlY2F1c2UgUkZDMzI2MSBuZWdsZWN0ZWQgdG8gZGlzY3VzcyB0aGlz IHBvc3NpYmlsaXR5IEkgdGhpbmsgdGhpcyBkcmFmdCANCj4gICAgbmVlZHMgdG8gdGFrZSB0aGF0 IG9uLiBJdCBjb3VsZCBiZSBzcGVjaWZpZWQgaW4gc29tZSB3YXkgdW5pcXVlIHRvIA0KPiAgICBi ZWFyZXIsIG9yIChiZXR0ZXIpIGFzIGEgcmV2aXNpb24gdG8gMzI2MSBjb3ZlcmluZyBhbGwgY2Fz ZXMgd2hlcmUgdGhlcmUgDQo+ICAgIGFyZSBtdWx0aXBsZSBjaGFsbGVuZ2VzIGZvciB0aGUgc2Ft ZSByZWFsbS4NCiAgDQpTZWN0aW9uIDIyLjMgb2YgMzI2MSBzYXlzOg0KDQogICAgICAiV2hlbiBh IHByb3h5IHNlcnZlciBpc3N1ZXMgYSBjaGFsbGVuZ2UgaW4gcmVzcG9uc2UgdG8gYSByZXF1ZXN0 LA0KICAgICAgaXQgd2lsbCBub3QgcHJveHkgdGhlIHJlcXVlc3QgdW50aWwgdGhlIFVBQyBoYXMg cmV0cmllZCB0aGUNCiAgICAgIHJlcXVlc3Qgd2l0aCB2YWxpZCBjcmVkZW50aWFscy4gIEEgZm9y a2luZyBwcm94eSBtYXkgZm9yd2FyZCBhDQogICAgICByZXF1ZXN0IHNpbXVsdGFuZW91c2x5IHRv IG11bHRpcGxlIHByb3h5IHNlcnZlcnMgdGhhdCByZXF1aXJlDQogICAgICBhdXRoZW50aWNhdGlv biwgZWFjaCBvZiB3aGljaCBpbiB0dXJuIHdpbGwgbm90IGZvcndhcmQgdGhlIHJlcXVlc3QNCiAg ICAgIHVudGlsIHRoZSBvcmlnaW5hdGluZyBVQUMgaGFzIGF1dGhlbnRpY2F0ZWQgaXRzZWxmIGlu IHRoZWlyDQogICAgICByZXNwZWN0aXZlIHJlYWxtLiAgSWYgdGhlIFVBQyBkb2VzIG5vdCBwcm92 aWRlIGNyZWRlbnRpYWxzIGZvcg0KICAgICAgZWFjaCBjaGFsbGVuZ2UsIHRoZSBwcm94eSBzZXJ2 ZXJzIHRoYXQgaXNzdWVkIHRoZSBjaGFsbGVuZ2VzIHdpbGwNCiAgICAgIG5vdCBmb3J3YXJkIHJl cXVlc3RzIHRvIHRoZSBVQSB3aGVyZSB0aGUgZGVzdGluYXRpb24gdXNlciBtaWdodCBiZQ0KICAg ICAgbG9jYXRlZCwgYW5kIHRoZXJlZm9yZSwgdGhlIHZpcnR1ZXMgb2YgZm9ya2luZyBhcmUgbGFy Z2VseSBsb3N0LiINCg0KU28sIEkgYW0gbm90IHN1cmUgd2hhdCBlbHNlIHdlIGNhbiBzYXkgcmVn YXJkaW5nIG11bHRpcGxlIGNoYWxsZW5nZXMgZnJvbSBkaWZmZXJlbnQgcmVhbG1zLg0KDQpJZiB3 ZSB3YW50IHRvIHNheSBzb21ldGhpbmcgYWJvdXQgcmVjZWl2aW5nIG11bHRpcGxlIGNoYWxsZW5n ZXMgZnJvbSB0aGUgKnNhbWUqIHJlYWxtLCB3ZSBjb3VsZCBzYXkgc29tZXRoaW5nIGxpa2U6DQoN CiJJZiB0aGUgVUFDIHJlY2VpdmVzIGEgNDAxLzQwNyByZXNwb25zZSB3aXRoIG11bHRpcGxlIFdX Vy1BdXRoZW50aWNhdGUvUHJveHktQXV0aGVudGljYXRlIGhlYWRlciBmaWVsZHMsIHByb3ZpZGlu Zw0KY2hhbGxlbmdlcyB1c2luZyBkaWZmZXJlbnQgYXV0aGVudGljYXRpb24gc2NoZW1lcyBmb3Ig dGhlIHNhbWUgcmVhbG0sIGl0IGlzIFJFQ09NTUVOREVEIHRoYXQgdGhlIFVBQyBwcm92aWRlcyAN CmNyZWRlbnRpYWxzIGZvciBlYWNoIGNoYWxsZW5nZSBzY2hlbWUgdGhhdCBpdCBzdXBwb3J0cy4i DQoNClJlZ2FyZHMsDQoNCkNocmlzdGVyDQoNCiANCg0K From nobody Thu Oct 17 14:01:16 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CB266120930; Thu, 17 Oct 2019 14:01:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Barry Leiba via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Barry Leiba Message-ID: <157134606776.29996.4903511691652008597.idtracker@ietfa.amsl.com> Date: Thu, 17 Oct 2019 14:01:07 -0700 Archived-At: Subject: [sipcore] Barry Leiba's Yes on draft-ietf-sipcore-digest-scheme-10: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 21:01:08 -0000 Barry Leiba has entered the following ballot position for draft-ietf-sipcore-digest-scheme-10: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for doing this. I have some editorial comments, and one substantive suggestion that we state more strongly here what's said in 7616: that MD5 is NOT RECOMMENDED. — Abstract — to replace the broken MD5 algorithm, which might be used for backward compatibility reasons only. I suggest that the “, which…” part isn’t useful in the Abstract, and should be removed. It's said in the Security Considerations, and we don't need to lead with it. — Section 2 — It replaces the reference to [RFC2617] with a reference to [RFC7616] in [RFC3261], and describes the modifications to the usage of the Digest mechanism in [RFC3261] resulting from that reference update. I had a hard time with this sentence. Let me suggest this: NEW It replaces the reference used in [RFC3261] for Digest Access Authentication, substituting [RFC7616] for the obsolete [RFC2617], and describes the modifications to the usage of the Digest mechanism in [RFC3261] resulting from that reference update. END — Section 2.1 — The IANA registry named "HTTP Digest Hash Algorithms" specifies the algorithms that correspond to 'algorithm' values. That is not the name of the registry; it’s “Hash Algorithms for HTTP Digest Authentication” (which you correctly cite in other sections). — Section 2.2 — If the MD5 algorithm is used to calculate the digest, then the digest will be represented as 32 hexadecimal characters, SHA-256 and SHA-512/256 by 64 hexadecimal characters. As we’re phasing out MD5, I suggest not using it as an example. Just: NEW If the SHA-256 or SHA-512/256 algorithm is used to calculate the digest, then the digest will be represented as 64 hexadecimal characters. END — Section 2.4 — If the UAC cannot respond to any of the challenges in the response, then it SHOULD abandon attempts to send the request, e.g. if the UAC does not have credentials or has stale credentials for any of the realms, unless a local policy dictates otherwise. This is really hard to parse; I think your “e.g.” clause gets in the way. I suggest this: NEW If the UAC cannot respond to any of the challenges in the response, then it SHOULD abandon attempts to send the request unless a local policy dictates otherwise. For example, if the UAC does not have credentials or has stale credentials for any of the realms, the UAC will abandon the request. END — Section 2.5 — When the forking proxy places multiple WWW-Authenticate and Proxy- Authenticate header fields from one received response into the single response it MUST maintain the order of these header fields. The ordering of values received from proxies relative to values received from other proxies is not significant. I can’t make sense of this; can you try rephrasing it? There’s one response and a single response. I don’t follow. There’s values received from proxies and values received from other proxies. What’s the difference between “proxies” and “other proxies”? I don’t follow. — Section 3 — This specification adds new secure algorithms to be used with the Digest mechanism to authenticate users, but leaves the broken MD5 algorithm for backward compatibility. I recommend being stronger about this by using text from 7616: NEW This specification adds new secure algorithms to be used with the Digest mechanism to authenticate users. The broken MD5 algorithm remains only for backward compatibility with [RFC2617], but its use is NOT RECOMMENDED. END From nobody Thu Oct 17 14:58:03 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A0B120A1A; Thu, 17 Oct 2019 14:57:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWGcvuApoduM; Thu, 17 Oct 2019 14:57:46 -0700 (PDT) Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 202CB120805; Thu, 17 Oct 2019 14:57:46 -0700 (PDT) Received: by mail-il1-x133.google.com with SMTP id u1so3609553ilq.12; Thu, 17 Oct 2019 14:57:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QL20WguGY5WMTWhXyAl8pHWI7noVWCkL4H9KEHat4JY=; b=HY8hbjtNYDlYRzglBSuMDKvvwc+Dk0LxEmYtDcjgmsE2iOfOqRStbkdZTwshTYyJpZ uX0BVWKUQ1gpbUlVl3b7ntqyFqdzvtGIK9MwHd43ClR18JhRF6SEOfuCYRfI4vy45ppU 07RkAFqE9FByYSA7rRzcttVt95vrCFQGjBu6nWEhMFg7Y2ofEJ6PkclLu5JpWKA/nfNd RFvnNwECgWZe8gCOJmR1pgjYd7nwkSObBJni1Ip3/ewcwRnzdDqKFz1Iu+Sq6g7J3KcZ UG99/32zx1PJJ6TZaIya25aIVphovTR5sPXLlPQuNuAWVJjzUfsOs1je/gUM9+9yshoc X+Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QL20WguGY5WMTWhXyAl8pHWI7noVWCkL4H9KEHat4JY=; b=Cp5Q9wGVp+VJqw/99trEnedDp1II544y6ewks2U1FuQgxq2qqVOpv8YSBRBF3EwjMU dJfCT0mqcrjFeef2qp7QYN53j5eaI2rxmMERGw/ujcQ0gBdlTLu5E1K6LRQI+GGxhAXn uGTTufmrWfBee9f0Zi7fK672LeFnl8wmPqnaceRVsrlA84qPos/sn3RiT5C2kPQE9bn+ Ie8WfFW8ucXxROqhuz4D7eQtQuGGxKPeyAxF/it0GBbr7tD61cLFhWjqNqSTNByLHbOM 9v5K42DvCP0dP5SST1V4z+nfB38F6qDHzsu9WjhDmcQG9Q1yeJtyIWQJVrE+HLd/je7b wokA== X-Gm-Message-State: APjAAAWlOoDVXSJXXw3S+jxgw08Jod7FuuBaAXpsMjbUtsm4UyRCAsTI Jq4Zb7/oTbpaPULdfdhvCWTMbn7E6I2VmICUw2Aqb5H1dZs= X-Google-Smtp-Source: APXvYqxhfkQAPCK1t61W8dffCI9kdWxafjSul9b2OM6NkR34eN6UaP+AeQaULSDqmzbKeRhN08qsIGo3ojRS9OMnjus= X-Received: by 2002:a92:d285:: with SMTP id p5mr6080333ilp.278.1571349465484; Thu, 17 Oct 2019 14:57:45 -0700 (PDT) MIME-Version: 1.0 References: <157134606776.29996.4903511691652008597.idtracker@ietfa.amsl.com> In-Reply-To: <157134606776.29996.4903511691652008597.idtracker@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Thu, 17 Oct 2019 17:57:35 -0400 Message-ID: To: Barry Leiba Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="000000000000b553e40595224e14" Archived-At: Subject: Re: [sipcore] Barry Leiba's Yes on draft-ietf-sipcore-digest-scheme-10: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 21:57:53 -0000 --000000000000b553e40595224e14 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Barry, Thanks for the detailed review, comments, and suggested text. I like all of your suggestions and will incorporate these into the next version of the document. With regards to text in section 2.5, how about the following: "When the forking proxy places multiple WWW-Authenticate and Proxy-Authenticate header fields received from one downstream proxy into a single response, it MUST maintain the order of these header fields. The ordering of values received from different downstream proxies is not significant." Regards, Rifaat On Thu, Oct 17, 2019 at 5:01 PM Barry Leiba via Datatracker < noreply@ietf.org> wrote: > Barry Leiba has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-10: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for doing this. I have some editorial comments, and one substanti= ve > suggestion that we state more strongly here what's said in 7616: that MD5 > is > NOT RECOMMENDED. > > =E2=80=94 Abstract =E2=80=94 > to replace the broken MD5 algorithm, which might be used > for backward compatibility reasons only. > > I suggest that the =E2=80=9C, which=E2=80=A6=E2=80=9D part isn=E2=80=99t = useful in the Abstract, and > should be > removed. It's said in the Security Considerations, and we don't need to > lead > with it. > > =E2=80=94 Section 2 =E2=80=94 > > It replaces the reference to [RFC2617] with a reference to [RFC7616] > in [RFC3261], and describes the modifications to the usage of the > Digest mechanism in [RFC3261] resulting from that reference update. > > I had a hard time with this sentence. Let me suggest this: > > NEW > It replaces the reference used in [RFC3261] for Digest Access > Authentication, substituting [RFC7616] for the obsolete [RFC2617], > and describes the modifications to the usage of the Digest > mechanism in [RFC3261] resulting from that reference update. > END > > =E2=80=94 Section 2.1 =E2=80=94 > > The IANA > registry named "HTTP Digest Hash Algorithms" specifies the algorithms > that correspond to 'algorithm' values. > > That is not the name of the registry; it=E2=80=99s =E2=80=9CHash Algorith= ms for HTTP Digest > Authentication=E2=80=9D (which you correctly cite in other sections). > > =E2=80=94 Section 2.2 =E2=80=94 > > If the MD5 algorithm is used to > calculate the digest, then the digest will be represented as 32 > hexadecimal characters, SHA-256 and SHA-512/256 by 64 hexadecimal > characters. > > As we=E2=80=99re phasing out MD5, I suggest not using it as an example. = Just: > > NEW > If the SHA-256 or SHA-512/256 algorithm is used to > calculate the digest, then the digest will be represented as 64 > hexadecimal characters. > END > > =E2=80=94 Section 2.4 =E2=80=94 > > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request, e.g. if the UAC > does not have credentials or has stale credentials for any of the > realms, unless a local policy dictates otherwise. > > This is really hard to parse; I think your =E2=80=9Ce.g.=E2=80=9D clause = gets in the way. > I > suggest this: > > NEW > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request unless a local > policy dictates otherwise. For example, if the UAC does not have > credentials or has stale credentials for any of the realms, the UAC > will abandon the request. > END > > =E2=80=94 Section 2.5 =E2=80=94 > > When the forking proxy places multiple WWW-Authenticate and Proxy- > Authenticate header fields from one received response into the single > response it MUST maintain the order of these header fields. The > ordering of values received from proxies relative to values received > from other proxies is not significant. > > I can=E2=80=99t make sense of this; can you try rephrasing it? There=E2= =80=99s one > response > and a single response. I don=E2=80=99t follow. There=E2=80=99s values r= eceived from > proxies > and values received from other proxies. What=E2=80=99s the difference be= tween > =E2=80=9Cproxies=E2=80=9D and =E2=80=9Cother proxies=E2=80=9D? I don=E2= =80=99t follow. > > =E2=80=94 Section 3 =E2=80=94 > > This specification adds new secure algorithms to be used with the > Digest mechanism to authenticate users, but leaves the broken MD5 > algorithm for backward compatibility. > > I recommend being stronger about this by using text from 7616: > > NEW > This specification adds new secure algorithms to be used with the > Digest mechanism to authenticate users. The broken MD5 algorithm > remains only for backward compatibility with [RFC2617], but its use is > NOT RECOMMENDED. > END > > > --000000000000b553e40595224e14 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Barry,

Thanks for t= he detailed review, comments, and suggested text.
I like all of y= our suggestions and will incorporate these into the next version of the=C2= =A0document.

With regards to text in section 2.5, = how about the following:

"When the forking pr= oxy places multiple WWW-Authenticate and Proxy-Authenticate header
fields received from one downstream proxy into a single respo= nse, it MUST maintain
the order of these header field= s.=C2=A0 The ordering of values received from different downstream=C2=A0
proxies is not significant."

Regards,
=C2=A0Rifaat

=

On Thu, Oct 17, 2019 at 5:01 PM Barry Leiba via Datatracker <noreply@ietf.org> wrote:
Barry Leiba has entered the = following ballot position for
draft-ietf-sipcore-digest-scheme-10: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/s= tatement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for doing this.=C2=A0 I have some editorial comments, and one substa= ntive
suggestion that we state more strongly here what's said in 7616: that M= D5 is
NOT RECOMMENDED.

=E2=80=94 Abstract =E2=80=94
=C2=A0 =C2=A0to replace the broken MD5 algorithm, which might be used
=C2=A0 =C2=A0for backward compatibility reasons only.

I suggest that the =E2=80=9C, which=E2=80=A6=E2=80=9D part isn=E2=80=99t us= eful in the Abstract, and should be
removed.=C2=A0 It's said in the Security Considerations, and we don'= ;t need to lead
with it.

=E2=80=94 Section 2 =E2=80=94

=C2=A0 =C2=A0It replaces the reference to [RFC2617] with a reference to [RF= C7616]
=C2=A0 =C2=A0in [RFC3261], and describes the modifications to the usage of = the
=C2=A0 =C2=A0Digest mechanism in [RFC3261] resulting from that reference up= date.

I had a hard time with this sentence.=C2=A0 Let me suggest this:

NEW
=C2=A0 =C2=A0It replaces the reference used in [RFC3261] for Digest Access<= br> =C2=A0 =C2=A0Authentication, substituting [RFC7616] for the obsolete [RFC26= 17],
=C2=A0 =C2=A0and describes the modifications to the usage of the Digest
=C2=A0 =C2=A0mechanism in [RFC3261] resulting from that reference update. END

=E2=80=94 Section 2.1 =E2=80=94

=C2=A0 =C2=A0The IANA
=C2=A0 =C2=A0registry named "HTTP Digest Hash Algorithms" specifi= es the algorithms
=C2=A0 =C2=A0that correspond to 'algorithm' values.

That is not the name of the registry; it=E2=80=99s =E2=80=9CHash Algorithms= for HTTP Digest
Authentication=E2=80=9D (which you correctly cite in other sections).

=E2=80=94 Section 2.2 =E2=80=94

=C2=A0 =C2=A0If the MD5 algorithm is used to
=C2=A0 =C2=A0calculate the digest, then the digest will be represented as 3= 2
=C2=A0 =C2=A0hexadecimal characters, SHA-256 and SHA-512/256 by 64 hexadeci= mal
=C2=A0 =C2=A0characters.

As we=E2=80=99re phasing out MD5, I suggest not using it as an example.=C2= =A0 Just:

NEW
=C2=A0 =C2=A0If the SHA-256 or SHA-512/256 algorithm is used to
=C2=A0 =C2=A0calculate the digest, then the digest will be represented as 6= 4
=C2=A0 =C2=A0hexadecimal characters.
END

=E2=80=94 Section 2.4 =E2=80=94

=C2=A0 =C2=A0If the UAC cannot respond to any of the challenges in the resp= onse,
=C2=A0 =C2=A0then it SHOULD abandon attempts to send the request, e.g. if t= he UAC
=C2=A0 =C2=A0does not have credentials or has stale credentials for any of = the
=C2=A0 =C2=A0realms, unless a local policy dictates otherwise.

This is really hard to parse; I think your =E2=80=9Ce.g.=E2=80=9D clause ge= ts in the way.=C2=A0 I
suggest this:

NEW
=C2=A0 =C2=A0If the UAC cannot respond to any of the challenges in the resp= onse,
=C2=A0 =C2=A0then it SHOULD abandon attempts to send the request unless a l= ocal
=C2=A0 =C2=A0policy dictates otherwise.=C2=A0 For example, if the UAC does = not have
=C2=A0 =C2=A0credentials or has stale credentials for any of the realms, th= e UAC
=C2=A0 =C2=A0will abandon the request.
END

=E2=80=94 Section 2.5 =E2=80=94

=C2=A0 =C2=A0When the forking proxy places multiple WWW-Authenticate and Pr= oxy-
=C2=A0 =C2=A0Authenticate header fields from one received response into the= single
=C2=A0 =C2=A0response it MUST maintain the order of these header fields.=C2= =A0 The
=C2=A0 =C2=A0ordering of values received from proxies relative to values re= ceived
=C2=A0 =C2=A0from other proxies is not significant.

I can=E2=80=99t make sense of this; can you try rephrasing it?=C2=A0 There= =E2=80=99s one response
and a single response.=C2=A0 I don=E2=80=99t follow.=C2=A0 There=E2=80=99s = values received from proxies
and values received from other proxies.=C2=A0 What=E2=80=99s the difference= between
=E2=80=9Cproxies=E2=80=9D and =E2=80=9Cother proxies=E2=80=9D?=C2=A0 I don= =E2=80=99t follow.

=E2=80=94 Section 3 =E2=80=94

=C2=A0 =C2=A0This specification adds new secure algorithms to be used with = the
=C2=A0 =C2=A0Digest mechanism to authenticate users, but leaves the broken = MD5
=C2=A0 =C2=A0algorithm for backward compatibility.

I recommend being stronger about this by using text from 7616:

NEW
=C2=A0 =C2=A0This specification adds new secure algorithms to be used with = the
=C2=A0 =C2=A0Digest mechanism to authenticate users. The broken MD5 algorit= hm
=C2=A0 =C2=A0remains only for backward compatibility with [RFC2617], but it= s use is
=C2=A0 =C2=A0NOT RECOMMENDED.
END


--000000000000b553e40595224e14-- From nobody Fri Oct 18 18:26:39 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4304A120852; Fri, 18 Oct 2019 18:26:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.478 X-Spam-Level: X-Spam-Status: No, score=-1.478 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DxVbGSPsJDwZ; Fri, 18 Oct 2019 18:26:31 -0700 (PDT) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 252BC12080C; Fri, 18 Oct 2019 18:26:31 -0700 (PDT) Received: by mail-io1-f53.google.com with SMTP id q1so9634443ion.1; Fri, 18 Oct 2019 18:26:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Waq1XWTzPGGMSXS1+UfzJOO1DwUpMwZRal7a06lKFO8=; b=MGSbCqbdOW+KJgE5EFDwvQCF+LaDg5odp6yzLKnX239IjZIvl7rotJEp4BHq+m3Enh SznBC3Seg39NzHe8I+NSHaVaUriLCEEb9HYJXLOGM5LhHRaiARrOffLLt61sT46kIIFy xsnghaPCfZfdSbRrcykdcKtkwvmZrZayQTpF1gi4VzsviAwcQAzRW+LjLzZe6SyLsivT vCZxo4aKczDlYMLLMi6SXjgZR3UBPEMbMz9wCwSNbPhfzbrG/KxRa4eeJJXm8Dpix7WX rbzO3Q6TS3+e71BKueY36fXShGrZ4K7hDJoeisRzB7mnLudoHIKENJp3RbCNGLHjtXs5 6mVA== X-Gm-Message-State: APjAAAU4mOU3q1PB+Pe9v6bymSnuon+QPRe1cC4DFV/QzHWt2Fs0AmPj QHPtWVIgM8EKvIXNypUUP6C5V6Js/Ud3/fCF0LM= X-Google-Smtp-Source: APXvYqxJmtR8ZeycttN2jgas2tFYu8VLuTc1TZd55pGkLsW8fpjezYFJ0XHF8/V0fQzkSDAC8wRIu2EEoF6QURRxiO8= X-Received: by 2002:a5d:8905:: with SMTP id b5mr5490230ion.187.1571448390238; Fri, 18 Oct 2019 18:26:30 -0700 (PDT) MIME-Version: 1.0 References: <157134606776.29996.4903511691652008597.idtracker@ietfa.amsl.com> In-Reply-To: From: Barry Leiba Date: Fri, 18 Oct 2019 21:26:19 -0400 Message-ID: To: Rifaat Shekh-Yusef Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [sipcore] Barry Leiba's Yes on draft-ietf-sipcore-digest-scheme-10: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2019 01:26:33 -0000 > I like all of your suggestions and will incorporate these into the next version of the document. Thanks! > With regards to text in section 2.5, how about the following: > > "When the forking proxy places multiple WWW-Authenticate and Proxy-Authenticate header > fields received from one downstream proxy into a single response, it MUST maintain > the order of these header fields. The ordering of values received from different downstream > proxies is not significant." Perfect, Rifaat: I understand that just fine, and thanks for re-wording. Barry From nobody Sat Oct 19 13:20:20 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C7E3A12001E; Sat, 19 Oct 2019 13:20:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157151641170.5128.8434066501744885978@ietfa.amsl.com> Date: Sat, 19 Oct 2019 13:20:11 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2019 20:20:12 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-04.txt Pages : 14 Date : 2019-10-19 Abstract: This document defines a mechanism for SIP, that is based on the OAuth 2.0 and OpenID Connect Core 1.0 specifications, to enable the delegation of the user authentication and SIP registration authorization to a dedicated third-party entity that is separate from the SIP network elements that provide the SIP service. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Oct 19 13:23:16 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 695811200DB for ; Sat, 19 Oct 2019 13:23:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.098 X-Spam-Level: X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5Nfm-mwMIZG for ; Sat, 19 Oct 2019 13:23:12 -0700 (PDT) Received: from mail-il1-x12e.google.com (mail-il1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4820B12001E for ; Sat, 19 Oct 2019 13:23:12 -0700 (PDT) Received: by mail-il1-x12e.google.com with SMTP id l12so8609603ilq.4 for ; Sat, 19 Oct 2019 13:23:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Tnu+7fu3vihwu9JRg9DJxCMcc+RnQXUXvX+YwRClJ6E=; b=JN7EXvNI34ZorkCEHtr4VINykOIRHfzuCGr27OL2KxbuMYvPHQOKAyvTDKtLNLR8nM 0GRE0unco9kVrps1npXPJUiEDLOT8Q3W3UmTxIYiCndOFMS0g6lMvt9Avopw/vNhY6kh WHVdvsuvdtf+cevDMFDtM4w8KON2A8d6KnunK0mKOl1sxHvFIwgZ13cwlxg1giwdVNIk NeHbmsjcIyqGKUZFxBNObCmHZCKVhuchvrf2Q5MW9vNryRnxY/TkRf+F18N6mZDrZXTC HpFA1eDvE6tqULmFIo6o7JBYmm+ExHonaOM1MV3Qq3B1UgOr8qi3q/WbO2H5ZPKfPpk3 4TtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Tnu+7fu3vihwu9JRg9DJxCMcc+RnQXUXvX+YwRClJ6E=; b=FhIN0VxbuFRLsgQKg0BGHJzTADNwvZcswHk8IGv/71aF+91XBs3pd7ALKYNiLoVccN sF64KM384aaDDTM8U6nA7afbe0eP7/i8BJFRLYWIq3taz1Pz3nRPmwzbcg5dSc5Y7No8 RRYPybFsYzz7Io37304NdXJ3An8nLc7K6nLNvSOqklkKon5OkdbaZ0RNAxcwOXhgaII4 djSqnUxaK/fddei+zhxMSTMoL1yAQxh253RIy849fqLBpjZE5ZcQBsjiwcKVGNcdf+ku JheJu/2FlKVogAWROmqNgWbd+CvM7z9ztd9vHsChJfHg504YhtjmIT6/HpKBdMUoSzHQ kCbw== X-Gm-Message-State: APjAAAW+5uLcuyFqL/Osr1tJjnljk+BX0YONU1T/dnhZ+r6+19RtXX3D z9Oc0mdO9tXI0W6XB7uWWe4kEDPILmKrfzBy0LlyAw== X-Google-Smtp-Source: APXvYqzW57U6gloHGGQcLJfbio+vtIvwqahFyrmcuHNznkJy/XIQAkMVFvUK99IQ4v9Qe2L03Y0GQGpMiZSr7tGW2EA= X-Received: by 2002:a92:258e:: with SMTP id l136mr17786781ill.73.1571516591196; Sat, 19 Oct 2019 13:23:11 -0700 (PDT) MIME-Version: 1.0 References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> In-Reply-To: <157151641170.5128.8434066501744885978@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Sat, 19 Oct 2019 16:23:00 -0400 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="0000000000002d4e8805954938e1" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2019 20:23:15 -0000 --0000000000002d4e8805954938e1 Content-Type: text/plain; charset="UTF-8" All, We update the draft based on the latest comments, mainly from Paul. Please, take a look and let us know what you think. Regards, Rifaat On Sat, Oct 19, 2019 at 4:21 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-04.txt > Pages : 14 > Date : 2019-10-19 > > Abstract: > This document defines a mechanism for SIP, that is based on the OAuth > 2.0 and OpenID Connect Core 1.0 specifications, to enable the > delegation of the user authentication and SIP registration > authorization to a dedicated third-party entity that is separate from > the SIP network elements that provide the SIP service. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --0000000000002d4e8805954938e1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

We update the dra= ft based on the latest comments, mainly from Paul.
Please, take a= look and let us know what you think.

Regards,
=C2=A0Rifaat


On Sat, Oct 19, 2019 at 4:21 PM <= ;internet-drafts@ietf.org&g= t; wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-04.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2019-10-19

Abstract:
=C2=A0 =C2=A0This document defines a mechanism for SIP, that is based on th= e OAuth
=C2=A0 =C2=A02.0 and OpenID Connect Core 1.0 specifications, to enable the<= br> =C2=A0 =C2=A0delegation of the user authentication and SIP registration
=C2=A0 =C2=A0authorization to a dedicated third-party entity that is separa= te from
=C2=A0 =C2=A0the SIP network elements that provide the SIP service.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-04
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-04


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--0000000000002d4e8805954938e1-- From nobody Sat Oct 19 15:04:01 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84FD81200B5 for ; Sat, 19 Oct 2019 15:04:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.101 X-Spam-Level: X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_008gfbeFJd for ; Sat, 19 Oct 2019 15:03:58 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50083.outbound.protection.outlook.com [40.107.5.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8834512008F for ; Sat, 19 Oct 2019 15:03:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qg7Nm+/BVNP6E/+vwa4b/vxYxas5F6jUoFiNDLRjTcB79qCadoXwDEsWv+ttfFTFBfmBAxX9vNxMnWWNWJyL24EFX32wSYsg+/tPPhuY/bawQI4wATyVzFwgBFp+xbpoGLQeVcE9JXhs4VpsBrS8jogTX+AOcbkOugedpuPrsi36T7ajJsrF55pRWX0pp2P9j5LhoZ6rEiQ5VGJT9sH1DlZbK3YRTEfsI3ddQNzKhe/HMJTtzX3ZxM4LGd+89XpHUnlxFZT71NipCLqPyxzJoWOjjHKyaGeXazCMRaOQvmldQ4ltbucKOBhQawBk3KrkyLx4TbZf59ewm/ZG5MXhYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lVzD4zacEfr6YFhM9cpuQHhzRipBzXhREt6HqB4ZnrE=; b=SZDWLM1HjrE8TbMaQVKA/6e3qZP0xBzlr1FleK1anvxftrGllgDDc2yRmHMVwNWd07va5Heg9PJ1LZvlmO5RdsWbPKsVnx44ABNeXN4IjuzMK5KsbOWe8xR8t06ZSjRDroaINENdyUWvSvWjv96sG1Nqjmg2dA003f+iEmZpfsemWUOmxgk4Y0HwoJjhwJwLBheNPUy9LsucGNHRJ9ovX4bZfMGQAwrfYKq0t2ub7GiRt5GdFYFl9Xq6WchGZbp1i+OoZ7UPLMSJueVDvev63v0ebkDDs1lCrQfIyrce98Ytmttr3iXm6xLweNfN4iRM95D/vbkfsq9ZrN397hVRnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lVzD4zacEfr6YFhM9cpuQHhzRipBzXhREt6HqB4ZnrE=; b=lxIpdLoUI/jqUHpvvAHsMK9odva7NYd/91ZcTz9dsgWIJ8t2M4zq0ccb3qvLdoLUUtowbgzOReqZxOWncO2Z6V/9vx7xmV9BlRcRk5vl0g8jXQRypS1eAtdd3bU4OvpYZYdaGq5mtvJ501pp597otsl2Nw8pbG1QijSWgQvfRwk= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3404.eurprd07.prod.outlook.com (10.170.242.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.14; Sat, 19 Oct 2019 22:03:54 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2387.014; Sat, 19 Oct 2019 22:03:54 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef , SIPCORE Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt Thread-Index: AQHVhrsUrbSbjZbOuUauZDNcBWVU8adihKBw Date: Sat, 19 Oct 2019 22:03:54 +0000 Message-ID: References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: fi-FI X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 30e0dcd5-7a95-4c4a-4a5b-08d754e03bb8 x-ms-traffictypediagnostic: HE1PR07MB3404: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01952C6E96 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(376002)(39860400002)(366004)(136003)(199004)(189003)(2906002)(11346002)(44832011)(446003)(26005)(256004)(53546011)(6506007)(102836004)(25786009)(52536014)(71190400001)(71200400001)(74316002)(14444005)(66574012)(6306002)(55016002)(966005)(9686003)(236005)(54896002)(478600001)(186003)(76116006)(7696005)(66946007)(76176011)(790700001)(6116002)(3846002)(476003)(486006)(4001150100001)(6436002)(99286004)(7736002)(66066001)(66446008)(8936002)(14454004)(66476007)(81156014)(81166006)(66556008)(606006)(5660300002)(64756008)(9326002)(33656002)(110136005)(86362001)(316002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3404; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: NSLAZOcDJOPy6S8srIu9tWg1XQwg7qiLSefuWmnKGbTCasmOG118ANL39ZWNOJkbiCJ/8uV67JzdTQANm+iC8sxu65scmCLnsAweE+qL2HnrrrjM6UarRnilHZzT0Q6gxlFKfQoFRz2wG+fehsBcfLn0uq9Ns6AviDObfoyjII09ptRmEPtI5EPDCRGxEACyOAo0LhVEQZiWTjgrhZbzE5j2ocHIE+k+kFfEQ9IAH1I++3hi8x8y3xHKvUGi8iYVREbjlJtBdi8OLfouSdliFDdZczprBCzAIiqf0bu4fKx71/xgHSfRafj38RGM1FkmV7RLQ/u3MySiwmVkzCOd0yvqqnbwiHVIrYZAAWRW4e+Q7x2y+YRKJ0xtL0/pBf+dGvx2DPkur6vCsk4BUngR2Ne901xMhvDy1DmwdQOjIjek6E652suK4jChmKVO33P4qBvcXQ4w5qE2zF8G1WvMzUL7g9TFdIpav5EFenmq228= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_HE1PR07MB3161985D8C013C96C04F46B3936F0HE1PR07MB3161eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 30e0dcd5-7a95-4c4a-4a5b-08d754e03bb8 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Oct 2019 22:03:54.6506 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xY/W+DWbonpfkVQW9cc3kd2g1XNeZQNNSmH4YEWob0D62E3sU87IEqxcVlTpA84GLpWnt9rrmEkQyrf7io1jDwzGAd9hR1Kh/eAYmB12WBs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3404 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2019 22:04:00 -0000 --_000_HE1PR07MB3161985D8C013C96C04F46B3936F0HE1PR07MB3161eurp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCldlIGFsc28gYWRkZWQgdGV4dCBhYm91dCB1c2luZyB0b2tlbiBjbGFpbXMgZm9yIGdy YW50aW5nIGFjY2VzcywgYXMgcmVxdWVzdGVkIGJ5IE9sbGUuDQoNClJlZ2FyZHMsDQoNCkNocmlz dGVyDQoNCkzDpGhldHTDpGrDpDogc2lwY29yZSA8c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPiBQ dW9sZXN0YSBSaWZhYXQgU2hla2gtWXVzZWYNCkzDpGhldGV0dHk6IGxhdWFudGFpIDE5LiBsb2th a3V1dGEgMjAxOSAyMy4yMw0KVmFzdGFhbm90dGFqYTogU0lQQ09SRSA8c2lwY29yZUBpZXRmLm9y Zz4NCkFpaGU6IFJlOiBbc2lwY29yZV0gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1zaXBjb3JlLXNp cC10b2tlbi1hdXRobnotMDQudHh0DQoNCkFsbCwNCg0KV2UgdXBkYXRlIHRoZSBkcmFmdCBiYXNl ZCBvbiB0aGUgbGF0ZXN0IGNvbW1lbnRzLCBtYWlubHkgZnJvbSBQYXVsLg0KUGxlYXNlLCB0YWtl IGEgbG9vayBhbmQgbGV0IHVzIGtub3cgd2hhdCB5b3UgdGhpbmsuDQoNClJlZ2FyZHMsDQogUmlm YWF0DQoNCg0KT24gU2F0LCBPY3QgMTksIDIwMTkgYXQgNDoyMSBQTSA8aW50ZXJuZXQtZHJhZnRz QGlldGYub3JnPG1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc+PiB3cm90ZToNCg0KQSBO ZXcgSW50ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQt RHJhZnRzIGRpcmVjdG9yaWVzLg0KVGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRlbSBvZiB0aGUgU2Vz c2lvbiBJbml0aWF0aW9uIFByb3RvY29sIENvcmUgV0cgb2YgdGhlIElFVEYuDQoNCiAgICAgICAg VGl0bGUgICAgICAgICAgIDogVGhpcmQtUGFydHkgVG9rZW4tYmFzZWQgQXV0aGVudGljYXRpb24g YW5kIEF1dGhvcml6YXRpb24gZm9yIFNlc3Npb24gSW5pdGlhdGlvbiBQcm90b2NvbCAoU0lQKQ0K ICAgICAgICBBdXRob3JzICAgICAgICAgOiBSaWZhYXQgU2hla2gtWXVzZWYNCiAgICAgICAgICAg ICAgICAgICAgICAgICAgQ2hyaXN0ZXIgSG9sbWJlcmcNCiAgICAgICAgICAgICAgICAgICAgICAg ICAgVmljdG9yIFBhc2N1YWwNCiAgICAgICAgRmlsZW5hbWUgICAgICAgIDogZHJhZnQtaWV0Zi1z aXBjb3JlLXNpcC10b2tlbi1hdXRobnotMDQudHh0DQogICAgICAgIFBhZ2VzICAgICAgICAgICA6 IDE0DQogICAgICAgIERhdGUgICAgICAgICAgICA6IDIwMTktMTAtMTkNCg0KQWJzdHJhY3Q6DQog ICBUaGlzIGRvY3VtZW50IGRlZmluZXMgYSBtZWNoYW5pc20gZm9yIFNJUCwgdGhhdCBpcyBiYXNl ZCBvbiB0aGUgT0F1dGgNCiAgIDIuMCBhbmQgT3BlbklEIENvbm5lY3QgQ29yZSAxLjAgc3BlY2lm aWNhdGlvbnMsIHRvIGVuYWJsZSB0aGUNCiAgIGRlbGVnYXRpb24gb2YgdGhlIHVzZXIgYXV0aGVu dGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb24NCiAgIGF1dGhvcml6YXRpb24gdG8gYSBkZWRp Y2F0ZWQgdGhpcmQtcGFydHkgZW50aXR5IHRoYXQgaXMgc2VwYXJhdGUgZnJvbQ0KICAgdGhlIFNJ UCBuZXR3b3JrIGVsZW1lbnRzIHRoYXQgcHJvdmlkZSB0aGUgU0lQIHNlcnZpY2UuDQoNCg0KVGhl IElFVEYgZGF0YXRyYWNrZXIgc3RhdHVzIHBhZ2UgZm9yIHRoaXMgZHJhZnQgaXM6DQpodHRwczov L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1 dGhuei8NCg0KVGhlcmUgYXJlIGFsc28gaHRtbGl6ZWQgdmVyc2lvbnMgYXZhaWxhYmxlIGF0Og0K aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4t YXV0aG56LTA0DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYuLm9yZy9kb2MvaHRtbC9kcmFmdC1p ZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0wNDxodHRwczovL2RhdGF0cmFja2VyLmlldGYu b3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTA0Pg0KDQpB IGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBpcyBhdmFpbGFibGUgYXQ6DQpodHRwczov L3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1h dXRobnotMDQNCg0KDQpQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEgY291cGxlIG9mIG1p bnV0ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNzaW9uDQp1bnRpbCB0aGUgaHRtbGl6ZWQgdmVy c2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnPGh0dHA6Ly90b29s cy5pZXRmLm9yZz4uDQoNCkludGVybmV0LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUgYnkgYW5v bnltb3VzIEZUUCBhdDoNCmZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvDQoNCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpzaXBjb3JlIG1h aWxpbmcgbGlzdA0Kc2lwY29yZUBpZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9yZz4NCmh0 dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lwY29yZQ0K --_000_HE1PR07MB3161985D8C013C96C04F46B3936F0HE1PR07MB3161eurp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uU2hrcG9zdGl0eXlsaTE4DQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3Np emU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7 fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPjwh LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3Bp ZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s Pg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRh dGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8 Ym9keSBsYW5nPSJFTi1HQiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNz PSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1m YXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IaSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+V2UgYWxzbyBhZGRlZCB0ZXh0IGFib3V0 IHVzaW5nIHRva2VuIGNsYWltcyBmb3IgZ3JhbnRpbmcgYWNjZXNzLCBhcyByZXF1ZXN0ZWQgYnkg T2xsZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5n dWFnZTpFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJt c28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+Q2hyaXN0ZXI8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6 RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxiPjxzcGFuIGxhbmc9IkZJIj5Mw6RoZXR0w6Rqw6Q6PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJG SSI+IHNpcGNvcmUgJmx0O3NpcGNvcmUtYm91bmNlc0BpZXRmLm9yZyZndDsNCjxiPlB1b2xlc3Rh IDwvYj5SaWZhYXQgU2hla2gtWXVzZWY8YnI+DQo8Yj5Mw6RoZXRldHR5OjwvYj4gbGF1YW50YWkg MTkuIGxva2FrdXV0YSAyMDE5IDIzLjIzPGJyPg0KPGI+VmFzdGFhbm90dGFqYTo8L2I+IFNJUENP UkUgJmx0O3NpcGNvcmVAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+QWloZTo8L2I+IFJlOiBbc2lwY29y ZV0gSS1EIEFjdGlvbjogZHJhZnQtaWV0Zi1zaXBjb3JlLXNpcC10b2tlbi1hdXRobnotMDQudHh0 PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFsbCw8bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPldlIHVwZGF0ZSB0aGUgZHJh ZnQgYmFzZWQgb24gdGhlIGxhdGVzdCBjb21tZW50cywgbWFpbmx5IGZyb20gUGF1bC48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlBsZWFzZSwgdGFr ZSBhIGxvb2sgYW5kIGxldCB1cyBrbm93IHdoYXQgeW91IHRoaW5rLjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5SZWdhcmRzLDxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7UmlmYWF0PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24g U2F0LCBPY3QgMTksIDIwMTkgYXQgNDoyMSBQTSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmludGVybmV0 LWRyYWZ0c0BpZXRmLm9yZyI+aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPC9hPiZndDsgd3JvdGU6 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTti b3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7 bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48YnI+DQpBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGlu ZSBJbnRlcm5ldC1EcmFmdHMgZGlyZWN0b3JpZXMuPGJyPg0KVGhpcyBkcmFmdCBpcyBhIHdvcmsg aXRlbSBvZiB0aGUgU2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIENvcmUgV0cgb2YgdGhlIElF VEYuPGJyPg0KPGJyPg0KJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IFRpdGxlJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDs6IFRoaXJkLVBhcnR5IFRva2VuLWJhc2Vk IEF1dGhlbnRpY2F0aW9uIGFuZCBBdXRob3JpemF0aW9uIGZvciBTZXNzaW9uIEluaXRpYXRpb24g UHJvdG9jb2wgKFNJUCk8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgQXV0aG9ycyZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDs6IFJpZmFhdCBTaGVraC1ZdXNlZjxicj4N CiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBDaHJpc3RlciBIb2xtYmVyZzxicj4N CiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBWaWN0b3IgUGFzY3VhbDxicj4NCiZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBGaWxlbmFtZSZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyA6IGRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTA0LnR4dDxicj4NCiZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBQYWdlcyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7OiAxNDxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBEYXRl Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgOiAyMDE5LTEwLTE5PGJy Pg0KPGJyPg0KQWJzdHJhY3Q6PGJyPg0KJm5ic3A7ICZuYnNwO1RoaXMgZG9jdW1lbnQgZGVmaW5l cyBhIG1lY2hhbmlzbSBmb3IgU0lQLCB0aGF0IGlzIGJhc2VkIG9uIHRoZSBPQXV0aDxicj4NCiZu YnNwOyAmbmJzcDsyLjAgYW5kIE9wZW5JRCBDb25uZWN0IENvcmUgMS4wIHNwZWNpZmljYXRpb25z LCB0byBlbmFibGUgdGhlPGJyPg0KJm5ic3A7ICZuYnNwO2RlbGVnYXRpb24gb2YgdGhlIHVzZXIg YXV0aGVudGljYXRpb24gYW5kIFNJUCByZWdpc3RyYXRpb248YnI+DQombmJzcDsgJm5ic3A7YXV0 aG9yaXphdGlvbiB0byBhIGRlZGljYXRlZCB0aGlyZC1wYXJ0eSBlbnRpdHkgdGhhdCBpcyBzZXBh cmF0ZSBmcm9tPGJyPg0KJm5ic3A7ICZuYnNwO3RoZSBTSVAgbmV0d29yayBlbGVtZW50cyB0aGF0 IHByb3ZpZGUgdGhlIFNJUCBzZXJ2aWNlLjxicj4NCjxicj4NCjxicj4NClRoZSBJRVRGIGRhdGF0 cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOjxicj4NCjxhIGhyZWY9Imh0dHBz Oi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4t YXV0aG56LyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9j L2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LzwvYT48YnI+DQo8YnI+DQpUaGVy ZSBhcmUgYWxzbyBodG1saXplZCB2ZXJzaW9ucyBhdmFpbGFibGUgYXQ6PGJyPg0KPGEgaHJlZj0i aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4t YXV0aG56LTA0IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTA0PC9hPjxicj4NCjxhIGhyZWY9Imh0 dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLXNp cC10b2tlbi1hdXRobnotMDQiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL2RhdGF0cmFja2VyLmll dGYuLm9yZy9kb2MvaHRtbC9kcmFmdC1pZXRmLXNpcGNvcmUtc2lwLXRva2VuLWF1dGhuei0wNDwv YT48YnI+DQo8YnI+DQpBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBpcyBhdmFpbGFi bGUgYXQ6PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRy YWZ0LWlldGYtc2lwY29yZS1zaXAtdG9rZW4tYXV0aG56LTA0IiB0YXJnZXQ9Il9ibGFuayI+aHR0 cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2lwY29yZS1zaXAtdG9r ZW4tYXV0aG56LTA0PC9hPjxicj4NCjxicj4NCjxicj4NClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5 IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb248YnI+ DQp1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IDxh IGhyZWY9Imh0dHA6Ly90b29scy5pZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPg0KdG9vbHMuaWV0 Zi5vcmc8L2E+Ljxicj4NCjxicj4NCkludGVybmV0LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUg YnkgYW5vbnltb3VzIEZUUCBhdDo8YnI+DQo8YSBocmVmPSJmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50 ZXJuZXQtZHJhZnRzLyIgdGFyZ2V0PSJfYmxhbmsiPmZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5l dC1kcmFmdHMvPC9hPjxicj4NCjxicj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fPGJyPg0Kc2lwY29yZSBtYWlsaW5nIGxpc3Q8YnI+DQo8YSBocmVmPSJt YWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8 L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9z aXBjb3JlIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9zaXBjb3JlPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_HE1PR07MB3161985D8C013C96C04F46B3936F0HE1PR07MB3161eurp_-- From nobody Sun Oct 20 12:32:43 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DEFA12001A; Sun, 20 Oct 2019 12:32:42 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Jean Mahoney via Datatracker To: X-Test-IDTracker: no X-IETF-IDTracker: 6.106.0 Auto-Submitted: auto-generated Precedence: bulk Cc: Jean Mahoney , sipcore@ietf.org, iesg-secretary@ietf.org, mahoney@nostrum.com, sipcore-chairs@ietf.org Message-ID: <157159996245.5389.1556215982214983712.idtracker@ietfa.amsl.com> Date: Sun, 20 Oct 2019 12:32:42 -0700 Archived-At: Subject: [sipcore] Publication has been requested for draft-ietf-sipcore-locparam-04 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2019 19:32:43 -0000 Jean Mahoney has requested publication of draft-ietf-sipcore-locparam-04 as Proposed Standard on behalf of the SIPCORE working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-sipcore-locparam/ From nobody Mon Oct 21 08:40:35 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C1C11200E0 for ; Mon, 21 Oct 2019 08:40:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wAaxN0KyyBMb for ; Mon, 21 Oct 2019 08:40:29 -0700 (PDT) Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710089.outbound.protection.outlook.com [40.107.71.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AA7D120098 for ; Mon, 21 Oct 2019 08:40:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GYImf7xhJxLsiKkqR02wedYrqIfhWND0ZIBfK6pymNuSUsZ97KRjpsHJtwmPxqRZWsqQy4r6MjDwYyFJKm7UBaj477RdFYGiuN29b9vW4yNe6DJ13cSF8Tt4Rnbl6sXFw89SK7c0LDg95INrUF+ATPC4mboGeOoDjuaajjavF8hVPAy9oEohCaCXGWRqAcBjZg6qJeWRDWCAEH0O0orAgGHllpFwYTywpjRdwwqDDL2hPr3TkYzH5vb6jy3kpXv78Ych23a5iAYtj7oAZnxc0gaF7RS+GpwlaL7uVKRr+ote0lt3JmEDKmxn4qsC8KIqbkUaCAyRCn/Efr0beu8NYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OHxsul2k2Y7KFxqTcs4pPy69renkHxarCpVmiywk96E=; b=Nk0cAzt+7jI0j9317UgEcvwv4g1oaiz7M9kFFDUnSpZ/RkDOdy3OLeKevj/jc4KjOcooziFnIS5ItsWVxvjzkTwEd1sFrZCvxPz5NWS9ERFLUM7k2eSX2vriolAahoQHZTLFNqzxNUbd85Xa0ZKjOqpMERD6gLFEDc48wDL8i52eHEAfH0q4iQ2EwTSyPBSDDiuAfYXz9AxvsVi78aQnwvftvOpFKBdskVf+1U2+z1HE1+syBOsY1DcXku4QbN34Z9JAphbPwkLzpke2lPHOTie0bUK3/NRm+CY5hfAu1LCNXtCDSMiflXJvSxmSc51gO3fsX7bSimDErDeBR8OjLQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OHxsul2k2Y7KFxqTcs4pPy69renkHxarCpVmiywk96E=; b=EU1bRVfad/3MwsO/im4NkC22DGAhvMEmw4Wh5pZsaQitejZqb09RMKLKDbZSjqPoX5WB381uuCOjh2beqJO2TdfOmFdRLb0ZjUkUhKDY55cJftGEvl4YmecqJaBIppLhiFuPVFlAdSvlPMtH3K5l7dZ5PsH6fUBQprocrthGSWc= Received: from DM3PR12CA0090.namprd12.prod.outlook.com (2603:10b6:0:57::34) by CY4PR12MB1541.namprd12.prod.outlook.com (2603:10b6:910:7::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.17; Mon, 21 Oct 2019 15:40:25 +0000 Received: from CY1NAM02FT009.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e45::203) by DM3PR12CA0090.outlook.office365.com (2603:10b6:0:57::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2367.21 via Frontend Transport; Mon, 21 Oct 2019 15:40:25 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT009.mail.protection.outlook.com (10.152.75.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2367.14 via Frontend Transport; Mon, 21 Oct 2019 15:40:25 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9LFeNKB018589 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Mon, 21 Oct 2019 11:40:23 -0400 To: sipcore@ietf.org References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <73c0eeaf-1341-8480-3379-7562a6d0e62c@alum.mit.edu> Date: Mon, 21 Oct 2019 11:40:23 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(376002)(136003)(396003)(346002)(39860400002)(199004)(189003)(66574012)(8936002)(86362001)(6246003)(70586007)(70206006)(58126008)(76130400001)(2361001)(246002)(76176011)(2351001)(126002)(186003)(486006)(26005)(7596002)(50466002)(47776003)(75432002)(305945005)(446003)(11346002)(476003)(336012)(4001150100001)(956004)(2616005)(53546011)(106002)(31686004)(31696002)(6916009)(65806001)(5660300002)(65956001)(229853002)(36906005)(966005)(786003)(316002)(14444005)(8676002)(356004)(478600001)(26826003)(2906002)(2870700001)(88552002)(6306002)(2486003)(23676004); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1541; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4bb6cab5-4a1a-43a6-15f6-08d7563cfdf3 X-MS-TrafficTypeDiagnostic: CY4PR12MB1541: X-MS-Exchange-PUrlCount: 6 X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 0197AFBD92 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: o+gZhYg2OyQegztfg23ZfMFSkWMZmHZhXwsLWU25kcl/C8VKb/VU9KDaROS6LzAsFTzs7h2OoVTVBa9j3NUPH+lAqjfvKsOOsPmayHv2dV7Gmg3sca+2sihEhaS+qAv+Wn/F2neoAEAz0S4UPqisLAtzrQbXiS9bP3P6lC7sf3a4VKHZBPLuhWl9TtudwPk5pHwYIU6oABI9gt3hwAfNCDlaEuDf2SnOYoYePaV8NQNbSSUBlRSq9vs7+IgTGU64kAXcGU/3vWtzPp60j97vwg8NvDSB2Ur08vC9pivjqgiqZmX9BiMa71X31lMP2IC0Mz3NddUXA4io6evFHFhvcPzUXbk78lVWuF5AFGXSpJuGiiEA8a7BCSa6ltQaxuM4ZRsWg817AqR7XvsfaedW0WrGBIuHu4Y04NPDN3VdcEkEsSrBsWHiG+tH1QHSztQiZD+q0jR+bXlVlzcW/5yUnsheYvotPxw0RRV62MVi/C4= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2019 15:40:25.1875 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4bb6cab5-4a1a-43a6-15f6-08d7563cfdf3 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1541 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 15:40:33 -0000 Rifaat, On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote: > All, > > We update the draft based on the latest comments, mainly from Paul. > Please, take a look and let us know what you think. Thanks. This is better. I have some followup questions to broaden my understanding. (Once I understand better, I may have some suggestions on how to make the document clearer in this regard.) IIUC, upon getting a challenge for which there is no cached response, the typical expected behavior for a UA is to launch a browser using the URL from the authz-server-value in the challenge. Is that right? I'm not clear on the sequence of events following that. IOW, I'm looking for more detail on step [3] in the figure in section 5.1. I would expect that this first action of the browser will result in the AS returning a form to the browser that will be displayed to the user. Then the user will presumably need to fill in that form and send it to the AS. And this may involve a dialog of multiple exchanges. This will presumably eventually end with a response from the AS containing a token. How does the UA recognize this as the completion of the dialog? In particular, does the UA need to know anything about the AS or the authentication environment in which it is operating? Or is this consistent across all types of AS? Also, I gather there can be different kinds of token in the response. Is this of concern to the UA? Or does the UA blindly pass the resulting token on to the registrar, so that the registrar can decide what to do with it? Another point I want to follow up on is: you have now clarified that the authz-server-value contains a URL referencing the AS. Why not tighten the syntax to specify the allowed value types? I presume you intend this to be something that a browser can use to query the AS. The obvious type for this is an HTTPS URL. I am guessing that you are leaving this vague to allow other types that might be supported by browsers and ASs. But presumably there is something you can say about the properties expected of this URL. I guess it ought to be something that is generally supported by browsers, and that can be used to reference forms. (E.g., a SIP URL wouldn't be appropriate here.) Thanks, Paul > > Regards, >  Rifaat > > > On Sat, Oct 19, 2019 at 4:21 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-04.txt >         Pages           : 14 >         Date            : 2019-10-19 > > Abstract: >    This document defines a mechanism for SIP, that is based on the > OAuth >    2.0 and OpenID Connect Core 1.0 specifications, to enable the >    delegation of the user authentication and SIP registration >    authorization to a dedicated third-party entity that is separate > from >    the SIP network elements that provide the SIP service. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Tue Oct 22 01:38:10 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A3593120047; Tue, 22 Oct 2019 01:38:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Roni Even via Datatracker To: Cc: last-call@ietf.org, sipcore@ietf.org, draft-ietf-sipcore-digest-scheme.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.107.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Roni Even Message-ID: <157173348155.3011.12458315336826264414@ietfa.amsl.com> Date: Tue, 22 Oct 2019 01:38:01 -0700 Archived-At: Subject: [sipcore] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 08:38:02 -0000 Reviewer: Roni Even Review result: Almost Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at . Document: draft-ietf-sipcore-digest-scheme-?? Reviewer: Roni Even Review Date: 2019-10-22 IETF LC End Date: None IESG Telechat date: 2019-10-31 Summary: The document is almost ready for publication as a standard track RFC Major issues: Minor issues: 1. In section 2.4 " If the UAC cannot respond to any of the challenges in the response, then it SHOULD abandon attempts to send the request, e.g. if the UAC does not have credentials or has stale credentials for any of the realms, unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " If no credentials for a realm can be located, UACs MAY attempt to retry the request with a username of "anonymous" and no password (a password of ""). Is this deprecated ? 2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it 3. it may be good to have a backward compatibility section. Nits/editorial comments: From nobody Tue Oct 22 12:55:59 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8E291200D6; Tue, 22 Oct 2019 12:55:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWRn-1lkD9qK; Tue, 22 Oct 2019 12:55:43 -0700 (PDT) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A51D5120077; Tue, 22 Oct 2019 12:55:40 -0700 (PDT) Received: by mail-io1-xd36.google.com with SMTP id t18so17857243iog.2; Tue, 22 Oct 2019 12:55:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FuBnfVDwdJcU8xFCUmu45E9P1VjALz556Q7L9+zedfs=; b=PVN7xhzg/RT0xLRBf8nW+VQXDg2tFnaCKaj81wd+Z9R9V08DfPUBsriiVoOqdoqVVS KE46lbOERtJ6DUQ4ityGkjeFku4Z1MH6bYk7fJ+jKsSToKNeoFpsT6brWlwxb9JVDLTS Oud8I7+4Uoi1kpJ2LytQyVj6qHJxfV/H5pp+Ah7+ZHroTl3xha+tph5ZP4sxZNedWaNe beB8GvWdJEC4EP5C8XLAqOn0mSrQjpvCX50C5FT75D84RwSINcW+lk5XwUunxSEzfm31 v2QqWDlf/7A7HnPfZcA2JnEnvOVOcxaXIu7x2KBMfx+vxSAB4JhCVlgAO22/njn7b3da kHUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FuBnfVDwdJcU8xFCUmu45E9P1VjALz556Q7L9+zedfs=; b=YHI3PixOcmu/l3hPlXgltSPZoqFcLNe75ghz/x0qtsjpujaaWbrwxHc3cGJYr8lTdV NaobzsG+n9vkSamjW08txq4BBcHyaeyBcSAECFMIATnss6F3S4zPaGqE2PE+iJSfZv+/ iiyg2m6veA1gggpt3Edh83osZgz5C5S6bqqgNrouZwwAkcaasnJedEn+THNq9kG4BDz+ bQKDYpcgrisfR2r/rrcpalgvylGWT3pjVjICHEQuqzV/SLAQx4g8cfEdJ11koc0MvyaP wujfj6/MsUN40ckVLbk9fOPW4fsao5ScQS8v6oP2jjq48EUMu1I6YmNZ3JsZRxfgYhV4 0VzA== X-Gm-Message-State: APjAAAUoXUyysARPLYZ5BNLGESmzk935uLjQrj7w0HzHEV+cx1oAUAxW UQMO5C9W8EWhT6/MZQ4ijiGbzP9nrXgXMa+y4YM= X-Google-Smtp-Source: APXvYqxFMrik2HdnFBlBf/wRyKKowpZc8tWDLusffd7sPREPmgyi4CuibTWV3mikAfvlZOj8wIah8jlIY2thz8rYALU= X-Received: by 2002:a02:40c6:: with SMTP id n189mr5601491jaa.121.1571774139803; Tue, 22 Oct 2019 12:55:39 -0700 (PDT) MIME-Version: 1.0 References: <157173348155.3011.12458315336826264414@ietfa.amsl.com> In-Reply-To: <157173348155.3011.12458315336826264414@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Tue, 22 Oct 2019 15:55:28 -0400 Message-ID: To: Roni Even Cc: gen-art@ietf.org, last-call@ietf.org, SIPCORE , draft-ietf-sipcore-digest-scheme.all@ietf.org Content-Type: multipart/alternative; boundary="000000000000452eb20595852f9a" Archived-At: Subject: Re: [sipcore] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Oct 2019 19:55:47 -0000 --000000000000452eb20595852f9a Content-Type: text/plain; charset="UTF-8" Thanks Roni! See my replies below. Regards, Rifaat On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatracker wrote: > Reviewer: Roni Even > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > > . > > Document: draft-ietf-sipcore-digest-scheme-?? > Reviewer: Roni Even > Review Date: 2019-10-22 > IETF LC End Date: None > IESG Telechat date: 2019-10-31 > > Summary: > The document is almost ready for publication as a standard track RFC > > Major issues: > > Minor issues: > > 1. In section 2.4 " If the UAC cannot respond to any of the challenges in > the > response, then it SHOULD abandon attempts to send the request, e.g. if the > UAC > does not have credentials or has stale credentials for any of the > realms, > unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " > If no > credentials for a realm can be located, UACs MAY attempt to retry the > request with a username of "anonymous" and no password (a password of > ""). > Is this deprecated ? > > No, it is not deprecated by this document, and that part is covered by the last sentence of the quoted paragraph, which talks about a local policy. > 2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it > These changes are provided in the context of RFC7616, so if an implementation supports "-sess" it could always refer to that document for these details. > 3. it may be good to have a backward compatibility section. > > I believe we covered that in the security consideration section. Do you see anything missing there? Regards, Rifaat > Nits/editorial comments: > > > --000000000000452eb20595852f9a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Roni!

See my re= plies=C2=A0below.

Regards,
=C2=A0Rifaat<= /div>


On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatrack= er <noreply@ietf.org> wrote:<= br>
Reviewer: Roni E= ven
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq&g= t;.

Document: draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: None
IESG Telechat date: 2019-10-31

Summary:
The document is almost ready for publication as a standard track RFC

Major issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the challenges= in the
response, then it SHOULD abandon attempts to send the request, e.g. if the = UAC
=C2=A0 =C2=A0does not have credentials or has stale credentials for any of = the realms,
=C2=A0 =C2=A0unless a local policy dictates otherwise." Yet RFC3261 se= ction 22.2 " If no
=C2=A0 =C2=A0credentials for a realm can be located, UACs MAY attempt to re= try the
=C2=A0 =C2=A0request with a username of "anonymous" and no passwo= rd (a=C2=A0 password of "").
=C2=A0 =C2=A0Is this deprecated ?


No, it is not deprecated by this docum= ent, and that part is covered by the last sentence of the quoted paragraph,= which talks about a local policy.

=C2=A0
2. RFC3261 algorithm includes "MD5-sess" while section 2.6 remove= d it

These changes are provided in the = context of RFC7616, so if an implementation supports "-sess" it c= ould always refer to that document for these details.

<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">
3. it may be good to have a backward compatibility section.

I believe we covered that in the security considerati= on section. Do you see anything missing there?

Reg= ards,
=C2=A0Rifaat

=C2=A0
Nits/editorial comments:


--000000000000452eb20595852f9a-- From nobody Tue Oct 22 17:45:47 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D133012022D for ; Tue, 22 Oct 2019 17:45:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsWHyZx6pEkq for ; Tue, 22 Oct 2019 17:45:43 -0700 (PDT) Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75DBA12021C for ; Tue, 22 Oct 2019 17:45:43 -0700 (PDT) Received: by mail-io1-xd35.google.com with SMTP id q1so22840511ion.1 for ; Tue, 22 Oct 2019 17:45:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EqXtBFWK4kpP6nN48KFnTiQ3gYswAWTQ45+FK9tCUsA=; b=UCXHYXxaj2JMbiwKRFnqXbwf4OxyWQ4HT+ndYIz3nfYRj59z9JsCxZDMjtoUXU+m37 DikMAw0RjoM2zyXhKYanRlIuW50x7NQ9pRXvMa5ksuUB5tH8FXxaLNU14kSn7BOTp6qZ KUtgx0UdpE+zh8gel8bFEM9EuHlW1IGjOGjA1wGBfwisnENhDjuH5syiUF2reynn3/p/ cuz1gB8xNCFd7mpRVe26vw0EpAqsxkrqY+aEtRs1BAyJdsoPMc1QS5JfhNMExsndE+HX JWhgwcleBuB5AL7R0n/B5mwhSwedIAMYWFLlyDsn0PxSDxrC+Iqorfnnl7TKRJkn1mp+ uz8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EqXtBFWK4kpP6nN48KFnTiQ3gYswAWTQ45+FK9tCUsA=; b=iiD8HdYzYryeSdcQGGXUggewfxe+DgwUzNKZmr2ZLAGmfq9OgFdqj5Omw5tnE2Iba+ xDlqojU89B692XcMaTnSqJGXx0Qg5SyvawkMyxTeIGpZdP/6Renovf2pSL3l1U51biAj K4BXfBnS5khDbqgdNmDOGGsftwWd3TiuWRLYc9wVlFjtg9GQZUIL9C2bvfPjatIfiWDb JFzABdBsBwH8ryJ9tgnrtgbB3AiLuIBBmYdjQAqZvuU9ucGwudNFgznBvoTNfH2LCPuy SyXY509fsl7lub3ZBA7GYGYufNFufRE6C8Th8iWHAr9GPpnBEwF+HQIGZ6liRjpfHl6y XKNA== X-Gm-Message-State: APjAAAU2jTU5cB3DoAibGxQRFHUz67MZFbpP7kP2ymm6hqeKqRxcxBoA jN2KkrO66fxlPj5mjC9jCNihoaVuXj9scmeFuH4Mu31q X-Google-Smtp-Source: APXvYqyUMk0xUH7XcxlbBaVigW4KfeWjnmmuzRN+8bBEE7uP7yvWZIfbNsX+u7As++5TmYxkc3XsUSWpr51ao3ZoQrM= X-Received: by 2002:a6b:5908:: with SMTP id n8mr695118iob.31.1571791542707; Tue, 22 Oct 2019 17:45:42 -0700 (PDT) MIME-Version: 1.0 References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> <73c0eeaf-1341-8480-3379-7562a6d0e62c@alum.mit.edu> In-Reply-To: <73c0eeaf-1341-8480-3379-7562a6d0e62c@alum.mit.edu> From: Rifaat Shekh-Yusef Date: Tue, 22 Oct 2019 20:45:32 -0400 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000906b540595893c6b" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 00:45:46 -0000 --000000000000906b540595893c6b Content-Type: text/plain; charset="UTF-8" On Mon, Oct 21, 2019 at 11:40 AM Paul Kyzivat wrote: > Rifaat, > > On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > We update the draft based on the latest comments, mainly from Paul. > > Please, take a look and let us know what you think. > > Thanks. This is better. I have some followup questions to broaden my > understanding. (Once I understand better, I may have some suggestions on > how to make the document clearer in this regard.) > > IIUC, upon getting a challenge for which there is no cached response, > the typical expected behavior for a UA is to launch a browser using the > URL from the authz-server-value in the challenge. Is that right? > > I'm not clear on the sequence of events following that. IOW, I'm looking > for more detail on step [3] in the figure in section 5.1. I would expect > that this first action of the browser will result in the AS returning a > form to the browser that will be displayed to the user. Then the user > will presumably need to fill in that form and send it to the AS. And > this may involve a dialog of multiple exchanges. This will presumably > eventually end with a response from the AS containing a token. How does > the UA recognize this as the completion of the dialog? > In this specific case, take a look at the following flow in the RFC that defines this mechanism: https://tools.ietf.org/html/rfc8252#section-4.1 > In particular, does the UA need to know anything about the AS or the > authentication environment in which it is operating? Or is this > consistent across all types of AS? > > The UA needs to know if it is an OAuth AS or and OpenID Connect server to know to request access and refresh tokens only or in addition to ask for an id token. > Also, I gather there can be different kinds of token in the response. Is > this of concern to the UA? Or does the UA blindly pass the resulting > token on to the registrar, so that the registrar can decide what to do > with it? > > The UA will only pass the Access Token to the registrar. The refresh token is used by the UA to obtain new access token from the AS and will never be passed to any other entity. The id token is consumed by the UA only to get more information about the user, e.g. SIP AOR. Another point I want to follow up on is: you have now clarified that the > authz-server-value contains a URL referencing the AS. Why not tighten > the syntax to specify the allowed value types? Can you elaborate on what you mean "value types"? Regards, Rifaat > I presume you intend this > to be something that a browser can use to query the AS. The obvious type > for this is an HTTPS URL. I am guessing that you are leaving this vague > to allow other types that might be supported by browsers and ASs. But > presumably there is something you can say about the properties expected > of this URL. I guess it ought to be something that is generally > supported by browsers, and that can be used to reference forms. (E.g., a > SIP URL wouldn't be appropriate here.) > > Thanks, > Paul > > > > > Regards, > > Rifaat > > > > > > On Sat, Oct 19, 2019 at 4:21 PM > > wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Session Initiation Protocol Core WG > > of the IETF. > > > > Title : Third-Party Token-based Authentication > > and Authorization for Session Initiation Protocol (SIP) > > Authors : Rifaat Shekh-Yusef > > Christer Holmberg > > Victor Pascual > > Filename : draft-ietf-sipcore-sip-token-authnz-04.txt > > Pages : 14 > > Date : 2019-10-19 > > > > Abstract: > > This document defines a mechanism for SIP, that is based on the > > OAuth > > 2.0 and OpenID Connect Core 1.0 specifications, to enable the > > delegation of the user authentication and SIP registration > > authorization to a dedicated third-party entity that is separate > > from > > the SIP network elements that provide the SIP service. > > > > > > The IETF datatracker status page for this draft is: > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > > > > > A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org > > . > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000906b540595893c6b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Oct 21, 2019 at 11:40 AM Paul= Kyzivat <pkyzivat@alum.mit.edu= > wrote:
= Rifaat,

On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote:
> All,
>
> We update the draft based on the latest comments, mainly from Paul. > Please, take a look and let us know what you think.

Thanks. This is better. I have some followup questions to broaden my
understanding. (Once I understand better, I may have some suggestions on how to make the document clearer in this regard.)

IIUC, upon getting a challenge for which there is no cached response,
the typical expected behavior for a UA is to launch a browser using the URL from the authz-server-value in the challenge. Is that right?

I'm not clear on the sequence of events following that. IOW, I'm lo= oking
for more detail on step [3] in the figure in section 5.1. I would expect that this first action of the browser will result in the AS returning a form to the browser that will be displayed to the user. Then the user
will presumably need to fill in that form and send it to the AS. And
this may involve a dialog of multiple exchanges. This will presumably
eventually end with a response from the AS containing a token. How does the UA recognize this as the completion of the dialog?
=C2=A0
In this specific case, take a look at the following flow = in the RFC that defines this mechanism:
=C2=A0=C2=A0


In particular, does the UA need to know anything about the AS or the
authentication environment in which it is operating? Or is this
consistent across all types of AS?

The UA needs to know if it is an OAuth AS or and Open= ID Connect server to know to request access and refresh tokens only or=20 in addition to ask for an id token.

=C2=A0
Also, I gather there can be different kinds of token in the response. Is this of concern to the UA? Or does the UA blindly pass the resulting
token on to the registrar, so that the registrar can decide what to do
with it?

The UA will only pass the Access Token to the registr= ar.
The refresh token is used by the UA to obtain new access toke= n from the AS and will never be passed to any other entity.
The i= d token is consumed by the UA only to get more information about the user, = e.g. SIP AOR.
=C2=A0

Another point I want to follow up on is: you have now clarified that the authz-server-value contains a URL referencing the AS. Why not tighten
the syntax to specify the allowed value types?
=C2=A0
Can you elaborate on what you mean "value types"?

Regards,
=C2=A0Rifaat

= =C2=A0
I presume you= intend this
to be something that a browser can use to query the AS. The obvious type for this is an HTTPS URL. I am guessing that you are leaving this vague to allow other types that might be supported by browsers and ASs. But
presumably there is something you can say about the properties expected of this URL. I guess it ought to be something that is generally
supported by browsers, and that can be used to reference forms. (E.g., a SIP URL wouldn't be appropriate here.)

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul

>
> Regards,
>=C2=A0 =C2=A0Rifaat
>
>
> On Sat, Oct 19, 2019 at 4:21 PM <internet-drafts@ietf.org
> <mailto:internet-drafts@ietf.org>> wrote:
>
>
>=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is available from the on-line = Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0This draft is a work item of the Session Initiation= Protocol Core WG
>=C2=A0 =C2=A0 =C2=A0of the IETF.
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based Authentication
>=C2=A0 =C2=A0 =C2=A0and Authorization for Session Initiation Protocol (= SIP)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer Holmberg
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor Pascual
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 = =C2=A0 =C2=A0 : draft-ietf-sipcore-sip-token-authnz-04.txt
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 : 2019-10-19
>
>=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This document defines a mechanism for= SIP, that is based on the
>=C2=A0 =C2=A0 =C2=A0OAuth
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02.0 and OpenID Connect Core 1.0 speci= fications, to enable the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0delegation of the user authentication= and SIP registration
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authorization to a dedicated third-pa= rty entity that is separate
>=C2=A0 =C2=A0 =C2=A0from
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the SIP network elements that provide= the SIP service.
>
>
>=C2=A0 =C2=A0 =C2=A0The IETF datatracker status page for this draft is:=
>=C2=A0 =C2=A0 =C2=A0https:/= /datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/
>
>=C2=A0 =C2=A0 =C2=A0There are also htmlized versions available at:
>=C2=A0 =C2=A0 =C2=A0https://to= ols.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-04
>=C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-auth= nz-04>
>
>=C2=A0 =C2=A0 =C2=A0A diff from the previous version is available at: >=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-04
>
>
>=C2=A0 =C2=A0 =C2=A0Please note that it may take a couple of minutes fr= om the time of
>=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0until the htmlized version and diff are available a= t to= ols.ietf.org
>=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org>.
>
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also available by anonymous FTP= at:
>=C2=A0 =C2=A0 =C2=A0ftp://ftp.ietf.org/internet-drafts/ >
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org=
> https://www.ietf.org/mailman/listinfo/sipcore<= br> >

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000906b540595893c6b-- From nobody Tue Oct 22 22:43:41 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E18CA120058; Tue, 22 Oct 2019 22:43:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O5mit-g_FowK; Tue, 22 Oct 2019 22:43:26 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EF6F120024; Tue, 22 Oct 2019 22:43:26 -0700 (PDT) Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 08484FA8F1CF747E52E5; Wed, 23 Oct 2019 06:43:22 +0100 (IST) Received: from DGGEMM421-HUB.china.huawei.com (10.1.198.38) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 23 Oct 2019 06:43:21 +0100 Received: from DGGEMM506-MBX.china.huawei.com ([169.254.3.89]) by dggemm421-hub.china.huawei.com ([10.1.198.38]) with mapi id 14.03.0439.000; Wed, 23 Oct 2019 13:43:14 +0800 From: "Roni Even (A)" To: Rifaat Shekh-Yusef , Roni Even CC: "last-call@ietf.org" , "gen-art@ietf.org" , SIPCORE , "draft-ietf-sipcore-digest-scheme.all@ietf.org" Thread-Topic: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 Thread-Index: AQHViRLSQ7R64lV9bkWHewyHEr3U66dntzAw Date: Wed, 23 Oct 2019 05:43:13 +0000 Message-ID: <6E58094ECC8D8344914996DAD28F1CCD23D93020@DGGEMM506-MBX.china.huawei.com> References: <157173348155.3011.12458315336826264414@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.200.202.54] Content-Type: multipart/alternative; boundary="_000_6E58094ECC8D8344914996DAD28F1CCD23D93020DGGEMM506MBXchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [sipcore] [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 05:43:29 -0000 --_000_6E58094ECC8D8344914996DAD28F1CCD23D93020DGGEMM506MBXchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UmlmYWF0IHRoYW5rcywNClNlZSBpbiBsaW5lDQpSb25pDQoNCg0KT24gVHVlLCBPY3QgMjIsIDIw MTkgYXQgNDozOCBBTSBSb25pIEV2ZW4gdmlhIERhdGF0cmFja2VyIDxub3JlcGx5QGlldGYub3Jn PG1haWx0bzpub3JlcGx5QGlldGYub3JnPj4gd3JvdGU6DQpSZXZpZXdlcjogUm9uaSBFdmVuDQpS ZXZpZXcgcmVzdWx0OiBBbG1vc3QgUmVhZHkNCg0KSSBhbSB0aGUgYXNzaWduZWQgR2VuLUFSVCBy ZXZpZXdlciBmb3IgdGhpcyBkcmFmdC4gVGhlIEdlbmVyYWwgQXJlYQ0KUmV2aWV3IFRlYW0gKEdl bi1BUlQpIHJldmlld3MgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZA0KYnkgdGhl IElFU0cgZm9yIHRoZSBJRVRGIENoYWlyLiBQbGVhc2Ugd2FpdCBmb3IgZGlyZWN0aW9uIGZyb20g eW91cg0KZG9jdW1lbnQgc2hlcGhlcmQgb3IgQUQgYmVmb3JlIHBvc3RpbmcgYSBuZXcgdmVyc2lv biBvZiB0aGUgZHJhZnQuDQoNCkZvciBtb3JlIGluZm9ybWF0aW9uLCBwbGVhc2Ugc2VlIHRoZSBG QVEgYXQNCg0KPGh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL2dlbi93aWtpL0dlbkFydGZhcT4u DQoNCkRvY3VtZW50OiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0/Pw0KUmV2aWV3 ZXI6IFJvbmkgRXZlbg0KUmV2aWV3IERhdGU6IDIwMTktMTAtMjINCklFVEYgTEMgRW5kIERhdGU6 IE5vbmUNCklFU0cgVGVsZWNoYXQgZGF0ZTogMjAxOS0xMC0zMQ0KDQpTdW1tYXJ5Og0KVGhlIGRv Y3VtZW50IGlzIGFsbW9zdCByZWFkeSBmb3IgcHVibGljYXRpb24gYXMgYSBzdGFuZGFyZCB0cmFj ayBSRkMNCg0KTWFqb3IgaXNzdWVzOg0KDQpNaW5vciBpc3N1ZXM6DQoNCjEuIEluIHNlY3Rpb24g Mi40ICIgSWYgdGhlIFVBQyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2YgdGhlIGNoYWxsZW5nZXMg aW4gdGhlDQpyZXNwb25zZSwgdGhlbiBpdCBTSE9VTEQgYWJhbmRvbiBhdHRlbXB0cyB0byBzZW5k IHRoZSByZXF1ZXN0LCBlLmcuIGlmIHRoZSBVQUMNCiAgIGRvZXMgbm90IGhhdmUgY3JlZGVudGlh bHMgb3IgaGFzIHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkgb2YgdGhlIHJlYWxtcywNCiAgIHVu bGVzcyBhIGxvY2FsIHBvbGljeSBkaWN0YXRlcyBvdGhlcndpc2UuIiBZZXQgUkZDMzI2MSBzZWN0 aW9uIDIyLjIgIiBJZiBubw0KICAgY3JlZGVudGlhbHMgZm9yIGEgcmVhbG0gY2FuIGJlIGxvY2F0 ZWQsIFVBQ3MgTUFZIGF0dGVtcHQgdG8gcmV0cnkgdGhlDQogICByZXF1ZXN0IHdpdGggYSB1c2Vy bmFtZSBvZiAiYW5vbnltb3VzIiBhbmQgbm8gcGFzc3dvcmQgKGEgIHBhc3N3b3JkIG9mICIiKS4N CiAgIElzIHRoaXMgZGVwcmVjYXRlZCA/DQoNCk5vLCBpdCBpcyBub3QgZGVwcmVjYXRlZCBieSB0 aGlzIGRvY3VtZW50LCBhbmQgdGhhdCBwYXJ0IGlzIGNvdmVyZWQgYnkgdGhlIGxhc3Qgc2VudGVu Y2Ugb2YgdGhlIHF1b3RlZCBwYXJhZ3JhcGgsIHdoaWNoIHRhbGtzIGFib3V0IGEgbG9jYWwgcG9s aWN5Lg0KDQpSRTogSSBoYXZlIG5vIHN0cm9uZyBmZWVsaW5nIGl0IGlzIGp1c3QgdGhhdCB0aGUg bGFuZ3VhZ2UgaXMgZGlmZmVyZW50DQoNCg0KMi4gUkZDMzI2MSBhbGdvcml0aG0gaW5jbHVkZXMg Ik1ENS1zZXNzIiB3aGlsZSBzZWN0aW9uIDIuNiByZW1vdmVkIGl0DQoNClRoZXNlIGNoYW5nZXMg YXJlIHByb3ZpZGVkIGluIHRoZSBjb250ZXh0IG9mIFJGQzc2MTYsIHNvIGlmIGFuIGltcGxlbWVu dGF0aW9uIHN1cHBvcnRzICItc2VzcyIgaXQgY291bGQgYWx3YXlzIHJlZmVyIHRvIHRoYXQgZG9j dW1lbnQgZm9yIHRoZXNlIGRldGFpbHMuDQoNCg0KUkU6IEkgdGhpbmsgdGhhdCB0aGUgQk5GDQoN CmFsZ29yaXRobSA9ICJhbGdvcml0aG0iIEVRVUFMICggIk1ENSIgLyAiU0hBLTUxMi0yNTYiIC8g IlNIQS0yNTYiLyB0b2tlbiApDQoNCnNob3VsZCBiZQ0KDQphbGdvcml0aG0gPSAiYWxnb3JpdGht IiBFUVVBTCAoICJNRDUiIC8gIk1ENS1zZXNzIC8gIlNIQS01MTItMjU2IiAvICJTSEEtMjU2Ii8g dG9rZW4gKQ0KDQoNCg0KDQoNCjMuIGl0IG1heSBiZSBnb29kIHRvIGhhdmUgYSBiYWNrd2FyZCBj b21wYXRpYmlsaXR5IHNlY3Rpb24uDQpJIGJlbGlldmUgd2UgY292ZXJlZCB0aGF0IGluIHRoZSBz ZWN1cml0eSBjb25zaWRlcmF0aW9uIHNlY3Rpb24uIERvIHlvdSBzZWUgYW55dGhpbmcgbWlzc2lu ZyB0aGVyZT8NCg0KUkU6IE9LLCBubyBwcm9ibGVtLg0KDQpSZWdhcmRzLA0KIFJpZmFhdA0KDQoN Ck5pdHMvZWRpdG9yaWFsIGNvbW1lbnRzOg0KDQo= --_000_6E58094ECC8D8344914996DAD28F1CCD23D93020DGGEMM506MBXchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZp bml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXtt YXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0K CWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTpsaW5rLCBzcGFuLk1z b0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0 LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xs b3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVj b3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28t c3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJn aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291 cmllciBOZXciO30NCnNwYW4uRW1haWxTdHlsZTE3DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs LXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFG NDk3RDt9DQpzcGFuLkhUTUxQcmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1M IFByZWZvcm1hdHRlZCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxl LWxpbms6IkhUTUwgUHJlZm9ybWF0dGVkIjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N Ci5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFt aWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6 OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29y ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2 IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9 IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0 aW9uMSI+DQo8ZGl2Pg0KPGRpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFy Z2luLWxlZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+UmlmYWF0IHRoYW5rcyw8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+U2VlIGluIGxpbmU8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7 Y29sb3I6IzFGNDk3RCI+Um9uaTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBUdWUsIE9jdCAyMiwgMjAx OSBhdCA0OjM4IEFNIFJvbmkgRXZlbiB2aWEgRGF0YXRyYWNrZXIgJmx0OzxhIGhyZWY9Im1haWx0 bzpub3JlcGx5QGlldGYub3JnIj5ub3JlcGx5QGlldGYub3JnPC9hPiZndDsgd3JvdGU6PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4w cHQiPlJldmlld2VyOiBSb25pIEV2ZW48YnI+DQpSZXZpZXcgcmVzdWx0OiBBbG1vc3QgUmVhZHk8 YnI+DQo8YnI+DQpJIGFtIHRoZSBhc3NpZ25lZCBHZW4tQVJUIHJldmlld2VyIGZvciB0aGlzIGRy YWZ0LiBUaGUgR2VuZXJhbCBBcmVhPGJyPg0KUmV2aWV3IFRlYW0gKEdlbi1BUlQpIHJldmlld3Mg YWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZDxicj4NCmJ5IHRoZSBJRVNHIGZvciB0 aGUgSUVURiBDaGFpci4gUGxlYXNlIHdhaXQgZm9yIGRpcmVjdGlvbiBmcm9tIHlvdXI8YnI+DQpk b2N1bWVudCBzaGVwaGVyZCBvciBBRCBiZWZvcmUgcG9zdGluZyBhIG5ldyB2ZXJzaW9uIG9mIHRo ZSBkcmFmdC48YnI+DQo8YnI+DQpGb3IgbW9yZSBpbmZvcm1hdGlvbiwgcGxlYXNlIHNlZSB0aGUg RkFRIGF0PGJyPg0KPGJyPg0KJmx0OzxhIGhyZWY9Imh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFj L2dlbi93aWtpL0dlbkFydGZhcSIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vdHJhYy5pZXRmLm9y Zy90cmFjL2dlbi93aWtpL0dlbkFydGZhcTwvYT4mZ3Q7Ljxicj4NCjxicj4NCkRvY3VtZW50OiBk cmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0/Pzxicj4NClJldmlld2VyOiBSb25pIEV2 ZW48YnI+DQpSZXZpZXcgRGF0ZTogMjAxOS0xMC0yMjxicj4NCklFVEYgTEMgRW5kIERhdGU6IE5v bmU8YnI+DQpJRVNHIFRlbGVjaGF0IGRhdGU6IDIwMTktMTAtMzE8YnI+DQo8YnI+DQpTdW1tYXJ5 Ojxicj4NClRoZSBkb2N1bWVudCBpcyBhbG1vc3QgcmVhZHkgZm9yIHB1YmxpY2F0aW9uIGFzIGEg c3RhbmRhcmQgdHJhY2sgUkZDPGJyPg0KPGJyPg0KTWFqb3IgaXNzdWVzOjxicj4NCjxicj4NCk1p bm9yIGlzc3Vlczo8YnI+DQo8YnI+DQoxLiBJbiBzZWN0aW9uIDIuNCAmcXVvdDsgSWYgdGhlIFVB QyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2YgdGhlIGNoYWxsZW5nZXMgaW4gdGhlPGJyPg0KcmVz cG9uc2UsIHRoZW4gaXQgU0hPVUxEIGFiYW5kb24gYXR0ZW1wdHMgdG8gc2VuZCB0aGUgcmVxdWVz dCwgZS5nLiBpZiB0aGUgVUFDPGJyPg0KJm5ic3A7ICZuYnNwO2RvZXMgbm90IGhhdmUgY3JlZGVu dGlhbHMgb3IgaGFzIHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkgb2YgdGhlIHJlYWxtcyw8YnI+ DQombmJzcDsgJm5ic3A7dW5sZXNzIGEgbG9jYWwgcG9saWN5IGRpY3RhdGVzIG90aGVyd2lzZS4m cXVvdDsgWWV0IFJGQzMyNjEgc2VjdGlvbiAyMi4yICZxdW90OyBJZiBubzxicj4NCiZuYnNwOyAm bmJzcDtjcmVkZW50aWFscyBmb3IgYSByZWFsbSBjYW4gYmUgbG9jYXRlZCwgVUFDcyBNQVkgYXR0 ZW1wdCB0byByZXRyeSB0aGU8YnI+DQombmJzcDsgJm5ic3A7cmVxdWVzdCB3aXRoIGEgdXNlcm5h bWUgb2YgJnF1b3Q7YW5vbnltb3VzJnF1b3Q7IGFuZCBubyBwYXNzd29yZCAoYSZuYnNwOyBwYXNz d29yZCBvZiAmcXVvdDsmcXVvdDspLjxicj4NCiZuYnNwOyAmbmJzcDtJcyB0aGlzIGRlcHJlY2F0 ZWQgPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5ObywgaXQgaXMgbm90IGRlcHJlY2F0ZWQgYnkg dGhpcyBkb2N1bWVudCwgYW5kIHRoYXQgcGFydCBpcyBjb3ZlcmVkIGJ5IHRoZSBsYXN0IHNlbnRl bmNlIG9mIHRoZSBxdW90ZWQgcGFyYWdyYXBoLCB3aGljaCB0YWxrcyBhYm91dCBhIGxvY2FsIHBv bGljeS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6 IzFGNDk3RCI+UkU6IEkgaGF2ZSBubyBzdHJvbmcgZmVlbGluZyBpdCBpcyBqdXN0IHRoYXQgdGhl IGxhbmd1YWdlIGlzIGRpZmZlcmVudDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4yLiBSRkMzMjYxIGFsZ29y aXRobSBpbmNsdWRlcyAmcXVvdDtNRDUtc2VzcyZxdW90OyB3aGlsZSBzZWN0aW9uIDIuNiByZW1v dmVkIGl0PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoZXNlIGNoYW5nZXMgYXJlIHByb3ZpZGVk IGluIHRoZSBjb250ZXh0IG9mIFJGQzc2MTYsIHNvIGlmIGFuIGltcGxlbWVudGF0aW9uIHN1cHBv cnRzICZxdW90Oy1zZXNzJnF1b3Q7IGl0IGNvdWxkIGFsd2F5cyByZWZlciB0byB0aGF0IGRvY3Vt ZW50IGZvciB0aGVzZSBkZXRhaWxzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OiMxRjQ5N0QiPlJFOiBJIHRoaW5rIHRoYXQgdGhlIEJORjxvOnA+PC9vOnA+PC9zcGFuPjwvcHJl Pg0KPHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2siPmFsZ29yaXRo bSA9ICZxdW90O2FsZ29yaXRobSZxdW90OyBFUVVBTCAoICZxdW90O01ENSZxdW90OyAvICZxdW90 O1NIQS01MTItMjU2JnF1b3Q7IC8gJnF1b3Q7U0hBLTI1NiZxdW90Oy8gdG9rZW4gKSA8bzpwPjwv bzpwPjwvc3Bhbj48L3ByZT4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OmJsYWNrIj5zaG91bGQgYmUgPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+YWxnb3JpdGhtID0gJnF1b3Q7YWxnb3Jp dGhtJnF1b3Q7IEVRVUFMICggJnF1b3Q7TUQ1JnF1b3Q7IC8gJnF1b3Q7TUQ1LXNlc3MgLyAmcXVv dDtTSEEtNTEyLTI1NiZxdW90OyAvICZxdW90O1NIQS0yNTYmcXVvdDsvIHRva2VuICk8bzpwPjwv bzpwPjwvc3Bhbj48L3ByZT4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3ByZT4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+ PGJyPg0KMy4gaXQgbWF5IGJlIGdvb2QgdG8gaGF2ZSBhIGJhY2t3YXJkIGNvbXBhdGliaWxpdHkg c2VjdGlvbi48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYmVsaWV2ZSB3 ZSBjb3ZlcmVkIHRoYXQgaW4gdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gc2VjdGlvbi4gRG8g eW91IHNlZSBhbnl0aGluZyBtaXNzaW5nIHRoZXJlPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1 b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5SRTogT0ssIG5vIHByb2JsZW0uPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7UmlmYWF0PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZu YnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Tml0cy9lZGl0b3JpYWwg Y29tbWVudHM6PGJyPg0KPGJyPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMx RjQ5N0QiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_6E58094ECC8D8344914996DAD28F1CCD23D93020DGGEMM506MBXchi_-- From nobody Wed Oct 23 05:25:28 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92D55120144; Wed, 23 Oct 2019 05:25:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DNZKbFi4BpAJ; Wed, 23 Oct 2019 05:25:18 -0700 (PDT) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DFB1200D8; Wed, 23 Oct 2019 05:25:18 -0700 (PDT) Received: by mail-io1-xd36.google.com with SMTP id z19so24719944ior.0; Wed, 23 Oct 2019 05:25:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kIShG2nGArgH2BdTVOM3Mz7s+M6vBVTMiUL5+pXa/UY=; b=cV9BD9MK0/p76VHRworoSwLVPkom2/eH/HVDOJdV6od6jtg4co6y05W19yCcVhI8q9 vytwNF97WRCSlvjwwk2JVF0n9Dret+Ac1mUNWssjz2lhQBufIlyo2NiGJY1A5LA886AA B7wAZzaFX5emxHK8TpZXmYx8uK0keqwlgSIsvF9f7z2bPsApdvC8eAQXr5aO+XYDjCH4 dOLd1cTi5SAUGGuzn2RJEZ6xPGEyE9qw5xaZwwpsdbkARzngFu2np3ie7ZOnFxPU6TX9 HRpbJ2HLK+hy9Ae15wdC9A41NRNHVHh1HmQau1Fodbs6gJZsbsLRXTNdb7UmF44md3Tf Os7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kIShG2nGArgH2BdTVOM3Mz7s+M6vBVTMiUL5+pXa/UY=; b=QsPLM90Ycz5re6ReaqunkgcQibVAIufzHQ31A8LAY5hGWGO0IjV0EPwifyL+0N0Wsh kUq4xMMS2cFYqCszp4b4lwbDGJSBYyRiAvfVACA2h/meSFmn3NjyRnEXfRKs1vjDYNLp 7jv6e7+JwmJzXTWMoJ/bTLJQKQ3n5t6DJuqwCaDj0MOqDNVdUWnulIxs3KFqInHhXXSj 6S9BKTZunYQzjGYrRxmpRyKHwUbARsE1C9Q/y2jTZfrPOZfnQHXCq0bJW8tE/7TLtk/T uPvUV4oNGn4qXoe7AAgQz76cx/PKOT9a8YSYKJExuGZlTQDrHsQtjyVpfP1OFMhdPRVY 1rwg== X-Gm-Message-State: APjAAAW5CG9WDHOt3dyVqd1yMyuQ056/djn4nwiupJrwmXIfGoEY51m6 Dx7QwoTggaWdREuZnD/lke9RYnl5dMnduqv4DGM= X-Google-Smtp-Source: APXvYqyEINwhw4rnLbBNZ3t/CCWU7ZYytFSkOj+LQE/tvqNO5V2ctMgVlAbGMFGZp55MbdQA8Vp1xShCJZsOTdBSJAo= X-Received: by 2002:a02:40c6:: with SMTP id n189mr9144891jaa.121.1571833517314; Wed, 23 Oct 2019 05:25:17 -0700 (PDT) MIME-Version: 1.0 References: <157173348155.3011.12458315336826264414@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD23D93020@DGGEMM506-MBX.china.huawei.com> In-Reply-To: <6E58094ECC8D8344914996DAD28F1CCD23D93020@DGGEMM506-MBX.china.huawei.com> From: Rifaat Shekh-Yusef Date: Wed, 23 Oct 2019 08:25:05 -0400 Message-ID: To: "Roni Even (A)" Cc: Roni Even , "last-call@ietf.org" , "gen-art@ietf.org" , SIPCORE , "draft-ietf-sipcore-digest-scheme.all@ietf.org" Content-Type: multipart/alternative; boundary="000000000000721757059593021d" Archived-At: Subject: Re: [sipcore] [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 12:25:21 -0000 --000000000000721757059593021d Content-Type: text/plain; charset="UTF-8" Hi Roni, I agree with the ABNF issue. I will fix that in the next version of the draft. Thanks, Rifaat On Wed, Oct 23, 2019 at 1:43 AM Roni Even (A) wrote: > Rifaat thanks, > > See in line > > Roni > > > > > > On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatracker < > noreply@ietf.org> wrote: > > Reviewer: Roni Even > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > > . > > Document: draft-ietf-sipcore-digest-scheme-?? > Reviewer: Roni Even > Review Date: 2019-10-22 > IETF LC End Date: None > IESG Telechat date: 2019-10-31 > > Summary: > The document is almost ready for publication as a standard track RFC > > Major issues: > > Minor issues: > > 1. In section 2.4 " If the UAC cannot respond to any of the challenges in > the > response, then it SHOULD abandon attempts to send the request, e.g. if the > UAC > does not have credentials or has stale credentials for any of the > realms, > unless a local policy dictates otherwise." Yet RFC3261 section 22.2 " > If no > credentials for a realm can be located, UACs MAY attempt to retry the > request with a username of "anonymous" and no password (a password of > ""). > Is this deprecated ? > > > > No, it is not deprecated by this document, and that part is covered by the > last sentence of the quoted paragraph, which talks about a local policy. > > > > RE: I have no strong feeling it is just that the language is different > > > > > > 2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it > > > > These changes are provided in the context of RFC7616, so if an > implementation supports "-sess" it could always refer to that document for > these details. > > > > RE: I think that the BNF > > algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256"/ token ) > > should be > > algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess / "SHA-512-256" / "SHA-256"/ token ) > > > > > > > > > 3. it may be good to have a backward compatibility section. > > I believe we covered that in the security consideration section. Do you > see anything missing there? > > > > RE: OK, no problem. > > > > Regards, > > Rifaat > > > > > > Nits/editorial comments: > > --000000000000721757059593021d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Roni,

I agree with the AB= NF issue. I will fix that in the next version of the draft.

<= /div>
Thanks,
=C2=A0Rifaat


On Wed, Oct 23, 2019 at 1:43 AM Roni Even (A) <roni.even@huawei.com> wrote:

Rifaat thanks,

See in line

Roni

=C2=A0

=C2=A0

On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatr= acker <noreply@iet= f.org> wrote:

Reviewer: Roni Even
Review result: Almost Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: None
IESG Telechat date: 2019-10-31

Summary:
The document is almost ready for publication as a standard track RFC

Major issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the challenges= in the
response, then it SHOULD abandon attempts to send the request, e.g. if the = UAC
=C2=A0 =C2=A0does not have credentials or has stale credentials for any of = the realms,
=C2=A0 =C2=A0unless a local policy dictates otherwise." Yet RFC3261 se= ction 22.2 " If no
=C2=A0 =C2=A0credentials for a realm can be located, UACs MAY attempt to re= try the
=C2=A0 =C2=A0request with a username of "anonymous" and no passwo= rd (a=C2=A0 password of "").
=C2=A0 =C2=A0Is this deprecated ?

=C2=A0

No, it is not deprecated by this document, and that = part is covered by the last sentence of the quoted paragraph, which talks a= bout a local policy.

=C2=A0

RE: I have no strong feeling it is just that= the language is different

=C2=A0

=C2=A0

2. RFC3261 algorithm includes "MD5-sess" w= hile section 2.6 removed it

=C2=A0

These changes are provided in the context of RFC7616= , so if an implementation supports "-sess" it could always refer = to that document for these details.

=C2=A0

RE: I think that the BNF
algorithm =3D "algorithm" EQUAL ( "MD5" / "SHA=
-512-256" / "SHA-256"/ token ) 
should be 
algorithm =3D "algorithm" EQUAL ( "MD5" / "MD5=
-sess / "SHA-512-256" / "SHA-256"/ token )
=C2=A0

=C2=A0

=C2=A0


3. it may be good to have a backward compatibility section.

I believe we covered that in the security considerat= ion section. Do you see anything missing there?

=C2=A0

RE: OK, no problem.

=C2=A0

Regards,

=C2=A0Rifaat

=C2=A0

=C2=A0

Nits/editorial comments:

--000000000000721757059593021d-- From nobody Wed Oct 23 05:29:09 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E3191200D8; Wed, 23 Oct 2019 05:28:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U68Xe5Jp-c0m; Wed, 23 Oct 2019 05:28:55 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86066120842; Wed, 23 Oct 2019 05:28:55 -0700 (PDT) Received: from LHREML712-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 69317A717DDB266ABF1A; Wed, 23 Oct 2019 13:28:52 +0100 (IST) Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by LHREML712-CAH.china.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 23 Oct 2019 13:28:51 +0100 Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 23 Oct 2019 13:28:51 +0100 Received: from DGGEMM423-HUB.china.huawei.com (10.1.198.40) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Wed, 23 Oct 2019 13:28:51 +0100 Received: from DGGEMM506-MBX.china.huawei.com ([169.254.3.89]) by dggemm423-hub.china.huawei.com ([10.1.198.40]) with mapi id 14.03.0439.000; Wed, 23 Oct 2019 20:28:45 +0800 From: "Roni Even (A)" To: Rifaat Shekh-Yusef CC: Roni Even , "last-call@ietf.org" , "gen-art@ietf.org" , SIPCORE , "draft-ietf-sipcore-digest-scheme.all@ietf.org" Thread-Topic: [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 Thread-Index: AQHViRLSQ7R64lV9bkWHewyHEr3U66dntzAw///qWoCAAIbwIA== Date: Wed, 23 Oct 2019 12:28:44 +0000 Message-ID: <6E58094ECC8D8344914996DAD28F1CCD23D931BF@DGGEMM506-MBX.china.huawei.com> References: <157173348155.3011.12458315336826264414@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD23D93020@DGGEMM506-MBX.china.huawei.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.200.202.54] Content-Type: multipart/alternative; boundary="_000_6E58094ECC8D8344914996DAD28F1CCD23D931BFDGGEMM506MBXchi_" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [sipcore] [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 12:28:58 -0000 --_000_6E58094ECC8D8344914996DAD28F1CCD23D931BFDGGEMM506MBXchi_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SEkgUmlmYWF0LA0KT0ssIG5vIG90aGVyIGNvbW1lbnRzDQpSb25pDQoNCkZyb206IFJpZmFhdCBT aGVraC1ZdXNlZiBbbWFpbHRvOnJpZmFhdC5pZXRmQGdtYWlsLmNvbV0NClNlbnQ6IFdlZG5lc2Rh eSwgT2N0b2JlciAyMywgMjAxOSAzOjI1IFBNDQpUbzogUm9uaSBFdmVuIChBKQ0KQ2M6IFJvbmkg RXZlbjsgbGFzdC1jYWxsQGlldGYub3JnOyBnZW4tYXJ0QGlldGYub3JnOyBTSVBDT1JFOyBkcmFm dC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS5hbGxAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBb R2VuLWFydF0gR2VuYXJ0IHRlbGVjaGF0IHJldmlldyBvZiBkcmFmdC1pZXRmLXNpcGNvcmUtZGln ZXN0LXNjaGVtZS0xMA0KDQpIaSBSb25pLA0KDQpJIGFncmVlIHdpdGggdGhlIEFCTkYgaXNzdWUu IEkgd2lsbCBmaXggdGhhdCBpbiB0aGUgbmV4dCB2ZXJzaW9uIG9mIHRoZSBkcmFmdC4NCg0KVGhh bmtzLA0KIFJpZmFhdA0KDQoNCk9uIFdlZCwgT2N0IDIzLCAyMDE5IGF0IDE6NDMgQU0gUm9uaSBF dmVuIChBKSA8cm9uaS5ldmVuQGh1YXdlaS5jb208bWFpbHRvOnJvbmkuZXZlbkBodWF3ZWkuY29t Pj4gd3JvdGU6DQpSaWZhYXQgdGhhbmtzLA0KU2VlIGluIGxpbmUNClJvbmkNCg0KDQpPbiBUdWUs IE9jdCAyMiwgMjAxOSBhdCA0OjM4IEFNIFJvbmkgRXZlbiB2aWEgRGF0YXRyYWNrZXIgPG5vcmVw bHlAaWV0Zi5vcmc8bWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmc+PiB3cm90ZToNClJldmlld2VyOiBS b25pIEV2ZW4NClJldmlldyByZXN1bHQ6IEFsbW9zdCBSZWFkeQ0KDQpJIGFtIHRoZSBhc3NpZ25l ZCBHZW4tQVJUIHJldmlld2VyIGZvciB0aGlzIGRyYWZ0LiBUaGUgR2VuZXJhbCBBcmVhDQpSZXZp ZXcgVGVhbSAoR2VuLUFSVCkgcmV2aWV3cyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vz c2VkDQpieSB0aGUgSUVTRyBmb3IgdGhlIElFVEYgQ2hhaXIuIFBsZWFzZSB3YWl0IGZvciBkaXJl Y3Rpb24gZnJvbSB5b3VyDQpkb2N1bWVudCBzaGVwaGVyZCBvciBBRCBiZWZvcmUgcG9zdGluZyBh IG5ldyB2ZXJzaW9uIG9mIHRoZSBkcmFmdC4NCg0KRm9yIG1vcmUgaW5mb3JtYXRpb24sIHBsZWFz ZSBzZWUgdGhlIEZBUSBhdA0KDQo8aHR0cHM6Ly90cmFjLmlldGYub3JnL3RyYWMvZ2VuL3dpa2kv R2VuQXJ0ZmFxPi4NCg0KRG9jdW1lbnQ6IGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1l LT8/DQpSZXZpZXdlcjogUm9uaSBFdmVuDQpSZXZpZXcgRGF0ZTogMjAxOS0xMC0yMg0KSUVURiBM QyBFbmQgRGF0ZTogTm9uZQ0KSUVTRyBUZWxlY2hhdCBkYXRlOiAyMDE5LTEwLTMxDQoNClN1bW1h cnk6DQpUaGUgZG9jdW1lbnQgaXMgYWxtb3N0IHJlYWR5IGZvciBwdWJsaWNhdGlvbiBhcyBhIHN0 YW5kYXJkIHRyYWNrIFJGQw0KDQpNYWpvciBpc3N1ZXM6DQoNCk1pbm9yIGlzc3VlczoNCg0KMS4g SW4gc2VjdGlvbiAyLjQgIiBJZiB0aGUgVUFDIGNhbm5vdCByZXNwb25kIHRvIGFueSBvZiB0aGUg Y2hhbGxlbmdlcyBpbiB0aGUNCnJlc3BvbnNlLCB0aGVuIGl0IFNIT1VMRCBhYmFuZG9uIGF0dGVt cHRzIHRvIHNlbmQgdGhlIHJlcXVlc3QsIGUuZy4gaWYgdGhlIFVBQw0KICAgZG9lcyBub3QgaGF2 ZSBjcmVkZW50aWFscyBvciBoYXMgc3RhbGUgY3JlZGVudGlhbHMgZm9yIGFueSBvZiB0aGUgcmVh bG1zLA0KICAgdW5sZXNzIGEgbG9jYWwgcG9saWN5IGRpY3RhdGVzIG90aGVyd2lzZS4iIFlldCBS RkMzMjYxIHNlY3Rpb24gMjIuMiAiIElmIG5vDQogICBjcmVkZW50aWFscyBmb3IgYSByZWFsbSBj YW4gYmUgbG9jYXRlZCwgVUFDcyBNQVkgYXR0ZW1wdCB0byByZXRyeSB0aGUNCiAgIHJlcXVlc3Qg d2l0aCBhIHVzZXJuYW1lIG9mICJhbm9ueW1vdXMiIGFuZCBubyBwYXNzd29yZCAoYSAgcGFzc3dv cmQgb2YgIiIpLg0KICAgSXMgdGhpcyBkZXByZWNhdGVkID8NCg0KTm8sIGl0IGlzIG5vdCBkZXBy ZWNhdGVkIGJ5IHRoaXMgZG9jdW1lbnQsIGFuZCB0aGF0IHBhcnQgaXMgY292ZXJlZCBieSB0aGUg bGFzdCBzZW50ZW5jZSBvZiB0aGUgcXVvdGVkIHBhcmFncmFwaCwgd2hpY2ggdGFsa3MgYWJvdXQg YSBsb2NhbCBwb2xpY3kuDQoNClJFOiBJIGhhdmUgbm8gc3Ryb25nIGZlZWxpbmcgaXQgaXMganVz dCB0aGF0IHRoZSBsYW5ndWFnZSBpcyBkaWZmZXJlbnQNCg0KDQoyLiBSRkMzMjYxIGFsZ29yaXRo bSBpbmNsdWRlcyAiTUQ1LXNlc3MiIHdoaWxlIHNlY3Rpb24gMi42IHJlbW92ZWQgaXQNCg0KVGhl c2UgY2hhbmdlcyBhcmUgcHJvdmlkZWQgaW4gdGhlIGNvbnRleHQgb2YgUkZDNzYxNiwgc28gaWYg YW4gaW1wbGVtZW50YXRpb24gc3VwcG9ydHMgIi1zZXNzIiBpdCBjb3VsZCBhbHdheXMgcmVmZXIg dG8gdGhhdCBkb2N1bWVudCBmb3IgdGhlc2UgZGV0YWlscy4NCg0KDQpSRTogSSB0aGluayB0aGF0 IHRoZSBCTkYNCg0KYWxnb3JpdGhtID0gImFsZ29yaXRobSIgRVFVQUwgKCAiTUQ1IiAvICJTSEEt NTEyLTI1NiIgLyAiU0hBLTI1NiIvIHRva2VuICkNCg0Kc2hvdWxkIGJlDQoNCmFsZ29yaXRobSA9 ICJhbGdvcml0aG0iIEVRVUFMICggIk1ENSIgLyAiTUQ1LXNlc3MgLyAiU0hBLTUxMi0yNTYiIC8g IlNIQS0yNTYiLyB0b2tlbiApDQoNCg0KDQoNCg0KMy4gaXQgbWF5IGJlIGdvb2QgdG8gaGF2ZSBh IGJhY2t3YXJkIGNvbXBhdGliaWxpdHkgc2VjdGlvbi4NCkkgYmVsaWV2ZSB3ZSBjb3ZlcmVkIHRo YXQgaW4gdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gc2VjdGlvbi4gRG8geW91IHNlZSBhbnl0 aGluZyBtaXNzaW5nIHRoZXJlPw0KDQpSRTogT0ssIG5vIHByb2JsZW0uDQoNClJlZ2FyZHMsDQog UmlmYWF0DQoNCg0KTml0cy9lZGl0b3JpYWwgY29tbWVudHM6DQo= --_000_6E58094ECC8D8344914996DAD28F1CCD23D931BFDGGEMM506MBXchi_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQpA Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIg MiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNv Tm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAw MXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIs InNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0 eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNp dGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwcmUNCgl7bXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCBD aGFyIjsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6 MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0Kc3Bhbi5IVE1MUHJlZm9ybWF0 dGVkQ2hhcg0KCXttc28tc3R5bGUtbmFtZToiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCI7 DQoJZm9udC1mYW1pbHk6IkNvbnNvbGFzIiwic2VyaWYiO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJ e21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwi c2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5 bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4w aW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0 aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZh dWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwh LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86 aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFb ZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9 InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkhJIFJpZmFhdCw8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+T0ssIG5vIG90aGVyIGNvbW1lbnRzPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl cmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlJvbmk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3 RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1 b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fu cy1zZXJpZiZxdW90OyI+IFJpZmFhdCBTaGVraC1ZdXNlZiBbbWFpbHRvOnJpZmFhdC5pZXRmQGdt YWlsLmNvbV0NCjxicj4NCjxiPlNlbnQ6PC9iPiBXZWRuZXNkYXksIE9jdG9iZXIgMjMsIDIwMTkg MzoyNSBQTTxicj4NCjxiPlRvOjwvYj4gUm9uaSBFdmVuIChBKTxicj4NCjxiPkNjOjwvYj4gUm9u aSBFdmVuOyBsYXN0LWNhbGxAaWV0Zi5vcmc7IGdlbi1hcnRAaWV0Zi5vcmc7IFNJUENPUkU7IGRy YWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLmFsbEBpZXRmLm9yZzxicj4NCjxiPlN1Ympl Y3Q6PC9iPiBSZTogW0dlbi1hcnRdIEdlbmFydCB0ZWxlY2hhdCByZXZpZXcgb2YgZHJhZnQtaWV0 Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+SGkgUm9uaSw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBhZ3JlZSB3aXRoIHRoZSBBQk5GIGlzc3VlLiBJIHdpbGwg Zml4IHRoYXQgaW4gdGhlIG5leHQgdmVyc2lvbiBvZiB0aGUgZHJhZnQuPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rcyw8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwO1JpZmFhdDxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBXZWQsIE9j dCAyMywgMjAxOSBhdCAxOjQzIEFNIFJvbmkgRXZlbiAoQSkgJmx0OzxhIGhyZWY9Im1haWx0bzpy b25pLmV2ZW5AaHVhd2VpLmNvbSI+cm9uaS5ldmVuQGh1YXdlaS5jb208L2E+Jmd0OyB3cm90ZTo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDtt YXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4N CjxkaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQg I0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0 O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjUuMHB0Ij4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y OiMxRjQ5N0QiPlJpZmFhdCB0aGFua3MsPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+ U2VlIGluIGxpbmU8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5Sb25pPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPk9uIFR1ZSwgT2N0IDIyLCAyMDE5IGF0IDQ6MzggQU0gUm9uaSBFdmVu IHZpYSBEYXRhdHJhY2tlciAmbHQ7PGEgaHJlZj0ibWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmciIHRh cmdldD0iX2JsYW5rIj5ub3JlcGx5QGlldGYub3JnPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bWFyZ2luLWJvdHRvbToxMi4wcHQiPlJldmlld2VyOiBSb25pIEV2ZW48YnI+DQpSZXZpZXcgcmVz dWx0OiBBbG1vc3QgUmVhZHk8YnI+DQo8YnI+DQpJIGFtIHRoZSBhc3NpZ25lZCBHZW4tQVJUIHJl dmlld2VyIGZvciB0aGlzIGRyYWZ0LiBUaGUgR2VuZXJhbCBBcmVhPGJyPg0KUmV2aWV3IFRlYW0g KEdlbi1BUlQpIHJldmlld3MgYWxsIElFVEYgZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZDxicj4N CmJ5IHRoZSBJRVNHIGZvciB0aGUgSUVURiBDaGFpci4gUGxlYXNlIHdhaXQgZm9yIGRpcmVjdGlv biBmcm9tIHlvdXI8YnI+DQpkb2N1bWVudCBzaGVwaGVyZCBvciBBRCBiZWZvcmUgcG9zdGluZyBh IG5ldyB2ZXJzaW9uIG9mIHRoZSBkcmFmdC48YnI+DQo8YnI+DQpGb3IgbW9yZSBpbmZvcm1hdGlv biwgcGxlYXNlIHNlZSB0aGUgRkFRIGF0PGJyPg0KPGJyPg0KJmx0OzxhIGhyZWY9Imh0dHBzOi8v dHJhYy5pZXRmLm9yZy90cmFjL2dlbi93aWtpL0dlbkFydGZhcSIgdGFyZ2V0PSJfYmxhbmsiPmh0 dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL2dlbi93aWtpL0dlbkFydGZhcTwvYT4mZ3Q7Ljxicj4N Cjxicj4NCkRvY3VtZW50OiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0/Pzxicj4N ClJldmlld2VyOiBSb25pIEV2ZW48YnI+DQpSZXZpZXcgRGF0ZTogMjAxOS0xMC0yMjxicj4NCklF VEYgTEMgRW5kIERhdGU6IE5vbmU8YnI+DQpJRVNHIFRlbGVjaGF0IGRhdGU6IDIwMTktMTAtMzE8 YnI+DQo8YnI+DQpTdW1tYXJ5Ojxicj4NClRoZSBkb2N1bWVudCBpcyBhbG1vc3QgcmVhZHkgZm9y IHB1YmxpY2F0aW9uIGFzIGEgc3RhbmRhcmQgdHJhY2sgUkZDPGJyPg0KPGJyPg0KTWFqb3IgaXNz dWVzOjxicj4NCjxicj4NCk1pbm9yIGlzc3Vlczo8YnI+DQo8YnI+DQoxLiBJbiBzZWN0aW9uIDIu NCAmcXVvdDsgSWYgdGhlIFVBQyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2YgdGhlIGNoYWxsZW5n ZXMgaW4gdGhlPGJyPg0KcmVzcG9uc2UsIHRoZW4gaXQgU0hPVUxEIGFiYW5kb24gYXR0ZW1wdHMg dG8gc2VuZCB0aGUgcmVxdWVzdCwgZS5nLiBpZiB0aGUgVUFDPGJyPg0KJm5ic3A7ICZuYnNwO2Rv ZXMgbm90IGhhdmUgY3JlZGVudGlhbHMgb3IgaGFzIHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkg b2YgdGhlIHJlYWxtcyw8YnI+DQombmJzcDsgJm5ic3A7dW5sZXNzIGEgbG9jYWwgcG9saWN5IGRp Y3RhdGVzIG90aGVyd2lzZS4mcXVvdDsgWWV0IFJGQzMyNjEgc2VjdGlvbiAyMi4yICZxdW90OyBJ ZiBubzxicj4NCiZuYnNwOyAmbmJzcDtjcmVkZW50aWFscyBmb3IgYSByZWFsbSBjYW4gYmUgbG9j YXRlZCwgVUFDcyBNQVkgYXR0ZW1wdCB0byByZXRyeSB0aGU8YnI+DQombmJzcDsgJm5ic3A7cmVx dWVzdCB3aXRoIGEgdXNlcm5hbWUgb2YgJnF1b3Q7YW5vbnltb3VzJnF1b3Q7IGFuZCBubyBwYXNz d29yZCAoYSZuYnNwOyBwYXNzd29yZCBvZiAmcXVvdDsmcXVvdDspLjxicj4NCiZuYnNwOyAmbmJz cDtJcyB0aGlzIGRlcHJlY2F0ZWQgPzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Tm8sIGl0 IGlzIG5vdCBkZXByZWNhdGVkIGJ5IHRoaXMgZG9jdW1lbnQsIGFuZCB0aGF0IHBhcnQgaXMgY292 ZXJlZCBieSB0aGUgbGFzdCBzZW50ZW5jZSBvZiB0aGUgcXVvdGVkIHBhcmFncmFwaCwgd2hpY2gg dGFsa3MgYWJvdXQgYSBsb2NhbCBwb2xpY3kuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1 b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5SRTogSSBoYXZlIG5vIHN0cm9uZyBm ZWVsaW5nIGl0IGlzIGp1c3QgdGhhdCB0aGUgbGFuZ3VhZ2UgaXMgZGlmZmVyZW50PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjIuIFJGQzMyNjEgYWxnb3JpdGhtIGluY2x1ZGVzICZxdW90O01ENS1z ZXNzJnF1b3Q7IHdoaWxlIHNlY3Rpb24gMi42IHJlbW92ZWQgaXQ8bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPlRoZXNlIGNoYW5nZXMgYXJlIHByb3ZpZGVkIGluIHRoZSBjb250ZXh0IG9mIFJG Qzc2MTYsIHNvIGlmIGFuIGltcGxlbWVudGF0aW9uIHN1cHBvcnRzICZxdW90Oy1zZXNzJnF1b3Q7 IGl0IGNvdWxkIGFsd2F5cyByZWZlciB0byB0aGF0IGRvY3VtZW50IGZvciB0aGVzZSBkZXRhaWxz LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+UkU6IEkgdGhp bmsgdGhhdCB0aGUgQk5GPC9zcGFuPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7 c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+YWxnb3JpdGhtID0gJnF1b3Q7YWxnb3JpdGht JnF1b3Q7IEVRVUFMICggJnF1b3Q7TUQ1JnF1b3Q7IC8gJnF1b3Q7U0hBLTUxMi0yNTYmcXVvdDsg LyAmcXVvdDtTSEEtMjU2JnF1b3Q7LyB0b2tlbiApIDwvc3Bhbj48bzpwPjwvbzpwPjwvcHJlPg0K PHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2siPnNob3VsZCBiZSA8 L3NwYW4+PG86cD48L286cD48L3ByZT4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7 O2NvbG9yOmJsYWNrIj5hbGdvcml0aG0gPSAmcXVvdDthbGdvcml0aG0mcXVvdDsgRVFVQUwgKCAm cXVvdDtNRDUmcXVvdDsgLyAmcXVvdDtNRDUtc2VzcyAvICZxdW90O1NIQS01MTItMjU2JnF1b3Q7 IC8gJnF1b3Q7U0hBLTI1NiZxdW90Oy8gdG9rZW4gKTwvc3Bhbj48bzpwPjwvbzpwPjwvcHJlPg0K PHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2siPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcHJlPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9t OjEyLjBwdCI+PGJyPg0KMy4gaXQgbWF5IGJlIGdvb2QgdG8gaGF2ZSBhIGJhY2t3YXJkIGNvbXBh dGliaWxpdHkgc2VjdGlvbi48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ SSBiZWxpZXZlIHdlIGNvdmVyZWQgdGhhdCBpbiB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbiBz ZWN0aW9uLiBEbyB5b3Ugc2VlIGFueXRoaW5nIG1pc3NpbmcgdGhlcmU/PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv cjojMUY0OTdEIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5SRTogT0ss IG5vIHByb2JsZW0uPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+UmVnYXJkcyw8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7UmlmYWF0PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttYXJnaW4tYm90dG9tOjEy LjBwdCI+Tml0cy9lZGl0b3JpYWwgY29tbWVudHM6PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVv dGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_6E58094ECC8D8344914996DAD28F1CCD23D931BFDGGEMM506MBXchi_-- From nobody Wed Oct 23 08:38:03 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE54120A84 for ; Wed, 23 Oct 2019 08:38:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cudvPyQP4n0L for ; Wed, 23 Oct 2019 08:37:58 -0700 (PDT) Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710078.outbound.protection.outlook.com [40.107.71.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 866D0120A39 for ; Wed, 23 Oct 2019 08:37:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J0B96Cxev6at2uWsvGv0N+F1Yg17sC4i2PHnaiLnfCUnyrjHC84Y86L7Gfe73iIpE1hFmFphQtuaXA+TcIDsnZGUlQf0rbI1K5Y3o/FyiYg3En7QXb4d3cafWSJ/7gXlas+AKW4F0Qb5FjnAyrsDCvn34XH/6QD9BQREsyaWWBYtwM6De8ri0E28GHUxQsC58yKJv1cXQJJNIx1GdPweAJ0LDLCUoaOpV//SWTxbxUOl26Gklau7yTix1O66UaWegy3ZVqllLitj16uIy3XMxofyIMM/M5IOpeaZP3Uz1i2LlJ7fJQDb2WMn7ROARrJs9LswudKmu4/jbJylMvZw4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AOoMEZDLgzcoJDXumhcGfkKDkM1SeuAvPDa/wyy5jG8=; b=VsD1y4Kd+9nuPg2j7X6Pggs/HpAGnvswPFodOF5uGEduTbUx2JDHSxXVcvmkqDm1gKLDxFhNnoslTkhI6YzQVgbeWHIt3OUeFlUiS06ivL7111nUAoSMVP2DDDYmN9Xbh9dDVEXdjJgoibR4pt5TGyTZbm+mlYm5oWi02yUFdmAmROzn8mXeRDMAGKoNczSa8av3LrKKsz+V4mMebbqy88YsS7WgIt6OvotQKMK6Hqasy6YIe4+I3I5/+GOKWHW/ipavqZhpbkpbun5xPThxnMo91o2iGB728ZUkd3+rHObigqp9Xuh32/+hm8BE4W/sVk6JWi0jItdrY//gXXNBSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=gmail.com smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AOoMEZDLgzcoJDXumhcGfkKDkM1SeuAvPDa/wyy5jG8=; b=AX+KHk5g/4Bj9DHbSF3j/58iOG6OXthahKUhEtaKPRTXNjSWxMRn6OiDyfswwSMe67vzIO7ldE67p0+nC4p5PJJyvWohXivZ7zajDEKGlgndm1xF9P61ORrlEUveA6zpc3jss+UvoRDtafGKFZwqTNdFS4Xi/gEP5KonZUpTBRM= Received: from CY4PR12CA0048.namprd12.prod.outlook.com (2603:10b6:903:129::34) by BN8PR12MB3395.namprd12.prod.outlook.com (2603:10b6:408:43::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20; Wed, 23 Oct 2019 15:37:50 +0000 Received: from BL2NAM02FT025.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e46::200) by CY4PR12CA0048.outlook.office365.com (2603:10b6:903:129::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 23 Oct 2019 15:37:50 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT025.mail.protection.outlook.com (10.152.77.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.14 via Frontend Transport; Wed, 23 Oct 2019 15:37:50 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9NFbl0V024346 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 23 Oct 2019 11:37:49 -0400 To: Rifaat Shekh-Yusef Cc: SIPCORE References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> <73c0eeaf-1341-8480-3379-7562a6d0e62c@alum.mit.edu> From: Paul Kyzivat Message-ID: Date: Wed, 23 Oct 2019 11:37:47 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(346002)(39860400002)(199004)(189003)(246002)(4326008)(6246003)(31686004)(5660300002)(229853002)(6306002)(2906002)(88552002)(2870700001)(58126008)(4001150100001)(305945005)(106002)(7596002)(786003)(6916009)(36906005)(316002)(356004)(76130400001)(70206006)(70586007)(66574012)(26005)(8676002)(8936002)(75432002)(2616005)(31696002)(478600001)(50466002)(86362001)(26826003)(14444005)(23676004)(2486003)(11346002)(446003)(956004)(65956001)(336012)(76176011)(53546011)(65806001)(126002)(186003)(486006)(47776003)(476003)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR12MB3395; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0b33a994-329f-405e-2da8-08d757cef632 X-MS-TrafficTypeDiagnostic: BN8PR12MB3395: X-MS-Exchange-PUrlCount: 7 X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 019919A9E4 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: wlWWXYrhFL0JHWiRnq4BXz5yr5KRWbYX4JYSeB3YNsut4x+bA7ScCpLsLdWqGJso9t9d081hCSSb1WRZPNbq4Wy+xweYCrSFJACUGjrr5O8JxXCfnIY0ZMbp2DkQ9PtDz+xzW5rk8WHt5JtztfTAAM78LSg2uM+jLJqmHBgXZNJvn8jSQxgtf6YrW4dNls8dY09HIiT0mQxd1euqY66saTEMSj5qTXbzv+1RBto5/SbZqUSBUCkHOy+Nx93/D3lBYS2OHraiLMGX5HYFJiznOyECywAwg1IgU1zNKuIgfxuO45DWN6yzb+S4dzGOR+6/O//2hmVbhZr6Yk7TYqnfUO32ug3hOvBmx9sIw+vZfxKU8gUhXGhveNAObSAG38ORq2S73SYbozK6eBFH1pn46SJ741VeS7mpA1kZJOMkxAmtljkvUw4F2aE5xC+fnltbMLTtDlu1/AAxV2BWaYRs+i1a24khgjaJ1dOwaSWTgYg= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2019 15:37:50.0987 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0b33a994-329f-405e-2da8-08d757cef632 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR12MB3395 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 15:38:01 -0000 On 10/22/19 8:45 PM, Rifaat Shekh-Yusef wrote: > > > On Mon, Oct 21, 2019 at 11:40 AM Paul Kyzivat > wrote: > > Rifaat, > > On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote: > > All, > > > > We update the draft based on the latest comments, mainly from Paul. > > Please, take a look and let us know what you think. > > Thanks. This is better. I have some followup questions to broaden my > understanding. (Once I understand better, I may have some > suggestions on > how to make the document clearer in this regard.) > > IIUC, upon getting a challenge for which there is no cached response, > the typical expected behavior for a UA is to launch a browser using the > URL from the authz-server-value in the challenge. Is that right? > > I'm not clear on the sequence of events following that. IOW, I'm > looking > for more detail on step [3] in the figure in section 5.1. I would > expect > that this first action of the browser will result in the AS returning a > form to the browser that will be displayed to the user. Then the user > will presumably need to fill in that form and send it to the AS. And > this may involve a dialog of multiple exchanges. This will presumably > eventually end with a response from the AS containing a token. How does > the UA recognize this as the completion of the dialog? > > In this specific case, take a look at the following flow in the RFC that > defines this mechanism: > https://tools.ietf.org/html/rfc8252#section-4.1 I don't find that at all useful because it abstracts away all the useful bits. This implies an interface between the client app and the browser. What is that interface? Where is it defined? This is needed to implement a client app. Specifically: - what information is passed in (1)? (Just the URL?) And how? - what information does the client app expect back in (4)? How is it encoded? - the figure shows just one round trip (2) and (3) between the broswer and the AS. Is that always the case? Doesn't this potentially require multiple round trips? How does the browser know it is time to return to the client app? - is the SIP UAS that is requesting authorization (e.g. registrar) the token endpoint in figure 4.1? > In particular, does the UA need to know anything about the AS or the > authentication environment in which it is operating? Or is this > consistent across all types of AS? > > The UA needs to know if it is an OAuth AS or and OpenID Connect server > to know to request access and refresh tokens only or in addition to ask > for an id token. How does it know that? Isn't that a function of what the SIP UAS requesting authorization wants? > Also, I gather there can be different kinds of token in the > response. Is > this of concern to the UA? Or does the UA blindly pass the resulting > token on to the registrar, so that the registrar can decide what to do > with it? > > The UA will only pass the Access Token to the registrar. > The refresh token is used by the UA to obtain new access token from the > AS and will never be passed to any other entity. > The id token is consumed by the UA only to get more information about > the user, e.g. SIP AOR. None of this is clear from your draft. Perhaps you could start by reproducing Figure 1 from https://tools.ietf.org/html/rfc8252#section-4.1 but changing the labels of the components to map them on to the elements in your draft. > Another point I want to follow up on is: you have now clarified that > the > authz-server-value contains a URL referencing the AS. Why not tighten > the syntax to specify the allowed value types? > > Can you elaborate on what you mean "value types"? Instead of defining the syntax as a quoted string, you could use ABNF for an HTTP/HTTPS URL. Or if you want it more general than that you could give generic URL syntax and use text to describe which kinds of URL are (and are not) suitable. (E.g. I imagine that SIP: and FILE: URLs are probably not suitable. I don't know what would be beyond HTTP and HTTPS.) Thanks, Paul > Regards, >  Rifaat > > I presume you intend this > to be something that a browser can use to query the AS. The obvious > type > for this is an HTTPS URL. I am guessing that you are leaving this vague > to allow other types that might be supported by browsers and ASs. But > presumably there is something you can say about the properties expected > of this URL. I guess it ought to be something that is generally > supported by browsers, and that can be used to reference forms. > (E.g., a > SIP URL wouldn't be appropriate here.) > >         Thanks, >         Paul > > > > > Regards, > >   Rifaat > > > > > > On Sat, Oct 19, 2019 at 4:21 PM > > >> wrote: > > > > > >     A New Internet-Draft is available from the on-line > Internet-Drafts > >     directories. > >     This draft is a work item of the Session Initiation Protocol > Core WG > >     of the IETF. > > > >              Title           : Third-Party Token-based Authentication > >     and Authorization for Session Initiation Protocol (SIP) > >              Authors         : Rifaat Shekh-Yusef > >                                Christer Holmberg > >                                Victor Pascual > >              Filename        : > draft-ietf-sipcore-sip-token-authnz-04.txt > >              Pages           : 14 > >              Date            : 2019-10-19 > > > >     Abstract: > >         This document defines a mechanism for SIP, that is based > on the > >     OAuth > >         2.0 and OpenID Connect Core 1.0 specifications, to enable the > >         delegation of the user authentication and SIP registration > >         authorization to a dedicated third-party entity that is > separate > >     from > >         the SIP network elements that provide the SIP service. > > > > > >     The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > >     There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 > > > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > >   > > > >     A diff from the previous version is available at: > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 > > > > > >     Please note that it may take a couple of minutes from the time of > >     submission > >     until the htmlized version and diff are available at > tools.ietf.org > >     . > > > >     Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > >     _______________________________________________ > >     sipcore mailing list > > sipcore@ietf.org > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Wed Oct 23 14:48:58 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D70120077 for ; Wed, 23 Oct 2019 14:48:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GueZG8SRsPgc for ; Wed, 23 Oct 2019 14:48:53 -0700 (PDT) Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20473120100 for ; Wed, 23 Oct 2019 14:48:53 -0700 (PDT) Received: by mail-il1-x130.google.com with SMTP id d83so11928369ilk.7 for ; Wed, 23 Oct 2019 14:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z6haKQEEJMYUMRau+Ub9v/cKCMTqaQdklgrFtU+QXHY=; b=YZQrIGCdmRuVCuYS5qwku+0b16J3AA7s3vUbjv+DwLVFk5y1AJTSse5dJTRMjDT5m3 CpqRJea54q8pt0l5yyxahy82bxxnpZu0J7LAZ9fGqwJRddEV7p3P2W/wvvJmBR1tUyTo CeBtHXw+TJmwr5BSKSVTBK1/CZk2luCUKknj8gYxp0zehA1vHa3bbshUlM+EJ3Y3H21c /gz6VRImYeYDc6vRqReHZzYvEXFuDYSKQf5xFMks2kfR8wUTgEr4boPCpSH0/966o2eS +nfLt4mrr+5GLdCUpPqXdDl1DJwYz8nFeLCdXP4o1jfh+JCyjo/YoVvVR2yuPYN0C9HA j5zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z6haKQEEJMYUMRau+Ub9v/cKCMTqaQdklgrFtU+QXHY=; b=Mm8mFWtGVdRnEwbbqSYmoTxGU2zyHhS9lMEfxPNYBdeQ5Ygf1yqQbWVZIGsZen1KaD BB9tNKLgMGo2SVecBrH0qfa0AmhgFUdRyv9TcZRo7/CUzC6EQ4lAZChfxJcSy+28dUpx pbRCIETOME0jUhrxQp0GLNkrWUndR+s6w6sByfM2sc4H71cNUOD5ce46fxfScUuFa48i bdi+iAMWIlW+rhavFIy3/5oOFe6+ThdZBHPcmgTMMn80kalWeFWFnF4fKGLgtx/SteC3 IWEKTb6clYwv1HjAoddc5DZzisAULbwAuV+4+ukuEVQpzd5PJ8AMYd/qMPSSZyj/dUeH rruw== X-Gm-Message-State: APjAAAVEia9VeOwKBcuml/JGrU67Tn6md5gOCXzqkCy43NBXkCq2S2Rm a3s4UskmHaJ32iwwUQNFIfQFPbmXJSnShX7DfBE= X-Google-Smtp-Source: APXvYqw8qjzEtBRVYEeRvYXSmJzyTOw4I34Pg+mi5fbBGqvjTx6VcxzF/A+Ncq2ZlWgHjb+JQpyio2CIfA+oC7VrdRc= X-Received: by 2002:a92:3954:: with SMTP id g81mr43778647ila.255.1571867332271; Wed, 23 Oct 2019 14:48:52 -0700 (PDT) MIME-Version: 1.0 References: <157151641170.5128.8434066501744885978@ietfa.amsl.com> <73c0eeaf-1341-8480-3379-7562a6d0e62c@alum.mit.edu> In-Reply-To: From: Rifaat Shekh-Yusef Date: Wed, 23 Oct 2019 17:48:43 -0400 Message-ID: To: Paul Kyzivat Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000f9635605959ae180" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-04.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 21:48:57 -0000 --000000000000f9635605959ae180 Content-Type: text/plain; charset="UTF-8" On Wed, Oct 23, 2019 at 11:37 AM Paul Kyzivat wrote: > On 10/22/19 8:45 PM, Rifaat Shekh-Yusef wrote: > > > > > > On Mon, Oct 21, 2019 at 11:40 AM Paul Kyzivat > > wrote: > > > > Rifaat, > > > > On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote: > > > All, > > > > > > We update the draft based on the latest comments, mainly from > Paul. > > > Please, take a look and let us know what you think. > > > > Thanks. This is better. I have some followup questions to broaden my > > understanding. (Once I understand better, I may have some > > suggestions on > > how to make the document clearer in this regard.) > > > > IIUC, upon getting a challenge for which there is no cached response, > > the typical expected behavior for a UA is to launch a browser using > the > > URL from the authz-server-value in the challenge. Is that right? > > > > I'm not clear on the sequence of events following that. IOW, I'm > > looking > > for more detail on step [3] in the figure in section 5.1. I would > > expect > > that this first action of the browser will result in the AS > returning a > > form to the browser that will be displayed to the user. Then the user > > will presumably need to fill in that form and send it to the AS. And > > this may involve a dialog of multiple exchanges. This will presumably > > eventually end with a response from the AS containing a token. How > does > > the UA recognize this as the completion of the dialog? > > > > In this specific case, take a look at the following flow in the RFC that > > defines this mechanism: > > https://tools.ietf.org/html/rfc8252#section-4.1 > > I don't find that at all useful because it abstracts away all the useful > bits. This implies an interface between the client app and the browser. > What is that interface? Where is it defined? This is needed to implement > a client app. Specifically: > > - what information is passed in (1)? (Just the URL?) And how? > > - what information does the client app expect back in (4)? How is it > encoded? > > - the figure shows just one round trip (2) and (3) between the broswer > and the AS. Is that always the case? Doesn't this potentially require > multiple round trips? How does the browser know it is time to return to > the client app? > > - is the SIP UAS that is requesting authorization (e.g. registrar) the > token endpoint in figure 4.1? > > RFC8252 describes how the mechanism works in details, but all of this is really out of scope for this document. > > In particular, does the UA need to know anything about the AS or the > > authentication environment in which it is operating? Or is this > > consistent across all types of AS? > > > > The UA needs to know if it is an OAuth AS or and OpenID Connect server > > to know to request access and refresh tokens only or in addition to ask > > for an id token. > > How does it know that? Isn't that a function of what the SIP UAS > requesting authorization wants? > > Configuration. I will add some text to cover that. > > Also, I gather there can be different kinds of token in the > > response. Is > > this of concern to the UA? Or does the UA blindly pass the resulting > > token on to the registrar, so that the registrar can decide what to > do > > with it? > > > > The UA will only pass the Access Token to the registrar. > > The refresh token is used by the UA to obtain new access token from the > > AS and will never be passed to any other entity. > > The id token is consumed by the UA only to get more information about > > the user, e.g. SIP AOR. > > None of this is clear from your draft. > > Fair enough. I will add these details to the draft. > Perhaps you could start by reproducing Figure 1 from > https://tools.ietf.org/html/rfc8252#section-4.1 but changing the labels > of the components to map them on to the elements in your draft. > > > Another point I want to follow up on is: you have now clarified that > > the > > authz-server-value contains a URL referencing the AS. Why not tighten > > the syntax to specify the allowed value types? > > > > Can you elaborate on what you mean "value types"? > > Instead of defining the syntax as a quoted string, you could use ABNF > for an HTTP/HTTPS URL. I will do that. Thanks, Rifaat > Or if you want it more general than that you > could give generic URL syntax and use text to describe which kinds of > URL are (and are not) suitable. (E.g. I imagine that SIP: and FILE: URLs > are probably not suitable. I don't know what would be beyond HTTP and > HTTPS.) > > Thanks, > Paul > > > Regards, > > Rifaat > > > > I presume you intend this > > to be something that a browser can use to query the AS. The obvious > > type > > for this is an HTTPS URL. I am guessing that you are leaving this > vague > > to allow other types that might be supported by browsers and ASs. But > > presumably there is something you can say about the properties > expected > > of this URL. I guess it ought to be something that is generally > > supported by browsers, and that can be used to reference forms. > > (E.g., a > > SIP URL wouldn't be appropriate here.) > > > > Thanks, > > Paul > > > > > > > > Regards, > > > Rifaat > > > > > > > > > On Sat, Oct 19, 2019 at 4:21 PM > > > > > >> wrote: > > > > > > > > > A New Internet-Draft is available from the on-line > > Internet-Drafts > > > directories. > > > This draft is a work item of the Session Initiation Protocol > > Core WG > > > of the IETF. > > > > > > Title : Third-Party Token-based > Authentication > > > and Authorization for Session Initiation Protocol (SIP) > > > Authors : Rifaat Shekh-Yusef > > > Christer Holmberg > > > Victor Pascual > > > Filename : > > draft-ietf-sipcore-sip-token-authnz-04.txt > > > Pages : 14 > > > Date : 2019-10-19 > > > > > > Abstract: > > > This document defines a mechanism for SIP, that is based > > on the > > > OAuth > > > 2.0 and OpenID Connect Core 1.0 specifications, to enable > the > > > delegation of the user authentication and SIP registration > > > authorization to a dedicated third-party entity that is > > separate > > > from > > > the SIP network elements that provide the SIP service. > > > > > > > > > The IETF datatracker status page for this draft is: > > > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > > > > > There are also htmlized versions available at: > > > > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04 > > > > > https://datatracker.ietf. > .org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > > > > < > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-04 > > > > > > > > A diff from the previous version is available at: > > > > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-04 > > > > > > > > > Please note that it may take a couple of minutes from the > time of > > > submission > > > until the htmlized version and diff are available at > > tools.ietf.org > > > . > > > > > > Internet-Drafts are also available by anonymous FTP at: > > > ftp://ftp.ietf.org/internet-drafts/ > > > > > > _______________________________________________ > > > sipcore mailing list > > > sipcore@ietf.org > > > > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > > > > _______________________________________________ > > > sipcore mailing list > > > sipcore@ietf.org > > > https://www.ietf.org/mailman/listinfo/sipcore > > > > > > > _______________________________________________ > > sipcore mailing list > > sipcore@ietf.org > > https://www.ietf.org/mailman/listinfo/sipcore > > > > --000000000000f9635605959ae180 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Wed, Oct 23, 2019 at 11:37 AM Paul= Kyzivat <pkyzivat@alum.mit.edu= > wrote:
= On 10/22/19 8:45 PM, Rifaat Shekh-Yusef wrote:
>
>
> On Mon, Oct 21, 2019 at 11:40 AM Paul Kyzivat <pkyzivat@alum.mit.edu
> <mailto:= pkyzivat@alum.mit.edu>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0Rifaat,
>
>=C2=A0 =C2=A0 =C2=A0On 10/19/19 4:23 PM, Rifaat Shekh-Yusef wrote:
>=C2=A0 =C2=A0 =C2=A0 > All,
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > We update the draft based on the latest comme= nts, mainly from Paul.
>=C2=A0 =C2=A0 =C2=A0 > Please, take a look and let us know what you = think.
>
>=C2=A0 =C2=A0 =C2=A0Thanks. This is better. I have some followup questi= ons to broaden my
>=C2=A0 =C2=A0 =C2=A0understanding. (Once I understand better, I may hav= e some
>=C2=A0 =C2=A0 =C2=A0suggestions on
>=C2=A0 =C2=A0 =C2=A0how to make the document clearer in this regard.) >
>=C2=A0 =C2=A0 =C2=A0IIUC, upon getting a challenge for which there is n= o cached response,
>=C2=A0 =C2=A0 =C2=A0the typical expected behavior for a UA is to launch= a browser using the
>=C2=A0 =C2=A0 =C2=A0URL from the authz-server-value in the challenge. I= s that right?
>
>=C2=A0 =C2=A0 =C2=A0I'm not clear on the sequence of events followi= ng that. IOW, I'm
>=C2=A0 =C2=A0 =C2=A0looking
>=C2=A0 =C2=A0 =C2=A0for more detail on step [3] in the figure in sectio= n 5.1. I would
>=C2=A0 =C2=A0 =C2=A0expect
>=C2=A0 =C2=A0 =C2=A0that this first action of the browser will result i= n the AS returning a
>=C2=A0 =C2=A0 =C2=A0form to the browser that will be displayed to the u= ser. Then the user
>=C2=A0 =C2=A0 =C2=A0will presumably need to fill in that form and send = it to the AS. And
>=C2=A0 =C2=A0 =C2=A0this may involve a dialog of multiple exchanges. Th= is will presumably
>=C2=A0 =C2=A0 =C2=A0eventually end with a response from the AS containi= ng a token. How does
>=C2=A0 =C2=A0 =C2=A0the UA recognize this as the completion of the dial= og?
>
> In this specific case, take a look at the following flow in the RFC th= at
> defines this mechanism:
> https://tools.ietf.org/html/rfc8252#section-4.1<= /a>

I don't find that at all useful because it abstracts away all the usefu= l
bits. This implies an interface between the client app and the browser. What is that interface? Where is it defined? This is needed to implement a client app. Specifically:

- what information is passed in (1)? (Just the URL?) And how?

- what information does the client app expect back in (4)? How is it
encoded?

- the figure shows just one round trip (2) and (3) between the broswer
and the AS. Is that always the case? Doesn't this potentially require <= br> multiple round trips? How does the browser know it is time to return to the client app?

- is the SIP UAS that is requesting authorization (e.g. registrar) the
token endpoint in figure 4.1?


>=C2=A0 =C2=A0 =C2=A0In particular, does the UA need to know anything ab= out the AS or the
>=C2=A0 =C2=A0 =C2=A0authentication environment in which it is operating= ? Or is this
>=C2=A0 =C2=A0 =C2=A0consistent across all types of AS?
>
> The UA needs to know if it is an OAuth AS or and OpenID Connect server=
> to know to request access and refresh tokens only or in addition to as= k
> for an id token.

How does it know that? Isn't that a function of what the SIP UAS
requesting authorization wants?

Configuration. I will add some text to cover that.

=C2=A0
>=C2=A0 =C2=A0 =C2=A0Also, I gather there can be different kinds of toke= n in the
>=C2=A0 =C2=A0 =C2=A0response. Is
>=C2=A0 =C2=A0 =C2=A0this of concern to the UA? Or does the UA blindly p= ass the resulting
>=C2=A0 =C2=A0 =C2=A0token on to the registrar, so that the registrar ca= n decide what to do
>=C2=A0 =C2=A0 =C2=A0with it?
>
> The UA will only pass the Access Token to the registrar.
> The refresh token is used by the UA to obtain new access token from th= e
> AS and will never be passed to any other entity.
> The id token is consumed by the UA only to get more information about =
> the user, e.g. SIP AOR.

None of this is clear from your draft.

Fair enough. I will add these details to the draft.

=C2=A0
Perhaps you could start by reproducing Figure 1 from
https://tools.ietf.org/html/rfc8252#section-4.1 b= ut changing the labels
of the components to map them on to the elements in your draft.

>=C2=A0 =C2=A0 =C2=A0Another point I want to follow up on is: you have n= ow clarified that
>=C2=A0 =C2=A0 =C2=A0the
>=C2=A0 =C2=A0 =C2=A0authz-server-value contains a URL referencing the A= S. Why not tighten
>=C2=A0 =C2=A0 =C2=A0the syntax to specify the allowed value types?
>
> Can you elaborate on what you mean "value types"?

Instead of defining the syntax as a quoted string, you could use ABNF
for an HTTP/HTTPS URL.

I will do that.

Thanks,
=C2=A0Rifaat
=C2=A0
=
Or if you want it more ge= neral than that you
could give generic URL syntax and use text to describe which kinds of
URL are (and are not) suitable. (E.g. I imagine that SIP: and FILE: URLs are probably not suitable. I don't know what would be beyond HTTP and <= br> HTTPS.)

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul

> Regards,
>=C2=A0 =C2=A0Rifaat
>
>=C2=A0 =C2=A0 =C2=A0I presume you intend this
>=C2=A0 =C2=A0 =C2=A0to be something that a browser can use to query the= AS. The obvious
>=C2=A0 =C2=A0 =C2=A0type
>=C2=A0 =C2=A0 =C2=A0for this is an HTTPS URL. I am guessing that you ar= e leaving this vague
>=C2=A0 =C2=A0 =C2=A0to allow other types that might be supported by bro= wsers and ASs. But
>=C2=A0 =C2=A0 =C2=A0presumably there is something you can say about the= properties expected
>=C2=A0 =C2=A0 =C2=A0of this URL. I guess it ought to be something that = is generally
>=C2=A0 =C2=A0 =C2=A0supported by browsers, and that can be used to refe= rence forms.
>=C2=A0 =C2=A0 =C2=A0(E.g., a
>=C2=A0 =C2=A0 =C2=A0SIP URL wouldn't be appropriate here.)
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul
>
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > Regards,
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0Rifaat
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > On Sat, Oct 19, 2019 at 4:21 PM <internet-drafts@ietf= .org
>=C2=A0 =C2=A0 =C2=A0<mailto:internet-drafts@ietf.org>
>=C2=A0 =C2=A0 =C2=A0 > <mailto:internet-drafts@ietf.org
>=C2=A0 =C2=A0 =C2=A0<mailto:internet-drafts@ietf.org>>> wrote:
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0A New Internet-Draft is av= ailable from the on-line
>=C2=A0 =C2=A0 =C2=A0Internet-Drafts
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0directories.
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0This draft is a work item = of the Session Initiation Protocol
>=C2=A0 =C2=A0 =C2=A0Core WG
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0of the IETF.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Third-Party Token-based= Authentication
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0and Authorization for Sess= ion Initiation Protocol (SIP)
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifaat Shekh-Yusef
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Christer= Holmberg
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Victor P= ascual
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 :
>=C2=A0 =C2=A0 =C2=A0draft-ietf-sipcore-sip-token-authnz-04.txt
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: 14
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : 2019-10-19
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Abstract:
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This documen= t defines a mechanism for SIP, that is based
>=C2=A0 =C2=A0 =C2=A0on the
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0OAuth
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02.0 and Open= ID Connect Core 1.0 specifications, to enable the
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0delegation o= f the user authentication and SIP registration
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0authorizatio= n to a dedicated third-party entity that is
>=C2=A0 =C2=A0 =C2=A0separate
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0from
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0the SIP netw= ork elements that provide the SIP service.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0The IETF datatracker statu= s page for this draft is:
>=C2=A0 =C2=A0 =C2=A0 > h= ttps://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ >=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0There are also htmlized ve= rsions available at:
>=C2=A0 =C2=A0 =C2=A0 > http= s://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-04
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0https://datatracker.ietf..org/doc/html/draft-ie= tf-sipcore-sip-token-authnz-04
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0
>=C2=A0 =C2=A0 =C2=A0 =C2=A0<https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-to= ken-authnz-04>
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0A diff from the previous v= ersion is available at:
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0ht= tps://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-04
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Please note that it may ta= ke a couple of minutes from the time of
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0submission
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0until the htmlized version= and diff are available at
>=C2=A0 =C2=A0 =C2=A0tools.ietf.org <http://tools.ietf.org>
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0<http://tools.ietf.org&= gt;.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Internet-Drafts are also a= vailable by anonymous FTP at:
>=C2=A0 =C2=A0 =C2=A0 > ftp://ftp.ietf.org/internet-drafts/=
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0__________________________= _____________________
>=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0 > sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0<mailto:sipcore@ietf.org <mailto:sipcore@ietf.org>>
>=C2=A0 =C2=A0 =C2=A0 > https://www.ietf.org/mail= man/listinfo/sipcore
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > _____________________________________________= __
>=C2=A0 =C2=A0 =C2=A0 > sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0 > sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0 > https://www.ietf.org/mail= man/listinfo/sipcore
>=C2=A0 =C2=A0 =C2=A0 >
>
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0sipcore mailing list
>=C2=A0 =C2=A0 =C2=A0sipcore@ietf.org <mailto:sipcore@ietf.org>
>=C2=A0 =C2=A0 =C2=A0https://www.ietf.org/mailman/li= stinfo/sipcore
>

--000000000000f9635605959ae180-- From nobody Thu Oct 24 00:47:05 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D38A2120877; Thu, 24 Oct 2019 00:47:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Al Morton via Datatracker To: Cc: last-call@ietf.org, sipcore@ietf.org, draft-ietf-sipcore-digest-scheme.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Al Morton Message-ID: <157190322374.11362.162243755149725357@ietfa.amsl.com> Date: Thu, 24 Oct 2019 00:47:03 -0700 Archived-At: Subject: [sipcore] Opsdir telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 07:47:04 -0000 Reviewer: Al Morton Review result: Ready This document updates the Digest Access Authentication scheme used by SIP to support the algorithms listed in the "Hash Algorithms for HTTP Digest Authentication" registry defined by [RFC7616]. SIP core spec was approved a long time ago, this draft adds support for new Digest algorithms, and seems to be a reasonable augmentation at this point. The new algorithms are not new, so there should be relevant operational experience. There are other directorate comments to address. From nobody Thu Oct 24 17:51:33 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D684E120019; Thu, 24 Oct 2019 17:51:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157196467780.11350.16529563058309019910@ietfa.amsl.com> Date: Thu, 24 Oct 2019 17:51:17 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-05.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 00:51:19 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : Third-Party Token-based Authentication and Authorization for Session Initiation Protocol (SIP) Authors : Rifaat Shekh-Yusef Christer Holmberg Victor Pascual Filename : draft-ietf-sipcore-sip-token-authnz-05.txt Pages : 14 Date : 2019-10-24 Abstract: This document updates RFC 3261 and defines a mechanism for SIP, that is based on the OAuth 2.0 and OpenID Connect Core 1.0 specifications, to enable the delegation of the user authentication and SIP registration authorization to a dedicated third-party entity that is separate from the SIP network elements that provide the SIP service. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-05 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Oct 24 17:54:30 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B765120096 for ; Thu, 24 Oct 2019 17:54:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q68KeqrP53fq for ; Thu, 24 Oct 2019 17:54:26 -0700 (PDT) Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81202120019 for ; Thu, 24 Oct 2019 17:54:26 -0700 (PDT) Received: by mail-io1-xd30.google.com with SMTP id i26so430885iog.9 for ; Thu, 24 Oct 2019 17:54:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4P7xXNHkEpWd2EKUzaY5/xPYH4tTpWCqSYona8vQ9lQ=; b=AvdisWxz3OJYD0a3HeoMFd4xGCie7RibyJ4IVj4kUMrP1GXSUKvW55ZFh/tXlrJqqR mDepOqaH4UiyTX/TXnTMESTJhiwyAA/QerPeHxQlnYp4dv2Womdekp03AXiXISg2MRQ+ TG7byKx03pM3UDsdhKenO1mF5e4UATkpC0j0b2yQ2HPgNwV9uk8RbkMPryrTsR/WlOcy Kg+bkEUych+c+yxmpwOL2oXb0udKmmF1v+whDsECJkZBzLNUBJ1qMpgm6HgWivyFlPxT UJNlA5h+LtgA6Zi0ZCCL8w23Z6TpUHRpB9QKmsEhzslT9YAtT/3JHxF/AcXKyUPLHc7N zm/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=4P7xXNHkEpWd2EKUzaY5/xPYH4tTpWCqSYona8vQ9lQ=; b=GZkOZ2zGiXvL8KGgtOe/uCLuOD51srImHgdlp2221SESlADo+BlJJKF/B9afJAIQKj aSq9Mzuwn0mk/O3TuqG050sdBQ5AwKna9fITdy+qMoiq5+UgZlU4DQWjDD0fcrjJowBN gUZqhkrvRI/WAsXc98wq8S9xwhFKbUGsPzBNtVRDXCyOqtzIp0OdFklHHVbVpSfxp7Oa 6Y6KAHh5pq1em3Q9YAsQcVyKPoMAplUVPyvs+PePZ4I0mhlbXCBfr7OMEqwLcQzAj9mj 7HfJNC8ZDGhEDDky+J3DijP4zc+Vg104Wbr49KERe1JAFsrQkBW+qUoz6pyP0hx3MTAk fdnw== X-Gm-Message-State: APjAAAXYdtyG3+m1d6ZaIVNR3Z4SYxXHqG2wHGX0+eFaDEJ82jsLD962 MX7bTjjm7ZXi9v/pJ0SoQt8QN0aIOThd2N59hClk6Q== X-Google-Smtp-Source: APXvYqyyUpcEnQSevQ7k0tOLtYBNRcghehh9WN1Kj4nvGcyYcPYtc68fIJpdwVv/o1MJlwZG/uksTzrW9Dh9wqAibA0= X-Received: by 2002:a5d:87ce:: with SMTP id q14mr997619ios.278.1571964865498; Thu, 24 Oct 2019 17:54:25 -0700 (PDT) MIME-Version: 1.0 References: <157196467780.11350.16529563058309019910@ietfa.amsl.com> In-Reply-To: <157196467780.11350.16529563058309019910@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Thu, 24 Oct 2019 20:54:16 -0400 Message-ID: To: SIPCORE Content-Type: multipart/alternative; boundary="00000000000068527c0595b19794" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-05.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 00:54:29 -0000 --00000000000068527c0595b19794 Content-Type: text/plain; charset="UTF-8" All, We believe that with this version we have addressed the latest comments received on the previous version. Please, take a look and let us know what you think. Regards, Rifaat On Thu, Oct 24, 2019 at 8:52 PM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : Third-Party Token-based Authentication and > Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-05.txt > Pages : 14 > Date : 2019-10-24 > > Abstract: > This document updates RFC 3261 and defines a mechanism for SIP, that > is based on the OAuth 2.0 and OpenID Connect Core 1.0 specifications, > to enable the delegation of the user authentication and SIP > registration authorization to a dedicated third-party entity that is > separate from the SIP network elements that provide the SIP service. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-05 > > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-sip-token-authnz-05 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-05 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --00000000000068527c0595b19794 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
All,

We believe that w= ith this version we have addressed the latest comments received on the prev= ious version.
Please, take a look and let us know what you think.=

Regards,
=C2=A0Rifaat


On Thu, Oct 24, 2019 at 8:52 PM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= Third-Party Token-based Authentication and Authorization for Session Initi= ation Protocol (SIP)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0: Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Christer Holmberg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 Victor Pascual
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-sip-token-authnz-05.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 14
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2019-10-24

Abstract:
=C2=A0 =C2=A0This document updates RFC 3261 and defines a mechanism for SIP= , that
=C2=A0 =C2=A0is based on the OAuth 2.0 and OpenID Connect Core 1.0 specific= ations,
=C2=A0 =C2=A0to enable the delegation of the user authentication and SIP =C2=A0 =C2=A0registration authorization to a dedicated third-party entity t= hat is
=C2=A0 =C2=A0separate from the SIP network elements that provide the SIP se= rvice.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/do= c/draft-ietf-sipcore-sip-token-authnz/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-= ietf-sipcore-sip-token-authnz-05
https://datatracker.ietf= .org/doc/html/draft-ietf-sipcore-sip-token-authnz-05

A diff from the previous version is available at:
https://www.ietf.org/rfcdi= ff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-05


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--00000000000068527c0595b19794-- From nobody Fri Oct 25 23:45:47 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A14C212006E; Fri, 25 Oct 2019 23:45:41 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?=C3=89ric_Vyncke_via_Datatracker?= To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: =?utf-8?q?=C3=89ric_Vyncke?= Message-ID: <157207234161.7670.15588038561485362786.idtracker@ietfa.amsl.com> Date: Fri, 25 Oct 2019 23:45:41 -0700 Archived-At: Subject: [sipcore] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-sipcore-digest-scheme-10=3A_=28with_COMMENT=29?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2019 06:45:42 -0000 Éric Vyncke has entered the following ballot position for draft-ietf-sipcore-digest-scheme-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for authoring this short document and deprecating MD5. I have only two comments and they are the same as Barry's first two comments (weird abstract phrasing and not clear about MD5) -éric From nobody Mon Oct 28 13:06:58 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EA2212004E; Mon, 28 Oct 2019 13:06:49 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benjamin Kaduk via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Benjamin Kaduk Message-ID: <157229320902.16210.18191814762147505909.idtracker@ietfa.amsl.com> Date: Mon, 28 Oct 2019 13:06:49 -0700 Archived-At: Subject: [sipcore] Benjamin Kaduk's Yes on draft-ietf-sipcore-digest-scheme-10: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 20:06:49 -0000 Benjamin Kaduk has entered the following ballot position for draft-ietf-sipcore-digest-scheme-10: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document; it's always good to see ways to move off of md5. The genart thread suggests that we are expecting a new rev of the doc? I do have some comments, despite balloting Yes; please note especially the comment on Section 2.6, which may reflect an error in the document. Abstract nit: comma after "e.g." (as well as before). Section 2.1 A UAS prioritizes which algorithm to use based on the ordering of the challenge header fields in the response it is processing. That nit: the UAS is *preparing* the response, not processing it, right? Section 2.4 Why does the first paragraph get an exemption for local policy but the second paragraph does not? Section 2.6 6. [RFC7616] requires that a server check that the URI in the request line and the URI included in the Authorization header field point to the same resource. In a SIP context, these two URIs may refer to different users, due to forwarding at some proxy. Therefore, in SIP, a UAS MAY check that the Request-URI in the Authorization/Proxy-Authorization header field value corresponds to a user for whom the UAS is willing to accept forwarded or direct requests, but it is not necessarily a failure if the two fields are not equivalent. I think there's a subtle difference between what this says and what we want; we still want a "MUST check" requirement (right?), but the nature of the check changes, with default still being exact match but a "MAY" option for the relaxed target-user check. 8. A UAS MUST be able to properly handle "qop" parameter received in an Authorization/Proxy-Authorization header field, and a UAC MUST be able to properly handle "qop" parameter received in WWW-Authenticate and Proxy-Authenticate header fields. However, for backward compatibility reasons, the "qop" parameter is optional for RFC3261-based clients and servers to receive. Should we remind people what the default is when it's not specified? From nobody Mon Oct 28 15:12:30 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51DC612006B; Mon, 28 Oct 2019 15:12:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157230074226.16080.6143723167028941346@ietfa.amsl.com> Date: Mon, 28 Oct 2019 15:12:22 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-11.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 22:12:22 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : The Session Initiation Protocol (SIP) Digest Authentication Scheme Author : Rifaat Shekh-Yusef Filename : draft-ietf-sipcore-digest-scheme-11.txt Pages : 9 Date : 2019-10-28 Abstract: This document updates RFC 3261 by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512-256, to replace the broken MD5 algorithm. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-11 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 28 15:16:22 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C892C120096; Mon, 28 Oct 2019 15:16:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVz9AabTaRdz; Mon, 28 Oct 2019 15:16:10 -0700 (PDT) Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AED712006B; Mon, 28 Oct 2019 15:16:10 -0700 (PDT) Received: by mail-il1-x12c.google.com with SMTP id i12so9597327ils.6; Mon, 28 Oct 2019 15:16:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=01Mp0S8UsqLKKqmY2pgZhzsIxR4A2pCFW92XvnOrjO0=; b=Af8EigmGlKJ285IgxXzBGQjDtDsn9sPvFfwq7Y9Ngfyou0RmgTgFMdnZcB5FdGuvv/ A36PmoJQMQzUbAtoW0GeN3nMoFCl/+XmKQXp33EvoCdXOCvMEKczw/aG2fmC3yHU7rAT GOqO3NuD50Spar7626NlrHF5ryI2bF/ssVPINKTciENHte19l4DObVV1wnO7r2SYmQO2 V9n0Cyor0/YXbnb2oOkswAXLUZP7f0V4OPO3lAb6RwND0EZbhqoPvYKQUx0M/kC0t3X7 GoVgBXFMYuDeAf1Kkps0GHgOu1M8nbCUo3nBqFZfDBPUQF7DeTIECPkZW1h+v2pyEuzh RwAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=01Mp0S8UsqLKKqmY2pgZhzsIxR4A2pCFW92XvnOrjO0=; b=IPLelw6JRSv0bKlV6uE3zZKe53ECvhjq5Bqu/fNojdPVz8UbI6Ys//0F8QG0s3VW9h TbZsAVoIZHG9tngve0QAmuG4x4hOnuDXUb2VRCVWDoCG5mXFZGqqM4pD4nGF3wnr6dw2 gZiFW8ZsoM5tIvpfNk5w0maf/YoUTBs+oynzm8NoEauHgjouLUmeA2XCJUl7B80KzWJJ w/vnR3L26I/KojKvq6iP2rKyhhDpbGi8gt/z9SFZCEK+Kvk1NevXQgnqnPMepOeEx6Zu jHin+O47QSsNs9UuRkufQ/yD2qDdUAN75qvot/3PAW7f3+k3zJrUlDY4nXEd8P+m1+R5 9u2g== X-Gm-Message-State: APjAAAXx8jxRAgodWmtqlQaaBCjAeBVmO9mlIpC3C6thU5qQ80GWu6Zk IMjFjTiLTcwPP5NfiHSZDvbA7WUGsu+FE4RzvoM= X-Google-Smtp-Source: APXvYqzrER4QL8fHDMklq71BsM/VKpVDWFr2PRWlw7EoHPISc+TT901ZP5440YbNsS/01MRgaS3VvHBcSnsU9p15pxw= X-Received: by 2002:a92:cb11:: with SMTP id s17mr10050620ilo.255.1572300969647; Mon, 28 Oct 2019 15:16:09 -0700 (PDT) MIME-Version: 1.0 References: <157229320902.16210.18191814762147505909.idtracker@ietfa.amsl.com> In-Reply-To: <157229320902.16210.18191814762147505909.idtracker@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Mon, 28 Oct 2019 18:16:00 -0400 Message-ID: To: Benjamin Kaduk Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="000000000000c6a6cf0595ffd882" Archived-At: Subject: Re: [sipcore] Benjamin Kaduk's Yes on draft-ietf-sipcore-digest-scheme-10: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 22:16:13 -0000 --000000000000c6a6cf0595ffd882 Content-Type: text/plain; charset="UTF-8" Thanks Ben! I have just submitted a new version that addresses all the comments received so far, including all your comments. Please, take a look and let me know what you think. Regards, Rifaat On Mon, Oct 28, 2019 at 4:06 PM Benjamin Kaduk via Datatracker < noreply@ietf.org> wrote: > Benjamin Kaduk has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-10: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for this document; it's always good to see ways to move off of md5. > > The genart thread suggests that we are expecting a new rev of the doc? > > I do have some comments, despite balloting Yes; please note especially > the comment on Section 2.6, which may reflect an error in the document. > > Abstract > > nit: comma after "e.g." (as well as before). > > Section 2.1 > > A UAS prioritizes which algorithm to use based on the ordering of the > challenge header fields in the response it is processing. That > > nit: the UAS is *preparing* the response, not processing it, right? > > Section 2.4 > > Why does the first paragraph get an exemption for local policy but the > second paragraph does not? > > Section 2.6 > > 6. [RFC7616] requires that a server check that the URI in the > request line and the URI included in the Authorization header field > point to the same resource. In a SIP context, these two URIs may > refer to different users, due to forwarding at some proxy. > Therefore, in SIP, a UAS MAY check that the Request-URI in the > Authorization/Proxy-Authorization header field value corresponds to a > user for whom the UAS is willing to accept forwarded or direct > requests, but it is not necessarily a failure if the two fields are > not equivalent. > > I think there's a subtle difference between what this says and what we > want; > we still want a "MUST check" requirement (right?), but the nature of the > check changes, with default still being exact match but a "MAY" option for > the relaxed target-user check. > > 8. A UAS MUST be able to properly handle "qop" parameter received in > an Authorization/Proxy-Authorization header field, and a UAC MUST be > able to properly handle "qop" parameter received in WWW-Authenticate > and Proxy-Authenticate header fields. However, for backward > compatibility reasons, the "qop" parameter is optional for > RFC3261-based clients and servers to receive. > > Should we remind people what the default is when it's not specified? > > > --000000000000c6a6cf0595ffd882 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Ben!

I have just submitted a new= version that addresses all the comments received so far, including all you= r comments.
Please, take a look and let me=C2=A0know what you thi= nk.

Regards,
=C2=A0Rifaat

=

On Mon, Oct 28, 2019 at 4:06 PM Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
=
Benjamin Kaduk has entere= d the following ballot position for
draft-ietf-sipcore-digest-scheme-10: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/s= tatement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for this document; it's always good to see ways to move off of m= d5.

The genart thread suggests that we are expecting a new rev of the doc?

I do have some comments, despite balloting Yes; please note especially
the comment on Section 2.6, which may reflect an error in the document.

Abstract

nit: comma after "e.g." (as well as before).

Section 2.1

=C2=A0 =C2=A0A UAS prioritizes which algorithm to use based on the ordering= of the
=C2=A0 =C2=A0challenge header fields in the response it is processing.=C2= =A0 That

nit: the UAS is *preparing* the response, not processing it, right?

Section 2.4

Why does the first paragraph get an exemption for local policy but the
second paragraph does not?

Section 2.6

=C2=A0 =C2=A06.=C2=A0 [RFC7616] requires that a server check that the URI i= n the
=C2=A0 =C2=A0request line and the URI included in the Authorization header = field
=C2=A0 =C2=A0point to the same resource.=C2=A0 In a SIP context, these two = URIs may
=C2=A0 =C2=A0refer to different users, due to forwarding at some proxy.
=C2=A0 =C2=A0Therefore, in SIP, a UAS MAY check that the Request-URI in the=
=C2=A0 =C2=A0Authorization/Proxy-Authorization header field value correspon= ds to a
=C2=A0 =C2=A0user for whom the UAS is willing to accept forwarded or direct=
=C2=A0 =C2=A0requests, but it is not necessarily a failure if the two field= s are
=C2=A0 =C2=A0not equivalent.

I think there's a subtle difference between what this says and what we = want;
we still want a "MUST check" requirement (right?), but the nature= of the
check changes, with default still being exact match but a "MAY" o= ption for
the relaxed target-user check.

=C2=A0 =C2=A08.=C2=A0 A UAS MUST be able to properly handle "qop"= parameter received in
=C2=A0 =C2=A0an Authorization/Proxy-Authorization header field, and a UAC M= UST be
=C2=A0 =C2=A0able to properly handle "qop" parameter received in = WWW-Authenticate
=C2=A0 =C2=A0and Proxy-Authenticate header fields.=C2=A0 However, for backw= ard
=C2=A0 =C2=A0compatibility reasons, the "qop" parameter is option= al for
=C2=A0 =C2=A0RFC3261-based clients and servers to receive.

Should we remind people what the default is when it's not specified?

--000000000000c6a6cf0595ffd882-- From nobody Mon Oct 28 15:20:03 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 525EA12006B; Mon, 28 Oct 2019 15:19:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-mPwFnzTZg3; Mon, 28 Oct 2019 15:19:52 -0700 (PDT) Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4710112008A; Mon, 28 Oct 2019 15:19:52 -0700 (PDT) Received: by mail-il1-x12b.google.com with SMTP id i12so9604236ils.6; Mon, 28 Oct 2019 15:19:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pPjSz2eCUGKLBBIo83mh7SNXXvlEbBcOAoxDuaEf8g0=; b=m7lzGmxaym5SrTkCcAvM38v2WNpltquYRoDEfRPsZRAQ/iY5NcM8A91StxXRHBIA8N vhVW31nTarRqD4uyL2KxN78jl8mevdflfVR39wdQwpXNNTiWIyPzi0cZRrnxBEN6AefI KdP4rbNJRPAvVSQ7uizqNwlkSOUHIQ6KGeBrHzqttWxOwjznqUk3gjav0o6BOj+Su34K Tcj+EbW7V63CiQfEu+/uScnwZChvmiBqT/oHcfIPpiHCkTQYVJbss8rv7qyBugJDARkW ce0Mn18P7MwbWxPZmZxEp2cnGS22T4j1Nc181zaTabk5MJ+iH5EURoq8TwG1mcpzto93 cy2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pPjSz2eCUGKLBBIo83mh7SNXXvlEbBcOAoxDuaEf8g0=; b=fpWiYdZqJtarcYwU/GNHMM77qkysjRiAko1IGcYySAxB0KDk6nP5C0gJiPGmAc9EAv 1hTdypSyWJUAGrZoD772K2g4NZy7Rb0mkweI/LAdv6NESahQcPbfA1y74sYMErbtvGsF ISPfLqRSByWw8Ft0/vjKXmt0cX3XhTzFL3wXjoyhDsFSXKFfbDdnhfFO8g8Wgrme3vKt nqEYYS2iH2DaJ8mWQ5+XrLm7YTsGIvVeoE+PmwAb7zJoeNME2pa8rZU1zJLrTXzBAyTg AOF6VZuW1OZ8q6qTH1oIJ57CzyujEM8ZvxbgIpujuybEPcZgnuGyvSZ7BX4hG+r828fE vKFA== X-Gm-Message-State: APjAAAVtrvF1nh5wxF1WXEWrN+abVHbwlOQ8uV9LpMfGngumvO2xtBgr W7E5XTqEYeN2Y3quolDmd2uYz7Wi23O+LS5cOQMWR8lKM+c= X-Google-Smtp-Source: APXvYqy+U/s7wtPMuSciJlGpObuw+7ePOkUYjsxZy538OdA8ijhozdFX5fwJlMZ3sJ3pQ6iF/wFSLQ2hPxH2mg64mOM= X-Received: by 2002:a92:cb11:: with SMTP id s17mr10070604ilo.255.1572301191671; Mon, 28 Oct 2019 15:19:51 -0700 (PDT) MIME-Version: 1.0 References: <157207234161.7670.15588038561485362786.idtracker@ietfa.amsl.com> In-Reply-To: <157207234161.7670.15588038561485362786.idtracker@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Mon, 28 Oct 2019 18:19:42 -0400 Message-ID: To: =?UTF-8?B?w4lyaWMgVnluY2tl?= Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="0000000000000275bf0595ffe65c" Archived-At: Subject: Re: [sipcore] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-sipcore-digest-scheme-10=3A_=28with_COMMENT=29?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 22:19:54 -0000 --0000000000000275bf0595ffe65c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Barry, =C3=89ric, I believe that I have addressed all these comments in version 11 that I have just submitted. Please, take a look and let me know if you have any further comments. Regards, Rifaat On Sat, Oct 26, 2019 at 2:45 AM =C3=89ric Vyncke via Datatracker < noreply@ietf.org> wrote: > =C3=89ric Vyncke has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for authoring this short document and deprecating MD5. > > I have only two comments and they are the same as Barry's first two > comments > (weird abstract phrasing and not clear about MD5) > > -=C3=A9ric > > > --0000000000000275bf0595ffe65c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Barry, =C3=89ric,

I believe=C2=A0that I= have addressed all these comments in version 11 that I have just submitted= .
Please, take a look and let me know if you have any further com= ments.

Regards,
=C2=A0Rifaat
<= br>



On Sat, Oct 26, 2019 at 2:45 AM =C3= =89ric Vyncke via Datatracker <norep= ly@ietf.org> wrote:
=C3=89ric Vyncke has entered the following ballot position for draft-ietf-sipcore-digest-scheme-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/s= tatement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for authoring this short document and deprecating MD5.

I have only two comments and they are the same as Barry's first two com= ments
(weird abstract phrasing and not clear about MD5)

-=C3=A9ric


--0000000000000275bf0595ffe65c-- From nobody Mon Oct 28 21:06:21 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E513D12008D; Mon, 28 Oct 2019 21:06:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.747 X-Spam-Level: X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pusl-e_MaoMP; Mon, 28 Oct 2019 21:06:12 -0700 (PDT) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F66412008C; Mon, 28 Oct 2019 21:06:12 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id p4so12053325wrm.8; Mon, 28 Oct 2019 21:06:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=S1+xVB98x5BC0QuIYkzAj7CE2XOLxn+K5ugZghjaS24=; b=Grz2b3aKqJkjFw0AXtivEg9hFV1+HlcMkLble6zVhktL5rvsnQiEyn3NIzBZ833Ftc dHgGbseiLJi9e2ayeyX95vySOCOikr1gwgJYv+RhxUJfw2wcN+D/lv/SyhsHsxeWhLu2 GaiZzG5tUONmBc/jXT1KjVelhQfVhlvdNNIuPYRsrvt6h/gnQFPXb30KrVhOrI0rXSgm QFaZvcNLcVFi0G8qoE7Glb5Neb5bObeTFtSctdMkPplrUPqYWxWZNY+tHEJ0VsiyvS8h NgXAHGSlMAPDlClvGBH/l9uo2k5wX436NCcx/YdPLAKUq2EosFIoDS+JIGxT6qlzsGG7 Oo2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=S1+xVB98x5BC0QuIYkzAj7CE2XOLxn+K5ugZghjaS24=; b=sjlcCIuZaTnyIQrUL3ZgYjLfxn60scvXCbuNjBx9QDekjWfvyj4oEMgvNwwbTkNzNH g7hCbV4g5qn+MvJsDK94+TX5z+hys1WqaAohqzPva13UGVKl6jdQdn4s9aqHlfEygGnQ JwcDieZk4ZqpXY8TYkX0dmTlODU2OdVfEcO5+vCftIPYvMv2B6iDtqlybuITLZMSe95N p8CGe3SbeZSoShxUL2eL6IbfmCCAloifOb5v10x4KNUvCOHsD+haHBY454ZPq42sGeSf n1rabKDQeW884nLhTUolwksIo2nGp7JWKpmGQ06cMuA3wLJr+orvVeqG5trWrYdDVE5u jzeQ== X-Gm-Message-State: APjAAAU44f2cNQDgsCcoiGb/AxHMse0Lhpa6QsfCmmpk07aHtrMXZUmu zJ9P8xUUDF454DgpTqhAT1z7YjfZY96SsfEzTkrzgQ== X-Google-Smtp-Source: APXvYqyddVieEFpd8k8pBCj/JY0Zvziveaco4mAgA5iLQlL021qJ6I3cTCg8OVFTMjY7qwwv6VpKmK2JCwq3T//+iLY= X-Received: by 2002:a5d:54c7:: with SMTP id x7mr16789417wrv.99.1572321970582; Mon, 28 Oct 2019 21:06:10 -0700 (PDT) MIME-Version: 1.0 From: Ranjit Avasarala Date: Mon, 28 Oct 2019 23:05:59 -0500 Message-ID: To: sipcore@ietf.org, dispatch@ietf.org, Sip-implementors@lists.cs.columbia.edu Content-Type: multipart/alternative; boundary="0000000000008779c5059604bc02" Archived-At: Subject: [sipcore] Proposal for a mew SIP 4xx Error code X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 04:06:14 -0000 --0000000000008779c5059604bc02 Content-Type: text/plain; charset="UTF-8" Hello all Many times I experienced scenarios where SIP requests (e.g. INVITE, PUBLISH or PRACK or any other) have either invalid parameters in the header or a particular header is missing in the request or the header value is incomplete. Some e.gs are - SIP Route header in INVITE contains additional "lr" parameter. Ideally, "lr" parameter needs to be associated with a particular route - i.e. sip URI - the Accept header is missing in SIP PUBLISH - the Allow header misses UPDATE method - ..... many more Currently, in all the above cases the SIP Proxy server that receives the request, responds with a 400 Bad Request. Though 400 Bad Request is acceptable given that there is some issue in the SIP request, a more detailed error would be more useful - as sometimes interpreting 400 Bad Request is harder E.g. a 4xx Invalid header/parameter may be more appropriate with reason E.g. if there is additional "lr" parameter in SIP INVITE, then the proxy can return a 4xx Invalid Header/parameter with Reason: SIP code=4xx; Text="Invalid lr parameter in Route header" Let me know your thoughts on if this proposal can be taken forward as an Internet draft. Thank you Ranjit --0000000000008779c5059604bc02 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello all

Many times I experienced scen= arios where SIP requests (e.g. INVITE, PUBLISH or PRACK or any other) have = either invalid parameters in the header or a particular header is missing i= n the request or the header value is incomplete.=C2=A0 Some e.gs are
  • SIP Route header in INVITE contains= additional "lr" parameter. Ideally, "lr" parameter nee= ds to be associated with a particular route - i.e. sip URI
  • the Acce= pt header is missing in SIP PUBLISH
  • the Allow header misses UPDATE = method=C2=A0
  • .....=C2=A0 many more
Currently, in all = the above cases the SIP Proxy server that receives the request, responds wi= th a 400 Bad Request.
Though 400 Bad Request is acceptable given = that there is some issue in the SIP request, a more detailed error would be= more useful - as sometimes interpreting 400 Bad Request is harder
E.g.
a=C2=A0 4xx Invalid header/parameter may be more appropria= te with reason
E.g. if there is additional "lr" paramet= er in SIP INVITE, then the proxy can return a 4xx Invalid Header/parameter = with Reason:=C2=A0 SIP code=3D4xx; Text=3D"Invalid lr parameter in Rou= te header"

Let me know your thoughts on if th= is proposal can be taken forward as an Internet draft.

=
Thank you
Ranjit


--0000000000008779c5059604bc02-- From nobody Mon Oct 28 23:35:28 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D521D120048; Mon, 28 Oct 2019 23:35:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v28Lo9aixS6S; Mon, 28 Oct 2019 23:35:24 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00061.outbound.protection.outlook.com [40.107.0.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0ED1B120020; Mon, 28 Oct 2019 23:35:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kEw2FNFH04EhvXqpcDCgzWVT7xdHk0fcctTJ+7FFTQw0ZCaomYpPqhgAPmd1byVGbS2f7CLOSatPa5pU/CFKrnDCPm7ijlE5Nw38trhhPbt9oHYR0Tqkzimh/wn1CzWkyxQsLiqe2vn9Mw8UVLXFBHhqeA5M2fmDLpL+qSZFaEbdGOmFrJMuXd/fq7GcpRqbHcfPZC9d3WyCDWbWr0+//bXRiyyDhzIfIVSk0TJw3n1CAAu+ap0GLPr9dFYZ8ZkyG/sbmSo1lIvE1mPYZX6PZ33t6JweARxiZGsX2t8vqpuHRUfj834W9QLtfhbv76YgCeqnPcJwhULO4kduPOtSxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ud4ux5q812bXqwgmuzvR5NGG47kx/yxWEZhZT+tbJQ=; b=BIBZrAvNg0xKR4j6y5vQmhTT9Y0tcS1QSMP99ZQEBJ4oiTovDZZRhh8XeCb1unDcVVrJVHD/9ciirWMKAl6/d4xwOkTCuZUqGhOO/JEhwq6GpLqzNZKNsW93D9JqndugQ7zgYhvhOpDO9RezMlfB1ZMWb7+MMD/mx+0MVvCos7RhsAl2LfEbw8ocV5WHLS2TqYKM2fvkBtAQlPlK33BF/vqcqcQ8c5nGuQKSW1ylcxxMwhOogFs19eTcy9XnhGHcI6Eo+ENV5MN8VMZhR8r7g6RJhlgAQCE5zF8jAI9aj6Q+OSL4CKqUxXwNv80v1IDby+/GCyfveCTPVvmMEEh3Hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ud4ux5q812bXqwgmuzvR5NGG47kx/yxWEZhZT+tbJQ=; b=kNassNsieyHGK3YsNjDw1+BrIPsMUouMTUDh82PA8bCthQql26+WO/+1w9+2CfrU0+r83szeA5c4bb5GhCI2a+VWjibquSVWRd20ZWo/x5tWxzednzKxSz4rl9TicLf3V8mMvRv5p0OPyTFw5Q/cbzflsOt2hP0bgeRcsfryzIY= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3273.eurprd07.prod.outlook.com (10.170.248.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Tue, 29 Oct 2019 06:35:21 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Tue, 29 Oct 2019 06:35:21 +0000 From: Christer Holmberg To: Ranjit Avasarala , "sipcore@ietf.org" , "dispatch@ietf.org" , "Sip-implementors@lists.cs.columbia.edu" Thread-Topic: [dispatch] Proposal for a mew SIP 4xx Error code Thread-Index: AQHVjg48nX8QtQl4x0aJ8SlhWJh8TqdxKWtR Date: Tue, 29 Oct 2019 06:35:21 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [86.50.147.151] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: edbbcbb4-9b06-47ed-1c25-08d75c3a2c58 x-ms-traffictypediagnostic: HE1PR07MB3273: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0205EDCD76 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53754006)(2171002)(102836004)(2906002)(186003)(74316002)(606006)(8676002)(236005)(99286004)(9686003)(6306002)(6116002)(54896002)(19627405001)(66066001)(52536014)(316002)(3846002)(229853002)(110136005)(71190400001)(26005)(8936002)(6436002)(14454004)(71200400001)(5660300002)(7696005)(478600001)(33656002)(105004)(76116006)(14444005)(66946007)(86362001)(64756008)(66446008)(76176011)(66556008)(66476007)(55016002)(6246003)(25786009)(256004)(446003)(2501003)(11346002)(81156014)(476003)(81166006)(53546011)(6506007)(486006)(7736002)(561944003)(2201001)(44832011)(66574012); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3273; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9MSemgZwNHnwrEAIu7Emm/3X/EDFV2edbr24WVxqeO5UeWE+oPlyMewbOkwfOCuYcVqQ7Ig1kkhiKj/lFSqmIDGqMCS314JS6uyzqnHXUVjyqzbZKUu5kAAIWo0jsqRfnQy5snBCSckCnFjtDL54QJyplsgBb5CSplrNJTtOyWMRCLgyiyWkfz3xhQyYfELmnyyLKqdOtMFZU01GY5umLRmDuraYJXfqL1M3tqgLZPInWy7vq5Oplyp/1+2dXEMrDXpaT1/OKNXMouKAqYDAmmeVlbbGzqAF9ITEDGeaBOBUD7YjWG8JeN6sEfNNEMI7ecUUimcFAMJKFgC4JthpZajbfekMfnjSVNgoSJ8PfdrE/1FnFDhoFOx/OxJFhHxYKsaVhzpQxP3zixkKtHfoHkgptZS/O+2OfgS0dRsCR4ez7v4oUShj0GetIyBa9xwg x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_HE1PR07MB316193008872CD421120942993610HE1PR07MB3161eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: edbbcbb4-9b06-47ed-1c25-08d75c3a2c58 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2019 06:35:21.6995 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pbelhOzEZaun1m/4oupZvrfo5BsGBx6g8s5mMb3GcXwz7KkKmJUh8a4n+KcNzL1hIIjVa2tO9odIJLXNamwB53wy53JkLtmtLXvjThGRiAE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3273 Archived-At: Subject: Re: [sipcore] [dispatch] Proposal for a mew SIP 4xx Error code X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 06:35:27 -0000 --_000_HE1PR07MB316193008872CD421120942993610HE1PR07MB3161eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I assume this discussion can be moved to SIPCORE, because I don't think DIS= PATCH needs to discuss the need for a new SIP response code, and where the = work defining such would be done. Regards, Christer ________________________________ From: dispatch on behalf of Ranjit Avasarala Sent: Tuesday, October 29, 2019 6:05 AM To: sipcore@ietf.org ; dispatch@ietf.org ; Sip-implementors@lists.cs.columbia.edu Subject: [dispatch] Proposal for a mew SIP 4xx Error code Hello all Many times I experienced scenarios where SIP requests (e.g. INVITE, PUBLISH= or PRACK or any other) have either invalid parameters in the header or a p= articular header is missing in the request or the header value is incomplet= e. Some e.gs are * SIP Route header in INVITE contains additional "lr" parameter. Ideall= y, "lr" parameter needs to be associated with a particular route - i.e. sip= URI * the Accept header is missing in SIP PUBLISH * the Allow header misses UPDATE method * ..... many more Currently, in all the above cases the SIP Proxy server that receives the re= quest, responds with a 400 Bad Request. Though 400 Bad Request is acceptable given that there is some issue in the = SIP request, a more detailed error would be more useful - as sometimes inte= rpreting 400 Bad Request is harder E.g. a 4xx Invalid header/parameter may be more appropriate with reason E.g. if there is additional "lr" parameter in SIP INVITE, then the proxy ca= n return a 4xx Invalid Header/parameter with Reason: SIP code=3D4xx; Text= =3D"Invalid lr parameter in Route header" Let me know your thoughts on if this proposal can be taken forward as an In= ternet draft. Thank you Ranjit --_000_HE1PR07MB316193008872CD421120942993610HE1PR07MB3161eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,

I assume this discussion can be moved to SIPCORE, because I don't think DIS= PATCH needs to discuss the need for a new SIP response code, and where the = work defining such would be done.

Regards,

Christer



From: dispatch <dispatch= -bounces@ietf.org> on behalf of Ranjit Avasarala <ranjitkav12@gmail.c= om>
Sent: Tuesday, October 29, 2019 6:05 AM
To: sipcore@ietf.org <sipcore@ietf.org>; dispatch@ietf.org <= ;dispatch@ietf.org>; Sip-implementors@lists.cs.columbia.edu <Sip-impl= ementors@lists.cs.columbia.edu>
Subject: [dispatch] Proposal for a mew SIP 4xx Error code
 
Hello all

Many times I experienced scenarios where SIP requests (e.g. INVITE, PU= BLISH or PRACK or any other) have either invalid parameters in the header o= r a particular header is missing in the request or the header value is inco= mplete.  Some e.gs are
  • SIP Route header in INVITE contains additional "lr" parameter= . Ideally, "lr" parameter needs to be associated with a particula= r route - i.e. sip URI
  • the Accept header is missing in SIP PUBLISH<= /li>
  • the Allow header misses UPDATE method 
  • .....  man= y more
Currently, in all the above cases the SIP Proxy server that receives t= he request, responds with a 400 Bad Request.
Though 400 Bad Request is acceptable given that there is some issue in= the SIP request, a more detailed error would be more useful - as sometimes= interpreting 400 Bad Request is harder
E.g.
a  4xx Invalid header/parameter may be more appropriate with reas= on
E.g. if there is additional "lr" parameter in SIP INVITE, th= en the proxy can return a 4xx Invalid Header/parameter with Reason:  S= IP code=3D4xx; Text=3D"Invalid lr parameter in Route header"

Let me know your thoughts on if this proposal can be taken forward as = an Internet draft.

Thank you
Ranjit


--_000_HE1PR07MB316193008872CD421120942993610HE1PR07MB3161eurp_-- From nobody Mon Oct 28 23:47:44 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75955120020; Mon, 28 Oct 2019 23:47:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.499 X-Spam-Level: X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MgZTmQ7A; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oSB+QIVf Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqZGyILPXM_j; Mon, 28 Oct 2019 23:47:31 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 687EF12001A; Mon, 28 Oct 2019 23:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10527; q=dns/txt; s=iport; t=1572331651; x=1573541251; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=lQzGhWGYbto3DODl1RG5JNSZQe6/veD45nZlRVenHm8=; b=MgZTmQ7ACT4zHrKBBcc4WZXMrwHo23FmPWe9GCpKm9uZAy9ksdU26cs4 2odRLNnzgLSaguqXg7TwCkbaG5rYcGjvPlRxapadTzJIszCnwf8T86tzK zlF4kToXHDlqBvbOYjfROcZ5Qz/Jf60LgJhFR1s159v8S1e/L2iCWSCGX Y=; IronPort-PHdr: =?us-ascii?q?9a23=3AdljamxSe0vIVIaewwAaltoiTW9psv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOiEkDcJJV1JN9HCgOk8TE8H7NBXf?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ARAQBP37dd/49dJa1lGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYF7gRwvUAVsWCAECyqEKINGA4pugjkliVWJNYR?= =?us-ascii?q?hgUKBEANUCQEBAQwBASMKAgEBhEACF4M1JDgTAgMJAQEEAQEBAgEFBG2FNwy?= =?us-ascii?q?FUQEBAQQSER0BATcBDwIBCBEDAQIoAwICAh8RFAYDCAIEDgUigwABgXlNAy4?= =?us-ascii?q?BDqV4AoE4iGB1gTKCfgEBBYFIQYMJDQuCFwMGgTaMDxiBQD+BEScME4JMPoI?= =?us-ascii?q?bRwIBAgGBKgESAT8NCYJaMoIsjROCLzeFPJd2QQqCJIcQihIEhAgbgjyHV49?= =?us-ascii?q?Hg0aTI4IQjw4CBAIEBQIOAQEFgWkiZ1gRCHAVZQGCQVAQFIMGDRYVgzuFFIU?= =?us-ascii?q?/dAGBJ4xDgjABAQ?= X-IronPort-AV: E=Sophos;i="5.68,243,1569283200"; d="scan'208,217";a="432053679" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Oct 2019 06:47:29 +0000 Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x9T6lTRc011080 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 29 Oct 2019 06:47:29 GMT Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Oct 2019 01:47:28 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Oct 2019 01:47:28 -0500 Received: from NAM01-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 29 Oct 2019 01:47:27 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gmKWirxS5NRXyR+enYGsHTdzrPYWO5OVBRJb2BBWiajFCiprMOCsrP82spWyOkuBhDpIdk/J6WOeyGodVCaKcy54KhiIdwIDGHCuWUP9QujOxB0jlTmkwbKyarKW33r1DVEx2BJchf3bzdU3i8stJuLTLnKk3TTpfL+Z86loby5TUpwqJJNn9oV5KNK49ql2xwOqo2pOoOAkoj5LJm+pYU/HuAFXB9Gs/6babCT97pQZFUhA4bCKsvACDq1541J4VwaopZ+jcz2jKwDgSIRIaXDXPjDtjjHIoJ0mpzkdSkshcYnXNuO2UMnJ7xvR0dkb1s/RCtEp2Vn44zJX6SG+sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lQzGhWGYbto3DODl1RG5JNSZQe6/veD45nZlRVenHm8=; b=ImqCasjFxT0zBsYo6jajmGsHLAIekuXFYUjSfY5h5oKUlGcFyq6JY/kRWSUNDbgk6P0rS/AdBwCPntqQkZwptE2stY4mx3cvfDSyY423iY2Q8RGZb5c7kVKqyfmHi+9R+/CfXqJVwkodD+mqMVoBGHGJAzHpo+jNrbvsAcqaNLdvPA7YBnVrHUUzZProWhexvVhS88U9s/PVRxKD+Ag9uQz2nEkokLzyI3KwYPhL9m8uHs+lo7S+ANFwajilBgz3P5zd/tDejJSBGUZ1bWhqxz9r2CDPZZlcVCaIELVgm1iqlo2ycrsQogvPfV2kLezp07wSMAqV98Se30CB311qGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lQzGhWGYbto3DODl1RG5JNSZQe6/veD45nZlRVenHm8=; b=oSB+QIVfMMEzPfFwOmos8C2X2NkttaywDHFZDcIS1EfRi7JBMFJ7J1lOC+kwwH3OB8gKWnX8/hcoiCNVLLF9dU28FEY1SGalTG8ccC4/c7Uu5v1PBOQ1NgjXPP7+jq/Q0GYD/crik03mmySH/1xlnyhx6TbkZRwquTUUoojr4fU= Received: from DM5PR11MB1753.namprd11.prod.outlook.com (10.175.88.141) by DM5PR11MB1354.namprd11.prod.outlook.com (10.168.108.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Tue, 29 Oct 2019 06:47:27 +0000 Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::c1f1:d33a:2203:5a39%7]) with mapi id 15.20.2387.025; Tue, 29 Oct 2019 06:47:27 +0000 From: "Eric Vyncke (evyncke)" To: Rifaat Shekh-Yusef CC: The IESG , "draft-ietf-sipcore-digest-scheme@ietf.org" , Jean Mahoney , "sipcore-chairs@ietf.org" , SIPCORE Thread-Topic: =?utf-8?B?w4lyaWMgVnluY2tlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lw?= =?utf-8?Q?core-digest-scheme-10:_(with_COMMENT)?= Thread-Index: AQHVjd3jC1VmUsK0P0ydP9dF2ihGFqdxPnmA Date: Tue, 29 Oct 2019 06:47:26 +0000 Message-ID: References: <157207234161.7670.15588038561485362786.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: fr-BE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com; x-originating-ip: [2001:420:c0c1:36:b94b:b41c:4721:e6c1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7ceee0e9-9784-467d-02e6-08d75c3bdca2 x-ms-traffictypediagnostic: DM5PR11MB1354: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0205EDCD76 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(396003)(136003)(366004)(376002)(39860400002)(199004)(189003)(18543002)(91956017)(81156014)(2616005)(25786009)(11346002)(446003)(8936002)(14454004)(46003)(54906003)(36756003)(316002)(476003)(966005)(6116002)(486006)(5660300002)(21615005)(33656002)(224303003)(6246003)(606006)(6916009)(6436002)(4326008)(66946007)(66446008)(64756008)(229853002)(186003)(76116006)(66476007)(99286004)(66556008)(53546011)(102836004)(6506007)(6306002)(81166006)(54896002)(236005)(86362001)(58126008)(6512007)(76176011)(2906002)(71200400001)(71190400001)(478600001)(256004)(7736002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1354; H:DM5PR11MB1753.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gOaR3Fmly+KChZ96C252X5UPUkVPxQkzdvC5OCiT9HVFJ2Ow9ZlHo0rk3kep7c4IIuWQiKqp4PNqXPgPJBR+QuVV81f95RzeKP92/sKCtc6dPNInGBrHErNCwfXW4p9MhGSqoHZJmUwPwzC494mTLaCb5BNK2LAqinGL8PCf6mAk69NpBdZB3Jk6xLor5C79YobUvDFsW6uEgqqubKOuWIYXnz6r5FUMxuCHo3SOJhv2ab7RNlcBlZ7TNgQzv+wnA2B/SkgXfmKmr9lCUqCX9S7rg0gOqgoxSHTWsIErD8WXAybtYDQDpaLaNdD5DnPiFtDzKjGSYyjfB60ZkoKnzAQDLx7TEOVH4y2OvyS7rmA6LKFLXduX2TVeAsQdXi9BvMKiAp940fGpY+86kckTq4dBBPQhkfTg8g2TbxrNETfRC0oz+54WemXCSbhz7DmfNeUUJSlXDEUjuymWHsttBzbu8NvnpHUoBREwUnZeFKQ= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_D59B0BEB92014730935919A8A1483461ciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 7ceee0e9-9784-467d-02e6-08d75c3bdca2 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2019 06:47:26.9755 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: mjQwJs/JlMxH31IfoMyRc1JZGJKJcn85PTtIa4sVwEqYPUGtsXigV3oUjbFF9r/0Az1oD16bz0kz7DNyLOwPYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1354 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.18, xch-rcd-008.cisco.com X-Outbound-Node: rcdn-core-7.cisco.com Archived-At: Subject: Re: [sipcore] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-sipcore-digest-scheme-10=3A_=28with_COMMENT=29?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 06:47:33 -0000 --_000_D59B0BEB92014730935919A8A1483461ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UmlmYWF0DQoNClRoYW5rIHlvdSBmb3IgYWRkcmVzc2luZyBteSBjb21tZW50cw0KDQotw6lyaWMN Cg0KRnJvbTogUmlmYWF0IFNoZWtoLVl1c2VmIDxyaWZhYXQuaWV0ZkBnbWFpbC5jb20+DQpEYXRl OiBNb25kYXksIDI4IE9jdG9iZXIgMjAxOSBhdCAyMzoyMA0KVG86IEVyaWMgVnluY2tlIDxldnlu Y2tlQGNpc2NvLmNvbT4NCkNjOiBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz4sICJkcmFmdC1pZXRm LXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZyIgPGRyYWZ0LWlldGYtc2lwY29yZS1kaWdl c3Qtc2NoZW1lQGlldGYub3JnPiwgSmVhbiBNYWhvbmV5IDxtYWhvbmV5QG5vc3RydW0uY29tPiwg InNpcGNvcmUtY2hhaXJzQGlldGYub3JnIiA8c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc+LCBTSVBD T1JFIDxzaXBjb3JlQGlldGYub3JnPg0KU3ViamVjdDogUmU6IMOJcmljIFZ5bmNrZSdzIE5vIE9i amVjdGlvbiBvbiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMDogKHdpdGggQ09N TUVOVCkNCg0KQmFycnksIMOJcmljLA0KDQpJIGJlbGlldmUgdGhhdCBJIGhhdmUgYWRkcmVzc2Vk IGFsbCB0aGVzZSBjb21tZW50cyBpbiB2ZXJzaW9uIDExIHRoYXQgSSBoYXZlIGp1c3Qgc3VibWl0 dGVkLg0KUGxlYXNlLCB0YWtlIGEgbG9vayBhbmQgbGV0IG1lIGtub3cgaWYgeW91IGhhdmUgYW55 IGZ1cnRoZXIgY29tbWVudHMuDQoNClJlZ2FyZHMsDQogUmlmYWF0DQoNCg0KDQoNCk9uIFNhdCwg T2N0IDI2LCAyMDE5IGF0IDI6NDUgQU0gw4lyaWMgVnluY2tlIHZpYSBEYXRhdHJhY2tlciA8bm9y ZXBseUBpZXRmLm9yZzxtYWlsdG86bm9yZXBseUBpZXRmLm9yZz4+IHdyb3RlOg0Kw4lyaWMgVnlu Y2tlIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KZHJhZnQt aWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTA6IE5vIE9iamVjdGlvbg0KDQpXaGVuIHJlc3Bv bmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBh bGwNCmVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVl bCBmcmVlIHRvIGN1dCB0aGlzDQppbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCg0K DQpQbGVhc2UgcmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlz Y3Vzcy1jcml0ZXJpYS5odG1sDQpmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NV U1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KDQoNClRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBv dGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCmh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLw0KDQoN Cg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLQ0KQ09NTUVOVDoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KVGhhbmsgeW91IGZv ciBhdXRob3JpbmcgdGhpcyBzaG9ydCBkb2N1bWVudCBhbmQgZGVwcmVjYXRpbmcgTUQ1Lg0KDQpJ IGhhdmUgb25seSB0d28gY29tbWVudHMgYW5kIHRoZXkgYXJlIHRoZSBzYW1lIGFzIEJhcnJ5J3Mg Zmlyc3QgdHdvIGNvbW1lbnRzDQood2VpcmQgYWJzdHJhY3QgcGhyYXNpbmcgYW5kIG5vdCBjbGVh ciBhYm91dCBNRDUpDQoNCi3DqXJpYw0KDQo= --_000_D59B0BEB92014730935919A8A1483461ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <642F139B66E21741A937701C1AEEE620@namprd11.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIu MHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5r PSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5SaWZhYXQ8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhhbmsgeW91 IGZvciBhZGRyZXNzaW5nIG15IGNvbW1lbnRzPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPi3DqXJp YzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4w cHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtj b2xvcjpibGFjayI+RnJvbToNCjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4w cHQ7Y29sb3I6YmxhY2siPlJpZmFhdCBTaGVraC1ZdXNlZiAmbHQ7cmlmYWF0LmlldGZAZ21haWwu Y29tJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5Nb25kYXksIDI4IE9jdG9iZXIgMjAxOSBhdCAyMzoy MDxicj4NCjxiPlRvOiA8L2I+RXJpYyBWeW5ja2UgJmx0O2V2eW5ja2VAY2lzY28uY29tJmd0Ozxi cj4NCjxiPkNjOiA8L2I+VGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7LCAmcXVvdDtkcmFm dC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZyZxdW90OyAmbHQ7ZHJhZnQtaWV0 Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmcmZ3Q7LCBKZWFuIE1haG9uZXkgJmx0O21h aG9uZXlAbm9zdHJ1bS5jb20mZ3Q7LCAmcXVvdDtzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZyZxdW90 OyAmbHQ7c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmcmZ3Q7LCBTSVBDT1JFICZsdDtzaXBjb3JlQGll dGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5SZTogw4lyaWMgVnluY2tlJ3MgTm8gT2Jq ZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEwOiAod2l0aCBDT01N RU5UKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2 LjBwdCI+QmFycnksIMOJcmljLCA8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPkkgYmVsaWV2ZSZuYnNwO3RoYXQgSSBoYXZlIGFkZHJlc3NlZCBhbGwgdGhlc2UgY29t bWVudHMgaW4gdmVyc2lvbiAxMSB0aGF0IEkgaGF2ZSBqdXN0IHN1Ym1pdHRlZC48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPlBsZWFzZSwgdGFrZSBhIGxvb2sgYW5kIGxldCBtZSBrbm93IGlmIHlvdSBo YXZlIGFueSBmdXJ0aGVyIGNvbW1lbnRzLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWxlZnQ6MzYuMHB0Ij5SZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7 UmlmYWF0PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBw dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPk9uIFNhdCwgT2N0IDI2LCAyMDE5IGF0IDI6 NDUgQU0gw4lyaWMgVnluY2tlIHZpYSBEYXRhdHJhY2tlciAmbHQ7PGEgaHJlZj0ibWFpbHRvOm5v cmVwbHlAaWV0Zi5vcmciPm5vcmVwbHlAaWV0Zi5vcmc8L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0 OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVm dDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbToxMi4w cHQ7bWFyZ2luLWxlZnQ6MzYuMHB0Ij4NCsOJcmljIFZ5bmNrZSBoYXMgZW50ZXJlZCB0aGUgZm9s bG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3I8YnI+DQpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0 LXNjaGVtZS0xMDogTm8gT2JqZWN0aW9uPGJyPg0KPGJyPg0KV2hlbiByZXNwb25kaW5nLCBwbGVh c2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsPGJyPg0KZW1h aWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUg dG8gY3V0IHRoaXM8YnI+DQppbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLik8YnI+DQo8 YnI+DQo8YnI+DQpQbGVhc2UgcmVmZXIgdG8gPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcv aWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sIiB0YXJnZXQ9Il9ibGFuayI+DQpo dHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWw8 L2E+PGJyPg0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01N RU5UIHBvc2l0aW9ucy48YnI+DQo8YnI+DQo8YnI+DQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGgg b3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6PGJyPg0KPGEgaHJlZj0i aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2Vz dC1zY2hlbWUvIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k b2MvZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUvPC9hPjxicj4NCjxicj4NCjxicj4N Cjxicj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+DQpDT01NRU5UOjxicj4NCi0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+ DQo8YnI+DQpUaGFuayB5b3UgZm9yIGF1dGhvcmluZyB0aGlzIHNob3J0IGRvY3VtZW50IGFuZCBk ZXByZWNhdGluZyBNRDUuPGJyPg0KPGJyPg0KSSBoYXZlIG9ubHkgdHdvIGNvbW1lbnRzIGFuZCB0 aGV5IGFyZSB0aGUgc2FtZSBhcyBCYXJyeSdzIGZpcnN0IHR3byBjb21tZW50czxicj4NCih3ZWly ZCBhYnN0cmFjdCBwaHJhc2luZyBhbmQgbm90IGNsZWFyIGFib3V0IE1ENSk8YnI+DQo8YnI+DQot w6lyaWM8YnI+DQo8YnI+DQo8bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0K PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_D59B0BEB92014730935919A8A1483461ciscocom_-- From nobody Wed Oct 30 08:24:42 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CB5A12022A; Wed, 30 Oct 2019 08:24:40 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alissa Cooper via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org, roni.even@huawei.com X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alissa Cooper Message-ID: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> Date: Wed, 30 Oct 2019 08:24:40 -0700 Archived-At: Subject: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 15:24:40 -0000 Alissa Cooper has entered the following ballot position for draft-ietf-sipcore-digest-scheme-11: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I appreciate the new text in Section 2.7, but I'm still a little unclear on the ABNF that is specified. As far as I can tell the relevant line from the original ABNF in RFC 3261 is: algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess" / token ) And what it is being replaced with is: algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" / token ) Each one of these algorithms might have a "-sess" variant, e.g., MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] But the point of ABNF is to formally specify the syntax, so just having the note after the definition that says there might be -sess variants leaves it unclear whether those -sess variants are expected in the "algorithm=" line. And if it is valid for them to appear, they need to be formally included in the ABNF line, I think. From nobody Wed Oct 30 08:25:37 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E83E51200A4; Wed, 30 Oct 2019 08:25:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=T3FqTEZd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=u6C0tS9Q Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_P1JMX7mrf0; Wed, 30 Oct 2019 08:25:28 -0700 (PDT) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D6AC12002F; Wed, 30 Oct 2019 08:25:28 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 29DBC4F5; Wed, 30 Oct 2019 11:25:27 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 30 Oct 2019 11:25:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= from:message-id:content-type:mime-version:subject:date :in-reply-to:cc:to:references; s=fm1; bh=pFONOjIv2/vU23JCCDDfGR7 uS6EaSiGv1tLjryj5zrs=; b=T3FqTEZdRvItfC0P3fQ+N4uy4xKBo/eSqpj6f7k fQQGdnkUnJASlTtKtV3R2sCt1X8koxEz5sJlK0+0jxZajvA/IJKNyFJ5Ts+clXQk Abh20fGjVt5EYR0CYv73iZ8wREpfQvsMBRjWwU4nTAKBgAKmckJ0/hoJLJVqRGhE DgOe5sF4EC5CM9q0ChzRb/BPz03JpOcQnioNi0UkPF8mmXcJCTh5tdZrjFF4R8aN +gS/GEOrUMn/KjTaU1ZRWcEzwcBaYKRqig3H9TKjqrfVhRaMi7UH8uHnmvmRVbkM bs5KkT3vRoA6ZZkrFsJBZPWUge9WEWd9jGh92VNw761FqSQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=pFONOj Iv2/vU23JCCDDfGR7uS6EaSiGv1tLjryj5zrs=; b=u6C0tS9QtDo6JNhRdTDkMT SEj4+CJg4xaOg0oaUKY2JA6WQV24YSsb0Ag57tvRXELZAxy683zkSWJTy4uZ7SLd intCXK6x3G6IWm2mybIeUO/TLdIplDlWSQ6yD9TFl4+6WVbzBY4A2ejsBCf0z8Sl 3xu3Yfa/7PWsLG+dE7WvXX1GVtxfT7R+HFiY+j/rfZsFd52AhO1JWL3aozMxB6ju dNESUUyCq5ckWcX/Y7Kl+KL0WFMY1tDqzcd+6b4HslyJyG7b/oD3ijpr4gLIbtx+ RZMldc9uQhJ2zb+A8znjo9mbeCtEkiuXve2KGALuwP4StY8b25SfMAhfMwjzYFxQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddtfedgjeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffktgggufffjgfvfhfosegrtdhmrehhtddvnecuhfhrohhmpeetlhhishhs rgcuvehoohhpvghruceorghlihhsshgrsegtohhophgvrhifrdhinheqnecuffhomhgrih hnpehivghtfhdrohhrghenucfkphepudejfedrfeekrdduudejrdeileenucfrrghrrghm pehmrghilhhfrhhomheprghlihhsshgrsegtohhophgvrhifrdhinhenucevlhhushhtvg hrufhiiigvpedt X-ME-Proxy: Received: from rtp-vpn2-1786.cisco.com (unknown [173.38.117.69]) by mail.messagingengine.com (Postfix) with ESMTPA id 8882A8005B; Wed, 30 Oct 2019 11:25:25 -0400 (EDT) From: Alissa Cooper Message-Id: <1DF9384F-1107-4971-B86D-429959A409BE@cooperw.in> Content-Type: multipart/alternative; boundary="Apple-Mail=_E7EA0859-22FF-4793-B62C-6859EB9B0C95" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Wed, 30 Oct 2019 10:25:24 -0500 In-Reply-To: <6E58094ECC8D8344914996DAD28F1CCD23D931BF@DGGEMM506-MBX.china.huawei.com> Cc: Rifaat Shekh-Yusef , "last-call@ietf.org" , "gen-art@ietf.org" , SIPCORE , "draft-ietf-sipcore-digest-scheme.all@ietf.org" To: "Roni Even (A)" References: <157173348155.3011.12458315336826264414@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD23D93020@DGGEMM506-MBX.china.huawei.com> <6E58094ECC8D8344914996DAD28F1CCD23D931BF@DGGEMM506-MBX.china.huawei.com> X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [sipcore] [Gen-art] Genart telechat review of draft-ietf-sipcore-digest-scheme-10 X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 15:25:30 -0000 --Apple-Mail=_E7EA0859-22FF-4793-B62C-6859EB9B0C95 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Roni, thanks for your review of this document. Rifaat, thanks for = responding. I entered a DISCUSS ballot to chat about a remaining issue = with the ABNF. Best, Alissa > On Oct 23, 2019, at 7:28 AM, Roni Even (A) = wrote: >=20 > HI Rifaat, > OK, no other comments > Roni > =20 > From: Rifaat Shekh-Yusef [mailto:rifaat.ietf@gmail.com = ]=20 > Sent: Wednesday, October 23, 2019 3:25 PM > To: Roni Even (A) > Cc: Roni Even; last-call@ietf.org ; = gen-art@ietf.org ; SIPCORE; = draft-ietf-sipcore-digest-scheme.all@ietf.org = > Subject: Re: [Gen-art] Genart telechat review of = draft-ietf-sipcore-digest-scheme-10 > =20 > Hi Roni, > =20 > I agree with the ABNF issue. I will fix that in the next version of = the draft. > =20 > Thanks, > Rifaat > =20 > =20 > On Wed, Oct 23, 2019 at 1:43 AM Roni Even (A) > wrote: > Rifaat thanks, > See in line > Roni > =20 > =20 > On Tue, Oct 22, 2019 at 4:38 AM Roni Even via Datatracker = > wrote: > Reviewer: Roni Even > Review result: Almost Ready >=20 > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. >=20 > For more information, please see the FAQ at >=20 > >. >=20 > Document: draft-ietf-sipcore-digest-scheme-?? > Reviewer: Roni Even > Review Date: 2019-10-22 > IETF LC End Date: None > IESG Telechat date: 2019-10-31 >=20 > Summary: > The document is almost ready for publication as a standard track RFC >=20 > Major issues: >=20 > Minor issues: >=20 > 1. In section 2.4 " If the UAC cannot respond to any of the challenges = in the > response, then it SHOULD abandon attempts to send the request, e.g. if = the UAC > does not have credentials or has stale credentials for any of the = realms, > unless a local policy dictates otherwise." Yet RFC3261 section 22.2 = " If no > credentials for a realm can be located, UACs MAY attempt to retry = the > request with a username of "anonymous" and no password (a password = of ""). > Is this deprecated ? >=20 > =20 > No, it is not deprecated by this document, and that part is covered by = the last sentence of the quoted paragraph, which talks about a local = policy. > =20 > RE: I have no strong feeling it is just that the language is different > =20 > =20 > 2. RFC3261 algorithm includes "MD5-sess" while section 2.6 removed it > =20 > These changes are provided in the context of RFC7616, so if an = implementation supports "-sess" it could always refer to that document = for these details. > =20 > RE: I think that the BNF > algorithm =3D "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256"/ = token )=20 > should be=20 > algorithm =3D "algorithm" EQUAL ( "MD5" / "MD5-sess / "SHA-512-256" / = "SHA-256"/ token ) > =20 > =20 > =20 >=20 > 3. it may be good to have a backward compatibility section. >=20 > I believe we covered that in the security consideration section. Do = you see anything missing there? > =20 > RE: OK, no problem. > =20 > Regards, > Rifaat > =20 > =20 > Nits/editorial comments: >=20 > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art = --Apple-Mail=_E7EA0859-22FF-4793-B62C-6859EB9B0C95 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Roni,= thanks for your review of this document. Rifaat, thanks for responding. = I entered a DISCUSS ballot to chat about a remaining issue with the = ABNF.

Best,
Alissa


On Oct = 23, 2019, at 7:28 AM, Roni Even (A) <roni.even@huawei.com> wrote:

HI Rifaat,
OK, no other = comments
Roni
 
From: Rifaat = Shekh-Yusef [mailto:rifaat.ietf@gmail.com] 
Sent: Wednesday, October 23, 2019 = 3:25 PM
To: Roni Even (A)
Cc: Roni Even; last-call@ietf.org; gen-art@ietf.org; = SIPCORE; draft-ietf-sipcore-digest-scheme.all@ietf.org
Subject: Re: [Gen-art] Genart = telechat review of draft-ietf-sipcore-digest-scheme-10
 
Hi = Roni,
 
I agree with the ABNF issue. I will fix = that in the next version of the draft.
 
Thanks,
 Rifaat
 
 
On Wed, Oct = 23, 2019 at 1:43 AM Roni Even (A) <roni.even@huawei.com> = wrote:
Rifaat thanks,
See in line
Roni
 
 
On Tue, Oct 22, 2019 at 4:38 AM Roni = Even via Datatracker <noreply@ietf.org> wrote:

Reviewer: Roni Even
Review result: Almost Ready

I am = the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being = processed
by the IESG for the IETF Chair. Please wait for = direction from your
document shepherd or AD before posting = a new version of the draft.

For more = information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: = draft-ietf-sipcore-digest-scheme-??
Reviewer: Roni Even
Review Date: 2019-10-22
IETF LC End Date: = None
IESG Telechat date: 2019-10-31

Summary:
The document is almost ready for = publication as a standard track RFC

Major = issues:

Minor issues:

1. In section 2.4 " If the UAC cannot respond to any of the = challenges in the
response, then it SHOULD abandon = attempts to send the request, e.g. if the UAC
  =  does not have credentials or has stale credentials for any of the = realms,
   unless a local policy dictates = otherwise." Yet RFC3261 section 22.2 " If no
  =  credentials for a realm can be located, UACs MAY attempt to retry = the
   request with a username of "anonymous" = and no password (a  password of "").
   Is = this deprecated ?

 
No, it is not deprecated by this = document, and that part is covered by the last sentence of the quoted = paragraph, which talks about a local policy.
 
RE: I have no strong = feeling it is just that the language is different
 
 
2. RFC3261 algorithm includes "MD5-sess" = while section 2.6 removed it
 
These changes are provided in the context of RFC7616, so if = an implementation supports "-sess" it could always refer to that = document for these details.
 
RE: I think =
that the BNF
algorithm =3D "algorithm" EQUAL ( "MD5" / =
"SHA-512-256" / "SHA-256"/ token )
should be 
algorithm =3D "algorithm" EQUAL ( "MD5" / "MD5-sess / =
"SHA-512-256" / "SHA-256"/ token )
 
 
 


3. it may be good to have a = backward compatibility section.

I believe we covered = that in the security consideration section. Do you see anything missing = there?
 
RE: OK, no = problem.
 
Regards,
 Rifaat
 
 

Nits/editorial = comments:

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

= --Apple-Mail=_E7EA0859-22FF-4793-B62C-6859EB9B0C95-- From nobody Wed Oct 30 08:58:00 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26C57120972; Wed, 30 Oct 2019 08:57:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 68Y9HW4FatbI; Wed, 30 Oct 2019 08:57:56 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790042.outbound.protection.outlook.com [40.107.79.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9C24120113; Wed, 30 Oct 2019 08:57:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WT3UM1T68mJNO5Zjuc9JXetanCOzhfYk/Qcv54B8bDQsUaG2GCHdoNn7ucJ1aNl8eltUPFsvm18z3h6VkHrs56P2uhfUjyBIbe83UiLwIfxCPvklF9Mx4VGdyqnjkwM17h8NcKs7VcLZWDS+oLnOvlgvSBcyPSpjNGzKGUicoAgpZmmedIwFS5AMu/qa5F6XwbHc06/XO6u+PILxMXdLDgWWJkl+12Ua9PRXIYihM5eLFvPuoeKi5wJMgejJMnl1N22kjmEZStdBevDJuIR7jNBMEU1B36A6caysczV5ZWVzE0Ex6/+V78TCY1V49UrY1L5iQ9HjDOkORm/b883C2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPEHAq6TWgj1pIaYDhT1zbxsunT9jv6wlKZYls+SRgY=; b=B8h3jSPonBqa0yf0dmmQNpY3M2KWB3DSsIdB/+HAHeOryHcHRZEjGl1Jc2XIo4WGBVV/ShaK3rsvpWhzEN1OBAlpYloCnG+Pd3Q+fsCxutMJZ97hULwxqkgGggD95ZyKFoRZJBhRq+iYJg67iegUTfeda6bD4SXnsvbTTql7oGN74jMJLNWLD3jnomR/VGkfDnX8kCmzsfHqRBFYQm4gAacQ9RsOhgZ1l+8RjOdWuEtrXD5oYxUsFYko0FvSfU5BTB62/5hfrNg80oDkdmk6g82pqw1jOxKB0zT0+DFDwQrr4YLoxq8a4rX5k0kPsPe1PIxMfgcO5U7UjfhnGWj8yw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=cooperw.in smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NPEHAq6TWgj1pIaYDhT1zbxsunT9jv6wlKZYls+SRgY=; b=MsbPdbI2lslqQh4eQb0vLJXQK5chi/U4xqh3eY98nN0v6HUGnT5ltVi9gnouAqdLi1Hkh66IzGZz1hZQ34O3ujKjUjYZe/NdI7Rm7xctQeusrijaI/8HQ5EcyDF7o+c1mX5aOi6Lf5cvV/9mS85WvoIcideC4nI0dBecQ1quaCQ= Received: from BN6PR12CA0040.namprd12.prod.outlook.com (2603:10b6:405:70::26) by DM5PR1201MB0155.namprd12.prod.outlook.com (2603:10b6:4:55::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Wed, 30 Oct 2019 15:57:55 +0000 Received: from BL2NAM02FT050.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e46::206) by BN6PR12CA0040.outlook.office365.com (2603:10b6:405:70::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.17 via Frontend Transport; Wed, 30 Oct 2019 15:57:55 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; cooperw.in; dkim=none (message not signed) header.d=none;cooperw.in; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT050.mail.protection.outlook.com (10.152.77.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 30 Oct 2019 15:57:54 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9UFvqLS012071 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 30 Oct 2019 11:57:53 -0400 To: Alissa Cooper , The IESG Cc: roni.even@huawei.com, sipcore@ietf.org, draft-ietf-sipcore-digest-scheme@ietf.org, sipcore-chairs@ietf.org References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> From: Paul Kyzivat Message-ID: Date: Wed, 30 Oct 2019 11:57:52 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(136003)(396003)(18543002)(199004)(189003)(65956001)(8936002)(76130400001)(2486003)(23676004)(230700001)(88552002)(76176011)(26005)(47776003)(58126008)(316002)(36906005)(786003)(53546011)(86362001)(31696002)(65806001)(75432002)(6306002)(8676002)(478600001)(50466002)(229853002)(486006)(966005)(110136005)(5660300002)(2906002)(336012)(356004)(31686004)(246002)(7596002)(186003)(70586007)(70206006)(2616005)(11346002)(6246003)(106002)(446003)(476003)(956004)(126002)(26826003)(4326008)(305945005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1201MB0155; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a01d9a91-026c-474c-e5ef-08d75d51ed2c X-MS-TrafficTypeDiagnostic: DM5PR1201MB0155: X-MS-Exchange-PUrlCount: 2 X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-Forefront-PRVS: 02065A9E77 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sQMWYtporEXKmx0PK+RVd0+AuuMqJmrt4SgL9wtIEUD9lAbM0uZTjueHp6Dm0TkOD1aVq1agu+CbptZM9fKbKrXXgDJz3GUTvC63/b13Rb4GlqQ70OzF9e057JwAu4uHkLqbYVvkt9SDQmbGN7lLafLH+NIzI6H3GSgaJ2PvKBSqPxIw7TAOwmIdZyXDFE+GQa4ilumJgSOcR2/0QqgIotg/HyKhbUDV9xdYrLzU6kKHMZS+J3wYE7QAbYiTkOjBY+OV8JJ8jg2PkT6FVQTXwwahkn8I6PCMZPTPXf3vTG1urOztK7lN8A8E9e5msYjq08sS5XxmJhGluMnvwk3KIEbv01/YZGsfJwhcvbWIh5Bh87y/y+1qbEgw2R0Iuj9k8oXWf1lomhsIGWhkeo72iI9crEMNfdVlnxA0bQNs7VZn1Tegn0zt9S4v4kJJ5lhPYG24/38XtaTzUekx8KXDNwkC4iMhT5K7Y3v/wnrLZWI= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2019 15:57:54.8460 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a01d9a91-026c-474c-e5ef-08d75d51ed2c X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0155 Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 15:57:59 -0000 Inline On 10/30/19 11:24 AM, Alissa Cooper via Datatracker wrote: > Alissa Cooper has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I appreciate the new text in Section 2.7, but I'm still a little unclear on the > ABNF that is specified. As far as I can tell the relevant line from the > original ABNF in RFC 3261 is: > > algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess" > / token ) > > And what it is being replaced with is: > > algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" > / token ) > > Each one of these algorithms might have a "-sess" variant, e.g., > MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] I agree. Seems like the proper syntax would be: algorithm = "algorithm" EQUAL ( ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"]) / token ) Thanks, Paul From nobody Wed Oct 30 09:33:05 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C0112088B; Wed, 30 Oct 2019 09:33:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157245318349.32612.3672256244007705403@ietfa.amsl.com> Date: Wed, 30 Oct 2019 09:33:03 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-12.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 16:33:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : The Session Initiation Protocol (SIP) Digest Authentication Scheme Author : Rifaat Shekh-Yusef Filename : draft-ietf-sipcore-digest-scheme-12.txt Pages : 9 Date : 2019-10-30 Abstract: This document updates RFC 3261 by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512-256, to replace the broken MD5 algorithm. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-12 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Oct 30 09:34:52 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E294D1200FA; Wed, 30 Oct 2019 09:34:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXogq904c6FH; Wed, 30 Oct 2019 09:34:40 -0700 (PDT) Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DC3A1208D0; Wed, 30 Oct 2019 09:34:40 -0700 (PDT) Received: by mail-io1-xd34.google.com with SMTP id k1so3254294iom.9; Wed, 30 Oct 2019 09:34:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9rhPtVr+wPypYDM5nV34JrDjaBQzBd1wiSKlRCVG4Po=; b=MhPuIeiNKT1z6aeX1ztk8mWNphXj9MY6GPallrmKQ48OcDyigunmaGdKQ87vgzB9Jo jRiSkvBlczttzYHe3UmPQaAUGVUGRWVyrZbAkYImtlmQCthBi6lbJiGKDgbV8g7nbKFZ +RpvpqYwOeieNkR9b2W4EldZHjWTsQs0oHtpjZcAQzsyCR371wqui77alL8zE6gvY/fE I2wuMBEYIZe58ndnlSHmf6wttTZhW2kqIiy+bgt9QroZB+BylySklXy9NvLvP+FApVDP YNWCR/hvQ3fkhKl3Z0vy/lgzOul+32YizZGNcjSBAgCTU0u1g1LPE2xWtIyen7eQyE8n SeQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9rhPtVr+wPypYDM5nV34JrDjaBQzBd1wiSKlRCVG4Po=; b=oXRKNsD3PJfzahf4UdSXhv+V4+FGytOTDRHq9sptIDCOPZLm6f1X21IsRpW02eH7DF /8kFuXLo9aJJ4EXHW/H5K56odMnFWQJMeQoXMsqa1XmivMOdxDJjPfd+V2XBoWqXfSZI UhzYpMZB35gs09eICnhSAxKHXGERtew52WhRXIt7aeRV11cI8MwI6m5EQky2qx+D6B2y UyqfhqnW3cWI14Hr1z0tnuTbzYkFy+T41Bz2KsjAT66R1u+u7aC1OZJ7rAbjdKaBGO0Y tJGyBBUMfH9sQLN/QGOu6/QnxcmGV9Ck/a1A5T3fwjR8zVxnmaJ0SZkZVBX8LueEyR7F ml/w== X-Gm-Message-State: APjAAAWhYncjRtKi+C1AAN42Za61cN0kxNwnZT0THm7qZ+XidXqZHPmC ySpGKDF0hHazlbiGRenaSf8O31QqoXDtW4sHN5E= X-Google-Smtp-Source: APXvYqyR2+W2C9V+VoSBzpGJquAn9RggJ4p9+exgi1vDvzJnwSCeAcxy0F1YgLwU8VDqt4jzOgzWeRbTJzdHOuVp/n8= X-Received: by 2002:a5d:9e58:: with SMTP id i24mr685393ioi.255.1572453279820; Wed, 30 Oct 2019 09:34:39 -0700 (PDT) MIME-Version: 1.0 References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Wed, 30 Oct 2019 12:34:28 -0400 Message-ID: To: Paul Kyzivat Cc: Alissa Cooper , The IESG , "Roni Even (A)" , SIPCORE , draft-ietf-sipcore-digest-scheme@ietf.org, sipcore-chairs@ietf.org Content-Type: multipart/alternative; boundary="0000000000002b7b450596234f64" Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 16:34:44 -0000 --0000000000002b7b450596234f64 Content-Type: text/plain; charset="UTF-8" Thanks Alissa, Paul, I have just submitted a new version that addresses this issue. Regards, Rifaat On Wed, Oct 30, 2019 at 11:58 AM Paul Kyzivat wrote: > Inline > > On 10/30/19 11:24 AM, Alissa Cooper via Datatracker wrote: > > Alissa Cooper has entered the following ballot position for > > draft-ietf-sipcore-digest-scheme-11: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > I appreciate the new text in Section 2.7, but I'm still a little unclear > on the > > ABNF that is specified. As far as I can tell the relevant line from the > > original ABNF in RFC 3261 is: > > > > algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess" > > / token ) > > > > And what it is being replaced with is: > > > > algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" > > / token ) > > > > Each one of these algorithms might have a "-sess" variant, e.g., > > MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] > > I agree. Seems like the proper syntax would be: > > algorithm = "algorithm" EQUAL ( > ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"]) > / token ) > > Thanks, > Paul > --0000000000002b7b450596234f64 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Alissa, Paul,

I have just submit= ted a new version that addresses this issue.

Regar= ds,
=C2=A0Rifaat


On Wed, Oct 30, 2019 at 11:5= 8 AM Paul Kyzivat <pkyzivat@alu= m.mit.edu> wrote:
Inline

On 10/30/19 11:24 AM, Alissa Cooper via Datatracker wrote:
> Alissa Cooper has entered the following ballot position for
> draft-ietf-sipcore-digest-scheme-11: Discuss
>
> When responding, please keep the subject line intact and reply to all<= br> > email addresses included in the To and CC lines. (Feel free to cut thi= s
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/i= esg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/= doc/draft-ietf-sipcore-digest-scheme/
>
>
>
> ----------------------------------------------------------------------=
> DISCUSS:
> ----------------------------------------------------------------------=
>
> I appreciate the new text in Section 2.7, but I'm still a little u= nclear on the
> ABNF that is specified. As far as I can tell the relevant line from th= e
> original ABNF in RFC 3261 is:
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0algorithm=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D=C2= =A0 "algorithm" EQUAL ( "MD5" / "MD5-sess" >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0/ token )
>
> And what it is being replaced with is:
>
>=C2=A0 =C2=A0 =C2=A0algorithm =3D "algorithm" EQUAL ( "M= D5" / "SHA-512-256" / "SHA-256"
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/ = token )
>
>=C2=A0 =C2=A0 =C2=A0Each one of these algorithms might have a "-se= ss" variant, e.g.,
>=C2=A0 =C2=A0 =C2=A0MD5-sess, SHA-256-sess, etc, as defined in [RFC7616= ]

I agree. Seems like the proper syntax would be:

=C2=A0 =C2=A0 algorithm =3D "algorithm" EQUAL (
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ("MD5&q= uot; / "SHA-512-256" / "SHA-256") ["-sess"])<= br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 / token )
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Thanks,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Paul
--0000000000002b7b450596234f64-- From nobody Wed Oct 30 09:47:18 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AFF3120817 for ; Wed, 30 Oct 2019 09:47:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4j34d37x4IL for ; Wed, 30 Oct 2019 09:47:13 -0700 (PDT) Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680053.outbound.protection.outlook.com [40.107.68.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADC9B12082D for ; Wed, 30 Oct 2019 09:47:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dY1TrBsjh8KrChx/fkhcpc8vngs0l2PrVc84NbKu5YJpl1spn6QqtKCwn8N0J8dA1saC9c5nfrA9TAkG3kkOyCaqThPK65nQj+gLoebqN8rxN/e3eez8O1MHM0ChY2+oYUUAPscuGFqJCXeY6IgG/tZIF38HXcBJKEwWgHoXJDES10oTfBxzFnnQETL5lwNrLNV5Jd5Do/AemCyCp00mBk255DgcgyQiu2qMj24a8Fe5XjmnwxOwH133vCDFe4BwxttftzgwRtHO2Tl60kIVwdGm8cUEuu5YKIvd6rc0HsbzsqanluHKozqpHxsBLEAtmstDt0Tc40TppFUanmbTfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+a5OnLQchTrLrRBS415WgJanBKJYZ03+C1p6kZy9T00=; b=YIMtVYXQ5ieeyp4U1CzVNfjAyNTBZHBVwSLVuqJ+plKzqB9ZQjjecydrnCtIpeBkJmFAafKW+0De9yv1nVSy9U2JtYGkbivnNy0gsw++qTIlV8m2inVk9c/8CXHn06aQxUSGmzyMlMvyu7vTomwM+LY1RqKyARM1x0w5ScpBq7tMu7jIAAM2wlh8CTNhb2NZGUvFrc7ug9A9ZWIF/Ft7ykVVjZPGF1NkA/ILwT/W4MYh22Egd3vF4zeBImxv1KTgE0ROeDOxBjMZvyoeN1ZbbeGr2E56r6fns76NtczBzdvVxE2/NQ9pkks1vVa6QN/bkAEnUSLjZBbCr/3TLs4+rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+a5OnLQchTrLrRBS415WgJanBKJYZ03+C1p6kZy9T00=; b=jwgKZ4LR4verod5cpYV2ttqLTsOCrvZV4pyUn5hnGY9ViY/agyoQNd7/7X8g/dZ1zNqxHw+V0SYVo9NjbyNZo1ap3DQB+upEkmwCXkYW0iYh803XFrl1zX3gR8MP/xUnYUBlLuoJrSF8gf2nSBw231u+L+5eru1rHzTIQPKhrUU= Received: from CY4PR1201CA0006.namprd12.prod.outlook.com (2603:10b6:910:16::16) by DM6PR12MB2873.namprd12.prod.outlook.com (2603:10b6:5:15d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.18; Wed, 30 Oct 2019 16:47:11 +0000 Received: from BL2NAM02FT026.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e46::209) by CY4PR1201CA0006.outlook.office365.com (2603:10b6:910:16::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.17 via Frontend Transport; Wed, 30 Oct 2019 16:47:11 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by BL2NAM02FT026.mail.protection.outlook.com (10.152.77.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 30 Oct 2019 16:47:11 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9UGl9aG015961 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Wed, 30 Oct 2019 12:47:10 -0400 To: sipcore@ietf.org References: <157196467780.11350.16529563058309019910@ietfa.amsl.com> From: Paul Kyzivat Message-ID: Date: Wed, 30 Oct 2019 12:47:09 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(346002)(39860400002)(136003)(376002)(396003)(199004)(189003)(31686004)(14444005)(356004)(478600001)(86362001)(50466002)(966005)(2906002)(2870700001)(88552002)(26826003)(2361001)(7596002)(305945005)(2351001)(31696002)(11346002)(126002)(446003)(486006)(2616005)(476003)(956004)(336012)(70586007)(70206006)(6246003)(786003)(6916009)(66574012)(106002)(76130400001)(8936002)(5660300002)(58126008)(316002)(47776003)(75432002)(8676002)(65806001)(65956001)(36906005)(229853002)(246002)(53546011)(186003)(23676004)(6306002)(4001150100001)(76176011)(26005)(2486003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB2873; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 43b00fbe-5f75-494c-dc09-08d75d58cf56 X-MS-TrafficTypeDiagnostic: DM6PR12MB2873: X-MS-Exchange-PUrlCount: 6 X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 02065A9E77 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: J7b5Y8zCUlDZc6l2sYaD0JzVEzYIMDD9Wk1LW+jzn+KhcjfjbPwgVlWsAULvE3avPCyGEprNj8XGSpm72qY8eBtmOx2WilFtfW+ydeb077ZKcmBhtebwa7VNI7U2/mTrG7p+te/ydXTmPajH6fZhGXzS5nGOGJAF/h564Lhj6P/2VqR7n4ija2mSEqM2yOsyN3ZjqAd0SQ0k2UTWPNlHHDef3+xk7doBoETJRKSFw039tL9HMYPUEPr/nntRJ8iTTpxw8Lh+0ijZx9CBT50BBLrHmwQ+suuOruwakw1SQJVkOsd8LulsVRCEJ/vzMm3tn+l0GiLzq52h8OMzhOAARRN7ke7Wq1y8az0O9v+GnFdRuM2K5HYF5hfP0cbpeFUbTrnstQumk0cq6DaE+jVbzzOcAoLnl2YpiXJwld0LPC4hCS6dD7nDlxq7o2s9b0hUU/x+Lrm/0fuOl2zX4EA0w84gBA4W99UnVfbBugeqgzE= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2019 16:47:11.2465 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 43b00fbe-5f75-494c-dc09-08d75d58cf56 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB2873 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-05.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 16:47:17 -0000 Hi Rifaat, On 10/24/19 8:54 PM, Rifaat Shekh-Yusef wrote: > All, > > We believe that with this version we have addressed the latest comments > received on the previous version. > Please, take a look and let us know what you think. I'm still struggling to understand what the expectations are of the UA in this process. IIUC, when the registrar/server/proxy generates a "Bearer" challenge specifying a particular AS, that implies that it has knowledge of that AS and how to deal with it. And it may well have relationships with multiple ASs, and challenge using them all. And there is an assumption that either UA or the *user* of the UA must have a relationship with at least on of the ASs to use for authentication. My thought is that commonly the UA itself *won't* have a relationship with the AS. Rather it will expect the user to be the one to have that. In this case, can the UA have generic code that deals with any possible AS? With web authentication I commonly experience an authentication popup that offers alternatives. (E.g., facebook or google or private local id/pw authentication.) The user then gets to pick one, and then authenticate with a corresponding AS. I am thinking the SIP process could be the same. The alternatives offered to the user would correspond to all the challenges (both Bearer and digest) for a single realm. Is this a use case you have in mind as being covered? (Of course, it may be that a UA is build to not depend on the user for authentication. In that case it must be preconfigured with credentials. But that isn't really no different from preloading the credential cache. And I guess it might be configured to only work with a single AS.) Based on your updates, I think I get it that the result from the AS to the UA access, refresh and possible id tokens, that only the access token is destined to be included in bearer credentials. The UA must know to use the refresh token to refresh its access token. And the UA may know to use the ID token for something (what?). Is any of this knowledge AS-specific, or is it all generic? Thanks, Paul > Regards, >  Rifaat > > > On Thu, Oct 24, 2019 at 8:52 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > >         Title           : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) >         Authors         : Rifaat Shekh-Yusef >                           Christer Holmberg >                           Victor Pascual >         Filename        : draft-ietf-sipcore-sip-token-authnz-05.txt >         Pages           : 14 >         Date            : 2019-10-24 > > Abstract: >    This document updates RFC 3261 and defines a mechanism for SIP, that >    is based on the OAuth 2.0 and OpenID Connect Core 1.0 > specifications, >    to enable the delegation of the user authentication and SIP >    registration authorization to a dedicated third-party entity that is >    separate from the SIP network elements that provide the SIP service. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-05 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-05 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-sip-token-authnz-05 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Wed Oct 30 09:54:30 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A77D2120024; Wed, 30 Oct 2019 09:54:29 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Roman Danyliw via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Roman Danyliw Message-ID: <157245446961.32498.8161188708294367194.idtracker@ietfa.amsl.com> Date: Wed, 30 Oct 2019 09:54:29 -0700 Archived-At: Subject: [sipcore] Roman Danyliw's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 16:54:30 -0000 Roman Danyliw has entered the following ballot position for draft-ietf-sipcore-digest-scheme-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 2. Recommend a reference for SHA-256 and SHA-512/256 ** Recommend consistent notation on “SHA-512/256” (Section 2.0 and 2.2) and “SHA-512-256” (Abstract). “SHA-512-256” makes sense in the ABNF for Section 2.7. From nobody Wed Oct 30 10:16:18 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 104B71200EC; Wed, 30 Oct 2019 10:16:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alexey Melnikov via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alexey Melnikov Message-ID: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> Date: Wed, 30 Oct 2019 10:16:17 -0700 Archived-At: Subject: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:16:17 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-sipcore-digest-scheme-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Alissa's DISCUSS. Also, I have a few comments of my own: 1) Last para of Section 2.1: 2.1. Hash Algorithms A UAS prioritizes which algorithm to use based on the ordering of the challenge header fields in the response it is preparing. This looks either wrong or confusing to me. I think you are just saying here that the order is decided by the server at this point. That process is specified in section 2.3 and parallels the process used in HTTP specified by [RFC7616]. So based on the above, my suggested replacement for both sentences: A UAS prioritizes which algorithm to use based on its policy, which is specified in section 2.3 and parallels the process used in HTTP specified by [RFC7616]. 2) Last para of Section 2.4: If the UAC cannot respond to any of the challenges in the response, then it SHOULD abandon attempts to send the request unless a local policy dictates otherwise. Is trying other non Digest algorithms covered by "SHOULD abandon"? If yes, maybe you should make this clearer. For example, if the UAC does not have credentials or has stale credentials for any of the realms, the UAC will abandon the request. 3) In Section 2.7: request-digest = LDQUOT *LHEX RDQUOT This now allows empty value. I suggest you specify a minimum number of hex digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". From nobody Wed Oct 30 11:26:45 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACADD120018; Wed, 30 Oct 2019 11:26:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmGQ40IPMEfU; Wed, 30 Oct 2019 11:26:41 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30078.outbound.protection.outlook.com [40.107.3.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F52120013; Wed, 30 Oct 2019 11:26:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IVJCY5Vi8XIitJE0DE+KDJjDZjbUEXjIuqNjxIkphL04ffPE2vCnZmlgqGhvKkcSzp6u7x5wtIN6UGAGy0r8wOTY4kI4IXAeK64e+2BEARrRAC8lis1iaPG9H1QZ8W4MaLVvlEAet7sbcaiS4aklz36nQjVTiTguHcQZe/rHQBCQMpjI8Zpis/wQ4LM8rAWNzG7+NbX5GuslE43ZHkIhbU7yBgnFruAetkYhREsertBoghST3XdZ8XknvKTARXkUNV37Nm62LibgNJBrZozZTy6G9CNQru5cCGrlEsZMysqlQxG8WLR0N4UerarBj3rRWvbp84fF+UC27KyOrptKcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g6b87HwjHXyA+5qII2VjHlMNDssFfE/n67RWZ3/5RYA=; b=iwPsp/Ux6ut+elO4kRdrxdbteYM7B401UwBE7tf1mJnKEYAMBiINI4ibF2QjBIsKJmA/WMNakQ+rlmQNEOWB7lVHPQU96m+W19OMMAZynOSwJrQcO5HVMAZJbe7UDlqoraUc6WCiqoERk3fVkAFEAl1lh0HAV4dUwrEzZIcz1Dceb+9a9irdjix3tvknOk5sp7HzfR2O6bY2sOIuSyBVKL0DalfNk9jCqk9ZtAyamB5picQNw7yMdXoJ/EZ35+seJYtVO4dmc/lv3gbDldMuM8HXIFIaxzJcx/ZHLCY0KvarGuXNG0im+7hEeIOIVdLHxA+BIAob3jYOyE7Pzeqjig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g6b87HwjHXyA+5qII2VjHlMNDssFfE/n67RWZ3/5RYA=; b=nHCdHrGBMOeo/6LUE0pIygopQip7rQlUxymey+hM+rFapfDD6mVvZFESn2CE3jXLc+/SRNn6eHhOouF/LmKCPa8AMvGbYzo2c4NtAyHSPlRQ1B/N8PZgv5Qn9Gcmb43HMv/nMLbD4xceowHN1uBbnSODc1Y3aNV5Rmk0VqXdTAA= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3321.eurprd07.prod.outlook.com (10.170.246.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Wed, 30 Oct 2019 18:26:38 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Wed, 30 Oct 2019 18:26:38 +0000 From: Christer Holmberg To: Paul Kyzivat , Alissa Cooper , The IESG CC: "roni.even@huawei.com" , "sipcore@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , "sipcore-chairs@ietf.org" Thread-Topic: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) Thread-Index: AQHVjzYwGCXohlJib0uMkkQZh9JldKdzVyUAgAAoseM= Date: Wed, 30 Oct 2019 18:26:38 +0000 Message-ID: References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 31631289-1a49-4a1e-04b1-08d75d66b44b x-ms-traffictypediagnostic: HE1PR07MB3321: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02065A9E77 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(136003)(396003)(366004)(18543002)(199004)(189003)(229853002)(6506007)(66066001)(102836004)(52536014)(6246003)(9686003)(74316002)(25786009)(66446008)(236005)(6306002)(33656002)(4326008)(14454004)(6436002)(64756008)(7696005)(7736002)(606006)(3846002)(55016002)(478600001)(2171002)(966005)(99286004)(76176011)(476003)(2906002)(256004)(19627405001)(6116002)(446003)(54896002)(66556008)(11346002)(86362001)(486006)(44832011)(71190400001)(71200400001)(105004)(110136005)(8676002)(26005)(5660300002)(66946007)(76116006)(66476007)(54906003)(186003)(8936002)(316002)(81166006)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3321; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JgXbeo7e9l/zyTZDs4zzqFZDzT/JVunZy9XRGSMHkLomR+2Oug8j0kU06BmZ2qi4kmdmcqPfDagSIhJ4+EaqXARcrFCtCmRb7ZPuKleIR4pDVl0PxmaMS5A5OB9aCnNS/M65+QhOyQKk8gRCRhYF2o4/fNpZhkjf9oEQsJ/cIjyO+UJbCh13DT0biOMNZS2YwPKxzijRhRchGBFs97NXnKF0GjDDV7L9my3/gX7u7vHtO2zXWfyQ60Sm7s89v9fA2GVqINTIDh7OdEde7BcF+fAOVFxoqCNjYL+/d44WuEVJz71Vk+QHgSuevoE8jXpR3zERMyjWmUpOOb5ahtlSlMmLoxXNkCVhRPKFc0Vb1eVOCj8poZE4ALum+B8LQ4i8ruelb5r+dvdciWyZtCfEf5M3MWqhFUDVh+ahp3L5iu9fkgLfM998lLSxIHLDWN+69oAkOIKd08ZwIqHKPDsQEKLLocgxt13jpRGkO0iohNQ= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_HE1PR07MB3161A708E7EDA9AC8CF6161393600HE1PR07MB3161eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 31631289-1a49-4a1e-04b1-08d75d66b44b X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 18:26:38.7927 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GmKegN5OI/qdoCOdcPzBCURhghz7TsgynCdpxkRwbQAvBf6nmrlLiygI+LKGBjMjs+KWm7qTOvfHqohePTZKa5fL8MldmRjQtmpLvHqpMiw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3321 Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 18:26:44 -0000 --_000_HE1PR07MB3161A708E7EDA9AC8CF6161393600HE1PR07MB3161eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> I appreciate the new text in Section 2.7, but I'm still a little unclear= on the >> ABNF that is specified. As far as I can tell the relevant line from the >> original ABNF in RFC 3261 is: >> >> algorithm =3D "algorithm" EQUAL ( "MD5" / "MD5-sess" >> / token ) >> >> And what it is being replaced with is: >> >> algorithm =3D "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" >> / token ) >> >> Each one of these algorithms might have a "-sess" variant, e.g., >> MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] > > I agree. Seems like the proper syntax would be: > > algorithm =3D "algorithm" EQUAL ( > ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"]) > / token ) Is that really correct? Doesn't it mean that you would need to put a space = between the algorithm and "-sess", for example "SHA-512-256-sess"? Regards, Christer Thanks, Paul _______________________________________________ sipcore mailing list sipcore@ietf.org https://www.ietf.org/mailman/listinfo/sipcore --_000_HE1PR07MB3161A708E7EDA9AC8CF6161393600HE1PR07MB3161eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,

>> -----------------------------------------= -----------------------------
>> DISCUSS:
>> ------------------------------------------------------------------= ----
>>
>> I appreciate the new text in Section 2.7, but I'm still a little u= nclear on the
>> ABNF that is specified. As far as I can tell the relevant line fro= m the
>> original ABNF in RFC 3261 is:
>>
>>       algorithm   &nb= sp;    =3D  "algorithm" EQUAL ( "MD5&quo= t; / "MD5-sess"
>>           &= nbsp;           &nbs= p; / token )
>>
>> And what it is being replaced with is:
>>
>>     algorithm =3D "algorithm" EQUAL = ( "MD5" / "SHA-512-256" / "SHA-256"
>>           &= nbsp;       / token )
>>
>>     Each one of these algorithms might have a = "-sess" variant, e.g.,
>>     MD5-sess, SHA-256-sess, etc, as defined in= [RFC7616]
>
> I agree. Seems like the proper syntax would be:
>
>    algorithm =3D "algorithm" EQUAL (
>                  ("M= D5" / "SHA-512-256" / "SHA-256") ["-sess"= ;])
>                  / token = )

Is that really correct? Doesn't it mean that you w= ould need to put a space between the algorithm and "-sess", for e= xample "SHA-512-256<space>-sess"?

Regards,

Christer


        Thanks,
        Paul

_______________________________________________
sipcore mailing list
sipcore@ietf.org
https://www.ietf.= org/mailman/listinfo/sipcore
--_000_HE1PR07MB3161A708E7EDA9AC8CF6161393600HE1PR07MB3161eurp_-- From nobody Wed Oct 30 12:13:44 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78295120826 for ; Wed, 30 Oct 2019 12:13:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWb-lcoiiykq for ; Wed, 30 Oct 2019 12:13:36 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70042.outbound.protection.outlook.com [40.107.7.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B4EC120805 for ; Wed, 30 Oct 2019 12:13:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GIsi5fPxzEvTGl1TtTQkJF9qRV1YPwY2QZmcmgO1VQ/4TXDNMI4Io2knFAzQAz4rid6dxj0A2bgU+XdNIcotj+Pfwq84hre56gCLQrt7BGhE8lQjqqglO1eCl0xR5sDBIlH2vuzBQsBhand10qHpDkJc7K8KwaZBB9yuMiXitxx6VXWlckNcH8cJL970OvRtEXAPNL0VJmnVmvHMvmGzHRYA4djJCzxgHzbQWTxB1295UdNbZ68Bpe0RII+mOqiT3UvwN/w1eFBdY6aunvO9lxo3Q8biAasZ85bzprOG4vVJJf7Na62InGO7FdCNUX3sQNHlqSTYxLfOOw/G4+OMMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cZrOfo4pDLAOnIJv2600LwUxU3ERq0vAV6ERXAdD3UU=; b=gdeWie2/3Wtj+OrMkp40vWm3NjPAAsCAzxV8IdUNng/+BjXHfxZVNmPFyg/vy4MS3Jhf+5WESFwk0HSqSp/vrrw9Jywo1Fk2CaihVv5yZW3tEDHfe/ZsgUEmSNDoyTkF4YcQhedueRqPnOH7DAXtPlzYKtWgiaEqGUGg1+YeuKtzYjqXyDIcODUmFHWcFoRp4pVmKTmkKYu+1vWRUjlUjNn13uaXo7FUuh3CdOGuEsENVSEWynx0ZjRtxrOhYBKfGLP40kpc24Nkcd3uJsztxq946cMpCGrxAY86EAQY7rZtLltQUD+5n6iAGNePcPy/FaKO++v0c5WnWetoIsk4mQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cZrOfo4pDLAOnIJv2600LwUxU3ERq0vAV6ERXAdD3UU=; b=G/oAoB3W1AwWlsUMnKULu/RVvKVMOYBr3dwNPprzW7sMj4esp2Q+4hAiyNX7QHD26MlAcKUFgUXa6bE+DAEw7WfVRMDtvP64rMAaEdupO6DHWANa8Pw7dr1d0A3ohLkB1YudIOmYZ2Vimo+sPsrVeMdEkrKzadn/O9L4QhT4pxs= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3084.eurprd07.prod.outlook.com (10.170.247.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Wed, 30 Oct 2019 19:13:32 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Wed, 30 Oct 2019 19:13:32 +0000 From: Christer Holmberg To: Paul Kyzivat , "sipcore@ietf.org" Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-05.txt Thread-Index: AQHVis5uf+6u3SYhJ0+veNzfHpxaXadqh9YAgAjl5ICAABzfoQ== Date: Wed, 30 Oct 2019 19:13:32 +0000 Message-ID: References: <157196467780.11350.16529563058309019910@ietfa.amsl.com> , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [188.127.223.154] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5af6a535-d059-4cd5-8669-08d75d6d4178 x-ms-traffictypediagnostic: HE1PR07MB3084: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 02065A9E77 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(136003)(366004)(396003)(199004)(189003)(110136005)(102836004)(66476007)(2171002)(8936002)(74316002)(476003)(99286004)(6506007)(64756008)(2501003)(4001150100001)(7736002)(86362001)(55016002)(7696005)(66556008)(76116006)(486006)(316002)(66446008)(229853002)(19627405001)(66946007)(446003)(105004)(66066001)(52536014)(478600001)(8676002)(54896002)(6306002)(6246003)(9686003)(76176011)(606006)(6116002)(81156014)(71190400001)(966005)(25786009)(186003)(71200400001)(26005)(3846002)(33656002)(81166006)(236005)(14454004)(6436002)(66574012)(2906002)(11346002)(5660300002)(44832011)(256004)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3084; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Dsz2VBN/v3F6Yw1eCfjsfzLwqZjHVDdyBxx9TMAXKKvp1/lci8kIj0coSz55jxL8uj4kZX0dAvDQNPvfZhtA2c/nCI3v3q5Z+kSc40N6N46VGeEdROI7dSiGBxLB5EVke4Nv1PIODchFfJRxOokoluO7QrPVTUeQ68k9zcLkdkiQKXk+owQGm/UOvmc497XIL/qJGerM9qj0Ke+S7cWWID6R0QMbQrEx24ILYSrzXCuaZyc1UEI9uuXxptdbgpe5e5ddf/F5HE/HyxHrnrE5NB8U+UuKqU120JDH9/RPTBQAQfEDtOry0q6RZh1tfOfPRH0PKV+7XBefW6v/dAHQqywEXhKWDgcNlPAABqjzZpmfjgwfmqDEAi5mNjFxwM+G4xsymeBzX7Oe4t9b7mwKSn8m9csSiUi8pLnOT0lUp7rehFNL8I4GP6izXNIsBZ4UlCxtHDqvAHl1oIwHMbubE42veVtMBgsW91odXmme5co= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_HE1PR07MB3161AA383EA72E8A74177A1593600HE1PR07MB3161eurp_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5af6a535-d059-4cd5-8669-08d75d6d4178 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 19:13:32.5991 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: D6s9LIxlIfrK0NGXFzsEQLCRKAEzNThaMj+BeeN8HD8D1OXGO1Jz3lgdevVzDWMRfUrjwf6gVwCwQI4FwM/C3Hfa8KT5WAwwQoPqfAZWiMc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3084 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-05.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 19:13:39 -0000 --_000_HE1PR07MB3161AA383EA72E8A74177A1593600HE1PR07MB3161eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, >I'm still struggling to understand what the expectations are of the UA >in this process. > >IIUC, when the registrar/server/proxy generates a "Bearer" challenge >specifying a particular AS, that implies that it has knowledge of that >AS and how to deal with it. And it may well have relationships with >multiple ASs, and challenge using them all. And there is an assumption >that either UA or the *user* of the UA must have a relationship with at >least on of the ASs to use for authentication. Correct. >My thought is that commonly the UA itself *won't* have a relationship >with the AS. Rather it will expect the user to be the one to have that. >In this case, can the UA have generic code that deals with any possible AS= ? Yes. The interface between the UA and the AS is standardized. >With web authentication I commonly experience an authentication popup >that offers alternatives. (E.g., facebook or google or private local >id/pw authentication.) The user then gets to pick one, and then >authenticate with a corresponding AS. I am thinking the SIP process >could be the same. The alternatives offered to the user would correspond >to all the challenges (both Bearer and digest) for a single realm. > >Is this a use case you have in mind as being covered? I assume that the registrar could offer multiple AS(s), and then the user c= hooses one that it has a relationship with. Especially if the operator is u= sing 3rd party AS(s), like Facebook, Google etc. However, the operator might also use its own AS (or have a relationship wit= h a specific 3rd party AS), where the user relationship with the AS is part= of the user subscription, and in that case the registrar most likely will = only return that AS (because it knows the user has a relationship with it). >(Of course, it may be that a UA is build to not depend on the user for >authentication. In that case it must be preconfigured with credentials. >But that isn't really no different from preloading the credential cache. >And I guess it might be configured to only work with a single AS.) > >Based on your updates, I think I get it that the result from the AS to >the UA access, refresh and possible id tokens, that only the access >token is destined to be included in bearer credentials. The UA must know >to use the refresh token to refresh its access token. And the UA may >know to use the ID token for something (what?). Is any of this >knowledge AS-specific, or is it all generic? It is part of the standardized OAuth procedures. Regards, Christer > Regards, > Rifaat > > > On Thu, Oct 24, 2019 at 8:52 PM > wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG > of the IETF. > > Title : Third-Party Token-based Authentication > and Authorization for Session Initiation Protocol (SIP) > Authors : Rifaat Shekh-Yusef > Christer Holmberg > Victor Pascual > Filename : draft-ietf-sipcore-sip-token-authnz-05.txt > Pages : 14 > Date : 2019-10-24 > > Abstract: > This document updates RFC 3261 and defines a mechanism for SIP, t= hat > is based on the OAuth 2.0 and OpenID Connect Core 1.0 > specifications, > to enable the delegation of the user authentication and SIP > registration authorization to a dedicated third-party entity that= is > separate from the SIP network elements that provide the SIP servi= ce. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-05 > https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-a= uthnz-05 > > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-auth= nz-05 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > . > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > _______________________________________________ sipcore mailing list sipcore@ietf.org https://www.ietf.org/mailman/listinfo/sipcore --_000_HE1PR07MB3161AA383EA72E8A74177A1593600HE1PR07MB3161eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,

>I'm still struggling to understand what the ex= pectations are of the UA
>in this process.
>
>IIUC, when the registrar/server/proxy generates a "Bearer" ch= allenge
>specifying a particular AS, that implies that it has knowledge of that =
>AS and how to deal with it. And it may well have relationships with >multiple ASs, and challenge using them all. And there is an assumption =
>that either UA or the *user* of the UA must have a relationship with at=
>least on of the ASs to use for authentication.

Correct.

>My thought is that commonly the UA itself *won't* have a relationship <= br> >with the AS. Rather it will expect the user to be the one to have that.=
>In this case, can the UA have generic code that deals with any possible= AS?

Yes. The interface between the UA and the AS is st= andardized.

>With web authentication I commonly experience = an authentication popup
>that offers alternatives. (E.g., facebook or google or private local >id/pw authentication.) The user then gets to pick one, and then
>authenticate with a corresponding AS. I am thinking the SIP process >could be the same. The alternatives offered to the user would correspon= d
>to all the challenges (both Bearer and digest) for a single realm.
>
>Is this a use case you have in mind as being covered?

I assume that the registrar could offer multiple A= S(s), and then the user chooses one that it has a relationship with. Especi= ally if the operator is using 3rd party AS(s), like Facebook, Google etc.

However, the operator might also use its own AS (o= r have a relationship with a specific 3rd party AS), where the user relatio= nship with the AS is part of the user subscription, and in that case the re= gistrar most likely will only return that AS (because it knows the user has a relationship with it).

>(Of course, it may be that a UA is build to no= t depend on the user for
>authentication. In that case it must be preconfigured with credentials.=
>But that isn't really no different from preloading the credential cache= .
>And I guess it might be configured to only work with a single AS.)
>
>Based on your updates, I think I get it that the result from the AS to =
>the UA access, refresh and possible id tokens, that only the access >token is destined to be included in bearer credentials. The UA must kno= w
>to use the refresh token to refresh its access token. And the UA may >know to use the ID token for something (what?).  Is any of this >knowledge AS-specific, or is it all generic?

It is part of the standardized OAuth procedures.

Regards,

Christer



> Regards,
>   Rifaat
>
>
> On Thu, Oct 24, 2019 at 8:52 PM <internet-drafts@ietf.org
> <mailto:internet-drafts= @ietf.org>> wrote:
>
>
>     A New Internet-Draft is available from the on-= line Internet-Drafts
>     directories.
>     This draft is a work item of the Session Initi= ation Protocol Core WG
>     of the IETF.
>
>              Title  =          : Third-Party Token-based Authentication<= br> >     and Authorization for Session Initiation Proto= col (SIP)
>              Authors = ;        : Rifaat Shekh-Yusef
>                 = ;               Christer Holmberg
>                 = ;               Victor Pascual
>              Filename&nbs= p;       : draft-ietf-sipcore-sip-token-authnz-05.txt
>              Pages  =          : 14
>              Date  &= nbsp;         : 2019-10-24
>
>     Abstract:
>         This document updates RFC 3= 261 and defines a mechanism for SIP, that
>         is based on the OAuth 2.0 a= nd OpenID Connect Core 1.0
>     specifications,
>         to enable the delegation of= the user authentication and SIP
>         registration authorization = to a dedicated third-party entity that is
>         separate from the SIP netwo= rk elements that provide the SIP service.
>
>
>     The IETF datatracker status page for this draf= t is:
>     https://datatracker.ietf.org/doc/draft-ietf-sipcore-sip-token-authnz/ >
>     There are also htmlized versions available at:=
>     https://tools.ietf.org/html/draft-ietf-sipcore-sip-token-authnz-05
>     https://datatracker.ietf..org/doc/html/draft-ietf-sipcore-sip-token-authnz-= 05
>     <https://datatracker.ietf.org= /doc/html/draft-ietf-sipcore-sip-token-authnz-05>
>
>     A diff from the previous version is available = at:
>     https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sipcore-sip-token-authnz-05<= /a>
>
>
>     Please note that it may take a couple of minut= es from the time of
>     submission
>     until the htmlized version and diff are availa= ble at tools.ietf.org
>     <http://t= ools.ietf.org>.
>
>     Internet-Drafts are also available by anonymou= s FTP at:
>     ftp://ftp.ietf.org/internet-drafts/
>
>     ______________________________________________= _
>     sipcore mailing list
>     sipcore@ietf.org <mailto:sipcore@ietf.org>
>     https://www.ietf.org/mailman/listinfo/sipcore
>
>
> _______________________________________________
> sipcore mailing list
> sipcore@ietf.org
> https://www.= ietf.org/mailman/listinfo/sipcore
>

_______________________________________________
sipcore mailing list
sipcore@ietf.org
https://www.ietf.= org/mailman/listinfo/sipcore
--_000_HE1PR07MB3161AA383EA72E8A74177A1593600HE1PR07MB3161eurp_-- From nobody Wed Oct 30 14:48:09 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8D3120103; Wed, 30 Oct 2019 14:48:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pDxRYQ8M1qg; Wed, 30 Oct 2019 14:48:05 -0700 (PDT) Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 839461200D6; Wed, 30 Oct 2019 14:48:05 -0700 (PDT) Received: by mail-io1-xd43.google.com with SMTP id k1so4312666iom.9; Wed, 30 Oct 2019 14:48:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Rw/4cevcBVp1qf99gVKRPiPyzyDohQJ1NkhFZ9BgsOk=; b=oQ4M5r8u5djVBEnO4z8w5j+/iCpbOosRkl61IjBMH1lOjDEMpAhY9DsWhwkh3KC5OG rqL+0EYPwfqlxDc6XLduMJqXz52njHuKsIMx3uWcPEi36syTceyOHdOaBBAIH/HALYc2 VtbW0guhnCs0Pmn9SLrbu2NDPXY6TWgnfPF91NZV5nHEiFhVDarcrEkk2nPH9KJFLVtv WSyK03AkyytTxmjJsMmljyHT8bL+kkIrNw3p9sofKtTSwUhaP+DuPCBjPS2Mc+3HzzZW PAwQG7+APZoF4vKkh5cyclskWs28C0IccCuqhRJL2EmZ/nds5Q/yNrCzC5AlKKUxisE9 GKRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rw/4cevcBVp1qf99gVKRPiPyzyDohQJ1NkhFZ9BgsOk=; b=N9dpdQQVfI/5xo1XjORQXJ608K3yJ0IbBs5pPgme7uSkIObVhKEV0oALYla0epDjEj GDfy/p8q8i+uMCOZPOeOajI+iRd0pc0SMBSa0JgXY3FTcxeBOJnPu7BpJn0SeYeplEzO 9tCYlLINmOE8gcZHevN2TGOar1Xx+iseyY1MjClHRnRbrT44i9tg6PJRZDeBepnkUgkr e4HH631Yh6iBNoCQrKU1YVN/NKmLzTcnNZYARfjC4MJNvnWIOSavLGC4T2qei9Dp4aGc awM9PR0oxV5HXVyQGbAUc0AklZSjbpLKFr42HmnEAKrHD+Acz8JususMBS0AbZQeGXOS pzeA== X-Gm-Message-State: APjAAAU9jdU20W++7wx2BS0OdoAY9uDFGLyO284u15vOj2psxn2Bt3Hz pyW4wSBpQ+M5ZgTqoY/U7yhRZjpGXCvDhj36UHA= X-Google-Smtp-Source: APXvYqwptVkTjvqPJvl3E6ewoOyjaLDhAwxwMA8/8eL8FpXr7I/qvhdDkbfWOl/7wJdBypuEVyNdhhac7G7+dzn9ysw= X-Received: by 2002:a02:5846:: with SMTP id f67mr318919jab.121.1572472084763; Wed, 30 Oct 2019 14:48:04 -0700 (PDT) MIME-Version: 1.0 References: <157245446961.32498.8161188708294367194.idtracker@ietfa.amsl.com> In-Reply-To: <157245446961.32498.8161188708294367194.idtracker@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Wed, 30 Oct 2019 17:47:54 -0400 Message-ID: To: Roman Danyliw Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="000000000000081b88059627b070" Archived-At: Subject: Re: [sipcore] Roman Danyliw's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 21:48:08 -0000 --000000000000081b88059627b070 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks Roman! I will fix these in the coming version. Regards, Rifaat On Wed, Oct 30, 2019 at 12:54 PM Roman Danyliw via Datatracker < noreply@ietf.org> wrote: > Roman Danyliw has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 2. Recommend a reference for SHA-256 and SHA-512/256 > > ** Recommend consistent notation on =E2=80=9CSHA-512/256=E2=80=9D (Sectio= n 2.0 and 2.2) and > =E2=80=9CSHA-512-256=E2=80=9D (Abstract). =E2=80=9CSHA-512-256=E2=80=9D = makes sense in the ABNF for > Section > 2.7. > > > --000000000000081b88059627b070 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks=C2=A0Roman!

I will fix these in = the=C2=A0coming version.

Regards,
=C2=A0= Rifaat


On Wed, Oct 30, 2019 at 12:54 PM Roman Danyliw v= ia Datatracker <noreply@ietf.org= > wrote:
Roma= n Danyliw has entered the following ballot position for
draft-ietf-sipcore-digest-scheme-12: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/s= tatement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 2.=C2=A0 Recommend a reference for SHA-256 and SHA-512/256

** Recommend consistent notation on =E2=80=9CSHA-512/256=E2=80=9D (Section = 2.0 and 2.2) and
=E2=80=9CSHA-512-256=E2=80=9D (Abstract).=C2=A0 =E2=80=9CSHA-512-256=E2=80= =9D makes sense in the ABNF for Section
2.7.


--000000000000081b88059627b070-- From nobody Wed Oct 30 14:50:57 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F15D2120103; Wed, 30 Oct 2019 14:50:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCyLDeFJxpNM; Wed, 30 Oct 2019 14:50:42 -0700 (PDT) Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F1DD1200D6; Wed, 30 Oct 2019 14:50:42 -0700 (PDT) Received: by mail-il1-x144.google.com with SMTP id s75so3545194ilc.3; Wed, 30 Oct 2019 14:50:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PyV9ID+3EfKd73f0aPMSVJI5LyLNUzvGvE48B/Nwb/I=; b=Myo/JGB6VTQexPmZ8HjC77hfWGanIjcuVqOJDKK41m9sNPMUyxlrhCdTUp8qX9C7Ev 5TqbXSvdu4wqNx5xtJeD3ev8LvTUfNFP6AHilxGY7TXd3qZvONFaXbCcDcQMpfMzp8je qWMu+LdCFSBBw3Y/Qsmcd31Xx8I0trBbp+qaFF1DQJnZMgdH13dYt3HnQ/IXzg4KyeQE +QujX/32oq7smVUk3Tu0d30T1Qtm3eOTuehbYDesFGUxcrKbWO8mBEzoX/AOBqm9njDe +3f5XN/ficDip6AAn5y9LRtZohb/D04C5xLVQdhI1vHR0/HWK27H5QtvbGmjfuc+ssiB xbMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PyV9ID+3EfKd73f0aPMSVJI5LyLNUzvGvE48B/Nwb/I=; b=JpGFrLzznQvkJj7zbysbmRni/KmWiXXOVp7mxOGPzeWRo+YE2GM5UCGyAj09IWiS0A QD1d5ohGSXY9D8iRaJWFmgD+5xDA6+imKpUtCzoDvbXbSCLl/PyAmyYkDh7YZtUFjrTU pgVxXXeJGYgMkaGXs0GNldB+M18vnGR/ZYkOJerrqGpVeF7fxta9dA6j9elHh3WpHm+u 5pr4ZaMz1FtLhvGOys89dVnDYcPPy1m3yYilvUvBUimlXDeKfXUGkzEKN1j1yo5bAGAs RmFFQsL28MKMBPwyU+wJMo2neU600R5/QDTBqvt8zmX0n5aFRYu6+i+WWA187lsssz2b jiGA== X-Gm-Message-State: APjAAAV3OjSN/XypS+4hIHB+MBOCUz6hp95nq9hcIX+Ob/C5/a/3lC+Q Tsa8tmbGa5iDUamCXC9xR9/AUZwUecpwGEgFsyU= X-Google-Smtp-Source: APXvYqw/cNasDN4KeNNrHpBiF1vUAdXchT+vgGKBShiFyMwfoFMf06XGvLQhoL9vKGlLX/JwFhUH8+o2c4sQGTLIAJg= X-Received: by 2002:a92:8394:: with SMTP id p20mr2446798ilk.73.1572472242020; Wed, 30 Oct 2019 14:50:42 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> In-Reply-To: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> From: Rifaat Shekh-Yusef Date: Wed, 30 Oct 2019 17:50:32 -0400 Message-ID: To: Alexey Melnikov Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="00000000000067a876059627b937" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 21:50:45 -0000 --00000000000067a876059627b937 Content-Type: text/plain; charset="UTF-8" Thanks Alexey! I am fine with the first two comments, and will fix these in the coming version of the document. I am not sure I follow the 3rd one. Why do you see the need for a minimum number of hex digits? Regards, Rifaat On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < noreply@ietf.org> wrote: > Alexey Melnikov has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Alissa's DISCUSS. > > Also, I have a few comments of my own: > > 1) Last para of Section 2.1: > > 2.1. Hash Algorithms > > A UAS prioritizes which algorithm to use based on the ordering of the > challenge header fields in the response it is preparing. > > This looks either wrong or confusing to me. I think you are just saying > here > that the order is decided by the server at this point. > > That > process is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > So based on the above, my suggested replacement for both sentences: > > A UAS prioritizes which algorithm to use based on its policy, > which is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request unless a local > policy dictates otherwise. > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > If yes, maybe you should make this clearer. > > For example, if the UAC does not have > credentials or has stale credentials for any of the realms, the UAC > will abandon the request. > > 3) In Section 2.7: > > request-digest = LDQUOT *LHEX RDQUOT > > This now allows empty value. I suggest you specify a minimum number of hex > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > --00000000000067a876059627b937 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Alexey!

I am fi= ne with the first two comments, and will fix these in the coming version of= the document.

I am not sure I follow the 3rd one= . Why do you see the need for a minimum number of hex digits?

Regards,
=C2=A0Rifaat



On Wed, Oct 30,= 2019 at 1:16 PM Alexey Melnikov via Datatracker <noreply@ietf.org> wrote:
Alexey Melnikov has entered the following bal= lot position for
draft-ietf-sipcore-digest-scheme-12: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/s= tatement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I am agreeing with Alissa's DISCUSS.

Also, I have a few comments of my own:

1) Last para of Section 2.1:

2.1.=C2=A0 Hash Algorithms

=C2=A0 =C2=A0A UAS prioritizes which algorithm to use based on the ordering= of the
=C2=A0 =C2=A0challenge header fields in the response it is preparing.

This looks either wrong or confusing to me. I think you are just saying her= e
that the order is decided by the server at this point.

=C2=A0 =C2=A0That
=C2=A0 =C2=A0process is specified in section 2.3 and parallels the process = used in
=C2=A0 =C2=A0HTTP specified by [RFC7616].

So based on the above, my suggested replacement for both sentences:

=C2=A0 =C2=A0A UAS prioritizes which algorithm to use based on its policy,<= br> =C2=A0 =C2=A0which is specified in section 2.3 and parallels the process us= ed in
=C2=A0 =C2=A0HTTP specified by [RFC7616].

2) Last para of Section 2.4:

=C2=A0 =C2=A0If the UAC cannot respond to any of the challenges in the resp= onse,
=C2=A0 =C2=A0then it SHOULD abandon attempts to send the request unless a l= ocal
=C2=A0 =C2=A0policy dictates otherwise.

Is trying other non Digest algorithms covered by "SHOULD abandon"= ?
If yes, maybe you should make this clearer.

=C2=A0 =C2=A0For example, if the UAC does not have
=C2=A0 =C2=A0credentials or has stale credentials for any of the realms, th= e UAC
=C2=A0 =C2=A0will abandon the request.

3) In Section 2.7:

=C2=A0 =C2=A0 =C2=A0 request-digest =3D LDQUOT *LHEX RDQUOT

This now allows empty value. I suggest you specify a minimum number of hex<= br> digits allowed in the ABNF. Or at least change "*LHEX" to "2= *LHEX".


--00000000000067a876059627b937-- From nobody Wed Oct 30 15:24:28 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F5E1208B0; Wed, 30 Oct 2019 15:24:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xdPDnimSrFF; Wed, 30 Oct 2019 15:24:07 -0700 (PDT) Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35756120A45; Wed, 30 Oct 2019 15:24:07 -0700 (PDT) Received: by mail-io1-xd43.google.com with SMTP id k1so4405460iom.9; Wed, 30 Oct 2019 15:24:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RYD8zC6/2WhaY5P487ptlwzUTjZRlKodoOcmGOSN6d0=; b=gh81uDOHFaOQ8TGLtMAlGM5qXnFr1at25RZ5N+JIEsetqijMSSf69/Ut1uCarYQJU1 1h1kTIf5e4zGHEE4OwoLwq+IiOC13HHVetAjdEIf95OCDLtQne6HovGlIkxQy/bKIghO p69DSVNITkAt83vHZmLS3hIPkLV1EeILIoQlWqadI8ubsOc/qqkSb5UsCN9YdqZfY6go vng87vr0VJ4z1UHIiaVsnPHSXl1999Z6hqRY6brdB6aRK7Tk/lTqrbC+4jIU05NHmfdo flCKnqqA8S86vUahGg+P5R2kMa9b9JVFbTBOdxv4WYGLVM6K8ClkDpxHQA34zawQ6Uf+ GBjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RYD8zC6/2WhaY5P487ptlwzUTjZRlKodoOcmGOSN6d0=; b=kOlP76fNcoFj8DhAhEtqSt0oGTbYnmOPNjSf6Ujn9UQi0dsGHwe3LKrYO21J6UtVgF dMkNxj62UPjwKW2WKt/Wc9rdiYXYn0czV7lL1vpAKEEnIs7ugkFRQ0WrfD1mrpLidIXB aa8kqpdgi7NLgK+WYIMyvVnIaEv3rDB2GafrgtUQFUYkMmqtVItjphirNnkMv8/a+5aa Rq6U+wPWqVoYJuGXLuvoP14cB1+PvwV3+yFHbC1QCMecmMho2UZwOhUKUZEFNiAswPh8 q4fy8Eg91wEloWTrqROvLMAAev2MqJ12AMaswbSmHz227ld9pGS0i8iiHyE+cBFmsO6l GJQg== X-Gm-Message-State: APjAAAVHqEkDRozYTNXq4Qr3TVo+k94uq8ty72h8rBDMl3UpPgoMdbZv lD8y3jEUuhFeFmVTYtSvzqbK4xIpqeV6V4yHS4Y= X-Google-Smtp-Source: APXvYqyIJ9OYo6KX8lQa9Ffrh/9idwYI0boUSfNk+mXDmO1G1y17jfL2umpMBfLHsYYT79vZnxSe7IJwXZ/I9DZRkaM= X-Received: by 2002:a6b:f408:: with SMTP id i8mr1960971iog.73.1572474246556; Wed, 30 Oct 2019 15:24:06 -0700 (PDT) MIME-Version: 1.0 References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Wed, 30 Oct 2019 18:23:56 -0400 Message-ID: To: Christer Holmberg Cc: Paul Kyzivat , Alissa Cooper , The IESG , "roni.even@huawei.com" , "sipcore@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , "sipcore-chairs@ietf.org" Content-Type: multipart/alternative; boundary="000000000000e26f690596283077" Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 22:24:16 -0000 --000000000000e26f690596283077 Content-Type: text/plain; charset="UTF-8" I will spell it out in the next version of the document, similar to RFC3261, to avoid any possible confusion. Regards, Rifaat On Wed, Oct 30, 2019 at 2:26 PM Christer Holmberg < christer.holmberg@ericsson.com> wrote: > Hi, > > >> ---------------------------------------------------------------------- > >> DISCUSS: > >> ---------------------------------------------------------------------- > >> > >> I appreciate the new text in Section 2.7, but I'm still a little > unclear on the > >> ABNF that is specified. As far as I can tell the relevant line from the > >> original ABNF in RFC 3261 is: > >> > >> algorithm = "algorithm" EQUAL ( "MD5" / "MD5-sess" > >> / token ) > >> > >> And what it is being replaced with is: > >> > >> algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" > >> / token ) > >> > >> Each one of these algorithms might have a "-sess" variant, e.g., > >> MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] > > > > I agree. Seems like the proper syntax would be: > > > > algorithm = "algorithm" EQUAL ( > > ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"]) > > / token ) > > Is that really correct? Doesn't it mean that you would need to put a space > between the algorithm and "-sess", for example "SHA-512-256-sess"? > > Regards, > > Christer > > > Thanks, > Paul > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000e26f690596283077 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I will spell it out in the next version of the document, s= imilar to RFC3261, to avoid any possible confusion.

Rega= rds,
=C2=A0Rifaat


On Wed, Oct 30, 2019 at 2:2= 6 PM Christer Holmberg <christer.holmberg@ericsson.com> wrote:
Hi,

>> -------------------------------------------------------------= ---------
>> DISCUSS:
>> ------------------------------------------------------------------= ----
>>
>> I appreciate the new text in Section 2.7, but I'm still a litt= le unclear on the
>> ABNF that is specified. As far as I can tell the relevant line fro= m the
>> original ABNF in RFC 3261 is:
>>
>>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 algorithm=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 =3D=C2=A0 "algorithm" EQUAL ( "MD5&quo= t; / "MD5-sess"
>>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 / token )
>>
>> And what it is being replaced with is:
>>
>>=C2=A0=C2=A0=C2=A0=C2=A0 algorithm =3D "algorithm" EQUAL = ( "MD5" / "SHA-512-256" / "SHA-256"
>>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 / token )
>>
>>=C2=A0=C2=A0=C2=A0=C2=A0 Each one of these algorithms might have a = "-sess" variant, e.g.,
>>=C2=A0=C2=A0=C2=A0=C2=A0 MD5-sess, SHA-256-sess, etc, as defined in= [RFC7616]
>
> I agree. Seems like the proper syntax would be:
>
> =C2=A0=C2=A0 algorithm =3D "algorithm" EQUAL (
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0 ("M= D5" / "SHA-512-256" / "SHA-256") ["-sess"= ;])
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0 / token = )

Is that really correct? Doesn't it mean that you would need to put= a space between the algorithm and "-sess", for example "SHA= -512-256<space>-sess"?

Regards,

Christer


=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Thanks,
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Paul

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore
--000000000000e26f690596283077-- From nobody Wed Oct 30 15:41:14 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EF10F12001A; Wed, 30 Oct 2019 15:41:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157247526789.32548.10387296579872250376@ietfa.amsl.com> Date: Wed, 30 Oct 2019 15:41:07 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-13.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 22:41:08 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : The Session Initiation Protocol (SIP) Digest Authentication Scheme Author : Rifaat Shekh-Yusef Filename : draft-ietf-sipcore-digest-scheme-13.txt Pages : 9 Date : 2019-10-30 Abstract: This document updates RFC 3261 by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512-256, to replace the broken MD5 algorithm. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-13 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Oct 30 15:52:21 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1CC4120106; Wed, 30 Oct 2019 15:52:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.28 X-Spam-Level: X-Spam-Status: No, score=-1.28 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDeskhoIdv0v; Wed, 30 Oct 2019 15:52:19 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB0D3120018; Wed, 30 Oct 2019 15:52:18 -0700 (PDT) Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x9UMnhDO082453 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 30 Oct 2019 17:49:44 -0500 (CDT) (envelope-from adam@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1572475787; bh=8TFf5AHTa53l2JBXlpbpsjsNOBR4yVzrddRD1gAEPqI=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=hyrDc+CN0SOR+gBGGod8W4UECE7p4RRlEJFa0E3WnxCevbPRO5P2IVEoJIQgA01EO fWZ02ugwGsvRG4FnSks1fL4aY0jey2hJVLfqoAU2arr08H/Zkz7Ji12GPudJYkoBvp TTdUdr+fikZbE3rAnvP7gYl27QNTDCUGyInEAw7Q= X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local To: Christer Holmberg , Paul Kyzivat , Alissa Cooper , The IESG Cc: "roni.even@huawei.com" , "sipcore@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , "sipcore-chairs@ietf.org" References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> From: Adam Roach Message-ID: <86fbd896-bac1-43a8-c5a5-7a8110a5f3b9@nostrum.com> Date: Wed, 30 Oct 2019 17:49:38 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------3C18E8E06B88EA44D02753CF" Content-Language: en-US Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 22:52:20 -0000 This is a multi-part message in MIME format. --------------3C18E8E06B88EA44D02753CF Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit On 10/30/19 1:26 PM, Christer Holmberg wrote: > Hi, > > >> ---------------------------------------------------------------------- > >> DISCUSS: > >> ---------------------------------------------------------------------- > >> > >> I appreciate the new text in Section 2.7, but I'm still a little > unclear on the > >> ABNF that is specified. As far as I can tell the relevant line from the > >> original ABNF in RFC 3261 is: > >> > >>       algorithm        =  "algorithm" EQUAL ( "MD5" / "MD5-sess" > >>                         / token ) > >> > >> And what it is being replaced with is: > >> > >>     algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" > >>                   / token ) > >> > >>     Each one of these algorithms might have a "-sess" variant, e.g., > >>     MD5-sess, SHA-256-sess, etc, as defined in [RFC7616] > > > > I agree. Seems like the proper syntax would be: > > > >    algorithm = "algorithm" EQUAL ( > >                  ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"]) > >                  / token ) > > Is that really correct? Doesn't it mean that you would need to put a > space between the algorithm and "-sess", for example > "SHA-512-256-sess"? ABNF does not have implicit space between atoms. This is why, for example, many of the definitions of SIP header fields contain the "LWS" and "SWS" constructs (usually by way of some commonly-used definition such as "HCOLON"). /a --------------3C18E8E06B88EA44D02753CF Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
On 10/30/19 1:26 PM, Christer Holmberg wrote:
Hi,

>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> I appreciate the new text in Section 2.7, but I'm still a little unclear on the
>> ABNF that is specified. As far as I can tell the relevant line from the
>> original ABNF in RFC 3261 is:
>>
>>       algorithm        =  "algorithm" EQUAL ( "MD5" / "MD5-sess"
>>                         / token )
>>
>> And what it is being replaced with is:
>>
>>     algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256"
>>                   / token )
>>
>>     Each one of these algorithms might have a "-sess" variant, e.g.,
>>     MD5-sess, SHA-256-sess, etc, as defined in [RFC7616]
>
> I agree. Seems like the proper syntax would be:
>
>    algorithm = "algorithm" EQUAL (
>                  ("MD5" / "SHA-512-256" / "SHA-256") ["-sess"])
>                  / token )

Is that really correct? Doesn't it mean that you would need to put a space between the algorithm and "-sess", for example "SHA-512-256<space>-sess"?


ABNF does not have implicit space between atoms. This is why, for example, many of the definitions of SIP header fields contain the "LWS" and "SWS" constructs (usually by way of some commonly-used definition such as "HCOLON").


/a

--------------3C18E8E06B88EA44D02753CF-- From nobody Wed Oct 30 16:55:30 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D70CB120220 for ; Wed, 30 Oct 2019 16:55:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnLfpG8eNUYi for ; Wed, 30 Oct 2019 16:55:26 -0700 (PDT) Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700086.outbound.protection.outlook.com [40.107.70.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56AFC120125 for ; Wed, 30 Oct 2019 16:55:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cUqDITEbbc879/qC1LYnjbs0VaC2YggFkfIZPKeMRcaNiLy7qR+yagJW/rX/R1VL/y++DzjcZiEYtOdlcHWp/UhZgXTP59JIlcEKMiJS8svEpzpxwUB1A9PcMJtfZqk9RnRnCdFES67ypATbipwETKMI2WSIiGwed7ENnRmePjTsk6cyJcPh2jlJOYJIvI7oriB5SKVdqt28MZxoQiwN0sTFAEuvV61Mg7iAFKbKAEElJSUonAIDC/+s6v27vhR8TBCKVaeO1U/lUDT1s7kG1lCsk1rbz3vb1vgfvjuhg92TjaXElWHGx+92nGoWT2lu9nbyZ1jXaTDmXOKMCpGU9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=Nu8vR4JjxIK2vqFuz72L2Gipg0JZcMMP/yGsYKGR9LzanbHqc7iJ6uEimMdS2eW1jwvWQ6FM7sbTk+DSW7Y7zdszCvXKz3qr9QRADpESUWiPJxwutZi8gfphVlriTIrlCiGc5f+eYwCYufPJKIAStZYReP74dWkrjTXVSDotb6TQZjJ1CqIBFugv/qqeuJFCHy/FyoOvYJJfFJxxlDszzbHL5gZKZeJ1xw0vxd0SipD7BjnL9KqJHlml/3jLIbs8pk62aRGYJbpvyn652egbhu3icavbWDaImhclabQVrW88jmjy69eei5AZG0jRCdFrsHpJnoT+d4GW+e/5IjhWgw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nz54XKRKw/7RmtI9y9cUsM1D7qmnbI0yJTaRFYDHk0o=; b=PRCGMhylZLThg61JoYtJF7kT8nxpqxrAA+BoaGHNe3X7dtX+sT56sypONK2KiaVdSEvnO8mOoTEhw7HZtm9kYQDLS0fEppE1JFLNwnIidn952C8us48oetz55l6dD62A8E+gS8srN3gr5Op+jV11YaJ4EwRXDJEWqA1k744JFok= Received: from DM3PR12CA0129.namprd12.prod.outlook.com (2603:10b6:0:51::25) by DM6PR12MB3452.namprd12.prod.outlook.com (2603:10b6:5:3b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.20; Wed, 30 Oct 2019 23:55:25 +0000 Received: from CY1NAM02FT020.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e45::202) by DM3PR12CA0129.outlook.office365.com (2603:10b6:0:51::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.17 via Frontend Transport; Wed, 30 Oct 2019 23:55:25 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT020.mail.protection.outlook.com (10.152.75.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Wed, 30 Oct 2019 23:55:24 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9UNtMC6009258 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Wed, 30 Oct 2019 19:55:22 -0400 To: sipcore@ietf.org References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <448e3852-10d8-8717-7b76-e1ea30f02e3e@alum.mit.edu> Date: Wed, 30 Oct 2019 19:55:21 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(136003)(376002)(346002)(396003)(18543002)(189003)(199004)(126002)(88552002)(6246003)(11346002)(476003)(76130400001)(246002)(31696002)(65806001)(65956001)(53546011)(2616005)(58126008)(36906005)(305945005)(7596002)(478600001)(186003)(956004)(2361001)(2870700001)(316002)(75432002)(26005)(50466002)(8936002)(2351001)(31686004)(786003)(486006)(70206006)(2906002)(70586007)(76176011)(229853002)(8676002)(14444005)(106002)(86362001)(356004)(446003)(2486003)(966005)(336012)(26826003)(23676004)(6306002)(6916009)(47776003)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR12MB3452; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; MX:1; A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b63471bf-f8fb-42ed-a528-08d75d94a190 X-MS-TrafficTypeDiagnostic: DM6PR12MB3452: X-MS-Exchange-PUrlCount: 3 X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 02065A9E77 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: W1dJ3mStCHH8gKAjn5G3xfG5Fa920IOMMBCgOu/bStO6x1qLO8DTzFcxG/wEzNM5HfurZKOIh/pfacVS7eVu9qjGkVui24wfw3uR+f8W5SPxyC74EyDvpEghz7gQaQqmWBu+mZWYdnXz6sjhv8ANd/Yc0x/qPxQbHgWR/xaSe0ebuFTTW1qlhSFSJlpGOlS50bl/uW54xdOXwDT4ZFlP5TuNTTrH0Gv1GNw7/O8peiGrIa4hD2kTv76Ti1KA6XhrvVKNJJ05qmwrpQgvN17qyTZ6kNhn+J4BYrPXZKQf616kCPz3t9k5PCbPHSrgDtltwere4zUTsFqAClSM9Bhdhg1a78I8jyAAFXX1ronVDTeI1X3jip54ZtmLgOgM1XWu830p/s2Aok9qoOAG9tsWdfYcKfDn+dGw0V00Om9Jk7q32yPIWkxfpp/XjCS5nX52txsRXk/HuGIVgmfTc0ohkjz5ELipcix7bWV4v8VXrUg= X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2019 23:55:24.1627 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b63471bf-f8fb-42ed-a528-08d75d94a190 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3452 Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 23:55:29 -0000 On 10/30/19 5:50 PM, Rifaat Shekh-Yusef wrote: > Thanks Alexey! > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > I am not sure I follow the 3rd one.. Why do you see the need for a > minimum number of hex digits? The number of digits is determined by the algorithm. Since MD5 has 32 hex digits, and is deemed unacceptable now, I think we can safely restrict this to a minimum of 32 digits. Thanks, Paul > Regards, >  Rifaat > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker > > wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Alissa's DISCUSS. > > Also, I have a few comments of my own: > > 1) Last para of Section 2.1: > > 2.1.  Hash Algorithms > >    A UAS prioritizes which algorithm to use based on the ordering > of the >    challenge header fields in the response it is preparing. > > This looks either wrong or confusing to me. I think you are just > saying here > that the order is decided by the server at this point. > >    That >    process is specified in section 2.3 and parallels the process > used in >    HTTP specified by [RFC7616]. > > So based on the above, my suggested replacement for both sentences: > >    A UAS prioritizes which algorithm to use based on its policy, >    which is specified in section 2.3 and parallels the process used in >    HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > >    If the UAC cannot respond to any of the challenges in the response, >    then it SHOULD abandon attempts to send the request unless a local >    policy dictates otherwise. > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > If yes, maybe you should make this clearer. > >    For example, if the UAC does not have >    credentials or has stale credentials for any of the realms, the UAC >    will abandon the request. > > 3) In Section 2.7: > >       request-digest = LDQUOT *LHEX RDQUOT > > This now allows empty value. I suggest you specify a minimum number > of hex > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > From nobody Thu Oct 31 03:08:48 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B611B1200B3; Thu, 31 Oct 2019 03:08:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJllN1t3dilw; Thu, 31 Oct 2019 03:08:39 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70085.outbound.protection.outlook.com [40.107.7.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89AD0120089; Thu, 31 Oct 2019 03:08:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C+ytmbwnKQBqe8Is02ycSVhHCM/+PK5EZHaNL8ybVwWdN2db+k+pRoaBbtomLMIDvlXEnTLj1dv/WgFHgCv0aZH1wqybQQO+9QFo0f09fdD8HN8SMxjjArmi986lx6QGya+W6F3Lotn+L/2watRSeAPYUWdfwiZtKjyTieUFhvAY9arXe/WS/tDoco65KZgeHftA7R8eP0i6ta5Gcf4jesY0svmv3qLL1ziRlXuN7MQJbj16LBP+897h2aUeYHgeAMPkp0tzxcCj0sV+yj6eSrkmQd+ChZOoJnCbJJvbG4TUDC682JyEfdYWSmLaZiGdVp6P/QVCKCjcUrB7m+g3Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r+xNju/6nP1cLAr5kZXydTbVHnZPanKYKQ08YIBQRz0=; b=amq5zg2vEmkuMaP68aJYXxKQcX2FzP5A+gn/CxtKjv9JEmOCZiLyPyfhWCglksb5vfmdpg6pNlsOUgXgARAwDWIldhrqzU1Tqs0OGrirB3MPt2+lWZ2dKzQhMIiydx6EvR9++khUj9QAUCS2+T1zp6HzEDh35/2i1LHUXc4CUcxpzt4RCzysin8Q/uFFDUoKQD6OLD71/z70C67bx1HUnmPr1i1Eg8s2e5yfapWEZ5SP5d4Tr46xkzbNu40DjeTN8JHCy0y8FkulRfE/gsylRVVvUaB3UoVK2uUgWPQA/by71LVBQlhcVG+tw53RYVEGsDTi82fpouYwP6CSi+URAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r+xNju/6nP1cLAr5kZXydTbVHnZPanKYKQ08YIBQRz0=; b=JJSsvnFMsPn29HER560Hd6b7zXxAF1y/TIPPULI72KiJ8ef4CehgL75bLS1fJP0XZiEX3lawhDf76aYyd3uovN76FntdaCJEyX0BYH88v6ZFIUeKe85Jo63KaIihtFT2QHAKyyrfUrFdIbCysg+iIx/edf6DCrq4AafbT1mdQBA= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3065.eurprd07.prod.outlook.com (10.170.243.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Thu, 31 Oct 2019 10:08:36 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 10:08:35 +0000 From: Christer Holmberg To: Adam Roach , Paul Kyzivat , Alissa Cooper , The IESG CC: "roni.even@huawei.com" , "sipcore@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , "sipcore-chairs@ietf.org" Thread-Topic: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) Thread-Index: AQHVjzYwGCXohlJib0uMkkQZh9JldKdzVyUAgAAoseOAAEpbAIAA3zgA Date: Thu, 31 Oct 2019 10:08:35 +0000 Message-ID: <06A1287A-6ECB-426A-B934-AC4624C31AA6@ericsson.com> References: <157244908033.32620.16268072563151413683.idtracker@ietfa.amsl.com> <86fbd896-bac1-43a8-c5a5-7a8110a5f3b9@nostrum.com> In-Reply-To: <86fbd896-bac1-43a8-c5a5-7a8110a5f3b9@nostrum.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c3079dc1-0798-40cc-a114-08d75dea4ab2 x-ms-traffictypediagnostic: HE1PR07MB3065: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(346002)(396003)(366004)(39860400002)(189003)(199004)(18543002)(5660300002)(3846002)(66446008)(66556008)(6116002)(58126008)(316002)(76116006)(54906003)(256004)(110136005)(2906002)(66476007)(14454004)(66946007)(81156014)(7736002)(305945005)(81166006)(36756003)(64756008)(8676002)(71200400001)(33656002)(99286004)(478600001)(2616005)(6512007)(86362001)(26005)(8936002)(229853002)(186003)(446003)(66066001)(102836004)(476003)(25786009)(6486002)(6436002)(4326008)(2171002)(6246003)(71190400001)(486006)(44832011)(6506007)(11346002)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3065; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qqaWfvOSDmqkucJGQ5mzMix0UAyxbROqzB2fUVtN2O0V6zWtwS9sjC1c3xTfJnG+r1yokeLXnWe8NouKJreDabZgsXNu1qPNxx33uCzrzcyuWxq+LFp6hCv9lAgUZsj453hlArRijvU97TYA7yKJ6nQgR+L1qrnM8Z9Bpo8sGYkVDymftJ1pfo5Z5fzCD7N0/HDW6A9cCfPqZlucYas4yW5w0ebMOb9l3b2r4c/58ZnhWlyhMlucUDxXpGfeum8GWyaiKsfb9nsaFEwo9tuM0q6z227cLlzTo4O7gsbG/S79RyySQgBSDlAG/Vw1o+9A9GcOID2d5tP4TI084H0gHtCiWy4u0uWFQvS7RRFK5QoibN3n1cEnipG/HoUtwlM+O+W8M0fbPIdWqyI8ycztCrrm93Ao2S0WW46A7I9fHpBoMHI+NOsKu5tse3y2d90n x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: c3079dc1-0798-40cc-a114-08d75dea4ab2 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 10:08:35.2146 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ajKqDIv6DwVGjEpCDzOOc0veexysZZUvUsOh3nt6TburPFkMI+1KfYGP0gHppH6mNsyjBFjfgjnwB6Jw1eBXad/UDrrENQaYC9nkJagpYyw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3065 Archived-At: Subject: Re: [sipcore] Alissa Cooper's Discuss on draft-ietf-sipcore-digest-scheme-11: (with DISCUSS) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 10:08:42 -0000 SGksDQoNCj4+Pj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+PiBESVNDVVNTOg0KPj4+PiAtLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQo+Pj4+IA0KPj4+PiBJIGFwcHJlY2lhdGUgdGhlIG5ldyB0ZXh0IGluIFNlY3Rpb24gMi43 LCBidXQgSSdtIHN0aWxsIGEgbGl0dGxlIHVuY2xlYXIgb24gdGhlDQo+Pj4+IEFCTkYgdGhhdCBp cyBzcGVjaWZpZWQuIEFzIGZhciBhcyBJIGNhbiB0ZWxsIHRoZSByZWxldmFudCBsaW5lIGZyb20g dGhlDQo+Pj4+PiBvcmlnaW5hbCBBQk5GIGluIFJGQyAzMjYxIGlzOg0KPj4+PiANCj4+Pj7CoMKg wqDCoMKgwqAgYWxnb3JpdGhtwqDCoMKgwqDCoMKgwqAgPcKgICJhbGdvcml0aG0iIEVRVUFMICgg Ik1ENSIgLyAiTUQ1LXNlc3MiDQo+Pj4+wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgIC8gdG9rZW4gKQ0KPj4+PiANCj4+Pj4gQW5kIHdoYXQgaXQgaXMgYmVp bmcgcmVwbGFjZWQgd2l0aCBpczoNCj4+Pj4gDQo+Pj4+wqDCoMKgwqAgYWxnb3JpdGhtID0gImFs Z29yaXRobSIgRVFVQUwgKCAiTUQ1IiAvICJTSEEtNTEyLTI1NiIgLyAiU0hBLTI1NiINCj4+Pj7C oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgLyB0b2tlbiApDQo+Pj4+IA0KPj4+ PsKgwqDCoMKgIEVhY2ggb25lIG9mIHRoZXNlIGFsZ29yaXRobXMgbWlnaHQgaGF2ZSBhICItc2Vz cyIgdmFyaWFudCwgZS5nLiwNCj4+Pj7CoMKgwqDCoCBNRDUtc2VzcywgU0hBLTI1Ni1zZXNzLCBl dGMsIGFzIGRlZmluZWQgaW4gW1JGQzc2MTZdDQo+Pj4NCj4+PiBJIGFncmVlLiBTZWVtcyBsaWtl IHRoZSBwcm9wZXIgc3ludGF4IHdvdWxkIGJlOg0KPj4+DQo+Pj4gwqDCoCBhbGdvcml0aG0gPSAi YWxnb3JpdGhtIiBFUVVBTCAoDQo+Pj4gwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqDCoCAoIk1ENSIg LyAiU0hBLTUxMi0yNTYiIC8gIlNIQS0yNTYiKSBbIi1zZXNzIl0pDQo+Pj4gwqAgwqAgwqAgwqAg wqAgwqAgwqAgwqDCoCAvIHRva2VuICkNCj4+DQo+PklzIHRoYXQgcmVhbGx5IGNvcnJlY3Q/IERv ZXNuJ3QgaXQgbWVhbiB0aGF0IHlvdSB3b3VsZCBuZWVkIHRvIHB1dCBhIHNwYWNlIGJldHdlZW4g dGhlIGFsZ29yaXRobSBhbmQgIi1zZXNzIiwgZm9yIGV4YW1wbGUgIlNIQS01MTItMjU2PHNwYWNl Pi1zZXNzIj8NCj4NCj4gQUJORiBkb2VzIG5vdCBoYXZlIGltcGxpY2l0IHNwYWNlIGJldHdlZW4g YXRvbXMuIFRoaXMgaXMgd2h5LCBmb3IgZXhhbXBsZSwgbWFueSBvZiB0aGUgZGVmaW5pdGlvbnMg b2YgU0lQIGhlYWRlciBmaWVsZHMgY29udGFpbiANCj4gdGhlICJMV1MiIGFuZCAiU1dTIiBjb25z dHJ1Y3RzICh1c3VhbGx5IGJ5IHdheSBvZiBzb21lIGNvbW1vbmx5LXVzZWQgZGVmaW5pdGlvbiBz dWNoIGFzICJIQ09MT04iKS4NCg0KWW91IGFyZSBjb3JyZWN0IHRoYXQgdGhlcmUgaXMgbm8gaW1w bGljaXQgc3BhY2UgYmV0d2Vlbi4gQnV0LCBpbiBTSVAsIGlzbid0IGl0IHN0aWxsIGFsbG93ZWQg dG8gcHV0IHNwYWNlcyBpbiBiZXR3ZWVuPw0KDQpSZWdhcmRzDQoNCkNocmlzdGVyDQoNCg0KDQo= From nobody Thu Oct 31 04:22:41 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32C7D12088B; Thu, 31 Oct 2019 04:22:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=bEKP1y3G; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=lqWUVTfz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cT8dluQmOXRv; Thu, 31 Oct 2019 04:22:27 -0700 (PDT) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01D1120871; Thu, 31 Oct 2019 04:22:26 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3396422579; Thu, 31 Oct 2019 07:22:26 -0400 (EDT) Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Thu, 31 Oct 2019 07:22:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=L/F6vlPNr5aNDCrfxRK1UUFjheEnZ5c E8FBB5eiz/ZI=; b=bEKP1y3GuhGgBuT3tygNDZnLZQh+6rqHMQFX5LxPbikaIpN WqRzojFr3oQj4J45Le4EvMQe4wCuQJxcAAK39YN24hWAQ3AWBwjcmCV0hGZ/hOm8 z0W0nEvOFaVdXSGNcmeGXikQiEUZUO/YIdlsNaYSgQHDyzgrL3TBC5iR5APDYSYs RiBKY2GTJr1Pq3kx96v1Aky3XlqyopHjBna6HWDtYOBZTSx2FmENDKPDVhl7DstA SK4OoTUXHBZG/R4GUby53p7q8IV7uO0PO55wwjMPSB0iI307WrA0NMIO2qfD8c7r E7BaD6/DToaCHJb5yxDAdEhInUkv5NExXYvzIWQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=L/F6vl PNr5aNDCrfxRK1UUFjheEnZ5cE8FBB5eiz/ZI=; b=lqWUVTfz16Xle/kvs1MxZO yCSGKOvD+n6Kld3r6OmIV02tYNk5m/toeHf+Z3210h28srv9dAIbE5d0U6vIO+l1 zau6wtUHcMBQbWkS2oZBWGJ05g+9CEoaCYZA0meUEJBEwfJUmkwMukfGSzfuagDQ M/u+KIa7nZXvBI/9IW76UPYeAGTER3joGzNMTKTO9P785tQ9GrMu1Bh5dsHR8zG6 rNlsv8PDTMfwVp4l7OiLd121r6tT9Bs36S9jywtsyN+UFnq+IiVd2Nrrlf2V6mEL vYaY7fY+KmZSyR7T/N7db4nl4hw2tHWoj/AA0xEYwgfh7dRcz0dV5sih32EMfgCw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddthedgvdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesrgdtreerreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecuffhomhgrihhnpehivghtfhdrohhrghdphhhtthhpshhpvggtihhfihgvuggs hihrfhgtjeeiudeirdhsohenucfrrghrrghmpehmrghilhhfrhhomheprggrmhgvlhhnih hkohhvsehfrghsthhmrghilhdrfhhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id CA7BCC200A4; Thu, 31 Oct 2019 07:22:25 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-509-ge3ec61c-fmstable-20191030v1 Mime-Version: 1.0 Message-Id: In-Reply-To: References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> Date: Thu, 31 Oct 2019 11:21:18 +0000 From: "Alexey Melnikov" To: "Rifaat Shekh-Yusef" Cc: "The IESG" , draft-ietf-sipcore-digest-scheme@ietf.org, "A. Jean Mahoney" , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary=547831dfe7cf45cd9c29384815c86f32 Archived-At: Subject: Re: [sipcore] =?utf-8?q?Alexey_Melnikov=27s_No_Objection_on_draft-ie?= =?utf-8?q?tf-sipcore-digest-scheme-12=3A_=28with_COMMENT=29?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 11:22:29 -0000 --547831dfe7cf45cd9c29384815c86f32 Content-Type: text/plain Hi Rifaat, On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > Thanks Alexey! > > I am fine with the first two comments, and will fix these in the coming version of the document. > > I am not sure I follow the 3rd one. Why do you see the need for a minimum number of hex digits? You do say that the number of hex digits match the hash lenght, so it is probably Ok. However empty value is never valid (and I am worried it might hit some boundary condition bug in implementations), so prohibiting it in ABNF would be the best. Best Regards, Alexey > > Regards, > Rifaat > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker wrote: >> Alexey Melnikov has entered the following ballot position for >> draft-ietf-sipcore-digest-scheme-12: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> I am agreeing with Alissa's DISCUSS. >> >> Also, I have a few comments of my own: >> >> 1) Last para of Section 2.1: >> >> 2.1. Hash Algorithms >> >> A UAS prioritizes which algorithm to use based on the ordering of the >> challenge header fields in the response it is preparing. >> >> This looks either wrong or confusing to me. I think you are just saying here >> that the order is decided by the server at this point. >> >> That >> process is specified in section 2.3 and parallels the process used in >> HTTP specified by [RFC7616]. >> >> So based on the above, my suggested replacement for both sentences: >> >> A UAS prioritizes which algorithm to use based on its policy, >> which is specified in section 2.3 and parallels the process used in >> HTTP specified by [RFC7616]. >> >> 2) Last para of Section 2.4: >> >> If the UAC cannot respond to any of the challenges in the response, >> then it SHOULD abandon attempts to send the request unless a local >> policy dictates otherwise. >> >> Is trying other non Digest algorithms covered by "SHOULD abandon"? >> If yes, maybe you should make this clearer. >> >> For example, if the UAC does not have >> credentials or has stale credentials for any of the realms, the UAC >> will abandon the request. >> >> 3) In Section 2.7: >> >> request-digest = LDQUOT *LHEX RDQUOT >> >> This now allows empty value. I suggest you specify a minimum number of hex >> digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". >> >> --547831dfe7cf45cd9c29384815c86f32 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
Hi Rifaat,
<= /div>

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-= Yusef wrote:
Thanks Alexey!

I a= m fine with the first two comments, and will fix these in the coming ver= sion of the document.

I am not sure I= follow the 3rd one. Why do you see the need for a minimum number of hex= digits?
You do say that the number of = hex digits match the hash lenght, so it is probably Ok. However empty va= lue is never valid (and I am worried it might hit some boundary conditio= n bug in implementations), so prohibiting it in ABNF would be the best.<= br>

Best Regards,
Alexey

Re= gards,
 Rifaat



On Wed, Oct 30, 2019 at 1:16 PM Alexey Melni= kov via Datatracker <noreply@ietf= .org> wrote:
Alexey Melnikov has entered the follow= ing ballot position for
draft-ietf-sipcore-digest-scheme-= 12: No Objection

When responding, please = keep the subject line intact and reply to all
email addre= sses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

for more information = about IESG DISCUSS and COMMENT positions.

=
The document, along with other ballot positions, can be= found here:

=


----------------------------= ------------------------------------------
COMMENT:
--------------------------------------------------------------= --------

I am agreeing with Alissa's DISC= USS.

Also, I have a few comments of my ow= n:

1) Last para of Section 2.1:
=

2.1.  Hash Algorithms

   A UAS prioritizes which algorithm to use based on t= he ordering of the
   challenge header fields i= n the response it is preparing.

This look= s either wrong or confusing to me. I think you are just saying here
<= /div>
that the order is decided by the server at this point.

   That
   p= rocess is specified in section 2.3 and parallels the process used in
=
   HTTP specified by [RFC7616].
So based on the above, my suggested replacement for both se= ntences:

   A UAS prioritizes w= hich algorithm to use based on its policy,
   w= hich is specified in section 2.3 and parallels the process used in
   HTTP specified by [RFC7616].

<= /div>
2) Last para of Section 2.4:

&= nbsp;  If the UAC cannot respond to any of the challenges in the re= sponse,
   then it SHOULD abandon attempts to s= end the request unless a local
   policy dictat= es otherwise.

Is trying other non Digest = algorithms covered by "SHOULD abandon"?
If yes, maybe you= should make this clearer.

   F= or example, if the UAC does not have
   credent= ials or has stale credentials for any of the realms, the UAC
   will abandon the request.

3) In Section 2.7:

     = request-digest =3D LDQUOT *LHEX RDQUOT

T= his now allows empty value. I suggest you specify a minimum number of he= x
digits allowed in the ABNF. Or at least change "*LHEX" = to "2*LHEX".



--547831dfe7cf45cd9c29384815c86f32-- From nobody Thu Oct 31 06:11:47 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80991120099; Thu, 31 Oct 2019 06:11:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFp6Tg17sjQo; Thu, 31 Oct 2019 06:11:37 -0700 (PDT) Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8320B120058; Thu, 31 Oct 2019 06:11:37 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id z10so5316558ilo.8; Thu, 31 Oct 2019 06:11:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OWfT/kGZ/2NXGOPa1Skg5c1fMVN8DoRWbo7lU1Ifh1g=; b=C9PV7EK88i+eKZ1bkvJiMwUMYtjvLdm4/PISbdwhKrwB75VJUO0iGagDPh6uwMBrBn 5xp1baj4VgPA+I0Yjr1t1PapzCmYGGEO9c7H3+vyigx13vDr6BCA1a5wylSYEECjLTfw 0DCmxTSzSe+LOGlJ4OG9oear1fzDn2LFnFVfxFKbHSYjnMWYTu+df22ncVUtCvZGZtCa 7zxkdJmR7c9Hi1JZFGcpOfpA0ykbjCQeSW2GdqFs7oBU3XHUZ9t13KKK2yzsEMwiUpb+ Nc/P42IASHOyaDaV4FMcvYRCTrzKit8w77G+zb3WeXZ2ZyZhnMGoOwm2c62tECoVQGp0 A0XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OWfT/kGZ/2NXGOPa1Skg5c1fMVN8DoRWbo7lU1Ifh1g=; b=R0cixDi11bOwg8sh8M9MK6YABmyCyAdOWOI+h2X3zMXnxqEvEt/eVij57HogSHJfOX H7VVnjSJLDbSJSg72M4R6Ur9dg3nq92SUMJ53qdrm5mEu5qglQY5n9kubRz2raykkK1d uGXuYd7cmX92KMXMZjn0mIaISb4dXLLFlOA1E53Mh0qA0eiWbunfFsTabvo+lh0q7N6K 7ZZghmZLWJUf915eMt79g0yE3uz7KKeltkynkjzbcriUVxhqVZ+kKrLzsZ143YNMNKd7 pvI1yChcLMgzTGnvKNYFRsiehyVOUxQ5XN6a5FtndL5hraq7Vaequ7lxUzMH1Px25cMD OE2g== X-Gm-Message-State: APjAAAW/4718HSEtnEz4HVcLrv1Ktg/s1kKaSYyXQb6qUvG8pFWIv9B/ 00IIbGx8vSPutdM29oknMgAuifn4FyVTWXnq1i4= X-Google-Smtp-Source: APXvYqzw5lZ38eQWmABQeihMdWkLxYKtyPEkydw87YmqG3GdQ/XKSMtQeC8SjtzoHkZfBYQ4FOi25M4nvCV4BPjMbPI= X-Received: by 2002:a92:8897:: with SMTP id m23mr5788704ilh.36.1572527496733; Thu, 31 Oct 2019 06:11:36 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 09:11:25 -0400 Message-ID: To: Alexey Melnikov Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, "A. Jean Mahoney" , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="000000000000d7aaef059634964c" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:11:40 -0000 --000000000000d7aaef059634964c Content-Type: text/plain; charset="UTF-8" Hi Alexey, I am fine with Paul's suggestion. Are you ok with "32*LHEX"? Regards, Rfaat On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov wrote: > Hi Rifaat, > > On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > I am not sure I follow the 3rd one. Why do you see the need for a minimum > number of hex digits? > > You do say that the number of hex digits match the hash lenght, so it is > probably Ok. However empty value is never valid (and I am worried it might > hit some boundary condition bug in implementations), so prohibiting it in > ABNF would be the best. > > Best Regards, > Alexey > > > Regards, > Rifaat > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < > noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Alissa's DISCUSS. > > Also, I have a few comments of my own: > > 1) Last para of Section 2.1: > > 2.1. Hash Algorithms > > A UAS prioritizes which algorithm to use based on the ordering of the > challenge header fields in the response it is preparing. > > This looks either wrong or confusing to me. I think you are just saying > here > that the order is decided by the server at this point. > > That > process is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > So based on the above, my suggested replacement for both sentences: > > A UAS prioritizes which algorithm to use based on its policy, > which is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request unless a local > policy dictates otherwise. > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > If yes, maybe you should make this clearer. > > For example, if the UAC does not have > credentials or has stale credentials for any of the realms, the UAC > will abandon the request. > > 3) In Section 2.7: > > request-digest = LDQUOT *LHEX RDQUOT > > This now allows empty value. I suggest you specify a minimum number of hex > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > --000000000000d7aaef059634964c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Alexey,

I am fine with Pa= ul's suggestion.
Are you ok with=C2=A0"32*LHEX"?

Regards,
=C2=A0Rfaat


On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
Hi Ri= faat,

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat= Shekh-Yusef wrote:
Thanks Alexey!
=

I am fine with the first two comments, and will f= ix these in the coming version of the document.

I am not sure I follow the 3rd one. Why do you see the need for a m= inimum number of hex digits?
You do say th= at the number of hex digits match the hash lenght, so it is probably Ok. Ho= wever empty value is never valid (and I am worried it might hit some bounda= ry condition bug in implementations), so prohibiting it in ABNF would be th= e best.

Best Regards,
Alexey

Regards,
=C2=A0Rifaat
<= div>



On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker <<= a href=3D"mailto:noreply@ietf.org" target=3D"_blank">noreply@ietf.org&g= t; wrote:
Alexey Melnikov has ent= ered the following ballot position for
draft-ietf-sipcore-di= gest-scheme-12: No Objection

When responding= , please keep the subject line intact and reply to all
email= addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

for more inf= ormation about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can= be found here:
htt= ps://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/



-------------------= ---------------------------------------------------
COMMENT:=
-----------------------------------------------------------= -----------

I am agreeing with Alissa's = DISCUSS.

Also, I have a few comments of my o= wn:

1) Last para of Section 2.1:

2.1.=C2=A0 Hash Algorithms

=C2=A0 =C2=A0A UAS prioritizes which algorithm to use based on the order= ing of the
=C2=A0 =C2=A0challenge header fields in the respo= nse it is preparing.

This looks either wrong= or confusing to me. I think you are just saying here
that t= he order is decided by the server at this point.

<= div> =C2=A0 =C2=A0That
=C2=A0 =C2=A0process is specified in = section 2.3 and parallels the process used in
=C2=A0 =C2=A0H= TTP specified by [RFC7616].

So based on the = above, my suggested replacement for both sentences:

=C2=A0 =C2=A0A UAS prioritizes which algorithm to use based on its = policy,
=C2=A0 =C2=A0which is specified in section 2.3 and p= arallels the process used in
=C2=A0 =C2=A0HTTP specified by = [RFC7616].

2) Last para of Section 2.4:
<= /div>

=C2=A0 =C2=A0If the UAC cannot respond to any of= the challenges in the response,
=C2=A0 =C2=A0then it SHOULD= abandon attempts to send the request unless a local
=C2=A0 = =C2=A0policy dictates otherwise.

Is trying o= ther non Digest algorithms covered by "SHOULD abandon"?
=
If yes, maybe you should make this clearer.

=
=C2=A0 =C2=A0For example, if the UAC does not have
=C2= =A0 =C2=A0credentials or has stale credentials for any of the realms, the U= AC
=C2=A0 =C2=A0will abandon the request.
3) In Section 2.7:

=C2=A0 =C2= =A0 =C2=A0 request-digest =3D LDQUOT *LHEX RDQUOT

=
This now allows empty value. I suggest you specify a minimum number o= f hex
digits allowed in the ABNF. Or at least change "*= LHEX" to "2*LHEX".


=

--000000000000d7aaef059634964c-- From nobody Thu Oct 31 06:13:17 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB9B81201EA; Thu, 31 Oct 2019 06:13:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=c//yZCu9; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=P5CITiWt Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1imcanyPPiz; Thu, 31 Oct 2019 06:13:12 -0700 (PDT) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173021201A3; Thu, 31 Oct 2019 06:13:12 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 66D4C20A82; Thu, 31 Oct 2019 09:13:11 -0400 (EDT) Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Thu, 31 Oct 2019 09:13:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=kBsuWf07PLQmG9fUJHgBV1mK4ob0+vj ELThkfB6Me/Q=; b=c//yZCu99UgXp3+aX6iYqF+a06w8vRjSzLRO1RmTpTKz9sx ePe/5LmmEPw6sQptpEIStOUZI67VMp7fP133VixmSNGKWa/eTFmMQSrwiT857aSc 0D1XaxigEvd1uij2b43AJt0tpJOZytbcQxkb2wAV+eeoaOmPEJSOI4KMLRbEXYzj uHTXFJ/XqY4pM4PozQyNsvp9SpOfPQBnTWO0l/7pvTg2FxGiEYS5VDzPZpvkSw3l Ir9mWjPwLk71joj8D7LhzutCaUPwo3gVKJvL61QCCtgvh7beLyHpmuCROZODvIDa DTBD5gwWSUQ5pNrKGO5mk787cbmXXEeLL576GtA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=kBsuWf 07PLQmG9fUJHgBV1mK4ob0+vjELThkfB6Me/Q=; b=P5CITiWtnrlDm7OUVmhz1F We2SSQw2v2ZoZ0LIiXElLSx40C1CGCD2OSK925y2SR9fn5Uq+Hvn452F30DFhPwj SsLD2ClNCjWu8DHijNupN1z/WSXrA7+wIi19DVbU0vV8tbyRiLBsaPOpOh/gFuTW bNuR6tf2Fs7wQtNprJ8eB+guVeZWAp35SJ8fcZe8HHufASn7tc8A9z6E08+W/QKK SvVzwxj54TKBFyt/moc/eZbhXfVBVDT5Z/hrN2Im9ukuPkyfuIafcQVr4BN4jOIO BpgiBtu0yIRSxrVXEz3Lmstg/Q44f/iLUNdGtdhpoFxPMoSRQ2wvuFzZ0wkXBGIQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedruddthedggeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesrgdtreerreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecuffhomhgrihhnpehivghtfhdrohhrghdphhhtthhpshhpvggtihhfihgvuggs hihrfhgtjeeiudeirdhsohenucfrrghrrghmpehmrghilhhfrhhomheprggrmhgvlhhnih hkohhvsehfrghsthhmrghilhdrfhhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0CC54C200A4; Thu, 31 Oct 2019 09:13:11 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-509-ge3ec61c-fmstable-20191030v1 Mime-Version: 1.0 Message-Id: <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> In-Reply-To: References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> Date: Thu, 31 Oct 2019 13:12:03 +0000 From: "Alexey Melnikov" To: "Rifaat Shekh-Yusef" Cc: "The IESG" , draft-ietf-sipcore-digest-scheme@ietf.org, "A. Jean Mahoney" , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary=a32507ce14db45d18f5122e8dbd19724 Archived-At: Subject: Re: [sipcore] =?utf-8?q?Alexey_Melnikov=27s_No_Objection_on_draft-ie?= =?utf-8?q?tf-sipcore-digest-scheme-12=3A_=28with_COMMENT=29?= X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:13:15 -0000 --a32507ce14db45d18f5122e8dbd19724 Content-Type: text/plain On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote: > Hi Alexey, > > I am fine with Paul's suggestion. > Are you ok with "32*LHEX"? Yes! Thank you, Alexey > > Regards, > Rfaat > > > On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov wrote: >> __ >> Hi Rifaat, >> >> On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: >>> Thanks Alexey! >>> >>> I am fine with the first two comments, and will fix these in the coming version of the document. >>> >>> I am not sure I follow the 3rd one. Why do you see the need for a minimum number of hex digits? >> You do say that the number of hex digits match the hash lenght, so it is probably Ok. However empty value is never valid (and I am worried it might hit some boundary condition bug in implementations), so prohibiting it in ABNF would be the best. >> >> Best Regards, >> Alexey >>> >>> Regards, >>> Rifaat >>> >>> >>> >>> On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker wrote: >>>> Alexey Melnikov has entered the following ballot position for >>>> draft-ietf-sipcore-digest-scheme-12: No Objection >>>> >>>> When responding, please keep the subject line intact and reply to all >>>> email addresses included in the To and CC lines. (Feel free to cut this >>>> introductory paragraph, however.) >>>> >>>> >>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>>> for more information about IESG DISCUSS and COMMENT positions. >>>> >>>> >>>> The document, along with other ballot positions, can be found here: >>>> https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ >>>> >>>> >>>> >>>> ---------------------------------------------------------------------- >>>> COMMENT: >>>> ---------------------------------------------------------------------- >>>> >>>> I am agreeing with Alissa's DISCUSS. >>>> >>>> Also, I have a few comments of my own: >>>> >>>> 1) Last para of Section 2.1: >>>> >>>> 2.1. Hash Algorithms >>>> >>>> A UAS prioritizes which algorithm to use based on the ordering of the >>>> challenge header fields in the response it is preparing. >>>> >>>> This looks either wrong or confusing to me. I think you are just saying here >>>> that the order is decided by the server at this point. >>>> >>>> That >>>> process is specified in section 2.3 and parallels the process used in >>>> HTTP specified by [RFC7616]. >>>> >>>> So based on the above, my suggested replacement for both sentences: >>>> >>>> A UAS prioritizes which algorithm to use based on its policy, >>>> which is specified in section 2.3 and parallels the process used in >>>> HTTP specified by [RFC7616]. >>>> >>>> 2) Last para of Section 2.4: >>>> >>>> If the UAC cannot respond to any of the challenges in the response, >>>> then it SHOULD abandon attempts to send the request unless a local >>>> policy dictates otherwise. >>>> >>>> Is trying other non Digest algorithms covered by "SHOULD abandon"? >>>> If yes, maybe you should make this clearer. >>>> >>>> For example, if the UAC does not have >>>> credentials or has stale credentials for any of the realms, the UAC >>>> will abandon the request. >>>> >>>> 3) In Section 2.7: >>>> >>>> request-digest = LDQUOT *LHEX RDQUOT >>>> >>>> This now allows empty value. I suggest you specify a minimum number of hex >>>> digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". >>>> >>>> >> --a32507ce14db45d18f5122e8dbd19724 Content-Type: text/html Content-Transfer-Encoding: quoted-printable
On Thu, Oct 31,= 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote:
Hi Alexey,

I am fine with Paul's suggestion.
Are you ok with&n= bsp;"32*LHEX"?
Yes!

Tha= nk you,
Alexey
=
Regards,
 Rfaat
<= br>

On Thu, Oct 31, 2019 at 7:22 AM Alexey Melni= kov <aamelnikov@fastmail.fm= > wrote:

Hi Rifaat,
<= /div>

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-= Yusef wrote:
Thanks Alexey!

I am fine with the first two comments, and w= ill fix these in the coming version of the document.

<= /div>
I am not sure I follow the 3rd one. Why do you see the n= eed for a minimum number of hex digits?
You do say that the number of hex digits match the hash lenght, so it i= s probably Ok. However empty value is never valid (and I am worried it m= ight hit some boundary condition bug in implementations), so prohibiting= it in ABNF would be the best.

Best Regards= ,
Alexey

Regards,=
 Rifaat


<= /div>

On Wed, Oct 30, 2019 at 1= :16 PM Alexey Melnikov via Datatracker <noreply@ietf.org> wrote:
Alexey Melnikov has entered the following ba= llot position for
draft-ietf-sipcore-digest-scheme-12: No = Objection

When responding, please keep the = subject line intact and reply to all
email addresses inclu= ded in the To and CC lines. (Feel free to cut this
introdu= ctory paragraph, however.)


for more information about IESG DISC= USS and COMMENT positions.


T= he document, along with other ballot positions, can be found here:



---------------------------------------------------= -------------------
COMMENT:
---------------= -------------------------------------------------------
I am agreeing with Alissa's DISCUSS.

Also, I have a few comments of my own:

1) Last para of Section 2.1:

2.1.  = Hash Algorithms

   A UAS prioriti= zes which algorithm to use based on the ordering of the
&n= bsp;  challenge header fields in the response it is preparing.
<= /div>

This looks either wrong or confusing to me. I t= hink you are just saying here
that the order is decided by= the server at this point.

   Tha= t
   process is specified in section 2.3 and par= allels the process used in
   HTTP specified by = [RFC7616].

So based on the above, my sugges= ted replacement for both sentences:

  =  A UAS prioritizes which algorithm to use based on its policy,
<= /div>
   which is specified in section 2.3 and parallels t= he process used in
   HTTP specified by [RFC7616= ].

2) Last para of Section 2.4:

   If the UAC cannot respond to any of the c= hallenges in the response,
   then it SHOULD aba= ndon attempts to send the request unless a local
  &n= bsp;policy dictates otherwise.

Is trying ot= her non Digest algorithms covered by "SHOULD abandon"?
If = yes, maybe you should make this clearer.

&n= bsp;  For example, if the UAC does not have
  &n= bsp;credentials or has stale credentials for any of the realms, the UAC<= br>
   will abandon the request.

<= /div>
3) In Section 2.7:

    =   request-digest =3D LDQUOT *LHEX RDQUOT

This now allows empty value. I suggest you specify a minimum number o= f hex
digits allowed in the ABNF. Or at least change "*LHE= X" to "2*LHEX".




--a32507ce14db45d18f5122e8dbd19724-- From nobody Thu Oct 31 06:19:37 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DABB120052; Thu, 31 Oct 2019 06:19:32 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sipcore@ietf.org Message-ID: <157252797201.30364.11393682991189471576@ietfa.amsl.com> Date: Thu, 31 Oct 2019 06:19:32 -0700 Archived-At: Subject: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:19:32 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Session Initiation Protocol Core WG of the IETF. Title : The Session Initiation Protocol (SIP) Digest Authentication Scheme Author : Rifaat Shekh-Yusef Filename : draft-ietf-sipcore-digest-scheme-14.txt Pages : 9 Date : 2019-10-31 Abstract: This document updates RFC 3261 by updating the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for more secure digest algorithms, e.g., SHA-256 and SHA-512-256, to replace the broken MD5 algorithm. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14 https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Oct 31 06:20:30 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CA2112092B; Thu, 31 Oct 2019 06:20:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qqD_yZ7TpBdd; Thu, 31 Oct 2019 06:20:18 -0700 (PDT) Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCB4A1201DB; Thu, 31 Oct 2019 06:20:18 -0700 (PDT) Received: by mail-il1-x12b.google.com with SMTP id m16so5302473iln.13; Thu, 31 Oct 2019 06:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GQkN/jAF/0LLFJf12m1Uiub+W2b1qFda3p8OPNODxZs=; b=b6hsZTTOdygg7r3PEyPa/peTr+8KSogTeOqyXak7/7PqW2i9oHVXBoofGFFS70ULgB YY7HX8B+9hqfXOrNL8/inswbkCVrBIEyCBhSB3ROcC3LbTWt5VJCVBNEUbd6kFQcpS8V 8b6+HZZRndwEGN5TC8Hw/sYHppZ4+WwWD2Me3T3L2dWPtpKCrXjwqLAmlDx9tKzHBhd4 dpodg1/MXZdtP1bY0Oh8lKprgaP7XmSi1nL85FGVtiEDqO+fik0UNCbcMFaoERLq2Prz GOov7swI+HZZrMxNCLP1OPTwrQRb5aipWhxrREEKGkTqRIQ552h0ugD1UoDbT4wHLp11 EsHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GQkN/jAF/0LLFJf12m1Uiub+W2b1qFda3p8OPNODxZs=; b=AdPvDHZlvpZ6iDb3zlwl8EAz+prg/AjcoVClHs+T1VfuNatFAK3XZnJYsz4goVfDYk LlWhjqZEMCwoTd/EUKZvzjJ5WLHwnuWJPSFDS33NlFpgaNUx4rQC+eQ6K/T48prEUbqk pSwLmFRifpznjBjbeYu4/XQKTwZSfFG13utWGaKVZHM+iRERp74tSEiZKoWqBeCEmzaf VCMWnyZ57x3FekABkvtW98vgEEQeUoEo8gnt0uV2GrwutbHhwBoYI0oqM0T3/rXVSxeM RZgIspZlQD0j4EcwMYhXNTPUagm6b/nFLEVSRDbjte9/Ok44Xm7hTdMuTJnnC+OBwGgh Yt1Q== X-Gm-Message-State: APjAAAVYCj/epWfNpMlz4qxLn+dfkcxZ3AuUBh1u7NSb4ce/9Po0e/mC FTGCwGEzOgGdV95AL65tk5zNaKnPA9WErSU162Q= X-Google-Smtp-Source: APXvYqyNOtWfNAqPTWsllVI0yIMMgbGuqQB38F1PH/J0ipq27qJxsfsX0I00tEUqIUPxL4TlIrSacq/AUPjZwPXEGh4= X-Received: by 2002:a92:8897:: with SMTP id m23mr5833934ilh.36.1572528018099; Thu, 31 Oct 2019 06:20:18 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> In-Reply-To: <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 09:20:06 -0400 Message-ID: To: Alexey Melnikov Cc: The IESG , draft-ietf-sipcore-digest-scheme@ietf.org, "A. Jean Mahoney" , sipcore-chairs@ietf.org, SIPCORE Content-Type: multipart/alternative; boundary="000000000000eb135c059634b5fa" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:20:29 -0000 --000000000000eb135c059634b5fa Content-Type: text/plain; charset="UTF-8" Done. On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov wrote: > On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote: > > Hi Alexey, > > I am fine with Paul's suggestion. > Are you ok with "32*LHEX"? > > Yes! > > Thank you, > Alexey > > > Regards, > Rfaat > > > On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov > wrote: > > > Hi Rifaat, > > On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > I am not sure I follow the 3rd one. Why do you see the need for a minimum > number of hex digits? > > You do say that the number of hex digits match the hash lenght, so it is > probably Ok. However empty value is never valid (and I am worried it might > hit some boundary condition bug in implementations), so prohibiting it in > ABNF would be the best. > > Best Regards, > Alexey > > > Regards, > Rifaat > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < > noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-sipcore-digest-scheme-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I am agreeing with Alissa's DISCUSS. > > Also, I have a few comments of my own: > > 1) Last para of Section 2.1: > > 2.1. Hash Algorithms > > A UAS prioritizes which algorithm to use based on the ordering of the > challenge header fields in the response it is preparing. > > This looks either wrong or confusing to me. I think you are just saying > here > that the order is decided by the server at this point. > > That > process is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > So based on the above, my suggested replacement for both sentences: > > A UAS prioritizes which algorithm to use based on its policy, > which is specified in section 2.3 and parallels the process used in > HTTP specified by [RFC7616]. > > 2) Last para of Section 2.4: > > If the UAC cannot respond to any of the challenges in the response, > then it SHOULD abandon attempts to send the request unless a local > policy dictates otherwise. > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > If yes, maybe you should make this clearer. > > For example, if the UAC does not have > credentials or has stale credentials for any of the realms, the UAC > will abandon the request. > > 3) In Section 2.7: > > request-digest = LDQUOT *LHEX RDQUOT > > This now allows empty value. I suggest you specify a minimum number of hex > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > > --000000000000eb135c059634b5fa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Done.

On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov <<= a href=3D"mailto:aamelnikov@fastmail.fm">aamelnikov@fastmail.fm> wro= te:
=
On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote:
<= blockquote type=3D"cite" id=3D"gmail-m_-8405079738549438706qt">
Hi Alexey,

I am fine with Paul's= suggestion.
Are you ok with=C2=A0"32*LHEX"?
Yes!
=

Thank you,
Alexey
<= span style=3D"color:rgb(0,0,0)">
Regards,
=C2=A0Rfaat


On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <aamelnikov@fastmail.fm> w= rote:

= Hi Rifaat,

On Wed, Oct 30, 2019, at 9:50 PM, R= ifaat Shekh-Yusef wrote:
Thanks Alexey!

I am fine wit= h the first two comments, and will fix these in the coming version of the d= ocument.

I am not sure I follow the 3rd = one. Why do you see the need for a minimum number of hex digits?
<= /div>
You do say that the number of hex digits match the h= ash lenght, so it is probably Ok. However empty value is never valid (and I= am worried it might hit some boundary condition bug in implementations), s= o prohibiting it in ABNF would be the best.

Be= st Regards,
Alexey

Regards,
=C2=A0Rifaat
<= div>


On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker <noreply@ietf.org> wr= ote:
Alexey Melnikov has entered = the following ballot position for
draft-ietf-sipcore-digest-s= cheme-12: No Objection

When responding, please= keep the subject line intact and reply to all
email addresse= s included in the To and CC lines. (Feel free to cut this
int= roductory paragraph, however.)


for more information about= IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:

<= div>

-----------------------------------------= -----------------------------
COMMENT:
--------= --------------------------------------------------------------

I am agreeing with Alissa's DISCUSS.
Also, I have a few comments of my own:

=
1) Last para of Section 2.1:

2.1.=C2=A0 H= ash Algorithms

=C2=A0 =C2=A0A UAS prioritizes = which algorithm to use based on the ordering of the
=C2=A0 = =C2=A0challenge header fields in the response it is preparing.

This looks either wrong or confusing to me. I think you ar= e just saying here
that the order is decided by the server at= this point.

=C2=A0 =C2=A0That
= =C2=A0 =C2=A0process is specified in section 2.3 and parallels the process = used in
=C2=A0 =C2=A0HTTP specified by [RFC7616].

So based on the above, my suggested replacement for both = sentences:

=C2=A0 =C2=A0A UAS prioritizes whic= h algorithm to use based on its policy,
=C2=A0 =C2=A0which is= specified in section 2.3 and parallels the process used in
= =C2=A0 =C2=A0HTTP specified by [RFC7616].

2) L= ast para of Section 2.4:

=C2=A0 =C2=A0If the U= AC cannot respond to any of the challenges in the response,
= =C2=A0 =C2=A0then it SHOULD abandon attempts to send the request unless a l= ocal
=C2=A0 =C2=A0policy dictates otherwise.
Is trying other non Digest algorithms covered by "SHOULD = abandon"?
If yes, maybe you should make this clearer.

=C2=A0 =C2=A0For example, if the UAC does not ha= ve
=C2=A0 =C2=A0credentials or has stale credentials for any = of the realms, the UAC
=C2=A0 =C2=A0will abandon the request.=

3) In Section 2.7:

=C2=A0 =C2=A0 =C2=A0 request-digest =3D LDQUOT *LHEX RDQUOT

This now allows empty value. I suggest you specify a minim= um number of hex
digits allowed in the ABNF. Or at least chan= ge "*LHEX" to "2*LHEX".



--000000000000eb135c059634b5fa-- From nobody Thu Oct 31 06:37:52 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 774A012088E; Thu, 31 Oct 2019 06:37:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S17B1nhsWEBl; Thu, 31 Oct 2019 06:37:32 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30047.outbound.protection.outlook.com [40.107.3.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 590C4120811; Thu, 31 Oct 2019 06:37:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=csJ1x1PqnyClETdt3YBkNdz1ToieV+WiIsG3Ki+KECbJXH+DoISeeahgmD7HT20DAVoLcM2c/iXpNhiSNlktEPv9Uyonf6+GXJnLwEEn2SHP1kjpJuiMOFvsGrA4SZuo08REX1IbCvwDdfLUoZR0y8TV7ZAxq4fIjRUU6Bip3CPktA2Y3U3nxa4EuQECtqqNRWxulxhQI+tFPTxCn0J9miTRCln1E2cEQ0625+S+TAg0ON4HzEgU2AwB5+DYcv4lIH7/rwzB+rNPSG+UWoQxysEDgjTg8qlZMxtFTJiCZXFLyjCZhQy7CTR1Ivar11qc6siiUtOYHeeJX3JuCN2UyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mXAFD9XgjIdimvGlfbYDQkz+Mx2WfUfXbAymPD8CmOw=; b=g5kg5HF2MgVjfl5wI5XI/vdd82+Tck+QzNkjQlaxni4j4Nixzlax8bKN3UHp0JJqF5Fa0UYw9cwDQ9JYXN2+mtql3GyavxGR5+ussdUXvNe6T4AscJw/hfxdx43SO7oGbJ6m3Ld2RsSoZN314ZvGl3vBQTrgJkX/twghOgjgzB98mQMFjthEXqdT7GhorVTLoDkOGeKHF0kxBp3r/6JDWnEKwu/XvpNkgHVmsnARsJ6qHK/Ak0OuFftIGNVk61kO7sdw8WRD9ry5n02RtxBANrl43g6ojNmSM7VxBwzrR9NN8hTtNGWEEwhFRJxULkyUEuWYPY3bU2cGEc0RTAIBcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mXAFD9XgjIdimvGlfbYDQkz+Mx2WfUfXbAymPD8CmOw=; b=MbyQbarbDg45IYerVLpkJ1mtTOh/PbcrJQH+26JXT+HPxcVcclq8/AGUs/rt7fbTGS2oZA1GFucfhkklvDia3blQdxXNevJ0AoaO9tC8WNSABzJv06ggoeSwXVBPZUnQ85RbR9G8CpsXmLCUlE2kU5sEv8M/L7qnLbsFjcCEpVg= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3276.eurprd07.prod.outlook.com (10.170.244.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Thu, 31 Oct 2019 13:37:30 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 13:37:30 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef , Alexey Melnikov CC: "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA Date: Thu, 31 Oct 2019 13:37:29 +0000 Message-ID: <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 66e4b7ef-816f-49c8-985b-08d75e077a01 x-ms-traffictypediagnostic: HE1PR07MB3276: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(366004)(39860400002)(376002)(346002)(18543002)(189003)(199004)(99286004)(71200400001)(3846002)(66946007)(54896002)(11346002)(7736002)(6116002)(81166006)(53546011)(486006)(6306002)(25786009)(2616005)(446003)(6512007)(71190400001)(81156014)(476003)(86362001)(6246003)(6506007)(236005)(33656002)(76116006)(36756003)(66476007)(66446008)(64756008)(8676002)(66556008)(5660300002)(606006)(76176011)(21615005)(58126008)(5070765005)(44832011)(2906002)(14444005)(54906003)(4326008)(110136005)(26005)(8936002)(102836004)(478600001)(316002)(6486002)(229853002)(14454004)(186003)(966005)(6436002)(66066001)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3276; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EqCYu3W9fjoHhvrxgAs85XMcSnE0qit2n3ce90UbtzFE2cJ2lv6BfV+OeOt7Hgp90nMThG84fOOJDBsIdEos2/Bf+w1JlOLZPHJTdNaKHKXi0Io1AJLKVaOqleizRXUX2vrP0j5mZve1kNV6Kkv+8YfyE6shJiIumEU0/yF111WRNt26Osrv8AzLlDNz0sUANlRDrkf3zHm7yFXSIrGZTethx+abjvHPKeLZ4utaNx2S7LM8e1/sjuvXFXoleBq1SLXi+6uwKKl8QT3+ra0TjwtFmBa4i2RMG1hWSWCVuWFYKErnPVC1hzjo6x1uLWzuOtEAn+tE5KYGUSAzj+wya3P6C4Ylf9lCsJ8L0o6NmrIzZPeBrgNJ5yNS14naUo8WpjSngpOr9jFjZD9UN333H3f+sUwbQSEUxOtVkhyP3kOottrIu9bDuVa7w9ks3dw9EEhV5tgMBG/+tK1D7fHfK3MlDLdGsTY8PgSAx2Xq9/k= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_7B4921E166A34D6DA9438EC0F44195CCericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 66e4b7ef-816f-49c8-985b-08d75e077a01 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 13:37:29.9182 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZlsiPRsEjCmwl5VD/GOz8Z6OnEZCmdowO2eeosklGbCEPAHYZdbgWrgZ4z4f2FGO+lTD+k/XVjiL2KRY7pNXpEfYDEk7CP4H39VEsNH4q8s= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3276 Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:37:45 -0000 --_000_7B4921E166A34D6DA9438EC0F44195CCericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 DQpIaSwNCg0KVGhlIHJlYXNvbiBmb3IgdGhlIGVtcHR5IHZhbHVlIGNvbWVzIGZyb20gSU1TIGFu ZCBBS0EsIHdoZXJlIHlvdSBuZWVkIHRvIGluY2x1ZGUgdGhlIHVzZXIgaWQgYWxyZWFkeSBpbiB0 aGUgaW5pdGlhbCBSRUdJU1RFUiByZXF1ZXN0ICh0aGlzIHNlZW1zIHRvIGJlIG1pc3NpbmcgZnJv bSBSRkMgMzMxMCwgYnV0IHRoYXTigJlzIGEgc2VwYXJhdGUgdG9waWMpIGluIG9yZGVyIGZvciB0 aGUgc2VydmVyIHRvIGNyZWF0ZSB0aGUgY2hhbGxlbmdlLCAgbWVhbmluZyB0aGF0IGluIHRoZSBp bml0aWFsIFJFR0lTVEVSIHJlcXVlc3QgeW91IGluY2x1ZGUgYW4gQXV0aG9yaXphdGlvbiBoZWFk ZXIgZmllbGQgd2l0aCB0aGUgdXNlcm5hbWUgcGFyYW1ldGVyIGNhcnJ5aW5nIHRoZSBJTVMgcHJp dmF0ZSB1c2VyIGlkZW50aXR5LCB0aGUgcmVhbG0gcGFyYW1ldGVyIGFuZCB0aGUgdXJpIHBhcmFt ZXRlci4gQXQgdGhpcyBwb2ludCB5b3Ugb2J2aW91c2x5IGRvbuKAmXQgeWV0IGhhdmUgdGhlIHJl c3BvbnNlLCBzbyBpbiBJTVMgaXQgaXMgc3BlY2lmaWVkIHRoYXQgdGhlIHJlc3BvbnNlIHBhcmFt ZXRlciBpcyBpbnNlcnRlZCB3aXRoIGFuIGVtcHR5IHZhbHVlLg0KDQpXSFkgaXQgd2FzIHNwZWNp ZmllZCB0aGF0IHdheSAoaW5zdGVhZCBvZiBzaW1wbHkgbm90IGluY2x1ZGluZyB0aGUgcmVzcG9u c2UgcGFyYW1ldGVyKSBJIGRvbuKAmXQga25vdywgYnV0IEkgZG8ga25vdyB0aGF0IGl0IGhhcyBi ZWVuIGltcGxlbWVudGVkIGFuZCBkZXBsb3llZCB0aGF0IHdheSBmb3IgbWFueSB5ZWFycy4NCg0K UmVnYXJkcywNCg0KQ2hyaXN0ZXINCg0KDQpGcm9tOiBzaXBjb3JlIDxzaXBjb3JlLWJvdW5jZXNA aWV0Zi5vcmc+IG9uIGJlaGFsZiBvZiBSaWZhYXQgU2hla2gtWXVzZWYgPHJpZmFhdC5pZXRmQGdt YWlsLmNvbT4NCkRhdGU6IFRodXJzZGF5LCAzMSBPY3RvYmVyIDIwMTkgYXQgMTUuMjANClRvOiBB bGV4ZXkgTWVsbmlrb3YgPGFhbWVsbmlrb3ZAZmFzdG1haWwuZm0+DQpDYzogInNpcGNvcmUtY2hh aXJzQGlldGYub3JnIiA8c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc+LCAiZHJhZnQtaWV0Zi1zaXBj b3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmciIDxkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNj aGVtZUBpZXRmLm9yZz4sICJpZXNnQGlldGYub3JnIiA8aWVzZ0BpZXRmLm9yZz4sICJzaXBjb3Jl QGlldGYub3JnIiA8c2lwY29yZUBpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbc2lwY29yZV0gQWxl eGV5IE1lbG5pa292J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qt c2NoZW1lLTEyOiAod2l0aCBDT01NRU5UKQ0KDQpEb25lLg0KDQpPbiBUaHUsIE9jdCAzMSwgMjAx OSBhdCA5OjEzIEFNIEFsZXhleSBNZWxuaWtvdiA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxtYWls dG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+IHdyb3RlOg0KT24gVGh1LCBPY3QgMzEsIDIwMTks IGF0IDE6MTEgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZToNCkhpIEFsZXhleSwNCg0KSSBh bSBmaW5lIHdpdGggUGF1bCdzIHN1Z2dlc3Rpb24uDQpBcmUgeW91IG9rIHdpdGggIjMyKkxIRVgi Pw0KWWVzIQ0KDQpUaGFuayB5b3UsDQpBbGV4ZXkNCg0KUmVnYXJkcywNCiBSZmFhdA0KDQoNCk9u IFRodSwgT2N0IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5IE1lbG5pa292IDxhYW1lbG5pa292 QGZhc3RtYWlsLmZtPG1haWx0bzphYW1lbG5pa292QGZhc3RtYWlsLmZtPj4gd3JvdGU6DQoNCkhp IFJpZmFhdCwNCg0KT24gV2VkLCBPY3QgMzAsIDIwMTksIGF0IDk6NTAgUE0sIFJpZmFhdCBTaGVr aC1ZdXNlZiB3cm90ZToNClRoYW5rcyBBbGV4ZXkhDQoNCkkgYW0gZmluZSB3aXRoIHRoZSBmaXJz dCB0d28gY29tbWVudHMsIGFuZCB3aWxsIGZpeCB0aGVzZSBpbiB0aGUgY29taW5nIHZlcnNpb24g b2YgdGhlIGRvY3VtZW50Lg0KDQpJIGFtIG5vdCBzdXJlIEkgZm9sbG93IHRoZSAzcmQgb25lLiBX aHkgZG8geW91IHNlZSB0aGUgbmVlZCBmb3IgYSBtaW5pbXVtIG51bWJlciBvZiBoZXggZGlnaXRz Pw0KWW91IGRvIHNheSB0aGF0IHRoZSBudW1iZXIgb2YgaGV4IGRpZ2l0cyBtYXRjaCB0aGUgaGFz aCBsZW5naHQsIHNvIGl0IGlzIHByb2JhYmx5IE9rLiBIb3dldmVyIGVtcHR5IHZhbHVlIGlzIG5l dmVyIHZhbGlkIChhbmQgSSBhbSB3b3JyaWVkIGl0IG1pZ2h0IGhpdCBzb21lIGJvdW5kYXJ5IGNv bmRpdGlvbiBidWcgaW4gaW1wbGVtZW50YXRpb25zKSwgc28gcHJvaGliaXRpbmcgaXQgaW4gQUJO RiB3b3VsZCBiZSB0aGUgYmVzdC4NCg0KQmVzdCBSZWdhcmRzLA0KQWxleGV5DQoNClJlZ2FyZHMs DQogUmlmYWF0DQoNCg0KDQpPbiBXZWQsIE9jdCAzMCwgMjAxOSBhdCAxOjE2IFBNIEFsZXhleSBN ZWxuaWtvdiB2aWEgRGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0Zi5vcmc8bWFpbHRvOm5vcmVwbHlA aWV0Zi5vcmc+PiB3cm90ZToNCkFsZXhleSBNZWxuaWtvdiBoYXMgZW50ZXJlZCB0aGUgZm9sbG93 aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1l LTEyOiBObyBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3Vi amVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQplbWFpbCBhZGRyZXNzZXMgaW5jbHVk ZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcw0KaW50cm9k dWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0KUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8v d3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KZm9yIG1v cmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4N Cg0KDQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2Fu IGJlIGZvdW5kIGhlcmU6DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1p ZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS8NCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNPTU1FTlQ6 DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tDQoNCkkgYW0gYWdyZWVpbmcgd2l0aCBBbGlzc2EncyBESVNDVVNTLg0K DQpBbHNvLCBJIGhhdmUgYSBmZXcgY29tbWVudHMgb2YgbXkgb3duOg0KDQoxKSBMYXN0IHBhcmEg b2YgU2VjdGlvbiAyLjE6DQoNCjIuMS4gIEhhc2ggQWxnb3JpdGhtcw0KDQogICBBIFVBUyBwcmlv cml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9uIHRoZSBvcmRlcmluZyBvZiB0 aGUNCiAgIGNoYWxsZW5nZSBoZWFkZXIgZmllbGRzIGluIHRoZSByZXNwb25zZSBpdCBpcyBwcmVw YXJpbmcuDQoNClRoaXMgbG9va3MgZWl0aGVyIHdyb25nIG9yIGNvbmZ1c2luZyB0byBtZS4gSSB0 aGluayB5b3UgYXJlIGp1c3Qgc2F5aW5nIGhlcmUNCnRoYXQgdGhlIG9yZGVyIGlzIGRlY2lkZWQg YnkgdGhlIHNlcnZlciBhdCB0aGlzIHBvaW50Lg0KDQogICBUaGF0DQogICBwcm9jZXNzIGlzIHNw ZWNpZmllZCBpbiBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxzIHRoZSBwcm9jZXNzIHVzZWQgaW4N CiAgIEhUVFAgc3BlY2lmaWVkIGJ5IFtSRkM3NjE2XS4NCg0KU28gYmFzZWQgb24gdGhlIGFib3Zl LCBteSBzdWdnZXN0ZWQgcmVwbGFjZW1lbnQgZm9yIGJvdGggc2VudGVuY2VzOg0KDQogICBBIFVB UyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9uIGl0cyBwb2xpY3ks DQogICB3aGljaCBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAyLjMgYW5kIHBhcmFsbGVscyB0aGUg cHJvY2VzcyB1c2VkIGluDQogICBIVFRQIHNwZWNpZmllZCBieSBbUkZDNzYxNl0uDQoNCjIpIExh c3QgcGFyYSBvZiBTZWN0aW9uIDIuNDoNCg0KICAgSWYgdGhlIFVBQyBjYW5ub3QgcmVzcG9uZCB0 byBhbnkgb2YgdGhlIGNoYWxsZW5nZXMgaW4gdGhlIHJlc3BvbnNlLA0KICAgdGhlbiBpdCBTSE9V TEQgYWJhbmRvbiBhdHRlbXB0cyB0byBzZW5kIHRoZSByZXF1ZXN0IHVubGVzcyBhIGxvY2FsDQog ICBwb2xpY3kgZGljdGF0ZXMgb3RoZXJ3aXNlLg0KDQpJcyB0cnlpbmcgb3RoZXIgbm9uIERpZ2Vz dCBhbGdvcml0aG1zIGNvdmVyZWQgYnkgIlNIT1VMRCBhYmFuZG9uIj8NCklmIHllcywgbWF5YmUg eW91IHNob3VsZCBtYWtlIHRoaXMgY2xlYXJlci4NCg0KICAgRm9yIGV4YW1wbGUsIGlmIHRoZSBV QUMgZG9lcyBub3QgaGF2ZQ0KICAgY3JlZGVudGlhbHMgb3IgaGFzIHN0YWxlIGNyZWRlbnRpYWxz IGZvciBhbnkgb2YgdGhlIHJlYWxtcywgdGhlIFVBQw0KICAgd2lsbCBhYmFuZG9uIHRoZSByZXF1 ZXN0Lg0KDQozKSBJbiBTZWN0aW9uIDIuNzoNCg0KICAgICAgcmVxdWVzdC1kaWdlc3QgPSBMRFFV T1QgKkxIRVggUkRRVU9UDQoNClRoaXMgbm93IGFsbG93cyBlbXB0eSB2YWx1ZS4gSSBzdWdnZXN0 IHlvdSBzcGVjaWZ5IGEgbWluaW11bSBudW1iZXIgb2YgaGV4DQpkaWdpdHMgYWxsb3dlZCBpbiB0 aGUgQUJORi4gT3IgYXQgbGVhc3QgY2hhbmdlICIqTEhFWCIgdG8gIjIqTEhFWCIuDQoNCg0KDQoN Cg== --_000_7B4921E166A34D6DA9438EC0F44195CCericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj5IaSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRoZSByZWFzb24gZm9yIHRoZSBlbXB0 eSB2YWx1ZSBjb21lcyBmcm9tIElNUyBhbmQgQUtBLCB3aGVyZSB5b3UgbmVlZCB0byBpbmNsdWRl IHRoZSB1c2VyIGlkIGFscmVhZHkgaW4gdGhlIGluaXRpYWwgUkVHSVNURVIgcmVxdWVzdCAodGhp cyBzZWVtcyB0byBiZSBtaXNzaW5nIGZyb20gUkZDIDMzMTAsIGJ1dCB0aGF04oCZcyBhIHNlcGFy YXRlIHRvcGljKSBpbiBvcmRlciBmb3IgdGhlDQogc2VydmVyIHRvIGNyZWF0ZSB0aGUgY2hhbGxl bmdlLCZuYnNwOyBtZWFuaW5nIHRoYXQgaW4gdGhlIGluaXRpYWwgUkVHSVNURVIgcmVxdWVzdCB5 b3UgaW5jbHVkZSBhbiBBdXRob3JpemF0aW9uIGhlYWRlciBmaWVsZCB3aXRoIHRoZSB1c2VybmFt ZSBwYXJhbWV0ZXIgY2FycnlpbmcgdGhlIElNUyBwcml2YXRlIHVzZXIgaWRlbnRpdHksIHRoZSBy ZWFsbSBwYXJhbWV0ZXIgYW5kIHRoZSB1cmkgcGFyYW1ldGVyLiBBdCB0aGlzIHBvaW50IHlvdSBv YnZpb3VzbHkNCiBkb27igJl0IHlldCBoYXZlIHRoZSByZXNwb25zZSwgc28gaW4gSU1TIGl0IGlz IHNwZWNpZmllZCB0aGF0IHRoZSByZXNwb25zZSBwYXJhbWV0ZXIgaXMgaW5zZXJ0ZWQgd2l0aCBh biBlbXB0eSB2YWx1ZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPldIWSBpdCB3YXMgc3BlY2lmaWVkIHRo YXQgd2F5IChpbnN0ZWFkIG9mIHNpbXBseSBub3QgaW5jbHVkaW5nIHRoZSByZXNwb25zZSBwYXJh bWV0ZXIpIEkgZG9u4oCZdCBrbm93LCBidXQgSSBkbyBrbm93IHRoYXQgaXQgaGFzIGJlZW4gaW1w bGVtZW50ZWQgYW5kIGRlcGxveWVkIHRoYXQgd2F5IGZvciBtYW55IHllYXJzLjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkNocmlzdGVyPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJlYXN0 LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10 b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJs YWNrIj5Gcm9tOiA8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9y OmJsYWNrIj5zaXBjb3JlICZsdDtzaXBjb3JlLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IG9uIGJlaGFs ZiBvZiBSaWZhYXQgU2hla2gtWXVzZWYgJmx0O3JpZmFhdC5pZXRmQGdtYWlsLmNvbSZndDs8YnI+ DQo8Yj5EYXRlOiA8L2I+VGh1cnNkYXksIDMxIE9jdG9iZXIgMjAxOSBhdCAxNS4yMDxicj4NCjxi PlRvOiA8L2I+QWxleGV5IE1lbG5pa292ICZsdDthYW1lbG5pa292QGZhc3RtYWlsLmZtJmd0Ozxi cj4NCjxiPkNjOiA8L2I+JnF1b3Q7c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmcmcXVvdDsgJmx0O3Np cGNvcmUtY2hhaXJzQGlldGYub3JnJmd0OywgJnF1b3Q7ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2Vz dC1zY2hlbWVAaWV0Zi5vcmcmcXVvdDsgJmx0O2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2No ZW1lQGlldGYub3JnJmd0OywgJnF1b3Q7aWVzZ0BpZXRmLm9yZyZxdW90OyAmbHQ7aWVzZ0BpZXRm Lm9yZyZndDssICZxdW90O3NpcGNvcmVAaWV0Zi5vcmcmcXVvdDsgJmx0O3NpcGNvcmVAaWV0Zi5v cmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBbc2lwY29yZV0gQWxleGV5IE1lbG5pa292 J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiAo d2l0aCBDT01NRU5UKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+RG9uZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDk6MTMgQU0gQWxleGV5IE1lbG5p a292ICZsdDs8YSBocmVmPSJtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbSI+YWFtZWxuaWtv dkBmYXN0bWFpbC5mbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8Ymxv Y2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBw dDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdo dDowY20iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBUaHUsIE9jdCAz MSwgMjAxOSwgYXQgMToxMSBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3RlOjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t Ym90dG9tOjUuMHB0IiBpZD0iZ21haWwtbV8tODQwNTA3OTczODU0OTQzODcwNnF0Ij4NCjxkaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGkgQWxleGV5LDxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIGFtIGZpbmUgd2l0aCBQYXVs J3Mgc3VnZ2VzdGlvbi48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPkFyZSB5b3Ugb2sgd2l0aCZuYnNwOzxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+ JnF1b3Q7MzIqTEhFWCZxdW90Oz88L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlllcyE8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhhbmsgeW91 LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QWxl eGV5PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9w OjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiIGlkPSJnbWFpbC1tXy04NDA1MDc5NzM4NTQ5NDM4 NzA2cXQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJlZ2FyZHMsPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDtS ZmFhdDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5 IE1lbG5pa292ICZsdDs8YSBocmVmPSJtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbSIgdGFy Z2V0PSJfYmxhbmsiPmFhbWVsbmlrb3ZAZmFzdG1haWwuZm08L2E+Jmd0OyB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4t bGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5IaSBSaWZhYXQsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPk9uIFdlZCwgT2N0IDMwLCAyMDE5LCBhdCA5OjUwIFBNLCBSaWZh YXQgU2hla2gtWXVzZWYgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3Rl IHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiIGlkPSJnbWFpbC1t Xy04NDA1MDc5NzM4NTQ5NDM4NzA2cXQtZ21haWwtbV8tNjYzNjA0MjM1OTIxMDg1MjkyNXF0Ij4N CjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rcyBBbGV4ZXkh PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkg YW0gZmluZSB3aXRoIHRoZSBmaXJzdCB0d28gY29tbWVudHMsIGFuZCB3aWxsIGZpeCB0aGVzZSBp biB0aGUgY29taW5nIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50LjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYW0gbm90IHN1cmUg SSBmb2xsb3cgdGhlIDNyZCBvbmUuIFdoeSBkbyB5b3Ugc2VlIHRoZSBuZWVkIGZvciBhIG1pbmlt dW0gbnVtYmVyIG9mIGhleCBkaWdpdHM/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPllvdSBkbyBzYXkgdGhh dCB0aGUgbnVtYmVyIG9mIGhleCBkaWdpdHMgbWF0Y2ggdGhlIGhhc2ggbGVuZ2h0LCBzbyBpdCBp cyBwcm9iYWJseSBPay4gSG93ZXZlciBlbXB0eSB2YWx1ZSBpcyBuZXZlciB2YWxpZCAoYW5kIEkg YW0gd29ycmllZCBpdCBtaWdodCBoaXQgc29tZSBib3VuZGFyeSBjb25kaXRpb24gYnVnIGluIGlt cGxlbWVudGF0aW9ucyksIHNvIHByb2hpYml0aW5nIGl0IGluIEFCTkYgd291bGQgYmUNCiB0aGUg YmVzdC48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+QmVzdCBSZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+QWxleGV5PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0 eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiIGlkPSJnbWFpbC1tXy04 NDA1MDc5NzM4NTQ5NDM4NzA2cXQtZ21haWwtbV8tNjYzNjA0MjM1OTIxMDg1MjkyNXF0Ij4NCjxk aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7UmlmYWF0PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gV2VkLCBPY3QgMzAsIDIwMTkgYXQgMToxNiBQTSBB bGV4ZXkgTWVsbmlrb3YgdmlhIERhdGF0cmFja2VyICZsdDs8YSBocmVmPSJtYWlsdG86bm9yZXBs eUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPm5vcmVwbHlAaWV0Zi5vcmc8L2E+Jmd0OyB3cm90 ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25l O2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBw dDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5BbGV4ZXkgTWVsbmlrb3YgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxs b3QgcG9zaXRpb24gZm9yPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5kcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMjogTm8gT2JqZWN0 aW9uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PldoZW4gcmVzcG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5k IHJlcGx5IHRvIGFsbDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+ZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMu IChGZWVsIGZyZWUgdG8gY3V0IHRoaXM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPmludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKTxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlBsZWFz ZSByZWZlciB0byA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9k aXNjdXNzLWNyaXRlcmlhLmh0bWwiIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vd3d3LmlldGYu b3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbDwvYT48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPmZvciBtb3JlIGluZm9ybWF0 aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlvbnMuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIGRvY3VtZW50 LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgaHJl Zj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zaXBjb3JlLWRp Z2VzdC1zY2hlbWUvIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9y Zy9kb2MvZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUvPC9hPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Q09N TUVOVDo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi Pi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SSBhbSBhZ3JlZWluZyB3aXRoIEFsaXNzYSdzIERJU0NVU1MuPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFsc28sIEkgaGF2 ZSBhIGZldyBjb21tZW50cyBvZiBteSBvd246PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjEpIExhc3QgcGFyYSBvZiBTZWN0aW9uIDIuMTo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Mi4xLiZu YnNwOyBIYXNoIEFsZ29yaXRobXM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO0EgVUFTIHByaW9yaXRpemVzIHdoaWNoIGFs Z29yaXRobSB0byB1c2UgYmFzZWQgb24gdGhlIG9yZGVyaW5nIG9mIHRoZTxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO2NoYWxs ZW5nZSBoZWFkZXIgZmllbGRzIGluIHRoZSByZXNwb25zZSBpdCBpcyBwcmVwYXJpbmcuPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoaXMgbG9v a3MgZWl0aGVyIHdyb25nIG9yIGNvbmZ1c2luZyB0byBtZS4gSSB0aGluayB5b3UgYXJlIGp1c3Qg c2F5aW5nIGhlcmU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPnRoYXQgdGhlIG9yZGVyIGlzIGRlY2lkZWQgYnkgdGhlIHNlcnZlciBhdCB0aGlzIHBv aW50LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij4mbmJzcDsgJm5ic3A7VGhhdDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3Byb2Nlc3MgaXMgc3BlY2lmaWVkIGluIHNlY3Rp b24gMi4zIGFuZCBwYXJhbGxlbHMgdGhlIHByb2Nlc3MgdXNlZCBpbjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO0hUVFAgc3Bl Y2lmaWVkIGJ5IFtSRkM3NjE2XS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+U28gYmFzZWQgb24gdGhlIGFib3ZlLCBteSBzdWdnZXN0ZWQgcmVw bGFjZW1lbnQgZm9yIGJvdGggc2VudGVuY2VzOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7QSBVQVMgcHJpb3JpdGl6ZXMg d2hpY2ggYWxnb3JpdGhtIHRvIHVzZSBiYXNlZCBvbiBpdHMgcG9saWN5LDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3doaWNo IGlzIHNwZWNpZmllZCBpbiBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxzIHRoZSBwcm9jZXNzIHVz ZWQgaW48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PiZuYnNwOyAmbmJzcDtIVFRQIHNwZWNpZmllZCBieSBbUkZDNzYxNl0uPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjIpIExhc3QgcGFyYSBvZiBT ZWN0aW9uIDIuNDo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+Jm5ic3A7ICZuYnNwO0lmIHRoZSBVQUMgY2Fubm90IHJlc3BvbmQgdG8gYW55IG9m IHRoZSBjaGFsbGVuZ2VzIGluIHRoZSByZXNwb25zZSw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDt0aGVuIGl0IFNIT1VMRCBh YmFuZG9uIGF0dGVtcHRzIHRvIHNlbmQgdGhlIHJlcXVlc3QgdW5sZXNzIGEgbG9jYWw8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJz cDtwb2xpY3kgZGljdGF0ZXMgb3RoZXJ3aXNlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JcyB0cnlpbmcgb3RoZXIgbm9uIERpZ2VzdCBhbGdv cml0aG1zIGNvdmVyZWQgYnkgJnF1b3Q7U0hPVUxEIGFiYW5kb24mcXVvdDs/PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JZiB5ZXMsIG1heWJlIHlv dSBzaG91bGQgbWFrZSB0aGlzIGNsZWFyZXIuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDtGb3IgZXhhbXBsZSwgaWYgdGhl IFVBQyBkb2VzIG5vdCBoYXZlPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj4mbmJzcDsgJm5ic3A7Y3JlZGVudGlhbHMgb3IgaGFzIHN0YWxlIGNyZWRl bnRpYWxzIGZvciBhbnkgb2YgdGhlIHJlYWxtcywgdGhlIFVBQzxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7ICZuYnNwO3dpbGwgYWJhbmRv biB0aGUgcmVxdWVzdC48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+MykgSW4gU2VjdGlvbiAyLjc6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyAmbmJzcDsgJm5ic3A7IHJlcXVlc3Qt ZGlnZXN0ID0gTERRVU9UICpMSEVYIFJEUVVPVDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGlzIG5vdyBhbGxvd3MgZW1wdHkgdmFsdWUuIEkg c3VnZ2VzdCB5b3Ugc3BlY2lmeSBhIG1pbmltdW0gbnVtYmVyIG9mIGhleDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ZGlnaXRzIGFsbG93ZWQgaW4g dGhlIEFCTkYuIE9yIGF0IGxlYXN0IGNoYW5nZSAmcXVvdDsqTEhFWCZxdW90OyB0byAmcXVvdDsy KkxIRVgmcXVvdDsuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwv YmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_7B4921E166A34D6DA9438EC0F44195CCericssoncom_-- From nobody Thu Oct 31 06:47:47 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2D4E120088; Thu, 31 Oct 2019 06:47:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AX7_W6oHiZeu; Thu, 31 Oct 2019 06:47:36 -0700 (PDT) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBF44120043; Thu, 31 Oct 2019 06:47:35 -0700 (PDT) Received: by mail-io1-xd2a.google.com with SMTP id p6so6773306iod.7; Thu, 31 Oct 2019 06:47:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=r+bL0rh2ZfU6x6ptzZPCMmIkPwbN03KPD7u488sO400=; b=cVKieLzez9xD79E3T0lxTwwJHPQ6dUv8XjEs8iUQIBdsadfXwI+23/rO57Iir88dCc g6RF69hvCDLd9e1YcGxvEafcAMld5STUt5n/2GWFrDIYADfL1HLs6Dc/khwKhHZsOOgy hAi13OkrNI5QXmI8lEtfd3JeQytMW2ZGTpDzn8zWy03kO84nn2BY4wJNGzKefIpAAiwB wncKopruYaMB5GUnTHJ9JuVc5vSLbxE7UabRP0nYCi90nyUC6EGaF4XmuWgX1W6aAPu7 IFK0Dg7WRm6mZUzoK3ah1hppltfQXJ7+nu9p4xJ31w1y6o770+5Ae2IxSOPelOSu1CjD DK/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r+bL0rh2ZfU6x6ptzZPCMmIkPwbN03KPD7u488sO400=; b=eBS03Wvbw3NXlFZGJcmhdYUD/z35Jaxo86TerMpYFVs/PBVegeNiihjf/Uc/yneW0K SK+E7QcNG8mRIftjLYumejUMnUsRtKilDShlBjKxFq68CllwBtVRu9k6DP8OcXPpYDzE /dQOOHy4xbZ1KWQ+G7Rvpp4lcnYHOE3zQ51WFscD3Mf7tE7TcIecermmkrptM9J6NJdf VA/FdWAdRxfGLUOL3cDe4GOzWJK7XtgkhiDZ2dM8a3c8Q0+FGU2yKmflfAyoVvVlfApC olZdVibyoowd6Y9839CIscnXjXpFlrFHGgDoRvUuopu+bSdyZFafEHduupTNs1X7H0VT D4xQ== X-Gm-Message-State: APjAAAVZitSA0HlTY6VXWmqlICitlhpYsHqpCP7xzef/6AIN+OEXG/mY kT6u7Shw6qdH2BV/XnacJvzf30GdGvRGSroCsoo= X-Google-Smtp-Source: APXvYqxifAxt6d+XneDBpES1wk/wViEqn+X/isPBchlUN5vQxJmzeQbpN5Mvw5G40sUd1OvAs2s8kRiGnsdnK03IJ0c= X-Received: by 2002:a5d:8994:: with SMTP id m20mr4896992iol.36.1572529655106; Thu, 31 Oct 2019 06:47:35 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> In-Reply-To: <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 09:47:23 -0400 Message-ID: To: Christer Holmberg Cc: Alexey Melnikov , "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE Content-Type: multipart/alternative; boundary="0000000000007dd1ab05963517d2" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:47:38 -0000 --0000000000007dd1ab05963517d2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Christer, This IMS behavior would have been in violation of RFC3261 which specified exactly 32 Hex characters. So, this change should not make much of a difference in this case. Regards, Rifaat On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg < christer.holmberg@ericsson.com> wrote: > > > Hi, > > > > The reason for the empty value comes from IMS and AKA, where you need to > include the user id already in the initial REGISTER request (this seems t= o > be missing from RFC 3310, but that=E2=80=99s a separate topic) in order f= or the > server to create the challenge, meaning that in the initial REGISTER > request you include an Authorization header field with the username > parameter carrying the IMS private user identity, the realm parameter and > the uri parameter. At this point you obviously don=E2=80=99t yet have the= response, > so in IMS it is specified that the response parameter is inserted with an > empty value. > > > > WHY it was specified that way (instead of simply not including the > response parameter) I don=E2=80=99t know, but I do know that it has been > implemented and deployed that way for many years. > > > > Regards, > > > > Christer > > > > > > *From: *sipcore on behalf of Rifaat > Shekh-Yusef > *Date: *Thursday, 31 October 2019 at 15.20 > *To: *Alexey Melnikov > *Cc: *"sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Done. > > > > On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov > wrote: > > On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote: > > Hi Alexey, > > > > I am fine with Paul's suggestion. > > Are you ok with "32*LHEX"? > > Yes! > > > > Thank you, > > Alexey > > > > Regards, > > Rfaat > > > > > > On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov > wrote: > > > > Hi Rifaat, > > > > On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > > > I am not sure I follow the 3rd one. Why do you see the need for a minimum > number of hex digits? > > You do say that the number of hex digits match the hash lenght, so it is > probably Ok. However empty value is never valid (and I am worried it migh= t > hit some boundary condition bug in implementations), so prohibiting it in > ABNF would be the best. > > > > Best Regards, > > Alexey > > > > Regards, > > Rifaat > > > > > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < > noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > > draft-ietf-sipcore-digest-scheme-12: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I am agreeing with Alissa's DISCUSS. > > > > Also, I have a few comments of my own: > > > > 1) Last para of Section 2.1: > > > > 2.1. Hash Algorithms > > > > A UAS prioritizes which algorithm to use based on the ordering of the > > challenge header fields in the response it is preparing. > > > > This looks either wrong or confusing to me. I think you are just saying > here > > that the order is decided by the server at this point. > > > > That > > process is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > So based on the above, my suggested replacement for both sentences: > > > > A UAS prioritizes which algorithm to use based on its policy, > > which is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > 2) Last para of Section 2.4: > > > > If the UAC cannot respond to any of the challenges in the response, > > then it SHOULD abandon attempts to send the request unless a local > > policy dictates otherwise. > > > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > > If yes, maybe you should make this clearer. > > > > For example, if the UAC does not have > > credentials or has stale credentials for any of the realms, the UAC > > will abandon the request. > > > > 3) In Section 2.7: > > > > request-digest =3D LDQUOT *LHEX RDQUOT > > > > This now allows empty value. I suggest you specify a minimum number of he= x > > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > > > > > > > --0000000000007dd1ab05963517d2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Christer,

This IMS beh= avior would have been in violation of RFC3261 which specified exactly 32 He= x characters.
So, this change should not make much of=C2=A0a diff= erence in this case.

Regards,
=C2=A0Rifa= at



=
On Thu, Oct 31, 2019 at 9:37 AM Chris= ter Holmberg <christer= .holmberg@ericsson.com> wrote:

=C2=A0

Hi,

=C2=A0

The reason for the empty value = comes from IMS and AKA, where you need to include the user id already in th= e initial REGISTER request (this seems to be missing from RFC 3310, but tha= t=E2=80=99s a separate topic) in order for the server to create the challenge,=C2=A0 meaning that in the initial REGISTER= request you include an Authorization header field with the username parame= ter carrying the IMS private user identity, the realm parameter and the uri= parameter. At this point you obviously don=E2=80=99t yet have the response, so in IMS it is specified that the re= sponse parameter is inserted with an empty value.

=C2=A0

WHY it was specified that way (= instead of simply not including the response parameter) I don=E2=80=99t kno= w, but I do know that it has been implemented and deployed that way for man= y years.

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

From: = sipcore <sipcore-bounces@ietf= .org> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Thursday, 31 October 2019 at 15.20
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "dra= ft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore= -digest-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Done.

=C2=A0

On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef= wrote:

Hi Alexey,

=C2=A0

I am fine with Paul's suggestion.<= /p>

Are you ok with=C2=A0&qu= ot;32*LHEX"?

Yes!

=C2=A0

Thank you,

Alexey

=C2=A0

Regards,

=C2=A0Rfaat

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

=C2=A0

Hi Rifaat,

=C2=A0

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef= wrote:

Thanks Alexey!

=C2=A0

I am fine with the first two comments, and will fix = these in the coming version of the document.

=C2=A0

I am not sure I follow the 3rd one. Why do you see t= he need for a minimum number of hex digits?

You do say that the number of hex digits match the h= ash lenght, so it is probably Ok. However empty value is never valid (and I= am worried it might hit some boundary condition bug in implementations), s= o prohibiting it in ABNF would be the best.

=C2=A0

Best Regards,

Alexey

=C2=A0

Regards,

=C2=A0Rifaat

=C2=A0

=C2=A0

=C2=A0

On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via = Datatracker <norep= ly@ietf.org> wrote:

Alexey Melnikov has entered the following ballot pos= ition for

draft-ietf-sipcore-digest-scheme-12: No Objection=

=C2=A0

When responding, please keep the subject line intact= and reply to all

email addresses included in the To and CC lines. (Fe= el free to cut this

introductory paragraph, however.)

=C2=A0

=C2=A0

for more information about IESG DISCUSS and COMMENT = positions.

=C2=A0

=C2=A0

The document, along with other ballot positions, can= be found here:

=C2=A0

=C2=A0

=C2=A0

----------------------------------------------------= ------------------

COMMENT:

----------------------------------------------------= ------------------

=C2=A0

I am agreeing with Alissa's DISCUSS.

=C2=A0

Also, I have a few comments of my own:=

=C2=A0

1) Last para of Section 2.1:

=C2=A0

2.1.=C2=A0 Hash Algorithms

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on the ordering of the

=C2=A0 =C2=A0challenge header fields in the response= it is preparing.

=C2=A0

This looks either wrong or confusing to me. I think = you are just saying here

that the order is decided by the server at this poin= t.

=C2=A0

=C2=A0 =C2=A0That

=C2=A0 =C2=A0process is specified in section 2.3 and= parallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

So based on the above, my suggested replacement for = both sentences:

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on its policy,

=C2=A0 =C2=A0which is specified in section 2.3 and p= arallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

2) Last para of Section 2.4:

=C2=A0

=C2=A0 =C2=A0If the UAC cannot respond to any of the= challenges in the response,

=C2=A0 =C2=A0then it SHOULD abandon attempts to send= the request unless a local

=C2=A0 =C2=A0policy dictates otherwise.

=C2=A0

Is trying other non Digest algorithms covered by &qu= ot;SHOULD abandon"?

If yes, maybe you should make this clearer.

=C2=A0

=C2=A0 =C2=A0For example, if the UAC does not have

=C2=A0 =C2=A0credentials or has stale credentials fo= r any of the realms, the UAC

=C2=A0 =C2=A0will abandon the request.=

=C2=A0

3) In Section 2.7:

=C2=A0

=C2=A0 =C2=A0 =C2=A0 request-digest =3D LDQUOT *LHEX= RDQUOT

=C2=A0

This now allows empty value. I suggest you specify a= minimum number of hex

digits allowed in the ABNF. Or at least change "= ;*LHEX" to "2*LHEX".

=C2=A0

=C2=A0

=C2=A0

=C2=A0

--0000000000007dd1ab05963517d2-- From nobody Thu Oct 31 06:52:36 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE76D120088; Thu, 31 Oct 2019 06:52:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.99 X-Spam-Level: X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8J1AzSQZO5L7; Thu, 31 Oct 2019 06:52:22 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00071.outbound.protection.outlook.com [40.107.0.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D8F3120044; Thu, 31 Oct 2019 06:52:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eahccRnpc7x8dU3qQCUW18MLz2UtBD2dCKSro+skGyIEIdBZCflyMPqsyUvMXl+XlwUdpNxhl+l/MCHqE37lBuUnf0V2edPOWfS+Q0nSch1bU4iBhTJyzrj9naCMYLf/3+mdbYgAFTDi2QN3/ESUGCdmKe9pPdnt9DaPcK+8yAftpzFlqwyOpbGlUAdTjUkLwUcXu/Rv7Z52E6gg4UsDUvshQjutIoyhu8WuShmNjCNjR6T5eBT1ISJq7+3vdA2EAB38gu6NjJvB2DO0+uEH4DPkCuOX+9VpPJGFRerClqkn3lbK20MKTt3h1I1AFStyHlrruK3Q9ZSDAlGCd+AjwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=INJ8wSa0WEyDwGWCF6sx0WCfQAIw7RI0PUzRf/6UcEU=; b=fmxYSxWjLv3nM5JEXRPQ+hGCsNhiGOXlhdzQt7QNzQtcIO9AUYTiORIb3yr/Afsz2s+KD2amdKjbBT2CHI+7c5+VYB/Kv7aTEtIAP/MgMkE1g8KTbKGiVvxHgIPZlX15lrVOzgCt07qwlW0KzKioWOOmzdZSiCPq25VoTjk820QLdLHVxTIwnTd1jg/s3r15ENcU9E5Uu3IRZQcFZbDmHHb5d8NTJjJ8fwfnr1SEIuY8qV0mzEsppRRoWszYF4e8bN1g6gifEs/MNIBPPlhqwmVlhIiRzOBCd1tXG3RabR/VG1kUULHIBlJlg8EE3ifFcs+vgn113SMH9jJ8s4+uLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=INJ8wSa0WEyDwGWCF6sx0WCfQAIw7RI0PUzRf/6UcEU=; b=RJEbYF6f2RsJ1xvVEdeqnmQc/VEsTG8i2AmrleYDlwrLT03vfalCNzhzMuIgeTSW/8zmUW+x46BrAgmN/LDUnsbvQgbpbWRUw3hZk9S3h7jPAacZ1rloGsoUNVDtld6LdpmHjLa715OoB8M0mEbYyu7itdFYPBPAKCOOJiZY3Cc= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3420.eurprd07.prod.outlook.com (10.170.247.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Thu, 31 Oct 2019 13:52:18 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 13:52:18 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef CC: Alexey Melnikov , "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA///hPYCAACLmgA== Date: Thu, 31 Oct 2019 13:52:17 +0000 Message-ID: <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 92fe6885-eba7-4628-ec81-08d75e098b4e x-ms-traffictypediagnostic: HE1PR07MB3420: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(346002)(376002)(136003)(396003)(199004)(189003)(18543002)(316002)(8936002)(54906003)(54896002)(478600001)(7736002)(66476007)(6512007)(236005)(58126008)(81166006)(81156014)(33656002)(6306002)(966005)(66066001)(8676002)(66556008)(6246003)(64756008)(66446008)(25786009)(36756003)(86362001)(66946007)(5660300002)(4326008)(76116006)(76176011)(6486002)(14454004)(6436002)(476003)(6916009)(5070765005)(53546011)(71200400001)(186003)(6116002)(99286004)(71190400001)(3846002)(26005)(2906002)(11346002)(256004)(606006)(21615005)(14444005)(44832011)(446003)(486006)(2616005)(229853002)(102836004)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3420; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: o3zRa9jO4rCNlOYrJ6x/JDYE64hTulD9kfEhtbq2C2YTmvohTf02nuE+bgYUvqNuJpTBCyV91ydEgAB3E2fXLLkSN0mecL1XJj/KHzpZeOJnNFUHjZwDkG6mknjTqUENyLQUGr6RLoXwq58T0/mnM2zzC8niRKL1pWIlQkznq2ixRFm9vCW9+geJpu+BBV/K1Sh/UfHXrkdx7eC5j053FRMTsfWCv9F/uq7/+B05IbSz7GHHGrpVeXWc5Z00eUJGs7GVj9sZ0hgfalXGrnIMGQG8OkNu9y5eZzxo+3bjCVaibTz2Wtgqnq1RO24CdCALhJI+eNtmFEk+fSOnS1U8v2MuCmzdENdcod39mpYJL8jrOGfpA8+0moejhboEKHTnTR3F2aws+Vsg3CgAsRga22hmOCfBWPtKvw6Wl/x68iSDal8/ZPcpkKiuI2QgKCFL8gVFXokzAACyOeSzLUY1LwHp+Fu6vBBOAaXXvjMFAx4= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_4C17F34D70464706AE5CFB7ADC4B1427ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 92fe6885-eba7-4628-ec81-08d75e098b4e X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 13:52:17.9057 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: U+mep5dzGC7tdO20v0awYprA4OQ1/Z+nlvvDDL6kRbXlaD3PSxC0BNDkEZjApUOjXZbq/TkWqgfXAVKtOCDc/uAFTJQk6oU/rfaBRlas6fQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3420 Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 13:52:25 -0000 --_000_4C17F34D70464706AE5CFB7ADC4B1427ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCj5UaGlzIElNUyBiZWhhdmlvciB3b3VsZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9m IFJGQzMyNjEgd2hpY2ggc3BlY2lmaWVkIGV4YWN0bHkgMzIgSGV4IGNoYXJhY3RlcnMuDQo+U28s IHRoaXMgY2hhbmdlIHNob3VsZCBub3QgbWFrZSBtdWNoIG9mIGEgZGlmZmVyZW5jZSBpbiB0aGlz IGNhc2UuDQoNCkluIHJlYWxpdHkgaXQgcHJvYmFibHkgZG9lc27igJl0IG1ha2UgYSBkaWZmZXJl bmNlLCBidXQgaXQgd291bGQgbWFrZSB0aGUgSU1TIHByb2NlZHVyZXMg4oCcYWxpZ25lZOKAnSB3 aXRoIHRoZSBJRVRGIHNwZWMuDQoNClJlZ2FyZHMsDQoNCkNocmlzdGVyDQoNCg0KDQoNCk9uIFRo dSwgT2N0IDMxLCAyMDE5IGF0IDk6MzcgQU0gQ2hyaXN0ZXIgSG9sbWJlcmcgPGNocmlzdGVyLmhv bG1iZXJnQGVyaWNzc29uLmNvbTxtYWlsdG86Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29t Pj4gd3JvdGU6DQoNCkhpLA0KDQpUaGUgcmVhc29uIGZvciB0aGUgZW1wdHkgdmFsdWUgY29tZXMg ZnJvbSBJTVMgYW5kIEFLQSwgd2hlcmUgeW91IG5lZWQgdG8gaW5jbHVkZSB0aGUgdXNlciBpZCBh bHJlYWR5IGluIHRoZSBpbml0aWFsIFJFR0lTVEVSIHJlcXVlc3QgKHRoaXMgc2VlbXMgdG8gYmUg bWlzc2luZyBmcm9tIFJGQyAzMzEwLCBidXQgdGhhdOKAmXMgYSBzZXBhcmF0ZSB0b3BpYykgaW4g b3JkZXIgZm9yIHRoZSBzZXJ2ZXIgdG8gY3JlYXRlIHRoZSBjaGFsbGVuZ2UsICBtZWFuaW5nIHRo YXQgaW4gdGhlIGluaXRpYWwgUkVHSVNURVIgcmVxdWVzdCB5b3UgaW5jbHVkZSBhbiBBdXRob3Jp emF0aW9uIGhlYWRlciBmaWVsZCB3aXRoIHRoZSB1c2VybmFtZSBwYXJhbWV0ZXIgY2Fycnlpbmcg dGhlIElNUyBwcml2YXRlIHVzZXIgaWRlbnRpdHksIHRoZSByZWFsbSBwYXJhbWV0ZXIgYW5kIHRo ZSB1cmkgcGFyYW1ldGVyLiBBdCB0aGlzIHBvaW50IHlvdSBvYnZpb3VzbHkgZG9u4oCZdCB5ZXQg aGF2ZSB0aGUgcmVzcG9uc2UsIHNvIGluIElNUyBpdCBpcyBzcGVjaWZpZWQgdGhhdCB0aGUgcmVz cG9uc2UgcGFyYW1ldGVyIGlzIGluc2VydGVkIHdpdGggYW4gZW1wdHkgdmFsdWUuDQoNCldIWSBp dCB3YXMgc3BlY2lmaWVkIHRoYXQgd2F5IChpbnN0ZWFkIG9mIHNpbXBseSBub3QgaW5jbHVkaW5n IHRoZSByZXNwb25zZSBwYXJhbWV0ZXIpIEkgZG9u4oCZdCBrbm93LCBidXQgSSBkbyBrbm93IHRo YXQgaXQgaGFzIGJlZW4gaW1wbGVtZW50ZWQgYW5kIGRlcGxveWVkIHRoYXQgd2F5IGZvciBtYW55 IHllYXJzLg0KDQpSZWdhcmRzLA0KDQpDaHJpc3Rlcg0KDQoNCkZyb206IHNpcGNvcmUgPHNpcGNv cmUtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPj4gb24g YmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiA8cmlmYWF0LmlldGZAZ21haWwuY29tPG1haWx0 bzpyaWZhYXQuaWV0ZkBnbWFpbC5jb20+Pg0KRGF0ZTogVGh1cnNkYXksIDMxIE9jdG9iZXIgMjAx OSBhdCAxNS4yMA0KVG86IEFsZXhleSBNZWxuaWtvdiA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxt YWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+DQpDYzogInNpcGNvcmUtY2hhaXJzQGlldGYu b3JnPG1haWx0bzpzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZz4iIDxzaXBjb3JlLWNoYWlyc0BpZXRm Lm9yZzxtYWlsdG86c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc+PiwgImRyYWZ0LWlldGYtc2lwY29y ZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0 LXNjaGVtZUBpZXRmLm9yZz4iIDxkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRm Lm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+Piwg Imllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+IiA8aWVzZ0BpZXRmLm9yZzxtYWls dG86aWVzZ0BpZXRmLm9yZz4+LCAic2lwY29yZUBpZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRm Lm9yZz4iIDxzaXBjb3JlQGlldGYub3JnPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPj4NClN1Ympl Y3Q6IFJlOiBbc2lwY29yZV0gQWxleGV5IE1lbG5pa292J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0 LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiAod2l0aCBDT01NRU5UKQ0KDQpEb25lLg0K DQpPbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5OjEzIEFNIEFsZXhleSBNZWxuaWtvdiA8YWFtZWxu aWtvdkBmYXN0bWFpbC5mbTxtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+IHdyb3RlOg0K T24gVGh1LCBPY3QgMzEsIDIwMTksIGF0IDE6MTEgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90 ZToNCkhpIEFsZXhleSwNCg0KSSBhbSBmaW5lIHdpdGggUGF1bCdzIHN1Z2dlc3Rpb24uDQpBcmUg eW91IG9rIHdpdGggIjMyKkxIRVgiPw0KWWVzIQ0KDQpUaGFuayB5b3UsDQpBbGV4ZXkNCg0KUmVn YXJkcywNCiBSZmFhdA0KDQoNCk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5 IE1lbG5pa292IDxhYW1lbG5pa292QGZhc3RtYWlsLmZtPG1haWx0bzphYW1lbG5pa292QGZhc3Rt YWlsLmZtPj4gd3JvdGU6DQoNCkhpIFJpZmFhdCwNCg0KT24gV2VkLCBPY3QgMzAsIDIwMTksIGF0 IDk6NTAgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZToNClRoYW5rcyBBbGV4ZXkhDQoNCkkg YW0gZmluZSB3aXRoIHRoZSBmaXJzdCB0d28gY29tbWVudHMsIGFuZCB3aWxsIGZpeCB0aGVzZSBp biB0aGUgY29taW5nIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50Lg0KDQpJIGFtIG5vdCBzdXJlIEkg Zm9sbG93IHRoZSAzcmQgb25lLiBXaHkgZG8geW91IHNlZSB0aGUgbmVlZCBmb3IgYSBtaW5pbXVt IG51bWJlciBvZiBoZXggZGlnaXRzPw0KWW91IGRvIHNheSB0aGF0IHRoZSBudW1iZXIgb2YgaGV4 IGRpZ2l0cyBtYXRjaCB0aGUgaGFzaCBsZW5naHQsIHNvIGl0IGlzIHByb2JhYmx5IE9rLiBIb3dl dmVyIGVtcHR5IHZhbHVlIGlzIG5ldmVyIHZhbGlkIChhbmQgSSBhbSB3b3JyaWVkIGl0IG1pZ2h0 IGhpdCBzb21lIGJvdW5kYXJ5IGNvbmRpdGlvbiBidWcgaW4gaW1wbGVtZW50YXRpb25zKSwgc28g cHJvaGliaXRpbmcgaXQgaW4gQUJORiB3b3VsZCBiZSB0aGUgYmVzdC4NCg0KQmVzdCBSZWdhcmRz LA0KQWxleGV5DQoNClJlZ2FyZHMsDQogUmlmYWF0DQoNCg0KDQpPbiBXZWQsIE9jdCAzMCwgMjAx OSBhdCAxOjE2IFBNIEFsZXhleSBNZWxuaWtvdiB2aWEgRGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0 Zi5vcmc8bWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmc+PiB3cm90ZToNCkFsZXhleSBNZWxuaWtvdiBo YXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCmRyYWZ0LWlldGYt c2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiBObyBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5n LCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQpl bWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJl ZSB0byBjdXQgdGhpcw0KaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0KUGxl YXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3Mt Y3JpdGVyaWEuaHRtbA0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFu ZCBDT01NRU5UIHBvc2l0aW9ucy4NCg0KDQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIg YmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQpodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS8NCg0KDQoNCi0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCkNPTU1FTlQ6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCkkgYW0gYWdyZWVpbmcgd2l0 aCBBbGlzc2EncyBESVNDVVNTLg0KDQpBbHNvLCBJIGhhdmUgYSBmZXcgY29tbWVudHMgb2YgbXkg b3duOg0KDQoxKSBMYXN0IHBhcmEgb2YgU2VjdGlvbiAyLjE6DQoNCjIuMS4gIEhhc2ggQWxnb3Jp dGhtcw0KDQogICBBIFVBUyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2Vk IG9uIHRoZSBvcmRlcmluZyBvZiB0aGUNCiAgIGNoYWxsZW5nZSBoZWFkZXIgZmllbGRzIGluIHRo ZSByZXNwb25zZSBpdCBpcyBwcmVwYXJpbmcuDQoNClRoaXMgbG9va3MgZWl0aGVyIHdyb25nIG9y IGNvbmZ1c2luZyB0byBtZS4gSSB0aGluayB5b3UgYXJlIGp1c3Qgc2F5aW5nIGhlcmUNCnRoYXQg dGhlIG9yZGVyIGlzIGRlY2lkZWQgYnkgdGhlIHNlcnZlciBhdCB0aGlzIHBvaW50Lg0KDQogICBU aGF0DQogICBwcm9jZXNzIGlzIHNwZWNpZmllZCBpbiBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxz IHRoZSBwcm9jZXNzIHVzZWQgaW4NCiAgIEhUVFAgc3BlY2lmaWVkIGJ5IFtSRkM3NjE2XS4NCg0K U28gYmFzZWQgb24gdGhlIGFib3ZlLCBteSBzdWdnZXN0ZWQgcmVwbGFjZW1lbnQgZm9yIGJvdGgg c2VudGVuY2VzOg0KDQogICBBIFVBUyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNl IGJhc2VkIG9uIGl0cyBwb2xpY3ksDQogICB3aGljaCBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAy LjMgYW5kIHBhcmFsbGVscyB0aGUgcHJvY2VzcyB1c2VkIGluDQogICBIVFRQIHNwZWNpZmllZCBi eSBbUkZDNzYxNl0uDQoNCjIpIExhc3QgcGFyYSBvZiBTZWN0aW9uIDIuNDoNCg0KICAgSWYgdGhl IFVBQyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2YgdGhlIGNoYWxsZW5nZXMgaW4gdGhlIHJlc3Bv bnNlLA0KICAgdGhlbiBpdCBTSE9VTEQgYWJhbmRvbiBhdHRlbXB0cyB0byBzZW5kIHRoZSByZXF1 ZXN0IHVubGVzcyBhIGxvY2FsDQogICBwb2xpY3kgZGljdGF0ZXMgb3RoZXJ3aXNlLg0KDQpJcyB0 cnlpbmcgb3RoZXIgbm9uIERpZ2VzdCBhbGdvcml0aG1zIGNvdmVyZWQgYnkgIlNIT1VMRCBhYmFu ZG9uIj8NCklmIHllcywgbWF5YmUgeW91IHNob3VsZCBtYWtlIHRoaXMgY2xlYXJlci4NCg0KICAg Rm9yIGV4YW1wbGUsIGlmIHRoZSBVQUMgZG9lcyBub3QgaGF2ZQ0KICAgY3JlZGVudGlhbHMgb3Ig aGFzIHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkgb2YgdGhlIHJlYWxtcywgdGhlIFVBQw0KICAg d2lsbCBhYmFuZG9uIHRoZSByZXF1ZXN0Lg0KDQozKSBJbiBTZWN0aW9uIDIuNzoNCg0KICAgICAg cmVxdWVzdC1kaWdlc3QgPSBMRFFVT1QgKkxIRVggUkRRVU9UDQoNClRoaXMgbm93IGFsbG93cyBl bXB0eSB2YWx1ZS4gSSBzdWdnZXN0IHlvdSBzcGVjaWZ5IGEgbWluaW11bSBudW1iZXIgb2YgaGV4 DQpkaWdpdHMgYWxsb3dlZCBpbiB0aGUgQUJORi4gT3IgYXQgbGVhc3QgY2hhbmdlICIqTEhFWCIg dG8gIjIqTEhFWCIuDQoNCg0KDQoNCg== --_000_4C17F34D70464706AE5CFB7ADC4B1427ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <1C7C5E16F9020C40822F2C17B261890F@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkhp LDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDtUaGlzIElNUyBiZWhhdmlvciB3b3Vs ZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9mIFJGQzMyNjEgd2hpY2ggc3BlY2lmaWVkIGV4YWN0 bHkgMzIgSGV4IGNoYXJhY3RlcnMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDtTbywgdGhpcyBj aGFuZ2Ugc2hvdWxkIG5vdCBtYWtlIG11Y2ggb2YmbmJzcDthIGRpZmZlcmVuY2UgaW4gdGhpcyBj YXNlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+SW4gcmVhbGl0eSBpdCBwcm9i YWJseSBkb2VzbuKAmXQgbWFrZSBhIGRpZmZlcmVuY2UsIGJ1dCBpdCB3b3VsZCBtYWtlIHRoZSBJ TVMgcHJvY2VkdXJlcyDigJxhbGlnbmVk4oCdIHdpdGggdGhlIElFVEYgc3BlYy48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiPlJlZ2FyZHMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5DaHJpc3RlcjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5 OjM3IEFNIENocmlzdGVyIEhvbG1iZXJnICZsdDs8YSBocmVmPSJtYWlsdG86Y2hyaXN0ZXIuaG9s bWJlcmdAZXJpY3Nzb24uY29tIj5jaHJpc3Rlci5ob2xtYmVyZ0Blcmljc3Nvbi5jb208L2E+Jmd0 OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRl cjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBj bSA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPkhpLDwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4t VVMiPlRoZSByZWFzb24gZm9yIHRoZSBlbXB0eSB2YWx1ZSBjb21lcyBmcm9tIElNUyBhbmQgQUtB LCB3aGVyZSB5b3UgbmVlZCB0byBpbmNsdWRlIHRoZSB1c2VyIGlkIGFscmVhZHkgaW4gdGhlIGlu aXRpYWwgUkVHSVNURVIgcmVxdWVzdCAodGhpcyBzZWVtcyB0byBiZSBtaXNzaW5nDQogZnJvbSBS RkMgMzMxMCwgYnV0IHRoYXTigJlzIGEgc2VwYXJhdGUgdG9waWMpIGluIG9yZGVyIGZvciB0aGUg c2VydmVyIHRvIGNyZWF0ZSB0aGUgY2hhbGxlbmdlLCZuYnNwOyBtZWFuaW5nIHRoYXQgaW4gdGhl IGluaXRpYWwgUkVHSVNURVIgcmVxdWVzdCB5b3UgaW5jbHVkZSBhbiBBdXRob3JpemF0aW9uIGhl YWRlciBmaWVsZCB3aXRoIHRoZSB1c2VybmFtZSBwYXJhbWV0ZXIgY2FycnlpbmcgdGhlIElNUyBw cml2YXRlIHVzZXIgaWRlbnRpdHksIHRoZSByZWFsbQ0KIHBhcmFtZXRlciBhbmQgdGhlIHVyaSBw YXJhbWV0ZXIuIEF0IHRoaXMgcG9pbnQgeW91IG9idmlvdXNseSBkb27igJl0IHlldCBoYXZlIHRo ZSByZXNwb25zZSwgc28gaW4gSU1TIGl0IGlzIHNwZWNpZmllZCB0aGF0IHRoZSByZXNwb25zZSBw YXJhbWV0ZXIgaXMgaW5zZXJ0ZWQgd2l0aCBhbiBlbXB0eSB2YWx1ZS48L3NwYW4+PG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8 L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9 IkVOLVVTIj5XSFkgaXQgd2FzIHNwZWNpZmllZCB0aGF0IHdheSAoaW5zdGVhZCBvZiBzaW1wbHkg bm90IGluY2x1ZGluZyB0aGUgcmVzcG9uc2UgcGFyYW1ldGVyKSBJIGRvbuKAmXQga25vdywgYnV0 IEkgZG8ga25vdyB0aGF0IGl0IGhhcyBiZWVuIGltcGxlbWVudGVkIGFuZCBkZXBsb3llZCB0aGF0 DQogd2F5IGZvciBtYW55IHllYXJzLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPlJlZ2FyZHMsPC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJF Ti1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48c3BhbiBsYW5nPSJFTi1VUyI+Q2hyaXN0ZXI8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7 Y29sb3I6YmxhY2siPkZyb206DQo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIu MHB0O2NvbG9yOmJsYWNrIj5zaXBjb3JlICZsdDs8YSBocmVmPSJtYWlsdG86c2lwY29yZS1ib3Vu Y2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPC9h PiZndDsgb24gYmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiAmbHQ7PGEgaHJlZj0ibWFpbHRv OnJpZmFhdC5pZXRmQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJpZmFhdC5pZXRmQGdtYWls LmNvbTwvYT4mZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPlRodXJzZGF5LCAzMSBPY3RvYmVyIDIwMTkg YXQgMTUuMjA8YnI+DQo8Yj5UbzogPC9iPkFsZXhleSBNZWxuaWtvdiAmbHQ7PGEgaHJlZj0ibWFp bHRvOmFhbWVsbmlrb3ZAZmFzdG1haWwuZm0iIHRhcmdldD0iX2JsYW5rIj5hYW1lbG5pa292QGZh c3RtYWlsLmZtPC9hPiZndDs8YnI+DQo8Yj5DYzogPC9iPiZxdW90OzxhIGhyZWY9Im1haWx0bzpz aXBjb3JlLWNoYWlyc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmUtY2hhaXJzQGll dGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmUtY2hhaXJzQGlldGYu b3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc8L2E+Jmd0OywgJnF1 b3Q7PGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYu b3JnIiB0YXJnZXQ9Il9ibGFuayI+ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0 Zi5vcmc8L2E+JnF1b3Q7DQogJmx0OzxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUt ZGlnZXN0LXNjaGVtZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmRyYWZ0LWlldGYtc2lwY29y ZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnPC9hPiZndDssICZxdW90OzxhIGhyZWY9Im1haWx0bzpp ZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRmLm9yZzwvYT4mcXVvdDsgJmx0 OzxhIGhyZWY9Im1haWx0bzppZXNnQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+aWVzZ0BpZXRm Lm9yZzwvYT4mZ3Q7LA0KICZxdW90OzxhIGhyZWY9Im1haWx0bzpzaXBjb3JlQGlldGYub3JnIiB0 YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1h aWx0bzpzaXBjb3JlQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwv YT4mZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBbc2lwY29yZV0gQWxleGV5IE1lbG5pa292 J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiAo d2l0aCBDT01NRU5UKTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPkRvbmUuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+T24gVGh1LCBPY3QgMzEsIDIwMTkgYXQgOToxMyBBTSBBbGV4 ZXkgTWVsbmlrb3YgJmx0OzxhIGhyZWY9Im1haWx0bzphYW1lbG5pa292QGZhc3RtYWlsLmZtIiB0 YXJnZXQ9Il9ibGFuayI+YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdp bi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90 dG9tOjUuMHB0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBUaHUs IE9jdCAzMSwgMjAxOSwgYXQgMToxMSBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3RlOjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDtt YXJnaW4tYm90dG9tOjUuMHB0IiBpZD0iZ21haWwtbV8tNjU1NDg2OTU2MTM5NzEzNDEyMmdtYWls LW1fLTg0MDUwNzk3Mzg1NDk0Mzg3MDZxdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+SGkgQWxleGV5LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+SSBhbSBmaW5lIHdpdGggUGF1bCdzIHN1Z2dlc3Rpb24uPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkFyZSB5 b3Ugb2sgd2l0aCZuYnNwOzxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+JnF1b3Q7MzIqTEhFWCZx dW90Oz88L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3Rl Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+WWVzITxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmsgeW91LDxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5BbGV4ZXk8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLWJvdHRvbTo1LjBwdCIgaWQ9ImdtYWlsLW1fLTY1NTQ4Njk1NjEzOTcxMzQxMjJnbWFp bC1tXy04NDA1MDc5NzM4NTQ5NDM4NzA2cXQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDtSZmFhdDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFRo dSwgT2N0IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5IE1lbG5pa292ICZsdDs8YSBocmVmPSJt YWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbSIgdGFyZ2V0PSJfYmxhbmsiPmFhbWVsbmlrb3ZA ZmFzdG1haWwuZm08L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2Nr cXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7 cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUu MHB0O21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkhpIFJpZmFhdCw8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFdlZCwgT2N0IDMwLCAy MDE5LCBhdCA5OjUwIFBNLCBSaWZhYXQgU2hla2gtWXVzZWYgd3JvdGU6PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0 b206NS4wcHQiIGlkPSJnbWFpbC1tXy02NTU0ODY5NTYxMzk3MTM0MTIyZ21haWwtbV8tODQwNTA3 OTczODU0OTQzODcwNnF0LWdtYWlsLW1fLTY2MzYwNDIzNTkyMTA4NTI5MjVxdCI+DQo8ZGl2Pg0K PGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlRoYW5rcyBBbGV4ZXkhPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JIGFt IGZpbmUgd2l0aCB0aGUgZmlyc3QgdHdvIGNvbW1lbnRzLCBhbmQgd2lsbCBmaXggdGhlc2UgaW4g dGhlIGNvbWluZyB2ZXJzaW9uIG9mIHRoZSBkb2N1bWVudC48bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSBhbSBub3Qgc3Vy ZSBJIGZvbGxvdyB0aGUgM3JkIG9uZS4gV2h5IGRvIHlvdSBzZWUgdGhlIG5lZWQgZm9yIGEgbWlu aW11bSBudW1iZXIgb2YgaGV4IGRpZ2l0cz88bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5Zb3UgZG8gc2F5 IHRoYXQgdGhlIG51bWJlciBvZiBoZXggZGlnaXRzIG1hdGNoIHRoZSBoYXNoIGxlbmdodCwgc28g aXQgaXMgcHJvYmFibHkgT2suIEhvd2V2ZXIgZW1wdHkgdmFsdWUgaXMgbmV2ZXIgdmFsaWQgKGFu ZCBJIGFtIHdvcnJpZWQgaXQgbWlnaHQgaGl0IHNvbWUgYm91bmRhcnkgY29uZGl0aW9uIGJ1Zw0K IGluIGltcGxlbWVudGF0aW9ucyksIHNvIHByb2hpYml0aW5nIGl0IGluIEFCTkYgd291bGQgYmUg dGhlIGJlc3QuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj5CZXN0IFJlZ2FyZHMsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPkFsZXhleTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8Ymxv Y2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0IiBpZD0i Z21haWwtbV8tNjU1NDg2OTU2MTM5NzEzNDEyMmdtYWlsLW1fLTg0MDUwNzk3Mzg1NDk0Mzg3MDZx dC1nbWFpbC1tXy02NjM2MDQyMzU5MjEwODUyOTI1cXQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDtSaWZhYXQ8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPk9uIFdlZCwgT2N0IDMwLCAyMDE5IGF0IDE6MTYgUE0gQWxleGV5 IE1lbG5pa292IHZpYSBEYXRhdHJhY2tlciAmbHQ7PGEgaHJlZj0ibWFpbHRvOm5vcmVwbHlAaWV0 Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5ub3JlcGx5QGlldGYub3JnPC9hPiZndDsgd3JvdGU6PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFy Z2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1i b3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+QWxleGV5IE1lbG5p a292IGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5kcmFmdC1pZXRm LXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMjogTm8gT2JqZWN0aW9uPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5XaGVuIHJlc3BvbmRpbmcs IHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGw8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ZW1haWwg YWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8g Y3V0IHRoaXM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+aW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+UGxlYXNlIHJlZmVy IHRvDQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNz LWNyaXRlcmlhLmh0bWwiIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vd3d3LmlldGYub3JnL2ll c2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbDwvYT48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Zm9yIG1vcmUgaW5mb3JtYXRpb24g YWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGUgZG9jdW1l bnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxh IGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29y ZS1kaWdlc3Qtc2NoZW1lLyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLzwvYT48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj5DT01NRU5UOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JIGFtIGFncmVlaW5nIHdpdGggQWxpc3Nh J3MgRElTQ1VTUy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPkFsc28sIEkgaGF2ZSBhIGZldyBjb21tZW50cyBvZiBteSBvd246PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4xKSBM YXN0IHBhcmEgb2YgU2VjdGlvbiAyLjE6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4yLjEuJm5ic3A7IEhhc2ggQWxnb3JpdGhtczxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7ICZuYnNwO0EgVUFTIHByaW9yaXRpemVzIHdoaWNoIGFsZ29yaXRobSB0byB1c2UgYmFzZWQg b24gdGhlIG9yZGVyaW5nIG9mIHRoZTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7Y2hhbGxlbmdlIGhlYWRlciBmaWVsZHMg aW4gdGhlIHJlc3BvbnNlIGl0IGlzIHByZXBhcmluZy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlRoaXMgbG9va3MgZWl0aGVyIHdyb25n IG9yIGNvbmZ1c2luZyB0byBtZS4gSSB0aGluayB5b3UgYXJlIGp1c3Qgc2F5aW5nIGhlcmU8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+dGhhdCB0 aGUgb3JkZXIgaXMgZGVjaWRlZCBieSB0aGUgc2VydmVyIGF0IHRoaXMgcG9pbnQuPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsg Jm5ic3A7VGhhdDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDsgJm5ic3A7cHJvY2VzcyBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAyLjMg YW5kIHBhcmFsbGVscyB0aGUgcHJvY2VzcyB1c2VkIGluPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOyAmbmJzcDtIVFRQIHNwZWNpZmll ZCBieSBbUkZDNzYxNl0uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5TbyBiYXNlZCBvbiB0aGUgYWJvdmUsIG15IHN1Z2dlc3RlZCByZXBs YWNlbWVudCBmb3IgYm90aCBzZW50ZW5jZXM6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7QSBVQVMgcHJpb3JpdGl6 ZXMgd2hpY2ggYWxnb3JpdGhtIHRvIHVzZSBiYXNlZCBvbiBpdHMgcG9saWN5LDxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7 d2hpY2ggaXMgc3BlY2lmaWVkIGluIHNlY3Rpb24gMi4zIGFuZCBwYXJhbGxlbHMgdGhlIHByb2Nl c3MgdXNlZCBpbjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDsgJm5ic3A7SFRUUCBzcGVjaWZpZWQgYnkgW1JGQzc2MTZdLjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+MikgTGFz dCBwYXJhIG9mIFNlY3Rpb24gMi40OjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO0lmIHRoZSBVQUMgY2Fubm90IHJl c3BvbmQgdG8gYW55IG9mIHRoZSBjaGFsbGVuZ2VzIGluIHRoZSByZXNwb25zZSw8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNw O3RoZW4gaXQgU0hPVUxEIGFiYW5kb24gYXR0ZW1wdHMgdG8gc2VuZCB0aGUgcmVxdWVzdCB1bmxl c3MgYSBsb2NhbDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDsgJm5ic3A7cG9saWN5IGRpY3RhdGVzIG90aGVyd2lzZS48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPklzIHRyeWlu ZyBvdGhlciBub24gRGlnZXN0IGFsZ29yaXRobXMgY292ZXJlZCBieSAmcXVvdDtTSE9VTEQgYWJh bmRvbiZxdW90Oz88bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+SWYgeWVzLCBtYXliZSB5b3Ugc2hvdWxkIG1ha2UgdGhpcyBjbGVhcmVyLjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7ICZuYnNwO0ZvciBleGFtcGxlLCBpZiB0aGUgVUFDIGRvZXMgbm90IGhhdmU8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNw O2NyZWRlbnRpYWxzIG9yIGhhcyBzdGFsZSBjcmVkZW50aWFscyBmb3IgYW55IG9mIHRoZSByZWFs bXMsIHRoZSBVQUM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+Jm5ic3A7ICZuYnNwO3dpbGwgYWJhbmRvbiB0aGUgcmVxdWVzdC48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjMpIEluIFNl Y3Rpb24gMi43OjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgcmVxdWVzdC1kaWdlc3QgPSBMRFFVT1Qg KkxIRVggUkRRVU9UPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj5UaGlzIG5vdyBhbGxvd3MgZW1wdHkgdmFsdWUuIEkgc3VnZ2VzdCB5b3Ug c3BlY2lmeSBhIG1pbmltdW0gbnVtYmVyIG9mIGhleDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5kaWdpdHMgYWxsb3dlZCBpbiB0aGUgQUJORi4g T3IgYXQgbGVhc3QgY2hhbmdlICZxdW90OypMSEVYJnF1b3Q7IHRvICZxdW90OzIqTEhFWCZxdW90 Oy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Js b2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_4C17F34D70464706AE5CFB7ADC4B1427ericssoncom_-- From nobody Thu Oct 31 07:23:24 2019 Return-Path: X-Original-To: sipcore@ietf.org Delivered-To: sipcore@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C884120820; Thu, 31 Oct 2019 07:23:19 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alissa Cooper via Datatracker To: "The IESG" Cc: draft-ietf-sipcore-digest-scheme@ietf.org, Jean Mahoney , sipcore-chairs@ietf.org, mahoney@nostrum.com, sipcore@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alissa Cooper Message-ID: <157253179956.30372.10650739031983241755.idtracker@ietfa.amsl.com> Date: Thu, 31 Oct 2019 07:23:19 -0700 Archived-At: Subject: [sipcore] Alissa Cooper's No Objection on draft-ietf-sipcore-digest-scheme-14: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 14:23:20 -0000 Alissa Cooper has entered the following ballot position for draft-ietf-sipcore-digest-scheme-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for addressing my DISCUSS. From nobody Thu Oct 31 08:45:13 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 635B11200F4; Thu, 31 Oct 2019 08:44:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kzvo9DsEf0RH; Thu, 31 Oct 2019 08:44:54 -0700 (PDT) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on062b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C18512006F; Thu, 31 Oct 2019 08:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YYzgorftnsGxu1Ib76qqZQOUQh33hepUHu5krJEyIHC61BXWefV2xIuKcI6YsRa7/TQIGEId+gst82q1i62VpdCpbmhzpFi2MfQOneu1uRNTVU12BrgmhRwP6GP9t3xVUHYuoFgS2SIhrJVbO1dSwyE5QSHYF0y5+fcrP0L9K2Z4ldpKeRFLSoLISV0ByLx9zATEFUqqwXvInEOYiMdWtok5vYKUPstC5pdDZU1LhLFEtrHEAgKPJEIuCSsOAu3gR9T9d+dZluuxRp1RxbdlxIMI6+5xYDOA9iCBNe7c9AWG9nCCaDh8MPjUOCVNuc59gAalPs7CtqSdNJlCMDMYfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ypN5zKbJlL/VdRDrraCrOxJ6bWl6zWubTTO5VB9RCrc=; b=bHu/Eu+Nb6veMNmf0NvxijODtrPPTWNA26t9v6rFkP2o7BK8r0Q8WeVx2eE8Npe0y9ACcEakAcrQBjIFTuS1zk0WW5oCpArjFruyJ5zq55cDRDKoaEspBsjr/NPsy7l881TtjPyW/zKM5uCHw0hg9TjOzamZFf51q5QmnRzb/8Z5BcbP2gQ1/nuKzkXkvEP2lpWabAi/BcZ19WYFlQKdqzfF6nZ/pFsJaGrz4ml+IGWOmqpHStwSTehcUcF6WMuIKvTShW2HMQs7h2cAT6EQ6FODUYoWpiaqYww7UBrCR2J5QQ3ZB0s2Z5O6xciarCsr02GgJORiPzORdyA0c/kPdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ypN5zKbJlL/VdRDrraCrOxJ6bWl6zWubTTO5VB9RCrc=; b=nsc+0VcsucmdI5mzXid+TCZckyTqEWOQEzTWiz9hNf6NXkh0PFQUP29KdBtgOJ96HZRyUHZPr9Kf51rK8LHt9R177JZrQc2Zq1vlXkdQwNdgkaEPxXaw9NMZJLNKs2e8Wc3PtyGVI7QEm5a6amB378QGniw040aCeqeo98Geudo= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB4220.eurprd07.prod.outlook.com (20.176.168.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.14; Thu, 31 Oct 2019 15:44:50 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 15:44:50 +0000 From: Christer Holmberg To: Christer Holmberg , Rifaat Shekh-Yusef CC: "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE , Alexey Melnikov Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA///hPYCAACLmgIAAH3GA Date: Thu, 31 Oct 2019 15:44:49 +0000 Message-ID: <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> In-Reply-To: <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c43adb70-5a05-4d75-4af1-08d75e1943d6 x-ms-traffictypediagnostic: HE1PR07MB4220: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(136003)(376002)(396003)(39860400002)(18543002)(199004)(189003)(25786009)(54906003)(54896002)(66476007)(66946007)(66556008)(64756008)(606006)(256004)(6306002)(966005)(486006)(6512007)(6116002)(446003)(66446008)(26005)(8936002)(66066001)(2906002)(476003)(99286004)(3846002)(236005)(14444005)(44832011)(86362001)(58126008)(110136005)(478600001)(8676002)(76116006)(6506007)(6246003)(53546011)(81166006)(71190400001)(6486002)(7736002)(102836004)(76176011)(81156014)(33656002)(5660300002)(4326008)(71200400001)(11346002)(186003)(36756003)(5070765005)(6436002)(14454004)(229853002)(2616005)(21615005)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4220; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wBGz61F5dA86DtTMsMB9rFVvY5MFi5+6trujs5shYL8bMIvBAP1nap7cnjiBrw5He8MgX/fRB2eicU4jMkQsiqRMS+yyXrvK1+GIRcpKx2slXErTlJjIh7sEpklTnygFwCKLp3id/N11blRFsz3qgTK7KLsE9NoXly40MEir5MeR4SYAInAiVZCsEmxIEY8doo7X1bUZ8fWaIOk0FPH6KOfYvol9YXZ4x2X8mtr52fH58mGlRJtcUZF+miViajB53QKg66JgAuLFy1DdMwIG0HMXkUg/qp7urE4XLg4HZ73Vn07h2UKZFWSN5V9VUHLyQFf3d28YeBkjCJ6EtBcaBznIuQN53weciDKZULI87frzwyLfbTsPe2Y/d1rmmht6F0F/kDAaWayrT0WnRbgOBK63K/9Gmol/SJgckSbYmoFwAgWvI0SWn5aH/aAMqyH16fJUKWveV9DkM5wfDtzBGHzbP+g78Xbk0OHos3hggLI= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_4EEBC37C3C1B42A9883B571FAE867C31ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: c43adb70-5a05-4d75-4af1-08d75e1943d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 15:44:49.7347 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LCVB/gSGpZY7oM+sHKOS6yYA2ABp2wX+dquHZbEh4F+VmLcKCdGO71P/08Am9GKzc3v4czqgCKzDMXgu+OZTibEVK123KuPRAbyFzQFsnL4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4220 Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 15:45:00 -0000 --_000_4EEBC37C3C1B42A9883B571FAE867C31ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNClBlcmhhcHMgd2UgY291bGQgYWRkIHNvbWUgdGV4dCBhYm91dCB0aGUgSU1TIHVzZS1j YXNlLCBpbiBvcmRlciB0byBleHBsYWluIHRoZSBlbXB0eSB2YWx1ZT8NCg0KUmVnYXJkcywNCg0K Q2hyaXN0ZXINCg0KRnJvbTogc2lwY29yZSA8c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPiBvbiBi ZWhhbGYgb2YgQ2hyaXN0ZXIgSG9sbWJlcmcgPGNocmlzdGVyLmhvbG1iZXJnPTQwZXJpY3Nzb24u Y29tQGRtYXJjLmlldGYub3JnPg0KRGF0ZTogVGh1cnNkYXksIDMxIE9jdG9iZXIgMjAxOSBhdCAx NS41Mg0KVG86IFJpZmFhdCBTaGVraC1ZdXNlZiA8cmlmYWF0LmlldGZAZ21haWwuY29tPg0KQ2M6 ICJzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZyIgPHNpcGNvcmUtY2hhaXJzQGlldGYub3JnPiwgImRy YWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnIiA8ZHJhZnQtaWV0Zi1zaXBj b3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+LCAiaWVzZ0BpZXRmLm9yZyIgPGllc2dAaWV0Zi5v cmc+LCAic2lwY29yZUBpZXRmLm9yZyIgPHNpcGNvcmVAaWV0Zi5vcmc+LCBBbGV4ZXkgTWVsbmlr b3YgPGFhbWVsbmlrb3ZAZmFzdG1haWwuZm0+DQpTdWJqZWN0OiBSZTogW3NpcGNvcmVdIEFsZXhl eSBNZWxuaWtvdidzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNj aGVtZS0xMjogKHdpdGggQ09NTUVOVCkNCg0KSGksDQoNCj5UaGlzIElNUyBiZWhhdmlvciB3b3Vs ZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9mIFJGQzMyNjEgd2hpY2ggc3BlY2lmaWVkIGV4YWN0 bHkgMzIgSGV4IGNoYXJhY3RlcnMuDQo+U28sIHRoaXMgY2hhbmdlIHNob3VsZCBub3QgbWFrZSBt dWNoIG9mIGEgZGlmZmVyZW5jZSBpbiB0aGlzIGNhc2UuDQoNCkluIHJlYWxpdHkgaXQgcHJvYmFi bHkgZG9lc27igJl0IG1ha2UgYSBkaWZmZXJlbmNlLCBidXQgaXQgd291bGQgbWFrZSB0aGUgSU1T IHByb2NlZHVyZXMg4oCcYWxpZ25lZOKAnSB3aXRoIHRoZSBJRVRGIHNwZWMuDQoNClJlZ2FyZHMs DQoNCkNocmlzdGVyDQoNCg0KDQoNCk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDk6MzcgQU0gQ2hy aXN0ZXIgSG9sbWJlcmcgPGNocmlzdGVyLmhvbG1iZXJnQGVyaWNzc29uLmNvbTxtYWlsdG86Y2hy aXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tPj4gd3JvdGU6DQoNCkhpLA0KDQpUaGUgcmVhc29u IGZvciB0aGUgZW1wdHkgdmFsdWUgY29tZXMgZnJvbSBJTVMgYW5kIEFLQSwgd2hlcmUgeW91IG5l ZWQgdG8gaW5jbHVkZSB0aGUgdXNlciBpZCBhbHJlYWR5IGluIHRoZSBpbml0aWFsIFJFR0lTVEVS IHJlcXVlc3QgKHRoaXMgc2VlbXMgdG8gYmUgbWlzc2luZyBmcm9tIFJGQyAzMzEwLCBidXQgdGhh dOKAmXMgYSBzZXBhcmF0ZSB0b3BpYykgaW4gb3JkZXIgZm9yIHRoZSBzZXJ2ZXIgdG8gY3JlYXRl IHRoZSBjaGFsbGVuZ2UsICBtZWFuaW5nIHRoYXQgaW4gdGhlIGluaXRpYWwgUkVHSVNURVIgcmVx dWVzdCB5b3UgaW5jbHVkZSBhbiBBdXRob3JpemF0aW9uIGhlYWRlciBmaWVsZCB3aXRoIHRoZSB1 c2VybmFtZSBwYXJhbWV0ZXIgY2FycnlpbmcgdGhlIElNUyBwcml2YXRlIHVzZXIgaWRlbnRpdHks IHRoZSByZWFsbSBwYXJhbWV0ZXIgYW5kIHRoZSB1cmkgcGFyYW1ldGVyLiBBdCB0aGlzIHBvaW50 IHlvdSBvYnZpb3VzbHkgZG9u4oCZdCB5ZXQgaGF2ZSB0aGUgcmVzcG9uc2UsIHNvIGluIElNUyBp dCBpcyBzcGVjaWZpZWQgdGhhdCB0aGUgcmVzcG9uc2UgcGFyYW1ldGVyIGlzIGluc2VydGVkIHdp dGggYW4gZW1wdHkgdmFsdWUuDQoNCldIWSBpdCB3YXMgc3BlY2lmaWVkIHRoYXQgd2F5IChpbnN0 ZWFkIG9mIHNpbXBseSBub3QgaW5jbHVkaW5nIHRoZSByZXNwb25zZSBwYXJhbWV0ZXIpIEkgZG9u 4oCZdCBrbm93LCBidXQgSSBkbyBrbm93IHRoYXQgaXQgaGFzIGJlZW4gaW1wbGVtZW50ZWQgYW5k IGRlcGxveWVkIHRoYXQgd2F5IGZvciBtYW55IHllYXJzLg0KDQpSZWdhcmRzLA0KDQpDaHJpc3Rl cg0KDQoNCkZyb206IHNpcGNvcmUgPHNpcGNvcmUtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2lw Y29yZS1ib3VuY2VzQGlldGYub3JnPj4gb24gYmVoYWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiA8 cmlmYWF0LmlldGZAZ21haWwuY29tPG1haWx0bzpyaWZhYXQuaWV0ZkBnbWFpbC5jb20+Pg0KRGF0 ZTogVGh1cnNkYXksIDMxIE9jdG9iZXIgMjAxOSBhdCAxNS4yMA0KVG86IEFsZXhleSBNZWxuaWtv diA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+ DQpDYzogInNpcGNvcmUtY2hhaXJzQGlldGYub3JnPG1haWx0bzpzaXBjb3JlLWNoYWlyc0BpZXRm Lm9yZz4iIDxzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZzxtYWlsdG86c2lwY29yZS1jaGFpcnNAaWV0 Zi5vcmc+PiwgImRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnPG1haWx0 bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZz4iIDxkcmFmdC1pZXRm LXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZzxtYWlsdG86ZHJhZnQtaWV0Zi1zaXBjb3Jl LWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+PiwgImllc2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0 Zi5vcmc+IiA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRmLm9yZz4+LCAic2lwY29yZUBp ZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9yZz4iIDxzaXBjb3JlQGlldGYub3JnPG1haWx0 bzpzaXBjb3JlQGlldGYub3JnPj4NClN1YmplY3Q6IFJlOiBbc2lwY29yZV0gQWxleGV5IE1lbG5p a292J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEy OiAod2l0aCBDT01NRU5UKQ0KDQpEb25lLg0KDQpPbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5OjEz IEFNIEFsZXhleSBNZWxuaWtvdiA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxtYWlsdG86YWFtZWxu aWtvdkBmYXN0bWFpbC5mbT4+IHdyb3RlOg0KT24gVGh1LCBPY3QgMzEsIDIwMTksIGF0IDE6MTEg UE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZToNCkhpIEFsZXhleSwNCg0KSSBhbSBmaW5lIHdp dGggUGF1bCdzIHN1Z2dlc3Rpb24uDQpBcmUgeW91IG9rIHdpdGggIjMyKkxIRVgiPw0KWWVzIQ0K DQpUaGFuayB5b3UsDQpBbGV4ZXkNCg0KUmVnYXJkcywNCiBSZmFhdA0KDQoNCk9uIFRodSwgT2N0 IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5IE1lbG5pa292IDxhYW1lbG5pa292QGZhc3RtYWls LmZtPG1haWx0bzphYW1lbG5pa292QGZhc3RtYWlsLmZtPj4gd3JvdGU6DQoNCkhpIFJpZmFhdCwN Cg0KT24gV2VkLCBPY3QgMzAsIDIwMTksIGF0IDk6NTAgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3 cm90ZToNClRoYW5rcyBBbGV4ZXkhDQoNCkkgYW0gZmluZSB3aXRoIHRoZSBmaXJzdCB0d28gY29t bWVudHMsIGFuZCB3aWxsIGZpeCB0aGVzZSBpbiB0aGUgY29taW5nIHZlcnNpb24gb2YgdGhlIGRv Y3VtZW50Lg0KDQpJIGFtIG5vdCBzdXJlIEkgZm9sbG93IHRoZSAzcmQgb25lLiBXaHkgZG8geW91 IHNlZSB0aGUgbmVlZCBmb3IgYSBtaW5pbXVtIG51bWJlciBvZiBoZXggZGlnaXRzPw0KWW91IGRv IHNheSB0aGF0IHRoZSBudW1iZXIgb2YgaGV4IGRpZ2l0cyBtYXRjaCB0aGUgaGFzaCBsZW5naHQs IHNvIGl0IGlzIHByb2JhYmx5IE9rLiBIb3dldmVyIGVtcHR5IHZhbHVlIGlzIG5ldmVyIHZhbGlk IChhbmQgSSBhbSB3b3JyaWVkIGl0IG1pZ2h0IGhpdCBzb21lIGJvdW5kYXJ5IGNvbmRpdGlvbiBi dWcgaW4gaW1wbGVtZW50YXRpb25zKSwgc28gcHJvaGliaXRpbmcgaXQgaW4gQUJORiB3b3VsZCBi ZSB0aGUgYmVzdC4NCg0KQmVzdCBSZWdhcmRzLA0KQWxleGV5DQoNClJlZ2FyZHMsDQogUmlmYWF0 DQoNCg0KDQpPbiBXZWQsIE9jdCAzMCwgMjAxOSBhdCAxOjE2IFBNIEFsZXhleSBNZWxuaWtvdiB2 aWEgRGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0Zi5vcmc8bWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmc+ PiB3cm90ZToNCkFsZXhleSBNZWxuaWtvdiBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxv dCBwb3NpdGlvbiBmb3INCmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiBObyBP YmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5l IGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQplbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhl IFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcw0KaW50cm9kdWN0b3J5IHBh cmFncmFwaCwgaG93ZXZlci4pDQoNCg0KUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYu b3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KZm9yIG1vcmUgaW5mb3Jt YXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCg0KDQpUaGUg ZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5k IGhlcmU6DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNv cmUtZGlnZXN0LXNjaGVtZS8NCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNPTU1FTlQ6DQotLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tDQoNCkkgYW0gYWdyZWVpbmcgd2l0aCBBbGlzc2EncyBESVNDVVNTLg0KDQpBbHNvLCBJ IGhhdmUgYSBmZXcgY29tbWVudHMgb2YgbXkgb3duOg0KDQoxKSBMYXN0IHBhcmEgb2YgU2VjdGlv biAyLjE6DQoNCjIuMS4gIEhhc2ggQWxnb3JpdGhtcw0KDQogICBBIFVBUyBwcmlvcml0aXplcyB3 aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9uIHRoZSBvcmRlcmluZyBvZiB0aGUNCiAgIGNo YWxsZW5nZSBoZWFkZXIgZmllbGRzIGluIHRoZSByZXNwb25zZSBpdCBpcyBwcmVwYXJpbmcuDQoN ClRoaXMgbG9va3MgZWl0aGVyIHdyb25nIG9yIGNvbmZ1c2luZyB0byBtZS4gSSB0aGluayB5b3Ug YXJlIGp1c3Qgc2F5aW5nIGhlcmUNCnRoYXQgdGhlIG9yZGVyIGlzIGRlY2lkZWQgYnkgdGhlIHNl cnZlciBhdCB0aGlzIHBvaW50Lg0KDQogICBUaGF0DQogICBwcm9jZXNzIGlzIHNwZWNpZmllZCBp biBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxzIHRoZSBwcm9jZXNzIHVzZWQgaW4NCiAgIEhUVFAg c3BlY2lmaWVkIGJ5IFtSRkM3NjE2XS4NCg0KU28gYmFzZWQgb24gdGhlIGFib3ZlLCBteSBzdWdn ZXN0ZWQgcmVwbGFjZW1lbnQgZm9yIGJvdGggc2VudGVuY2VzOg0KDQogICBBIFVBUyBwcmlvcml0 aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9uIGl0cyBwb2xpY3ksDQogICB3aGlj aCBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAyLjMgYW5kIHBhcmFsbGVscyB0aGUgcHJvY2VzcyB1 c2VkIGluDQogICBIVFRQIHNwZWNpZmllZCBieSBbUkZDNzYxNl0uDQoNCjIpIExhc3QgcGFyYSBv ZiBTZWN0aW9uIDIuNDoNCg0KICAgSWYgdGhlIFVBQyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2Yg dGhlIGNoYWxsZW5nZXMgaW4gdGhlIHJlc3BvbnNlLA0KICAgdGhlbiBpdCBTSE9VTEQgYWJhbmRv biBhdHRlbXB0cyB0byBzZW5kIHRoZSByZXF1ZXN0IHVubGVzcyBhIGxvY2FsDQogICBwb2xpY3kg ZGljdGF0ZXMgb3RoZXJ3aXNlLg0KDQpJcyB0cnlpbmcgb3RoZXIgbm9uIERpZ2VzdCBhbGdvcml0 aG1zIGNvdmVyZWQgYnkgIlNIT1VMRCBhYmFuZG9uIj8NCklmIHllcywgbWF5YmUgeW91IHNob3Vs ZCBtYWtlIHRoaXMgY2xlYXJlci4NCg0KICAgRm9yIGV4YW1wbGUsIGlmIHRoZSBVQUMgZG9lcyBu b3QgaGF2ZQ0KICAgY3JlZGVudGlhbHMgb3IgaGFzIHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkg b2YgdGhlIHJlYWxtcywgdGhlIFVBQw0KICAgd2lsbCBhYmFuZG9uIHRoZSByZXF1ZXN0Lg0KDQoz KSBJbiBTZWN0aW9uIDIuNzoNCg0KICAgICAgcmVxdWVzdC1kaWdlc3QgPSBMRFFVT1QgKkxIRVgg UkRRVU9UDQoNClRoaXMgbm93IGFsbG93cyBlbXB0eSB2YWx1ZS4gSSBzdWdnZXN0IHlvdSBzcGVj aWZ5IGEgbWluaW11bSBudW1iZXIgb2YgaGV4DQpkaWdpdHMgYWxsb3dlZCBpbiB0aGUgQUJORi4g T3IgYXQgbGVhc3QgY2hhbmdlICIqTEhFWCIgdG8gIjIqTEhFWCIuDQoNCg0KDQoNCg== --_000_4EEBC37C3C1B42A9883B571FAE867C31ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6IkNh bGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLkVtYWlsU3R5bGUx OQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJy aSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJe21z by1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29y ZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3MC44NXB0IDIuMGNt IDcwLjg1cHQgMi4wY207fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9 DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRkkiIGxpbms9ImJsdWUiIHZsaW5r PSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+SGksPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1mYXJl YXN0LWxhbmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1 YWdlOkVOLVVTIj5QZXJoYXBzIHdlIGNvdWxkIGFkZCBzb21lIHRleHQgYWJvdXQgdGhlIElNUyB1 c2UtY2FzZSwgaW4gb3JkZXIgdG8gZXhwbGFpbiB0aGUgZW1wdHkgdmFsdWU/PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxl PSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFy ZWFzdC1sYW5ndWFnZTpFTi1VUyI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxh bmd1YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVO LVVTIj5DaHJpc3RlcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl ci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9y OmJsYWNrIj5Gcm9tOiA8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2Nv bG9yOmJsYWNrIj5zaXBjb3JlICZsdDtzaXBjb3JlLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IG9uIGJl aGFsZiBvZiBDaHJpc3RlciBIb2xtYmVyZyAmbHQ7Y2hyaXN0ZXIuaG9sbWJlcmc9NDBlcmljc3Nv bi5jb21AZG1hcmMuaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPlRodXJzZGF5LCAzMSBP Y3RvYmVyIDIwMTkgYXQgMTUuNTI8YnI+DQo8Yj5UbzogPC9iPlJpZmFhdCBTaGVraC1ZdXNlZiAm bHQ7cmlmYWF0LmlldGZAZ21haWwuY29tJmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7c2lwY29y ZS1jaGFpcnNAaWV0Zi5vcmcmcXVvdDsgJmx0O3NpcGNvcmUtY2hhaXJzQGlldGYub3JnJmd0Oywg JnF1b3Q7ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmcmcXVvdDsgJmx0 O2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnJmd0OywgJnF1b3Q7aWVz Z0BpZXRmLm9yZyZxdW90OyAmbHQ7aWVzZ0BpZXRmLm9yZyZndDssICZxdW90O3NpcGNvcmVAaWV0 Zi5vcmcmcXVvdDsgJmx0O3NpcGNvcmVAaWV0Zi5vcmcmZ3Q7LCBBbGV4ZXkgTWVsbmlrb3YgJmx0 O2FhbWVsbmlrb3ZAZmFzdG1haWwuZm0mZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBbc2lw Y29yZV0gQWxleGV5IE1lbG5pa292J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2lwY29y ZS1kaWdlc3Qtc2NoZW1lLTEyOiAod2l0aCBDT01NRU5UKTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPkhpLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDtUaGlz IElNUyBiZWhhdmlvciB3b3VsZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9mIFJGQzMyNjEgd2hp Y2ggc3BlY2lmaWVkIGV4YWN0bHkgMzIgSGV4IGNoYXJhY3RlcnMuPC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZndDtTbywgdGhpcyBjaGFuZ2Ugc2hvdWxkIG5vdCBtYWtlIG11Y2ggb2YmbmJzcDthIGRp ZmZlcmVuY2UgaW4gdGhpcyBjYXNlLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ SW4gcmVhbGl0eSBpdCBwcm9iYWJseSBkb2VzbuKAmXQgbWFrZSBhIGRpZmZlcmVuY2UsIGJ1dCBp dCB3b3VsZCBtYWtlIHRoZSBJTVMgcHJvY2VkdXJlcyDigJxhbGlnbmVk4oCdIHdpdGggdGhlIElF VEYgc3BlYy48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlJlZ2FyZHMsPC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5D aHJpc3Rlcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBUaHUs IE9jdCAzMSwgMjAxOSBhdCA5OjM3IEFNIENocmlzdGVyIEhvbG1iZXJnICZsdDs8YSBocmVmPSJt YWlsdG86Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tIj5jaHJpc3Rlci5ob2xtYmVyZ0Bl cmljc3Nvbi5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2Nr cXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7 cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tdG9wOjUu MHB0O21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5IaSw8L3NwYW4+PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVT Ij5UaGUgcmVhc29uIGZvciB0aGUgZW1wdHkgdmFsdWUgY29tZXMgZnJvbSBJTVMgYW5kIEFLQSwg d2hlcmUgeW91IG5lZWQgdG8gaW5jbHVkZSB0aGUgdXNlciBpZCBhbHJlYWR5IGluIHRoZSBpbml0 aWFsIFJFR0lTVEVSIHJlcXVlc3QgKHRoaXMgc2VlbXMgdG8gYmUgbWlzc2luZw0KIGZyb20gUkZD IDMzMTAsIGJ1dCB0aGF04oCZcyBhIHNlcGFyYXRlIHRvcGljKSBpbiBvcmRlciBmb3IgdGhlIHNl cnZlciB0byBjcmVhdGUgdGhlIGNoYWxsZW5nZSwmbmJzcDsgbWVhbmluZyB0aGF0IGluIHRoZSBp bml0aWFsIFJFR0lTVEVSIHJlcXVlc3QgeW91IGluY2x1ZGUgYW4gQXV0aG9yaXphdGlvbiBoZWFk ZXIgZmllbGQgd2l0aCB0aGUgdXNlcm5hbWUgcGFyYW1ldGVyIGNhcnJ5aW5nIHRoZSBJTVMgcHJp dmF0ZSB1c2VyIGlkZW50aXR5LCB0aGUgcmVhbG0NCiBwYXJhbWV0ZXIgYW5kIHRoZSB1cmkgcGFy YW1ldGVyLiBBdCB0aGlzIHBvaW50IHlvdSBvYnZpb3VzbHkgZG9u4oCZdCB5ZXQgaGF2ZSB0aGUg cmVzcG9uc2UsIHNvIGluIElNUyBpdCBpcyBzcGVjaWZpZWQgdGhhdCB0aGUgcmVzcG9uc2UgcGFy YW1ldGVyIGlzIGluc2VydGVkIHdpdGggYW4gZW1wdHkgdmFsdWUuPC9zcGFuPjxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJF Ti1VUyI+V0hZIGl0IHdhcyBzcGVjaWZpZWQgdGhhdCB3YXkgKGluc3RlYWQgb2Ygc2ltcGx5IG5v dCBpbmNsdWRpbmcgdGhlIHJlc3BvbnNlIHBhcmFtZXRlcikgSSBkb27igJl0IGtub3csIGJ1dCBJ IGRvIGtub3cgdGhhdCBpdCBoYXMgYmVlbiBpbXBsZW1lbnRlZCBhbmQgZGVwbG95ZWQgdGhhdA0K IHdheSBmb3IgbWFueSB5ZWFycy48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDwvc3Bh bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ PHNwYW4gbGFuZz0iRU4tVVMiPkNocmlzdGVyPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3Jk ZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2Nv bG9yOmJsYWNrIj5Gcm9tOg0KPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBw dDtjb2xvcjpibGFjayI+c2lwY29yZSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmUtYm91bmNl c0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmUtYm91bmNlc0BpZXRmLm9yZzwvYT4m Z3Q7IG9uIGJlaGFsZiBvZiBSaWZhYXQgU2hla2gtWXVzZWYgJmx0OzxhIGhyZWY9Im1haWx0bzpy aWZhYXQuaWV0ZkBnbWFpbC5jb20iIHRhcmdldD0iX2JsYW5rIj5yaWZhYXQuaWV0ZkBnbWFpbC5j b208L2E+Jmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5UaHVyc2RheSwgMzEgT2N0b2JlciAyMDE5IGF0 IDE1LjIwPGJyPg0KPGI+VG86IDwvYj5BbGV4ZXkgTWVsbmlrb3YgJmx0OzxhIGhyZWY9Im1haWx0 bzphYW1lbG5pa292QGZhc3RtYWlsLmZtIiB0YXJnZXQ9Il9ibGFuayI+YWFtZWxuaWtvdkBmYXN0 bWFpbC5mbTwvYT4mZ3Q7PGJyPg0KPGI+Q2M6IDwvYj4mcXVvdDs8YSBocmVmPSJtYWlsdG86c2lw Y29yZS1jaGFpcnNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3JlLWNoYWlyc0BpZXRm Lm9yZzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzpzaXBjb3JlLWNoYWlyc0BpZXRmLm9y ZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmUtY2hhaXJzQGlldGYub3JnPC9hPiZndDssICZxdW90 OzxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9y ZyIgdGFyZ2V0PSJfYmxhbmsiPmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYu b3JnPC9hPiZxdW90Ow0KICZsdDs8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1zaXBjb3JlLWRp Z2VzdC1zY2hlbWVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5kcmFmdC1pZXRmLXNpcGNvcmUt ZGlnZXN0LXNjaGVtZUBpZXRmLm9yZzwvYT4mZ3Q7LCAmcXVvdDs8YSBocmVmPSJtYWlsdG86aWVz Z0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+JnF1b3Q7ICZsdDs8 YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5v cmc8L2E+Jmd0OywNCiAmcXVvdDs8YSBocmVmPSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8L2E+JnF1b3Q7ICZsdDs8YSBocmVmPSJtYWls dG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8L2E+ Jmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5SZTogW3NpcGNvcmVdIEFsZXhleSBNZWxuaWtvdidz IE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMjogKHdp dGggQ09NTUVOVCk8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5Eb25lLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDk6MTMgQU0gQWxleGV5 IE1lbG5pa292ICZsdDs8YSBocmVmPSJtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbSIgdGFy Z2V0PSJfYmxhbmsiPmFhbWVsbmlrb3ZAZmFzdG1haWwuZm08L2E+Jmd0OyB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4t bGVmdDo0LjhwdDttYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRv bTo1LjBwdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+T24gVGh1LCBP Y3QgMzEsIDIwMTksIGF0IDE6MTEgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZTo8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFy Z2luLWJvdHRvbTo1LjBwdCIgaWQ9ImdtYWlsLW1fLTY1NTQ4Njk1NjEzOTcxMzQxMjJnbWFpbC1t Xy04NDA1MDc5NzM4NTQ5NDM4NzA2cXQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPkhpIEFsZXhleSw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPkkgYW0gZmluZSB3aXRoIFBhdWwncyBzdWdnZXN0aW9uLjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5BcmUgeW91 IG9rIHdpdGgmbmJzcDs8c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPiZxdW90OzMyKkxIRVgmcXVv dDs/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlllcyE8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlRoYW5rIHlvdSw8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+QWxleGV5PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21h cmdpbi1ib3R0b206NS4wcHQiIGlkPSJnbWFpbC1tXy02NTU0ODY5NTYxMzk3MTM0MTIyZ21haWwt bV8tODQwNTA3OTczODU0OTQzODcwNnF0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7UmZhYXQ8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBUaHUs IE9jdCAzMSwgMjAxOSBhdCA3OjIyIEFNIEFsZXhleSBNZWxuaWtvdiAmbHQ7PGEgaHJlZj0ibWFp bHRvOmFhbWVsbmlrb3ZAZmFzdG1haWwuZm0iIHRhcmdldD0iX2JsYW5rIj5hYW1lbG5pa292QGZh c3RtYWlsLmZtPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1 b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3Bh ZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBw dDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5IaSBSaWZhYXQsPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBXZWQsIE9jdCAzMCwgMjAx OSwgYXQgOTo1MCBQTSwgUmlmYWF0IFNoZWtoLVl1c2VmIHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9t OjUuMHB0IiBpZD0iZ21haWwtbV8tNjU1NDg2OTU2MTM5NzEzNDEyMmdtYWlsLW1fLTg0MDUwNzk3 Mzg1NDk0Mzg3MDZxdC1nbWFpbC1tXy02NjM2MDQyMzU5MjEwODUyOTI1cXQiPg0KPGRpdj4NCjxk aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGFua3MgQWxleGV5ITxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSBhbSBm aW5lIHdpdGggdGhlIGZpcnN0IHR3byBjb21tZW50cywgYW5kIHdpbGwgZml4IHRoZXNlIGluIHRo ZSBjb21pbmcgdmVyc2lvbiBvZiB0aGUgZG9jdW1lbnQuPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkkgYW0gbm90IHN1cmUg SSBmb2xsb3cgdGhlIDNyZCBvbmUuIFdoeSBkbyB5b3Ugc2VlIHRoZSBuZWVkIGZvciBhIG1pbmlt dW0gbnVtYmVyIG9mIGhleCBkaWdpdHM/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+WW91IGRvIHNheSB0 aGF0IHRoZSBudW1iZXIgb2YgaGV4IGRpZ2l0cyBtYXRjaCB0aGUgaGFzaCBsZW5naHQsIHNvIGl0 IGlzIHByb2JhYmx5IE9rLiBIb3dldmVyIGVtcHR5IHZhbHVlIGlzIG5ldmVyIHZhbGlkIChhbmQg SSBhbSB3b3JyaWVkIGl0IG1pZ2h0IGhpdCBzb21lIGJvdW5kYXJ5IGNvbmRpdGlvbiBidWcNCiBp biBpbXBsZW1lbnRhdGlvbnMpLCBzbyBwcm9oaWJpdGluZyBpdCBpbiBBQk5GIHdvdWxkIGJlIHRo ZSBiZXN0LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+QmVzdCBSZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj5BbGV4ZXk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2Nr cXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCIgaWQ9Imdt YWlsLW1fLTY1NTQ4Njk1NjEzOTcxMzQxMjJnbWFpbC1tXy04NDA1MDc5NzM4NTQ5NDM4NzA2cXQt Z21haWwtbV8tNjYzNjA0MjM1OTIxMDg1MjkyNXF0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7UmlmYWF0PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNw OzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5PbiBXZWQsIE9jdCAzMCwgMjAxOSBhdCAxOjE2IFBNIEFsZXhleSBN ZWxuaWtvdiB2aWEgRGF0YXRyYWNrZXIgJmx0OzxhIGhyZWY9Im1haWx0bzpub3JlcGx5QGlldGYu b3JnIiB0YXJnZXQ9Il9ibGFuayI+bm9yZXBseUBpZXRmLm9yZzwvYT4mZ3Q7IHdyb3RlOjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdp bi1sZWZ0OjQuOHB0O21hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90 dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkFsZXhleSBNZWxuaWtv diBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3I8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ZHJhZnQtaWV0Zi1z aXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTI6IE5vIE9iamVjdGlvbjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+V2hlbiByZXNwb25kaW5nLCBw bGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPmVtYWlsIGFk ZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1 dCB0aGlzPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPmludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKTxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFs dDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPlBsZWFzZSByZWZlciB0 bw0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1j cml0ZXJpYS5odG1sIiB0YXJnZXQ9Il9ibGFuayI+DQpodHRwczovL3d3dy5pZXRmLm9yZy9pZXNn L3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWw8L2E+PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0 OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPmZvciBtb3JlIGluZm9ybWF0aW9uIGFi b3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlvbnMuPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhlIGRvY3VtZW50 LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48YSBo cmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUt ZGlnZXN0LXNjaGVtZS8iIHRhcmdldD0iX2JsYW5rIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYu b3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS88L2E+PG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPi0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+Q09NTUVOVDo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSBhbSBhZ3JlZWluZyB3aXRoIEFsaXNzYSdz IERJU0NVU1MuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj5BbHNvLCBJIGhhdmUgYSBmZXcgY29tbWVudHMgb2YgbXkgb3duOjxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+MSkgTGFz dCBwYXJhIG9mIFNlY3Rpb24gMi4xOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Mi4xLiZuYnNwOyBIYXNoIEFsZ29yaXRobXM8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNw OyAmbmJzcDtBIFVBUyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9u IHRoZSBvcmRlcmluZyBvZiB0aGU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO2NoYWxsZW5nZSBoZWFkZXIgZmllbGRzIGlu IHRoZSByZXNwb25zZSBpdCBpcyBwcmVwYXJpbmcuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGlzIGxvb2tzIGVpdGhlciB3cm9uZyBv ciBjb25mdXNpbmcgdG8gbWUuIEkgdGhpbmsgeW91IGFyZSBqdXN0IHNheWluZyBoZXJlPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPnRoYXQgdGhl IG9yZGVyIGlzIGRlY2lkZWQgYnkgdGhlIHNlcnZlciBhdCB0aGlzIHBvaW50LjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZu YnNwO1RoYXQ8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7ICZuYnNwO3Byb2Nlc3MgaXMgc3BlY2lmaWVkIGluIHNlY3Rpb24gMi4zIGFu ZCBwYXJhbGxlbHMgdGhlIHByb2Nlc3MgdXNlZCBpbjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7SFRUUCBzcGVjaWZpZWQg YnkgW1JGQzc2MTZdLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+U28gYmFzZWQgb24gdGhlIGFib3ZlLCBteSBzdWdnZXN0ZWQgcmVwbGFj ZW1lbnQgZm9yIGJvdGggc2VudGVuY2VzOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO0EgVUFTIHByaW9yaXRpemVz IHdoaWNoIGFsZ29yaXRobSB0byB1c2UgYmFzZWQgb24gaXRzIHBvbGljeSw8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO3do aWNoIGlzIHNwZWNpZmllZCBpbiBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxzIHRoZSBwcm9jZXNz IHVzZWQgaW48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7ICZuYnNwO0hUVFAgc3BlY2lmaWVkIGJ5IFtSRkM3NjE2XS48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjIpIExhc3Qg cGFyYSBvZiBTZWN0aW9uIDIuNDo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOyAmbmJzcDtJZiB0aGUgVUFDIGNhbm5vdCByZXNw b25kIHRvIGFueSBvZiB0aGUgY2hhbGxlbmdlcyBpbiB0aGUgcmVzcG9uc2UsPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOyAmbmJzcDt0 aGVuIGl0IFNIT1VMRCBhYmFuZG9uIGF0dGVtcHRzIHRvIHNlbmQgdGhlIHJlcXVlc3QgdW5sZXNz IGEgbG9jYWw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7ICZuYnNwO3BvbGljeSBkaWN0YXRlcyBvdGhlcndpc2UuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JcyB0cnlpbmcg b3RoZXIgbm9uIERpZ2VzdCBhbGdvcml0aG1zIGNvdmVyZWQgYnkgJnF1b3Q7U0hPVUxEIGFiYW5k b24mcXVvdDs/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPklmIHllcywgbWF5YmUgeW91IHNob3VsZCBtYWtlIHRoaXMgY2xlYXJlci48bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNw OyAmbmJzcDtGb3IgZXhhbXBsZSwgaWYgdGhlIFVBQyBkb2VzIG5vdCBoYXZlPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOyAmbmJzcDtj cmVkZW50aWFscyBvciBoYXMgc3RhbGUgY3JlZGVudGlhbHMgZm9yIGFueSBvZiB0aGUgcmVhbG1z LCB0aGUgVUFDPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOyAmbmJzcDt3aWxsIGFiYW5kb24gdGhlIHJlcXVlc3QuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4zKSBJbiBTZWN0 aW9uIDIuNzo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPiZuYnNwOyAmbmJzcDsgJm5ic3A7IHJlcXVlc3QtZGlnZXN0ID0gTERRVU9UICpM SEVYIFJEUVVPVDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+VGhpcyBub3cgYWxsb3dzIGVtcHR5IHZhbHVlLiBJIHN1Z2dlc3QgeW91IHNw ZWNpZnkgYSBtaW5pbXVtIG51bWJlciBvZiBoZXg8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ZGlnaXRzIGFsbG93ZWQgaW4gdGhlIEFCTkYuIE9y IGF0IGxlYXN0IGNoYW5nZSAmcXVvdDsqTEhFWCZxdW90OyB0byAmcXVvdDsyKkxIRVgmcXVvdDsu PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZu YnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N CjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9j a3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_4EEBC37C3C1B42A9883B571FAE867C31ericssoncom_-- From nobody Thu Oct 31 10:22:49 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C60CA12008B; Thu, 31 Oct 2019 10:22:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4yCSnCC4cHPb; Thu, 31 Oct 2019 10:22:34 -0700 (PDT) Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0011612006A; Thu, 31 Oct 2019 10:22:33 -0700 (PDT) Received: by mail-il1-x134.google.com with SMTP id j2so3951557ilc.10; Thu, 31 Oct 2019 10:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bF3j9J7/F0/s6rICjTNhA1p3q4gcEUC+8RbQLxrnKgQ=; b=BVgXatL3aIW3ASYbgB9RpH0v1pEE4Wr6i2ymM+8kG9BRikF6rrrqHpwBbz7ebUGnh7 VmEz+60NUztPPJ91o0k32kyvxk+ICP4nHHVr0nGCJ1tk+QHXacAki1G0a2FayIvddFlu ZurVTgoG2fh+mcLVYAMYva3WMIHedMbmTCNli1c9bwjlqjYalZGDnY8FDoPOB+f/ORIQ kC3XTWau6k6IPvCzu9p9HcTGahpt7EN7+bOpelmdTUb6UTTHG8tq8RpqmZKjmIOkj6vR joY/MxRgm+h96Xb7036kK9Gr1WQxFaUt6M+MA6NuKkEl0U1op/OuM4rX3vvdA/CzkHMD usng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bF3j9J7/F0/s6rICjTNhA1p3q4gcEUC+8RbQLxrnKgQ=; b=q0j5smA/5VLB3GpfGgKPqUGL3jdrNRiHyTVRuzeGEUocwkEWCYBBY7MuPuSDTT5jhJ B1IavNd5VJSoxTPVejJoMDY4AAcNDLOt75xBdmjcD0xgKpFenlbkp5djPu/y8aZqtAmj MKrV4zgtLfHC4S3dvQmfnwKNGOwnjYxnJVrZ8Rei2NctKJAnwNh+vz7yoMblKPlPKcLR n/f5AaxJfNEMGb8iix6OcT9KweAX1KTUVcW4VOf031omb+36t3SmHN64yp6EEY5kHvyB /Sue87iZrbAqCqIzt/IIPgl47MlKv93X+9m1IMEKnfL5oBJE5LJ5zMm3ZWGcJVaFCJtu qH4Q== X-Gm-Message-State: APjAAAWqcD3SCM8XvE3Z+S11CfUFV/Y2Rrf2o8gHctjdljQn4lUymgLz B+Eg8fbSTmHEzKBYYkfiGh9PoYDXF3fmzBGBEAA= X-Google-Smtp-Source: APXvYqz7VdCQEJD29GwmPyK8D7321qO+WqZcJUv6BOAZoesrt8z09u75pwgzu2e8Uz84c/NzP2txvjKatmXV+WNKjEk= X-Received: by 2002:a92:60f:: with SMTP id x15mr7099335ilg.278.1572542553256; Thu, 31 Oct 2019 10:22:33 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> In-Reply-To: <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 13:22:21 -0400 Message-ID: To: Christer Holmberg Cc: Christer Holmberg , "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE , Alexey Melnikov Content-Type: multipart/alternative; boundary="00000000000047fc6a0596381827" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 17:22:39 -0000 --00000000000047fc6a0596381827 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Can you propose some text? Thanks, Rifaat On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg < christer.holmberg@ericsson.com> wrote: > Hi, > > > > Perhaps we could add some text about the IMS use-case, in order to explai= n > the empty value? > > > > Regards, > > > > Christer > > > > *From: *sipcore on behalf of Christer Holmberg > > *Date: *Thursday, 31 October 2019 at 15.52 > *To: *Rifaat Shekh-Yusef > *Cc: *"sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" , Alexey Melnikov < > aamelnikov@fastmail.fm> > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Hi, > > > > >This IMS behavior would have been in violation of RFC3261 which specifie= d > exactly 32 Hex characters. > > >So, this change should not make much of a difference in this case. > > > > In reality it probably doesn=E2=80=99t make a difference, but it would ma= ke the > IMS procedures =E2=80=9Caligned=E2=80=9D with the IETF spec. > > > > Regards, > > > > Christer > > > > > > > > > > On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg < > christer.holmberg@ericsson.com> wrote: > > > > Hi, > > > > The reason for the empty value comes from IMS and AKA, where you need to > include the user id already in the initial REGISTER request (this seems t= o > be missing from RFC 3310, but that=E2=80=99s a separate topic) in order f= or the > server to create the challenge, meaning that in the initial REGISTER > request you include an Authorization header field with the username > parameter carrying the IMS private user identity, the realm parameter and > the uri parameter. At this point you obviously don=E2=80=99t yet have the= response, > so in IMS it is specified that the response parameter is inserted with an > empty value. > > > > WHY it was specified that way (instead of simply not including the > response parameter) I don=E2=80=99t know, but I do know that it has been > implemented and deployed that way for many years. > > > > Regards, > > > > Christer > > > > > > *From: *sipcore on behalf of Rifaat > Shekh-Yusef > *Date: *Thursday, 31 October 2019 at 15.20 > *To: *Alexey Melnikov > *Cc: *"sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Done. > > > > On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov > wrote: > > On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote: > > Hi Alexey, > > > > I am fine with Paul's suggestion. > > Are you ok with "32*LHEX"? > > Yes! > > > > Thank you, > > Alexey > > > > Regards, > > Rfaat > > > > > > On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov > wrote: > > > > Hi Rifaat, > > > > On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > > > I am not sure I follow the 3rd one. Why do you see the need for a minimum > number of hex digits? > > You do say that the number of hex digits match the hash lenght, so it is > probably Ok. However empty value is never valid (and I am worried it migh= t > hit some boundary condition bug in implementations), so prohibiting it in > ABNF would be the best. > > > > Best Regards, > > Alexey > > > > Regards, > > Rifaat > > > > > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < > noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > > draft-ietf-sipcore-digest-scheme-12: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I am agreeing with Alissa's DISCUSS. > > > > Also, I have a few comments of my own: > > > > 1) Last para of Section 2.1: > > > > 2.1. Hash Algorithms > > > > A UAS prioritizes which algorithm to use based on the ordering of the > > challenge header fields in the response it is preparing. > > > > This looks either wrong or confusing to me. I think you are just saying > here > > that the order is decided by the server at this point. > > > > That > > process is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > So based on the above, my suggested replacement for both sentences: > > > > A UAS prioritizes which algorithm to use based on its policy, > > which is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > 2) Last para of Section 2.4: > > > > If the UAC cannot respond to any of the challenges in the response, > > then it SHOULD abandon attempts to send the request unless a local > > policy dictates otherwise. > > > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > > If yes, maybe you should make this clearer. > > > > For example, if the UAC does not have > > credentials or has stale credentials for any of the realms, the UAC > > will abandon the request. > > > > 3) In Section 2.7: > > > > request-digest =3D LDQUOT *LHEX RDQUOT > > > > This now allows empty value. I suggest you specify a minimum number of he= x > > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > > > > > > > --00000000000047fc6a0596381827 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Can you propose some text?

Thanks,
=C2=A0Rifaat


On Thu, Oct 31, 2019 at 11:44 AM Chr= ister Holmberg <christ= er.holmberg@ericsson.com> wrote:

Hi,

=C2=A0

Perhaps we could add some text = about the IMS use-case, in order to explain the empty value?<= /span>

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

From: = sipcore <sipcore-bounces@ietf= .org> on behalf of Christer Holmberg <christer.holmberg=3D40ericsson.com@= dmarc.ietf.org>
Date: Thursday, 31 October 2019 at 15.52
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "dra= ft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore= -digest-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org>, Alexey Melni= kov <aamelni= kov@fastmail.fm>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Hi,

=C2=A0

>This IMS behavior would hav= e been in violation of RFC3261 which specified exactly 32 Hex characters.

>So, this change should not = make much of=C2=A0a difference in this case.

=C2=A0

In reality it probably doesn=E2= =80=99t make a difference, but it would make the IMS procedures =E2=80=9Cal= igned=E2=80=9D with the IETF spec.

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg &l= t;chris= ter.holmberg@ericsson.com> wrote:

=C2=A0

Hi,

=C2=A0

The reason for the empty value = comes from IMS and AKA, where you need to include the user id already in th= e initial REGISTER request (this seems to be missing from RFC 3310, but that=E2=80=99s a separate topic) in order for the serve= r to create the challenge,=C2=A0 meaning that in the initial REGISTER reque= st you include an Authorization header field with the username parameter ca= rrying the IMS private user identity, the realm parameter and the uri parameter. At this point you obviously don=E2=80=99t= yet have the response, so in IMS it is specified that the response paramet= er is inserted with an empty value.

=C2=A0

WHY it was specified that way (= instead of simply not including the response parameter) I don=E2=80=99t kno= w, but I do know that it has been implemented and deployed that way for many years.

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

From: sipcore <sipcore-bounces@ietf= .org> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Thursday, 31 October 2019 at 15.20
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "dra= ft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.o= rg" <sipc= ore@ietf.org>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Done.

=C2=A0

On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef= wrote:

Hi Alexey,

=C2=A0

I am fine with Paul's suggestion.<= /p>

Are you ok with=C2=A0&qu= ot;32*LHEX"?

Yes!

=C2=A0

Thank you,

Alexey

=C2=A0

Regards,

=C2=A0Rfaat

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

=C2=A0

Hi Rifaat,

=C2=A0

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef= wrote:

Thanks Alexey!

=C2=A0

I am fine with the first two comments, and will fix = these in the coming version of the document.

=C2=A0

I am not sure I follow the 3rd one. Why do you see t= he need for a minimum number of hex digits?

You do say that the number of hex digits match the h= ash lenght, so it is probably Ok. However empty value is never valid (and I= am worried it might hit some boundary condition bug in implementations), so prohibiting it in ABNF would be the best.

=C2=A0

Best Regards,

Alexey

=C2=A0

Regards,

=C2=A0Rifaat

=C2=A0

=C2=A0

=C2=A0

On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via = Datatracker <norep= ly@ietf.org> wrote:

Alexey Melnikov has entered the following ballot pos= ition for

draft-ietf-sipcore-digest-scheme-12: No Objection=

=C2=A0

When responding, please keep the subject line intact= and reply to all

email addresses included in the To and CC lines. (Fe= el free to cut this

introductory paragraph, however.)

=C2=A0

=C2=A0

for more information about IESG DISCUSS and COMMENT = positions.

=C2=A0

=C2=A0

The document, along with other ballot positions, can= be found here:

=C2=A0

=C2=A0

=C2=A0

----------------------------------------------------= ------------------

COMMENT:

----------------------------------------------------= ------------------

=C2=A0

I am agreeing with Alissa's DISCUSS.

=C2=A0

Also, I have a few comments of my own:=

=C2=A0

1) Last para of Section 2.1:

=C2=A0

2.1.=C2=A0 Hash Algorithms

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on the ordering of the

=C2=A0 =C2=A0challenge header fields in the response= it is preparing.

=C2=A0

This looks either wrong or confusing to me. I think = you are just saying here

that the order is decided by the server at this poin= t.

=C2=A0

=C2=A0 =C2=A0That

=C2=A0 =C2=A0process is specified in section 2.3 and= parallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

So based on the above, my suggested replacement for = both sentences:

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on its policy,

=C2=A0 =C2=A0which is specified in section 2.3 and p= arallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

2) Last para of Section 2.4:

=C2=A0

=C2=A0 =C2=A0If the UAC cannot respond to any of the= challenges in the response,

=C2=A0 =C2=A0then it SHOULD abandon attempts to send= the request unless a local

=C2=A0 =C2=A0policy dictates otherwise.

=C2=A0

Is trying other non Digest algorithms covered by &qu= ot;SHOULD abandon"?

If yes, maybe you should make this clearer.

=C2=A0

=C2=A0 =C2=A0For example, if the UAC does not have

=C2=A0 =C2=A0credentials or has stale credentials fo= r any of the realms, the UAC

=C2=A0 =C2=A0will abandon the request.=

=C2=A0

3) In Section 2.7:

=C2=A0

=C2=A0 =C2=A0 =C2=A0 request-digest =3D LDQUOT *LHEX= RDQUOT

=C2=A0

This now allows empty value. I suggest you specify a= minimum number of hex

digits allowed in the ABNF. Or at least change "= ;*LHEX" to "2*LHEX".

=C2=A0

=C2=A0

=C2=A0

=C2=A0

--00000000000047fc6a0596381827-- From nobody Thu Oct 31 10:37:37 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9E2012081A for ; Thu, 31 Oct 2019 10:37:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sippysoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Sc39ckD10XS for ; Thu, 31 Oct 2019 10:37:33 -0700 (PDT) Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACFF120073 for ; Thu, 31 Oct 2019 10:37:32 -0700 (PDT) Received: by mail-io1-xd2d.google.com with SMTP id n17so7687366ioa.0 for ; Thu, 31 Oct 2019 10:37:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sippysoft.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=gg9XOmKccFz+oJrWVSSlUfQow0ng8VhEEvhnpULm3K8=; b=YCvGYxfEeTxY6sdMC6YuzXHGyopgEOYkdcZdOiQb5SoSF03i2vn6J0u14Ajtkbfv7z bPkqSwtuCYWKQCwhEXlvxL+79egHsxMkHxFr8m+MoAWdCYKaqJ+VeSPrYyZ1t0kOHwAu F+HULdPtxRGXDNN4QffBwzY/SF+WbGtpaAJr8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=gg9XOmKccFz+oJrWVSSlUfQow0ng8VhEEvhnpULm3K8=; b=g6ff1vEj13KMWmYX37T5F1q1Xn8AO0Y6TcRsUn7b85Loi3C5yreARrdSMAXUprB/MS E6TjWvmbXINyK74Yl2WZu5P3CGl04OI0x0YRGvhqE+XMGsAf34uQ3w0JV+NBJclZXtFF JghMulpWDTHfsCdg9qpYpeY2fHU78LI7/z0hgEKu3nQYB5CLLwwrpLNFofr/QtUCTxG/ 41oTNCoUWxdwfuErLuvoXm/rcYOQagZjHmshtg++tuXU29Gx63i/su2cbCXR7K/ij/MZ FhW/wtP0GOcBUGzdJRdDWISgR3YvgeZD3BuKEgqDL8DYawdFeNqKmefPqXqSXy77t177 nbiw== X-Gm-Message-State: APjAAAXmTcMhZbzFSiBmZFrq4zWTDMYenDsLwFmxczZnZb8peonRo9qy Q6CPCA/hOifvfa20jiCAUJ9Qnk22lWHrLq/I5s8rsLlRHd0= X-Google-Smtp-Source: APXvYqyHLoe4opy/nnXDGOMdefzVM4D5KWNu6WRj68MR7OjfEoM48EmQ6IeKTVPCspkgJ5vR/L5Lb9Jz2GTp2CBC+Lg= X-Received: by 2002:a6b:8b0a:: with SMTP id n10mr6072188iod.280.1572543451867; Thu, 31 Oct 2019 10:37:31 -0700 (PDT) MIME-Version: 1.0 References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> In-Reply-To: <157252797201.30364.11393682991189471576@ietfa.amsl.com> From: Maxim Sobolev Date: Thu, 31 Oct 2019 10:37:20 -0700 Message-ID: To: sipcore@ietf.org, Rifaat Shekh-Yusef Content-Type: multipart/alternative; boundary="000000000000d7cbeb0596384de0" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 17:37:36 -0000 --000000000000d7cbeb0596384de0 Content-Type: text/plain; charset="UTF-8" Hi, I am new here, so not sure what the proper process is, but there are few comments I have with regards to the proposed RFC: 1. In the Abstract section there is a phrase "the broken MD5 algorithm". I think "broken" might be a bit strong and emotionally charged. There is nothing broken about MD5 as far as hashing algorithm is concerned. It is proven to be not very secure in this day and age, but given the right amount of time any today's algorithm would probably be in that category. 2. Would be nice to have some examples, especially WRT multiple alternative algorithms. What I don't like about RFC7616 (which this RFC builds upon), though, is that they appear to suggest using the same nonce for all alternatives. Is it really required for the functionality or not? For the same amount of network BW used, you may provide more random bits and make attacker's life maybe a bit harder. Also, I am not a security expert, but it appears intuitively correct that a hash function with a longer output might require more salt bits, so you might actually save some BW by supplying each algorithm with just the right amount of randomness this way. Thanks! -Max On Thu, Oct 31, 2019 at 6:20 AM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Session Initiation Protocol Core WG of > the IETF. > > Title : The Session Initiation Protocol (SIP) Digest > Authentication Scheme > Author : Rifaat Shekh-Yusef > Filename : draft-ietf-sipcore-digest-scheme-14.txt > Pages : 9 > Date : 2019-10-31 > > Abstract: > This document updates RFC 3261 by updating the Digest Access > Authentication scheme used by the Session Initiation Protocol (SIP) > to add support for more secure digest algorithms, e.g., SHA-256 and > SHA-512-256, to replace the broken MD5 algorithm. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14 > https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore > --000000000000d7cbeb0596384de0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi, I am new here, so not sure what the p= roper process is, but there are few comments I have with regards to the pro= posed RFC:

1. In the Abstract section=C2=A0there is a ph= rase=C2=A0"the= broken MD5 algorithm".=C2=A0I think "broken" might b= e a bit strong and emotionally charged. There is nothing broken about MD5 a= s far as hashing algorithm is concerned. It is proven to be not very secure= in this day and age, but given the right amount of time any=C2=A0today'= ;s algorithm would probably be in that category.

2= . Would be nice to have some examples, especially WRT multiple alternative = algorithms. What I don't like about RFC7616 (which this RFC builds upon= ), though, is that they appear to suggest using the same nonce for all alte= rnatives. Is it really required for the functionality or not? For the same = amount=C2=A0of network BW used, you may provide more random bits and make a= ttacker's life maybe a bit harder. Also, I am not a security expert, bu= t it appears intuitively correct that a hash function=C2=A0with a longer ou= tput might require more salt bits, so you might actually save some BW by su= pplying each algorithm=C2=A0with just the right amount of randomness this w= ay.

Thanks!

-Max

On = Thu, Oct 31, 2019 at 6:20 AM <internet-drafts@ietf.org> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= The Session Initiation Protocol (SIP) Digest Authentication Scheme
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-digest-scheme-14.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 9
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2019-10-31

Abstract:
=C2=A0 =C2=A0This document updates RFC 3261 by updating the Digest Access =C2=A0 =C2=A0Authentication scheme used by the Session Initiation Protocol = (SIP)
=C2=A0 =C2=A0to add support for more secure digest algorithms, e.g., SHA-25= 6 and
=C2=A0 =C2=A0SHA-512-256, to replace the broken MD5 algorithm.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-iet= f-sipcore-digest-scheme-14
https://datatracker.ietf.or= g/doc/html/draft-ietf-sipcore-digest-scheme-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?= url2=3Ddraft-ietf-sipcore-digest-scheme-14


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore

--000000000000d7cbeb0596384de0-- From nobody Thu Oct 31 10:50:20 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FEC6120800; Thu, 31 Oct 2019 10:50:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hphfrNLJr49H; Thu, 31 Oct 2019 10:50:06 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AF5112012E; Thu, 31 Oct 2019 10:50:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZRqQnsgBi+ZLvNl0+1Jlc2iukoO681bQTrCW14bgauk7U49BMeZwS7muqiItSCGAupsdaegcqK/vKIfxp2wQLrFbVWbLBqwEeymMxDMKIQ1rbP8L2wPiPzdOiCEcIZcc13jeurG8zl/pENmRi+0vX5/ENeDBoGubyW36Jfm+U0shftXhc62fpiV+cIuOmPgZ5QxLxHnprtyUiMG0yXQ3wsvKr5ZrBqbXxD6yOFIElwcjdekZp2cGXiSEIMbtHAeRSpBzOpM0ihrzMZlVQwlb1CJJ5Jmv7B3VVrFgKZAhhNhP8iIUxxulmjTFKRCJukAdTTX1EFmLbF0+2kXc/ZzlRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OcQ4oOtcM7L8RSaCB33cd6eB23RcF7jkgEmqHSRLCwM=; b=MeVYM6OxT6u68r2lcvWcnNbBNrRhoBOOK6aK742qQeCOR2poRuUwJXQWMsld+1tsiwa67A4I1scH3x3NuHcWR1bfZSbe7xTx7J7ngcg55hmhRoJD6TW1K31qcKHQ5W42bJtPjF9MMMLRq5m9gSyyIaQo7M3xm2LqYfPGz3zxsxarGq3hd9VfioHWLPDBasrWKIXY1JWjYaBr+w+R0eMJXvbUy3GQbjV1b7iDzglq1OGmqTqBu+MVF1K4pJDUftDHlBuFPFSqSzi/EEzTDppU1Fnv1nXdRvlsYxl679zU1INZUvk3ASanc47O2KIdtlgB1oD0UoAYPJprarumyOAe1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OcQ4oOtcM7L8RSaCB33cd6eB23RcF7jkgEmqHSRLCwM=; b=mTg+L2r5S1AK7ZyM9poH2MGDSQShCGvSphsR5T20eny93VZHr2eaZxaZJ2FpuqpsCbClXUiPhLPToW7EufaoaqNznYfSC2Gknpih4fjuWl40tVZCk5wsoYbu/1u1PVv1S2ak44NNfBkm7vbq719Id4Vi9oLGEPVexZ8Yr7v3VM8= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3098.eurprd07.prod.outlook.com (10.170.241.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.14; Thu, 31 Oct 2019 17:50:01 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 17:50:01 +0000 From: Christer Holmberg To: Rifaat Shekh-Yusef CC: Christer Holmberg , "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE , Alexey Melnikov Thread-Topic: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) Thread-Index: AQHVj+3+/XQWOAP0gUmCkUmQAngGd6d04liA///hPYCAACLmgIAAH3GA///5uYCAAClCgA== Date: Thu, 31 Oct 2019 17:50:01 +0000 Message-ID: <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5f329415-af5d-4250-f478-08d75e2ac107 x-ms-traffictypediagnostic: HE1PR07MB3098: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(376002)(346002)(136003)(39860400002)(366004)(396003)(189003)(199004)(18543002)(66446008)(186003)(64756008)(11346002)(44832011)(6486002)(53546011)(76176011)(966005)(6306002)(33656002)(606006)(5660300002)(478600001)(236005)(99286004)(14454004)(229853002)(76116006)(446003)(6246003)(102836004)(66946007)(6916009)(6512007)(6506007)(54896002)(2616005)(21615005)(25786009)(6436002)(66066001)(66556008)(476003)(26005)(486006)(86362001)(66476007)(81156014)(6116002)(81166006)(54906003)(8676002)(8936002)(5070765005)(2906002)(3846002)(316002)(14444005)(7736002)(256004)(71190400001)(71200400001)(36756003)(4326008)(58126008)(87000200001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3098; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DYG7wCK6Ax/8a+9tq/ni/OUf+tpa0i09aZDPONLVsuEP61gb6x05yyDQWFvljzkjg/oLMsZImVyL24a9fqyLDVGCcuQ3UYQaWjKm1s7qvHj5Fv5HNy0EPnXGn1ybr12XrOsTAlyJNdMdfUsRJH+UYQACILYJsskYPYeSbulaqcng80CqZszlZF/Tgm8JbOoFr5DQdoAQhQns+2aDygq7U6IIZ6H1jLuWoi8PNRzQYlcPn9veRl/mcWFuk3aeIrYSeFhqU+5Om9LdTynxWgGCkSomjXT+kRseT2iwVytk39AaPtgLxoKjaniC/frZiKo9ZOALuAkTLnkawhEnNMWPGa9KrjkmVDoXLgxtki7iNZKsDnpjSXrNyrJq8H3L4Bh4WZWzUc8kqth801XlvLjvAVA0y3WtmW4akCncFiA8wHiiITQk5L2nu3CdrJCn+oohGR4gFhTujBaMeGEmJkDXVfMvvNFfFvyh6OUHH+KeV8U= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_2B1C666E171849B2AECAB2759BEE6872ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5f329415-af5d-4250-f478-08d75e2ac107 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 17:50:01.5346 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: u+NDS4ky9+krWfIXwPWSKNnt96LpMUDx71iXyUrd4ZDypwKR/FhRJ0LhIo/Z/92/mf2E+JN2icTUAgu3ov20sT/2MczY0y96BAI4RISKigo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3098 Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 17:50:10 -0000 --_000_2B1C666E171849B2AECAB2759BEE6872ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U29tZXRoaW5nIGxpa2UgdGhpczoNCg0K4oCcSW4gc29tZSBjYXNlcyBhIFVBQyBuZWVkcyB0byBp bmNsdWRlIGFuIEF1dGhvcml6YXRpb24gaGVhZGVyIGZpZWxkIGluIGEgcmVxdWVzdCBiZWZvcmUg aXQgaGFzIHJlY2VpdmVkIGEgY2hhbGxlbmdlLCBpbiBvcmRlciB0byBwcm92aWRlIHVzZXIgaW5m b3JtYXRpb24gKHVzaW5nIHRoZSDigJh1c2VyaW5mb+KAmSBoZWFkZXIgZmllbGQgcGFyYW1ldGVy KSB0aGF0IGlzIG5lZWRlZCBpbiBvcmRlciB0byBjcmVhdGUgdGhlIGNoYWxsZW5nZS4gQW4gZXhh bXBsZSBvZiBzdWNoIGNhc2UgaXMgd2hlbiB0aGUgSFRUUCBEaWdlc3QgQXV0aGVudGljYXRpb24g VXNpbmcgQUtBIG1lY2hhbmlzbSAoUkZDMzMxMCkgKFJGQzQxNjkpIGlzIHVzZWQuIEluIHN1Y2gg Y2FzZSB0aGUgQXV0aG9yaXphdGlvbiBoZWFkZXIgZmllbGQgd291bGQgdHlwaWNhbGx5IG5vdCBj b250YWluIGEg4oCYcmVzcG9uc2XigJkgaGVhZGVyIGZpZWxkIHBhcmFtZXRlciBiZWZvcmUgYSBj aGFsbGVuZ2UgcmVzcG9uc2UgaXMgcHJvdmlkZWQuIEhvd2V2ZXIsIGZvciB0aGUgSVAgTXVsdGlt ZWRpYSBTdWJzeXN0ZW0gKElNUykgaXQgaGFzIGJlZW4gc3BlY2lmaWVkIHRoYXQgdGhlIEF1dGhv cml6YXRpb24gaGVhZGVyIGZpZWxkIGluIHN1Y2ggY2FzZSBkb2VzIGNvbnRhaW4gYSAg4oCYcmVz cG9uc2XigJkgaGVhZGVyIGZpZWxkIHBhcmFtZXRlciwgd2l0aCBhbiBlbXB0eSB2YWx1ZSAoZW1w dHkgc3RyaW5nKS4gRm9yIHRoYXQgcmVhc29uIHRoZSBtb2RpZmllZCByZXF1ZXN0LWRpZ2VzdCBB Qk5GIGFsbG93cyBzdWNoIGVtcHR5IHZhbHVlcy7igJ0NCg0KUmVnYXJkcywNCg0KQ2hyaXN0ZXIN Cg0KDQpGcm9tOiBSaWZhYXQgU2hla2gtWXVzZWYgPHJpZmFhdC5pZXRmQGdtYWlsLmNvbT4NCkRh dGU6IFRodXJzZGF5LCAzMSBPY3RvYmVyIDIwMTkgYXQgMTkuMjINClRvOiBDaHJpc3RlciBIb2xt YmVyZyA8Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tPg0KQ2M6IENocmlzdGVyIEhvbG1i ZXJnIDxjaHJpc3Rlci5ob2xtYmVyZz00MGVyaWNzc29uLmNvbUBkbWFyYy5pZXRmLm9yZz4sICJz aXBjb3JlLWNoYWlyc0BpZXRmLm9yZyIgPHNpcGNvcmUtY2hhaXJzQGlldGYub3JnPiwgImRyYWZ0 LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYub3JnIiA8ZHJhZnQtaWV0Zi1zaXBjb3Jl LWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+LCAiaWVzZ0BpZXRmLm9yZyIgPGllc2dAaWV0Zi5vcmc+ LCAic2lwY29yZUBpZXRmLm9yZyIgPHNpcGNvcmVAaWV0Zi5vcmc+LCBBbGV4ZXkgTWVsbmlrb3Yg PGFhbWVsbmlrb3ZAZmFzdG1haWwuZm0+DQpTdWJqZWN0OiBSZTogW3NpcGNvcmVdIEFsZXhleSBN ZWxuaWtvdidzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVt ZS0xMjogKHdpdGggQ09NTUVOVCkNCg0KQ2FuIHlvdSBwcm9wb3NlIHNvbWUgdGV4dD8NCg0KVGhh bmtzLA0KIFJpZmFhdA0KDQoNCk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDExOjQ0IEFNIENocmlz dGVyIEhvbG1iZXJnIDxjaHJpc3Rlci5ob2xtYmVyZ0Blcmljc3Nvbi5jb208bWFpbHRvOmNocmlz dGVyLmhvbG1iZXJnQGVyaWNzc29uLmNvbT4+IHdyb3RlOg0KSGksDQoNClBlcmhhcHMgd2UgY291 bGQgYWRkIHNvbWUgdGV4dCBhYm91dCB0aGUgSU1TIHVzZS1jYXNlLCBpbiBvcmRlciB0byBleHBs YWluIHRoZSBlbXB0eSB2YWx1ZT8NCg0KUmVnYXJkcywNCg0KQ2hyaXN0ZXINCg0KRnJvbTogc2lw Y29yZSA8c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpzaXBjb3JlLWJvdW5jZXNAaWV0 Zi5vcmc+PiBvbiBiZWhhbGYgb2YgQ2hyaXN0ZXIgSG9sbWJlcmcgPGNocmlzdGVyLmhvbG1iZXJn PTQwZXJpY3Nzb24uY29tQGRtYXJjLmlldGYub3JnPG1haWx0bzo0MGVyaWNzc29uLmNvbUBkbWFy Yy5pZXRmLm9yZz4+DQpEYXRlOiBUaHVyc2RheSwgMzEgT2N0b2JlciAyMDE5IGF0IDE1LjUyDQpU bzogUmlmYWF0IFNoZWtoLVl1c2VmIDxyaWZhYXQuaWV0ZkBnbWFpbC5jb208bWFpbHRvOnJpZmFh dC5pZXRmQGdtYWlsLmNvbT4+DQpDYzogInNpcGNvcmUtY2hhaXJzQGlldGYub3JnPG1haWx0bzpz aXBjb3JlLWNoYWlyc0BpZXRmLm9yZz4iIDxzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZzxtYWlsdG86 c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc+PiwgImRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2No ZW1lQGlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRm Lm9yZz4iIDxkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZzxtYWlsdG86 ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+PiwgImllc2dAaWV0Zi5v cmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+IiA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86aWVzZ0BpZXRm Lm9yZz4+LCAic2lwY29yZUBpZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9yZz4iIDxzaXBj b3JlQGlldGYub3JnPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPj4sIEFsZXhleSBNZWxuaWtvdiA8 YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+DQpT dWJqZWN0OiBSZTogW3NpcGNvcmVdIEFsZXhleSBNZWxuaWtvdidzIE5vIE9iamVjdGlvbiBvbiBk cmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMjogKHdpdGggQ09NTUVOVCkNCg0KSGks DQoNCj5UaGlzIElNUyBiZWhhdmlvciB3b3VsZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9mIFJG QzMyNjEgd2hpY2ggc3BlY2lmaWVkIGV4YWN0bHkgMzIgSGV4IGNoYXJhY3RlcnMuDQo+U28sIHRo aXMgY2hhbmdlIHNob3VsZCBub3QgbWFrZSBtdWNoIG9mIGEgZGlmZmVyZW5jZSBpbiB0aGlzIGNh c2UuDQoNCkluIHJlYWxpdHkgaXQgcHJvYmFibHkgZG9lc27igJl0IG1ha2UgYSBkaWZmZXJlbmNl LCBidXQgaXQgd291bGQgbWFrZSB0aGUgSU1TIHByb2NlZHVyZXMg4oCcYWxpZ25lZOKAnSB3aXRo IHRoZSBJRVRGIHNwZWMuDQoNClJlZ2FyZHMsDQoNCkNocmlzdGVyDQoNCg0KDQoNCk9uIFRodSwg T2N0IDMxLCAyMDE5IGF0IDk6MzcgQU0gQ2hyaXN0ZXIgSG9sbWJlcmcgPGNocmlzdGVyLmhvbG1i ZXJnQGVyaWNzc29uLmNvbTxtYWlsdG86Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tPj4g d3JvdGU6DQoNCkhpLA0KDQpUaGUgcmVhc29uIGZvciB0aGUgZW1wdHkgdmFsdWUgY29tZXMgZnJv bSBJTVMgYW5kIEFLQSwgd2hlcmUgeW91IG5lZWQgdG8gaW5jbHVkZSB0aGUgdXNlciBpZCBhbHJl YWR5IGluIHRoZSBpbml0aWFsIFJFR0lTVEVSIHJlcXVlc3QgKHRoaXMgc2VlbXMgdG8gYmUgbWlz c2luZyBmcm9tIFJGQyAzMzEwLCBidXQgdGhhdOKAmXMgYSBzZXBhcmF0ZSB0b3BpYykgaW4gb3Jk ZXIgZm9yIHRoZSBzZXJ2ZXIgdG8gY3JlYXRlIHRoZSBjaGFsbGVuZ2UsICBtZWFuaW5nIHRoYXQg aW4gdGhlIGluaXRpYWwgUkVHSVNURVIgcmVxdWVzdCB5b3UgaW5jbHVkZSBhbiBBdXRob3JpemF0 aW9uIGhlYWRlciBmaWVsZCB3aXRoIHRoZSB1c2VybmFtZSBwYXJhbWV0ZXIgY2FycnlpbmcgdGhl IElNUyBwcml2YXRlIHVzZXIgaWRlbnRpdHksIHRoZSByZWFsbSBwYXJhbWV0ZXIgYW5kIHRoZSB1 cmkgcGFyYW1ldGVyLiBBdCB0aGlzIHBvaW50IHlvdSBvYnZpb3VzbHkgZG9u4oCZdCB5ZXQgaGF2 ZSB0aGUgcmVzcG9uc2UsIHNvIGluIElNUyBpdCBpcyBzcGVjaWZpZWQgdGhhdCB0aGUgcmVzcG9u c2UgcGFyYW1ldGVyIGlzIGluc2VydGVkIHdpdGggYW4gZW1wdHkgdmFsdWUuDQoNCldIWSBpdCB3 YXMgc3BlY2lmaWVkIHRoYXQgd2F5IChpbnN0ZWFkIG9mIHNpbXBseSBub3QgaW5jbHVkaW5nIHRo ZSByZXNwb25zZSBwYXJhbWV0ZXIpIEkgZG9u4oCZdCBrbm93LCBidXQgSSBkbyBrbm93IHRoYXQg aXQgaGFzIGJlZW4gaW1wbGVtZW50ZWQgYW5kIGRlcGxveWVkIHRoYXQgd2F5IGZvciBtYW55IHll YXJzLg0KDQpSZWdhcmRzLA0KDQpDaHJpc3Rlcg0KDQoNCkZyb206IHNpcGNvcmUgPHNpcGNvcmUt Ym91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPj4gb24gYmVo YWxmIG9mIFJpZmFhdCBTaGVraC1ZdXNlZiA8cmlmYWF0LmlldGZAZ21haWwuY29tPG1haWx0bzpy aWZhYXQuaWV0ZkBnbWFpbC5jb20+Pg0KRGF0ZTogVGh1cnNkYXksIDMxIE9jdG9iZXIgMjAxOSBh dCAxNS4yMA0KVG86IEFsZXhleSBNZWxuaWtvdiA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbTxtYWls dG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+DQpDYzogInNpcGNvcmUtY2hhaXJzQGlldGYub3Jn PG1haWx0bzpzaXBjb3JlLWNoYWlyc0BpZXRmLm9yZz4iIDxzaXBjb3JlLWNoYWlyc0BpZXRmLm9y ZzxtYWlsdG86c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc+PiwgImRyYWZ0LWlldGYtc2lwY29yZS1k aWdlc3Qtc2NoZW1lQGlldGYub3JnPG1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNj aGVtZUBpZXRmLm9yZz4iIDxkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9y ZzxtYWlsdG86ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmc+PiwgImll c2dAaWV0Zi5vcmc8bWFpbHRvOmllc2dAaWV0Zi5vcmc+IiA8aWVzZ0BpZXRmLm9yZzxtYWlsdG86 aWVzZ0BpZXRmLm9yZz4+LCAic2lwY29yZUBpZXRmLm9yZzxtYWlsdG86c2lwY29yZUBpZXRmLm9y Zz4iIDxzaXBjb3JlQGlldGYub3JnPG1haWx0bzpzaXBjb3JlQGlldGYub3JnPj4NClN1YmplY3Q6 IFJlOiBbc2lwY29yZV0gQWxleGV5IE1lbG5pa292J3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWll dGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTEyOiAod2l0aCBDT01NRU5UKQ0KDQpEb25lLg0KDQpP biBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5OjEzIEFNIEFsZXhleSBNZWxuaWtvdiA8YWFtZWxuaWtv dkBmYXN0bWFpbC5mbTxtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4+IHdyb3RlOg0KT24g VGh1LCBPY3QgMzEsIDIwMTksIGF0IDE6MTEgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZToN CkhpIEFsZXhleSwNCg0KSSBhbSBmaW5lIHdpdGggUGF1bCdzIHN1Z2dlc3Rpb24uDQpBcmUgeW91 IG9rIHdpdGggIjMyKkxIRVgiPw0KWWVzIQ0KDQpUaGFuayB5b3UsDQpBbGV4ZXkNCg0KUmVnYXJk cywNCiBSZmFhdA0KDQoNCk9uIFRodSwgT2N0IDMxLCAyMDE5IGF0IDc6MjIgQU0gQWxleGV5IE1l bG5pa292IDxhYW1lbG5pa292QGZhc3RtYWlsLmZtPG1haWx0bzphYW1lbG5pa292QGZhc3RtYWls LmZtPj4gd3JvdGU6DQoNCkhpIFJpZmFhdCwNCg0KT24gV2VkLCBPY3QgMzAsIDIwMTksIGF0IDk6 NTAgUE0sIFJpZmFhdCBTaGVraC1ZdXNlZiB3cm90ZToNClRoYW5rcyBBbGV4ZXkhDQoNCkkgYW0g ZmluZSB3aXRoIHRoZSBmaXJzdCB0d28gY29tbWVudHMsIGFuZCB3aWxsIGZpeCB0aGVzZSBpbiB0 aGUgY29taW5nIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50Lg0KDQpJIGFtIG5vdCBzdXJlIEkgZm9s bG93IHRoZSAzcmQgb25lLiBXaHkgZG8geW91IHNlZSB0aGUgbmVlZCBmb3IgYSBtaW5pbXVtIG51 bWJlciBvZiBoZXggZGlnaXRzPw0KWW91IGRvIHNheSB0aGF0IHRoZSBudW1iZXIgb2YgaGV4IGRp Z2l0cyBtYXRjaCB0aGUgaGFzaCBsZW5naHQsIHNvIGl0IGlzIHByb2JhYmx5IE9rLiBIb3dldmVy IGVtcHR5IHZhbHVlIGlzIG5ldmVyIHZhbGlkIChhbmQgSSBhbSB3b3JyaWVkIGl0IG1pZ2h0IGhp dCBzb21lIGJvdW5kYXJ5IGNvbmRpdGlvbiBidWcgaW4gaW1wbGVtZW50YXRpb25zKSwgc28gcHJv aGliaXRpbmcgaXQgaW4gQUJORiB3b3VsZCBiZSB0aGUgYmVzdC4NCg0KQmVzdCBSZWdhcmRzLA0K QWxleGV5DQoNClJlZ2FyZHMsDQogUmlmYWF0DQoNCg0KDQpPbiBXZWQsIE9jdCAzMCwgMjAxOSBh dCAxOjE2IFBNIEFsZXhleSBNZWxuaWtvdiB2aWEgRGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0Zi5v cmc8bWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmc+PiB3cm90ZToNCkFsZXhleSBNZWxuaWtvdiBoYXMg ZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCmRyYWZ0LWlldGYtc2lw Y29yZS1kaWdlc3Qtc2NoZW1lLTEyOiBObyBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5nLCBw bGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQplbWFp bCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0 byBjdXQgdGhpcw0KaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0KUGxlYXNl IHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3Jp dGVyaWEuaHRtbA0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBD T01NRU5UIHBvc2l0aW9ucy4NCg0KDQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFs bG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQpodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS8NCg0KDQoNCi0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0NCkNPTU1FTlQ6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCkkgYW0gYWdyZWVpbmcgd2l0aCBB bGlzc2EncyBESVNDVVNTLg0KDQpBbHNvLCBJIGhhdmUgYSBmZXcgY29tbWVudHMgb2YgbXkgb3du Og0KDQoxKSBMYXN0IHBhcmEgb2YgU2VjdGlvbiAyLjE6DQoNCjIuMS4gIEhhc2ggQWxnb3JpdGht cw0KDQogICBBIFVBUyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJhc2VkIG9u IHRoZSBvcmRlcmluZyBvZiB0aGUNCiAgIGNoYWxsZW5nZSBoZWFkZXIgZmllbGRzIGluIHRoZSBy ZXNwb25zZSBpdCBpcyBwcmVwYXJpbmcuDQoNClRoaXMgbG9va3MgZWl0aGVyIHdyb25nIG9yIGNv bmZ1c2luZyB0byBtZS4gSSB0aGluayB5b3UgYXJlIGp1c3Qgc2F5aW5nIGhlcmUNCnRoYXQgdGhl IG9yZGVyIGlzIGRlY2lkZWQgYnkgdGhlIHNlcnZlciBhdCB0aGlzIHBvaW50Lg0KDQogICBUaGF0 DQogICBwcm9jZXNzIGlzIHNwZWNpZmllZCBpbiBzZWN0aW9uIDIuMyBhbmQgcGFyYWxsZWxzIHRo ZSBwcm9jZXNzIHVzZWQgaW4NCiAgIEhUVFAgc3BlY2lmaWVkIGJ5IFtSRkM3NjE2XS4NCg0KU28g YmFzZWQgb24gdGhlIGFib3ZlLCBteSBzdWdnZXN0ZWQgcmVwbGFjZW1lbnQgZm9yIGJvdGggc2Vu dGVuY2VzOg0KDQogICBBIFVBUyBwcmlvcml0aXplcyB3aGljaCBhbGdvcml0aG0gdG8gdXNlIGJh c2VkIG9uIGl0cyBwb2xpY3ksDQogICB3aGljaCBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAyLjMg YW5kIHBhcmFsbGVscyB0aGUgcHJvY2VzcyB1c2VkIGluDQogICBIVFRQIHNwZWNpZmllZCBieSBb UkZDNzYxNl0uDQoNCjIpIExhc3QgcGFyYSBvZiBTZWN0aW9uIDIuNDoNCg0KICAgSWYgdGhlIFVB QyBjYW5ub3QgcmVzcG9uZCB0byBhbnkgb2YgdGhlIGNoYWxsZW5nZXMgaW4gdGhlIHJlc3BvbnNl LA0KICAgdGhlbiBpdCBTSE9VTEQgYWJhbmRvbiBhdHRlbXB0cyB0byBzZW5kIHRoZSByZXF1ZXN0 IHVubGVzcyBhIGxvY2FsDQogICBwb2xpY3kgZGljdGF0ZXMgb3RoZXJ3aXNlLg0KDQpJcyB0cnlp bmcgb3RoZXIgbm9uIERpZ2VzdCBhbGdvcml0aG1zIGNvdmVyZWQgYnkgIlNIT1VMRCBhYmFuZG9u Ij8NCklmIHllcywgbWF5YmUgeW91IHNob3VsZCBtYWtlIHRoaXMgY2xlYXJlci4NCg0KICAgRm9y IGV4YW1wbGUsIGlmIHRoZSBVQUMgZG9lcyBub3QgaGF2ZQ0KICAgY3JlZGVudGlhbHMgb3IgaGFz IHN0YWxlIGNyZWRlbnRpYWxzIGZvciBhbnkgb2YgdGhlIHJlYWxtcywgdGhlIFVBQw0KICAgd2ls bCBhYmFuZG9uIHRoZSByZXF1ZXN0Lg0KDQozKSBJbiBTZWN0aW9uIDIuNzoNCg0KICAgICAgcmVx dWVzdC1kaWdlc3QgPSBMRFFVT1QgKkxIRVggUkRRVU9UDQoNClRoaXMgbm93IGFsbG93cyBlbXB0 eSB2YWx1ZS4gSSBzdWdnZXN0IHlvdSBzcGVjaWZ5IGEgbWluaW11bSBudW1iZXIgb2YgaGV4DQpk aWdpdHMgYWxsb3dlZCBpbiB0aGUgQUJORi4gT3IgYXQgbGVhc3QgY2hhbmdlICIqTEhFWCIgdG8g IjIqTEhFWCIuDQoNCg0KDQoNCg== --_000_2B1C666E171849B2AECAB2759BEE6872ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <68AEA4B41653C04DA538FD89F7893E4A@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1 YWdlOkVOLVVTIj5Tb21ldGhpbmcgbGlrZSB0aGlzOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3Qt bGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6 RU4tVVMiPuKAnEluIHNvbWUgY2FzZXMgYSBVQUMgbmVlZHMgdG8gaW5jbHVkZSBhbiBBdXRob3Jp emF0aW9uIGhlYWRlciBmaWVsZCBpbiBhIHJlcXVlc3QgYmVmb3JlIGl0IGhhcyByZWNlaXZlZCBh IGNoYWxsZW5nZSwgaW4gb3JkZXIgdG8gcHJvdmlkZSB1c2VyIGluZm9ybWF0aW9uICh1c2luZyB0 aGUg4oCYdXNlcmluZm/igJkgaGVhZGVyDQogZmllbGQgcGFyYW1ldGVyKSB0aGF0IGlzIG5lZWRl ZCBpbiBvcmRlciB0byBjcmVhdGUgdGhlIGNoYWxsZW5nZS4gQW4gZXhhbXBsZSBvZiBzdWNoIGNh c2UgaXMgd2hlbiB0aGUgSFRUUCBEaWdlc3QgQXV0aGVudGljYXRpb24gVXNpbmcgQUtBIG1lY2hh bmlzbSAoUkZDMzMxMCkgKFJGQzQxNjkpIGlzIHVzZWQuIEluIHN1Y2ggY2FzZSB0aGUgQXV0aG9y aXphdGlvbiBoZWFkZXIgZmllbGQgd291bGQgdHlwaWNhbGx5IG5vdCBjb250YWluIGEg4oCYcmVz cG9uc2XigJkNCiBoZWFkZXIgZmllbGQgcGFyYW1ldGVyIGJlZm9yZSBhIGNoYWxsZW5nZSByZXNw b25zZSBpcyBwcm92aWRlZC4gSG93ZXZlciwgZm9yIHRoZSBJUCBNdWx0aW1lZGlhIFN1YnN5c3Rl bSAoSU1TKSBpdCBoYXMgYmVlbiBzcGVjaWZpZWQgdGhhdCB0aGUgQXV0aG9yaXphdGlvbiBoZWFk ZXIgZmllbGQgaW4gc3VjaCBjYXNlIGRvZXMgY29udGFpbiBhICZuYnNwO+KAmHJlc3BvbnNl4oCZ IGhlYWRlciBmaWVsZCBwYXJhbWV0ZXIsIHdpdGggYW4gZW1wdHkgdmFsdWUgKGVtcHR5DQogc3Ry aW5nKS4gRm9yIHRoYXQgcmVhc29uIHRoZSBtb2RpZmllZCByZXF1ZXN0LWRpZ2VzdCBBQk5GIGFs bG93cyBzdWNoIGVtcHR5IHZhbHVlcy7igJ08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1 YWdlOkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVT Ij5SZWdhcmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9 IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkNocmlzdGVyPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJt c28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3Bh ZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206IDwvc3Bhbj48L2I+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPlJpZmFhdCBTaGVraC1ZdXNl ZiAmbHQ7cmlmYWF0LmlldGZAZ21haWwuY29tJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5UaHVyc2Rh eSwgMzEgT2N0b2JlciAyMDE5IGF0IDE5LjIyPGJyPg0KPGI+VG86IDwvYj5DaHJpc3RlciBIb2xt YmVyZyAmbHQ7Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tJmd0Ozxicj4NCjxiPkNjOiA8 L2I+Q2hyaXN0ZXIgSG9sbWJlcmcgJmx0O2NocmlzdGVyLmhvbG1iZXJnPTQwZXJpY3Nzb24uY29t QGRtYXJjLmlldGYub3JnJmd0OywgJnF1b3Q7c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmcmcXVvdDsg Jmx0O3NpcGNvcmUtY2hhaXJzQGlldGYub3JnJmd0OywgJnF1b3Q7ZHJhZnQtaWV0Zi1zaXBjb3Jl LWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmcmcXVvdDsgJmx0O2RyYWZ0LWlldGYtc2lwY29yZS1kaWdl c3Qtc2NoZW1lQGlldGYub3JnJmd0OywgJnF1b3Q7aWVzZ0BpZXRmLm9yZyZxdW90OyAmbHQ7aWVz Z0BpZXRmLm9yZyZndDssICZxdW90O3NpcGNvcmVAaWV0Zi5vcmcmcXVvdDsNCiAmbHQ7c2lwY29y ZUBpZXRmLm9yZyZndDssIEFsZXhleSBNZWxuaWtvdiAmbHQ7YWFtZWxuaWtvdkBmYXN0bWFpbC5m bSZndDs8YnI+DQo8Yj5TdWJqZWN0OiA8L2I+UmU6IFtzaXBjb3JlXSBBbGV4ZXkgTWVsbmlrb3Yn cyBObyBPYmplY3Rpb24gb24gZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTI6ICh3 aXRoIENPTU1FTlQpPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5DYW4geW91IHByb3Bvc2Ugc29tZSB0ZXh0PyA8bzpwPjwvbzpwPjwv cD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rcyw8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwO1JpZmFhdDxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIFRodSwg T2N0IDMxLCAyMDE5IGF0IDExOjQ0IEFNIENocmlzdGVyIEhvbG1iZXJnICZsdDs8YSBocmVmPSJt YWlsdG86Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tIj5jaHJpc3Rlci5ob2xtYmVyZ0Bl cmljc3Nvbi5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2Nr cXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7 cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6 MGNtIj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5IaSw8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5QZXJoYXBzIHdlIGNvdWxkIGFk ZCBzb21lIHRleHQgYWJvdXQgdGhlIElNUyB1c2UtY2FzZSwgaW4gb3JkZXIgdG8gZXhwbGFpbiB0 aGUgZW1wdHkgdmFsdWU/PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+UmVnYXJkcyw8L3NwYW4+PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj4m bmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFu IGxhbmc9IkVOLVVTIj5DaHJpc3Rlcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBw dDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PGI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206DQo8L3NwYW4+ PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5zaXBjb3JlICZs dDs8YSBocmVmPSJtYWlsdG86c2lwY29yZS1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFu ayI+c2lwY29yZS1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgb24gYmVoYWxmIG9mIENocmlzdGVy IEhvbG1iZXJnICZsdDtjaHJpc3Rlci5ob2xtYmVyZz08YSBocmVmPSJtYWlsdG86NDBlcmljc3Nv bi5jb21AZG1hcmMuaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj40MGVyaWNzc29uLmNvbUBkbWFy Yy5pZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPlRodXJzZGF5LCAzMSBPY3RvYmVy IDIwMTkgYXQgMTUuNTI8YnI+DQo8Yj5UbzogPC9iPlJpZmFhdCBTaGVraC1ZdXNlZiAmbHQ7PGEg aHJlZj0ibWFpbHRvOnJpZmFhdC5pZXRmQGdtYWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPnJpZmFh dC5pZXRmQGdtYWlsLmNvbTwvYT4mZ3Q7PGJyPg0KPGI+Q2M6IDwvYj4mcXVvdDs8YSBocmVmPSJt YWlsdG86c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3JlLWNo YWlyc0BpZXRmLm9yZzwvYT4mcXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzpzaXBjb3JlLWNoYWly c0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmUtY2hhaXJzQGlldGYub3JnPC9hPiZn dDssICZxdW90OzxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVt ZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2No ZW1lQGlldGYub3JnPC9hPiZxdW90Ow0KICZsdDs8YSBocmVmPSJtYWlsdG86ZHJhZnQtaWV0Zi1z aXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5kcmFmdC1pZXRm LXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZzwvYT4mZ3Q7LCAmcXVvdDs8YSBocmVmPSJt YWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmllc2dAaWV0Zi5vcmc8L2E+JnF1 b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86aWVzZ0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmll c2dAaWV0Zi5vcmc8L2E+Jmd0OywNCiAmcXVvdDs8YSBocmVmPSJtYWlsdG86c2lwY29yZUBpZXRm Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0Zi5vcmc8L2E+JnF1b3Q7ICZsdDs8YSBo cmVmPSJtYWlsdG86c2lwY29yZUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNpcGNvcmVAaWV0 Zi5vcmc8L2E+Jmd0OywgQWxleGV5IE1lbG5pa292ICZsdDs8YSBocmVmPSJtYWlsdG86YWFtZWxu aWtvdkBmYXN0bWFpbC5mbSIgdGFyZ2V0PSJfYmxhbmsiPmFhbWVsbmlrb3ZAZmFzdG1haWwuZm08 L2E+Jmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5SZTogW3NpcGNvcmVdIEFsZXhleSBNZWxuaWtv didzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xMjog KHdpdGggQ09NTUVOVCk8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPkhpLDxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDtUaGlzIElN UyBiZWhhdmlvciB3b3VsZCBoYXZlIGJlZW4gaW4gdmlvbGF0aW9uIG9mIFJGQzMyNjEgd2hpY2gg c3BlY2lmaWVkIGV4YWN0bHkgMzIgSGV4IGNoYXJhY3RlcnMuPC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1V UyI+Jmd0O1NvLCB0aGlzIGNoYW5nZSBzaG91bGQgbm90IG1ha2UgbXVjaCBvZiZuYnNwO2EgZGlm ZmVyZW5jZSBpbiB0aGlzIGNhc2UuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFu PjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1V UyI+SW4gcmVhbGl0eSBpdCBwcm9iYWJseSBkb2VzbuKAmXQgbWFrZSBhIGRpZmZlcmVuY2UsIGJ1 dCBpdCB3b3VsZCBtYWtlIHRoZSBJTVMgcHJvY2VkdXJlcyDigJxhbGlnbmVk4oCdIHdpdGggdGhl IElFVEYgc3BlYy48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNw Ozwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFu Zz0iRU4tVVMiPkNocmlzdGVyPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+ Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9t LWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4t VVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvIj5PbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5OjM3IEFNIENocmlzdGVyIEhv bG1iZXJnICZsdDs8YSBocmVmPSJtYWlsdG86Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29t IiB0YXJnZXQ9Il9ibGFuayI+Y2hyaXN0ZXIuaG9sbWJlcmdAZXJpY3Nzb24uY29tPC9hPiZndDsg d3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6 bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20g Ni4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNt O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBs YW5nPSJFTi1VUyI+SGksPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+VGhlIHJlYXNvbiBmb3IgdGhl IGVtcHR5IHZhbHVlIGNvbWVzIGZyb20gSU1TIGFuZCBBS0EsIHdoZXJlIHlvdSBuZWVkIHRvIGlu Y2x1ZGUgdGhlIHVzZXIgaWQgYWxyZWFkeSBpbiB0aGUgaW5pdGlhbCBSRUdJU1RFUiByZXF1ZXN0 ICh0aGlzIHNlZW1zIHRvIGJlIG1pc3NpbmcNCiBmcm9tIFJGQyAzMzEwLCBidXQgdGhhdOKAmXMg YSBzZXBhcmF0ZSB0b3BpYykgaW4gb3JkZXIgZm9yIHRoZSBzZXJ2ZXIgdG8gY3JlYXRlIHRoZSBj aGFsbGVuZ2UsJm5ic3A7IG1lYW5pbmcgdGhhdCBpbiB0aGUgaW5pdGlhbCBSRUdJU1RFUiByZXF1 ZXN0IHlvdSBpbmNsdWRlIGFuIEF1dGhvcml6YXRpb24gaGVhZGVyIGZpZWxkIHdpdGggdGhlIHVz ZXJuYW1lIHBhcmFtZXRlciBjYXJyeWluZyB0aGUgSU1TIHByaXZhdGUgdXNlciBpZGVudGl0eSwg dGhlIHJlYWxtDQogcGFyYW1ldGVyIGFuZCB0aGUgdXJpIHBhcmFtZXRlci4gQXQgdGhpcyBwb2lu dCB5b3Ugb2J2aW91c2x5IGRvbuKAmXQgeWV0IGhhdmUgdGhlIHJlc3BvbnNlLCBzbyBpbiBJTVMg aXQgaXMgc3BlY2lmaWVkIHRoYXQgdGhlIHJlc3BvbnNlIHBhcmFtZXRlciBpcyBpbnNlcnRlZCB3 aXRoIGFuIGVtcHR5IHZhbHVlLjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gbGFuZz0iRU4tVVMiPldIWSBpdCB3YXMgc3Bl Y2lmaWVkIHRoYXQgd2F5IChpbnN0ZWFkIG9mIHNpbXBseSBub3QgaW5jbHVkaW5nIHRoZSByZXNw b25zZSBwYXJhbWV0ZXIpIEkgZG9u4oCZdCBrbm93LCBidXQgSSBkbyBrbm93IHRoYXQgaXQgaGFz IGJlZW4gaW1wbGVtZW50ZWQgYW5kIGRlcGxveWVkIHRoYXQNCiB3YXkgZm9yIG1hbnkgeWVhcnMu PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj48c3BhbiBsYW5n PSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj48c3BhbiBsYW5nPSJFTi1VUyI+UmVnYXJkcyw8L3NwYW4+PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj4mbmJzcDs8L3NwYW4+PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxzcGFuIGxhbmc9IkVOLVVTIj5D aHJpc3Rlcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERG IDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+RnJvbToNCjwv c3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPnNpcGNv cmUgJmx0OzxhIGhyZWY9Im1haWx0bzpzaXBjb3JlLWJvdW5jZXNAaWV0Zi5vcmciIHRhcmdldD0i X2JsYW5rIj5zaXBjb3JlLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBvbiBiZWhhbGYgb2YgUmlm YWF0IFNoZWtoLVl1c2VmICZsdDs8YSBocmVmPSJtYWlsdG86cmlmYWF0LmlldGZAZ21haWwuY29t IiB0YXJnZXQ9Il9ibGFuayI+cmlmYWF0LmlldGZAZ21haWwuY29tPC9hPiZndDs8YnI+DQo8Yj5E YXRlOiA8L2I+VGh1cnNkYXksIDMxIE9jdG9iZXIgMjAxOSBhdCAxNS4yMDxicj4NCjxiPlRvOiA8 L2I+QWxleGV5IE1lbG5pa292ICZsdDs8YSBocmVmPSJtYWlsdG86YWFtZWxuaWtvdkBmYXN0bWFp bC5mbSIgdGFyZ2V0PSJfYmxhbmsiPmFhbWVsbmlrb3ZAZmFzdG1haWwuZm08L2E+Jmd0Ozxicj4N CjxiPkNjOiA8L2I+JnF1b3Q7PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmUtY2hhaXJzQGlldGYub3Jn IiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmc8L2E+JnF1b3Q7ICZsdDs8 YSBocmVmPSJtYWlsdG86c2lwY29yZS1jaGFpcnNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5z aXBjb3JlLWNoYWlyc0BpZXRmLm9yZzwvYT4mZ3Q7LCAmcXVvdDs8YSBocmVmPSJtYWlsdG86ZHJh ZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5k cmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZUBpZXRmLm9yZzwvYT4mcXVvdDsNCiAmbHQ7 PGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lQGlldGYub3Jn IiB0YXJnZXQ9Il9ibGFuayI+ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWVAaWV0Zi5v cmc8L2E+Jmd0OywgJnF1b3Q7PGEgaHJlZj0ibWFpbHRvOmllc2dAaWV0Zi5vcmciIHRhcmdldD0i X2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmllc2dA aWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5pZXNnQGlldGYub3JnPC9hPiZndDssDQogJnF1b3Q7 PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zaXBjb3Jl QGlldGYub3JnPC9hPiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNpcGNvcmVAaWV0Zi5vcmci IHRhcmdldD0iX2JsYW5rIj5zaXBjb3JlQGlldGYub3JnPC9hPiZndDs8YnI+DQo8Yj5TdWJqZWN0 OiA8L2I+UmU6IFtzaXBjb3JlXSBBbGV4ZXkgTWVsbmlrb3YncyBObyBPYmplY3Rpb24gb24gZHJh ZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTI6ICh3aXRoIENPTU1FTlQpPC9zcGFuPjxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ RG9uZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5P biBUaHUsIE9jdCAzMSwgMjAxOSBhdCA5OjEzIEFNIEFsZXhleSBNZWxuaWtvdiAmbHQ7PGEgaHJl Zj0ibWFpbHRvOmFhbWVsbmlrb3ZAZmFzdG1haWwuZm0iIHRhcmdldD0iX2JsYW5rIj5hYW1lbG5p a292QGZhc3RtYWlsLmZtPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEu MHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRv cDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87 bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFRodSwgT2N0IDMxLCAyMDE5LCBhdCAxOjEx IFBNLCBSaWZhYXQgU2hla2gtWXVzZWYgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiIGlk PSJnbWFpbC1tXy04NDY3NTI4NzAzNjM2MjUwNjQwZ21haWwtbV8tNjU1NDg2OTU2MTM5NzEzNDEy MmdtYWlsLW1fLTg0MDUwNzk3Mzg1NDk0Mzg3MDZxdCI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+SGkgQWxleGV5LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SSBhbSBmaW5lIHdpdGggUGF1bCdzIHN1Z2dlc3Rp b24uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PkFyZSB5b3Ugb2sgd2l0aCZuYnNwOzxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+JnF1b3Q7MzIq TEhFWCZxdW90Oz88L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9j a3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+WWVzITxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmsgeW91LDxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5BbGV4 ZXk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6 NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCIgaWQ9ImdtYWlsLW1fLTg0Njc1Mjg3MDM2MzYyNTA2 NDBnbWFpbC1tXy02NTU0ODY5NTYxMzk3MTM0MTIyZ21haWwtbV8tODQwNTA3OTczODU0OTQzODcw NnF0Ij4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+UmVnYXJkcyw8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7UmZhYXQ8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5PbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA3OjIy IEFNIEFsZXhleSBNZWxuaWtvdiAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFhbWVsbmlrb3ZAZmFzdG1h aWwuZm0iIHRhcmdldD0iX2JsYW5rIj5hYW1lbG5pa292QGZhc3RtYWlsLmZtPC9hPiZndDsgd3Jv dGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9u ZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4w cHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21h cmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj5IaSBSaWZhYXQsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5PbiBXZWQsIE9jdCAzMCwgMjAxOSwgYXQgOTo1MCBQTSwgUmlmYWF0 IFNoZWtoLVl1c2VmIHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBz dHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0IiBpZD0iZ21haWwtbV8t ODQ2NzUyODcwMzYzNjI1MDY0MGdtYWlsLW1fLTY1NTQ4Njk1NjEzOTcxMzQxMjJnbWFpbC1tXy04 NDA1MDc5NzM4NTQ5NDM4NzA2cXQtZ21haWwtbV8tNjYzNjA0MjM1OTIxMDg1MjkyNXF0Ij4NCjxk aXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+VGhhbmtzIEFsZXhleSE8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PkkgYW0gZmluZSB3aXRoIHRoZSBmaXJzdCB0d28gY29tbWVudHMsIGFuZCB3aWxsIGZpeCB0aGVz ZSBpbiB0aGUgY29taW5nIHZlcnNpb24gb2YgdGhlIGRvY3VtZW50LjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9w LWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5JIGFtIG5v dCBzdXJlIEkgZm9sbG93IHRoZSAzcmQgb25lLiBXaHkgZG8geW91IHNlZSB0aGUgbmVlZCBmb3Ig YSBtaW5pbXVtIG51bWJlciBvZiBoZXggZGlnaXRzPzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPllvdSBk byBzYXkgdGhhdCB0aGUgbnVtYmVyIG9mIGhleCBkaWdpdHMgbWF0Y2ggdGhlIGhhc2ggbGVuZ2h0 LCBzbyBpdCBpcyBwcm9iYWJseSBPay4gSG93ZXZlciBlbXB0eSB2YWx1ZSBpcyBuZXZlciB2YWxp ZCAoYW5kIEkgYW0gd29ycmllZCBpdCBtaWdodCBoaXQgc29tZSBib3VuZGFyeSBjb25kaXRpb24g YnVnDQogaW4gaW1wbGVtZW50YXRpb25zKSwgc28gcHJvaGliaXRpbmcgaXQgaW4gQUJORiB3b3Vs ZCBiZSB0aGUgYmVzdC48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG8iPkJlc3QgUmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+QWxleGV5PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQi IGlkPSJnbWFpbC1tXy04NDY3NTI4NzAzNjM2MjUwNjQwZ21haWwtbV8tNjU1NDg2OTU2MTM5NzEz NDEyMmdtYWlsLW1fLTg0MDUwNzk3Mzg1NDk0Mzg3MDZxdC1nbWFpbC1tXy02NjM2MDQyMzU5MjEw ODUyOTI1cXQiPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNv LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5SZWdh cmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4mbmJzcDtSaWZhYXQ8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPk9uIFdl ZCwgT2N0IDMwLCAyMDE5IGF0IDE6MTYgUE0gQWxleGV5IE1lbG5pa292IHZpYSBEYXRhdHJhY2tl ciAmbHQ7PGEgaHJlZj0ibWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5u b3JlcGx5QGlldGYub3JnPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0NDIDEu MHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2luLXRv cDo1LjBwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+QWxleGV5IE1lbG5pa292IGhhcyBlbnRlcmVkIHRoZSBmb2xs b3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj5kcmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0x MjogTm8gT2JqZWN0aW9uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj5XaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0 IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRo ZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXM8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRv cC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+aW50cm9kdWN0b3J5IHBhcmFn cmFwaCwgaG93ZXZlci4pPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4t Ym90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+UGxlYXNlIHJlZmVyIHRvDQo8YSBocmVmPSJodHRwczovL3d3 dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwiIHRhcmdldD0i X2JsYW5rIj4NCmh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3Jp dGVyaWEuaHRtbDwvYT48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0byI+Zm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBD T01NRU5UIHBvc2l0aW9ucy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJv dHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdp bi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFs bG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1 dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLyIgdGFyZ2V0 PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lw Y29yZS1kaWdlc3Qtc2NoZW1lLzwvYT48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJn aW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5DT01NRU5UOjxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvIj5JIGFtIGFncmVlaW5nIHdpdGggQWxpc3NhJ3MgRElTQ1VTUy48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPkFsc28sIEkgaGF2 ZSBhIGZldyBjb21tZW50cyBvZiBteSBvd246PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRv O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4xKSBMYXN0IHBhcmEgb2YgU2VjdGlvbiAyLjE6 PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZu YnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv Ij4yLjEuJm5ic3A7IEhhc2ggQWxnb3JpdGhtczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO0EgVUFTIHByaW9yaXRp emVzIHdoaWNoIGFsZ29yaXRobSB0byB1c2UgYmFzZWQgb24gdGhlIG9yZGVyaW5nIG9mIHRoZTxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDsgJm5ic3A7Y2hhbGxlbmdlIGhlYWRlciBmaWVsZHMgaW4gdGhlIHJlc3BvbnNlIGl0IGlzIHBy ZXBhcmluZy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG8iPlRoaXMgbG9va3MgZWl0aGVyIHdyb25nIG9yIGNvbmZ1c2luZyB0byBtZS4gSSB0 aGluayB5b3UgYXJlIGp1c3Qgc2F5aW5nIGhlcmU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+dGhhdCB0aGUgb3JkZXIgaXMgZGVjaWRlZCBieSB0 aGUgc2VydmVyIGF0IHRoaXMgcG9pbnQuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1h cmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7VGhhdDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7cHJv Y2VzcyBpcyBzcGVjaWZpZWQgaW4gc2VjdGlvbiAyLjMgYW5kIHBhcmFsbGVscyB0aGUgcHJvY2Vz cyB1c2VkIGluPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0 OmF1dG8iPiZuYnNwOyAmbmJzcDtIVFRQIHNwZWNpZmllZCBieSBbUkZDNzYxNl0uPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5TbyBiYXNl ZCBvbiB0aGUgYWJvdmUsIG15IHN1Z2dlc3RlZCByZXBsYWNlbWVudCBmb3IgYm90aCBzZW50ZW5j ZXM6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8i PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj4mbmJzcDsgJm5ic3A7QSBVQVMgcHJpb3JpdGl6ZXMgd2hpY2ggYWxnb3JpdGhtIHRvIHVz ZSBiYXNlZCBvbiBpdHMgcG9saWN5LDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJn aW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7d2hpY2ggaXMgc3BlY2lmaWVkIGluIHNl Y3Rpb24gMi4zIGFuZCBwYXJhbGxlbHMgdGhlIHByb2Nlc3MgdXNlZCBpbjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7SFRU UCBzcGVjaWZpZWQgYnkgW1JGQzc2MTZdLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1t YXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bztt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+MikgTGFzdCBwYXJhIG9mIFNlY3Rpb24gMi40Ojxv OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+ Jm5ic3A7ICZuYnNwO0lmIHRoZSBVQUMgY2Fubm90IHJlc3BvbmQgdG8gYW55IG9mIHRoZSBjaGFs bGVuZ2VzIGluIHRoZSByZXNwb25zZSw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO3RoZW4gaXQgU0hPVUxEIGFiYW5kb24g YXR0ZW1wdHMgdG8gc2VuZCB0aGUgcmVxdWVzdCB1bmxlc3MgYSBsb2NhbDxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDsgJm5ic3A7cG9s aWN5IGRpY3RhdGVzIG90aGVyd2lzZS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPklzIHRyeWluZyBvdGhlciBub24gRGlnZXN0IGFsZ29y aXRobXMgY292ZXJlZCBieSAmcXVvdDtTSE9VTEQgYWJhbmRvbiZxdW90Oz88bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+SWYgeWVzLCBtYXliZSB5 b3Ugc2hvdWxkIG1ha2UgdGhpcyBjbGVhcmVyLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO0ZvciBleGFtcGxlLCBp ZiB0aGUgVUFDIGRvZXMgbm90IGhhdmU8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO2NyZWRlbnRpYWxzIG9yIGhhcyBzdGFs ZSBjcmVkZW50aWFscyBmb3IgYW55IG9mIHRoZSByZWFsbXMsIHRoZSBVQUM8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNwO3dp bGwgYWJhbmRvbiB0aGUgcmVxdWVzdC48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFy Z2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNv LW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjMpIEluIFNlY3Rpb24gMi43OjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4t dG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFy Z2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7ICZuYnNw OyAmbmJzcDsgcmVxdWVzdC1kaWdlc3QgPSBMRFFVT1QgKkxIRVggUkRRVU9UPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdp bi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj5UaGlzIG5vdyBh bGxvd3MgZW1wdHkgdmFsdWUuIEkgc3VnZ2VzdCB5b3Ugc3BlY2lmeSBhIG1pbmltdW0gbnVtYmVy IG9mIGhleDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDph dXRvIj5kaWdpdHMgYWxsb3dlZCBpbiB0aGUgQUJORi4gT3IgYXQgbGVhc3QgY2hhbmdlICZxdW90 OypMSEVYJnF1b3Q7IHRvICZxdW90OzIqTEhFWCZxdW90Oy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6 YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3At YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPiZuYnNwOzxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+ DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1t YXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvIj4mbmJzcDs8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2 Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N CjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_2B1C666E171849B2AECAB2759BEE6872ericssoncom_-- From nobody Thu Oct 31 11:02:59 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CBC71200E6 for ; Thu, 31 Oct 2019 11:02:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Il5z4jq1e0tA for ; Thu, 31 Oct 2019 11:02:55 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03E8212008B for ; Thu, 31 Oct 2019 11:02:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XpHQrupYpPi5eJ0prxtIfAw/JZ+7n5Yx4D0/RCQwnfqpK9NDnC3zoFgm4WUqu+3M7xJl0Qg7R5Lim0dR7c8RXAoyb4Wc8ZzyuW6a0N3zcGV2O6pKn4zjCeHcTTeURVuK4GLPe647WpbfbdUQhHfkmMgucp4K6o6CPmf20WBnipyAD4d2P1vNLkgX4L7K6X7t+chZqBR3gk12QwUMlEJZ/1S288sKkwgCimt9e5+tqFZi5GK66rs3j2W17RgS1io+WWGN0oA2OZyDJGa3tcSqqZVlj3nl5bEQPtyVuyXHOn6uR82Dc8qwGptGxwECoFiaIcXnAV786RvM2yB17TPX8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PLNTffbKAxu1Rf0oe/sSe4NBZTG2MqLnw6jhXJO+h6Q=; b=glDdXZU8cfzTlpO/ntSLBgOMsi5OzElnv0115b3mZKLGVAiAi5h6RAd5+QwdrDdDzdKTrghvETS7NFy2eHqiktSEesDSlu31Bon7hXHaFIehqW6BY8hU7ZDrVg9QMcPIOvJXuSCqWtfJTqgo7NnWWIycik842Www5ZibdZ2wEftk6sG1A+6BLffh46rnb8H5zUmseURNm72mqbZXdwKadanpMtgKE1Mn0MYXecD/07VtHcRuiwD7+PGEBLjOHB0UjQ/N4kNyBKlPnEU9Mvn3JdikZtKJFkek+dCGXGWYTDBlgUtjH1S3B+5JVbWdLEHA4HTHDUE4Pk6zsgXPcT2lCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PLNTffbKAxu1Rf0oe/sSe4NBZTG2MqLnw6jhXJO+h6Q=; b=k/4Z+FSZNsmekRvSOTjWOJDYe/YWs45LFj45ctfS0+RxA8DWnkFexj2gu375IcC382rsgVMepGnaQrXyNW0jdXiL2PQwZxiatUHcWuAUo1IcvfDnjnL773gNlOD9KBqktgAGdUC6BS6WRWMnjyidrwK/d2kTXwaaknz6QwNdzOU= Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3066.eurprd07.prod.outlook.com (10.170.246.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.15; Thu, 31 Oct 2019 18:02:52 +0000 Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5499:1231:e707:4cb7%7]) with mapi id 15.20.2408.016; Thu, 31 Oct 2019 18:02:52 +0000 From: Christer Holmberg To: Maxim Sobolev , "sipcore@ietf.org" , Rifaat Shekh-Yusef Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt Thread-Index: AQHVj+36UkhoVX+J8UyXIPVAeq6wXKd1A9UAgAAoqIA= Date: Thu, 31 Oct 2019 18:02:52 +0000 Message-ID: References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com; x-originating-ip: [89.166.49.243] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 36eab5d6-b34b-40c9-e8bd-08d75e2c8c76 x-ms-traffictypediagnostic: HE1PR07MB3066: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(346002)(39860400002)(396003)(376002)(199004)(189003)(18543002)(8936002)(66574012)(54896002)(6246003)(58126008)(186003)(8676002)(26005)(36756003)(256004)(102836004)(14444005)(76176011)(2501003)(7736002)(476003)(236005)(110136005)(81156014)(99286004)(6512007)(229853002)(6486002)(6306002)(33656002)(53546011)(2616005)(6506007)(81166006)(446003)(6436002)(316002)(11346002)(6116002)(66946007)(86362001)(71190400001)(4001150100001)(2906002)(14454004)(25786009)(3846002)(486006)(5660300002)(66066001)(66446008)(478600001)(71200400001)(64756008)(66556008)(66476007)(606006)(966005)(44832011)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3066; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: VGYbxNXvqR8V5O8wQfPQ7IKZIPw1LO5WLNh6wmT8w38iLJz/FZIB3GXI9XkloiYpULfGQPow1Zb70mRkuoWUecutsTRzus896yN640uVGP45DFhGYf8AUhG2JXOIz6A/ip/xRlORyLkT7/LfRz+EtgvE1z6UrEfvBkgZq9LmnyfpXBFZJ6tvE6qhw15lhTvjbLnqx3a5U+vCUZvFXyrL+ZKj3ri8XS3DZwSH6ZJnTaAY50aH/x0yqSIYB7gqzOHjx+6yQpLA9gEjqNeGvnEnWjh8XTbBBHHljaD2Uk3VEhlXwJVBN93EDTFFXzMkx8hVX02U+vYmwScqx1jBDxQ/HtQ0A7pJhswqmGHXbRZkRG1E7GlsYkoW4veIY98k9jh1hkDJWPQksW1WkX3ORSUxPz7W1A+jRdDLVY2+PYbQskB/uT/ms6+GlTSTgMeNBTjWfuXR5klPmhvdZ+L1FXVlYxCOi0d8WUYKAfzbUyaTVuQ= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_B38F725DE3F94D5BA310A5F3716E2EE3ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 36eab5d6-b34b-40c9-e8bd-08d75e2c8c76 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 18:02:52.2360 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FoZ2zsIE+Um6m54oPc/3KwV2+ZK3rehURv1l/qlZkUCZTfmSTjpgM9bZUcFITiWWp+hQ9mo5m1A813N1ulMt/Zl1LuKpbkbJsIEJgVi3G5Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3066 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 18:02:58 -0000 --_000_B38F725DE3F94D5BA310A5F3716E2EE3ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgTWF4LA0KDQo+IDIuLiBXb3VsZCBiZSBuaWNlIHRvIGhhdmUgc29tZSBleGFtcGxlcywgZXNw ZWNpYWxseSBXUlQgbXVsdGlwbGUgYWx0ZXJuYXRpdmUgYWxnb3JpdGhtcy4gV2hhdCBJIGRvbid0 IGxpa2UgYWJvdXQgUkZDNzYxNiAod2hpY2ggdGhpcyBSRkMgYnVpbGRzIHVwb24pLA0KPiB0aG91 Z2gsIGlzIHRoYXQgdGhleSBhcHBlYXIgdG8gc3VnZ2VzdCB1c2luZyB0aGUgc2FtZSBub25jZSBm b3IgYWxsIGFsdGVybmF0aXZlcy4gSXMgaXQgcmVhbGx5IHJlcXVpcmVkIGZvciB0aGUgZnVuY3Rp b25hbGl0eSBvciBub3Q/IEZvciB0aGUgc2FtZSBhbW91bnQNCj4gb2YgbmV0d29yayBCVyB1c2Vk LCB5b3UgbWF5IHByb3ZpZGUgbW9yZSByYW5kb20gYml0cyBhbmQgbWFrZSBhdHRhY2tlcidzIGxp ZmUgbWF5YmUgYSBiaXQgaGFyZGVyLiBBbHNvLCBJIGFtIG5vdCBhIHNlY3VyaXR5IGV4cGVydCwg YnV0IGl0IGFwcGVhcnMNCj4gaW50dWl0aXZlbHkgY29ycmVjdCB0aGF0IGEgaGFzaCBmdW5jdGlv biB3aXRoIGEgbG9uZ2VyIG91dHB1dCBtaWdodCByZXF1aXJlIG1vcmUgc2FsdCBiaXRzLCBzbyB5 b3UgbWlnaHQgYWN0dWFsbHkgc2F2ZSBzb21lIEJXIGJ5IHN1cHBseWluZyBlYWNoIGFsZ29yaXRo bQ0KPiB3aXRoIGp1c3QgdGhlIHJpZ2h0IGFtb3VudCBvZiByYW5kb21uZXNzIHRoaXMgd2F5Lg0K DQpOb3RlIHRoYXQgaXQgaXMgbm90IHdpdGhpbiB0aGUgc2NvcGUgb2YgdGhpcyBkcmFmdCB0byBm aXggZ2VuZXJpYyBEaWdlc3QgaXNzdWVzIGZvdW5kIGluIFJGQzc2MTYuDQoNClJlZ2FyZHMsDQoN CkNocmlzdGVyDQoNCg0KDQpPbiBUaHUsIE9jdCAzMSwgMjAxOSBhdCA2OjIwIEFNIDxpbnRlcm5l dC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZz4+IHdyb3Rl Og0KDQpBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGluZSBJ bnRlcm5ldC1EcmFmdHMgZGlyZWN0b3JpZXMuDQpUaGlzIGRyYWZ0IGlzIGEgd29yayBpdGVtIG9m IHRoZSBTZXNzaW9uIEluaXRpYXRpb24gUHJvdG9jb2wgQ29yZSBXRyBvZiB0aGUgSUVURi4NCg0K ICAgICAgICBUaXRsZSAgICAgICAgICAgOiBUaGUgU2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29s IChTSVApIERpZ2VzdCBBdXRoZW50aWNhdGlvbiBTY2hlbWUNCiAgICAgICAgQXV0aG9yICAgICAg ICAgIDogUmlmYWF0IFNoZWtoLVl1c2VmDQogICAgICAgIEZpbGVuYW1lICAgICAgICA6IGRyYWZ0 LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTE0LnR4dA0KICAgICAgICBQYWdlcyAgICAgICAg ICAgOiA5DQogICAgICAgIERhdGUgICAgICAgICAgICA6IDIwMTktMTAtMzENCg0KQWJzdHJhY3Q6 DQogICBUaGlzIGRvY3VtZW50IHVwZGF0ZXMgUkZDIDMyNjEgYnkgdXBkYXRpbmcgdGhlIERpZ2Vz dCBBY2Nlc3MNCiAgIEF1dGhlbnRpY2F0aW9uIHNjaGVtZSB1c2VkIGJ5IHRoZSBTZXNzaW9uIElu aXRpYXRpb24gUHJvdG9jb2wgKFNJUCkNCiAgIHRvIGFkZCBzdXBwb3J0IGZvciBtb3JlIHNlY3Vy ZSBkaWdlc3QgYWxnb3JpdGhtcywgZS5nLiwgU0hBLTI1NiBhbmQNCiAgIFNIQS01MTItMjU2LCB0 byByZXBsYWNlIHRoZSBicm9rZW4gTUQ1IGFsZ29yaXRobS4NCg0KDQpUaGUgSUVURiBkYXRhdHJh Y2tlciBzdGF0dXMgcGFnZSBmb3IgdGhpcyBkcmFmdCBpczoNCmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLw0KDQpUaGVyZSBh cmUgYWxzbyBodG1saXplZCB2ZXJzaW9ucyBhdmFpbGFibGUgYXQ6DQpodHRwczovL3Rvb2xzLmll dGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTQNCmh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1z Y2hlbWUtMTQNCg0KQSBkaWZmIGZyb20gdGhlIHByZXZpb3VzIHZlcnNpb24gaXMgYXZhaWxhYmxl IGF0Og0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2lwY29y ZS1kaWdlc3Qtc2NoZW1lLTE0DQoNCg0KUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNv dXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbg0KdW50aWwgdGhlIGh0 bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRmLm9yZzxo dHRwOi8vdG9vbHMuaWV0Zi5vcmc+Lg0KDQpJbnRlcm5ldC1EcmFmdHMgYXJlIGFsc28gYXZhaWxh YmxlIGJ5IGFub255bW91cyBGVFAgYXQ6DQpmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJh ZnRzLw0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0K c2lwY29yZSBtYWlsaW5nIGxpc3QNCnNpcGNvcmVAaWV0Zi5vcmc8bWFpbHRvOnNpcGNvcmVAaWV0 Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUNCg0K --_000_B38F725DE3F94D5BA310A5F3716E2EE3ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <89BF879205BF004788F1A7A1187F9233@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzAu ODVwdCAyLjBjbSA3MC44NXB0IDIuMGNtO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkZJIiBsaW5rPSJi bHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkhp IE1heCw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiPiZndDsgMi4uIFdvdWxkIGJlIG5pY2UgdG8gaGF2ZSBzb21lIGV4YW1wbGVzLCBlc3BlY2lh bGx5IFdSVCBtdWx0aXBsZSBhbHRlcm5hdGl2ZSBhbGdvcml0aG1zLg0KPC9zcGFuPldoYXQgSSBk b24ndCBsaWtlIGFib3V0IFJGQzc2MTYgKHdoaWNoIHRoaXMgUkZDIGJ1aWxkcyB1cG9uKSwgPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0 OyB0aG91Z2gsIGlzIHRoYXQgdGhleSBhcHBlYXIgdG8gc3VnZ2VzdCB1c2luZyB0aGUgc2FtZSBu b25jZSBmb3IgYWxsIGFsdGVybmF0aXZlcy4NCjwvc3Bhbj5JcyBpdCByZWFsbHkgcmVxdWlyZWQg Zm9yIHRoZSBmdW5jdGlvbmFsaXR5IG9yIG5vdD8gRm9yIHRoZSBzYW1lIGFtb3VudCZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZn dDsgPC9zcGFuPjxzcGFuIGxhbmc9IkVOLVVTIj5vZiBuZXR3b3JrIEJXIHVzZWQsIHlvdSBtYXkg cHJvdmlkZSBtb3JlIHJhbmRvbSBiaXRzIGFuZCBtYWtlIGF0dGFja2VyJ3MgbGlmZSBtYXliZSBh IGJpdCBoYXJkZXIuIEFsc28sIEkgYW0gbm90IGEgc2VjdXJpdHkgZXhwZXJ0LCBidXQgaXQgYXBw ZWFyczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj4mZ3Q7IDwvc3Bhbj48c3BhbiBsYW5nPSJFTi1VUyI+aW50dWl0aXZlbHkgY29y cmVjdCB0aGF0IGEgaGFzaCBmdW5jdGlvbiZuYnNwO3dpdGggYSBsb25nZXIgb3V0cHV0IG1pZ2h0 IHJlcXVpcmUgbW9yZSBzYWx0IGJpdHMsIHNvIHlvdSBtaWdodCBhY3R1YWxseSBzYXZlIHNvbWUg QlcgYnkgc3VwcGx5aW5nIGVhY2ggYWxnb3JpdGhtPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZndDsgPC9zcGFuPjxzcGFuIGxh bmc9IkVOLVVTIj53aXRoIGp1c3QgdGhlIHJpZ2h0IGFtb3VudCBvZiByYW5kb21uZXNzIHRoaXMg d2F5LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxh bmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Tm90ZSB0aGF0IGl0IGlzIG5vdCB3aXRoaW4gdGhlIHNj b3BlIG9mIHRoaXMgZHJhZnQgdG8gZml4IGdlbmVyaWMgRGlnZXN0IGlzc3VlcyBmb3VuZCBpbiBS RkM3NjE2Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5SZWdhcmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ Q2hyaXN0ZXI8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+T24gVGh1LCBPY3QgMzEsIDIwMTkgYXQgNjoyMCBB TSAmbHQ7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmciIHRh cmdldD0iX2JsYW5rIj48c3BhbiBsYW5nPSJFTi1VUyI+aW50ZXJuZXQtZHJhZnRzQGlldGYub3Jn PC9zcGFuPjwvYT48c3BhbiBsYW5nPSJFTi1VUyI+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVm dDpzb2xpZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxl ZnQ6NC44cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBs YW5nPSJFTi1VUyI+PGJyPg0KPC9zcGFuPkEgTmV3IEludGVybmV0LURyYWZ0IGlzIGF2YWlsYWJs ZSBmcm9tIHRoZSBvbi1saW5lIEludGVybmV0LURyYWZ0cyBkaXJlY3Rvcmllcy48YnI+DQpUaGlz IGRyYWZ0IGlzIGEgd29yayBpdGVtIG9mIHRoZSBTZXNzaW9uIEluaXRpYXRpb24gUHJvdG9jb2wg Q29yZSBXRyBvZiB0aGUgSUVURi48YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgVGl0bGUmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOzogVGhlIFNl c3Npb24gSW5pdGlhdGlvbiBQcm90b2NvbCAoU0lQKSBEaWdlc3QgQXV0aGVudGljYXRpb24gU2No ZW1lPGJyPg0KJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IEF1dGhvciZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgOiBSaWZhYXQgU2hla2gtWXVzZWY8YnI+DQombmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgRmlsZW5hbWUmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgOiBk cmFmdC1pZXRmLXNpcGNvcmUtZGlnZXN0LXNjaGVtZS0xNC50eHQ8YnI+DQombmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgUGFnZXMmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOzogOTxicj4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBEYXRlJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgOiAyMDE5LTEwLTMxPGJyPg0KPGJyPg0KQWJz dHJhY3Q6PGJyPg0KJm5ic3A7ICZuYnNwO1RoaXMgZG9jdW1lbnQgdXBkYXRlcyBSRkMgMzI2MSBi eSB1cGRhdGluZyB0aGUgRGlnZXN0IEFjY2Vzczxicj4NCiZuYnNwOyAmbmJzcDtBdXRoZW50aWNh dGlvbiBzY2hlbWUgdXNlZCBieSB0aGUgU2Vzc2lvbiBJbml0aWF0aW9uIFByb3RvY29sIChTSVAp PGJyPg0KJm5ic3A7ICZuYnNwO3RvIGFkZCBzdXBwb3J0IGZvciBtb3JlIHNlY3VyZSBkaWdlc3Qg YWxnb3JpdGhtcywgZS5nLiwgU0hBLTI1NiBhbmQ8YnI+DQombmJzcDsgJm5ic3A7U0hBLTUxMi0y NTYsIHRvIHJlcGxhY2UgdGhlIGJyb2tlbiBNRDUgYWxnb3JpdGhtLjxicj4NCjxicj4NCjxicj4N ClRoZSBJRVRGIGRhdGF0cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOjxicj4N CjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lw Y29yZS1kaWdlc3Qtc2NoZW1lLyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLzwvYT48YnI+DQo8 YnI+DQpUaGVyZSBhcmUgYWxzbyBodG1saXplZCB2ZXJzaW9ucyBhdmFpbGFibGUgYXQ6PGJyPg0K PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1k aWdlc3Qtc2NoZW1lLTE0IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9o dG1sL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTE0PC9hPjxicj4NCjxhIGhyZWY9 Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zaXBjb3Jl LWRpZ2VzdC1zY2hlbWUtMTQiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2lwY29yZS1kaWdlc3Qtc2NoZW1lLTE0PC9hPjxi cj4NCjxicj4NCkEgZGlmZiBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uIGlzIGF2YWlsYWJsZSBh dDo8YnI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQt aWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUtMTQiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3 dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQtaWV0Zi1zaXBjb3JlLWRpZ2VzdC1zY2hlbWUt MTQ8L2E+PGJyPg0KPGJyPg0KPGJyPg0KUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNv dXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbjxicj4NCnVudGlsIHRo ZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQgPGEgaHJlZj0iaHR0 cDovL3Rvb2xzLmlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+DQp0b29scy5pZXRmLm9yZzwvYT4u PGJyPg0KPGJyPg0KSW50ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBieSBhbm9ueW1v dXMgRlRQIGF0Ojxicj4NCjxhIGhyZWY9ImZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFm dHMvIiB0YXJnZXQ9Il9ibGFuayI+ZnRwOi8vZnRwLmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy88 L2E+PGJyPg0KPGJyPg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX188YnI+DQpzaXBjb3JlIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpzaXBj b3JlQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lwY29yZUBpZXRmLm9yZzwvYT48YnI+DQo8 YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNvcmUiIHRh cmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpcGNv cmU8L2E+PG86cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8 L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_B38F725DE3F94D5BA310A5F3716E2EE3ericssoncom_-- From nobody Thu Oct 31 14:30:39 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 271711208FC; Thu, 31 Oct 2019 14:30:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcpW4z-wbcHq; Thu, 31 Oct 2019 14:30:35 -0700 (PDT) Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D019120873; Thu, 31 Oct 2019 14:30:35 -0700 (PDT) Received: by mail-io1-xd31.google.com with SMTP id 18so8479742ion.6; Thu, 31 Oct 2019 14:30:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qEXEL3k7nKYQ0C/zIfdcYSTSweWBYdEVRGlbQMWJdIA=; b=bPEMTpF5pBeyPltOlb1FU6XS4lSbcIzO5kxCoRBQ2DVa9AQqtk9+ttfMIQh6uL5M9y uh96+mxxfKrLdFGfgVmMyQ4E1mrKmBe/fhpy3R3AlLU4FKyg9i0F2c6qBa0CfcwpqFa4 5RmC1NSZSOS4+ijjeF+1VjfL0GzNA0zTHtl0/QC7yhTkHYgLpxDq1TkN+vRsee1yjaE7 Igz4RYtaywcfAa0ZtgcUZtBuSBSaHZOx13FZKahXCZuCH4Xx/oAMdGdmhtRtxrsP65RT pA7A8tao0hxFWDKKjDVLImC+8TSBuFP7fncU8Pa6ZNk4Zg/2gPfUS8HTYH3oeqC2qvZv Kjiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qEXEL3k7nKYQ0C/zIfdcYSTSweWBYdEVRGlbQMWJdIA=; b=EVWg8LYqYybR0tj4zeuFXII65pJvFxUZlOvPHIuR9Uqx+nJSIoDCDyTS+R1ePq99J3 KPOwVyV28f3Qt8GZl4NdSdsuZ/ahFJCecuTDvvbT+dPJCQqeHnljotgssGwnHqTyCR7y kDv9RnWzW7lgnxlR/qFhgrZLce3NBwNbtVaf6i3HPmYR6WJBJ/TX5uj++nl3qyAFjDZk 0825UKZqrWaEvbbbzXr7pa4oJzZKVmSmqkDqM14onS/GahtJwInFZ9RufPviivGptKG1 wjjSWI7OZVuvS+HVIO8KZoz3Uu5FVgOkSHIjVNWW+5Kn6kBsxF3FxU19p3YGaC/cXNsT 3LRg== X-Gm-Message-State: APjAAAWyesyVZFA5mHgt3KTMFabwLi/E6PBFbzB35f7b8akAa2+EvgOj IuprlJdgDpkN+rZ192yn3HV50L0JfcQ0nu25LX8= X-Google-Smtp-Source: APXvYqzmFPTbDeZV8VNBFUCUyu+vte0FRVE+YoPc4XgRbg3pOaEvs52RQbkBMjN/CXc+8TeDhffdX0JH8N7tP5Fi4d0= X-Received: by 2002:a02:1c41:: with SMTP id c62mr4773479jac.132.1572557434692; Thu, 31 Oct 2019 14:30:34 -0700 (PDT) MIME-Version: 1.0 References: <157245577700.32490.10990766778571550817.idtracker@ietfa.amsl.com> <6ec209ae-72e9-4dd1-8d68-3ee1704f3d92@www.fastmail.com> <7B4921E1-66A3-4D6D-A943-8EC0F44195CC@ericsson.com> <4C17F34D-7046-4706-AE5C-FB7ADC4B1427@ericsson.com> <4EEBC37C-3C1B-42A9-883B-571FAE867C31@ericsson.com> <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> In-Reply-To: <2B1C666E-1718-49B2-AECA-B2759BEE6872@ericsson.com> From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 17:30:25 -0400 Message-ID: To: Christer Holmberg Cc: Christer Holmberg , "sipcore-chairs@ietf.org" , "draft-ietf-sipcore-digest-scheme@ietf.org" , The IESG , SIPCORE , Alexey Melnikov Content-Type: multipart/alternative; boundary="00000000000048a85805963b8f7d" Archived-At: Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-ietf-sipcore-digest-scheme-12: (with COMMENT) X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 21:30:38 -0000 --00000000000048a85805963b8f7d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I do not have a strong opinion here. Anybody has an opinion or thoughts about adding such a text? Regards, Rifaat On Thu, Oct 31, 2019 at 1:50 PM Christer Holmberg < christer.holmberg@ericsson.com> wrote: > Something like this: > > > > =E2=80=9CIn some cases a UAC needs to include an Authorization header fie= ld in a > request before it has received a challenge, in order to provide user > information (using the =E2=80=98userinfo=E2=80=99 header field parameter)= that is needed in > order to create the challenge. An example of such case is when the HTTP > Digest Authentication Using AKA mechanism (RFC3310) (RFC4169) is used. In > such case the Authorization header field would typically not contain a > =E2=80=98response=E2=80=99 header field parameter before a challenge resp= onse is provided. > However, for the IP Multimedia Subsystem (IMS) it has been specified that > the Authorization header field in such case does contain a =E2=80=98resp= onse=E2=80=99 > header field parameter, with an empty value (empty string). For that reas= on > the modified request-digest ABNF allows such empty values.=E2=80=9D > > > > Regards, > > > > Christer > > > > > > *From: *Rifaat Shekh-Yusef > *Date: *Thursday, 31 October 2019 at 19.22 > *To: *Christer Holmberg > *Cc: *Christer Holmberg , > "sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" , Alexey Melnikov < > aamelnikov@fastmail.fm> > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Can you propose some text? > > > > Thanks, > > Rifaat > > > > > > On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg < > christer.holmberg@ericsson.com> wrote: > > Hi, > > > > Perhaps we could add some text about the IMS use-case, in order to explai= n > the empty value? > > > > Regards, > > > > Christer > > > > *From: *sipcore on behalf of Christer Holmberg > > *Date: *Thursday, 31 October 2019 at 15.52 > *To: *Rifaat Shekh-Yusef > *Cc: *"sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" , Alexey Melnikov < > aamelnikov@fastmail.fm> > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Hi, > > > > >This IMS behavior would have been in violation of RFC3261 which specifie= d > exactly 32 Hex characters. > > >So, this change should not make much of a difference in this case. > > > > In reality it probably doesn=E2=80=99t make a difference, but it would ma= ke the > IMS procedures =E2=80=9Caligned=E2=80=9D with the IETF spec. > > > > Regards, > > > > Christer > > > > > > > > > > On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg < > christer.holmberg@ericsson.com> wrote: > > > > Hi, > > > > The reason for the empty value comes from IMS and AKA, where you need to > include the user id already in the initial REGISTER request (this seems t= o > be missing from RFC 3310, but that=E2=80=99s a separate topic) in order f= or the > server to create the challenge, meaning that in the initial REGISTER > request you include an Authorization header field with the username > parameter carrying the IMS private user identity, the realm parameter and > the uri parameter. At this point you obviously don=E2=80=99t yet have the= response, > so in IMS it is specified that the response parameter is inserted with an > empty value. > > > > WHY it was specified that way (instead of simply not including the > response parameter) I don=E2=80=99t know, but I do know that it has been > implemented and deployed that way for many years. > > > > Regards, > > > > Christer > > > > > > *From: *sipcore on behalf of Rifaat > Shekh-Yusef > *Date: *Thursday, 31 October 2019 at 15.20 > *To: *Alexey Melnikov > *Cc: *"sipcore-chairs@ietf.org" , " > draft-ietf-sipcore-digest-scheme@ietf.org" < > draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" , > "sipcore@ietf.org" > *Subject: *Re: [sipcore] Alexey Melnikov's No Objection on > draft-ietf-sipcore-digest-scheme-12: (with COMMENT) > > > > Done. > > > > On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov > wrote: > > On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef wrote: > > Hi Alexey, > > > > I am fine with Paul's suggestion. > > Are you ok with "32*LHEX"? > > Yes! > > > > Thank you, > > Alexey > > > > Regards, > > Rfaat > > > > > > On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov > wrote: > > > > Hi Rifaat, > > > > On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef wrote: > > Thanks Alexey! > > > > I am fine with the first two comments, and will fix these in the coming > version of the document. > > > > I am not sure I follow the 3rd one. Why do you see the need for a minimum > number of hex digits? > > You do say that the number of hex digits match the hash lenght, so it is > probably Ok. However empty value is never valid (and I am worried it migh= t > hit some boundary condition bug in implementations), so prohibiting it in > ABNF would be the best. > > > > Best Regards, > > Alexey > > > > Regards, > > Rifaat > > > > > > > > On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via Datatracker < > noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > > draft-ietf-sipcore-digest-scheme-12: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I am agreeing with Alissa's DISCUSS. > > > > Also, I have a few comments of my own: > > > > 1) Last para of Section 2.1: > > > > 2.1. Hash Algorithms > > > > A UAS prioritizes which algorithm to use based on the ordering of the > > challenge header fields in the response it is preparing. > > > > This looks either wrong or confusing to me. I think you are just saying > here > > that the order is decided by the server at this point. > > > > That > > process is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > So based on the above, my suggested replacement for both sentences: > > > > A UAS prioritizes which algorithm to use based on its policy, > > which is specified in section 2.3 and parallels the process used in > > HTTP specified by [RFC7616]. > > > > 2) Last para of Section 2.4: > > > > If the UAC cannot respond to any of the challenges in the response, > > then it SHOULD abandon attempts to send the request unless a local > > policy dictates otherwise. > > > > Is trying other non Digest algorithms covered by "SHOULD abandon"? > > If yes, maybe you should make this clearer. > > > > For example, if the UAC does not have > > credentials or has stale credentials for any of the realms, the UAC > > will abandon the request. > > > > 3) In Section 2.7: > > > > request-digest =3D LDQUOT *LHEX RDQUOT > > > > This now allows empty value. I suggest you specify a minimum number of he= x > > digits allowed in the ABNF. Or at least change "*LHEX" to "2*LHEX". > > > > > > > > > > --00000000000048a85805963b8f7d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I do not have a strong opinion here.

An= ybody has an opinion or thoughts about adding such a text?

Regards,
=C2=A0Rifaat


On Thu, Oct 31= , 2019 at 1:50 PM Christer Holmberg <christer.holmberg@ericsson.com> wrote:

Something like this:<= /u>

=C2=A0

=E2=80=9CIn some cases a UAC ne= eds to include an Authorization header field in a request before it has rec= eived a challenge, in order to provide user information (using the =E2=80= =98userinfo=E2=80=99 header field parameter) that is needed in order to create the challenge. An examp= le of such case is when the HTTP Digest Authentication Using AKA mechanism = (RFC3310) (RFC4169) is used. In such case the Authorization header field wo= uld typically not contain a =E2=80=98response=E2=80=99 header field parameter before a challenge response is provided. However, f= or the IP Multimedia Subsystem (IMS) it has been specified that the Authori= zation header field in such case does contain a =C2=A0=E2=80=98response=E2= =80=99 header field parameter, with an empty value (empty string). For that reason the modified request-digest ABNF allows such empt= y values.=E2=80=9D

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

From: = Rifaat Shekh-Yusef &l= t;rifaat.ietf@gm= ail.com>
Date: Thursday, 31 October 2019 at 19.22
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: Christer Holmberg <christer.holmberg=3D40ericsson.com@dmarc.ietf.org<= /a>>, "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "draft-i= etf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore-dig= est-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org= >, Alexey Melnikov <aamelnikov@fastmail.fm>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Can you propose some text?

=C2=A0

Thanks,

=C2=A0Rifaat

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 11:44 AM Christer Holmberg &= lt;chri= ster.holmberg@ericsson.com> wrote:

Hi,

=C2=A0

Perhaps we could add some text = about the IMS use-case, in order to explain the empty value?<= u>

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

From: sipcore <sipcore-bounces@ietf= .org> on behalf of Christer Holmberg <christer.holmberg=3D40ericsson.com@= dmarc.ietf.org>
Date: Thursday, 31 October 2019 at 15.52
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "dra= ft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.o= rg" <sipc= ore@ietf.org>, Alexey Melnikov <aamelnikov@fastmail.fm>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Hi,

=C2=A0

>This IMS behavior would hav= e been in violation of RFC3261 which specified exactly 32 Hex characters.

>So, this change should not = make much of=C2=A0a difference in this case.

=C2=A0

In reality it probably doesn=E2= =80=99t make a difference, but it would make the IMS procedures =E2=80=9Cal= igned=E2=80=9D with the IETF spec.

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 9:37 AM Christer Holmberg &l= t;chris= ter.holmberg@ericsson.com> wrote:

=C2=A0

Hi,

=C2=A0

The reason for the empty value = comes from IMS and AKA, where you need to include the user id already in th= e initial REGISTER request (this seems to be missing from RFC 3310, but that=E2=80=99s a separate topic) in order for the serve= r to create the challenge,=C2=A0 meaning that in the initial REGISTER reque= st you include an Authorization header field with the username parameter ca= rrying the IMS private user identity, the realm parameter and the uri parameter. At this point you obviously don=E2=80=99t= yet have the response, so in IMS it is specified that the response paramet= er is inserted with an empty value.

=C2=A0

WHY it was specified that way (= instead of simply not including the response parameter) I don=E2=80=99t kno= w, but I do know that it has been implemented and deployed that way for many years.

=C2=A0

Regards,

=C2=A0

Christer

=C2=A0

=C2=A0

From: sipcore <sipcore-bounces@ietf= .org> on behalf of Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Thursday, 31 October 2019 at 15.20
To: Alexey Melnikov <aamelnikov@fastmail.fm>
Cc: "sipcore-chairs@ietf.org" <sipcore-chairs@ietf.org>, "dra= ft-ietf-sipcore-digest-scheme@ietf.org" <draft-ietf-sipcore-digest-scheme@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "sipcore@ietf.o= rg" <sipc= ore@ietf.org>
Subject: Re: [sipcore] Alexey Melnikov's No Objection on draft-i= etf-sipcore-digest-scheme-12: (with COMMENT)

=C2=A0

Done.

=C2=A0

On Thu, Oct 31, 2019 at 9:13 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

On Thu, Oct 31, 2019, at 1:11 PM, Rifaat Shekh-Yusef= wrote:

Hi Alexey,

=C2=A0

I am fine with Paul's suggestion.<= /p>

Are you ok with=C2=A0&qu= ot;32*LHEX"?

Yes!

=C2=A0

Thank you,

Alexey

=C2=A0

Regards,

=C2=A0Rfaat

=C2=A0

=C2=A0

On Thu, Oct 31, 2019 at 7:22 AM Alexey Melnikov <= aamelnikov@fast= mail.fm> wrote:

=C2=A0

Hi Rifaat,

=C2=A0

On Wed, Oct 30, 2019, at 9:50 PM, Rifaat Shekh-Yusef= wrote:

Thanks Alexey!

=C2=A0

I am fine with the first two comments, and will fix = these in the coming version of the document.

=C2=A0

I am not sure I follow the 3rd one. Why do you see t= he need for a minimum number of hex digits?

You do say that the number of hex digits match the h= ash lenght, so it is probably Ok. However empty value is never valid (and I= am worried it might hit some boundary condition bug in implementations), so prohibiting it in ABNF would be the best.

=C2=A0

Best Regards,

Alexey

=C2=A0

Regards,

=C2=A0Rifaat

=C2=A0

=C2=A0

=C2=A0

On Wed, Oct 30, 2019 at 1:16 PM Alexey Melnikov via = Datatracker <norep= ly@ietf.org> wrote:

Alexey Melnikov has entered the following ballot pos= ition for

draft-ietf-sipcore-digest-scheme-12: No Objection=

=C2=A0

When responding, please keep the subject line intact= and reply to all

email addresses included in the To and CC lines. (Fe= el free to cut this

introductory paragraph, however.)

=C2=A0

=C2=A0

for more information about IESG DISCUSS and COMMENT = positions.

=C2=A0

=C2=A0

The document, along with other ballot positions, can= be found here:

=C2=A0

=C2=A0

=C2=A0

----------------------------------------------------= ------------------

COMMENT:

----------------------------------------------------= ------------------

=C2=A0

I am agreeing with Alissa's DISCUSS.

=C2=A0

Also, I have a few comments of my own:=

=C2=A0

1) Last para of Section 2.1:

=C2=A0

2.1.=C2=A0 Hash Algorithms

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on the ordering of the

=C2=A0 =C2=A0challenge header fields in the response= it is preparing.

=C2=A0

This looks either wrong or confusing to me. I think = you are just saying here

that the order is decided by the server at this poin= t.

=C2=A0

=C2=A0 =C2=A0That

=C2=A0 =C2=A0process is specified in section 2.3 and= parallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

So based on the above, my suggested replacement for = both sentences:

=C2=A0

=C2=A0 =C2=A0A UAS prioritizes which algorithm to us= e based on its policy,

=C2=A0 =C2=A0which is specified in section 2.3 and p= arallels the process used in

=C2=A0 =C2=A0HTTP specified by [RFC7616].<= /u>

=C2=A0

2) Last para of Section 2.4:

=C2=A0

=C2=A0 =C2=A0If the UAC cannot respond to any of the= challenges in the response,

=C2=A0 =C2=A0then it SHOULD abandon attempts to send= the request unless a local

=C2=A0 =C2=A0policy dictates otherwise.

=C2=A0

Is trying other non Digest algorithms covered by &qu= ot;SHOULD abandon"?

If yes, maybe you should make this clearer.

=C2=A0

=C2=A0 =C2=A0For example, if the UAC does not have

=C2=A0 =C2=A0credentials or has stale credentials fo= r any of the realms, the UAC

=C2=A0 =C2=A0will abandon the request.=

=C2=A0

3) In Section 2.7:

=C2=A0

=C2=A0 =C2=A0 =C2=A0 request-digest =3D LDQUOT *LHEX= RDQUOT

=C2=A0

This now allows empty value. I suggest you specify a= minimum number of hex

digits allowed in the ABNF. Or at least change "= ;*LHEX" to "2*LHEX".

=C2=A0

=C2=A0

=C2=A0

=C2=A0

--00000000000048a85805963b8f7d-- From nobody Thu Oct 31 14:55:31 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06BFB120A8C for ; Thu, 31 Oct 2019 14:55:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wR9AKcb2MoVB for ; Thu, 31 Oct 2019 14:55:27 -0700 (PDT) Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720040.outbound.protection.outlook.com [40.107.72.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 460E0120A13 for ; Thu, 31 Oct 2019 14:55:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MZxvQsHX0BHmrKcq1BkIdgpg0aHTI7OYQ9exvyDD6EvPv6kOseNZ6jwyrj6ApbM0icpDs7sJ+GlCXWFXQ70CrC7oauXcHBLA0hUmDGIJDuqbkvwujhZa8PQKlnSb1ti8S6UOANcr/dWhTB2iiojNT9ffNyl/Kt98DSXAQoBfZbj20hvSJYMkxSPX06Ts5JJPG6fDjN16cFipXO4Hqq1BOi4cQJ1hBkA5ChgcB01n+CeaDCVPCxPE/Vd75dK3UjQxbae1j6d1lN0U9mXJpoO0bALrrnActoio9EnnQXMRbNEvOeXbgje+I6iyxQedXv+VLBlz/kaTFT4fSFoPR+1qWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uQpofihoAvJooTdSTsTtPrX+BpsitXIko2TklHhcx5U=; b=D73WEUdsKb395kPyxo30DNzTXvO3mnaB2wPAqMKDwBmg4xrVanJNwlWrIvHxPPRiB5w0ah9ShaMas/uxD3y8911+DFt0bWaTkuQvtyOEQxLbKe9KQww5RPyG7ZqNN4rPqDT9/FAg6imFjnPYvas1+qGiZVk/Kqh7Fn4+3A8KMjUkdPXN9FuxT2Q9RcqD4SL1/LydgD45AhPzVMJCQWiEDrc9cKH50jv0iWjkemdInII33obBaQrhDH549Cll5ZQ6JxGNQEnLNgn6toCaKDlqd+J2Mz3q9CK9yJoopz54F9HDy/LIzJOm7kZxpfc+wwG0zk5rTW9Bg3PX848JWMP/rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uQpofihoAvJooTdSTsTtPrX+BpsitXIko2TklHhcx5U=; b=bUxFv+rCQ7ujHPKtXY/RqQVmEPYEk5vwgnmixZLWxVUduakC9UZKe6n/Y/L9pnl4ooqdNUU2uhYHTsAexMMc4MgIgkC6MYC9PH9Hgh+mYpRkdBTmgndI2hORMCsF1UGvYDuHDJurkkph/hREYcf59UEZx1t7VoqYsSaw68f+MPE= Received: from DM3PR12CA0053.namprd12.prod.outlook.com (2603:10b6:0:56::21) by CH2PR12MB3752.namprd12.prod.outlook.com (2603:10b6:610:15::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Thu, 31 Oct 2019 21:55:26 +0000 Received: from SN1NAM02FT057.eop-nam02.prod.protection.outlook.com (2a01:111:f400:7e44::207) by DM3PR12CA0053.outlook.office365.com (2603:10b6:0:56::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2408.20 via Frontend Transport; Thu, 31 Oct 2019 21:55:26 +0000 Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu; Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; Received: from outgoing-alum.mit.edu (18.7.68.33) by SN1NAM02FT057.mail.protection.outlook.com (10.152.73.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Thu, 31 Oct 2019 21:55:25 +0000 Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id x9VLtNAv021060 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Thu, 31 Oct 2019 17:55:24 -0400 To: sipcore@ietf.org References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> From: Paul Kyzivat Message-ID: <413a75e5-7aa9-9940-70d2-2aa4596f78f8@alum.mit.edu> Date: Thu, 31 Oct 2019 17:55:23 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:18.7.68.33; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(376002)(39860400002)(85644002)(18543002)(199004)(189003)(70206006)(70586007)(6916009)(31696002)(316002)(6246003)(7596002)(478600001)(26826003)(65956001)(65806001)(229853002)(75432002)(50466002)(2351001)(8676002)(76130400001)(246002)(2361001)(8936002)(31686004)(305945005)(5660300002)(2870700001)(336012)(58126008)(486006)(106002)(956004)(11346002)(36906005)(786003)(88552002)(47776003)(76176011)(4744005)(2906002)(446003)(2486003)(126002)(2616005)(186003)(53546011)(476003)(356004)(23676004)(26005)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:CH2PR12MB3752; H:outgoing-alum.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-alum.mit.edu; A:1; MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 385c3a1b-19ee-4d0c-f697-08d75e4d0918 X-MS-TrafficTypeDiagnostic: CH2PR12MB3752: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 02070414A1 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: z1lyW1K+tMdbaLAOQAaXKVoYsr7XTPcAoTsLs6Ca5IfmfXFeEigVDmTkhHm25Zn6cKNOqSwhR9NT6bUwWW41dQk8SBMo6e4P2oK8q5pmlX63VVakDD4qWkgUpgs/mGiych/5AEG0IzWGvH+QWkGQIFcEgoVxv5vEr+IyVI1w2YU0+MlPOI/MS1MT0JLNlsFIzmJOC/q/u86aT7ABJW9nBnDoMeWBgW9dE8ChPEPQhNnH8VMeAIhItV3FtV1tKYCuDQyKzZzkJXAlTrCKF+ZaevcKCE+7Po6g0xlxbhpvVEtTLzudHqX/Ofta6orm4zWP+7o5ems8IPKYmG5uXsefrvRbX27UDmMe+BbGvk3kl8wmidx4kxWnYeFBvnSyr5Xpmd+JrfoX+CNRb60n0wAd/Y1smXWc5lMb/93bEkyYGwhLxH5+GFhMATGNBxvzvYv6 X-OriginatorOrg: alum.mit.edu X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Oct 2019 21:55:25.1816 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 385c3a1b-19ee-4d0c-f697-08d75e4d0918 X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3752 Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 21:55:30 -0000 On 10/31/19 1:37 PM, Maxim Sobolev wrote: > Hi, I am new here, so not sure what the proper process is, but there are > few comments I have with regards to the proposed RFC: > > 1. In the Abstract section there is a phrase "the broken MD5 algorithm". > I think "broken" might be a bit strong and emotionally charged. There is > nothing broken about MD5 as far as hashing algorithm is concerned. It is > proven to be not very secure in this day and age, but given the right > amount of time any today's algorithm would probably be in that category. This is a good point. MD5 is simply obsolete, not broken. Thanks, Paul From nobody Thu Oct 31 15:43:14 2019 Return-Path: X-Original-To: sipcore@ietfa.amsl.com Delivered-To: sipcore@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 066CD120074 for ; Thu, 31 Oct 2019 15:43:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OA8JuPIzZNhG for ; Thu, 31 Oct 2019 15:43:10 -0700 (PDT) Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1476312001E for ; Thu, 31 Oct 2019 15:43:10 -0700 (PDT) Received: by mail-il1-x133.google.com with SMTP id o16so6949173ilq.9 for ; Thu, 31 Oct 2019 15:43:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RRPrjOIAGwfSBpPUS3zt/vOR+8sEcPmRrJRys81UflI=; b=odh4rHUmcJdRrCN/DUxTsmWlqgmztFJQPbGIVQsz64PQXAwstDCiIytHKbgzlEmXmi wgsewfMMLiOoBdGQaKGGbLmTgf8u+e7675+89E1DStlYP8s9nScxAPIRcbvDyBmI74Qj xzrzK38xtawJFlo0nXOwP9wEF5xWeY0vCSOawcEkqSWvCJjaQ3yABFX2Ap+Pebf2pE99 daffAadkE5DRj3tRhz0JrlpkOtcJY8G5j+Pn0D5V7OB7/OVBZWxzp4YvenHzg2UhUJxC Q8JSp82F+ZTeTdNR1bXESOB790rn9oywEulrUe+8YMGIE+p29nHbbbviZ8aM1FfoD9HK L/4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RRPrjOIAGwfSBpPUS3zt/vOR+8sEcPmRrJRys81UflI=; b=U9+alWdvxYamsZFPxxzE1TH+aLr8LtIakDRE6hgmLwLu/ZHn1VbPvM59bSoyxU1zqA xnun3zi6FaXB7vSTTQj1ZdHaI5O8N+Y53fWsNrbJw/ETKd1LQb8VVoWVdad7U4rRMKsa EglT1yEGk9qfLVMpWcUobMUlxq6iWi+2fRWOsr51PnDnOKNY0IRBgV/94R+YFS2A7OXV 2J4Ca9D5VzNvjvB6G0Yvsv/o4EdnStxAumRhXNKelJG7VGeoeM69PdFODAb8pKvJ14WR 1LSjhZpPDtVUH+95vleuSAtjJrSTRdcpRNQW61U1IjcWA3m1GyC9chIkLqeV2ef+jUF8 VV3Q== X-Gm-Message-State: APjAAAXL2OnTt+mJtIz6uiaxbIUNXFyr5CLplVW58/jAuvlK2k3BrNuG om/0EcsF4m4hhkUauYHjGBvJHcm/HWuFBNz34A8= X-Google-Smtp-Source: APXvYqxQMVo7SXGHBwNLCtrtols/xeRRIVPW2SwSv3I0rHcKGIgAsyJ0j0pPNFwRwgIz88uHQCkL+DjOogotgxiXysU= X-Received: by 2002:a92:cb11:: with SMTP id s17mr9470541ilo.255.1572561789231; Thu, 31 Oct 2019 15:43:09 -0700 (PDT) MIME-Version: 1.0 References: <157252797201.30364.11393682991189471576@ietfa.amsl.com> In-Reply-To: From: Rifaat Shekh-Yusef Date: Thu, 31 Oct 2019 18:42:59 -0400 Message-ID: To: Maxim Sobolev Cc: SIPCORE Content-Type: multipart/alternative; boundary="000000000000d5a7aa05963c92db" Archived-At: Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-digest-scheme-14.txt X-BeenThere: sipcore@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SIP Core Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 22:43:13 -0000 --000000000000d5a7aa05963c92db Content-Type: text/plain; charset="UTF-8" Hi Maxim, I will address the first comment in the next version of the document. With regards to the second comment, where do you see that RFC7616 requires that you use the same nonce for all alternatives? Regards, Rifaat On Thu, Oct 31, 2019 at 1:37 PM Maxim Sobolev wrote: > Hi, I am new here, so not sure what the proper process is, but there are > few comments I have with regards to the proposed RFC: > > 1. In the Abstract section there is a phrase "the broken MD5 algorithm". I > think "broken" might be a bit strong and emotionally charged. There is > nothing broken about MD5 as far as hashing algorithm is concerned. It is > proven to be not very secure in this day and age, but given the right > amount of time any today's algorithm would probably be in that category. > > 2. Would be nice to have some examples, especially WRT multiple > alternative algorithms. What I don't like about RFC7616 (which this RFC > builds upon), though, is that they appear to suggest using the same nonce > for all alternatives. Is it really required for the functionality or not? > For the same amount of network BW used, you may provide more random bits > and make attacker's life maybe a bit harder. Also, I am not a security > expert, but it appears intuitively correct that a hash function with a > longer output might require more salt bits, so you might actually save some > BW by supplying each algorithm with just the right amount of randomness > this way. > > Thanks! > > -Max > > On Thu, Oct 31, 2019 at 6:20 AM wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Session Initiation Protocol Core WG of >> the IETF. >> >> Title : The Session Initiation Protocol (SIP) Digest >> Authentication Scheme >> Author : Rifaat Shekh-Yusef >> Filename : draft-ietf-sipcore-digest-scheme-14.txt >> Pages : 9 >> Date : 2019-10-31 >> >> Abstract: >> This document updates RFC 3261 by updating the Digest Access >> Authentication scheme used by the Session Initiation Protocol (SIP) >> to add support for more secure digest algorithms, e.g., SHA-256 and >> SHA-512-256, to replace the broken MD5 algorithm. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-sipcore-digest-scheme/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-ietf-sipcore-digest-scheme-14 >> https://datatracker.ietf.org/doc/html/draft-ietf-sipcore-digest-scheme-14 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-sipcore-digest-scheme-14 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> sipcore mailing list >> sipcore@ietf.org >> https://www.ietf.org/mailman/listinfo/sipcore >> > > --000000000000d5a7aa05963c92db Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Maxim,

I will address the first comm= ent in the next=C2=A0version of the document.

With= regards to the second=C2=A0comment, where do you see that RFC7616 requires= that you use the same nonce for all alternatives?

Regards,
=C2=A0Rifaat


On Thu, Oct 31, 2019= at 1:37 PM Maxim Sobolev <sobo= max@sippysoft.com> wrote:
Hi, I am new here, so no= t sure what the proper process is, but there are few comments I have with r= egards to the proposed RFC:

1. In the Abstract section= =C2=A0there is a phrase=C2=A0"the broken MD5 algorithm".=C2=A0I think "b= roken" might be a bit strong and emotionally charged. There is nothing= broken about MD5 as far as hashing algorithm is concerned. It is proven to= be not very secure in this day and age, but given the right amount of time= any=C2=A0today's algorithm would probably be in that category.

2. Would be nice to have some examples, especially WRT mu= ltiple alternative algorithms. What I don't like about RFC7616 (which t= his RFC builds upon), though, is that they appear to suggest using the same= nonce for all alternatives. Is it really required for the functionality or= not? For the same amount=C2=A0of network BW used, you may provide more ran= dom bits and make attacker's life maybe a bit harder. Also, I am not a = security expert, but it appears intuitively correct that a hash function=C2= =A0with a longer output might require more salt bits, so you might actually= save some BW by supplying each algorithm=C2=A0with just the right amount o= f randomness this way.

Thanks!

-Max

On Thu, Oct 31, 2019 at 6:20 AM <internet-drafts@ietf.org> wro= te:

A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Session Initiation Protocol Core WG of the= IETF.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= The Session Initiation Protocol (SIP) Digest Authentication Scheme
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Author=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 : Rifa= at Shekh-Yusef
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 : draft-iet= f-sipcore-digest-scheme-14.txt
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0:= 9
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 := 2019-10-31

Abstract:
=C2=A0 =C2=A0This document updates RFC 3261 by updating the Digest Access =C2=A0 =C2=A0Authentication scheme used by the Session Initiation Protocol = (SIP)
=C2=A0 =C2=A0to add support for more secure digest algorithms, e.g., SHA-25= 6 and
=C2=A0 =C2=A0SHA-512-256, to replace the broken MD5 algorithm.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/d= raft-ietf-sipcore-digest-scheme/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-iet= f-sipcore-digest-scheme-14
https://datatracker.ietf.or= g/doc/html/draft-ietf-sipcore-digest-scheme-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?= url2=3Ddraft-ietf-sipcore-digest-scheme-14


Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
sipcore mailing list
sipcore@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sipcore

--000000000000d5a7aa05963c92db--