From nobody Mon Jul 1 02:00:14 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5835B120228 for ; Mon, 1 Jul 2019 02:00:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bJnWG1knQGWs for ; Mon, 1 Jul 2019 02:00:08 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130057.outbound.protection.outlook.com [40.107.13.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0A2120220 for ; Mon, 1 Jul 2019 02:00:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1QFWYEtjgvLc4pjEaifq4NDAkjNKT15WpYDxza8hC9Q=; b=ocfarx/YnGRjXK+jtyWD57GDFyRWFI+ZQMFFvxjGrbdcXpvZfIBLW31X4WULjYpbMVvjjfe0ITBsnCh5DwVoAdBV0flieD7ONS9pCiaxhzAk/+g7SD6MLt3oMDefavmAtyEZf7UywM5db6t43cDoTa0zu5dnMiMsrlwhNrvJ3VA= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2786.EURPRD10.PROD.OUTLOOK.COM (20.178.202.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2032.18; Mon, 1 Jul 2019 09:00:05 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2032.019; Mon, 1 Jul 2019 09:00:05 +0000 From: "Brockhaus, Hendrik" To: "housley@vigilsec.com" CC: "spasm@ietf.org" Thread-Topic: Request slot for WG LAMPS meeting at IETF105 Thread-Index: AdUv6k2NPNyUORrrSwKSF9w+4uL+7Q== Date: Mon, 1 Jul 2019 09:00:05 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [80.146.228.81] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 003730eb-7f2e-4034-cca0-08d6fe02829a x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB2786; x-ms-traffictypediagnostic: AM0PR10MB2786: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 00851CA28B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(366004)(39860400002)(346002)(376002)(199004)(189003)(45074003)(86362001)(53936002)(66476007)(186003)(66556008)(478600001)(66066001)(102836004)(8676002)(316002)(55016002)(2351001)(66446008)(2906002)(6116002)(73956011)(76116006)(64756008)(476003)(66946007)(790700001)(3846002)(486006)(52536014)(99286004)(74316002)(6506007)(81156014)(6436002)(1730700003)(81166006)(33656002)(19627235002)(6916009)(7696005)(561944003)(9686003)(6306002)(25786009)(5640700003)(54896002)(4744005)(14444005)(256004)(8936002)(4326008)(7736002)(5660300002)(71190400001)(71200400001)(14454004)(26005)(2501003)(68736007); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB2786; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: uXWx327rGt2s5WGlJutXIBaizCCD8cHLW4nXWlracEL0f3zTthCdtPhuGVih6u6cqtwU/jNrrtwZwmUAcRbxMn1e+8FCMvSQS4m9zhBEUUqlnpjrFJGd18PwB5qnTS23KY8fyA9Opz//xN70N+ZXkbA1OXn3bfRKncgjiRFO82+mSFTsOuVf+nuaCta0cJhvn0VupMm6hnxMAY4jsO3/6b1ap6bmbL0O0WwcyFZ1oeD2Dz49FM3AlnN3KlKTMQMYrsL4Y+WaSeOUeFB8LigrWFDHU9wmMUOImBsLp/HEm1kc4LohLCAWYs1iPdKoKZd4adyw0lg2PGcwE6V42duzNzQFjrMqvtc0Jj21W4RyS5jITe+8GerGQXgBNEfDsxKgAqTVdXUdPJbDNwIeOWO95iUAdVQLyQub/uv5yvUafq8= Content-Type: multipart/alternative; boundary="_000_AM0PR10MB2402906E9A53C035B150B6E3FEF90AM0PR10MB2402EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 003730eb-7f2e-4034-cca0-08d6fe02829a X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2019 09:00:05.2907 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2786 Archived-At: Subject: [lamps] Request slot for WG LAMPS meeting at IETF105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 09:00:12 -0000 --_000_AM0PR10MB2402906E9A53C035B150B6E3FEF90AM0PR10MB2402EURP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Russ As already discussed, I would like to present the current status on the Lig= htweight CMP Profile and CMP Update Drafts and on our request to add this t= opic to the LAMPS charter. This is my proposal for the charter: As certificate management gets increasingly important in many environments,= it needs to be tailored to the specific needs. CMP as existing protocol of= fers a vast range of options. As it is already being applied in different i= ndustrial environments it needs to be enhanced to more efficiently support = of these use cases, crypto agility and specific communication relations on = the one hand and profiled to the necessary functionality on the other hand = to ease application and to better facilitate interoperable implementation. Hendrik --_000_AM0PR10MB2402906E9A53C035B150B6E3FEF90AM0PR10MB2402EURP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Russ

 

As already discussed, I would l= ike to present the current status on the Lightweight CMP Profile and CMP Up= date Drafts and on our request to add this topic to the LAMPS charter.=

 

This is my proposal for the cha= rter:

As certificate management gets increasingly important in man= y environments, it needs to be tailored to the specific needs. CMP as exist= ing protocol offers a vast range of options. As it is already being applied in different industrial environments it needs = to be enhanced to more efficiently support of these use cases, crypto agili= ty and specific communication relations on the one hand and profiled to the= necessary functionality on the other hand to ease application and to better facilitate interoperable impl= ementation. 

 

Hendrik

--_000_AM0PR10MB2402906E9A53C035B150B6E3FEF90AM0PR10MB2402EURP_-- From nobody Mon Jul 1 07:27:58 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65672120271 for ; Mon, 1 Jul 2019 07:27:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dIDfLLyEF34 for ; Mon, 1 Jul 2019 07:27:54 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3A401200FE for ; Mon, 1 Jul 2019 07:27:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 71B12300AFB for ; Mon, 1 Jul 2019 10:08:31 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 7kR9k_rHMyKG for ; Mon, 1 Jul 2019 10:08:29 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id CAED7300A2E; Mon, 1 Jul 2019 10:08:29 -0400 (EDT) From: Russ Housley Message-Id: <53E42F84-1C7C-41B1-8B75-04C6197534D0@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_B43415E6-9470-4E02-A401-F66DE83E5756" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Mon, 1 Jul 2019 10:27:46 -0400 In-Reply-To: Cc: "spasm@ietf.org" To: "Brockhaus, Hendrik" References: X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Request slot for WG LAMPS meeting at IETF105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 14:27:57 -0000 --Apple-Mail=_B43415E6-9470-4E02-A401-F66DE83E5756 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hendrik: If you were to assume a charter approval in October, what milestones = would you want to appear in the charter? Russ > On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik = wrote: >=20 > Russ > =20 > As already discussed, I would like to present the current status on = the Lightweight CMP Profile and CMP Update Drafts and on our request to = add this topic to the LAMPS charter. > =20 > This is my proposal for the charter: > As certificate management gets increasingly important in many = environments, it needs to be tailored to the specific needs. CMP as = existing protocol offers a vast range of options. As it is already being = applied in different industrial environments it needs to be enhanced to = more efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable implementation.=20 > =20 > Hendrik --Apple-Mail=_B43415E6-9470-4E02-A401-F66DE83E5756 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hendrik:

If= you were to assume a charter approval in October, what milestones would = you want to appear in the charter?

Russ


On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:

Russ
 
As already discussed, I would like to present = the current status on the Lightweight CMP Profile and CMP Update Drafts = and on our request to add this topic to the LAMPS charter.
 
This is = my proposal for the charter:
As = certificate management gets increasingly important in many environments, = it needs to be tailored to the specific needs. CMP as existing protocol = offers a vast range of options. As it is already being applied in = different industrial environments it needs to be enhanced to more = efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable implementation. 
 
Hendrik

= --Apple-Mail=_B43415E6-9470-4E02-A401-F66DE83E5756-- From nobody Mon Jul 1 17:26:25 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 438F112018A; Mon, 1 Jul 2019 17:26:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Daniel Migault via Datatracker To: Cc: spasm@ietf.org, draft-ietf-lamps-cms-shakes.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.98.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Daniel Migault Message-ID: <156202717120.5730.12825083272193517507@ietfa.amsl.com> Date: Mon, 01 Jul 2019 17:26:11 -0700 Archived-At: Subject: [lamps] Secdir last call review of draft-ietf-lamps-cms-shakes-11 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2019 00:26:12 -0000 Reviewer: Daniel Migault Review result: Has Nits Hi I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I believe the document is ready with nits. Yours, Daniel LAMPS WG P. Kampanakis Internet-Draft Cisco Systems Updates: 3370 (if approved) Q. Dang Intended status: Standards Track NIST Expires: December 19, 2019 June 17, 2019 Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) draft-ietf-lamps-cms-shakes-11 2. Introduction In the SHA-3 family, two extendable-output functions (SHAKEs), SHAKE128 and SHAKE256, are defined. Four other hash function instances, SHA3-224, SHA3-256, SHA3-384, and SHA3-512 are also defined but are out of scope for this document. A SHAKE is a variable length hash function defined as SHAKE(M, d) where the output is a d-bits long digest of message M. The corresponding collision and second preimage resistance strengths for SHAKE128 are min(d/2,128) and min(d,128) bits respectively (Appendix A.1 [SHA3]). And, the corresponding collision and second preimage resistance strengths for SHAKE256 are min(d/2,256) and min(d,256) bits respectively. since we are introducing d in this section and the specification fixes d later, we may fix d here and list the associated security for the fixed value. I would also suggest that additional resistance considerations be mentioned in the security consideration with a reference to it in the introduction. Additional consideration would also provide preimage resistance and extends the considerations regarding 128/256 bit security and post quantum resistance. A SHAKE can be used in CMS as the message digest function (to hash the message to be signed) in RSASSA-PSS and ECDSA, message authentication code and as the mask generation function (MGF) in RSASSA-PSS. This specification describes the identifiers for SHAKEs to be used in CMS and their meaning. 3. Identifiers This section defines four new object identifiers (OIDs) for using SHAKE128 and SHAKE256 in CMS. It is unclear to me if this section defines OIDs. Instead, it seems to me that the section lists OIDs for convenience but these are defined in other documents. Two object identifiers for SHAKE128 and SHAKE256 hash functions are defined in [shake-nist-oids] and we include them here for convenience. id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 2 11 } id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 2 12 } In this specification, when using the id-shake128 or id-shake256 algorithm identifiers, the parameters MUST be absent. That is, the identifier SHALL be a SEQUENCE of one component, the OID. It might be clearer if the AlgoritmIdentifier structure is added for convenience or referenced maybe by RFC5280 in the document. On the other hand, I am also inclined to think that this section may be replaced with a reference to lamps-pkix-shake.and the list of id-*. This could be one sentence in the introduction 4. Use in CMS 4.1. Message Digests The id-shake128 and id-shake256 OIDs (Section 3) can be used as the digest algorithm identifiers located in the SignedData, SignerInfo, DigestedData, and the AuthenticatedData digestAlgorithm fields in CMS x [RFC5652]. The encoding MUST omit the parameters field and the I might be missing one level of encapsulation, but my understanding is that digest algorithm identifiers and algorithm identifiers have the same structure. If that is correct, it seems that the requirement to omit the parameters is redundant with the definition of the algorithm identifiers as well as with lamps-pkix-shake. I am reading the sentence as it provides some requirements on the message format (no parameters are provided) as well as the setting of an output size. I interpret the output size as a parameter for the message-digesting algorithm as opposed as a parameter that is provided in the message. If that is the case, that might be specified explicitly and maybe in two different sentences as to avoid coupling requirements of different nature. output size, d, for the SHAKE128 or SHAKE256 message digest MUST be 256 or 512 bits respectively. The digest values are located in the DigestedData field and the Message Digest authenticated attribute included in the signedAttributes of the SignedData signerInfo. In addition, digest values are input to signature algorithms. The digest algorithm MUST be the same as the message hash algorithms used in signatures. 4.2. Signatures In CMS, signature algorithm identifiers are located in the SignerInfo signatureAlgorithm field of SignedData content type and countersignature attribute. Signature values are located in the SignerInfo signature field of SignedData content type and countersignature attribute. Conforming implementations that process RSASSA-PSS and ECDSA with SHAKE signatures when processing CMS data MUST recognize the corresponding OIDs specified in Section 3. When using RSASSA-PSS or ECDSA with SHAKEs, the RSA modulus and ECDSA curve order SHOULD be chosen in line with the SHAKE output length. In the context of this document SHAKE128 OIDs are RECOMMENDED for 2048 or 3072-bit RSA modulus or curves with group order of 256-bits. SHAKE256 OIDs are RECOMMENDED for 4096-bit RSA modulus and higher or curves with group order of 384-bits and higher. I believe a reference to the security consideration should be provided with further discussions on the meaning of "in line". The security consideration should maybe provide a reference that correlates symmetric - as CMS can be used with AES -, factoring modulus Elliptic curves and hash. Though the current security consideration reference SP800-78-4 and SP800-107, maybe the following ones could be used in the security consideration. They look more recent but I have not deeply looked at those. * Algorithms, Key Size and Protocols Report (2018), H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018. * Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 4, NIST, 01/2016. 4.2.1. RSASSA-PSS Signatures The RSASSA-PSS algorithm is defined in [RFC8017]. When id-RSASSA- PSS-SHAKE128 or id-RSASSA-PSS-SHAKE256 specified in Section 3 is used, the encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, id-RSASSA- PSS-SHAKE128 or id-RSASSA-PSS-SHAKE256. [RFC4055] defines RSASSA- PSS-params that are used to define the algorithms and inputs to the algorithm. This specification does not use parameters because the hash, mask generation algorithm, trailer and salt are embedded in the OID definition. This is a similar comment as the one provided earlier. It does not seem to me that this document "specifies" (in section 3) algorithms. It seems to me these algorithms are provided for convenience but are specified in pkix-shake. Similarly, the absence of parameter does not seems to me necessary here - unless I am missing something. It seems that MUST and SHALL are aiming at preventing the NULL parameter, I am wondering if there are any reasons for having different terms. The explanation may be moved to section 3. The hash algorithm to hash a message being signed and the hash algorithm as the mask generation function used in RSASSA-PSS MUST be the same, SHAKE128 or SHAKE256 respectively. The output-length of the hash algorithm which hashes the message SHALL be 32 or 64 bytes respectively. I suggest we use bytes or bits in the document. 4.2.2. ECDSA Signatures The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in [X9.62]. When the id-ecdsa-with-shake128 or id-ecdsa-with-shake256 (specified in Section 3) algorithm identifier appears, the respective SHAKE function is used as the hash. The encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the OID id-ecdsa-with-shake128 or id- ecdsa-with-shake256. same comment regarding the parameter field 4.3. Public Keys The identifier parameters, as explained in Section 3, MUST be absent. Same comment as above. 4.4. Message Authentication Codes 6. Security Considerations This document updates [RFC3370]. The security considerations section of that document applies to this specification as well. NIST has defined appropriate use of the hash functions in terms of the algorithm strengths and expected time frames for secure use in Special Publications (SPs) [SP800-78-4] and [SP800-107]. These documents can be used as guides to choose appropriate key sizes for various security scenarios. When more than two parties share the same message-authentication key, data origin authentication is not provided. Any party that knows the message-authentication key can compute a valid MAC, therefore the content could originate from any one of the parties. I would suggest to add some considerations on resistance with post quantum computers. From nobody Thu Jul 4 15:33:24 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36C5012011D for ; Thu, 4 Jul 2019 15:33:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRc3YyCOjqMv for ; Thu, 4 Jul 2019 15:33:20 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82CC41200DB for ; Thu, 4 Jul 2019 15:33:20 -0700 (PDT) IronPort-SDR: e+9zpT29Q98zvi2QbTIsf2ppk+VN2Q0J+IfK5Ww6Qm14LL//9pgS989gmjJgf50oJxX5i//D5J wKmYLMizMxCQ== X-fn: image002.jpg X-IronPort-AV: E=Sophos;i="5.63,452,1557205200"; d="jpg'145?scan'145,208,217,145";a="42861822" Received: from pmspex05.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.52]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 04 Jul 2019 17:33:19 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX05.corporate.datacard.com (192.168.211.52) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Jul 2019 17:33:19 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1473.003; Thu, 4 Jul 2019 17:33:19 -0500 From: Mike Ounsworth To: "spasm@ietf.org" CC: Russ Housley , "tim.hollebeek@digicert.com" Thread-Topic: draft-ounsworth-pq-composite-sigs-01 is published Thread-Index: AdUyt5HmcE02nG+QTLuTaWPDC5UbhA== Date: Thu, 4 Jul 2019 22:33:18 +0000 Message-ID: Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.207.5] Content-Type: multipart/related; boundary="_004_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_"; type="multipart/alternative" MIME-Version: 1.0 Archived-At: Subject: [lamps] draft-ounsworth-pq-composite-sigs-01 is published X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 22:33:23 -0000 --_004_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_ Content-Type: multipart/alternative; boundary="_000_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_" --_000_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, We have published a new version of draft-ounsworth-pq-composite-sigs-01 add= ressing composite keys and signatures for X.509 and CMS. I.e., address post= -quantum uncertainty by using more than one key at a time. https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ We welcome feedback and discussion, and would like to request a speaking sl= ot in Montreal. - - - Mike Ounsworth | Software Security Architect | Office: +1-613-270-2873 [smaller sharp edc-logo (2)] --_000_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi all,

 

We have published a new version of draft-ounsworth-p= q-composite-sigs-01 addressing composite keys and signatures for X.509 and = CMS. I.e., address post-quantum uncertainty by using more than one key at a= time.

 

https://datatracker.ietf.org/doc/draft-ounsworth-pq-= composite-sigs/

 

We welcome feedback and discussion, and would like t= o request a speaking slot in Montreal.

 

- - -

Mike Ounsw= orth | Software Security Archit= ect | Office: +1-613-270-2873

3D"smaller

 

--_000_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_-- --_004_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_ Content-Type: image/jpeg; name="image002.jpg" Content-Description: image002.jpg Content-Disposition: inline; filename="image002.jpg"; size=3640; creation-date="Thu, 04 Jul 2019 22:33:18 GMT"; modification-date="Thu, 04 Jul 2019 22:33:18 GMT" Content-ID: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAeAB4AAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7 Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCABIARADASIA AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3 ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiii gAopKQuoIBYAnoCetADqKSigBaKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKK KACiiigAooooAKKKSgBaKKKACmOyqpZmwB1NPqlqn/IJvP8Ari/8jQBx+s/ENFmOneH4Df3hO0Oq kqD7Dv8AyrM/4Q/xJqjHUdS1fyNSHzW8RfGPy6fhn3pnhC6/sfwDf6rawxm8jlKrI6844xz6cmks /DOseIbBddn1hlupMvAMnjB/Tp2rpsotqOnmzuhTSTd0ltd66l2w8capoF0un+LLRx2W6Veo9Tjg j6flXd2V9a6jaLdWcyywuPlcd64LS9TuNe8JazDq4juHskKpIyjOcHn6gjrWv8Mv+RPgPYyN/Ooq RVm7WaMKtPkbT3X3HVzXVvb486eOPd03tjNR/wBp2P8Az+2//f0VwvxTVWm0rzM7QzbselZgi+G8 m1PNvAzHb1PWsTA9VR1dQysGVuhB606uN8TeILjwlDplrp8KTQsNuHyTtHSs658a+INLv7Y6ppMd vZ3L/KuTu2+x9e+KAPQWkRCAzKCegJp9eW+PbnUW8T2O2LbGu02hDY805BwfxxXQap4j17SfCi6j eWUEN+bgRtETldpPXNAHY0tcPpXizWdUjubz+zhFYwWrMsxXh5B2B9KveGvEt5rPha41S4iiSaLd gJnacCgDqqTNcVo/ja4n8IXuuXtuha2cqEiyAfSo9H8R+KdRktbgadZT2dw2GEUvzwjPU96AO4Mi hgpZQx6DPNOrynxXdat/wnluVt186Ij7HGHOJhngmvRdHmv59Oik1OFYLsg+ZGhyF5oAtT3NvbgG eaOIHpubGaZHf2crbY7uF29BIK4T4qqHOlKejSEH8cVYvfhvpqacZtNmuLe6RPMQ+ZkEgZxTA7yj IriPAeu3+o6JeRTDz7qyyI2c/wCs44BP6VUufFfi7TomvLrSbMQIRvRZQWUfhSA9BLKoyzAD1JpQ QRkHIrzrxvq1zqnhCzu7SEiwucNLJuw6HsB7Vr+DbvXZdJIvLOJbeKAG0YNlpeO9AHX0lee3fivx fYwveXOkWa26H54xLllGfr3raufGllbeFotb8pmE3yxw9y3cUAdTSVwUHiLxq4hu30KJ7Sdl2opw 4B7mtrxFqWv2vkJpNhBL5qkyPNKFEZ9OaAOjori9B8XahNr40XWbKOC4cbo3iOQe/wCoqlf+OtWt devtLttPjuXiYpbKmck+9AHoB6VUv9SsdNjWW9uYrdGOAXOMmuV1jxhqGk2enWosVk1i7jDPDjhC eMY+tc14y1HXbnTLa217TordhJ5kckZ+U8YwfenYD059Sso3VXuUVnAK5P3s9MVbHOPT2qlY28Mu n2jPGjsIUIJXOOKvAYJ60gHVT1ME6XdgAkmF8ADrwauUh6UAeT+DrnTb3wzdeG7u8+yXM8hK+YMe nAz3yOlWY7Txroo/sOyAmik/1UygYQZ557etdTr/AII0zXw0zx/Z7oj/AF8QwT9R3rlvsHj3RidI tJPtMM3yx3PXYPqeRXSpJttfczsp1rJrSz1s+5K9vYeDfDGo22oakkt/fxt+6j5O7Hb8T1NbXw0R k8IW4dSpLMQCMd6g0L4dWtlIL3WJDqF4fmYvygP9fxrsUVUQBU2gcAAY4rOpNWaTu2YzndvW7ZxH xKs7u5l0xra0luBEzM4RC3HpVP8A4SO4UZHgM5UcHyh/hXpGR3OPxpdw9RWRieeeNor7Vo9Auo9P m3bg8kaoW8v2NWPiPZ3V3FpQt7aWcJLlgik44ru8j1oDA96APPfHthfNc6NfW9pLOlsBvEa5IIwR T/FlxfeIfA6XA0u4hma4H7jGWAHc13+R60ZB70AYNlYTSeC4rFUMUrWewIwxtbHeuG0C617SdIvN BXQZpJXDfOQQqcYP19q9WyOmaNy+o/OgDzzwtb39j4FvUbRnvJWmP+iyjb5i96w1sJ5dWs28O6Pq Wl3Pmjzg5PlAd/wr2CjI9R+dO4HnfjW31C18VaZq8NjNdxQINwiXPzDtXZ6Rfy6lp6XU1pJau4yY pByPStAMp6EfnRketIDg/iXaXd0dNa1tJp/LdmIjXOMYqCfxT4m1S1NjY+HpreSRPL85wflGOteh CRGYoGBYdRnkUu5fUfnQBwcHhXUtE8EXtvaOW1S5+eQxnp7A/SuaXT4pvDzQQeHtSOqKP3s7lsdf fr9K9iyPUUZ96dwPO7rS765+Fdvaw2kpuEw7QlcPjJzxUum3utal4OutOtNNuLO5tYFSOVxtMvrt /Cu/3A96CwHcfnSA8dhsI30GS3Hh3UpdVAO+d920c9ff6Vrnw3qGp/Dqwghgdby1kaQRSjaX55r0 vcOmRn60ZHXPFO4HA23jPW3htrJPDV19qXCOzAhcd8Gqniy1vG8VQXWo2F5d6V5SkQ2+ThscggV6 TmjI9aAPLtI06ZPHdhcW2jXdjY4JVZQTxt6k9vpWnoVjcJ8TNTupbSRYm3lJWQ4PI6Gu+3L6j86M jOM80XA4Lxlpep2+v2XiHT7Z7ryMCSNRk8Z5+hBrI8VanrPifT4NmgXNvBE+TuXLM+OQB6V6pkHv RuHqKQFXTlZdPtlZSrCJcg9RxVukpaACiiigAooooAKSlooAwvE1tDLo00rrl41/dsDgrk1SluLz T31EWjRxWtiiFI9mSSw5JPpXSsgdSrDK+hHFNMSkn5Blvvcdfr61Selik9DnbzWZ3luVsbqIxw+V 8wZeQ2SdpPGaqyapdJcz3sVy8q/YleOB1A3nOCQP14rqPsNsIzH5CbD/AAhRin/Z4twfyl3AbRx0 Hp9KLoLo5mPVr7ywpuo1ieZUF420mMEc5A4HtmrGjTs9jqz/AGgTMJXAlUbQcDtW6LSARmNYECN9 5dox+VPESRrsRAq+gGBQ2rA2jjX1C4/smWFtQW2WK0DIrrlps9Tk8+3FWYdW1D7WsMZUCIoghk2g Mu0fNnqT9K6ZrWFtu6FDt4XKg8elK1tEziQwp5i/dbbyPxo5l2C6OUnv9UksAz3mftcMu0RxgeUV 7565ptzcztaqq6hjbFbs10oGcFucnpXXCJRgeWuB046Uz7LCI/LWBNhGNu3jFNS8h83kc1c6rdQX EkMUipG07ZuVVegXjrxzT49Xvhe2QvJUVJAFKw7WJJ/vDrgjuOldE1pA8fltCrJ/dI4+tKLWEMJP KTcv3W2DIHpSuhXRlTjN5qw8/wAjMKfvR/Bx1rGhv/7NhmjtoYTMVjDTQSF49pOMkHo3euuW3iE8 kvl/PKAHOOoFAtIEDKkCKrD5lCgBqSaBNHOJql43l28l7Hbxs7hbxtrZC9Af4Qakl1uS2iu0e6ha SIR+SxAHmZIyQO9b32O38ryfIj8vrs28UrWsLsrNCmU+6do4FO6C6OZk1fVI7Zrl5VEb3XkqyoB5 S+pzxk+/Fa+mtNqGm4v1SUMxXggh1zweOAa0DBGymNolZCfmUrwfqKekaxIEjQKo6KowBQ3psDaO QsY5raKBdPKRSXN3JE8sg3/IPTNSnXboXhMM26FxKoWQAFSq5BIHPX1rqREgxiNeDkcUwW0IYsII wx6nbzRddQuupzhv9WgTYbuKR5bZZlZlCBDu5APpjpmop9enFnG9vdMZo4y7iVEUPg4x3z/wGuoa BJAVaJSpGORnik+xwEKrQRkKMKCo49vpRdBdGLbX895cuJL+O2KvsW1KDcwxweeTnrxWdaahcWum WkgnF3KIZSdwyUII4OPTOTmus+zxM4lMS+aBw+3mhLeJCdsarknOF6560roLo5uTVtQR2t7e/iuS /l7Z1RSIyzYK8cE0XOp6laiRZLpAsEzK8gVd7LgEYU8HHt7V0kdtDCu2OJEXOdoXv60NbQuTvhRu cjKg8/5xTv5DuuwWz+ZFG4yQ6hiSMZ/DtVimqMdsCnVLJYtFFFAgooooAKKKKACiiigAooooAKKK KACiiigAooooAKSiigBaKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigD//2Q== --_004_e9d79e5ba6d04de9afabfa2d6087ce61PMSPEX05corporatedataca_-- From nobody Fri Jul 5 11:12:18 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E96D1200F5; Fri, 5 Jul 2019 11:12:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=KBpL/oMt; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=INckBotm Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BdPRHVk7LfIW; Fri, 5 Jul 2019 11:12:06 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 852491200F4; Fri, 5 Jul 2019 11:12:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15240; q=dns/txt; s=iport; t=1562350325; x=1563559925; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=xu1T6Bs3NiXssIQMzXGlt0JbmE+XkcxIkevuSrPtzeI=; b=KBpL/oMtFAhyqC2nrURC5rmavvWA8CbEcfoQBXpn7uoSJlXtTIb8ynd3 BOWCPLHizn90RZ1lHKJNb0aArU8Oc1JhNG/Y8jwLuwGg1oFMatEmSrSm0 h+hmupB8gHQSxwYuHwyE8fCjZfHtao+1A3CsSW2CkwFNB7HKhjG6AAQVC I=; IronPort-PHdr: =?us-ascii?q?9a23=3ArIdcFRzBOf/MLmHXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZudCkT+NPfsZgQxHd9JUxlu+HToeUU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BtAACxkR9d/4oNJK1mGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBVgMBAQELAYFDUANqVSAECygKhBKDRwOOSoJbl0aCUgNUCQEBAQw?= =?us-ascii?q?BARgNCAIBAYRAAheCFyM3Bg4BAwEBBAEBAgEFbYo3DIVKAQEBBAEBEBERDAE?= =?us-ascii?q?BLAsBCwQCAQgRBAEBAwImAgICJQsVCAgCBAENBQgagwGBagMdAQIMmmwCgTi?= =?us-ascii?q?IYHGBMoE5gUABAQWFFhiCEgMGgQwoAYteF4FAP4ERRoJMPoJhAQECgWGDCDK?= =?us-ascii?q?CJot1gnWbXwkCgheGVoRriF2XeI0whz+MMFqCcgIEAgQFAg4BAQWBZiIqgS5?= =?us-ascii?q?wFTuCbBOCLgkCAReDToUUhT9ygSmMTQGBIAEB?= X-IronPort-AV: E=Sophos;i="5.63,455,1557187200"; d="scan'208";a="587636697" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Jul 2019 18:12:03 +0000 Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x65IC3E4023485 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 5 Jul 2019 18:12:03 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 5 Jul 2019 13:12:02 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 5 Jul 2019 14:12:00 -0400 Received: from NAM01-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 5 Jul 2019 13:12:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xu1T6Bs3NiXssIQMzXGlt0JbmE+XkcxIkevuSrPtzeI=; b=INckBotmlvpX946LOKTCRiYEfkJaStMWm2x3YKTkSjyMywd6IHjnM8ejw+2c13jHUQb5ETXysYnoWHPdzEEgwiG18PT8xyagun2RCufF27N+aSJ8ec8fS7/XhMcMcpev2Bbl3TSoCKm1tdTNoQmPB5E4g7g61pdm8UVn6g5OP64= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2563.namprd11.prod.outlook.com (52.135.244.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Fri, 5 Jul 2019 17:56:04 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa%7]) with mapi id 15.20.2032.019; Fri, 5 Jul 2019 17:56:04 +0000 From: "Panos Kampanakis (pkampana)" To: Daniel Migault , "secdir@ietf.org" CC: "spasm@ietf.org" Thread-Topic: [lamps] Secdir last call review of draft-ietf-lamps-cms-shakes-11 Thread-Index: AQHVMGz8Y3AT7G/6YEuDZe4hzJWqDaa8Oexg Date: Fri, 5 Jul 2019 17:56:04 +0000 Message-ID: References: <156202717120.5730.12825083272193517507@ietfa.amsl.com> In-Reply-To: <156202717120.5730.12825083272193517507@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [173.38.117.93] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cae62517-0ecc-48eb-7281-08d701720cbd x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2563; x-ms-traffictypediagnostic: BN7PR11MB2563: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 008960E8EC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(396003)(39860400002)(346002)(136003)(199004)(189003)(13464003)(76116006)(186003)(66476007)(478600001)(26005)(73956011)(66556008)(76176011)(53546011)(66446008)(110136005)(102836004)(6506007)(64756008)(316002)(68736007)(486006)(2906002)(81166006)(8936002)(11346002)(966005)(446003)(74316002)(8676002)(52536014)(30864003)(33656002)(71200400001)(5660300002)(81156014)(229853002)(7736002)(99286004)(305945005)(7696005)(476003)(71190400001)(66946007)(55016002)(66066001)(66574012)(14444005)(25786009)(256004)(6306002)(53936002)(9686003)(6436002)(86362001)(3846002)(4326008)(6116002)(14454004)(6246003)(2501003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2563; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: aDEzSTCbU4UWL8TCzBR25eUFB2QfwGulQTRPX3nEmAwllkQJs+GOaX44bJCg16YdzQHk7tiOIG2vkfrIT3nyb3WJhMhFKyFaLHI1fNHfNsMBfHF22ab7Ju9XL0DHEj9Yk+2V+5y3aJ3RWhdDQO0D68wf3NL2eCOdCHsj++v/SdsBxeZqFIFYcvsxgd8v7v1tLTcryffnl3oZcd4jNjro9Unm+mSqRv03zuY9WkSWg/+f/zsmPxMQVpV+hmhs1pU+n84FgMIznCPW2d4urU1Nt5QBA/TdsOlU2apApd+42OqtRmBzVdwmj6Y9QpGAW3hsh/Xr/NBPKPx/q9YUcETkFQxLmJ968VE0nwPGRSrnbboT3cNB1QF0W+roAR+xX2JRyOFOWQg9tsv3qNUcHzy+TCsnmt3tQ/jLdvtk/sqZ3W0= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: cae62517-0ecc-48eb-7281-08d701720cbd X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2019 17:56:04.6896 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2563 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com X-Outbound-Node: alln-core-5.cisco.com Archived-At: Subject: Re: [lamps] Secdir last call review of draft-ietf-lamps-cms-shakes-11 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 18:12:10 -0000 SGkgRGFuLA0KDQpUaGFuayB5b3UgZm9yIHRoZSB0aG9yb3VnaCByZXZpZXcuIA0KDQpJIGFkZHJl c3NlZCB5b3VyIGNvbW1lbnRzIGluIHRoZSBsYXRlc3QgdmVyc2lvbiBvZiB0aGUgZHJhZnQgaW4g Z2l0IGh0dHBzOi8vZ2l0aHViLmNvbS9jc29zdG8tcGsvYWRkaW5nLXNoYWtlLXRvLXBraXgvYmxv Yi9tYXN0ZXIvZHJhZnQtaWV0Zi1sYW1wcy1jbXMtc2hha2VzLWN1cnJlbnQudHh0IEZvciB0aGUg c3BlY2lmaWMgYW5zd2VycyBhbmQgZml4ZXMgdG8geW91ciBjb21tZW50cyBjaGVjayBvdXQgdGhl IGdpdCBpc3N1ZSBodHRwczovL2dpdGh1Yi5jb20vY3Nvc3RvLXBrL2FkZGluZy1zaGFrZS10by1w a2l4L2lzc3Vlcy80OSNpc3N1ZWNvbW1lbnQtNTA4MzEyNzI5IExldCBtZSBrbm93IGlmIHNvbWV0 aGluZyBkb2Vzbid0IG1ha2Ugc2Vuc2UuIA0KDQpJIHdpbGwgdXBsb2FkIHRoaXMgaXRlcmF0aW9u IGluIGEgd2VlayBvciBzby4gDQoNClJncywNClBhbm9zDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNz YWdlLS0tLS0NCkZyb206IFNwYXNtIDxzcGFzbS1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYg T2YgRGFuaWVsIE1pZ2F1bHQgdmlhIERhdGF0cmFja2VyDQpTZW50OiBNb25kYXksIEp1bHkgMDEs IDIwMTkgODoyNiBQTQ0KVG86IHNlY2RpckBpZXRmLm9yZw0KQ2M6IHNwYXNtQGlldGYub3JnOyBk cmFmdC1pZXRmLWxhbXBzLWNtcy1zaGFrZXMuYWxsQGlldGYub3JnOyBpZXRmQGlldGYub3JnDQpT dWJqZWN0OiBbbGFtcHNdIFNlY2RpciBsYXN0IGNhbGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtbGFt cHMtY21zLXNoYWtlcy0xMQ0KDQpSZXZpZXdlcjogRGFuaWVsIE1pZ2F1bHQNClJldmlldyByZXN1 bHQ6IEhhcyBOaXRzDQoNCkhpDQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBh cnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3 IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBj b21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2Vj dXJpdHkgYXJlYSBkaXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hv dWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNv bW1lbnRzLg0KDQpJIGJlbGlldmUgdGhlIGRvY3VtZW50IGlzIHJlYWR5IHdpdGggbml0cy4NCg0K WW91cnMsDQpEYW5pZWwNCg0KTEFNUFMgV0cgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBQLiBLYW1wYW5ha2lzDQpJbnRlcm5ldC1EcmFmdCAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENpc2NvIFN5c3RlbXMNClVwZGF0 ZXM6IDMzNzAgKGlmIGFwcHJvdmVkKSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgUS4gRGFuZw0KSW50ZW5kZWQgc3RhdHVzOiBTdGFuZGFyZHMgVHJhY2sgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBOSVNUDQpFeHBpcmVzOiBEZWNlbWJlciAxOSwgMjAxOSAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEp1bmUgMTcsIDIwMTkNCg0KICBVc2Ugb2Yg dGhlIFNIQUtFIE9uZS13YXkgSGFzaCBGdW5jdGlvbnMgaW4gdGhlIENyeXB0b2dyYXBoaWMgTWVz c2FnZQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgU3ludGF4IChDTVMpDQogICAgICAg ICAgICAgICAgICAgICBkcmFmdC1pZXRmLWxhbXBzLWNtcy1zaGFrZXMtMTENCg0KMi4gIEludHJv ZHVjdGlvbg0KDQogICBJbiB0aGUgU0hBLTMgZmFtaWx5LCB0d28gZXh0ZW5kYWJsZS1vdXRwdXQg ZnVuY3Rpb25zIChTSEFLRXMpLA0KICAgU0hBS0UxMjggYW5kIFNIQUtFMjU2LCBhcmUgZGVmaW5l ZC4gIEZvdXIgb3RoZXIgaGFzaCBmdW5jdGlvbg0KICAgaW5zdGFuY2VzLCBTSEEzLTIyNCwgU0hB My0yNTYsIFNIQTMtMzg0LCBhbmQgU0hBMy01MTIgYXJlIGFsc28NCiAgIGRlZmluZWQgYnV0IGFy ZSBvdXQgb2Ygc2NvcGUgZm9yIHRoaXMgZG9jdW1lbnQuICBBIFNIQUtFIGlzIGENCiAgIHZhcmlh YmxlIGxlbmd0aCBoYXNoIGZ1bmN0aW9uIGRlZmluZWQgYXMgU0hBS0UoTSwgZCkgd2hlcmUgdGhl IG91dHB1dA0KICAgaXMgYSBkLWJpdHMgbG9uZyBkaWdlc3Qgb2YgbWVzc2FnZSBNLiAgVGhlIGNv cnJlc3BvbmRpbmcgY29sbGlzaW9uDQogICBhbmQgc2Vjb25kIHByZWltYWdlIHJlc2lzdGFuY2Ug c3RyZW5ndGhzIGZvciBTSEFLRTEyOCBhcmUNCiAgIG1pbihkLzIsMTI4KSBhbmQgbWluKGQsMTI4 KSBiaXRzIHJlc3BlY3RpdmVseSAoQXBwZW5kaXggQS4xIFtTSEEzXSkuDQogICBBbmQsIHRoZSBj b3JyZXNwb25kaW5nIGNvbGxpc2lvbiBhbmQgc2Vjb25kIHByZWltYWdlIHJlc2lzdGFuY2UNCiAg IHN0cmVuZ3RocyBmb3IgU0hBS0UyNTYgYXJlIG1pbihkLzIsMjU2KSBhbmQgbWluKGQsMjU2KSBi aXRzDQogICByZXNwZWN0aXZlbHkuDQoNCjxtZ2x0Pg0Kc2luY2Ugd2UgYXJlIGludHJvZHVjaW5n IGQgaW4gdGhpcyBzZWN0aW9uIGFuZCB0aGUgc3BlY2lmaWNhdGlvbiBmaXhlcyBkIGxhdGVyLCB3 ZSBtYXkgZml4IGQgaGVyZSBhbmQgbGlzdCB0aGUgYXNzb2NpYXRlZCBzZWN1cml0eSBmb3IgdGhl IGZpeGVkIHZhbHVlLg0KDQpJIHdvdWxkIGFsc28gc3VnZ2VzdCB0aGF0IGFkZGl0aW9uYWwgcmVz aXN0YW5jZSBjb25zaWRlcmF0aW9ucyBiZSBtZW50aW9uZWQgaW4gdGhlIHNlY3VyaXR5IGNvbnNp ZGVyYXRpb24gd2l0aCBhIHJlZmVyZW5jZSB0byBpdCBpbiB0aGUgaW50cm9kdWN0aW9uLiBBZGRp dGlvbmFsIGNvbnNpZGVyYXRpb24gd291bGQgYWxzbyBwcm92aWRlIHByZWltYWdlIHJlc2lzdGFu Y2UgYW5kIGV4dGVuZHMgdGhlIGNvbnNpZGVyYXRpb25zIHJlZ2FyZGluZyAxMjgvMjU2IGJpdCBz ZWN1cml0eSBhbmQgcG9zdCBxdWFudHVtIHJlc2lzdGFuY2UuDQoNCjwvbWdsdD4NCg0KICAgQSBT SEFLRSBjYW4gYmUgdXNlZCBpbiBDTVMgYXMgdGhlIG1lc3NhZ2UgZGlnZXN0IGZ1bmN0aW9uICh0 byBoYXNoDQogICB0aGUgbWVzc2FnZSB0byBiZSBzaWduZWQpIGluIFJTQVNTQS1QU1MgYW5kIEVD RFNBLCBtZXNzYWdlDQogICBhdXRoZW50aWNhdGlvbiBjb2RlIGFuZCBhcyB0aGUgbWFzayBnZW5l cmF0aW9uIGZ1bmN0aW9uIChNR0YpIGluDQogICBSU0FTU0EtUFNTLiAgVGhpcyBzcGVjaWZpY2F0 aW9uIGRlc2NyaWJlcyB0aGUgaWRlbnRpZmllcnMgZm9yIFNIQUtFcw0KICAgdG8gYmUgdXNlZCBp biBDTVMgYW5kIHRoZWlyIG1lYW5pbmcuDQoNCjMuICBJZGVudGlmaWVycw0KDQogICBUaGlzIHNl Y3Rpb24gZGVmaW5lcyBmb3VyIG5ldyBvYmplY3QgaWRlbnRpZmllcnMgKE9JRHMpIGZvciB1c2lu Zw0KICAgU0hBS0UxMjggYW5kIFNIQUtFMjU2IGluIENNUy4NCg0KPG1nbHQ+DQpJdCBpcyB1bmNs ZWFyIHRvIG1lIGlmIHRoaXMgc2VjdGlvbiBkZWZpbmVzIE9JRHMuIEluc3RlYWQsIGl0IHNlZW1z IHRvIG1lIHRoYXQgdGhlIHNlY3Rpb24gbGlzdHMgT0lEcyBmb3IgY29udmVuaWVuY2UgYnV0IHRo ZXNlIGFyZSBkZWZpbmVkIGluIG90aGVyIGRvY3VtZW50cy4NCjwvbWdsdD4NCg0KICAgVHdvIG9i amVjdCBpZGVudGlmaWVycyBmb3IgU0hBS0UxMjggYW5kIFNIQUtFMjU2IGhhc2ggZnVuY3Rpb25z IGFyZQ0KICAgZGVmaW5lZCBpbiBbc2hha2UtbmlzdC1vaWRzXSBhbmQgd2UgaW5jbHVkZSB0aGVt IGhlcmUgZm9yDQogICBjb252ZW5pZW5jZS4NCg0KICAgICBpZC1zaGFrZTEyOCBPQkpFQ1QgSURF TlRJRklFUiA6Oj0geyBqb2ludC1pc28taXR1LXQoMikNCiAgICAgICAgICBjb3VudHJ5KDE2KSB1 cyg4NDApIG9yZ2FuaXphdGlvbigxKSBnb3YoMTAxKSBjc29yKDMpDQogICAgICAgICAgbmlzdEFs Z29yaXRobSg0KSAyIDExIH0NCg0KICAgICBpZC1zaGFrZTI1NiBPQkpFQ1QgSURFTlRJRklFUiA6 Oj0geyBqb2ludC1pc28taXR1LXQoMikNCiAgICAgICAgICBjb3VudHJ5KDE2KSB1cyg4NDApIG9y Z2FuaXphdGlvbigxKSBnb3YoMTAxKSBjc29yKDMpDQogICAgICAgICAgbmlzdEFsZ29yaXRobSg0 KSAyIDEyIH0NCg0KICAgSW4gdGhpcyBzcGVjaWZpY2F0aW9uLCB3aGVuIHVzaW5nIHRoZSBpZC1z aGFrZTEyOCBvciBpZC1zaGFrZTI1Ng0KICAgYWxnb3JpdGhtIGlkZW50aWZpZXJzLCB0aGUgcGFy YW1ldGVycyBNVVNUIGJlIGFic2VudC4gIFRoYXQgaXMsIHRoZQ0KICAgaWRlbnRpZmllciBTSEFM TCBiZSBhIFNFUVVFTkNFIG9mIG9uZSBjb21wb25lbnQsIHRoZSBPSUQuDQoNCjxtZ2x0Pg0KSXQg bWlnaHQgYmUgY2xlYXJlciBpZiB0aGUgQWxnb3JpdG1JZGVudGlmaWVyIHN0cnVjdHVyZSBpcyBh ZGRlZCBmb3IgY29udmVuaWVuY2Ugb3IgcmVmZXJlbmNlZCBtYXliZSBieSBSRkM1MjgwIGluIHRo ZSBkb2N1bWVudC4NCg0KT24gdGhlIG90aGVyIGhhbmQsIEkgYW0gYWxzbyBpbmNsaW5lZCB0byB0 aGluayB0aGF0IHRoaXMgc2VjdGlvbiBtYXkgYmUgcmVwbGFjZWQgd2l0aCBhIHJlZmVyZW5jZSB0 byBsYW1wcy1wa2l4LXNoYWtlLmFuZCB0aGUgbGlzdCBvZiBpZC0qLg0KVGhpcyBjb3VsZCBiZSBv bmUgc2VudGVuY2UgaW4gdGhlIGludHJvZHVjdGlvbiA8L21nbHQ+DQoNCjQuICBVc2UgaW4gQ01T DQoNCjQuMS4gIE1lc3NhZ2UgRGlnZXN0cw0KDQogICBUaGUgaWQtc2hha2UxMjggYW5kIGlkLXNo YWtlMjU2IE9JRHMgKFNlY3Rpb24gMykgY2FuIGJlIHVzZWQgYXMgdGhlDQogICBkaWdlc3QgYWxn b3JpdGhtIGlkZW50aWZpZXJzIGxvY2F0ZWQgaW4gdGhlIFNpZ25lZERhdGEsIFNpZ25lckluZm8s DQogICBEaWdlc3RlZERhdGEsIGFuZCB0aGUgQXV0aGVudGljYXRlZERhdGEgZGlnZXN0QWxnb3Jp dGhtIGZpZWxkcyBpbiBDTVMgIHggIFtSRkM1NjUyXS4gIFRoZSBlbmNvZGluZyBNVVNUIG9taXQg dGhlIHBhcmFtZXRlcnMgZmllbGQgYW5kIHRoZQ0KDQo8bWdsdD4NCkkgbWlnaHQgYmUgbWlzc2lu ZyBvbmUgbGV2ZWwgb2YgZW5jYXBzdWxhdGlvbiwgYnV0IG15IHVuZGVyc3RhbmRpbmcgaXMgdGhh dCBkaWdlc3QgYWxnb3JpdGhtIGlkZW50aWZpZXJzIGFuZCBhbGdvcml0aG0gaWRlbnRpZmllcnMg aGF2ZSB0aGUgc2FtZSBzdHJ1Y3R1cmUuIElmIHRoYXQgaXMgY29ycmVjdCwgaXQgc2VlbXMgdGhh dCB0aGUgcmVxdWlyZW1lbnQgdG8gb21pdCB0aGUgcGFyYW1ldGVycyBpcyByZWR1bmRhbnQgd2l0 aCB0aGUgZGVmaW5pdGlvbiBvZiB0aGUgYWxnb3JpdGhtIGlkZW50aWZpZXJzIGFzIHdlbGwgYXMg d2l0aCBsYW1wcy1wa2l4LXNoYWtlLg0KDQpJIGFtIHJlYWRpbmcgdGhlIHNlbnRlbmNlIGFzIGl0 IHByb3ZpZGVzIHNvbWUgcmVxdWlyZW1lbnRzIG9uIHRoZSBtZXNzYWdlIGZvcm1hdCAobm8gcGFy YW1ldGVycyBhcmUgcHJvdmlkZWQpIGFzIHdlbGwgYXMgdGhlIHNldHRpbmcgb2YgYW4gb3V0cHV0 IHNpemUuIEkgaW50ZXJwcmV0IHRoZSBvdXRwdXQgc2l6ZSBhcyBhIHBhcmFtZXRlciBmb3IgdGhl IG1lc3NhZ2UtZGlnZXN0aW5nIGFsZ29yaXRobSBhcyBvcHBvc2VkIGFzIGEgcGFyYW1ldGVyIHRo YXQgaXMgcHJvdmlkZWQgaW4gdGhlIG1lc3NhZ2UuIElmIHRoYXQgaXMgdGhlIGNhc2UsIHRoYXQg bWlnaHQgYmUgc3BlY2lmaWVkIGV4cGxpY2l0bHkgYW5kIG1heWJlIGluIHR3byBkaWZmZXJlbnQg c2VudGVuY2VzIGFzIHRvIGF2b2lkIGNvdXBsaW5nIHJlcXVpcmVtZW50cyBvZiBkaWZmZXJlbnQg bmF0dXJlLg0KPC9tZ2x0Pg0KDQogICBvdXRwdXQgc2l6ZSwgZCwgZm9yIHRoZSBTSEFLRTEyOCBv ciBTSEFLRTI1NiBtZXNzYWdlIGRpZ2VzdCBNVVNUIGJlDQogICAyNTYgb3IgNTEyIGJpdHMgcmVz cGVjdGl2ZWx5Lg0KDQogICBUaGUgZGlnZXN0IHZhbHVlcyBhcmUgbG9jYXRlZCBpbiB0aGUgRGln ZXN0ZWREYXRhIGZpZWxkIGFuZCB0aGUNCiAgIE1lc3NhZ2UgRGlnZXN0IGF1dGhlbnRpY2F0ZWQg YXR0cmlidXRlIGluY2x1ZGVkIGluIHRoZQ0KICAgc2lnbmVkQXR0cmlidXRlcyBvZiB0aGUgU2ln bmVkRGF0YSBzaWduZXJJbmZvLiAgSW4gYWRkaXRpb24sIGRpZ2VzdA0KICAgdmFsdWVzIGFyZSBp bnB1dCB0byBzaWduYXR1cmUgYWxnb3JpdGhtcy4gIFRoZSBkaWdlc3QgYWxnb3JpdGhtIE1VU1QN CiAgIGJlIHRoZSBzYW1lIGFzIHRoZSBtZXNzYWdlIGhhc2ggYWxnb3JpdGhtcyB1c2VkIGluIHNp Z25hdHVyZXMuDQoNCjQuMi4gIFNpZ25hdHVyZXMNCg0KICAgSW4gQ01TLCBzaWduYXR1cmUgYWxn b3JpdGhtIGlkZW50aWZpZXJzIGFyZSBsb2NhdGVkIGluIHRoZSBTaWduZXJJbmZvDQogICBzaWdu YXR1cmVBbGdvcml0aG0gZmllbGQgb2YgU2lnbmVkRGF0YSBjb250ZW50IHR5cGUgYW5kDQogICBj b3VudGVyc2lnbmF0dXJlIGF0dHJpYnV0ZS4gIFNpZ25hdHVyZSB2YWx1ZXMgYXJlIGxvY2F0ZWQg aW4gdGhlDQogICBTaWduZXJJbmZvIHNpZ25hdHVyZSBmaWVsZCBvZiBTaWduZWREYXRhIGNvbnRl bnQgdHlwZSBhbmQNCiAgIGNvdW50ZXJzaWduYXR1cmUgYXR0cmlidXRlLg0KDQogICBDb25mb3Jt aW5nIGltcGxlbWVudGF0aW9ucyB0aGF0IHByb2Nlc3MgUlNBU1NBLVBTUyBhbmQgRUNEU0Egd2l0 aA0KICAgU0hBS0Ugc2lnbmF0dXJlcyB3aGVuIHByb2Nlc3NpbmcgQ01TIGRhdGEgTVVTVCByZWNv Z25pemUgdGhlDQogICBjb3JyZXNwb25kaW5nIE9JRHMgc3BlY2lmaWVkIGluIFNlY3Rpb24gMy4N Cg0KICAgV2hlbiB1c2luZyBSU0FTU0EtUFNTIG9yIEVDRFNBIHdpdGggU0hBS0VzLCB0aGUgUlNB IG1vZHVsdXMgYW5kIEVDRFNBDQogICBjdXJ2ZSBvcmRlciBTSE9VTEQgYmUgY2hvc2VuIGluIGxp bmUgd2l0aCB0aGUgU0hBS0Ugb3V0cHV0IGxlbmd0aC4NCiAgIEluIHRoZSBjb250ZXh0IG9mIHRo aXMgZG9jdW1lbnQgU0hBS0UxMjggT0lEcyBhcmUgUkVDT01NRU5ERUQgZm9yDQogICAyMDQ4IG9y IDMwNzItYml0IFJTQSBtb2R1bHVzIG9yIGN1cnZlcyB3aXRoIGdyb3VwIG9yZGVyIG9mIDI1Ni1i aXRzLg0KICAgU0hBS0UyNTYgT0lEcyBhcmUgUkVDT01NRU5ERUQgZm9yIDQwOTYtYml0IFJTQSBt b2R1bHVzIGFuZCBoaWdoZXIgb3INCiAgIGN1cnZlcyB3aXRoIGdyb3VwIG9yZGVyIG9mIDM4NC1i aXRzIGFuZCBoaWdoZXIuDQoNCjxtZ2x0Pg0KSSBiZWxpZXZlIGEgcmVmZXJlbmNlIHRvIHRoZSBz ZWN1cml0eSBjb25zaWRlcmF0aW9uICBzaG91bGQgYmUgcHJvdmlkZWQgd2l0aCBmdXJ0aGVyIGRp c2N1c3Npb25zIG9uIHRoZSBtZWFuaW5nIG9mICAiaW4gbGluZSIuICBUaGUgc2VjdXJpdHkgY29u c2lkZXJhdGlvbiBzaG91bGQgbWF5YmUgcHJvdmlkZSBhIHJlZmVyZW5jZSB0aGF0IGNvcnJlbGF0 ZXMgc3ltbWV0cmljDQotIGFzIENNUyBjYW4gYmUgdXNlZCB3aXRoIEFFUyAtLCBmYWN0b3Jpbmcg bW9kdWx1cyBFbGxpcHRpYyBjdXJ2ZXMgYW5kIGhhc2guIFRob3VnaCB0aGUgY3VycmVudCBzZWN1 cml0eSBjb25zaWRlcmF0aW9uIHJlZmVyZW5jZSBTUDgwMC03OC00IGFuZCBTUDgwMC0xMDcsIG1h eWJlIHRoZSBmb2xsb3dpbmcgb25lcyBjb3VsZCBiZSB1c2VkIGluIHRoZSBzZWN1cml0eSBjb25z aWRlcmF0aW9uLiBUaGV5IGxvb2sgbW9yZSByZWNlbnQgYnV0IEkgaGF2ZSBub3QgZGVlcGx5IGxv b2tlZCBhdCB0aG9zZS4NCg0KKiBBbGdvcml0aG1zLCBLZXkgU2l6ZSBhbmQgUHJvdG9jb2xzIFJl cG9ydCAoMjAxOCksIEgyMDIwLUlDVC0yMDE0IOKAkyBQcm9qZWN0IDY0NTQyMSwgRDUuNCwgRUNS WVBULUNTQSwgMDIvMjAxOC4gKiBSZWNvbW1lbmRhdGlvbiBmb3IgS2V5IE1hbmFnZW1lbnQsIFNw ZWNpYWwgUHVibGljYXRpb24gODAwLTU3IFBhcnQgMSBSZXYuIDQsIE5JU1QsIDAxLzIwMTYuDQoN CjwvbWdsdD4NCg0KNC4yLjEuICBSU0FTU0EtUFNTIFNpZ25hdHVyZXMNCg0KICAgVGhlIFJTQVNT QS1QU1MgYWxnb3JpdGhtIGlzIGRlZmluZWQgaW4gW1JGQzgwMTddLiAgV2hlbiBpZC1SU0FTU0Et DQogICBQU1MtU0hBS0UxMjggb3IgaWQtUlNBU1NBLVBTUy1TSEFLRTI1NiBzcGVjaWZpZWQgaW4g U2VjdGlvbiAzIGlzDQogICB1c2VkLCB0aGUgZW5jb2RpbmcgTVVTVCBvbWl0IHRoZSBwYXJhbWV0 ZXJzIGZpZWxkLiAgVGhhdCBpcywgdGhlDQogICBBbGdvcml0aG1JZGVudGlmaWVyIFNIQUxMIGJl IGEgU0VRVUVOQ0Ugb2Ygb25lIGNvbXBvbmVudCwgaWQtUlNBU1NBLQ0KICAgUFNTLVNIQUtFMTI4 IG9yIGlkLVJTQVNTQS1QU1MtU0hBS0UyNTYuICBbUkZDNDA1NV0gZGVmaW5lcyBSU0FTU0EtDQog ICBQU1MtcGFyYW1zIHRoYXQgYXJlIHVzZWQgdG8gZGVmaW5lIHRoZSBhbGdvcml0aG1zIGFuZCBp bnB1dHMgdG8gdGhlDQogICBhbGdvcml0aG0uICBUaGlzIHNwZWNpZmljYXRpb24gZG9lcyBub3Qg dXNlIHBhcmFtZXRlcnMgYmVjYXVzZSB0aGUNCiAgIGhhc2gsIG1hc2sgZ2VuZXJhdGlvbiBhbGdv cml0aG0sIHRyYWlsZXIgYW5kIHNhbHQgYXJlIGVtYmVkZGVkIGluIHRoZQ0KICAgT0lEIGRlZmlu aXRpb24uDQoNCjxtZ2x0Pg0KVGhpcyBpcyBhIHNpbWlsYXIgY29tbWVudCBhcyB0aGUgb25lIHBy b3ZpZGVkIGVhcmxpZXIuIEl0IGRvZXMgbm90IHNlZW0gdG8gbWUgdGhhdCB0aGlzIGRvY3VtZW50 ICJzcGVjaWZpZXMiIChpbiBzZWN0aW9uIDMpIGFsZ29yaXRobXMuIEl0IHNlZW1zIHRvIG1lIHRo ZXNlIGFsZ29yaXRobXMgYXJlIHByb3ZpZGVkIGZvciBjb252ZW5pZW5jZSBidXQgYXJlIHNwZWNp ZmllZCBpbiBwa2l4LXNoYWtlLg0KDQpTaW1pbGFybHksIHRoZSBhYnNlbmNlIG9mIHBhcmFtZXRl ciBkb2VzIG5vdCBzZWVtcyB0byBtZSBuZWNlc3NhcnkgaGVyZQ0KLSB1bmxlc3MgSSBhbSBtaXNz aW5nIHNvbWV0aGluZy4gSXQgc2VlbXMgdGhhdCBNVVNUIGFuZCBTSEFMTCBhcmUgYWltaW5nIGF0 IHByZXZlbnRpbmcgdGhlIE5VTEwgcGFyYW1ldGVyLCBJIGFtIHdvbmRlcmluZyBpZiB0aGVyZSBh cmUgYW55IHJlYXNvbnMgZm9yIGhhdmluZyBkaWZmZXJlbnQgdGVybXMuDQoNClRoZSBleHBsYW5h dGlvbiBtYXkgYmUgbW92ZWQgdG8gc2VjdGlvbiAzLg0KDQo8L21nbHQ+DQoNCiAgIFRoZSBoYXNo IGFsZ29yaXRobSB0byBoYXNoIGEgbWVzc2FnZSBiZWluZyBzaWduZWQgYW5kIHRoZSBoYXNoDQog ICBhbGdvcml0aG0gYXMgdGhlIG1hc2sgZ2VuZXJhdGlvbiBmdW5jdGlvbiB1c2VkIGluIFJTQVNT QS1QU1MgTVVTVCBiZQ0KICAgdGhlIHNhbWUsIFNIQUtFMTI4IG9yIFNIQUtFMjU2IHJlc3BlY3Rp dmVseS4gIFRoZSBvdXRwdXQtbGVuZ3RoIG9mDQogICB0aGUgaGFzaCBhbGdvcml0aG0gd2hpY2gg aGFzaGVzIHRoZSBtZXNzYWdlIFNIQUxMIGJlIDMyIG9yIDY0IGJ5dGVzDQogICByZXNwZWN0aXZl bHkuDQoNCjxtZ2x0Pg0KSSBzdWdnZXN0IHdlIHVzZSBieXRlcyBvciBiaXRzIGluIHRoZSBkb2N1 bWVudC4NCjwvbWdsdD4NCg0KNC4yLjIuICBFQ0RTQSBTaWduYXR1cmVzDQoNCiAgIFRoZSBFbGxp cHRpYyBDdXJ2ZSBEaWdpdGFsIFNpZ25hdHVyZSBBbGdvcml0aG0gKEVDRFNBKSBpcyBkZWZpbmVk IGluDQogICBbWDkuNjJdLiAgV2hlbiB0aGUgaWQtZWNkc2Etd2l0aC1zaGFrZTEyOCBvciBpZC1l Y2RzYS13aXRoLXNoYWtlMjU2DQogICAoc3BlY2lmaWVkIGluIFNlY3Rpb24gMykgYWxnb3JpdGht IGlkZW50aWZpZXIgYXBwZWFycywgdGhlIHJlc3BlY3RpdmUNCiAgIFNIQUtFIGZ1bmN0aW9uIGlz IHVzZWQgYXMgdGhlIGhhc2guICBUaGUgZW5jb2RpbmcgTVVTVCBvbWl0IHRoZQ0KICAgcGFyYW1l dGVycyBmaWVsZC4gIFRoYXQgaXMsIHRoZSBBbGdvcml0aG1JZGVudGlmaWVyIFNIQUxMIGJlIGEN CiAgIFNFUVVFTkNFIG9mIG9uZSBjb21wb25lbnQsIHRoZSBPSUQgaWQtZWNkc2Etd2l0aC1zaGFr ZTEyOCBvciBpZC0NCiAgIGVjZHNhLXdpdGgtc2hha2UyNTYuDQoNCjxtZ2x0Pg0Kc2FtZSBjb21t ZW50IHJlZ2FyZGluZyB0aGUgcGFyYW1ldGVyIGZpZWxkIDwvbWdsdD4NCg0KNC4zLiAgUHVibGlj IEtleXMNCg0KICAgVGhlIGlkZW50aWZpZXIgcGFyYW1ldGVycywgYXMgZXhwbGFpbmVkIGluIFNl Y3Rpb24gMywgTVVTVCBiZSBhYnNlbnQuDQo8bWdsdD4NClNhbWUgY29tbWVudCBhcyBhYm92ZS4N CjwvbWdsdD4NCjQuNC4gIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gQ29kZXMNCg0KNi4gIFNlY3Vy aXR5IENvbnNpZGVyYXRpb25zDQoNCiAgIFRoaXMgZG9jdW1lbnQgdXBkYXRlcyBbUkZDMzM3MF0u ICBUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbg0KICAgb2YgdGhhdCBkb2N1bWVu dCBhcHBsaWVzIHRvIHRoaXMgc3BlY2lmaWNhdGlvbiBhcyB3ZWxsLg0KDQogICBOSVNUIGhhcyBk ZWZpbmVkIGFwcHJvcHJpYXRlIHVzZSBvZiB0aGUgaGFzaCBmdW5jdGlvbnMgaW4gdGVybXMgb2YN CiAgIHRoZSBhbGdvcml0aG0gc3RyZW5ndGhzIGFuZCBleHBlY3RlZCB0aW1lIGZyYW1lcyBmb3Ig c2VjdXJlIHVzZSBpbg0KICAgU3BlY2lhbCBQdWJsaWNhdGlvbnMgKFNQcykgW1NQODAwLTc4LTRd IGFuZCBbU1A4MDAtMTA3XS4gIFRoZXNlDQogICBkb2N1bWVudHMgY2FuIGJlIHVzZWQgYXMgZ3Vp ZGVzIHRvIGNob29zZSBhcHByb3ByaWF0ZSBrZXkgc2l6ZXMgZm9yDQogICB2YXJpb3VzIHNlY3Vy aXR5IHNjZW5hcmlvcy4NCg0KICAgV2hlbiBtb3JlIHRoYW4gdHdvIHBhcnRpZXMgc2hhcmUgdGhl IHNhbWUgbWVzc2FnZS1hdXRoZW50aWNhdGlvbiBrZXksDQogICBkYXRhIG9yaWdpbiBhdXRoZW50 aWNhdGlvbiBpcyBub3QgcHJvdmlkZWQuICBBbnkgcGFydHkgdGhhdCBrbm93cyB0aGUNCiAgIG1l c3NhZ2UtYXV0aGVudGljYXRpb24ga2V5IGNhbiBjb21wdXRlIGEgdmFsaWQgTUFDLCB0aGVyZWZv cmUgdGhlDQogICBjb250ZW50IGNvdWxkIG9yaWdpbmF0ZSBmcm9tIGFueSBvbmUgb2YgdGhlIHBh cnRpZXMuDQoNCjxtZ2x0Pg0KSSB3b3VsZCBzdWdnZXN0IHRvIGFkZCBzb21lIGNvbnNpZGVyYXRp b25zIG9uIHJlc2lzdGFuY2Ugd2l0aCBwb3N0IHF1YW50dW0gY29tcHV0ZXJzLg0KPC9tZ2x0Pg0K DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTcGFz bSBtYWlsaW5nIGxpc3QNClNwYXNtQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NwYXNtDQo= From nobody Sat Jul 6 04:02:47 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D74D1120153 for ; Sat, 6 Jul 2019 04:02:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id si768tOu0wQ9 for ; Sat, 6 Jul 2019 04:02:43 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on061b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::61b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 929AB12009C for ; Sat, 6 Jul 2019 04:02:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3melE5Zc3vfISQMoO1nVdidkNbTxJ2+6Z3l9pWuJgVI=; b=ACTV0TekLmvyiAHvv7LLl/SxVcH5lWehefdkkk2HKez/p1vbtm7PlwiVgW4eDKwZF2f9O0cRIOQCN+6/5ZqPv0Qwj0bJzVnpfr7sd1N78S6i5KaXfAaHLzjAeocxmYYtXsc1eK0UtTpuXqWeWx3hJJTs4jDaP3ZJBmLoP+JtaM4= Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM (20.177.121.209) by DB7PR10MB2394.EURPRD10.PROD.OUTLOOK.COM (20.177.121.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Sat, 6 Jul 2019 11:02:38 +0000 Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::8159:b2d6:c196:f7]) by DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::8159:b2d6:c196:f7%3]) with mapi id 15.20.2052.019; Sat, 6 Jul 2019 11:02:38 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: "spasm@ietf.org" Thread-Topic: [lamps] Request slot for WG LAMPS meeting at IETF105 Thread-Index: AdUv6k2NPNyUORrrSwKSF9w+4uL+7QALtk0AAPRLAiA= Date: Sat, 6 Jul 2019 11:02:38 +0000 Message-ID: References: , <53E42F84-1C7C-41B1-8B75-04C6197534D0@vigilsec.com> In-Reply-To: <53E42F84-1C7C-41B1-8B75-04C6197534D0@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [109.41.192.4] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6537c46b-b25f-43bb-bb26-08d702017578 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR10MB2394; x-ms-traffictypediagnostic: DB7PR10MB2394: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 00909363D5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(376002)(396003)(366004)(136003)(45074003)(199004)(189003)(6506007)(8936002)(81156014)(236005)(66946007)(71200400001)(3846002)(6512007)(6116002)(54896002)(6246003)(81166006)(76176011)(91956017)(76116006)(2906002)(25786009)(53936002)(8676002)(33656002)(478600001)(186003)(68736007)(6486002)(229853002)(14454004)(66446008)(316002)(53546011)(6436002)(5660300002)(73956011)(26005)(102836004)(561944003)(71190400001)(2616005)(7736002)(66066001)(476003)(11346002)(36756003)(486006)(99286004)(4326008)(86362001)(256004)(66476007)(66556008)(6916009)(14444005)(64756008)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR10MB2394; H:DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: QL74UzEwH2whoavwp7/XO4EX/UcwWwz4Kr9S/5RMn4KsAxk/Ane5usagT16JdZmU1QH+H+nWkoS66CCGtVhpkheuyFebBfzjXplg47xA/KrSI7Q8W6i2S5iltBzjPblenFAUNALqa9wegy7jY7mFaxSTSaGQ07wXaUFI1XnuiqS1crfON6+CbqT5/MCupKMTDlXyRCR3+9S71MVq4wWEL7vsuAcIQbCaHF+YYjXEK8vzbrYVjRQO+bRJ4SL3jd+34xDnBnjWxUUXRGgco0FEK75acwhWpJVz/agqUGkglL6HpBd9HPuJyescFXlFWNM+sJaIjkuAaBVZupTl5y+GnrPeWTKVphEkBEBSYXF8p+pcLw7/C2obiy0DOhodlGH+9upsNWvhW6vXpsbd4y6SJvxPBVIzHFiJZSI64IbS/VY= Content-Type: multipart/alternative; boundary="_000_DF78F44BC41544E0869FDBB348ED548Dsiemenscom_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6537c46b-b25f-43bb-bb26-08d702017578 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2019 11:02:38.2793 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB2394 Archived-At: Subject: Re: [lamps] Request slot for WG LAMPS meeting at IETF105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jul 2019 11:02:46 -0000 --_000_DF78F44BC41544E0869FDBB348ED548Dsiemenscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UnVzcw0KDQpJIGFtIG5vdCBzbyBzdXJlIGhvdyBsb25nIHRoZSByZXZpZXcgcHJvY2VzcyB3aWxs IHRha2UuDQpJIHJlYWxseSBhcHByZWNpYXRlIGFueSBmZWVkYmFjayBhbmQgY29tbWVudHMsIGJ1 dCB0aGUgbW9yZSBmZWVkYmFjayB3ZSBnZXQgdGhlIGxvbmdlciBpdCB3aWxsIHRha2UgdG8gY29t cGxldGUgdGhlIEktRHMuDQpGb3IgdGhlIFVwZGF0ZXMgQ01QIEkgc3RpbGwgaG9wZSBmb3Igc3Vw cG9ydCBmcm9tIEppbS4gVGhhdCB3aWxsIGRlZmluaXRlbHkgc3BlZWQgdXAgdGhlIHByb2Nlc3Mg YXMgaGUga25vd3MgdGhlIHByb3RvY29scyB2ZXJ5IHdlbGwuDQpJIHRoaW5rIGl0IGlzIHJlYWxp c3RpYyB0byBjb21wbGV0ZSB0aGUgZG9jdW1lbnRzIGluIHRoZSBzZWNvbmQgaGFsZiBvZiAyMDIw LiBTbyB3b3VsZCBPY3RvYmVyIDIwMjAgYmUgT0s/DQpXaGF0IGRvIHlvdSB0aGluaz8NCg0KSGVu ZHJpaw0KDQpTZW5kIGZyb20gbXkgbW9iaWxlDQoNCkFtIDAxLjA3LjIwMTkgdW0gMTY6Mjcgc2No cmllYiBSdXNzIEhvdXNsZXkgPGhvdXNsZXlAdmlnaWxzZWMuY29tPG1haWx0bzpob3VzbGV5QHZp Z2lsc2VjLmNvbT4+Og0KDQpIZW5kcmlrOg0KDQpJZiB5b3Ugd2VyZSB0byBhc3N1bWUgYSBjaGFy dGVyIGFwcHJvdmFsIGluIE9jdG9iZXIsIHdoYXQgbWlsZXN0b25lcyB3b3VsZCB5b3Ugd2FudCB0 byBhcHBlYXIgaW4gdGhlIGNoYXJ0ZXI/DQoNClJ1c3MNCg0KDQpPbiBKdWwgMSwgMjAxOSwgYXQg NTowMCBBTSwgQnJvY2toYXVzLCBIZW5kcmlrIDxoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNv bTxtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+PiB3cm90ZToNCg0KUnVzcw0K DQpBcyBhbHJlYWR5IGRpc2N1c3NlZCwgSSB3b3VsZCBsaWtlIHRvIHByZXNlbnQgdGhlIGN1cnJl bnQgc3RhdHVzIG9uIHRoZSBMaWdodHdlaWdodCBDTVAgUHJvZmlsZSBhbmQgQ01QIFVwZGF0ZSBE cmFmdHMgYW5kIG9uIG91ciByZXF1ZXN0IHRvIGFkZCB0aGlzIHRvcGljIHRvIHRoZSBMQU1QUyBj aGFydGVyLg0KDQpUaGlzIGlzIG15IHByb3Bvc2FsIGZvciB0aGUgY2hhcnRlcjoNCkFzIGNlcnRp ZmljYXRlIG1hbmFnZW1lbnQgZ2V0cyBpbmNyZWFzaW5nbHkgaW1wb3J0YW50IGluIG1hbnkgZW52 aXJvbm1lbnRzLCBpdCBuZWVkcyB0byBiZSB0YWlsb3JlZCB0byB0aGUgc3BlY2lmaWMgbmVlZHMu IENNUCBhcyBleGlzdGluZyBwcm90b2NvbCBvZmZlcnMgYSB2YXN0IHJhbmdlIG9mIG9wdGlvbnMu IEFzIGl0IGlzIGFscmVhZHkgYmVpbmcgYXBwbGllZCBpbiBkaWZmZXJlbnQgaW5kdXN0cmlhbCBl bnZpcm9ubWVudHMgaXQgbmVlZHMgdG8gYmUgZW5oYW5jZWQgdG8gbW9yZSBlZmZpY2llbnRseSBz dXBwb3J0IG9mIHRoZXNlIHVzZSBjYXNlcywgY3J5cHRvIGFnaWxpdHkgYW5kIHNwZWNpZmljIGNv bW11bmljYXRpb24gcmVsYXRpb25zIG9uIHRoZSBvbmUgaGFuZCBhbmQgcHJvZmlsZWQgdG8gdGhl IG5lY2Vzc2FyeSBmdW5jdGlvbmFsaXR5IG9uIHRoZSBvdGhlciBoYW5kIHRvIGVhc2UgYXBwbGlj YXRpb24gYW5kIHRvIGJldHRlciBmYWNpbGl0YXRlIGludGVyb3BlcmFibGUgaW1wbGVtZW50YXRp b24uDQoNCkhlbmRyaWsNCg0K --_000_DF78F44BC41544E0869FDBB348ED548Dsiemenscom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGRpcj0iYXV0byI+DQpS dXNzDQo8ZGl2Pjxicj4NCjxkaXY+SSBhbSBub3Qgc28gc3VyZSBob3cgbG9uZyB0aGUgcmV2aWV3 IHByb2Nlc3Mgd2lsbCB0YWtlLjwvZGl2Pg0KPGRpdj5JIHJlYWxseSBhcHByZWNpYXRlIGFueSBm ZWVkYmFjayBhbmQgY29tbWVudHMsIGJ1dCB0aGUgbW9yZSBmZWVkYmFjayB3ZSBnZXQgdGhlIGxv bmdlciBpdCB3aWxsIHRha2UgdG8gY29tcGxldGUgdGhlIEktRHMuPC9kaXY+DQo8ZGl2PkZvciB0 aGUgVXBkYXRlcyBDTVAgSSBzdGlsbCBob3BlIGZvciBzdXBwb3J0IGZyb20gSmltLiBUaGF0IHdp bGwgZGVmaW5pdGVseSBzcGVlZCB1cCB0aGUgcHJvY2VzcyBhcyBoZSBrbm93cyB0aGUgcHJvdG9j b2xzIHZlcnkgd2VsbC48L2Rpdj4NCjxkaXY+SSB0aGluayBpdCBpcyByZWFsaXN0aWMgdG8gY29t cGxldGUgdGhlIGRvY3VtZW50cyBpbiB0aGUgc2Vjb25kIGhhbGYgb2YgMjAyMC4gU28gd291bGQg T2N0b2JlciAyMDIwIGJlIE9LPzwvZGl2Pg0KPGRpdj5XaGF0IGRvIHlvdSB0aGluaz88L2Rpdj4N CjxkaXY+PGJyPg0KPC9kaXY+DQo8ZGl2PkhlbmRyaWsmbmJzcDs8YnI+DQo8YnI+DQo8ZGl2IGlk PSJBcHBsZU1haWxTaWduYXR1cmUiIGRpcj0ibHRyIj5TZW5kIGZyb20gbXkgbW9iaWxlPC9kaXY+ DQo8ZGl2IGRpcj0ibHRyIj48YnI+DQpBbSAwMS4wNy4yMDE5IHVtIDE2OjI3IHNjaHJpZWIgUnVz cyBIb3VzbGV5ICZsdDs8YSBocmVmPSJtYWlsdG86aG91c2xleUB2aWdpbHNlYy5jb20iPmhvdXNs ZXlAdmlnaWxzZWMuY29tPC9hPiZndDs6PGJyPg0KPGJyPg0KPC9kaXY+DQo8YmxvY2txdW90ZSB0 eXBlPSJjaXRlIj4NCjxkaXYgZGlyPSJsdHIiPkhlbmRyaWs6DQo8ZGl2IGNsYXNzPSIiPjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JZiB5b3Ugd2VyZSB0byBhc3N1bWUgYSBj aGFydGVyIGFwcHJvdmFsIGluIE9jdG9iZXIsIHdoYXQgbWlsZXN0b25lcyB3b3VsZCB5b3Ugd2Fu dCB0byBhcHBlYXIgaW4gdGhlIGNoYXJ0ZXI/DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5SdXNzPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFz cz0iIj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9 IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIEp1bCAxLCAyMDE5LCBhdCA1OjAwIEFNLCBCcm9ja2hhdXMs IEhlbmRyaWsgJmx0OzxhIGhyZWY9Im1haWx0bzpoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNv bSIgY2xhc3M9IiI+aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb208L2E+Jmd0OyB3cm90ZTo8 L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNz PSIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIiBzdHlsZT0icGFnZTogV29yZFNlY3Rpb24x OyBjYXJldC1jb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250 LXNpemU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1h bDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGln bjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1z cGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0 aDogMHB4OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNt IDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu cy1zZXJpZjsiIGNsYXNzPSIiPg0KUnVzczxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2 IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5i c3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZv bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i Ij4NCjxzcGFuIGxhbmc9IkVOLVVTIiBjbGFzcz0iIj5BcyBhbHJlYWR5IGRpc2N1c3NlZCwgSSB3 b3VsZCBsaWtlIHRvIHByZXNlbnQgdGhlIGN1cnJlbnQgc3RhdHVzIG9uIHRoZSBMaWdodHdlaWdo dCBDTVAgUHJvZmlsZSBhbmQgQ01QIFVwZGF0ZSBEcmFmdHMgYW5kIG9uIG91ciByZXF1ZXN0IHRv IGFkZCB0aGlzIHRvcGljIHRvIHRoZSBMQU1QUyBjaGFydGVyLjxvOnAgY2xhc3M9IiI+PC9vOnA+ PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250 LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+ DQo8c3BhbiBsYW5nPSJFTi1VUyIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48 L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQt c2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4N CjxzcGFuIGxhbmc9IkVOLVVTIiBjbGFzcz0iIj5UaGlzIGlzIG15IHByb3Bvc2FsIGZvciB0aGUg Y2hhcnRlcjo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2Fs aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm b250LWZhbWlseTogJnF1b3Q7Q291cmllciBOZXcmcXVvdDs7IiBjbGFzcz0iIj5BcyBjZXJ0aWZp Y2F0ZSBtYW5hZ2VtZW50IGdldHMgaW5jcmVhc2luZ2x5IGltcG9ydGFudCBpbiBtYW55IGVudmly b25tZW50cywgaXQgbmVlZHMgdG8gYmUgdGFpbG9yZWQgdG8gdGhlIHNwZWNpZmljIG5lZWRzLiBD TVAgYXMgZXhpc3RpbmcgcHJvdG9jb2wgb2ZmZXJzIGEgdmFzdCByYW5nZSBvZiBvcHRpb25zLiBB cyBpdCBpcyBhbHJlYWR5DQogYmVpbmcgYXBwbGllZCBpbiBkaWZmZXJlbnQgaW5kdXN0cmlhbCBl bnZpcm9ubWVudHMgaXQgbmVlZHMgdG8gYmUgZW5oYW5jZWQgdG8gbW9yZSBlZmZpY2llbnRseSBz dXBwb3J0IG9mIHRoZXNlIHVzZSBjYXNlcywgY3J5cHRvIGFnaWxpdHkgYW5kIHNwZWNpZmljIGNv bW11bmljYXRpb24gcmVsYXRpb25zIG9uIHRoZSBvbmUgaGFuZCBhbmQgcHJvZmlsZWQgdG8gdGhl IG5lY2Vzc2FyeSBmdW5jdGlvbmFsaXR5IG9uIHRoZSBvdGhlciBoYW5kIHRvDQogZWFzZSBhcHBs aWNhdGlvbiBhbmQgdG8gYmV0dGVyIGZhY2lsaXRhdGUgaW50ZXJvcGVyYWJsZSBpbXBsZW1lbnRh dGlvbi4mbmJzcDs8L3NwYW4+PHNwYW4gbGFuZz0iRU4tVVMiIGNsYXNzPSIiPjxvOnAgY2xhc3M9 IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw MXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIg Y2xhc3M9IiI+DQo8c3BhbiBsYW5nPSJFTi1VUyIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj4mbmJz cDs8L286cD48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAx cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj bGFzcz0iIj4NCjxzcGFuIGxhbmc9IkVOLVVTIiBjbGFzcz0iIj5IZW5kcmlrPC9zcGFuPjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0K PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_DF78F44BC41544E0869FDBB348ED548Dsiemenscom_-- From nobody Sat Jul 6 14:29:56 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 282381200EF for ; Sat, 6 Jul 2019 14:29:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSsCIwpDn1Ye for ; Sat, 6 Jul 2019 14:29:52 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D0391200EB for ; Sat, 6 Jul 2019 14:29:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4A84A300B00 for ; Sat, 6 Jul 2019 17:10:34 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bhl5IwTEgzvw for ; Sat, 6 Jul 2019 17:10:32 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 4A8423005D6; Sat, 6 Jul 2019 17:10:32 -0400 (EDT) From: Russ Housley Message-Id: <4E5725B9-157C-417E-ADFD-AF240B11A1F2@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_A0DAA314-01FE-4B94-A87F-DA3EAEE6E27B" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Sat, 6 Jul 2019 17:29:48 -0400 In-Reply-To: Cc: "spasm@ietf.org" To: "Brockhaus, Hendrik" References: <53E42F84-1C7C-41B1-8B75-04C6197534D0@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Request slot for WG LAMPS meeting at IETF105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jul 2019 21:29:55 -0000 --Apple-Mail=_A0DAA314-01FE-4B94-A87F-DA3EAEE6E27B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii This is always true. You need to make a guess, then as the review = others will offer their perspective. Russ > On Jul 6, 2019, at 7:02 AM, Brockhaus, Hendrik = wrote: >=20 > Russ >=20 > I am not so sure how long the review process will take. > I really appreciate any feedback and comments, but the more feedback = we get the longer it will take to complete the I-Ds. > For the Updates CMP I still hope for support from Jim. That will = definitely speed up the process as he knows the protocols very well. > I think it is realistic to complete the documents in the second half = of 2020. So would October 2020 be OK? > What do you think? >=20 > Hendrik=20 >=20 > Send from my mobile >=20 > Am 01.07.2019 um 16:27 schrieb Russ Housley >: >=20 >> Hendrik: >>=20 >> If you were to assume a charter approval in October, what milestones = would you want to appear in the charter? >>=20 >> Russ >>=20 >>=20 >>> On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik = > = wrote: >>>=20 >>> Russ >>> =20 >>> As already discussed, I would like to present the current status on = the Lightweight CMP Profile and CMP Update Drafts and on our request to = add this topic to the LAMPS charter. >>> =20 >>> This is my proposal for the charter: >>> As certificate management gets increasingly important in many = environments, it needs to be tailored to the specific needs. CMP as = existing protocol offers a vast range of options. As it is already being = applied in different industrial environments it needs to be enhanced to = more efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable implementation.=20 >>> =20 >>> Hendrik >>=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_A0DAA314-01FE-4B94-A87F-DA3EAEE6E27B Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii This is always true.  You need to make a guess, then as the review others will offer their perspective.

Russ


On Jul 6, 2019, at 7:02 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:

Russ

I am not so sure how long the review process will take.
I really appreciate any feedback and comments, but the more feedback we get the longer it will take to complete the I-Ds.
For the Updates CMP I still hope for support from Jim. That will definitely speed up the process as he knows the protocols very well.
I think it is realistic to complete the documents in the second half of 2020. So would October 2020 be OK?
What do you think?

Hendrik 

Send from my mobile

Am 01.07.2019 um 16:27 schrieb Russ Housley <housley@vigilsec.com>:

Hendrik:

If you were to assume a charter approval in October, what milestones would you want to appear in the charter?

Russ


On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:

Russ
 
As already discussed, I would like to present the current status on the Lightweight CMP Profile and CMP Update Drafts and on our request to add this topic to the LAMPS charter.
 
This is my proposal for the charter:
As certificate management gets increasingly important in many environments, it needs to be tailored to the specific needs. CMP as existing protocol offers a vast range of options. As it is already being applied in different industrial environments it needs to be enhanced to more efficiently support of these use cases, crypto agility and specific communication relations on the one hand and profiled to the necessary functionality on the other hand to ease application and to better facilitate interoperable implementation. 
 
Hendrik

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--Apple-Mail=_A0DAA314-01FE-4B94-A87F-DA3EAEE6E27B-- From nobody Sat Jul 6 14:55:53 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7347F1200FA for ; Sat, 6 Jul 2019 14:55:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vC-AxnlO4efh for ; Sat, 6 Jul 2019 14:55:49 -0700 (PDT) Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FF491200EF for ; Sat, 6 Jul 2019 14:55:49 -0700 (PDT) Received: by mail-qk1-x731.google.com with SMTP id r6so10494463qkc.0 for ; Sat, 06 Jul 2019 14:55:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=Ts+ZR/kxnTUYu3rzk3owm+WeYsWT2qQNhVCfUhbYlmY=; b=aGCiHD5Xmqk7EWguyZxVhf96zl3dbsHLe3sx8qmrgBvk5iqYguHZdeW2YSiXC4wqIf j9N2Eol+mbo7WuEbiBItlZhQ8ZwJjYj3+5xFOX/aiKEviG4uJQ9MbxxIKCwasVVhnsXp rvs6ESkq5zgG+nlwIYCETptSdiREwMQUG2T88= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=Ts+ZR/kxnTUYu3rzk3owm+WeYsWT2qQNhVCfUhbYlmY=; b=owUeftkmXtRxM1LPXAHMgAa8A/LLBTokJXDowpdUkRKTKOH2E6zlEfl11Zdxs7hKbT ZO07FQ9AXYdhuv6vCEEYka9txqU6QJuj9R7DKRVckru1WxqwTXJ0mU9nalTxySjx9mRe aUDpwfrT5I293TyedHCwkvA/JCWkvNk2jUo8O8fulSqPaCIeiq8daQAbJY1GfpSkBxTg fGLqXiIcOE1mPi8r9gnvBWeN5o/GU5X/1NDOfMJZCnsEii2+AP1aGS4nAx5sAwekLuhh OKgw/bVnVpVAp5GenhIoN3x5+hDvVr0npptFTkbhvm+ZH4ShZ2ZmXg6DDZZV1CHzK6e6 BYVg== X-Gm-Message-State: APjAAAWhLzfzOX41TyTxvfudHBTSr46Tx7xiS1bWHf0B21Opo/FgWOi2 DGT+D0QW2b3gOB0zkRSOXy8tPe8yrdw= X-Google-Smtp-Source: APXvYqwL6ci7BYXbPIRExxxvay3mJ81rpb1IrQXNtrPXRWElR/HycflHQO+2ONzk6xYRLbGUCG+4Vw== X-Received: by 2002:a37:61c3:: with SMTP id v186mr8028761qkb.158.1562450148350; Sat, 06 Jul 2019 14:55:48 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id l63sm5450633qkb.124.2019.07.06.14.55.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 06 Jul 2019 14:55:47 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> Date: Sat, 6 Jul 2019 17:55:47 -0400 To: LAMPS WG X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jul 2019 21:55:52 -0000 Hi! Back in March I asked how the keyEncipherment and dataEncipherment bits = should be interpreted: https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y Tadahiko Ito and I have spun a draft that updates 5480 to clarify RFC = 5480=E2=80=99s stance on these two bits. In short (and this draft is = very short), this draft aims to prohibit the use of these two bits with = id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know what = you think. Oh and I forgot to include this in the draft, but there is a github = repo: https://github.com/seanturner/draft-turner-5480-ku-clarifications spt= From nobody Sat Jul 6 23:42:31 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 104021200B6 for ; Sat, 6 Jul 2019 23:42:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_0LckzxlLzq for ; Sat, 6 Jul 2019 23:42:26 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30088.outbound.protection.outlook.com [40.107.3.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0ACD12002E for ; Sat, 6 Jul 2019 23:42:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O75yqQIXCy0euP46xBXCuAsXLWAz/o6WDsLqxlPt4W8=; b=Ak2hHihjmAVLHj4HTw21GjT0adxyK4jkGk4idAWROVitDF3mlaGAbH5TDLGzcTAGlkeMH6lHxU9MQV8dGOqCYZY7+e86fm3dt5Z5F/jSpT4jxLiqpf8KmukCzF9H7cQ95c6wmA53lK7aH21yRP89WbiIlwOPInrndNlwjiOSjkA= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0SPR01MB0023.EURPRD10.PROD.OUTLOOK.COM (52.133.59.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.16; Sun, 7 Jul 2019 06:42:06 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2052.019; Sun, 7 Jul 2019 06:42:06 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: "spasm@ietf.org" Thread-Topic: [lamps] Request slot for WG LAMPS meeting at IETF105 Thread-Index: AdUv6k2NPNyUORrrSwKSF9w+4uL+7QALtk0AAPRLAiAAFedIAAATD9Jg Date: Sun, 7 Jul 2019 06:42:06 +0000 Message-ID: References: <53E42F84-1C7C-41B1-8B75-04C6197534D0@vigilsec.com> <4E5725B9-157C-417E-ADFD-AF240B11A1F2@vigilsec.com> In-Reply-To: <4E5725B9-157C-417E-ADFD-AF240B11A1F2@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [80.146.228.93] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 47a6ca58-0139-41e9-d6e5-08d702a63a9c x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0SPR01MB0023; x-ms-traffictypediagnostic: AM0SPR01MB0023: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0091C8F1EB x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(346002)(39860400002)(376002)(366004)(45074003)(199004)(189003)(52536014)(6436002)(86362001)(14444005)(256004)(6916009)(4326008)(446003)(11346002)(5660300002)(76116006)(73956011)(6506007)(53546011)(99286004)(81166006)(66946007)(66446008)(64756008)(66556008)(7696005)(76176011)(8936002)(476003)(66476007)(486006)(81156014)(8676002)(74316002)(7736002)(19627235002)(966005)(478600001)(6306002)(102836004)(14454004)(316002)(186003)(9686003)(25786009)(55016002)(54896002)(561944003)(33656002)(2906002)(236005)(606006)(66066001)(26005)(71200400001)(71190400001)(53936002)(68736007)(790700001)(3846002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0SPR01MB0023; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: CTAsnYr3vphZIuy2XdNl6JbzgUVmePabSYVwXEx5bJmqocMnyik8W1JPLlsWDnF2YcUaayMqkDMbeO6/hTCTv2MZ5sCENhYGKJ75yCTT76unxuwXqYhrcFO8ogc8dGHy4nyyL7xyMgXJrTDG2/9jb06haRuqlpAhSa6mL96+qSyGg4UpTbQZzMGHlM3nRDfvasPuCj0s12/VgfdIP8Db0c8HbxjTptAPs9LtoSoV2ndokrCjaSKLsf1AL42t09aooh3fSmWTYGBsOAjlsf0E6Kf8Nr8zVxrfze9zxJBOAI/PHIS/FTVj4GO/xwXTWej6UK7nYmpdpQJaE7ZvYg3hVCAoR6J6gDE/KdRkiGYbi410jK/oEpi669iuo7Z2B8ATHJymrt+4tY8JQe9+dQ6ScOI8CWr9KqRe9tAWt1+G9Zw= Content-Type: multipart/alternative; boundary="_000_AM0PR10MB24029C627666E216B381941AFEF70AM0PR10MB2402EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 47a6ca58-0139-41e9-d6e5-08d702a63a9c X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2019 06:42:06.5809 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0SPR01MB0023 Archived-At: Subject: Re: [lamps] Request slot for WG LAMPS meeting at IETF105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 06:42:30 -0000 --_000_AM0PR10MB24029C627666E216B381941AFEF70AM0PR10MB2402EURP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I feel quite comfortable to get the documents complete by March. So includi= ng review by others October 2020 as a milestone would be OK to me. If you would prefer a milestone before 10.2020 please let me know. Then I w= ould try to speed up the process. Hendrik Von: Russ Housley Gesendet: Samstag, 6. Juli 2019 23:30 An: Brockhaus, Hendrik (CT RDA CST SEA-DE) Cc: spasm@ietf.org Betreff: Re: [lamps] Request slot for WG LAMPS meeting at IETF105 This is always true. You need to make a guess, then as the review others w= ill offer their perspective. Russ On Jul 6, 2019, at 7:02 AM, Brockhaus, Hendrik > wrote: Russ I am not so sure how long the review process will take. I really appreciate any feedback and comments, but the more feedback we get= the longer it will take to complete the I-Ds. For the Updates CMP I still hope for support from Jim. That will definitely= speed up the process as he knows the protocols very well. I think it is realistic to complete the documents in the second half of 202= 0. So would October 2020 be OK? What do you think? Hendrik Send from my mobile Am 01.07.2019 um 16:27 schrieb Russ Housley >: Hendrik: If you were to assume a charter approval in October, what milestones would = you want to appear in the charter? Russ On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik > wrote: Russ As already discussed, I would like to present the current status on the Lig= htweight CMP Profile and CMP Update Drafts and on our request to add this t= opic to the LAMPS charter. This is my proposal for the charter: As certificate management gets increasingly important in many environments,= it needs to be tailored to the specific needs. CMP as existing protocol of= fers a vast range of options. As it is already being applied in different i= ndustrial environments it needs to be enhanced to more efficiently support = of these use cases, crypto agility and specific communication relations on = the one hand and profiled to the necessary functionality on the other hand = to ease application and to better facilitate interoperable implementation. Hendrik _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm --_000_AM0PR10MB24029C627666E216B381941AFEF70AM0PR10MB2402EURP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I feel quite comfortable to get the documents complete by March. So i= ncluding review by others October 2020 as a milestone would be OK to me.

If you would prefer a milestone before 10.2020 please let me know. Th= en I would try to speed up the process.

 

Hendrik

 

Von: Russ Housley <housley@vigilsec.com>= ;
Gesendet: Samstag, 6. Juli 2019 23:30
An: Brockhaus, Hendrik (CT RDA CST SEA-DE) <hendrik.brockhaus@sie= mens.com>
Cc: spasm@ietf.org
Betreff: Re: [lamps] Request slot for WG LAMPS meeting at IETF105

 

This is always true.  You need to make a guess,= then as the review others will offer their perspective.

 

Russ

 



On Jul 6, 2019, at 7:02 AM, Brockhaus, Hendrik <<= a href=3D"mailto:hendrik.brockhaus@siemens.com">hendrik.brockhaus@siemens.c= om> wrote:

 

Russ

 

I am not so sure how long the review process will ta= ke.

I really appreciate any feedback and comments, but t= he more feedback we get the longer it will take to complete the I-Ds.<= /o:p>

For the Updates CMP I still hope for support from Ji= m. That will definitely speed up the process as he knows the protocols very= well.

I think it is realistic to complete the documents in= the second half of 2020. So would October 2020 be OK?

What do you think?

 

Hendrik 

Send from my mobile


Am 01.07.2019 um 16:27 schrieb Russ Housley <housley@vigilsec.com>:

Hendrik:

 

If you were to assume a charter approval in October,= what milestones would you want to appear in the charter?

 

Russ

 



On Jul 1, 2019, at 5:00 AM, Brockhaus, Hendrik <<= a href=3D"mailto:hendrik.brockhaus@siemens.com">hendrik.brockhaus@siemens.c= om> wrote:

 

Russ

 

As already discussed, I would l= ike to present the current status on the Lightweight CMP Profile and CMP Up= date Drafts and on our request to add this topic to the LAMPS charter.

 

This is my proposal for the cha= rter:

As certificate management gets increasingly important in man= y environments, it needs to be tailored to the specific needs. CMP as exist= ing protocol offers a vast range of options. As it is already being applied in different industrial environments it needs = to be enhanced to more efficiently support of these use cases, crypto agili= ty and specific communication relations on the one hand and profiled to the= necessary functionality on the other hand to ease application and to better facilitate interoperable impl= ementation. 

 

Hendrik

 

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.or= g/mailman/listinfo/spasm

 

--_000_AM0PR10MB24029C627666E216B381941AFEF70AM0PR10MB2402EURP_-- From nobody Sun Jul 7 08:02:03 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56F31120048 for ; Sun, 7 Jul 2019 08:02:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84fJvK_u_cJp for ; Sun, 7 Jul 2019 08:02:00 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3549912001E for ; Sun, 7 Jul 2019 08:02:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E6CB130065E for ; Sun, 7 Jul 2019 10:42:41 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mgIlJyPn8ppp for ; Sun, 7 Jul 2019 10:42:40 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 99738300AFA; Sun, 7 Jul 2019 10:42:40 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> Date: Sun, 7 Jul 2019 11:01:56 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> To: Sean Turner X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 15:02:03 -0000 Sean: I would like to see this document published. The Abstract says: This document corrects this omission, but updating Section 3 of = {{RFC5480}} to include semantics for these two key usages. However, the document really makes it clear that these must not be set = for key agreement algorithms. Russ > On Jul 6, 2019, at 5:55 PM, Sean Turner wrote: >=20 > Hi! >=20 > Back in March I asked how the keyEncipherment and dataEncipherment = bits should be interpreted: > = https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y > Tadahiko Ito and I have spun a draft that updates 5480 to clarify RFC = 5480=E2=80=99s stance on these two bits. In short (and this draft is = very short), this draft aims to prohibit the use of these two bits with = id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know what = you think. >=20 > Oh and I forgot to include this in the draft, but there is a github = repo: > https://github.com/seanturner/draft-turner-5480-ku-clarifications >=20 > spt > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Sun Jul 7 15:23:03 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98DC41201F8 for ; Sun, 7 Jul 2019 15:22:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-ufJJ_sJwf7 for ; Sun, 7 Jul 2019 15:22:40 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EAC11201CA for ; Sun, 7 Jul 2019 15:22:39 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 74FAD3818F; Sun, 7 Jul 2019 18:20:38 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 238AC9E2; Sun, 7 Jul 2019 18:22:38 -0400 (EDT) From: Michael Richardson To: Sean Turner cc: LAMPS WG In-Reply-To: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 22:23:02 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sean Turner wrote: > Back in March I asked how the keyEncipherment and dataEncipherment bi= ts should be interpreted: > https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B= 0Y > Tadahiko Ito and I have spun a draft that updates 5480 to clarify RFC > 5480=E2=80=99s stance on these two bits. In short (and this draft is= very > short), this draft aims to prohibit the use of these two bits with > id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know > what you think. So, would this mean not doing ECIES? =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl0icK0ACgkQgItw+93Q 3WX+jwgAv0K0DxkvdnKkJcDQWZX8we+4iD20OLpaE3a3Ilyfwp4SjdSASxncuDBe /zXst69VddKV4HMQaUOUNlfkoTO6jgqjLHtAcezDwhu5O2LtUX5P3wfbQ6b71Ljq B6usXUY2cMzcqK6dQ+VIyBHwMq6EQhFfKbRuujlKgVWOwACSyFEKCluyoUUmpie3 gEHAzwyMVnwbjVBCZsHceSYhs9QIlBMbAN1qhS0lPtAYWOFVzxpceq50JT9aW7VZ lrnlajJPkkmVqGfhqwV5/Fph5YUhj2cG2z7KbRTZMa7YCK5two/HI0zkAAIV9L2H pFDLJkIYVkwNwpiIDvpz+08v20XDJQ== =KjaO -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Jul 7 18:22:27 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB221200D5 for ; Sun, 7 Jul 2019 18:22:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.704 X-Spam-Level: X-Spam-Status: No, score=-0.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfhoG1-7vZ2Q for ; Sun, 7 Jul 2019 18:22:25 -0700 (PDT) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1551200B7 for ; Sun, 7 Jul 2019 18:22:25 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id s22so12037213qkj.12 for ; Sun, 07 Jul 2019 18:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hvxF1QJSPsiFYT8OJDpZoZBb/3VH9S2E1PP7bOk6Lao=; b=gB4/s6RMSk54ozc3ZNEN57kEJI2cX+McPT2Bpf6UB2JbSPluopfTF9WqMfAntkAzYi v4F54XBTEyECVy5LTSgQpzhqCcK6DeeAw4TO7Q1A0rM05iP7YuOVWL/i0Wg7rvZBC8PA 19CFIArQlp/DrLJRojOSKDsOVSBP8CCOVDpM0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hvxF1QJSPsiFYT8OJDpZoZBb/3VH9S2E1PP7bOk6Lao=; b=majfOFPisqy0lRNE7YrBcu0d9NSgcXQ2/PXA7iiWIUfbLGhHcQrQbRqAvMmWyNmtbN mMB1NxWyELqWiO6VAI++fOAF6dmFLvIUyvXaO9oZ3ynTaRfwKDQJJuqaGxLuMjUhkhlC /m0TrGqI+BDCuSLlPpH4xw7RDlW8mtz++W2x2enrJxM/QEP3DIfOoVlhZvwgm0MlDI9W WW+SHoz17S32rHJqmk5u5RbM1lyIpV3c2N8a45OhKcLsgIfHP2PLi4ukEF3DAUbF3YmR ba/8RsWZ0Pj2LqL/YVhIe2rjeeZ1uHzYoz0oIAVCJ8tsVn6xcB4WGxT4v7i75QS+ID83 bX7Q== X-Gm-Message-State: APjAAAW3Ai1qvrAc0IKFSShfTByqranb/yHgaE9DjCneU4r77TPhzv+6 6e2Q9x2clY62WFdp1u7qmtWicCtsDic= X-Google-Smtp-Source: APXvYqyKWC/MoGKiyIQfPthZ7WDx3+mNCKbT/Bjtlzn6lDeLVyygMOQIDD89InvIY0jytb6KAyYIYQ== X-Received: by 2002:a37:7844:: with SMTP id t65mr12608394qkc.166.1562548944042; Sun, 07 Jul 2019 18:22:24 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id r5sm7169495qkc.42.2019.07.07.18.22.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 Jul 2019 18:22:23 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Sean Turner In-Reply-To: <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> Date: Sun, 7 Jul 2019 21:22:21 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> To: Russ Housley X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 01:22:27 -0000 In my haste to not do this at the last minute, I forgot to include a = link to the I-D :) https://datatracker.ietf.org/doc/draft-turner-5480-ku-clarifications/ Russ - can you clarify your comment? That sentence is in the = Introduction. spt > On Jul 7, 2019, at 11:01, Russ Housley wrote: >=20 > Sean: >=20 > I would like to see this document published. >=20 > The Abstract says: >=20 > This document corrects this omission, but updating Section 3 of = {{RFC5480}} to include semantics for these two key usages. >=20 > However, the document really makes it clear that these must not be set = for key agreement algorithms. >=20 > Russ >=20 >=20 >=20 >> On Jul 6, 2019, at 5:55 PM, Sean Turner wrote: >>=20 >> Hi! >>=20 >> Back in March I asked how the keyEncipherment and dataEncipherment = bits should be interpreted: >> = https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y >> Tadahiko Ito and I have spun a draft that updates 5480 to clarify RFC = 5480=E2=80=99s stance on these two bits. In short (and this draft is = very short), this draft aims to prohibit the use of these two bits with = id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know what = you think. >>=20 >> Oh and I forgot to include this in the draft, but there is a github = repo: >> https://github.com/seanturner/draft-turner-5480-ku-clarifications >>=20 >> spt >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 From nobody Mon Jul 8 07:04:26 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75A3F120265 for ; Mon, 8 Jul 2019 07:04:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hyG2cQqOUTYP for ; Mon, 8 Jul 2019 07:04:13 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C48ED120255 for ; Mon, 8 Jul 2019 07:04:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 53F32300AEA for ; Mon, 8 Jul 2019 09:44:54 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NoNMxWDrsh54 for ; Mon, 8 Jul 2019 09:44:52 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 8A2BF3009FF; Mon, 8 Jul 2019 09:44:52 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> Date: Mon, 8 Jul 2019 10:04:09 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <89CB0F20-ED6E-414B-B451-5C2C87B4DD2D@vigilsec.com> References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> To: Sean Turner X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 14:04:25 -0000 OLD: This document corrects this omission, but updating Section 3 of [RFC5480] to include semantics for these two key usages. NEW: This document corrects this omission, by updating Section 3 of [RFC5480] to make it clear that neither keyEncipherment nor the dataEncipherment key usage bits are set for key agreement algorithms. > On Jul 7, 2019, at 9:22 PM, Sean Turner wrote: >=20 > In my haste to not do this at the last minute, I forgot to include a = link to the I-D :) > https://datatracker.ietf.org/doc/draft-turner-5480-ku-clarifications/ >=20 > Russ - can you clarify your comment? That sentence is in the = Introduction. >=20 > spt >=20 >> On Jul 7, 2019, at 11:01, Russ Housley wrote: >>=20 >> Sean: >>=20 >> I would like to see this document published. >>=20 >> The Abstract says: >>=20 >> This document corrects this omission, but updating Section 3 of = {{RFC5480}} to include semantics for these two key usages. >>=20 >> However, the document really makes it clear that these must not be = set for key agreement algorithms. >>=20 >> Russ >>=20 >>=20 >>=20 >>> On Jul 6, 2019, at 5:55 PM, Sean Turner wrote: >>>=20 >>> Hi! >>>=20 >>> Back in March I asked how the keyEncipherment and dataEncipherment = bits should be interpreted: >>> = https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y >>> Tadahiko Ito and I have spun a draft that updates 5480 to clarify = RFC 5480=E2=80=99s stance on these two bits. In short (and this draft = is very short), this draft aims to prohibit the use of these two bits = with id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know = what you think. >>>=20 >>> Oh and I forgot to include this in the draft, but there is a github = repo: >>> https://github.com/seanturner/draft-turner-5480-ku-clarifications >>>=20 >>> spt >>> _______________________________________________ >>> Spasm mailing list >>> Spasm@ietf.org >>> https://www.ietf.org/mailman/listinfo/spasm >>=20 >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Mon Jul 8 07:31:18 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B96CF12027F; Mon, 8 Jul 2019 07:31:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.98.3 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156259626164.777.15150017361840277154@ietfa.amsl.com> Date: Mon, 08 Jul 2019 07:31:01 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-header-protection-requirements-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 14:31:10 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Problem Statement and Requirements for Header Protection Authors : Alexey Melnikov Bernie Hoeneisen Filename : draft-ietf-lamps-header-protection-requirements-00.txt Pages : 20 Date : 2019-07-08 Abstract: Privacy and security issues with email header protection in S/MIME have been identified for some time. However, the desire to fix these issue has been expressed in the IETF LAMPS Working Group only recently. The existing S/MIME specification is likely to be updated regarding header protection. Several LAMPS WG participants expressed the opinion that whatever mechanism will be chosen, it should not be limited to S/MIME, but also applicable to PGP/MIME. This document describes the problem statement, generic use cases, and requirements. Additionally it drafts possible solutions to address the challenge. Finally some best practices are collected. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection-requirements/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-header-protection-requirements-00 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-header-protection-requirements-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jul 8 08:16:47 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4367120285 for ; Mon, 8 Jul 2019 08:16:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4MbgFtDjfObS for ; Mon, 8 Jul 2019 08:16:36 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFB4912022B for ; Mon, 8 Jul 2019 08:16:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A8017300AEA for ; Mon, 8 Jul 2019 10:57:18 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id IvOjDm61IBAf for ; Mon, 8 Jul 2019 10:57:17 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 90F213002C1 for ; Mon, 8 Jul 2019 10:57:17 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <94B3A9EA-D74B-4CCA-9938-5EBCF84C6921@vigilsec.com> Date: Mon, 8 Jul 2019 11:16:34 -0400 To: LAMPS WG X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: [lamps] DRAFT LAMPS WG Agenda for IETF 105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 15:16:46 -0000 DRAFT LAMPS WG Agenda at IETF 105 in Montreal, CA 0) Minute Taker, Jabber Scribe, Bluesheets 1) Agenda Bash 2) Documents with the RFC Editor and IESG a) draft-ietf-lamps-rfc6844bis (Jacob and Phillip) b) draft-ietf-lamps-hash-of-root-key-cert-extn (Russ) c) draft-ietf-lamps-pkix-shake (Panos, Quynh) d) draft-ietf-lamps-cms-shakes (Quynh, Panos) e) draft-ietf-lamps-cms-hash-sig (Russ) f) draft-ietf-lamps-cms-mix-with-psk (Russ) 3) Active Working Group Documents a) draft-ietf-lamps-header-protection-requirements (Alexey, Bernie) 4) Documents related to the proposed re-charter a) draft-brockhaus-lamps-lightweight-cmp-profile (Hendrik) 5) Other Business (if time allows) a) draft-turner-5480-ku-clarifications (Sean) 6) Wrap Up From nobody Mon Jul 8 08:48:28 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20FE712015A for ; Mon, 8 Jul 2019 08:48:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.107 X-Spam-Level: X-Spam-Status: No, score=-0.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.247, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGkM0liZV_BC for ; Mon, 8 Jul 2019 08:48:23 -0700 (PDT) Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 131281200A4 for ; Mon, 8 Jul 2019 08:48:23 -0700 (PDT) Received: by mail-ed1-f47.google.com with SMTP id s49so15033276edb.1 for ; Mon, 08 Jul 2019 08:48:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lAHHEBxM3VqxmrbiSDIxc12c0nzKktjXsQJWSaQJixw=; b=qgByrwuPxmDGpGENmdqksdmo1uSnkw5/VT0JSzhplOEpWXq/Jay1pbIR1X8mqOmEdE 76wcqOHeHdalVLosyD6FZeJHpJAkn4wUAe2QM8r7wikNQoHse8rya2ObSw2ynnQnNe4a KtdZ66Y7RmrBtHLRuhikxXsqP+ZztRDPk6w01OGh8Tzo67NAY2uLQNALR0o+cwb70ncr zF50lkaYGaT72tYwqVudscZBQXMkpFzciAEbacyoa1xKOvVF8HhhdLI63TDIZmyUvA1/ d09TyRE6zCdYsdTjZcXUuQuXV6ztQgjjVChIu9lmoDnjy+EcBtyRTxPtniDgVd+DY+Ng +dpA== X-Gm-Message-State: APjAAAVZAZF5BjgnzKYZrzcBA2ZTEwJqwV6pN+209BsWxCC0BIJzGmbM wUlzyRNzeNtNvyxVP4Q/ryia/13y X-Google-Smtp-Source: APXvYqxuuPIiuuororz41yxQA1Uj7WaglmtARXfnY+hxtM/QqTWtmPDixYTDgE1xrTHAAvEW88SHyg== X-Received: by 2002:a17:906:944f:: with SMTP id z15mr17340838ejx.137.1562600900478; Mon, 08 Jul 2019 08:48:20 -0700 (PDT) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com. [209.85.128.54]) by smtp.gmail.com with ESMTPSA id n15sm5540003edd.49.2019.07.08.08.48.19 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jul 2019 08:48:20 -0700 (PDT) Received: by mail-wm1-f54.google.com with SMTP id l2so28853wmg.0 for ; Mon, 08 Jul 2019 08:48:19 -0700 (PDT) X-Received: by 2002:a7b:c34b:: with SMTP id l11mr17731322wmj.69.1562600899810; Mon, 08 Jul 2019 08:48:19 -0700 (PDT) MIME-Version: 1.0 References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> In-Reply-To: <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> From: Ryan Sleevi Date: Mon, 8 Jul 2019 11:48:08 -0400 X-Gmail-Original-Message-ID: Message-ID: To: Sean Turner Cc: Russ Housley , LAMPS WG Content-Type: multipart/alternative; boundary="0000000000008f2305058d2d5f48" Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 15:48:26 -0000 --0000000000008f2305058d2d5f48 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks for the two of you in writing this update. As this is an area that has caused some ambiguity for CAs that participate in Google and Mozilla's CA programs, I appreciate the proposed clarifications and agree with the text, so it would be great to see this document adopted and published. On Sun, Jul 7, 2019 at 9:22 PM Sean Turner wrote: > In my haste to not do this at the last minute, I forgot to include a link > to the I-D :) > https://datatracker.ietf.org/doc/draft-turner-5480-ku-clarifications/ > > Russ - can you clarify your comment? That sentence is in the Introduction= . > > spt > > > On Jul 7, 2019, at 11:01, Russ Housley wrote: > > > > Sean: > > > > I would like to see this document published. > > > > The Abstract says: > > > > This document corrects this omission, but updating Section 3 of > {{RFC5480}} to include semantics for these two key usages. > > > > However, the document really makes it clear that these must not be set > for key agreement algorithms. > > > > Russ > > > > > > > >> On Jul 6, 2019, at 5:55 PM, Sean Turner wrote: > >> > >> Hi! > >> > >> Back in March I asked how the keyEncipherment and dataEncipherment bit= s > should be interpreted: > >> https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0= Y > >> Tadahiko Ito and I have spun a draft that updates 5480 to clarify RFC > 5480=E2=80=99s stance on these two bits. In short (and this draft is ver= y short), > this draft aims to prohibit the use of these two bits with id-ecPublicKey > as well as id-ecDH and id-ecMQV. Please let us know what you think. > >> > >> Oh and I forgot to include this in the draft, but there is a github > repo: > >> https://github.com/seanturner/draft-turner-5480-ku-clarifications > >> > >> spt > >> _______________________________________________ > >> Spasm mailing list > >> Spasm@ietf.org > >> https://www.ietf.org/mailman/listinfo/spasm > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --0000000000008f2305058d2d5f48 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks for the two of you in writing this update. As this = is an area that has caused some ambiguity for CAs that participate in Googl= e and Mozilla's CA programs, I appreciate the proposed clarifications a= nd agree with the text, so it would be great to see this document adopted a= nd published.

On Sun, Jul 7, 2019 at 9:22 PM Sean Turner <sean@sn3rd.com> wrote:
In my haste to not do this at the last min= ute, I forgot to include a link to the I-D :)
https://datatracker.ietf.org/do= c/draft-turner-5480-ku-clarifications/

Russ - can you clarify your comment? That sentence is in the Introduction.<= br>
spt

> On Jul 7, 2019, at 11:01, Russ Housley <housley@vigilsec.com> wrote:
>
> Sean:
>
> I would like to see this document published.
>
> The Abstract says:
>
>=C2=A0 =C2=A0This document corrects this omission, but updating Section= 3 of {{RFC5480}} to include semantics for these two key usages.
>
> However, the document really makes it clear that these must not be set= for key agreement algorithms.
>
> Russ
>
>
>
>> On Jul 6, 2019, at 5:55 PM, Sean Turner <sean@sn3rd.com> wrote:
>>
>> Hi!
>>
>> Back in March I asked how the keyEncipherment and dataEncipherment= bits should be interpreted:
>> https://mailarchive.= ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y
>> Tadahiko Ito and I have spun a draft that updates 5480 to clarify = RFC 5480=E2=80=99s stance on these two bits.=C2=A0 In short (and this draft= is very short), this draft aims to prohibit the use of these two bits with= id-ecPublicKey as well as id-ecDH and id-ecMQV.=C2=A0 Please let us know w= hat you think.
>>
>> Oh and I forgot to include this in the draft, but there is a githu= b repo:
>> https://github.com/seantur= ner/draft-turner-5480-ku-clarifications
>>
>> spt
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org=
>> https://www.ietf.org/mailman/listinfo/spasm<= br> >

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--0000000000008f2305058d2d5f48-- From nobody Mon Jul 8 09:47:46 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C4F1202C9 for ; Mon, 8 Jul 2019 09:47:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h15CP03nwqW7 for ; Mon, 8 Jul 2019 09:47:40 -0700 (PDT) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 363FE1202BD for ; Mon, 8 Jul 2019 09:47:40 -0700 (PDT) Received: by mail-io1-xd36.google.com with SMTP id f4so21261069ioh.6 for ; Mon, 08 Jul 2019 09:47:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=3wVniT05JdjIZI30tpQR3sN7xnLNEvAjUZy4RSYhqFg=; b=hUBXEXJFuevz0WYClR90iNiGKmLi9iKYFNd2SSu6EZJkmlqwnwjPVzBT2kmz0+UjYW Z/s7fz52ypHbwAH8maUuXxw7yrj+G6Dp5h4h43IOM5RpfoDyS/Q6uMtyZ6zxbIeElVKD vd4q5JB5N9UqJZCsmSUwC7SlbMqyBFEmhxmOogkchSbvRZfpjPMbWHzlA+RNsD4xio6I T/aIKMRLyOFdc4pR8oJZ8xUilyjSiZNwDq0gku10oLqd0NV469Pkc7aP0O5ZKxGUgV8D jcMtx3G24fA2hOLi5JtyBSBsHGOj0mHXRWtBT+uvuutZ720waR3vrXgrHIUbxTKMQFnm Wu+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=3wVniT05JdjIZI30tpQR3sN7xnLNEvAjUZy4RSYhqFg=; b=PEtJrChP9iU1OzYuc+GmbC9CMqnuwVyM4nB+9rAevFLXRRXPDEaJRwqz4CLakvDlof ZsTxKvZ3mbEzWXqatXqWSokAQY1p8B/LwRRpB9Isq/pgJGcund1/B9QTlGIDMS7Ui0rr D7MenZ+EW9eA2WYI66pBMx1KzaYSyO+PP5upDl9Z0OGdspyXTE7ssNYK+bs28XGgUlRl GEdNdFXGD+oXww3cV+m2/GsfYNB2mdIin5BQNQPpd30eewmjnMa1SuDAfro6rAI2Q/aV oxJCq0UsYmE3dQkyj+G7hy3AcarZfJ7oVGJdGFT9VFUnOjjFT2/7UwEmsh6eVbCunnHx 3OmA== X-Gm-Message-State: APjAAAXZYnHTs0TcSCBncACr49ebcCXnsaRT4jgdN4T9IEdOWancklSf YiyajfRDGgQLHfaQ3dhOQZ3qaIk+cIOVubSO+rcV3v64 X-Google-Smtp-Source: APXvYqxQpw5Q6v5/yMg7/1dk78sWpd/r2/2zOSQAm4mAqqyM6vSi4sWKCLGpn1VI3dyoOQ0jAbCI3cf462Jsv9C94qM= X-Received: by 2002:a05:6638:627:: with SMTP id h7mr22954139jar.33.1562604459362; Mon, 08 Jul 2019 09:47:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Tadahiko Ito Date: Tue, 9 Jul 2019 01:47:28 +0900 Message-ID: To: spasm@ietf.org Content-Type: multipart/alternative; boundary="000000000000b98e51058d2e3344" Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 16:47:45 -0000 --000000000000b98e51058d2e3344 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Michael >>So, would this mean not doing ECIES? We are just clarifying, so we do not describe about ECIES. However, We do not block the chance for the ECIES come in. that is why we describe as "id-ecPublicKey as algorithm of AlgorithmIdentifier {{!RFC2986}} in SubjectPublicKeyInfo". #ECIES also need information for KDF and optional metadata, so above description would not be applicable (not enough) for ECIES. therefore, even if you want to publish document for ECIES, this document would not block that. Regards Tadahiko Ito > From: Michael Richardson > To: Sean Turner > Cc: LAMPS WG > Bcc: > Date: Sun, 07 Jul 2019 18:22:38 -0400 > Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) > > Sean Turner wrote: > > Back in March I asked how the keyEncipherment and dataEncipherment > bits should be interpreted: > > > https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y > > > Tadahiko Ito and I have spun a draft that updates 5480 to clarify R= FC > > 5480=E2=80=99s stance on these two bits. In short (and this draft = is very > > short), this draft aims to prohibit the use of these two bits with > > id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know > > what you think. > > So, would this mean not doing ECIES? > > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- > > > --000000000000b98e51058d2e3344 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Michael

>>So, wo= uld this mean not doing ECIES?
We are just clarifying, so we do n= ot describe about ECIES.

However, We do not block = the chance for the ECIES come in.=C2=A0
that is why we describe = =C2=A0as =C2=A0"id-ecPublicKey as algorithm of AlgorithmIdentifier= {{!RFC2986}} in SubjectPublicKeyInfo".

#ECIES also need information for KDF and optional metadata, so above desc= ription would not be applicable (not enough) for ECIES.=C2=A0
therefore, even if you want to publish document for ECIES, this= document would not block that.

Regards Tadahiko I= to
=C2=A0
From:=C2=A0Michael Richardson <= ;mcr+ietf@sand= elman.ca>
To:=C2=A0Sean Turner <sean@sn3rd.com>
Cc:=C2=A0LAMPS WG <spasm@ietf.org>
Bc= c:=C2=A0
Date:=C2=A0Sun, 07 Jul 2019 18:22:38 -0400
Subject:=C2=A0Re:= [lamps] Clarifications for ECC SPKI (aka RFC 5480)

Sean Turner <sean@sn= 3rd.com> wrote:
=C2=A0 =C2=A0 > Back in March I asked how the keyEncipherment and dataEn= cipherment bits should be interpreted:
=C2=A0 =C2=A0 > https://ma= ilarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y

=C2=A0 =C2=A0 > Tadahiko Ito and I have spun a draft that updates 5480 t= o clarify RFC
=C2=A0 =C2=A0 > 5480=E2=80=99s stance on these two bits.=C2=A0 In short = (and this draft is very
=C2=A0 =C2=A0 > short), this draft aims to prohibit the use of these two= bits with
=C2=A0 =C2=A0 > id-ecPublicKey as well as id-ecDH and id-ecMQV.=C2=A0 Pl= ease let us know
=C2=A0 =C2=A0 > what you think.

So, would this mean not doing ECIES?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-


--000000000000b98e51058d2e3344-- From nobody Mon Jul 8 10:27:42 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6671203B7 for ; Mon, 8 Jul 2019 10:27:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l-R_L3gR6mPf for ; Mon, 8 Jul 2019 10:27:31 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B4B21203D5 for ; Mon, 8 Jul 2019 10:27:15 -0700 (PDT) Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x68HR2W5005032; Mon, 8 Jul 2019 18:27:15 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=VE4D8q22rIyFUcdG11rYx72h+Y2DUMnK9ILeVL35UfY=; b=KfYancnOFO5WRSGn3ayeUvV8Db4N085Y/oiCOvQeJB516gRDl/ZbAGNnHpPipZQyPg/C yxqz3ChcfKA35GXmE9JwMYMS+Zpe4zSEN5s6UrU8U+VEnFNZ/qTZkHoPKCtt3EgnkCM7 ZHPvKFkbMX80/L2KKFCbLhSbyiHr7+0fh6f9wbfHCw36mIiJSBtpM/qE2wK0JzaspRdt gzS0XWUQWlg3CG0NZ6/fRIn6lOS/mhEGahtRTTfYRBQQ5IcIw7bUZPwu1EJK9y33r6Tw HU+V8DxFXp2F1Z9arRhDeTqKLd4hg5I41WzJDtfVL7fkTUnFAwLqYMvRAalDxN03vNso qw== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 2tjk631k5x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 08 Jul 2019 18:27:14 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x68HHXKp008933; Mon, 8 Jul 2019 13:27:13 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint2.akamai.com with ESMTP id 2tjpyw2ern-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 08 Jul 2019 13:27:12 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Jul 2019 13:27:08 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.004; Mon, 8 Jul 2019 13:27:08 -0400 From: "Salz, Rich" To: Sean Turner , LAMPS WG Thread-Topic: [lamps] Clarifications for ECC SPKI (aka RFC 5480) Thread-Index: AQHVNEWb4CWVbdCuAUynt1nZHlNwyKbA/DEA Date: Mon, 8 Jul 2019 17:27:08 +0000 Message-ID: References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> In-Reply-To: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1a.0.190609 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.36.2] Content-Type: text/plain; charset="utf-8" Content-ID: <6DB292623DF80345939480124AD58A5F@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-08_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=624 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907080213 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-08_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=680 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907080215 Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 17:27:41 -0000 PiBQbGVhc2UgbGV0IHVzIGtub3cgd2hhdCB5b3UgdGhpbmsuDQogIA0KU2hpcCBpdC4NCg0KDQo= From nobody Mon Jul 8 12:37:23 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32107120173 for ; Mon, 8 Jul 2019 12:37:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acupL8_v7whj for ; Mon, 8 Jul 2019 12:37:18 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C0C41200F6 for ; Mon, 8 Jul 2019 12:37:18 -0700 (PDT) IronPort-SDR: ZNIhKzf9iZfws6p98jnTcKGj66cvB9owYHCWE00rdkKXAUHo6wXtmeAvz2uDCUcAEbOJn1IfFq NWMZsHBKtAIg== X-IronPort-AV: E=Sophos;i="5.63,466,1557205200"; d="scan'208";a="43027160" Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 08 Jul 2019 14:37:17 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Jul 2019 14:37:16 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1473.003; Mon, 8 Jul 2019 14:37:16 -0500 From: Mike Ounsworth To: Russ Housley , LAMPS WG CC: Tim Hollebeek Thread-Topic: [EXTERNAL][lamps] DRAFT LAMPS WG Agenda for IETF 105 Thread-Index: AQHVNaBQDJle4HPshEmd6ZH3Y7DxIqbBHOzQ Date: Mon, 8 Jul 2019 19:37:16 +0000 Message-ID: <307ed052768e42ec8ce470a869de5ccc@PMSPEX05.corporate.datacard.com> References: <94B3A9EA-D74B-4CCA-9938-5EBCF84C6921@vigilsec.com> In-Reply-To: <94B3A9EA-D74B-4CCA-9938-5EBCF84C6921@vigilsec.com> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.207.5] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] [EXTERNAL] DRAFT LAMPS WG Agenda for IETF 105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jul 2019 19:37:22 -0000 Hi Russ, Can we add to the "If time allows" to talk about composite signatures? https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ (I tried to request a slot in my email last week, but I'm afraid I was far = too subtle) - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Spasm On Behalf Of Russ Housley Sent: Monday, July 8, 2019 10:17 AM To: LAMPS WG Subject: [EXTERNAL][lamps] DRAFT LAMPS WG Agenda for IETF 105 WARNING: This email originated outside of Entrust Datacard. DO NOT CLICK links or attachments unless you trust the sender and know the = content is safe. DRAFT LAMPS WG Agenda at IETF 105 in Montreal, CA 0) Minute Taker, Jabber Scribe, Bluesheets 1) Agenda Bash 2) Documents with the RFC Editor and IESG a) draft-ietf-lamps-rfc6844bis (Jacob and Phillip) b) draft-ietf-lamps-hash-of-root-key-cert-extn (Russ) c) draft-ietf-lamps-pkix-shake (Panos, Quynh) d) draft-ietf-lamps-cms-shakes (Quynh, Panos) e) draft-ietf-lamps-cms-hash-sig (Russ) f) draft-ietf-lamps-cms-mix-with-psk (Russ) 3) Active Working Group Documents a) draft-ietf-lamps-header-protection-requirements (Alexey, Bernie) 4) Documents related to the proposed re-charter a) draft-brockhaus-lamps-lightweight-cmp-profile (Hendrik) 5) Other Business (if time allows) a) draft-turner-5480-ku-clarifications (Sean) 6) Wrap Up _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Tue Jul 9 11:16:33 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED981209A6 for ; Tue, 9 Jul 2019 11:16:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXDi-IvLIQ_M for ; Tue, 9 Jul 2019 11:16:20 -0700 (PDT) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130048.outbound.protection.outlook.com [40.107.13.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BD35120985 for ; Tue, 9 Jul 2019 11:16:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YsUYtglqgRy5ZyqEH16Aw1aQNrduguAtTpbvjRUwlVI=; b=OYciTlUXbdrLDj++mhCyAruUHOzlME9i4DGlQ9lPOgQ42ugzH1KW70TWyoq0h56EaOknOvqHzNoWcXedLM8QhQvU69X2ozxN4fUGIAEvXiK75Oeplvf6Pn/AN/NSToBdYRmrMc4ZvdJwVpRLA36118HDusX4P2HaI3t7vcUXQJg= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2852.EURPRD10.PROD.OUTLOOK.COM (20.178.203.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Tue, 9 Jul 2019 18:16:13 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2052.020; Tue, 9 Jul 2019 18:16:13 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: LAMPS WG Thread-Topic: [lamps] DRAFT LAMPS WG Agenda for IETF 105 Thread-Index: AQHVNaBTGm2MLYJlqUKfOgfjVRFyCKbCmYe5 Date: Tue, 9 Jul 2019 18:16:13 +0000 Message-ID: <1FCF3202-8FD4-4D06-9A8E-A52A02DD7F47@siemens.com> References: <94B3A9EA-D74B-4CCA-9938-5EBCF84C6921@vigilsec.com> In-Reply-To: <94B3A9EA-D74B-4CCA-9938-5EBCF84C6921@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [109.41.192.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1173b21b-336e-4160-e5d7-08d7049986c5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB2852; x-ms-traffictypediagnostic: AM0PR10MB2852: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0093C80C01 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(346002)(376002)(366004)(39860400002)(199004)(189003)(5660300002)(6116002)(76176011)(66946007)(26005)(186003)(99286004)(3846002)(446003)(11346002)(6246003)(68736007)(478600001)(476003)(2906002)(73956011)(66556008)(66066001)(2616005)(64756008)(25786009)(66476007)(91956017)(966005)(8936002)(76116006)(6506007)(45080400002)(102836004)(33656002)(54896002)(316002)(14454004)(236005)(229853002)(486006)(6436002)(256004)(53936002)(6512007)(7736002)(4326008)(6916009)(606006)(6306002)(36756003)(81166006)(71190400001)(86362001)(71200400001)(66446008)(81156014)(8676002)(6486002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB2852; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: LXwor5NegnQQZpIH4B8IFQCMFN07c/HkkwsEAEyq6Y1tcK8MRmzlVXBmVWIUlWqilTgCW9Bd6gm9dqk11XnPbVpFaEQ/CJNzPwyGPqMZPIcFUNL4VnplboJVJhgJUQG4o8hDCAgyPANrpcYgLqRzIUfEN2KHKGXlaf/L4a+6UnOdjzIMMnzB3mEFKpxOOVAg01GkwqI+ku5ElZASGXHmKmXkZ1f5/fVzNzur6Xa/wLn9ncd0kaud2KI2ZJPK6XyFvjb9w04OP5LxNYvBgPVKegH4yR9SNpzNUdfK+GaQ4SfV/WuhnNDHPbmbsyf8zaHu5dLaJGwpO3aEUFOSmH2wVrJJ5tPOXOHhOeU+mwOfJoK4VMMThxB+WK3TocCt0jp2ZqaZT4c9yj12ZVkLHUKXuBIQz0IenAPLPVBMh7BSTLo= Content-Type: multipart/alternative; boundary="_000_1FCF32028FD44D069A8EA52A02DD7F47siemenscom_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1173b21b-336e-4160-e5d7-08d7049986c5 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 18:16:13.2779 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2852 Archived-At: Subject: Re: [lamps] DRAFT LAMPS WG Agenda for IETF 105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 18:16:31 -0000 --_000_1FCF32028FD44D069A8EA52A02DD7F47siemenscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UnVzcw0KDQpXaXRoIHJlZ2FyZCB0byA0IGEpIEkgYWxzbyBhZGRlZCBhIGZpcnN0IHZlcnNpb24g b2YgQ01QIFVwZGF0ZXMuDQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1i cm9ja2hhdXMtbGFtcHMtY21wLXVwZGF0ZXMvDQoNCkhlbmRyaWsNCg0KU2VuZCBmcm9tIG15IG1v YmlsZQ0KDQpBbSAwOC4wNy4yMDE5IHVtIDE3OjE3IHNjaHJpZWIgUnVzcyBIb3VzbGV5IDxob3Vz bGV5QHZpZ2lsc2VjLmNvbTxtYWlsdG86aG91c2xleUB2aWdpbHNlYy5jb20+PjoNCg0KRFJBRlQN CkxBTVBTIFdHIEFnZW5kYSBhdCBJRVRGIDEwNSBpbiBNb250cmVhbCwgQ0ENCg0KMCkgIE1pbnV0 ZSBUYWtlciwgSmFiYmVyIFNjcmliZSwgQmx1ZXNoZWV0cw0KDQoxKSAgQWdlbmRhIEJhc2gNCg0K MikgIERvY3VtZW50cyB3aXRoIHRoZSBSRkMgRWRpdG9yIGFuZCBJRVNHDQogICBhKSAgZHJhZnQt aWV0Zi1sYW1wcy1yZmM2ODQ0YmlzIChKYWNvYiBhbmQgUGhpbGxpcCkNCiAgIGIpICBkcmFmdC1p ZXRmLWxhbXBzLWhhc2gtb2Ytcm9vdC1rZXktY2VydC1leHRuIChSdXNzKQ0KICAgYykgIGRyYWZ0 LWlldGYtbGFtcHMtcGtpeC1zaGFrZSAoUGFub3MsIFF1eW5oKQ0KICAgZCkgIGRyYWZ0LWlldGYt bGFtcHMtY21zLXNoYWtlcyAoUXV5bmgsIFBhbm9zKQ0KICAgZSkgIGRyYWZ0LWlldGYtbGFtcHMt Y21zLWhhc2gtc2lnIChSdXNzKQ0KICAgZikgIGRyYWZ0LWlldGYtbGFtcHMtY21zLW1peC13aXRo LXBzayAoUnVzcykNCg0KMykgIEFjdGl2ZSBXb3JraW5nIEdyb3VwIERvY3VtZW50cw0KICAgYSkg IGRyYWZ0LWlldGYtbGFtcHMtaGVhZGVyLXByb3RlY3Rpb24tcmVxdWlyZW1lbnRzIChBbGV4ZXks IEJlcm5pZSkNCg0KNCkgIERvY3VtZW50cyByZWxhdGVkIHRvIHRoZSBwcm9wb3NlZCByZS1jaGFy dGVyDQogICBhKSAgZHJhZnQtYnJvY2toYXVzLWxhbXBzLWxpZ2h0d2VpZ2h0LWNtcC1wcm9maWxl IChIZW5kcmlrKQ0KDQo1KSAgT3RoZXIgQnVzaW5lc3MgKGlmIHRpbWUgYWxsb3dzKQ0KICAgYSkg IGRyYWZ0LXR1cm5lci01NDgwLWt1LWNsYXJpZmljYXRpb25zIChTZWFuKQ0KDQo2KSAgV3JhcCBV cA0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3Bh c20gbWFpbGluZyBsaXN0DQpTcGFzbUBpZXRmLm9yZzxtYWlsdG86U3Bhc21AaWV0Zi5vcmc+DQpo dHRwczovL2V1cjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMl M0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzcGFzbSZhbXA7ZGF0 YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2YyZjkxNDIzYjAw YjQzZGU0NDM4MDhkNzAzYjc3NTY2JTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWEl N0MxJTdDMCU3QzYzNjk4MTk1ODc5MTcwNzM5MSZhbXA7c2RhdGE9NmVGS1JyZFB0VDNUaEwlMkJX QVdRM3d6Wno0RzZPZDhVTjh3TjB4aXZweG1zJTNEJmFtcDtyZXNlcnZlZD0wDQo= --_000_1FCF32028FD44D069A8EA52A02DD7F47siemenscom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGRpcj0iYXV0byI+DQpS dXNzDQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRpdj5XaXRoIHJlZ2FyZCB0byA0IGEpIEkgYWxzbyBh ZGRlZCBhIGZpcnN0IHZlcnNpb24gb2YgQ01QIFVwZGF0ZXMuPC9kaXY+DQo8ZGl2PjxhIGhyZWY9 Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWJyb2NraGF1cy1sYW1wcy1j bXAtdXBkYXRlcy8iPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWJyb2Nr aGF1cy1sYW1wcy1jbXAtdXBkYXRlcy88L2E+PC9kaXY+DQo8ZGl2Pjxicj4NCjwvZGl2Pg0KPGRp dj5IZW5kcmlrPGJyPg0KPGJyPg0KPGRpdiBpZD0iQXBwbGVNYWlsU2lnbmF0dXJlIiBkaXI9Imx0 ciI+U2VuZCBmcm9tIG15IG1vYmlsZTwvZGl2Pg0KPGRpdiBkaXI9Imx0ciI+PGJyPg0KQW0gMDgu MDcuMjAxOSB1bSAxNzoxNyBzY2hyaWViIFJ1c3MgSG91c2xleSAmbHQ7PGEgaHJlZj0ibWFpbHRv OmhvdXNsZXlAdmlnaWxzZWMuY29tIj5ob3VzbGV5QHZpZ2lsc2VjLmNvbTwvYT4mZ3Q7Ojxicj4N Cjxicj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+DQo8ZGl2IGRpcj0ibHRyIj48 c3Bhbj5EUkFGVDwvc3Bhbj48YnI+DQo8c3Bhbj5MQU1QUyBXRyBBZ2VuZGEgYXQgSUVURiAxMDUg aW4gTW9udHJlYWwsIENBPC9zcGFuPjxicj4NCjxzcGFuPjwvc3Bhbj48YnI+DQo8c3Bhbj4wKSAm bmJzcDtNaW51dGUgVGFrZXIsIEphYmJlciBTY3JpYmUsIEJsdWVzaGVldHM8L3NwYW4+PGJyPg0K PHNwYW4+PC9zcGFuPjxicj4NCjxzcGFuPjEpICZuYnNwO0FnZW5kYSBCYXNoPC9zcGFuPjxicj4N CjxzcGFuPjwvc3Bhbj48YnI+DQo8c3Bhbj4yKSAmbmJzcDtEb2N1bWVudHMgd2l0aCB0aGUgUkZD IEVkaXRvciBhbmQgSUVTRzwvc3Bhbj48YnI+DQo8c3Bhbj4mbmJzcDsmbmJzcDsmbmJzcDthKSAm bmJzcDtkcmFmdC1pZXRmLWxhbXBzLXJmYzY4NDRiaXMgKEphY29iIGFuZCBQaGlsbGlwKTwvc3Bh bj48YnI+DQo8c3Bhbj4mbmJzcDsmbmJzcDsmbmJzcDtiKSAmbmJzcDtkcmFmdC1pZXRmLWxhbXBz LWhhc2gtb2Ytcm9vdC1rZXktY2VydC1leHRuIChSdXNzKTwvc3Bhbj48YnI+DQo8c3Bhbj4mbmJz cDsmbmJzcDsmbmJzcDtjKSAmbmJzcDtkcmFmdC1pZXRmLWxhbXBzLXBraXgtc2hha2UgKFBhbm9z LCBRdXluaCk8L3NwYW4+PGJyPg0KPHNwYW4+Jm5ic3A7Jm5ic3A7Jm5ic3A7ZCkgJm5ic3A7ZHJh ZnQtaWV0Zi1sYW1wcy1jbXMtc2hha2VzIChRdXluaCwgUGFub3MpPC9zcGFuPjxicj4NCjxzcGFu PiZuYnNwOyZuYnNwOyZuYnNwO2UpICZuYnNwO2RyYWZ0LWlldGYtbGFtcHMtY21zLWhhc2gtc2ln IChSdXNzKTwvc3Bhbj48YnI+DQo8c3Bhbj4mbmJzcDsmbmJzcDsmbmJzcDtmKSAmbmJzcDtkcmFm dC1pZXRmLWxhbXBzLWNtcy1taXgtd2l0aC1wc2sgKFJ1c3MpPC9zcGFuPjxicj4NCjxzcGFuPjwv c3Bhbj48YnI+DQo8c3Bhbj4zKSAmbmJzcDtBY3RpdmUgV29ya2luZyBHcm91cCBEb2N1bWVudHM8 L3NwYW4+PGJyPg0KPHNwYW4+Jm5ic3A7Jm5ic3A7Jm5ic3A7YSkgJm5ic3A7ZHJhZnQtaWV0Zi1s YW1wcy1oZWFkZXItcHJvdGVjdGlvbi1yZXF1aXJlbWVudHMgKEFsZXhleSwgQmVybmllKTwvc3Bh bj48YnI+DQo8c3Bhbj48L3NwYW4+PGJyPg0KPHNwYW4+NCkgJm5ic3A7RG9jdW1lbnRzIHJlbGF0 ZWQgdG8gdGhlIHByb3Bvc2VkIHJlLWNoYXJ0ZXI8L3NwYW4+PGJyPg0KPHNwYW4+Jm5ic3A7Jm5i c3A7Jm5ic3A7YSkgJm5ic3A7ZHJhZnQtYnJvY2toYXVzLWxhbXBzLWxpZ2h0d2VpZ2h0LWNtcC1w cm9maWxlIChIZW5kcmlrKTwvc3Bhbj48YnI+DQo8c3Bhbj48L3NwYW4+PGJyPg0KPHNwYW4+NSkg Jm5ic3A7T3RoZXIgQnVzaW5lc3MgKGlmIHRpbWUgYWxsb3dzKTwvc3Bhbj48YnI+DQo8c3Bhbj4m bmJzcDsmbmJzcDsmbmJzcDthKSAmbmJzcDtkcmFmdC10dXJuZXItNTQ4MC1rdS1jbGFyaWZpY2F0 aW9ucyAoU2Vhbik8L3NwYW4+PGJyPg0KPHNwYW4+PC9zcGFuPjxicj4NCjxzcGFuPjYpICZuYnNw O1dyYXAgVXA8L3NwYW4+PGJyPg0KPHNwYW4+PC9zcGFuPjxicj4NCjxzcGFuPl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPC9zcGFuPjxicj4NCjxzcGFuPlNw YXNtIG1haWxpbmcgbGlzdDwvc3Bhbj48YnI+DQo8c3Bhbj48YSBocmVmPSJtYWlsdG86U3Bhc21A aWV0Zi5vcmciPlNwYXNtQGlldGYub3JnPC9hPjwvc3Bhbj48YnI+DQo8c3Bhbj48YSBocmVmPSJo dHRwczovL2V1cjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMl M0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzcGFzbSZhbXA7YW1w O2RhdGE9MDIlN0MwMSU3Q2hlbmRyaWsuYnJvY2toYXVzJTQwc2llbWVucy5jb20lN0NmMmY5MTQy M2IwMGI0M2RlNDQzODA4ZDcwM2I3NzU2NiU3QzM4YWUzYmNkOTU3OTRmZDRhZGRhYjQyZTE0OTVk NTVhJTdDMSU3QzAlN0M2MzY5ODE5NTg3OTE3MDczOTEmYW1wO2FtcDtzZGF0YT02ZUZLUnJkUHRU M1RoTCUyQldBV1Ezd3paejRHNk9kOFVOOHdOMHhpdnB4bXMlM0QmYW1wO2FtcDtyZXNlcnZlZD0w Ij5odHRwczovL2V1cjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0 cHMlM0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzcGFzbSZhbXA7 YW1wO2RhdGE9MDIlN0MwMSU3Q2hlbmRyaWsuYnJvY2toYXVzJTQwc2llbWVucy5jb20lN0NmMmY5 MTQyM2IwMGI0M2RlNDQzODA4ZDcwM2I3NzU2NiU3QzM4YWUzYmNkOTU3OTRmZDRhZGRhYjQyZTE0 OTVkNTVhJTdDMSU3QzAlN0M2MzY5ODE5NTg3OTE3MDczOTEmYW1wO2FtcDtzZGF0YT02ZUZLUnJk UHRUM1RoTCUyQldBV1Ezd3paejRHNk9kOFVOOHdOMHhpdnB4bXMlM0QmYW1wO2FtcDtyZXNlcnZl ZD0wPC9hPjwvc3Bhbj48YnI+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9ib2R5 Pg0KPC9odG1sPg0K --_000_1FCF32028FD44D069A8EA52A02DD7F47siemenscom_-- From nobody Wed Jul 10 16:37:45 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D984E120073 for ; Wed, 10 Jul 2019 16:37:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.704 X-Spam-Level: X-Spam-Status: No, score=-0.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RpZLo8lIi4RA for ; Wed, 10 Jul 2019 16:37:42 -0700 (PDT) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03BB1120019 for ; Wed, 10 Jul 2019 16:37:42 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id s145so3362716qke.7 for ; Wed, 10 Jul 2019 16:37:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=514n4HBGCxr440K6FfFHqSDMt/VCuibz2Z3ScSEAufQ=; b=BoYlK15m4SqWZkmtesluvewrRROUOD5JNkYc0EnkcdJY0RzCVbuQ1LidQdE6e9feSs 2+PYugcM57Hnsv/sKy8Y1nMuGWRKsNcBbJM+iJdEZFU0W0kFNkQPQ7pjpA/A2JEYWkob +YQ+27RY1XOeiiSHmJWmwe7MGxRI+ybog0sHw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=514n4HBGCxr440K6FfFHqSDMt/VCuibz2Z3ScSEAufQ=; b=GuWzHuOUG4bQZtHzLrmMcjuRwfpkqQpwLV9LCqqcxnKWXHuVK+qSMe4or5uSeYBTzI ZhQ7dNrVZPSmmNWH/jR6CPZHibYgWTFjUR0enJKxUK08DJb+8N6j45VeemguxuO4Ekhw revSWDH08x5NlQTGylHhJk26uOrccX/B2myI/kPmg9HcihcuYaB5EHAFNSCbKmR4ijqW jUJzyHWv0FiHP7oqjxPkCDsRpIXW3KOwD8BUgOjbqyR1hrPDRcPED5hOT5xVx5xNGa8J NCP1YWVwCken9FAqtOeHSc7Td9P+VYihkdSMnZZZZ8skdHa8wL8DyFddpaZOCiNGSu8E 0rvw== X-Gm-Message-State: APjAAAXkjifHfQ49RMTY50BEW+Kn1Khyynf/HSdhzTk8mnfcFCUtCtd1 EzYK/2aqf5hYiRxTLdIK6gQzkohz X-Google-Smtp-Source: APXvYqx1W0s+u/gE/5NO7l5jit5HJDGcjVY4iFXuMru9lOMPfEGhyQV1Moyq9t/Z7UheFe9rqP7rzw== X-Received: by 2002:a37:4043:: with SMTP id n64mr712739qka.392.1562801861027; Wed, 10 Jul 2019 16:37:41 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id n5sm2078493qta.29.2019.07.10.16.37.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2019 16:37:40 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Sean Turner In-Reply-To: <89CB0F20-ED6E-414B-B451-5C2C87B4DD2D@vigilsec.com> Date: Wed, 10 Jul 2019 19:37:37 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <85731ABD-2052-4544-A551-A0294236A314@sn3rd.com> References: <4217A10A-11F0-4518-8D3D-D9FDDCE30C15@sn3rd.com> <22AC4D66-C005-4EE7-B09C-CD570BC3579C@vigilsec.com> <460F965C-ADF0-4DEC-A444-34ACDE274F34@sn3rd.com> <89CB0F20-ED6E-414B-B451-5C2C87B4DD2D@vigilsec.com> To: Russ Housley X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Clarifications for ECC SPKI (aka RFC 5480) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jul 2019 23:37:44 -0000 This change is included in this PR: https://github.com/seanturner/draft-turner-5480-ku-clarifications/pull/2 I will merge and spin a new version once the submission window reopens. spt > On Jul 8, 2019, at 10:04, Russ Housley wrote: >=20 > OLD: >=20 > This document corrects this omission, but updating Section 3 > of [RFC5480] to include semantics for these two key usages. >=20 > NEW: >=20 > This document corrects this omission, by updating Section 3 > of [RFC5480] to make it clear that neither keyEncipherment > nor the dataEncipherment key usage bits are set for key > agreement algorithms. >=20 >=20 >> On Jul 7, 2019, at 9:22 PM, Sean Turner wrote: >>=20 >> In my haste to not do this at the last minute, I forgot to include a = link to the I-D :) >> https://datatracker.ietf.org/doc/draft-turner-5480-ku-clarifications/ >>=20 >> Russ - can you clarify your comment? That sentence is in the = Introduction. >>=20 >> spt >>=20 >>> On Jul 7, 2019, at 11:01, Russ Housley wrote: >>>=20 >>> Sean: >>>=20 >>> I would like to see this document published. >>>=20 >>> The Abstract says: >>>=20 >>> This document corrects this omission, but updating Section 3 of = {{RFC5480}} to include semantics for these two key usages. >>>=20 >>> However, the document really makes it clear that these must not be = set for key agreement algorithms. >>>=20 >>> Russ >>>=20 >>>=20 >>>=20 >>>> On Jul 6, 2019, at 5:55 PM, Sean Turner wrote: >>>>=20 >>>> Hi! >>>>=20 >>>> Back in March I asked how the keyEncipherment and dataEncipherment = bits should be interpreted: >>>> = https://mailarchive.ietf.org/arch/msg/spasm/b38SFOeko1OT2uN4n52YxAy2B0Y >>>> Tadahiko Ito and I have spun a draft that updates 5480 to clarify = RFC 5480=E2=80=99s stance on these two bits. In short (and this draft = is very short), this draft aims to prohibit the use of these two bits = with id-ecPublicKey as well as id-ecDH and id-ecMQV. Please let us know = what you think. >>>>=20 >>>> Oh and I forgot to include this in the draft, but there is a github = repo: >>>> https://github.com/seanturner/draft-turner-5480-ku-clarifications >>>>=20 >>>> spt >>>> _______________________________________________ >>>> Spasm mailing list >>>> Spasm@ietf.org >>>> https://www.ietf.org/mailman/listinfo/spasm >>>=20 >>=20 >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 From nobody Thu Jul 11 06:40:28 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CBCD12010F; Thu, 11 Jul 2019 06:40:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Scott Bradner via Datatracker To: Cc: spasm@ietf.org, draft-ietf-lamps-cms-shakes.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.98.3 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Scott Bradner Message-ID: <156285242644.32383.11390058670110652361@ietfa.amsl.com> Date: Thu, 11 Jul 2019 06:40:26 -0700 Archived-At: Subject: [lamps] Opsdir last call review of draft-ietf-lamps-cms-shakes-12 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 13:40:27 -0000 Reviewer: Scott Bradner Review result: Has Nits it is my understanding that the style guide says that there should be no references in the abstract – so “This document updates [RFC3370] and ...” is not permitted – I would suggest that it should read “This document updates “Cryptographic Message Syntax (CMS) Algorithms” (RFC 3370) and ...”. Then change the second sentence in the introduction to read: “Cryptographic Message Syntax (CMS) Algorithms [RFC3370] describes the use of common cryptographic algorithms with the CMS. This specification updates [RFC3370] to describe the use of the SHAKE128 and SHAKE256 specified in [SHA3] as new hash functions in CMS.” Otherwise the specification does not present any operational issues and looks ready for publication From nobody Thu Jul 11 07:52:40 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53A73120140 for ; Thu, 11 Jul 2019 07:52:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JIlWB5Risq_0 for ; Thu, 11 Jul 2019 07:52:35 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0615.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::615]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B958C1200F9 for ; Thu, 11 Jul 2019 07:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V0bsDziOT3oX2LSWuQEOr+S1Jip5JmDxVa5iNsVNoZM=; b=M+zmEZS3nWI3IqWtXQVh0nGRm4wTaJ47CcKyBgfwqA7tZZOK3CyHhrcMkh5aMYGohJaKEEl7KFhBzPuSBbK52XCrwpkWVWP0tbEDr6XDZ9R2Fs/Z/USfSmCPy8yZVoNjILnnlK8pwHjKUCFbAbwWA+IGx8AJRTTiFNbNZxeo7kk= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2273.EURPRD10.PROD.OUTLOOK.COM (20.177.110.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Thu, 11 Jul 2019 14:52:32 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2052.020; Thu, 11 Jul 2019 14:52:32 +0000 From: "Brockhaus, Hendrik" To: "spasm@ietf.org" CC: Jim Schaad , Russ Housley , Tim Hollebeek , "steffen.fries@siemens.com" Thread-Topic: [lamps] Charter discussion Thread-Index: AdUieMNE0ThLDuQQTsGvDFcsSaas7AH/ExwgAAtI4oADVK2hcA== Date: Thu, 11 Jul 2019 14:52:32 +0000 Message-ID: References: <5B469693-37A8-4735-AE62-0A31A4C3F5AF@vigilsec.com> In-Reply-To: <5B469693-37A8-4735-AE62-0A31A4C3F5AF@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [80.146.228.122] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f608e13e-afc3-4652-862f-08d7060f6755 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB2273; x-ms-traffictypediagnostic: AM0PR10MB2273: x-ms-exchange-purlcount: 4 x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0095BCF226 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(366004)(346002)(396003)(136003)(53754006)(199004)(13464003)(189003)(6916009)(55016002)(33656002)(66066001)(8936002)(6436002)(9686003)(5640700003)(2906002)(6306002)(81156014)(81166006)(25786009)(3846002)(6116002)(2501003)(68736007)(8676002)(53936002)(52536014)(1730700003)(14444005)(4326008)(66574012)(476003)(256004)(76176011)(966005)(7696005)(11346002)(74316002)(486006)(186003)(66556008)(66946007)(7736002)(446003)(14454004)(102836004)(26005)(54906003)(53546011)(6506007)(66476007)(76116006)(64756008)(66446008)(86362001)(71200400001)(71190400001)(478600001)(45080400002)(107886003)(305945005)(5660300002)(316002)(99286004)(2351001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB2273; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: iNO50mxxVRYLcr456DYi+8uJp4ELgmeZcmDgNqM37mt5SW1joaBErlpTf/IgIzTJh3ifNQ3OebaSAah65bu9zfskwAvAMwujxIvIoFEVfPnAZU1pLNhfhryClsBZZWpP35DtGS86/xT50UxhsSKvyTii5kHHpxljbR1SOilRCqST5FwqjD+uCOTj/pgoxETBN8NZnJo+MkZELo5R/yq9rKjSkX45C8U/wrRqYTjGv8OoN1FO3Q71sxEL6JtWf1EXHAqmJtZ+CTInucBfYarrB9hWkx0HOo4jmhxldwU3+07kb+vhUEOKdz2jKcH6JwEZFKNWCduxwvxEY+1vA1i+b5HmHZkf9b5+JDhytCan47gXjrAI/lJVeXnIGRWrSLGIwXLhHQOEZkA/1ujxJtyjBPk0PqJ25F9iJGfxu8jSMTs= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f608e13e-afc3-4652-862f-08d7060f6755 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2019 14:52:32.3709 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2273 Archived-At: Subject: Re: [lamps] Charter discussion X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 14:52:39 -0000 Hi all In preparation to IETF 105 I uploaded a new version of the Lightweight CMP = Profile draft on Monday. This draft addresses the discussion in LAMPS WG si= nce IETF 104 and adds content to some sections that were not yet completed.= See the list of changes in section 1. The current version of the draft is = here: https://datatracker.ietf.org/doc/draft-brockhaus-lamps-lightweight-cm= p-profile/ I also submitted a draft on necessary changes to RFC 4210 to split the cont= ent of the CMP profile into those parts changing the current CMP RFC and pa= rts specifying how to make use of CMP to implement specific certificate man= agement use cases. Steffen and I discussed this approach with Jim Schaad du= ring and after IETF 104. Please see the draft here: https://datatracker.iet= f.org/doc/draft-brockhaus-lamps-cmp-updates/ Any feedback on the drafts is more than welcome. I will present both drafts and the proposed change to the agenda at the WG = session during IETF 105. Hendrik > -----Urspr=FCngliche Nachricht----- > Von: Spasm Im Auftrag von Russ Housley > Gesendet: Montag, 24. Juni 2019 17:34 > An: Fries, Steffen (CT RDA CST) ; > spasm@ietf.org > Cc: Tim Hollebeek > Betreff: Re: [lamps] Charter discussion >=20 > Steffen: >=20 > By my review of the responses, six people are in support of work on a CMP > profile, four people are willing to review, three people plan to implemen= t, > and one person is opposed to this being added to the charter of the WG. >=20 > I was hoping for greater support, but I think we should discuss proposed > charter text at the face-to-face session in Montreal. Hopefully the disc= ussion > will encourage others to volunteer to work on the document. >=20 > Russ >=20 >=20 > > On Jun 24, 2019, at 6:18 AM, Fries, Steffen > wrote: > > > > Hi Russ, hi Tim, > > > > I just wanted to ask you regarding my previous email targeting the stat= us of > the charter discussion. I was not quite sure what the outcome was on the > discussion of the lightweight CMP profile. There was discussion on the > mailing list in favor and also not in favor but also support regarding > implementation. As the discussion suddenly stopped, I'm unsure about the > sate and the way forward. Do you have any update or any suggestion on > how to come to a conclusion? > > > > Best regards > > Steffen > > > >> -----Original Message----- > >> From: Spasm On Behalf Of [ext] Fries, > >> Steffen > >> Sent: Freitag, 14. Juni 2019 08:24 > >> To: spasm@ietf.org > >> Subject: [lamps] Charter discussion > >> > >> Hi, > >> > >> Just a short question regarding the charter discussion. Based on the > >> discussion on the mailing list I was not sure if the discussion is > >> stuck or if the charter has been finalized already. The status on > >> > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatat= r > acker.ietf.org%2Fdoc%2Fcharter-ietf- > lamps%2F&data=3D02%7C01%7Chendrik.brockhaus%40siemens.com%7C > 868ec45c73ef4b2d84d308d6f8b96636%7C38ae3bcd95794fd4addab42e1495d > 55a%7C1%7C0%7C636969872502439337&sdata=3Dk%2FkZ%2Fs8nv3%2Fz > 1KRVusThI7MZBfToIyn78oMl00SQFjE%3D&reserved=3D0 states approved, > but note all of the recently discussed points made it into the charter. B= ased > on the discussion regarding lightweight-profile for CMP I had the impress= ion > there was sufficient interest. Does it mean it is rejected for the curren= t > charter? > >> > >> Best regards > >> Steffen > >> > >> _______________________________________________ > >> Spasm mailing list > >> Spasm@ietf.org > >> > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww > >> > .ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik. > bro > >> > ckhaus%40siemens.com%7C868ec45c73ef4b2d84d308d6f8b96636%7C38ae3 > bcd957 > >> > 94fd4addab42e1495d55a%7C1%7C0%7C636969872502449329&sdata=3D > mGJgwrpk > >> rZuQubnus1E8uqsVZoNZiKxPpJR1kNk7HbM%3D&reserved=3D0 >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww. > ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik.b > rockhaus%40siemens.com%7C868ec45c73ef4b2d84d308d6f8b96636%7C38a > e3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636969872502449329&am > p;sdata=3DmGJgwrpkrZuQubnus1E8uqsVZoNZiKxPpJR1kNk7HbM%3D&res > erved=3D0 From nobody Thu Jul 11 08:02:30 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 607A51202AF; Thu, 11 Jul 2019 08:02:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=OJa65KI7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Vy79as9n Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jdvOPyX59NE1; Thu, 11 Jul 2019 08:02:26 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C190A1202AB; Thu, 11 Jul 2019 08:02:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3048; q=dns/txt; s=iport; t=1562857346; x=1564066946; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=dj3agl7veiB+Fy3O8BA8PErReXAfxp5qJCLwTbyHd6A=; b=OJa65KI7+/1OPGsw1lQQeKiUuVq3nxDCJUomqyljJtEGkFdNoCrtfSue f0bDti2/8QVUuSMRHgtHaeAoghUmXtgxs/dOnVaYt7WIO1uJlGpukbuhh GezpQGK2RDj6xSBZj4Cgl/bw3tnO/FzWiBvAV3nPelUxEuXua5u4qHlWn c=; IronPort-PHdr: =?us-ascii?q?9a23=3A01JdJBLi1aSlHZF2WtmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXFX4JfvyZiozNM9DT1RiuXq8NBsdFQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AIAADfTidd/51dJa1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBUwUBAQEBCwGBQ1ADalUgBAsohByDRwOEUol1gluXSoEugSQ?= =?us-ascii?q?DVAkBAQEMAQEYCwoCAQGEQAIXgjwjNAkOAQMBAQQBAQIBBW2FPAyFSgEBAQE?= =?us-ascii?q?DAQEQEREMAQEsCwELBAIBCA4DBAEBAwImAgICJQsVCAgCBAENBQgagwGBagM?= =?us-ascii?q?dAQIMoRUCgTiIYHGBMoJ5AQEFhQcYghIDBoEMKAGLQB4XgUA/gVeCTD6CYQE?= =?us-ascii?q?BgWODCDKCJo51m2oJAoIZlCOCLIswiieNM5N7g08CBAIEBQIOAQEFgVA4gVh?= =?us-ascii?q?wFTuCOAEzgkELGINOhRSFP3KBKY5uAQE?= X-IronPort-AV: E=Sophos;i="5.63,478,1557187200"; d="scan'208";a="581730712" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Jul 2019 15:02:15 +0000 Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x6BF2Dxj007697 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Jul 2019 15:02:14 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Jul 2019 10:02:13 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Jul 2019 10:02:12 -0500 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 11 Jul 2019 11:02:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dj3agl7veiB+Fy3O8BA8PErReXAfxp5qJCLwTbyHd6A=; b=Vy79as9n/50TwxZu8j20udWUHrQY0h27eRyTVkye7w4V+ozaWyD7uWk1EnemmBgNCcb9rrUffszri2fnvOSOMYBYJgwTbWI7e0ULXqFsSRyklaGIse+LxRWGFvESiRQHsAFTK9EYKiRrELulFCHcBbMQoHv2R0IhMUebIRxhgRY= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2563.namprd11.prod.outlook.com (52.135.244.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18; Thu, 11 Jul 2019 15:02:11 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa%7]) with mapi id 15.20.2052.020; Thu, 11 Jul 2019 15:02:11 +0000 From: "Panos Kampanakis (pkampana)" To: Scott Bradner , "ops-dir@ietf.org" CC: "spasm@ietf.org" , "ietf@ietf.org" Thread-Topic: [lamps] Opsdir last call review of draft-ietf-lamps-cms-shakes-12 Thread-Index: AQHVN+5HHHsUntwEy0KwMi/C8sCCw6bFeHQg Date: Thu, 11 Jul 2019 15:02:10 +0000 Message-ID: References: <156285242644.32383.11390058670110652361@ietfa.amsl.com> In-Reply-To: <156285242644.32383.11390058670110652361@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:2090:1009:dd55:f59a:c338:1f1b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f6056053-acae-48b9-3c39-08d70610c040 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2563; x-ms-traffictypediagnostic: BN7PR11MB2563: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0095BCF226 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(376002)(39860400002)(346002)(396003)(199004)(189003)(51914003)(13464003)(5660300002)(99286004)(186003)(52536014)(7696005)(76176011)(46003)(54906003)(6116002)(446003)(110136005)(11346002)(476003)(8676002)(8936002)(66556008)(478600001)(486006)(64756008)(68736007)(66946007)(53546011)(2906002)(966005)(66476007)(66446008)(6246003)(76116006)(6506007)(102836004)(256004)(33656002)(74316002)(81156014)(6436002)(2501003)(14444005)(229853002)(9686003)(6306002)(4326008)(316002)(305945005)(53936002)(7736002)(71190400001)(86362001)(25786009)(14454004)(55016002)(71200400001)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2563; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: K0StT/dhbM5+MMmmHf6ZTXMteHXiOFU0X+o0nCzMYzfDurBrxPMhSMzw3W3Y01fS0YjJElLwSfbfMfiUU3CslWZFJ7TcxyeUgQnMgmQfJ7aAD6QIQj8/CdH3ek9ffcwftingcSYUAUVtWDriHjBwWVJg7cZqORi1bwlfGSIw85vm8IZkeZoJlhuEpOvS1C4pm/C2nbAjqYsr3UQvUhWti0otikVJEqpasSvRZxVN1e5aKgWJc/CT2kkbebHTv6gy6S0plcvQR2hXF39P7W/VHLIblj6Ga70JDQ22emNyBCOprJwBwHTi3BdEeghRNPawU6lMHsz54MVrjQf6E6ZWKmzkKKVJCEVTDD9MzkFAONFM9v39r0XrjpMNX4A4ajEfaCsflXAWm0igLrAkRCTV1Z8AtVgCi6/tUIf0u0JiA+E= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: f6056053-acae-48b9-3c39-08d70610c040 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2019 15:02:10.7894 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2563 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.25, xch-aln-015.cisco.com X-Outbound-Node: rcdn-core-6.cisco.com Archived-At: Subject: Re: [lamps] Opsdir last call review of draft-ietf-lamps-cms-shakes-12 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 15:02:28 -0000 SGkgU2NvdHQsDQoNClRoYW5rcyBmb3IgdGhlIHJldmlldy4gDQoNCkhtbSwgSSBhZGRlZCB0aGlz IHJlZmVyZW5jZSBhZnRlciBBZGFtIFJvYWNoJ3MgcmV2aWV3IHRoYXQgcG9pbnRlZCBvdXQgaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvc3RhbmRhcmRzL2lkcy9jaGVja2xpc3QvIMKnMy4xLkQuMS4gQnV0 IHlvdSBhcmUgcmlnaHQsIHdlIGRvbid0IG5lZWQgdG8gbWFrZSBhIG5vcm1hdGl2ZSByZWZlcmVu Y2UgaW4gdGhlIGFic3RyYWN0LiANCg0KVGhlIGFic3RyYWN0IG5vdyByZWFkcyANCg0KICAgVGhp cyBkb2N1bWVudCB1cGRhdGVzIHRoZSAiQ3J5cHRvZ3JhcGhpYyBNZXNzYWdlIFN5bnRheCBBbGdv cml0aG1zIg0KICAgKFJGQzMzNzApIGFuZCBkZXNjcmliZXMgdGhlIGNvbnZlbnRpb25zIGZvciB1 c2luZyB0aGUgU0hBS0UgZmFtaWx5IG9mDQogICBoYXNoIGZ1bmN0aW9ucyB3aXRoIHRoZSBDcnlw dG9ncmFwaGljIE1lc3NhZ2UgU3ludGF4IFsuLi5dDQoNCkFuZCB0aGUgSW50cm9kdWN0aW9uIA0K DQogICBUaGUgQ3J5cHRvZ3JhcGhpYyBNZXNzYWdlIFN5bnRheCAoQ01TKSBbUkZDNTY1Ml0gaXMg dXNlZCB0byBkaWdpdGFsbHkNCiAgIHNpZ24sIGRpZ2VzdCwgYXV0aGVudGljYXRlLCBvciBlbmNy eXB0IGFyYml0cmFyeSBtZXNzYWdlIGNvbnRlbnRzLg0KICAgQ3J5cHRvZ3JhcGhpYyBNZXNzYWdl IFN5bnRheCAoQ01TKSBBbGdvcml0aG1zIFtSRkMzMzcwXSBkZWZpbmVzIHRoZQ0KICAgdXNlIG9m IGNvbW1vbiBjcnlwdG9ncmFwaGljIGFsZ29yaXRobXMgd2l0aCBDTVMuICBUaGlzIHNwZWNpZmlj YXRpb24NCiAgIHVwZGF0ZXMgUkZDMzM3MCBhbmQgZGVzY3JpYmVzIHRoZSB1c2Ugb2YgdGhlIFNI QUtFMTI4IFsuLi5dDQoNCg0KSSB0aGluayBpdCBzaG91bGQgYmV0dGVyIG5vdy4gSSB3aWxsIHVw bG9hZCB0aGUgbmV4dCBpdGVyYXRpb24gb24gTW9uZGF5LiANCg0KUmdzLA0KUGFub3MgDQoNCg0K DQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU3Bhc20gPHNwYXNtLWJvdW5jZXNA aWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBTY290dCBCcmFkbmVyIHZpYSBEYXRhdHJhY2tlcg0KU2Vu dDogVGh1cnNkYXksIEp1bHkgMTEsIDIwMTkgOTo0MCBBTQ0KVG86IG9wcy1kaXJAaWV0Zi5vcmcN CkNjOiBzcGFzbUBpZXRmLm9yZzsgZHJhZnQtaWV0Zi1sYW1wcy1jbXMtc2hha2VzLmFsbEBpZXRm Lm9yZzsgaWV0ZkBpZXRmLm9yZw0KU3ViamVjdDogW2xhbXBzXSBPcHNkaXIgbGFzdCBjYWxsIHJl dmlldyBvZiBkcmFmdC1pZXRmLWxhbXBzLWNtcy1zaGFrZXMtMTINCg0KUmV2aWV3ZXI6IFNjb3R0 IEJyYWRuZXINClJldmlldyByZXN1bHQ6IEhhcyBOaXRzDQoNCml0IGlzIG15IHVuZGVyc3RhbmRp bmcgdGhhdCB0aGUgc3R5bGUgZ3VpZGUgc2F5cyB0aGF0IHRoZXJlIHNob3VsZCBiZSBubyByZWZl cmVuY2VzIGluIHRoZSBhYnN0cmFjdCDigJMgc28g4oCcVGhpcyBkb2N1bWVudCB1cGRhdGVzIFtS RkMzMzcwXSBhbmQgLi4u4oCdIGlzIG5vdCBwZXJtaXR0ZWQg4oCTIEkgd291bGQgc3VnZ2VzdCB0 aGF0IGl0IHNob3VsZCByZWFkIOKAnFRoaXMgZG9jdW1lbnQgdXBkYXRlcyDigJxDcnlwdG9ncmFw aGljIE1lc3NhZ2UgU3ludGF4IChDTVMpIEFsZ29yaXRobXPigJ0gKFJGQyAzMzcwKSBhbmQgLi4u 4oCdLg0KDQpUaGVuIGNoYW5nZSB0aGUgc2Vjb25kIHNlbnRlbmNlIGluIHRoZSBpbnRyb2R1Y3Rp b24gdG8gcmVhZDog4oCcQ3J5cHRvZ3JhcGhpYyBNZXNzYWdlIFN5bnRheCAoQ01TKSBBbGdvcml0 aG1zICBbUkZDMzM3MF0gZGVzY3JpYmVzIHRoZSB1c2Ugb2YgY29tbW9uIGNyeXB0b2dyYXBoaWMg YWxnb3JpdGhtcyB3aXRoIHRoZSBDTVMuIFRoaXMgc3BlY2lmaWNhdGlvbiB1cGRhdGVzIFtSRkMz MzcwXSB0byBkZXNjcmliZSB0aGUgdXNlIG9mIHRoZSBTSEFLRTEyOCBhbmQgU0hBS0UyNTYgc3Bl Y2lmaWVkIGluIFtTSEEzXSBhcyBuZXcgaGFzaCBmdW5jdGlvbnMgaW4gQ01TLuKAnQ0KDQpPdGhl cndpc2UgdGhlIHNwZWNpZmljYXRpb24gZG9lcyBub3QgcHJlc2VudCBhbnkgb3BlcmF0aW9uYWwg aXNzdWVzIGFuZCBsb29rcyByZWFkeSBmb3IgcHVibGljYXRpb24NCg0KDQpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3Bhc20gbWFpbGluZyBsaXN0DQpT cGFzbUBpZXRmLm9yZw0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zcGFz bQ0K From nobody Thu Jul 11 10:26:09 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB74120490 for ; Thu, 11 Jul 2019 10:26:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56X13YgFw0EO for ; Thu, 11 Jul 2019 10:26:02 -0700 (PDT) Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A17EE120271 for ; Thu, 11 Jul 2019 10:26:02 -0700 (PDT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6BHQ1uP009881 for ; Thu, 11 Jul 2019 13:26:01 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x6BHQ1uP009881 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1562865961; bh=WwHHdOwAC2VnRsWJtFdQGNlf2ilBXiKUK5wllgaDTlU=; h=From:To:Subject:Date:From; b=osgqm8xkc3s9O7W30IFeCMG7aqNotLntQKgKma00PQzK6VKFt7W2Lo/bKy+Ch7WVz sDE0Z5AySUmDdW5y6SBvjQ0vIiUDdwy147IdL0IK5OICJXGGopg2HBr47KLFBviu58 wKvywUhDV+kYXRzVnEtP1bv+LvZ/RGeaQM7AxSgI= Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6BHPwXD031405 for ; Thu, 11 Jul 2019 13:25:58 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0439.000; Thu, 11 Jul 2019 13:25:58 -0400 From: Roman Danyliw To: "spasm@ietf.org" Thread-Topic: AD Review: draft-ietf-lamps-cms-hash-sig-08 Thread-Index: AdU4DFJniyrzBBvrQQ2vMK3V3Jcnmw== Date: Thu, 11 Jul 2019 17:25:57 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B33CD760@marchand> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 17:26:08 -0000 Hi! The following is my AD review of draft-ietf-lamps-cms-hash-sig-08. Given t= he substance of these comments, it can be handled with IETF LC comments. (1) Section 1.3. Per the paragraph starting with "Today, RSA is often used= to digitally sign software updates", why is this discussion about software= updates in this draft? If this is to motivate the weakness of these algor= ithms? If so, why not also talk certificates? An example using DSS? IMO,= this paragraph isn't needed. (2) Section 2.2. Per "... a typecode indicating the particular LMS algorit= hm ...", where is typecode defined? (3) Section 2.3, when describing the components of the LM-OTS signature val= ue, y[] is not explained (4) Section 5. How is the object identifier should be used for the content= -type? (5) Editorial matters ** Abstract. Typo. s/the the/the/ ** Abstract and Section 1. Expand HSS/LMS on first use ** Abstract. Editorial. It seems odd to wait till the third paragraph to = explain what is HSS/LMS. Perhaps sentence one should be what is HSS/LMS (s= entence 1). ** Section 1.3. Would this section be better titled as "Motivation"? ** Section 1.3. Editorial (remove colloquialism). s/some researchers/rese= archer/ ** Section 1.3. FWIW, I didn't find the quote compelling contextually. Si= x years ago it suggests significant changes are coming but there is no foll= ow-up on whether they were correct with the benefit of hindsight. Likewise= , the relevant advances in quantum computers isn't cited. The reference is helpful. Perhaps I would have just said: "There have been recent advances in cryptoanalysis [BH2013] and in the deve= lopment of quantum computers [insert ref]. Each of these advances pose a t= hreat to widely deployed digital signature algorithms. There is a need to = prepare for a day that cryptosystems such as RSA and DSA that depend on dis= crete logarithm and factoring cannot be depended upon." ** Section 1.3. The text "Hash-based signatures [HASSIG] are currently def= ined ... An IANA registry is defined ..." is duplicated almost verbatim aga= in in Section 2. Why is it needed twice. IMO, it can be removed here. ** Section 1.3. LM-OTS signature generation needs a reference. ** Section 2. Provide a reference to the IANA registry. ** Section 2.1. Per "Otherwise, generation of the entire tree might take w= eeks on longer", perhaps add "on a current ". ** Section 2.1. Cite the functions (i.e., u32str() is from [HASHSIG]) and = string notation (i.e., "||" is concat) ** s/in Section 3.3/in struct signed_public_key in Section 3.3/ From nobody Thu Jul 11 11:17:14 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5574F120462; Thu, 11 Jul 2019 11:17:00 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.98.3 Auto-Submitted: auto-generated Precedence: bulk Sender: CC: rdd@cert.org, lamps-chairs@ietf.org, draft-ietf-lamps-cms-hash-sig@ietf.org, spasm@ietf.org, Tim Hollebeek , tim.hollebeek@digicert.com Content-Transfer-Encoding: 7bit Reply-To: ietf@ietf.org Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <156286902026.12200.4598116953244059166.idtracker@ietfa.amsl.com> Date: Thu, 11 Jul 2019 11:17:00 -0700 Archived-At: Subject: [lamps] Last Call: (Use of the HSS/LMS Hash-based Signature Algorithm in the Cryptographic Message Syntax (CMS)) to Proposed Standard X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 18:17:07 -0000 The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'Use of the HSS/LMS Hash-based Signature Algorithm in the Cryptographic Message Syntax (CMS)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-08-01. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies the conventions for using the the HSS/LMS hash-based signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-hash-sig/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-hash-sig/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc8554: Leighton-Micali Hash-Based Signatures (Informational - IRTF Stream) From nobody Thu Jul 11 14:38:42 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DCC871200DB; Thu, 11 Jul 2019 14:38:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.98.3 Auto-Submitted: auto-generated Precedence: bulk Cc: rdd@cert.org, lamps-chairs@ietf.org, The IESG , draft-ietf-lamps-hash-of-root-key-cert-extn@ietf.org, spasm@ietf.org, Tim Hollebeek , tim.hollebeek@digicert.com, rfc-editor@rfc-editor.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <156288110689.12002.8185315987699131697.idtracker@ietfa.amsl.com> Date: Thu, 11 Jul 2019 14:38:26 -0700 Archived-At: Subject: [lamps] Document Action: 'Hash Of Root Key Certificate Extension' to Informational RFC (draft-ietf-lamps-hash-of-root-key-cert-extn-07.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 21:38:27 -0000 The IESG has approved the following document: - 'Hash Of Root Key Certificate Extension' (draft-ietf-lamps-hash-of-root-key-cert-extn-07.txt) as Informational RFC This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-hash-of-root-key-cert-extn/ Technical Summary This document specifies the Hash Of Root Key certificate extension. This certificate extension is carried in the self-signed certificate for a trust anchor, which is often called a Root Certification Authority (CA) certificate. This certificate extension unambiguously identifies the next public key that will be used at some point in the future as the next Root CA certificate, eventually replacing the current one. Working Group Summary There is consensus for this document in the LAMPS WG. Document Quality This extension is part of the specifications that will be used in at least one new PKI. In addition, the Secure Electronic Transaction (SET) specification published by MasterCard and VISA in 1997 includes a very similar certificate extension. The SET certificate extension has essentially the same semantics, but the syntax fairly different. Personnel Tim Hollebeek is the document shepherd. Roman Danyliw is the responsible area director. From nobody Fri Jul 12 12:59:53 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 398BD120091 for ; Fri, 12 Jul 2019 12:59:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2YDzkIu25BZp for ; Fri, 12 Jul 2019 12:59:48 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071751200A4 for ; Fri, 12 Jul 2019 12:59:48 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BABB9300AA3 for ; Fri, 12 Jul 2019 15:40:29 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id X-PQ7Opjh_Js for ; Fri, 12 Jul 2019 15:40:27 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 8663630065E; Fri, 12 Jul 2019 15:40:27 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B33CD760@marchand> Date: Fri, 12 Jul 2019 15:59:44 -0400 Cc: "spasm@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <359EC4B99E040048A7131E0F4E113AFC01B33CD760@marchand> To: "Roman D. Danyliw" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jul 2019 19:59:51 -0000 Roman: Thanks for the careful review. There are a couple of places where I do = not understand your comment, but I have implemented the others in my = edit buffer. I hope we can sort out the others quickly. > The following is my AD review of draft-ietf-lamps-cms-hash-sig-08. = Given the substance of these comments, it can be handled with IETF LC = comments. >=20 > (1) Section 1.3. Per the paragraph starting with "Today, RSA is often = used to digitally sign software updates", why is this discussion about = software updates in this draft? If this is to motivate the weakness of = these algorithms? If so, why not also talk certificates? An example = using DSS? IMO, this paragraph isn't needed. This paragraph used to be in the security considerations. It was = suggested that the paragraph provides more of a motivation for why = someone might want to implement the algorithm, so it was moved here. I = would like to keep the linkage for RFC 4108, but the rest of the = paragraph can probably go away. I suggest the linkage to RFC 4108 can = be added to the 4th paragraph, which would result in: The HSS/LMS signature algorithm does not depend on the difficulty of discrete logarithm or factoring, as a result these algorithms are considered to be post-quantum secure. One use of post-quantum secure signatures is the protection of software updates, perhaps using the format described in [FWPROT], to enable deployment of software that implements new cryptosystems. > (2) Section 2.2. Per "... a typecode indicating the particular LMS = algorithm ...", where is typecode defined? To make this clear, I suggest adding "As specified in [HASHSIG]," to the = front of that paragraph. > (3) Section 2.3, when describing the components of the LM-OTS = signature value, y[] is not explained To be explicit, I suggest: ... and a sequence of hash values (y[0] = through y[p-1]) that correspond to the elements of the public key ... > (4) Section 5. How is the object identifier should be used for the = content-type? I do not understand this question. None of the object identifiers in = this document are used as to identify a content type. There is a = signature algorithm identifier and an ASN.1 module identifier. The = content type would be set depending on what is being signed. As a = result, this algorithm-specific document has nothing to say about = content type. > (5) Editorial matters >=20 > ** Abstract. Typo. s/the the/the/ Fixed. > ** Abstract and Section 1. Expand HSS/LMS on first use Fixed. > ** Abstract. Editorial. It seems odd to wait till the third = paragraph to explain what is HSS/LMS. Perhaps sentence one should be = what is HSS/LMS (sentence 1). The Abstract is only one paragraph, and the very first sentence does say = that HSS/LMS is a hash-based signature algorithm: This document specifies the conventions for using the the HSS/LMS hash-based signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. Likewise, as modified by the suggestion above, the first sentence of the = Introduction also says that HSS/LMS is a hash-based signature algorithm: This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the Cryptographic Message Syntax (CMS) [CMS] signed-data content type. > ** Section 1.3. Would this section be better titled as "Motivation"? Yes, I like that better. > ** Section 1.3. Editorial (remove colloquialism). s/some = researchers/researcher/ Changed. > ** Section 1.3. FWIW, I didn't find the quote compelling = contextually. Six years ago it suggests significant changes are coming = but there is no follow-up on whether they were correct with the benefit = of hindsight. Likewise, the relevant advances in quantum computers = isn't cited. >=20 > The reference is helpful. Perhaps I would have just said: >=20 > "There have been recent advances in cryptoanalysis [BH2013] and in the = development of quantum computers [insert ref]. Each of these advances = pose a threat to widely deployed digital signature algorithms. There is = a need to prepare for a day that cryptosystems such as RSA and DSA that = depend on discrete logarithm and factoring cannot be depended upon." I suggest: Recent advances in cryptoanalysis [BH2013] and progress in the development of quantum computers [NAS2019] pose a threat to widely deployed digital signature algorithms. As a result, there is a need to prepare for a day that cryptosystems such as RSA and DSA that depend on discrete logarithm and factoring cannot be depended upon. and: [NAS2019] National Academies of Sciences, Engineering, and Medicine, "Quantum Computing: Progress and Prospects", The National Academies Press, DOI 10.17226/25196, 2019. > ** Section 1.3. The text "Hash-based signatures [HASSIG] are = currently defined ... An IANA registry is defined ..." is duplicated = almost verbatim again in Section 2. Why is it needed twice. IMO, it = can be removed here. Agree. It is removed. > ** Section 1.3. LM-OTS signature generation needs a reference. That paragraph was removed based on the previous comment. > ** Section 2. Provide a reference to the IANA registry. Reference added for: = https://www.iana.org/assignments/leighton-micali-signatures/leighton-mical= i-signatures.xhtml > ** Section 2.1. Per "Otherwise, generation of the entire tree might = take weeks on longer", perhaps add "on a current ". The number of hash computations is huge to construct the entire tree, = that is why HSS breaks it into manageable chunks. The system type is = not the issue at all. > ** Section 2.1. Cite the functions (i.e., u32str() is from [HASHSIG]) = and string notation (i.e., "||" is concat) On first use of these, I added: where, u32str() and || are used as defined in [HASHSIG]. > ** s/in Section 3.3/in struct signed_public_key in Section 3.3/ I suggest: where, as defined in Section 3.3 of [HASHSIG], the signed_public_key structure contains the lms_signature over the public key followed by the public key itself. Russ From nobody Fri Jul 12 13:57:03 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB1171201DC for ; Fri, 12 Jul 2019 13:57:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DV17k6mTbk9C for ; Fri, 12 Jul 2019 13:56:58 -0700 (PDT) Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC3F512006B for ; Fri, 12 Jul 2019 13:56:58 -0700 (PDT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6CKuvns004959; Fri, 12 Jul 2019 16:56:57 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu x6CKuvns004959 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1562965017; bh=M091/u/LMWgvjQjm8Ugy9TBBupBLjhA552qIfCWYCSA=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Rz87QL6OtW1Kj1C6LTHMNiJPvV5xg0to/1+bLF00XgLgCIbzmFxWU1PC0azpmw9WR VTTE3hlngjUGW1TDDEW2xX7iAIuohW6y8LyZ2Q5NGb0ADYwk6VnGFJxruw4aUTr/xb zG4bKEdzrTNuD2RMG46QpIjmTTbenlkS7k7Eoq8k= Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6CKusVS020476; Fri, 12 Jul 2019 16:56:54 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0439.000; Fri, 12 Jul 2019 16:56:54 -0400 From: Roman Danyliw To: Russ Housley CC: "spasm@ietf.org" Thread-Topic: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 Thread-Index: AdU4DFJniyrzBBvrQQ2vMK3V3JcnmwBAY4EAAAay/YA= Date: Fri, 12 Jul 2019 20:56:53 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B33CF7C6@marchand> References: <359EC4B99E040048A7131E0F4E113AFC01B33CD760@marchand> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jul 2019 20:57:02 -0000 Hi Russ! Thanks for the quick response. The proposed edits address my concerns. Mi= nor things inline ... > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: Friday, July 12, 2019 4:00 PM > To: Roman Danyliw > Cc: spasm@ietf.org > Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 >=20 > Roman: >=20 > Thanks for the careful review. There are a couple of places where I do n= ot > understand your comment, but I have implemented the others in my edit > buffer. I hope we can sort out the others quickly. >=20 > > The following is my AD review of draft-ietf-lamps-cms-hash-sig-08. Giv= en > the substance of these comments, it can be handled with IETF LC comments. > > > > (1) Section 1.3. Per the paragraph starting with "Today, RSA is often = used > to digitally sign software updates", why is this discussion about softwar= e > updates in this draft? If this is to motivate the weakness of these > algorithms? If so, why not also talk certificates? An example using DSS= ? > IMO, this paragraph isn't needed. >=20 > This paragraph used to be in the security considerations. It was suggest= ed > that the paragraph provides more of a motivation for why someone might > want to implement the algorithm, so it was moved here. I would like to k= eep > the linkage for RFC 4108, but the rest of the paragraph can probably go a= way. > I suggest the linkage to RFC 4108 can be added to the 4th paragraph, whic= h > would result in: >=20 > The HSS/LMS signature algorithm does not depend on the difficulty of > discrete logarithm or factoring, as a result these algorithms are > considered to be post-quantum secure. One use of post-quantum secure > signatures is the protection of software updates, perhaps using the > format described in [FWPROT], to enable deployment of software that > implements new cryptosystems. Thanks for the history. The above works for me. >=20 > > (2) Section 2.2. Per "... a typecode indicating the particular LMS alg= orithm > ...", where is typecode defined? >=20 > To make this clear, I suggest adding "As specified in [HASHSIG]," to the = front > of that paragraph. Works for me. Thanks. > > (3) Section 2.3, when describing the components of the LM-OTS signature > value, y[] is not explained >=20 > To be explicit, I suggest: ... and a sequence of hash values (y[0] throug= h y[p- > 1]) that correspond to the elements of the public key ... Works for me. Thanks. > > (4) Section 5. How is the object identifier should be used for the con= tent- > type? >=20 > I do not understand this question. None of the object identifiers in thi= s > document are used as to identify a content type. There is a signature > algorithm identifier and an ASN.1 module identifier. The content type wo= uld > be set depending on what is being signed. As a result, this algorithm-sp= ecific > document has nothing to say about content type. I re-read my comment, I'm not sure what I was thinking. Oops. Sorry for t= he noise. > > (5) Editorial matters > > > > ** Abstract. Typo. s/the the/the/ >=20 > Fixed. >=20 > > ** Abstract and Section 1. Expand HSS/LMS on first use >=20 > Fixed. >=20 > > ** Abstract. Editorial. It seems odd to wait till the third paragraph= to > explain what is HSS/LMS. Perhaps sentence one should be what is HSS/LMS > (sentence 1). >=20 > The Abstract is only one paragraph, and the very first sentence does say = that > HSS/LMS is a hash-based signature algorithm: >=20 > This document specifies the conventions for using the the HSS/LMS > hash-based signature algorithm with the Cryptographic Message Syntax > (CMS). In addition, the algorithm identifier and public key syntax > are provided. The HSS/LMS algorithm is one form of hash-based > digital signature; it is described in RFC 8554. >=20 > Likewise, as modified by the suggestion above, the first sentence of the > Introduction also says that HSS/LMS is a hash-based signature algorithm: >=20 > This document specifies the conventions for using the Hierarchical > Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based > signature algorithm with the Cryptographic Message Syntax (CMS) [CMS] > signed-data content type. >=20 > > ** Section 1.3. Would this section be better titled as "Motivation"? >=20 > Yes, I like that better. >=20 > > ** Section 1.3. Editorial (remove colloquialism). s/some > researchers/researcher/ >=20 > Changed. >=20 > > ** Section 1.3. FWIW, I didn't find the quote compelling contextually.= Six > years ago it suggests significant changes are coming but there is no foll= ow-up > on whether they were correct with the benefit of hindsight. Likewise, th= e > relevant advances in quantum computers isn't cited. > > > > The reference is helpful. Perhaps I would have just said: > > > > "There have been recent advances in cryptoanalysis [BH2013] and in the > development of quantum computers [insert ref]. Each of these advances > pose a threat to widely deployed digital signature algorithms. There is = a need > to prepare for a day that cryptosystems such as RSA and DSA that depend o= n > discrete logarithm and factoring cannot be depended upon." >=20 > I suggest: >=20 > Recent advances in cryptoanalysis [BH2013] and progress in the > development of quantum computers [NAS2019] pose a threat to widely > deployed digital signature algorithms. As a result, there is a need > to prepare for a day that cryptosystems such as RSA and DSA that > depend on discrete logarithm and factoring cannot be depended upon. >=20 > and: >=20 > [NAS2019] National Academies of Sciences, Engineering, and Medicine, > "Quantum Computing: Progress and Prospects", The National > Academies Press, DOI 10.17226/25196, 2019. >=20 > > ** Section 1.3. The text "Hash-based signatures [HASSIG] are currently > defined ... An IANA registry is defined ..." is duplicated almost verbati= m again > in Section 2. Why is it needed twice. IMO, it can be removed here. >=20 > Agree. It is removed. >=20 > > ** Section 1.3. LM-OTS signature generation needs a reference. >=20 > That paragraph was removed based on the previous comment. >=20 > > ** Section 2. Provide a reference to the IANA registry. >=20 > Reference added for: >=20 > https://www.iana.org/assignments/leighton-micali-signatures/leighton- > micali-signatures.xhtml Thanks for making all of the changes described above. > > ** Section 2.1. Per "Otherwise, generation of the entire tree might ta= ke > weeks on longer", perhaps add "on a current ". >=20 > The number of hash computations is huge to construct the entire tree, tha= t is > why HSS breaks it into manageable chunks. The system type is not the iss= ue > at all. Ok. I was trying suggest an approach to caveat why construction takes so l= ong now (thinking that in the future, improved computation resources could = change construction time). > > ** Section 2.1. Cite the functions (i.e., u32str() is from [HASHSIG]) = and > string notation (i.e., "||" is concat) >=20 > On first use of these, I added: >=20 > where, u32str() and || are used as defined in [HASHSIG]. >=20 > > ** s/in Section 3.3/in struct signed_public_key in Section 3.3/ >=20 > I suggest: >=20 > where, as defined in Section 3.3 of [HASHSIG], the signed_public_key > structure contains the lms_signature over the public key followed by > the public key itself. This works. Thanks. Roman > Russ From nobody Fri Jul 12 16:17:07 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 975451200B5 for ; Fri, 12 Jul 2019 16:17:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqSTWB9IehFR for ; Fri, 12 Jul 2019 16:17:03 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE2C1120071 for ; Fri, 12 Jul 2019 16:17:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 3AE1F300AB6 for ; Fri, 12 Jul 2019 18:57:45 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WAowthrBT_jn for ; Fri, 12 Jul 2019 18:57:43 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id DD5E03009FF; Fri, 12 Jul 2019 18:57:42 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B33CF7C6@marchand> Date: Fri, 12 Jul 2019 19:16:59 -0400 Cc: "spasm@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <88159848-8B39-4A78-A506-1E96D43AEBF0@vigilsec.com> References: <359EC4B99E040048A7131E0F4E113AFC01B33CD760@marchand> <359EC4B99E040048A7131E0F4E113AFC01B33CF7C6@marchand> To: "Roman D. Danyliw" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jul 2019 23:17:06 -0000 Roman: Thanks. I will wait to see what other IETF Last Call comments come = along before posting a revision. Russ > On Jul 12, 2019, at 4:56 PM, Roman Danyliw wrote: >=20 > Hi Russ! >=20 > Thanks for the quick response. The proposed edits address my = concerns. Minor things inline ... >=20 >> -----Original Message----- >> From: Russ Housley [mailto:housley@vigilsec.com] >> Sent: Friday, July 12, 2019 4:00 PM >> To: Roman Danyliw >> Cc: spasm@ietf.org >> Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-hash-sig-08 >>=20 >> Roman: >>=20 >> Thanks for the careful review. There are a couple of places where I = do not >> understand your comment, but I have implemented the others in my edit >> buffer. I hope we can sort out the others quickly. >>=20 >>> The following is my AD review of draft-ietf-lamps-cms-hash-sig-08. = Given >> the substance of these comments, it can be handled with IETF LC = comments. >>>=20 >>> (1) Section 1.3. Per the paragraph starting with "Today, RSA is = often used >> to digitally sign software updates", why is this discussion about = software >> updates in this draft? If this is to motivate the weakness of these >> algorithms? If so, why not also talk certificates? An example using = DSS? >> IMO, this paragraph isn't needed. >>=20 >> This paragraph used to be in the security considerations. It was = suggested >> that the paragraph provides more of a motivation for why someone = might >> want to implement the algorithm, so it was moved here. I would like = to keep >> the linkage for RFC 4108, but the rest of the paragraph can probably = go away. >> I suggest the linkage to RFC 4108 can be added to the 4th paragraph, = which >> would result in: >>=20 >> The HSS/LMS signature algorithm does not depend on the difficulty = of >> discrete logarithm or factoring, as a result these algorithms are >> considered to be post-quantum secure. One use of post-quantum = secure >> signatures is the protection of software updates, perhaps using the >> format described in [FWPROT], to enable deployment of software that >> implements new cryptosystems. >=20 > Thanks for the history. The above works for me. >=20 >>=20 >>> (2) Section 2.2. Per "... a typecode indicating the particular LMS = algorithm >> ...", where is typecode defined? >>=20 >> To make this clear, I suggest adding "As specified in [HASHSIG]," to = the front >> of that paragraph. >=20 > Works for me. Thanks. >=20 >>> (3) Section 2.3, when describing the components of the LM-OTS = signature >> value, y[] is not explained >>=20 >> To be explicit, I suggest: ... and a sequence of hash values (y[0] = through y[p- >> 1]) that correspond to the elements of the public key ... >=20 > Works for me. Thanks. >=20 >>> (4) Section 5. How is the object identifier should be used for the = content- >> type? >>=20 >> I do not understand this question. None of the object identifiers in = this >> document are used as to identify a content type. There is a = signature >> algorithm identifier and an ASN.1 module identifier. The content = type would >> be set depending on what is being signed. As a result, this = algorithm-specific >> document has nothing to say about content type. >=20 > I re-read my comment, I'm not sure what I was thinking. Oops. Sorry = for the noise. >=20 >>> (5) Editorial matters >>>=20 >>> ** Abstract. Typo. s/the the/the/ >>=20 >> Fixed. >>=20 >>> ** Abstract and Section 1. Expand HSS/LMS on first use >>=20 >> Fixed. >>=20 >>> ** Abstract. Editorial. It seems odd to wait till the third = paragraph to >> explain what is HSS/LMS. Perhaps sentence one should be what is = HSS/LMS >> (sentence 1). >>=20 >> The Abstract is only one paragraph, and the very first sentence does = say that >> HSS/LMS is a hash-based signature algorithm: >>=20 >> This document specifies the conventions for using the the HSS/LMS >> hash-based signature algorithm with the Cryptographic Message = Syntax >> (CMS). In addition, the algorithm identifier and public key syntax >> are provided. The HSS/LMS algorithm is one form of hash-based >> digital signature; it is described in RFC 8554. >>=20 >> Likewise, as modified by the suggestion above, the first sentence of = the >> Introduction also says that HSS/LMS is a hash-based signature = algorithm: >>=20 >> This document specifies the conventions for using the Hierarchical >> Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based >> signature algorithm with the Cryptographic Message Syntax (CMS) = [CMS] >> signed-data content type. >>=20 >>> ** Section 1.3. Would this section be better titled as = "Motivation"? >>=20 >> Yes, I like that better. >>=20 >>> ** Section 1.3. Editorial (remove colloquialism). s/some >> researchers/researcher/ >>=20 >> Changed. >>=20 >>> ** Section 1.3. FWIW, I didn't find the quote compelling = contextually. Six >> years ago it suggests significant changes are coming but there is no = follow-up >> on whether they were correct with the benefit of hindsight. = Likewise, the >> relevant advances in quantum computers isn't cited. >>>=20 >>> The reference is helpful. Perhaps I would have just said: >>>=20 >>> "There have been recent advances in cryptoanalysis [BH2013] and in = the >> development of quantum computers [insert ref]. Each of these = advances >> pose a threat to widely deployed digital signature algorithms. There = is a need >> to prepare for a day that cryptosystems such as RSA and DSA that = depend on >> discrete logarithm and factoring cannot be depended upon." >>=20 >> I suggest: >>=20 >> Recent advances in cryptoanalysis [BH2013] and progress in the >> development of quantum computers [NAS2019] pose a threat to widely >> deployed digital signature algorithms. As a result, there is a = need >> to prepare for a day that cryptosystems such as RSA and DSA that >> depend on discrete logarithm and factoring cannot be depended upon. >>=20 >> and: >>=20 >> [NAS2019] National Academies of Sciences, Engineering, and = Medicine, >> "Quantum Computing: Progress and Prospects", The = National >> Academies Press, DOI 10.17226/25196, 2019. >>=20 >>> ** Section 1.3. The text "Hash-based signatures [HASSIG] are = currently >> defined ... An IANA registry is defined ..." is duplicated almost = verbatim again >> in Section 2. Why is it needed twice. IMO, it can be removed here. >>=20 >> Agree. It is removed. >>=20 >>> ** Section 1.3. LM-OTS signature generation needs a reference. >>=20 >> That paragraph was removed based on the previous comment. >>=20 >>> ** Section 2. Provide a reference to the IANA registry. >>=20 >> Reference added for: >>=20 >> https://www.iana.org/assignments/leighton-micali-signatures/leighton- >> micali-signatures.xhtml >=20 > Thanks for making all of the changes described above. >=20 >>> ** Section 2.1. Per "Otherwise, generation of the entire tree might = take >> weeks on longer", perhaps add "on a current ". >>=20 >> The number of hash computations is huge to construct the entire tree, = that is >> why HSS breaks it into manageable chunks. The system type is not the = issue >> at all. >=20 > Ok. I was trying suggest an approach to caveat why construction takes = so long now (thinking that in the future, improved computation resources = could change construction time). >=20 >>> ** Section 2.1. Cite the functions (i.e., u32str() is from = [HASHSIG]) and >> string notation (i.e., "||" is concat) >>=20 >> On first use of these, I added: >>=20 >> where, u32str() and || are used as defined in [HASHSIG]. >>=20 >>> ** s/in Section 3.3/in struct signed_public_key in Section 3.3/ >>=20 >> I suggest: >>=20 >> where, as defined in Section 3.3 of [HASHSIG], the = signed_public_key >> structure contains the lms_signature over the public key followed = by >> the public key itself. >=20 > This works. Thanks. >=20 > Roman >=20 >> Russ >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Sat Jul 13 21:49:45 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A86B1201B3; Sat, 13 Jul 2019 21:49:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FaZwbF9b3bal; Sat, 13 Jul 2019 21:49:41 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D27E120196; Sat, 13 Jul 2019 21:49:41 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 13 Jul 2019 21:49:34 -0700 From: Jim Schaad To: CC: Date: Sat, 13 Jul 2019 21:49:34 -0700 Message-ID: <00f701d539ff$89e94eb0$9dbbec10$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AdU5wyTeFdyONMS2QNy2nzy7ZDJyZA== X-Originating-IP: [73.180.8.170] Archived-At: Subject: [lamps] Comments on draft-ounsworth-pq-composite-sigs -01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jul 2019 04:49:43 -0000 1. In section 1 - The EDNOTE suggestion for how to do encryption seems to be totally wrong and probably unworkable. 2. In section 2.2 EDNOTE1 - I am completely in favor of the current usage with PARAMS absent. 3. In section 2.5 - It took me a bit to decide it was correct, but you should probably document why the algorithm identifiers are not next to the signature values. (... needs to be able to be signed ....) And this should probably be a recommended thing to do - i.e. for CMS that additional parameter is needed. 4. In section 2.6 - If you can tell me how to accept BER and not DER I would probably by a drink or two. A better way would be to say MUST accept DER and MAY (should?) accept BER. 5. In section 3.1 - Doing sub-set signing would worry me in general due to the fact than an attack could be made by removing elements from the signature and signature algorithm list. At the moment that is not possible because the public key would not have the right number of elements. However there are several situations where the signature algorithm is not included in the signed value thus permitting this attack. 6. Section 3.2 - I do not believe that you can get away with not specifying the partial evaluation of signature algorithm. One of the main arguments that you are giving for this is that not all of the signature algorithms may be known. Insert step 1.5 - Filter the list of signature algorithm to those implemented by the evaluation code. 7. Section 3.2 - The last paragraph in this section is not going to make me very happy. Specifically the text following "but" would appear to contradict the evaluation in the current step 2. 8. Section 4.1 - Yes it is obvious - having it does not really any downsides. 9. Section 4.2 - I don't understand the section header here. Was that just a mistake? 10. Section 4.2 - It seems that a lot of this might be done by referencing. For example the privateKey field is encoded as in Section X.Y 11. Section 6.1 - I would want to put in a note that the checkPolicy algorithm can very from a single algorithm is fine to a set of algorithms is required or as long as the algorithms are not all "known bad". Some description of different possibilities would be good. 12. In the ASN.1 module, a comment about adding pk-Composite to the class set PublicKeyAlgorithms (as defined in RFC 5280) is required. Jim From nobody Tue Jul 16 13:08:01 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA9D312061D for ; Tue, 16 Jul 2019 13:07:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QE_Tzk9HqTlV for ; Tue, 16 Jul 2019 13:07:52 -0700 (PDT) Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40CD12060E for ; Tue, 16 Jul 2019 13:07:52 -0700 (PDT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6GK7pDs002585 for ; Tue, 16 Jul 2019 16:07:51 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu x6GK7pDs002585 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1563307671; bh=5yygbzAQpMqSKpk1VFxd6dx1744ShXDf85SNQJK0zc8=; h=From:To:Subject:Date:From; b=At32nUHyU7r0JvpNsz3rn9/7nL+jHSgHidyNaGyKQK0dZ6z9w+kV6jUmas6raD019 KsjfwMtPpKfnfOojhGUu6IBiyZe79CZxWJ0IKS7jFC2qgS1xTgr8Nt5Ucm6YO/5dnZ /Ej918mLka7WoIemBS5rmrMsRGhRgMudketP1PhM= Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6GK7pwe011984 for ; Tue, 16 Jul 2019 16:07:51 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASSINA.ad.sei.cmu.edu ([10.64.28.249]) with mapi id 14.03.0439.000; Tue, 16 Jul 2019 16:07:51 -0400 From: Roman Danyliw To: "spasm@ietf.org" Thread-Topic: AD Review: draft-ietf-lamps-cms-mix-with-psk-05 Thread-Index: AdU8EX/wJ/esCf+5ROODUoLZZ3GXMA== Date: Tue, 16 Jul 2019 20:07:51 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B33D5872@marchand> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2019 20:07:55 -0000 Hi! The following is my AD review of draft-ietf-lamps-cms-mix-with-psk-05. Giv= en the substance of these comments, it can be handled with IETF LC comments= . (1) Section 9. The object identifier is called "id-mod-cms-ori-psk-2017" i= n the IANA section (Section 9) but "id-mod-cms-ori-psk-2019" in the ASN.1 M= odule (Section 6). Seems like they should be the same. (2) Section B.1. This section does not list the plaintext content (3) Improved references: ** Section 1. Is there a citation that can be provided for the obvious "Th= e invention of a large-scale quantum computer would pose a serious challeng= e for the cryptographic algorithms that are widely deployed today"? ** Section 1. Is there a citation that can be provided for "It is an open = question whether or not it is feasible to build a large-scale quantum comp= uter ...". Perhaps: [NAS2019] National Academies of Sciences, Engineering, and Medicine, "Quant= um Computing: Progress and Prospects", The National Academies Press, DOI 10= .17226/25196, 2019. ** Section 1. Is there a citation that can be provided for "there are long= standing concerns about undisclosed trapdoors in Diffie-Hellman paramters"? (4) Editorial Nits ** Section 1. Recommend weakening the statement. s/invulnerable to an atta= cker/resistant to an attacker/ ** Section 1. Typo. s/Diffie-Hellamn/Diffie-Hellman/ ** Section 3 and 4. Since Section 2 calls out that there two techniques, k= eyTransPSK and keyAgreePSK, should the section 3 and 4 titles be those name= s instead of the underlying CMS data structure names? ** Section 5. Typo. s/ fo / of / ** Section 5. Typo?. s/deines/identifies/ ** Section 7. Typo. s/materail/material/ ** Section 7. Typo. /an purpose/a purpose/ ** Section 7. Typo. Consistently choose either "implementers" or "impleme= ntors" ** Section 7. I think it would be helpful to move the text on the ProVerif= proof from the Acknowledgements up to the Security Considerations section ** Appendix A/B. Multiple Typos. s/omited/omitted/g ** Appendix A.1. Multiple Places. Typo. s/resutling/resulting/g ** Appendix A.*. Mutiple Places. Typo. s/resutling/resulting/g From nobody Tue Jul 16 13:44:28 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5925C12012E; Tue, 16 Jul 2019 13:44:19 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.98.4 Auto-Submitted: auto-generated Precedence: bulk Sender: CC: rdd@cert.org, lamps-chairs@ietf.org, draft-ietf-lamps-cms-mix-with-psk@ietf.org, spasm@ietf.org, Tim Hollebeek , tim.hollebeek@digicert.com Content-Transfer-Encoding: 7bit Reply-To: ietf@ietf.org Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <156330985935.15139.15943101685101923547.idtracker@ietfa.amsl.com> Date: Tue, 16 Jul 2019 13:44:19 -0700 Archived-At: Subject: [lamps] Last Call: (Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)) to Proposed Standard X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2019 20:44:20 -0000 The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-08-06. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The invention of a large-scale quantum computer would pose a serious challenge for the cryptographic algorithms that are widely deployed today. The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms that could be broken by the invention of such a quantum computer. By storing communications that are protected with the CMS today, someone could decrypt them in the future when a large-scale quantum computer becomes available. Once quantum-secure key management algorithms are available, the CMS will be extended to support the new algorithms, if the existing syntax does not accommodate them. In the near-term, this document describes a mechanism to protect today's communication from the future invention of a large-scale quantum computer by mixing the output of key transport and key agreement algorithms with a pre-shared key. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/ballot/ No IPR declarations have been submitted directly on this I-D. From nobody Wed Jul 17 06:41:53 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F3E5F120409; Wed, 17 Jul 2019 06:41:35 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Joe Clarke via Datatracker To: Cc: spasm@ietf.org, draft-ietf-lamps-cms-hash-sig.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Joe Clarke Message-ID: <156337089593.25931.11629242002096530442@ietfa.amsl.com> Date: Wed, 17 Jul 2019 06:41:35 -0700 Archived-At: Subject: [lamps] Opsdir last call review of draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2019 13:41:36 -0000 Reviewer: Joe Clarke Review result: Ready I have been assigned to review this document as part of the ops directorate. This document describes conventions for using the HSS/LMS with CMS. Overall, this document is well-written, and I appreciate the considerations around signing size and computation in the introduction. This will help operators properly evaluate the use of this algorithm. I did find a few small nits. One thing that struck me on the first read is that you have to get to the Introduction before HSS/LMS are expanded whereas CMS is expanded in the abstract. Might I suggest you expand HSS and LMS in the abstract as well? Other nits: Abstract: s/for using the the HSS/LMS/for using the HSS/LMS/ === Section 2.3: s/When this object identifier is used for a HSS/LMS/When this object identifier is used for an HSS/LMS/ === Section 6: s/cause an one-time key/cause a one-time key/ s/When generating a LMS key pair/When generating an LMS key pair/ From nobody Wed Jul 17 08:21:47 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5048F1207D0; Wed, 17 Jul 2019 08:21:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLDtZ5CLDrMk; Wed, 17 Jul 2019 08:21:44 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFCAB1207DD; Wed, 17 Jul 2019 08:21:43 -0700 (PDT) IronPort-SDR: NqVuKRhvsox3noychD1RGHozGRwooXdIO3PYH7gUzJFwzBF7Omg8U43Y1gxS+eNp3o8Q6zuZnq rbZFb2IzIajQ== X-IronPort-AV: E=Sophos;i="5.64,274,1559538000"; d="scan'208";a="43561847" Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Jul 2019 10:21:42 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 17 Jul 2019 10:21:42 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1473.003; Wed, 17 Jul 2019 10:21:42 -0500 From: Mike Ounsworth To: Jim Schaad , "draft-ounsworth-pq-composite-sigs@ietf.org" CC: "spasm@ietf.org" Thread-Topic: [EXTERNAL]Comments on draft-ounsworth-pq-composite-sigs -01 Thread-Index: AdU5wyTeFdyONMS2QNy2nzy7ZDJyZAC75JOw Date: Wed, 17 Jul 2019 15:21:42 +0000 Message-ID: <35f70a1d777548e293539dedaab8bae2@PMSPEX05.corporate.datacard.com> References: <00f701d539ff$89e94eb0$9dbbec10$@augustcellars.com> In-Reply-To: <00f701d539ff$89e94eb0$9dbbec10$@augustcellars.com> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.4.210.62] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] [EXTERNAL]Comments on draft-ounsworth-pq-composite-sigs -01 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2019 15:21:46 -0000 Jim, Thank you very much for the detailed reading and feedback! We will see what other discussion comes up during IETF105, and do another e= diting pass afterwards. - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Jim Schaad =20 Sent: Saturday, July 13, 2019 11:50 PM To: draft-ounsworth-pq-composite-sigs@ietf.org Cc: spasm@ietf.org Subject: [EXTERNAL]Comments on draft-ounsworth-pq-composite-sigs -01 WARNING: This email originated outside of Entrust Datacard. DO NOT CLICK links or attachments unless you trust the sender and know the = content is safe. 1. In section 1 - The EDNOTE suggestion for how to do encryption seems to = be totally wrong and probably unworkable. =20 2. In section 2.2 EDNOTE1 - I am completely in favor of the current usage w= ith PARAMS absent. 3. In section 2.5 - It took me a bit to decide it was correct, but you shou= ld probably document why the algorithm identifiers are not next to the sign= ature values. (... needs to be able to be signed ....) And this should pr= obably be a recommended thing to do - i.e. for CMS that additional paramete= r is needed. 4. In section 2.6 - If you can tell me how to accept BER and not DER I woul= d probably by a drink or two. A better way would be to say MUST accept DER= and MAY (should?) accept BER. 5. In section 3.1 - Doing sub-set signing would worry me in general due to= the fact than an attack could be made by removing elements from the signat= ure and signature algorithm list. At the moment that is not possible becau= se the public key would not have the right number of elements. However the= re are several situations where the signature algorithm is not included in = the signed value thus permitting this attack. 6. Section 3.2 - I do not believe that you can get away with not specifying the partial evaluation of signature algorithm. One of the main arguments that you are giving for this is that not all of the signature algorithms ma= y be known. Insert step 1.5 - Filter the list of signature algorithm to those implemen= ted by the evaluation code. 7. Section 3.2 - The last paragraph in this section is not going to make me= very happy. Specifically the text following "but" would appear to contrad= ict the evaluation in the current step 2. 8. Section 4.1 - Yes it is obvious - having it does not really any downside= s. 9. Section 4.2 - I don't understand the section header here. Was that just= a mistake? 10. Section 4.2 - It seems that a lot of this might be done by referencing= . For example the privateKey field is encoded as in Section X.Y 11. Section 6.1 - I would want to put in a note that the checkPolicy algor= ithm can very from a single algorithm is fine to a set of algorithms is req= uired or as long as the algorithms are not all "known bad". Some descripti= on of different possibilities would be good. 12. In the ASN.1 module, a comment about adding pk-Composite to the class s= et PublicKeyAlgorithms (as defined in RFC 5280) is required. Jim From nobody Wed Jul 17 11:07:40 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5320120882 for ; Wed, 17 Jul 2019 11:07:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.796 X-Spam-Level: X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSEYPkEruFz9 for ; Wed, 17 Jul 2019 11:07:36 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABAEC120877 for ; Wed, 17 Jul 2019 11:07:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A8C84300AEA for ; Wed, 17 Jul 2019 13:48:18 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EE0cDUpqqLDU for ; Wed, 17 Jul 2019 13:48:16 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 9996E3005D6; Wed, 17 Jul 2019 13:48:16 -0400 (EDT) From: Russ Housley Message-Id: <8F78EFC7-1327-411D-AD08-707D6B3480E2@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_1338FBD2-C0EB-4E35-B139-1FF0737787EB" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 17 Jul 2019 14:07:32 -0400 In-Reply-To: <359EC4B99E040048A7131E0F4E113AFC01B33D5872@marchand> Cc: "spasm@ietf.org" To: "Roman D. Danyliw" References: <359EC4B99E040048A7131E0F4E113AFC01B33D5872@marchand> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2019 18:07:39 -0000 --Apple-Mail=_1338FBD2-C0EB-4E35-B139-1FF0737787EB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Roman: Thanks for the careful review. I will wait to see what other IETF Last = Call comments come along before posting a revision. > The following is my AD review of draft-ietf-lamps-cms-mix-with-psk-05. = Given the substance of these comments, it can be handled with IETF LC = comments. >=20 > (1) Section 9. The object identifier is called = "id-mod-cms-ori-psk-2017" in the IANA section (Section 9) but = "id-mod-cms-ori-psk-2019" in the ASN.1 Module (Section 6). Seems like = they should be the same. Good catch. I have changes it to id-mod-cms-ori-psk-2019. > (2) Section B.1. This section does not list the plaintext content It is true. I'll add it, but it is the same as B.3. Alice encrypts the content using AES-256-GCM with the content- encryption key. The 12-octet nonce used is: dbaddecaf888cafebabeface The plaintext is: 48656c6c6f2c20776f726c6421 The resulting ciphertext is: fc6d6f823e3ed2d209d0c6ffcf The resulting 12-octet authentication tag is: 550260c42e5b29719426c1ff > (3) Improved references: >=20 > ** Section 1. Is there a citation that can be provided for the = obvious "The invention of a large-scale quantum computer would pose a = serious challenge for the cryptographic algorithms that are widely = deployed today"? [S1994] Shor, P., "Algorithms for Quantum Computation: Discrete Logarithms and Factoring", Proceedings of the 35th Annual Symposium on Foundations of Computer Science, 1994, pp. 124-134. > ** Section 1. Is there a citation that can be provided for "It is an = open question whether or not it is feasible to build a large-scale = quantum computer ...". Perhaps: > [NAS2019] National Academies of Sciences, Engineering, and Medicine, = "Quantum Computing: Progress and Prospects", The National Academies = Press, DOI 10.17226/25196, 2019. Yes, I'll add that reference. > ** Section 1. Is there a citation that can be provided for "there are = longstanding concerns about undisclosed trapdoors in Diffie-Hellman = paramters"? [FGHT2016] Fried, J., Gaudry, P., Heninger, N., and E. Thome, "A kilobit hidden SNFS discrete logarithm computation", Cryptology ePrint Archive, Report 2016/961, 2016. https://eprint.iacr.org/2016/961.pdf. > (4) Editorial Nits > ** Section 1. Recommend weakening the statement. s/invulnerable to an = attacker/resistant to an attacker/ Yes, that is better. > ** Section 1. Typo. s/Diffie-Hellamn/Diffie-Hellman/ Fixed. > ** Section 3 and 4. Since Section 2 calls out that there two = techniques, keyTransPSK and keyAgreePSK, should the section 3 and 4 = titles be those names instead of the underlying CMS data structure = names? Okay. The section titles have been changed. > ** Section 5. Typo. s/ fo / of / Fixed. > ** Section 5. Typo?. s/deines/identifies/ No, it should be "defines" > ** Section 7. Typo. s/materail/material/ Fixed. > ** Section 7. Typo. /an purpose/a purpose/ Fixed. > ** Section 7. Typo. Consistently choose either "implementers" or = "implementors" There were many more "implementers", so I went with that spelling. > ** Section 7. I think it would be helpful to move the text on the = ProVerif proof from the Acknowledgements up to the Security = Considerations section Done. > ** Appendix A/B. Multiple Typos. s/omited/omitted/g Fixed. (I found it in two places.) > ** Appendix A.*. Mutiple Places. Typo. s/resutling/resulting/g Fixed. (I found it in four places.) Russ --Apple-Mail=_1338FBD2-C0EB-4E35-B139-1FF0737787EB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Roman:

Thanks for the careful review.  I will wait to see what = other IETF Last Call comments come along before posting a = revision.

The following is my AD review of = draft-ietf-lamps-cms-mix-with-psk-05.  Given the substance of these = comments, it can be handled with IETF LC comments.

(1) Section 9.  The object identifier is called = "id-mod-cms-ori-psk-2017" in the IANA section (Section 9) but = "id-mod-cms-ori-psk-2019" in the ASN.1 Module (Section 6).  Seems = like they should be the same.

Good = catch.  I have changes it to id-mod-cms-ori-psk-2019.

(2) Section B.1.  This section does not = list the plaintext content

It is true.  I'll add it, but it is = the same as B.3.

Alice = encrypts the content using AES-256-GCM with the = content-
encryption key.  The 12-octet nonce used = is:
   dbaddecaf888cafebabeface

The plaintext is:
   48656c6c6f2c20776f726c6421

The resulting ciphertext = is:
   fc6d6f823e3ed2d209d0c6ffcf

The resulting 12-octet authentication = tag is:
   550260c42e5b29719426c1ff

(3) Improved references:

** Section 1.  Is there a citation that can be provided = for the obvious "The invention of a large-scale quantum computer would = pose a serious challenge for the cryptographic algorithms that are = widely deployed  today"?

   [S1994] =    Shor, P., "Algorithms for Quantum Computation: = Discrete
            =   Logarithms and Factoring", Proceedings of the 35th = Annual
            =   Symposium on Foundations of Computer Science, 1994, pp.
              = 124-134.

** Section 1. =  Is there a citation that can be provided for "It is an open = question whether or not it is feasible to build  a large-scale = quantum computer ...".  Perhaps:
[NAS2019] National = Academies of Sciences, Engineering, and Medicine, "Quantum Computing: = Progress and Prospects", The National Academies Press, DOI = 10.17226/25196, 2019.

Yes, I'll add that reference.

** Section 1.  Is there a citation that = can be provided for "there are longstanding concerns about undisclosed = trapdoors in Diffie-Hellman paramters"?

   [FGHT2016] = Fried, J., Gaudry, P., Heninger, N., and E. Thome, "A
              kilobit = hidden SNFS discrete logarithm computation",
  =             Cryptology ePrint Archive, = Report 2016/961, 2016.
        =       https://eprint.iacr.org/2016/961.pdf.

(4) Editorial Nits
** Section 1. Recommend = weakening the statement.  s/invulnerable to an attacker/resistant = to an attacker/
Yes, that is better.

** Section 1.  Typo. =  s/Diffie-Hellamn/Diffie-Hellman/

Fixed.

** Section 3 = and 4.  Since Section 2 calls out that there two techniques, = keyTransPSK and keyAgreePSK, should the section 3 and 4 titles be those = names instead of the underlying CMS data structure names?

Okay.  The section titles have been = changed.

** Section 5.  Typo. =  s/ fo / of /

Fixed.

** Section 5.  Typo?.  s/deines/identifies/

No, it should be "defines"

** Section 7.  Typo.  s/materail/material/

Fixed.

** Section 7. =  Typo. /an purpose/a purpose/

Fixed.

** Section 7. =  Typo.  Consistently choose either "implementers" or = "implementors"

There were many more "implementers", so I went with = that spelling.

** Section 7. =  I think it would be helpful to move the text on the ProVerif proof = from the Acknowledgements up to the Security Considerations section

Done.

** Appendix = A/B.  Multiple Typos.  s/omited/omitted/g

Fixed.  (I found it in two places.)

** = Appendix A.*. Mutiple Places.  Typo. =  s/resutling/resulting/g

Fixed. (I found it in four = places.)

Russ

= --Apple-Mail=_1338FBD2-C0EB-4E35-B139-1FF0737787EB-- From nobody Wed Jul 17 19:39:14 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D2134120127; Wed, 17 Jul 2019 19:38:56 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Dale Worley via Datatracker To: Cc: spasm@ietf.org, draft-ietf-lamps-cms-hash-sig.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Dale Worley Message-ID: <156341753682.25805.15107717483258855258@ietfa.amsl.com> Date: Wed, 17 Jul 2019 19:38:56 -0700 Archived-At: Subject: [lamps] Genart last call review of draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2019 02:38:57 -0000 Reviewer: Dale Worley Review result: Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-lamps-cms-hash-sig-08 Reviewer: Dale R. Worley Review Date: 2019-07-17 IETF LC End Date: 2019-08-01 IESG Telechat date: not known Summary: This draft is in great shape and ready for publication as a proposed standard RFC, with only a few editorial nits. Nits/editorial comments: 2.2. Leighton-Micali Signature (LMS) The [HASHSIG] specification supports five tree sizes: LMS_SHA256_M32_H5; LMS_SHA256_M32_H10; LMS_SHA256_M32_H15; LMS_SHA256_M32_H20; and LMS_SHA256_M32_H25. This text seems redundant with the description in the preceding paragraph. The LMS public key is the string consists of four elements: the Perhaps "An LMS public key consists of ...". u32str(lms_algorithm_type) || u32str(otstype) || I || T[1] The notation "T[1]" seems to be undefined (although the intended value is described clearly in the preceding paragraph). 2.3. Leighton-Micali One-time Signature Algorithm (LM-OTS) n - The number of bytes associated with the hash function. [HASHSIG] supports only SHA-256 [SHS], with n=32. "associated" seems to me to be vague. Perhaps "The length in bytes of the output of the hash function." ls - The number of left-shift bits used in the checksum function, which is defined in Section 4.4 of [HASHSIG]. "The number of left-shift bits" is not quite right. Perhaps "The number of bits of left-shifting used in ..." or "The amount/size of the left-shift used in ...". 5. Signed-data Conventions This paragraph has to be a number of minor wording issues, which I have described interline: As specified in [CMS], the digital signature is produced from the message digest and the signer's private key. The signature is computed over different value depending on whether signed attributes s/value/values/ are absent or present. When signed attributes are absent, the HSS/LMS signature is computed over the content. When signed It might help the reader to put a paragraph break before "When signed attributes are present..." attributes are present, a hash is computed over the content using the same hash function that is used in the HSS/LMS tree, and then a message-digest attribute is constructed with the resulting hash I would replace "with" with "containing" or "whose value is" value, and then DER encode the set of signed attributes, which MUST For parallelism, this clause should start with a subject and a passive verb. Perhaps "the DER encoding is constructed of ...". include a content-type attribute and a message-digest attribute, and It might be clearer if the clause "which MUST ... attribute" was put in parentheses. then the HSS/LMS signature is computed over the output of the DER- encode operation. In summary: You can probably change "the output of the DER-encode operation" with "the DER encoding". The paragraph contains four clauses joined by three successive "and then". You probably want to change that, perhaps breaking it out as a numbered/bulleted list. (What does the Editor recommend?) And in this computation: IF (signed attributes are absent) THEN HSS_LMS_Sign(content) ELSE message-digest attribute = Hash(content); I think you want to add a hyphen: s/message-digest attribute/message-digest-attribute/ HSS_LMS_Sign(DER(SignedAttributes)) [END] From nobody Thu Jul 18 07:26:50 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4036512037A for ; Thu, 18 Jul 2019 07:26:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3enu6VxFpzaG for ; Thu, 18 Jul 2019 07:26:45 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39B02120374 for ; Thu, 18 Jul 2019 07:26:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 694A1300B01 for ; Thu, 18 Jul 2019 10:00:13 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id AU8PCXnzv4p0 for ; Thu, 18 Jul 2019 10:00:10 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 671ED300A02; Thu, 18 Jul 2019 10:00:10 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <156341753682.25805.15107717483258855258@ietfa.amsl.com> Date: Thu, 18 Jul 2019 10:19:26 -0400 Cc: IETF Gen-ART , LAMPS WG , IETF Content-Transfer-Encoding: quoted-printable Message-Id: <47826955-B512-4806-9971-211F4F4F24D0@vigilsec.com> References: <156341753682.25805.15107717483258855258@ietfa.amsl.com> To: Dale Worley X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] [Gen-art] Genart last call review of draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2019 14:26:46 -0000 Dale: Thank you for the careful review. > Summary: >=20 > This draft is in great shape and ready for publication as a > proposed standard RFC, with only a few editorial nits. Good to hear. > Nits/editorial comments:=20 >=20 > 2.2. Leighton-Micali Signature (LMS) >=20 > The [HASHSIG] specification supports five tree sizes: >=20 > LMS_SHA256_M32_H5; > LMS_SHA256_M32_H10; > LMS_SHA256_M32_H15; > LMS_SHA256_M32_H20; and > LMS_SHA256_M32_H25. >=20 > This text seems redundant with the description in the preceding > paragraph. True. The intent was to provide the identifiers for the five tree = sizes. Perhaps the two paragraphs should be merged, with the sentence before = the list saying: ... As a result, the [HASHSIG] specification supports five tree sizes; they are identified as: > The LMS public key is the string consists of four elements: the >=20 > Perhaps "An LMS public key consists of ...". Yes, that reads better. > u32str(lms_algorithm_type) || u32str(otstype) || I || T[1] >=20 > The notation "T[1]" seems to be undefined (although the intended value > is described clearly in the preceding paragraph). Good catch. How about: ... and the m-byte string associated with the root node of the tree (T[1]). > 2.3. Leighton-Micali One-time Signature Algorithm (LM-OTS) >=20 > n - The number of bytes associated with the hash function. > [HASHSIG] supports only SHA-256 [SHS], with n=3D32. >=20 > "associated" seems to me to be vague. Perhaps "The length in bytes of > the output of the hash function." Okay. How about: n - The length in bytes of the hash function output. ... > ls - The number of left-shift bits used in the checksum function, > which is defined in Section 4.4 of [HASHSIG]. >=20 > "The number of left-shift bits" is not quite right. Perhaps "The > number of bits of left-shifting used in ..." or "The amount/size of > the left-shift used in ...". These words were taken directly from Section 4.1 of RFC 8554. That = said, I think you are right that it could be more clear. How about: ls - The number of bits that are left-shifted in the final step of the checksum function, which is defined in Section 4.4 of [HASHSIG]. > 5. Signed-data Conventions >=20 > This paragraph has to be a number of minor wording issues, which I > have described interline: >=20 > As specified in [CMS], the digital signature is produced from the > message digest and the signer's private key. The signature is > computed over different value depending on whether signed attributes >=20 > s/value/values/ Fixed. > are absent or present. When signed attributes are absent, the > HSS/LMS signature is computed over the content. When signed >=20 > It might help the reader to put a paragraph break before "When signed > attributes are present..." Okay. Done. > attributes are present, a hash is computed over the content using = the > same hash function that is used in the HSS/LMS tree, and then a > message-digest attribute is constructed with the resulting hash >=20 > I would replace "with" with "containing" or "whose value is" How about: ... a message-digest attribute is constructed to contain the resulting hash value, and ... > value, and then DER encode the set of signed attributes, which MUST >=20 > For parallelism, this clause should start with a subject and a passive > verb. Perhaps "the DER encoding is constructed of ...". How about: ... and then the result of DER encoding the set of signed attributes, which ... >=20 > include a content-type attribute and a message-digest attribute, and >=20 > It might be clearer if the clause "which MUST ... attribute" was put > in parentheses. Okay. There are a lot of commas in this sentence. > then the HSS/LMS signature is computed over the output of the DER- > encode operation. In summary: >=20 > You can probably change "the output of the DER-encode operation" with > "the DER encoding". How about: ... then the HSS/LMS signature is computed over the DER-encoded output. > The paragraph contains four clauses joined by three successive "and > then". You probably want to change that, perhaps breaking it out as a > numbered/bulleted list. (What does the Editor recommend?) I think the text is accurate. I wil wait for the RFC Editor to propose = a different format if they want to do so. > And in this computation: >=20 > IF (signed attributes are absent) > THEN HSS_LMS_Sign(content) > ELSE message-digest attribute =3D Hash(content); >=20 > I think you want to add a hyphen: > s/message-digest attribute/message-digest-attribute/ No. This is the way that the attributes are talked about in RFC 5652. (See the indented paragraphs on Page 15 of RFC 5652 as an example.) >=20 > HSS_LMS_Sign(DER(SignedAttributes)) Thanks again for the careful review. Russ From nobody Thu Jul 18 07:32:58 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B202E1203D8 for ; Thu, 18 Jul 2019 07:32:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVknKKAyyt85 for ; Thu, 18 Jul 2019 07:32:46 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 258261203E6 for ; Thu, 18 Jul 2019 07:32:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1DC8D300B01 for ; Thu, 18 Jul 2019 10:13:28 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6I2cefxEvDDX for ; Thu, 18 Jul 2019 10:13:26 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id F4209300ABB; Thu, 18 Jul 2019 10:13:25 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <156337089593.25931.11629242002096530442@ietfa.amsl.com> Date: Thu, 18 Jul 2019 10:32:41 -0400 Cc: ops-dir@ietf.org, LAMPS WG , IETF Content-Transfer-Encoding: quoted-printable Message-Id: <1B12401A-D643-4A59-AC70-CB5CDBA7E846@vigilsec.com> References: <156337089593.25931.11629242002096530442@ietfa.amsl.com> To: Joe Clarke X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Opsdir last call review of draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2019 14:32:50 -0000 Joe: Thanks for the careful review. > Reviewer: Joe Clarke > Review result: Ready Good to hear. > I have been assigned to review this document as part of the ops = directorate.=20 > This document describes conventions for using the HSS/LMS with CMS. = Overall, > this document is well-written, and I appreciate the considerations = around > signing size and computation in the introduction. This will help = operators > properly evaluate the use of this algorithm. I did find a few small = nits. One > thing that struck me on the first read is that you have to get to the > Introduction before HSS/LMS are expanded whereas CMS is expanded in = the > abstract. Might I suggest you expand HSS and LMS in the abstract as = well? I have done so: This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. I have also expanded it in the first sentence of the Introduction. > Other nits: >=20 > Abstract: >=20 > s/for using the the HSS/LMS/for using the HSS/LMS/ No longer relevant with the revised Abstract above. > =3D=3D=3D >=20 > Section 2.3: >=20 > s/When this object identifier is used for a HSS/LMS/When this object = identifier > is used for an HSS/LMS/ This is in Section 3, right? If so, fixed. > =3D=3D=3D >=20 > Section 6: >=20 > s/cause an one-time key/cause a one-time key/ >=20 > s/When generating a LMS key pair/When generating an LMS key pair/ Both fixed. Russ= From nobody Thu Jul 18 08:12:54 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 762FF120433; Thu, 18 Jul 2019 08:12:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jHZ8Rys0; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xMF3iSyc Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XXnC4Hc9966l; Thu, 18 Jul 2019 08:12:50 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6321F12041D; Thu, 18 Jul 2019 08:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2014; q=dns/txt; s=iport; t=1563462770; x=1564672370; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=RblOsGcJotCwhHYwRYXA+11TEk7iRCPkAu6U/x6NYPM=; b=jHZ8Rys0iyOtezEgaOId+DyloiFcJ2zJ7TTISUTfsA6fszVdAsA9zLub BGWT8cG21cFj292H/x3WjgmIW3bDYhg7yzJOFZhm6rHbC+Ndo/51ncBLS 9ftf3oeg9mOsC/aYQkgGKwK/f0lFcWhaRVgq9R3fD7cClDW7Hv+e0CUGH Q=; IronPort-PHdr: =?us-ascii?q?9a23=3AGw9TjBWxRhuc1Ni6+9Wrg7pFfDzV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA92J8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank4F8BLTlxo13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BHAAAujDBd/5ldJa1lHAEBAQQBAQc?= =?us-ascii?q?EAQGBUwcBAQsBgUNQA4FCIAQLKgqHWgOEUokqgjYll1CBLoEkA1QJAQEBDAE?= =?us-ascii?q?BLQIBAYRAAoJMIzQJDgEDAQEEAQECAQVthTwMhUoBAQEBAgESKAYBATcBBAs?= =?us-ascii?q?CAQgYHhAyJQIEDgUigwCBawMODwGhUwKBOIhggiOCeQEBBYJHgk0YghMJgTQ?= =?us-ascii?q?Bi14XgUA/gTgME4JMPoREd4JGgiaqZwkCghmUDBuCLYsxiiylBQIEAgQFAg4?= =?us-ascii?q?BAQWBUDiBWHAVZQGCQYJBCwEXg06KU3KBKYwiAYEgAQE?= X-IronPort-AV: E=Sophos;i="5.64,278,1559520000"; d="scan'208";a="602274850" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jul 2019 15:12:48 +0000 Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x6IFCm5D006868 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 Jul 2019 15:12:48 GMT Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 18 Jul 2019 10:12:48 -0500 Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 18 Jul 2019 11:12:47 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 18 Jul 2019 11:12:47 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PF3t2OnWlMaXmCk5l9f/bWyk3NmOo8BRkYuIgHEVrjlLt6OCfHfBsXUGbF0haRLkhC2EyYU5HF7uRilJMYogwzGhmLugCP/PrtCJp+ti3V0XWO+DuTggTStMQ0OqiRS9VZItw67xHP+TVRep38LBOIy5I9ujtXQxzwbUQ9iOA+UZM4RKuXbAoiFMP6ciahwvnPkuMuRQ76fwXapj2JGLZF9DLMN+leldQVRUqiTciUYPKnrhAXYLFAIAX6LOw5EdHqSzhgy3dzB4bewbVdxD+mrNlucg2CH/7dJjVndUrw+OpU8I5/23+vVTH9kz5HisYjXaItUnrmA7GSb+pXGccw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YJ+hVId1A8tqTmwVxln7puECEXpvrse35J94KqO0JQA=; b=diwfbC63X2wj2AOGLy0G0ogUQI7QB2IhKAAOpuYY9KNFIoEAQZmgu/YPp1RO93/7IhdYHKn9X5hrGNGJM9jqLmjzyp4n8T/hNcczflMT9cBc++mOhVMejeFyqTZyPXFvVEBKs93xNVUnn7PLzaQFuarILFosjxHa3GmZ5iJ9xIUok76ExgHSs3n6D156nB6VFTCTeRUhNO61VWYO3vc6PInEgZPDuq+Sa2sxgNueib08rED7Lgfszf18XZT447N2ONx6vKCoJrBFPrQP4LfLxV6iniCYsgMv6jyyGbiLIuI/KcSyzXsjeRUfPqZ9Bnt5TrZ8I9J3gYeM0Lf4n6kGng== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YJ+hVId1A8tqTmwVxln7puECEXpvrse35J94KqO0JQA=; b=xMF3iSycni81mc1Di5LdR1tmrQSNNtFnE10hCDuSRghbL77hvoo9hqUhk25nu/lnzbe9gdqD+G9TwiGLT2tZ1Hx1a3G5ib0gkNMR9gcyzTI1VQbT6Vb/hh4BXbS7Wv2o0aZnjcX1GpTPrnu1kKS1Fhh656b8/6zT2hplMOxbwjE= Received: from CH2PR11MB4200.namprd11.prod.outlook.com (10.141.118.161) by CH2PR11MB4197.namprd11.prod.outlook.com (10.141.127.220) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Thu, 18 Jul 2019 15:12:46 +0000 Received: from CH2PR11MB4200.namprd11.prod.outlook.com ([fe80::bdd3:4aa6:bd05:b271]) by CH2PR11MB4200.namprd11.prod.outlook.com ([fe80::bdd3:4aa6:bd05:b271%5]) with mapi id 15.20.2073.012; Thu, 18 Jul 2019 15:12:46 +0000 From: "Joe Clarke (jclarke)" To: Russ Housley CC: "ops-dir@ietf.org" , LAMPS WG , IETF Thread-Topic: [lamps] Opsdir last call review of draft-ietf-lamps-cms-hash-sig-08 Thread-Index: AQHVPXWvO4M31kNhTUewTCMZe3KLfqbQe5WA Date: Thu, 18 Jul 2019 15:12:46 +0000 Message-ID: <0F62A3BB-DABB-4507-9DB0-B9789C21E616@cisco.com> References: <156337089593.25931.11629242002096530442@ietfa.amsl.com> <1B12401A-D643-4A59-AC70-CB5CDBA7E846@vigilsec.com> In-Reply-To: <1B12401A-D643-4A59-AC70-CB5CDBA7E846@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jclarke@cisco.com; x-originating-ip: [70.231.19.155] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 36c604a3-d102-4585-44a4-08d70b926401 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CH2PR11MB4197; x-ms-traffictypediagnostic: CH2PR11MB4197: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3968; x-forefront-prvs: 01026E1310 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(366004)(376002)(346002)(51914003)(199004)(189003)(3846002)(64756008)(68736007)(66446008)(71190400001)(76116006)(66556008)(71200400001)(6116002)(229853002)(91956017)(99286004)(4326008)(476003)(6512007)(14454004)(6506007)(76176011)(486006)(36756003)(5660300002)(81156014)(53936002)(53546011)(66066001)(66476007)(33656002)(8936002)(66946007)(86362001)(305945005)(7736002)(446003)(11346002)(102836004)(6916009)(54906003)(6486002)(81166006)(8676002)(2616005)(186003)(26005)(2906002)(478600001)(25786009)(6246003)(256004)(316002)(14444005)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:CH2PR11MB4197; H:CH2PR11MB4200.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: EQpFHONLQFv1Vm/PkKL3zu3KpYXPWBCvEy74EBJCyPeEU8YnOSMKN9TMcpvX7zIoPeWkh2gX76RJmmEDiIXnYATdv0fzqZGNbvH15IwWw8XcA/RsG2J0Z+vNxkt/oazVNJbOr/MhRQBJBEL2WuSfaTtKMxjdSMmeA2QxmA19aFlJovawJxjiL0EZ48CE+n06gL5QscLH89k6pwZBV3kBcpfA+RIjDxvUMyezgm956ILPqklwJ3w0TfL2Spa7tm9ha2WRH7ZgQdYq9N/Xxg0c0nOtWbcK7KFqOSxi7g5iY4PVoNUY5xn6OKfUOoXi3I4tZFj8RaefGzmLBoDesGQ7/1qgGvoME6B6vKZxQMp4RWjgccqsxqRQB+Ta/sjGB8vbWWB+Ztxza0Dpzyu+VenyR23VM6mttXg3OMwxAcHBsx4= Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 36c604a3-d102-4585-44a4-08d70b926401 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2019 15:12:46.5690 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jclarke@cisco.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR11MB4197 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com X-Outbound-Node: rcdn-core-2.cisco.com Archived-At: Subject: Re: [lamps] Opsdir last call review of draft-ietf-lamps-cms-hash-sig-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2019 15:12:53 -0000 Thanks for all the fixes, Russ. Joe > On Jul 18, 2019, at 10:32, Russ Housley wrote: >=20 > Joe: >=20 > Thanks for the careful review. >=20 >> Reviewer: Joe Clarke >> Review result: Ready >=20 > Good to hear. >=20 >> I have been assigned to review this document as part of the ops director= ate.=20 >> This document describes conventions for using the HSS/LMS with CMS. Ove= rall, >> this document is well-written, and I appreciate the considerations aroun= d >> signing size and computation in the introduction. This will help operat= ors >> properly evaluate the use of this algorithm. I did find a few small nit= s. One >> thing that struck me on the first read is that you have to get to the >> Introduction before HSS/LMS are expanded whereas CMS is expanded in the >> abstract. Might I suggest you expand HSS and LMS in the abstract as wel= l? >=20 > I have done so: >=20 > This document specifies the conventions for using the Hierarchical > Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based > signature algorithm with the Cryptographic Message Syntax (CMS). In > addition, the algorithm identifier and public key syntax are > provided. The HSS/LMS algorithm is one form of hash-based digital > signature; it is described in RFC 8554. >=20 > I have also expanded it in the first sentence of the Introduction. >=20 >> Other nits: >>=20 >> Abstract: >>=20 >> s/for using the the HSS/LMS/for using the HSS/LMS/ >=20 > No longer relevant with the revised Abstract above. >=20 >> =3D=3D=3D >>=20 >> Section 2.3: >>=20 >> s/When this object identifier is used for a HSS/LMS/When this object ide= ntifier >> is used for an HSS/LMS/ >=20 > This is in Section 3, right? If so, fixed. >=20 >> =3D=3D=3D >>=20 >> Section 6: >>=20 >> s/cause an one-time key/cause a one-time key/ >>=20 >> s/When generating a LMS key pair/When generating an LMS key pair/ >=20 > Both fixed. >=20 > Russ From nobody Fri Jul 19 16:47:43 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFB851200C4 for ; Fri, 19 Jul 2019 16:47:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8gkn5EzF8aIR for ; Fri, 19 Jul 2019 16:47:39 -0700 (PDT) Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0047120033 for ; Fri, 19 Jul 2019 16:47:39 -0700 (PDT) Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6JNlcOm007595; Fri, 19 Jul 2019 19:47:38 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x6JNlcOm007595 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1563580058; bh=LM+mljsx2LtscnvqWb43hArtYMhD3XapwdQkgB/iwnU=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=jDyNhZGVQ5luFWza3l82ETBUGfn/nVsaIIMtp9QSi+SJEUkQXMDv4ZgYJ2PztNTnz dNV7qUeMCJBdwKIx0REmF1gxipJ764UBuM+5/6MZ/LM4c8BRZ4TtFVnoz4OXtRsEdM OEHCoMDgzgnQrJQnebVK9laMAWmBbFxl66skrWAE= Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x6JNlZHP023362; Fri, 19 Jul 2019 19:47:35 -0400 Received: from MARCHAND.ad.sei.cmu.edu ([10.64.28.251]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0439.000; Fri, 19 Jul 2019 19:47:34 -0400 From: Roman Danyliw To: Russ Housley CC: "spasm@ietf.org" Thread-Topic: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05 Thread-Index: AdU8EX/wJ/esCf+5ROODUoLZZ3GXMAA2of4AAGgHecA= Date: Fri, 19 Jul 2019 23:47:34 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B33DBB8F@marchand> References: <359EC4B99E040048A7131E0F4E113AFC01B33D5872@marchand> <8F78EFC7-1327-411D-AD08-707D6B3480E2@vigilsec.com> In-Reply-To: <8F78EFC7-1327-411D-AD08-707D6B3480E2@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: multipart/alternative; boundary="_000_359EC4B99E040048A7131E0F4E113AFC01B33DBB8Fmarchand_" MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jul 2019 23:47:42 -0000 --_000_359EC4B99E040048A7131E0F4E113AFC01B33DBB8Fmarchand_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Russ! Sounds good on all of the numbered items; and on waiting for all of the fee= dback from IETF LC to produce an update. Thanks, Roman From: Russ Housley [mailto:housley@vigilsec.com] Sent: Wednesday, July 17, 2019 2:08 PM To: Roman Danyliw Cc: spasm@ietf.org Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05 Roman: Thanks for the careful review. I will wait to see what other IETF Last Cal= l comments come along before posting a revision. The following is my AD review of draft-ietf-lamps-cms-mix-with-psk-05. Giv= en the substance of these comments, it can be handled with IETF LC comments= . (1) Section 9. The object identifier is called "id-mod-cms-ori-psk-2017" i= n the IANA section (Section 9) but "id-mod-cms-ori-psk-2019" in the ASN.1 M= odule (Section 6). Seems like they should be the same. Good catch. I have changes it to id-mod-cms-ori-psk-2019. (2) Section B.1. This section does not list the plaintext content It is true. I'll add it, but it is the same as B.3. Alice encrypts the content using AES-256-GCM with the content- encryption key. The 12-octet nonce used is: dbaddecaf888cafebabeface The plaintext is: 48656c6c6f2c20776f726c6421 The resulting ciphertext is: fc6d6f823e3ed2d209d0c6ffcf The resulting 12-octet authentication tag is: 550260c42e5b29719426c1ff (3) Improved references: ** Section 1. Is there a citation that can be provided for the obvious "Th= e invention of a large-scale quantum computer would pose a serious challeng= e for the cryptographic algorithms that are widely deployed today"? [S1994] Shor, P., "Algorithms for Quantum Computation: Discrete Logarithms and Factoring", Proceedings of the 35th Annual Symposium on Foundations of Computer Science, 1994, pp. 124-134. ** Section 1. Is there a citation that can be provided for "It is an open = question whether or not it is feasible to build a large-scale quantum comp= uter ...". Perhaps: [NAS2019] National Academies of Sciences, Engineering, and Medicine, "Quant= um Computing: Progress and Prospects", The National Academies Press, DOI 10= .17226/25196, 2019. Yes, I'll add that reference. ** Section 1. Is there a citation that can be provided for "there are long= standing concerns about undisclosed trapdoors in Diffie-Hellman paramters"? [FGHT2016] Fried, J., Gaudry, P., Heninger, N., and E. Thome, "A kilobit hidden SNFS discrete logarithm computation", Cryptology ePrint Archive, Report 2016/961, 2016. https://eprint.iacr.org/2016/961.pdf. (4) Editorial Nits ** Section 1. Recommend weakening the statement. s/invulnerable to an atta= cker/resistant to an attacker/ Yes, that is better. ** Section 1. Typo. s/Diffie-Hellamn/Diffie-Hellman/ Fixed. ** Section 3 and 4. Since Section 2 calls out that there two techniques, k= eyTransPSK and keyAgreePSK, should the section 3 and 4 titles be those name= s instead of the underlying CMS data structure names? Okay. The section titles have been changed. ** Section 5. Typo. s/ fo / of / Fixed. ** Section 5. Typo?. s/deines/identifies/ No, it should be "defines" ** Section 7. Typo. s/materail/material/ Fixed. ** Section 7. Typo. /an purpose/a purpose/ Fixed. ** Section 7. Typo. Consistently choose either "implementers" or "impleme= ntors" There were many more "implementers", so I went with that spelling. ** Section 7. I think it would be helpful to move the text on the ProVerif= proof from the Acknowledgements up to the Security Considerations section Done. ** Appendix A/B. Multiple Typos. s/omited/omitted/g Fixed. (I found it in two places.) ** Appendix A.*. Mutiple Places. Typo. s/resutling/resulting/g Fixed. (I found it in four places.) Russ --_000_359EC4B99E040048A7131E0F4E113AFC01B33DBB8Fmarchand_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Russ!

 

Sounds good on all of the numbered it= ems; and on waiting for all of the feedback from IETF LC to produce an upda= te.

 

Thanks,

Roman

&nbs= p;

From: Russ Housley [mailto:housley@v= igilsec.com]
Sent: Wednesday, July 17, 2019 2:08 PM
To: Roman Danyliw <rdd@cert.org>
Cc: spasm@ietf.org
Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-mix-with-psk-05=

 

Roman:

 

Thanks for the careful review.  I will wait to = see what other IETF Last Call comments come along before posting a revision= .

 

The following is my AD review of draft-ietf-lamps-cm= s-mix-with-psk-05.  Given the substance of these comments, it can be h= andled with IETF LC comments.

(1) Section 9.  The object identifier is called "id-mod-cms-ori-p= sk-2017" in the IANA section (Section 9) but "id-mod-cms-ori-psk-= 2019" in the ASN.1 Module (Section 6).  Seems like they should be= the same.

 

Good catch.  I have changes it to id-mod-cms-or= i-psk-2019.

 

(2) Section B.1.  This section does not list th= e plaintext content

 

It is true.  I'll add it, but it is the same as= B.3.

 

Alice encrypts the content using AES-256-GCM with the conte= nt-

encryption key.  The 12-octet nonce used is:

   dbaddecaf888cafebabeface

 

The plaintext is:

   48656c6c6f2c20776f726c6421

 

The resulting ciphertext is:

   fc6d6f823e3ed2d209d0c6ffcf

 

The resulting 12-octet authentication tag is:

   550260c42e5b29719426c1ff

 

(3) Improved references:

** Section 1.  Is there a citation that can be provided for the obviou= s "The invention of a large-scale quantum computer would pose a seriou= s challenge for the cryptographic algorithms that are widely deployed  = ;today"?

 

   [S1994]    Shor, P., "Al= gorithms for Quantum Computation: Discrete

              Log= arithms and Factoring", Proceedings of the 35th Annual

              Sym= posium on Foundations of Computer Science, 1994, pp.

              124= -134.

 

** Section 1.  Is there a citation that can be = provided for "It is an open question whether or not it is feasible to = build  a large-scale quantum computer ...".  Perhaps:
[NAS2019] National Academies of Sciences, Engineering, and Medicine, "= Quantum Computing: Progress and Prospects", The National Academies Pre= ss, DOI 10.17226/25196, 2019.

 

Yes, I'll add that reference.



** Section 1.  Is there a citation that can be = provided for "there are longstanding concerns about undisclosed trapdo= ors in Diffie-Hellman paramters"?

 

   [FGHT2016] Fried, J., Gaudry, P., Henin= ger, N., and E. Thome, "A

              kil= obit hidden SNFS discrete logarithm computation",

              Cry= ptology ePrint Archive, Report 2016/961, 2016.



(4) Editorial Nits
** Section 1. Recommend weakening the statement.  s/invulnerable to an= attacker/resistant to an attacker/

 

Yes, that is better.



** Section 1.  Typo.  s/Diffie-Hellamn/Dif= fie-Hellman/

 

Fixed.



** Section 3 and 4.  Since Section 2 calls out = that there two techniques, keyTransPSK and keyAgreePSK, should the section = 3 and 4 titles be those names instead of the underlying CMS data structure = names?

 

Okay.  The section titles have been changed.



** Section 5.  Typo.  s/ fo / of /

 

Fixed.



** Section 5.  Typo?.  s/deines/identifies= /

 

No, it should be "defines"



** Section 7.  Typo.  s/materail/material/=

 

Fixed.



** Section 7.  Typo. /an purpose/a purpose/

 

Fixed.



** Section 7.  Typo.  Consistently choose = either "implementers" or "implementors"

 

There were many more "implementers", so I = went with that spelling.



** Section 7.  I think it would be helpful to m= ove the text on the ProVerif proof from the Acknowledgements up to the Secu= rity Considerations section

 

Done.



** Appendix A/B.  Multiple Typos.  s/omite= d/omitted/g

 

Fixed.  (I found it in two places.)<= /p>



** Appendix A.*. Mutiple Places.  Typo.  s= /resutling/resulting/g

 

Fixed. (I found it in four places.)<= /p>

 

Russ

 

--_000_359EC4B99E040048A7131E0F4E113AFC01B33DBB8Fmarchand_-- From nobody Sun Jul 21 21:08:17 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A1A120086; Sun, 21 Jul 2019 21:08:14 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156376849450.8735.9053683982526927279@ietfa.amsl.com> Date: Sun, 21 Jul 2019 21:08:14 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-13.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 04:08:14 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-13.txt Pages : 17 Date : 2019-07-21 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs. This document updates the "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile" (RFC3279) and describes the conventions for using the SHAKE function family in Internet X.509 certificates and revocation lists as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-13 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Jul 21 21:08:37 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 86C4E1201CB; Sun, 21 Jul 2019 21:08:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156376850547.8830.16557998479206892816@ietfa.amsl.com> Date: Sun, 21 Jul 2019 21:08:25 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-13.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 04:08:31 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-13.txt Pages : 18 Date : 2019-07-21 Abstract: This document updates the "Cryptographic Message Syntax Algorithms" (RFC3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-13 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-shakes-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Jul 21 21:15:24 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982E812013D; Sun, 21 Jul 2019 21:15:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=EsPqOnpR; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=mTdUwWtG Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwPqkxmnRC70; Sun, 21 Jul 2019 21:15:20 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83B48120086; Sun, 21 Jul 2019 21:15:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2304; q=dns/txt; s=iport; t=1563768920; x=1564978520; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=jIZoCfDNd8OohddV/1VcxkDWOqRyfylTYQiFqe1GrLo=; b=EsPqOnpRXsQ2s2BOxFf8oWcdAmtBPsHHyFXCW+1Ynd0QFHA48rNuyQgJ 5eslZqqT4cDLreF9cK9UnZRLYt01lZke+sTvbOXUwzNg6u++xFg8Lbpxk IPL9C+WDjzfET7T+fcIv9VcK0jLmLT3lN7HohXQ4g4aK9mIXfJu5eG3yB E=; IronPort-PHdr: =?us-ascii?q?9a23=3A28lWhxQfaAeGP9SYmmCiOq5xgdpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AXAAAZNzVd/5JdJa1lGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBUwYBAQELAYFDUANtVSAECyqHZAOEUokrTIIPl1CBLoEkA1QJAQE?= =?us-ascii?q?BDAEBGAsKAgEBhEACglIjNAkOAQMBAQQBAQIBBm2FHgyFSgEBAQQBARAoBgE?= =?us-ascii?q?BLAwLBAIBCBEEAQEeARAnCx0IAgQBEggagwGBagMdAQIMnyICgTiIYIIjgnk?= =?us-ascii?q?BAQWBNgIOQYJ6GIITCYE0AYteF4FAP4ERRoJMPoJhAQECAQEWgSApgzuCJqp?= =?us-ascii?q?nCQKCGYZYjU+CLW2GOI44jTWBMYYXjDmDTwIEAgQFAg4BAQWBUDiBWHAVGiG?= =?us-ascii?q?CbAmCOQsYg06FFIU/coEpiz6CUgEB?= X-IronPort-AV: E=Sophos;i="5.64,293,1559520000"; d="scan'208";a="381355301" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2019 04:15:19 +0000 Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x6M4FJP6008045 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jul 2019 04:15:19 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 21 Jul 2019 23:15:18 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 22 Jul 2019 00:15:18 -0400 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sun, 21 Jul 2019 23:15:17 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZLh2/eXpQMgjf0uH7mqjiTIF34rR3ndORgxq0iIXt1qmXZHDbAw9P4bxu+XuxiXvs9YOGUd4kXXMd02LX8qXkEniZd+qxGnR4URze7eipqXptOf8pvzEOS8o/l/TNTaAD6hvUi9wVirlnaRkZrqK+tvZENwPyKOAse7SSSEgI4Te2BcMAs424G1DRr43QpYGOEr+XWatvozusZED/u651qc3uXEV/c63257nZmQND7ysz93u6j9xvOjhmo0WY2gcIPnPHve+a/sWP0uHiDDYL2tI5AUd3zXq4x5XYBOefZGjfsxjVU3AwMAjIx4JhU+hd6MjRnsPW0MOv9mnEnl4ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L/YOcstGBvMZrughKzGpODfYt6Aq+Ju/bsOXaXfZr7w=; b=fZy5+YO/HBqlBX51XAze0zGiybKO1yu0/ElmLzmFS0XW6L6bDDaD30GR7N4xGKm3u8zjiBktC2stOVeEOuszj2Jo3qEWzxu5PU8609dpvNFoxAlmXN0QV32EVJOPkadxRQxB0q4n9NNcarjssjUIn2AA18r6FpyPh8yDl9GnDH4aeEOZMFkp5CWy8IPEnjOi0epPIS+BsIBudF12i8pEGRmZ1ypZln0EzdQpG1CWbQkaN4RXuU7rDgC0gOrGpNTT8WPd3hwRKZUji9Hyju5JkhO949CEcaATKmzcM8dDljpTllsZt1CO+R9+P/TSCOYOxar36VGWtYRFWIJn7mkpKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L/YOcstGBvMZrughKzGpODfYt6Aq+Ju/bsOXaXfZr7w=; b=mTdUwWtGADA0r5ULas6/KTbfadyS1op1etP56rTE4bsoqmHl21q8OOmEGSvYn0qp4gonVqf09Odqe9//8DnJPy4uvSA6yrORQ86YVvprcXicP09b9MLSXX1T4OocHGJgMtJlfX+AC/hdKghvwxOBTlCofzKTo/KyC9wOMDm7K6g= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2802.namprd11.prod.outlook.com (52.135.246.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Mon, 22 Jul 2019 04:15:16 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa%7]) with mapi id 15.20.2094.013; Mon, 22 Jul 2019 04:15:16 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" , "i-d-announce@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-13.txt Thread-Index: AQHVQEMmZ7PT9M6abkKIo+ZtXDMlbqbWBr7g Date: Mon, 22 Jul 2019 04:15:16 +0000 Message-ID: References: <156376849450.8735.9053683982526927279@ietfa.amsl.com> In-Reply-To: <156376849450.8735.9053683982526927279@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1002::173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d1fce2f9-0db0-4a8b-2655-08d70e5b3392 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2802; x-ms-traffictypediagnostic: BN7PR11MB2802: x-ms-exchange-purlcount: 5 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4502; x-forefront-prvs: 01068D0A20 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(199004)(189003)(13464003)(186003)(2501003)(6246003)(53936002)(86362001)(14444005)(11346002)(476003)(46003)(446003)(256004)(76176011)(7696005)(6116002)(2906002)(450100002)(25786009)(966005)(478600001)(81166006)(81156014)(53546011)(6506007)(102836004)(14454004)(229853002)(486006)(9686003)(316002)(110136005)(33656002)(8936002)(68736007)(66574012)(71190400001)(71200400001)(99286004)(52536014)(305945005)(7736002)(74316002)(66946007)(66476007)(66556008)(76116006)(8676002)(66446008)(64756008)(6436002)(55016002)(6306002)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2802; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Sdlx9OkPzWpmM16r4nDBV91b7bwNYOjM0Cu9hX+0dc60+vsfDj0AD8OwZoWMH/ywAGnT4WDVMlXy/zFgvoWEZo2Nk6cKN4NRWAxMWMWigtyjzt0e7ozaqP7XPq6ugNBY+s9z0KnMmhYWB9QrEG3sedd1GWCl4B0bEYeBjauL4R4Mk2zet2Ps4q0bIV9yFmGHzIB/iujYDegFRRp/WCoddd7H5E5ODi7pmgP9trG0jN7XudF49lUZP3RwkTlus9MSmDY0yiFHy17LCXlnnKwbszvR6C/vb6X4zD1GNmnQNh+KNMOM7939ap3fimeWz3TG+9WYLLU1cNaE6yUR3wgYxEfry1hw21AbCSMI3C+f923qBYKMsyMrpwJYdqdWZY1jLoyz6HTn9YNYEBO9wKuoIMwe2b5vdp3j/WDsuZxXPLI= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d1fce2f9-0db0-4a8b-2655-08d70e5b3392 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 04:15:16.4984 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2802 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com X-Outbound-Node: rcdn-core-10.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-13.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 04:15:23 -0000 This update addresses Dan M.'s and Scott B.'s secdir and opsdir review comm= ents about security levels and references in the abstract.=20 -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Monday, July 22, 2019 12:08 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-13.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additio= nal Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-13.txt Pages : 17 Date : 2019-07-21 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs. This document updates the "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile" (RFC3279) and describes the conventions for using the SHAKE function family in Internet X.509 certificates and revocation lists as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-13 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-13 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Sun Jul 21 21:15:31 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F77B12013D; Sun, 21 Jul 2019 21:15:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ebzD6Nze; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=hDh5TsQ6 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDfCkuWWTvwn; Sun, 21 Jul 2019 21:15:22 -0700 (PDT) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02520120137; Sun, 21 Jul 2019 21:15:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2024; q=dns/txt; s=iport; t=1563768921; x=1564978521; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=8YRI0og4F77u51oF4JmCSfUsbbOGEs2pvsrpFN8haP4=; b=ebzD6NzeX2yn2c2jTnfGJU8pThjqvhNmPf9UE4aWjgHCG2SeTRhRkXvg kTwljeNrxpkpI+2Ep/dar7baB3PfX8wvDzefyn84DEhlNI57tVh/3JhPn qaLHY+9QqwYwK/Mf3Btam1wrnCG39U5RsF+YeJugISsyNoVQ7JIl3zNlW Q=; IronPort-PHdr: =?us-ascii?q?9a23=3AoWLd5h/QPpqqfv9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVdaGAEjjJfjjRyc7B89FElRi+iLzPA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AXAAA2NzVd/5JdJa1lGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBUwYBAQELAYFDJCwDbVUgBAsqh2QDhFKJK0yCD5dQgS6BJANUCQE?= =?us-ascii?q?BAQwBARgLCgIBAYRAAoJSIzQJDgEDAQEEAQECAQZthR4MhUoBAQEEAQEQKAY?= =?us-ascii?q?BASwMCwQCAQgRBAEBHgEQJwsdCAIEARIIGoMBgWoDHQECDJ8iAoE4iGCCI4J?= =?us-ascii?q?5AQEFgTYCDkGCehiCEwmBNAGLXheBQD+BEUaCTD6CYQEBAgEBFoEgKYM7gia?= =?us-ascii?q?qZwkCghmGWI1Pgi1thjiOOI01h0iMOYNPAgQCBAUCDgEBBYFQOIFYcBUaIYJ?= =?us-ascii?q?sCYI5CxiDToUUhT9ygSmLPoJSAQE?= X-IronPort-AV: E=Sophos;i="5.64,293,1559520000"; d="scan'208";a="599375734" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2019 04:15:20 +0000 Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x6M4FKcK008054 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jul 2019 04:15:20 GMT Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 21 Jul 2019 23:15:20 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 21 Jul 2019 23:15:18 -0500 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sun, 21 Jul 2019 23:15:18 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I3AZBxvsvUpjLXKtTuHd2tR1PecDrZmaOyyk0Ln/DB2nfgTMppXdY7Byuy3Pcsbor3tOSVtwvb2w8fiOokuMNsfQzLfwllP3LYvTbdBL5lJjmEyOyVmYAF3HVfeEcn0N6TR7IA8kjFYnORv95FZCM9vAWjRRbsE9dmzt+IfAlAuramjxlamIroU5VQ+Ezd/n51tzqOZQxCifMrgI8qqRmZwKr9j2fMoNVarAX3dVq4BTo5d3AxlYPrsJY+vfeyRroNXfVJA7JhWvkpLF7GACfoE3IZd2Tx+5MosJTUrPbXGTY99DKZLMcfbsHOWfX7teqlvcAiV1ZeZPb/L+cpRONA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKYW1vbHXH5/hOwSScTcF8CV2oPpq2RomeGXT/vhMGE=; b=g7dm6rWCofVdVZB8lC50UTP+Ff4dBLcHb1kzxgOqqfDKfPNVfIYvLWmaRC34Yk/iyzfS+H27G4oAbu7wIDXCzI4IPdbwscdcJYXHtO1mHGPtPXFtnjL3NPZlHsOqKuRO8T/NAcbtsBhizJCSx2nsiocwFGAuxXP12olP6wvx/SfeU4V6Qf5QEWvO1HMTM9jWhgrqJU/HA6PRozmtEskuzaxxgzpq/nuVIh913UWauD1GVOIiSKGzP2UyeoEit6Qp+/wv6BBWMoXgzCDkxvMluOTRPwV9q0s/fN5TkdwUNzVMxcTAm9xigP962eMtQtt7V6n/+bTIRyIFHHUmPCqrpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yKYW1vbHXH5/hOwSScTcF8CV2oPpq2RomeGXT/vhMGE=; b=hDh5TsQ6p8VWuvwtP8iwU+nAnzxQ5EMP9wrQVENeQo15ofcMxTmC7pf/pd8Nfdc+RGkoVZbU1Y6xIpHNnknjX7BuCGKG9+fbWm0R5tYCfk1Cs3L9/Y2mnRyfk6agluZjp6gL0KuRQ0oyM+Ue12yttKJ4/DtDPSrKEpfZ2Z9PFxg= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.244.29) by BN7PR11MB2802.namprd11.prod.outlook.com (52.135.246.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Mon, 22 Jul 2019 04:15:17 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::b1dc:fd0d:e540:67aa%7]) with mapi id 15.20.2094.013; Mon, 22 Jul 2019 04:15:17 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" , "i-d-announce@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-13.txt Thread-Index: AQHVQENWDVr+yJJ0UkihGgvDtk/pnqbWB3nA Date: Mon, 22 Jul 2019 04:15:16 +0000 Message-ID: References: <156376850547.8830.16557998479206892816@ietfa.amsl.com> In-Reply-To: <156376850547.8830.16557998479206892816@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1002::173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f306d027-f8a6-4300-28c0-08d70e5b33e8 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2802; x-ms-traffictypediagnostic: BN7PR11MB2802: x-ms-exchange-purlcount: 5 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4303; x-forefront-prvs: 01068D0A20 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(199004)(189003)(13464003)(186003)(2501003)(6246003)(53936002)(86362001)(11346002)(476003)(46003)(446003)(256004)(76176011)(7696005)(6116002)(2906002)(450100002)(25786009)(966005)(478600001)(81166006)(81156014)(53546011)(6506007)(102836004)(14454004)(229853002)(486006)(9686003)(316002)(110136005)(33656002)(8936002)(68736007)(66574012)(71190400001)(71200400001)(99286004)(52536014)(305945005)(7736002)(74316002)(66946007)(66476007)(66556008)(76116006)(8676002)(66446008)(64756008)(6436002)(55016002)(6306002)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2802; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: iMrTBoWiyXDhtzCKOKYwhbDGKcV1gf4PIBrgkjOtoa7KfY51hEgzkG1B1AkwZk8IbrKHWYxRqZDqmX8F+cPx9S4NW/VAf6IC3dRxDkDlWxz0/lG/Wc8+kMEsOo8RzjPBx0Dyn9NvoCdjMzaV9Q+l1xvD5xcILja18gdRHE+HyEbj8avnjeVG35bkZdLE+cx1S+/WmThsvw5f1lKjK6pj8ynO4WauirM7NkI87IFe7upZ0/Hc3vxoR/hI8CwEuMeaI1Z+3DpVo1hCNvPExR9Eu0z1N89SXvu/2AVDIjN9tLjRy7T+uFOBVMk6yBCyA6UWXtvQKnVGHEbvKVXBE2KXTzS3cUYaQXcrAc2FaHEarZhPwBkd8soeTse1P4fLLWLJ8SqOmVikyhBf551h2LRBPtbfd1Lf+I6RBWs9xs3rbik= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: f306d027-f8a6-4300-28c0-08d70e5b33e8 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2019 04:15:16.7152 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pkampana@cisco.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2802 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com X-Outbound-Node: rcdn-core-10.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-13.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 04:15:25 -0000 This upload addresses the opsdir and secdir review comments.=20 -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Monday, July 22, 2019 12:08 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-13.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cr= yptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-13.txt Pages : 18 Date : 2019-07-21 Abstract: This document updates the "Cryptographic Message Syntax Algorithms" (RFC3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-13 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-cms-shakes-13 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Mon Jul 22 06:38:10 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D57A1202C2; Mon, 22 Jul 2019 06:37:54 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Cc: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley , housley@vigilsec.com, spasm@ietf.org, The IESG , draft-ietf-lamps-pkix-shake@ietf.org, rfc-editor@rfc-editor.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <156380267410.27967.12134148713848879153.idtracker@ietfa.amsl.com> Date: Mon, 22 Jul 2019 06:37:54 -0700 Archived-At: Subject: [lamps] Protocol Action: 'Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs' to Proposed Standard (draft-ietf-lamps-pkix-shake-13.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 13:37:59 -0000 The IESG has approved the following document: - 'Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs' (draft-ietf-lamps-pkix-shake-13.txt) as Proposed Standard This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ Technical Summary This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as a one-way hash function with RSA-PSS and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. Working Group Summary Was there anything in the WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Document Quality There is consensus for this document in the LAMPS WG. X.509 certificates and CRLs are widely deployed. A few people have expressed interest in using SHAKE in their implementations. Personnel Russ Housley is the document shepherd. Roman Danyliw is the responsible area director. From nobody Mon Jul 22 07:21:24 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 07C2B12031D; Mon, 22 Jul 2019 07:21:19 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156380527898.28054.3543278330964507943@ietfa.amsl.com> Date: Mon, 22 Jul 2019 07:21:19 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-14.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 14:21:23 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-14.txt Pages : 17 Date : 2019-07-22 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs. This document updates the "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile" (RFC3279) and describes the conventions for using the SHAKE function family in Internet X.509 certificates and revocation lists as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-14 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jul 22 07:29:36 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E7481202F4; Mon, 22 Jul 2019 07:29:34 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156380577457.28029.13665059005544667068@ietfa.amsl.com> Date: Mon, 22 Jul 2019 07:29:34 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-14.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 14:29:35 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-14.txt Pages : 18 Date : 2019-07-22 Abstract: This document updates the "Cryptographic Message Syntax Algorithms" (RFC3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-14 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-shakes-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jul 22 07:46:21 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C6B120024; Mon, 22 Jul 2019 07:46:12 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156380677238.28079.3876986953833936905@ietfa.amsl.com> Date: Mon, 22 Jul 2019 07:46:12 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-15.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 14:46:13 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-15.txt Pages : 17 Date : 2019-07-22 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs. This document updates the "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile" (RFC3279) and describes the conventions for using the SHAKE function family in Internet X.509 certificates and revocation lists as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-15 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jul 22 07:46:30 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B8B31202C7; Mon, 22 Jul 2019 07:46:19 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <156380677941.28066.2458213756452560340@ietfa.amsl.com> Date: Mon, 22 Jul 2019 07:46:19 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-15.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 14:46:26 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-15.txt Pages : 18 Date : 2019-07-22 Abstract: This document updates the "Cryptographic Message Syntax Algorithms" (RFC3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-15 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-shakes-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Jul 25 08:54:30 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD35B1202E5 for ; Thu, 25 Jul 2019 08:54:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IDJg9ERARLli for ; Thu, 25 Jul 2019 08:54:25 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79191202EA for ; Thu, 25 Jul 2019 08:54:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kd90i3SB2AIUhG/rCoPPmctMVO1Ueoc5P3YgWw4qsxsPzYcj+/tDtAx6gxK6XYtFbTWfL3awE4WmhkgU0BeXx2ACswgsYNIgCNDKPkEEN/NJ5TL906NAljpDyFrL3g1gWM516VtIzK/HEXFuU5igfHZJEnf1H+Fi6YpyO0WPZdaTFbQ8x6ao52dNoEinKdu3pOSo66GA10S3Q4Lfcb17dUIIYwIsezP5RGo3B3ccMS0U+65AnUJwPyhOMnMN5ATaMTylJf7ir7TZRkeL0VGYFeD+H4WPTKR/TN2FluCC1NycuRcEYGLg7G6+w2TLvJwI6ZaTyt71XX7VWmRyCCvaYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jE6V60Tso710cFUx2upadzEMpGMNYc6YVehc8Uu0aug=; b=jWmviE0XD7icJCEm0mD2hYPWPD1BVm/Bq9fcYpKtUT/GYQ2xBQxXh99qRxgXibJayQ4qllk8aaLA+K2Uj1+xAEW+QJPQFMfDz+Cwzfh1Jm53O+NgzCD0UulT97YlnuefubsQjDIOyi5ZhqYmngvodPlpTc0WdpB4vhH39eQh7VRtHRr28mXVTil++bY8NF5WFGbm4maTMNIyyveRpLa3wnuwaGWTS1E5/LSsYnPNEsn6twYmvce5Ba3VsZoG28eFCWyLyx64KinSWSl1vx/NJEATF/9QPJOKM+fWWE6lqpxxcVUgJUPFMHvqdyT7pl4iuKzrAsmlqP4IY6IdU2yX/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jE6V60Tso710cFUx2upadzEMpGMNYc6YVehc8Uu0aug=; b=nFVXN7pSPzx34L8KBRJZEKBe0FawA9NNx0uKfq+AK8lp/bpgze+v0h8P6p9YlT1BovnSK3jr6U4rnPwXT9vFoRrN7kPkmfJ16nh/oHsAn0loM/iLVKfG1KcVi1zFzbyJuZFuDa4KFGhpZIbczxE5YpMTC0/btp4uXRCT4krxw60= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB2099.EURPRD10.PROD.OUTLOOK.COM (52.134.85.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Thu, 25 Jul 2019 15:54:22 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2094.017; Thu, 25 Jul 2019 15:54:22 +0000 From: "Brockhaus, Hendrik" To: "spasm@ietf.org" , Russ Housley , Tim Hollebeek CC: "steffen.fries@siemens.com" Thread-Topic: Request to add the CMP activities to the LAMPS charter Thread-Index: AdVC/1yDqiHBKiMuSN6L6Z+PFQlNYg== Date: Thu, 25 Jul 2019 15:54:22 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b7c11f42-f50d-429d-06c8-08d711185caa x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB2099; x-ms-traffictypediagnostic: AM0PR10MB2099: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0109D382B0 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(346002)(396003)(39860400002)(136003)(189003)(199004)(2906002)(71200400001)(2501003)(6116002)(71190400001)(64756008)(790700001)(3846002)(8676002)(52536014)(14454004)(256004)(6436002)(316002)(26005)(19627235002)(478600001)(5660300002)(86362001)(4744005)(74316002)(53936002)(66066001)(107886003)(68736007)(99286004)(25786009)(110136005)(102836004)(81156014)(561944003)(66556008)(76116006)(81166006)(66946007)(4326008)(486006)(7696005)(66476007)(186003)(66446008)(55016002)(6306002)(9686003)(54896002)(33656002)(8936002)(7736002)(14444005)(6506007)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB2099; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: vtF4WfabvdGOyFvWE2vHCj/QYQKg18KJsTtIBWNi2NK4m8LaFi2rVwTR0Be7m5VJNEi+DLyut8RfbTMS+TqsZ9SRDuAhP+SXzWr4avPG3/j9tcE1lmaUUCqd8sr3VM3CpfdeWQS5nXy6gwjWcAFfI++YRQLFnZIJ5jh6hfE6VM22aUquXul6xJbFsIJ3+225jniXySj5mofE5YwCd97Pkad8URBOeeiAlmkhS6HeCF/4eb/ZUfDK0IXjv1tWmhPl5leqhoq0YtvEj4iHxdhqzwkcVQkLMMxCu0AgTrwpuD3nGn0Sp8qHeMCtVs9Ws7i4SFim+zwtdcqcAZkMEaLZ4zsV43l2n6SgyddF4O3kboyWREhGw2wTFft33ZZwy0uHiWoDXqR/thRQiBvK+8pbUZ6EYf/dl1quDjaYibk3Lik= Content-Type: multipart/alternative; boundary="_000_AM0PR10MB24020F02CF348E7D2C028B1FFEC10AM0PR10MB2402EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: b7c11f42-f50d-429d-06c8-08d711185caa X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2019 15:54:22.6869 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2099 Archived-At: Subject: [lamps] Request to add the CMP activities to the LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 15:54:29 -0000 --_000_AM0PR10MB24020F02CF348E7D2C028B1FFEC10AM0PR10MB2402EURP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Russ, Tim As discussed during the LAMPS WG session I presented both drafts on the CMP= activities (Lightweight CMP Profile and CMP Updates) and the recharter pro= posal. It was agreed that a rechartering is needed to follow up on these dr= afts in the WG. I want to ask the WG to forward this recharter text onwards to the IESG. "As certificate management gets increasingly important in many environments= , it needs to be tailored to the specific needs. CMP as existing protocol o= ffers a vast range of options. As it is already being applied in different = industrial environments it needs to be enhanced to more efficiently support= of these use cases, crypto agility and specific communication relations on= the one hand and profiled to the necessary functionality on the other hand= to ease application and to better facilitate interoperable implementation.= " Hendrik --_000_AM0PR10MB24020F02CF348E7D2C028B1FFEC10AM0PR10MB2402EURP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Russ, Tim

 

As discussed during the LAMPS W= G session I presented both drafts on the CMP activities (Lightweight CMP Pr= ofile and CMP Updates) and the recharter proposal. It was agreed that a rec= hartering is needed to follow up on these drafts in the WG.

 

I want to ask the WG to forward= this recharter text onwards to the IESG.

“As certificate managemen= t gets increasingly important in many environments, it needs to be tailored= to the specific needs. CMP as existing protocol offers a vast range of opt= ions. As it is already being applied in different industrial environments it needs to be enhanced to more efficiently suppor= t of these use cases, crypto agility and specific communication relations o= n the one hand and profiled to the necessary functionality on the other han= d to ease application and to better facilitate interoperable implementation.”

 

Hendrik

--_000_AM0PR10MB24020F02CF348E7D2C028B1FFEC10AM0PR10MB2402EURP_-- From nobody Thu Jul 25 09:55:35 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88AE9120108 for ; Thu, 25 Jul 2019 09:55:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FX1m7TwWb0f5 for ; Thu, 25 Jul 2019 09:55:30 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5713A120161 for ; Thu, 25 Jul 2019 09:55:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 41BF3300B07 for ; Thu, 25 Jul 2019 12:36:09 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XV6fRFW7eLde for ; Thu, 25 Jul 2019 12:36:07 -0400 (EDT) Received: from [5.5.33.112] (unknown [204.194.23.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 2F9D83001CB; Thu, 25 Jul 2019 12:36:07 -0400 (EDT) From: Russ Housley Message-Id: <1FD547B6-F127-4DD7-AE56-989E037AB7A6@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_5CEB7118-3612-4B08-96C2-CBC31A11C9D3" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Thu, 25 Jul 2019 12:55:23 -0400 In-Reply-To: Cc: "spasm@ietf.org" , Tim Hollebeek , "steffen.fries@siemens.com" To: "Brockhaus, Hendrik" References: X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Request to add the CMP activities to the LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 16:55:33 -0000 --Apple-Mail=_5CEB7118-3612-4B08-96C2-CBC31A11C9D3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hendrik: Thanks for renewing the discussion. A quick scan of this thread in my = email folders does not show a list of proposed milestones. Please = propose some. Russ > On Jul 25, 2019, at 11:54 AM, Brockhaus, Hendrik = wrote: >=20 > Russ, Tim > =20 > As discussed during the LAMPS WG session I presented both drafts on = the CMP activities (Lightweight CMP Profile and CMP Updates) and the = recharter proposal. It was agreed that a rechartering is needed to = follow up on these drafts in the WG. > =20 > I want to ask the WG to forward this recharter text onwards to the = IESG. > =E2=80=9CAs certificate management gets increasingly important in many = environments, it needs to be tailored to the specific needs. CMP as = existing protocol offers a vast range of options. As it is already being = applied in different industrial environments it needs to be enhanced to = more efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable implementation.=E2=80=9D > =20 > Hendrik --Apple-Mail=_5CEB7118-3612-4B08-96C2-CBC31A11C9D3 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hendrik:

Thanks for renewing the discussion.  A quick scan of = this thread in my email folders does not show a list of proposed = milestones.  Please propose some.

Russ

On Jul = 25, 2019, at 11:54 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:

Russ, Tim
 
As discussed during the LAMPS = WG session I presented both drafts on the CMP activities (Lightweight = CMP Profile and CMP Updates) and the recharter proposal. It was agreed = that a rechartering is needed to follow up on these drafts in the = WG.
 
I want to ask the WG to = forward this recharter text onwards to the IESG.
=E2=80=9CAs certificate management gets = increasingly important in many environments, it needs to be tailored to = the specific needs. CMP as existing protocol offers a vast range of = options. As it is already being applied in different industrial = environments it needs to be enhanced to more efficiently support of = these use cases, crypto agility and specific communication relations on = the one hand and profiled to the necessary functionality on the other = hand to ease application and to better facilitate interoperable = implementation.=E2=80=9D
 
Hendrik

= --Apple-Mail=_5CEB7118-3612-4B08-96C2-CBC31A11C9D3-- From nobody Fri Jul 26 02:04:58 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A06241202F0 for ; Fri, 26 Jul 2019 02:04:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K7qUrDZB9EL0 for ; Fri, 26 Jul 2019 02:04:52 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30045.outbound.protection.outlook.com [40.107.3.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D31581202E8 for ; Fri, 26 Jul 2019 02:04:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kIWBnvUBgIaskVZq/sFm13JDcaSNTpup2Yc+hyKrmleZx/FJ7ZolWC4jq2MIeNSxay4vu7s6lRlGhJajaG3vIJt9c3+gqirI/W+MW11jAxfrkMrSZrxi7v3y0XjsEjI4jppAcr5inBhFTblNxUSqozU38CroZEvVAPhG7dOB4k5YhJ/Xz0auKAr8pqT+YXyNsKB9aAjiFH3OruGKOq41xWnaZeL6wJBio7O8nfq7OwZEPT1JB3jYAeW1Gdnd1hnbrCQyAOL3wNsDlRq14i1eJUr+bY33fYHPUv1+vTFuOiZqMUYFRWDVDZIwHCydpFo6DDRy8KHTgQdzT5DUhnd3Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lcrrjylPU7660iaW0WY4hNXLXuTPv9EnsoskzjgdcbI=; b=PHmdkVFu9ar5p9Uv+NplxLDrHMZp73nT30VMGzuEZhHIfX0vTQXisK5+rWgPGFrflqyx/V8XGwbpjBR7f6XuW7rJcBazCPOk0MFk0b4We1/mkME5Dii5HUUxz7IGeaA2kQC1wBPXgGzQ9zrn4mwHTGzp6uI7LVNQuSTkXcTxoRBmTi8T283SqHx+KQS2S0I/8nckG8nMGAVpYWq/+Mwei6FN8YkEFX1URb/Kqe3toPOcz2lS9iKiDc6W4tDw/n6rGKgmPLMAv3ehzTyonru5W4tStbe9RrUDSJlYrl9ZtiopWFhoFx7lCodGID49x6JdzcUBmVhDVw69m00wWU85KQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lcrrjylPU7660iaW0WY4hNXLXuTPv9EnsoskzjgdcbI=; b=MsL8rs9RGuWc3wV2XnzS91E7MPpzFqgCwzECAJv0zRlxi5z/DAPFfHyp2PJTRpLZ+eshaFIK37ccczv+nSY1cNGfYMyWXr4Snvex/Ra/EP/6NXcV0CxacyA8iKkbYQeBc48UHuBI1HT0oyC3rs9+cDLh+TGu6AvBJyHrxH9VfKE= Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM (20.177.110.224) by AM0PR10MB3652.EURPRD10.PROD.OUTLOOK.COM (10.186.174.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.11; Fri, 26 Jul 2019 09:04:47 +0000 Received: from AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4]) by AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM ([fe80::65dc:1434:6847:4ba4%5]) with mapi id 15.20.2094.017; Fri, 26 Jul 2019 09:04:47 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: "spasm@ietf.org" , Tim Hollebeek , "steffen.fries@siemens.com" Thread-Topic: Request to add the CMP activities to the LAMPS charter Thread-Index: AdVC/1yDqiHBKiMuSN6L6Z+PFQlNYgACmNaAACG9Q+A= Date: Fri, 26 Jul 2019 09:04:47 +0000 Message-ID: References: <1FD547B6-F127-4DD7-AE56-989E037AB7A6@vigilsec.com> In-Reply-To: <1FD547B6-F127-4DD7-AE56-989E037AB7A6@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d67234b7-a392-408d-3e69-08d711a84f1f x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM0PR10MB3652; x-ms-traffictypediagnostic: AM0PR10MB3652: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01106E96F6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(346002)(136003)(376002)(39860400002)(199004)(189003)(66946007)(71200400001)(478600001)(71190400001)(256004)(14444005)(19627235002)(2906002)(107886003)(186003)(4326008)(561944003)(68736007)(6506007)(5660300002)(486006)(6436002)(76176011)(33656002)(476003)(7696005)(14454004)(3846002)(7736002)(66556008)(66476007)(6116002)(64756008)(66446008)(66066001)(790700001)(86362001)(76116006)(9686003)(8676002)(54896002)(6306002)(74316002)(99286004)(26005)(52536014)(54906003)(102836004)(81166006)(55016002)(236005)(81156014)(53546011)(25786009)(6916009)(8936002)(316002)(11346002)(446003)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR10MB3652; H:AM0PR10MB2402.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: LzYz9aWO93zVaamBGjf7JZlknQ5a3Rrq4b7ZfWGwRHZHGO9Z3N2VwDkvahMfv9lCZU/8NLwn18L2ZgZiL1+YbrlrWOxOol0195cmUZVTXuyiiQAipAYterFBp7oEVordHgArt7DqFCI5KhnqNpCwMyBIG3/fVsu5rFDhxA6i5xBPFTmQULQNDJZ43IfCD0hdV6DcIErpghDV0Guxgvb5+KGdRkFfST44Uz9W5SJup/+s5Yr4ijKtzmb3AUm15bHRalqUg7sIbw8I7YyRi4/ZwBNDzcpY10j9GaeC1+5D5Z7iuovaNyEgh7DY+kEl+/7HxLJ7kpl9aDe4h2bnfosevj9hB1EKv7S0nNr4nVuIQc0anUkH1o8QNrabolV/eGHeQNBBH9tENURRpQS5OaqCff79SAyYrlsCpGVzOmPl5HA= Content-Type: multipart/alternative; boundary="_000_AM0PR10MB24024BD359A24032891C7E17FEC00AM0PR10MB2402EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d67234b7-a392-408d-3e69-08d711a84f1f X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2019 09:04:47.4940 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3652 Archived-At: Subject: Re: [lamps] Request to add the CMP activities to the LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2019 09:04:56 -0000 --_000_AM0PR10MB24024BD359A24032891C7E17FEC00AM0PR10MB2402EURP_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UnVzcw0KDQpJIHdvdWxkIGxpa2UgdG8gY29tcGxldGUgYm90aCBkcmFmdHMgdW50aWwgTWFyY2gg MjAyMCBzbyB0aGF0IHRoZSByZXZpZXcgY291bGQgYmUgY29tcGxldGVkIHVudGlsIE9jdG9iZXIg MjAyMC4NClRoZXJlZm9yZSBJIHByb3Bvc2UgT2N0b2JlciAyMDIwIGFzIG1pbGVzdG9uZSBmb3Ig UkZDIHJlbGVhc2Ugb2YgYm90aCBkb2N1bWVudHMuDQoNCkhlbmRyaWsNCg0KVm9uOiBSdXNzIEhv dXNsZXkgPGhvdXNsZXlAdmlnaWxzZWMuY29tPg0KR2VzZW5kZXQ6IERvbm5lcnN0YWcsIDI1LiBK dWxpIDIwMTkgMTg6NTUNCkFuOiBCcm9ja2hhdXMsIEhlbmRyaWsgKENUIFJEQSBDU1QgU0VBLURF KSA8aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+DQpDYzogc3Bhc21AaWV0Zi5vcmc7IFRp bSBIb2xsZWJlZWsgPHRpbS5ob2xsZWJlZWtAZGlnaWNlcnQuY29tPjsgRnJpZXMsIFN0ZWZmZW4g KENUIFJEQSBDU1QpIDxzdGVmZmVuLmZyaWVzQHNpZW1lbnMuY29tPg0KQmV0cmVmZjogUmU6IFJl cXVlc3QgdG8gYWRkIHRoZSBDTVAgYWN0aXZpdGllcyB0byB0aGUgTEFNUFMgY2hhcnRlcg0KDQpI ZW5kcmlrOg0KDQpUaGFua3MgZm9yIHJlbmV3aW5nIHRoZSBkaXNjdXNzaW9uLiAgQSBxdWljayBz Y2FuIG9mIHRoaXMgdGhyZWFkIGluIG15IGVtYWlsIGZvbGRlcnMgZG9lcyBub3Qgc2hvdyBhIGxp c3Qgb2YgcHJvcG9zZWQgbWlsZXN0b25lcy4gIFBsZWFzZSBwcm9wb3NlIHNvbWUuDQoNClJ1c3MN Cg0KDQpPbiBKdWwgMjUsIDIwMTksIGF0IDExOjU0IEFNLCBCcm9ja2hhdXMsIEhlbmRyaWsgPGhl bmRyaWsuYnJvY2toYXVzQHNpZW1lbnMuY29tPG1haWx0bzpoZW5kcmlrLmJyb2NraGF1c0BzaWVt ZW5zLmNvbT4+IHdyb3RlOg0KDQpSdXNzLCBUaW0NCg0KQXMgZGlzY3Vzc2VkIGR1cmluZyB0aGUg TEFNUFMgV0cgc2Vzc2lvbiBJIHByZXNlbnRlZCBib3RoIGRyYWZ0cyBvbiB0aGUgQ01QIGFjdGl2 aXRpZXMgKExpZ2h0d2VpZ2h0IENNUCBQcm9maWxlIGFuZCBDTVAgVXBkYXRlcykgYW5kIHRoZSBy ZWNoYXJ0ZXIgcHJvcG9zYWwuIEl0IHdhcyBhZ3JlZWQgdGhhdCBhIHJlY2hhcnRlcmluZyBpcyBu ZWVkZWQgdG8gZm9sbG93IHVwIG9uIHRoZXNlIGRyYWZ0cyBpbiB0aGUgV0cuDQoNCkkgd2FudCB0 byBhc2sgdGhlIFdHIHRvIGZvcndhcmQgdGhpcyByZWNoYXJ0ZXIgdGV4dCBvbndhcmRzIHRvIHRo ZSBJRVNHLg0K4oCcQXMgY2VydGlmaWNhdGUgbWFuYWdlbWVudCBnZXRzIGluY3JlYXNpbmdseSBp bXBvcnRhbnQgaW4gbWFueSBlbnZpcm9ubWVudHMsIGl0IG5lZWRzIHRvIGJlIHRhaWxvcmVkIHRv IHRoZSBzcGVjaWZpYyBuZWVkcy4gQ01QIGFzIGV4aXN0aW5nIHByb3RvY29sIG9mZmVycyBhIHZh c3QgcmFuZ2Ugb2Ygb3B0aW9ucy4gQXMgaXQgaXMgYWxyZWFkeSBiZWluZyBhcHBsaWVkIGluIGRp ZmZlcmVudCBpbmR1c3RyaWFsIGVudmlyb25tZW50cyBpdCBuZWVkcyB0byBiZSBlbmhhbmNlZCB0 byBtb3JlIGVmZmljaWVudGx5IHN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzLCBjcnlwdG8gYWdp bGl0eSBhbmQgc3BlY2lmaWMgY29tbXVuaWNhdGlvbiByZWxhdGlvbnMgb24gdGhlIG9uZSBoYW5k IGFuZCBwcm9maWxlZCB0byB0aGUgbmVjZXNzYXJ5IGZ1bmN0aW9uYWxpdHkgb24gdGhlIG90aGVy IGhhbmQgdG8gZWFzZSBhcHBsaWNhdGlvbiBhbmQgdG8gYmV0dGVyIGZhY2lsaXRhdGUgaW50ZXJv cGVyYWJsZSBpbXBsZW1lbnRhdGlvbi7igJ0NCg0KSGVuZHJpaw0KDQo= --_000_AM0PR10MB24024BD359A24032891C7E17FEC00AM0PR10MB2402EURP_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRS1NYWlsRm9ybWF0dm9ybGFn ZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7 bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBX b3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcwLjg1cHQgNzAu ODVwdCAyLjBjbSA3MC44NXB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlv bjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVs dHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0t W2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlk bWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2Vu ZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iREUiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJw bGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+UnVzczxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tZmFyZWFzdC1s YW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+SSB3b3VsZCBsaWtlIHRvIGNvbXBsZXRlIGJvdGggZHJhZnRzIHVudGlsIE1hcmNoIDIw MjAgc28gdGhhdCB0aGUgcmV2aWV3IGNvdWxkIGJlIGNvbXBsZXRlZCB1bnRpbCBPY3RvYmVyIDIw MjAuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+VGhlcmVmb3JlIEkg cHJvcG9zZSBPY3RvYmVyIDIwMjAgYXMgbWlsZXN0b25lIGZvciBSRkMgcmVsZWFzZSBvZiBib3Ro IGRvY3VtZW50cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyIgc3R5bGU9Im1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTIj5IZW5kcmlrPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi IHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgYmx1ZSAx LjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20g MGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Wb246PC9iPiBSdXNzIEhvdXNsZXkg Jmx0O2hvdXNsZXlAdmlnaWxzZWMuY29tJmd0OyA8YnI+DQo8Yj5HZXNlbmRldDo8L2I+IERvbm5l cnN0YWcsIDI1LiBKdWxpIDIwMTkgMTg6NTU8YnI+DQo8Yj5Bbjo8L2I+IEJyb2NraGF1cywgSGVu ZHJpayAoQ1QgUkRBIENTVCBTRUEtREUpICZsdDtoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNv bSZndDs8YnI+DQo8Yj5DYzo8L2I+IHNwYXNtQGlldGYub3JnOyBUaW0gSG9sbGViZWVrICZsdDt0 aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbSZndDs7IEZyaWVzLCBTdGVmZmVuIChDVCBSREEgQ1NU KSAmbHQ7c3RlZmZlbi5mcmllc0BzaWVtZW5zLmNvbSZndDs8YnI+DQo8Yj5CZXRyZWZmOjwvYj4g UmU6IFJlcXVlc3QgdG8gYWRkIHRoZSBDTVAgYWN0aXZpdGllcyB0byB0aGUgTEFNUFMgY2hhcnRl cjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVuZHJpazo8bzpwPjwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rcyBmb3IgcmVuZXdp bmcgdGhlIGRpc2N1c3Npb24uICZuYnNwO0EgcXVpY2sgc2NhbiBvZiB0aGlzIHRocmVhZCBpbiBt eSBlbWFpbCBmb2xkZXJzIGRvZXMgbm90IHNob3cgYSBsaXN0IG9mIHByb3Bvc2VkIG1pbGVzdG9u ZXMuICZuYnNwO1BsZWFzZSBwcm9wb3NlIHNvbWUuPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5SdXNzPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PGJyPg0KPGJyPg0KPG86cD48L286cD48L3A+DQo8YmxvY2txdW90ZSBzdHls ZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5PbiBKdWwgMjUsIDIwMTksIGF0IDExOjU0IEFNLCBCcm9ja2hhdXMsIEhl bmRyaWsgJmx0OzxhIGhyZWY9Im1haWx0bzpoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNvbSI+ aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb208L2E+Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5SdXNz LCBUaW08L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPkFz IGRpc2N1c3NlZCBkdXJpbmcgdGhlIExBTVBTIFdHIHNlc3Npb24gSSBwcmVzZW50ZWQgYm90aCBk cmFmdHMgb24gdGhlIENNUCBhY3Rpdml0aWVzIChMaWdodHdlaWdodCBDTVAgUHJvZmlsZSBhbmQg Q01QIFVwZGF0ZXMpIGFuZCB0aGUgcmVjaGFydGVyIHByb3Bvc2FsLiBJdCB3YXMgYWdyZWVkIHRo YXQgYSByZWNoYXJ0ZXJpbmcgaXMgbmVlZGVkIHRvIGZvbGxvdyB1cCBvbg0KIHRoZXNlIGRyYWZ0 cyBpbiB0aGUgV0cuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO LVVTIj5JIHdhbnQgdG8gYXNrIHRoZSBXRyB0byBmb3J3YXJkIHRoaXMgcmVjaGFydGVyIHRleHQg b253YXJkcyB0byB0aGUgSUVTRy48L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+4oCcQXMgY2VydGlmaWNh dGUgbWFuYWdlbWVudCBnZXRzIGluY3JlYXNpbmdseSBpbXBvcnRhbnQgaW4gbWFueSBlbnZpcm9u bWVudHMsIGl0IG5lZWRzIHRvIGJlIHRhaWxvcmVkIHRvIHRoZSBzcGVjaWZpYyBuZWVkcy4gQ01Q IGFzIGV4aXN0aW5nIHByb3RvY29sIG9mZmVycyBhIHZhc3QgcmFuZ2Ugb2Ygb3B0aW9ucy4gQXMg aXQgaXMgYWxyZWFkeSBiZWluZyBhcHBsaWVkIGluIGRpZmZlcmVudA0KIGluZHVzdHJpYWwgZW52 aXJvbm1lbnRzIGl0IG5lZWRzIHRvIGJlIGVuaGFuY2VkIHRvIG1vcmUgZWZmaWNpZW50bHkgc3Vw cG9ydCBvZiB0aGVzZSB1c2UgY2FzZXMsIGNyeXB0byBhZ2lsaXR5IGFuZCBzcGVjaWZpYyBjb21t dW5pY2F0aW9uIHJlbGF0aW9ucyBvbiB0aGUgb25lIGhhbmQgYW5kIHByb2ZpbGVkIHRvIHRoZSBu ZWNlc3NhcnkgZnVuY3Rpb25hbGl0eSBvbiB0aGUgb3RoZXIgaGFuZCB0byBlYXNlIGFwcGxpY2F0 aW9uIGFuZCB0byBiZXR0ZXINCiBmYWNpbGl0YXRlIGludGVyb3BlcmFibGUgaW1wbGVtZW50YXRp b24u4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5I ZW5kcmlrPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90 ZT4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_AM0PR10MB24024BD359A24032891C7E17FEC00AM0PR10MB2402EURP_-- From nobody Fri Jul 26 10:45:31 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA120120047 for ; Fri, 26 Jul 2019 10:45:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhhazT6LmS42 for ; Fri, 26 Jul 2019 10:45:27 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB1D12003F for ; Fri, 26 Jul 2019 10:45:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id EF0C8300AE4 for ; Fri, 26 Jul 2019 13:26:08 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ga1kcZleF7ex for ; Fri, 26 Jul 2019 13:26:07 -0400 (EDT) Received: from [5.5.33.158] (unknown [204.194.23.17]) by mail.smeinc.net (Postfix) with ESMTPSA id 0A1883005D6 for ; Fri, 26 Jul 2019 13:26:06 -0400 (EDT) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_0C162441-B829-41C1-BD0A-18AA132064A4" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Fri, 26 Jul 2019 13:45:23 -0400 References: <1FD547B6-F127-4DD7-AE56-989E037AB7A6@vigilsec.com> To: "spasm@ietf.org" In-Reply-To: Message-Id: <4CC67DC2-C5DB-4D0D-82D6-30CB3F17B6CA@vigilsec.com> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Request to add the CMP activities to the LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2019 17:45:29 -0000 --Apple-Mail=_0C162441-B829-41C1-BD0A-18AA132064A4 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I am just trying to simplify the language and provide a little bit of = flexibility. Please review the proposed text and milestones. Russ =3D =3D =3D =3D =3D =3D =3D=20 8. As certificate management gets increasingly important in many environments, it needs to be tailored to the specific needs. CMP is an existing protocol offers a vast range of certificate management options, and CMP is already being used in different industrial environments. The LAMPS WG will develop a "lightweight" profile of CMP to more efficiently support of these use cases and better facilitate interoperable implementation, while preserving cryptographic algorithm agility. March 2020 - WG adoption of Internet-Drafts for CMP October 2020 - Forward CMP drafts to IESG for publication on the = standards-track=20 > On Jul 26, 2019, at 5:04 AM, Brockhaus, Hendrik = wrote: >=20 > =E2=80=9CAs certificate management gets increasingly important in many = environments, it needs to be tailored to the specific needs. CMP as = existing protocol offers a vast range of options. As it is already being = applied in different industrial environments it needs to be enhanced to = more efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable implementation.=E2=80=9D --Apple-Mail=_0C162441-B829-41C1-BD0A-18AA132064A4 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 I = am just trying to simplify the language and provide a little bit of = flexibility.  Please review the proposed text and milestones.

Russ

=3D =3D =3D =3D =3D =3D = =3D 

8. As certificate management gets = increasingly important in many
environments, it = needs to be tailored to the specific needs. CMP is an
existing protocol offers a vast range of certificate = management options,
and CMP is already being used = in different industrial environments. The
LAMPS WG = will develop a "lightweight" profile of CMP to more = efficiently
support of these use cases and better = facilitate interoperable
implementation, while = preserving cryptographic algorithm agility.

March 2020 - WG = adoption of Internet-Drafts for CMP

October 2020 - Forward CMP drafts to = IESG for publication on the standards-track 


On Jul = 26, 2019, at 5:04 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote:

=E2=80=9CAs = certificate management gets increasingly important in many environments, = it needs to be tailored to the specific needs. CMP as existing protocol = offers a vast range of options. As it is already being applied in = different industrial environments it needs to be enhanced to more = efficiently support of these use cases, crypto agility and specific = communication relations on the one hand and profiled to the necessary = functionality on the other hand to ease application and to better = facilitate interoperable = implementation.=E2=80=9D

= --Apple-Mail=_0C162441-B829-41C1-BD0A-18AA132064A4-- From nobody Fri Jul 26 13:47:20 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D20971200D7 for ; Fri, 26 Jul 2019 13:47:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HryOk7LgwqN7 for ; Fri, 26 Jul 2019 13:47:15 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09AE9120071 for ; Fri, 26 Jul 2019 13:47:14 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [162.253.141.186]) by relay.sandelman.ca (Postfix) with ESMTPS id 0D10B1F44B; Fri, 26 Jul 2019 20:47:12 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 837921431; Fri, 26 Jul 2019 16:47:33 -0400 (EDT) From: Michael Richardson To: spasm@ietf.org X-Attribution: mcr X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Fri, 26 Jul 2019 16:47:33 -0400 Message-ID: <21504.1564174053@dooku.sandelman.ca> Archived-At: Subject: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jul 2019 20:47:18 -0000 --=-=-= Content-Type: text/plain secdispatch said that https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify/ belongs in LAMPS. The word was that the charter did not include fixing things. The first paragragh includes: "Some updates have been proposed to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working Group is chartered to make updates where there is a known constituency interested in real deployment and there is at least one sufficiently well specified approach to the update so that the working group can sensibly evaluate whether to adopt a proposal." but the last paragraph says: "In addition, the LAMPS WG may investigate other updates to documents produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt any of these potential work items without rechartering." so I guess despite the weasel room at the beginning, it has to add a #. point for RFC7030. We have also discussed doing a light CMP profile. Maybe a single point could say something about updates to Certificate Enrollment protocols, include EST and CMP. In the meantime, I need help evaluating the comments in https://www.rfc-editor.org/errata/eid4384 I simply don't have the ASN.1-fu to understand &Type. }Section 4.5.2 says: }CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID } }AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } } }Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { } type ATTRIBUTE.&id({IOSet}), } values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } ]It should say: } }AttrOrOID ::= CHOICE { } oid OBJECT IDENTIFIER, } attribute Attribute{YouNeedToDefineOrReferenceAnObjectSet} }} I presumed that while the ATTRIBUTE.&Type({IOSet}{@type}) was pretty much not understandable to me, that it was legitimate. I didn't know exactly what the series of SET/SEQ it represented, but I just tweaked a bit and matched against the examples shown. I wound up with: Attribute = [ rfc822Name-OID, { [rfc822Name-value] } ] []-seq {}-set -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl07ZuQACgkQlUzhVv38 QpDOlAf9Hd05QofC4Q+QJEdIKw+6JWlmEvFLLslXbXHrmo7Nu2FsP7TycNAubotj O18IEpD1sZNfd5mQH5Ywf3DFtZT1JmD+kUfyDddZew9qrgXdv7Sarl8bba1bIKaV ih0tB6Lm28mXSadK1BwwdbQXXQ5aZEcd0mI3OiStz7vAM64lg0LKj4wOY/7LYy4f 4Kjp/MeS39k/lBIaVVrAzEINR8xnPs/VQtTvwCmb8ZL3Mvo3IEjNsL075u2yUs0v efMNs4hHPA7Rw/FxWYJk6ZU0Gphct3N/yZWBNBm8O8BI2rPkFd7CTKb5f5x4pIqa o9DLkvKm9ePYKcAg24uSqzop42rYLA== =Xdus -----END PGP SIGNATURE----- --=-=-=-- From nobody Sat Jul 27 04:40:12 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56C551200F7 for ; Sat, 27 Jul 2019 04:40:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIT1dWyeMo9W for ; Sat, 27 Jul 2019 04:40:08 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9FB21202AE for ; Sat, 27 Jul 2019 04:40:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 73B22300AF0 for ; Sat, 27 Jul 2019 07:20:50 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id S9Pz_N9t2rNY for ; Sat, 27 Jul 2019 07:20:49 -0400 (EDT) Received: from [172.26.15.141] (67-132-193-197.dia.static.qwest.net [67.132.193.197]) by mail.smeinc.net (Postfix) with ESMTPSA id E3C573005D8 for ; Sat, 27 Jul 2019 07:20:48 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> Date: Sat, 27 Jul 2019 07:40:05 -0400 To: LAMPS WG X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 11:40:11 -0000 At the meeting in Montreal, we suggested a charter update to allow = clarifications. I suggest: OLD: In addition, the LAMPS WG may investigate other updates to documents produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt any of these potential work items without rechartering. NEW: In addition, the LAMPS WG may investigate other updates to documents produced by the PKIX and S/MIME WG. The LAMPS WG may produce clarifications where needed, but the LAMPS WG shall not adopt anything beyond clarifications without rechartering. Thoughts? Russ= From nobody Sat Jul 27 04:51:31 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3055B1202B1 for ; Sat, 27 Jul 2019 04:51:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3xKVB_15Giz for ; Sat, 27 Jul 2019 04:51:28 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A13912010C for ; Sat, 27 Jul 2019 04:51:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 67E7F300AF8 for ; Sat, 27 Jul 2019 07:32:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id RnSVCsrTRFUV for ; Sat, 27 Jul 2019 07:32:08 -0400 (EDT) Received: from [172.26.15.141] (67-132-193-197.dia.static.qwest.net [67.132.193.197]) by mail.smeinc.net (Postfix) with ESMTPSA id 4FB6E3005D8; Sat, 27 Jul 2019 07:32:08 -0400 (EDT) From: Russ Housley Message-Id: <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> Content-Type: multipart/signed; boundary="Apple-Mail=_FF53AA52-0E6E-4B27-A8BF-A2C9B3A173C2"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Sat, 27 Jul 2019 07:51:24 -0400 In-Reply-To: <21504.1564174053@dooku.sandelman.ca> Cc: spasm@ietf.org To: Michael Richardson References: <21504.1564174053@dooku.sandelman.ca> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 11:51:30 -0000 --Apple-Mail=_FF53AA52-0E6E-4B27-A8BF-A2C9B3A173C2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii The definition of ATTRIBUTE and Attribute should be IMPORTed, not = included here. That leads to: AttrOrOID ::=3D CHOICE { oid OBJECT IDENTIFIER, attribute Attribute {{AttrSet}} } AttrSet ATTRIBUTE ::=3D { ... } Russ > On Jul 26, 2019, at 4:47 PM, Michael Richardson = wrote: >=20 > Signed PGP part >=20 > secdispatch said that > = https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify= / >=20 > belongs in LAMPS. The word was that the charter did not include = fixing > things. The first paragragh includes: >=20 > "Some updates have been proposed to the X.509 certificate documents > produced by the PKIX Working Group and the electronic mail security > documents produced by the S/MIME Working Group. >=20 > The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) = Working > Group is chartered to make updates where there is a known = constituency > interested in real deployment and there is at least one = sufficiently > well specified approach to the update so that the working group can > sensibly evaluate whether to adopt a proposal." >=20 > but the last paragraph says: >=20 > "In addition, the LAMPS WG may investigate other updates to = documents > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not = adopt > any of these potential work items without rechartering." >=20 > so I guess despite the weasel room at the beginning, it has to add > a #. point for RFC7030. We have also discussed doing a light CMP = profile. >=20 > Maybe a single point could say something about updates to Certificate > Enrollment protocols, include EST and CMP. >=20 > In the meantime, I need help evaluating the comments in > https://www.rfc-editor.org/errata/eid4384 >=20 > I simply don't have the ASN.1-fu to understand &Type. >=20 > }Section 4.5.2 says: > }CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID > } > }AttrOrOID ::=3D CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } > } > }Attribute { ATTRIBUTE:IOSet } ::=3D SEQUENCE { > } type ATTRIBUTE.&id({IOSet}), > } values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } > ]It should say: > } > }AttrOrOID ::=3D CHOICE { > } oid OBJECT IDENTIFIER, > } attribute Attribute{YouNeedToDefineOrReferenceAnObjectSet} > }} >=20 > I presumed that while the ATTRIBUTE.&Type({IOSet}{@type}) was pretty = much > not understandable to me, that it was legitimate. I didn't know = exactly > what the series of SET/SEQ it represented, but I just tweaked a bit > and matched against the examples shown. I wound up with: > Attribute =3D [ rfc822Name-OID, { [rfc822Name-value] } ] >=20 > []-seq > {}-set >=20 > -- > ] Never tell me the odds! | ipv6 mesh = networks [ > ] Michael Richardson, Sandelman Software Works | network = architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on = rails [ >=20 >=20 >=20 >=20 >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 >=20 >=20 --Apple-Mail=_FF53AA52-0E6E-4B27-A8BF-A2C9B3A173C2 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iF0EARECAB0WIQRJuTEKFXbtfFQz5huK5O7Q9ZwRywUCXTw6vAAKCRCK5O7Q9ZwR y1JHAKDSUSiK1fokQ5EyctkoxeWStE/c4wCg8phB3ai0bugn8zeUK7WmVe/aznQ= =26Nr -----END PGP SIGNATURE----- --Apple-Mail=_FF53AA52-0E6E-4B27-A8BF-A2C9B3A173C2-- From nobody Sat Jul 27 09:03:13 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5BF120024 for ; Sat, 27 Jul 2019 09:03:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bEsT8R1Ad3rw for ; Sat, 27 Jul 2019 09:03:08 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9120212001A for ; Sat, 27 Jul 2019 09:03:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 155DABE3E; Sat, 27 Jul 2019 17:03:06 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MrM6pv0FBPXC; Sat, 27 Jul 2019 17:03:04 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 35040BE2E; Sat, 27 Jul 2019 17:03:04 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1564243384; bh=KrRdpK8eM+jf9uoRBncVSnfkDPV4h6Pe3GiSskUM+1Q=; h=Subject:To:References:From:Date:In-Reply-To:From; b=wz4uyAFrnITBIdRt9OORSaoOagQ9XIt/C3GvH3nmG2xqLmNfckIPxj/UmFbSxqx1n 0YuMVGLIhoOEQlrCNIiUgkapAD10mOQwyL9ntFoM3fVdefZzWoRSAZJMYfexMFkPye E74ccBu/sEUidmdlJ++Tb1Wk4gyhJQzEd6+MJ01k= To: Russ Housley , LAMPS WG References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <46773340-6bba-6c54-7049-c6ec30488174@cs.tcd.ie> Date: Sat, 27 Jul 2019 17:03:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="o5ldLMAPrL0dPtj00uv9fujsBxP3pBlgD" Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 16:03:12 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --o5ldLMAPrL0dPtj00uv9fujsBxP3pBlgD Content-Type: multipart/mixed; boundary="jI7fSX0Aci8sj9Ewtw6EZcLbGRgkaFqHO"; protected-headers="v1" From: Stephen Farrell To: Russ Housley , LAMPS WG Message-ID: <46773340-6bba-6c54-7049-c6ec30488174@cs.tcd.ie> Subject: Re: [lamps] Proposed charter update regarding clarifications References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> --jI7fSX0Aci8sj9Ewtw6EZcLbGRgkaFqHO Content-Type: multipart/mixed; boundary="------------6771F8915697D4197B05AC45" Content-Language: en-GB This is a multi-part message in MIME format. --------------6771F8915697D4197B05AC45 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 27/07/2019 12:40, Russ Housley wrote: > At the meeting in Montreal, we suggested a charter update to allow clar= ifications. I suggest: >=20 > OLD: >=20 > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt > any of these potential work items without rechartering. >=20 > NEW: >=20 > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WG. The LAMPS WG may produce > clarifications where needed, but the LAMPS WG shall not adopt > anything beyond clarifications without rechartering. >=20 > Thoughts? Seems like another step on the road to re-creating PKIX which at the end produced pointless paper. IMO nothing should be done in this WG unless there's evidence the work will be implemented and deployed. S. >=20 > Russ > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >=20 --------------6771F8915697D4197B05AC45 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------6771F8915697D4197B05AC45-- --jI7fSX0Aci8sj9Ewtw6EZcLbGRgkaFqHO-- --o5ldLMAPrL0dPtj00uv9fujsBxP3pBlgD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl08dbcACgkQWrL68XsX K+rhug//WMJQiru7Caa016QTvMhjjE+deAhjtDOrnG32G+PTXImSe2vONZA56otU xCHVcF2ZEUS3P3LIJF+ywyF9K2L3jKtKPtrbdH3DWlxQY3EUsH9Lm63KbthvmMqC KrQLLlXhP7Jbw5pkJbi9trKvWe+lxS+F9+PlNo4VBzgWeKKE3mfmhQ9Y6B/iz5qi Kz8BaYc6A01cwV4NihK5pJoLD6oXXiywwy7Lw4yPPBdGVFj+rS9MBxHtXhi28/Ta D0MQNe0PabyH5jo0+1LRVMJJdOXrM3AAKC19LndPXaHGine5OSWX/WEuVh5yoZdB 4ks0YRKD3JMEx909YeIMhaXj9NgM/ge1ARDxkuWt0n5bpXifrejlC+wru8Ca9a8m vMNq/jQkRgI2Dgf1TUG/vttxZeojT1j7wDVHz30D7WZDfVA/r9AyEUab8hY/+L+v hH1jPEC3il23PL5BNrjGdVMYE3Fa2Dz2YSfvIMQxMQrKsDTakuDV+Ap+QKfNhgjg 9O1XsDVlDClwLMZDlD7Ex1t8wq+hIhGY4mL/ertmyc8EmEbe5XN0VmdJqM+4++4j aOH6V7eVi0sjX75mjZNOWh7wxRK3Jb3L1s9ZCRmoqOZ5yuy7h3Czdx1mHLja35cY q/LS0NcJsjM1Y5JflqSQPKPrYNUsYPm55H0GUUMt+rqk1giPVAg= =5+ip -----END PGP SIGNATURE----- --o5ldLMAPrL0dPtj00uv9fujsBxP3pBlgD-- From nobody Sat Jul 27 09:17:05 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB457120024 for ; Sat, 27 Jul 2019 09:17:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbISLjhkQSIp for ; Sat, 27 Jul 2019 09:17:02 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBA4D12001A for ; Sat, 27 Jul 2019 09:17:01 -0700 (PDT) Received: from pps.filterd (m0122330.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x6RGGbbv021711; Sat, 27 Jul 2019 17:16:56 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=duJzfMd6R8xIKy6JZw56oLlCustOFyY14w/JaX47a1o=; b=CLB8zDpsfVkJogsV0tPxYR1YRMKSnvAxNX5yqjsHnmNf8v82JGdXEwokjZcYbIqdzoeU rnJkhj76TuZRRsxh6ubiJ+Hyh7XrVOCxgKco3hx+rbEaa6MUr7gRZa7Ts7+Z+/IwqMGr UcgfomCmkBeL0jQ76iRZ8rAAsTKQTbTYUyynOwMhrPUYWz/mGyDBHRjGcAN7W9n+Ys1v NpvrVxpOnWQAb09lant00jdWwVbK7fgPBzSTYeq3wnraekTo/3L97nAPpCcQGGxBYORk 557w7koMHLJtL+niPrg6Wan02aBGS4W2NJYHzZqJUx984tAOR40SmB5XQFNLl0Xs0b2Z fQ== Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 2u0e8v9wd4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jul 2019 17:16:56 +0100 Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x6RG3mw4006919; Sat, 27 Jul 2019 09:16:56 -0700 Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint5.akamai.com with ESMTP id 2u0mk8r6rq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 27 Jul 2019 09:16:55 -0700 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 27 Jul 2019 12:16:55 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Sat, 27 Jul 2019 12:16:55 -0400 From: "Salz, Rich" To: Russ Housley , LAMPS WG Thread-Topic: [lamps] Proposed charter update regarding clarifications Thread-Index: AQHVRHASgHWOyDxjrUu01gmCUVZJrKbepIgA Date: Sat, 27 Jul 2019 16:16:54 +0000 Message-ID: References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1b.0.190715 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.33.79] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-27_13:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=576 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1907270201 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-07-27_13:2019-07-26,2019-07-27 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 suspectscore=0 adultscore=0 lowpriorityscore=0 phishscore=0 clxscore=1011 impostorscore=0 spamscore=0 bulkscore=0 mlxscore=0 mlxlogscore=557 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1907270204 Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 16:17:04 -0000 ICAgIEluIGFkZGl0aW9uLCB0aGUgTEFNUFMgV0cgbWF5IGludmVzdGlnYXRlIG90aGVyIHVwZGF0 ZXMgdG8gZG9jdW1lbnRzDQogICAgcHJvZHVjZWQgYnkgdGhlIFBLSVggYW5kIFMvTUlNRSBXRy4g VGhlIExBTVBTIFdHIG1heSBwcm9kdWNlDQogICAgY2xhcmlmaWNhdGlvbnMgd2hlcmUgbmVlZGVk LCBidXQgdGhlIExBTVBTIFdHIHNoYWxsIG5vdCBhZG9wdA0KICAgIGFueXRoaW5nIGJleW9uZCBj bGFyaWZpY2F0aW9ucyB3aXRob3V0IHJlY2hhcnRlcmluZy4NCg0KKzEgIE1heWJlIHBsdXJhbCBX R3M/DQoNCg== From nobody Sat Jul 27 09:20:12 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75929120024 for ; Sat, 27 Jul 2019 09:20:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.558 X-Spam-Level: X-Spam-Status: No, score=-1.558 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.091, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SrzonzkA_l2 for ; Sat, 27 Jul 2019 09:20:08 -0700 (PDT) Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC5D12001A for ; Sat, 27 Jul 2019 09:20:08 -0700 (PDT) Received: by mail-ed1-f43.google.com with SMTP id k8so55731305edr.11 for ; Sat, 27 Jul 2019 09:20:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=b/9nYU+ag+c2dkMVUiiOZepDXf0UQrLEfbPRkHXoEWQ=; b=SRuwRwdTJ+jJBAaYq+jsnXK3mnPGbCoSD7OerP5LrafZnhucGyK3ere8fuNnJ7NUHl MS1GdIMqaACXdKIySI7FoDlO5EEhPPJ9KbVomaoVxarMclcF2PNOdkZvvWCNKCtwASjq 2L3RszYVByAtZU8u0ZTdCImVN9ntVIr7MdZZxw4QgIDc73it+uLulV5YOzsVUvluxURB vvttX3W+9GodGRZ1UgLtEBL1k6jf4S3IGE38/rjfT0r7P8O74/9/nXDnp8cyfmIejX5P /r+N3qk2PG9bdh0mggl2EmUreeaguMMUQQ+Uu/ex+j/YZPX2q7/WnKQHEM6oonAj7hmL KuhQ== X-Gm-Message-State: APjAAAXijRXpP9dDJALSpB0Xr49SarQQmdyrs6LWPfrMUZ4stzFQyFE4 A2gx5wYWTrVhS4pm3ak27jvjMoXKZ/k= X-Google-Smtp-Source: APXvYqwJreZ9LvUyLHGpuu8tMI45Jcy7/MxPD3WWH6nByvJDyvhrWMZomv1NWp8LICHpKlFLSRHrWg== X-Received: by 2002:aa7:c393:: with SMTP id k19mr87703466edq.76.1564244406821; Sat, 27 Jul 2019 09:20:06 -0700 (PDT) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com. [209.85.128.44]) by smtp.gmail.com with ESMTPSA id i8sm14847507edg.12.2019.07.27.09.20.06 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Sat, 27 Jul 2019 09:20:06 -0700 (PDT) Received: by mail-wm1-f44.google.com with SMTP id u25so39651321wmc.4 for ; Sat, 27 Jul 2019 09:20:06 -0700 (PDT) X-Received: by 2002:a1c:cb01:: with SMTP id b1mr21639716wmg.69.1564244406381; Sat, 27 Jul 2019 09:20:06 -0700 (PDT) MIME-Version: 1.0 References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> <46773340-6bba-6c54-7049-c6ec30488174@cs.tcd.ie> In-Reply-To: <46773340-6bba-6c54-7049-c6ec30488174@cs.tcd.ie> From: Ryan Sleevi Date: Sat, 27 Jul 2019 12:19:54 -0400 X-Gmail-Original-Message-ID: Message-ID: To: Stephen Farrell Cc: LAMPS WG , Russ Housley Content-Type: multipart/alternative; boundary="0000000000002f329c058eac08c7" Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 16:20:11 -0000 --0000000000002f329c058eac08c7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Jul 27, 2019 at 12:03 PM Stephen Farrell wrote: > > > On 27/07/2019 12:40, Russ Housley wrote: > > At the meeting in Montreal, we suggested a charter update to allow > clarifications. I suggest: > > > > OLD: > > > > In addition, the LAMPS WG may investigate other updates to documents > > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt > > any of these potential work items without rechartering. > > > > NEW: > > > > In addition, the LAMPS WG may investigate other updates to documents > > produced by the PKIX and S/MIME WG. The LAMPS WG may produce > > clarifications where needed, but the LAMPS WG shall not adopt > > anything beyond clarifications without rechartering. > > > > Thoughts? > > Seems like another step on the road to re-creating PKIX > which at the end produced pointless paper. IMO nothing > should be done in this WG unless there's evidence the > work will be implemented and deployed. > > S. While I share the general sentiment, there is at least one clarification which has clear signs of deployment if there is IETF consensus on the text - https://tools.ietf.org/id/draft-turner-5480-ku-clarifications-00.html For example, https://github.com/zmap/zlint/pull/293 is used by the majority of the publicly trusted CAs, directly or indirectly, and would actively enforce such text. I too appreciate a narrowed scope, and wouldn=E2=80=99t be too miffed if an= y/every clarification was a matter for rechartering, and the WG only looked at chartering with this in scope. --0000000000002f329c058eac08c7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Sat, Jul 27, 2019 at 12:03 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wr= ote:


On 27/07/2019 12:40, Russ Housley wrote:
> At the meeting in Montreal, we suggested a charter update to allow cla= rifications.=C2=A0 I suggest:
>
> OLD:
>
> In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt<= br> > any of these potential work items without rechartering.
>
> NEW:
>
> In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WG. The LAMPS WG may produce
> clarifications where needed, but the LAMPS WG shall not adopt
> anything beyond clarifications without rechartering.
>
> Thoughts?

Seems like another step on the road to re-creating PKIX
which at the end produced pointless paper. IMO nothing
should be done in this WG unless there's evidence the
work will be implemented and deployed.

S.

While I share = the general sentiment, there is at least one clarification which has clear = signs of deployment if there is IETF consensus on the text -=C2=A0

For example,=C2=A0https://github.com/zmap= /zlint/pull/293 is used by the majority of the publicly trusted CAs, di= rectly or indirectly, and would actively enforce such text.

I too appreciate a narrowed scope, an= d wouldn=E2=80=99t be too miffed if any/every clarification was a matter fo= r rechartering, and the WG only looked at chartering with this in scope.
--0000000000002f329c058eac08c7-- From nobody Sat Jul 27 14:42:31 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7A0312008C for ; Sat, 27 Jul 2019 14:42:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 111gaz-_UhsJ for ; Sat, 27 Jul 2019 14:42:27 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFFC4120052 for ; Sat, 27 Jul 2019 14:42:27 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B64DA3818C; Sat, 27 Jul 2019 17:42:05 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A8C595D3; Sat, 27 Jul 2019 17:42:25 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jul 2019 21:42:30 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Russ Housley wrote: > At the meeting in Montreal, we suggested a charter update to allow > clarifications. I suggest: This change would seem to work for my document and subsequent equivalent ones. > OLD: > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt > any of these potential work items without rechartering. > NEW: > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WG. The LAMPS WG may produce > clarifications where needed, but the LAMPS WG shall not adopt anything > beyond clarifications without rechartering. > Thoughts? > Russ _______________________________________________ Spasm mailing li= st > Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm =2D-=20 Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl08xUEACgkQgItw+93Q 3WV4Ngf7BxGDmlZ+l52cyCuFFZBy8nJmpoim3Mj9QyISSVRYkLPlz60cxnYX3yS9 psGj41YLwnGO98nf1KPdgPCDnPDE9mzCECi4mXgSPGeo1f7JAJOOhhFD9wjBVGu0 B3STZiRRGGtIhTL70Wfry/dhTgttTr0WGjnk1gt9zV9l64VUubPSelN6HUr7awl3 OaLimPPfgRdOmxoUnQeuBS0mi2kHkaD9sFK4MSwOXKcfgxuyrJk48rEl+hfua2dL keRcBhf6cMl8Y5/Ish3AVyLkkK9DVWQQrRryGQQ39X6b9D7jJFaFA/rI3qYAZYQ8 f/HLv68wDuqUfxW48TigLq6ETtYccA== =/o6O -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Jul 28 09:49:41 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CBB612001B for ; Sun, 28 Jul 2019 09:49:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAMiZhoxAb4V for ; Sun, 28 Jul 2019 09:49:37 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A972212000F for ; Sun, 28 Jul 2019 09:49:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A9439300AFB for ; Sun, 28 Jul 2019 12:30:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bBVgFGdfhDr0 for ; Sun, 28 Jul 2019 12:30:17 -0400 (EDT) Received: from [172.20.3.215] (unknown [50.235.191.99]) by mail.smeinc.net (Postfix) with ESMTPSA id 3339A3005DB; Sun, 28 Jul 2019 12:30:16 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> Date: Sun, 28 Jul 2019 12:49:33 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <21504.1564174053@dooku.sandelman.ca> <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> To: Michael Richardson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jul 2019 16:49:40 -0000 Thinking about this some more, I think that the best way to resolve this = errata is to provide an appendix with an ASN.1 module. Here is my = suggestion: ~~~ -- There is no ASN.1 Module in RFC 7030. This module has been created -- by combining the lines that are contained in the document body. -- A module identifier needs to be assigned for this to be used. PKIXEST-2019 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-est-2019(TBD) } DEFINITIONS IMPLICIT TAGS ::=3D BEGIN -- EXPORTS ALL -- IMPORTS Attribute FROM CryptographicMessageSyntax-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) } ATTRIBUTE FROM PKIX-CommonTypes-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; -- CSR Attributes CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID AttrOrOID ::=3D CHOICE { oid OBJECT IDENTIFIER, attribute Attribute {{AttrSet}} } AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } -- Asymmetric Decrypt Key Identifier Attribute AttributesDefinedInRFC7030 ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, ... = } aa-asymmDecryptKeyID ATTRIBUTE ::=3D { TYPE AsymmetricDecryptKeyIdentifier IDENTIFIED BY id-aa-asymmDecryptKeyID } id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::=3D { iso(1) = member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 } AsymmetricDecryptKeyIdentifier ::=3D OCTET STRING END ~~~ A module identifier is needed. I do not know if IANA has ever assigned = an object identifier for an errata, but this seems like a much better = way to fix this issue. In addition, I made an assumption that the authors intended to use = IMPLICIT TAGS. That is the most common. Having this is the = specification will improve clarity and increase interoperability. Russ > On Jul 27, 2019, at 7:51 AM, Russ Housley = wrote: >=20 > The definition of ATTRIBUTE and Attribute should be IMPORTed, not = included here. >=20 > That leads to: >=20 > AttrOrOID ::=3D CHOICE { > oid OBJECT IDENTIFIER, > attribute Attribute {{AttrSet}} } >=20 > AttrSet ATTRIBUTE ::=3D { ... } >=20 > Russ >=20 >> On Jul 26, 2019, at 4:47 PM, Michael Richardson = wrote: >>=20 >> Signed PGP part >>=20 >> secdispatch said that >> = https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify= / >>=20 >> belongs in LAMPS. The word was that the charter did not include = fixing >> things. The first paragragh includes: >>=20 >> "Some updates have been proposed to the X.509 certificate documents >> produced by the PKIX Working Group and the electronic mail security >> documents produced by the S/MIME Working Group. >>=20 >> The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working >> Group is chartered to make updates where there is a known = constituency >> interested in real deployment and there is at least one sufficiently >> well specified approach to the update so that the working group can >> sensibly evaluate whether to adopt a proposal." >>=20 >> but the last paragraph says: >>=20 >> "In addition, the LAMPS WG may investigate other updates to = documents >> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not = adopt >> any of these potential work items without rechartering." >>=20 >> so I guess despite the weasel room at the beginning, it has to add >> a #. point for RFC7030. We have also discussed doing a light CMP = profile. >>=20 >> Maybe a single point could say something about updates to Certificate >> Enrollment protocols, include EST and CMP. >>=20 >> In the meantime, I need help evaluating the comments in >> https://www.rfc-editor.org/errata/eid4384 >>=20 >> I simply don't have the ASN.1-fu to understand &Type. >>=20 >> }Section 4.5.2 says: >> }CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID >> } >> }AttrOrOID ::=3D CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } >> } >> }Attribute { ATTRIBUTE:IOSet } ::=3D SEQUENCE { >> } type ATTRIBUTE.&id({IOSet}), >> } values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } >> ]It should say: >> } >> }AttrOrOID ::=3D CHOICE { >> } oid OBJECT IDENTIFIER, >> } attribute Attribute{YouNeedToDefineOrReferenceAnObjectSet} >> }} >>=20 >> I presumed that while the ATTRIBUTE.&Type({IOSet}{@type}) was pretty = much >> not understandable to me, that it was legitimate. I didn't know = exactly >> what the series of SET/SEQ it represented, but I just tweaked a bit >> and matched against the examples shown. I wound up with: >> Attribute =3D [ rfc822Name-OID, { [rfc822Name-value] } ] >>=20 >> []-seq >> {}-set >>=20 >> -- >> ] Never tell me the odds! | ipv6 mesh = networks [ >> ] Michael Richardson, Sandelman Software Works | network = architect [ >> ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on = rails [ >>=20 >>=20 >>=20 >>=20 >>=20 >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >>=20 >>=20 >>=20 >>=20 >>=20 >=20 From nobody Sun Jul 28 09:49:50 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B553F120181 for ; Sun, 28 Jul 2019 09:49:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7MGHpVFjXobC for ; Sun, 28 Jul 2019 09:49:43 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AFF81200A4 for ; Sun, 28 Jul 2019 09:49:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 491B4300AFB for ; Sun, 28 Jul 2019 12:30:25 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ARQfVkIsw538 for ; Sun, 28 Jul 2019 12:30:23 -0400 (EDT) Received: from [172.20.3.215] (unknown [50.235.191.99]) by mail.smeinc.net (Postfix) with ESMTPSA id 49DDE3005DB; Sun, 28 Jul 2019 12:30:23 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> Date: Sun, 28 Jul 2019 12:49:40 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: <547B521B-A93B-4E33-96A9-8B2DEE216748@vigilsec.com> References: <21504.1564174053@dooku.sandelman.ca> <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> To: Michael Richardson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jul 2019 16:49:49 -0000 Thinking about this some more, I think that the best way to resolve this = errata is to provide an appendix with an ASN.1 module. Here is my = suggestion: ~~~ -- There is no ASN.1 Module in RFC 7030. This module has been created -- by combining the lines that are contained in the document body. -- A module identifier needs to be assigned for this to be used. PKIXEST-2019 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-est-2019(TBD) } DEFINITIONS IMPLICIT TAGS ::=3D BEGIN -- EXPORTS ALL -- IMPORTS Attribute FROM CryptographicMessageSyntax-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) } ATTRIBUTE FROM PKIX-CommonTypes-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; -- CSR Attributes CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID AttrOrOID ::=3D CHOICE { oid OBJECT IDENTIFIER, attribute Attribute {{AttrSet}} } AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } -- Asymmetric Decrypt Key Identifier Attribute AttributesDefinedInRFC7030 ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, ... = } aa-asymmDecryptKeyID ATTRIBUTE ::=3D { TYPE AsymmetricDecryptKeyIdentifier IDENTIFIED BY id-aa-asymmDecryptKeyID } id-aa-asymmDecryptKeyID OBJECT IDENTIFIER ::=3D { iso(1) = member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 54 } AsymmetricDecryptKeyIdentifier ::=3D OCTET STRING END ~~~ A module identifier is needed. I do not know if IANA has ever assigned = an object identifier for an errata, but this seems like a much better = way to fix this issue. In addition, I made an assumption that the authors intended to use = IMPLICIT TAGS. That is the most common. Having this is the = specification will improve clarity and increase interoperability. Russ > On Jul 27, 2019, at 7:51 AM, Russ Housley = wrote: >=20 > The definition of ATTRIBUTE and Attribute should be IMPORTed, not = included here. >=20 > That leads to: >=20 > AttrOrOID ::=3D CHOICE { > oid OBJECT IDENTIFIER, > attribute Attribute {{AttrSet}} } >=20 > AttrSet ATTRIBUTE ::=3D { ... } >=20 > Russ >=20 >> On Jul 26, 2019, at 4:47 PM, Michael Richardson = wrote: >>=20 >> Signed PGP part >>=20 >> secdispatch said that >> = https://datatracker.ietf.org/doc/draft-richardson-lamps-rfc7030est-clarify= / >>=20 >> belongs in LAMPS. The word was that the charter did not include = fixing >> things. The first paragragh includes: >>=20 >> "Some updates have been proposed to the X.509 certificate documents >> produced by the PKIX Working Group and the electronic mail security >> documents produced by the S/MIME Working Group. >>=20 >> The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working >> Group is chartered to make updates where there is a known = constituency >> interested in real deployment and there is at least one sufficiently >> well specified approach to the update so that the working group can >> sensibly evaluate whether to adopt a proposal." >>=20 >> but the last paragraph says: >>=20 >> "In addition, the LAMPS WG may investigate other updates to = documents >> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not = adopt >> any of these potential work items without rechartering." >>=20 >> so I guess despite the weasel room at the beginning, it has to add >> a #. point for RFC7030. We have also discussed doing a light CMP = profile. >>=20 >> Maybe a single point could say something about updates to Certificate >> Enrollment protocols, include EST and CMP. >>=20 >> In the meantime, I need help evaluating the comments in >> https://www.rfc-editor.org/errata/eid4384 >>=20 >> I simply don't have the ASN.1-fu to understand &Type. >>=20 >> }Section 4.5.2 says: >> }CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID >> } >> }AttrOrOID ::=3D CHOICE (oid OBJECT IDENTIFIER, attribute Attribute } >> } >> }Attribute { ATTRIBUTE:IOSet } ::=3D SEQUENCE { >> } type ATTRIBUTE.&id({IOSet}), >> } values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } >> ]It should say: >> } >> }AttrOrOID ::=3D CHOICE { >> } oid OBJECT IDENTIFIER, >> } attribute Attribute{YouNeedToDefineOrReferenceAnObjectSet} >> }} >>=20 >> I presumed that while the ATTRIBUTE.&Type({IOSet}{@type}) was pretty = much >> not understandable to me, that it was legitimate. I didn't know = exactly >> what the series of SET/SEQ it represented, but I just tweaked a bit >> and matched against the examples shown. I wound up with: >> Attribute =3D [ rfc822Name-OID, { [rfc822Name-value] } ] >>=20 >> []-seq >> {}-set >>=20 >> -- >> ] Never tell me the odds! | ipv6 mesh = networks [ >> ] Michael Richardson, Sandelman Software Works | network = architect [ >> ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on = rails [ >>=20 >>=20 >>=20 >>=20 >>=20 >> -- >> Michael Richardson , Sandelman Software Works >> -=3D IPv6 IoT consulting =3D- >>=20 >>=20 >>=20 >>=20 >>=20 >=20 From nobody Mon Jul 29 04:59:15 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8625512019B for ; Mon, 29 Jul 2019 04:59:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuU7bankDNCA for ; Mon, 29 Jul 2019 04:59:09 -0700 (PDT) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30070.outbound.protection.outlook.com [40.107.3.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E0B120120 for ; Mon, 29 Jul 2019 04:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V0H0VarSg1x1fVDy2DRNu0yUlOM0k2T/FrKOJEKbJbux3aL9Q30mdXg3MS19N/cRQJSv7LCxgg1MWGozAF2vcGpaZ0kEcpnruoNaoldIS/MyIeY5VuCo3C7FfWBh7f0OJ3+M3bGvs0rK0PyIsf46MFiuP6y0khNQxDuEnUKe8u2TobYbc0CdBQcbvYFibImb2blBMeSo7x7ZX3ZO3vsng9FAml8z9qprq0Pf8KqpHG33vPwmOkqcF6nJmL47veDUxY5tOAIuxz96AQyfJ8/wfC1mfPEX97zEId8OCwm20uYgclOzcCKdSMQJz8tc+/FS9rgtRAP0lEExsFlah9bWog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OEuQYCjQ7mzdTQnhiT7DaqzMy8ScntvSmUuPYQoFDrM=; b=TqFkVA1NG/w+etPDCBkx4kUfnWmo7l6yLHVenCke5Rled0kWY5JLRE7HiCPonAXZF9Y4uhrNjbzGmQEzyIJhIAEdSqOI/o91HATWd8dHqnqqeYCHqsvASh3lAStmKvs1CVBmyvvtmt5tALS13JnVBYoVJegE/na0PClerN0YePPw1ahY1xfYiFdx5LZqXRgxRwqS22ydZ8dTGBKnG6UH6LM5AQAR2ad6Bivt5OgVoAU9iZKGbEX3/qGwTe8CboHcwYdMsOUAnKN8K/nEyGls1g772PsniHHIxY1/7qXw2mJpsnD8q0OZx+PKg7Pvz0A+fFA9H0hG1ZHutu3AksDnsw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OEuQYCjQ7mzdTQnhiT7DaqzMy8ScntvSmUuPYQoFDrM=; b=FZvpT+gp8wC51mFyQONZSEaO/2yAAyBmWrRvd68Yg2TTBi1UQLSKy+LF2GYCBeUNmcyGNGcQ/6xSwzUj5PicvL3D2DNZwT06/XTDcR+D3FE4fw87g0IYMwfclCKs9JvLo9/VzSAHiHzkCxF+NYbrfv5EA+IzaNnZpevmh8aMW9A= Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM (20.177.121.209) by DB7PR10MB2379.EURPRD10.PROD.OUTLOOK.COM (20.176.239.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Mon, 29 Jul 2019 11:59:06 +0000 Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c]) by DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c%7]) with mapi id 15.20.2115.005; Mon, 29 Jul 2019 11:59:06 +0000 From: "Brockhaus, Hendrik" To: Russ Housley , "spasm@ietf.org" Thread-Topic: [lamps] Request to add the CMP activities to the LAMPS charter Thread-Index: AdVC/1yDqiHBKiMuSN6L6Z+PFQlNYgACmNaAACG9Q+AAEkxggACKicWw Date: Mon, 29 Jul 2019 11:59:06 +0000 Message-ID: References: <1FD547B6-F127-4DD7-AE56-989E037AB7A6@vigilsec.com> <4CC67DC2-C5DB-4D0D-82D6-30CB3F17B6CA@vigilsec.com> In-Reply-To: <4CC67DC2-C5DB-4D0D-82D6-30CB3F17B6CA@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.166] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5773438e-79fe-4244-d355-08d7141c285d x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR10MB2379; x-ms-traffictypediagnostic: DB7PR10MB2379: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 01136D2D90 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(346002)(39860400002)(136003)(376002)(199004)(189003)(53936002)(7696005)(8676002)(81156014)(81166006)(8936002)(76176011)(33656002)(99286004)(66946007)(54896002)(6306002)(55016002)(76116006)(9686003)(236005)(19627235002)(71200400001)(71190400001)(86362001)(110136005)(316002)(66446008)(66476007)(64756008)(5660300002)(25786009)(2501003)(66556008)(52536014)(68736007)(790700001)(66574012)(186003)(6506007)(74316002)(102836004)(3846002)(6116002)(53546011)(478600001)(26005)(256004)(14444005)(486006)(6436002)(14454004)(11346002)(446003)(476003)(2906002)(66066001)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR10MB2379; H:DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gleO+/HK+yVEupPwf8/+tUDNgCSMvivWm7xJ0T2tPi6oH0kwBZABNmHqhWdpxpIDaDfHtlsXm5e7ITSHzJkMxlSaL7uCGdc04esNaQ30XltomxzpI9na0uGL2QXgpRu/+lFvAE+/s8qSDiurF7mIFi0TaY/XOYkHHxvXDNxahDyb51pn6Z2+J5otdS0fIlusnm4fkxgdoaUFK2AjGQ02twQVTFB1K/VGH3mUCUwjlm+3sSnS72SJr7Rf32zLE3mDGLfslEmYv1ilPtG6DQQ5iDeZjPzi7RDsKkDYyZqJsnJF3isxt6ksf1ZsMKl7h4HZ/V0E2KdK45ePz0kXhcWcPcXhlzHTDsyqNnVIqFSSACfwoLffkybIkrrc+QMtbNYzLrI+OsavEn9ycwXHO7mMq0JwJcUxjjPmPjM6EOsADPk= Content-Type: multipart/alternative; boundary="_000_DB7PR10MB2411D0F70F7188010D97CC70FEDD0DB7PR10MB2411EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5773438e-79fe-4244-d355-08d7141c285d X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2019 11:59:06.3792 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB2379 Archived-At: Subject: Re: [lamps] Request to add the CMP activities to the LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2019 11:59:13 -0000 --_000_DB7PR10MB2411D0F70F7188010D97CC70FEDD0DB7PR10MB2411EURP_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SnVzdCBmb3IgY2xhcml0eSBJIHdvdWxkIGxpa2UgdG8gYWRkIHRoZSB1cGRhdGVzIHRvIENNUCB0 byB0aGUgY2hhcnRlciB0ZXh0IGFzIGl0IGlzIGN1cnJlbnRseSBub3QgY292ZXJlZCBieSB0aGUg Z2VuZXJhbCBjaGFydGVyIGludHJvZHVjdGlvbi4NCg0KTmV3IHRleHQ6DQo4LiBBcyBjZXJ0aWZp Y2F0ZSBtYW5hZ2VtZW50IGdldHMgaW5jcmVhc2luZ2x5IGltcG9ydGFudCBpbiBtYW55DQplbnZp cm9ubWVudHMsIGl0IG5lZWRzIHRvIGJlIHRhaWxvcmVkIHRvIHRoZSBzcGVjaWZpYyBuZWVkcy4g Q01QIGlzIGFuDQpleGlzdGluZyBwcm90b2NvbCBvZmZlcnMgYSB2YXN0IHJhbmdlIG9mIGNlcnRp ZmljYXRlIG1hbmFnZW1lbnQgb3B0aW9ucywNCmFuZCBDTVAgaXMgYWxyZWFkeSBiZWluZyB1c2Vk IGluIGRpZmZlcmVudCBpbmR1c3RyaWFsIGVudmlyb25tZW50cy4gVGhlDQpMQU1QUyBXRyB3aWxs IGRldmVsb3AgYSAibGlnaHR3ZWlnaHQiIHByb2ZpbGUgb2YgQ01QIHRvIG1vcmUgZWZmaWNpZW50 bHkNCnN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzIGFuZCBiZXR0ZXIgZmFjaWxpdGF0ZSBpbnRl cm9wZXJhYmxlDQppbXBsZW1lbnRhdGlvbiwgd2hpbGUgcHJlc2VydmluZyBjcnlwdG9ncmFwaGlj IGFsZ29yaXRobSBhZ2lsaXR5Lg0KTmVjZXNzYXJ5IHVwZGF0ZXMgYW5kIGNsYXJpZmljYXRpb25z IHRvIENNUCB3aWxsIGJlIHNwZWNpZmllZCBpbiBhDQpzZXBhcmF0ZSBkb2N1bWVudC4NCg0KSGVu ZHJpaw0KDQpWb246IFNwYXNtIDxzcGFzbS1ib3VuY2VzQGlldGYub3JnPiBJbSBBdWZ0cmFnIHZv biBSdXNzIEhvdXNsZXkNCkdlc2VuZGV0OiBGcmVpdGFnLCAyNi4gSnVsaSAyMDE5IDE5OjQ1DQpB bjogc3Bhc21AaWV0Zi5vcmcNCkJldHJlZmY6IFJlOiBbbGFtcHNdIFJlcXVlc3QgdG8gYWRkIHRo ZSBDTVAgYWN0aXZpdGllcyB0byB0aGUgTEFNUFMgY2hhcnRlcg0KDQpJIGFtIGp1c3QgdHJ5aW5n IHRvIHNpbXBsaWZ5IHRoZSBsYW5ndWFnZSBhbmQgcHJvdmlkZSBhIGxpdHRsZSBiaXQgb2YgZmxl eGliaWxpdHkuICBQbGVhc2UgcmV2aWV3IHRoZSBwcm9wb3NlZCB0ZXh0IGFuZCBtaWxlc3RvbmVz Lg0KDQpSdXNzDQoNCj0gPSA9ID0gPSA9ID0NCg0KOC4gQXMgY2VydGlmaWNhdGUgbWFuYWdlbWVu dCBnZXRzIGluY3JlYXNpbmdseSBpbXBvcnRhbnQgaW4gbWFueQ0KZW52aXJvbm1lbnRzLCBpdCBu ZWVkcyB0byBiZSB0YWlsb3JlZCB0byB0aGUgc3BlY2lmaWMgbmVlZHMuIENNUCBpcyBhbg0KZXhp c3RpbmcgcHJvdG9jb2wgb2ZmZXJzIGEgdmFzdCByYW5nZSBvZiBjZXJ0aWZpY2F0ZSBtYW5hZ2Vt ZW50IG9wdGlvbnMsDQphbmQgQ01QIGlzIGFscmVhZHkgYmVpbmcgdXNlZCBpbiBkaWZmZXJlbnQg aW5kdXN0cmlhbCBlbnZpcm9ubWVudHMuIFRoZQ0KTEFNUFMgV0cgd2lsbCBkZXZlbG9wIGEgImxp Z2h0d2VpZ2h0IiBwcm9maWxlIG9mIENNUCB0byBtb3JlIGVmZmljaWVudGx5DQpzdXBwb3J0IG9m IHRoZXNlIHVzZSBjYXNlcyBhbmQgYmV0dGVyIGZhY2lsaXRhdGUgaW50ZXJvcGVyYWJsZQ0KaW1w bGVtZW50YXRpb24sIHdoaWxlIHByZXNlcnZpbmcgY3J5cHRvZ3JhcGhpYyBhbGdvcml0aG0gYWdp bGl0eS4NCg0KTWFyY2ggMjAyMCAtIFdHIGFkb3B0aW9uIG9mIEludGVybmV0LURyYWZ0cyBmb3Ig Q01QDQoNCk9jdG9iZXIgMjAyMCAtIEZvcndhcmQgQ01QIGRyYWZ0cyB0byBJRVNHIGZvciBwdWJs aWNhdGlvbiBvbiB0aGUgc3RhbmRhcmRzLXRyYWNrDQoNCg0KDQoNCk9uIEp1bCAyNiwgMjAxOSwg YXQgNTowNCBBTSwgQnJvY2toYXVzLCBIZW5kcmlrIDxoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5z LmNvbTxtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+PiB3cm90ZToNCg0K4oCc QXMgY2VydGlmaWNhdGUgbWFuYWdlbWVudCBnZXRzIGluY3JlYXNpbmdseSBpbXBvcnRhbnQgaW4g bWFueSBlbnZpcm9ubWVudHMsIGl0IG5lZWRzIHRvIGJlIHRhaWxvcmVkIHRvIHRoZSBzcGVjaWZp YyBuZWVkcy4gQ01QIGFzIGV4aXN0aW5nIHByb3RvY29sIG9mZmVycyBhIHZhc3QgcmFuZ2Ugb2Yg b3B0aW9ucy4gQXMgaXQgaXMgYWxyZWFkeSBiZWluZyBhcHBsaWVkIGluIGRpZmZlcmVudCBpbmR1 c3RyaWFsIGVudmlyb25tZW50cyBpdCBuZWVkcyB0byBiZSBlbmhhbmNlZCB0byBtb3JlIGVmZmlj aWVudGx5IHN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzLCBjcnlwdG8gYWdpbGl0eSBhbmQgc3Bl Y2lmaWMgY29tbXVuaWNhdGlvbiByZWxhdGlvbnMgb24gdGhlIG9uZSBoYW5kIGFuZCBwcm9maWxl ZCB0byB0aGUgbmVjZXNzYXJ5IGZ1bmN0aW9uYWxpdHkgb24gdGhlIG90aGVyIGhhbmQgdG8gZWFz ZSBhcHBsaWNhdGlvbiBhbmQgdG8gYmV0dGVyIGZhY2lsaXRhdGUgaW50ZXJvcGVyYWJsZSBpbXBs ZW1lbnRhdGlvbi7igJ0NCg0K --_000_DB7PR10MB2411D0F70F7188010D97CC70FEDD0DB7PR10MB2411EURP_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRS1NYWlsRm9ybWF0dm9ybGFn ZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7 bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBX b3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcwLjg1cHQgNzAu ODVwdCAyLjBjbSA3MC44NXB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlv bjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVs dHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0t W2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlk bWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2Vu ZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iREUiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJw bGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPkp1c3Qg Zm9yIGNsYXJpdHkgSSB3b3VsZCBsaWtlIHRvIGFkZCB0aGUgdXBkYXRlcyB0byBDTVAgdG8gdGhl IGNoYXJ0ZXIgdGV4dCBhcyBpdCBpcyBjdXJyZW50bHkgbm90IGNvdmVyZWQgYnkgdGhlIGdlbmVy YWwgY2hhcnRlciBpbnRyb2R1Y3Rpb24uPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFn ZTpFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+ TmV3IHRleHQ6DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBsYW5nPSJFTi1VUyI+OC4gQXMgY2VydGlmaWNhdGUgbWFuYWdlbWVudCBnZXRzIGluY3Jl YXNpbmdseSBpbXBvcnRhbnQgaW4gbWFueTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5lbnZpcm9ubWVudHMsIGl0IG5lZWRzIHRv IGJlIHRhaWxvcmVkIHRvIHRoZSBzcGVjaWZpYyBuZWVkcy4gQ01QIGlzIGFuPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPmV4aXN0 aW5nIHByb3RvY29sIG9mZmVycyBhIHZhc3QgcmFuZ2Ugb2YgY2VydGlmaWNhdGUgbWFuYWdlbWVu dCBvcHRpb25zLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIGxhbmc9IkVOLVVTIj5hbmQgQ01QIGlzIGFscmVhZHkgYmVpbmcgdXNlZCBpbiBkaWZmZXJl bnQgaW5kdXN0cmlhbCBlbnZpcm9ubWVudHMuIFRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5MQU1QUyBXRyB3aWxsIGRldmVs b3AgYSAmcXVvdDtsaWdodHdlaWdodCZxdW90OyBwcm9maWxlIG9mIENNUCB0byBtb3JlIGVmZmlj aWVudGx5PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiPnN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzIGFuZCBiZXR0ZXIgZmFjaWxp dGF0ZSBpbnRlcm9wZXJhYmxlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPmltcGxlbWVudGF0aW9uLCB3aGlsZSBwcmVzZXJ2aW5n IGNyeXB0b2dyYXBoaWMgYWxnb3JpdGhtIGFnaWxpdHkuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+TmVjZXNzYXJ5IHVwZGF0 ZXMgYW5kIGNsYXJpZmljYXRpb25zIHRvIENNUCB3aWxsIGJlIHNwZWNpZmllZCBpbiBhDQo8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1V UyI+c2VwYXJhdGUgZG9jdW1lbnQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpF Ti1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g bGFuZz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4t VVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+SGVuZHJpazxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHls ZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7 cGFkZGluZzowY20gMGNtIDBjbSA0LjBwdCI+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5v bmU7Ym9yZGVyLXRvcDpzb2xpZCAjRTFFMUUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBjbSAw Y20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+Vm9uOjwvYj4gU3Bhc20gJmx0O3NwYXNtLWJv dW5jZXNAaWV0Zi5vcmcmZ3Q7IDxiPkltIEF1ZnRyYWcgdm9uDQo8L2I+UnVzcyBIb3VzbGV5PGJy Pg0KPGI+R2VzZW5kZXQ6PC9iPiBGcmVpdGFnLCAyNi4gSnVsaSAyMDE5IDE5OjQ1PGJyPg0KPGI+ QW46PC9iPiBzcGFzbUBpZXRmLm9yZzxicj4NCjxiPkJldHJlZmY6PC9iPiBSZTogW2xhbXBzXSBS ZXF1ZXN0IHRvIGFkZCB0aGUgQ01QIGFjdGl2aXRpZXMgdG8gdGhlIExBTVBTIGNoYXJ0ZXI8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu YnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgYW0ganVzdCB0cnlpbmcgdG8g c2ltcGxpZnkgdGhlIGxhbmd1YWdlIGFuZCBwcm92aWRlIGEgbGl0dGxlIGJpdCBvZiBmbGV4aWJp bGl0eS4gJm5ic3A7UGxlYXNlIHJldmlldyB0aGUgcHJvcG9zZWQgdGV4dCBhbmQgbWlsZXN0b25l cy48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlJ1c3M8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PSA9ID0g PSA9ID0gPSZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjguIEFzIGNlcnRpZmljYXRlIG1hbmFnZW1lbnQgZ2V0cyBpbmNyZWFzaW5nbHkg aW1wb3J0YW50IGluIG1hbnk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPmVudmlyb25tZW50cywgaXQgbmVlZHMgdG8gYmUgdGFpbG9yZWQgdG8gdGhl IHNwZWNpZmljIG5lZWRzLiBDTVAgaXMgYW48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPmV4aXN0aW5nIHByb3RvY29sIG9mZmVycyBhIHZhc3QgcmFu Z2Ugb2YgY2VydGlmaWNhdGUgbWFuYWdlbWVudCBvcHRpb25zLDxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+YW5kIENNUCBpcyBhbHJlYWR5IGJlaW5n IHVzZWQgaW4gZGlmZmVyZW50IGluZHVzdHJpYWwgZW52aXJvbm1lbnRzLiBUaGU8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkxBTVBTIFdHIHdpbGwg ZGV2ZWxvcCBhICZxdW90O2xpZ2h0d2VpZ2h0JnF1b3Q7IHByb2ZpbGUgb2YgQ01QIHRvIG1vcmUg ZWZmaWNpZW50bHk8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPnN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzIGFuZCBiZXR0ZXIgZmFjaWxpdGF0ZSBp bnRlcm9wZXJhYmxlPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5pbXBsZW1lbnRhdGlvbiwgd2hpbGUgcHJlc2VydmluZyBjcnlwdG9ncmFwaGljIGFs Z29yaXRobSBhZ2lsaXR5LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+TWFyY2ggMjAyMCAtIFdHIGFkb3B0aW9uIG9mIEludGVybmV0 LURyYWZ0cyBmb3IgQ01QPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPk9jdG9iZXIgMjAyMCAtIEZvcndhcmQgQ01QIGRyYWZ0cyB0byBJRVNHIGZv ciBwdWJsaWNhdGlvbiBvbiB0aGUgc3RhbmRhcmRzLXRyYWNrJm5ic3A7PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnI+DQo8 YnI+DQo8bzpwPjwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0 O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIEp1 bCAyNiwgMjAxOSwgYXQgNTowNCBBTSwgQnJvY2toYXVzLCBIZW5kcmlrICZsdDs8YSBocmVmPSJt YWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20iPmhlbmRyaWsuYnJvY2toYXVzQHNp ZW1lbnMuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPuKAnEFzIGNlcnRpZmljYXRlIG1hbmFnZW1lbnQgZ2V0cyBpbmNyZWFzaW5nbHkgaW1w b3J0YW50IGluIG1hbnkgZW52aXJvbm1lbnRzLCBpdCBuZWVkcyB0byBiZSB0YWlsb3JlZCB0byB0 aGUgc3BlY2lmaWMgbmVlZHMuIENNUCBhcyBleGlzdGluZyBwcm90b2NvbCBvZmZlcnMgYSB2YXN0 IHJhbmdlIG9mIG9wdGlvbnMuIEFzIGl0IGlzIGFscmVhZHkgYmVpbmcgYXBwbGllZCBpbiBkaWZm ZXJlbnQgaW5kdXN0cmlhbA0KIGVudmlyb25tZW50cyBpdCBuZWVkcyB0byBiZSBlbmhhbmNlZCB0 byBtb3JlIGVmZmljaWVudGx5IHN1cHBvcnQgb2YgdGhlc2UgdXNlIGNhc2VzLCBjcnlwdG8gYWdp bGl0eSBhbmQgc3BlY2lmaWMgY29tbXVuaWNhdGlvbiByZWxhdGlvbnMgb24gdGhlIG9uZSBoYW5k IGFuZCBwcm9maWxlZCB0byB0aGUgbmVjZXNzYXJ5IGZ1bmN0aW9uYWxpdHkgb24gdGhlIG90aGVy IGhhbmQgdG8gZWFzZSBhcHBsaWNhdGlvbiBhbmQgdG8gYmV0dGVyIGZhY2lsaXRhdGUNCiBpbnRl cm9wZXJhYmxlIGltcGxlbWVudGF0aW9uLuKAnTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Js b2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_DB7PR10MB2411D0F70F7188010D97CC70FEDD0DB7PR10MB2411EURP_-- From nobody Mon Jul 29 05:13:59 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E39C312019C for ; Mon, 29 Jul 2019 05:13:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9p8wdTv3pS5j for ; Mon, 29 Jul 2019 05:13:55 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on061d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::61d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23C6B1200F8 for ; Mon, 29 Jul 2019 05:13:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SimyqJSS5W10XWe0oG5DE5qXAjSiqQlDojGh2g1zdx+NuoaystQ9ghvK138LsuZPSFOKL9jKvxarzmd9kTU5dDs5jbHB2h9EViJH97lodTvFLqfr0X4xbpVmfoMqlKUjdWzX68GZ2BGb2ZllVfL3fedn/CID8xTbUKQLNvg3Fbog7DhHkEju+Att1RPgAxSJp0Rw3qD6f9bneHUqf26LJmcpVTgB5RC3MsmjPCmdsS7r5dDWLqcREnqAwKyhnEJhvSHgEfFG3aOHpJNG3tWXMp7/FMsKfMS2jPnpiOrV8Ujy+kQxwHbH16FUuxcE/RvzQqXU2VMG/XkAtnO7xTuoPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9h+1Wot1sXcOFufZIeprLN22E7ZAqclV7pAl1D8+nnk=; b=bQc7N0xj5iUHQtDpsu4SM7Xm1kFX9x9Pw/CERjO56X76/ZkZkfPOZ3pk3WIrNoiEM0akv1utFGVWmtpDSZY/Sx7v27G6X4X0mwPsfwwJGEe16tLcJs3de3+sFaIgd2Lbz9HNmqN1cwL0CYElPlmmpK98FNOUTTvrDTGbtvUqtnbpFCMBkBGpLTzMv52zbbxN5joLaaG5QY1YFGDcWzf4+ozuREE1egdBd2acC97gasTc2h00bRbz2LsV3wiDKn16W6D8J7KRdhgGWJ3YmeNxtLdmCtDWEoQNcNsziKt4l9Ij9FNAqwY8SaKW3dI+fcKxyinkKhJs5KdDk4W+c+8BWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9h+1Wot1sXcOFufZIeprLN22E7ZAqclV7pAl1D8+nnk=; b=lGByjFNaxoYKqhJnliRFSQgApDUBfoL/TvL+IFiG2RAEadnzRoF3TqfaMO1qKn0zZZehmx3Yqb6Z+tlTJFAxjml7c/j7x/so5YXGDDhI60YSfZ1kOkkBEMkyqAWJTJowr2ipp/V6z4DPsuBE9srbwlQYx34uE3apd+YHwHxaUyI= Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM (20.177.121.209) by DB7PR10MB2490.EURPRD10.PROD.OUTLOOK.COM (20.177.122.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.13; Mon, 29 Jul 2019 12:13:52 +0000 Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c]) by DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c%7]) with mapi id 15.20.2115.005; Mon, 29 Jul 2019 12:13:52 +0000 From: "Brockhaus, Hendrik" To: Russ Housley , LAMPS WG Thread-Topic: [lamps] Proposed charter update regarding clarifications Thread-Index: AQHVRHAU976CKRQUrkqVEcAqKmzoNabhgnWA Date: Mon, 29 Jul 2019 12:13:52 +0000 Message-ID: References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.166] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 81faf95c-1f34-4b36-30f6-08d7141e38b1 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR10MB2490; x-ms-traffictypediagnostic: DB7PR10MB2490: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01136D2D90 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(136003)(366004)(396003)(346002)(189003)(199004)(8676002)(99286004)(6506007)(71200400001)(71190400001)(5660300002)(7736002)(26005)(55016002)(14454004)(9686003)(305945005)(76116006)(66446008)(64756008)(66476007)(66946007)(66556008)(7696005)(2906002)(8936002)(478600001)(33656002)(6436002)(74316002)(81166006)(81156014)(966005)(14444005)(476003)(102836004)(486006)(53936002)(256004)(11346002)(25786009)(66066001)(86362001)(6116002)(66574012)(3846002)(446003)(316002)(68736007)(45080400002)(110136005)(6306002)(186003)(52536014)(76176011)(15650500001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR10MB2490; H:DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: BZnzhi6nawlq3FkSbFIEokq2PbzRsTdREqk0KUXsDcAprClMGnGjKB9gOMJYW0H/kFwJQ68mHcXj+p1bag9Y3jFuGWtOs2D64FHq8DN6b7amaWOClBIwqm1yReVmsM4yt6xRSr8cxHT4nkbi4sIK+PC7r8fzuY3mdy7je4tOi6aFx+e2377E7XDobQWLmOaSV8mkBtCR/QtRAhieXBu6IdR9KySQDBfRqMVwl8NxZ9Ky6aJkZFE/hXNfnzShfzrvJwUjCVmf1QJ9EQrb1s0InfmMlF8v62mdswgznWnUKaCRTossJMsgL9UEjr7X6x6SkTTt9rMzHGdJQi/aLihgOL3bsBP5l8fTFdTatuQQwe2fkqERt6mFRcTGc6JTKVfoMCXWY1nsuD5Y0eWQCZC0AdOubwZq1P4gMdc1K4eMQlU= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 81faf95c-1f34-4b36-30f6-08d7141e38b1 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jul 2019 12:13:52.8145 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB2490 Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2019 12:13:58 -0000 I would be happy with the current text. But I guess there will be the need = for many updates at least with regard to support of upcoming crypto algorit= hms. Therefore the new text will ease the processes. Finally it will be a trade-off between administrative overhead vs. risk of = 'pointless paper'. Finally I am with Stephen, that nothing should be done w= ithout people willing to implement it. Hendrik > -----Urspr=FCngliche Nachricht----- > Von: Spasm Im Auftrag von Russ Housley > Gesendet: Samstag, 27. Juli 2019 13:40 > An: LAMPS WG > Betreff: [lamps] Proposed charter update regarding clarifications >=20 > At the meeting in Montreal, we suggested a charter update to allow > clarifications. I suggest: >=20 > OLD: >=20 > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt > any of these potential work items without rechartering. >=20 > NEW: >=20 > In addition, the LAMPS WG may investigate other updates to documents > produced by the PKIX and S/MIME WG. The LAMPS WG may produce > clarifications where needed, but the LAMPS WG shall not adopt anything > beyond clarifications without rechartering. >=20 > Thoughts? >=20 > Russ > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww > .ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik. > brockhaus%40siemens.com%7C28e8b2e7640e486105ab08d712873521%7C38 > ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636998244239259100&am > p;sdata=3D5wTBzw09KsNOVU%2FOZAIi94fIzXu2UZ%2Bm%2B12sIf%2FRS4w%3 > D&reserved=3D0 From nobody Mon Jul 29 07:22:29 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92BB9120100 for ; Mon, 29 Jul 2019 07:22:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdvLn3o6iCEh for ; Mon, 29 Jul 2019 07:22:25 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C236D1200C4 for ; Mon, 29 Jul 2019 07:22:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BBDC2300AA2 for ; Mon, 29 Jul 2019 10:03:07 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Rm9d-HEgRtAi for ; Mon, 29 Jul 2019 10:03:06 -0400 (EDT) Received: from [172.20.3.215] (unknown [50.235.191.99]) by mail.smeinc.net (Postfix) with ESMTPSA id 1D2B03004AF; Mon, 29 Jul 2019 10:03:06 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: Date: Mon, 29 Jul 2019 10:22:22 -0400 Cc: LAMPS WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> To: "Brockhaus, Hendrik" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2019 14:22:28 -0000 How does the update to RFC 5480 about key usage fit here? Russ > On Jul 29, 2019, at 8:13 AM, Brockhaus, Hendrik = wrote: >=20 > I would be happy with the current text. But I guess there will be the = need for many updates at least with regard to support of upcoming crypto = algorithms. Therefore the new text will ease the processes. > Finally it will be a trade-off between administrative overhead vs. = risk of 'pointless paper'. Finally I am with Stephen, that nothing = should be done without people willing to implement it. >=20 > Hendrik >=20 >> -----Urspr=C3=BCngliche Nachricht----- >> Von: Spasm Im Auftrag von Russ Housley >> Gesendet: Samstag, 27. Juli 2019 13:40 >> An: LAMPS WG >> Betreff: [lamps] Proposed charter update regarding clarifications >>=20 >> At the meeting in Montreal, we suggested a charter update to allow >> clarifications. I suggest: >>=20 >> OLD: >>=20 >> In addition, the LAMPS WG may investigate other updates to documents >> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt >> any of these potential work items without rechartering. >>=20 >> NEW: >>=20 >> In addition, the LAMPS WG may investigate other updates to documents >> produced by the PKIX and S/MIME WG. The LAMPS WG may produce >> clarifications where needed, but the LAMPS WG shall not adopt = anything >> beyond clarifications without rechartering. >>=20 >> Thoughts? >>=20 >> Russ >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww= >> .ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik. >> brockhaus%40siemens.com%7C28e8b2e7640e486105ab08d712873521%7C38 >> ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636998244239259100&am >> p;sdata=3D5wTBzw09KsNOVU%2FOZAIi94fIzXu2UZ%2Bm%2B12sIf%2FRS4w%3 >> D&reserved=3D0 >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Tue Jul 30 05:38:24 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5CD120178 for ; Tue, 30 Jul 2019 05:38:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2UNpAVPEKi3 for ; Tue, 30 Jul 2019 05:38:19 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50044.outbound.protection.outlook.com [40.107.5.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63D1B12006D for ; Tue, 30 Jul 2019 05:38:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MYmtJvNfUfMfTeGWgHFpAbW9cnOvwvDDaBIA3wGaYyY61+8gT+YUgB/JsTsMH04TdTbme/nrN7YAAY+S0ilMCcasMFEoUEetIhINDHtsisausFCL3quMuj6inSsNdIzEBn6g70yG4QLZyIj1ICrWMWO5HE1/vupEP9lpGnnRLv3zIm1rVXQFFJXGAZsRaAq+LXrVjsKcUsOG0Kll95RgqoIa9H5qo+nb0QLY4ghRggjk7Uyr40OEA+G9A50Ct0/BAKswQpJRbHGwP+3imdvvHAhd55AhSlD73PwsZAnazTQ3rMQuen+Vdrz/OhU17A54oX2e6nqL110KDLfzPWSdbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADKODZUKkDx/p/EJGcY+w9j6aYCCiQKy+bhRND6Yo9w=; b=QemLEFh2U+A+XTur94rFlWDXilW1SNHrlf4B2Fm4NkuirQbGVVFqb48qRODslgVp9NW9y3RWNltOziWpmpMgss5YupLt23tc6pWLc74g9uzLCeaigkJ2hx8khVVBCo6RAPdZERjdHy/BWO3P5qoDgV6/Kjqwdbzx5WTMgNBYwIHqQWPF3b/kZBSMXcydzoLP9jfzbbaOAxMAbUUS2npJv+QIys3iH1+866g/9ue9+j/9t7flLm+ySfcgaZ2EyjWtsVSJYnQboTNZTTJ4YKshdpMbdQJiQwQnb5C8mwMK/JSKu2mS6akU91pZoV7nvL/JfZ9vx3fsW146ONMJmod+tQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADKODZUKkDx/p/EJGcY+w9j6aYCCiQKy+bhRND6Yo9w=; b=HQp434pTDG1vsBJj8DAn64H4jXgBObJs/1rquUx3fWwqJFv+ZpV5qJ2yhw6WXM/s9AAiR+4QRQIjDJQwJLJDOc4AcyFCvCEWIfWA6ZBJdNxFe4dj9bSxnJyEF3wSas67+/QBy+jJA1dnB/lFyYrATYjD8isIWoiN/yZufwukt+M= Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM (20.177.121.209) by DB7PR10MB1962.EURPRD10.PROD.OUTLOOK.COM (52.134.103.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Tue, 30 Jul 2019 12:38:17 +0000 Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c]) by DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c%7]) with mapi id 15.20.2115.005; Tue, 30 Jul 2019 12:38:16 +0000 From: "Brockhaus, Hendrik" To: Russ Housley CC: LAMPS WG Thread-Topic: [lamps] Proposed charter update regarding clarifications Thread-Index: AQHVRHAU976CKRQUrkqVEcAqKmzoNabhgnWAgAAmvQCAAXRk4A== Date: Tue, 30 Jul 2019 12:38:16 +0000 Message-ID: References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 52a476fe-0b8a-44c4-6585-08d714eacbc1 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR10MB1962; x-ms-traffictypediagnostic: DB7PR10MB1962: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0114FF88F6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(366004)(346002)(396003)(189003)(199004)(66574012)(6306002)(15650500001)(11346002)(6916009)(446003)(64756008)(66556008)(66946007)(316002)(66066001)(305945005)(81166006)(81156014)(8676002)(966005)(26005)(9686003)(14454004)(86362001)(25786009)(8936002)(4326008)(478600001)(53936002)(55016002)(45080400002)(7696005)(6436002)(7736002)(3846002)(6506007)(76176011)(6116002)(102836004)(53546011)(486006)(99286004)(66476007)(74316002)(2906002)(256004)(68736007)(186003)(76116006)(71190400001)(71200400001)(5660300002)(66446008)(52536014)(33656002)(476003)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR10MB1962; H:DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: jp5AfPRMb5E16KCmQ2rSp9UJmYCtwz61GiUJo7k/FqP1wyTFs8IxgTyybrXjCMNq1SJOz5Rq1oIlUMzUQNcPRuCV8mNYTVN/IlfjCd6VCl7DYmv1J6eWs5qSVmbbjqBZ3x4wMzxHqpP+0bEyqH/DpijqnUaFjKIgTNz1aZH0HDUrdnafZnF3Eogr0mZt/Tvk/Tuk34lh2dL0q5xN8A+hjfOyyVpeQ5NUKjLPS6/abD20+lNopMTdnvXMgN8mJaDbUGgLxTsAlU+U8ZBqJMMSnh1Vkak3UUd50r7etwBWeqNOUcuJYzMiR66T3ZOi1mA6QpbW56deAJvP8CRVBAfkzApSNkUcskNkaoOghf2jj7ePQnqLVXiurVNmMaYHIVYiuZFOS1xLkN0xtAefjCEwiFui7UmKkYSqvY32oVrycX4= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52a476fe-0b8a-44c4-6585-08d714eacbc1 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2019 12:38:16.8007 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB1962 Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 12:38:22 -0000 SSBzZWUgdGhpcyBhcyBhIGNsYXJpZmljYXRpb24gdGhhdCBpcyBjb3JyZWN0IGJ1dCBubyBuZWNl c3NhcmlseSBuZWVkZWQsIGFzIGRpcmVjdCBlbmNpcGhlcm1lbnQgaXMgdGVjaG5pY2FsbHkgbm90 IHBvc3NpYmxlIHdpdGggZWMta2V5cy4NCkJ1dCBpdCBtYXkgYmUgaGVscGZ1bCB0byBoYXZlIHRo aXMgbW9yZSBleHBsaWNpdGx5IGFzIGN1cnJlbnRseSBzcGVjaWZpZWQuDQoNCkhlbmRyaWsNCg0K PiAtLS0tLVVyc3Byw7xuZ2xpY2hlIE5hY2hyaWNodC0tLS0tDQo+IFZvbjogU3Bhc20gPHNwYXNt LWJvdW5jZXNAaWV0Zi5vcmc+IEltIEF1ZnRyYWcgdm9uIFJ1c3MgSG91c2xleQ0KPiBHZXNlbmRl dDogTW9udGFnLCAyOS4gSnVsaSAyMDE5IDE2OjIyDQo+IEFuOiBCcm9ja2hhdXMsIEhlbmRyaWsg KENUIFJEQSBDU1QgU0VBLURFKQ0KPiA8aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+DQo+ IENjOiBMQU1QUyBXRyA8c3Bhc21AaWV0Zi5vcmc+DQo+IEJldHJlZmY6IFJlOiBbbGFtcHNdIFBy b3Bvc2VkIGNoYXJ0ZXIgdXBkYXRlIHJlZ2FyZGluZyBjbGFyaWZpY2F0aW9ucw0KPiANCj4gSG93 IGRvZXMgdGhlIHVwZGF0ZSB0byBSRkMgNTQ4MCBhYm91dCBrZXkgdXNhZ2UgZml0IGhlcmU/DQo+ IA0KPiBSdXNzDQo+IA0KPiA+IE9uIEp1bCAyOSwgMjAxOSwgYXQgODoxMyBBTSwgQnJvY2toYXVz LCBIZW5kcmlrDQo+IDxoZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNvbT4gd3JvdGU6DQo+ID4N Cj4gPiBJIHdvdWxkIGJlIGhhcHB5IHdpdGggdGhlIGN1cnJlbnQgdGV4dC4gQnV0IEkgZ3Vlc3Mg dGhlcmUgd2lsbCBiZSB0aGUgbmVlZA0KPiBmb3IgbWFueSB1cGRhdGVzIGF0IGxlYXN0IHdpdGgg cmVnYXJkIHRvIHN1cHBvcnQgb2YgdXBjb21pbmcgY3J5cHRvDQo+IGFsZ29yaXRobXMuIFRoZXJl Zm9yZSB0aGUgbmV3IHRleHQgd2lsbCBlYXNlIHRoZSBwcm9jZXNzZXMuDQo+ID4gRmluYWxseSBp dCB3aWxsIGJlIGEgdHJhZGUtb2ZmIGJldHdlZW4gYWRtaW5pc3RyYXRpdmUgb3ZlcmhlYWQgdnMu IHJpc2sgb2YNCj4gJ3BvaW50bGVzcyBwYXBlcicuIEZpbmFsbHkgSSBhbSB3aXRoIFN0ZXBoZW4s IHRoYXQgbm90aGluZyBzaG91bGQgYmUgZG9uZQ0KPiB3aXRob3V0IHBlb3BsZSB3aWxsaW5nIHRv IGltcGxlbWVudCBpdC4NCj4gPg0KPiA+IEhlbmRyaWsNCj4gPg0KPiA+PiAtLS0tLVVyc3Byw7xu Z2xpY2hlIE5hY2hyaWNodC0tLS0tDQo+ID4+IFZvbjogU3Bhc20gPHNwYXNtLWJvdW5jZXNAaWV0 Zi5vcmc+IEltIEF1ZnRyYWcgdm9uIFJ1c3MgSG91c2xleQ0KPiA+PiBHZXNlbmRldDogU2Ftc3Rh ZywgMjcuIEp1bGkgMjAxOSAxMzo0MA0KPiA+PiBBbjogTEFNUFMgV0cgPHNwYXNtQGlldGYub3Jn Pg0KPiA+PiBCZXRyZWZmOiBbbGFtcHNdIFByb3Bvc2VkIGNoYXJ0ZXIgdXBkYXRlIHJlZ2FyZGlu ZyBjbGFyaWZpY2F0aW9ucw0KPiA+Pg0KPiA+PiBBdCB0aGUgbWVldGluZyBpbiBNb250cmVhbCwg d2Ugc3VnZ2VzdGVkIGEgY2hhcnRlciB1cGRhdGUgdG8gYWxsb3cNCj4gPj4gY2xhcmlmaWNhdGlv bnMuICBJIHN1Z2dlc3Q6DQo+ID4+DQo+ID4+IE9MRDoNCj4gPj4NCj4gPj4gSW4gYWRkaXRpb24s IHRoZSBMQU1QUyBXRyBtYXkgaW52ZXN0aWdhdGUgb3RoZXIgdXBkYXRlcyB0byBkb2N1bWVudHMN Cj4gPj4gcHJvZHVjZWQgYnkgdGhlIFBLSVggYW5kIFMvTUlNRSBXR3MsIGJ1dCB0aGUgTEFNUFMg V0cgc2hhbGwgbm90DQo+IGFkb3B0DQo+ID4+IGFueSBvZiB0aGVzZSBwb3RlbnRpYWwgd29yayBp dGVtcyB3aXRob3V0IHJlY2hhcnRlcmluZy4NCj4gPj4NCj4gPj4gTkVXOg0KPiA+Pg0KPiA+PiBJ biBhZGRpdGlvbiwgdGhlIExBTVBTIFdHIG1heSBpbnZlc3RpZ2F0ZSBvdGhlciB1cGRhdGVzIHRv IGRvY3VtZW50cw0KPiA+PiBwcm9kdWNlZCBieSB0aGUgUEtJWCBhbmQgUy9NSU1FIFdHLiBUaGUg TEFNUFMgV0cgbWF5IHByb2R1Y2UNCj4gPj4gY2xhcmlmaWNhdGlvbnMgd2hlcmUgbmVlZGVkLCBi dXQgdGhlIExBTVBTIFdHIHNoYWxsIG5vdCBhZG9wdA0KPiA+PiBhbnl0aGluZyBiZXlvbmQgY2xh cmlmaWNhdGlvbnMgd2l0aG91dCByZWNoYXJ0ZXJpbmcuDQo+ID4+DQo+ID4+IFRob3VnaHRzPw0K PiA+Pg0KPiA+PiBSdXNzDQo+ID4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fDQo+ID4+IFNwYXNtIG1haWxpbmcgbGlzdA0KPiA+PiBTcGFzbUBpZXRmLm9y Zw0KPiA+PiBodHRwczovL3d3dw0KPiA+Pg0KPiAuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGlu Zm8lMkZzcGFzbSZhbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay4NCj4gPj4NCj4gYnJvY2toYXVz JTQwc2llbWVucy5jb20lN0MyOGU4YjJlNzY0MGU0ODYxMDVhYjA4ZDcxMjg3MzUyMSU3QzM4DQo+ ID4+DQo+IGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0MmUxNDk1ZDU1YSU3QzElN0MwJTdDNjM2OTk4MjQ0 MjM5MjU5MTAwJmFtDQo+ID4+DQo+IHA7c2RhdGE9NXdUQnp3MDlLc05PVlUlMkZPWkFJaTk0Zkl6 WHUyVVolMkJtJTJCMTJzSWYlMkZSUzR3JTMNCj4gPj4gRCZhbXA7cmVzZXJ2ZWQ9MA0KPiA+DQo+ ID4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBT cGFzbSBtYWlsaW5nIGxpc3QNCj4gPiBTcGFzbUBpZXRmLm9yZw0KPiA+DQo+IGh0dHBzOi8vZXVy MDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3 dw0KPiAuDQo+ID4NCj4gaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzcGFzbSZhbXA7 ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5iDQo+IHJvY2sNCj4gPg0KPiBoYXVzJTQwc2llbWVucy5j b20lN0M2MTkyZTUwZjgzNjE0ZTg2MWY3MjA4ZDcxNDMwMzcxNyU3QzM4YWUzYmNkDQo+IDk1Nzk0 Zg0KPiA+DQo+IGQ0YWRkYWI0MmUxNDk1ZDU1YSU3QzElN0MwJTdDNjM3MDAwMDY5NjIxNDczNDQy JmFtcDtzZGF0YT1YNUt0bw0KPiA2Y09FZkZ0DQo+ID4gbFBFZmVQc0h4MjNvdU1EN2RLWFJwUDVK ZUJmcWhudyUzRCZhbXA7cmVzZXJ2ZWQ9MA0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCj4gU3Bhc20gbWFpbGluZyBsaXN0DQo+IFNwYXNtQGll dGYub3JnDQo+IGh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20v P3VybD1odHRwcyUzQSUyRiUyRnd3dw0KPiAuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8l MkZzcGFzbSZhbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay4NCj4gYnJvY2toYXVzJTQwc2llbWVu cy5jb20lN0M2MTkyZTUwZjgzNjE0ZTg2MWY3MjA4ZDcxNDMwMzcxNyU3QzM4YQ0KPiBlM2JjZDk1 Nzk0ZmQ0YWRkYWI0MmUxNDk1ZDU1YSU3QzElN0MwJTdDNjM3MDAwMDY5NjIxNDczNDQyJmFtcDsN Cj4gc2RhdGE9WDVLdG82Y09FZkZ0bFBFZmVQc0h4MjNvdU1EN2RLWFJwUDVKZUJmcWhudyUzRCZh bXA7cmVzZXJ2DQo+IGVkPTANCg== From nobody Tue Jul 30 07:04:07 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FDDC1201D0 for ; Tue, 30 Jul 2019 07:04:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cKAR3S_vZo3c for ; Tue, 30 Jul 2019 07:04:02 -0700 (PDT) Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F511201E2 for ; Tue, 30 Jul 2019 07:04:01 -0700 (PDT) Received: by mail-wm1-x331.google.com with SMTP id s3so57271307wms.2 for ; Tue, 30 Jul 2019 07:04:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=ZCQ/BMOp2kKm/VGNJYhzYe4ESlqxRxyNH0TrkQQfS00=; b=M/Q3ewN6KEEqtik3ttTHqpHr9v6l917myuKf4yNLVtkYBDViBnfmFqbq7hYeLoha3t 2N2SHXGGIsS4VRCxNVDJ3yr3CCvxEXLKdIviPLDLobgTMhdF/RvLZtEMO01Bd4TZ5iBd N4GA4oHA4Gza4s055QfSaCbBm7x4b6QBwwyDM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ZCQ/BMOp2kKm/VGNJYhzYe4ESlqxRxyNH0TrkQQfS00=; b=RoGXu9gAvAqFdlOez9vL9A+N/yFd87+HhcQ/a9zwdt11/m6quZT95760x6iFQZNDj9 qLKZPtANUdoYBe+4eKOZ78xQtIqX3XXHz6f8PH5/x73FsA/zyDCKuGa4bNuvzQuBjA+d MgSNcULewhH6/NLvFYRExUD4BEoAZf3F4NhsafCkd+vVnXiYyqTIYmUQt4g4tPlv+h7O Kil6FLD/ZFcJoSs+B/ojVuQNnflo+IFRcf7YIZKHuvL8O3CrMUZC+pYAzrqngyg36V6J gBuzNE74QA0JjM+36KW/hHPIgTGXOl1yAEXySltGezbNKk2mJ1+OeIddZJF/krMwlYfi /Wuw== X-Gm-Message-State: APjAAAXQT92dRTZMvP01F2NneSlY8vSb4lSG9OWBZFccA4RmUwwrqiGr +qdA2/o9hAR44/AJhMxgM0v6+o38zEWvSP3vp0PSCg== X-Google-Smtp-Source: APXvYqw/rEiKpULw/tzDC6ZqtEpyCMs6416BGpV4S3YfRpE2KawDQ+1o/4OvvX8QfUfP7cLdFnk30u0OezSK9RUu7cQ= X-Received: by 2002:a05:600c:225a:: with SMTP id a26mr110851003wmm.81.1564495440057; Tue, 30 Jul 2019 07:04:00 -0700 (PDT) MIME-Version: 1.0 References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: Reply-To: cpu@letsencrypt.org From: Daniel McCarney Date: Tue, 30 Jul 2019 10:03:49 -0400 Message-ID: To: "Brockhaus, Hendrik" Cc: Russ Housley , LAMPS WG Content-Type: multipart/alternative; boundary="000000000000f54ca0058ee67afa" Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 14:04:05 -0000 --000000000000f54ca0058ee67afa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > > I see this as a clarification that is correct but no necessarily needed, > as direct encipherment is technically not possible with ec-keys. Hi Hendrik, I respectfully disagree that this is not needed. The existing language doesn't make this technical impossibility clear enough to prevent certificates with such key usage bits being seen in the real world. The more certificates with such nonsense KU's are produced the more likely it will be that other systems begin to special case this phenomenon, increasing complexity and the chance for more significant errors. If you chase the links through the zlint PR[0] I wrote that Ryan referenced earlier in thread you'll find your way to a Bugzilla bug[1] that references ~30 certificates issued by a trusted CA that contain the technically impossible KU in question (here's one example[2]). My experience within the larger web PKI ecosystem suggests to me this could be just the tip of the iceberg. I deeply sympathize with Stephen's appeal to not produce more useless paper but the update to RFC 5480 won't fall into this category. An update to RFC 5480 will both clarify a point that is causing demonstrated confusion for implementors and make it easier for the web PKI community to forbid the practice with haste. [0]: https://github.com/zmap/zlint/pull/293 [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=3D1560234 [2]: https://crt.sh/?id=3D741149075 On Tue, Jul 30, 2019 at 8:38 AM Brockhaus, Hendrik < hendrik.brockhaus@siemens.com> wrote: > I see this as a clarification that is correct but no necessarily needed, > as direct encipherment is technically not possible with ec-keys. > But it may be helpful to have this more explicitly as currently specified= . > > Hendrik > > > -----Urspr=C3=BCngliche Nachricht----- > > Von: Spasm Im Auftrag von Russ Housley > > Gesendet: Montag, 29. Juli 2019 16:22 > > An: Brockhaus, Hendrik (CT RDA CST SEA-DE) > > > > Cc: LAMPS WG > > Betreff: Re: [lamps] Proposed charter update regarding clarifications > > > > How does the update to RFC 5480 about key usage fit here? > > > > Russ > > > > > On Jul 29, 2019, at 8:13 AM, Brockhaus, Hendrik > > wrote: > > > > > > I would be happy with the current text. But I guess there will be the > need > > for many updates at least with regard to support of upcoming crypto > > algorithms. Therefore the new text will ease the processes. > > > Finally it will be a trade-off between administrative overhead vs. > risk of > > 'pointless paper'. Finally I am with Stephen, that nothing should be do= ne > > without people willing to implement it. > > > > > > Hendrik > > > > > >> -----Urspr=C3=BCngliche Nachricht----- > > >> Von: Spasm Im Auftrag von Russ Housley > > >> Gesendet: Samstag, 27. Juli 2019 13:40 > > >> An: LAMPS WG > > >> Betreff: [lamps] Proposed charter update regarding clarifications > > >> > > >> At the meeting in Montreal, we suggested a charter update to allow > > >> clarifications. I suggest: > > >> > > >> OLD: > > >> > > >> In addition, the LAMPS WG may investigate other updates to documents > > >> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not > > adopt > > >> any of these potential work items without rechartering. > > >> > > >> NEW: > > >> > > >> In addition, the LAMPS WG may investigate other updates to documents > > >> produced by the PKIX and S/MIME WG. The LAMPS WG may produce > > >> clarifications where needed, but the LAMPS WG shall not adopt > > >> anything beyond clarifications without rechartering. > > >> > > >> Thoughts? > > >> > > >> Russ > > >> _______________________________________________ > > >> Spasm mailing list > > >> Spasm@ietf.org > > >> https://www > > >> > > .ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik. > > >> > > brockhaus%40siemens.com%7C28e8b2e7640e486105ab08d712873521%7C38 > > >> > > ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636998244239259100&am > > >> > > p;sdata=3D5wTBzw09KsNOVU%2FOZAIi94fIzXu2UZ%2Bm%2B12sIf%2FRS4w%3 > > >> D&reserved=3D0 > > > > > > _______________________________________________ > > > Spasm mailing list > > > Spasm@ietf.org > > > > > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww > > . > > > > > ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik.b > > rock > > > > > haus%40siemens.com%7C6192e50f83614e861f7208d714303717%7C38ae3bcd > > 95794f > > > > > d4addab42e1495d55a%7C1%7C0%7C637000069621473442&sdata=3DX5Kto > > 6cOEfFt > > > lPEfePsHx23ouMD7dKXRpP5JeBfqhnw%3D&reserved=3D0 > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww > > .ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=3D02%7C01%7Chendrik. > > brockhaus%40siemens.com%7C6192e50f83614e861f7208d714303717%7C38a > > e3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637000069621473442& > > sdata=3DX5Kto6cOEfFtlPEfePsHx23ouMD7dKXRpP5JeBfqhnw%3D&reserv > > ed=3D0 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --000000000000f54ca0058ee67afa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I see th= is as a clarification that is correct but no necessarily needed, as direct = encipherment is technically not possible with ec-keys.
Hi Hendrik,

I respectfully disagree that this is not needed. The ex= isting language doesn't make this technical impossibility clear enough = to prevent certificates with such key usage bits being seen in the real wor= ld. The more certificates with such nonsense KU's are produced the more= likely it will be that other systems begin to special case this phenomenon= , increasing complexity and the chance for more significant errors.=C2=A0
If you chase the links through the zlint PR[0] I wrote that Ryan refe= renced earlier in thread you'll find your way to a Bugzilla bug[1] that= references ~30 certificates issued by a trusted CA that contain the techni= cally impossible KU in question (here's one example[2]). My experience = within the larger web PKI ecosystem suggests to me this could be just the t= ip of the iceberg.

I deeply sympathize with Stephen's appeal to = not produce more useless paper but the update to RFC 5480 won't fall in= to this category. An update to RFC 5480 will both clarify a point that is c= ausing demonstrated confusion for implementors and make it easier for the w= eb PKI community to forbid the practice with haste.=C2=A0

[0]:=C2=A0= https://github.com/zmap/= zlint/pull/293
[1]:=C2=A0https://bugzilla.mozilla.org/show_bug.cgi?id=3D1560= 234
[2]:=C2=A0https://crt= .sh/?id=3D741149075


<= div dir=3D"ltr" class=3D"gmail_attr">On Tue, Jul 30, 2019 at 8:38 AM Brockh= aus, Hendrik <hendrik.b= rockhaus@siemens.com> wrote:
I see this as a clarification that is correct but no ne= cessarily needed, as direct encipherment is technically not possible with e= c-keys.
But it may be helpful to have this more explicitly as currently specified.<= br>
Hendrik

> -----Urspr=C3=BCngliche Nachricht-----
> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Russ Housley
> Gesendet: Montag, 29. Juli 2019 16:22
> An: Brockhaus, Hendrik (CT RDA CST SEA-DE)
> <hendrik.brockhaus@siemens.com>
> Cc: LAMPS WG <s= pasm@ietf.org>
> Betreff: Re: [lamps] Proposed charter update regarding clarifications<= br> >
> How does the update to RFC 5480 about key usage fit here?
>
> Russ
>
> > On Jul 29, 2019, at 8:13 AM, Brockhaus, Hendrik
> <hendrik.brockhaus@siemens.com> wrote:
> >
> > I would be happy with the current text. But I guess there will be= the need
> for many updates at least with regard to support of upcoming crypto > algorithms. Therefore the new text will ease the processes.
> > Finally it will be a trade-off between administrative overhead vs= . risk of
> 'pointless paper'. Finally I am with Stephen, that nothing sho= uld be done
> without people willing to implement it.
> >
> > Hendrik
> >
> >> -----Urspr=C3=BCngliche Nachricht-----
> >> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Russ Housley > >> Gesendet: Samstag, 27. Juli 2019 13:40
> >> An: LAMPS WG <spasm@ietf.org>
> >> Betreff: [lamps] Proposed charter update regarding clarificat= ions
> >>
> >> At the meeting in Montreal, we suggested a charter update to = allow
> >> clarifications.=C2=A0 I suggest:
> >>
> >> OLD:
> >>
> >> In addition, the LAMPS WG may investigate other updates to do= cuments
> >> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall n= ot
> adopt
> >> any of these potential work items without rechartering.
> >>
> >> NEW:
> >>
> >> In addition, the LAMPS WG may investigate other updates to do= cuments
> >> produced by the PKIX and S/MIME WG. The LAMPS WG may produce<= br> > >> clarifications where needed, but the LAMPS WG shall not adopt=
> >> anything beyond clarifications without rechartering.
> >>
> >> Thoughts?
> >>
> >> Russ
> >> _______________________________________________
> >> Spasm mailing list
> >> Spasm@iet= f.org
> >> = https://www
> >>
> .ietf= .org%2Fmailman%2Flistinfo%2Fspasm&amp;data=3D02%7C01%7Chendrik.
> >>
> brockhaus%40siemens.com%7C28e8b2e7640e486105ab08d712873521%7C38
> >>
> ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C636998244239259100&am
> >>
> p;sdata=3D5wTBzw09KsNOVU%2FOZAIi94fIzXu2UZ%2Bm%2B12sIf%2FRS4w%3
> >> D&amp;reserved=3D0
> >
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.or= g
> >
> https://eur01.safelinks.= protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww
> .
> >
> ietf.= org%2Fmailman%2Flistinfo%2Fspasm&amp;data=3D02%7C01%7Chendrik.b
> rock
> >
> haus%40siemens.com%7C6192e50f83614e861f7208d714303717%7C38ae3bcd
> 95794f
> >
> d4addab42e1495d55a%7C1%7C0%7C637000069621473442&amp;sdata=3DX5Kto<= br> > 6cOEfFt
> > lPEfePsHx23ouMD7dKXRpP5JeBfqhnw%3D&amp;reserved=3D0
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org=
> https://eur01.safelinks.= protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww
> .ietf= .org%2Fmailman%2Flistinfo%2Fspasm&amp;data=3D02%7C01%7Chendrik.
> brockhaus%40siemens.com%7C6192e50f83614e861f7208d714303717%7C38a
> e3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637000069621473442&amp; > sdata=3DX5Kto6cOEfFtlPEfePsHx23ouMD7dKXRpP5JeBfqhnw%3D&amp;reserv<= br> > ed=3D0
_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--000000000000f54ca0058ee67afa-- From nobody Tue Jul 30 07:21:40 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20960120187 for ; Tue, 30 Jul 2019 07:21:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.299 X-Spam-Level: X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_HEX=0.1, URI_NOVOWEL=0.5] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yiOGVMmTJQfN for ; Tue, 30 Jul 2019 07:21:35 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0603.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::603]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DBBC120199 for ; Tue, 30 Jul 2019 07:21:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H8kq0DRxdjqv6HCtmSGaJ/5rlUEgNoC1SXhoNPkd5qsrfO0ZxUAkJ/Lx3DKVKIy3ujbCGQx3bTFmLGGtllLtq+fbHLCbZ5oa4aTEHbG2GT/yCs9CCN4Ms2WCsJ7HanOOH+xOV0QU8jzvDRArfHS3myxat11S9vMyoYr32eR5GyzUkWjJOyYwIoTtkBhTZQzKJ4rWmdttT0jUA90kLFMwa/IevgD7R7z6y4pScaP8PuDTXMErYQyCbRjguOj01Bh0CjhcoNaIyl3X2XJe7kTWkCb5FLSxPM0uFB00m5m7yGy+DDzaSUNPBmF8u2++c+9L3psC/KATl9FWAT17Vx1y0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jMckA4FudLAWHHwchky5DlhJSjWfX1xe+kn9f2daFC0=; b=Xo3dFEGL9Ay96tsExViQxPBX3YkdBzioN5gxNOzOu7u9ARvu8xBTfUjwTZGwed2HmFWV7x31PKseJlp/mPox5wLZvgJeF3hiMXuB0ZKn4MRkPBnmC6NWnDuiBNnAoo5GWyMAJlbReOU2CH8tWT2DaYiJgBE8AwG+/rFnaQUjJIpVx6iGCpKfgIrerXM2HarJ4RF+ytcMhvxtey1LuM2BNwdA4LsQPiSn0rYnlXTodKBD2fGqIZsEZp/r9Li9rKcEKYBbuu8HKF8ehEUFaAmya30Le/mnG8ukJB77VNeNc2aLo/nEW4CN5K0DpJpC4z9iC5ZO6ZEdVkhNQZgRXyV00Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=siemens.com;dmarc=pass action=none header.from=siemens.com;dkim=pass header.d=siemens.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector2-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jMckA4FudLAWHHwchky5DlhJSjWfX1xe+kn9f2daFC0=; b=s6XY/shKwAaJgeFrX4THAlsZYrOtkZQsld9wF8MoW5Lgh7gyDsmfGfrN6V/AxC3M16dSyBKgDuk1PdfKPAyZFYyrivHkbEnXFHNzetr8kgZJhcqJWW6r2t2GVNrYNbB5PZi6K+Mgy4L813QCRNaMwNrSuN5eXu+Qt8iFqRl2idw= Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM (20.177.121.209) by DB7PR10MB2491.EURPRD10.PROD.OUTLOOK.COM (20.176.238.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.13; Tue, 30 Jul 2019 14:21:20 +0000 Received: from DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c]) by DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM ([fe80::7113:bf0:9bf8:ee0c%7]) with mapi id 15.20.2115.005; Tue, 30 Jul 2019 14:21:20 +0000 From: "Brockhaus, Hendrik" To: "cpu@letsencrypt.org" CC: Russ Housley , LAMPS WG Thread-Topic: [lamps] Proposed charter update regarding clarifications Thread-Index: AQHVRHAU976CKRQUrkqVEcAqKmzoNabhgnWAgAAmvQCAAXRk4IAAGMKAgAAEVHA= Date: Tue, 30 Jul 2019 14:21:20 +0000 Message-ID: References: <3DB1B550-26FA-4F93-8CFA-434C1F8811D1@vigilsec.com> In-Reply-To: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-document-confidentiality: NotClassified authentication-results: spf=none (sender IP is ) smtp.mailfrom=hendrik.brockhaus@siemens.com; x-originating-ip: [195.145.170.173] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bebc4362-1b19-44cd-19df-08d714f93178 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR10MB2491; x-ms-traffictypediagnostic: DB7PR10MB2491: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0114FF88F6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(346002)(396003)(136003)(39860400002)(199004)(189003)(316002)(5660300002)(2420400007)(102836004)(476003)(2906002)(71200400001)(99286004)(86362001)(486006)(6436002)(14454004)(446003)(71190400001)(11346002)(15650500001)(6916009)(66446008)(7696005)(25786009)(54906003)(68736007)(26005)(186003)(76116006)(45080400002)(7736002)(478600001)(76176011)(66476007)(66946007)(74316002)(64756008)(66556008)(66574012)(966005)(55016002)(81156014)(81166006)(1730700003)(3846002)(66066001)(236005)(9686003)(6116002)(790700001)(8676002)(8936002)(256004)(52536014)(2351001)(2501003)(14444005)(4326008)(6306002)(53936002)(33656002)(6506007)(5640700003)(54896002)(19627235002)(53546011)(7110500001)(606006); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR10MB2491; H:DB7PR10MB2411.EURPRD10.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: siemens.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: EvGsKYQqe43fqLVCsDFWsUFOk/JeEoGVPdUR5V5nLUWWpQ6svfG+A7f2/Zij5gQUQtq++oxwcz9F3LAO0O1KPfPIVczijmJw9ZYPBI8ZSAbk6YFsUyt4e/d11S85EXE8WCBd2aZL89cTIzni0MHJapoHK8oxeeNzSoQMJgWGhD+HJbhsm9tsAJqi/aekAU0n9gNkfV5ECSPhFpZUXzM/3QEh0B1v3JSdoZ5x6EmWjEhw62+xcwXxyZaUSfVCbWnDSAyP7s6KsAEDLHHPeS9epW7THLtZtKKukNmVYsloNhk9qG70iNg2Wzy26/uex9msclbGQUNxO6u8rMicyxNecIY4SMfCUnTh6NQo06BQ6YyC/55YmMrbMYhXn1SFK51Ezs+YIbypyOAxudteBCvEqN4iaRP/A1WkTifW5CGWQr0= Content-Type: multipart/alternative; boundary="_000_DB7PR10MB24117042C96CE14664A75478FEDC0DB7PR10MB2411EURP_" MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: bebc4362-1b19-44cd-19df-08d714f93178 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2019 14:21:20.3942 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hendrik.brockhaus@siemens.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR10MB2491 Archived-At: Subject: Re: [lamps] Proposed charter update regarding clarifications X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 14:21:38 -0000 --_000_DB7PR10MB24117042C96CE14664A75478FEDC0DB7PR10MB2411EURP_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WW91IGFyZSBhYnNvbHV0ZWx5IHJpZ2h0LCB0aGUgZHJhZnQgbWFrZXMgaXQgbW9yZSBleHBsaWNp dCBmb3IgYWxsIHRob3NlIHdobyBkaWQgbm90IGtuZXcgaXQgYmVmb3JlIGFuZCB0aGlzIHdpbGwg aGVscCB5b3UgdG8gY2xhcmlmeSBpdC4NCg0KVm9uOiBEYW5pZWwgTWNDYXJuZXkgPGNwdUBsZXRz ZW5jcnlwdC5vcmc+DQpHZXNlbmRldDogRGllbnN0YWcsIDMwLiBKdWxpIDIwMTkgMTY6MDQNCg0K DQpJIHNlZSB0aGlzIGFzIGEgY2xhcmlmaWNhdGlvbiB0aGF0IGlzIGNvcnJlY3QgYnV0IG5vIG5l Y2Vzc2FyaWx5IG5lZWRlZCwgYXMgZGlyZWN0IGVuY2lwaGVybWVudCBpcyB0ZWNobmljYWxseSBu b3QgcG9zc2libGUgd2l0aCBlYy1rZXlzLg0KDQpIaSBIZW5kcmlrLA0KDQpJIHJlc3BlY3RmdWxs eSBkaXNhZ3JlZSB0aGF0IHRoaXMgaXMgbm90IG5lZWRlZC4gVGhlIGV4aXN0aW5nIGxhbmd1YWdl IGRvZXNuJ3QgbWFrZSB0aGlzIHRlY2huaWNhbCBpbXBvc3NpYmlsaXR5IGNsZWFyIGVub3VnaCB0 byBwcmV2ZW50IGNlcnRpZmljYXRlcyB3aXRoIHN1Y2gga2V5IHVzYWdlIGJpdHMgYmVpbmcgc2Vl biBpbiB0aGUgcmVhbCB3b3JsZC4gVGhlIG1vcmUgY2VydGlmaWNhdGVzIHdpdGggc3VjaCBub25z ZW5zZSBLVSdzIGFyZSBwcm9kdWNlZCB0aGUgbW9yZSBsaWtlbHkgaXQgd2lsbCBiZSB0aGF0IG90 aGVyIHN5c3RlbXMgYmVnaW4gdG8gc3BlY2lhbCBjYXNlIHRoaXMgcGhlbm9tZW5vbiwgaW5jcmVh c2luZyBjb21wbGV4aXR5IGFuZCB0aGUgY2hhbmNlIGZvciBtb3JlIHNpZ25pZmljYW50IGVycm9y cy4NCg0KSWYgeW91IGNoYXNlIHRoZSBsaW5rcyB0aHJvdWdoIHRoZSB6bGludCBQUlswXSBJIHdy b3RlIHRoYXQgUnlhbiByZWZlcmVuY2VkIGVhcmxpZXIgaW4gdGhyZWFkIHlvdSdsbCBmaW5kIHlv dXIgd2F5IHRvIGEgQnVnemlsbGEgYnVnWzFdIHRoYXQgcmVmZXJlbmNlcyB+MzAgY2VydGlmaWNh dGVzIGlzc3VlZCBieSBhIHRydXN0ZWQgQ0EgdGhhdCBjb250YWluIHRoZSB0ZWNobmljYWxseSBp bXBvc3NpYmxlIEtVIGluIHF1ZXN0aW9uIChoZXJlJ3Mgb25lIGV4YW1wbGVbMl0pLiBNeSBleHBl cmllbmNlIHdpdGhpbiB0aGUgbGFyZ2VyIHdlYiBQS0kgZWNvc3lzdGVtIHN1Z2dlc3RzIHRvIG1l IHRoaXMgY291bGQgYmUganVzdCB0aGUgdGlwIG9mIHRoZSBpY2ViZXJnLg0KDQpJIGRlZXBseSBz eW1wYXRoaXplIHdpdGggU3RlcGhlbidzIGFwcGVhbCB0byBub3QgcHJvZHVjZSBtb3JlIHVzZWxl c3MgcGFwZXIgYnV0IHRoZSB1cGRhdGUgdG8gUkZDIDU0ODAgd29uJ3QgZmFsbCBpbnRvIHRoaXMg Y2F0ZWdvcnkuIEFuIHVwZGF0ZSB0byBSRkMgNTQ4MCB3aWxsIGJvdGggY2xhcmlmeSBhIHBvaW50 IHRoYXQgaXMgY2F1c2luZyBkZW1vbnN0cmF0ZWQgY29uZnVzaW9uIGZvciBpbXBsZW1lbnRvcnMg YW5kIG1ha2UgaXQgZWFzaWVyIGZvciB0aGUgd2ViIFBLSSBjb21tdW5pdHkgdG8gZm9yYmlkIHRo ZSBwcmFjdGljZSB3aXRoIGhhc3RlLg0KDQpbMF06IGh0dHBzOi8vZ2l0aHViLmNvbS96bWFwL3ps aW50L3B1bGwvMjkzPGh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5j b20vP3VybD1odHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZ6bWFwJTJGemxpbnQlMkZwdWxsJTJG MjkzJmRhdGE9MDIlN0MwMSU3Q2hlbmRyaWsuYnJvY2toYXVzJTQwc2llbWVucy5jb20lN0NlZmE4 MTEwMWI0YmI0YWQ0NDQzOTA4ZDcxNGY2ZWVjZSU3QzM4YWUzYmNkOTU3OTRmZDRhZGRhYjQyZTE0 OTVkNTVhJTdDMSU3QzElN0M2MzcwMDA5MjMxMDc0MzUzODgmc2RhdGE9OFc4UWhmeElqVzEyVE1x ZTUlMkJiQldOdUlqc0hPeFpNZUF6RTllRjloNU9FJTNEJnJlc2VydmVkPTA+DQpbMV06IGh0dHBz Oi8vYnVnemlsbGEubW96aWxsYS5vcmcvc2hvd19idWcuY2dpP2lkPTE1NjAyMzQ8aHR0cHM6Ly9l dXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJG YnVnemlsbGEubW96aWxsYS5vcmclMkZzaG93X2J1Zy5jZ2klM0ZpZCUzRDE1NjAyMzQmZGF0YT0w MiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRh ZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0Mx JTdDMSU3QzYzNzAwMDkyMzEwNzQ0NTM4NiZzZGF0YT1nRTclMkZ5WFg0Yk5mc2xuWU9Oc3VjMW5O ZXVWdVBKViUyRmVKbUR5N3AlMkZ5WjFnJTNEJnJlc2VydmVkPTA+DQpbMl06IGh0dHBzOi8vY3J0 LnNoLz9pZD03NDExNDkwNzU8aHR0cHM6Ly9ldXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRs b29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGY3J0LnNoJTJGJTNGaWQlM0Q3NDExNDkwNzUmZGF0 YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRi YjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWEl N0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ0NTM4NiZzZGF0YT1vWWlrcllXZ2FPYmxqZUtWNHJieU9Y STFjbGVDdUJHNTZ1bmx0Y3htTEZnJTNEJnJlc2VydmVkPTA+DQoNCk9uIFR1ZSwgSnVsIDMwLCAy MDE5IGF0IDg6MzggQU0gQnJvY2toYXVzLCBIZW5kcmlrIDxoZW5kcmlrLmJyb2NraGF1c0BzaWVt ZW5zLmNvbTxtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+PiB3cm90ZToNCkkg c2VlIHRoaXMgYXMgYSBjbGFyaWZpY2F0aW9uIHRoYXQgaXMgY29ycmVjdCBidXQgbm8gbmVjZXNz YXJpbHkgbmVlZGVkLCBhcyBkaXJlY3QgZW5jaXBoZXJtZW50IGlzIHRlY2huaWNhbGx5IG5vdCBw b3NzaWJsZSB3aXRoIGVjLWtleXMuDQpCdXQgaXQgbWF5IGJlIGhlbHBmdWwgdG8gaGF2ZSB0aGlz IG1vcmUgZXhwbGljaXRseSBhcyBjdXJyZW50bHkgc3BlY2lmaWVkLg0KDQpIZW5kcmlrDQoNCj4g LS0tLS1VcnNwcsO8bmdsaWNoZSBOYWNocmljaHQtLS0tLQ0KPiBWb246IFNwYXNtIDxzcGFzbS1i b3VuY2VzQGlldGYub3JnPG1haWx0bzpzcGFzbS1ib3VuY2VzQGlldGYub3JnPj4gSW0gQXVmdHJh ZyB2b24gUnVzcyBIb3VzbGV5DQo+IEdlc2VuZGV0OiBNb250YWcsIDI5LiBKdWxpIDIwMTkgMTY6 MjINCj4gQW46IEJyb2NraGF1cywgSGVuZHJpayAoQ1QgUkRBIENTVCBTRUEtREUpDQo+IDxoZW5k cmlrLmJyb2NraGF1c0BzaWVtZW5zLmNvbTxtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVu cy5jb20+Pg0KPiBDYzogTEFNUFMgV0cgPHNwYXNtQGlldGYub3JnPG1haWx0bzpzcGFzbUBpZXRm Lm9yZz4+DQo+IEJldHJlZmY6IFJlOiBbbGFtcHNdIFByb3Bvc2VkIGNoYXJ0ZXIgdXBkYXRlIHJl Z2FyZGluZyBjbGFyaWZpY2F0aW9ucw0KPg0KPiBIb3cgZG9lcyB0aGUgdXBkYXRlIHRvIFJGQyA1 NDgwIGFib3V0IGtleSB1c2FnZSBmaXQgaGVyZT8NCj4NCj4gUnVzcw0KPg0KPiA+IE9uIEp1bCAy OSwgMjAxOSwgYXQgODoxMyBBTSwgQnJvY2toYXVzLCBIZW5kcmlrDQo+IDxoZW5kcmlrLmJyb2Nr aGF1c0BzaWVtZW5zLmNvbTxtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20+PiB3 cm90ZToNCj4gPg0KPiA+IEkgd291bGQgYmUgaGFwcHkgd2l0aCB0aGUgY3VycmVudCB0ZXh0LiBC dXQgSSBndWVzcyB0aGVyZSB3aWxsIGJlIHRoZSBuZWVkDQo+IGZvciBtYW55IHVwZGF0ZXMgYXQg bGVhc3Qgd2l0aCByZWdhcmQgdG8gc3VwcG9ydCBvZiB1cGNvbWluZyBjcnlwdG8NCj4gYWxnb3Jp dGhtcy4gVGhlcmVmb3JlIHRoZSBuZXcgdGV4dCB3aWxsIGVhc2UgdGhlIHByb2Nlc3Nlcy4NCj4g PiBGaW5hbGx5IGl0IHdpbGwgYmUgYSB0cmFkZS1vZmYgYmV0d2VlbiBhZG1pbmlzdHJhdGl2ZSBv dmVyaGVhZCB2cy4gcmlzayBvZg0KPiAncG9pbnRsZXNzIHBhcGVyJy4gRmluYWxseSBJIGFtIHdp dGggU3RlcGhlbiwgdGhhdCBub3RoaW5nIHNob3VsZCBiZSBkb25lDQo+IHdpdGhvdXQgcGVvcGxl IHdpbGxpbmcgdG8gaW1wbGVtZW50IGl0Lg0KPiA+DQo+ID4gSGVuZHJpaw0KPiA+DQo+ID4+IC0t LS0tVXJzcHLDvG5nbGljaGUgTmFjaHJpY2h0LS0tLS0NCj4gPj4gVm9uOiBTcGFzbSA8c3Bhc20t Ym91bmNlc0BpZXRmLm9yZzxtYWlsdG86c3Bhc20tYm91bmNlc0BpZXRmLm9yZz4+IEltIEF1ZnRy YWcgdm9uIFJ1c3MgSG91c2xleQ0KPiA+PiBHZXNlbmRldDogU2Ftc3RhZywgMjcuIEp1bGkgMjAx OSAxMzo0MA0KPiA+PiBBbjogTEFNUFMgV0cgPHNwYXNtQGlldGYub3JnPG1haWx0bzpzcGFzbUBp ZXRmLm9yZz4+DQo+ID4+IEJldHJlZmY6IFtsYW1wc10gUHJvcG9zZWQgY2hhcnRlciB1cGRhdGUg cmVnYXJkaW5nIGNsYXJpZmljYXRpb25zDQo+ID4+DQo+ID4+IEF0IHRoZSBtZWV0aW5nIGluIE1v bnRyZWFsLCB3ZSBzdWdnZXN0ZWQgYSBjaGFydGVyIHVwZGF0ZSB0byBhbGxvdw0KPiA+PiBjbGFy aWZpY2F0aW9ucy4gIEkgc3VnZ2VzdDoNCj4gPj4NCj4gPj4gT0xEOg0KPiA+Pg0KPiA+PiBJbiBh ZGRpdGlvbiwgdGhlIExBTVBTIFdHIG1heSBpbnZlc3RpZ2F0ZSBvdGhlciB1cGRhdGVzIHRvIGRv Y3VtZW50cw0KPiA+PiBwcm9kdWNlZCBieSB0aGUgUEtJWCBhbmQgUy9NSU1FIFdHcywgYnV0IHRo ZSBMQU1QUyBXRyBzaGFsbCBub3QNCj4gYWRvcHQNCj4gPj4gYW55IG9mIHRoZXNlIHBvdGVudGlh bCB3b3JrIGl0ZW1zIHdpdGhvdXQgcmVjaGFydGVyaW5nLg0KPiA+Pg0KPiA+PiBORVc6DQo+ID4+ DQo+ID4+IEluIGFkZGl0aW9uLCB0aGUgTEFNUFMgV0cgbWF5IGludmVzdGlnYXRlIG90aGVyIHVw ZGF0ZXMgdG8gZG9jdW1lbnRzDQo+ID4+IHByb2R1Y2VkIGJ5IHRoZSBQS0lYIGFuZCBTL01JTUUg V0cuIFRoZSBMQU1QUyBXRyBtYXkgcHJvZHVjZQ0KPiA+PiBjbGFyaWZpY2F0aW9ucyB3aGVyZSBu ZWVkZWQsIGJ1dCB0aGUgTEFNUFMgV0cgc2hhbGwgbm90IGFkb3B0DQo+ID4+IGFueXRoaW5nIGJl eW9uZCBjbGFyaWZpY2F0aW9ucyB3aXRob3V0IHJlY2hhcnRlcmluZy4NCj4gPj4NCj4gPj4gVGhv dWdodHM/DQo+ID4+DQo+ID4+IFJ1c3MNCj4gPj4gX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX18NCj4gPj4gU3Bhc20gbWFpbGluZyBsaXN0DQo+ID4+IFNwYXNt QGlldGYub3JnPG1haWx0bzpTcGFzbUBpZXRmLm9yZz4NCj4gPj4gaHR0cHM6Ly93d3cNCj4gPj4N Cj4gLmlldGYub3JnPGh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5j b20vP3VybD1odHRwJTNBJTJGJTJGaWV0Zi5vcmcmZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9j a2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdD MzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ1 NTM3NSZzZGF0YT1hVzZ3V2FNODdhb1FxRzEwbGJ6YnBnV2FrQ21BYjBDVU9uM256VE1aRnZjJTNE JnJlc2VydmVkPTA+JTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGc3Bhc20mYW1wO2RhdGE9MDIlN0Mw MSU3Q2hlbmRyaWsuDQo+ID4+DQo+IGJyb2NraGF1cyU0MHNpZW1lbnMuY29tPGh0dHBzOi8vZXVy MDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwJTNBJTJGJTJGNDBz aWVtZW5zLmNvbSZkYXRhPTAyJTdDMDElN0NoZW5kcmlrLmJyb2NraGF1cyU0MHNpZW1lbnMuY29t JTdDZWZhODExMDFiNGJiNGFkNDQ0MzkwOGQ3MTRmNmVlY2UlN0MzOGFlM2JjZDk1Nzk0ZmQ0YWRk YWI0MmUxNDk1ZDU1YSU3QzElN0MxJTdDNjM3MDAwOTIzMTA3NDU1Mzc1JnNkYXRhPWJwb2IxYk9M a1pEZHYyQnREUGU3QnNtcjQlMkIlMkZkNm93eXNzSW1zTGticmRNJTNEJnJlc2VydmVkPTA+JTdD MjhlOGIyZTc2NDBlNDg2MTA1YWIwOGQ3MTI4NzM1MjElN0MzOA0KPiA+Pg0KPiBhZTNiY2Q5NTc5 NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMCU3QzYzNjk5ODI0NDIzOTI1OTEwMCZhbQ0KPiA+ Pg0KPiBwO3NkYXRhPTV3VEJ6dzA5S3NOT1ZVJTJGT1pBSWk5NGZJelh1MlVaJTJCbSUyQjEyc0lm JTJGUlM0dyUzDQo+ID4+IEQmYW1wO3Jlc2VydmVkPTANCj4gPg0KPiA+IF9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+ID4gU3Bhc20gbWFpbGluZyBsaXN0 DQo+ID4gU3Bhc21AaWV0Zi5vcmc8bWFpbHRvOlNwYXNtQGlldGYub3JnPg0KPiA+DQo+IGh0dHBz Oi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUy RiUyRnd3dzxodHRwczovL3d3dz4NCj4gLg0KPiA+DQo+IGlldGYub3JnPGh0dHBzOi8vZXVyMDEu c2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwJTNBJTJGJTJGaWV0Zi5v cmcmZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgx MTAxYjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5 NWQ1NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ2NTM3OSZzZGF0YT1MR0VvQW0lMkJaUEl5ZDJP WVFmaCUyQklsY3J6RWlmSGVURGhBZkd4OFFlM01mbyUzRCZyZXNlcnZlZD0wPiUyRm1haWxtYW4l MkZsaXN0aW5mbyUyRnNwYXNtJmFtcDtkYXRhPTAyJTdDMDElN0NoZW5kcmlrLmINCj4gcm9jaw0K PiA+DQo+IGhhdXMlNDBzaWVtZW5zLmNvbTxodHRwczovL2V1cjAxLnNhZmVsaW5rcy5wcm90ZWN0 aW9uLm91dGxvb2suY29tLz91cmw9aHR0cCUzQSUyRiUyRjQwc2llbWVucy5jb20mZGF0YT0wMiU3 QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRhZDQ0 NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdD MSU3QzYzNzAwMDkyMzEwNzQ2NTM3OSZzZGF0YT1NWWdKJTJGNiUyQmVPaklWM0k5ZWZGenhTa1El MkY0Q01FalRvNmhXcWNDaGVKNmxFJTNEJnJlc2VydmVkPTA+JTdDNjE5MmU1MGY4MzYxNGU4NjFm NzIwOGQ3MTQzMDM3MTclN0MzOGFlM2JjZA0KPiA5NTc5NGYNCj4gPg0KPiBkNGFkZGFiNDJlMTQ5 NWQ1NWElN0MxJTdDMCU3QzYzNzAwMDA2OTYyMTQ3MzQ0MiZhbXA7c2RhdGE9WDVLdG8NCj4gNmNP RWZGdA0KPiA+IGxQRWZlUHNIeDIzb3VNRDdkS1hScFA1SmVCZnFobnclM0QmYW1wO3Jlc2VydmVk PTANCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N Cj4gU3Bhc20gbWFpbGluZyBsaXN0DQo+IFNwYXNtQGlldGYub3JnPG1haWx0bzpTcGFzbUBpZXRm Lm9yZz4NCj4gaHR0cHM6Ly9ldXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/ dXJsPWh0dHBzJTNBJTJGJTJGd3d3PGh0dHBzOi8vd3d3Pg0KPiAuaWV0Zi5vcmc8aHR0cHM6Ly9l dXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkZp ZXRmLm9yZyZkYXRhPTAyJTdDMDElN0NoZW5kcmlrLmJyb2NraGF1cyU0MHNpZW1lbnMuY29tJTdD ZWZhODExMDFiNGJiNGFkNDQ0MzkwOGQ3MTRmNmVlY2UlN0MzOGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0 MmUxNDk1ZDU1YSU3QzElN0MxJTdDNjM3MDAwOTIzMTA3NDc1MzcxJnNkYXRhPWFwckJOS2NGZjVM ZzN6cUtBTXVxaHNNVzdGUyUyQmlmOTY0YUJ5ZGVkalZqWSUzRCZyZXNlcnZlZD0wPiUyRm1haWxt YW4lMkZsaXN0aW5mbyUyRnNwYXNtJmFtcDtkYXRhPTAyJTdDMDElN0NoZW5kcmlrLg0KPiBicm9j a2hhdXMlNDBzaWVtZW5zLmNvbTxodHRwczovL2V1cjAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91 dGxvb2suY29tLz91cmw9aHR0cCUzQSUyRiUyRjQwc2llbWVucy5jb20mZGF0YT0wMiU3QzAxJTdD aGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhk NzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYz NzAwMDkyMzEwNzQ3NTM3MSZzZGF0YT1oajVLR3puRTQ3WDJhcGs1ZWFmNTlCNFJLRmM5UDNRcUla SEVQR3oyWnRVJTNEJnJlc2VydmVkPTA+JTdDNjE5MmU1MGY4MzYxNGU4NjFmNzIwOGQ3MTQzMDM3 MTclN0MzOGENCj4gZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMCU3QzYzNzAw MDA2OTYyMTQ3MzQ0MiZhbXA7DQo+IHNkYXRhPVg1S3RvNmNPRWZGdGxQRWZlUHNIeDIzb3VNRDdk S1hScFA1SmVCZnFobnclM0QmYW1wO3Jlc2Vydg0KPiBlZD0wDQpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3Bhc20gbWFpbGluZyBsaXN0DQpTcGFzbUBp ZXRmLm9yZzxtYWlsdG86U3Bhc21AaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NwYXNtPGh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0 bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUyRm1haWxtYW4lMkZsaXN0 aW5mbyUyRnNwYXNtJmRhdGE9MDIlN0MwMSU3Q2hlbmRyaWsuYnJvY2toYXVzJTQwc2llbWVucy5j b20lN0NlZmE4MTEwMWI0YmI0YWQ0NDQzOTA4ZDcxNGY2ZWVjZSU3QzM4YWUzYmNkOTU3OTRmZDRh ZGRhYjQyZTE0OTVkNTVhJTdDMSU3QzElN0M2MzcwMDA5MjMxMDc0NzUzNzEmc2RhdGE9JTJCQiUy RnpDRGhMbUtXWUlHaE05enRkUFVWVWVFOXJqaWo5UCUyQktqVFpIbm9wcyUzRCZyZXNlcnZlZD0w Pg0K --_000_DB7PR10MB24117042C96CE14664A75478FEDC0DB7PR10MB2411EURP_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6ZHQ9InV1aWQ6QzJGNDEwMTAtNjVC My0xMWQxLUEyOUYtMDBBQTAwQzE0ODgyIiB4bWxuczptPSJodHRwOi8vc2NoZW1hcy5taWNyb3Nv ZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy9UUi9S RUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250 ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1ldGEgbmFtZT0iR2VuZXJhdG9yIiBj b250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQgbWVkaXVtKSI+DQo8c3R5bGU+PCEt LQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2Ft YnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UN Cgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9 DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2 Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250 LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGlu aywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJs dWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlw ZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsN Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFs MCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJn aW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FLU1haWxGb3JtYXR2b3JsYWdlMTgN Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp ZjsNCgltc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7 c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcwLjg1cHQgNzAuODVwdCAyLjBjbSA3MC44 NXB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHls ZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQi IHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+ PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0 IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFk Pg0KPGJvZHkgbGFuZz0iREUiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFz cz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVT IiBzdHlsZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVMiPllvdSBhcmUgYWJzb2x1dGVseSBy aWdodCwgdGhlIGRyYWZ0IG1ha2VzIGl0IG1vcmUgZXhwbGljaXQgZm9yIGFsbCB0aG9zZSB3aG8g ZGlkIG5vdCBrbmV3IGl0IGJlZm9yZSBhbmQgdGhpcyB3aWxsIGhlbHAgeW91IHRvIGNsYXJpZnkg aXQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFu Zz0iRU4tVVMiIHN0eWxlPSJtc28tZmFyZWFzdC1sYW5ndWFnZTpFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29s aWQgYmx1ZSAxLjVwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDQuMHB0Ij4NCjxkaXY+DQo8ZGl2IHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzoz LjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Wb246PC9iPiBEYW5p ZWwgTWNDYXJuZXkgJmx0O2NwdUBsZXRzZW5jcnlwdC5vcmcmZ3Q7IDxicj4NCjxiPkdlc2VuZGV0 OjwvYj4gRGllbnN0YWcsIDMwLiBKdWxpIDIwMTkgMTY6MDQ8YnI+DQo8YnI+DQo8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxkaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxl ZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRkaW5nOjBjbSAwY20gMGNtIDYuMHB0O21hcmdpbi1s ZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBzZWUg dGhpcyBhcyBhIGNsYXJpZmljYXRpb24gdGhhdCBpcyBjb3JyZWN0IGJ1dCBubyBuZWNlc3Nhcmls eSBuZWVkZWQsIGFzIGRpcmVjdCBlbmNpcGhlcm1lbnQgaXMgdGVjaG5pY2FsbHkgbm90IHBvc3Np YmxlIHdpdGggZWMta2V5cy48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWJvdHRvbToxMi4wcHQiPjxicj4NCkhp IEhlbmRyaWssPGJyPg0KPGJyPg0KSSByZXNwZWN0ZnVsbHkgZGlzYWdyZWUgdGhhdCB0aGlzIGlz IG5vdCBuZWVkZWQuIFRoZSBleGlzdGluZyBsYW5ndWFnZSBkb2Vzbid0IG1ha2UgdGhpcyB0ZWNo bmljYWwgaW1wb3NzaWJpbGl0eSBjbGVhciBlbm91Z2ggdG8gcHJldmVudCBjZXJ0aWZpY2F0ZXMg d2l0aCBzdWNoIGtleSB1c2FnZSBiaXRzIGJlaW5nIHNlZW4gaW4gdGhlIHJlYWwgd29ybGQuIFRo ZSBtb3JlIGNlcnRpZmljYXRlcyB3aXRoIHN1Y2ggbm9uc2Vuc2UgS1UncyBhcmUgcHJvZHVjZWQN CiB0aGUgbW9yZSBsaWtlbHkgaXQgd2lsbCBiZSB0aGF0IG90aGVyIHN5c3RlbXMgYmVnaW4gdG8g c3BlY2lhbCBjYXNlIHRoaXMgcGhlbm9tZW5vbiwgaW5jcmVhc2luZyBjb21wbGV4aXR5IGFuZCB0 aGUgY2hhbmNlIGZvciBtb3JlIHNpZ25pZmljYW50IGVycm9ycy4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9tOjEyLjBwdCI+PHNw YW4gbGFuZz0iRU4tVVMiPjxicj4NCklmIHlvdSBjaGFzZSB0aGUgbGlua3MgdGhyb3VnaCB0aGUg emxpbnQgUFJbMF0gSSB3cm90ZSB0aGF0IFJ5YW4gcmVmZXJlbmNlZCBlYXJsaWVyIGluIHRocmVh ZCB5b3UnbGwgZmluZCB5b3VyIHdheSB0byBhIEJ1Z3ppbGxhIGJ1Z1sxXSB0aGF0IHJlZmVyZW5j ZXMgfjMwIGNlcnRpZmljYXRlcyBpc3N1ZWQgYnkgYSB0cnVzdGVkIENBIHRoYXQgY29udGFpbiB0 aGUgdGVjaG5pY2FsbHkgaW1wb3NzaWJsZSBLVSBpbiBxdWVzdGlvbiAoaGVyZSdzIG9uZQ0KIGV4 YW1wbGVbMl0pLiA8L3NwYW4+TXkgZXhwZXJpZW5jZSB3aXRoaW4gdGhlIGxhcmdlciB3ZWIgUEtJ IGVjb3N5c3RlbSBzdWdnZXN0cyB0byBtZSB0aGlzIGNvdWxkIGJlIGp1c3QgdGhlIHRpcCBvZiB0 aGUgaWNlYmVyZy48YnI+DQo8YnI+DQpJIGRlZXBseSBzeW1wYXRoaXplIHdpdGggU3RlcGhlbidz IGFwcGVhbCB0byBub3QgcHJvZHVjZSBtb3JlIHVzZWxlc3MgcGFwZXIgYnV0IHRoZSB1cGRhdGUg dG8gUkZDIDU0ODAgd29uJ3QgZmFsbCBpbnRvIHRoaXMgY2F0ZWdvcnkuIEFuIHVwZGF0ZSB0byBS RkMgNTQ4MCB3aWxsIGJvdGggY2xhcmlmeSBhIHBvaW50IHRoYXQgaXMgY2F1c2luZyBkZW1vbnN0 cmF0ZWQgY29uZnVzaW9uIGZvciBpbXBsZW1lbnRvcnMgYW5kIG1ha2UgaXQgZWFzaWVyDQogZm9y IHRoZSB3ZWIgUEtJIGNvbW11bml0eSB0byBmb3JiaWQgdGhlIHByYWN0aWNlIHdpdGggaGFzdGUu Jm5ic3A7PGJyPg0KPGJyPg0KWzBdOiZuYnNwOzxhIGhyZWY9Imh0dHBzOi8vZXVyMDEuc2FmZWxp bmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20l MkZ6bWFwJTJGemxpbnQlMkZwdWxsJTJGMjkzJmFtcDtkYXRhPTAyJTdDMDElN0NoZW5kcmlrLmJy b2NraGF1cyU0MHNpZW1lbnMuY29tJTdDZWZhODExMDFiNGJiNGFkNDQ0MzkwOGQ3MTRmNmVlY2Ul N0MzOGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0MmUxNDk1ZDU1YSU3QzElN0MxJTdDNjM3MDAwOTIzMTA3 NDM1Mzg4JmFtcDtzZGF0YT04VzhRaGZ4SWpXMTJUTXFlNSUyQmJCV051SWpzSE94Wk1lQXpFOWVG OWg1T0UlM0QmYW1wO3Jlc2VydmVkPTAiPmh0dHBzOi8vZ2l0aHViLmNvbS96bWFwL3psaW50L3B1 bGwvMjkzPC9hPjxicj4NClsxXTombmJzcDs8YSBocmVmPSJodHRwczovL2V1cjAxLnNhZmVsaW5r cy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZidWd6aWxsYS5tb3pp bGxhLm9yZyUyRnNob3dfYnVnLmNnaSUzRmlkJTNEMTU2MDIzNCZhbXA7ZGF0YT0wMiU3QzAxJTdD aGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhk NzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYz NzAwMDkyMzEwNzQ0NTM4NiZhbXA7c2RhdGE9Z0U3JTJGeVhYNGJOZnNsbllPTnN1YzFuTmV1VnVQ SlYlMkZlSm1EeTdwJTJGeVoxZyUzRCZhbXA7cmVzZXJ2ZWQ9MCI+aHR0cHM6Ly9idWd6aWxsYS5t b3ppbGxhLm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTU2MDIzNDwvYT48YnI+DQpbMl06Jm5ic3A7PGEg aHJlZj0iaHR0cHM6Ly9ldXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJs PWh0dHBzJTNBJTJGJTJGY3J0LnNoJTJGJTNGaWQlM0Q3NDExNDkwNzUmYW1wO2RhdGE9MDIlN0Mw MSU3Q2hlbmRyaWsuYnJvY2toYXVzJTQwc2llbWVucy5jb20lN0NlZmE4MTEwMWI0YmI0YWQ0NDQz OTA4ZDcxNGY2ZWVjZSU3QzM4YWUzYmNkOTU3OTRmZDRhZGRhYjQyZTE0OTVkNTVhJTdDMSU3QzEl N0M2MzcwMDA5MjMxMDc0NDUzODYmYW1wO3NkYXRhPW9ZaWtyWVdnYU9ibGplS1Y0cmJ5T1hJMWNs ZUN1Qkc1NnVubHRjeG1MRmclM0QmYW1wO3Jlc2VydmVkPTAiPmh0dHBzOi8vY3J0LnNoLz9pZD03 NDExNDkwNzU8L2E+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPk9uIFR1ZSwgSnVsIDMwLCAyMDE5IGF0IDg6MzggQU0gQnJvY2toYXVzLCBIZW5k cmlrICZsdDs8YSBocmVmPSJtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVucy5jb20iPmhl bmRyaWsuYnJvY2toYXVzQHNpZW1lbnMuY29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xp ZCAjQ0NDQ0NDIDEuMHB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44 cHQ7bWFyZ2luLXJpZ2h0OjBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIHNlZSB0aGlzIGFz IGEgY2xhcmlmaWNhdGlvbiB0aGF0IGlzIGNvcnJlY3QgYnV0IG5vIG5lY2Vzc2FyaWx5IG5lZWRl ZCwgYXMgZGlyZWN0IGVuY2lwaGVybWVudCBpcyB0ZWNobmljYWxseSBub3QgcG9zc2libGUgd2l0 aCBlYy1rZXlzLjxicj4NCkJ1dCBpdCBtYXkgYmUgaGVscGZ1bCB0byBoYXZlIHRoaXMgbW9yZSBl eHBsaWNpdGx5IGFzIGN1cnJlbnRseSBzcGVjaWZpZWQuPGJyPg0KPGJyPg0KSGVuZHJpazxicj4N Cjxicj4NCiZndDsgLS0tLS1VcnNwcsO8bmdsaWNoZSBOYWNocmljaHQtLS0tLTxicj4NCiZndDsg Vm9uOiBTcGFzbSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNwYXNtLWJvdW5jZXNAaWV0Zi5vcmciIHRh cmdldD0iX2JsYW5rIj5zcGFzbS1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgSW0gQXVmdHJhZyB2 b24gUnVzcyBIb3VzbGV5PGJyPg0KJmd0OyBHZXNlbmRldDogTW9udGFnLCAyOS4gSnVsaSAyMDE5 IDE2OjIyPGJyPg0KJmd0OyBBbjogQnJvY2toYXVzLCBIZW5kcmlrIChDVCBSREEgQ1NUIFNFQS1E RSk8YnI+DQomZ3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86aGVuZHJpay5icm9ja2hhdXNAc2llbWVu cy5jb20iIHRhcmdldD0iX2JsYW5rIj5oZW5kcmlrLmJyb2NraGF1c0BzaWVtZW5zLmNvbTwvYT4m Z3Q7PGJyPg0KJmd0OyBDYzogTEFNUFMgV0cgJmx0OzxhIGhyZWY9Im1haWx0bzpzcGFzbUBpZXRm Lm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnNwYXNtQGlldGYub3JnPC9hPiZndDs8YnI+DQomZ3Q7IEJl dHJlZmY6IFJlOiBbbGFtcHNdIFByb3Bvc2VkIGNoYXJ0ZXIgdXBkYXRlIHJlZ2FyZGluZyBjbGFy aWZpY2F0aW9uczxicj4NCiZndDsgPGJyPg0KJmd0OyBIb3cgZG9lcyB0aGUgdXBkYXRlIHRvIFJG QyA1NDgwIGFib3V0IGtleSB1c2FnZSBmaXQgaGVyZT88YnI+DQomZ3Q7IDxicj4NCiZndDsgUnVz czxicj4NCiZndDsgPGJyPg0KJmd0OyAmZ3Q7IE9uIEp1bCAyOSwgMjAxOSwgYXQgODoxMyBBTSwg QnJvY2toYXVzLCBIZW5kcmlrPGJyPg0KJmd0OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmhlbmRyaWsu YnJvY2toYXVzQHNpZW1lbnMuY29tIiB0YXJnZXQ9Il9ibGFuayI+aGVuZHJpay5icm9ja2hhdXNA c2llbWVucy5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7ICZndDsg SSB3b3VsZCBiZSBoYXBweSB3aXRoIHRoZSBjdXJyZW50IHRleHQuIEJ1dCBJIGd1ZXNzIHRoZXJl IHdpbGwgYmUgdGhlIG5lZWQ8YnI+DQomZ3Q7IGZvciBtYW55IHVwZGF0ZXMgYXQgbGVhc3Qgd2l0 aCByZWdhcmQgdG8gc3VwcG9ydCBvZiB1cGNvbWluZyBjcnlwdG88YnI+DQomZ3Q7IGFsZ29yaXRo bXMuIFRoZXJlZm9yZSB0aGUgbmV3IHRleHQgd2lsbCBlYXNlIHRoZSBwcm9jZXNzZXMuPGJyPg0K Jmd0OyAmZ3Q7IEZpbmFsbHkgaXQgd2lsbCBiZSBhIHRyYWRlLW9mZiBiZXR3ZWVuIGFkbWluaXN0 cmF0aXZlIG92ZXJoZWFkIHZzLiByaXNrIG9mPGJyPg0KJmd0OyAncG9pbnRsZXNzIHBhcGVyJy4g RmluYWxseSBJIGFtIHdpdGggU3RlcGhlbiwgdGhhdCBub3RoaW5nIHNob3VsZCBiZSBkb25lPGJy Pg0KJmd0OyB3aXRob3V0IHBlb3BsZSB3aWxsaW5nIHRvIGltcGxlbWVudCBpdC48YnI+DQomZ3Q7 ICZndDs8YnI+DQomZ3Q7ICZndDsgSGVuZHJpazxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgJmd0 OyZndDsgLS0tLS1VcnNwcsO8bmdsaWNoZSBOYWNocmljaHQtLS0tLTxicj4NCiZndDsgJmd0OyZn dDsgVm9uOiBTcGFzbSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNwYXNtLWJvdW5jZXNAaWV0Zi5vcmci IHRhcmdldD0iX2JsYW5rIj5zcGFzbS1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgSW0gQXVmdHJh ZyB2b24gUnVzcyBIb3VzbGV5PGJyPg0KJmd0OyAmZ3Q7Jmd0OyBHZXNlbmRldDogU2Ftc3RhZywg MjcuIEp1bGkgMjAxOSAxMzo0MDxicj4NCiZndDsgJmd0OyZndDsgQW46IExBTVBTIFdHICZsdDs8 YSBocmVmPSJtYWlsdG86c3Bhc21AaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5zcGFzbUBpZXRm Lm9yZzwvYT4mZ3Q7PGJyPg0KJmd0OyAmZ3Q7Jmd0OyBCZXRyZWZmOiBbbGFtcHNdIFByb3Bvc2Vk IGNoYXJ0ZXIgdXBkYXRlIHJlZ2FyZGluZyBjbGFyaWZpY2F0aW9uczxicj4NCiZndDsgJmd0OyZn dDs8YnI+DQomZ3Q7ICZndDsmZ3Q7IEF0IHRoZSBtZWV0aW5nIGluIE1vbnRyZWFsLCB3ZSBzdWdn ZXN0ZWQgYSBjaGFydGVyIHVwZGF0ZSB0byBhbGxvdzxicj4NCiZndDsgJmd0OyZndDsgY2xhcmlm aWNhdGlvbnMuJm5ic3A7IEkgc3VnZ2VzdDo8YnI+DQomZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAm Z3Q7Jmd0OyBPTEQ6PGJyPg0KJmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyZndDsgSW4gYWRk aXRpb24sIHRoZSBMQU1QUyBXRyBtYXkgaW52ZXN0aWdhdGUgb3RoZXIgdXBkYXRlcyB0byBkb2N1 bWVudHM8YnI+DQomZ3Q7ICZndDsmZ3Q7IHByb2R1Y2VkIGJ5IHRoZSBQS0lYIGFuZCBTL01JTUUg V0dzLCBidXQgdGhlIExBTVBTIFdHIHNoYWxsIG5vdDxicj4NCiZndDsgYWRvcHQ8YnI+DQomZ3Q7 ICZndDsmZ3Q7IGFueSBvZiB0aGVzZSBwb3RlbnRpYWwgd29yayBpdGVtcyB3aXRob3V0IHJlY2hh cnRlcmluZy48YnI+DQomZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAmZ3Q7Jmd0OyBORVc6PGJyPg0K Jmd0OyAmZ3Q7Jmd0Ozxicj4NCiZndDsgJmd0OyZndDsgSW4gYWRkaXRpb24sIHRoZSBMQU1QUyBX RyBtYXkgaW52ZXN0aWdhdGUgb3RoZXIgdXBkYXRlcyB0byBkb2N1bWVudHM8YnI+DQomZ3Q7ICZn dDsmZ3Q7IHByb2R1Y2VkIGJ5IHRoZSBQS0lYIGFuZCBTL01JTUUgV0cuIFRoZSBMQU1QUyBXRyBt YXkgcHJvZHVjZTxicj4NCiZndDsgJmd0OyZndDsgY2xhcmlmaWNhdGlvbnMgd2hlcmUgbmVlZGVk LCBidXQgdGhlIExBTVBTIFdHIHNoYWxsIG5vdCBhZG9wdDxicj4NCiZndDsgJmd0OyZndDsgYW55 dGhpbmcgYmV5b25kIGNsYXJpZmljYXRpb25zIHdpdGhvdXQgcmVjaGFydGVyaW5nLjxicj4NCiZn dDsgJmd0OyZndDs8YnI+DQomZ3Q7ICZndDsmZ3Q7IFRob3VnaHRzPzxicj4NCiZndDsgJmd0OyZn dDs8YnI+DQomZ3Q7ICZndDsmZ3Q7IFJ1c3M8YnI+DQomZ3Q7ICZndDsmZ3Q7IF9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KJmd0OyAmZ3Q7Jmd0OyBT cGFzbSBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7ICZndDsmZ3Q7IDxhIGhyZWY9Im1haWx0bzpTcGFz bUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPlNwYXNtQGlldGYub3JnPC9hPjxicj4NCiZndDsg Jmd0OyZndDsgPGEgaHJlZj0iaHR0cHM6Ly93d3ciIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3 dzwvYT48YnI+DQomZ3Q7ICZndDsmZ3Q7PGJyPg0KJmd0OyAuPGEgaHJlZj0iaHR0cHM6Ly9ldXIw MS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkZpZXRm Lm9yZyZhbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3 Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFi NDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ1NTM3NSZhbXA7c2RhdGE9YVc2d1dh TTg3YW9RcUcxMGxiemJwZ1dha0NtQWIwQ1VPbjNuelRNWkZ2YyUzRCZhbXA7cmVzZXJ2ZWQ9MCIg dGFyZ2V0PSJfYmxhbmsiPmlldGYub3JnPC9hPiUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRnNwYXNt JmFtcDthbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay48YnI+DQomZ3Q7ICZndDsmZ3Q7PGJyPg0K Jmd0OyBicm9ja2hhdXMlPGEgaHJlZj0iaHR0cHM6Ly9ldXIwMS5zYWZlbGlua3MucHJvdGVjdGlv bi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkY0MHNpZW1lbnMuY29tJmFtcDtkYXRhPTAy JTdDMDElN0NoZW5kcmlrLmJyb2NraGF1cyU0MHNpZW1lbnMuY29tJTdDZWZhODExMDFiNGJiNGFk NDQ0MzkwOGQ3MTRmNmVlY2UlN0MzOGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0MmUxNDk1ZDU1YSU3QzEl N0MxJTdDNjM3MDAwOTIzMTA3NDU1Mzc1JmFtcDtzZGF0YT1icG9iMWJPTGtaRGR2MkJ0RFBlN0Jz bXI0JTJCJTJGZDZvd3lzc0ltc0xrYnJkTSUzRCZhbXA7cmVzZXJ2ZWQ9MCIgdGFyZ2V0PSJfYmxh bmsiPjQwc2llbWVucy5jb208L2E+JTdDMjhlOGIyZTc2NDBlNDg2MTA1YWIwOGQ3MTI4NzM1MjEl N0MzODxicj4NCiZndDsgJmd0OyZndDs8YnI+DQomZ3Q7IGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0MmUx NDk1ZDU1YSU3QzElN0MwJTdDNjM2OTk4MjQ0MjM5MjU5MTAwJmFtcDthbTxicj4NCiZndDsgJmd0 OyZndDs8YnI+DQomZ3Q7IHA7c2RhdGE9NXdUQnp3MDlLc05PVlUlMkZPWkFJaTk0Zkl6WHUyVVol MkJtJTJCMTJzSWYlMkZSUzR3JTM8YnI+DQomZ3Q7ICZndDsmZ3Q7IEQmYW1wO2FtcDtyZXNlcnZl ZD0wPGJyPg0KJmd0OyAmZ3Q7PGJyPg0KJmd0OyAmZ3Q7IF9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KJmd0OyAmZ3Q7IFNwYXNtIG1haWxpbmcgbGlz dDxicj4NCiZndDsgJmd0OyA8YSBocmVmPSJtYWlsdG86U3Bhc21AaWV0Zi5vcmciIHRhcmdldD0i X2JsYW5rIj5TcGFzbUBpZXRmLm9yZzwvYT48YnI+DQomZ3Q7ICZndDs8YnI+DQomZ3Q7IDxhIGhy ZWY9Imh0dHBzOi8vd3d3IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9ldXIwMS5zYWZlbGlua3Mu cHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3PC9hPjxicj4NCiZn dDsgLjxicj4NCiZndDsgJmd0Ozxicj4NCiZndDsgPGEgaHJlZj0iaHR0cHM6Ly9ldXIwMS5zYWZl bGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkZpZXRmLm9yZyZh bXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgx MTAxYjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5 NWQ1NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ2NTM3OSZhbXA7c2RhdGE9TEdFb0FtJTJCWlBJ eWQyT1lRZmglMkJJbGNyekVpZkhlVERoQWZHeDhRZTNNZm8lM0QmYW1wO3Jlc2VydmVkPTAiIHRh cmdldD0iX2JsYW5rIj4NCmlldGYub3JnPC9hPiUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRnNwYXNt JmFtcDthbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5iPGJyPg0KJmd0OyByb2NrPGJyPg0KJmd0 OyAmZ3Q7PGJyPg0KJmd0OyBoYXVzJTxhIGhyZWY9Imh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnBy b3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwJTNBJTJGJTJGNDBzaWVtZW5zLmNvbSZhbXA7 ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAx YjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1 NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ2NTM3OSZhbXA7c2RhdGE9TVlnSiUyRjYlMkJlT2pJ VjNJOWVmRnp4U2tRJTJGNENNRWpUbzZoV3FjQ2hlSjZsRSUzRCZhbXA7cmVzZXJ2ZWQ9MCIgdGFy Z2V0PSJfYmxhbmsiPjQwc2llbWVucy5jb208L2E+JTdDNjE5MmU1MGY4MzYxNGU4NjFmNzIwOGQ3 MTQzMDM3MTclN0MzOGFlM2JjZDxicj4NCiZndDsgOTU3OTRmPGJyPg0KJmd0OyAmZ3Q7PGJyPg0K Jmd0OyBkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMCU3QzYzNzAwMDA2OTYyMTQ3MzQ0MiZhbXA7 YW1wO3NkYXRhPVg1S3RvPGJyPg0KJmd0OyA2Y09FZkZ0PGJyPg0KJmd0OyAmZ3Q7IGxQRWZlUHNI eDIzb3VNRDdkS1hScFA1SmVCZnFobnclM0QmYW1wO2FtcDtyZXNlcnZlZD0wPGJyPg0KJmd0OyA8 YnI+DQomZ3Q7IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f PGJyPg0KJmd0OyBTcGFzbSBtYWlsaW5nIGxpc3Q8YnI+DQomZ3Q7IDxhIGhyZWY9Im1haWx0bzpT cGFzbUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPlNwYXNtQGlldGYub3JnPC9hPjxicj4NCiZn dDsgPGEgaHJlZj0iaHR0cHM6Ly93d3ciIHRhcmdldD0iX2JsYW5rIj5odHRwczovL2V1cjAxLnNh ZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3c8L2E+ PGJyPg0KJmd0OyAuPGEgaHJlZj0iaHR0cHM6Ly9ldXIwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5v dXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkZpZXRmLm9yZyZhbXA7ZGF0YT0wMiU3QzAxJTdD aGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhk NzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFiNDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYz NzAwMDkyMzEwNzQ3NTM3MSZhbXA7c2RhdGE9YXByQk5LY0ZmNUxnM3pxS0FNdXFoc01XN0ZTJTJC aWY5NjRhQnlkZWRqVmpZJTNEJmFtcDtyZXNlcnZlZD0wIiB0YXJnZXQ9Il9ibGFuayI+aWV0Zi5v cmc8L2E+JTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGc3Bhc20mYW1wO2FtcDtkYXRhPTAyJTdDMDEl N0NoZW5kcmlrLjxicj4NCiZndDsgYnJvY2toYXVzJTxhIGhyZWY9Imh0dHBzOi8vZXVyMDEuc2Fm ZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwJTNBJTJGJTJGNDBzaWVtZW5z LmNvbSZhbXA7ZGF0YT0wMiU3QzAxJTdDaGVuZHJpay5icm9ja2hhdXMlNDBzaWVtZW5zLmNvbSU3 Q2VmYTgxMTAxYjRiYjRhZDQ0NDM5MDhkNzE0ZjZlZWNlJTdDMzhhZTNiY2Q5NTc5NGZkNGFkZGFi NDJlMTQ5NWQ1NWElN0MxJTdDMSU3QzYzNzAwMDkyMzEwNzQ3NTM3MSZhbXA7c2RhdGE9aGo1S0d6 bkU0N1gyYXBrNWVhZjU5QjRSS0ZjOVAzUXFJWkhFUEd6Mlp0VSUzRCZhbXA7cmVzZXJ2ZWQ9MCIg dGFyZ2V0PSJfYmxhbmsiPjQwc2llbWVucy5jb208L2E+JTdDNjE5MmU1MGY4MzYxNGU4NjFmNzIw OGQ3MTQzMDM3MTclN0MzOGE8YnI+DQomZ3Q7IGUzYmNkOTU3OTRmZDRhZGRhYjQyZTE0OTVkNTVh JTdDMSU3QzAlN0M2MzcwMDAwNjk2MjE0NzM0NDImYW1wO2FtcDs8YnI+DQomZ3Q7IHNkYXRhPVg1 S3RvNmNPRWZGdGxQRWZlUHNIeDIzb3VNRDdkS1hScFA1SmVCZnFobnclM0QmYW1wO2FtcDtyZXNl cnY8YnI+DQomZ3Q7IGVkPTA8YnI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXzxicj4NClNwYXNtIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0 bzpTcGFzbUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPlNwYXNtQGlldGYub3JnPC9hPjxicj4N CjxhIGhyZWY9Imh0dHBzOi8vZXVyMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20v P3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRnNw YXNtJmFtcDtkYXRhPTAyJTdDMDElN0NoZW5kcmlrLmJyb2NraGF1cyU0MHNpZW1lbnMuY29tJTdD ZWZhODExMDFiNGJiNGFkNDQ0MzkwOGQ3MTRmNmVlY2UlN0MzOGFlM2JjZDk1Nzk0ZmQ0YWRkYWI0 MmUxNDk1ZDU1YSU3QzElN0MxJTdDNjM3MDAwOTIzMTA3NDc1MzcxJmFtcDtzZGF0YT0lMkJCJTJG ekNEaExtS1dZSUdoTTl6dGRQVVZVZUU5cmppajlQJTJCS2pUWkhub3BzJTNEJmFtcDtyZXNlcnZl ZD0wIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m by9zcGFzbTwvYT48bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_DB7PR10MB24117042C96CE14664A75478FEDC0DB7PR10MB2411EURP_-- From nobody Tue Jul 30 10:54:20 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BC44B12021B; Tue, 30 Jul 2019 10:54:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Robert Sparks via Datatracker To: Cc: spasm@ietf.org, draft-ietf-lamps-cms-mix-with-psk.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.99.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Robert Sparks Message-ID: <156450924572.14301.5205142476827606126@ietfa.amsl.com> Date: Tue, 30 Jul 2019 10:54:05 -0700 Archived-At: Subject: [lamps] Genart last call review of draft-ietf-lamps-cms-mix-with-psk-05 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 17:54:06 -0000 Reviewer: Robert Sparks Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-lamps-cms-mix-with-psk-05 Reviewer: Robert Sparks Review Date: 2019-07-30 IETF LC End Date: 2019-08-06 IESG Telechat date: Not scheduled for a telechat Summary: Essentially ready for publication as a Proposed Standard, but with an issue to address before publication. Issue: The instructions for IANA are unclear. IANA has to infer what to add to the registries. I think they _can_ infer what to do for the IANA-MOD registry. It's harder (though still possible) to guess what to do for IANA-SMIME. They also have to infer the structure of the new registry this document intends to create. Explicit would be better. Also, the document anticipates the currently non-existing anchor to the new registry in the references (security-smime-13). That generally should also be a tbd to be filled by IANA when the anchor is actually created. Nits/editorial comments: Section 5, 1st paragraph, last sentence: "make use fo" should be "makes use of" Section 9, 1st sentence : "in the Section 5" should be "in Section 6". (That's two changes - the removal of a word, and a correction to the section number). Micronit: In the introduction, you say "can be invulnerable to an attacker". "invulnerable" is maybe stronger than you mean? From nobody Wed Jul 31 12:41:27 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6DE120094 for ; Wed, 31 Jul 2019 12:41:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aptIGgb3BNZi for ; Wed, 31 Jul 2019 12:41:23 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16ADF120018 for ; Wed, 31 Jul 2019 12:41:22 -0700 (PDT) Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x6VJfIsL004624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 31 Jul 2019 15:41:20 -0400 Date: Wed, 31 Jul 2019 14:41:17 -0500 From: Benjamin Kaduk To: Russ Housley Cc: Michael Richardson , LAMPS WG Message-ID: <20190731194117.GG1006@kduck.mit.edu> References: <21504.1564174053@dooku.sandelman.ca> <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> <547B521B-A93B-4E33-96A9-8B2DEE216748@vigilsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <547B521B-A93B-4E33-96A9-8B2DEE216748@vigilsec.com> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 19:41:25 -0000 On Sun, Jul 28, 2019 at 12:49:40PM -0400, Russ Housley wrote: > Thinking about this some more, I think that the best way to resolve this errata is to provide an appendix with an ASN.1 module. Here is my suggestion: That feels somewhat heavyweight for an erratum. What are the pros/cons of errata vs. small updating RFC? Thanks, Ben From nobody Wed Jul 31 13:47:39 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AEC012006D for ; Wed, 31 Jul 2019 13:47:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hE37_9U5aDWy for ; Wed, 31 Jul 2019 13:47:35 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB9FA12002F for ; Wed, 31 Jul 2019 13:47:35 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id A79F1380BE; Wed, 31 Jul 2019 16:47:07 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D79A2D92; Wed, 31 Jul 2019 16:47:33 -0400 (EDT) From: Michael Richardson To: Russ Housley , LAMPS WG X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: [lamps] rfc7030-est clarifications of ASN.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 20:47:38 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable {starting a new thread not related to charter} Russ Housley wrote: > IMPORTS > Attribute FROM CryptographicMessageSyntax-2009 { iso(1) > member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) > modules(0) id-mod-cms-2004-02(41) } > ATTRIBUTE FROM PKIX-CommonTypes-2009 { iso(1) > identified-organization(3) dod(6) internet(1) security(5) mechanisms(= 5) > pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; > -- CSR Attributes > CsrAttrs ::=3D SEQUENCE SIZE (0..MAX) OF AttrOrOID > AttrOrOID ::=3D CHOICE { oid OBJECT IDENTIFIER, attribute Attribute > {{AttrSet}} } > AttrSet ATTRIBUTE ::=3D { AttributesDefinedInRFC7030, ... } I'm not sure I understand what the ... here means. I think this is not real ASN.1 syntax, but rather an indication for me to insert more stuff? Or is this something real that I don't understand. > -- Asymmetric Decrypt Key Identifier Attribute > AttributesDefinedInRFC7030 ATTRIBUTE ::=3D { aa-asymmDecryptKeyID, > ... } I feel that the AttrSet is not correctly understood. It's supposed to be any attribute that could occur in a (Subject) DN, or a SubjectAltName.=20=20 > A module identifier is needed. I do not know if IANA has ever assign= ed > an object identifier for an errata, but this seems like a much better > way to fix this issue. AFAIK, it did not. > In addition, I made an assumption that the authors intended to use > IMPLICIT TAGS. That is the most common. Having this is the > specification will improve clarity and increase interoperability. I think so, yes. =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl1B/mUACgkQgItw+93Q 3WWU6wf8C8IAvG52wOeLdc5RcjGP8O+Owfs0JgHxC5lrRxAbR+suT5mdlO4uqx6Y k+t6JYAzWSZNTg02CR9RfApxW1rLFbXXCCOXvwrf/q4+MM3jRVt3lKDp0xjrbSw7 FO8SiCmkCMx/aiY0Dw6IBsrsR6iHLYiSyjw7a5h9IhpXib8RcjgTrhw7w67N5MmY G+k1eJyezYVvtHjM3utXen5zYhDgO4u0w7mm45WXpjXKQgDPGhp46V8yCzLnGD9p CpZDmGDOTp17mLSt/RtbqIy9Rxi+tJS8wmnF6j4i7ziXRGz2FGXUNSvIUK/WLePs CdCNYRG4z2vxwy6sE63FAxQg5FXklw== =21jq -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jul 31 13:48:13 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC1B12006D for ; Wed, 31 Jul 2019 13:48:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jm2-eJQ2zwy for ; Wed, 31 Jul 2019 13:48:09 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0053D12002F for ; Wed, 31 Jul 2019 13:48:08 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 8123E380BE; Wed, 31 Jul 2019 16:47:41 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id C00BCD92; Wed, 31 Jul 2019 16:48:07 -0400 (EDT) From: Michael Richardson To: Benjamin Kaduk cc: Russ Housley , LAMPS WG In-Reply-To: <20190731194117.GG1006@kduck.mit.edu> References: <21504.1564174053@dooku.sandelman.ca> <9CE09410-5F6B-407F-B239-888E3136F24A@vigilsec.com> <547B521B-A93B-4E33-96A9-8B2DEE216748@vigilsec.com> <20190731194117.GG1006@kduck.mit.edu> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] rfc7030-est clarifications and LAMPS charter X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 20:48:11 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Benjamin Kaduk wrote: >> Thinking about this some more, I think that the best way to resolve >> this errata is to provide an appendix with an ASN.1 module. Here is >> my suggestion: > That feels somewhat heavyweight for an erratum. What are the pros/co= ns > of errata vs. small updating RFC? The intention is to have a small updating RFC. =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl1B/ocACgkQgItw+93Q 3WVPfQf/bHpJa5GVWOZ/GJHRFQJf3caT4NxvbIenujq1uk3bIwgRTF2JcxHZB4UJ 4ft8qGFRpDb1czt5QQF3chzrkm204QEWiJc4/HnMVAYr/1FC6qBVbaiEzqtfDHZP tcusCDEDZglFDxDevtEXJjGogaefqPz9MNNXN4q/mpjjORgov/fs3mr9tqmQ8Smp xWuzKtYBSUYVj2iIu6uBdhWGaQppL1IC+Zi8wAyDAJnMdbCEzSls6EVGb8jH9ep7 2uGRtztTELzduUTvnSeHs/cDKll0l+RKS9uffTlg5BeVtmSkt9s4l2VZC/NSnn8T mi/6eZzSFPNvLsd+ukxIqYl5aX1v1A== =pbHK -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jul 31 17:29:51 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1056120124 for ; Wed, 31 Jul 2019 17:29:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LsREbYa6SwKv for ; Wed, 31 Jul 2019 17:29:48 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32697120043 for ; Wed, 31 Jul 2019 17:29:48 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1022C300AF8 for ; Wed, 31 Jul 2019 20:10:30 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 81dA_P8yAkCi for ; Wed, 31 Jul 2019 20:10:28 -0400 (EDT) Received: from [172.20.4.59] (unknown [50.228.128.211]) by mail.smeinc.net (Postfix) with ESMTPSA id 881A5300ABB; Wed, 31 Jul 2019 20:10:28 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Russ Housley In-Reply-To: <13908.1564606053@localhost> Date: Wed, 31 Jul 2019 20:29:41 -0400 Cc: LAMPS WG Content-Transfer-Encoding: 7bit Message-Id: References: <13908.1564606053@localhost> To: Michael Richardson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [lamps] rfc7030-est clarifications of ASN.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2019 00:29:50 -0000 Michael: > {starting a new thread not related to charter} > > Russ Housley wrote: >> IMPORTS > >> Attribute FROM CryptographicMessageSyntax-2009 { iso(1) >> member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) >> modules(0) id-mod-cms-2004-02(41) } > >> ATTRIBUTE FROM PKIX-CommonTypes-2009 { iso(1) >> identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) >> pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; > > >> -- CSR Attributes > >> CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID > >> AttrOrOID ::= CHOICE { oid OBJECT IDENTIFIER, attribute Attribute >> {{AttrSet}} } > >> AttrSet ATTRIBUTE ::= { AttributesDefinedInRFC7030, ... } > > I'm not sure I understand what the ... here means. It means that future specification can add to the set. > I think this is not real ASN.1 syntax, but rather an indication for me to > insert more stuff? Or is this something real that I don't understand. No, this is real ASN.1 syntax. > >> -- Asymmetric Decrypt Key Identifier Attribute > >> AttributesDefinedInRFC7030 ATTRIBUTE ::= { aa-asymmDecryptKeyID, >> ... } > > I feel that the AttrSet is not correctly understood. > It's supposed to be any attribute that could occur in a (Subject) DN, > or a SubjectAltName. That is the whole point for including the ... If we knew the whole set right now, we could IMPORT the others to define it. Russ From nobody Wed Jul 31 18:25:07 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9159912011B for ; Wed, 31 Jul 2019 18:25:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8Jkpm_Rb68O for ; Wed, 31 Jul 2019 18:25:04 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 021C11200B9 for ; Wed, 31 Jul 2019 18:25:03 -0700 (PDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 160D6380BE; Wed, 31 Jul 2019 21:24:35 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 8C441264; Wed, 31 Jul 2019 21:25:01 -0400 (EDT) From: Michael Richardson To: Russ Housley cc: LAMPS WG In-Reply-To: References: <13908.1564606053@localhost> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [lamps] rfc7030-est clarifications of ASN.1 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Aug 2019 01:25:05 -0000 --=-=-= Content-Type: text/plain Russ Housley wrote: >> I think this is not real ASN.1 syntax, but rather an indication for me >> to insert more stuff? Or is this something real that I don't >> understand. > No, this is real ASN.1 syntax. okay. It's something I once tried to learn, back in 1995, and I got as far as the trivial stuff, but that was all. I will incorporate your module into the clarifications document. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl1CP20ACgkQgItw+93Q 3WU+Awf8DSkBKEK5mOp+HrEF/G5yYiTdIFSfpIaamUf7dnHdzS9uNrN2575xKtpp 1t8VR6OlnIxuwaBv+1dKmW9m8+YHjMeQFLv+NnOtILiQPBeUIySnM8/AbQoaSzMK TRhQ9BMgz5D9bc+MhpkcnSTN6yrHXiUWJjcvgVHnEiYk8NrJUonPKRJS1IvWHXL7 8fPwjjq4WDxnwK0Gbf+/2ynmrRvFsSpt9nRGz8BgO+6RU++hhk6SRoKLH3Z0iAIp 9C+qIeU/GLeqshCCSuld5/IQXoaYyPXN7md6pO/GmTXnDMCxqrHV9D0EKdzoqpzR XjUHYPWFfETRoWSSCqCXKqrFRS8DZQ== =ixhb -----END PGP SIGNATURE----- --=-=-=--