From nobody Mon Jun 12 11:21:03 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB0D112DFE0 for ; Mon, 12 Jun 2017 11:21:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVBzuP45HbEs for ; Mon, 12 Jun 2017 11:21:00 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0133712EB4F for ; Mon, 12 Jun 2017 11:20:57 -0700 (PDT) Received: from [192.168.91.196] ([80.92.114.129]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MTBfe-1dRbFs2GsY-00S6Vv; Mon, 12 Jun 2017 20:20:50 +0200 To: saag From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Cc: Hannes Tschofenig , Kepeng Li Message-ID: Date: Mon, 12 Jun 2017 20:20:48 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:CM1TSfY/9f8p5/JKqeZDxtnLbrDujwEmQ0DhwnyoQvq/ETwS2Nt Fqdr0V0NYbz3EYX8NIRx67G0CQPqqQsDY9i+OiT+OSF3rYNzjTkKyLxwCRnb/xiii699iLS Gi42kdiPV/CELNz8cttqCpJtIBEmPhDNXbrBExle4ERk94fmIlDXRfYiluYi90jLccR5t2M keBVvOmyYWOVprXZ5sMTg== X-UI-Out-Filterresults: notjunk:1;V01:K0:B4tWGkxYUMk=:Llw20UCGFb5EJJWGTH++tf wIzzKkZjDA4mif/Us5llSnIID1ZH88vrXZI+0YQmnhePbL1K6gRhufzB07a+Wkj1slOM9HKUs F6LUi40InvPRldmCMu6Q1k4F63ALbRVbn+uAfpWxPl1Ac4ZJgr8G0JrOgbLCd4e82wZQdVnic wim4mxGQGbcRIZ91+xm3R/ivJSJ77DQ4wbJlGlQ2qRc62/K60SZKdUzjRt8NYgF4DrYSexB+7 W7l9fHviS7WcxX+j+zsd5NGcZzMtZYTD4BipIUo9xlkmpPQ9/dXClPhLVs35SBLUjFCJTyo5d 4tScMYLl4zDG500exB3h2hM0zVnpgMcd2AHjwGob38OOHq8jS9TDz/o6XhuztTuWFeb5+u6wT 9J0XlFeAiqscgRSb0lXZCAbLlpFTOtIH2potU7VSDo0F5y+TRX5EufRN6uVwOTi2vqabnfWmB D9s/Lyab5cp1KyoHtO33GIpLxmg1st5mTTMex6c+mJzQeD5Ix562d5WuT7fKnQupVMlPK/z3v I3KJ5kI5ljGZEH0DLVMmFSPejNJCerBDCBjn/PEIVcywy4Tu9RtBeN4+cpk8PpbmmmlTNlpbu jBX+vKPVsgFHVB8RQ8YBJFoB26a4Ni0e0uv8LHl4ELuHm6Nd/6SrUvH1GPZ8XBPeQQ5jkcDfh SuzXWr5RY2IbdTC5KlL/pCPE3X4m6EPQvtEPJAMBpebDzh2ORCQY9h6+zy0s93uwFo+HRkTJ3 hV5xDr4XRxDdB8IUF+N8dUOnDMyqQfPAoDsJJIvIXdDe4/olX1vFiErws3/dmIIyhnGZdNPrS YaMUldo Archived-At: Subject: [saag] Potential uses of PoP keys in CBOR Web Tokens (CWTs) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jun 2017 18:21:02 -0000 Hi all, RFC 7800 defines how to communicate Proof of Possession (PoP) keys for JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT) draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of the JSON/JOSE JWT spec. The ACE working group is planning to also define a CBOR/COSE equivalent of RFC 7800 and is interested in knowing how you might use CBOR proof-of-possession keys for CWTs. Please drop us a message if you are using CBOR PoP keys for CWTs. We would like to learn more about your usage. Ciao Hannes & Kepeng From nobody Tue Jun 13 03:47:41 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B847131745 for ; Tue, 13 Jun 2017 03:47:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYG0fZvEDsFB for ; Tue, 13 Jun 2017 03:47:37 -0700 (PDT) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7536E12EC52 for ; Tue, 13 Jun 2017 03:40:45 -0700 (PDT) Received: from [192.168.91.196] ([80.92.114.129]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Mb7lL-1dZFC53zcx-00KhIz; Tue, 13 Jun 2017 12:40:43 +0200 To: saag From: Hannes Tschofenig Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9 Message-ID: <357e4d5d-5130-7a5b-0b04-9324d20d7105@gmx.net> Date: Tue, 13 Jun 2017 12:40:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:bwibfKJBY2km2hI4/C9jurWqmVcQIXJy6Wy9qr3xE2QGvLt2rST SAoJ9p5o8lDkAQi/ULCAdpDg+qqG8pGyFgdya1K70nltuEE34BU36KmRIICcAidnrd9X2Rb lqBhFC936MNwUso6o/sAPM4GBOSlCu1okb3jvnk9mX8D33vTkjIHqr4QaCyI+3LFrpFenWX Xw1Sjg1ADgXeTgX39V6Dg== X-UI-Out-Filterresults: notjunk:1;V01:K0:3uCdpaPES3s=:CMmNA9VesW3mkyhljUVho+ PjaSaSkSnKJxX4ykfpnDCLrovEk9I0gRD+y4icAA9+D3fIwlFkibtRFveqsoyDxdgknwEUV0A BiZppl+3QmokPCpVetvn44xYQcOLWuUnSpsE15ksPGDL4CeR1593nGXApO8CddyvHGrpz9bSL B8XQrsJyhBCtmdff/IhLTF82V8GCsFi2caPbxZ1YJO9TaYTtbVnzisp4muPM1KMS8f5EbMadW kHfXb/YBv/nBDRXPYKnZgQYOFvWm61UW2DcEOEyYmr8g84j4wobHQcTH0NSsN78efIKv71SKP 3+dEipXLhrfWQtrtdtc9/DLRFMmRdg87Wz7EF2rxgksbUiE5hCOpOvOjuivyME+4iOPP4cIA/ Ca2F9r0JTsUOmeklCyCYEWTQT7MeGl/Mj8CsnfGBJ0EDjVUSLKZC2Zd4Pgu8ydi31e9pJLfjI Re0ErE0d6lVxtsHQlwxQourMLNnTRk59CFcJdxKe7NfyBgbMQq2MGUTs1Ly2jjBpaudNtjbOA IZdgC+rGQiJ5JUUJyUgLJp9yxl5MQFQ53tyvxw4bdToeuVWW3OSByzD6+DTkFGt3z+SMA9PtY Lnq0njOof/TMKEWTnyimFcVA3z3nNTNedbqrqp46jqellXPwXZpnwXq8HQ83+Z6oxCIL+11lp w73t+Zbr8tGna5sfYGKhdp+21zL+isLe7gYsLTDS22uzdZo6NawoqnYvoRmfX3tJXmY9eynza 0wdajjGbSi7PycGJ71UScVYwDZca+8yL+eSzHb+ZUUPu8/KNtKGoyiqqOuKKeYMJjOtgmHsEh +QlRyDn Archived-At: Subject: [saag] Webinars on Trusted Execution Environments (TEEs) X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jun 2017 10:47:40 -0000 Hi all, at the last IETF meeting we organized a BOF with the name TEEP (A Protocol for Dynamic Trusted Execution Environment Enablement). The mailing list can be found at https://www.ietf.org/mailman/listinfo/teep Since TEE technology isn't widely known we thought we should schedule a few webinars. (For the motivation see this email: https://www.ietf.org/mail-archive/web/teep/current/msg00125.html) The first webinar will be next week on Tuesday where Hank Chavers will speak about TEEs and the GlobalPlatform. If you are interested please add your name to the Doodle poll, see https://www.ietf.org/mail-archive/web/teep/current/msg00126.html The conference call bridge details will be distributed on the TEEP mailing list. Ciao Hannes & Dapeng From nobody Tue Jun 13 09:13:09 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A98B8131B48 for ; Tue, 13 Jun 2017 09:13:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Czy1JAYpqaAZ for ; Tue, 13 Jun 2017 09:13:05 -0700 (PDT) Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5C8B12783A for ; Tue, 13 Jun 2017 09:03:32 -0700 (PDT) Received: by mail-pf0-x235.google.com with SMTP id x63so70005663pff.3 for ; Tue, 13 Jun 2017 09:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=zeMTVlVkbpBfRHtcrvcw/VQfCO66mgkumc/mQWN8M+Q=; b=Fzol2esd5r+njgnJuUv6zTt80YsBgyw65R3iqxw/in38AM9GejoXQbZj7P9PPTryFf 5NDQA7954TNdbBjppYOlE452F2MRDMT4+4oDXOeoHmwIqmPIkgk9XCwnjGcO7IyJNHXV Qo2EW+IBLRgQoKWGreX1CcF9pM7c+cemM7GpCKGB4ZncJS0ozwSIz3R0iAJfJUx/buKr bwkM0HIdyUCkpp4A77QEhH6jlnUEvgF6sQz7Zu1kEAp1+d6djh0SVQiU8fyAwneNNe9W qnL48JXjDk2fcn10p2kLvNtRXZP24Uc5AgBQDHKOhlu1GyIOplbAkxL2ivV+Cs5Ymh+L Byxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=zeMTVlVkbpBfRHtcrvcw/VQfCO66mgkumc/mQWN8M+Q=; b=Y8Fl+BVquzJfmkeYtKdPz1QtSnRM+BdMVtTT6Um63vqf/iDO4RG0nEnrrMQEGn1hZ/ E6EsMIdBlrAdofU3eXk89sU5yyUS1CR5wnFn6RCd7492O6AajqpM1jimhTGksSUYR5Hk bB0/xdK/S9v3T3e5kV1FSW9XHagAxQujgeGUkvmBNIEgIdV0oE8mIutTyg4rQ0rPHual JFF7QW63kp8DdopDduYW5dBmQN+Bz6WWW5hjdKYxyJJr0O6BHch5IMJTvBHp4Ajv9aft LPyGoialVE+qJsysOrZJR0LkFXDvzs8p0oXqI1J7SPuL8gwkYmY9Bc1ObiVTbqpri8XR dxdg== X-Gm-Message-State: AKS2vOwPkhHHNYNVGLYDmF0j5E68Z4sScNao+v10J9GBAFo/AXFZD5Pk S1bOKNV1/iqmuIvaQ2mYMYUTpUKtag== X-Received: by 10.98.62.65 with SMTP id l62mr446850pfa.114.1497369812099; Tue, 13 Jun 2017 09:03:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.169.13 with HTTP; Tue, 13 Jun 2017 09:02:51 -0700 (PDT) In-Reply-To: <149736940938.7540.6075293394440140287.idtracker@ietfa.amsl.com> References: <149736940938.7540.6075293394440140287.idtracker@ietfa.amsl.com> From: Kathleen Moriarty Date: Tue, 13 Jun 2017 12:02:51 -0400 Message-ID: To: "saag@ietf.org" Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [saag] Fwd: Last Call: (EST Extensions) to Proposed Standard X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jun 2017 16:13:08 -0000 Hello, I've agreed to AD sponsor the following draft. If you are interested to review it, please do so, last call just started. Sean has my comments queued up and may update the draft today, but they are pretty simple. Add RFC7525 to the reference list for securing TLS. Fix part of the schema so it validates. It is missing an xsd:restriction around a set of limited values [0-9]+ I have asked Dave Waltermire to also validate the schema, so hopefully that's on the new version. Thanks in advance for your comments and feedback to the last call process as indicated below. Best, Kathleen ---------- Forwarded message ---------- From: The IESG Date: Tue, Jun 13, 2017 at 11:56 AM Subject: Last Call: (EST Extensions) to Proposed Standard To: IETF-Announce Cc: Kathleen.Moriarty.ietf@gmail.com, draft-turner-est-extensions@ietf.org, dharkins@lounge.org The IESG has received a request from an individual submitter to consider the following document: - 'EST Extensions' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-07-11. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The EST (Enrollment over Secure Transport) protocol defined a Well- Known URI (Uniform Resource Identifier): /.well-known/est. EST also defined several path components that clients use for PKI (Public Key Infrastructure) services, namely certificate enrollment (e.g., /simpleenroll). In some sense, the services provided by the path components can be thought of as PKI management-related packages. There are additional PKI-related packages a client might need as well as other security-related packages, such as firmware, trust anchors, and symmetric, asymmetric, and encrypted keys. This document also specifies the PAL (Package Availability List), which is an XML (Extensible Markup Language) file or JSON (Javascript Object Notation) object that clients use to retrieve packages available and authorized for them. This document extends the EST server path components to provide these additional services. The file can be obtained via https://datatracker.ietf.org/doc/draft-turner-est-extensions/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-turner-est-extensions/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc7193: The application/cms Media Type (Informational - IETF stream) rfc6268: Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX) (Informational - IETF stream) rfc7292: PKCS #12: Personal Information Exchange Syntax v1.1 (Informational - IETF stream) rfc5967: The application/pkcs10 Media Type (Informational - IETF stream) -- Best regards, Kathleen From nobody Thu Jun 15 13:51:33 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95E751293F9; Thu, 15 Jun 2017 13:51:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8CN3YpprTu2; Thu, 15 Jun 2017 13:51:30 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 060BF127ABE; Thu, 15 Jun 2017 13:51:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16088; q=dns/txt; s=iport; t=1497559890; x=1498769490; h=from:to:cc:subject:date:message-id:mime-version; bh=Q9Nt+7b2GqKUO7soroMUyJaGWM+8eUORHR+6WrAFwew=; b=iycWbRo9jLRVyK/sjmk8PSxE0OQbQOSkjnnpIAnDCODD04xhl+QUwAZ5 vDS9ylkZluSDhCuXTKZwDHPGWy2A7zB7nUQ53ER0XsHNn+3u5U6YBFJ98 2JA1Yrzh6m9XZSx4Q2YNSCBb13Vl5wxxSM0Qam/WHnFS3FBICN932293W M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D4AACg8kJZ/5JdJa1CFwODH4FLgQ0Hq?= =?us-ascii?q?CuNXIEpBWOGJByCSj8YAwEBAQEBAQFrKIUYAQZmAgYCCQ4EAQgRAwECFQQMDBk?= =?us-ascii?q?GER0HAwEDAQ0FiUhMAxVBrEQrgyqDYw2EMgWES4J6gSOCd4MmgRURAgEMDAkRC?= =?us-ascii?q?QEXDweCHVeCFxoFkDaNWDsChyyBBYVwhTKCBxk8hHGKPpR+AR84fwt0FUkSAYU?= =?us-ascii?q?7ck93iESBDQEBAQ?= X-IronPort-AV: E=Sophos;i="5.39,344,1493683200"; d="scan'208,217";a="258359387" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jun 2017 20:49:14 +0000 Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id v5FKnD9j031402 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 15 Jun 2017 20:49:13 GMT Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 15 Jun 2017 16:49:13 -0400 Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1210.000; Thu, 15 Jun 2017 16:49:13 -0400 From: "Nancy Cam-Winget (ncamwing)" To: Hannes Tschofenig , "iot-dir@ietf.org" , "saag@ietf.org" , "teep@ietf.org" Thread-Topic: [IoT-DIR] TEE Webinars Thread-Index: AQHS5hjY2nNGW+UCOEek35UGmMjwow== Date: Thu, 15 Jun 2017 20:49:12 +0000 Message-ID: <9A29B438-F0E7-4A68-B4EB-CEBC4EFA3C9B@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1a.0.160910 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.155.84.43] Content-Type: multipart/alternative; boundary="_000_9A29B438F0E74A68B4EBCEBC4EFA3C9Bciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [saag] [IoT-DIR] TEE Webinars X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2017 20:51:33 -0000 --_000_9A29B438F0E74A68B4EBCEBC4EFA3C9Bciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 QWxsLA0KRm9yIHRob3NlIHdobyB3YW50IHRvIHBhcnRpY2lwYXRlIGluIHRoZSBURUUgd2ViaW5h cnMsIHBsZWFzZSBhZGQgeW91ciBuYW1lIHRvIHRoZSBEb29kbGUgcG9sbCAoc2VlIGJlbG93KS4N Cg0KVGhlIHdlYmV4IGluZm8gZm9yIFR1ZXNkYXnigJlzIDlhbSBQU1Qgc2VtaW5hciBpcyBhbHNv IHByb3ZpZGVkIGJlbG93Lg0KDQpSZWdhcmRzLCBOYW5jeQ0KDQoNCkpPSU4gV0VCRVggTUVFVElO Rw0KaHR0cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL2oucGhwP01USUQ9bWY0MmU5YTU4ZmVkOGRl YzkxZjRkZDkzZGMwZWMwZjU0DQpNZWV0aW5nIG51bWJlciAoYWNjZXNzIGNvZGUpOiA2NDIgMDg5 IDQ2NQ0KSG9zdCBrZXk6IDEyMTcyNA0KTWVldGluZyBwYXNzd29yZDogM1V0d3NnUTcNCg0KDQoN CkpPSU4gQlkgUEhPTkUNCjEtODc3LTY2OC00NDkzIENhbGwtaW4gdG9sbCBmcmVlIG51bWJlciAo VVMvQ2FuYWRhKQ0KMS02NTAtNDc5LTMyMDggQ2FsbC1pbiB0b2xsIG51bWJlciAoVVMvQ2FuYWRh KQ0KDQpHbG9iYWwgY2FsbC1pbiBudW1iZXJzOg0KaHR0cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRm L2dsb2JhbGNhbGxpbi5waHA/c2VydmljZVR5cGU9TUMmRUQ9NTc0ODQ4MzMyJnRvbGxGcmVlPTEN Cg0KVG9sbC1mcmVlIGRpYWxpbmcgcmVzdHJpY3Rpb25zOg0KaHR0cHM6Ly93d3cud2ViZXguY29t L3BkZi90b2xsZnJlZV9yZXN0cmljdGlvbnMucGRmDQoNCg0KDQpDYW4ndCBqb2luIHRoZSBtZWV0 aW5nPyBDb250YWN0IHN1cHBvcnQgaGVyZToNCmh0dHBzOi8vaWV0Zi53ZWJleC5jb20vaWV0Zi9t Yw0KDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFBsZWFzZSBub3RlIHRoYXQgdGhpcyBXZWJFeCBzZXJ2 aWNlIGFsbG93cyBhdWRpbyBhbmQgb3RoZXIgaW5mb3JtYXRpb24gc2VudCBkdXJpbmcgdGhlIHNl c3Npb24gdG8gYmUgcmVjb3JkZWQsIHdoaWNoIG1heSBiZSBkaXNjb3ZlcmFibGUgaW4gYSBsZWdh bCBtYXR0ZXIuIFlvdSBzaG91bGQgaW5mb3JtIGFsbCBtZWV0aW5nIGF0dGVuZGVlcyBwcmlvciB0 byByZWNvcmRpbmcgaWYgeW91IGludGVuZCB0byByZWNvcmQgdGhlIG1lZXRpbmcuDQoNCg0KDQpG cm9tOiBJb1QtRElSIDxpb3QtZGlyLWJvdW5jZXNAaWV0Zi5vcmc+IG9uIGJlaGFsZiBvZiBIYW5u ZXMgVHNjaG9mZW5pZyA8SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT4NCkRhdGU6IFdlZG5lc2Rh eSwgSnVuZSAxNCwgMjAxNyBhdCAyOjEyIEFNDQpUbzogImlvdC1kaXJAaWV0Zi5vcmciIDxpb3Qt ZGlyQGlldGYub3JnPg0KQ2M6IERhcGVuZyBMaXUgPG1heHBhc3Npb25AZ21haWwuY29tPg0KU3Vi amVjdDogW0lvVC1ESVJdIFRFRSBXZWJpbmFycw0KDQpIaSBhbGwsDQoNCkkgdGhvdWdodCB5b3Ug bWF5IGZpbmQgaXQgaW50ZXJlc3RpbmcgdGhhdCB0aGVyZSBhcmUgYSBmZXcgd2ViaW5hcnMgc2No ZWR1bGVkIGluIGNvbnRleHQgb2YgdGhlIElFVEYgVEVFUCBlZmZvcnQgdG8gaW5jcmVhc2UgYXdh cmVuZXNzIG9mIFRydXN0ZWQgRXhlY3V0aW9uIEVudmlyb25tZW50cyAoVEVFcykuDQoNCklmIHlv dSBhcmUgaW50ZXJlc3RlZCB0byBsZWFybiBhYm91dCB0aGF0IHRlY2hub2xvZ3kgcGxlYXNlIGFk ZCB5b3VyIG5hbWUgdG8gdGhlIERvb2RsZSBwb2xsLiBUaGUgY29uZmVyZW5jZSBicmlkZ2UgZGV0 YWlscyB3aWxsIGJlIHBvc3RlZCB0byB0aGUgSUVURiBURUVQIG1haWxpbmcgbGlzdDoNCmh0dHBz Oi8vd3d3LmlldGYub3JnL21haWwtYXJjaGl2ZS93ZWIvdGVlcC9jdXJyZW50L21haWxsaXN0Lmh0 bWwNCg0KDQpIZXJlIGlzIHRoZSBsaW5rOiBodHRwOi8vZG9vZGxlLmNvbS9wb2xsL3lucGtld2hy dXd3aW44ZnYNCg0KSGVyZSBpcyBzb21lIGFkZGl0aW9uYWwgaW5mbzogaHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi90ZWVwL2N1cnJlbnQvbXNnMDAxMjUuaHRtbA0KDQpDaWFv DQpIYW5uZXMgJiBEYXBlbmcNCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRo aXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxz byBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBw bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0 aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwg b3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91 Lg0K --_000_9A29B438F0E74A68B4EBCEBC4EFA3C9Bciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iVGl0bGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJLZXl3b3JkcyIgY29udGVu dD0iIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUg KGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCglwYW5vc2UtMToyIDcg MyA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0 aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQt ZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQt ZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2UtMToyIDExIDYgOSAyIDIgNCAz IDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1h bCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsN Cglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OkNhbGlicmk7fQ0KYTpsaW5rLCBzcGFu Lk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0 ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtG b2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQt ZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglt c28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCglt YXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToi Q291cmllciBOZXciO30NCnNwYW4uSFRNTFByZWZvcm1hdHRlZENoYXINCgl7bXNvLXN0eWxlLW5h bWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCglt c28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQiOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVy IE5ldyI7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0I7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTkN Cgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWw7DQoJZm9udC1mYW1pbHk6Q2FsaWJyaTsNCgljb2xv cjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIwDQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsOw0KCWZvbnQtZmFtaWx5OkNhbGlicmk7DQoJY29sb3I6IzFGNDk3RDt9DQpzcGFuLkVtYWls U3R5bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseTpDYWxpYnJp Ow0KCWNvbG9yOiMxRjQ5N0Q7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjINCgl7bXNvLXN0eWxlLXR5cGU6 cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6Q2FsaWJyaTsNCgljb2xvcjp3aW5kb3d0ZXh0 O30NCnNwYW4ubXNvSW5zDQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCW1zby1zdHls ZS1uYW1lOiIiOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7DQoJY29sb3I6dGVhbDt9DQou TXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6 MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJn aW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldv cmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgYmdjb2xvcj0id2hpdGUi IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9Ildv cmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BbGwsPG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5Gb3IgdGhvc2Ugd2hvIHdhbnQgdG8gcGFydGljaXBhdGUgaW4g dGhlIFRFRSB3ZWJpbmFycywgcGxlYXNlIGFkZCB5b3VyIG5hbWUgdG8gdGhlIERvb2RsZSBwb2xs IChzZWUgYmVsb3cpLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4m bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgd2ViZXggaW5mbyBmb3Ig VHVlc2RheeKAmXMgOWFtIFBTVCBzZW1pbmFyIGlzIGFsc28gcHJvdmlkZWQgYmVsb3cuPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPlJlZ2FyZHMsIE5hbmN5PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtZmFtaWx5OkNvbnNvbGFzO2NvbG9yOmJsYWNrIj5KT0lOIFdFQkVYIE1FRVRJTkc8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1m YW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPjxhIGhyZWY9Imh0dHBzOi8vaWV0Zi53ZWJleC5j b20vaWV0Zi9qLnBocD9NVElEPW1mNDJlOWE1OGZlZDhkZWM5MWY0ZGQ5M2RjMGVjMGY1NCI+aHR0 cHM6Ly9pZXRmLndlYmV4LmNvbS9pZXRmL2oucGhwP01USUQ9bWY0MmU5YTU4ZmVkOGRlYzkxZjRk ZDkzZGMwZWMwZjU0PC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+TWVldGlu ZyBudW1iZXIgKGFjY2VzcyBjb2RlKTogNjQyIDA4OSA0NjU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7 Y29sb3I6YmxhY2siPkhvc3Qga2V5OiAxMjE3MjQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6 YmxhY2siPk1lZXRpbmcgcGFzc3dvcmQ6IDNVdHdzZ1E3PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzO2Nv bG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNv bnNvbGFzO2NvbG9yOmJsYWNrIj5KT0lOIEJZIFBIT05FPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzO2Nv bG9yOmJsYWNrIj4xLTg3Ny02NjgtNDQ5MyBDYWxsLWluIHRvbGwgZnJlZSBudW1iZXIgKFVTL0Nh bmFkYSk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPjEtNjUwLTQ3OS0zMjA4IENh bGwtaW4gdG9sbCBudW1iZXIgKFVTL0NhbmFkYSk8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6 YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+R2xvYmFsIGNh bGwtaW4gbnVtYmVyczo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPjxhIGhyZWY9 Imh0dHBzOi8vaWV0Zi53ZWJleC5jb20vaWV0Zi9nbG9iYWxjYWxsaW4ucGhwP3NlcnZpY2VUeXBl PU1DJmFtcDtFRD01NzQ4NDgzMzImYW1wO3RvbGxGcmVlPTEiPmh0dHBzOi8vaWV0Zi53ZWJleC5j b20vaWV0Zi9nbG9iYWxjYWxsaW4ucGhwP3NlcnZpY2VUeXBlPU1DJmFtcDtFRD01NzQ4NDgzMzIm YW1wO3RvbGxGcmVlPTE8L2E+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzO2NvbG9yOmJsYWNrIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPlRvbGwtZnJlZSBkaWFsaW5nIHJl c3RyaWN0aW9uczoNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+PGEgaHJlZj0i aHR0cHM6Ly93d3cud2ViZXguY29tL3BkZi90b2xsZnJlZV9yZXN0cmljdGlvbnMucGRmIj5odHRw czovL3d3dy53ZWJleC5jb20vcGRmL3RvbGxmcmVlX3Jlc3RyaWN0aW9ucy5wZGY8L2E+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OkNvbnNvbGFzO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7 Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzO2NvbG9yOmJsYWNrIj5DYW4ndCBqb2luIHRoZSBtZWV0 aW5nPyBDb250YWN0IHN1cHBvcnQgaGVyZTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6Ymxh Y2siPjxhIGhyZWY9Imh0dHBzOi8vaWV0Zi53ZWJleC5jb20vaWV0Zi9tYyI+aHR0cHM6Ly9pZXRm LndlYmV4LmNvbS9pZXRmL21jPC9hPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcztjb2xvcjpibGFjayI+ PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzO2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1p bHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPklNUE9SVEFOVCBOT1RJQ0U6IFBsZWFzZSBub3RlIHRo YXQgdGhpcyBXZWJFeCBzZXJ2aWNlIGFsbG93cyBhdWRpbyBhbmQgb3RoZXIgaW5mb3JtYXRpb24g c2VudCBkdXJpbmcgdGhlIHNlc3Npb24gdG8gYmUgcmVjb3JkZWQsIHdoaWNoIG1heSBiZSBkaXNj b3ZlcmFibGUgaW4gYSBsZWdhbCBtYXR0ZXIuIFlvdSBzaG91bGQgaW5mb3JtDQogYWxsIG1lZXRp bmcgYXR0ZW5kZWVzIHByaW9yIHRvIHJlY29yZGluZyBpZiB5b3UgaW50ZW5kIHRvIHJlY29yZCB0 aGUgbWVldGluZy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXM7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7 PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2IHN0 eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzoz LjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0i Y29sb3I6YmxhY2siPkZyb206IDwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5J b1QtRElSICZsdDtpb3QtZGlyLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IG9uIGJlaGFsZiBvZiBIYW5u ZXMgVHNjaG9mZW5pZyAmbHQ7SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbSZndDs8YnI+DQo8Yj5E YXRlOiA8L2I+V2VkbmVzZGF5LCBKdW5lIDE0LCAyMDE3IGF0IDI6MTIgQU08YnI+DQo8Yj5Ubzog PC9iPiZxdW90O2lvdC1kaXJAaWV0Zi5vcmcmcXVvdDsgJmx0O2lvdC1kaXJAaWV0Zi5vcmcmZ3Q7 PGJyPg0KPGI+Q2M6IDwvYj5EYXBlbmcgTGl1ICZsdDttYXhwYXNzaW9uQGdtYWlsLmNvbSZndDs8 YnI+DQo8Yj5TdWJqZWN0OiA8L2I+W0lvVC1ESVJdIFRFRSBXZWJpbmFyczwvc3Bhbj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OiZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBhbGwsIDxvOnA+PC9vOnA+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5JIHRob3VnaHQgeW91IG1heSBmaW5kIGl0IGludGVyZXN0aW5nIHRoYXQg dGhlcmUgYXJlIGEgZmV3IHdlYmluYXJzIHNjaGVkdWxlZCBpbiBjb250ZXh0IG9mIHRoZSBJRVRG IFRFRVAgZWZmb3J0IHRvIGluY3JlYXNlIGF3YXJlbmVzcyBvZiBUcnVzdGVkIEV4ZWN1dGlvbiBF bnZpcm9ubWVudHMgKFRFRXMpLg0KPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPklmIHlvdSBhcmUg aW50ZXJlc3RlZCB0byBsZWFybiBhYm91dCB0aGF0IHRlY2hub2xvZ3kgcGxlYXNlIGFkZCB5b3Vy IG5hbWUgdG8gdGhlIERvb2RsZSBwb2xsLiBUaGUgY29uZmVyZW5jZSBicmlkZ2UgZGV0YWlscyB3 aWxsIGJlIHBvc3RlZCB0byB0aGUgSUVURiBURUVQIG1haWxpbmcgbGlzdDxzcGFuIHN0eWxlPSJj b2xvcjojMUY0OTdEIj46DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi90ZWVwL2N1cnJlbnQvbWFpbGxpc3QuaHRtbCI+aHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi90ZWVwL2N1cnJlbnQvbWFpbGxpc3QuaHRt bDwvYT48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8 bzpwPjwvbzpwPjwvcD4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6Q2FsaWJyaSI+SGVyZSBpcyB0aGUgbGluazogPHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNr Ij48YSBocmVmPSJodHRwOi8vZG9vZGxlLmNvbS9wb2xsL3lucGtld2hydXd3aW44ZnYiPmh0dHA6 Ly9kb29kbGUuY29tL3BvbGwveW5wa2V3aHJ1d3dpbjhmdjwvYT48L3NwYW4+PC9zcGFuPjxvOnA+ PC9vOnA+PC9wcmU+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhlcmUgaXMgc29tZSBhZGRpdGlvbmFsIGluZm86IDxhIGhy ZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWwtYXJjaGl2ZS93ZWIvdGVlcC9jdXJyZW50L21z ZzAwMTI1Lmh0bWwiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbC1hcmNoaXZlL3dlYi90ZWVw L2N1cnJlbnQvbXNnMDAxMjUuaHRtbDwvYT4gPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkNpYW88 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhhbm5lcyAmYW1wOyBEYXBlbmcg PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+SU1QT1JUQU5UIE5PVElDRTog VGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlk ZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50 ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkNCiBh bmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2Ug aXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBh bnkgbWVkaXVtLiBUaGFuayB5b3UuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_9A29B438F0E74A68B4EBCEBC4EFA3C9Bciscocom_-- From nobody Thu Jun 22 09:09:53 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD0F129AA3 for ; Thu, 22 Jun 2017 09:09:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.701 X-Spam-Level: X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhiai8MbO43a for ; Thu, 22 Jun 2017 09:09:41 -0700 (PDT) Received: from gproxy8.mail.unifiedlayer.com (gproxy8-pub.mail.unifiedlayer.com [67.222.33.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F777129534 for ; Thu, 22 Jun 2017 09:09:41 -0700 (PDT) Received: from cmgw4 (unknown [10.0.90.85]) by gproxy8.mail.unifiedlayer.com (Postfix) with ESMTP id B2F171AB12C for ; Thu, 22 Jun 2017 10:09:40 -0600 (MDT) Received: from box514.bluehost.com ([74.220.219.114]) by cmgw4 with id bs6x1v00s2UhLwi01s8lBg; Thu, 22 Jun 2017 10:09:39 -0600 X-Authority-Analysis: v=2.2 cv=QdwWhoTv c=1 sm=1 tr=0 a=9W6Fsu4pMcyimqnCr1W0/w==:117 a=9W6Fsu4pMcyimqnCr1W0/w==:17 a=IkcTkHD0fZMA:10 a=LWSFodeU3zMA:10 a=PYnjg3YJAAAA:8 a=yxO3Op9WAAAA:8 a=g0vDTEkLxc6sriSsDc8A:9 a=QEXdDO2ut3YA:10 a=i_s15_cbSXcA:10 a=96-UuAdfYG6OSYlHWuPe:22 a=4Wwj-0ACUBrjPLJtXO3a:22 Received: from [173.224.162.69] (port=23863 helo=[10.225.80.126]) by box514.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from ) id 1dO4eN-0000NH-4a for saag@ietf.org; Thu, 22 Jun 2017 10:08:07 -0600 From: =JeffH To: IETF SAAG Message-ID: <8d869aa1-568e-788f-b8f9-b056fc5d771c@KingsMountain.com> Date: Thu, 22 Jun 2017 09:08:06 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box514.bluehost.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - KingsMountain.com X-BWhitelist: no X-Source-IP: 173.224.162.69 X-Exim-ID: 1dO4eN-0000NH-4a X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([10.225.80.126]) [173.224.162.69]:23863 X-Source-Auth: jeff.hodges+kingsmountain.com X-Email-Count: 1 X-Source-Cap: a2luZ3Ntb3U7a2luZ3Ntb3U7Ym94NTE0LmJsdWVob3N0LmNvbQ== Archived-At: Subject: [saag] fyi: New Special Publication 800-63-3 "Digital Identity Guidelines" Suite published X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 16:09:47 -0000 Of possible interest... [congrats to Jim Fenton and Paul Grassi] SP 800-63-3 Digital Identity Guidelines SP 800-63A Enrollment and Identity Proofing SP 800-63B Authentication and Lifecycle Management SP 800-63C Federation and Assertions On 6/22/17, 7:33 AM, "National Institute of Standards and Technology (NIST)" wrote: Mic Drop — Announcing the New Special Publication 800-63 Suite! 06/22/2017 10:02 AM EDT More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at ! From nobody Thu Jun 22 09:55:52 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E9F129AFC for ; Thu, 22 Jun 2017 09:55:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpRHtWi474g5 for ; Thu, 22 Jun 2017 09:55:41 -0700 (PDT) Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04A40129B00 for ; Thu, 22 Jun 2017 09:55:41 -0700 (PDT) Received: from [192.168.0.13] (unknown [88.182.125.39]) by smtp6-g21.free.fr (Postfix) with ESMTP id ACEA1780374 for ; Thu, 22 Jun 2017 18:55:38 +0200 (CEST) To: saag@ietf.org References: <8d869aa1-568e-788f-b8f9-b056fc5d771c@KingsMountain.com> From: Denis Message-ID: <14050b8e-6cd9-9be7-6a1a-3d8cbe1f19cf@free.fr> Date: Thu, 22 Jun 2017 18:55:44 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <8d869aa1-568e-788f-b8f9-b056fc5d771c@KingsMountain.com> Content-Type: multipart/alternative; boundary="------------B17BF7977E6EFEBE7B66263E" Content-Language: en-US Archived-At: Subject: Re: [saag] fyi: New Special Publication 800-63-3 "Digital Identity Guidelines" Suite published X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 16:55:44 -0000 This is a multi-part message in MIME format. --------------B17BF7977E6EFEBE7B66263E Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Thank you for providing the links. I read in particular section 5.2 (Privacy Requirements) from NIST Special Publication 800-63C (Digital Identity Guidelines) which is reproduced below : (See: https://pages.nist.gov/800-63-3/sp800-63c.html) 5.2 Privacy Requirements Federation involves the transfer of personal attributes from a third party that is not otherwise involved in a transaction — the IdP. Federation also potentially gives the IdP broad visibility into subscriber activities. Accordingly, there are specific privacy requirements associated with federation. Communication between the RP and the IdP could reveal to the IdP where the subscriber is conducting a transaction. Communication with multiple RPs allows the IdP to build a profile of subscriber transactions that would not have existed without federation. This aggregation could enable new opportunities for subscriber tracking and use of profile information that do not always align with subscribers’ privacy interests. The IdP SHALL NOT disclose information on subscriber activities at an RP to any party, nor use the subscriber’s information for any purpose other than federated authentication, related fraud mitigation, to comply with law or legal process, or in the case of a specific user request, to transmit the information. The IdP SHOULDemploy technical measures, such as the use of pairwise pseudonymous identifiers described in Section 6.3 or privacy-enhancing cryptographic protocols, to provide unlinkability and discourage subscriber activity tracking and profiling. (...) From the point of view of human users, this requirement ("SHALL NOT") and this recommendation ("SHOULD") are not satisfactory, since IdPs would be in a position to *act as Big Brother*. The right requirement should be: The IdP SHALL NOT be able to know where the subscribers are conducting transactions. This has major implications on other parts of these documents. Denis > Of possible interest... > > [congrats to Jim Fenton and Paul Grassi] > > > > SP 800-63-3 Digital Identity Guidelines > SP 800-63A Enrollment and Identity Proofing > SP 800-63B Authentication and Lifecycle Management > SP 800-63C Federation and Assertions > > > On 6/22/17, 7:33 AM, "National Institute of Standards and Technology > (NIST)" wrote: > > Mic Drop — Announcing the New Special Publication 800-63 Suite! > 06/22/2017 10:02 AM EDT > > > > More than a year in the making, after a large, cross-industry effort, > we are proud to announce that the new Special Publication (SP) 800-63 > IS. NOW. FINAL. With your help, Electronic Authentication Guidelines > has evolved into Digital Identity Guidelines—a suite of documents > covering digital identity from initial risk assessment to deployment > of federated identity solutions. Check it out now at > ! > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag --------------B17BF7977E6EFEBE7B66263E Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Thank you for providing the links. I read in particular section 5.2 (Privacy Requirements) from
NIST Special Publication 800-63C (Digital Identity Guidelines) which is reproduced below :

(See: https://pages.nist.gov/800-63-3/sp800-63c.html)

 

5.2 Privacy Requirements

Federation involves the transfer of personal attributes from a third party that is not otherwise involved
in a transaction — the IdP. Federation also potentially gives the IdP broad visibility into subscriber activities.
Accordingly, there are specific privacy requirements associated with federation.

Communication between the RP and the IdP could reveal to the IdP where the subscriber is conducting a transaction.
Communication with multiple RPs allows the IdP to build a profile of subscriber transactions that would not have existed
without federation. This aggregation could enable new opportunities for subscriber tracking and use of profile information
that do not always align with subscribers’ privacy interests.

The IdP SHALL NOT disclose information on subscriber activities at an RP to any party, nor use the subscriber’s information
for any purpose other than federated authentication, related fraud mitigation, to comply with law or legal process, or in the case of a specific user request, to transmit the information.

The IdP SHOULD employ technical measures, such as the use of pairwise pseudonymous identifiers described in Section 6.3
or privacy-enhancing cryptographic protocols, to provide unlinkability and discourage subscriber activity tracking and profiling. (...)

 

From the point of view of human users, this requirement ("SHALL NOT") and this recommendation ("SHOULD") are not satisfactory,
since IdPs would be in a position to act as Big Brother.

The right requirement should be:

The IdP SHALL NOT be able to know where the subscribers are conducting transactions.


This has major implications on other parts of these documents.

Denis
 
Of possible interest...

[congrats to Jim Fenton and Paul Grassi]

<https://pages.nist.gov/800-63-3/>

SP 800-63-3   Digital Identity Guidelines
SP 800-63A    Enrollment and Identity Proofing
SP 800-63B    Authentication and Lifecycle Management
SP 800-63C    Federation and Assertions


On 6/22/17, 7:33 AM, "National Institute of Standards and Technology (NIST)" wrote:

Mic Drop — Announcing the New Special Publication 800-63 Suite!
06/22/2017 10:02 AM EDT
<http://trustedidentities.blogs.govdelivery.com/2017/06/22/mic-drop-announcing-the-new-special-publication-800-63-suite/>

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at <https://pages.nist.gov/800-63>!

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


--------------B17BF7977E6EFEBE7B66263E-- From nobody Fri Jun 23 03:51:35 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DDD5128B88; Fri, 23 Jun 2017 03:51:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.597 X-Spam-Level: X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6eE0OywHBTZ; Fri, 23 Jun 2017 03:51:11 -0700 (PDT) Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5F2B1200ED; Fri, 23 Jun 2017 03:51:10 -0700 (PDT) Received: from [192.168.0.13] (unknown [88.182.125.39]) by smtp6-g21.free.fr (Postfix) with ESMTP id 088677803A5; Fri, 23 Jun 2017 12:51:08 +0200 (CEST) To: saag@ietf.org, OAuth WG , IETF Tokbind WG References: <8d869aa1-568e-788f-b8f9-b056fc5d771c@KingsMountain.com> <14050b8e-6cd9-9be7-6a1a-3d8cbe1f19cf@free.fr> From: Denis Message-ID: Date: Fri, 23 Jun 2017 12:51:16 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <14050b8e-6cd9-9be7-6a1a-3d8cbe1f19cf@free.fr> Content-Type: multipart/alternative; boundary="------------2B9F9D64C442E497FC835ED4" Content-Language: en-US Archived-At: Subject: [saag] New Special Publication 800-63-3 "Digital Identity Guidelines" Suite published X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 10:51:14 -0000 This is a multi-part message in MIME format. --------------2B9F9D64C442E497FC835ED4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit I also read section 8 (Security) from NIST Special Publication 800-63C (Digital Identity Guidelines). See: https://pages.nist.gov/800-63-3/sp800-63c.html Section 8.1 states:* * *"*For the purpose of these types of threats, any authorized parties who attempt to exceed their privileges are considered attackers". Section 9.3 identifies a specific use case: "In some instances, an RP does not require a full value of an attribute. For example, an RP may need to know whether the subscriber is over 13 years old, but has no need for the full date of birth". However, Bob who is over 13 might attempt to forward an assertion that he legitimately obtained from an IdP to Alice who is less than 13. This is a collusion attack that has been named : the ABC attack (Alice and Bob Collusion attack). The first description of this attack is available at: https://www.ietf.org/mail-archive/web/oauth/current/msg16767.html Such a threat or attack is not identified in this NIST document and hence no mitigation mechanism is being proposed. Access token binding protection methods developed either by the Token Binding WG or by the OAuth WG do not allow to counter the ABC attack. Either the legitimate user (e.g. Bob) can provide his key to another user (e.g. Alice), or if it can't (e.g. because it is protected by a secure element) he sends requests to his secure element to perform the cryptographic computations that the other user (e.g. Alice) needs. The RP will be unable to know which piece of software or hardware has performed the cryptographic computations. There are two ways to counter this threat: -either to include into the assertion a set of attributes that allows to uniquely identify the user (e.g. name, first name and other attributes) but which is against both data minimization privacy principles and unlinkability privacy principles, -or to use secure elements that allow to only include an attribute like "over 13" into the assertion and which are able to defeat the ABC attack. On July 13, at the OAuth Security Workshop 2017that will take place in Zürich, I will present two methods using secure elements while preserving the user's privacy that are able to defeat the ABC attack. The title of this presentation is : " A privacy by design eID scheme supporting Attribute-based Access Control (ABAC)". See: https://zisc.ethz.ch/oauth-security-workshop-2017/ Denis PS. This email is also posted to the OAuth WG mailing list and the the Token Binding mailing list. Sorry for duplications. > Thank you for providing the links. I read in particular section 5.2 > (Privacy Requirements) from > NIST Special Publication 800-63C (Digital Identity Guidelines) which > is reproduced below : > > > (See: https://pages.nist.gov/800-63-3/sp800-63c.html) > > > 5.2 Privacy Requirements > > Federation involves the transfer of personal attributes from a third > party that is not otherwise involved > in a transaction — the IdP. Federation also potentially gives the IdP > broad visibility into subscriber activities. > Accordingly, there are specific privacy requirements associated with > federation. > > Communication between the RP and the IdP could reveal to the IdP where > the subscriber is conducting a transaction. > Communication with multiple RPs allows the IdP to build a profile of > subscriber transactions that would not have existed > without federation. This aggregation could enable new opportunities > for subscriber tracking and use of profile information > that do not always align with subscribers’ privacy interests. > > The IdP SHALL NOT disclose information on subscriber activities at an > RP to any party, nor use the subscriber’s information > for any purpose other than federated authentication, related fraud > mitigation, to comply with law or legal process, or in the case of a > specific user request, to transmit the information. > > The IdP SHOULDemploy technical measures, such as the use of pairwise > pseudonymous identifiers described in Section 6.3 > > or privacy-enhancing cryptographic protocols, to provide unlinkability > and discourage subscriber activity tracking and profiling. (...) > > From the point of view of human users, this requirement ("SHALL NOT") > and this recommendation ("SHOULD") are not satisfactory, > since IdPs would be in a position to *act as Big Brother*. > > The right requirement should be: > > The IdP SHALL NOT be able to know where the subscribers are conducting > transactions. > > > This has major implications on other parts of these documents. > > Denis > >> Of possible interest... >> >> [congrats to Jim Fenton and Paul Grassi] >> >> >> >> SP 800-63-3 Digital Identity Guidelines >> SP 800-63A Enrollment and Identity Proofing >> SP 800-63B Authentication and Lifecycle Management >> SP 800-63C Federation and Assertions >> >> >> On 6/22/17, 7:33 AM, "National Institute of Standards and Technology >> (NIST)" wrote: >> >> Mic Drop — Announcing the New Special Publication 800-63 Suite! >> 06/22/2017 10:02 AM EDT >> >> >> >> More than a year in the making, after a large, cross-industry effort, >> we are proud to announce that the new Special Publication (SP) 800-63 >> IS. NOW. FINAL. With your help, Electronic Authentication Guidelines >> has evolved into Digital Identity Guidelines—a suite of documents >> covering digital identity from initial risk assessment to deployment >> of federated identity solutions. Check it out now at >> ! >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag --------------2B9F9D64C442E497FC835ED4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

I also read section 8 (Security) from NIST Special Publication 800-63C (Digital Identity Guidelines).
See: https://pages.nist.gov/800-63-3/sp800-63c.html

Section 8.1 states:

"For the purpose of these types of threats, any authorized parties who attempt to exceed their privileges
  are considered attackers".

Section 9.3 identifies a specific use case:

"In some instances, an RP does not require a full value of an attribute. For example, an RP may need to know
  whether the subscriber is over 13 years old, but has no need for the full date of birth".

However, Bob who is over 13 might attempt to forward an assertion that he legitimately obtained from an IdP to Alice
who is less than 13. This is a collusion attack that has been named : the ABC attack (Alice and Bob Collusion attack).
The first description of this attack is available at: https://www.ietf.org/mail-archive/web/oauth/current/msg16767.html

Such a threat or attack is not identified in this NIST document and hence no mitigation mechanism is being proposed.

Access token binding protection methods developed either by the Token Binding WG or by the OAuth WG do not allow
to counter the ABC attack. Either the legitimate user (e.g. Bob) can provide his key to another user (e.g. Alice), or
if it can't (e.g. because it is protected by a secure element) he sends requests to his secure element to perform
the cryptographic computations that the other user (e.g. Alice) needs. The RP will be unable to know which piece of software
or hardware has performed the cryptographic computations.

There are two ways to counter this threat:

-       either to include into the assertion a set of attributes that allows to uniquely identify the user (e.g. name, first name and other attributes)
but which is against both data minimization privacy principles and unlinkability privacy principles,

-       or to use secure elements that allow to only include an attribute like "over 13" into the assertion and which are able to defeat the ABC attack.

On July 13, at the OAuth Security Workshop 2017 that will take place in Zürich, I will present two methods using secure elements while
preserving the user's privacy that are able to defeat the ABC attack. The title of this presentation is :

" A privacy by design eID scheme supporting Attribute-based Access Control (ABAC)".

See: https://zisc.ethz.ch/oauth-security-workshop-2017/

Denis


PS. This email is also posted to the OAuth WG mailing list and the the Token Binding mailing list. Sorry for duplications.


Thank you for providing the links. I read in particular section 5.2 (Privacy Requirements) from
NIST Special Publication 800-63C (Digital Identity Guidelines) which is reproduced below :

(See: https://pages.nist.gov/800-63-3/sp800-63c.html)

 

5.2 Privacy Requirements

Federation involves the transfer of personal attributes from a third party that is not otherwise involved
in a transaction — the IdP. Federation also potentially gives the IdP broad visibility into subscriber activities.
Accordingly, there are specific privacy requirements associated with federation.

Communication between the RP and the IdP could reveal to the IdP where the subscriber is conducting a transaction.
Communication with multiple RPs allows the IdP to build a profile of subscriber transactions that would not have existed
without federation. This aggregation could enable new opportunities for subscriber tracking and use of profile information
that do not always align with subscribers’ privacy interests.

The IdP SHALL NOT disclose information on subscriber activities at an RP to any party, nor use the subscriber’s information
for any purpose other than federated authentication, related fraud mitigation, to comply with law or legal process, or in the case of a specific user request, to transmit the information.

The IdP SHOULD employ technical measures, such as the use of pairwise pseudonymous identifiers described in Section 6.3
or privacy-enhancing cryptographic protocols, to provide unlinkability and discourage subscriber activity tracking and profiling. (...)

 

From the point of view of human users, this requirement ("SHALL NOT") and this recommendation ("SHOULD") are not satisfactory,
since IdPs would be in a position to act as Big Brother.

The right requirement should be:

The IdP SHALL NOT be able to know where the subscribers are conducting transactions.


This has major implications on other parts of these documents.

Denis
 
Of possible interest...

[congrats to Jim Fenton and Paul Grassi]

<https://pages.nist.gov/800-63-3/>

SP 800-63-3   Digital Identity Guidelines
SP 800-63A    Enrollment and Identity Proofing
SP 800-63B    Authentication and Lifecycle Management
SP 800-63C    Federation and Assertions


On 6/22/17, 7:33 AM, "National Institute of Standards and Technology (NIST)" wrote:

Mic Drop — Announcing the New Special Publication 800-63 Suite!
06/22/2017 10:02 AM EDT
<http://trustedidentities.blogs.govdelivery.com/2017/06/22/mic-drop-announcing-the-new-special-publication-800-63-suite/>

More than a year in the making, after a large, cross-industry effort, we are proud to announce that the new Special Publication (SP) 800-63 IS. NOW. FINAL. With your help, Electronic Authentication Guidelines has evolved into Digital Identity Guidelines—a suite of documents covering digital identity from initial risk assessment to deployment of federated identity solutions. Check it out now at <https://pages.nist.gov/800-63>!

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag 




_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


--------------2B9F9D64C442E497FC835ED4-- From nobody Wed Jun 28 20:45:05 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4534D1276AF for ; Wed, 28 Jun 2017 20:45:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMF3EOMjr3R4 for ; Wed, 28 Jun 2017 20:45:00 -0700 (PDT) Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3406B126CBF for ; Wed, 28 Jun 2017 20:44:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id E3C66171C067 for ; Thu, 29 Jun 2017 05:44:56 +0200 (CEST) Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJFOFjAkN1aZ for ; Thu, 29 Jun 2017 05:44:54 +0200 (CEST) Received: from [10.0.0.25] (77-58-54-109.dclient.hispeed.ch [77.58.54.109]) by dragon.pibit.ch (Postfix) with ESMTPSA id 1455A171C035 for ; Thu, 29 Jun 2017 05:44:54 +0200 (CEST) To: saag@ietf.org From: =?UTF-8?B?SGVybsOibmkgTWFycXVlcyAocOKJoXAgZm91bmRhdGlvbik=?= Openpgp: id=31733E0C598D3A1CF70955D6CB5738652768F7E9 Message-ID: Date: Thu, 29 Jun 2017 05:44:05 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sBACEVo6V9E919Pq5TlPJNocg9Snenr80" Archived-At: Subject: [saag] Documenting the pretty Easy privacy (pEp) protocols X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2017 03:45:03 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sBACEVo6V9E919Pq5TlPJNocg9Snenr80 Content-Type: multipart/mixed; boundary="jWuE2AKktWtiAgjUUJEN5DO7rkQBlPLva"; protected-headers="v1" From: =?UTF-8?B?SGVybsOibmkgTWFycXVlcyAocOKJoXAgZm91bmRhdGlvbik=?= To: saag@ietf.org Message-ID: Subject: Documenting the pretty Easy privacy (pEp) protocols --jWuE2AKktWtiAgjUUJEN5DO7rkQBlPLva Content-Type: multipart/mixed; boundary="------------3E0A42DFE7FF7FBB695820BC" This is a multi-part message in MIME format. --------------3E0A42DFE7FF7FBB695820BC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Dear saag list members We, the p=E2=89=A1p (or pEp) foundation, have worked for some time on an architecture and system to achieve "Privacy by Default". pEp stands for pretty Easy privacy. Our goal is automatic message encryption (starting with email) to bring not just good, but also easy message encryption for the masses. That is, including people without any specialized computer expertise -- which effectively are the vast majority in any general population. :) There is a reference implementation to automatize key management, message transport and including a peer-to-peer key synchronization protocol to enable all sorts of users to securely engage in end-to-end encryption and with their messages (including email) readable across their different devices. We would be very happy if other people would engage in our efforts. We are interested in having pEp not just as software, but also documented as RFCs (for opportunistic encryption [RFC 7435], without vendor lock-in and with a peer-to-peer approach by design) to achieve what we call "Privacy by Default". To help the community to interoperate with the pEp implementions, we believe engaging with the IETF and documenting our work in RFCs is the way to go. We intend to document the general principles, message formats and alike and would like to get input and comment from IETF participants as we do that. We have published the most general Internet-Draft on pEp recently, outling the basic ideas and principles: https://datatracker.ietf.org/doc/draft-birk-pep/ Besides that, we have already been working on further Internet-Drafts (not yet submitted) that you can find (alongside with our reference implementation and some libraries we depend on) on our repos site: https://letsencrypt.pep.foundation/dev/ In addition, you can find a white paper outlining the necessity, spirit and concepts at: https://pep.foundation/docs/pEp-whitepaper.pdf What is your opinion regarding our IETF contribution? We are looking forward to your opinions and feedback. Best regards Hernani (council member of p=E2=89=A1p foundation) PS: ISOC just announed their support of this work with a Beyond the Net Large Grant: https://www.internetsociety.org/blog/community-grants-community-projects/= 2017/06/announcing-beyond-net-results-june-2017-grants --=20 p=E2=89=A1p foundation council member (https://pep.foundation) --------------3E0A42DFE7FF7FBB695820BC Content-Type: application/pgp-keys; name="0x2768F7E9.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x2768F7E9.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFWozlEBEADAIFgjylzzPH7JKRJPbiEGoSsrSaCrbWLdy4sNGD4fS7GsuZ9f o/E9iYzC7WwGhN8rB4jsLv/ZfGVbAsmpypvZdReVs/BPidR8Vo1WMOK3lww1L6j8 7UV7TwUzG72u0zMXCUWMtX3+7kWZVlohXPCzDe7xyLu5tdfPWIAxDrI3h/+a4qAR ySVo8RwzILDwjbLF8at0w52oTRIWcr9CAus8ktRKBhc3MiUsSXHGgZLujUsXKAYg Vmh53uEVsjigeHZh6XPrzQPTnQ/VDcqNSRl4n+fQ2e/sZV7CQttcqb9zfj8P6Lyk jG3pe1AUSm9A0o75bi8PUluPWyH0wdt4D29xabFFyBANyYqKiLyZvnBqGSkqswnW 00QoYtMaEBh7nyuoUCa0bTMCRn8NaXRCnuINx+E2llqJqeQ0sMJ5WSQe4RbkWRsF PJOdiouLyHEZUpyQlMFesu/mN565eZsw3a7u9hxnoFgX0tF0hoONMRSAU1y3aZeb a+DvwXDQcSaHmBARQ2v8qWdql16Zhvf7KFo5Cris9jNknInzs2L6pHVZN8AY2ESO 2UXQJ+Fyy5BEHXS4LzEnWRPLYkAE5eVi+ZDcRMQeO2L3ZenqhcRRcQUAaRObho0L WzE+EE8ZvQxlA5hn/4/lHQLk8ZiEgenl+y/mtL8TeXB1HO4DrqahXvlu2QARAQAB tDxIZXJuw6JuaSBNYXJxdWVzIChw4omhcCBmb3VuZGF0aW9uKSA8aGVybmFuaUBw ZXAuZm91bmRhdGlvbj6JAjwEEwEIACYCGyMHCwkIBwMCAQYVCAIJCgsEFgIDAQIe AQIXgAUCVyc6XQIZAQAKCRDLVzhlJ2j36ZLSD/4kywpRTvMvijdNM+3B8W4rLQSo 5BZUvkOEczZl0F4FzGgfaTLyGwj+hZtdatdxhk9jC5uYKaCAR+dP3wl8VjxmnjEc ir796Tw20sJuye4Qz+R9sghnJZM7NDZ7YmV2zpi4RXWY7CIYthpzUq1L3ujDlDNf KdKYd39PiGtyotx2lESw+LBlCddooPLSyPNp7fjWsRCgmg+2+yrVdl7TEO0QFcGs fLaNpjwVs2UXl+JzJql/CzV4Z9QxZAkhgpeObpiu4t/RJuPjmKS8lst7zJirhlwO rlXp5VkGyrmsPkXq/jFDkzNrAAX5uX34jTBgTveCRBr4MElVApq6sgbGfOOqvhU5 SZ2qWPw+t2yHiDbl9tE2Mac2UiodFPbFSlOnHd5KHh+ghWDyxCAkAcwxWexk4PTC WwGxqcvz95JcHXx6PAHDOkCB+zCHX65JOVpYxdb89xb1nBpqKphkXax7fyQbA8Pe Kf3ehp/x1gF94Cb6xevgUw1GeqZoURV65O9fzO0M+xSNjcyL+V1ps2IcZEOfKJtW nQYcfz0GZghSXl5KdKSAUlmt77nGuizsLL4qUaDIV0pvVAmBZmLbJ8vO9XSBDFnw 2mIrFZgUikcNpmZwKP7IwEcY6qz1BACG8xiS93j58qo9D9Ji2DqohIvsMTBFM2KQ p/VmXK9SPyVkNQa4vokCOQQTAQgAIwUCVyc6NQIbIwcLCQgHAwIBBhUIAgkKCwQW AgMBAh4BAheAAAoJEMtXOGUnaPfpJJAQALsvRmAU1dkCxdTMMiPtlzIbjWNwhoWg HP5XIjP/vbOyvu1Hjr1ur1C6WcR2GvlnFr6xlq5P62S2Z6GlCmTABlFdviMdrBIx UbDOywp6FR76w32uuQgq8Vsowdwv9lSJoUo0vR1f+1u0D+VkbAxIaUT3HUFY8pcm uqIpSm+TbvyMXCQ5/H6bNVK64hwifajbkEzqfjDFCcOLNwRLZn2dfJjNIFqC9bS/ Yuw4Rq1iAIWhPG47fu48dcvc2WGKlHHl18jEqNfnOvYM7EpxLtI+Kj1wYnxnmAGN 8LcHKhl9BWatHSV8jFlW0VPNHybL584sOEvlT7dFVsYccePMlljTdrxFSlxawyv6 WyiBIfiHnPxCCTB+FPIEBQhx7AdTnXbx1Ebyb7B9NMedAUKmZ3RCXdt5FsCE397F DHlomrzWs8Pt26dC0oHuLKIOkeMtYnbZoGvvkaNJ8XTkavguAswWQBPOumeVfJG4 u1nRNNRFbD6nGKYsm79KafkIpQKUlrIY6CnxrpuY2XGfqWLpJlWjK79L1EJRZMHP Z2y/6IOOT8truBwvHCu2R/bAXG9q5prHkGNegSc4CwPXbAXdKevrKYBGHrmtn4L8 dqJGlRehQUhZSHSBGckdr4Q7FerbAoEm6Xm2hOU4SKor3e9XAouU+COIRjk0cRTv OkTuySRdioqEtERIZXJuw6JuaSBNYXJxdWVzIChw4omhcCBmb3VuZGF0aW9uKSA8 aGVybmFuaS5tYXJxdWVzQHBlcC5mb3VuZGF0aW9uPokCOQQTAQgAIwUCVyc6TgIb IwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEMtXOGUnaPfpn3gP/1V3n9Xt 8ha1juDe11jq0y0g1jQr1JMhZOoBOp6ttSpYCe9HCoJwVyvO1iGLex6XHSe8zrWv P38aihFoK7jQBc8xwYht1DcpTM7HFyXJ5/Pch8BNS4dsc8eozvm96pBPPmFDcm+i gG6dkO81/9oLqP8+Bagz8G58BktcFhvnjmLrkJftJAJQ4LyP5KlXgmUIxu9l//Wa 8AMkty+feHTIIbrQGDTM44a9N+uHwJ4OQjHNvvOprg4UZAhehLAzCk+gi68uHfhH 0AtKwZ/v/lag7OYle0KZelxFsHnVE+Dhe8HlyKqtCCOCvkWGtz5CBJDO/V/xUQXB SJxJd4Q4w9Gyf0mJ+Ljr8iu1fyaEor68u1ZGkaWbzQSF8Ycx7o6MWV1fAyFpUNUs 3M3vpmJpwrWQdNeCpQaczexnNcrzrYdFDLx8z7MMHEy86QSmjmaDSA+VgAHzV3oo 4R3Wu3wZKDwm4eFDBj8N5IBxMMfjfinnJb01WkAeRtAqK9KdXeWGs6eO6OBm8OSp ao2V/lw3IZIiCdowPaEFzw96DwmES/zTAis74mENrhnbvDrzFVFkNOUdf2Sn9x81 FJ7X13TEjENUhJJI87W+Ttk9eKUarkjtKdHfVpEMnO3Lg6NJiAvwpcYfarzfmorr wp1pscLZBEFGiAuHVgNzY1YwXMirPVnY7MnztDpIZXJuw6JuaSBNYXJxdWVzIChw 4omhcCBwcm9qZWN0KSA8aGVybmFuaUBwZXAtcHJvamVjdC5vcmc+iQI5BBMBCAAj BQJXJzp2AhsjBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQy1c4ZSdo9+kE ng//VY+l7xtGPe9q/FwmZ4ZyAPJn/hnwDjGhPeuEgsT4IgX220NB3UEXFAx8tCSu GY85862dC/AGQeGnzoM5u7rlTRFGuv92EtE2n/2Lfbte6yb5MRmzTgdR7cP1aNpv jCN+kEp4FfmHl1XPBFyX6WLEQG+ZnUDFIyHt2I7dehdN8UogJHdIfZ9y3IEhwPqA Yq4CRkf7P8Zkk2km2Jh8XjjgL5dsjCQKuNAnyktDpxUM3N/ifsOfrNulEIKlDA2y W3kcGL3CPj2ugwXgkSykeXaBzVoqbqRcPOO8/J7mVEOoLVjPwYq8f5NGWq2U0rbJ nRTHX4benaxw7rCi+6nbAEHTj0zbpx6FH8fezuzx86dWlFngqzQDOkiZWzc7ql/e b7pzHXuQ3QC1D+zzNn9TSTSDAjRFpgIuPWkAb/7/WyRfwqd0XzqinisA78I+E+0M OhjpQab/i9hoQRB2LfGaI+gBtaRX3aRotXNT1E5R1fq67r890Sjt3XTzADK9B6Rq pMa6T0LDe4zS2CYnDbUBjljsYGR5WZ7K03Qx2p9qfCFBTt2wvy2J0b526b0yCRIN c6TWDs/SlRqSs/ATaPSbOKfVUhXI8k0k2SV6FSBEPwIY0cUSRPSoANfv+IXjiW3R BbjNkvpbVtu98CDSbMBefAc3X8oVtrZ+rigZzd41QAhaOp20Qkhlcm7Dom5pIE1h cnF1ZXMgKHDiiaFwIHByb2plY3QpIDxoZXJuYW5pLm1hcnF1ZXNAcGVwLXByb2pl Y3Qub3JnPokCOQQTAQgAIwUCVyc6hgIbIwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B AheAAAoJEMtXOGUnaPfprZcQAL4wyuQHrMUb56gfvipTZNAV0YQopEeUtJlNPT3M DYTyD4AiTDmsDZwYaPI7O5m2bNSeLOmhAdqkUXhUOvEIWI0ABqkWVHL93nSEzFiI 5HYIbmh0UqpYf0myXQdWE1qjN6n1xnqk1mmZ7RSuIJ/9zwliiX5Qyr/RVfxOVU3i Bskn5iwGNs0N2anU6oA6EoD3VsuV650aIJN1c1e7bOd0QT4Z+FuYHPqsuZ/gnbD7 AKJIrpO/DoWMG/Ayzw3M746Ff6GKlQFaCmMja6pkfX8NqylbPY+lDlznu9LYXK3z /7gcNSZL3y53d1G5DvbK33sDXpHEpQOVbl6cAR6cgN0jyjh5Pg4VXKWTntAMlK9E /f+3HmH7EILxF6x9kl/TJet94igOvAU3v6Ktd3CPhc2XLvp6oik7NbE4hOFmkgJY q1pW9hffzh9NGzF5l10r9Z4j0bvxbbqXZCsn2/WvK4FhidZhyHgceM/kbH6jZdOE ZPw+Kxxlfsy4CeNDexas2OO1coz68lBiO6uD9+QgoV207hy4D5txTRF3YnR3TDdP bxiXnA8T/xNKOfMvWzfT4pmsuQdK9+DLmDPHDCZli3/5fLh2B2tb/r/SxLRNEaJj LEzbgPxxH53G5FOvjGR4isUbsZz0n2K2KZSxzVAEpkG1qmMhtGM4KZB2l+KTHBpx zElRtC9IZXJuYW5pIE1hcnF1ZXMgKHBFcCkgPGhlcm5hbmlAcGVwLXByb2plY3Qu b3JnPohGBBMRAgAGBQJV7/dAAAoJEHuDbkH3q5zl2OgAn12XbKVf0usg/exDv8tO xOzPTr8eAJ9b4QFCS/Bayw5zE3Fy650owknfJIkCHAQQAQIABgUCVfCW0wAKCRA9 g02NGPgJNGo+D/0ew5kut7hDw8dADIPpHaaSHfCu+7TskdQxUsbrg/4wvmiQ5lZv FBDtbqvtBHXVQ1Oj2xtPRRdlL5wuiBqf6hpnR8dQclggnALakVi8D+c38AKQFFBp APTraa6bCRawSS74+nOyrSpR/hUsYXmDyOvQCBxKpwS7Qi/Ob/JpfVZpLwD+297Z +ILNFixbYlYuA7V8z+ErQdkhSpkgtBoeB20gbw/FmqyQKvtM0ul43mINJpNzYP4y vU4YsDCNClGOYWLLPFLcnvVowmhRmMO7rM0eF6FfhLOGhbb31H8akl2Op2C7EiMv 2D8DGiZtV5QtVt9r/PCdl9LLEnw1kjULA50yCD0F4eXFLPLU1S6APqKFtSv9esSI NLjo0q1b4S5ekmUEqhBMRHvREPwGmsWjodp7pe1QPNPqb7prNAOwBxyKveXWIbL0 TaYbPhBQ4az7cUsWmlW9Bgn08zu9Jl9t9SdoEp6BV8qk7y6VmimMLYe2pST5dZjw eb7+u4Sfnfttxlt6kwu+hyz/c1RX9VdvgkzaJ+8i+pWvHyijmiStQTiHtJEcKbzh gHcEDfOkvFMGmNpHlVuB8skUnb9HeGheb6QZ2mRmCwZlKQQIMDYHE6xOIw8RJBHi IhvXOr73mXcORAsBvEAkGKQRldjtuQpb2dWEaL8oz3p4TA6vI/8y4qj7mYkCHAQQ AQgABgUCVe/3TgAKCRBLSiQj0EHGPcmQD/9ngwa9R8nsM0CTCMioJEbWJ4INnaDN D8uvnPzRT+vyUkTJzM+RCvVOoGgrmCFeqOeCQhdf20ExsANsqtv9XQEyDDI7PvnA nprJLSYozfpYscPe7N2MSwTBiPz70t03L5j6YfJhooCok921U0+xCNUl3LXzfIkX TxMC0z77VxSqEiHiPgQH4owqnDuEhRPte/ZtzvMgCRIk8L8+9UZazl8hF4r9XPP+ h8EFVJW0MB2ANICvmHcspiVd6QJdPTYHZIwZ2LMrb5Dt1QwyNkTDKvoImgR6qiaR 06GDyMhis6l8seu6GuAtOZGh2RGsGGPDPozcTi1kdytFmGC0W2J+bMoYeEMiAH4I p4o4KvLwvEIhU1RTMWg3Qo172w1Y2FLQSQLar5kVvjHfAdpgAeZMliPl7+ydziDF +EYP2p4d6kw6aPZNoB7uD1mhdgxts0lBuU3iRQwhOQTcrrJj/2DtUPdoFGoR5OTV Drmb1lodw5WWzI8FtTZ7C6ZyGPjj+V7COTSHGP4R7YLXKrPFK+5AjxzozK+cIgvY SZol8ZfAusxzz5mHXeTZqpHkQNdfCCHWCJ7og2W5baprUgkQn2O9AqEMSLQW9hpM GbzKIVh6ZFl6n2is/dZubS5aCH9+bNJqEi8Vd/pMsW9MMEeteGKc1WoGtDFFDM0Y ocgvF1CsSfGfMIkCOQQTAQgAIwUCVajOUQIbIwcLCQgHAwIBBhUIAgkKCwQWAgMB Ah4BAheAAAoJEMtXOGUnaPfpw2sP/3YEftsFv83sPLBclsA5HFNRr4FsXzbRv9F7 grDsqnvecgD8ItwUJ0G/Z/0uqXCPKecnq6mNhRZiX+AtNkGiMle6xcWI2kacAi/L 61GPyXWohsy7d42ej+FK2/lyKScTg979XBAXGJCCfyGoaVU0Rt9zlHyOOB3091YC 4gSYkMJ2i7jsdp7lqqvTwM6oPnEQkS75XliTDKesvYdrK87MTcF5tlBNVq0ycGmp GDOY5+d5HvkaJyhfUeJcknvMPIcObsH674vyhTejXabQg2uUhiWyOFEz4T2Xw72X dvtXhB8eIGNJOrGP8HqG0fhejoyXV7m2n0X9taYB+VqFrRnT9WeoStaMHzLhEAvO gLIXGe5bDPVkE0fV6SASvClAATtgsrunsYIuhQ5qHmcAxofCr0D4CA4YDhnRQbdb RaEKrHPFKkdtw9W8D2HO8X0xq6FmykYNuKI9k7w5oPgzuGnftBX/8VpKEaSAOaIX 4q4MrelsbyaJ8Ujx4fUFaGHQW2s1rmmJf8BnEEntyDSi3Tq7JABSeA0O5/JUJS9a 4rSMvvssdtYSSAtBD0N8yZTtdjdhaFffPbpv0PKmuNbjX1Fs0NOJDPWKwrSohXDW qr36ott5ap3/3wf/5upgKNR8AKoqjCF0hmPS2L3S+LNnqlZY8eomhf9YA1gSN49y R+2hAje7iQI8BBMBCAAmAhsjBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlZf iokCGQEACgkQy1c4ZSdo9+lrTg/9FOyKWzceXttk0a3cnUpop7AQkQC9FfE9QQzF OW4VHk1ZKTlH7V1QrOrzU5fadd8C71oHbf75fVTlmNtcl9OE0fnx0T6G+FKvTyJV +W9LIRbsNe8+q7eRRtf/HsjQdblEIqkdUlAhVRgCjBI6K/reMYVoz5FxSGoIMjfx ds1K3kQICxS+uu+zRm6ff8VuWHMSESC34IxlIvfBf3vbPYnUPhu4Cn0UTxH3pmHm k+teJ1uFWiX98HAxDpv0ZobKNa9imcSCKhYTqdm89XBXND01bUd44w3RCmSqgzEQ oRi0Jj+ieg4XSn98lOItIBPE2pi92NskdSJr7C5++0fO9xrzURZjqGiEPmiegW+O MvnI6X9O2SBzXYU7GBiqpprWsa/y0WKRJ8O+kEVzGUI1BngeqvZ52QHGN9v5Wnho 0gvAWgiAmDVn6n3yfcnI+SBJHmvy+Im6TI8aNSX4G9xQjVukM/iWyjsNzAyxjtdk buOBiKAOADDqTC39HwsGoHXuKIzEZMGTFx7vA1yutogtg8MfUsqX18Ilt8p6v+dt JJY14MzF9fyVIfVr83Fc0IPuv3f59+7VQPY4AO9rUN+bcjggdKY9peLGizcT1msW ew4byIIjU39EfCx1ojfYkDFmV6fQOMOLWT62RgIiyORRKI0Ma2LnrHUqPDU6kWM7 8skVH+e0Pkhlcm5hbmkgTWFycXVlcyAocEVwIENvdW5jaWwpIDxoZXJuYW5pLm1h cnF1ZXNAcGVwLmZvdW5kYXRpb24+iQI5BBMBCAAjBQJWX4p+AhsjBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AACgkQy1c4ZSdo9+lsdw/9Ea0y2n0Indyhw8RaC7u/ Lu+OV5a03ATiWuV16vyYFXiJaVTCildscXCRpSRHrT84zk4eYf6ysRuzlXZUcg00 9nF6lajuzDm6E66ZJXkoInGpwEcGMx5odUeSKxcaZ5IQveEWyJahLbHf4FgQts2r 8BsChkoSEvhxojBhHQT5FYxdYNcKnrNj63UZw+xwTbg/79PWOjB141OEwNOT4rgg XSZ67w8O1JtMtMGYAgI2KiHIxUPruEudiJI8DvXUakX9LJRTpJnqSacgkC/ahL8m 5//7ePriUO2FR6ZeDkGp5z6g59+liruJhOcmbjpr7wAo6hVzdkpLT8qu4uuoaWM/ kRayEKfhlUj0SCcG751ucTE+yH9HMRBDUV/8fhVuoLsEHnq49/J/cVx7qr1y4EfD DaN8zW8ILe4vcZwGgbD0lI5r6tey2YyvwVEKDEe1vIiarbRsHa+6haX885SAyooI fdqKDcn6NGM12AVAPOIe2+2Q7GZV6AACD+j7GWX/jiNaV4HwJ2/SsNBFPw2/lDow sHnhFdvwEROynRlGG3FbHMGJ5HrNhQJWWZDPF40hDpuJpQRUuc5uzOzQUptag9m5 gfxCQNQXCtlIpIJ3CdlJJjPzndIHktV6/eo2xiAn24b2yBeiBnKjET6OE5iswAd4 DO3BjAKTBYYmqD2OMC+QCzS5Ag0EVajOUQEQALy+1UBEbXWX5iE1YezJ1qHy2DtT +0JUHiEMbY2iGO/cV4qXOwC5+w6ASp2Udoy52iHznW6AcktoQF/bf8JCxXGGISJM I0tS+1b61NuKW+vkXDiSgYn5X5V+mjqS4fFmTMoqo5ig4jqIunmEuwLlJxkP30s8 tUeGMRzcWSF5MvSKqQu0yXqg7N4MhEzMt4M4dV+I59HyoORJ805VBOFhr8jCtlg4 ug0HrySlLqRp20hhKL8lBUA5opyQkMNSbA+I0S5gFq9sZz31lLVC7sYm6ckap6FB ziAwcfnTfnFL4YFfTH4CIdkDFElCZ9318/cSnqbbhilRzvXh8aZfZl5wGntS6cIM JYbbKKGwdsPTkA5IR5yEVH1RbvD/m1d4cu5jqGfTeeRNMIngVirIa7W1Z49x/tTK ykUM6/mheqnzEqbbJsXLrnKN6Y+eu6mJLQgQhj/HNfk09j/wtgo1aRQgL/UVZDVT cuP0MuG9tTeZ39nt6dFaI3+IsTa4QhnDcO1dJ+eYsuCJmVY3CtuZ5Sh3GcNGk6sX +eeEMkfZ0jN9uwIWqhva5dqvetoO0VMfQyZiAauNxB0cjo2Cpl+xv+vQHEqPfFcY dY3QCay5Alsn3ttd6Ht+S2IB/BukcO9N+EmYT1HgJkS1c4UR6x512b0NTGRC6yMF AGSshsx3z9DInGvRABEBAAGJAh8EGAEIAAkFAlWozlECGwwACgkQy1c4ZSdo9+kp hw//Sw7Ji9eTyfJHdzRXNa1cA335dY1QYKq9/6eGhSjcyRGz4bHyHUDt5G5dmKwm aYrPGS3Hr2H1+Z3w9BD5X/V1ZVgsKYYVM18N0CsnarJdcugdwC1difyMzo2NJGz6 btuFey6ZiMZo6EQKgsH/0sLChHSLM5sjBgdmWswkWh7L8oNrFv/p091FVj6rFeda /e7g3xK2NjPSk3+oX5aLgcCrUSeWJCZflyEL6NEf3EOAahzzoqUfN9D6aTjZWPSm TVTO21t8s86XeSPuYBVGGODyIkCXWJxkm2WXY5AoPLYJWmmm9TwOJE0FgM/nTj04 cBNW91q8tCCaCx//2dGfW+EdAMew/G8aa2cJgbF7iJs5IWpMRUxujMM7rWJdxXjA h6Y3FiVc5UtYO87HmthC953QiJntDTa/72Oi7HrGw/wUtSRm2S9G/jdpXZ7WBaPD 0R4/QcXS9590nMfFahWfQs6cdAOtLBJzCL6JMX4sHqaycwxErzd0jvtohCGJW0Ks c8GjTxWtmgBpCVzkTidkWgXICzd7EKE36z5Ir6jvN7NLe4qbPQF+uDWmxQqAK92/ Iwt/NBALQ2oWAiHN5j8v2/ObJDuZH5Q4DGzzVmXYAeKjVMyH9Upsutnu8iYrvghK yC1RKKPPjqzJvcZkDO24NIw8RM1VxPH/3UxXFg+hWD+7KMw=3D =3DaXrV -----END PGP PUBLIC KEY BLOCK----- --------------3E0A42DFE7FF7FBB695820BC-- --jWuE2AKktWtiAgjUUJEN5DO7rkQBlPLva-- --sBACEVo6V9E919Pq5TlPJNocg9Snenr80 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEMXM+DFmNOhz3CVXWy1c4ZSdo9+kFAllUd4UACgkQy1c4ZSdo 9+mE1w/8CdUOh2UXiFGMCiCm1500Tf+t++XjicrJu4ABoZDZ9MCVKt3nmK++Zo8C NLxo3/gjzrkzgVRgW34/zn+RXL+7OwbzGN8uHaSkJ+ol9bW83vPy2WyjIVQxDHqS NTLtwt1p+EbCTxUtArhxI6afwgFYvHdmr90S/GuTqGKm1DHbtG7SImGN7+Z0nJBX 92MjLN+uKrLpyqBZ2XNuovrzh4DeBRKROJWjlVyR+BijjyiLNlvTb4yoXLiSddKN 4n172ISr9FaGlhxulZTIdHLljCslUKo2PnnnQuEoa1l6KEBAv9dw/pFTZHVNdeBm 5V0HefKGVYpOKgEdzPCY8fHD9FlRaToOSNn8T+0g6OkqiZVC331kzlZQnruje/qd l1AAYj2C0vgFpr9hxqKpa4oFXCOcb+LjOhWM7iI33dHuOv6XzKrjxV35ECx9ouv9 pZylxUhSpKY0Jq7J2g3LD4VBfc+WACKdDZL9AptBtqUO4356XrzoGoqY9156/OH2 z8KNBzD8P33lsnGlI1h+VPbEOwXGdTaSYzuMFxTVZMNb0Ne1DABF4If9p0R6FAT8 l0op2vM6BLRT3tqy4cgHukJrEOqmF1+9uxFKc2TB0Zptmnlu5HpTHT1LAx4EmrB8 CTAirrw2kkctv3ghcGFfMabTXW3I/iV2ToR5T0Qa252tYbOTAHU= =J8HO -----END PGP SIGNATURE----- --sBACEVo6V9E919Pq5TlPJNocg9Snenr80-- From nobody Fri Jun 30 14:20:53 2017 Return-Path: X-Original-To: saag@ietfa.amsl.com Delivered-To: saag@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C463129B8C for ; Fri, 30 Jun 2017 14:20:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiOfK7Un8s49 for ; Fri, 30 Jun 2017 14:20:50 -0700 (PDT) Received: from vesa.cs.pub.ro (vesa.cs.pub.ro [141.85.227.187]) by ietfa.amsl.com (Postfix) with ESMTP id 9C346129B55 for ; Fri, 30 Jun 2017 14:20:49 -0700 (PDT) IronPort-PHdr: =?us-ascii?q?9a23=3AAS27/R1/jHZNuCmZsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?seIUKPad9pjvdHbS+e9qxAeQG96KtLQc06L/iOPJYSQ4+5GPsXQPItRndiQuro?= =?us-ascii?q?EopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZv?= =?us-ascii?q?JuTyB4Xek9m72/q89pDXYQhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+?= =?us-ascii?q?VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfM?= =?us-ascii?q?QA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7Vq4/Vyi84Kh3SR/okC?= =?us-ascii?q?YHOCA/8GHLkcx7kaZXrAu8qxBj34LYZYeYP+d8cKzAZ9MXXXdPXshPWSJBAY2y?= =?us-ascii?q?YYUAAOUDMulEtITyvUcCoAGkCAWwCu7iyDlFjWL2060g1OQhFBnL0wMkH90UrX?= =?us-ascii?q?vUrdD1NKYIUeuo1afIySnDYO1M1jf79YjDbxcsoe+IXb1qbMXRyEwvFwLfjlmK?= =?us-ascii?q?rozlOy+V2foXvGid8uptTv6gi3U9pwFpvzig3d0gipPOho8MzF3P6Ct3wIEwJd?= =?us-ascii?q?KiSU57Z8apEJpOuCGGOYt6WMQiQ3tnuCs817YIuoa7cTAXxJko2hLTcf+KfoiS?= =?us-ascii?q?7h79SuqcIy10iXx9dL+7hxu+60qtx+zmWsWpzlpHrTBJnsfQunwQ0RHY99KJRe?= =?us-ascii?q?Fn/ki73DaCzwXT6uZZLk8qjafbMJshwqIolpoUrETDAjf6mEXog6+ScUUp4vao?= =?us-ascii?q?6+H9bbXnop+QLZN7ihrkPqQ2h8ywGv40MhIJX2SD+OS80qPs/VHhTblXgfA6j7?= =?us-ascii?q?PVvZPaKMgBuKK1HQ1Y3pwt5hqnCjepytUYnX0JLFJffxKHipDkO0/KIP/iEPi/?= =?us-ascii?q?glGskDZxx/zcOb3hBonNIWbZn7fnYLZw8FJTyBEpwdBH+pJbEasNIOj0WkPprt?= =?us-ascii?q?zXEgc5MxCow+bgENh9zZkRVniAAqKCMaPdr0OI5uw1L+mLfo8Vt2W1F/9w/Pfn?= =?us-ascii?q?glc4lEMTO66z0sg5cne9S8piKkmYZHv2yvAFDWoDuBd2GPLugVGDVD9JIXG2Q6?= =?us-ascii?q?814CwTA5ngFZrJAJqq1u/SlBynF4FbMzgVQmuHFm3lIsDdA68B?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2D1CACzv1ZZ/wPjVY1cHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBhBEDgQuDbIsMkHiYDC6FaQMCAoNwAQEBAQEBAQECAWoogjMkAYJ?= =?us-ascii?q?AAQMDI1YQHAMBAisCAk8IEwYCAQGKLwyxdYImKYsoAQEBAQYBAQEBAQEigyeDT?= =?us-ascii?q?IIMh02DKYJhBYlbhmqBBY0wgiCFJI5GVoEPg2WDTIZ4lSsCV4EKMSFXh0JzAYk?= =?us-ascii?q?pAQEB?= X-IPAS-Result: =?us-ascii?q?A2D1CACzv1ZZ/wPjVY1cHAEBBAEBCgEBFwEBBAEBCgEBhBE?= =?us-ascii?q?DgQuDbIsMkHiYDC6FaQMCAoNwAQEBAQEBAQECAWoogjMkAYJAAQMDI1YQHAMBA?= =?us-ascii?q?isCAk8IEwYCAQGKLwyxdYImKYsoAQEBAQYBAQEBAQEigyeDTIIMh02DKYJhBYl?= =?us-ascii?q?bhmqBBY0wgiCFJI5GVoEPg2WDTIZ4lSsCV4EKMSFXh0JzAYkpAQEB?= X-IronPort-AV: E=Sophos;i="5.40,288,1496091600"; d="scan'208,217";a="865232" Received: from mail.cs.pub.ro (HELO vmail.cs.pub.ro) ([141.85.227.3]) by vesa.cs.pub.ro with ESMTP; 01 Jul 2017 00:20:47 +0300 Received: from localhost (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTP id 3A5261A601AC; Sat, 1 Jul 2017 00:20:47 +0300 (EEST) Received: from vmail.cs.pub.ro ([127.0.0.1]) by localhost (vmail.cs.pub.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id xsoI4IsDRX4g; Sat, 1 Jul 2017 00:20:47 +0300 (EEST) Received: from vmail.cs.pub.ro (localhost [127.0.0.1]) by vmail.cs.pub.ro (Postfix) with ESMTPS id 1ADE91A601B7; Sat, 1 Jul 2017 00:20:47 +0300 (EEST) Received: from [192.168.1.70] (unknown [95.76.128.201]) by vmail.cs.pub.ro (Postfix) with ESMTPSA id 100671A601AC; Sat, 1 Jul 2017 00:20:47 +0300 (EEST) References: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> To: saag@ietf.org Cc: =?UTF-8?Q?Drago=c8=99_Niculescu?= From: Vladimir Olteanu X-Forwarded-Message-Id: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> Message-ID: <50558a0f-6ae0-190c-9a25-6a55244e2c53@cs.pub.ro> Date: Sat, 1 Jul 2017 00:20:46 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <149871247634.6490.5928844232347189122.idtracker@ietfa.amsl.com> Content-Type: multipart/alternative; boundary="------------BC0551166EDB8BC3ED201ABD" Content-Language: en-US Archived-At: Subject: [saag] SOCKS 6 Draft X-BeenThere: saag@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Advisory Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jun 2017 21:20:52 -0000 This is a multi-part message in MIME format. --------------BC0551166EDB8BC3ED201ABD Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hello, We have submitted a draft describing a new version of the SOCKS=20 protocol. You can find the abstract and a link to the draft below. Best, Vlad and Drago=C8=99 -------- Forwarded Message -------- Subject: New Version Notification for draft-olteanu-intarea-socks-6-00.t= xt Date: Wed, 28 Jun 2017 22:01:16 -0700 From: internet-drafts@ietf.org To: Vladimir Olteanu , Dragos Niculescu=20 A new version of I-D, draft-olteanu-intarea-socks-6-00.txt has been successfully submitted by Vladimir Olteanu and posted to the IETF repository. Name: draft-olteanu-intarea-socks-6 Revision: 00 Title: SOCKS Protocol Version 6 Document date: 2017-06-28 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/internet-drafts/draft-olteanu-intare= a-socks-6-00.txt Status: https://datatracker.ietf.org/doc/draft-olteanu-intarea-so= cks-6/ Htmlized: https://tools.ietf.org/html/draft-olteanu-intarea-socks-6= -00 Htmlized: https://datatracker.ietf.org/doc/html/draft-olteanu-intar= ea-socks-6-00 Abstract: The SOCKS protocol is used primarily to proxy TCP connections to arbitrary destinations via the use of a proxy server. Under the latest version of the protocol (version 5), it takes 2 RTTs (or 3, if authentication is used) before data can flow between the client and the server. This memo proposes SOCKS version 6, which reduces the number of RTTs used, takes full advantage of TCP Fast Open, and adds support for 0-RTT authentication. = =20 Please note that it may take a couple of minutes from the time of submiss= ion until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --------------BC0551166EDB8BC3ED201ABD Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Hello,

We have submitted a draft describing a new version of the SOCKS protocol. You can find the abstract and a link to the draft below.<= br>
Best,
Vlad and Drago=C8=99


-------- Forwarded Message --------
Sub= ject: New Version Notification for draft-olteanu-intarea-socks-6-00.txt
Dat= e: Wed, 28 Jun 2017 22:01:16 -0700
Fro= m: internet-drafts@ietf.org
To:= Vladimir Olteanu <vladimir.olteanu@cs.pub.ro>, Dragos Niculescu <dragos.niculescu@cs.pub.ro> 


A new version of I-D, draft-olteanu-intarea-socks-6-00.txt
has been successfully submitted by Vladimir Olteanu and posted to the
IETF repository.

Name:		draft-olteanu-intarea-socks-6
Revision:	00
Title:		SOCKS Protocol Version 6
Document date:	2017-06-28
Group:		Individual Submission
Pages:		12
URL:            https://www.=
ietf.org/internet-drafts/draft-olteanu-intarea-socks-6-00.txt
Status:         https://datatracker.ie=
tf.org/doc/draft-olteanu-intarea-socks-6/
Htmlized:       https://tools.ietf.org/ht=
ml/draft-olteanu-intarea-socks-6-00
Htmlized:       https://datatra=
cker.ietf.org/doc/html/draft-olteanu-intarea-socks-6-00


Abstract:
   The SOCKS protocol is used primarily to proxy TCP connections to
   arbitrary destinations via the use of a proxy server.  Under the
   latest version of the protocol (version 5), it takes 2 RTTs (or 3, if
   authentication is used) before data can flow between the client and
   the server.

   This memo proposes SOCKS version 6, which reduces the number of RTTs
   used, takes full advantage of TCP Fast Open, and adds support for
   0-RTT authentication.

                                                                         =
        =20


Please note that it may take a couple of minutes from the time of submiss=
ion
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
--------------BC0551166EDB8BC3ED201ABD--