From nobody Thu Oct 3 10:27:21 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB1412012E for ; Thu, 3 Oct 2019 10:27:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iay6zel2P425 for ; Thu, 3 Oct 2019 10:27:17 -0700 (PDT) Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F68A12012A for ; Thu, 3 Oct 2019 10:27:17 -0700 (PDT) Received: from pps.filterd (m0078664.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x93HNMVj026301 for ; Thu, 3 Oct 2019 13:27:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=team-neustar; bh=MGhsRuXEcIg7tOmNLUWXnStlLBl0fco5N+zk9cRDOF0=; b=Ml1bo63L6xuH6+cXzFlKpXvzIQMPpVTXAURT8vNEH6f9zcl0CCRA7K21DRKy96Z8/Ftr jE/CHki99oxaPiGXXIVEPq3+Y5vIlS/Q9I2R0QQanUAjaTL56nm/UFB7g2+T1t5M1+Zf qjL6PSt3GSG1ZR3ydtdiG0b+spFnI630LYPCfPPOAbtmtHqiKsk/T6Dw91BuP65UXFzA 8s9jN2uN9dogAfm4qndLfgp34zGd8PVLTvN/sy4gvPKbFK0ca96g8Rgn1hpFyBHDpODz wKTK38KmAw12lpvu73NN+gqXCizoLjxfrL1p0MvO1KdO2HiB9Rp8qEzwHfUa+W/QYAhA GQ== Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2va25x8jnu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 03 Oct 2019 13:27:16 -0400 Received: from STNTEXMB101.cis.neustar.com ([fe80::a831:d3b4:fb4e:e45b]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0439.000; Thu, 3 Oct 2019 13:27:09 -0400 From: "Peterson, Jon" To: "stir@ietf.org" Thread-Topic: quoted ppt parameter value redux Thread-Index: AQHVeg/ISMi94GnCLEyL2tqq3RscQg== Date: Thu, 3 Oct 2019 17:27:08 +0000 Message-ID: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.10.c.190715 x-originating-ip: [10.96.12.167] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-03_07:2019-10-03,2019-10-03 signatures=0 X-Proofpoint-Spam-Reason: safe Archived-At: Subject: [stir] quoted ppt parameter value redux X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 17:27:19 -0000 DQpSRkM4MjI0IHNlY3Rpb24gNC4xIGdpdmVzIHRoZSBmb2xsb3dpbmcgZ3VpZGFuY2UgYWJvdXQg dGhlIHN5bnRheCBmb3IgUEFTU3BvclQgVHlwZXM6DQoNCiAgICAgIEZvdXJ0aCwgaWYgYSBQQVNT cG9yVCBleHRlbnNpb24gaXMgaW4gdXNlLCB0aGVuIHRoZSBvcHRpb25hbCBKU09ODQogICAgICBr ZXkgInBwdCIgTVVTVCBiZSBwcmVzZW50IGFuZCBoYXZlIGEgdmFsdWUgZXF1aXZhbGVudCB0byB0 aGUNCiAgICAgIHF1b3RlZCB2YWx1ZSBvZiB0aGUgInBwdCIgcGFyYW1ldGVyIG9mIHRoZSBJZGVu dGl0eSBoZWFkZXIgZmllbGQuDQoNCkRvZXMgdGhhdCBpbXBseSB0aGF0IHRoZSB2YWx1ZXMgb2Yg dGhlICJwcHQiIHBhcmFtZXRlciBpbiB0aGUgSWRlbnRpdHkgaGVhZGVyIGZpZWxkIGFyZSBxdW90 ZWQ/IElmIHNvLCB0aGF0IHNlZW1zIHRvIGNyZWF0ZSBhIGNvbmZsaWN0IHdpdGggdGhlIEFCTkYg Zm9yIHRoZSBJZGVudGl0eSBoZWFkZXIgZmllbGQsIHdoaWNoIGdpdmVzICJ0b2tlbiIgYXMgdGhl IHR5cGUgZm9yICJwcHQiIHBhcmFtZXRlciB2YWx1ZXMuICBCYWNrIGluIElFVEYgMTAxLCBhcyB3 ZSB3ZXJlIHB1c2hpbmcgYWxvbmcgdGhlIGZpcnN0IFBBU1Nwb3JUIHR5cGVzIGFzIGV4dGVuc2lv bnMgdG8gU1RJUiwgImRpdiIgYW5kICJycGgiLCB3ZSBoYWQgYSBkaXNjdXNzaW9uIGFib3V0IHdo ZXRoZXIgdGhlIHZhbHVlcyBvZiB0aGUgInBwdCIgcGFyYW1ldGVyIG9mIHRoZSBJZGVudGl0eSBo ZWFkZXIgc2hvdWxkIGJlIHF1b3RlZCBvciB1bnF1b3RlZC4gQXMgd2Ugc2FpZCBhdCB0aGUgdGlt ZSwgaXQgaXNuJ3QgcmVhbGx5IGltcG9ydGFudCB3aGV0aGVyIHBwdCBwYXJhbWV0ZXIgdmFsdWVz IGFyZSBxdW90ZWQgb3Igbm90IGZyb20gYSBkZXNpZ24gcGVyc3BlY3RpdmUsIGJ1dCBJdCBpcyBp bXBvcnRhbnQgdGhhdCB3ZSBhbGwganVzdCBhZ3JlZSBvbiBpdCBvbmUgd2F5IG9yIGFub3RoZXIu IFRoZSBvdXRjb21lIG9mIHRoYXQgZGlzY3Vzc2lvbiB3YXMgcmVmbGVjdGVkIGluIHRoZSBtaW51 dGVzIGFzOg0KDQogICBJU1NVRTogU2hvdWxkIHBwdCB2YWx1ZXMgYmUgcXVvdGVkIG9yIG5vdD8N CiAgIE9VVENPTUU6IFF1b3RpbmcgaXMgbWFuZGF0b3J5Lg0KDQpCYXNlZCBvbiB0aGF0IG91dGNv bWUsIHdlIGJha2VkIHF1b3RlZCBwcHRzIGludG8gdGhlIHJlc3VsdGluZyBkb2NzIChzZWUgUkZD ODQ0MyA0LjEgZm9yIGFuIGV4YW1wbGUgd2l0aCBwcHQ9InJwaCIgcmF0aGVyIHRoYW4gcHB0PXJw aCkuIEhvd2V2ZXIsIGFzIFNUSVIgaW1wbGVtZW50YXRpb24gcmFtcHMgdXAsIHdlIGFyZSBoZWFy aW5nIGEgbnVtYmVyIG9mIHJlcG9ydHMgb2YgQVMncyB1c2luZyB1bnF1b3RlZCBwcHQgcGFyYW1l dGVyIHZhbHVlcywgYW5kIGl0IHNvdW5kcyBsaWtlIG1hbnkgVlMgaW1wbGVtZW50YXRpb25zIGFy ZSByZXNpZ25lZCB0byBhY2NlcHRpbmcgYm90aCAtIGJ1dCB0aGF0IHNvbWUgaW1wbGVtZW50YXRp b25zIGFyZSBvbmx5IGFjY2VwdGluZyB1bnF1b3RlZC4NCg0KV2UgaGF2ZSB0aGUgb3Bwb3J0dW5p dHkgdG8gZXJyYXRhIFJGQzgyMjQgdG8gc2V0IHRoaXMgbWF0dGVyIHN0cmFpZ2h0LCBidXQgaXQg c2VlbXMgdGhlIGltcGxlbWVudGF0aW9uIGNvbW11bml0eSBzdGlsbCBkb2Vzbid0IGFncmVlIG9u IHdoYXQgc2hvdWxkIGNvdW50IGFzIHN0cmFpZ2h0LiBVbnF1b3RlZCBzYXZlcyB0d28gb2N0ZXRz LCBidXQgbGV0J3MgYmUgaG9uZXN0LCBzYXZpbmcgdHdvIG9jdGV0cyBvZiBhIFNUSVIgSWRlbnRp dHkgaGVhZGVyIGZpZWxkIHZhbHVlLCBlc3BlY2lhbGx5IG9uZSB3aXRoIGEgUEFTU3BvclQgZXh0 ZW5zaW9uLCBpcyBub3QgZ29pbmcgdG8gbGV0IGFueW9uZSBmYWxsIGJhY2sgdG8gVURQLiBRdW90 ZWQgY29uZm9ybXMgd2l0aCB3aGF0J3MgaW4gUkZDcyB3ZSd2ZSBhbHJlYWR5IHNoaXBwZWQsIGFu ZCBvbmVzIGluIHRoZSBwaXBlbGluZS4gSSBoYXRlIHRvIHJlLW9wZW4gYSBkaXNjdXNzaW9uIHdl IGhhZCBhbHJlYWR5LCBidXQgaXQgZG9lcyBzZWVtIHRvIGJlIG5lY2Vzc2FyeS4gSWYgd2XigJly ZSBnb2luZyB0byBlcnJhdGEgdGhpcywgc2hvdWxkIHRoZSBmaXggY29uZm9ybSB0byB0aGUgSUVU RiAxMDEgY29uc2Vuc3VzIGNhbGwgKCJxdW90aW5nIGlzIG1hbmRhdG9yeSIpIG9yIG5vdD8NCg0K Sm9uIFBldGVyc29uDQpOZXVzdGFyLCBJbmMuDQoNCg== From nobody Thu Oct 3 13:20:05 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533D212025D for ; Thu, 3 Oct 2019 13:20:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnPQlYhVE9Ce for ; Thu, 3 Oct 2019 13:20:00 -0700 (PDT) Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB4FA1200B7 for ; Thu, 3 Oct 2019 13:19:59 -0700 (PDT) Received: by mail-qt1-x833.google.com with SMTP id c3so5412943qtv.10 for ; Thu, 03 Oct 2019 13:19:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uJOc1ehjKmdxwXxE3+plX0Z5GDFHQ/TeZqK/dm4CnTw=; b=xclK/bqfBPu12lKzMIRXGMNk3b5d8KxyDmib1k78tBoxm/1z8gszvjr2Ptv9QXrOzw IH2LSD/dE7oeBOCqBdfjLHATVUcYFYczS9vfH5NGuoeGf0NWr4Pc+PmMdU7Y8AcNGHoG fWrCbvqSPuE0UFAIpJE5Lgb5/JICTdE8mmqmXrr7xSgz81aUV96DYGR6H4wur1VppgBS 2tQqcQ2W/FNx25WOU/E4dmwVR6leibwxlX8tRcBTnT35SfpbyExlqvaXaVw5su+FFaDp MaQ1ln1uJrw/m+BZRqZOVODeLN2AM5630wcwqHEbVo5lE+5I/dPiwQ97vdgskILBoosf 0F3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uJOc1ehjKmdxwXxE3+plX0Z5GDFHQ/TeZqK/dm4CnTw=; b=QXuXr7mLvr3c0aCGOpZcoYd9nyFiuzNrke56GBv1MiXWMhUdMushMhKTRav/WcEPwJ MBn/QNumkMCF9t4LdT7/aJb/LzaNHhG6irBKWCmufXCY/Sk8Ejoy5c15qB8jrdoj2oNt SKFQA5x1/hFOH+u8EGfORgU9pdltBO8ESP5PUlaUk2Z8TOtrnCheeYzeOa1JbKJD/ZfU F77mnJlLZVhJNe/ew1oo5Sonn4coEa9akyEGVl2Ag9FyeF2vBl9vXbZohQUyRbbrqGyd l27g/FrhzimbbtkeSf00dU6uR0kXmHTKEQuUbDmZE0XSiO9BiTSPi0aC71dGx+eEv2H1 7zRQ== X-Gm-Message-State: APjAAAUcEotBfm3rysHo7THxeTx4a3eoH5uP+/WRMgDMyj3jpLlcmbvT 0J+C3ATemp1oQuX5Q5J1I3sr9w== X-Google-Smtp-Source: APXvYqxwVIxiRFaxqa0Sqn7hiCO24RUq6jd40J93fpHS6ImgcD55ALZhNq0HD3uFy8rcI0JDWLfE9A== X-Received: by 2002:a05:6214:1549:: with SMTP id t9mr10698535qvw.68.1570133998996; Thu, 03 Oct 2019 13:19:58 -0700 (PDT) Received: from ?IPv6:2601:41:c402:39e0:350f:d864:d005:c51e? ([2601:41:c402:39e0:350f:d864:d005:c51e]) by smtp.gmail.com with ESMTPSA id b22sm1924238qkc.58.2019.10.03.13.19.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Oct 2019 13:19:58 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Chris Wendt In-Reply-To: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar> Date: Thu, 3 Oct 2019 16:19:57 -0400 Cc: "stir@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <9650A5C9-723A-4E9E-84FF-88A7CE087A37@chriswendt.net> References: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar> To: "Peterson, Jon" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [stir] quoted ppt parameter value redux X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 20:20:03 -0000 Yes, i think we should stick with that decision, if other parameters are = quoted, it only makes sense ppt should be as well. Let=E2=80=99s do an errata on this. -Chris > On Oct 3, 2019, at 1:27 PM, Peterson, Jon = wrote: >=20 >=20 > RFC8224 section 4.1 gives the following guidance about the syntax for = PASSporT Types: >=20 > Fourth, if a PASSporT extension is in use, then the optional JSON > key "ppt" MUST be present and have a value equivalent to the > quoted value of the "ppt" parameter of the Identity header field. >=20 > Does that imply that the values of the "ppt" parameter in the Identity = header field are quoted? If so, that seems to create a conflict with the = ABNF for the Identity header field, which gives "token" as the type for = "ppt" parameter values. Back in IETF 101, as we were pushing along the = first PASSporT types as extensions to STIR, "div" and "rph", we had a = discussion about whether the values of the "ppt" parameter of the = Identity header should be quoted or unquoted. As we said at the time, it = isn't really important whether ppt parameter values are quoted or not = from a design perspective, but It is important that we all just agree on = it one way or another. The outcome of that discussion was reflected in = the minutes as: >=20 > ISSUE: Should ppt values be quoted or not? > OUTCOME: Quoting is mandatory. >=20 > Based on that outcome, we baked quoted ppts into the resulting docs = (see RFC8443 4.1 for an example with ppt=3D"rph" rather than ppt=3Drph). = However, as STIR implementation ramps up, we are hearing a number of = reports of AS's using unquoted ppt parameter values, and it sounds like = many VS implementations are resigned to accepting both - but that some = implementations are only accepting unquoted. >=20 > We have the opportunity to errata RFC8224 to set this matter straight, = but it seems the implementation community still doesn't agree on what = should count as straight. Unquoted saves two octets, but let's be = honest, saving two octets of a STIR Identity header field value, = especially one with a PASSporT extension, is not going to let anyone = fall back to UDP. Quoted conforms with what's in RFCs we've already = shipped, and ones in the pipeline. I hate to re-open a discussion we had = already, but it does seem to be necessary. If we=E2=80=99re going to = errata this, should the fix conform to the IETF 101 consensus call = ("quoting is mandatory") or not? >=20 > Jon Peterson > Neustar, Inc. >=20 > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir From nobody Thu Oct 3 14:09:01 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6301B12081B for ; Thu, 3 Oct 2019 14:08:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.748 X-Spam-Level: X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3sf66UaX-bv2 for ; Thu, 3 Oct 2019 14:08:57 -0700 (PDT) Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 827CB120818 for ; Thu, 3 Oct 2019 14:08:57 -0700 (PDT) Received: by mail-wr1-x434.google.com with SMTP id q9so4315670wrm.8 for ; Thu, 03 Oct 2019 14:08:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=b9eVAI9sQY4sImJbBv/xP0voN5+qlXKcLAlHNE3AKFE=; b=lXt/wG4bcEIOEkW0kztdM6Z/S7NY0gq1P70xlx0gN09UIh6pLuzcXSnYso3yV4ZRS/ pSj1u9pIa9WfaK8CPqfDKNWUsu5CaeQdXVMjfkNnly8Fpqr4T1bzkqhahL5oMLZSNnPf U+Dm36WQULWjmCaJqZJW5L4lUladoB2i0QjE/7x8ekzzYO5FX1cYL3+Xy8xsrOKkdyI8 j3yBD8aVw71h0Zkv1Ree/yWLwbEGXdIoBaBUn4gtXklHbPKne9epr7+lFliWxtDspyWR sPVYmPQMd1Bnro01Z4+d7Vhl/hwGnLtzeiNRqkolxOt06STjp+nwf/H5sk9bkyH64aZy AMNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=b9eVAI9sQY4sImJbBv/xP0voN5+qlXKcLAlHNE3AKFE=; b=r1x7aZJ20UHdrlV996Pi86DBhhSfTJbKyYFT+uI9FTdr3W1PkEdKAxIUOHfIHdMjF+ /mDTQFrRufS278PxEMQW6MRWm5TCpb0lXhhbxiZV3Jn6fEzY/I9BkzHpyj3DbUQlyBsU k+p7faL3+tX9JTmwE4mhjeOozqW73k1aSaLeyBqkegCYvvPgsI/4h/Vb6UMlPsmsxijn MruYyAxCYK5KcaCJ8hULwLitks+IlBq5HmFxOcMmerWg4mZRwD9IAUW7eJM+SmpRF+6F JcmzKnluP8VZnSUpkv7jgB2aK/FJ0JFqUEOQ6Vx+C+AUx6Eogds8E672nIwTEbVLhJGU XgYQ== X-Gm-Message-State: APjAAAX66zIV5r1Pzt1OZ/8G+H4emYJA8t+jtsYwaFEEF3GfdyfwjIob OkVY5spX28YATO912ojJU3LAX8twpWu/K7NUh7M= X-Google-Smtp-Source: APXvYqzM5jCEMgwzxl0Fr7E4lIbR7SmXvANG87lnfDlRe+RRAwhpC8wcH9/UMWr8vWNwpYk19P/Qz4JN2wqsszW1gjU= X-Received: by 2002:adf:ed8f:: with SMTP id c15mr8655315wro.83.1570136936033; Thu, 03 Oct 2019 14:08:56 -0700 (PDT) MIME-Version: 1.0 References: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar> <9650A5C9-723A-4E9E-84FF-88A7CE087A37@chriswendt.net> In-Reply-To: <9650A5C9-723A-4E9E-84FF-88A7CE087A37@chriswendt.net> From: Subir Das Date: Thu, 3 Oct 2019 17:08:44 -0400 Message-ID: To: Chris Wendt Cc: "Peterson, Jon" , "stir@ietf.org" Content-Type: multipart/alternative; boundary="0000000000005231e5059407fec6" Archived-At: Subject: Re: [stir] quoted ppt parameter value redux X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 21:09:00 -0000 --0000000000005231e5059407fec6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I also agree that we should stick to that decision. -Subir On Thu, Oct 3, 2019 at 4:20 PM Chris Wendt wrote: > Yes, i think we should stick with that decision, if other parameters are > quoted, it only makes sense ppt should be as well. > > Let=E2=80=99s do an errata on this. > > -Chris > > > On Oct 3, 2019, at 1:27 PM, Peterson, Jon > wrote: > > > > > > RFC8224 section 4.1 gives the following guidance about the syntax for > PASSporT Types: > > > > Fourth, if a PASSporT extension is in use, then the optional JSON > > key "ppt" MUST be present and have a value equivalent to the > > quoted value of the "ppt" parameter of the Identity header field. > > > > Does that imply that the values of the "ppt" parameter in the Identity > header field are quoted? If so, that seems to create a conflict with the > ABNF for the Identity header field, which gives "token" as the type for > "ppt" parameter values. Back in IETF 101, as we were pushing along the > first PASSporT types as extensions to STIR, "div" and "rph", we had a > discussion about whether the values of the "ppt" parameter of the Identit= y > header should be quoted or unquoted. As we said at the time, it isn't > really important whether ppt parameter values are quoted or not from a > design perspective, but It is important that we all just agree on it one > way or another. The outcome of that discussion was reflected in the minut= es > as: > > > > ISSUE: Should ppt values be quoted or not? > > OUTCOME: Quoting is mandatory. > > > > Based on that outcome, we baked quoted ppts into the resulting docs (se= e > RFC8443 4.1 for an example with ppt=3D"rph" rather than ppt=3Drph). Howev= er, as > STIR implementation ramps up, we are hearing a number of reports of AS's > using unquoted ppt parameter values, and it sounds like many VS > implementations are resigned to accepting both - but that some > implementations are only accepting unquoted. > > > > We have the opportunity to errata RFC8224 to set this matter straight, > but it seems the implementation community still doesn't agree on what > should count as straight. Unquoted saves two octets, but let's be honest, > saving two octets of a STIR Identity header field value, especially one > with a PASSporT extension, is not going to let anyone fall back to UDP. > Quoted conforms with what's in RFCs we've already shipped, and ones in th= e > pipeline. I hate to re-open a discussion we had already, but it does seem > to be necessary. If we=E2=80=99re going to errata this, should the fix co= nform to > the IETF 101 consensus call ("quoting is mandatory") or not? > > > > Jon Peterson > > Neustar, Inc. > > > > _______________________________________________ > > stir mailing list > > stir@ietf.org > > https://www.ietf.org/mailman/listinfo/stir > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > --0000000000005231e5059407fec6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I also agree that we should stick to that decision. <= br>

-Subir

On Thu, Oct 3, 2019 at 4:20 P= M Chris Wendt <chris-ietf@c= hriswendt.net> wrote:
Yes, i think we should stick with that decision, if other para= meters are quoted, it only makes sense ppt should be as well.

Let=E2=80=99s do an errata on this.

-Chris

> On Oct 3, 2019, at 1:27 PM, Peterson, Jon <jon.peterson@team.neusta= r> wrote:
>
>
> RFC8224 section 4.1 gives the following guidance about the syntax for = PASSporT Types:
>
>=C2=A0 =C2=A0 =C2=A0 Fourth, if a PASSporT extension is in use, then th= e optional JSON
>=C2=A0 =C2=A0 =C2=A0 key "ppt" MUST be present and have a val= ue equivalent to the
>=C2=A0 =C2=A0 =C2=A0 quoted value of the "ppt" parameter of t= he Identity header field.
>
> Does that imply that the values of the "ppt" parameter in th= e Identity header field are quoted? If so, that seems to create a conflict = with the ABNF for the Identity header field, which gives "token" = as the type for "ppt" parameter values.=C2=A0 Back in IETF 101, a= s we were pushing along the first PASSporT types as extensions to STIR, &qu= ot;div" and "rph", we had a discussion about whether the val= ues of the "ppt" parameter of the Identity header should be quote= d or unquoted. As we said at the time, it isn't really important whethe= r ppt parameter values are quoted or not from a design perspective, but It = is important that we all just agree on it one way or another. The outcome o= f that discussion was reflected in the minutes as:
>
>=C2=A0 =C2=A0ISSUE: Should ppt values be quoted or not?
>=C2=A0 =C2=A0OUTCOME: Quoting is mandatory.
>
> Based on that outcome, we baked quoted ppts into the resulting docs (s= ee RFC8443 4.1 for an example with ppt=3D"rph" rather than ppt=3D= rph). However, as STIR implementation ramps up, we are hearing a number of = reports of AS's using unquoted ppt parameter values, and it sounds like= many VS implementations are resigned to accepting both - but that some imp= lementations are only accepting unquoted.
>
> We have the opportunity to errata RFC8224 to set this matter straight,= but it seems the implementation community still doesn't agree on what = should count as straight. Unquoted saves two octets, but let's be hones= t, saving two octets of a STIR Identity header field value, especially one = with a PASSporT extension, is not going to let anyone fall back to UDP. Quo= ted conforms with what's in RFCs we've already shipped, and ones in= the pipeline. I hate to re-open a discussion we had already, but it does s= eem to be necessary. If we=E2=80=99re going to errata this, should the fix = conform to the IETF 101 consensus call ("quoting is mandatory") o= r not?
>
> Jon Peterson
> Neustar, Inc.
>
> _______________________________________________
> stir mailing list
> stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir

_______________________________________________
stir mailing list
stir@ietf.org
https://www.ietf.org/mailman/listinfo/stir
--0000000000005231e5059407fec6-- From nobody Fri Oct 4 13:39:48 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B36D120025 for ; Fri, 4 Oct 2019 13:39:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rbbn.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTGifb_n_0qp for ; Fri, 4 Oct 2019 13:39:44 -0700 (PDT) Received: from us-smtp-delivery-181.mimecast.com (us-smtp-delivery-181.mimecast.com [216.205.24.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2097A120013 for ; Fri, 4 Oct 2019 13:39:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rbbn.com; s=mimecast20180816; t=1570221582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=BYGr2u93I96aN/HrIBCqyFYxzSbOVvs3jGCa4QTMdhg=; b=eENrIsdQdRtINOO24tAi9q2Cnis+81zLWckku8ZPjnIKDvvo6F/zEsWRRK8AhGSdMw/6LN Q6KjpHhjltOprzyokmB43+OA+XUWR9pIwUW4+FQ8ir6cK8+sZzDG083Q/A2tX09rT5UTrh d/NjgP0UxQ+R49D1n4Dn3p76oSbzPCE= Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-bn3nam04lp2052.outbound.protection.outlook.com [104.47.46.52]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-257-DNNO2biQMT2OQlcNWKsorw-1; Fri, 04 Oct 2019 16:39:40 -0400 Received: from DM6PR03MB4731.namprd03.prod.outlook.com (20.179.104.141) by DM6PR03MB4124.namprd03.prod.outlook.com (20.176.120.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.23; Fri, 4 Oct 2019 20:39:37 +0000 Received: from DM6PR03MB4731.namprd03.prod.outlook.com ([fe80::5ce6:cc23:95d7:a68]) by DM6PR03MB4731.namprd03.prod.outlook.com ([fe80::5ce6:cc23:95d7:a68%7]) with mapi id 15.20.2327.023; Fri, 4 Oct 2019 20:39:37 +0000 From: "Asveren, Tolga" To: Subir Das , Chris Wendt CC: "Peterson, Jon" , "stir@ietf.org" Date: Fri, 4 Oct 2019 16:39:37 -0400 Thread-Topic: [stir] quoted ppt parameter value redux Thread-Index: AQHVeg/ISMi94GnCLEyL2tqq3RscQqdJW7mAgAANogCAAYfnYA== Message-ID: References: <79880B31-1AAC-45FD-A60D-CBFF01B584AE@team.neustar> <9650A5C9-723A-4E9E-84FF-88A7CE087A37@chriswendt.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US authentication-results: spf=none (sender IP is ) smtp.mailfrom=tasveren@rbbn.com; x-originating-ip: [73.80.74.66] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 99e402d0-f40e-493e-ac94-08d7490af946 x-ms-traffictypediagnostic: DM6PR03MB4124: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 018093A9B5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(39860400002)(366004)(136003)(396003)(189003)(199004)(81166006)(81156014)(8936002)(74316002)(790700001)(66066001)(6116002)(3846002)(256004)(14444005)(486006)(52536014)(229853002)(9686003)(476003)(4326008)(11346002)(6246003)(55016002)(6506007)(186003)(236005)(71190400001)(71200400001)(86362001)(7736002)(6436002)(53546011)(5660300002)(102836004)(6306002)(54896002)(8676002)(446003)(26005)(76176011)(33656002)(110136005)(54906003)(14454004)(99286004)(606006)(25786009)(66446008)(66556008)(64756008)(66476007)(76116006)(66946007)(2906002)(316002)(966005)(478600001)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR03MB4124; H:DM6PR03MB4731.namprd03.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PinbJ9lPWbaTyzMDhIkS+KYTMaq1A5EA3bXwsjuhcDnFEnH/U36P/+VtUJE+tkoKHnLibpdZQfcn8ntfXt2mGUpTibE34itqr7rlPy1VQgodwkGR2ebpQs0ug/HWAk91a2bhoIHjdoIYDUdNckhjcjWirgUAwgDKnb1hqmyxvlTx6NIwwxxHwRrL54LpDHu1oUp/a0luq35pDEYPDTEpzY/60d1RtemJCj8t0t4sfZOxRRHxD5jbye6+b9CgsLEXDJDq9T8ihEVKXgtt+3WxRsSKqPzvZXyx00360PdW24iQsWVat1oo4lX9N4Jy8KnWtdmkFNFtFmfoGkr+gIQtAWFjnc6iOSy3HhW7MPwCCNHQ0ltMsE5Sacewo4iz5G6PElGp7Q49UgLwMwwnmfPhtTYhfMedpffwZmnYYCsWTKnRLcbwhD8VqLMAYW542w6Pp+JzD/ZQBTyTNzF7LmdMvQ== x-ms-exchange-transport-forked: True x-originatororg: rbbn.com x-ms-exchange-crosstenant-network-message-id: 99e402d0-f40e-493e-ac94-08d7490af946 x-ms-exchange-crosstenant-originalarrivaltime: 04 Oct 2019 20:39:37.5604 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3 x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: 8o4BbEI8p0c27J8w8il6+zt7gxIlefy/6zbnWctC2/TWHps5y84Ke9m5gdZlQeW7FH6KsaBKN8V9podUedHnhQ== x-ms-exchange-transport-crosstenantheadersstamped: DM6PR03MB4124 x-mc-unique: DNNO2biQMT2OQlcNWKsorw-1 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 Content-Type: multipart/alternative; boundary="_000_DM6PR03MB473148FDCE718A19CA4BDE55A59E0DM6PR03MB4731namp_" Archived-At: Subject: Re: [stir] quoted ppt parameter value redux X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 20:39:47 -0000 --_000_DM6PR03MB473148FDCE718A19CA4BDE55A59E0DM6PR03MB4731namp_ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 SSBzdWdnZXN0IHNvbWUg4oCcYmFja3dhcmQgY29tcGF0aWJpbGl0eSBhd2FyZW5lc3PigJ0gaW4g dGhpcyBkZWNpc2lvbjoNCg0KaS0gQ3VycmVudCBSRkM4MjI0IElkZW50aXR5IGhlYWRlciBzeW50 YXggYWxsb3dzIGJvdGggcXVvdGVkL3VucXVvdGVkIHZhbHVlcyBmb3IgcHB0IGFzIGl0IGlzIGRl ZmluZWQgYXMgYSDigJx0b2tlbuKAnS4NCmlpLSBDdXJyZW50IFJGQzgyMjQgNC4xIHNlZW1zIHRv IGltcGx5IHRoYXQgSWRlbnRpdHkgaGVhZGVyIHBwdCB2YWx1ZSBpcyBleHBlY3RlZCB0byBiZSB1 bnF1b3RlZCBhcyBpdCBhc2tzIHRvIHF1b3RlIHRoZSBwcHQgcGFyYW1ldGVyIHZhbHVlIHdoZW4g Y29uc3RydWN0aW9uIHRoZSBwcHQgSlNPTiBrZXkuDQoNCk5vdywgd2Ugd2FudCB0byBlbmZvcmNl IHRoZSBvcHBvc2l0ZS4gVGhpcyBtYXkgY2F1c2UgaXNzdWVzIHdpdGggZXhpc3RpbmcgZXF1aXBt ZW50IHdoaWNoIGlzIGltcGxlbWVudGVkIGFjY29yZGluZyB0byBpLS9paS0uIFNvbWUgd291bGQg YmUgbGVuaWVudCwgc29tZSB3b3VsZCBleHBlY3QgdW5xdW90ZWQgYW5kIHNvbWUgbWF5YmUgd291 bGQgZXhwZWN0IHF1b3RlZC4gSSBzdWdnZXN0IHRoYXQgZXJyYXRhIHByb3ZpZGVzIGNsYXJpZmlj YXRpb24gdGhhdDoNCg0KICogICBCb3RoIGZvcm1zIGFyZSB2YWxpZA0KICogICBRdW90aW5nIG9m IHBwdCBKU09OIGtleSBzaG91bGQgaGFwcGVuIG9ubHkgaWYgdGhlIHBwdCBwYXJhbWV0ZXIgdmFs dWUgaXMgbm90IHF1b3RlZA0KDQpJdCB3b3VsZCBiZSBiZXR0ZXIgdG8gZW5mb3JjZSBhIHNpbmds ZSBmb3JtYXQgZnJvbSBkYXkgb25lIGJ1dCBhbGFz4oCmIEZvciBub3csIEkgdGhpbmsgZW5mb3Jj aW5nIGxlbmllbmN5IGlzIHRoZSBsZWFzdCB3b3JzdCBvZiBwb3NzaWJsZSBvcHRpb25zLg0KDQpU aGFua3MsDQpUb2xnYQ0KDQpGcm9tOiBzdGlyIDxzdGlyLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJl aGFsZiBPZiBTdWJpciBEYXMNClNlbnQ6IFRodXJzZGF5LCBPY3RvYmVyIDMsIDIwMTkgNTowOSBQ TQ0KVG86IENocmlzIFdlbmR0IDxjaHJpcy1pZXRmQGNocmlzd2VuZHQubmV0Pg0KQ2M6IFBldGVy c29uLCBKb24gPGpvbi5wZXRlcnNvbkB0ZWFtLm5ldXN0YXI+OyBzdGlyQGlldGYub3JnDQpTdWJq ZWN0OiBSZTogW3N0aXJdIHF1b3RlZCBwcHQgcGFyYW1ldGVyIHZhbHVlIHJlZHV4DQoNCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fDQpOT1RJQ0U6IFRoaXMgZW1haWwgd2FzIHJlY2Vp dmVkIGZyb20gYW4gRVhURVJOQUwgc2VuZGVyDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXw0KDQpJIGFsc28gYWdyZWUgdGhhdCB3ZSBzaG91bGQgc3RpY2sgdG8gdGhhdCBkZWNpc2lv bi4NCg0KLVN1YmlyDQoNCk9uIFRodSwgT2N0IDMsIDIwMTkgYXQgNDoyMCBQTSBDaHJpcyBXZW5k dCA8Y2hyaXMtaWV0ZkBjaHJpc3dlbmR0Lm5ldDxtYWlsdG86Y2hyaXMtaWV0ZkBjaHJpc3dlbmR0 Lm5ldD4+IHdyb3RlOg0KWWVzLCBpIHRoaW5rIHdlIHNob3VsZCBzdGljayB3aXRoIHRoYXQgZGVj aXNpb24sIGlmIG90aGVyIHBhcmFtZXRlcnMgYXJlIHF1b3RlZCwgaXQgb25seSBtYWtlcyBzZW5z ZSBwcHQgc2hvdWxkIGJlIGFzIHdlbGwuDQoNCkxldOKAmXMgZG8gYW4gZXJyYXRhIG9uIHRoaXMu DQoNCi1DaHJpcw0KDQo+IE9uIE9jdCAzLCAyMDE5LCBhdCAxOjI3IFBNLCBQZXRlcnNvbiwgSm9u IDxqb24ucGV0ZXJzb25AdGVhbS5uZXVzdGFyPG1haWx0bzpqb24ucGV0ZXJzb25AdGVhbS5uZXVz dGFyPj4gd3JvdGU6DQo+DQo+DQo+IFJGQzgyMjQgc2VjdGlvbiA0LjEgZ2l2ZXMgdGhlIGZvbGxv d2luZyBndWlkYW5jZSBhYm91dCB0aGUgc3ludGF4IGZvciBQQVNTcG9yVCBUeXBlczoNCj4NCj4g ICAgICBGb3VydGgsIGlmIGEgUEFTU3BvclQgZXh0ZW5zaW9uIGlzIGluIHVzZSwgdGhlbiB0aGUg b3B0aW9uYWwgSlNPTg0KPiAgICAgIGtleSAicHB0IiBNVVNUIGJlIHByZXNlbnQgYW5kIGhhdmUg YSB2YWx1ZSBlcXVpdmFsZW50IHRvIHRoZQ0KPiAgICAgIHF1b3RlZCB2YWx1ZSBvZiB0aGUgInBw dCIgcGFyYW1ldGVyIG9mIHRoZSBJZGVudGl0eSBoZWFkZXIgZmllbGQuDQo+DQo+IERvZXMgdGhh dCBpbXBseSB0aGF0IHRoZSB2YWx1ZXMgb2YgdGhlICJwcHQiIHBhcmFtZXRlciBpbiB0aGUgSWRl bnRpdHkgaGVhZGVyIGZpZWxkIGFyZSBxdW90ZWQ/IElmIHNvLCB0aGF0IHNlZW1zIHRvIGNyZWF0 ZSBhIGNvbmZsaWN0IHdpdGggdGhlIEFCTkYgZm9yIHRoZSBJZGVudGl0eSBoZWFkZXIgZmllbGQs IHdoaWNoIGdpdmVzICJ0b2tlbiIgYXMgdGhlIHR5cGUgZm9yICJwcHQiIHBhcmFtZXRlciB2YWx1 ZXMuICBCYWNrIGluIElFVEYgMTAxLCBhcyB3ZSB3ZXJlIHB1c2hpbmcgYWxvbmcgdGhlIGZpcnN0 IFBBU1Nwb3JUIHR5cGVzIGFzIGV4dGVuc2lvbnMgdG8gU1RJUiwgImRpdiIgYW5kICJycGgiLCB3 ZSBoYWQgYSBkaXNjdXNzaW9uIGFib3V0IHdoZXRoZXIgdGhlIHZhbHVlcyBvZiB0aGUgInBwdCIg cGFyYW1ldGVyIG9mIHRoZSBJZGVudGl0eSBoZWFkZXIgc2hvdWxkIGJlIHF1b3RlZCBvciB1bnF1 b3RlZC4gQXMgd2Ugc2FpZCBhdCB0aGUgdGltZSwgaXQgaXNuJ3QgcmVhbGx5IGltcG9ydGFudCB3 aGV0aGVyIHBwdCBwYXJhbWV0ZXIgdmFsdWVzIGFyZSBxdW90ZWQgb3Igbm90IGZyb20gYSBkZXNp Z24gcGVyc3BlY3RpdmUsIGJ1dCBJdCBpcyBpbXBvcnRhbnQgdGhhdCB3ZSBhbGwganVzdCBhZ3Jl ZSBvbiBpdCBvbmUgd2F5IG9yIGFub3RoZXIuIFRoZSBvdXRjb21lIG9mIHRoYXQgZGlzY3Vzc2lv biB3YXMgcmVmbGVjdGVkIGluIHRoZSBtaW51dGVzIGFzOg0KPg0KPiAgIElTU1VFOiBTaG91bGQg cHB0IHZhbHVlcyBiZSBxdW90ZWQgb3Igbm90Pw0KPiAgIE9VVENPTUU6IFF1b3RpbmcgaXMgbWFu ZGF0b3J5Lg0KPg0KPiBCYXNlZCBvbiB0aGF0IG91dGNvbWUsIHdlIGJha2VkIHF1b3RlZCBwcHRz IGludG8gdGhlIHJlc3VsdGluZyBkb2NzIChzZWUgUkZDODQ0MyA0LjEgZm9yIGFuIGV4YW1wbGUg d2l0aCBwcHQ9InJwaCIgcmF0aGVyIHRoYW4gcHB0PXJwaCkuIEhvd2V2ZXIsIGFzIFNUSVIgaW1w bGVtZW50YXRpb24gcmFtcHMgdXAsIHdlIGFyZSBoZWFyaW5nIGEgbnVtYmVyIG9mIHJlcG9ydHMg b2YgQVMncyB1c2luZyB1bnF1b3RlZCBwcHQgcGFyYW1ldGVyIHZhbHVlcywgYW5kIGl0IHNvdW5k cyBsaWtlIG1hbnkgVlMgaW1wbGVtZW50YXRpb25zIGFyZSByZXNpZ25lZCB0byBhY2NlcHRpbmcg Ym90aCAtIGJ1dCB0aGF0IHNvbWUgaW1wbGVtZW50YXRpb25zIGFyZSBvbmx5IGFjY2VwdGluZyB1 bnF1b3RlZC4NCj4NCj4gV2UgaGF2ZSB0aGUgb3Bwb3J0dW5pdHkgdG8gZXJyYXRhIFJGQzgyMjQg dG8gc2V0IHRoaXMgbWF0dGVyIHN0cmFpZ2h0LCBidXQgaXQgc2VlbXMgdGhlIGltcGxlbWVudGF0 aW9uIGNvbW11bml0eSBzdGlsbCBkb2Vzbid0IGFncmVlIG9uIHdoYXQgc2hvdWxkIGNvdW50IGFz IHN0cmFpZ2h0LiBVbnF1b3RlZCBzYXZlcyB0d28gb2N0ZXRzLCBidXQgbGV0J3MgYmUgaG9uZXN0 LCBzYXZpbmcgdHdvIG9jdGV0cyBvZiBhIFNUSVIgSWRlbnRpdHkgaGVhZGVyIGZpZWxkIHZhbHVl LCBlc3BlY2lhbGx5IG9uZSB3aXRoIGEgUEFTU3BvclQgZXh0ZW5zaW9uLCBpcyBub3QgZ29pbmcg dG8gbGV0IGFueW9uZSBmYWxsIGJhY2sgdG8gVURQLiBRdW90ZWQgY29uZm9ybXMgd2l0aCB3aGF0 J3MgaW4gUkZDcyB3ZSd2ZSBhbHJlYWR5IHNoaXBwZWQsIGFuZCBvbmVzIGluIHRoZSBwaXBlbGlu ZS4gSSBoYXRlIHRvIHJlLW9wZW4gYSBkaXNjdXNzaW9uIHdlIGhhZCBhbHJlYWR5LCBidXQgaXQg ZG9lcyBzZWVtIHRvIGJlIG5lY2Vzc2FyeS4gSWYgd2XigJlyZSBnb2luZyB0byBlcnJhdGEgdGhp cywgc2hvdWxkIHRoZSBmaXggY29uZm9ybSB0byB0aGUgSUVURiAxMDEgY29uc2Vuc3VzIGNhbGwg KCJxdW90aW5nIGlzIG1hbmRhdG9yeSIpIG9yIG5vdD8NCj4NCj4gSm9uIFBldGVyc29uDQo+IE5l dXN0YXIsIEluYy4NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18NCj4gc3RpciBtYWlsaW5nIGxpc3QNCj4gc3RpckBpZXRmLm9yZzxtYWlsdG86c3Rp ckBpZXRmLm9yZz4NCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdGly PGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc3Rpcj4NCg0KX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnN0aXIgbWFpbGluZyBsaXN0 DQpzdGlyQGlldGYub3JnPG1haWx0bzpzdGlyQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9zdGlyPGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vc3Rpcj4NCg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KTm90aWNlOiBUaGlzIGUtbWFpbCB0b2dldGhlciB3aXRo IGFueSBhdHRhY2htZW50cyBtYXkgY29udGFpbiBpbmZvcm1hdGlvbiBvZiBSaWJib24gQ29tbXVu aWNhdGlvbnMgSW5jLiB0aGF0DQppcyBjb25maWRlbnRpYWwgYW5kL29yIHByb3ByaWV0YXJ5IGZv ciB0aGUgc29sZSB1c2Ugb2YgdGhlIGludGVuZGVkIHJlY2lwaWVudC4gIEFueSByZXZpZXcsIGRp c2Nsb3N1cmUsIHJlbGlhbmNlIG9yDQpkaXN0cmlidXRpb24gYnkgb3RoZXJzIG9yIGZvcndhcmRp bmcgd2l0aG91dCBleHByZXNzIHBlcm1pc3Npb24gaXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gIElm IHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZA0KcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBz ZW5kZXIgaW1tZWRpYXRlbHkgYW5kIHRoZW4gZGVsZXRlIGFsbCBjb3BpZXMsIGluY2x1ZGluZyBh bnkgYXR0YWNobWVudHMuDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K --_000_DM6PR03MB473148FDCE718A19CA4BDE55A59E0DM6PR03MB4731namp_ Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: base64 PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVudD0idGV4dC9o dG1sOyBjaGFyc2V0PXV0Zi04Ij48bWV0YSBuYW1lPUdlbmVyYXRvciBjb250ZW50PSJNaWNyb3Nv ZnQgV29yZCAxNSAoZmlsdGVyZWQgbWVkaXVtKSI+PCEtLVtpZiAhbXNvXT48c3R5bGU+dlw6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0KLnNoYXBlIHtiZWhh dmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwhW2VuZGlmXS0tPjxzdHlsZT48IS0t DQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5Oldpbmdk aW5nczsNCglwYW5vc2UtMTo1IDAgMCAwIDAgMCAwIDAgMCAwO30NCkBmb250LWZhY2UNCgl7Zm9u dC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9 DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg MiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5N c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4w MDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5 OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVk LCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj b2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLk1zb0xpc3RQYXJh Z3JhcGgsIGxpLk1zb0xpc3RQYXJhZ3JhcGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1z dHlsZS1wcmlvcml0eTozNDsNCgltYXJnaW4tdG9wOjBpbjsNCgltYXJnaW4tcmlnaHQ6MGluOw0K CW1hcmdpbi1ib3R0b206MGluOw0KCW1hcmdpbi1sZWZ0Oi41aW47DQoJbWFyZ2luLWJvdHRvbTou MDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMt c2VyaWY7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXtt c28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFy Z2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVm dDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBs eTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0 O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQt c2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0K CW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3Bh Z2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21z by1saXN0LWlkOjU4OTIzNjAzNzsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10 ZW1wbGF0ZS1pZHM6LTM4MzQ2Njg3OCAyMTM0Mjk5MDEwIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4 NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1O30NCkBsaXN0 IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28t bGV2ZWwtdGV4dDolMS07DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0Oi43NWluOw0KCXRleHQtaW5kZW50Oi0u NWluO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1s b3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBw dDt9DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxl dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBs MDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6 bGV2ZWw3DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9z aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1 aW47fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxv d2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246cmlnaHQ7DQoJdGV4dC1pbmRlbnQ6LTkuMHB0O30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlk OjIxMTM1NTMxOTM7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUt aWRzOjIwNzU3ODc5ODAgNTc4MzQ2ODU4IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4 NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwxOmxldmVs MQ0KCXttc28tbGV2ZWwtc3RhcnQtYXQ6MjsNCgltc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ6LTsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQt ZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFtaWx5OkNh bGlicmk7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDQNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZl bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87 DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps ZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30N CkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv LWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJ Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVy LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6 bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4y NWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWw5DQoJe21z by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFy Z2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KLS0+PC9zdHlsZT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNw aWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBk YXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPjwvaGVhZD48Ym9k eSBsYW5nPUVOLVVTIGxpbms9Ymx1ZSB2bGluaz1wdXJwbGU+PGRpdiBjbGFzcz1Xb3JkU2VjdGlv bjE+PHAgY2xhc3M9TXNvTm9ybWFsPkkgc3VnZ2VzdCBzb21lIOKAnGJhY2t3YXJkIGNvbXBhdGli aWxpdHkgYXdhcmVuZXNz4oCdIGluIHRoaXMgZGVjaXNpb246PG86cD48L286cD48L3A+PHAgY2xh c3M9TXNvTm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD5pLSBD dXJyZW50IFJGQzgyMjQgSWRlbnRpdHkgaGVhZGVyIHN5bnRheCBhbGxvd3MgYm90aCBxdW90ZWQv dW5xdW90ZWQgdmFsdWVzIGZvciBwcHQgYXMgaXQgaXMgZGVmaW5lZCBhcyBhIOKAnHRva2Vu4oCd LjxvOnA+PC9vOnA+PC9wPjxwIGNsYXNzPU1zb05vcm1hbD5paS0gQ3VycmVudCBSRkM4MjI0IDQu MSBzZWVtcyB0byBpbXBseSB0aGF0IElkZW50aXR5IGhlYWRlciBwcHQgdmFsdWUgaXMgZXhwZWN0 ZWQgdG8gYmUgdW5xdW90ZWQgYXMgaXQgYXNrcyB0byBxdW90ZSB0aGUgcHB0IHBhcmFtZXRlciB2 YWx1ZSB3aGVuIGNvbnN0cnVjdGlvbiB0aGUgcHB0IEpTT04ga2V5LjxvOnA+PC9vOnA+PC9wPjxw IGNsYXNzPU1zb05vcm1hbD48bzpwPiZuYnNwOzwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+ Tm93LCB3ZSB3YW50IHRvIGVuZm9yY2UgdGhlIG9wcG9zaXRlLiBUaGlzIG1heSBjYXVzZSBpc3N1 ZXMgd2l0aCBleGlzdGluZyBlcXVpcG1lbnQgd2hpY2ggaXMgaW1wbGVtZW50ZWQgYWNjb3JkaW5n IHRvIGktL2lpLS4gU29tZSB3b3VsZCBiZSBsZW5pZW50LCBzb21lIHdvdWxkIGV4cGVjdCB1bnF1 b3RlZCBhbmQgc29tZSBtYXliZSB3b3VsZCBleHBlY3QgcXVvdGVkLiBJIHN1Z2dlc3QgdGhhdCBl cnJhdGEgcHJvdmlkZXMgY2xhcmlmaWNhdGlvbiB0aGF0OjxvOnA+PC9vOnA+PC9wPjx1bCBzdHls ZT0nbWFyZ2luLXRvcDowaW4nIHR5cGU9ZGlzYz48bGkgY2xhc3M9TXNvTGlzdFBhcmFncmFwaCBz dHlsZT0nbWFyZ2luLWxlZnQ6MGluO21zby1saXN0OmwxIGxldmVsMSBsZm8yJz5Cb3RoIGZvcm1z IGFyZSB2YWxpZDxvOnA+PC9vOnA+PC9saT48bGkgY2xhc3M9TXNvTGlzdFBhcmFncmFwaCBzdHls ZT0nbWFyZ2luLWxlZnQ6MGluO21zby1saXN0OmwxIGxldmVsMSBsZm8yJz5RdW90aW5nIG9mIHBw dCBKU09OIGtleSBzaG91bGQgaGFwcGVuIG9ubHkgaWYgdGhlIHBwdCBwYXJhbWV0ZXIgdmFsdWUg aXMgbm90IHF1b3RlZDxvOnA+PC9vOnA+PC9saT48L3VsPjxwIGNsYXNzPU1zb05vcm1hbD48bzpw PiZuYnNwOzwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+SXQgd291bGQgYmUgYmV0dGVyIHRv IGVuZm9yY2UgYSBzaW5nbGUgZm9ybWF0IGZyb20gZGF5IG9uZSBidXQgYWxhc+KApiBGb3Igbm93 LCBJIHRoaW5rIGVuZm9yY2luZyBsZW5pZW5jeSBpcyB0aGUgbGVhc3Qgd29yc3Qgb2YgcG9zc2li bGUgb3B0aW9ucy48bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4mbmJzcDs8 L286cD48L3A+PHAgY2xhc3M9TXNvTm9ybWFsPlRoYW5rcyw8bzpwPjwvbzpwPjwvcD48cCBjbGFz cz1Nc29Ob3JtYWw+VG9sZ2E8bzpwPjwvbzpwPjwvcD48cCBjbGFzcz1Nc29Ob3JtYWw+PG86cD4m bmJzcDs8L286cD48L3A+PGRpdj48ZGl2IHN0eWxlPSdib3JkZXI6bm9uZTtib3JkZXItdG9wOnNv bGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbic+PHAgY2xhc3M9TXNv Tm9ybWFsPjxiPkZyb206PC9iPiBzdGlyICZsdDtzdGlyLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IDxi Pk9uIEJlaGFsZiBPZiA8L2I+U3ViaXIgRGFzPGJyPjxiPlNlbnQ6PC9iPiBUaHVyc2RheSwgT2N0 b2JlciAzLCAyMDE5IDU6MDkgUE08YnI+PGI+VG86PC9iPiBDaHJpcyBXZW5kdCAmbHQ7Y2hyaXMt aWV0ZkBjaHJpc3dlbmR0Lm5ldCZndDs8YnI+PGI+Q2M6PC9iPiBQZXRlcnNvbiwgSm9uICZsdDtq b24ucGV0ZXJzb25AdGVhbS5uZXVzdGFyJmd0Ozsgc3RpckBpZXRmLm9yZzxicj48Yj5TdWJqZWN0 OjwvYj4gUmU6IFtzdGlyXSBxdW90ZWQgcHB0IHBhcmFtZXRlciB2YWx1ZSByZWR1eDxvOnA+PC9v OnA+PC9wPjwvZGl2PjwvZGl2PjxwIGNsYXNzPU1zb05vcm1hbD48bzpwPiZuYnNwOzwvbzpwPjwv cD48ZGl2IGNsYXNzPU1zb05vcm1hbCBhbGlnbj1jZW50ZXIgc3R5bGU9J3RleHQtYWxpZ246Y2Vu dGVyJz48aHIgc2l6ZT0yIHdpZHRoPSIxMDAlIiBhbGlnbj1jZW50ZXI+PC9kaXY+PHAgY2xhc3M9 TXNvTm9ybWFsPk5PVElDRTogVGhpcyBlbWFpbCB3YXMgcmVjZWl2ZWQgZnJvbSBhbiBFWFRFUk5B TCBzZW5kZXI8bzpwPjwvbzpwPjwvcD48ZGl2IGNsYXNzPU1zb05vcm1hbCBhbGlnbj1jZW50ZXIg c3R5bGU9J3RleHQtYWxpZ246Y2VudGVyJz48aHIgc2l6ZT0yIHdpZHRoPSIxMDAlIiBhbGlnbj1j ZW50ZXI+PC9kaXY+PHAgY2xhc3M9TXNvTm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjxkaXY+ PGRpdj48cCBjbGFzcz1Nc29Ob3JtYWw+SSBhbHNvIGFncmVlIHRoYXQgd2Ugc2hvdWxkIHN0aWNr IHRvIHRoYXQgZGVjaXNpb24uIDxvOnA+PC9vOnA+PC9wPjwvZGl2PjxkaXY+PHAgY2xhc3M9TXNv Tm9ybWFsPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPjwvZGl2PjxkaXY+PHAgY2xhc3M9TXNvTm9ybWFs Pi1TdWJpciA8bzpwPjwvbzpwPjwvcD48L2Rpdj48L2Rpdj48cCBjbGFzcz1Nc29Ob3JtYWw+PG86 cD4mbmJzcDs8L286cD48L3A+PGRpdj48ZGl2PjxwIGNsYXNzPU1zb05vcm1hbD5PbiBUaHUsIE9j dCAzLCAyMDE5IGF0IDQ6MjAgUE0gQ2hyaXMgV2VuZHQgJmx0OzxhIGhyZWY9Im1haWx0bzpjaHJp cy1pZXRmQGNocmlzd2VuZHQubmV0Ij5jaHJpcy1pZXRmQGNocmlzd2VuZHQubmV0PC9hPiZndDsg d3JvdGU6PG86cD48L286cD48L3A+PC9kaXY+PGJsb2NrcXVvdGUgc3R5bGU9J2JvcmRlcjpub25l O2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBw dDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluJz48cCBjbGFzcz1Nc29Ob3JtYWw+ WWVzLCBpIHRoaW5rIHdlIHNob3VsZCBzdGljayB3aXRoIHRoYXQgZGVjaXNpb24sIGlmIG90aGVy IHBhcmFtZXRlcnMgYXJlIHF1b3RlZCwgaXQgb25seSBtYWtlcyBzZW5zZSBwcHQgc2hvdWxkIGJl IGFzIHdlbGwuPGJyPjxicj5MZXTigJlzIGRvIGFuIGVycmF0YSBvbiB0aGlzLjxicj48YnI+LUNo cmlzPGJyPjxicj4mZ3Q7IE9uIE9jdCAzLCAyMDE5LCBhdCAxOjI3IFBNLCBQZXRlcnNvbiwgSm9u ICZsdDs8YSBocmVmPSJtYWlsdG86am9uLnBldGVyc29uQHRlYW0ubmV1c3RhciI+am9uLnBldGVy c29uQHRlYW0ubmV1c3RhcjwvYT4mZ3Q7IHdyb3RlOjxicj4mZ3Q7IDxicj4mZ3Q7IDxicj4mZ3Q7 IFJGQzgyMjQgc2VjdGlvbiA0LjEgZ2l2ZXMgdGhlIGZvbGxvd2luZyBndWlkYW5jZSBhYm91dCB0 aGUgc3ludGF4IGZvciBQQVNTcG9yVCBUeXBlczo8YnI+Jmd0OyA8YnI+Jmd0OyZuYnNwOyAmbmJz cDsgJm5ic3A7IEZvdXJ0aCwgaWYgYSBQQVNTcG9yVCBleHRlbnNpb24gaXMgaW4gdXNlLCB0aGVu IHRoZSBvcHRpb25hbCBKU09OPGJyPiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyBrZXkgJnF1b3Q7 cHB0JnF1b3Q7IE1VU1QgYmUgcHJlc2VudCBhbmQgaGF2ZSBhIHZhbHVlIGVxdWl2YWxlbnQgdG8g dGhlPGJyPiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyBxdW90ZWQgdmFsdWUgb2YgdGhlICZxdW90 O3BwdCZxdW90OyBwYXJhbWV0ZXIgb2YgdGhlIElkZW50aXR5IGhlYWRlciBmaWVsZC48YnI+Jmd0 OyA8YnI+Jmd0OyBEb2VzIHRoYXQgaW1wbHkgdGhhdCB0aGUgdmFsdWVzIG9mIHRoZSAmcXVvdDtw cHQmcXVvdDsgcGFyYW1ldGVyIGluIHRoZSBJZGVudGl0eSBoZWFkZXIgZmllbGQgYXJlIHF1b3Rl ZD8gSWYgc28sIHRoYXQgc2VlbXMgdG8gY3JlYXRlIGEgY29uZmxpY3Qgd2l0aCB0aGUgQUJORiBm b3IgdGhlIElkZW50aXR5IGhlYWRlciBmaWVsZCwgd2hpY2ggZ2l2ZXMgJnF1b3Q7dG9rZW4mcXVv dDsgYXMgdGhlIHR5cGUgZm9yICZxdW90O3BwdCZxdW90OyBwYXJhbWV0ZXIgdmFsdWVzLiZuYnNw OyBCYWNrIGluIElFVEYgMTAxLCBhcyB3ZSB3ZXJlIHB1c2hpbmcgYWxvbmcgdGhlIGZpcnN0IFBB U1Nwb3JUIHR5cGVzIGFzIGV4dGVuc2lvbnMgdG8gU1RJUiwgJnF1b3Q7ZGl2JnF1b3Q7IGFuZCAm cXVvdDtycGgmcXVvdDssIHdlIGhhZCBhIGRpc2N1c3Npb24gYWJvdXQgd2hldGhlciB0aGUgdmFs dWVzIG9mIHRoZSAmcXVvdDtwcHQmcXVvdDsgcGFyYW1ldGVyIG9mIHRoZSBJZGVudGl0eSBoZWFk ZXIgc2hvdWxkIGJlIHF1b3RlZCBvciB1bnF1b3RlZC4gQXMgd2Ugc2FpZCBhdCB0aGUgdGltZSwg aXQgaXNuJ3QgcmVhbGx5IGltcG9ydGFudCB3aGV0aGVyIHBwdCBwYXJhbWV0ZXIgdmFsdWVzIGFy ZSBxdW90ZWQgb3Igbm90IGZyb20gYSBkZXNpZ24gcGVyc3BlY3RpdmUsIGJ1dCBJdCBpcyBpbXBv cnRhbnQgdGhhdCB3ZSBhbGwganVzdCBhZ3JlZSBvbiBpdCBvbmUgd2F5IG9yIGFub3RoZXIuIFRo ZSBvdXRjb21lIG9mIHRoYXQgZGlzY3Vzc2lvbiB3YXMgcmVmbGVjdGVkIGluIHRoZSBtaW51dGVz IGFzOjxicj4mZ3Q7IDxicj4mZ3Q7Jm5ic3A7ICZuYnNwO0lTU1VFOiBTaG91bGQgcHB0IHZhbHVl cyBiZSBxdW90ZWQgb3Igbm90Pzxicj4mZ3Q7Jm5ic3A7ICZuYnNwO09VVENPTUU6IFF1b3Rpbmcg aXMgbWFuZGF0b3J5Ljxicj4mZ3Q7IDxicj4mZ3Q7IEJhc2VkIG9uIHRoYXQgb3V0Y29tZSwgd2Ug YmFrZWQgcXVvdGVkIHBwdHMgaW50byB0aGUgcmVzdWx0aW5nIGRvY3MgKHNlZSBSRkM4NDQzIDQu MSBmb3IgYW4gZXhhbXBsZSB3aXRoIHBwdD0mcXVvdDtycGgmcXVvdDsgcmF0aGVyIHRoYW4gcHB0 PXJwaCkuIEhvd2V2ZXIsIGFzIFNUSVIgaW1wbGVtZW50YXRpb24gcmFtcHMgdXAsIHdlIGFyZSBo ZWFyaW5nIGEgbnVtYmVyIG9mIHJlcG9ydHMgb2YgQVMncyB1c2luZyB1bnF1b3RlZCBwcHQgcGFy YW1ldGVyIHZhbHVlcywgYW5kIGl0IHNvdW5kcyBsaWtlIG1hbnkgVlMgaW1wbGVtZW50YXRpb25z IGFyZSByZXNpZ25lZCB0byBhY2NlcHRpbmcgYm90aCAtIGJ1dCB0aGF0IHNvbWUgaW1wbGVtZW50 YXRpb25zIGFyZSBvbmx5IGFjY2VwdGluZyB1bnF1b3RlZC48YnI+Jmd0OyA8YnI+Jmd0OyBXZSBo YXZlIHRoZSBvcHBvcnR1bml0eSB0byBlcnJhdGEgUkZDODIyNCB0byBzZXQgdGhpcyBtYXR0ZXIg c3RyYWlnaHQsIGJ1dCBpdCBzZWVtcyB0aGUgaW1wbGVtZW50YXRpb24gY29tbXVuaXR5IHN0aWxs IGRvZXNuJ3QgYWdyZWUgb24gd2hhdCBzaG91bGQgY291bnQgYXMgc3RyYWlnaHQuIFVucXVvdGVk IHNhdmVzIHR3byBvY3RldHMsIGJ1dCBsZXQncyBiZSBob25lc3QsIHNhdmluZyB0d28gb2N0ZXRz IG9mIGEgU1RJUiBJZGVudGl0eSBoZWFkZXIgZmllbGQgdmFsdWUsIGVzcGVjaWFsbHkgb25lIHdp dGggYSBQQVNTcG9yVCBleHRlbnNpb24sIGlzIG5vdCBnb2luZyB0byBsZXQgYW55b25lIGZhbGwg YmFjayB0byBVRFAuIFF1b3RlZCBjb25mb3JtcyB3aXRoIHdoYXQncyBpbiBSRkNzIHdlJ3ZlIGFs cmVhZHkgc2hpcHBlZCwgYW5kIG9uZXMgaW4gdGhlIHBpcGVsaW5lLiBJIGhhdGUgdG8gcmUtb3Bl biBhIGRpc2N1c3Npb24gd2UgaGFkIGFscmVhZHksIGJ1dCBpdCBkb2VzIHNlZW0gdG8gYmUgbmVj ZXNzYXJ5LiBJZiB3ZeKAmXJlIGdvaW5nIHRvIGVycmF0YSB0aGlzLCBzaG91bGQgdGhlIGZpeCBj b25mb3JtIHRvIHRoZSBJRVRGIDEwMSBjb25zZW5zdXMgY2FsbCAoJnF1b3Q7cXVvdGluZyBpcyBt YW5kYXRvcnkmcXVvdDspIG9yIG5vdD88YnI+Jmd0OyA8YnI+Jmd0OyBKb24gUGV0ZXJzb248YnI+ Jmd0OyBOZXVzdGFyLCBJbmMuPGJyPiZndDsgPGJyPiZndDsgX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX188YnI+Jmd0OyBzdGlyIG1haWxpbmcgbGlzdDxicj4m Z3Q7IDxhIGhyZWY9Im1haWx0bzpzdGlyQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c3RpckBp ZXRmLm9yZzwvYT48YnI+Jmd0OyA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu L2xpc3RpbmZvL3N0aXIiIHRhcmdldD0iX2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3N0aXI8L2E+PGJyPjxicj5fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXzxicj5zdGlyIG1haWxpbmcgbGlzdDxicj48YSBocmVmPSJtYWls dG86c3RpckBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnN0aXJAaWV0Zi5vcmc8L2E+PGJyPjxh IGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc3RpciIgdGFyZ2V0 PSJfYmxhbmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc3RpcjwvYT48 bzpwPjwvbzpwPjwvcD48L2Jsb2NrcXVvdGU+PC9kaXY+PC9kaXY+DQo8YnIgLz48YnIgLz48c3Bh biBzdHlsZT0iZm9udC1mYW1pbHk6QXJpYWw7IEZvbnQtc2l6ZTo4LjBwdCI+IDxociAvPiBOb3Rp Y2U6IFRoaXMgZS1tYWlsIHRvZ2V0aGVyIHdpdGggYW55IGF0dGFjaG1lbnRzIG1heSBjb250YWlu IGluZm9ybWF0aW9uIG9mIFJpYmJvbiBDb21tdW5pY2F0aW9ucyBJbmMuIHRoYXQgaXMgY29uZmlk ZW50aWFsIGFuZC9vciBwcm9wcmlldGFyeSBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRl ZCByZWNpcGllbnQuICBBbnkgcmV2aWV3LCBkaXNjbG9zdXJlLCByZWxpYW5jZSBvciBkaXN0cmli dXRpb24gYnkgb3RoZXJzIG9yIGZvcndhcmRpbmcgd2l0aG91dCBleHByZXNzIHBlcm1pc3Npb24g aXMgc3RyaWN0bHkgcHJvaGliaXRlZC4gIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNp cGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgdGhlbiBkZWxl dGUgYWxsIGNvcGllcywgaW5jbHVkaW5nIGFueSBhdHRhY2htZW50cy48aHIgLz4gPC9zcGFuPjwv Ym9keT48L2h0bWw+DQo= --_000_DM6PR03MB473148FDCE718A19CA4BDE55A59E0DM6PR03MB4731namp_-- From nobody Mon Oct 14 13:25:38 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0C51208BF; Mon, 14 Oct 2019 13:25:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.98 X-Spam-Level: X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IW2yR68_rp38; Mon, 14 Oct 2019 13:25:29 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07FE61208C3; Mon, 14 Oct 2019 13:25:26 -0700 (PDT) Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x9EKPNXZ041011 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 14 Oct 2019 15:25:25 -0500 (CDT) (envelope-from adam@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1571084725; bh=w/z5aS0E7G3fE/aOs18bVmOc3G07UdnY0Av21J8dQ2c=; h=To:Cc:From:Subject:Date; b=XT8Ikul8AWLSZQ1+/aA2abqzfKWGB2UyB+ol/Lmzn/H+BONFIO+abFX2POt+59t96 +iGpGHkko01IBwYc674MbJjW253Snw+7kwZc8r6nx1bDlgzS58MxmQ+BksJSp+2z6M XSJz0Vw1yAU2PxSrW9DbfJzHSFuexmBsqtsNJacM= X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local To: draft-ietf-stir-passport-divert.all@ietf.org Cc: "stir@ietf.org" From: Adam Roach Message-ID: <12e57a54-927c-a768-34ac-b1055bff88f6@nostrum.com> Date: Mon, 14 Oct 2019 15:25:18 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: [stir] AD Review: draft-ietf-stir-passport-divert X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 20:25:37 -0000 This is my AD review for draft-ietf-stir-passport-divert. Thanks to Jon and everyone else who worked on this document. The mechanism itself looks to be in very good shape, and I'm glad to see this work drawing to a conclusion.  There are a number of issues I identify below that are significant enough that I would like to see a new version of the document prior to IETF last call. --------------------------------------------------------------------------- Abstract: >  This document extends PASSporT, which is specified in RFC 8225 to >  convey cryptographically-signed information about the people involved >  in personal communications, to include an indication that a call has >  been diverted from its original destination to a new one. This sentence is a bit long and confusing. Consider splitting along the lines of:    PASSporT is specified in RFC 8225 to convey cryptographically-signed    information about the people involved in personal communications. This    document extends PASSporT to include an indication that a call has been    diverted from its original destination to a new one. --------------------------------------------------------------------------- §1: >  The address in the To header field value of SIP requests is >  not supposed to change, according to baseline [RFC3261], as it is the >  Request-URI that is supposed to be updated when a call is retargeted, >  but practically speaking many operational environments do alter the >  To header field. This is also a bit overly complex. Consider:    The address in the To header field value of SIP requests is not supposed to    change, according to baseline SIP behavior [RFC3261]; instead, the    Request-URI is supposed to be updated when a call is retargeted.    Practically speaking, however, many operational environments do alter the    To header field. --------------------------------------------------------------------------- §3: >  A "div" PASSporT claims set is populated with elements drawn from the >  PASSporT(s) received for a call by the retargeting entity: at a high >  level, the original identifier for the called party in the "dest" >  array will become the "div" claim in the new PASSporT.  If the "dest" >  array of the original PASSporT contains multiple identifiers, the >  retargeting entity MUST select only one them to occupy the "div" >  field in the new PASSporT... This is confusing, for a couple of reasons. While the language in RFC 8225 gets objects and arrays mixed up (and I need to file an errata on this), the intention is clear enough to implement. However, the preceding text is actually ambiguous due to the confusion between "array" and "object". To be clear:  - The value of "dest" is an *object*.  - That object contains name/value pairs  - The value portion of those name/value pairs is an *array* of strings. The ambiguity in the preceding text arises because it's not clear whether the intention is to select only one name/value pair and put it in the "div" field, or to select only one string from one of the arrays that constitutes the value portion of the name/value pair. For example; if the original "dest" name/value pair were:   "dest":{"tn":["12155551213","19995551234"],           "uri":["sips:joe@example.com","sips:joe@home.example"]}, Then it is not clear whether the resulting "div" field must be limited to exactly one identity:   "div":{"tn":["12155551213"]} ...or if it is to be limited to only one name/value pair from the original "dest" value:   "div":{"tn":["12155551213","19995551234"]} I suspect it's the former, but the paragraph can be read either way due to its confusion around the names of JSON things. Please reformulate the paragraph to be clearer about the intended behavior, and ideally make the example more complex -- similar to the example I give above -- so that it demonstrates the proper behavior unambiguiously. --------------------------------------------------------------------------- §3:       { "orig":{"tn":"12155551212"},         "dest":{"tn":"12155551214"},         "iat":1443208345,         "div":{"tn":["121555551213"]} } The "dest" value here isn't formatted in the way that PASSporTs format "dest". It needs to be:         "dest":{"tn":["12155551214"]}, It's not clear, given the description above, whether the "div" parameter is correct (i.e., whether it should contain an array or a string). It's worth noting that the example PASSporT gets "dest" right, and uses a string for the "dest": {"dest":{"tn":["12155551214"]},"div":{"tn":"121555551213"},  "iat":1443208345,"orig":{"tn":"12155551212"}} --------------------------------------------------------------------------- §3: >  Note that the "div" element may contain other elements than just a >  destination, including a History-Info indicator (see Section 8). Let's be precise with terminology here:    Note that the "div" object may contain other name/value pairs than just a    destination, including a History-Info indicator (see Section 8). --------------------------------------------------------------------------- §4.1: > Identity:eyJhbGciOiJFUzI1NiIsInBwdCI6ImRpdiIsInR5cCI6InBhc3Nwb3J \ > 0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20vY2VydC5wa3gifQ.eyJk \ > ZXN0Ijp7InRuIjpbIjEyMTU1NTUxMjE0Il19LCJkaXYiOnsidG4iOiIxMjE1NTU1 \ > NTEyMTMifSwiaWF0IjoxNDQzMjA4MzQ1LCJvcmlnIjp7InRuIjoiMTIxNTU1NTEy \ > MTIifX0.YZX3UGjaXsAYpYEjWAVBcQxNFOFEqIVuhVPPUv-7yhyeKRazMQLjn9cH \ >     maq0Mof2N-bfvRXPXuchtDJm8VbrbQ; \ > info=;ppt="div" This PASSporT contains an "x5u" value of "https://www.example.com/cert.pkx" while the Identity header field info parameter has a value of "https://biloxi.example.org/biloxi.cer". Per RFC 8224 section 4.1, third bullet, these values must be the same (modulo string comparison rules). --------------------------------------------------------------------------- §4.1: >  Furthermore note that a request may also be retargeted a >  second time, at which point the subsequent retargeting entity SHOULD >  generate one "div" PASSporT for each previous "div" PASSporT in the >  request.  This can create multiple chains of "div" PASSporTs in a >  single request, which complicates the procedures that need to be >  performed at verification services. Read literally, this doesn't just create multiple chains; it creates a exponential explosion of Identity header fields. Consider a request that contains two non-"div" Identity header fields that gets redirected four times.  Per the text above:  - The first redirection will create two "div" passports (one for each    non-"div" passport). The message now contains two "div" passports,    and two non-"div" passports.  - The second redirection will create two more "div" passports (one for    each existing "div" passport, per the cited text above). The message now    contains four "div" passports, and two non-"div" passports.  - The third redirection will create four more "div" passports (one for    each existing "div" passport). The message now contains eight "div"    passports, and two non-"div" passports.  - The fourth redirection will create eight more "div" passports (one for    each existing "div" passport). The message now contains 16 "div"    passports, and two non-"div" passports. While I concede that four redirections isn't all that common in normal use, the fact that a malicious user could set up a relatively small number of redirections on purpose and produce a message that increases in both size and computational complexity at an exponential rate is problematic. The assertion that what you want here is actually two parallel chains of "div" passports is almost certainly correct, but it is not what happens when the text is applied as written. --------------------------------------------------------------------------- §4.2: >  of the verification service is to extract all PASSporTs from the two >  or more Identity headers in a request, identify which are "div" Nit: "...Identity header fields..." >  header field values associated with a request, as an Identity header >  field value containing "div" necessary refers to an earlier PASSporT Nit: "...necessarily..." --------------------------------------------------------------------------- §5:     { "orig":{"tn":"12155551212"},       "dest":{"tn":["12155551214"]},       "iat":1443208345,       "div":{"tn":"121555551213"}, "opt":"4F7jsZv0mJ5bjg4Xik6Mfah3IO8K6FIsUIgvt0dE7Qm3KZr5UF_UpCrz7 \ c0_0eQi4e9FVX-WmvX3uETtlVjAtgeyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3N \ wb3J0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20vY2VydC5wa3gifQ. \ eyJkZXN0Ijp7InRuIjpbIjEyMTU1NTUxMjEzIl19LCJpYXQiOjE0NDMyMDgzNDUs \ Im9yaWciOnsidG4iOiIxMjE1NTU1MTIxMiJ9fQ.4F7jsZv0mJ5bjg4Xik6Mfah3I \ O8K6FIsUIgvt0dE7Qm3KZr5UF_UpCrz7c0_0eQi4e9FVX-WmvX3uETtlVjAtg"} } The header of the PASSporT in the "opt" value does not decode into a valid JSON object. If I remove the first 86 characters (4F7jsZv0mJ5bjg 4Xik6Mfah3IO8K6FIsUIgvt0dE7Qm3KZr5UF_UpCrz7c0_0eQi4e9FVX-WmvX3uETtlVjAtg), it does appear to be correct. (This extra prepended text appears to be a copy of the JWT signature.) Also, this JSON object appears to have an extra closing bracket at the end of the last line. --------------------------------------------------------------------------- §5: > Identity:eyJhbGciOiJFUzI1NiIsInBwdCI6ImRpdi1vIiwidHlwIjoicGFzc3Bvc \ > nQiLCJ4NXUiOiJodHRwczovL3d3dy5leGFtcGxlLmNvbS9jZXJ0LnBreCJ9.eyJkZX \ > N0Ijp7InRuIjoiMTIxNTU1NTEyMTQifSwiZGl2Ijp7InRuIjoiMTIxNTU1NTUxMjEz \ > In0sImlhdCI6MTQ0MzIwODM0NSwib3B0IjoiZXlKaGJHY2lPaUpGVXpJMU5pSXNJbl \ > I1Y0NJNkluQmhjM053YjNKMElpd2llRFYxSWpvaWFIUjBjSE02THk5M2QzY3VaWGho \ > YlhCc1pTNWpiMjB2WTJWeWRDNXdhM2dpZlEuZXlKa1pYTjBJanA3SW5SdUlqcGJJak \ > V5TVRVMU5UVXhNakV6SWwxOUxDSnBZWFFpT2pFME5ETXlNRGd6TkRVc0ltOXlhV2Np \ > T25zaWRHNGlPaUl4TWpFMU5UVTFNVEl4TWlKOWZRLjRGN2pzWnYwbUo1YmpnNFhpaz \ > ZNZmFoM0lPOEs2RklzVUlndnQwZEU3UW0zS1pyNVVGX1VwQ3J6N2MwXzBlUWk0ZTlG \ > VlgtV212WDN1RVR0bFZqQXRnIiwib3JpZyI6eyJ0biI6IjEyMTU1NTUxMjEyIn19.M \ > CYorw_3FaH78VuERURlJp1hD6qh2eIct4RIebVtYp3es9HTsvCz1qXRWq3j0E9Pb2h \ >   YrMUXSQbBYQSviW5cCA; \ > info=;ppt="div-o" There are two issues with this example. The "info" parameter does not match the "x5u" value in the PASSporT header. The body of the (outer) PASSporT decodes to: {    "dest":{ "tn":"12155551214" },    "div":{ "tn":"121555551213" },    "iat":1443208345, "opt":"eyJhbGciOiJFUzI1NiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20vY2VydC5wa3gifQ.eyJkZXN0Ijp7InRuIjpbIjEyMTU1NTUxMjEzIl19LCJpYXQiOjE0NDMyMDgzNDUsIm9yaWciOnsidG4iOiIxMjE1NTU1MTIxMiJ9fQ.4F7jsZv0mJ5bjg4Xik6Mfah3IO8K6FIsUIgvt0dE7Qm3KZr5UF_UpCrz7c0_0eQi4e9FVX-WmvX3uETtlVjAtg",    "orig":{ "tn":"12155551212" } } The "dest" value "tn" value is (incorrectly) a string instead of an array containing a string. --------------------------------------------------------------------------- §7: >  document consequently updates [RFC8224] to permit carrying Identity >  headers in SIP 300-class responses.  It is left to the originating Nit: "...Identity header fields..." >  user agent to determine which Identity headers should be copied from Nit: "...Identity header fields..." >  the 3xx into any new requests resulting from the redirection, if any: >  use of these Identity headers by entities receiving a 3xx response is Nit: "...Identity header fields..." --------------------------------------------------------------------------- §11: >  to the called party, many times the called party should likely be >  entitled to information about why they receiving these calls. Nit: "...why they are receiving..." From nobody Wed Oct 23 13:14:00 2019 Return-Path: X-Original-To: stir@ietfa.amsl.com Delivered-To: stir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B864812012D for ; Wed, 23 Oct 2019 13:13:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4m9z4hOg99U for ; Wed, 23 Oct 2019 13:13:57 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280CF120129 for ; Wed, 23 Oct 2019 13:13:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id AA1E1300B13 for ; Wed, 23 Oct 2019 16:13:55 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2EbVwI0zZZ0o for ; Wed, 23 Oct 2019 16:13:54 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id DDEFB3002AD for ; Wed, 23 Oct 2019 16:13:54 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Message-Id: <1E77CAB8-AA88-43DE-B973-39F59B537FE0@vigilsec.com> Date: Wed, 23 Oct 2019 16:13:55 -0400 To: IETF STIR Mail List X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: [stir] STIR Agenda at IETF 106 X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 20:13:59 -0000 Here is the draft agenda for IETF 106. Please review and comment. Russ = = = = = = = = = STIR WG Agenda for IETF 106 in Singapore 0) Minute Taker, Jabber Scribe, Bluesheets 1) Agenda Bash 2) Active Working Group Documents -- draft-ietf-stir-cert-delegation (Jon) -- draft-ietf-stir-passport-rcd (Chris) 3) Updates on post-WG LC documents -- draft-ietf-stir-oob (EKR and Jon) -- draft-ietf-stir-passport-divert (Jon) 4) Any Other Business (if time allows) 5) Wrap Up From nobody Fri Oct 25 14:18:56 2019 Return-Path: X-Original-To: stir@ietf.org Delivered-To: stir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 160C6120A9C; Fri, 25 Oct 2019 14:12:16 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: stir@ietf.org, adam@nostrum.com X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <157203793608.2724.1308612246915634457.idtracker@ietfa.amsl.com> Date: Fri, 25 Oct 2019 14:12:16 -0700 Archived-At: Subject: [stir] stir - Requested session has been scheduled for IETF 106 X-BeenThere: stir@ietf.org X-Mailman-Version: 2.1.29 List-Id: Secure Telephone Identity Revisited List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 21:13:13 -0000 Dear Robert Sparks, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. stir Session 1 (1:30 requested) Monday, 18 November 2019, Afternoon Session I 1330-1530 Room Name: Hullet size: 100 --------------------------------------------- iCalendar: https://datatracker.ietf.org/meeting/106/sessions/stir.ics Request Information: --------------------------------------------------------- Working Group Name: Secure Telephone Identity Revisited Area Name: Applications and Real-Time Area Session Requester: Robert Sparks Number of Sessions: 1 Length of Session(s): 1.5 Hours Number of Attendees: 60 Conflicts to Avoid: Chair Conflict: ipwave lamps suit Technology Overlap: sipcore modern ecrit Key Participant Conflict: dispatch secdispatch saag sipbrandy tls mls teep oauth acme perc cfrg mmusic avtcore People who must be present: Russ Housley Sean Turner Adam Roach Robert Sparks Jon Peterson Chris Wendt Resources Requested: Special Requests: ---------------------------------------------------------