From nobody Mon Sep 2 03:33:35 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD2D120073 for ; Mon, 2 Sep 2019 03:33:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00jKsQVoMJEQ for ; Mon, 2 Sep 2019 03:33:31 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80089.outbound.protection.outlook.com [40.107.8.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6981A12006B for ; Mon, 2 Sep 2019 03:33:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nHY+RNpQDhgSiqSwv5zSQjOfdT2oBVaMG5LnUMXlb+Z9TBC7pmXY9r1QASlLDhHMNuJGZoJm6s1SLvxKkVU2hLxhMMygvgWarhyWJQKLCQSeQoWJt0X5UbcIWWInLvu5xHtY0Mx4S0Ivk3xZa90wxtJ1BIDa5p8WWtrALikE/aKsTSwE1cVqu4wt/uCtugADm9tW0OEDxhGCuUUe8Anjd95rqgD3Sg3WS+CQINrSeY62ZAsdr90MZQvwNqZZdp81ulcyadtGO3mlA2TRrJX4kYh1fXXCdcMm9DlGf82oKasIjHn3F86V1nT+IFVbkFZsvM4eTXBdd7hX2XSeCinqUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jSlCPs3LMWD98ZAG/NH+v4x6ETZ58uLo65Q6d2DU3s0=; b=gcEl/MmJHcW+ipqzXT63Pw9P5CqNSvK4rU199XVf2O2qQc0zgQyXPpjC1S4n+egrRG8UjShGa+nKr3AmKAd6ZpyKgMsDliJ4jCh06775ok+Gne971jnOnt1HxKc3JhtVR4N/9owJJduxmOiXt2+sPwEEPGcmZmcuVyFZvs5T5FjQRv3bFBvQoZtSiXj7qhznE6SD5y1WPGIwNva7uCYUh3qmA8kLVx6YNsCWDPRpMMFOyTYg5HBjrDoPMaOCGrdZGYUcBo8s80tReSUWqmJcx38Dc42gXF0kOy6GCxaziNuvnd8Vm8cbNfLGz8HYRJJnf1uAaR4qzwrKnuhyxeClvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jSlCPs3LMWD98ZAG/NH+v4x6ETZ58uLo65Q6d2DU3s0=; b=VEAbsSfm5SmrNTxxpNTVqL3vZgVDEAXu8kD4r0IJUtsJkOOfaOsPinqIMCU/qKZDvL3ReqI2q0smdLKSJaZ1LHNupWsrV+lG+JIWpdKUXJDCamkDsjCTpiIEfrzSaeVoOQBc5WE6mWKxl490tYPFpl1AdVPA29CrsSRZEzyYG74= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB3034.eurprd07.prod.outlook.com (10.168.93.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.12; Mon, 2 Sep 2019 10:33:28 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2241.012; Mon, 2 Sep 2019 10:33:28 +0000 From: Mohit Sethi M To: Michael Richardson , "emu@ietf.org" Thread-Topic: [Emu] Re-charter text Thread-Index: AQHVV/hd5AP1y7w6BUWxMRLUThUF0w== Date: Mon, 2 Sep 2019 10:33:28 +0000 Message-ID: <03e9635b-7cc5-2b6b-e39a-88b2f0309922@ericsson.com> References: <22375.1566503193@dooku.sandelman.ca> In-Reply-To: <22375.1566503193@dooku.sandelman.ca> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [2001:14bb:180:4df:de17:5607:1db3:ef62] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4ebb7a99-c8dc-430a-4d85-08d72f90fe22 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB3034; x-ms-traffictypediagnostic: HE1PR0701MB3034: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01480965DA x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(366004)(396003)(39860400002)(346002)(199004)(189003)(6116002)(5660300002)(14454004)(46003)(606006)(2616005)(476003)(486006)(36756003)(6506007)(53546011)(446003)(11346002)(186003)(102836004)(76176011)(86362001)(6246003)(31686004)(478600001)(31696002)(25786009)(966005)(65806001)(65956001)(7736002)(229853002)(71190400001)(110136005)(58126008)(2906002)(6512007)(54896002)(6306002)(6436002)(2501003)(8936002)(316002)(81166006)(81156014)(8676002)(53936002)(236005)(64756008)(66476007)(66446008)(66946007)(76116006)(66556008)(256004)(14444005)(99286004)(6486002)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB3034; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: CyCXNE7sXdsDJmGW4eJ1PI0oH5xuTaOUclhY6z+QleLtP54HLCweBklSDDbzBuYocJsS/x9aCLZqgMcYVTM61x6zpaiQsB1InYWukvp0pktKVcIf6pTDo/pGRQ91RzNmW9pleuL9nr+GwVWZVYJH2n4QFCvSlzDHgYzJkuLHGuayn0xvJgLexMkPGrUExKyuyfzYwqhY4oayErYASehIC2dPfIG+FTKQ0gWVkIXbhn0OFMrd7mFpRVHnoKeNGPMdKn9XqfxhFFTqJ5XutHz2fss2LYyOYlemIZjY4yKWWMiC7kEY2D9MNK63U719/erH8Au/WPFfYznJrK7+XmSpd0grQX61GSCffNOAIRq3T90dV8ZzRx/rLkP2cNvkimKd9YBQ2g+ILwsnuCrMkq7CveC5UHgdwzifECAPAi/1JKU= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_03e9635b7cc52b6be39a88b2f0309922ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4ebb7a99-c8dc-430a-4d85-08d72f90fe22 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2019 10:33:28.0921 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wr9nADjNvqR6RCryAO9G3cBkhm5u15bqUICZdqfEBR+GE+Tt2XJpjqcBQFfeu4IE6jg+lSyfauD/qYSJxdyJgETDzsRSG8hcU95jLMLKmH0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3034 Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Sep 2019 10:33:34 -0000 --_000_03e9635b7cc52b6be39a88b2f0309922ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgTWljaGFlbCwNCg0KT24gOC8yMi8xOSAxMDo0NiBQTSwgTWljaGFlbCBSaWNoYXJkc29uIHdy b3RlOg0KDQoNCk1vaGl0IFNldGhpIE0gPG1vaGl0Lm0uc2V0aGlAZXJpY3Nzb24uY29tPjxtYWls dG86bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20+IHdyb3RlOg0KICAgID4gQXQgdGhlIHNhbWUg dGltZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAgaGF2ZSBiZWVuIGlkZW50aWZpZWQuIEVB UA0KICAgID4gaXMgbm93IG1vcmUgYnJvYWRseSBpbiBtb2JpbGUgbmV0d29yayBhdXRoZW50aWNh dGlvbi4gVGhlIGdyb3VwIHdpbGwNCiAgICA+IHVwZGF0ZSBleGlzdGluZyBFQVAgbWV0aG9kcyBz dWNoIGFzIEVBUC1BS0EnIHRvIHN0YXkgaW4gc3luYyB3aXRoDQoNCi4uLi4NCg0KICAgID4gT3V0 LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEgc2VwYXJhdGUgY29tbXVuaWNhdGlvbiBjaGFubmVs DQogICAgPiBpbmRlcGVuZGVudCBvZiB0aGUgcHJpbWFyeSBpbi1iYW5kIGNoYW5uZWwgb3ZlciB3 aGljaCB0aGUgYWN0dWFsDQoNCiAgICA+IEVBUCBhdXRoZW50aWNhdGlvbiBpcyBiYXNlZCBvbiBj cmVkZW50aWFscyBhdmFpbGFibGUgb24gdGhlIHBlZXIgYW5kDQogICAgPiB0aGUgc2VydmVyLiBI b3dldmVyLCBzb21lIEVBUCBtZXRob2RzIHVzZSBjcmVkZW50aWFscyB0aGF0IGFyZSB0aW1lIG9y DQogICAgPiBkb21haW4gbGltaXRlZCAoc3VjaCBhcyBFQVAtUE9UUCksIGFuZCB0aGVyZSBtYXkg YmUgYSBuZWVkIGZvciBjcmVhdGluZw0KDQpJIGZlZWwgdGhhdCB0aGUgY2hhcnRlciBpcyB0b28g bGltaXRpbmcgaWYgaXQgbmFtZXMgc3BlY2lmaWMgZHJhZnRzIGxpa2UNCnRoaXMuICBJbiBlZmZl Y3QsIHRoZSBjaGFydGVyIGlzIG1hbmRhdGluZyBhZG9wdGlvbiBvZiBzcGVjaWZpYyBkb2N1bWVu dHMuDQoNCklmIHlvdSBhZ3JlZSwgSSB3aWxsIHN1Z2dlc3Qgc29tZSBhbHRlcm5hdGUgdGV4dC4N Cg0KVGhlIHRleHQgc3BlY2lmaWNhbGx5IHNheXMgJ3N1Y2ggYXMnLiBJIGludGVycHJldCBpdCBh cyBhbiBleGFtcGxlIGFuZCBub3QgYXMgYSBsaW1pdGF0aW9uLiBJIGNhbiByZW1vdmUgdGhlIHJl ZmVyZW5jZSB0byBFQVAtUE9UUCBpZiB5b3UgdGhpbmsgdGhhdCBpcyBiZXR0ZXI/IEFuZCBwbGVh c2UgZmVlbCBmcmVlIHRvIHN1Z2dlc3Qgc29tZSBhbHRlcm5hdGl2ZSB0ZXh0Lg0KDQoNCg0KICAg ID4gSW4gc3VtbWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwgcHJvZHVjZSB0aGUgZm9sbG93 aW5nIGRvY3VtZW50czoNCg0KVGhlc2UgcmVhZCBsaWtlIG1pbGVzdG9uZXMgcmF0aGVyIHRoYW4g YXJlYXMgb2YgZm9jdXMuDQoNCkkgYW0gZm9sbG93aW5nIHRoZSBwcmVjZWRlbnQgZnJvbSBvdXIg Y3VycmVudCBjaGFydGVyOiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL3dnL2VtdS9jaGFy dGVyLy4gSSB0aGluayBpdCBwcm92aWRlcyB0aGUgSUVTRyBhbmQgdGhlIElFVEYgY29tbXVuaXR5 IHdpdGggYSBnb29kIGlkZWEgb2YgdGhlIGJyb2FkIGl0ZW1zIHRoYXQgd2Ugd291bGQgYmUgd29y a2luZyBvbi4gTm90ZSB0aGF0IGl0IHNheXMgZG9jdW1lbnRzIGluIHBsdXJhbC4gU28gYSBidWxs ZXQgbWF5IGNvcnJlc3BvbmQgdG8gc2V2ZXJhbCBkcmFmdHMuIEZvciBleGFtcGxlLCB0aGUgc2Vj b25kIGJ1bGxldCBpcyBlbmNvbXBhc3Npbmcgc2V2ZXJhbCB3b3JrIGl0ZW1zIHN1Y2ggYXMgZGVm aW5pbmcgdGhlIHVzZSBvZiBUTFMgMS4zIHdpdGggRUFQLVRUTFMgYW5kIEVBUC1QRUFQIGFzIHdl bGwgYXMgZml4aW5nIHRoZSBlcnJhdGEgcmVwb3J0ZWQgb24gRUFQLVRFQVAuDQoNCi0tTW9oaXQN Cg0KDQoNCg0KDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18NCkVtdSBtYWlsaW5nIGxpc3QNCkVtdUBpZXRmLm9yZzxtYWlsdG86RW11QGlldGYub3Jn Pg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUNCg0K --_000_03e9635b7cc52b6be39a88b2f0309922ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <3F2BD1F54FD23945B91E2CEE69E6A9EC@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZG RkYiIHRleHQ9IiMwMDAwMDAiPg0KPHA+SGkgTWljaGFlbCw8YnI+DQo8L3A+DQo8ZGl2IGNsYXNz PSJtb3otY2l0ZS1wcmVmaXgiPk9uIDgvMjIvMTkgMTA6NDYgUE0sIE1pY2hhZWwgUmljaGFyZHNv biB3cm90ZTo8YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1pZDoy MjM3NS4xNTY2NTAzMTkzQGRvb2t1LnNhbmRlbG1hbi5jYSI+DQo8cHJlIGNsYXNzPSJtb3otcXVv dGUtcHJlIiB3cmFwPSIiPg0KTW9oaXQgU2V0aGkgTSA8YSBjbGFzcz0ibW96LXR4dC1saW5rLXJm YzIzOTZFIiBocmVmPSJtYWlsdG86bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20iPiZsdDttb2hp dC5tLnNldGhpQGVyaWNzc29uLmNvbSZndDs8L2E+IHdyb3RlOg0KICAgICZndDsgQXQgdGhlIHNh bWUgdGltZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAgaGF2ZSBiZWVuIGlkZW50aWZpZWQu IEVBUA0KICAgICZndDsgaXMgbm93IG1vcmUgYnJvYWRseSBpbiBtb2JpbGUgbmV0d29yayBhdXRo ZW50aWNhdGlvbi4gVGhlIGdyb3VwIHdpbGwNCiAgICAmZ3Q7IHVwZGF0ZSBleGlzdGluZyBFQVAg bWV0aG9kcyBzdWNoIGFzIEVBUC1BS0EnIHRvIHN0YXkgaW4gc3luYyB3aXRoDQoNCi4uLi4NCg0K ICAgICZndDsgT3V0LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEgc2VwYXJhdGUgY29tbXVuaWNh dGlvbiBjaGFubmVsDQogICAgJmd0OyBpbmRlcGVuZGVudCBvZiB0aGUgcHJpbWFyeSBpbi1iYW5k IGNoYW5uZWwgb3ZlciB3aGljaCB0aGUgYWN0dWFsDQoNCiAgICAmZ3Q7IEVBUCBhdXRoZW50aWNh dGlvbiBpcyBiYXNlZCBvbiBjcmVkZW50aWFscyBhdmFpbGFibGUgb24gdGhlIHBlZXIgYW5kDQog ICAgJmd0OyB0aGUgc2VydmVyLiBIb3dldmVyLCBzb21lIEVBUCBtZXRob2RzIHVzZSBjcmVkZW50 aWFscyB0aGF0IGFyZSB0aW1lIG9yDQogICAgJmd0OyBkb21haW4gbGltaXRlZCAoc3VjaCBhcyBF QVAtUE9UUCksIGFuZCB0aGVyZSBtYXkgYmUgYSBuZWVkIGZvciBjcmVhdGluZw0KICAgIA0KSSBm ZWVsIHRoYXQgdGhlIGNoYXJ0ZXIgaXMgdG9vIGxpbWl0aW5nIGlmIGl0IG5hbWVzIHNwZWNpZmlj IGRyYWZ0cyBsaWtlDQp0aGlzLiAgSW4gZWZmZWN0LCB0aGUgY2hhcnRlciBpcyBtYW5kYXRpbmcg YWRvcHRpb24gb2Ygc3BlY2lmaWMgZG9jdW1lbnRzLg0KDQpJZiB5b3UgYWdyZWUsIEkgd2lsbCBz dWdnZXN0IHNvbWUgYWx0ZXJuYXRlIHRleHQuPC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQpUaGUgdGV4 dCBzcGVjaWZpY2FsbHkgc2F5cyAnc3VjaCBhcycuIEkgaW50ZXJwcmV0IGl0IGFzIGFuIGV4YW1w bGUgYW5kIG5vdCBhcyBhIGxpbWl0YXRpb24uIEkgY2FuIHJlbW92ZSB0aGUgcmVmZXJlbmNlIHRv IEVBUC1QT1RQIGlmIHlvdSB0aGluayB0aGF0IGlzIGJldHRlcj8gQW5kIHBsZWFzZSBmZWVsIGZy ZWUgdG8gc3VnZ2VzdCBzb21lIGFsdGVybmF0aXZlIHRleHQuDQo8YnI+DQo8YmxvY2txdW90ZSB0 eXBlPSJjaXRlIiBjaXRlPSJtaWQ6MjIzNzUuMTU2NjUwMzE5M0Bkb29rdS5zYW5kZWxtYW4uY2Ei Pg0KPHByZSBjbGFzcz0ibW96LXF1b3RlLXByZSIgd3JhcD0iIj4NCg0KICAgICZndDsgSW4gc3Vt bWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwgcHJvZHVjZSB0aGUgZm9sbG93aW5nIGRvY3Vt ZW50czoNCg0KVGhlc2UgcmVhZCBsaWtlIG1pbGVzdG9uZXMgcmF0aGVyIHRoYW4gYXJlYXMgb2Yg Zm9jdXMuPC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cD5JIGFtIGZvbGxvd2luZyB0aGUgcHJlY2Vk ZW50IGZyb20gb3VyIGN1cnJlbnQgY2hhcnRlcjogPGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBo cmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL3dnL2VtdS9jaGFydGVyLyI+DQpodHRw czovL2RhdGF0cmFja2VyLmlldGYub3JnL3dnL2VtdS9jaGFydGVyLzwvYT4uIEkgdGhpbmsgaXQg cHJvdmlkZXMgdGhlIElFU0cgYW5kIHRoZSBJRVRGIGNvbW11bml0eSB3aXRoIGEgZ29vZCBpZGVh IG9mIHRoZSBicm9hZCBpdGVtcyB0aGF0IHdlIHdvdWxkIGJlIHdvcmtpbmcgb24uIE5vdGUgdGhh dCBpdCBzYXlzIGRvY3VtZW50PGI+czwvYj4gaW4gcGx1cmFsLiBTbyBhIGJ1bGxldCBtYXkgY29y cmVzcG9uZCB0byBzZXZlcmFsIGRyYWZ0cy4NCiBGb3IgZXhhbXBsZSwgdGhlIHNlY29uZCBidWxs ZXQgaXMgZW5jb21wYXNzaW5nIHNldmVyYWwgd29yayBpdGVtcyBzdWNoIGFzIGRlZmluaW5nIHRo ZSB1c2Ugb2YgVExTIDEuMyB3aXRoIEVBUC1UVExTIGFuZCBFQVAtUEVBUCBhcyB3ZWxsIGFzIGZp eGluZyB0aGUgZXJyYXRhIHJlcG9ydGVkIG9uIEVBUC1URUFQLg0KPGJyPg0KPC9wPg0KPHA+LS1N b2hpdDxicj4NCjwvcD4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1pZDoyMjM3NS4x NTY2NTAzMTkzQGRvb2t1LnNhbmRlbG1hbi5jYSI+DQo8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJl IiB3cmFwPSIiPg0KDQo8L3ByZT4NCjxicj4NCjxmaWVsZHNldCBjbGFzcz0ibWltZUF0dGFjaG1l bnRIZWFkZXIiPjwvZmllbGRzZXQ+DQo8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIi Pl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpFbXUgbWFp bGluZyBsaXN0DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWls dG86RW11QGlldGYub3JnIj5FbXVAaWV0Zi5vcmc8L2E+DQo8YSBjbGFzcz0ibW96LXR4dC1saW5r LWZyZWV0ZXh0IiBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Vt dSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXU8L2E+DQo8L3ByZT4N CjwvYmxvY2txdW90ZT4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_03e9635b7cc52b6be39a88b2f0309922ericssoncom_-- From nobody Mon Sep 2 03:35:29 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 675D2120073 for ; Mon, 2 Sep 2019 03:35:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PwQMF0kwszUk for ; Mon, 2 Sep 2019 03:35:25 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0612.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::612]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 802EC12006B for ; Mon, 2 Sep 2019 03:35:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dIxiRDXHEARpa6QRqq19GoU8VP/X/TzAgqfSIj4BOhNnPOtu5K+oXVUA5oxmUWHtyYbXvmjIVQqOx8117KG2KfNSjc/xlBIzz4AppflgejD/Hm8CCtavJXjIt7aDjERots9ahBHmuxvqAhgirbwPXZZhsA5UB2fJamRyGBvtXefnL01hQPo1AAwqP/HdAZvB8rnNwqknCIxRjwulwDJxg5f7oYX1vEm00mGtDKN+HGGAeT6IqTUqXybIjDIVHPPO50Zy/Ag8Fhe/AaZB6WruTMfifhJSn/Qo04C4Y3ODc437hKs8Za2dX6wZJChoQD0PmNSQGwQsuDUc3NRM51QZ/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ddBSoXoOTKHz/kaghciBVg7cHcEawRNX6BFc+C6Ku4I=; b=fmbvWZVAY6I2eJAVD+xPFeeY3ByTqfhHeNmeJfmwHl6ydya+DryeVgukgQmzrUFKecvHq4ZQeCbqkkwTNtPSINUU9FL0mi6xUBfbUodfwCRwLjIbLF5uEdXzZiqGMZJk+eMz94xypqoJzscmj3mGD13cjg21uM/Eyn8LmucYziuqkXMmKJXVBx64MyP9blmg8tIjcXxMoN8b+cp88pF6MN1eYPL1+IPO3TWaX1BlTb5f8GSw903ur+pOZR2pBqud2WmsKrhDgNvQwpLwh+yxOdXGsqdSlekyKxN74JQfJcRPmwnyuSmwVvHS4DuCDr9x3Si0oLbxrgXPVUdEO4jvyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ddBSoXoOTKHz/kaghciBVg7cHcEawRNX6BFc+C6Ku4I=; b=ZTRfDWDB6q6LikMgDUB9a+zYnlq8T+ukDn6vpTa3J02l6pLalc+0AwA9Jwjx66IznsvH/ul4wAqOrqfwZridN/nQMeXi3nroEQCpzB7drPeIA1l8ADrG5SK8HpQGozFZT5h5NtyZBgN/6GAUynOpt2aqsT0SDtmqd33x0d0E4mU= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB3034.eurprd07.prod.outlook.com (10.168.93.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.12; Mon, 2 Sep 2019 10:35:21 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2241.012; Mon, 2 Sep 2019 10:35:21 +0000 From: Mohit Sethi M To: Rene Struik , Mohit Sethi M CC: "emu@ietf.org" Thread-Topic: [Emu] Re-charter text Thread-Index: AQHVV/hd5AP1y7w6BUWxMRLUThUF06cNlQIAgAqvS4A= Date: Mon, 2 Sep 2019 10:35:21 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [2001:14bb:180:4df:de17:5607:1db3:ef62] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 958d81f7-14a8-4657-bc09-08d72f9141e1 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB3034; x-ms-traffictypediagnostic: HE1PR0701MB3034:|HE1PR0701MB3034: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01480965DA x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(366004)(396003)(39860400002)(346002)(199004)(189003)(6116002)(5660300002)(14454004)(46003)(606006)(2616005)(476003)(486006)(36756003)(6506007)(53546011)(446003)(11346002)(186003)(102836004)(76176011)(86362001)(6246003)(31686004)(478600001)(31696002)(4326008)(25786009)(966005)(65806001)(65956001)(7736002)(229853002)(71190400001)(110136005)(58126008)(2906002)(6512007)(54896002)(6306002)(6436002)(8936002)(316002)(81166006)(81156014)(8676002)(53936002)(236005)(64756008)(66476007)(66446008)(66946007)(76116006)(66556008)(256004)(14444005)(99286004)(6486002)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB3034; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Li54kYoRUdJz1+uEc+OvpTx+w5Ef34aeMMiZsbdtVdNAkCOqq3EgixF14vQl2e18DWt/muM367WMGbp4yVGjT6Z0XQ2QH87mIapppFtVAgKsB6RmZ4f5fqE8syUrsTxv62q07+alQeJ6lbxtUsa5db2DEd6nBjW5w41ntumKYE+8DhzGK/FOD8uq42cbjm0gTMxvvRnqIOtlZZk2vPkIgxNjazLQcMaXtkbwoi0FG3h200gewrRH0NXFufCHkyVf0lPDWS1qv4+Myu76mDHL03NJS3RxiV8eJs2AHJIJsMtWAW/klVne9qtyYJ1GpSpw/NQqXjqC1sx2gulr2+CHCXuemWTqnu+qoh2l08grCTFqIZnsDeF/b+J540VyVDUXPcJzfRi/bklkms8kNvrDpLr/fomk+GrenVPGJVneAyw= Content-Type: multipart/alternative; boundary="_000_e58bc3b02ab140ed82371b5249172d94ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 958d81f7-14a8-4657-bc09-08d72f9141e1 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2019 10:35:21.6491 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JdpnpbO2Pt9Pj2Dso61xE2omi3CPaiOWQrf8eNUuMQDFvzSzlfRN9EDDmDjKM/aElq9HZ1/51dTEW6IC236Z/rHMS6IJf8aeBUDMPGBwEJA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3034 Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Sep 2019 10:35:28 -0000 --_000_e58bc3b02ab140ed82371b5249172d94ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgUmVuZSwNCg0KVGhhbmsgeW91IGZvciB0aGUgc3VnZ2VzdGlvbi4gSXQgbWFrZXMgc2Vuc2Uu IEkgd2lsbCB1cGRhdGUgdGhlIHRleHQgYWNjb3JkaW5nbHkuDQoNCi0tTW9oaXQNCg0KT24gOC8y Ni8xOSA2OjI1IFBNLCBSZW5lIFN0cnVpayB3cm90ZToNCg0KSGkgTW9oaXQ6DQoNCkkgcmVhZCB0 aGUgcHJvcG9zZWQgcmVjaGFydGVyIHRleHQgYW5kIHN1Z2dlc3QgYSB0aW55IGNoYW5nZSBpbiB0 aGUgZGFzaGVkIHdvcmsgaXRlbSBiZWxvdzogY2hhbmdlICJzaGFsbCIgdG8gInNob3VsZCIuIFdp dGggInNoYWxsIiBsYW5ndWFnZSwgdGhlIG91dC1vZi1iYW5kIGNoYXJhY3RlcmlzdGljcyBvZiB0 aGUgbW9zdCBzdHJpbmdlbnQgc3VjaCBjaGFubmVsIGltcG9zZXMgdGhlIGRlc2lnbiBjb25zdHJh aW50cywgd2hpY2ggaXMgbm90IHRoZSBjYXNlIHdpdGggInNob3VsZCIgbGFuZ3VhZ2UuIEhlcmUs IG9uZSBzaG91bGQgbm90ZSB0aGF0IGNlcnRhaW4gT09CIGNoYW5uZWxzIGZvciBzZW5zb3IgZGV2 aWNlcyBtYXkgbm90IGhhdmUgc3VmZmljaWVudCBiYW5kd2lkdGggZm9yIGNvbnZleWluZywgZS5n LiwgYSByZXByZXNlbnRhdGlvbiBvZiBhIHB1YmxpYyBrZXkgKGlmIHRoYXQgaXMgb25lIG9mIHRo ZSBpbnRlbmRlZCBtZXRob2RzIG9uZSB3aXNoZXMgdG8gdXNlKSwgd2hlcmVhcyB0aGlzIHdvdWxk IGJlIGVhc3kgZm9yIGRldmljZXMgd2l0aCBjYW1lcmEgb24tYm9hcmQuIElmIHRoZSBpbnRlbnRp b24gaXMgdG8gaGF2ZSBhIG1ldGhvZCB0aGF0IGlzIHRydWx5IGluZGVwZW5kZW50IG9mIHRoZSBP T0IgY2hhbm5lbCBhbmQgd2FudHMgdGhlIGNoYXJ0ZXIgdGV4dCB0byBuYWlsIHRoaXMsIHRoYXQg aXMgZmluZSwgYnV0IG9uZSBoYXMgdG8gYmUgd2FyZSB0aGF0IHRoaXMgbWF5IGxpbWl0IGFwcGxp Y2FiaWxpdHkgaW4gc29tZSB1c2UgY2FzZXM7IG90aGVyd2lzZSwgc2ltcGx5IG1ha2luZyB0aGlz IGEgInNob3VsZCIgbGVhdmVzIHNvbWUgd2lnZ2xlIHJvb20uIFRoZXJlIG1heSBiZSBvdGhlciBj YXNlcywgd2hlcmUgY2hhcmFjdGVyaXN0aWNzIG9mIE9PQiBjaGFubmVsIG1heSBpbXBhY3QgZGVz aWduIHNwYWNlIGFuZCB3aGVyZSBzb21lIHdpZ2dsZSByb29tIGluIHRoZSBjaGFydGVyIG1heSBu b3QgaHVydC4NCg0KU3VnZ2VzdGVkIG1vZGlmaWNhdGlvbiAoY2hhbmdlIHVuZGVybGluZWQpOg0K DQotIERlZmluZSBhIHN0YW5kYXJkIEVBUCBtZXRob2QgZm9yIG11dHVhbCBhdXRoZW50aWNhdGlv biBiZXR3ZWVuIGEgcGVlciBhbmQgYSBzZXJ2ZXIgdGhhdCBpcyBiYXNlZCBvbiBhbiBvdXQtb2Yt YmFuZCBjaGFubmVsLiBUaGUgbWV0aG9kIGl0c2VsZiBzaG91bGQgYmUgaW5kZXBlbmRlbnQgb2Yg dGhlIHVuZGVybHlpbmcgT09CIGNoYW5uZWwgYW5kIHNoYWxsIHN1cHBvcnQgYSB2YXJpZXR5IG9m IE9PQiBjaGFubmVscyBzdWNoIGFzIE5GQywgZHluYW1pY2FsbHkgZ2VuZXJhdGVkIFFSIGNvZGVz LCBhdWRpbywgYW5kIHZpc2libGUgbGlnaHQuDQoNCkJlc3QgcmVnYXJkcywgUmVuZQ0KDQotLS0t LS0tLSBGb3J3YXJkZWQgTWVzc2FnZSAtLS0tLS0tLQ0KU3ViamVjdDogICAgICAgIFtFbXVdIFJl LWNoYXJ0ZXIgdGV4dA0KRGF0ZTogICBXZWQsIDIxIEF1ZyAyMDE5IDA4OjEzOjUxICswMDAwDQpG cm9tOiAgIE1vaGl0IFNldGhpIE0gPG1vaGl0Lm0uc2V0aGlAZXJpY3Nzb24uY29tPjxtYWlsdG86 bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20+DQpUbzogICAgIGVtdUBpZXRmLm9yZzxtYWlsdG86 ZW11QGlldGYub3JnPiA8ZW11QGlldGYub3JnPjxtYWlsdG86ZW11QGlldGYub3JnPg0KDQoNCg0K RGVhciBhbGwsDQoNClRoYW5rIHlvdSBmb3IgYSBwcm9kdWN0aXZlIG1lZXRpbmcgQCBJRVRGIDEw NS4gV2UgaGFkIGRpc2N1c3NlZCB0aGUgbmV3IGNoYXJ0ZXIgdGV4dCBkdXJpbmcgdGhlIHdvcmtp bmcgZ3JvdXAgc2Vzc2lvbiBpbiBNb250cmVhbC4gUGxlYXNlIGZpbmQgdGhlIHNhbWUgdGV4dCBi ZWxvdy4gVGhpcyB0ZXh0IGJ1aWxkcyB1cG9uIG91ciBjdXJyZW50IGNoYXJ0ZXIuIEZlZWwgZnJl ZSB0byBzdWdnZXN0IGNoYW5nZXMuIFJGQyAyNDE4IHNlY3Rpb24gMi4yIGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9yZmMyNDE4I3NlY3Rpb24tMi4yIHNheXMgdGhlIGZvbGxvd2luZyBhYm91 dCBhIHdvcmtpbmcgZ3JvdXAgY2hhcnRlcjoNCg0KICAgMi4gU3BlY2lmaWVzIHRoZSBkaXJlY3Rp b24gb3Igb2JqZWN0aXZlcyBvZiB0aGUgd29ya2luZyBncm91cCBhbmQNCiAgICAgIGRlc2NyaWJl cyB0aGUgYXBwcm9hY2ggdGhhdCB3aWxsIGJlIHRha2VuIHRvIGFjaGlldmUgdGhlIGdvYWxzOw0K DQpQbGVhc2Uga2VlcCB0aGlzIGluIG1pbmQgd2hlbiBzdWdnZXN0aW5nIGNoYW5nZXMuIE9uY2Ug dGhlIHRleHQgaXMgcmVhZHksIHdlIHdpbGwgc2VuZCBpdCB0byB0aGUgSUVTRyBmb3IgcmV2aWV3 Lg0KDQpKb2UgYW5kIE1vaGl0DQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpUaGUgRXh0 ZW5zaWJsZSBBdXRoZW50aWNhdGlvbiBQcm90b2NvbCAoRUFQKSBbUkZDIDM3NDhdIGlzIGEgbmV0 d29yayBhY2Nlc3MgYXV0aGVudGljYXRpb24gZnJhbWV3b3JrIHVzZWQsIGZvciBpbnN0YW5jZSwg aW4gVlBOIGFuZCBtb2JpbGUgbmV0d29ya3MuIEVBUCBpdHNlbGYgaXMgYSBzaW1wbGUgcHJvdG9j b2wgYW5kIGFjdHVhbCBhdXRoZW50aWNhdGlvbiBoYXBwZW5zIGluIEVBUCBtZXRob2RzLiBTZXZl cmFsIEVBUCBtZXRob2RzIGhhdmUgYmVlbiBkZXZlbG9wZWQgYXQgdGhlIElFVEYgYW5kIHN1cHBv cnQgZm9yIEVBUCBleGlzdHMgaW4gYSBicm9hZCBzZXQgb2YgZGV2aWNlcy4gUHJldmlvdXMgbGFy Z2VyIEVBUC1yZWxhdGVkIGVmZm9ydHMgYXQgdGhlIElFVEYgaW5jbHVkZWQgcmV3cml0aW5nIHRo ZSBiYXNlIEVBUCBwcm90b2NvbCBzcGVjaWZpY2F0aW9uIGFuZCB0aGUgZGV2ZWxvcG1lbnQgb2Yg c2V2ZXJhbCBzdGFuZGFyZHMgdHJhY2sgRUFQIG1ldGhvZHMuDQoNCkVBUCBtZXRob2RzIGFyZSBn ZW5lcmFsbHkgYmFzZWQgb24gZXhpc3Rpbmcgc2VjdXJpdHkgdGVjaG5vbG9naWVzIHN1Y2ggYXMg VExTIGFuZCBTSU0gY2FyZHMuIE91ciB1bmRlcnN0YW5kaW5nIG9mIHNlY3VyaXR5IHRocmVhdHMg aXMgY29udGludW91c2x5IGV2b2x2aW5nLiBUaGlzIGhhcyBkcml2ZW4gdGhlIGV2b2x1dGlvbiBv ZiBzZXZlcmFsIG9mIHRoZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLiBBcyBhbiBleGFtcGxl LCBJRVRGIGhhcyBzdGFuZGFyZGl6ZWQgYSBuZXcgYW5kIGltcHJvdmVkIHZlcnNpb24gb2YgVExT IGluIFJGQyA4NDQ2LiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUgcHJvdmlkZSBndWlkYW5jZSBh bmQgdXBkYXRlIEVBUCBtZXRob2Qgc3BlY2lmaWNhdGlvbnMgd2hlcmUgbmVjZXNzYXJ5IHRvIGVu YWJsZSB0aGUgdXNlIG9mIG5ldyB2ZXJzaW9ucyBvZiB0aGVzZSB1bmRlcmx5aW5nIHRlY2hub2xv Z2llcy4NCg0KQXQgdGhlIHNhbWUgdGltZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAgaGF2 ZSBiZWVuIGlkZW50aWZpZWQuIEVBUCBpcyBub3cgbW9yZSBicm9hZGx5IGluIG1vYmlsZSBuZXR3 b3JrIGF1dGhlbnRpY2F0aW9uLiBUaGUgZ3JvdXAgd2lsbCB1cGRhdGUgZXhpc3RpbmcgRUFQIG1l dGhvZHMgc3VjaCBhcyBFQVAtQUtBJyB0byBzdGF5IGluIHN5bmMgd2l0aCB1cGRhdGVzIHRvIHRo ZSByZWZlcmVuY2VkIDNHUFAgc3BlY2lmaWNhdGlvbnMuIFJGQyA3MjU4IG5vdGVzIHRoYXQgcGVy dmFzaXZlIG1vbml0b3JpbmcgaXMgYW4gYXR0YWNrLiBQZXJmZWN0IEZvcndhcmQgU2VjcmVjeSAo UEZTKSBpcyBhbiBpbXBvcnRhbnQgc2VjdXJpdHkgcHJvcGVydHkgZm9yIG1vZGVybiBwcm90b2Nv bHMgdG8gdGh3YXJ0IHBlcnZhc2l2ZSBtb25pdG9yaW5nLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZv cmUgd29yayBvbiBhbiBleHRlbnNpb24gdG8gRUFQLUFLQScgZm9yIHByb3ZpZGluZyBQZXJmZWN0 IEZvcndhcmQgU2VjcmVjeSAoUEZTKS4NCg0KT3V0LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEg c2VwYXJhdGUgY29tbXVuaWNhdGlvbiBjaGFubmVsIGluZGVwZW5kZW50IG9mIHRoZSBwcmltYXJ5 IGluLWJhbmQgY2hhbm5lbCBvdmVyIHdoaWNoIHRoZSBhY3R1YWwgbmV0d29yayBjb21tdW5pY2F0 aW9uIHRha2VzIHBsYWNlLiBPT0IgY2hhbm5lbHMgYXJlIG5vdyB1c2VkIGZvciBhdXRoZW50aWNh dGlvbiBpbiBhIHZhcmlldHkgb2YgcHJvdG9jb2xzIGFuZCBkZXZpY2VzIChkcmFmdC1pZXRmLW9h dXRoLWRldmljZS1mbG93LTEzLCBXaGF0c0FwcCBXZWIsIGV0Yy4pLiBNYW55IHVzZXJzIGFyZSBh Y2N1c3RvbWVkIHRvIHRhcHBpbmcgTkZDIG9yIHNjYW5uaW5nIFFSIGNvZGVzLiBIb3dldmVyLCBF QVAgY3VycmVudGx5IGRvZXMgbm90IGhhdmUgYW55IHN0YW5kYXJkIG1ldGhvZHMgdGhhdCBzdXBw b3J0IGF1dGhlbnRpY2F0aW9uIGJhc2VkIG9uIE9PQiBjaGFubmVscy4gVGhlIGdyb3VwIHdpbGwg dGhlcmVmb3JlIHdvcmsgb24gYW4gRUFQIG1ldGhvZCB3aGVyZSBhdXRoZW50aWNhdGlvbiBpcyBi YXNlZCBvbiBhbiBvdXQtb2YtYmFuZCBjaGFubmVsIGJldHdlZW4gdGhlIHBlZXIgYW5kIHRoZSBz ZXJ2ZXIuDQoNCkVBUCBhdXRoZW50aWNhdGlvbiBpcyBiYXNlZCBvbiBjcmVkZW50aWFscyBhdmFp bGFibGUgb24gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIuIEhvd2V2ZXIsIHNvbWUgRUFQIG1ldGhv ZHMgdXNlIGNyZWRlbnRpYWxzIHRoYXQgYXJlIHRpbWUgb3IgZG9tYWluIGxpbWl0ZWQgKHN1Y2gg YXMgRUFQLVBPVFApLCBhbmQgdGhlcmUgbWF5IGJlIGEgbmVlZCBmb3IgY3JlYXRpbmcgbG9uZyB0 ZXJtIGNyZWRlbnRpYWxzIGZvciByZS1hdXRoZW50aWNhdGluZyB0aGUgcGVlciBpbiBhIG1vcmUg Z2VuZXJhbCBjb250ZXh0LiBUaGUgZ3JvdXAgd2lsbCBpbnZlc3RpZ2F0ZSBtaW5pbWFsIG1lY2hh bmlzbXMgd2l0aCB3aGljaCBsaW1pdGVkLXVzZSBFQVAgYXV0aGVudGljYXRpb24gY3JlZGVudGlh bHMgY2FuIGJlIHVzZWQgZm9yIGNyZWF0aW5nIGdlbmVyYWwtdXNlIGxvbmctdGVybSBjcmVkZW50 aWFscy4NCg0KSW4gc3VtbWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwgcHJvZHVjZSB0aGUg Zm9sbG93aW5nIGRvY3VtZW50czoNCg0KIC0gQW4gdXBkYXRlIHRvIGVuYWJsZSB0aGUgdXNlIG9m IFRMUyAxLjMgaW4gdGhlIGNvbnRleHQgb2YgRUFQLVRMUyAoUkZDIDUyMTYpLiBUaGlzIGRvY3Vt ZW50IHdpbGwgcGRhdGUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHJlbGF0aW5nIHRvIEVB UC1UTFMsIGRvY3VtZW50IHRoZSBpbXBsaWNhdGlvbnMgb2YgdXNpbmcgbmV3IHZzLiBvbGQgVExT IHZlcnNpb25zLCBhZGQgYW55IHJlY2VudGx5IGdhaW5lZCBuZXcga25vd2xlZGdlIG9uIHZ1bG5l cmFiaWxpdGllcywgYW5kIGRpc2N1c3MgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2 YXNpdmUgc3VydmVpbGxhbmNlLg0KDQogLSBTZXZlcmFsIEVBUCBtZXRob2RzIHN1Y2ggRUFQLVRU TFMgYW5kIEVBUC1GQVNUIHVzZSBhbiBvdXRlciBUTFMgdHVubmVsLiBQcm92aWRlIGd1aWRhbmNl IG9yIHVwZGF0ZSB0aGUgcmVsZXZhbnQgc3BlY2lmaWNhdGlvbnMgZXhwbGFpbmluZyBob3cgdGhv c2UgRUFQIG1ldGhvZHMgKFBFQVAvVFRMUy9URUFQKSB3aWxsIHdvcmsgd2l0aCBUTFMgMS4zLiBU aGlzIHdpbGwgYWxzbyBpbnZvbHZlIG1haW50ZW5hbmNlIHdvcmsgYmFzZWQgb24gZXJyYXRhcyBm b3VuZCBpbiBwdWJsaXNoZWQgc3BlY2lmaWNhdGlvbnMgKHN1Y2ggYXMgRUFQLVRFQVApLg0KDQot IERlZmluZSBzZXNzaW9uIGlkZW50aWZpZXJzIGZvciBmYXN0IHJlLWF1dGhlbnRpY2F0aW9uIGZv ciBFQVAtU0lNLCBFQVAtQUtBLCBhbmQgRUFQLUFLQeKAmS4gVGhlIGxhY2sgb2YgdGhpcyBkZWZp bml0aW9uIGlzIGEgcmVjZW50bHkgZGlzY292ZXJlZCBidWcgaW4gdGhlIG9yaWdpbmFsIFJGQ3Mu DQoNCi0gVXBkYXRlIHRoZSBFQVAtQUtBJyBzcGVjaWZpY2F0aW9uIChSRkMgNTQ0OCkgdG8gZW5z dXJlIHRoYXQgaXRzIGNhcGFiaWxpdHkgdG8gcHJvdmlkZSBhIGNyeXB0b2dyYXBoaWMgYmluZGlu ZyB0byBuZXR3b3JrIGNvbnRleHQgc3RheXMgaW4gc3luYyB3aXRoIHVwZGF0ZXMgdG8gdGhlIHJl ZmVyZW5jZWQgM0dQUCBzcGVjaWZpY2F0aW9ucy4gVGhlIGRvY3VtZW50IHdpbGwgYWxzbyBjb250 YWluIGFueSByZWNlbnRseSBnYWluZWQgbmV3IGtub3dsZWRnZSBvbiB2dWxuZXJhYmlsaXRpZXMg b3IgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2YXNpdmUgc3VydmVpbGxhbmNlLg0K DQotIERldmVsb3AgYW4gZXh0ZW5zaW9uIHRvIEVBUC1BS0EnIHN1Y2ggdGhhdCBQZXJmZWN0IEZv cndhcmQgU2VjcmVjeSBjYW4gYmUgcHJvdmlkZWQuIFRoZXJlIG1heSBhbHNvIGJlIHByaXZhY3kg aW1wcm92ZW1lbnRzIHRoYXQgaGF2ZSBiZWNvbWUgZmVhc2libGUgd2l0aCB0aGUgIGludHJvZHVj dGlvbiBvZiByZWNlbnQgaWRlbnRpdHkgcHJpdmFjeSBpbXByb3ZlbWVudHMgaW4gM0dQUCBuZXR3 b3Jrcy4NCg0KLSBHYXRoZXIgZXhwZXJpZW5jZSByZWdhcmRpbmcgdGhlIHVzZSBvZiBsYXJnZSBj ZXJ0aWZpY2F0ZXMgYW5kIGxvbmcgY2VydGlmaWNhdGUgY2hhaW5zIGluIHRoZSBjb250ZXh0IG9m IEVBUC1UTFMgKGFsbCB2ZXJzaW9ucyksIGFzIHNvbWUgaW1wbGVtZW50YXRpb25zIGFuZCBhY2Nl c3MgbmV0d29ya3MgbWF5IGxpbWl0IHRoZSBudW1iZXIgb2YgRUFQIHBhY2tldCBleGNoYW5nZXMg dGhhdCBjYW4gYmUgaGFuZGxlZC4gRG9jdW1lbnQgb3BlcmF0aW9uYWwgcmVjb21tZW5kYXRpb25z IG9yIG90aGVyIG1pdGlnYXRpb24gc3RyYXRlZ2llcyB0byBhdm9pZCBpc3N1ZXMuDQoNCi0gRGVm aW5lIGEgc3RhbmRhcmQgRUFQIG1ldGhvZCBmb3IgbXV0dWFsIGF1dGhlbnRpY2F0aW9uIGJldHdl ZW4gYSBwZWVyIGFuZCBhIHNlcnZlciB0aGF0IGlzIGJhc2VkIG9uIGFuIG91dC1vZi1iYW5kIGNo YW5uZWwuIFRoZSBtZXRob2QgaXRzZWxmIHNoYWxsIGJlIGluZGVwZW5kZW50IG9mIHRoZSB1bmRl cmx5aW5nIE9PQiBjaGFubmVsIGFuZCBzaGFsbCBzdXBwb3J0IGEgdmFyaWV0eSBvZiBPT0IgY2hh bm5lbHMgc3VjaCBhcyBORkMsIGR5bmFtaWNhbGx5IGdlbmVyYXRlZCBRUiBjb2RlcywgYXVkaW8s IGFuZCB2aXNpYmxlIGxpZ2h0Lg0KDQotIERlZmluZSBtZWNoYW5pc21zIGJ5IHdoaWNoIEVBUCBt ZXRob2RzIGNhbiBzdXBwb3J0IGNyZWF0aW9uIG9mIGxvbmctdGVybSBjcmVkZW50aWFscyBmb3Ig dGhlIHBlZXIgYmFzZWQgb24gaW5pdGlhbCBsaW1pdGVkLXVzZSBjcmVkZW50aWFscy4NCg0KVGhl IHdvcmtpbmcgZ3JvdXAgaXMgZXhwZWN0ZWQgdG8gc3RheSBpbiBjbG9zZSBjb2xsYWJvcmF0aW9u IHdpdGggdGhlIEVBUCBkZXBsb3ltZW50IGNvbW11bml0eSwgdGhlIFRMUyB3b3JraW5nIGdyb3Vw IChmb3IgRUFQLVRMUyB3b3JrKSwgYW5kIHRoZSAzR1BQIHNlY3VyaXR5IGFyY2hpdGVjdHVyZSBn cm91cCAoZm9yIEVBUC1BS0EnIHdvcmspDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoN Cg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkVtdSBt YWlsaW5nIGxpc3QNCkVtdUBpZXRmLm9yZzxtYWlsdG86RW11QGlldGYub3JnPg0KaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUNCg0K --_000_e58bc3b02ab140ed82371b5249172d94ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <27C53103E5E4BA4CB33190568A4FA7E3@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZG RkYiIHRleHQ9IiMwMDAwMDAiPg0KPHA+SGkgUmVuZSw8L3A+DQo8cD5UaGFuayB5b3UgZm9yIHRo ZSBzdWdnZXN0aW9uLiBJdCBtYWtlcyBzZW5zZS4gSSB3aWxsIHVwZGF0ZSB0aGUgdGV4dCBhY2Nv cmRpbmdseS4NCjxicj4NCjwvcD4NCjxwPi0tTW9oaXQ8YnI+DQo8L3A+DQo8ZGl2IGNsYXNzPSJt b3otY2l0ZS1wcmVmaXgiPk9uIDgvMjYvMTkgNjoyNSBQTSwgUmVuZSBTdHJ1aWsgd3JvdGU6PGJy Pg0KPC9kaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjaXRlPSJtaWQ6ZTkxNTQ5YWEtN2Fm OS1jZGU1LTUxYjQtMTY4NTU0MmE3MjU5QGdtYWlsLmNvbSI+DQo8cD5IaSBNb2hpdDo8L3A+DQo8 cD5JIHJlYWQgdGhlIHByb3Bvc2VkIHJlY2hhcnRlciB0ZXh0IGFuZCBzdWdnZXN0IGEgdGlueSBj aGFuZ2UgaW4gdGhlIGRhc2hlZCB3b3JrIGl0ZW0gYmVsb3c6IGNoYW5nZSAmcXVvdDtzaGFsbCZx dW90OyB0byAmcXVvdDtzaG91bGQmcXVvdDsuIFdpdGggJnF1b3Q7c2hhbGwmcXVvdDsgbGFuZ3Vh Z2UsIHRoZSBvdXQtb2YtYmFuZCBjaGFyYWN0ZXJpc3RpY3Mgb2YgdGhlIG1vc3Qgc3RyaW5nZW50 IHN1Y2ggY2hhbm5lbCBpbXBvc2VzIHRoZSBkZXNpZ24gY29uc3RyYWludHMsIHdoaWNoIGlzIG5v dA0KIHRoZSBjYXNlIHdpdGggJnF1b3Q7c2hvdWxkJnF1b3Q7IGxhbmd1YWdlLiBIZXJlLCBvbmUg c2hvdWxkIG5vdGUgdGhhdCBjZXJ0YWluIE9PQiBjaGFubmVscyBmb3Igc2Vuc29yIGRldmljZXMg bWF5IG5vdCBoYXZlIHN1ZmZpY2llbnQgYmFuZHdpZHRoIGZvciBjb252ZXlpbmcsIGUuZy4sIGEg cmVwcmVzZW50YXRpb24gb2YgYSBwdWJsaWMga2V5IChpZiB0aGF0IGlzIG9uZSBvZiB0aGUgaW50 ZW5kZWQgbWV0aG9kcyBvbmUgd2lzaGVzIHRvIHVzZSksIHdoZXJlYXMNCiB0aGlzIHdvdWxkIGJl IGVhc3kgZm9yIGRldmljZXMgd2l0aCBjYW1lcmEgb24tYm9hcmQuIElmIHRoZSBpbnRlbnRpb24g aXMgdG8gaGF2ZSBhIG1ldGhvZCB0aGF0IGlzIHRydWx5IGluZGVwZW5kZW50IG9mIHRoZSBPT0Ig Y2hhbm5lbCBhbmQgd2FudHMgdGhlIGNoYXJ0ZXIgdGV4dCB0byBuYWlsIHRoaXMsIHRoYXQgaXMg ZmluZSwgYnV0IG9uZSBoYXMgdG8gYmUgd2FyZSB0aGF0IHRoaXMgbWF5IGxpbWl0IGFwcGxpY2Fi aWxpdHkgaW4gc29tZSB1c2UNCiBjYXNlczsgb3RoZXJ3aXNlLCBzaW1wbHkgbWFraW5nIHRoaXMg YSAmcXVvdDtzaG91bGQmcXVvdDsgbGVhdmVzIHNvbWUgd2lnZ2xlIHJvb20uIFRoZXJlIG1heSBi ZSBvdGhlciBjYXNlcywgd2hlcmUgY2hhcmFjdGVyaXN0aWNzIG9mIE9PQiBjaGFubmVsIG1heSBp bXBhY3QgZGVzaWduIHNwYWNlIGFuZCB3aGVyZSBzb21lIHdpZ2dsZSByb29tIGluIHRoZSBjaGFy dGVyIG1heSBub3QgaHVydC48YnI+DQo8L3A+DQo8cD5TdWdnZXN0ZWQgbW9kaWZpY2F0aW9uIChj aGFuZ2UgdW5kZXJsaW5lZCk6PGJyPg0KPC9wPg0KPHA+LSBEZWZpbmUgYSBzdGFuZGFyZCBFQVAg bWV0aG9kIGZvciBtdXR1YWwgYXV0aGVudGljYXRpb24gYmV0d2VlbiBhIHBlZXIgYW5kIGEgc2Vy dmVyIHRoYXQgaXMgYmFzZWQgb24gYW4gb3V0LW9mLWJhbmQgY2hhbm5lbC4gVGhlIG1ldGhvZCBp dHNlbGYNCjx1PnNob3VsZDwvdT4gYmUgaW5kZXBlbmRlbnQgb2YgdGhlIHVuZGVybHlpbmcgT09C IGNoYW5uZWwgYW5kIHNoYWxsIHN1cHBvcnQgYSB2YXJpZXR5IG9mIE9PQiBjaGFubmVscyBzdWNo IGFzIE5GQywgZHluYW1pY2FsbHkgZ2VuZXJhdGVkIFFSIGNvZGVzLCBhdWRpbywgYW5kIHZpc2li bGUgbGlnaHQuPC9wPg0KPGRpdiBjbGFzcz0ibW96LWZvcndhcmQtY29udGFpbmVyIj5CZXN0IHJl Z2FyZHMsIFJlbmU8YnI+DQo8YnI+DQotLS0tLS0tLSBGb3J3YXJkZWQgTWVzc2FnZSAtLS0tLS0t LQ0KPHRhYmxlIGNsYXNzPSJtb3otZW1haWwtaGVhZGVycy10YWJsZSIgY2VsbHNwYWNpbmc9IjAi IGNlbGxwYWRkaW5nPSIwIiBib3JkZXI9IjAiPg0KPHRib2R5Pg0KPHRyPg0KPHRoIG5vd3JhcD0i bm93cmFwIiBhbGlnbj0iUklHSFQiIHZhbGlnbj0iQkFTRUxJTkUiPlN1YmplY3Q6IDwvdGg+DQo8 dGQ+W0VtdV0gUmUtY2hhcnRlciB0ZXh0PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGggbm93cmFwPSJu b3dyYXAiIGFsaWduPSJSSUdIVCIgdmFsaWduPSJCQVNFTElORSI+RGF0ZTogPC90aD4NCjx0ZD5X ZWQsIDIxIEF1ZyAyMDE5IDA4OjEzOjUxICYjNDM7MDAwMDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRo IG5vd3JhcD0ibm93cmFwIiBhbGlnbj0iUklHSFQiIHZhbGlnbj0iQkFTRUxJTkUiPkZyb206IDwv dGg+DQo8dGQ+TW9oaXQgU2V0aGkgTSA8YSBjbGFzcz0ibW96LXR4dC1saW5rLXJmYzIzOTZFIiBo cmVmPSJtYWlsdG86bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20iIG1vei1kby1ub3Qtc2VuZD0i dHJ1ZSI+DQombHQ7bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb20mZ3Q7PC9hPjwvdGQ+DQo8L3Ry Pg0KPHRyPg0KPHRoIG5vd3JhcD0ibm93cmFwIiBhbGlnbj0iUklHSFQiIHZhbGlnbj0iQkFTRUxJ TkUiPlRvOiA8L3RoPg0KPHRkPjxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhy ZWY9Im1haWx0bzplbXVAaWV0Zi5vcmciIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSI+ZW11QGlldGYu b3JnPC9hPg0KPGEgY2xhc3M9Im1vei10eHQtbGluay1yZmMyMzk2RSIgaHJlZj0ibWFpbHRvOmVt dUBpZXRmLm9yZyIgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIj4NCiZsdDtlbXVAaWV0Zi5vcmcmZ3Q7 PC9hPjwvdGQ+DQo8L3RyPg0KPC90Ym9keT4NCjwvdGFibGU+DQo8YnI+DQo8YnI+DQo8cD5EZWFy IGFsbCw8L3A+DQo8cD5UaGFuayB5b3UgZm9yIGEgcHJvZHVjdGl2ZSBtZWV0aW5nIEAgSUVURiAx MDUuIFdlIGhhZCBkaXNjdXNzZWQgdGhlIG5ldyBjaGFydGVyIHRleHQgZHVyaW5nIHRoZSB3b3Jr aW5nIGdyb3VwIHNlc3Npb24gaW4gTW9udHJlYWwuIFBsZWFzZSBmaW5kIHRoZSBzYW1lIHRleHQg YmVsb3cuIFRoaXMgdGV4dCBidWlsZHMgdXBvbiBvdXIgY3VycmVudCBjaGFydGVyLiBGZWVsIGZy ZWUgdG8gc3VnZ2VzdCBjaGFuZ2VzLiBSRkMgMjQxOCBzZWN0aW9uDQogMi4yIDxhIG1vei1kby1u b3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI0MTgj c2VjdGlvbi0yLjIiPg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI0MTgjc2VjdGlv bi0yLjI8L2E+IHNheXMgdGhlIGZvbGxvd2luZyBhYm91dCBhIHdvcmtpbmcgZ3JvdXAgY2hhcnRl cjo8L3A+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIj4NCjxwcmUgY2xhc3M9Im5ld3BhZ2UiPiAg IDIuIFNwZWNpZmllcyB0aGUgZGlyZWN0aW9uIG9yIG9iamVjdGl2ZXMgb2YgdGhlIHdvcmtpbmcg Z3JvdXAgYW5kDQogICAgICBkZXNjcmliZXMgdGhlIGFwcHJvYWNoIHRoYXQgd2lsbCBiZSB0YWtl biB0byBhY2hpZXZlIHRoZSBnb2Fsczs8L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxicj4NClBsZWFz ZSBrZWVwIHRoaXMgaW4gbWluZCB3aGVuIHN1Z2dlc3RpbmcgY2hhbmdlcy4gT25jZSB0aGUgdGV4 dCBpcyByZWFkeSwgd2Ugd2lsbCBzZW5kIGl0IHRvIHRoZSBJRVNHIGZvciByZXZpZXcuPGJyPg0K PHA+Sm9lIGFuZCBNb2hpdDwvcD4NCjxwPi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxicj4NCjxi cj4NClRoZSBFeHRlbnNpYmxlIEF1dGhlbnRpY2F0aW9uIFByb3RvY29sIChFQVApIFtSRkMgMzc0 OF0gaXMgYSBuZXR3b3JrIGFjY2VzcyBhdXRoZW50aWNhdGlvbiBmcmFtZXdvcmsgdXNlZCwgZm9y IGluc3RhbmNlLCBpbiBWUE4gYW5kIG1vYmlsZSBuZXR3b3Jrcy4gRUFQIGl0c2VsZiBpcyBhIHNp bXBsZSBwcm90b2NvbCBhbmQgYWN0dWFsIGF1dGhlbnRpY2F0aW9uIGhhcHBlbnMgaW4gRUFQIG1l dGhvZHMuIFNldmVyYWwgRUFQIG1ldGhvZHMgaGF2ZSBiZWVuDQogZGV2ZWxvcGVkIGF0IHRoZSBJ RVRGIGFuZCBzdXBwb3J0IGZvciBFQVAgZXhpc3RzIGluIGEgYnJvYWQgc2V0IG9mIGRldmljZXMu IFByZXZpb3VzIGxhcmdlciBFQVAtcmVsYXRlZCBlZmZvcnRzIGF0IHRoZSBJRVRGIGluY2x1ZGVk IHJld3JpdGluZyB0aGUgYmFzZSBFQVAgcHJvdG9jb2wgc3BlY2lmaWNhdGlvbiBhbmQgdGhlIGRl dmVsb3BtZW50IG9mIHNldmVyYWwgc3RhbmRhcmRzIHRyYWNrIEVBUCBtZXRob2RzLjxicj4NCjxi cj4NCkVBUCBtZXRob2RzIGFyZSBnZW5lcmFsbHkgYmFzZWQgb24gZXhpc3Rpbmcgc2VjdXJpdHkg dGVjaG5vbG9naWVzIHN1Y2ggYXMgVExTIGFuZCBTSU0gY2FyZHMuIE91ciB1bmRlcnN0YW5kaW5n IG9mIHNlY3VyaXR5IHRocmVhdHMgaXMgY29udGludW91c2x5IGV2b2x2aW5nLiBUaGlzIGhhcyBk cml2ZW4gdGhlIGV2b2x1dGlvbiBvZiBzZXZlcmFsIG9mIHRoZXNlIHVuZGVybHlpbmcgdGVjaG5v bG9naWVzLiBBcyBhbiBleGFtcGxlLCBJRVRGIGhhcyBzdGFuZGFyZGl6ZWQNCiBhIG5ldyBhbmQg aW1wcm92ZWQgdmVyc2lvbiBvZiBUTFMgaW4gUkZDIDg0NDYuIFRoZSBncm91cCB3aWxsIHRoZXJl Zm9yZSBwcm92aWRlIGd1aWRhbmNlIGFuZCB1cGRhdGUgRUFQIG1ldGhvZCBzcGVjaWZpY2F0aW9u cyB3aGVyZSBuZWNlc3NhcnkgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgbmV3IHZlcnNpb25zIG9mIHRo ZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLg0KPGJyPg0KPGJyPg0KQXQgdGhlIHNhbWUgdGlt ZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAgaGF2ZSBiZWVuIGlkZW50aWZpZWQuIEVBUCBp cyBub3cgbW9yZSBicm9hZGx5IGluIG1vYmlsZSBuZXR3b3JrIGF1dGhlbnRpY2F0aW9uLiBUaGUg Z3JvdXAgd2lsbCB1cGRhdGUgZXhpc3RpbmcgRUFQIG1ldGhvZHMgc3VjaCBhcyBFQVAtQUtBJyB0 byBzdGF5IGluIHN5bmMgd2l0aCB1cGRhdGVzIHRvIHRoZSByZWZlcmVuY2VkIDNHUFAgc3BlY2lm aWNhdGlvbnMuIFJGQw0KIDcyNTggbm90ZXMgdGhhdCBwZXJ2YXNpdmUgbW9uaXRvcmluZyBpcyBh biBhdHRhY2suIFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IChQRlMpIGlzIGFuIGltcG9ydGFudCBz ZWN1cml0eSBwcm9wZXJ0eSBmb3IgbW9kZXJuIHByb3RvY29scyB0byB0aHdhcnQgcGVydmFzaXZl IG1vbml0b3JpbmcuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9yZSB3b3JrIG9uIGFuIGV4dGVuc2lv biB0byBFQVAtQUtBJyBmb3IgcHJvdmlkaW5nIFBlcmZlY3QgRm9yd2FyZA0KIFNlY3JlY3kgKFBG UykuPGJyPg0KPGJyPg0KT3V0LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEgc2VwYXJhdGUgY29t bXVuaWNhdGlvbiBjaGFubmVsIGluZGVwZW5kZW50IG9mIHRoZSBwcmltYXJ5IGluLWJhbmQgY2hh bm5lbCBvdmVyIHdoaWNoIHRoZSBhY3R1YWwgbmV0d29yayBjb21tdW5pY2F0aW9uIHRha2VzIHBs YWNlLiBPT0IgY2hhbm5lbHMgYXJlIG5vdyB1c2VkIGZvciBhdXRoZW50aWNhdGlvbiBpbiBhIHZh cmlldHkgb2YgcHJvdG9jb2xzIGFuZCBkZXZpY2VzIChkcmFmdC1pZXRmLW9hdXRoLWRldmljZS1m bG93LTEzLA0KIFdoYXRzQXBwIFdlYiwgZXRjLikuIE1hbnkgdXNlcnMgYXJlIGFjY3VzdG9tZWQg dG8gdGFwcGluZyBORkMgb3Igc2Nhbm5pbmcgUVIgY29kZXMuIEhvd2V2ZXIsIEVBUCBjdXJyZW50 bHkgZG9lcyBub3QgaGF2ZSBhbnkgc3RhbmRhcmQgbWV0aG9kcyB0aGF0IHN1cHBvcnQgYXV0aGVu dGljYXRpb24gYmFzZWQgb24gT09CIGNoYW5uZWxzLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUg d29yayBvbiBhbiBFQVAgbWV0aG9kIHdoZXJlIGF1dGhlbnRpY2F0aW9uDQogaXMgYmFzZWQgb24g YW4gb3V0LW9mLWJhbmQgY2hhbm5lbCBiZXR3ZWVuIHRoZSBwZWVyIGFuZCB0aGUgc2VydmVyLjxi cj4NCjxicj4NCkVBUCBhdXRoZW50aWNhdGlvbiBpcyBiYXNlZCBvbiBjcmVkZW50aWFscyBhdmFp bGFibGUgb24gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIuIEhvd2V2ZXIsIHNvbWUgRUFQIG1ldGhv ZHMgdXNlIGNyZWRlbnRpYWxzIHRoYXQgYXJlIHRpbWUgb3IgZG9tYWluIGxpbWl0ZWQgKHN1Y2gg YXMgRUFQLVBPVFApLCBhbmQgdGhlcmUgbWF5IGJlIGEgbmVlZCBmb3IgY3JlYXRpbmcgbG9uZyB0 ZXJtIGNyZWRlbnRpYWxzIGZvciByZS1hdXRoZW50aWNhdGluZyB0aGUNCiBwZWVyIGluIGEgbW9y ZSBnZW5lcmFsIGNvbnRleHQuIFRoZSBncm91cCB3aWxsIGludmVzdGlnYXRlIG1pbmltYWwgbWVj aGFuaXNtcyB3aXRoIHdoaWNoIGxpbWl0ZWQtdXNlIEVBUCBhdXRoZW50aWNhdGlvbiBjcmVkZW50 aWFscyBjYW4gYmUgdXNlZCBmb3IgY3JlYXRpbmcgZ2VuZXJhbC11c2UgbG9uZy10ZXJtIGNyZWRl bnRpYWxzLjxicj4NCjxicj4NCkluIHN1bW1hcnksIHRoZSB3b3JraW5nIGdyb3VwIHNoYWxsIHBy b2R1Y2UgdGhlIGZvbGxvd2luZyBkb2N1bWVudHM6PGJyPg0KPGJyPg0KJm5ic3A7LSBBbiB1cGRh dGUgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgVExTIDEuMyBpbiB0aGUgY29udGV4dCBvZiBFQVAtVExT IChSRkMgNTIxNikuIFRoaXMgZG9jdW1lbnQgd2lsbCBwZGF0ZSB0aGUgc2VjdXJpdHkgY29uc2lk ZXJhdGlvbnMgcmVsYXRpbmcgdG8gRUFQLVRMUywgZG9jdW1lbnQgdGhlIGltcGxpY2F0aW9ucyBv ZiB1c2luZyBuZXcgdnMuIG9sZCBUTFMgdmVyc2lvbnMsIGFkZCBhbnkgcmVjZW50bHkgZ2FpbmVk IG5ldyBrbm93bGVkZ2Ugb24gdnVsbmVyYWJpbGl0aWVzLA0KIGFuZCBkaXNjdXNzIHRoZSBwb3Nz aWJsZSBpbXBsaWNhdGlvbnMgb2YgcGVydmFzaXZlIHN1cnZlaWxsYW5jZS48YnI+DQo8YnI+DQom bmJzcDstIFNldmVyYWwgRUFQIG1ldGhvZHMgc3VjaCBFQVAtVFRMUyBhbmQgRUFQLUZBU1QgdXNl IGFuIG91dGVyIFRMUyB0dW5uZWwuIFByb3ZpZGUgZ3VpZGFuY2Ugb3IgdXBkYXRlIHRoZSByZWxl dmFudCBzcGVjaWZpY2F0aW9ucyBleHBsYWluaW5nIGhvdyB0aG9zZSBFQVAgbWV0aG9kcyAoUEVB UC9UVExTL1RFQVApIHdpbGwgd29yayB3aXRoIFRMUyAxLjMuIFRoaXMgd2lsbCBhbHNvIGludm9s dmUgbWFpbnRlbmFuY2Ugd29yayBiYXNlZCBvbiBlcnJhdGFzDQogZm91bmQgaW4gcHVibGlzaGVk IHNwZWNpZmljYXRpb25zIChzdWNoIGFzIEVBUC1URUFQKS48YnI+DQo8YnI+DQotIERlZmluZSBz ZXNzaW9uIGlkZW50aWZpZXJzIGZvciBmYXN0IHJlLWF1dGhlbnRpY2F0aW9uIGZvciBFQVAtU0lN LCBFQVAtQUtBLCBhbmQgRUFQLUFLQeKAmS4gVGhlIGxhY2sgb2YgdGhpcyBkZWZpbml0aW9uIGlz IGEgcmVjZW50bHkgZGlzY292ZXJlZCBidWcgaW4gdGhlIG9yaWdpbmFsIFJGQ3MuPC9wPg0KPHA+ LSBVcGRhdGUgdGhlIEVBUC1BS0EnIHNwZWNpZmljYXRpb24gKFJGQyA1NDQ4KSB0byBlbnN1cmUg dGhhdCBpdHMgY2FwYWJpbGl0eSB0byBwcm92aWRlIGEgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRv IG5ldHdvcmsgY29udGV4dCBzdGF5cyBpbiBzeW5jIHdpdGggdXBkYXRlcyB0byB0aGUgcmVmZXJl bmNlZCAzR1BQIHNwZWNpZmljYXRpb25zLiBUaGUgZG9jdW1lbnQgd2lsbCBhbHNvIGNvbnRhaW4g YW55IHJlY2VudGx5IGdhaW5lZCBuZXcga25vd2xlZGdlDQogb24gdnVsbmVyYWJpbGl0aWVzIG9y IHRoZSBwb3NzaWJsZSBpbXBsaWNhdGlvbnMgb2YgcGVydmFzaXZlIHN1cnZlaWxsYW5jZS48YnI+ DQo8YnI+DQotIERldmVsb3AgYW4gZXh0ZW5zaW9uIHRvIEVBUC1BS0EnIHN1Y2ggdGhhdCBQZXJm ZWN0IEZvcndhcmQgU2VjcmVjeSBjYW4gYmUgcHJvdmlkZWQuIFRoZXJlIG1heSBhbHNvIGJlIHBy aXZhY3kgaW1wcm92ZW1lbnRzIHRoYXQgaGF2ZSBiZWNvbWUgZmVhc2libGUgd2l0aCB0aGUmbmJz cDsgaW50cm9kdWN0aW9uIG9mIHJlY2VudCBpZGVudGl0eSBwcml2YWN5IGltcHJvdmVtZW50cyBp biAzR1BQIG5ldHdvcmtzLjxicj4NCjxicj4NCi0gR2F0aGVyIGV4cGVyaWVuY2UgcmVnYXJkaW5n IHRoZSB1c2Ugb2YgbGFyZ2UgY2VydGlmaWNhdGVzIGFuZCBsb25nIGNlcnRpZmljYXRlIGNoYWlu cyBpbiB0aGUgY29udGV4dCBvZiBFQVAtVExTIChhbGwgdmVyc2lvbnMpLCBhcyBzb21lIGltcGxl bWVudGF0aW9ucyBhbmQgYWNjZXNzIG5ldHdvcmtzIG1heSBsaW1pdCB0aGUgbnVtYmVyIG9mIEVB UCBwYWNrZXQgZXhjaGFuZ2VzIHRoYXQgY2FuIGJlIGhhbmRsZWQuIERvY3VtZW50IG9wZXJhdGlv bmFsDQogcmVjb21tZW5kYXRpb25zIG9yIG90aGVyIG1pdGlnYXRpb24gc3RyYXRlZ2llcyB0byBh dm9pZCBpc3N1ZXMuPGJyPg0KPGJyPg0KLSBEZWZpbmUgYSBzdGFuZGFyZCBFQVAgbWV0aG9kIGZv ciBtdXR1YWwgYXV0aGVudGljYXRpb24gYmV0d2VlbiBhIHBlZXIgYW5kIGEgc2VydmVyIHRoYXQg aXMgYmFzZWQgb24gYW4gb3V0LW9mLWJhbmQgY2hhbm5lbC4gVGhlIG1ldGhvZCBpdHNlbGYgc2hh bGwgYmUgaW5kZXBlbmRlbnQgb2YgdGhlIHVuZGVybHlpbmcgT09CIGNoYW5uZWwgYW5kIHNoYWxs IHN1cHBvcnQgYSB2YXJpZXR5IG9mIE9PQiBjaGFubmVscyBzdWNoIGFzIE5GQywgZHluYW1pY2Fs bHkNCiBnZW5lcmF0ZWQgUVIgY29kZXMsIGF1ZGlvLCBhbmQgdmlzaWJsZSBsaWdodC48YnI+DQo8 YnI+DQotIERlZmluZSBtZWNoYW5pc21zIGJ5IHdoaWNoIEVBUCBtZXRob2RzIGNhbiBzdXBwb3J0 IGNyZWF0aW9uIG9mIGxvbmctdGVybSBjcmVkZW50aWFscyBmb3IgdGhlIHBlZXIgYmFzZWQgb24g aW5pdGlhbCBsaW1pdGVkLXVzZSBjcmVkZW50aWFscy48YnI+DQo8YnI+DQpUaGUgd29ya2luZyBn cm91cCBpcyBleHBlY3RlZCB0byBzdGF5IGluIGNsb3NlIGNvbGxhYm9yYXRpb24gd2l0aCB0aGUg RUFQIGRlcGxveW1lbnQgY29tbXVuaXR5LCB0aGUgVExTIHdvcmtpbmcgZ3JvdXAgKGZvciBFQVAt VExTIHdvcmspLCBhbmQgdGhlIDNHUFAgc2VjdXJpdHkgYXJjaGl0ZWN0dXJlIGdyb3VwIChmb3Ig RUFQLUFLQScgd29yayk8YnI+DQo8YnI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+DQo8 L3A+DQo8L2Rpdj4NCjxicj4NCjxmaWVsZHNldCBjbGFzcz0ibWltZUF0dGFjaG1lbnRIZWFkZXIi PjwvZmllbGRzZXQ+DQo8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpFbXUgbWFpbGluZyBsaXN0 DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWlsdG86RW11QGll dGYub3JnIj5FbXVAaWV0Zi5vcmc8L2E+DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0 IiBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2VtdSI+aHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXU8L2E+DQo8L3ByZT4NCjwvYmxvY2tx dW90ZT4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_e58bc3b02ab140ed82371b5249172d94ericssoncom_-- From nobody Wed Sep 11 11:50:40 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0459C12006E for ; Wed, 11 Sep 2019 11:50:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqAX3gCiB8fV for ; Wed, 11 Sep 2019 11:50:35 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80052.outbound.protection.outlook.com [40.107.8.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4920412001B for ; Wed, 11 Sep 2019 11:50:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hWr7qEHY9bTXf3WQ19HuXETS/KeIig2jjy0xF03xHkVSBaCwYbYf7dkeGVKnQHnY31k49XXP8CRDd4lwTMldoC4hwF1cPDo77MXjUM1+HFoiYvBYdP8ZTfatIEWvxHDaPACjgu/tkNLiYh4T+v5QKsefL0N7B5aordvv9n46Vy2iXWDbF2qmEKDt1NzCbsOL85J1CLcubBdBZrx1uD+5uotC4HpSTmnjNxqPJn31R1Mlmw/MXI3E0tmrHwOBnT0Q+kG6/VpNLa6FMtg54/3OsY2PhSyYeEDD/n0HBram5B/ZS0/BiYHMA1ghfzKzSwTDGafVaxHtYmSgtRMcOP36EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/vgpHhQR+Jz4Tv4LvV8/rsrFoJZzgU0tsfXr2SsiZ3M=; b=PKSOiIsqwCipTS06Na/R06z7k3nNOcGt3OFVyfyTYekWG1fvE9kdlgD8/A08lU6cQvokWITFx2lpb7xYROAuHnwi1m9Cmg5pHTHcK3J+Wi1aC9squY2DOfihdbHKTsM11kvyYko4ycBgCyx0JiYl2iOuZB2a+TuOLCjiqmdx5sFGABsg4f2BCQ1uLhUligaFus2eQbrIUa6Bs8auVHVPnTMUPEeq0oKhr3EUctZarUmjXzm43nz4cR9KcsF2a0f/t5/2p9HhUK4WjKPdYr7oWTCx67K7PvNmWgEKguxmR56Ip1o+JNdzzVjrIS9e2lzQlc9He2xS5eXT48R4p5YBFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/vgpHhQR+Jz4Tv4LvV8/rsrFoJZzgU0tsfXr2SsiZ3M=; b=YI8pnPfuFO31oaQg+4TpVe/jIXQquEL7lg247/kGWV/PbralnQu/vcQbjogQM+S5hNtHGzLyZA9L6folw8Jb86aQuhGyDLdl0wd8+LVRV2zXR48divnvqiPTX4JRAjbLBchB0KihUmyHSL2vYCHGoHfznBy2QDqxs4Ug88lE+4g= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2170.eurprd07.prod.outlook.com (10.168.36.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.10; Wed, 11 Sep 2019 18:50:32 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2263.015; Wed, 11 Sep 2019 18:50:32 +0000 From: Mohit Sethi M To: "emu@ietf.org" Thread-Topic: [Emu] Re-charter text Thread-Index: AQHVV/hd5AP1y7w6BUWxMRLUThUF06cm86GA Date: Wed, 11 Sep 2019 18:50:32 +0000 Message-ID: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [87.93.24.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd61c10e-ce8a-4c77-6768-08d736e8ecb6 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB2170; x-ms-traffictypediagnostic: HE1PR0701MB2170: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(376002)(136003)(396003)(39860400002)(189003)(199004)(478600001)(606006)(8936002)(3846002)(66946007)(53936002)(6246003)(14444005)(66446008)(76176011)(7736002)(64756008)(316002)(966005)(413944005)(58126008)(81156014)(81166006)(76116006)(66556008)(66476007)(2906002)(6116002)(71200400001)(71190400001)(256004)(11346002)(6916009)(6436002)(1730700003)(25786009)(6486002)(229853002)(14454004)(8676002)(99286004)(2501003)(36756003)(31696002)(186003)(31686004)(66066001)(446003)(53546011)(2351001)(65806001)(5640700003)(65956001)(6506007)(54896002)(86362001)(26005)(6306002)(476003)(6512007)(486006)(5660300002)(236005)(2616005)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2170; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 8Z7DW4oiFk10Lu8e43wFUN0p+obRMLPWPOGyut9APMbqrFAOeFlzTwPTVduFy8Ub01PR1BX0Ada14wuz1LYrCEieqqBtUUQO0UCOJiZrV4XAzK6tkdSb9I4uLT648n9/LKGomVCUf41zrV75S/9uNfp7bevwiAIH8TEYyW6mq3ihOVtWrL+fPRu7ag6loPB3mRDt0nRCo/Jak1nIKb5uFwsqb+degIHF0MUi9UTCbt8NPSnXdjMewF3Dkl5LMfRGZXT9Pr7wJOG6uA7DqrIl1QDrwb7A7vT3FzH7B4R9mvtu/dsqnqDxFUpmJ5fh8kd1eSmI4ISprrJSdKgDU5drysZEIpkQvUMYEXUKGrz+0e25QcCi4xZOkWBRG1PZcA4VekIZQPuXhOfhfe3GhaR8mKXaS6OgJ3UqhkaApoMFrtQ= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_94702096c85402fbce396f1c5dde80a6ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd61c10e-ce8a-4c77-6768-08d736e8ecb6 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2019 18:50:32.6344 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Px4/61SeVthmPN9UE3USOJ0Ko0yNTh3gQafADxAdzvDRxidOE74Diq9ugm2IBqUhZxdD4pxIrwMjwvQJvUGfRRkSVse3CfdvDJlmMM8dojM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2170 Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2019 18:50:39 -0000 --_000_94702096c85402fbce396f1c5dde80a6ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBhbGwsDQoNClBsZWFzZSBzZW5kIGluIHlvdXIgY29tbWVudHMgb24gdGhlIGNoYXJ0ZXIg dGV4dCBieSBXZWRuZXNkYXksIFNlcHRlbWJlciAxOCwgMjAxOS4NCg0KSm9lIGFuZCBNb2hpdA0K DQpPbiA4LzIxLzE5IDExOjEzIEFNLCBNb2hpdCBTZXRoaSBNIHdyb3RlOg0KDQpEZWFyIGFsbCwN Cg0KVGhhbmsgeW91IGZvciBhIHByb2R1Y3RpdmUgbWVldGluZyBAIElFVEYgMTA1LiBXZSBoYWQg ZGlzY3Vzc2VkIHRoZSBuZXcgY2hhcnRlciB0ZXh0IGR1cmluZyB0aGUgd29ya2luZyBncm91cCBz ZXNzaW9uIGluIE1vbnRyZWFsLiBQbGVhc2UgZmluZCB0aGUgc2FtZSB0ZXh0IGJlbG93LiBUaGlz IHRleHQgYnVpbGRzIHVwb24gb3VyIGN1cnJlbnQgY2hhcnRlci4gRmVlbCBmcmVlIHRvIHN1Z2dl c3QgY2hhbmdlcy4gUkZDIDI0MTggc2VjdGlvbiAyLjIgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9o dG1sL3JmYzI0MTgjc2VjdGlvbi0yLjIgc2F5cyB0aGUgZm9sbG93aW5nIGFib3V0IGEgd29ya2lu ZyBncm91cCBjaGFydGVyOg0KDQogICAyLiBTcGVjaWZpZXMgdGhlIGRpcmVjdGlvbiBvciBvYmpl Y3RpdmVzIG9mIHRoZSB3b3JraW5nIGdyb3VwIGFuZA0KICAgICAgZGVzY3JpYmVzIHRoZSBhcHBy b2FjaCB0aGF0IHdpbGwgYmUgdGFrZW4gdG8gYWNoaWV2ZSB0aGUgZ29hbHM7DQoNClBsZWFzZSBr ZWVwIHRoaXMgaW4gbWluZCB3aGVuIHN1Z2dlc3RpbmcgY2hhbmdlcy4gT25jZSB0aGUgdGV4dCBp cyByZWFkeSwgd2Ugd2lsbCBzZW5kIGl0IHRvIHRoZSBJRVNHIGZvciByZXZpZXcuDQoNCkpvZSBh bmQgTW9oaXQNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClRoZSBFeHRlbnNpYmxlIEF1 dGhlbnRpY2F0aW9uIFByb3RvY29sIChFQVApIFtSRkMgMzc0OF0gaXMgYSBuZXR3b3JrIGFjY2Vz cyBhdXRoZW50aWNhdGlvbiBmcmFtZXdvcmsgdXNlZCwgZm9yIGluc3RhbmNlLCBpbiBWUE4gYW5k IG1vYmlsZSBuZXR3b3Jrcy4gRUFQIGl0c2VsZiBpcyBhIHNpbXBsZSBwcm90b2NvbCBhbmQgYWN0 dWFsIGF1dGhlbnRpY2F0aW9uIGhhcHBlbnMgaW4gRUFQIG1ldGhvZHMuIFNldmVyYWwgRUFQIG1l dGhvZHMgaGF2ZSBiZWVuIGRldmVsb3BlZCBhdCB0aGUgSUVURiBhbmQgc3VwcG9ydCBmb3IgRUFQ IGV4aXN0cyBpbiBhIGJyb2FkIHNldCBvZiBkZXZpY2VzLiBQcmV2aW91cyBsYXJnZXIgRUFQLXJl bGF0ZWQgZWZmb3J0cyBhdCB0aGUgSUVURiBpbmNsdWRlZCByZXdyaXRpbmcgdGhlIGJhc2UgRUFQ IHByb3RvY29sIHNwZWNpZmljYXRpb24gYW5kIHRoZSBkZXZlbG9wbWVudCBvZiBzZXZlcmFsIHN0 YW5kYXJkcyB0cmFjayBFQVAgbWV0aG9kcy4NCg0KRUFQIG1ldGhvZHMgYXJlIGdlbmVyYWxseSBi YXNlZCBvbiBleGlzdGluZyBzZWN1cml0eSB0ZWNobm9sb2dpZXMgc3VjaCBhcyBUTFMgYW5kIFNJ TSBjYXJkcy4gT3VyIHVuZGVyc3RhbmRpbmcgb2Ygc2VjdXJpdHkgdGhyZWF0cyBpcyBjb250aW51 b3VzbHkgZXZvbHZpbmcuIFRoaXMgaGFzIGRyaXZlbiB0aGUgZXZvbHV0aW9uIG9mIHNldmVyYWwg b2YgdGhlc2UgdW5kZXJseWluZyB0ZWNobm9sb2dpZXMuIEFzIGFuIGV4YW1wbGUsIElFVEYgaGFz IHN0YW5kYXJkaXplZCBhIG5ldyBhbmQgaW1wcm92ZWQgdmVyc2lvbiBvZiBUTFMgaW4gUkZDIDg0 NDYuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9yZSBwcm92aWRlIGd1aWRhbmNlIGFuZCB1cGRhdGUg RUFQIG1ldGhvZCBzcGVjaWZpY2F0aW9ucyB3aGVyZSBuZWNlc3NhcnkgdG8gZW5hYmxlIHRoZSB1 c2Ugb2YgbmV3IHZlcnNpb25zIG9mIHRoZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLg0KDQpB dCB0aGUgc2FtZSB0aW1lLCBzb21lIG5ldyB1c2UgY2FzZXMgZm9yIEVBUCBoYXZlIGJlZW4gaWRl bnRpZmllZC4gRUFQIGlzIG5vdyBtb3JlIGJyb2FkbHkgaW4gbW9iaWxlIG5ldHdvcmsgYXV0aGVu dGljYXRpb24uIFRoZSBncm91cCB3aWxsIHVwZGF0ZSBleGlzdGluZyBFQVAgbWV0aG9kcyBzdWNo IGFzIEVBUC1BS0EnIHRvIHN0YXkgaW4gc3luYyB3aXRoIHVwZGF0ZXMgdG8gdGhlIHJlZmVyZW5j ZWQgM0dQUCBzcGVjaWZpY2F0aW9ucy4gUkZDIDcyNTggbm90ZXMgdGhhdCBwZXJ2YXNpdmUgbW9u aXRvcmluZyBpcyBhbiBhdHRhY2suIFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IChQRlMpIGlzIGFu IGltcG9ydGFudCBzZWN1cml0eSBwcm9wZXJ0eSBmb3IgbW9kZXJuIHByb3RvY29scyB0byB0aHdh cnQgcGVydmFzaXZlIG1vbml0b3JpbmcuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9yZSB3b3JrIG9u IGFuIGV4dGVuc2lvbiB0byBFQVAtQUtBJyBmb3IgcHJvdmlkaW5nIFBlcmZlY3QgRm9yd2FyZCBT ZWNyZWN5IChQRlMpLg0KDQpPdXQtb2YtYmFuZCAoT09CKSByZWZlcnMgdG8gYSBzZXBhcmF0ZSBj b21tdW5pY2F0aW9uIGNoYW5uZWwgaW5kZXBlbmRlbnQgb2YgdGhlIHByaW1hcnkgaW4tYmFuZCBj aGFubmVsIG92ZXIgd2hpY2ggdGhlIGFjdHVhbCBuZXR3b3JrIGNvbW11bmljYXRpb24gdGFrZXMg cGxhY2UuIE9PQiBjaGFubmVscyBhcmUgbm93IHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIGluIGEg dmFyaWV0eSBvZiBwcm90b2NvbHMgYW5kIGRldmljZXMgKGRyYWZ0LWlldGYtb2F1dGgtZGV2aWNl LWZsb3ctMTMsIFdoYXRzQXBwIFdlYiwgZXRjLikuIE1hbnkgdXNlcnMgYXJlIGFjY3VzdG9tZWQg dG8gdGFwcGluZyBORkMgb3Igc2Nhbm5pbmcgUVIgY29kZXMuIEhvd2V2ZXIsIEVBUCBjdXJyZW50 bHkgZG9lcyBub3QgaGF2ZSBhbnkgc3RhbmRhcmQgbWV0aG9kcyB0aGF0IHN1cHBvcnQgYXV0aGVu dGljYXRpb24gYmFzZWQgb24gT09CIGNoYW5uZWxzLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUg d29yayBvbiBhbiBFQVAgbWV0aG9kIHdoZXJlIGF1dGhlbnRpY2F0aW9uIGlzIGJhc2VkIG9uIGFu IG91dC1vZi1iYW5kIGNoYW5uZWwgYmV0d2VlbiB0aGUgcGVlciBhbmQgdGhlIHNlcnZlci4NCg0K RUFQIGF1dGhlbnRpY2F0aW9uIGlzIGJhc2VkIG9uIGNyZWRlbnRpYWxzIGF2YWlsYWJsZSBvbiB0 aGUgcGVlciBhbmQgdGhlIHNlcnZlci4gSG93ZXZlciwgc29tZSBFQVAgbWV0aG9kcyB1c2UgY3Jl ZGVudGlhbHMgdGhhdCBhcmUgdGltZSBvciBkb21haW4gbGltaXRlZCAoc3VjaCBhcyBFQVAtUE9U UCksIGFuZCB0aGVyZSBtYXkgYmUgYSBuZWVkIGZvciBjcmVhdGluZyBsb25nIHRlcm0gY3JlZGVu dGlhbHMgZm9yIHJlLWF1dGhlbnRpY2F0aW5nIHRoZSBwZWVyIGluIGEgbW9yZSBnZW5lcmFsIGNv bnRleHQuIFRoZSBncm91cCB3aWxsIGludmVzdGlnYXRlIG1pbmltYWwgbWVjaGFuaXNtcyB3aXRo IHdoaWNoIGxpbWl0ZWQtdXNlIEVBUCBhdXRoZW50aWNhdGlvbiBjcmVkZW50aWFscyBjYW4gYmUg dXNlZCBmb3IgY3JlYXRpbmcgZ2VuZXJhbC11c2UgbG9uZy10ZXJtIGNyZWRlbnRpYWxzLg0KDQpJ biBzdW1tYXJ5LCB0aGUgd29ya2luZyBncm91cCBzaGFsbCBwcm9kdWNlIHRoZSBmb2xsb3dpbmcg ZG9jdW1lbnRzOg0KDQogLSBBbiB1cGRhdGUgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgVExTIDEuMyBp biB0aGUgY29udGV4dCBvZiBFQVAtVExTIChSRkMgNTIxNikuIFRoaXMgZG9jdW1lbnQgd2lsbCBw ZGF0ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgcmVsYXRpbmcgdG8gRUFQLVRMUywgZG9j dW1lbnQgdGhlIGltcGxpY2F0aW9ucyBvZiB1c2luZyBuZXcgdnMuIG9sZCBUTFMgdmVyc2lvbnMs IGFkZCBhbnkgcmVjZW50bHkgZ2FpbmVkIG5ldyBrbm93bGVkZ2Ugb24gdnVsbmVyYWJpbGl0aWVz LCBhbmQgZGlzY3VzcyB0aGUgcG9zc2libGUgaW1wbGljYXRpb25zIG9mIHBlcnZhc2l2ZSBzdXJ2 ZWlsbGFuY2UuDQoNCiAtIFNldmVyYWwgRUFQIG1ldGhvZHMgc3VjaCBFQVAtVFRMUyBhbmQgRUFQ LUZBU1QgdXNlIGFuIG91dGVyIFRMUyB0dW5uZWwuIFByb3ZpZGUgZ3VpZGFuY2Ugb3IgdXBkYXRl IHRoZSByZWxldmFudCBzcGVjaWZpY2F0aW9ucyBleHBsYWluaW5nIGhvdyB0aG9zZSBFQVAgbWV0 aG9kcyAoUEVBUC9UVExTL1RFQVApIHdpbGwgd29yayB3aXRoIFRMUyAxLjMuIFRoaXMgd2lsbCBh bHNvIGludm9sdmUgbWFpbnRlbmFuY2Ugd29yayBiYXNlZCBvbiBlcnJhdGFzIGZvdW5kIGluIHB1 Ymxpc2hlZCBzcGVjaWZpY2F0aW9ucyAoc3VjaCBhcyBFQVAtVEVBUCkuDQoNCi0gRGVmaW5lIHNl c3Npb24gaWRlbnRpZmllcnMgZm9yIGZhc3QgcmUtYXV0aGVudGljYXRpb24gZm9yIEVBUC1TSU0s IEVBUC1BS0EsIGFuZCBFQVAtQUtB4oCZLiBUaGUgbGFjayBvZiB0aGlzIGRlZmluaXRpb24gaXMg YSByZWNlbnRseSBkaXNjb3ZlcmVkIGJ1ZyBpbiB0aGUgb3JpZ2luYWwgUkZDcy4NCg0KLSBVcGRh dGUgdGhlIEVBUC1BS0EnIHNwZWNpZmljYXRpb24gKFJGQyA1NDQ4KSB0byBlbnN1cmUgdGhhdCBp dHMgY2FwYWJpbGl0eSB0byBwcm92aWRlIGEgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIG5ldHdv cmsgY29udGV4dCBzdGF5cyBpbiBzeW5jIHdpdGggdXBkYXRlcyB0byB0aGUgcmVmZXJlbmNlZCAz R1BQIHNwZWNpZmljYXRpb25zLiBUaGUgZG9jdW1lbnQgd2lsbCBhbHNvIGNvbnRhaW4gYW55IHJl Y2VudGx5IGdhaW5lZCBuZXcga25vd2xlZGdlIG9uIHZ1bG5lcmFiaWxpdGllcyBvciB0aGUgcG9z c2libGUgaW1wbGljYXRpb25zIG9mIHBlcnZhc2l2ZSBzdXJ2ZWlsbGFuY2UuDQoNCi0gRGV2ZWxv cCBhbiBleHRlbnNpb24gdG8gRUFQLUFLQScgc3VjaCB0aGF0IFBlcmZlY3QgRm9yd2FyZCBTZWNy ZWN5IGNhbiBiZSBwcm92aWRlZC4gVGhlcmUgbWF5IGFsc28gYmUgcHJpdmFjeSBpbXByb3ZlbWVu dHMgdGhhdCBoYXZlIGJlY29tZSBmZWFzaWJsZSB3aXRoIHRoZSAgaW50cm9kdWN0aW9uIG9mIHJl Y2VudCBpZGVudGl0eSBwcml2YWN5IGltcHJvdmVtZW50cyBpbiAzR1BQIG5ldHdvcmtzLg0KDQot IEdhdGhlciBleHBlcmllbmNlIHJlZ2FyZGluZyB0aGUgdXNlIG9mIGxhcmdlIGNlcnRpZmljYXRl cyBhbmQgbG9uZyBjZXJ0aWZpY2F0ZSBjaGFpbnMgaW4gdGhlIGNvbnRleHQgb2YgRUFQLVRMUyAo YWxsIHZlcnNpb25zKSwgYXMgc29tZSBpbXBsZW1lbnRhdGlvbnMgYW5kIGFjY2VzcyBuZXR3b3Jr cyBtYXkgbGltaXQgdGhlIG51bWJlciBvZiBFQVAgcGFja2V0IGV4Y2hhbmdlcyB0aGF0IGNhbiBi ZSBoYW5kbGVkLiBEb2N1bWVudCBvcGVyYXRpb25hbCByZWNvbW1lbmRhdGlvbnMgb3Igb3RoZXIg bWl0aWdhdGlvbiBzdHJhdGVnaWVzIHRvIGF2b2lkIGlzc3Vlcy4NCg0KLSBEZWZpbmUgYSBzdGFu ZGFyZCBFQVAgbWV0aG9kIGZvciBtdXR1YWwgYXV0aGVudGljYXRpb24gYmV0d2VlbiBhIHBlZXIg YW5kIGEgc2VydmVyIHRoYXQgaXMgYmFzZWQgb24gYW4gb3V0LW9mLWJhbmQgY2hhbm5lbC4gVGhl IG1ldGhvZCBpdHNlbGYgc2hhbGwgYmUgaW5kZXBlbmRlbnQgb2YgdGhlIHVuZGVybHlpbmcgT09C IGNoYW5uZWwgYW5kIHNoYWxsIHN1cHBvcnQgYSB2YXJpZXR5IG9mIE9PQiBjaGFubmVscyBzdWNo IGFzIE5GQywgZHluYW1pY2FsbHkgZ2VuZXJhdGVkIFFSIGNvZGVzLCBhdWRpbywgYW5kIHZpc2li bGUgbGlnaHQuDQoNCi0gRGVmaW5lIG1lY2hhbmlzbXMgYnkgd2hpY2ggRUFQIG1ldGhvZHMgY2Fu IHN1cHBvcnQgY3JlYXRpb24gb2YgbG9uZy10ZXJtIGNyZWRlbnRpYWxzIGZvciB0aGUgcGVlciBi YXNlZCBvbiBpbml0aWFsIGxpbWl0ZWQtdXNlIGNyZWRlbnRpYWxzLg0KDQpUaGUgd29ya2luZyBn cm91cCBpcyBleHBlY3RlZCB0byBzdGF5IGluIGNsb3NlIGNvbGxhYm9yYXRpb24gd2l0aCB0aGUg RUFQIGRlcGxveW1lbnQgY29tbXVuaXR5LCB0aGUgVExTIHdvcmtpbmcgZ3JvdXAgKGZvciBFQVAt VExTIHdvcmspLCBhbmQgdGhlIDNHUFAgc2VjdXJpdHkgYXJjaGl0ZWN0dXJlIGdyb3VwIChmb3Ig RUFQLUFLQScgd29yaykNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCg0KDQpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KRW11IG1haWxpbmcgbGlz dA0KRW11QGlldGYub3JnPG1haWx0bzpFbXVAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2VtdQ0KDQo= --_000_94702096c85402fbce396f1c5dde80a6ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <022DF7CFA704CF49AD0174F331820C2F@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZG RkYiIHRleHQ9IiMwMDAwMDAiPg0KPHA+RGVhciBhbGwsPC9wPg0KPHA+UGxlYXNlIHNlbmQgaW4g eW91ciBjb21tZW50cyBvbiB0aGUgY2hhcnRlciB0ZXh0IGJ5IFdlZG5lc2RheSwgU2VwdGVtYmVy IDE4LCAyMDE5Lg0KPGJyPg0KPC9wPg0KPHA+Sm9lIGFuZCBNb2hpdDxicj4NCjwvcD4NCjxkaXYg Y2xhc3M9Im1vei1jaXRlLXByZWZpeCI+T24gOC8yMS8xOSAxMToxMyBBTSwgTW9oaXQgU2V0aGkg TSB3cm90ZTo8YnI+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1pZDph ZTQ5MjcyNi02MjY4LTVlNzMtMzM4Yi1jODAzNjkwMjNlMWNAZXJpY3Nzb24uY29tIj4NCjxwPkRl YXIgYWxsLDwvcD4NCjxwPlRoYW5rIHlvdSBmb3IgYSBwcm9kdWN0aXZlIG1lZXRpbmcgQCBJRVRG IDEwNS4gV2UgaGFkIGRpc2N1c3NlZCB0aGUgbmV3IGNoYXJ0ZXIgdGV4dCBkdXJpbmcgdGhlIHdv cmtpbmcgZ3JvdXAgc2Vzc2lvbiBpbiBNb250cmVhbC4gUGxlYXNlIGZpbmQgdGhlIHNhbWUgdGV4 dCBiZWxvdy4gVGhpcyB0ZXh0IGJ1aWxkcyB1cG9uIG91ciBjdXJyZW50IGNoYXJ0ZXIuIEZlZWwg ZnJlZSB0byBzdWdnZXN0IGNoYW5nZXMuIFJGQyAyNDE4IHNlY3Rpb24NCiAyLjIgPGEgbW96LWRv LW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjQx OCNzZWN0aW9uLTIuMiI+DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjQxOCNzZWN0 aW9uLTIuMjwvYT4gc2F5cyB0aGUgZm9sbG93aW5nIGFib3V0IGEgd29ya2luZyBncm91cCBjaGFy dGVyOjwvcD4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiPg0KPHByZSBjbGFzcz0ibmV3cGFnZSI+ ICAgMi4gU3BlY2lmaWVzIHRoZSBkaXJlY3Rpb24gb3Igb2JqZWN0aXZlcyBvZiB0aGUgd29ya2lu ZyBncm91cCBhbmQNCiAgICAgIGRlc2NyaWJlcyB0aGUgYXBwcm9hY2ggdGhhdCB3aWxsIGJlIHRh a2VuIHRvIGFjaGlldmUgdGhlIGdvYWxzOzwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPGJyPg0KUGxl YXNlIGtlZXAgdGhpcyBpbiBtaW5kIHdoZW4gc3VnZ2VzdGluZyBjaGFuZ2VzLiBPbmNlIHRoZSB0 ZXh0IGlzIHJlYWR5LCB3ZSB3aWxsIHNlbmQgaXQgdG8gdGhlIElFU0cgZm9yIHJldmlldy48YnI+ DQo8cD5Kb2UgYW5kIE1vaGl0PC9wPg0KPHA+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPg0K PGJyPg0KVGhlIEV4dGVuc2libGUgQXV0aGVudGljYXRpb24gUHJvdG9jb2wgKEVBUCkgW1JGQyAz NzQ4XSBpcyBhIG5ldHdvcmsgYWNjZXNzIGF1dGhlbnRpY2F0aW9uIGZyYW1ld29yayB1c2VkLCBm b3IgaW5zdGFuY2UsIGluIFZQTiBhbmQgbW9iaWxlIG5ldHdvcmtzLiBFQVAgaXRzZWxmIGlzIGEg c2ltcGxlIHByb3RvY29sIGFuZCBhY3R1YWwgYXV0aGVudGljYXRpb24gaGFwcGVucyBpbiBFQVAg bWV0aG9kcy4gU2V2ZXJhbCBFQVAgbWV0aG9kcyBoYXZlIGJlZW4NCiBkZXZlbG9wZWQgYXQgdGhl IElFVEYgYW5kIHN1cHBvcnQgZm9yIEVBUCBleGlzdHMgaW4gYSBicm9hZCBzZXQgb2YgZGV2aWNl cy4gUHJldmlvdXMgbGFyZ2VyIEVBUC1yZWxhdGVkIGVmZm9ydHMgYXQgdGhlIElFVEYgaW5jbHVk ZWQgcmV3cml0aW5nIHRoZSBiYXNlIEVBUCBwcm90b2NvbCBzcGVjaWZpY2F0aW9uIGFuZCB0aGUg ZGV2ZWxvcG1lbnQgb2Ygc2V2ZXJhbCBzdGFuZGFyZHMgdHJhY2sgRUFQIG1ldGhvZHMuPGJyPg0K PGJyPg0KRUFQIG1ldGhvZHMgYXJlIGdlbmVyYWxseSBiYXNlZCBvbiBleGlzdGluZyBzZWN1cml0 eSB0ZWNobm9sb2dpZXMgc3VjaCBhcyBUTFMgYW5kIFNJTSBjYXJkcy4gT3VyIHVuZGVyc3RhbmRp bmcgb2Ygc2VjdXJpdHkgdGhyZWF0cyBpcyBjb250aW51b3VzbHkgZXZvbHZpbmcuIFRoaXMgaGFz IGRyaXZlbiB0aGUgZXZvbHV0aW9uIG9mIHNldmVyYWwgb2YgdGhlc2UgdW5kZXJseWluZyB0ZWNo bm9sb2dpZXMuIEFzIGFuIGV4YW1wbGUsIElFVEYgaGFzIHN0YW5kYXJkaXplZA0KIGEgbmV3IGFu ZCBpbXByb3ZlZCB2ZXJzaW9uIG9mIFRMUyBpbiBSRkMgODQ0Ni4gVGhlIGdyb3VwIHdpbGwgdGhl cmVmb3JlIHByb3ZpZGUgZ3VpZGFuY2UgYW5kIHVwZGF0ZSBFQVAgbWV0aG9kIHNwZWNpZmljYXRp b25zIHdoZXJlIG5lY2Vzc2FyeSB0byBlbmFibGUgdGhlIHVzZSBvZiBuZXcgdmVyc2lvbnMgb2Yg dGhlc2UgdW5kZXJseWluZyB0ZWNobm9sb2dpZXMuDQo8YnI+DQo8YnI+DQpBdCB0aGUgc2FtZSB0 aW1lLCBzb21lIG5ldyB1c2UgY2FzZXMgZm9yIEVBUCBoYXZlIGJlZW4gaWRlbnRpZmllZC4gRUFQ IGlzIG5vdyBtb3JlIGJyb2FkbHkgaW4gbW9iaWxlIG5ldHdvcmsgYXV0aGVudGljYXRpb24uIFRo ZSBncm91cCB3aWxsIHVwZGF0ZSBleGlzdGluZyBFQVAgbWV0aG9kcyBzdWNoIGFzIEVBUC1BS0En IHRvIHN0YXkgaW4gc3luYyB3aXRoIHVwZGF0ZXMgdG8gdGhlIHJlZmVyZW5jZWQgM0dQUCBzcGVj aWZpY2F0aW9ucy4gUkZDDQogNzI1OCBub3RlcyB0aGF0IHBlcnZhc2l2ZSBtb25pdG9yaW5nIGlz IGFuIGF0dGFjay4gUGVyZmVjdCBGb3J3YXJkIFNlY3JlY3kgKFBGUykgaXMgYW4gaW1wb3J0YW50 IHNlY3VyaXR5IHByb3BlcnR5IGZvciBtb2Rlcm4gcHJvdG9jb2xzIHRvIHRod2FydCBwZXJ2YXNp dmUgbW9uaXRvcmluZy4gVGhlIGdyb3VwIHdpbGwgdGhlcmVmb3JlIHdvcmsgb24gYW4gZXh0ZW5z aW9uIHRvIEVBUC1BS0EnIGZvciBwcm92aWRpbmcgUGVyZmVjdCBGb3J3YXJkDQogU2VjcmVjeSAo UEZTKS48YnI+DQo8YnI+DQpPdXQtb2YtYmFuZCAoT09CKSByZWZlcnMgdG8gYSBzZXBhcmF0ZSBj b21tdW5pY2F0aW9uIGNoYW5uZWwgaW5kZXBlbmRlbnQgb2YgdGhlIHByaW1hcnkgaW4tYmFuZCBj aGFubmVsIG92ZXIgd2hpY2ggdGhlIGFjdHVhbCBuZXR3b3JrIGNvbW11bmljYXRpb24gdGFrZXMg cGxhY2UuIE9PQiBjaGFubmVscyBhcmUgbm93IHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIGluIGEg dmFyaWV0eSBvZiBwcm90b2NvbHMgYW5kIGRldmljZXMgKGRyYWZ0LWlldGYtb2F1dGgtZGV2aWNl LWZsb3ctMTMsDQogV2hhdHNBcHAgV2ViLCBldGMuKS4gTWFueSB1c2VycyBhcmUgYWNjdXN0b21l ZCB0byB0YXBwaW5nIE5GQyBvciBzY2FubmluZyBRUiBjb2Rlcy4gSG93ZXZlciwgRUFQIGN1cnJl bnRseSBkb2VzIG5vdCBoYXZlIGFueSBzdGFuZGFyZCBtZXRob2RzIHRoYXQgc3VwcG9ydCBhdXRo ZW50aWNhdGlvbiBiYXNlZCBvbiBPT0IgY2hhbm5lbHMuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9y ZSB3b3JrIG9uIGFuIEVBUCBtZXRob2Qgd2hlcmUgYXV0aGVudGljYXRpb24NCiBpcyBiYXNlZCBv biBhbiBvdXQtb2YtYmFuZCBjaGFubmVsIGJldHdlZW4gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIu PGJyPg0KPGJyPg0KRUFQIGF1dGhlbnRpY2F0aW9uIGlzIGJhc2VkIG9uIGNyZWRlbnRpYWxzIGF2 YWlsYWJsZSBvbiB0aGUgcGVlciBhbmQgdGhlIHNlcnZlci4gSG93ZXZlciwgc29tZSBFQVAgbWV0 aG9kcyB1c2UgY3JlZGVudGlhbHMgdGhhdCBhcmUgdGltZSBvciBkb21haW4gbGltaXRlZCAoc3Vj aCBhcyBFQVAtUE9UUCksIGFuZCB0aGVyZSBtYXkgYmUgYSBuZWVkIGZvciBjcmVhdGluZyBsb25n IHRlcm0gY3JlZGVudGlhbHMgZm9yIHJlLWF1dGhlbnRpY2F0aW5nIHRoZQ0KIHBlZXIgaW4gYSBt b3JlIGdlbmVyYWwgY29udGV4dC4gVGhlIGdyb3VwIHdpbGwgaW52ZXN0aWdhdGUgbWluaW1hbCBt ZWNoYW5pc21zIHdpdGggd2hpY2ggbGltaXRlZC11c2UgRUFQIGF1dGhlbnRpY2F0aW9uIGNyZWRl bnRpYWxzIGNhbiBiZSB1c2VkIGZvciBjcmVhdGluZyBnZW5lcmFsLXVzZSBsb25nLXRlcm0gY3Jl ZGVudGlhbHMuPGJyPg0KPGJyPg0KSW4gc3VtbWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwg cHJvZHVjZSB0aGUgZm9sbG93aW5nIGRvY3VtZW50czo8YnI+DQo8YnI+DQombmJzcDstIEFuIHVw ZGF0ZSB0byBlbmFibGUgdGhlIHVzZSBvZiBUTFMgMS4zIGluIHRoZSBjb250ZXh0IG9mIEVBUC1U TFMgKFJGQyA1MjE2KS4gVGhpcyBkb2N1bWVudCB3aWxsIHBkYXRlIHRoZSBzZWN1cml0eSBjb25z aWRlcmF0aW9ucyByZWxhdGluZyB0byBFQVAtVExTLCBkb2N1bWVudCB0aGUgaW1wbGljYXRpb25z IG9mIHVzaW5nIG5ldyB2cy4gb2xkIFRMUyB2ZXJzaW9ucywgYWRkIGFueSByZWNlbnRseSBnYWlu ZWQgbmV3IGtub3dsZWRnZSBvbiB2dWxuZXJhYmlsaXRpZXMsDQogYW5kIGRpc2N1c3MgdGhlIHBv c3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2YXNpdmUgc3VydmVpbGxhbmNlLjxicj4NCjxicj4N CiZuYnNwOy0gU2V2ZXJhbCBFQVAgbWV0aG9kcyBzdWNoIEVBUC1UVExTIGFuZCBFQVAtRkFTVCB1 c2UgYW4gb3V0ZXIgVExTIHR1bm5lbC4gUHJvdmlkZSBndWlkYW5jZSBvciB1cGRhdGUgdGhlIHJl bGV2YW50IHNwZWNpZmljYXRpb25zIGV4cGxhaW5pbmcgaG93IHRob3NlIEVBUCBtZXRob2RzIChQ RUFQL1RUTFMvVEVBUCkgd2lsbCB3b3JrIHdpdGggVExTIDEuMy4gVGhpcyB3aWxsIGFsc28gaW52 b2x2ZSBtYWludGVuYW5jZSB3b3JrIGJhc2VkIG9uIGVycmF0YXMNCiBmb3VuZCBpbiBwdWJsaXNo ZWQgc3BlY2lmaWNhdGlvbnMgKHN1Y2ggYXMgRUFQLVRFQVApLjxicj4NCjxicj4NCi0gRGVmaW5l IHNlc3Npb24gaWRlbnRpZmllcnMgZm9yIGZhc3QgcmUtYXV0aGVudGljYXRpb24gZm9yIEVBUC1T SU0sIEVBUC1BS0EsIGFuZCBFQVAtQUtB4oCZLiBUaGUgbGFjayBvZiB0aGlzIGRlZmluaXRpb24g aXMgYSByZWNlbnRseSBkaXNjb3ZlcmVkIGJ1ZyBpbiB0aGUgb3JpZ2luYWwgUkZDcy48L3A+DQo8 cD4tIFVwZGF0ZSB0aGUgRUFQLUFLQScgc3BlY2lmaWNhdGlvbiAoUkZDIDU0NDgpIHRvIGVuc3Vy ZSB0aGF0IGl0cyBjYXBhYmlsaXR5IHRvIHByb3ZpZGUgYSBjcnlwdG9ncmFwaGljIGJpbmRpbmcg dG8gbmV0d29yayBjb250ZXh0IHN0YXlzIGluIHN5bmMgd2l0aCB1cGRhdGVzIHRvIHRoZSByZWZl cmVuY2VkIDNHUFAgc3BlY2lmaWNhdGlvbnMuIFRoZSBkb2N1bWVudCB3aWxsIGFsc28gY29udGFp biBhbnkgcmVjZW50bHkgZ2FpbmVkIG5ldyBrbm93bGVkZ2UNCiBvbiB2dWxuZXJhYmlsaXRpZXMg b3IgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2YXNpdmUgc3VydmVpbGxhbmNlLjxi cj4NCjxicj4NCi0gRGV2ZWxvcCBhbiBleHRlbnNpb24gdG8gRUFQLUFLQScgc3VjaCB0aGF0IFBl cmZlY3QgRm9yd2FyZCBTZWNyZWN5IGNhbiBiZSBwcm92aWRlZC4gVGhlcmUgbWF5IGFsc28gYmUg cHJpdmFjeSBpbXByb3ZlbWVudHMgdGhhdCBoYXZlIGJlY29tZSBmZWFzaWJsZSB3aXRoIHRoZSZu YnNwOyBpbnRyb2R1Y3Rpb24gb2YgcmVjZW50IGlkZW50aXR5IHByaXZhY3kgaW1wcm92ZW1lbnRz IGluIDNHUFAgbmV0d29ya3MuPGJyPg0KPGJyPg0KLSBHYXRoZXIgZXhwZXJpZW5jZSByZWdhcmRp bmcgdGhlIHVzZSBvZiBsYXJnZSBjZXJ0aWZpY2F0ZXMgYW5kIGxvbmcgY2VydGlmaWNhdGUgY2hh aW5zIGluIHRoZSBjb250ZXh0IG9mIEVBUC1UTFMgKGFsbCB2ZXJzaW9ucyksIGFzIHNvbWUgaW1w bGVtZW50YXRpb25zIGFuZCBhY2Nlc3MgbmV0d29ya3MgbWF5IGxpbWl0IHRoZSBudW1iZXIgb2Yg RUFQIHBhY2tldCBleGNoYW5nZXMgdGhhdCBjYW4gYmUgaGFuZGxlZC4gRG9jdW1lbnQgb3BlcmF0 aW9uYWwNCiByZWNvbW1lbmRhdGlvbnMgb3Igb3RoZXIgbWl0aWdhdGlvbiBzdHJhdGVnaWVzIHRv IGF2b2lkIGlzc3Vlcy48YnI+DQo8YnI+DQotIERlZmluZSBhIHN0YW5kYXJkIEVBUCBtZXRob2Qg Zm9yIG11dHVhbCBhdXRoZW50aWNhdGlvbiBiZXR3ZWVuIGEgcGVlciBhbmQgYSBzZXJ2ZXIgdGhh dCBpcyBiYXNlZCBvbiBhbiBvdXQtb2YtYmFuZCBjaGFubmVsLiBUaGUgbWV0aG9kIGl0c2VsZiBz aGFsbCBiZSBpbmRlcGVuZGVudCBvZiB0aGUgdW5kZXJseWluZyBPT0IgY2hhbm5lbCBhbmQgc2hh bGwgc3VwcG9ydCBhIHZhcmlldHkgb2YgT09CIGNoYW5uZWxzIHN1Y2ggYXMgTkZDLCBkeW5hbWlj YWxseQ0KIGdlbmVyYXRlZCBRUiBjb2RlcywgYXVkaW8sIGFuZCB2aXNpYmxlIGxpZ2h0Ljxicj4N Cjxicj4NCi0gRGVmaW5lIG1lY2hhbmlzbXMgYnkgd2hpY2ggRUFQIG1ldGhvZHMgY2FuIHN1cHBv cnQgY3JlYXRpb24gb2YgbG9uZy10ZXJtIGNyZWRlbnRpYWxzIGZvciB0aGUgcGVlciBiYXNlZCBv biBpbml0aWFsIGxpbWl0ZWQtdXNlIGNyZWRlbnRpYWxzLjxicj4NCjxicj4NClRoZSB3b3JraW5n IGdyb3VwIGlzIGV4cGVjdGVkIHRvIHN0YXkgaW4gY2xvc2UgY29sbGFib3JhdGlvbiB3aXRoIHRo ZSBFQVAgZGVwbG95bWVudCBjb21tdW5pdHksIHRoZSBUTFMgd29ya2luZyBncm91cCAoZm9yIEVB UC1UTFMgd29yayksIGFuZCB0aGUgM0dQUCBzZWN1cml0eSBhcmNoaXRlY3R1cmUgZ3JvdXAgKGZv ciBFQVAtQUtBJyB3b3JrKTxicj4NCjxicj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxicj4N CjwvcD4NCjxicj4NCjxmaWVsZHNldCBjbGFzcz0ibWltZUF0dGFjaG1lbnRIZWFkZXIiPjwvZmll bGRzZXQ+DQo8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpFbXUgbWFpbGluZyBsaXN0DQo8YSBj bGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWlsdG86RW11QGlldGYub3Jn Ij5FbXVAaWV0Zi5vcmc8L2E+DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVm PSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2VtdSI+aHR0cHM6Ly93d3cu aWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXU8L2E+DQo8L3ByZT4NCjwvYmxvY2txdW90ZT4N CjwvYm9keT4NCjwvaHRtbD4NCg== --_000_94702096c85402fbce396f1c5dde80a6ericssoncom_-- From nobody Thu Sep 12 06:53:14 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75F012007C; Thu, 12 Sep 2019 06:53:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aalto.fi Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4pkmvj0bd4Q; Thu, 12 Sep 2019 06:53:08 -0700 (PDT) Received: from smtp-out-02.aalto.fi (smtp-out-02.aalto.fi [130.233.228.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE07A120071; Thu, 12 Sep 2019 06:53:08 -0700 (PDT) Received: from smtp-out-02.aalto.fi (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id D49212714FF_D7A4DBFB; Thu, 12 Sep 2019 13:53:03 +0000 (GMT) Received: from exng3.org.aalto.fi (exng3.org.aalto.fi [130.233.223.22]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "exng3.org.aalto.fi", Issuer "org.aalto.fi RootCA" (not verified)) by smtp-out-02.aalto.fi (Sophos Email Appliance) with ESMTPS id AA57B2714BC_D7A4DBFF; Thu, 12 Sep 2019 13:53:03 +0000 (GMT) Received: from exng8.org.aalto.fi (130.233.223.27) by exng3.org.aalto.fi (130.233.223.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 12 Sep 2019 16:53:03 +0300 Received: from exng8.org.aalto.fi (130.233.223.27) by exng8.org.aalto.fi (130.233.223.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 12 Sep 2019 16:53:03 +0300 Received: from exng8.org.aalto.fi ([fe80::edd7:7397:1f7f:cd7]) by exng8.org.aalto.fi ([fe80::edd7:7397:1f7f:cd7%17]) with mapi id 15.01.1713.007; Thu, 12 Sep 2019 16:53:03 +0300 From: Aura Tuomas To: 'EMU WG' CC: "draft-ietf-emu-eap-tls13@ietf.org" Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQ Date: Thu, 12 Sep 2019 13:53:02 +0000 Message-ID: <20b118932a4843b6b88e605799fafea8@aalto.fi> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> In-Reply-To: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> Accept-Language: fi-FI, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.233.0.5] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-SASI-RCODE: 200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aalto.fi; h=from:to:cc:subject:date:message-id:references:in-reply-to:content-type:content-transfer-encoding:mime-version; s=its18; bh=rl36smU3DYf2PNXvkQmpgASK4iL0+LAVBZ/mxSKTZPo=; b=Zdpgkesp9VXcBk+Ml+VzajQ3dqao2PkeZwfuWJRTO8WyzRaaVWTl7qAJsvAM6oIkPcMMJiPwl8ajHLyi4lv/G6DAtYU6XUSUV2rUJVdNmj5SP2qlLGrZzCbCrW8KdCj2jVqW04TOYznvBnEnGSV+6vFUKeNSirCkNkq6iDVgfKJSmzdIDwnJpnLbgkp2wVmOn4Ly9MQeOcqrrBlmRdhmd6ZkYd0g0tY+yz3c+SE5vHjL0OC/N9AFCz1pKI8H3zz6B+fK6iTI0PvZjfhUAPC/unNtw5cEHoD+E5CQD21LvHbd/NfUPKZdQc4WX+/tfFW821v9TFSDQen6qdhGZE6QkQ== Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 13:53:12 -0000 I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids= PSK authentication. Why is that? While there is the EAP-PSK method, I woul= d much rather use EAP-TLS with PSK because it provides identity protection = and perfect forward secrecy, unlike EAP-PSK.=20 In fact, I think EAP-TLS with PSK should become the standard authentication= method for networks that rely on shared secrets, e.g. WPA-Personal. Unifyi= ng the Wi-Fi authentication around EAP would greatly simplify the Wi-Fi pro= tocol stack. Not that I expect it to happen immediately, but we should not = close sensible paths forward. Tuomas From nobody Thu Sep 12 06:56:18 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 424521200EC; Thu, 12 Sep 2019 06:56:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZeicYRp48Q0p; Thu, 12 Sep 2019 06:56:14 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 034D8120041; Thu, 12 Sep 2019 06:56:14 -0700 (PDT) Received: from [192.168.20.47] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id 07AE9BB; Thu, 12 Sep 2019 13:56:11 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: <20b118932a4843b6b88e605799fafea8@aalto.fi> Date: Thu, 12 Sep 2019 09:56:10 -0400 Cc: EMU WG , "draft-ietf-emu-eap-tls13@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> To: Aura Tuomas X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 13:56:17 -0000 On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote: >=20 > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it = forbids PSK authentication. Why is that? See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we = *cannot* use PSK for authentication in EAP-TLS. > While there is the EAP-PSK method, I would much rather use EAP-TLS = with PSK because it provides identity protection and perfect forward = secrecy, unlike EAP-PSK.=20 Use EAP-PWD for that. > In fact, I think EAP-TLS with PSK should become the standard = authentication method for networks that rely on shared secrets, e.g. = WPA-Personal. Unifying the Wi-Fi authentication around EAP would greatly = simplify the Wi-Fi protocol stack. Not that I expect it to happen = immediately, but we should not close sensible paths forward. The time to fix that was before TLS 1.3 was standardized. Alan DeKok. From nobody Thu Sep 12 07:55:18 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BF68120041; Thu, 12 Sep 2019 07:55:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QKEeCXn0cD2x; Thu, 12 Sep 2019 07:55:14 -0700 (PDT) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60040.outbound.protection.outlook.com [40.107.6.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 941A212001E; Thu, 12 Sep 2019 07:55:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zy7p/ZkTEBNUqRJoekArGql1XKwULgwNtWtULp+haEr0Mugk1zdSQ+HKFBb2BYfWPc1I46j7hOMvI+UaRakW1SQcjg61igui7iHrh7vXHPgeCqbQNGtiGpPDzddB048+REM6FYcfinSrAvycFkpJOHG0Awp4a4d9UTGEYte8qKr8mBs0t8XbTfBtkmrIkQh/65c+sugFcOtI2NCOfZeyBPMFSuYOH+HmXmE+lBpJGFC/E3dq4cBWf00/3uytr2S4JJv8nDVpuOBD7zMdxe1IDu9YmYq3+M1fGQ9SiwWMXOPtEsuSKH6qfI2gDamZYX4GIPXceWhSQxz4CgpBo1EeoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CnAPpvlVHEXlDCV6GlQxPTxlPn+1YTrpbgBBrZXkPMU=; b=nGxPjL0cc5S6GG1sRY7/iKssZWcEfx+lFAZeaX8iAPcaSG4WmJSpLSCHwhuisUCtuJbWaI1ZqqGF6j1A15mU7i9MWoTNZHjOJH7a7lwFY0MPWlng8Z1eEVlr8cDuu5bp+aMdSV+Rdx4fsO/W5MNPggM8L7jEe2Zvk6+9rlBG/CzFH2nPp6IzHIsYmcnYDFc5IAJYScfGnxqadWoMd40j69cLg5X3MsW3DpPaXKCKU73fZWRMksluVUkGzjbkgZ40sn731gAvTiidzrUBbqtmZHs6hpGRAQqas85ggxBklN7Zv8BbPFwyFYx5in4SF4VXGABlmGjI1jtwC7oV0pJD3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CnAPpvlVHEXlDCV6GlQxPTxlPn+1YTrpbgBBrZXkPMU=; b=fzRmabGPfBPt+STYiIl1lZGoX6BslA4Ee20eRlHXSrENv3MRqn1QdiO1ebirgnEI06pnryoPrgec4ODxyCljlOO2maOdUQxuEy2Ao4DSIQmt7ukaG824LOzaKKulgqgVZyO6f1xSjZfJYlcwlU6nEXOUJ9eJPEkZIEqlP7MOvcA= Received: from DB6PR07MB4165.eurprd07.prod.outlook.com (10.168.23.22) by DB6PR07MB3240.eurprd07.prod.outlook.com (10.175.234.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.9; Thu, 12 Sep 2019 14:55:12 +0000 Received: from DB6PR07MB4165.eurprd07.prod.outlook.com ([fe80::b0f8:f704:829a:10ea]) by DB6PR07MB4165.eurprd07.prod.outlook.com ([fe80::b0f8:f704:829a:10ea%6]) with mapi id 15.20.2263.005; Thu, 12 Sep 2019 14:55:12 +0000 From: John Mattsson To: Alan DeKok , Aura Tuomas CC: EMU WG , "draft-ietf-emu-eap-tls13@ietf.org" Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgA== Date: Thu, 12 Sep 2019 14:55:12 +0000 Message-ID: <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> In-Reply-To: <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1c.0.190812 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 63a71e70-8cdb-4125-8d75-08d737913697 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DB6PR07MB3240; x-ms-traffictypediagnostic: DB6PR07MB3240: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01583E185C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(366004)(346002)(39860400002)(136003)(189003)(199004)(13464003)(229853002)(71190400001)(71200400001)(58126008)(33656002)(8936002)(76176011)(26005)(446003)(486006)(2616005)(102836004)(7736002)(44832011)(81166006)(81156014)(110136005)(11346002)(476003)(186003)(8676002)(76116006)(14454004)(66446008)(66476007)(478600001)(66556008)(54906003)(6506007)(6116002)(53546011)(86362001)(3846002)(66946007)(64756008)(305945005)(91956017)(6246003)(5660300002)(4326008)(66066001)(6436002)(53936002)(99286004)(25786009)(14444005)(256004)(36756003)(6512007)(316002)(6486002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR07MB3240; H:DB6PR07MB4165.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OGptQY9+w9yg0fQckq+ngSW+zft38cbGPmwichI2D8XAwRBuhHAGCsE0Tl7342MmXOYDsFuezOJbpZWLi1BYLW+ZXPxU4Ip32B5zl/h74Nc2/3ftCjtJhGFiqYSNqFr5Uom/Lt1xL4w8Scm4C1eEbrg7ekFT9SjZLued0afmAidEAPjc7Vq/SwkxGgBWtfqw8sWwWqojzPHgiekilibrcQHEDkXS2VLO+ts6icnXGP88gw9kFkDC3WtQZWu1n1NhosOPAfS5DybE0TO6Gl7UwAEzdO0tsqeIHZ500nbl6qEfig/cB2bvCtfQtXOuuwhGqg46fFTSo0axVgUqHQZozrSBzY8euApMYU9KO56i+Sh7R9KxmKYMWILefybNt1qewop1mlTU5Ygssh9LKQS1Zj67PKN83ZnFYQocrmIjtp0= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 63a71e70-8cdb-4125-8d75-08d737913697 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2019 14:55:12.0732 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zYjIjdjENGe58LDRk8epHxQh7ol8z8H4CZawwz9yC4oOSWfWrcGEICDaONSMVVxZp4w8sJABOzgxODosJRI7FETV9RWq9LZsGE7Haxuz4Hk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR07MB3240 Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 14:55:18 -0000 U2VlIGNvbW1lbnRzIGlubGluZQ0KDQrvu78tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv bTogQWxhbiBEZUtvayA8YWxhbmRAZGVwbG95aW5ncmFkaXVzLmNvbT4NCkRhdGU6IFRodXJzZGF5 LCAxMiBTZXB0ZW1iZXIgMjAxOSBhdCAxNTo1Ng0KVG86IEF1cmEgVHVvbWFzIDx0dW9tYXMuYXVy YUBhYWx0by5maT4NCkNjOiBFTVUgV0cgPGVtdUBpZXRmLm9yZz4sICJkcmFmdC1pZXRmLWVtdS1l YXAtdGxzMTNAaWV0Zi5vcmciIDxkcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTNAaWV0Zi5vcmc+DQpT dWJqZWN0OiBSZTogW0VtdV0gUE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVhcC10 bHMxMw0KUmVzZW50IGZyb206IDxhbGlhcy1ib3VuY2VzQGlldGYub3JnPg0KUmVzZW50IHRvOiBK b2huIE1hdHRzc29uIDxqb2huLm1hdHRzc29uQGVyaWNzc29uLmNvbT4sIDxtb2hpdEBwaXVoYS5u ZXQ+DQpSZXNlbnQgZGF0ZTogVGh1cnNkYXksIDEyIFNlcHRlbWJlciAyMDE5IGF0IDE1OjU2DQoN Cj4gICAgQWxhbiBEZUtvayB3cm90ZTogICAgDQo+ICAgIE9uIFNlcCAxMiwgMjAxOSwgYXQgOTo1 MyBBTSwgQXVyYSBUdW9tYXMgPHR1b21hcy5hdXJhQGFhbHRvLmZpPiB3cm90ZToNCj4gICA+IA0K PiAgICA+IEkgd2FzIGxvb2tpbmcgYXQgdGhlIEVBUC1UTFMgd2l0aCBUTFMgMS4zIGRyYWZ0IGFu ZCBub3RpY2VkIHRoYXQgaXQgZm9yYmlkcyBQU0sgPmF1dGhlbnRpY2F0aW9uLiBXaHkgaXMgdGhh dD8NCiAgICANClRoZXJlIHdhcyBkaXNjdXNzaW9uIHJlZ2FyZGluZyB0aGlzIG9uIHRoZSBsaXN0 IHNvbWUgeWVhcnMgYWdvLiBUaGUgY29uY2x1c2lvbiB3YXMgdG8gdXNlIHRoZSBFQVAtVExTIFR5 cGUtQ29kZSBzaG91bGQgYmUgZXhjbHVzaXZlbHkgZm9yIGNlcnRpZmljYXRlIGF1dGhlbnRpY2F0 aW9uLiBBdCB0aGF0IHBvaW50LCBub2JvZHkgZXhwcmVzc2VkIHdpc2ggdG8gdXNlIEVBUC1UTFMg d2l0aCBQU0sgYXV0aGVudGljYXRpb24uIElmIHNvbWVvbmUgd2FudHMgdG8gdXNlIEVBUC1UTFMg d2l0aCBzeW1tZXRyaWMga2V5cyB0aGF0IHNob3VsZCBwcm9iYWJseSBiZSBhICBuZXcgY29kZSBw b2ludC4NCg0KPiAgICAgIFNlZSBTZWN0aW9uIDIuMS4yLiAgVExTIDEuMyB1c2VzIFBTSyBmb3Ig cmVzdW1wdGlvbi4gIEFzIGEgcmVzdWx0LCB3ZSAqY2Fubm90KiB1c2UgUFNLIGZvciA+YXV0aGVu dGljYXRpb24gaW4gRUFQLVRMUy4NCg0KSSBkb24ndCB1bmRlcnN0YW5kIHdoeSB0aGlzIGNvdWxk IG5vdCBiZSBkb25lLiBNeSB2aWV3IGlzIHRoYXQgYWxsb3dpbmcgUFNLIGF1dGhlbnRpY2F0aW9u IHdvdWxkIGJlIHF1aXRlIGVhc3kuDQoNCj4gICAgPiBXaGlsZSB0aGVyZSBpcyB0aGUgRUFQLVBT SyBtZXRob2QsIEkgd291bGQgbXVjaCByYXRoZXIgdXNlIEVBUC1UTFMgd2l0aCBQU0sgYmVjYXVz ZSBpdCA+cHJvdmlkZXMgaWRlbnRpdHkgcHJvdGVjdGlvbiBhbmQgcGVyZmVjdCBmb3J3YXJkIHNl Y3JlY3ksIHVubGlrZSBFQVAtUFNLLiANCj4gICAgDQo+ICAgICAgVXNlIEVBUC1QV0QgZm9yIHRo YXQuDQoNClN0YW5kYXJkaXppbmcgRUFQLVRMUyBzaG91bGQgb25seSBiZSBkb25lIGlmIGl0IGhh cyBzb21lIHNpZ25pZmljYW50IGFkdmFudGFnZXMgb3ZlciBFQVAtUFdELCBhbmQgdGhlcmUgYXJl IHBlb3BsZSB3YW50aW5nIHRvIGltcGxlbWVudCBhbmQgdXNlIGl0LiAzR1BQIGlzIGUuZy4gYWRk aW5nICBpZGVudGl0eSBwcm90ZWN0aW9uIGFuZCBwZXJmZWN0IGZvcndhcmQgc2VjcmVjeSB0byBF QVAtQUtBIGluc3RlYWQuDQoNCj4gICAgDQo+ICAgID4gSW4gZmFjdCwgSSB0aGluayBFQVAtVExT IHdpdGggUFNLIHNob3VsZCBiZWNvbWUgdGhlIHN0YW5kYXJkIGF1dGhlbnRpY2F0aW9uIG1ldGhv ZCBmb3IgPm5ldHdvcmtzIHRoYXQgcmVseSBvbiBzaGFyZWQgc2VjcmV0cywgZS5nLiBXUEEtUGVy c29uYWwuIFVuaWZ5aW5nIHRoZSBXaS1GaSBhdXRoZW50aWNhdGlvbiA+YXJvdW5kIEVBUCB3b3Vs ZCBncmVhdGx5IHNpbXBsaWZ5IHRoZSBXaS1GaSBwcm90b2NvbCBzdGFjay4gTm90IHRoYXQgSSBl eHBlY3QgaXQgdG8gaGFwcGVuID5pbW1lZGlhdGVseSwgYnV0IHdlIHNob3VsZCBub3QgY2xvc2Ug c2Vuc2libGUgcGF0aHMgZm9yd2FyZC4NCj4gICAgDQo+ICAgICAgVGhlIHRpbWUgdG8gZml4IHRo YXQgd2FzIGJlZm9yZSBUTFMgMS4zIHdhcyBzdGFuZGFyZGl6ZWQuDQo+ICAgIA0KPiAgICAgIEFs YW4gRGVLb2suDQogICAgDQogICAgDQoNCg== From nobody Thu Sep 12 08:28:00 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994B4120041; Thu, 12 Sep 2019 08:27:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tn30MKICMSJO; Thu, 12 Sep 2019 08:27:56 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 490CD120876; Thu, 12 Sep 2019 08:27:56 -0700 (PDT) Received: from [192.168.20.47] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id 9864D619; Thu, 12 Sep 2019 15:27:53 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> Date: Thu, 12 Sep 2019 11:27:51 -0400 Cc: Aura Tuomas , EMU WG , "draft-ietf-emu-eap-tls13@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> To: John Mattsson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 15:27:59 -0000 On Sep 12, 2019, at 10:55 AM, John Mattsson = wrote: >=20 >> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a = result, we *cannot* use PSK for >authentication in EAP-TLS. >=20 > I don't understand why this could not be done. My view is that = allowing PSK authentication would be quite easy. How would systems tell the difference between "raw" PSK and = "resumption" PSK? When allowing resumption, the server has sent a PSK identity in a = NewSessionTicket message. The client caches this and re-uses this. But = the client signals that it is performing resumption via the act of using = PSK. There's nothing else. Which means that if PSK was allowed, the server can't look at the = packets to distinguish resumption from "raw" PSK. Instead, the server = has to look at it's resumption cache which may be in a DB. >>> While there is the EAP-PSK method, I would much rather use EAP-TLS = with PSK because it >provides identity protection and perfect forward = secrecy, unlike EAP-PSK.=20 >>=20 >> Use EAP-PWD for that. >=20 > Standardizing EAP-TLS should only be done if it has some significant = advantages over EAP-PWD, and there are people wanting to implement and = use it. 3GPP is e.g. adding identity protection and perfect forward = secrecy to EAP-AKA instead. I would prefer to forbid PSK in EAP-TLS.=20 Alan DeKok. From nobody Fri Sep 13 03:04:11 2019 Return-Path: X-Original-To: emu@ietf.org Delivered-To: emu@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D0212006A; Fri, 13 Sep 2019 03:04:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: rdd@cert.org, mohit.m.sethi@ericsson.com, emu-chairs@ietf.org, emu@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.101.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <156836904883.31880.7133883223419647841.idtracker@ietfa.amsl.com> Date: Fri, 13 Sep 2019 03:04:08 -0700 Archived-At: Subject: [Emu] emu - New Meeting Session Request for IETF 106 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 10:04:09 -0000 A new meeting session request has just been submitted by Mohit Sethi, a Chair of the emu working group. --------------------------------------------------------- Working Group Name: EAP Method Update Area Name: Security Area Session Requester: Mohit Sethi Number of Sessions: 1 Length of Session(s): 2 Hours Number of Attendees: 50 Conflicts to Avoid: Chair Conflict: saag tls cfrg lwig Technology Overlap: curdle uta secdispatch oauth mls t2trg pearg lake Key Participant Conflict: sacm quic kitten bier acme 6lo People who must be present: Jari Arkko Joseph A. Salowey Roman Danyliw Alan DeKok John Mattsson Mohit Sethi Resources Requested: Special Requests: If possible, please schedule early on during the IETF week. --------------------------------------------------------- From nobody Fri Sep 13 09:41:01 2019 Return-Path: X-Original-To: emu@ietf.org Delivered-To: emu@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 448521200D7 for ; Fri, 13 Sep 2019 09:40:59 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: X-Test-IDTracker: no X-IETF-IDTracker: 6.101.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <156839285927.32007.637117132284609193.idtracker@ietfa.amsl.com> Date: Fri, 13 Sep 2019 09:40:59 -0700 From: IETF Secretariat Archived-At: Subject: [Emu] Milestones changed for emu WG X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 16:40:59 -0000 Changed milestone "WG last call on EAP-AKA update, RFC5448-bis", resolved as "Done". Changed milestone "WG adopts initial draft on extension to EAP-AKA to support forward secrecy", resolved as "Done". Changed milestone "WG adopts initial draft on definition of session identifiers for fast re-authentication for EAP-SIM and EAP-AKA", resolved as "Done". Changed milestone "WG adopts initial draft on operational recommendations for large certificate and chain sizes", resolved as "Done". URL: https://datatracker.ietf.org/wg/emu/about/ From nobody Fri Sep 13 09:56:50 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30C671200D5 for ; Fri, 13 Sep 2019 09:56:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x0Et8ehmN5SM for ; Fri, 13 Sep 2019 09:56:44 -0700 (PDT) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB32112008F for ; Fri, 13 Sep 2019 09:56:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HraX/ULAQKz5fr7+c/oQ2ZOAPzv00eD7pMArzAsXsOHl0HbUoftl6+p/YJXxWqw0I3DQ85svlk0hAojFf/6Kat5XEdt/vLOo8ncgIezqT/QsrsvRpdYSsZZ0Rh27OzcXMq4kLZ3B0rqtLcj1G3AZB4VY+6w79H6ciU2xUG+5MvdHx4pBQ3P+IOpIi7FgKd/37zZlv7eCYtUFTBtsgZlTX0QWYfzUW0C6Wm8NQwegVTPYLl4L//p+QMO445GtFK3m98MSr8neGIZ+FyqcyDrr+7r6knYbOtm45+MUps3zLP6qjf6oZ0fnAC42r/ZcLk24uq51h0rWA8ihZwt9uu69Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nR14jlMKPWIhbz770X29OXQw/Cp4trrBtjODf9NRmdw=; b=DERNNYuNtLMl6cjY2QMShJZsj7J1olAF67WTdRVpViIJ/eb6KM5RsUau64zigqwRGVfXXf6zGahel8Toq64tWKPSpEhZ3a0roCS8Ef2QIUt2EehbAMIbzwd5Em2J70qWP75ymylgcS74p6+dlHuZIHuQkcEpzzept1uOOGXAPHA/6NzzEZ6dy6ecF/p+nAfFP5hUnpgn/6a3833Vh3GFtRY3neLxyW5WUdJ6i92Gz5nSfBR/8gmTCgUmPnZhdxi/zsupogCyn0O7S4G4SUbYTUyB64isCWEU5Z4nVP08D39ZNBotBkmmq+h3yZC/GMNob0oEDchA+pjm176dDbnbyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nR14jlMKPWIhbz770X29OXQw/Cp4trrBtjODf9NRmdw=; b=VAAQPr3k4OVb/ljhe9uCtmSry6nxPvg6fNhZMAcHkjb32nwiT8qQazcopF6xF8/IziuvBd2pqJ/FyebE3WokZ8Brc6yFaeRWTbl6Cx/xWeGjUuC2dxkcG/j1tIvz9Rr8BVX+V9Tyll4wEbgq3Y2CVOdP5N+NZVXJLB1AfxJhKTo= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2249.eurprd07.prod.outlook.com (10.168.31.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.10; Fri, 13 Sep 2019 16:56:41 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2263.021; Fri, 13 Sep 2019 16:56:41 +0000 From: Mohit Sethi M To: Mohit Sethi M , "emu@ietf.org" Thread-Topic: [Emu] Re-charter text Thread-Index: AQHVV/hd5AP1y7w6BUWxMRLUThUF06cm86GAgAME2wA= Date: Fri, 13 Sep 2019 16:56:41 +0000 Message-ID: <5ddca8df-4690-b91b-8043-d7eb43fe1f77@ericsson.com> References: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> In-Reply-To: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [87.93.24.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a2c2f79a-296f-42f1-bdfa-08d7386b59ac x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB2249; x-ms-traffictypediagnostic: HE1PR0701MB2249:|HE1PR0701MB2249: x-ms-exchange-purlcount: 3 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0159AC2B97 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(366004)(39860400002)(346002)(376002)(396003)(199004)(189003)(478600001)(64756008)(53546011)(66556008)(99286004)(6486002)(7736002)(25786009)(76116006)(102836004)(6506007)(76176011)(36756003)(26005)(3846002)(6116002)(256004)(14444005)(5660300002)(81156014)(8676002)(186003)(81166006)(6306002)(6512007)(110136005)(58126008)(66066001)(2501003)(316002)(65956001)(2906002)(6246003)(53936002)(54896002)(486006)(476003)(65806001)(86362001)(71200400001)(66446008)(6436002)(66476007)(66946007)(8936002)(31696002)(236005)(606006)(71190400001)(229853002)(14454004)(31686004)(966005)(446003)(11346002)(2616005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2249; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: WR+4lsXpvlwCcnRzMCnCoBc4PfaTwDwtdw9M9pSK+d/2JonrXRh5w6oQG6WJPlFJ4M+wsc6jQqpimk4KJQRe/41JJcoqYcqhZ4mdsVVK5afnxC2K8jJa8J41kPfMCPd8gwd7hL3EY3HMJyCKjlGs6m4bMWzsRLk/hwGP5TPsMm3YoL7LHJ6yR0JvVisDA0qyYHuPop8lNyTIR3BNFqVQu4GHAaHrdoB8Xj2hhE/8Nk+Ul2eWHYxI2ZSgnKphzSs024+5LKrhyqmIwkgsOwY2MqfL2zuAKfuX/6NmRqyVT3IY8AJfZbzoqv+Fst09y374KAx67h6P0PsG7GF9cGqRUp41YnV6o8xvHyIT+nOPYbhh8XJie5RSnGICXeK8elupa+PdF5tsAw84K/0TvEbft+vWNpV1j/+OjoiBdVg35zU= Content-Type: multipart/alternative; boundary="_000_5ddca8df4690b91b8043d7eb43fe1f77ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: a2c2f79a-296f-42f1-bdfa-08d7386b59ac X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2019 16:56:41.1724 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9LTALWaQVVxA3pUewlMUU0lhJxQzscREbunltmDYaMjz0itKq9JrqUpXPjjo3VadzBYzhTCHra1BZaXXNXLgZgOm2s46y0+wracUEJfGbbU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2249 Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 16:56:48 -0000 --_000_5ddca8df4690b91b8043d7eb43fe1f77ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIGN1cnJlbnQgcmUtY2hhcnRlciB0ZXh0IGlzIG5vdyBpbiBnaXRodWIgZm9yIGNvbnZlbmll bnQgaXNzdWUgYW5kIGNoYW5nZSB0cmFja2luZzoNCg0KV2UgaGF2ZSBpbmNvcnBvcmF0ZWQgdGhl IHN1Z2dlc3Rpb25zIGZyb20gSm9obiBhbmQgUmVuZSB0byB0aGUgY3VycmVudCB0ZXh0Og0KDQpo dHRwczovL2dpdGh1Yi5jb20vZW11LXdnL2NoYXJ0ZXIvYmxvYi9tYXN0ZXIvZW11LWNoYXJ0ZXIu bWQNCg0KSm9lIGFuZCBNb2hpdA0KDQpPbiA5LzExLzE5IDk6NTAgUE0sIE1vaGl0IFNldGhpIE0g d3JvdGU6DQoNCkRlYXIgYWxsLA0KDQpQbGVhc2Ugc2VuZCBpbiB5b3VyIGNvbW1lbnRzIG9uIHRo ZSBjaGFydGVyIHRleHQgYnkgV2VkbmVzZGF5LCBTZXB0ZW1iZXIgMTgsIDIwMTkuDQoNCkpvZSBh bmQgTW9oaXQNCg0KT24gOC8yMS8xOSAxMToxMyBBTSwgTW9oaXQgU2V0aGkgTSB3cm90ZToNCg0K RGVhciBhbGwsDQoNClRoYW5rIHlvdSBmb3IgYSBwcm9kdWN0aXZlIG1lZXRpbmcgQCBJRVRGIDEw NS4gV2UgaGFkIGRpc2N1c3NlZCB0aGUgbmV3IGNoYXJ0ZXIgdGV4dCBkdXJpbmcgdGhlIHdvcmtp bmcgZ3JvdXAgc2Vzc2lvbiBpbiBNb250cmVhbC4gUGxlYXNlIGZpbmQgdGhlIHNhbWUgdGV4dCBi ZWxvdy4gVGhpcyB0ZXh0IGJ1aWxkcyB1cG9uIG91ciBjdXJyZW50IGNoYXJ0ZXIuIEZlZWwgZnJl ZSB0byBzdWdnZXN0IGNoYW5nZXMuIFJGQyAyNDE4IHNlY3Rpb24gMi4yIGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9yZmMyNDE4I3NlY3Rpb24tMi4yIHNheXMgdGhlIGZvbGxvd2luZyBhYm91 dCBhIHdvcmtpbmcgZ3JvdXAgY2hhcnRlcjoNCg0KICAgMi4gU3BlY2lmaWVzIHRoZSBkaXJlY3Rp b24gb3Igb2JqZWN0aXZlcyBvZiB0aGUgd29ya2luZyBncm91cCBhbmQNCiAgICAgIGRlc2NyaWJl cyB0aGUgYXBwcm9hY2ggdGhhdCB3aWxsIGJlIHRha2VuIHRvIGFjaGlldmUgdGhlIGdvYWxzOw0K DQpQbGVhc2Uga2VlcCB0aGlzIGluIG1pbmQgd2hlbiBzdWdnZXN0aW5nIGNoYW5nZXMuIE9uY2Ug dGhlIHRleHQgaXMgcmVhZHksIHdlIHdpbGwgc2VuZCBpdCB0byB0aGUgSUVTRyBmb3IgcmV2aWV3 Lg0KDQpKb2UgYW5kIE1vaGl0DQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpUaGUgRXh0 ZW5zaWJsZSBBdXRoZW50aWNhdGlvbiBQcm90b2NvbCAoRUFQKSBbUkZDIDM3NDhdIGlzIGEgbmV0 d29yayBhY2Nlc3MgYXV0aGVudGljYXRpb24gZnJhbWV3b3JrIHVzZWQsIGZvciBpbnN0YW5jZSwg aW4gVlBOIGFuZCBtb2JpbGUgbmV0d29ya3MuIEVBUCBpdHNlbGYgaXMgYSBzaW1wbGUgcHJvdG9j b2wgYW5kIGFjdHVhbCBhdXRoZW50aWNhdGlvbiBoYXBwZW5zIGluIEVBUCBtZXRob2RzLiBTZXZl cmFsIEVBUCBtZXRob2RzIGhhdmUgYmVlbiBkZXZlbG9wZWQgYXQgdGhlIElFVEYgYW5kIHN1cHBv cnQgZm9yIEVBUCBleGlzdHMgaW4gYSBicm9hZCBzZXQgb2YgZGV2aWNlcy4gUHJldmlvdXMgbGFy Z2VyIEVBUC1yZWxhdGVkIGVmZm9ydHMgYXQgdGhlIElFVEYgaW5jbHVkZWQgcmV3cml0aW5nIHRo ZSBiYXNlIEVBUCBwcm90b2NvbCBzcGVjaWZpY2F0aW9uIGFuZCB0aGUgZGV2ZWxvcG1lbnQgb2Yg c2V2ZXJhbCBzdGFuZGFyZHMgdHJhY2sgRUFQIG1ldGhvZHMuDQoNCkVBUCBtZXRob2RzIGFyZSBn ZW5lcmFsbHkgYmFzZWQgb24gZXhpc3Rpbmcgc2VjdXJpdHkgdGVjaG5vbG9naWVzIHN1Y2ggYXMg VExTIGFuZCBTSU0gY2FyZHMuIE91ciB1bmRlcnN0YW5kaW5nIG9mIHNlY3VyaXR5IHRocmVhdHMg aXMgY29udGludW91c2x5IGV2b2x2aW5nLiBUaGlzIGhhcyBkcml2ZW4gdGhlIGV2b2x1dGlvbiBv ZiBzZXZlcmFsIG9mIHRoZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLiBBcyBhbiBleGFtcGxl LCBJRVRGIGhhcyBzdGFuZGFyZGl6ZWQgYSBuZXcgYW5kIGltcHJvdmVkIHZlcnNpb24gb2YgVExT IGluIFJGQyA4NDQ2LiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUgcHJvdmlkZSBndWlkYW5jZSBh bmQgdXBkYXRlIEVBUCBtZXRob2Qgc3BlY2lmaWNhdGlvbnMgd2hlcmUgbmVjZXNzYXJ5IHRvIGVu YWJsZSB0aGUgdXNlIG9mIG5ldyB2ZXJzaW9ucyBvZiB0aGVzZSB1bmRlcmx5aW5nIHRlY2hub2xv Z2llcy4NCg0KQXQgdGhlIHNhbWUgdGltZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAgaGF2 ZSBiZWVuIGlkZW50aWZpZWQuIEVBUCBpcyBub3cgbW9yZSBicm9hZGx5IGluIG1vYmlsZSBuZXR3 b3JrIGF1dGhlbnRpY2F0aW9uLiBUaGUgZ3JvdXAgd2lsbCB1cGRhdGUgZXhpc3RpbmcgRUFQIG1l dGhvZHMgc3VjaCBhcyBFQVAtQUtBJyB0byBzdGF5IGluIHN5bmMgd2l0aCB1cGRhdGVzIHRvIHRo ZSByZWZlcmVuY2VkIDNHUFAgc3BlY2lmaWNhdGlvbnMuIFJGQyA3MjU4IG5vdGVzIHRoYXQgcGVy dmFzaXZlIG1vbml0b3JpbmcgaXMgYW4gYXR0YWNrLiBQZXJmZWN0IEZvcndhcmQgU2VjcmVjeSAo UEZTKSBpcyBhbiBpbXBvcnRhbnQgc2VjdXJpdHkgcHJvcGVydHkgZm9yIG1vZGVybiBwcm90b2Nv bHMgdG8gdGh3YXJ0IHBlcnZhc2l2ZSBtb25pdG9yaW5nLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZv cmUgd29yayBvbiBhbiBleHRlbnNpb24gdG8gRUFQLUFLQScgZm9yIHByb3ZpZGluZyBQZXJmZWN0 IEZvcndhcmQgU2VjcmVjeSAoUEZTKS4NCg0KT3V0LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEg c2VwYXJhdGUgY29tbXVuaWNhdGlvbiBjaGFubmVsIGluZGVwZW5kZW50IG9mIHRoZSBwcmltYXJ5 IGluLWJhbmQgY2hhbm5lbCBvdmVyIHdoaWNoIHRoZSBhY3R1YWwgbmV0d29yayBjb21tdW5pY2F0 aW9uIHRha2VzIHBsYWNlLiBPT0IgY2hhbm5lbHMgYXJlIG5vdyB1c2VkIGZvciBhdXRoZW50aWNh dGlvbiBpbiBhIHZhcmlldHkgb2YgcHJvdG9jb2xzIGFuZCBkZXZpY2VzIChkcmFmdC1pZXRmLW9h dXRoLWRldmljZS1mbG93LTEzLCBXaGF0c0FwcCBXZWIsIGV0Yy4pLiBNYW55IHVzZXJzIGFyZSBh Y2N1c3RvbWVkIHRvIHRhcHBpbmcgTkZDIG9yIHNjYW5uaW5nIFFSIGNvZGVzLiBIb3dldmVyLCBF QVAgY3VycmVudGx5IGRvZXMgbm90IGhhdmUgYW55IHN0YW5kYXJkIG1ldGhvZHMgdGhhdCBzdXBw b3J0IGF1dGhlbnRpY2F0aW9uIGJhc2VkIG9uIE9PQiBjaGFubmVscy4gVGhlIGdyb3VwIHdpbGwg dGhlcmVmb3JlIHdvcmsgb24gYW4gRUFQIG1ldGhvZCB3aGVyZSBhdXRoZW50aWNhdGlvbiBpcyBi YXNlZCBvbiBhbiBvdXQtb2YtYmFuZCBjaGFubmVsIGJldHdlZW4gdGhlIHBlZXIgYW5kIHRoZSBz ZXJ2ZXIuDQoNCkVBUCBhdXRoZW50aWNhdGlvbiBpcyBiYXNlZCBvbiBjcmVkZW50aWFscyBhdmFp bGFibGUgb24gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIuIEhvd2V2ZXIsIHNvbWUgRUFQIG1ldGhv ZHMgdXNlIGNyZWRlbnRpYWxzIHRoYXQgYXJlIHRpbWUgb3IgZG9tYWluIGxpbWl0ZWQgKHN1Y2gg YXMgRUFQLVBPVFApLCBhbmQgdGhlcmUgbWF5IGJlIGEgbmVlZCBmb3IgY3JlYXRpbmcgbG9uZyB0 ZXJtIGNyZWRlbnRpYWxzIGZvciByZS1hdXRoZW50aWNhdGluZyB0aGUgcGVlciBpbiBhIG1vcmUg Z2VuZXJhbCBjb250ZXh0LiBUaGUgZ3JvdXAgd2lsbCBpbnZlc3RpZ2F0ZSBtaW5pbWFsIG1lY2hh bmlzbXMgd2l0aCB3aGljaCBsaW1pdGVkLXVzZSBFQVAgYXV0aGVudGljYXRpb24gY3JlZGVudGlh bHMgY2FuIGJlIHVzZWQgZm9yIGNyZWF0aW5nIGdlbmVyYWwtdXNlIGxvbmctdGVybSBjcmVkZW50 aWFscy4NCg0KSW4gc3VtbWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwgcHJvZHVjZSB0aGUg Zm9sbG93aW5nIGRvY3VtZW50czoNCg0KIC0gQW4gdXBkYXRlIHRvIGVuYWJsZSB0aGUgdXNlIG9m IFRMUyAxLjMgaW4gdGhlIGNvbnRleHQgb2YgRUFQLVRMUyAoUkZDIDUyMTYpLiBUaGlzIGRvY3Vt ZW50IHdpbGwgcGRhdGUgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHJlbGF0aW5nIHRvIEVB UC1UTFMsIGRvY3VtZW50IHRoZSBpbXBsaWNhdGlvbnMgb2YgdXNpbmcgbmV3IHZzLiBvbGQgVExT IHZlcnNpb25zLCBhZGQgYW55IHJlY2VudGx5IGdhaW5lZCBuZXcga25vd2xlZGdlIG9uIHZ1bG5l cmFiaWxpdGllcywgYW5kIGRpc2N1c3MgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2 YXNpdmUgc3VydmVpbGxhbmNlLg0KDQogLSBTZXZlcmFsIEVBUCBtZXRob2RzIHN1Y2ggRUFQLVRU TFMgYW5kIEVBUC1GQVNUIHVzZSBhbiBvdXRlciBUTFMgdHVubmVsLiBQcm92aWRlIGd1aWRhbmNl IG9yIHVwZGF0ZSB0aGUgcmVsZXZhbnQgc3BlY2lmaWNhdGlvbnMgZXhwbGFpbmluZyBob3cgdGhv c2UgRUFQIG1ldGhvZHMgKFBFQVAvVFRMUy9URUFQKSB3aWxsIHdvcmsgd2l0aCBUTFMgMS4zLiBU aGlzIHdpbGwgYWxzbyBpbnZvbHZlIG1haW50ZW5hbmNlIHdvcmsgYmFzZWQgb24gZXJyYXRhcyBm b3VuZCBpbiBwdWJsaXNoZWQgc3BlY2lmaWNhdGlvbnMgKHN1Y2ggYXMgRUFQLVRFQVApLg0KDQot IERlZmluZSBzZXNzaW9uIGlkZW50aWZpZXJzIGZvciBmYXN0IHJlLWF1dGhlbnRpY2F0aW9uIGZv ciBFQVAtU0lNLCBFQVAtQUtBLCBhbmQgRUFQLUFLQeKAmS4gVGhlIGxhY2sgb2YgdGhpcyBkZWZp bml0aW9uIGlzIGEgcmVjZW50bHkgZGlzY292ZXJlZCBidWcgaW4gdGhlIG9yaWdpbmFsIFJGQ3Mu DQoNCi0gVXBkYXRlIHRoZSBFQVAtQUtBJyBzcGVjaWZpY2F0aW9uIChSRkMgNTQ0OCkgdG8gZW5z dXJlIHRoYXQgaXRzIGNhcGFiaWxpdHkgdG8gcHJvdmlkZSBhIGNyeXB0b2dyYXBoaWMgYmluZGlu ZyB0byBuZXR3b3JrIGNvbnRleHQgc3RheXMgaW4gc3luYyB3aXRoIHVwZGF0ZXMgdG8gdGhlIHJl ZmVyZW5jZWQgM0dQUCBzcGVjaWZpY2F0aW9ucy4gVGhlIGRvY3VtZW50IHdpbGwgYWxzbyBjb250 YWluIGFueSByZWNlbnRseSBnYWluZWQgbmV3IGtub3dsZWRnZSBvbiB2dWxuZXJhYmlsaXRpZXMg b3IgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2YXNpdmUgc3VydmVpbGxhbmNlLg0K DQotIERldmVsb3AgYW4gZXh0ZW5zaW9uIHRvIEVBUC1BS0EnIHN1Y2ggdGhhdCBQZXJmZWN0IEZv cndhcmQgU2VjcmVjeSBjYW4gYmUgcHJvdmlkZWQuIFRoZXJlIG1heSBhbHNvIGJlIHByaXZhY3kg aW1wcm92ZW1lbnRzIHRoYXQgaGF2ZSBiZWNvbWUgZmVhc2libGUgd2l0aCB0aGUgIGludHJvZHVj dGlvbiBvZiByZWNlbnQgaWRlbnRpdHkgcHJpdmFjeSBpbXByb3ZlbWVudHMgaW4gM0dQUCBuZXR3 b3Jrcy4NCg0KLSBHYXRoZXIgZXhwZXJpZW5jZSByZWdhcmRpbmcgdGhlIHVzZSBvZiBsYXJnZSBj ZXJ0aWZpY2F0ZXMgYW5kIGxvbmcgY2VydGlmaWNhdGUgY2hhaW5zIGluIHRoZSBjb250ZXh0IG9m IEVBUC1UTFMgKGFsbCB2ZXJzaW9ucyksIGFzIHNvbWUgaW1wbGVtZW50YXRpb25zIGFuZCBhY2Nl c3MgbmV0d29ya3MgbWF5IGxpbWl0IHRoZSBudW1iZXIgb2YgRUFQIHBhY2tldCBleGNoYW5nZXMg dGhhdCBjYW4gYmUgaGFuZGxlZC4gRG9jdW1lbnQgb3BlcmF0aW9uYWwgcmVjb21tZW5kYXRpb25z IG9yIG90aGVyIG1pdGlnYXRpb24gc3RyYXRlZ2llcyB0byBhdm9pZCBpc3N1ZXMuDQoNCi0gRGVm aW5lIGEgc3RhbmRhcmQgRUFQIG1ldGhvZCBmb3IgbXV0dWFsIGF1dGhlbnRpY2F0aW9uIGJldHdl ZW4gYSBwZWVyIGFuZCBhIHNlcnZlciB0aGF0IGlzIGJhc2VkIG9uIGFuIG91dC1vZi1iYW5kIGNo YW5uZWwuIFRoZSBtZXRob2QgaXRzZWxmIHNoYWxsIGJlIGluZGVwZW5kZW50IG9mIHRoZSB1bmRl cmx5aW5nIE9PQiBjaGFubmVsIGFuZCBzaGFsbCBzdXBwb3J0IGEgdmFyaWV0eSBvZiBPT0IgY2hh bm5lbHMgc3VjaCBhcyBORkMsIGR5bmFtaWNhbGx5IGdlbmVyYXRlZCBRUiBjb2RlcywgYXVkaW8s IGFuZCB2aXNpYmxlIGxpZ2h0Lg0KDQotIERlZmluZSBtZWNoYW5pc21zIGJ5IHdoaWNoIEVBUCBt ZXRob2RzIGNhbiBzdXBwb3J0IGNyZWF0aW9uIG9mIGxvbmctdGVybSBjcmVkZW50aWFscyBmb3Ig dGhlIHBlZXIgYmFzZWQgb24gaW5pdGlhbCBsaW1pdGVkLXVzZSBjcmVkZW50aWFscy4NCg0KVGhl IHdvcmtpbmcgZ3JvdXAgaXMgZXhwZWN0ZWQgdG8gc3RheSBpbiBjbG9zZSBjb2xsYWJvcmF0aW9u IHdpdGggdGhlIEVBUCBkZXBsb3ltZW50IGNvbW11bml0eSwgdGhlIFRMUyB3b3JraW5nIGdyb3Vw IChmb3IgRUFQLVRMUyB3b3JrKSwgYW5kIHRoZSAzR1BQIHNlY3VyaXR5IGFyY2hpdGVjdHVyZSBn cm91cCAoZm9yIEVBUC1BS0EnIHdvcmspDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoN Cg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkVtdSBt YWlsaW5nIGxpc3QNCkVtdUBpZXRmLm9yZzxtYWlsdG86RW11QGlldGYub3JnPg0KaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUNCg0KDQoNCg0KX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCkVtdSBtYWlsaW5nIGxpc3QNCkVtdUBp ZXRmLm9yZzxtYWlsdG86RW11QGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9lbXUNCg0K --_000_5ddca8df4690b91b8043d7eb43fe1f77ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <4CF0D928277C2240BFBD93C1B8E7A3DD@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZG RkYiIHRleHQ9IiMwMDAwMDAiPg0KPHA+VGhlIGN1cnJlbnQgcmUtY2hhcnRlciB0ZXh0IGlzIG5v dyBpbiBnaXRodWIgZm9yIGNvbnZlbmllbnQgaXNzdWUgYW5kIGNoYW5nZSB0cmFja2luZzo8L3A+ DQo8cD5XZSBoYXZlIGluY29ycG9yYXRlZCB0aGUgc3VnZ2VzdGlvbnMgZnJvbSBKb2huIGFuZCBS ZW5lIHRvIHRoZSBjdXJyZW50IHRleHQ6IDxicj4NCjxicj4NCjxhIG1vei1kby1ub3Qtc2VuZD0i dHJ1ZSIgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2VtdS13Zy9jaGFydGVyL2Jsb2IvbWFzdGVy L2VtdS1jaGFydGVyLm1kIj5odHRwczovL2dpdGh1Yi5jb20vZW11LXdnL2NoYXJ0ZXIvYmxvYi9t YXN0ZXIvZW11LWNoYXJ0ZXIubWQ8L2E+PC9wPg0KPHA+Sm9lIGFuZCBNb2hpdDwvcD4NCjxkaXYg Y2xhc3M9Im1vei1jaXRlLXByZWZpeCI+T24gOS8xMS8xOSA5OjUwIFBNLCBNb2hpdCBTZXRoaSBN IHdyb3RlOjxicj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2l0ZT0ibWlkOjk0 NzAyMDk2LWM4NTQtMDJmYi1jZTM5LTZmMWM1ZGRlODBhNkBlcmljc3Nvbi5jb20iPg0KPHA+RGVh ciBhbGwsPC9wPg0KPHA+UGxlYXNlIHNlbmQgaW4geW91ciBjb21tZW50cyBvbiB0aGUgY2hhcnRl ciB0ZXh0IGJ5IFdlZG5lc2RheSwgU2VwdGVtYmVyIDE4LCAyMDE5Lg0KPGJyPg0KPC9wPg0KPHA+ Sm9lIGFuZCBNb2hpdDxicj4NCjwvcD4NCjxkaXYgY2xhc3M9Im1vei1jaXRlLXByZWZpeCI+T24g OC8yMS8xOSAxMToxMyBBTSwgTW9oaXQgU2V0aGkgTSB3cm90ZTo8YnI+DQo8L2Rpdj4NCjxibG9j a3F1b3RlIHR5cGU9ImNpdGUiIGNpdGU9Im1pZDphZTQ5MjcyNi02MjY4LTVlNzMtMzM4Yi1jODAz NjkwMjNlMWNAZXJpY3Nzb24uY29tIj4NCjxwPkRlYXIgYWxsLDwvcD4NCjxwPlRoYW5rIHlvdSBm b3IgYSBwcm9kdWN0aXZlIG1lZXRpbmcgQCBJRVRGIDEwNS4gV2UgaGFkIGRpc2N1c3NlZCB0aGUg bmV3IGNoYXJ0ZXIgdGV4dCBkdXJpbmcgdGhlIHdvcmtpbmcgZ3JvdXAgc2Vzc2lvbiBpbiBNb250 cmVhbC4gUGxlYXNlIGZpbmQgdGhlIHNhbWUgdGV4dCBiZWxvdy4gVGhpcyB0ZXh0IGJ1aWxkcyB1 cG9uIG91ciBjdXJyZW50IGNoYXJ0ZXIuIEZlZWwgZnJlZSB0byBzdWdnZXN0IGNoYW5nZXMuIFJG QyAyNDE4IHNlY3Rpb24NCiAyLjIgPGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRw czovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjMjQxOCNzZWN0aW9uLTIuMiI+DQpodHRwczovL3Rv b2xzLmlldGYub3JnL2h0bWwvcmZjMjQxOCNzZWN0aW9uLTIuMjwvYT4gc2F5cyB0aGUgZm9sbG93 aW5nIGFib3V0IGEgd29ya2luZyBncm91cCBjaGFydGVyOjwvcD4NCjxibG9ja3F1b3RlIHR5cGU9 ImNpdGUiPg0KPHByZSBjbGFzcz0ibmV3cGFnZSI+ICAgMi4gU3BlY2lmaWVzIHRoZSBkaXJlY3Rp b24gb3Igb2JqZWN0aXZlcyBvZiB0aGUgd29ya2luZyBncm91cCBhbmQNCiAgICAgIGRlc2NyaWJl cyB0aGUgYXBwcm9hY2ggdGhhdCB3aWxsIGJlIHRha2VuIHRvIGFjaGlldmUgdGhlIGdvYWxzOzwv cHJlPg0KPC9ibG9ja3F1b3RlPg0KPGJyPg0KUGxlYXNlIGtlZXAgdGhpcyBpbiBtaW5kIHdoZW4g c3VnZ2VzdGluZyBjaGFuZ2VzLiBPbmNlIHRoZSB0ZXh0IGlzIHJlYWR5LCB3ZSB3aWxsIHNlbmQg aXQgdG8gdGhlIElFU0cgZm9yIHJldmlldy48YnI+DQo8cD5Kb2UgYW5kIE1vaGl0PC9wPg0KPHA+ LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPg0KPGJyPg0KVGhlIEV4dGVuc2libGUgQXV0aGVu dGljYXRpb24gUHJvdG9jb2wgKEVBUCkgW1JGQyAzNzQ4XSBpcyBhIG5ldHdvcmsgYWNjZXNzIGF1 dGhlbnRpY2F0aW9uIGZyYW1ld29yayB1c2VkLCBmb3IgaW5zdGFuY2UsIGluIFZQTiBhbmQgbW9i aWxlIG5ldHdvcmtzLiBFQVAgaXRzZWxmIGlzIGEgc2ltcGxlIHByb3RvY29sIGFuZCBhY3R1YWwg YXV0aGVudGljYXRpb24gaGFwcGVucyBpbiBFQVAgbWV0aG9kcy4gU2V2ZXJhbCBFQVAgbWV0aG9k cyBoYXZlIGJlZW4NCiBkZXZlbG9wZWQgYXQgdGhlIElFVEYgYW5kIHN1cHBvcnQgZm9yIEVBUCBl eGlzdHMgaW4gYSBicm9hZCBzZXQgb2YgZGV2aWNlcy4gUHJldmlvdXMgbGFyZ2VyIEVBUC1yZWxh dGVkIGVmZm9ydHMgYXQgdGhlIElFVEYgaW5jbHVkZWQgcmV3cml0aW5nIHRoZSBiYXNlIEVBUCBw cm90b2NvbCBzcGVjaWZpY2F0aW9uIGFuZCB0aGUgZGV2ZWxvcG1lbnQgb2Ygc2V2ZXJhbCBzdGFu ZGFyZHMgdHJhY2sgRUFQIG1ldGhvZHMuPGJyPg0KPGJyPg0KRUFQIG1ldGhvZHMgYXJlIGdlbmVy YWxseSBiYXNlZCBvbiBleGlzdGluZyBzZWN1cml0eSB0ZWNobm9sb2dpZXMgc3VjaCBhcyBUTFMg YW5kIFNJTSBjYXJkcy4gT3VyIHVuZGVyc3RhbmRpbmcgb2Ygc2VjdXJpdHkgdGhyZWF0cyBpcyBj b250aW51b3VzbHkgZXZvbHZpbmcuIFRoaXMgaGFzIGRyaXZlbiB0aGUgZXZvbHV0aW9uIG9mIHNl dmVyYWwgb2YgdGhlc2UgdW5kZXJseWluZyB0ZWNobm9sb2dpZXMuIEFzIGFuIGV4YW1wbGUsIElF VEYgaGFzIHN0YW5kYXJkaXplZA0KIGEgbmV3IGFuZCBpbXByb3ZlZCB2ZXJzaW9uIG9mIFRMUyBp biBSRkMgODQ0Ni4gVGhlIGdyb3VwIHdpbGwgdGhlcmVmb3JlIHByb3ZpZGUgZ3VpZGFuY2UgYW5k IHVwZGF0ZSBFQVAgbWV0aG9kIHNwZWNpZmljYXRpb25zIHdoZXJlIG5lY2Vzc2FyeSB0byBlbmFi bGUgdGhlIHVzZSBvZiBuZXcgdmVyc2lvbnMgb2YgdGhlc2UgdW5kZXJseWluZyB0ZWNobm9sb2dp ZXMuDQo8YnI+DQo8YnI+DQpBdCB0aGUgc2FtZSB0aW1lLCBzb21lIG5ldyB1c2UgY2FzZXMgZm9y IEVBUCBoYXZlIGJlZW4gaWRlbnRpZmllZC4gRUFQIGlzIG5vdyBtb3JlIGJyb2FkbHkgaW4gbW9i aWxlIG5ldHdvcmsgYXV0aGVudGljYXRpb24uIFRoZSBncm91cCB3aWxsIHVwZGF0ZSBleGlzdGlu ZyBFQVAgbWV0aG9kcyBzdWNoIGFzIEVBUC1BS0EnIHRvIHN0YXkgaW4gc3luYyB3aXRoIHVwZGF0 ZXMgdG8gdGhlIHJlZmVyZW5jZWQgM0dQUCBzcGVjaWZpY2F0aW9ucy4gUkZDDQogNzI1OCBub3Rl cyB0aGF0IHBlcnZhc2l2ZSBtb25pdG9yaW5nIGlzIGFuIGF0dGFjay4gUGVyZmVjdCBGb3J3YXJk IFNlY3JlY3kgKFBGUykgaXMgYW4gaW1wb3J0YW50IHNlY3VyaXR5IHByb3BlcnR5IGZvciBtb2Rl cm4gcHJvdG9jb2xzIHRvIHRod2FydCBwZXJ2YXNpdmUgbW9uaXRvcmluZy4gVGhlIGdyb3VwIHdp bGwgdGhlcmVmb3JlIHdvcmsgb24gYW4gZXh0ZW5zaW9uIHRvIEVBUC1BS0EnIGZvciBwcm92aWRp bmcgUGVyZmVjdCBGb3J3YXJkDQogU2VjcmVjeSAoUEZTKS48YnI+DQo8YnI+DQpPdXQtb2YtYmFu ZCAoT09CKSByZWZlcnMgdG8gYSBzZXBhcmF0ZSBjb21tdW5pY2F0aW9uIGNoYW5uZWwgaW5kZXBl bmRlbnQgb2YgdGhlIHByaW1hcnkgaW4tYmFuZCBjaGFubmVsIG92ZXIgd2hpY2ggdGhlIGFjdHVh bCBuZXR3b3JrIGNvbW11bmljYXRpb24gdGFrZXMgcGxhY2UuIE9PQiBjaGFubmVscyBhcmUgbm93 IHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIGluIGEgdmFyaWV0eSBvZiBwcm90b2NvbHMgYW5kIGRl dmljZXMgKGRyYWZ0LWlldGYtb2F1dGgtZGV2aWNlLWZsb3ctMTMsDQogV2hhdHNBcHAgV2ViLCBl dGMuKS4gTWFueSB1c2VycyBhcmUgYWNjdXN0b21lZCB0byB0YXBwaW5nIE5GQyBvciBzY2Fubmlu ZyBRUiBjb2Rlcy4gSG93ZXZlciwgRUFQIGN1cnJlbnRseSBkb2VzIG5vdCBoYXZlIGFueSBzdGFu ZGFyZCBtZXRob2RzIHRoYXQgc3VwcG9ydCBhdXRoZW50aWNhdGlvbiBiYXNlZCBvbiBPT0IgY2hh bm5lbHMuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9yZSB3b3JrIG9uIGFuIEVBUCBtZXRob2Qgd2hl cmUgYXV0aGVudGljYXRpb24NCiBpcyBiYXNlZCBvbiBhbiBvdXQtb2YtYmFuZCBjaGFubmVsIGJl dHdlZW4gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIuPGJyPg0KPGJyPg0KRUFQIGF1dGhlbnRpY2F0 aW9uIGlzIGJhc2VkIG9uIGNyZWRlbnRpYWxzIGF2YWlsYWJsZSBvbiB0aGUgcGVlciBhbmQgdGhl IHNlcnZlci4gSG93ZXZlciwgc29tZSBFQVAgbWV0aG9kcyB1c2UgY3JlZGVudGlhbHMgdGhhdCBh cmUgdGltZSBvciBkb21haW4gbGltaXRlZCAoc3VjaCBhcyBFQVAtUE9UUCksIGFuZCB0aGVyZSBt YXkgYmUgYSBuZWVkIGZvciBjcmVhdGluZyBsb25nIHRlcm0gY3JlZGVudGlhbHMgZm9yIHJlLWF1 dGhlbnRpY2F0aW5nIHRoZQ0KIHBlZXIgaW4gYSBtb3JlIGdlbmVyYWwgY29udGV4dC4gVGhlIGdy b3VwIHdpbGwgaW52ZXN0aWdhdGUgbWluaW1hbCBtZWNoYW5pc21zIHdpdGggd2hpY2ggbGltaXRl ZC11c2UgRUFQIGF1dGhlbnRpY2F0aW9uIGNyZWRlbnRpYWxzIGNhbiBiZSB1c2VkIGZvciBjcmVh dGluZyBnZW5lcmFsLXVzZSBsb25nLXRlcm0gY3JlZGVudGlhbHMuPGJyPg0KPGJyPg0KSW4gc3Vt bWFyeSwgdGhlIHdvcmtpbmcgZ3JvdXAgc2hhbGwgcHJvZHVjZSB0aGUgZm9sbG93aW5nIGRvY3Vt ZW50czo8YnI+DQo8YnI+DQombmJzcDstIEFuIHVwZGF0ZSB0byBlbmFibGUgdGhlIHVzZSBvZiBU TFMgMS4zIGluIHRoZSBjb250ZXh0IG9mIEVBUC1UTFMgKFJGQyA1MjE2KS4gVGhpcyBkb2N1bWVu dCB3aWxsIHBkYXRlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyByZWxhdGluZyB0byBFQVAt VExTLCBkb2N1bWVudCB0aGUgaW1wbGljYXRpb25zIG9mIHVzaW5nIG5ldyB2cy4gb2xkIFRMUyB2 ZXJzaW9ucywgYWRkIGFueSByZWNlbnRseSBnYWluZWQgbmV3IGtub3dsZWRnZSBvbiB2dWxuZXJh YmlsaXRpZXMsDQogYW5kIGRpc2N1c3MgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9ucyBvZiBwZXJ2 YXNpdmUgc3VydmVpbGxhbmNlLjxicj4NCjxicj4NCiZuYnNwOy0gU2V2ZXJhbCBFQVAgbWV0aG9k cyBzdWNoIEVBUC1UVExTIGFuZCBFQVAtRkFTVCB1c2UgYW4gb3V0ZXIgVExTIHR1bm5lbC4gUHJv dmlkZSBndWlkYW5jZSBvciB1cGRhdGUgdGhlIHJlbGV2YW50IHNwZWNpZmljYXRpb25zIGV4cGxh aW5pbmcgaG93IHRob3NlIEVBUCBtZXRob2RzIChQRUFQL1RUTFMvVEVBUCkgd2lsbCB3b3JrIHdp dGggVExTIDEuMy4gVGhpcyB3aWxsIGFsc28gaW52b2x2ZSBtYWludGVuYW5jZSB3b3JrIGJhc2Vk IG9uIGVycmF0YXMNCiBmb3VuZCBpbiBwdWJsaXNoZWQgc3BlY2lmaWNhdGlvbnMgKHN1Y2ggYXMg RUFQLVRFQVApLjxicj4NCjxicj4NCi0gRGVmaW5lIHNlc3Npb24gaWRlbnRpZmllcnMgZm9yIGZh c3QgcmUtYXV0aGVudGljYXRpb24gZm9yIEVBUC1TSU0sIEVBUC1BS0EsIGFuZCBFQVAtQUtB4oCZ LiBUaGUgbGFjayBvZiB0aGlzIGRlZmluaXRpb24gaXMgYSByZWNlbnRseSBkaXNjb3ZlcmVkIGJ1 ZyBpbiB0aGUgb3JpZ2luYWwgUkZDcy48L3A+DQo8cD4tIFVwZGF0ZSB0aGUgRUFQLUFLQScgc3Bl Y2lmaWNhdGlvbiAoUkZDIDU0NDgpIHRvIGVuc3VyZSB0aGF0IGl0cyBjYXBhYmlsaXR5IHRvIHBy b3ZpZGUgYSBjcnlwdG9ncmFwaGljIGJpbmRpbmcgdG8gbmV0d29yayBjb250ZXh0IHN0YXlzIGlu IHN5bmMgd2l0aCB1cGRhdGVzIHRvIHRoZSByZWZlcmVuY2VkIDNHUFAgc3BlY2lmaWNhdGlvbnMu IFRoZSBkb2N1bWVudCB3aWxsIGFsc28gY29udGFpbiBhbnkgcmVjZW50bHkgZ2FpbmVkIG5ldyBr bm93bGVkZ2UNCiBvbiB2dWxuZXJhYmlsaXRpZXMgb3IgdGhlIHBvc3NpYmxlIGltcGxpY2F0aW9u cyBvZiBwZXJ2YXNpdmUgc3VydmVpbGxhbmNlLjxicj4NCjxicj4NCi0gRGV2ZWxvcCBhbiBleHRl bnNpb24gdG8gRUFQLUFLQScgc3VjaCB0aGF0IFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IGNhbiBi ZSBwcm92aWRlZC4gVGhlcmUgbWF5IGFsc28gYmUgcHJpdmFjeSBpbXByb3ZlbWVudHMgdGhhdCBo YXZlIGJlY29tZSBmZWFzaWJsZSB3aXRoIHRoZSZuYnNwOyBpbnRyb2R1Y3Rpb24gb2YgcmVjZW50 IGlkZW50aXR5IHByaXZhY3kgaW1wcm92ZW1lbnRzIGluIDNHUFAgbmV0d29ya3MuPGJyPg0KPGJy Pg0KLSBHYXRoZXIgZXhwZXJpZW5jZSByZWdhcmRpbmcgdGhlIHVzZSBvZiBsYXJnZSBjZXJ0aWZp Y2F0ZXMgYW5kIGxvbmcgY2VydGlmaWNhdGUgY2hhaW5zIGluIHRoZSBjb250ZXh0IG9mIEVBUC1U TFMgKGFsbCB2ZXJzaW9ucyksIGFzIHNvbWUgaW1wbGVtZW50YXRpb25zIGFuZCBhY2Nlc3MgbmV0 d29ya3MgbWF5IGxpbWl0IHRoZSBudW1iZXIgb2YgRUFQIHBhY2tldCBleGNoYW5nZXMgdGhhdCBj YW4gYmUgaGFuZGxlZC4gRG9jdW1lbnQgb3BlcmF0aW9uYWwNCiByZWNvbW1lbmRhdGlvbnMgb3Ig b3RoZXIgbWl0aWdhdGlvbiBzdHJhdGVnaWVzIHRvIGF2b2lkIGlzc3Vlcy48YnI+DQo8YnI+DQot IERlZmluZSBhIHN0YW5kYXJkIEVBUCBtZXRob2QgZm9yIG11dHVhbCBhdXRoZW50aWNhdGlvbiBi ZXR3ZWVuIGEgcGVlciBhbmQgYSBzZXJ2ZXIgdGhhdCBpcyBiYXNlZCBvbiBhbiBvdXQtb2YtYmFu ZCBjaGFubmVsLiBUaGUgbWV0aG9kIGl0c2VsZiBzaGFsbCBiZSBpbmRlcGVuZGVudCBvZiB0aGUg dW5kZXJseWluZyBPT0IgY2hhbm5lbCBhbmQgc2hhbGwgc3VwcG9ydCBhIHZhcmlldHkgb2YgT09C IGNoYW5uZWxzIHN1Y2ggYXMgTkZDLCBkeW5hbWljYWxseQ0KIGdlbmVyYXRlZCBRUiBjb2Rlcywg YXVkaW8sIGFuZCB2aXNpYmxlIGxpZ2h0Ljxicj4NCjxicj4NCi0gRGVmaW5lIG1lY2hhbmlzbXMg Ynkgd2hpY2ggRUFQIG1ldGhvZHMgY2FuIHN1cHBvcnQgY3JlYXRpb24gb2YgbG9uZy10ZXJtIGNy ZWRlbnRpYWxzIGZvciB0aGUgcGVlciBiYXNlZCBvbiBpbml0aWFsIGxpbWl0ZWQtdXNlIGNyZWRl bnRpYWxzLjxicj4NCjxicj4NClRoZSB3b3JraW5nIGdyb3VwIGlzIGV4cGVjdGVkIHRvIHN0YXkg aW4gY2xvc2UgY29sbGFib3JhdGlvbiB3aXRoIHRoZSBFQVAgZGVwbG95bWVudCBjb21tdW5pdHks IHRoZSBUTFMgd29ya2luZyBncm91cCAoZm9yIEVBUC1UTFMgd29yayksIGFuZCB0aGUgM0dQUCBz ZWN1cml0eSBhcmNoaXRlY3R1cmUgZ3JvdXAgKGZvciBFQVAtQUtBJyB3b3JrKTxicj4NCjxicj4N Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxicj4NCjwvcD4NCjxicj4NCjxmaWVsZHNldCBjbGFz cz0ibWltZUF0dGFjaG1lbnRIZWFkZXIiPjwvZmllbGRzZXQ+DQo8cHJlIGNsYXNzPSJtb3otcXVv dGUtcHJlIiB3cmFwPSIiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fDQpFbXUgbWFpbGluZyBsaXN0DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlh dGVkIiBocmVmPSJtYWlsdG86RW11QGlldGYub3JnIiBtb3otZG8tbm90LXNlbmQ9InRydWUiPkVt dUBpZXRmLm9yZzwvYT4NCjxhIGNsYXNzPSJtb3otdHh0LWxpbmstZnJlZXRleHQiIGhyZWY9Imh0 dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11IiBtb3otZG8tbm90LXNlbmQ9 InRydWUiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11PC9hPg0KPC9w cmU+DQo8L2Jsb2NrcXVvdGU+DQo8YnI+DQo8ZmllbGRzZXQgY2xhc3M9Im1pbWVBdHRhY2htZW50 SGVhZGVyIj48L2ZpZWxkc2V0Pg0KPHByZSBjbGFzcz0ibW96LXF1b3RlLXByZSIgd3JhcD0iIj5f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KRW11IG1haWxp bmcgbGlzdA0KPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRv OkVtdUBpZXRmLm9yZyI+RW11QGlldGYub3JnPC9hPg0KPGEgY2xhc3M9Im1vei10eHQtbGluay1m cmVldGV4dCIgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUi Pmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11PC9hPg0KPC9wcmU+DQo8 L2Jsb2NrcXVvdGU+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_5ddca8df4690b91b8043d7eb43fe1f77ericssoncom_-- From nobody Wed Sep 18 01:38:11 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 811FB12094F for ; Wed, 18 Sep 2019 01:38:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=imt-atlantique.fr Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76O-5cK8yGtZ for ; Wed, 18 Sep 2019 01:38:05 -0700 (PDT) Received: from zproxy130.enst.fr (zproxy130.enst.fr [137.194.2.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED23812001A for ; Wed, 18 Sep 2019 01:38:04 -0700 (PDT) Received: from localhost (localhost [IPv6:::1]) by zproxy130.enst.fr (Postfix) with ESMTP id 131A4120DE6; Wed, 18 Sep 2019 10:38:03 +0200 (CEST) Received: from zproxy130.enst.fr ([IPv6:::1]) by localhost (zproxy130.enst.fr [IPv6:::1]) (amavisd-new, port 10032) with ESMTP id vOe--ndqLy8E; Wed, 18 Sep 2019 10:37:59 +0200 (CEST) Received: from localhost (localhost [IPv6:::1]) by zproxy130.enst.fr (Postfix) with ESMTP id 9D88A120C9C; Wed, 18 Sep 2019 10:37:59 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 zproxy130.enst.fr 9D88A120C9C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=imt-atlantique.fr; s=50EA75E8-DE22-11E6-A6DE-0662BA474D24; t=1568795879; bh=xvPI0JBxqHl/2LJkZdbHOp02T/HoFj0rWM7e82+4C5s=; h=Mime-Version:From:Date:Message-Id:To; b=EcutBi9bph2RlIJvXoJmBJwJcDWwL7Mq7H+EmwshTQuFr+rC0aABeNBcmno9kMegJ XWbr7TnApgRYchVJrZmDWUEZheigAkveKpOUguQgQjJPwnmkjt7IVL6tIGRlWiwEQ9 +wLrCObLIwD5CTUVA3Em0zhX4IsQoogZfjTA3Pi0= X-Virus-Scanned: amavisd-new at zproxy130.enst.fr Received: from zproxy130.enst.fr ([IPv6:::1]) by localhost (zproxy130.enst.fr [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id C5f1lT4FBZqA; Wed, 18 Sep 2019 10:37:58 +0200 (CEST) Received: from [IPv6:2001:660:7301:3728:a4ed:3ce5:f3d8:7840] (unknown [IPv6:2001:660:7301:3728:a4ed:3ce5:f3d8:7840]) by zproxy130.enst.fr (Postfix) with ESMTPSA id A3D9F1206EA; Wed, 18 Sep 2019 10:37:58 +0200 (CEST) Content-Type: multipart/alternative; boundary="Apple-Mail=_7B3606BB-3906-4425-818C-684312057B9D" Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: "Georgios Z. Papadopoulos" In-Reply-To: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> Date: Wed, 18 Sep 2019 10:37:57 +0200 Cc: "emu@ietf.org" Message-Id: <04956223-5FCF-4432-B1FF-D2B1D57D92CF@imt-atlantique.fr> References: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> To: Mohit Sethi M X-Mailer: Apple Mail (2.3124) Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 08:38:10 -0000 --Apple-Mail=_7B3606BB-3906-4425-818C-684312057B9D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Dear Joe, Mohit and all, In overall I find the text well written, while the objectives well = defined. Below I have very few comments : * TLS is not defined.=20 * Perfect Forward Secrecy (PFS) is defined twice. * - An update to enable the use of TLS 1.3 in the context of EAP-TLS = (RFC 5216). This document will pdate the security considerations = relating to EAP-TLS, document the implications of using new vs. old TLS = versions, add any recently gained new knowledge on vulnerabilities, and = discuss the possible implications of pervasive surveillance. This last point, maybe could be divided in several sentences, since I = find it too long and, thus, hard to follow. Many thanks for your efforts. Best regards, Georgios > On Sep 11, 2019, at 20:50, Mohit Sethi M = wrote: >=20 > Dear all, >=20 > Please send in your comments on the charter text by Wednesday, = September 18, 2019.=20 > Joe and Mohit > On 8/21/19 11:13 AM, Mohit Sethi M wrote: >> Dear all, >>=20 >> Thank you for a productive meeting @ IETF 105. We had discussed the = new charter text during the working group session in Montreal. Please = find the same text below. This text builds upon our current charter. = Feel free to suggest changes. RFC 2418 section 2.2 = https://tools.ietf.org/html/rfc2418#section-2.2 = says the following = about a working group charter: >>=20 >>> 2. Specifies the direction or objectives of the working group and >>> describes the approach that will be taken to achieve the = goals; >>=20 >> Please keep this in mind when suggesting changes. Once the text is = ready, we will send it to the IESG for review. >> Joe and Mohit >>=20 >> ------------------------ >>=20 >> The Extensible Authentication Protocol (EAP) [RFC 3748] is a network = access authentication framework used, for instance, in VPN and mobile = networks. EAP itself is a simple protocol and actual authentication = happens in EAP methods. Several EAP methods have been developed at the = IETF and support for EAP exists in a broad set of devices. Previous = larger EAP-related efforts at the IETF included rewriting the base EAP = protocol specification and the development of several standards track = EAP methods. >>=20 >> EAP methods are generally based on existing security technologies = such as TLS and SIM cards. Our understanding of security threats is = continuously evolving. This has driven the evolution of several of these = underlying technologies. As an example, IETF has standardized a new and = improved version of TLS in RFC 8446. The group will therefore provide = guidance and update EAP method specifications where necessary to enable = the use of new versions of these underlying technologies.=20 >>=20 >> At the same time, some new use cases for EAP have been identified. = EAP is now more broadly in mobile network authentication. The group will = update existing EAP methods such as EAP-AKA' to stay in sync with = updates to the referenced 3GPP specifications. RFC 7258 notes that = pervasive monitoring is an attack. Perfect Forward Secrecy (PFS) is an = important security property for modern protocols to thwart pervasive = monitoring. The group will therefore work on an extension to EAP-AKA' = for providing Perfect Forward Secrecy (PFS). >>=20 >> Out-of-band (OOB) refers to a separate communication channel = independent of the primary in-band channel over which the actual network = communication takes place. OOB channels are now used for authentication = in a variety of protocols and devices (draft-ietf-oauth-device-flow-13, = WhatsApp Web, etc.). Many users are accustomed to tapping NFC or = scanning QR codes. However, EAP currently does not have any standard = methods that support authentication based on OOB channels. The group = will therefore work on an EAP method where authentication is based on an = out-of-band channel between the peer and the server. >>=20 >> EAP authentication is based on credentials available on the peer and = the server. However, some EAP methods use credentials that are time or = domain limited (such as EAP-POTP), and there may be a need for creating = long term credentials for re-authenticating the peer in a more general = context. The group will investigate minimal mechanisms with which = limited-use EAP authentication credentials can be used for creating = general-use long-term credentials. >>=20 >> In summary, the working group shall produce the following documents: >>=20 >> - An update to enable the use of TLS 1.3 in the context of EAP-TLS = (RFC 5216). This document will pdate the security considerations = relating to EAP-TLS, document the implications of using new vs. old TLS = versions, add any recently gained new knowledge on vulnerabilities, and = discuss the possible implications of pervasive surveillance. >>=20 >> - Several EAP methods such EAP-TTLS and EAP-FAST use an outer TLS = tunnel. Provide guidance or update the relevant specifications = explaining how those EAP methods (PEAP/TTLS/TEAP) will work with TLS = 1.3. This will also involve maintenance work based on erratas found in = published specifications (such as EAP-TEAP). >>=20 >> - Define session identifiers for fast re-authentication for EAP-SIM, = EAP-AKA, and EAP-AKA=E2=80=99. The lack of this definition is a recently = discovered bug in the original RFCs. >>=20 >> - Update the EAP-AKA' specification (RFC 5448) to ensure that its = capability to provide a cryptographic binding to network context stays = in sync with updates to the referenced 3GPP specifications. The document = will also contain any recently gained new knowledge on vulnerabilities = or the possible implications of pervasive surveillance. >>=20 >> - Develop an extension to EAP-AKA' such that Perfect Forward Secrecy = can be provided. There may also be privacy improvements that have become = feasible with the introduction of recent identity privacy improvements = in 3GPP networks. >>=20 >> - Gather experience regarding the use of large certificates and long = certificate chains in the context of EAP-TLS (all versions), as some = implementations and access networks may limit the number of EAP packet = exchanges that can be handled. Document operational recommendations or = other mitigation strategies to avoid issues. >>=20 >> - Define a standard EAP method for mutual authentication between a = peer and a server that is based on an out-of-band channel. The method = itself shall be independent of the underlying OOB channel and shall = support a variety of OOB channels such as NFC, dynamically generated QR = codes, audio, and visible light. >>=20 >> - Define mechanisms by which EAP methods can support creation of = long-term credentials for the peer based on initial limited-use = credentials. >>=20 >> The working group is expected to stay in close collaboration with the = EAP deployment community, the TLS working group (for EAP-TLS work), and = the 3GPP security architecture group (for EAP-AKA' work) >>=20 >> ------------------------ >>=20 >>=20 >> _______________________________________________ >> Emu mailing list >> Emu@ietf.org >> https://www.ietf.org/mailman/listinfo/emu = > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu --Apple-Mail=_7B3606BB-3906-4425-818C-684312057B9D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Dear Joe, Mohit and all,

In overall I find the text well = written, while the objectives well defined.
Below I have very few comments :

* TLS is not defined. 
* Perfect Forward Secrecy (PFS) is defined = twice.
* - An update to enable the use of TLS = 1.3 in the context of EAP-TLS (RFC 5216). This document will pdate the security considerations relating = to EAP-TLS, document the implications of using new vs. old TLS versions, = add any recently gained new knowledge on vulnerabilities, and discuss = the possible implications of pervasive surveillance.

This last point, maybe = could be divided in several sentences, since I find it too long and, = thus, hard to follow.

Many thanks for your efforts.

Best regards,
Georgios


On Sep 11, 2019, at 20:50, Mohit Sethi M <mohit.m.sethi@ericsson.com> wrote:

Dear = all,

Please send in your comments on the charter text = by Wednesday, September 18, 2019.

Joe and Mohit

On 8/21/19 11:13 AM, Mohit Sethi M = wrote:

Dear all,

Thank you for a = productive meeting @ IETF 105. We had discussed the new charter text = during the working group session in Montreal. Please find the same text = below. This text builds upon our current charter. Feel free to suggest = changes. RFC 2418 section 2.2 https://tools.ietf.org/html/rfc2418#section-2.2 says the following = about a working group charter:

   2. Specifies the direction or objectives of =
the working group and
      describes the approach that will be taken to achieve the =
goals;

Please keep this in mind when suggesting changes. Once the text is = ready, we will send it to the IESG for review.

Joe and Mohit

------------------------

The Extensible Authentication Protocol (EAP) [RFC 3748] is a network = access authentication framework used, for instance, in VPN and mobile = networks. EAP itself is a simple protocol and actual authentication = happens in EAP methods. Several EAP methods have been developed at the IETF and support for EAP exists in a broad set of = devices. Previous larger EAP-related efforts at the IETF included = rewriting the base EAP protocol specification and the development of = several standards track EAP methods.

EAP methods are generally based on existing security technologies such = as TLS and SIM cards. Our understanding of security threats is = continuously evolving. This has driven the evolution of several of these = underlying technologies. As an example, IETF has standardized a new and improved version of TLS in RFC 8446. The group will therefore = provide guidance and update EAP method specifications where necessary to = enable the use of new versions of these underlying technologies.

At the same time, some new use cases for EAP have been identified. EAP = is now more broadly in mobile network authentication. The group will = update existing EAP methods such as EAP-AKA' to stay in sync with = updates to the referenced 3GPP specifications. RFC 7258 notes that pervasive monitoring is an attack. Perfect Forward = Secrecy (PFS) is an important security property for modern protocols to = thwart pervasive monitoring. The group will therefore work on an = extension to EAP-AKA' for providing Perfect Forward Secrecy (PFS).

Out-of-band (OOB) refers to a separate communication channel independent = of the primary in-band channel over which the actual network = communication takes place. OOB channels are now used for authentication = in a variety of protocols and devices (draft-ietf-oauth-device-flow-13, WhatsApp Web, etc.). Many users are accustomed to tapping NFC or = scanning QR codes. However, EAP currently does not have any standard = methods that support authentication based on OOB channels. The group = will therefore work on an EAP method where authentication is based on an out-of-band channel between the peer and the server.

EAP authentication is based on credentials available on the peer and the = server. However, some EAP methods use credentials that are time or = domain limited (such as EAP-POTP), and there may be a need for creating = long term credentials for re-authenticating the peer in a more general context. The group will investigate minimal = mechanisms with which limited-use EAP authentication credentials can be = used for creating general-use long-term credentials.

In summary, the working group shall produce the following documents:

 - An update to enable the use of TLS 1.3 in the context of EAP-TLS = (RFC 5216). This document will pdate the security considerations = relating to EAP-TLS, document the implications of using new vs. old TLS = versions, add any recently gained new knowledge on vulnerabilities, and discuss the possible implications of pervasive surveillance.

 - Several EAP methods such EAP-TTLS and EAP-FAST use an outer TLS = tunnel. Provide guidance or update the relevant specifications = explaining how those EAP methods (PEAP/TTLS/TEAP) will work with TLS = 1.3. This will also involve maintenance work based on erratas found in published specifications (such as EAP-TEAP).

- Define session identifiers for fast re-authentication for EAP-SIM, = EAP-AKA, and EAP-AKA=E2=80=99. The lack of this definition is a recently = discovered bug in the original RFCs.

- Update the = EAP-AKA' specification (RFC 5448) to ensure that its capability to = provide a cryptographic binding to network context stays in sync with = updates to the referenced 3GPP specifications. The document will also = contain any recently gained new knowledge on vulnerabilities or the possible implications of pervasive = surveillance.

- Develop an extension to EAP-AKA' such that Perfect Forward Secrecy can = be provided. There may also be privacy improvements that have become = feasible with the  introduction of recent identity privacy = improvements in 3GPP networks.

- Gather experience regarding the use of large certificates and long = certificate chains in the context of EAP-TLS (all versions), as some = implementations and access networks may limit the number of EAP packet = exchanges that can be handled. Document operational recommendations or other mitigation strategies to avoid issues.

- Define a standard EAP method for mutual authentication between a peer = and a server that is based on an out-of-band channel. The method itself = shall be independent of the underlying OOB channel and shall support a = variety of OOB channels such as NFC, dynamically generated QR codes, audio, and visible light.

- Define mechanisms by which EAP methods can support creation of = long-term credentials for the peer based on initial limited-use = credentials.

The working group is expected to stay in close collaboration with the = EAP deployment community, the TLS working group (for EAP-TLS work), and = the 3GPP security architecture group (for EAP-AKA' work)

------------------------


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/ma=
ilman/listinfo/emu
_______________________________________________
Emu = mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

= --Apple-Mail=_7B3606BB-3906-4425-818C-684312057B9D-- From nobody Wed Sep 18 05:45:22 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8867D120233; Wed, 18 Sep 2019 05:45:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jWjID/8G; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ZA8JUTD1 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NjYsLkkXzLjq; Wed, 18 Sep 2019 05:45:13 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 777B5120232; Wed, 18 Sep 2019 05:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2293; q=dns/txt; s=iport; t=1568810713; x=1570020313; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Isrcchlg7GesdRGPYDalFSkIIyO9ezcvmOo1+L4jHT4=; b=jWjID/8GBZVPXb3iDsJOS0ij0jM2wEokN9bK3LklwPUBk7S6x3XQEzFL TUW5nbLjRZKOUgvy86vpkUyi182Y4Xh8Va799vufFdB4rKb3CrT0uXs2O cOZ4LzLFEa2z/586hswxhVu3Tw/RO5s7eTDdwkFTlVnkupLYqsgkeOcPs M=; IronPort-PHdr: =?us-ascii?q?9a23=3Ama6XXhfL8oxDNyTh88bxBSxnlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwKYD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/aCIgHclGfFRk5Hq8d0NSHZW2ag=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CvAAA/JoJd/5xdJa1dCRoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgWeBRVADbVYgBAsqCodfA4p4glyXc4JSA1QJAQEBDAEBGAs?= =?us-ascii?q?KAgEBhD8CgwMjOBMCAwkBAQQBAQECAQUEbYUtDIVKAQEBAQMBARAoBgEBLAs?= =?us-ascii?q?BCwQCAQgRBAEBAR4QJwsdCAEBBAENBQgagwGBagMdAQ6lJwKBOIhhgiWCfQE?= =?us-ascii?q?BBYUIGIIXAwaBNIwJGIFAP4FXgkw+gmEBAYE3FBiDO4ImnhuOYQqCIpUemSC?= =?us-ascii?q?OD5kJAgQCBAUCDgEBBYFpIYFYcBU7gmxQEBSBToNyhRSFP3OBKY4qAYEiAQE?= X-IronPort-AV: E=Sophos;i="5.64,520,1559520000"; d="scan'208";a="328449687" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Sep 2019 12:45:12 +0000 Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x8ICjBq2029115 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Sep 2019 12:45:11 GMT Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 07:45:11 -0500 Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 08:45:08 -0400 Received: from NAM05-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 07:45:08 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=egP7l+/mm3CjH6kNy8sIX3SwwROgeW40paGkUtzycMDJoINXmn/w9rnAFDq8k3z98rBVwQLlRv6qhnp0ivatbQiORcOyTM52MNTS4JjUCzKpyxiZEt/6rR2OCe4Ng1y3qG/PrnqXDwrmyK+0MOVjsvcEZ43JugWj87HUwgzO7IgCtcB61WXdKoEORzVPS9uMuXIRlC34/muYxfSCWQ0avRmqhMHcxxVNbd/pgSh6CwBBcDnaQ+YeR7S06F3/2VErasLFZCSxEKpgQ+/VgDtR/F3CT63UZkSsvDnhdmmznr8NtspKle+rEKQi7Wd+8s8K5TGxazy4hqdarLBLSJZO0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0eWp6816NV0C+m1j6PKBTSF7TYZaDg3sCe0ZqTwHQxg=; b=BGypwlctsp50dwUAQ/DARuZqKpqePtiQ195su70OP8PCDX2lzftZ+LixaYrI15uEKVwnoCtWeO151xRwFdDOmMZo5zStcWX7v6WlYkBbKasuW7Pc5rJBFRIp7sch768AzlzJbbkG66JWhjhpCvK502fYHFjaz/XNhJ/DK44qP99duHeLUcmwSA03NHPj87XqrXs2P7KaYnUT/49+3DeTll1QQ42cZtSX14HvXaJeweKRys37qe6es/45abjaoTRm1rkcwcUcT2+22Rao/zEKN0H7hB/BnHA8J+u0FXWpAV6JGXq3zYc86DpOW/f+C0bMEKDCz4t14sx98ZtQNbTMwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0eWp6816NV0C+m1j6PKBTSF7TYZaDg3sCe0ZqTwHQxg=; b=ZA8JUTD1hR0iGddirj2hGlWLZ9ty+Cpu/oKSBzxd0jdkjhrec5V8huPcpwYpTJAJS7XH7JDzulZiV1s5008AXrpSNhVbmoDOFSFv6K/3EcVe7DgiY+KgmH3eDMrV1LzcW8QVyAYCQw68d6onXP5ve7pXOLePkhi4BhSAxG0ZBow= Received: from CY4PR1101MB2278.namprd11.prod.outlook.com (10.172.76.13) by CY4PR1101MB2293.namprd11.prod.outlook.com (10.174.53.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.23; Wed, 18 Sep 2019 12:45:07 +0000 Received: from CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127]) by CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127%9]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 12:45:07 +0000 From: "Owen Friel (ofriel)" To: Alan DeKok , John Mattsson CC: "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjA= Date: Wed, 18 Sep 2019 12:45:07 +0000 Message-ID: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> In-Reply-To: <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com; x-originating-ip: [64.103.40.21] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 280b725f-8b69-4017-da19-08d73c3608f7 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR1101MB2293; x-ms-traffictypediagnostic: CY4PR1101MB2293: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01644DCF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(396003)(366004)(39860400002)(136003)(13464003)(189003)(199004)(14454004)(55016002)(81156014)(9686003)(71190400001)(8936002)(486006)(66066001)(256004)(4326008)(25786009)(33656002)(478600001)(81166006)(6436002)(966005)(8676002)(305945005)(99286004)(110136005)(229853002)(71200400001)(446003)(6116002)(76116006)(2906002)(53546011)(6306002)(52536014)(66446008)(66556008)(54906003)(64756008)(66476007)(7696005)(316002)(86362001)(7736002)(74316002)(3846002)(66946007)(76176011)(5660300002)(11346002)(186003)(102836004)(476003)(6246003)(6506007)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2293; H:CY4PR1101MB2278.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: aR5iAtZudayiMTSzZXVzb1dJ4dZ/y5z8HF/cihxfD+RQgC9+STxO7Fp51hhijY7Ly0PqiHlWhkUfJ8woe9QuGY7jOxI4IIBZpRFZIay6yCFf2d7aa1RmYfkE7q3HQP8I9x/81swNbox08nYVyPz7petEoi1uJsgPsOHdynjeU+L+CE21ZRTCVYTmrHSi51O6dK9Zcr/yngHJLBF/mNbIP3GSm0JX6VkWaOg0gdwBbvXLlKjOC4Al2Ll6KA0SQp49F0VldcU1GDtPjLhCoWyFh7J/P4uNYvJeE6MSydcB2pjrbnT8jVynKeVU9lnVHXZ2capbM22A6Fy1dIIx7E+vlu96yNjRjqB9jhBbm0CuzhGEdb0UPBowPhWFVkvnI7XxvtVNsLOP2azE6mT4GBCX1FzE1tEur/Ihsb2j81n1T2s= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 280b725f-8b69-4017-da19-08d73c3608f7 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 12:45:07.1921 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: O5gssVDysgS+RXmHyubc4RWVgG/3zhNqfCJ5UtRzzbTBkkJCfRzHZHfaRnzhqxsa4xFo/Cixa/dFH/8tdAQyaQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2293 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com X-Outbound-Node: rcdn-core-5.cisco.com Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 12:45:17 -0000 > -----Original Message----- > From: Emu On Behalf Of Alan DeKok > Sent: 12 September 2019 16:28 > To: John Mattsson > Cc: draft-ietf-emu-eap-tls13@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 >=20 > On Sep 12, 2019, at 10:55 AM, John Mattsson > wrote: > > > >> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result,= we > *cannot* use PSK for >authentication in EAP-TLS. > > > > I don't understand why this could not be done. My view is that allowing= PSK > authentication would be quite easy. >=20 > How would systems tell the difference between "raw" PSK and > "resumption" PSK? >=20 > When allowing resumption, the server has sent a PSK identity in a > NewSessionTicket message. The client caches this and re-uses this. But = the > client signals that it is performing resumption via the act of using PSK.= There's > nothing else. >=20 > Which means that if PSK was allowed, the server can't look at the packe= ts to > distinguish resumption from "raw" PSK. Instead, the server has to look a= t it's > resumption cache which may be in a DB. The server can use the PskIdentity in the PreSharedKeyExtension to differen= tiate between an offline PSK used for authentication vs. a PSK established = via NewSessionTicket. There should be no problem here, and the statement " Pre-Shared Key (PSK) authentication SHALL NOT be used except for resumption. " should be updated to clarify. >=20 > >>> While there is the EAP-PSK method, I would much rather use EAP-TLS > with PSK because it >provides identity protection and perfect forward > secrecy, unlike EAP-PSK. > >> > >> Use EAP-PWD for that. > > > > Standardizing EAP-TLS should only be done if it has some significant > advantages over EAP-PWD, and there are people wanting to implement and > use it. 3GPP is e.g. adding identity protection and perfect forward secr= ecy to > EAP-AKA instead. >=20 > I would prefer to forbid PSK in EAP-TLS. >=20 > Alan DeKok. >=20 > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu From nobody Wed Sep 18 06:07:08 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62C83120088; Wed, 18 Sep 2019 06:07:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWDDHEwUxcbC; Wed, 18 Sep 2019 06:07:03 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB61B120044; Wed, 18 Sep 2019 06:07:02 -0700 (PDT) Received: from [192.168.20.55] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id CCF5E1775; Wed, 18 Sep 2019 13:06:59 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: Date: Wed, 18 Sep 2019 09:06:58 -0400 Cc: John Mattsson , "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> To: "Owen Friel (ofriel)" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 13:07:08 -0000 On Sep 18, 2019, at 8:45 AM, Owen Friel (ofriel) = wrote: >=20 >>=20 >> Which means that if PSK was allowed, the server can't look at the = packets to >> distinguish resumption from "raw" PSK. Instead, the server has to = look at it's >> resumption cache which may be in a DB. >=20 > The server can use the PskIdentity in the PreSharedKeyExtension to = differentiate between an offline PSK used for authentication vs. a PSK = established via NewSessionTicket. Please define "use". As an implementor, I can't implement "my code = USES a field". I need to know what the code *does* with it. How does the code differentiate between PSK identities? Are the = identity formats different? If so, how and why? What prevents a malicious attacker from "using" a format which matches = an identity coming from NewSessionTicket? My understanding is that the code *cannot* make any decisions simply = by looking at the PSK identity field. Instead, it has to look at the = resumption cache to see if a given PSK matches a cached one. Or maybe = the code looks in a DB to see if the given PSK is a real "end-user" PSK = in the DB. Simply waving your hands and saying it "uses" a field is unhelpful. = Please give substantive feedback and/or advice about what the code = *does*. Alan DeKok. From nobody Wed Sep 18 06:21:11 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F045E12009E; Wed, 18 Sep 2019 06:21:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ga8pVKDBWzKc; Wed, 18 Sep 2019 06:21:07 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50083.outbound.protection.outlook.com [40.107.5.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0567120088; Wed, 18 Sep 2019 06:21:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P2BoeB36cgbAfbdiGOdAReKXme6Z5wCC55F+5REFFXx6LspyFxM4AE9tucWVgMTN67MqVtW8SWDOXkklbOAa6xKbUANZHKMTw0rxgFEnIk39WgddNcUGzjeLnQgFLp++rE366I4yC9lxwnPVA8k0pdwH0oYh0HPBXg/FCENIx5Tx60ecjYS7DMEfHcK7MBIi44REhnuxA3+cjEUej/zzzzq8xHtTwqDb4NglJhe4PfkIy/wxg7Cw1DA/q21d6pO05dFjoddoKEZq4R2WTqhYenl6g62DOQcxOhFp7S3ZSYlo75ZDtbReEi3Btvb8u+moEMcrT2IShABLpiT13TmbzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n67Oy77EB+pOlouvJvlMrFmOgzT1gB2YaGK4/XEWMcQ=; b=hD4BcQRjXS4rzlaujLnzLbh5CSh84e7uC5LL/WB/NUEe7iZ2OceH1lgJtnoCoN8jH4yNiJAy/Awus0p7xSIK6bxfMo5Y5q6nBdRv0w7eQ37O/Ptw4OL3c3dyvhc1QQUk7ifiI3sa1jjoGwemAYWX3kQX4uceWzzp1JXJvlM3qzb1zerNoG5Z/UFY2mUU361tMoZhWfkQjC8M4b0lvfmJJj0/Yr+GvjPOJPKa1EagYOs551Av9ggISlG7D/K2xZB9sQqB2KZJhF/tH3OcaAUgpDdwku44UHJAX35xJ1JjLJpS82gvfpwm5fE5uiHR9ezhRhkkV3T8Kc2AQ1ApxUtf5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n67Oy77EB+pOlouvJvlMrFmOgzT1gB2YaGK4/XEWMcQ=; b=RzqUS1Pwry1sUUdq3cq9rO/QH2XeD2PFNXUdfBgY17tD0suGdcAy/D9slzBDYwroYUS4HvJjjcqGHhXpeGWREM8igJ8YwzG/hzWQ7eyIzSkqp9m8R+Je6c1OxaVe0+YxpoWX+ZUzcnplde2F/IVHqK2z1RA5RHWmH+piWCQt/8s= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3227.eurprd07.prod.outlook.com (10.170.247.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Wed, 18 Sep 2019 13:21:04 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.009; Wed, 18 Sep 2019 13:21:03 +0000 From: John Mattsson To: Alan DeKok , "Owen Friel (ofriel)" CC: "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA Date: Wed, 18 Sep 2019 13:21:03 +0000 Message-ID: <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [192.176.1.87] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8cdb98e3-4c06-4e00-a48d-08d73c3b0e78 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB3227; x-ms-traffictypediagnostic: HE1PR07MB3227: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 01644DCF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(13464003)(51444003)(189003)(199004)(66446008)(26005)(6506007)(64756008)(66556008)(5660300002)(66476007)(76116006)(6512007)(66946007)(25786009)(58126008)(54906003)(4326008)(14454004)(498600001)(102836004)(110136005)(76176011)(99286004)(66066001)(36756003)(33656002)(71200400001)(71190400001)(6246003)(6116002)(256004)(8676002)(229853002)(6486002)(81166006)(81156014)(53546011)(3846002)(305945005)(86362001)(7736002)(11346002)(486006)(8936002)(2906002)(2616005)(476003)(446003)(44832011)(6436002)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3227; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 41lCdSibZ2KKHhdDo5i9gLQNdGEPWKvVpVs+mD54Z+fldNhPsQErcsyEFnAj7FShkKh3DZm7fbuEvv6kaPYVoO0wTJ3KYs0w6Xh5yffuF3corB6keySebxtinh/PF8vdere16DMfCp7Hf9IX79JjF/lbTGmUdCzINTJW6+pDf5DGovlyBmsGSOVa8cFnEfgeiNRJP8Uny3Jpdj3fznheQN2hGeO+vzXdG7DglYBMRfSCaTC0BBqmWYd0KqYx/w3wwuFf5T/069GpbahzHWuVxQCbKawtwG/swlADr22ALHy5y0DsIuEiyXE1figFHhSY9iy8k5o+VezHr13KV6051l/Y7N62UaB/37PJ/50R0p2d3ead3b5cQ7WEiD0v7VxPVq18e6rZL82UTNz7ejBML0XwLicrDB/rg31PpAtCTaM= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8cdb98e3-4c06-4e00-a48d-08d73c3b0e78 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 13:21:03.8839 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: exVpv9da6N6Gj90iwYt6I8WGOAjH1hX7fn13ptS9qcrIxb6eHwPVY35JtSXNuIWdgoYEcE8RZQa5/NFLrqeryh5+hKPOk/TDiDn2+BE4KFo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3227 Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 13:21:10 -0000 SWYgSSB1bmRlcnN0YW5kIHlvdSBjb3JyZWN0bHkgQWxhbiwgeW91ciBpbXBsZW1lbnRhdGlvbiB3 b3VsZCBoYXZlIGRpZmZlcmVudCBkYXRhYmFzZXMgKG9uZSByZXN1bXB0aW9uIERCIGFuZCBvbmUg ZXh0ZXJuYWwgUFNLIERCKSBhbmQgeW91IGRvIG5vdCB3YW50IHRvIGRvIHR3byBkYXRhYmFzZSBs b29rdXBzLiBUaGUgZm9ybWF0IG9mIHRoZSBQU0tpZGVudGl0aWVzIGlzIGZyZWUgZm9yIHRoZSBk ZXBsb3ltZW50IHRvIGRlY2lkZSB1cG9uIGFuZCB0aGUgcmVzdW1wdGlvbiBQU0tzIGNhbiBiZSBj b21wbGV0ZWx5IGJlIGRldGVybWluZWQgYnkgdGhlIEVBUC1UTFMgaW1wbGVtZW50YXRpb24uIFlv dXIgaW1wbGVtZW50YXRpb24gY291bGQgZm9yIGV4YW1wbGUgcHV0IGEgbWVzc2FnZSBhdXRoZW50 aWNhdGlvbiBjb2RlIGluc2lkZSB0aGUgUFNLIGlkZW50aXR5LiBUaGUgTUFDIHdvdWxkIGJlIGNh bGN1bGF0ZWQgd2l0aCBhIHN5bW1ldHJpYyBrZXkgdGhlIEVBUCBzZXJ2ZXIgaGFzIHJhbmRvbWx5 IGdlbmVyYXRlZCBieSBpdHNlbGYuIEkgdGhpbmsgdGhhdCB3b3VsZCBzb2x2ZSB5b3VyIHByb2Js ZW0uDQoNCkkgZG8gbm90IHNlZSBob3cgYW4gYXR0YWNrZXIgY291bGQgZG8gYW55dGhpbmcuLi4u LiBhbiBhdHRhY2tlciBjYW4gZGVmaW5pdGVseSByZXVzZSBhbnkgUFNLIGlkZW50aXR5LCBidXQg d291bGQgbm90IGhhdmUgdGhlIGNvcnJlc3BvbmRpbmcgUFNLIGFuZCB0aGUgQ2xpZW50SGVsbG8g d291bGQgdGhlcmVmb3JlIG5vdCBiZSBhY2NlcHRlZC4gVGhlIHdvcnN0IHRoaW5nIGFuIGF0dGFj a2VyIGNvdWxkIGRvIGlzIHRvIHJlcGxheSBhIENsaWVudEhlbGxvLCB0aGVuIHRoZSBoYW5kc2hh a2Ugd291bGQgZmFpbCB0aGVuIHRoZSBFQVAgc2VydmVyIHZlcmlmaWVzIHRoZSBGaW5pc2hlZCBt ZXNzYWdlLg0KDQpJIGRvbid0IHNlZSB3aHkgdGhpcyB3b3VsZCBiZSBtb3JlIG9mIGEgcHJvYmxl bSBpbiBFQVAtVExTIHdpdGggVExTIDEuMyB0aGF0IGluIGFueSBvdGhlciBhcHBsaWNhdGlvbiBv ZiBFQVAtVExTLg0KDQovSm9obg0KDQrvu78tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv bTogQWxhbiBEZUtvayA8YWxhbmRAZGVwbG95aW5ncmFkaXVzLmNvbT4NCkRhdGU6IFdlZG5lc2Rh eSwgMTggU2VwdGVtYmVyIDIwMTkgYXQgMTU6MDcNClRvOiAiT3dlbiBGcmllbCAob2ZyaWVsKSIg PG9mcmllbEBjaXNjby5jb20+DQpDYzogSm9obiBNYXR0c3NvbiA8am9obi5tYXR0c3NvbkBlcmlj c3Nvbi5jb20+LCAiZHJhZnQtaWV0Zi1lbXUtZWFwLXRsczEzQGlldGYub3JnIiA8ZHJhZnQtaWV0 Zi1lbXUtZWFwLXRsczEzQGlldGYub3JnPiwgRU1VIFdHIDxlbXVAaWV0Zi5vcmc+DQpTdWJqZWN0 OiBSZTogW0VtdV0gUE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVhcC10bHMxMw0K DQogICAgT24gU2VwIDE4LCAyMDE5LCBhdCA4OjQ1IEFNLCBPd2VuIEZyaWVsIChvZnJpZWwpIDxv ZnJpZWxAY2lzY28uY29tPiB3cm90ZToNCiAgICA+IA0KICAgID4+IA0KICAgID4+ICBXaGljaCBt ZWFucyB0aGF0IGlmIFBTSyB3YXMgYWxsb3dlZCwgdGhlIHNlcnZlciBjYW4ndCBsb29rIGF0IHRo ZSBwYWNrZXRzIHRvDQogICAgPj4gZGlzdGluZ3Vpc2ggcmVzdW1wdGlvbiBmcm9tICJyYXciIFBT Sy4gIEluc3RlYWQsIHRoZSBzZXJ2ZXIgaGFzIHRvIGxvb2sgYXQgaXQncw0KICAgID4+IHJlc3Vt cHRpb24gY2FjaGUgd2hpY2ggbWF5IGJlIGluIGEgREIuDQogICAgPiANCiAgICA+IFRoZSBzZXJ2 ZXIgY2FuIHVzZSB0aGUgUHNrSWRlbnRpdHkgaW4gdGhlIFByZVNoYXJlZEtleUV4dGVuc2lvbiB0 byBkaWZmZXJlbnRpYXRlIGJldHdlZW4gYW4gb2ZmbGluZSBQU0sgdXNlZCBmb3IgYXV0aGVudGlj YXRpb24gdnMuIGEgUFNLIGVzdGFibGlzaGVkIHZpYSBOZXdTZXNzaW9uVGlja2V0Lg0KICAgIA0K ICAgICAgUGxlYXNlIGRlZmluZSAidXNlIi4gIEFzIGFuIGltcGxlbWVudG9yLCBJIGNhbid0IGlt cGxlbWVudCAibXkgY29kZSBVU0VTIGEgZmllbGQiLiAgSSBuZWVkIHRvIGtub3cgd2hhdCB0aGUg Y29kZSAqZG9lcyogd2l0aCBpdC4NCiAgICANCiAgICAgIEhvdyBkb2VzIHRoZSBjb2RlIGRpZmZl cmVudGlhdGUgYmV0d2VlbiBQU0sgaWRlbnRpdGllcz8gIEFyZSB0aGUgaWRlbnRpdHkgZm9ybWF0 cyBkaWZmZXJlbnQ/ICBJZiBzbywgaG93IGFuZCB3aHk/DQogICAgDQogICAgICBXaGF0IHByZXZl bnRzIGEgbWFsaWNpb3VzIGF0dGFja2VyIGZyb20gInVzaW5nIiBhIGZvcm1hdCB3aGljaCBtYXRj aGVzIGFuIGlkZW50aXR5IGNvbWluZyBmcm9tIE5ld1Nlc3Npb25UaWNrZXQ/DQogICAgDQogICAg ICBNeSB1bmRlcnN0YW5kaW5nIGlzIHRoYXQgdGhlIGNvZGUgKmNhbm5vdCogbWFrZSBhbnkgZGVj aXNpb25zIHNpbXBseSBieSBsb29raW5nIGF0IHRoZSBQU0sgaWRlbnRpdHkgZmllbGQuICBJbnN0 ZWFkLCBpdCBoYXMgdG8gbG9vayBhdCB0aGUgcmVzdW1wdGlvbiBjYWNoZSB0byBzZWUgaWYgYSBn aXZlbiBQU0sgbWF0Y2hlcyBhIGNhY2hlZCBvbmUuICBPciBtYXliZSB0aGUgY29kZSBsb29rcyBp biBhIERCIHRvIHNlZSBpZiB0aGUgZ2l2ZW4gUFNLIGlzIGEgcmVhbCAiZW5kLXVzZXIiIFBTSyBp biB0aGUgREIuDQogICAgDQogICAgICBTaW1wbHkgd2F2aW5nIHlvdXIgaGFuZHMgYW5kIHNheWlu ZyBpdCAidXNlcyIgYSBmaWVsZCBpcyB1bmhlbHBmdWwuICBQbGVhc2UgZ2l2ZSBzdWJzdGFudGl2 ZSBmZWVkYmFjayBhbmQvb3IgYWR2aWNlIGFib3V0IHdoYXQgdGhlIGNvZGUgKmRvZXMqLg0KICAg IA0KICAgICAgQWxhbiBEZUtvay4NCiAgICANCiAgICANCg0K From nobody Wed Sep 18 06:21:30 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F376012009E; Wed, 18 Sep 2019 06:21:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjz2UJaai5hs; Wed, 18 Sep 2019 06:21:27 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 805BF120088; Wed, 18 Sep 2019 06:21:27 -0700 (PDT) Received: from [192.168.20.55] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id E6D32B79; Wed, 18 Sep 2019 13:21:25 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com From: Alan DeKok Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Date: Wed, 18 Sep 2019 09:21:24 -0400 References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> To: "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG In-Reply-To: Message-Id: <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 13:21:29 -0000 Just re-reading the text on PSK, I noticed a few things. The text in = Section 2.1.2 talks about PSK, the session ticket, and a "key_share" = extension. The accompanying diagram doesn't include any of those. I = suggest updating the diagram to include them. As a related note, if the PSK *is* in the resumption cache, but the = key is wrong, the cache entry should not be discarded. Otherwise an = attacker can disable caching for *all* users. This issue could be = clearer in this document. Perhaps it would be useful to add a short note in Section 5 about = security of resumption. It should reference RFC 8446 Section 8.1, and = 8.2, which discuss this issue. Also, Section 4.2.11 of that document = has an "Implementor's note:" which is important. Alan DeKok. From nobody Wed Sep 18 06:39:45 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB38E120251; Wed, 18 Sep 2019 06:39:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4y96FDsPEtVX; Wed, 18 Sep 2019 06:39:37 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 096C8120113; Wed, 18 Sep 2019 06:39:36 -0700 (PDT) Received: from [192.168.20.55] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id C08FE1775; Wed, 18 Sep 2019 13:39:34 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> Date: Wed, 18 Sep 2019 09:39:33 -0400 Cc: "Owen Friel (ofriel)" , "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> To: John Mattsson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 13:39:39 -0000 > On Sep 18, 2019, at 9:21 AM, John Mattsson = wrote: >=20 > If I understand you correctly Alan, your implementation would have = different databases (one resumption DB and one external PSK DB) and you = do not want to do two database lookups. It's more about what *can* be done. RFC 8446 Section 8.1 and 8.2 talk = about using multiple DBs, too. > The format of the PSKidentities is free for the deployment to decide = upon and the resumption PSKs can be completely be determined by the = EAP-TLS implementation. Your implementation could for example put a = message authentication code inside the PSK identity. The MAC would be = calculated with a symmetric key the EAP server has randomly generated by = itself. I think that would solve your problem. I suggest giving guidance to implementors. Otherwise the issue is = open to implementation-defined behaviour, which is problematic. If PSKs are used only for resumption, the the format doesn't matter. = If PSKs are used for both authentication *and* resumption, then I = strongly recommend giving guidance. For example, RFC 8446 Section 4.1.2 says: struct { opaque identity<1..2^16-1>; uint32 obfuscated_ticket_age; } PskIdentity; i.e. the PSK identity is an opaque binary string. How is the user = supposed to enter a binary string into a "username" field in their GUI? = What are the recommended formats? If the ClientHello isn't encrypted, then the PSK is visible to anyone = (I believe). And the PSK *must not* be a user-manageable string such as = the NAI. On the other hand, if the PSK is sent after encryption begins, = then the PSK *should* be a user-manageable string such as an NAI. I see it being useful for EAP-TLS to allow PSK authentication. I just = want to be sure I know what that means, and what the impacts are. > I do not see how an attacker could do anything..... an attacker can = definitely reuse any PSK identity, but would not have the corresponding = PSK and the ClientHello would therefore not be accepted. The worst thing = an attacker could do is to replay a ClientHello, then the handshake = would fail then the EAP server verifies the Finished message. I agree. My larger point was that in the absence of guidance, it's = impossible to know what to do with a PSK identity. > I don't see why this would be more of a problem in EAP-TLS with TLS = 1.3 that in any other application of EAP-TLS. I agree. Alan DeKok. From nobody Wed Sep 18 14:42:17 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC4D120052; Wed, 18 Sep 2019 14:42:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JMXAjcug; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=FpCG/B9O Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JNa5jSvYHtVU; Wed, 18 Sep 2019 14:42:12 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB46120043; Wed, 18 Sep 2019 14:42:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5434; q=dns/txt; s=iport; t=1568842932; x=1570052532; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6UzfB5oLh/QqTHQpcRO/f943/UDRr+y9yd1wPnX9QVM=; b=JMXAjcugoSkLF0ClJQ0+F/3HwFVw5sMGBYAi5HWayPDQflj1rlegGg5l 8179y5nSXPPMrAfK9Xop5OME/Ihhhd/84FD4GTT4GCjLkUQRqMWnx3xbT J8dnAN2wWSHPSSt2Gl1S/782SCGa3vXF5MHoNCU+90q8JHhUOE7XTy/fm k=; IronPort-PHdr: =?us-ascii?q?9a23=3A070jLRZ+/oX1pbNej3yL6OP/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el20Q6bRp3VvvRDjeee87vtX2AN+96giDgDa9QNMn?= =?us-ascii?q?1NksAKh0olCc+BB1f8KavtYTY7EcBqX15+9Hb9Ok9QS47z?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AeAADCo4Jd/5ldJa1cCRkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQEBgVYBAQEBAQELAYFEUANtViAECyoKh18DinuCXJdzglI?= =?us-ascii?q?DVAkBAQEMAQEnBgIBAYQ/AoMDIzcGDgIDAQMCAwEBBAEBAQIBBQRthS0MhUo?= =?us-ascii?q?BAQEBAgESKAYBATcBCwQCAQgRBAEBARgGEDIdCAIEAQ0FCBqDAYFqAw4PAQ6?= =?us-ascii?q?lPAKBOIhhgiWCfQEBBYEzAYNRGIIXAwaBNAGJP4IsHRiBQD+BEUaCTD6CYQE?= =?us-ascii?q?BAgGBNBQGEk2CboImrBNuCoIihwWOGpkhjhCID5B7AgQCBAUCDgEBBYFoIkS?= =?us-ascii?q?BFHAVgydQEBSBTgkag0+FFIU/cwEJgR+NHYENAYEiAQE?= X-IronPort-AV: E=Sophos;i="5.64,522,1559520000"; d="scan'208";a="340477279" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Sep 2019 21:42:11 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x8ILgBBi021469 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Sep 2019 21:42:11 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 16:42:10 -0500 Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 16:42:09 -0500 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 17:42:10 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ty2hRIuFDnyT4BYpard/ljKhcfxYAvYAu0D7b/5pz+OjPuqFO8MB0AVqeY4PN2dJvejyPQRqKUhBrDflnw0lbkZcUOBkRzveloG+Ii6n3Ydy/PHqGA1f9DoXDOhCrI86B8lXAmy7otq/iFcOn4vH9lzC0AE3CWeqnrnvZx7HAT655lbSuFpLGWyhROTxDc03x7auxTpdfrDfEKufN14GyWI85x0zJCyOyyT3frKEvdkav57eY0YyjTrWyiWgJWbHSzd6asnJXoojtU9WMD1se0LoG1SgChwwBgzOoFVXO5XydWBerJvVHv67yo8hJiUfENgHaCDMCgsJTMxFVEGN9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vcWzQ/kJAgaxUL50ySfjzTffOs+iX9cueA+qfugNzXo=; b=nLBfeNpxYKwX++KtbNduK7Q2dvpK3KBbqDYDv/xmldPcr3YsjzLYvHzlr4f2wVoHVoyDwgZuadXMyU270XfU8n8U0fIGCK6+mdN6qf4OQkmRP8x1FPgHzEB2+jQ+8e/rQmzTTuu4/EQX6opk3MECcP2NJm9+SgGWWNuhNiC+GDPFUdKvVeW8hKfYMNrlfLOK0/L8t4D8FwN5azUSiB+sQahu/NH7UYcthwG1dL2xbnoIVMmRrhHy7XVHFJO/QSlEl7Gq8cSa6oYIJNK72jbwx5Do7C4yJHIDozJX6ESePcliRy1cIHxgqQ3V6dfxnp4nvTqAcLdKn2/g9Eya0zfgfQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vcWzQ/kJAgaxUL50ySfjzTffOs+iX9cueA+qfugNzXo=; b=FpCG/B9OimR3b0C7M41rKw5BJO3Y0oZz83A8qGG6/LxbTO+UPvj9i1exifWSj7/YUPjGhBI0PFl9jz1zVP508YgPgAj+y9jZuFl3GKFxCv00xooyTVkopfNafZRhic5OMN+X2/aRQf93b9pAsKV/gw4qirtJzKPGLZOFKosUSsI= Received: from CY4PR1101MB2278.namprd11.prod.outlook.com (10.172.76.13) by CY4PR1101MB2312.namprd11.prod.outlook.com (10.172.78.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.26; Wed, 18 Sep 2019 21:42:08 +0000 Received: from CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127]) by CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127%9]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 21:42:08 +0000 From: "Owen Friel (ofriel)" To: Alan DeKok , John Mattsson CC: "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA///jpID//4j+YA== Date: Wed, 18 Sep 2019 21:42:08 +0000 Message-ID: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com; x-originating-ip: [173.38.220.48] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4db347e1-cc64-441e-78f7-08d73c810e8f x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR1101MB2312; x-ms-traffictypediagnostic: CY4PR1101MB2312: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01644DCF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(376002)(396003)(366004)(39860400002)(199004)(189003)(13464003)(6506007)(316002)(71200400001)(99286004)(256004)(14444005)(6246003)(446003)(476003)(4326008)(7696005)(5660300002)(6116002)(486006)(86362001)(76176011)(11346002)(71190400001)(55016002)(186003)(2906002)(9686003)(102836004)(6306002)(6436002)(33656002)(26005)(478600001)(81166006)(81156014)(8676002)(966005)(3846002)(7736002)(54906003)(64756008)(66556008)(66066001)(66446008)(229853002)(53546011)(110136005)(66476007)(76116006)(66946007)(8936002)(14454004)(305945005)(74316002)(52536014)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2312; H:CY4PR1101MB2278.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: On70GtNLSTaIdo85v1o49bqHPmwVx3uvEK1kZCQfpaYmvCg6t1NCiNnAW46l38TmHtCZx3x74YdjR/6oIlcoP/mkqvud/ltAzRh+20RKd2TvBPoaDmY7QJdygk7tx7851ZB04+iRnINdpFD+VmLbdTOxsxcRGar+6M9uDvKBC70vtuc5hIgACapkUjN/A3hrCSawscWJPZpmN/9B0rcVdSqItPMEc+9Ar9ym0b4L4N7gANIJSwZXirL70ZhRIw6bkh/ji2Gq16fRDXIlyCIkOb+7K5DUr9JJk7xoTH6AojrwHfjByakX+gC2IcJxvAevFsk1n1BJEwA4021uSIoFDlxlLVHVE0Tvzp31942Z7qt7fI/wTg878cIHm7v95G5CAlaHeBAghDh4qymBuycrntalZh3Q2c9xKe9aH2FpImo= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 4db347e1-cc64-441e-78f7-08d73c810e8f X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 21:42:08.6042 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: FZlkE+nJCdKtVh5xFFqI6gSGCExNG9RNOqKtdAhba1VC231/mVAoUEMXrscyvgc0cBL2TA/qMmgAcZ/5RyB56w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2312 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com X-Outbound-Node: rcdn-core-2.cisco.com Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 21:42:15 -0000 > -----Original Message----- > From: Alan DeKok > Sent: 18 September 2019 14:40 > To: John Mattsson > Cc: Owen Friel (ofriel) ; draft-ietf-emu-eap- > tls13@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 >=20 >=20 >=20 > > On Sep 18, 2019, at 9:21 AM, John Mattsson > wrote: > > > > If I understand you correctly Alan, your implementation would have > different databases (one resumption DB and one external PSK DB) and you > do not want to do two database lookups. >=20 > It's more about what *can* be done. RFC 8446 Section 8.1 and 8.2 talk > about using multiple DBs, too. >=20 > > The format of the PSKidentities is free for the deployment to decide up= on > and the resumption PSKs can be completely be determined by the EAP-TLS > implementation. Your implementation could for example put a message > authentication code inside the PSK identity. The MAC would be calculated > with a symmetric key the EAP server has randomly generated by itself. I t= hink > that would solve your problem. >=20 > I suggest giving guidance to implementors. Otherwise the issue is open= to > implementation-defined behaviour, which is problematic. Giving some implementation guidance seems appropriate here. Naively, one co= uld envisage the implementation simply having a DB table for extern PSKs an= d a table that holds NewSessionTickets. An implementation could simply chec= k the extern PSK table using the PskIdentity.identity, and if no match is f= ound then check the NewSessionTickets table. The default OpenSSL NSK ticket= Id is 32 bytes long https://github.com/openssl/openssl/blob/558ea84743918f7= a93bfbfc259f86ad1fa4c8de9/include/openssl/ssl3.h#L127 so something has gone= seriously wrong if there is a clash (poor randoms, etc.). An additional la= yer of protection is provided by the PskBinderEntry as this is a HMAC deriv= ed using the PSK as one input, so the server even if there happened to be a= n identity clash, the binders will not match. Implementations should also note https://tools.ietf.org/html/rfc8446#append= ix-E.6.=20 >=20 > If PSKs are used only for resumption, the the format doesn't matter. I= f PSKs > are used for both authentication *and* resumption, then I strongly > recommend giving guidance. >=20 > For example, RFC 8446 Section 4.1.2 says: >=20 > struct { > opaque identity<1..2^16-1>; > uint32 obfuscated_ticket_age; > } PskIdentity; >=20 > i.e. the PSK identity is an opaque binary string. How is the user supp= osed to > enter a binary string into a "username" field in their GUI? What are the > recommended formats? >=20 > If the ClientHello isn't encrypted, then the PSK is visible to anyone (= I > believe). =20 Well, more precisely, the PSK identity is visible in the ClientHello, not t= he actual PSK of course. And the PSK *must not* be a user-manageable string such as the > NAI. On the other hand, if the PSK is sent after encryption begins, then= the > PSK *should* be a user-manageable string such as an NAI. https://tools.ietf.org/html/rfc8446#section-2.2 also states: " Note: When using an out-of-band provisioned pre-shared secret, a critical consideration is using sufficient entropy during the key generation, as discussed in [RFC4086]. Deriving a shared secret from a password or other low-entropy sources is not secure. A low-entropy secret, or password, is subject to dictionary attacks based on the PSK binder. The specified PSK authentication is not a strong password-based authenticated key exchange even when used with Diffie-Hellman key establishment. Specifically, it does not prevent an attacker that can observe the handshake from performing a brute-force attack on the password/pre-shared key. " so TLS-PSK is not suitable for a user entered low entropy password. We need= a PAKE for that (c.f. the ongoing CFRG PAKE assessment) >=20 > I see it being useful for EAP-TLS to allow PSK authentication. I just = want to > be sure I know what that means, and what the impacts are. There are some use cases Eliot and I are looking at related to IoT onboardi= ng where a TLS-PSK authentication has definite value, and we really don't w= ant to see this avenue closed off in EAP. Happy to provide any suggestions = on Implementation Notes to your draft. >=20 > > I do not see how an attacker could do anything..... an attacker can > definitely reuse any PSK identity, but would not have the corresponding P= SK > and the ClientHello would therefore not be accepted. The worst thing an > attacker could do is to replay a ClientHello, then the handshake would fa= il > then the EAP server verifies the Finished message. And note https://tools.ietf.org/html/rfc8446#appendix-E.6 where there is gu= idance on how to protect from an attacker determining a valid PSK identity. >=20 > I agree. My larger point was that in the absence of guidance, it's imp= ossible > to know what to do with a PSK identity. >=20 > > I don't see why this would be more of a problem in EAP-TLS with TLS 1.3 > that in any other application of EAP-TLS. >=20 > I agree. >=20 > Alan DeKok. From nobody Wed Sep 18 14:43:42 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7A8B120052; Wed, 18 Sep 2019 14:43:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jXkCX2h1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=F1u3FTNj Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gyq_2E55WaOE; Wed, 18 Sep 2019 14:43:36 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADC5A120043; Wed, 18 Sep 2019 14:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6228; q=dns/txt; s=iport; t=1568843016; x=1570052616; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=K8GxrVwijr0fcC3kXY+HlVVV5C/DOHRh4CGzFqvB4HI=; b=jXkCX2h11+KU/R9nVqo/JvaOweI+PiipVOV5wGHr452Y8BAIXJ5uM1cu 4tOpqJilr3E2d0nMwxszY8gx6LIpQVOXGnEc5c17fSWZ5XhU+n5/oi0np Nnck37Q0Noh+6Z1bugS4Yfwb0Sa8vUdbe7IRsCS2yvoqjzBTIuSre5ob8 0=; IronPort-PHdr: =?us-ascii?q?9a23=3A7JcPrRObiGSbaYPZ06El6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEuKQ/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBj8IuTrYigSF8VZX1gj9Ha+YgBY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ApAAA7pIJd/4wNJK1cCRoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgVYCAQEBAQsBgURQA21WIAQLFxMKh18DinuCXJdzglIDVAk?= =?us-ascii?q?BAQEMAQEYCwoCAQGEPwKDAyM3Bg4CAwkBAQQBAQECAQUEbYUtDIVKAQEBAQM?= =?us-ascii?q?BARAoBgEBLAsBCwQCAQgRBAEBARgGECcLHQgCBAENBQgagwGBagMdAQ6lOAK?= =?us-ascii?q?BOIhhgiWCfQEBBYEzAQMCg0wYghcDBoE0AYk/giwdGIFAP4ERRoJMPoJhAQE?= =?us-ascii?q?CAYE0FAYSTYJugiasE24KgiKHBY4amSGOEIgPkHsCBAIEBQIOAQEFgWgiRIE?= =?us-ascii?q?UcBU7gmxQEBSBTgkag0+FFIU/cwGBKI0dgQ0BgSIBAQ?= X-IronPort-AV: E=Sophos;i="5.64,522,1559520000"; d="scan'208";a="633257979" Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Sep 2019 21:43:34 +0000 Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x8ILhY0V006556 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Sep 2019 21:43:34 GMT Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 16:43:34 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 16:43:32 -0500 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 16:43:32 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lc2oxq84Og+EQ1FR8g/DWvLk4FDSuLrCGLxjSbQNKE5RDBiOoOZSjeZTwU/vPL+o+woT7VFZAaKsseZNOKHNvlc+DlTfW42ppy6V1On+axh7Wra2YWje4vX5W5eW4lwqtmgefK2uP5KxObqrQWN5KmRSAdLDY9kHjYN44pksrsthj+dJzR7+6JVYUtDhOWZS33J8lo7xQzFalWobm2hqH2nFARSFgYbayRA+bHJ0Md6fwBMR5PhvBSZO09qWNGFhjGy3110/meeZJH7xeXFkFDaL4tWpAH13FGM7RI/rplcKEkyMJGWv2pGQ9L+NG6uagMxy1OBnmweiT5JQIdlw0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sPVe0SaQE4goCR3EtaPIlVCVK+WGtnqSrPZu5Iz3nXc=; b=EpN2D+kTZzXJUMUXViU3pc4tZRg/XUlM5YDlqtMKzxMFOSjsg/kI5YbCutNsn6nodHL+lWDFBm0kEWC62g/NAlwRkwIEQCnZFqgal7zXaBXjfTMjQCEWOqbyBM02aT9g2Nbxco67JPUb+dQsZe6E8DxYMaEkzPT8bxb7IQ2+RkR3pJn3d3S6ckDPAuVRaW66HAmjWkQSIxl2wvHwXhRvIygL4/bVgULaG4eLTwxSrH6bBc8hKPQMtvTDV/NKqZC/df71diStr9Y6vdJU3379fcgLgfKwMvp4CBiiys8+4gAn/bnXxp+tdRkdAo1YgHgSHKRHk1jpN0qAt0tb0xhNTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sPVe0SaQE4goCR3EtaPIlVCVK+WGtnqSrPZu5Iz3nXc=; b=F1u3FTNjdzC2SFVHnTmuNEpxiIv94AhyOc0Rh6yqyBsz2y4yrHVBdXjFcVpPXmsfHwMyj8wC/iO+x3ZGO3nJDOP3PZAX8YFF/A3d+j07R0TOTBFKFIUemoa7pYC4BOsuwJuxaX8/Ho0yNJk+ZMXPYwLid5b+q4f5Gpp305lgjFc= Received: from CY4PR1101MB2278.namprd11.prod.outlook.com (10.172.76.13) by CY4PR1101MB2070.namprd11.prod.outlook.com (10.172.78.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.26; Wed, 18 Sep 2019 21:43:30 +0000 Received: from CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127]) by CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127%9]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 21:43:30 +0000 From: "Owen Friel (ofriel)" To: "Owen Friel (ofriel)" , Alan DeKok , John Mattsson CC: "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA///jpID//4j+YP//AePQ Date: Wed, 18 Sep 2019 21:43:30 +0000 Message-ID: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com; x-originating-ip: [173.38.220.48] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 89dfa9d3-4bc3-47ab-adc0-08d73c813f65 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR1101MB2070; x-ms-traffictypediagnostic: CY4PR1101MB2070: x-ms-exchange-purlcount: 5 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01644DCF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(39860400002)(396003)(366004)(13464003)(51444003)(189003)(199004)(66476007)(6506007)(64756008)(5660300002)(2940100002)(76116006)(4326008)(11346002)(86362001)(66556008)(14454004)(3846002)(478600001)(2906002)(6436002)(66066001)(446003)(186003)(25786009)(966005)(256004)(14444005)(476003)(229853002)(6116002)(7736002)(6246003)(486006)(54906003)(9686003)(66946007)(81156014)(81166006)(102836004)(26005)(6306002)(33656002)(316002)(55016002)(52536014)(7696005)(71200400001)(53546011)(76176011)(71190400001)(110136005)(8676002)(8936002)(74316002)(99286004)(66446008)(305945005); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2070; H:CY4PR1101MB2278.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: zA1Tpm5GFm3TfJ1J5LqoR8ItarvuYKeoq0+8VZxBmxxqW2JMQdePjrW2/OPVCAspiVtFr7wt0bDwZHilsEb4Qor+xKuM4h9t6+KLZWDANGBRt8v9NUEVBbEnF23s8Y14H0XplU4vRysMFIpKRm74lq7js6f+/sCCeQnQRWs8Z4II9Z4e+oOvtDa8dD1On+BrP2sNXp13Pq41/mepgGhgP1b5qUqL+itLi5riIY7BiHumpDjmWTM2BtfwRRH4aELXnCKVdaULCDOP14tgVko8Beqyd77vbwpsxql9homODPaqJy16CVXNxQwNHYBE4spYh2HeCEiVdFA2ydIL1NTi9oVHVliPkTEae8TZfqhW6Z9f4XIrxo7EhSyhIJgPqVVokWESxFnYqWFLfULOSuYQz4DvBuuz3ykIg12MbvWidc8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 89dfa9d3-4bc3-47ab-adc0-08d73c813f65 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 21:43:30.6061 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GtFoR5Wspzg8T6iUnYbB6+m2eNCrlF1PEncwToK8NVv+TmECp7OCKguFJKm6pUVcurIOMsdpZ8eZmjRQNSdPWg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2070 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.28, xch-aln-018.cisco.com X-Outbound-Node: alln-core-7.cisco.com Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 21:43:40 -0000 And one other draft of interest: https://tools.ietf.org/html/draft-ietf-tls= -external-psk-importer-00 > -----Original Message----- > From: Emu On Behalf Of Owen Friel (ofriel) > Sent: 18 September 2019 22:42 > To: Alan DeKok ; John Mattsson > > Cc: draft-ietf-emu-eap-tls13@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 >=20 >=20 >=20 > > -----Original Message----- > > From: Alan DeKok > > Sent: 18 September 2019 14:40 > > To: John Mattsson > > Cc: Owen Friel (ofriel) ; draft-ietf-emu-eap- > > tls13@ietf.org; EMU WG > > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > > > > > > > > On Sep 18, 2019, at 9:21 AM, John Mattsson > > wrote: > > > > > > If I understand you correctly Alan, your implementation would have > > different databases (one resumption DB and one external PSK DB) and > > you do not want to do two database lookups. > > > > It's more about what *can* be done. RFC 8446 Section 8.1 and 8.2 > > talk about using multiple DBs, too. > > > > > The format of the PSKidentities is free for the deployment to decide > > > upon > > and the resumption PSKs can be completely be determined by the EAP-TLS > > implementation. Your implementation could for example put a message > > authentication code inside the PSK identity. The MAC would be > > calculated with a symmetric key the EAP server has randomly generated > > by itself. I think that would solve your problem. > > > > I suggest giving guidance to implementors. Otherwise the issue is > > open to implementation-defined behaviour, which is problematic. >=20 > Giving some implementation guidance seems appropriate here. Naively, one > could envisage the implementation simply having a DB table for extern PSK= s > and a table that holds NewSessionTickets. An implementation could simply > check the extern PSK table using the PskIdentity.identity, and if no matc= h is > found then check the NewSessionTickets table. The default OpenSSL NSK > ticketId is 32 bytes long > https://github.com/openssl/openssl/blob/558ea84743918f7a93bfbfc259f86a > d1fa4c8de9/include/openssl/ssl3.h#L127 so something has gone seriously > wrong if there is a clash (poor randoms, etc.). An additional layer of > protection is provided by the PskBinderEntry as this is a HMAC derived us= ing > the PSK as one input, so the server even if there happened to be an ident= ity > clash, the binders will not match. >=20 > Implementations should also note > https://tools.ietf.org/html/rfc8446#appendix-E.6. >=20 > > > > If PSKs are used only for resumption, the the format doesn't matter. > > If PSKs are used for both authentication *and* resumption, then I > > strongly recommend giving guidance. > > > > For example, RFC 8446 Section 4.1.2 says: > > > > struct { > > opaque identity<1..2^16-1>; > > uint32 obfuscated_ticket_age; > > } PskIdentity; > > > > i.e. the PSK identity is an opaque binary string. How is the user > > supposed to enter a binary string into a "username" field in their > > GUI? What are the recommended formats? > > > > If the ClientHello isn't encrypted, then the PSK is visible to > > anyone (I believe). >=20 > Well, more precisely, the PSK identity is visible in the ClientHello, not= the > actual PSK of course. >=20 > And the PSK *must not* be a user-manageable string such as the > > NAI. On the other hand, if the PSK is sent after encryption begins, > > then the PSK *should* be a user-manageable string such as an NAI. >=20 > https://tools.ietf.org/html/rfc8446#section-2.2 also states: >=20 > " Note: When using an out-of-band provisioned pre-shared secret, a > critical consideration is using sufficient entropy during the key > generation, as discussed in [RFC4086]. Deriving a shared secret > from a password or other low-entropy sources is not secure. A > low-entropy secret, or password, is subject to dictionary attacks > based on the PSK binder. The specified PSK authentication is not > a strong password-based authenticated key exchange even when used > with Diffie-Hellman key establishment. Specifically, it does not > prevent an attacker that can observe the handshake from performing > a brute-force attack on the password/pre-shared key. " >=20 > so TLS-PSK is not suitable for a user entered low entropy password. We ne= ed > a PAKE for that (c.f. the ongoing CFRG PAKE assessment) >=20 >=20 > > > > I see it being useful for EAP-TLS to allow PSK authentication. I > > just want to be sure I know what that means, and what the impacts are. >=20 > There are some use cases Eliot and I are looking at related to IoT onboar= ding > where a TLS-PSK authentication has definite value, and we really don't wa= nt > to see this avenue closed off in EAP. Happy to provide any suggestions on > Implementation Notes to your draft. >=20 > > > > > I do not see how an attacker could do anything..... an attacker can > > definitely reuse any PSK identity, but would not have the > > corresponding PSK and the ClientHello would therefore not be accepted. > > The worst thing an attacker could do is to replay a ClientHello, then > > the handshake would fail then the EAP server verifies the Finished > message. >=20 > And note https://tools.ietf.org/html/rfc8446#appendix-E.6 where there is > guidance on how to protect from an attacker determining a valid PSK > identity. > > > > I agree. My larger point was that in the absence of guidance, it's > > impossible to know what to do with a PSK identity. > > > > > I don't see why this would be more of a problem in EAP-TLS with TLS > > > 1.3 > > that in any other application of EAP-TLS. > > > > I agree. > > > > Alan DeKok. >=20 > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu From nobody Wed Sep 18 14:58:59 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92223120072; Wed, 18 Sep 2019 14:58:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rb3MYe5OpbOr; Wed, 18 Sep 2019 14:58:54 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E145B120043; Wed, 18 Sep 2019 14:58:53 -0700 (PDT) Received: from [192.168.46.58] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id B4DC6609; Wed, 18 Sep 2019 21:58:50 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: Date: Wed, 18 Sep 2019 17:58:48 -0400 Cc: John Mattsson , "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> To: "Owen Friel (ofriel)" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 21:58:56 -0000 On Sep 18, 2019, at 5:42 PM, Owen Friel (ofriel) = wrote: > Giving some implementation guidance seems appropriate here. Naively, = one could envisage the implementation simply having a DB table for = extern PSKs and a table that holds NewSessionTickets. An implementation = could simply check the extern PSK table using the PskIdentity.identity, = and if no match is found then check the NewSessionTickets table. Which works, but should be called out in the draft. And what is to prevent the system from generating conflicting PSK = identities? i.e. I don't control OpenSSL. =46rom what I see, TLS 1.3 = resumption means that OpenSSLL will choose whatever PSK identity it = deems fit. As an implementor and/or admin, how do I choose *pre-provisioned* PSK = identities which won't conflict with the ones OpenSSL choose? > The default OpenSSL NSK ticketId is 32 bytes long = https://github.com/openssl/openssl/blob/558ea84743918f7a93bfbfc259f86ad1fa= 4c8de9/include/openssl/ssl3.h#L127 so something has gone seriously wrong = if there is a clash (poor randoms, etc.).=20 i.e. "pick a long string and that should be good enough". If that really is the guidance, then this should also be called out in = the draft. PSK identities MUST be long (ideally 32 octets or more), and = MUST be generated from a CSPRNG. Which then leads to the question of what will the poor user enter in a = UI? If "end users" shouldn't be doing this, the draft also needs to = call that out. > Well, more precisely, the PSK identity is visible in the ClientHello, = not the actual PSK of course. Sure. > And the PSK *must not* be a user-manageable string such as the >> NAI. On the other hand, if the PSK is sent after encryption begins, = then the >> PSK *should* be a user-manageable string such as an NAI. >=20 > https://tools.ietf.org/html/rfc8446#section-2.2 also states: > ... > so TLS-PSK is not suitable for a user entered low entropy password. We = need a PAKE for that (c.f. the ongoing CFRG PAKE assessment) Sure. > There are some use cases Eliot and I are looking at related to IoT = onboarding where a TLS-PSK authentication has definite value, and we = really don't want to see this avenue closed off in EAP. I don't know the exact use-case, but TBH I'd suggest EAP-PWD for that. = I'm not sure that EAP-TLS with PSK adds any value here. Allowing PSK means that the draft should likely say "end users MUST = NOT be using TLS-PSK". Or maybe "TLS-PSK MUST be used only where = systems can be automatically provisioned with long binary data for both = PSK identity and PSK itself". Or even "PSK identities and/or passwords = that are composed solely of printable ASCII characters are likely to be = humanly entered, and thus insecure". Which means, of course, that people will ignore that and demand simple = user names / passwords for EAP-TLS with PSK. Because that's ever so = much easier than using nasty certs. That isn't something we should encourage. It may be worth just = forbidding it. Alan DeKok. From nobody Wed Sep 18 23:27:59 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCE412010E; Wed, 18 Sep 2019 23:27:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRM3K1bG9uDv; Wed, 18 Sep 2019 23:27:56 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86C3A12006D; Wed, 18 Sep 2019 23:27:55 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 18 Sep 2019 23:27:49 -0700 From: Jim Schaad To: 'Alan DeKok' , "'Owen Friel (ofriel)'" CC: , 'EMU WG' References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> In-Reply-To: Date: Wed, 18 Sep 2019 23:27:47 -0700 Message-ID: <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQJQhJdu3cKisLaevKPOe7hkUsJlUQHrP0YsAnQUwTICP/Q2ZQFo3OeVARdsQSkC4MnBRwHBRqcjAa42UjQBeyyKNQJgbvWUpaH+24A= Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 06:27:58 -0000 I am going to come down on the side of no PSK should not be supported. However my issues have nothing to do with how things are implemented and more to do with the security properties of the EAP method. When you use certificates, there is no leakage of who the client is as this is encrypted by TLS. When you use a restore session ticket, it is possible to limit the number of times that the ticket can be used (for example once). The PSK identity is public and unprotected so it can be used to track. If one is using PSK for the purpose of authentication then that value will always be visible to intermediate parties for the purpose of tracking. This can be slightly mitigated by using restore session tickets with PSK, but you are going to send that PSK identifier over the wire many times. This is just informational and can be ignored: My current favorite way to deal with PSK/ticket identifiers is with encryption: 32 bytes of index into table 32 bytes of date information 32 bytes of SIV (synthetic IV) Encrypt the first two items using the SIV. You can then have multiple keys for decryption. One for PSKs and a resolving one for session tickets. If the identifier does not decrypt then you reject. Otherwise you look at the date information and the index in the table for the secret information. It is even possible to play games with AAD to do things like scope the tickets up front - if you put in the name/address of the NAS then you have a prescreen on where the ticket can be used. Jim -----Original Message----- From: Emu On Behalf Of Alan DeKok Sent: Wednesday, September 18, 2019 2:59 PM To: Owen Friel (ofriel) Cc: draft-ietf-emu-eap-tls13@ietf.org; EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 On Sep 18, 2019, at 5:42 PM, Owen Friel (ofriel) wrote: > Giving some implementation guidance seems appropriate here. Naively, one could envisage the implementation simply having a DB table for extern PSKs and a table that holds NewSessionTickets. An implementation could simply check the extern PSK table using the PskIdentity.identity, and if no match is found then check the NewSessionTickets table. Which works, but should be called out in the draft. And what is to prevent the system from generating conflicting PSK identities? i.e. I don't control OpenSSL. From what I see, TLS 1.3 resumption means that OpenSSLL will choose whatever PSK identity it deems fit. As an implementor and/or admin, how do I choose *pre-provisioned* PSK identities which won't conflict with the ones OpenSSL choose? > The default OpenSSL NSK ticketId is 32 bytes long https://github.com/openssl/openssl/blob/558ea84743918f7a93bfbfc259f86ad1fa4c 8de9/include/openssl/ssl3.h#L127 so something has gone seriously wrong if there is a clash (poor randoms, etc.). i.e. "pick a long string and that should be good enough". If that really is the guidance, then this should also be called out in the draft. PSK identities MUST be long (ideally 32 octets or more), and MUST be generated from a CSPRNG. Which then leads to the question of what will the poor user enter in a UI? If "end users" shouldn't be doing this, the draft also needs to call that out. > Well, more precisely, the PSK identity is visible in the ClientHello, not the actual PSK of course. Sure. > And the PSK *must not* be a user-manageable string such as the >> NAI. On the other hand, if the PSK is sent after encryption begins, >> then the PSK *should* be a user-manageable string such as an NAI. > > https://tools.ietf.org/html/rfc8446#section-2.2 also states: > ... > so TLS-PSK is not suitable for a user entered low entropy password. We > need a PAKE for that (c.f. the ongoing CFRG PAKE assessment) Sure. > There are some use cases Eliot and I are looking at related to IoT onboarding where a TLS-PSK authentication has definite value, and we really don't want to see this avenue closed off in EAP. I don't know the exact use-case, but TBH I'd suggest EAP-PWD for that. I'm not sure that EAP-TLS with PSK adds any value here. Allowing PSK means that the draft should likely say "end users MUST NOT be using TLS-PSK". Or maybe "TLS-PSK MUST be used only where systems can be automatically provisioned with long binary data for both PSK identity and PSK itself". Or even "PSK identities and/or passwords that are composed solely of printable ASCII characters are likely to be humanly entered, and thus insecure". Which means, of course, that people will ignore that and demand simple user names / passwords for EAP-TLS with PSK. Because that's ever so much easier than using nasty certs. That isn't something we should encourage. It may be worth just forbidding it. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu From nobody Thu Sep 19 02:17:52 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698C4120125; Thu, 19 Sep 2019 02:17:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Je1nU0F3; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xIXRAq7m Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHNdCJRtQMPa; Thu, 19 Sep 2019 02:17:48 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 387FC1200F3; Thu, 19 Sep 2019 02:17:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6071; q=dns/txt; s=iport; t=1568884668; x=1570094268; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=2k2gXWd1oN7eFrE6vNjiNsUgTYrDQ7PFBsICWBvzDYM=; b=Je1nU0F3NrxHMtPs5RcH7faIo52oFCHoixd548wmFvK28FbXpEDhj+U3 8o+kW3iRY/LIjLTlBmdSsP6/2DC/RVeZeWO8D4J+l9szZS5SvtH+7ZYxj WkddDUB+auH3+/WuhonQmpnngJVFWNETQzwOiqQo1/Cgl/BSxCU6vDMNr 0=; IronPort-PHdr: =?us-ascii?q?9a23=3AK54zABQsTpyR3pN98AZVVC4LJtpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESUDNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOis0BsVPUHdu/mqwNg5eH8OtL1A=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CvAACVRoNd/4wNJK1cCRoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgWeBRVADbVYgBAsqh2kDinuCXJdzglIDVAkBAQEMAQEYCwo?= =?us-ascii?q?CAQGEPwKDAyM4EwIDCQEBBAEBAQIBBQRthS0MhUoBAQEDAQEBECgGAQEsCwE?= =?us-ascii?q?LBAIBCA4DBAEBARgGECcLHQgCBAENBQgagwGBagMODwEOonkCgTiIYYIlgn0?= =?us-ascii?q?BAQWBMwGDWBiCFwMGgTSLawEdGIFAP4ERRoJMPoJhAQECAYE0BBYSTYJugia?= =?us-ascii?q?Me4golnNuCoIihwWOG5khjhKIEJB7AgQCBAUCDgEBBYFpIYFYcBU7gmxQEBS?= =?us-ascii?q?BTgkag0+FFIU/cwGBKIx6I4IwAQE?= X-IronPort-AV: E=Sophos;i="5.64,523,1559520000"; d="scan'208";a="334851056" Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Sep 2019 09:17:47 +0000 Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x8J9Hlj8021882 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Sep 2019 09:17:47 GMT Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 04:17:46 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 04:17:46 -0500 Received: from NAM05-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 19 Sep 2019 05:17:45 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mzKXTsH8p8iwUmHue83MgAAmhwBItTm4dZQ3LSwkMp5/ZvVi4TolaNLyUtRNQMhAc7VfDXfRzjpbSTOZLF69WABKRufeyEgj9UWqmX38jHC3Ww7ykyIb1It9ioaF1dNC/kubl9WNdly3t4whrEmChwC3PxoVaGuo8yJ2EHzmxQfb03l52fV+/AC9GKkn8ciSz/Fb4uNlh9SPrUD3g/fQqPwiaI98Mw86KnAu3yWfbxxVIFyNFE3L3SmQdjJtd1JMO4eJCnzn6g6yaBi8VPrmYrc29fcujFs2Eh7sDcl9FuVI3t7xSn7NNTm3H+OVRrF6Gx1/Fx6RCPGSDC92HveMWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WfXaCB+c86XuPSJHPQYYUpYNkU2lxV830Rs9WWHrO3w=; b=AhqvmtAlWylHyFCPt615INkAVizTwLpJkzgprL2qjKLuk6JJ/hYkPoxzV3gk/2Sdo10GykrV93ePKPdNyTeObSvkJzQQvMqmIC/pbqC43vvK51lc0xxOFT5UQ9hQEG0XXUEtYDBz0hypxKZziYdEWg7/Ci9HJjGlCBEGztOhGGtErmKXaFnK7f1AW3cBMBMYfuPPguMmsjkTHb6Qjzl3jmpxaLbmv5H2hLUzKd2OyYFjZ9+pZ4KhwsLbhI2Hk4h05c2jrC6AGAdNlzCmI9gwVjgIScqOdxO9BGfvrv6gx+4eF9QeP8qIJmAb2/Wlhy0yL+6eGFFcJvJj1jpcTvTprw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WfXaCB+c86XuPSJHPQYYUpYNkU2lxV830Rs9WWHrO3w=; b=xIXRAq7m8KE6/e83XZTbjRul1HxJdavMCu6aFyDryu1Dxw+/YmUy/1IgRKDBXf5XIb+xA7id45SK2Vm+hdcuqiZfiPEDoJPBPEidj3uQnhROkdCBJ+YFh+C5s+mZa1e8VpZSAPpNfPJQdgYqY97Stezk8eT4B9BqampIWd2FIpA= Received: from CY4PR1101MB2278.namprd11.prod.outlook.com (10.172.76.13) by CY4PR1101MB2341.namprd11.prod.outlook.com (10.173.188.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.21; Thu, 19 Sep 2019 09:17:44 +0000 Received: from CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127]) by CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127%9]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019 09:17:44 +0000 From: "Owen Friel (ofriel)" To: Jim Schaad , "'Alan DeKok'" CC: "draft-ietf-emu-eap-tls13@ietf.org" , "'EMU WG'" Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA///jpID//4j+YAAgT+oAABHGqoD//9GSsA== Date: Thu, 19 Sep 2019 09:17:44 +0000 Message-ID: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> In-Reply-To: <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com; x-originating-ip: [2001:420:4041:1250:a8b9:6c1c:9fd6:400] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6bfd2e22-3e9a-4807-385f-08d73ce23ad1 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR1101MB2341; x-ms-traffictypediagnostic: CY4PR1101MB2341: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(346002)(136003)(396003)(366004)(189003)(199004)(13464003)(99286004)(316002)(33656002)(9686003)(7696005)(229853002)(256004)(6246003)(110136005)(5660300002)(6306002)(54906003)(2906002)(14444005)(486006)(6436002)(66946007)(76116006)(64756008)(66446008)(305945005)(6506007)(4326008)(66556008)(76176011)(53546011)(446003)(476003)(966005)(102836004)(7736002)(81156014)(186003)(11346002)(52536014)(71190400001)(46003)(71200400001)(14454004)(55016002)(66476007)(25786009)(74316002)(8936002)(6116002)(478600001)(86362001)(81166006)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2341; H:CY4PR1101MB2278.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: f+x362i0W8MqO0DtYyg/9Z2HFrK+6FPMZktbi/PxBTZAzUsI6K/V89gjotdtGiBs9B5IOCAckIkMYrMqS6Ppg3mP0Li2EGb0BMgH9pNrAiq7+2pOeoURkKRdIIOEtqK0In+JMzgyc88SgYTpZnTODcjOToueOOJYU5FX3nzlJB1nM57s7FD299xjDrbXaY5FvOsttNivl5YtbEfH5zgpEyGhiiHrT4zxMqxvyzss2+xCytgFmLlr1+TEaC9y/yGjHTv2vhZTTy7tf0Acm4RXKhpcMBvrreuv4YPRRZ3vXxGEtA14icq/lUmSLXBZehcj1cQOLFQlxBU3ozYAkvAq8tIzEp1FN1C/fsTisG9Ub5r4KqQJRvXcCwej8LsusnUif3cDELYkkvglT9//fm6wDRKMTl6JfdY1o61hPgHKqvQ= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 6bfd2e22-3e9a-4807-385f-08d73ce23ad1 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 09:17:44.2125 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ym/3xPIrHaA0hP6SGYDn6unTO9brjdYE1jr+e/lio73A/pLsJhH98e4L4jAuy3hgU/CE+8ap+2Um3jt/LcE1Tw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2341 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.23, xch-aln-013.cisco.com X-Outbound-Node: alln-core-7.cisco.com Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 09:17:51 -0000 > -----Original Message----- > From: Jim Schaad > Sent: 19 September 2019 07:28 > To: 'Alan DeKok' ; Owen Friel (ofriel) > > Cc: draft-ietf-emu-eap-tls13@ietf.org; 'EMU WG' > Subject: RE: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 >=20 > I am going to come down on the side of no PSK should not be supported. > However my issues have nothing to do with how things are implemented > and more to do with the security properties of the EAP method. >=20 > When you use certificates, there is no leakage of who the client is as th= is is > encrypted by TLS. When you use a restore session ticket, it is possible = to limit > the number of times that the ticket can be used (for example once). > The PSK identity is public and unprotected so it can be used to track. I= f one is > using PSK for the purpose of authentication then that value will always b= e > visible to intermediate parties for the purpose of tracking. > This can be slightly mitigated by using restore session tickets with PSK,= but > you are going to send that PSK identifier over the wire many times. The IoT use case is to use the PSK one time for authentication during boots= trapping, then get credentialed, and thereafter use a certificate for subse= quent EAP authentications. The bootstrap PSK enables proof of possession i.= e. the thing will only bootstrap against a network that knows its PSK. >=20 >=20 > This is just informational and can be ignored: >=20 > My current favorite way to deal with PSK/ticket identifiers is with > encryption: >=20 > 32 bytes of index into table > 32 bytes of date information > 32 bytes of SIV (synthetic IV) >=20 > Encrypt the first two items using the SIV. You can then have multiple ke= ys for > decryption. One for PSKs and a resolving one for session tickets. If th= e > identifier does not decrypt then you reject. Otherwise you look at the d= ate > information and the index in the table for the secret information. >=20 > It is even possible to play games with AAD to do things like scope the ti= ckets > up front - if you put in the name/address of the NAS then you have a > prescreen on where the ticket can be used. >=20 > Jim >=20 >=20 >=20 >=20 > -----Original Message----- > From: Emu On Behalf Of Alan DeKok > Sent: Wednesday, September 18, 2019 2:59 PM > To: Owen Friel (ofriel) > Cc: draft-ietf-emu-eap-tls13@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 >=20 > On Sep 18, 2019, at 5:42 PM, Owen Friel (ofriel) wrote= : > > Giving some implementation guidance seems appropriate here. Naively, > > one > could envisage the implementation simply having a DB table for extern PSK= s > and a table that holds NewSessionTickets. An implementation could simply > check the extern PSK table using the PskIdentity.identity, and if no matc= h is > found then check the NewSessionTickets table. >=20 > Which works, but should be called out in the draft. >=20 > And what is to prevent the system from generating conflicting PSK > identities? i.e. I don't control OpenSSL. From what I see, TLS 1.3 resu= mption > means that OpenSSLL will choose whatever PSK identity it deems fit. >=20 > As an implementor and/or admin, how do I choose *pre-provisioned* PSK > identities which won't conflict with the ones OpenSSL choose? >=20 > > The default OpenSSL NSK ticketId is 32 bytes long > https://github.com/openssl/openssl/blob/558ea84743918f7a93bfbfc259f86a > d1fa4c > 8de9/include/openssl/ssl3.h#L127 so something has gone seriously wrong if > there is a clash (poor randoms, etc.). >=20 > i.e. "pick a long string and that should be good enough". >=20 > If that really is the guidance, then this should also be called out in = the draft. > PSK identities MUST be long (ideally 32 octets or more), and MUST be > generated from a CSPRNG. >=20 > Which then leads to the question of what will the poor user enter in a = UI? > If "end users" shouldn't be doing this, the draft also needs to call that= out. >=20 > > Well, more precisely, the PSK identity is visible in the ClientHello, > > not > the actual PSK of course. >=20 > Sure. >=20 > > And the PSK *must not* be a user-manageable string such as the > >> NAI. On the other hand, if the PSK is sent after encryption begins, > >> then the PSK *should* be a user-manageable string such as an NAI. > > > > https://tools.ietf.org/html/rfc8446#section-2.2 also states: > > ... > > so TLS-PSK is not suitable for a user entered low entropy password. We > > need a PAKE for that (c.f. the ongoing CFRG PAKE assessment) >=20 > Sure. >=20 > > There are some use cases Eliot and I are looking at related to IoT > onboarding where a TLS-PSK authentication has definite value, and we real= ly > don't want to see this avenue closed off in EAP. >=20 > I don't know the exact use-case, but TBH I'd suggest EAP-PWD for that. > I'm not sure that EAP-TLS with PSK adds any value here. >=20 > Allowing PSK means that the draft should likely say "end users MUST NOT > be using TLS-PSK". Or maybe "TLS-PSK MUST be used only where systems > can be automatically provisioned with long binary data for both PSK ident= ity > and PSK itself". Or even "PSK identities and/or passwords that are compo= sed > solely of printable ASCII characters are likely to be humanly entered, an= d > thus insecure". >=20 > Which means, of course, that people will ignore that and demand simple > user names / passwords for EAP-TLS with PSK. Because that's ever so much > easier than using nasty certs. >=20 > That isn't something we should encourage. It may be worth just forbidd= ing > it. >=20 > Alan DeKok. >=20 > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu From nobody Thu Sep 19 03:04:25 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B5C120018; Thu, 19 Sep 2019 03:04:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BKAFdNwxFke; Thu, 19 Sep 2019 03:04:21 -0700 (PDT) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50080.outbound.protection.outlook.com [40.107.5.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 905A11200F4; Thu, 19 Sep 2019 03:04:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VD3q4X7GoEMsIY/VXZxi67KkrpEuNFPZcJte/UmyHVAfW834ijyHNgWke8S4xIxL5YTbKh5Ek3946vOI3FMRIBYRN83SdwVt8WOhri+eSzTwfTTLLhjMDk1BLKw/1VGGvSi+50vxeXNo2mGt/JMcdKbJIlaDbGN+/0qiddCUqdeHsNcduzmOB/cMSL2JdZ45kVQSaQbs4K8yOeMP0rtldUyw21VmTceAZOBuXpCm6wdOMfZkNbyGDOREwyZgF9+PvL098Vzbf9CTY55jfp1g/bjEBHtQszTR7WcxqftgKWJ+HQ+iTXJEvgBcdI4EacQkVN+8sIVekMlalgvcX988/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1ZuMf9ZSZ2ovbbF467Zx5gXsPqrDEYTnMBorZn1VQrQ=; b=gQeVNlarg70g7Xdy4tdDAeapYB9bijFEH+xmLQOhMJw7yFMchu5l0Y8PRgZxocsCShxlWIvgljRDl497X7NEIqWAuQvwHs8RG4sx/mYCVu6jnwo4oo5KZRTlu7ep4PapfamsQwyUQsWjIhzSVyGZHViMf1UDH7AmNC6mQX5MhJSAzRggHrAVUjbEc1v2UWGqa7/zNG2xkx3Oglk5IrSSq0gvQX/+AP1QM2gGjzH6w1bqZBOpFDV6RDUwhH6mToXGpwiZjQCdoI1r8p2GzfNGfsLiQ+ZIHRYGtFedqZmIZ1xmFBm37iCiyDavC2KVS1+f1QTDtfXuvua2edcmrd/J+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1ZuMf9ZSZ2ovbbF467Zx5gXsPqrDEYTnMBorZn1VQrQ=; b=TSw6uk3ccKyAqBTatwtiBr7e224x5T56bIq9qeJ7QwA2K73UNoDXdB5R2Cjk1bhCQK7eUs8mOq+RiWWKUOMwb63zdH1HECirfYTJlaOfiiChcxAG47ko7Fys6mTlzCN1gPE5TT37BAWMqDQDfZtieiCDTPsCNEHm6yKjcVXSmqQ= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3498.eurprd07.prod.outlook.com (10.170.244.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Thu, 19 Sep 2019 10:04:17 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.009; Thu, 19 Sep 2019 10:04:17 +0000 From: John Mattsson To: "Owen Friel (ofriel)" , Jim Schaad , 'Alan DeKok' CC: "draft-ietf-emu-eap-tls13@ietf.org" , 'EMU WG' Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA///jpID//4j+YAAgT+oAABHGqoD//9GSsP//c42A Date: Thu, 19 Sep 2019 10:04:17 +0000 Message-ID: <80E3DD70-C335-4D63-A6B7-E74DEFD69EDF@ericsson.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 89a79a05-95fc-4f24-d81b-08d73ce8bbdf x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB3498; x-ms-traffictypediagnostic: HE1PR07MB3498: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(396003)(346002)(39860400002)(136003)(13464003)(51444003)(199004)(189003)(186003)(99286004)(76176011)(478600001)(26005)(256004)(58126008)(54906003)(6512007)(110136005)(14444005)(33656002)(44832011)(486006)(4326008)(76116006)(6306002)(11346002)(66476007)(7736002)(64756008)(66556008)(305945005)(2616005)(66946007)(66446008)(476003)(14454004)(25786009)(5660300002)(8676002)(81166006)(966005)(81156014)(71190400001)(8936002)(6246003)(2906002)(66066001)(446003)(316002)(6486002)(71200400001)(229853002)(102836004)(86362001)(53546011)(6116002)(3846002)(6436002)(36756003)(6506007); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3498; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: WR/Zj7oJcmKLZWMQyUBNyvzUaU/P4KET+rn0cqwVY/x4fUnHOlgHPU2GZ1F06fDK8lQu5/NUyZewitCkc4BLRBumcEpQfPols9WxiI8PO/hEpFRcKDYFsU0FCp3DM1Js5iVKt/6csqwVhCCcngypWqM0btPFFOe/rgky9UC5Vt+mfIHMSmOqKpptCr3IxxRDWyfrdvTNpJKn4yKFj6nFCCh7obiDezWEt640w6087uPSQ5MbfEscU2eFVsIwCBDG70J+wrBHI5xVceg2sCdSjhQ5HMPqScj1MGJsKiLDTqpSwxf5GLptI2wSbehySLr9ZpHzukfM6WpJqLCDaKfnnLqeWLvGMH/i8BD2oLY5+b5i+hRTZXPG4O9cLzU7umGun8wREvMuz56rxpkU1kOgePKrnSYo7Wjw5cUINydFJG4= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <3D00D78B170EF84D9CBC1E2E4ECF2CBB@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 89a79a05-95fc-4f24-d81b-08d73ce8bbdf X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 10:04:17.6603 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: E+46GOHdz1S3YNRBJ1maUFV2ggKZcnIVIlFeRuE3fJtjzsnIPV0y4fKVKg/4J/RLnFCuRaWJmuhvpf/nR5XsAFRpbR+bnpxcm5mt+HxaI8A= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3498 Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 10:04:25 -0000 SSBhbSBzdGFydGluZyB0byBjb21lIGRvd24gb24gdGhlIHNpZGUgdGhlIEVBUC1UTFMgUFNLIHNo b3VsZCBiZSBzcGVjaWZpZWQuDQoNCi0gSSB0aGluayBFQVAtUFNLIHNob3VsZCBiZSBwaGFzZWQg b3V0IGxpa2UgYWxsIG90aGVyIG1ldGhvZHMgbm90IGdpdmluZyBQRlMuDQotIFRoZSBzZWN1cml0 eSBvZiB0aGUgRHJhZ29uZmx5IGhhbmRzaGFrZSB1c2VkIGluIEVBUC1QV0QgKGFuZCBXUEEzKSBz ZWVtcyBxdWl0ZSBzaGFreSAoIGh0dHBzOi8vZXByaW50LmlhY3Iub3JnLzIwMTkvMzgzICksIGJ1 dCBJIGhhdmUgbm90IGxvb2tlZCBpbnRvIHRoZSBkZXRhaWxzLg0KDQotIEFuIEVBUCBwYXNzd29y ZCBtZXRob2QgZm9yIHRoZSBmdXR1cmUgc2hvdWxkIGxpa2VseSB1c2UgdGhlIFBBS0UgdGhhdCBD RlJHIHdpbGwgc29vbiBzdGFuZGFyZGl6ZS4NCi0gRUFQIG1ldGhvZHMgc2hvdWxkIGluIHRoZSBm dXR1cmUgc3VwcG9ydCBzb21lIFBRQyBrZXkgZXhjaGFuZ2UuDQoNClRMUyB3aWxsIHZlcnkgbGlr ZWx5IGdldCBzdXBwb3J0IGZvciBib3RoIHRoZSBDRlJHIFBBS0UgYW5kIFBRQyBrZXkgZXhjaGFu Z2UgYWxnb3JpdGhtcy4gSSBhbSBub3Qgc3VyZSB0aGUgRUFQIGdyb3VwIHdhbnQgdG8gc3BlbmQg dGltZSB1cGRhdGluZyBlaXRoZXIgRUFQLVBTSyBvciBFU1AtUFdELiBVbmxlc3MgdGhlcmUgYXJl IG90aGVyIGJlbmVmaXRzIHdpdGggRUFQLVBTSyBvciBFQVAtUFdELCBJIHRoaW5rIHN0YW5kYXJk aXppbmcgRUFQLVRMUyBQU0sgbWFrZXMgYSBsb3Qgb2Ygc2Vuc2UuDQoNCkkgYWxzbyBub3RlIHRo YXQsIEVBUC1QU0sgaXMgZXhwZXJpbWVudGFsIGFuZCBFQVAtUFdEIGlzIGluZm9ybWFsLiBVbmxl c3MgSUVURiB0aGlua3MgUFNLIGFuZCBwYXNzd29yZHMgc2hvdWxkIG5vdCBiZSB1c2VkICh3aGlj aCBkb2VzIGNlcnRhaW5seSBub3Qgc2VlbSB0byBiZSB0aGUgY2FzZSBhcyBUTFMgMS4zIGlzIGlu Y2x1ZGluZyBQU0sgYW5kIENGUkcgaXMgc3RhbmRhcmRpemluZyBwYXNzd29yZCBiYXNlZCBBS0Up IEkgdGhpbmsgdGhhdCBFTVUgc2hvdWxkIG1ha2Ugc29tZSBQU0sgYW5kIHBhc3N3b3JkIGJhc2Vk IG1ldGhvZCBTdGFuZGFyZHMgVHJhY2suIEF0IHRoZSBtb21lbnQgRUFQLVRMUyAxLjMgbG9va3Mg bGlrZSB0aGUgYmVzdCBjaG9pY2UuDQoNCkppbSB3cm90ZToNCj4gYW5kIG1vcmUgdG8gZG8gd2l0 aCB0aGUgc2VjdXJpdHkgcHJvcGVydGllcyBvZiB0aGUgRUFQIG1ldGhvZC4NCg0KSWYgdGhhdCBp cyBzZWVuIGFzIGEgcHJvYmxlbSwgc3RhbmRhcmRpemluZyBhIHNlcGFyYXRlIFR5cGUtQ29kZSBm b3IgRUFQLVRMUyB3aXRoIFBTSyBhdXRoZW50aWNhdGlvbiB3b3VsZCBzb2x2ZSB0aGUgcHJvYmxl bS4NCg0KL0pvaG4NCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206ICJPd2VuIEZy aWVsIChvZnJpZWwpIiA8b2ZyaWVsQGNpc2NvLmNvbT4NCkRhdGU6IFRodXJzZGF5LCAxOSBTZXB0 ZW1iZXIgMjAxOSBhdCAxMToxNw0KVG86IEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2VsbGFycy5j b20+LCAnQWxhbiBEZUtvaycgPGFsYW5kQGRlcGxveWluZ3JhZGl1cy5jb20+DQpDYzogImRyYWZ0 LWlldGYtZW11LWVhcC10bHMxM0BpZXRmLm9yZyIgPGRyYWZ0LWlldGYtZW11LWVhcC10bHMxM0Bp ZXRmLm9yZz4sICdFTVUgV0cnIDxlbXVAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSRTogW0VtdV0gUE9T VCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVhcC10bHMxMw0KUmVzZW50IGZyb206IDxh bGlhcy1ib3VuY2VzQGlldGYub3JnPg0KUmVzZW50IHRvOiBKb2huIE1hdHRzc29uIDxqb2huLm1h dHRzc29uQGVyaWNzc29uLmNvbT4sIDxtb2hpdEBwaXVoYS5uZXQ+DQpSZXNlbnQgZGF0ZTogVGh1 cnNkYXksIDE5IFNlcHRlbWJlciAyMDE5IGF0IDExOjE3DQoNCiAgICANCiAgICANCiAgICA+IC0t LS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQogICAgPiBGcm9tOiBKaW0gU2NoYWFkIDxpZXRmQGF1 Z3VzdGNlbGxhcnMuY29tPg0KICAgID4gU2VudDogMTkgU2VwdGVtYmVyIDIwMTkgMDc6MjgNCiAg ICA+IFRvOiAnQWxhbiBEZUtvaycgPGFsYW5kQGRlcGxveWluZ3JhZGl1cy5jb20+OyBPd2VuIEZy aWVsIChvZnJpZWwpDQogICAgPiA8b2ZyaWVsQGNpc2NvLmNvbT4NCiAgICA+IENjOiBkcmFmdC1p ZXRmLWVtdS1lYXAtdGxzMTNAaWV0Zi5vcmc7ICdFTVUgV0cnIDxlbXVAaWV0Zi5vcmc+DQogICAg PiBTdWJqZWN0OiBSRTogW0VtdV0gUE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVh cC10bHMxMw0KICAgID4gDQogICAgPiBJIGFtIGdvaW5nIHRvIGNvbWUgZG93biBvbiB0aGUgc2lk ZSBvZiBubyBQU0sgc2hvdWxkIG5vdCBiZSBzdXBwb3J0ZWQuDQogICAgPiBIb3dldmVyIG15IGlz c3VlcyBoYXZlIG5vdGhpbmcgdG8gZG8gd2l0aCBob3cgdGhpbmdzIGFyZSBpbXBsZW1lbnRlZA0K ICAgID4gYW5kIG1vcmUgdG8gZG8gd2l0aCB0aGUgc2VjdXJpdHkgcHJvcGVydGllcyBvZiB0aGUg RUFQIG1ldGhvZC4NCiAgICA+IA0KICAgID4gV2hlbiB5b3UgdXNlIGNlcnRpZmljYXRlcywgdGhl cmUgaXMgbm8gbGVha2FnZSBvZiB3aG8gdGhlIGNsaWVudCBpcyBhcyB0aGlzIGlzDQogICAgPiBl bmNyeXB0ZWQgYnkgVExTLiAgV2hlbiB5b3UgdXNlIGEgcmVzdG9yZSBzZXNzaW9uIHRpY2tldCwg aXQgaXMgcG9zc2libGUgdG8gbGltaXQNCiAgICA+IHRoZSBudW1iZXIgb2YgdGltZXMgdGhhdCB0 aGUgdGlja2V0IGNhbiBiZSB1c2VkIChmb3IgZXhhbXBsZSBvbmNlKS4NCiAgICA+IFRoZSBQU0sg aWRlbnRpdHkgaXMgcHVibGljIGFuZCB1bnByb3RlY3RlZCBzbyBpdCBjYW4gYmUgdXNlZCB0byB0 cmFjay4gIElmIG9uZSBpcw0KICAgID4gdXNpbmcgUFNLIGZvciB0aGUgcHVycG9zZSBvZiBhdXRo ZW50aWNhdGlvbiB0aGVuIHRoYXQgdmFsdWUgd2lsbCBhbHdheXMgYmUNCiAgICA+IHZpc2libGUg dG8gaW50ZXJtZWRpYXRlIHBhcnRpZXMgZm9yIHRoZSBwdXJwb3NlIG9mIHRyYWNraW5nLg0KICAg ID4gVGhpcyBjYW4gYmUgc2xpZ2h0bHkgbWl0aWdhdGVkIGJ5IHVzaW5nIHJlc3RvcmUgc2Vzc2lv biB0aWNrZXRzIHdpdGggUFNLLCBidXQNCiAgICA+IHlvdSBhcmUgZ29pbmcgdG8gc2VuZCB0aGF0 IFBTSyBpZGVudGlmaWVyIG92ZXIgdGhlIHdpcmUgbWFueSB0aW1lcy4NCiAgICANCiAgICBUaGUg SW9UIHVzZSBjYXNlIGlzIHRvIHVzZSB0aGUgUFNLIG9uZSB0aW1lIGZvciBhdXRoZW50aWNhdGlv biBkdXJpbmcgYm9vdHN0cmFwcGluZywgdGhlbiBnZXQgY3JlZGVudGlhbGVkLCBhbmQgdGhlcmVh ZnRlciB1c2UgYSBjZXJ0aWZpY2F0ZSBmb3Igc3Vic2VxdWVudCBFQVAgYXV0aGVudGljYXRpb25z LiBUaGUgYm9vdHN0cmFwIFBTSyBlbmFibGVzIHByb29mIG9mIHBvc3Nlc3Npb24gaS5lLiB0aGUg dGhpbmcgd2lsbCBvbmx5IGJvb3RzdHJhcCBhZ2FpbnN0IGEgbmV0d29yayB0aGF0IGtub3dzIGl0 cyBQU0suDQogICAgDQogICAgPiANCiAgICA+IA0KICAgID4gVGhpcyBpcyBqdXN0IGluZm9ybWF0 aW9uYWwgYW5kIGNhbiBiZSBpZ25vcmVkOg0KICAgID4gDQogICAgPiBNeSBjdXJyZW50IGZhdm9y aXRlIHdheSB0byBkZWFsIHdpdGggUFNLL3RpY2tldCBpZGVudGlmaWVycyBpcyB3aXRoDQogICAg PiBlbmNyeXB0aW9uOg0KICAgID4gDQogICAgPiAzMiBieXRlcyBvZiBpbmRleCBpbnRvIHRhYmxl DQogICAgPiAzMiBieXRlcyBvZiBkYXRlIGluZm9ybWF0aW9uDQogICAgPiAzMiBieXRlcyBvZiBT SVYgKHN5bnRoZXRpYyBJVikNCiAgICA+IA0KICAgID4gRW5jcnlwdCB0aGUgZmlyc3QgdHdvIGl0 ZW1zIHVzaW5nIHRoZSBTSVYuICBZb3UgY2FuIHRoZW4gaGF2ZSBtdWx0aXBsZSBrZXlzIGZvcg0K ICAgID4gZGVjcnlwdGlvbi4gIE9uZSBmb3IgUFNLcyBhbmQgYSByZXNvbHZpbmcgb25lIGZvciBz ZXNzaW9uIHRpY2tldHMuICBJZiB0aGUNCiAgICA+IGlkZW50aWZpZXIgZG9lcyBub3QgZGVjcnlw dCB0aGVuIHlvdSByZWplY3QuICBPdGhlcndpc2UgeW91IGxvb2sgYXQgdGhlIGRhdGUNCiAgICA+ IGluZm9ybWF0aW9uIGFuZCB0aGUgaW5kZXggaW4gdGhlIHRhYmxlIGZvciB0aGUgc2VjcmV0IGlu Zm9ybWF0aW9uLg0KICAgID4gDQogICAgPiBJdCBpcyBldmVuIHBvc3NpYmxlIHRvIHBsYXkgZ2Ft ZXMgd2l0aCBBQUQgdG8gZG8gdGhpbmdzIGxpa2Ugc2NvcGUgdGhlIHRpY2tldHMNCiAgICA+IHVw IGZyb250IC0gaWYgeW91IHB1dCBpbiB0aGUgbmFtZS9hZGRyZXNzIG9mIHRoZSBOQVMgdGhlbiB5 b3UgaGF2ZSBhDQogICAgPiBwcmVzY3JlZW4gb24gd2hlcmUgdGhlIHRpY2tldCBjYW4gYmUgdXNl ZC4NCiAgICA+IA0KICAgID4gSmltDQogICAgPiANCiAgICA+IA0KICAgID4gDQogICAgPiANCiAg ICA+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQogICAgPiBGcm9tOiBFbXUgPGVtdS1ib3Vu Y2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgQWxhbiBEZUtvaw0KICAgID4gU2VudDogV2VkbmVz ZGF5LCBTZXB0ZW1iZXIgMTgsIDIwMTkgMjo1OSBQTQ0KICAgID4gVG86IE93ZW4gRnJpZWwgKG9m cmllbCkgPG9mcmllbEBjaXNjby5jb20+DQogICAgPiBDYzogZHJhZnQtaWV0Zi1lbXUtZWFwLXRs czEzQGlldGYub3JnOyBFTVUgV0cgPGVtdUBpZXRmLm9yZz4NCiAgICA+IFN1YmplY3Q6IFJlOiBb RW11XSBQT1NUIFdHTEMgQ29tbWVudHMgZHJhZnQtaWV0Zi1lbXUtZWFwLXRsczEzDQogICAgPiAN CiAgICA+IE9uIFNlcCAxOCwgMjAxOSwgYXQgNTo0MiBQTSwgT3dlbiBGcmllbCAob2ZyaWVsKSA8 b2ZyaWVsQGNpc2NvLmNvbT4gd3JvdGU6DQogICAgPiA+IEdpdmluZyBzb21lIGltcGxlbWVudGF0 aW9uIGd1aWRhbmNlIHNlZW1zIGFwcHJvcHJpYXRlIGhlcmUuIE5haXZlbHksDQogICAgPiA+IG9u ZQ0KICAgID4gY291bGQgZW52aXNhZ2UgdGhlIGltcGxlbWVudGF0aW9uIHNpbXBseSBoYXZpbmcg YSBEQiB0YWJsZSBmb3IgZXh0ZXJuIFBTS3MNCiAgICA+IGFuZCBhIHRhYmxlIHRoYXQgaG9sZHMg TmV3U2Vzc2lvblRpY2tldHMuIEFuIGltcGxlbWVudGF0aW9uIGNvdWxkIHNpbXBseQ0KICAgID4g Y2hlY2sgdGhlIGV4dGVybiBQU0sgdGFibGUgdXNpbmcgdGhlIFBza0lkZW50aXR5LmlkZW50aXR5 LCBhbmQgaWYgbm8gbWF0Y2ggaXMNCiAgICA+IGZvdW5kIHRoZW4gY2hlY2sgdGhlIE5ld1Nlc3Np b25UaWNrZXRzIHRhYmxlLg0KICAgID4gDQogICAgPiAgIFdoaWNoIHdvcmtzLCBidXQgc2hvdWxk IGJlIGNhbGxlZCBvdXQgaW4gdGhlIGRyYWZ0Lg0KICAgID4gDQogICAgPiAgIEFuZCB3aGF0IGlz IHRvIHByZXZlbnQgdGhlIHN5c3RlbSBmcm9tIGdlbmVyYXRpbmcgY29uZmxpY3RpbmcgUFNLDQog ICAgPiBpZGVudGl0aWVzPyAgaS5lLiBJIGRvbid0IGNvbnRyb2wgT3BlblNTTC4gIEZyb20gd2hh dCBJIHNlZSwgVExTIDEuMyByZXN1bXB0aW9uDQogICAgPiBtZWFucyB0aGF0IE9wZW5TU0xMIHdp bGwgY2hvb3NlIHdoYXRldmVyIFBTSyBpZGVudGl0eSBpdCBkZWVtcyBmaXQuDQogICAgPiANCiAg ICA+ICAgQXMgYW4gaW1wbGVtZW50b3IgYW5kL29yIGFkbWluLCBob3cgZG8gSSBjaG9vc2UgKnBy ZS1wcm92aXNpb25lZCogUFNLDQogICAgPiBpZGVudGl0aWVzIHdoaWNoIHdvbid0IGNvbmZsaWN0 IHdpdGggdGhlIG9uZXMgT3BlblNTTCBjaG9vc2U/DQogICAgPiANCiAgICA+ID4gVGhlIGRlZmF1 bHQgT3BlblNTTCBOU0sgdGlja2V0SWQgaXMgMzIgYnl0ZXMgbG9uZw0KICAgID4gaHR0cHM6Ly9w cm90ZWN0Mi5maXJlZXllLmNvbS91cmw/az1mYTdjZGJmYS1hNmY2MGYzYi1mYTdjOWI2MS04NjNk OWJjYjcyNmYtMDU3MGNlNGEzNDYyY2I0YiZxPTEmdT1odHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20l MkZvcGVuc3NsJTJGb3BlbnNzbCUyRmJsb2IlMkY1NThlYTg0NzQzOTE4ZjdhOTNiZmJmYzI1OWY4 NmENCiAgICA+IGQxZmE0Yw0KICAgID4gOGRlOS9pbmNsdWRlL29wZW5zc2wvc3NsMy5oI0wxMjcg c28gc29tZXRoaW5nIGhhcyBnb25lIHNlcmlvdXNseSB3cm9uZyBpZg0KICAgID4gdGhlcmUgaXMg YSBjbGFzaCAocG9vciByYW5kb21zLCBldGMuKS4NCiAgICA+IA0KICAgID4gICBpLmUuICJwaWNr IGEgbG9uZyBzdHJpbmcgYW5kIHRoYXQgc2hvdWxkIGJlIGdvb2QgZW5vdWdoIi4NCiAgICA+IA0K ICAgID4gICBJZiB0aGF0IHJlYWxseSBpcyB0aGUgZ3VpZGFuY2UsIHRoZW4gdGhpcyBzaG91bGQg YWxzbyBiZSBjYWxsZWQgb3V0IGluIHRoZSBkcmFmdC4NCiAgICA+IFBTSyBpZGVudGl0aWVzIE1V U1QgYmUgbG9uZyAoaWRlYWxseSAzMiBvY3RldHMgb3IgbW9yZSksIGFuZCBNVVNUIGJlDQogICAg PiBnZW5lcmF0ZWQgZnJvbSBhIENTUFJORy4NCiAgICA+IA0KICAgID4gICBXaGljaCB0aGVuIGxl YWRzIHRvIHRoZSBxdWVzdGlvbiBvZiB3aGF0IHdpbGwgdGhlIHBvb3IgdXNlciBlbnRlciBpbiBh IFVJPw0KICAgID4gSWYgImVuZCB1c2VycyIgc2hvdWxkbid0IGJlIGRvaW5nIHRoaXMsIHRoZSBk cmFmdCBhbHNvIG5lZWRzIHRvIGNhbGwgdGhhdCBvdXQuDQogICAgPiANCiAgICA+ID4gV2VsbCwg bW9yZSBwcmVjaXNlbHksIHRoZSBQU0sgaWRlbnRpdHkgaXMgdmlzaWJsZSBpbiB0aGUgQ2xpZW50 SGVsbG8sDQogICAgPiA+IG5vdA0KICAgID4gdGhlIGFjdHVhbCBQU0sgb2YgY291cnNlLg0KICAg ID4gDQogICAgPiAgIFN1cmUuDQogICAgPiANCiAgICA+ID4gQW5kIHRoZSBQU0sgKm11c3Qgbm90 KiBiZSBhIHVzZXItbWFuYWdlYWJsZSBzdHJpbmcgc3VjaCBhcyB0aGUNCiAgICA+ID4+IE5BSS4g IE9uIHRoZSBvdGhlciBoYW5kLCBpZiB0aGUgUFNLIGlzIHNlbnQgYWZ0ZXIgZW5jcnlwdGlvbiBi ZWdpbnMsDQogICAgPiA+PiB0aGVuIHRoZSBQU0sgKnNob3VsZCogYmUgYSB1c2VyLW1hbmFnZWFi bGUgc3RyaW5nIHN1Y2ggYXMgYW4gTkFJLg0KICAgID4gPg0KICAgID4gPiBodHRwczovL3Rvb2xz LmlldGYub3JnL2h0bWwvcmZjODQ0NiNzZWN0aW9uLTIuMiBhbHNvIHN0YXRlczoNCiAgICA+ID4g Li4uDQogICAgPiA+IHNvIFRMUy1QU0sgaXMgbm90IHN1aXRhYmxlIGZvciBhIHVzZXIgZW50ZXJl ZCBsb3cgZW50cm9weSBwYXNzd29yZC4gV2UNCiAgICA+ID4gbmVlZCBhIFBBS0UgZm9yIHRoYXQg KGMuZi4gdGhlIG9uZ29pbmcgQ0ZSRyBQQUtFIGFzc2Vzc21lbnQpDQogICAgPiANCiAgICA+ICAg U3VyZS4NCiAgICA+IA0KICAgID4gPiBUaGVyZSBhcmUgc29tZSB1c2UgY2FzZXMgRWxpb3QgYW5k IEkgYXJlIGxvb2tpbmcgYXQgcmVsYXRlZCB0byBJb1QNCiAgICA+IG9uYm9hcmRpbmcgd2hlcmUg YSBUTFMtUFNLIGF1dGhlbnRpY2F0aW9uIGhhcyBkZWZpbml0ZSB2YWx1ZSwgYW5kIHdlIHJlYWxs eQ0KICAgID4gZG9uJ3Qgd2FudCB0byBzZWUgdGhpcyBhdmVudWUgY2xvc2VkIG9mZiBpbiBFQVAu DQogICAgPiANCiAgICA+ICAgSSBkb24ndCBrbm93IHRoZSBleGFjdCB1c2UtY2FzZSwgYnV0IFRC SCBJJ2Qgc3VnZ2VzdCBFQVAtUFdEIGZvciB0aGF0Lg0KICAgID4gSSdtIG5vdCBzdXJlIHRoYXQg RUFQLVRMUyB3aXRoIFBTSyBhZGRzIGFueSB2YWx1ZSBoZXJlLg0KICAgID4gDQogICAgPiAgIEFs bG93aW5nIFBTSyBtZWFucyB0aGF0IHRoZSBkcmFmdCBzaG91bGQgbGlrZWx5IHNheSAiZW5kIHVz ZXJzIE1VU1QgTk9UDQogICAgPiBiZSB1c2luZyBUTFMtUFNLIi4gIE9yIG1heWJlICJUTFMtUFNL IE1VU1QgYmUgdXNlZCBvbmx5IHdoZXJlIHN5c3RlbXMNCiAgICA+IGNhbiBiZSBhdXRvbWF0aWNh bGx5IHByb3Zpc2lvbmVkIHdpdGggbG9uZyBiaW5hcnkgZGF0YSBmb3IgYm90aCBQU0sgaWRlbnRp dHkNCiAgICA+IGFuZCBQU0sgaXRzZWxmIi4gIE9yIGV2ZW4gIlBTSyBpZGVudGl0aWVzIGFuZC9v ciBwYXNzd29yZHMgdGhhdCBhcmUgY29tcG9zZWQNCiAgICA+IHNvbGVseSBvZiBwcmludGFibGUg QVNDSUkgY2hhcmFjdGVycyBhcmUgbGlrZWx5IHRvIGJlIGh1bWFubHkgZW50ZXJlZCwgYW5kDQog ICAgPiB0aHVzIGluc2VjdXJlIi4NCiAgICA+IA0KICAgID4gICBXaGljaCBtZWFucywgb2YgY291 cnNlLCB0aGF0IHBlb3BsZSB3aWxsIGlnbm9yZSB0aGF0IGFuZCBkZW1hbmQgc2ltcGxlDQogICAg PiB1c2VyIG5hbWVzIC8gcGFzc3dvcmRzIGZvciBFQVAtVExTIHdpdGggUFNLLiAgQmVjYXVzZSB0 aGF0J3MgZXZlciBzbyBtdWNoDQogICAgPiBlYXNpZXIgdGhhbiB1c2luZyBuYXN0eSBjZXJ0cy4N CiAgICA+IA0KICAgID4gICBUaGF0IGlzbid0IHNvbWV0aGluZyB3ZSBzaG91bGQgZW5jb3VyYWdl LiAgSXQgbWF5IGJlIHdvcnRoIGp1c3QgZm9yYmlkZGluZw0KICAgID4gaXQuDQogICAgPiANCiAg ICA+ICAgQWxhbiBEZUtvay4NCiAgICA+IA0KICAgID4gX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX18NCiAgICA+IEVtdSBtYWlsaW5nIGxpc3QNCiAgICA+IEVt dUBpZXRmLm9yZw0KICAgID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9l bXUNCiAgICANCiAgICANCg0K From nobody Thu Sep 19 04:20:16 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3AF120803; Thu, 19 Sep 2019 04:20:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=eeWc1Cac; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=J+8Cl9vA Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fh1itxOYiTon; Thu, 19 Sep 2019 04:20:11 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8668C1201E4; Thu, 19 Sep 2019 04:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13728; q=dns/txt; s=iport; t=1568892011; x=1570101611; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ISvssDH4BW4FLY6Omj4afIVSIybb89nOmKHNnZ3o/a4=; b=eeWc1Cac7aIWvylndmmBEPfgP1DkTaDjdP1mcu5KeQCe9z0E1YxNkogz ud/3e3dpZBm0ZYn5z3RFpSNnOmiQ3d7JhsBcsBtbsyD7jZ8SOrJXmXIpS pwR4Pe/GniSGw8ONE/A+lOxVutDH9NYt6xEOQYzz2oVXwlAS8vf6et4xe Q=; IronPort-PHdr: =?us-ascii?q?9a23=3A4IphnheGsuRthoDY0RxrZrlClGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwKYD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/aCIgHclGfFRk5Hq8d0NSHZW2ag=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CBAAD3Y4Nd/5FdJa1cCRkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQEBgWeBRVADbVYgBAsqhCKDRwOKfIJcl3OCUgNUCQEBAQw?= =?us-ascii?q?BARgLCgIBAYQ/AheCbCM4EwIDCQEBBAEBAQIBBQRthS0MhUoBAQEDAQEBEBE?= =?us-ascii?q?RDAEBLAsBBAcEAgEIEQMBAQEBAgIUEgICAiULFQgIAgQBDQUIGoMBgWoDDg8?= =?us-ascii?q?BDqMGAoE4iGFzgTKCfQEBBYEzAQMCg1QYghcDBoEMKItrAR0YgUA/gRFGgU5?= =?us-ascii?q?+PoJVDAEBAgEXgR0EFhJNgjwygiaMYw4LglyFTZZ3bgqCIocFjh6CNpZtjha?= =?us-ascii?q?BOoZXkQACBAIEBQIOAQEFgWkhgVhwFTuCbB8xEBSBTgkag0+BGoN6hT9zAYE?= =?us-ascii?q?ojHojgjABAQ?= X-IronPort-AV: E=Sophos;i="5.64,523,1559520000"; d="scan'208";a="329198525" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Sep 2019 11:20:10 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x8JBK9xe029992 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 19 Sep 2019 11:20:09 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 06:20:09 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 06:20:08 -0500 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 19 Sep 2019 06:20:08 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PxnRXQu6J5G1aXg5zuFJaT04aYEP43Ouq1ET96skXr9nM6wQs1z4honEKYxE/GYnrUTMXE9SPNfroGgz2HiO5ifFvD3SK/dMSWaUhjzupS9lQ6u8+Xk3aoNt2WpNTk/eaXd9mJAG/q9H/zVJmlSvu0S/M/V4fs83YhRPEiIkqBUa0H0YDotI6M52onL3MGc5XaZxuhGTXV/sw36HfS+3Qet9iTYXkwf3zyRrPzUA8lZwWwuMMYsFGU2HcXYZTfoifk/XHvs7ABQ+4LdJF3fSSNtVe95fdbeyjNvnmhRBD0/MQHTJahRQPU+csp4WwPIcnMXYXI8MvYDbodOljo9x1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ISvssDH4BW4FLY6Omj4afIVSIybb89nOmKHNnZ3o/a4=; b=oUiK003mT6dQ7iMIjVB9CuBgZSTZuU8NuFEhfGOkn6Z1xtDwrmel2K1RVOJewPKrerIKr9EWys2et92WJaSQ89vWCjObxL/BZr/bqA9AzhDkAL9Twt4Xwm+dSc7ZcTvH6yS2bnZYaKAbTEAXPBA+f+JlzUWwAHNvAVZ7jNAVF0netqNNtJBjsWi940q85RQVRkEPehDQzHABCFqawG0QLgHw4O7n47aoE5Zr1wBEO3C4kzRQjzexCPed2Xzbnoi2hsJppI3tuIBJlQS39g9Yw999OiKUyGvJZtMhE1kNeY5fYW0RsKvnkqhzU+6VLfpsjZTHasINgzzAICkJ6kk7xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ISvssDH4BW4FLY6Omj4afIVSIybb89nOmKHNnZ3o/a4=; b=J+8Cl9vAlqt5VLBYB7NER2mnuiE78mwRoprfEjBvfm9knuQ28H0QTrEZ18DLbsS3vpRzxtMBBL1+2ady1fDkXdmEvejs/XtTVqcd8p4iS056N/wB42ewjmfndR6Pgq0VCnJAfKsrIt/sqqb2gmsQaiKcdNM5WaqX+LUl5oRohbs= Received: from CY4PR1101MB2278.namprd11.prod.outlook.com (10.172.76.13) by CY4PR1101MB2214.namprd11.prod.outlook.com (10.172.76.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17; Thu, 19 Sep 2019 11:20:07 +0000 Received: from CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127]) by CY4PR1101MB2278.namprd11.prod.outlook.com ([fe80::686a:2f6e:32c2:5127%9]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019 11:20:07 +0000 From: "Owen Friel (ofriel)" To: John Mattsson , Jim Schaad , "'Alan DeKok'" CC: "draft-ietf-emu-eap-tls13@ietf.org" , "'EMU WG'" Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoZ6AIAAJXeA///jpID//4j+YAAgT+oAABHGqoD//9GSsP//c42A//71brA= Date: Thu, 19 Sep 2019 11:20:07 +0000 Message-ID: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> <80E3DD70-C335-4D63-A6B7-E74DEFD69EDF@ericsson.com> In-Reply-To: <80E3DD70-C335-4D63-A6B7-E74DEFD69EDF@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=ofriel@cisco.com; x-originating-ip: [2001:420:4041:1250:a8b9:6c1c:9fd6:400] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0a112088-79ff-4f94-67e1-08d73cf353bb x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR1101MB2214; x-ms-traffictypediagnostic: CY4PR1101MB2214: x-ms-exchange-purlcount: 8 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(346002)(396003)(39860400002)(136003)(51444003)(54534003)(199004)(189003)(13464003)(14444005)(55016002)(25786009)(6116002)(9686003)(6306002)(53546011)(6246003)(186003)(6436002)(110136005)(11346002)(71190400001)(8936002)(74316002)(2906002)(486006)(476003)(7736002)(966005)(229853002)(54906003)(86362001)(305945005)(76116006)(102836004)(446003)(5660300002)(33656002)(81156014)(99286004)(46003)(81166006)(52536014)(6506007)(14454004)(71200400001)(7696005)(316002)(478600001)(66446008)(66946007)(8676002)(66556008)(4326008)(64756008)(66476007)(256004)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2214; H:CY4PR1101MB2278.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: LcjuoFUgWAGlvVxnrfviyTMueTxs9QKLxPU5zeaE8SzbC4kx8u4WoarHfT7ReHf5slmBkzlTl8a+e7zUuztNonNJAaYHu1XNHAaxPQ94KMWjtRUHbyyjbcvCwRw6DlS5EUpFWrGZXQspzLk+824iUdfKX/Wgoj74kf2W5JhyBcbxhmGW0kSqj/7PcTDn7I0d9xxcun4ONe4FPqV8tJ3C0HQ2Cwm2ulyOXnJv8TeS1ze8xbpxZY8+jbSrZgr8u1iy8oWARORx3mJ5ZRRlG4Ud5KDntorb1M4XKaxehbTZx0KT8gA6O4nRU4sOuq6cf5u67gT0kv+QqXrsnKWqLVhSKB8YoDqpcAl6CktF68/BzLc1rjaRt9bOwvGlbe+OYTP1HGgnOAlUmQW59Ws/0u7qRqyyKVvwxt97mCBy9BrhRR8= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 0a112088-79ff-4f94-67e1-08d73cf353bb X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 11:20:07.4295 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: s+NaukzMss83KZ4wzynI087fx8w74zkCSToL+V/jGNWgzjzHBP5+WcXrnA5+VJPZSI2ciIq/HlWPnd7sG4GSfA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2214 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com X-Outbound-Node: rcdn-core-9.cisco.com Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 11:20:15 -0000 DQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogSm9obiBNYXR0c3NvbiA8 am9obi5tYXR0c3NvbkBlcmljc3Nvbi5jb20+DQo+IFNlbnQ6IDE5IFNlcHRlbWJlciAyMDE5IDEx OjA0DQo+IFRvOiBPd2VuIEZyaWVsIChvZnJpZWwpIDxvZnJpZWxAY2lzY28uY29tPjsgSmltIFNj aGFhZA0KPiA8aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbT47ICdBbGFuIERlS29rJyA8YWxhbmRAZGVw bG95aW5ncmFkaXVzLmNvbT4NCj4gQ2M6IGRyYWZ0LWlldGYtZW11LWVhcC10bHMxM0BpZXRmLm9y ZzsgJ0VNVSBXRycgPGVtdUBpZXRmLm9yZz4NCj4gU3ViamVjdDogUmU6IFtFbXVdIFBPU1QgV0dM QyBDb21tZW50cyBkcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTMNCj4gDQo+IEkgYW0gc3RhcnRpbmcg dG8gY29tZSBkb3duIG9uIHRoZSBzaWRlIHRoZSBFQVAtVExTIFBTSyBzaG91bGQgYmUgc3BlY2lm aWVkLg0KPiANCj4gLSBJIHRoaW5rIEVBUC1QU0sgc2hvdWxkIGJlIHBoYXNlZCBvdXQgbGlrZSBh bGwgb3RoZXIgbWV0aG9kcyBub3QgZ2l2aW5nIFBGUy4NCj4gLSBUaGUgc2VjdXJpdHkgb2YgdGhl IERyYWdvbmZseSBoYW5kc2hha2UgdXNlZCBpbiBFQVAtUFdEIChhbmQgV1BBMykNCj4gc2VlbXMg cXVpdGUgc2hha3kgKCBodHRwczovL2VwcmludC5pYWNyLm9yZy8yMDE5LzM4MyApLCBidXQgSSBo YXZlIG5vdCBsb29rZWQNCj4gaW50byB0aGUgZGV0YWlscy4NCj4gDQo+IC0gQW4gRUFQIHBhc3N3 b3JkIG1ldGhvZCBmb3IgdGhlIGZ1dHVyZSBzaG91bGQgbGlrZWx5IHVzZSB0aGUgUEFLRSB0aGF0 DQo+IENGUkcgd2lsbCBzb29uIHN0YW5kYXJkaXplLg0KPiAtIEVBUCBtZXRob2RzIHNob3VsZCBp biB0aGUgZnV0dXJlIHN1cHBvcnQgc29tZSBQUUMga2V5IGV4Y2hhbmdlLg0KPiANCj4gVExTIHdp bGwgdmVyeSBsaWtlbHkgZ2V0IHN1cHBvcnQgZm9yIGJvdGggdGhlIENGUkcgUEFLRSBhbmQgUFFD IGtleQ0KPiBleGNoYW5nZSBhbGdvcml0aG1zLiBJIGFtIG5vdCBzdXJlIHRoZSBFQVAgZ3JvdXAg d2FudCB0byBzcGVuZCB0aW1lDQo+IHVwZGF0aW5nIGVpdGhlciBFQVAtUFNLIG9yIEVTUC1QV0Qu IFVubGVzcyB0aGVyZSBhcmUgb3RoZXIgYmVuZWZpdHMgd2l0aA0KPiBFQVAtUFNLIG9yIEVBUC1Q V0QsIEkgdGhpbmsgc3RhbmRhcmRpemluZyBFQVAtVExTIFBTSyBtYWtlcyBhIGxvdCBvZiBzZW5z ZS4NCg0KUmlnaHQsIHdlIGhhdmUgYWxyZWFkeSBzdGFydGVkIGEgY291cGxlIG9mIGRyYWZ0cyBh bG9uZyB0aGVzZSBsaW5lcywgYnV0IGFyZSBpbiBhIGhvbGRpbmcgcGF0dGVybiBub3cgdW50aWwg Q0ZSRyBhcmUgZG9uZToNCg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWJhcm5l cy10bHMtcGFrZS0wNA0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXN1bGxpdmFu LXRscy1vcGFxdWUtMDANCg0KDQo+IA0KPiBJIGFsc28gbm90ZSB0aGF0LCBFQVAtUFNLIGlzIGV4 cGVyaW1lbnRhbCBhbmQgRUFQLVBXRCBpcyBpbmZvcm1hbC4gVW5sZXNzDQo+IElFVEYgdGhpbmtz IFBTSyBhbmQgcGFzc3dvcmRzIHNob3VsZCBub3QgYmUgdXNlZCAod2hpY2ggZG9lcyBjZXJ0YWlu bHkgbm90DQo+IHNlZW0gdG8gYmUgdGhlIGNhc2UgYXMgVExTIDEuMyBpcyBpbmNsdWRpbmcgUFNL IGFuZCBDRlJHIGlzIHN0YW5kYXJkaXppbmcNCj4gcGFzc3dvcmQgYmFzZWQgQUtFKSBJIHRoaW5r IHRoYXQgRU1VIHNob3VsZCBtYWtlIHNvbWUgUFNLIGFuZCBwYXNzd29yZA0KPiBiYXNlZCBtZXRo b2QgU3RhbmRhcmRzIFRyYWNrLiBBdCB0aGUgbW9tZW50IEVBUC1UTFMgMS4zIGxvb2tzIGxpa2Ug dGhlDQo+IGJlc3QgY2hvaWNlLg0KPiANCg0KQWRkaXRpb25hbGx5LCB3ZSBoYXZlIGhhZCBlYXJs eSBkaXNjdXNzaW9ucyBhYm91dCB1cGRhdGluZyBURUFQIFJGQzcxNzAgdG8gZXhwbGljaXRseSBo YW5kbGUgVExTIDEuMywgdGhlc2UgdXBkYXRlcyBjb3VsZCBwb3NzaWJseSBiZSBpbmNvcnBvcmF0 ZWQgaW50byBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbGVhci1lYXAtdGVhcC1i cnNraS0wNCAsIHdoaWNoIGlzIG1vcmUgYW5kIG1vcmUgbG9va2luZyBsaWtlIGEgZ2VuZXJhbCBU RUFQIGV4dGVuc2lvbnMgLyB1cGRhdGUgZHJhZnQsIG5vdCBhIEJSU0tJIHNwZWNpZmljIGRyYWZ0 Lg0KDQpBbmQgRllJLCBzb21lIG1vdmVtZW50IGhhcyBiZWVuIG1hZGUgb24gVEVBUCB3aXRoIGV4 cGVyaW1lbnRhbCBzdXBwb3J0IGFkZGVkIHRvIHdwYV9zdXBwbGljYW50IGh0dHBzOi8vdzEuZmkv Y2dpdC9ob3N0YXAvcGxhaW4vd3BhX3N1cHBsaWNhbnQvQ2hhbmdlTG9nIA0KDQoNCj4gSmltIHdy b3RlOg0KPiA+IGFuZCBtb3JlIHRvIGRvIHdpdGggdGhlIHNlY3VyaXR5IHByb3BlcnRpZXMgb2Yg dGhlIEVBUCBtZXRob2QuDQo+IA0KPiBJZiB0aGF0IGlzIHNlZW4gYXMgYSBwcm9ibGVtLCBzdGFu ZGFyZGl6aW5nIGEgc2VwYXJhdGUgVHlwZS1Db2RlIGZvciBFQVAtVExTDQo+IHdpdGggUFNLIGF1 dGhlbnRpY2F0aW9uIHdvdWxkIHNvbHZlIHRoZSBwcm9ibGVtLg0KPiANCj4gL0pvaG4NCj4gDQo+ IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206ICJPd2VuIEZyaWVsIChvZnJpZWwp IiA8b2ZyaWVsQGNpc2NvLmNvbT4NCj4gRGF0ZTogVGh1cnNkYXksIDE5IFNlcHRlbWJlciAyMDE5 IGF0IDExOjE3DQo+IFRvOiBKaW0gU2NoYWFkIDxpZXRmQGF1Z3VzdGNlbGxhcnMuY29tPiwgJ0Fs YW4gRGVLb2snDQo+IDxhbGFuZEBkZXBsb3lpbmdyYWRpdXMuY29tPg0KPiBDYzogImRyYWZ0LWll dGYtZW11LWVhcC10bHMxM0BpZXRmLm9yZyIgPGRyYWZ0LWlldGYtZW11LWVhcC0NCj4gdGxzMTNA aWV0Zi5vcmc+LCAnRU1VIFdHJyA8ZW11QGlldGYub3JnPg0KPiBTdWJqZWN0OiBSRTogW0VtdV0g UE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVhcC10bHMxMyBSZXNlbnQNCj4gZnJv bTogPGFsaWFzLWJvdW5jZXNAaWV0Zi5vcmc+IFJlc2VudCB0bzogSm9obiBNYXR0c3Nvbg0KPiA8 am9obi5tYXR0c3NvbkBlcmljc3Nvbi5jb20+LCA8bW9oaXRAcGl1aGEubmV0PiBSZXNlbnQgZGF0 ZToNCj4gVGh1cnNkYXksIDE5IFNlcHRlbWJlciAyMDE5IGF0IDExOjE3DQo+IA0KPiANCj4gDQo+ ICAgICA+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+ICAgICA+IEZyb206IEppbSBTY2hh YWQgPGlldGZAYXVndXN0Y2VsbGFycy5jb20+DQo+ICAgICA+IFNlbnQ6IDE5IFNlcHRlbWJlciAy MDE5IDA3OjI4DQo+ICAgICA+IFRvOiAnQWxhbiBEZUtvaycgPGFsYW5kQGRlcGxveWluZ3JhZGl1 cy5jb20+OyBPd2VuIEZyaWVsIChvZnJpZWwpDQo+ICAgICA+IDxvZnJpZWxAY2lzY28uY29tPg0K PiAgICAgPiBDYzogZHJhZnQtaWV0Zi1lbXUtZWFwLXRsczEzQGlldGYub3JnOyAnRU1VIFdHJyA8 ZW11QGlldGYub3JnPg0KPiAgICAgPiBTdWJqZWN0OiBSRTogW0VtdV0gUE9TVCBXR0xDIENvbW1l bnRzIGRyYWZ0LWlldGYtZW11LWVhcC10bHMxMw0KPiAgICAgPg0KPiAgICAgPiBJIGFtIGdvaW5n IHRvIGNvbWUgZG93biBvbiB0aGUgc2lkZSBvZiBubyBQU0sgc2hvdWxkIG5vdCBiZSBzdXBwb3J0 ZWQuDQo+ICAgICA+IEhvd2V2ZXIgbXkgaXNzdWVzIGhhdmUgbm90aGluZyB0byBkbyB3aXRoIGhv dyB0aGluZ3MgYXJlIGltcGxlbWVudGVkDQo+ICAgICA+IGFuZCBtb3JlIHRvIGRvIHdpdGggdGhl IHNlY3VyaXR5IHByb3BlcnRpZXMgb2YgdGhlIEVBUCBtZXRob2QuDQo+ICAgICA+DQo+ICAgICA+ IFdoZW4geW91IHVzZSBjZXJ0aWZpY2F0ZXMsIHRoZXJlIGlzIG5vIGxlYWthZ2Ugb2Ygd2hvIHRo ZSBjbGllbnQgaXMgYXMgdGhpcw0KPiBpcw0KPiAgICAgPiBlbmNyeXB0ZWQgYnkgVExTLiAgV2hl biB5b3UgdXNlIGEgcmVzdG9yZSBzZXNzaW9uIHRpY2tldCwgaXQgaXMgcG9zc2libGUgdG8NCj4g bGltaXQNCj4gICAgID4gdGhlIG51bWJlciBvZiB0aW1lcyB0aGF0IHRoZSB0aWNrZXQgY2FuIGJl IHVzZWQgKGZvciBleGFtcGxlIG9uY2UpLg0KPiAgICAgPiBUaGUgUFNLIGlkZW50aXR5IGlzIHB1 YmxpYyBhbmQgdW5wcm90ZWN0ZWQgc28gaXQgY2FuIGJlIHVzZWQgdG8gdHJhY2suICBJZg0KPiBv bmUgaXMNCj4gICAgID4gdXNpbmcgUFNLIGZvciB0aGUgcHVycG9zZSBvZiBhdXRoZW50aWNhdGlv biB0aGVuIHRoYXQgdmFsdWUgd2lsbCBhbHdheXMgYmUNCj4gICAgID4gdmlzaWJsZSB0byBpbnRl cm1lZGlhdGUgcGFydGllcyBmb3IgdGhlIHB1cnBvc2Ugb2YgdHJhY2tpbmcuDQo+ICAgICA+IFRo aXMgY2FuIGJlIHNsaWdodGx5IG1pdGlnYXRlZCBieSB1c2luZyByZXN0b3JlIHNlc3Npb24gdGlj a2V0cyB3aXRoIFBTSywNCj4gYnV0DQo+ICAgICA+IHlvdSBhcmUgZ29pbmcgdG8gc2VuZCB0aGF0 IFBTSyBpZGVudGlmaWVyIG92ZXIgdGhlIHdpcmUgbWFueSB0aW1lcy4NCj4gDQo+ICAgICBUaGUg SW9UIHVzZSBjYXNlIGlzIHRvIHVzZSB0aGUgUFNLIG9uZSB0aW1lIGZvciBhdXRoZW50aWNhdGlv biBkdXJpbmcNCj4gYm9vdHN0cmFwcGluZywgdGhlbiBnZXQgY3JlZGVudGlhbGVkLCBhbmQgdGhl cmVhZnRlciB1c2UgYSBjZXJ0aWZpY2F0ZSBmb3INCj4gc3Vic2VxdWVudCBFQVAgYXV0aGVudGlj YXRpb25zLiBUaGUgYm9vdHN0cmFwIFBTSyBlbmFibGVzIHByb29mIG9mDQo+IHBvc3Nlc3Npb24g aS5lLiB0aGUgdGhpbmcgd2lsbCBvbmx5IGJvb3RzdHJhcCBhZ2FpbnN0IGEgbmV0d29yayB0aGF0 IGtub3dzIGl0cw0KPiBQU0suDQo+IA0KPiAgICAgPg0KPiAgICAgPg0KPiAgICAgPiBUaGlzIGlz IGp1c3QgaW5mb3JtYXRpb25hbCBhbmQgY2FuIGJlIGlnbm9yZWQ6DQo+ICAgICA+DQo+ICAgICA+ IE15IGN1cnJlbnQgZmF2b3JpdGUgd2F5IHRvIGRlYWwgd2l0aCBQU0svdGlja2V0IGlkZW50aWZp ZXJzIGlzIHdpdGgNCj4gICAgID4gZW5jcnlwdGlvbjoNCj4gICAgID4NCj4gICAgID4gMzIgYnl0 ZXMgb2YgaW5kZXggaW50byB0YWJsZQ0KPiAgICAgPiAzMiBieXRlcyBvZiBkYXRlIGluZm9ybWF0 aW9uDQo+ICAgICA+IDMyIGJ5dGVzIG9mIFNJViAoc3ludGhldGljIElWKQ0KPiAgICAgPg0KPiAg ICAgPiBFbmNyeXB0IHRoZSBmaXJzdCB0d28gaXRlbXMgdXNpbmcgdGhlIFNJVi4gIFlvdSBjYW4g dGhlbiBoYXZlIG11bHRpcGxlDQo+IGtleXMgZm9yDQo+ICAgICA+IGRlY3J5cHRpb24uICBPbmUg Zm9yIFBTS3MgYW5kIGEgcmVzb2x2aW5nIG9uZSBmb3Igc2Vzc2lvbiB0aWNrZXRzLiAgSWYgdGhl DQo+ICAgICA+IGlkZW50aWZpZXIgZG9lcyBub3QgZGVjcnlwdCB0aGVuIHlvdSByZWplY3QuICBP dGhlcndpc2UgeW91IGxvb2sgYXQgdGhlDQo+IGRhdGUNCj4gICAgID4gaW5mb3JtYXRpb24gYW5k IHRoZSBpbmRleCBpbiB0aGUgdGFibGUgZm9yIHRoZSBzZWNyZXQgaW5mb3JtYXRpb24uDQo+ICAg ICA+DQo+ICAgICA+IEl0IGlzIGV2ZW4gcG9zc2libGUgdG8gcGxheSBnYW1lcyB3aXRoIEFBRCB0 byBkbyB0aGluZ3MgbGlrZSBzY29wZSB0aGUNCj4gdGlja2V0cw0KPiAgICAgPiB1cCBmcm9udCAt IGlmIHlvdSBwdXQgaW4gdGhlIG5hbWUvYWRkcmVzcyBvZiB0aGUgTkFTIHRoZW4geW91IGhhdmUg YQ0KPiAgICAgPiBwcmVzY3JlZW4gb24gd2hlcmUgdGhlIHRpY2tldCBjYW4gYmUgdXNlZC4NCj4g ICAgID4NCj4gICAgID4gSmltDQo+ICAgICA+DQo+ICAgICA+DQo+ICAgICA+DQo+ICAgICA+DQo+ ICAgICA+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+ICAgICA+IEZyb206IEVtdSA8ZW11 LWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBBbGFuIERlS29rDQo+ICAgICA+IFNlbnQ6 IFdlZG5lc2RheSwgU2VwdGVtYmVyIDE4LCAyMDE5IDI6NTkgUE0NCj4gICAgID4gVG86IE93ZW4g RnJpZWwgKG9mcmllbCkgPG9mcmllbEBjaXNjby5jb20+DQo+ICAgICA+IENjOiBkcmFmdC1pZXRm LWVtdS1lYXAtdGxzMTNAaWV0Zi5vcmc7IEVNVSBXRyA8ZW11QGlldGYub3JnPg0KPiAgICAgPiBT dWJqZWN0OiBSZTogW0VtdV0gUE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11LWVhcC10 bHMxMw0KPiAgICAgPg0KPiAgICAgPiBPbiBTZXAgMTgsIDIwMTksIGF0IDU6NDIgUE0sIE93ZW4g RnJpZWwgKG9mcmllbCkgPG9mcmllbEBjaXNjby5jb20+DQo+IHdyb3RlOg0KPiAgICAgPiA+IEdp dmluZyBzb21lIGltcGxlbWVudGF0aW9uIGd1aWRhbmNlIHNlZW1zIGFwcHJvcHJpYXRlIGhlcmUu DQo+IE5haXZlbHksDQo+ICAgICA+ID4gb25lDQo+ICAgICA+IGNvdWxkIGVudmlzYWdlIHRoZSBp bXBsZW1lbnRhdGlvbiBzaW1wbHkgaGF2aW5nIGEgREIgdGFibGUgZm9yIGV4dGVybg0KPiBQU0tz DQo+ICAgICA+IGFuZCBhIHRhYmxlIHRoYXQgaG9sZHMgTmV3U2Vzc2lvblRpY2tldHMuIEFuIGlt cGxlbWVudGF0aW9uIGNvdWxkDQo+IHNpbXBseQ0KPiAgICAgPiBjaGVjayB0aGUgZXh0ZXJuIFBT SyB0YWJsZSB1c2luZyB0aGUgUHNrSWRlbnRpdHkuaWRlbnRpdHksIGFuZCBpZiBubyBtYXRjaA0K PiBpcw0KPiAgICAgPiBmb3VuZCB0aGVuIGNoZWNrIHRoZSBOZXdTZXNzaW9uVGlja2V0cyB0YWJs ZS4NCj4gICAgID4NCj4gICAgID4gICBXaGljaCB3b3JrcywgYnV0IHNob3VsZCBiZSBjYWxsZWQg b3V0IGluIHRoZSBkcmFmdC4NCj4gICAgID4NCj4gICAgID4gICBBbmQgd2hhdCBpcyB0byBwcmV2 ZW50IHRoZSBzeXN0ZW0gZnJvbSBnZW5lcmF0aW5nIGNvbmZsaWN0aW5nIFBTSw0KPiAgICAgPiBp ZGVudGl0aWVzPyAgaS5lLiBJIGRvbid0IGNvbnRyb2wgT3BlblNTTC4gIEZyb20gd2hhdCBJIHNl ZSwgVExTIDEuMw0KPiByZXN1bXB0aW9uDQo+ICAgICA+IG1lYW5zIHRoYXQgT3BlblNTTEwgd2ls bCBjaG9vc2Ugd2hhdGV2ZXIgUFNLIGlkZW50aXR5IGl0IGRlZW1zIGZpdC4NCj4gICAgID4NCj4g ICAgID4gICBBcyBhbiBpbXBsZW1lbnRvciBhbmQvb3IgYWRtaW4sIGhvdyBkbyBJIGNob29zZSAq cHJlLXByb3Zpc2lvbmVkKg0KPiBQU0sNCj4gICAgID4gaWRlbnRpdGllcyB3aGljaCB3b24ndCBj b25mbGljdCB3aXRoIHRoZSBvbmVzIE9wZW5TU0wgY2hvb3NlPw0KPiAgICAgPg0KPiAgICAgPiA+ IFRoZSBkZWZhdWx0IE9wZW5TU0wgTlNLIHRpY2tldElkIGlzIDMyIGJ5dGVzIGxvbmcNCj4gICAg ID4gaHR0cHM6Ly9wcm90ZWN0Mi5maXJlZXllLmNvbS91cmw/az1mYTdjZGJmYS1hNmY2MGYzYi1m YTdjOWI2MS0NCj4gODYzZDliY2I3MjZmLQ0KPiAwNTcwY2U0YTM0NjJjYjRiJnE9MSZ1PWh0dHBz JTNBJTJGJTJGZ2l0aHViLmNvbSUyRm9wZW5zc2wlMkZvcA0KPiBlbnNzbCUyRmJsb2IlMkY1NThl YTg0NzQzOTE4ZjdhOTNiZmJmYzI1OWY4NmENCj4gICAgID4gZDFmYTRjDQo+ICAgICA+IDhkZTkv aW5jbHVkZS9vcGVuc3NsL3NzbDMuaCNMMTI3IHNvIHNvbWV0aGluZyBoYXMgZ29uZSBzZXJpb3Vz bHkNCj4gd3JvbmcgaWYNCj4gICAgID4gdGhlcmUgaXMgYSBjbGFzaCAocG9vciByYW5kb21zLCBl dGMuKS4NCj4gICAgID4NCj4gICAgID4gICBpLmUuICJwaWNrIGEgbG9uZyBzdHJpbmcgYW5kIHRo YXQgc2hvdWxkIGJlIGdvb2QgZW5vdWdoIi4NCj4gICAgID4NCj4gICAgID4gICBJZiB0aGF0IHJl YWxseSBpcyB0aGUgZ3VpZGFuY2UsIHRoZW4gdGhpcyBzaG91bGQgYWxzbyBiZSBjYWxsZWQgb3V0 IGluIHRoZQ0KPiBkcmFmdC4NCj4gICAgID4gUFNLIGlkZW50aXRpZXMgTVVTVCBiZSBsb25nIChp ZGVhbGx5IDMyIG9jdGV0cyBvciBtb3JlKSwgYW5kIE1VU1QgYmUNCj4gICAgID4gZ2VuZXJhdGVk IGZyb20gYSBDU1BSTkcuDQo+ICAgICA+DQo+ICAgICA+ICAgV2hpY2ggdGhlbiBsZWFkcyB0byB0 aGUgcXVlc3Rpb24gb2Ygd2hhdCB3aWxsIHRoZSBwb29yIHVzZXIgZW50ZXIgaW4gYQ0KPiBVST8N Cj4gICAgID4gSWYgImVuZCB1c2VycyIgc2hvdWxkbid0IGJlIGRvaW5nIHRoaXMsIHRoZSBkcmFm dCBhbHNvIG5lZWRzIHRvIGNhbGwgdGhhdA0KPiBvdXQuDQo+ICAgICA+DQo+ICAgICA+ID4gV2Vs bCwgbW9yZSBwcmVjaXNlbHksIHRoZSBQU0sgaWRlbnRpdHkgaXMgdmlzaWJsZSBpbiB0aGUgQ2xp ZW50SGVsbG8sDQo+ICAgICA+ID4gbm90DQo+ICAgICA+IHRoZSBhY3R1YWwgUFNLIG9mIGNvdXJz ZS4NCj4gICAgID4NCj4gICAgID4gICBTdXJlLg0KPiAgICAgPg0KPiAgICAgPiA+IEFuZCB0aGUg UFNLICptdXN0IG5vdCogYmUgYSB1c2VyLW1hbmFnZWFibGUgc3RyaW5nIHN1Y2ggYXMgdGhlDQo+ ICAgICA+ID4+IE5BSS4gIE9uIHRoZSBvdGhlciBoYW5kLCBpZiB0aGUgUFNLIGlzIHNlbnQgYWZ0 ZXIgZW5jcnlwdGlvbiBiZWdpbnMsDQo+ICAgICA+ID4+IHRoZW4gdGhlIFBTSyAqc2hvdWxkKiBi ZSBhIHVzZXItbWFuYWdlYWJsZSBzdHJpbmcgc3VjaCBhcyBhbiBOQUkuDQo+ICAgICA+ID4NCj4g ICAgID4gPiBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjODQ0NiNzZWN0aW9uLTIuMiBh bHNvIHN0YXRlczoNCj4gICAgID4gPiAuLi4NCj4gICAgID4gPiBzbyBUTFMtUFNLIGlzIG5vdCBz dWl0YWJsZSBmb3IgYSB1c2VyIGVudGVyZWQgbG93IGVudHJvcHkgcGFzc3dvcmQuIFdlDQo+ICAg ICA+ID4gbmVlZCBhIFBBS0UgZm9yIHRoYXQgKGMuZi4gdGhlIG9uZ29pbmcgQ0ZSRyBQQUtFIGFz c2Vzc21lbnQpDQo+ICAgICA+DQo+ICAgICA+ICAgU3VyZS4NCj4gICAgID4NCj4gICAgID4gPiBU aGVyZSBhcmUgc29tZSB1c2UgY2FzZXMgRWxpb3QgYW5kIEkgYXJlIGxvb2tpbmcgYXQgcmVsYXRl ZCB0byBJb1QNCj4gICAgID4gb25ib2FyZGluZyB3aGVyZSBhIFRMUy1QU0sgYXV0aGVudGljYXRp b24gaGFzIGRlZmluaXRlIHZhbHVlLCBhbmQgd2UNCj4gcmVhbGx5DQo+ICAgICA+IGRvbid0IHdh bnQgdG8gc2VlIHRoaXMgYXZlbnVlIGNsb3NlZCBvZmYgaW4gRUFQLg0KPiAgICAgPg0KPiAgICAg PiAgIEkgZG9uJ3Qga25vdyB0aGUgZXhhY3QgdXNlLWNhc2UsIGJ1dCBUQkggSSdkIHN1Z2dlc3Qg RUFQLVBXRCBmb3IgdGhhdC4NCj4gICAgID4gSSdtIG5vdCBzdXJlIHRoYXQgRUFQLVRMUyB3aXRo IFBTSyBhZGRzIGFueSB2YWx1ZSBoZXJlLg0KPiAgICAgPg0KPiAgICAgPiAgIEFsbG93aW5nIFBT SyBtZWFucyB0aGF0IHRoZSBkcmFmdCBzaG91bGQgbGlrZWx5IHNheSAiZW5kIHVzZXJzIE1VU1QN Cj4gTk9UDQo+ICAgICA+IGJlIHVzaW5nIFRMUy1QU0siLiAgT3IgbWF5YmUgIlRMUy1QU0sgTVVT VCBiZSB1c2VkIG9ubHkgd2hlcmUNCj4gc3lzdGVtcw0KPiAgICAgPiBjYW4gYmUgYXV0b21hdGlj YWxseSBwcm92aXNpb25lZCB3aXRoIGxvbmcgYmluYXJ5IGRhdGEgZm9yIGJvdGggUFNLDQo+IGlk ZW50aXR5DQo+ICAgICA+IGFuZCBQU0sgaXRzZWxmIi4gIE9yIGV2ZW4gIlBTSyBpZGVudGl0aWVz IGFuZC9vciBwYXNzd29yZHMgdGhhdCBhcmUNCj4gY29tcG9zZWQNCj4gICAgID4gc29sZWx5IG9m IHByaW50YWJsZSBBU0NJSSBjaGFyYWN0ZXJzIGFyZSBsaWtlbHkgdG8gYmUgaHVtYW5seSBlbnRl cmVkLCBhbmQNCj4gICAgID4gdGh1cyBpbnNlY3VyZSIuDQo+ICAgICA+DQo+ICAgICA+ICAgV2hp Y2ggbWVhbnMsIG9mIGNvdXJzZSwgdGhhdCBwZW9wbGUgd2lsbCBpZ25vcmUgdGhhdCBhbmQgZGVt YW5kIHNpbXBsZQ0KPiAgICAgPiB1c2VyIG5hbWVzIC8gcGFzc3dvcmRzIGZvciBFQVAtVExTIHdp dGggUFNLLiAgQmVjYXVzZSB0aGF0J3MgZXZlciBzbw0KPiBtdWNoDQo+ICAgICA+IGVhc2llciB0 aGFuIHVzaW5nIG5hc3R5IGNlcnRzLg0KPiAgICAgPg0KPiAgICAgPiAgIFRoYXQgaXNuJ3Qgc29t ZXRoaW5nIHdlIHNob3VsZCBlbmNvdXJhZ2UuICBJdCBtYXkgYmUgd29ydGgganVzdA0KPiBmb3Ji aWRkaW5nDQo+ICAgICA+IGl0Lg0KPiAgICAgPg0KPiAgICAgPiAgIEFsYW4gRGVLb2suDQo+ICAg ICA+DQo+ICAgICA+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fDQo+ICAgICA+IEVtdSBtYWlsaW5nIGxpc3QNCj4gICAgID4gRW11QGlldGYub3JnDQo+ICAg ICA+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11DQo+IA0KPiANCg0K From nobody Thu Sep 19 06:36:44 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7A96120A96; Thu, 19 Sep 2019 06:36:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtUg6exH5txZ; Thu, 19 Sep 2019 06:36:33 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F833120980; Thu, 19 Sep 2019 06:36:32 -0700 (PDT) Received: from [192.168.20.61] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id A04F0434; Thu, 19 Sep 2019 13:36:29 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: <80E3DD70-C335-4D63-A6B7-E74DEFD69EDF@ericsson.com> Date: Thu, 19 Sep 2019 09:36:28 -0400 Cc: "Owen Friel (ofriel)" , Jim Schaad , "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: <1921E459-92BF-454F-8C3C-773746FB02BC@deployingradius.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> <80E3DD70-C335-4D63-A6B7-E74DEFD69EDF@ericsson.com> To: John Mattsson X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 13:36:43 -0000 On Sep 19, 2019, at 6:04 AM, John Mattsson = wrote: >=20 > I am starting to come down on the side the EAP-TLS PSK should be = specified. >=20 > - I think EAP-PSK should be phased out like all other methods not = giving PFS. EAP-TLS using PSK has worse security properties than EAP-PSK, I think. > - The security of the Dragonfly handshake used in EAP-PWD (and WPA3) = seems quite shaky ( https://eprint.iacr.org/2019/383 ), but I have not = looked into the details. Yes. There are updates coming. EAP-PWD is widely deployed and is widely used. Given it's simplicity, = I recommend using it where simple name / password authentication is = required. > - An EAP password method for the future should likely use the PAKE = that CFRG will soon standardize. > - EAP methods should in the future support some PQC key exchange. >=20 > TLS will very likely get support for both the CFRG PAKE and PQC key = exchange algorithms. I am not sure the EAP group want to spend time = updating either EAP-PSK or ESP-PWD. Unless there are other benefits with = EAP-PSK or EAP-PWD, I think standardizing EAP-TLS PSK makes a lot of = sense. It's not clear to me how EAP-TLS PSK is *better* than EAP-PWD. > I also note that, EAP-PSK is experimental and EAP-PWD is informal. = Unless IETF thinks PSK and passwords should not be used (which does = certainly not seem to be the case as TLS 1.3 is including PSK and CFRG = is standardizing password based AKE) I think that EMU should make some = PSK and password based method Standards Track. At the moment EAP-TLS 1.3 = looks like the best choice. PEAP is informational. EAP-TTLS is informational. Yet both are = widely used. The document status is largely a byproduct of the IETF = process. I think we should take into account what people *do* with EAP = methods. In this case, people have voted with their feet. EAP-PWD, PEAP, and = EAP-TTLS are widely deployed. They all support some form of name / = password authentication. PEAP and EAP-TTLS also include support for = anonymous outer identities, which is impossible with EAP-TLS PSK. Alan DeKok. From nobody Thu Sep 19 06:39:26 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C277120025; Thu, 19 Sep 2019 06:39:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfUAJk5txpgk; Thu, 19 Sep 2019 06:39:23 -0700 (PDT) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFBC120058; Thu, 19 Sep 2019 06:39:23 -0700 (PDT) Received: from [192.168.20.61] (ottawa.ca.networkradius.com [72.137.155.194]) by mail.networkradius.com (Postfix) with ESMTPSA id 75845CE; Thu, 19 Sep 2019 13:39:21 +0000 (UTC) Authentication-Results: NetworkRADIUS; dmarc=none header.from=deployingradius.com Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Alan DeKok In-Reply-To: <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> Date: Thu, 19 Sep 2019 09:39:20 -0400 Cc: "Owen Friel (ofriel)" , draft-ietf-emu-eap-tls13@ietf.org, EMU WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <1FD26215-86AF-4C64-83ED-AB1D67D1937B@ericsson.com> <008b01d56eb3$5c51e550$14f5aff0$@augustcellars.com> To: Jim Schaad X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 13:39:25 -0000 On Sep 19, 2019, at 2:27 AM, Jim Schaad wrote: >=20 > I am going to come down on the side of no PSK should not be supported. > However my issues have nothing to do with how things are implemented = and > more to do with the security properties of the EAP method. I'm leaning that way myself. I'm not opposed in principle, but it = looks like other options have better properties. > When you use certificates, there is no leakage of who the client is as = this > is encrypted by TLS. When you use a restore session ticket, it is = possible > to limit the number of times that the ticket can be used (for example = once). > The PSK identity is public and unprotected so it can be used to track. = If > one is using PSK for the purpose of authentication then that value = will > always be visible to intermediate parties for the purpose of tracking. > This can be slightly mitigated by using restore session tickets with = PSK, > but you are going to send that PSK identifier over the wire many = times. i.e. the only secure way to use PSK is one-time authentication, as per = Owen's IoT use-case. If we do allow it, there's just no question that people will abuse it. = That for me is a strong reason to forbid it. Alan DeKok. From nobody Thu Sep 19 08:56:00 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 228D212080E; Thu, 19 Sep 2019 08:55:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvsxd7CskeiO; Thu, 19 Sep 2019 08:55:46 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70053.outbound.protection.outlook.com [40.107.7.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675A412081A; Thu, 19 Sep 2019 08:55:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BRABqHwYCFnqJMTzitQTftVvhsQGBvkFWxuhylKUfZmfstCOEfpJdWbFXDNtCtRFTEpExWcN3sKgOCPfO5GUYEo/oLj+xSJHA6gdg/h2VZjJoMqV7GMNpUpXuGUpkIaQnhCnrd/nrVdzEssuO7uWZeiM7tyMHKH8kg4dFqSgfgf9SPa/3ELr8cLBtIXggM5/01zkX3n59AfH9kls/O4sTWyUIxteUdIJa8bGl/ciQ7n3tz0obdl/2SpChTwjn2T8j52yOvuGM9RfkxD7f+jh74wKZtUNmr4agdRZlZoRft8m4wy3cRtHB1nTWkjQOE8RztAXuMWKmnh2DH9pjSS/1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tf8U+lL8ApfBL9BiRGluxqQIn1b4e7511JckcrUeDjs=; b=G6SC+TVgsrEK9HPtb+M+JvnzwkkAXsy9uaFR8GnK4NZ699mTBfP0nwDxsW1BYEiPU1469cNncSKOesQUSaWo6BiiJ/1Z0ghfsXqR14UM72CkFIbmze2IhXR1KtOXKXqK4jBF2ZpPe3+wEEpBH+e+ACObOqkitK+2IegoEIiH5hDwKT6z8aNYLtXLMqGwPnE3nBU/VSzUEH2ngZczGZLd7TIKWttwU+NpKi+mYdRl8t5IXW1e9abfCbib0Sukk3Yqy4j4qsa8XrtgRq0UijmCSOnZpj5kk8wMSYh6Up1mADu1SFzeMpYAeeisfI7QXi41yN8ikgi1x9lK1qHj+6G+Cg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tf8U+lL8ApfBL9BiRGluxqQIn1b4e7511JckcrUeDjs=; b=FodrhIsjQnbWrEdRHuQNLMPSB653vr1Zh8wiuuCu9dj4sdStfdixnbobXk/qiZcEyBDfp/xv9eLTwxFfUWlCnI6zeD3xzIts1rTk281KCED1DRwSjDC/C6d8tUZ4zUPxV7C9Z1Ns2RM6xULw2MQvWC8uyuM2uwXi/T06eLxrivE= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB4236.eurprd07.prod.outlook.com (20.176.166.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Thu, 19 Sep 2019 15:55:39 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.009; Thu, 19 Sep 2019 15:55:39 +0000 From: John Mattsson To: Jim Schaad , "draft-ietf-emu-eap-tls13@ietf.org" CC: 'EMU WG' Thread-Topic: POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgk7O+aA Date: Thu, 19 Sep 2019 15:55:39 +0000 Message-ID: <9E2397AF-5D81-4234-9B8C-3145E51D5A60@ericsson.com> References: <02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> In-Reply-To: <02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cd61294d-4048-41f1-4030-08d73d19d1d0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR07MB4236; x-ms-traffictypediagnostic: HE1PR07MB4236: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(346002)(396003)(136003)(39860400002)(13464003)(51444003)(199004)(189003)(305945005)(76176011)(66946007)(91956017)(7736002)(76116006)(6436002)(6512007)(110136005)(229853002)(99286004)(6486002)(316002)(6246003)(86362001)(14444005)(4743002)(66476007)(58126008)(2906002)(256004)(11346002)(36756003)(14454004)(66556008)(486006)(44832011)(5660300002)(478600001)(81156014)(81166006)(2616005)(8676002)(476003)(4326008)(66066001)(3846002)(25786009)(33656002)(8936002)(26005)(186003)(6116002)(66446008)(64756008)(6506007)(102836004)(71190400001)(71200400001)(2501003)(53546011)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4236; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: IY47MQNsUQ25vkVUDPo9TP1s6obzlMlavcjgG3qaVft0uRbs/YUq3mp5iFUY2jjOcOZ1MxT4p0X45U8whoe37hteTsX+FW4pVWUBdpVZGW1i70mjoTa/8I5TbtjOgOliIO+3nHRtulu9sXFpNKmDncaFixthJic/TlWmsDgpO5p2H4n8YwShBiv/r8kUQV7SvqaQgOYxzmn7DlgWOkRynKN0BG9Y2o73duCp6FQbOw9uLu9HPY8cNzxb0yomegr+uaGZlHmrbwJMBlgdrnHHiPqXgEc6s10wVF5Q7b7i48JuQLbnmPPvGtRZ88cYci6cwg07vQFil6qGNbPnmrLjwiCGUH2CiWyhAk8ug+sVYvmsa96gIas0pjQehrY9erD5OiFtbUkRa2ubQZ9IJuMBok3kaKDlzTZo4EiTn14Z0jk= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd61294d-4048-41f1-4030-08d73d19d1d0 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 15:55:39.8068 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Rc1MrFz5mXoIn62QzjZZpiKcDraBRJTqcmhL0eVD/rwp8VQD69jqedQPIrEVoPTa0xIF/U/SJGh9eeLqQh9V+JRmYcnaf/c8lK0N3+g7vVA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4236 Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2019 15:55:56 -0000 VGhhbmtzIEppbSENCg0KQmVsb3cgYXJlIHJlcGxpZXMgdG8gbW9zdCBvZiB5b3VyIGNvbW1lbnRz Lg0KDQo+SW4gc2VjdGlvbiAyLjEuNSAtIFlvdSBhcmUgbWFuZGF0aW5nIHN1cHBvcnQgZm9yIHJl c3VtcHRpb24uICBJcyB0aGlzIHJlYWxseQ0KPndoYXQgeW91IGFyZSBwbGFubmluZyB0byBkbz8g IElmIHRoaXMgaXMgdHJ1ZSB0aGVuIGxvdHMgb2YgdGhlIHByZXZpb3VzIHRleHQNCj5zZWVtcyB0 byBiZSBvZmYgYmVjYXVzZSB0aGlzIGlzIG5vdCBwYXJ0IG9mIHRoYXQgZGlzY3Vzc2lvbi4NCg0K VGhhdCBpcyBkZWZpbml0ZWx5IG5vdCB0aGUgaW50ZW50aW9uLCBJIHJld3JvdGUgdGhlIHRleHQg dG8gc2F5Og0KDQoiVG8gZW5hYmxlIHJlc3VtcHRpb24gd2hlbiB1c2luZyBFQVAtVExTIHdpdGgg VExTIDEuMywgdGhlIEVBUCBzZXJ2ZXINCk1VU1Qgc2VuZCBhIE5ld1Nlc3Npb25UaWNrZXQgbWVz c2FnZSAoY29udGFpbmluZyBhIFBTSyBhbmQgb3RoZXINCnBhcmFtZXRlcnMpIGluIHRoZSBpbml0 aWFsIGF1dGhlbnRpY2F0aW9uLiINCg0KPkluIHNlY3Rpb24gMi4xLjYgLSBTaG91bGQgdGhlcmUg YmUgYSByZWNvbW1lbmRhdGlvbiAob3Igbm90KSB0aGF0IHdoZW4gYQ0KPnJlc3VtcHRpb24gdGlj a2V0IGlzIHVzZWQsIHRoZW4gYSBuZXcgdGlja2V0IChvciBzZXQgb2YgdGlja2V0cykgb3VnaHQg dG8gYmUNCj5wcm92aWRlZCB0byB0aGUgY2xpZW50Lg0KDQpUaGF0IHdvdWxkIGJlIGEgc3Ryb25n ZXIgcmVjb21tZW5kYXRpb24gdGhhdCBUTFMgMS4zIGl0c2VsZiwgYW5kIEVBUC1UTFMgaXMgbGVz cyBzZW5zaXRpdmUgdG8gdGlja2V0IHJldXNlIHRoYW4gbWFueSBvdGhlciB1c2UgY2FzZXMgYXMg RUFQLVRMUyBkb2VzIG5vdCB1c2UgMC1SVFQuIEkgc3VnZ2VzdCBhZGRpbmcgYSByZWZlcmVuY2Ug dG8gdGhlIGNsaWVudCB0cmFja2luZyBwcmV2ZW50aW9uIHJlY29tbWVuZGF0aW9ucyBpbiBSRkMg ODQ0Ni4NCg0KIkVBUCBwZWVycyBhbmQgRUFQIHNlcnZlcnMgU0hPVUxEIGZvbGxvdyB0aGUgY2xp ZW50IHRyYWNraW5nIHByZXZlbnRpb25zIGluIEFwcGVuZGl4IEMuNCBvZiBbUkZDODQ0Nl0uIg0K DQo+SW4gc2VjdGlvbiAyLjUgLSBJIGRvbid0IGtub3cgdGhhdCBJIGhhdmUgdGhlIGFiaWxpdHkg dG8gY29udHJvbCB3aGF0IHRoZQ0KPlRMUyBibG9jayBsb29rcyBsaWtlIHRvIHRoZSBleHRlbnQg dGhhdCB0aGlzIHNlZW1zIHRvIGJlIHdhbnRpbmcgdG8gZG8uDQoNCkkgZG9u4oCZdCB0aGluayB5 b3UgbmVlZCBhbnkgY29udHJvbDsgdGhpcyBpcyBqdXN0IHdoYXQgaGFwcGVucyB3aGVuIHlvdSBz ZW5kIGEgVExTIHJlY29yZCB3aXRoIGFwcGxpY2F0aW9uIGRhdGEgMHgwMC4gSm91bmkgZXhwbGlj aXRseSBhc2tlZCBmb3IgdGhlc2UgZXhhY3QgZGV0YWlscyAoaS5lLiBhIFRMUyByZWNvcmQgd2l0 aCBUTFNQbGFpbnRleHQudHlwZSA9IGFwcGxpY2F0aW9uX2RhdGEsIFRMU1BsYWludGV4dC5sZW5n dGggPSAxLCBhbmQgVExTUGxhaW50ZXh0LmZyYWdtZW50ID0gMHgwMCkuDQoNCj5JIGFtIGEgbGl0 dGxlIHN1cnByaXNlZCB0aGF0IHRoZSBwYWRkaW5nIGZlYXR1cmUgb2YgVExTIDEuMyByZWNlaXZl ZA0KPmFic29sdXRlbHkgbm8gbWVudGlvbiBpbiB0aGlzIGRvY3VtZW50Lg0KDQpHb29kIGNhdGNo LCBJIGFkZGVkIHRleHQgb24gcGFkZGluZyB0byB0aHJlZSBkaWZmZXJlbnQgcGxhY2VzLCBpbiB0 aGUgaW50cm9kdWN0aW9uLCBpbiBTZWN0aW9uIDIuNToNCg0KIk5vdGUgdGhhdCB0aGUgbGVuZ3Ro IG9mIHRoZSBwbGFpbnRleHQgaXMgZ3JlYXRlciB0aGFuIHRoZSBjb3JyZXNwb25kaW5nDQpUTFNQ bGFpbnRleHQubGVuZ3RoIGR1ZSB0byB0aGUgaW5jbHVzaW9uIG9mIFRMU0lubmVyUGxhaW50ZXh0 LnR5cGUNCmFuZCBhbnkgcGFkZGluZyBzdXBwbGllZCBieSB0aGUgc2VuZGVyLiINCg0KYW5kIGlu IHRoZSBwcml2YWN5IGNvbnNpZGVyYXRpb25zLg0KDQoiV2l0aG91dCBwYWRkaW5nLCBpbmZvcm1h dGlvbiBhYm91dCB0aGUgc2l6ZSBvZiB0aGUgY2xpZW50IGNlcnRpZmljYXRlDQppcyBsZWFrZWQg ZnJvbSB0aGUgc2l6ZSBvZiB0aGUgRUFQLVRMUyBwYWNrZXRzLiAgVGhlIEVBUC1UTFMgcGFja2V0 cw0Kc2l6ZXMgbWF5IHRoZXJlZm9yZSBsZWFrIGluZm9ybWF0aW9uIHRoYXQgY2FuIGJlIHVzZWQg dG8gdHJhY2sgb3INCmlkZW50aWZ5IHRoZSB1c2VyLiAgSWYgYWxsIGNsaWVudCBjZXJ0aWZpY2F0 ZXMgaGF2ZSB0aGUNCnNhbWUgbGVuZ3RoLCBubyBpbmZvcm1hdGlvbiBpcyBsZWFrZWQuICBFQVAg cGVlcnMgU0hPVUxEIHVzZSByZWNvcmQNCnBhZGRpbmcsIHNlZSBTZWN0aW9uIDUuNCBvZiBbUkZD ODQ0Nl0gdG8gcmVkdWNlIGluZm9ybWF0aW9uIGxlYWthZ2Ugb2YNCmNlcnRpZmljYXRlIHNpemVz LiINCg0KQ2hlZXJzLA0KSm9obg0KDQrvu78tLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv bTogSmltIFNjaGFhZCA8aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbT4NCkRhdGU6IFNhdHVyZGF5LCAz IEF1Z3VzdCAyMDE5IGF0IDIzOjUzDQpUbzogImRyYWZ0LWlldGYtZW11LWVhcC10bHMxM0BpZXRm Lm9yZyIgPGRyYWZ0LWlldGYtZW11LWVhcC10bHMxM0BpZXRmLm9yZz4NCkNjOiAnRU1VIFdHJyA8 ZW11QGlldGYub3JnPg0KU3ViamVjdDogUE9TVCBXR0xDIENvbW1lbnRzIGRyYWZ0LWlldGYtZW11 LWVhcC10bHMxMyANClJlc2VudCBmcm9tOiA8YWxpYXMtYm91bmNlc0BpZXRmLm9yZz4NClJlc2Vu dCB0bzogSm9obiBNYXR0c3NvbiA8am9obi5tYXR0c3NvbkBlcmljc3Nvbi5jb20+LCA8bW9oaXRA cGl1aGEubmV0Pg0KUmVzZW50IGRhdGU6IFNhdHVyZGF5LCAzIEF1Z3VzdCAyMDE5IGF0IDIzOjUz DQoNCiAgICBJIGFtIGp1c3QgZmluYWxseSBnZXR0aW5nIGNhdWdodCB1cCBvbiBtYWlsIGZvciB0 aGUgRU1VIFdHIGFuZCBhbSBnZXR0aW5nDQogICAgdGhpcyBkb25lLg0KICAgIA0KICAgIEl0IHNo b3VsZCBwcm9iYWJseSBiZSBjbGFyaWZpZWQgdGhhdCBGaWd1cmUgMWhhcyB0aGUgYWRkaXRpb25h bCByZXN0cmljdGlvbg0KICAgIHRoYXQgdGhlIHNlcnZlciBpcyBub3Qgc2VuZGluZyBhbnkgcmVz dW1wdGlvbiB0aWNrZXRzIGFzIHdlbGwuICAgIEl0IHdvdWxkDQogICAgYWxzbyBiZSBiZXR0ZXIg dG8gbGFiZWwgdGhlIFRMUyBBcHBsaWNhdGlvbiBEYXRhIGFzIHRoZSBjb21taXRtZW50IG1lc3Nh Z2UNCiAgICBhcyBubyBvdGhlciBUTFMgQXBwbGljYXRpb24gZGF0YSBpcyBiZWluZyBzZW50Lg0K ICAgIA0KICAgIEkgdGhpbmsgdGhhdCBpdCBtaWdodCBiZSByZWFzb25hYmxlIHRvIHB1dCBpbiBh IG5vdGUgZm9yIEZpZ3VyZSAyIHRoYXQgaWYgYQ0KICAgIGNsaWVudCBkb2VzIHJlY2VpdmUgYSBm YXRhbCBmcm9tIHRoZSBoZWxsbyBtZXNzYWdlLCB0aGVuIGNoYW5naW5nIHRoZQ0KICAgIG9mZmVy ZWQga2V5IHNoYXJlIGFsZ29yaXRobSBpcyBvbmUgdGhpbmcgdGhhdCBtaWdodCBiZSBzdWNjZXNz ZnVsIGluIHRoZQ0KICAgIGZ1dHVyZSAtIFRoYXQgaXMgcHV0IGluIGEgbm90ZSB0byBtYXRjaCB3 aGF0IHRoZSByZXF1ZXN0IHJldHJ5IG1lc3NhZ2UgZG9lcy4NCiAgICBPa2F5IC0gSSBmb3VuZCB0 aGUgdXNlIG9mIHRoZSByZXRyeSBkb3duIGJlbG93IGJ1dCBpdCBpcyBub3QgcmVmZXJlbmNlZCBm cm9tDQogICAgaGVyZSBidXQgaXQgaXMgc3RpbGwgbGFiZWxlZCBhcyBhIHNlcnZlciByZWplY3Rz IHRoZSBjbGllbnQgaGVsbG8uDQogICAgDQogICAgSW4gc2VjdGlvbiAyLjEuNSAtIFlvdSBhcmUg bWFuZGF0aW5nIHN1cHBvcnQgZm9yIHJlc3VtcHRpb24uICBJcyB0aGlzIHJlYWxseQ0KICAgIHdo YXQgeW91IGFyZSBwbGFubmluZyB0byBkbz8gIElmIHRoaXMgaXMgdHJ1ZSB0aGVuIGxvdHMgb2Yg dGhlIHByZXZpb3VzIHRleHQNCiAgICBzZWVtcyB0byBiZSBvZmYgYmVjYXVzZSB0aGlzIGlzIG5v dCBwYXJ0IG9mIHRoYXQgZGlzY3Vzc2lvbi4NCiAgICANCiAgICBJbiBzZWN0aW9uIDIuMS42IC0g U2hvdWxkIHRoZXJlIGJlIGEgcmVjb21tZW5kYXRpb24gKG9yIG5vdCkgdGhhdCB3aGVuIGENCiAg ICByZXN1bXB0aW9uIHRpY2tldCBpcyB1c2VkLCB0aGVuIGEgbmV3IHRpY2tldCAob3Igc2V0IG9m IHRpY2tldHMpIG91Z2h0IHRvIGJlDQogICAgcHJvdmlkZWQgdG8gdGhlIGNsaWVudC4NCiAgICAN CiAgICBJbiBzZWN0aW9uIDIuNSAtIEkgZG9uJ3Qga25vdyB0aGF0IEkgaGF2ZSB0aGUgYWJpbGl0 eSB0byBjb250cm9sIHdoYXQgdGhlDQogICAgVExTIGJsb2NrIGxvb2tzIGxpa2UgdG8gdGhlIGV4 dGVudCB0aGF0IHRoaXMgc2VlbXMgdG8gYmUgd2FudGluZyB0byBkby4NCiAgICANCiAgICBJbiBz ZWN0aW9uIDUuNyAtIEkgYW0gbm90IHN1cmUgd2h5IG9uZSBjb3VsZCBub3QgcmUtY2hlY2sgZm9y IHJldm9jYXRpb24NCiAgICB3aGVuIGRvaW5nIGEgcmVzdW1wdGlvbiwgSSB3b3VsZCBleHBlY3Qg dGhhdCB0aGlzIGlzIG9ubHkgc2VydmVyIHNpZGUgdGhhdA0KICAgIHdvdWxkIGRvIGl0IGJ1dCB0 aGUgY3VycmVudCBwYXJhZ3JhcGggdHdvIG91dGxhd3MgaXQuDQogICAgDQogICAgSSBhbSBhIGxp dHRsZSBzdXJwcmlzZWQgdGhhdCB0aGUgcGFkZGluZyBmZWF0dXJlIG9mIFRMUyAxLjMgcmVjZWl2 ZWQNCiAgICBhYnNvbHV0ZWx5IG5vIG1lbnRpb24gaW4gdGhpcyBkb2N1bWVudC4NCiAgICANCiAg ICBKaW0NCiAgICANCiAgICANCiAgICANCg0K From nobody Fri Sep 20 03:42:00 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D76812001A; Fri, 20 Sep 2019 03:41:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5LiXBwN3Bz38; Fri, 20 Sep 2019 03:41:56 -0700 (PDT) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150051.outbound.protection.outlook.com [40.107.15.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADEE12008D; Fri, 20 Sep 2019 03:41:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U7/PLysjne+reeTSWirZ8E99CXm0z4ONgHk3H0awgcA2iRqUapiUSnXzfqoxN1dGm7Kyk9JDeHK9FUBfwMzIA/TmA7EzaxnlO3ZYRx01AoM5yUbDP3Hf+lqZjnSH+4JlxAjz/EyRKgxgmc/5GoS771sdF5/v6eISP3GkCNtcWEfV3t+puK0nMEqcq4bi99KzZywWahlNEoChvw9js9GVoK9xpFK7myRo8M4LF1aS7jkZbhu3A4zbgzx/kN4ysF6sqWEVICeG/FqHd8Ir3WYNYgU4J34jQR0Zra/wwi8XmAat4HFQqkZE3G75/h3mFBn4Le+7GWvqfE3FS2jqRrxXuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lzSQ4nRO9SMhAFt6Pa1MEHlId2DgzTqWtfxVNn6O0Wc=; b=KaWmk5wN+FfXvJyQkp0es1mrKHBH5cGfk+W7UUF8DMOko94w3GB0n7G0oVQYzeqqZrWRGy1gNwx8UuY9WLHdHqvpOVamu4gBtOAjFP7u20GXY5OGXFHKMqAMjY/Mpyz1ZZysEcxVRnbsMTyvw9a84ZaXtBI+Nx376WPv27zvolw1ee3XXpM87h3msLhazHEKkfnehulzoD0sloHlANNiWrjipLqrCfnDf0G1oaGnLxvEJdzy6b53e3SuDNskFj+AM1sjVDRSJAcAhZe2V29OZIwnee2cYD1dLsrGAIXKebzMZ5AgiNPW5AQWWEw+hmh+zhobbVpHkT3Z1j3e23lEmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lzSQ4nRO9SMhAFt6Pa1MEHlId2DgzTqWtfxVNn6O0Wc=; b=qpB9YAwbqLN4mQS+1c+ihw7ah90AqHQxgCQkvOFXOfWECR3B4gQ8zoHR4l9T2gMRydlalI4XZ1ZIhtT+CnUcm/K9dqKjaCc2KjjnztUfuzi3MiQZOFrXM6ZdU0/+AWb03atvHYjNnmoDCg+nqYNekDev+rRcqb4XLCneF4jCAvY= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB4217.eurprd07.prod.outlook.com (20.176.162.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Fri, 20 Sep 2019 10:41:53 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.023; Fri, 20 Sep 2019 10:41:53 +0000 From: John Mattsson To: Alan DeKok , "draft-ietf-emu-eap-tls13@ietf.org" , EMU WG Thread-Topic: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Thread-Index: AdVKJoKyKr1G5+9hQuKLAEK5rLYqPgfSdnOQAABeFAAABkCJgP//55mA//bAJjCAEoqCAIADGZ8A Date: Fri, 20 Sep 2019 10:41:53 +0000 Message-ID: <634C375D-FBF3-4297-A5C0-E68C903CA34A@ericsson.com> References: <7828_1564869242_5D46027A_7828_348_1_02e001d54a45$e92ae900$bb80bb00$@augustcellars.com> <20b118932a4843b6b88e605799fafea8@aalto.fi> <211AD83C-D111-4EEB-AAF0-D9B5E521F4CF@deployingradius.com> <8F355C6F-DF1E-4E03-B75E-0F1D2508B9D4@ericsson.com> <246280B8-6E5C-484B-95BD-9C940C98C507@deployingradius.com> <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> In-Reply-To: <17E08795-4E4E-4507-8384-836020966BCF@deployingradius.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 12b88d8b-2e7d-444e-2b79-08d73db726b6 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB4217; x-ms-traffictypediagnostic: HE1PR07MB4217: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0166B75B74 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(39860400002)(366004)(346002)(396003)(199004)(189003)(13464003)(2501003)(2906002)(6486002)(6436002)(6512007)(229853002)(33656002)(6246003)(25786009)(6116002)(99286004)(3846002)(2616005)(186003)(26005)(11346002)(102836004)(53546011)(36756003)(6506007)(446003)(66066001)(14454004)(76176011)(478600001)(110136005)(81156014)(5660300002)(316002)(81166006)(8676002)(66446008)(66946007)(76116006)(66556008)(91956017)(8936002)(58126008)(64756008)(66476007)(86362001)(71190400001)(486006)(14444005)(44832011)(71200400001)(476003)(256004)(305945005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4217; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 98bPCP3wEswLU+RmNyhH7jnaaXatxuVB36wosSRXeqBd+//XwxdiL81Cetb36onoCHgDEFoAos+yET3qzDb9YZ7NTBFoKVGEGw9zt1O/vpzdqC5/srFDmtelAaIoEp/nDnxQZnLD6UHIvF8+xYOaG5otnupN/3KmxgdptqEaAWkbhdQhW789wHnHMwNFWZVrqpRDu1NzUu5nPUhFLpf6TCrBh1Ukrrcma0yCJgmEzguL0Nk58UlVaIZ+Q9U3Sz9G2c8voRVhGU2s6DeLbDEn9QcpelHT6yFKuHWwI6eigEDZnsLy0UOEe74Qe5WBx5RNPKux9cqO3zUa2sHP9ewUlbcoGDCsEVyT43n3nmSlhYNTsbhMEIn73j8SXwRXhgq7vG6GHTRoHGM35snS3kZJZFaQeVFwGDBsVhOS7G2CnUI= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 12b88d8b-2e7d-444e-2b79-08d73db726b6 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2019 10:41:53.1678 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: u+Oshxt4AIy0DGW8fd9CwtBReFIkkTr6po7f/LbIMp36BW5qVVn4YDsHAmMgn9l440MkUf8agRu0CLTLrVRWu/7AY7Isu58oMBQe7qwOuAk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4217 Archived-At: Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Sep 2019 10:41:59 -0000 SGkgQWxhbiwNCg0KSSBhZGRlZCByZWZlcmVuY2VzIHRvIFJGQyA4NDQ2IFNlY3Rpb24gOC4xLCBh bmQgOC4yLCBhbmQgNC4yLjExLiBBZ3JlZSB0aGF0IHRoZXkgYXJlIGdvb2QgdG8gcG9pbnQgb3V0 Lg0KDQpJIGFtIG5vdCBzdXJlIGFib3V0IHRoZSBvdGhlciBzdWdnZXN0aW9ucywgSSBhbSBoZXNp dGFudCB0byBkaXNjdXNzIGFueXRoaW5nIGRldGFpbGVkIGFib3V0IFRMUyAxLjMgdGhhdCBkb2Vz IG5vdCBoYXZlIGEgc3BlY2lmaWMgY29ubmVjdGlvbiB0byBFQVAtVExTIG9yIGFyZSB1c2VmdWwg Zm9yIHVzZXJzIG9mIEVBUC1UTFMuIE15IGZlZWxpbmcgaXMgdGhhdCBhZGRpbmcgc29tZSBleHRl bnNpb24sIGJ1dCBub3Qgb3RoZXIgd291bGQgYmUgZXZlbiBtb3JlIGNvbmZ1c2luZy4gVGhlIGRp YWdyYW1zIGFyZSB0aGVyZSB0byBzaG93IHRoZSBtZXNzYWdlIGZsb3dzLCB3aGljaCBoYXZlIGEg c3Ryb25nIGNvbm5lY3Rpb24gdG8gdGhlIEVBUCBzdGF0ZSBtYWNoaW5lLiBGb3Igb3RoZXIgZGV0 YWlscyBJIHRoaW5rIGltcGxlbWVudG9ycyBoYXZlIHRvIHJlYWQgUkZDIDg0NjYuDQoNCi9Kb2hu DQoNCu+7vy0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBBbGFuIERlS29rIDxhbGFu ZEBkZXBsb3lpbmdyYWRpdXMuY29tPg0KRGF0ZTogV2VkbmVzZGF5LCAxOCBTZXB0ZW1iZXIgMjAx OSBhdCAxNToyMQ0KVG86ICJkcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTNAaWV0Zi5vcmciIDxkcmFm dC1pZXRmLWVtdS1lYXAtdGxzMTNAaWV0Zi5vcmc+LCBFTVUgV0cgPGVtdUBpZXRmLm9yZz4NClN1 YmplY3Q6IFJlOiBbRW11XSBQT1NUIFdHTEMgQ29tbWVudHMgZHJhZnQtaWV0Zi1lbXUtZWFwLXRs czEzDQpSZXNlbnQgZnJvbTogPGFsaWFzLWJvdW5jZXNAaWV0Zi5vcmc+DQpSZXNlbnQgdG86IEpv aG4gTWF0dHNzb24gPGpvaG4ubWF0dHNzb25AZXJpY3Nzb24uY29tPiwgPG1vaGl0QHBpdWhhLm5l dD4NClJlc2VudCBkYXRlOiBXZWRuZXNkYXksIDE4IFNlcHRlbWJlciAyMDE5IGF0IDE1OjIxDQoN CiAgICAgIEp1c3QgcmUtcmVhZGluZyB0aGUgdGV4dCBvbiBQU0ssIEkgbm90aWNlZCBhIGZldyB0 aGluZ3MuICBUaGUgdGV4dCBpbiBTZWN0aW9uIDIuMS4yIHRhbGtzIGFib3V0IFBTSywgdGhlIHNl c3Npb24gdGlja2V0LCBhbmQgYSAia2V5X3NoYXJlIiBleHRlbnNpb24uICAgVGhlIGFjY29tcGFu eWluZyBkaWFncmFtIGRvZXNuJ3QgaW5jbHVkZSBhbnkgb2YgdGhvc2UuICBJIHN1Z2dlc3QgdXBk YXRpbmcgdGhlIGRpYWdyYW0gdG8gaW5jbHVkZSB0aGVtLg0KICAgIA0KICAgICAgQXMgYSByZWxh dGVkIG5vdGUsIGlmIHRoZSBQU0sgKmlzKiBpbiB0aGUgcmVzdW1wdGlvbiBjYWNoZSwgYnV0IHRo ZSBrZXkgaXMgd3JvbmcsIHRoZSBjYWNoZSBlbnRyeSBzaG91bGQgbm90IGJlIGRpc2NhcmRlZC4g IE90aGVyd2lzZSBhbiBhdHRhY2tlciBjYW4gZGlzYWJsZSBjYWNoaW5nIGZvciAqYWxsKiB1c2Vy cy4gIFRoaXMgaXNzdWUgY291bGQgYmUgY2xlYXJlciBpbiB0aGlzIGRvY3VtZW50Lg0KICAgIA0K ICAgICAgUGVyaGFwcyBpdCB3b3VsZCBiZSB1c2VmdWwgdG8gYWRkIGEgc2hvcnQgbm90ZSBpbiBT ZWN0aW9uIDUgYWJvdXQgc2VjdXJpdHkgb2YgcmVzdW1wdGlvbi4gIEl0IHNob3VsZCByZWZlcmVu Y2UgUkZDIDg0NDYgU2VjdGlvbiA4LjEsIGFuZCA4LjIsIHdoaWNoIGRpc2N1c3MgdGhpcyBpc3N1 ZS4gIEFsc28sIFNlY3Rpb24gNC4yLjExIG9mIHRoYXQgZG9jdW1lbnQgaGFzIGFuICJJbXBsZW1l bnRvcidzIG5vdGU6IiB3aGljaCBpcyBpbXBvcnRhbnQuDQogICAgDQogICAgICBBbGFuIERlS29r Lg0KICAgIA0KICAgIA0KDQo= From nobody Sat Sep 21 01:38:59 2019 Return-Path: X-Original-To: emu@ietf.org Delivered-To: emu@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E1C120227; Sat, 21 Sep 2019 01:38:58 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: internet-drafts@ietf.org To: Cc: emu@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.102.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: emu@ietf.org Message-ID: <156905513812.22986.12652600171760389302@ietfa.amsl.com> Date: Sat, 21 Sep 2019 01:38:58 -0700 Archived-At: Subject: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2019 08:38:58 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename : draft-ietf-emu-eap-tls13-07.txt Pages : 28 Date : 2019-09-21 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-07 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Sep 21 01:55:06 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31276120929 for ; Sat, 21 Sep 2019 01:55:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nLRMpBdzBlmq for ; Sat, 21 Sep 2019 01:55:01 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40050.outbound.protection.outlook.com [40.107.4.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7C6A120227 for ; Sat, 21 Sep 2019 01:55:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D0gwNt1ZfERKwV3Qze+CO3o1mriPeLGlHsh9Df1GI9UlxJj8sIuW9aliW0rD09CzPoNqID+x7nBj+XR4Xx9N89ePD/TbUNIY1crXYd0yFOx6t4uld1QPOnXCdzAMAN1l9rwaDu37M9nTTLQMK0apyD009n47gja/L94+o74cb+Nq6eSpT5a90zp2XanmD+jQya2nGNicy5IgoW0CqSJEIsx4pvDsyNRgdgLaqxMxdlAF9RNkGxNHf2/7+PkYANXLCc28CLXCDHlsL5C/Ca9uSttD/jiLufVT5cycNCr9dihNgVo3uLsuSOFk65kL85fAk7/pTsdztMgm9w6cTOh9MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLJQ+8TEFfxVP2BT9ig7UqxP+kFKgLOeThcFIEboZd0=; b=BgJ+Wys4ADLf/Nqhdqi6BuR7Qxuucj3ISs6yAbUkCP027RoKFlwYnsA0fGiae0DWOf5Q/HMEmAAiJ8KgqQljSbIiJ/lLmMRh1+smSDdn1VWspL1trG+C4VNGRsiXKc3P/IUAJsYTXyqxY/5uneRExQB8iUPiR5rubnU403vO+8BB3U3ryusN6PCyPMtLGLCi502bdHsqMS5GEUsGdIZHaMYvS8Ni9SbqhISRz768uAnRAdnCHVJZU0Gv0QOMnT7a6Kz9vWmH1emd8c+CXrFlUkIaNLoF4C+0GAWdI9lHh43w2ahTT4ZT1eqUvycC0DtHsCBfUfo0Z/OoAWNgcxB3Uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CLJQ+8TEFfxVP2BT9ig7UqxP+kFKgLOeThcFIEboZd0=; b=TLzOOnpFZo6xu88GYxEFw3HGqsuHNDX2SExKr/kxXrHbVHObfVm7v3+qHjyCbjHocGV4TDHGQJGcPNqVxGTN5IE4XUHl73bBpA8IhuS6Ev1tTq58Lh5uRquDKy0bwzNEMBXQ9a4vAa4sd3NwwH7I+BWoDz0AjK5cdtDfkdguGwg= Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3465.eurprd07.prod.outlook.com (10.170.247.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.11; Sat, 21 Sep 2019 08:54:58 +0000 Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::c8fb:acc1:b00e:84ef%6]) with mapi id 15.20.2284.023; Sat, 21 Sep 2019 08:54:58 +0000 From: John Mattsson To: "emu@ietf.org" Thread-Topic: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt Thread-Index: AQHVcFgKD8ZQZeSknEKkvHUpOLrQDKc19VIA Date: Sat, 21 Sep 2019 08:54:57 +0000 Message-ID: <189DB4A5-D63E-4AF7-AB45-EB39DB46CF84@ericsson.com> References: <156905513812.22986.12652600171760389302@ietfa.amsl.com> In-Reply-To: <156905513812.22986.12652600171760389302@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com; x-originating-ip: [82.214.46.143] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 05b2f417-4ddc-4320-eddd-08d73e716153 x-ms-traffictypediagnostic: HE1PR07MB3465: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0167DB5752 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(346002)(396003)(39860400002)(136003)(199004)(189003)(13464003)(305945005)(99286004)(71190400001)(71200400001)(58126008)(66476007)(186003)(7736002)(36756003)(6916009)(316002)(76176011)(14444005)(66946007)(102836004)(66446008)(64756008)(25786009)(66556008)(6246003)(76116006)(6306002)(66066001)(478600001)(6512007)(6436002)(5640700003)(2906002)(81156014)(86362001)(8936002)(486006)(66574012)(2501003)(966005)(14454004)(6486002)(26005)(91956017)(256004)(33656002)(81166006)(6506007)(229853002)(476003)(2616005)(2351001)(1730700003)(11346002)(3846002)(6116002)(5660300002)(44832011)(446003)(8676002)(574754004); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3465; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gLJsvlhoecjaFZbwXhN1XpxD1QCTU5NiwTg6gs8GmgIL3OoQ6/QWSTz9sKj7ALAWjrClbAASOyhForgeubFxz7ecuOuTskN44bX1mJjJ7Y/6kNWgA+mUsMtyykx2VtvCpGfvfdwjf2G+3db5HTd2POA+F3p1/LunlJtUz/CnONE3LKMwtceZWlQdxobhJYddmjlNkYHxBa6831QlsOcPu23nVrbrKAGlwHEQbLV2ZKaiiPqIwsfQDFO9f96j9cZrsVNfHKQbBudnCN6DzUfSaL71PYJIx32Jn12wR7IJNW2WvjS95/aQjgAH2Ra0k3FX/+HCN78zMAVAVGu2r2mUqTV/WJEYm3AamYPljxsLkza2jw2HZJ4dl7i+L1j/P5D9RioRQXeUqldjlHXY355wJy6oFSgvWuDlc1p4sU7zjBc= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: 05b2f417-4ddc-4320-eddd-08d73e716153 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2019 08:54:57.9912 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WalFLzzzuqBaTro/lLBeaSxf33TbnQ6otFuGm0kH7/Asn77HpQwvcWG7lKd0mMT9Ht64Hj0XAyFd/S7BrrtEBZxSkSWckzL8PjU6TSRfYYs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3465 Archived-At: Subject: Re: [Emu] I-D Action: draft-ietf-emu-eap-tls13-07.txt X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2019 08:55:04 -0000 VGhlIGNoYW5nZXMgZnJvbSAtMDYgdG8gLTA3IGFyZSBiYXNlZCBvbiB0aGUgY29tbWVudHMgZnJv bSBKaW0gYW5kIEFsYW4NCg0KLSBNZW50aW9uIHJlY29yZCBwYWRkaW5nIHdoZXJlIGl0IG1ha2Vz IHNlbnNlIChpbnRyb2R1Y3Rpb24sIHN0YXRlIG1hY2hpbmUsIGFuZCBwcml2YWN5IGNvbnNpZGVy YXRpb25zKQ0KLSBNZW50aW9uIHRoYXQgZmlnIDEgY29udGFpbnMgbmVpdGhlciBIZWxsb1JldHJ5 UmVxdWVzdCBub3IgUG9zdC1IYW5kc2hha2UgbWVzc2FnZXMNCi0gVXNlIHRoZSB0ZXJtIENvbW1p dG1lbnQgTWVzc2FnZSBpbnN0ZWFkIG9mIFRMUyBBcHBsaWNhdGlvbiBEYXRhIA0KLSBTb21lIGFk ZGl0aW9uYWwgY2xhcmlmaWNhdGlvbnMgYW5kIHJld29yZGluZ3MgaW4gc2VjdGlvbnMgMiBhbmQg NS43DQotIFJlZmVyZW5jZXMgdG8gU2VjdGlvbnMgNC4yLjExLCA4LjEsIDguMiwgYW5kIEMuNCBv ZiBSRkMgODQ0Ng0KLSBSZWZlcmVuY2UgdG8gZHJhZnQtaWV0Zi1lbXUtZWFwdGxzY2VydA0KDQpU aGUgb25seSByZW1haW5pbmcgZGlzY3Vzc2lvbiBpcyBhYm91dCB0aGUgVExTIFBTSyBtb2RlLiBJ IG1hZGUgYW4gaXNzdWUgZm9yIHRoaXMgb24gR2l0aHViOg0KaHR0cHM6Ly9naXRodWIuY29tL2Vt dS13Zy9kcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTMvaXNzdWVzLzEwDQoNClJpZ2h0IG5vdyB0aGVy ZSBzZWVtcyB0byBiZSBkaXNhZ3JlZW1lbnQgYWJvdXQgdGVjaG5pY2FsIHRoaW5ncyBsaWtlIHRo ZSBzZWN1cml0eSBwcm9wZXJ0aWVzIG9mIHRoZSBkaWZmZXJlbnQgRUFQIG1ldGhvZHMuIFJpZ2h0 IG5vdyBJIHRoaW5rIHdlIG5lZWQgYSBiZXR0ZXIgdW5kZXJzdGFuZGluZyByZWdhcmRpbmcgdGhl IHNlY3VyaXR5IG9mZmVyZWQgYnkgdGhlIGRpZmZlcmVudCBtZXRob2QgYW5kIHdoYXQgdGhlIHVz ZSBjYXNlcyB3ZSB3b3VsZCBsaWtlIHRvIHNvbHZlIChQU0sgYW5kL29yIHBhc3N3b3JkKSAodHVu bmVsbGVkIGFuZC9vciBub24tdHVubmVsbGVkKS4NCg0KQ2hlZXJzLA0KSm9obg0KDQrvu78tLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogRW11IDxlbXUtYm91bmNlc0BpZXRmLm9yZz4g b24gYmVoYWxmIG9mICJpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmciIDxpbnRlcm5ldC1kcmFmdHNA aWV0Zi5vcmc+DQpSZXBseSB0bzogImVtdUBpZXRmLm9yZyIgPGVtdUBpZXRmLm9yZz4NCkRhdGU6 IFNhdHVyZGF5LCAyMSBTZXB0ZW1iZXIgMjAxOSBhdCAxMDozOQ0KVG86ICJpLWQtYW5ub3VuY2VA aWV0Zi5vcmciIDxpLWQtYW5ub3VuY2VAaWV0Zi5vcmc+DQpDYzogImVtdUBpZXRmLm9yZyIgPGVt dUBpZXRmLm9yZz4NClN1YmplY3Q6IFtFbXVdIEktRCBBY3Rpb246IGRyYWZ0LWlldGYtZW11LWVh cC10bHMxMy0wNy50eHQNCg0KICAgIA0KICAgIEEgTmV3IEludGVybmV0LURyYWZ0IGlzIGF2YWls YWJsZSBmcm9tIHRoZSBvbi1saW5lIEludGVybmV0LURyYWZ0cyBkaXJlY3Rvcmllcy4NCiAgICBU aGlzIGRyYWZ0IGlzIGEgd29yayBpdGVtIG9mIHRoZSBFQVAgTWV0aG9kIFVwZGF0ZSBXRyBvZiB0 aGUgSUVURi4NCiAgICANCiAgICAgICAgICAgIFRpdGxlICAgICAgICAgICA6IFVzaW5nIEVBUC1U TFMgd2l0aCBUTFMgMS4zDQogICAgICAgICAgICBBdXRob3JzICAgICAgICAgOiBKb2huIFByZXXD nyBNYXR0c3Nvbg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTW9oaXQgU2V0aGkNCiAg ICAJRmlsZW5hbWUgICAgICAgIDogZHJhZnQtaWV0Zi1lbXUtZWFwLXRsczEzLTA3LnR4dA0KICAg IAlQYWdlcyAgICAgICAgICAgOiAyOA0KICAgIAlEYXRlICAgICAgICAgICAgOiAyMDE5LTA5LTIx DQogICAgDQogICAgQWJzdHJhY3Q6DQogICAgICAgVGhpcyBkb2N1bWVudCBzcGVjaWZpZXMgdGhl IHVzZSBvZiBFQVAtVExTIHdpdGggVExTIDEuMyB3aGlsZQ0KICAgICAgIHJlbWFpbmluZyBiYWNr d2FyZHMgY29tcGF0aWJsZSB3aXRoIGV4aXN0aW5nIGltcGxlbWVudGF0aW9ucyBvZiBFQVAtDQog ICAgICAgVExTLiAgVExTIDEuMyBwcm92aWRlcyBzaWduaWZpY2FudGx5IGltcHJvdmVkIHNlY3Vy aXR5LCBwcml2YWN5LCBhbmQNCiAgICAgICByZWR1Y2VkIGxhdGVuY3kgd2hlbiBjb21wYXJlZCB0 byBlYXJsaWVyIHZlcnNpb25zIG9mIFRMUy4gIEVBUC1UTFMNCiAgICAgICB3aXRoIFRMUyAxLjMg ZnVydGhlciBpbXByb3ZlcyBzZWN1cml0eSBhbmQgcHJpdmFjeSBieSBtYW5kYXRpbmcgdXNlDQog ICAgICAgb2YgcHJpdmFjeSBhbmQgcmV2b2NhdGlvbiBjaGVja2luZy4gIFRoaXMgZG9jdW1lbnQg dXBkYXRlcyBSRkMgNTIxNi4NCiAgICANCiAgICANCiAgICBUaGUgSUVURiBkYXRhdHJhY2tlciBz dGF0dXMgcGFnZSBmb3IgdGhpcyBkcmFmdCBpczoNCiAgICBodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTMvDQogICAgDQogICAgVGhlcmUgYXJl IGFsc28gaHRtbGl6ZWQgdmVyc2lvbnMgYXZhaWxhYmxlIGF0Og0KICAgIGh0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLWVtdS1lYXAtdGxzMTMtMDcNCiAgICBodHRwczovL2Rh dGF0cmFja2VyLmlldGYub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtZW11LWVhcC10bHMxMy0wNw0K ICAgIA0KICAgIEEgZGlmZiBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uIGlzIGF2YWlsYWJsZSBh dDoNCiAgICBodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQtaWV0Zi1lbXUt ZWFwLXRsczEzLTA3DQogICAgDQogICAgDQogICAgUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFr ZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbg0KICAgIHVu dGlsIHRoZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQgdG9vbHMu aWV0Zi5vcmcuDQogICAgDQogICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBi eSBhbm9ueW1vdXMgRlRQIGF0Og0KICAgIGZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFm dHMvDQogICAgDQogICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18NCiAgICBFbXUgbWFpbGluZyBsaXN0DQogICAgRW11QGlldGYub3JnDQogICAgaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXUNCiAgICANCg0K From nobody Sat Sep 21 05:16:31 2019 Return-Path: X-Original-To: emu@ietfa.amsl.com Delivered-To: emu@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFAAA1200DF for ; Sat, 21 Sep 2019 05:16:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTOZdxVYV4ST for ; Sat, 21 Sep 2019 05:16:26 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40063.outbound.protection.outlook.com [40.107.4.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67791120018 for ; Sat, 21 Sep 2019 05:16:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y1DsSd9W7CZEWOiIwB6eAozV0HFTMm0wo84jQWSo20Z006hLsxEw+crI/DYXGoTk05q8//il6WFxUl267lpWqPNo+KX3NV3Pl/Cws5tlUWUijhpF06U479SK8xfMsSODsBZgoIeA2H+WKZs38H/01oCqOvScMdkJtYHS3TK24vmM12uw1v+dHHmjaEP0qHlL+2VQUBjq5hwZWiv3eIOWQL4IoR4nsZ/oat6Y8f3kg2v052KaXkdWQNvOWuE3oPnQcLGsClHcOry3hNYrOvDPBFIe8rN96db8Xu8Lx1gGAZt8Wh4xtNneg47dBtMcX9MOqQLwlJ5mwFgOlp3Rb2orzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kafAxpXyOj5zJuMUzsLwURILEmXhJPm+9s3N1zzA43Q=; b=dpZTrY3MywUSTl8TFtIMGYLI3M0+2avIfK45ixXNJQjsSO8XjKzytpxpPOm35I2W7QMoac/ghGVhFHDjKYCqRcXbtnBEytNK9qsZsSehnzKzPCkLGyUe3aopGidh5SXBzLf7UyPE9fhGZCfxAp59aZ+mlPlWyC6JMVxs7yhWhZXsW6NzrdvgvdJQgmzYao/x4z+s8OmH3fXX2HPdZLg3KxSQf2vacsJp+qNhNsJh7XUWyrwbhncqQ+1dbscEjeOIq0uaL5qX4IhVcoTzs+1PWjcl7SbMuFCH4eRdmy7k9Kw8EjqUWUni58+u+efEMR+jLAkyCg+3AqxXkhAczx47gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kafAxpXyOj5zJuMUzsLwURILEmXhJPm+9s3N1zzA43Q=; b=YsWmvjFe4mfAVZQwuVNtX57C/5TvpaQlGXV4YZ/hI/mrB4Bt46c6/7WGOP22Hl5wsikvmz8Km/tm0cK8O1QnskIDeVpfEC523e6irUFI6nAXZuXNBYj6mibglaHB7EsdYyGCSRwxOqBDXtrbgUAZyEd74UwbOVEAf1BrPiq9rQI= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.17; Sat, 21 Sep 2019 12:16:17 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2284.009; Sat, 21 Sep 2019 12:16:17 +0000 From: Mohit Sethi M To: "Georgios Z. Papadopoulos" , Mohit Sethi M CC: "emu@ietf.org" Thread-Topic: [Emu] Re-charter text Thread-Index: AQHVV/hd5AP1y7w6BUWxMRLUThUF06cm86GAgApVLICABPP8gA== Date: Sat, 21 Sep 2019 12:16:17 +0000 Message-ID: References: <94702096-c854-02fb-ce39-6f1c5dde80a6@ericsson.com> <04956223-5FCF-4432-B1FF-D2B1D57D92CF@imt-atlantique.fr> In-Reply-To: <04956223-5FCF-4432-B1FF-D2B1D57D92CF@imt-atlantique.fr> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [37.33.6.167] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c15f4bbe-31c3-4ce7-195e-08d73e8d8163 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:HE1PR0701MB2905; x-ms-traffictypediagnostic: HE1PR0701MB2905:|HE1PR0701MB2905: x-ms-exchange-purlcount: 4 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0167DB5752 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(376002)(396003)(346002)(136003)(199004)(189003)(31686004)(26005)(236005)(14444005)(64756008)(66556008)(7736002)(65806001)(6116002)(53546011)(81156014)(446003)(5660300002)(86362001)(65956001)(6506007)(8936002)(99286004)(256004)(81166006)(36756003)(76176011)(606006)(66476007)(966005)(6436002)(66446008)(66066001)(76116006)(102836004)(186003)(14454004)(31696002)(8676002)(54896002)(25786009)(6246003)(229853002)(66946007)(3846002)(6512007)(4326008)(71200400001)(71190400001)(478600001)(6306002)(316002)(486006)(476003)(11346002)(2906002)(2616005)(58126008)(6486002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2905; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Mxih6pfbDkr1Btp6XgJ7O85c/GvtElM6NINWP+i4qm43IL+c+XBhO/gLX5yhZXQguSJveYyjQrGTDL76NFKGYvynSq1YzFM6XrDg2FYR8hEAX3YVFubV29wYs8RmS374kIb4o1mZNSiO2oWWoVWi6xEwZ5HgOwuPq6lAdHyBY1m0YLNEEGCC6QRhBJe8kf7TxbMobw+CUQpRJy6LnvHh/ybv+cfODiIDJNN0Ae047bc3jXxA9BmTx5MsU5JZscyFmlRrfCavdd6An07vv0s3+2uroeZCn5E6czhjEbzWtfFvHYI7pwr6FaDs0E2axvENA037rxAKdjLgZiJtRTrO4bvfsXj7a7pPwUJt3Abh7xNcwg2mW+i0sdMMkbhnco4E5M8I80DZ9dCsKzfwiQ1QsZnxDgtfZx9maM5wrgEUYds= Content-Type: multipart/alternative; boundary="_000_f22054646b4016ce2a069e972730e1c3ericssoncom_" MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: c15f4bbe-31c3-4ce7-195e-08d73e8d8163 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2019 12:16:17.3772 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 37CTC9hwAo6PYLrhl3s+FEui6VGec2yEmBnk3IVKOAeotoP/qn8bMnL7oiPMcC3L01xgeIZ3HuQ0rM16Igh1ELY48Nx46A2wiGYJwwy5Iis= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2905 Archived-At: Subject: Re: [Emu] Re-charter text X-BeenThere: emu@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "EAP Methods Update \(EMU\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2019 12:16:31 -0000 --_000_f22054646b4016ce2a069e972730e1c3ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgR2Vvcmdpb3MsDQoNClRoYW5rcyBmb3IgcmVhZGluZyB0aGUgY2hhcnRlci4gSSBoYXZlIGFk ZHJlc3NlZCB5b3VyIGNvbW1lbnRzIG9uIGdpdGh1Yi4gSGVyZSBpcyB0aGUgdXBkYXRlZCB0ZXh0 Og0KaHR0cHM6Ly9naXRodWIuY29tL2VtdS13Zy9jaGFydGVyL2Jsb2IvbWFzdGVyL2VtdS1jaGFy dGVyLm1kDQoNCmFuZCBoZXJlIGlzIHRoZSBkaWZmIGZyb20gdGhlIHByZXZpb3VzIHZlcnNpb246 DQpodHRwczovL2dpdGh1Yi5jb20vZW11LXdnL2NoYXJ0ZXIvY29tbWl0L2JlMWJmNTU3MzU1ZWNi YTVkNWVlMzVhYjI3ZjNlOGZhZThjMDZlZWYNCg0KLS1Nb2hpdA0KDQpPbiA5LzE4LzE5IDExOjM3 IEFNLCBHZW9yZ2lvcyBaLiBQYXBhZG9wb3Vsb3Mgd3JvdGU6DQpEZWFyIEpvZSwgTW9oaXQgYW5k IGFsbCwNCg0KSW4gb3ZlcmFsbCBJIGZpbmQgdGhlIHRleHQgd2VsbCB3cml0dGVuLCB3aGlsZSB0 aGUgb2JqZWN0aXZlcyB3ZWxsIGRlZmluZWQuDQpCZWxvdyBJIGhhdmUgdmVyeSBmZXcgY29tbWVu dHMgOg0KDQoqIFRMUyBpcyBub3QgZGVmaW5lZC4NCiogUGVyZmVjdCBGb3J3YXJkIFNlY3JlY3kg KFBGUykgaXMgZGVmaW5lZCB0d2ljZS4NCiogLSBBbiB1cGRhdGUgdG8gZW5hYmxlIHRoZSB1c2Ug b2YgVExTIDEuMyBpbiB0aGUgY29udGV4dCBvZiBFQVAtVExTIChSRkMgNTIxNikuIFRoaXMgZG9j dW1lbnQgd2lsbCBwZGF0ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgcmVsYXRpbmcgdG8g RUFQLVRMUywgZG9jdW1lbnQgdGhlIGltcGxpY2F0aW9ucyBvZiB1c2luZyBuZXcgdnMuIG9sZCBU TFMgdmVyc2lvbnMsIGFkZCBhbnkgcmVjZW50bHkgZ2FpbmVkIG5ldyBrbm93bGVkZ2Ugb24gdnVs bmVyYWJpbGl0aWVzLCBhbmQgZGlzY3VzcyB0aGUgcG9zc2libGUgaW1wbGljYXRpb25zIG9mIHBl cnZhc2l2ZSBzdXJ2ZWlsbGFuY2UuDQoNClRoaXMgbGFzdCBwb2ludCwgbWF5YmUgY291bGQgYmUg ZGl2aWRlZCBpbiBzZXZlcmFsIHNlbnRlbmNlcywgc2luY2UgSSBmaW5kIGl0IHRvbyBsb25nIGFu ZCwgdGh1cywgaGFyZCB0byBmb2xsb3cuDQoNCk1hbnkgdGhhbmtzIGZvciB5b3VyIGVmZm9ydHMu DQoNCkJlc3QgcmVnYXJkcywNCkdlb3JnaW9zDQoNCg0KT24gU2VwIDExLCAyMDE5LCBhdCAyMDo1 MCwgTW9oaXQgU2V0aGkgTSA8bW9oaXQubS5zZXRoaUBlcmljc3Nvbi5jb208bWFpbHRvOm1vaGl0 Lm0uc2V0aGlAZXJpY3Nzb24uY29tPj4gd3JvdGU6DQoNCg0KRGVhciBhbGwsDQoNClBsZWFzZSBz ZW5kIGluIHlvdXIgY29tbWVudHMgb24gdGhlIGNoYXJ0ZXIgdGV4dCBieSBXZWRuZXNkYXksIFNl cHRlbWJlciAxOCwgMjAxOS4NCg0KSm9lIGFuZCBNb2hpdA0KDQpPbiA4LzIxLzE5IDExOjEzIEFN LCBNb2hpdCBTZXRoaSBNIHdyb3RlOg0KDQpEZWFyIGFsbCwNCg0KVGhhbmsgeW91IGZvciBhIHBy b2R1Y3RpdmUgbWVldGluZyBAIElFVEYgMTA1LiBXZSBoYWQgZGlzY3Vzc2VkIHRoZSBuZXcgY2hh cnRlciB0ZXh0IGR1cmluZyB0aGUgd29ya2luZyBncm91cCBzZXNzaW9uIGluIE1vbnRyZWFsLiBQ bGVhc2UgZmluZCB0aGUgc2FtZSB0ZXh0IGJlbG93LiBUaGlzIHRleHQgYnVpbGRzIHVwb24gb3Vy IGN1cnJlbnQgY2hhcnRlci4gRmVlbCBmcmVlIHRvIHN1Z2dlc3QgY2hhbmdlcy4gUkZDIDI0MTgg c2VjdGlvbiAyLjIgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI0MTgjc2VjdGlvbi0y LjIgc2F5cyB0aGUgZm9sbG93aW5nIGFib3V0IGEgd29ya2luZyBncm91cCBjaGFydGVyOg0KDQog ICAyLiBTcGVjaWZpZXMgdGhlIGRpcmVjdGlvbiBvciBvYmplY3RpdmVzIG9mIHRoZSB3b3JraW5n IGdyb3VwIGFuZA0KICAgICAgZGVzY3JpYmVzIHRoZSBhcHByb2FjaCB0aGF0IHdpbGwgYmUgdGFr ZW4gdG8gYWNoaWV2ZSB0aGUgZ29hbHM7DQoNClBsZWFzZSBrZWVwIHRoaXMgaW4gbWluZCB3aGVu IHN1Z2dlc3RpbmcgY2hhbmdlcy4gT25jZSB0aGUgdGV4dCBpcyByZWFkeSwgd2Ugd2lsbCBzZW5k IGl0IHRvIHRoZSBJRVNHIGZvciByZXZpZXcuDQoNCkpvZSBhbmQgTW9oaXQNCg0KLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tDQoNClRoZSBFeHRlbnNpYmxlIEF1dGhlbnRpY2F0aW9uIFByb3RvY29s IChFQVApIFtSRkMgMzc0OF0gaXMgYSBuZXR3b3JrIGFjY2VzcyBhdXRoZW50aWNhdGlvbiBmcmFt ZXdvcmsgdXNlZCwgZm9yIGluc3RhbmNlLCBpbiBWUE4gYW5kIG1vYmlsZSBuZXR3b3Jrcy4gRUFQ IGl0c2VsZiBpcyBhIHNpbXBsZSBwcm90b2NvbCBhbmQgYWN0dWFsIGF1dGhlbnRpY2F0aW9uIGhh cHBlbnMgaW4gRUFQIG1ldGhvZHMuIFNldmVyYWwgRUFQIG1ldGhvZHMgaGF2ZSBiZWVuIGRldmVs b3BlZCBhdCB0aGUgSUVURiBhbmQgc3VwcG9ydCBmb3IgRUFQIGV4aXN0cyBpbiBhIGJyb2FkIHNl dCBvZiBkZXZpY2VzLiBQcmV2aW91cyBsYXJnZXIgRUFQLXJlbGF0ZWQgZWZmb3J0cyBhdCB0aGUg SUVURiBpbmNsdWRlZCByZXdyaXRpbmcgdGhlIGJhc2UgRUFQIHByb3RvY29sIHNwZWNpZmljYXRp b24gYW5kIHRoZSBkZXZlbG9wbWVudCBvZiBzZXZlcmFsIHN0YW5kYXJkcyB0cmFjayBFQVAgbWV0 aG9kcy4NCg0KRUFQIG1ldGhvZHMgYXJlIGdlbmVyYWxseSBiYXNlZCBvbiBleGlzdGluZyBzZWN1 cml0eSB0ZWNobm9sb2dpZXMgc3VjaCBhcyBUTFMgYW5kIFNJTSBjYXJkcy4gT3VyIHVuZGVyc3Rh bmRpbmcgb2Ygc2VjdXJpdHkgdGhyZWF0cyBpcyBjb250aW51b3VzbHkgZXZvbHZpbmcuIFRoaXMg aGFzIGRyaXZlbiB0aGUgZXZvbHV0aW9uIG9mIHNldmVyYWwgb2YgdGhlc2UgdW5kZXJseWluZyB0 ZWNobm9sb2dpZXMuIEFzIGFuIGV4YW1wbGUsIElFVEYgaGFzIHN0YW5kYXJkaXplZCBhIG5ldyBh bmQgaW1wcm92ZWQgdmVyc2lvbiBvZiBUTFMgaW4gUkZDIDg0NDYuIFRoZSBncm91cCB3aWxsIHRo ZXJlZm9yZSBwcm92aWRlIGd1aWRhbmNlIGFuZCB1cGRhdGUgRUFQIG1ldGhvZCBzcGVjaWZpY2F0 aW9ucyB3aGVyZSBuZWNlc3NhcnkgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgbmV3IHZlcnNpb25zIG9m IHRoZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLg0KDQpBdCB0aGUgc2FtZSB0aW1lLCBzb21l IG5ldyB1c2UgY2FzZXMgZm9yIEVBUCBoYXZlIGJlZW4gaWRlbnRpZmllZC4gRUFQIGlzIG5vdyBt b3JlIGJyb2FkbHkgaW4gbW9iaWxlIG5ldHdvcmsgYXV0aGVudGljYXRpb24uIFRoZSBncm91cCB3 aWxsIHVwZGF0ZSBleGlzdGluZyBFQVAgbWV0aG9kcyBzdWNoIGFzIEVBUC1BS0EnIHRvIHN0YXkg aW4gc3luYyB3aXRoIHVwZGF0ZXMgdG8gdGhlIHJlZmVyZW5jZWQgM0dQUCBzcGVjaWZpY2F0aW9u cy4gUkZDIDcyNTggbm90ZXMgdGhhdCBwZXJ2YXNpdmUgbW9uaXRvcmluZyBpcyBhbiBhdHRhY2su IFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IChQRlMpIGlzIGFuIGltcG9ydGFudCBzZWN1cml0eSBw cm9wZXJ0eSBmb3IgbW9kZXJuIHByb3RvY29scyB0byB0aHdhcnQgcGVydmFzaXZlIG1vbml0b3Jp bmcuIFRoZSBncm91cCB3aWxsIHRoZXJlZm9yZSB3b3JrIG9uIGFuIGV4dGVuc2lvbiB0byBFQVAt QUtBJyBmb3IgcHJvdmlkaW5nIFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IChQRlMpLg0KDQpPdXQt b2YtYmFuZCAoT09CKSByZWZlcnMgdG8gYSBzZXBhcmF0ZSBjb21tdW5pY2F0aW9uIGNoYW5uZWwg aW5kZXBlbmRlbnQgb2YgdGhlIHByaW1hcnkgaW4tYmFuZCBjaGFubmVsIG92ZXIgd2hpY2ggdGhl IGFjdHVhbCBuZXR3b3JrIGNvbW11bmljYXRpb24gdGFrZXMgcGxhY2UuIE9PQiBjaGFubmVscyBh cmUgbm93IHVzZWQgZm9yIGF1dGhlbnRpY2F0aW9uIGluIGEgdmFyaWV0eSBvZiBwcm90b2NvbHMg YW5kIGRldmljZXMgKGRyYWZ0LWlldGYtb2F1dGgtZGV2aWNlLWZsb3ctMTMsIFdoYXRzQXBwIFdl YiwgZXRjLikuIE1hbnkgdXNlcnMgYXJlIGFjY3VzdG9tZWQgdG8gdGFwcGluZyBORkMgb3Igc2Nh bm5pbmcgUVIgY29kZXMuIEhvd2V2ZXIsIEVBUCBjdXJyZW50bHkgZG9lcyBub3QgaGF2ZSBhbnkg c3RhbmRhcmQgbWV0aG9kcyB0aGF0IHN1cHBvcnQgYXV0aGVudGljYXRpb24gYmFzZWQgb24gT09C IGNoYW5uZWxzLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUgd29yayBvbiBhbiBFQVAgbWV0aG9k IHdoZXJlIGF1dGhlbnRpY2F0aW9uIGlzIGJhc2VkIG9uIGFuIG91dC1vZi1iYW5kIGNoYW5uZWwg YmV0d2VlbiB0aGUgcGVlciBhbmQgdGhlIHNlcnZlci4NCg0KRUFQIGF1dGhlbnRpY2F0aW9uIGlz IGJhc2VkIG9uIGNyZWRlbnRpYWxzIGF2YWlsYWJsZSBvbiB0aGUgcGVlciBhbmQgdGhlIHNlcnZl ci4gSG93ZXZlciwgc29tZSBFQVAgbWV0aG9kcyB1c2UgY3JlZGVudGlhbHMgdGhhdCBhcmUgdGlt ZSBvciBkb21haW4gbGltaXRlZCAoc3VjaCBhcyBFQVAtUE9UUCksIGFuZCB0aGVyZSBtYXkgYmUg YSBuZWVkIGZvciBjcmVhdGluZyBsb25nIHRlcm0gY3JlZGVudGlhbHMgZm9yIHJlLWF1dGhlbnRp Y2F0aW5nIHRoZSBwZWVyIGluIGEgbW9yZSBnZW5lcmFsIGNvbnRleHQuIFRoZSBncm91cCB3aWxs IGludmVzdGlnYXRlIG1pbmltYWwgbWVjaGFuaXNtcyB3aXRoIHdoaWNoIGxpbWl0ZWQtdXNlIEVB UCBhdXRoZW50aWNhdGlvbiBjcmVkZW50aWFscyBjYW4gYmUgdXNlZCBmb3IgY3JlYXRpbmcgZ2Vu ZXJhbC11c2UgbG9uZy10ZXJtIGNyZWRlbnRpYWxzLg0KDQpJbiBzdW1tYXJ5LCB0aGUgd29ya2lu ZyBncm91cCBzaGFsbCBwcm9kdWNlIHRoZSBmb2xsb3dpbmcgZG9jdW1lbnRzOg0KDQogLSBBbiB1 cGRhdGUgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgVExTIDEuMyBpbiB0aGUgY29udGV4dCBvZiBFQVAt VExTIChSRkMgNTIxNikuIFRoaXMgZG9jdW1lbnQgd2lsbCBwZGF0ZSB0aGUgc2VjdXJpdHkgY29u c2lkZXJhdGlvbnMgcmVsYXRpbmcgdG8gRUFQLVRMUywgZG9jdW1lbnQgdGhlIGltcGxpY2F0aW9u cyBvZiB1c2luZyBuZXcgdnMuIG9sZCBUTFMgdmVyc2lvbnMsIGFkZCBhbnkgcmVjZW50bHkgZ2Fp bmVkIG5ldyBrbm93bGVkZ2Ugb24gdnVsbmVyYWJpbGl0aWVzLCBhbmQgZGlzY3VzcyB0aGUgcG9z c2libGUgaW1wbGljYXRpb25zIG9mIHBlcnZhc2l2ZSBzdXJ2ZWlsbGFuY2UuDQoNCiAtIFNldmVy YWwgRUFQIG1ldGhvZHMgc3VjaCBFQVAtVFRMUyBhbmQgRUFQLUZBU1QgdXNlIGFuIG91dGVyIFRM UyB0dW5uZWwuIFByb3ZpZGUgZ3VpZGFuY2Ugb3IgdXBkYXRlIHRoZSByZWxldmFudCBzcGVjaWZp Y2F0aW9ucyBleHBsYWluaW5nIGhvdyB0aG9zZSBFQVAgbWV0aG9kcyAoUEVBUC9UVExTL1RFQVAp IHdpbGwgd29yayB3aXRoIFRMUyAxLjMuIFRoaXMgd2lsbCBhbHNvIGludm9sdmUgbWFpbnRlbmFu Y2Ugd29yayBiYXNlZCBvbiBlcnJhdGFzIGZvdW5kIGluIHB1Ymxpc2hlZCBzcGVjaWZpY2F0aW9u cyAoc3VjaCBhcyBFQVAtVEVBUCkuDQoNCi0gRGVmaW5lIHNlc3Npb24gaWRlbnRpZmllcnMgZm9y IGZhc3QgcmUtYXV0aGVudGljYXRpb24gZm9yIEVBUC1TSU0sIEVBUC1BS0EsIGFuZCBFQVAtQUtB 4oCZLiBUaGUgbGFjayBvZiB0aGlzIGRlZmluaXRpb24gaXMgYSByZWNlbnRseSBkaXNjb3ZlcmVk IGJ1ZyBpbiB0aGUgb3JpZ2luYWwgUkZDcy4NCg0KLSBVcGRhdGUgdGhlIEVBUC1BS0EnIHNwZWNp ZmljYXRpb24gKFJGQyA1NDQ4KSB0byBlbnN1cmUgdGhhdCBpdHMgY2FwYWJpbGl0eSB0byBwcm92 aWRlIGEgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIG5ldHdvcmsgY29udGV4dCBzdGF5cyBpbiBz eW5jIHdpdGggdXBkYXRlcyB0byB0aGUgcmVmZXJlbmNlZCAzR1BQIHNwZWNpZmljYXRpb25zLiBU aGUgZG9jdW1lbnQgd2lsbCBhbHNvIGNvbnRhaW4gYW55IHJlY2VudGx5IGdhaW5lZCBuZXcga25v d2xlZGdlIG9uIHZ1bG5lcmFiaWxpdGllcyBvciB0aGUgcG9zc2libGUgaW1wbGljYXRpb25zIG9m IHBlcnZhc2l2ZSBzdXJ2ZWlsbGFuY2UuDQoNCi0gRGV2ZWxvcCBhbiBleHRlbnNpb24gdG8gRUFQ LUFLQScgc3VjaCB0aGF0IFBlcmZlY3QgRm9yd2FyZCBTZWNyZWN5IGNhbiBiZSBwcm92aWRlZC4g VGhlcmUgbWF5IGFsc28gYmUgcHJpdmFjeSBpbXByb3ZlbWVudHMgdGhhdCBoYXZlIGJlY29tZSBm ZWFzaWJsZSB3aXRoIHRoZSAgaW50cm9kdWN0aW9uIG9mIHJlY2VudCBpZGVudGl0eSBwcml2YWN5 IGltcHJvdmVtZW50cyBpbiAzR1BQIG5ldHdvcmtzLg0KDQotIEdhdGhlciBleHBlcmllbmNlIHJl Z2FyZGluZyB0aGUgdXNlIG9mIGxhcmdlIGNlcnRpZmljYXRlcyBhbmQgbG9uZyBjZXJ0aWZpY2F0 ZSBjaGFpbnMgaW4gdGhlIGNvbnRleHQgb2YgRUFQLVRMUyAoYWxsIHZlcnNpb25zKSwgYXMgc29t ZSBpbXBsZW1lbnRhdGlvbnMgYW5kIGFjY2VzcyBuZXR3b3JrcyBtYXkgbGltaXQgdGhlIG51bWJl ciBvZiBFQVAgcGFja2V0IGV4Y2hhbmdlcyB0aGF0IGNhbiBiZSBoYW5kbGVkLiBEb2N1bWVudCBv cGVyYXRpb25hbCByZWNvbW1lbmRhdGlvbnMgb3Igb3RoZXIgbWl0aWdhdGlvbiBzdHJhdGVnaWVz IHRvIGF2b2lkIGlzc3Vlcy4NCg0KLSBEZWZpbmUgYSBzdGFuZGFyZCBFQVAgbWV0aG9kIGZvciBt dXR1YWwgYXV0aGVudGljYXRpb24gYmV0d2VlbiBhIHBlZXIgYW5kIGEgc2VydmVyIHRoYXQgaXMg YmFzZWQgb24gYW4gb3V0LW9mLWJhbmQgY2hhbm5lbC4gVGhlIG1ldGhvZCBpdHNlbGYgc2hhbGwg YmUgaW5kZXBlbmRlbnQgb2YgdGhlIHVuZGVybHlpbmcgT09CIGNoYW5uZWwgYW5kIHNoYWxsIHN1 cHBvcnQgYSB2YXJpZXR5IG9mIE9PQiBjaGFubmVscyBzdWNoIGFzIE5GQywgZHluYW1pY2FsbHkg Z2VuZXJhdGVkIFFSIGNvZGVzLCBhdWRpbywgYW5kIHZpc2libGUgbGlnaHQuDQoNCi0gRGVmaW5l IG1lY2hhbmlzbXMgYnkgd2hpY2ggRUFQIG1ldGhvZHMgY2FuIHN1cHBvcnQgY3JlYXRpb24gb2Yg bG9uZy10ZXJtIGNyZWRlbnRpYWxzIGZvciB0aGUgcGVlciBiYXNlZCBvbiBpbml0aWFsIGxpbWl0 ZWQtdXNlIGNyZWRlbnRpYWxzLg0KDQpUaGUgd29ya2luZyBncm91cCBpcyBleHBlY3RlZCB0byBz dGF5IGluIGNsb3NlIGNvbGxhYm9yYXRpb24gd2l0aCB0aGUgRUFQIGRlcGxveW1lbnQgY29tbXVu aXR5LCB0aGUgVExTIHdvcmtpbmcgZ3JvdXAgKGZvciBFQVAtVExTIHdvcmspLCBhbmQgdGhlIDNH UFAgc2VjdXJpdHkgYXJjaGl0ZWN0dXJlIGdyb3VwIChmb3IgRUFQLUFLQScgd29yaykNCg0KLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KRW11IG1haWxpbmcgbGlzdA0KRW11QGlldGYub3JnPG1haWx0 bzpFbXVAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Vt dQ0KDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpF bXUgbWFpbGluZyBsaXN0DQpFbXVAaWV0Zi5vcmc8bWFpbHRvOkVtdUBpZXRmLm9yZz4NCmh0dHBz Oi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZW11DQoNCg0KDQoNCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpFbXUgbWFpbGluZyBsaXN0DQpF bXVAaWV0Zi5vcmc8bWFpbHRvOkVtdUBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vZW11DQoNCg== --_000_f22054646b4016ce2a069e972730e1c3ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <1112AD26E2A7AC45975656072C0C2CF2@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IiNGRkZG RkYiIHRleHQ9IiMwMDAwMDAiPg0KPHA+SGkgR2Vvcmdpb3MsPC9wPg0KPHA+VGhhbmtzIGZvciBy ZWFkaW5nIHRoZSBjaGFydGVyLiBJIGhhdmUgYWRkcmVzc2VkIHlvdXIgY29tbWVudHMgb24gZ2l0 aHViLiBIZXJlIGlzIHRoZSB1cGRhdGVkIHRleHQ6PGJyPg0KPGEgbW96LWRvLW5vdC1zZW5kPSJ0 cnVlIiBocmVmPSJodHRwczovL2dpdGh1Yi5jb20vZW11LXdnL2NoYXJ0ZXIvYmxvYi9tYXN0ZXIv ZW11LWNoYXJ0ZXIubWQiPmh0dHBzOi8vZ2l0aHViLmNvbS9lbXUtd2cvY2hhcnRlci9ibG9iL21h c3Rlci9lbXUtY2hhcnRlci5tZDwvYT48YnI+DQo8YnI+DQphbmQgaGVyZSBpcyB0aGUgZGlmZiBm cm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uOjxicj4NCjxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIg aHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2VtdS13Zy9jaGFydGVyL2NvbW1pdC9iZTFiZjU1NzM1 NWVjYmE1ZDVlZTM1YWIyN2YzZThmYWU4YzA2ZWVmIj5odHRwczovL2dpdGh1Yi5jb20vZW11LXdn L2NoYXJ0ZXIvY29tbWl0L2JlMWJmNTU3MzU1ZWNiYTVkNWVlMzVhYjI3ZjNlOGZhZThjMDZlZWY8 L2E+PGJyPg0KPC9wPg0KPHA+LS1Nb2hpdDxicj4NCjwvcD4NCjxkaXYgY2xhc3M9Im1vei1jaXRl LXByZWZpeCI+T24gOS8xOC8xOSAxMTozNyBBTSwgR2Vvcmdpb3MgWi4gUGFwYWRvcG91bG9zIHdy b3RlOjxicj4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2l0ZT0ibWlkOjA0OTU2 MjIzLTVGQ0YtNDQzMi1CMUZGLUQyQjFENTdEOTJDRkBpbXQtYXRsYW50aXF1ZS5mciI+DQpEZWFy IEpvZSwgTW9oaXQgYW5kIGFsbCwNCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPkluIG92ZXJhbGwgSSBmaW5kIHRoZSB0ZXh0IHdlbGwgd3JpdHRlbiwg d2hpbGUgdGhlIG9iamVjdGl2ZXMgd2VsbCBkZWZpbmVkLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4N CjxkaXYgY2xhc3M9IiI+QmVsb3cgSSBoYXZlIHZlcnkgZmV3IGNvbW1lbnRzIDo8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogVExTIGlz IG5vdCBkZWZpbmVkLiZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4qJm5ic3A7UGVyZmVjdCBG b3J3YXJkIFNlY3JlY3kgKFBGUykgaXMgZGVmaW5lZCB0d2ljZS48L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+KiZuYnNwOy0gQW4gdXBkYXRlIHRvIGVuYWJsZSB0aGUgdXNlIG9mIFRMUyAxLjMgaW4gdGhl IGNvbnRleHQgb2YgRUFQLVRMUyAoUkZDIDUyMTYpLiZuYnNwOzxiIGNsYXNzPSIiPjxpIGNsYXNz PSIiPlRoaXMgZG9jdW1lbnQgd2lsbCBwZGF0ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg cmVsYXRpbmcgdG8gRUFQLVRMUywgZG9jdW1lbnQgdGhlIGltcGxpY2F0aW9ucyBvZiB1c2luZyBu ZXcgdnMuIG9sZCBUTFMgdmVyc2lvbnMsIGFkZA0KIGFueSByZWNlbnRseSBnYWluZWQgbmV3IGtu b3dsZWRnZSBvbiB2dWxuZXJhYmlsaXRpZXMsIGFuZCBkaXNjdXNzIHRoZSBwb3NzaWJsZSBpbXBs aWNhdGlvbnMgb2YgcGVydmFzaXZlIHN1cnZlaWxsYW5jZS48L2k+PC9iPjwvZGl2Pg0KPGRpdiBj bGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhpcyBsYXN0IHBv aW50LCBtYXliZSBjb3VsZCBiZSBkaXZpZGVkIGluIHNldmVyYWwgc2VudGVuY2VzLCBzaW5jZSBJ IGZpbmQgaXQgdG9vIGxvbmcgYW5kLCB0aHVzLCBoYXJkIHRvIGZvbGxvdy48L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPk1hbnkgdGhhbmtz IGZvciB5b3VyIGVmZm9ydHMuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwv ZGl2Pg0KPGRpdiBjbGFzcz0iIj5CZXN0IHJlZ2FyZHMsPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkdl b3JnaW9zPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4NCjxibG9ja3F1b3Rl IHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBTZXAgMTEsIDIwMTksIGF0 IDIwOjUwLCBNb2hpdCBTZXRoaSBNICZsdDs8YSBocmVmPSJtYWlsdG86bW9oaXQubS5zZXRoaUBl cmljc3Nvbi5jb20iIGNsYXNzPSIiIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSI+bW9oaXQubS5zZXRo aUBlcmljc3Nvbi5jb208L2E+Jmd0OyB3cm90ZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50 ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBiZ2NvbG9yPSIjRkZGRkZG IiB0ZXh0PSIjMDAwMDAwIiBjbGFzcz0iIj4NCjxwIGNsYXNzPSIiPkRlYXIgYWxsLDwvcD4NCjxw IGNsYXNzPSIiPlBsZWFzZSBzZW5kIGluIHlvdXIgY29tbWVudHMgb24gdGhlIGNoYXJ0ZXIgdGV4 dCBieSBXZWRuZXNkYXksIFNlcHRlbWJlciAxOCwgMjAxOS4NCjxiciBjbGFzcz0iIj4NCjwvcD4N CjxwIGNsYXNzPSIiPkpvZSBhbmQgTW9oaXQ8YnIgY2xhc3M9IiI+DQo8L3A+DQo8ZGl2IGNsYXNz PSJtb3otY2l0ZS1wcmVmaXgiPk9uIDgvMjEvMTkgMTE6MTMgQU0sIE1vaGl0IFNldGhpIE0gd3Jv dGU6PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjaXRlPSJt aWQ6YWU0OTI3MjYtNjI2OC01ZTczLTMzOGItYzgwMzY5MDIzZTFjQGVyaWNzc29uLmNvbSIgY2xh c3M9IiI+DQo8cCBjbGFzcz0iIj5EZWFyIGFsbCw8L3A+DQo8cCBjbGFzcz0iIj5UaGFuayB5b3Ug Zm9yIGEgcHJvZHVjdGl2ZSBtZWV0aW5nIEAgSUVURiAxMDUuIFdlIGhhZCBkaXNjdXNzZWQgdGhl IG5ldyBjaGFydGVyIHRleHQgZHVyaW5nIHRoZSB3b3JraW5nIGdyb3VwIHNlc3Npb24gaW4gTW9u dHJlYWwuIFBsZWFzZSBmaW5kIHRoZSBzYW1lIHRleHQgYmVsb3cuIFRoaXMgdGV4dCBidWlsZHMg dXBvbiBvdXIgY3VycmVudCBjaGFydGVyLiBGZWVsIGZyZWUgdG8gc3VnZ2VzdCBjaGFuZ2VzLiBS RkMgMjQxOA0KIHNlY3Rpb24gMi4yIDxhIG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI0MTgjc2VjdGlvbi0yLjIiIGNsYXNzPSIiPg0K aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzI0MTgjc2VjdGlvbi0yLjI8L2E+IHNheXMg dGhlIGZvbGxvd2luZyBhYm91dCBhIHdvcmtpbmcgZ3JvdXAgY2hhcnRlcjo8L3A+DQo8YmxvY2tx dW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxwcmUgY2xhc3M9Im5ld3BhZ2UiPiAgIDIuIFNw ZWNpZmllcyB0aGUgZGlyZWN0aW9uIG9yIG9iamVjdGl2ZXMgb2YgdGhlIHdvcmtpbmcgZ3JvdXAg YW5kDQogICAgICBkZXNjcmliZXMgdGhlIGFwcHJvYWNoIHRoYXQgd2lsbCBiZSB0YWtlbiB0byBh Y2hpZXZlIHRoZSBnb2Fsczs8L3ByZT4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NClBs ZWFzZSBrZWVwIHRoaXMgaW4gbWluZCB3aGVuIHN1Z2dlc3RpbmcgY2hhbmdlcy4gT25jZSB0aGUg dGV4dCBpcyByZWFkeSwgd2Ugd2lsbCBzZW5kIGl0IHRvIHRoZSBJRVNHIGZvciByZXZpZXcuPGJy IGNsYXNzPSIiPg0KPHAgY2xhc3M9IiI+Sm9lIGFuZCBNb2hpdDwvcD4NCjxwIGNsYXNzPSIiPi0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBF eHRlbnNpYmxlIEF1dGhlbnRpY2F0aW9uIFByb3RvY29sIChFQVApIFtSRkMgMzc0OF0gaXMgYSBu ZXR3b3JrIGFjY2VzcyBhdXRoZW50aWNhdGlvbiBmcmFtZXdvcmsgdXNlZCwgZm9yIGluc3RhbmNl LCBpbiBWUE4gYW5kIG1vYmlsZSBuZXR3b3Jrcy4gRUFQIGl0c2VsZiBpcyBhIHNpbXBsZSBwcm90 b2NvbCBhbmQgYWN0dWFsIGF1dGhlbnRpY2F0aW9uIGhhcHBlbnMgaW4gRUFQIG1ldGhvZHMuIFNl dmVyYWwgRUFQIG1ldGhvZHMgaGF2ZSBiZWVuDQogZGV2ZWxvcGVkIGF0IHRoZSBJRVRGIGFuZCBz dXBwb3J0IGZvciBFQVAgZXhpc3RzIGluIGEgYnJvYWQgc2V0IG9mIGRldmljZXMuIFByZXZpb3Vz IGxhcmdlciBFQVAtcmVsYXRlZCBlZmZvcnRzIGF0IHRoZSBJRVRGIGluY2x1ZGVkIHJld3JpdGlu ZyB0aGUgYmFzZSBFQVAgcHJvdG9jb2wgc3BlY2lmaWNhdGlvbiBhbmQgdGhlIGRldmVsb3BtZW50 IG9mIHNldmVyYWwgc3RhbmRhcmRzIHRyYWNrIEVBUCBtZXRob2RzLjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCkVBUCBtZXRob2RzIGFyZSBnZW5lcmFsbHkgYmFzZWQgb24gZXhpc3Rpbmcg c2VjdXJpdHkgdGVjaG5vbG9naWVzIHN1Y2ggYXMgVExTIGFuZCBTSU0gY2FyZHMuIE91ciB1bmRl cnN0YW5kaW5nIG9mIHNlY3VyaXR5IHRocmVhdHMgaXMgY29udGludW91c2x5IGV2b2x2aW5nLiBU aGlzIGhhcyBkcml2ZW4gdGhlIGV2b2x1dGlvbiBvZiBzZXZlcmFsIG9mIHRoZXNlIHVuZGVybHlp bmcgdGVjaG5vbG9naWVzLiBBcyBhbiBleGFtcGxlLCBJRVRGIGhhcyBzdGFuZGFyZGl6ZWQNCiBh IG5ldyBhbmQgaW1wcm92ZWQgdmVyc2lvbiBvZiBUTFMgaW4gUkZDIDg0NDYuIFRoZSBncm91cCB3 aWxsIHRoZXJlZm9yZSBwcm92aWRlIGd1aWRhbmNlIGFuZCB1cGRhdGUgRUFQIG1ldGhvZCBzcGVj aWZpY2F0aW9ucyB3aGVyZSBuZWNlc3NhcnkgdG8gZW5hYmxlIHRoZSB1c2Ugb2YgbmV3IHZlcnNp b25zIG9mIHRoZXNlIHVuZGVybHlpbmcgdGVjaG5vbG9naWVzLg0KPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KQXQgdGhlIHNhbWUgdGltZSwgc29tZSBuZXcgdXNlIGNhc2VzIGZvciBFQVAg aGF2ZSBiZWVuIGlkZW50aWZpZWQuIEVBUCBpcyBub3cgbW9yZSBicm9hZGx5IGluIG1vYmlsZSBu ZXR3b3JrIGF1dGhlbnRpY2F0aW9uLiBUaGUgZ3JvdXAgd2lsbCB1cGRhdGUgZXhpc3RpbmcgRUFQ IG1ldGhvZHMgc3VjaCBhcyBFQVAtQUtBJyB0byBzdGF5IGluIHN5bmMgd2l0aCB1cGRhdGVzIHRv IHRoZSByZWZlcmVuY2VkIDNHUFAgc3BlY2lmaWNhdGlvbnMuIFJGQw0KIDcyNTggbm90ZXMgdGhh dCBwZXJ2YXNpdmUgbW9uaXRvcmluZyBpcyBhbiBhdHRhY2suIFBlcmZlY3QgRm9yd2FyZCBTZWNy ZWN5IChQRlMpIGlzIGFuIGltcG9ydGFudCBzZWN1cml0eSBwcm9wZXJ0eSBmb3IgbW9kZXJuIHBy b3RvY29scyB0byB0aHdhcnQgcGVydmFzaXZlIG1vbml0b3JpbmcuIFRoZSBncm91cCB3aWxsIHRo ZXJlZm9yZSB3b3JrIG9uIGFuIGV4dGVuc2lvbiB0byBFQVAtQUtBJyBmb3IgcHJvdmlkaW5nIFBl cmZlY3QgRm9yd2FyZA0KIFNlY3JlY3kgKFBGUykuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KT3V0LW9mLWJhbmQgKE9PQikgcmVmZXJzIHRvIGEgc2VwYXJhdGUgY29tbXVuaWNhdGlvbiBj aGFubmVsIGluZGVwZW5kZW50IG9mIHRoZSBwcmltYXJ5IGluLWJhbmQgY2hhbm5lbCBvdmVyIHdo aWNoIHRoZSBhY3R1YWwgbmV0d29yayBjb21tdW5pY2F0aW9uIHRha2VzIHBsYWNlLiBPT0IgY2hh bm5lbHMgYXJlIG5vdyB1c2VkIGZvciBhdXRoZW50aWNhdGlvbiBpbiBhIHZhcmlldHkgb2YgcHJv dG9jb2xzIGFuZCBkZXZpY2VzIChkcmFmdC1pZXRmLW9hdXRoLWRldmljZS1mbG93LTEzLA0KIFdo YXRzQXBwIFdlYiwgZXRjLikuIE1hbnkgdXNlcnMgYXJlIGFjY3VzdG9tZWQgdG8gdGFwcGluZyBO RkMgb3Igc2Nhbm5pbmcgUVIgY29kZXMuIEhvd2V2ZXIsIEVBUCBjdXJyZW50bHkgZG9lcyBub3Qg aGF2ZSBhbnkgc3RhbmRhcmQgbWV0aG9kcyB0aGF0IHN1cHBvcnQgYXV0aGVudGljYXRpb24gYmFz ZWQgb24gT09CIGNoYW5uZWxzLiBUaGUgZ3JvdXAgd2lsbCB0aGVyZWZvcmUgd29yayBvbiBhbiBF QVAgbWV0aG9kIHdoZXJlIGF1dGhlbnRpY2F0aW9uDQogaXMgYmFzZWQgb24gYW4gb3V0LW9mLWJh bmQgY2hhbm5lbCBiZXR3ZWVuIHRoZSBwZWVyIGFuZCB0aGUgc2VydmVyLjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCkVBUCBhdXRoZW50aWNhdGlvbiBpcyBiYXNlZCBvbiBjcmVkZW50aWFs cyBhdmFpbGFibGUgb24gdGhlIHBlZXIgYW5kIHRoZSBzZXJ2ZXIuIEhvd2V2ZXIsIHNvbWUgRUFQ IG1ldGhvZHMgdXNlIGNyZWRlbnRpYWxzIHRoYXQgYXJlIHRpbWUgb3IgZG9tYWluIGxpbWl0ZWQg KHN1Y2ggYXMgRUFQLVBPVFApLCBhbmQgdGhlcmUgbWF5IGJlIGEgbmVlZCBmb3IgY3JlYXRpbmcg bG9uZyB0ZXJtIGNyZWRlbnRpYWxzIGZvciByZS1hdXRoZW50aWNhdGluZyB0aGUNCiBwZWVyIGlu IGEgbW9yZSBnZW5lcmFsIGNvbnRleHQuIFRoZSBncm91cCB3aWxsIGludmVzdGlnYXRlIG1pbmlt YWwgbWVjaGFuaXNtcyB3aXRoIHdoaWNoIGxpbWl0ZWQtdXNlIEVBUCBhdXRoZW50aWNhdGlvbiBj cmVkZW50aWFscyBjYW4gYmUgdXNlZCBmb3IgY3JlYXRpbmcgZ2VuZXJhbC11c2UgbG9uZy10ZXJt IGNyZWRlbnRpYWxzLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkluIHN1bW1hcnksIHRo ZSB3b3JraW5nIGdyb3VwIHNoYWxsIHByb2R1Y2UgdGhlIGZvbGxvd2luZyBkb2N1bWVudHM6PGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7LSBBbiB1cGRhdGUgdG8gZW5hYmxlIHRo ZSB1c2Ugb2YgVExTIDEuMyBpbiB0aGUgY29udGV4dCBvZiBFQVAtVExTIChSRkMgNTIxNikuIFRo aXMgZG9jdW1lbnQgd2lsbCBwZGF0ZSB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgcmVsYXRp bmcgdG8gRUFQLVRMUywgZG9jdW1lbnQgdGhlIGltcGxpY2F0aW9ucyBvZiB1c2luZyBuZXcgdnMu IG9sZCBUTFMgdmVyc2lvbnMsIGFkZCBhbnkgcmVjZW50bHkgZ2FpbmVkIG5ldyBrbm93bGVkZ2Ug b24gdnVsbmVyYWJpbGl0aWVzLA0KIGFuZCBkaXNjdXNzIHRoZSBwb3NzaWJsZSBpbXBsaWNhdGlv bnMgb2YgcGVydmFzaXZlIHN1cnZlaWxsYW5jZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+ DQombmJzcDstIFNldmVyYWwgRUFQIG1ldGhvZHMgc3VjaCBFQVAtVFRMUyBhbmQgRUFQLUZBU1Qg dXNlIGFuIG91dGVyIFRMUyB0dW5uZWwuIFByb3ZpZGUgZ3VpZGFuY2Ugb3IgdXBkYXRlIHRoZSBy ZWxldmFudCBzcGVjaWZpY2F0aW9ucyBleHBsYWluaW5nIGhvdyB0aG9zZSBFQVAgbWV0aG9kcyAo UEVBUC9UVExTL1RFQVApIHdpbGwgd29yayB3aXRoIFRMUyAxLjMuIFRoaXMgd2lsbCBhbHNvIGlu dm9sdmUgbWFpbnRlbmFuY2Ugd29yayBiYXNlZCBvbiBlcnJhdGFzDQogZm91bmQgaW4gcHVibGlz aGVkIHNwZWNpZmljYXRpb25zIChzdWNoIGFzIEVBUC1URUFQKS48YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQotIERlZmluZSBzZXNzaW9uIGlkZW50aWZpZXJzIGZvciBmYXN0IHJlLWF1dGhl bnRpY2F0aW9uIGZvciBFQVAtU0lNLCBFQVAtQUtBLCBhbmQgRUFQLUFLQeKAmS4gVGhlIGxhY2sg b2YgdGhpcyBkZWZpbml0aW9uIGlzIGEgcmVjZW50bHkgZGlzY292ZXJlZCBidWcgaW4gdGhlIG9y aWdpbmFsIFJGQ3MuPC9wPg0KPHAgY2xhc3M9IiI+LSBVcGRhdGUgdGhlIEVBUC1BS0EnIHNwZWNp ZmljYXRpb24gKFJGQyA1NDQ4KSB0byBlbnN1cmUgdGhhdCBpdHMgY2FwYWJpbGl0eSB0byBwcm92 aWRlIGEgY3J5cHRvZ3JhcGhpYyBiaW5kaW5nIHRvIG5ldHdvcmsgY29udGV4dCBzdGF5cyBpbiBz eW5jIHdpdGggdXBkYXRlcyB0byB0aGUgcmVmZXJlbmNlZCAzR1BQIHNwZWNpZmljYXRpb25zLiBU aGUgZG9jdW1lbnQgd2lsbCBhbHNvIGNvbnRhaW4gYW55IHJlY2VudGx5IGdhaW5lZA0KIG5ldyBr bm93bGVkZ2Ugb24gdnVsbmVyYWJpbGl0aWVzIG9yIHRoZSBwb3NzaWJsZSBpbXBsaWNhdGlvbnMg b2YgcGVydmFzaXZlIHN1cnZlaWxsYW5jZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQot IERldmVsb3AgYW4gZXh0ZW5zaW9uIHRvIEVBUC1BS0EnIHN1Y2ggdGhhdCBQZXJmZWN0IEZvcndh cmQgU2VjcmVjeSBjYW4gYmUgcHJvdmlkZWQuIFRoZXJlIG1heSBhbHNvIGJlIHByaXZhY3kgaW1w cm92ZW1lbnRzIHRoYXQgaGF2ZSBiZWNvbWUgZmVhc2libGUgd2l0aCB0aGUmbmJzcDsgaW50cm9k dWN0aW9uIG9mIHJlY2VudCBpZGVudGl0eSBwcml2YWN5IGltcHJvdmVtZW50cyBpbiAzR1BQIG5l dHdvcmtzLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCi0gR2F0aGVyIGV4cGVyaWVuY2Ug cmVnYXJkaW5nIHRoZSB1c2Ugb2YgbGFyZ2UgY2VydGlmaWNhdGVzIGFuZCBsb25nIGNlcnRpZmlj YXRlIGNoYWlucyBpbiB0aGUgY29udGV4dCBvZiBFQVAtVExTIChhbGwgdmVyc2lvbnMpLCBhcyBz b21lIGltcGxlbWVudGF0aW9ucyBhbmQgYWNjZXNzIG5ldHdvcmtzIG1heSBsaW1pdCB0aGUgbnVt YmVyIG9mIEVBUCBwYWNrZXQgZXhjaGFuZ2VzIHRoYXQgY2FuIGJlIGhhbmRsZWQuIERvY3VtZW50 IG9wZXJhdGlvbmFsDQogcmVjb21tZW5kYXRpb25zIG9yIG90aGVyIG1pdGlnYXRpb24gc3RyYXRl Z2llcyB0byBhdm9pZCBpc3N1ZXMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLSBEZWZp bmUgYSBzdGFuZGFyZCBFQVAgbWV0aG9kIGZvciBtdXR1YWwgYXV0aGVudGljYXRpb24gYmV0d2Vl biBhIHBlZXIgYW5kIGEgc2VydmVyIHRoYXQgaXMgYmFzZWQgb24gYW4gb3V0LW9mLWJhbmQgY2hh bm5lbC4gVGhlIG1ldGhvZCBpdHNlbGYgc2hhbGwgYmUgaW5kZXBlbmRlbnQgb2YgdGhlIHVuZGVy bHlpbmcgT09CIGNoYW5uZWwgYW5kIHNoYWxsIHN1cHBvcnQgYSB2YXJpZXR5IG9mIE9PQiBjaGFu bmVscyBzdWNoIGFzIE5GQywgZHluYW1pY2FsbHkNCiBnZW5lcmF0ZWQgUVIgY29kZXMsIGF1ZGlv LCBhbmQgdmlzaWJsZSBsaWdodC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotIERlZmlu ZSBtZWNoYW5pc21zIGJ5IHdoaWNoIEVBUCBtZXRob2RzIGNhbiBzdXBwb3J0IGNyZWF0aW9uIG9m IGxvbmctdGVybSBjcmVkZW50aWFscyBmb3IgdGhlIHBlZXIgYmFzZWQgb24gaW5pdGlhbCBsaW1p dGVkLXVzZSBjcmVkZW50aWFscy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGUgd29y a2luZyBncm91cCBpcyBleHBlY3RlZCB0byBzdGF5IGluIGNsb3NlIGNvbGxhYm9yYXRpb24gd2l0 aCB0aGUgRUFQIGRlcGxveW1lbnQgY29tbXVuaXR5LCB0aGUgVExTIHdvcmtpbmcgZ3JvdXAgKGZv ciBFQVAtVExTIHdvcmspLCBhbmQgdGhlIDNHUFAgc2VjdXJpdHkgYXJjaGl0ZWN0dXJlIGdyb3Vw IChmb3IgRUFQLUFLQScgd29yayk8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS08YnIgY2xhc3M9IiI+DQo8L3A+DQo8YnIgY2xhc3M9IiI+DQo8Zmll bGRzZXQgY2xhc3M9Im1pbWVBdHRhY2htZW50SGVhZGVyIj48L2ZpZWxkc2V0Pg0KPHByZSBjbGFz cz0ibW96LXF1b3RlLXByZSIgd3JhcD0iIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KRW11IG1haWxpbmcgbGlzdA0KPGEgY2xhc3M9Im1vei10eHQtbGlu ay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRvOkVtdUBpZXRmLm9yZyIgbW96LWRvLW5vdC1zZW5k PSJ0cnVlIj5FbXVAaWV0Zi5vcmc8L2E+DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0 IiBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2VtdSIgbW96LWRv LW5vdC1zZW5kPSJ0cnVlIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Vt dTwvYT4NCjwvcHJlPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXzxiciBjbGFzcz0iIj4NCkVtdSBtYWlsaW5nIGxp c3Q8YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWlsdG86RW11QGlldGYub3JnIiBjbGFzcz0iIiBt b3otZG8tbm90LXNlbmQ9InRydWUiPkVtdUBpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQo8YSBj bGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0IiBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9t YWlsbWFuL2xpc3RpbmZvL2VtdSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m by9lbXU8L2E+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxi ciBjbGFzcz0iIj4NCjxicj4NCjxmaWVsZHNldCBjbGFzcz0ibWltZUF0dGFjaG1lbnRIZWFkZXIi PjwvZmllbGRzZXQ+DQo8cHJlIGNsYXNzPSJtb3otcXVvdGUtcHJlIiB3cmFwPSIiPl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpFbXUgbWFpbGluZyBsaXN0 DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVmPSJtYWlsdG86RW11QGll dGYub3JnIj5FbXVAaWV0Zi5vcmc8L2E+DQo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWZyZWV0ZXh0 IiBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2VtdSI+aHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9lbXU8L2E+DQo8L3ByZT4NCjwvYmxvY2tx dW90ZT4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_f22054646b4016ce2a069e972730e1c3ericssoncom_--