From nobody Sun Nov 1 00:51:34 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF033A0BDE for ; Sun, 1 Nov 2020 00:51:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=c5hlfIGc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=NyRuai0b Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cq-90NTv8RsP for ; Sun, 1 Nov 2020 00:51:26 -0700 (PDT) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211FF3A0BA1 for ; Sun, 1 Nov 2020 00:51:26 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 9AF7D788 for ; Sun, 1 Nov 2020 02:32:58 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 01 Nov 2020 02:32:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject:message-id:date; s= fm1; bh=VtI1tJkxRkt+xInSkyBx3n0LnfG0K3VTULn5ukHFtN4=; b=c5hlfIGc ur7Wx2L7F7kIq0/a8uBnzGWrJRpZ+P4Pv8zHgdrd52XMfvMBtPLCGDAZq3RWUlHz IGIKBfm8ojSckFXTsAIKCtGHwj2AhZji+EfsGpbtAbY4c1Av71jr/UpM1b6f2MMa XhljMQ4Y+Tqxok0HY4xztux6+yHlL7HdCCVBvQgxUAftPpPVCBI4TtVygxw427is Qy5cwBRvO53KL3W2/xaT3NGFP4zbv1EK4ZD+XWOpDoPis3ul2bRqCYhKn8aAyAT7 92rHWp9LNj9ERk34Vum1yMNZ216eozZB9bgTiutND4xJxPlsuV1yfNgNpoCsO1Jo rRclVGXTVfESGg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=VtI1tJkxRkt+xInSkyBx3n0LnfG0K 3VTULn5ukHFtN4=; b=NyRuai0b/fRI1hiaOOcmEwRCd0Niy/Cz8QaaMvmBTS4Ro tAb80yqhpD3XTP8NsV0fnsN4nhzg9sXG6NvmAcF4qk2sRUPfG6QF+8SGU1baas1h Xpr2HbBI/Ed3rSlITSyBbcyOqfg7MtVAD4GIHouuKiOJI+AlD9lIAWFuBck179N8 LARFqu4SXpYnWA+wdZ0nakZmgQcnMQZA9MpWMXilqgyuWk23kOt/FRoGvWa8Fqjk 47pYwPaoQTxFI/azOX9CSl1Aeo2UdgAVrNcfaeLnBgbwBPhICnVyrgo3SSzkhkQl 1dGRNGhIo/6kPFK9RSmAblIxTuv4+MyPqumh9Z6gg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrleekgddutdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtggfhvffusegrtddtredttdejne cuhfhrohhmpeftvghpohhsihhtohhrhicutegtthhivhhithihucfuuhhmmhgrrhihuceu ohhtuceoughopghnohhtpghrvghplhihsehmnhhothdrnhgvtheqnecuggftrfgrthhtvg hrnhepkeefvdduteejvdefkeehieevuefgfefhteetveegffekffefteffvdelheduieet necuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddtgedrvddutddrudehrd egjeenucevlhhushhtvghrufhiiigvpeefnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght X-ME-Proxy: Received: from fv-az60-664.internal.cloudapp.net (unknown [104.210.15.47]) by mail.messagingengine.com (Postfix) with ESMTPA id 124103064680 for ; Sun, 1 Nov 2020 02:32:58 -0500 (EST) Content-Type: multipart/alternative; boundary="===============2413505185507534089==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20201101073258.124103064680@mailuser.nyi.internal> Date: Sun, 1 Nov 2020 02:32:58 -0500 (EST) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2020 07:51:28 -0000 --===============2413505185507534089== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Pull requests ------------- * mlswg/mls-protocol (+2/-1/=F0=9F=92=AC0) 2 pull requests submitted: - move definition of ParentNode earlier (by uhoreg) https://github.com/mlswg/mls-protocol/pull/434=20 - Sign the external public key (by bifurcation) https://github.com/mlswg/mls-protocol/pull/433=20 1 pull requests merged: - External Commits https://github.com/mlswg/mls-protocol/pull/406=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============2413505185507534089== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday November 01, 2020

Pull requests

mlswg/mls-protocol (+2/-1/=F0=9F=92=AC0)

2 pull requests submitted:

1 pull requests merged:

Repositories tracked by this digest:

--===============2413505185507534089==-- From nobody Wed Nov 4 06:26:57 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8EAB3A12A6 for ; Wed, 4 Nov 2020 06:26:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 345kqfvSAplI for ; Wed, 4 Nov 2020 06:26:55 -0800 (PST) Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 400103A1298 for ; Wed, 4 Nov 2020 06:26:55 -0800 (PST) Received: by mail-qt1-x832.google.com with SMTP id f93so12255393qtb.10 for ; Wed, 04 Nov 2020 06:26:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=kpaFgikgBuInJJkbiQv8jDqGH4SDVmHqKj+wq5fmb2E=; b=TH/TBRmN8mjh+1ylEtauE3rXxB+e0YPZVIXxtEhUBDyC2QdXcTxRIIJ6RZ1AoUC/ZN hdT2mz2zq7o7XwDyL37QFgr7mTo2GQhX9DQasx6CXWfjK188o58ByonGnwsNUlhEM3UE pwuDOT43uY/CxKzHe1v9qKkuDgsiPyfh/nRqs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=kpaFgikgBuInJJkbiQv8jDqGH4SDVmHqKj+wq5fmb2E=; b=mr4IhMirv9W2s6P7BouFlGfDF67FrWEs9BltGvohHx3AKfqOaqNifjEtcD6NdTuu7W yaaIi41eM/cbQfDbLia0z73DTaJ6fB4VK49yul4UNI2pUs5KAjmGfNN6f30KUstxkdhA S5DUHI2g0H4SxE4B5ijSXIxqo2g4sb9uDcLNVEFBCgoFts2p0+YbtOZ9kJdP3ap1VSUm t43Bpgn5d0r5siZ8TIb11ACMrfDiGPpxT8WlZqpoTpx+wnMHH4U32lpyI7TmxV1j24Eg HwnlVkuInwQHpenHh8YI1tfaWduEd2WOT+aw+BqiuHJxxI6GI2DyZ20SRtla1Tn5YAxq SeuA== X-Gm-Message-State: AOAM533gA0IPe3vPPHs4TRqn8jbaXpEomQTF4IjcNVlBMt3RBZgkm33J OGQsMLnXO2Oq9pTkARF52yN6rsqppDIkxw== X-Google-Smtp-Source: ABdhPJziiPrA4QLpCgL0nYHE0CsK+G4vb/MeQE/ITQOL5CJqNRmGFoJUKkpB8D1+f7Ic3Gz9usAwPQ== X-Received: by 2002:ac8:568b:: with SMTP id h11mr19771979qta.329.1604500014019; Wed, 04 Nov 2020 06:26:54 -0800 (PST) Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id b196sm2490512qkg.124.2020.11.04.06.26.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Nov 2020 06:26:53 -0800 (PST) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: Date: Wed, 4 Nov 2020 09:26:51 -0500 To: MLS List X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: [MLS] Working Group Last Call for draft-ietf-mls-protocol X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Nov 2020 14:26:57 -0000 Hi! This is the Working Group Last Call for "The Messaging Layer Security = (MLS) Protocol" available at = https://datatracker.ietf.org/doc/draft-ietf-mls-protocol/. Please = review the document and respond to the list with any comments by = November 18, 2020. We will note that there are outstanding PRs [0] and Joel has two issues = [1][2]. The topics of discussion at IETF 109 will be the outstanding = issues as well as another others that get uncovered during WGLC. = Remember that we have agreed to a pause after we address WGLC issues so = that the security researchers have time to perform their analysis. Cheers, Nick and Sean [0] https://github.com/mlswg/mls-protocol/pulls [1] = https://mailarchive.ietf.org/arch/msg/mls/y7AUyHjGLax2oIBMSDzi9KDysnM/ [2] = https://mailarchive.ietf.org/arch/msg/mls/Ph3qDIcZCkG_JiABNeiSpHoK8C4/= From nobody Wed Nov 4 06:50:11 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B9723A12C8 for ; Wed, 4 Nov 2020 06:50:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CEuwpeGr5QZr for ; Wed, 4 Nov 2020 06:50:08 -0800 (PST) Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8819F3A12B9 for ; Wed, 4 Nov 2020 06:50:08 -0800 (PST) Received: by mail-qk1-x735.google.com with SMTP id k9so19476414qki.6 for ; Wed, 04 Nov 2020 06:50:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=q38ISSkDX8oQvTolVkidzOmk99c+/mPlnY3+zd8Wyik=; b=FH+ZXre5h8xe8UZRqB8zPfmzmuYtLO89ntoDZeWr06q1qyQ0gEA2+KrrS4HkiT1IQO wBGikX69qNX9c6+C0lp2XZVM4t2Q/AquTDrqV1hMb0GiCfiJkEQG67ZFC++4V+SvSvlY EMgT9EPTtorfaheVHWmHlUddHQzw/M3P6QTFs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=q38ISSkDX8oQvTolVkidzOmk99c+/mPlnY3+zd8Wyik=; b=CimliZzInkA47qq8G+PjIiAbF8mg7XuutpXxtmGbLfX9Xuv4Smw3XX3ItRgaYB2Nkw ev+ADwfKRkmMk9Vzi22og1UrRwsW3GJvzc/A7qzC0crUTGFjtspi+xbMY1Ug3FSOigCF 6jAjZlJc4aQuKIQ2Uuw/JIL+WyvrxO2V60tgjWvJEC+4g/9Z7KnFhexxAbHBsi/3j+Bf Qhqg6ZwIZ7wYioVijceAGFD/LVezxJ8JpoMPIqG9hckenYRl2DweeGWcFyz4J6+0ZhGI 6pQB3NhFqp9aPmvWmlsAv+XNK/rnemytxi5DstVMhZpX3lPtAPqr57AgRTGM2wfF9/gW X++Q== X-Gm-Message-State: AOAM533LSjo4G9UlKnvaURyA+Jj+bsqFCVNLwZJDTd5YGAQP8mT1adt5 Kw7GADZIQTyzFskNIHUkN3554Fsst00Ftg== X-Google-Smtp-Source: ABdhPJyDB9WmcyDymXvfq9e6COAl3Zj+iObI2Y96BvSNwC5pS19us7/M0RC4qT4u4GKkPny4EDKwnA== X-Received: by 2002:a37:849:: with SMTP id 70mr26444409qki.332.1604501407216; Wed, 04 Nov 2020 06:50:07 -0800 (PST) Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id w25sm2668362qkj.85.2020.11.04.06.50.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Nov 2020 06:50:05 -0800 (PST) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <81D16F90-A073-4AAF-9CBD-28E465E2FF1D@sn3rd.com> Date: Wed, 4 Nov 2020 09:50:03 -0500 To: MLS List X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: [MLS] MLS@IETF109: Agenda Topics X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Nov 2020 14:50:10 -0000 The MLS WG will be meeting virtual for IETF 109. We requested a 2 hour = slot [1]. The chairs would like pull together an agenda and to help us = get a better handle on how to arrange our session please send in your = agenda requests to mls-chairs@ietf.org. Along with your request please = provide an estimate for how much time you will need. Please note that = we will prioritize existing WG items. With that said, the plan is to work through whatever outstanding issues = and pull requests we have on the protocol draft now that we have issue a = working group last call that will complete before we meet. Nick and Sean [1] https://datatracker.ietf.org/group/mls/meetings/= From nobody Wed Nov 4 08:02:42 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A51FB3A13C1 for ; Wed, 4 Nov 2020 08:02:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0HOBuE55sa4T for ; Wed, 4 Nov 2020 08:02:30 -0800 (PST) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EE933A135D for ; Wed, 4 Nov 2020 08:02:28 -0800 (PST) Received: by mail-qk1-x72c.google.com with SMTP id r7so19761205qkf.3 for ; Wed, 04 Nov 2020 08:02:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:mime-version:subject:message-id:references:to:date; bh=p2BRWcbBXGi3kTAOe6MDr+OMgD1szWMe6a7woIgrZFQ=; b=X0LS5s3g/r60Enr/It65/JxD+Hx9/TjZ+Q3ncQmXL/ikCzNBm0kB1Ik0uUTSImtspe 4Z22M+7gm2U7zgXp2dIS2oe68qToqiSH2d/tDMHHqjm3a8w5uPH+bnPG7DJ88HiroBsD sOwnwODwMUaBkOAGCJXpgTkCtvhWOJ9jLQB/o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:references :to:date; bh=p2BRWcbBXGi3kTAOe6MDr+OMgD1szWMe6a7woIgrZFQ=; b=TN90OfrWQY3hxVZHd84cBucvh4MOTSWauleUmgFMLwcuxFSlzT3/A7Ts7Uvm2qFOqy tSBsZTnHvY0T9StMqB8qQoAsx8ONI+fuSzTGuyU6wSRDVorPYdKQML6FGHOGh1TXbpLh 8HqIORwFr7Qi264dA8MJDn4xGEuVcyAwklMZt2oaB1lB6I9qbA2ztfx0eHuWWWPC8m7M 5Sb6GkZDnVEIshknOXTRSrxlEZ7Ps2nUelM+734DvkFQqFJ7EoQvk0SH6glD7T27q2Hx 74BY7rFi63Y3f0EGCdsoyK9NAKAJ4rUyracHReR4vnZ11PjzHxo5f8mhCkBulIxKrkdR H9kA== X-Gm-Message-State: AOAM532jjrhzgw5j5Ga99g5L77omIzVmgOv0yYGf5D+l977VCOSpw5nM e/awNigJH4+4QfirXEQCYopKYN3dksvGzw== X-Google-Smtp-Source: ABdhPJxgeH0S+O0I9NsZMqwPmll8ebnMKu82TwUeV3iHOZCKXntZs+tl41HzsPTFSIK5vAjw7I2Zmg== X-Received: by 2002:a37:4741:: with SMTP id u62mr25513419qka.155.1604505747113; Wed, 04 Nov 2020 08:02:27 -0800 (PST) Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id w25sm2839461qkj.85.2020.11.04.08.02.25 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Nov 2020 08:02:25 -0800 (PST) From: Sean Turner Content-Type: multipart/alternative; boundary="Apple-Mail=_99A70825-7432-4D2A-8E0B-22405FBA8D49" Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <1850B5DD-5B56-4ADB-A5ED-3CEF74D9050B@sn3rd.com> References: <13142C01-A8D9-4F60-B915-7355AACB5BA6@ietf.org> To: MLS List Date: Wed, 4 Nov 2020 11:02:24 -0500 X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: [MLS] Fwd: Final reminder: Please fill out our survey on IETF authoring tools X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Nov 2020 16:02:41 -0000 --Apple-Mail=_99A70825-7432-4D2A-8E0B-22405FBA8D49 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 In case you haven=E2=80=99t seen this, please take the time to fill this = out soon. spt > Begin forwarded message: >=20 > From: IETF Executive Director > Subject: Final reminder: Please fill out our survey on IETF authoring = tools > Date: November 4, 2020 at 03:10:49 EST > To: ietf-surveys@ietf.org >=20 > Hi=20 >=20 > ** Final reminder ** >=20 > The IETF is conducting a survey to help us understand what tools and = formats you use for authoring IETF Internet Drafts (I-Ds), how you use = them and what more you need from them. The data from this survey is = vital for our future planning of tools investment. >=20 > This note is to thank the 470 of you that have responded to this = survey so far but ideally we would like to get 900 responses and so this = is a final reminder to please spare a few minutes to fill out the = survey, even if you do not author I-Ds any more: >=20 > https://ietf.iad1.qualtrics.com/jfe/form/SV_8d21RFqe5dBijOJ >=20 > Your email address has been selected because you have been listed as = the author or submitter of an I-D in the last five years. The survey is = anonymous - we only record the data you provide and do not record your = IP address or any details of your computer. >=20 > Thank you > Jay >=20 >=20 > --=20 > Jay Daley > IETF Executive Director > exec-director@ietf.org >=20 >=20 --Apple-Mail=_99A70825-7432-4D2A-8E0B-22405FBA8D49 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 In = case you haven=E2=80=99t seen this, please take the time to fill this = out soon.

spt

Begin forwarded message:

From: = IETF Executive Director <exec-director@ietf.org>
Subject: = Final reminder: = Please fill out our survey on IETF authoring tools
Date: = November 4, 2020 at 03:10:49 = EST

Hi

** Final reminder **

The IETF is = conducting a survey to help us understand what tools and formats you use = for authoring IETF Internet Drafts (I-Ds), how you use them and what = more you need from them.  The data from this survey is vital for = our future planning of tools investment.

This= note is to thank the 470 of you that have responded to this survey so = far but ideally we would like to get 900 responses and so this is a = final reminder to please spare a few minutes to fill out the survey, = even if you do not author I-Ds any more:

=   https://ietf.iad1.qualtrics.com/jfe/form/SV_8d21RFqe5dBijOJ=

Your email address has been selected = because you have been listed as the author or submitter of an I-D in the = last five years.  The survey is anonymous - we only record the data = you provide and do not record your IP address or any details of your = computer.

Thank you
Jay


--
Jay Daley
IETF Executive Director
exec-director@ietf.org



= --Apple-Mail=_99A70825-7432-4D2A-8E0B-22405FBA8D49-- From nobody Sat Nov 7 23:41:02 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C083A10A2 for ; Sat, 7 Nov 2020 23:41:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=TQCLagTc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Xl0a1OUi Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ig0yN1IHi29F for ; Sat, 7 Nov 2020 23:40:58 -0800 (PST) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4C753A10A4 for ; Sat, 7 Nov 2020 23:40:58 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id D09DF61D for ; Sun, 8 Nov 2020 02:32:56 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 08 Nov 2020 02:32:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject:message-id:date; s= fm1; bh=AVm34bTJxMRAP5P6Qhgy3DKQSuhdap+TWg3uZStuLWI=; b=TQCLagTc R3AqFd2am4VOoQEvTw+cps+q3i08zNtocuijXnroNUCxrIYbnexQAaCQfmga3imR Q+VaKAf286wW4of/QW7urpymNY1ePIiUP4rbci9JGp3+U1OXWWoPT1BGGCyejn+k DhAZLSv7hv0mZXx/A8JilDU1/4KfTrr93IKSBfA13Syqm7Jvsk09Z2xCUsOJ2SwG XmeeMoefBi/a1fAmDZmx9VWl97wIgaGEsHOdQ3lgBjQbevt0r7KqLi3mqBImgHz5 VIl0xI5ZWJnEJ41K8A2SUxHeCE7uyVW4vDu11p1hZC8OyDFfdXml1d61dgnVPcIA o+IxeNGWv25k9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=AVm34bTJxMRAP5P6Qhgy3DKQSuhda p+TWg3uZStuLWI=; b=Xl0a1OUiQpLSc9OHj2trlV16hd6ngYTEPazN742sLY150 xuXBgYfVDFF99TAUP+E8sVE+4gGDuu4FA6pdwJVdatZVEr41U09hyMlYWQuqKdzQ 7kHNNVpbqRYTtaHldybmQCR+cClsmT18M49bB9OpAIhaIqflPwQeHfr6jHQNpdU8 Xz+RnlssVNTofGA4mMz+quJgQqgn1IIo54aCGzFOK0f40HXQWfPdpQVUiRMUjcQt PldkDUNnIcKdJwHn40YiTnTbRfvJmogD4DrvncBSxoDV7vEIII2NRembv4CdXANO KrmaIAtEviafdrl43cSBwKm8rQoINWa2wLVoT8niQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudduvddguddtiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggghffvufesrgdttdertddtje enucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicu uehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudei teenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeehvddrudefkedrkedurd egjeenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght X-ME-Proxy: Received: from fv-az59-950.internal.cloudapp.net (unknown [52.138.81.47]) by mail.messagingengine.com (Postfix) with ESMTPA id 43F8A3280060 for ; Sun, 8 Nov 2020 02:32:56 -0500 (EST) Content-Type: multipart/alternative; boundary="===============5579620592440156822==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20201108073256.43F8A3280060@mailuser.nyi.internal> Date: Sun, 8 Nov 2020 02:32:56 -0500 (EST) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Nov 2020 07:41:00 -0000 --===============5579620592440156822== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Pull requests ------------- * mlswg/mls-protocol (+1/-0/=F0=9F=92=AC2) 1 pull requests submitted: - Fix parent hash verification (by dajost) https://github.com/mlswg/mls-protocol/pull/435=20 1 pull requests received 2 new comments: - #435 Fix parent hash verification (2 by Bren2010, dajost) https://github.com/mlswg/mls-protocol/pull/435=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============5579620592440156822== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday November 08, 2020

Pull requests

mlswg/mls-protocol (+1/-0/=F0=9F=92=AC2)

1 pull requests submitted:

1 pull requests received 2 new comments:

Repositories tracked by this digest:

--===============5579620592440156822==-- From nobody Thu Nov 12 10:12:26 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A51C53A146D for ; Thu, 12 Nov 2020 10:12:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7qyDKKPFMPiY for ; Thu, 12 Nov 2020 10:12:23 -0800 (PST) Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CD003A146B for ; Thu, 12 Nov 2020 10:12:23 -0800 (PST) Received: by mail-qt1-x835.google.com with SMTP id n63so4651369qte.4 for ; Thu, 12 Nov 2020 10:12:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=Zoy2BHb8FAbLPKPJvA1Nz+Qc2DCliDagtPhHeQHEAoA=; b=XGQLcDjmtEJGpHujTS/i/l4RHls+csg30Kek62++saPxXIfdu2TF6CyKPb8hc+ys2g 3GqmhxhqwMW0sVxBgZsWdpL0hqHT3MNJFBlNClLCg+nUZgGtMOfTYcOWwxUnW3XuujrN HEg74UtBQthlrA2+F2JzBPBuSVkloDdlAIAsY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=Zoy2BHb8FAbLPKPJvA1Nz+Qc2DCliDagtPhHeQHEAoA=; b=SQLqaU34eTLGNyONHotC/lNZT9nsUG7qyVXvjssYYPEtYjDF7zqsSCRBv16gGSpKZW xk348Pv7zr8ld34a/uC16x18RMu9wK93IW3Ec5Uh/+GD5YlUhXn03mTchP+gnMuGhghL SxNuEF/hTQadk3XtC9PgKPffd1YOQ5jVUu054JN5KjPMT5uIVEpml9NrzqlOjDWafMCj mXZLGAySZm8+AXTOfEkyFCUe8kxSlvFxiNBBrpqBznwhsaNIHGUxEkaXMJVUL3yfyLgA /qvMqYICZ0E5graeVMD2IZPhanr0BsuMILp1VNgHjYlGzVUNz3R2vMn+MXhlYn7Fk1nt AZnw== X-Gm-Message-State: AOAM533CY3VcEmWB8xbD82OZKd6vkESu/FGY89kPudkaGvuytpTdYUOB 9f04jlC9N4PBrNeIS8x1c0trORApp/cq7w== X-Google-Smtp-Source: ABdhPJxzLL3OS+fmju1LK98tdHrRbzpfE6eYMGzGyrbW5ttqhkqlG3IU3TkDl6Ylff3sBGPaoHR2KQ== X-Received: by 2002:ac8:4d5b:: with SMTP id x27mr379459qtv.135.1605204742139; Thu, 12 Nov 2020 10:12:22 -0800 (PST) Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id d188sm5566843qkb.10.2020.11.12.10.12.18 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Nov 2020 10:12:19 -0800 (PST) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <56DD9D08-FC27-48C0-819A-B8EF422CE088@sn3rd.com> Date: Thu, 12 Nov 2020 13:12:18 -0500 To: MLS List X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: [MLS] revising mls-architecture I-D X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2020 18:12:25 -0000 Hi! Now that the WG is winding down on the mls-protocol I-D, the WG will = shift its focus to the mls-architecture I-D. There is really no way the = mls-protocol I-D could progress beyond the WG (i.e., to IETF LC and = subsequent IESG review) without the mls-architecture I-D because the = mls-architecture I-D provides detail the IESG would ask for. For the = next version of the mls-architecture draft, the chairs are proposing = that the authors submit a version that the authors believe brings the = I-D up to date (i.e., fast-forward it). After that version is posted, = the WG can then do its thing: provide comments on the new I-D, discuss = the comments and how to resolve them, and reach consensus on the final = text. We can use virtual interim meetings to work through thorny issues = because sometimes voice is better than email; we need to be clear about = the properties provided when combining the various options mls provides = or we are going to have a tough time getting through the rest of the = IETF standardization process. Part of this effort is going to be a pretty aggressive stance on closing = existing issues in both GitHub and the I-D. Many are just stale. Some = will be addressed either in part or entirely by the next version. If we = are too aggressive in closing issues in this phase, have no fear we can = always reintroduce them and the WG will do its thing (see above). Stay tuned for a new version of the mls-architecture I-D! Cheers, Nick and Sean= From nobody Thu Nov 12 13:14:34 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3DCE3A0977 for ; Thu, 12 Nov 2020 13:14:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wickr-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIite9yDE3az for ; Thu, 12 Nov 2020 13:14:31 -0800 (PST) Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 986613A096B for ; Thu, 12 Nov 2020 13:14:31 -0800 (PST) Received: by mail-ej1-x634.google.com with SMTP id dk16so10099510ejb.12 for ; Thu, 12 Nov 2020 13:14:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wickr-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=4A6SQCBmEklR6+3ug2tPmOcBsyEHWGwNcPdLrLTQsKA=; b=nQa6ozLEaVskF0qC6x0pDofXsAj+fvzk7Te5sblrzr42tfZGpmseZwpIuHH7QwznS2 q4xz4h0abONz0rZOJjqxbZsUBJJDAPH9k2UL+gwiZqi4VsgUYuySj++pYI53PobXYQIv K9UQV8HpdLxleH9DyNY6gjHf3FB1fZOIToAvMq5v15lI9s8WxIkALGNkquPw7Lfxkjv2 FKHkXhS66RFFGUyHZExGaeS6rAIbAUevYkcwb8gm03R867bKA4tz77jPkupZF1FkB8jK QtB96NEgB1nFXSPg7m5IzcHP2KZf5NKG7IZlY6IHjeajuRtBof8FmjqvA7e+XdWMLhbF peOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=4A6SQCBmEklR6+3ug2tPmOcBsyEHWGwNcPdLrLTQsKA=; b=EPBj7NrxUHSGsNTYt9QDxvsEkeogDUlMoYuTZRuwNTjcFntY9eWAPaEIfKvTn/CF2c UMBkr/EYOXJLaq/TgYFagZclJHEG7AOQlYKG1oMJdO4RCW8OKBEA0hS0UDsq3BVncrbg d+lDAuYEUtmejo0lZ3xuPW19fzDAH7aApkcOj+tCclb89rB+6oDjrQmvoUJ8JyhE5toH LZLH2b4+B12rPXUY2RcwMClsiYTUFEWhcsHFo411cSWoIPyIzK54RReFPDlX8TJuwiKP zIK5wRO10Gqyp/63NAdUEv5zpBLObPVGNIjL74+QZdjUk8lDuMAQneCjpwu/NzQ1Znsm 2ckw== X-Gm-Message-State: AOAM533Cj9GSP5RaEVCCD/hSHPw2mYpkXQ5Wk90oifzJdw7qEsHPy8oI ZgcmPc2CfsoJ1FFWvbUxdWKylBUqgt0HFw== X-Google-Smtp-Source: ABdhPJx54u/9Pu6a5Hh5nJ4Pj4bN6Hfue1r7qv3jwPzs6ZgiLOBPbaTVqlcutxxmNRchvgiccwRv5Q== X-Received: by 2002:a17:906:fcc2:: with SMTP id qx2mr1254608ejb.549.1605215669375; Thu, 12 Nov 2020 13:14:29 -0800 (PST) Received: from [192.168.1.137] (84-114-27-5.cable.dynamic.surfer.at. [84.114.27.5]) by smtp.gmail.com with ESMTPSA id g13sm858383ejh.18.2020.11.12.13.14.28 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Nov 2020 13:14:28 -0800 (PST) To: Messaging Layer Security WG From: Joel Alwen Message-ID: <68acccb2-9e5f-f52d-b32c-3b6e3195bc2d@wickr.com> Date: Thu, 12 Nov 2020 22:14:28 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: [MLS] New Parent Hash X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2020 21:14:33 -0000 Hey people, Just a quick heads up that Daniel, Marta and I put in a PR with a new version of strong parent hash to prevent the attacks from the earlier thread. We tried to make it as minimal as we could to help with deniability while still preventing the attacks permitted by weak parent hashes. In a nutshell, when computing parent_hash at node v with parent p and sibling w we include - p's HPKE pubkey - p's parent_hash value and - HPKE pub keys in the resolution of w except for those belonging to leaves unmerged at p. As a sanity check, notice that as long as p's keys remain the same one can always recompute the same parent_hash value at v as was initially computed by the member that set p's keys. (In other words, new members can verify that the stored parent_hash values match whats in the tree.) In particular, that's coz as long as p's keys are unchanged so is the resolution of w. The only exception are leaves being added as unmerged at w. But those leaves are also added as unmerged at p so they are left out of the hash. As for deniability, at least parent_hash only binds HPKE keys and nothing else (like, say, credentials or signatures). Its the best we were able to come up with for now... - joël From nobody Fri Nov 13 07:02:12 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 893533A0D7B for ; Fri, 13 Nov 2020 07:02:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gKp4r12THcT for ; Fri, 13 Nov 2020 07:02:09 -0800 (PST) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44E383A0D75 for ; Fri, 13 Nov 2020 07:02:09 -0800 (PST) Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4CXhWn49ZWzFmZp for ; Fri, 13 Nov 2020 07:01:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1605279717; bh=0GIAKkPANZfhMnxUngVFRC825s8tUt6wkqDxiVZ0QYw=; h=To:References:From:Subject:Date:In-Reply-To:From; b=Igo9XWzVSy1WutUQ/sq94tMWfOMd5ixmXVfATigL5nuO7tBHf4kXCqGmsl05SD07t nFuJvJsJIwi0Pwyks8VMvCbP3WECKLK+tm42h0gQ8xnwgzaeROCUOyXL5S9/F9hOhq 93+SRqH+dqkuNUvCV2JVLvgrosQUbQOYw7cjUPtA= X-Riseup-User-ID: 2DDA9DB24B96720AC64D0C03D19DD87DA51ECD4544C7348EC19BE6B24106DEF0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 4CXhWh0Trcz8tn9 for ; Fri, 13 Nov 2020 07:01:40 -0800 (PST) To: mls@ietf.org References: <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com> From: =?UTF-8?Q?Sof=c3=ada_Celi?= Message-ID: Date: Fri, 13 Nov 2020 15:01:38 +0000 MIME-Version: 1.0 In-Reply-To: <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [MLS] Deniability as external to the MLS protocol X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2020 15:02:11 -0000 Dear all, As you know, we had many discussions on deniability and solving this problem is not an easy task, as evidence of this thread. To make sure we can work on this optional feature in the future, without modifying the core protocol, we believe that there are no changes needed to be added to the core protocol. Some minor relaxing of the phrasing in the document might be useful, though, and might help for future features as well, so I have submitted PR #437 (https://github.com/mlswg/mls-protocol/pull/437). This rephrasing should allow deniability of application messages by allowing the usage of deniable signature keys. Please, let us know of any comments regarding it. Thank you, -- Sofía Celi @claucece http://claucece.github.io/ Cryptographic research and implementation at many places, but mainly at Cloudflare FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02 From nobody Fri Nov 13 07:26:19 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7C573A0DC6 for ; Fri, 13 Nov 2020 07:26:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNnih_JiMppQ for ; Fri, 13 Nov 2020 07:26:14 -0800 (PST) Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19B403A0DF4 for ; Fri, 13 Nov 2020 07:26:14 -0800 (PST) Received: by mail-ed1-x52d.google.com with SMTP id t9so11133941edq.8 for ; Fri, 13 Nov 2020 07:26:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zKuLQC/tXeqlYFlUbUMSgKkO/EbZ/OCK2k9digrprk4=; b=cGiiYx7lH13u5J1xY9Pxt1lHNMehNLUasK0b3Z4TwPgjFhFWQ7sJK0I/+gJoix9dW2 i3I2a2N+VqRuefO/lezylnncNfjPuAV/fe2xM0hlK8TFl2Z7ueFBWX+dyCxXA46ycSPR L9ovF4bXGeVDmPCVKFsEQtmvh/y2e4yp+pcH62v6O/cjQMpEeRIwqhFBJ/ee6HBinNqS 6NnLcEKxyQ9T3Da3P8RWYNjQI3U0HGS4cD4FxMGJXsTX0hRwTw0Cci73AX16UJ3Uxe7S dpFjZfd+xWU6RMb9LLSPTUH9j2VtgoXTDm0+/ji74ckPnww+k3NAVQo+6sSWeZL94ne1 z7GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zKuLQC/tXeqlYFlUbUMSgKkO/EbZ/OCK2k9digrprk4=; b=Bf0ILAWsHQyrP3WbOG6zrhv6vNchPh8UBQSG1i0MJre3yf2Pu3Iiq9uPz3PZ4XzmPn 5FVtlk7ujYZPLBurrRyyskKuk6jmXWpC8kwPYKllzyQ/yEOZ5VYwYldYtQgdqwPRjJYE RB5PvZI8v5cyxHdvgDmNsWVoYSBCihGJDLoFQ+dtQ9EmtDNnGnftz3mYa2+I/GgJNTjG ZIN4hX0qIAJ/LYO/kAg1N/gXVMigCRm9agO5Do1SCkWXfqOPgIur7ZwEvo208+zToCQI BRjP6wfrUahvcKGnzuChPMjJRlEkpchtlnDhZTf4TYxpf0Ug8QYQoQ2nqc+5/Etq8gOm 0fxA== X-Gm-Message-State: AOAM531J0/3HppxzFRw9mLcrH6MOgrKrduYZtG615vkh936TjyOPgs+r hYZYHSFYyLjq8E1pxKT375+CCg== X-Google-Smtp-Source: ABdhPJzcPzhZtCKzJ/QjBm2X/b1e9lG37HmKW9I9WGtMGsUHbJ2Pn9eYgXbh5oP9L4RF7Y5c52kv6Q== X-Received: by 2002:a05:6402:141:: with SMTP id s1mr2840315edu.87.1605281167445; Fri, 13 Nov 2020 07:26:07 -0800 (PST) Received: from rmbp.fritz.box ([134.3.30.253]) by smtp.gmail.com with ESMTPSA id l8sm3890311ejr.106.2020.11.13.07.26.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Nov 2020 07:26:06 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Raphael Robert In-Reply-To: Date: Fri, 13 Nov 2020 16:26:05 +0100 Cc: mls@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <0D8BE327-8F34-4BAB-98E2-3F613853D39A@wire.com> References: <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com> To: =?utf-8?Q?Sof=C3=ADa_Celi?= X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: Re: [MLS] Deniability as external to the MLS protocol X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2020 15:26:18 -0000 Thanks Sofia! I think this is exactly what we need to achieve optional deniability for = message authorship without touching the authentication guarantees of the = the core protocol. Raphael > On 13 Nov 2020, at 16:01, Sof=C3=ADa Celi = wrote: >=20 > Dear all, >=20 > As you know, we had many discussions on deniability and solving this > problem is not an easy task, as evidence of this thread. To make sure = we > can work on this optional feature in the future, without modifying the > core protocol, we believe that there are no changes needed to be added > to the core protocol. Some minor relaxing of the phrasing in the > document might be useful, though, and might help for future features = as > well, so I have submitted PR #437 > (https://github.com/mlswg/mls-protocol/pull/437). This rephrasing = should > allow deniability of application messages by allowing the usage of > deniable signature keys. Please, let us know of any comments regarding = it. >=20 > Thank you, >=20 >=20 > --=20 > Sof=C3=ADa Celi > @claucece > http://claucece.github.io/ > Cryptographic research and implementation at many places, but mainly = at > Cloudflare > FAB9 3EDC 7CDD 1198 DCFD 4558 91BB 6B45 6F44 2D02 >=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Fri Nov 13 07:41:08 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7A73A0DF3 for ; Fri, 13 Nov 2020 07:41:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XB4rF5kXmpNs for ; Fri, 13 Nov 2020 07:41:03 -0800 (PST) Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F13E3A0DEF for ; Fri, 13 Nov 2020 07:41:02 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.77,475,1596492000"; d="scan'208";a="477427657" Received: from 82-64-165-115.subs.proxad.net (HELO [192.168.1.48]) ([82.64.165.115]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 13 Nov 2020 16:41:00 +0100 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Benjamin Beurdouche Mime-Version: 1.0 (1.0) Date: Fri, 13 Nov 2020 16:41:00 +0100 Message-Id: References: <0D8BE327-8F34-4BAB-98E2-3F613853D39A@wire.com> Cc: =?utf-8?Q?Sof=C3=ADa_Celi?= , mls@ietf.org In-Reply-To: <0D8BE327-8F34-4BAB-98E2-3F613853D39A@wire.com> To: Raphael Robert X-Mailer: iPhone Mail (18B92) Archived-At: Subject: Re: [MLS] Deniability as external to the MLS protocol X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2020 15:41:07 -0000 I am supportive of that change as well. B. > On Nov 13, 2020, at 4:27 PM, Raphael Robert wrote: >=20 > =EF=BB=BFThanks Sofia! >=20 > I think this is exactly what we need to achieve optional deniability for m= essage authorship without touching the authentication guarantees of the the c= ore protocol. >=20 > Raphael >=20 >> On 13 Nov 2020, at 16:01, Sof=C3=ADa Celi wrote: >>=20 >> Dear all, >>=20 >> As you know, we had many discussions on deniability and solving this >> problem is not an easy task, as evidence of this thread. To make sure we >> can work on this optional feature in the future, without modifying the >> core protocol, we believe that there are no changes needed to be added >> to the core protocol. Some minor relaxing of the phrasing in the >> document might be useful, though, and might help for future features as >> well, so I have submitted PR #437 >> (https://github.com/mlswg/mls-protocol/pull/437). This rephrasing should >> allow deniability of application messages by allowing the usage of >> deniable signature keys. Please, let us know of any comments regarding it= . >>=20 >> Thank you, >>=20 >>=20 >> --=20 >> Sof=C3=ADa Celi >> @claucece >> http://claucece.github.io/ >> Cryptographic research and implementation at many places, but mainly at >> Cloudflare >> FAB9 3EDC 7CDD 1198 DCFD 4558 91BB 6B45 6F44 2D02 >>=20 >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Fri Nov 13 08:27:56 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D11F73A0EB6 for ; Fri, 13 Nov 2020 08:27:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.133 X-Spam-Level: X-Spam-Status: No, score=-0.133 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_DOTEDU=1.964] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vweynL4PSGAt for ; Fri, 13 Nov 2020 08:27:53 -0800 (PST) Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D54713A0EAA for ; Fri, 13 Nov 2020 08:27:52 -0800 (PST) Received: by mail-ed1-x543.google.com with SMTP id cq7so11373009edb.4 for ; Fri, 13 Nov 2020 08:27:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ELJtz0/BvAgDSt4SSLJtt2+ONK/+z/zUwRBozYc5R2s=; b=qa4HsJuXjOoC9k0Y1pngta2ofrjA2Dz466NrUt42cF1NHMojWmAMzXw8O0X5lsIypv gvcRwDrQXV23lSWWfKc3TEmBRLJA4e7w84m8BpGOy+0e2gH29jycyee1ReZ3RCAndlfU q1nO2k7dpLE3dcxvM0ZB3h3TjuzC/dRacE92ipSxzfpUdVmEXgRtLy9cwYCEU56WRrkj zfoX5lENEzdBbqhQkIVAMJnkmxHM541dURCWgGlZ8nNT9fsU9YAfldgQmL8DJ8bGneoA tI/HOxfUnGppnS52q+s/EqaAzsL1GvXyMzPeYhsGXfFgvBSIqx1SRMH5q1o7UidJ55vg YuXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ELJtz0/BvAgDSt4SSLJtt2+ONK/+z/zUwRBozYc5R2s=; b=eyl7KSm1xBa/l5PD/b9LcP5CuZng58h54xLxF+40xGk7gFBZnwKH9F3iGsaXt2RRvX ur6d1NH5Qqbg9dSJlUVfK4M30PM8uIRHQLEMR3cl4rnRwzb8Qelr2fJEYWR96uPzBXZB Vpno9UlfTjlfzllYmZo/8JIB38TmhrvmfbKK793H2zeHi9UiKlzA00rldT/s+50Alc3i md+q2quqmJs6h7JJOkC2h5SKUQa03N5h1K3xG3hwOAOmadS2IzieuQvxsuYuJwsSIKH+ R99Jl6HJRRu0qxykKOdd6kKiCPPxJ2jLIuPanBAtsYt7ZT04ORyp7WdqhHb0R3JLJFRC pFTw== X-Gm-Message-State: AOAM532olCtrKyvHheU7ba/6h/0p8nXFaAT0Br4Jfxgnyj1DLa0+VEsO LDIQMC/WojvHTMsH9S9rdI++NeeEsSA5hvc6dEc= X-Google-Smtp-Source: ABdhPJwFllDDRbwIBKVY1kvPu7Y3BUZZgXlhyY0uwLTzMvOY0EkAGBru6x8qUxgNDVizTZnYJL3znsf9+5XbxTPLHxk= X-Received: by 2002:a50:fd19:: with SMTP id i25mr3168862eds.360.1605284866253; Fri, 13 Nov 2020 08:27:46 -0800 (PST) MIME-Version: 1.0 References: <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com> In-Reply-To: From: Natanael Date: Fri, 13 Nov 2020 17:27:33 +0100 Message-ID: To: =?UTF-8?Q?Sof=C3=ADa_Celi?= Cc: mls@ietf.org Content-Type: multipart/alternative; boundary="0000000000003768bd05b3ff82d4" Archived-At: Subject: Re: [MLS] Deniability as external to the MLS protocol X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2020 16:27:55 -0000 --0000000000003768bd05b3ff82d4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable For deniable signatures I'd like to suggest taking a look at KeyForge (not sure if it's ideal for MLS, see caveats below). http://www.mit.edu/~specter/blog/2020/dkim/ KeyForge was designed to make DKIM email header signatures deniable. It uses a long term root key (good for usability and key management), and derives a sequence of subkeys to be used for a certain period of time (using signature context / tags) and then disclosed after use without compromising the root key. Quote; > At any given time, KeyForge can remain succinct because it generates a neat tree of public/private keypairs where exposing a node=E2=80=99s privat= e key also results in also exposing that node=E2=80=99s children=E2=80=99s keys, = but not it=E2=80=99s parents. If you then tag each layer of the tree as a Master/Year/Month/Day/15-minute =E2=80=9Cchunk=E2=80=9D, you get something = like this: > KeyForge is a tree of keys, where revealing a node's private key will also reveal all of it's childrens' private keys, but not its parents' keys. > So, for this KeyForge layout, one can reveal the private key for, say, December 2020, and it=E2=80=99ll result in all signatures generated from th= at entire month being forgable. Note that the simple way of doing this, adding in the MLS group context as a tag, will make message contents deniable but leave proof of participation. This has a security model very similar to the original OTR's key disclosure mechanism. Another way of doing this is by using the user's long term keypair with the purely time based scheme to sign a group context specific message signing keypair. This only proves the sender's identity to those who receives the signature before the key is disclosed, so users who return after having been offline for a while will need to request re-signing by those users whose signatures they did not see in time. Also keep in mind that for all variants of this which use time based tags, your signature can be proven to be valid to non-participants within its validity period. If you want to guarantee that deniable context based signatures are always fully deniable to non-participants, thus making both message contents and participation deniable, then you need a method to derive a per-user-and-group context for the signature where the signature context tag itself can only be validated by participants but not by non-participants. Perhaps this can be done by using some kind of secure coin flip scheme among participants and mixing it with the MLS group context. But I'm not completely sure if this can be done securely, further research is likely needed. Den fre 13 nov. 2020 16:02Sof=C3=ADa Celi skrev: > Dear all, > > As you know, we had many discussions on deniability and solving this > problem is not an easy task, as evidence of this thread. To make sure we > can work on this optional feature in the future, without modifying the > core protocol, we believe that there are no changes needed to be added > to the core protocol. Some minor relaxing of the phrasing in the > document might be useful, though, and might help for future features as > well, so I have submitted PR #437 > (https://github.com/mlswg/mls-protocol/pull/437). This rephrasing should > allow deniability of application messages by allowing the usage of > deniable signature keys. Please, let us know of any comments regarding it= . > > Thank you, > > > -- > Sof=C3=ADa Celi > @claucece > http://claucece.github.io/ > Cryptographic research and implementation at many places, but mainly at > Cloudflare > FAB9 3EDC 7CDD 1198 DCFD 4558 91BB 6B45 6F44 2D02 > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --0000000000003768bd05b3ff82d4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
For deniable signatures I'd like to suggest taking a = look at KeyForge (not sure if it's ideal for MLS, see caveats below).= =C2=A0


KeyForge was designed to make DKIM email header signatures deniable. It = uses a long term root key (good for usability and key management), and deri= ves a sequence of subkeys to be used for a certain period of time (using si= gnature context / tags) and then disclosed after use without compromising t= he root key. Quote;

> At an= y given time, KeyForge can remain succinct because it generates a neat tree= of public/private keypairs where exposing a node=E2=80=99s private key als= o results in also exposing that node=E2=80=99s children=E2=80=99s keys, but= not it=E2=80=99s parents. If you then tag each layer of the tree as a Mast= er/Year/Month/Day/15-minute =E2=80=9Cchunk=E2=80=9D, you get something like= this:
> KeyForge is a tree of keys, where reveal= ing a node's private key will also reveal all of it's childrens'= ; private keys, but not its parents' keys.

<= /div>
> So, for this KeyForge layout, one can reveal th= e private key for, say, December 2020, and it=E2=80=99ll result in all sign= atures generated from that entire month being forgable.=C2=A0

Note that the simple way of doing thi= s, adding in the MLS group context as a tag, will make message contents den= iable but leave proof of participation. This has a security model very simi= lar to the original OTR's key disclosure mechanism.=C2=A0

Another way of doing this is by using= the user's long term keypair with the purely time based scheme to sign= a group context specific message signing keypair. This only proves the sen= der's identity to those who receives the signature before the key is di= sclosed, so users who return after having been offline for a while will nee= d to request re-signing by those users whose signatures they did not see in= time.=C2=A0

Also keep i= n mind that for all variants of this which use time based tags, your signat= ure can be proven to be valid to non-participants within its validity perio= d.=C2=A0

If you want to = guarantee that deniable context based signatures are always fully deniable = to non-participants, thus making both message contents and participation de= niable, then you need a method to derive a per-user-and-group context for t= he signature where the signature context tag itself can only be validated b= y participants but not by non-participants.=C2=A0
Perhaps this can be done by using some kind of se= cure coin flip scheme among participants and mixing it with the MLS group c= ontext. But I'm not completely sure if this can be done securely, furth= er research is likely needed.=C2=A0

Den fre 13 nov. 2020 16:02S= of=C3=ADa Celi <cherenkov@riseup= .net> skrev:
Dear all,

As you know, we had many discussions on deniability and solving this
problem is not an easy task, as evidence of this thread. To make sure we can work on this optional feature in the future, without modifying the
core protocol, we believe that there are no changes needed to be added
to the core protocol. Some minor relaxing of the phrasing in the
document might be useful, though, and might help for future features as
well, so I have submitted PR #437
(https://github.com/mlswg/mls-protocol/pull= /437). This rephrasing should
allow deniability of application messages by allowing the usage of
deniable signature keys. Please, let us know of any comments regarding it.<= br>
Thank you,


--
Sof=C3=ADa Celi
@claucece
http://claucece.github.io/
Cryptographic research and implementation at many places, but mainly at
Cloudflare
FAB9=C2=A03EDC=C2=A07CDD=C2=A01198=C2=A0DCFD=C2=A0=C2=A04558=C2=A091BB=C2= =A06B45=C2=A06F44=C2=A02D02

_______________________________________________
MLS mailing list
MLS@ie= tf.org
https://www.ietf.org/mailman/listinfo/mls
--0000000000003768bd05b3ff82d4-- From nobody Sat Nov 14 23:41:25 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB3F3A0A87 for ; Sat, 14 Nov 2020 23:41:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=dRt0btjv; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=n/4UyXrW Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9vnxKxjMHIGv for ; Sat, 14 Nov 2020 23:41:14 -0800 (PST) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D7543A0A42 for ; Sat, 14 Nov 2020 23:41:01 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 7A14637C for ; Sun, 15 Nov 2020 02:32:46 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 15 Nov 2020 02:32:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject:message-id:date; s= fm1; bh=ByGTzZWuYGGIdGO4M9Ms/qKPbGN89Q09139eAfmubTA=; b=dRt0btjv WbT7d6DzLg993Htudgwzli6EyW/oTbQHtanO+9e1kXFRWKz5pOi4ONXn7EuYmV3Z G1bJyySTNO9xJP8wNcBO2os8mKYV3nhRsBL6gVMpptAkjQLsgdVZ44+EfsxrRLck ces/DxBbGL7yo6ARhf2Xi3F5LSu2kV4sm4BfFhSdN88MaE7R9ZRHxRt40zs8B+4A obqkCQ0S49i3QEnDi8OpSM9lSFkr6u46a+zTJf92kMh/Je7bPFxhx1oyq8/QnUQy dYZ7AVqNIKL/W8sJIMtEzVkIJgSK+QrZbM3jHIMVf/+WhwAfveUlaTzevwLD3TsM ynBdGvVoMd5t1A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=ByGTzZWuYGGIdGO4M9Ms/qKPbGN89 Q09139eAfmubTA=; b=n/4UyXrW6IO0zMC8JgwnPCfDOVn30HvvqwbrUCgxm8H3a 3/4R3ZohgtLqxfVYjSXzKMtIgQk0uoYr0yuXorCF7AFNWICmY+lLNahdypLo+GeY fKPDJQ9Kke5tVZwX7vPYIOsR2E96uljmOE8YN9IEd+rIL4Dly53rFt+os3iGsqmm XsSIy0Lk8QKV7XCmsRbr+s9ZlbZfd0feUF8vNMlbrxetlXh3sSzObwse3mjfATIn R4yKNVp207fZ8ElCNHnJg9c1RQ6wYWnChlyA2NQ7OoV/zeI6qg0UjFHwf0bSFfzP yxa5MN5vmFJMqGvIKAc1I5durnbAIijTYIvHWHvyg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddvkedguddtkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggghffvufesrgdttdertddtje enucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicu uehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudei teenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppedutdegrddvtdelrddufe elrdduheejnecuvehluhhsthgvrhfuihiivgepgeenucfrrghrrghmpehmrghilhhfrhho mhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvth X-ME-Proxy: Received: from fv-az60-705.internal.cloudapp.net (unknown [104.209.139.157]) by mail.messagingengine.com (Postfix) with ESMTPA id F1E483280059 for ; Sun, 15 Nov 2020 02:32:45 -0500 (EST) Content-Type: multipart/alternative; boundary="===============5285965027655102676==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20201115073245.F1E483280059@mailuser.nyi.internal> Date: Sun, 15 Nov 2020 02:32:45 -0500 (EST) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 07:41:17 -0000 --===============5285965027655102676== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Issues ------ * mlswg/mls-architecture (+0/-0/=F0=9F=92=AC2) 1 issues received 2 new comments: - #51 Authentication service required? TOFU? (2 by beurdouche, ntninja) https://github.com/mlswg/mls-architecture/issues/51=20 * mlswg/mls-federation (+1/-1/=F0=9F=92=AC0) 1 issues created: - MLS requires centralized Delivery Service for ordering Handshake Messag= es (by ntninja) https://github.com/mlswg/mls-federation/issues/6=20 1 issues closed: - MLS requires centralized Delivery Service for ordering Handshake Messag= es https://github.com/mlswg/mls-federation/issues/6=20 Pull requests ------------- * mlswg/mls-protocol (+2/-0/=F0=9F=92=AC0) 2 pull requests submitted: - Leave this phrase open to allow deniability (by claucece) https://github.com/mlswg/mls-protocol/pull/437=20 - Strong tree signing (by psyoptix) https://github.com/mlswg/mls-protocol/pull/436=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============5285965027655102676== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday November 15, 2020

Issues

mlswg/mls-architecture (+0/-0/=F0=9F=92=AC2)

1 issues received 2 new comments:

mlswg/mls-federation (+1/-1/=F0=9F=92=AC0)

1 issues created:

1 issues closed:

Pull requests

mlswg/mls-protocol (+2/-0/=F0=9F=92=AC0)

2 pull requests submitted:

Repositories tracked by this digest:

--===============5285965027655102676==-- From nobody Wed Nov 18 23:59:35 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 028663A0C7F for ; Wed, 18 Nov 2020 23:59:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5m67EZXYCLGG for ; Wed, 18 Nov 2020 23:59:32 -0800 (PST) Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A43E83A0C73 for ; Wed, 18 Nov 2020 23:59:32 -0800 (PST) Received: by mail-io1-xd32.google.com with SMTP id m13so4999922ioq.9 for ; Wed, 18 Nov 2020 23:59:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=Rj0NfFJjLVlMGhyoPR7sT6lAcnvoytpi43f20jK9ybI=; b=gbLiaZJP7kXFxKKSUDeIocxqwKI/jNcuRXixtWE3BvPYtPRLC0t5thCV+8YoSpZ4wJ 9p6UIXsI+tsv8AqEZ2PAN09o3mJq3sHE0gbg2TiqRgXh5ypom7roi8FhGFpeTsx8myHL HH9+kc5d0MkMaCIyuqq2gHfaAW0e/TIgWHOCg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=Rj0NfFJjLVlMGhyoPR7sT6lAcnvoytpi43f20jK9ybI=; b=P9pgH6LCxSLh9bgumckATV6c3XsvFrd0eOkEO4tUdCOdY0PTD5gItIVTYpUIgBX+gO YVdbgo7AJkOk2BkJY3O/YoWk7SHAXYt+cS3BrF2dvqqK5o9BQWcb+7N2jb1YvzBKeobh fiTRh8jFYYozvRpgzAXgwNwXGCHgGkUMFdfJbMiIh76gJ5DXBMxr/UoTSYZArqdP/Ma2 WroZO2jssZVBdtjrQc3+snGm5JCrItB/r6JodCW7uwKfUJpEKVdjlyhqr+91sZWbNtpb QlZlUCDZHxaoV+kH7QYsXCnslOxzmuNbMN8M7yQMxqc+CCIzCHd4+yztxMM3dpHq+Fce UPGw== X-Gm-Message-State: AOAM531/bi0Mn7e7AWqU4GJueda0F51g0sigUG/3NKUa2Kz9xFEfkfFt adc8ktyV/ODJmF6n5yEtjUKHQyrbML2JFg== X-Google-Smtp-Source: ABdhPJwfJZ8bbWOWHryFGu7VL0jYdGfhwZSogN9LZlmxqGuBhsxZ87AnTu1TQmVmR18hYGc9fd74VQ== X-Received: by 2002:a05:6638:283:: with SMTP id c3mr12954849jaq.134.1605772771577; Wed, 18 Nov 2020 23:59:31 -0800 (PST) Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id l65sm18678175ill.18.2020.11.18.23.59.30 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Nov 2020 23:59:30 -0800 (PST) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <742FBCDB-75B9-4B42-BAEF-F728BCA71E66@sn3rd.com> Date: Thu, 19 Nov 2020 02:59:28 -0500 To: MLS List X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: [MLS] MLS@IETF109: Note Taker X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 07:59:34 -0000 If you are planning to attend the meeting and are willing to take notes = please let me know. Notes can be taken here: https://codimd.ietf.org/notes-ietf-109-mls and will also end up in the GitHub repo: https://github.com/mlswg/wg-materials/tree/master/ietf109 Cheers, spt From nobody Thu Nov 19 00:55:12 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C37353A120B for ; Thu, 19 Nov 2020 00:55:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMHrno6VGBmj for ; Thu, 19 Nov 2020 00:55:09 -0800 (PST) Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B095E3A120E for ; Thu, 19 Nov 2020 00:55:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B69EC626AF for ; Thu, 19 Nov 2020 03:55:06 -0500 (EST) X-Virus-Scanned: amavisd-new at htt-consult.com Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 83A5sg0bX-iu for ; Thu, 19 Nov 2020 03:55:01 -0500 (EST) Received: from lx140e.htt-consult.com (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 82E94625F7 for ; Thu, 19 Nov 2020 03:55:01 -0500 (EST) To: mls@ietf.org From: Robert Moskowitz Message-ID: Date: Thu, 19 Nov 2020 03:54:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: [MLS] No jabber room X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 08:55:11 -0000 I just tried to join mls@jabber.ietf.org and got a error of no such. From nobody Thu Nov 19 07:54:21 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C9B93A0C0A for ; Thu, 19 Nov 2020 07:54:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYJafgOHwIOz for ; Thu, 19 Nov 2020 07:54:17 -0800 (PST) Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C1063A0ADA for ; Thu, 19 Nov 2020 07:54:14 -0800 (PST) Received: by mail-wm1-x333.google.com with SMTP id d142so7655629wmd.4 for ; Thu, 19 Nov 2020 07:54:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=9qSrfOzRPC+CTrpwzQ0N+uPP1DLgyjhbG8p7okZiFPc=; b=OP9G/0ZgczVFREnSn9qRMAmLh0PrJVdtEa2qv40bFb5MMtAV0+CIvVGJoRTvf9wuaF 2Z7nT6gbRM0ELmck3Nt8KBLD+f+8Zd+VhplwzDtT8u4t5sgL4coLvl5qJwVhc4YfFXAA Nt3splRWjo3RUbiW5Q/AXA5Pb2DfDbvtZonuHUHTINeHOFJalyM7H0Mm0VkZDJbtgci9 bTvuzFoaUYqA5qjnZXv2EVQhHtXWjrHPBXF4UfxO4kJG6XkNSIWzOU2ddNBI9oECkvKA +B2osc7kKx3BLe6TxKesww939hxkT2FM11dhIfXBTM/DPJdiFi8jS0nIQExCuQMuQwGt rFyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9qSrfOzRPC+CTrpwzQ0N+uPP1DLgyjhbG8p7okZiFPc=; b=PjzwLJw6hac08XLOvK7PtfXp81KJbKS68oVWA7n5OtLgxUxOkRtOQxW7KeqywoUF2q +Rg4G2W2AJl1fdhHiAK6g0HTEBVs/jO7LRosHLvQu4iX/eiCqt5kG0ZexdtlCzlcckvS 8ZuO2avI7/QpsyA+EmDPG2Umk9dINHO4VJI/VKjyv431as5jVWy+2HwhQxPUo+piHyMG +bXn/0UbT2Zt3ZveaqlizKXvr4JviJUcizCQQO7uHy2I3SGJlLL6nxv7hspLJ5BenIF3 GGxeZYpUVPXo+i9uukkNEH41jylyQgrH4wxI2nFD35AeMgCm3RrsAo/vVTYVf6E4GS8G 1XWw== X-Gm-Message-State: AOAM531kGOKxO0zmitBCAh6lZx9vFH8o2Ls2w4dIWuhaJIT5H8zykPND sIEVq1SWL2zX06JtErbFJjhYpkAnJf2CpOByx2Vc8SYU69wK9vhq X-Google-Smtp-Source: ABdhPJxqbxXFw1/30/dRCoQ2+UlSdXQTet6G3aRDXd0qlzzKqmv7cxIeJfp9eXKfMgzb7O/Kywum4maGXVOzhNVXtdU= X-Received: by 2002:a1c:bd08:: with SMTP id n8mr5251451wmf.136.1605801252423; Thu, 19 Nov 2020 07:54:12 -0800 (PST) MIME-Version: 1.0 From: Sean Byrne Date: Thu, 19 Nov 2020 15:53:46 +0000 Message-ID: To: MLS@ietf.org Content-Type: multipart/alternative; boundary="0000000000003b0b9305b477bd9c" Archived-At: Subject: [MLS] Issues Accessing Meetecho for IETF109 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 15:54:19 -0000 --0000000000003b0b9305b477bd9c Content-Type: text/plain; charset="UTF-8" Hi I'm getting an Unauthorized error when I sign in to Meetecho with my Datatracker account: https://meetings.conf.meetecho.com/ietf109/?group=mls&short=&item=1 --0000000000003b0b9305b477bd9c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi

I'm getting an Unauthorized error when= I sign in to Meetecho with my Datatracker account:


=

--0000000000003b0b9305b477bd9c-- From nobody Thu Nov 19 08:34:26 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D2263A0989 for ; Thu, 19 Nov 2020 08:34:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q13so1pxFwg5 for ; Thu, 19 Nov 2020 08:34:23 -0800 (PST) Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD6F63A0985 for ; Thu, 19 Nov 2020 08:34:22 -0800 (PST) Received: by mail-wr1-x42a.google.com with SMTP id s8so7056113wrw.10 for ; Thu, 19 Nov 2020 08:34:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=fFW85muDEvmy5tGNa1QY8oWO4w5mh1IiTyeHHorVrs0=; b=oUj7P1PQWlBN5FTZC+Kclm2dPGkTwbltCslFgNNwYPgnwn7w+xuBHCwYPbjQCwbQrQ vX45zhofahqU02mD3xcl+cgeGnFzij740tJ9axhQy/VdcHGOoOvfEURxS+tJBgTwDFzv sA9D9Cm6BcaRQWCU2pncdZk9IbxKZSDkvbAkvabRGxo/mbKEGiP4R5px2Br6mJJz8pcs ONC/RNRNncxl9Ro7jyY5myzt7i9f95zb7pZgK3FxPpumQJVFwpGwFmbTduP+aDWbh0RU C17ShA/YQdJCN2YlaY5dJclTHnDhCbUZcHJ0YKwrE43NHrfNoGxjZ+id5JlIe2fmD+f9 1O/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=fFW85muDEvmy5tGNa1QY8oWO4w5mh1IiTyeHHorVrs0=; b=X3ANGStOqXtl5er+nJamYG2nf8BSDXWpqGuFgOPrOxxQPf6+PYg4eQuAnfXiI0A+Yy QXBXU7XQvkvo3cloGWW6UaD6xct08QDtEBypkixR2DRQr679anQZbEMiq12rXp1X6EcE h6h2aFaUBvGr8qagkEHy6nYIrDUkKpMSLO1a7dNY9skyu/GaG4wf29O/Bwo0IeorWBV8 BM4MWUDt51b0qtezpucb79d8hxw2d5OwYKDO/dkiVpI7+4VfhqCQpDG85WzRgzll2RuF 9HRhJE8ZeobkWiQCl6kMOM8sJ0g73DOVCEdkeuw3nn6B8n7pk1XZd6sN+ZSy7ijCHQ18 iknQ== X-Gm-Message-State: AOAM532bfjHtAdWYkKYzqnO8ck+X1V+PmuffmnhoxFtUH9DyJLQh4qS0 viqLjuNddA5AdRhqdx8u9kkXQUtWAl2b6uDNnvKuqkep1YhjQIol X-Google-Smtp-Source: ABdhPJzki2+rvD5qTG6KKV3KBaGPgljf7XC1fWU0wPDiu4Cyv/pvtzKDdOOwsnfaUD7wNvZNtrt2mOT5+mfn0KfoFbE= X-Received: by 2002:adf:ec49:: with SMTP id w9mr11105401wrn.62.1605803660922; Thu, 19 Nov 2020 08:34:20 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Sean Byrne Date: Thu, 19 Nov 2020 16:33:54 +0000 Message-ID: To: MLS@ietf.org Content-Type: multipart/alternative; boundary="000000000000c9d34805b4784c2e" Archived-At: Subject: Re: [MLS] Issues Accessing Meetecho for IETF109 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 16:34:24 -0000 --000000000000c9d34805b4784c2e Content-Type: text/plain; charset="UTF-8" After paying for a single day access, I found that the session was over, but it was advertised as 16:00 UTC. I would be grateful for any pointers so I may join the next one. Also, are there video or audio recordings of these sessions? Thank you. On Thu, Nov 19, 2020 at 3:53 PM Sean Byrne wrote: > Hi > > I'm getting an Unauthorized error when I sign in to Meetecho with my > Datatracker account: > https://meetings.conf.meetecho.com/ietf109/?group=mls&short=&item=1 > > > > > --000000000000c9d34805b4784c2e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
After paying for a single day access, I found that th= e session was over, but it was advertised as 16:00 UTC. I would be grateful= for any pointers so I may join the next one.

Also, are there video or audio recordings of these sessions?

Thank you.


--000000000000c9d34805b4784c2e-- From nobody Thu Nov 19 08:39:38 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6C573A09E5 for ; Thu, 19 Nov 2020 08:39:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.079 X-Spam-Level: X-Spam-Status: No, score=-2.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GF08D3t2Gjaf for ; Thu, 19 Nov 2020 08:39:35 -0800 (PST) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5263A09E7 for ; Thu, 19 Nov 2020 08:39:35 -0800 (PST) Received: from bens-macbook.lan (mta-70-120-123-175.stx.rr.com [70.120.123.175] (may be forged)) (authenticated bits=0) by nostrum.com (8.16.1/8.16.1) with ESMTPSA id 0AJGdQLX017420 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 19 Nov 2020 10:39:28 -0600 (CST) (envelope-from ben@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1605803969; bh=/rcqWUiKd7alB8wsG36FjcbfEwbpKFxzj0obkDZz6UA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=pCufzoqrnFZY0OMDLBiVXuQUALhL1bzgkHq8IGTzxapCWNQGNpUm628Yi+gttqN8G tFe5JwcCtY/eyczmtsMd/TuyE5PcqQ6yhiRM8aUDnyUPokL9m8rbt8ZHOQ2hf+E33a vZazp3+RKquxjn7PXqHU6aqYsWLPwXxJ8PBKMsm8= X-Authentication-Warning: raven.nostrum.com: Host mta-70-120-123-175.stx.rr.com [70.120.123.175] (may be forged) claimed to be bens-macbook.lan Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Ben Campbell In-Reply-To: Date: Thu, 19 Nov 2020 10:39:21 -0600 Cc: MLS@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Sean Byrne X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: Re: [MLS] Issues Accessing Meetecho for IETF109 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 16:39:37 -0000 Hi, The main agenda page shows times in ICT (UTC +7). There is a UTC version = at https://datatracker.ietf.org/meeting/109/agenda-utc Thanks, Ben. > On Nov 19, 2020, at 10:33 AM, Sean Byrne = wrote: >=20 > After paying for a single day access, I found that the session was = over, but it was advertised as 16:00 UTC. I would be grateful for any = pointers so I may join the next one.=20 >=20 > Also, are there video or audio recordings of these sessions?=20 >=20 > Thank you.=20 >=20 > On Thu, Nov 19, 2020 at 3:53 PM Sean Byrne = wrote: > Hi=20 >=20 > I'm getting an Unauthorized error when I sign in to Meetecho with my = Datatracker account:=20 > https://meetings.conf.meetecho.com/ietf109/?group=3Dmls&short=3D&item=3D= 1 >=20 >=20 >=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls From nobody Fri Nov 20 04:48:58 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6263A0D40 for ; Fri, 20 Nov 2020 04:48:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHH85Im_bp-A for ; Fri, 20 Nov 2020 04:48:55 -0800 (PST) Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E22A43A0D31 for ; Fri, 20 Nov 2020 04:48:54 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id 7so12724098ejm.0 for ; Fri, 20 Nov 2020 04:48:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=fFzQ4Et22NGkhbdqYhyKOZijguY8RxoRIl6eNgLnlPs=; b=Dn6mJ1AcK8VYGUeKNSv2si1wDj/o6gM+8NyIt7vEItMJjd8PHj2LsDbtzVNXMWtSAN TmlxCU5bNhVNO+laZucniLGP34pfSa0cRBjopvUz3ErVE4IPvlXN0+a/WqKXjL3CEowx 811FI+UoqnwLTz9m4+C+aguYfq8nwzG0xkUA5r6uf+gH2DklLZNwgBcmyz8CfIM/eV0x oDtf70MPBWVRh7tQhSFpGfLml6MzxFdFB5xJ5KSBDbw/fI3Zwpjbbv+Kjr8LVilFGfh+ e6smRpnPyvIjMv+qIbU/JqnG2+vnvuPg56DFg955Rq+jPuF6casfXsYjzejbcE17ZP1P ex5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=fFzQ4Et22NGkhbdqYhyKOZijguY8RxoRIl6eNgLnlPs=; b=JFtXsvYQ+X+CGQ+dbMrLzdAm819MdcJxUXngwi1qFRk2h8DH5UKN8/hihpf3K+ISG2 Dxh3ZUNV//nKSKtpd4fcBNJXycGqXef9hnv671DcUjW2AW5sjpSv+kBRKBRmbhbY6CvB qfJKUgFkL4IQlM8OFZfbtKBZX8nzyq8LdxX3fkq4gSTGthGliUuncRKFWKtClOPbGLcF Bld0wwHoJ4b+RMDlEhQcw02NQDo9ISMalergHDS+VwvIbU4gwNstD+L6ffd618taeEWy bO26CaW8YLUoWC2XfxE4DqFbJ5haAsWvXfNPIMZ4c1fCqedWE2jO50px5spKAEKkl41E daPA== X-Gm-Message-State: AOAM533EreYcpsOIiGiBpTpsisZko1p5GaRJCOU07a03LULAmb6uWRzz RQiWzPzbRKwfoCWCkCl43BQIVg== X-Google-Smtp-Source: ABdhPJyWRwvbDrJ9S1RP7scqodm4lUg9yEjwtqXqle4a4d5Q6gNoz6DkU0U5gbe7uvTOntsfIDULNA== X-Received: by 2002:a17:906:1381:: with SMTP id f1mr32161748ejc.87.1605876533324; Fri, 20 Nov 2020 04:48:53 -0800 (PST) Received: from rmbp.fritz.box ([134.3.30.253]) by smtp.gmail.com with ESMTPSA id lz27sm1091145ejb.39.2020.11.20.04.48.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Nov 2020 04:48:52 -0800 (PST) From: Raphael Robert Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_F60A3EAC-E2B3-4F9C-847A-1CA08AACA6E7" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\)) Date: Fri, 20 Nov 2020 13:48:51 +0100 In-Reply-To: Cc: Sean Byrne , MLS@ietf.org To: Ben Campbell References: X-Mailer: Apple Mail (2.3654.20.0.2.21) Archived-At: Subject: Re: [MLS] Issues Accessing Meetecho for IETF109 X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 12:48:57 -0000 --Apple-Mail=_F60A3EAC-E2B3-4F9C-847A-1CA08AACA6E7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Sean, Sorry you missed the session! As Ben mentioned, the times indicated were = ICT. Here are the meeting notes: https://codimd.ietf.org/notes-ietf-109-mls# = The video of the session should soon be available here: = https://www.youtube.com/playlist?list=3DPLC86T-6ZTP5g4BKzmTPnYXLVUlcIwkIRB= #MLS = Cheers Raphael > On 19 Nov 2020, at 17:39, Ben Campbell wrote: >=20 > Hi, >=20 > The main agenda page shows times in ICT (UTC +7). There is a UTC = version at https://datatracker.ietf.org/meeting/109/agenda-utc >=20 > Thanks, >=20 > Ben. >=20 >> On Nov 19, 2020, at 10:33 AM, Sean Byrne = wrote: >>=20 >> After paying for a single day access, I found that the session was = over, but it was advertised as 16:00 UTC. I would be grateful for any = pointers so I may join the next one.=20 >>=20 >> Also, are there video or audio recordings of these sessions?=20 >>=20 >> Thank you.=20 >>=20 >> On Thu, Nov 19, 2020 at 3:53 PM Sean Byrne = wrote: >> Hi=20 >>=20 >> I'm getting an Unauthorized error when I sign in to Meetecho with my = Datatracker account:=20 >> https://meetings.conf.meetecho.com/ietf109/?group=3Dmls&short=3D&item=3D= 1 >>=20 >>=20 >>=20 >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls --Apple-Mail=_F60A3EAC-E2B3-4F9C-847A-1CA08AACA6E7 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Sean,

Sorry you = missed the session! As Ben mentioned, the times indicated were = ICT.

Here are = the meeting notes: https://codimd.ietf.org/notes-ietf-109-mls#
The video of the session should soon be available = here: https://www.youtube.com/playlist?list=3DPLC86T-6ZTP5g4BKzmTPnYX= LVUlcIwkIRB#MLS

Cheers

Raphael


On 19 = Nov 2020, at 17:39, Ben Campbell <ben@nostrum.com> wrote:

Hi,
The main agenda page shows times in ICT (UTC = +7). There is a UTC version at https://datatracker.ietf.org/meeting/109/agenda-utc

Thanks,

Ben.

On Nov = 19, 2020, at 10:33 AM, Sean Byrne <seaniebyrne@gmail.com> wrote:

After paying for a single day access, I found that the = session was over, but it was advertised as 16:00 UTC. I would be = grateful for any pointers so I may join the next one.

Also, are there video or audio recordings of these sessions? =

Thank you.

On = Thu, Nov 19, 2020 at 3:53 PM Sean Byrne <seaniebyrne@gmail.com> wrote:
Hi

I'm getting an Unauthorized error when I sign = in to Meetecho with my Datatracker account:
https://meetings.conf.meetecho.com/ietf109/?group=3Dmls&sho= rt=3D&item=3D1



_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls

= --Apple-Mail=_F60A3EAC-E2B3-4F9C-847A-1CA08AACA6E7-- From nobody Fri Nov 20 15:17:39 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4EA23A0BEB for ; Fri, 20 Nov 2020 15:17:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0Spw3bMq7m8 for ; Fri, 20 Nov 2020 15:17:36 -0800 (PST) Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 326453A0BD9 for ; Fri, 20 Nov 2020 15:17:36 -0800 (PST) X-ASG-Debug-ID: 1605914255-0e39454b988e110001-bGA3T6 Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id vwEqVPIms7C4J1bM (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for ; Fri, 20 Nov 2020 15:17:35 -0800 (PST) X-Barracuda-Envelope-From: britta.hale@nps.edu Received: from synergos.ern.nps.edu (172.20.4.116) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2; Fri, 20 Nov 2020 15:17:34 -0800 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2 via Frontend Transport; Fri, 20 Nov 2020 15:17:34 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=av4vkQt4BcnOe4M09zDyyWQpuDlkkdvtrqCzdH/7V6qJkNsJ71PH/dE6nQtsZqKLOAQkXQBv+De+GYJb8o+ZCjk7kMkd0ukTQ5E8ojFCM0LVPtIlTWpyJgystzi+Rt9TF8iIRdaZvwxEkAqGhTcxG2xSBCmrHiCnqct98I9dv/yVVZ49q1mb4Ug+OM0R8wZqchJ21n0NaK9VPf+TyPYRWGCMNAV5GH36FgBVl0WPkyfkg77LwxwF2s5jDXHlFa7QuSDGH8xZK+THKM1PR/TQpE7g6oq1X9BDFfVYkjPVXH1HFMs65Lu+O8ZGKI/sTNe6b75tgTTjk3Jdi3s7ZOci7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kd5jV2871+knmDAeW9mgYVMtPtsyenrYRsXjzmqFFKs=; b=BEnCqsmK4tx6QGO+GOWwT/M8dtk0Hs1hchA8xytnBojuGWD1Snqm9oxPvyYLYCrCN7hInV0mo+nv2sLaSPZTOtlBKRcXKRup8B05HQ8K9b6cSItODMaVRHy7imBCk0DMnIXLwzZv1Qy6UsquhL7OezD6YOPZBeoGHiAnybFuQTRSFBf0h/Y7zHRLCD/3cf7LBHcijPqtZM+N1L2LfXICcxYWus8keIvYjb598mHZdjaG5GNq7EaFF+TZ2derqul5OcwLvL6x6TdXavRen1+O1tZgiyvQIW6Wn8U70DywgYX/nleK0AErRYami51qchhfZSQV0Gvp3uaC5M1K42L9Ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by BY5PR13MB3013.namprd13.prod.outlook.com (2603:10b6:a03:185::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.12; Fri, 20 Nov 2020 23:17:31 +0000 Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7%6]) with mapi id 15.20.3589.016; Fri, 20 Nov 2020 23:17:31 +0000 X-Barracuda-Effective-Source-IP: UNKNOWN[2603:10b6:a03:185::31] X-Barracuda-Apparent-Source-IP: 2603:10b6:a03:185::31 From: "Hale, Britta (CIV)" To: "mls@ietf.org" Thread-Topic: External Commits - Resync X-ASG-Orig-Subj: External Commits - Resync Thread-Index: AQHWv5NRsk7dG7UlqUma1q4mUO19OA== Date: Fri, 20 Nov 2020 23:17:31 +0000 Message-ID: <44D1D4F7-9F82-4D46-AF26-D4ECCFB14D13@nps.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.10.1b.201012 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nps.edu; x-originating-ip: [2601:647:cb00:2941:9940:6c2c:ec4c:5939] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f6d6e1e9-eea5-4926-5c0c-08d88daa748b x-ms-traffictypediagnostic: BY5PR13MB3013: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cBS9zFEf9xzgk6RVhY3frGImz/gkVdgg12l9e2Tafe2RSa0hfYZNFOwDqSP9i0sly+Gmqp3IPnjmvOtNomicLYF1E7cUtz3m0E/bZu7YWJN8nDuPIU445Sq6eNyfTXXHk8S7Pk1H/YOQg74zOyk7KK2UiQbS2lAWkdgnthtKTqexsO3yqqes06urfR/x+znoQmb6hcFQoL86d8A/rLaPJzl+tEcGLX5cmDt+ZJzk0mX009HMM9Dv+yLweSauac5vVuYolUqWHZtm5ou0aqFccGschjJi1WpV4HxSGxEPxkoF5PG42a6K8obJeM4UsVexa8hshD9bT/ujilG2Z1e6KQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3348.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(376002)(366004)(136003)(346002)(396003)(66556008)(66446008)(64756008)(6512007)(8936002)(186003)(36756003)(76116006)(75432002)(83380400001)(478600001)(33656002)(786003)(8676002)(66946007)(2616005)(2906002)(66476007)(86362001)(6916009)(6486002)(6506007)(5660300002)(71200400001)(316002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: dFvLxFjtyOGr1F+v36jxFd12sGMwP/492q0jY7dv5X2W97PhIkJa1uKVFsIHLL5FXIJnjIvhBqPeUfJ/KmyxU4HXuSYp5f+cDm0crWkyFhMUFHw2YnnwS4+qWkPOuYjBBJ0nT8mgpqhYxQ/ZpHn8/lN3B364Mej5jj5tbDaLxJlefuIfJ+fKKPe0SOjVgAMJOYIBPZEZQsXjuN4SfrsaUbXbFD/dUHw3xRVUIbhIeAitHiCtGS92koBGcFL1Ty5onobU9A1caWCvWrbiN76Lk5wMSJsTBcbPecHDY/ZMLIApaS7qJ/v4iKZaxK2atv6jlKDTGMd+AeZmQgc9MxHOKpj6KtXILEOQmXPcYWLEFALmyObk8pjgrk0A9DdUl0qPDRqnzUCmZyYs8mS897aZ+bskprwslJgEKK7lDd2yAFwnQV2M0RrAgQTbG+njDiZzaxaz3G9cIPPM/qr9NsrpIOe06KEyvql0Aq3089XY9Uruz6nI6TsZSuIy/JLRsIP+AiX0pOszmmsQrpZKfO5tgtBmHqLslBdi/HR14UiGDDrF/W38/Ftw7TeBl39O8bbrwonNwWzfpFyctVGlejb130BGg2CgeYWhLO2RtmZogSnCDtb0wIeP0eKtwEzz0enPhZs9ZaIMti6czk+34KwzgTGjnn9fND8+0LXtyDO5HutGltBgEI+d/GxzINS5Nsr6HERwi/jwGsttceBN352KKQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_44D1D4F79F824D46AF26D4ECCFB14D13npsedu_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f6d6e1e9-eea5-4926-5c0c-08d88daa748b X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2020 23:17:31.0952 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qf3mwiXHBQkOBZqrl4hk2qOdQFylTv59bCSLF4GLGbiqtxTFG7fzmJhQRTJzdGwY1E1XkEE9lETYO66lSehYXw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3013 X-OriginatorOrg: nps.edu X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116] X-Barracuda-Start-Time: 1605914255 X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384 X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at nps.edu X-Barracuda-Scan-Msg-Size: 10007 X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86010 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message Archived-At: Subject: [MLS] External Commits - Resync X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 23:17:38 -0000 --_000_44D1D4F79F824D46AF26D4ECCFB14D13npsedu_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgYWxsLA0KDQpBIGdvb2QgcG9pbnQgd2FzIHJhaXNlZCBieSBKb25hdGhvbiBIb3lsYW5kIGR1 cmluZyB0aGUgTUxTIElFVEYgMTA5IG1lZXRpbmcgcmVnYXJkaW5nIHBvc3NpYmxlIGNvbmNlcm5z IGluIHVzaW5nIGV4dGVybmFsIGNvbW1pdHMgZm9yIHJlc3luYywgcGFydGljdWxhcmx5IGluIHRo ZSBjYXNlIG9mIEFsaWNlIGFkZGluZy9yZW1vdmluZyBoZXJzZWxmLiBSaWNoYXJkIG5vdGVkIHRo YXQgdGhpcyBpcyBhIGZlYXR1cmUgaW4gdGhlIGNhc2UgdGhhdCBBbGljZSBpcyBubyBsb25nZXIg c3luY2hyb25pemVkIHdpdGggdGhlIGdyb3VwIGFuZCB0aGVyZWZvcmUgY2FuIHVzZSBhbiBleHRl cm5hbCBjb21taXQgdG8gYWRkIGhlcnNlbGYgYmFjayBpbiwgcmVtb3ZpbmcgdGhlIHByZXZpb3Vz IHZlcnNpb24uDQoNCkFzIG9wcG9zZWQgdG8gYW55IG5ld2NvbWVyIGpvaW5pbmcgd2l0aCBhbiBl eHRlcm5hbCBjb21taXQsIHRoZSBjYXNlIG9mIEFsaWNlIHJlLWpvaW5pbmcgcHJlc2VudHMgYSBw b3RlbnRpYWwgc2VjdXJpdHkgaXNzdWUuIE5hbWVseSwgYXMgY3VycmVudGx5IHNwZWNpZmllZCAo aW4gbXkgcmVhZGluZyBvZiB0aGUgZHJhZnQpLCBhbiBleGlzdGluZyBncm91cCBtZW1iZXIsIEJv YiwgaGFzIG5vIG1lYW5zIHRvIGRpc3Rpbmd1aXNoIGJldHdlZW4gdGhlIGZvbGxvd2luZyBjYXNl czoNCg0KICAxLiAgQWxpY2UgbmVlZHMgdG8gcmVzeW5jIGFuZCB0aGVyZWZvcmUgcGVyZm9ybXMg YW4gZXh0ZXJuYWwgY29tbWl0IGFuZCByZW1vdmVzIGhlciBwcmlvciB2ZXJzaW9uLg0KICAyLiAg QWxpY2XigJlzIHNpZ25hdHVyZSBrZXlzIGFyZSBjb21wcm9taXNlZCAoaXQgaXMgbm90IG5lY2Vz c2FyeSBmb3IgdGhlIGFkdmVyc2FyeSB0byBjb21wcm9taXNlIGFueSBncm91cCBzdGF0ZSkuIFRo ZSBhZHZlcnNhcnkgcGVyZm9ybXMgYW4gZXh0ZXJuYWwgY29tbWl0IGluIEFsaWNl4oCZcyBuYW1l LCBhbmQgdGhlbiByZW1vdmVzIGhlciBwcmlvciB2ZXJzaW9uIGFuZCBpbXBlcnNvbmF0ZXMgaGVy IHRvIHRoZSBncm91cC4NCg0KDQpPbmUgbWlnaHQgaG9wZSB0aGF0IEFsaWNlIG5vdGljZXMgdGhh dCBzaGUgaXMgcmVtb3ZlZCBhbmQgY29tbXVuaWNhdGVzIHRoaXMgdG8gdGhlIGdyb3VwIG1lbWJl cnMgT09CLCBidXQgaXQgaXMgYWxzbyBwb3NzaWJsZSB0aGF0IHRoYXQgc2hlIGFzc3VtZXMgc29t ZSBvdGhlciByZWFzb24gZm9yIHRoZSByZW1vdmFsLCBpcyBvZmZsaW5lLCBvciBzaW1wbHkgaXMg bm90IGFjdGl2ZSBlbm91Z2ggdG8gdGFrZSBhY3Rpb24gZm9yIGEgZmFpcmx5IGxvbmcgY29tcHJv bWlzZSB3aW5kb3cuIEV2ZW4gaWYgc2hlIHRyaWVzIHRvIHVzZSBhbiBleHRlcm5hbCBjb21taXQg dG8gZ2V0IGJhY2sgaW50byB0aGUgZ3JvdXAgYW5kIHRoZW4gcmVtb3ZlcyB0aGUgYWR2ZXJzYXJ5 LWFzLUFsaWNlLCB0aGVyZSBpcyBubyBtZWFucyBmb3Igb3RoZXIgZ3JvdXAgbWVtYmVycyBkaXN0 aW5ndWlzaCB0aGUgcmVhbCBBbGljZSBmcm9tIHRoZSBhZHZlcnNhcnktYXMtQWxpY2UgYW5kIHRo ZSBwcm9jZXNzIGNvdWxkIGJlIGNpcmN1bGFyICh1bnRpbCBuZXcgdmFsaWQgaWRlbnRpdHkga2V5 cyBhcmUgaXNzdWVkKS4NCg0KV2hpbGUgYSBuZXdjb21lciBpcyBhIGZyZXNoIHNvdXJjZSB0byBi ZSB0cnVzdGVkIG9yIG5vdCwgQWxpY2UgaGFzIGJlZW4g4oCcaGVhbGluZ+KAnSBhbG9uZyB3aXRo IHRoZSBncm91cCBhbmQgdGhlIGFib3ZlIG9wdGlvbiAoMikgYWxsb3dzIHRoZSBhZHZlcnNhcnkg dG8gYnlwYXNzIGFsbCBvZiB0aGF0Lg0KDQpUaGUgc291cmNlIG9mIHRoZSBwcm9ibGVtIGlzIHRo YXQgd2hlbiBBbGljZSByZS1zeW5jcywgc2hlIGlzIG5vdCBwcm92aWRpbmcgYW55IHZhbGlkYXRp b24gb2YgYmVpbmcgdGhlIHNhbWUvcHJldmlvdXMgaWRlbnRpdHksIHNvIGl0IGlzIGVhc3kgZm9y IG90aGVyIGdyb3VwIG1lbWJlcnMgdG8gYWNjZXB0IHRoYXQgbm90aGluZyBtb3JlIHRoYW4gYSBy ZXN5bmMgaGFzIHRha2VuIHBsYWNlLiBUaHVzLCBhIGZhaXJseSBzdHJhaWdodGZvcndhcmQgc29s dXRpb24gaXMgdG8gcmVxdWlyZSBQU0sgdXNlIGluIGNhc2VzIHdoZXJlIGFuIGV4dGVybmFsIGNv bW1pdCBpcyB1c2VkIGZvciByZXN5bmMuIEJ5IGVuYWJsaW5nIGEgUFNLIGRlcml2ZWQgZnJvbSBh IHByZXZpb3VzIGVwb2NoIGR1cmluZyB3aGljaCBBbGljZSB3YXMgcGFydCBvZiB0aGUgZ3JvdXAg dG8gYmUgaW5qZWN0ZWQgd2l0aCB0aGUgZXh0ZXJuYWwgY29tbWl0LCBBbGljZSBwcm92aWRlcyBz b21lIHByb29mIG9mIHByaW9yIGdyb3VwIG1lbWJlcnNoaXAgYW5kIHdlIGF2b2lkIHRoZSB0b3Rh bCByZXNldC4NCg0KV2hhdCBkb2VzIGV2ZXJ5b25lIHRoaW5rIGFib3V0IHRoaXM/IElzIGl0IGEg cHJvYmxlbSB0aGF0IHdlIHdhbnQgdG8gYWRkcmVzcywgb3IgbGV0IGl0IGZhbGwgb3V0LW9mLXNj b3BlPw0KKEFsc28sIGlmIEkgbWlzc2VkIHNvbWV0aGluZyBpbiB0aGUgZHJhZnQgdGhhdCBhbHJl YWR5IGZpeGVzIHRoaXMsIHBsZWFzZSBwb2ludCBpdCBvdXQuKQ0KDQotIEJyaXR0YQ0KDQo= --_000_44D1D4F79F824D46AF26D4ECCFB14D13npsedu_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29MaXN0UGFyYWdyYXBo LCBsaS5Nc29MaXN0UGFyYWdyYXBoLCBkaXYuTXNvTGlzdFBhcmFncmFwaA0KCXttc28tc3R5bGUt cHJpb3JpdHk6MzQ7DQoJbWFyZ2luLXRvcDowaW47DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltYXJn aW4tYm90dG9tOjBpbjsNCgltYXJnaW4tbGVmdDouNWluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFw dDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm O30NCnNwYW4uRW1haWxTdHlsZTE3DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNvbXBvc2U7 DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9 DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4 LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3Jk U2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0K QGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6ODYxNzQ5NzIyOw0KCW1zby1saXN0LXR5cGU6aHlicmlk Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczoxNzU2MDE4NzM2IDY3Njk4NzA1IDY3Njk4NzEzIDY3 Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4 NzE1O30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtdGV4dDoiJTFcKSI7DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1m b3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDps ZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVs LXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0 LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC10YWItc3RvcDpu b25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1 aW47fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxv d2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246cmlnaHQ7DQoJdGV4dC1pbmRlbnQ6LTkuMHB0 O30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2 ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGww OmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsNCgltc28tbGV2 ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9DQpvbA0KCXttYXJn aW4tYm90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQotLT48L3N0eWxlPjwh LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRpdCIgc3Bp ZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1s Pg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVkaXQiIGRh dGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hlYWQ+DQo8 Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBj bGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0Ij5IaSBhbGwsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij5BIGdvb2QgcG9pbnQgd2FzIHJhaXNlZCBieSBKb25hdGhvbiBIb3lsYW5kIGR1 cmluZyB0aGUgTUxTIElFVEYgMTA5IG1lZXRpbmcgcmVnYXJkaW5nIHBvc3NpYmxlIGNvbmNlcm5z IGluIHVzaW5nIGV4dGVybmFsIGNvbW1pdHMgZm9yIHJlc3luYywgcGFydGljdWxhcmx5IGluIHRo ZSBjYXNlIG9mIEFsaWNlIGFkZGluZy9yZW1vdmluZyBoZXJzZWxmLiBSaWNoYXJkDQogbm90ZWQg dGhhdCB0aGlzIGlzIGEgZmVhdHVyZSBpbiB0aGUgY2FzZSB0aGF0IEFsaWNlIGlzIG5vIGxvbmdl ciBzeW5jaHJvbml6ZWQgd2l0aCB0aGUgZ3JvdXAgYW5kIHRoZXJlZm9yZSBjYW4gdXNlIGFuIGV4 dGVybmFsIGNvbW1pdCB0byBhZGQgaGVyc2VsZiBiYWNrIGluLCByZW1vdmluZyB0aGUgcHJldmlv dXMgdmVyc2lvbi4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ QXMgb3Bwb3NlZCB0byBhbnkgbmV3Y29tZXIgam9pbmluZyB3aXRoIGFuIGV4dGVybmFsIGNvbW1p dCwgdGhlIGNhc2Ugb2YgQWxpY2UgcmUtam9pbmluZyBwcmVzZW50cyBhIHBvdGVudGlhbCBzZWN1 cml0eSBpc3N1ZS4gTmFtZWx5LCBhcyBjdXJyZW50bHkgc3BlY2lmaWVkIChpbiBteSByZWFkaW5n IG9mIHRoZSBkcmFmdCksIGFuIGV4aXN0aW5nIGdyb3VwDQogbWVtYmVyLCBCb2IsIGhhcyBubyBt ZWFucyB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIHRoZSBmb2xsb3dpbmcgY2FzZXM6PG86cD48L286 cD48L3NwYW4+PC9wPg0KPG9sIHN0eWxlPSJtYXJnaW4tdG9wOjBpbiIgc3RhcnQ9IjEiIHR5cGU9 IjEiPg0KPGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MGlu O21zby1saXN0OmwwIGxldmVsMSBsZm8xIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ QWxpY2UgbmVlZHMgdG8gcmVzeW5jIGFuZCB0aGVyZWZvcmUgcGVyZm9ybXMgYW4gZXh0ZXJuYWwg Y29tbWl0IGFuZCByZW1vdmVzIGhlciBwcmlvciB2ZXJzaW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwv bGk+PGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MGluO21z by1saXN0OmwwIGxldmVsMSBsZm8xIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+QWxp Y2XigJlzIHNpZ25hdHVyZSBrZXlzIGFyZSBjb21wcm9taXNlZCAoaXQgaXMgbm90IG5lY2Vzc2Fy eSBmb3IgdGhlIGFkdmVyc2FyeSB0byBjb21wcm9taXNlIGFueSBncm91cCBzdGF0ZSkuIFRoZSBh ZHZlcnNhcnkgcGVyZm9ybXMgYW4gZXh0ZXJuYWwgY29tbWl0DQogaW4gQWxpY2XigJlzIG5hbWUs IGFuZCB0aGVuIHJlbW92ZXMgaGVyIHByaW9yIHZlcnNpb24gYW5kIGltcGVyc29uYXRlcyBoZXIg dG8gdGhlIGdyb3VwLjxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC9vbD4NCjxwIGNsYXNzPSJNc29M aXN0UGFyYWdyYXBoIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQiPk9uZSBtaWdodCBob3BlIHRoYXQgQWxpY2Ugbm90aWNlcyB0aGF0IHNoZSBp cyByZW1vdmVkIGFuZCBjb21tdW5pY2F0ZXMgdGhpcyB0byB0aGUgZ3JvdXAgbWVtYmVycyBPT0Is IGJ1dCBpdCBpcyBhbHNvIHBvc3NpYmxlIHRoYXQgdGhhdCBzaGUgYXNzdW1lcyBzb21lIG90aGVy IHJlYXNvbiBmb3IgdGhlIHJlbW92YWwsIGlzIG9mZmxpbmUsIG9yIHNpbXBseQ0KIGlzIG5vdCBh Y3RpdmUgZW5vdWdoIHRvIHRha2UgYWN0aW9uIGZvciBhIGZhaXJseSBsb25nIGNvbXByb21pc2Ug d2luZG93LiBFdmVuIGlmIHNoZSB0cmllcyB0byB1c2UgYW4gZXh0ZXJuYWwgY29tbWl0IHRvIGdl dCBiYWNrIGludG8gdGhlIGdyb3VwIGFuZCB0aGVuIHJlbW92ZXMgdGhlIGFkdmVyc2FyeS1hcy1B bGljZSwgdGhlcmUgaXMgbm8gbWVhbnMgZm9yIG90aGVyIGdyb3VwIG1lbWJlcnMgZGlzdGluZ3Vp c2ggdGhlIHJlYWwgQWxpY2UgZnJvbQ0KIHRoZSBhZHZlcnNhcnktYXMtQWxpY2UgYW5kIHRoZSBw cm9jZXNzIGNvdWxkIGJlIGNpcmN1bGFyICh1bnRpbCBuZXcgdmFsaWQgaWRlbnRpdHkga2V5cyBh cmUgaXNzdWVkKS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPldo aWxlIGEgbmV3Y29tZXIgaXMgYSBmcmVzaCBzb3VyY2UgdG8gYmUgdHJ1c3RlZCBvciBub3QsIEFs aWNlIGhhcyBiZWVuIOKAnGhlYWxpbmfigJ0gYWxvbmcgd2l0aCB0aGUgZ3JvdXAgYW5kIHRoZSBh Ym92ZSBvcHRpb24gKDIpIGFsbG93cyB0aGUgYWR2ZXJzYXJ5IHRvIGJ5cGFzcyBhbGwgb2YgdGhh dC4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+VGhlIHNvdXJj ZSBvZiB0aGUgcHJvYmxlbSBpcyB0aGF0IHdoZW4gQWxpY2UgcmUtc3luY3MsIHNoZSBpcyBub3Qg cHJvdmlkaW5nIGFueSB2YWxpZGF0aW9uIG9mIGJlaW5nIHRoZSBzYW1lL3ByZXZpb3VzIGlkZW50 aXR5LCBzbyBpdCBpcyBlYXN5IGZvciBvdGhlciBncm91cCBtZW1iZXJzIHRvIGFjY2VwdCB0aGF0 IG5vdGhpbmcgbW9yZSB0aGFuIGEgcmVzeW5jDQogaGFzIHRha2VuIHBsYWNlLiBUaHVzLCBhIGZh aXJseSBzdHJhaWdodGZvcndhcmQgc29sdXRpb24gaXMgdG8gcmVxdWlyZSBQU0sgdXNlIGluIGNh c2VzIHdoZXJlIGFuIGV4dGVybmFsIGNvbW1pdCBpcyB1c2VkIGZvciByZXN5bmMuIEJ5IGVuYWJs aW5nIGEgUFNLIGRlcml2ZWQgZnJvbSBhIHByZXZpb3VzIGVwb2NoIGR1cmluZyB3aGljaCBBbGlj ZSB3YXMgcGFydCBvZiB0aGUgZ3JvdXAgdG8gYmUgaW5qZWN0ZWQgd2l0aCB0aGUgZXh0ZXJuYWwg Y29tbWl0LA0KIEFsaWNlIHByb3ZpZGVzIHNvbWUgcHJvb2Ygb2YgcHJpb3IgZ3JvdXAgbWVtYmVy c2hpcCBhbmQgd2UgYXZvaWQgdGhlIHRvdGFsIHJlc2V0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+V2hhdCBkb2VzIGV2ZXJ5b25lIHRoaW5rIGFib3V0IHRoaXM/ IElzIGl0IGEgcHJvYmxlbSB0aGF0IHdlIHdhbnQgdG8gYWRkcmVzcywgb3IgbGV0IGl0IGZhbGwg b3V0LW9mLXNjb3BlPw0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPihBbHNvLCBpZiBJIG1pc3NlZCBzb21l dGhpbmcgaW4gdGhlIGRyYWZ0IHRoYXQgYWxyZWFkeSBmaXhlcyB0aGlzLCBwbGVhc2UgcG9pbnQg aXQgb3V0Lik8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPi0gQnJp dHRhPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz cDs8L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_44D1D4F79F824D46AF26D4ECCFB14D13npsedu_-- From nobody Sat Nov 21 12:45:23 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08C6F3A0D74 for ; Sat, 21 Nov 2020 12:45:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NB2fU6X8PX-R for ; Sat, 21 Nov 2020 12:45:19 -0800 (PST) Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 978A23A0D72 for ; Sat, 21 Nov 2020 12:45:19 -0800 (PST) Received: by mail-qt1-x82c.google.com with SMTP id l7so3587719qtp.8 for ; Sat, 21 Nov 2020 12:45:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=D+E51NPmbHXKUnx5BosAX+lMdTydx90dldruFUTiY7I=; b=Jwi2ZRTDlxoo8C3K+5gCOQ/DQvomHFp3CL4Gjq3hK9b+1hhnvnKctVWLubLft54oR9 b8jgde7X6+BTeoTa44+QMieTfoC+WEXJ9PwGyREoQcD897JhSNZhsPcZDA0sTYRqFO72 Dr39BIXCaQIps0xPFWDugSRF1gQk4K2uYWam3EsRprf1qwlbEdBAdjSAEMWogNgO6j3E mVKJei43/VInV4iwHKVNiiH4T5oxVJeUuRf37Z6EW88n9vkVPW4rO8ZDo7W0qCRnK8/l Wzb06K+P1KSea6rG+NDRUPhUKXMFRDH/KO/bShds/w8Ejk8foc34TfZFGEUTGUl4aaoP wJEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=D+E51NPmbHXKUnx5BosAX+lMdTydx90dldruFUTiY7I=; b=UY20asz3IDdDLDrLnnWT+/7Tb0FpkGv3dTLUseWRnvCheFaH00aQ9nXtQnpyQDRfJ/ g8zQpZaGf8MxFE510tDMSMXNwAxPTozyuj6JiuM5gfH5FeXtBF8k1ue3QxQzwazibMt/ vMBAd4oFEsesnI/jjCiGgDlMuSMPDI7jLEofwTqAyakHhMOePVuQDz2RW0dCXfeywtJ+ 8otK57A6sLaQCnlgJyffizF3RZ6YAXp2J5DL4A3h6EdAhiQzamJguiRJZWPy8sr6mIa1 VDbEJ9TdEbGx9cmHXX5eXgKJXQYpIGiyzG1/30moPeH5v+818n3hkTczrOdUggeYWp3j iYaw== X-Gm-Message-State: AOAM532EbbdzoWGLYNQh41bA8PTcS9ymSPZfb+BW0h5Ei8wCL3GYhm1i XjxplWh0F9N2MBe0e7IXT44GxJ+vbhef46Q7BAP4xlxYSaY9jg== X-Google-Smtp-Source: ABdhPJz7iS8jnSXXZjNaAzdEUNRxhRjvnfYYt3foIVindXCinHkEccCcv7zkG/ajg9qoFg4hr930P/qnZbv3iWLo1xU= X-Received: by 2002:aed:2043:: with SMTP id 61mr11776515qta.191.1605991518142; Sat, 21 Nov 2020 12:45:18 -0800 (PST) MIME-Version: 1.0 From: Richard Barnes Date: Sat, 21 Nov 2020 15:45:03 -0500 Message-ID: To: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000f396e205b4a40998" Archived-At: Subject: [MLS] AppAck X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Nov 2020 20:45:21 -0000 --000000000000f396e205b4a40998 Content-Type: text/plain; charset="UTF-8" Hey all, For one more "feature" before feature freeze, I've just posted a PR for an AppAck proposal. This is joint work with Raphael and Benjamin, who had the idea of doing a proposal for this; I'm really just the scribe. https://github.com/mlswg/mls-protocol/pull/442 This PR addresses issue #160, which dates all the way back to May 2019. You may recall that Benjamin raised it on the IETF call last week. The idea is to enable the members of the group to detect when the DS drops application messages. Please take a look, and speak up with any comments. I would like to merge this (or decide not to) in the next week or so, so that we can get draft-11 out and begin feature freeze / analysis. Thanks, --Richard --000000000000f396e205b4a40998 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey all,

For one more "= feature" before feature freeze, I've just posted a PR for an AppAc= k proposal.=C2=A0 This is joint work with Raphael and Benjamin, who had the= idea of doing a proposal for this; I'm really just the scribe.


This PR addresses issue #160, which dates all the way back to May 2019.= =C2=A0 You may recall that Benjamin raised it on the IETF call last week.= =C2=A0 The idea is to enable the members of the group to detect when the DS= drops application messages.

Please take a look, a= nd speak up with any comments.=C2=A0 I would like to merge this (or decide = not to) in the next week or so, so that we can get draft-11 out and begin f= eature freeze / analysis.

Thanks,
--Rich= ard
--000000000000f396e205b4a40998-- From nobody Sat Nov 21 23:41:02 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EFD53A11FF for ; Sat, 21 Nov 2020 23:41:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=C+ld84w7; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HcxsVJsO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gq3qGiyOtTFn for ; Sat, 21 Nov 2020 23:40:58 -0800 (PST) Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C38AE3A118E for ; Sat, 21 Nov 2020 23:40:58 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 9DD4C769 for ; Sun, 22 Nov 2020 02:33:07 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 22 Nov 2020 02:33:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject:message-id:date; s= fm1; bh=gwv33M27jpzr4t+GCGouCS1hDN9eGGWQTl3g79OizVQ=; b=C+ld84w7 7P8sMJUg8NBRutocj52w4yOl3cAo4yWqpk8wfatNAFOTWCsG/VvSHNb8obdUqQF+ v31LNcMF/Hpufs5TuuynYsQG/KCy858pnnFSvqzh+vejNFlJ+kIfbPfoCMFU3tHc m7dOBay77lxqFI48QFsbPlBpEyXLgr2zQSYFtVlDgTk8b1BLw5PfXoZMSJmoQ731 KuJxLK2txi1f5hvb8BHCywcx4bhZYc4te5ZFOSh8xl84EVY23lGGu76chBupFXVO Lybniviabk/COe/2fQiaSbUedrZ5XkU82nB2bge4C/fF9fkDJqF5ELGXQ7z038WP a8CdCAEASTWWLQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=gwv33M27jpzr4t+GCGouCS1hDN9eG GWQTl3g79OizVQ=; b=HcxsVJsOyhB+36WEnehtMX7lR/IUbAn9/wKqfyIXY0Ae8 QOQLDloksl6sUGnEhHqicKCG1sWHpUh3soYAfdfUGQlBRWABPsvy0TeMCAASV0Xp i4uRvO2yxtc+D62+paV8kz+KAeMRczn6QhhL6ae33UISyFi4DUNMyH89PkqdtcIK hZemlvaSoFYa/eb5pVAIVepLD112MFUOVsDPkTWkKM5iC8pgUhsosXI4uBNodaiq fyF6RdfVvBy+PVIVMobjyuE/9FBdXv7XDRMBwQidXlyIb4T4PKCH4o6im+iKRpoG LSAR4hn4u/aoMIaW7qOJylX3N3393x9zLU5cffPkQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudegfedguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggghffvufesrgdttdertddtje enucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicu uehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudei teenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeehvddrudeijedrudeivd druddtjeenucevlhhushhtvghrufhiiigvpeefnecurfgrrhgrmhepmhgrihhlfhhrohhm peguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght X-ME-Proxy: Received: from fv-az12-368.internal.cloudapp.net (unknown [52.167.162.107]) by mail.messagingengine.com (Postfix) with ESMTPA id 1C5943064AAA for ; Sun, 22 Nov 2020 02:33:07 -0500 (EST) Content-Type: multipart/alternative; boundary="===============7516241557209910243==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20201122073307.1C5943064AAA@mailuser.nyi.internal> Date: Sun, 22 Nov 2020 02:33:07 -0500 (EST) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Nov 2020 07:41:01 -0000 --===============7516241557209910243== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Issues ------ * mlswg/mls-protocol (+1/-0/=F0=9F=92=AC0) 1 issues created: - Fix the protocol overview section (by raphaelrobert) https://github.com/mlswg/mls-protocol/issues/440 [editorial]=20 Pull requests ------------- * mlswg/mls-protocol (+4/-5/=F0=9F=92=AC8) 4 pull requests submitted: - Add an "AppAck" proposal (by bifurcation) https://github.com/mlswg/mls-protocol/pull/442=20 - remove references to nonexistent key_package field in Commit message (b= y uhoreg) https://github.com/mlswg/mls-protocol/pull/441=20 - Identities SHOULD be unique per group (by kkohbrok) https://github.com/mlswg/mls-protocol/pull/439=20 - Remove some stale OPEN ISSUEs (by bifurcation) https://github.com/mlswg/mls-protocol/pull/438=20 4 pull requests received 8 new comments: - #442 Add an "AppAck" proposal (1 by bifurcation) https://github.com/mlswg/mls-protocol/pull/442=20 - #439 Identities SHOULD be unique per group (3 by bifurcation, kkohbrok) https://github.com/mlswg/mls-protocol/pull/439=20 - #435 Fix parent hash verification (1 by bifurcation) https://github.com/mlswg/mls-protocol/pull/435=20 - #433 Sign the PublicGroupState (3 by bifurcation, raphaelrobert) https://github.com/mlswg/mls-protocol/pull/433=20 5 pull requests merged: - Remove some stale OPEN ISSUEs https://github.com/mlswg/mls-protocol/pull/438=20 - Sign the PublicGroupState https://github.com/mlswg/mls-protocol/pull/433=20 - remove references to nonexistent key_package field in Commit message https://github.com/mlswg/mls-protocol/pull/441=20 - move definition of ParentNode earlier https://github.com/mlswg/mls-protocol/pull/434=20 - Leave this phrase open to allow deniability https://github.com/mlswg/mls-protocol/pull/437=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============7516241557209910243== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday November 22, 2020

Issues

mlswg/mls-protocol (+1/-0/=F0=9F=92=AC0)

1 issues created:

Pull requests

mlswg/mls-protocol (+4/-5/=F0=9F=92=AC8)

4 pull requests submitted:

4 pull requests received 8 new comments:

5 pull requests merged:

Repositories tracked by this digest:

--===============7516241557209910243==-- From nobody Sun Nov 22 14:07:27 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE7CC3A0E39 for ; Sun, 22 Nov 2020 14:07:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.199 X-Spam-Level: X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GID6fxXwMil6 for ; Sun, 22 Nov 2020 14:07:23 -0800 (PST) Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451EF3A0E3C for ; Sun, 22 Nov 2020 14:07:23 -0800 (PST) Received: by mail-qv1-xf33.google.com with SMTP id g19so7756987qvy.2 for ; Sun, 22 Nov 2020 14:07:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=htVHqlFQxP5s1ECXzEFPBdPbCIfHO/l3pNuyjw7J/Oo=; b=JlZkNLG4QsUCeZKljfa1cCS6xxLuKnFe3ySNyVZWubxzxEJ4/WFYk/p07rnsxYJbbA 7kQaZIz5+fvAXpzO5lKiICaELoutW+i7G6R/+g0KAxkLo73MAceIC6iRG/bv+zhZk1EQ UxFczMDx6Eizd9Aehi5+Mhmff1b7tZ9MDecQg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=htVHqlFQxP5s1ECXzEFPBdPbCIfHO/l3pNuyjw7J/Oo=; b=cXTOYyeGs1AJ4T8vioQVX3DK5pFXUrDMyRC4YGAmVuZTQx21IYAQSkIKLvGoHklauu 3xdlR3K45c59yKtNQpcONAR0/gxi5RfKEoiQ1REE3ss6OHqNAk1kDwBUGjn4UEK+E7qa xO/89sTVjYs51F+BQZ0TJiYL2156PHapMT1+3fr6qktePRZ4qlhXraldTeCnBS7/b9kG xf7tfWRmpXkpzFehmqbPe14IQhklJ2PlZxDZZ0wue/11mDgWgofd6+C5mNIjw3CDbUH0 yczN4W0cyIs91h8Qg2nKlSoZmXmb4zftSxBK+9G3FG1MP+5xHPZvpJjSlbvhfoHQS0kP pgOQ== X-Gm-Message-State: AOAM531TWMbFFg96gctPayK6o7k8BfNS/k/YTWxeXM+wUXiFlh2VnodN qRIXYZZ2EyfTqvT6cLsr63o/8fvAUuCuqbv2BjGdbSaB+fG36w== X-Google-Smtp-Source: ABdhPJzv0kAA3aoOZo1CYGQ8MPS8s1baCVgNnoYH5xkvEFGzt7b3PyzqkcHTF75c3Tcg0zaIkjO6UBhrUDF9LPXIxtE= X-Received: by 2002:a0c:b181:: with SMTP id v1mr27547829qvd.36.1606082841918; Sun, 22 Nov 2020 14:07:21 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Brendan McMillion Date: Sun, 22 Nov 2020 14:07:11 -0800 Message-ID: To: Richard Barnes Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000045ecaf05b4b94df4" Archived-At: Subject: Re: [MLS] AppAck X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Nov 2020 22:07:25 -0000 --00000000000045ecaf05b4b94df4 Content-Type: text/plain; charset="UTF-8" Hey Richard I wrote a lot about this in the discussion in #219 but to recap, I generally don't think we should do this because: 1. We don't know how applications expect to lose messages, or what properties on message delivery/order they want to ensure. 2. Applications can easily implement some algorithm for ensuring what they want and keep that data in the AAD 3. If what we specify doesn't match exactly what applications want, they'll have to do #2 anyway and we wasted our time. If you had a construction that could bend to suit a large number of application use-cases, I think that would be good to include in the standard. But like you say in the PR, you're being fairly prescriptive in terms of how you expect messages to be lost and what you want to guarantee. Namely, a.) you expect infrequent loss, b.) clients only want to validate receipt of messages at a Commit, and c.) you don't care about total message ordering. I would say that probably won't cover even most use-cases. On Sat, Nov 21, 2020 at 12:45 PM Richard Barnes wrote: > Hey all, > > For one more "feature" before feature freeze, I've just posted a PR for an > AppAck proposal. This is joint work with Raphael and Benjamin, who had the > idea of doing a proposal for this; I'm really just the scribe. > > https://github.com/mlswg/mls-protocol/pull/442 > > This PR addresses issue #160, which dates all the way back to May 2019. > You may recall that Benjamin raised it on the IETF call last week. The > idea is to enable the members of the group to detect when the DS drops > application messages. > > Please take a look, and speak up with any comments. I would like to merge > this (or decide not to) in the next week or so, so that we can get draft-11 > out and begin feature freeze / analysis. > > Thanks, > --Richard > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --00000000000045ecaf05b4b94df4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hey Richard

I wrote a lot ab= out this in the discussion in #219 but to recap, I generally don't thin= k we should do this because:

1. We don't know = how applications expect to lose messages, or what properties on message del= ivery/order they want to ensure.
2. Applications can easily imple= ment some algorithm for ensuring what they want and keep that data in the A= AD
3. If what we specify doesn't match exactly what applicati= ons want, they'll have to do #2 anyway and we wasted our time.

If you had a construction that could bend to suit a large = number of application use-cases, I think that would be good to include in t= he standard. But like you say in the PR, you're being fairly prescripti= ve in terms of how you expect messages to be lost and what you want to guar= antee. Namely, a.) you expect infrequent loss, b.) clients only want to val= idate receipt of messages at a Commit, and c.) you don't care about tot= al message ordering. I would say that probably won't cover even most us= e-cases.

On Sat, Nov 21, 2020 at 12:45 PM Richard Barnes <rlb@ipv.sx> wrote:
Hey all,

For one more "feature" before feature freeze, I&#= 39;ve just posted a PR for an AppAck proposal.=C2=A0 This is joint work wit= h Raphael and Benjamin, who had the idea of doing a proposal for this; I= 9;m really just the scribe.


This PR addresses i= ssue #160, which dates all the way back to May 2019.=C2=A0 You may recall t= hat Benjamin raised it on the IETF call last week.=C2=A0 The idea is to ena= ble the members of the group to detect when the DS drops application messag= es.

Please take a look, and speak up with any comm= ents.=C2=A0 I would like to merge this (or decide not to) in the next week = or so, so that we can get draft-11 out and begin feature freeze / analysis.=

Thanks,
--Richard
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--00000000000045ecaf05b4b94df4-- From nobody Mon Nov 23 05:59:35 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED4663A0B6B for ; Mon, 23 Nov 2020 05:59:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.002 X-Spam-Level: X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qF1sniBVJaUY for ; Mon, 23 Nov 2020 05:59:31 -0800 (PST) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EBCA3A0B5D for ; Mon, 23 Nov 2020 05:59:31 -0800 (PST) Received: by mail-ed1-x536.google.com with SMTP id y4so17174946edy.5 for ; Mon, 23 Nov 2020 05:59:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=a8YcdhJ1HtmxlbqFp5Cix1dOdZQFJlCv8CbYNYB37DA=; b=gdLK75E6gDxt1XwiWrQRxoWTkCv95sNTN1QYdOOatZ9/ZUB3+uCxnj7cdkVSNcE+dP cZiCg/PbgC+IJU6syq14aUjB8J7N+DDIz/sf0rzcY2rOXRg9NsqySY4vwlmOLLGitVEZ hpz1+eT4EfcAmUvMwFLDSyau5Yp+0EvyoFoSUMw71FAH3nZ7c1T6e7+QZj3mS75aX5OJ A0MJON7Wor7uo2/xdnIwRnXHgX57FvZi6gpW6ovfA7tiD9ctn6XPUUUB1AemQjnp9oP8 Ck+lSr7vlrJz9sRp4xXHRPijsQGMv8xySVmHkbruZK09A5NHQjnTr2Z2hV1gek3funDM znhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=a8YcdhJ1HtmxlbqFp5Cix1dOdZQFJlCv8CbYNYB37DA=; b=T754CY0LuXcTzk6qMx4Fe3TFYf6NWQ3tnN5AjiD7pehXHEArlxSXEw25AWLGL0Tnm1 l6TBtV7TW9yqyUED4/arx5w0vQbE9dHDMiwRhc7bgRdFuxi6DUupAfgLN0ZbNyBXXx5R WRy6qj1JXNX8qoat2TXLc/mk5YD9/e050ADVC4q6OSyP/RShrYumcEQRFoSe5+dlfKfv EZ4EdEJxWyWaY2OvHJQu8ajTRDQFsFQcxt0bsmh4ckejHuvD9h0en6G29+cyQRi5uVNa lP8iX5+LWmVTFM+5UHYybYY/x+tRQ5i6oRXPU+ciuY+WoZrfU0Pa0yWKy46zt5ngYPSp ueCw== X-Gm-Message-State: AOAM533byTef3Xu/Q3ey5LDqjmLOMgpBEK1IYccTo+YDGAuN9zeA9qZk cZcEjXn4GiRL5AJxR+JkPoayuQ== X-Google-Smtp-Source: ABdhPJxriS/BG6H8H+Zf6QhwkWh7X/ljZN3vtvTir1xWglNI8LJvq3LK5lQ6gTmKDMZQ5VQKuB3zVg== X-Received: by 2002:a50:d784:: with SMTP id w4mr48043010edi.201.1606139969800; Mon, 23 Nov 2020 05:59:29 -0800 (PST) Received: from rmbp.fritz.box ([134.3.30.253]) by smtp.gmail.com with ESMTPSA id n1sm5074238ejb.2.2020.11.23.05.59.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Nov 2020 05:59:28 -0800 (PST) From: Raphael Robert Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_605D3A5E-32CC-46A0-B70C-B20E6C71C6BA" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\)) Date: Mon, 23 Nov 2020 14:59:25 +0100 In-Reply-To: <44D1D4F7-9F82-4D46-AF26-D4ECCFB14D13@nps.edu> Cc: "mls@ietf.org" To: "Hale, Britta (CIV)" References: <44D1D4F7-9F82-4D46-AF26-D4ECCFB14D13@nps.edu> X-Mailer: Apple Mail (2.3654.20.0.2.21) Archived-At: Subject: Re: [MLS] External Commits - Resync X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 13:59:34 -0000 --Apple-Mail=_605D3A5E-32CC-46A0-B70C-B20E6C71C6BA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Britta, That=E2=80=99s definitely an interesting question. The way the spec is = written right now, Alice could just re-sync like you described and that = raises a few questions (in no particular order): - The status quo with messaging apps is that you can typically join a = session by only controlling the identity key. This is the case for = messengers based on the Signal protocol. While a session gives you = certain well-understood guarantees, it=E2=80=99s up to the apps to = define how seamlessly you can initiate a new session = (https://github.com/signalapp/Signal-iOS/issues/4138 = ). While that=E2=80=99= s the status quo, it doesn=E2=80=99t mean we shouldn=E2=80=99t aim = higher with MLS. - You mention the proof of past participation and I think the = resumption secrets we already have could be used for that = (https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol= .html#name-resumption-secret = ). Provided other members keep them around = for long enough, Alice could prove that was indeed a member in the past. - What is the exact threat model? An attacker that compromises a device = will not only get the signature key, but most likely also the resumption = secrets. The intuition here is that it is unlikely that the resumption = secrets are better protected on the device than the signature key itself = (but I might be wrong). We also recommend that signature keys should not = be re-used between devices, which lowers the chance that they leak when = they are copied (they probably don=E2=80=99t have to be copied ever if = they are not re-used). Given the above, I=E2=80=99m wondering if you had = a particular scenario in mind? - Let=E2=80=99s say we wanted to address this. The practical problem I = see is that it might be impossible for other members to determine if = Alice is trying to re-sync. There was some discussion on this now closed = PR: https://github.com/mlswg/mls-protocol/pull/439 = . If we don=E2=80=99t = have a way to uniquely distinguish between members (other than by their = position in the tree), how can we detect that they are trying to = re-sync? I=E2=80=99m all for continuing the discussion though! Maybe we won=E2=80=99= t find a satisfying solution, but we should try at least. Thanks Raphael=20 > On 21. Nov 2020, at 00:17, Hale, Britta (CIV) = wrote: >=20 > Hi all, > =20 > A good point was raised by Jonathon Hoyland during the MLS IETF 109 = meeting regarding possible concerns in using external commits for = resync, particularly in the case of Alice adding/removing herself. = Richard noted that this is a feature in the case that Alice is no longer = synchronized with the group and therefore can use an external commit to = add herself back in, removing the previous version. > =20 > As opposed to any newcomer joining with an external commit, the case = of Alice re-joining presents a potential security issue. Namely, as = currently specified (in my reading of the draft), an existing group = member, Bob, has no means to distinguish between the following cases: > Alice needs to resync and therefore performs an external commit and = removes her prior version. > Alice=E2=80=99s signature keys are compromised (it is not necessary = for the adversary to compromise any group state). The adversary performs = an external commit in Alice=E2=80=99s name, and then removes her prior = version and impersonates her to the group. > =20 > One might hope that Alice notices that she is removed and communicates = this to the group members OOB, but it is also possible that that she = assumes some other reason for the removal, is offline, or simply is not = active enough to take action for a fairly long compromise window. Even = if she tries to use an external commit to get back into the group and = then removes the adversary-as-Alice, there is no means for other group = members distinguish the real Alice from the adversary-as-Alice and the = process could be circular (until new valid identity keys are issued). > =20 > While a newcomer is a fresh source to be trusted or not, Alice has = been =E2=80=9Chealing=E2=80=9D along with the group and the above option = (2) allows the adversary to bypass all of that. > =20 > The source of the problem is that when Alice re-syncs, she is not = providing any validation of being the same/previous identity, so it is = easy for other group members to accept that nothing more than a resync = has taken place. Thus, a fairly straightforward solution is to require = PSK use in cases where an external commit is used for resync. By = enabling a PSK derived from a previous epoch during which Alice was part = of the group to be injected with the external commit, Alice provides = some proof of prior group membership and we avoid the total reset. > =20 > What does everyone think about this? Is it a problem that we want to = address, or let it fall out-of-scope? > (Also, if I missed something in the draft that already fixes this, = please point it out.) > =20 > - Britta > =20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls = --Apple-Mail=_605D3A5E-32CC-46A0-B70C-B20E6C71C6BA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Britta,

That=E2=80=99s= definitely an interesting question. The way the spec is written right = now, Alice could just re-sync like you described and that raises a few = questions (in no particular order):

 - The status quo with messaging = apps is that you can typically join a session by only controlling the = identity key. This is the case for messengers based on the Signal = protocol.  While a session gives you certain well-understood = guarantees, it=E2=80=99s up to the apps to define how seamlessly you can = initiate a new session (https://github.com/signalapp/Signal-iOS/issues/4138). = While that=E2=80=99s the status quo, it doesn=E2=80=99t mean we = shouldn=E2=80=99t aim higher with MLS.

 - You mention the proof of past = participation and I think the resumption secrets we already have could = be used for that (https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-ml= s-protocol.html#name-resumption-secret). Provided other members keep = them around for long enough, Alice could prove that was indeed a member = in the past.

 - What is the exact threat model? An attacker that = compromises a device will not only get the signature key, but most = likely also the resumption secrets. The intuition here is that it is = unlikely that the resumption secrets are better protected on the device = than the signature key itself (but I might be wrong). We also recommend = that signature keys should not be re-used between devices, which lowers = the chance that they leak when they are copied (they probably don=E2=80=99= t have to be copied ever if they are not re-used). Given the above, = I=E2=80=99m wondering if you had a particular scenario in = mind?

 - =  Let=E2=80=99s say we wanted to address this. The practical problem = I see is that it might be impossible for other members to determine if = Alice is trying to re-sync. There was some discussion on this now closed = PR: https://github.com/mlswg/mls-protocol/pull/439. If we = don=E2=80=99t have a way to uniquely distinguish between members (other = than by their position in the tree), how can we detect that they are = trying to re-sync?

I=E2=80=99m all for continuing the discussion though! Maybe = we won=E2=80=99t find a satisfying solution, but we should try at = least.

Thanks

Raphael 

On 21. Nov 2020, at 00:17, = Hale, Britta (CIV) <britta.hale@nps.edu> wrote:

Hi all,
 
A good point was = raised by Jonathon Hoyland during the MLS IETF 109 meeting regarding = possible concerns in using external commits for resync, particularly in = the case of Alice adding/removing herself. Richard noted that this is a = feature in the case that Alice is no longer synchronized with the group = and therefore can use an external commit to add herself back in, = removing the previous version.
 
As opposed to any = newcomer joining with an external commit, the case of Alice re-joining = presents a potential security issue. Namely, as currently specified (in = my reading of the draft), an existing group member, Bob, has no means to = distinguish between the following cases:
  1. Alice needs to resync and therefore performs an = external commit and removes her prior version.
  2. Alice=E2=80=99s signature keys are compromised (it is not = necessary for the adversary to compromise any group state). The = adversary performs an external commit in Alice=E2=80=99s name, and then = removes her prior version and impersonates her to the group.
 
One might hope = that Alice notices that she is removed and communicates this to the = group members OOB, but it is also possible that that she assumes some = other reason for the removal, is offline, or simply is not active enough = to take action for a fairly long compromise window. Even if she tries to = use an external commit to get back into the group and then removes the = adversary-as-Alice, there is no means for other group members = distinguish the real Alice from the adversary-as-Alice and the process = could be circular (until new valid identity keys are issued).
 
While a newcomer = is a fresh source to be trusted or not, Alice has been =E2=80=9Chealing=E2= =80=9D along with the group and the above option (2) allows the = adversary to bypass all of that.
 
The source of the = problem is that when Alice re-syncs, she is not providing any validation = of being the same/previous identity, so it is easy for other group = members to accept that nothing more than a resync has taken place. Thus, = a fairly straightforward solution is to require PSK use in cases where = an external commit is used for resync. By enabling a PSK derived from a = previous epoch during which Alice was part of the group to be injected = with the external commit, Alice provides some proof of prior group = membership and we avoid the total reset.
 
What does = everyone think about this? Is it a problem that we want to address, or = let it fall out-of-scope?
(Also, if I missed something in the draft that already fixes = this, please point it out.)
 
- Britta
 
_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls

= --Apple-Mail=_605D3A5E-32CC-46A0-B70C-B20E6C71C6BA-- From nobody Mon Nov 23 08:34:28 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8533A09F0 for ; Mon, 23 Nov 2020 08:34:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wickr-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wd16ivCdT_6e for ; Mon, 23 Nov 2020 08:34:27 -0800 (PST) Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B22143A09DF for ; Mon, 23 Nov 2020 08:34:26 -0800 (PST) Received: by mail-wm1-x335.google.com with SMTP id x13so250902wmj.1 for ; Mon, 23 Nov 2020 08:34:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wickr-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=CxaEGM5LccPxaUbTbU6Cf83/oVWFhGOaskmKlN0MRD4=; b=12NQh6Ne6PyRAdG6iIJsiEpdn1OeGq7fGaVbrqWZYPpVu3WYXqtkkzklLpArdP+Bpg lYKMxiF/L10Ej7f+g56OgYlrDjxYpjDwUM67THgs0Aw9hPyaxWta3zSo4ewkNyqABkio UH+rGFQr+FsT41ADgr06vuKBVZyi/rExMNMzp2NynjsDWXxmKa0XgNXPlHDrFDGBobHs lnWhAANIXhaEtfeh4tYaC78MrV8Tij++jMJKlAb0c7voTqhNiLp7g/KgR2fFlv2Kf+nm RIM6LYJBN2lKXIKgR7BLSVuL9suVB8pLfDBms36SXNtoqpPantW1dazTWcpHy0NM7m7W ozEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=CxaEGM5LccPxaUbTbU6Cf83/oVWFhGOaskmKlN0MRD4=; b=BQQiZ/CrhV1fzLNuY0wdFusadZ9Ne0B6DNbre+7g+w0g5jl298tRj0EQhomk+uGWen Bv8PBeBVRZbUGYeXRDjiz7X7t4YqaKXSjg9iLlaE/CkJANJIw8IYDTgw1+CFZLY/N/to 1vGxB3kaqn8EbEMyPDzfDRGuR0mJxNM2I2DgctF0IlsTsX0dKvqx+eUWSkmZyTpejOtD tk9xfhlkHgEfqNC9KjzU9SspzgYEyQiA1+FysmEF/Bcl5g4oGWu5gaKGShE+vEGjq7m9 V/PgBAR6p+bZ+Ut+3WgP7RQRQ35TgmA3ONsiJdXF0WQ9gDb0w0SgEuqb+L6gJGyiuNjb /m9A== X-Gm-Message-State: AOAM532L0DQYlIZLSdTvIobrcyj3BAKrvnEVypijYYkruiQWWpe+Jf8D FUzkSMm+bL/gFyaQKAsANb3yBQrCTydFDA== X-Google-Smtp-Source: ABdhPJzYXCiacOc+dlnS2wcJMpWYqNMLnGoElRvcb+W0+J9IW9VJXVlK4iD4ZUYMTw2NZJ98P8vrEw== X-Received: by 2002:a1c:8145:: with SMTP id c66mr86361wmd.71.1606149264422; Mon, 23 Nov 2020 08:34:24 -0800 (PST) Received: from [192.168.1.137] (84-114-27-5.cable.dynamic.surfer.at. [84.114.27.5]) by smtp.gmail.com with ESMTPSA id q66sm18706025wme.6.2020.11.23.08.34.23 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Nov 2020 08:34:23 -0800 (PST) To: mls@ietf.org References: From: Joel Alwen Message-ID: <45292c19-e818-441b-9549-8c9429d7017a@wickr.com> Date: Mon, 23 Nov 2020 17:34:22 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [MLS] AppAck X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 16:34:28 -0000 If using the AppAck proposal is not mandatory and it would be useful to several of the envisaged deployments (which sounds to be the case) I don't see this as being too problematic. Though I do agree that other message loss policies also make sense. (E.g. wanting eventual agreement on total ordering.) Moreover, it should be quite easy to support these proposals since they have almost no effect on the cryptographic state so are easy to process. Its really a UX thing I think. On 22/11/2020 23:07, Brendan McMillion wrote: > b.) clients only want to validate receipt of messages at a Commit, Not sure why you say this is implied by how AppAck is defined. From the PR: > * The application could have a client send an AppAck whenever an application > message is sent, covering all messages received since its last AppAck. This > would provide a complete view of any losses experienced by active members. - Joël From nobody Mon Nov 23 12:39:47 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 723EA3A10D3 for ; Mon, 23 Nov 2020 12:39:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.002 X-Spam-Level: X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwGCz0aFJhk2 for ; Mon, 23 Nov 2020 12:39:42 -0800 (PST) Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C54FF3A10CF for ; Mon, 23 Nov 2020 12:39:42 -0800 (PST) X-ASG-Debug-ID: 1606163981-0e39454b98968f0001-bGA3T6 Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id AVBKd2G87zLuRM4d (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Mon, 23 Nov 2020 12:39:41 -0800 (PST) X-Barracuda-Envelope-From: britta.hale@nps.edu Received: from skywalker.ern.nps.edu (172.20.4.117) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2; Mon, 23 Nov 2020 12:39:41 -0800 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.54) by skywalker.ern.nps.edu (172.20.4.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2 via Frontend Transport; Mon, 23 Nov 2020 12:39:41 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MpqqB1s333yzYKK5ca6ixdAf00OZ+3UG1ADl0xDpaaPw2ddSnEXTUXKwfY6nXZLGMBSy/OuuT+bULRlWlTYOQSepQHKQBN6F6ea4CLiGCUy6O3ukpaNO4EjjA6WfDr04l1f5/VQRX6RylAnjWzp4Fu9Bom+4zjqez/gh4kDsL0Hqvl8n4bdjnYiGHg2js5okTBw16JGPPgBQiodyulVNQ2d5nbOFbmYgcvk86PNijXRQdgTNZ6vbPFLR+NGNgEtia7ictr4BMzTKc/BHPwGu1AEE0HiJndphIW+pV17XSmWEfcnRlkpfp5/puGYisrYyGVyB45x3P95hf7LHQD/0VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v09o/gD/nJ3TPrOT4ZcJuwRWkDzfVaTFhyqObm6ebP4=; b=gmjnT7h7TrN0hWtpV0etw7FR29d1bSCudWk13nig4dT77GCj6Wt8ElN2OJX/nxY9XR6zIn3h5u6CYyx1IVqT41UPqQ9w5aSjx3YH6uxfjMt6lKa7yIk8jSyPdZuWCd1f7f5a03UEPvIayeQ5ONQojqtk2jMp8FkjrAWeJoj80gyMK08p1ZkpBGhQV362vA1iIrwyjGDkN+vTaMuF6HJ9Xbvzcdyrp3idBF4pXU4oM+gWpHKVDDhEO+BmfG9nQmlT4EX5YauuST9h+Og0G9/ANT0UGGFMetaakuIr8/JY7uusQpEPxJ1LSTw+o14OCS4xmBTGpCRK+r03ZJJTV+mNKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by BY5PR13MB3176.namprd13.prod.outlook.com (2603:10b6:a03:190::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.9; Mon, 23 Nov 2020 20:39:39 +0000 Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7%6]) with mapi id 15.20.3589.030; Mon, 23 Nov 2020 20:39:39 +0000 X-Barracuda-Effective-Source-IP: UNKNOWN[2603:10b6:a03:190::23] X-Barracuda-Apparent-Source-IP: 2603:10b6:a03:190::23 From: "Hale, Britta (CIV)" To: Raphael Robert CC: "mls@ietf.org" Thread-Topic: [MLS] External Commits - Resync X-ASG-Orig-Subj: Re: [MLS] External Commits - Resync Thread-Index: AQHWv5NRsk7dG7UlqUma1q4mUO19OKnVwo2A///ptQA= Date: Mon, 23 Nov 2020 20:39:39 +0000 Message-ID: References: <44D1D4F7-9F82-4D46-AF26-D4ECCFB14D13@nps.edu> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.10.1b.201012 authentication-results: wire.com; dkim=none (message not signed) header.d=none;wire.com; dmarc=none action=none header.from=nps.edu; x-originating-ip: [2601:647:cb00:2941:1875:a352:9b61:3621] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5b8a7e1a-7722-4202-35ba-08d88fefe62a x-ms-traffictypediagnostic: BY5PR13MB3176: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5ItbAVpo5Z2JUQtFsmqvl8HAYUMsdKRLNHn5EV+vROttr3krkjvQH2frIb3tszrzbRmosrlptgr//ohJdS+7aAazH3pmTbSRWqiWYflOCkNYrFhzo/HTSE4xPEjt0yIO0yhsnxl+qmcG9ZU7gP5GnYF8AZEBtB0Hr5H38nErdfUkbfckdgX0hm+va3IIM4CPvg/Zbb7Zd04Tyn8AxO/ctpR+2qxlS5M1haEU9xMYBvynW1bRR983PbAZW5PG07FkmQXOJdm1Yvj9yMnNwYI6hrawXxe/ihN5mVhOuR+eDGFGxdrWXGnG3nnzTROfOiqs+UBmeOZRPLKpqqlEAT6K/JUYf7+CHtXsmnbu4BWiqG3mZP9MyFE2EkozT7LFEj1gwzJCaMeVFglg6gwn5JWnxg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3348.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(39850400004)(376002)(136003)(396003)(83380400001)(86362001)(8936002)(4326008)(8676002)(478600001)(75432002)(186003)(6512007)(166002)(966005)(6486002)(6916009)(786003)(316002)(36756003)(66476007)(66556008)(66446008)(66946007)(64756008)(76116006)(2616005)(53546011)(5660300002)(33656002)(2906002)(71200400001)(6506007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: YCjzvdZnl5xVdoWFeW/efXZliW/nn1jXwHXP6Up7WUKY6TYlA2I+6KSUB+xkPCRKBlloI+tqA9hzzcESgzJfUok6FFyN9s7OJlWdaYCpf3h7rSwnpGQCOgTEU8nDPR73RH0gzdg8diJDAnraPuZv5lUC3jgYJCLNUrQ2mUidd3jwNc5SOQdnIooKW721xdnWn85gAN/ZNIo/LviGliD3Thdm5s04Vhag0m2d98gWfSYA0/DF+Es1g31IujZfm92GQOduKiBkdnDUcX4a3ynIU0iaYOVnYQeZ6WcrtwubwE2LOP5LzUhNris5/CGc1Q1EUcSg2kOQgJcy/pfZBJMHI2Qspciwg5YabDekfKdOQTaV4DdoyDIWQWCLSn+Ib6RyW78yCuBTdQYtFirBZ+tkIRia3fkQ/mQKxWOYt9vZJYg+gELPfuVdTi9qRwhhvbhF7/z+HK/CVZMXu/681RafwmMd0N1Iwro3QZdOXU4YXRmbrH3E9Nng2DiPKuuMzITfNOJV0dcMO3Mxf+/ossnoerhiHGNC7nGZ2wK5+OmKnsuzm3HvAhafzn8VkfXkoDqs9m3q0f2n0/AOudrJPx/5KmIaaQ45cARdskxAhGR8Hf02OUWh1uvDDbQAWDLXxQRmjwsumREbXS5pSzVMSgWzv5hFsfE0imSJDH5Q23gJem6sbcgXxQZuxmQCW1X8SgI6TjQrvU3nz0HF+sXd1NTXaQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_A2D566A202E34CC6853473257F03948Cnpsedu_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b8a7e1a-7722-4202-35ba-08d88fefe62a X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2020 20:39:39.2767 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: K52wCzhIY06v/rL2p3Nnc3mprYmjd9qVUvkklgqOyoLxmNMBA1x8ZTUohz95ragud+MQgbWHaH5smOeWV9n3ww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3176 X-OriginatorOrg: nps.edu X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116] X-Barracuda-Start-Time: 1606163981 X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384 X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at nps.edu X-Barracuda-Scan-Msg-Size: 25666 X-Barracuda-BRTS-Status: 1 X-Barracuda-BRTS-Evidence: messaginglayersecurity.rocks X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86076 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message Archived-At: Subject: Re: [MLS] External Commits - Resync X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 20:39:45 -0000 --_000_A2D566A202E34CC6853473257F03948Cnpsedu_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WW91IHJhaXNlIGdvb2QgcG9pbnRzLiBJIHdpbGwgdGhyb3cgaW4gc29tZSB0aG91Z2h0cyBvbiBh IGZldyBvZiB0aGVzZToNCg0KMSkgVGhpcyBoYXMgZGVmaW5pdGVseSBiZWVuIHRoZSBjYXNlIGZv ciBwYWlyLXdpc2UgY29ubmVjdGlvbnMg4oCTIGlmIEFsaWNlIGRlc3luY3Mgc3VjaCB0aGF0IGhl ciBjb252ZXJzYXRpb24gd2l0aCBCb2IgaXMgdW5yZWNvdmVyYWJsZSwgdGhleSBqdXN0IHN0YXJ0 IGFuIGVudGlyZWx5IG5ldyBzZXNzaW9uIHdoZXJlaW4gdHJ1c3QgaXMgYmFzZWQgb25seSBvbiBp ZGVudGl0eSBrZXlzLiBUaGF0IHRoZW4gcmVsaWVzIG9uIE9PQiBhdXRoZW50aWNhdGlvbiBvZiB0 aG9zZSBrZXlzIC8gdHJ1c3Qtb24tZmlyc3QtdXNlL2V0Yy4gVGhlIGdyb3VwIGNvbnRleHQgaXMg YSBsaXR0bGUgZGlmZmVyZW50IGR1ZSBBKSB0aGUgZW50aXJlIGdyb3VwIGRvZXMgbm90IHRlYXIt ZG93biB3aGVuIEFsaWNlIGRlc3luY3MgdG8gcmVidWlsZCBhIG5ldyBzZXNzaW9uIGFuZCBCKSBp dCBpcyBtdWNoIGVhc2llciB0byBiZSBhIHBhc3NpdmUgb2JzZXJ2ZXIgc3VjaCB0aGF0IGl0IGlz IGhhcmRlciB0byBub3RpY2UgaWYgYXR0YWNrZXItYXMtQWxpY2UgaXMgbm90IGJlaGF2aW5nIGFz IEFsaWNlLg0KDQpTb21lIG9mIHRoZXNlIGlycmVndWxhcml0aWVzIGluIGdyb3VwIG1lc3NhZ2lu ZyBsaW5rIHRvIHRoZSByZWFzb24gdGhhdCB0aGUgd29ya2luZyBncm91cCBzbyBvZnRlbiByZXF1 aXJlcyBrbm93bGVkZ2Ugb2YgdGhlIGN1cnJlbnQgZ3JvdXAgc3RhdGUgZm9yIEFsaWNlIHRvIG1h a2UgdXNlIG9mIGtleXMvc2VuZCB1cGRhdGVzL2V0Yy4gdnMuIGp1c3Qga25vd2xlZGdlIG9mIGhl ciBzaWduYXR1cmUga2V5LiBCeSByZXF1aXJpbmcga25vd2xlZGdlIG9mIHRoZSBncm91cCBzdGF0 ZSwgd2UgZ2V0IGNvbnRpbnVpdHkgZm9yIHRoZSBlbnRpdGllcyBpbnZvbHZlZCBmcm9tIHRoZSBw b2ludCBvZiB0cnVzdC1vbi1maXJzdC11c2Ugb2YgdGhlIHNpZ25hdHVyZSBrZXlzLiBIb3dldmVy LCBpZiB3ZSBhbGxvdyBBbGljZSB0byBlbnRlci9yZXNldCBhdCBhbnkgdGltZSB3aXRob3V0IHRo YXQgY29udGludWl0eSBpbiBwcm92aW5nIGtub3dsZWRnZSBvZiB0aGUgZ3JvdXAgc3RhdGUsIHRo ZW4gd2UgYWN0dWFsbHkgYWxsb3cgc3VidmVyc2lvbiBhZ2FpbnN0IG1hbnkgb2YgdGhlIG1lY2hh bmlzbXMgdGhhdCB3ZSBoYXZlIHB1dCBpbiBwbGFjZSBlbHNld2hlcmUgaW4gdGhlIHByb3RvY29s Lg0KDQpUaGUgZGlzdGluY3Rpb24gaGVyZSBpcyBiZXR3ZWVuIGpvaW5pbmcgYSBzZXNzaW9uIGFz IGEgbmV3IG1lbWJlciAod2hlcmUgdGhlIGFwcCBkZWNpZGVzIGhvdyBlbnRpdHkgYXV0aGVudGlj YXRpb24gaXMgaGFuZGxlZCBhbmQgdXNlcnMgZGVjaWRlIHdobyBnZXRzIHRvIGpvaW4pIGFuZCBy ZS1qb2luaW5nIGEgc2Vzc2lvbiBhcyBhbiBhbHJlYWR5IHRydXN0ZWQgbWVtYmVyIHdpdGggYWxs IHRoZSBpbi1hcHAgcHJpdmlsZWdlcyB0aGF0IHdlcmUgaGVsZCBieSB0aGUgcmVhbCBBbGljZS4N Cg0KMikgSSBhZ3JlZSB0aGF0IHRoZSByZXN1bXB0aW9uIHNlY3JldHMgaW5mcmFzdHJ1Y3R1cmUg dGhhdCB3ZSBoYXZlIGFscmVhZHkgY291bGQgd29yayB2ZXJ5IHdlbGwgaGVyZS4NCg0KMykgVGhl IHRocmVhdCBtb2RlbCBpcyBhY3R1YWxseSBhIHJhdGhlciBjcml0aWNhbCBhc3BlY3Qgb2YgdGhp cywgYXMgdGhlcmUgaXMgYSBzdWJ0bGUgZW50YW5nbGVtZW50IHdpdGggdGhlIFBDUyBjbGFpbXMu IFRyYWRpdGlvbmFsIFBDUyBzdGF0ZXMgdGhhdCBhZnRlciBhbiBlcG9jaCB3aGVyZWluIHRoZSBh dHRhY2tlciBpcyBwYXNzaXZlLCB0aGUgc2VjdXJpdHkgaXMg4oCcaGVhbGVk4oCdIHdpdGggdGhl IGF0dGFja2VyIGxvY2tlZCBvdXQg4oCTIGV2ZW4gaWYgdGhlIGF0dGFja2VyIGJlY29tZXMgYWN0 aXZlIGxhdGVyLiBOb3cgdGhhdCBpcyBubyBsb25nZXIgdGhlIGNhc2UgYW5kIHdlIG11c3QgYXNz dW1lIHRoYXQgdGhlIGF0dGFja2VyIGNvbnRpbnVlcyB0byBiZSBwYXNzaXZlIGluZGVmaW5pdGVs eSAob3IgdW50aWwgc2lnbmF0dXJlIGtleXMgYXJlIHJvdGF0ZWQpIGZvciBQQ1MgdG8gaG9sZC4g Rm9yIGV4YW1wbGUsIHN1cHBvc2UgdGhhdCBBbGljZeKAmXMgZnVsbCBzdGF0ZSBpcyBjb21wcm9t aXNlZC4gT25lIGVwb2NoIGxhdGVyIHRoZSBncm91cCBzdGF0ZSBpcyBubyBsb25nZXIgb2YgdXNl IHRvIHRoZSBhdHRhY2tlci4gSG93ZXZlciwgdGhlIGF0dGFja2VyIHN0aWxsIGhhcyB0aGUgc2ln bmF0dXJlIGtleXMgYW5kIGNhbiBwZXJmb3JtIHRoZSBleHRlcm5hbCBjb21taXQg4oCTIHJlbW92 ZSBBbGljZSDigJMgaW1wZXJzb25hdGUgQWxpY2Ugc2VxdWVuY2UuIFRoZXJlIGFyZSBjYXNlcyB3 aGVyZSBzaWduYXR1cmUga2V5cyBtYXkgYmUgY29tcHJvbWlzZWQgd2l0aG91dCB0aGUgcmVzdCBv ZiB0aGUgc3RhdGUsIGJ1dCBJIHdpbGwgZm9jdXMgb24gdGhlIGFib3ZlIGV4YW1wbGUgZm9yIG5v dy4NCg0KTm90ZSB0aGF0IGV2ZW4gdGhlIOKAnHNvbHV0aW9u4oCdIEkgcHJvcG9zZWQgYmVmb3Jl IGRvZXMgbm90IHByZXZlbnQgdGhpcyBicmVhayBpbiBQQ1MgYXNzdW1wdGlvbnMvZ3VhcmFudGVl cy4gSXQgd291bGQsIGhvd2V2ZXIsIGltcGx5IGFuIGktZXBvY2ggUENTIHZhcmlhbnQuIEZvciBl eGFtcGxlLCB0aGUgYXR0YWNrZXIgZ2V0cyB0aGUgc2lnbmF0dXJlIGFuZCByZXN1bXB0aW9uIHNl Y3JldHMgYW5kIGlzIHBhc3NpdmUgZm9yIGk9MiBlcG9jaHMsIGFuZCB3ZSBvbmx5IGFsbG93IHJl LXN5bmNzIHdpdGhpbiB0aG9zZSBpPTIgZXBvY2hzIGJlZm9yZSBjb25zaWRlcmluZyBBbGljZSB0 byBiZSBhbiBlbnRpcmVseSBuZXcgemVyby10cnVzdCBtZW1iZXIuIEFsaWNlIGNhbiByZXN5bmMg d2l0aGluIGk9MiBlcG9jaHMgd2hpbGUgcHJvdmlkaW5nIGdyb3VwIG1lbWJlcnMgc29tZSBhc3N1 cmFuY2UgdGhhdCBzaGUgaXMgc3RpbGwgdGhlIHNhbWUgZW50aXR5LCBhbmQgdGhlcmUgaXMgYW4g aS1saW1pdCBvbiB0aGUgbnVtYmVyIGVwb2NocyB3ZSByZXF1aXJlIHRoZSBhdHRhY2tlciB0byBi ZSBwYXNzaXZlLCB0aHVzIHN0aWxsIGFsbG93aW5nIGZvciBhIGZvcm0gb2YgUENTLg0KDQo0KSBJ IGRvIG5vdCBoYXZlIGEgc29saWQgcHJvcG9zYWwgZm9yIHRoaXMuIE9uZSBwb3NzaWJpbGl0eSBj b3VsZCBpbmRlZWQgYmUgdGhhdCBpZiBhIHNpZ25hdHVyZSBrZXkgYWxyZWFkeSBleGlzdHMgaW4g dGhlIHRyZWUgd2UgYXNzdW1lIHRoYXQgQWxpY2UgaXMgYXR0ZW1wdGluZyBhIHJlc3luYyAoaS5l LiBpZiBBbGljZSBpcyBub3QgaW4gdGhlIHRyZWUgYXQgYWxsIHRoZW4gc2hlIGlzIGEgbmV3IG1l bWJlciBvciBlbHNlIHNob3VsZCBwcm92ZSBrbm93bGVkZ2Ugb2YgYSBwYXN0IHN0YXRlKS4gQW5v dGhlciBjb3VsZCBiZSBhIGxpc3Qgb2YgY3VycmVudCBncm91cCBtZW1iZXJzL2lkZW50aXR5IGtl eXMuDQoNCg0KQnJpdHRhDQoNCg0KRnJvbTogUmFwaGFlbCBSb2JlcnQgPHJhcGhhZWxAd2lyZS5j b20+DQpEYXRlOiBNb25kYXksIE5vdmVtYmVyIDIzLCAyMDIwIGF0IDU6NTkgQU0NClRvOiAiSGFs ZSwgQnJpdHRhIChDSVYpIiA8YnJpdHRhLmhhbGVAbnBzLmVkdT4NCkNjOiAibWxzQGlldGYub3Jn IiA8bWxzQGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtNTFNdIEV4dGVybmFsIENvbW1pdHMgLSBS ZXN5bmMNCg0KSGkgQnJpdHRhLA0KDQpUaGF04oCZcyBkZWZpbml0ZWx5IGFuIGludGVyZXN0aW5n IHF1ZXN0aW9uLiBUaGUgd2F5IHRoZSBzcGVjIGlzIHdyaXR0ZW4gcmlnaHQgbm93LCBBbGljZSBj b3VsZCBqdXN0IHJlLXN5bmMgbGlrZSB5b3UgZGVzY3JpYmVkIGFuZCB0aGF0IHJhaXNlcyBhIGZl dyBxdWVzdGlvbnMgKGluIG5vIHBhcnRpY3VsYXIgb3JkZXIpOg0KDQogLSBUaGUgc3RhdHVzIHF1 byB3aXRoIG1lc3NhZ2luZyBhcHBzIGlzIHRoYXQgeW91IGNhbiB0eXBpY2FsbHkgam9pbiBhIHNl c3Npb24gYnkgb25seSBjb250cm9sbGluZyB0aGUgaWRlbnRpdHkga2V5LiBUaGlzIGlzIHRoZSBj YXNlIGZvciBtZXNzZW5nZXJzIGJhc2VkIG9uIHRoZSBTaWduYWwgcHJvdG9jb2wuICBXaGlsZSBh IHNlc3Npb24gZ2l2ZXMgeW91IGNlcnRhaW4gd2VsbC11bmRlcnN0b29kIGd1YXJhbnRlZXMsIGl0 4oCZcyB1cCB0byB0aGUgYXBwcyB0byBkZWZpbmUgaG93IHNlYW1sZXNzbHkgeW91IGNhbiBpbml0 aWF0ZSBhIG5ldyBzZXNzaW9uIChodHRwczovL2dpdGh1Yi5jb20vc2lnbmFsYXBwL1NpZ25hbC1p T1MvaXNzdWVzLzQxMzgpLiBXaGlsZSB0aGF04oCZcyB0aGUgc3RhdHVzIHF1bywgaXQgZG9lc27i gJl0IG1lYW4gd2Ugc2hvdWxkbuKAmXQgYWltIGhpZ2hlciB3aXRoIE1MUy4NCg0KIC0gWW91IG1l bnRpb24gdGhlIHByb29mIG9mIHBhc3QgcGFydGljaXBhdGlvbiBhbmQgSSB0aGluayB0aGUgcmVz dW1wdGlvbiBzZWNyZXRzIHdlIGFscmVhZHkgaGF2ZSBjb3VsZCBiZSB1c2VkIGZvciB0aGF0ICho dHRwczovL21lc3NhZ2luZ2xheWVyc2VjdXJpdHkucm9ja3MvbWxzLXByb3RvY29sL2RyYWZ0LWll dGYtbWxzLXByb3RvY29sLmh0bWwjbmFtZS1yZXN1bXB0aW9uLXNlY3JldCkuIFByb3ZpZGVkIG90 aGVyIG1lbWJlcnMga2VlcCB0aGVtIGFyb3VuZCBmb3IgbG9uZyBlbm91Z2gsIEFsaWNlIGNvdWxk IHByb3ZlIHRoYXQgd2FzIGluZGVlZCBhIG1lbWJlciBpbiB0aGUgcGFzdC4NCg0KIC0gV2hhdCBp cyB0aGUgZXhhY3QgdGhyZWF0IG1vZGVsPyBBbiBhdHRhY2tlciB0aGF0IGNvbXByb21pc2VzIGEg ZGV2aWNlIHdpbGwgbm90IG9ubHkgZ2V0IHRoZSBzaWduYXR1cmUga2V5LCBidXQgbW9zdCBsaWtl bHkgYWxzbyB0aGUgcmVzdW1wdGlvbiBzZWNyZXRzLiBUaGUgaW50dWl0aW9uIGhlcmUgaXMgdGhh dCBpdCBpcyB1bmxpa2VseSB0aGF0IHRoZSByZXN1bXB0aW9uIHNlY3JldHMgYXJlIGJldHRlciBw cm90ZWN0ZWQgb24gdGhlIGRldmljZSB0aGFuIHRoZSBzaWduYXR1cmUga2V5IGl0c2VsZiAoYnV0 IEkgbWlnaHQgYmUgd3JvbmcpLiBXZSBhbHNvIHJlY29tbWVuZCB0aGF0IHNpZ25hdHVyZSBrZXlz IHNob3VsZCBub3QgYmUgcmUtdXNlZCBiZXR3ZWVuIGRldmljZXMsIHdoaWNoIGxvd2VycyB0aGUg Y2hhbmNlIHRoYXQgdGhleSBsZWFrIHdoZW4gdGhleSBhcmUgY29waWVkICh0aGV5IHByb2JhYmx5 IGRvbuKAmXQgaGF2ZSB0byBiZSBjb3BpZWQgZXZlciBpZiB0aGV5IGFyZSBub3QgcmUtdXNlZCku IEdpdmVuIHRoZSBhYm92ZSwgSeKAmW0gd29uZGVyaW5nIGlmIHlvdSBoYWQgYSBwYXJ0aWN1bGFy IHNjZW5hcmlvIGluIG1pbmQ/DQoNCiAtICBMZXTigJlzIHNheSB3ZSB3YW50ZWQgdG8gYWRkcmVz cyB0aGlzLiBUaGUgcHJhY3RpY2FsIHByb2JsZW0gSSBzZWUgaXMgdGhhdCBpdCBtaWdodCBiZSBp bXBvc3NpYmxlIGZvciBvdGhlciBtZW1iZXJzIHRvIGRldGVybWluZSBpZiBBbGljZSBpcyB0cnlp bmcgdG8gcmUtc3luYy4gVGhlcmUgd2FzIHNvbWUgZGlzY3Vzc2lvbiBvbiB0aGlzIG5vdyBjbG9z ZWQgUFI6IGh0dHBzOi8vZ2l0aHViLmNvbS9tbHN3Zy9tbHMtcHJvdG9jb2wvcHVsbC80MzkuIElm IHdlIGRvbuKAmXQgaGF2ZSBhIHdheSB0byB1bmlxdWVseSBkaXN0aW5ndWlzaCBiZXR3ZWVuIG1l bWJlcnMgKG90aGVyIHRoYW4gYnkgdGhlaXIgcG9zaXRpb24gaW4gdGhlIHRyZWUpLCBob3cgY2Fu IHdlIGRldGVjdCB0aGF0IHRoZXkgYXJlIHRyeWluZyB0byByZS1zeW5jPw0KDQpJ4oCZbSBhbGwg Zm9yIGNvbnRpbnVpbmcgdGhlIGRpc2N1c3Npb24gdGhvdWdoISBNYXliZSB3ZSB3b27igJl0IGZp bmQgYSBzYXRpc2Z5aW5nIHNvbHV0aW9uLCBidXQgd2Ugc2hvdWxkIHRyeSBhdCBsZWFzdC4NCg0K VGhhbmtzDQoNClJhcGhhZWwNCg0KDQpPbiAyMS4gTm92IDIwMjAsIGF0IDAwOjE3LCBIYWxlLCBC cml0dGEgKENJVikgPGJyaXR0YS5oYWxlQG5wcy5lZHU8bWFpbHRvOmJyaXR0YS5oYWxlQG5wcy5l ZHU+PiB3cm90ZToNCg0KSGkgYWxsLA0KDQpBIGdvb2QgcG9pbnQgd2FzIHJhaXNlZCBieSBKb25h dGhvbiBIb3lsYW5kIGR1cmluZyB0aGUgTUxTIElFVEYgMTA5IG1lZXRpbmcgcmVnYXJkaW5nIHBv c3NpYmxlIGNvbmNlcm5zIGluIHVzaW5nIGV4dGVybmFsIGNvbW1pdHMgZm9yIHJlc3luYywgcGFy dGljdWxhcmx5IGluIHRoZSBjYXNlIG9mIEFsaWNlIGFkZGluZy9yZW1vdmluZyBoZXJzZWxmLiBS aWNoYXJkIG5vdGVkIHRoYXQgdGhpcyBpcyBhIGZlYXR1cmUgaW4gdGhlIGNhc2UgdGhhdCBBbGlj ZSBpcyBubyBsb25nZXIgc3luY2hyb25pemVkIHdpdGggdGhlIGdyb3VwIGFuZCB0aGVyZWZvcmUg Y2FuIHVzZSBhbiBleHRlcm5hbCBjb21taXQgdG8gYWRkIGhlcnNlbGYgYmFjayBpbiwgcmVtb3Zp bmcgdGhlIHByZXZpb3VzIHZlcnNpb24uDQoNCkFzIG9wcG9zZWQgdG8gYW55IG5ld2NvbWVyIGpv aW5pbmcgd2l0aCBhbiBleHRlcm5hbCBjb21taXQsIHRoZSBjYXNlIG9mIEFsaWNlIHJlLWpvaW5p bmcgcHJlc2VudHMgYSBwb3RlbnRpYWwgc2VjdXJpdHkgaXNzdWUuIE5hbWVseSwgYXMgY3VycmVu dGx5IHNwZWNpZmllZCAoaW4gbXkgcmVhZGluZyBvZiB0aGUgZHJhZnQpLCBhbiBleGlzdGluZyBn cm91cCBtZW1iZXIsIEJvYiwgaGFzIG5vIG1lYW5zIHRvIGRpc3Rpbmd1aXNoIGJldHdlZW4gdGhl IGZvbGxvd2luZyBjYXNlczoNCg0KICAxLiAgQWxpY2UgbmVlZHMgdG8gcmVzeW5jIGFuZCB0aGVy ZWZvcmUgcGVyZm9ybXMgYW4gZXh0ZXJuYWwgY29tbWl0IGFuZCByZW1vdmVzIGhlciBwcmlvciB2 ZXJzaW9uLg0KICAyLiAgQWxpY2XigJlzIHNpZ25hdHVyZSBrZXlzIGFyZSBjb21wcm9taXNlZCAo aXQgaXMgbm90IG5lY2Vzc2FyeSBmb3IgdGhlIGFkdmVyc2FyeSB0byBjb21wcm9taXNlIGFueSBn cm91cCBzdGF0ZSkuIFRoZSBhZHZlcnNhcnkgcGVyZm9ybXMgYW4gZXh0ZXJuYWwgY29tbWl0IGlu IEFsaWNl4oCZcyBuYW1lLCBhbmQgdGhlbiByZW1vdmVzIGhlciBwcmlvciB2ZXJzaW9uIGFuZCBp bXBlcnNvbmF0ZXMgaGVyIHRvIHRoZSBncm91cC4NCg0KT25lIG1pZ2h0IGhvcGUgdGhhdCBBbGlj ZSBub3RpY2VzIHRoYXQgc2hlIGlzIHJlbW92ZWQgYW5kIGNvbW11bmljYXRlcyB0aGlzIHRvIHRo ZSBncm91cCBtZW1iZXJzIE9PQiwgYnV0IGl0IGlzIGFsc28gcG9zc2libGUgdGhhdCB0aGF0IHNo ZSBhc3N1bWVzIHNvbWUgb3RoZXIgcmVhc29uIGZvciB0aGUgcmVtb3ZhbCwgaXMgb2ZmbGluZSwg b3Igc2ltcGx5IGlzIG5vdCBhY3RpdmUgZW5vdWdoIHRvIHRha2UgYWN0aW9uIGZvciBhIGZhaXJs eSBsb25nIGNvbXByb21pc2Ugd2luZG93LiBFdmVuIGlmIHNoZSB0cmllcyB0byB1c2UgYW4gZXh0 ZXJuYWwgY29tbWl0IHRvIGdldCBiYWNrIGludG8gdGhlIGdyb3VwIGFuZCB0aGVuIHJlbW92ZXMg dGhlIGFkdmVyc2FyeS1hcy1BbGljZSwgdGhlcmUgaXMgbm8gbWVhbnMgZm9yIG90aGVyIGdyb3Vw IG1lbWJlcnMgZGlzdGluZ3Vpc2ggdGhlIHJlYWwgQWxpY2UgZnJvbSB0aGUgYWR2ZXJzYXJ5LWFz LUFsaWNlIGFuZCB0aGUgcHJvY2VzcyBjb3VsZCBiZSBjaXJjdWxhciAodW50aWwgbmV3IHZhbGlk IGlkZW50aXR5IGtleXMgYXJlIGlzc3VlZCkuDQoNCldoaWxlIGEgbmV3Y29tZXIgaXMgYSBmcmVz aCBzb3VyY2UgdG8gYmUgdHJ1c3RlZCBvciBub3QsIEFsaWNlIGhhcyBiZWVuIOKAnGhlYWxpbmfi gJ0gYWxvbmcgd2l0aCB0aGUgZ3JvdXAgYW5kIHRoZSBhYm92ZSBvcHRpb24gKDIpIGFsbG93cyB0 aGUgYWR2ZXJzYXJ5IHRvIGJ5cGFzcyBhbGwgb2YgdGhhdC4NCg0KVGhlIHNvdXJjZSBvZiB0aGUg cHJvYmxlbSBpcyB0aGF0IHdoZW4gQWxpY2UgcmUtc3luY3MsIHNoZSBpcyBub3QgcHJvdmlkaW5n IGFueSB2YWxpZGF0aW9uIG9mIGJlaW5nIHRoZSBzYW1lL3ByZXZpb3VzIGlkZW50aXR5LCBzbyBp dCBpcyBlYXN5IGZvciBvdGhlciBncm91cCBtZW1iZXJzIHRvIGFjY2VwdCB0aGF0IG5vdGhpbmcg bW9yZSB0aGFuIGEgcmVzeW5jIGhhcyB0YWtlbiBwbGFjZS4gVGh1cywgYSBmYWlybHkgc3RyYWln aHRmb3J3YXJkIHNvbHV0aW9uIGlzIHRvIHJlcXVpcmUgUFNLIHVzZSBpbiBjYXNlcyB3aGVyZSBh biBleHRlcm5hbCBjb21taXQgaXMgdXNlZCBmb3IgcmVzeW5jLiBCeSBlbmFibGluZyBhIFBTSyBk ZXJpdmVkIGZyb20gYSBwcmV2aW91cyBlcG9jaCBkdXJpbmcgd2hpY2ggQWxpY2Ugd2FzIHBhcnQg b2YgdGhlIGdyb3VwIHRvIGJlIGluamVjdGVkIHdpdGggdGhlIGV4dGVybmFsIGNvbW1pdCwgQWxp Y2UgcHJvdmlkZXMgc29tZSBwcm9vZiBvZiBwcmlvciBncm91cCBtZW1iZXJzaGlwIGFuZCB3ZSBh dm9pZCB0aGUgdG90YWwgcmVzZXQuDQoNCldoYXQgZG9lcyBldmVyeW9uZSB0aGluayBhYm91dCB0 aGlzPyBJcyBpdCBhIHByb2JsZW0gdGhhdCB3ZSB3YW50IHRvIGFkZHJlc3MsIG9yIGxldCBpdCBm YWxsIG91dC1vZi1zY29wZT8NCihBbHNvLCBpZiBJIG1pc3NlZCBzb21ldGhpbmcgaW4gdGhlIGRy YWZ0IHRoYXQgYWxyZWFkeSBmaXhlcyB0aGlzLCBwbGVhc2UgcG9pbnQgaXQgb3V0LikNCg0KLSBC cml0dGENCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N Ck1MUyBtYWlsaW5nIGxpc3QNCk1MU0BpZXRmLm9yZzxtYWlsdG86TUxTQGlldGYub3JnPg0KaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9tbHMNCg0K --_000_A2D566A202E34CC6853473257F03948Cnpsedu_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 SGVsdmV0aWNhOw0KCXBhbm9zZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K CXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMg MiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1 IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWws IGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0 b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZp c2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5 Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAuTXNvTGlz dFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7 bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdp bi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6 MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2Vy aWY7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28t c3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2lu LXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDow aW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsN Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30N Ci5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6 ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1h cmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6 V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1s aXN0LWlkOjExNjgyNDc0MDY7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xMDQ3NjAzNjAwO30N CkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28tbGV2ZWwt bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxl dmVsMg0KCXttc28tbGV2ZWwtdGFiLXN0b3A6MS4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3Np dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNv LWxldmVsLXRhYi1zdG9wOjEuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN Cgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC10YWIt c3RvcDoyLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6Mi41aW47 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9 DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLXRhYi1zdG9wOjMuMGluOw0KCW1zby1sZXZl bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6 bGV2ZWw3DQoJe21zby1sZXZlbC10YWItc3RvcDozLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsOA0KCXtt c28tbGV2ZWwtdGFiLXN0b3A6NC4waW47DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLXRh Yi1zdG9wOjQuNWluOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotLjI1aW47fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowaW47fQ0KdWwNCgl7bWFyZ2luLWJv dHRvbTowaW47fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBl ZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0t LT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4N CjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1s PjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZs aW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPllvdSByYWlzZSBnb29kIHBvaW50cy4gSSB3aWxsIHRocm93IGluIHNvbWUgdGhvdWdo dHMgb24gYSBmZXcgb2YgdGhlc2U6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjEpIFRoaXMgaGFz IGRlZmluaXRlbHkgYmVlbiB0aGUgY2FzZSBmb3IgcGFpci13aXNlIGNvbm5lY3Rpb25zIOKAkyBp ZiBBbGljZSBkZXN5bmNzIHN1Y2ggdGhhdCBoZXIgY29udmVyc2F0aW9uIHdpdGggQm9iIGlzIHVu cmVjb3ZlcmFibGUsIHRoZXkganVzdCBzdGFydCBhbiBlbnRpcmVseSBuZXcgc2Vzc2lvbiB3aGVy ZWluIHRydXN0IGlzIGJhc2VkIG9ubHkgb24gaWRlbnRpdHkga2V5cy4gVGhhdCB0aGVuIHJlbGll cw0KIG9uIE9PQiBhdXRoZW50aWNhdGlvbiBvZiB0aG9zZSBrZXlzIC8gdHJ1c3Qtb24tZmlyc3Qt dXNlL2V0Yy4gVGhlIGdyb3VwIGNvbnRleHQgaXMgYSBsaXR0bGUgZGlmZmVyZW50IGR1ZSBBKSB0 aGUgZW50aXJlIGdyb3VwIGRvZXMgbm90IHRlYXItZG93biB3aGVuIEFsaWNlIGRlc3luY3MgdG8g cmVidWlsZCBhIG5ldyBzZXNzaW9uIGFuZCBCKSBpdCBpcyBtdWNoIGVhc2llciB0byBiZSBhIHBh c3NpdmUgb2JzZXJ2ZXIgc3VjaCB0aGF0IGl0IGlzIGhhcmRlcg0KIHRvIG5vdGljZSBpZiBhdHRh Y2tlci1hcy1BbGljZSBpcyBub3QgYmVoYXZpbmcgYXMgQWxpY2UuIDxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5Tb21lIG9mIHRoZXNlIGlycmVndWxhcml0aWVzIGluIGdyb3VwIG1lc3NhZ2luZyBs aW5rIHRvIHRoZSByZWFzb24gdGhhdCB0aGUgd29ya2luZyBncm91cCBzbyBvZnRlbiByZXF1aXJl cyBrbm93bGVkZ2Ugb2YgdGhlIGN1cnJlbnQgZ3JvdXAgc3RhdGUgZm9yIEFsaWNlIHRvIG1ha2Ug dXNlIG9mIGtleXMvc2VuZCB1cGRhdGVzL2V0Yy4gdnMuIGp1c3Qga25vd2xlZGdlIG9mIGhlciBz aWduYXR1cmUga2V5LiBCeQ0KIHJlcXVpcmluZyBrbm93bGVkZ2Ugb2YgdGhlIGdyb3VwIHN0YXRl LCB3ZSBnZXQgY29udGludWl0eSBmb3IgdGhlIGVudGl0aWVzIGludm9sdmVkIGZyb20gdGhlIHBv aW50IG9mIHRydXN0LW9uLWZpcnN0LXVzZSBvZiB0aGUgc2lnbmF0dXJlIGtleXMuIEhvd2V2ZXIs IGlmIHdlIGFsbG93IEFsaWNlIHRvIGVudGVyL3Jlc2V0IGF0IGFueSB0aW1lIHdpdGhvdXQgdGhh dCBjb250aW51aXR5IGluIHByb3Zpbmcga25vd2xlZGdlIG9mIHRoZSBncm91cA0KIHN0YXRlLCB0 aGVuIHdlIGFjdHVhbGx5IGFsbG93IHN1YnZlcnNpb24gYWdhaW5zdCBtYW55IG9mIHRoZSBtZWNo YW5pc21zIHRoYXQgd2UgaGF2ZSBwdXQgaW4gcGxhY2UgZWxzZXdoZXJlIGluIHRoZSBwcm90b2Nv bC4NCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZGlzdGluY3Rpb24gaGVyZSBpcyBiZXR3 ZWVuIGpvaW5pbmcgYSBzZXNzaW9uIGFzIGEgbmV3IG1lbWJlciAod2hlcmUgdGhlIGFwcCBkZWNp ZGVzIGhvdyBlbnRpdHkgYXV0aGVudGljYXRpb24gaXMgaGFuZGxlZCBhbmQgdXNlcnMgZGVjaWRl IHdobyBnZXRzIHRvIGpvaW4pIGFuZCByZS1qb2luaW5nIGEgc2Vzc2lvbiBhcyBhbiBhbHJlYWR5 IHRydXN0ZWQgbWVtYmVyIHdpdGggYWxsIHRoZSBpbi1hcHAgcHJpdmlsZWdlcw0KIHRoYXQgd2Vy ZSBoZWxkIGJ5IHRoZSByZWFsIEFsaWNlLiA8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+MikgSSBh Z3JlZSB0aGF0IHRoZSByZXN1bXB0aW9uIHNlY3JldHMgaW5mcmFzdHJ1Y3R1cmUgdGhhdCB3ZSBo YXZlIGFscmVhZHkgY291bGQgd29yayB2ZXJ5IHdlbGwgaGVyZS48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+MykgVGhlIHRocmVhdCBtb2RlbCBpcyBhY3R1YWxseSBhIHJhdGhlciBjcml0aWNhbCBh c3BlY3Qgb2YgdGhpcywgYXMgdGhlcmUgaXMgYSBzdWJ0bGUgZW50YW5nbGVtZW50IHdpdGggdGhl IFBDUyBjbGFpbXMuIFRyYWRpdGlvbmFsIFBDUyBzdGF0ZXMgdGhhdCBhZnRlciBhbiBlcG9jaCB3 aGVyZWluIHRoZSBhdHRhY2tlciBpcyBwYXNzaXZlLCB0aGUgc2VjdXJpdHkgaXMg4oCcaGVhbGVk 4oCdIHdpdGggdGhlIGF0dGFja2VyDQogbG9ja2VkIG91dCDigJMgZXZlbiBpZiB0aGUgYXR0YWNr ZXIgYmVjb21lcyBhY3RpdmUgbGF0ZXIuIE5vdyB0aGF0IGlzIG5vIGxvbmdlciB0aGUgY2FzZSBh bmQgd2UgbXVzdCBhc3N1bWUgdGhhdCB0aGUgYXR0YWNrZXIgY29udGludWVzIHRvIGJlIHBhc3Np dmUgaW5kZWZpbml0ZWx5IChvciB1bnRpbCBzaWduYXR1cmUga2V5cyBhcmUgcm90YXRlZCkgZm9y IFBDUyB0byBob2xkLiBGb3IgZXhhbXBsZSwgc3VwcG9zZSB0aGF0IEFsaWNl4oCZcyBmdWxsIHN0 YXRlDQogaXMgY29tcHJvbWlzZWQuIE9uZSBlcG9jaCBsYXRlciB0aGUgZ3JvdXAgc3RhdGUgaXMg bm8gbG9uZ2VyIG9mIHVzZSB0byB0aGUgYXR0YWNrZXIuIEhvd2V2ZXIsIHRoZSBhdHRhY2tlciBz dGlsbCBoYXMgdGhlIHNpZ25hdHVyZSBrZXlzIGFuZCBjYW4gcGVyZm9ybSB0aGUgZXh0ZXJuYWwg Y29tbWl0IOKAkyByZW1vdmUgQWxpY2Ug4oCTIGltcGVyc29uYXRlIEFsaWNlIHNlcXVlbmNlLiBU aGVyZSBhcmUgY2FzZXMgd2hlcmUgc2lnbmF0dXJlIGtleXMgbWF5DQogYmUgY29tcHJvbWlzZWQg d2l0aG91dCB0aGUgcmVzdCBvZiB0aGUgc3RhdGUsIGJ1dCBJIHdpbGwgZm9jdXMgb24gdGhlIGFi b3ZlIGV4YW1wbGUgZm9yIG5vdy4NCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Ob3RlIHRoYXQg ZXZlbiB0aGUg4oCcc29sdXRpb27igJ0gSSBwcm9wb3NlZCBiZWZvcmUgZG9lcyBub3QgcHJldmVu dCB0aGlzIGJyZWFrIGluIFBDUyBhc3N1bXB0aW9ucy9ndWFyYW50ZWVzLiBJdCB3b3VsZCwgaG93 ZXZlciwgaW1wbHkgYW4gaS1lcG9jaCBQQ1MgdmFyaWFudC4gRm9yIGV4YW1wbGUsIHRoZSBhdHRh Y2tlciBnZXRzIHRoZSBzaWduYXR1cmUgYW5kIHJlc3VtcHRpb24gc2VjcmV0cyBhbmQgaXMgcGFz c2l2ZQ0KIGZvciBpPTIgZXBvY2hzLCBhbmQgd2Ugb25seSBhbGxvdyByZS1zeW5jcyB3aXRoaW4g dGhvc2UgaT0yIGVwb2NocyBiZWZvcmUgY29uc2lkZXJpbmcgQWxpY2UgdG8gYmUgYW4gZW50aXJl bHkgbmV3IHplcm8tdHJ1c3QgbWVtYmVyLiBBbGljZSBjYW4gcmVzeW5jIHdpdGhpbiBpPTIgZXBv Y2hzIHdoaWxlIHByb3ZpZGluZyBncm91cCBtZW1iZXJzIHNvbWUgYXNzdXJhbmNlIHRoYXQgc2hl IGlzIHN0aWxsIHRoZSBzYW1lIGVudGl0eSwgYW5kIHRoZXJlDQogaXMgYW4gaS1saW1pdCBvbiB0 aGUgbnVtYmVyIGVwb2NocyB3ZSByZXF1aXJlIHRoZSBhdHRhY2tlciB0byBiZSBwYXNzaXZlLCB0 aHVzIHN0aWxsIGFsbG93aW5nIGZvciBhIGZvcm0gb2YgUENTLjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj40KSBJIGRvIG5vdCBoYXZlIGEgc29saWQgcHJvcG9zYWwgZm9yIHRoaXMuIE9uZSBwb3Nz aWJpbGl0eSBjb3VsZCBpbmRlZWQgYmUgdGhhdCBpZiBhIHNpZ25hdHVyZSBrZXkgYWxyZWFkeSBl eGlzdHMgaW4gdGhlIHRyZWUgd2UgYXNzdW1lIHRoYXQgQWxpY2UgaXMgYXR0ZW1wdGluZyBhIHJl c3luYyAoaS5lLiBpZiBBbGljZSBpcyBub3QgaW4gdGhlIHRyZWUgYXQgYWxsIHRoZW4gc2hlIGlz IGEgbmV3IG1lbWJlcg0KIG9yIGVsc2Ugc2hvdWxkIHByb3ZlIGtub3dsZWRnZSBvZiBhIHBhc3Qg c3RhdGUpLiBBbm90aGVyIGNvdWxkIGJlIGEgbGlzdCBvZiBjdXJyZW50IGdyb3VwIG1lbWJlcnMv aWRlbnRpdHkga2V5cy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Ccml0dGE8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9w OnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFj ayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpi bGFjayI+UmFwaGFlbCBSb2JlcnQgJmx0O3JhcGhhZWxAd2lyZS5jb20mZ3Q7PGJyPg0KPGI+RGF0 ZTogPC9iPk1vbmRheSwgTm92ZW1iZXIgMjMsIDIwMjAgYXQgNTo1OSBBTTxicj4NCjxiPlRvOiA8 L2I+JnF1b3Q7SGFsZSwgQnJpdHRhIChDSVYpJnF1b3Q7ICZsdDticml0dGEuaGFsZUBucHMuZWR1 Jmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7bWxzQGlldGYub3JnJnF1b3Q7ICZsdDttbHNAaWV0 Zi5vcmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBbTUxTXSBFeHRlcm5hbCBDb21taXRz IC0gUmVzeW5jPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5I aSBCcml0dGEsIDxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ VGhhdOKAmXMgZGVmaW5pdGVseSBhbiBpbnRlcmVzdGluZyBxdWVzdGlvbi4gVGhlIHdheSB0aGUg c3BlYyBpcyB3cml0dGVuIHJpZ2h0IG5vdywgQWxpY2UgY291bGQganVzdCByZS1zeW5jIGxpa2Ug eW91IGRlc2NyaWJlZCBhbmQgdGhhdCByYWlzZXMgYSBmZXcgcXVlc3Rpb25zIChpbiBubyBwYXJ0 aWN1bGFyIG9yZGVyKTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+Jm5ic3A7LSBUaGUgc3RhdHVzIHF1byB3aXRoIG1lc3NhZ2luZyBhcHBzIGlz IHRoYXQgeW91IGNhbiB0eXBpY2FsbHkgam9pbiBhIHNlc3Npb24gYnkgb25seSBjb250cm9sbGlu ZyB0aGUgaWRlbnRpdHkga2V5LiBUaGlzIGlzIHRoZSBjYXNlIGZvciBtZXNzZW5nZXJzIGJhc2Vk IG9uIHRoZSBTaWduYWwgcHJvdG9jb2wuJm5ic3A7Jm5ic3A7V2hpbGUgYSBzZXNzaW9uIGdpdmVz IHlvdSBjZXJ0YWluIHdlbGwtdW5kZXJzdG9vZCBndWFyYW50ZWVzLA0KIGl04oCZcyB1cCB0byB0 aGUgYXBwcyB0byBkZWZpbmUgaG93IHNlYW1sZXNzbHkgeW91IGNhbiBpbml0aWF0ZSBhIG5ldyBz ZXNzaW9uICg8YSBocmVmPSJodHRwczovL2dpdGh1Yi5jb20vc2lnbmFsYXBwL1NpZ25hbC1pT1Mv aXNzdWVzLzQxMzgiPmh0dHBzOi8vZ2l0aHViLmNvbS9zaWduYWxhcHAvU2lnbmFsLWlPUy9pc3N1 ZXMvNDEzODwvYT4pLiBXaGlsZSB0aGF04oCZcyB0aGUgc3RhdHVzIHF1bywgaXQgZG9lc27igJl0 IG1lYW4gd2Ugc2hvdWxkbuKAmXQgYWltDQogaGlnaGVyIHdpdGggTUxTLjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDstIFlvdSBtZW50 aW9uIHRoZSBwcm9vZiBvZiBwYXN0IHBhcnRpY2lwYXRpb24gYW5kIEkgdGhpbmsgdGhlIHJlc3Vt cHRpb24gc2VjcmV0cyB3ZSBhbHJlYWR5IGhhdmUgY291bGQgYmUgdXNlZCBmb3IgdGhhdCAoPGEg aHJlZj0iaHR0cHM6Ly9tZXNzYWdpbmdsYXllcnNlY3VyaXR5LnJvY2tzL21scy1wcm90b2NvbC9k cmFmdC1pZXRmLW1scy1wcm90b2NvbC5odG1sI25hbWUtcmVzdW1wdGlvbi1zZWNyZXQiPmh0dHBz Oi8vbWVzc2FnaW5nbGF5ZXJzZWN1cml0eS5yb2Nrcy9tbHMtcHJvdG9jb2wvZHJhZnQtaWV0Zi1t bHMtcHJvdG9jb2wuaHRtbCNuYW1lLXJlc3VtcHRpb24tc2VjcmV0PC9hPikuDQogUHJvdmlkZWQg b3RoZXIgbWVtYmVycyBrZWVwIHRoZW0gYXJvdW5kIGZvciBsb25nIGVub3VnaCwgQWxpY2UgY291 bGQgcHJvdmUgdGhhdCB3YXMgaW5kZWVkIGEgbWVtYmVyIGluIHRoZSBwYXN0LjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDstIFdoYXQg aXMgdGhlIGV4YWN0IHRocmVhdCBtb2RlbD8gQW4gYXR0YWNrZXIgdGhhdCBjb21wcm9taXNlcyBh IGRldmljZSB3aWxsIG5vdCBvbmx5IGdldCB0aGUgc2lnbmF0dXJlIGtleSwgYnV0IG1vc3QgbGlr ZWx5IGFsc28gdGhlIHJlc3VtcHRpb24gc2VjcmV0cy4gVGhlIGludHVpdGlvbiBoZXJlIGlzIHRo YXQgaXQgaXMgdW5saWtlbHkgdGhhdCB0aGUgcmVzdW1wdGlvbiBzZWNyZXRzIGFyZSBiZXR0ZXIN CiBwcm90ZWN0ZWQgb24gdGhlIGRldmljZSB0aGFuIHRoZSBzaWduYXR1cmUga2V5IGl0c2VsZiAo YnV0IEkgbWlnaHQgYmUgd3JvbmcpLiBXZSBhbHNvIHJlY29tbWVuZCB0aGF0IHNpZ25hdHVyZSBr ZXlzIHNob3VsZCBub3QgYmUgcmUtdXNlZCBiZXR3ZWVuIGRldmljZXMsIHdoaWNoIGxvd2VycyB0 aGUgY2hhbmNlIHRoYXQgdGhleSBsZWFrIHdoZW4gdGhleSBhcmUgY29waWVkICh0aGV5IHByb2Jh Ymx5IGRvbuKAmXQgaGF2ZSB0byBiZSBjb3BpZWQgZXZlcg0KIGlmIHRoZXkgYXJlIG5vdCByZS11 c2VkKS4gR2l2ZW4gdGhlIGFib3ZlLCBJ4oCZbSB3b25kZXJpbmcgaWYgeW91IGhhZCBhIHBhcnRp Y3VsYXIgc2NlbmFyaW8gaW4gbWluZD88bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7LSAmbmJzcDtMZXTigJlzIHNheSB3ZSB3YW50ZWQg dG8gYWRkcmVzcyB0aGlzLiBUaGUgcHJhY3RpY2FsIHByb2JsZW0gSSBzZWUgaXMgdGhhdCBpdCBt aWdodCBiZSBpbXBvc3NpYmxlIGZvciBvdGhlciBtZW1iZXJzIHRvIGRldGVybWluZSBpZiBBbGlj ZSBpcyB0cnlpbmcgdG8gcmUtc3luYy4gVGhlcmUgd2FzIHNvbWUgZGlzY3Vzc2lvbiBvbiB0aGlz IG5vdyBjbG9zZWQgUFI6Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL21sc3dnL21s cy1wcm90b2NvbC9wdWxsLzQzOSI+aHR0cHM6Ly9naXRodWIuY29tL21sc3dnL21scy1wcm90b2Nv bC9wdWxsLzQzOTwvYT4uDQogSWYgd2UgZG9u4oCZdCBoYXZlIGEgd2F5IHRvIHVuaXF1ZWx5IGRp c3Rpbmd1aXNoIGJldHdlZW4gbWVtYmVycyAob3RoZXIgdGhhbiBieSB0aGVpciBwb3NpdGlvbiBp biB0aGUgdHJlZSksIGhvdyBjYW4gd2UgZGV0ZWN0IHRoYXQgdGhleSBhcmUgdHJ5aW5nIHRvIHJl LXN5bmM/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPknigJltIGFsbCBmb3IgY29udGludWluZyB0aGUgZGlzY3Vzc2lvbiB0aG91Z2ghIE1heWJl IHdlIHdvbuKAmXQgZmluZCBhIHNhdGlzZnlpbmcgc29sdXRpb24sIGJ1dCB3ZSBzaG91bGQgdHJ5 IGF0IGxlYXN0LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5UaGFua3M8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+UmFwaGFlbCZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxicj4NCjxicj4NCjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5 bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+T24gMjEuIE5vdiAyMDIwLCBhdCAwMDoxNywgSGFsZSwgQnJpdHRhIChD SVYpICZsdDs8YSBocmVmPSJtYWlsdG86YnJpdHRhLmhhbGVAbnBzLmVkdSI+YnJpdHRhLmhhbGVA bnBzLmVkdTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SGkgYWxsLDxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJz cDs8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdCI+PG86cD48L286cD48L3NwYW4+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QSBnb29kIHBvaW50IHdhcyByYWlz ZWQgYnkgSm9uYXRob24gSG95bGFuZCBkdXJpbmcgdGhlIE1MUyBJRVRGIDEwOSBtZWV0aW5nIHJl Z2FyZGluZyBwb3NzaWJsZSBjb25jZXJucyBpbiB1c2luZyBleHRlcm5hbCBjb21taXRzIGZvciBy ZXN5bmMsIHBhcnRpY3VsYXJseSBpbiB0aGUgY2FzZSBvZiBBbGljZSBhZGRpbmcvcmVtb3Zpbmcg aGVyc2VsZi4gUmljaGFyZCBub3RlZCB0aGF0IHRoaXMgaXMgYSBmZWF0dXJlDQogaW4gdGhlIGNh c2UgdGhhdCBBbGljZSBpcyBubyBsb25nZXIgc3luY2hyb25pemVkIHdpdGggdGhlIGdyb3VwIGFu ZCB0aGVyZWZvcmUgY2FuIHVzZSBhbiBleHRlcm5hbCBjb21taXQgdG8gYWRkIGhlcnNlbGYgYmFj ayBpbiwgcmVtb3ZpbmcgdGhlIHByZXZpb3VzIHZlcnNpb24uPHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMi4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BcyBv cHBvc2VkIHRvIGFueSBuZXdjb21lciBqb2luaW5nIHdpdGggYW4gZXh0ZXJuYWwgY29tbWl0LCB0 aGUgY2FzZSBvZiBBbGljZSByZS1qb2luaW5nIHByZXNlbnRzIGEgcG90ZW50aWFsIHNlY3VyaXR5 IGlzc3VlLiBOYW1lbHksIGFzIGN1cnJlbnRseSBzcGVjaWZpZWQgKGluIG15IHJlYWRpbmcgb2Yg dGhlIGRyYWZ0KSwgYW4gZXhpc3RpbmcgZ3JvdXAgbWVtYmVyLCBCb2IsIGhhcyBubyBtZWFucyB0 byBkaXN0aW5ndWlzaA0KIGJldHdlZW4gdGhlIGZvbGxvd2luZyBjYXNlczo8c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEyLjBwdCI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8b2wgc3R5 bGU9Im1hcmdpbi10b3A6MGluIiBzdGFydD0iMSIgdHlwZT0iMSI+DQo8bGkgY2xhc3M9Ik1zb0xp c3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tdG9wOjBpbjttYXJnaW4tYm90dG9tOjBpbjttYXJn aW4tYm90dG9tOi4wMDAxcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPg0KQWxpY2UgbmVlZHMg dG8gcmVzeW5jIGFuZCB0aGVyZWZvcmUgcGVyZm9ybXMgYW4gZXh0ZXJuYWwgY29tbWl0IGFuZCBy ZW1vdmVzIGhlciBwcmlvciB2ZXJzaW9uLjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9 Im1hcmdpbi10b3A6MGluO21hcmdpbi1ib3R0b206MGluO21hcmdpbi1ib3R0b206LjAwMDFwdDtt c28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+DQpBbGljZeKAmXMgc2lnbmF0dXJlIGtleXMgYXJlIGNv bXByb21pc2VkIChpdCBpcyBub3QgbmVjZXNzYXJ5IGZvciB0aGUgYWR2ZXJzYXJ5IHRvIGNvbXBy b21pc2UgYW55IGdyb3VwIHN0YXRlKS4gVGhlIGFkdmVyc2FyeSBwZXJmb3JtcyBhbiBleHRlcm5h bCBjb21taXQgaW4gQWxpY2XigJlzIG5hbWUsIGFuZCB0aGVuIHJlbW92ZXMgaGVyIHByaW9yIHZl cnNpb24gYW5kIGltcGVyc29uYXRlcyBoZXIgdG8gdGhlIGdyb3VwLjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTIuMHB0Ij48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvb2w+DQo8ZGl2IHN0eWxlPSJt YXJnaW4tbGVmdDouNWluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxzcGFuIHN0eWxl PSJmb250LXNpemU6MTIuMHB0Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbmUgbWlnaHQgaG9wZSB0aGF0IEFsaWNlIG5vdGljZXMg dGhhdCBzaGUgaXMgcmVtb3ZlZCBhbmQgY29tbXVuaWNhdGVzIHRoaXMgdG8gdGhlIGdyb3VwIG1l bWJlcnMgT09CLCBidXQgaXQgaXMgYWxzbyBwb3NzaWJsZSB0aGF0IHRoYXQgc2hlIGFzc3VtZXMg c29tZSBvdGhlciByZWFzb24gZm9yIHRoZSByZW1vdmFsLCBpcyBvZmZsaW5lLCBvciBzaW1wbHkg aXMgbm90IGFjdGl2ZSBlbm91Z2ggdG8gdGFrZSBhY3Rpb24NCiBmb3IgYSBmYWlybHkgbG9uZyBj b21wcm9taXNlIHdpbmRvdy4gRXZlbiBpZiBzaGUgdHJpZXMgdG8gdXNlIGFuIGV4dGVybmFsIGNv bW1pdCB0byBnZXQgYmFjayBpbnRvIHRoZSBncm91cCBhbmQgdGhlbiByZW1vdmVzIHRoZSBhZHZl cnNhcnktYXMtQWxpY2UsIHRoZXJlIGlzIG5vIG1lYW5zIGZvciBvdGhlciBncm91cCBtZW1iZXJz IGRpc3Rpbmd1aXNoIHRoZSByZWFsIEFsaWNlIGZyb20gdGhlIGFkdmVyc2FyeS1hcy1BbGljZSBh bmQgdGhlIHByb2Nlc3MNCiBjb3VsZCBiZSBjaXJjdWxhciAodW50aWwgbmV3IHZhbGlkIGlkZW50 aXR5IGtleXMgYXJlIGlzc3VlZCkuPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZu YnNwOzxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5XaGlsZSBhIG5ld2NvbWVyIGlz IGEgZnJlc2ggc291cmNlIHRvIGJlIHRydXN0ZWQgb3Igbm90LCBBbGljZSBoYXMgYmVlbiDigJxo ZWFsaW5n4oCdIGFsb25nIHdpdGggdGhlIGdyb3VwIGFuZCB0aGUgYWJvdmUgb3B0aW9uICgyKSBh bGxvd3MgdGhlIGFkdmVyc2FyeSB0byBieXBhc3MgYWxsIG9mIHRoYXQuPHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMi4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij5UaGUgc291cmNlIG9mIHRoZSBwcm9ibGVtIGlzIHRoYXQgd2hlbiBBbGljZSByZS1zeW5jcywg c2hlIGlzIG5vdCBwcm92aWRpbmcgYW55IHZhbGlkYXRpb24gb2YgYmVpbmcgdGhlIHNhbWUvcHJl dmlvdXMgaWRlbnRpdHksIHNvIGl0IGlzIGVhc3kgZm9yIG90aGVyIGdyb3VwIG1lbWJlcnMgdG8g YWNjZXB0IHRoYXQgbm90aGluZyBtb3JlIHRoYW4gYSByZXN5bmMgaGFzIHRha2VuIHBsYWNlLiBU aHVzLCBhIGZhaXJseQ0KIHN0cmFpZ2h0Zm9yd2FyZCBzb2x1dGlvbiBpcyB0byByZXF1aXJlIFBT SyB1c2UgaW4gY2FzZXMgd2hlcmUgYW4gZXh0ZXJuYWwgY29tbWl0IGlzIHVzZWQgZm9yIHJlc3lu Yy4gQnkgZW5hYmxpbmcgYSBQU0sgZGVyaXZlZCBmcm9tIGEgcHJldmlvdXMgZXBvY2ggZHVyaW5n IHdoaWNoIEFsaWNlIHdhcyBwYXJ0IG9mIHRoZSBncm91cCB0byBiZSBpbmplY3RlZCB3aXRoIHRo ZSBleHRlcm5hbCBjb21taXQsIEFsaWNlIHByb3ZpZGVzIHNvbWUgcHJvb2YNCiBvZiBwcmlvciBn cm91cCBtZW1iZXJzaGlwIGFuZCB3ZSBhdm9pZCB0aGUgdG90YWwgcmVzZXQuPHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMi4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0 Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj5XaGF0IGRvZXMgZXZlcnlvbmUgdGhpbmsgYWJvdXQgdGhpcz8gSXMgaXQgYSBwcm9ibGVt IHRoYXQgd2Ugd2FudCB0byBhZGRyZXNzLCBvciBsZXQgaXQgZmFsbCBvdXQtb2Ytc2NvcGU/PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPihBbHNvLCBpZiBJIG1pc3NlZCBzb21ldGhp bmcgaW4gdGhlIGRyYWZ0IHRoYXQgYWxyZWFkeSBmaXhlcyB0aGlzLCBwbGVhc2UgcG9pbnQgaXQg b3V0Lik8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdCI+PG86cD48L286cD48L3NwYW4+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMi4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPi0gQnJpdHRhPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4w cHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6SGVsdmV0aWNhIj5fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NCk1MUyBtYWlsaW5nIGxpc3Q8YnI+DQo8L3Nw YW4+PGEgaHJlZj0ibWFpbHRvOk1MU0BpZXRmLm9yZyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5 LjBwdDtmb250LWZhbWlseTpIZWx2ZXRpY2E7Y29sb3I6Izk1NEY3MiI+TUxTQGlldGYub3JnPC9z cGFuPjwvYT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OkhlbHZldGlj YSI+PGJyPg0KPC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlz dGluZm8vbWxzIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OkhlbHZl dGljYTtjb2xvcjojOTU0RjcyIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZv L21sczwvc3Bhbj48L2E+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwv ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_A2D566A202E34CC6853473257F03948Cnpsedu_-- From nobody Mon Nov 23 13:26:41 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 379FD3A12A8 for ; Mon, 23 Nov 2020 13:26:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.199 X-Spam-Level: X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxilRhlFHlbo for ; Mon, 23 Nov 2020 13:26:38 -0800 (PST) Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80E0D3A120B for ; Mon, 23 Nov 2020 13:26:38 -0800 (PST) Received: by mail-qk1-x735.google.com with SMTP id z188so7064980qke.9 for ; Mon, 23 Nov 2020 13:26:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n84QaZprmcKB8OFsEIg9Es3woimKI+NMEgK71qBt5E8=; b=Q5NMhOFBt6TKfRcdS0VlMvI6DrRjGRjIDKv1XjlIybYs41vHVTjZTPd2OGvrkMdIHk K/FgldFaxyem/+ynQrklKWx6lyVKlXi8xl33hWMgtc8BGj4PsLz2DMjqvfbZtrv7KlhV 98EC8WIjzz0Fsw/FKI50Jt3rnPpvGbWTCdlic= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n84QaZprmcKB8OFsEIg9Es3woimKI+NMEgK71qBt5E8=; b=VYtf3mvl88WNRF7NrKWQiZ/8YTzrnA4OdfE4l+F8RZJo4g39tVYxpR0l5u0pOnTa3v nWfmJlSsp56d1//iw9OCUmpx/qBIbgcw1kdrGzPY/+c3606Dx3RHcQfOzUcfIVBs/oZI xBuW0+N1b4bL33MTCF1VID+2giiaieUNSML+oEcmpQW5W2fp2z21q9/6SU5jstewxY0b ul9axTv4v9UctIhrUuMPqRsvAgh28tQPPAUzvL3TfCk8cwG6Rh0noOBNEOWK04+DMjUB /71Fd9IHw3++ap/RelTrdMSNeHJ3F41hkWpnJeX2tTQPfETFG9x0sjskV056oZb6TtUY asNQ== X-Gm-Message-State: AOAM532hZWyfQP2LM9vvRXm7h0v6YJB5qRHB6oT4+7Tl4CNzGxy2+cpn wl/fw+SJKur4rLnYjwgG9Swfdfttsf14xeAPPYLR+8//8foMVMZS X-Google-Smtp-Source: ABdhPJxxMxgbPZ5nS5mzONLcVFodaZRC3ATpFq69Q3gBhLcxdsLSo1Gph16WfK//O1vjnr04k/eB5weN0EJpZ1FMABk= X-Received: by 2002:a37:64d4:: with SMTP id y203mr1577405qkb.150.1606166797365; Mon, 23 Nov 2020 13:26:37 -0800 (PST) MIME-Version: 1.0 References: <45292c19-e818-441b-9549-8c9429d7017a@wickr.com> In-Reply-To: <45292c19-e818-441b-9549-8c9429d7017a@wickr.com> From: Brendan McMillion Date: Mon, 23 Nov 2020 13:26:26 -0800 Message-ID: To: Joel Alwen Cc: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="000000000000685c7605b4ccd976" Archived-At: Subject: Re: [MLS] AppAck X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 21:26:40 -0000 --000000000000685c7605b4ccd976 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > > On 22/11/2020 23:07, Brendan McMillion wrote: > > b.) clients only want to validate receipt of messages at a Commit, > > Not sure why you say this is implied by how AppAck is defined. From the P= R: > > > * The application could have a client send an AppAck whenever an > application > > message is sent, covering all messages received since its last > AppAck. This > > would provide a complete view of any losses experienced by active > members. Because proposals are allowed to be dropped, and you don't know if they were dropped until the Commit. If in the end you find out your AppAck proposals were dropped, what do you even do? You can't resend them, as the generation counters have been reset. To get a per-message delivery guarantee, you could tie application messages to the corresponding AppAck somehow and only accept one if both get delivered, but that's more complicated and also not what's currently in the PR. I should also point out that this construction scales poorly. It requires members to send twice as many messages, and that the size of each message be proportional to the number of members, so the total amount of data handled by the DS grows quadratically. On Mon, Nov 23, 2020 at 8:34 AM Joel Alwen wrote: > If using the AppAck proposal is not mandatory and it would be useful to > several > of the envisaged deployments (which sounds to be the case) I don't see > this as > being too problematic. Though I do agree that other message loss policies > also > make sense. (E.g. wanting eventual agreement on total ordering.) > > Moreover, it should be quite easy to support these proposals since they > have > almost no effect on the cryptographic state so are easy to process. Its > really a > UX thing I think. > > On 22/11/2020 23:07, Brendan McMillion wrote: > > b.) clients only want to validate receipt of messages at a Commit, > > Not sure why you say this is implied by how AppAck is defined. From the P= R: > > > * The application could have a client send an AppAck whenever an > application > > message is sent, covering all messages received since its last > AppAck. This > > would provide a complete view of any losses experienced by active > members. > - Jo=C3=ABl > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > --000000000000685c7605b4ccd976 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On 22/11/2020 23:07, Brendan McMillion wrote:
> b.) clients only want to validate receipt of messages at a Commit,

Not sure why you say this is implied by how AppAck is defined. From the PR:=

> * The application could have a client send an AppAck whenever an appli= cation
>=C2=A0 =C2=A0message is sent, covering all messages received since its = last AppAck.=C2=A0 This
>=C2=A0 =C2=A0would provide a complete view of any losses experienced by= active members.

Because proposals are allo= wed to be dropped, and you don't know if they were dropped until the Co= mmit. If in the end you find out your AppAck proposals were dropped, what d= o you even do? You can't resend them, as the generation counters have b= een reset. To get a per-message delivery guarantee, you could tie applicati= on messages to the corresponding AppAck somehow and only accept one if both= get delivered, but that's more complicated and also not what's cur= rently in the PR.

I should also point out that thi= s construction scales poorly. It requires members to send twice as many mes= sages, and that the size of each message be proportional to the number of m= embers, so the total amount of data handled by the DS grows quadratically.<= br>

= On Mon, Nov 23, 2020 at 8:34 AM Joel Alwen <jalwen@wickr.com> wrote:
If using the AppAck proposal is not mandatory and i= t would be useful to several
of the envisaged deployments (which sounds to be the case) I don't see = this as
being too problematic. Though I do agree that other message loss policies a= lso
make sense. (E.g. wanting eventual agreement on total ordering.)

Moreover, it should be quite easy to support these proposals since they hav= e
almost no effect on the cryptographic state so are easy to process. Its rea= lly a
UX thing I think.

On 22/11/2020 23:07, Brendan McMillion wrote:
> b.) clients only want to validate receipt of messages at a Commit,

Not sure why you say this is implied by how AppAck is defined. From the PR:=

> * The application could have a client send an AppAck whenever an appli= cation
>=C2=A0 =C2=A0message is sent, covering all messages received since its = last AppAck.=C2=A0 This
>=C2=A0 =C2=A0would provide a complete view of any losses experienced by= active members.
- Jo=C3=ABl

_______________________________________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls
--000000000000685c7605b4ccd976-- From nobody Sat Nov 28 23:51:18 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB663A12C3 for ; Sat, 28 Nov 2020 23:51:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.119 X-Spam-Level: X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=nTsRUtbO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JYanF59+ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iuF5uufvDew5 for ; Sat, 28 Nov 2020 23:51:14 -0800 (PST) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2796A3A12C2 for ; Sat, 28 Nov 2020 23:51:14 -0800 (PST) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id A8D735C00E5 for ; Sun, 29 Nov 2020 02:32:43 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 29 Nov 2020 02:32:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject:message-id:date; s= fm1; bh=jyQ0rOsbR+SbszET5iH4uA8KO+9vWITCVnLw+Gmkhr0=; b=nTsRUtbO y3LYN+Hb8Er6+B5U2PjpYRkx4OV+TiCCjRedVi7gaKtPzQfEFiPM+vLraeoznETS nFI3VDKp27cQk+fRuzh7JrKUnXWlpy0sM0zEHSBewcCmhTGqYR0ME1uYkXZXynUu zTvLQhvi8iKvKerL3Qg7luHm4Pr6lSEDh1h1Ifo7Yb0xzaaViKWFlSxKqOWVzqMV xAz3l5LbBGRDCX9mhtvT3jrCBeuQvSE5yB4DNCgUYom8PSmxEBKU1/J2HXS7uTmd D5q/YIBjfV6UA3cg9AFMP30cYs1wn1w+QJ/PkFDVog2IP/fydJwv1kjwQ1mLGut2 3cEorD0dNzYH9g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=jyQ0rOsbR+SbszET5iH4uA8KO+9vW ITCVnLw+Gmkhr0=; b=JYanF59+/1RAAlWFSoShU6UdDbGHn8br7IJ4IDYNc+2wr u2nqufL93jerru3VxC9fvvoHyfUL0/UUKNl348eAADPjs0VQVanmhZdcjGt4bd4D 0BItRbs/CEQWPOYQDgzxLKEuVVvERr2Oc+I/MX7cWieJGxp4l3sOs2UPXL2dCmSC EJhEQjtiTvdtE27auP4V0fZqnh4LlrrACqENwJ1e72voIplCGqiIf5jy3L6W0Atv MObsQ2jDkD1CYmcc1q+WuOtQeR+SExqGIuZooUB7Y0WeiqjAtOP6fmnVNyN9lUzH A181PnsrEr10xuggdb13Qp79kEPvA4q8zDK6xN4Xg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudehjedguddtlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggghffvufesrgdttdertddtje enucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicu uehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudei teenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeegtddrjedtrdejuddrud ekkeenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght X-ME-Proxy: Received: from fv-az184-108.internal.cloudapp.net (unknown [40.70.71.188]) by mail.messagingengine.com (Postfix) with ESMTPA id 7F3EF3064AA6 for ; Sun, 29 Nov 2020 02:32:43 -0500 (EST) Content-Type: multipart/alternative; boundary="===============6341266271794822172==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20201129073243.7F3EF3064AA6@mailuser.nyi.internal> Date: Sun, 29 Nov 2020 02:32:43 -0500 (EST) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2020 07:51:17 -0000 --===============6341266271794822172== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Issues ------ * mlswg/mls-protocol (+1/-0/=F0=9F=92=AC0) 1 issues created: - External Commit for Resync Used with PSK (by br-hale) https://github.com/mlswg/mls-protocol/issues/443=20 Pull requests ------------- * mlswg/mls-protocol (+3/-2/=F0=9F=92=AC5) 3 pull requests submitted: - Move joiner_secret to the end of the first KDF cycle in the Key Schedul= e (by ericcornelissen) https://github.com/mlswg/mls-protocol/pull/446=20 - Fix typo Derive-Secret (by franziskuskiefer) https://github.com/mlswg/mls-protocol/pull/445=20 - Fix typo (by Bren2010) https://github.com/mlswg/mls-protocol/pull/444=20 5 pull requests received 5 new comments: - #445 Fix typo Derive-Secret (1 by beurdouche) https://github.com/mlswg/mls-protocol/pull/445=20 - #444 Fix typo (1 by beurdouche) https://github.com/mlswg/mls-protocol/pull/444=20 - #442 Add an "AppAck" proposal (1 by kkohbrok) https://github.com/mlswg/mls-protocol/pull/442=20 - #439 Identities SHOULD be unique per group (1 by kkohbrok) https://github.com/mlswg/mls-protocol/pull/439=20 - #435 Fix parent hash verification (1 by MartaMularczyk) https://github.com/mlswg/mls-protocol/pull/435=20 2 pull requests merged: - Fix typo Derive-Secret https://github.com/mlswg/mls-protocol/pull/445=20 - Fix typo https://github.com/mlswg/mls-protocol/pull/444=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============6341266271794822172== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday November 29, 2020

Issues

mlswg/mls-protocol (+1/-0/=F0=9F=92=AC0)

1 issues created:

Pull requests

mlswg/mls-protocol (+3/-2/=F0=9F=92=AC5)

3 pull requests submitted:

5 pull requests received 5 new comments:

2 pull requests merged:

Repositories tracked by this digest:

--===============6341266271794822172==-- From nobody Sun Nov 29 09:13:44 2020 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B86E3A09DB for ; Sun, 29 Nov 2020 09:13:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ikwgVIKWZpgX for ; Sun, 29 Nov 2020 09:13:41 -0800 (PST) Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFBCA3A09D9 for ; Sun, 29 Nov 2020 09:13:40 -0800 (PST) Received: by mail-ej1-x629.google.com with SMTP id bo9so16040177ejb.13 for ; Sun, 29 Nov 2020 09:13:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:message-id:date:to; bh=Sggq0niIHH3z1R/5BP0Pb5VDddk9m7Rk/B1WvpP4fQI=; b=wIxpZcw31XreNzK2tmRy/Vx3IYBwZ9qyysBdhgodV9qqP51dMpmZHI9ArkqooZ8bCy Y18QGX05rkvWE0kLYd65lQD1YNhY3g0NbGFWvPnxraTE6FLTHIAuJ+TNrPJ2TR5RkIyA 9br/BCKianYGnOpbitYdQFKT1qjOSG2VLa91ZvXjr3LOVvEKPVUnZ/2qIo3w3r34dztY xx8QYjL1HNkIk9x8m9TTeCly+IKmjwbqwedaCC7dVdcTJDPCLu38wQoe7Q9kR94G0lzM Z99lHRJRxcKH2kPeXJeSYUfh+VN/f5YGnGBa8uFqz7mH8NuuddEO8YAUEdVLb72s0mmH sTdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=Sggq0niIHH3z1R/5BP0Pb5VDddk9m7Rk/B1WvpP4fQI=; b=SXQ4Daa1hSTRb+1qQC0DNYBL/gaHMCvGERyWfSIE4zwJ2HgWJcq/A1tJnwyJYk+9bg QfRmzWE66di5rogkuvmbXo7AeCour484cSDHDZS1+LFpfe4lHTxm2pMRBkF/VrTHr4wR jO2gTlYh+TZ8b9PeMzS6ShGrbgitPfFc69fHqS9K7Wh6kCKx5ZWDh6W+ZQQcfE/M9ATN 0SiL+mAJAeD87DHNTMpaDkNmgHJVN1l5Os/NhOcyWR5bI+yv8Uf5zQY+pWlOX9zJ+cqo RBOsSHM+IzHg9UxXAsI9A3T9sKgy1qIYejR7AEeNhKyg78cZc/2SmWw58yAi1r1PfBK1 555g== X-Gm-Message-State: AOAM530fYllU67WHkU38GAkUz0yZPwOMroncrdu4mpNey6HeHtZiC7ap U2kNjdErlrCkjHAOgzviXYohNu3DbxP0uqaX X-Google-Smtp-Source: ABdhPJyUfLi0e6v+yDSRqr+mpwCNAIRvRVm24ABLtrHDB7An+ejFE5UDvkxwHgjsNuE6UFUO8VQZQg== X-Received: by 2002:a17:906:2742:: with SMTP id a2mr16755843ejd.219.1606670018211; Sun, 29 Nov 2020 09:13:38 -0800 (PST) Received: from [192.168.178.21] ([37.209.98.242]) by smtp.gmail.com with ESMTPSA id v20sm513746ejq.45.2020.11.29.09.13.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 29 Nov 2020 09:13:37 -0800 (PST) From: Raphael Robert Content-Type: multipart/alternative; boundary="Apple-Mail=_7689AC49-9409-44BE-9CCC-8361E726C15F" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\)) Message-Id: Date: Sun, 29 Nov 2020 18:13:06 +0100 To: "mls@ietf.org" X-Mailer: Apple Mail (2.3654.20.0.2.21) Archived-At: Subject: [MLS] Improving client authentication X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2020 17:13:44 -0000 --Apple-Mail=_7689AC49-9409-44BE-9CCC-8361E726C15F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, Recently there was some discussion about identities and credentials in = MLS [1][2], in particular whether identities and signatures should be = unique per group. The architecture draft defines things as follows: "Formally, a Client is a set of cryptographic objects composed by public = values such as a name (an identity), a public encryption key and a = public signature key. Ownership of a Client by a user is determined by = the fact that the user has knowledge of the associated secret values. = When a Client is part of a Group, it is called a Member and its = signature key pair uniquely defines its identity to other clients or = members in the Group. In some messaging systems, clients belonging to = the same user must all share the same identity key pair, but MLS does = not assume this. Users will typically own multiple Clients, potentially one or more per = end-user devices (phones, web clients or other devices...) and may = choose to authenticate using the same signature key across devices, = using one signature key per device or even one signature key per = group.=E2=80=9D In other words: while not encouraged, clients can have the same identity = and the same signature key. As such, they become mostly = indistinguishable from each other, except for their index in the tree. = This was initially worded that way to clearly support real-world use = cases where clients indeed have the same credential and MLS can just be = used as a key negotiation protocol that builds on top of that. So far = this has not received a lot of scrutiny, but I can see scenarios where = this can clearly lead to attacks. A first scenario is described by = Britta in [2]. Another attack =E2=80=93 where attackers use said = indistinguishability for impersonation =E2=80=93 could go as follows: - Alice has two devices, A1 and A2. Both devices use the same = credential, meaning they have the same identity and signature key. - An attacker briefly compromises A2 and creates a legitimate key = package. - The attacker then creates an UpdateProposal with that key package and = uses the index of A1 as the sender in the MLSPlaintext framing, as well = as a RemoveProposal for A2. - Other members receive and process these proposals, and to them the = UpdateProposal looks like it was issued by A1 (since the index is the = one from A1 and the signature key is shared between A1 and A2). - Finally one of the other members sends a Commit referencing the = proposals, seemingly evicting A2 from the group. - The attacker however still knows the HPKE private leaf key of A1 and = is therefore still part of the group and can act as a passive attacker = until A1 is evicted. - Incoming messages will look broken for A1, but it might take a while = before A1 notices, if ever. Besides UpdateProposals, A2 could also send a full Commit or application = messages in the name of A1. Maybe other attacks could be mounted that = way. I think these kind of attacks are bad enough to look at things again. I = propose the following: 1. Restrict the sharing of credentials: Identities and signature keys = MUST each be unique per group. 2. Solve the use case of per-user devices differently. Regarding the latter, I think we already have all the ingredients we = need. The protocol spec has the following definition of credentials: struct { CredentialType credential_type; select (Credential.credential_type) { case basic: BasicCredential; case x509: Certificate chain<1..2^32-1>; }; } Credential; We can use the fact that a whole chain can be provided for the X509 = type. So in case an application wants to use a per-user certificate, = this certificate could just move up in the chain and sign a per-device = certificate that has a unique identity and signature key. And btw, the = same chain could also be allowed for the BasicCredential type with a = small spec change. Why is this better than before? Isn=E2=80=99t this just shifting the = problem, because the per-user certificate could still issue an arbitrary = number of per-device certificates?=20 Firstly, impersonation attacks become harder (if not impossible) because = the signature keys used to sign handshake & application messages are no = longer shared across multiple devices.=20 Secondly, the (private) signature key of the per-user certificate is now = only used very rarely, namely in the situation where a new per-device = certificate needs to be issued. This opens up new possibilities to = better protect that key: it doesn=E2=80=99t have to be on the device = necessarily, or it could be stored in a secure enclave, or it could be = encrypted with a passphrase the user needs to provide, etc. None of = these protection mechanisms could be applied to the per-device = certificate, because its signing key needs to be readily available at = all times (e.g. mobile messaging apps typically do operations in the = background without requiring any action from the user, like sending = end-to-end encrypted delivery receipts). Thirdly, we could limit the validity of the per-device certificate. As = mentioned above, that signature key is still relatively exposed and = might as accessible to an attacker as the rest of the group state during = a brief compromise. Limiting for how much time a per-device certificate = is valid, would at least mitigate the risk a bit. We could allow updates = to the per-device certificate under the condition that a) the = UpdateProposal is signed with the old certificate, b) that the identity = doesn=E2=80=99t change and c) that the per-user certificate is still the = same. I think the above proposal would make authentication in MLS better while = still catering for the initial use cases. Raphael [1] https://github.com/mlswg/mls-protocol/pull/439 = [2] = https://mailarchive.ietf.org/arch/msg/mls/6tjSWyAesfU125IFRDfMhRLtsPM/ = --Apple-Mail=_7689AC49-9409-44BE-9CCC-8361E726C15F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = all,

Recently there = was some discussion about identities and credentials in MLS [1][2], in = particular whether identities and signatures should be unique per group. = The architecture draft defines things as follows:
"Formally, a Client is a set of = cryptographic objects composed by public values such as a name (an = identity), a public encryption key and a public signature key. Ownership = of a Client by a user is determined by the fact that the user has = knowledge of the associated secret values. When a Client is part of a = Group, it is called a Member and its signature key pair uniquely defines = its identity to other clients or members in the Group. In some = messaging systems, clients belonging to the same user must all share the = same identity key pair, but MLS does not assume this.

Users will typically own multiple Clients, potentially one or = more per end-user devices (phones, web clients or other devices...) and = may choose to authenticate using the same signature key across = devices, using one signature key per device or even one signature key = per group.=E2=80=9D

In= other words: while not encouraged, clients can have the same identity = and the same signature key. As such, they become mostly = indistinguishable from each other, except for their index in the tree. = This was initially worded that way to clearly support real-world use = cases where clients indeed have the same credential and MLS can just be = used as a key negotiation protocol that builds on top of that. So far = this has not received a lot of scrutiny, but I can see scenarios where = this can clearly lead to attacks. A first scenario is described by = Britta in [2]. Another attack =E2=80=93 where attackers use said = indistinguishability for impersonation =E2=80=93 could go as = follows:

 -= Alice has two devices, A1 and A2. Both devices use the same credential, = meaning they have the same identity and signature key.
 - An attacker briefly compromises A2 and creates a = legitimate key package.
 - The attacker then = creates an UpdateProposal with that key package and uses the index of A1 = as the sender in the MLSPlaintext framing, as well as a RemoveProposal = for A2.
 - Other members receive and process = these proposals, and to them the UpdateProposal looks like it was issued = by A1 (since the index is the one from A1 and the signature key is = shared between A1 and A2).
 - Finally one of = the other members sends a Commit referencing the proposals, seemingly = evicting A2 from the group.
 - The attacker = however still knows the HPKE private leaf key of A1 and is therefore = still part of the group and can act as a passive attacker until A1 is = evicted.
 - Incoming messages will look broken = for A1, but it might take a while before A1 notices, if ever.

Besides UpdateProposals, = A2 could also send a full Commit or application messages in the name of = A1. Maybe other attacks could be mounted that way.

I think these kind of = attacks are bad enough to look at things again. I propose the = following:

1. = Restrict the sharing of credentials: Identities and signature keys MUST = each be unique per group.
2. Solve the use case of = per-user devices differently.

Regarding the latter, I think we = already have all the ingredients we need. The protocol spec has the = following definition of credentials:

struct {
    CredentialType credential_type;
    select (Credential.credential_type) {
        case basic:
            = BasicCredential;

        case x509:
            Certificate = chain<1..2^32-1>;
    };
} Credential;

We can use the fact that a whole chain can be provided for = the X509 type. So in case an application wants to use a per-user = certificate, this certificate could just move up in the chain and sign a = per-device certificate that has a unique identity and signature key. And = btw, the same chain could also be allowed for the BasicCredential type = with a small spec change.

Why is this better than before? Isn=E2=80=99t this just = shifting the problem, because the per-user certificate could still issue = an arbitrary number of per-device certificates? 

Firstly, impersonation = attacks become harder (if not impossible) because the signature keys = used to sign handshake & application messages are no longer shared = across multiple devices. 

Secondly, the (private) signature key = of the per-user certificate is now only used very rarely, namely in the = situation where a new per-device certificate needs to be issued. This = opens up new possibilities to better protect that key: it doesn=E2=80=99t = have to be on the device necessarily, or it could be stored in a secure = enclave, or it could be encrypted with a passphrase the user needs to = provide, etc. None of these protection mechanisms could be applied to = the per-device certificate, because its signing key needs to be readily = available at all times (e.g. mobile messaging apps typically do = operations in the background without requiring any action from the user, = like sending end-to-end encrypted delivery receipts).

Thirdly, we could limit = the validity of the per-device certificate. As mentioned above, that = signature key is still relatively exposed and might as accessible to an = attacker as the rest of the group state during a brief compromise. = Limiting for how much time a per-device certificate is valid, would at = least mitigate the risk a bit. We could allow updates to the per-device = certificate under the condition that a) the UpdateProposal is signed = with the old certificate, b) that the identity doesn=E2=80=99t change = and c) that the per-user certificate is still the same.

I think the above = proposal would make authentication in MLS better while still catering = for the initial use cases.

Raphael



= --Apple-Mail=_7689AC49-9409-44BE-9CCC-8361E726C15F--