From nobody Mon Feb 10 07:58:34 2020 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC3861200FE for ; Sun, 9 Feb 2020 04:59:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YnlHtqiB3wu for ; Sun, 9 Feb 2020 04:59:30 -0800 (PST) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFDF21200F5 for ; Sun, 9 Feb 2020 04:59:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21097; q=dns/txt; s=iport; t=1581253169; x=1582462769; h=from:mime-version:subject:message-id:date:cc:to; bh=kYdoqsa26KIMcUS9vWS40szd1xtN/A4QSYFor7PPm98=; b=DeHKZfa0Gv6dLoMPZ2dULCKNCq7pgnnGFgpIE6jVFSAGOqXzBkgUuI8u cNDyn3Zuk8zGoHpnUJotmfIgT3rcZE7tUifRecs6zNQ5wl2t2FiGt0j0v w7uhPUM7mYfAfeKEM15WOPKvOFIxYFTBdPT1HGxuI5uASWz/iqyIUAgnj o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CaGQC2AUBe/xbLJq1mHAECKAEHAQI?= =?us-ascii?q?FAQQEAYFgAoEjAYFvVSASKoQViQOHfpllgXsJAQEBDAEBGxQBAYRATgmCEjY?= =?us-ascii?q?HDgIDDQEBBAEBAQIBBQRthTcMhhBOCFMKAoQYAYJ7rDB1gTKFSoUQgTgBjDy?= =?us-ascii?q?CAIERJwwUgh6IRzKCCiIEjVAooXqCRASCSoR+gV6Daok4G4JIeYs5jBWmWoM?= =?us-ascii?q?vAgQGBQIVgVkBMYFYMxoIGxU7KgGCQQk1EhgNmQGDY0ADMI5oAQE?= X-IronPort-AV: E=Sophos; i="5.70,421,1574121600"; d="scan'208,217"; a="23066773" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Feb 2020 12:59:25 +0000 Received: from [10.61.243.10] ([10.61.243.10]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 019CxOrR028996 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 9 Feb 2020 12:59:25 GMT From: Eliot Lear Content-Type: multipart/alternative; boundary="Apple-Mail=_88501008-4AFA-497D-A66F-207CBA06E85F" Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Message-Id: <48EB1BF2-1163-42D2-9E24-8B1DC437203C@cisco.com> Date: Sun, 9 Feb 2020 13:59:24 +0100 Cc: Rich Salz To: mud@ietf.org X-Mailer: Apple Mail (2.3608.60.0.2.5) X-Outbound-SMTP-Client: 10.61.243.10, [10.61.243.10] X-Outbound-Node: aer-core-3.cisco.com Archived-At: Subject: [Mud] Using an HSM to sign MUD files? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Feb 2020 12:59:33 -0000 --Apple-Mail=_88501008-4AFA-497D-A66F-207CBA06E85F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I was asked by a partner how to modify the normal MUD signing = instructions when an HSM is in play. Each HSM is a little different, = but the general concepts are the same. OpenSSL does come equipped with = a means to invoke HSMs. What has to happen, roughly speaking is the = following: Configure the HSM engine in the openssl.cnf file. Make sure you know the PKCS#11 URI Invoke the engine using cms. I=E2=80=99m using SoftHSM2 only as an example in this message. If you = need to install a certificate and a key into the HSM, follow its = instructions to do so. For SoftHSM2 that means doing the following: Initialize a token: softhsm2-util --init-token --slot 1 --label mud Find the Slot # associated with that label softhsm-util =E2=80=94show-slots Load the appropriate private key: pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --slot 1810141384 = --pin secret --write-object clientcert.key --type privkey Load the appropriate certificate: pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --slot 1810141384 = -pin secret --write-object clientcert.pem --type cert One must next inform OpenSSL that the engine is to be used. This is = done in the openssl.cnf file. I will not go through the details of this = file=E2=80=99s construction, as it was written by good people who happen = to have sadistic tendencies. At the very top of the file, we add the following line: openssl_conf =3D openssl_init Then at the very bottom of the file we will add the following lines: [openssl_init] engines=3Dengine_section [engine_section] pkcs11=3Dpkcs11_section [pkcs11_section] engine_id =3D pkcs11 dynamic_path =3D /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so MODULE_PATH=3D /usr/lib/softhsm/libsofthsm2.so default_algorithms =3D ALL init =3D 1 The top part informs openssl that it should check the [openssl_init] = section on initialization. The openssl_init section indicates where to = find the engine section, and then we get to the pkcs11 engine. You will need to replace the softhsm line with an appropriate line for = you, given to you by the HSM manufacturer, and they may also give you = some arguments. Now=E2=80=A6 you will note the use of libpkcs11 above. To install that: sudo apt-get install -y libpkcs11 libengine-pkcs11-openssl1.1 The next thing you will need is the appropriate PKCS#11 URI. To get = that, I have found that p11tool does the job best, as follows: sudo apt-get install -y gnutls-bin p11tool --list-tokens You should get output along the lines of: Token 2: URL: = pkcs11:model=3DSoftHSM%20v2;manufacturer=3DSoftHSM%20project;serial=3D8880= 7c3febe490c8;token=3Dmud Label: mud Type: Generic token Manufacturer: SoftHSM project Model: SoftHSM v2 Serial: 88807c3febe490c8 Module: /usr/lib/softhsm/libsofthsm2.so All of this information will likely vary for you. The only thing you = care about is the URI. Copy what you see in the response. If you = don=E2=80=99t see anything with p11tool, stop. Some debugging is in = order at that point. Now to sign the file using cms, we use a line similar to how one = normally signs a mud file. This time, however, we will invoke the = PKCS#11 engine. This has to be done in three ways: by specifying the = -engine option, by indicating the keyform, and by modifying -inkey. % openssl cms -in mudfile.json -outform der -engine pkcs11 -keyform = engine -sign -signer clientcert.pem -binary -certfile intermediate.pem = -out mudfile.p7s -inkey = 'pkcs11:model=3DSoftHSM%20v2;manufacturer=3DSoftHSM%20project;serial=3D888= 07c3febe490c8;token=3Dmud;pin-value=3D123456=E2=80=99 Note the addition of the pin at the end. For this operation to work, we presume that you have the normal signing = certificate available as a file. Different drivers work a little differently. Some are in a position to = prompt you for the PIN, and this is of course preferred. Eliot= --Apple-Mail=_88501008-4AFA-497D-A66F-207CBA06E85F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
I was asked by a partner how to modify the normal MUD signing = instructions when an HSM is in play.  Each HSM is a little = different, but the general concepts are the same.  OpenSSL does = come equipped with a means to invoke HSMs.  What has to happen, = roughly speaking is the following:

  • Configure the HSM engine in the openssl.cnf file.
  • Make sure you know the PKCS#11 URI
  • Invoke = the engine using cms.

I=E2=80=99m using SoftHSM2 only as an example in this message.  If you need to = install a certificate and a key into the HSM, follow its instructions to = do so.  For SoftHSM2 that means doing the following:

  • Initialize a token:
    • softhsm2-util --init-token --slot 1 --label = mud
  • Find the Slot # associated with that = label
    • softhsm-util =E2=80=94show-slots
    Load the appropriate private key:
    • pkcs11-tool = --module /usr/lib/softhsm/libsofthsm2.so  --slot 1810141384 --pin secret --write-object clientcert.key = --type privkey
  • Load the appropriate = certificate:
    • pkcs11-tool --module = /usr/lib/softhsm/libsofthsm2.so --slot 1810141384 -pin = secret --write-object clientcert.pem --type = cert


One must next inform = OpenSSL that the engine is to be used.  This is done in the = openssl.cnf file.  I will not go through the details of this = file=E2=80=99s construction, as it was written by good people who happen = to have sadistic tendencies.

At the very top of the file, we add the = following line:

openssl_conf =3D = openssl_init

Then at the very = bottom of the file we will add the following lines:

[openssl_init]

engines=3Dengine_section

[engine_section]
pkcs11=3Dpkcs11_section

[pkcs11_section]
engine_id =3D pkcs11
dynamic_path =3D = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
MODULE_PATH=3D /usr/lib/softhsm/libsofthsm2.so
<= /span>
default_algorithms =3D = ALL
init =3D = 1

The top = part informs openssl that it should check the [openssl_init] section on = initialization.  The openssl_init section indicates where to find = the engine section, and then we get to the pkcs11 = engine.

You will need to replace the softhsm line with an appropriate = line for you, given to you by the HSM manufacturer, and they may also = give you some arguments.

Now=E2=80=A6 you will note the use of libpkcs11 above. =  To install that:

sudo apt-get install -y libpkcs11 libengine-pkcs11-openssl1.1

The next thing you will need = is the appropriate PKCS#11 URI.  To get that, I have found that = p11tool does the job best, as follows:

sudo apt-get = install -y gnutls-bin
p11tool = --list-tokens


You should get output along the lines of:

Token = 2:
= URL: pkcs11:model=3DSoftHSM%20v2;manufacturer=3DSoftHSM%20project;se= rial=3D88807c3febe490c8;token=3Dmud
Label: mud
Type: = Generic token
= Manufacturer: SoftHSM project
Model: SoftHSM v2
Serial: 88807c3febe490c8
Module: = /usr/lib/softhsm/libsofthsm2.so

All of this information will likely = vary for you.  The only thing you care about is the URI.  Copy = what you see in the response.  If you don=E2=80=99t see anything = with p11tool, stop.  Some debugging is in = order at that point.

Now to sign the file using cms, we use a line similar to how = one normally signs a mud file.  This time, however, we will invoke = the PKCS#11 engine.  This has to be done in three ways: by = specifying the -engine option, by indicating the keyform, and by = modifying -inkey.

% = openssl cms -in mudfile.json -outform der -engine = pkcs11 -keyform engine -sign -signer clientcert.pem -binary = -certfile intermediate.pem -out mudfile.p7s  -inkey 'pkcs11:model=3DSoftHSM%20v2;manufacturer=3DSoftHSM%20project;s= erial=3D88807c3febe490c8;token=3Dmud;pin-value=3D123456=E2=80=99


Note the addition of = the pin at the end.

For this operation to work, we presume that you have the = normal signing certificate available as a file.

Different drivers work a little = differently.  Some are in a position to prompt you for the PIN, and = this is of course preferred.

Eliot
= --Apple-Mail=_88501008-4AFA-497D-A66F-207CBA06E85F-- From nobody Mon Feb 10 09:45:45 2020 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2050112001B for ; Mon, 10 Feb 2020 09:45:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8JPefWzBxkD for ; Mon, 10 Feb 2020 09:45:41 -0800 (PST) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A48912001A for ; Mon, 10 Feb 2020 09:45:40 -0800 (PST) Received: from dooku.sandelman.ca (unknown [IPv6:2a02:8109:b6c0:52b8:584d:5a6f:7ed3:c298]) by relay.sandelman.ca (Postfix) with ESMTPS id 30A181F459; Mon, 10 Feb 2020 17:45:39 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id EAF8D1A29B4; Mon, 10 Feb 2020 18:45:37 +0100 (CET) From: Michael Richardson To: Eliot Lear cc: mud@ietf.org, Rich Salz In-reply-to: <48EB1BF2-1163-42D2-9E24-8B1DC437203C@cisco.com> References: <48EB1BF2-1163-42D2-9E24-8B1DC437203C@cisco.com> Comments: In-reply-to Eliot Lear message dated "Sun, 09 Feb 2020 13:59:24 +0100." X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Date: Mon, 10 Feb 2020 18:45:37 +0100 Message-ID: <734.1581356737@dooku> Archived-At: Subject: Re: [Mud] Using an HSM to sign MUD files? X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Feb 2020 17:45:43 -0000 --=-=-= Content-Type: text/plain Eliot Lear wrote: > I was asked by a partner how to modify the normal MUD signing > instructions when an HSM is in play. Each HSM is a little different, > but the general concepts are the same. OpenSSL does come equipped with > a means to invoke HSMs. What has to happen, roughly speaking is the > following: I think that the HSM is in the manufacturer infrastructure, not something attached to the device being described! I'm just saying this to be clear, but some people aren't clear about who makes the signature. Are there some operational things we could/should extract into a document. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl5BlsEACgkQlUzhVv38 QpASlAf+JAktkC82jTcZiQzr/YOIYuf3MK10g2Qiod95r12YmI5JXcEFWs5T/DLG m4wvUNnAoWMoZzjHsWmHhL/42MnaFHi3at4PS4+t+PxgXcOELc02UXq4r+ThQk26 3V6McPS9PDcbc+yz/IpJW1eiXgXnz/dAae6sLX11cBVDpB/kr3gTqDEzLz85ucpc VnkLp4SSqK2l36hZGA+gN2xhQgKU9BjDzN8TAX6nS6ScOntkpYg5hIpodmVey/pI l0y7rzSqk5OYX+tgAujrROtXSbyyqsQbMmCbtHXXiFhMe/x/OUimNwmcdN0SKzLt 06JOQkEIwYMkHgjbUgyh7qMsd+aJqA== =ljd9 -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Feb 20 01:10:12 2020 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D165120866; Thu, 20 Feb 2020 01:10:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.501 X-Spam-Level: ** X-Spam-Status: No, score=2.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A7puvzU18ELA; Thu, 20 Feb 2020 01:10:02 -0800 (PST) Received: from relay.sandelman.ca (minerva.sandelman.ca [IPv6:2a01:7e00::3d:b000]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ADA21201E4; Thu, 20 Feb 2020 01:10:02 -0800 (PST) Received: from dooku.sandelman.ca (unknown [46.114.38.67]) by relay.sandelman.ca (Postfix) with ESMTPS id D64E61F458; Thu, 20 Feb 2020 09:09:58 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 4A8741A3B71; Thu, 20 Feb 2020 09:50:37 +0100 (CET) From: Michael Richardson To: "Charles Eckel \(eckelcu\)" , Eliot Lear , mud@ietf.org cc: "hackathon\@ietf.org" In-reply-to: <1F3F4ACF-7C44-46B7-A28B-5ADB6943209D@cisco.com> References: <1F3F4ACF-7C44-46B7-A28B-5ADB6943209D@cisco.com> Comments: In-reply-to "Charles Eckel (eckelcu)" message dated "Tue, 18 Feb 2020 17:09:13 +0000." X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Date: Thu, 20 Feb 2020 09:50:37 +0100 Message-ID: <12624.1582188637@dooku> Archived-At: Subject: Re: [Mud] [hackathon] network and power X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Feb 2020 09:10:04 -0000 --=-=-= Content-Type: text/plain Charles, Re: power and network at the SUIT/TEEP/RATS Hackathon this week, about 11 people said they were going to the IETF Hackathon. Of those, I think it was 3-4 were going to do SUIT/TEEP/RATS and some of us would flit between tables. Both SUIT/TEEP/RATS and MUD/ANIMA would seem to need tables with extra power and wired networking. Different, but nearby tables, would be appreciated. I'll try to get that into the wiki, but network/LTE is poor on the train I'm on. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl5OSF0ACgkQlUzhVv38 QpAVNAgAhEExR3ZOI4iqlJ8cD3nKDg1Y4SjWNTYLPtqF8llgGCvf7PEpI7CnWRv4 9SM+SzLr0QldggKgPLhvur/OsszwQUzpNtSszQAncaEEKUTZfhzFaln9QQXYcep8 NrezMkzufuoTssbDxHNhRbBQ/JqqaW5rQeXKwVxhUql1VKdk5w9ta6xwVNwpzjcE OWPH/F8ap5+YXK5DkT7OlXORi0ew/4uCK56IRHV9onLPNTRdZtD1Jpi2E+eaV7ih NNK6H95xspKedRjRMh/FSPZBw1Ny4JUdHidpoJPusF40h4eJ01r1EJZ2gPIxI5ZM /p1oMgsFveZdbAQi6RzV3yR+VtuOzA== =2JJ/ -----END PGP SIGNATURE----- --=-=-=-- From nobody Thu Feb 20 07:14:10 2020 Return-Path: X-Original-To: mud@ietfa.amsl.com Delivered-To: mud@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 069C8120073; Thu, 20 Feb 2020 07:14:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.498 X-Spam-Level: X-Spam-Status: No, score=-14.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fDbpijnN; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=OA/F0Wps Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oURjHykiPc3e; Thu, 20 Feb 2020 07:14:00 -0800 (PST) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BC0F12003E; Thu, 20 Feb 2020 07:14:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1262; q=dns/txt; s=iport; t=1582211640; x=1583421240; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=AfrXXWa/NNVeavPCkdZyQcPdqtFQK8nM4tduelB9odM=; b=fDbpijnNcBYbT7bJUVGnNUqoVU55rrgc5Rq6YkPb3mE4wGHrc82OLI5v JAw2z8d5halk2aHomplHZUOISoRG+aUW0YpjDRlsxCtVxnFdfDWqEsocv iizHZ6o425M0Ek3g4DZ6L/6jMd3ub/YTUhT8NMzyK8DO8VAXW2SZYgBAo I=; IronPort-PHdr: =?us-ascii?q?9a23=3AqrF01RL9/J+ZPXnTqNmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvad2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXEDwL/PuZDESF8VZX1gj9Ha+YgBY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CPBQAdoU5e/4oNJK1lHAEBAQEBBwE?= =?us-ascii?q?BEQEEBAEBgXuBVFAFgUQgBAsqhBSDRgOKcZpyglIDVAkBAQEMAQEtAgQBAYF?= =?us-ascii?q?MgnQCF4FxJDgTAgMNAQEFAQEBAgEFBG2FNwyFZwIBAxIREQwBATcBDwIBCBo?= =?us-ascii?q?CJgICAjAVEAIEAQ0FIoMEgksDLgGjAAKBOYhidYEygn8BAQWFSBiCDAmBDiq?= =?us-ascii?q?MJBqCAIERJyCCTD6ELR6DEDKCLJBknzUKgjyWZBybLY5wm0YCBAIEBQIOAQE?= =?us-ascii?q?FgWkigVhwFWUBgkFQGA2OHQwXg1CKVXSBKY11AQE?= X-IronPort-AV: E=Sophos;i="5.70,464,1574121600"; d="scan'208";a="712709093" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Feb 2020 15:13:59 +0000 Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 01KFDx1B020143 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 20 Feb 2020 15:13:59 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 20 Feb 2020 09:13:58 -0600 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 20 Feb 2020 09:13:57 -0600 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 20 Feb 2020 09:13:57 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GfKJ51jd58gMfydHTEGQ61sD3mXQmZnfs0IlEIfRQNQi2OTouVU25+Ups86DHRsL/g64UrKSPBYmihJPG8xDDM0c2e3OZe6xHmYoXdLYIbQ6vgGuvTZ92kFZLl/5v+IGtag8ukojhLCS1WRKgtIHwjsX4C0pkd7GvBprZGd4Znd7Qtih8REiNkn5Lt8z0zQVN17yaYOsj0uAJogr+bURMVvXbXKOY1dmkUZjVtb4KEazFmnHS+EysGf/5MDG0huHiALwoT4Runp+Ds6crdKTyBIr9OjMbCXKJ4N5WoIRBFfgOhOPo8XnHQq8Qb7pNkQ+vMMHf+k7kcxMLwIbeHF7rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AfrXXWa/NNVeavPCkdZyQcPdqtFQK8nM4tduelB9odM=; b=nkIsSOon+wtKTNrV+l/g6TENIjSnisz4d48CkNQJ6tTGccSdWGlb1LHTyx2vhAjGUHiefy55QYywScy6NP0mxh0CBl6d/+L5RAwz8Z+U3cyV+K+80wUfhhMMRpd65ctOhHviRAX77z0eXJFmzvn/3cQtp2taZ7pERZGNyE0E318SqPYYK0yGG5SjOIwb8Qo6mAa0uwFSBMyRMBEdBL1G/QG+BcWIXPP/lwnsv7byL/hRLoi9ifRXDlsdRf2tJOWV+ICXEeBG4xVRY7Jsx/QIndr2KabjeDn9+NL3mCnq+k/sOrpth8rlvUz0xyJOekXwP0jmbhzAVQkgRmKUAvUMbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AfrXXWa/NNVeavPCkdZyQcPdqtFQK8nM4tduelB9odM=; b=OA/F0WpstBow6mYcdcAHSikTSGcNXiS39AmF8wV6YGeYpHPxWjQAPocS0sg9nH6MI0wux1smNnAASUvtwnky36HnNd5/R8t66NG6zz/KdGJkDvFWg2MTBAsUqlNuIvf4GYsYjY/jT474OohI0ItwanyzrU257c38XcbMBbrCWig= Received: from BYAPR11MB3237.namprd11.prod.outlook.com (2603:10b6:a03:1e::19) by BYAPR11MB3446.namprd11.prod.outlook.com (2603:10b6:a03:1a::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.31; Thu, 20 Feb 2020 15:13:56 +0000 Received: from BYAPR11MB3237.namprd11.prod.outlook.com ([fe80::41f8:c6c1:c2c9:d476]) by BYAPR11MB3237.namprd11.prod.outlook.com ([fe80::41f8:c6c1:c2c9:d476%5]) with mapi id 15.20.2729.033; Thu, 20 Feb 2020 15:13:56 +0000 From: "Charles Eckel (eckelcu)" To: Michael Richardson , Eliot Lear , "mud@ietf.org" CC: "hackathon@ietf.org" Thread-Topic: [hackathon] network and power Thread-Index: AQHV5n4kBzMggA+yxUiXMj2ayu2lFagjyKeA///k/IA= Date: Thu, 20 Feb 2020 15:13:55 +0000 Message-ID: <084E2C25-FFA0-422C-AB76-968306F935C7@cisco.com> References: <1F3F4ACF-7C44-46B7-A28B-5ADB6943209D@cisco.com> <12624.1582188637@dooku> In-Reply-To: <12624.1582188637@dooku> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.22.0.200209 authentication-results: spf=none (sender IP is ) smtp.mailfrom=eckelcu@cisco.com; x-originating-ip: [2001:420:c0c8:1007::563] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd4a9253-48b2-44f1-36fc-08d7b6178107 x-ms-traffictypediagnostic: BYAPR11MB3446: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 031996B7EF x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(366004)(376002)(396003)(136003)(189003)(199004)(6486002)(186003)(36756003)(4744005)(6512007)(2616005)(2906002)(6506007)(4326008)(81156014)(86362001)(71200400001)(81166006)(8936002)(66946007)(110136005)(5660300002)(76116006)(64756008)(66556008)(33656002)(66446008)(478600001)(66476007)(8676002)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3446; H:BYAPR11MB3237.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aT6L43NwPjrsLCiYquS5QgOt6rQ1/TJwLtvhY3iadiuSgzjtkAEBdZPATopz2a9ltGgpls71UX7ibtVrQ0m4yOkpSybyqDbQ7zHxH+p3ZIoZL8rwQDfbmPZSwilhLfm3LT+A+p48NB+BOlSjx2veKTmfAH7zT9KgTipEqHAYjF7Vplgbm6i1rKRAK4M/SyaFgU0uuRjAU+J+sKUFw/UwFD4q1J4bLTGQGXuocYN5jXh6NKecFPTUB7pcmNNcaof8LnyKLJdhtEOxG/+2zZP8jRb50W7ddsnnOyKeL3AXKpBzDZNpF3vDuR9NgBvvAEKuRh9q+/C3jK71f34n+Ued50JCBwLuu21nalVpW/yHVU4aiAdQxHaDIdkQKc9jQ5PXpawBQ3EUk1uAuHUGWJ0eOC7K0+X2aK2d5nP1lcuSL7by5OtBVIVYlgcf1WZHU2A9 x-ms-exchange-antispam-messagedata: LKNzVphX6bj0/PQ5GE2M3iWNZ3As4Dw7w/ljnvz/ee/bnFl0uTfFk4Kl0So6gm5UHob6U+s/sN/5WH7tElGe5mMuD00cfeeq2wcS9OVzFtTKevCUKu/w6Bzi/6YQMAtsn5BDGbnDxE+T3pnRlcSoLOZI2Gtco1OCHzQLPG6KLow= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: dd4a9253-48b2-44f1-36fc-08d7b6178107 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2020 15:13:55.9692 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6TGvY4UyB5WcX+8fl5g/W9at6uqzeqyTX6De0KiqRQjVBMN3gKQHnhW7SzTGWw3jMFTMWZA7R/Qw6z+6g/IDcg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3446 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com X-Outbound-Node: alln-core-5.cisco.com Archived-At: Subject: Re: [Mud] [hackathon] network and power X-BeenThere: mud@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of Manufacturer Ussage Descriptions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Feb 2020 15:14:02 -0000 SGkgTWljaGFlbCwNCg0KVGhhbmtzIGZvciB0aGUgaGVhZHMgdXAsIGFuZCBncmVhdCB0byBoZWFy IHRoYXQgdGhlIGNvbGxhYm9yYXRpb24gb24gcnVubmluZyBjb2RlIGhhcyBleHRlbmRlZCBiZXlv bmQgSUVURiBoYWNrYXRob25zLiANCg0KQ2hlZXJzLA0KQ2hhcmxlcw0KDQrvu79PbiAyLzIwLzIw LCAxOjEwIEFNLCAiTWljaGFlbCBSaWNoYXJkc29uIiA8bWNyK2lldGZAc2FuZGVsbWFuLmNhPiB3 cm90ZToNCg0KICAgIA0KICAgIENoYXJsZXMsDQogICAgUmU6IHBvd2VyIGFuZCBuZXR3b3JrDQog ICAgDQogICAgYXQgdGhlIFNVSVQvVEVFUC9SQVRTIEhhY2thdGhvbiB0aGlzIHdlZWssIGFib3V0 IDExIHBlb3BsZSBzYWlkIHRoZXkgd2VyZQ0KICAgIGdvaW5nIHRvIHRoZSBJRVRGIEhhY2thdGhv bi4gIE9mIHRob3NlLCBJIHRoaW5rIGl0IHdhcyAzLTQgd2VyZSBnb2luZyB0byBkbw0KICAgIFNV SVQvVEVFUC9SQVRTIGFuZCBzb21lIG9mIHVzIHdvdWxkIGZsaXQgYmV0d2VlbiB0YWJsZXMuDQog ICAgDQogICAgQm90aCBTVUlUL1RFRVAvUkFUUyBhbmQgTVVEL0FOSU1BIHdvdWxkIHNlZW0gdG8g bmVlZCB0YWJsZXMgd2l0aCBleHRyYSBwb3dlcg0KICAgIGFuZCB3aXJlZCBuZXR3b3JraW5nLiAg ICBEaWZmZXJlbnQsIGJ1dCBuZWFyYnkgdGFibGVzLCB3b3VsZCBiZSBhcHByZWNpYXRlZC4NCiAg ICBJJ2xsIHRyeSB0byBnZXQgdGhhdCBpbnRvIHRoZSB3aWtpLCBidXQgbmV0d29yay9MVEUgaXMg cG9vciBvbiB0aGUgdHJhaW4gSSdtDQogICAgb24uDQogICAgDQogICAgLS0NCiAgICBNaWNoYWVs IFJpY2hhcmRzb24gPG1jcitJRVRGQHNhbmRlbG1hbi5jYT4sIFNhbmRlbG1hbiBTb2Z0d2FyZSBX b3Jrcw0KICAgICAtPSBJUHY2IElvVCBjb25zdWx0aW5nID0tDQogICAgDQogICAgDQogICAgDQog ICAgDQoNCg==