idnits 2.17.1 draft-turner-application-cms-media-type-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 29, 2014) is 3733 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 5751 (Obsoleted by RFC 8551) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force (IETF) S. Turner 3 Internet Draft IECA 4 Intended Status: Informational R. Housley 5 Expires: August 2, 2014 Vigil Security 6 J. Schaad 7 Soaring Hawk Consulting 8 January 29, 2014 10 The application/cms media type 11 draft-turner-application-cms-media-type-08.txt 13 Abstract 15 This document registers the application/cms media types for use with 16 the corresponding CMS (Cryptographic Message Syntax) content types. 18 Status of this Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 Copyright Notice 35 Copyright (c) 2014 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 1. Introduction 50 [RFC5751] registered the application/pkc7-mime media type. That 51 document defined five optional smime-type parameters. The smime-type 52 parameter originally conveyed details about the security applied 53 (signed or enveloped) to the data content type, hence signed-data and 54 enveloped-data, the name of the data, and was later expanded to also 55 indicate that the message was compressed, compressed-data, and that 56 the message is a certs-only message. This document does not affect 57 those registrations as this document places no requirements on S/MIME 58 (Secure Multipurpose Internet Mail Extensions) agents. 60 The registration done by the S/MIME documents was done assuming that 61 there would be a MIME (Multipurpose Internet Mail Extensions) 62 wrapping layer around each of the different enveloping contents, thus 63 there was no need to include more than one item in each smime-type. 64 This is no longer the case with some of the more advanced enveloping 65 types. Some protocols such as the CMC (Certificate Management over 66 Cryptographic Message Syntax) [RFC5273] have defined additional 67 S/MIME types. New protocols that intend to wrap MIME content should 68 continue to define a smime-type string, however new protocols that 69 intend to wrap non-mime types should use this mechanism instead. 71 CMS (Cryptographic Message Syntax) [RFC5652] associates a content 72 type identifier (OID) with a content; CMS content types have been 73 widely used to define contents that can be enveloped using other CMS 74 content types and to define enveloping content types some of which 75 provide security services. CMS protecting content types, those that 76 provide security services, include: Signed Data [RFC5652], Enveloped 77 Data [RFC5652], Digest Data [RFC5652], Encrypted Data [RFC5652], 78 Authenticated Data [RFC5652], Authenticated Enveloped Data [RFC5083], 79 and Encrypted Key Package [RFC6032]. CMS non-protecting content 80 types, those that provide no security services but encapsulate other 81 CMS content types, include: Content Information [RFC5652], Compressed 82 Data [RFC3274], Content Collection [RFC4073], and Content With 83 Attributes [RFC4073]. Then, there are the inner most content types 84 that include: Data [RFC5652], Asymmetric Key Package [RFC5958], 85 Symmetric Key Package [RFC6031], Firmware Package [RFC4108], Firmware 86 Package Load Receipt [RFC4108], Firmware Package Load Error 87 [RFC4108], Trust Anchor List [RFC5914], id-ct-KP-keyPackageReceipt 88 [ID.housley-keypackage-receipt-n-error], TAMP Status Query, TAMP 89 Status Response, TAMP Update, TAMP Update Confirm, TAMP Apex Update, 90 TAMP Apex Update Confirmation, TAMP Community Update Confirm, TAMP 91 Sequence Adjust, TAMP Sequence Adjust Confirmation, TAMP Error 92 [RFC5934], Key Package Error, and Key Package Receipt [ID.housley- 93 keypackage-receipt-n-error]. 95 To support conveying CMS content types, this document defines a media 96 type and parameters that indicate the enveloping and embedded CMS 97 content types. 99 New CMS content types should be affirmative in defining the string 100 that identifies the new content type and should additionally define 101 if the new content type is expected to appear in the 102 encapsulatedContent or innerContent field. 104 1.1. Requirements Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 2. CMS Media Type Registration Applications 112 This section provides the media type registration application for the 113 application/cms media type (see [RFC6838], Section 5.6). 115 Type name: application 117 Subtype name: cms 119 Required parameters: None. 121 Optional parameters: 123 encapsulatingContent=y; where y is one or more CMS ECT 124 (Encapsulating Content Type) identifiers; multiple values are 125 encapsulated in quotes and separated by a folding-whitespace comma 126 folding-whitespace. ECT values are based on content types found in 127 [RFC3274], [RFC4073], [RFC5083], [RFC5652], and [RFC6032]. This 128 list can later be extended, see Section 4. 129 authData 130 compressedData 131 contentCollection 132 contentInfo 133 contentWithAttrs 134 authEnvelopedData 135 encryptedKeyPkg 136 digestData 137 encryptedData 138 envelopedData 139 signedData 141 innerContent=x; where x is one or more CMS ICT (Inner Content Type) 142 identifiers; multiple values encapsulated in quotes and are 143 separated by a folding-whitespace comma folding-whitespace. ICT 144 values are based on content types found in [RFC4108], [RFC5914], 145 [RFC5934], [RFC5958], [RFC6031], and [ID.housley-keypackage- 146 receipt-n-error]. This list can later be extended, see Section 4. 147 firmwarePackage 148 firmwareLoadReceipt 149 firmwareLoadError 150 aKeyPackage 151 sKeyPackage 152 trustAnchorList 153 tamp-status-query 154 tamp-status-response 155 tamp-update 156 tamp-update-confirm 157 tamp-apex-update 158 tamp-apex-update-confirm 159 tamp-community-update 160 tamp-community-update-confirm 161 tamp-sequence-adjust 162 tamp-sequence-adjust-confirm 163 tamp-error 164 keyPackageReceipt 165 keyPackageError 167 The optional parameters are case-sensitive. 169 Encoding considerations: 171 Binary. 173 [RFC5652] requires that the outer most encapsulation be 174 ContentInfo. 176 Security considerations: 178 The following security considerations apply: 180 RFC | CMS Protecting Content Type and Algorithms 181 ----------+------------------------------------------- 182 [RFC3370] | signedData, envelopedData, 183 [RFC5652] | digestedData, encryptedData, and 184 [RFC5753] | authData 185 [RFC5754] | 186 ----------+------------------------------------------- 187 [RFC5958] | aKeyPackage 188 [RFC5959] | 189 [RFC6162] | 190 ----------+------------------------------------------- 191 [RFC6031] | sKeyPackage 193 [RFC6160] | 194 ----------+------------------------------------------- 195 [RFC6032] | encryptedKeyPkg 196 [RFC6033] | 197 [RFC6161] | 198 ----------+------------------------------------------- 199 [RFC5914] | trustAnchorList 200 ----------+------------------------------------------- 201 [RFC3274] | compressedData 202 ----------+------------------------------------------- 203 [RFC5083] | authEnvelopedData 204 [RFC5084] | 205 ----------+------------------------------------------- 206 [RFC4073] | contentCollection and 207 | contentWithAttrs 208 ----------+------------------------------------------- 209 [RFC4108] | firmwarePackage, 210 | firmwareLoadReceipt, and 211 | firmwareLoadError 212 ----------+------------------------------------------- 213 [RFC5934] | tamp-status-query, tamp-status-response, 214 | tamp-update, tamp-update-confirm, 215 | tamp-apex-update, 216 | tamp-apex-update-confirm, 217 | tamp-community-update, 218 | tamp-community-update-confirm, 219 | tamp-sequence-adjust, 220 | tamp-sequence-adjust-confirm, and 221 | tamp-error 222 ----------+------------------------------------------- 223 [ID.housley-keypackage-receipt-n-error] | 224 | keyPackageReceipt and keyPackageError 225 ----------+------------------------------------------- 227 In some circumstances, significant information can be leaked by 228 disclosing what the innermost ASN.1 structure is. In these cases 229 it is acceptable to disclose the wrappers without disclosing the 230 inner content type. 232 ASN.1 encoding rules (e.g., DER and BER) have a type-length-value 233 structure, and it is easy to construct malicious content with 234 invalid length fields that can cause buffer overrun conditions. 235 ASN.1 encoding rules allows for arbitrary levels of nesting, which 236 may make it possible to construct malicious content that will cause 237 a stack overflow. Interpreters of ASN.1 structures should be aware 238 of these issues and should take appropriate measures to guard 239 against buffer overflows and stack overruns in particular and 240 malicious content in general. 242 Interoperability considerations: 244 See [RFC3274], [RFC4073], [RFC4108], [RFC5083], [RFC5652], 245 [RFC5914], [RFC5934], [RFC5958], [RFC6031], [RFC6032], and 246 [ID.housley-keypackage-receipt-n-error]. 248 In all cases, CMS content types are encapsulated within ContentInfo 249 structures [RFC5652]; that is the outer most enveloping structure 250 is ContentInfo. 252 CMS [RFC5652] defines slightly different processing rules for 253 SignedData than does PKCS #7 [RFC2315]. This media type employs 254 the CMS processing rules. 256 The Content-Type header field of all application/cms objects SHOULD 257 include the optional "encapsulatingContent" and "innerContent" 258 parameters. 260 The Content-Disposition header field [RFC4021] can also be included 261 along with Content-Type's optional name parameter. 263 Published specification: This specification. 265 Applications which use this media type: 267 Applications that support CMS (Cryptographic Message Syntax) 268 content types. 270 Additional information: 272 Magic number(s): None 273 File extension(s): .cmsc 274 Macintosh File Type Code(s): 276 Person & email address to contact for further information: 278 Sean Turner 280 Restrictions on usage: none 282 Author: Sean Turner 284 Intended usage: COMMON 286 Change controller: The IESG 288 3. Example 290 The following is an example encrypted status response message: 292 MIME-Version: 1.0 293 Content-Type: application/cms; encapsulatingContent=encryptedData; 294 innerContent=TAMP-statusResponse; name=status.cmsc 295 Content-Transfer-Encoding: base64 297 MIIFLQYJKoZIhvcNAQcDoIIFHjCCBRoCAQAxggFhMIIBXQIBADBFMEAxC 298 zAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMD 299 ExMRAwDgYDVQQDEwdHb29kIENBAgEBMA0GCSqGSIb3DQEBAQUABIIBAEa 300 uaXQeVsOyZ7gz0pJikRQ6Jqr64k2dbHBE4SDZL/uErP9FJUIja9LaJrc5 301 S83EZ7wf3mODUBaDhGfQVKoPrNTsLmw98fE/O+wcdpI2XKaILOR62xDJR 302 emQQST+EPfMwZmCwgsImmY3AxefAgzp8hVgK7SDiXGXfa9ux9PMdCSjHP 303 IgcAUFHmTiqxYd72Gl08kLCMIXmn3g5RsYUggxooeFNHiFNR28TV5HctG 304 i6Ay5++iKUGrUQyXD+GlwakFToGFmFj3FMyZi7+kYV/X00BiBP3kpIgVJ 305 4jCj+nYtKWh6JXPoEqEsa39GmDEFGq4/58GEu70amWvW1DA++7kDP4gwg 306 gOuBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAECBBCH5yTQqZ4KYiTTeYdjoY 307 4sgIIDgArSpOcengKnZS4SCjfuQkMxB5wfSaud1thlZ+gUFCgzbFtkfYM 308 Qx/T7gnkneniyj2rwOmZxCQXpPlCDXH6mS83ngfrNN8ay3HrMPpVkEOmW 309 UMc5jI6oNObwqi8a3ezzhYRxF06jzdD2R/6SAPALz3Q4NU8eX+PnuekgR 310 oxo/INzhT4iGvokn9xVah6piSbjhPA+QZp1HgQrlWyyM3lG9jn4thchKl 311 FQqZEy/EBaCWq+sJG7LLxqS5k29CiAVx0JSItqAPvX1ZvLMY2aq//MQMw 312 0VFEx7Kt5aWNvKHTor9RUuuzwiZ5kwXt2vJt6bFiV7yS+EXofpFEmqyJP 313 VJzyAFIXJRTv4k007n0M1UpXQpGjywECI6DbIhfBL8CsNskTCjrsfU+Tw 314 RRkRKAbtJYughs9bDYkDu9UsKd/AE4zXk4prwo8/f1chpmzpHKOXiWzt+ 315 xaCj648I4rOjdI9s4JP8J0qwVKoLEMGeiZlf2UlaiyMzZYzTOxI03PHp1 316 Whk6TXhnmMVPWGYjjelvE38gq/XynobbQRGEJdnnHzH7SrS27FmgRcnBO 317 3QQUPJChVn7iBHmdui++GAxpHoGdS6nSo4kQ6d5u5rL/Ctcnwu0k+s0Xi 318 ZMzOqp7L31xl1jvYUWIswLQYsIFoiejU3UTKzq/Cpd5MK+I8cwCM3aQ2c 319 D08URTPgu+U92pnYqm3auptywyjGAU/hkZ13XN7YRhLk/kuX8QXo3tZdj 320 dKA4f/uNf1DURpJK9004uCkxuAtu5HemMv7YPTTx9Ua2pZFW5O+k2Mf2Z 321 F/geOvtNw7UV8wOT1nokXu9lnIZ9Xcs1cGGmRYE7jW15F07uGnMi1s2Gt 322 LAST7t/PlTNZU6h0rVExErVa7T+VNidrgwGIke0YqYIwvTINRs+9VeJE3 323 AJeatDlQs+01jrqqFWWmGmmsEBTTRuoDQHK7YBFFy4xIwQqZGW0EVre39 324 OU5CL5LHIYiAVoV16YwiGd5WvFF8P1ZJK4ki8GFgYiMcPKmjQgP7DumqG 325 n7eQtMD5tezTQeC07ntV3bi5pdznZHVcF2Kqg+qHjJQlhUdK7Pew3kq7k 326 mfCdQV0BmQSYyjEAaTijaw4fAMxAbiw4OU0eNeU//zcpp04AuTFfJorIg 327 oZ+iCTYei8HMUA9/ysLFXA64wdsuCj0zXmNiYwosisuNg3TXfoBOzohKq 328 fkeXt 330 4. IANA Considerations 332 IANA is asked to register the media type application/cms in the 333 Standards tree using the applications provided in Section 2 of this 334 document. 336 IANA is also asked to establish two subtype registries called "CMS 337 Encapsulating Content Types" and "CMS Inner Content Types". Entries 338 in these registries is by Expert Review [RFC5226]. The Expert will 339 determine whether the content is an ECT or an ICT; where the rule is 340 that an ICT does not encapsulate another content type while an ECT 341 does encapsulate another content type. 343 Initial values are as follows: 345 CMS Encapsulating Content Types 347 Name | Document | Object Identifier 348 ----------------------------+----------+--------------------------- 349 authData |[RFC5652] | 1.2.840.113549.1.9.16.1.2 350 compressedData |[RFC3274] | 1.2.840.113549.1.9.16.1.9 351 contentCollection |[RFC4073] | 1.2.840.113549.1.9.16.1.19 352 contentInfo |[RFC5652] | 1.2.840.113549.1.9.16.1.6 353 contentWithAttrs |[RFC4073] | 1.2.840.113549.1.9.16.1.20 354 authEnvelopedData |[RFC5083] | 1.2.840.113549.1.9.16.1.23 355 encryptedKeyPkg |[RFC6030] | 2.16.840.1.101.2.1.2.78.2 356 digestData |[RFC5652] | 1.2.840.113549.1.9.16.1.5 357 encryptedData |[RFC5652] | 1.2.840.113549.1.9.16.1.6 358 envelopedData |[RFC5652] | 1.2.840.113549.1.9.16.1.3 359 signedData |[RFC5652] | 1.2.840.113549.1.9.16.1.2 360 CMS Inner Content Types 362 Name | Document | Object Identifier 363 ----------------------------+----------+--------------------------- 364 firmwarePackage |[RFC4108] | 1.2.840.113549.1.9.16.1.16 365 firmwareLoadReceipt |[RFC4108] | 1.2.840.113549.1.9.16.1.17 366 firmwareLoadError |[RFC4108] | 1.2.840.113549.1.9.16.1.18 367 aKeyPackage |[RFC5958] | 2.16.840.1.101.2.1.2.78.5 368 sKeyPackage |[RFC6031] | 1.2.840.113549.1.9.16.1.25 369 trustAnchorList |[RFC5914] | 1.2.840.113549.1.9.16.1.34 370 TAMP-statusQuery |[RFC5934] | 2.16.840.1.101.2.1.2.77.1 371 TAMP-statusResponse |[RFC5934] | 2.16.840.1.101.2.1.2.77.2 372 TAMP-update |[RFC5934] | 2.16.840.1.101.2.1.2.77.3 373 TAMP-updateConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.4 374 TAMP-apexUpdate |[RFC5934] | 2.16.840.1.101.2.1.2.77.5 375 TAMP-apexUpdateConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.6 376 TAMP-communityUpdate |[RFC5934] | 2.16.840.1.101.2.1.2.77.7 377 TAMP-communityUpdateConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.8 378 TAMP-seqNumAdjust |[RFC5934] | 2.16.840.1.101.2.1.2.77.10 379 TAMP-seqNumAdjustConfirm |[RFC5934] | 2.16.840.1.101.2.1.2.77.11 380 TAMP-error |[RFC5934] | 2.16.840.1.101.2.1.2.77.9 381 keyPackageReceipt |[ID.housley-keypackage-receipt-n-error] 382 | 2.16.840.1.101.2.1.2.78.3 383 keyPackageError |[ID.housley-keypackage-receipt-n-error] 384 | 2.16.840.1.101.2.1.2.78.6 386 5. Security Considerations 388 See the answer to the Security Considerations template questions in 389 Section 2. 391 6. Acknowledgments 393 Special thanks to Carl Wallace for generating the example in Section 394 3. 396 7. References 398 7.1. Normative References 400 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 401 Requirement Levels", BCP 14, RFC 2119, March 1997. 403 [RFC3274] Gutmann, P., "Compressed Data Content Type for 404 Cryptographic Message Syntax (CMS)", RFC 3274, June 2002. 406 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 407 Algorithms", RFC 3370, August 2002. 409 [RFC4021] Klyne, G., and J. Palme, "Registration of Mail and MIME 410 Header Fields", RFC 4021, March 2005. 412 [RFC4073] Housley, R., "Protecting Multiple Contents with the 413 Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. 415 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 416 Protect Firmware Packages", RFC 4108, August 2005. 418 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 419 Authenticated-Enveloped-Data Content Type", RFC 5083, 420 November 2007. 422 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 423 Encryption in the Cryptographic Message Syntax (CMS)", RFC 424 5084, November 2007. 426 [RFC5226] Narten, T., and H. Alvestrand, "Guidelines for Writing an 427 IANA Considerations Section in RFCs", RFC 5226, May 2008. 429 [RFC5273] Schaad, J. and M. Myers, "Certificate Management over CMS 430 (CMC): Transport Protocols", RFC 5273, June 2008. 432 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 433 RFC 5652, September 2009. 435 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 436 Cryptography (ECC) Algorithms in Cryptographic Message 437 Syntax (CMS)", RFC 5753, January 2010. 439 [RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic 440 Message Syntax", RFC 5754, January 2010. 442 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 443 Format", RFC 5914, June 2010. 445 [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 446 Management Protocol (TAMP)", RFC 5934, August 2010. 448 [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, August 449 2010. 451 [RFC5959] Turner, S., "Algorithms for Asymmetric Key Package Content 452 Type", RFC 5959, August 2010. 454 [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax 455 (CMS) Symmetric Key Package Content Type", RFC 6031, 456 December 2010. 458 [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax 459 (CMS) Encrypted Key Package Content Type", RFC 6032, 460 December 2010. 462 [RFC6033] Turner, S., "Algorithms for Cryptographic Message Syntax 463 (CMS) Encrypted Key Package Content Type", RFC 6033, 464 December 2010. 466 [RFC6160] Turner, S., "Algorithms for Cryptographic Message Syntax 467 (CMS) Protection of Symmetric Key Package Content Types", 468 RFC 6160, April 2011. 470 [RFC6161] Turner, S., "Elliptic Curve Algorithms for Cryptographic 471 Message Syntax (CMS) Encrypted Key Package Content Type", 472 RFC 6161, April 2011. 474 [RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic 475 Message Syntax (CMS) Asymmetric Key Package Content Type", 476 RFC 6162, April 2012. 478 [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type 479 Specifications and Registration Procedures", BCP 13, RFC 480 6838, January 2013. 482 [ID.housley-keypackage-receipt-n-error] Housley, R., "Cryptographic 483 Message Syntax (CMS) Key Package Receipt and Error Content 484 Types", draft-housley-ct-keypackage-receipt-n-error, June 485 2013. 487 7.2. Informative References 489 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 490 Version 1.5", RFC 2315, March 1998. 492 [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 493 Mail Extensions (S/MIME) Version 3.2 Message 494 Specification", RFC 5751, January 2010. 496 Authors' Addresses 498 Sean Turner 499 IECA, Inc. 500 3057 Nutley Street, Suite 106 501 Fairfax, VA 22031 502 USA 504 EMail: turners@ieca.com 505 Phone: +1.703.628.3180 507 Russell Housley 508 Vigil Security, LLC 509 918 Spring Knoll Drive 510 Herndon, VA 20170 511 USA 513 EMail: housley@vigilsec.com 515 Jim Schaad 516 Soaring Hawk Consulting 518 EMail: ietf@augustcellars.com