Re: [abnf-discuss] FW: [urn] Informal NID registration interest

Kate Gray <kate@aerobatt.com> Tue, 30 March 2021 21:41 UTC

Return-Path: <kate@aerobatt.com>
X-Original-To: abnf-discuss@ietfa.amsl.com
Delivered-To: abnf-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B233A0F0E for <abnf-discuss@ietfa.amsl.com>; Tue, 30 Mar 2021 14:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aboveandbeyondaero.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1n9esAGFhV4f for <abnf-discuss@ietfa.amsl.com>; Tue, 30 Mar 2021 14:40:56 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2131.outbound.protection.outlook.com [40.107.236.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46C7D3A0F0F for <abnf-discuss@ietf.org>; Tue, 30 Mar 2021 14:40:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KANVkD0MkgyhvHWlQmSTmkHO5/Sqkgnkd2oRNW493VX6QOkFIcfeiR+ucYuysCXHzHhFnxsQyFJ4eTT1JVtdOedClp4Pr6najDLI/2deTGoqlW+3bYskgCjxR9tXuxBg6fMtCicYHyt8ZWIY54eGh1y3o4iwT/v5udvJO3AGBcek4j6aGeYkoIzt3F8JyUcvTsxYu7Doqt27IJddsykUhuzHuyHPa48Zy54PTKFmn07LAqoxWfqmMyd1DZqtARIJy9YYfz9hpGIyLONJuHHcETg6EBKd5g9hHsAk+X69qwroioZCFCf78pQF6Lqo120mJfqvCNCT+RwJJwOFw1lY7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fgUDNkECxpS7524qgAhBuDZL9Rrfqe3l1qETbGKHaI=; b=eMUjjxMjjIG/+YGCGI46x1cjSGYQEyIyUSUC/H/pHADrJ1u90XcqSnc73e72C+DLdmzVPQLnVNfKTsrEV4hYPXI7YbG5yldVrylp2KvCLDYegr6gBnEiSgbGkK5q0OQBRZRegh/F5GdzgN+iEJs5hJUQSGFc2qYmyuf9/Te5WJ0Axeha4RC5b+pW9ZavTjTp1uk4QdkzeCmagYITOaIG7wmP/WWN+a2ylGgg8klMYt3gwH/JAQMRF3zksleXJxoXQH1ocdWKy5y7PX6wjETnQCiyFXT2gI2bF87utQj+q4Kawoa7j5ugdpY2UVpMg5yah0xAxRf96DHwH+MIcjP6Hw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aerobatt.com; dmarc=pass action=none header.from=aerobatt.com; dkim=pass header.d=aerobatt.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aboveandbeyondaero.onmicrosoft.com; s=selector1-aboveandbeyondaero-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fgUDNkECxpS7524qgAhBuDZL9Rrfqe3l1qETbGKHaI=; b=MPfDKjp86n43bMWz17oMjTP7qKtLQiDBC0mJwADkxrXmcD4nkCFWSFYCvP9hSuBultSf2c/FohDnno7ubCv4x9idgGxV6Sz7OZ48ri5FbheQOVpjgNlwS5MoBzE4W/ERAYO36plOU0f1lTlRqYf2BdNWwoa6KjEcn4mjSFLjCyc=
Received: from DM6PR18MB3473.namprd18.prod.outlook.com (2603:10b6:5:2a1::10) by DM5PR1801MB1850.namprd18.prod.outlook.com (2603:10b6:4:67::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Tue, 30 Mar 2021 21:40:46 +0000
Received: from DM6PR18MB3473.namprd18.prod.outlook.com ([fe80::b926:3fc1:246f:f907]) by DM6PR18MB3473.namprd18.prod.outlook.com ([fe80::b926:3fc1:246f:f907%3]) with mapi id 15.20.3977.033; Tue, 30 Mar 2021 21:40:46 +0000
From: Kate Gray <kate@aerobatt.com>
To: Paul Overell <paul@bayleaf.org.uk>, Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>, "abnf-discuss@ietf.org" <abnf-discuss@ietf.org>
Thread-Topic: [abnf-discuss] FW: [urn] Informal NID registration interest
Thread-Index: AQHXJWtskP0qmxMDQ06guvOm4eQC6aqcsXQAgABapkc=
Date: Tue, 30 Mar 2021 21:40:45 +0000
Message-ID: <DM6PR18MB3473038FD142D955B16FBA25B47D9@DM6PR18MB3473.namprd18.prod.outlook.com>
References: <63D60ED7-CB73-46E1-937A-56CD3F99C35E@ericsson.com>, <301948cc-46fe-54a5-ea2d-befca88ca0e6@bayleaf.org.uk>
In-Reply-To: <301948cc-46fe-54a5-ea2d-befca88ca0e6@bayleaf.org.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: bayleaf.org.uk; dkim=none (message not signed) header.d=none;bayleaf.org.uk; dmarc=none action=none header.from=aerobatt.com;
x-originating-ip: [67.79.85.206]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6fdd987b-64f3-446b-04a5-08d8f3c47a18
x-ms-traffictypediagnostic: DM5PR1801MB1850:
x-microsoft-antispam-prvs: <DM5PR1801MB18506B214583016C6E06955FB47D9@DM5PR1801MB1850.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NeVDsZM1IdsGEl9TPzcR8sNhAQ1cM0kyS3nUgtYpTmcNpOMzg2d09q8MNE89E5Js9ZPSW1r8DCGMarsQdnLHG7hJDkMeWApCn3u60D/+1poo0J7kIdBOZ+Ta+F4b5kTuLKV2BxhI2x2vX3pGkUDSlT7PcHQu7HTnyYia30/jEaWaoCb0hnsvXHQOF6nYvaEdJ1DhYuoYHMePqqKS2KONQLo1h8gEM1Kr5RVQdWNgD+GUiSbnnZeLTp82tZ4tBNyXJkf32JlldMOtGe1MFRo5o9PWqjpxWUnlhVrXzpvd32j4Rkq4TK23DBG5zvyKFEy0PRxRGEBpMT47LC7z2ZU+lcZNoqIUSJOuwV1RIg++/U85IoXxy2hoVu3bpliwezJYUPAanaKxKdiJHGDpq2++qW64fM7wIL6pDL/gej6Yiia+Jd0wglY3Av/zFEOVWVBt9s91ksGxIZ4/pMrFhlo1iaCU2X3PZ1XIdi36lcoITAPZNVZpKMM5lMaKZ+1fYPlfpqCvV6eANZXNVOUqeHJbdiC96/v6Zc+/hwtZ59pWyv7FMjhiE16kCT5atlX8ZCE7VmEeO0w+cK1yVfywfNlt/Bu43k02PW+GiXDNcyr4AiDVe66vzk291fVmK4Dl2ZEFFLkAdd2+YSNgC9l/2wDOBWD1pW6MfMXYuKFe6qy88WJ0oDI7eUpBPJs7fr+bw8atn0iQzvhDDpxWYU1FmI88reTv3dOBQVvTxchtCXx1WUE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR18MB3473.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(366004)(376002)(396003)(39830400003)(136003)(71200400001)(110136005)(5660300002)(966005)(52536014)(55016002)(19627405001)(478600001)(166002)(83380400001)(2906002)(9686003)(33656002)(86362001)(76116006)(316002)(8936002)(53546011)(6506007)(66946007)(66476007)(66556008)(8676002)(66574015)(186003)(64756008)(66446008)(38100700001)(26005)(7696005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?CwCe2Mo+9RcYb0iwcaXhJZi2lqK1Jpyl33CVWNG4MT4CqKNqzPXyI6prtdgh?= =?us-ascii?Q?RKCxHmKy/D/p17qTb2p741MPJYjZQeeSn57M17yRKwXy21wWiy3KzcEIee63?= =?us-ascii?Q?3lqVZtXF+ov4KW+EZ98bkVwUZiXQ4R+ybsxEYnjsxNGeq6l4RJkangZFPUR1?= =?us-ascii?Q?pKdt+2zWkK1pUsaJrnTiibZFNwggRBVECZofs/XAE2Dl6eCYUSH5YCQB0WPx?= =?us-ascii?Q?j8rjR//sqL59I0I8dXIP5v4DEOuONEInPNZyrRtUEjxMdzhGbqVlNPLju4UZ?= =?us-ascii?Q?fvJx8GsXhadYRln1GVOXs6qPrnpj7QS/+xONPwQlJ5y9cU3QO05QJEALroLh?= =?us-ascii?Q?W/pXO80jOzntAF8sYMlWyZ81mlfNCdoFJALK7v7Pac0dDGXeMmZq4f+rg8/0?= =?us-ascii?Q?tWmfO4RBS6bnvQ1b69qgV2kebcOVWZeOeVbfokMpcS73mI10VGEH7qtSmz7L?= =?us-ascii?Q?DuzFOx/kEk5xRZJpKG1PiGNs9h0u7OUon79Wuk6QuIcS59+gFIfLqBNhdmHK?= =?us-ascii?Q?xQzwBca2SHCX6Yiow6FwTwzzgLswrzKpDRXvZBGZBk8Tzuq3h46e4eJMksNG?= =?us-ascii?Q?OqJz+jIyCyUPl0WvVlTql1gbjveAOVlbjh8fwPAEbSDV84cj1VVSAmiI2fnf?= =?us-ascii?Q?XaRSHIDMhvb7T0PvuKb0VBf8k++41vc2+0Jbm8xrPMhS4/1QTb9OvBPNloS/?= =?us-ascii?Q?qsD7kejpG4xAXj642Cbxvz4j9n3EnlHVAGm0tS51GoiWvUfuIDPdrIg4Tgdv?= =?us-ascii?Q?lRs4iRgWlUK6JvlBNZJtRNvgLxvJxmR2fohUBX0b+QbfcT9p9Vg9o2EKNJGJ?= =?us-ascii?Q?VaxsvXSaAo0h/vyXW4ia09YS7BZWJOxEgSjot1dJ2ZmNRjiviPdqeY+lwpC9?= =?us-ascii?Q?aCDPLtfqsKLgSZoxF0qa+Ru+3xltbOhxs5O2Q6zFN62MH60kyZFDHhyhJpAr?= =?us-ascii?Q?TatYt0vTh+jU4W+DoaWgIdR0wNCpvVqGgghXy25E9dOKIRSvXzSMmVj88jd2?= =?us-ascii?Q?W2u4c3fTMNLC1QE7toqS9YnMojTUVpSMmpgj4IR9I7FXBEY73w16dOXNR7ma?= =?us-ascii?Q?xLG44eKtpbnQxA4/mskiKoJ/a1ZcwAWv+r7qJGEfVoLGcb63LiN5Yf+zRZAq?= =?us-ascii?Q?OpndRYnNImcQ348J2+dGkBRtg6JqhjU/pnGaHT1mTL8HEazZ7LJ8MjF3oadn?= =?us-ascii?Q?+kuX07yB7qdG3n1g4+hgIORCI8mHjR7kTxEMaPbYiEo6YFLAgOALOGiJ94+x?= =?us-ascii?Q?NEcuYg+G7+sbFEdfURSzIiM04BQCZBERAl9o75qj90MC83KtWhv3RgC+llxB?= =?us-ascii?Q?f3c=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR18MB3473038FD142D955B16FBA25B47D9DM6PR18MB3473namp_"
MIME-Version: 1.0
X-OriginatorOrg: aerobatt.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR18MB3473.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fdd987b-64f3-446b-04a5-08d8f3c47a18
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2021 21:40:45.9493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e0c10a5c-cb0d-4dbf-8351-c088c95ec14d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: A9n9jm0sN/OrB5h/JggLkmGea6F9wqBYG3AerKyxTSDN4lfyjcN00XDXlubNJqfDoVbIwjZ9L1z8cNkc3Q3oqg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1801MB1850
Archived-At: <https://mailarchive.ietf.org/arch/msg/abnf-discuss/b5aEBHOI-jvWZllVFNJGazROcNE>
X-Mailman-Approved-At: Thu, 01 Apr 2021 08:45:42 -0700
Subject: Re: [abnf-discuss] FW: [urn] Informal NID registration interest
X-BeenThere: abnf-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "General discussion about tools, activities and capabilities involving the ABNF meta-language" <abnf-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abnf-discuss>, <mailto:abnf-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abnf-discuss/>
List-Post: <mailto:abnf-discuss@ietf.org>
List-Help: <mailto:abnf-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abnf-discuss>, <mailto:abnf-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 21:41:02 -0000

Hello,

I'm travelling for the next few days but will put together a more comprehensive list of examples when I arrive.  I need to do that for testing that the syntax matches anyway.

While I'm doing so, I suppose I should ask - what is the difference between "formal" and "informal" URN registrations, other than the numbered NID?  The goal of this effort is to fill a need, specifically to provide a way to reference keys within a path with a persistent, unique, and useful identifier.

Towards that end, it might make sense for us to have this within a structure in which partners and those within the industry have the say - for example, set up an open committee for allocating tenant IDs, and discussion of standards around it.  Interoperability (as we've seen with the PIV standard) brought a lot of benefits - the same card can be used without third party drivers on Windows, Mac, (or using OpenSC) Linux.  It easily does SSH, SSL client certificates, S/MIME, etc.

The missing link (and what's especially harming adoption in the small and mid-size organizations) is to a large extent the difficulties with card issuance, and part of that is a lack of standardization on tools, and ways to manage the keys.  This is a piece of that much larger puzzle, and perhaps it would make sense to try to go for a formal NID, managed by a formal committee, that can have KDF URNs under it's NID, as well as other standards at a future date, if the needs of the community require it.

As a technical consultant and security engineer, I've helped organizations do this kind of thing internally.  This is the first time that I've worked with an organization that wants to think bigger, and is open to sharing the tools, information, methods, etc. out there - trying to drive the adoption of hardware security as an industry and as a planet, rather than trying to just protect their own internal services.

Thank you for your patience,


Kate
________________________________
From: Paul Overell <paul@bayleaf.org.uk>
Sent: Tuesday, March 30, 2021 12:02 PM
To: Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>rg>; abnf-discuss@ietf.org <abnf-discuss@ietf.org>
Cc: Kate Gray <kate@aerobatt.com>
Subject: Re: [abnf-discuss] FW: [urn] Informal NID registration interest

Hi,

I've commented on the syntax of the ABNF, but I can't comment on the
correctness of the ABNF for this particular application as I'm not
familiar with it.  Need some examples of NSS strings.

Comments inline


Regards

On 30/03/2021 14:48, Francesca Palombini wrote:
> Hi all,
>
> The URN mailing list just got this registration request, which contains ABNF - if any of the ABNF experts has time to review it, I think it would be helpful to the author (in CC).
>
> Francesca
>
> ---
> https://mailarchive.ietf.org/arch/msg/urn/RiNCn4BYeY6xoilYpiGdDBUd0QQ/
>
> [urn] Informal NID registration interest
> Kate Gray Sun, 28 March 2021 09:01 UTC
>
> Hello,
>
> I am interested in registering an informal NID for URNs.
>
> I have attempted to fill out the template as requested.  I apologize if I screwed up somewhere; this is my first time doing this.
>
> Namespace Identifier: Assigned by IANA (informal)
>
> Version: 1
>
> Date: 2021-03-28
>
> Registrant:
>      Kate Gray <kate&codebykate.com>
>      340 S Lemon Ave #5926
>      Walnut, CA 91789 USA
>
> Purpose:
>      The purpose of this NID is to provide a Uniform Resource Name representing
>      derived keys within a card issuance scheme.  Specifically, they provide a
>      path within a hierarchal tree representing implementers (referred to as
>      tenants within the system), card issuers (e.g. Universities), optional sub-
>      issuers (e.g. Departments), and individual keys within a card (used for
>      different purposes).
>
>      These URNs will be used by card manufacturers (to preload data for issuers),
>      as well as issuers and users to refer to the cards and keys throughout the
>      card lifecycle.  Good security practices require the use of diversified
>      (per-card) keys, so that an attacker who defeats the security on a card will
>      not have the keys required to attack other cards within the system.
>
>      A cryptographic module (generally a smart card) can be pre-provisioned with
>      the issuer keys, and the URN for a given key provided to it.  With this
>      information and cryptographic keying material, the appropriate keys can be
>      derived, without the host needing to know the issuer keys.
>
>      While this URN will be implemented into software (including open source
>      software), and published to permit others within the industry to
>      interoperate, it is not expected to become a formal standard, or to be
>      publicly resolvable.  The general use will be between actors in a card
>      issuance scheme, for purposes like enabling a vending machine to derive a
>      balance update key for a stored balance wallet on a card, or for a help
>      desk agent to determine the Personal Unblocking Key (PUK) for a user that
>      has lost their PIN.
>
> Syntax:
>
>    All URNs defined under the namespace have the following structure,
>    specified in RFC 7405 ABNF notation[1]:
>
>      NSS                = %s"urn:" NID ":" TenantId "@" TenantVersion ":"
>                           IssuerId "@" IssuerVersion ":" Purpose "@"
>                           PurposeVersion "/" ResourceId "@" ResourceKeyVersion

The alternative operator "/" has the lowest precedence, adding some
extra redundant parentheses might make the scope of the alternative clearer.

>      NID                = "urn" - DIGIT

This is not correct ABNF syntax.  The "-" is used in value ranges, not
sure what the intent is here.  Also "urn" here is case insensitive
whereas in NSS it is case sensitive, is that the intent?

>      TenantId           = 3*(label)

Assuming the intent is "at least three labels": the parentheses are not
wrong, but are not required here, 3*label is sufficient. However, as a
label is of indefinite length and can start and end with a loalpha there
is no way to spot when one label ends and another one begins.

>      TenantVersion      = version
>      IssuerId           = 3*(label) / 3*(label) ":" 3*(label) / 3*(label) ":" 3*(label) ":" 3*(label)

Comment as above.

>      IssuerVersion      = version
>      Purpose            = 3*(alphanum / other)
>      PurposeVersion     = version
>      ResourceId         = 1*(alphanum / other)
>      ResourceKeyVersion = version
>      label              = loalpha / loalpha *(alphanum / "-") alphanum
>      version            = 2*2(HEXDIG)
Not wrong, but 2HEXDIG is sufficient.  Note that HEXDIG is case
insensitive.  Does this matter?
>      alphanum           = loalpha / DIGIT
>      loalpha            = %x61-7A
>      other              = "-" / "_"
>
>      As the full string of the URN is used as an input to the Key Derivation
>      Function, equivalent URNs are impossible.  As such, the equivalency rules
>      consist of bit-by-bit comparisons (Simple String Comparison).
>
> Assignment:
>
>      Registration within this NID is private.
>
>      Implementers will register a Tenant ID, and be responsibile for issuers and
>      sub-issuers within their card issuance tenancy.  The web site will be
>      responsible for ensuring that Tenant IDs are unique.
>
>      Uniqueness will be guaranteed through a combination of statistical and
>      database-based methods.  For example, when issuing management for PIV cards,
>      the keying material used incudes a UUID that is guaranteed mathematically to
>      be unique.  In contrast, when deriving GlobalPlatform keys (which use a 10
>      byte unique ID for the card), issuers will be responsible for keeping a
>      record of all such cards issued and ensuring there are no duplicate IDs.
>
>      Because each issuer is at a unique path within the hierarchal tree,
>      uniqueness is guaranteed as long as they take care not to issue duplicate
>      cards within their own subtree.
>
> Security and Privacy:
>
>      As these identifiers will be used in the generation of cryptographic keys,
>      their opacity does serve to provide a degree of "security through obscurity"
>      for attackers looking to compromise the cards.  The loss of that obscurity
>      (for example, if an attacker is able to find a users card ID in the browser
>      history) in theory represents a slight loss of security for the user.
>
>      Keys for this system will be stored in Hardware Security Modules (HSMs), and
>      configured such that the actual keying material for that level never leaves
>      the cryptographic envelope.  Through the use of hash functions that provide
>      strong cryptographic guarantees, and hardware security on the keys
>      themselves, there is no need for the identifiers to be private, and no risk
>      to the user should an attacker somehow gain access to his identifier without
>      having additionally compromised the HSM or a machine connected to the HSM.
>
>      In a broader sense, the point of this card issuance scheme is to facilitate
>      the issuance of privacy-protecting and security-enhancing credentials to
>      individuals within organizations.  Such cards permit strong authentication,
>      as well as multi-factor logins that are resistant to phishing and which
>      enable mutual authentication from the server level.  As such, the net effect
>      on Privacy and Security will be positive.
>
> Interoperability:
>
>      The author is not aware of any potential conflicts with this namespace, and
>      given the rather tightly coupled nature of the identifier with the
>      implementation, any overlapping areas of concern for other systems should
>      not present interoperability issues, as there will be no operability.
>
> Resolution:
>
>      Resolution mechanisms are not intended or anticipated for this namespace.
>
> _______________________________________________
> abnf-discuss mailing list
> abnf-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/abnf-discuss

--
Paul Overell