Re: [Add] A proposed charter for ABCD
Ted Lemon <mellon@fugue.com> Thu, 02 January 2020 23:11 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52FDE12011F for <add@ietfa.amsl.com>; Thu, 2 Jan 2020 15:11:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDLDuxdAFnWO for <add@ietfa.amsl.com>; Thu, 2 Jan 2020 15:11:14 -0800 (PST)
Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E945E120096 for <add@ietf.org>; Thu, 2 Jan 2020 15:11:13 -0800 (PST)
Received: by mail-qt1-x844.google.com with SMTP id d5so35763495qto.0 for <add@ietf.org>; Thu, 02 Jan 2020 15:11:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=R5IIrOLECak8fmg9GCB8otQenfLI5/Yr3gA9yFHwwQs=; b=kPLME7iBrTfRz6ztr0xdGbn9dRyrqq2nGChaPwm/RZIOeNBYHC7BkXi9+aMU/1teUR UuYGlE3B0qaj1pZ6Ys1AWfi4S/l4587zvYnyUQvsvZfx/V1s/piBrYp9smESuzbOpdtn Z7fQFKaVJOny2eOtOzKVX4AMRRTXWdL6lCo0N+q+h+qK+ox+6u9UmHs1MWF0PMMwDR8O bJmkuKgHEsfkQp1112heKzi0hWEwGSfcZHVnKS0ov9rH3XlXHgTtk6NPbpn7OxEobgD4 f4gNqJhz0iz3pnm580LyTBTw3USk23c5q5Klqfzq1Q7WBhyzXEQj9StRVOEEJqLjRlqN HYkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=R5IIrOLECak8fmg9GCB8otQenfLI5/Yr3gA9yFHwwQs=; b=HHdxaS0hzp9kAsO7XiA6RZIVyiZ/nXEoCeYL62pCofi9xmM8QzgbqhlwxkFoTQBtxT /Rx7hd7+Fj5kz6rCepCDM8B5tP1EWf+dcSN6mTK407fJSpTCcG6cWjDQKThm3NmZlCHN xyddSbsKk0uHSmL2vSK9z8chipMuzjnhAgUre/WqPvoMV1h3ZlT3ctaWQ9Z3quMhYPrb HsgcYbnF6DNjGmhQevoKQAeTc20WCZda3wcGtvWXOl1+K+ygdms8esNQxqaF444/BGel 5P4ImSaHNrlz0iftt8Ishq3QH4kank3hxvNbzKlHv4Fg405JKXM35DTYPwfp7eGXkfsj i99A==
X-Gm-Message-State: APjAAAWbU9QvRJvBLqNdF11VQr81GMO9WlxliaseXDfTA40fX8m2t7I6 GOs5pT+cTGjGXPIy8z1f0KsIxw==
X-Google-Smtp-Source: APXvYqxDZwpsL01Jzm3MF8FYzDIQbTjtfgWDZpqryRSVSpZNDqG26xK0mkOAJfrQvQMym0P0B66UMw==
X-Received: by 2002:ac8:7158:: with SMTP id h24mr60969163qtp.63.1578006672944; Thu, 02 Jan 2020 15:11:12 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:10b7:5ce6:69f6:39fb? ([2601:18b:300:36ee:10b7:5ce6:69f6:39fb]) by smtp.gmail.com with ESMTPSA id l6sm17442314qti.10.2020.01.02.15.11.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Jan 2020 15:11:11 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail-5065DC68-8CD4-4EE5-A1A3-D9310BAB5F3B"
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@fugue.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 02 Jan 2020 18:11:10 -0500
Message-Id: <06651663-3825-409E-8277-52CABC2B86ED@fugue.com>
References: <CAH1iCirpmrMwvYAfQsReHJq6CdErJi1_Nn=gTEJ5FsaPBOLShQ@mail.gmail.com>
Cc: Ralf Weber <dns@fl1ger.de>, Michael Richardson <mcr+ietf@sandelman.ca>, ADD Mailing list <add@ietf.org>
In-Reply-To: <CAH1iCirpmrMwvYAfQsReHJq6CdErJi1_Nn=gTEJ5FsaPBOLShQ@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
X-Mailer: iPhone Mail (17E202)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/XRsbWOdmxgnioi0lyONbX_HNHKQ>
Subject: Re: [Add] A proposed charter for ABCD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2020 23:11:18 -0000
Actually, the meaning of the term “trust” in computer security is not at all ambiguous, and your descriptions make things less clear, not more. Most of what you say here is just missing the point I made earlier. Trust is a decision: in order to do what I want, I must trust some thing. How do I enforce this? With cryptographic authentication. DNSSEC is a cryptographic authentication mechanism. It does not establish trust. It allows me to authenticate your identity, which I may or may not trust. TLS provides a similar capability. Privacy is a thing that I might or might not trust you to provide for me. One of many things. Your identity is how I mark you as trusted. Cryptographic authentication is how I validate that you actually are who you claim to be: that your identity is the identity I have marked as trusted. The way you have attempted to explain this is much more complicated, and does not make things clearer. See if you can talk about this in terms of trusted services, trusted identity and authentication of identity. It will be a lot easier to understand. > On Jan 2, 2020, at 16:17, Brian Dickson <brian.peter.dickson@gmail.com> wrote: > > > > >> On Thu, Jan 2, 2020 at 6:11 AM Ted Lemon <mellon@fugue.com> wrote: >> On Jan 2, 2020, at 5:00 AM, Ralf Weber <dns@fl1ger.de> wrote: >> > Can you define trust relationship / authenticating configuration data. Depending on how you define that the solution is either obvious or impossible. As an ops guy and non native english speaker I often struggle with abstractions, so let me give you an concrete example you can hopefully give an answer on: >> >> Good questions, thanks. >> >> > - A router sends a client an PvD RA as defined in (draft-bruneau-intarea-provisioning-domains - https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ ) with FQDN content of pvd.myisp.net. >> > - My system retrieves https://pvd.myisp.net/.well-known/pvd and can DNSSEC validate the domain and the HTTP certificate >> > - In the JSON blob retrieved contains the following keys (see draft-pauly-dprive-adaptive-dns-privacy - https://datatracker.ietf.org/doc/draft-pauly-dprive-adaptive-dns-privacy/?include_text=1 ): >> > dohuri: https://doh.myisp.net/dns-query >> > requireDNSFiltering: True >> > dnsFilteredZones: “.” >> > I can again DNSSEC validate the domain and the HTTP certificate using they key stores available with my system. >> > >> > Is that authenticated? Is there a trust relationship? >> >> No. You have no more reason to trust that than you do any other random HTTPS-authenticated web site that you might try to access. When you go to https://www.badguy.com, you know that it’s really www.badguy.com because the TLS cert validates, and maybe the DNSSEC validated, but you /don’t/ have any reason to trust answers you get from that site. >> >> That’s why I say there’s no reason to go through any extra bother. In order to have a trust relationship, I need to have configured a list of sites I trust as DNS resolvers. This is independent of the RA I receive, or the DHCP message I receive. >> >> Then when I get an RA or a DHCP message asserting the availability of a DNS resolver, if I have a trust relationship with that resolver, and I can validate the cert upon connecting, then it’s a “trusted resolver.” Otherwise, it’s an “untrusted resolver.” It’s the pre-established trust relationship that makes it trusted, not some assertion I get from the network about it being trustworthy. >> >> E.g., suppose I trust the SLA from my ISP. I believe that my ISP will not snoop on my DNS data, and I want to use their resolver. If their resolver is using DoH or DoT, then I can list the domain name(s) of their resolver in my list of trusted resolvers. When I am offered one of these resolvers, I can validate that I’m actually communicating with it, by validating the TLS cert, and then I can trust it, because of that pre-established trust relationship, not because of any assertion the network made about its trustworthiness. >> >> Absent some kind of out-of-band trust establishment process like this, there can’t be a trust relationship with a resolver. > > "If there were any sense to the English language, trust would be a four-letter word." - Risky Business quote. > > One of the problems we are having in this thread, is the terminology, which I'd like to suggest a couple of substitutes for clarity. > "Trust" can have several meanings, which is unfortunate in that the inherent ambiguity causes unclear meaning. > > Perhaps two distinct terms or phrases would be appropriate - one for what DNSSEC provides (data integrity protection), and one for privacy. > Maybe we could just use DNSSEC and privacy? > > I'd like to start with Ted's last statement, and break it into two related components, which are actually both relevant using both meanings of "trust". > - Absent some kind of out-of-band DNSSEC establishment process, there can't be a DNSSEC relationship with a resolver > (I'd actually prefer to use "server" here, since a client is UNABLE to distinguish a resolver from a forwarder.) > - Absent some kind of out-of-band privacy establishment process, there can't be be a privacy relationship with a resolver. (Same concerns on server rather than resolver.) > > The assumption that may be being made is that the only way to have a DNSSEC relationship with a resolver, is when two conditions are true: > - The resolver has a globally unique, resolvable name with a chain of (DNSSEC) trust from the DNS Root Trust Anchor > - The name of the resolver is known (or discoverable), and the URI for the service in question is also well-known > These generally require some OOB method of discovery/publication/usage. > The relevance of the following statement is unclear, but it should be noted: there is basically no way to validate the claim of a given network, of the network's association with the resolver (e.g. whether they are part of the same ISP, etc.) > > There is another way by which a DNSSEC relationship to a resolver can be established, which is very much non-obvious: the OOB publication of a specific DNSSEC Trust Anchor, for a zone which publishes some server-related information. > For example, a DNSKEY associates a name with a public key for a named zone. The contents of that zone can be signed with DNSSEC, and those signatures validated with the DNSKEY. > The degree of trust in the DNSSEC status is dependent on the manner of the OOB publication. However, revocation of such trust is trivial (unpublish the zone or roll the key) and provides POP (proof of possession of the private key). > > The information in a signed zone can be used for bootstrapping any number of related DNS mechanisms (e.g. TLSA records), or even unrelated mechanisms for bootstrapping other associations (lots of possibilities, such as URIs for network support, URIs for web pages that have QR codes for whatever other stuff you want to publish). > > The FQDN of such a Trust Anchor, DOES NOT need to be global at all, and the real value is being able to use names which have only local significance (e.g. under the local-use ISO namespaces such as "zz"). > > The bootstrap method for upgrading from DHCP-provided resolver IP could be as simple as connecting on port 53 and asking for a global well-known name, which returns the FQDN of the server (even if that FQDN is locally scoped under "zz"). If a match is found in the set of Trust Anchors, look things up in that zone and validate with the corresponding TA (or the Root TA if the FQDN is global.) Bootstrap to having a DNSSEC trust relationship is then complete. > > What data is published in a signed zone of this sort is entirely open to standardization, for any number of use cases. > > Examples could include: > - Methods of providing ways of authenticating Access Points (since the SSID is not trustworthy in general, and the normal authentication of public SSIDs is "none" or "client to SSID" rather than the other way around). > - URIs for HTTPS connections for arbitrary uses, e.g. including obtaining short-term guest credentials to use on WiFi > - URIs for SSL VPNs (much better than just encrypting DNS) > - any well-known prefix-based services (_SOMETHING._TCP) > - CNAMEs, DNAMEs to FQDN-based services > - Anything anyone wants to standardize for bootstrapping from locally scoped network connections > > Brian >
- [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Barry Leiba
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Smith, Kevin, Vodafone Group
- Re: [Add] A proposed charter for ABCD Eric Orth
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Melinda Shore
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD John Levine
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Winfield, Alister
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Jim Reid
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Alec Muffett
- Re: [Add] Data sharing can not be detected with o… Ralf Weber
- Re: [Add] Data sharing can not be detected with o… Rob Sayre
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] Data sharing can not be detected with o… John R Levine
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] Data sharing can not be detected with o… Eric Rescorla
- Re: [Add] Data sharing can not be detected with o… Ted Lemon
- [Add] Filtering in the EU (was Re: Data sharing c… Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] Data sharing can not be detected with o… Jim Reid
- Re: [Add] Data sharing can not be detected with o… Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Tommy Jensen
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Mirja Kühlewind (IETF)
- Re: [Add] Data sharing can not be detected with o… Livingood, Jason
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Glenn Deen
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Alissa Cooper
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Tommy Pauly
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Glenn Deen
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Rob Sayre
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Glenn Deen
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Smith, Kevin, Vodafone Group
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Ian Maddison
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- [Add] bikeshedding on the charter discussion Jim Reid
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] bikeshedding on the charter discussion Paul Wouters
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] bikeshedding on the charter discussion Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Kenji Baheux
- Re: [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Tommy Pauly
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Winfield, Alister