Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-resource-directory-25: (with DISCUSS and COMMENT)
Barry Leiba <barryleiba@computer.org> Sat, 03 October 2020 00:18 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDC993A1765; Fri, 2 Oct 2020 17:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3GfCOp6-S0s; Fri, 2 Oct 2020 17:18:33 -0700 (PDT)
Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08A5D3A175D; Fri, 2 Oct 2020 17:18:33 -0700 (PDT)
Received: by mail-ed1-f45.google.com with SMTP id dn5so3515962edb.10; Fri, 02 Oct 2020 17:18:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jBBm/j318PyosLTsGlKjVZheDcfC0aTcHr+A8LMOgTI=; b=hhAZyabF6Lwo5qwrACVdWk5IOYgzy0Y9gmgsOXvkCz7wkr8Wwq6VBebY/a/Af5GoQ3 9psvR/UPmSYwgWi68QW1v//5ST7vN1iqyRvXskbgJ8FN9fRJ1A1qxT5U0HFqJGMdzdeb BBo+JM+SofsVd6jmgf7HyUkcRkHGsP2k2HE4pRKm2WS0bcmaYt8RqUJer/MI4MOQbxyc 6pum+iFlDYIS2H0DopO15GNRX358Zn0uU+t9/j3MDVdaccgM4+unRE7avY9KySQJxOv5 IKl4kVN01gghOPnru1cLnjAym2nFM+Gu3ns03bngJ2/fL8P+7TROjM1PdmCCls/IDaNF SkYQ==
X-Gm-Message-State: AOAM531BEnLQm5mlWirqkrLQwM+JXXTrkaBXhCL7weX+U6fNe7IysOZp ZfLhbZvpBThxU0wH1poqIfEvgdGeSlzpY0QPEuI=
X-Google-Smtp-Source: ABdhPJzh07mA8hSGQghdy33IsL/WbLlB1g5RDX7IyYRtvrDNyiWpl4qNMzHo5jnBPhnDIFtaXpq9hQyitpCe4VnufA4=
X-Received: by 2002:aa7:dd0d:: with SMTP id i13mr5413435edv.314.1601684311349; Fri, 02 Oct 2020 17:18:31 -0700 (PDT)
MIME-Version: 1.0
References: <159730632066.12379.5174560093789503034@ietfa.amsl.com>
In-Reply-To: <159730632066.12379.5174560093789503034@ietfa.amsl.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 02 Oct 2020 20:18:20 -0400
Message-ID: <CALaySJLhjte-+SbCSUXmkAZ7ynA6S50FnY7Gcq-SyPjc-ajbGA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, core@ietf.org, core-chairs@ietf.org, draft-ietf-core-resource-directory@ietf.org, jaime@iki.fi, jaime.jimenez@ericsson.com
Content-Type: multipart/alternative; boundary="0000000000006b9df605b0b93001"
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/kOtRR3IWly_o5xvmGu1SzWXtyto>
Subject: Re: [core] Benjamin Kaduk's Discuss on draft-ietf-core-resource-directory-25: (with DISCUSS and COMMENT)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2020 00:18:38 -0000
Authors and WGCs, We have four DISCUSS ballots on this and a number of other IESG comments, and I haven’t seen responses to the ADs. When can we get some engagement on these issues? Barry On Thu, Aug 13, 2020 at 4:12 AM Benjamin Kaduk via Datatracker < noreply@ietf.org> wrote: > Benjamin Kaduk has entered the following ballot position for > > draft-ietf-core-resource-directory-25: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-core-resource-directory/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > I agree with Roman that the authorization model seems under-developed. > > While I recognize that there is need for flexibility across various > > deployments, I think that we should be providing a default model (and > > procedures for it) that will apply in many cases, and let > > deployments specify alternate models if needed. This stuff is hard > > enough to get right that we should have a secure option that people can > > use if they don't need to have customized details. (To be clear, I > > agree with the change of focus from -24 to -25 on the properties that a > > security policy needs to provide and/or consider, as that is > > fundamentally the important thing. I just want a fallback/default > > option that "does something reasonable in most cases" in addition. > > Doing that by reference to some other existing thing would be fine, if > > such a thing exists.) > > > > In particular, the current text seems to rely on the authorization > > model including: > > > > (1) the RD knowing how clients will be using it (and thus what > > properties the RD needs to enforce), which in the general case cannot be > > known (though for static networks it could be), yet I don't see any > > discussion that indicates this as a prerequisite; and > > > > (2) the client either knowing out-of-band that an entity is authorized > > to act as a RD or just blindly trusting any of the unauthenticated (*) > > advertisement mechanisms. (* Yes, there may be some protection in the > > network on subscribing to the relevant multicast address, DNS-SD, etc., > > but the client cannot a priori know that such protections are in place.) > > > > Relatedly, the naming model and naming authority should have some > > clearer discussion. We do mention in Section 7 the possibility for a > > weak naming model where the RD is responsible for enforcing uniqueness > > of names but otherwise link attributes are the primary authorization > > criteria (vs. a traditional scheme with a naming authority and naming > > hierarchy), but with naming as a fundamental prerequisite of any > > authentication/authorization scheme, I think clearer discussion of how a > > naming model is to be selected (and, perhaps more importantly, that it > > must be fixed as part of a given deployment) for a given network is > > needed. > > > > If I understand correctly, we have some codepoint squatting going on in > > the examples (e.g., for resource types). > > > > We should talk about the security properties of the various RD discovery > > mechanisms that are defined. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > My apologies for where these comments diverge off into rambling > > incoherency, or where I'm misunderstanding something that's clearly laid > > out; this document had the misfortune of being the last one I got to > > this week. > > > > Section 1 > > > > [RFC6690] only describes how to discover resources from the web > > server that hosts them by querying "/.well-known/core". In many > > constrained scenarios, direct discovery of resources is not practical > > due to sleeping nodes, disperse networks, or networks where multicast > > traffic is inefficient. These problems can be solved by employing an > > entity called a Resource Directory (RD), which contains information > > about resources held on other servers, allowing lookups to be > > performed for those resources. > > > > nit(?): I'd consider specifying that the RD is "a trusted entity". > > (Even when the resources themselves are authenticated, a hostile RD can > > still deny existence of a given resource, so by choosing to use an RD > > there is some level of trust involved.) > > > > Section 2 > > > > Resource Directory (RD) > > A web entity that stores information about web resources and > > implements the REST interfaces defined in this specification for > > discovery, for the creation, the maintenance and the removal of > > registrations, and for lookup of the registered resources. > > > > nit: the list structure is not parallel here. Maybe "for discovery, > > creation, maintenance, and removal of registrations, and for lookup of > > the registered resources"? > > > > Commissioning Tool > > Commissioning Tool (CT) is a device that assists during the > > installation of the network by assigning values to parameters, > > naming endpoints and groups, or adapting the installation to the > > needs of the applications. > > > > Is "the installation of the network" a one-time event? (Might a CT be > > involved when adding a new device to a network at a later time?) > > > > Section 3.1 > > > > Information SHOULD only be stored in the RD if it can be obtained by > > querying the described device's /.well-known/core resource directly. > > > > When might that not be the case? > > > > Section 3.2 > > > > The RD architecture is illustrated in Figure 1. An RD is used as a > > repository of registrations describing resources hosted on other web > > servers, also called endpoints (EP). An endpoint is a web server > > associated with a scheme, IP address and port. A physical node may > > > > (side note) hmm, I feel like in the HTTP world an endpoint is more > > likely to be associated with a DNS name than an IP address, in common > > usage. Also, we later go on to assert that the endpoint's name has > > primacy and that the IP address/port can be ephemeral. > > > > An endpoint uses specific interfaces to register, update and remove a > > registration. It is also possible for an RD to fetch Web Links from > > endpoints and add their contents to its registrations. > > > > At the first registration of an endpoint, a "registration resource" > > is created, the location of which is returned to the registering > > endpoint. The registering endpoint uses this registration resource > > to manage the contents of registrations. > > > > Does the "RD fetches links unilaterally" case count as a "first > > registration of an endpoint"? I'm having a hard time seeing how these > > two statements are consistent with each other, and a naive reading > > admits the possibility that a given endpoint could be "locked out" of > > the ability to manage the contents of its registrations. > > > > Section 4 > > > > REST clients (registrant-EPs and CTs during registration and > > maintenance, lookup clients, RD servers during simple registrations) > > MUST be prepared to receive any unsuccessful code and act upon it > > according to its definition, options and/or payload to the best of > > their capabilities, falling back to failing the operation if recovery > > is not possible. In particular, they should retry the request upon > > > > "MUST be prepared [...] to the best of their abilities" seems > > non-actionable. The stuff after "In particular", on the other hand, is > > actual concrete guidance that could be mandated using normative > > language. > > > > Section 4.1 > > > > 1. In a 6LoWPAN, just assume the Border Router (6LBR) can act as an > > RD (using the ABRO option to find that [RFC6775]). Confirmation > > can be obtained by sending a Unicast to "coap://[6LBR]/.well- > > known/core?rt=core.rd*". > > > > nit(?): I was unaware that "Unicast" was a proper noun. > > > > Section 4.3 > > > > "core.rd" in the query string. Likewise, a Resource Type parameter > > value of "core.rd-lookup*" is used to discover the URIs for RD Lookup > > operations, core.rd* is used to discover all URI paths for RD > > operations. [...] > > > > Is the distinction between URIs (for RD Lookup) and URI paths (for RD) > > important here? > > > > While the link targets in this discovery step are often expressed in > > path-absolute form, this is not a requirement. Clients of the RD > > SHOULD therefore accept URIs of all schemes they support, both as > > URIs and relative references, and not limit the set of discovered > > URIs to those hosted at the address used for URI discovery. > > > > I'm not sure I see how the "not limit [...] to those hosted at the > > address used for URI discovery" follows from the non-requirement for > > expression of the link-targets from discovery in path-absolute form. > > (Given the ability to send the discovery query to a multicast address, > > the guidance seems okay; it's just the "therefore" that is puzzling me.) > > > > It would typically be stored in an implementation information link > > (as described in [I-D.bormann-t2trg-rel-impl]): > > > > Req: GET /.well-known/core?rel=impl-info > > > > This seems to be depicting a link-relation type that is not registered > > at https://www.iana.org/assignments/link-relations/link-relations.xhtml > > , i.e., codepoint squatting. Please put in a stronger disclaimer that > > this is an example link relation type, not just an example exchange. > > > > Section 5 > > > > These first few paragraphs give the impression that this is > > first-come-first-served with minimal authentication or authorization > > checking. Mentioning that there are authorization checks, with a > > forward-reference, might be helpful. > > > > further parameters (see Section 9.3). The RD then creates a new > > registration resource in the RD and returns its location. The > > > > Is this returned "registration resource" expected to function as a > > "capability URL" (https://www.w3.org/TR/capability-urls/) that would > > need to contain an appropriate amount of entropy to be reasonably > > unguessable by parties other than the registrant-ep/CT responsible for > > it? > > > > The registration request interface is specified as follows: > > > > Interaction: EP -> RD > > > > I thought that the CT could be a requestor as well as the EP. > > > > well. The endpoint name and sector name are not set when one > > or both are set in an accompanying authorization token. > > > > What should the RD do if they are set but also present in the > > accompanying authorization token? > > > > Req: POST coap://rd.example.com/rd?ep=node1 > > Content-Format: 40 > > Payload: > > </sensors/temp>;ct=41;rt="temperature-c";if="sensor", > > > > (side note) XML for the sensors, not SenML? With Carsten as an author, > > even? ;) > > > > An RD may optionally support HTTP. Here is an example of almost the > > same registration operation above, when done using HTTP. > > > > Req: > > POST /rd?ep=node1&base=http://[2001:db8:1::1] HTTP/1.1 > > Host: example.com > > > > Wouldn't "Host: rd.example.com" be closer to "almost the same > > registration"? > > > > Section 5.1 > > > > I'm a little uneasy about specifying new behavior for POST to the > > existin /.well-known/core that was defined by RFC 6690 for other uses. > > What factors go into using the same well-known URI vs. defining a new > > one for this usage? > > > > The sequence of fetching the registration content before sending a > > successful response was chosen to make responses reliable, and the > > caching item was chosen to still allow very constrained registrants. > > > > I'm not sure what "the caching item" is supposed to be (if it's not a > > typo/misordering of words). > > > > Section 5.3 > > > > queries concerning this endpoint. The RD SHOULD continue to provide > > access to the Registration Resource after a registration time-out > > occurs in order to enable the registering endpoint to eventually > > refresh the registration. The RD MAY eventually remove the > > registration resource for the purpose of garbage collection. If the > > Registration Resource is removed, the corresponding endpoint will > > need to be re-registered. > > > > (This MAY is actually a MUST for the simple registration case, per §5.1, > > right?) > > > > Section 5.3.1 > > > > An update MAY update the lifetime or the base URI registration > > parameters "lt", "base" as in Section 5. Parameters that are not > > > > What about the "extra-attrs"; are they inherently forbidden from > > updates? > > > > base := Base URI (optional). This > > parameter updates the Base URI established in the original > > registration to a new value. If the parameter is set in an > > update, it is stored by the RD as the new Base URI under which > > to interpret the relative links present in the payload of the > > original registration, following the same restrictions as in > > the registration. If the parameter is not set in the request > > > > nit: is it the interpretation of relative links that is following the > > same restrictions as in the registration, or the new value of the > > parameter being supplied in the update? > > > > The following example shows how the registering endpoint updates its > > registration resource at an RD using this interface with the example > > location value: /rd/4521. > > > > The path component "4521" contains a worryingly small amount of > > unpredictableness; I would prefer examples that used longer random > > locations, as for capability URLs. (Throughout the document, of > > course.) See also draft-gont-numeric-ids-sec-considerations, that I'm > > AD sponsoring, though I do not see any clear issues on first glance. > > > > (Also, it might be worth another sentence that this update is serving > > just to reset the lifetime, making no other changes, since this might be > > expected to be a common usage.) > > > > Section 6 > > > > With "Resource Lookup" and "Endpoint Lookup" as (apparent) top-level > > siblings, would it make sense to put 6.2, or at least 6.3, as > > subsections under 6.1? > > > > Section 6.1 > > > > Resource lookup results in links that are semantically equivalent to > > the links submitted to the RD. The links and link parameters > > returned by the lookup are equal to the submitted ones, except that > > the target and anchor references are fully resolved. > > > > Are the "submitted ones" the submissions at registration time, or during > > the lookup query itself? (I assume registration-time, but being > > explicit costs little.) > > > > If the base URI of a registration contains a link-local address, the > > RD MUST NOT show its links unless the lookup was made from the same > > link. The RD MUST NOT include zone identifiers in the resolved URIs. > > > > Same link as what? > > > > Section 6.2 > > > > The page and count parameters are used to obtain lookup results in > > specified increments using pagination, where count specifies how many > > > > (We haven't introduced the page and count parameters yet.) > > > > operator as in Section 4.1 of [RFC6690]. Attributes that are defined > > as "link-type" match if the search value matches any of their values > > > > Where is it specified how an attribute might be "defined as > > 'link-type'"? This is the only instance of the string "link-type" in > > this document, and it does not appear in RFC 6690 at all... > > > > references) and are matched against a resolved link target. Queries > > for endpoints SHOULD be expressed in path-absolute form if possible > > and MUST be expressed in URI form otherwise; the RD SHOULD recognize > > either. The "anchor" attribute is usable for resource lookups, and, > > if queried, MUST be for in URI form as well. > > > > I don't see how it can be only a SHOULD to recognize either given these > > generation criteria. > > > > Section 6.3 > > > > The following example shows a client performing a lookup of all > > resources of all endpoints of a given endpoint type. It assumes that > > two endpoints (with endpoint names "sensor1" and "sensor2") have > > previously registered with their respective addresses > > "coap://sensor1.example.com" and "coap://sensor2.example.com", and > > posted the very payload of the 6th request of section 5 of [RFC6690]. > > > > Er, the 6th request is a GET; do we mean to say the response to the 6th > > request? > > > > Section 6.4 > > > > The endpoint lookup returns registration resources which can only be > > manipulated by the registering endpoint. > > > > This seems to leave it unclear whether the endpoint lookup is expected > > to return resources that the requestor will not have permission to > > manipulate (in addition to those it does have permission for). > > > > While Endpoint Lookup does expose the registration resources, the RD > > does not need to make them accessible to clients. Clients SHOULD NOT > > attempt to dereference or manipulate them. > > > > But why expose them at all if they're not going to be accessible? > > > > An RD can report endpoints in lookup that are not hosted at the same > > address. [...] > > > > The "same address" as what? > > > > Section 7.1 > > > > Whenever an RD needs to provide trustworthy results to clients doing > > endpoint lookup, or resource lookup with filtering on the endpoint > > > > How will the RD know whether the client is expecting trustworthy > > results? (When would a client *not* expect trustworthy results?) > > > > name, the RD must ensure that the registrant is authorized to use the > > given endpoint name. This applies both to registration and later to > > operations on the registration resource. It is immaterial there > > whether the client is the registrant-ep itself or a CT is doing the > > registration: The RD can not tell the difference, and CTs may use > > > > I suppose there might be plausible authorization models where a > > return-routability check to a given address constitutes authorization to > > use that address as an endpoint name, in which case the RD can tell the > > difference between a registrant-ep and a CT attempting to act on its > > behalf. > > > > When certificates are used as authorization credentials, the > > sector(s) and endpoint name(s) can be transported in the subject. In > > an ACE context, those are typically transported in a scope claim. > > > > As Russ noted in the Gen-ART review, "transported in the subject" is > > sufficiently vague to not really be actionable. It might be better to > > say that the holder of the private key corresponding to the public key > > certified in the certificate is generally considered authorized to act > > on behalf of any identities (including endpoint names) contained in the > > certificate's subject name. > > > > Section 7.1.1 > > > > Conversely, in applications where the RD does not check the endpoint > > name, the authorized registering endpoint can generate a random > > number (or string) that identifies the endpoint. The RD should then > > > > How much entropy/randomness in the random name? Does a CSPRNG need to > > be used? (I do see the follow-up about doubling the length in case of > > failure or starting with a UUID if that's not possible, but some > > guidance on where to start still seems appropriate.) > > > > Section 7.2 > > > > When lookup clients expect that certain types of links can only > > originate from certain endpoints, then the RD needs to apply > > filtering to the links an endpoint may register. > > > > As before, how will the RD know what behavior clients are relying on? > > > > An RD may also require that only links are registered on whose anchor > > (or even target) the RD recognizes as authoritative of. One way to > > > > I don't think I can parse this sentence (especially "the RD recognizes > > as authoritative of"). > > > > Section 8 > > > > In contexts where we discuss DTLS and TLS as being generally comparable, > > we typically will state that DTLS replay protection is required in order > > to provide equivalent levels of protection. > > > > We might also want to reiterate or refer back to the previous discussion > > of the potential for attributes or resource/endpoint names, link > > relations, etc. that may need to be confidential, the relevant access > > control/filtering, and the avenues by which disclosure of resource names > > can occur even when access to those resources will not be permitted. (I > > think some of this overlaps with 8288 and 6690, but don't mind repeating > > it.) > > > > Section 8.1 > > > > It's probably worth reiterating that all name comparisons must be done > > at sector scope (since failing to do so can lead to attacks). > > > > Endpoint authentication needs to be checked independently of whether > > there are configured requirements on the credentials for a given > > endpoint name (Section 7.1) or whether arbitrary names are accepted > > (Section 7.1.1). > > > > I think this is more properly authorization than authentication. > > > > Section 8.3 > > > > attacks. There is also a danger that NTP Servers could become > > implicated in denial-of-service (DoS) attacks since they run on > > unprotected UDP, there is no return routability check, and they can > > have a large amplification factor. The responses from the NTP server > > were found to be 19 times larger than the request. An RD which > > > > (It's not clear to me why the specific discussion of NTP numbers is > > relevant here, since RD is not NTP.) > > > > Section 9.3 > > > > Should we also include "rt" in the initial entries? I see it is used as > > a query parameter for resource lookup in the examples in Section 6.3. > > > > * indication of whether it can be passed as a query parameter at > > registration of endpoints, as a query parameter in lookups, or be > > expressed as a target attribute, > > > > (Since this text does not clarify about lookup of endpoints vs. > > resources... > > > > Review" as described in [RFC8126]. The evaluation should consider > > formal criteria, duplication of functionality (Is the new entry > > redundant with an existing one?), topical suitability (E.g. is the > > described property actually a property of the endpoint and not a > > property of a particular resource, in which case it should go into > > the payload of the registration and need not be registered?), and the > > > > .... and this text suggests that query parameters for *resource* lookups > > need not be registered.) > > > > potential for conflict with commonly used target attributes (For > > example, "if" could be used as a parameter for conditional > > registration if it were not to be used in lookup or attributes, but > > would make a bad parameter for lookup, because a resource lookup with > > an "if" query parameter could ambiguously filter by the registered > > endpoint property or the [RFC6690] target attribute). > > > > Then why do we use it as an example of lookup filtering in Section 6.2? > > > > Section 10.1.2 > > > > Should we really be using unregistered resource types (i.e., codepoint > > squatting) in the examples? > > > > After the filling of the RD by the CT, the application in the > > luminaries can learn to which groups they belong, and enable their > > interface for the multicast address. > > > > Just to check: the luminaries are learning their own group membership by > > querying the resource directory? > > > > Section 10.2.2 > > > > Please expand MSISDN. > > > > Section 13.2 > > > > I think RFC 7252 should probably be normative. > > > > Likewise for RFC 8288 ("the query parameter MUST be [...] a token as > > used in [RFC8288]"). > > > > > > > >
- [core] Benjamin Kaduk's Discuss on draft-ietf-cor… Benjamin Kaduk via Datatracker
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Barry Leiba
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Christian M. Amsüss
- Re: [core] The various positions on draft-ietf-co… Christian Amsüss
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Christian Amsüss
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Barry Leiba
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Barry Leiba
- Re: [core] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk