IETF Logo Mail Archive

Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)

Tim Hollebeek <tim.hollebeek@digicert.com> Wed, 24 April 2019 17:42 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3D4120117 for <curdle@ietfa.amsl.com>; Wed, 24 Apr 2019 10:42:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=P/xMh3uv; dkim=pass (1024-bit key) header.d=digicert.com header.b=QXUofeVU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Its26mdNZf0c for <curdle@ietfa.amsl.com>; Wed, 24 Apr 2019 10:42:35 -0700 (PDT)
Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [63.128.21.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F32BC1200F6 for <curdle@ietf.org>; Wed, 24 Apr 2019 10:42:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1556127753; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N/pTg7r6bAC3Fyg8xv9S7sRbmNojDx4mdNGVGbeNjtk=; b=P/xMh3uvjJ4MtzqUBUk07nm4eneA6/VmDuM9BKwCHSQgDbY5WopxWgo9kyZFbRGDQkfuc3nisZVHCC/vzZB1CpLJwoCFAKfV0dkzsuNZuHklklxEBnsz4mRHn4FnLD2wj9p0GCOkBUG/KXCwBqTocI8ZMrLBL1sTkbBnmhiIYSk=
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01lp2051.outbound.protection.outlook.com [104.47.34.51]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-192-A6sHtxZQPhWWxPtLZHxLHw-1; Wed, 24 Apr 2019 13:42:31 -0400
X-MC-Unique: A6sHtxZQPhWWxPtLZHxLHw-1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N/pTg7r6bAC3Fyg8xv9S7sRbmNojDx4mdNGVGbeNjtk=; b=QXUofeVU4bvFTkd/FQSLOW9TbFWzzGMV+NvVkN/KMYs0uHNkYuTbGm2JKhVkHHVJUxMl6GD5T3/LtOPszPYUPN0uLqYM7fL5Dz10MH8HiTyqsBdsP3i28I6iTSTTlb1EQ1dRaREhHenBNyWCifQyaV9gEtbpEsFcgcSQ3XyQSqg=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1507.namprd14.prod.outlook.com (10.172.149.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.17; Wed, 24 Apr 2019 17:42:28 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::e00b:5349:3d54:57e3]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::e00b:5349:3d54:57e3%8]) with mapi id 15.20.1813.017; Wed, 24 Apr 2019 17:42:28 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Lijun Liao' <lijun.liao@huawei.com>, 'Daniel Migault' <daniel.migault@ericsson.com>, 'Santosh Chokhani' <santosh.chokhani@gmail.com>, 'Russ Housley' <housley@vigilsec.com>
CC: "'Roman D. Danyliw'" <rdd@cert.org>, 'Simon Josefsson' <simon@josefsson.org>, "curdle@ietf.org" <curdle@ietf.org>, 'Rich Salz' <rsalz@akamai.com>, 'Ben Kaduk' <kaduk@mit.edu>, 'RFC Editor' <rfc-editor@rfc-editor.org>
Thread-Topic: [Curdle] [Technical Errata Reported] RFC8410 (5696)
Thread-Index: AQHU9R37xTiQCDb6o0ChFIFP/cOR9qZAVCOAgAAECoCAAAMhgIAABGQAgAANYYCAAAM+gIAAhKIAgAqoJ7A=
Date: Wed, 24 Apr 2019 17:42:28 +0000
Message-ID: <BN6PR14MB11069DA949AC2543160036D8833C0@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <20190417130322.DF98CB82BAF@rfc-editor.org> <CEAF6932-72F1-4BA0-90C9-42B014AA2DAC@vigilsec.com> <022201d4f521$363efad0$a2bcf070$@gmail.com> <A0A0D4DB-9443-432D-8836-5936A77212FC@vigilsec.com> <027801d4f524$f8b11690$ea1343b0$@gmail.com> <MN2PR15MB331028076A605A8944DAD6D9E3250@MN2PR15MB3310.namprd15.prod.outlook.com> <B318B2234F15F54D9A56986389A4C939B9021F@lhreml505-mbx.china.huawei.com> <000001d4f56f$9af4b390$d0de1ab0$@augustcellars.com>
In-Reply-To: <000001d4f56f$9af4b390$d0de1ab0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com;
x-originating-ip: [107.139.229.114]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 26b1e60f-c9d0-4e9b-3902-08d6c8dc385a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1507;
x-ms-traffictypediagnostic: BN6PR14MB1507:
x-microsoft-antispam-prvs: <BN6PR14MB150789D3186269B9ECADD2A9833C0@BN6PR14MB1507.namprd14.prod.outlook.com>
x-forefront-prvs: 00179089FD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(39860400002)(346002)(376002)(396003)(13464003)(189003)(199004)(53936002)(33656002)(6306002)(256004)(55016002)(6436002)(99286004)(14444005)(93886005)(9686003)(5660300002)(44832011)(76176011)(7696005)(52536014)(486006)(229853002)(11346002)(446003)(476003)(99936001)(478600001)(66946007)(66574012)(6506007)(186003)(26005)(8936002)(14454004)(316002)(2906002)(8676002)(74316002)(81156014)(53546011)(7416002)(25786009)(97736004)(73956011)(7736002)(66066001)(305945005)(81166006)(66616009)(76116006)(66476007)(64756008)(66446008)(4326008)(71190400001)(6116002)(68736007)(30864003)(6246003)(86362001)(66556008)(102836004)(54906003)(3846002)(966005)(71200400001)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1507; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: My2eAPPMUsWC7aYlEFE0gf4m9x9I6U3tGT1hbrJTOsFyum1Vkdy7a3BWdUw2O48enSNyDNztA7nWyff19RbvRWiuesqV5ewKpnbliRFdbsgGYAEWhe0Z6lRuS4/MU/xZycH8VdOKVci3nzTu7Ryw4qPKXkrIoL/hswZIhM6MbAlMdUlOyp0EewhXLj2fGA30mAHXsP6UN2oTLH19pvdGLZrXGz+DnwZ7mYFakn9EtwgdyLcfhA9N0RghCC6jtAse9fvmEmGg/g3rYD/4RcyFwkUZxMIle/ZAbYdQfHzsYuQccniGbEsAP833WBLc3BJtGOIub4Axa4U34UPlM0Y3l3fMbfaW/CMC/gc1/9Q4M7jbmoRnog5dP3+jYIFoZqA2RGVVzbuLrXKsebDoPm3zIA81SQqTz/HuKhA4Dy5+Bg0=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_02ED_01D4FA8A.60F0C650"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 26b1e60f-c9d0-4e9b-3902-08d6c8dc385a
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2019 17:42:28.1509 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1507
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/ZOThjcE6UlmhY2-UVQ7zMwvfuDU>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 17:42:40 -0000

I agree with Jim's analysis.

Regrettably, it is not explicitly clear what a "certification authority
certificate" is, and as Jim notes, there is a reasonable reading where these
certificates may not be trust anchors.  This is the most reasonable reading
to me, and matches existing practice.

Even if the certificate is a trust anchor, one needs to be very careful
about making explicit requirements about EKUs, as different implementations
handle them in many different ways, and trust anchors often need to be able
to interoperate with a wide variety of systems.

My reading of this errata is that it is requesting a requirements change,
and an errata is not the appropriate method to accomplish that.  If someone
desires such a requirement, it needs to be carefully considered and
analyzed.  But there isn't an error in the current document that requires
correction.

-Tim

> -----Original Message-----
> From: Curdle <curdle-bounces@ietf.org> On Behalf Of Jim Schaad
> Sent: Wednesday, April 17, 2019 3:48 PM
> To: 'Lijun Liao' <lijun.liao@huawei.com>; 'Daniel Migault'
> <daniel.migault@ericsson.com>; 'Santosh Chokhani'
> <santosh.chokhani@gmail.com>; 'Russ Housley' <housley@vigilsec.com>
> Cc: 'Roman D. Danyliw' <rdd@cert.org>; 'Simon Josefsson'
> <simon@josefsson.org>; curdle@ietf.org; 'Rich Salz' <rsalz@akamai.com>;
> 'Ben Kaduk' <kaduk@mit.edu>; 'RFC Editor' <rfc-editor@rfc-editor.org>
> Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> 
> When I look at this problem I see two cases where not setting the bit
makes
> sense to me.
> 
> 1.  A CA certificate which is only intended to be a trust anchor may not
have
> the bit set because the bit would not be checked in some implementations
so
> it would not make any difference.
> 
> 2.  I need to know how you define what a CA is:  If you say that a CA is
> identified based only on a Public Key then what is said below makes a
degree
> of sense.  However, if you say that a CA is identified based on its name
rather
> than on its key you end up with some other cases where a CA could have a
> certificate issued to itself.  A) It uses a separate certificate for
issuing of CRLs
> so that this can be done online while the certificate signing needs to be
done
> off-line.  B) It uses a separate certificate for the purpose of running
one of the
> various enrollment protocols.  In both of these cases a certificate has
been
> issued to the CA, but that certificate is not used for the purpose of
creating
> certificates and thus setting a bit to
> that effect is incorrect.   I come down in the school that the CA is an
> entity based on it's name and not on it's public key.  Rolling over a
public key
> does not change the fact that it is the same CA.
> 
> For both of these reasons I do not believe that the errata is correct.
> 
> Jim
> 
> 
> > -----Original Message-----
> > From: Lijun Liao <lijun.liao@huawei.com>
> > Sent: Wednesday, April 17, 2019 7:53 AM
> > To: Daniel Migault <daniel.migault@ericsson.com>; Santosh Chokhani
> > <santosh.chokhani@gmail.com>; 'Russ Housley' <housley@vigilsec.com>
> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw'
> > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; 'Rich Salz'
> > <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>;
> > curdle@ietf.org; 'Ben Kaduk' <kaduk@mit.edu>
> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> >
> > Hi Daniel,
> >
> > Thank you for your reply.
> >
> > I think the definition of "CA" is clearly to be an entity which issues
> > certificates. See below:
> >
> > ------
> > I am with Santosh.
> >
> > As the definition of RFC 5280 Section 5:
> >
> > "   CRL issuers issue CRLs.  The CRL issuer is either the CA or an
entity
> >    that has been authorized by the CA to issue CRLs.  CAs publish CRLs
> >    to provide status information about the certificates they issued.
> >    However, a CA may delegate this responsibility to another trusted
> >    authority.
> > "
> >
> > If a CA only issues CRL, then
> > "CAs publish CRLs
> >    to provide status information about the --certificates they
issued---."
> > conflicts itself.
> >
> > Lijun
> > ________________________________________
> >
> > -----Original Message-----
> > From: Daniel Migault [mailto:daniel.migault@ericsson.com]
> > Sent: 2019年4月17日 16:42
> > To: Santosh Chokhani <santosh.chokhani@gmail.com>; 'Russ Housley'
> > <housley@vigilsec.com>
> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw'
> > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; 'Rich Salz'
> > <rsalz@akamai.com>; 'Jim Schaad' <ietf@augustcellars.com>;
> > curdle@ietf.org; Lijun Liao <lijun.liao@huawei.com>; 'Ben Kaduk'
> > <kaduk@mit.edu>
> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> >
> > Hi,
> >
> > Thank you Lijun Liao for the comment and taking the time to improve
> > our documents.
> >
> > I believe the confusion is that certificate authority are not
> > restricted
> to emit
> > certificate with KeyCertSign usage and cA constraint. For example,
> > they
> could
> > emit a certificate that is used *only* to validate CRLs. This
> > certificate
> will have
> > the keyUsage set to cRLSign. nonRepudiation, digitalSignature, cRLSign
> would
> > not be selected as it indicates the key could be used for other
purposes.
> > Other combinations using may consider one or a combination of keyUsage
> > KeyCertSign. nonRepudiation, digitalSignature, cRLSign.
> >
> > If my understanding is correct, mandating KeyCertSign is not correct
> > and
> the
> > current text catches all possibilities. The text could have explicitly
> mentioned
> > that certificate may emit certificate that are only restricted to the
> validation
> > of certificate signature. However, I am not sure that would clarify
> > the purpose of the document nor justify an errata. Thus, I am
> > wondering if we can agree the issue has been solved and close the
request
> for errata.
> >
> > Yours,
> > Daniel
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Santosh Chokhani <santosh.chokhani@gmail.com>
> > Sent: Wednesday, April 17, 2019 9:54 AM
> > To: 'Russ Housley' <housley@vigilsec.com>
> > Cc: 'RFC Editor' <rfc-editor@rfc-editor.org>; 'Roman D. Danyliw'
> > <rdd@cert.org>; 'Simon Josefsson' <simon@josefsson.org>; Daniel
> > Migault <daniel.migault@ericsson.com>; 'Rich Salz' <rsalz@akamai.com>;
> > 'Jim
> Schaad'
> > <ietf@augustcellars.com>; curdle@ietf.org; 'LIJUN.LIAO@huawei.com'
> > <LIJUN.LIAO@HUAWEI.COM>; 'Ben Kaduk' <kaduk@mit.edu>
> > Subject: RE: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> >
> > Agree Russ in the sense that I have never seen a CA not issue CRL also.
> It
> > might delegate CRL issuance to other authorities as well, but I have
> > not
> seen
> > an implementation where a CA does not generate a CRL and does not
> > provide it to at least one RP, be it OCSP Responder.
> >
> > But if these folks are implementing a CA without CRL issuance, they
> > might want this.
> >
> > On the other hand, I do not see CA having all these other bits as well.
> > There is no security issue if the CA has CRL issuance bit even if it
> > does
> not
> > issue a CRL.
> >
> > So, I could go either way on this Errata since it does not move the
> security
> > needle for me.
> >
> > -----Original Message-----
> > From: Russ Housley [mailto:housley@vigilsec.com]
> > Sent: Wednesday, April 17, 2019 9:38 AM
> > To: Santosh Chokhani <santosh.chokhani@gmail.com>
> > Cc: RFC Editor <rfc-editor@rfc-editor.org>; Roman D. Danyliw
> > <rdd@cert.org>; Simon Josefsson <simon@josefsson.org>;
> > daniel.migault@ericsson.com; Rich Salz <rsalz@akamai.com>; Jim Schaad
> > <ietf@augustcellars.com>; curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben
> > Kaduk <kaduk@mit.edu>
> > Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> >
> > Santosh:
> >
> > This is the exact way we have described the appropriate key usage bits
> since
> > RFC 3279.  If this has confused any implementer over the last decade
> > and a half, I have not heard about it.
> >
> > Russ
> >
> >
> > > On Apr 17, 2019, at 9:26 AM, Santosh Chokhani
> > > <santosh.chokhani@gmail.com>
> > wrote:
> > >
> > > Russ,
> > >
> > > But if the CA is using a key to sign CRL, in the context of that key
> > > it is not a CA personality but a CRL issuer personality.
> > >
> > > -----Original Message-----
> > > From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Russ
> > > Housley
> > > Sent: Wednesday, April 17, 2019 9:12 AM
> > > To: RFC Editor <rfc-editor@rfc-editor.org>
> > > Cc: Roman D. Danyliw <rdd@cert.org>; Simon Josefsson
> > > <simon@josefsson.org>; daniel.migault@ericsson.com; Rich Salz
> > > <rsalz@akamai.com>; Jim Schaad <ietf@augustcellars.com>;
> > > curdle@ietf.org; LIJUN.LIAO@huawei.com; Ben Kaduk <kaduk@mit.edu>
> > > Subject: Re: [Curdle] [Technical Errata Reported] RFC8410 (5696)
> > >
> > > I do not think this is correct.  A CA could, for example, use one
> > > key for signing certificates and a separate key for signing CRLs.
> > >
> > > Russ
> > >
> > >
> > >> On Apr 17, 2019, at 9:03 AM, RFC Errata System
> > >> <rfc-editor@rfc-editor.org>
> > > wrote:
> > >>
> > >> The following errata report has been submitted for RFC8410,
> > >> "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use
> > >> in the Internet
> > > X.509 Public Key Infrastructure".
> > >>
> > >> --------------------------------------
> > >> You may review the report below and at:
> > >> http://www.rfc-editor.org/errata/eid5696
> > >>
> > >> --------------------------------------
> > >> Type: Technical
> > >> Reported by: Lijun Liao <LIJUN.LIAO@HUAWEI.COM>
> > >>
> > >> Section: 5
> > >>
> > >> Original Text
> > >> -------------
> > >>  If the keyUsage extension is present in a certification authority
> > >> certificate that indicates id-Ed25519 or id-Ed448, then the
> > >> keyUsage extension MUST contain one or more of the following values:
> > >>
> > >>         nonRepudiation;
> > >>         digitalSignature;
> > >>         keyCertSign; and
> > >>         cRLSign.
> > >>
> > >> Corrected Text
> > >> --------------
> > >>  If the keyUsage extension is present in a certification authority
> > >> certificate that indicates id-Ed25519 or id-Ed448, then the
> > >> keyUsage extension MUST contain keyCertSign, and zero, one or more
> > >> of the following values:
> > >>
> > >>         nonRepudiation;
> > >>         digitalSignature; and
> > >>         cRLSign.
> > >>
> > >> Notes
> > >> -----
> > >> The usage keyCertSign must be set in a CA certificate.
> > >>
> > >> Instructions:
> > >> -------------
> > >> This erratum is currently posted as "Reported". If necessary,
> > >> please use "Reply All" to discuss whether it should be verified or
rejected.
> > >> When a decision is reached, the verifying party can log in to
> > >> change the status and edit the report, if necessary.
> > >>
> > >> --------------------------------------
> > >> RFC8410 (draft-ietf-curdle-pkix-10)
> > >> --------------------------------------
> > >> Title               : Algorithm Identifiers for Ed25519, Ed448,
X25519,
> > > and X448 for Use in the Internet X.509 Public Key Infrastructure
> > >> Publication Date    : August 2018
> > >> Author(s)           : S. Josefsson, J. Schaad
> > >> Category            : PROPOSED STANDARD
> > >> Source              : CURves, Deprecating and a Little more
Encryption
> > >> Area                : Security
> > >> Stream              : IETF
> > >> Verifying Party     : IESG
> > >>
> > >> _______________________________________________
> > >> Curdle mailing list
> > >> Curdle@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/curdle
> > >
> > > _______________________________________________
> > > Curdle mailing list
> > > Curdle@ietf.org
> > > https://www.ietf.org/mailman/listinfo/curdle
> > >
> > > _______________________________________________
> > > Curdle mailing list
> > > Curdle@ietf.org
> > > https://www.ietf.org/mailman/listinfo/curdle
> >
> 
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email