Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 17 September 2019 19:47 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12A57120071; Tue, 17 Sep 2019 12:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2nrNk4K8eRF; Tue, 17 Sep 2019 12:47:05 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130083.outbound.protection.outlook.com [40.107.13.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CD912000F; Tue, 17 Sep 2019 12:47:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jgFZ0RgOIyzZoWnMiw1/aQ/jzXg5ejKg8MUIEptsa3l9aEtQuEkRxXkvqG+ep5vDZbl35Jj4F0BhUdwE8lpPgqg7+/234MIQjT9TeHBR3XKV6AsjjadmE/h/pUeUzsveEx57zfZ+7JkO4sOxB6LzR1o0TwOVZlAmuUqdCSiZULT963cAoENFJr7Hihsmwoj6o6i0RGobGNR0UALtZGv6fFdLuBksttt/4GjJCGiFdsYoehitnPdVd4xzKGXiY6OwNpXam7QTUqx+oR9pbBSkdMuIms3GzR3Z7duAMS+6raHYzgU4O9EnqoQqMmaD+TVWxHjNo8OZntkrksMMxV+LfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+TIzaVlsmjRZHZYkY2CvEjybUguS2bpem+ZtKbC0dDQ=; b=mgD7r48fwhaAay/n9QRBdAMs3vuuS0bcuH4Zei99/sYJ+G+kZDDVcCdu/kN7S4a+k48KarCyXTeaixHqU+9Z0AqfcTaBJu9JZTdiW8BbUuDL8KAl++teXqIfC6GMCZ2XEUVWgPp+wKMAI+SvQSe0wrJmAY0j9/64YQWkN4N1H5lOGk0FKGo/fINnfU7XYc48jHg+0uo5gXErEd2f7oUpQ2eJF/siuo8D46yIToNRwSb49mhSuHzNzwbKSaSGr+tJA6lPzyDbmpOysKMg/K8UM7Scmo+GV+JKZE42vFqgzHCv1B3UMTDY71wa+DsBLVbfA9D3KSGHNBEUmzDeXAFaRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+TIzaVlsmjRZHZYkY2CvEjybUguS2bpem+ZtKbC0dDQ=; b=dTRVRYlJXhNxgwqmzsIJs93wuAbTqZ8nm02OocmDLN6SDMo2ZHMqpqzZ2amUp6xxZ20VujflrG50YdTKcOJRFPhhocY9dHD3R17RFiBzPLuBoFpyRKPjWvmZAm/z4NzUC0VWUknL+xtH2qZ2bGaCb/DGKp2hU7TAEmQ3OH71RFQ=
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com (20.177.194.155) by DB7PR07MB6138.eurprd07.prod.outlook.com (20.178.108.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.13; Tue, 17 Sep 2019 19:47:00 +0000
Received: from DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4]) by DB7PR07MB5736.eurprd07.prod.outlook.com ([fe80::e48c:a942:9682:2ce4%7]) with mapi id 15.20.2284.009; Tue, 17 Sep 2019 19:47:00 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "dtn@ietf.org" <dtn@ietf.org>, "draft-ietf-dtn-tcpclv4@ietf.org" <draft-ietf-dtn-tcpclv4@ietf.org>
Thread-Topic: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
Thread-Index: AdVG21EHJDIckyVtR8mDiK6Q+2uHtgmtVlwA
Date: Tue, 17 Sep 2019 19:47:00 +0000
Message-ID: <2de394b5914ffd486b92f3119eda28a44f153c35.camel@ericsson.com>
References: <HE1PR0701MB2522C8240E7E28BFC11B80CD95DE0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB2522C8240E7E28BFC11B80CD95DE0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.83]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7621f8e4-a4e9-45ac-ff0a-08d73ba7ce57
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:DB7PR07MB6138;
x-ms-traffictypediagnostic: DB7PR07MB6138:
x-microsoft-antispam-prvs: <DB7PR07MB6138D830EA9EEBB65C2F7DE8958F0@DB7PR07MB6138.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01630974C0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(346002)(136003)(366004)(39860400002)(199004)(189003)(15404003)(51914003)(305945005)(316002)(2616005)(6486002)(118296001)(99936001)(36756003)(110136005)(44832011)(6436002)(99286004)(229853002)(486006)(14454004)(476003)(478600001)(25786009)(81156014)(8676002)(450100002)(8936002)(11346002)(81166006)(256004)(446003)(14444005)(26005)(66066001)(2906002)(76176011)(6512007)(6506007)(6246003)(66476007)(102836004)(64756008)(86362001)(7736002)(2501003)(6116002)(76116006)(66616009)(66556008)(66446008)(66946007)(71200400001)(5660300002)(186003)(71190400001)(30864003)(91956017)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB6138; H:DB7PR07MB5736.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: vhsVtNdQcUb+rlqf4xXIipXdS71V9qp0UAqKvDj1ZtcmnJ4zKBUXjMmXHuznQWUPDt+vGpRuz4nR3PMo6wO21L4zmur8HO2RQHn/+xhIkAHZp//R4oHB1a6+mzjsGgbgdaf13FtaI2VklR3cXR8jRxrPOmQLBcCdM8l/Gz2pEUHE2Cu1r8drzZ+QGuJBbLJIgwY1YGt6esRo7gCwHQXxfEQD18V/4Xw5VN74PWYC/aZNWZchOtOnpnl8qu/lo70TZeEcWtIqL/AHAtcqTWlIXJpDCJnvXxtNWRj/nY3S/VI96LLlz/uFl5r3GLdCg+LD7ORv/9JgceZl7Bs4V8c6eEEZMpPLpX/iV2z0PmwLLUZ0PQ9i78Q9ePL7EBNFvX9rCC/Q2ZqmQHFkFhxJREMfAkC71wasShux0Vga5FXqPR4=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-oOFK5EksuQW0TISjLEWJ"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7621f8e4-a4e9-45ac-ff0a-08d73ba7ce57
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2019 19:47:00.2545 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1KMVgC/vE8TYypAArMtMTpZL/DElgaB/oSIpgIRRLG7CjBk7enJvw1xwhpwRyQfpllFImuGn88XpQJJ8nGoQ0sJozwGLXqhswnqxDohF0r4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB6138
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/tlmMJemVVjSA2kKw1uuOYs7c_ok>
Subject: Re: [dtn] AD review of draft-ietf-dtn-tcpclv4-12
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 19:47:09 -0000

Hi,

Sorry about the delay in reviewing your update based on my AD review
comments. Below I have commented on my view how the issue have been
dealt with. 

We appear to have a small number of things that are still not fully
resolved in my view so please chech these and comment. 

I am also sorry that my mail client apparently eat the numbering. 


On Thu, 2019-08-01 at 13:31 +0000, Magnus Westerlund wrote:
> Hi,
>  
> I have now performed my AD review of draft-ietf-dtn-tcpclv4-12. I
> think most are minor comments, however the TLS and security related
> ones may be more problematic to resolve. I will now be on vacation so
> you know you will not receive any quick replies from me before the
> end of the month.
>  
> Section 1: What are the applicability of TCPCLv4 to BPv6? I wonder as
> RFC5050 is referenced. 

Thanks for the new scope section making things much clearer. My
interpretation now is that this document only is for BPv7. 



> 
> Section 1.1: Session State Changed. Some editorial issues. Missing
> “:” initially. Then double “..” on Terminated. 

Fixed. 

> 
> Section 1.1: 
>    Session Idle Changed  The TCPCL supports indication when the
> live/idle sub-state changes.  This occurs only when the top-level
> session state is Established.  Because TCPCL transmits serially over
> a TCP connection, it suffers from "head of queue blocking" this
> indication provides information about when a session is available for
> immediate transfer start.
> 
> So in which direction are this change indicated/reported, both or
> only in one of them, or any as implied by Section 2.1’s definition of
> Live Session? 

Fixed

> 
> Section 1.1: Transmission Intermediate Progress: Segment is not
> defined prior to this. Maybe a forward pointe? Or should maybe the
> whole subsection (1.1) be moved to after definitions? 

Fixed

> 
> Section 2: Is there a point to use the RFC 8174 language that makes
> only capital words have special meaning? 

Addressed

> 
> Section 3.1: “One of these parameters is a singleton endpoint
> identifier for each node (not the singleton Endpoint Identifier (EID)
> of any application running on the node) to denote the bundle-layer
> identity of each DTN node.”
> 
> The above quote does imply something that at least BPBis isn’t making
> clear that a particular application agent would have its own EID. It
> is not clear that there are a one-to-one relationship between bundle
> nodes and application agents. Can you please clarify what the
> relationship is and lets figure out if that needs to be clarified
> back to BPbis. 

Ok, so the new text addresses this. 

> 
> Section 3.1: “Bundle interleaving can be accomplished by
> fragmentation at the BP layer or by establishing multiple TCPCL
> sessions between the same peers.”
> 
> Are there clear rules established for how many TCPCL sessions in
> parallel that may be established? By the end of my reading this is
> unanswered. 

Answered, no built in limiation. Resource limited. 

> 
> Section 3.1: XFER_REFUSE does that indicate that the bundle has
> already been received. How else does one separate other reasons for
> refusing a bundle versus that one have received it prior?

I don't think this needs more texf, section 5.2.4 is clear on that the
reason code will make resolve the reason. 

> 
> Section 3:1:    Once a session is established established, TCPCL is a
> symmetric protocol between the peers. 
> Double established
> 

Fixed.

> Figure 4: “Close message” is this TCP level message, if that is the
> case can that be clarified by prefix with TCP?

Fixed. 

> 
> Section 3.2: 
>    Notes on Established Session states: 
>       Session "Live" means transmitting or reeiving over a transfer
>       stream.
> 
>       Session "Idle" means no transmission/reception over a transfer
>       stream.
> 
>      Session "Closing" means no new transfers will be allowed.
> 
> Note that “Closing” is not used in Figure 4, it is called ending.
> Note spelling error on “live” receving.

Fixed

> 
> Section 3.2: Figure 5 and 6 uses PCH without explanation. Figure 5
> could probably also benefit by expanding CH as Contact Header.

Fixed. 

> 
> Figure 8 and 10: Uses [SESSTERM] is this the same as using the
> SESS_TERM message, or some other procedure. Please clarify. 

Okay looking at this again it is clear that [SESSTERM] is used for any
type of session termination. However, as SESSTERM appears to only be
used in the figures in that meaning, and being defined in Figure 13,
despite existing in 8, 9 and 10 also. Also considering that Figure 13
and 14 are signalled termination and the other are failure cases I
think a sentence or two should be spent to explain its meaning prior to
its usage. 


> 
> Section 3.3: “   Many other policies can be established in a TCPCL
> network between these two extremes.”
> 
> The list above includes three items, so the two extremes needs to be
> enumerated. 

Addressed. 

> 
> Section 4.1: Can TCPCLv3 and TCPCLv4 coexist on Port 4556? Based on
> 9.1 the answer is yes, please clarify here.

Fixed

> 
> Section 4.1: “Therefore, the entity MUST retry the connection setup
> no earlier than some delay time from the last attempt, and it SHOULD
> use a (binary) exponential backoff mechanism to increase this delay
> in case of repeated failures.”
> 
> Any recommended upper limit for the backoff?


Addressed

> 
> Section 4.2:    Version:  A one-octet field value containing the
> value 4 (current version of the protocol). 
> 
> I think the use of “the protocol” is unclear, maybe call it “the TCP
> convergence layer”. This to avoid confusion with BPv7. 

Fixed. 

> 
> Section 4.2: Please define how to set and ignore reserved bits in the
> Flags field so that it may be extended in the future. 

Okay, it is defined to not be set, which is likely to be interpret to
mean that they should be 0. However, a lazy implementor could also
interpret that they do not need to set their bit-values at all and may
have a system that have random values at initialization of a memory
buffer. I would recommend to use ".. SHALL be set to zero by the
sender."

> 
> Section 4.3 and 4.4: Due to how the Contact Header relate to TLS
> there is clear risk for a TLS stripping attack where the CAN_TLS flag
> is cleared. I think there need to be some thought about mitigation of
> this weakness. Depending on the expected mix of entities and their
> capabilities one can either have policy for a deployment where one
> mandates TLS being used, thus preventing the bid-down by not being
> according to policy. It is more difficult to mitigate in a deployment
> where one have some entities that doesn’t support TLS, unless one can
> some way securely learn which entities support it or not and thus can
> detect the manipulation. One can potentially also first attempt to do
> a TLS handshake for the best version one supports. Then run the CH
> inside the TLS to prevent TCPCL version and other flags to be
> manipulated. But that doesn’t solve the down-bid. I did note the
> negotiation in Section 4.7 and the relation to Security Policy. Maybe
> the solution is to write some text on the risk of TLS striping in
> Section 8 and add forward pointers in 4.7 to that risk. 

Section 8 text makes the biddown clear and indicates the policy
mitigation. I think this is sufficient. 


> 
> Section 4.4: Dealing with new TLS versions. BCP 195 does not appear
> to me to define how to deal with newer versions. However, as TLS 1.3
> already exist I think this is from the start a relevant question. 

I am asking the security ADs if it is current and sufficient with the
BCP 195 reference. 

> 
> Section 4.4: So what about entity authentication? Will the TCPCL
> entity have a name / identity that can be authenticated so that one
> know that one are talking to the right entity. And is the solution
> for this a classical PKI, or something else? Also does the passive
> entity expect the active (TLS client) to authenticate itself also? 

Mostly good new text on the authentication. Here I am going beyond my
expertise, but based on that RFC 5280 has been updated several times, I
think you need to figure out if any of these updates should be
indicated as necssary for TCPCLv4. The relevant updates are RFC 6818
which makes clarifications on RFC 5280 and then the intenationalization
in RFCs 8398, 8399. 

The other concern I have is the SNI sentence: "The TLS handshake SHOULD
include a Server Name Indication from the active peer." First of all
you need a reference for server name indication. It is an TLS extension
and not included in the main TLS specification. For TLS 1.2 it is
section 3 of RFC 6066. The second part is that I don't think it is
clearly specified what should be in the SNI field in TLS. Looking at
the DTN URI scheme definition I would guess that only the node-name
part of the URI should be included, or? 

This also relates to the section 4.4.2 TLS host name validation part.
It says that certificates subjectAltName should be the Node ID. That
raises question marks as no part the DTN URI format defines something
as Node ID. The second is what happens if someone uses another URI
scheme with BP? Or maybe this is simple to resolve if the whole URI
should be used, but that looks less than obvious at least in the case
of DTN. And I haven't looked at the IPN scheme. 

Sorry about being very cautious here. But, I know how much trouble I
have had with URIs and their application in the protocol when I worked
with RTSP 2.0. 

> 
> Section 4.8: Please define how to set and ignore the reserved bits.

Same as above about zero. 

> 
> Section 4.5: Based on that many later sections just refer to the
> Message Header, shouldn’t the section title for section 4.5 be
> Message Header? Now the first mentioning of “Message Header” are in
> Figure 16’s title. 

Fixed.

> 
> Section 6.1:
>    After sending a SESS_TERM message, an entity MAY continue a
> possible
>    in-progress transfer in either direction.  After sending a
> SESS_TERM
>    message, an entity SHALL NOT begin any new outgoing transfer (i.e.
>    send an XFER_SEGMENT message) for the remainder of the session.
>    After receving a SESS_TERM message, an entity SHALL NOT accept any
>    new incoming transfer for the remainder of the session. 
> 
> To me it seems that the above paragraph contains one contradiction.
> The parenthesis in the second sentence (i.e. send an XFER_SEGMENT
> message) appears to be false. Because as the beginning of the
> sentence implies that it can’t start a new transfer. However
> SESS_TERM is allowed to be inserted in between XFER_SEGEMENT messages
> for a transfer ID, i.e. XFER_SEGMENT(ID=7), SESS_TERM,
> XFER_SEGMENT(ID=7, end) is an allowed sequence. Can you please
> clarify.

Addressed. 

> 
> Section 8. 
> If this identifier is used outside of a TLS-secured session or 
>    without further verification as a means to determine which bundles
>    are transmitted over the session, then the node that has falsified
>    its identity would be able to obtain bundles that it otherwise
> would
>    not have.
> 
> I don’t see how a entity could trust the in SESS_INIT provided EID
> more just because it is in TLS unless there are some mechanism for
> binding the EID to the TLS session endpoint (client or server). Some
> type of authentication is needed to prove the identity. 
> 

I think the new text in Section 8 and the clarified TLS procedures
resolves this issue. 


> Section 8.
> Therefore, an entity SHALL NOT use the EID value of an
> unsecured contact header to derive a peer node's identity unless it
>    can corroborate it via other means.
> 
> The EID value is not part of the CH, only SESS_INIT. Is this a left
> over from TCPCLv3 or earlier versions?

Fixed.

> 
> Section 8. Needs text on  TLS stripping attack due to the optional
> TLS usage.

Fixed. 

> 
> Section 9: “In this section, registration procedures are as defined
> in [RFC8126].” … defined as in …
> 

Fixed.

> Section 9: “Some of the registries below are created new for TCPCLv4
> but share code values with TCPCLv3.”
> 
> I don’t think “share” is the right word here. Maybe “Some of the
> registries have been defined as version specific to TCPCLv4, and
> imports some or all codepoints from TCPCLv3.”

Fixed.

> 
> Section 9.3: Is RFC Required unnecessary strict? Considering the
> quite large name space, I would think that specification required
> would be a suitable policy? Just trying to understand what you think
> is gained by having someone publish the extension as an RFC, in any
> stream including the independent. 

So this was changed to Expert Review and that is fine. Any registration
requirements or special considerations for the Expert? 

> 
> Section 9.4: Same question as for 30)

Addressed. 

> 
> Section 9.5: Here RFC required may be suitable. However, does it make
> sense to allocate 2 or 4 points also here for Private/Experiments?

Addressed. 
> 
> Section 9.6: Here I would consider Expert Review with a specification
> requirement. I also do not understand why so much is reserved, a
> reason for that? 
> 
> I would expect that the policy for 9.6-9.8 to be aligned so may
> require change if change is decided on 33. 

Fixed. 
> 
> A big question I have after having read this document is how one
> discover / determine the IP+port(s) to connect to for a given EID. Is
> this currently completely deployment specific? And how bound is this
> to Bundle routing? 
> 
> What may be missing is the section that tells the intended
> implementor that in addition to follow this specification you do need
> a solution to the following things, like for example authentication
> framework that allows one to verify the TLS connects to EID mappings.
> Or an address resolution protocol that maps EID to IP address and
> port pairs for cases when routing simply give you Forward this bundle
> to EID using TCPCLv4.

So the scope of the document clarifies things and points to some needs.
So I will consider this one resolved. 

Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------