IETF Logo Mail Archive

Re: [EAT] Security Levels (seclevel): why "restricted"

Marcus Streets <Marcus.Streets@arm.com> Fri, 06 July 2018 10:32 UTC

Return-Path: <Marcus.Streets@arm.com>
X-Original-To: eat@ietfa.amsl.com
Delivered-To: eat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEF4130F3A for <eat@ietfa.amsl.com>; Fri, 6 Jul 2018 03:32:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzKRx8GnxQXO for <eat@ietfa.amsl.com>; Fri, 6 Jul 2018 03:32:17 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20081.outbound.protection.outlook.com [40.107.2.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E736130E23 for <eat@ietf.org>; Fri, 6 Jul 2018 03:32:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=79m9iamZDKPkX/9p6CUXDoAjRuk1grMsAIAXPtX8oUk=; b=nTDFrZr3qvKxo8DpQKjY+mLJYngF8GIyV4YSPvcmwfwxTCyhYReJSOpEdx9sN8bg/rg2Mh4zPseOxOOjiP278AgWECr+/kNqpc1roIicFRHLPDDy76gJmssGxgj7S0GKYbR6PJwlOKJezy3nRKT64SEDgWlnYgtl1FpR3ISmyzQ=
Received: from AM0PR08MB3265.eurprd08.prod.outlook.com (52.134.94.22) by AM0PR08MB3443.eurprd08.prod.outlook.com (20.177.109.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.930.18; Fri, 6 Jul 2018 10:32:13 +0000
Received: from AM0PR08MB3265.eurprd08.prod.outlook.com ([fe80::d469:4901:4c38:279e]) by AM0PR08MB3265.eurprd08.prod.outlook.com ([fe80::d469:4901:4c38:279e%2]) with mapi id 15.20.0906.027; Fri, 6 Jul 2018 10:32:13 +0000
From: Marcus Streets <Marcus.Streets@arm.com>
To: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>, Laurence Lundblade <lgl@island-resort.com>
CC: Suresh Marisetty <Suresh.Marisetty@arm.com>, "eat@ietf.org" <eat@ietf.org>
Thread-Topic: [EAT] Security Levels (seclevel): why "restricted"
Thread-Index: AQHUCUFn/rXvMv2oX0+AqU+S29iTp6Rscx+AgAdoQgCAAI7qAIADH9NPgAACpgCACXq1xYAA+IcAgAADgsA=
Date: Fri, 06 Jul 2018 10:32:13 +0000
Message-ID: <AM0PR08MB326573BFD627301D4AA901A88C470@AM0PR08MB3265.eurprd08.prod.outlook.com>
References: <99A5F020-7CAA-4E11-95F5-C522CE6FD75C@qti.qualcomm.com> <B4993F47-435E-494A-8682-87FFB10D378A@island-resort.com> <6760F42C-6AD1-430B-BB28-6912EA47E68D@qti.qualcomm.com> <B057AD87-CA29-491D-BBB2-077EDD03CE83@island-resort.com> <DB6PR0801MB17993267F1CDD5EE48049FF697480@DB6PR0801MB1799.eurprd08.prod.outlook.com> <D5E65C46-F222-486E-9556-5E07AEE4AB8E@island-resort.com> <51D1FBC8-AE2D-4382-93F1-099F4517F482@qti.qualcomm.com> <DB6PR0801MB1799E2E0DBAFCE1310F3799D974E0@DB6PR0801MB1799.eurprd08.prod.outlook.com> <6B3F2543-B6A9-4D25-BC93-FCD8142F3CE8@island-resort.com> <00D829BB-6361-4268-8ED4-DB6F6C61D779@qti.qualcomm.com>
In-Reply-To: <00D829BB-6361-4268-8ED4-DB6F6C61D779@qti.qualcomm.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Marcus.Streets@arm.com;
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM0PR08MB3443; 7:91G3s6xKToC56iQ1/13LasgrvpM6WI98Ds0jUPPiM3/InOLkaW8DKoW5cvvMeBD/j6LMNApk1mP0hrbph/wRxaZX9Lc1jFoMHoh37mwTScXAxiDUG/6NiAfoV9rs8/wzPx/mT88depsCxP1I/Q5ZSFhVa77fnZi3fqbw6v5HjumdpbIqYq+Ptocv8oE8uZ2zMex/LQj93OTA270f0RbEBJj5E1UVade8PR3G6w8pJbjeFE/oQMkgcxP6UBmiMIqS
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d5ceb757-856d-4397-f08f-08d5e32bbcbf
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(48565401081)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:AM0PR08MB3443;
x-ms-traffictypediagnostic: AM0PR08MB3443:
x-microsoft-antispam-prvs: <AM0PR08MB344305BA82EF4C16A4AB32198C470@AM0PR08MB3443.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(20558992708506)(278428928389397)(120809045254105)(192374486261705)(223705240517415)(788757137089)(100405760836317)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:AM0PR08MB3443; BCL:0; PCL:0; RULEID:; SRVR:AM0PR08MB3443;
x-forefront-prvs: 0725D9E8D0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(396003)(136003)(346002)(376002)(366004)(189003)(40434004)(199004)(85664002)(7110500001)(2906002)(5250100002)(10710500007)(14454004)(561944003)(33656002)(6246003)(25786009)(4326008)(966005)(66066001)(45080400002)(478600001)(72206003)(81166006)(68736007)(8676002)(3846002)(8936002)(790700001)(6116002)(7736002)(74316002)(5024004)(106356001)(14444005)(256004)(81156014)(53936002)(53946003)(105586002)(2900100001)(54896002)(6306002)(55016002)(26005)(76176011)(99286004)(9686003)(236005)(93886005)(186003)(6506007)(7696005)(102836004)(229853002)(53546011)(110136005)(54906003)(5660300001)(86362001)(316002)(446003)(6436002)(11346002)(15650500001)(476003)(2420400007)(97736004)(21615005)(486006)(606006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3443; H:AM0PR08MB3265.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: KmRoWo18A8PEuKB5c6PUoosicd4Ody07JGxpYbrRsFAgY0qMVTxQnRmFl1JXsrL9bc58l5aQ/tygxiOEuKEJE/HhNC4xjGHCFPpAa8rP0VPC/uEejX2TUudkdtk0h9ecmBNb/QkIuzyisktndE1IkpdXWV0SZ09NXymBFbELxtlxMCk1kbknX56mCgoUZ3NoOgp3ECUMcLmuIRT+ifdWL4SpRnjpni1o48Ijj8IzLmfv/UmAjfonOqVsPdvAeaLi/qiFHOL5iP+31C61unIm5J+BGUJzN59UsgO+oLDzSwT6NtXdl4mZUg3i2lGLWVt9EjsZRO7TdlorcpOcBwOpDgmGEHYyS07pGuVG9J61z0U=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB326573BFD627301D4AA901A88C470AM0PR08MB3265eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d5ceb757-856d-4397-f08f-08d5e32bbcbf
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2018 10:32:13.1516 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3443
Archived-At: <https://mailarchive.ietf.org/arch/msg/eat/zD5nrwdRW1s4uUy-SW65mLS1WJI>
Subject: Re: [EAT] Security Levels (seclevel): why "restricted"
X-BeenThere: eat@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EAT - Entity Attestation Token <eat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eat>, <mailto:eat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eat/>
List-Post: <mailto:eat@ietf.org>
List-Help: <mailto:eat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eat>, <mailto:eat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 10:32:22 -0000

While it is right we should have high level broad brush level, for security the devil is always in the detail.
Even if 99% of reliers can make sensible decisions based on the three levels – the remaining 1% will need to drill down into the specific. However, if we really believe that there will be Trillions of IOT devices, that 1% is still Billions of devices.

I think the key is to have a basic attestation – but also allow the relying party to ask for more detailed reports if they require it.

The problem is that the details get messy fairly quickly – but provided everything is organized  logically reliers only need to be able to parse those details they are interested in and do not need to know how to process other branches.

For example if ACME having realized that there is a market for Avian detectors builds a unit.
Mr Coyote buys one and adds it to his system.
The console wants to verify the endpoint.
It needs attestation of the GPS system, time system and the avian detector but ignores the accelerometer.

So Coyote know where Roadrunner is, but is unaware of the falling rocks caused by the earthquake.

Next time he adds a seismometer – that needs to know about the accelerometer, but not the avian subsystem.

Either the report contains details of every subsystem and the relier ignores the bits they do not care about.
Or the initial attention lists the subsystems and the relier then asks for attestation of the details of those  subsystems they are actually interested in, potentially recursively as it works down a tree




From: EAT <eat-bounces@ietf.org> On Behalf Of Jeremy O'Donoghue
Sent: Friday, July 6, 2018 10:11 AM
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Suresh Marisetty <Suresh.Marisetty@arm.com>; eat@ietf.org
Subject: Re: [EAT] Security Levels (seclevel): why "restricted"

I think we are on the correct track here. I also agree that we do not want to tie the levels to Common Criteria style attack potential in the EAT standard as this can change significantly over time, and is generally defined by processed that are not fully open.

The three proposed names (Unrestricted, Restricted and Hardware) are OK although I slightly prefer "Tamper Resistant" to "Hardware" (not enough to object strongly though).

It may be that some use-cases for the standard mandate specific security certification, but it would be better for these to have use-case specific claims, probably defined in different standards (not necessarily by IETF), for those certifications.

Here are some suggested examples - I think some explanatory text is required for them to make sense.

Wearable Activity Tracker: In this example, a wearable activity tracker has a micro controller running am operating system with a privileged kernel and various activity tracking applications running in user-space. An EAT is implemented as a user-space application using software cryptography. An EAT generated by such a device would have "Unrestricted" security level.

Desktop PC: In this example, a desktop PC has a certified hardware TPM, and the TPM implements the security functionality for an EAT. An EAT generated by such a device would have a "Hardware" (or "Tamper Resistant") security level.

Home IoT Hub: In this example, a home IoT hub runs Linux on an SoC which has ARM CPU with TrustZone. The EAT support is implemented in a Trusted Execution Environment which has been securely booted, and which contains at least a Root of Trust for Reporting (RTR). An EAT generated by such a device would have a "Restricted" security level.

Smart Refrigerator: In this example, a smart refrigerator runs Windows on an Intel device with SGX. The EAT support is implemented in under SGX. An EAT generated by such a device would have a "Restricted" security level.

Water Meter: In this example, a water meter was a low-power micro controller running on an RTOS and a Secure Element which provides security functionality including support for EAT. An EAT produced by such a device would have a "Hardware" security level.

I should note that there is some interesting discussion on Roots of Trust and suitable definitions of a Trusted Execution Environment  architecture taking place at the moment on the Teep mailing list. These might be useful background reading for those unfamiliar with GlobalPlatform terminology, which is the usual reference in this area. I should note that Teep has yet another slightly different view on Attestation which is limited essentially to the TEE itself.

Roots of Trust: https://www.ietf.org/mail-archive/web/teep/current/msg00326.html
TEE Architecture: https://datatracker.ietf.org/doc/draft-ietf-teep-architecture/

Jeremy

On 5 Jul 2018, at 19:21, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

So it seems there is some consensus about Unrestricted and Restricted and we do have the FIDO document to reference as reasonable criteria for that distinction. We also know there must be at least one level better than Restricted.

Since we are just going for coarse security levels here to avoid the rat hole, I’m going to suggest we stick to three. The HW level is something like this:

To claim HW level security the EAT implementation should implement most of the following:
 - Defend against circuit probing, at least a the PCB level and preferably at the chip level
 - Defend against RF and power analysis side channel attacks
 - Defend against clock and power glitching

So the three levels line up with common security technologies:
Unrestricted - Linux, Windows, MacOS…
Restricted - TrustZone, SGX, Microsoft VBS...
Hardware - SmartCard, SecureElement, TPM...

A good next step would be to create a big list of examples: phones, this IoT device, that IoT device, desktops, tablets, control units, fitbits, refrigerator, (physical) security camera…

LL


Here’s more info on what FIDO which does have more than 3 levels.

FIDO certification distinguishes HW level security by Common Criteria AVA_VAN rating, which relates to Common Criteria attack potential calculation, but I don’t think we want to do that here. It is very heavy and complex and it is for security certification, which I do not think we should go into here.

In more practical terms, the FIDO distinction can be described as chip-level attacks versus PCB-level attacks. An example of a PCB-level attack might be the removal of potting from the circuit board or drilling and probing embedded circuit board traces — attacks that can be carried out with equipment from Fry’s or Radio Shack. An example of a chip-level attack is the removal of the cap of the chip and using a laser to inject faults, which requires much more sophisticated equipment.






On Jun 29, 2018, at 11:12 AM, Suresh Marisetty <Suresh.Marisetty@arm.com<mailto:Suresh.Marisetty@arm.com>> wrote:

How about this:

Level 1 / Unrestricted
This is everything that doesn’t qualify for the other more secure levels.

Level 2 / Restricted
This uses an isolated environment to defend against network-originated SW-based large scale attacks

Level 3 / Simple Hardware
This uses simple hardware mechanisms to defend against captured devices

Level 3 / Advanced Hardware
This uses advanced hardware mechanisms to defend against captured devices

Simple and Advanced would be subjective, but anything above and beyond-2 is (3) .

Thanks
Suresh Marisetty


From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>
Sent: Friday, June 29, 2018 10:36 AM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Cc: Suresh Marisetty <Suresh.Marisetty@arm.com<mailto:Suresh.Marisetty@arm.com>>; eat@ietf.org<mailto:eat@ietf.org>
Subject: Re: [EAT] Security Levels (seclevel): why "restricted"

Differences between level 2 and level 3 that I can think of.


  *   Level 2 should be resilient against remote attackers. Level 3 should be resilient against attackers with physical access to the EAT.
  *   Level 3 needs to be highly robust against local side channel attacks.

Typical evaluation practice looks at both the effort to identify an attack and the effort to usefully exploit it. We probably need to make some statement which addresses this, because the security problem is somewhat different for identification and exploitation, but I can't immediately think of any simple way to address that.

Jeremy



On 29 Jun 2018, at 18:24, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

I think an EAT claim for security level is probably only going to work as a rough characterization, a coarse classification into a small number of buckets.

If we try to have any fine-grained characterization we’re going to end up in long hair-splitting discussion — rat holes as they say.  Security characterization isn’t really linear as some use cases will be concerned about some types of attacks, others will be concerned about different attacks. Each vendor is going to have their own agenda.

I think formal security certification is a good way to characterize security, but I don’t think it belongs in IETF EAT documents that focus on bits-on-the-wire and interoperability. I would like to see EAT implementation certified at some point in the future, but by organizations like Global Platform, not IETF.

I don’t think it can be based on the cost of attacks, because that is difficult and expensive to measure. Common Criteria Attack Potential Calculation is a means to do exactly that and it can take months and tens or hundreds of thousands of dollars to measure it for an implementation.


So how to define our coarse levels?

Conceptually I propose something like this:

Level 1 / Unrestricted
This is everything that doesn’t qualify for the other more secure levels.

Level 2 / Restricted
This uses an isolated environment to defend against network-originated SW-based large scale attacks

Level 3 / Hardware
This uses hardware mechanisms to defend against captured devices

I believe we have a concrete definition of Restricted in the FIDO definition of a Restricted Operating Environment<https://fidoalliance.org/specs/fido-security-requirements-v1.0-fd-20170524/fido-authenticator-allowed-restricted-operating-environments-list_20170524.pdf>.  Anything that meets that criteria gets to claim Level 2 / Restricted. If it doesn’t meet that, then it’s Level 1 / Unrestricted. I don’t have such a handy definition for the distinction between Level 2 and Level 3, but I think we can come up with one.

LL





On Jun 27, 2018, at 11:31 AM, Suresh Marisetty <Suresh.Marisetty@arm.com<mailto:Suresh.Marisetty@arm.com>> wrote:

My proposal is  to have multiple security level claims and here is a thinking for three levels of security:


  1.  Level-1 – robustness against software attacks (self-certified)
  2.  Level-2 –  (1+) Hardware attacks that can be launched with <$cost
  3.  Level-3 – (2+) Hardware attacked launched with >$cost

I assume this is what the basic, substantial and high means below.  Unless we define what these mean, there can be various interpretations of it.

Thanks
Suresh Marisetty


From: EAT <eat-bounces@ietf.org<mailto:eat-bounces@ietf.org>> On Behalf Of Laurence Lundblade
Sent: Wednesday, June 27, 2018 10:44 AM
To: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>>
Cc: eat@ietf.org<mailto:eat@ietf.org>
Subject: Re: [EAT] Security Levels (seclevel): why "restricted"

I could agree on three.

That means things like the WiFi subsystem, the audio / video DSP and such on an SoC are lumped in with the high-level OS security level because they are not security-oriented. I think the security-orientation distinction is important for things like TEEs, SGX and such and wouldn’t want to lose it by lumping things like WiFi in with them.

The other thing I like about three and only three coarse levels is that it short-circuits detailed debates about one being slightly more secure than another and dragging us to 5, 6, 7… levels.

Although, after watching this (long but good) Project Zero presentation<https://www.err.ee/836236/video-google-0-projekti-tarkvarainseneri-ettekanne-cyconil> that discusses complexity of chips and their fabrication, I am tempted to add a fourth chip-only only level. The fourth level would always identify the chip based on a HW-only implementation of EAT.

LL





On Jun 27, 2018, at 2:12 AM, Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>> wrote:

I'm open to discussion on names. The main argument I am making is that we currently have four claims levels and three seems better aligned with industry practice - i.e. we should not distinguish between "restricted" and "restricted secure".

Jeremy




On 22 Jun 2018, at 17:05, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

Also, here’s<https://developer.android.com/training/articles/security-key-attestation#certificate_schema_securitylevel> Android’s security level distinction for Android attestation. They call their levels “Software” and “TrustedEnvironment”. This lines up with Unrestricted and Restricted.

LL





On Jun 21, 2018, at 2:22 AM, Jeremy O'Donoghue <jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com>> wrote:

I have been thinking about the seclevel claim, and while I agree that the claim is not related to security certification as such, the more I consider the semantics, the more I struggle with the difference between "Unrestricted" and "Restricted" security, since it seem to me that there is no practical difference in the security level that can legitimately be claimed between these cases - anecdotal evidence of security breaches in many devices which would meet the "Restricted" definition.

My suggestion, therefore, would be to remove "restricted" and perhaps to replace the claim names:

- "Basic" to replace "Unrestricted";
- "Substantial" to replace "Secure Restricted";
- "High" to replace "Hardware".

This also seems to align with emerging views on describing security (FIDO, eIDAS for example) which is trending towards describing security at one of three levels, which are generally couched in terms such as "basic", "substantial", "high".

Jeremy
_______________________________________________
EAT mailing list
EAT@ietf.org<mailto:EAT@ietf.org>
https://www.ietf.org/mailman/listinfo/eat


_______________________________________________
EAT mailing list
EAT@ietf.org<mailto:EAT@ietf.org>
https://www.ietf.org/mailman/listinfo/eat

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
EAT mailing list
EAT@ietf.org<mailto:EAT@ietf.org>
https://www.ietf.org/mailman/listinfo/eat


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email