Re: [Ecrit] planned-changes: two questions

[Randall Gellens <rg+ietf@randy.pensive.org>]

I wasn't clear that Dan was making a specific proposal; I interpreted 
his description as what he implemented.  As I understand, he uses a 
separate API (not LoST) that returns partial civic addresses.  What I 
described is how I would fit what he did into what the draft does now, 
specifically, a new LoST query instead of a non-LoST API, and IDs.

--Randall

On 14 Sep 2021, at 5:28, Brian Rosen wrote:

> Dan’s proposal doesn’t use IDs.  He returns partial civic 
> addresses.
>
>> On Sep 13, 2021, at 6:12 PM, Randall Gellens 
>> <rg+ietf@randy.pensive.org> wrote:
>>
>> Fitting his concept into the draft leads us to retain the concept of 
>> the server returning an ID with a query result; the change is that 
>> instead of a notification URI we have a new query. I suppose this new 
>> query (e.g., "plannedChangesRequest") could either return a list of 
>> all IDs potentially invalidated with an "asOf" date, or the query 
>> could contain a set of IDs and the response can indicate the "asOf" 
>> date for each queried ID.
>>
>> --Randall
>>
>> On 13 Sep 2021, at 14:45, Brian Rosen wrote:
>>
>> Well, since there is no planned changes, it’s suggested that LISs 
>> revalidate periodically.  I think 30 days is the suggested frequency.
>> A user configured address is validated when they enter it.  That 
>> doesn’t work well now, but newer systems using LoST will make that 
>> immediate.  The systems usually don’t allow an invalid location to 
>> be configured.  I never thought that was a good idea, but that’s 
>> what I’ve seen.  They don’t initiate service, or keep the old 
>> address until it’s validated.
>>
>> Yes. I think you have described Dan’s proposal correctly.  He 
>> didn’t have IDs, the system delivers addresses and AsOf dates.  He 
>> had the notion of a partial civic address, which may make the change 
>> list much smaller.
>>
>> Brian
>>
>>> On Sep 13, 2021, at 5:27 PM, Randall Gellens 
>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> 
>>> wrote:
>>>
>>> Do LISs frequently revalidate addresses? An address that's user 
>>> configured is likely to be wrong (not where the user is at the time 
>>> of a call) but still valid.
>>>
>>> If I understand Dan's suggestion and how it would fit into the 
>>> draft, the LoST server returns an ID in the response, as in the 
>>> current draft, but instead of the client providing a URI which the 
>>> server stores and later sends a POST to, we define a new LoST query 
>>> (e.g., "plannedChangesRequest"), and in the response to that, the 
>>> server includes sets of IDs and "asOf" dates. Is that it?
>>>
>>> --Randall
>>>
>>> On 13 Sep 2021, at 5:30, Brian Rosen wrote:
>>>
>>> The kind of thing I’ve seen many times is an annexation.  It’s 
>>> announced months, sometimes years in advance.  While there are clear 
>>> boundaries, they very often don’t match postal boundaries or the 
>>> existing “unincorporated community name”, A4.  It takes weeks to 
>>> months of prep to figure out which entries will change and which 
>>> stay the same.  Of course a good reason it takes that long is that 
>>> at present, there is nothing like LoST Planned Changes, so it’s 
>>> got a whole lot of manual work.  I am aware that sometimes, things 
>>> really do change where you don’t find out more than 24 hours 
>>> ahead.  Usually, that’s poor planning, rather than an actual short 
>>> fuse change, but it happens, and has to be dealt with.
>>>
>>> Just polling is a really poor answer IMO, because you have to 
>>> revalidate the entire dataset to find the entries that changed.  
>>> I’ve built many systems with TTL where the TTL was gradually 
>>> reduced around a change so that the entries that changed had short 
>>> TTLs and the entries that didn’t had longer ones.  That only works 
>>> if you know far enough in advance that a change is coming.  That’s 
>>> generally true for the events that planned-changes is designed for, 
>>> but not always.  If your norm is 90 day TTL, and something comes up 
>>> where you find out 30 or 60 days in advance, then that idea won’t 
>>> work.
>>>
>>> Dan’s system fixes that, by having a poll for changes.  He 
>>> publishes a list of entries that will change.  That can be polled 
>>> frequently, because it’s small.  If I understand the “partial 
>>> civic” idea, it can often be very small.
>>>
>>> I still prefer push, because it actually fits the problem: the 
>>> server wants to tell the client that something is changing.  But 
>>> I’m willing to do what Dan suggests.  It’s not my favorite, but 
>>> it will work.  Just using TTL won’t, in my opinion.  Either you 
>>> have to do way too frequent full revalidations, or you miss events.
>>>
>>> I’ve never liked the fact that LoST servers have 99.99% of 
>>> transactions that are mostly worthless - revalidations of things 
>>> that didn’t change.
>>>
>>> But as editor, I will write up whatever the work group consensus is.
>>>
>>> Brian
>>>
>>>> On Sep 10, 2021, at 4:11 PM, Jeff Martin 
>>>> <Jeff.Martin@comtechtel.com <mailto:Jeff.Martin@comtechtel.com>> 
>>>> wrote:
>>>>
>>>> Brian wrote:
>>>>> [the client] not knowing well in advance [of a server change] is, 
>>>>> I think, unacceptable
>>>>
>>>> In my outlined suggestion, I ended with:
>>>> The data in the [server] issued set could be further extended to 
>>>> convey upcoming potential impacts to ids that have not yet been 
>>>> impacted.
>>>>
>>>> The server's issued set(s) could contain 'invalidAsOf' indicators 
>>>> with the locationIds, similar to the draft's server-pushed 
>>>> <locationInvalidated invalidAsOf="..." ...>.   So if a server knows 
>>>> "well in advance", say 24 hours, as long as the clients pull within 
>>>> 24 hours the clients would also know well in advance.   My outlined 
>>>> suggestion also includes server-provided TTL in server responses to 
>>>> give hints to clients about polling frequency.
>>>>
>>>> Balancing the tradeoffs of polling vs uri+push requires answering 
>>>> this question:  What will be the typical and/or exceptional 
>>>> lead-times for servers operators to know about upcoming changes?
>>>>
>>>> If it's common that server operators themselves often identify 
>>>> changes with less than one-hour notice, then the complexity of 
>>>> client-registered-uri with server-push is more justified.
>>>>
>>>> But if it's common that server operators usually identify changes 
>>>> with one day or more notice, and one-hour notice is very uncommon, 
>>>> then the simplicity of polling is more justified.
>>>>
>>>> IMO based on experience at my company, days of lead time (not 
>>>> hours) is typical for server operators dealing with "planned 
>>>> changes" that affect validity.  So the simplicity of polling with 
>>>> responses that include  'invalidAsOf' is better than the complexity 
>>>> of uri+push, whose benefits would rarely be realized in an 
>>>> environment dominated by days  of lead time.
>>>>
>>>> /Jeff/
>>>>
>>>>
>>>> From: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>>
>>>> Sent: Friday, September 10, 2021 10:30 AM
>>>> To: Dan Banks <dbanks=40ddti.net@dmarc.ietf.org 
>>>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>>
>>>> Cc: Jeff Martin <jeff.martin@comtechtel.com 
>>>> <mailto:jeff.martin@comtechtel.com>>; ecrit@ietf.org 
>>>> <mailto:ecrit@ietf.org>
>>>> Subject: Re: [Ecrit] planned-changes: two questions
>>>>
>>>>
>>>> Minutes?
>>>>
>>>> So the clients of this service poll for changes every few minutes?
>>>>
>>>> What is a “partial civic address”?  Example?  Something like an 
>>>> A1/A2/A4 but no street name/number, meaning any address in this 
>>>> unincorporated community name?
>>>>
>>>> ISTM that a planned change quite often can’t be fixed in a way 
>>>> that code could do it.  So, we still need to advertise the change 
>>>> well in advance of the change, and have the ability to do the AsOf 
>>>> validation.  Changing the way the client discovers that a change is 
>>>> coming is one thing, not knowing well in advance is, I think, 
>>>> unacceptable.
>>>>
>>>> Brian
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ___________________________________________________________________
>>>> On Sep 10, 2021, at 12:13 PM, Dan Banks 
>>>> <dbanks=40ddti.net@dmarc.ietf.org 
>>>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>> wrote:
>>>>
>>>> I am opposed to asking LoST servers to store URIs as well.  I 
>>>> believe it significantly overcomplicates the solution and is the 
>>>> biggest reason why I have not supported the planned changes draft.
>>>>
>>>> Several years ago we implemented a mechanism to allow a LIS to know 
>>>> that it needs to revalidate.  Roughly described, that mechanism 
>>>> consists of a web API that can be queried for changes after a 
>>>> particular time.  The response is a summary of changes in terms of 
>>>> partial civic addresses that allow the LIS to identify records that 
>>>> are likely to be affected, or possibly that there have been so many 
>>>> changes that a full revalidation is recommended.  We’ve made the 
>>>> API discoverable via U-NAPTR using the same app string as a given 
>>>> LoST server.
>>>>
>>>> Yes, the LIS has to poll the various LoST servers and ask if there 
>>>> have been any changes.  That is a cheap operation to implement, and 
>>>> the practical difference between knowing the very instant a change 
>>>> is published versus finding out within a few minutes is not 
>>>> significant in any way.
>>>>
>>>> Dan
>>>>
>>>> From: Ecrit <ecrit-bounces@ietf.org 
>>>> <mailto:ecrit-bounces@ietf.org>> On Behalf Of Jeff Martin
>>>> Sent: Thursday, September 9, 2021 4:09 PM
>>>> To: ecrit@ietf.org <mailto:ecrit@ietf.org>
>>>> Subject: Re: [Ecrit] planned-changes: two questions
>>>>
>>>> Asking a server to store and later user a client-provided uri opens 
>>>> the door for abuse by malicious actors.   Which got me to thinking, 
>>>> what if we removed the client-provided uri entirely?  If no uris 
>>>> then no risk of abuse.
>>>>
>>>> Keep the new optional <plannedChange asOf="..."> but without 'uri' 
>>>> in the client's <findServiceRequest>.  Keep the new optional <ttl> 
>>>> in the server's <findServiceResponse> as a hint to clients that may 
>>>> want to initiate revalidation from the client side.  Keep the new 
>>>> optional server "unique location ID" in the server response as 
>>>> discussed on this list (but not yet in published draft), which the 
>>>> client could choose to associate with the client's internal 
>>>> records.
>>>>
>>>> The server periodically (server policy) issues a set of 
>>>> "potentially impacted" ids, where "potentially impacted" has 
>>>> already been discussed on this list. Each set includes: the ids 
>>>> that have been "potentially impacted" since the previous set was 
>>>> issued; the time-range covered; and a TTL hint on how long until 
>>>> the server is likely to issue the next list.  The server keeps the 
>>>> sets going back some interval defined by server policy.
>>>>
>>>> Client sends a "discovery" query to server, where server response 
>>>> is: the url(s) of the most recent and past set(s); and a TTL hint 
>>>> on how long until next list likely to be released.  Client then 
>>>> queries any of these urls, and server responds with the set that 
>>>> includes: the ids that have been "potentially impacted" since the 
>>>> previous set was issued; the time-range covered; and a TTL hint on 
>>>> how long until the server is likely to issue the next list.
>>>>
>>>> For clients that want to be highly proactive for changes, the 
>>>> client can store the "unique location id" from 
>>>> <findServiceResponse> and associate to the client's internal 
>>>> records.  The client then periodically queries the server for the 
>>>> set(s) of impacted IDs, and client gets a copy of each set. The 
>>>> client uses these sets of impacted ids from the servers list to 
>>>> check the clients internal records, and client can then revalidate 
>>>> those.
>>>>
>>>> No more client-provided uris entirely removing the possibility of 
>>>> abuse by malicious actors.
>>>>
>>>> The data in the issued set could be further extended to convey 
>>>> upcoming potential impacts to ids that have not yet been impacted.
>>>>
>>>>
>>>> /Jeff/
>>>>
>>>> From: Ecrit <ecrit-bounces@ietf.org 
>>>> <mailto:ecrit-bounces@ietf.org>> On Behalf Of Caron, Guy
>>>> Sent: Thursday, September 9, 2021 7:52 AM
>>>> To: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>>; 
>>>> Randall Gellens <rg+ietf@randy.pensive.org 
>>>> <mailto:rg+ietf@randy.pensive.org>>
>>>> Cc: ECRIT <ecrit@ietf.org <mailto:ecrit@ietf.org>>
>>>> Subject: Re: [Ecrit] planned-changes: two questions
>>>>
>>>> I’m aligned with Brian on the proposal to embed a reverse HTTP 
>>>> transaction within an existing one. I think this is asking for 
>>>> trouble.
>>>>
>>>> Guy
>>>>
>>>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>>
>>>> Envoyé : 8 septembre 2021 19:32
>>>> À : Randall Gellens <rg+ietf@randy.pensive.org 
>>>> <mailto:rg+ietf@randy.pensive.org>>
>>>> Cc : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>>; ECRIT 
>>>> <ecrit@ietf.org <mailto:ecrit@ietf.org>>
>>>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions
>>>>
>>>> Inline.  I think we need other opinions.  Certainly, we don’t 
>>>> have rough consensus.
>>>>
>>>>
>>>>
>>>> ________________________________________________________
>>>> On Sep 8, 2021, at 5:45 PM, Randall Gellens 
>>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> 
>>>> wrote:
>>>>
>>>> Why is a subsequent transaction better than a parallel one? The 
>>>> subsequent transaction model delays knowledge of the state.
>>>> If the client doesn't see an immediate POST, it doesn't know if 
>>>> there's been an error or not.
>>>> Yes it does.  If it doesn’t see an immediate POST, then there was 
>>>> a problem and it has to try again.
>>>>
>>>> If the client sees a POST and sends an ID, it doesn't know if the 
>>>> server received it and stored the URI.
>>>> Technically true, but vanishingly small issue.  You had a complete 
>>>> HTTPS transaction, but somehow the client isn’t sure the server 
>>>> got the ID.
>>>>
>>>> If the server tries a POST but gets an error, it may retry but 
>>>> meanwhile the client may retry the query, since it didn't get a 
>>>> POST.
>>>> That's always going to be something the server has to deal with: 
>>>> re-enrollment of the URI.  The client gets a normal response, and 
>>>> that tells it the URI was accepted.
>>>>
>>>> Should a client retain IDs if it hasn't seen a POST?
>>>> No, lack of POST means URI is not enrolled
>>>>
>>>> Also, requiring that the client send an ID seems like it may 
>>>> constrain client architectures since any part of the client system 
>>>> that receives a POST must know which IDs are pending.
>>>> I don’t agree.  This is a pretty normal “I send you a magic 
>>>> number and you have to return it to me” thing.  There are no 
>>>> “pending IDs”.  This is the first ID, so you need to return it, 
>>>> and only it, but it’s the only ID the client has at this point.
>>>>
>>>> What is the objection to a parallel POST?
>>>> I was taught that you don’t embed an HTTP transaction in another 
>>>> with the same partner because things go wrong with timeouts and 
>>>> logic.  It’s not a parallel POST, it’s an HTTPS transaction one 
>>>> way that encloses another HTTPS transaction the other way.  You are 
>>>> dependent on the inner one completing before the outer one times 
>>>> out or has some other issue.  I just think that’s dangerous.  I 
>>>> will admit that I was taught this quite a long time ago (before 
>>>> HTTPS for sure) and things could have changed, but I can’t recall 
>>>> an API that does that.  Also note that keep alive works exactly the 
>>>> same way as the initial POST.  In your proposal, those are 
>>>> different.  That’s not much, but it’s some code.  The 
>>>> “test” transaction tells you that the mechanism works and your 
>>>> URI is being retained, whether that happens the first time, or a 
>>>> year later.
>>>>
>>>> --Randall
>>>> On 8 Sep 2021, at 14:22, Brian Rosen wrote:
>>>> I don’t think there is any fragility in the URI setup.  For a new 
>>>> URI, the client requests the server to keep it in a findService.  
>>>> That transaction concludes by sending an ID.  The server 
>>>> immediately sends the test notification, to which the client 
>>>> responds with the ID.  At that point both sides know the URI was 
>>>> accepted and the client is valid.  That may be repeated 
>>>> periodically so both sides know the other is happy with the 
>>>> arrangements.  If the client doesn’t get the test notification, 
>>>> it knows the URI isn’t accepted.  If the server doesn’t see the 
>>>> ID, it’s knows that was a bogus request, or there is some other 
>>>> problem, and it shouldn’t save the URI.
>>>>
>>>> I proposed a null ID as the test transaction flag.  That would be a 
>>>> piece of XML with the right namespace, the right element name, but 
>>>> no value.  I think that is adequate and meets Guy’s minimal 
>>>> mechanism criteria.  The same XML is always sent.  It either has a 
>>>> set of IDs or it’s empty.
>>>>
>>>> Brian
>>>>
>>>>
>>>> On Sep 8, 2021, at 5:11 PM, Randall Gellens 
>>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> 
>>>> wrote:
>>>>
>>>> The proposed mechanism seems fragile. A client has no way to know 
>>>> if its request to store a URI was accepted. That makes it hard to 
>>>> debug. If there are errors of any kind when the server initially 
>>>> verifies a URI, the client has no idea. Even if the client repeats 
>>>> the transaction, the server will silently discard the URI. To me, 
>>>> that's asking for problems.
>>>> In my proposal, when the client requests to be notified and 
>>>> provides a URI, the server immediately does a parallel POST to that 
>>>> URI. If it gets a 202 Accepted response to the POST (or we can 
>>>> choose a different value), it stores the URI and returns the query 
>>>> result. If it gets a different response, it does not store the URI 
>>>> and returns the query result with a uriNotStored warning. If a 
>>>> client is trying to get the server to launch an attack on a third 
>>>> party entity, that entity will likely not support the URI in the 
>>>> first place, or will likely return an error response. If you want 
>>>> additional verification, have the server include the queried 
>>>> location in its test POST. That way, if the client maliciously sent 
>>>> a URI of a third party LIS, that LIS will know it does not have a 
>>>> query with that location outstanding.
>>>> Doing a parallel POST from the server to the client is one small 
>>>> transaction; this mechanism provides immediate feedback to both 
>>>> client and server. If there are DNS failures or network congestion 
>>>> or whatever, the server returns uriNotStored and the client can try 
>>>> again later.
>>>> As for multiple IDs in a single notification POST, having the 
>>>> client specify in the initial request the maximum it is prepared to 
>>>> accept seems reasonable. We can require that clients support a 
>>>> minimum number. If a server has more than the maximum, it sends 
>>>> them in multiple POSTs, with whatever separation in time it 
>>>> chooses. A server can include fewer IDs in a POST than the client's 
>>>> maximum.
>>>> We can have a 'test' notification value that is used both for the 
>>>> initial verification test and for periodic keep-alive tests.
>>>> --Randall
>>>> On 8 Sep 2021, at 12:17, Brian Rosen wrote:
>>>> Okay, I think the three of us are converging,  Here is a 
>>>> restatement of your description:
>>>> 1) In a validation query, a Client can request to be notified when 
>>>> the proffered LI should be revalidated, and provides a URI to send 
>>>> the notifications to;
>>>> 2) In the validation response, the Server provides an ID that the 
>>>> Client associates with the LI it just validated.   The server may 
>>>> silently ignore repeated requests to store a URI where the test in 
>>>> 4 below fails.
>>>> 3) Immediately thereafter, if the URI is new to the Server, the 
>>>> Server sends a ‘test’ notification to the URI, with an empty 
>>>> ID.
>>>> 4) The recipient at the URI is expected to respond with the ID 
>>>> provided in step 2. If it does, the Server stores the URI for 
>>>> future notifications.  If it does not, the server ignores the 
>>>> request to store the URI.
>>>> 5) Some time after, the Server notifies the Client of an upcoming 
>>>> planned change by sending a notification to the successfully tested 
>>>> URI with the location ID;
>>>> 6) The client revalidates each LI in its database that matches the 
>>>> ID as of the date of the planned change. If no ID matches, it is a 
>>>> no-op at the Client. Revalidations may also result in no-op at the 
>>>> Client.
>>>> 7) LIs at the Client that are invalidated by the planned change are 
>>>> modified in its database to be valid (which probably mean another 
>>>> revalidation cycle) with an effective date set to <revalidateAsoF> 
>>>> value.
>>>> 8) The Server may send ’test’ notifications to the URI without 
>>>> any ID as a form of “keep-alive”.  Any ID provided by the 
>>>> Server to the client may be used as the response to the test 
>>>> transaction
>>>>
>>>>
>>>> There has been a discussion of sending more than one ID in a 
>>>> transaction.  I think that is a decent idea, but I worry about how 
>>>> big that could be.  Either we put a hard limit in the text or have 
>>>> something in the response to the test transaction that specifies a 
>>>> size limit for that client.
>>>>
>>>> Brian
>>>>
>>>>
>>>> On Sep 7, 2021, at 8:31 PM, Caron, Guy <g.caron@bell.ca 
>>>> <mailto:g.caron@bell.ca>> wrote:
>>>>
>>>> 1) In a validation query, a Client can request to be notified when 
>>>> the proffered LI should be revalidated, and provides a URI to send 
>>>> the notifications to;
>>>> 2) In the validation response, the Server provides an ID that the 
>>>> Client associates with the LI it just validated;
>>>> 3) Immediately thereafter, the Server sends a ‘test’ 
>>>> notification to the URI, without any ID;\
>>>> [br[For every new ID?  Or just once?  I wanted this to be a one 
>>>> time registration.
>>>> [GC] Just once per offered URI.
>>>>
>>>>
>>>> 4) The recipient at the URI is expected to respond with the ID 
>>>> provided in step 2. If it does, the Server stores the URI for 
>>>> future notifications. If it does not, the Server [let’s pick one: 
>>>> reject silently the URI and block the Client permanently/provides a 
>>>> ‘uriNotStored’ warning response to the URI {not compatible with 
>>>> the current proposal to test outside of LoST}/reject silently the 
>>>> URI and block the Client temporarily/other?];
>>>> [br]I don’t think an explicit failure is a problem.  The LoST 
>>>> server can limit retries if it needs to.
>>>> [GC] Ok for HTTP failures but what I’m talking about is when it 
>>>> fails to return the ID, like in your DoS example.
>>>>
>>>>
>>>>
>>>> 5) Some time after, the Server notifies the Client of an upcoming 
>>>> planned change by sending a notification to the successfully tested 
>>>> URI with the location ID;
>>>> 6) The client revalidates each LI in its database that matches the 
>>>> ID as of the date of the planned change. If no ID matches, it is a 
>>>> no-op at the Client. Revalidations may also result in no-op at the 
>>>> Client.
>>>> 7) LIs at the Client that are invalidated by the planned change are 
>>>> modified in its database to be valid (which probably mean another 
>>>> revalidation cycle) with an effective date set to <revalidateAsoF> 
>>>> value.
>>>> [br]I wanted periodic keep alives.  How would that work?
>>>> [GC] You mean at step 3? As I mentioned below, I was wondering 
>>>> about the necessity for periodic tests. If the group is convinced 
>>>> it is needed, the Server can simply redo step 3 and the Client can 
>>>> respond with one or many IDs it has from that Server.
>>>>
>>>>
>>>> NOTICE TO RECIPIENT: This email, including attachments, may contain 
>>>> information which is confidential, proprietary, attorney-client 
>>>> privileged and / or controlled under U.S. export laws and 
>>>> regulations and may be restricted from disclosure by applicable 
>>>> State and Federal law. Nothing in this email shall create any legal 
>>>> binding agreement between the parties unless expressly stated 
>>>> herein and provided by an authorized representative of Comtech 
>>>> Telecommunications Corp. or its subsidiaries. If you are not the 
>>>> intended recipient of this message, be advised that any 
>>>> dissemination, distribution, or use of the contents of this message 
>>>> is strictly prohibited. If you received this message in error, 
>>>> please notify us immediately by return email and permanently delete 
>>>> all copies of the original email and any attached documentation 
>>>> from any computer or other media.
>>>> _______________________________________________
>>>> Ecrit mailing list
>>>> Ecrit@ietf.org <mailto:Ecrit@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/ecrit 
>>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fecrit&data=04%7C01%7Cjeff.martin%40comtechtel.com%7Cb6354e9963b1469a1a1808d9747845af%7Ca9a26e696ae040c1bd801ca6cc677828%7C0%7C0%7C637668882191609050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NDkyikK2aPrzaE826qPjFrrlsn1WtrgpqjKx3KBKnQQ%3D&reserved=0>
>>> _______________________________________________
>>> Ecrit mailing list
>>> Ecrit@ietf.org <mailto:Ecrit@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/ecrit 
>>> <https://www.ietf.org/mailman/listinfo/ecrit>