Re: [Ecrit] planned-changes: two questions
Randall Gellens <rg+ietf@randy.pensive.org> Fri, 03 September 2021 21:20 UTC
Return-Path: <rg+ietf@randy.pensive.org>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806093A2F40 for <ecrit@ietfa.amsl.com>; Fri, 3 Sep 2021 14:20:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_FORGED_RELAY_MUA_TO_MX=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JA4oOiu3R7AS for <ecrit@ietfa.amsl.com>; Fri, 3 Sep 2021 14:19:59 -0700 (PDT)
Received: from turing.pensive.org (turing.pensive.org [99.111.97.161]) by ietfa.amsl.com (Postfix) with ESMTP id 74E933A2F3F for <ecrit@ietf.org>; Fri, 3 Sep 2021 14:19:59 -0700 (PDT)
Received: from [99.111.97.181] (99.111.97.161) by turing.pensive.org with ESMTP (EIMS X 3.3.9); Fri, 3 Sep 2021 14:19:58 -0700
From: Randall Gellens <rg+ietf@randy.pensive.org>
To: Brian Rosen <br@brianrosen.net>
Cc: "Caron, Guy" <g.caron@bell.ca>, ECRIT <ecrit@ietf.org>
Date: Fri, 03 Sep 2021 14:19:58 -0700
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <758344FE-DA8F-48C1-9913-48486E67B88B@randy.pensive.org>
In-Reply-To: <C9850692-F366-4A39-B235-1C532254FDFD@brianrosen.net>
References: <A0FC259C-DF34-4496-9013-422006278DA6@randy.pensive.org> <FB2A33E8-E146-404B-B150-1496C40510EF@brianrosen.net> <5577e2e6daa4405bbe12ef61675e1f55@bell.ca> <DE195D79-5A01-48EE-95CA-6C4B82E0886D@brianrosen.net> <e6e17f501711441188119cdfbe384d3d@bell.ca> <3AD58DEC-1DC9-4BC0-B55C-4E782E4AAA74@brianrosen.net> <E20342E7-2EFB-4479-96C2-85B4B7E16989@randy.pensive.org> <A7D59E8E-A014-4CC8-A0FF-5F58E81C6D4A@brianrosen.net> <2b4abbef37be4131a87471af75b6e7da@bell.ca> <CF2E8EDC-B38D-4742-B317-F3CE3E831578@brianrosen.net> <f82108f590674341a22da9c2e4c649e0@bell.ca> <7C4F6B87-C480-4963-B582-7639A9A1B029@brianrosen.net> <0DC4690F-1FE7-4249-98CB-C17877EF902A@randy.pensive.org> <B0E19C03-160A-496B-A23B-FD27AE407612@brianrosen.net> <53FD8476-DE95-484D-8353-6BED22EE98E0@randy.pensive.org> <C9850692-F366-4A39-B235-1C532254FDFD@brianrosen.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_88F12835-C2F2-4CDB-841C-CB0B32973E9F_="
Embedded-HTML: [{"HTML":[759, 67350], "plain":[428, 21568], "uuid":"678EC835-2584-4DE7-A8C7-F4B328850B98"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/n4l_xNAY_NYtC4C80m872H3is8Y>
Subject: Re: [Ecrit] planned-changes: two questions
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Emergency Context Resolution with Internet Technologies <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Sep 2021 21:20:06 -0000
I see the concern, but I think the alternative is uglier and more fragile. It also seems more complex. If there's a timeout during the query, the client tries again, probably after waiting a bit, which seems cleaner than noticing that it didn't get the confirmation POST. Absent congestion or overload, a single TCP/TLS setup and POST round-trip should be very fast. --Randall On 3 Sep 2021, at 9:40, Brian Rosen wrote: > Dunno, seems pretty ugly to me. Suppose the notify transaction ran > close to some kind of timeout for some reason. You might push the > findService transaction over its timeout. I’m probably reaching a > bit there. > > Brian > > >> On Sep 2, 2021, at 6:04 PM, Randall Gellens >> <rg+ietf@randy.pensive.org> wrote: >> >> We need to do it once per new URI. If the URI already is stored, >> there's no reason to validate it again. >> >> The overhead of a new TCP/TLS connection and one round-trip isn't >> much, and is only once per new URI. >> >> Also, for URI deletion, we should have an explicit way to do this, >> perhaps a "delete" parameter along with the URI to be deleted. >> >> --Randall >> >> On 2 Sep 2021, at 14:51, Brian Rosen wrote: >> >> You are proposing that you set up a TLS connection, POST on that >> connection, the server sets up a reverse connection, POSTs on that, >> the client responds to that POST, and then the server responds to >> that post? Not a great plan I think. If second TLS connection >> already exists, so you are asking to do a complete transaction B->A >> before the response to A->B I might be less worried. Doesn’t sound >> like a great plan >> >> >> Also, we need only do this once per client. Not once per validation. >> >> Brian >> >>> On Sep 2, 2021, at 5:45 PM, Randall Gellens >>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>> wrote: >>> >>> I think a simpler approach is that when a query includes a URI, >>> before returning the response, the server POSTS to the URI. If it >>> receives a success response, it stores the URI and returns the >>> response. If it receives a non-success response, it informs the >>> client that the URI was not stored. We can use uriNotStored or have >>> a new warning such as uriTestFailure. This way, the server does not >>> need to maintain a pending URI and retry the test, and the client >>> knows immediately if there's a problem. Presumably, if the URI is >>> bogus, the URI host will not return a success result. I think that >>> should be good enough, but if we want stronger protection, we could >>> tie in the TLS authentication when the server does the POST. >>> >>> --Randall >>> >>> On 2 Sep 2021, at 14:29, Brian Rosen wrote: >>> >>> >>> >>>> On Sep 2, 2021, at 3:48 PM, Caron, Guy <g.caron@bell.ca >>>> <mailto:g.caron@bell.ca>> wrote: >>>> >>>> Inline under [GC]. >>>> >>>> If you agree with my comments inline below, here is how I see the >>>> process (building on what Randall initially provided on this >>>> thread): >>>> >>>> 1) In a validation query, a Client can request to be notified when >>>> the proffered LI should be revalidated, and provides a URI to send >>>> the notifications to; >>>> 2) In the validation response, the Server provides an ID that the >>>> Client associates with the LI it just validated; >>>> 3) Immediately thereafter, the Server sends a ‘test’ >>>> notification to the URI, without any ID;\ >>> [br[For every new ID? Or just once? I wanted this to be a one time >>> registration. >>>> 4) The recipient at the URI is expected to respond with the ID >>>> provided in step 2. If it does, the Server stores the URI for >>>> future notifications. If it does not, the Server [let’s pick one: >>>> reject silently the URI and block the Client permanently/provides a >>>> ‘uriNotStored’ warning response to the URI {not compatible with >>>> the current proposal to test outside of LoST}/reject silently the >>>> URI and block the Client temporarily/other?]; >>> [br]I don’t think an explicit failure is a problem. The LoST >>> server can limit retries if it needs to. >>> >>> >>>> 5) Some time after, the Server notifies the Client of an upcoming >>>> planned change by sending a notification to the successfully tested >>>> URI with the location ID; >>>> 6) The client revalidates each LI in its database that matches the >>>> ID as of the date of the planned change. If no ID matches, it is a >>>> no-op at the Client. Revalidations may also result in no-op at the >>>> Client. >>>> 7) LIs at the Client that are invalidated by the planned change are >>>> modified in its database to be valid (which probably mean another >>>> revalidation cycle) with an effective date set to <revalidateAsoF> >>>> value. >>> [br]I wanted periodic keep alives. How would that work? >>>> >>>> Guy >>>> >>>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>>> Envoyé : 1 septembre 2021 19:17 >>>> À : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>> >>>> Cc : Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>>; ECRIT <ecrit@ietf.org >>>> <mailto:ecrit@ietf.org>> >>>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions >>>> >>>> Inline >>>> >>>> >>>> On Sep 1, 2021, at 3:28 PM, Caron, Guy <g.caron@bell.ca >>>> <mailto:g.caron@bell.ca>> wrote: >>>> >>>> Ok. You have convinced me of the necessity of validating the URI >>>> before the Server stores it and that the security considerations in >>>> RFC5222 do not cover this threat. >>>> >>>> I observe that this vulnerability was already mentioned in the >>>> Security section of the planned-changes draft: >>>> >>>> The server is subject to abuse by clients because it is being asked >>>> to store something and may need to send data to an uncontrolled >>>> URI. >>>> >>>> However, the original threat vector and associated response is >>>> probably insufficient to cover the DoS you raised, hence this new >>>> proposal to test the URI. >>>> >>>> So, I’m conceptually favorable to adding a mechanism to test the >>>> URI before being stored by the Server. >>>> Good >>>> >>>> >>>> >>>> I would like this mechanism to be as simple as possible and I think >>>> the goals can be achieved by testing the URI and receiving a >>>> response with at least one of the IDs previously supplied by the >>>> Server. I would leave it to policy at the Server to determine when >>>> and how often the URIs would be tested, with a recommendation >>>> (MUST? SHOULD?) to test it upon reception before storing it. >>>> I think you are suggesting we add text that says the LoST server >>>> can send a notification to the LoST client that has no changes, and >>>> just serves as a keep alive. I’m sure we can make that work but >>>> generally, I find this kind of implicit test to be less >>>> satisfactory than an explicit keep alive transaction. I get that >>>> an actual change may not be seen as a change to the client, and >>>> thus it works with no real code, but it doesn’t seem as clean as >>>> an explicit keep alive. I’d be interested in herring from others >>>> on that >>>> [GC] Could we not, for example, declare a value/element/attribute >>>> 'test' to be passed in the notification with no IDs? Would that >>>> meet your idea of an explicit test mechanism? >>> [br] I suppose. Doesn’t seem much different than a parameter to >>> the findService, but I’m okay with it >>>> >>>> >>>> >>>> We probably need to say something about what to do if the URI test >>>> fails. Do we inform the Client that provided the URI that it may >>>> have been compromised? Do we simply drop the URI silently? Do we >>>> block the Client that provided the URI entirely? >>>> At minimum wait and try again, the client could be down for a >>>> while. I would not allow a lot of location records to be marked >>>> with the URI that didn’t test valid. >>>> >>>> I am somewhat leery of creating circumstances where the client has >>>> to go through and revalidate it’s entire record set because the >>>> mechanism failed in some way. There clearly would be circumstances >>>> where that happened, but missing a keep alive shouldn’t be one of >>>> them. The initial one however should be a hard block. If you >>>> can’t get the first ID returned, then we have to not accept other >>>> registrations. >>>> [GC] On a second thought, what's the value of testing the URI after >>>> the first test? If it passed, it's valid and the Server stores it >>>> for use when a planned change occurs. If after that and for some >>>> reason, the Client is not responsive to the notification, does the >>>> Server care? >>> Generally when we have things that don’t do anything for months >>> and then we need it, I would like to see periodic keep alives. >>> Things change on both sides and both sides have a vested interest in >>> making sure the mechanism works when they need it. >>>> >>>> >>>> >>>> I’m not sure if the <command> thing is necessary since it >>>> requires the Server to keep state. I would think that if the URI >>>> has been tested and stored, it means it is active and valid until >>>> it is deleted through the reception of an empty <plannedChange> for >>>> example, or replaced through the reception of a new URI in >>>> <plannedChange>. >>>> I don’t think there is any server state other than the URI is >>>> valid. Each transaction stands alone. >>>> >>>> Without the delete, you can’t remove one location record from the >>>> set that gets notified of planned changes. You can change the URI, >>>> but that changes it for all notifications. >>>> [GC] Why? A Client that no longer wants to be notified for a given >>>> ID sends an empty <plannedChange> for the LI it no longer has. If >>>> that ID at the Server is associated with only one location (say one >>>> specific civic number), it deletes the Client's URI. If it is >>>> associated with more than one record (say a range of civic >>>> numbers), it accepts the transaction but keeps the URI. A >>>> notification for that ID sent to the Client that only had the civic >>>> number would result in a no-op. >>> That means that the client has to be identified by something like >>> the TLS cert, because the URI isn’t there for the delete. I was >>> using the domain of the URI as the ID of the client. >>> >>> But we have another problem: I think the server does not track the >>> LI. On any findService with the new option, it looks for a matching >>> record and returns the ID it has for that record. It’s the client >>> that tracks possible multiple LIs for one ID, not the server. So in >>> your example, the client would notice that any address in the range >>> had the same ID. It would get one notification if the range record >>> changed, and it would update all its records in the range. But if >>> it deleted one of a set of records that have the same ID, it >>> wouldn’t request delete. Only if it got down to one record with a >>> given ID, and it needed to delete that record, would it request >>> delete for that ID at the server. >>>> >>>> >>>> >>>> Lastly, I’m not sure we still need the warning ‘uriNotStored’ >>>> given that we’re going with one generic URI per Client. The only >>>> argument I can think of for keeping it would be the proliferation >>>> of Clients within the coverage aria of the Server that would be so >>>> large that the Server couldn’t store them all. A counter argument >>>> to that would be that doing so could be seen as giving privileges >>>> to certain Clients over others. >>>> >>>> We’re creating circumstances where the client won’t get a >>>> notification. I think we need to tell them that. >>>> [GC] Only if the URI fails the validity test. >>> [br]I wanted to allow the server to limit the number of IDs it was >>> tracking for a given client. I wanted to limit the number of >>> queries the server is responding to (although it might well silently >>> discard a DOS attack. >>>> >>>> >>>> One limit I might put on a client is how many locations they can >>>> ask to be notified. If they try to set up a situation where no >>>> matter what changed, they get a notification, I think that may be >>>> too much to ask, and the server can have a limit. It would be okay >>>> if it’s one URI per valid record at the LIS, but the LoST server >>>> doesn’t have that data. >>>> [GC] It's one generic URI per Client with one or more IDs stored by >>>> the Client against its LIs, right? As you suggesting we go back to >>>> one URI per Client record in its database? >>> [br] One generic URI per client. So if the client asks for its URI >>> to be stored against too many IDs, it can be told no. >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Guy >>>> >>>> >>>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>>> Envoyé : 31 août 2021 13:54 >>>> À : Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>> >>>> Cc : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>>; ECRIT >>>> <ecrit@ietf.org <mailto:ecrit@ietf.org>> >>>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions >>>> >>>> Of course an attacker would conceal itself and register multiple >>>> URIs under different identities. But the bigger problem is that >>>> if a large planned change occurred, the victim could receive a >>>> large number of notifications it didn’t expect. >>>> >>>> With a test transition, we know that the client expects to see >>>> notifications, we only need one per URI (we could specify one per >>>> domain — after the scheme and before the first slash). If we >>>> don’t get the ID, we know not to allow that URI to be >>>> provisioned. So it’s one test transaction vs a large number of >>>> planned change transactions. >>>> >>>> Brian >>>> >>>> >>>> >>>> >>>> On Aug 31, 2021, at 1:35 PM, Randall Gellens >>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>>> wrote: >>>> >>>> If a malicious client registers a URI that is designed to attack a >>>> third site, the test transaction causes the LoST server to connect >>>> to it and POST a command. Without a test transaction, the LoST >>>> server stores the URI and at a future time connects to it and sends >>>> a command. Either way, a LoST client can register potentially one >>>> URI per queried location, and a LoST server will connect to that >>>> URI and POST a message. A queried location could be tied to many >>>> other locations, so there could be many locations for which a >>>> change would trigger the LoST server to use the URI, but is that >>>> worse? >>>> --Randall >>>> On 31 Aug 2021, at 10:27, Brian Rosen wrote: >>>> If the work group wants to have the LoST server keep the URI until >>>> expressly deleted, that’s okay with me. >>>> >>>> Authenticating the client to the server doesn’t mean the URI is >>>> authenticated. We can’t restrict the URI to be the same entity >>>> as the client running the LoST transaction. And the clients are >>>> wide ranging. Could be an enterprise running its own LIS for >>>> example. We can’t assume the North American PKI is workable >>>> everywhere, and even that doesn’t extend to an enterprise LIS. >>>> ISTM we have to run a test transaction with the notification >>>> service to make sure it’s what we think it is. >>>> >>>> Brian >>>> >>>> >>>> >>>> >>>> >>>> On Aug 31, 2021, at 9:01 AM, Caron, Guy <g.caron@bell.ca >>>> <mailto:g.caron@bell.ca>> wrote: >>>> >>>> Inline. >>>> >>>> Guy >>>> >>>> -----Message d'origine----- >>>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>>> Envoyé : 31 août 2021 08:11 >>>> À : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>> >>>> Cc : Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>>; ECRIT <ecrit@ietf.org >>>> <mailto:ecrit@ietf.org>> >>>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions >>>> >>>> You delete the URI when you delete the record in the LIS. >>>> [GC] That's fine but that was not the question Randall posed. He >>>> asked whether the URI is deleted after a notification. I agree that >>>> if the Client does not host the location anymore that the URI >>>> associated with that location in the Server should be deleted. This >>>> could be achieved with an empty <plannedChange>. >>>> >>>> I don’t think this is covered in 5222. The mechanism causes the >>>> LoST server to send notifications to the client, but the client is >>>> allowed to put any URI in the record, and it can add it to as many >>>> records as it wants. >>>> [GC] I thought we agreed on using one generic URI per Client. >>>> Clients should be authenticated by the Servers. >>>> An evil implementation could record URIs against multiple targets >>>> that were unaware that the evil implementation did it, until they >>>> got a large number of PUSH transactions they didn’t expect or >>>> understand as a result of a large planned change. >>>> [GC] Only authenticated Clients should be allowed to provide URIs >>>> to be stored by the Servers. >>>> >>>> The proposed mechanism qualifies the client URI before its used in >>>> a planned change. >>>> >>>> Brian >>>> >>>> >>>> >>>> On Aug 31, 2021, at 7:37 AM, Caron, Guy <g.caron@bell.ca >>>> <mailto:g.caron@bell.ca>> wrote: >>>> >>>> Well, this is not going in the direction I thought. >>>> >>>> What is the purpose of deleting the URIs at the Server >>>> post-validation? >>>> >>>> Regarding opening a new DoS, I guess I'm not following. Wouldn't >>>> this case be covered by the security considerations in RFC 5222? >>>> >>>> What you're proposing puts back significant load on the Servers (a >>>> key consideration for creating planned-changes in the first place) >>>> and complicates the mechanism. >>>> >>>> Guy >>>> >>>> >>>> -----Message d'origine----- >>>> De : Ecrit <ecrit-bounces@ietf.org <mailto:ecrit-bounces@ietf.org>> >>>> De la part de Brian Rosen Envoyé : >>>> 30 août 2021 11:22 À : Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>> Cc >>>> : ECRIT <ecrit@ietf.org <mailto:ecrit@ietf.org>> Objet : [EXT]Re: >>>> [Ecrit] planned-changes: two >>>> questions >>>> >>>> Answer 1: yes. Since there is going to be a revalidation, just >>>> deleting the setting seems right to me. >>>> Answer 2: Up to server. If I were implementing, I would hash the >>>> real ID with the URI and some kind of predictable nonce. >>>> >>>> We probably have to say more about how the server identifies the >>>> client, so that replacement of the URI works. Could we say we use >>>> the domain of the URI (the entire domain with all the dots) to >>>> identify the client, and anything can occur after it (meaning a >>>> slash and whatever)? If we do that, then how would delete the >>>> notification? Force there to be something other than the domain >>>> (ugly). Explicit delete request? >>>> >>>> Hmmm, we’ve opened a DoS attack: a rogue client stores a bunch of >>>> URIs for servers it wants to victimize. In North America we have a >>>> real simple solution for that, because we have a PKI, so we know, >>>> for sure, who the client is, and could restrict who we allow to >>>> store URIs, but that wouldn’t be true in general. Also, it would >>>> be nice for the client to have confidence the mechanism worked >>>> before it needed it. >>>> >>>> So >>>> Let’s add a “command” to plannedChange in the findService >>>> request. >>>> And, have the client have a response to the notification which is >>>> the >>>> ID (json with the 200) >>>> >>>> >>>> The client starts by sending a command of “initialize”. The >>>> domain is the identity of the client. The response is an immediate >>>> notification to the with whatever LI was in the request and an ID. >>>> The response by the client (which is the notification web server) >>>> is a piece of json containing the ID. We can say that the LI in >>>> this initialize command could be something simple like the Country >>>> Code that wouldn’t get a planned change. >>>> >>>> Thereafter, the LoST server (notification client) periodically >>>> repeats this keepalive notification every day or week with the >>>> initialize LI. The client has to respond with the ID. >>>> >>>> The regular notification request is a command of “notify”. The >>>> server ignores a request for notification from an uninitialized >>>> client. >>>> The notification can be deleted with a command of “delete”. If >>>> you delete the initialize LI, then the server won’t send any more >>>> notifications to that client and deletes all URIs it was saving for >>>> that client. The client would have to re-initialize to reset. >>>> >>>> Brian >>>> >>>> >>>> >>>> On Aug 27, 2021, at 5:41 PM, Randall Gellens >>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>>> wrote: >>>> >>>> I think we're moving to a model where: >>>> - In a query, a client can request to be notified when the location >>>> should be revalidated; >>>> - In the response, the server provides an ID which the client >>>> associates with the location it just validated; >>>> - The server sends a notification to the URI, containing the ID; >>>> - The client revalidates each location with which that ID is >>>> associated. >>>> >>>> Question 1: Does the server delete/inactivate the URI once it has >>>> sent the notification? >>>> >>>> Question 2: Presumably, when the client revalidates the >>>> location(s), it will again request notification. Does the server >>>> return the same ID as before, or a different ID? A different ID >>>> could perhaps be useful in edge cases where the server didn't send >>>> or the client didn't get the notification, but any utility seems >>>> small. If it's the same ID, then the answer to question 1 can be >>>> that the URI remains active until the client asks to no longer be >>>> notified (by sending an empty URI?). >>>> >>>> --Randall >>>> >>>> _______________________________________________ >>>> Ecrit mailing list >>>> Ecrit@ietf.org <mailto:Ecrit@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/ecrit >>>> <https://www.ietf.org/mailman/listinfo/ecrit> >>>> >>>> _______________________________________________ >>>> Ecrit mailing list >>>> Ecrit@ietf.org <mailto:Ecrit@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/ecrit >>>> <https://www.ietf.org/mailman/listinfo/ecrit> >>>> ---------------------------------------------------------------------- >>>> -------- External Email: Please use caution when opening links and >>>> attachments / Courriel externe: Soyez prudent avec les liens et >>>> documents joints >>>> >>>> ------------------------------------------------------------------------------ >>>> External Email: Please use caution when opening links and >>>> attachments / Courriel externe: Soyez prudent avec les liens et >>>> documents joints >>>> >>>> >>>> External Email: Please use caution when opening links and >>>> attachments / Courriel externe: Soyez prudent avec les liens et >>>> documents joints >>>> >>>> External Email: Please use caution when opening links and >>>> attachments / Courriel externe: Soyez prudent avec les liens et >>>> documents joints >>> >>
- [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] PLEASE READ: We need people to comment on… Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] Fwd: PLEASE READ: We need people to comme… James Kinney
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brandon Abley
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Dan Banks
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen