IETF Logo Mail Archive

Re: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt

Mohit Sethi M <mohit.m.sethi@ericsson.com> Mon, 08 June 2020 14:13 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 403573A0B42 for <emu@ietfa.amsl.com>; Mon, 8 Jun 2020 07:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUGG7-8V0z0L for <emu@ietfa.amsl.com>; Mon, 8 Jun 2020 07:13:45 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2052.outbound.protection.outlook.com [40.107.21.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4D2A3A0B32 for <emu@ietf.org>; Mon, 8 Jun 2020 07:13:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LY9428F/LqlQ5MuZeDpGB0zR5NkmVG//lEfJd/2SJJXf+nSZLzPqtM6z9sENlWym2jVBeCzu9B5VxeN6J7N0RS/g/7Vu3+UKypuNErek1oZdrcPZEbUf91LgZ/LsXC8OkcnUqDILZZtxr294ARepvrnAa5fCQjzQ67kXA411skGBa7c756ZJH6Nn9c4Aah5R/j6X6gjrXu5p4EYv4HCmZTHWlcES7NQeRgABLafMCMhvJ79w6u02w8bhZyUqRnoDGBmFwbsciIrpRVZ5Pss/Rk2V00Hb+V+t7VnaVF6dqwNwcs74RPuiqb7goeLNaoCf5ThrugEOOgdxnkH/TDmH4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5MTKaR9rq77zMOlCYDM5oG88SeHQt0yntdd4DD2/TU0=; b=RWTif6Yhb1PoeCTu7tKeeGXJvYSu0u5mwF1ejM4pjBSq+bpsy6OL/godmGVaHV4+RjZSEWdxzzRAE18fqUlBSX22pP3tun7SxmifcgyI49how1cCdW1HR+dKi7Ff1DvggDemEpwRvXyOLMGSo0J+EDAI40uT2ovS87exenE+em7dEhQu87GB+Cw0heEc/587ly3RqvtWuf2+8jUf6pii1sJe0M0Nh4OnWBD2UqC7CveG/MdJg4Sl96+X1CuPbulQjQEv7j+YbwvBtykm59sYBKgz/N5y/WGYZA5/QyDLGFjirhvAaqDkW7a7Iy9v+iyXwROLuzXdHzSx9mB0Mhm67w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5MTKaR9rq77zMOlCYDM5oG88SeHQt0yntdd4DD2/TU0=; b=TrK0tmy7Ds8LFVwHsI4mAjDqXxtFMqii7NQkgHDtsovq0rcERdzFAglAEfks7nDXaw/z1zA0pYcElgT8Io+8wqM80aagXiCYhiTgBzylZZB3sxB8MM35PFqHG68z77iUL0yf54YgK0Z0sZ9lFUfUUzZIRlQNLsUmvv040nl5GRI=
Received: from HE1PR07MB3386.eurprd07.prod.outlook.com (2603:10a6:7:2d::25) by HE1PR0701MB2140.eurprd07.prod.outlook.com (2603:10a6:3:2a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.13; Mon, 8 Jun 2020 14:13:40 +0000
Received: from HE1PR07MB3386.eurprd07.prod.outlook.com ([fe80::2569:99db:f1db:4f8e]) by HE1PR07MB3386.eurprd07.prod.outlook.com ([fe80::2569:99db:f1db:4f8e%7]) with mapi id 15.20.3088.016; Mon, 8 Jun 2020 14:13:40 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "emu@ietf.org" <emu@ietf.org>
Thread-Topic: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt
Thread-Index: AQHWJd6sewrKoRh7dEOMQf3xkb8SvKjO0l4AgAAf54A=
Date: Mon, 08 Jun 2020 14:13:40 +0000
Message-ID: <f926ac45-96ea-6a7c-a2f1-7aa8c8d98a6f@ericsson.com>
References: <AM0PR08MB37166589CC58C3799224B0A3FAF10@AM0PR08MB3716.eurprd08.prod.outlook.com> <0c843ca8-8bfc-8bf6-2cb2-a8517359842f@ericsson.com> <AM0PR08MB3716E29597E02053484C9DF3FA850@AM0PR08MB3716.eurprd08.prod.outlook.com>
In-Reply-To: <AM0PR08MB3716E29597E02053484C9DF3FA850@AM0PR08MB3716.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:14bb:150:4228:c90b:d9d5:6512:359a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f8cba086-4f9b-4db3-71a8-08d80bb62521
x-ms-traffictypediagnostic: HE1PR0701MB2140:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB2140228977E5390238A2C4CDD0850@HE1PR0701MB2140.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 042857DBB5
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2rM2bF5XjeA1sp2pc+m4OUNrU6n6P4n3Vq2QEs0TL+9QdRR3tizIWDxEgDlwb9pJ5j64Sy5Y+Cg7yvJJdUjvOaLYoSTD5SEY6F9b8SldzBgvTkJOcgWQcLD4b81iONrBrIifcnRe7M4JsjRXZX34tIMfsmcAhK1D/bnLhik1hASnPfWSAI2A8wlOGnCur8sKfQCCgLls3g5SOO6x+H/IZofDhjEEHFaaGZ0mnhkpfyLAO5c4XsViCgCC+2oBn36L6+7EzD/3aVGKkpQtF4dKVx1kyc4XSibk+ZZDEylqHEgDe2tsM2zn35Q9U1odzCGvil5kKgVwTbz6ZTI0GxkBwM1Hz367bMy9ZpAQGD5sF1XqdR2onTbIf1Zp7q4xDa6njwu60nmjKPdjMe3KNxZ5ez50/lGitvCM2aq3kqxMYllD+75MTLBxLFVkYBWTX+eG7iFW2pLcRDIw5bpet8cObw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3386.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(136003)(396003)(366004)(39860400002)(6486002)(86362001)(6512007)(31686004)(110136005)(83380400001)(31696002)(316002)(2616005)(36756003)(71200400001)(30864003)(66446008)(66556008)(66476007)(64756008)(76116006)(66946007)(53546011)(5660300002)(6506007)(8936002)(966005)(8676002)(478600001)(186003)(2906002)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: xg2IkTBPcMmrBaBbWH6VsQMqbbAgOPyJs8deQWBZMNA47FNlFrJ3gh90q31aa7pjsn+tJNiuzTMR4ZJ+byLI0U1Z/dKH9NMR6DYgceWvCCOAfj16vUg475TaaOuJZdANQ43Sn5V0yqwOUMyhzwlI9iiZR5sJkO2tPjTms8X6xk7IDxGB6ZzNmrMPrw+KU02fRMtv38T4AjYjixafH4RSn0m9/t3uDXFi3CDJGFLlaH4qukgBpX9VdbX9loL5JBl0KXjpdQ/Ys2V67puXPbf7JoE+WcYvhjvKbMGLo4ECdcY4y2kcaYHhOAKuIzdnScLMVkZHjD81sF8LBF4M2jpxgOjyYL+y9dtoHI1r4VZ8RYE5AV/uzFzDViht2UPozJPhhMsIUSQm1Ct5d7y3JpQ2LeQq/Kund+6iV+D43fCNaw7mAPqkYjxPncmEwSIB1RYJy0Vx/Xh6iukigNI/C6BG1PdN+WbI3JSA2SqP44MQEhm8no4leM2LA/0QVTQ9bg4qZdskIWT8uYItSQylqs/WgVnQrL9RiU8hA19n7gDNr8rl8wtBd11ev0WZasGEMrp2
Content-Type: text/plain; charset="utf-8"
Content-ID: <C0A4898CFE4E3A42888AA876CB183BC2@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f8cba086-4f9b-4db3-71a8-08d80bb62521
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jun 2020 14:13:40.6058 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Oq22CVSI/+GxD4VOpldphkN2ZZN1KIWH9Yxi2JtFXn+zgCuuCHyjhJu4Utciwx8pFJmrzMTFJfKJjzmDzu5BSJ2HTsBitdFSB/GIywKF+bY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2140
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/nIh_775Vxr4Q9vgfGGv7wrOBl5w>
Subject: Re: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2020 14:13:52 -0000

Hi Hannes,

Thanks for the follow up. I have submitted a new version which should 
address your concerns. Here is a diff for your convenience: 
https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-04

Please see in-line for some details.

--Mohit

On 6/8/20 3:19 PM, Hannes Tschofenig wrote:
> Thanks for the update, Mohit.
>
> A few minor remarks:
>
> FROM:
>
> "
>     TLS certificates in EAP deployments can be relatively large, and the
>     certificate chains can be long.
> "
>
> TO:
>
> "
>     Certificates in EAP deployments can be relatively large, and the
>     certificate chains can be long.
> "
Done!
>
> Reason: Certificates are large and there is nothing in TLS that contributes to the size.
>
> In Section 4 I would state the obvious to the reader: Keep the certificate size small by not stuffing lots of fields in it and keep the chain short.
> A common reason why these certs are long is because developers don't understand that they do not need to map the organizational hierarchy to a CA hierarchy.
> This is the simplest approach to reduce the size of certificates sent over the wire.
I added a sentence "The general guideline of keeping the certificate 
size small by not populating fields with excessive information can help 
avert the problems of failed EAP-TLS authentication.". Your comment on 
the needless mapping of the organizational hierarchy to the CA hierarchy 
is already covered in section 4.2.7.
>
> Regarding 4.2.3.  Compact TLS 1.3
>
>     [I-D.ietf-tls-ctls] defines a "compact" version of TLS 1.3 and
>     reduces the message size of the protocol by removing obsolete
>     material and using more efficient encoding.  This naturally means
>     that cTLS is not interoperable with previous versions of the TLS
>     protocol.  It also defines a compression profile with which either
>     side can define dictionary of "known certificates".  Thus, cTLS can
>     provide another mechanism for EAP-TLS deployments to reduce the size
>     of messages and avoid excessive fragmentation.
>
> The point for mentioning cTLS was related to the certificate compression. I would therefore change the paragraph to:
>
> 4.2.3.  Compact TLS 1.3
>
>     [I-D.ietf-tls-ctls] defines a "compact" version of TLS 1.3 and
>     reduces the message size of the protocol by removing obsolete
>     material and using more efficient encoding.  It also defines a
>     compression profile with which either  side can define dictionary
>     of "known certificates".
I haven't changed the paragraph. I think it is important to let the 
reader know that cTLS is not interoperable with previous versions TLS. 
So updating the peer implementation without updating the server 
implementation would not help.
>
> I wonder whether you want to mention also https://tools.ietf.org/html/draft-tschofenig-tls-cwt-01 and https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00?
> Since those are still individual drafts you could point out that those are work in progress.
I was a bit hesitant to add these since they are still in early phases 
of development. However, I have now added a section titled "New 
Certificate Types and Compression Algorithms". Hope this is sufficient.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
> Sent: Saturday, May 9, 2020 10:49 AM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Michael Richardson <mcr+ietf@sandelman.ca>; emu@ietf.org
> Subject: Re: [Emu] My review ... was RE: I-D Action: draft-ietf-emu-eaptlscert-02.txt
>
> Hi Hannes,
>
> I have submitted a new version of the draft which I believe addresses your concerns. Here is a diff for your convenience:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-03
>
> While Alan and Jouni have already provided excellent answers to most of your comments, in-line you can find a few more clarifications for the changes I made.
>
> --Mohit
>
> On 3/24/20 10:00 AM, Hannes Tschofenig wrote:
>> Hi Michael, Hi draft authors,
>>
>>> I was surprised to get to the end of the document without any suggestions about sending certificates by reference rather than value.
>> Having seen this statement from Michael I have reviewed the document. Two generic observations about the draft:
>>
>> 1) Many statements are made about deployments and no references are provided. To improve quality of the write-up I would strongly suggest to add such references, as you would have to do with an academic publication as well.
>>
>> 2) A few techniques are missing (Certificate URLs and cTLS) and TLS Cached Info was wrongly interpreted.  They actually relate to the remark from Michael.
>>
>>> TLS certificates are often relatively large, and the certificate
>>>     chains are often long.
>> I think this statement is in general incorrect. You could say that in deployment X certificates have size X and the chain is Y long.
>>
>>
>>> Also,
>>>    from deployment experience, EAP peers typically have longer
>>>     certificate chains than servers.
>> I would like a reference to be included here. Theoretically, it makes
>> no sense to have a certificate chain for an EAP peer to have a longer
>> certificate chain than a server given a EAP peer talks to one EAP server.
>>
>> In network access authentication it is not only about authentication but the most important part is authorization. Hence, you pretty much always have a one-to-one relationship between the EAP peer and the EAP server. There are no good reasons to have complex CA hierarchies here.
>>
>>> This is because EAP peers often
>>>    follow organizational hierarchies and tend to have many intermediate
>>>     certificates.  Thus, EAP-TLS authentication usually involve
>>>     significantly more octets than when TLS is used as part of HTTPS.
>> I think it would make sense to explain this organizational hierarchy
>> aspect in a bit more detail.
>>
>>> The EAP fragment size
>>>    in typical deployments is just 1020 - 1500 octets.
>> Reference for the 1500 octets.
> Added that this limitation come from Ethernet II frame size.
>>
>>> For example, many EAP authenticator (access point)
>>>    implementations will drop an EAP session if it has not finished after
>>>     40 - 50 round-trips.
>> Is there a reference that could be included?
>>
>>> However, deployment
>>>     experience has shown that these jumbo frames are not always
>>>    implemented correctly.
>> Add a reference here.
>>
>>> RADIUS can generally transport only about 4000
>>>    octets of EAP in a single message.
>> How was this number constructed?
> Added that RADIUS RFC2865 limits length to 4096 octets.
>>>     A certificate chain (called a certification path in [RFC5280]) can
>>>     have 2 - 6 intermediate certificates between the end-entity
>>>     certificate and the trust anchor [RFC5280].
>> The PKIX reference here is misleading. I think you included it to
>> refer to the terms but it sounds like the statement that the chain can have 2-6 intermediate CA certificates.
>>
>> I would add the terms to the terminology section and remove the PKIX reference here.
> Done. Thanks. Indeed that was misleading.
>> I am also wondering what you are trying to say here with this
>> sentence. Are you saying that you have seen deployments for network access authentication that have up to 6 intermediate CA certificates in the chain?
>>
>>
>>> 3.  Experience with Deployments
>>>     Most common access point implementations drop EAP sessions that do
>>>     not complete within 50 round-trips.
>> This sentence is a repetition.
>>
>>> This means that if the chain is
>>>    larger than ~ 60 kB, EAP-TLS authentication cannot complete
>>>    successfully in most deployments.
>> Regarding the 60 kB certificate chain: Should this be an indication to
>> someone deploying the technology for access network authentication that something has gone wrong?
>>
>> Is this someone you have observed or is this just a theoretical statement? I hope it is the latter.
>>
>>
>> 4.2.1.  Pre-distributing and Omitting CA Certificates
>>
>>
>>> When using TLS 1.3, all certificates that specify a trust anchor
>>> known by the other endpoint may be omitted (see Section 4.4.2 of
>>> [RFC8446]).  When using TLS 1.2 or earlier, only the self-signed
>>> certificate that specifies the root certificate authority may be
>>> omitted (see Section 7.4.2 of [RFC5246]
>> These sentences sound strange.
>>
>> In TLS (and probably other protocols) it makes no sense to distribute
>> the trust anchors in the protocol itself (because then they wouldn't
>> serve as an anchor for trust).
>>
>> It is my understanding that the TLS 1.3 spec does not require you to
>> send intermediate CA certificates if they have been provisioned to the
>> peer out-of-band already. The text in the TLS 1.2 spec is a bit fuzzy
>> and calls out that the self-signed root certificate MAY be omitted but
>> it does not say anything about omitting the other certs.
> RFC8446 says in Section 4.4.2 "a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates.". We write "all certificates that specify a trust anchor known by the other endpoint may be omitted".
> Please let us know if you have suggestions for improving the text.
>>> 4.2.2.  Caching Certificates
>> There seems to be the misconception that TLS Cached Info requires a full exchange to work.
>> It is the other way around:  If you pre-distribute certificates
>> upfront then there is no need to exchange the certs again. You could just send the fingerprints right away.
>>
>> A spec, however, has to also cover the bootstrapping problem.
> Where does RFC 7924 say this? The text in the RFC clearly states that:
> "This specification defines a TLS extension that allows a client and a server to exclude transmission information cached in an earlier TLS handshake.". Notice the "earlier TLS handshake" part. We discussed at IETF 102 whether we allow caching of validated certificate chain even if EAP-TLS authentication fails. See slide 5:
> https://datatracker.ietf.org/meeting/102/materials/slides-102-emu-large-certificates-in-eap-tls-00.
> The consensus was not to do that.
>
>>> 4.2.5.  Using Fewer Intermediate Certificates
>>>     The EAP peer certificate chain does not have to mirror the
>>>     organizational hierarchy.  For successful EAP-TLS authentication,
>>>     certificate chains should not contain more than 2-4 intermediate
>>>     certificates.
>> I would make a stronger statement here. There is absolutely no reason
>> for the certificate chain to mirror the organizational structure.
>>
>> I also don't understand why you would need a hierarchy of 4 intermediate CAs.
>>
>> Finally, at the end: Why did you omit
>> - Client Certificate URLs - RFC 6066), which is also referenced in RFC
>> 7925 and
>> - cTLS (which also has a certificate compression scheme included).
> Added a section on both. While I was aware of the cTLS work, I had completely missed RFC6066. Reviews from experienced people like you ensure that we don't miss important existing work.
>> Theoretically, you could even list the ability to use alternative certificate format here. Then, you could list raw public keys or the CWT extension.
> I think tit is better to leave these for a separate document.
>> Ciao
>> Hannes
>>
>> PS: It is good to see John's name on a document that talks about TLS.
> He is also an author of EAP-TLS13 and EAP-TLS-PSK. I certainly hope that the battles for a lightweight authenticated key exchange (lake) stay there and don't affect the work of other groups.
>
> --Mohit
>
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
>> _______________________________________________
>> Emu mailing list
>> Emu@ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email