Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
"Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com> Tue, 21 February 2023 16:59 UTC
Return-Path: <Steve.Syfuhs@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 140ECC1526FF for <kitten@ietfa.amsl.com>; Tue, 21 Feb 2023 08:59:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.102
X-Spam-Level:
X-Spam-Status: No, score=-7.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-x3m2pZjcTf for <kitten@ietfa.amsl.com>; Tue, 21 Feb 2023 08:59:41 -0800 (PST)
Received: from BN3PR00CU001-vft-obe.outbound.protection.outlook.com (mail-eastus2azon11020023.outbound.protection.outlook.com [52.101.56.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2DA0C1526FB for <kitten@ietf.org>; Tue, 21 Feb 2023 08:59:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cM/lQStNJlq8dwTQfGHOTcyjEwdJaPCc4ceB5HpxB9Rf87lq/I1vIAI8uEXX1jPEVKDVnTCi1HcGSJKcokP6tMBDX1JibihwIYFt20ipW1EwJSX9FH79Bj8kDplCXqufz10ALhEcwhVgm5Avo5eK5AXmG7WJEKOhEDQtru/V9NJ24a5h1g4b9iH3prM3nXDyuCxwQa7MSZNjICUxOmvfU2fXkaB9LmrXSe24aXBmyXMH5q66L8iZKw2G9pz3svO0Cid4dRn1IzdvY+jnsW4lzGUXQWODj4UV7z+kIM/CCLkV7i+ti9f6gMz12sJ9b2zbEoSCjSeoRL73z7vw19yKXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gFNYuwJOVmVVdwEXOTfBFwjwDEsBk2unehngySwJRlo=; b=Yl+coqbt8xEw7IML+GRItxj18KXz/Ldhpny1nfyDBUC45w+qw5Aaf4Cgs7gV2SMJKU9vN5CoRTr8RboQyTcbrOILE/fpRZSqujPIKPKA8j0VCaOc5UM90LE4zy5GTe1OgiSGDBcvrqvxj0aLHT/R/Nbe4BZflm/8qJXloEY4LT+qvPfORQsbGaSTO4o2ztFBp/+FDCPu7dZ861W7T5epkKd41S4JMHVpPWUSpyW0gSN57HzZpGb3Ydg9P7gSqCTYG5AZUoNUkFldu3mKFfJq+QSa1fFxGWC5kKTk4FI4AzUByam5k5prFu3dSyaq1+ovTdycfhon42zHuHCGjqP06Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gFNYuwJOVmVVdwEXOTfBFwjwDEsBk2unehngySwJRlo=; b=BlA3K5GF6zDNG6RAO/7VZW1x5v0ZE4FlEGLWYUIWQArXT+1f6+toFYakixv+x5AtDxI+42Z3fxAJml6IsKR7LQ7ca4GJfTMRLY5yHLwOxwIHLJ5C62wiBjGzTPnbjGGjBT5Eu/b/gZCnVkRD9tzUOvqglvoU2q6JDJAjsvwAazU=
Received: from MW4PR21MB1970.namprd21.prod.outlook.com (2603:10b6:303:70::14) by BL1PR21MB3330.namprd21.prod.outlook.com (2603:10b6:208:39b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.3; Tue, 21 Feb 2023 16:59:38 +0000
Received: from MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::5e00:89be:2491:e25]) by MW4PR21MB1970.namprd21.prod.outlook.com ([fe80::5e00:89be:2491:e25%8]) with mapi id 15.20.6156.004; Tue, 21 Feb 2023 16:59:38 +0000
From: "Steve Syfuhs (AP)" <Steve.Syfuhs@microsoft.com>
To: Nico Williams <nico@cryptonector.com>
CC: Jeffrey Altman <jaltman@secure-endpoints.com>, "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
Thread-Index: AQHZQy3RG7pgpa/rrESkcdLapDYjjq7XMJKAgADioaSAAH4EgIABEaow
Date: Tue, 21 Feb 2023 16:59:37 +0000
Message-ID: <MW4PR21MB1970291A91F61DF6AF71D8269CA59@MW4PR21MB1970.namprd21.prod.outlook.com>
References: <MW4PR21MB1970A9D254B943A1763C55FF9CA09@MW4PR21MB1970.namprd21.prod.outlook.com> <de4cbe7b-85b5-7001-3a8c-74787990c6e0@secure-endpoints.com> <eb9fa7a4-a00d-f388-27aa-3624df8ce4f2@secure-endpoints.com> <MW4PR21MB197060FB388E7922FAADEB079CA19@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/AYFbD6wCrszskG@gmail.com> <Y/Lo+U/P9aerUgCW@gmail.com> <MW4PR21MB197022BC59E5A7CE0C6378A19CA49@MW4PR21MB1970.namprd21.prod.outlook.com> <Y/QQywr17yf167Tf@gmail.com>
In-Reply-To: <Y/QQywr17yf167Tf@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=afa3e5ff-cd4d-4da3-8d2c-2c1d99d704a3; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-02-21T16:50:36Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR21MB1970:EE_|BL1PR21MB3330:EE_
x-ms-office365-filtering-correlation-id: 3c566bc3-11ea-41d6-04fd-08db142d0434
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Ld/g+o99fTlmC4jD77p1CNJx5Sce7yWwOSKcHYFBprJVg0g1aEz/o9Vqftqu9QYaz6udNy8sfokAxdzOA5nhk7t9otVHMd6RgUEGGAlz4ULi9AAdcOdOk4eo+dG0OzX6n0kQFgule1FGbBDXBoX3g7xqUz1a2N1YIgAcE9bwH7FCXs7av596ONu0Akxd9fh69tBpC2uUNvlZyioJGSueUVyzo7IxdE3vytfHvsSjFziKh9uGYyfQQSd4cU/kMzLTZ6A1n7xoA0inO/6N/0yQATxgOLxnrw9qIraQmVfpx6srij8mgIoTulE6+ArMiE3Kv+5J85MOdUxK1a7IskSHqa6nnJLA5yGKp/yzChjH5cLegAKNNb5a5aAhxSrLr+WLiqRBh9wfCW9VSBKYKGLWjdOokcgAbSrdnKkEaOJfe00kNXAbuRJb9pftzq5lVsV+0oQifJPwxqSHtdoeHwaLd83q5kPBYohpGgFX7flGzXpQ6QgzPKxupZF/eCS967kN58HIEypgKS5s24c+7ie5DpetAc1MzTARfyKfwS72yjc5HjXZI0bi7zsQH1Jlm6rRAtJ/67C7GlZB3jzqR7cTA7OQvBaD6X1nmugIMORzJsDetUQVcvDZMfZI6JRWqvGoCiPS9Jg8htU3FdS8rzJtpSbXLywaybf/BcYepr7BfVjCJT5Srp2w7IdDYmoSQwlRs6mXK355KitHWijonyxdk9Yf6gcRbmvsSwHd5pfJmAWdi3pUF/HM22OqECoAe8WW
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR21MB1970.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(346002)(366004)(39860400002)(376002)(136003)(396003)(451199018)(82950400001)(82960400001)(2906002)(9686003)(6506007)(86362001)(122000001)(83380400001)(33656002)(38100700002)(186003)(53546011)(38070700005)(66556008)(66899018)(66946007)(316002)(66446008)(8676002)(4326008)(64756008)(6916009)(5660300002)(8936002)(52536014)(41300700001)(10290500003)(54906003)(71200400001)(478600001)(7696005)(66476007)(8990500004)(55016003)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6Iew4PWaoLuJzWFWmJ/MGEigix+ReTbmi1pRz4xtCQb6Y4oGQr6RShvq0PqeqFHpwohrJEnj+CtcA19gSd1yiaZ8KhDSNJ2w71w0ke6RJmvLo6s/tvXZtbiSJt9XV+HUH8fzQ13KB3mMjqI3LkuGOlrRPC203pm4u4AMsaWz6JIzvUnE21ucprX1lw54Auat29zXT91e9/8yJBE528BoHnf6coJjzkIGq9Z2ilsc2k248pgKL1SX7J+F8VtM01XfbG4rOwk3dgzyPZ4djG/kqpoIWG8M7IMAGf1CHYXEXpLdCT6JEyqdU+ueRvVnMO9KwSkiYXrZzKdnq0+ewcz6XVyQSOg5KB/Bhfg7sV2vOowlfbGV4IaTefvK/8VncvLQML6H0olvkpvTtkkg1a14dugDPL7N8lPyyUzSCo5GjevA7VAPfpzKNmaBy/q//O3dZddqaqXsaRKmw/Ca2XFFMFRJaCZs/b6nqsfSvwYgEzLNTpj2Z2wz+dwZM+H+kbaAzMfR/FU8+XtNvSz9Pz76806z/b1cFlJBkPxlrQRn0w0QpNl37VsZYn4L5V7qNI3BRPj2BmZ0m9ViIYk0f+BAQ6BBYkPA3vrh9dOGoSrQEN9Bk5MKdWjxhhq4ajVr8+MXa8KmafWpyr1EkstoXR8SA2aN5vk5t3d6dXiVa5WhCkKyhxfP/HjRIIeF6dcCQvEFKB5XRRZGmtHkKaurgLU2x5w+QmngSupJR0hh5bkNOlSY/lC31LE5VzdM0xF+z3QcsklBIgbUFgBq2qqU5R/3yKdlozt7yfyypzbHiKofLQC8XbH+Bz9d0QVRCT9UxAnjfqhsFfAeMEKkDwvjACXMYpEs9cbJM+RimIQ7jhPq0KQVANanAH5ie4i9lHEfsQoA6fHvP1nEEODkMRKGm+aZC8ICasMODYq4ZWta6p3B7mJ4FdL1PpkitGDGvYjUPJBgRCEsCbqpXaj57hEdE0BSXM6dOBSoeTzAC2jjbqK7BaYhDIPMqbg3xoZuV7lZfqJ+MDK3/xzYHhkDNrAH1OQtIxk76JSLEB7hj/FPCUFym7z4Ue6AYctlcbkxlAlp2B8vDBg8VRBiGUdhK6eSf6SI800iANenL8ZbVHfHmpRgYLXQdhPdj8RSKSdD1hCshv/rhCohH6ugpvZkep4rTa4zeLmG++FGKxhwIEDKAUduMhnDneT9IpjEsMuWGCQRpgJ/WneyghBDaF1w0F70vI3VKKeLT4CtuAQtXpM/mTQCVHJ2T4mOyLTcbNElZmmxvEW2olBz3T3H8Iwit/0nGIYX6w2orXlA6lLMTOeqykkU8MCE8g3UVb0+hFK4Ddc1+ViR6i9wJkkHhOdkj++T4HGH02GLAr79/N1CiwluW4MnLbDGieCwL5G3JXE6zttA4RQMtF1NyIqNlJs4tYDIJu/mBRWvpoieC819W+boYsTjUuhJTPUVv9n7fEVhgHX47D3ZtPPcszbbsa6CxVDd1gygOMFbQWUONHBvEqSHa29kCHd2yRMK9F8iIgx1U8IWgJ38YvugIN2wubWo6wQ+eNulUv/NKGVyWcDZe97572h60hxFD+cmPpvBcv6MoXSVfi4pVhLwsJCOiF7FPiL/jD3GNJyJmAyTaUoEOgL6s0YFQHT38onrT1iFUEDapAwaYOQm
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR21MB1970.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c566bc3-11ea-41d6-04fd-08db142d0434
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2023 16:59:37.9034 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rZ190SKuJ8zSUh/kxu3QtSIiKMnZlSzFqVlqey7USwqcxBTePTtufr0Uika09u81TUSe2AsbPlA6cFmwfgJhjQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR21MB3330
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/GV9o7VqfictNnVEgxzk_BCmZy_s>
Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2023 16:59:44 -0000
That sounds like a reasonable middle ground. For completeness we do still negatively cache on the client if we get an authoritative error. -----Original Message----- From: Nico Williams <nico@cryptonector.com> Sent: Monday, February 20, 2023 4:31 PM To: Steve Syfuhs (AP) <Steve.Syfuhs@microsoft.com> Cc: Jeffrey Altman <jaltman@secure-endpoints.com>; kitten@ietf.org Subject: Re: [kitten] [EXTERNAL] Re: Windows Intent to revive and implement IAKerb draft-ietf-kitten-iakerb-03 On Mon, Feb 20, 2023 at 05:06:39PM +0000, Steve Syfuhs (AP) wrote: > I've been tempted to rip out negative caching in Windows once or > twice, or more reasonably reduce the lifetime and scope of the cache. > I would consider a negative cache an anti-pattern these days until > performance shows its necessary. If you're getting lots of requests > for things that don't exist, that's an indicator something is wonky, > not that it should be ignored. Even just a 30s NACK here would generally prevent the bug we're talking about from biting. You're right that a lot of requests for principals that don't exist is indicative of something wacky, and I've had occasion to deal with such things from load spikes on KDCs rather than from user/dev complaints on the client side. NACK caching would have made the load spikes much more tolerable, but then, the load spikes helped us find a very broken application so we could get it fixed. So I'm very mixed on NACK caching, but even just an in-process or threadl-local NACK cache would make the particular IAKERB problem easy to fix. Nico --
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Greg Hudson
- [kitten] Windows Intent to revive and implement I… Steve Syfuhs (AP)
- Re: [kitten] Windows Intent to revive and impleme… Luke Howard Bentata
- Re: [kitten] Windows Intent to revive and impleme… Greg Hudson
- Re: [kitten] Windows Intent to revive and impleme… josh.howlett
- Re: [kitten] Windows Intent to revive and impleme… Luke Howard Bentata
- Re: [kitten] Windows Intent to revive and impleme… Jeffrey Altman
- Re: [kitten] Windows Intent to revive and impleme… Jeffrey Altman
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- [kitten] Replacing Kerberos (Re: Windows Intent t… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Ken Hornstein
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Paul Romero
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] Replacing Kerberos (Re: Windows Inte… Luke Howard
- Re: [kitten] Replacing Kerberos (Re: Windows Inte… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard Bentata
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Luke Howard
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Andrew Bartlett
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Simo Sorce
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Steve Syfuhs (AP)
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- Re: [kitten] [EXTERNAL] Re: Windows Intent to rev… Nico Williams
- [kitten] Updates to IAKERB (Re: Windows Intent to… Nico Williams
- Re: [kitten] Updates to IAKERB (Re: Windows Inten… Nico Williams
- Re: [kitten] Replacing Kerberos Erin Shepherd
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos D.Rogers
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Erin Shepherd
- Re: [kitten] Replacing Kerberos Watson Ladd
- Re: [kitten] Replacing Kerberos Nico Williams
- Re: [kitten] Replacing Kerberos Simo Sorce