bis-16 comments

David Shaw <dshaw@jabberwocky.com> Wed, 26 April 2006 03:34 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FYanG-0002ae-Jo for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 23:34:22 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FYanG-0004qI-6x for openpgp-archive@lists.ietf.org; Tue, 25 Apr 2006 23:34:22 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D10k047017; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q3D1mY047016; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D0pg047010 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3Q3Cuk26035 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:12:56 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3Q3EoFQ001418 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:14:50 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3Q3Cox8011477 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:12:50 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3Q3Co8Z011476 for ietf-openpgp@imc.org; Tue, 25 Apr 2006 23:12:50 -0400
Date: Tue, 25 Apr 2006 23:12:50 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: bis-16 comments
Message-ID: <20060426031250.GA11005@jabberwocky.com>
Mail-Followup-To: ietf-openpgp@imc.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
OpenPGP: id=0x99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c3a18ef96977fc9bcc21a621cbf1174b

Section 5.1.2, Signature Types, says:

    There are a number of possible meanings for a signature, which are
    specified in a signature type octet in any given signature. See
    section 5.2.4, "Computing Signatures," for detailed information on
    how to compute and verify signatures of each type.

    There are a number of possible meanings for a signature, which may
    be indicated in a signature type octet in any given signature.
    Please note that the vagueness of these meanings is not a flaw, but
    a feature of the system. Because OpenPGP places final authority for
    validity upon the receiver of a signature, it may be that one
    signer's casual act might be more rigorous than some other
    authority's positive act.

The two opening sentences are redundant.  Suggest:

    There are a number of possible meanings for a signature, which are
    indicated in a signature type octet in any given signature.
    Please note that the vagueness of these meanings is not a flaw,
    but a feature of the system. Because OpenPGP places final authority
    for validity upon the receiver of a signature, it may be that one
    signer's casual act might be more rigorous than some other
    authority's positive act.  See section 5.2.4, "Computing
    Signatures," for detailed information on how to compute and verify
    signatures of each type.

(Combining the two)

*******************

Section 5.2.2, Version 3 Signature Packet Format has a sentence that
reads "The details of the calculation are different for DSA signature
than for RSA signatures."  That should be "DSA signatures" (plural).

*******************

In section 5.2.3.12. Revocable, the second sentence reads "Packet body
contains a Boolean flag indicating whether the signature is
revocable."  Suggest adding a "The" to read "The packet body
contains..."

*******************

In section 9.3. Compression Algorithms, suggest adding:

    Algorithm 0, "uncompressed," may only be used to denote a
    preference for uncompressed data in the preferred compression
    algorithms subpacket (section 5.2.3.9). Implementations MUST NOT
    use uncompressed in Compressed Data Packets.

(We had the same problem with using cipher algorithm 0 in encrypted
data packets, and made that MUST NOT as well)

*******************

In section 10.2. OpenPGP Messages, the paragraph beginning "In
addition, decrypting a Symmetrically Encrypted Data Packet" has a
blank line in the middle of the paragraph.

*******************

Section 12.5, DSA, has a sentence that reads "It MUST NOT implement a
DSA signature with a q size of less than 160 bits."  That should be a
"DSA key" rather than a "DSA signature".

*******************

Section 13, Security Considerations says:

    * SHA384 requires the same work as SHA512. In general, there are
      few reasons to use it -- you need a situation where one needs
      more security than SHA256, but does not want to have the 512-bit
      data length.

Suggest:

    * SHA224 and SHA384 require the same work as SHA256 and SHA512
      respectively. In general, there are few reasons to use them
      outside of DSS compatibility. You need a situation where one
      needs more security than smaller hashes, but does not want to
      have the full 256-bit or 512-bit data length.

David





Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D10k047017; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q3D1mY047016; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q3D0pg047010 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 20:13:01 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3Q3Cuk26035 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:12:56 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3Q3EoFQ001418 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:14:50 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3Q3Cox8011477 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 23:12:50 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3Q3Co8Z011476 for ietf-openpgp@imc.org; Tue, 25 Apr 2006 23:12:50 -0400
Date: Tue, 25 Apr 2006 23:12:50 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: bis-16 comments
Message-ID: <20060426031250.GA11005@jabberwocky.com>
Mail-Followup-To: ietf-openpgp@imc.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
OpenPGP: id=0x99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Section 5.1.2, Signature Types, says:

    There are a number of possible meanings for a signature, which are
    specified in a signature type octet in any given signature. See
    section 5.2.4, "Computing Signatures," for detailed information on
    how to compute and verify signatures of each type.

    There are a number of possible meanings for a signature, which may
    be indicated in a signature type octet in any given signature.
    Please note that the vagueness of these meanings is not a flaw, but
    a feature of the system. Because OpenPGP places final authority for
    validity upon the receiver of a signature, it may be that one
    signer's casual act might be more rigorous than some other
    authority's positive act.

The two opening sentences are redundant.  Suggest:

    There are a number of possible meanings for a signature, which are
    indicated in a signature type octet in any given signature.
    Please note that the vagueness of these meanings is not a flaw,
    but a feature of the system. Because OpenPGP places final authority
    for validity upon the receiver of a signature, it may be that one
    signer's casual act might be more rigorous than some other
    authority's positive act.  See section 5.2.4, "Computing
    Signatures," for detailed information on how to compute and verify
    signatures of each type.

(Combining the two)

*******************

Section 5.2.2, Version 3 Signature Packet Format has a sentence that
reads "The details of the calculation are different for DSA signature
than for RSA signatures."  That should be "DSA signatures" (plural).

*******************

In section 5.2.3.12. Revocable, the second sentence reads "Packet body
contains a Boolean flag indicating whether the signature is
revocable."  Suggest adding a "The" to read "The packet body
contains..."

*******************

In section 9.3. Compression Algorithms, suggest adding:

    Algorithm 0, "uncompressed," may only be used to denote a
    preference for uncompressed data in the preferred compression
    algorithms subpacket (section 5.2.3.9). Implementations MUST NOT
    use uncompressed in Compressed Data Packets.

(We had the same problem with using cipher algorithm 0 in encrypted
data packets, and made that MUST NOT as well)

*******************

In section 10.2. OpenPGP Messages, the paragraph beginning "In
addition, decrypting a Symmetrically Encrypted Data Packet" has a
blank line in the middle of the paragraph.

*******************

Section 12.5, DSA, has a sentence that reads "It MUST NOT implement a
DSA signature with a q size of less than 160 bits."  That should be a
"DSA key" rather than a "DSA signature".

*******************

Section 13, Security Considerations says:

    * SHA384 requires the same work as SHA512. In general, there are
      few reasons to use it -- you need a situation where one needs
      more security than SHA256, but does not want to have the 512-bit
      data length.

Suggest:

    * SHA224 and SHA384 require the same work as SHA256 and SHA512
      respectively. In general, there are few reasons to use them
      outside of DSS compatibility. You need a situation where one
      needs more security than smaller hashes, but does not want to
      have the full 256-bit or 512-bit data length.

David



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SSU4044852; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3Q2SSGT044851; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3Q2SPTC044844 for <ietf-openpgp@imc.org>; Tue, 25 Apr 2006 19:28:28 -0700 (MST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 3C50357FD1; Tue, 25 Apr 2006 19:28:31 -0700 (PDT)
To: ietf-openpgp@imc.org
Subject: Mistake in section 5.3, also in RFC2440
Message-Id: <20060426022831.3C50357FD1@finney.org>
Date: Tue, 25 Apr 2006 19:28:31 -0700 (PDT)
From: hal@finney.org ("Hal Finney")
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

I noticed that the language in section 5.3 on Symmetric-Key Encrypted
Session Key packets is not right:

5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3)

    The Symmetric-Key Encrypted Session Key packet holds the
    symmetric-key encryption of a session key used to encrypt a message.
    Zero or more Encrypted Session Key packets and/or Symmetric-Key
    Encrypted Session Key packets may precede a Symmetrically Encrypted
    Data Packet that holds an encrypted message.

The second sentence should begin "Zero or more Public-Key Encrypted
Session Key packets and/or Symmetric-Key Encrypted Session Key Packets..."
It left off "Public-Key" and just refers to "Encrypted Session Key
packets" which is not a packet type.  In particular, referring to
"Encrypted Session Key packets and/or Symmetric-Key Encrypted Session
Key Packets" is incoherent.

The langage in 5.1, for comparsion:

5.1. Public-Key Encrypted Session Key Packets (Tag 1)

    A Public-Key Encrypted Session Key packet holds the session key used
    to encrypt a message. Zero or more Encrypted Session Key packets
    (either Public-Key or Symmetric-Key) may precede a Symmetrically
    Encrypted Data Packet, which holds an encrypted message.

This is not ideal in terms of the packet names; you have to mentally
move the prefixes listed in the parenthesis up and put them in front of
Encrypted Session Key.  But given that slight lapse in clarity, it is
basically correct, and is not as bad as 5.3.

All this language is unchanged since RFC2440.

I do think we should fix at least 5.3, because the present wording is
meaningless and confusing.  If we do that I'd suggest changing the 2nd
sentence of 5.1 to match that of 5.3.

Hal Finney



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHc1x097264; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JMHcLg097263; Wed, 19 Apr 2006 15:17:38 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JMHaMo097257 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 15:17:37 -0700 (MST) (envelope-from warlord@MIT.EDU)
Received: from cliodev.pgp.com (unknown [63.251.255.85]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail.ihtfp.org (Postfix) with ESMTP id BFD2FBD8390 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 18:17:28 -0400 (EDT)
Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id k3JMH9LT024909; Wed, 19 Apr 2006 18:17:09 -0400
From: Derek Atkins <derek@ihtfp.com>
To: ietf-openpgp@imc.org
Subject: WGLC: draft-ietf-openpgp-rfc2440bis-16  ends Wed, May 3
Date: Wed, 19 Apr 2006 18:17:08 -0400
Message-ID: <sjmfyk943dn.fsf@cliodev.pgp.com>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Hi, all

As you've noticed, bis16 has been released.  I believe that there
are no open issues with this version, so I hereby initiate a
Working Group Last Call on draft-ietf-openpgp-rfc2440bis-16
to end two weeks from today at Wednesday, May 3, 2006.  Please
get your comments in by 7pm US/EDT (2300Z).

You can obtain the draft from:
  http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt

Please send comments to me and either to the editor and/or to the list.

Thanks!

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo97X090713; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JJo9OK090712; Wed, 19 Apr 2006 12:50:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from pine.neustar.com (pine.neustar.com [209.173.57.70]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JJo84q090688 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 12:50:08 -0700 (MST) (envelope-from ietf@ietf.org)
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k3JJo2vP016312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 19 Apr 2006 19:50:02 GMT
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FWIgc-0006An-4G; Wed, 19 Apr 2006 15:50:02 -0400
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
To: i-d-announce@ietf.org
Cc: ietf-openpgp@imc.org
From: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-openpgp-rfc2440bis-16.txt 
Message-Id: <E1FWIgc-0006An-4G@stiedprstage1.ietf.org>
Date: Wed, 19 Apr 2006 15:50:02 -0400
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the An Open Specification for Pretty Good Privacy Working Group of the IETF.

	Title		: OpenPGP Message Format
	Author(s)	: J. Callas, et al.
	Filename	: draft-ietf-openpgp-rfc2440bis-16.txt
	Pages		: 75
	Date		: 2006-4-19
	
This document is maintained in order to publish all necessary
information needed to develop interoperable applications based on
the OpenPGP format. It is not a step-by-step cookbook for writing an
application. It describes only the format and methods needed to
read, check, generate, and write conforming packets crossing any
network. It does not deal with storage and implementation questions.
It does, however, discuss implementation issues necessary to avoid
security flaws.

OpenPGP software uses a combination of strong public-key and
symmetric cryptography to provide security services for electronic
communications and data storage. These services include
confidentiality, key management, authentication, and digital
signatures. This document specifies the message formats used in
OpenPGP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request@ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.


Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-openpgp-rfc2440bis-16.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
	access-type="mail-server";
	server="mailserv@ietf.org"

Content-Type: text/plain
Content-ID:	<2006-4-19121300.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-openpgp-rfc2440bis-16.txt

--OtherAccess
Content-Type: Message/External-body;
	name="draft-ietf-openpgp-rfc2440bis-16.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID:	<2006-4-19121300.I-D@ietf.org>

--OtherAccess--

--NextPart--



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhshB087766; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIhs2o087765; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIhsVH087759 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 11:43:54 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Wed, 19 Apr 2006 11:43:53 -0700
Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:43:53 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:43:53 -0700
In-Reply-To: <44462894.50003@systemics.com>
References: <F42C8A48-1F18-4299-A770-EF3DF7BC2C5E@callas.org> <44462894.50003@systemics.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <A9BA3E1E-4E0A-4DAD-BA9C-04BE41BB99DC@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: bis16 out
Date: Wed, 19 Apr 2006 11:44:04 -0700
To: Ian G <iang@systemics.com>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 19 Apr 2006, at 5:09 AM, Ian G wrote:

> Jon Callas wrote:
>> I just sent off bis16.
>
> Excellent!
>
> What is the status of "last call" ?  Back in?
> Restarting?

I'm not allowed to say that, Derek is. However, it is my expectation  
that yes, this is the real last call on 2440+.

	Jon




Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaKfm087482; Wed, 19 Apr 2006 11:36:21 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JIaKZe087481; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JIaK1r087475 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 11:36:20 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 11:36:19 -0700
Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Apr 2006 11:36:19 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Apr 2006 11:36:19 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <20060419103520.GA22578@epointsystem.org>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com> <20060419103520.GA22578@epointsystem.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <548A53BE-5147-42DA-8F2D-C3340481471A@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Secret key transport
Date: Wed, 19 Apr 2006 11:36:30 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 19 Apr 2006, at 3:35 AM, Daniel A. Nagy wrote:

>> Rename section 10.1 from "Transferable Public Keys" to "Transferable
>> Keys", and add to the end of the section:
>>
>>     Secret keys may be transferred in the same manner and format as
>>     public keys by replacing any public key packets with the
>>     corresponding secret key packets and and public subkey packets  
>> with
>>     the corresponding secret subkey packets.
>
> I support this proposal.
>

That's pretty much in bis16.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCCB70069212; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JCCBYb069211; Wed, 19 Apr 2006 05:12:11 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JCC9PT069205 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 05:12:10 -0700 (MST) (envelope-from iang@systemics.com)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 599715D78C; Wed, 19 Apr 2006 13:12:07 +0100 (BST)
Message-ID: <44462894.50003@systemics.com>
Date: Wed, 19 Apr 2006 14:09:56 +0200
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: bis16 out
References: <F42C8A48-1F18-4299-A770-EF3DF7BC2C5E@callas.org>
In-Reply-To: <F42C8A48-1F18-4299-A770-EF3DF7BC2C5E@callas.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Jon Callas wrote:
> 
> I just sent off bis16.

Excellent!

What is the status of "last call" ?  Back in?
Restarting?

iang



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZMgT064316; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3JAZMkc064315; Wed, 19 Apr 2006 03:35:22 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3JAZLfQ064308 for <ietf-openpgp@imc.org>; Wed, 19 Apr 2006 03:35:21 -0700 (MST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id A34642D10; Wed, 19 Apr 2006 12:35:20 +0200 (CEST)
Date: Wed, 19 Apr 2006 12:35:20 +0200
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Secret key transport
Message-ID: <20060419103520.GA22578@epointsystem.org>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060418225637.GA11827@jabberwocky.com>
User-Agent: Mutt/1.5.9i
From: nagydani@epointsystem.org (Daniel A. Nagy)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Apr 18, 2006 at 06:56:37PM -0400, David Shaw wrote:

> The difference is that GnuPG prints a warning when it could not do
> this automatic conversion because of missing self-signatures.  PGP is
> (probably more appropriately) quiet.  I think you are interpreting
> that warning message as a rejection.

Maybe. I will double-check.
 
> All binding signatures bind to the public key.  There is no such thing
> as a secret key binding signature.

I know.
 
> Here's a minimal-change proposal:
> 
> Rename section 10.1 from "Transferable Public Keys" to "Transferable
> Keys", and add to the end of the section:
> 
>     Secret keys may be transferred in the same manner and format as
>     public keys by replacing any public key packets with the
>     corresponding secret key packets and and public subkey packets with
>     the corresponding secret subkey packets.

I support this proposal.

-- 
Daniel



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKlsN032324; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INKlU7032323; Tue, 18 Apr 2006 16:20:47 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INKkY1032317 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 16:20:46 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 16:20:46 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:20:46 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:20:46 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Transfer-Encoding: 7bit
Message-Id: <F42C8A48-1F18-4299-A770-EF3DF7BC2C5E@callas.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: OpenPGP <ietf-openpgp@imc.org>
From: Jon Callas <jon@callas.org>
Subject: bis16 out
Date: Tue, 18 Apr 2006 16:20:55 -0700
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

I just sent off bis16.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCrr1032084; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3INCr1f032083; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3INCqrb032077 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 16:12:53 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 16:12:52 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 16:12:52 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 16:12:52 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <20060418225637.GA11827@jabberwocky.com>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org> <20060418225637.GA11827@jabberwocky.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <4D2B647D-0DB2-4EA9-AACB-C243CC45A802@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Secret key transport
Date: Tue, 18 Apr 2006 16:12:59 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

I found some suggested text that David gave me last year since  
sending that. I added it in.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMump0030995; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMumNI030994; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from foobar.cs.jhu.edu (foobar.cs.jhu.edu [128.220.13.173]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMul2R030987 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 15:56:48 -0700 (MST) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net (walrus.hsd1.ma.comcast.net [24.60.132.70]) by foobar.cs.jhu.edu (8.11.6/8.11.6) with ESMTP id k3IMuhk08130 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:56:44 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.13.6/8.13.5) with ESMTP id k3IMw8cD021872 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:58:08 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id k3IMubdS011907 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 18:56:37 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id k3IMub4V011906 for ietf-openpgp@imc.org; Tue, 18 Apr 2006 18:56:37 -0400
Date: Tue, 18 Apr 2006 18:56:37 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Secret key transport
Message-ID: <20060418225637.GA11827@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org> <20060418214155.GA5012@epointsystem.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060418214155.GA5012@epointsystem.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.11
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Apr 18, 2006 at 11:41:55PM +0200, Daniel A. Nagy wrote:
> 
> On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote:
> > On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys
> > [snipped]
> > Since no one has said anything in months, I'm declaring that the  
> > answer is, "no, this is not something that needs a line or two of text."
> 
> I think, this problem merits a little bit of discussion, as there are some
> interoperability issues at stake.
> 
> Firstly, I think that 5.5.1.3. should make it clear that secret key packets
> are standardized for the purposes of exporting and importing secret key
> material. As far as interoperability is concerned, fully OpenPGP-compliant
> implementations may store private keys any way they like.

I don't think anyone was arguing otherwise.  My original mail was
simply noting that there is not a single word in the standard of how
to export a secret key.  Export, not store.

> As for importing and exporting, a major player (namely WK's GnuPG) rejects
> private key blocks that do not contain binding self-signatures for UIDs and
> subkeys.

I think there is some misunderstanding here about what happens on
secret key import in GnuPG.  GnuPG, like PGP, tries to automatically
convert a secret key to a public key on import if the public key
doesn't already exist in the keyring.  They can do this because secret
key packets are essentially a public key packet with the secret data
stuck on the end.  This isn't mandated (or even mentioned) by the
standard, of course, but is a convenience.

The difference is that GnuPG prints a warning when it could not do
this automatic conversion because of missing self-signatures.  PGP is
(probably more appropriately) quiet.  I think you are interpreting
that warning message as a rejection.

> Moreover, the required binding signatures bind the material in
> question to the corresponding PUBLIC key, not the private one. I am not sure
> why they chose to do it this way, but I am strongly opposed to mandating
> this behavior in the standard, as it would make some other existing
> implementations non-compliant.

All binding signatures bind to the public key.  There is no such thing
as a secret key binding signature.

Here's a minimal-change proposal:

Rename section 10.1 from "Transferable Public Keys" to "Transferable
Keys", and add to the end of the section:

    Secret keys may be transferred in the same manner and format as
    public keys by replacing any public key packets with the
    corresponding secret key packets and and public subkey packets with
    the corresponding secret subkey packets.

David



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMWAeM029401; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IMWA8v029400; Tue, 18 Apr 2006 15:32:10 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IMW9qt029393 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 15:32:09 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 15:32:07 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 15:32:07 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 15:32:07 -0700
In-Reply-To: <20060329163756.GB1001@jabberwocky.com>
References: <20060329163756.GB1001@jabberwocky.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <C6F529EF-25AC-4A20-893C-A8A40DCC8436@callas.org>
Cc: ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Suggested changes for DSA2, take 4
Date: Tue, 18 Apr 2006 15:32:16 -0700
To: David Shaw <dshaw@jabberwocky.com>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 29 Mar 2006, at 8:37 AM, David Shaw wrote:

>
> Here is round four.  Only little fiddle changes at this point.
>
> ==================================
>
> Section 5.2.2 (Version 3 Signature Packet Format) says:
>
>     DSA signatures MUST use hashes with a size of 160 bits, to  
> match q,
>     the size of the group generated by the DSA key's generator value.
>     The hash function result is treated as a 160 bit number and used
>     directly in the DSA signature algorithm.
>
> change to:
>
>     DSA signatures MUST use hashes that are equal in size to the
>     number of bits of q, the group generated by the DSA key's
>     generator value.  If the output size of the chosen hash is larger
>     than the number of bits of q, the hash result is truncated to fit
>     by taking the number of leftmost bits equal to the number of bits
>     of q.  This (possibly truncated) hash function result is treated
>     as a number and used directly in the DSA signature algorithm.
>

Done.

> No change.
>
> ==================================
>
> Section 12.5. (DSA) says:
>
>     An implementation SHOULD NOT implement DSA keys of size less than
>     1024 bits. Note that present DSA is limited to a maximum of  
> 1024 bit
>     keys, which are recommended for long-term use. Also, DSA keys MUST
>     be an even multiple of 64 bits long.
>
> change to:
>
>     An implementation SHOULD NOT implement DSA keys of size less than
>     1024 bits or with a q size of less than 160 bits.  DSA keys MUST
>     also be a multiple of 64 bits, and the q size MUST be a multiple
>     of 8 bits.  The Digital Signature Standard (DSS) [FIPS186]
>     specifies that DSA be used in one of the following ways:
>
>     * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384 or  
> SHA-512 hash
>     * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384 or SHA-512  
> hash
>     * 2048-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash
>     * 3072-bit key, 256-bit q, SHA-256, SHA-384 or SHA-512 hash
>
>     The above key and q size pairs were chosen to best balance
>     the strength of the key with the strength of the hash.
>     Implementations SHOULD use one of the above key and q size pairs
>     when generating DSA keys.  If DSS compliance is desired, one
>     of the specified SHA hashes must be used as well.  [FIPS186]
>     is the ultimate authority on DSS, and should be consulted for all
>     questions of DSS compliance.
>
>     Note that earlier versions of this standard only allowed a
>     160-bit q with no truncation allowed, so earlier implementations
>     may not be able to handle signatures with a different q size or a
>     truncated hash.
>
> Added a MUST that the q size is a multiple of 8.  I don't think any of
> us want to deal with hashes that don't end on a byte boundary.
>

Done, but I said that you MUST not use a q less than 160 bits.

> ==================================
>
> Section 13. (Security Considerations) says:
>
>      * The DSA algorithm will work with any 160-bit hash, but it is
>        sensitive to the quality of the hash algorithm, if the hash
>        algorithm is broken, it can leak the secret key. The Digital
>        Signature Standard (DSS) specifies that DSA be used with SHA-1.
>        RIPEMD-160 is considered by many cryptographers to be as  
> strong.
>        An implementation should take care which hash algorithms are
>        used with DSA, as a weak hash can not only allow a signature to
>        be forged, but could leak the secret key.
>
> change to:
>
>      * The DSA algorithm will work with any hash, but is sensitive to
>        the quality of the hash algorithm.  Verifiers should be aware
>        that even if the signer used a strong hash, an attacker could
>        have modified the signature to use a weak one.  Only signatures
>        using acceptably strong hash algorithms should be accepted as
>        valid.
>
> Also add:
>
>      * As OpenPGP combines many different asymmetric, symmetric, and
>        hash algorithms, each with different measures of strength, care
>        should be taken that the weakest element of an OpenPGP message
>        is still sufficiently strong for the purpose at hand.  While
>        consensus about the the strength of a given algorithm may
>        evolve, at publication time, NIST Special Publication 800-57
>        [SP800-57] recommended the following list of equivalent
>        strengths:
>
>        Asymmetric  |  Hash  |  Symmetric
>        key size    |  size  |  key size
>        ------------+--------+-----------
>           1024        160         80
> 	  2048        224        112
> 	  3072        256        128
> 	  7680        384        192
> 	 15360        512        256
>
> Added the key size reminder.
>

Done with various small edits. I had to fight with the formatting  
program. Here's what I did:


      * As OpenPGP combines many different asymmetric, symmetric, and
        hash algorithms, each with different measures of strength, care
        should be taken that the weakest element of an OpenPGP message
        is still sufficiently strong for the purpose at hand.  While
        consensus about the the strength of a given algorithm may
        evolve, NIST Special Publication 800-57 [SP800-57] recommends
        the following list of equivalent strengths:

            Asymmetric  |  Hash  |  Symmetric
             key size   |  size  |   key size
            ------------+--------+-----------
               1024        160         80
               2048        224        112
               3072        256        128
               7680        384        192
              15360        512        256


> ==================================
>
> David
>

Added in reference to SP800-57.

	Jon




Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg6Wn027273; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILg6Pr027272; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILg3hA027257 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 14:42:06 -0700 (MST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id AC2D12CF3; Tue, 18 Apr 2006 23:41:55 +0200 (CEST)
Date: Tue, 18 Apr 2006 23:41:55 +0200
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Secret key transport
Message-ID: <20060418214155.GA5012@epointsystem.org>
References: <20051214135609.GA22783@jabberwocky.com> <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org>
User-Agent: Mutt/1.5.9i
From: nagydani@epointsystem.org (Daniel A. Nagy)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Apr 18, 2006 at 12:40:00PM -0700, Jon Callas wrote:
> On 14 Dec 2005, at 5:56 AM, David Shaw wrote about secret keys
> [snipped]
> Since no one has said anything in months, I'm declaring that the  
> answer is, "no, this is not something that needs a line or two of text."

I think, this problem merits a little bit of discussion, as there are some
interoperability issues at stake.

Firstly, I think that 5.5.1.3. should make it clear that secret key packets
are standardized for the purposes of exporting and importing secret key
material. As far as interoperability is concerned, fully OpenPGP-compliant
implementations may store private keys any way they like.

As for importing and exporting, a major player (namely WK's GnuPG) rejects
private key blocks that do not contain binding self-signatures for UIDs and
subkeys. Moreover, the required binding signatures bind the material in
question to the corresponding PUBLIC key, not the private one. I am not sure
why they chose to do it this way, but I am strongly opposed to mandating
this behavior in the standard, as it would make some other existing
implementations non-compliant. The semantics of a secret key packet is the
following: "Here's a public key and its (possibly encrypted) private
counterpart." That's it.

I agree with Jon that there is no point in defining secret key blocks in
the standard. Let implementations handle secret key packets as they see fit
(including not handling them at all -- after all, being able to import and
export private keys is an option, not a requirement).

-- 
Daniel



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbWJm027056; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3ILbW4D027055; Tue, 18 Apr 2006 14:37:32 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3ILbV3V027049 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 14:37:31 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 14:37:31 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 14:37:31 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 14:37:31 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <20060314155839.GA1029@jabberwocky.com>
References: <20060314155839.GA1029@jabberwocky.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <E822EF4F-CD86-44BE-BD60-45F802F17AA3@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: NIST publishes new DSA draft
Date: Tue, 18 Apr 2006 14:37:39 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 14 Mar 2006, at 7:58 AM, David Shaw wrote:

>
> In the OpenPGP context, probably the most interesting bit is that the
> 160-bit hash limit has been removed.  The sizes supported are:
>
> * 1024-bit key, 160-bit hash (the current DSA)
> * 2048-bit key, 224-bit hash (presumably aimed at SHA-224)
> * 2048-bit key, 256-bit hash (presumably aimed at SHA-256)
> * 3072-bit key, 256-bit hash (presumably aimed at SHA-256)
>

I've added in SHA-224.

Just don't ask me to sign with it. :-)

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9NU022935; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJu9sN022934; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJu9mD022928 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:56:09 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:56:08 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:56:08 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:56:08 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <43F89315.3000800@algroup.co.uk>
References: <20060215201341.0D48557FAE@finney.org> <43F89315.3000800@algroup.co.uk>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <3D476548-0F6E-4A28-B667-45B36FC07DD0@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: V3 secret keys
Date: Tue, 18 Apr 2006 12:56:16 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

In talking to Ben, a number of places where it said "resync" now says  
"resynchronization" to make it easier to find the text. That seems to  
resolve this whole issue.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiU1m022368; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJiUxf022367; Tue, 18 Apr 2006 12:44:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJiTT4022356 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:44:29 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:44:29 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:44:29 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:44:29 -0700
In-Reply-To: <20060110222044.GA3165@jabberwocky.com>
References: <20060110222044.GA3165@jabberwocky.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <0E9FEED1-3766-4161-B5AB-D8DC3182C001@callas.org>
Cc: ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Armor text change
Date: Tue, 18 Apr 2006 12:44:37 -0700
To: David Shaw <dshaw@jabberwocky.com>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 10 Jan 2006, at 2:20 PM, David Shaw wrote:

>
> Here's two suggested language changes that flow from the recent
> discussion of armor:
>
> *******
>
> Section 6.2. Forming ASCII Armor has a sentence that reads:
>
>    The header lines, therefore, MUST start at the beginning of a  
> line, and
>    MUST NOT have text following them on the same line.
>
> Suggest to change it to:
>
>    The header lines, therefore, MUST start at the beginning of a  
> line, and
>    MUST NOT have text other than whitespace following them on the  
> same line.
>
> (i.e. add "other than whitespace")
>
> Ben Laurie pointed out the rationale that since the point of ignoring
> trailing whitespace in armored and clearsigned messages was to work
> around transport systems like mail that may add whitespace, then it is
> necessary to ignore whitespace on the header lines as well.
>

Done.

> *******
>
> This other change I do not feel particularly strongly about.  It may
> overspecify something that doesn't need it.  In section 6.2. Forming
> ASCII Armor, add something to the effect of:
>
>    Note that some transport methods are sensitive to line length.
>    While there is a limit of 76 characters for the Radix-64 data
>    (section 6.3), there is no limit to the length of Armor Headers.
>    Care should be taken that the Armor Headers are short enough to
>    survive transport.  One way to do this is to repeat an Armor Header
>    key multiple times with different values for each so that no one
>    line is overly long.
>

Done.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJdt5c022012; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJdt9M022011; Tue, 18 Apr 2006 12:39:55 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJds2a021997 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:39:54 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:39:51 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:39:51 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:39:51 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <20051214135609.GA22783@jabberwocky.com>
References: <20051214135609.GA22783@jabberwocky.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <59A2A036-CFF5-4C28-9B84-9345BD5EBC0F@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Secret key transport
Date: Tue, 18 Apr 2006 12:40:00 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 14 Dec 2005, at 5:56 AM, David Shaw wrote:

>
> Well into comically late in the game here, but a question recently
> came up about the secret key transport format.  Namely, is there one?
> 2440bis has a public key transport format (the whole of section 10.1),
> and the format of secret key and secret subkey packets is defined, but
> there doesn't seem to be an analogue to section 10.1 for secret keys.
>
> For example, I've seen secret keys in this format:
>
>  - Secret key packet
>  - User ID packet
>  - Selfsig on user ID
>  - Secret subkey packet
>  - Selfsig on subkey
>
> I've also seen secret keys in this format:
>
>  - Secret key packet
>  - User ID packet
>  - Secret subkey packet
>
>  (i.e. missing the selfsigs).
>
> The first example strikes me as preferable as there is a mild benefit
> to having the secret key format parallel the public key format in that
> an implementation can extract the public key from the secret key
> automatically.  The second example requires a public key to be sent in
> addition to the secret key to get the selfsigs (while the selfsig on
> the user ID is optional, the one on the subkey isn't).
>
> Either way, though, 2440bis seems silent on this subject.  Is this
> something that needs a line or two of text?

Since no one has said anything in months, I'm declaring that the  
answer is, "no, this is not something that needs a line or two of text."

	Jon




Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWYsh021643; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJWYWK021642; Tue, 18 Apr 2006 12:32:34 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJWXEH021636 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:32:33 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:32:33 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:32:33 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:32:33 -0700
In-Reply-To: <20051205195016.GA24566@jabberwocky.com>
References: <20051205195016.GA24566@jabberwocky.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <77D11CDB-E3D7-451F-BC00-9BC1C044D23A@callas.org>
Cc: ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Other -15 comments
Date: Tue, 18 Apr 2006 12:32:42 -0700
To: David Shaw <dshaw@jabberwocky.com>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 5 Dec 2005, at 11:50 AM, David Shaw wrote:

>
> 5.5.2. Public Key Packet Formats says "Third, there are minor
> weaknesses in the MD5 hash algorithm that make developers prefer other
> algorithms."  Suggest dropping the word "minor".
>

Done.

> *****
>
> Section 5.5.2. Public Key Packet Formats says:
>
>   V3 keys are deprecated; an implementation SHOULD NOT generate a V3
>   key, but MAY accept it.
>
> but section 11.1. Key Structures says:
>
>   V3 keys are deprecated. Implementations MUST NOT generate new V3
>   keys, but MAY continue to use existing ones.
>
> These can't both be correct.  I lean towards MUST NOT here,
> personally.
>

It says MUST NOT in both places. I did some more tidying in the same  
place. (There's no point in saying you MUST create a V3 key with RSA,  
if you MUST NOT create one, for example.)

> *****
>
> The first two paragraphs in section 6.4. Decoding Radix-64 contradict
> each other.  The first says that all non-radix-64 characters must be
> ignored.  The second says that non-radix-64 characters probably
> indicate a transmission error, "about which a warning message or even
> a message rejection might be appropriate under some circumstances".
>
> Suggest going with the second.
>

Done. There's one paragraph now:

   In Radix-64 data, characters other than those in the table, line  
breaks, and
   other white space probably indicate a transmission error, about  
which a warning
   message or even a message rejection might be appropriate under some
   circumstances. Decoding software must ignore all white space.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJIOBg020470; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJIOP4020469; Tue, 18 Apr 2006 12:18:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJINdZ020463 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:18:23 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:18:23 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:18:23 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:18:23 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <20051012160434.GA3562@jabberwocky.com>
References: <20051012160434.GA3562@jabberwocky.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <34A08881-FDAB-4B55-B525-906FEC939354@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Human-readable notation language
Date: Tue, 18 Apr 2006 12:18:30 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 12 Oct 2005, at 9:04 AM, David Shaw wrote:

> To my reading, this says more or less, "this is a note from one person
> to another except when it isn't".  Especially given such notations as
> preferred-email-encoding@pgp.com which are always human-readable, I
> suggest this:
>
>      First octet: 0x80 = human-readable. This note value is text.
>
> It's just simpler.
>

Just to be clear, this change is in.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGO2X020296; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJGOSO020295; Tue, 18 Apr 2006 12:16:24 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJGNpY020288 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:16:23 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7); Tue, 18 Apr 2006 12:16:22 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:16:22 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:16:22 -0700
In-Reply-To: <434CED6F.7070709@systemics.com>
References: <20051012070713.38B2957EFB@finney.org> <434CED6F.7070709@systemics.com>
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <4705FF74-43E1-4893-994A-C317CD1FF465@callas.org>
Cc: Hal Finney <hal@finney.org>, ietf-openpgp@imc.org
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures)
Date: Tue, 18 Apr 2006 12:16:29 -0700
To: Ian G <iang@systemics.com>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 12 Oct 2005, at 4:03 AM, Ian G wrote:

> I would prefer the disclaimer to vaguery to be
> at the beginning because that's how lawyers like
> it.  So, Something like this:
>
>   5.2.1. Signature Types
>
>     There are a number of possible meanings for a signature, which
>     may be indicated in a signature type octet in any given signature.
>     Please note that the vagueness of these meanings is
>     not a flaw, but a feature of the system. Because OpenPGP places
>     final authority for validity upon the receiver of a
>     signature, it may be that one signer's casual
>     act might be more rigorous than some other authority's
>     positive act.
>
>     These meanings are:
>

That's in -16 now.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9aZQ018931; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IJ9aE6018930; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IJ9Zbm018924 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:09:36 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 12:09:35 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 12:09:35 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 12:09:35 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de>
References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <F65ABCA6-D407-42D6-96DE-590490207FE6@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Signature calculation language
Date: Tue, 18 Apr 2006 12:09:42 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 12 Oct 2005, at 6:55 AM, Werner Koch wrote:

>
> On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said:
>
>> I support making 0x19 backsigs a MUST.
>
> I concur with David.  I am actually a heavy user of signing subkeys
> because they allow to keep the primary key offline.
>

I also added an implementation nit:

    The 0x19 back signatures were not required for signing subkeys  
until relatively
    recently. Consquently, there may be keys in the wild that do not  
have these back
    signatures. Implementing software may handle these keys as it  
sees fit.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxPVU018381; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3IIxPpA018380; Tue, 18 Apr 2006 11:59:25 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3IIxOkt018373 for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 11:59:24 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.7) for <ietf-openpgp@imc.org>; Tue, 18 Apr 2006 11:59:23 -0700
Received: from [192.168.2.164] ([63.251.255.85]) by keys.merrymeet.com (PGP Universal service); Tue, 18 Apr 2006 11:59:23 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 18 Apr 2006 11:59:23 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
In-Reply-To: <87psqa6ds2.fsf@wheatstone.g10code.de>
References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> <87psqa6ds2.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <F3CC0ECB-CF04-4A2F-B040-1476357A2228@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Signature calculation language
Date: Tue, 18 Apr 2006 11:59:32 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.749.3)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 12 Oct 2005, at 6:55 AM, Werner Koch wrote:

>
> On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said:
>
>> I support making 0x19 backsigs a MUST.
>
> I concur with David.  I am actually a heavy user of signing subkeys
> because they allow to keep the primary key offline.
>

Section 10.1 says:

    Each Subkey packet MUST be followed by one Signature packet, which
    should be a subkey binding signature issued by the top level key.
    For subkeys that can issue signatures, the subkey binding signature
    MUST contain an embedded signature subpacket with a primary key
    binding signature (0x19) issued by the subkey on the top level key.

And I think this does make it a MUST.

If there should be anything else (or this is wrong, unclear, etc.),  
just let me know.

	Jon



Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELnkc070361; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3CELnOc070360; Wed, 12 Apr 2006 07:21:49 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from ns1.cpanel.btnaccess.com (ns1.cpanel.btnaccess.com [205.177.121.2]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3CELltt070353 for <ietf-openpgp@imc.org>; Wed, 12 Apr 2006 07:21:48 -0700 (MST) (envelope-from robholliday@isocore.com)
Message-Id: <200604121421.k3CELltt070353@balder-227.proper.com>
Received: from [65.213.193.6] (helo=ISODELL001) by ns1.cpanel.btnaccess.com with esmtp (Exim 4.52) id 1FTgE4-00086P-SL for ietf-openpgp@imc.org; Wed, 12 Apr 2006 10:21:45 -0400
From: "Robert Holliday" <robholliday@isocore.com>
To: <ietf-openpgp@imc.org>
Subject: On-line Registration Closing Sunday
Date: Wed, 12 Apr 2006 10:21:41 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0038_01C65E1A.E3EDC910"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcZePGrSOO1hlu3gRXWTkZHRX2lUJQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ns1.cpanel.btnaccess.com
X-AntiAbuse: Original Domain - imc.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - isocore.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

This is a multi-part message in MIME format.

------=_NextPart_000_0038_01C65E1A.E3EDC910
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

 

This week is the last chance for attendees to register online for the
International Conference on Network Security.  For those interested in
registering before time runs out please go to:  www.networksecurity2006.com
<http://www.networksecurity2006.com/> 

 

Conference Program 

 

Monday, April 17

TECHNICAL SESSIONS AND PANELS 

 

8:45 - 10:30 am

Opening Session

Chair: Guy Copeland 

VP and Assistant to the President, CSC

 

. Introduction 

Guy Copeland 

 

. Keynote Speech 

Andy Purdy

Department of Homeland Security 

 

. Issues in Wiretapping Technologies 

Matt Blaze

University of Pennsylvania 

 

Break (10:30 - 10:45 am) 

 

10:45 am - 12:30 pm

Panel: User Authentication Technologies

Chair: Radia Perlman

Sun Microsystems 

 

. PKI: It's not that hard. Why don't we have it? 

Charlie Kaufman

Microsoft 

 

. Web Services/Liberty Approach to Single Sign-on 

Gerald Beuchelt 

Sun Microsystems

 

. Is the Identity-based Crypto the Best Solution? 

Terence Spies

Voltage Security

 

. PKI: Let's Make it Happen! 

Bill Burr

NIST

 

. SAML Comparison to Kerberos to Support a Centralized Authoritative Source
for Authentication 

Hank Simon

Lockheed Martin

 

Lunch (12:30 - 1:45 pm) 

 

1:45 - 3:00 pm

Mesh Network Security 

Chair: Russ Housley

Vigil Security, LLC 

 

. Status of 802.11 Mesh and Security 

Donald Eastlake III

Motorola 

 

. Security Issues in 802.11s 

William Arbaugh, UMD

Jesse Walker, Intel 

 

. More on 802.11s 

Robert Moskowitz

ICSA Labs, Cybertrust

 

Break (3:00 - 3:15 pm) 

 

3:15 - 4:30 pm 

Defending Against Denial of Service 

Chair: Jim Hughes 

Sun Microsystems 

 

. Surviving Denial of Service

Andy Ellis

Akamai 

 

. MITHRIL: Adaptable Security for Survivability in Collaborative Computing
Sites 

Von Welch, NCSA

Jim Basney, NCSA

Himanshu Khurana, NCSA 

 

. Investigating the Impact of Real-World Factors on Internet Worm
Propagation

Xiaoyan Hong 

University of Alabama 

 

4:30 - 5:30 pm 

Panel: Legislative Aspects of Security 

 

. Pat Schambach

Nortel

 

. Robert Dix Jr.

Citadel Security Software

 

. Michael Aisenberg

Verisign

 

. John Morris

Center for Democracy & Technology

 

5:30 - 6:30 pm

Reception 

 

6:45 - 7:45 pm

Tutorial: Network Incident Response 

Presenter: Richard Bejtlich

Tao Security 

 

Tuesday, April 18

TECHNICAL SESSIONS AND PANELS 

 

9:00 - 10:30 am 

Software Security 

Chair: Charlie Kaufman

Microsoft 

 

. Why Software Breaks

Andrew Lee 

Eset 

 

. Federal Standards and Guidelines

Developed by NIST

Stuart Katzke

NIST

 

. Impact of NSTISSP-11 on the Current

Certification Climate for Products and 

Technology

Keith Beatty

SAIC 

 

. How can we make products and

deployments more secure?

Eric Cole

Lockheed Martin 

 

Break (10:30 - 10:45 am) 

 

10:45 am - 12:30 pm

Network Security Protocol Issues

Chair: Hilarie Orman

Purple Streak, Inc. 

 

. Introduction and Comparison of IPv4 Address Resolution Protocol, ICMP
Router Discovery and ICMP Redirect; and IPv6 Neighbor Discovery Protocol
Security Issues

Michael Wasielewski

Lockheed-Martin 

 

. The ability for the Warfighter to share critical information across and
between networks without leakage

Adele Friedel 

Tenix America 

 

. Availability and Security Tradeoffs 

Arun Sood 

Task Technologies Ltd. 

 

. Firewall Traversal: Security and Scalability

David McGrew

Cisco Systems

 

. Updates on IETF Security Related Working Groups

Sam Hartman

MIT 

Russ Housley

Vigil Security 

 

Lunch (12:30 - 1:45 pm) 

 

1:45 - 3:00 pm

Security for Wireless and Internet Mobility

Chair: Bijan Jabbari

Isocore 

 

. Optimizations to Support Secure AP Transitions in 802.11 WLANs

Jesse Walker

Intel 

 

. 3GPP2 Network Firewall Configuration and Control

Michael Paddon

Qualcomm

 

. Proactive EAP-based handover key management for mobile wireless users

Madjid Nakhjiri

Motorola 

 

Break (3:00 - 3:15 pm) 

 

3:15 - 4:30 pm 

Panel: Internet Infrastructure Security

Chair: Hilarie Orman

Purple Streak, Inc. 

 

. MPLS VPN Security

Harmen van der Linde

Cisco Systems

 

. DHS and Internet Infrastructure Security

Marcus Sachs 

SRI

 

. Routing Security 

Sandra Murphy 

Sparta

 

. Why Routing Protocol Security isn't Seeing Wide Adoption

Russ White 

Cisco Systems

 

4:30 - 5:30 pm

Web Browser Security 

Moderator: Darren Moffat

Sun Microsystems 

 

. The Sad State of Evolution of Interface to User Security with a Focus on
the Web Browser

Eric Greenberg

Netframeworks 

 

. XML: Salvation or Struggle

Donald Eastlake III

Motorola 

 

. Web Browser Security Frameworks 

Perry Metzger

Piermont 

 

. Issues in Web Browser Security

Sam Hartman

MIT 

 

Wednesday, April 19

TECHNICAL SESSIONS AND PANELS 

 

9:00 - 10:30 am 

DNS Security

Chair: Donald Eastlake III

Motorola 

 

. Why isn't DNS security deployed, and would we be safer if it was?

Charlie Kaufman

Microsoft 

 

. DNSSEC and FISMA 

Scott Rose

NIST

 

. DNS Security 

Stuart Schechter 

Lincoln Laboratory 

 

. The Registry Perspective on DNSSEC

Matt Larson 

Verisgn 

 

Break (10:30 - 10:45 am) 

 

10:45 am - 12:30 pm

Panel: Trusted Platforms

Chair: Radia Perlman

Sun Microsystems 

 

. Trusted Computing: Towards Safe Computing Environments

Tom Hardjono

SignaCert 

 

. A use for TPM Technology in Routing Infrastructure

Andy Ellis

Akamai 

 

. Issues in TPM Technology

Ned Smith

Intel 

 

. An Outsider's Perspective on TPM

Russ Housley 

Vigilsec

 

 

 

 

 

 

 


------=_NextPart_000_0038_01C65E1A.E3EDC910
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>This week is the last chance for attendees to =
register
online for the International Conference on Network Security.&nbsp; For =
those
interested in registering before time runs out please go to:&nbsp; <a
href=3D"http://www.networksecurity2006.com/">www.networksecurity2006.com<=
/a></span></font></p>

<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial;font-weight:bold'>&nbsp;</span></font></b></p>

<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial;font-weight:bold'>Conference Program =
</span></font></b></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Monday, April 17</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>TECHNICAL SESSIONS AND PANELS&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>8:45 - 10:30 am</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Opening Session</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Guy Copeland </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>VP and Assistant to the President, =
CSC</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Introduction </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Guy Copeland </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Keynote Speech </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Andy Purdy</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Department of Homeland Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Issues in Wiretapping Technologies =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Matt Blaze</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
  font-family:Arial'>University</span></font><font size=3D2 =
face=3DArial><span
 style=3D'font-size:11.0pt;font-family:Arial'> of =
Pennsylvania</span></font><font
size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;font-family:Arial'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Break (10:30 &#8211; 10:45 am) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>10:45 am - 12:30 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Panel: User Authentication =
Technologies</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Radia Perlman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sun Microsystems </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; PKI: It's not that hard. Why don't we have =
it? </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Charlie Kaufman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Microsoft </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Web Services/Liberty Approach to Single =
Sign-on </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Gerald Beuchelt </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sun Microsystems</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Is the Identity-based Crypto the Best =
Solution? </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Terence Spies</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Voltage Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; PKI: Let&#8217;s Make it Happen! =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Bill Burr</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>NIST</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; SAML Comparison to Kerberos to Support a =
Centralized
Authoritative Source for Authentication </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Hank Simon</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Lockheed Martin</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Lunch (12:30 &#8211; 1:45 pm) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>1:45 - 3:00 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Mesh Network Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Russ Housley</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Vigil Security, LLC </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Status of 802.11 Mesh and Security =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Donald Eastlake III</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Motorola </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Security Issues in 802.11s =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>William Arbaugh, UMD</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Jesse Walker, Intel </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; More on 802.11s </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Robert Moskowitz</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>ICSA Labs, Cybertrust</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Break (3:00 &#8211; 3:15 pm) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>3:15 - 4:30 pm </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Defending Against Denial of Service =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Jim Hughes </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sun Microsystems </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Surviving Denial of =
Service</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Andy Ellis</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Akamai </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; MITHRIL: Adaptable Security for =
Survivability in
Collaborative Computing Sites </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Von Welch, NCSA</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Jim Basney, NCSA</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Himanshu Khurana, NCSA </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Investigating the Impact of Real-World =
Factors on Internet
Worm Propagation</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Xiaoyan Hong </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
  font-family:Arial'>University</span></font><font size=3D2 =
face=3DArial><span
 style=3D'font-size:11.0pt;font-family:Arial'> of =
Alabama</span></font><font
size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;font-family:Arial'> </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>4:30 - 5:30 pm </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Panel: Legislative Aspects of Security =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot;&nbsp;Pat Schambach</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Nortel</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot;&nbsp;Robert Dix Jr.</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Citadel Security Software</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Michael Aisenberg</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Verisign</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot;&nbsp;John Morris</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Center for Democracy &amp; =
Technology</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>5:30 - 6:30 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Reception </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>6:45 - 7:45 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Tutorial: Network Incident Response =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Presenter: Richard Bejtlich</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Tao Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Tuesday, April 18</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>TECHNICAL SESSIONS AND PANELS </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>9:00 - 10:30 am </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Software Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Charlie Kaufman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Microsoft </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Why Software Breaks</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Andrew Lee </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Eset </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Federal Standards and =
Guidelines</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Developed by NIST</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Stuart Katzke</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>NIST</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Impact of NSTISSP-11 on the =
Current</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Certification Climate for Products and =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Technology</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Keith Beatty</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>SAIC </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; How can we make products =
and</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>deployments more secure?</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Eric Cole</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Lockheed Martin </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Break (10:30 &#8211; 10:45 am) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>10:45 am - 12:30 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Network Security Protocol Issues</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Hilarie Orman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Purple Streak, Inc. </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Introduction and Comparison of IPv4 Address =
Resolution
Protocol, ICMP Router Discovery and ICMP Redirect; and IPv6 Neighbor =
Discovery
Protocol Security Issues</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Michael Wasielewski</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Lockheed-Martin </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; The ability for the Warfighter to share =
critical information
across and between networks without leakage</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Adele Friedel </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Tenix America </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Availability and Security Tradeoffs =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Arun Sood </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Task Technologies Ltd. </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Firewall Traversal: Security and =
Scalability</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>David McGrew</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Cisco Systems</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Updates on IETF Security Related Working =
Groups</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sam Hartman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>MIT </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Russ Housley</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Vigil Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Lunch (12:30 &#8211; 1:45 pm) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>1:45 - 3:00 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Security for Wireless and Internet =
Mobility</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Bijan Jabbari</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Isocore </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Optimizations to Support Secure AP =
Transitions in 802.11
WLANs</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Jesse Walker</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Intel </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; 3GPP2 Network Firewall Configuration and =
Control</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Michael Paddon</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Qualcomm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Proactive EAP-based handover key management =
for mobile
wireless users</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Madjid Nakhjiri</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Motorola </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Break (3:00 &#8211; 3:15 pm) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>3:15 - 4:30 pm </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Panel: Internet Infrastructure =
Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Hilarie Orman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Purple Streak, Inc. </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; MPLS VPN Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Harmen van der Linde</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Cisco Systems</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; DHS and Internet Infrastructure =
Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Marcus Sachs </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>SRI</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Routing Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sandra Murphy </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
  font-family:Arial'>Sparta</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Why Routing Protocol Security isn't Seeing =
Wide Adoption</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Russ White </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Cisco Systems</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>4:30 - 5:30 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Web Browser Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Moderator: Darren Moffat</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sun Microsystems </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; The Sad State of Evolution of Interface to =
User Security
with a Focus on the Web Browser</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Eric Greenberg</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Netframeworks </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; XML: Salvation or Struggle</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Donald Eastlake III</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Motorola </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Web Browser Security Frameworks =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Perry Metzger</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Piermont </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Issues in Web Browser =
Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sam Hartman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>MIT </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Wednesday, April 19</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>TECHNICAL SESSIONS AND PANELS </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>9:00 - 10:30 am </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>DNS Security</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair:&nbsp;Donald Eastlake III</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Motorola </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Why isn't DNS security deployed, and would =
we be safer if
it was?</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Charlie Kaufman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Microsoft </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; DNSSEC and FISMA </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Scott Rose</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>NIST</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; DNS Security </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Stuart Schechter </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
  font-family:Arial'>Lincoln</span></font><font size=3D2 =
face=3DArial><span
style=3D'font-size:11.0pt;font-family:Arial'> Laboratory =
</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; The Registry Perspective on =
DNSSEC</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Matt Larson </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Verisgn </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Break (10:30 &#8211; 10:45 am) </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>10:45 am - 12:30 pm</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Panel: Trusted Platforms</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Chair: Radia Perlman</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Sun Microsystems </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Trusted Computing: Towards Safe Computing =
Environments</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Tom Hardjono</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>SignaCert </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; A use for TPM Technology in Routing =
Infrastructure</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Andy Ellis</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Akamai </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; Issues in TPM Technology</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Ned Smith</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Intel </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&middot; An Outsider&#8217;s Perspective on =
TPM</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Russ Housley </span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>Vigilsec</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:11.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0038_01C65E1A.E3EDC910--