Re: Kathleen Moriarty's Discuss on draft-ietf-rtgwg-yang-key-chain-20: (with DISCUSS and COMMENT)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 27 April 2017 15:13 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00153129AC7; Thu, 27 Apr 2017 08:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lr0u7g5X-MsN; Thu, 27 Apr 2017 08:12:59 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1907B12960D; Thu, 27 Apr 2017 08:11:56 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id c198so29757324pfc.1; Thu, 27 Apr 2017 08:11:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=eSCoGY1r2ZQN9qlwXg7+RQbUn3HsWlBg2wOAc9wEL60=; b=dui/+9bUe1aPuLhGkUJHZN4+wofhLzXdmWl8em/9QooKhwCk5w1d0G3NUhNNFbFeK2 cRYknqhgrc12epPsdozSzi2dS5brrLctWBJruFmsXTNDb6EimvI3I1YPwW3yltH02Yf6 Iqqv9BZf3BtBmXd/Z3IF8656Lhs9GoK5SSiNRPgsYk0GpPHgMNjeVC1+cdcWdOkXhhgw A8SZ2Z1JLcwY0bmxbAJuvGJAIR01qDIaGTV/zXKvL7969E6wjSgdMOf2NtqDQvtOKgJp sKU3h1s2ybcZ/6jeMDKpHt3LfZzYBnQ6GB0xd1e5EwxYkLycVjEIZMAkEcOiyDV1Tooq HRvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=eSCoGY1r2ZQN9qlwXg7+RQbUn3HsWlBg2wOAc9wEL60=; b=b5xZVZOVhz3tBmlMeScCqSpZh1tbrG6ntsFXl4HQ3pnR+ecmfcGe5uHWr4XM+XpigT GVEdsYhmlTuFea6YdAVdUL4CuIK4Gx1nS4jooCLanWIpkOjB9XG2rmMUOk89Z3y0hHd7 mNmwoafUFqwuFl8rqDvQHW+0K316daC+fTPI0QbHndjaKxZ7gcJFgyTQpGI7+sFtCQS9 dBEfaRbgB9Vz6oTvc0dVyrirArI6c01jjH1F4VfCFGZ99fjRaTS/roc/eOpsKKEHZwP9 fAHbHy6Gh5g5tPEJKUPGfh73fAxYQYGURh3q1nc/S6mJwRaZq9gD7W/u2P3GIZdwLBV8 hXgA==
X-Gm-Message-State: AN3rC/7vvdYa38kK7lVTI2OyMF7TcgRsxESbZSEzeZCQhRc8FWTIfa5A 8ZMTRcdvB4QfLY8jRGqX5gX+sNfu8A==
X-Received: by 10.99.160.73 with SMTP id u9mr6381016pgn.176.1493305915483; Thu, 27 Apr 2017 08:11:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.185.143 with HTTP; Thu, 27 Apr 2017 08:11:14 -0700 (PDT)
In-Reply-To: <D527720F.ABE31%acee@cisco.com>
References: <149322447211.30122.5870367500760951821.idtracker@ietfa.amsl.com> <f366eb05-b82c-123e-d0ca-8701fe16a469@nostrum.com> <CAHbuEH5vDjZ5tSt=314Dquju7N26XSOqQPNjV=jO6D8Xn7QVdQ@mail.gmail.com> <89d1c702-7830-1f5a-1176-0b894e2d99e9@nostrum.com> <CAHbuEH5OX-GiwF7zqWmks5k6yLj5SXvXwYVFjCChrsa_ckokwQ@mail.gmail.com> <D5267C51.AB9DD%acee@cisco.com> <CAHbuEH4Lw7MwUf1ksE=dUFOQAja-y_cpUTsr9Uz4OQ_XN+Dtqg@mail.gmail.com> <D5268052.ABA1D%acee@cisco.com> <C953C43E-6809-46EE-AB6F-2BC2ADB24868@cisco.com> <CAHbuEH7hqxbC_03K7HsDZW3Fs2j8jPuANUv3pLt7c6OB0XXEMw@mail.gmail.com> <D527720F.ABE31%acee@cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 27 Apr 2017 11:11:14 -0400
Message-ID: <CAHbuEH6xaratbynwu0H_qFbqm+0f2C=y3N3QYQfN171X_BkSMQ@mail.gmail.com>
Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-rtgwg-yang-key-chain-20: (with DISCUSS and COMMENT)
To: "Acee Lindem (acee)" <acee@cisco.com>
Cc: "Brian Weis (bew)" <bew@cisco.com>, Adam Roach <adam@nostrum.com>, Jeff Tantsura <jefftant.ietf@gmail.com>, "rtgwg-chairs@ietf.org" <rtgwg-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-rtgwg-yang-key-chain@ietf.org" <draft-ietf-rtgwg-yang-key-chain@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/-H5LZHudpKJp3RBnW9aCx2IYz-o>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2017 15:13:02 -0000
On Thu, Apr 27, 2017 at 10:03 AM, Acee Lindem (acee) <acee@cisco.com> wrote: > Hi Kathleen, Brian, > > On 4/26/17, 10:42 PM, "Kathleen Moriarty" > <kathleen.moriarty.ietf@gmail.com> wrote: > >>Hi Brian & Acee, >> >>On Wed, Apr 26, 2017 at 8:49 PM, Brian Weis (bew) <bew@cisco.com> wrote: >>> Hi Kathleen and Acee, >>> >>> Just a clarification on what I had said earlier. >>> >>>> On Apr 26, 2017, at 1:55 PM, Acee Lindem (acee) <acee@cisco.com> wrote: >>>> >>>> Kathleen, >>>> >>>> On 4/26/17, 4:47 PM, "Kathleen Moriarty" >>>> <kathleen.moriarty.ietf@gmail.com> wrote: >>>> >>>>> Acee, >>>>> >>>>> >>>>> >>>>> On Wed, Apr 26, 2017 at 4:39 PM, Acee Lindem (acee) <acee@cisco.com> >>>>> wrote: >>>>>> Kathleen, Brian, >>>>>> >>>>>> Since KEK as described in RFC 5649 is not ready for prime time, why >>>>>> don’t >>>>> >>>>> This is widely deployed in other use cases, >>>> >>>> None of these use cases are documented in IETF RFCs or drafts. >>> >>> The AES key wrap method itself is well understood, and if you look at >>>the citations for RFC 3394 at >>><http://www.arkko.com/tools/allstats/citations-rfc3394.html> it is >>>actually used in a number of IETF protocols. This is the basis for why I >>>originally suggested that it made sense to include it in a YANG model >>>that distributes keys. >>> >> >>Thanks for saving me a step, I was going to use Jari's tool once I got >>back online for the same purpose. >> >>>> >>>>> so I am not following this >>>>> statement that it isn't ready for prime time. RFC5649 is >>>>> straightforward. What is the gap for your usage that requires >>>>> additional guidance? Brian says this in in use for other YANG modules >>>>> already as well. >>> >>> Apologies, I was unclear in what I said. I am not actually aware of it >>>being used in other YANG modules … I meant to communicate what Kathleen >>>said more succinctly, which is that the RFC 3394 and RFC 5649 are >>>implemented for the same purpose in other (non-YANG module) protocols. >>>None of the citations in the list above appear to be YANG modules, but >>>then I’m not sure whether or not any other YANG modules distribute keys >>>either. >> >>Thanks, Brian, that is helpful. >> >>Acee, after a little more reading, is the gap for implementation >>guidance on how to use/access the key encrypting key because of the >>following sentence in -20? >> >> The AES key-encryption key (KEK) is >> not included in the YANG model and must be set or derived independent >> of key-chain configuration. >> >>This is an important step, I'm guessing Brian helped with this text >>and that may be where you need some guidance for implementing the key >>distribution functions with a stored KEK instead of the key obfuscated >>in some way. Personally, I'd leave this as implementation specific >>and the guidance here is enough for the draft, but vendors >>implementing would have to figure out how they want to do this. >>Before going further, can I confirm with you that this is the place >>where you'd like guidance? >> >>The guidance I provided earlier that is not in the draft is as follows >>(but might not answer your question): >> >> If you want to wrap an AES key and nothing else, use RFC 3394 >> If you want to wrap an AES key and some other attributes too, use RFC >>5649 > > In this case, it is only the keys, so I should change the reference to RFC > 3394? Yes, thanks. > > Thanks, > Acee > >> >>Thank you, >>Kathleen >> >>> >>> Hope that helps, >>> Brian >>> >>>>> Could you please be more explicit in terms of what >>>>> you need for guidance. I offered a suggestion, if that isn't enough, >>>>> could you please explain the gap as you see it so we can assist? >>>> >>>> Sorry, I must have missed the text you recommended. Please provide it >>>> again and I will restore the option with the guidance that is missing >>>>from >>>> RFC 5649. >>>> >>>> Thanks, >>>> Acee >>>> >>>> >>>> >>>> >>>>> >>>>> Thank you, >>>>> Kathleen >>>>> >>>>>> you take this up as a separate draft rather than trying to hold this >>>>>> important document hostage? We have the NETCONF Access Control Model >>>>>> (NACM) to protect the keys during transport (which has been >>>>>> implemented). >>>>>> Obviously, key-strings are stored on devices today since they are >>>>>>being >>>>>> used for protocol authentication and encryption so this is totally >>>>>> orthogonal to the YANG model being used to provision them. >>>>>> >>>>>> Thanks, >>>>>> Acee >>>>>> >>>>>> On 4/26/17, 4:30 PM, "Kathleen Moriarty" >>>>>> <kathleen.moriarty.ietf@gmail.com> wrote: >>>>>> >>>>>>> Hi Adam, >>>>>>> >>>>>>> I think I see where we are coming to different conclusions.... >>>>>>> >>>>>>> On Wed, Apr 26, 2017 at 4:18 PM, Adam Roach <adam@nostrum.com> >>>>>>>wrote: >>>>>>>> On 4/26/17 2:36 PM, Kathleen Moriarty wrote: >>>>>>>>> >>>>>>>>> On Wed, Apr 26, 2017 at 2:42 PM, Adam Roach <adam@nostrum.com> >>>>>>>>>wrote: >>>>>>>>>> >>>>>>>>>> On 4/26/17 11:34 AM, Kathleen Moriarty wrote: >>>>>>>>>>> >>>>>>>>>>> Since the following text int he Security Considerations section >>>>>>>>>>>is >>>>>>>>>>> a >>>>>>>>>>> recommendation, IMO it would be better to drop "or otherwise >>>>>>>>>>> obfuscated" >>>>>>>>>>> from the sentence as encrypting the keys really should be the >>>>>>>>>>> recommendation. Can we make this update? >>>>>>>>>>> >>>>>>>>>>> It is RECOMMENDED that keys be encrypted or otherwise >>>>>>>>>>> obfuscated >>>>>>>>>>> when >>>>>>>>>>> stored internally on a network device supporting this >>>>>>>>>>> specification. >>>>>>>>>>> >>>>>>>>>>> If obfuscation is what happens more often in practice, maybe >>>>>>>>>>> mention >>>>>>>>>>> this >>>>>>>>>>> as a fallback from the recommendation, but not make them sound >>>>>>>>>>> equivalent? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> To be clear -- the current guidance from the security area is to >>>>>>>>>> perform >>>>>>>>>> this kind of encryption, where you have encrypted material living >>>>>>>>>> side-by-side with the key necessary to decrypt it? >>>>>>>>> >>>>>>>>> We are talking about using a key encrypting key (KEK) and storing >>>>>>>>> that, not storing the raw key next to the encrypted data as far >>>>>>>>>as I >>>>>>>>> can tell. >>>>>>>> >>>>>>>> >>>>>>>> Right. >>>>>>>> >>>>>>>>> Additionally, I haven't seen a discussion on the hardware >>>>>>>>> this is expected to run on. >>>>>>>> >>>>>>>> >>>>>>>> That might be appropriate matter for the draft, if it is going to >>>>>>>>make >>>>>>>> this >>>>>>>> recommendation. >>>>>>>> >>>>>>>>> Some implementations of KEK solutions use dedicated hardware for >>>>>>>>>the >>>>>>>>> KEK and require authentication for access to the key, hence >>>>>>>>> preventing >>>>>>>>> generic access and side-by-side storage of the KEK's protected >>>>>>>>>key, >>>>>>>>> and encrypted data. I'd rather see a KEK used than just a key >>>>>>>>>stored >>>>>>>>> in any case. Are you arguing for not using any encryption at all? >>>>>>>> >>>>>>>> >>>>>>>> I'll defer to you, of course, since you have presumably given the >>>>>>>> topic >>>>>>>> more >>>>>>>> thought than I have, but: yes. >>>>>>>> >>>>>>>> Absent something like an HSM or forcing human intervention >>>>>>>>whenever a >>>>>>>> process starts (or restarts), it seems that the scheme described in >>>>>>>> section >>>>>>>> 5 doesn't actually deter a competent attacker from obtaining the >>>>>>>>keys. >>>>>>>> My >>>>>>>> impression is that storing information in an encrypted form that >>>>>>>>can >>>>>>>> be >>>>>>>> trivially decrypted by an attacker provides a false sense of >>>>>>>>security >>>>>>>> to >>>>>>>> equipment operators. >>>>>>>> >>>>>>>> If the scheme in section 5 *does* require the kind of prerequisites >>>>>>>> you >>>>>>>> posit, such as dedicated security hardware, it seems that such >>>>>>>> prerequisites >>>>>>>> should be mentioned alongside the recommendation. >>>>>>>> >>>>>>>>> For YANG modules, couldn't the application via NETCONF/RESTCONF >>>>>>>>> accessing the module provide the credentials to access the key >>>>>>>>> protected by the KEK? >>>>>>>> >>>>>>>> >>>>>>>> That solves the issues with provisioning, but doesn't seem to help >>>>>>>>the >>>>>>>> processes actually involved in routing. >>>>>>>> >>>>>>>>> Some implementations could store the KEK in >>>>>>>>> dedicated hardware as well. In this way, storing the KEK and data >>>>>>>>> together is not the same as storing a key right next to the data >>>>>>>>>it >>>>>>>>> is >>>>>>>>> protecting. >>>>>>>> >>>>>>>> >>>>>>>> This makes perfect sense; and it should probably be in the >>>>>>>>document. >>>>>>>> >>>>>>>>> Use of a KEK is better then not encrypting and can be done >>>>>>>>> well. >>>>>>>> >>>>>>>> >>>>>>>> It can also be done poorly, and the mention of obfuscation (along >>>>>>>>with >>>>>>>> the >>>>>>>> exchange I cite below) leads me to believe that -- absent concrete >>>>>>>> guidance >>>>>>>> to the contrary -- implementors will choose to do it poorly. It's >>>>>>>>not >>>>>>>> clear >>>>>>>> that doing this poorly provides any benefit, and it seems to me >>>>>>>>that >>>>>>>> it >>>>>>>> may >>>>>>>> cause harm: if something _looks_ secure but isn't, doesn't that >>>>>>>>have >>>>>>>> the >>>>>>>> potential for operators to incorrectly treat it as secure? Again, >>>>>>>>this >>>>>>>> is >>>>>>>> more your area than mine and so I will defer to your opinion on the >>>>>>>> topic; >>>>>>>> but from a lay perspective, this seems likely to result in the >>>>>>>>lack of >>>>>>>> guarding against compromise of the encrypted information under the >>>>>>>> mistaken >>>>>>>> impression that it can't be decrypted trivially. >>>>>>>> >>>>>>> >>>>>>> The way I read the thread from Acee is that there aren't any KEK >>>>>>> implementations with with particular YANG module, however Brian says >>>>>>> there is with other YANG modules. I *think* when Acee is referring >>>>>>>to >>>>>>> obfuscation and less than ideal scenarios, it is with the currently >>>>>>> deployed implementations that don't use KEKs. But the text and >>>>>>> responses did seem to be commingled a bit too much. >>>>>>> >>>>>>>> >>>>>>>>> Am I missing something? Was there something implementation >>>>>>>>>specific >>>>>>>>> that has the raw key stored with the encrypted data? >>>>>>>> >>>>>>>> >>>>>>>> Perhaps the following exchange with the author: >>>>>>>> >>>>>>>> Adam: "By my reading, this is just talking about encrypting 'on the >>>>>>>> disk' >>>>>>>> storage on the device. Any processes involved in provisioning the >>>>>>>> values or >>>>>>>> using them to process traffic would have access to the plaintext, >>>>>>>> presumably >>>>>>>> by reading the encrypted form off disk, reading some keying >>>>>>>>material >>>>>>>> off >>>>>>>> disk, and combining them to retrieve the plaintext key." >>>>>>> >>>>>>> It looks like version 20 had different assumptions about using the >>>>>>> KEK. I *think* this is describing usage without a KEK and may be >>>>>>>part >>>>>>> of why Acee is asking for more implementation guidance... so I'll >>>>>>>keep >>>>>>> my discuss to see if we can shape that up more. This is helpful as >>>>>>>I >>>>>>> think I see the gap more now as to what he might be looking for in >>>>>>> terms of guidance. >>>>>>> >>>>>>> Here's the text from -20: >>>>>>> >>>>>>> When configured, the key-strings can be encrypted using the AES Key >>>>>>> Wrap algorithm [AES-KEY-WRAP]. The AES key-encryption key (KEK) is >>>>>>> not included in the YANG model and must be set or derived >>>>>>>independent >>>>>>> >>>>>>> Lindem, et al. Expires October 20, 2017 >>>>>>>[Page 15] >>>>>>> Internet-Draft YANG Key Chain April >>>>>>>2017 >>>>>>> >>>>>>> of key-chain configuration. When AES key-encryption is used, the >>>>>>> hex-key-string feature is also required since the encrypted keys >>>>>>>will >>>>>>> contain characters that are not representable in the YANG string >>>>>>> built-in type [YANG]. AES key-encryption MAY be used for added key >>>>>>> security in situations where the NETCONF Access Control Mode is not >>>>>>> available. >>>>>>> >>>>>>>> >>>>>>>> Acee: "This is the correct interpretation." >>>>>>>> >>>>>>>> /a >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Best regards, >>>>>>> Kathleen >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Best regards, >>>>> Kathleen >>>> >>> >>> -- >>> Brian Weis >>> Security, CSG, Cisco Systems >>> Telephone: +1 408 526 4796 >>> Email: bew@cisco.com >>> >> >> >> >>-- >> >>Best regards, >>Kathleen > -- Best regards, Kathleen
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Kathleen Moriarty's Discuss on draft-ietf-rtgwg-y… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Adam Roach
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Adam Roach
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Adam Roach
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Brian Weis (bew)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Alia Atlas
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Alia Atlas
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Adam Roach
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Eric Rescorla
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Alia Atlas
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Adam Roach
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Alia Atlas
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Eric Rescorla
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Acee Lindem (acee)
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Alia Atlas
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty
- Re: Kathleen Moriarty's Discuss on draft-ietf-rtg… Kathleen Moriarty