Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesting a current CRL
Russ Housley <housley@vigilsec.com> Fri, 08 October 2021 16:10 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC6283A05A7 for <spasm@ietfa.amsl.com>; Fri, 8 Oct 2021 09:10:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oX1KQq2QkyPZ for <spasm@ietfa.amsl.com>; Fri, 8 Oct 2021 09:10:24 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C9D23A0598 for <spasm@ietf.org>; Fri, 8 Oct 2021 09:10:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CBCF4300C50 for <spasm@ietf.org>; Fri, 8 Oct 2021 12:10:24 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ru5H-Itk--ME for <spasm@ietf.org>; Fri, 8 Oct 2021 12:10:20 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 2F374300C4D; Fri, 8 Oct 2021 12:10:20 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <AM0PR10MB241887D39072B393C56FB28AFEB29@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Date: Fri, 08 Oct 2021 12:10:16 -0400
Cc: "spasm@ietf.org" <spasm@ietf.org>, John Gray <John.Gray@entrust.com>, David von Oheimb <david.von.oheimb@siemens.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D6D333A-14A3-4487-967F-CFCAC22D856C@vigilsec.com>
References: <AM0PR10MB24181E0CB7F13C5969337F56FEB09@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <C81D6269-EA75-4A0F-9C47-63ED46BA43E0@vigilsec.com> <DM6PR11MB25853662F94B5B12933C23F9EAB09@DM6PR11MB2585.namprd11.prod.outlook.com> <VI1PR10MB24298128902B438BCAF406D4FEB19@VI1PR10MB2429.EURPRD10.PROD.OUTLOOK.COM> <FD4EBC6E-77CE-4D96-8D9E-D929C27159D6@vigilsec.com> <AM0PR10MB2418E1DE7004C868C0E3AEA2FEB29@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <EDA2ACBF-E745-430A-A13F-A144B08125AC@vigilsec.com> <AM0PR10MB241887D39072B393C56FB28AFEB29@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/K5jaHfdntddP1QvVc1laI2i2uTw>
Subject: Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesting a current CRL
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 16:10:31 -0000
Hendrik: Option 1A defines a new generalInfo, which is a InfoTypeAndValue. Option 1B defines a new GenMsgContent, which is also a InfoTypeAndValue. The difference is that the request and response have two different types, one for GenMsg and another one for GenRep. The only hint that I find regarding the : -- Receiver MAY ignore any contained OIDs that it does not -- recognize. This tells me that in Option 1A, the server can ignore the new generalInfo that provides the CrlThisUpdate, and then always provide the full CRL in the CRL GenRep. Russ > On Oct 8, 2021, at 11:19 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote: > > Russ > > Thank you for this explanation. > >> Von: Russ Housley <housley@vigilsec.com> >> Gesendet: Freitag, 8. Oktober 2021 16:55 >> >> Hendrik: >> >> It is clear to me that either one will work. The better approach to me depends >> on the better impact on existing code. >> >> In Option 1A: >> >> if the client does not send CrlThisUpdate, then the server acts exactly as RFC >> 4210. >> >> If the server responds with <absent>, which is not permitted in RFC 4210, it is >> unclear to me what a client implementation will do. > > The server should only answers with <absent> in case CrlThisUpdate was provided in the request. In this case the client indicates that it knows the updated syntax. Therefore, I thought it is backward compatible. > >> >> In Option 1B: >> >> Section 5.3.19 of RFC 4210 does not offer much assistance; it explains the >> syntax, but no real help about when <absent> is acceptable or unacceptable. I >> do not know how CMP implementations really handle this. So, defining a new >> InfoTypeAndValue should avoid concerns with the change: >> >> OLD: >> >> GenRep: {id-it 6}, CertificateList >> >> NEW: >> >> GenRep: {id-it 6}, CertificateList | < absent > > > I tried to find any indication in the ASN.1 module, but it looks like the ASN.1 module dies not differ if <absent> is allowed or not. > Your proposal is to define a new OID with this update, right? > Finally, if you think we should do this to be on the safe side, we could also use it together with CrlThisUpdate. > I just wanted to prevent to define new ITAV if not necessary. > > Hendrik > >> >>> On Oct 8, 2021, at 1:37 AM, Brockhaus, Hendrik >> <hendrik.brockhaus@siemens.com> wrote: >>> >>> Russ >>> >>> You are right. Chaining general messages is not the intend of RFC 4210 Section >> 5.3.19. Therefore, I agree dropping Option 2. >>> >>> Option 1A and 1B both use a single general message transaction. The >> difference is how thisUpdate time is provided by the EE. >>> Option 1A uses the generalInfo field. As I understand you proposal, Option 1B >> uses the body of the GenMsg. >>> >>> RFC 4210 Section 5.1.1 specifies the generalInfo file like this: >>> >>> The generalInfo field may be used to send machine-processable >>> additional data to the recipient. The following generalInfo >>> extensions are defined and MAY be supported. >>> >>> CMP Updates already specifies two new ITAV to be carried in the generalInfo >> field in Section 2.4 and 2.5. Theses new ITAV are used in the Lightweight CMP >> Profile together with general messages. Therefore, I preferer Option 1A using >> the same approach for requesting CRLs. >>> >>> Hendrik >>> >>>> Von: Russ Housley <housley@vigilsec.com> >>>> Gesendet: Donnerstag, 7. Oktober 2021 19:16 >>>> >>>> Hendrik: >>>> >>>> After a quick skim of Section 5.3.19 of RFC 4210, I do not see any >>>> other uses of PKI General Message Content where the value provided >>>> with one request has an impact on the response provided by another. For >> this reason, I prefer Option 1B. >>>> >>>> Russ >>>> >>>> >>>>> On Oct 7, 2021, at 10:27 AM, Brockhaus, Hendrik >>>> <hendrik.brockhaus@siemens.com> wrote: >>>>> >>>>> Thanks to John for his support and to Russ for his proposal. >>>>> >>>>> I had a slightly different approach in mind as Russ described. So I >>>>> would name >>>> the approach presented by Russ Option 1B and mine Option 1A. >>>>> >>>>> Option 1A would work like this: >>>>> >>>>> New Section: >>>>> 5.1.1.X. CrlThisUpdate >>>>> >>>>> This is used by the EE to inform the CA about the thisUpdate of >>>>> the most recent CRL it knows. >>>>> >>>>> crlThisUpdate OBJECT IDENTIFIER ::= {id-it TBD} >>>>> CrlThisUpdate ::= Time >>>>> >>>>> Updated Section: >>>>> 5.3.19.6. CRL >>>>> >>>>> This MAY be used by the client to get a copy of the latest CRL. >>>>> >>>>> GenMsg: {id-it 6}, < absent > >>>>> GenRep: {id-it 6}, CertificateList | < absent > >>>>> >>>>> If crlThisUpdate is contained in the generalInfo field of the >>>>> GenMsg, the CA MUST only return a more current CRL. >>>>> >>>>> Are there any preferences in the WG? >>>>> >>>>> Hendrik >>>>> >>>>>> Von: John Gray <John.Gray@entrust.com> >>>>>> Gesendet: Mittwoch, 6. Oktober 2021 23:45 >>>>>> >>>>>> Yes, that is exactly what we are suggesting. >>>>>> >>>>>> As you know CRL's can become very large, and it would be a pity to >>>>>> ask for the latest CRL, only to find out we already had the latest >>>>>> CRL. 😊 We had also discussed possibly using a hash of the CRL >>>>>> instead of the time value, but that would cost an extra hash >>>>>> operation and we agreed thisUpdate should be good enough. I >>>>>> wouldn't expect a CA to be fast enough to issue updated CRL's >>>>>> within >>>>>> 1 second of each other (thus having the same thisUpdate date). >>>>>> >>>>>> Cheers, >>>>>> >>>>>> John Gray >>>>>> >>>>>> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley >>>>>> Sent: Wednesday, October 6, 2021 12:23 PM >>>>>> >>>>>> RFC 4210 says: >>>>>> >>>>>> 5.3.19.6. CRL >>>>>> >>>>>> This MAY be used by the client to get a copy of the latest CRL. >>>>>> >>>>>> GenMsg: {id-it 6}, < absent > >>>>>> GenRep: {id-it 6}, CertificateList >>>>>> >>>>>> I think you are suggesting something like this for Option 1: >>>>>> >>>>>> 5.3.19.X. Conditional CRL Retrieval >>>>>> >>>>>> This MAY be used by the client to get a copy of the latest CRL if >>>>>> a newer one is available. >>>>>> >>>>>> GenMsg: {id-it TBD}, Time >>>>>> GenRep: {id-it TBD}, CertificateList | < absent > >>>>>> >>>>>> Where, Time is the thisUpdate of the most recent CRL known to the client. >>>>>> >>>>>> If that is the suggestion, then Option 1 seems to follow the >>>>>> general design in RFC 4210. See Section 5.3.19.1 as an example. >>>>>> >>>>>> Russ >>>>>> >>>>>> >>>>>>> On Oct 6, 2021, at 11:53 AM, Brockhaus, Hendrik >>>>>> <hendrik.brockhaus@siemens.com> wrote: >>>>>>> >>>>>>> There are situations where CMP is used on networks that do not >>>>>>> offer http or >>>>>> coap, but other transport protocols specified at IEEE or IEC. >>>>>>> In such case we use the general message as defined in RFC 4210 >>>>>>> Section >>>>>> 5.3.19.6 >>>>>> >>>> (https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fda >>>> tatrac >>>> ker.ietf.org%2Fdoc%2Fhtml%2Frfc4210%23section- >>>> >> 5.3.19.6&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2a1f8 >>>> >> 11b31124e63d01b08d989b63743%7C38ae3bcd95794fd4addab42e1495d55a%7 >>>> >> C1%7C0%7C637692238717449200%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC >>>> >> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&a >>>> >> mp;sdata=4E9ffpU0dgD29BYAx9rqOX5tN0ObW1X7dsALJd3EABI%3D&reser >>>> ved=0) for requesting CRLs. >>>>>>> Currently the CMP server always send its most current CRL, >>>>>>> regardless if the >>>>>> CMP client already has this CRL. >>>>>>> To avoid sending the same CRL multiple times, we would like to >>>>>>> extend the >>>>>> mechanism sending only more current CRLs than the CMP client already >> has. >>>>>>> >>>>>>> Together with John Gray from Entrust, who we also like to add as >>>>>>> co-author to >>>>>> the CMP Updates Draft, we discussed mainly two implementation options. >>>>>>> >>>>>>> Option 1: >>>>>>> Define a new generalInfo field to be provided in the request >>>>>>> messages header >>>>>> of the general message specified in RFC 4210 Section 5.3.19.6. This >>>>>> ITAV shall contain the thisUpdate time of the most current CRL the >>>>>> CMP client has. The CMP server shall return its CRL if it is more >>>>>> current and otherwise with an empty body. >>>>>>> >>>>>>> Option 2: >>>>>>> Define a new general message type. Sending this new general >>>>>>> message, the >>>>>> CMP client requests the thisUpdate time of the most current CRL the >>>>>> CMP server has. If this is more current than the most current CRL >>>>>> the CMP client has, it requests this CRL using the general message >>>>>> specified in RFC 4210 Section 5.3.19.6. >>>>>>> >>>>>>> The authors would prefer option 1. What is the opinion of the WG? >>>>>>> >>>>>>> BTW, this is the last open issue of this draft. The authors hope >>>>>>> that the next >>>>>> update will be the last before WGLC. >>>>>>> >>>>>>> Hendrik >>>>>>> >>>>>>> >>>>>>> Siemens AG >>>>>>> Technology - Research in Digitalization and Automation Security >>>>>>> Architecture mailto:hendrik.brockhaus@siemens.com >>>>>>> >>>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F >>>>>>> ur >>>>>>> ld >>>>>>> efense.com%2Fv3%2F__http%3A%2F%2Fwww.siemens.com__%3B!!FJ- >>>>>> Y8qCqXTj2!K3 >>>>>>> >>>>>> >>>> >> &data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a53f27 >>>>>> 42e2 >>>>>>> >>>>>> >>>> >> 6fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C63 >>>>>> 769153 >>>>>>> >>>>>> >>>> >> 5123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi >>>>>> V2luMzI >>>>>>> >>>>>> >>>> >> iLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Wzag2sbqWIEuWaJ >>>>>> 4tUuNi >>>>>>> VokUg6Bb%2BdDq7OyXroN43k%3D&reserved=0 >>>>>>> 2dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05- >>>>>> FtMawTzDIEdSOymuy8K9aaZnA$ >>>>>>> >>>>>>> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim >>>>>>> Hagemann Snabe; Managing Board: Roland Busch, Chairman, President >>>>>>> and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. >>>>>>> Thomas, Judith Wiese; Registered offices: Berlin and Munich, >>>>>>> Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, >>>>>>> Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Spasm mailing list >>>>>>> Spasm@ietf.org >>>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F >>>>>>> ur >>>>>>> ld >>>>>>> >>>>>> >>>> >> efense.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo >>>>>> %2F >>>>>>> >>>>>> >>>> >> spas&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a5 >>>>>> 3f27 >>>>>>> >>>>>> >>>> >> 42e26fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0% >>>>>> 7C6376 >>>>>>> >>>>>> >>>> >> 91535123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ >>>>>> QIjoiV2l >>>>>>> >>>>>> >>>> >> uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sWEzRWabxIrH >>>>>> U2Ry4 >>>>>>> 2sy2YZewT7kDNOq1lIMP9ymOAE%3D&reserved=0 >>>>>>> m__;!!FJ- >>>> Y8qCqXTj2!K32dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05- >>>>>> FtMaw >>>>>>> TzDIEdSOymuy8xYOrR-E$ >>>>>> >>>>>> _______________________________________________ >>>>>> Spasm mailing list >>>>>> Spasm@ietf.org >>>>>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fu >>>>>> rl >>>>>> defens >>>>>> >>>> >> e.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsp >>>>>> asm__%3B!!FJ- >>>>>> Y8qCqXTj2!K32dsgB2GqHGjdnUPkY_QKkcXyA_WG_c9clb1EI8fIW05- >>>>>> FtMawTzDIEdSOymuy8xYOrR- >>>>>> >>>> >> E%24&data=04%7C01%7Chendrik.brockhaus%40siemens.com%7C2cd8c2a >>>>>> >>>> >> 53f2742e26fac08d9891291b7%7C38ae3bcd95794fd4addab42e1495d55a%7C1% >>>>>> >>>> >> 7C0%7C637691535123328589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL >>>>>> >>>> >> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&s >>>>>> >>>> >> data=mZrMYo45HQGV0FLd8f6TfQKNLgeS0s420sJpXUvaVVM%3D&reserve >>>>>> d=0 >>>>>> Any email and files/attachments transmitted with it are >>>>>> confidential and are intended solely for the use of the individual >>>>>> or entity to whom they are addressed. If this message has been sent >>>>>> to you in error, you must not copy, distribute or disclose of the >>>>>> information it contains. Please notify Entrust immediately and >>>>>> delete the message from >>>> your system. >>>>> _______________________________________________ >>>>> Spasm mailing list >>>>> Spasm@ietf.org >>>>> >> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>>>> >>>> >> ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.broc >>>> k >>>>> >>>> >> haus%40siemens.com%7C2a1f811b31124e63d01b08d989b63743%7C38ae3bcd >>>> 95794f >>>>> >>>> >> d4addab42e1495d55a%7C1%7C0%7C637692238717459201%7CUnknown%7CT >>>> WFpbGZsb3 >>>>> >>>> >> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3 >>>> D%7 >>>>> >>>> >> C3000&sdata=XdAzbm5lVFFCWz0bC0FmrwJT3APVOChsXe4SAZa5LkE%3D& >>>> amp;res >>>>> erved=0 >>> >>> _______________________________________________ >>> Spasm mailing list >>> Spasm@ietf.org >>> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>> >> ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.broc >> k >>> >> haus%40siemens.com%7C20647c6817d644d3bae008d98a6ba4a6%7C38ae3bcd >> 95794f >>> >> d4addab42e1495d55a%7C1%7C0%7C637693017805521807%7CUnknown%7CT >> WFpbGZsb3 >>> >> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3 >> D%7 >>> >> C3000&sdata=4bcIohNWsDgGugoLRr59S7G24wo0fvUjSrJ4HIhdfmw%3D&a >> mp;res >>> erved=0 >
- [lamps] [CMP Updates] Requesting a current CRL Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Requesting a current CRL Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… John Gray
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Lijun Liao
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… David von Oheimb
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Lijun Liao
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… David von Oheimb
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… David von Oheimb
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… John Gray
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Russ Housley
- Re: [lamps] [EXTERNAL] Re: [CMP Updates] Requesti… Brockhaus, Hendrik