IETF Logo Mail Archive

Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com> Sun, 25 September 2022 08:12 UTC

Return-Path: <Tomas.Gustavsson@keyfactor.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 452D5C15259B for <spasm@ietfa.amsl.com>; Sun, 25 Sep 2022 01:12:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=keyfactorinc.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnbM29ce2QPY for <spasm@ietfa.amsl.com>; Sun, 25 Sep 2022 01:12:20 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70102.outbound.protection.outlook.com [40.107.7.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53107C1522C9 for <spasm@ietf.org>; Sun, 25 Sep 2022 01:12:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KtrEi7Gc7GjfSIGn9KCakW2jpvTmRtVK/Mqn6OwzGo2nVJEiD/0AeO9zbOTYnCb35LM2LU/TWSJaOLjZJgnK0bSgpeaEdhnvwQmvknzx4SwH/P+NDEAoZgJQrp8Te4vc9qOB19K2RjH9Nw92POYAQK1DWECdL0vKKnW1OOoLIvMfW55DrTyLlimD8YYASysU/EOV+Ezx8lV7Kb9swc6SAc8cA7Rm8BLbus4xK9Pn6j40lDrcoIv6HXmB6HDbBoV0XDA3mTZh0rgU3+mlmfVnVIlTkEUamCvA2HAe7ZACUAb2xeAkpj0AxdIQHSscFPF0bKJgDNfGJnsELGZNnz2iKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fHUQX/pvIqgE56KkFH29aeaVPOZ+J6B1sTobfj6s+JM=; b=cyctsLwVa9aVRpwa3Izux8A/dZMxCK3oK6YpkRQ5ChSF9MoUv2yLed9cVnIkUMD1DTH2SVEArswqZLHYI9HPjPpX/GI9OiWvjn9++fqB4iJQ6axlasPQjIIuHi6XmIg8IRg9T0tTUtU9TnEj7sNLtHixby49lhDG+d5rKMmR62T83k0svGlno5nFG7KgToOjM2wtwybj4K4CaalDzu4chHevjxNUNm6sjpU42zwcXcJ5R0TVVA3eF53GI6g7hfldvt/jcDtGMQs3TyVmY//SEej8gniJiZeG0UF83BUh4rbL5omp/4Jl0/yYO4c8Uzqmdu3666ClBYak5Ee4mB2I0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=keyfactor.com; dmarc=pass action=none header.from=keyfactor.com; dkim=pass header.d=keyfactor.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=KeyfactorInc.onmicrosoft.com; s=selector1-KeyfactorInc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fHUQX/pvIqgE56KkFH29aeaVPOZ+J6B1sTobfj6s+JM=; b=RKjRFq9swf2NGjLKJvLQyIrdgL0M2OCpRT9E5KI6T+Zvh35bmdoC4Fm139uYVDkvG/3jHtZ3OQNSH1En+EdR0mMqTUj9JvBudjisWfgB8VIlNZ/yTO8HNuO7zPTAYa0yDcQVqDred9/EbEHEpJ1qXYRw2TiUsSBa32p9UkT7V+0=
Received: from DU0PR03MB8696.eurprd03.prod.outlook.com (2603:10a6:10:3ef::5) by PAWPR03MB9644.eurprd03.prod.outlook.com (2603:10a6:102:2e3::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.24; Sun, 25 Sep 2022 08:12:15 +0000
Received: from DU0PR03MB8696.eurprd03.prod.outlook.com ([fe80::5058:8832:239d:d194]) by DU0PR03MB8696.eurprd03.prod.outlook.com ([fe80::5058:8832:239d:d194%7]) with mapi id 15.20.5654.022; Sun, 25 Sep 2022 08:12:15 +0000
From: Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com>
To: Russ Housley <housley@vigilsec.com>, John Gray <John.Gray@entrust.com>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
Thread-Index: AQHYyRoSekELXCL5hUGrRp6HIzhLwK3r59KAgAF5GICAAANagIAAOJ0AgAE3U4CAAQGG/A==
Date: Sun, 25 Sep 2022 08:12:14 +0000
Message-ID: <DU0PR03MB8696F2549F5E1BABACD4E81686539@DU0PR03MB8696.eurprd03.prod.outlook.com>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <2b711f2ede13466490ce79f822244f5a@amazon.com> <7C0329F9-EAEF-4046-B47F-301ECF28196C@vigilsec.com> <4bc42baf89d54eecae87d24c9c20bdd2@amazon.com> <DM6PR11MB25855892311FC469F512F5B4EA519@DM6PR11MB2585.namprd11.prod.outlook.com> <63DA80CA-2A86-49BC-8819-0F7290F7D4FD@vigilsec.com>
In-Reply-To: <63DA80CA-2A86-49BC-8819-0F7290F7D4FD@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=keyfactor.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0PR03MB8696:EE_|PAWPR03MB9644:EE_
x-ms-office365-filtering-correlation-id: 11a02160-eb7b-4a4e-a69b-08da9ecda802
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A7FsFptcNolpbU1wtkQGpumRycSqU1fyhdQ7M0/cve8/oFm9lYLht2A3cqjL9zDV1vhoBkZgp+EYK/DU9YCD38216e3CCzRC7hwQ2OKqlAL7A4CEq1GkROZxyoVNJyvlEfxghp/D/JVMJUlfmkGPI7k0W0St7ULFmfuMEiEGTW2pByLERCpV/WxAnUMGVuYT4BvBSeBXh6Ld2RrrLpXD7R6cVzy+ti+5Q55U4Le+S8/nUCjdDPwSrtbI4vMhc5yO+yrncAA1PZsAC3siV+ezgMtwnRNSiyCpzHSXtEA5Srt3Ha9oWX7oHtSLCkIKOTcGibdDykCE/bwnkcIceWBAeN2VvF/yNaoKtsCD366D5hN62J1njVywagE0syCPo2sY8WtBFpq2R3hT83h8SkoIEoe0kO9+83Xd/3zexxYfEt4UVvQhvVKpd1B/ZJEnsbQIlcnBt4nfaHoZGg/kXpnVKag2ACzOHjKOpdEjBcuaXC9NTFGtUzY/u3odM3drsdH7iwrpsIMopS2m2AN6fZotfELN/y6l/4be6HpjaZHx/f5NDnDvc1fQcwHsC0dpI6n7P7GTKodBIQUHT2FGVUj/OAZNx6jsr6eo+IgBk4vbueHEPQ9rrSY86/KzNu8TjqQpX1mXEb78+KTiGeurjuAbUKH7L4BkeIDD+3UgoHjp/xUhcgJP5C9EDOTYHXA0mbzYloJbFjDI3aIhBlX75pe0jsEIt/VwmZm86VBJ+ukswoAu6u7yvUJOf9aPutCSFl668v+ve7pTXgyyCv9Ybl7rPtly9GfFzcRtkDQy7vqRllw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR03MB8696.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(39830400003)(346002)(396003)(366004)(451199015)(41300700001)(6506007)(66574015)(166002)(316002)(7696005)(9686003)(86362001)(53546011)(26005)(2906002)(110136005)(966005)(38100700002)(45080400002)(66946007)(66476007)(8676002)(4326008)(76116006)(66556008)(91956017)(66446008)(64756008)(55016003)(122000001)(33656002)(478600001)(83380400001)(38070700005)(66899012)(19627405001)(186003)(30864003)(5660300002)(52536014)(8936002)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +ZEMhgvaEimG22ljaX7OrcEYmm+OiM6DumfE2yddVEdQ/OJ/CxfHi0thDloPqrDPezhvW2qJs76quH8EMH1hmnWNLg6qvKwhEIRXSnnLqEZ6U+Bmy9lluc8IqcSdj+9pNtfUZX0kwBqH9z9/9bUCqQ99JCJb+cXEDLyToobmEMkCBJTJZdFyYvGUYtEChbKFKVWz1UPNECKLZKsox/aRb9qtFcDbQxJiSc/8A5mqmwVvvu+TxOR9vgKzxl7PR7s2eB0tV7O4jVRXzhmhTtz55ME6WEQxmtZivthQicOXE6q3OAQMGK2EPBCjtCt6Rcle+ETopS6b7KdKcoUYoLv/Q07IVZ5o+O2q5MLH4zdyLGj3OtvTE0VZR6kuvJXOEUfpraHTEIm9ML0dsCb9ijHw3i5PQFvpsTPt//wwd6rgk1OsypLNIo/l4nGgFbZBMytENVtaxdINiUMDRLPq7q3aS9oYdthUlBGX4JdqwlKkixgdj883MX8Nv0I9pD6Md1ipOAr9DuQMqjKuCBNlvYaZFU0yEa09bEjxAE8LrySdqopZduAXsxd8Nu9joTY76Tg8HspzuYxVhotOhZgXTdj184fSR/YHB6Bkmsc3yrQ6uoKJycwU1AaOyfghnlObpeZGrnU9zvfn+1+xBZitlW3BOrcIw3KqBZeu75QLOSdgyJA9klXVTXJa3so0AqbOCVJX4IdZRv9AWayxS224EKhIWQaY2T9T/Gd8ZnlDCpx471yuh0ZvTqBL4SE8RC3pYC51JgYtd1LbGZbrOSjSzLSVNU6Nit3KlYIE8S1r0lfPXVlsh9UXM8tRDVw69wy+Efjr/f0yI+3nu8U8EFPeoMW2ydqKI7Fy0hzkZRG8PILk+TrAEK5vkPXQybdnewcbA0/k8ODf6UeUh66E55H8ht1esTT4uXRJVvE5ECtkK7FxXnV2QiLF38EjbT9I+AkQWnNzvV0ddJYKXvBBk+Ci1b8sObV7RfdX4ARjwaMu5s6ouER67OqxxONNHjy6Vvha6xNEOKChDUFWEX7w1jm04iy7YvHw4Q9oplaOMcMZ0uEM5bB8qlTlmsKG0pBfKcUU7RmtVUEw7cjq337nD7iAVkoRBRg3hBBiU6OLW7ouxbr5drtuHNdCaoxid/ZiSkuOcy2rZxSBRGaB1ZRE5zQAwrIfxD+DOYNciP/mUr8PGl0BrNGeStnSFCo0LEzFelwWFfHw9JtjiAxJfodlwKqFMpKTIgRk5pxd8HfY7sNjeT1WveEHiImLf+97JVre7vMXzNIdSVM/ytmEPmIw2ZciN/Xw6B+PmHgaSVlTbmoSz+hifXiQ6+zODX0WTgaGOx0lRU3TTrTXSoXKRNUV3nQ7pz4bsu1t7LaOVKLAKj3VeCC9FlpnuFFL+MdCQRKi0g8xfWoVz3x572UlLEbXW6EvUVvmZ4kiYREA2k3qhm/TXEE0b9K3lZuzsgmBVsr8sH/XgOhn0gHpi0eK9mX6HRza1UMLliRJGYq89bEJluNJbfnOAYEsodEfww7jeafIHgKPtk9YzhT706ncefQerf/ojHUplQYPEkiD6SMvdzb+u55HGl+Wz7qSpjzWnd1ytjUjCfes
Content-Type: multipart/alternative; boundary="_000_DU0PR03MB8696F2549F5E1BABACD4E81686539DU0PR03MB8696eurp_"
MIME-Version: 1.0
X-OriginatorOrg: keyfactor.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB8696.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 11a02160-eb7b-4a4e-a69b-08da9ecda802
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2022 08:12:14.9951 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c9ed4b45-9f70-418a-aa58-f04c80848ca9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TT7u5yMI9iLxQdbAaL4IHfSk37hs/A5gWx+lIrXmcJ00ohn+UTagUvulsbDIYfn58QEe0v7fwhbnpeG/60m6W46IoHjNH+A2OReZBrsnTBM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB9644
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/uiYOsHdda_uYQuGz9sEMeVJIrnM>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2022 08:12:25 -0000

Here are my initial contribution to the topic how to implement it in CA sw. I haven't implemented everything myself yet of course, so these are just initial thoughts.

  1.  Implementing pure PQ algorithms in certificate issuance, at least NIST candidates, are the same as implementing say a new EC curve, or adding EdDSA as well. Well known implementation wise. New algo, UI updates, tests, and then all the custom coding for HSMs using PKCS#11 because it is not standardized yet. The CA software doesn't have to change anything paradigm wise. This one I have done myself.
  2.  Implementing composite/hybrid certificates, you have to consider how to work with the concept of dual keys for the CA. This is something new. Currently each CA have one signing key, which is also reflected in say how CRL generation are defined in RFC5280 which would make it quite complex with two concurrent signing keys for each CA, especially considering rollover. I haven't done this myself, but the implementation I have looked at so far bundles the two keys into a fixed bundle. Say "RSA4095-Falcon512". The two keys/signatures are then handled in lower level in the crypto library/HSM. For the CA software implementation this makes the issuance paradigm similar to what we are used to before. CA key generation have single selection choices in a drop-down menu, all certificates issued are signed by the same "key(s)". There are a lot of possible permutations here, which makes it tricky to understand how it will look like in the end. So some uncertainties for the future imho.
  3.  Separate hierarchies with linking. The issuance concept seems simple, there are two different CA structures, each with a single CA signing key, in principle issuing independent of each other. How the linking between certificates should be managed is something new to the CA. The CA would probably like to outsource that to the RA, which makes the RA management complex. A PKI is a lot about management, perhaps more than the technical operation of signing a certificate itself, and this added management complexity has to be handled somewhere. If this is simply done by the CSR containing a new extension it works without changing anything in the CA software. Mind that this requires all CSRs to be sent from a trusted RA. Today CAs are equipped to handle that some CSRs come from trusted channels and extensions can be copied over, while some CSRs come from untrusted channels and nothing in the CSR is trusted (except using the public key/popo).

Cheers,
Tomas

________________________________
From: Spasm <spasm-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Sent: Saturday, September 24, 2022 6:32 PM
To: John Gray <John.Gray@entrust.com>
Cc: LAMPS <spasm@ietf.org>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

CAUTION: External Sender - Be cautious when clicking links or opening attachments. Please email InfoSec@keyfactor.com with any questions.


John:

It makes sense to me that composite signatures are straight forward to implement.

I think that composite key management is more complex, especiall if there is a mix of key transport, key agreement, and KEM.

I think the point of disagreement on this thread is whether a new CA paradigm is needed to include a pointer in one certificate to another certificate.

Russ

> On Sep 23, 2022, at 5:57 PM, John Gray <John.Gray=40entrust.com@dmarc.ietf.org> wrote:
>
> Just to plus on what Panos has said (as someone who has implemented composite), it is exactly as he says:  I implemented a composite signature algorithm (in Java using the standard Signature APIs), and then to test with protocols I simply allow the protocol (X.509 Certs 5280 validation, CMS, TLS, OCSP, Timestamping, etc) to make use of composite as a Signature algorithm.  I didn't have to touch the core of the protocol implementations (other than to allow them to make use of the composite Signature algorithm).   Since signature algorithms have common API's (keygen(), sign(), verify() and key and signature parameter objects), it is very trivial to plug them into existing protocols.  It is no more difficult to add composite than adding the pure PQ implementations (Dilithium, Falcon, Sphincs+) to existing protocols.  I added those at the same time for prototyping purposes.  Obviously I had to define prototype OIDs to get it all working at this early stage in the standards process, but
  t
> hose are trivial to change once we have official OIDs.
>
> Cheers,
>
> John Gray
>
>
>
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Kampanakis, Panos
> Sent: Friday, September 23, 2022 2:35 PM
> To: Russ Housley <housley@vigilsec.com>
> Cc: LAMPS <spasm@ietf.org>
> Subject: [EXTERNAL] Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
>
> ______________________________________________________________________
> Hi Russ,
>
> I see composite certs as a new OID to be deployed in X.509 and a new sig algorithm to be negotiated and used in protocols. I see draft-becker-guthrie-cert-binding-for-multi-auth as a new cert issuing paradigm and a bunch of changes for protocols (send two chains, send two signatures, check the two identities to ensure they are proper, etc).
>
> I don't consider the effort for the protocol changes in the former nearly as complicated as the latter. As for the cert issuing logic changes proposed in draft-becker-guthrie-cert-binding-for-multi-auth, I consider them full of landmines not nearly similar to the ones we deal with today. CAB/F participants could chime in here.
>
>
>
>
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Friday, September 23, 2022 2:23 PM
> To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>
> Cc: LAMPS <spasm@ietf.org>
> Subject: RE: [EXTERNAL][lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
>
>
>
> Panos:
>
>> Additionally, it has great implications to existing protocols using X.509 for authentication. They would require major changes to introduce double signatures, send over two chains, confirm the signatures are from bound public keys etc.
>>
>> I understand that the authors' goal was to prevent two PKI migrations, one to PQ-hybrid and one to pure PQ but in my opinion the complexity is not worth it. Folks that are worried about authentication and want PQ support now could use composite in the near-term. Folks that either trust Dilithium, Falcon, or SPHINCS+ already or can wait a few years until they trust them, can just go to pure PQ signatures. These seem better options than going for a brand new complicated paradigm with bound certificates.
>
> If we believe that PQC and traditional algorithms will be used in combination, then we either need to put multiple public keys in a certificate that have multiple signatures on them, or we need to have a PQC certification path and a traditional certification path.  In both cases, the security protocol needs to be changes to make use of the tradition and PQC public keys.
>
> The LAMPS charter lets us develop RFCs for both approaches.  The assumption is that both approaches will be deployed in different parts of the Internet.
>
> When X.509 was developed, it assumed that a Directory would provide the repository for certificates issued to the same subject.  That Directory has not come to pass.  So, this draft is offering a way for the CA to tell where to find other certificates for the same subject.  This is not a new idea.  Please take a look at RFC 5697.
>
> Russ
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm__%3B!!FJ-Y8qCqXTj2!ajf2_DTVwFXBJ3Ll8lAbSAMGbF40mkSopLwqhhvldT9KMVPRIz9B9gEpxfs9MP77SrKgM5L3_ZnIcBK7Qwp7kaPjloW2iXAW1LHVem8%24&amp;data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7Cf9e5074ba04846e46c1308da9e4a5b8b%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637996339856086280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=4KyrBEijUrljB5oZEfrc%2FZBlan66AifYmLJxxZPdKMM%3D&amp;reserved=0
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm__%3B!!FJ-Y8qCqXTj2!ajf2_DTVwFXBJ3Ll8lAbSAMGbF40mkSopLwqhhvldT9KMVPRIz9B9gEpxfs9MP77SrKgM5L3_ZnIcBK7Qwp7kaPjloW2iXAW1LHVem8%24&amp;data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7Cf9e5074ba04846e46c1308da9e4a5b8b%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637996339856086280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=4KyrBEijUrljB5oZEfrc%2FZBlan66AifYmLJxxZPdKMM%3D&amp;reserved=0
> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&amp;data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7Cf9e5074ba04846e46c1308da9e4a5b8b%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637996339856086280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=MsAOq08Gz2jyYKGLhNh0B8GfCZIY2sE1G0CoR6RPxuI%3D&amp;reserved=0

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&amp;data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7Cf9e5074ba04846e46c1308da9e4a5b8b%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637996339856086280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=MsAOq08Gz2jyYKGLhNh0B8GfCZIY2sE1G0CoR6RPxuI%3D&amp;reserved=0

v2.35.0 | Report a Bug | By Email | System Status