Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
Alec Fenichel <alec.fenichel@transnexus.com> Mon, 06 March 2023 18:49 UTC
Return-Path: <alec.fenichel@transnexus.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC1FC151B08; Mon, 6 Mar 2023 10:49:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=transnexus.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtwaglSzuFEv; Mon, 6 Mar 2023 10:49:13 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on20622.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::622]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A2D1C14CE22; Mon, 6 Mar 2023 10:48:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GgHbc13DOyrcYZ1bhx79mlTJxTxnXe1QPgnRgjCIr6ifBJlGTknvsnCFXCKJV0Ymnr3ih5iUlz/FxVyYv1deV7AGOErdQBX638VUvm0Q8k5f5ZFfj0DcUqGewIe5kEh/BGFdP/d0qchyXvkwdSpLZ5NqN2scqVfooTyMrzUz/OHYiJuqOa80KaL5pJVRGwj8dVRVW3SJ2KTcGl7vTozak5WCRVGa4G6WvLS0TTtoax+zIJIyAvs5k7NIipr8fEJ59tTkuOE0vRQLr9RTr0d647sfl1WRumrE7ZhgujH/BcYDcpFDfA30Zwc2AjSGNdc0zkH5d+vWF87/5hABivQZKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QlRZHzOkN1+ND0BjcDfdoEdsMCuidx3nDMTq/UmkPNE=; b=czWpMX4Ws/qZbk/JQhL73ts7T6OI2QHn3URnFS0leGlg0WR6JFhlU0Z3USwbAZ0gyA5rd8dvS7w5R8pX7uhuqAqvkzr79iioDFvkU9NA3Bixzx+bsfa5nfTxxvQGmHcSX9g0zY1P9XbXvUrgCf9Y8nW1ApRqNmJzQb4ka4shomoYmd8pjiSGaYN1aF550Etoqx8H5Sna7dbOxGWf4D6eR13MmeVWqdl6mBr0QSpUe/dB/0SM3TTTHsk0et9N63y2lzbkyrsgPjdnEmLE+dwxz/++7gHg9KolbHVbt/TZl6zZt03wSPvc2CHPdcgYJ1eQPoPRCZzRzHfJl9mwy3Cgog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transnexus.com; dmarc=pass action=none header.from=transnexus.com; dkim=pass header.d=transnexus.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transnexus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QlRZHzOkN1+ND0BjcDfdoEdsMCuidx3nDMTq/UmkPNE=; b=fj4atAlkiN8iaEofyI2LpdAPXl1TcBXYKPu9BBcBd9W/QI2XmYfEpXwj9PMsKsCJekWZvX3gMRTK7qeIh7ONjzjkA6bczHXV50d2fbyKQ+h90etqxBmbv29BbXSnbPeK99abiUMyc8an8ALKzQpvLzZfBJlVftFdCgOLVmWlHZg=
Received: from DM8PR11MB5669.namprd11.prod.outlook.com (2603:10b6:8:36::10) by BL1PR11MB5349.namprd11.prod.outlook.com (2603:10b6:208:308::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Mon, 6 Mar 2023 18:48:27 +0000
Received: from DM8PR11MB5669.namprd11.prod.outlook.com ([fe80::4554:537c:2e85:eab3]) by DM8PR11MB5669.namprd11.prod.outlook.com ([fe80::4554:537c:2e85:eab3%9]) with mapi id 15.20.6156.028; Mon, 6 Mar 2023 18:48:27 +0000
From: Alec Fenichel <alec.fenichel@transnexus.com>
To: "pierce@numeracle.com" <pierce@numeracle.com>, 'Chris Wendt' <chris-ietf@chriswendt.net>, 'Ben Campbell' <ben@nostrum.com>
CC: 'Roman Danyliw' <rdd@cert.org>, 'The IESG' <iesg@ietf.org>, "draft-ietf-stir-passport-rcd@ietf.org" <draft-ietf-stir-passport-rcd@ietf.org>, 'STIR Chairs' <stir-chairs@ietf.org>, 'IETF STIR Mail List' <stir@ietf.org>, 'Russ Housley' <housley@vigilsec.com>
Thread-Topic: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
Thread-Index: AQHZBGMWdlre9+dTAkO/bo72VCkq3K7mxzWAgAHVNwCABEIAAIABuqiAgAAQ/VE=
Date: Mon, 06 Mar 2023 18:48:27 +0000
Message-ID: <DM8PR11MB566935BAEC3E57AF312EBD7799B69@DM8PR11MB5669.namprd11.prod.outlook.com>
References: <166977514888.24379.6431023985333578193@ietfa.amsl.com> <B1A2B8C8-C478-4D67-86D1-5326E0206316@chriswendt.net> <9C71358E-DB39-40FC-BA18-734175B6BEA3@nostrum.com> <A78C373B-82DF-4504-ACC3-240F35291671@chriswendt.net> <089901d95050$eddd0130$c9970390$@numeracle.com>
In-Reply-To: <089901d95050$eddd0130$c9970390$@numeracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_Enabled=True; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_SiteId=8e2972a2-d21d-49ac-b005-18e8ceaadee3; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_SetDate=2023-03-06T18:28:17.2886785Z; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_ContentBits=0; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_Method=Standard
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=transnexus.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR11MB5669:EE_|BL1PR11MB5349:EE_
x-ms-office365-filtering-correlation-id: a118a7da-993f-43f9-9cfa-08db1e735f4e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KxepYj+ayyof0UjN7qylx5nKHyqDBagjmZ8/YkaR8f7V1XRC2fnDNGDItnSQiGvnramad+XOm+xDppHuwb6rN7vFrtZZjy6fk4SzKRlDoFAY2fqKJrbm8EFwwnt9iP99Xd8Ggycl/ThqZ54XaTeHUYwQKu5EF2hrDGiHMF5zeOm1NFskjhHCfDnNTFGgr5S93r/6cDy+br7Z9fZf4Wk+LSw7q3PDX9uKkIAeCk+T8+VtsGOd/EtTNw6+6Ce1jFqJZv81P3UC3qD4d+1FDbhe8XjfWJjp2ReoxWZtH9kY/fKDK5mhgVSZoLlzde0mV3uTXWCvoc15DOdbuBdPTA0yG/ta6Vy2eroB64zI8zlVBLTj0NjNzmU+n5loLILHUFN/iET5psTfJGZR2XpJdKuc+iIDXmJs5T0wvi5eHwEPOba35f/6plOjQO9oexis68qVUVXnK8mAgHtoHQcgShw9jp+ZiBQSHjnG3WAyzYb5RpHf2BzD/LbPLOi6yauujgS7hGK44f0ThtlYYfitjMFK71scSAZ/91/yhhDWHa8/6IPRGY/0IGl1/PR2kGGBSVDlaEIzgf68Trr4PDhvu8c6nJlqEyrbggJj2AyXTFI7Z3cZfCApnUJ+dshp0rTlhcQ5KNvIQYWVpCsw87JdeEJCl+c5Rzu9PRkxMwhgbmZHCFVmdN+dum2ICB2Ole3xiRds
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM8PR11MB5669.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(136003)(346002)(366004)(396003)(39840400004)(451199018)(33656002)(4326008)(76116006)(66476007)(41300700001)(66556008)(8936002)(66446008)(8676002)(64756008)(44832011)(2906002)(5660300002)(66946007)(99936003)(86362001)(38100700002)(122000001)(38070700005)(7696005)(71200400001)(966005)(55016003)(110136005)(478600001)(316002)(91956017)(54906003)(52536014)(83380400001)(6506007)(186003)(9686003)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: r2hO2NKctKM+HL7jHwIRmxdRBFf3fkE/6eC0fcfPpUdBa0dcZFkq7RpKaxxm1u4fqU8fX1ZOucXin+SaW9KrAULXIMpvK0KB8gw7IEtCr41TJUPs3UCBdldmlT5kBZXDdDI41ua/V6dO3S7k1lrigadW+4zs08ujZ5gC+QZCrZBr/kCsyq2IbB3mlCMpV/RIVLNWAaEZgGetY2Chmd1XeYW5OSJ63lhQ4Rvch1jRKEjGpJgwaPn8qnO3vt4MlhvyR3oa86jf0oGLEIXek4kcTX0mzEUSP7h4X0lT7tV4jAIhqvn/XB2HHp/0VeBne2MrTmLzDKyPxbySBWBg6HPqsCQbaCak9RzSec5inAeWOBGzZaft5rBfxJQjUFWkk2Frwwdn3Vea7Vb6DASoyKm0dad7hIyIOXcYA2C/D/3JM5v2FoYpGDWLS4zcMEC2KPNtVlRRjnCEi+qp1Vp3XA8mxcmYeCSiauuk81Oyn//yDl/QLQ6Ur4A5nkBsyxaCmzBHwY9SO4A3YbOATwny1XFEZ8SNfZIaXUpd2gYTDYWwmCWcnEG5RpfV0mU/0v4DNIScinDIv9wrNSy8VPKuj97OOxzlkfAUN5K8MNfceru0Qw+YfFu+v6gidQ3gZagJXce1cXotYEr/yDGnqbxBEDZaQ5aFQObWo6hhZj9kLVChMDLhSDrFxECw5rfKavcWWXR0RYGfEwmVtwVdx5LDsnORdB1x1G6JwcdDCfuH36O7NiMGok6nJJQCkLxjvcvLERa1SIUq8eD9XuXL8KsUC30EfbHM5iQAUV8i4boYlYl07h39qV7JG9cfd6Bb9o8A2zGtHoe7XSFBvQIw0wm7XHghPZEddRLXRq52GHWyWREFwqxPh4OH58SxJsqnkHgzyoJxgGZXGfSUmYkCQX13Fizu4JAlkye/LdgeLgYAwu2ydR+tzcTfGtu3Rxd527VJKNCZC/ryCn+dLh81J6BvTwqIKAW5eHFqJjxwu/3Wm3P9N2KUg8vymysiKdqCdhykvXQ5ZiYp00nwYISizkocoDAfwms3bgwWeoTvJYynZU1hPDvWoOPUTAeZUYxm2maIE4MFoSNnw2b7WlAmxnlcZjMaB79rmhZb6Tyhdl4/JNJPvKhNqHCdKk+EBt5YFtQwRgZhGarMLF6bYgjeqYm0vq67pIdwBsOUvHPMAj/QLHQAPJZzDr8sPu8U23bfZW7EfzdqW0fwmBQEdW6CF0AIlYHbxz5xoMsmUg+txAUf1UehbbGZtNl0h/IYzZUr7aOD0KI4QFObMqlcqCcHfnGH8h4cJYxJhZKIxIQRwHV/HuXwHJwRn3UgtCTUAA4UR8pxG/38nlzJhLyLKkOzqmpyUnKXVL8+CXgwGqH1OmKlzw5gtmlKk40Fevac7w8t/MoUB8o48EnXE0tzfv4q+rwPVJ+rB49RSR3WOsXLFBQdJ58BIo0maDZYcJe53x3meggblUsao/WZiv3/iKbcOQSceC/wat3ZKdZtFKIPmH3YRCcdwwIhAlIX+Z44OQhdIU4m20R+8qCuxjRumDsP4KuWEcTBYaUEyvXFL/JoZxN6bX+isE+sJ52zUwbg80f/8TMVdGyCnExZa6nQavQRp7c7AwsXqbyMBT20S0Hs2AsjmyVa+x8JUUKYubHemO/Ih4mFdepI
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_1B8711BC-DFE8-5A41-97E8-68C4022F756B_"
MIME-Version: 1.0
X-OriginatorOrg: transnexus.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR11MB5669.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a118a7da-993f-43f9-9cfa-08db1e735f4e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2023 18:48:27.1492 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8e2972a2-d21d-49ac-b005-18e8ceaadee3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FHubP2vMA76dKntSeUxwmC+4Yy11gVgcT8iKNpp+qJlnmeTPj2rj93F9Hb0O7VjPdFqU7sFt6Fk0XlJCmJnCXhF7HRKzDW1ngHftBn3d5uI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5349
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/f-v2XC8iDcDZSb3jdaL1_7rt7Js>
Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2023 18:49:17 -0000
Making an HTTP request to a URL provided by an untrusted party is SSRF. The question is, can it actually be exploited. The attacker won’t be able to read the contents of the response, so this can’t simply be used for bypassing access controls. GET requests SHOULD NOT cause a server to perform any action, but in practice sometimes they do. There is also a concern about denial of service attacks against internal systems even if they don’t perform server action from GET requests. To reduce the likelihood of SSRF attacks, we added the following to ATIS-1000074.v003 (new lines added for clarity and references numbers change to title). This is for x5u URLs, but the concept is the same here: The STI-VS shall not dereference URLs that use a scheme other than “https” or a port other than 443 or 8443. The STI-VS shall not dereference URLs that contain a userinfo subcomponent, query component, or fragment identifier component as described in RFC 3986, Uniform Resource Identifier (URI): Generic Syntax. The STI-VS shall not dereference URLs if the host resolves to a special-purpose IP address described in RFC 6890, Special-Purpose IP Address Registries. The STI-VS shall not dereference URLs that appear to be part of a Server-Side Request Forgery (SSRF) attack. The STI-VS may make an HTTP HEAD request to check the Content-Type or other headers before making an HTTP GET request to dereference the URL. Port 8443 was allowed because a major carrier was using it before this text was written. We wouldn’t have allowed 8443 if not for this. There is a plan to add the following (or similar) in the future: The STI-VS shall not dereference URLs if the path does not end in “.pem”. For caching, we said: The STI-VS shall implement the cache behavior described in RFC 7234, Hypertext Transfer Protocol (HTTP/1.1): Caching. If the HTTP response does not include any recognized caching directives or indicates caching for less than 24 hours, then the STI-VS should cache the HTTP response for 24 hours. Because all of the above is in ATIS-1000074.v003, only the client side (STI-VS) behavior is described. The server side (STI-CR) is described in ATIS-1000080.v005 (new lines added for clarity): The STI-CR shall only accept HTTPS requests. The STI-CR shall listen for requests on port 443 or 8443. The STICR shall not use URLs that contain a userinfo subcomponent, query component, or fragment identifier component as described in RFC 3986, Uniform Resource Identifier (URI): Generic Syntax. The STI-CR shall use URLs with a path that ends with “.pem”. The STI-CR shall implement the cache control behavior described in RFC 7234, Hypertext Transfer Protocol (HTTP/1.1): Caching. The STI-CR HTTP response shall include the “Cache-Control” header with a “public” cache directive, “immutable” cache directive (as described in RFC 8246, HTTP Immutable Responses), and “max-age” cache directive. The “max-age” cache directive shall contain a value of at least 86,400 seconds (24 hours). Additional non-conflicting cache directives may be included. Sincerely, Alec Fenichel Chief Technology Officer TransNexus <https://transnexus.com/> alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> +1 (404) 369-2407 <tel:+14043692407> From: stir <stir-bounces@ietf.org> on behalf of pierce@numeracle.com <pierce@numeracle.com> Date: Monday, March 6, 2023 at 12:27 To: 'Chris Wendt' <chris-ietf@chriswendt.net>, 'Ben Campbell' <ben@nostrum.com> Cc: 'Roman Danyliw' <rdd@cert.org>, 'The IESG' <iesg@ietf.org>, draft-ietf-stir-passport-rcd@ietf.org <draft-ietf-stir-passport-rcd@ietf.org>, 'STIR Chairs' <stir-chairs@ietf.org>, 'IETF STIR Mail List' <stir@ietf.org>, 'Russ Housley' <housley@vigilsec.com> Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT) I don’t know how much CID is in use, so I think you have to require HTTPS at least. I don’t have an opinion on whether you should specify “MUST be HTTPS or CID”. I remember that Alec Fenichel added some requirements to the ATIS-1000074 spec with regard to caching, port numbers for HTTPS and defense against SSRF. I don’t know if those would have been good to have also included the IETF RFC 8224 spec, but just want to mention that if there are similar performance and/or security considerations for CID, and you decide to include CID in this spec, you might want to see if there are any similar recommendations for CID as were available for HTTPS. Pierce From: stir <stir-bounces@ietf.org> On Behalf Of Chris Wendt Sent: Sunday, March 5, 2023 9:03 AM To: Ben Campbell <ben@nostrum.com> Cc: Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org>; draft-ietf-stir-passport-rcd@ietf.org; STIR Chairs <stir-chairs@ietf.org>; IETF STIR Mail List <stir@ietf.org>; Russ Housley <housley@vigilsec.com> Subject: Re: [stir] Roman Danyliw's Discuss on draft-ietf-stir-passport-rcd-23: (with DISCUSS and COMMENT) Hi Ben, Yes, thanks for catching that, perhaps HTTPS or CID is best path. Curious for other opinions. -Chris On Mar 2, 2023, at 5:01 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote: (No hats) I have a context related comment on one item: Thanks! Ben. On Mar 1, 2023, at 12:02 PM, Chris Wendt <chris-ietf@chriswendt.net <mailto:chris-ietf@chriswendt.net>> wrote: […] ** 5.*. Inconsistent requirements for URIs -- icn: appears to be any URI per Section 5.1.3. This would make gopher:// <gopher://>, ftp:// <ftp://>, https:// all equally valid. These have different security characteristics. -- jcd: per Section 5.1.4 “is intended to directly match the Call-Info header field value defined in [I-D.ietf-sipcore-callinfo-rcd].” Section 4 of that document says it “MUST define the use HTTPS or a transport that can validate the integrity of the source of the resource as well as the transport channel through which the resource is retrieved”. -- jcl: is an HTTPS URL (per Section 5.1.5) Why are these different? Support different levels of transport security? You are correct, i fixed “icn” to specifically be an HTTPS URL vs generic URI. jcd is not a URI, it’s a directly included JSON jcard object in the “rcd" claim. IIRC, a previous version did specify HTTPS URLs for “icn”, but we discussed the possibility that an icon could be imbedded in a body part of the SIP request and be referenced with a “cid” URL. I suppose that if that is true for “icn”, it is probably also true for “jcl”. That being said, I am not aware of anyone actually doing that (yet) will not object if we think it is better to limit it to HTTPS. (Or as a compromise, say it MUST be either HTTPS or CID?) […]
- [stir] Roman Danyliw's Discuss on draft-ietf-stir… Roman Danyliw via Datatracker
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Chris Wendt
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… pierce
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Alec Fenichel
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… Ben Campbell
- Re: [stir] Roman Danyliw's Discuss on draft-ietf-… DOLLY, MARTIN C