[T2TRG] Review of draft-richardson-t2trg-idevid-considerations-06
Sini Ruohomaa <sini.ruohomaa@ericsson.com> Fri, 11 March 2022 13:15 UTC
Return-Path: <sini.ruohomaa@ericsson.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E706A3A1364 for <t2trg@ietfa.amsl.com>; Fri, 11 Mar 2022 05:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQOrNXlaKABB for <t2trg@ietfa.amsl.com>; Fri, 11 Mar 2022 05:15:00 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on060c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::60c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01BF23A00E3 for <t2trg@irtf.org>; Fri, 11 Mar 2022 05:14:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ogR3/G/xVHz4BUlX9CxLo0uj/kQ9TeESxxUgcB+jtyz1S7NA/aldytv73ggeEl242po5/I2n3zCa2+CYkxUSkagukhAG7XQuXVPvW8oGIhzX1VdKiz/dg1SUbCdO/EKtDJis4WtaItTORcJAOJMnBastoQmXPeIhLl/vOGJ/SbdCkW3qNIrtVu6fVKUAOW/YeqCnTpq+aM9bS7RxnCDAhpzHh9IbzWMEs+ceHUUFYDC9RrjucBKFi+YOyHMAq0m8c7OdjlOr2n7jqRM1co1fEzQisvgnrmdhkcIwXKdGCFWe5mLdU6HY+P4fGOXev2stwglj9W3TO3A/0yWJSl/Jiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xcStGaSGGWRtOx7Hk4kpiX5n5GHHwpoC+0SnGa+Il7Q=; b=A9udMxzwL02Jrf6gt4r6GsTXgeoukKsH0ZszXhzWyFZfUK33eX80jyjcVE3Mps5ESglMBM08nPrKO3NdGaov2xkeFtGH8Pd9LXtLzzALVx0CWA1JEoI0fBN6VIijByMDPjyVo0G5fWSnNqTzYXRSGwhLL3xuu+t3+vLs/VhOwHGrwOB0Vj89vHP36nZk4r7tH4xNugH4NXtInkkduPjyjf7SqjAEeaOXzuJ6weUg8KZQOnp06kmQqGjo1YJdKtaXT8Fzfh20FjekVwKaWhnk33E4gaAeaCgF6r2Lb3vhBYg+fTdAUxBNl2SDfXkOsZlgS7lbifNjB1GjVQot7nI2Yw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xcStGaSGGWRtOx7Hk4kpiX5n5GHHwpoC+0SnGa+Il7Q=; b=Q+5I9ZxvlhCWSq/DfXpy2wDwmMZyvNwuHWAiC1oTAThYio5yqkFDyzoQjnNdn/cniEUe16bBPsT2SlBr5VyaIUNpjnqGJYbtp28bgiEdctwnEtUpxa/guL7PP6KUFOsY/rR3JHs4Me2bsizUEYKLSFaVa9ezn2mrk1Nlt+mzEc0=
Received: from PAXPR07MB8422.eurprd07.prod.outlook.com (2603:10a6:102:2bb::12) by AM0PR07MB5683.eurprd07.prod.outlook.com (2603:10a6:208:112::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.17; Fri, 11 Mar 2022 13:14:53 +0000
Received: from PAXPR07MB8422.eurprd07.prod.outlook.com ([fe80::ff:bcca:d219:5d8e]) by PAXPR07MB8422.eurprd07.prod.outlook.com ([fe80::ff:bcca:d219:5d8e%5]) with mapi id 15.20.5061.018; Fri, 11 Mar 2022 13:14:53 +0000
From: Sini Ruohomaa <sini.ruohomaa@ericsson.com>
To: "t2trg@irtf.org" <t2trg@irtf.org>
CC: Ari Keränen <ari.keranen@ericsson.com>
Thread-Topic: Review of draft-richardson-t2trg-idevid-considerations-06
Thread-Index: AQHYNUn+VvJoA5hLAEyrwFCgh1racA==
Date: Fri, 11 Mar 2022 13:14:53 +0000
Message-ID: <71146ddbff144233d2c8195c05217d8148ebbddf.camel@ericsson.com>
References: <31737e385297ea573627a76d2faf07735d943d04.camel@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 07ee0ad8-a09e-4cd8-f223-08da03612153
x-ms-traffictypediagnostic: AM0PR07MB5683:EE_
x-microsoft-antispam-prvs: <AM0PR07MB56837743AAB22BD5D6AA73ED980C9@AM0PR07MB5683.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dYBEiLtfi1aeVoJhfP7PqkUw1YC34CYTdrVa3lJ0jXM9cTCpKrn0koZ6m8Jv8PI0MDtaxoax/hk7Ym7jbtO8AXdFmSpxZX6p8g3GTJavRY2UANwSLRv1Axs/sOacPDPs/5fEWl2RV7W9oatp/vTIWK/Rgy0kaaPki3o+g5Lq2ATQQ+ewie7zdlaqSmRB+1Z+l5uM0w68LdS8avDDIsdWDjAxE4+D3DCz2DduwmxRa902EzvonBxc5zj+CP/hbZzxPjmgdmgYzzTNM+N2m85OvjjwuyPyRIkeeEF+WdftQnfTGGKwvLpbJL/VYApVMfRO2umXmgndlIhly516U6Cjj/LE15lsRZ5FSiPu67I6U9eKnhwF7obU4F42whHa804UscoPIJPdpPYfsLYBIRZRsXz2MCXu+hq8lU+dnMIaxQY2EI7F7z8Yk2f4iYz+Bo4DzYqR8mkYV+3MCQg+fwiMiNKNQSwZYV0O7LmV+BRzh81Buw05Zay3fdx/LOvhgeDuqX/RMjm2j8Tu+bIGSJakVhkt46b6LDMWZeK4W0PqNOhLVl6apxxpZ9yP5y0FDkfwzNuQGfiHiWC5C8LUXpNqZ9HbghXYo/0xxEmfhyZcrjetAGOEIW5BjOAZ7c0THnvn5MPimeza/GLubP56n2lZF2i0sWRBzBeCJaSGnG3K0QzSBYIIlLueaA5Ser/k91mFbnewnV/V9SzZ2jwOGYGQ5+koj4Ra4sjXUR8LtrFWIkTktERi984lGOuBGsVmERkYNLHLNb1bCHqmzmQrm2c+4K1PacV613nQG5JRk9YqDknBIN8uDZNiHekm7wzRqEzB
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR07MB8422.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66574015)(82960400001)(6916009)(2616005)(83380400001)(71200400001)(2906002)(508600001)(44832011)(186003)(38100700002)(966005)(86362001)(122000001)(6506007)(6512007)(66476007)(38070700005)(107886003)(36756003)(6486002)(66556008)(64756008)(66446008)(8676002)(4326008)(66946007)(5660300002)(76116006)(91956017)(8936002)(30864003)(316002)(26005)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VEdFe3L4jQGXTDW8PX8yPPIdfSL10U87IX6isxLxMMMcwABewl3qYEAzVt5cGudTLMXrCFcCfTJZPy9fkPWkQxUi8kDxn6DGMg/vNRax47VoAxuX72oPUcHV7qO0b/C1syknDUMEk9999pmdBMHR9wI35W9b+t6itM9hNnS5SCVfxyz0zZsCWtlGxIln0Tm2WCk04Q6bwwgue7avLf94ub4zZ0z0X4BYpvEezb9p7UpGJ3GR8EGzcwUE2cEAF390IV0EZhjLFAQKgIaFcem4NoZPyna/E7p3HHSzBSp/3ZsRChSlJt3Xv2z/MhZn0QTuI3PeHwgiKMej7++inLBTriPxpj9fWLpBkPTa+/d3w3YNcs0TYSqGDCr3TA0FAf5D1epUk1sAOiag/YmDLTaz9JUcxaEDfhJ9Eg4vPQf7K1d13sy6dQhM19YrUWGbQT8pUJIOmvEdHBS8E/NGqGSp94seQQ5ZUhiDCgdCO7WKUMQAKobQlaBWcoUpVVXb5ISoa1kuz5XKfSbjFtslRU5XFl4JEgUBpZcFl5K3jA/C5mnvyWhCmjgaq1JZ65vTEsb2SLrw4Q73WqYByDc5xCLE0OqEd+NFZu1x9BNI/ksrFODMaGbWBIwk4Uyftkc6tpvv0xW50ZQopuE/loAmg10cYOAX/ygM46V3IMFV1KvWeqrDhQrhNKtTqgGgAxwFy0CX5cb9ryyuqOJ/Xu+ieSNE2FwLnFjvYd4Qx+aNvv4/0i5tbGoejur0doGvi1KjivHNzZ9aII6018T7y5g6XvOxH53CV7MZvCCwfNaa5Xb2SlvO1Tzc988rXcChLhmA787Dw/gWCiHZlfNaMMLE53qCksACMybNJebKZD5bS9tSRUrcYGmaRAJHIT19AhOfa921ZrpC3v8fW1aLNCOQUwVQzlvT4fFgnLvmowOT/gjJ9Hbbc30uPl2n2LgX82kegvCzXsE9E+Eh6V1jQmI6zS9WbRgKKFWS4SLJ94zcgJDhurV+jXlfbTQNcgvJ5dIgjZ4TaurCoyPmcV/dkVMDTJwrZX8Vo/nRqJcie+mg6/dVvVzO36RSHZFGMMyLs4IZuX/4e572YVNR3R647JYsnfw3Ku0CvXIa9lcvbxL/Nvw1Mwt4fMqjPtZYrD8FzT2igkCh24oZMXqRf5ykrAIlFgOOHoIRbWQxsHre++W2C/o9GB5KiHYoZlvSzxUVIsRnCG59pm+O2Ddmuaf7NEmEllmcyYYL81hF5MS6O7Wlyl3u9vAh99e5IHWc+Os4NZSC7Gpx6eAf5CTXxeps4802vfZWX1s++xl29QKioG9baSFxlSXuU71DOWBiPu6mO0dnI8mIe68KHonIIhIH+3ASMVB6xbVXBaVI0VcB7mBZnJjU2TagbQg+oqkoh7RgsypVc1LxneN2B1/zu8q7Q257TJaFZHUJRngMxEXMM+wiYIOsTVgg6PwDUeF1iSdFF6+NcM+QBegmICHDjhYi2J3Mr2l17g==
Content-Type: text/plain; charset="utf-8"
Content-ID: <23540C56380E46408FA6728039893B2B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAXPR07MB8422.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07ee0ad8-a09e-4cd8-f223-08da03612153
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2022 13:14:53.0801 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qgvIjOHOvCyIb8LDaxRGOgriWN7psB7bImn2pcEcmSSABJa2APxkBkacHelO2H9ieSYyF+RXPKRVStEXP6CV/SFuZPNQNrCS9/DIfak8W18=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5683
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/qF-hEqONwDXVTzabRdVWzomjxck>
Subject: [T2TRG] Review of draft-richardson-t2trg-idevid-considerations-06
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 13:20:35 -0000
Hello, T2TRG! I got an internal ping that you have a document in need of review: A Taxonomy of operational security considerations for manufacturer installed keys and Trust Anchors" : https://www.ietf.org/archive/id/draft-richardson-t2trg-idevid-considerations-06.html [accessed 9 Mar 2022] This is an interesting document, and I appreciate the background information included. I have no major structural comments but a bunch of 'formulation' comments and some proposals here and there. :) A "easy-to-use" modeling of the considerations list is the hardest part to make general here, as simplifications tend to come bite us in the backside afterwards, but in my opinion it is not actually even the biggest contribution of this paper and "perfecting" it should not be considered a pre-requirement for publication. I would like to pass my warm greetings to the authors for the effort of trying to make this more communicable. I would like to reference this document when it is ready. It is written in a very approachable way so I see value in it also as an educational document, not just an evaluation framework. Apologies in advance that I'm not from the mailing list and just a drive-by reviewer with the attention span of a squirrel; I've asked Ari to keep an eye and let me know in case any clarifications are needed (thanks again). 1. Introduction "An increasing number of protocols derive a significant part of their security by using trust anchors [RFC4949] that are installed by manufacturers. Disclosure of the list of trust anchors does not usually cause a problem, but changing them in any way does. This includes adding, replacing or deleting anchors. [RFC6024] deals with how trust anchor stores are managed, while this document deals with how the associated PKI which is anchor is managed." The last sentence is a bit hard to parse. "Device identity keys are used when performing enrollment requests (in [RFC8995], and in some uses of [I-D.ietf-emu-eap-noob]. The device identity certificate is also used to sign Evidence by an Attesting Environment (see [I-D.ietf-rats-architecture])." One closing parenthese ")" is missing. 3.6 "what else" question The identities trust anchor for validating identities of non-web-PKI devices in case they need to ever talk to each other, or the identity trust anchor of a vendor specific service that the device must connect to in order to do e.g. enrolment of other identities, setting up attestation or zero-touch bootstrapping come to mind (this allows the device too to know who it is talking to, in addition to having the device authenticate towards such an enrolment service). I would cover these with a 'other identity validation trust anchors' in addition to the public web PKI trust anchors, as the category is probably too wide to cover satisfactorily an individual subcategory at a time. 4.1: minor "[ieee802-1AR] defines a category of certificates that are installed by the manufacturer, which contain at the least, a device unique serial number." Had trouble parsing the sentence, is the comma right? "This may be a software setting, or could be as dramatic as blowing a fuse." I really appreciate the author's hearty writing style here. :D 4.1.2.2 "Generating the key off-device has the advantage that the randomness of the private key can be better analyzed. " A second benefit that I expect has been more commercially interesting is that (assuming serial numbers or other relevant identities can be pre-reserved) the certificates can be pre-issued, which eliminates both CA latency and CA dependency from the manufacturing process itself. I still would not recommend off-device generation though. Due to the leak potential and wider exposure to insider attack it has a creepy ring to it that may undermine the trust placed in the PKI. Even if we 'never store' the key (as is suggested later in this section) we will leave computational traces of the key around. 4.1.2.3 Agree with the conclusion that this method shares the downsides of both above. 5. PKIs "A PKI which discloses one or more private certification authority keys is no longer secure." Technically, subCAs exist for the sake that they CAN be revoked by a higher level CA, to recover from compromise of an issuing level CA which is typically more exposed than the higher levels. However, everything issued from that subCA is indeed due for hardware recall so the event is major. But the most major event is leaking the root CA, as there is no way to recover from that within the same root chain. To get really into detail though, a well managed CA is able to keep track of public keys it has intentionally signed into certificate, and depending on the use case even a compromised subCA key could theoretically be worked around in the field through administrative means that basically let go of the cryptographic protection of the PKI chain in favour of administrative tracking. I think that part would be hackish and beyond the scope of this text, however. Just can't help myself going through the what-ifs; these PKIs have to be seriously robust. Just imagine a full hardware recall of a car manufacturer for a "oops need a quick bootstrapping identity PKI fix". Or of anything resembling a home wifi access point box that end users don't even touch if it's still working. 5.1 "It is quite common to have a three-level PKI, where the root of the CA is stored in a Hardware Security Module, while the level one subordinate CA is available in an online form." This formulation implies that subCAs would not be in hardware security modules or that they cannot offer CAs available in online form. I think we should definitely underline the importance of keeping subCAs in HSMs as well. I would separate the two dimensions explicitly and say "where the root of the CA is stored in a Hardware Security Module in a way that it cannot be continuously accessed ('offline'), while the subordinate CA can sign certificates at any time ('online')." Or potentially even another formulation that mentions completely separately that "CA keys are stored in Hardware Security Modules so that the root ... and the subordinate ...". The section below talks about this in more length so this could also be migrated there. 6.1 "first-stage initialization" focusing on the raw number of people 'involved' feels maybe a bit arbitrary. - it is also important what level of access these people have to the device in practice, or are they performing primarily a monitoring task - considering a factory shopfloor, it may be misleading to think that only 3 people are involved because 3 people actually are *supposed* to be touching the board, if in fact 300 other people have access to the actual space and could pop by to intervene with the process if it's not happening in a separate locked room. (Note that the janitors could also be bribed and planted/instructed even though no one would count them as 'involved' by default.) I might redefine this as 'exposure' of the device while in the process, where fully automatic closed area might be 'low' and a large shopfloor where 20+ people have physical access to actually go physically touch the device or the equipment processing it as 'high', for example. first-second-stage-gap: This factor is not formulated as a question. (Some later factors are not capitalized and punctuated consistently.) 6.2 "identity-pki-level: how deep are the IDevID certificates that are issued?" Would just clarify formulation a bit: how many levels of CAs exist above the certificates issued. (The 'depth' concept seems ambiguous and may cause confusion.) identity-anchor-storage: 'Recover' the private key is a bit ambiguous - different quorums may be needed for a) making it available to sign a new CA vs. b) making it possible to actually copy the root key around to new devices/places. I would maybe use the term 'to access' here to avoid that debate altogether, since signature access is enough to compromise. Potentially some indicators to add could include how wide the issuing CA access is stretched, if that can be captured in a simple question. The easiest way to deploy a subCA is to give everyone a copy of the private key, and then you can't place a whole lot of trust on the CA itself. Handing off subCAs vs. having a centralized entity controlling all issuing CAs does make a difference in possibility for administrative oversight. 6.3 pki-level: similar consideration here, 'deep' is a bit ambiguous. Not sure what the EE level to evaluate actually implies of the integrity of the trust anchors, it seems more a category for e.g. integrity and privacy of 'software signing PKI' or whatever we want to call this one- to-many devices relationship vs. the many devices to 'one' integration target in identities. pki-algorithms: potentially include also the timespan they are considered valid or in active use, cf. keylength.org - it makes a big difference if you trust the lowest rung of security for the next several decades or just a year or two. - potentially also could differentiate here between algorithms actually used in the PKI vs. algorithms the device in general is capable of, because if they are not used in the PKI (and that is more painful to enumerate) then their appearance is mostly irrelevant or a sign of compromise. The current formulation implies the device is able to handle these algorithms but if they are not used in the PKI now or tomorrow they are irrelevant. (Generally algorithm filtering in semi-closed systems is best achieved by just not signing certificates that are worse, not so much at validation point as an extra check (X.509 standards do not support this sort of filtering directly even), but in case of web PKI the PKI may be only "semi-trusted" to follow sensible rules and maybe a browser could blacklist some algorithms in addition to forbidding some protocols they could be used in, which is more common and often allows user configuration to turn blacklists off - which may not be as feasible in these cases.) pki-level-locked: This formulation is unclear. I think what it means is whether X.509 path level constraints are applied in the root and/or below. It is most relevant for the online subCAs if they are "handed around" as opposed to being centrally controlled, i.e. can the subCA quietly sign another subCA. If the PKI ownership is a closed system the path length constraints add less value in exchange for putting additional contraints on an already stiff tool. pki-breadth: maybe hard to answer and potentially largely irrelevant as I can't see outside public web CAs anyone coming to wag a finger if a vendor suddenly becomes super popular and issues certificates for an exponentially larger number of end entities with a wider series of CAs than initially deployed. All they really need to do is add storage space. The load on an individual issuing CA is more interesting from a few different points of view, than the capacity of the full and very expandable PKI tree. Though of course there might be some actual limitations in some management software implementations too. "pki-lock-policy: can any EE certificate be used with this trust anchor to sign? Or, is there some kind of policy OID or Subject restriction? Are specific subordinate CAs needed that lead to the EE?" It is unclear here what the first sentence means, 'to sign what' basically. OID references are good. I would replace 'needed' with 'required' or 'demanded' as they are often constraints of systems rather than actual needs. Same recovery vs. usage note as above. Thank you for your work. I hope to see this draft go live. :) Best regards, --Sini
- [T2TRG] Review of draft-richardson-t2trg-idevid-c… Sini Ruohomaa
- [T2TRG] Reviews of draft-richardson-t2trg-idevid-… Michael Richardson
- [T2TRG] k-of-n splitting in draft-richardson-t2tr… Michael Richardson
- [T2TRG] draft-richardson-t2trg-idevid-considerati… Michael Richardson