Re: [GNAP] Consensus Call on Continuation Request
Fabien Imbault <fabien.imbault@gmail.com> Sat, 12 December 2020 11:06 UTC
Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C64093A102E for <txauth@ietfa.amsl.com>; Sat, 12 Dec 2020 03:06:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzWIXKclJYUn for <txauth@ietfa.amsl.com>; Sat, 12 Dec 2020 03:06:29 -0800 (PST)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B9993A102D for <txauth@ietf.org>; Sat, 12 Dec 2020 03:06:29 -0800 (PST)
Received: by mail-io1-xd2d.google.com with SMTP id z136so12193920iof.3 for <txauth@ietf.org>; Sat, 12 Dec 2020 03:06:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EFOwEx9MRAWLhjM9Z1AENvVNNLt6BhgsOKMYsx1Lpj8=; b=MxobhhdOVh9v293uf0T/VAptoMKJa9irFe49dHxKN5NwemqrjHzlHqU+AIrysF8LGD ZI8rvxItnJgBV4UCg4YeOMfy25qqcbHXQstueyg2ms0xdUL5u3LrlrhF7ekym5P0+O9+ PelV5I7QK7UMu+euP26FAxAN70SHJcSZeY4WfVshuWxdrYFsOGKt+0jsxdSAstxRHVbm yeb17+WhQDMHTvrFEAR4tgEoHR7ZyJiIrZ2owCuT7kMnMPZVw1WxyJJGn56tTBkJc+4E 5pCraZ6WBSn8i1IERjIvS3GYgS7WDxuBZHEaMo7SE0uc1IwCAwqT3DvFTRQeRymkIjg5 SANw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EFOwEx9MRAWLhjM9Z1AENvVNNLt6BhgsOKMYsx1Lpj8=; b=t3Zsw3IaQ4BKeLJlCdYiSye8QqP2VtEBOXBhd2ITyVIHvGntc/8kON7thU2EFK9Xvm +l0YUfKaMdkhsWfNl5VDUMJUWPHtkMt8wFklRkZZOKRHZ5eiko15w/tyfVgqZDUxXdWi 9TGHi64SYhHGyRbOI9rHGJ/y7i7lpo88Z+XBMH6Mqts0laQfg11Jg+uQE8/3qWnwSrqA O5AyQlPDPrwyycYYF2sEg3wAJS0WZkuL41CgXbHRzaNA/n4VGgUfX7ysj/d/mJclN5dh LiM5pdhPeXrVYNFv3SBA9AlZqXxdcETXA17nBxChcFKfnwdbuXmAfB1Q55DZyyU5AO0E GLsg==
X-Gm-Message-State: AOAM533dygTN9WUyvDkpucbXVvmMVdhyI3GT/RkjnPwvO/O9YjT40reV 4WGCre0cEWAhBpobmgZI3wuWjQBzh4YSB5oMYZ0=
X-Google-Smtp-Source: ABdhPJyOMazHw6rz63DpKwAXnz9fQOHquVtws/Sip641eQYmCErZBP0JBZ/o72pY7sCP+hAvisv+U3PROdRTq4hD74M=
X-Received: by 2002:a6b:dd13:: with SMTP id f19mr20731732ioc.74.1607771188318; Sat, 12 Dec 2020 03:06:28 -0800 (PST)
MIME-Version: 1.0
References: <CAM8feuSVX9dqfGXtmywBUz=wRkHRqaSOkvzmX0pvQuM6T=10nA@mail.gmail.com> <F6620639-2CE9-4A0A-A44C-6E973A5039BD@lodderstedt.net>
In-Reply-To: <F6620639-2CE9-4A0A-A44C-6E973A5039BD@lodderstedt.net>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Sat, 12 Dec 2020 12:06:15 +0100
Message-ID: <CAM8feuQg4wfUJ5c7=GDSqzPqbvmR3m+OkpqCDA=h4y8irbKojA@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Cc: Stephen Moore <srmoore@gmail.com>, txauth gnap <txauth@ietf.org>, Justin Richer <jricher@mit.edu>, Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000008f596e05b64266a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/3R_pz9rBRxSIyMrbgfDZqCGP6Kg>
Subject: Re: [GNAP] Consensus Call on Continuation Request
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 11:06:33 -0000
Hi, On the contrary your feedback is most welcome. It doesn't accept any token, it needs the particular token as described in 3.1 and which is not a bearer token (that's what the "key" : true parameter is supposed to convey). Let us know if you need more clarifications. Best Fabien Le sam. 12 déc. 2020 à 11:33, Torsten Lodderstedt <torsten@lodderstedt.net> a écrit : > Hi all, > > I didn’t follow GNAP closely so bear with me if me question seems naive. > > After having skimmed through the current draft and the PR, I‘m not sure > whether the continuation requests accepts any access token issued to the RC > or the particular access token returned in the „continue“ element in > section 3.1.. > > Can you please shed some light on this? > > kind regards, > Torsten. > > Am 12.12.2020 um 03:35 schrieb Fabien Imbault <fabien.imbault@gmail.com>: > > > You're completely right. Allowing the dev to be lazy is a very good thing > in general, because it's what we know will work :-) > > Le sam. 12 déc. 2020 à 03:15, Stephen Moore <srmoore@gmail.com> a écrit : > >> Hi Fabien, >> >> For #3) Even after I typed out the hypothetical attack, that was sort of >> in the back of my mind, it isn't a huge risk there. So I actually agree >> with Dick there. Something doesn't sit right with me for the unique URL >> solution, so I don't like it and came up with a hypothetical that seems >> like it could be a down side. >> >> I still think the access token model with the signed request is the way >> I'd like to go, because again, it's a mechanism I'd be implementing anyway >> to talk to any 'normal' resource. The fact is there is _something_ >> representing context that has to pass back and forth here, whether that is >> an access token (which I feel like is more flexible for extensions etc), a >> unique url, or even a cookie sent in the cookie header. So just to >> re-iterate, I'm a +1 on this pull request, speaking as a lazy developer ;) >> -steve >> >> On Fri, Dec 11, 2020 at 8:51 PM Fabien Imbault <fabien.imbault@gmail.com> >> wrote: >> >>> Again speaking in my own name here. >>> >>> Dick, we know you'd prefer to have a different design, but this PR >>> shouldn't be about that. >>> >>> Back on your 3 items : >>> >>> 1) yes we could make pre-register mandatory, but we already decided that >>> wouldn't be how that would work. We have a client instance that allows a >>> more generic and flexible pattern (which BTW also allows what you want) >>> >>> 2) instead of blame arguments of who's less restful/HATEOAS/whatever >>> that have the tenancy to flame conversations, I suggest we speak in less >>> abstract terms and ask ourselves what that means in practice for devs. >>> Stephen and several others (myself included) have expressed that it >>> wouldn't be harder to implement, it would even simplify things quite a lot. >>> If you disagree please send us a code sample to really show that point by >>> example, because that's really not obvious. >>> >>> 3) "If someone has the client credentials, they can impersonate the >>> client, and all bets are off." Are you seriously making this argument? >>> Because if you have a better proposal than using cryptographic keys, I'm >>> all hears. You make it look like there's a problem, while in reality we're >>> only relying on the basic assumption of all modern digital communications. >>> >>> And more importantly you never responded to the issues of how to avoid >>> the security pitfalls of what you proposed. >>> >>> Fabien >>> >>> >>> Le sam. 12 déc. 2020 à 00:35, Dick Hardt <dick.hardt@gmail.com> a >>> écrit : >>> >>>> >>>> >>>> On Fri, Dec 11, 2020 at 2:53 PM Stephen Moore <srmoore@gmail.com> >>>> wrote: >>>> >>>>> But from the spec: >>>>> " >>>>> When sending a non-continuation request to the AS, the RC MUST >>>>> identify itself by including the client field of the request... >>>>> ... >>>>> key (object / string) : The public key of the RC to be used in this >>>>> request as described in {{request-key}}. This field is REQUIRED. >>>>> ... >>>>> " >>>>> >>>> So on the initial request, the key will be there. >>>>> >>>> >>>> The client field can be an object or a string. If the client is >>>> pre-registered, then a string could be provided instead of an object. >>>> >>>>> >>>> >>>>> >>>>> If you don't have the access token, then how do you differentiate >>>>> between two requests from the same web application by two different users? >>>>> Is the web application supposed to have different credentials for every >>>>> request? >>>>> >>>> >>>> The AS returns a URI for manipulating the request. I would change the >>>> spec so that each request would have a unique URI. This is the usually >>>> RESTful pattern that the resource (the grant request) has an URI. >>>> >>>> >>>> >>>>> So in this case, the easy way out is to pass the access token to the >>>>> client, who then, as i stated before, treats the continue request as a RS >>>>> call (albeit a specialized version of the RS where the RS is the AS) OR to >>>>> use the unique URL, >>>>> but that seems open to a brute force attack by a malicious RC. (What >>>>> would be the point of that attack, I don't know, I guess if someone had the >>>>> client credentials but not any subjects/resources they could try to >>>>> intercept the grant via continue... I just don't feel right locking things >>>>> down to unique URLs that way.) >>>>> >>>> >>>> If someone has the client credentials, they can impersonate the client, >>>> and all bets are off. >>>> >>>> LOTS of RS servers return a resource specific URL -- my proposal is no >>>> different. >>>> >>>> >>>> >>>> >>>>> -steve >>>>> >>>>> On Fri, Dec 11, 2020 at 5:33 PM Dick Hardt <dick.hardt@gmail.com> >>>>> wrote: >>>>> >>>>>> Hi Stephen >>>>>> >>>>>> The client is signing the first request. The key *might* be in the >>>>>> body. The client is signing all the subsequent requests as well. The >>>>>> "access token" is not needed by the client to prove it is authorized as the >>>>>> client is proving it is the same client again. >>>>>> >>>>>> In other words, I don't see the need for an access token, so it does >>>>>> not need to be put in a URL or an auth header. >>>>>> >>>>>> If a developer really, really wants to hand context back to the >>>>>> client for subsequent calls, they can put it in the URL or some other >>>>>> method. Putting it in the HTTP Authorization header is confusing because it >>>>>> is NOT an access token -- it is the context of the request. >>>>>> >>>>>> ᐧ >>>>>> >>>>>> On Fri, Dec 11, 2020 at 2:01 PM Stephen Moore <srmoore@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Even though I've only been lightly following things, I feel the need >>>>>>> to voice my preference as a developer since I will probably someday have to >>>>>>> either write a RC or RS... >>>>>>> >>>>>>> The way I see it is the RC makes the initial request to the AS as >>>>>>> part of this request, it provides it's key in the body... (So no use of the >>>>>>> Authorization header) >>>>>>> At this point that request, represented by the continue URL + >>>>>>> "Access Token", from my lazy developer standpoint, is a Resource Endpoint >>>>>>> and Access Token, and the AS is acting as a specialized RS in this case. >>>>>>> So my client posts to whatever URL with the 'access token' in the >>>>>>> authorization header, just like acting on any other resource I have a token >>>>>>> for. YES, I get a new token value to use every call, and there is a >>>>>>> decision point of "Do I have another continue, or do I have a real token >>>>>>> for the resource..." But the mechanism is the same to me in the client. >>>>>>> Personally I like that, because if I have an access_token, I already >>>>>>> think "Put it in the auth header." >>>>>>> >>>>>>> So my vote would be +1 for the pull request at this time. >>>>>>> -steve >>>>>>> >>>>>>> On Fri, Dec 11, 2020 at 3:04 PM Dick Hardt <dick.hardt@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> inline ... >>>>>>>> >>>>>>>> On Fri, Dec 11, 2020 at 9:58 AM Justin Richer <jricher@mit.edu> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Others had already responded to this previous thread, but I wanted >>>>>>>>> to add a couple points to clarify some things. >>>>>>>>> >>>>>>>>> 3) What the client has to do with the "access token" is not the >>>>>>>>> same as access tokens for an RS. The client gets a new "access token" for >>>>>>>>> each grant request, and for each API call to the AS, and the client learns >>>>>>>>> it can not make any more API calls for that specific request when it does >>>>>>>>> not get an "access token" back. This is a completely different design >>>>>>>>> pattern than calling an RS API with an access token, and is a new design >>>>>>>>> pattern for calling APIs. This adds complexity to the client that it would >>>>>>>>> not normally have, and I don't think GNAP is the right place to start a new >>>>>>>>> design pattern. >>>>>>>>> >>>>>>>>> >>>>>>>>> I’m not sure what you mean by these being different — the whole >>>>>>>>> point of the design is that the client would be doing the same thing with >>>>>>>>> the access token at the AS that it does with the RS by re-using the access >>>>>>>>> token structure. Can you please describe what the differences are, apart >>>>>>>>> from the rotation? Presentation of the token and signing of the message are >>>>>>>>> identical. >>>>>>>>> >>>>>>>> >>>>>>>> The client is getting the "access token" from its API. It is not >>>>>>>> using an "access_token" in other API calls to the AS. >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Rotation of the access token and artifacts for ongoing >>>>>>>>> continuation responses is a separate issue to be discussed: >>>>>>>>> https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/87 >>>>>>>>> <https://www.google.com/url?q=https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/87&source=gmail-imap&ust=1608345320000000&usg=AOvVaw33VPGP0MsjajzYTXZf5Sla> >>>>>>>>> >>>>>>>>> And for what it’s worth, GNAP is absolutely the right place to >>>>>>>>> have new designs — not that this is one. >>>>>>>>> >>>>>>>> >>>>>>>> You are proposing a new way for an API to provide context for >>>>>>>> subsequent API calls. Looks out of scope to me. >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> 4) Clients that only want claims from the AS and no access tokens >>>>>>>>> will be required to support an API calling mechanism they would not have to >>>>>>>>> support otherwise. >>>>>>>>> >>>>>>>>> >>>>>>>>> Correct, but the delta between the calls a client would make with >>>>>>>>> and without an access token is vanishingly small. The client has to sign >>>>>>>>> the initial request in some fashion, and it will sign the continuation >>>>>>>>> request in the same exact fashion, but now include an access token in that >>>>>>>>> request. >>>>>>>>> >>>>>>>> >>>>>>>> Per my other point, there is no value to me in my implementations >>>>>>>> of passing context back and forth between the client and AS -- so it is >>>>>>>> extra work providing no value. >>>>>>>> >>>>>>>> Also, any client authentication mechanism that wants to use the >>>>>>>> HTTP Authentication header is precluded from using it. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Clients making a request to an AS and not getting an access token >>>>>>>>> is a new design pattern. I think it has value and should be included, but >>>>>>>>> OAuth today shows us the immense value of getting access tokens for calling >>>>>>>>> APIs, and so we shouldn’t optimize away from that pattern. >>>>>>>>> >>>>>>>>> >>>>>>>>> 5) If the AS does not provide an "access token", there is no >>>>>>>>> mechanism for a client to delete the request, as the client is not allowed >>>>>>>>> to make a call without an "access token". >>>>>>>>> >>>>>>>>> >>>>>>>>> More properly, if the AS does not provide a “continue” field then >>>>>>>>> the client can’t delete the request — and yes, that’s intentional. The AS >>>>>>>>> is telling this client instance that it can’t do anything else with this >>>>>>>>> ongoing request. If the AS wants to allow the client to manage it, it will >>>>>>>>> include the mechanisms to do so in the “continue” field. >>>>>>>>> >>>>>>>> >>>>>>>> There is nuance in that intention. A related concern is that >>>>>>>> deleting a request does not seem like it is a "continue" operation. >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 6) There is no standard identifier for the request. Debugging and >>>>>>>>> auditing are hampered by the client and AS having no standard way to >>>>>>>>> identifying a request. While one AS may provide a unique URL for each grant >>>>>>>>> request, another AS may use a persistent "access token" to identify the >>>>>>>>> grant request, and other ASs may issue a new "access token" on each API >>>>>>>>> call, providing no persistent identifier for the request. >>>>>>>>> >>>>>>>>> >>>>>>>>> Debugging and auditing this kind of thing are functions of the AS. >>>>>>>>> How is interoperability harmed by different ASs having different methods to >>>>>>>>> identify their internal data elements? The client doesn’t need any >>>>>>>>> knowledge of the AS’s identifiers, it just needs to know the next steps for >>>>>>>>> continuing the negotiation. >>>>>>>>> >>>>>>>> >>>>>>>> Debugging between the client and the AS was what I was referring >>>>>>>> to. How does a client developer identify the request when communicating to >>>>>>>> the AS developer. Seems complicated. >>>>>>>> >>>>>>>> ᐧ >>>>>>>> -- >>>>>>>> TXAuth mailing list >>>>>>>> TXAuth@ietf.org >>>>>>>> https://www.ietf.org/mailman/listinfo/txauth >>>>>>>> <https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/txauth&source=gmail-imap&ust=1608345320000000&usg=AOvVaw0r39lH4qVOu0IQPJJYtSpI> >>>>>>>> >>>>>>> ᐧ >>>> -- >>>> TXAuth mailing list >>>> TXAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/txauth >>>> <https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/txauth&source=gmail-imap&ust=1608345320000000&usg=AOvVaw0r39lH4qVOu0IQPJJYtSpI> >>>> >>> -- > TXAuth mailing list > TXAuth@ietf.org > > https://www.google.com/url?q=https://www.ietf.org/mailman/listinfo/txauth&source=gmail-imap&ust=1608345320000000&usg=AOvVaw0r39lH4qVOu0IQPJJYtSpI > >
- [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Denis
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Stephen Moore
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Stephen Moore
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Stephen Moore
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Torsten Lodderstedt
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Aaron Parecki
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Torsten Lodderstedt
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Dick Hardt
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Dave Tonge
- Re: [GNAP] Consensus Call on Continuation Request Warren Parad
- Re: [GNAP] Consensus Call on Continuation Request Fabien Imbault
- Re: [GNAP] Consensus Call on Continuation Request Justin Richer
- Re: [GNAP] Consensus Call on Continuation Request Aaron Parecki
- Re: [GNAP] Consensus Call on Continuation Request Mike Varley