IETF Logo Mail Archive

Re: [Txauth] WG Review: Grant Negotiation and Authorization Protocol (gnap)

Tom Jones <thomasclinganjones@gmail.com> Tue, 07 July 2020 03:32 UTC

Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8F03A09EF; Mon, 6 Jul 2020 20:32:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYyn_RQYNbLR; Mon, 6 Jul 2020 20:32:26 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A78B3A09F0; Mon, 6 Jul 2020 20:32:25 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id k6so29898933oij.11; Mon, 06 Jul 2020 20:32:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=x/EMIjkOhSnM63+wW57fvH4IRHnAedDwvoZbvo4wl+g=; b=Xh5ssdkiGEAsA3W/OqtjWnsZdV2gu7rw+QthNyfkRmSl+SqkQ4ADfU/jyDMLuVM5/6 tc19s6kKTeKymlvAlAajogovv0dpJo1lsJwZioLRF+ON+fifyCmm2NlORrb9S9rHzWS1 U/Knl1IYnoluwNtqo8zaXmm0ciQlit1oeFppHrX6yGhoik2YuEtm57oYgWdJAB8q1NYL u+qkJ9tqzcLRE+owGmXmYNEQzOces0rkzr26G5Rdt3BSqQoFVLgcVKrL3Fx8Bm812B7Q kq82onzizkQU4w1LekAWfjNl+FplVS48imjI7uqXwDO4CnRpaj0L65Hb40nZGDYd76di MODQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x/EMIjkOhSnM63+wW57fvH4IRHnAedDwvoZbvo4wl+g=; b=nfPylb+6LQWGu8nK0me31Rh0mTluhQn3SRZndyeoBhPks9gwmkApJZi4BD0c5X/vQN c0Aj0rwM8DQdPhSTSYKAmadgQuB80cpK+Jfl5NOupHZeyualC/CH0Q2+hVWf6n3p8kaR NBuSL81r6RlAK6eE5timbx9Bxfl6u/ZzUsun/ggGjIlp5EVt1k1m+sZPo65aa403Lkky f0C5An4eCOpx6wYyoI9QQpHyp3WR7RHGCSdbKWjWboH3bHJb955txISOR7EW6vaMYeXU n9CJZhHHDcYZw0YigixAkynLIczeh14hR8JViTedXe+2W0pLYNdnBmdFTPP3++3Qbu3W 2Hww==
X-Gm-Message-State: AOAM5303gz/sCcPHg4Uqmku7safxqxqYUusSjpmrTD0rmiwlIb83flBN N3BfNiDFvlB8dpxhm3CdM7YIkE5trWN5jI63z7BkLQu+
X-Google-Smtp-Source: ABdhPJyCqW8z7Uw0utd5EgP6NYmoXYZdqqN9gg8SIykkdK2xXldoYr0SipxZ8Ns+wlScy9FFsZoEZ2ZYGh1Gc+tyB3A=
X-Received: by 2002:aca:4b50:: with SMTP id y77mr1801724oia.63.1594092744917; Mon, 06 Jul 2020 20:32:24 -0700 (PDT)
MIME-Version: 1.0
References: <159318778098.29096.6482921706088845432@ietfa.amsl.com> <7563640e-f515-3e73-a4eb-3902ec7af50e@free.fr> <3424311c60f541b197cfda6e9f3b494e@cert.org>
In-Reply-To: <3424311c60f541b197cfda6e9f3b494e@cert.org>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Mon, 06 Jul 2020 20:32:12 -0700
Message-ID: <CAK2Cwb4s_hz8jUP_8pcZom+1yU-FGUEhCMfKvVFL3kcBEWU2UA@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Denis <denis.ietf@free.fr>, "iesg@ietf.org" <iesg@ietf.org>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ccc5e705a9d1a390"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/9ztimHC_fyWMasGfTflPOCTglfI>
Subject: Re: [Txauth] WG Review: Grant Negotiation and Authorization Protocol (gnap)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 03:32:30 -0000

I guess I disagree with several of the assertions made by Denis, especially
the one about the AS knowing as little as possible about the requirement of
the client as it will be presented to the RS. That may be his use case, but
in mine the AS is tightly bound to the user and the ONLY means for the user
to get information about why the client wants or deserves access to the
resources. In the healthcare case, the client and the RS understand the
meaning of the data, the AS and the user have a limited understanding of
the data. The AS formulates the grant, which is in terms of the request for
access, which the AS needs to understand the request to present to the user
for approval. The AS creates a grant, which is not in terms of the claims
provided, but in terms of the requirements for access. Clearly the AS and
RS (and client) need a shared taxonomy of the request types. The AS does
not need to understand the presentation of access from the RS to the
client, but the AS does need full understanding of the request in terms the
user can comprehend.
Peace ..tom


On Mon, Jul 6, 2020 at 8:08 PM Roman Danyliw <rdd@cert.org> wrote:

> Hi Denis!
>
>
>
> Thanks for the feedback and for repeating your review on the revised
> text.  More inline …
>
>
>
> *From:* iesg <iesg-bounces@ietf.org> *On Behalf Of * Denis
> *Sent:* Monday, July 6, 2020 10:55 AM
> *To:* iesg@ietf.org
> *Cc:* txauth@ietf.org
> *Subject:* Re: [Txauth] WG Review: Grant Negotiation and Authorization
> Protocol (gnap)
>
>
>
> Since it is today the last day to send back comments, you will find
> hereafter my comments on the last charter version-05.
> charter-ietf-gnap-00-05
>
> This group is chartered to develop a fine-grained delegation protocol for authorization, API access, user identifiers, and identity assertions.
>
>
>
> [Denis] Fine.
>
>
>
> The protocol will also allow the client to present unverified identifiers and verifiable assertions to the AS as part of its request.
>
>
>
> [Denis] This sentence is too vague because "as part of its request" is not explicit enough. If it means  "as part as an access token request"
>
> this should be explicitly said. If, it is not the case, then it should be clearly explained. The AS should know as little as possible (including nothing)
>
> about what the client is doing.
>
>
>
> [Roman] The “request” here is the “access token request”.  That can be made clearer.
>
>
>
> This protocol will allow an authorizing party to delegate access to client software through an authorization server.
>
>
>
> [Denis] The word "*privacy*" is still missing in the charter. "Delegating access to client software through an authorization server"
>
> is negating the fact that the user's privacy will ever be considered. IMHO, I believe that a RS may delegate some operation to another RS,
>
> but I don't believe that an AS should be concerned by any form of delegation, otherwise it would have the ability to act as "Big Brother".
>
> OAuth has not been constructed taking into consideration the user's privacy. The major difference with it should be that GNAP has been
>
> constructed along "*privacy by design*" principles.
>
>
>
> [Roman]  I don’t exactly follow how considerations for privacy are being negated.  Above and beyond use-case specific considerations that would be defined later, RFC6973 is the IETF consensus design guidance that will guide the privacy threats and mitigations of the work.  What design guidance would you recommend that the WG should consider that aren’t captured in RFC6973?
>
>
>
> It will *expand* upon the uses cases currently supported by OAuth 2.0 and OpenID Connect (itself an extension of OAuth 2.0) to support authorizations
>
> scoped as narrowly as a single transaction, provide a clear framework for interaction among all parties involved in the protocol flow, and remove
>
> unnecessary dependence on a browser or user-agent for coordinating interactions.
>
>
>
> [Denis] There is no need to refer to OAuth 2.0 and OpenID Connect. Some existing uses cases (i.e. "*non-expanded"* use cases) should be supported
>
> differently from OAuth 2.0 and OpenID Connect, in particular to support the user's privacy.
>
>
>
> [Roman] I’d want to hear others on this rescoping.  Building upon the use cases of OAuth 2.0 and OpenID Connect has been core, consensus-validated tenant for some time now.
>
>
>
> The delegation process will be acted upon by multiple parties in the protocol, each performing a specific role. The protocol will decouple the channels used
>
> by the protocol participants to communicate from the delegation channel, which happens directly between the client and the authorization server (in contrast
>
> with OAuth 2.0, which is initiated by the client redirecting the user’s browser).
>
>
>
> [Denis] Here again, the delegation process, if any, should be handled by RSs and not by ASs.
>
> The term "delegation channel" is being used but it is left undefined. It is not understandable.
>
>
>
> [Roman] This sentence was just added into -05 address Security AD feedback.  In this case, it was made to distinguish between in-band signaling and the new purpose-to-be-built channel.
>
>
>
> The protocol will include a means of specifying how the user can potentially be involved in an interactive fashion during the delegation process.
>
> The client and Authorization Server (AS) will use these interaction mechanisms to involve the user, as necessary, to make authorization decisions.
>
>
>
> [Denis] Here again, the delegation process, if any, should be handled by RSs and not by ASs. The AS should know as little as possible (including nothing)
>
> about what the client is doing.
>
>
>
> [Roman] Understood – as I understand it, you have concern with the scope of the AS behavior.  I’d be interesting in hearing additional support for this rescoping.
>
>
>
> This decoupling avoids many of the security concerns and technical challenges of OAuth 2.0 and provides a non-invasive path for supporting future types
>
> of clients and interaction channels.
>
>
>
> [Denis] This is not understandable to me. Is such a sentence really needed in a charter ?
>
>
>
> [Roman] Can someone on the TxAuth mailing list remind us on why this sentence is here?  With a fresh read, I also can’t remember why we need it.
>
>
>
> The group will define interoperability for this protocol between different parties, including
>
> -          client and authorization server;
>
> -          client and resource server; and
>
>      -      authorization server and resource server.
>
>
>
> [Denis] In order to support the user's privacy, there should be no interaction at all between an authorization server and a resource server
>
> *at the time of a client request*.
>
>
>
> The group will seek to minimize assumptions about the form of client applications, allowing for:
>
> -          Fine-grained specification of access
>
> -          Approval of AS attestation to identifiers and other identity claims
>
> -          Approval of access to multiple resources and APIs in a single interaction
>
> -          Multiple access tokens in a single request and response
>
> -          AS-directed dispatch of access tokens to the appropriate RS
>
> [Denis] As-directed dispatch does not allow to support the user's privacy. However, RS-directed dispatch allows to support the user's privacy.
>
> It should be explicitly mentioned.
>
> [Roman] As above (per the AS vs. RS behavior)
>
> -          Separation between the party authorizing access and the party operating the client requesting access
>
>
>
> [Denis] It is questionable whether such a separation would be really beneficial. In doubt, this item should be removed.
>
> [Roman] Could you say more on why this flexibility wouldn’t be worth it?
>
> The group will define extension points for this protocol to allow for flexibility in areas including:
>
>
>
> Cryptographic agility for keys, message signatures, and proof of possession
>
> -          User interaction mechanisms including web and non-web methods
>
> -          Mechanisms for conveying user, software, organization, and other information used in authorization decisions
>
> -          Mechanisms for presenting tokens to resource servers and binding resource requests to tokens and associated cryptographic keys
>
> Optimized inclusion of additional information (including identifiers and identity assertions) through the delegation process
>
>
>
> Additionally, the group will provide mechanisms for management of the protocol lifecycle including:
>
> -          Discovery of the authorization server
>
> -          Revocation of active tokens
>
> Data model for granted access and mechanisms for the AS and RS to communicate the granted access model
>
>
>
> [Denis] While it is the duty for the RS to communicate the granted access model to the client *at the appropriate instant of time*,
>
> the AS should be kept fully ignorant of it.
>
>
>
> Although the artifacts for this work are not intended or expected to be backwards-compatible with OAuth 2.0 or OpenID Connect,
>
> the group will attempt to simplify migrating from OAuth 2.0 and OpenID Connect to the new protocol where possible.
>
>
>
> This group is not chartered to develop extensions to OAuth 2.0, and as such will focus on new technological solutions not necessarily
>
> compatible with OAuth 2.0. Functionality that builds directly on OAuth 2.0 will be directed to the OAuth Working Group, including
>
> functionality back-ported from the protocol developed here to OAuth 2.0.
>
>
>
> The group is chartered to develop mechanisms for applying cryptographic methods, such as JOSE and COSE, to the delegation process.
>
> This group is not chartered to develop new cryptographic methods.
>
>
>
> The group is chartered to develop mechanisms for conveying identity information within the protocol including existing identifiers
>
> (such as email addresses, phone numbers, usernames, and subject identifiers) and assertions (such as OpenID Connect ID Tokens,
>
> SAML Assertions, and Verifiable Credentials). The group is not chartered to develop new formats for identifiers or assertions, nor is the group
>
> chartered to develop schemas for user information, profiles, or other identity attributes, unless a viable existing format is not available.
>
>
>
> The initial work will focus on using HTTPS for communication between the client and the authorization server, taking advantage
>
> of optimization features of HTTP/2 and HTTP/3 where possible, and will strive to enable simple mapping to other protocols such as COAP
>
> when doing so does not conflict with the primary focus.
>
>
>
> Milestones to include:
>
> -          Core delegation protocol
>
> [Denis] Before defining a "Core delegation protocol", a simple client server-protocol involving the presentation of several access tokens to one RS should be defined.
>
> Privacy principles should be applied when defining the protocol. Then after, a delegation mechanism allowing one RS to forward an operation to another RS should be defined.
>
> -          Key presentation mechanism bindings to the core protocol including TLS, detached HTTP signature, and embedded HTTP signatures
>
> [Denis] Bindings to TLS are now deprecated, why should they be maintained ?
>
> Signatures may be needed but they do not necessarily need to be "detached HTTP signature, and embedded HTTP signatures".
>
> This item should be either removed or reworded.
>
> [Roman] Noted.  I’d want to hear others on this rescoping.
>
>
>
> -          Conveyance mechanisms for identifiers and assertions
>
> -          Guidelines for use of protocol extension points (if needed)
>
>      -    Guidelines on migration paths, implementation, and operations
>
> [Denis] The above three lines are rather mysterious.
>
> [Roman] The guidelines on migration paths came from the initial IESG
> review in order to have a named activity to action the design goal of “…
> the group will attempt to simplify migrating from OAuth 2.0 and OpenID
> Connect to the new protocol where possible” a bit earlier in the text.
>
> Where possible, the group will seek to make use of tools to guide and
> inform the standardization process including formal analysis,
> architecture documents, and use case documents. These artifacts will not
> be considered as working group milestones or deliverables.
>
> The working group will cooperate and coordinate with other IETF WGs such
> as OAUTH, and work with external organizations,
> such as the OpenID Foundation, as appropriate.
>
> [Denis] The charter should be shorter.
>
>
>
> [Roman] Definitely.  Nevertheless, we have the current text through rough
> consensus process achieved from two BoFs and multiple mailing list
> consensus calls.
>
>
>
> Regards,
>
> Roman
>
>
>
> /Denis
>
>
>
> A new IETF WG has been proposed in the Security Area. The IESG has not made
>
> any determination yet. The following draft charter was submitted, and is
>
> provided for informational purposes only. Please send your comments to the
>
> IESG mailing list (iesg@ietf.org) *by 2020-07-06*.
>
>
>
> Grant Negotiation and Authorization Protocol (gnap)
>
> -----------------------------------------------------------------------
>
> Current status: Proposed WG
>
>
>
> Chairs:
>
>   Yaron Sheffer <yaronf.ietf@gmail.com> <yaronf.ietf@gmail.com>
>
>   Leif Johansson <leifj@sunet.se> <leifj@sunet.se>
>
>
>
> Assigned Area Director:
>
>   Roman Danyliw <rdd@cert.org> <rdd@cert.org>
>
>
>
> Security Area Directors:
>
>   Benjamin Kaduk <kaduk@mit.edu> <kaduk@mit.edu>
>
>   Roman Danyliw <rdd@cert.org> <rdd@cert.org>
>
>
>
> Mailing list:
>
>   Address: txauth@ietf.org
>
>   To subscribe: ​https://www.ietf.org/mailman/listinfo/txauth
>
>   Archive: https://mailarchive.ietf.org/arch/browse/txauth/
>
>
>
> Group page: https://datatracker.ietf.org/group/gnap/
>
>
>
> Charter: https://datatracker.ietf.org/doc/charter-ietf-gnap/
>
>
>
> This group is chartered to develop a fine-grained delegation protocol for
>
> authorization and API access, as well as requesting and providing user
>
> identifiers and claims. This protocol will allow an authorizing party to
>
> delegate access to client software through an authorization server. It will
>
> expand upon the uses cases currently supported by OAuth 2.0 and OpenID Connect
>
> (itself an extension of OAuth 2.0) to support authorizations scoped as
>
> narrowly as a single transaction, provide a clear framework for interaction
>
> among all parties involved in the protocol flow, and remove unnecessary
>
> dependence on a browser or user-agent for coordinating interactions.
>
>
>
> The delegation process will be acted upon by multiple parties in the protocol,
>
> each performing a specific role. The protocol will decouple the interaction
>
> channels, such as the end user’s browser, from the delegation channel, which
>
> happens directly between the client and the authorization server (in contrast
>
> with OAuth 2.0, which is initiated by the client redirecting the user’s
>
> browser). The protocol will include a means of specifying how the user can
>
> potentially be involved in an interactive fashion during the delegation
>
> process. The client and Authorization Server (AS) will use these interaction
>
> mechanisms to involve the user, as necessary, to make authorization decisions.
>
> This decoupling avoids many of the security concerns and technical challenges
>
> of OAuth 2.0 and provides a non-invasive path for supporting future types of
>
> clients and interaction channels.
>
>
>
> The group will define interoperability for this protocol between different
>
> parties, including
>
>  - client and authorization server;
>
>  - client and resource server; and
>
>  - authorization server and resource server.
>
>
>
> The group will seek to minimize assumptions about the form of client
>
> applications, allowing for:
>
> - Fine-grained specification of access
>
> - Approval of AS attestation to identifiers and other identity claims
>
> - Approval of access to multiple resources and APIs in a single interaction
>
> - Support for multiple access tokens in a single request and response
>
> - Support for directed, audience-restricted access tokens
>
> - Separation between the party authorizing access and the party operating the
>
> client requesting access
>
>
>
> The group will define extension points for this protocol to allow for
>
> flexibility in areas including:
>
>
>
> - Cryptographic agility for keys, message signatures, and proof of possession
>
> - User interaction mechanisms including web and non-web methods
>
> - Mechanisms for conveying user, software, organization, and other
>
> information used in authorization decisions
>
> - Mechanisms for presenting tokens to resource servers and binding resource
>
> requests to tokens and associated cryptographic keys
>
> - Optimized inclusion of additional information (including identifiers and
>
> identity assertions) through the delegation process
>
>
>
> Additionally, the group will provide mechanisms for management of the protocol
>
> lifecycle including:
>
>
>
> - Discovery of the authorization server
>
> - Revocation of active tokens
>
> - Mechanisms for the AS and RS to communicate the access granted by an access
>
> token
>
>
>
> Although the artifacts for this work are not intended or expected to be
>
> backwards-compatible with OAuth 2.0 or OpenID Connect, the group will attempt
>
> to simplify migrating from OAuth 2.0 and OpenID Connect to the new protocol
>
> where possible.
>
>
>
> This group is not chartered to develop extensions to OAuth 2.0, and as such
>
> will focus on new technological solutions not necessarily compatible with
>
> OAuth 2.0. Functionality that builds directly on OAuth 2.0 will be directed
>
> to the OAuth Working Group, including functionality back-ported from the
>
> protocol developed here to OAuth 2.0.
>
>
>
> The group is chartered to develop mechanisms for applying cryptographic
>
> methods, such as JOSE and COSE, to the delegation process. This group is not
>
> chartered to develop new cryptographic methods.
>
>
>
> The group is chartered to develop mechanisms for conveying identity
>
> information within the protocol including existing identifiers (such as email
>
> addresses, phone numbers, usernames, and subject identifiers) and assertions
>
> (such as OpenID Connect ID Tokens, SAML Assertions, and Verifiable
>
> Credentials). The group is not chartered to develop new formats for
>
> identifiers or assertions, nor is the group chartered to develop schemas for
>
> user information, profiles, or other identity attributes, unless a viable
>
> existing format is not available.
>
>
>
> The initial work will focus on using HTTPS for communication between the
>
> client and the authorization server, taking advantage of optimization
>
> features of HTTP/2 and HTTP/3 where possible, and will strive to enable
>
> simple mapping to other protocols such as COAP when doing so does not
>
> conflict with the primary focus.
>
>
>
> Milestones to include:
>
> - Core delegation protocol
>
> - Key presentation mechanism bindings to the core protocol including TLS,
>
> detached HTTP signature, and embedded HTTP signatures
>
> - Conveyance mechanisms for identifiers and assertions
>
> - Guidelines for use of protocol extension points
>
> - (if needed) Guidelines on migration paths, implementation, and operations
>
>
>
> Where possible, the group will seek to make use of tools to guide and inform
>
> the standardization process including formal analysis, architecture documents,
>
> and use case documents. These artifacts will not be considered as working
>
> group milestones or deliverables.
>
>
>
> The working group will cooperate and coordinate with other IETF WGs such as
>
> OAUTH, and work with external organizations, such as the OpenID Foundation,
>
> as appropriate.
>
>
>
> Milestones:
>
>
>
>   Jul 2021 - Core delegation protocol in WGLC
>
>
>
>   Oct 2021 - Key presentation mechanism binding to the core protocol, TLS, to
>
>   WGLC
>
>
>
>   Oct 2021 - Key presentation mechanism binding to the core protocol,
>
>   detached HTTP signatures, to WGLC
>
>
>
>   Oct 2021 - Key presentation mechanism binding to the core protocol,
>
>   embedded HTTP signature, to WGLC
>
>
>
>   Dec 2021 - Guidelines for use of protocol extension points to WGLC
>
>
>
>   Feb 2022 - Guidelines on migration paths, implementation, and operations to
>
>    WGLC
>
>
>
>
>
>
>
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email