From krb-wg-archive@lists.ietf.org Mon Mar 1 09:17:02 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C4C9F28C395 for ; Mon, 1 Mar 2010 09:17:02 -0800 (PST) X-Quarantine-ID: <4Gm2vyPN6zgl> X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Mon, 1 Mar 2010 09:16:56 -0800 (PST) Received: from static-200-105-219-75.acelerate.net (static-200-105-219-75.acelerate.net [200.105.219.75]) by core3.amsl.com (Postfix) with SMTP id F387A28C3CB for ; Mon, 1 Mar 2010 09:16:07 -0800 (PST) From: Approved VIAGRA® Store Subject: Your Future Order with 72% off retail To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100301171626.F387A28C3CB@core3.amsl.com> Date: Mon, 1 Mar 2010 09:16:07 -0800 (PST)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 73072 Inc. All rights reserved.

From krb-wg-archive@lists.ietf.org Mon Mar 1 15:34:05 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1335B3A89C2 for ; Mon, 1 Mar 2010 15:34:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -20.998 X-Spam-Level: X-Spam-Status: No, score=-20.998 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_DYNAMIC_HCC=4.295, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a641xCzh7dkR for ; Mon, 1 Mar 2010 15:34:03 -0800 (PST) Received: from bl7-209-152.dsl.telepac.pt (bl7-209-152.dsl.telepac.pt [85.240.209.152]) by core3.amsl.com (Postfix) with ESMTP id 000423A7B45 for ; Mon, 1 Mar 2010 15:34:02 -0800 (PST) From: "Authorized Pillstore" To: krb-wg-archive@lists.ietf.org Subject: Hello, krb-wg-archive, check our 80% Sale MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100301233403.000423A7B45@core3.amsl.com> Date: Mon, 1 Mar 2010 15:34:02 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Tjgo. All rights reserved.
 Click to unsubscribe
From nubs2@cthisspace.com Tue Mar 2 11:38:13 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40CAD28C16C for ; Tue, 2 Mar 2010 11:38:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -73.359 X-Spam-Level: X-Spam-Status: No, score=-73.359 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kcyTwAyuAZXx for ; Tue, 2 Mar 2010 11:38:12 -0800 (PST) Received: from 187-27-25-128.3g.claro.net.br (187-27-25-128.3g.claro.net.br [187.27.25.128]) by core3.amsl.com (Postfix) with ESMTP id D2D2828C164 for ; Tue, 2 Mar 2010 11:38:10 -0800 (PST) Received: from 187.27.25.128 by mta2.iomartmail.com; Tue, 2 Mar 2010 16:38:06 -0300 Date: Tue, 2 Mar 2010 16:38:06 -0300 From: krb-wg-archive@lists.ietf.org Subject: It is time to look the part of the high flyer - you can do that with a Vertu phone To: Message-ID: <000d01caba3f$e1a20c40$6400a8c0@nubs2> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Only our amazing range of Vertu cellphones surpass the originals in quality and functionality. Check them out today. http://subsume52.spaces.live.com From krb-wg-archive@lists.ietf.org Wed Mar 3 06:19:13 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A02428C381 for ; Wed, 3 Mar 2010 06:19:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -46.34 X-Spam-Level: X-Spam-Status: No, score=-46.34 tagged_above=-999 required=5 tests=[BAYES_95=3, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_SK=1.35, HOST_EQ_SK=0.555, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTFZicI3mFNu for ; Wed, 3 Mar 2010 06:19:10 -0800 (PST) Received: from dial-92-52-38-223-orange.orange.sk (dial-92-52-38-223-orange.orange.sk [92.52.38.223]) by core3.amsl.com (Postfix) with ESMTP id 7601228C3BF for ; Wed, 3 Mar 2010 06:19:08 -0800 (PST) From: "SuperShop on-line" To: krb-wg-archive@lists.ietf.org Subject: For krb-wg-archive,we return to -80% prices Content-Type: text/html; charset="ISO-8859-1" MIME-Version: 1.0 Message-Id: <20100303141908.7601228C3BF@core3.amsl.com> Date: Wed, 3 Mar 2010 06:19:08 -0800 (PST)
Cannot see this email?  click here.


Click here
You are subscribed as krb-wg-archive@lists.ietf.org
You can unsubscribe here.

Check our privacy policy.

Copyright c 2009 IDYTUEUBES. All rights reserved.
From krb-wg-archive@lists.ietf.org Wed Mar 3 07:54:04 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 86C4528C412 for ; Wed, 3 Mar 2010 07:54:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -36.602 X-Spam-Level: X-Spam-Status: No, score=-36.602 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_SBL=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a71F18L1oOgJ for ; Wed, 3 Mar 2010 07:54:01 -0800 (PST) Received: from ppp-58-8-7-94.revip2.asianet.co.th (ppp-58-8-7-94.revip2.asianet.co.th [58.8.7.94]) by core3.amsl.com (Postfix) with ESMTP id 8A0F628C40C for ; Wed, 3 Mar 2010 07:53:57 -0800 (PST) From: "Authorized Pillstore" To: krb-wg-archive@lists.ietf.org Subject: Hello, krb-wg-archive, check our 80% Sale MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100303155359.8A0F628C40C@core3.amsl.com> Date: Wed, 3 Mar 2010 07:53:57 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Yvjzyvavqq. All rights reserved.
 Click to unsubscribe
From lethargicallyt9@kmobile.com Wed Mar 3 19:53:49 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 29B3528C1C7 for ; Wed, 3 Mar 2010 19:53:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -30.492 X-Spam-Level: X-Spam-Status: No, score=-30.492 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_ALMOST_IP=5.417, FH_HOST_ALMOST_IP=1.889, HELO_DYNAMIC_DHCP=1.398, HELO_EQ_DSL=1.129, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_HELO_EQ_DSL_3=1.022, STOX_REPLY_TYPE=0.001, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SC_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id POTKFuOgBupw for ; Wed, 3 Mar 2010 19:53:43 -0800 (PST) Received: from dsl-242-166-08.telkomadsl.co.za (dsl-242-166-08.telkomadsl.co.za [41.242.166.8]) by core3.amsl.com (Postfix) with ESMTP id 7BD5B28C150 for ; Wed, 3 Mar 2010 19:53:39 -0800 (PST) Received: from 41.242.166.8 by kodakgallery.com.s7b2.psmtp.com; Thu, 4 Mar 2010 05:53:22 +0200 Message-ID: <000d01cabb4e$3c298e40$6400a8c0@lethargicallyt9> From: krb-wg-archive@lists.ietf.org To: Subject: For courage of your wiener Date: Thu, 4 Mar 2010 05:53:22 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8089.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 Your road to best-priced medicaments will be only one click long! Make this click right now and you will get around 400 brands available for discreet delivery to your town, plus discounts on 40 of them, which are by the way the most famous ones! http://xt763.mapuxocud.cn From krb-wg-archive@lists.ietf.org Thu Mar 4 14:10:50 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94BDB3A8CA8 for ; Thu, 4 Mar 2010 14:10:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.866 X-Spam-Level: X-Spam-Status: No, score=-11.866 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HOST_EQ_IP_MCLEODUSA=1.111, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ofXJ6OqD7dg for ; Thu, 4 Mar 2010 14:10:49 -0800 (PST) Received: from 209-33-181-138.ip.mcleodusa.net (209-33-181-138.ip.mcleodusa.net [209.33.181.138]) by core3.amsl.com (Postfix) with ESMTP id DC4043A8710 for ; Thu, 4 Mar 2010 14:10:48 -0800 (PST) From: "Authorized Pillstore" To: krb-wg-archive@lists.ietf.org Subject: Hello, krb-wg-archive, check our 80% Sale MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100304221048.DC4043A8710@core3.amsl.com> Date: Thu, 4 Mar 2010 14:10:48 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Zjljxiseq. All rights reserved.
 Click to unsubscribe
From krb-wg-archive@lists.ietf.org Fri Mar 5 08:07:19 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC9E628C2B9 for ; Fri, 5 Mar 2010 08:07:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -27.587 X-Spam-Level: X-Spam-Status: No, score=-27.587 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_DYNAMIC=1.144, HELO_EQ_IP_ADDR=1.119, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYa1UZ3ymdh7 for ; Fri, 5 Mar 2010 08:07:18 -0800 (PST) Received: from 194.64.217.87.dynamic.jazztel.es (194.64.217.87.dynamic.jazztel.es [87.217.64.194]) by core3.amsl.com (Postfix) with ESMTP id 4CC3528C162 for ; Fri, 5 Mar 2010 08:07:14 -0800 (PST) From: "Online shop" To: krb-wg-archive@lists.ietf.org Subject: Surprise for krb-wg-archive! 73% Off right now MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100305160717.4CC3528C162@core3.amsl.com> Date: Fri, 5 Mar 2010 08:07:14 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Usicu. All rights reserved.
 Click to unsubscribe
From ietf-krb-wg-bounces@lists.anl.gov Sun Mar 7 02:52:01 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D93E3A9145 for ; Sun, 7 Mar 2010 02:52:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qu77aGnfEJBW for ; Sun, 7 Mar 2010 02:51:58 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 26AD83A9144 for ; Sun, 7 Mar 2010 02:51:58 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 76D013A; Sun, 7 Mar 2010 04:52:01 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 56BBC12; Sun, 7 Mar 2010 04:51:58 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 320552CC071; Sun, 7 Mar 2010 04:51:58 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 5C3B880E45 for ; Sun, 7 Mar 2010 04:51:56 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3D1257CC07E; Sun, 7 Mar 2010 04:51:56 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01973-10; Sun, 7 Mar 2010 04:51:56 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 1C3847CC077 for ; Sun, 7 Mar 2010 04:51:55 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAKYTk0vBCvxC/2dsb2JhbACbRHOpWIw5gk0HG4IJBI5x X-IronPort-AV: E=Sophos;i="4.49,597,1262584800"; d="txt'?scan'208";a="38369142" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 07 Mar 2010 04:51:54 -0600 Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o27ApnU1005415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 7 Mar 2010 11:51:52 +0100 (CET) Message-ID: <4B938546.9090402@mnt.se> Date: Sun, 07 Mar 2010 11:51:50 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov Content-Type: multipart/mixed; boundary="------------080206040703020204070109" X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] krb-model 07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --------------080206040703020204070109 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I made minor adjustments (for instance Howards lexial ordering of Before/After and an explicit reference to RFC3961 for enctypes). It should be in the I-D repo. IIRC we should last call again. Cheers Leif --------------080206040703020204070109 Content-Type: text/plain; name="draft-ietf-krb-wg-kdc-model-07.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="draft-ietf-krb-wg-kdc-model-07.txt" KERBEROS WORKING GROUP Johansson Internet-Draft SUNET Intended status: Standards Track March 7, 2010 Expires: September 8, 2010 An information model for Kerberos version 5 draft-ietf-krb-wg-kdc-model-07 Abstract This document describes an information model for Kerberos version 5 from the point of view of an administrative service. There is no standard for administrating a kerberos 5 KDC. This document describes the services exposed by an administrative interface to a KDC. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 8, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Johansson Expires September 8, 2010 [Page 1] Internet-Draft KDC Information Model March 2010 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. How to interpret RFC2119 terms . . . . . . . . . . . . . . . . 5 4. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 5. Information model demarcation . . . . . . . . . . . . . . . . 7 6. Information model specification . . . . . . . . . . . . . . . 8 6.1. Principal . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1.1. Principal: Attributes . . . . . . . . . . . . . . . . 8 6.1.2. Principal: Associations . . . . . . . . . . . . . . . 10 6.2. KeySet . . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.2.1. KeySet: Attributes . . . . . . . . . . . . . . . . . . 10 6.2.2. KeySet: Associations . . . . . . . . . . . . . . . . . 10 6.2.3. KeySet: Remarks . . . . . . . . . . . . . . . . . . . 10 6.3. Key . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 6.3.1. Key: Attributes . . . . . . . . . . . . . . . . . . . 11 6.3.2. Key: Associations . . . . . . . . . . . . . . . . . . 12 6.3.3. Key: Remarks . . . . . . . . . . . . . . . . . . . . . 12 6.4. Policy . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.4.1. Policy: Attributes . . . . . . . . . . . . . . . . . . 12 6.4.2. Mandatory-to-implement Policy . . . . . . . . . . . . 13 7. Implementation Scenarios . . . . . . . . . . . . . . . . . . . 15 7.1. LDAP backend to KDC . . . . . . . . . . . . . . . . . . . 15 7.2. LDAP frontend to KDC . . . . . . . . . . . . . . . . . . . 15 7.3. SOAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 7.4. Netconf . . . . . . . . . . . . . . . . . . . . . . . . . 15 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 10.1. Normative References . . . . . . . . . . . . . . . . . . . 18 10.2. Informative References . . . . . . . . . . . . . . . . . . 18 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 19 Johansson Expires September 8, 2010 [Page 2] Internet-Draft KDC Information Model March 2010 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Johansson Expires September 8, 2010 [Page 3] Internet-Draft KDC Information Model March 2010 2. Introduction The Kerberos version 5 authentication service described in [RFC4120] describes how a Key Distribution Service (KDC) provides authentication to clients. The standard does not stipulate how a KDC is managed and several "kadmin" servers have evolved. This document describes the services required to administrate a KDC and the underlying information model assumed by a kadmin-type service. The information model is written in terms of "attributes" and "services" or "interfaces" but the use of these particular words MUST NOT be taken to imply any particular modeling paradigm so that neither an object oriented model or an LDAP schema is intended. The author has attempted to describe in natural language the intended semantics and syntax of the components of the model. An LDAP schema (for instance) based on this model will be more precise in the expression of the syntax while preserving the semantics of this model. Implementations of this document MAY decide to change the names used (eg principalName). If so an implementation MUST provide a name to name mapping to this document. Johansson Expires September 8, 2010 [Page 4] Internet-Draft KDC Information Model March 2010 3. How to interpret RFC2119 terms This document describes an information model for kerberos 5 but does not directly describe any mapping onto a particular schema- or modelling language. Hence an implementation of this model consists of a mapping to such a language - eg an LDAP or SQL schema. The precise interpretation of terms from [RFC2119] therefore require some extra explanation. The terms MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT mean that an implementation MUST provide a feature but does not mean that this feature MUST be REQUIRED by the implementation - eg an attribute is available in an LDAP schema but marked as OPTIONAL. If a feature must be implemented and REQUIRED this is made explicit in this model. The term MAY, OPTIONAL and RECOMMENDED means that an implementation MAY need to REQUIRE the feature due to the particular nature of the schema/modelling language. In some cases this is expressly forbidden by this model (feature X MUST NOT be REQUIRED by an implementation). Note that any implementation of this model SHOULD be published as an RFC. Johansson Expires September 8, 2010 [Page 5] Internet-Draft KDC Information Model March 2010 4. Acknowledgments Love Hoernquist-Aestrand for important contributions. Johansson Expires September 8, 2010 [Page 6] Internet-Draft KDC Information Model March 2010 5. Information model demarcation The information model specified in the next chapter describes objects, properties of those objects and relations between those objects. These elements comprise an abstract view of the data represented in a KDC. It is important to understand that the information model is not a schema. In particular the way objects are compared for equality beyond that which is implied by the specification of a syntax is not part of this specification. Nor is ordering specified between elements of a particular syntax. Further work on Kerberos will undoubtedly prompt updates to this information model to reflect changes in the functions performed by the KDC. Such extensions to the information model MUST always use a normative reference to the relevant RFCs detailing the change in KDC function. This model describes a number of elements related to password policy management. Not all of the elements in this model are unique to Kerberos; an LDAP implementation of this model should incorporate existing LDAP schema where functional overlap exists, rather than defining additional Kerberos-specific elements. Johansson Expires September 8, 2010 [Page 7] Internet-Draft KDC Information Model March 2010 6. Information model specification 6.1. Principal The fundamental entity stored in a KDC is the principal. The principal is associated to keys and generalizes the "user" concept. The principal MUST be implemented in full and MUST NOT be optional in an implementation 6.1.1. Principal: Attributes 6.1.1.1. principalName The principalName MUST uniquely identify the principal within the administrative context of the KDC. The type of the principalName is not described in this document. It is a unique identifier and can be viewed as an opaque byte string which can be compared for equality. The attribute MAY be multivalued if the implmementation supports aliases. In that case exactly one of the principalName values MUST be designated the canonical principalName and if the implementation supports enctypes which require salt then exactly one of the values of principalName MUST be designated as the canonical salting principalName. 6.1.1.2. principalNotUsedBefore The principal may not be used before this date. The syntax of the attribute MUST be semantically equivalent with the standard ISO date format. The attribute MUST be single valued. 6.1.1.3. principalNotUsedAfter The principal may not be used after this date. The syntax of the attribute MUST be semantically equivalent with the standard ISO date format. The attribute MUST be single valued. 6.1.1.4. principalIsDisabled A boolean attribute used to (temporarily) disable a principal. The attribute SHOULD default to false. 6.1.1.5. principalNumberOfFailedAuthenticationAttempts This single valued integer attribute contains a count of the number of times an authentication attempt was unsuccessful for this principal. Implementations SHOULD NOT allow this counter to be reset. Johansson Expires September 8, 2010 [Page 8] Internet-Draft KDC Information Model March 2010 6.1.1.6. principalLastFailedAuthentication This single valued attribute contains the time and date for the last failed authentication attempt for this principal. 6.1.1.7. principalLastSuccessfulAuthentication This single valued attribute contains the time and date for the last successful authentication attempt for this principal. 6.1.1.8. principalLastCredentialChangeTime This single valued attribute contains the time and date for the last successful change of credential (eg password or private key) associated with this principal. 6.1.1.9. principalCreateTime This single valued attribute contains the time and date when this principal was created 6.1.1.10. principalModifyTime This single valued attribute contains the time and date when this principal was modified excluding credentials change. 6.1.1.11. principalMaximumTicketLifetime This single valued attribute contains the delta time in seconds representing the maximum ticket lifetime for tickets issued for this principal. 6.1.1.12. principalMaximumRenewableTicketLifetime This single valued attribute contains the delta time in seconds representing the maximum amount of time a ticket may be renewed for. 6.1.1.13. principalAllowedEnctype This OPTIONAL multi valued attribute lists the enctypes allowed for this principal. If empty or absent any enctype7 supported by the implementation is allowed for this principal. This attribute is intended as a policy attribute and restricts all uses of enctypes including server, client and session keys. Data models MAY choose to use policy objects in order to represent more complex decision mechanisms. Johansson Expires September 8, 2010 [Page 9] Internet-Draft KDC Information Model March 2010 6.1.1.14. principalRealm This is a multi valued attribute listing the realms in which this principal exists using the string representation of the realm name(s). 6.1.2. Principal: Associations Each principal MAY be associated with 0 or more KeySet and MAY be associated with 0 or more Policies. The KeySet is represented as an object in this model since it has attributes associated with it (the key version number). In typical situations the principal is associated with exactly 1 KeySet but implementations MUST NOT assume this case, i.e an implementation of this standard (e.g an LDAP schema) MUST be able to handle the general case of multiple KeySet associated with each principal. 6.2. KeySet A KeySet is a set of keys associated with exactly one principal. This object and its associations MUST NOT be REQUIRED by a data- model. It is expected that most Kerberos implementations will use the set/change password protocol for all aspects of key management [I-D.ietf-krb-wg-kerberos-set-passwd]. This information model only includes these objects for the sake of completenes. If a server supports an enctype that enctype must be present in at least one key for the principal in question. 6.2.1. KeySet: Attributes 6.2.1.1. keySetVersionNumber This is traditionally called the key version number (kvno). This is a single valued attribute containing a positive integer. 6.2.2. KeySet: Associations To each KeySet MUST be associated a set of 1 or more Keys. 6.2.3. KeySet: Remarks The reason for separating the KeySet from the Principal is security. The security of Kerberos 5 depends absolutely on the security of the keys stored in the KDC. The KeySet type is provided to make this clear and to make separation of keys from other parts of the model clear. Johansson Expires September 8, 2010 [Page 10] Internet-Draft KDC Information Model March 2010 Implementations of this standard (eg an LDAP schema) MUST make a clear separation between the representation of KeySet from other information objects. 6.3. Key Implementations of this model MUST NOT REQUIRE keys to be represented. 6.3.1. Key: Attributes 6.3.1.1. keyEncryptionType The enctype SHOULD be represented as an enumeration of the enctypes supported by the KDC using the string name of the enctype from [RFC3961] 6.3.1.2. keyValue The binary representation of the key data. This MUST be a single valued octet string. 6.3.1.3. keySaltValue The binary representation of the key salt. This MUST be a single valued octet string. 6.3.1.4. keyStringToKeyParameter This MUST be a single valued octet string representing an opaque parameter associated with the enctype. 6.3.1.5. keyNotUsedBefore This key MUST NOT be used before this date. The syntax of the attribute MUST be semantically equivalent with the standard ISO date format. This MUST be a single-valued attribute. 6.3.1.6. keyNotUsedAfter This key MUST NOT be used after this date. The syntax of the attribute MUST be semantically equivalent with the standard ISO date format. This MUST be a single-valued attribute. 6.3.1.7. keyNotUsedBefore This key MUST NOT be used before this date. The syntax of the attribute MUST be semantically equivalent with the standard ISO date Johansson Expires September 8, 2010 [Page 11] Internet-Draft KDC Information Model March 2010 format. This MUST be a single-valued attribute. 6.3.1.8. keyIsDisabled This is a boolean attribute which SHOULD be set to false by default. If this attribute is true the key MUST NOT be used. This is used to temporarily disable a key. 6.3.2. Key: Associations None 6.3.3. Key: Remarks The security of the keys is an absolute requirement for the operation of Kerberos 5. If keys are implemented adequate protection from unauthorized modification and disclosure MUST be available and REQUIRED by the implementation. 6.4. Policy Implementations SHOULD implement policy but MAY allow them to be OPTIONAL. The Policy should be thought of as a 'typed hole'. i.e an opaque binary value paired with an identifier of type of data contained in the binary value. Both attributes (type and value) must be present. 6.4.1. Policy: Attributes 6.4.1.1. policyIdentifier The policyIdentifier MUST be unique within the local administrative context and MUST be globally unique. Possible types of identifiers include: An Object Identifier (OID) A URI A UUID The use of OIDs is RECOMMENDED for this purpose. 6.4.1.2. policyIsCritical This boolean attribute indicates that the KDC MUST be able to correctly interpret and apply this policy for the key to be used. Johansson Expires September 8, 2010 [Page 12] Internet-Draft KDC Information Model March 2010 6.4.1.3. policyContent This is an optional single opaque binary value used to store a representation of the policy. In general a policy cannot be fully expressed using attribute-value pairs. The policyContent is OPTIONAL in the sense that an implementation MAY use it to store an opaque value for those policy-types which are not directly representable in that implementation. 6.4.1.4. policyUse This is an optional single enumerated string value used to describe the applicability of the policy. Implementations SHOULD provide this attribute and MUST (if the attribute is implemented) describe the enumerated set of possible values. 6.4.2. Mandatory-to-implement Policy All implementations MUST be able to represent the policies listed in this section. Implementations are not required to use the same underlying data-representation for the policyContent binary value but SHOULD use the same OIDs as the policyIdentifier. In general the expression of policy may require a Turing-complete language. This specification does not attempt to model policy expression language. 6.4.2.1. Password Quality Policy Password quality policy controls the requirements placed by the KDC on new passwords. This policy SHOULD be identified by the OID .1. 6.4.2.2. Password Management Policy Password management policy controls how passwords are changed. This policy SHOULD be identified by the OID .2. 6.4.2.3. Keying Policy A keying policy specifies the association of enctypes with new principals, i.e when a principal is created one of the possibly many applicable keying policies determine the set of keys to associate with the principal. This policy SHOULD be identified by the OID .3. 6.4.2.4. Ticket Flag Policy A ticket flag policy specifies the ticket flags allowed for tickets issued for a principal. This policy SHOULD be identified by the OID Johansson Expires September 8, 2010 [Page 13] Internet-Draft KDC Information Model March 2010 .4. Johansson Expires September 8, 2010 [Page 14] Internet-Draft KDC Information Model March 2010 7. Implementation Scenarios There are several ways to implement an administrative service for Kerberos 5 based on this information model. In this section we list a few of them. 7.1. LDAP backend to KDC Given an LDAP schema implementation of this information model it would be possible to build an administrative service by backending the KDC to a directory server where principals and keys are stored. Using the security mechanisms available on the directory server keys are protected from access by anyone apart from the KDC. Administration of the principals, policy and other non-key data is done through the directory server while the keys are modified using the set/change password protocol [I-D.ietf-krb-wg-kerberos-set-passwd]. 7.2. LDAP frontend to KDC An alternative way to provide a directory interface to the KDC is to implement an LDAP-frontend to the KDC which exposes all non-key objects as entries and attributes. As in the example above all keys are modified using the set/change password protocol [I-D.ietf-krb-wg-kerberos-set-passwd]. In this scenario the implementation would typically not use a traditional LDAP implementation but treat LDAP as an access-protocol to data in the native KDC database. 7.3. SOAP Given an XML schema implementation of this information model it would be possible to build a SOAP-interface to the KDC. This demonstrates the value of creating an abstract information model which is mappable to multiple schema representations. 7.4. Netconf Given a YAML implementation of this information model it would be possible to create a Netconf-based interface to the KDC in theory enabling management of the KDC from standard network management applications Johansson Expires September 8, 2010 [Page 15] Internet-Draft KDC Information Model March 2010 8. Security Considerations This document describes an abstract information model for Kerberos 5. The Kerberos 5 protocol depends on the security of the keys stored in the KDC. The model described here assumes that keys MUST NOT be transported in the clear over the network and furthermore that keys are treated as write-only attributes that SHALL only be modified (using the administrative interface) by the change-password protocol [I-D.ietf-krb-wg-kerberos-set-passwd]. Exposing the object model of a KDC typically implies that objects can be modified and/or deleted. In a KDC not all principals are created equal, so that for instance deleting krbtgt/EXAMPLE.COM@EXAMPLE.COM effectively disables the EXAMPLE.COM realm. Hence access control is paramount to the security of any implementation. This document does not (at the time of writing - leifj) mandate access control. This only implies that access control is beyond the scope of the standard information model, i.e that access control may not be accessible via any protocol based on this model. If access control objects is exposed via an extension to this model the presence of access control may in itself provide points of attack by giving away information about principals with elevated rights etc. etc. Johansson Expires September 8, 2010 [Page 16] Internet-Draft KDC Information Model March 2010 9. IANA Considerations This document requires the allocation of several OIDs marked in the text. Johansson Expires September 8, 2010 [Page 17] Internet-Draft KDC Information Model March 2010 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3961] Raeburn, K., "Encryption and Checksum Specifications for Kerberos 5", RFC 3961, February 2005. [RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The Kerberos Network Authentication Service (V5)", RFC 4120, July 2005. 10.2. Informative References [I-D.ietf-krb-wg-kerberos-set-passwd] Williams, N., "Kerberos Set/Change Key/Password Protocol Version 2", draft-ietf-krb-wg-kerberos-set-passwd-08 (work in progress), November 2008. Johansson Expires September 8, 2010 [Page 18] Internet-Draft KDC Information Model March 2010 Author's Address Leif Johansson Swedish University Network Thulegatan 11 Stockholm Email: leifj@sunet.se URI: http://www.sunet.se Johansson Expires September 8, 2010 [Page 19] --------------080206040703020204070109 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --------------080206040703020204070109-- From ietf-krb-wg-bounces@lists.anl.gov Sun Mar 7 03:00:07 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A654A3A7977 for ; Sun, 7 Mar 2010 03:00:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.599 X-Spam-Level: X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YR8ZVGIDiTaP for ; Sun, 7 Mar 2010 03:00:06 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 087F33A86D7 for ; Sun, 7 Mar 2010 03:00:06 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 109AC11; Sun, 7 Mar 2010 05:00:09 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id BA04F28; Sun, 7 Mar 2010 05:00:08 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8330280E46; Sun, 7 Mar 2010 05:00:08 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id BE08280E45 for ; Sun, 7 Mar 2010 05:00:06 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A85BD7CC079; Sun, 7 Mar 2010 05:00:06 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02386-02; Sun, 7 Mar 2010 05:00:06 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8C25C7CC077 for ; Sun, 7 Mar 2010 05:00:06 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiIBAP8Vk0tAqmIgjmdsb2JhbACPWQGLahUBAQEBCQsICREHHbYIglSCJASDFw X-IronPort-AV: E=Sophos;i="4.49,597,1262584800"; d="txt'208?scan'208,208";a="38369227" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 07 Mar 2010 05:00:05 -0600 Received: by core3.amsl.com (Postfix, from userid 0) id CB9FE3A8D9D; Sun, 7 Mar 2010 03:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20100307110001.CB9FE3A8D9D@core3.amsl.com> Date: Sun, 7 Mar 2010 03:00:01 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: [Ietf-krb-wg] I-D Action:draft-ietf-krb-wg-kdc-model-07.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF. Title : An information model for Kerberos version 5 Author(s) : L. Johansson Filename : draft-ietf-krb-wg-kdc-model-07.txt Pages : 19 Date : 2010-03-07 This document describes an information model for Kerberos version 5 from the point of view of an administrative service. There is no standard for administrating a kerberos 5 KDC. This document describes the services exposed by an administrative interface to a KDC. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kdc-model-07.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-krb-wg-kdc-model-07.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2010-03-07025043.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --NextPart-- From krb-wg-archive@lists.ietf.org Sun Mar 7 11:44:59 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 156243A917F for ; Sun, 7 Mar 2010 11:44:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -59.009 X-Spam-Level: X-Spam-Status: No, score=-59.009 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_DE=0.35, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, URIBL_BLACK=20, URIBL_JP_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TMcHIeUVleam for ; Sun, 7 Mar 2010 11:44:58 -0800 (PST) Received: from p4FEB0C45.dip0.t-ipconnect.de (p4FEB0C45.dip0.t-ipconnect.de [79.235.12.69]) by core3.amsl.com (Postfix) with ESMTP id 7FA593A9003 for ; Sun, 7 Mar 2010 11:44:57 -0800 (PST) From: "Online shop" To: krb-wg-archive@lists.ietf.org Subject: Surprise for krb-wg-archive! 73% Off right now MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100307194457.7FA593A9003@core3.amsl.com> Date: Sun, 7 Mar 2010 11:44:57 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Urihaqd. All rights reserved.
 Click to unsubscribe
From ietf-krb-wg-bounces@lists.anl.gov Sun Mar 7 13:21:30 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3AD3E28C1D7 for ; Sun, 7 Mar 2010 13:21:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.599 X-Spam-Level: X-Spam-Status: No, score=-5.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id swbOIqhkeFqb for ; Sun, 7 Mar 2010 13:21:28 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 44B9B28C1E4 for ; Sun, 7 Mar 2010 13:21:28 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 025C828; Sun, 7 Mar 2010 15:21:32 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6A30029; Sun, 7 Mar 2010 15:21:28 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0FB8E80E43; Sun, 7 Mar 2010 15:21:28 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 27E4480E31 for ; Sun, 7 Mar 2010 15:21:26 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 138397CC079; Sun, 7 Mar 2010 15:21:26 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04933-09; Sun, 7 Mar 2010 15:21:26 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id EC3AA7CC077 for ; Sun, 7 Mar 2010 15:21:25 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAE+nk0vBCvxC/2dsb2JhbACbRnO3dYR4BA X-IronPort-AV: E=Sophos;i="4.49,598,1262584800"; d="scan'208";a="38378241" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 07 Mar 2010 15:21:25 -0600 Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o27LLLfx009552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 7 Mar 2010 22:21:24 +0100 (CET) Message-ID: <4B9418D1.8040103@mnt.se> Date: Sun, 07 Mar 2010 22:21:21 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <133C9495BD72D2D92C3CA8A4@minbar.fac.cs.cmu.edu> In-Reply-To: X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] IETF77 call for agenda items X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On 02/25/2010 08:39 PM, Sam Hartman wrote: > I'd love to make progress on > > info model > I think we should do another WGLC asap - even before the meeting if possible. I'm sure we can nit pick the document for another few years but I'll be bold and say we should publish :-) Cheers Leif _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sun Mar 7 16:27:30 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D429B3A67E7 for ; Sun, 7 Mar 2010 16:27:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3lJtLcNdI1d for ; Sun, 7 Mar 2010 16:27:29 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 447B33A676A for ; Sun, 7 Mar 2010 16:27:29 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6B08029; Sun, 7 Mar 2010 18:27:10 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C911612; Sun, 7 Mar 2010 18:27:07 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 91A8F80E43; Sun, 7 Mar 2010 18:27:07 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id E5C1F80E31 for ; Sun, 7 Mar 2010 18:27:05 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C62E27CC07E; Sun, 7 Mar 2010 18:27:05 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12959-02; Sun, 7 Mar 2010 18:27:05 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 971C17CC079 for ; Sun, 7 Mar 2010 18:27:05 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtACAKrSk0sSCRkPnGdsb2JhbACDC5gYFwIBCAsICRMcBqgpgl4Fg2KIWYEygT2BH2oEgxc X-IronPort-AV: E=Sophos;i="4.49,599,1262584800"; d="scan'208";a="38380461" Received: from dmz-mailsec-scanner-4.mit.edu ([18.9.25.15]) by mailgateway.anl.gov with ESMTP; 07 Mar 2010 18:27:05 -0600 X-AuditID: 1209190f-b7b9fae000000982-9b-4b9444594bc8 Received: from mailhub-auth-1.mit.edu (MAILHUB-AUTH-1.MIT.EDU [18.9.21.35]) by dmz-mailsec-scanner-4.mit.edu (Symantec Brightmail Gateway) with SMTP id D8.60.02434.954449B4; Sun, 7 Mar 2010 19:27:05 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id o280R4BO029445 for ; Sun, 7 Mar 2010 19:27:05 -0500 Received: from [10.0.0.102] (c-24-61-11-81.hsd1.ma.comcast.net [24.61.11.81]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o280R3Pd015577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sun, 7 Mar 2010 19:27:04 -0500 (EST) From: Greg Hudson To: "ietf-krb-wg@lists.anl.gov" In-Reply-To: <20100307110001.CB9FE3A8D9D@core3.amsl.com> References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> Date: Sun, 07 Mar 2010 19:27:03 -0500 Message-ID: <1268008023.18898.288.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 X-Brightmail-Tracker: AAAAAhMqGHkTKiQy X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] Comments on draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Semantic comments: 6.1.1.1 makes the incorrect assumption that salts are necessarily derived from principal names. If an implementation randomly generates explicit salts for all principals, it does not need to designate a canonical principal name for salting. 6.1.1.1 does not say whether a principalName includes a realm name. Consider the implications for cross-realm TGT principals given that principalNames must be unique identifiers within the model. 6.1.1.14 creates some further alarming implications: that the model is not necessarily limited to a single realm, but that principal names must be unique independent of what realms they live in. Moreover, while I could understand a desire to "link" principals by having a single principal object live in more than one realm, I think that's a dangerous direction for the model to go in. If principals are "linked" between multiple realms, do they necessarily have the same name in each realm? The second paragraph of section 6.2 seems confused. "If a server supports an enctype" seems to be about the server in general, but the sentence goes on to talk about "the principal in question." Surely a KDC would still be said to "support" AES even if it contains a principal containing only a DES3 key. 6.1.2 would be clearer if it briefly mentioned why there might be multiple KeySets associated with a principal (key rollover situations). 6.2.3 talks about separating the KeySet from the principal "for security," but doesn't explain why the separation introduces any security. Perhaps because it means keys won't necessarily be transmitted if a principal is retrieved, in an implementation where objects are retrieved in blobs? 6.1.1.2 and friend introduce similar concepts to 6.3.1.5 and friends, but use rather different requirements languages. 6.3.1.5 appears to be trying to impose a requirement on the KDC implementation (a body of code), while 6.1.1.2 confines itself to imposing requirements on the model implementation (a standard document). 6.4.1.4 does not define what the "applicability of a policy" means. 7.3 makes what I'd consider an overly bold statement--that the possibility of creating a SOAP interface demonstrates the value of an abstract model. Simply naming a variety of possible protocol substrates doesn't really put that question to rest, if anyone is raising it. 8 says the model makes some assumptions about how keys will be handled by an admin interface. This wording is confusing to me. First, the model doesn't appear to make any such assumptions; they sound more like ancillary aspects which the author considers a good idea. Second, if the keys are being modified only by the change-password protocol, how are they also being modified "(using the administrative interface)"? And third, if the keys are write-only but only modified via the change-password protocol, what's the point of discussing them in the model? Editorial comments (the author is welcome to disagree with some of these and ignore them): * The writing style makes very sparing use of commas. I don't want to go over every case where I would have used a comma, but there were a bunch of them. * eg or e.g should be written as "e.g." consistently. Similarly, ie or i.e should be written as "i.e." consistently. * "single valued" should be "single-valued". "multivalued" or "multi valued" should be "multi-valued". * In 2, "administrate" should be "administer". * In 2, "... MUST NOT be taken to imply any particular modeling paradigm so that neither an object oriented model or an LDAP schema is intended" incorrectly associates the "so that neither..." clause with what is being prohibited. I recommend a different sentence structure. Also, it's neither...nor, not neither...or. * In 3, strike "Note that". * In 6.1.1.1, "implmementation" -> "implementation". * In 6.1.1.4, strike either the parentheses around "temporarily" or strike it entirely. Parentheticals should not modify the meaning of the sentence. * In 6.1.1.11, "maximum ticket lifetime for tickets" -> "maximum lifetime for tickets". * In 6.1.1.13, "enctype7" -> "enctype". * In 6.1.1.13, add Harvard comma to "server, client and session keys". * In 6.1.2 and 6.2.3, the parentheticals clarifying what "implementation" could mean seem redundant. Either classifying a standards document arising from the model as an "implementation" is confusing and wrong, or it should be explained once (as it is in section 3) and the reader should be expected to understand that henceforth. * In 6.2, "completenes" -> "completeness". * In 6.4.2.3, i.e appears used when e.g. is meant, since a keying policy could apply to password changes as well as principal creation. * In 6.4.2.3, the wrong form of "determine" is used. The whole sentence is awkward; striking "possibly many" would help a little bit. * In 7.1, the word "backending" is coined. "Back-ending" might be slightly less abusive of the English language, although either is pretty informal. * In 7.1, Harvard comma in "principals, policy and other". * In 7.2, "access-protocol" -> "access protocol". * In 7.3, "SOAP-interface" -> "SOAP interface". * 7.4 contians a run-on sentence which is also missing period. * Section 8 contains a parenthentical signed by leifj which should go before publishing. * In 8, "access control objects is" -> "access control objects are". * In 8, "etc. etc." is excessively informal. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Sun Mar 7 22:31:50 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5322F3A6407 for ; Sun, 7 Mar 2010 22:31:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -43.619 X-Spam-Level: X-Spam-Status: No, score=-43.619 tagged_above=-999 required=5 tests=[BAYES_95=3, HELO_EQ_DE=0.35, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xt1jt-LhVx13 for ; Sun, 7 Mar 2010 22:31:48 -0800 (PST) Received: from p5B271B42.dip0.t-ipconnect.de (p5B27263E.dip0.t-ipconnect.de [91.39.38.62]) by core3.amsl.com (Postfix) with ESMTP id 224E43A67B5 for ; Sun, 7 Mar 2010 22:31:47 -0800 (PST) From: "Super online shop" To: krb-wg-archive@lists.ietf.org Subject: Catch the moment krb-wg-archive! 85% Fire Sale Content-Type: text/html; charset="ISO-8859-1" MIME-Version: 1.0 Message-Id: <20100308063148.224E43A67B5@core3.amsl.com> Date: Sun, 7 Mar 2010 22:31:47 -0800 (PST)
Cannot see this email?  click here.


Click here
You are subscribed as krb-wg-archive@lists.ietf.org
You can unsubscribe here.

Check our privacy policy.

Copyright c 2009 YPALOSYRAJ. All rights reserved.
From krb-wg-archive@lists.ietf.org Mon Mar 8 04:36:28 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF1AA3A6972 for ; Mon, 8 Mar 2010 04:36:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -61.28 X-Spam-Level: X-Spam-Status: No, score=-61.28 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_CZ=0.445, HOST_EQ_BROADBND=1.118, HOST_EQ_CZ=0.904, HTML_IMAGE_ONLY_16=1.526, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BuHQyNSMEN+I for ; Mon, 8 Mar 2010 04:36:27 -0800 (PST) Received: from 62.210.broadband10.iol.cz (62.210.broadband10.iol.cz [90.177.210.62]) by core3.amsl.com (Postfix) with ESMTP id 39A933A6870 for ; Mon, 8 Mar 2010 04:36:27 -0800 (PST) From: "Online shop" To: krb-wg-archive@lists.ietf.org Subject: Surprise for krb-wg-archive! 73% Off right now MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100308123627.39A933A6870@core3.amsl.com> Date: Mon, 8 Mar 2010 04:36:27 -0800 (PST)
Having trouble reading this email? Click here to view this email online
Click here


© 2009 Acekukjz. All rights reserved.
 Click to unsubscribe
From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 8 11:15:24 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0984A3A6B71 for ; Mon, 8 Mar 2010 11:15:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -104.178 X-Spam-Level: X-Spam-Status: No, score=-104.178 tagged_above=-999 required=5 tests=[AWL=2.421, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0WhMDPJYb8S for ; Mon, 8 Mar 2010 11:15:15 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 650CC3A6B58 for ; Mon, 8 Mar 2010 11:15:14 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 8820C66; Mon, 8 Mar 2010 13:15:15 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 0F18D4E; Mon, 8 Mar 2010 13:15:09 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C923280E45; Mon, 8 Mar 2010 13:15:09 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 4AF3B80DE6 for ; Mon, 8 Mar 2010 13:15:08 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2BBEC7CC06C; Mon, 8 Mar 2010 13:15:08 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17621-09; Mon, 8 Mar 2010 13:15:08 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 0FF867CC05E for ; Mon, 8 Mar 2010 13:15:07 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqMAAEfblEtAqmIgjmdsb2JhbACPQgGLbhUBAQEBCQsICREHHbpygk6CKgSDFw X-IronPort-AV: E=Sophos;i="4.49,603,1262584800"; d="txt'208?scan'208,208";a="38418234" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 08 Mar 2010 13:15:07 -0600 Received: by core3.amsl.com (Postfix, from userid 0) id 8B6DD3A6AFB; Mon, 8 Mar 2010 11:15:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20100308191502.8B6DD3A6AFB@core3.amsl.com> Date: Mon, 8 Mar 2010 11:15:01 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: [Ietf-krb-wg] I-D Action:draft-ietf-krb-wg-preauth-framework-16.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF. Title : A Generalized Framework for Kerberos Pre-Authentication Author(s) : S. Hartman, L. Zhu Filename : draft-ietf-krb-wg-preauth-framework-16.txt Pages : 51 Date : 2010-03-08 Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a network server) on an open network. The Kerberos protocol provides a mechanism called pre-authentication for proving the identity of a principal and for better protecting the long-term secrets of the principal. This document describes a model for Kerberos pre-authentication mechanisms. The model describes what state in the Kerberos request a pre-authentication mechanism is likely to change. It also describes how multiple pre-authentication mechanisms used in the same request will interact. This document also provides common tools needed by multiple pre- authentication mechanisms. One of these tools is a secure channel between the client and the KDC with a reply key strengthening mechanism; this secure channel can be used to protect the authentication exchange thus eliminate offline dictionary attacks. With these tools, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-framework-16.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-ietf-krb-wg-preauth-framework-16.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2010-03-08110309.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --NextPart-- From electioneert7@beadtime.com Mon Mar 8 14:11:14 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3DA393A69CA for ; Mon, 8 Mar 2010 14:11:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.534 X-Spam-Level: X-Spam-Status: No, score=-16.534 tagged_above=-999 required=5 tests=[BAYES_99=3.5, CHARSET_FARAWAY_HEADER=3.2, FB_HARD_ERECTION=1.66, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, FS_ERECTION=10.579, FUZZY_VPILL=0.687, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HOST_EQ_BR=1.295, MIME_8BIT_HEADER=0.3, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_ADLTSUB2=1.23, SARE_ADULT2=1.42, SARE_SUB_ENC_KOI8R=0.67, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, URIBL_AB_SURBL=10, URIBL_BLACK=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tr5DYqfaTfYj for ; Mon, 8 Mar 2010 14:11:08 -0800 (PST) Received: from 200-219-77-76.ggs6102.3g.brasiltelecom.net.br (200-219-77-76.ggs6102.3g.brasiltelecom.net.br [200.219.77.76]) by core3.amsl.com (Postfix) with ESMTP id BE30C3A69C6 for ; Mon, 8 Mar 2010 14:11:03 -0800 (PST) Received: from 200.219.77.76 by mail.beadtime.com; Mon, 8 Mar 2010 18:10:54 -0400 Message-ID: <000d01cabf0c$38ded1c0$6400a8c0@electioneert7> From: krb-wg-archive@lists.ietf.org To: Subject: =?koi8-r?B?RW5qb3kgYSBwcm8tbG9uZ2VkLCByb2NrLWhhcmQgZXJlY3Rpb24gYW5k?= =?koi8-r?B?IGRldmVsb3AgdGhlIGFiaWxpdHkgdG8gY29udHJvbCB5b3VyIGNsaW1h?= =?koi8-r?B?eIU=?= Date: Mon, 8 Mar 2010 18:10:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8089.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 ViaGrow is the only 100% herbal formula that works even with alcohol http://paroluviq.cn From krb-wg-archive@lists.ietf.org Tue Mar 9 08:16:10 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 54BAB3A69AE for ; Tue, 9 Mar 2010 08:16:10 -0800 (PST) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Tue, 9 Mar 2010 08:16:03 -0800 (PST) Received: from adsl-203-211-192-81.adsl2.iam.net.ma (adsl-203-211-192-81.adsl2.iam.net.ma [81.192.211.203]) by core3.amsl.com (Postfix) with SMTP id 3BEAF3A6954 for ; Tue, 9 Mar 2010 08:16:01 -0800 (PST) From: Approved VIAGRA® Store Subject: News on myspace To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100309161602.3BEAF3A6954@core3.amsl.com> Date: Tue, 9 Mar 2010 08:16:01 -0800 (PST)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 92621 Inc. All rights reserved.

From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 9 14:13:00 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AE883A6802 for ; Tue, 9 Mar 2010 14:13:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.599 X-Spam-Level: X-Spam-Status: No, score=-5.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LXyYXSzj7+X for ; Tue, 9 Mar 2010 14:12:54 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2DF903A69BE for ; Tue, 9 Mar 2010 14:12:50 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id AE4003E; Tue, 9 Mar 2010 16:12:54 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A2CBD5B; Tue, 9 Mar 2010 16:12:50 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4F33E80E4B; Tue, 9 Mar 2010 16:12:50 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 292B180E43 for ; Tue, 9 Mar 2010 16:12:48 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0905E7CC05C; Tue, 9 Mar 2010 16:12:48 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14101-01-4; Tue, 9 Mar 2010 16:12:47 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 6CC817CC08C for ; Tue, 9 Mar 2010 16:12:46 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEADNXlkvBCvxC/2dsb2JhbACbA3Ovf44Kgm+CCgSGFg X-IronPort-AV: E=Sophos;i="4.49,610,1262584800"; d="scan'208";a="38495512" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 09 Mar 2010 16:12:32 -0600 Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o29MCS3G008694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 9 Mar 2010 23:12:31 +0100 (CET) Message-ID: <4B96C7CC.50507@mnt.se> Date: Tue, 09 Mar 2010 23:12:28 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> <1268008023.18898.288.camel@ray> In-Reply-To: <1268008023.18898.288.camel@ray> X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] Comments on draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On 03/08/2010 01:27 AM, Greg Hudson wrote: > Semantic comments: First of all: thank you for your in-depth review and detailed comments! > > 6.1.1.1 makes the incorrect assumption that salts are necessarily > derived from principal names. If an implementation randomly generates > explicit salts for all principals, it does not need to designate a > canonical principal name for salting. > I am almost sure we've discussed this but I can't find the reference to the thread in the list archive right now. Can somebody help? > 6.1.1.1 does not say whether a principalName includes a realm name. > Consider the implications for cross-realm TGT principals given that > principalNames must be unique identifiers within the model. > > 6.1.1.14 creates some further alarming implications: that the model is > not necessarily limited to a single realm, but that principal names must > be unique independent of what realms they live in. Moreover, while I > could understand a desire to "link" principals by having a single > principal object live in more than one realm, I think that's a dangerous > direction for the model to go in. If principals are "linked" between > multiple realms, do they necessarily have the same name in each realm? These two might be left-overs from an earlier version where realm didn't exist. After a discussion on the list realms were back in the model but I may have missed some minor consequences of that. I'll review and clarify the language. Greg raises a question that I'd like more comments on: Is it reasonable for a principal to be a member of several realms or should that just be two principals? > > The second paragraph of section 6.2 seems confused. "If a server > supports an enctype" seems to be about the server in general, but the > sentence goes on to talk about "the principal in question." Surely a > KDC would still be said to "support" AES even if it contains a principal > containing only a DES3 key. It should be read as "If a server supports an enctype _for a principal_ then that enctype must be present in at least one key for the principal in question." In other words: if its there then it is allowed. Almost a tautology, I agree but this was the result of a discussion before the last IETF about how to signal support for an enctype. > > 6.1.2 would be clearer if it briefly mentioned why there might be > multiple KeySets associated with a principal (key rollover situations). > Sure... > 6.2.3 talks about separating the KeySet from the principal "for > security," but doesn't explain why the separation introduces any > security. Perhaps because it means keys won't necessarily be > transmitted if a principal is retrieved, in an implementation where > objects are retrieved in blobs? This is largely historic now and possibly redundant. The origins of the information model is a number of early attempts to build LDAP schema for a KDC, many of which would happily let you play with keys as LDAP attributes. Do you have a suggestion here - remove the remark or clarify? > > 6.1.1.2 and friend introduce similar concepts to 6.3.1.5 and friends, > but use rather different requirements languages. 6.3.1.5 appears to be > trying to impose a requirement on the KDC implementation (a body of > code), while 6.1.1.2 confines itself to imposing requirements on the > model implementation (a standard document). Not intentionally. Are you referring to the use of RFC2119 terms in 6.3? In that case there is a note on their interpretation at the beginning of the text... > > 6.4.1.4 does not define what the "applicability of a policy" means. Good point. I had to think twice before remembering it. I am pretty sure this is supposed to mean things like "keying policy" or "credential change policy". > > 7.3 makes what I'd consider an overly bold statement--that the > possibility of creating a SOAP interface demonstrates the value of an > abstract model. Simply naming a variety of possible protocol substrates > doesn't really put that question to rest, if anyone is raising it. > Speaking as someone who has from time to time been called upon to deploy multiple interfaces to the same underlying system without the benefit of an information model I disagree that the statement is bold. > 8 says the model makes some assumptions about how keys will be handled > by an admin interface. This wording is confusing to me. First, the > model doesn't appear to make any such assumptions; they sound more like > ancillary aspects which the author considers a good idea. Second, if > the keys are being modified only by the change-password protocol, how > are they also being modified "(using the administrative interface)"? > And third, if the keys are write-only but only modified via the > change-password protocol, what's the point of discussing them in the > model? The point of discussing keys in this ways is largely historic (see my note above about the origins of the model). I decided to put these words into the security considerations because I didn't want anyone to read the model and jump to the conclusion that changing keys using (say) a NetConf interface would be as good as using the set-change-password protocol. In fact I think it would be a very bad idea and I wanted the standard to reflect that view. Feel free to disagree! > > Editorial comments (the author is welcome to disagree with some of these > and ignore them): From this point on I'm perfectly happy to accept your authority and command of the language of the Bard ;-) > > * The writing style makes very sparing use of commas. I don't want to > go over every case where I would have used a comma, but there were a > bunch of them. > > * eg or e.g should be written as "e.g." consistently. Similarly, ie or > i.e should be written as "i.e." consistently. > > * "single valued" should be "single-valued". "multivalued" or "multi > valued" should be "multi-valued". > > * In 2, "administrate" should be "administer". > > * In 2, "... MUST NOT be taken to imply any particular modeling paradigm > so that neither an object oriented model or an LDAP schema is intended" > incorrectly associates the "so that neither..." clause with what is > being prohibited. I recommend a different sentence structure. Also, > it's neither...nor, not neither...or. > > * In 3, strike "Note that". > > * In 6.1.1.1, "implmementation" -> "implementation". > > * In 6.1.1.4, strike either the parentheses around "temporarily" or > strike it entirely. Parentheticals should not modify the meaning of the > sentence. > > * In 6.1.1.11, "maximum ticket lifetime for tickets" -> "maximum > lifetime for tickets". > > * In 6.1.1.13, "enctype7" -> "enctype". > > * In 6.1.1.13, add Harvard comma to "server, client and session keys". > > * In 6.1.2 and 6.2.3, the parentheticals clarifying what > "implementation" could mean seem redundant. Either classifying a > standards document arising from the model as an "implementation" is > confusing and wrong, or it should be explained once (as it is in section > 3) and the reader should be expected to understand that henceforth. > > * In 6.2, "completenes" -> "completeness". > > * In 6.4.2.3, i.e appears used when e.g. is meant, since a keying policy > could apply to password changes as well as principal creation. > > * In 6.4.2.3, the wrong form of "determine" is used. The whole sentence > is awkward; striking "possibly many" would help a little bit. > > * In 7.1, the word "backending" is coined. "Back-ending" might be > slightly less abusive of the English language, although either is pretty > informal. > > * In 7.1, Harvard comma in "principals, policy and other". > > * In 7.2, "access-protocol" -> "access protocol". > > * In 7.3, "SOAP-interface" -> "SOAP interface". > > * 7.4 contians a run-on sentence which is also missing period. > > * Section 8 contains a parenthentical signed by leifj which should go > before publishing. > > * In 8, "access control objects is" -> "access control objects are". > > * In 8, "etc. etc." is excessively informal. > > > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 9 15:07:18 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D5043A6A40 for ; Tue, 9 Mar 2010 15:07:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfe+-1dTwpxi for ; Tue, 9 Mar 2010 15:07:17 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 07ACC3A69A6 for ; Tue, 9 Mar 2010 15:07:16 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 7C44921; Tue, 9 Mar 2010 17:07:21 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 248A632; Tue, 9 Mar 2010 17:07:20 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D116380E4B; Tue, 9 Mar 2010 17:07:20 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 1260880E43 for ; Tue, 9 Mar 2010 17:07:19 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E8B927CC07E; Tue, 9 Mar 2010 17:07:18 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24520-04; Tue, 9 Mar 2010 17:07:18 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id C9A567CC06C for ; Tue, 9 Mar 2010 17:07:18 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao4BAK9ilkvYmteamWdsb2JhbACbBBUBAQEBAQgLCgcTIr07hHkE X-IronPort-AV: E=Sophos;i="4.49,611,1262584800"; d="scan'208";a="38497853" Received: from us.padl.com ([216.154.215.154]) by mailgateway.anl.gov with ESMTP; 09 Mar 2010 17:07:18 -0600 Received: by us.padl.com with ESMTP id o29N78Up005157; Tue, 9 Mar 2010 18:07:12 -0500 Mime-Version: 1.0 (Apple Message framework v1077) From: Luke Howard In-Reply-To: <4B96C7CC.50507@mnt.se> Date: Wed, 10 Mar 2010 00:07:09 +0100 Message-Id: <2ECD1FF4-EE44-432B-9EFA-D2FD249B72ED@padl.com> References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> <1268008023.18898.288.camel@ray> <4B96C7CC.50507@mnt.se> To: Leif Johansson X-Mailer: Apple Mail (2.1077) X-SMTP-Vilter-Version: 1.3.6 X-Spamd-Symbols: AWL,BAYES_00,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC X-SMTP-Vilter-Spam-Backend: spamd X-Spam-Threshold: 5.0 X-Spam-Probability: -0.1 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: Re: [Ietf-krb-wg] Comments on draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov > Is it reasonable for a principal to be a member of several realms or > should that just be two principals? Surely the latter, otherwise are you not circumventing the cross-realm model? -- Luke _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 9 16:32:54 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 335633A679C for ; Tue, 9 Mar 2010 16:32:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfkQxDi3u+LY for ; Tue, 9 Mar 2010 16:32:52 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D2E433A6AC7 for ; Tue, 9 Mar 2010 16:32:52 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3DA593E; Tue, 9 Mar 2010 18:32:57 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D609A38; Tue, 9 Mar 2010 18:32:55 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 62FD380E4B; Tue, 9 Mar 2010 18:32:55 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 099C380E43 for ; Tue, 9 Mar 2010 18:32:54 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E63A87CC077; Tue, 9 Mar 2010 18:32:53 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02581-07; Tue, 9 Mar 2010 18:32:53 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id B31C57CC076 for ; Tue, 9 Mar 2010 18:32:53 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhwSAMZ3lktuBL2G/2dsb2JhbACTBwaHdnS8S4R5BIMVgwE X-IronPort-AV: E=Sophos;i="4.49,611,1262584800"; d="scan'208,223";a="38500279" Received: from z189134.ppp.asahi-net.or.jp (HELO mama.tanu.org) ([110.4.189.134]) by mailgateway.anl.gov with ESMTP; 09 Mar 2010 18:32:52 -0600 Received: from shoichi.tanu.org (120.145.221.202.bf.2iij.net [202.221.145.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mama.tanu.org (Postfix) with ESMTPSA id ED3F416B3B for ; Wed, 10 Mar 2010 09:32:50 +0900 (JST) Message-ID: <4B96E8BB.7070205@tanu.org> Date: Wed, 10 Mar 2010 09:32:59 +0900 From: Shoichi Sakane User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <4B596B48.8000102@tanu.org> In-Reply-To: <4B596B48.8000102@tanu.org> Content-Type: multipart/mixed; boundary="------------030808010306050007090809" X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] updated, Kerberos option for DHCPv6 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --------------030808010306050007090809 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit All, About Kerberos option for DHCPv6, I have submitted new version that includes the capability of providing an IPv4 address. I think this is almost final version. You can find it from http://tools.ietf.org/html/draft-sakane-dhc-dhcpv6-kdc-option-08 In the meeting at Stockholm, some people gave me suggestions that the option should have to provide both of families in order to achieve the transition to IPv6 from IPv4, and the draft has to describe the recommendation. I responded to that. Now, I believe current version is almost ready to the WG last call. I would like to hear any further comment if you have something. And if there is no issue, I would like to request the WG chair to move this document forward. Unfortunately, I can not attend the meeting at Anaheim due to my company's request, and I can not join the krb-wg meeting because I will have to be in the airplane during the meeting time. So, if someone will care about the status of this document in the meeting, I appreciate you very much. Shoichi Sakane P.S. Actually, it seems that there is no description on the WG charter about the DHCPv6 option, but in the IETF74 meeting, we decided that this option should be adopted as working group item, and the krb-wg charter should have to be updated. On 01/22/2010 06:09 PM, Shoichi Sakane wrote: > Hi all, > > I have submitted new version of Kerberos option for DHCPv6. > > I have fixed some issues which were described in section of > the specification consideration. Only remain issue is to > provide an IPv4 address or not. > > I added a field of the service type into the KDC sub-option, > which is defined in section 2.2. The service type provides > the type of the transport of the Kerberos exchange. > It is helpful for a client to determine the way to communicate > with the KDC. I think that it would be a solution to solve > an interoperability issue which explained in section 4 of RFC 5021. > And I think that it would be helpful for a client to determine > using STARTTLS. Love also pointed it out at the meeting in Stockholm. > > I removed the description of other configuration parameters > to be defined in this document. These other parameters should > be defined in the future in another document. > > I described the behavior when the server does not have any information > to be responded to the client and there is no criteria on the server. > The text is below. > > When the server does not have any information to be responded to the > client the server SHOULD send the Kerberos option which does not > contain any sub-option. This behavior prevents the client from > retransmitting the Information-request message indefinitely. > > Note that the decision of the administrator of the server is > always accorded priority over this behavior. > > If you have any comment or suggestion, please let me know. > > Best, > > Shoichi Sakane > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --------------030808010306050007090809 Content-Type: message/rfc822; name="Attached Message" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Attached Message" Return-Path: X-Original-To: sakane@tanu.org Delivered-To: sakane@tanu.org Received: by mama.tanu.org (Postfix, from userid 10005) id B040416CD4; Tue, 9 Mar 2010 09:05:02 +0900 (JST) Received: from orange.kame.net (orange.kame.net [203.178.141.194]) by mama.tanu.org (Postfix) with ESMTP id 35CD116B10 for ; Tue, 9 Mar 2010 09:04:59 +0900 (JST) Received: by orange.kame.net (Postfix) id 1E6D437B923; Tue, 9 Mar 2010 09:04:59 +0900 (JST) Delivered-To: sakane@kame.net Received: from localhost (localhost [127.0.0.1]) by orange.kame.net (Postfix) with ESMTP id EF5E337B4CC; Tue, 9 Mar 2010 09:04:58 +0900 (JST) X-Virus-Scanned: amavisd-new at kame.net Received: from orange.kame.net ([127.0.0.1]) by localhost (orange.kame.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RskZ1R-9JcXs; Tue, 9 Mar 2010 09:04:55 +0900 (JST) Received: from mail.ietf.org (mail.ietf.org [IPv6:2001:1890:1112:1::20]) by orange.kame.net (Postfix) with ESMTP id 8EB2737B4BD; Tue, 9 Mar 2010 09:04:54 +0900 (JST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 693983A6BC2; Mon, 8 Mar 2010 16:00:07 -0800 (PST) X-Original-To: i-d-announce@ietf.org Delivered-To: i-d-announce@core3.amsl.com Received: by core3.amsl.com (Postfix, from userid 0) id E32843A6889; Mon, 8 Mar 2010 16:00:01 -0800 (PST) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Subject: I-D Action:draft-sakane-dhc-dhcpv6-kdc-option-08.txt Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20100309000001.E32843A6889@core3.amsl.com> Date: Mon, 8 Mar 2010 16:00:01 -0800 (PST) X-BeenThere: i-d-announce@ietf.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: internet-drafts@ietf.org List-Id: Internet Draft Announcements only List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: i-d-announce-bounces@ietf.org Errors-To: i-d-announce-bounces@ietf.org X-ClamAV-Checked: ClamAV: OK (ClamAV 0.95.2) X-SpamAssassin-Checked: NO, score=0.5/5.0 (SpamAssassin Client version 3.2.5) --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Kerberos Option for DHCPv6 Author(s) : S. Sakane, M. Ishiyama Filename : draft-sakane-dhc-dhcpv6-kdc-option-08.txt Pages : 19 Date : 2010-03-08 This document defines a new DHCPv6 option to carry a set of configuration information related to the Kerberos protocol [RFC4120]. This document also defines three sub-options to be used within this new option, which specify a realm name of the Kerberos, a list of IP addresses of the Key Distribution Center of that realm, and a client principal name to distinguish a Kerberos client by the DHCPv6 server. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-sakane-dhc-dhcpv6-kdc-option-08.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-sakane-dhc-dhcpv6-kdc-option-08.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2010-03-08155303.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt --NextPart-- --------------030808010306050007090809 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --------------030808010306050007090809-- From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 9 17:50:54 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C27653A6AE1 for ; Tue, 9 Mar 2010 17:50:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNYXLNwN--De for ; Tue, 9 Mar 2010 17:50:53 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3430F3A67F2 for ; Tue, 9 Mar 2010 17:50:52 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id BA60838; Tue, 9 Mar 2010 19:50:56 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7B24A2E; Tue, 9 Mar 2010 19:50:54 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 383B480E4B; Tue, 9 Mar 2010 19:50:54 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 44B0080E43 for ; Tue, 9 Mar 2010 19:50:52 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 1C3B57CC086; Tue, 9 Mar 2010 19:50:52 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09279-10; Tue, 9 Mar 2010 19:50:52 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 018987CC07E for ; Tue, 9 Mar 2010 19:50:51 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiIBAFuJlkuAlYtpkWdsb2JhbACbGQEBAQEJCwoHEwUdvFyEeQSDFw X-IronPort-AV: E=Sophos;i="4.49,611,1262584800"; d="scan'208";a="38501937" Received: from mailhost.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.105]) by mailgateway.anl.gov with ESMTP; 09 Mar 2010 19:50:51 -0600 Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2A1onO6022200; Tue, 9 Mar 2010 17:50:49 -0800 Mime-Version: 1.0 (Apple Message framework v1077) From: "Henry B. Hotz" In-Reply-To: <2ECD1FF4-EE44-432B-9EFA-D2FD249B72ED@padl.com> Date: Tue, 9 Mar 2010 17:50:49 -0800 Message-Id: <6CCA1592-6585-4DA5-8166-BF11DC15388A@jpl.nasa.gov> References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> <1268008023.18898.288.camel@ray> <4B96C7CC.50507@mnt.se> <2ECD1FF4-EE44-432B-9EFA-D2FD249B72ED@padl.com> To: Luke Howard X-Mailer: Apple Mail (2.1077) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] Comments on draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 9, 2010, at 3:07 PM, Luke Howard wrote: >> Is it reasonable for a principal to be a member of several realms or >> should that just be two principals? > > Surely the latter, otherwise are you not circumventing the cross-realm model? > > -- Luke I hadn't thought of it in just those terms, but I agree (that they're just two principals). I can't think of any convincing counterexamples. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From makeshiftsy560@torrentilaw.com Tue Mar 9 18:35:15 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D0813A6B0A for ; Tue, 9 Mar 2010 18:35:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -60.044 X-Spam-Level: X-Spam-Status: No, score=-60.044 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_NJABL_PROXY=1.643, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TvO1mVXqhlHy for ; Tue, 9 Mar 2010 18:35:11 -0800 (PST) Received: from 201-1-173-229.dsl.telesp.net.br (201-1-173-229.dsl.telesp.net.br [201.1.173.229]) by core3.amsl.com (Postfix) with ESMTP id A723E3A69E2 for ; Tue, 9 Mar 2010 18:35:10 -0800 (PST) Received: from 201.1.173.229 by mail.torrentilaw.com; Tue, 9 Mar 2010 23:35:12 -0300 Date: Tue, 9 Mar 2010 23:35:12 -0300 From: krb-wg-archive@lists.ietf.org Subject: I can do for you is - what can not no girl! To: Message-ID: <000d01cabffa$4f71aea0$6400a8c0@makeshiftsy560> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Meet and marry a gorgeous Russian queen. http://brusque7680.spaces.live.com From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 10 08:16:33 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6828C3A6993 for ; Wed, 10 Mar 2010 08:16:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpnDLq0oH2Be for ; Wed, 10 Mar 2010 08:16:22 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1248D3A694D for ; Wed, 10 Mar 2010 08:16:16 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 181E83A; Wed, 10 Mar 2010 10:16:21 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D79D544; Wed, 10 Mar 2010 10:16:17 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7E75680E4C; Wed, 10 Mar 2010 10:16:17 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 981B980E4B for ; Wed, 10 Mar 2010 10:16:15 -0600 (CST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 90B5C32; Wed, 10 Mar 2010 10:16:15 -0600 (CST) Received: from [127.0.0.1] (atalanta.it.anl.gov [146.137.96.104]) by mailhost.anl.gov (Postfix) with ESMTP id 874A72D; Wed, 10 Mar 2010 10:16:15 -0600 (CST) Message-ID: <4B97C5CF.9030003@anl.gov> Date: Wed, 10 Mar 2010 10:16:15 -0600 From: "Douglas E. Engert" User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Luke Howard References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> <1268008023.18898.288.camel@ray> <4B96C7CC.50507@mnt.se> <2ECD1FF4-EE44-432B-9EFA-D2FD249B72ED@padl.com> In-Reply-To: <2ECD1FF4-EE44-432B-9EFA-D2FD249B72ED@padl.com> Cc: ietf-krb-wg@lists.anl.gov Subject: Re: [Ietf-krb-wg] Comments on draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Luke Howard wrote: >> Is it reasonable for a principal to be a member of several realms or >> should that just be two principals? > > Surely the latter, otherwise are you not circumventing the cross-realm model? I say the latter too. A KDC only issues tickets for principals its own realm. The KDC will accept a krbtgt ticket issued by a cross realm if it has the access to the key. I have always looked at the storing of the cross-realm principals in the database as a short cut to not having to store them in a separate keytab. > > -- Luke > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Wed Mar 10 11:41:59 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49FCB3A6952 for ; Wed, 10 Mar 2010 11:41:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -51.082 X-Spam-Level: X-Spam-Status: No, score=-51.082 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_ALMOST_IP=5.417, FH_HOST_ALMOST_IP=1.889, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePrHg1KhhS9S for ; Wed, 10 Mar 2010 11:41:58 -0800 (PST) Received: from bzq-219-237-6.pop.bezeqint.net (bzq-219-237-6.pop.bezeqint.net [62.219.237.6]) by core3.amsl.com (Postfix) with ESMTP id 3BE993A68F1 for ; Wed, 10 Mar 2010 11:41:56 -0800 (PST) From: "Pfizer Online shop" To: krb-wg-archive@lists.ietf.org Subject: ** Dear krb-wg-archive! 73% Off right now ** MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Message-Id: <20100310194157.3BE993A68F1@core3.amsl.com> Date: Wed, 10 Mar 2010 11:41:56 -0800 (PST) Click here to visit our shop http://17.keptwhose.ru/ Zupqafqh etoqgqloq cyheco punyajkoiru Zyruxe qvyfajakjqd geb agqguqbem Usimq xemaxugyj oxuwobahj Enivu umodiuqg oniwycipet jjjly Qmybolax tacqhufj jreh azulofe Iwan yog Maitej apuwai qzeqcasjnu qlqbuza Ano eluhoke qrqfeoxjrefo yruvysapour Abi cybalovq qnebylak monoeduw Ejsaxe Pylqj vqniadjyej azycobybe enjbj From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 10 13:46:45 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B87C13A6C2D for ; Wed, 10 Mar 2010 13:46:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWz+XXEiCcIW for ; Wed, 10 Mar 2010 13:46:44 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5016A3A6A2E for ; Wed, 10 Mar 2010 13:46:44 -0800 (PST) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9012A3E; Wed, 10 Mar 2010 15:46:49 -0600 (CST) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4C54A38; Wed, 10 Mar 2010 15:46:46 -0600 (CST) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1CA6480E4C; Wed, 10 Mar 2010 15:46:46 -0600 (CST) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2FC7180E31 for ; Wed, 10 Mar 2010 15:46:44 -0600 (CST) Received: by mailhost.anl.gov (Postfix) id 2A8B62C; Wed, 10 Mar 2010 15:46:44 -0600 (CST) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 2635E31 for ; Wed, 10 Mar 2010 15:46:44 -0600 (CST) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 204322C for ; Wed, 10 Mar 2010 15:46:44 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 0ADA67CC06C; Wed, 10 Mar 2010 15:46:44 -0600 (CST) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21814-06; Wed, 10 Mar 2010 15:46:43 -0600 (CST) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id E35E37CC054 for ; Wed, 10 Mar 2010 15:46:43 -0600 (CST) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AsAAAKqhl0uAAtnGkWdsb2JhbACaVRUBAQEBCQsKBxMFHa4khG2IWoR5BIMX X-IronPort-AV: E=Sophos;i="4.49,616,1262584800"; d="scan'208";a="38555730" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 10 Mar 2010 15:46:43 -0600 Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2ALkfxo005018 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 10 Mar 2010 16:46:42 -0500 (EST) Date: Wed, 10 Mar 2010 16:46:22 -0500 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <5B30968F846983FCFF531115@minbar.fac.cs.cmu.edu> In-Reply-To: <133C9495BD72D2D92C3CA8A4@minbar.fac.cs.cmu.edu> References: <133C9495BD72D2D92C3CA8A4@minbar.fac.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] IETF77 call for agenda items X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Wednesday, February 24, 2010 01:36:32 PM -0500 Jeffrey Hutzelman wrote: > Now would be a good time to let Larry and I know if you have something > you want to put on the agenda for IETF77. I have uploaded a _very rough_ draft agenda. I may add, remove, or update topics for discussion as I receive comments and as I recapture where we are on various things. Please feel free to send comments to Larry and me. I believe the reading list is fairly complete, but if you have something you'd like to talk about, please let the WG know so people will know in advance what background they need. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Thu Mar 11 07:27:24 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3E6E3A6A8E for ; Thu, 11 Mar 2010 07:27:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -53.797 X-Spam-Level: X-Spam-Status: No, score=-53.797 tagged_above=-999 required=5 tests=[BAYES_95=3, HELO_EQ_DSL=1.129, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, URIBL_BLACK=20, URIBL_JP_SURBL=10, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAxK2YbHzAFQ for ; Thu, 11 Mar 2010 07:27:14 -0800 (PST) Received: from gmb193.internetdsl.tpnet.pl (gmb193.internetdsl.tpnet.pl [83.3.53.193]) by core3.amsl.com (Postfix) with ESMTP id 5B5833A683A for ; Thu, 11 Mar 2010 07:26:13 -0800 (PST) From: "Pfizer Online shop" To: krb-wg-archive@lists.ietf.org Subject: ** Dear krb-wg-archive! 73% Off right now ** MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Message-Id: <20100311152613.5B5833A683A@core3.amsl.com> Date: Thu, 11 Mar 2010 07:26:13 -0800 (PST) Click here to visit our shop http://39.cutsoil.ru/ Mjpyfyom oke nuvumafu ljmiefuzou Tido iarqiqalelu okqmyyd holu Ugeaono yceferoic kyheqdeji Suraqyvq exqluc adjfyabujet nikaew Qogoygifj rqcoim kuzoxurje jdoxj Opjbe ezuoqvovqna Rqudjdy badousjtevq qdohqgucqmqi asjmit Yxuewo eepjqgydi nyvuto orqjfeiqt Ygytjw wejwoqhezibu izicjzaq xubevabquceb Avutqfy Jkumamjdj vjmojfy oul ukjdosaxjj From krb-wg-archive@lists.ietf.org Fri Mar 12 07:21:49 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 01BC13A6BD6 for ; Fri, 12 Mar 2010 07:21:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.622 X-Spam-Level: X-Spam-Status: No, score=-1.622 tagged_above=-999 required=5 tests=[BAYES_99=3.5, GB_I_LETTER=-2, HELO_EQ_CZ=0.445, HOST_EQ_BROADBND=1.118, HOST_EQ_CZ=0.904, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SARE_FROM_DRUGS=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LThVXFsK5bWR for ; Fri, 12 Mar 2010 07:21:42 -0800 (PST) Received: from 76.2.broadband2.iol.cz (76.2.broadband2.iol.cz [83.208.2.76]) by core3.amsl.com (Postfix) with ESMTP id D15DF3A6CB4 for ; Fri, 12 Mar 2010 07:05:15 -0800 (PST) From: Pfizer VIAGRA Reseller To: krb-wg-archive@lists.ietf.org Subject: Dear krb-wg-archive@lists.ietf.org receive 80% OFF on Pfizer MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100312150515.D15DF3A6CB4@core3.amsl.com> Date: Fri, 12 Mar 2010 07:05:15 -0800 (PST) Newsletter
Can't see everything? Visit online version here.

Graphics not loaded? Hit this link

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Hafuk. All rights reserved.
From annals@whalenbrothers.com Fri Mar 12 23:15:09 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0F8F3A698B for ; Fri, 12 Mar 2010 23:15:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -86.02 X-Spam-Level: X-Spam-Status: No, score=-86.02 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, STOX_REPLY_TYPE=0.001, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Eq40o2j3zJ6 for ; Fri, 12 Mar 2010 23:15:08 -0800 (PST) Received: from chello084010007100.chello.pl (chello084010007100.chello.pl [84.10.7.100]) by core3.amsl.com (Postfix) with ESMTP id F26223A6856 for ; Fri, 12 Mar 2010 23:15:06 -0800 (PST) Received: from 84.10.7.100 by whalenbrothers.com; Sat, 13 Mar 2010 08:15:01 +0100 Date: Sat, 13 Mar 2010 08:15:01 +0100 From: krb-wg-archive@lists.ietf.org Subject: For the men who needs to be ready always To: Message-ID: <000d01cac27c$e544e030$6400a8c0@annals> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Gain 4 inches in less than 6 months, it could happen now http://chemic2163.spaces.live.com From krb-wg-archive@lists.ietf.org Sat Mar 13 09:13:32 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C053E3A6A64 for ; Sat, 13 Mar 2010 09:13:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -23.953 X-Spam-Level: X-Spam-Status: No, score=-23.953 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_HCC=4.295, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_BR=0.955, HELO_EQ_DSL=1.129, HELO_EQ_TELESP=1.245, HOST_EQ_BR=1.295, HTML_IMAGE_ONLY_28=1.561, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_RECV_SPAM_DOMN02=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_SBL=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOWYkNExuRrw for ; Sat, 13 Mar 2010 09:13:26 -0800 (PST) Received: from 189-19-5-190.dsl.telesp.net.br (189-19-5-190.dsl.telesp.net.br [189.19.5.190]) by core3.amsl.com (Postfix) with ESMTP id 2B8B03A693B for ; Sat, 13 Mar 2010 09:13:18 -0800 (PST) From: Official Pfizer Pharmacy To: krb-wg-archive@lists.ietf.org Subject: User krb-wg-archive receives 70% discounts on all products. MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100313171319.2B8B03A693B@core3.amsl.com> Date: Sat, 13 Mar 2010 09:13:18 -0800 (PST) News
Trouble viewing these images? See the online version of this e-mail.

Try using this link in case of problems with images
 

c 1999-2009 JIGA, Inc.
This e-mail was sent to krb-wg-archive@lists.ietf.org.

Click here to unsubscribe
From cricketers1@caelestium.com Sat Mar 13 12:29:52 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94EB73A67F9 for ; Sat, 13 Mar 2010 12:29:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -74.373 X-Spam-Level: X-Spam-Status: No, score=-74.373 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_DSN=1.495, FH_FAKE_RCVD_LINE_B=5.777, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_DYNAMIC_IPADDR2=4.395, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, STOX_REPLY_TYPE=0.001, TVD_RCVD_IP=1.931, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPBnknpfsHU0 for ; Sat, 13 Mar 2010 12:29:51 -0800 (PST) Received: from 79-3.79-83.cust.bluewin.ch (79-3.79-83.cust.bluewin.ch [83.79.3.79]) by core3.amsl.com (Postfix) with ESMTP id 529F43A67A4 for ; Sat, 13 Mar 2010 12:29:51 -0800 (PST) Received: from 83.79.3.79 by mail.caelestium.com; Sat, 13 Mar 2010 21:29:56 +0100 Date: Sat, 13 Mar 2010 21:29:56 +0100 From: krb-wg-archive@lists.ietf.org Subject: Obama's mistress revealed To: Message-ID: <000d01cac2eb$f1b207c0$6400a8c0@cricketers1> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailer: Microsoft Outlook Express 6.00.2900.2180 Content-type: text/plain; format=flowed; charset="utf-8"; reply-type=original Content-transfer-encoding: 7bit X-Priority: 3 X-MSMail-priority: Normal Your lady will have to open wider to admit your enlarged rod - get it NOW http://stiletto45.spaces.live.com From krb-wg-archive@lists.ietf.org Mon Mar 15 19:17:23 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0B993A683F for ; Mon, 15 Mar 2010 19:17:23 -0700 (PDT) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Mon, 15 Mar 2010 19:17:17 -0700 (PDT) Received: from accountancysolutions.ie (unknown [110.137.148.224]) by core3.amsl.com (Postfix) with SMTP id ECC323A67FF for ; Mon, 15 Mar 2010 19:17:05 -0700 (PDT) From: Approved VIAGRA® Store Subject: Your Future Order with 79% off retail To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100316021709.ECC323A67FF@core3.amsl.com> Date: Mon, 15 Mar 2010 19:17:05 -0700 (PDT)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 77009 Inc. All rights reserved.

From krb-wg-archive@lists.ietf.org Tue Mar 16 07:59:28 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76F763A6768 for ; Tue, 16 Mar 2010 07:59:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -24.892 X-Spam-Level: X-Spam-Status: No, score=-24.892 tagged_above=-999 required=5 tests=[BAYES_99=3.5, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_DB=0.888, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUzd+f1e7q7l for ; Tue, 16 Mar 2010 07:59:27 -0700 (PDT) Received: from 3-231-235-201.fibertel.com.ar (3-231-235-201.fibertel.com.ar [201.235.231.3]) by core3.amsl.com (Postfix) with ESMTP id B38993A65A6 for ; Tue, 16 Mar 2010 07:59:26 -0700 (PDT) From: Pfizer VIAGRA Reseller To: krb-wg-archive@lists.ietf.org Subject: Dear krb-wg-archive@lists.ietf.org receive 80% OFF on Pfizer MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100316145926.B38993A65A6@core3.amsl.com> Date: Tue, 16 Mar 2010 07:59:26 -0700 (PDT) Newsletter
Can't see everything? Visit online version here.

Graphics not loaded? Hit this link

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Akecamam. All rights reserved.
From krb-wg-archive@lists.ietf.org Wed Mar 17 07:04:10 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8703E3A67D3 for ; Wed, 17 Mar 2010 07:04:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -13.527 X-Spam-Level: X-Spam-Status: No, score=-13.527 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HTML_IMAGE_ONLY_28=1.561, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2YaRA+KFXnTC for ; Wed, 17 Mar 2010 07:04:05 -0700 (PDT) Received: from 95-193-16-190.fibertel.com.ar (95-193-16-190.fibertel.com.ar [190.16.193.95]) by core3.amsl.com (Postfix) with ESMTP id CEEEB3A68E9 for ; Wed, 17 Mar 2010 07:03:46 -0700 (PDT) From: Official Pfizer Pharmacy To: krb-wg-archive@lists.ietf.org Subject: User krb-wg-archive receives 70% discounts on all products. MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100317140346.CEEEB3A68E9@core3.amsl.com> Date: Wed, 17 Mar 2010 07:03:46 -0700 (PDT) News
Trouble viewing these images? See the online version of this e-mail.

Try using this link in case of problems with images
 

c 1999-2009 VIQOPU, Inc.
This e-mail was sent to krb-wg-archive@lists.ietf.org.

Click here to unsubscribe
From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 17 08:07:12 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8626D3A6C6B for ; Wed, 17 Mar 2010 08:07:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.468 X-Spam-Level: X-Spam-Status: No, score=-5.468 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9uoC-sHBUmc for ; Wed, 17 Mar 2010 08:07:10 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id C06673A6C92 for ; Wed, 17 Mar 2010 08:02:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 66DE73F; Wed, 17 Mar 2010 10:02:57 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E1F1132; Wed, 17 Mar 2010 10:02:53 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id BE1F280E4B; Wed, 17 Mar 2010 10:02:53 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id CA8D980E43 for ; Wed, 17 Mar 2010 10:02:52 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B49EC7CC1CE; Wed, 17 Mar 2010 10:02:52 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23626-02; Wed, 17 Mar 2010 10:02:52 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 901E57CC19C for ; Wed, 17 Mar 2010 10:02:52 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AicBAIuLoEsSB0QjmWdsb2JhbACbBBUBAQEBAQgLCgcTHAasRIR6iFuCUIImBIYc X-IronPort-AV: E=Sophos;i="4.49,657,1262584800"; d="scan'208";a="38856073" Received: from dmz-mailsec-scanner-6.mit.edu ([18.7.68.35]) by mailgateway.anl.gov with ESMTP; 17 Mar 2010 10:02:52 -0500 X-AuditID: 12074423-b7c0bae0000030f0-34-4ba0ef1bb4e7 Received: from mailhub-auth-4.mit.edu (MAILHUB-AUTH-4.MIT.EDU [18.7.62.39]) by dmz-mailsec-scanner-6.mit.edu (Symantec Brightmail Gateway) with SMTP id 84.49.12528.B1FE0AB4; Wed, 17 Mar 2010 11:02:51 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-EXCHANGE-2.MIT.EDU [18.9.28.16]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id o2HF2psb014623 for ; Wed, 17 Mar 2010 11:02:51 -0400 Received: from w92exedge3.EXCHANGE.MIT.EDU (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) ) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id o2HF2p4p020462 for ; Wed, 17 Mar 2010 11:02:51 -0400 Received: from w92exhub7.exchange.mit.edu (18.7.73.13) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 8.1.393.1; Wed, 17 Mar 2010 11:02:34 -0400 Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by w92exhub7.exchange.mit.edu ([18.7.73.13]) with mapi; Wed, 17 Mar 2010 11:02:50 -0400 From: Thomas Hardjono To: "ietf-krb-wg@lists.anl.gov" Date: Wed, 17 Mar 2010 11:02:48 -0400 Thread-Topic: WS-Manage, SOAP and CIM -- RE: [Ietf-krb-wg] I-D Action:draft-ietf-krb-wg-kdc-model-07.txt Thread-Index: Acq95Vt2Dl00hSD4S6aJ5YmBWDmkPAH+7UFw Message-ID: References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> In-Reply-To: <20100307110001.CB9FE3A8D9D@core3.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] WS-Manage, SOAP and CIM -- RE: I-D Action:draft-ietf-krb-wg-kdc-model-07.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov I finally got around to reading the draft by Leif. I think its heading in the right direction, as KDC-management is one of the items needing improvement. My question is high level: has there been any thought of using (re-using) the work of the DMTF (Distributed Management Task Force) in the area of management. http://www.dmtf.org/standards/wsman/ The DMTF people use the CIM language/syntax for modeling (which is similar to what Leif has done in his draft). They then use SOAP and the Web Services stack to build the WS-Management interface. btw. WS-Manage is now supported by the majority of vendors in the manageability and instrumentation space. /thomas/ > -----Original Message----- > From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg- > bounces@lists.anl.gov] On Behalf Of Internet-Drafts@ietf.org > Sent: Sunday, March 07, 2010 6:00 AM > To: i-d-announce@ietf.org > Cc: ietf-krb-wg@lists.anl.gov > Subject: [Ietf-krb-wg] I-D Action:draft-ietf-krb-wg-kdc-model-07.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Kerberos Working Group of the IETF. > > > Title : An information model for Kerberos version 5 > Author(s) : L. Johansson > Filename : draft-ietf-krb-wg-kdc-model-07.txt > Pages : 19 > Date : 2010-03-07 > > This document describes an information model for Kerberos version 5 from the > point of view of an administrative service. There is no standard for > administrating a kerberos 5 KDC. This document describes the services > exposed by an administrative interface to a KDC. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kdc-model-07.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the Internet- > Draft. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Fri Mar 19 02:03:54 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4510A3A686C for ; Fri, 19 Mar 2010 02:03:54 -0700 (PDT) X-Quarantine-ID: <9Ny18vERnV85> X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Fri, 19 Mar 2010 02:03:53 -0700 (PDT) Received: from aiu.edu (unknown [78.189.104.171]) by core3.amsl.com (Postfix) with SMTP id 50CB03A686B for ; Fri, 19 Mar 2010 02:03:51 -0700 (PDT) From: Approved VIAGRA® Store Subject: Your Future Order with 75% off retail To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100319090352.50CB03A686B@core3.amsl.com> Date: Fri, 19 Mar 2010 02:03:51 -0700 (PDT)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 91550 Inc. All rights reserved.

From krb-wg-archive@lists.ietf.org Fri Mar 19 07:22:35 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7ED903A685A for ; Fri, 19 Mar 2010 07:22:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -20.464 X-Spam-Level: X-Spam-Status: No, score=-20.464 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, GB_I_LETTER=-2, HELO_EQ_CZ=0.445, HOST_EQ_BROADBND=1.118, HOST_EQ_CZ=0.904, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, SARE_FROM_DRUGS=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDgTn8GMPoR9 for ; Fri, 19 Mar 2010 07:22:33 -0700 (PDT) Received: from 49.108.broadband7.iol.cz (49.108.broadband7.iol.cz [88.102.108.49]) by core3.amsl.com (Postfix) with ESMTP id 734E73A681A for ; Fri, 19 Mar 2010 07:22:31 -0700 (PDT) From: Leading Viagra Shop To: krb-wg-archive@lists.ietf.org Subject: User, krb-wg-archive! 70% better Sale prices! MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100319142231.734E73A681A@core3.amsl.com> Date: Fri, 19 Mar 2010 07:22:31 -0700 (PDT) Newsletter
Can't see everything? Visit online version here.

Please click to enter shop

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Vofil. All rights reserved.
From krb-wg-archive@lists.ietf.org Sun Mar 21 10:06:47 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4FCBD3A68B3 for ; Sun, 21 Mar 2010 10:06:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -21.14 X-Spam-Level: X-Spam-Status: No, score=-21.14 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DE=0.35, HELO_EQ_DSL=1.129, HTML_IMAGE_ONLY_28=1.561, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, SARE_FROM_DRUGS=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYhoh+-BADPb for ; Sun, 21 Mar 2010 10:06:46 -0700 (PDT) Received: from g225023026.adsl.alicedsl.de (g225064015.adsl.alicedsl.de [92.225.64.15]) by core3.amsl.com (Postfix) with ESMTP id AE1513A6945 for ; Sun, 21 Mar 2010 10:06:43 -0700 (PDT) From: Branded Viagra. Fast delivery To: krb-wg-archive@lists.ietf.org Subject: Sale all week, krb-wg-archive. 70% or ever bigger MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100321170643.AE1513A6945@core3.amsl.com> Date: Sun, 21 Mar 2010 10:06:43 -0700 (PDT) News
Trouble viewing these images? See the online version of this e-mail.

Click to enter shop immediately
 

c 1999-2009 YCEQ, Inc.
This e-mail was sent to krb-wg-archive@lists.ietf.org.

Click here to unsubscribe
From krb-wg-archive@lists.ietf.org Mon Mar 22 04:48:32 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03B0A3A690B for ; Mon, 22 Mar 2010 04:48:32 -0700 (PDT) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Mon, 22 Mar 2010 04:48:24 -0700 (PDT) Received: from pc03.addendahard.iasi.rdsnet.ro (pc03.addendahard.iasi.rdsnet.ro [86.124.136.10]) by core3.amsl.com (Postfix) with SMTP id 154B43A6765 for ; Mon, 22 Mar 2010 04:48:19 -0700 (PDT) From: Approved VIAGRA® Store Subject: Special Code for 70% for krb-wg-archive@lists.ietf.org To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100322114823.154B43A6765@core3.amsl.com> Date: Mon, 22 Mar 2010 04:48:19 -0700 (PDT)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 76631 Inc. All rights reserved.

From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 22 11:08:42 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 59E1128C163 for ; Mon, 22 Mar 2010 11:08:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.469 X-Spam-Level: X-Spam-Status: No, score=-105.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZ6GZEdBC+vB for ; Mon, 22 Mar 2010 11:08:37 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 937D828C10D for ; Mon, 22 Mar 2010 11:08:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5D99A3A; Mon, 22 Mar 2010 13:08:53 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 4C3162E; Mon, 22 Mar 2010 13:08:50 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1E6E680E4C; Mon, 22 Mar 2010 13:08:50 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 823D080E31 for ; Mon, 22 Mar 2010 13:08:48 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 624937CC05C; Mon, 22 Mar 2010 13:08:48 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32550-04; Mon, 22 Mar 2010 13:08:48 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 480297CC060 for ; Mon, 22 Mar 2010 13:08:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AloBAKNOp0tAqmIgjmdsb2JhbACPQgGLYRUBAQEBCQsICREHHbxOhH0Egx4 X-IronPort-AV: E=Sophos;i="4.51,289,1267423200"; d="scan'208";a="39070641" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 22 Mar 2010 13:08:46 -0500 Received: by core3.amsl.com (Postfix, from userid 30) id 233163A6850; Mon, 22 Mar 2010 11:08:27 -0700 (PDT) X-idtracker: yes From: The IESG To: IETF-Announce Message-Id: <20100322180828.233163A6850@core3.amsl.com> Date: Mon, 22 Mar 2010 11:08:28 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: krb-wg mailing list , Internet Architecture Board , krb-wg chair , RFC Editor Subject: [Ietf-krb-wg] Document Action: 'Problem statement on the cross-realm operation of Kerberos' to Informational RFC X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov The IESG has approved the following document: - 'Problem statement on the cross-realm operation of Kerberos ' as an Informational RFC This document is the product of the Kerberos Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-cross-problem-statement-06.txt Technical Summary There are some issues when the cross-realm operation of the Kerberos Version 5 [RFC4120] will emerge when deployed into real world systems. This document describes two classes of fairly complex systems where cross-realm kereberos could be applied, and lists requirements and restriction of the operation in such systems. Then it describes issues when we apply the cross-realm operation to such systems. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality This document does not specify a protocol; rather, it analyzes the use of Kerberos cross-realm authentication and discusses a number of issues which may impede some deployments. Solutions to some of these problems are under active development. Personnel The Document Shepherd for this document is Jeffrey Hutzelman. The responsible Area Director is Tim Polk. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 22 11:23:31 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 101433A682E for ; Mon, 22 Mar 2010 11:23:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3iHBLjPN6wAH for ; Mon, 22 Mar 2010 11:23:29 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A7E5F3A67E3 for ; Mon, 22 Mar 2010 11:23:29 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 88CBA29; Mon, 22 Mar 2010 13:23:47 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 263674C; Mon, 22 Mar 2010 13:23:46 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id BEE3A80E4C; Mon, 22 Mar 2010 13:23:46 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 33D3B80E31 for ; Mon, 22 Mar 2010 13:23:46 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 1FF757CC05E; Mon, 22 Mar 2010 13:23:46 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04015-05; Mon, 22 Mar 2010 13:23:46 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 050F87CC060 for ; Mon, 22 Mar 2010 13:23:45 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEACZSp0vBCvxC/2dsb2JhbACbJHO8TYJVgigE X-IronPort-AV: E=Sophos;i="4.51,289,1267423200"; d="scan'208";a="39071497" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 22 Mar 2010 13:23:45 -0500 Received: from [130.129.27.189] (dhcp-wireless-open-abg-27-189.meeting.ietf.org [130.129.27.189]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2MINdQQ018254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 22 Mar 2010 19:23:43 +0100 (CET) Message-ID: <4BA7B5AA.7060408@mnt.se> Date: Mon, 22 Mar 2010 19:23:38 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <20100307110001.CB9FE3A8D9D@core3.amsl.com> In-Reply-To: X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] WS-Manage, SOAP and CIM -- RE: I-D Action:draft-ietf-krb-wg-kdc-model-07.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On 03/17/2010 04:02 PM, Thomas Hardjono wrote: > I finally got around to reading the draft by Leif. I think its heading in the right direction, as KDC-management is one of the items needing improvement. > > My question is high level: has there been any thought of using (re-using) the work of the DMTF (Distributed Management Task Force) in the area of management. > http://www.dmtf.org/standards/wsman/ > > The DMTF people use the CIM language/syntax for modeling (which is similar to what Leif has done in his draft). They then use SOAP and the Web Services stack to build the WS-Management interface. > > btw. WS-Manage is now supported by the majority of vendors in the manageability and instrumentation space. > My ambition was always to stay away from any one metamodel since you can never get people to agree on those. Today If I'd have to choose a meta- model for the internet then probably yang is as good a candidate as any If the community wants WS-M*** then it should (as you say) be easy to write that up as a schema document based on the information model. Cheers Leif _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 22 17:37:28 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AB32728C2B2 for ; Mon, 22 Mar 2010 17:37:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.034 X-Spam-Level: X-Spam-Status: No, score=-6.034 tagged_above=-999 required=5 tests=[AWL=-0.565, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0YCDpqobv6D for ; Mon, 22 Mar 2010 17:37:27 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5E2B128C2B1 for ; Mon, 22 Mar 2010 17:37:24 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 58C962D; Mon, 22 Mar 2010 19:37:42 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A4C892C; Mon, 22 Mar 2010 19:37:40 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7EE6380E4D; Mon, 22 Mar 2010 19:37:40 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 77EFC80E4B for ; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 68D6317; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 634F02C for ; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5CA7E17 for ; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4632E7CC05C; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22913-05; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 2B7917CC056 for ; Mon, 22 Mar 2010 19:37:38 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj8BAAuqp0uAAtnFkWdsb2JhbACbKhUBAQEBCQsKBxMFHbA1hHmIW4R9BIMe X-IronPort-AV: E=Sophos;i="4.51,291,1267423200"; d="scan'208";a="39087471" Received: from smtp02.srv.cs.cmu.edu ([128.2.217.197]) by mailgateway.anl.gov with ESMTP; 22 Mar 2010 19:37:37 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2N0bYl7016562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Mar 2010 20:37:36 -0400 (EDT) Date: Mon, 22 Mar 2010 17:37:24 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <48F5D8C742A0D0265C58E4C0@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] Scribe needed X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov We are in need of a scribe or two for Wednesday's meeting. Interested parties please contact Larry and myself. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 23 18:36:59 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A7953A684D for ; Tue, 23 Mar 2010 18:36:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.036 X-Spam-Level: X-Spam-Status: No, score=-5.036 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Z5EU+i5kuVp for ; Tue, 23 Mar 2010 18:36:58 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E9D033A681F for ; Tue, 23 Mar 2010 18:36:54 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 7500829; Tue, 23 Mar 2010 20:37:14 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id BBD1617; Tue, 23 Mar 2010 20:37:09 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8C08D80E43; Tue, 23 Mar 2010 20:37:09 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 2B34A80E29 for ; Tue, 23 Mar 2010 20:37:08 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1DD3C11; Tue, 23 Mar 2010 20:37:08 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 1953717 for ; Tue, 23 Mar 2010 20:37:08 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 136F011 for ; Tue, 23 Mar 2010 20:37:08 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id EF2427CC05C; Tue, 23 Mar 2010 20:37:07 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16931-05; Tue, 23 Mar 2010 20:37:07 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id D3CEB7CC056 for ; Tue, 23 Mar 2010 20:37:07 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApsAAJoJqUuAAtnEkWdsb2JhbACbJxUBAQEBCQsKBxMFHbBZhSyIW4JVgigEgx4 X-IronPort-AV: E=Sophos;i="4.51,298,1267423200"; d="scan'208";a="39151558" Received: from smtp01.srv.cs.cmu.edu ([128.2.217.196]) by mailgateway.anl.gov with ESMTP; 23 Mar 2010 20:37:07 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2O1b5lB000178 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 23 Mar 2010 21:37:06 -0400 (EDT) Date: Tue, 23 Mar 2010 18:36:57 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.196 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] WG Last Call: draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This note announces the start of a two-week last call within the Kerberos Working Group on whether to send the following document to the IESG: Title: An information model for Kerberos version 5 Filename: draft-ietf-krb-wg-kdc-model-07.txt Intended Status: Standards Track This document describes an information model for Kerberos version 5 from the point of view of an administrative service. There is no standard for administrating a kerberos 5 KDC. This document describes the services exposed by an administrative interface to a KDC. Due to the ongoing IETF meeting, I am extending this last call by a few days. It will expire at 23:59 EDT on March 9, 2010. Please review this document and send any comments to the Kerberos Working Group mailing list, , by that date. The file can be obtained via http://tools.ietf.org/html/draft-ietf-krb-wg-kdc-model-07.txt -- Jeffrey T. Hutzelman (N3NHS) Co-Chair, IETF Kerberos Working Group Carnegie Mellon University - Pittsburgh, PA _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Tue Mar 23 19:56:04 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63D713A6BD1 for ; Tue, 23 Mar 2010 19:56:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.772 X-Spam-Level: X-Spam-Status: No, score=-3.772 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HTML_IMAGE_ONLY_28=1.561, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffwZ7yKD1gaT for ; Tue, 23 Mar 2010 19:56:02 -0700 (PDT) Received: from pc-220-196-104-200.cm.vtr.net (pc-220-196-104-200.cm.vtr.net [200.104.196.220]) by core3.amsl.com (Postfix) with ESMTP id D61C13A690A for ; Tue, 23 Mar 2010 19:55:53 -0700 (PDT) From: Branded Viagra. Fast delivery To: krb-wg-archive@lists.ietf.org Subject: Sale all week, krb-wg-archive. 70% or ever bigger MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100324025553.D61C13A690A@core3.amsl.com> Date: Tue, 23 Mar 2010 19:55:53 -0700 (PDT) News
Trouble viewing these images? See the online version of this e-mail.

Click to enter shop immediately
 

c 1999-2009 EXOWE, Inc.
This e-mail was sent to krb-wg-archive@lists.ietf.org.

Click here to unsubscribe
From krb-wg-archive@lists.ietf.org Tue Mar 23 21:04:54 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6FDD03A6C10 for ; Tue, 23 Mar 2010 21:04:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -19.261 X-Spam-Level: X-Spam-Status: No, score=-19.261 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DYNAMIC=1.144, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4lN+wMeGNW3Z for ; Tue, 23 Mar 2010 21:04:52 -0700 (PDT) Received: from 109-184-198-25.dynamic.mts-nn.ru (109-184-50-123.dynamic.mts-nn.ru [109.184.50.123]) by core3.amsl.com (Postfix) with ESMTP id 5228B3A6A2B for ; Tue, 23 Mar 2010 21:04:50 -0700 (PDT) From: Leading Viagra Shop To: krb-wg-archive@lists.ietf.org Subject: User, krb-wg-archive! 70% better Sale prices! MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100324040451.5228B3A6A2B@core3.amsl.com> Date: Tue, 23 Mar 2010 21:04:50 -0700 (PDT) Newsletter
Can't see everything? Visit online version here.

Please click to enter shop

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Bevu. All rights reserved.
From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 24 09:56:53 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA86D3A6C92 for ; Wed, 24 Mar 2010 09:56:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.209 X-Spam-Level: X-Spam-Status: No, score=-5.209 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TfFN+gGEyPs0 for ; Wed, 24 Mar 2010 09:56:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D0F6D3A6BF3 for ; Wed, 24 Mar 2010 09:56:51 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9175F29; Wed, 24 Mar 2010 11:57:12 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B1CF92D; Wed, 24 Mar 2010 11:57:08 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 87A4980E4C; Wed, 24 Mar 2010 11:57:08 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id CB6DE80E30 for ; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id BCAA411; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B848717 for ; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B272A11 for ; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9C0217CC05C; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12772-06; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 7FE147CC056 for ; Wed, 24 Mar 2010 11:57:06 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArgAADvhqUuAAtnEkWdsb2JhbACbGxUBAQEBCQsKBxMFHbIahROIW4R+BIMe X-IronPort-AV: E=Sophos;i="4.51,301,1267423200"; d="scan'208";a="39186541" Received: from smtp01.srv.cs.cmu.edu ([128.2.217.196]) by mailgateway.anl.gov with ESMTP; 24 Mar 2010 11:57:06 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2OGv3sV015085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Mar 2010 12:57:05 -0400 (EDT) Date: Wed, 24 Mar 2010 09:56:56 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <500BEFBD0687CEA7847344A2@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.196 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] WG meeting today - please join us X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Please join us for the KRB-WG WG meeting today, at 13:00 PDT (20:00 UTC). For those not able to participate in person, several means of remote participation are available: - Streaming audio of the meeting: - WebEx: - Jabber: krb-wg@jabber.ietf.org - Meeting materials download: -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 24 10:01:38 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05F4D3A694D for ; Wed, 24 Mar 2010 10:01:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.169 X-Spam-Level: X-Spam-Status: No, score=-2.169 tagged_above=-999 required=5 tests=[AWL=3.300, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8Z+prer4Ie7 for ; Wed, 24 Mar 2010 10:01:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B265C3A6872 for ; Wed, 24 Mar 2010 10:01:34 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 07BA54B; Wed, 24 Mar 2010 12:01:55 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8E93635; Wed, 24 Mar 2010 12:01:54 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 1C5122CC071; Wed, 24 Mar 2010 12:01:54 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E43CE80E4B for ; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id CAA7811; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B64E629 for ; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 9E8FA11 for ; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 8F11B7CC05C; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14389-10; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 593977CC059 for ; Wed, 24 Mar 2010 12:01:51 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAGfiqUvBCvxC/2dsb2JhbACbG3PACYR+BI5I X-IronPort-AV: E=Sophos;i="4.51,301,1267423200"; d="pdf'?scan'208";a="39186887" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 24 Mar 2010 12:01:49 -0500 Received: from [130.129.41.93] (dhcp-wireless-open-a-41-93.meeting.ietf.org [130.129.41.93] (may be forged)) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2OH1iFX020727 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Mar 2010 18:01:47 +0100 (CET) Message-ID: <4BAA4572.5060201@mnt.se> Date: Wed, 24 Mar 2010 18:01:38 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: Jeffrey Hutzelman Content-Type: multipart/mixed; boundary="------------090109030300030607080207" X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: [Ietf-krb-wg] slides for information-model WGLC status X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a multi-part message in MIME format. --------------090109030300030607080207 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit enjoy --------------090109030300030607080207 Content-Type: application/pdf; name="krb-model.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="krb-model.pdf" JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0ZpbHRlci9GbGF0 ZURlY29kZT4+CnN0cmVhbQp4nO1VS0/cMBC+51f4jJTg8TtSZAnYpSo32pV6QD1tSxHabQUX /n7nYSdmeWi5o2idiT2e7/PMfF49gHrqHpRWvUYzGhq9o/Hxt/pxov52oOh5/NNpWlD7Dp3Y 2pG7oncdZfauuz35mPODguAGz0s03VsYDNrbfXf6de/U6p+6xoh68MlZwHfyekzEKeGuAgQw uAoFfohsM7ylL7HIZ8u2GyMecldsM6SyyyWKKdHE3jKK2DvlBlvsuq/G2qqKwMdjVPImHpXn trubU7OkgDlwzH1jz8nR/OBpzzeddYmOCXYIavNLnV6CMkZtbm8mDbk3y/hzc9WtNx3nDZ9v XzjQE/6usJz3HVN3o8ZoREWspS6QPCK0dvVoNu7wNN8R4kHNTYIURyaIxZoJJiFocm8nbbOb tMtI0meYdMh+0lGn3OPHuNA+jEkEEnZFiRkwsTUoBjijoOcU74KGVR4nvcaQQKkATzN9RJwM yOAy96N4g85xAsiJoE2ZE5pr4kWT+E2bzjEazqRsIicZapwFWmYdRUsZoSWwmAQkXhQYLGMw NXBMkDeDJ/6x5SA7mZ2cgfFimyirWS1ajBCpWiNaIh8v8sF8YlelT419auwNjXEFXmqMDrq5 f20D4h+lShYO93VpYdaWNH/I78iyP9AlHOiyt0VTrLFZleGDomR+RZZgqxSrLImlb87Q8MAA RHnMkN5W57OMYftjrbCzkqTMYOHbzjLM1hbONJYCUjoju6TyNRLSWZ7dZVXW2pvQ1qWRx3Vx 4YVLPMG8tQ2DPEKBaNx5jepiK9M3m8lZOmg8OCdFe72XHN1NL/xvKNuW6mKpIHxDkhmW70im b2noQUe8w/jtPL+0TwXHeCZGAmcgW4m1TX7khfouEHjShYkWbyhGcsoul4hdlGq40s2EVJ3s QBnn9pZc09xZs25FGySTC55Y8eJa++Ic6/9U3UIdW6EAjs9aSJgCo2NNm1Mm1PqUfjHyj4sM dQRLcIZrFJjc3H/YTq6OvswfTSPSXQ8xvaQhMn9Go7SKYEGrAXFbQSo8zMLgWv0HjLBPYQpl bmRzdHJlYW0KZW5kb2JqCgozIDAgb2JqCjc5MQplbmRvYmoKCjUgMCBvYmoKPDwvVHlwZS9Y T2JqZWN0L1N1YnR5cGUvSW1hZ2UvV2lkdGggNTYgL0hlaWdodCA1OCAvQml0c1BlckNvbXBv bmVudCA4IC9MZW5ndGggNiAwIFIKL0ZpbHRlci9GbGF0ZURlY29kZS9Db2xvclNwYWNlWyAv SW5kZXhlZC9EZXZpY2VSR0IgMjU1Cjw5MkNDRUZBRUQ4RjM1MEI1RTZGNUZCRkUwQTlBREM2 NkJDRTlEOEVCRjkzN0FFRTRFN0YyRkI3QkMzRUIwMUE4RTJDNEUyRjYxREE0RTAwMDk2REEw MDk2REJGRkZGRkYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA+Cl0KPj4K c3RyZWFtCnichVYLouMgCBQsKCHW+992BzRt+n7rLm80KVGZEZyz9zm7z1mB0/vCd6tEHzbd 8gd+yKzcbMrRZ2mt0+F3v84MaxthzWx9T6Zzbb23Plu3Uq18TKgC44Udv7XJ7vi0y4Qr98l1 tgmn8rsfzKXyMU584vDeClc6ShVrro3Vyf21zqPcDXsqDX5qRviIzoIl9uibeX+OJ+24uOvd Zqca8/3cyhjtl1do6Zdxr9s6/tSw4zXhxdMNc398ENZcp4EHOnKfU9vxfJ41wwKeOp/Ubxh+ JNqqw09PhFStgIrZi/F4losnss4v9OWHqDcQj2+DihbD4MFNrwmDJ6stiKMyGYFMP+fkwCEc qlKYunCvpamMEcIInhQa6XK6slm1wzMuhbWaWC1ivbPh++IqQuDijFAET1jgHX/nYXNhf/Dw Og9ewcmyqRHwx3j0W/zfXGQ8D4PGzzKlSZUHdPMgxBabOo7nkMVDw95hwUFg6KwWxElqAxtx JqAjIagb8iVp46Er/sphFxe5TjJIE2eDwV78n9i/USg/uPDNAxcoOjgILsJPOY6AMc5EAx9W /eROLOD/cBkaEDxcHASewV/GF+fBxTGxdcJv0KlxUPrDV/wFuUD61f+bh2jkPz1d+yvQoP+E Nezev8aps8ZFTwkkPSEXjrFh38D9LpG3tUvXSB4R06KysMs1Rp8j+cSzMCorMX3z80+keBd9 Cz/98NPWCMeUPhBnGTmT+u1Z3xbvgofpBMkh3wTSJ776uvphiIv+n4c/zoOiJKjCevbzuxjH kaiJ15iWdV084DwsK4naTtKFrq+xJPb97tjnIY0WRtxqxtc3rnMANNrvrvOwrKR98LH4XFxs Dl888Ok9raWFXmKsG0NPOHF+6SXyU/CgWFC/WWhwY767jevVP3/hwfuPjz956Dv3RKw3FpS7 V934ARcPJQ1x1gtpUNQNjXMRe0NtRkp/YeqsIq3XzO7IIkAjKj4OhBLZKnKWgY8iCyMvia68 VFb8jVYBCPQx8Jk7D8Hf17zEinuCEuPcJgrRGCdJ5KGmqB8W5eKGsvOSIwVFTsp+pCQaz9aR h6JMTKS6xMK9L9TfeKDnX1V68VCjbH0xuqp7lu75LuH5rK48YRHJguglpvmaL8t3gf4LSrhn CQc/55nrRNwsYrcxLfYXDFOrKBy4zqBssAvihniXYm3NZ5T/Yi4KAw/ph9IN2ifyONI5zyR3 Crm0vE80rR8Well+fnhlb10bSjihhLPhxmA53/vu8rZrncKRj6ElBhfQGDj2iNtL13Vfd7KP awziWa+g389GrS8eLj2HIX942LXOaIZSbGfEVSPXYt6y8/XS76VtqNqCh+3nKIwdW4QPwkPI 3LbzPGVB3drePNz81tUUi42wemh/+WVplaa47iiJFGcU9/c6K4PEuBJhfRWhRBnmla9NorRG XU1th933R+yQNrbColWQR4XLpWv60uS9TqRt/dau+tDGGM/x0d48yPNbG8uvnnsYT8bqny8/ faxvvv/gJ498FdqBPO+N3mRDLd+a/APId3BfCmVuZHN0cmVhbQplbmRvYmoKCjYgMCBvYmoK MTE1NAplbmRvYmoKCjQgMCBvYmoKPDwvVHlwZS9YT2JqZWN0L1N1YnR5cGUvSW1hZ2UvV2lk dGggNjAwIC9IZWlnaHQgMTgwMCAvQml0c1BlckNvbXBvbmVudCA4IC9MZW5ndGggNyAwIFIK L0ZpbHRlci9GbGF0ZURlY29kZS9Db2xvclNwYWNlWyAvSW5kZXhlZC9EZXZpY2VSR0IgMjU1 CjxFNUU1RTVFQkVCRUJGMkYyRjJGRUZFRkVGQzAzRkIwMDAwMDBGRkZGRkYwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA+Cl0KL01hc2sgOCAwIFIKPj4Kc3RyZWFtCnic 7d3reuM2tgTQ2PL7P/M5ncxMSIkyrwVuCGv9S7d16Q+VwgYp2z8/Xfn+63++273q468t3ryh yVe0e8fsc0+uvl8ytOSx/GC56oC+IqFyX8lVvyr3lX2wX/qKhMp9JVf9qtxX9sF+6SsSKveV XPWrcl/ZB/ulr0io3FfLb2j62HbvmH0q99XyPjh57Fe7d8w+XfeVXJVVua+W35C+6kHlvrIP 9qvrvmr4jtmncl8tv6EvuepA5b5a3gflqgf99dVq8Cigcl8tvqFpJOWqrMp9tRibaSTbvWF2 6q6vXGboQuW+WnxDk7Fdruqq3FeL++Ba7iiht74ytvehcl8tvaHJNmhsL6xyXy31kfGqD531 1eP3v6aKyn218Iam26DxqrDKfbUQnOlft3u77NZXX00fZ7yqrHJfvb4h22AvKvfVS3LUVTe6 6qtpXclVaZX76vkNzR5lGyytcl89R0dd9aOjvlJXHancV09vaFpXLl4VV7mvHu8f4x5Ocd30 1SxWpqvqKvfV7A19vf0bCqrcV9N9UF31pZO+erz7C2qq3FeTNzTbBdVVfZX76t998PvNn1NV F301j6G66kDlvvpe/Gqx6kHlvvrPfvdY/FNK66CvZjO7uupD5b76XvhasepD5b56PL3B//0Z 5VXvq+/XP6IDlfvq+yVWdsFeVO6rh1h1q3RfPcev3RvkpMq5+nr6bzN7P276KfubcvVcXw3f Hyf1kyux6kk3uRKrrtyUq+fRaZWjYF86yZVYdeamXG27gCVW3eoiV2LVnZtyte0C1g1vjGt0 kCux6tBdv31UrD7bXbnafCB086ZL1XMlVn26K1cbBywnwU7JFQl35Wrr4G5q79Ntudo4YCms Pt2Wq61X3BVWl27L1dYrowqrS7flavOVBoXVo/tytfnWs0tYHeogV3bCDt2Xq+23cuyE/bkx V9s/gyVY3bkxV9s/K/NlxOrNjbna8SF3I1Zv7uyrHd88IViduS9Xuz6KbMTqTPnr7YLVpbty tfMbvQSrM118n5dgdeeeXO3+NnrB6swtuTrSVoLVlTtydaytBKsn7XO157KVYPWqea5OxcoF 0l60ztXJWAlWJ1rn6jlWX3uvj7oJ3YXGuXqJ1YHD4Zchq762uXrO0N8vuX9n1FjlNc3VYqyO XM0yZFXXMlfLsToWLJVVW8NcPU/o/0bjwBlRsGprl6v3sTp2X8f0Xlm7XD2V0qxvBOvTNMvV b7E6eMvQXlhXq1w97YLPr7X76uhiOimjUa5WYnX4ozMuOBTVKFfzfW7plQ42lr2wpja5modm uWQO3pB2V6ekJrnaEqvjH/cTrIKa5GqemI1ftp29sJ4WuZrX1fsQHByxBKugFrma9dBvr3I4 WM6F1TTI1WN7AI5+o45gVdMgV7O6WtmxTjSWvbCSfK5mUVl9jRON5VxYSD5X07rasFud+L4K waojnqtZXW3Yq858v44hq4x4rnbW1alcGbLKSOdqb12dy5VgVZHO1XQO37RNnf2+VUNWCelc TWOyqUvO5spnskoI52q2DW56xOlcmd4rCOdqug1ue/7zubIVFhDO1TQl+x9xlMa6XTZXj/2L fUWuBOt22Vzt3wanuToRMcG6WbtcbXzIJEzfx+9CC9bNsrn62r/Q01yd+SlsgnWrbK7+2v/s kyQ9fnwiq1fRXE33sa2XK7+e3pBgdSmaq/1XGV5zdeKjfq5j3Seaq8mTby6Pl1yduPQgWLdp 1VdHcvW/rfPwXihYd2mVq81PvviY76OV5Sb0TaK5OrLAy1k8fMFBsO7RKlebH/Ou447uhYJ1 i2Supie5zQ9amq/+eafHKsvVhlskc3XgLs5vM9nBCw5m9zs06qvtrfHbrH9sLxSsGzTqq2ty dSxYvpfiBpX7aiEPh86FRqz2+uqrn2MX3xVWc5X7avkNHdkLBau17vrq0AUHO2FrlfvqXcsc GLIUVmMd9tXPkSHrin8P21Xuq1/e0O4hy0Wstvrsq/3BMmG1Vbmvfh2K9gZLYTXVa1/tv114 9l/DHpX7auUN7QyWwmqp377aGywTVkuV+2r1otO+YCmshnruq73BOvNvYZ/KfbXhDe0KlsJq p+++2hcsE1Y7lftq0029PcFyl7CZ3vtq1wVSG2Ezlftq4xva3lg2wmb676s9n26wEbZSua+O fI+0wqrhE/pq+04oV61U7qvtb2jz7G4jbOQj+mr7TuhE2EjlvtpRLlt3QhthIx/SV1sLS64a qdxXe97Q1sIyYLXxKX21tbAMWG1U7qtd3bKxsOSqjY/pq42FZcBqo3Jf7XtDG69h7f1HcMjn 9NX0p5nK1d0q99XOs9u2jdCA1cQH9dW2yV2umqjcV3LVrw/qq20DlgNhE5X7au+18U0Dllw1 8Ul9telKg1w1UbmvIrlyoaGJT+qrbYP7ziflkMp9tXe+0ld1fFJfbTsQ7n1SjqjcV3LVL31F QuW+2v3ZTrkqQ1+RULmv5Kpf+oqEyn1lvuqXviKhcl/JVb/0FQmV+8p81S99RULlvpKrfukr Eir3lfmqX/qKhMp9JVf90lckVO4r81W/9BUJlftKrvqlr0io3Ffmq37pKxIq95Vc9UtfkVC5 r8xX/dJXJFTuK7nql74ioXJfma/6pa9IqNxXctUvfUVC5b4yX/VLX5FQua/kql/6ioTKfWW+ 6pe+IqFyX8lVv/QVCZX7ynzVL31FQuW+kqt+6SsSKveV+apf+oqEyn0lV/3SVyRU7ivzVb/0 FQmV+0qu+lWur/468YbkqoxyfXUmAXJVRuW+2v2CclVGo77avJpHHvM/clVGMldHuuf7TALk qozCudq+dy68nlzdS65IqJaryeUruepY4Vztfz9yVUa1XP115v3IVRnFcnXqMoNc1VEsV1+n AiBXZdTN1f6xXa7qKJarv069Hbkqo1aupuOVXPWsVq7OjVdyVUfZXB0Yr6ZtJ1f3KpWraTAO 5Gp6z/qtA8/LfqVyNd0Gd3/TxMa+kqsmKuVqlosDL6ev6qiUq++Ty6+v6qiUq5PboL4qpFCu zm6D+qqQQrma1tWh96Kv6qiTq9N1pa8KqZOrr9OLr6/qKJOrWSiOTO36qpIquXqcryt9VUiV XF1QV/qqkCK5elyx9PqqjiK5mi39wbrSV4XUyNX3JSuvr+ookat50RytK31VSIVcPS5aeH1V R4VcfV207vqqjgK5msXqzLvQV3Xcn6vvy5ZdX9Vxe66ewnDm5fRVHXfn6ikLh8+Cf+irOm7O 1ePKRddXddybq0tjpa8KuTVXz0E4tQvqq0ruzNVjfoXhbKz0VSE35uo5VqdfX1/VcV+untvl /ILrqzpuy9VzuVyw3vqqjrtydX1b6atKbspVoK30VSX35CoSK31VyC25+npe7GteTl/VcUOu nq8vnL9w9d8nlqsy2ufqJVaXrbS+qqN5rl5K5bqF1ld1tM7VS6dcuM76qo62uXodra5cZn1V R9NcvS78pausr+pomavXdb92kfVVHQ1z9Rqri19RX9XRLFevo9VVl63+R1/V0SpXC11ydaz0 VSGtctViffVVHXflKrG8+qqOm3J1/Wv96KtK7snV5aPV3/RVHXfkKrW0+qqOG3IV2QP/0Fd1 tM9VZg/8Q1/V0TpXX7lY6atCkrla6I/oquqrOoK5Wljm2Gj1N31VRy5XLe7czOmrOmK5Sn8o ZtNLytVdUrmKfyhmgb6qI5OrBh+KWaCv6ojkaiFWlz33by8rV2UkcrW0vlc992/0VR2BXC0u 70XP/St9Vcf1uVpe3Wue+3f6qo7Lc/VmcS957hX6qo6rc/WuM6547qOvLVftXZyrt0t7wXOv 0ld1XJur941x/rnPvLpctXZprn4pjAve6pmXl6vGrszVy093bJwrfVXHhbl6/RHH+mpY1+Vq 4Sdn66thXZerr9f101fDuixXC7HSV+O6KlffS6s3+YMGH5PRV4VclKvlX1D5dc2Tb6Wv6rgm V29+72njXOmrOq7J1dfy0umrYV2Sq8ebldNXw7oiV0/r+e+Irq+GdUWu5rvgY/Ev9NVYLsjV fDmnz6KvhnVBrr7eLpu+Gtb5XH2/XzV9NazzuZrV1ePdX+mrsZzO1awknp5CXw3rdK5mdfX+ 7/TVWM7matYRzzeX9dWwzubq67cl01fDOpmr2VK+fBZGXw3rZK5+rSu5Gte5XM3q6vWv5WpY 53L1/fuCVcxVizfCyVxNt8GFTxpXzJW+auJUrh4r61UxV/qqiVO5+l5Zr4q50ldNnMrV2jfK V8yVvmriVK7WaqBirvRVE2dyNR2vFh9cMVf6qokzuVr9eTEVc6WvmrgoV8urVTFX+qqJM7la Xa2KudJXTZzI1ep4VTJX+qqJi3K1/BUVc6WvmjiRq9XxqmSu9FUTJ3I1eWhHudJXTegrEq7J 1ZuHVsyVvmrimly9+Wl8FXOlr5o4kav1xaqYK33VxDW5evMVFXOlr5oYLlf6qonhcqWvmhgu V/qqieFypa+aGC5X+qqJ4XKlr5oYLlf6qonhcqWvmhguV/qqieFypa+aGC5X+qqJ4XKlr5oY Llf6qonhcqWvmhguV/qqieFypa+aGC5X+qqJ4XKlr5oYLlf6qonhcqWvmhguV/qqieFypa+a GC5X+qqJ4XKlr5oYLlf6qonhcqWvmhguV/qqieFypa+aGC5X+qqJ4XKlr5oYLlf6qonhcqWv mhguV/qqieFypa+aGC5X+qqJ4XKlr5oYLlf6qonhcqWvmhguV/qqieFypa+aGC5X+qqJ4XKl r5oYLlf6qonhcqWvmhguV/qqiWiu1n9T76X0VR2tcqWvxqKvSNBXJOgrEvQVCfqKBH1Fgr4i QV+RoK9I0Fck6CsS9BUJ+ooEfUXCJ/XV5GOE+upmn9RXclWHviJhuL56NHgj6CsihusruWpC X5EwXF+Zr5rQVyQM11dy1YS+ImG4vjJfNaGvSBiur+SqCX1FwnB9Zb5qQl+RMFxfyVUT+oqE 4frKfNWEviJhuL6Sqyb0FQnD9ZX5qgl9RcJwfSVXTegrEobrK/NVE/qKhOH6Sq6a0FckDNdX 5qsm9BUJw/WVXDUxWYu9lfLX6kOnfZXffx5yVceJXE2Xcfkrvpuu56ZYma/a+KBcbfqxtfqq jWtytb4PytVY1kvnxEPlaljD9ZX5qgl9RcJwfSVXTegrEobrK/NVE/qKhOH6Sq6a0FckDNdX 5qsm9BUJw/WVXDWhr0gYrq/MV03oKxKG6yu5akJfkTBcX5mvmtBXJAzXV3LVhL4iYbi+Ml81 oa9IGK6v5KoJfUVCtK8eBXNlvmpCX5EwXF/JVRP6ioTh+sp81YS+ImG4vpKrJvQVCcP1lfmq CX1FwnB9JVdN6CsShusr81UT+oqE4fpKrprQVyQM11fmqyaG66v42+CP4foq/jb4Q1+R8EF9 NX01ubqZviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkaCvSNBXJOgrEvQVCfqKBH1FQrO+ yn+/gr4qpFlfnX6nq/RVIc366vQ7XaWvCtFXJOgrEvQVCfqKBH1Fgr4iQV+RoK9I0Fck6CsS 9BUJ+ooEfUXCNX31Jlf6alj6igR9RYK+IkFfkXBNX71ZLX01LH1Fgr4iQV+RoK9I0Fck6CsS 9BUJ+ooEfUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IiHaVz/6alTRvmqbK31ViL4iQV+R oK9I0Fck6CsS9BUJ+ooEfUWCviJBX5Ggr0jQVyToKxL0FQn6ioQP6iu5KkRfkfBBfWW+KkRf kaCvSNBXJOgrEvQVCfqKBH1Fgr4iQV+RoK9I0Fck6CsS9BUJ+oqEyf/ke3M1eej3my9pu55y VceGcGx4aIl9UK4KuSZXbx7a9ufWylUh1+yDJX7OtlwV0qqv9ob2CLmqIzpfnSjDI+Sqjuh5 0Hw1LH1FgvmKhFbnQbkai+tXJJivSGh1HpSrsegrEsxXJDgPkuD6FQnmKxLcHyRBX5FgviLh RKWsfyuPvhrWib76Wn2o+WpY1+Tqsfrk+mos1+yD5ivmovugvhqW+YqEa/ZB8xVzrfpKrsZi viKh1XnQfDUW169IMF+REN0H9dWwXL8iwXxFgvuDJLh+RYL5igT3B0lw/YoE8xUJ7g+S4PoV CeYrEtwfJMH1KxLMVyS4P0iC61ckmK9IcH+QBNevSDBfkeD+IAmuX5FgviLB/UESXL8iwXxF gvuDJLh+RcInzVeTN/Te3n8lh3zS/UG5quOTrl/JVR2fNF9tytWbauVan3R/UF/V8UnXr+Sq DvMVCZ90f9B8VYfrVySYr0j4pPuDclWH61ckmK9IcH+QBNevSDBfkeD+IAnR61eTryjTV3LV xHD7oFw10er+YIvlNF/Voa9IaHV/sExfyVUTw31ORq6aaLUPlukr81UT5isSWt0fLNNXctWE viLBfEWC8yAJrl+RYL4iwf1BEvQVCeYrEpwHSXD9igTzFQnuD5Kgr0gwX5HgPEiC61ckmK9I cH+QBH1FwolcrZdAxb6SqyZOVMpksa5/8iPkqo5r+ur6Jz/CfFVHq1zpq7G02gfL9JVcNaGv SDBfkeA8SMJwfSVXTZivSBjuPGi+akJfkWC+IsF5kITh+sp81YT5ioThzoNy1YS+IsF8RYLz IAnD9ZVcNWG+ImG486D5qgl9RYL5igTnQRKG6yvzVRPmKxKGOw/KVRP6igTzFQnOgyQM11dy 1YT5igTnQRI+qa8mLydXN/uk+WpTrloEnI86D+qrOvQVCeYrEj7pPKiv6tBXJJivSHAeJEFf kWC+IsF5kAR9RYL5igTnQRL0FQnRXH21XU59VUd0H1z/zeKX0ld1tOqrMrnSV00Mlyt91cRw +6C+akJfkTBcrvRVE8Ptg/qqCX1FwnC50ldNDLcP6qsm9BUJw+VKXzUx3D6or5rQVyQMlyt9 1cRw+6C+akJfkTBcrvRVE8Ptg/qqCX1FwnC50ldNDLcP6qsm9BUJw+VKXzUx3D6or5rQVyQM lyt91cRw+6C+akJfkTBcrvRVE8Ptg/qqCX1FwnC50ldNDLcP6qsm9BUJw+VKXzUx3D6or5rQ VyQMlyt91cRw+6C+akJfkTBcrvRVE8Ptg/qqCX1FwnC50ldNXLMPPpa/omKu9FUTJ/pqPTUV c6WvmhguV/qqiRP7YJ+50ldNnOir9UhWzJW+amK4XOmrJk7sg4/Jai1/RcVc6asmTvTVY3W1 KuZKXzVxIlfTC1j95EpfNXFiH5zGZvmxFXOlr5o401ermayYK33VxEW5Wn5wxVzpqybO7IM/ a8tVMVf6qokzfbU6YFXMlb5q4lSu1jbCirnSV02c2genV7CWHl0xV/qqiVN9NQ3O0mewKuZK XzVxLlfTlVwogoq50ldNnNoHZxvhwj3CirnSV02c66vZRvj6+Iq50ldNnMzVbClfJqzGuZq1 p1zd6tw+OC+slyfQV8M62Ve/F5a+GtbZXP1aWPpqWGf3wfliPqVHXw3rdF/9zFZtvhPqq2Gd z9X3+1XTV8M6vQ/OJ6x5fvTVsM731dNyTp9FXw3rglzNC2s6YumrYV2wDz73xL/B0lfDuqKv nori35XTV8O6JFdPO+HXwh/rq7FcsQ/+/4rOg/XfEOmrYV3TV89L+p+n0lfDuihXy8Ga/MGb nxR5KX1VxzX74M/ziPVPsCb/fcmbXaGv6riqrxaD1ThX+qqO63L13Bbf+mpgl+2Dr3Xxpa/G dV1fLQRLXw3rylz9VhgXvNUzLy9XjV24D/78trLnn3udvqrj0r76JVgXPPfxF5er5i7O1fPV Bn01qGv3wZ+3pXHJcx97abm6wdV99W51r3nu3+mrOq7P1XKwLnru/S8sV7e4fB/8WV7fq577 N/qqjkBfLS7wZc/9C31VRyRXz5/z+6PBB2X0VR2JffCP12DlP9mnr+rI9NXPLcHSV3XEcrXQ Hl/hvVBf1ZHaB/889UtlfWUrS1/VkeurxXWOBktf1ZHM1c/Ssgb3Qn1VR3AfXMxVMlj6qo7W fRV5nf/QV3XckKtYsPRVHc33wb9fKbMX6qs67uir1AUHfVXHPbnK7IX6qo5b9sHQ+uqrOlr1 VYu7Ovqqjla5Wlj0y4Olr+potQ/+NPiEg76qo1lf/Sz1ybUvqa/qaJmrhU84XPqa+qqOhvvg z9Lnk698UX1VR9O++lkYsi5cZ31VR+tcvZbKdQutr+pouw/+8dIql72uvqqjeV8tDFlXXcjS V3XckKvXIeuitdZXdbTfB//IBEtf1XFLXy39jNsL6Ks6bspVJFj6qo579sGf1xBckGp9Vcdd ffV6Uyf645jlqrH7crX0CyrO0Vd13LYP/rzm4OxlLH1Vx4199RKss9dH9VUdt+bqJVjnXk5f 1XHnPvjzEoVz0dZXddzbVy/BOrUT6qs67s7VcxjOvJy+quPmffDnOVgX/vJyubrR7X31fBP6 xLvQV3UUyNU8WCfWXV/Vcf8++Nwzx+Otr+qo0FdPRXP4TKiv6iiRq3kiDq+8vqqjwj748/ST Z44Wlr6qo0Zfzavm6NLrqzqK5Gp+JjxYWPqqjiL74CWFpa/qqNJX87I5Vlj6qo4yuZrthMcW X1/VUWUfnLfNsbeir+qo01ezwjr0XvRVHYVy9Ti7+vqqjjr74Pzi6JHJXV/VUaivTk9Y+qqO Srk6uxHqqzoq7YOzyf3ARqiv6qjUV2cLS1/VUSpXP+fWX67qKLUPzjbCc6/33oHnZbdafTVt nANvR67KqJWr2W8AO/V6cnWvWvvgdCM88HbkqoxifXUu5nJVRt1cHQiAXJVRbB88N2DJVRnF +mo6YMlVxwrnan9/ylUZ1fbBU+9Hrsqo1ldy9Rmq5epxJgFyVUZyHzySkVMXGuSqjGRfHcqs XH2EZK4O7Wly9RGS++DZvtoddLkqo1Ffbc/VmQujclVGuflKrj5CtfOgXH0GfUWC+YqEcudB ufoI5a5fydVHMF+R0Og8KFeD0VckmK9IcB4kwfUrEsxXJLg/SIK+IsF8RYLzIAmuX5FgviLB /UES9BUJ5isSnAdJcP2KBPMVCe4PkqCvSDBfkeA8SILrVySYr0hwf5AEfUWC+YoE50ESXL8i wXxFgvuDJOgrEsxXJDgPkuD6FQnmKxLcHyRBX5FgviLBeZAE169IMF+R4P4gCfqKBPMVCc6D JHzS9avp68nVvT5pvpq8nlzd7JPuD8pVHcP11eX/97Dkk+aryUPl6mafdB6Uqzo+6PrVtuOg XDXxQfPVtrH98n8lSz7o/uC2XD12/iM45IP6alOsXGZo43Pmq23jlVy18TnnwU2nQWN7Ix9z /WpjXclVGx8zX22rK8fBRj7l/uDGunIcbORT+mpjXRnbG/mQ+WprXRmvGvmQ8+DWujJeNfIZ 16+21pXxqpWPmK82x8o22MpH3B/cugvKVTOf0Ffbbjj/YRts5QPmq827oKsM7fR/HtzeVk6D 7XR//eqxebiyDTbU+3y1J1am9nY6vz+4J1a2wYb67qtdsTK1N9T1fLUvVuqqoZ7Pg/tipa5a 6vj61c5Ymdpb6ne+2hkrddVUt/cHd1xl3xBSLtZrX+24yr4z2Fyh0/lqd6zUVVt9ngd3x8rQ 3liP16/2TuyJfxu/63C+2jux73p5rtHf/cHde+BfPsjQXnd9dSRWdsHmOpuvDoxWdsE79HUe PDBa/WUXvENX16+O7IF2wVs0mq+u2AcP7YF2wXv0c3/w2B4oVvdI9tX0J35ufsy7XB3bAw1X N2mVqyPfuzx5zME9UKzuktwHz35P/L+PObgHmtlvE+2rq3J1dA8Uq9tEc3WkDBdydXQPNLPf J7oPHrnQ8JKrw6OVWN2oVV9tHqCfc3V4tBKrO0VzdeRA+JSrw6OVWN0qug9OQ7L12We5Or4H itW9sn11Mldi1a1srqbD0cann+bqcKrE6m7ZffCxf6mPV5RYFZLtqwMb4RW5EqvbhXM13cq2 Pf8FuRKr+2X3wQMb4flciVUB4b6a/XLcTZdGT+fKPcEK0rmaboSbiuRsrsSqhPA+OL8Ns6Ww TubK561qSPfVLCdbknsuV2JVRDxXewvrTK5M7GWk98HdhXUiV2JVR7yv5p9IWP8Rx8djZWIv JJ+reWGt7IQnbgkarSrJ74PzrPz+Ij7E9yka9NV8ZPrtVcTqY7TI1Twu7/er4x+3MlpV02Af fCqs9y9zNFZrQxvtteirp8J6F6zDsYq9bw5rkqunY951P98x/LY5rMk++NxFS1E4OrPbA0tq 01fPqXkNw8G2sgcW1ShXz7l5fq2DR0F7YFWN9sHnnfD5CHcsVvbAslr11Ut0Zpk4tAvaAwtr l6unEWvaWIdmdntgZc32wddS+jdYR3ZBe2Bp7frqJVhf38t/voVL7MW1zNVLL/0TDr9H6QM1 3Ad/XoP1vfSH64xW5TXtq8Vg7d8Fxaq+xrl6Ddb+XdBo1YG2++Cpz683fJec1bqvzgZLrPrQ PFdnfrajWHWj9T74h5/u+Pna99WPT4YO4JZcHQyWWPXjjn3w59gHGMSqI/f01ZHGEque3JWr 3Y0lVl25aR/82XshS6z6cltf7buQJVaduTFXe2as1m+Nk+7bB/dshG419+bGvto+uftgTHdu zNXmbdBw1Z8ezoNt3xdXuK+vNteV4apD9XNlF+zRbfvg5m2w6bviIuXv4zgLdum2XG3cBu2C fbptH9yYK3XVp7v6aut41fI9cZ27crVxvLINduqufXBrrly86lP5z4sKVpfuytXWWJnc+3TT Prjnw6Iaq0M39dWuT7drrP70kCvB6k8f3z8oWL25qa/2fvugYHWmk1wJVmdu2gf3xkqwOnNT X+3PlcsNXeknVxqrJ/fsg9suiz4NYe4VduSevtp2meH7ebpv9wY56Z5cbeur75fffNLuHXLO Pfvgxr56uR5hxOpF7b5a/T2rFFV6vvrzpb/9OkzKqnwe/CfoT7/At92b5ITyffUcLDthF6rP Vz8vP9fPTtiD4ufBv81TaCfsQQd99RxDwepAB/PVy9fbCeurfx7822zEUlj19dFXT0F0Jiyv i/nq5ymJCqu8Hs6Df/t6+zcU1Etfza9iKazqOpmvnh+jsIrr5Dz4h8LqSD99NQ+ja1i1dTNf /SisnnRzHvxRWD3pqa8UVj86mq/mcZSr0jo6D/7MC8tGWFlXfTV7nMKqrKv5avb993JVWU/n wR8bYTc66yuTeyf6mq9shL3o6zw42wjlqrDe+mqaSANWXZ3NV7ON0Idl6ursPDjbCOWqru76 yoDVhd7mq1kk271hdurtPGhw70N3fWVw70J385XBvQvdnQflqgv99dVdv5GaPfqbr+SqB92d B+WqC/311SSTclVW1/OVC6Nl9XcedMG9B/311fTCaLt3zD79zVdy1YP+zoNy1QN9RYL5ioT+ zoNy1QN9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLBeZAEfUWC+YoE50ES9BUJ 5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYrEpwHSdBXJJivSHAeJEFf kWC+IsF5kAR9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLBeZAEfUWC+YoE50ES 9BUJ5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYrEpwHSdBXJJivSHAe JEFfkWC+IsF5kAR9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLBeZAEfUWC+YoE 50ES9BUJ5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYrEpwHSdBXJJiv SHAeJEFfkWC+IsF5kAR9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLBeZAEfUWC +YoE50ES9BUJ5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYrEpwHSdBX JJivSHAeJEFfkWC+IsF5kAR9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLBeZAE fUWC+YoE50ES9BUJ5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYrEpwH SdBXJJivSHAeJEFfkWC+IsF5kAR9RYL5igTnQRL0FQnmKxKcB0nQVySYr0hwHiRBX5FgviLB eZAEfUWC+YoE50ES9BUJ5isSnAdJ0FckmK9IcB4kQV+RYL4iwXmQBH1FgvmKBOdBEvQVCeYr EpwHSdBXJJivSHAeJEFfkWC+IsF5kAR9RYL5igTnQRLMVyToKxL0FQmPW1ZJX328W1ZJX328 9XUM0Fcf7+uOXOmrj3dLrvTVx7vlQKivPt4tB0J99fEe6wt5PX31+e7Ilb76fJPBvdmApa8+ 33SNH41eU199vu/1lYy+plx9qMk6tdoI9dUAJgNWq41QXw1gWh6NCktfjaB9rvTVCL7W1/Ji +moE7TdCfTWE6WI2mdz11RCm9dGksPTVEGb10aKw9NUYppN7i8LSV2P43rCcV9JXg2hcWPpq EI8N65l6Obn6YNPCyo/u+moUs5WO74T6ahizwkoHS18NY14h4Z1QX41j3iHZYOmrgczWNLsT 6quBzBc7Gix9NZKvLat6CX01ksemZb2CvhrK03LnZnd9NZbvTQt7+evI1aebj1ixxtJXg3l8 bVras/TVaJ6bJBMsfTWc5yqJbIX6ajzPa55oLH01oAaNpa9G9DS7B27p6KshPQfr8q1QX40p 3Vj6alAvwbp2yNJXo8oGS18N6zlYlw5Z+mpcyWDpq4G9lMp107u+GtlrsK4asvTV0F62wqv2 Qn01ttf1vyZY+mpwrwG4ZC/UV6N7/qDf/wfrgsrSVySGLH3FQghO74X6ikSw9BU/i/Vy7hqp vuJvr0PWqWDpK/5x7V6or/iP7yvPhfqK/3q9knU8WPqKfy0MWQf3Qn3FxMKQdayy9BVTC3vh ocbSV8xdc8FBX/FkYS+84knkanRXfHRGX/Hq9aMze4Olr1hw+mOk+oolrxff9zWWvmLRwsdI dz1crlh26ttW9RXvvGRjR7D0FW+dCJa+4r2X1tkcLH3FL16m963B0lf86mCw9BW/OxYsfcWK Qz+VW1+x5kiw9BWrnrfCDQ/RV6x7ap8Nd3T0FRvs/nWY+oot9v46TH3FJjt/M7S+Ypt5Y62N WPqKjb62ROK/9BVbzYK18ol3fcVWjy2ZWPxaueIX8xL6tbD0FdvN0vLr6K6v2OFrQyr+pq/Y YVZDvxWWvmKPrYWlr9hlGqxfCktfscv3hlw8f5lcsWpbYekr9pkl5u01LH3FTpsKS1+x0zQy b3Olr9jraz0Z+ordthSWvmK3DbnSV+z2vR4NfcVuj/Vo6Cv2m0zubzZCfcV+36srr6/Yb33A 0lcc8LWWDX3FAasDlr7igElslnOlrzjgsbb0+ooDprla/KyMvuKItXDoK45YOxDqK45Yy5W+ 4oi1A6G+4ojvlXDoK47QVySs5UpfccSkj/QVl9FXJOgrEvQVCfqKBH1Fgr4iQV+RoK9I0Fck 6CsS9BUJ+ooEfUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkbD2E5HliiPWfsDotly9 +eHvcjUsfUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkaCvSNBXJFyTK33FnL4iQV+R oK9I0FckfK2svb7iCH1FwjXXRfUVc/qKBH1Fgr4iQV+RoK9I0Fck6CsS9BUJ+ooEfUWCviJB X5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkaCvSNBXJOgrEvQVCfqKBH1Fgr4iYe338Pr9zhyx 9nvD7YMcoa9I0Fck6CsS9BUJ+ooEfUWCviJhLVf6iiP0FQnfK+HQVxyx9nkGfcURXyvh0Fcc MVn6x9Lf6ysOeKyFQ19xwNrH+vQVR6xdZtBXHLF2HNRXHLGaK33Ffqtju77igLXfwquvOGJ1 G9RX7DcNzZtc6St2+16Phr5it/XxSl+x24ZtUF+x29d6MvQVe82qaNMXyRXrttSVvmKnWRMt fvbq5avkilXTunq/7PqKXR4bcvH8ZXLFmmldvbvI8KOv2Od7Qyz+0FfsMIvLL3Wlr9jja0Mq /qav2G7WQr/Vlb5iu3kJvb129fqlcsV786z8Wlf6is1mw9XvdaWv2OprSyT+S1+xzTwpv++C +oqNngro911QX7HN96ZA/EtfscFTrNZ2QX3FFrtjpa9Y91w+Bx4iVzx7zsjazP6HvmLFc6xW Z/alB8kVc1/bsvBEX/Gr5+LZMLMvPUyumHg8t9XGWOkrfnE4VvqK915KZ3Os9BVvvXTO9ljp K9553gP3xEpfsexltNoVK33Fote+2Xbd6v3j5YqFutkXK33Fgpc9cNM9wSl9xbPX0Wp3rPQV z16rZtfE/u5J5Gpsr01zIFb6ipmFPXDnxP6f55Er/rUQh0Ox0ldMLKRh98T+D33Ffy3sgUdG q7/pK/7jsj3wzZPJ1ZCu2wPfPJtcjejCPfAPfcXPtaPV3/QVF49W755RrkazcIn9xGj15inl ajRX74F/6KvRXXXnZk5fDe6KD8UsPa1cDe2SD8Us0FdDO/1543f01cheY3XFHrj8zHI1jDPf eLpCX43r3HcI/k5fDetl6S8arf6mr0b10lZXjVZ/01eDeln4S2OlrwZ1+AdbbaSvhnTwpztu p69GlG4rfTWkQz85ex99NZ4GsdJX43mukkSs9NVwmsRKX42mTaz01Wi+Nq3safpqLHt/7+lR +mooj03regF9NZJmsdJXQ5kPV9dfZf+XvhrIvESSsdJXI5nXVfSl9NU45mt97eetnumrYTy2 LOlV9NUwZrtgdLj60VfjmK10Olb6ahizusoOVz/6ahht60pfjWJWV/mX01djeGxYzivpqzFM 6yq/C+qrQcyWOT60/+irQUyXuUVd6asxTLfBFnWlr4YwbY8mdaWvhvC1vpYX01cj+Kv5Sumr ATzWl/Jq+moAzad2fTWEyTq1mdr11Qhu2Ab11QBu2Ab11QC+blgnffX51hfyevrq490xXumr z/e4Y5n01cebjFetrjLoqwHckit99fG+VtcxQF99vPV1DNBXH++WVdJXn+6W46C++niTFW43 tuurj3dPrvTVp9NXJOgrEr5XlzFBX306fUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFf kaCvSNBXJOgrEvQVCfqKBH1Fgr4iQV+RoK9I0Fck6CsS9BUJ+ooEfUWCviJBX5Ggr0jQVyTo KxL0FQn6igR9RYK+IkFfkaCvSNBXJOgrEvQVCfqKBH1Fgr4iQV+RoK9I0Fck6CsS9BUJ+ooE fUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkaCvSNBXJOgrEvQVCfqKBH1Fgr4iQV+R oK9I0Fck6CsS9BUJ+ooEfUWCviJBX5Ggr0jQVyToKxL0FQn6igR9RYK+IkFfkaCvSNBXJOgr EvQVCfqKBH1Fgr4iQV+RoK9I0Fck6CsS9BUJ+ooEfdWJ/wOxOoUaCmVuZHN0cmVhbQplbmRv YmoKCjcgMCBvYmoKMTE2NTEKZW5kb2JqCgo4IDAgb2JqCjw8L1R5cGUvWE9iamVjdC9TdWJ0 eXBlL0ltYWdlL1dpZHRoIDYwMCAvSGVpZ2h0IDE4MDAgL0JpdHNQZXJDb21wb25lbnQgMSAv TGVuZ3RoIDkgMCBSCi9GaWx0ZXIvRmxhdGVEZWNvZGUgL0ltYWdlTWFzayB0cnVlCi9EZWNv ZGVbIDAgMSBdCj4+CnN0cmVhbQp4nO3dzXHjuBYFYKi0UC+mWpMBU5gMmNJkQISGUBAClliw yCeJIgnIoJ9x73EbYx9vpjwWv2r3PQD/LtDzXPiaTJd+G83t6zrP7lL68PtfpEiRwlGWFKm2 KQOkrqQ+SE1Iqit//EupsVGqR1GxSSqYoUHKI6l66YByQOoEoyyOMucGqUlywilTI5ISzMdl KuKoIJn5ypSXzDFlyiGpAUVZyWguUwZG/TaS0Vyk/hINwSL1SzRuipQRhf0TqXGhuvKHJVSP owYcJZHKlCihZUqU0DIlSmiZEsWqTHXlz9ZRkzxWZWrAUSKpSMli9YnUjPsF4dTQGmVhEV2o rvjRL6QcbGZYKMh8tVCQWfR2owSjHOw0sVQQcvKacafUCX6i78ofrqKAF0XByM+pL5Q38jP9 C7VkAXKFbIz8qiinppUacFR38PGPU6M5WXEaciqasxOnIaeCuThxGnLK3+9QpSXMKWe6IC5h TlnTB/Hc8EoNUZyGnLr9HY3iAZ1R023wjeIBnVHjTZjEA/qFumwjetBRj2cxVlrCjHo8i3HS Er5Q/TaR1pcwo3xC1ZfwhRq2M0V9CTPq8WQ1Sufkt9Qzo/UlzKjHk9V1Uu4Ojvgg9fi7NsIz dEaZlKpOQ05dEqq6hCk1ZVR1CXPqmlIDjuoV1POdkvQM/Q5Vm4ac6lOqNg0pFXOqdm54h6oN Vk4NKVUbrBL1SxasEvVbFqyUer40uz9DlgQrp+aFsqJgFSnZSadIBVGwilQUBatIrWcKBXV6 UrJLkJTyG2VxlJNktEwFSUbLlOhmtUyNOGqWxP2AsoK4H1AOR3nByDmgIo6SvKM4oCYcJXli dERZHOXqx/MR5XFUqJ8ajqiIowQvdI6oCUfN9bPMIWVxlMNRvnrCOqRCk1SsnvsOqbFJqv5F 2vtU1Yx8SNW/SPsjlG2ScmBq+MaUJ/UfpwIpUqRIkSJFihQpUqRIkSJF6qdSXYPUhKACqW9B rUvMSf1/KiKpAU15PRWapNY19N+WWpfjt0XZc4uUgVHbyv6mqG1lf1NUXP+Hngo4atskAEEN KMrhqG2TAD21vUxXUxOOGrd2CDUVt9YRNRVwlN86dtSU275XU3bruVJT+9FaatqbBbTUuHeO aKm4N+xoqT1WasrhKLt/q6WSVj4lNSUHK6mY9KAoqZA0JCkpn/SBKakkC1oq7S/UUSZtoFRT +7Fqav+Jlkqa07RU0hOopZIGUS21f6OmehyVHKqifNZdqKJc1tSpomzWAKui8hZmDTXlPdoa KuZHaqiQFVBFeRzlcJTFUQZGTThqxFERRwUc5XGUM3+jKGv+wVH/oihjAoi63Z6GrO1YTt1u T1HU7fYUR11RVLjvPYGhPJLqUZQzA46aUZQ9tUjdrmJg1AVFTUjqiqJGJNWhqPvrqW9N3d8p tUjNDVIeSJ2+OeWA1JkUqZW6kCJFihQpUqRIkSJFihQpUqRIkSJFihQpUqRIkSJF6sdQ56UR Yf9ypEiRIkWKFClSpEiRIkXqT1AVEilSpEiR+vZU+hNSpEiRIkWKFClSpEjBqEiKFClSpEiR IkXqx1G+EarQ5EmKFClSpEiRIkWKFClSpEiRIkXqz1MDKVKkSJEiRYoUKVKkSJGCURdSpEiR IkWKFClSpEiRIkWKFClSpEiRIkWKFClSpEj9GKrNt5akvoQ6wSj/7SkDo0Kj1NAgFU3/vanx 9l8YdUVRE5K6oKgZSZ1hlD21SDkDpAYU5U2PozoUFXBUNFccdUFRozmjqMmcUNRsTDiBKGv+ xVH/oChn/kZRt0NRVMBREUeNOGrCUTOQsjjK4SiPowKOivmRGuqWhh5E3dLQJT9RUfZ2NQOi 3O1qBkTlaVBRITtUS/U4av9GTV1xVFJCLZWUUEslp3o1tR+rpvbvdNQpLaGScsmAVlI+SYOS SudkJRWTNCipKTlYSc3J3KClbHpa1FFJGrRUwFFxD5aWGvdgaalpD5aWmvej1ZTdgqWmXHod r6P8NmOpqT1YairiqHHLqJqatoyqqRlI2TXuesqth+spj6R6FBX25z1aKuKocR2ETVHTOgib ouZ1PAMo2yTlTi1S3nxzav2nA9uiIp4KCKpHUSOpD1P7K1FS/zXKo6m5UepKihQpUqRIkSJF ihQpUqRIkSKl7Ski9fWU+xFUhfQOZZukTIvUBKZOxWNqqbFJKuKox9R+Lh7zhZTHUY/RfIFQ FkcZGLWMm2v5oDpqxFGPhCY/U1ABRz1ilfVwiymHox6xqjp3HVIGRi2xqpqPj6gRRy2xqpr5 jiiPo5YsVE1XR5TFUaZ+jjmgngWsmhgOqIijlnmhbmI4oJYC1o3mA8oKhmDhvfOdMmrKPKln AeuGYJl6FrBu3JSpZwHrwl6mvCTsZcpKEvpCDQtlJAnNqGffjvltJAktUr9EsSpS61ed9EL1 KVUZq/eoylhl1JhTlbF6obqUqozVe1RXPuJD1JRchdbH6j1qUFGXlKqUMmrOqNpYvVDnhKrN Qk7ZlKrNwgt1mrertOos5JS7/1Wv54heT0VhAXPq0UUehAV8pfr1gq96XnihQkJVZ+GV6tZr x/oC5lTcrx3rC5hT4/3XEg7mN9R5TWh9AXPqvv5ilBYwp26/3ErVF/CFsmaI0gK+ofogLeAL 5e67UAgL+EL57dqqXnqhgrk4aQFfqGjOTlrAF2o0Jyubjd9Q62QsycIRNagp8em0QFnxYH5D iWfjt1QQD+Y3lOj2tEyN8iy8UpN4XnhDSZ4QHVFWHKs3lBPH6g3lxbEq/6mAlCihZUqU0HIF u+JHv5rqIZQ87J9OiaRPpOpfmv0xCvgLYio4yefj8mmiK39WQkFmhlF+Ri1TkFl0lF99HJyd gdSAo3oc1ZU/XEUBL4rQ1C/cVd9fkGvRB/UbcoX8oK6Q6/aFsjjKIW5MVqpHUR5HBdHIKVIR cGv5pEYkpb93flITjpoBDwc+gbKS8VymHJDSP5NZKY+kBhQVmqSi/gHdJ1AjkurKH/9S6vXO pxVKMCOXqZlUBaV+dL9RlhSptilHihQpUqRIkSJFihQpUqRIkSJFihQpUqRIkSJFihQpUqRI kSJFihQpUqRIkSJFihQpUqRIkSJFihQpUqRIkSJFihQpUqRIkSJFitQXUjOSupL6Cio7SEXZ Nqlsu7lWKAeksp3rWqE8kMo2wWuFyneua4fqUVREUh2KGpFUOo2qqHyrzVaofKtNJZWOZx2V 7XeroxySGlBUtt+tlupQVEjjrqNimlEdNaYZ1VJJRnXUlG7vrKPmdAtyJWWTYCkplwRLSfkk WEoqJMFSUjEJlpIakzQoqSlJg5Kakw3ptZTd06Cl3J4GLeX3EmqpsM8NWiruadBS415CLXUL VgeibmlYS6im3FZCNeW3EqqpsJVQTY3bgFZTewnV1GzWEuopu87JemoroZ7aSqin4lpCPTWt A1pPzWsaANRaQgC1zskAap2TAdQ6JwOodUADqPUMjaCeZ2gE9TxDIyi/BAtBhSVYCOp5I4Cg njcCCOp5IwChlhsBCOVw1HKzCqGWm1UItdysQqjlZhVCTThqeTaDoez270S3RD2ezWAoj6Me z1qbox7PWjHUiKSuKGpCUhcUNbdJ3V9ZtUc5IHVqkfJtUgZGBVIV1ICiIilSpEiRIkWKFClS pEiRIkWKFClSpEiRIkWKFClSpH4MBXzV2Oq71BYp4Iv1NjsH2uyyALaRtNkn02RPEbBpCtjK BWwwA7a9AZvx2uw2BLZTAps82+xixbXpApuHgS3NwEZrYPu3vw9BDAVslQc28OOWFQAXOwCX YAAXhgCXq7hHQiGUfSQUQuEWHAGXQUXc4izgkjHgQjbg8jqzZAFAAZciRtwCSeCyTeBiUuAS V7PMCwAKuBwYuEgZuHQauKAbuMzcrgVUU8Al+cCNAiJu+wLgpgrArR7cVkA1ZbcCqincZh3A LUSAG5sAt1sBbgLj9yxoKbdnQUsBt/HBbS4E3PIIuBETcHso4KZVwK20fBIrNdWjKOBmaMAt 2oAbxwG3s8NtstfmLoLAbRKBmzcCt5QEbnQJ3H6zzf1F29yLFbjZbJu76QK3C25zP2SbHdQK ZYBUOomS+mNUh6La3IGfFClSpEiRIkWKFClSpEiRIkWKFClSpEiRIkWKFClSpEihqP8B3gfu kAplbmRzdHJlYW0KZW5kb2JqCgo5IDAgb2JqCjMxMTMKZW5kb2JqCgoxMSAwIG9iago8PC9M ZW5ndGggMTIgMCBSL0ZpbHRlci9GbGF0ZURlY29kZT4+CnN0cmVhbQp4nO1WTW8bOQy9z6/Q ucBMRUoaSYAhwEnsor1118Aegj15ty2CpIvk0r+//JBmFLsp7HthZMzRB/n4yMfYTmB+DM/G mtGSGZGfwfPz5V/z1zvzfQDDn5evg+UN8zTQIbEe+bjh7/bU1W/Dl3fXHX42MPspyBYvjw4m JPv4NLz/+OTN3X/mM3m0U0jeAX2nYHNiTIlu1UAAk2+hIExRbAnv+E0tPnMU2+dIST5WG6dU b/nEPtWb2keJovaj8ZOrdrvXfB1NiyDpSVQ+zTgazuPwbaFmpUAwiM+nzl7IsfKhbG8Og/OJ 0wQ3zebwj3m/B4NoDl/uNxbKiOvz78OnYXcYhDf6/PFBHP2gv09UzodBoPtsyRtDUWutC6RA EXq7neguPlI2f1KIZ7M0CUHMApCKtQBMChDL6DbWFb+xvhDIUGBj5xI2NtpURnrJK+xTnwwg UVdUnzMR25ySgy07vWF/t/y4K3ljd+QSmAoIvDJGilOAEOzLmPU02BI3ACVxaKxrCnPHuHiR 3vnSDXmjlVQwCsnQ/KyhddWzt1QotDpWkwPpKXYMTmIINPACUC5DYPyxx6A3BZ3mIPFiT5Sz oharxhy5WpkslU9Q+RCf1FXpt8Z+a+wNjUkFzjXGiR4efnaB4l+kShGO9HVtYdGWNv9cfiHL 8USXcKLL0VVNicYWVc5XilLwVVmCa1JssmSUocuhw0EOGHIukN5W5yvGqP2pVtRZSSlDKnzf WShoXcXMz1pApjPKkVTfMkfaluW47upePwld28ry3NUjsrGnDJarvRvCMdcQ3XHZ47q4hvTN ZvKOE40nebK3n/eS59l0dv6e2XZcF8cFkQnJ5ry+RzZDD8NONtIMk28f5MuGVONgEGAscAnk GrC+yS8cqP3MILfZeFKEa1pwOjIIoPBEnHG7LDZWLi8FHshjWGAHQ6HOgfeI4kx6doTLNUrR K6JUkl3aQSBJdZ22l+DKXHYvjU9vW96WBT20bN/I81YKIT6uywdyq/fF+YCnif86H5UO7KRP FUtmG/aVeawJCma0pWVJybdVaStUDc5cJy+uWuOrk22Voj9lScbTKxZYPXNVsJxF0Qs21WDF SJLyMjpoz13MXQrUwdAKewF3IKMaiUI8IQ89Jx4kjfimCVJ2dCuLs/6UqdNqScevK3pESZRm R8rV14HeLysn6hbbD6tl5FSK7VrLWfniKDPF1TK3gYU8F+gnGuo/uy6O3S9lvIZnj9ey7GYa BScsa8UJKjcPtnGLtfSwq22lOwJ6Ob2v77WbsbWgUr3m3a4pe8q+krrl3UhB2gkpbKcJ+W2w SEEamWoLuRK6V1c9a+dZ23Setfwb2qtu7lYtQMZbvFv9fTb/A8/vDfQKZW5kc3RyZWFtCmVu ZG9iagoKMTIgMCBvYmoKMTAyNgplbmRvYmoKCjE0IDAgb2JqCjw8L0xlbmd0aCAxNSAwIFIv RmlsdGVyL0ZsYXRlRGVjb2RlPj4Kc3RyZWFtCnic7VVLbxQ5EL73r/AZqRuXH21balmahJ7V cgNG4oA4zS4glLAKF/7+1svdToagROKIRumutuvx1VeP2AnMj+HOWDNaFJOjZwz0/P6vef/C fBvA0O/758HShbkdUImlG1I39G5POf0yfHrxPOU7A3OYIl/R8ehhciifb4eXf98G8+o/8wY9 2inm4AHfOdqSCVNGKw0EMIUWCuKUWObwnr5EIp0zy6EkTPJGZTdltQqZfIo3kc8cReQbEyav crNrvs6mReD0OCppE46G8zx82ajZKWAM7PO2kzdyLP8w26vT4EOmNMFPszn9Y14ewThnTp8+ LBbq6Pbnx9PrYT0NzBv+3v7Fjn7g32ss59eBoYdi0RtBEWmvC+SIEXq5aXSGN5jNOwxxZ7Ym QYiFAWKxNoBZALo6+sX6GhYbKoKMFRY717jYZHMd8aPssB/6JAAZu0J9zkhsc4oODuT0ivxd 0+NVLYtd0SUQFRDpZEwYpwIiONaxiDbYmhaAmim00zOBuRIuOsRvMrpCb3iSq0tMMjQ/e2g5 DeQtVwwtjkWkQKJFjsFzDIYGgQGyMUTCn3oMYsnoJAeOl3qivOVpsSLMiapVUJLxiTI+yCd2 Vf4zY39m7JEZ4wpczhglevr6MwOM/6Sp5MHhvtYW5tmS5p/rL8ZyfDCX8GAuR68zxTO2TeX8 zKFkfDqW4NsotrEklLHLocOBDghyqZAfn857jGH7Y62ws7JQ5rDwfWc5RusVMz21gERnYpWs X4UiHeqmLrdy129C364KP1dV4YsjZrCZ9m4Qx6whOnW+o7r4hvTRZgqeEk0P8iRvP++lQLvp Qv8Dse2pLp4KwhuSxHn/TiTGHoadbMIdxu8Q+WVj1jguMjAacA7kG7C+yZ+4UPudgW6LCTgR vs2C15XhAecuUN2Srg0uC5IKJAIXnpqZagulUYzPw5OzihgubjlFgzgus+rhphmH3SNo3/h2 Qfi+5rquFYp2DBy1A8PiuK+O2HWUELdEZpXivHQfJQZ66lqLODW3fj92cuK0Mztt9ofJCZAk Ri2O+hfjQ4UdwKrqM1GoK0Jb/iAJ9GReUOHiBRU6gNdcqrIhEDzdnSYhDM3yL16nmA1C+5r1 urNyR7blXHsG1JutnLpvLhu/fdzUAnWFwq3hfSMTyJ7t3NPnBDvKFcCeflZHuTzvE/x7OkrL ySSwCTJaun122JNOtK7yTp/4Y7We+JVOr3WjhnuEb7zJDMLS9xtWY255tAb3W2xYN0e/ajQX 8wVDPTe6aNUrZS1NsGcIq/Y3B9OmyTsXpS1wd6/eb8z/y4/sLgplbmRzdHJlYW0KZW5kb2Jq CgoxNSAwIG9iago5ODEKZW5kb2JqCgoxNyAwIG9iago8PC9MZW5ndGggMTggMCBSL0ZpbHRl ci9GbGF0ZURlY29kZS9MZW5ndGgxIDI2NTQwPj4Kc3RyZWFtCnic7XsLfBTVvfA5c2Zmd2cf 2d1kgbwnL0IgJGlCwADCJiRAICQxCQi2aDbZDVlMsjG7ISJaXgVEsICaoKgYFRSRUqRcTRCt VhQp0pfQW2/ttVYs9Roptx+tvZgM3/+cmc1uIFCr1vZ+vy/L7J45c87//Tr/XQJt7R5kQqsQ Qc76ZlfrGClLRgi9hRC21y8LyJNHNf4Ixr+FS2loXdLc0ZHrRojAPXp2SdPyhps7ivYhxG9G KDGq0eNyP3P2L5kIpXTD84mNMFGutOjg/ldwn9rYHLj9V5E3n4D7frh/pclX78p5+cHD8OgI 3Nc1u25vnSR4eYTSKA1yi6vZ0/6j2yrh3onQ1Pdbff7ATWj1JViaSp+3tnlaG87z78B9MUJC I8xheNE/EwxFes8RXhB1eoNkNJktEVabPTLKMWLkqOiY2Lj4hEQ5KTklNW10+piMseMyx2dl o//n/nA+6kEn4PUq2osewU/BXQNM3wYz3dxBtA61w8xr+ATeyI2HuafQefQ2rNyATpC9PMJz UB7MIvSOwKELuAYdAhgFOAoX6EQe8eX8Ib6K7+HP8ifRJN7Pn+RreT/OI08IC4Sn4Cogr3N2 dBwloh78HvKjw+QjkkeO8MW8Bb1HTpK96EPAAvoGHFvQLrQCaInCPrSSW8FVwcwx4STaAS8f PD+Jd+K3gbrDeC06jR4kPDcb7cSnga8T6C9oLanhVoJd5nENQP8xgHUS9u9Afh4Jp7GEFG4c zAH1gKuOvceT8cJp9jqPVgLmGrRL7BGjdCmAhUrsKfwa7hPvR93obfItchv5NV7Hp/B7+Nlo iyoBUou2AOwddI/YgJcD7/S1gkLnOvhavBd9xNfq6gD265QjwHmIqwKOGtARuDpEK/A0Ba8j G4FS+jQendTN4bNhP0DQ3QVcI+Qj+WgpjFag/eggGk+60BaAxPgVJwl/gZ2P8O8Dz1vwvdxf 0ElSjDJQA38OZI2iEOpC6AWdKPCEwyhTth7g0krdB5w3LJTfXJQ0PvOyW9mqkw+gygPm5XLP pUuVC/lYYdEBIe4ASdMf4NNS3r/aw/fHZ86tXCgfGCgp1qCW1BbDXPVCGNI7mIb5kmL2jCI9 IKTBv9LaA3J9o3yP9Z6UyfdYPZPHg9hQg9LFNwi7IBrpUIzTxH+GxM+wXljJ8Sj76Km+byDr qb5TfTmRtiRbWpItqYFH/X4S2/+h0qWz/PVPbWIG+L//0gdCOmg1Gk10xpgft+yXOm34cbSf 7xy5zbY5RhdtRjlR1hhrf18uBXjmQt+FPuu5v5zLORQRmxjL4cXYkYVTZGSzoqTciZMclsGb EUJ6w9k1l5ByHlsxWnO2Yekn31G+p9yB1+Pq9Z8IdadvuVk5pvxKeUc5dvMtb8+ejR/DS3Aj fmwWdUSwVISXi1HAW/ILaDuH9WgmD0R8A2X35TjNVsEpVAq1QqtwXhDx4sg8W8qrPWCQ/9NH 5RLaq0PjnBbxZf45dIQTsJ5HM/XW/ql9uQDmTD8AMloNTkOlodbQahBUMLY8BwXV08PXftYt Rn1Eabnt0gfkLNhqNJrujEXr8d28Zb35bqnXxveO7KFCspvR7KgSENKZoJCsyoVz1j+fAwwR sdbYVbFbY7tjBU1YyaIjakSeJqxkTVjkbPmjlT94440fVD5aPm/34gHll3g8Fuc/wefvGzfu g5MnPxg3bm9qKp6GLdiOJ6cwGUEu4B8BPiV0xJmhtwmioLOJokBsvMBzNkHgi/QCR8gRtN0g CpgX9VSKRqrKU0dtBSCDqX1nRhbkgPHprPwnOqugXfwni5IPWk0YL3bewnOSfgSXzmUI4/QL uAZuid7PdQhruI3Cd/X3c13Cdv2TnN0gGETOSCTdGJLOjxHGieN0TlMjqTVtJOv4jcK94hbd DrJdt5c8LTyve133S92n5Dz5lD/Pxyy+DVGx4zwDTsG2lMO9XNrHA/u5W88PHOsVo/q9+IOB CwP7uJSB3wC/k0C5fxJ2okh0nTPaIugjyDPIho/oN0hGvQGMXm+1W2ZGgYKPwr/cAsph34Wp R/tybQUFOQe/7wCGsC3JkWSLGjEFO1KSR+fbUvIBeQdeoayb63/ppdNPbNgg7FR+tGWge2P5 jsd+wdVuwdNoYuCoDfDtYANGNBLNcUaKvXbUa+qxbx5lsEfcQOyOklEg1wtB7YPiU6ZHr0Ar xJW6lfqVhpXSSuMK00rzSsvKiJXWlbYV9u7o89E2oCdoDPkTRqfnUltQLYLzP7Dv2c779+27 /zy2K+fO/7fyR2wj7509fvzsH9489tEjyptKn/KJcgyiayTE1+sGaVwJNEahWNTqTEUObFiv v1twPIOFXhN+cVSvvce0OS7WwekdejSXs0eUxDGij9rsBSrhZ6zn4HXhHEzkODOmx7fGd8f/ LP58vDAdTcfTuemO6bFCpi5bn23IlHzIh32cz+GLNSy+jZp2UgLOCw8BeblIx8xdx6/sP2g6 +cLSY3X1P7tVuQBkZ/T/Dut6uN137+i1cDff9PKxCRP2j83E12EJ+Jmh/Obo9kP7dwZ5ugls 3IriqNZjepElqlfQb7b04O1kJOicm2WzG0viGSO51LH7zlw42mc9ei7n+dqEVQndCYRqHTw7 n3obx+gagYMyB+rIEz09k5+788QldOnEnc8NHHv6vvv27LnvvqfJ89zN/9O3x+3CxRg8Bxe7 FMeJs2dPwAW2eBwhMVE4DbXTD50TiE2n13E2zOnpB+EMkgHbJMlQJOk4oifo+3qjYNBDYhEk MY6fJsUh3gwE9/fZRjI3pCYadETqgHrtEqgjtlqoIy4gugh9hIGTHFyULlIazY3WybrRkixN 0OVLXu5OboVuubSKW6NbI23lRvDYSCJxLEnBmSRdP8YwAU8lC/SLDB79UsMy/XLDanwv6cQP k6jF4H5JBpwEgY854HGIOnfhlXj868rKE8rKo8Lpfj3568VxQmI/4tHF95mdrQCdjAc7k1Aa RJ706ETjSIMFPTNS7LXY5PWJh+N6UyAsjjShkWSU2aA3JhJ9VMloYPitU6AiG3PMo2cu9IOj vAH2ZiuwFVB7a8mJz0nIScyRc5JykqenO+OdCc5Ep+xMciZXxlcmVCZWypVJlcmV6a3p6+I3 JGxI3CBvSFqXvDW9O/18ekJwa3BTcENtQm1irVyb1JrQmtgqtyatSliVuEpelTRqcZj3XY8n aQYyOn/CxLwk1TJ0+dPAokdwL7+3b7Xvod6enulH7t53YuAzzD29vfb5Gs/LN/2f81xew4o6 /zuHMsoGVu9tcL36xEuv2Fduysram57eT2O0D3LHMZBVOjrrnGo2cRZjdWICRCudVJ2YmFAk GRMSeQfklI181HrHxlE0p6SB8MYkSMbEWB2qitVbdPqo5JIx1v6jkMzPgGcWFBQEk8yfaZKx B03H8glYkY69g92gdGo3zXFSnDHOlAUOm2nMNE0xTJGmGKeYjDKScSo3RhpjHBuZHZXtGDti TMKYxAw5Iyk1fb203rjetN5sp1mG40RJNBITMRMLiSBWEk1iSCyJ4+MN6dkZ0zNuyViZsSpj a0Z3xvmMUWBOt4VyXCJOwI4oEYSans9iA4g1G2dhKmLIeJvK99y0cWPdA9OP7v70Vze91tTw hmvNZs+zzmcf/O1PGg7x0/ePGVNT4yxNsox9aOMjz6ekvJyfv+iGuZVpEamda3buS0DBHEjm gHxtKMcZJRp1yGYkGyw9hiM6SdQj/Uw7lRvL9xDnTr1FA9uhysjHImnlotLJcj5T9EgyJ7E0 85Gne3snH14XmRVHDtltJ14eOMjX7m+oFwRm+/vB9hfytZCDotAUZxwxIGLB4gaLbbOEj0T1 mMDeo4zlHCRaBw1JBSruM7kQk2xUUYd8jlccgDwSQpIahAZj02i8v+fOOzu/19Mz47n2V9/E P8WHuacGXI899vIubsVn3fsa6s+TPZSGw0DDLoiJRjUmkl5ThKF3lGNzRE/s9mhkt88aZRL1 MTNpTMzNvdA3GBPfGBITmYmr5o8p+xCyOaoqB8iDfAhR8Gl6DXx38nMr3kKXLr214rnJvb1c thYCuSq3Szmi/BVeR1zuPUANRtcrCyD/1KIIvMk5Q6fnDDYUIdmMEkIRFlsEijDbTGZEPyxm ySiZbEajVGQ2GqzIKGwgL1mMR6wWs0kyiATpI/gIo9V6au4BqWbuAX3NNxf2ArfO6xbNPRBV Q8eXXrlu0dGjLHxaQbh9WgwZJoKyT+GTkbmLkrHzvIgEvWgg5hHSSLPVnGLON5dKFVK5+SbD TdJSaYN5lfl+s11CQIRRMBktxoiR2MFZeaswUooyRpliLDER6SgVPEfmZSEDImualGpMNaWb x1rGRsi2SSgf53M5fI5wnTTRONF0nbnAUhCRYytETuzknMTJOwWn6NQ59UWGEmmWudRSGuG0 1aAb8A3cfFLJVwoLxPm6BfobDTdK843zTYssiyIqbQ24gWuUvBZvRK1thf52y+0RG9E9hnXG daaN5o2WjREPGTqNnaYdlh0Ru4y7TM9ano04YPup7T3bJZsHHFKw4HE4H7Q8HdMyK4+7v/yB O+9vKqvJS1KmvIZvxje/1vjmHTtmr6/hy/sfIE2qX8FpiJ8D54I4tAMifEwsGRVnE3jEqkrr 47YHzN1R23g4FSOrxGEpbqSViGBvcw84QF8jar5J9USVRpiiTvW98gqrMbL7cukBYlBPghqr sDN3Pr9AWKC7g79DWBa7IVoH5+VoPgYOTnEBtExsj/HHBuLWoPXRa2LWxK6J24P2xNqAtTQo 5vInoknTcHjA5iHm6EQEh/RX+8v8+N4817yn19/y9u13nFr4BxxV8s1o5cLevXs78LbJzdtL O7qKZrz1jdw//Ohbu1vjlY+Zj7uB912Q2zlkRqud8dhMzIgQcxEiRl23gMlqAzZJKE7U8yaL 9d25B4zAs5mxa6LsnlJLTur3p+CsETRL/jiwfJwyO9aIxqLZaBHyog50D9KNwOPQaDyOTMTl uMJUYV6AG3A7voOsw2ZgErIzyaPHEghUSflEVDis5CunTx8fuFlI6/+AnOzP26N049rXmN7c +D1uJbcWzj6259EjHI8Rb333LXYUzIkEcbm52IEPubW7KJ8bII5sAR3TmjYFatpuO+o2baM1 bVxEAolzxF5W02JaPtnzcu0QKYYUq5seefRR+Pfoo59hg/LpZ58pn2KDUKmcVN6C6yTOg9cE nNet+JX1ygYFVIKX4zvwvZTeR4AGP9AwBirWLOSIlNYbEtfLkd0Oc7fhfjGuW74/ZZu42fFk xoi4SESiouNGy9Y4EpVoEDOouY2oCVqaQQ0Jp4BgsCkaFyDonemz/v4cq2lZSYudBneCK9El u5N4tJhlJz4pPDupjnK5MZHp255Ufqb84eZjS2vebH75WO/u/c937nzyweqX2/zHF/0em75L 0hKPbv3Nn9LSXvtGbteW73Q+1dHqX5E6+pAs//zgnc9SPqFy4m8Cm5KQ0+koIt081y2s1qFu gz5RjCMoERtptIugwQ3TQNd3VD3sgr+cYv4ChnMogkTw3OJJSTYhPy2PnmQUPEd5CHt+jOf0 79rL+2f3zL54ei+zAyvt8QE+Eb3gTOfp2ZDYOKKeDgk8h2oVoyLC4+8jkSccEgSss546OlJ1 0qvVopV6WlPUITKWzOJnCTeRu8haAr6m4/S8QXTgKC6GjxHGgjWP5jL4DCFNlPXXIdA/N5Wf KkwSZ6MSXMKV8qXCLHERWiA2cF7eK9yBluFl3HJ+udAurtI/iLaLGWD3SSxaYW7OwBtv43fw f/xi4Jhw+rOR/EcXx2lnXzfk/Ug0ETLgYBbuMR2RoAxH5bTupGfBPjUBTj0zmIBrHT+lCRiK XZuaAkMFAO+mCXhfb2/RD9pffYPbNfAtbudjO1/eNbABSgCP+4+AFxIwr8q13jlKAJFy7Lhd JHSj1UQgGBxO1Fn73zqqlrlhsY5JEFOTXfgS0iEnANMhHVitbdJ1i5z2hRwWSYxQIMwWlpAD 6ICoY7W5A8rypD3klYHfvY2VgTzh9IKLq4VxaowuRkj3FD2D4BXOUiFGFODcwcdIBhID6ZWL wRwkWJEeTQQgUTuamGC1DSFTkSSAOcDRxKg3GSWDXm18Qf1ktp56Sz2VQPEw/KFk8FMd0lqT nVH+JHKiwEH2RJJdGiOkwulkGjdNmCDlSGXcPKFIckqLuKXcrcISqVZaAWHqTmGlsErq4jqF eB0ycHBS4kUBCUjEOh6KN50BGXhJMiFLDHHwDn20yWqR+SRBFmWdrE8xpEppRtkiW6Zyk0k+ nyfk6CcaCozTTTmWmWgmnsM5+RLBKRSJRboivVPvNBRL80xOi9OykIOzkKnS0sAtIS6+TqgV a3W1erfBLbmNHWCLK7jbSQcfEJaLy3Ud+lb97aaVppWW9dwGcje/UVhnuMe4xbKdf8zyfcs3 qY6omVJLTTHglOK38GRc8AF9O6lsVJTXlR8pYLV2/hy94BxlvXie6Y723TZB3ItHBU4ZCbG4 k8R26u2P2/Y7Oi3b9JsTOBRnm8DnjYo2WhPoWfFM/9HB/pty6hxtaaRBPkiyiXyw48aPDO/F 8a8pz3P2duX33coTSjvehG++D+t8rf2blHPKJ3DKtt+65zTe9tTAyur5+CHcjFvwQ7Nn/vst tcpPlJ8rv1B+ksbohHMuvxRsTEBpThPXiVbzOI5MBj0BTdSxzvTlOA05ukrdKrKK51kPDeLS 8R9z/95/i3CaRiPNV6FCjEQThvrq9uF9tS/oqwdr1Z5NuKfa/oanilEDO6mr0t4B1KM3sZ7N GDTHmRJtijfY10eO6I0gvaNTetKPGHojXoqJHx2N9KZZot0ul2TQw4LWRjh6Ri2aldM0dRRA 5Tx21djusZdVziOtXCiBXI+1FoOdHiby88gTuzsf2L37gc7dPYpy0bXvhht2Vv3boYKDd/6k v/8ndx4s6OGuf/Pdd9889u67Hyu/Uz6KT/hB5tiXfvjN+jowHxpJJtfV76U6yAZm/srkt8gZ J1ixSf+MiDeg7RbxiMRFQhAxCHpzhLEsimZEqSZUK1sGa2XWEjtqZzHpTG4/ZPNcyhR+3umo dHQ7yGLaDxPjMe2OpdCuGD2jcX89UD8PZys/7z1wYP9LYtRDlY31W/qzyc+3lL/4LFQYmyB3 b2L1QwrQOMOZNsqEutPF7oTx3fZtCZvTn8wZZUodG+dIjYswQDUBJUVEUmwOkzEIlp38tTzN 7ig9Ye2wNHpQTAVJ0nKOpeqU5FQgKzKsd8Nt2rp799atT+1Wdq/Zhi7953vKttX3Pal8+umn yqe7Zm9bu+b++9es3ca9vmPDhh0Pr9+wY4F8cNUPfvazH6w6KCe/seWdP/zhnS1vYFdgzZoA XMHzpC4ebCYZ3eQcLdoNoyKQGK9zmDbEy6Qn9ki0FU6YEXq9WGnTR1TGjYJjVgo13P7+/j61 wp0KqYYVgNSAnZE5qZWpralbU7vh9cPU91IvpRrAgpgNO8Lt+opUlFHyyprvv9zb1r7lqd62 jnuf6u2dfmD5Hc+SjXcu+/PvqLk//gg1d27nEw//8EmWoJbU3an2KiHC4Nf4FNb/jnNaxLX8 U2gtB4Urj0YN9r9pGT6JVpVwnX8b/hSFT1HY/i2g1y6m11S00JkaKSLzetDsCLE7bsRua7dp Y/K2uM1ppmRDXHRCZBxJSoxNo9HgQt8ZFqHO9J8JlVzOqBPoBD7JnSQn+RPCCVG3K+FgArd4 aOdTbRlwhB1DHVFo8CsEbtfdjz12N1zYUPZw2ZtvR0w5eOv7WFDO/04ZUM7hShxb9jCZcviJ x1988fEnDnPLe1JHK39S/njjYuWPH/9e+S9WaNbh3Vqv4Nfwth8ptDZ+AQSCo9Gowe8UqCh+ TYVAz9cQN3aBDdCe4zRnbLDn2GPZjF8iR+JtduMs1nkMO2Fbz5wJth2dBvWM/dsECIdpgxrV jtdDjt3+3t7Q6Zq7Lnjm3jOwX5T2hp2v8cfBxiPTD8RkoQZiciTQ95wz36DXEcjzhCeQ53lS JPLIQXhHpyGq07zayAsisRlQ3AiLIEVH87bpUVKciWeUgyNCqWxj/aTsqbTQtBfYhxyjtfPZ QWcCze9Fd0RiSM9Y4ESi4x2I1nsjyEg+DaXhNG40SRdH60brRxvkhIl4IjcTz+QahXa+XeiI vFu8W/eg+KAucTEru0dGppAsOJXSE41M/RvbNJcm9xaumHbynR/O2XT7uz/Gb2LUv3Zgo3Jf Z+d93JERW7+tNOKVXXUDG4XTv/zVvYe5ioFzG9auXUd1ez3kGNp7ENFnznTtGxDMCfSDcCJU FFD0iEUcQT+kpTCH4SyrU/sLECJRsLVAz6/0MIHYYeLaxTB2fnc2VDO0jlnPreK2cbs4PUVk IAYmmxgSw4+GSjiDZPCyPh/l48lkMp+jp7VJKSnlZwqzRad+AVqAF5FFfKW+ATVgL/HyS4RG sVbfjgJ4BVkB0rtDXIfW4Y1kI9Qe68Uu1IW3czvIg/yDwnZxj/C0eED/iv49/SX9tGAtglOu V4/1yrcu8rX9NWTfZ92DuXwT2I0RZTkdYidP07m+k/+eJGCDjsQh3qR+N3SUss2+58s5mGgG zdODo027jpMDAzHcsYEC7q/904TTe5WZewc+UM8cB5Q/cStEO5yaJzkjRKjjLWYdInYRRUrs nBxJZS1R0WonHYnK/Uxun5oH+vtysMg5ouwjU0Zz+RPsk7gV69esXdfd1fnAdtH+e2Xa2bPK lA8/xm/89j18tE/lR5jC+Ml0Ruk7ue/xaLUkAifCdQYcZKefRbupNOnlHKxk3ECJQptu8J4C hcp//vjHA8k/Fk4PPMK5L46jnIGP4XzqaACbIAPKd0bo0Fp+NQeVNA2iSKKJ1lgTNBQIqGpi 7X8LMioyysZKI1mcxoKrjaQQnH/ixImoJxwKlIIDtykPY48aj3aBvHxMXomAgcpLh5HRzkfq Echr6oWQXCLzRtgdUZwuZaI9fwK3C0TS2dW9bu1a0d6nTH3vt8rkjz/Er589i3/E4L5O9mIf o32SU8LfgZoNCRzPU6LtNVQN1MQ5SjmNXJAHsNMc/D51q9AtiKzkwr69QO5pblzQdgQ4fYA0 ljsTdOBamLOJOiitOfr1hgAVOxfHT9SB1CX1m40C7QxREPYFI/tiMdFIY0nORO463Wxuls7L NehWcTrwGzg/xojgG+KNeKHowV5xubgO3yN24h3iY0YrOw3RL3KS2NcUVq7rqHJ+YOlRqK4T +fcvjuPf/yyR/Z6Fm3O9+9/ffveWiKl/Rol69ruONxLm86FfeSgLdE9BNYWQPvTDD8j6zUp8 +E9BLvtpSA5/EjUIXcjPFaBX6cU3oNv4J9BhbhNCJAVN4j+E+z50mxCFbhPPouP8WbSCH4d8 ZA46LNjRfpg/zB9B1wsjURdcbu4D5IbPDXA9Atf7wnJkhXWHYbxH9xEqFvOQn29Hx9kcwOR+ jrLh2SbdCcB5EJ2H8RbA/WsKV9gC+ChsCzpOEuHsyMNnPs6H8S4uD70u9FP9QU3TgjajQxjh 2+H1PKfn2riXyVTyC34Nf5jvh3iUJe7TSTpZV6f7pd6i/7b+MJzA/lPKlWqkrdIFo9O412Qy ZZoeNO0z9ZvXW0ZZZltWWfZbfhthipgYcY8mtRx4EaRmKit6iEqZdwiN8El1EIOnDcr2wUE5 g9nDHdZ28ehJbUxg/mltzMP4oDYWkAm9pI1FCCPHtbEe2dDb2tgIZ6sz2thsfxQHf+1kQRMi d2pjKzJG/kIb2xAf+RvAiHkDEJQT+b42xggqNW3MIb0jXRsTmM/WxjyMS7SxgEY5vqmNRRTl 8GtjPUp2bNDGRjTZ8Yw2NqdNdnygjS2ocUq8NraiEVPWaWMb0k95eIavdXmbd0ljQB5TnyHn 5uTkyXXL5SJvwB9o87iaM+XSlvosubCpSa6iq/xylcfvaVvmcWdJV2ydSLfWuJY1L/W1LJGL XI1X2VjsWepa0C7XN7palnj8sqvNI3tb5Nb2uiZvvez2Nbu8LcE11a4Wf5HPd2vYbdhwgafN 7/W1yLlZuQXqdNiCBl8LYA0AE42BQOvk7Gw3zC9rz/L72tvqPQ2+tiWerBZPYCZbRmmgXAwy Lo/xezxynafJ15GRJX8OirPkWU3LWxv9sre51dcW8LjlhjZfs1zY5lmmkRLEwSTUrkooHI0k hbADZy5ZJW1QzNL4a/5JVyrkc+tSvgyz1y+55ECby+1pdrXdKvsaLociSZWetmavn4nf65cb PW0ewLWkzdUCrGcC78AWbAOJgZwz5YBPdrUsl1tBYbDBVxcAiXlBBC65HoiWYGWg0ROUU329 r7kVltMFgUaADlL2tPhBeslMJMkZAMwtu/x+X73XBfgkt6++vdnTEnAFKD0N3iZQ0hgKkW2Q q30NgQ4Qf3IGo6TN09rmc7fXexgYtxcY89a1BzyUBmnIhkxQc31Tu5tS0uENNPraA0BMs1dD RDG0qaIEsO1+WE/ZyZSbPZRriRmIvzEzDEcmxZnta5P9HtADrPYCqRr7l6GmxAHYVirogKSK jiHqaATDumIDVUNDe1sLIPSwjW6f7Pdlyv72uqWe+gCdofw1+JrA2ChD9b4Wt5fy4Z8sSTUA zlXnW+ZhHKhWxAgYNIIWXwDU4FdnqVZaQxagPpP9ja6mJqnOo0kNyAAvcQ3h09cCdtEmN/va PMOyLQeWt3oaXIAoSyVq6NNm13LwFtju9jZ4qaG5mgJgejAAoC63m3Guio46qKsN6GpvcrVJ FJHb4/cuaWFkLFF9FTZRC3XVAxA/3RGkx385JgpSAgRMYK6m4QFoe4J0hKABeS1Ny2VvmJlL lJ02D/2FLVtLB34qSKqXoHt4wOY8bWxTh6/N7ZeTB/0wmeIOPpCSqdsmM5GBZso0f6nzgCdR qO2gAyqTZT7vIGGe2wPgMbKrtRXcy1XX5KEPVN4BMh1IIaU0ugJyo8sPED0tQ2RCrS5k3W65 vcWtERwiVWLEqRxeS6t+XxP1aqY2qiSX3ESjB/hKcGGrq/5W1xJgDPywxSdRU/37jGoIKghY QKKnqYESNbtEnllRXiNXV8ysubGwqkQurZYrqyoWlBaXFMvJhdVwn5wp31haM7tifo0MK6oK y2sWyRUz5cLyRfLc0vLiTLlkYWVVSXW1VFEll86rLCstgbnS8hll84tLy2fJRbCvvKJGLiud V1oDQGsq2FYNVGlJNQU2r6Rqxmy4LSwqLSutWZQpzSytKQeYQFyVXChXFlbVlM6YX1ZYJVfO r6qsqC4BGMUAtry0fGYVYCmZVwJMAKAZFZWLqkpnza7JhE01MJkp1VQVFpfMK6yamykDsApg uUpmS7KASoAhlyygm6tnF5aVyUWlNdU1VSWF8+haKp1Z5RXzSqSZFfPLiwtrSivK5aISYKWw qKxEpQ1YmVFWWDovUy4unFc4i7ITREKXqeyExCHRDbNKykuqCssy5erKkhmldAByLK0qmVHD VoLsQRJljNwZFeXVJTfMhwlYF0SRKd04u4ShAAYK4d8MRhljvxzYpXBqKqpqBkm5sbS6JFMu rCqtphqZWVUB5FJ9VsxkFjAf5EmVV67RS3VE5660DlhFd2sMFpcUlgHAakoGTEhD1oJ1ldxe 72kNUNvWnFsNjSyMqrEzk1mtGgTAhGe1gOOqc2wIaQk8i2UdNbqFEjZNx5lq6GXhA6wbMpEa et3LPBAB/TSU+NokHw0mHV4/83RIgc0+NefJflcTIINd1IvYKoiVribY5h8kc4hDScFk2Nrm hS0dbd4ABBPZ1Q6zbd47tDTcpqUpxoEc4oBiCQUHlf42j78VspR3madpeRasbaO5jFHibYFa rVljnYmvPjA5WCoE5CUMuNsXkKCiy5IliVVcX7p0+ry17FdTB0lqHSR/kTpICtVB8hesg6Qr 6yAtyNczSP5gzhimQA0VLNKXqZXkYK0k/WvUSpKqh39YrSSpDvulaiXpK6yVpFCtJH/BWkka Uhd8gVpJulqtJH/+WkkKq5XC3XdIuQT5HILEV1UuSVq5JH+pckkaQi47N37VJZPU4pO/dMkk faUlk6SVTPIXL5mky0sm+YuUTNKwJZP895RMUk3hgnlzKijZhbO/UHUkhTj/MtWRFKyO5C9T HUnh1ZH8haojadjqSP4y1RE11iGOMlj4SFctfOS/o/CRrl34yJ+j8JFY4TO0dvjbBU0guN7J igYpCz6yrtm5yu7w3urN9kIEuT2rtbE1Wwtjl3XO0AzkQ61oOWpDXrQENaIAktEYVI8y4DOX NVbzYFQHK2RUBGsCyA9XG/IgF2pGmTBbilpgfRaMClETvGRUNQjLz+488OmBPcvg3Q0rpc+B deIg1hrAtAxw0f9m1wKrKR0u2PP3YSyG0VLYtwC1w4p6WOti0Dxsh4txJAOUFnhvhTV1ANcL 62TY7wPsLvbscjjVDIofKPLB69arPB1+dgGj0A9wfQxrLtCZiwqGrB4eQgPbofIa0DRBeQ8A 5ZNRNrzc2vplsD4L1vngsw248bC9bYzvLIDhgT0zw6AF5RDUxZUap8+obD1MPx6Qkg91wFqq ja9GxhTSLHiyHNY0sp1eeNbK6A4wfVIJtLEd1AIo1GWXSeVyPkI21D7Ehq7GDf1B2XC8qzpz wShcaldas4TGf4mX9Lk85Kv3y+H1HeLZC08kNgqwGWplzUzWt8KcDzTwt2ihnFUyeM0MWsj6 vYymRvbMo/G1hGFp0bSeqeld1ZaKTbUx1Z4zGV0+pv0Wtr9V8zAVgw+gBjQb82pW4GIwVElL GswAo+Jye6pn66gdqtCDEOhqlXbVlj3MX1XbSw6zkmSmObrXzT79jK562OPS+JOYF9SDhTYz KAH2JCifBhg1aZ40ZpDGEAYaVyj9AbBf1fopxpBM6Ewr8xo3YKhnu4PUuBkHAWZrdfA0wJ6q OKRrYMjUvLkeKGtnUFSZdDAbaGRRJ6BJppnNhXMU5KFtiFWq1LYzGWaGaYeOm5k+VV1LYRHE D7szr8JH5iCf2SyCyAyy6g8qbK8m1aHavzbXQcmp1LYOWnSA0RWyuhBHHUwezZ8LQ9AbGljU btE49IRhdLN3iiOTfVJJLIUV9QyeuiaoP2rHTVpkC2qonuF2M4q9GqWTmXfWaNS5AKKPRYaQ DsJjUUgCV0aCFlgf0LzBP2Rt0FdCEguPAeH7ZMazi1Eusdg81NZUaai5xHUNffpYlpM13Tez z1D8+Dy6CLBMRDOnS+Moa4ikrrWXymS5lltU7FTmDYxGt2ZJTcxO2wZnVEqpTN1hOg+3umAG dbGM6GUxo4ndSYMcuRmlVF8tYdJYMiSvqpiCMdTFrEe13SCOy+Xj/5s8BamUNA5CFuZiOvr8 FAzFc7k8hqMtU9N3E9vnvUo0lwa108birIvFlRDc4Ix/0CKD/nJ59vBocc7DuAhi6mBcudn+ 5GHyYfIg35fvkOBZMNsmh1mZ6jNll+WXOubvvjBa2zU/CNrJMnjqHUZiHnQ7k3OL5smt8FKz l4tFVM/gjnC9qzQHZ6RhPaWRRXiZffo1Gj3Mkq5mJ8FYN1zsdrNM0ML0Hi6v4aQqhUkuXIdf 1Ff9LGoGc3XI24KeRCuHpsHao03bMRRiK7PoW+F9iaYxNR9Sq5IGo+o/MlJdnas6zUcCWj5s GJTUbFTC8FSgcrijeCrgrgbdCHVkFXtWCnMy1HFV8GQB3BXDbDHTSyF7Qp8nM2+8EcYUYgWa z2CpMKrgncJeBDMUtszu6d1cWF8OsOjeErSQ4SgBaNVAWQWMKex5MFsGnyXaOrpjBszMh3s6 noVoFariK4ddNcx36D5Ki0ppDcyHsA6lqpRhDFI2D+6qAP5s7WkhwC5l8Cj9maw+ouNyjU5V clUMOpURhUxhzgCKytgdnZ0Pn5WwrprJs5DxrFJbzniYCc9VXkoYBaomVIpmwGcl4KYrZgFd NUwKFFONtjKT6ZHyU8z2U6xz2SqVsgpNy3QcgpKlyVKlg8p/wSDmasZ/Gbxkxn8NzNQw3RQC /CDcoO3MYhAo3RKTxnzGXyGTQwXDUMTWUSlSeZYNWlxVmFZmMHlRvVHKixmmQiaR6mE5CUIL 185w1iENYpjF+Cthkipjq6tBjiWwvnRwRrXHUsbrDE3WKkzV7lWbKAuT7gzGI9XsDYC1RLOp Qia7oVxQPd3I6A9xoWqgUHufESazkPbLNe0G6alhmGuGkcqNzBdL2KpCpuvqQR+Zyfx3nkb5 /EELC8WA+Zp9VgxSNlS+QT8Krvs8sUOFFcQ9VIPFzJ7KNAqrB6WhrpCuAVeNXSWQ1+rZOScw GLeHZu7wqjFUjYbXnZlhsTa8ElCj8Cy2tvmydaFZ9bSk5qzQWSe8dhvuhB08Hau1fLDqDVUf auxWz0ThVa+b1edqDegfrEp8rA70DVYmHexpKKe3ar0T35BzHsXsYrk/cxBXMBeFYKl1pYtV CxSbfxhpXj1DSVecDFtZvlexdLBxQKtMKH/t2lo6f8dlp+Fg/+dKHcjD6iDIy3CVQ7j825i+ W7WzlJdJmNaTWRrcNhQ8l4VkQiWg9tWaL9N6yPootMno8q4ClcGSMMrdTNYSUnt0FKfE4lWw x/XP7zp91X3Zf6V+kDSkH3R55fWP6wdJw/aD5K+5HyR9rn7Q0Eq+PoymUK8juPLzdVCH67BI /7S+knxFX0n6/32lsL5SqMPwv7OvJA3JsP+8vpI0zGntX6GvJA3bVwpx9PX0laRr9Au+nr6S hP7evlLoW6evsq8U8rehfaWrZd+rd5fU87laSfyrdZckNLS7NHx34+vpLknXkK4cJsF/7S6T xGzsymrm6+8ySf/CXSbpsi5T6Kz7dXaZpL/ZZZK/ti6T9Hd0meR/WJdJYjJYAFDnMGpVaRfC 86+vdyQNq/N/Vu9IuqJ3JP/TekfSVXtHoR7QP753JP0dvaNrwf3H9o6CkfXqGeXKjo/0BTo+ 4V2ar7LjI32pjs+VZ7Yv1vGRwjo+1+o7fBUdmsAV8J0o1GmQGB56l/UlfnOVzeRyK1zZjDY3 q5qyWP3aCnNDq7Fr/+aM/Z9l9nfp2+gmNMxfD7fKeekzhVyMIv+TRv6aSz7tIn+xkD8r5IJC /k8a+ZOF/HcXOZ9G/nhPofBHhZzrIp90kb6L5OOL5L8U8tFk8ociclYhv88lH56pFj7sImdg 4Zlq8sHvsoUPLpLfZZP3FfJbhbyXS/4zivymi7yrkF/byX/cRd55kfxKIb+E5b+8i5w+NUs4 fRc5NYu8/YtY4W2F/CKW/FwhP1PITxXyE4Wc7CJvnUgQ3lLIiQTy41xyXCFvrLMJb8SR10eQ owp5TSE/UsirCnlFIT9UyMsKeUkhRxTyokIO20jv+jShVyE9L7wo9CjkhecXCy+8SF5YxT// b2nC84udl8jzTv7f0sghhfygixxUyHMKOaCQ7ytkv5t8z0L2PZsm7HOTZ/fahWfTyF47eQaI fuYi2aOQpxXylEJ228kuhTz5hEV4Mpc8YSGPu0k3LOnuIo8pZOejJmGnQh41kUcejhYecZOH d1iFh6PJDit5SCIPKmR7l1nYrpAuM+mETZ1d5IH7LcIDY8j9FnLfRbJt64vCNoVs3bJY2Poi 2bqK3/LdNGHLYrLFyX83jdyrkM2bsoTNCtmURe4BNu8pJBvvNgobo8jdRrIBJja4yXqQ1Po0 ss5GvqOQtWtswlqFrLGR1QpZpZCVCnFe+vZddwnfVshdd5E73WRFjUNYkUbuUMhyhdxuIR0m skwi7QoJXCT+i6TtIrntImlViE8hLQppSiK3KmSprUhYWk28Cmm8iyyBmwaFeBTiVki9QuoU 4ppMai+Sm01ksUK+qZCbFLJooSQsukgWSuTGEdHCjblkgULmA+b5RaTGQaqxVageRaqiyA1z IoUbFFJpJBUKKZ9nFcoVMs9KyhQyF57MVcicUqswJ5KUxpuFUiuZbSazFDKzi5R0kWKFzODG CzMukqIXSeFc4lTIdIVMu94uTIsi10+NEK63k6lTzMJU56UIMsVMJiukQCHXTYoSrrtIJk20 CpOiyMR8ozDRSvKNZEICyTOT3G8YhVyFfMNIcrKNQo6ZZBtJ1niDkGUl4w0kM5eMG5smjHOT sRl2YWwaybCTMelpwphCkp5GRqcZhdERJM1IUhWSopDkCJIEfCbZiewmiRdJArCQ4CbxZhIH EoxTSOxFElNEouEmWiGj3GQkSGqkQkbAphHRxKGQKIVEKsQOC+wKsQGvtiJivYtEuIlFIWbT CMGsEBOsNo0gRoVIVmJQiB6W6RWiiyKim/DwkAcLcBCYJQrh4J4bT7CVIIXgHuxedy8e97/h D/2zCbjmX/z/BYP2xVcKZW5kc3RyZWFtCmVuZG9iagoKMTggMCBvYmoKMTIyMzUKZW5kb2Jq CgoxOSAwIG9iago8PC9UeXBlL0ZvbnREZXNjcmlwdG9yL0ZvbnROYW1lL0NBQUFBQStEZWph VnVTYW5zCi9GbGFncyA0Ci9Gb250QkJveFstMTAyMCAtMzUwIDE2NzkgMTE2Nl0vSXRhbGlj QW5nbGUgMAovQXNjZW50IDkyOAovRGVzY2VudCAtMjM1Ci9DYXBIZWlnaHQgMTE2NgovU3Rl bVYgODAKL0ZvbnRGaWxlMiAxNyAwIFI+PgplbmRvYmoKCjIwIDAgb2JqCjw8L0xlbmd0aCA0 MzAvRmlsdGVyL0ZsYXRlRGVjb2RlPj4Kc3RyZWFtCnicXZPLbtswEEX3+gou00UgcahHAhgC HD8AL/pAnX6ALNGOgFgSaHnhvy/vXLUFurBxSF5yDolRujlsD0M/pz/C2B79bM790AV/G++h 9ebkL/2QWDFd387LSP/bazMladx7fNxmfz0M53G1StKfce02h4d5WnfjyX9J0u+h86EfLubp 1+YYx8f7NH36qx9mkyV1bTp/jud8baZvzdWnuuv50MXlfn48xy3/Au+PyRvRsaVKO3b+NjWt D81w8ckqy2qz2u/rxA/df2t5xS2nc/vRhBi1MZpluasji3K5ATvyKzgna6Ygv4FLZcnAlXKV g1+Y2YNfyQV4TdbMG+tuwRvOW/CW52itHVnAezLOsRnzmLf0r+Bp6e90nv4OtSz9BbUs/R2c Lf0daln6OzhY+hclePHfgenvKjD9C2X658r0z/GGlv7lC5j+JTKy+ON8ob9DRpb3h6cs/msw /Z3m6S/wEfpXuIvQv8Ddhf6V5umf492E/qK1lvdXpr/g7kJ/wXsK/UWd6Z/vtKmW7kF7of// tK1p7yHEltWPRHsVXdoP/u93NI0TdunvNyv/2UEKZW5kc3RyZWFtCmVuZG9iagoKMjEgMCBv YmoKPDwvVHlwZS9Gb250L1N1YnR5cGUvVHJ1ZVR5cGUvQmFzZUZvbnQvQ0FBQUFBK0RlamFW dVNhbnMKL0ZpcnN0Q2hhciAwCi9MYXN0Q2hhciA0NwovV2lkdGhzWzYwMCA2OTggMjc3IDI3 NyA1NDkgNTc5IDMxNyAzOTIgNjExIDYxNSA2MzQgODYyIDYxMiA1MjAgNDExIDYzMwo2MzQg NTkxIDYzNiA2MzYgMzYwIDYzNiA2MzYgNjM2IDY4NCA2MzMgNjM2IDk4OCA3NzQgNTU3IDYz MyA2MzQKMzUyIDYzNiA5NzQgMzM2IDYzNiAzMTcgNjM0IDY5NCA1OTEgNjMxIDM5MCA3NTEg NDAwIDM5MCAyNzQgNzQ4Cl0KL0ZvbnREZXNjcmlwdG9yIDE5IDAgUgovVG9Vbmljb2RlIDIw IDAgUgo+PgplbmRvYmoKCjIyIDAgb2JqCjw8L0xlbmd0aCAyMyAwIFIvRmlsdGVyL0ZsYXRl RGVjb2RlL0xlbmd0aDEgMTc4MD4+CnN0cmVhbQp4nO2Uy28bVRTGvztjO2mhTRxM00UVrmmB dEGIi9QWqRJUFUGVUio1xihSJDoZru1p5pV5oDqbxGxAYsO6PGq3ILFopUpdsGHBoku6ancs kBBbFqiwYJGWb8bXTlQi8Q9wLd/5nXO+e+6Z+5gkShX2YwsmpO1ZYUUIsN0CxJT9USJXMwvi R3aFlttpVj65/4j2PdqX28r68NflP2cB4xjtk206Pt5+f4z2Cu1jbS+5ehkr+2lv0R53A9uq YJ5ofMqu5FlXwzIWMvtzdtK3PDX+3e2faN/hdEfDIE4quPKE0odZPCsEeXl4lljK7f/bKgx0 AbNbanIXufqvl6vll6rlatfE9qaBxyg1/77WLTa5Wr8Axc1CDweAqnzl5clTJ6ty+tDkWMl8 9fEf13u962JCHLh548bNfs+Y6fX7/e3f+v18lcWR2dpi+s0HE2f+wjPj+cT3Go8auwspbrIC 7jPrGTSOG2tsb+6SPL1fRgHollayujA4GpnCwEGdw8Bwz98ajXlRfD3KMzPKKXiKZzQbXIVZ zSb9r2kukN/QXOQZOqe5RP/FAbM7jGXNAvuwrtlAGRuaTUzis8Gq5PovNGf6u5oNvIAfNJuY ws+DN2NXxe+aqRcHNRuYFtOaTZTFXM4mu+fFm5oFxkVdM+sRK5pNPCe8nAvsjogtzVn+LzUb mBLfajap+Z4rIwr7aJ8RDzQLVIwJzdwD46hmk/6a5gL5bc1FHDaWNZfoX5+1j8sT8/On5VLq ywuOHQVxJ06UF8vzvj13MVT+UsdbDdxLqpW6VrTj2KGGimIn8GVtrlbb8Z51XVnvhEErssK2 Y8sFZSVppOJFpzUALVCjyLnA85hmJFgIfDth4lgmozzr6a4M9SBNVCyb/6WT78Wpct18SjUU NZ3Ybiu+87WW69jtNeUkyh8O8XPl2TTeUIz5qd+KrYjxd4PIsxgZ6RZSf4NTO7Lu6KxMuqgG 0XqaJEpSPlQNAzJ0vpJ83dR3/l2SXFO+p6K1p6uhSI1C7yhPKZ9yKwyV61xZ21UTL5KN4/z4 nuD1nMdp0hJS+HxegMNYhAAxOvwnUPD4lDjPuI05XqqQPp8jOoysUuniEj0tZnBhcexeir18 DXoi5nZoZXPXmL3G315ansi8PWnxm7JH+wd8FTTzCmVuZHN0cmVhbQplbmRvYmoKCjIzIDAg b2JqCjg2NQplbmRvYmoKCjI0IDAgb2JqCjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5h bWUvRkFBQUFBK09wZW5TeW1ib2wKL0ZsYWdzIDQKL0ZvbnRCQm94Wy0xNzkgLTMxMiAxMDgy IDkxNl0vSXRhbGljQW5nbGUgMAovQXNjZW50IDc5OQovRGVzY2VudCAtMjAwCi9DYXBIZWln aHQgOTE2Ci9TdGVtViA4MAovRm9udEZpbGUyIDIyIDAgUj4+CmVuZG9iagoKMjUgMCBvYmoK PDwvTGVuZ3RoIDIyMi9GaWx0ZXIvRmxhdGVEZWNvZGU+PgpzdHJlYW0KeJxdkEFrhDAQhe/5 FXPcPSxRoTcRimXBQ7ultj8gJqMN1EkY48F/3zFrW+ghgZf3vuRNdNs9deSTfuVge0wwenKM S1jZIgw4eVJlBc7bdKi829lEpYXttyXh3NEY6lrpN/GWxBucHl0Y8Kz0jR2ypwlOH20vul9j /MIZKUGhmgYcjnLPs4kvZkadqUvnxPZpuwjyF3jfIkKVdXmvYoPDJRqLbGhCVRdFA/X12igk 9887iGG0n4YlWUqyemjv2eN0p/axftqAXZmlSZ49V9gf94S/3xND3Km8vgGK9G2jCmVuZHN0 cmVhbQplbmRvYmoKCjI2IDAgb2JqCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVUeXBlL0Jh c2VGb250L0ZBQUFBQStPcGVuU3ltYm9sCi9GaXJzdENoYXIgMAovTGFzdENoYXIgMQovV2lk dGhzWzUwMCA3OTQgXQovRm9udERlc2NyaXB0b3IgMjQgMCBSCi9Ub1VuaWNvZGUgMjUgMCBS Cj4+CmVuZG9iagoKMjcgMCBvYmoKPDwvTGVuZ3RoIDI4IDAgUi9GaWx0ZXIvRmxhdGVEZWNv ZGUvTGVuZ3RoMSAxOTkxNj4+CnN0cmVhbQp4nO18e3xU1bX/2mfPIw+GPHgFAsxJhkAgTwII xFQmJBPA8AgQMKHeJiczJ8nAJDPOIzEWC15rtUGLt6W29iHYFrVFy2SiNqAt1F/be7UPsK2t 7c8K/rTvF7Vq21vN3O/e50wegNbe3/3j9/n8mJO199prr7322mutvfY5cxii4ZhOU2g/cXJ7 e7TQdMYIn+8QsVxvX1R98LmmXODniezf6Ax19dz1uZtfIEr/ApE10hUY6PzFx99/hCgrD2P6 unXN98iq7Klo3432Vd0grB8dsKP9H2gv6O6J3jiXrU5D+3dopwWCXu1quhpo1msobD3ajaHt 2QutaL+Jttqr9ejvfSbrh0TZc4nKY6FgJOqjBUmiaw6J/lBYD/1lUefraD9q6sBIqo8VEbPJ 9v/nH+tHABvJCZjLD1E+UfIlwCuAX41em3zTuodco7uT5/k0MD9iAlER3UOHaQFdYEvpKTpN 19IDVEtNdIjW0Rk6TlNpgH2bLOSienqIipiTFGqgWcxK99JP6HoK08/pPBVTI73IciHHQyGa SauTv0bZSHckT4Arg+roy3SSBdh2qgC+XillJZj5YPI0zaLi5HeTz6P1Wfo5W5AcovXAfkE5 tIj20b9RLu2mZ5IiShZQBz3I9rJfUwG10wHLcstgcg+C6jF6jjUC20QD1ufTH6MARn2ezWKn k+eSv6SvWRjpkPSvdAc0TtBppZzXWY+QSgvpPbSZNPS+n37CprGl3J1clFybvBfUB+lVpUT5 FrdDjxLaQG10F90Pa/yIXqHXWSZbwT7LjuF6lv3B+jx0a6QY3YS99VlY70F6mE6wpWypMkuZ BWvNosW0A30H6SjmH6azrJG1stPs6/yotXJ0TXJ6ckbyl8kkLaEWaHiYvo45XmOV4MEMvJBH LfMtUWvVW7dghT76DJ2lZ6HHi7D76/RXtgTXS8oHlH3J65IPJX8OXdLISatoK+2iIPVRP30O Xn2KvkF/Yn9X0sF5xvJN603WC8mPwrYLaS103wLu7ZB9AF5K0AiuH2GVOUzFKlaxzWwb62IH 2T1shP2E/USxKQXKDcpveJx/m79gucpqTVZD0kyaj3lddB11wwMfgLU/ivU+RN+kp9kMtpCV YUU/wvg3lKuVelyfV84oL/Lb+EHLm9YPjZ4f/e3o35ODZEeUrYMdYvQlWOGPbCZ0WMx2swh7 GZrfrTzKp/Js7uIreC1v5q38Dn6I/wf/niVsOWb5qXWDVbMes2ujvaPPJhuTHySRFWzQaxGV 0nJaifjpRDTtgX4hXGHaS7fQIH0E8fJROkLHsO5T9DQ9Rz+j38EDxAqgsx+z9yDqbmMfwXUv e5h9nX2TPc1eYm+ISynEVaxcpaxR6pQGpUu5Ddch5azyI+VXfC738n18P677+OP8JxayWCxJ axWu9dYD1gdt37YX29fbO9K+8+bv31ryVutbL47S6JzR947eM/r10V8mdyYHoH8RlVE5NL0d Wt6LGDyK60uIxMfpW8jdP5a6vsoUZkXE5zEXoqEUXlvD1rENuDaxrbh24LqO7cKlsQ7WjWsf 28/+ld3KPsjuYh+X1yextqPsi+xxXF9hJ3E9x86xX7DfsFcVBLHCEc1FyiKlQlmNldYp65Qt yjZcXUoQV0gJK33w0IPKsHJC+RGfxot4Gdf4Dfxe/mX+FP8h/5tFsZRaKiw1lp2WLsutljOW Zy3PW/5udVo91m7rfdanbPm25bYdtt22T9qO235le9NuszfZO+x77T+0J9OKkK3+Het+bFLK q7CdYRHrdMuNyjnsizwest7OdsBiNqWZB/hH+PetnewCV9lP2SD38z3Jz/MG5a88yHYqp1gh d1qreSfdSUl2THlJeU35pWUGa1Z+zYot/8a+ogR5nWKTefUHlhmWW62/IlJ+TNXKzey08k1+ K781+VWqtt7HzlnvU54l1XJemUbnsKtvVz6BQd9T/MoBarEst/6d/LD7F603wt7XKHewJfyH lvvo59yl/JldYPcga3yXXWtZoLxPWc2OIeO+xebT79kNFGIfJzd7gv2MjRBjD/EH2UZlCrwV VxxsJQ677/IC9kOeQa1CR7ZQmcGalAvKDv6k7SxfgaP9LH2fbmKcVSJ2Up9R6sUOOKQsQk7z IJv8gFVRHn0C+f610SdFxrY+bz2AOLufl9I2qqR/Ub5N1dgbP8fVQh+iKjqJGLyDKpVP0t7k fuZD3t+E/KnQCNtNFSwT2XIWdNuH82KmUohc2IZZ/4r8/wyyfiP7A/UzFTvrNBVbRM+dFg8y Uzvy7wFcPvoXtD5DH7U9Zv0BbWGziCzq6H2I8hfofThzXsb8c6gG+u2i+y2l0FpFZr4BIz4z up7cuD5E32YK3Qydr8E+b7KsR+a9J7kbK/TjjNqIM/Fp8ic/QXXw3bbkrckD1Ja8P3k9ddH2 5EPIv33JBF1Ft1tblZ3WEsty5Nin2TdwHv1vdgB5ez39FPmoiOXRb3B9GRpdY32CBi0/Ru5c k7wz+RzNgD0KYaEOnKKvUA/9AXZbz0/TstHNylCygYdwQp2jrckHk06WQd3JADLvk3TUbkXu 2U/zrUfdbveaa95Tc3X16lUrr1qxfFnV0sqK8rLSkiWLixctLFrgKixQnfPnzc2fMztv1szp 03JzsrOmOqZkZqSn2W1WC1cYlXpcDe1qfGF73LLQtX59mWi7NBC0CYT2uApSw2SeuNou2dTJ nG5wdl7E6TY43WOcLFutoZqyUtXjUuPfrXepI2zX1hbgd9W7WtX47yW+SeJ3S9wBvKAAA1RP Xne9Gmftqife0Nc96Gmvh7ihzIw6V52eUVZKQxmZQDOBxWe5QkNs1jVMIsosT/WQQmkOKBWf 46r3xGe76oUGcV7k0Xzxpq0tnvr8goLWstI4q/O6OuLkWhvPKpEsVCenidvq4nY5jeoXq6ED 6lDp6cE7R7Kpo71kis/l065viXOtVcyRU4J56+Ozbnolb7wJ4bl1LbdP7M3ng548vyqag4O3 q/EjW1sm9haIsrUVMuJKUUP7YAMmvhMmbNyuYi7lttaWOLsNE6piHWJNxup0l0dQ2ner8XTX Wlf34O52OGbOYJy2DRQk5sxxn0iepzkedbC5xVUQX5PvatXq5w5Np8FtA8Oz3ersyT1lpUPZ OYZZh6ZmmcgUx0REH+uTmGQXWOO2MbsyoZFrA8IhrnpVaNLiwppWiUJfRYPeVWDDp5VhVNwH f/jj6XXtg9nVoGeL8XFrUbZLHXyd4H/X7383maKZFFtR9uskUBElY4GG/hQeLymJL1kiAsRe B49Cx2tke0VZad+IEneFslVUMB81wbZaa3UFjF9QINx7YMRNHWjE929tMdoqdeQnyF1R0hpX 2kXP6VTPjB2iZ3+qZ2x4uwtx/Kh8/pgRT1s49peVPXOap7s6zma+Q7du9DdudzVu3dWiegbb Tds2Nk9qGf2rxvpMjBkdMHjcUgRLbXAh9LbtahEE/FmLGlwef/t6bDXoGJ9W18LzlVYDU/K5 FIX4vX5Msmi0TBGyLEU2Gf++EXsaAlhSmNoQz25fb5StGQUF73LQSPKCGCWr8WHmmuLVJZPb V09qT1JvyiCHwpaFSmPzrsHBjEl9DUhWg4MNLrVhsH1QG0nu73Cp2a7BE7yFtwyGPO0p948k Tx7Ijzfc2YpFdLPqMhzrwjdWXHgyttOmIYU9oXwN94125VSCrJYR5WuPcsqwC+QxRrPTbNZT 6FeIs8WUzvaw91FeSfYbNW/VbM5+rWbTWzW0Bnj2myiWVhbkFOQUoWA4Ed9U+ek33Vb6O+4W TpPxxKo8+7vnPv1Ma1tWzetps9PkIf25l+c9Nem5TmiGB/GxJ1zU9oJRD+60aZwy6aPYVrO5 ioEbj91yLjwZGESFsvEcVgvZ38WzNJfUdXwXCQsY9wlk4gx3z6MmrtBUNtfEOYXZEhO30Hz2 GRO3Uh47aeI2KmTfN3E7Pc9eM/E0Wqh8x8TT6UPKqyaeYd3JbzTxTAqnfc/Ep1BnutvEHbZH 0x8w8al0ffausbXvy37cxBll5awwcYXsOfUmzml1TqOJW8DzQRO30pScj5m4jXJyDpu4nQI5 cRNPo2m5c008nepyK0w8QzmWGzbxTFo9Y97YtxLLZuw0cQffNePDJj6VyvNehibMIqw+ZXaO xK3CI7PnSdwm6WUSt0v6aomnSXyDxNOFj2a3mjh8NOc6E4eP5sRMHD6ac6uJw0dzXjdx+Ch/ monDR/klJg4f5W8ycfhobpGJw0dzG00cPpr7rInDR4WLTBw+KrzXxOGjwqSJw0eLhyWeIda1 JEvimWItS/IlPkXSDR2mSnylxLPFWpbUSXwa8NwlWyU+XfJ4JT5DyglKfKak75P4bDn2gMTz JY+h2zzJ80WJOyX+mMQXSP6vS3yJxM9IvEziPxN4mqH/byVuzPUXgU+R9BIucbmWErnGLBE/ VJJPzTSAZ00d990aeVGr9EVAM56SBb4Jz+i9gKjJpeI+OYgn05AsNdD9kkMFJYDx5cDqJV37 v5RUMaaZivvXIGixMZ6IvLPuNedbSqtxVeI51MCqJLUWIwKot2FMF3SIylHbIC8CCFMfSh/m 8OM+WJd9m1H3S54gaBrkC+4uzBtAK3zJCqr/wWj1ovHVtFPOHBlbqdB0FUpVPqf4sZ4weiKA Tsyy+B/Ifztp46OMMeMjmmDJTeh/Z7lfll4TPvGhr0fqvgc0odV/358qqMIafswalZoL+6to C56oKXUHNFShpxgvvgET821CuQVzd0q/Cg3FOB1SI1L3blNa+WV0MmIoiHmFTiHwDrwtly5j V/D1S626xub1mzujTMZiVOoQAGXAtENYrkpILQVlp+SPSrqKpzphP2HJXrkmEaPLpJe65SjD Likra3g2C8i5opfsS6FHWFpPlWsRvdpFdkxJT7VT3proccOPG6W+PtNHvdKSEcjUpNywXEmn uYZ+qasXpZAblRRNyvJJmWKH9Uo9hIfE3hQ83SZPBDugQ/rqBmCGHQLSdh1oeWXc6VKvXrPu nBAR/VKHAGQLWT1yf0RNqV5pmQiuTrnL1Ak+9UrLaBNyhqFbyiKG17qknTQ51jfJ9xE5txFZ qvSPT2IxaTVd2uWdY2GRaSG/lOGdsCM6JPc7x4mxAy7130QLGzbqNTXtHaOJLBKTWU81M5FO N8pd1yu91Sdl+s19aNjIoIXk2JRVjSjqk9m3b2xPCFuHzbnDYx7aMxZzF+8vww7vbo8Zq1sr I8eI6+CY/kZcGnboNfP5ZIsbMeeT3jeiOyYtbEiKybUbczZJWUJiFHRtQl5pktm6V9rE2M/+ SdFs5MgBqVlAjojIlQbMqOuWftTMecNmvhOri0jPxybtH6Gt2HEpHUU0qDIqDX+IdXtlrguM eThg5tEOQEBqN2CuOCZzrSGpX/Z0S2lBXEbO9Jq+6cEYw9bXgc8nZxgwbTQxn3TIsXtMXQ0L CQt0AW6SPCJSJuYKEevGGRA1e4KTcqhPxldskhdTkjWZ04MTpPmk/ULSJwOTOH3SQmFp25Rf y+U5HwV/Ne4fKmADcZXLrDExIsvNrFMh+XsgvQJlVGYCoZdoRahNyjZ2nZEfw2NnZPnYyP/Z GfulJ1I5cXyWzdglzdj1DYA63NsIfAuoYvc0yOwh6B5QtqMUdz/rcKJ75LeogtpMDsqQMH7u XHrCpOjdE3JByLTywFhmfnen7Liv/KaXjdhKZb8BGa+pOb3yXdD4XcHELJvSx9hPPRPOME3u BiOyek3pmtRCl2eqEWEizlvN2cTu7DPzf4fM3n7z5DLmeTvLpO7J+s0TV+wl/4QcODHLGzup 04yWy9kraK5LWEyflElTe/bS+XxmJgnLnR8byxgdpmcmnp2Xz8CTLWWcJZdGxaUz+809qsJy mrwPH79L0eQ5ocu8dPm5hfV3mGekcaYMXOILw0+T7wmNTKhJjULSsn4zi7wbn6tmLKbyeNeE eUXu8ElLG+excfqHJzwnlI5xhyfE7fh9yTtbKiCzhv+inD4uL3VeRmT8jd8VpHLeOGcQvMYd dExaXMjvHluPodfE6O4xs6Rhf2NXhcz4GM+mk2PonVY0Hh8b5Nov9VzqLDTu7CITVmOcNF7p 1d6LfBC+yN7jksX6gvJezmeeJeK+w3hCSeWBd+P9lDxjT+rmeTr5XEzJu9SPhrWMFUTNs/xy +zjlMe0iW3f+U9qOW/nSGbzm/VuH2ZqokW6ehFGcPSkJ4vlJvHcSTyrFeBoUb5UXA1+JJ4NV oFaCUolLfGuygxpNzkr0LkXPchNfiWeIlXLUVbQCTxQChPR/7qz775+Mqb6Ki6w3dh42D4T0 Ts2rq19Um7t1dVOwNxgFSa0LhkPBsBb1B3vVUMBbrtZrUe0fMFUIYer2YCAmKBF1Qy/GLV29 urIMRVW5WhsIqNv8Xd3RiLpNj+jhPt3X7O/RI+pmvV/dFuzRerfpXbGAFk5NUH1Rt2r2V+/U wxExaVX5qiq1eJPfGw5Ggp3RxRfxT2STXeiRHU3bNzVfxPuQ2hzWfHqPFt6jBjvfcZ1qWO/y R6J6WPep/l41CtYd29UmLaouVJs3qVs6O8tVrden6oGI3t8NtvIxSbBQsCushboHJpJ0tT6s 9ft7u8RYP5xRpm6Par0BfQA6hP2RYG+putPvjQbD6kYt7NN7ozDrsqrmbn8EugiVtY6ArkZT vuz0hyNRVQuFdM3UUbCLWizLWDjWuDHY68OKevX+SEgL6eFStRMz9Hf7vd2qP6r2axHVp0f8 Xb26r1xVN0TVblAisY6IfkMMOgQG1A7dG+zR1WCvLuQJQ/QHwwFfRO0JQoFIzOvVI5HOWECq pnrDurRhBNKEIlhal79XC6g+Y/URtR/GUnvgBjXW69PDF1thERTyh3WvdETHwMU2gQPG1mco DI16IbRXYOFgrKsbflH1G6N6b8Tfp2ORuvAqsFA4KFSFifqCgT7hic5YGKPDYkF7hOVS/oIO l/EYplurRWDroJAPW0KHXsS5qTgs51O9MHfMGwVTLCJGNunhkB6NaTJWmgJab9QPP/sNMyMi B9RgwKdGogNwrbdbC2sYC2lRvzeidsQM/2g+LSQkRoNql1iHfqNXDwTEggOI0Q5/wB8dwMSx UABM/f5ot9oVDCIyoUuwZwBaX+f36XBkLGLESUcwuCciFerRurSb/L16xIiKsI4dEEUjaESo L+iNGUsUzFogEpRsPn8kFNAGDKKvTw9H/WKt5d3RaKi6oqK/v7+8xzRkOUKnojvaE6joiYp/ FVjRE2mLCtchHsNiR5aLznc5sF8PiEiUQzZvad7QsKGutnnDls3qlgZ144Y6z+btHrV23TaP Z5Nnc7Mjw5Eh987YhhF4t4wCuA4WQzBfZsvKVfmxZFhLhN9AMCZGeoN9MhUYISvkwE89codp agDG6gW71hXWdWGwcrUVw7o1OCvYEdVgYXhvkjIik/Vj46q6X0agEfJwUifMMq4XrB0NdulG kArPjo2DE6JhP0IEoqGmuTsnBLCpFHbJmCnGBgPX1D4tEJMpRYtE9OjE0eXqDuxI7JSB1Cqw JjMTIgg1NRLSvX6EyKUrV2FFEeNdcqzm8/nFPsb2D8szoVSQw9K2MpdcpFTA3+M3I13yiX0Z iRo5WUSeJAb7kaBjHQF/pFvMA1mGuXsQktAfrgoNqEaYmhaaPJG0x4bO8cWJXYhkF5HTYNN4 9XCvuYKwqbdkjnQHY9isYb3PjwNFxMClyxd88KSOfWruRcE3tkaohQmi2OXjPhYL00ytOy8v Vqo8NsCL/NahpwRhHi1aLRh2bK/FoVK8avnKxerKpavKKpdXVqan72gEsXLp0uXLUa5ctlJd edWK1StWOzLeZte942YUrQpTPbkP8bAclI+Z4rFAPCQOMAduPXbjFuTX8sYl1Zf68s9nfHHH P8WH+Ff5KcAJfpI/fOXFypUXK1derFx5sUJXXqxcebFy5cXKlRcrV16sXHmxcuXFypUXK1de rFx5sXLlxcqVFyv/T75YmfTtxziuSf7L9b100Rh90vcixp335WUGZIRPaFvmW5ZaGi3rLO9B uXrSDCIHv52UzXLPiNxjrL6bxdn9nOS+qAVXWJ55Qqe3l3B5fOzfm1OyAOIv8zmRPM1fGvZ4 qtwjqEvKZZ0oXlwlOxJz5lZ9lb+kPIxzwgnCucTMfNnzYmLtWhO5apWBDC8pqzpXm8FfpD8C FP4iP4c4k6OGi8urLtQ6QGD8A5TFGDnpCP8ZxQEKuflPhxcsrDp8in8H/c/wp6GpGPZ0wpFT BYH/zr9CueTkj/PHzJ7HhqfmVFFthN9FjE6jPAs4D7gAsFCQP0j7AAcBxwEWykLpBFQAtggK P8aPQc+j4p+yo6wABAEHARZq5l8CfY8o+UN8NxVi7J38EM1AfYB/TNZfQD0H9edAn4/6frRF fdhsfxq16P+USb8X7ZmoP2nWnwA9H/U98ofkTv5xs93HY3Jc1KyP8EhivjO7dj76VUAlgAM7 BOwQTHdIOBgl47fygJxpCHUV6h6jhrluThS4pI9uHp41u+oITHozTH8zLHczLHczWdC1N8Wz 1+Ap43vBsxc8e8GzF1ap5BHMFxE/ZUCZDVABHHaPwO6CHkd5GnBW0j+I8m7AEdHi/bDjYmj1 Yb47UexEkHUNr3ZXrXmCd8LUbt45PHte1cHxVnqGCETUU806S/DqslcfTp8iqPrwnHlGDa49 tVO5l94PUGg6ygWA5YB6gIV7EwsqnCf5ZupJI/dU5z5lH99n2We1VNaz3FO8iprSCCGZy8uo BgyLnW01bGV7eih9fzrPTlfTK9Pd6U3p1iDfxw9y7uQVfA3fwtu4dSR5OmGvXobKvc5Wvezu zCOZ8czTmWczrXHbadtZ23nbBZtVtVXa3LYmW7stZNtvu9t2xJZ+t+1uu9KeGcrcn8mzM9XM ykx3ZlOm1WlnR2pv4x3ipwwoswEhwN0AC2zcBrrK3wdogzfaYIr3gU4oCa1swFng51Fb0coC Xxb4skDNAjVL/v4mS/Y0AdoBIbPXNtaTGiP4L4gewCL0TgVV/HjgPMoLAgNci5YDLQdaDnCd Vd6EhtkoVUATgEvaeQCiBmWqr9LsbwfYZP8FyZPqc4uxyptubdHpxSy+mB1ZzO5ezNw1a2qr 3IUocnNz21xtRW3FbUctQVewKFgcPGrZ4tpStKV4y1HLGteaojXFa45aKlwVRRXFFUctTpez yFnsPGo5uPH4xlMbz2y0tG0Mbty3ka+E64YTJZVVsi4sEvVjidlzqlZm1b5HOY7ltKE8DDgH 4JSF0gmoAKwBBAFW5bikPgLqI6A+QlsAbQArRj0iUgxKp9kn6Idln8BEvzKpn2PxDyeql22p 3Yi02wY4DOCQ/TD6H5bcBnZc0uMoz0v6FpP/iKQLLicgNU4kwV0y3e3CNtxFawBtgBDASmf4 dXQOAOkonYAQ4DjAwnfhuo5fpzyC62HlYV7qdiyd4aSZM3F85OakZddmK1MQCw72kCw/KcsP y3KNLBe4p17reONax9eudXzoWsciIEoxDjYHOyTLAndmrePRWseWWsfiWgekzaICcigzZGkT JfutLDfLstQ9vcDxtwLHnwscfypwfLbAcUOB4z0FYtxc7GGHMl2WmaJk98jyWlkudGc6Hd9y Oq5zOlY6HbUOdh/D7LRWlvNlmS9K9uqjWfVZlP4Ee5XqIYklahY7RxSSFUsmampRjSZq1qF6 K1FzH6r/TNR8zPkk+xuTRxt7I7HgFWftDPYa22AR7T+b9Z/YBjqG+gLqLtQPUA0rQv2FRM0t gv/zGP8ptD9HhWmC/35qkuMOsw2S/llz3GcSpR2Y9dOJ0gHM+ikqlbN+IlH6CqgfS5R+GNVH E6UBVAcTRULB3YmaJc7aHNZFCxTB66UiRWiy0ZxxPSQHUK8zBnsSpWJUvZhghNUlXEtRLRJa Pslc1CSncyZccpHzyCVFzCWXVDqfimQ9lWVJ5R1UKOu0hOsWSLE9WvSK8y81T4iF0+ssK3Gf 8+Unsb6daP4ftiFxzPnsCWGuhPNM6Qgretz5PdcTzm8uGGE7E87TpSNp6DhVOqKwx5xDMHIc vAp73Hm8tMv5iEv2HnWhF64+XFPm/LRrl/PeIrQTzltKnxRqUA9WvBPdraXXODfWHHM2FI0w dLtrMJk7w1ntCjtXg7xqhG0YPuZcumBEqFIJGccedy7BjAtdUpUdK08qK8jOYu5Se9TeYd9p 32q/2r7MXmZX7fPsc+3T03LTstOmpk1Jy0hLS7OlWdKUNEqbPpI87y4Rv5+bbsuW/3WGRZQW iWcrolSMnxIqLE3B3olP441K4/a1LJ7bSI3Na+MrSxpH7Mlt8VUljfG0pve2DDH2kVa04sod I4yaWxCggnRbvvjR9AlirOK2u/JFvfe2u1pbWWP8tJcaO9T4G9uxjoytu+JW19o8mtm3Jm9N 7jU5qxvqL1O0m2XJ+CevZOInb178nsbtLfEvzWuNVwkkOa+1Mb5O/Nz6hHKDEvTUn1BCompt OcFuUm7wbBN0dlN96xgbFSohsFGNqATbMBUKNipkw5Jto2RDmBZ66ocKCw2mp9gGwYTweUoy dRmyFmAKyGoSFdiU+bRAylqgzBdsiAdDWNZEYVOIZUlhWVNICpsrmIaKisBSWiRYhlYWgWGo aKXsPjbe7Soy1GmlIjlPEWuV8zA2zlNs8CAKTB4lDTwl/5Mffe0/wcyGtRd8XvGj93aXRwe0 xw/0defF93eo6pDvBfPX8AvbO7zdotb0+AsuvT7uc9WrQ5r3Mt1e0a256ofI62luGfK69fqE 5tY8Lq2+dfiBfXWNk+b68NhcdfsuI2yfEFYn5nqg8TLdjaL7ATFXo5irUcz1gPsBOVfjtrWs sallKI3WttZdb9TDSmYG9kN7fkHr2pnZoWvk5ri6IO8D+ScthGMrs6Q1PsW1Nu4AiK6y2rJa 0YXdKbqmiv/WwOzK+8DVBfkn2UNmVzbIOa61VEJ5Hn/92F8kEokKiMVKUEZjeZIWxaYt2N4Y bxA/wq6J13ji7vb6VibcETM/dS3u7FM1Z2qUYM2+moM1h2uO11hjsVaQc08VnilU2gqDhfsK DxYeLjxeaBMd17c87q45XPjHQh5DNLEoPp56OWcMNf5EMxqLiA9hggjAmK4kVlLXUltIXtz1 Mtyhl9E0gAuwDLAdYKX/hfIHgJcBfwZY6FaUHwN8HjAsKLyMl3ny/PVixtYSkXTyeNVw5Yqq VSOotU6j3r7LqD2bjbqmtioPdWLNsozaLNyAMzqJ8hnATwG/AfwnwMqreJUUHjOitjVCkRIG 9QmNqCgiJVFWAoQJc0cjJSUkQAQ4PADWEjY57olFYgRTwCGowCSpETEsJurU578Ac4A+Hgpl bmRzdHJlYW0KZW5kb2JqCgoyOCAwIG9iago4NTA0CmVuZG9iagoKMjkgMCBvYmoKPDwvVHlw ZS9Gb250RGVzY3JpcHRvci9Gb250TmFtZS9EQUFBQUErVGltZXNOZXdSb21hblBTTVQKL0Zs YWdzIDQKL0ZvbnRCQm94Wy01NjggLTMwNiAyMDI3IDEwMDZdL0l0YWxpY0FuZ2xlIDAKL0Fz Y2VudCA4OTEKL0Rlc2NlbnQgLTIxNgovQ2FwSGVpZ2h0IDEwMDYKL1N0ZW1WIDgwCi9Gb250 RmlsZTIgMjcgMCBSPj4KZW5kb2JqCgozMCAwIG9iago8PC9MZW5ndGggMjIxL0ZpbHRlci9G bGF0ZURlY29kZT4+CnN0cmVhbQp4nF2QQU/EIBCF7/yKOe4eNtCemyZmzSY96BqrP4DCtJLY gUzpof/eKVZNPEDyeO+DN+hr99hRyPqFo+sxwxjIMy5xZYcw4BRIVTX44PKhyu5mm5QWtt+W jHNHY2wapV/FWzJvcHrwccCz0nf2yIEmOL1fe9H9mtInzkgZjGpb8DjKPU82PdsZdaEunRc7 5O0iyF/gbUsIddHVdxUXPS7JOmRLE6rGmBaa261VSP6fdxDD6D4sS7KSpDG1KdnjdKf2sX7a gFuZpUmZvVTYHw+Ev9+TYtqpsr4AfVltdQplbmRzdHJlYW0KZW5kb2JqCgozMSAwIG9iago8 PC9UeXBlL0ZvbnQvU3VidHlwZS9UcnVlVHlwZS9CYXNlRm9udC9EQUFBQUErVGltZXNOZXdS b21hblBTTVQKL0ZpcnN0Q2hhciAwCi9MYXN0Q2hhciAxCi9XaWR0aHNbNzc3IDI1MCBdCi9G b250RGVzY3JpcHRvciAyOSAwIFIKL1RvVW5pY29kZSAzMCAwIFIKPj4KZW5kb2JqCgozMiAw IG9iago8PC9MZW5ndGggMzMgMCBSL0ZpbHRlci9GbGF0ZURlY29kZS9MZW5ndGgxIDIzNTA4 Pj4Kc3RyZWFtCnic7XwLYFPV/f8599ybx02TJm3T0ld6WygFCW0pLwsiKW0ohdLWNkBBqk2b tA22SUxSaocIuLebc44NER88ZOgcIqI/RUCHypyiTp3gHuicG+63n6vMnz9F7crl9z3n3jRp KYj4/D96zb3nnsf38fk+zvce3SKhbi9KQGsRQY7WLnfQv6i2BSH0PEI4qXVlRNJP2/shtP+C EOdqC7Z3nQqghQjxU2DOzvbO3rYNjw0chncYNw90eN2eu/7+wQSErK/B+LQO6LhY9msRSk2B 9zEdXZFrFidNi8D7xfC+ojPQ6j44nSuG9+3wfnGX+5qgTTdBgHe6XvK7u7xZ78xtgvcBhGaZ goFwZBladxohVwIdD4a8wcs3t/TDux0h7d3Qh+GifzCONfSdI7yg0er0oiHBaEo0W5KSU6yp aaPSM9D/G3+4DU/GbegA+i9oz0LbUD/JQRxcbdBLnzuxC/XBeAvMXMd/G7vg2cVvRxyMr+Ff ABIcnoxa0NXQyue34wNoH3oLVq/DNwrzhGV0NmNEaZ0UnsLvCqVcKWrku/hZ/B5+Hb8HZnTz bfw6tBvupdzL/O38Kv5FfhVqpJLhavqjcqBNeD4ejTZxm3AFTscV3AvoCSb/bLwJzxSeE55D R9FRXAczd6IeTsS/we/hItyI98Cqk+gkzoG3qdxUfAL/J0i8Eb1MGgURbUI34SR4O4BeALnf Qu+hMA9U0U3CUW6CcBQ9hd5Ev4d+8EfMwT2bTBSOwvUuugetAGTexJxwVJOizeXbuI9QH/4m t4P7CI/GHFxJOAfQvIK8wDfzv+G/D6OADrjcZJJD5sB9OZ0hHMWbQIo3NW24F+bRaxXw6eOe 4vaCjo+j10Ev4M4t51Zxm9DreBfeBxIj9G28i2/WtvCZaJNmE9+ITlBs0MvcC4BHHcPjB+gH mknoJK9B75Jq3MzfQxFD+cITEAa52vmaJLQBz9d+EzRBZDpahWgUPouR8IRywSydJhtt4AvI nSA7x62O4oZ70QtcKWlBt7NrPd6L1qO9KIyABBn7iFYj8ITDyC6Zd3P5VZ7djssapWeW5k60 D3uVzFppN6rbbeyV9p4+XdfIZwpLdwtZu0m+bjefP/rNsw2+OdG+oK5R2ovHOStUss7mCuhs aIQmfYNu6HdWsDHKdbeQD/9UNe+WWjukG8w3jJ5xg9k7YyL1dHkD3yZshwynRTkHEI/HAgwa PPZhrBO+z/Go6NCRvknIfKTvSF9xsiXXkp9ryW3j0UCYZA68JW/Qmj56L6QZz4IJvAgJJ8Fr 9OhaR7Z2GvWCaRqtJl/LEfSETtBgLTeJ105CRDQPAD1LaekkVHRJX0lpaTHIrjXz79Df0rw9 iVqMmhxTRA0ypGsuxpV4vmYxXqqpM7TjDk2zYR9+WGNK5zK0l3KTtVVcLefQLuKWads4n9bQ hJuSczEISm8H8C4uB3fJ9afelNcLRwcQj/ongPBqTLad/pumDXzZgNJQiSNZsysJ7Uq4PWnj KP3ExOlkonXCKJBzgKp//P0+84lihwGlpyWb04vSZ6cLuAnncdaUpMklSVOncERCFjPKZXfS tvvJJ3c/8OSTD+AOvFHukDfKt8rt+Fb+j/JA3z/lAcz/sw/zOE32yD+TN8gefDtega/CtzOZ AEMNAgx1KAt911GSmcFlpWenpqWOyk5LS81PTxWT0S69ZlfCjWliavIoYs5K1yDeqCWpaWa9 NtVAskHkkiOHANy0UksaA/h9wLo0KQqy8A79wRDgPCoL4yZHTuaozPSMjMzMjKxp1mmpTqsz dbF1cWqdzWv1pjbbEptwybSpU8ZOwOkcwCrx1hSN1obTknNJIR7NvdHr8/Vuk9dw1bgAJ9/0 49rVjpfltoenX30Fmb2sva1RXiefPPWccPTpV3/6+MSkNevkRhwO1g/qWsp0TUOFDis6qL8R H0zVcakiEiaaC1GqnigWAE9hvtL3fl/xnrp0EBpbJjOhRmMQKC01yZrCaTX8eMzNuqHv44/e OfUB3gDJemGPr63Nd428G64V/J6Bq99+48//wKPdEa/80d2/kD/0RtzMb0//TXgK5LCgyY40 i0EHbi8cNG3UoxuTdKliKU5FJGnQE0re7wPwih92JAeTNycT6m6WlFQqDTid4gIH8Lre79/Q i9fJT8r75P3yk+B66x7dvPlRsmZgnfyUfBhPg90GQ6ZGQhLkuzQ01THKCIlXPJb0kvWw+UET 5oyo0mI0JpopAMCS2vH4+8cZEsUPNaevTecoCLlTLVPGFoAZ8jRW6vPWS/HkklQhSd5oNFvn FQbXyptw22UP+598lrv31OIAvu1mf8bogvtuPfVHvnl7S9MJJQ4aQX+RpxkwE5U7cpH1D1j/ vO6IsDkB/37U5qTDCRuzMq2czmpEFZwxcWYWiPR+3yFLUqkSGcfN8vsnzCdArqLs2dlULmuu DeSYNt1iwqOjgSGAsfI0WkEc2G+8/YdXv7N6jbxGfkm+Hy/AeViHZ8k/7mnuuN7MTW677rry CrmveBKeitNgj5ghP7m+bXW3X8kxmZCttwt3omTU5cgwCbpEstWCH9RtRaLOoOf0PDKak0yu FPPAgt2JrgW7za7LF+y20FuS6/LGR5EJOS5eesmhgUsOHUpiLnWo733IQABrMXaMmo1mJ9Ot miSaEy11XB2pszZzzUTfhJpYSgFDz4RG3tipltGWyRZuMr5avunS5XvlF448sGePcKf85Gkk 59dMP40eOIKPwQ5y6SC+BYAvzTMTIc9sTUJbEw7TPDMnsZrMsc4clmcenp48O72S+hYGuyrO NWVsfIrhnuhZvbqn+9pru3EudoKLvSH/WX4UV5JVv9y69Zf0h5H8jNwH1zP4YpwC18UKfuBz pA9ksaDpjlSLSa/RInLQ8FPTYf2DWlFjRDpzEsUu2QVg6U4fvHjpob4SgAl8b+CQpRRsXoyH u1sa6StqKrrhZ9TXnA+uTrpoHClKtT7w81MDfPNev5cIFIPlgIFJk4LMkNcudmSmbUUvmSxb hZd0G02H8V0kBQzHOTLmGGZmM+8qoUz7qMebj58ofqjW1mxTHB5cHpwqj4IArImSBBhKZAeG VDt/T/eL8kksvhh5cFu4tzcc6u0lB7jGj/u2tS7HVZjAVdU08Ow9W7bcQ3/MPoAJlwSy0T1w vMOkeR09yN/FCRhC0qwzD1zCEKC5x6Gv0zfrg/q1ep7FPbt24jaqubyJb/73Fk2K/BrDGWzO TwWc0wHnDPQ8PsKbnjceEbda+K1phy0bM7RzjChlZoZ54FBJ1PA0ij4AZa/MXJPJlFWAZvaP C6WSVH5q1fraDXffvcF1i8N13xL5ZflevBgXNf6SnyW/VlJ8/x133F8yST6Wk4OnYytc03MU 2xeA7W8EPZPRZY4ss4ATdFs1eDO6y6R5UOSStUirF4xGZ6Ihxfzagt1GiB4TixkDi5m+WMwc LxkANy1JYkEjrNWu1XEQ8yBrNlYwgeCYOmXaZHLj09WX4BL5t/KmPXuef1WT8s/pFTWn0cAW 0oxRzSP3q7HB/xpwElE+usNxkV6D0nMM6HdpL2o2m16ySM/nPJe1eTQAloBGp5FRRr3RMCuH GFNmjgU3OUT9xKJsDcffHwAI/37i5AnY6qibOqqLCmZJs3JnFyyUFuY2SU25fsmfe510XW6w 4IfSD3PvkO7IvU+6L/cx6bFca4mtOKfc5shpsNXltNqac75tW5uz3vbjnG22LTl7bLtzzE1x sTgL56teOHbqlDG5kxUP1FogGCSe2xa8+vLLvDdgn3zLvIfW7fojTsR5r3znR+GnF4X/EYEi 3Ig/qp5fsfDmrvHfPbVuR1vTc9t+vTdrUW1hIbZkZf+L2WkFYNICmBSg1xwOYwJnMkyz5djY l5rAi9Nycmz5osGWw1uZX6U8bz0yarOF35wPMI2ziYacTC1qyKw3pWjr8haOozgd6TsOkDCg FE/7gHpaUppaEphoOaA+oCrQGWhVcIVerxf1BkOCwahPFEZnJGQYM0yjEu26Qn2hWGgoTCg0 jpdKdTP1M8WZhhkJM4wL9PPF+Yb5CfOMPQk9xn26ffp94j7DvoR9xnyTxqQ16Ux6k2g0TDfO Hn/leCWlRh08B/Op1hQeEmuBhe0cAGkR5BnqRODuaeFXr2xrXeCejZMflz+S+wPvrL7qzYhv RVXX7H8dfH+g9U/g9+8WF0+eOqHQoB+95ZcPPjR6NDZPmTKjtLjIqLNt+/menTaK6xbIQRq+ GWJypiMzkSCccCzlpbSNZvxgkoZDyYlGSyXsu+YMJQOx/Q18PbbrZq6lcQlVMFQbIHWaIupg Thq7BXdwJktqJey7NB9c9h9dTz6HH+J2Bi+X3yn8bk/m6LE7b+XG/3vLNrbzqvs/xOPw/f+u kff/vk/e/y2fsP/fuj66/2tSTt2jFAAcWgV18Haog8eiYjzNsTQBGw2Jep2YqNPr7BMLi/gJ xYkYo3F4fEEiSJ1fXKDDPG+YqE9BvO3m7IlbTbmbs+/MuN20kdcXXITG4GydwBuKx2SnXDTG mJ3GY0GfdpHRkjCJueKRPvPTJ1iI0h80ShnOTx8/+XcoIswnLKzfMpJvsuI1WrvqCug3wrc0 KJEk8np9omgy6AsMxakIvjr5dH22mG3IKs5HRWKRIX/sbHG2waFdIC4wLChaULwML+MWaZeJ ywyLxi0vXF7cWHJliQf5uHZts9Yn+gyesWtL7HqDWJBuyCi4yFBqmJpVnF1sm5rj4OYbqgqq xi3BS7jlhssL2mFJp8EKyUGPL8XTczWcFucWsEwNrjs96sBpg45OTFjN5yQH3zp1uoCnJwZa cb7c2OL7x/Xyx/L+m7ZdNE5+5fJfX3XFPXULF026pWzOvT3lkRLyhnzp3F3+h+XjV8mPd82t wNZjP3lzxdQVM+46lJ0tv11cOHNa3hL5laKeyvC28eOVbzH+TahpDajYkcIf1DzOHUQ36g6K YAz4WEAkQflOOKTsbLC3PWw21hmDRhLb2Oh1gE88FeLaT93Kbf/3MeGo/Lr8NvzulV9Xv/e4 WcCDIPsj6AmO1sl8XOEFWweiWwd13r5i/LBZcAh1AmH0oUSW1whH+ydQOushLieC/xWgux0X oXw+ZZRFyW/4Kd761KhdFn5X/u2x3JaZDqktPW+c+TWa2Q4NzWxvmd8C/7Coe4ArOB6XZpfa SnNKpfm2+TnzpUaxKXu57YqcK6RluSuyAtkBWyCnQwrA1hAxRBIixmtzrpWuzd1guCXhNtum nNulTbk7DDsSdhjvzb7Xdm/OvdK9ueOa8JDUZcMsdY0psKTy8alrTG4Jzz+36u2OG761tHv7 x7+Tj8mv/Ej+6003YcO1133n8u/97C8vYgmbVmFe2CEfmn5xdd0l5aNyS54/8OF/T5uKndUL XTVzq225xb/b88a7+UqdIi8WroB9gdZQMx3ZsRrqsGkj/jN5MBvqJwerpMzsM5DlDfPx48PL qPzB2o0WFJC4kuPKTC6J5oz5D3W/iEX55IvdD20Pr1oVhlJq26mHNCJ8NMiPyKfgeqSJTP/F 5s2/YFUURrvl9wivSUJGlONIRNu1d5m0mNchg4U3m8wDUOWw0gGkKsa5Y7mpU5JotMDnM+Hl 39/6k/Ub8fi1a9fI732IHzt2DD/xwTvyzNdfl2codct2+T3uI0Y7y2FE2zV3mYxa0aJBxGQ+ AuVTlHDyNPolXpCrfA1uXwt/ePzG9T+5VX7vBH769dfxr9/5QJ597Jhc/qFCFzCdP+u2gl88 e2XiJR+gHB07Fnja5pJjJ4TyYs12yNAY6WKHhghpu+Ts+GPEYceKGfwLqI17Fr5u96ADGmhr xsNzO/zWoAPCHrRT6EKN5BWUKayB53vwvg8t5x5HO/nH4R32faENNfJPoRUwdwudr+lHq4Qe dIDrh/VPofUwfye5B+1G2xm/sXBdh56BFHQ9fpzjuEZuD/cRmUKuJzvJSd7BHxZWCo9rOE2f 1qado31VN0ZXr7uOSZ2JJiFOPQ0xIwfVElLs3fDkqR7w/RLVbeOgnhhyyka1zcG8u9Q2AQp3 q20onNEjaltACeg3ahuyNXpFbevgG+SvatuAstH/qG1j0h3YrLZNaEryfWrbjAzJb6ptC+KT +4Aj5vUgUHHyu2obo1SrpLY5pLNOU9sESdZL1TYP7SvUtoBGWa9T2xpks25Q2zqUZ31IbRvQ DOuratuYPyPVrLZNqGPmfLVtRqkz96htC9LNfKY8EOwN+do7ItK41vFSCRQnUkuvNMcXCUdC XneXXarytxZKZZ2dUj2dFZbqvWFvaKXXUyiesXQaXepyr+xaEfC3S3PcHWdZWOFd4V7cLbV2 uP3t3rDkDnkln18Kdrd0+lolT6DL7fNH5zS4/eE5gU5P3Ks00vtibyjsC/ilksKSUmWMDk2M m9oW8IMQEdCpIxIJzigq8kD/yu7CcKA71OptC4TavYV+b2Qum0ZFokoN4iCNC3u9Uou3M9Az vlA6DwUKpcrO3mBHWPJ1BQOhiNcjtYUCXVJZyLtSFSXKgwHWrQAWz0YUY9xBPbekiDaIujjx nH/imfY5b9NKwzj7wqJbioTcHm+XO3SVFGgbTkUU67yhLl+Y2cAXljq8IS/wag+5/aC6HXQH tWAZIAY426VIQHL7e6UgWA0WBFoigJgPIHBLrSC0CDMjHd4oTq2tga4gTKcTIh1AHVD2+sOA Xh6DJG88EPNI7nA40OpzAz/RE2jt7vL6I+4IlafN1wlGGkcpsgVSQ6At0gPw541nkoS8wVDA 093qZWQ8PlDM19Id8VIZxCEL7GDm1s5uD5WkxxfpCHRHQJgun8qIcggpUALZ7jDMp+rYpS4v 1VpkDhLusMfxsFOeRYGQFPaCHWC2D0RV1R/GmgoHZIMU6IioQMcY9XSAY52xgJqhrTvkB4Ze ttATkMIBuxTublnhbY3QHqpfW6ATnI0q1Brwe3xUj/AMUXQBOXdLYKWXaaB4ERNg0An8gQiY Iaz0UqsEYx6gjEnhDndnp9jiVVEDMSBK3EP0DPjBL0JSVyDkHVFtKdIb9La5gVGhItTQ0S53 L0QLLPf42nzU0dydEXA9aABRt8fDNFegowHqDoFc3Z3ukEgZebxhX7ufidGuxCosoh7qbgUi YboiKk94OCdKUgQGDDB358gE1DVROWLUQDx/Z6/ki3NzkaoT8tJ/Wcrm0kaYAkntEg0PL/ic N8QW9QRCnrCUNxiHeZR3dEDMo2GbxyADy1Sr8dLihUiiVLvBBhSTlQHfoGDeayIQMZI7GITw crd0eumAojtQpg0xZpQOd0TqcIeBotc/BBPqdTHv9kjdfo8qcExUkQmnaHguq4YheUNUM7NR I7mlTpo9IFaiE4Pu1qvc7aAYxKE/IFJX/XRONYQVJCwQ0dvZRoWa55Tm1ta4pIbaua4lZfVO qapBqquvXVxV4ayQ8soa4D3PLi2pcs2rXeSSYEZ9WY1rqVQ7VyqrWSotqKqpsEvOxrp6Z0OD WFsvVS2sq65yQl9VTXn1ooqqmkppDqyrqXVJ1VULq1xA1FXLlqqkqpwNlNhCZ335PHgtm1NV XeVaahfnVrlqgCYIVy+VSXVl9a6q8kXVZfVS3aL6utoGJ9CoALI1VTVz64GLc6ETlABC5bV1 S+urKue57LDIBZ120VVfVuFcWFa/wC4BsVpQuV5iUwpBSqAhORfTxQ3zyqqrpTlVrgZXvbNs IZ1L0amsqV3oFOfWLqqpKHNV1dZIc5ygStmcaqciG6hSXl1WtdAuVZQtLKuk6kSZ0GmKOjE4 RLqg0lnjrC+rtksNdc7yKtoAHKvqneUuNhOwBySqmbjltTUNzssWQQfMi7Kwi0vmORkLUKAM /ilnkjH1a0BdSsdVW+8aFGVJVYPTLpXVVzVQi8ytrwVxqT1r5zIPWAR4UuPVqPJSG9G+M70D ZtHVqoIVzrJqINhAxYAOcchc8C7nNa3eYIT6thrcSmpkaVTJnXbmtUoSABeu9EPgKn2sCdsS RBbbdZTsFtuw6XZsV1IvSx/g3bATKanXs9ILGTBMU0kgJAZoMunxhVmkwxbYFVD2PCns7gRm sIpGEZsFudLdCcvCg2IOCSgxuhkGQz5Y0hPyRSCZSO5u6A35vqFuwyF1m2IaSDENKJdYclDk D3nDQdilfCu9nb2FMDdE9zImic8PtVqXqjqDrzUyI1oqRKR2RtwTiIhQ0RVKosgqrs9cOp1v afv51EGiUgdJF1IHibE6SLrAOkg8sw5Sk3wroxSO7hkjFKixgkX8LLWSFK2VxK9HrSQqdvjC aiVRCdjPVCuJn2OtJMZqJekCayVxSF1wAbWSeLZaSTr/WkmMq5Xiw3dIuQT7OSSJz6tcEtVy SfpM5ZI4RFz23fh5l0yiPyB95pJJ/FxLJlEtmaQLL5nE4SWTdCElkzhiySR9mpJJdJUtXji/ lopdNu+CqiMxpvlnqY7EaHUkfZbqSIyvjqQLqo7EEasj6bNUR9RZhwTKYOEjnrXwkT5F4SOe u/CRzqPwEVnhM7R2+OSCJhKd72BFg1gIj8JznlwV9fiu8hX5IINcUxjsCBapaWzYQRoqRwEU RL0ohHyoHXWgCJLQONSKxsOzBBXDNRlaLTBDQnNgTgSF4RdCXuRGXcgOvVXID/MLoVWGOuGS UP0grTB788LTC2tWwt0DM8Xz4DptkKsLOK0EXitgjR9mUzncsObTcayA1gpYtxh1w4xWmOtm 1LxshZtpJAEVP9yDMKcF6PpgngTrA8DdzcaG02lgVMIgUQDme84yKp33+GImdRh4BZgkJSB7 CSodsi66auJZqLaxtQoSEdVOFJkI6DUDFcHlUeevhPmFMC8AzxDo6mVrQwyVQqDhhTVz46hF UYpa6kx/oGMUeS+znhekC6AemEtt9flYgFKqhJFemNPBVvpgLMjkjjBrUwRCbAX1D0p15TBU husR87DuIR52Nm1EuEbSXbGeG1rxqJ3p6yLY7sIv8bzi5/OP2pHtHdPZByMia0VYD/WyLob1 VdAXAAt8kixUszpGr4tRi8WBj8nUwca8ql7tjItftbpdtbtiLYWb4mOKP9uZXAFmfT9bH1Rj TeEQAKoR1cd8qhe4GQ0FaVGlGWFSDPenVjaP+qFCPUqBzlZkV3zZyyJX8b28OC/JY5ajaz3s GWZytcIat6qfyKKgFTy0i1GJsJEoPm3Q6lQjadygjDEONNdQ+SPgv4r3U44xTGhPkEWNBzi0 stVRaTxMgwjztRYYjbBRhYd4Dg52NZpbQbJuRkXBpIf5QAfLOhEVmS7WF69RVIfQEK9UpO1m GNrjrEPbXcyeiq3FuAwShtX2s+hhH9SziGUQiVFW4kGh7VNRHWr9c2sdRU6RNjjo0REmV8zr Yhr1MDy6zotDNBraWNb2qxp64zh62J3ysLMnRWIFzGhl9JQ5Ufu1sT1EyWxRC7Uy3h4msU+V dAaLTpcqnRsoBlhmiNkgPhfFEDgzE/hhfkSNhvCQudFYiSEWnwPi10lMZzeTXGS5eaivKWgo e4n7HPYMsF1OUm3fxZ6x/HE+toiwnYjunG5Vo8IhSJ1rLcWkV91bFO4U8zYmo0f1pE7mp6HB HkVSiqknzubxXhfdQd1sR/SxnNHJ3sRBjTxMUmovfxwa7UP2VYVTNIe6mfcovhvlMRyf8Cfq FJVSVDWIeZib2ej8JRjKZzgeI8lmV+3dydb5zpLNxUHrhFiedbO8EqMb7QkPemQ0XobvHl41 z3mZFlFOPUwrD1ufN8J+mDeo9/AVIoxFd9u8OC9TYqZ62P7SwuI9ECdrtxoHUT9ZCaO+ERDz omsYzn41koNwKbuXm2VU7+CKeLsrMkd7xBEjpYNleIk9w6qMXuZJZ/OTaK4bKXd72E7gZ3aP x2skVMU45OJteKGxGlYrb0nVJBpt0UiilUPnYO0RUlcMpRhkHn0V3NtViyn7IfUqcTCrfpGZ 6uxatagxElH3w7ZBpOYhJ+NTi2rgjfKphTcXWgJ1ZD0bq4I+Ceq4ehhZDG8V0FvB7FLGRuh4 HovGJdCmFGvRIkZLoVEPd0p7KfRQ2hJ7p28LYH4N0KJrnaiR8XACtQaQrBbalPZC6K2Gp1Od R1eUQ88ieKftSkSrUIVfDaxysdih66gsiqQu6I9xHSpVFeMYlWwhvNUD/XnqaBnQrmL0qPx2 Vh/Rdo0qp4JcPaNOMaKUKc1ykKiavdHeRfCsg3kNDM8yprMibQ3TYS6MK7o4mQSKJRSJyuFZ B7zpjEqQy8VQoJxc6kw7syPVp4Ktp1wXsFmKZLWqlWk7RqVQxVKRg+K/eJBzA9O/Gi6J6e+C HhezTRnQj9KN+k4lo0DlFhkai5h+ZQyHWsZhDptHUaR4Vg96XH2cVcoZXtRuVPIKxqmMIdIw oiZRavHWGck7xEEOlUw/J0Oqms1uABydML9qsEfxxyqma7mKtUJT8XvFJ6rj0C1nOlLLXgZc napPlTHshmpB7bSEyR/TQrFAmXovj8MsZv0a1bpReVyMs2sEVJawWHSyWWXM1g2DMTKXxe9C VfJFgx4WywGLVP+sHZRsKL7ROIrOO5/codCK8h5qwQrmT9WqhA2DaCgzxHPQVXKXE/a1Vvad ExnM20N37viqMVaNxted9rhcG18JKFm4ks3tGjYv1qt8LSl7VuxbJ752G+kLO/p1rNTy0ao3 Vn0ouVv5Joqvej2sPldqwPBgVRJgdWBgsDLpYaOxPT2onp0EhnznUc5utvfbB3lF96IYLaWu dLNqgXILj4Dm2Xco8YwvwyDb7xUuPawdUSsTql+3Opf2f2PY13D0/OdMG0gj2iCqy0iVQzz+ IWbvoPot5WMI03qyUKUbQtHvshgmFAHlXK1rmNVj3kepzUDDTxUoBu1xknsY1iJSzugoT5Hl q+gZ11d/6vR5n9p+nc6DxCHnQcMrry/uPEgc8TxI+pLPg8TzOg8aWsm3xskUO+uIzjy/E9SR TljEr+xcSTrjXEn8/+dKcedKsROG/zPPlcQhO+xXd64kjvC19nU4VxJHPFeKafTlnCuJ5zgv +HLOlUT0ac+VYv/W6fM8V4rF29BzpbPtvmc/XVK+z5VK4ut2uiSioadLI59ufDmnS+I50JXi EPx6nzKJzMfOrGa+/FMm8Wt8yiQOO2WKfet+madM4ieeMklf2imT+ClOmaQv7JRJZBgsBqrz mbQK2mUw/uWdHYkj2vyrOjsSzzg7kr6ysyPxrGdHsTOgL/7sSPwUZ0fnovvFnh1FM+vZd5Qz T3zECzjxiT+l+TxPfMTPdOJz5jfbhZ34iHEnPuc6d/g8TmgiZ9B3oNhJg8j40LfCz/DfXBUx XK6CXxGTzcOqpkJWvwahb2g1du7/Io3+75vZ3+nr0DI0wl/Zt7i1eCySEcH5yAL3MTgXZBbw GNQPb6NRKtzz1L48No+2CZbYeA7aD3cbcCI4m41moXS4ZyIb3DNYTzq7j2L3NHZPZXcrTkEm oGplb7RNcDJrJ7F7Ijah1TCeyN5om2AjTkA/hD4j6zOig4jHCdgAOUNgIwTT/99THhuwiMZC Hx0hcHdAH+0hWM9W6thdixLYna7Q7LmlUChLxhqml8DuPJtFmEYc68HsjhynV5PTlxJZJgP/ tgsDMvm3nfTL5OOPKoWPV5OPKsmH/eSkTD6Qyfsy+Z/95D2Z/LdM3pXJv2zkhEze6ROFd2TS J5I+B//Pt0XhnyXkbZH8Vz/5x82pwj9k8p/95O/95C14eUsmx2XyN5n8VSZvyuQvMnlDJn/u J6+/Nkp43UNeG0WObbEJxzzkT3/MF/7UT/6YT/7wcr7wh37y+1dThN+nklePmoVXU8hRMzny ikE4IpFXDOR3MON3/eRloP9yPnnppwnCS6PJi79NEV4cS377QpLw2xTyQhJ5HoafzybPpZDD z+4XDsvk2WeahGf3k2fX8s84Tv8mX3imiTzj4H+TT56Wya895NCPzcIhmTyVRZ6UyRMyOfir GcLBfvKr+zKFX80gjz+WITxeQh47YBEeyyAH9icKByxk/74EYX8i2ZdAHgVmj8pkr0wesZKH k8h/yOQhmTwokz1p5IF0sjuV3A907u8nu+Cxq5/cB/PvyyQ74bFzNfmlTO4dS34hk3tkcrdM dsjk5yLZLpO7tpmEu2SyzUS2OfitANTWfrIFlmyxkc3w2NxP7gTl78wid8jk9tv2C7fL5LZN TcJt+8lta/lNN+ULm5rIJgd/q0w2gndslMkthWQDLNxgc5wmP4OlP5PITxPIeuhav4D8BB4/ kcnNgMPNqeTHZnJTPvmRTG6UyQ9l8gOZ3CCT78vke9/NF74nk+/mk+/I5Nsy+VYJ+eYGcr1M 1slkbTpZI5LrZLJaJtfKZFU/+UY/6ZVJz8odQo9MVu4g3ZFMobufRDJJuJ+EVpOrZRIM2IWA nfj7SVc/6ewnV8lkhUx8MuloTRA6Ski7TNpKiNcjCl6ZeETicfCtLaLQmkBaROJutgruDaQZ W4RmK7lSJFfIpEkmy+F9uUwuX5YpXC6TZfC2LJMslUljP1kik8Xw7ji9WCaLZOKykYYUUn9Z ulDfTy6DgcvSSV1tulDXT2prLEJtOqmxkIU2Ur0gRai2kgXzLcKCFDK/yiTMt5AqE5nXTyrn pgiVVjI3hTj7SUW5SahIJOUmMqcsX5jTT8qAZlk+ccxOFBwymX2pSZidSC41kVmXGIVZqeQS I5npITNkUppCLpbJ9GQybWqGMC2fTJ2SIkzNIFMP8lNEozAlhUxZy08uSRAmp5DJDr4kgUwq 3iFMkkkx0C/eQYoSSGEymWifIUzsJ3ZrvmCfQSZ4yEUeMl4m46ykIM0iFNjIWInk28iY0QDA hDE2MtpC8pBRyOsnuYkk18FLKSRHJDYbyc5KF7LzSVZispCVTrL2Qs64mc80koz0BULGapIO TNMXkFEySbOQVOCW2k+s0GfNJykekmwhSTKxwLtFJmYPSTSZhcRkkniQN5mJaS1vhBFjP0ko IQZQzZBKDGt50UhEB6+XiU4mWploBFHQyEQQieDg+X5CPISDVZwM2csoYAtBRoL3Ys+3b8QT /u/4Q1+1AF/gXzb6XyOTWOcKZW5kc3RyZWFtCmVuZG9iagoKMzMgMCBvYmoKOTc4MQplbmRv YmoKCjM0IDAgb2JqCjw8L1R5cGUvRm9udERlc2NyaXB0b3IvRm9udE5hbWUvQkFBQUFBK0Rl amFWdVNhbnMtQm9sZAovRmxhZ3MgNAovRm9udEJCb3hbLTEwNjkgLTM4NSAxOTc0IDExNzRd L0l0YWxpY0FuZ2xlIDAKL0FzY2VudCA5MjgKL0Rlc2NlbnQgLTIzNQovQ2FwSGVpZ2h0IDEx NzQKL1N0ZW1WIDgwCi9Gb250RmlsZTIgMzIgMCBSPj4KZW5kb2JqCgozNSAwIG9iago8PC9M ZW5ndGggMzQwL0ZpbHRlci9GbGF0ZURlY29kZT4+CnN0cmVhbQp4nF2STW+DMAyG7/yKHLtD BUn5aCWE1LVF4rAPje0H0MR0SCNEKT3w7xfb3SbtAHrs+HVe2YkPzbGxwxy/+km3MIt+sMbD dbp5DeIMl8FGUgkz6Pke0V+PnYvioG2X6wxjY/upLKP4LZxdZ7+I1d5MZ3iI4hdvwA/2IlYf hzbE7c25LxjBziKJqkoY6EOfp849dyPEpFo3JhwP87IOkr+C98WBUBRLtqInA1fXafCdvUBU JkklyrquIrDm35nKWXLu9WfnQ6kMpUmikiqwIk5PyBvmGjklzhRyxvkUOed8hlwQ56TdMlN+ R1xQ/Z7z1POR89TzwHmqOTLvkE/MG+SaOQ8sE2aJzP4LrJHsv8B7JfvPt8jsX5H27p9q2H+K d0n2n1Ef9l/gTCT7V9SH/asdDfY+QRwxvoGf1Ql98z6sjR4K7Qs3NVj4fUtucqii7xvrJqfh CmVuZHN0cmVhbQplbmRvYmoKCjM2IDAgb2JqCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVU eXBlL0Jhc2VGb250L0JBQUFBQStEZWphVnVTYW5zLUJvbGQKL0ZpcnN0Q2hhciAwCi9MYXN0 Q2hhciAyNgovV2lkdGhzWzYwMCAzNDggODM2IDg1MCA3NzAgODMwIDgxMiA3MTEgNjc4IDQ3 OCA2ODcgNDkzIDcxNSAzNDIgNTkyIDQzNQo2NzQgNTk1IDcxMSA3MTEgODcyIDY4MyAzNzIg NzIwIDcxNSA0NTcgNDU3IF0KL0ZvbnREZXNjcmlwdG9yIDM0IDAgUgovVG9Vbmljb2RlIDM1 IDAgUgo+PgplbmRvYmoKCjM3IDAgb2JqCjw8L0xlbmd0aCAzOCAwIFIvRmlsdGVyL0ZsYXRl RGVjb2RlL0xlbmd0aDEgMjQ0MDQ+PgpzdHJlYW0KeJztfHtcXMX96Mycc/b95LHsLgt7YNmF sIQ34REMSwIkEcmTRFAwLLAJm/DcXULik1STKEZNbY2PtiY+WqNWsyGYkqg3+Kht1TRpq7ba amIbq7alSb3R1gfs/c7s4RGj/fV37/3jfj7XPczMd2a+M/Od72u+c1gIBfp9SIMGEYc8bV3e 3jVrli9BCL2KEI5p2xwS7/pD6C2ATyMky13fu6Hr8gczjQgpDAgJ4Q2dW9fH5i5Yi5B2DCHL rg6ft728ckiPUPplMMe8DmjomPyWHOo3QT2toyu0Zany3BVQ3w/19s6eNq+mgSxDKEMD9cIu 75bem1XX8VD3QF3s9nb5Vvzs+C1Qb0HI/avenmBoD8qMIFRfSPt7A77eH2y93wr1eoRUE9CG 4aEfmA/LaJ1wvCCTK5QqtUar0xuMMbFx8aYEM/r/5SMcRRZIVuERZOFdCDYeeR/SB7Sc9Ec+ oP20JH8B5FEpIbQfPYH96Al0DD2Pz8GoA+gIGkE/RwmoCn0fXYu+i3YiGboCWm5Bq+ARoP27 2BIZQTnoAdClB9BxwL0cXY+OIhM2Rz5EN6Dt3G9g1HakRamoEq1APeg2fFmkHzWhU/yNqBhd hrpRLx6MNERuj9wZeRj9EB3hfh6ZQGpkRW3wHI/8Xfhd5A9oLoy4C92LTuE7lU8hD6wyCJg/ QAF0H9fM48iGyGdAQQoaABp4VIeO4zHihtl96H1sxtdyi2CWhyLhyIuAZUPNqAPdh47iIryY pAhNkbrIcWSCNbbArPeiYXQYnlH0LHoLa4RzkYcj55AFZaGlsJ8R9Es8xk1ObJusoIwGLs1B pdDTg/4H+hk6iR34OdIjaIR8wSNcHXkNxaE8tAaofQRG/hn/k1wPzw3cS3xNZCHSAV++TbmN forexVacg5fjtWQO6SH3cwGkgBXz4GlHfuD3PTD7O9iNDxMNOcE9xD/Ofy5Lmjwd0YFEXOh7 6AfoOayFnYo4iL+F38B/IovIOvI98kfuu/yj/K/lXtj1VagL3YYeR//EMbgEr8RX4g58Ld6J v43vxcfxSfwBqST1ZBM5y3Vwfdyz/EJ4VvNB/kZhh3Cr7IPJhskXJ381+c9IfmQHWgn6sA2o vwvdDzs7gk6gN+E5hf6IBazGOnhEnILX4GvguR7fhh/E+/GjeARWOYn/iD/EH+GP8ecEwSMj iSSFpMLjIAEyQL5Lvk9OwHOS/I18yiVwqZybK+LKuUauB6jaye2G5ynuXd7Kn+AjwOd8YY+w V9gvPC48L5yTaeTfUiDFq188NJE58c4kmrx5cs/k8ORI5F0UDzK0AhfsqByo98KzEeS9BzTu APoN1gDvrDgTL8CXAWfW4Y24D28BTt6E78M/ZLQ/iZ8BLv0WnwWatcTGaM4mRWQhWQ7PVcRH +shucicZIW+Qzzg5p+b0XDyXyS3mmjkfF+K2cnu4MPcq9zb3R+4T7gt4IryKt/OpvIt384v5 dXw/fz//Pv++0CS8IrwnU8m6ZDtko7J/yOfJF8hXyFfKm+V3yA/LX1O0gHa+gJ5CP5lt8/g0 t42r5p5Ct5MC3kJ+SX4J+rwOtXN1BDSV7Mc3k+vwCEkTtsjmk/l4GTrHu4DXL5G95BMyn6vD tXg12kjyorPJ4vjHoCjnX0Dj/DOwt1/CzFtkGnw9OSvToGGMSCms+VMul3dzr6C3uFNYzj+A fs+rcAIeJ49wK0ALnuUXCA0ohfs+epLrw9ehp0g1eOzPFbtAj5fhx8Av1ON8/C8ugjg4D0ZQ MfcndCPaRH6HxsGOb0Z343Z+A7odFeBr0fvoR2AVc4RuWaYsHv+C+PkhEotHEOEfhd2V4jTM CXHoJtzM3Sc7S95E/egEr0LvcD8G6k+QJ7k6/pywCneABVyHdqC+yDa0VWjgf403IA6vRU7+ NHi3a7l8PgXKG8CrNIFPOwzWfRT8QCVXBy1m0JzLQC/WgIe4D557wE/woEF+sPHLwYv9Eo3I 6sko2iDoMHgdhPhXJlehKyI/QvdGNqDuyJ1oLviDnZFrYcb96D10B9qPt09eg3pRMljOO/gy oYacEGoic8kQeZOsJnsulC9w24nN6C/wPIlq0ALhaTTE/xatRhWRXZHXQbszwMPei1rRpegM 7PLvsMISbgwVTC4jByM1XC/s9xRaGXkkYscq1BHpRMvRM+iHcgF55W5PZaWnYsEl5fPLSkuK iwoL8vNyc7LnZrkz52Sku5xpjtQU0Z6cZEu0WswJpvi42BijQa/TatQqpUIuE3iOYJRV7ahp EcOuljDvcixZMpfWHV5o8M5qaAmL0FRzIU5YbGFo4oWYHsBc/yVMTxTTM42JDWI5Kp+bJVY7 xPDxKoc4iq9Y2QDwbVWORjE8zuA6Bu9msBbglBQYIFabO6rEMG4Rq8M1mzuGqluqYLqDatUi xyKfam4WOqhSA6gGKJzg6D2IExZgBpCE6rKDBCm0QFTY6qiqDlscVZSCMOes9raHV6xsqK5K TElpnJsVxovaHK1h5FgY1rsZClrElgnLFoXlbBnRT3eDbhUPZo0N7Ro1oNYWt6bd0e5taghz 3ka6htEN61aFE64+Y56pwuQxixp2zu5N5IaqzX6RVoeGdorhfSsbZvem0LyxEeaAscRZ0zJU A0vvAibWrhZhNbK9sSGMt8OSIt0J3VV0fz5HNW1p2SiGlY6Fjo6hjS0gGutQGK3amjJstXqO RE4ja7U4VN/gSAlXJDoavVW2g3FoaNXWQxaPaLmwZ27WQYMxytiDOr0EaLSzAd90H4MYOoVq V01zFlOKHEtBIcJimwiUNDhgTyU085WgobYSQINPI4ZR4XaQiD+sXNQyZCij7XR8WHAaHOLQ xwg0wDH+twtbvFKLzGn4GFGQ6sm0qkH/FBx2u8OZmVRF5ItApkDjAlYvmpu1eZQ4HL0GEQpg H1oBvPU2luUA+1NSqIBvHfWgVqiEB1c2ROsiak0cRp4cd2OYtNCesame+DW0Z3CqZ3p4iwM0 eYQFv/FhhWv6R28wxVZ3lIWx6d90+6L9tasdtSuvaBCrh1ok3tbWX1CL9pdM90lQOHZRA5dI JIgkcqwXlLJpGplWGjRh3gk/MqbU7aNyBWgla8FiTdjQsiSaN6pSUv7DQaORc3QUK2aGSWSG y9wX1udfUL+APM0QBwTDIVhbf8XQkOqCPlC16IJLpQI0HtU3pIiLwmgNWKYTfkYjYyU0NSaG PcCyRRQB9C/aJFUvQEyU4Eb4UO2cm1UDjm5oqMYh1gy1DHlHI4OtDtHgGDpCnifPD/VWt0wp zmjk6K2J4ZpdjcCrDlw2FxHMgk8BQTQrRwtHCD4jk4+Sez2xSODPcEgl589gZFHIhDOEewYO dSWEeNnI7DZ8Uj5RvsxwvrxuohxVAGz4ArK83BRjitEJGYYj7QuRG/vCI6DPkciP0dvVHlhr FdwZ1Hi7J49LLS5VKMvSVUWyearFqsu5HdxvOflm1ZvcmyouQ9jFDwmP8X9RCCoeF/Fv8EQ5 GjntUcakFHIizUYj7xzSlMbQ1kNQV0glT8skVo4dijHR9nc8l1hgJafzEoXSYrlEJpMr4bxR CRzPi4IqThCgphDlsji5XKZSIYHwmMjVEPypOKKGfYySMo8+V8D7hLAwJpwWeOFSBW1T58qx KB+Uh+UcsGyHR60WRdhks2b+fuDP+ebxiea+8fOQDOWG8nLKpfJymmJKc3YK2W7ddYYXoTS7 eQDkCkO5ohzXhs2ra8OJoHBHEB/5XUljXi52Rz+gzR6jMhV2kmUp5WlKTSwVYHeHTQCaSmV0 o+qYUkVqXCnviSulG3/KCWB8qXvm04ggw32BZtTX7HYXGAuMEFzDj9y453nyOyyfuJd8K4Im PjknHJ2YQ3478eQX95A//2USLtUE1UY+4JP5BRAhJKF3PO12ZIsna7hmoVm5Ru3jNgk9Sp8a rvYGbCDpMW8Kn8V9YpXnxZRZ8myVMXXWStvKmCbLKps3psvqtW2RbYn/hHxiNsD9Tq9NSFhh ajH1mjiTTb/bsM9ADAY+0aaSo1HymEeJ74q18eoEjxZE6lGmZxaGtVhrtVMBO12FtPQkJTsK c+3YbiowpMk9aZmFdnmFfDnIxZJcWGx2g542u+smziwz9Lndn/S568ZRxfjEmYpxEEVz+URf OTbGlJbGlAK3m1EzsAcnyGSOVGQ0oIJ8ZIyTp5hMBfnzcIor3eVIlXFXHc36+5EPJ8/iuD+8 DheULz5QDW9v2zXxFlmpKVl7y7WP4rUJD41gO+bgNpAx+c7kpwbxwNEOfNeORR0/onawHdj5 EnDSiG70zM+JxQYeO/hCfhFcktbzIV6mNCqUCqU21qjUIk6B1TaZHMuQSpmxW4EVqWIsjiWp RidGdOvxBfMKz1HfLKKT6DRY3bKYxS9S+2zuc5dPnDE0nw+cQRUVFePG0lL4YTtFhl/s1F33 Yl4uag7gZtCC+HnzCvIT5HRzclm8cfuDC/wVV161YOHC+VfFJfOuB/qWlD2SvriiJTDxGtWE HaAJdrBjA2jCG54fY0GjTxOKhGpBqLCH7cRuT7UV2Bbaeu277bKy2HJTufUy02XWZkWztkHf bLrKulHRqe3Qd5u6rWP2NzVvJbxl+WPs3xL+ZvlT0ml7xG4RhRx9TlyuUKH3CJfpVwjrhbeS PuY/M2gM8TpeRlAi5Ycq3qZTm9NOqrFB7VG3qAfVvDqEjQWogHMSMobxbrwPh/E5zNtxBdyH OWxJXizpQl+gvM4wcf6MgVooqAJwp8JYaqQKAOKHbtSX4gDbAKYkk3gDcqSmc3EJVAWKCimP 8NxHRgIHWw/0eSY/evaZTaRwzbc3//iH/Zt/DFbz8R3L73g5OHl28o0f4D3H1tx6/JWTLx0H nlUBz9JB5lq4PT7naY6RqyyaxbIlirWyRsUGmV+hKDSUxZSZiszVhtqYWlO1uUloUq4yNMc0 m1aZu4QuZbuhK6bL1G4ewPFKmaC9kqsX6lVXajo5n+BTdWpUCTZebrSp1XFpcqoXsWnOQnBQ SG6Qi2AIeacScSJtt1BTAViXhjyAYkcVQFyelZoJ6Ix7HEyk+ZNmAChfxsEi+sBXUOejXC2s VrYKrUoeNzfGGoqBOSg+jtlJbNwMb6oevuWnv8ema/5666nJ8SPDO3cMH9q+cxiuWOm3b558 d+L4X7+Fk7H21Vde/dVPX3kZ9LYi8gF3EPiSi9/0XMOnxqWWKS9VVqWtTfWlXqu8XXlT2o9i H896ntMqE6zmhNzarDcShESyhhBDPlaZmxRNyiZVk7pJ06TdqNio3KjaqN6o2agdcY2k69Nd aelpc+alXaFqVLe72jNCjlDaYNp3VN/X3Jlxd9ZduQ+rHtU8lP5wxiHXT12mJOo+Y5JLr1Ck OzUq3iq64nl1dpKVeiCb3VJhWW5ZZzlgOWGR6S12S4/llIW3W+6wEMvTZA14RARoBgP2YGLA JzFB2IAJph4qzlRIS0+yzliIcXZTUmcSSbLFy3lbttpuxdY0iyfWXGgZJVcOy9MyAfMnttKT mTjTmk9HucDbteSP5ZOK/MF8km/AGKchMU2fegrhCrh4EWTJm3JwfXXnxw3jgWUGMHzm4867 xwNMiH3g5txuUGum8IEzoOjwA54gARR+0VaPJ31uskOIy3IZDTGGWAMnS9WKiUiZIU/EwlzI kuOgmqJzJKJUh1ajmKNKxBnpSpXMzSciuyEpEcOhQs+4aMYOrEz3tm3bEKyJmwN9zbHFpqiC pLvSs0lR4bxi6m9MJvA4VGXiwbbgAVNj6uSqGNbfcs21W4qc33np3uWVJZnfXn3ds1cYw5qg /9qNJlNO4k3H7l7rf+m6E2/iS2ybAr6qSxxmZ/7SbcsWb82wu5dcs8G8qmlVscOWFKtKK6i8 tumKvZf/mHrdY5BtA6/Foe8+BSJSEIEKqOSSQlYWFEbLubnRMmNOtHQ4o2VScrQ0W1npydEa CkVht3BA4DgR3O8daB8KIz4HedAKdAqdQ0KMCI27YbkH+TcamXWBGQ0PIgz2Ax5oonnqUIbQ oCIvlx7Gx54Xjn5WA7TuhIDsz2AVJvSqJ1bgZLFkv2HU8Cfu/dhz3CexMohuznny1NrCrQZ8 j+Gk+bQ5YuZFRZwuzhRjE+CwMGlVWp1Gl6b2wPEQUWP4US8zU7qthfMKw+ZzZtJr3mcOm8fM vJkjBfEm6TiJueg4SZCOkvLz5Uy1II2DnCGcYYcKjokqkUlmVKoUKrmKkxlcRpkuEetVMVQ1 QB8yt4FTpdrAjhomeVO80WEsjIrfuPPB/rdbHlhhUI1kbloSfIR33X2gurcu/7qJINnR3VV5 56sTzwBJsWBlg8JvUAI65EmOU2K9JceSa/FYei3f03xf+6hWYdVmaMOWMQtvoTvJsNoLkxRa TqO3qXA8ccfF8hwconvjcFwk1sMnOHnEkTsx2/ahvJJCtn2VzV64G9Z6yGx5Bh9FKegTrIJo F3YNYoJo11AONjbeDAKDQG6ivGIczlS2/TiDUaaUyxQyIjMoYxKRUaZPxLD3zG3bsBtcaKDA 6CgqKCosnjlp4+ML4h3G4b17Y603br6sKbEkf1XViRPcfbv6NhXWXB7zA1VNS+uuL9ZHtUHm Am1woJeOIGXkd55KEL2TP8OfUb6b8J4ovC58IpIEhehQmhNFJcc5km2yeDgKaNjgsFoMqpNO vNu5z0mcCQlWnXO3ERtHcfNTZudueijgZo8FkQKHE59EeDeoMaGHwnJQXEuacxRvOZSyeAWw YFn03ISQAkLb880Ty6p9VX+Go5KFtRVwoAJnjAkswJBUQqeJi3XFaYyJOEYbL6nCNhphuadC DlMCzWarAoUAoErxQP6PNm6+2379y/c/dsjRtKD3uyMN7ZdtK+Nddy1b19pw9MDhiXTyg851 ZXc9PHE3Gd6yZcV93554E1zipXDS2oBbGagYJ3luV2qVmRatNXOONjOzVDsvvjixLHNpZrO2 OXOj1p/Zkjuk3THnPtP3rI9q439keSzjsOXpjBctJzJ+Hf92hqLKhO0JdrM7K7OwlC/NWsov yVqraHSvV/jdmzU7Nb/QfKr91G0sLtRh3pCTVpiQnxJnXjenZw6ZY8vRVeju0O3VRXTCXt0B 3Vkdp9PZuAR6npjMd8XZbHJUna7Kt3HqOV6DFzlT0uAM8BjSPchlcImuXNcBl+DKK6VKaadH dulYKdlXiksTnObUnLRjshMyYpdVgLrllVADHQfnz6xz/Hz5xHvvUb9/hsa4Rhri9o33RX3+ lNOnQS4c607mbsEfg0OmD3XQNARMX0AkI42PMyU4XJxMrgPnTH04IHHl7Uc2HnhmcXBJ0aa3 NuCC6ptv2JoUNnefvOXmx1YYlAmpz9gSWl/sacrv8nc86Eq6cU3N49uXbVsWp9Na05yq7rmX NPaZ+26t9Xgvzd5y7vPtl5TgtzNshoy6nCUtVy6/ZAD0PS3yEckU7gVLHzyCVNQJuwqVlBOV AAxaMMIarQpzyGRQuvUqmQmYqDekolSsjXFqcESuqFZWt8h74W62W84jiH/2wSVtTH5SLpMf JRuRGc87uD4aIkMMOE4vr2fOl1OWAWgE7TUWFBh+QS8DbrczgbLIVUSt11hspBYbRw8zYrBe Vt7amXXTTYeeeirWnZH8wF7DAt+DpG0XlndO3rZr4jt1WVYaK98Mp045O3Xk6DpP83LlbuU+ ZVg5pjylPKeUI6Vd2ascVO6Vmk4rI0qVXQk7lPOEU8q46zGSCTJeJZM7BcTv5ffxYX6MP83L xvhzPEG8yJ+EGs8vU1AjpVuCk4UeKOCbWKxPE91KoC+2qCCeg0Pm5pGREf6vJ058Hs+7Pqe/ nkX3gH/R03ge93tuQESviCOJCn6zZofm5xpOqVmqWarn5vBObZaugbuS36zdotupVaiJoAB7 0i0ntVyV3KOo0y7Uqe4h93J75HsU+7lH5LIYotfpcgUCV2yi0Gi1uYICQIVmlX4VjZSIgv5i Va3V6nQGpFCSlpjBGBJzlOxHWpw3LIiKUZznUWmUKtGjuQHOr6NkLdJhNfSQUaz2KPUYifpe uG6OkrU/EYUWYVDghFGy/5BxPhy3FnBT55vLzSDccXCB4LHKrdOVM83ITF24YdZjBcdO7+U7 r3txJ9zKd7L7UW1YDRfyZLiQP4s0kc+RIvIGIpE3SkpKGuGyroG+DHZZ10b+dVCnoq1wxtPq a4dTSnVZKaVwaX3tcHGpLr+YgU/Nhda50o28MUCNsJnewFIwuMJinAL+Dzuw8R6chq/MNVmK 8DosPD259sBkg3D084++vWTF97gvPqvhX/m8iD/9uUj1qwbi51MgOyO7iz2uIrzWqS3UVmmF orgi2+WkXrUqbrVtA2kXfMq2uBbbmP014fXYty3vxb4Xdzbhr5b32J3LZLe7rfSiVmultzZ5 NknTZpvKSJG2llRra+KW2i5XrdVu0L4ne9/0GT6vM+B4Tqc26OEuppYbEVzGOLW5ACOnUe80 GE4ascHoMbYYB428MRSTdkx+Qn5KHpHzs67lK6aiVvqaBMRimCg/w0yQppnLGOVQSlHUBgtj 2JFBX1rMunBwJb4Xb3i9f+NrN7bsyTk0If64f/MP91+z5YEd9+/6/KG9mBtaWUl0n9WQmFdf fu6lt159EfT9RlD6YmaTu44gAfxLcUk0uCssipa5edEyNRr8eZzxCYV6wS7sFU4J/HLIzgmc XegFjYsIPARLKsJF4yc6EwskrHDW70V4DAJBMiuY4qet1O2O2im1TVpzR1/H3DgiRYB7EOIz gUYBFXg0mPBcsoAUIo/5UfKIRycnEHSyt02y+U1sRurF/tzMXsVJwWRK/J7nya9huv/5BCAW R97nvExP6jwGH9kgC5F+2c3amyFsgZsKtnpS+GS9UulSqRQudbMYi8VYT+yK2JZYPha7UG3M YRbC0kPmEwj/6O1wvIJKSIrt5xXBitHwff4BeW/b0o0Zzzc+963njuN95v3XLgpez330hWX0 5Y3vICm6pd8diEMHjyATcEsL/HXyRVw1d1TLc/RFX1qCpTBBYdQY4zgBIz0EtXFqlcapZPGs Eo8psXKZiTI6gcazpnMm0mvaZwqbIibeROK+9t1I/BT/KffpgXmehrOIaR0o3XQ0q5Pp5E6d TJOItQr9VOgCESxmQmIh7AWxysj1Y5ufrB3p37TiNnD2Ex/d2fzw9yfWkQd2XrP69usmngaf 8eDkSlzGdC4G3eup4wWnMJ8vEHYIQoJCEOQ8T3ghFmGtmnBxGt4oqOXU90MIZzPqd0PMCpGb RqN1qlS71diurlAvV3NqS2zcEzPBGX2nUb7MwMIyVFFH32qwWGz6GIBjbadBUR7doMKgdykM cJVT6uSJaCo2o2cELmbGReUpB3nuGJnsSJ1nL543UlB591L+w1/96tNr7tUtvZNv+nzfi3Xt 1Af1TK6Uvy68jhajy9E/PZfzKQbRlJLiLNIW6Kp1S81VKTVpNUsXr63XXT1HZ3LOwS5lZpJr TpF1Xuki51pzY9KVKWvnrF3auNZn9jnXz9lsvTopkLbdfJN1V9KtKTtdFp1hhQ5xq0fJ0x6V Pj1XvUJN1HLT02QJWoRqydMji8o4lR16f1KGRXevm7iP4jqUTp4+nLMkTS/H8lFyo0dvWLEA pcXs06flGnoNxHAUP4oSyf0jFSWZaYCvRA5yv0cpFuEiS8Plu6K+CVwThFU02p2gN+dxlAOh Pw2sINKtaD4zHo2npJdG0Vhq2kkVF3AyFjEVz4spKiRpjlQeIqgYvkBMKy6QyXhHalpaOmAX x6CUfB4iLQPltSvdxVzbAsJ8m47wt1Q+sLJxv/+hjwKX31+aemh38pykorWB7Y9PPnH8L5PX vf46/s7HWIZbG54q+NfkY/94Z/KWyX8tqm+/Gj+HPf/Ctwa8rx7+XfWaOO2k6Vv1Jdf2Ldnp 9fRt9DxUe2XH77btxRX7rmz+3oR3lz4x/ZIVWHvHIzj1yd9PbvjLx5P3Pxq+3v/WDYH37nr2 9+ffxnosvvKLJ16ZfOfdlzPTLfiyW+5ZdNMr62/eU7n7l9Seb4Qz6DT7ftCzR5CVvqUFeyZi rKlQTy+qc2LiCt2xOE0Ra9LgWJMabmFGOC9QgclpTmAGnYDHEnDCMiszWmrQ1nNW0mvdZw1b I1beCnY/bc4QGylF5UmIlHjlMsu0OY9P3U3LJ9gxUlE+JRxQditv0Gn1WiKTK2QKQQE3VF6T iLQKY1TxMzO3gQTBAUsHDciFKn/CjGPjKq59/aqHlhvUI2pj98qVt88f+f7Ikq7lRUFy58Sh 2/IWr1x9x82kFIIpjI4CQ3ai42DnTo+ZlMPRUL4O9aAb0AHE74P+ffwD9zCam6kPBU8NFnf0 +PHjiP1+jfzqb6+f/bt+nb78Y0Wigv22/sE/pWdO/eaeehFmaQgppe+qsXHyBZPLwBjQTMsF H4sMmoS1aA8fBIN5DG2HcgekKh6hCvr9C0jHoL4TyljZY2gnwJcCnIZ/hm6G+j1QrwH4Rij3 wJhiiot/FnlQYUc9AN8IuLBvNA/H46PESkY4D98PzyvCGuHXMr/8UnlYQRSnlVcrX1WeV5Wp RtSpmlTNfs1LjFILaqBnJN09MqActBBOPo1qAjhIW2u4ZYj+dop+JlnOsR2qWI1jo3RYIcEc ugqbJJhHKhySYAGC/uslWAb4eyRYjl7ED0uwArlIhwQr0RC5XYJV/POcWYLVqFX+lgRr0HpF uQRrZSOKByVYh5r0a6dlcIN+WIJBBIY8CSZIbpgnwRzKMVwiwTzgdEqwgDSGPgmWAf51EixH rYabJFiBYg1/lmAlqjZ8KsEq4jUukGA1yovdO/3NxoLYkxKs5a6I4yRYh7ITmoESzFOuaxJu ZbBAJZJwN4NlrP0RBstZ+yEGKxj8AoOVVEYJv5FgkJH5VxIMMjL/XoJBRuYPJRhkZFkswSAj y0oJBhlZ/BIMMrIMSDDIyDpfgkFGVq8Eg4ysf5VgkJH9CQkGGYl6CQYZif0SDDJKn8NgFd1X +nYGq+le0r/NYA1rf4DBOgZH5zTQvaQfYXAswDHpP2NwHMN5k8HxbJ73GGxi7R8z2ELHZmAG J1KcjChtSRQnw85gO4PdDE5j+MUMzmRwNYPnUsvIWE1hBaNfgtlaGesorIm2b2Iw20vGAKpH W1Ev8qH1yIvaoBTRo5DqUQeD68BNdUMKSVgieJQeFACY5l5o9zMMEVo6YXw2QFWs3ft/OFPO NGUiWg09nah/GicIbUuhjK6Xh0rhyUVzJSiftVbCiE4oV8GYDUBDiI1aBfMFIQXQZsjbASsA /V7ApD0bYI1OqAUuorZsFqb4JdwytJbNGJzeAaWgBHIRZcBMfqAzAD1BSOthxjmz5vq6kTMY dcCHmdqTjKOUX+0wsoutvwna6Mz/+7wWoZXuyA+UhBhFlDci1ClOSJp1DchBRCvYeBG52Hp1 kC+HtdcznnsBn47zwayUywNsJJ0t+ytoisq3B9alNPUC7tavxfIxvaJ4A4yqDdPr+iWtncvk 0oNaJaqXsZ4OpjleoCZrmvYA6/EzDV0NeT+jOiqHqDZRCSxilIQYl6f4FgBaRMDySjoY1SQ/ 43070yyqa91srdn60ibN5WW00ZFdbEZKdwes38VmjHJfZFR72XptkjSiPZTqoCQPL9tjdNzW afn7JS3vlSToY7wJMs2L7m5KQl6J/n62mshWmE3VlOQpb2h9gM3dMUsbKG4Pmyu69lR7lNsh iSNtkqYGL8ILwZw+xhU/lNG526SWfsZpqlEzOt3DLDbAONrJxlNKqTy7pFFTK7Sx8ZulVf3S TqO2R2eY4cJ6ZsOdUusMX/0Sd3uknfgZfj+rzUg1yLS0k1H31Tox5VOD03uhfV1svpk5qG/Y JFHrlfjfxrydKFnpFM/a2dobWGt0PLUwvyTDDmZ3vZKO9EBOLXqzxO3oDDNe3stkFdUOkfGw Tdq/n0mtk+H0MtuLamM3GxndyWzt9k9rFrX8LZJkuhg1VDc3S7YV9Tud03R0sdqM9oa+dBIF v7S/NmmNVjZDP+N0+wW66UN90D7F2X72Hf+pHa5nui0yHdjCeBtkehea9idRqVPao/YekrxG 1JqCkpbNeM9obxeTiBddzcZHqabztrHeGU2Lrt7OuNXLrGTr9C6m1u5mPpP2exknAtIa1Iai XAyx8VMUT83ey3Soi/nNKdqy2ZkXgr4yOEtzYF76ZDOs2R42m3mnLsDoYLbUCVAXQN1MQj5W C6J1TAeiEs+exvy/u8IA05gorm/WKsvA09fDeV8DaRFoHoWXQys9AWogv4y1V0PLasipbi6G k6AanjrWWo+0cDOgqZ5pU/ArdE2cbo/aSZSjvRLPZ3T0PzvFZiQz5ZGn5NzKercCfv/0mm3T vi2qzzPn0WxvGfUcM340ar9+yWcGJZvewGbxTftEaq2N0mrUujdLvrR1+jSKrhn6N5yZ8p0D 097JJ1mcb1qnA8x/hCR7Xi/p41fxa8oKKcd8s2aZseKL12uXTkCqga3MM0apbpUk0y3N/FUS Sme7upBTUY98sVZcvPKUb6NezMtiUC+s2ilxOyj5kK9bm3J/DbTM+NmtF8nCJ0UZs2OuqPf2 Mop6GWf9UqTzn8hclHSxe5Zvm1qXepJ2xmn/rFMkMCtGzprGDszS25mz+99zilLXxeaf0que C+YbYPLfxKQ5Ow6d8o8zmD2AG41Q+xnH6fwd0/uJ0jVbu7skjxrlf9SqeiX9mPG8F+rQv9vR jH4sZXu/WHJTsRc9c3xShBbdTTTea2NS7f6SDAJf4vfMzEEWrdKIpF06hzaz2GgAzY6u/mvp T80XkOI/v3TX+aoo7mI5Rrk1E7G2sTkvtuMpiXm/xOv1/y1qZ7h88QoXnvcXUuSTotgQnD1T M9D7SSWK3gQyIIYvRMVw1xIhz4PaXLghFkLKRfQtwRpUK2Hmsr+DK4QnChejAkh01DxUBHcB mujs/72z7n//ZJzqy/kS96bPw/qtvb713jaf+KhY3+ET63q6e0LQJC7qCfT2BLwhf0+32NvZ li1WeUPe/wIph04mru7p7KctQXFpN4zLKy3NnQtZfrZY2dkprvJv6AgFxVW+oC+w2ddeGfB7 O1f5NvR3egNT05axRlFqLVvrCwTpAvnZJfliRp2/LdAT7FkfmsOwZneyhrp6VuwX6wPedl+X N7BJ7Fn/b6kWA74N/mDIF/C1i/5uMQSoa1aLK7wh0SXW14nL16/PFr3d7aKvM+gb6AC07OmZ YL89GwLe3o6ts5t8YlXAO+Dv3kDH+oG1c8VVPa0w9TJ/W0dPpzeYRWcP+Nv8XnG1t7+7HfYA bCrJX9TTHfJ1UdoCW8WgFzgITPKvF9t9Qf+G7iwxypc2wPL6obOrJ+ATO/q7vN1AvtjW4Q14 22AbUPG3BWEf3m4R+rbS/fuB5b2wQV+bLxjsgeXohrwwf39bh+iXpqKb7+/2iQP+UAdjQ1dP TzsdTWEgOwSEtAFTg1NtoQFfd8jvA+w2APoDW7NFxumezb6AF2QdCvi8oS7oogPa+kHeQboY lZ4vwEhY39/ZCSCjFZbv6oFF/N3t/cEQ22owtLXTN5sTVFODdBVfoMvfzTACPZtgWi/Q39YP C0UF2O73buih/QMdwHOxw9fZCxzpETf4N/sYAlN5r9gJ7BC7fMC7bn8boHt7e33Axu42HywS ZbefMkv0bYHNdPk6t4qwtyDoTiedo8vfydgbkowoKK3XBiNafWJ/EFSKcdPX10+J7W+j/BfX 98CWYUbYVChE9QS2HvCB3EOgGiCmILCMqSdUu7wbvFf7u2FqX6gtK8o0GN7uD/Z2erfSJejo bt9AsNfbC6QBSjuQGPIH6cQUvTfQ09XDZsvuCIV6y3JyBgYGsrskhc1u6+nK6Qh1deZ0hejf s+d0Bdd56cazaeN/OGDA1wmtPjZk2fL6pTVLF1XWL12+TFxeI162dFH1stXVYuXiVdXVddXL 6rUqraq+A9g6xTXKYioTIBR2EGIc/QoTY5uhikz33LpV3NrTT0e2UW0DPjM7iqolKAfTUZAv mF83oHs3BHw+qonZYiMM6/CCGvS0UjOCkaELiKHaOUDVyQeC81FOB3xtIZDzeuDjDF1UhD0b fAyFiXh6HIgGtLe1PwRTA5k9YFGzNpQenCIKFHmaFdODqbaJm72d/d5W0DBvEDRk9uhscU03 09mtU7uAPUmeC9TbKwZ7fW1+cDoX71wELnYzbaNjve3tfqoToJUB5pGzaHOA8ZZZ95eI6vR3 +emGYBGGN9AT2BSMKinTR9bYMwAOtb+10x/soOvAXFF2d4GiAv0gqt6tYlR5JQ5duBDjx9L1 M5uj3quv3xdky4Dfa/MFuqUdBCS6GXKwo6e/sx1saLPfNxB1Vxdtn+KBJH3gAdpnXNz0HoEs 5ljbQjMyphvzSlSv/+ppGcnTAyS7lyaCdbyhMoqwZnUlHAIZJYXFc8TivJK5uYW5uUrlmlpo zM3LKyyEvLigWCyeV1RaVKpVfY3V/VtjpLUciTxmh3BV7WGXPBqU0yvaVqyFg38jBAAfsrBh qm81C4PoJZEGbe3cfdxB7lnuGKQj3FHux9+80v/mlT765pX+N6/0v3ml/80r/W9e6X/zSv+b V/rfvNL/5pX+N6/0v3ml/80r/W9e6f8/+Er/gpv/DOxl+F/V9+6XxvgueCfA3gp8zZydTMNn 1flkPo+v5Rfzl0BeesEK1Ad/3SzLmM1Q3xPdfQcO4wc4xOzi68d8NTz9XV4USad/43Lxp9KB 9FwCOgspAolDdshzIC2HtA7SHZD2QpIxPNrSA+kGSMcgnWM9Hi5h+M4CzygUt7Li0MbOfFb1 RqtNzax66PLGaFm3MlpWLY2ilUXR8gqjzdkLo2V6VrSMceYP0lKlzR+rNHEmdJKjX77shRyT F5EeY2RH+7h4FIZEOJnU4uFiDqW58vce43iEOcJh4Kk9MsbhYa0xv1JFIuQsikF28ncyHu0h 44d0xvy9lZeSP6IDkI5B4sgf4XmXvItuIKcRRnrIKyDthXQM0glIZyHJyGl4TsHzDnkHsN5G OZAqIK2DtBfSMUhnIcnJ25AbyB/ot4FZTuEKSIT8AXID+T1s6/eQ68lbAL1F3gLSfjNcXJp/ hAHuHAmwOyUgIVECYkz5o+TXw5/OsY+SPx0S3fZ9lbnkNRSGRGCx12Dy15AIaQWkFki9kGQA vQHQG2gQ0m5I+yCFIclgzBsw5g0Y8zKkVyG9gXIheSCtgKQgJ4dhmVFyYti10F5pIr8kP0MJ wNTj5OesfJW8xMpXyE9Z+Qsok6F8mbw0nGxHlWroRzDGAKUByhzoF8hzh9Ji7JFKIzkG7LFD ngOpAtJySOsg3QFJRo6R1OF2ewxM8jR6WYEAcxh9yMofoQcVyLPR7nEtAh0TaeYquwQgyPaK e13E49pzL1Rp5rr9ToBo5rppF0A0c129DSCauTo3A0QzV/tGgGjmumIdQDRzLa8HCLJRcv9P 0tLtxcs3YbFSTwaASwPApQHg0gDiyQB90Kc8pe17w5mZwLH7PO45mfbBo3jwGTy4Cg8+iAd9 ePB6PLgND5bjwavwoBsP2vBgMh704MGncQmwYhB7Ri6olnrMePBlPPgEHgziQRcedOLBNDwo 4mLPKEkZXlrAimpWHKqkdgXlJQvy9UBjCnA0BdQ6Bcz+GOQnIEVYzQNIYmoU2ZJMy9RDmRXR enZZfk/lEvICDHwBxPACOgWJBwG9AGr0AkxCv52uh7wC0jpIY5DOQopAkgF2KhB+B8v1kOdA qoC0DtINkM5CkjFyzkIiqEci8QAjLEciejmtkRfgof+BNIWkeJIMNoPbsIS7w4b1yXh5ciSZ FCMT/euEGKPCOIq1h/+p/dc/tUhZqSS3kztQEghit1TeMfxpkn0U3zPsetpeGY/vRsk8aB0u RS7shLIEBVm9CNkUtCxENvI4lPnDtrUwTD/syrIfxTo66rD9U9sZ+4e2UQLgB7an7b8VR3k8 bH8dWh4/bH/Ndov9FzmjCmh5xjWKoTgqMtQjthL7Ey8z1G3Qcd+w/XpaHLZfZ1ts32RjHb5o x1VBqHn09lWuK+xLYL4qW6vdE4Q5D9srbFfZy6NYRXTMYXsukOCOgplA7BwbW9SRzCZcUzyK OzxZ8j3yBvly+Tx5vjxLniK3y5PkifI4RYzCoNApNAqVQqGQKXgFUSBFHP1jQTf944o4mYEW Mp7mPIMNhOYk+hcxBCsIuhSFY7laUrt6Ia4Nj7Wh2lYx/MlqxyhWrbwiLDgW4nBMLaqtXxgu cdeOyiOrwsXu2rB8xZUNBzG+vRFaw+TmUYzqG0ZxhDZtT6T/PvEIwti4/bZEWmZsv62xEZlN myvMFTELjKU1VV+RtUj5rP/MZb4ATgrvqV3dEH4sqTGcT4FIUmNt+Dv0/ysewR/hc9VVR/A/ aNHYcIRbgD+qXkXbuQVVjY21o3gtw0Mi/gfggcb8g+EpkpFI8ZCoSI7i3RfFc8J4wEujBeAp lcjJ8JxKJcPjMcU7GEyrrjqYlsZwEiD0ZDjBBHE2zstOwHE6GY5pEL3McF42DVKc8AKGYrMB SrKNoWArsjEUG7YylLUzKDkSyi3TKLewlTg8g2OL4mhPT+FoTwOO+z/9+Ba63fjQ/Ma2Jvq/ KVsc1T5ILeFbN3eYw4OtoniwrVH6p5Wulta2Dlp6feFGh68q3OaoEg/Ob/qK7ibaPd9RdRA1 Vdc3HGzy+KqG53vmVzu8VY2HFq8oLL5grVum1ypc8RWTraCTFdK1Fhd/RXcx7V5M1yqmaxXT tRZ7FrO1ENPxFQ0HFWhh46KmaHmIqFWgry2JKY0LTYbeBUx556eYr088CgHJfqR2N4Y1joVh LSTaNbdybiXtApuiXTr6D0ilLvP181MSj+L9UpcBmo2Ohcgd6g/2I3O1vyr6E4QPNIX6KcOj uTv4dR/oqw57vFXBEEK14czVteGKlVc0HJTLobWFbilcNtWmVlePRsaijdnQWEYbOW4akbaV 0zalUkK8WP79M/9a7wgEGk8fwp5kDJe6Ri6cXFtPwBXUS//p8SiES/R4CDbCBoPYjYNTczCy URRGdL9TKdQvQRIfQlIZHQVDglPsmP7AGHBV/wsjPGqkCmVuZHN0cmVhbQplbmRvYmoKCjM4 IDAgb2JqCjEyODAxCmVuZG9iagoKMzkgMCBvYmoKPDwvVHlwZS9Gb250RGVzY3JpcHRvci9G b250TmFtZS9FQUFBQUErQXJpYWxNVAovRmxhZ3MgNAovRm9udEJCb3hbLTY2NCAtMzI0IDIw MjcgMTAzN10vSXRhbGljQW5nbGUgMAovQXNjZW50IDkwNQovRGVzY2VudCAtMjExCi9DYXBI ZWlnaHQgMTAzNwovU3RlbVYgODAKL0ZvbnRGaWxlMiAzNyAwIFI+PgplbmRvYmoKCjQwIDAg b2JqCjw8L0xlbmd0aCAzMzIvRmlsdGVyL0ZsYXRlRGVjb2RlPj4Kc3RyZWFtCnicXZLPboMw DMbvPEWO3aGCpJS2EkJqaZE47I9G9wA0MR3SCFFID7z94pht0g6gn53P1hc7cVmfa927+M2O sgHHul4rC9P4sBLYDe69jrhgqpduicJfDq2JYl/bzJODodbdmOdR/O7PJmdntjqq8QZPUfxq Fdhe39nqo2x83DyM+YIBtGNJVBRMQef7PLfmpR0gDlXrWvnj3s1rX/InuM4GmAgxJytyVDCZ VoJt9R2iPEkKlldVEYFW/85ESiW3Tn621ku5lyZJeio8i8DZFnkTeCeQU8oH3hJXyBlpNsi7 wCJB3lPPA/KB9BfkI3GGfCI+I5fEHPlMPVPkC+VDn4p6op4nlEcNJ/9ZiUz+08DkPz0iL/73 yIv/kCf/KXrm5H+Hd+fkX1zCAJdJ4Shx1z8rYvJhrV9PeBBhL7iRXsPvmzGjwarwfQOkbaOE CmVuZHN0cmVhbQplbmRvYmoKCjQxIDAgb2JqCjw8L1R5cGUvRm9udC9TdWJ0eXBlL1RydWVU eXBlL0Jhc2VGb250L0VBQUFBQStBcmlhbE1UCi9GaXJzdENoYXIgMAovTGFzdENoYXIgMjQK L1dpZHRoc1s3NTAgNjY2IDU1NiAzMzMgNTU2IDU1NiA1MDAgMjc3IDI3NyA1NTYgMjc3IDgz MyA1NTYgMjc3IDIyMiA4MzMKNTU2IDIyMiA1NTYgNTAwIDU1NiAyMjIgMTAxNSA1NTYgMjc3 IF0KL0ZvbnREZXNjcmlwdG9yIDM5IDAgUgovVG9Vbmljb2RlIDQwIDAgUgo+PgplbmRvYmoK CjQyIDAgb2JqCjw8L0YxIDM2IDAgUi9GMiAyMSAwIFIvRjMgMzEgMCBSL0Y0IDQxIDAgUi9G NSAyNiAwIFIKPj4KZW5kb2JqCgo0MyAwIG9iago8PC9Gb250IDQyIDAgUgovWE9iamVjdDw8 L0ltNCA0IDAgUi9JbTUgNSAwIFI+PgovUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDL0ltYWdl SS9JbWFnZUJdCj4+CmVuZG9iagoKMSAwIG9iago8PC9UeXBlL1BhZ2UvUGFyZW50IDE2IDAg Ui9SZXNvdXJjZXMgNDMgMCBSL01lZGlhQm94WzAgMCA3MjAgNTQwXS9Hcm91cDw8L1MvVHJh bnNwYXJlbmN5L0NTL0RldmljZVJHQi9JIHRydWU+Pi9Db250ZW50cyAyIDAgUj4+CmVuZG9i agoKMTAgMCBvYmoKPDwvVHlwZS9QYWdlL1BhcmVudCAxNiAwIFIvUmVzb3VyY2VzIDQzIDAg Ui9NZWRpYUJveFswIDAgNzIwIDU0MF0vR3JvdXA8PC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZp Y2VSR0IvSSB0cnVlPj4vQ29udGVudHMgMTEgMCBSPj4KZW5kb2JqCgoxMyAwIG9iago8PC9U eXBlL1BhZ2UvUGFyZW50IDE2IDAgUi9SZXNvdXJjZXMgNDMgMCBSL01lZGlhQm94WzAgMCA3 MjAgNTQwXS9Hcm91cDw8L1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQi9JIHRydWU+Pi9D b250ZW50cyAxNCAwIFI+PgplbmRvYmoKCjQ0IDAgb2JqCjw8L0NvdW50IDMvRmlyc3QgNDUg MCBSL0xhc3QgNDcgMCBSCj4+CmVuZG9iagoKNDUgMCBvYmoKPDwvQ291bnQgMC9UaXRsZTxG RUZGMDA1MzAwNkMwMDY5MDA2NDAwNjUwMDIwMDAzMT4KL0Rlc3RbMSAwIFIvWFlaIDAgNTQw IDBdL1BhcmVudCA0NCAwIFIvTmV4dCA0NiAwIFI+PgplbmRvYmoKCjQ2IDAgb2JqCjw8L0Nv dW50IDAvVGl0bGU8RkVGRjAwNTMwMDZDMDA2OTAwNjQwMDY1MDAyMDAwMzI+Ci9EZXN0WzEw IDAgUi9YWVogMCA1NDAgMF0vUGFyZW50IDQ0IDAgUi9QcmV2IDQ1IDAgUi9OZXh0IDQ3IDAg Uj4+CmVuZG9iagoKNDcgMCBvYmoKPDwvQ291bnQgMC9UaXRsZTxGRUZGMDA1MzAwNkMwMDY5 MDA2NDAwNjUwMDIwMDAzMz4KL0Rlc3RbMTMgMCBSL1hZWiAwIDU0MCAwXS9QYXJlbnQgNDQg MCBSL1ByZXYgNDYgMCBSPj4KZW5kb2JqCgoxNiAwIG9iago8PC9UeXBlL1BhZ2VzCi9SZXNv dXJjZXMgNDMgMCBSCi9NZWRpYUJveFsgMCAwIDcyMCA1NDAgXQovS2lkc1sgMSAwIFIgMTAg MCBSIDEzIDAgUiBdCi9Db3VudCAzPj4KZW5kb2JqCgo0OCAwIG9iago8PC9UeXBlL0NhdGFs b2cvUGFnZXMgMTYgMCBSCi9PcGVuQWN0aW9uWzEgMCBSIC9YWVogbnVsbCBudWxsIDBdCi9P dXRsaW5lcyA0NCAwIFIKPj4KZW5kb2JqCgo0OSAwIG9iago8PC9BdXRob3I8RkVGRjAwNEMw MDY1MDA2OTAwNjYwMDIwMDA0QTAwNkYwMDY4MDA2MTAwNkUwMDczMDA3MzAwNkYwMDZFPgov Q3JlYXRvcjxGRUZGMDA0OTAwNkQwMDcwMDA3MjAwNjUwMDczMDA3Mz4KL1Byb2R1Y2VyPEZF RkYwMDRGMDA3MDAwNjUwMDZFMDA0RjAwNjYwMDY2MDA2OTAwNjMwMDY1MDAyRTAwNkYwMDcy MDA2NzAwMjAwMDMzMDAyRTAwMzE+Ci9DcmVhdGlvbkRhdGUoRDoyMDEwMDMyNDE3NTcyNysw MScwMCcpPj4KZW5kb2JqCgp4cmVmCjAgNTAKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDcx Njc5IDAwMDAwIG4gCjAwMDAwMDAwMTkgMDAwMDAgbiAKMDAwMDAwMDg4MSAwMDAwMCBuIAow MDAwMDAzNzkzIDAwMDAwIG4gCjAwMDAwMDA5MDEgMDAwMDAgbiAKMDAwMDAwMzc3MiAwMDAw MCBuIAowMDAwMDE3MTc2IDAwMDAwIG4gCjAwMDAwMTcxOTggMDAwMDAgbiAKMDAwMDAyMDQ4 NiAwMDAwMCBuIAowMDAwMDcxODIzIDAwMDAwIG4gCjAwMDAwMjA1MDcgMDAwMDAgbiAKMDAw MDAyMTYwNiAwMDAwMCBuIAowMDAwMDcxOTY5IDAwMDAwIG4gCjAwMDAwMjE2MjggMDAwMDAg biAKMDAwMDAyMjY4MiAwMDAwMCBuIAowMDAwMDcyNTQ4IDAwMDAwIG4gCjAwMDAwMjI3MDMg MDAwMDAgbiAKMDAwMDAzNTAyNSAwMDAwMCBuIAowMDAwMDM1MDQ4IDAwMDAwIG4gCjAwMDAw MzUyNDIgMDAwMDAgbiAKMDAwMDAzNTc0MiAwMDAwMCBuIAowMDAwMDM2MDg4IDAwMDAwIG4g CjAwMDAwMzcwMzkgMDAwMDAgbiAKMDAwMDAzNzA2MCAwMDAwMCBuIAowMDAwMDM3MjUxIDAw MDAwIG4gCjAwMDAwMzc1NDMgMDAwMDAgbiAKMDAwMDAzNzcwNCAwMDAwMCBuIAowMDAwMDQ2 Mjk1IDAwMDAwIG4gCjAwMDAwNDYzMTcgMDAwMDAgbiAKMDAwMDA0NjUxNyAwMDAwMCBuIAow MDAwMDQ2ODA4IDAwMDAwIG4gCjAwMDAwNDY5NzYgMDAwMDAgbiAKMDAwMDA1Njg0NCAwMDAw MCBuIAowMDAwMDU2ODY2IDAwMDAwIG4gCjAwMDAwNTcwNjUgMDAwMDAgbiAKMDAwMDA1NzQ3 NSAwMDAwMCBuIAowMDAwMDU3NzQyIDAwMDAwIG4gCjAwMDAwNzA2MzAgMDAwMDAgbiAKMDAw MDA3MDY1MyAwMDAwMCBuIAowMDAwMDcwODQzIDAwMDAwIG4gCjAwMDAwNzEyNDUgMDAwMDAg biAKMDAwMDA3MTQ5NyAwMDAwMCBuIAowMDAwMDcxNTcwIDAwMDAwIG4gCjAwMDAwNzIxMTUg MDAwMDAgbiAKMDAwMDA3MjE3MSAwMDAwMCBuIAowMDAwMDcyMjkyIDAwMDAwIG4gCjAwMDAw NzI0MjYgMDAwMDAgbiAKMDAwMDA3MjY2MiAwMDAwMCBuIAowMDAwMDcyNzY0IDAwMDAwIG4g CnRyYWlsZXIKPDwvU2l6ZSA1MC9Sb290IDQ4IDAgUgovSW5mbyA0OSAwIFIKL0lEIFsgPEYx QkExN0I4ODkxOTkzM0Q2M0RFMzIzOTlCNkM5MjgzPgo8RjFCQTE3Qjg4OTE5OTMzRDYzREUz MjM5OUI2QzkyODM+IF0KL0RvY0NoZWNrc3VtIC8wNjEzQjc1QjA5MTJBOUU1NjBBREVDN0VD N0NEQ0RDMAo+PgpzdGFydHhyZWYKNzMwMjUKJSVFT0YK --------------090109030300030607080207 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --------------090109030300030607080207-- From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 24 14:17:57 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C7C93A6DE4 for ; Wed, 24 Mar 2010 14:17:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EuD7mwl9i4f for ; Wed, 24 Mar 2010 14:17:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id D28C23A6D1C for ; Wed, 24 Mar 2010 14:17:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id AD19A32; Wed, 24 Mar 2010 16:18:16 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EFE0139; Wed, 24 Mar 2010 16:18:14 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B9C5C80E4C; Wed, 24 Mar 2010 16:18:14 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 17CF280E4B for ; Wed, 24 Mar 2010 16:18:13 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 11AD211; Wed, 24 Mar 2010 16:18:13 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0C8ED32 for ; Wed, 24 Mar 2010 16:18:13 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 0509F11 for ; Wed, 24 Mar 2010 16:18:12 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DAAC77CC05C; Wed, 24 Mar 2010 16:18:12 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27275-08; Wed, 24 Mar 2010 16:18:12 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4D5237CC059 for ; Wed, 24 Mar 2010 16:18:12 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtcBACseqksSCRkNnGdsb2JhbACPPQGLXRUBAQEBAQgLCAkTIrI+hSOIW4R+BA X-IronPort-AV: E=Sophos;i="4.51,303,1267423200"; d="scan'208";a="39203467" Received: from dmz-mailsec-scanner-2.mit.edu ([18.9.25.13]) by mailgateway.anl.gov with ESMTP; 24 Mar 2010 16:18:11 -0500 X-AuditID: 1209190d-b7bf0ae0000059a7-bf-4baa8193eec9 Received: from mailhub-auth-2.mit.edu (MAILHUB-AUTH-2.MIT.EDU [18.7.62.36]) by dmz-mailsec-scanner-2.mit.edu (Symantec Brightmail Gateway) with SMTP id 4B.09.22951.3918AAB4; Wed, 24 Mar 2010 17:18:11 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id o2OLIB9m021750 for ; Wed, 24 Mar 2010 17:18:11 -0400 Received: from localhost (EQUAL-RITES.MIT.EDU [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2OLIBLW010389 for ; Wed, 24 Mar 2010 17:18:11 -0400 (EDT) Date: Wed, 24 Mar 2010 17:18:11 -0400 (EDT) From: ghudson@MIT.EDU Message-Id: <201003242118.o2OLIBLW010389@outgoing.mit.edu> To: ietf-krb-wg@anl.gov X-Brightmail-Tracker: AAAAARNt6ZA= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a follow-up from the krb-wg meeting. Section 6.2.3 of the current model draft says: The reason for separating the KeySet from the Principal is security. The security of Kerberos 5 depends absolutely on the security of the keys stored in the KDC. The KeySet type is provided to make this clear and to make separation of keys from other parts of the model clear. Implementations of this standard (eg an LDAP schema) MUST make a clear separation between the representation of KeySet from other information objects. I wrote earlier: 6.2.3 talks about separating the KeySet from the principal "for security," but doesn't explain why the separation introduces any security. Perhaps because it means keys won't necessarily be transmitted if a principal is retrieved, in an implementation where objects are retrieved in blobs? There seemed to be some misinterpretation of this comment in the meeting. Let me clarify: * I am fine with treating KeySets as a separate object from the Principal, if only because a Principal can contain multiple KeySets (in key rollover situations). * I don't think the document needs to justify this separation inline, but if it chooses to do so, the justification should be clear and make sense. * It is not clear to me how putting KeySets into a separate object improves the security of the keys. From the meeting, the only clarification I got was Sam suggesting (I think) that perhaps the key objects would have stricter access controls from principal data. I don't think that justification is obvious from the text, and whether that is facilicated by separating keysets depends very much on the protocol used to implement the model. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 24 15:51:15 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 217843A6E12 for ; Wed, 24 Mar 2010 15:51:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.198 X-Spam-Level: X-Spam-Status: No, score=-3.198 tagged_above=-999 required=5 tests=[AWL=2.271, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id en1-j26BQ1Z4 for ; Wed, 24 Mar 2010 15:51:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5AE6B3A6841 for ; Wed, 24 Mar 2010 15:51:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 7D37232; Wed, 24 Mar 2010 17:51:33 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 63B1917; Wed, 24 Mar 2010 17:51:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3BFDA80E4C; Wed, 24 Mar 2010 17:51:30 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 5A47F80E4B for ; Wed, 24 Mar 2010 17:51:28 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3CD547CC05A; Wed, 24 Mar 2010 17:51:28 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13407-08; Wed, 24 Mar 2010 17:51:28 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 233C87CC056 for ; Wed, 24 Mar 2010 17:51:27 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAG80qkvBCvxC/2dsb2JhbACbG3PAYYR+BA X-IronPort-AV: E=Sophos;i="4.51,303,1267423200"; d="scan'208";a="39207441" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 24 Mar 2010 17:51:27 -0500 Received: from [130.129.27.189] (dhcp-wireless-open-abg-27-189.meeting.ietf.org [130.129.27.189]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2OMpJkZ009557 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 24 Mar 2010 23:51:25 +0100 (CET) Message-ID: <4BAA9763.5060806@mnt.se> Date: Wed, 24 Mar 2010 23:51:15 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> In-Reply-To: <201003242118.o2OLIBLW010389@outgoing.mit.edu> X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On 03/24/2010 10:18 PM, ghudson@MIT.EDU wrote: > This is a follow-up from the krb-wg meeting. Section 6.2.3 of the > current model draft says: > > The reason for separating the KeySet from the Principal is security. > The security of Kerberos 5 depends absolutely on the security of the > keys stored in the KDC. The KeySet type is provided to make this > clear and to make separation of keys from other parts of the model > clear. > > Implementations of this standard (eg an LDAP schema) MUST make a > clear separation between the representation of KeySet from other > information objects. > > I wrote earlier: > > 6.2.3 talks about separating the KeySet from the principal "for > security," but doesn't explain why the separation introduces any > security. Perhaps because it means keys won't necessarily be > transmitted if a principal is retrieved, in an implementation where > objects are retrieved in blobs? > > There seemed to be some misinterpretation of this comment in the > meeting. Let me clarify: > > * I am fine with treating KeySets as a separate object from the > Principal, if only because a Principal can contain multiple KeySets > (in key rollover situations). > > * I don't think the document needs to justify this separation inline, > but if it chooses to do so, the justification should be clear and > make sense. > > * It is not clear to me how putting KeySets into a separate object > improves the security of the keys. From the meeting, the only > clarification I got was Sam suggesting (I think) that perhaps the > key objects would have stricter access controls from principal data. > I don't think that justification is obvious from the text, and > whether that is facilicated by separating keysets depends very much > on the protocol used to implement the model. Can you provide concrete suggestions for modifications to the text? I ask because at the meeting today and in the jabber room I got the sense that most people didn't think this point was important enough to spend lots of time on. Cheers Leif _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 24 16:26:53 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 508E43A6838 for ; Wed, 24 Mar 2010 16:26:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAR2cU-AcqX4 for ; Wed, 24 Mar 2010 16:26:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1CEA23A6C8D for ; Wed, 24 Mar 2010 16:22:42 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 2619B29; Wed, 24 Mar 2010 18:23:03 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 6E8DD17; Wed, 24 Mar 2010 18:23:01 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4072E80E4C; Wed, 24 Mar 2010 18:23:01 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id E8CEA80E4B for ; Wed, 24 Mar 2010 18:22:58 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CC2A67CC059; Wed, 24 Mar 2010 18:22:58 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16987-03; Wed, 24 Mar 2010 18:22:58 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id AECA27CC056 for ; Wed, 24 Mar 2010 18:22:58 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnYBAHY7qksSB0QinGdsb2JhbACDF5gEFQEBAQEBCAsICRMir3+CZYUciFuBLIJoagQ X-IronPort-AV: E=Sophos;i="4.51,304,1267423200"; d="scan'208";a="39208237" Received: from dmz-mailsec-scanner-5.mit.edu ([18.7.68.34]) by mailgateway.anl.gov with ESMTP; 24 Mar 2010 18:22:58 -0500 X-AuditID: 12074422-b7c13ae000003829-55-4baa9ed273a8 Received: from mailhub-auth-3.mit.edu (MAILHUB-AUTH-3.MIT.EDU [18.9.21.43]) by dmz-mailsec-scanner-5.mit.edu (Symantec Brightmail Gateway) with SMTP id FD.3A.14377.2DE9AAB4; Wed, 24 Mar 2010 19:22:58 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id o2ONMvHa022459; Wed, 24 Mar 2010 19:22:57 -0400 Received: from [10.0.0.102] (c-24-61-11-81.hsd1.ma.comcast.net [24.61.11.81]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2ONMsCP027195 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 24 Mar 2010 19:22:56 -0400 (EDT) From: Greg Hudson To: Leif Johansson In-Reply-To: <4BAA9763.5060806@mnt.se> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> Date: Wed, 24 Mar 2010 19:22:54 -0400 Message-ID: <1269472974.7493.547.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 X-Brightmail-Tracker: AAAAARNt6nc= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, 2010-03-24 at 18:51 -0400, Leif Johansson wrote: > Can you provide concrete suggestions for modifications to the text? I > ask because at the meeting today and in the jabber room I got the sense > that most people didn't think this point was important enough to spend > lots of time on. As I said in the meeting, I cannot propose text because no one has explained the security reasoning. All I can suggest is removing both paragraphs as there is no need to justify the separation inline, or to impose constraints upon schemas. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Thu Mar 25 02:24:24 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DAB0B3A6D4E for ; Thu, 25 Mar 2010 02:24:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -25.964 X-Spam-Level: X-Spam-Status: No, score=-25.964 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, GB_I_LETTER=-2, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, SARE_FROM_DRUGS=1.666, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ashnqvxi+yM for ; Thu, 25 Mar 2010 02:24:23 -0700 (PDT) Received: from oldis-mariupol.com.ua (oldis-mariupol.com.ua [93.178.208.199]) by core3.amsl.com (Postfix) with ESMTP id 5F3453A6A09 for ; Thu, 25 Mar 2010 02:24:21 -0700 (PDT) From: "#1 VIAGRA Shop" To: krb-wg-archive@lists.ietf.org Subject: Yo, krb-wg-archive, get 81% OFF Today MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100325092421.5F3453A6A09@core3.amsl.com> Date: Thu, 25 Mar 2010 02:24:21 -0700 (PDT) Newsletter
Can't see everything? Visit online version here.

Hey krb-wg-archive, click to enter our shop

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Euojfiz. All rights reserved.
From globso3@plumworks.com Thu Mar 25 05:38:38 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 349F23A6CF4 for ; Thu, 25 Mar 2010 05:38:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.766 X-Spam-Level: X-Spam-Status: No, score=-0.766 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR2=4.395, HELO_EQ_DSL=1.129, HELO_EQ_DYNAMIC=1.144, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_SPEC_REPLICA_OBFU=1.812, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_SBL=20, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4IXtZ8S8PJiV for ; Thu, 25 Mar 2010 05:38:37 -0700 (PDT) Received: from 0103-148-27-72-dynamic-dsl.cwjamaica.com (0103-148-27-72-DYNAMIC-dsl.cwjamaica.com [72.27.148.103]) by core3.amsl.com (Postfix) with ESMTP id 993C53A6A08 for ; Thu, 25 Mar 2010 05:38:36 -0700 (PDT) Received: from 72.27.148.103 by plumworks.com; Thu, 25 Mar 2010 07:38:43 -0500 Message-ID: <000d01cacc18$1ac1cb70$6400a8c0@globso3> From: krb-wg-archive@lists.ietf.org To: Subject: Never before has looking extremely rich cost this little, get one of our beautiful Vertus today Date: Thu, 25 Mar 2010 07:38:43 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CACC18.1AC1CB70" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE 6.00.2800.1409 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01CACC18.1AC1CB70 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable We are in the business of making luxury products accessible to people of di= scerning tastes but who do not wish to spend a fortune. We have been in thi= s business for many years. If it=92s ever spotted in the hands of the rich = and famous, you can be sure we have the replica version of it =96 down to e= very last detail.Vertu is in a class of its own when it comes to luxury mob= ile phones. These exquisite handmade pieces sell for thousands of dollars, = some even up to USD$200,000! Often decked in diamonds and gold, it is no wo= nder the price tag is exorbitant. Our phones are available for a bargain in= comparison, but they look, feel and function exactly like the original Ver= tus. Our team of craftsmen and assemblers is dedicated, thorough and honest= Every Vertu product we create is our own little work of art. Beneath the = slick polished exterior of a Vertu, lies the complicated and precise interi= or chipset and software. To replicate them well requires a high level of ex= pertise, and that=92s exactly where we seek to differentiate ourselves from= our competitors. We create the highest quality range of Vertu replicas in = the market, easily distinguishable by the high level of finish as well as t= he firmware and software, which are identical to the originals=92.our store ------=_NextPart_000_0007_01CACC18.1AC1CB70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
3D""

We are in the business of making luxury products accessible to peop= le of discerning tastes but who do not wish to spend a fortune. We have bee= n in this business for many years. If it=92s ever spotted in the hands of t= he rich and famous, you can be sure we have the replica version of it =96 d= own to every last detail.

Vertu is in a class of = its own when it comes to luxury mobile phones. These exquisite handmade pie= ces sell for thousands of dollars, some even up to USD$200,000! Often decke= d in diamonds and gold, it is no wonder the price tag is exorbitant. Our ph= ones are available for a bargain in comparison, but they look, feel and fun= ction exactly like the original Vertus.

Our team= of craftsmen and assemblers is dedicated, thorough and honest. Every Vertu= product we create is our own little work of art.

3D""

Bene= ath the slick polished exterior of a Vertu, lies the complicated and precis= e interior chipset and software. To replicate them well requires a high lev= el of expertise, and that=92s exactly where we seek to differentiate oursel= ves from our competitors. We create the highest quality range of Vertu repl= icas in the market, easily distinguishable by the high level of finish as w= ell as the firmware and software, which are identical to the originals=92.<= /p>

our store

------=_NextPart_000_0007_01CACC18.1AC1CB70-- From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 10:11:08 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AB1D3A6B45 for ; Thu, 25 Mar 2010 10:11:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.169 X-Spam-Level: X-Spam-Status: No, score=-105.169 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPJSA05yFsiM for ; Thu, 25 Mar 2010 10:11:07 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E8F833A6A48 for ; Thu, 25 Mar 2010 10:10:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0E7DF35; Thu, 25 Mar 2010 12:10:42 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5EF9C29; Thu, 25 Mar 2010 12:10:35 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6753880E4B; Thu, 25 Mar 2010 12:10:35 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 0255280E30 for ; Thu, 25 Mar 2010 12:10:34 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id D7E137CC065; Thu, 25 Mar 2010 12:10:33 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26912-06; Thu, 25 Mar 2010 12:10:33 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A8BF17CC066 for ; Thu, 25 Mar 2010 12:10:33 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAAEg2q0sR/g0WkWdsb2JhbACbKBUBAQEBCQsKBxMFHb9RhH0Egx6LLA X-IronPort-AV: E=Sophos;i="4.51,308,1267423200"; d="scan'208";a="39247907" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 12:10:33 -0500 Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id 0519F8B043F6 for ; Thu, 25 Mar 2010 10:10:33 -0700 (PDT) X-AuditID: 1180711d-b7ba0ae000000e9e-ca-4bab99081c57 Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay13.apple.com (Apple SCV relay) with SMTP id 5E.0F.03742.8099BAB4; Thu, 25 Mar 2010 10:10:32 -0700 (PDT) MIME-version: 1.0 Received: from [17.151.82.77] by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KZU0060TL1KHN80@elliott.apple.com> for ietf-krb-wg@lists.anl.gov; Thu, 25 Mar 2010 10:10:32 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: <1269472974.7493.547.camel@ray> Date: Thu, 25 Mar 2010 10:10:33 -0700 Message-id: <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> To: Greg Hudson X-Mailer: Apple Mail (2.1141) X-Brightmail-Tracker: AAAAAQAAAZE= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov 24 mar 2010 kl. 16:22 skrev Greg Hudson: > On Wed, 2010-03-24 at 18:51 -0400, Leif Johansson wrote: >> Can you provide concrete suggestions for modifications to the text? I >> ask because at the meeting today and in the jabber room I got the sense >> that most people didn't think this point was important enough to spend >> lots of time on. > > As I said in the meeting, I cannot propose text because no one has > explained the security reasoning. All I can suggest is removing both > paragraphs as there is no need to justify the separation inline, or to > impose constraints upon schemas. The the schema doesn't make keys optional then there is no way to express legacy key structures, this will make deployment much harder. Love _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Thu Mar 25 10:44:38 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A81F3A6B4F for ; Thu, 25 Mar 2010 10:44:38 -0700 (PDT) X-Quarantine-ID: X-Virus-Scanned: amavisd-new at amsl.com X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C2 hex): From: Approved VIAGRA\302\256 Store ; Thu, 25 Mar 2010 10:44:37 -0700 (PDT) Received: from aisd.net (unknown [110.136.217.110]) by core3.amsl.com (Postfix) with SMTP id E2BB43A6C08 for ; Thu, 25 Mar 2010 10:42:49 -0700 (PDT) From: Approved VIAGRA® Store Subject: Your Future Order with 78% off retail To: MIME-Version: 1.0 Content-Type: text/html Message-Id: <20100325174250.E2BB43A6C08@core3.amsl.com> Date: Thu, 25 Mar 2010 10:42:49 -0700 (PDT)
Trouble viewing this mail? Read it online

No graphics displayed? Click here
 

The e-mail address is krb-wg-archive@lists.ietf.org
Unsubscribe from this e-mail | FAQ | Advertise | Privacy Policy

Copyright 15686 Inc. All rights reserved.

From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 11:21:55 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3ABDC3A6DE4 for ; Thu, 25 Mar 2010 11:21:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.209 X-Spam-Level: X-Spam-Status: No, score=-5.209 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ytGh6D5vO8q5 for ; Thu, 25 Mar 2010 11:21:53 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 508C73A6B65 for ; Thu, 25 Mar 2010 11:19:38 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 794A92D; Thu, 25 Mar 2010 13:20:00 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7956E2B; Thu, 25 Mar 2010 13:19:57 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 426BD80E4B; Thu, 25 Mar 2010 13:19:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id C7C8480E30 for ; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C260629; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id BC6F72B for ; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B732129 for ; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A1C017CC059; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13570-04; Thu, 25 Mar 2010 13:19:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id E4A747CC05A for ; Thu, 25 Mar 2010 13:19:52 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAAKZGq0uAAtnGkWdsb2JhbACbKBUBAQEBCQsKBxMFHbFIhRCIW4JcgiEEgx4 X-IronPort-AV: E=Sophos;i="4.51,308,1267423200"; d="scan'208";a="39252228" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 13:19:52 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2PIJnUh023060 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Mar 2010 14:19:50 -0400 (EDT) Date: Thu, 25 Mar 2010 11:19:49 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov, saag@ietf.org Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] KRB-WG summary for IETF 77 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Kerberos Working Group - IETF77 meeting summary DECISIONS (to be validated): - Principals in the KDC data model may have multiple names, each of which has an associated realm name. - Update KDC data model to reflect not all implementations need a canonical principal name for salting ACTION ITEMS: - JH, TP: Resolve DISCUSS issues on STARTTLS - LZ: Submit new naming, anon, IAKERB - Chairs: Start WGLC on DES die die die - Chairs: Start WGLC on DHCPv6 Option - LZ: Finish review of OTP - Chairs: adopt draft-lha-krb-wg-some-numbers-to-iana-00 - Chairs, AD: Update milestones SESSION SUMMARY: * Reviewed the status of several documents: - Cross-realm Problem Statement is now in the RFC Editor Queue - Chairs, Authors, AD are working on resolving DISCUSSes on STARTTLS - Preauth framework is on the 4/8 IESG telechat agenda - Anonymous needs another update to reflect WG discussion and update numbers, then get another IETF LC. Naming needs to be unexpired. Then both go back to the IESG. - IAKERB is in PROTO eval, but needs to be unexpired. * The KDC Data Model document is in its fourth and hopefully final WGLC. Three issues were discussed during the meeting: - Whether the realm name attribute should be single- or multi-valued - Updating to reflect that not all implementations need the concept of a canonical principal name to use in generating salted keys. - Greg Hudson's concern about the document's lack of clarity in its justification of separating keysets from other principal data for security reasons. * The chairs noted several recently-adopted documents: - There was agreement at some previous meetings that the WG wishes to adopt the DHCPv6 option document. The chairs and AD determined this was possible within the scope of the current charter, and so the document has now been adopted. In the meantime, it has gone through several revisions as a result of WG feedback, and so will enter WGLC shortly. - Love's DES deprecation document was adopted based on WG consesus as expressed at various points in person and on the list. There was a general sense in the room that this document is ready for WGLC, which will therefore begin shortly. There was also strong consensus in the room that the document filename should remain "draft-lha-des-die-die-die", which succinctly captures its intent. - Love's ticket extensions document was adopted by WG consensus at a previous meeting and on the list. However, it is currently on the back burner as the author handles more urgent work. * There was discussion as to whether to adopt Love's IANA considerations document. Sam Hartman in particular was concerned that adopting this document not create a presumption of consensus on its specific contents, particularly with regard to registration procedures. Both Love and the chairs asserted this would not be the case, and there was general agreement to adopt the work. WG discussion will be needed to determine appropriate registration procedures for each registry. * There was some discussion as to whether there was sufficient interest to pursue creation of an LDAP schema document based on the KDC data model document now in WGLC. The existing charter item is for a schema "for management of [information needed by the KDC]", but there maya also be some interest in a KDC storage backend schema. Howard Chu and Simo Sorce have been working on a document which describes the latter, based on the information model. It was suggested they submit their document as an individual submission and bring it up on the WG mailing list, at which point there could be a discussion as to whether it might be adopted and modified to fulfill the WG charter item. * Thomas Hardjono gave a brief overview of a recent document describing a family of enctypes based on the Camellia cipher. There was some discussion of this document. Sam suggested that in deciding whether to adopt enctype work, the WG should take on only enctypes which it intends for the standards track. It was also noted that if this work were to be adopted, the WG would determine which modes to include, and if the authors wished to define additional modes, they could do so in an individual informational document, with enctype number assignment subject to review by the designated expert (currently Ken Raeburn) as specified in RFC3961. There seemed to be a strong sense in the room that this work should be adopted; however, that poll was taken before discussion of IPR issues related to the Camellia cipher. As a result, and because the IPR disclosure and licensing terms had been submitted but were not yet available via the IETF's IPR disclosure web site, it was agreed that the poll was not meaningful. Further discussion will continue on the mailing list once the IPR disclosure becomes available. * Henry Hotz gave a brief presentation on his work to document KX509. Due to delays in getting his employer to authorize release of the document, an internet-draft is not yet available but will be soon. There was some discussion of the work, and while no formal poll was taken, there seemed to be agreement this should happen within the security area of the IETF. It is not yet clear exactly where the work will find a home; this will be worked out between the authors, ADs, and chairs of related WG's. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 11:47:19 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CA9ED3A6A0A for ; Thu, 25 Mar 2010 11:47:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.169 X-Spam-Level: X-Spam-Status: No, score=-105.169 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GYt++w6TLq3E for ; Thu, 25 Mar 2010 11:47:18 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 538733A6B7C for ; Thu, 25 Mar 2010 11:47:06 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5C95A35; Thu, 25 Mar 2010 13:47:26 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 1E5EB32; Thu, 25 Mar 2010 13:47:25 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D2FCB80E4B; Thu, 25 Mar 2010 13:47:25 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id DB08280DDF for ; Thu, 25 Mar 2010 13:47:24 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C35AF7CC065; Thu, 25 Mar 2010 13:47:24 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21414-04; Thu, 25 Mar 2010 13:47:24 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A94F17CC054 for ; Thu, 25 Mar 2010 13:47:24 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArYAAINMq0vRhLcckWdsb2JhbACDF5czXhUBAQEBCQsKBxMGHK5okFiBK4JoagQ X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39254008" Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 13:47:24 -0500 Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2PIlNX9030695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 25 Mar 2010 14:47:23 -0400 Received: from willson.li.ssimo.org (pilototp-int.redhat.com [10.11.232.41]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o2PIlMll015799; Thu, 25 Mar 2010 14:47:22 -0400 Date: Thu, 25 Mar 2010 14:47:21 -0400 From: Simo Sorce To: Love =?UTF-8?B?SMO2cm5xdWlzdCDDhXN0cmFuZA==?= Message-ID: <20100325144721.40a34c08@willson.li.ssimo.org> In-Reply-To: <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> Organization: Red Hat, Inc. Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.21 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov T24gVGh1LCAyNSBNYXIgMjAxMCAxMDoxMDozMyAtMDcwMA0KTG92ZSBIw7ZybnF1aXN0IMOFc3Ry YW5kIDxsaGFAYXBwbGUuY29tPiB3cm90ZToNCg0KPiANCj4gMjQgbWFyIDIwMTAga2wuIDE2OjIy IHNrcmV2IEdyZWcgSHVkc29uOg0KPiANCj4gPiBPbiBXZWQsIDIwMTAtMDMtMjQgYXQgMTg6NTEg LTA0MDAsIExlaWYgSm9oYW5zc29uIHdyb3RlOg0KPiA+PiBDYW4geW91IHByb3ZpZGUgY29uY3Jl dGUgc3VnZ2VzdGlvbnMgZm9yIG1vZGlmaWNhdGlvbnMgdG8gdGhlDQo+ID4+IHRleHQ/IEkgYXNr IGJlY2F1c2UgYXQgdGhlIG1lZXRpbmcgdG9kYXkgYW5kIGluIHRoZSBqYWJiZXIgcm9vbSBJDQo+ ID4+IGdvdCB0aGUgc2Vuc2UgdGhhdCBtb3N0IHBlb3BsZSBkaWRuJ3QgdGhpbmsgdGhpcyBwb2lu dCB3YXMNCj4gPj4gaW1wb3J0YW50IGVub3VnaCB0byBzcGVuZCBsb3RzIG9mIHRpbWUgb24uDQo+ ID4gDQo+ID4gQXMgSSBzYWlkIGluIHRoZSBtZWV0aW5nLCBJIGNhbm5vdCBwcm9wb3NlIHRleHQg YmVjYXVzZSBubyBvbmUgaGFzDQo+ID4gZXhwbGFpbmVkIHRoZSBzZWN1cml0eSByZWFzb25pbmcu ICBBbGwgSSBjYW4gc3VnZ2VzdCBpcyByZW1vdmluZw0KPiA+IGJvdGggcGFyYWdyYXBocyBhcyB0 aGVyZSBpcyBubyBuZWVkIHRvIGp1c3RpZnkgdGhlIHNlcGFyYXRpb24NCj4gPiBpbmxpbmUsIG9y IHRvIGltcG9zZSBjb25zdHJhaW50cyB1cG9uIHNjaGVtYXMuDQo+IA0KPiBUaGUgdGhlIHNjaGVt YSBkb2Vzbid0IG1ha2Uga2V5cyBvcHRpb25hbCB0aGVuIHRoZXJlIGlzIG5vIHdheSB0bw0KPiBl eHByZXNzIGxlZ2FjeSBrZXkgc3RydWN0dXJlcywgdGhpcyB3aWxsIG1ha2UgZGVwbG95bWVudCBt dWNoIGhhcmRlci4NCg0KQnV0IHRoaXMgZG9jdW1lbnQgZXhwbGFpbnMgdGhlIGluZm9ybWF0aW9u IG1vZGVsIG5vdCBzb21lIHNwZWNpZmljDQpzY2hlbWEuIEkgdGhpbmsgR3JlZyBpcyBhc2tpbmcg aWYgdGhlcmUgaXMgYW55IG5lZWQgdG8gcHJlc2NyaWJlDQpzb21ldGhpbmcgbGlrZSB0aGlzIGlu IHRoZSBpbmZvcm1hdGlvbiBtb2RlbC4gQ29ycmVjdCBtZSBpZiBJIGFtIHdyb25nDQpHcmVnLg0K DQpTaW1vLg0KDQotLSANClNpbW8gU29yY2UgKiBSZWQgSGF0LCBJbmMgKiBOZXcgWW9yaw0KX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KaWV0Zi1rcmItd2cg bWFpbGluZyBsaXN0CmlldGYta3JiLXdnQGxpc3RzLmFubC5nb3YKaHR0cHM6Ly9saXN0cy5hbmwu Z292L21haWxtYW4vbGlzdGluZm8vaWV0Zi1rcmItd2c= From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 12:01:44 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 830EE3A6DF4 for ; Thu, 25 Mar 2010 12:01:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.252 X-Spam-Level: X-Spam-Status: No, score=-5.252 tagged_above=-999 required=5 tests=[AWL=0.217, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2c0bkUZ3LGu4 for ; Thu, 25 Mar 2010 12:01:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id F13DE3A6DB1 for ; Thu, 25 Mar 2010 12:01:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 4CD0539; Thu, 25 Mar 2010 14:01:35 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E7B682D; Thu, 25 Mar 2010 14:01:34 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id BB45080E4B; Thu, 25 Mar 2010 14:01:34 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 5955680DDF for ; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 4FBDF2D; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 4B4E22E for ; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 452F22D for ; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2DBA17CC065; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25602-09; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 148677CC054 for ; Thu, 25 Mar 2010 14:01:33 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAAAdQq0uAAtnFkWdsb2JhbACbKBUBAQEBCQsKBxMFHbFchRKIW4JVgigEgx4 X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39254929" Received: from smtp02.srv.cs.cmu.edu ([128.2.217.197]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 14:01:32 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2PJ1UZg009072 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Mar 2010 15:01:32 -0400 (EDT) Date: Thu, 25 Mar 2010 12:01:30 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <7CABA1E4C22B289D6E6292FF@atlantis.pc.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] CORRECTION: WG Last Call: draft-ietf-krb-wg-kdc-model-07 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Tuesday, March 23, 2010 06:36:57 PM -0700 Jeffrey Hutzelman wrote: > This note announces the start of a two-week last call within the Kerberos > Working Group on whether to send the following document to the IESG: > > Title: An information model for Kerberos version 5 > Filename: draft-ietf-krb-wg-kdc-model-07.txt > Intended Status: Standards Track > > This document describes an information model for Kerberos version 5 > from the point of view of an administrative service. There is no > standard for administrating a kerberos 5 KDC. This document > describes the services exposed by an administrative interface to a > KDC. > > Due to the ongoing IETF meeting, I am extending this last call by a few > days. It will expire at 23:59 EDT on March 9, 2010. CORRECTION: The WGLC will expire on April 9, not March 9. > Please review this document and send any comments to the Kerberos Working > Group mailing list, , by that date. The file can be > obtained via > > http://tools.ietf.org/html/draft-ietf-krb-wg-kdc-model-07.txt _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 12:05:14 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 200953A6C20 for ; Thu, 25 Mar 2010 12:05:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.283 X-Spam-Level: X-Spam-Status: No, score=-5.283 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NH0izVZ62u2j for ; Thu, 25 Mar 2010 12:05:12 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 99D013A67D3 for ; Thu, 25 Mar 2010 12:05:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 01BA735; Thu, 25 Mar 2010 14:05:30 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B65532D; Thu, 25 Mar 2010 14:05:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9C1F480E4B; Thu, 25 Mar 2010 14:05:30 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 73E4F80DDF for ; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 6E4842B; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 69B442D for ; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 625562B for ; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4CDAD7CC065; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26995-01; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 3272E7CC054 for ; Thu, 25 Mar 2010 14:05:28 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAADJRq0uAAtnFkWdsb2JhbACbKBUBAQEBCQsKBxMFHbFShRKIW4R9BIMe X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39255225" Received: from smtp02.srv.cs.cmu.edu ([128.2.217.197]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 14:05:27 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2PJ5QAB009279 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Mar 2010 15:05:27 -0400 (EDT) Date: Thu, 25 Mar 2010 12:05:26 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <30D65FE1A75FC35DC4C6387A@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: dhcwg@ietf.org, jhutz@cmu.edu Subject: [Ietf-krb-wg] WG Last Call: draft-sakane-dhc-dhcpv6-kdc-option-08 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This note announces the start of a two-week last call within the Kerberos Working Group on whether to send the following document to the IESG: Title: Kerberos Option for DHCPv6 Filename: draft-sakane-dhc-dhcpv6-kdc-option-08.txt Intended Status: Informational This document defines a new DHCPv6 option to carry a set of configuration information related to the Kerberos protocol [RFC4120]. This document also defines three sub-options to be used within this new option, which specify a realm name of the Kerberos, a list of IP addresses of the Key Distribution Center of that realm, and a client principal name to distinguish a Kerberos client by the DHCPv6 server. Due to the ongoing IETF meeting, I am extending this last call by a few days. It will expire at 23:59 EDT on April 12, 2010. Please review this document and send any comments to the Kerberos Working Group mailing list, , by that date. The file can be obtained via http://tools.ietf.org/html/draft-sakane-dhc-dhcpv6-kdc-option-08.txt -- Jeffrey T. Hutzelman (N3NHS) Co-Chair, IETF Kerberos Working Group Carnegie Mellon University - Pittsburgh, PA _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 12:44:30 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1497A3A6B65 for ; Thu, 25 Mar 2010 12:44:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.296 X-Spam-Level: X-Spam-Status: No, score=-5.296 tagged_above=-999 required=5 tests=[AWL=0.173, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiLppJVtV3Hk for ; Thu, 25 Mar 2010 12:44:28 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id C46093A6A7A for ; Thu, 25 Mar 2010 12:44:28 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0845229; Thu, 25 Mar 2010 14:44:51 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id BB6E02D; Thu, 25 Mar 2010 14:44:48 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9F2AC80E4B; Thu, 25 Mar 2010 14:44:48 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 14BF480DDF for ; Thu, 25 Mar 2010 14:44:47 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 0F04529; Thu, 25 Mar 2010 14:44:47 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 0AB742D for ; Thu, 25 Mar 2010 14:44:47 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 041C229 for ; Thu, 25 Mar 2010 14:44:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id E0F167CC066; Thu, 25 Mar 2010 14:44:46 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05729-02; Thu, 25 Mar 2010 14:44:46 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id BFC057CC056 for ; Thu, 25 Mar 2010 14:44:46 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAAJNaq0uAAtnGkWdsb2JhbACbKBUBAQEBCQsKBxMFHbFJhRKIW4R9BIMe X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39257692" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 14:44:38 -0500 Received: from dhcp-wireless-open-abg-24-255.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2PJiaOF024515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 25 Mar 2010 15:44:37 -0400 (EDT) Date: Thu, 25 Mar 2010 12:05:28 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This note announces the start of a two-week last call within the Kerberos Working Group on whether to send the following document to the IESG: Title: Deprecate DES support for Kerberos Filename: draft-lha-des-die-die-die-02.txt Intended Status: Standards Track A long long time ago DES was standardized. Some 30 years later (2003) is was withdrawn as a standard by NIST, today 6 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. Use in Kerberos should therefore stop. Due to the ongoing IETF meeting, I am extending this last call by a few days. It will expire at 23:59 EDT on April 12, 2010. Please review this document and send any comments to the Kerberos Working Group mailing list, , by that date. The file can be obtained via http://tools.ietf.org/html/draft-lha-des-die-die-die-02.txt -- Jeffrey T. Hutzelman (N3NHS) Co-Chair, IETF Kerberos Working Group Carnegie Mellon University - Pittsburgh, PA _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 13:58:49 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C00A3A6D29 for ; Thu, 25 Mar 2010 13:58:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.283 X-Spam-Level: X-Spam-Status: No, score=-3.283 tagged_above=-999 required=5 tests=[AWL=2.186, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qhx5GRDD0BCg for ; Thu, 25 Mar 2010 13:58:48 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 41E4C3A6C00 for ; Thu, 25 Mar 2010 13:58:48 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C068B29; Thu, 25 Mar 2010 15:59:10 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7A3FA36; Thu, 25 Mar 2010 15:59:07 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 7210D80E4B; Thu, 25 Mar 2010 15:59:07 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id DB5CC80DDF for ; Thu, 25 Mar 2010 15:59:05 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D5B2229; Thu, 25 Mar 2010 15:59:05 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D145E2B for ; Thu, 25 Mar 2010 15:59:05 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id CC32229 for ; Thu, 25 Mar 2010 15:59:04 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9DFA07CC065; Thu, 25 Mar 2010 15:59:04 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27387-03; Thu, 25 Mar 2010 15:59:04 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 3665E7CC056 for ; Thu, 25 Mar 2010 15:59:03 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AokEAAdrq0tT8bEngWdsb2JhbACbKRUBARYkIr82DYRwBA X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39262250" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 15:59:02 -0500 Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o2PKwvkV028782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Thu, 25 Mar 2010 21:59:00 +0100 From: Simon Josefsson To: ietf-krb-wg@anl.gov References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:100325:ietf-krb-wg@anl.gov::mrp5S/wLPL7A4Na1:9pwJ X-Hashcash: 1:22:100325:jhutz@cmu.edu::dYqxuR1GSX1NLjy3:eE9j Date: Thu, 25 Mar 2010 21:58:57 +0100 In-Reply-To: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> (Jeffrey Hutzelman's message of "Thu, 25 Mar 2010 12:05:28 -0700") Message-ID: <87iq8kktim.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v X-Virus-Status: Clean X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Quoting section 3: Kerberos implementation and deployments SHOULD NOT implement the checksum type: CRC, RSA-MD4, RSA-MD4-DES, RSA-MAC, RSA-MAC-K, RSA- MD5, RSA-MD5-DES. 'CRC' should be 'CRC32'. Add 'RSA-MD4-DES-K'. 'RSA-MAC' should be 'DES-MAC'. 'RSA-MAC-K' should be 'DES-MAC-K'. Quoting section "5. Security Considerations": Removing support for single DES improves security since DES is considered to be insecure by most parties. What parties considers DES secure? /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 14:38:28 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 766F53A6BD8 for ; Thu, 25 Mar 2010 14:38:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.169 X-Spam-Level: X-Spam-Status: No, score=-105.169 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kaj8ndVTdyxa for ; Thu, 25 Mar 2010 14:38:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B2DD83A6C53 for ; Thu, 25 Mar 2010 14:38:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 42A9629; Thu, 25 Mar 2010 16:38:42 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id AF7EA2B; Thu, 25 Mar 2010 16:38:41 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 8315380E4B; Thu, 25 Mar 2010 16:38:41 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 780E580DDF for ; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 69D2539; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6517338 for ; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 5F7DD39 for ; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 49E767CC05A; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05825-04; Thu, 25 Mar 2010 16:38:39 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 09F637CC05D for ; Thu, 25 Mar 2010 16:38:38 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAAFt0q0sR/g0XkWdsb2JhbACbKRUBAQEBCQsKBxMFHb8hhH0Egx6DAQ X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39264487" Received: from mail-out4.apple.com ([17.254.13.23]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 16:38:38 -0500 Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out4.apple.com (Postfix) with ESMTP id 17BF1922CB34 for ; Thu, 25 Mar 2010 14:38:38 -0700 (PDT) X-AuditID: 1180711d-b7ba0ae000000e9e-1e-4babd7dd585b Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay13.apple.com (Apple SCV relay) with SMTP id 75.16.03742.DD7DBAB4; Thu, 25 Mar 2010 14:38:38 -0700 (PDT) MIME-version: 1.0 Received: from xn--i-a--a-euaf1n.apple.com (xn--i-a--a-euaf1n.apple.com [17.201.27.32]) by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KZU00DUIXGDBC60@gertie.apple.com> for ietf-krb-wg@anl.gov; Thu, 25 Mar 2010 14:38:37 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: <87iq8kktim.fsf@mocca.josefsson.org> Date: Thu, 25 Mar 2010 14:38:37 -0700 Message-id: References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> <87iq8kktim.fsf@mocca.josefsson.org> To: Simon Josefsson X-Mailer: Apple Mail (2.1141) X-Brightmail-Tracker: AAAAAQAAAZE= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Thanks, Changed with your comments, also added the IANA assigned numbers to the list to make sure there is no confusion what I mean. http://www.ietf.org/id/draft-lha-des-die-die-die-03.txt Love 25 mar 2010 kl. 13:58 skrev Simon Josefsson: > Quoting section 3: > > Kerberos implementation and deployments SHOULD NOT implement the > checksum type: CRC, RSA-MD4, RSA-MD4-DES, RSA-MAC, RSA-MAC-K, RSA- > MD5, RSA-MD5-DES. > > 'CRC' should be 'CRC32'. > > Add 'RSA-MD4-DES-K'. > > 'RSA-MAC' should be 'DES-MAC'. > > 'RSA-MAC-K' should be 'DES-MAC-K'. > > Quoting section "5. Security Considerations": > > Removing support for single DES improves security since DES is > considered to be insecure by most parties. > > What parties considers DES secure? > > /Simon > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 14:45:20 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC3E23A6C31 for ; Thu, 25 Mar 2010 14:45:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.116 X-Spam-Level: X-Spam-Status: No, score=-102.116 tagged_above=-999 required=5 tests=[AWL=3.353, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sD-lXGmVXyXo for ; Thu, 25 Mar 2010 14:45:17 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id BA0A43A6D66 for ; Thu, 25 Mar 2010 14:45:07 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9AF312B; Thu, 25 Mar 2010 16:45:29 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 363523F; Thu, 25 Mar 2010 16:45:28 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3D9B680E4B; Thu, 25 Mar 2010 16:45:28 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id EE1DD80DDF for ; Thu, 25 Mar 2010 16:45:25 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CFB357CC05D; Thu, 25 Mar 2010 16:45:25 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07561-04; Thu, 25 Mar 2010 16:45:25 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id B50CD7CC05A for ; Thu, 25 Mar 2010 16:45:25 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtIAALJ2q0tAqmIgjmdsb2JhbACPQwGLZRUBAQEBCQsICREHHb8EhH0Egx4 X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="txt'208?scan'208,208";a="39264843" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 16:45:25 -0500 Received: by core3.amsl.com (Postfix, from userid 0) id 1E0B13A6C31; Thu, 25 Mar 2010 14:45:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20100325214502.1E0B13A6C31@core3.amsl.com> Date: Thu, 25 Mar 2010 14:45:01 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: [Ietf-krb-wg] I-D Action:draft-lha-des-die-die-die-03.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF. Title : Deprecate DES support for Kerberos Author(s) : L. Astrand Filename : draft-lha-des-die-die-die-03.txt Pages : 10 Date : 2010-03-25 A long long time ago DES was standardized. Some 30 years later (2003) is was withdrawn as a standard by NIST, today 6 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. Use in Kerberos should therefore stop. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-lha-des-die-die-die-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-lha-des-die-die-die-03.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2010-03-25143643.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --NextPart-- From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 15:25:56 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7D41C3A6CFC for ; Thu, 25 Mar 2010 15:25:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8tf-VSmunIn for ; Thu, 25 Mar 2010 15:25:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 1D1F93A68CB for ; Thu, 25 Mar 2010 15:25:55 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id ADE5534; Thu, 25 Mar 2010 17:26:17 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 8E07F2D; Thu, 25 Mar 2010 17:26:15 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 6AE7280E4B; Thu, 25 Mar 2010 17:26:15 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D32F580DDF for ; Thu, 25 Mar 2010 17:26:14 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B28867CC05D; Thu, 25 Mar 2010 17:26:14 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15705-09; Thu, 25 Mar 2010 17:26:14 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8216B7CC059 for ; Thu, 25 Mar 2010 17:26:14 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Al8CABOAq0tHSjh8kGdsb2JhbACDGJgQFQEBAQEJCQwHEwMfrUyCHwGOOwEEhBNq X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="p7s'?scan'208";a="39266659" Received: from hrndva-omtalb.mail.rr.com ([71.74.56.124]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 17:26:14 -0500 X-Authority-Analysis: v=1.0 c=1 a=mHL2qbw60p4A:10 a=inupVgZBIU8A:10 a=ZeTuBiAxjFSXDAqHu2E6cg==:17 a=eY1uq2DfLcK0ShoBApoA:9 a=ssl8EXnb84JWbef1YcQA:7 a=KG1BojmYtt7BiAtI-LpvyPWegzYA:4 a=QEXdDO2ut3YA:10 a=-tXRAxsaAAAA:8 a=5YdT4Lfx7flyuF280rcA:9 a=dA7qAuGZ87mkbvjyP-Tq_okw4WMA:4 X-Cloudmark-Score: 0 X-Originating-IP: 24.193.47.88 Received: from [24.193.47.88] ([24.193.47.88:50539] helo=www.secure-endpoints.com) by hrndva-oedge04.mail.rr.com (envelope-from ) (ecelerity 2.2.2.39 r()) with ESMTP id 59/DC-22289-503EBAB4; Thu, 25 Mar 2010 22:26:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=secure-endpoints.com; s=MDaemon; t=1269555952; x=1270160752; q=dns/txt; h=DomainKey-Signature:Received:Message-ID:Date:From: Organization:User-Agent:MIME-Version:To:Subject:References: In-Reply-To:OpenPGP:Content-Type:Reply-To; bh=2WrVspIJMEb4owrT/y lP/qJ8vmnNLM2tznVOKsJKqOo=; b=s1fW1CuizjIUx6UGP27RK3oZKSlrUPUfw1 n8+T9cPRcMDbiyv7J7Z1egBsj7kjFgBn4SuK0e0vZJWt2wdRA4oms5f9reLnjyro OsrSk2uHevDgSvyIRfQYetla5aETDap3DyI2KJfOcWTcZqgtH1lpPscuPkjgOElm zKD27FBsc= DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=secure-endpoints.com; c=simple; q=dns; h=message-id:from; b=E9mNWS9utn32+SoI+9ypmXj6SUoYQ775P6eQY9wSndKDqAJKInN6HCK4Uc6E q0h/Fj36mnjGQP2lJ2TElx55y63DBxa6hD26vlIAaTqeuYFT6/Hx9Viy3 DlDIkwRZlL7nkJ72Ynqeoei8dvhQAuU5iXaXXJOesnrA40F4j4+YK0=; X-MDAV-Processed: www.secure-endpoints.com, Thu, 25 Mar 2010 18:25:52 -0400 Received: from [75.238.64.79] by secure-endpoints.com (Cipher TLSv1:RC4-MD5:128) (MDaemon PRO v11.0.0) with ESMTP id md50000223749.msg for ; Thu, 25 Mar 2010 18:25:50 -0400 X-Spam-Processed: www.secure-endpoints.com, Thu, 25 Mar 2010 18:25:50 -0400 (not processed: message from trusted or authenticated source) X-MDPtrLookup-Result: pass dns.ptr=79.sub-75-238-64.myvzw.com (ip=75.238.64.79) (www.secure-endpoints.com) X-MDHeloLookup-Result: pass smtp.helo=[75.238.64.79] (ip=75.238.64.79) (www.secure-endpoints.com) X-Authenticated-Sender: jaltman@secure-endpoints.com X-MDRemoteIP: 75.238.64.79 X-Return-Path: jaltman@secure-endpoints.com X-Envelope-From: jaltman@secure-endpoints.com X-MDaemon-Deliver-To: ietf-krb-wg@lists.anl.gov Message-ID: <4BABE301.9030308@secure-endpoints.com> Date: Thu, 25 Mar 2010 18:26:09 -0400 From: Jeffrey Altman Organization: Secure Endpoints Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b2pre Thunderbird/3.0.3 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: In-Reply-To: X-Enigmail-Version: 1.0.1 OpenPGP: url=http://pgp.mit.edu X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] KX.509 was KRB-WG summary for IETF 77 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list Reply-To: jaltman@secure-endpoints.com List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2249907621065512059==" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov This is a cryptographically signed message in MIME format. --===============2249907621065512059== Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms090907010909040807010404" This is a cryptographically signed message in MIME format. --------------ms090907010909040807010404 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 3/25/2010 2:19 PM, Jeffrey Hutzelman wrote: >=20 > * Henry Hotz gave a brief presentation on his work to document KX509. = Due > to delays in getting his employer to authorize release of the document= , > an internet-draft is not yet available but will be soon. There was so= me > discussion of the work, and while no formal poll was taken, there seem= ed > to be agreement this should happen within the security area of the IET= F. > It is not yet clear exactly where the work will find a home; this will= > be worked out between the authors, ADs, and chairs of related WG's. As an implementer of KX.509, I would be very happy to see a new KX509 protocol developed within the IETF. However, the existing protocol has some significant issues that in my opinion should prevent it from being standardized. I would be happy to work with Hank to write an informational RFC to document the existing protocol, the variations that have been implemented at various sites that have deployed it, and the issues that should be addressed in any future specification. Jeffrey Altman Secure Endpoints, Inc. --------------ms090907010909040807010404 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC AxcwggKAoAMCAQICEAMF9RTCGOz151fTpHLih+cwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDgyODA0MDExOVoX DTEwMDgyODA0MDExOVowczEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVy aWMxHDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRt YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDZNscYIvF6xzGSAfa/QUIqiElyn0EUxL2b86eKiYqe91bj0gLr/MJoErLnb+OmokxqSAH6 y0zlFqSbiFwgNM8m69K6m/6YO+x3+5zBc+u6snwTWMEWygnhx3rQ/lMhoQOgArraL+/k9aWL kNdaXQKk6EZVW9pfV2A4Lk4DoZGFjY8tJRWWDLlFkYnxDuIEpLYwJpwakv3QHOaq/G8KW0iE jVhVzPobuZzwD2tuepY/bsClwqxz/gfAEpUvAn/lYTqnoT7RYljZlCIdbrgcG/HSYMxAy1Zp Yh8Fx+9cqsG8O4nqo26SVfYZvrYhh8m6OqW8Vakdt7vBLCTa/QhIdJ4hAgMBAAGjOTA3MCcG A1UdEQQgMB6BHGphbHRtYW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADAN BgkqhkiG9w0BAQUFAAOBgQBvbvJNXUJ4atv1CExIe0J38jZqoEUTttkXOfCDT9e3mSmVboOK ifHDyLZQC4qSsCUfP7vdwAXjKtjak22HbfX2sEKCUgtnOkxRqXMM2V/NW/ESNVQZF0TO7L/Z cW3icObO9FIZCSmgFMt2Al7VPfMQmaJNlqu9SLmXSwbRFJ5b4zCCAxcwggKAoAMCAQICEAMF 9RTCGOz151fTpHLih+cwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h bCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDgyODA0MDExOVoXDTEwMDgyODA0MDExOVow czEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMxHDAaBgNVBAMTE0pl ZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRtYW5Ac2VjdXJlLWVuZHBv aW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZNscYIvF6xzGSAfa/ QUIqiElyn0EUxL2b86eKiYqe91bj0gLr/MJoErLnb+OmokxqSAH6y0zlFqSbiFwgNM8m69K6 m/6YO+x3+5zBc+u6snwTWMEWygnhx3rQ/lMhoQOgArraL+/k9aWLkNdaXQKk6EZVW9pfV2A4 Lk4DoZGFjY8tJRWWDLlFkYnxDuIEpLYwJpwakv3QHOaq/G8KW0iEjVhVzPobuZzwD2tuepY/ bsClwqxz/gfAEpUvAn/lYTqnoT7RYljZlCIdbrgcG/HSYMxAy1ZpYh8Fx+9cqsG8O4nqo26S VfYZvrYhh8m6OqW8Vakdt7vBLCTa/QhIdJ4hAgMBAAGjOTA3MCcGA1UdEQQgMB6BHGphbHRt YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB gQBvbvJNXUJ4atv1CExIe0J38jZqoEUTttkXOfCDT9e3mSmVboOKifHDyLZQC4qSsCUfP7vd wAXjKtjak22HbfX2sEKCUgtnOkxRqXMM2V/NW/ESNVQZF0TO7L/ZcW3icObO9FIZCSmgFMt2 Al7VPfMQmaJNlqu9SLmXSwbRFJ5b4zCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV +065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/ p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8 MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/ TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNxMIID bQIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ AwX1FMIY7PXnV9OkcuKH5zAJBgUrDgMCGgUAoIIB0DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xMDAzMjUyMjI2MDlaMCMGCSqGSIb3DQEJBDEWBBRwoi9T CWaYThY+GV8h233CrGoM4DBfBgkqhkiG9w0BCQ8xUjBQMAsGCWCGSAFlAwQBAjAKBggqhkiG 9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN AwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0 ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl bWFpbCBJc3N1aW5nIENBAhADBfUUwhjs9edX06Ry4ofnMIGHBgsqhkiG9w0BCRACCzF4oHYw YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhADBfUUwhjs 9edX06Ry4ofnMA0GCSqGSIb3DQEBAQUABIIBACfDOz38N3ryoGdu+wGxxm9lu7l/wl6ocYdY wt/00dZOn6lkhdOrFKw7G4FpP2MAX1/4yiYW3guSDU2GC7OuACvWWN7FSldUVircO2i6F+Hr 5F1ubqv0ahAKk7I237gImX8nl7UfXYlRN/TTtqkXiVN4RFh6YVRdijv546Se3dRpxZg+7xzH 46DuqOF5GQaviIWBL6tiPe9dlf5rN0ZbbZi3opDhhQC0QwTy7MtvWKt8z4eJ2AUY7lW2EXqm 8d1mr9mnUja04WXuZd739U4nXZ/PBfav92QtYD0WTj0BTvpoXdycth4qcLfJBAIXT00G0PUr lq6b4VyI+7jg7V4/t9cAAAAAAAA= --------------ms090907010909040807010404-- --===============2249907621065512059== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --===============2249907621065512059==-- From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 16:08:43 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0824B3A683C for ; Thu, 25 Mar 2010 16:08:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.48 X-Spam-Level: X-Spam-Status: No, score=-3.48 tagged_above=-999 required=5 tests=[AWL=1.989, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPEV1GBBeKPL for ; Thu, 25 Mar 2010 16:08:42 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3F9683A6BD8 for ; Thu, 25 Mar 2010 16:08:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 7B40940; Thu, 25 Mar 2010 18:09:01 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 42B5536; Thu, 25 Mar 2010 18:09:01 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id EE12E80E4B; Thu, 25 Mar 2010 18:09:00 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 08FFB80DDF for ; Thu, 25 Mar 2010 18:08:59 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id DCB557CC05D; Thu, 25 Mar 2010 18:08:58 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21657-04; Thu, 25 Mar 2010 18:08:58 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id C1D227CC059 for ; Thu, 25 Mar 2010 18:08:58 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAH2Jq0vBCvxC/2dsb2JhbACDGJgQc61EkGWBK4JoagQ X-IronPort-AV: E=Sophos;i="4.51,309,1267423200"; d="scan'208";a="39268021" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 18:08:57 -0500 Received: from [130.129.27.189] (dhcp-wireless-open-abg-27-189.meeting.ietf.org [130.129.27.189]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2PN8p54014830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 26 Mar 2010 00:08:55 +0100 (CET) Message-ID: <4BABECFD.2000501@mnt.se> Date: Fri, 26 Mar 2010 00:08:45 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: ietf-krb-wg@lists.anl.gov References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> In-Reply-To: <20100325144721.40a34c08@willson.li.ssimo.org> X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >> The the schema doesn't make keys optional then there is no way to >> express legacy key structures, this will make deployment much harder. > > But this document explains the information model not some specific > schema. I think Greg is asking if there is any need to prescribe > something like this in the information model. Correct me if I am wrong > Greg. Yes I think everyone understands that and I claim that having a schema that doesn't separate key management from the management of other data does have security implications. I want to keep text about this in the model but I am happy to receive clarifying or updated language. Lets get past this so we don't bikeshed too much on this point! Cheers Leif _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 19:08:13 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 308FB3A68D1 for ; Thu, 25 Mar 2010 19:08:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UocJ8BqyDhxR for ; Thu, 25 Mar 2010 19:08:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3FE373A67F8 for ; Thu, 25 Mar 2010 19:08:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 7FC4B39; Thu, 25 Mar 2010 21:08:33 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 81EA436; Thu, 25 Mar 2010 21:08:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 2651B80E4B; Thu, 25 Mar 2010 21:08:30 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 6897E80DDF for ; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 5901812; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5418329 for ; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 4DF1212 for ; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 372B67CC05D; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06522-07; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 1D84F7CC059 for ; Thu, 25 Mar 2010 21:08:28 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Au0AAKyzq0uAlYtqkWdsb2JhbACbPwEBAQEJCwoHEwUdvjOEfQSDHg X-IronPort-AV: E=Sophos;i="4.51,310,1267423200"; d="scan'208";a="39272753" Received: from mailhost.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.106]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 21:08:27 -0500 Received: from nc-128-149-250-56.jpl.nasa.gov (nc-128-149-250-56.jpl.nasa.gov [128.149.250.56]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2Q28NPH011597; Thu, 25 Mar 2010 19:08:25 -0700 Mime-Version: 1.0 (Apple Message framework v1077) From: "Henry B. Hotz" In-Reply-To: <87iq8kktim.fsf@mocca.josefsson.org> Date: Thu, 25 Mar 2010 19:08:23 -0700 Message-Id: <5DACF211-0B01-4582-963A-A1E752067414@jpl.nasa.gov> References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> <87iq8kktim.fsf@mocca.josefsson.org> To: Simon Josefsson X-Mailer: Apple Mail (2.1077) X-Source-IP: nc-128-149-250-56.jpl.nasa.gov [128.149.250.56] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 25, 2010, at 1:58 PM, Simon Josefsson wrote: > What parties considers DES secure? I first read that as *in-*secure. To answer the question as actually asked, I'd say nobody. (Unless, perhaps, they have some specific deployment scenario which would prevent off-line search. Kerberos doesn't meet that requirement.) ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Thu Mar 25 19:15:37 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 564D83A69A1 for ; Thu, 25 Mar 2010 19:15:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6xIlNlxIIJX for ; Thu, 25 Mar 2010 19:15:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 2B9E23A67F8 for ; Thu, 25 Mar 2010 19:15:36 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5070143; Thu, 25 Mar 2010 21:15:58 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2C36729; Thu, 25 Mar 2010 21:15:57 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0190380E4B; Thu, 25 Mar 2010 21:15:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 4782480DDF for ; Thu, 25 Mar 2010 21:15:55 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 28B9A7CC05A; Thu, 25 Mar 2010 21:15:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07206-04; Thu, 25 Mar 2010 21:15:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 0C69A7CC059 for ; Thu, 25 Mar 2010 21:15:55 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvcAAPq1q0uAlYtqkWdsb2JhbACbPwEBAQEJCwoHEwUXBr46hH0Egx4 X-IronPort-AV: E=Sophos;i="4.51,310,1267423200"; d="scan'208";a="39272914" Received: from mailhost.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.106]) by mailgateway.anl.gov with ESMTP; 25 Mar 2010 21:15:54 -0500 Received: from nc-128-149-250-56.jpl.nasa.gov (nc-128-149-250-56.jpl.nasa.gov [128.149.250.56]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2Q2FrRm014837; Thu, 25 Mar 2010 19:15:53 -0700 Mime-Version: 1.0 (Apple Message framework v1077) From: "Henry B. Hotz" In-Reply-To: <4BABE301.9030308@secure-endpoints.com> Date: Thu, 25 Mar 2010 19:15:53 -0700 Message-Id: References: <4BABE301.9030308@secure-endpoints.com> To: "jaltman@secure-endpoints.com" X-Mailer: Apple Mail (2.1077) X-Source-IP: nc-128-149-250-56.jpl.nasa.gov [128.149.250.56] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] KX.509 was KRB-WG summary for IETF 77 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 25, 2010, at 3:26 PM, Jeffrey Altman wrote: > On 3/25/2010 2:19 PM, Jeffrey Hutzelman wrote: >> >> * Henry Hotz gave a brief presentation on his work to document KX509. Due >> to delays in getting his employer to authorize release of the document, >> an internet-draft is not yet available but will be soon. There was some >> discussion of the work, and while no formal poll was taken, there seemed >> to be agreement this should happen within the security area of the IETF. >> It is not yet clear exactly where the work will find a home; this will >> be worked out between the authors, ADs, and chairs of related WG's. > > As an implementer of KX.509, I would be very happy to see a new KX509 > protocol developed within the IETF. However, the existing protocol has > some significant issues that in my opinion should prevent it from being > standardized. > > I would be happy to work with Hank to write an informational RFC to > document the existing protocol, the variations that have been > implemented at various sites that have deployed it, and the issues > that should be addressed in any future specification. > > Jeffrey Altman > Secure Endpoints, Inc. I've written up the existing protocol as a starting point. I wanted to postpone discussions of protocol updates until I got the initial draft released, but I seem to be getting a consensus for a protocol update developing already. (I don't disagree BTW.) I expect to get proper clearance for the draft next week. If I don't, I may ask you to be a co-author for that reason. I do have clearance now for public release outside of the IETF with a Caltech copyright. I'll send you a copy, and I can directly send anyone else who wants an early copy as well. Just email me off-list. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 01:03:52 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1E993A6860 for ; Fri, 26 Mar 2010 01:03:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.647 X-Spam-Level: X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[AWL=1.822, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3PnDMrT-Vro for ; Fri, 26 Mar 2010 01:03:51 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A53E53A67B3 for ; Fri, 26 Mar 2010 01:03:51 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D69C129; Fri, 26 Mar 2010 03:04:14 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id A080E38; Fri, 26 Mar 2010 03:04:10 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4C8CA80E4B; Fri, 26 Mar 2010 03:04:10 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id DBE0780DDF for ; Fri, 26 Mar 2010 03:04:08 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id D03C412; Fri, 26 Mar 2010 03:04:08 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id CBEFE29 for ; Fri, 26 Mar 2010 03:04:08 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id C6E0F12 for ; Fri, 26 Mar 2010 03:04:07 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id BC0407CC05D; Fri, 26 Mar 2010 03:04:07 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31220-09; Fri, 26 Mar 2010 03:04:07 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A35637CC059 for ; Fri, 26 Mar 2010 03:04:06 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvYDANYGrEtT8bEngWdsb2JhbACbKxUBARYkIr19DYRxBA X-IronPort-AV: E=Sophos;i="4.51,312,1267423200"; d="scan'208";a="39278982" Received: from yxa-v.extundo.com ([83.241.177.39]) by mailgateway.anl.gov with ESMTP; 26 Mar 2010 03:04:05 -0500 Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o2Q841FD009314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 26 Mar 2010 09:04:03 +0100 From: Simon Josefsson To: "Henry B. Hotz" References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> <87iq8kktim.fsf@mocca.josefsson.org> <5DACF211-0B01-4582-963A-A1E752067414@jpl.nasa.gov> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:22:100326:hotz@jpl.nasa.gov::YOlYvM4TKAMLfw/C:HaPg X-Hashcash: 1:22:100326:ietf-krb-wg@anl.gov::MHJnfBeiM91Pjn+N:YFOz Date: Fri, 26 Mar 2010 09:04:01 +0100 In-Reply-To: <5DACF211-0B01-4582-963A-A1E752067414@jpl.nasa.gov> (Henry B. Hotz's message of "Thu, 25 Mar 2010 19:08:23 -0700") Message-ID: <8739znqzke.fsf@mocca.josefsson.org> User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v X-Virus-Status: Clean X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov "Henry B. Hotz" writes: > On Mar 25, 2010, at 1:58 PM, Simon Josefsson wrote: > >> What parties considers DES secure? > > > I first read that as *in-*secure. To answer the question as actually > asked, I'd say nobody. That was my point -- if we can get consensus around "nobody", the document should say that instead of implying that some parties still regard DES as secure. /Simon _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 11:07:33 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 469EF3A6B92 for ; Fri, 26 Mar 2010 11:07:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.469 X-Spam-Level: X-Spam-Status: No, score=-3.469 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OD-qHvb6uWft for ; Fri, 26 Mar 2010 11:07:32 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 360963A6B2E for ; Fri, 26 Mar 2010 11:07:31 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B15C22D; Fri, 26 Mar 2010 13:07:54 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3F2AA29; Fri, 26 Mar 2010 13:07:51 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 180A380E4B; Fri, 26 Mar 2010 13:07:51 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 705C780E43 for ; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 60F2C12; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 5BA6029 for ; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 54CB312 for ; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 405577CC059; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05684-06; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 204367CC05E for ; Fri, 26 Mar 2010 13:07:49 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmQBAKiUrEsSCRkMnGdsb2JhbACbJRUBAQEBAQgLCAkTIrIQhROIW4R+BA X-IronPort-AV: E=Sophos;i="4.51,315,1267423200"; d="scan'208";a="39308456" Received: from dmz-mailsec-scanner-1.mit.edu ([18.9.25.12]) by mailgateway.anl.gov with ESMTP; 26 Mar 2010 13:07:48 -0500 X-AuditID: 1209190c-b7c8cae00000610c-05-4bacf7f40fd5 Received: from mailhub-auth-1.mit.edu (MAILHUB-AUTH-1.MIT.EDU [18.9.21.35]) by dmz-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id F1.0D.24844.4F7FCAB4; Fri, 26 Mar 2010 14:07:48 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id o2QI7lP0012301; Fri, 26 Mar 2010 14:07:48 -0400 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2QI7jfX025582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 26 Mar 2010 14:07:46 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id o2QI7RHe019550; Fri, 26 Mar 2010 14:07:27 -0400 (EDT) To: Simon Josefsson References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> <87iq8kktim.fsf@mocca.josefsson.org> <5DACF211-0B01-4582-963A-A1E752067414@jpl.nasa.gov> <8739znqzke.fsf@mocca.josefsson.org> From: Tom Yu Date: Fri, 26 Mar 2010 14:07:27 -0400 In-Reply-To: <8739znqzke.fsf@mocca.josefsson.org> (Simon Josefsson's message of "Fri, 26 Mar 2010 09:04:01 +0100") Message-ID: Lines: 19 MIME-Version: 1.0 X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@anl.gov" Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Simon Josefsson writes: > "Henry B. Hotz" writes: > >> On Mar 25, 2010, at 1:58 PM, Simon Josefsson wrote: >> >>> What parties considers DES secure? >> >> >> I first read that as *in-*secure. To answer the question as actually >> asked, I'd say nobody. > > That was my point -- if we can get consensus around "nobody", the > document should say that instead of implying that some parties still > regard DES as secure. I'm sure some people still regard DES as secure. After all, it's better than cleartext or rot-13. Though arguably, a false sense of security is worse than no security. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 12:54:11 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A2523A6C28 for ; Fri, 26 Mar 2010 12:54:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KabXoQff+3SO for ; Fri, 26 Mar 2010 12:54:10 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 7E8693A6C18 for ; Fri, 26 Mar 2010 12:54:09 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 56A1A42; Fri, 26 Mar 2010 14:54:23 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 0AFF22D; Fri, 26 Mar 2010 14:54:19 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D79AA80E4B; Fri, 26 Mar 2010 14:54:19 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 8A87080E43 for ; Fri, 26 Mar 2010 14:54:18 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6A9657CC05A; Fri, 26 Mar 2010 14:54:18 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29927-09; Fri, 26 Mar 2010 14:54:18 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4E8D57CC056 for ; Fri, 26 Mar 2010 14:54:18 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkcBAD6trEsSB0QlnGdsb2JhbACDF5gTFQEBAQEBCAsICRMirniCaoUTiFuBK4JpagQ X-IronPort-AV: E=Sophos;i="4.51,315,1267423200"; d="scan'208";a="39313931" Received: from dmz-mailsec-scanner-8.mit.edu ([18.7.68.37]) by mailgateway.anl.gov with ESMTP; 26 Mar 2010 14:54:18 -0500 X-AuditID: 12074425-b7d00ae000002295-b4-4bad10e9a8d7 Received: from mailhub-auth-3.mit.edu (MAILHUB-AUTH-3.MIT.EDU [18.9.21.43]) by dmz-mailsec-scanner-8.mit.edu (Symantec Brightmail Gateway) with SMTP id EE.DD.08853.9E01DAB4; Fri, 26 Mar 2010 15:54:17 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id o2QJsG83009155; Fri, 26 Mar 2010 15:54:16 -0400 Received: from [10.0.0.102] (c-24-61-11-81.hsd1.ma.comcast.net [24.61.11.81]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2QJsEXk018835 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 26 Mar 2010 15:54:16 -0400 (EDT) From: Greg Hudson To: Leif Johansson In-Reply-To: <4BABECFD.2000501@mnt.se> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> Date: Fri, 26 Mar 2010 15:54:14 -0400 Message-ID: <1269633254.5165.74.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 X-Brightmail-Tracker: AAAAARNt6nc= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Thu, 2010-03-25 at 19:08 -0400, Leif Johansson wrote: > Yes I think everyone understands that and I claim that having a > schema that doesn't separate key management from the management > of other data does have security implications. What security implications? All I am hearing is: Step 1: It's important to protect the keys. Step 2: ??? Step 3: Therefore keys must be kept separate from other principal data. What goes wrong if they aren't separated? What are the security considerations? _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 18:21:17 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D256A3A6A31 for ; Fri, 26 Mar 2010 18:21:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.306 X-Spam-Level: X-Spam-Status: No, score=-5.306 tagged_above=-999 required=5 tests=[AWL=0.163, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWn-hjBjzGde for ; Fri, 26 Mar 2010 18:21:11 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 018143A693A for ; Fri, 26 Mar 2010 18:20:50 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 45E053F; Fri, 26 Mar 2010 20:21:14 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3EE3139; Fri, 26 Mar 2010 20:21:10 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 0FCE680E4B; Fri, 26 Mar 2010 20:21:10 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E04FC80E43 for ; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id DACC712; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D662539 for ; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B79E412 for ; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id A1B8E7CC05F; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04530-08; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 7C9D07CC05A for ; Fri, 26 Mar 2010 20:21:08 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjUBAJf6rEuAAtnFkWdsb2JhbACbLBUBAQEBCQsKBxMFHbEXhReIW4R+BIMe X-IronPort-AV: E=Sophos;i="4.51,317,1267423200"; d="scan'208";a="39322870" Received: from smtp02.srv.cs.cmu.edu ([128.2.217.197]) by mailgateway.anl.gov with ESMTP; 26 Mar 2010 20:21:08 -0500 Received: from dhcp-wireless-open-a-41-73.meeting.ietf.org (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp02.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2R1L4Q8008123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Mar 2010 21:21:05 -0400 (EDT) Date: Fri, 26 Mar 2010 18:21:04 -0700 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: <7C3DD5FE4A4D5A3939623295@atlantis.pc.cs.cmu.edu> In-Reply-To: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.197 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Following are my comments from review of -03: Abstract: The acronym NIST must be expanded on first use. The abstract should explicitly state what it updates: OLD: Use in Kerberos should therefore stop. NEW: This document updates RFC1964, RFC4120, and RFC4121 to deprecate the use of DES in Kerberos. Section 2: ... and again here, as the abstract and body are independent. Also, GSS-API needs to be expanded here. Section 3: > This document removes the mandatory-to-implement types from > [RFC4120]: Encryption: DES-CBC-MD5(3) That enctype is not mandatory-to-implement in RFC4120; it is only RECOMMENDED. Suggest s/mandatory-to-implement/RECOMMENDED/. > This document removes the mandatory-to-implement types from [RFC4120] > when used in conjunction with DES-CBC-MD5: Checksums: DES-MD5(7) There is some confusion here. RFC4120 refers repeatedly to a cksumtype of the name "DES-MD5", but there is in fact no such cksumtype. The mandatory-to-implement cksumtype for DES-CBC-MD5 is actually named RSA-MD5-DES and has cksumtype 8; this is not the same as RSA-MD5(7). Further, RFC4120 does not actually make RSA-MD5-DES mandatory-to-implement with DES-CBC-MD5; RFC3961 does that, and should continue to do so. We don't want people to use DES-CBC-MD5 with Kerberos any more, but if it is implemented, then we still want implementation of RSA-MD5-DES to be REQUIRED, for interoperability. I suggest removing this paragraph entirely, and instead adding to the previous paragraph: Checksums: DES-MD5 (8, RSA-MD5-DES from [RFC3961]) Once we've done this, I do not believe this document updates RFC3961. > Kerberos GSS mechanism implementation and deployments SHOULD NOT > implement the SGN ALG: DES MAC MD5, MD2.5, DES MAC. > > Kerberos GSS mechanism implementation and deployments SHOULD NOT > implement the SEAL ALG: DES. Heh. This fully deprecates RFC1964 section 1.2. Following this recommendation should considerably simplify implementations. Section 6: > There are no IANA Considerations for this document Technically true, since the IANA registry does not record the state of registered enctypes and cksumtypes. I wonder if maybe it should, but that's not really in scope of this. Section 7: This document updates RFC4121, and certainly one must have read that document to understand why it is OK to deprecate all of the SGN and SEAL algorithms defined in RFC1964. Therefore, I believe the reference to be normative. The idnits tool found the following problems: == You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See http://trustee.ietf.org/license-info/) _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 23:00:11 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD7D23A68CD for ; Fri, 26 Mar 2010 23:00:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.089 X-Spam-Level: X-Spam-Status: No, score=-102.089 tagged_above=-999 required=5 tests=[AWL=3.380, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W44nrz0L5kKS for ; Fri, 26 Mar 2010 23:00:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 725353A68B0 for ; Fri, 26 Mar 2010 23:00:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 9552F12; Sat, 27 Mar 2010 01:00:32 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 511FF43; Sat, 27 Mar 2010 01:00:30 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id E53AB80E4B; Sat, 27 Mar 2010 01:00:29 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id E735F80E43 for ; Sat, 27 Mar 2010 01:00:27 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id D22DB7CC065; Sat, 27 Mar 2010 01:00:27 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16600-06; Sat, 27 Mar 2010 01:00:27 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id B78287CC05E for ; Sat, 27 Mar 2010 01:00:27 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkUBADc8rUtAqmIglGdsb2JhbACPSQGLYhUBAQEBCQsICRMFHb4QhH4Egx4 X-IronPort-AV: E=Sophos;i="4.51,318,1267423200"; d="txt'208?scan'208,208";a="39325863" Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 27 Mar 2010 01:00:27 -0500 Received: by core3.amsl.com (Postfix, from userid 0) id E17BF3A67A7; Fri, 26 Mar 2010 23:00:01 -0700 (PDT) From: Internet-Drafts@ietf.org To: i-d-announce@ietf.org Content-Type: Multipart/Mixed; Boundary="NextPart" Mime-Version: 1.0 Message-Id: <20100327060001.E17BF3A67A7@core3.amsl.com> Date: Fri, 26 Mar 2010 23:00:01 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov Subject: [Ietf-krb-wg] I-D Action:draft-lha-des-die-die-die-04.txt X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Kerberos Working Group of the IETF. Title : Deprecate DES support for Kerberos Author(s) : L. Astrand Filename : draft-lha-des-die-die-die-04.txt Pages : 10 Date : 2010-03-26 A long long time ago Data Encryption Standard (DES) was standardized. Some 30 years later (2003) is was withdrawn as a standard by National Institute of Standards and Technology (NIST), today 6 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. This document updates RFC1964, RFC4120, and RFC4121 to deprecate the use of DES in Kerberos. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-lha-des-die-die-die-04.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Message/External-body; name="draft-lha-des-die-die-die-04.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2010-03-26225813.I-D@ietf.org> --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg --NextPart-- From ietf-krb-wg-bounces@lists.anl.gov Fri Mar 26 23:03:49 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31C543A67A4 for ; Fri, 26 Mar 2010 23:03:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.169 X-Spam-Level: X-Spam-Status: No, score=-105.169 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q8UMigw5iIPX for ; Fri, 26 Mar 2010 23:03:48 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3CE9F3A6783 for ; Fri, 26 Mar 2010 23:03:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C0AF74B; Sat, 27 Mar 2010 01:04:11 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 91BA21A; Sat, 27 Mar 2010 01:04:11 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 710BD80E4B; Sat, 27 Mar 2010 01:04:11 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id D1DD380E43 for ; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id C490412; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id C03AE1A for ; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id B3D0412 for ; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9E5CE7CC064; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16829-02; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 78FC37CC05E for ; Sat, 27 Mar 2010 01:04:10 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjUBADc8rUsR/g0WkWdsb2JhbACbLBUBAQEBCQsKBxMFHb4QhH4Egx6DAYd6 X-IronPort-AV: E=Sophos;i="4.51,318,1267423200"; d="scan'208";a="39325906" Received: from mail-out3.apple.com ([17.254.13.22]) by mailgateway.anl.gov with ESMTP; 27 Mar 2010 01:04:10 -0500 Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id 866E88B45A3A for ; Fri, 26 Mar 2010 23:04:09 -0700 (PDT) X-AuditID: 1180711d-b7ba0ae000000e9e-e0-4bad9fd93eeb Received: from gertie.apple.com (gertie.apple.com [17.151.62.15]) by relay13.apple.com (Apple SCV relay) with SMTP id FD.E8.03742.9DF9DAB4; Fri, 26 Mar 2010 23:04:09 -0700 (PDT) MIME-version: 1.0 Received: from [10.0.1.11] (99-52-202-108.lightspeed.snjsca.sbcglobal.net [99.52.202.108]) by gertie.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0KZX009J8FIXNT70@gertie.apple.com> for ietf-krb-wg@anl.gov; Fri, 26 Mar 2010 23:04:09 -0700 (PDT) From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= In-reply-to: <7C3DD5FE4A4D5A3939623295@atlantis.pc.cs.cmu.edu> Date: Fri, 26 Mar 2010 23:04:09 -0700 Message-id: <2B9F461C-AFF0-4D00-BFE1-9F0BAC38EAF9@apple.com> References: <9A5AB173871C6A769EAE87A7@atlantis.pc.cs.cmu.edu> <7C3DD5FE4A4D5A3939623295@atlantis.pc.cs.cmu.edu> To: Jeffrey Hutzelman X-Mailer: Apple Mail (2.1141) X-Brightmail-Tracker: AAAAAQAAAZE= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Jeff, Thanks, merged in comments. http://www.ietf.org/id/draft-lha-des-die-die-die-04.txt Love 26 mar 2010 kl. 18:21 skrev Jeffrey Hutzelman: > Following are my comments from review of -03: > > > Abstract: > > The acronym NIST must be expanded on first use. > > The abstract should explicitly state what it updates: > > OLD: > Use in Kerberos should therefore stop. > > NEW: > This document updates RFC1964, RFC4120, and RFC4121 to deprecate > the use of DES in Kerberos. > > Section 2: > > ... and again here, as the abstract and body are independent. > Also, GSS-API needs to be expanded here. > > > Section 3: > >> This document removes the mandatory-to-implement types from >> [RFC4120]: Encryption: DES-CBC-MD5(3) > > That enctype is not mandatory-to-implement in RFC4120; it is only > RECOMMENDED. Suggest s/mandatory-to-implement/RECOMMENDED/. > >> This document removes the mandatory-to-implement types from [RFC4120] >> when used in conjunction with DES-CBC-MD5: Checksums: DES-MD5(7) > > There is some confusion here. RFC4120 refers repeatedly to a cksumtype > of the name "DES-MD5", but there is in fact no such cksumtype. The > mandatory-to-implement cksumtype for DES-CBC-MD5 is actually named > RSA-MD5-DES and has cksumtype 8; this is not the same as RSA-MD5(7). > > Further, RFC4120 does not actually make RSA-MD5-DES mandatory-to-implement > with DES-CBC-MD5; RFC3961 does that, and should continue to do so. We > don't want people to use DES-CBC-MD5 with Kerberos any more, but if it > is implemented, then we still want implementation of RSA-MD5-DES to be > REQUIRED, for interoperability. > > I suggest removing this paragraph entirely, and instead adding to the > previous paragraph: > > Checksums: DES-MD5 (8, RSA-MD5-DES from [RFC3961]) > > Once we've done this, I do not believe this document updates RFC3961. > > >> Kerberos GSS mechanism implementation and deployments SHOULD NOT >> implement the SGN ALG: DES MAC MD5, MD2.5, DES MAC. >> >> Kerberos GSS mechanism implementation and deployments SHOULD NOT >> implement the SEAL ALG: DES. > > Heh. This fully deprecates RFC1964 section 1.2. Following this > recommendation should considerably simplify implementations. > > > Section 6: > >> There are no IANA Considerations for this document > > Technically true, since the IANA registry does not record the state > of registered enctypes and cksumtypes. I wonder if maybe it should, > but that's not really in scope of this. > > > Section 7: > > This document updates RFC4121, and certainly one must have read that > document to understand why it is OK to deprecate all of the SGN and > SEAL algorithms defined in RFC1964. Therefore, I believe the reference > to be normative. > > > The idnits tool found the following problems: > > == You're using the IETF Trust Provisions' Section 6.b License Notice from > 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See > http://trustee.ietf.org/license-info/) > > > _______________________________________________ > ietf-krb-wg mailing list > ietf-krb-wg@lists.anl.gov > https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Mar 27 03:23:11 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D56EF3A69A0 for ; Sat, 27 Mar 2010 03:23:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.316 X-Spam-Level: X-Spam-Status: No, score=-5.316 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xp1RTBV8NRfv for ; Sat, 27 Mar 2010 03:23:10 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B65413A699D for ; Sat, 27 Mar 2010 03:23:08 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 1F5EE3F; Sat, 27 Mar 2010 05:23:23 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 5DA0A21; Sat, 27 Mar 2010 05:23:20 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 31E5F80E4B; Sat, 27 Mar 2010 05:23:20 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 52C9580E43 for ; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 4405512; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3F9A921 for ; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 38D2912 for ; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 21A687CC064; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27946-01; Sat, 27 Mar 2010 05:23:18 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 059AE7CC05F for ; Sat, 27 Mar 2010 05:23:17 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjsBACd5rUuAAtnElGdsb2JhbACPTItlFQEBAQEJCwgJEwUdsBSFCYhbhQEE X-IronPort-AV: E=Sophos;i="4.51,319,1267423200"; d="scan'208";a="39329197" Received: from smtp01.srv.cs.cmu.edu ([128.2.217.196]) by mailgateway.anl.gov with ESMTP; 27 Mar 2010 05:23:17 -0500 Received: from [10.0.17.30] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2RANB59007333 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 27 Mar 2010 06:23:15 -0400 (EDT) Date: Sat, 27 Mar 2010 06:23:11 -0400 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.196 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Friday, March 26, 2010 06:21:04 PM -0700 Jeffrey Hutzelman wrote: > Section 2: > > ... and again here, as the abstract and body are independent. > Also, GSS-API needs to be expanded here. Argh. I meant NIST needed to be expanded again, but then one of my comments got reordered. Oops. FWIW, expanding DES is OK, but not required -- it's one of the "well-known" acronyms that can usually be used without expansion. Also, a comment I forgot. In section 4, my name should be spelled "Jeffrey", not "Jeffery". The IPR boilerplate issue is still there. Perhaps the xml2rfc site is out of date; I'll have to find out what's going on there. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Sat Mar 27 04:17:06 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A991F3A69C9 for ; Sat, 27 Mar 2010 04:17:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.264 X-Spam-Level: X-Spam-Status: No, score=-5.264 tagged_above=-999 required=5 tests=[AWL=0.205, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mlngQQOvWUYx for ; Sat, 27 Mar 2010 04:17:04 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 3E7A93A69B7 for ; Sat, 27 Mar 2010 04:16:57 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id A8B714E; Sat, 27 Mar 2010 06:17:21 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 2467C49; Sat, 27 Mar 2010 06:17:20 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id D2DA880E4B; Sat, 27 Mar 2010 06:17:20 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id E89C280E43 for ; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id DFC5E12; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D87543F for ; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id CF5B412 for ; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B885B7CC064; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31989-07; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 880B07CC05E for ; Sat, 27 Mar 2010 06:17:18 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtQAAAuGrUuAAtnGkWdsb2JhbACbMRUBAQEBCQsKBxMFHbA/AgGFAYhbgm8BghEE X-IronPort-AV: E=Sophos;i="4.51,319,1267423200"; d="scan'208";a="39330346" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 27 Mar 2010 06:17:18 -0500 Received: from [10.0.17.30] (SIRIUS.FAC.CS.CMU.EDU [128.2.216.216]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2RBHHCA022086 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 27 Mar 2010 07:17:17 -0400 (EDT) Date: Sat, 27 Mar 2010 07:17:16 -0400 From: Jeffrey Hutzelman To: ietf-krb-wg@anl.gov Message-ID: In-Reply-To: <30D65FE1A75FC35DC4C6387A@atlantis.pc.cs.cmu.edu> References: <30D65FE1A75FC35DC4C6387A@atlantis.pc.cs.cmu.edu> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: dhcwg@ietf.org, jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] WG Last Call: draft-sakane-dhc-dhcpv6-kdc-option-08 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Following are my comments from my review of draft-sakane-dhc-dhcpv6-kdc-option-08: Abstract: - Expand "DHCP" - "Conventions used in this document" belongs in the document proper, not below the abstract. Section 1 (Introduction): > When the client wants to begin communication with the peer and to be > authenticated by the peer. Kerberos doesn't have "peers"; it has clients, application servers, and KDC's. Here and throughout, s/peer/server/. In the described scenario, a client wishes to be authenticated _to_ a server, not _by_ it. This is a grammar nit I would normally leave to the RFC-Editor, but the distinction in meaning is somewhat subtle. Section 2 (Kerberos Option): Since code values for the three sub-options defined in this section are listed in the initial registry contents in section 6, the actual values should be given in the definition of each sub-option, rather than simply saying "TBD by IANA". Section 2.2 (KDC Sub-Option): > It is not recommended to provide an IPv4 address. Since most Kerberos deployments are currently IPv4-only, I'm not convinced this advice is appropriate. If we believe as a WG that this is appropriate, then the phrase "not recommended" should be elevated to RFC2119 requirements language (i.e. uppercase), and this requirement should be stated separately, rather than as an aside to the description of the sub-option length. Regarding Priority and Weight: > An implementer could refer to the DNS SRV specification [RFC2782] > for this usage. This is underspecified. Interoperability requires that we specify explicitly how DHCP clients and Kerberos implementations are to interpret the Priority and Weight fields to locate a KDC. I suggest mandating the algorithm described in RFC2782, rather than merely suggesting it. > Service Type (8-bit) This should be called "Protocol" or "Transport", reflecting what it actually is. Is there an existing registry we can refer to for this field, rather than creating a new one? > KDC address (variable) There seems to be no explicit indication of the family of an address; instead, the recipient is expected to infer it from the address length. This seems brittle, as it assumes no one will wish to run Kerberos on a network protocol with 128-bit addresses other than IPv6, or on a protocol with 32-bit addresses other than IPv4. I suggest including an explicit address family, perhaps drawn from the existing Address Family registry: http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml Section 3 (Client Operation): > The client MAY include the > DHCPv6 option number of the Kerberos option in the Option Request > Option defined in section 22.7 of RFC 3315 [RFC3315] in the > Information-request message. Of course, if the client doesn't do this, it may not get the Kerberos option in the response, even if the server's configuration includes the information it would contain. Perhaps we should be saying something stronger than MAY, like SHOULD. Also, we should probably mention that it is also appropriate for a client to use a Kerberos option contained in a previous DHCPv6 response. Section 3.1: > The administrator of the realm MUST define the > method to the client before the client is installed into the > environment. MUST is for implementors, not for operators. We can specify what implementations of this protocol must do, but not what Kerberos realm administrators must do. Further, if such configuration is a requirement, then there is no point in specifying how clients must behave in its absence. I don't consider it a requirement that Kerberos realm administrators manually configure clients before autoconfiguration can happen; that would be silly. Instead, we should simply specify recommended behavior in the absence of manually-configured policy on the client. The behavior the document currently recommends (use data from SRV records if available, and fall back to DHCP otherwise) seems reasonable, since the administrator of the DNS domain with the same name as a Kerberos realm is more likely to have correct information about that realm's KDCs than the administrator of the DHCP server on some random network, if they are not the same person. IMHO the diagram and step-by-step description on the following page is not needed and is unnecessarily constraining. I don't believe it is necessary to describe what requests clients should send when, especially given that when clients use DHCP to obtain configuration not directly related to bringing the network up, the DHCP client software often does not know the additional information is needed until long after the network interface is in use. I suggest dropping the sentence quoted above, the diagram, and the associated step-by-step procedure. Section 4 (Server Operation): It's not clear to me that this session is necessary. If a client requests the Kerberos option and the server's policy does not include any information for that option for that client, then the reply will not include that option. A client which does not receive the option should not keep asking for it indefinitely. It is appropriate to include recommendations to server operators as to which sub-options should typically be included, and in what order. Section 6 (IANA Considerations): This section needs to define a registration procedure and template for the registries it creates. A registry may be needed for flags in the realm-name sub-option. If we are not re-using an existing registry for KDC transport protocol field, then this section will need to create one. Section 7 (Security Considerations): The introduction presents as a use case the support of an unconfigured workstation used by multiple users, which obtains its KDC information and default realm via DHCP. In such a scenario, the workstation may not have a host or other service key, and thus be unable to validate TGT's issued to users for the purposes of authorizing login. If this is the case, an altered DHCP response could result in the workstation talking to a rogue KDC which it will be unable to distinguish from a real KDC, and allowing access by unauthorized users. This section needs to call out this consideration. > Overwriting the manual configuration should be considered in anytime. The sense of this is backwards; I believe you mean that clients SHOULD NOT use configuration data acquired via DHCP instead of local configuration. Also, note that "override" and "overwrite" are not the same thing; the latter suggests modifying the local configuration, while the former suggests merely ignoring it in favor of the (less trusted) DHCP information. Section 9 (References): References to RFC5021 and STARTTLS should be normative. Note that this document suggests a number of changes, many of which are substantive rather than editorial. Love's example notwithstanding, you should not make any of these changes until the WGLC period expires and a determination has been made, by Larry or myself, as to whether it is appropriate to make each change. The idnits tool found the following problems: == The document seems to lack a disclaimer for pre-RFC5378 work, but was first submitted before 10 November 2008. Should you add the disclaimer? (See the Legal Provisions document at http://trustee.ietf.org/license-info for more information.) -- however, there's a paragraph with a matching beginning. Boilerplate error? == Outdated reference: A later version (-08) exists of draft-josefsson-kerberos5-starttls-07 _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From krb-wg-archive@lists.ietf.org Mon Mar 29 04:03:43 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 183223A688D for ; Mon, 29 Mar 2010 04:03:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -35.651 X-Spam-Level: X-Spam-Status: No, score=-35.651 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FM_DDDD_TIMES_2=1.999, GB_I_LETTER=-2, HTML_IMAGE_ONLY_20=1.546, HTML_IMAGE_RATIO_02=0.383, HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_3=0.001, MIME_HTML_ONLY=1.457, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_FROM_DRUGS=1.666, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_WS_SURBL=10, URI_HEX=0.368, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OpXvFsFN3JlB for ; Mon, 29 Mar 2010 04:03:41 -0700 (PDT) Received: from 87-126-223-185.btc-net.bg (87-126-223-185.btc-net.bg [87.126.223.185]) by core3.amsl.com (Postfix) with ESMTP id D80663A6A29 for ; Mon, 29 Mar 2010 04:03:40 -0700 (PDT) From: "#1 VIAGRA Shop" To: krb-wg-archive@lists.ietf.org Subject: Yo, krb-wg-archive, get 81% OFF Today MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20100329110340.D80663A6A29@core3.amsl.com> Date: Mon, 29 Mar 2010 04:03:40 -0700 (PDT) Newsletter
Can't see everything? Visit online version here.

Hey krb-wg-archive, click to enter our shop

About Us | Unsubscribe | Privacy Policy | Terms of Use

Copyright © 1998-2009 Qval. All rights reserved.
From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 29 08:18:05 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C4A63A696B for ; Mon, 29 Mar 2010 08:18:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.868 X-Spam-Level: X-Spam-Status: No, score=-2.868 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vq9C7iyH5C9W for ; Mon, 29 Mar 2010 08:18:03 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 89F873A68F1 for ; Mon, 29 Mar 2010 08:18:03 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 841C133; Mon, 29 Mar 2010 10:18:31 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E9D593B; Mon, 29 Mar 2010 10:18:26 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 4D2EF80E4E; Mon, 29 Mar 2010 10:18:26 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 20A5580E4D for ; Mon, 29 Mar 2010 10:18:25 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 1214D12; Mon, 29 Mar 2010 10:18:25 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 054F637 for ; Mon, 29 Mar 2010 10:18:25 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id DA94912 for ; Mon, 29 Mar 2010 10:18:24 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id C00817CC073; Mon, 29 Mar 2010 10:18:24 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28199-01; Mon, 29 Mar 2010 10:18:24 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8E98D7CC077 for ; Mon, 29 Mar 2010 10:18:24 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AigCAEphsEsSCRkOnGdsb2JhbACbLBUBAQEBAQgLCAkRIrMJhFyIXIUBBIYfh3s X-IronPort-AV: E=Sophos;i="4.51,329,1267423200"; d="scan'208";a="39380836" Received: from dmz-mailsec-scanner-3.mit.edu ([18.9.25.14]) by mailgateway.anl.gov with ESMTP; 29 Mar 2010 10:18:24 -0500 X-AuditID: 1209190e-b7b82ae000005260-bb-4bb0c4bf1792 Received: from mailhub-auth-1.mit.edu (MAILHUB-AUTH-1.MIT.EDU [18.9.21.35]) by dmz-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway) with SMTP id 2B.6F.21088.FB4C0BB4; Mon, 29 Mar 2010 11:18:23 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-EXCHANGE-1.MIT.EDU [18.9.28.15]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id o2TFINxN030352; Mon, 29 Mar 2010 11:18:23 -0400 Received: from oc11exedge2.exchange.mit.edu (OC11EXEDGE2.EXCHANGE.MIT.EDU [18.9.3.18]) ) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id o2TFIMAR023990; Mon, 29 Mar 2010 11:18:23 -0400 Received: from oc11exhub6.exchange.mit.edu (18.9.3.16) by oc11exedge2.exchange.mit.edu (18.9.3.18) with Microsoft SMTP Server (TLS) id 8.1.393.1; Mon, 29 Mar 2010 11:16:32 -0400 Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by oc11exhub6.exchange.mit.edu ([18.9.3.16]) with mapi; Mon, 29 Mar 2010 11:18:21 -0400 From: Thomas Hardjono To: "jhutz@cmu.edu" , "ietf-krb-wg@anl.gov" Date: Mon, 29 Mar 2010 11:18:20 -0400 Thread-Topic: NTT IPR Disclosure -- RE: [Ietf-krb-wg] KRB-WG summary for IETF 77 Thread-Index: AcrMR8gvvcjksKxPS5KRilAgrVYk5ADCedNw Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Subject: [Ietf-krb-wg] NTT IPR Disclosure -- RE: KRB-WG summary for IETF 77 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov > -----Original Message----- > From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg- > bounces@lists.anl.gov] On Behalf Of Jeffrey Hutzelman > Sent: Thursday, March 25, 2010 2:20 PM > To: ietf-krb-wg@anl.gov; saag@ietf.org > Cc: jhutz@cmu.edu > Subject: [Ietf-krb-wg] KRB-WG summary for IETF 77 > > Kerberos Working Group - IETF77 meeting summary > > > * Thomas Hardjono gave a brief overview of a recent document describing > a family of enctypes based on the Camellia cipher. There was some > discussion of this document. Sam suggested that in deciding whether to > adopt enctype work, the WG should take on only enctypes which it intends > for the standards track. It was also noted that if this work were to be > adopted, the WG would determine which modes to include, and if the > authors wished to define additional modes, they could do so in an > individual informational document, with enctype number assignment subject > to review by the designated expert (currently Ken Raeburn) as specified > in RFC3961. > > There seemed to be a strong sense in the room that this work should be > adopted; however, that poll was taken before discussion of IPR issues > related to the Camellia cipher. As a result, and because the IPR > disclosure and licensing terms had been submitted but were not yet > available via the IETF's IPR disclosure web site, it was agreed that the > poll was not meaningful. Further discussion will continue on the mailing > list once the IPR disclosure becomes available. Jeff, As I explained at the start of the Camellia discussion, NTT had already attempted to upload the IPR Disclosure doc but without success. I subsequently emailed the PDF IPR Disclosure doc prior to the WG meeting to the Area Directors and the Kerberos WG chairs. Indeed, Tim Polk who was sitting next to me verified verbally that he received the IPR PDF file. So, I think your assessment that "the poll was not meaningful" is too strong. Everyone in the room was aware that previous IPR Disclosures existed for Camellia for the IPsec WG and the TLS WG, and that another had been submitted for the Kerberos WG. Here is the Kerberos-specific IPR Disclosure (dated 19 March 2010): https://datatracker.ietf.org/ipr/1304/ Here is the other IPR Disclosures from NTT: https://datatracker.ietf.org/ipr/search/?option=patent_search&patent_search=Nippon Hope this clarifies. /thomas/ _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 29 08:49:20 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 701D83A68F1 for ; Mon, 29 Mar 2010 08:49:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.845 X-Spam-Level: X-Spam-Status: No, score=-4.845 tagged_above=-999 required=5 tests=[AWL=0.623, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fy2ATVrNL--r for ; Mon, 29 Mar 2010 08:49:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 4696B3A69A9 for ; Mon, 29 Mar 2010 08:49:17 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 579E13F; Mon, 29 Mar 2010 10:49:45 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id E96E934; Mon, 29 Mar 2010 10:49:44 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C718980E4E; Mon, 29 Mar 2010 10:49:44 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9360E80E4D for ; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Received: by mailhost.anl.gov (Postfix) id 85CE12F; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Delivered-To: ietf-krb-wg@anl.gov Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 808DC34 for ; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 7AEE82F for ; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 6515D7CC077; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06258-03; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 4B8E07CC066 for ; Mon, 29 Mar 2010 10:49:43 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApgAAFNosEuNkn7pkWdsb2JhbACbKhUBAQEBCQsKBxEFHcBRhQEEgx6KfA X-IronPort-AV: E=Sophos;i="4.51,329,1267423200"; d="scan'208";a="39383000" Received: from acsinet11.oracle.com ([141.146.126.233]) by mailgateway.anl.gov with ESMTP; 29 Mar 2010 10:49:42 -0500 Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by acsinet11.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o2TFneHm003131 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 29 Mar 2010 15:49:42 GMT Received: from acsmt353.oracle.com (acsmt353.oracle.com [141.146.40.153]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2T8bJDu022831; Mon, 29 Mar 2010 15:49:37 GMT Received: from abhmt020.oracle.com by acsmt353.oracle.com with ESMTP id 126022141269877703; Mon, 29 Mar 2010 08:48:23 -0700 Received: from Sun.COM (/129.153.128.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 29 Mar 2010 08:48:22 -0700 Date: Mon, 29 Mar 2010 10:48:18 -0500 From: Nicolas Williams To: Jeffrey Hutzelman Message-ID: <20100329154818.GL21244@Sun.COM> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2010-03-02) X-Source-IP: acsmt353.oracle.com [141.146.40.153] X-Auth-Type: Internal IP X-CT-RefId: str=0001.0A090205.4BB0CC13.003D,ss=1,fgs=0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@anl.gov Subject: Re: [Ietf-krb-wg] WG Last Call: draft-lha-des-die-die-die-02 X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Sat, Mar 27, 2010 at 06:23:11AM -0400, Jeffrey Hutzelman wrote: > The IPR boilerplate issue is still there. Perhaps the xml2rfc site > is out of date; I'll have to find out what's going on there. It's not. Download the latest xml2rfc. Nico -- _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Mon Mar 29 11:32:27 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAA123A690F for ; Mon, 29 Mar 2010 11:32:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HViMRlFudpI7 for ; Mon, 29 Mar 2010 11:32:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 87D513A6852 for ; Mon, 29 Mar 2010 11:32:26 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B00B539; Mon, 29 Mar 2010 13:32:54 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 0097434; Mon, 29 Mar 2010 13:32:51 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C3A4C80E4E; Mon, 29 Mar 2010 13:32:51 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 45D8A80E4B for ; Mon, 29 Mar 2010 13:32:50 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 2EF9E7CC077; Mon, 29 Mar 2010 13:32:50 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20495-01; Mon, 29 Mar 2010 13:32:50 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 11B837CC071 for ; Mon, 29 Mar 2010 13:32:49 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AowAAP6OsEuAlYtpkWdsb2JhbACbOgEBAQEJCwoHEQUdwFSCdIINBIMeinw X-IronPort-AV: E=Sophos;i="4.51,329,1267423200"; d="scan'208";a="39392632" Received: from sentrion1.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.105]) by mailgateway.anl.gov with ESMTP; 29 Mar 2010 13:32:49 -0500 Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2TIWkE3026530; Mon, 29 Mar 2010 11:32:46 -0700 Mime-Version: 1.0 (Apple Message framework v1077) From: "Henry B. Hotz" In-Reply-To: <1269633254.5165.74.camel@ray> Date: Mon, 29 Mar 2010 11:32:45 -0700 Message-Id: References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> To: Greg Hudson X-Mailer: Apple Mail (2.1077) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 26, 2010, at 12:54 PM, Greg Hudson wrote: > On Thu, 2010-03-25 at 19:08 -0400, Leif Johansson wrote: >> Yes I think everyone understands that and I claim that having a >> schema that doesn't separate key management from the management >> of other data does have security implications. > > What security implications? > > All I am hearing is: > > Step 1: It's important to protect the keys. > Step 2: ??? > Step 3: Therefore keys must be kept separate from other principal data. > > What goes wrong if they aren't separated? What are the security > considerations? Maybe it would be better said the other way 'round: Outside of the actual key material, there isn't much (any?) data that's really sensitive in a KDC. If someone gets a list of your usernames, their flag settings, and password expiration times, how much do you care? ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From smiledzp197@wijnwebwinkel.com Tue Mar 30 10:32:40 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA1E73A6850 for ; Tue, 30 Mar 2010 10:32:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.067 X-Spam-Level: ** X-Spam-Status: No, score=2.067 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_OPENWHOIS=1.13, FB_REPLICA_ROLEX=3.157, FH_FAKE_RCVD_LINE_B=5.777, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_ROLEX=5, HELO_DYNAMIC_IPADDR=2.426, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1, REPLICA_WATCH=3.396, SARE_SPEC_REPLICA_OBFU=1.812, SARE_SPEC_ROLEX_NOV5A=1.062, SARE_SPEC_ROLEX_REP=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_PH_SURBL=1.787, URIBL_SBL=20, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MkfiHvkXpqxC for ; Tue, 30 Mar 2010 10:32:39 -0700 (PDT) Received: from mlv95-1-82-233-21-145.fbx.proxad.net (mlv95-1-82-233-21-145.fbx.proxad.net [82.233.21.145]) by core3.amsl.com (Postfix) with ESMTP id 87B7A3A683A for ; Tue, 30 Mar 2010 10:32:37 -0700 (PDT) Received: from 82.233.21.145 by mail.wijnwebwinkel.com; Tue, 30 Mar 2010 19:33:00 +0100 Message-ID: <000d01cad02f$0b0863e0$6400a8c0@smiledzp197> From: krb-wg-archive@lists.ietf.org To: Subject: Make your dream a reality today Date: Tue, 30 Mar 2010 19:33:00 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CAD02F.0B0863E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2905 X-MimeOLE: Produced By Microsoft MimeOLE 6.00.2900.2905 This is a multi-part message in MIME format. ------=_NextPart_000_0007_01CAD02F.0B0863E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Swiss Replica & Co. is offering all Rolex Watches Replica and also the Brei= tling Replica Watches.Our approach is to match the practices of the origina= l watchmaker to the closest degree of replica rolex and breitling, ensuring= the end result is virtually indistinguishable. Designer replica watches ar= e a craft that we take seriously and take pride in. Quality is essential bo= th for Rolex and Breitling.Replica watches are the best solution if you can= not afford to purchase so expensive original Rolex and Breitling watches.Ou= r online shop can offer you wonderful replica watches collections.More Info= rmationPrice: $229Price: $244Price: $249Price: $399Price: $229Price: $244Pr= ice: $249Price: $389Swiss Replica & Co. is about honesty and integrity; a s= traightforward approach to replica watch sales. As a partnership in this bu= siness we made it our very first priority to establish fair, transparent bu= siness practices for our clientele. We=92d each been involved in various on= line merchant initiatives previously and knew the traps some online busines= ses fall into=2E ------=_NextPart_000_0007_01CAD02F.0B0863E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =

Swiss Replica & = Co. is offering all Rolex Watches Replica and also the Breitling Replica Wa= tches.

Our approach is to match the practices of the origin= al watchmaker to the closest degree of replica rolex and breitling, ensurin= g the end result is virtually indistinguishable. Designer replica watches a= re a craft that we take seriously and take pride in. Quality is essential b= oth for Rolex and Breitling.

Replica watches are the best so= lution if you cannot afford to purchase so expensive original Rolex and Bre= itling watches.

Our online shop can offer you wonderful re= plica watches collections.

More Information

3D""

Price: $229

3D""

Price: $24= 4

3D""

Price: $249

3D""

Price: $399

3D""

Price: $229

3D""

Price: $244=

3D""

Price: $249

3D""

Price: $389

Swiss Replica & Co. is about honesty and integrity; a straig= htforward approach to replica watch sales. As a partnership in this busines= s we made it our very first priority to establish fair, transparent busines= s practices for our clientele. We=92d each been involved in various online = merchant initiatives previously and knew the traps some online businesses f= all into.

------=_NextPart_000_0007_01CAD02F.0B0863E0-- From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 30 11:38:34 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C8CB3A6957 for ; Tue, 30 Mar 2010 11:38:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.518 X-Spam-Level: X-Spam-Status: No, score=-2.518 tagged_above=-999 required=5 tests=[AWL=0.350, BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEc4OZbo4ssU for ; Tue, 30 Mar 2010 11:38:31 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 44E773A68DF for ; Tue, 30 Mar 2010 11:38:31 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 6D90F42; Tue, 30 Mar 2010 13:39:00 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B81D539; Tue, 30 Mar 2010 13:38:57 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5033A2CC073; Tue, 30 Mar 2010 13:38:57 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id E32A880E29 for ; Tue, 30 Mar 2010 13:38:55 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id CC5B57CC05E; Tue, 30 Mar 2010 13:38:55 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06042-08; Tue, 30 Mar 2010 13:38:55 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id A3B9D7CC056 for ; Tue, 30 Mar 2010 13:38:55 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Am8CAObhsUsSB0QknGdsb2JhbACbLhUBAQEBAQgLCAkRIrgKiFuFAASOHw X-IronPort-AV: E=Sophos;i="4.51,335,1267423200"; d="scan'208";a="39462820" Received: from dmz-mailsec-scanner-7.mit.edu ([18.7.68.36]) by mailgateway.anl.gov with ESMTP; 30 Mar 2010 13:38:55 -0500 X-AuditID: 12074424-b7b9dae000002832-ee-4bb2453f3cb3 Received: from mailhub-auth-3.mit.edu (MAILHUB-AUTH-3.MIT.EDU [18.9.21.43]) by dmz-mailsec-scanner-7.mit.edu (Symantec Brightmail Gateway) with SMTP id 5C.66.10290.F3542BB4; Tue, 30 Mar 2010 14:38:55 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-EXCHANGE-1.MIT.EDU [18.9.28.15]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id o2UIcswY026620; Tue, 30 Mar 2010 14:38:54 -0400 Received: from w92exedge3.EXCHANGE.MIT.EDU (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) ) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id o2UIcq6c010294; Tue, 30 Mar 2010 14:38:54 -0400 Received: from oc11exhub4.exchange.mit.edu (18.9.3.14) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 8.1.393.1; Tue, 30 Mar 2010 14:38:44 -0400 Received: from EXPO10.exchange.mit.edu ([18.9.4.15]) by oc11exhub4.exchange.mit.edu ([18.9.3.14]) with mapi; Tue, 30 Mar 2010 14:38:51 -0400 From: Thomas Hardjono To: "jhutz@cmu.edu" , Larry Zhu Date: Tue, 30 Mar 2010 14:38:49 -0400 Thread-Topic: Notes from Kerberos WG meeting at IETF77 (drafty) Thread-Index: AcrQOD1OVyO2v4bKR3Wsc09s8W0dig== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-Brightmail-Tracker: AAAAAA== X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: [Ietf-krb-wg] Notes from Kerberos WG meeting at IETF77 (drafty) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov Folks, Jeff & Larry, Here are my drafty notes from the Kerberos WG meeting last week at IETF77. Please check/verify that I did not miss anything or misunderstood items. cheers, /thomas/ ------------------------------------------------------------------------ Minutes/Notes from Kerberos WG (IETF77) - DRAFT March 24th, 2010 (I) AGENDA: (a) Preliminaries. (b) Document Status. (c) Last Call items. (d) Moving Forward. (e) Open Mic. (II) DOCUMENT STATUS (a) Cross Realm Problem statement - Approved, in Editor's queue. (b) Preauth Framework - Will be on IESG Telechat in 2 weeks (April/8/2010). (c) StartTLS - Currently in IESG Review. - Waiting also on outcome on discussions regarding validating server certs (mailing-list discussion). - WG Consensus: layering AS_REQ over TLS is generally a good idea (ie. better than nothing). (d) IAKERB - Completed WG Last Call a few months ago. - Waiting for JHutz for proto eval. (e) Naming/Anonymous - Draft has expired. - Anonymous draft has also expired now. - Sam believes all issues now resolved. - Larry to issue new versions of both drafts. + The Naming draft needs a new WG Last Call. + Anonymous draft just needs update in version-number. (III) LAST CALL ITEMS (a) Kerberos Information Model (v.07) - Update from Leif: + Leif will provide update v.08 + Principal realms must be (will be) single-valued. + Will do English language clean-up. - Q: Should principal realms be single-valued? Sam: Its logical to associate multiple names to the realm. - PrincipalName is multivalued (even in 1 realm). - but Realm is multivalued. GregH: Consensus is that Principal Name must be multi-valued. But does not imply whether principal name includes a realm name. Discussion:.... Leif: a principal can have multiple names even when it belongs to one realm (ie. folding name into realm). - Consensus: hum please... + Yes (majority) + No strong objection. + Slight objection from Hank Holtz. (b) Kerberos Information Model: Open Issues - Slides: http://www.ietf.org/proceedings/10mar/slides/krb-wg-1.pdf - Two remaining open items: + Greg Hudson: some implementations don't need canonical principalName for salting keys. + Greg Hudson: no need to separate keys from the rest of the model. - Q: Larry: We still need some semantics to be built into the name for the enterprise case. A: Leif: but this issue is not part of the model. Sam: agrees with Leif. - Consensus checks: (i) Update the text of the draft to clarify that implementations do not necessarilly require the canonical principalName for salting keys ? Consensus call: weak hum, no rejects, 2 Yes on Jabber. Action Item: Leif to update the text to clarifiy this point. (ii) Separating keys from the rest of the model? Discussion: - GregH is not arguing for separating keys, but only that better text is needed to justify this. (Section 6.2.3) - Leif: could people please send suggested text to the mailing-list or to Leif. Note that WGLC is April 9th 2010. - JHutz: continue discussion on this topic on the mailing-list. (IV) NEW DOCUMENTS (a) Ticket extensions draft - Adopted as WG work item. - Love will modify doc name at next revision/update. (b) Deprecating DES (des-die-die-die) - Adopted as WG work item. - Love says its ready for WGLC. + Sam: just publish it. + Hank: just publish it. - Conclusion: will begin WG Last Call as soon as possible. (c) DHCPv6 Option - Adopted as WG work item. - Will begin WG Last Call as soon as possible. (V) MOVING FORWARD (a) IANA Considerations (draft-lha-krb-wg-some-numbers-to-iana-00) - JHutz: would anyone object to this document? + Sam: Agree that we need to turn over numbers to IANA but uncomfortable in the current registration process. This should not imply level of consensus in the work. + JHutz: "Registration process will be based on WG consensus". - We need to discuss registration procedure on the mailing-list until the next IETF meeting. However, WG will adopt this doc as WG work-item. (b) KDC Schema (ie. Kadmin-by-LDAP) - No documents yet. - JHutz: Anyone interested in this work? Who wants to deploy? Hank: may be Howard Chu (OpenLDAP) would be interested. Leif: lets ask Howard. Love: Howard has already started work (backend store). JHutz: But backend store is not in WG charter. Leif: Ask Simo & Howard to submit their work as draft. - Update the draft-chu-ldap-kdc-schema-00 and resubmit. (c) Camellia Enctype (draft-krb-wg-kanno-camellia-00) - Thomas: Japanese Gov will soon (around 2013) mandate two ciphers to be supported for Japanese government use (namely AES and Camellia). Thus makes sense to address Cammelia now. IPsec WG and TLS WG already have WG work items on Camellia. - JHutz: Should we adopt this as WG work item? - Sam: we should adopt Camellia generally but prefer one Standards Track mode only. Need input from our Standards Track expert (Ken Raeburn). - Shawn: CTS mode is known to have issues. - JHutz: Need to read IANA policy. It needs expert review and registration process. - Consensus check: Should WG adopt Camellia work? + Hank: Yes in favor. + Shawn: What about quality of cipher? - Thomas: same level of quality as AES. + Sam: should just choose one mode of Camellia for Standards Track based on quality. + Tim: Correcting Thomas, Camellia was not one of the 15 candidates for AES competition. + JHutz: Consensus call based on the assumption that there will be one Standards Track. Shall the WG adopt work on Cammelia enctype for standards track?: - In favor: medium hum. - Against: low hum - Who objects: 1 person (Mike Boyle) objects on the basis of too many enctypes in Kerberos. Fewer algorithms is better. Objection has nothing to do with quality of Camellia. + JHutz: IPR Disclosure from NTT has been received by WG chairs and Security ADs. (VI) OPEN MIC (a) Hank Holtz on KX509 - Has a drafty doc on KX509 - Work is based on UMich previous work, thus may have some IP issues. - KX509 is a cert acquisition protocol for a client to get a client-cert. - Questions/comments: (i) GregH: Are these short-term certs ("junk certs")? Hank: Not neccesarilly. Can be used for long life certs. (ii) Hank to all: which WG should this work go into? Tim: Get clearance for the work. And then bring to both PKIX WG and Kerberos WG. (iii) Love: Does not oppose this work, but notes that current KX509 only supports RSA cryptosystem. Hank: Shall update the doc to include other ciphers. (iv) Scott Cantor: Is this an application layer protocol? Hank: - KX509 does not modify Kerberos or PKI. - Provides symmetric opposite of PKINIT. It's a "bridge" protocol. (v) JHutz: It is still within scope of the Kerberos WG. Its not the first time the WG taken-up similar work. - Action Item: Chairs will get together with Hank and Tim to discuss further. (b) Comment from GregH on Jabber about GCM-based enc type. ------------------------------------------------------------------------ _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 30 12:03:54 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 214D23A6877 for ; Tue, 30 Mar 2010 12:03:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.274 X-Spam-Level: X-Spam-Status: No, score=-5.274 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nRW6ife7m4QB for ; Tue, 30 Mar 2010 12:03:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A20173A6847 for ; Tue, 30 Mar 2010 12:03:52 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id DC13333; Tue, 30 Mar 2010 14:04:18 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 9A7F740; Tue, 30 Mar 2010 14:04:18 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5F1FA80E4B; Tue, 30 Mar 2010 14:04:18 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id AF4C580E29 for ; Tue, 30 Mar 2010 14:04:16 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 9B5807CC05E; Tue, 30 Mar 2010 14:04:16 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13073-06; Tue, 30 Mar 2010 14:04:16 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 6E77F7CC05C for ; Tue, 30 Mar 2010 14:04:16 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AloBAIbnsUuAAtnGkWdsb2JhbACbLhUBAQEBCQsKBxEFHbd4iFuFAASOHw X-IronPort-AV: E=Sophos;i="4.51,336,1267423200"; d="scan'208";a="39465008" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 30 Mar 2010 14:04:16 -0500 Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2UJ4Erv015216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Mar 2010 15:04:14 -0400 (EDT) Date: Tue, 30 Mar 2010 15:04:14 -0400 From: Jeffrey Hutzelman To: Thomas Hardjono , Larry Zhu Message-ID: <827A7FC8E8CF5076AB87AA9D@minbar.fac.cs.cmu.edu> In-Reply-To: References: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov, jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] Notes from Kerberos WG meeting at IETF77 (drafty) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Tuesday, March 30, 2010 02:38:49 PM -0400 Thomas Hardjono wrote: > (c) StartTLS > - Currently in IESG Review. > - Waiting also on outcome on discussions regarding > validating server certs (mailing-list discussion). > - WG Consensus: layering AS_REQ over TLS is generally > a good idea (ie. better than nothing). No, there's no ongoing mailing list discussion here. The author, chairs, and AD are working on resolving a DISCUSS, after which the document will move forward. > (e) Naming/Anonymous > - Draft has expired. > - Anonymous draft has also expired now. > - Sam believes all issues now resolved. > - Larry to issue new versions of both drafts. > + The Naming draft needs a new WG Last Call. > + Anonymous draft just needs update in version-number. This is backwards: anonymous has some pending changes, followed by a new WGLC; naming will just need a version refresh. > > (III) LAST CALL ITEMS > > (a) Kerberos Information Model (v.07) > > - Update from Leif: > + Leif will provide update v.08 > + Principal realms must be (will be) single-valued. > + Will do English language clean-up. > > - Q: Should principal realms be single-valued? > > Sam: Its logical to associate multiple names to the realm. > - PrincipalName is multivalued (even in 1 realm). > - but Realm is multivalued. > > GregH: Consensus is that Principal Name must be multi-valued. > But does not imply whether principal name includes > a realm name. > > Discussion:.... > > Leif: a principal can have multiple names even when it belongs > to one realm (ie. folding name into realm). This seems somewhat garbled. The conclusion we came to, I think, is that principals may have multiple names, each of which has an associated realm. In particular, this means that principals may have names in multiple realms, but not the same set of names in every realm. > - Consensus: hum please... > + Yes (majority) > + No strong objection. > + Slight objection from Hank Holtz. Note that we don't determine consensus based on hums in meeting rooms - that's really just a poll. Any conclusions we came to during the meeting will be validated by discussion and/or a formal consensus call on this list. Hank's last name is "Hotz". I recall that he had an objection, but no longer remember what it was. It would be good to document that. > - Leif: could people please send suggested text to the > mailing-list or to Leif. Note that WGLC is April 9th 2010. But, and I tried to make this point clear in the meeting, the fact that WGLC times out on April 9 does _not_ mean that this issue must be resolved by then, or that we ignore the issue if someone doesn't provide text by then. Issues raised during last call will be discussed and resolved, one way or another, before the document moves forward. That could mean deciding the person who raised the issue is in the rough, but that doesn't happen automatically. > - JHutz: Need to read IANA policy. It needs expert review > and registration process. This is a bit garbled. I reviewed the registration policy defined in RFC3961 for enctypes in real time during the meeting. The policy is Standards Action or Expert Review. > + JHutz: Consensus call based on the assumption that > there will be one Standards Track. > Shall the WG adopt work on Cammelia enctype for > standards track?: I stated no such assumption. The assumption was that if the WG adopts the work, it will decide which modes etc to include, and at what level of recommendation. > + JHutz: IPR Disclosure from NTT has been received by WG chairs > and Security ADs. Which is important, because it means that the previous hum was based on incomplete information. Since the IPR issues are likely to affect the opinions of several WG members, and the disclosure was not immediately available for people to review, that hum is mostly meaningless (but should still be included in the minutes, for completeness; after all, it happened). > (VI) OPEN MIC > > (a) Hank Holtz on KX509 Technically this was under "Moving Forward", not open mic. It was added to the agenda during agenda bashing at the start of the meeting. And in fact, Henry had asked for time for this, and I simply forgot to include it on the original agenda. Thanks for your excellent work in preparing these minutes. Once the first round of comments has been resolved, we'll upload a draft to the IETF web site. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Tue Mar 30 13:06:06 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C0373A6AE0 for ; Tue, 30 Mar 2010 13:06:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6DTA8p7nvxL for ; Tue, 30 Mar 2010 13:06:05 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 7392D3A6AE5 for ; Tue, 30 Mar 2010 13:06:04 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 60F6233; Tue, 30 Mar 2010 15:06:34 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 74D1F37; Tue, 30 Mar 2010 15:06:31 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 3F30180E4B; Tue, 30 Mar 2010 15:06:31 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 63F5580E29 for ; Tue, 30 Mar 2010 15:06:30 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 4DD907CC05D; Tue, 30 Mar 2010 15:06:30 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31767-10; Tue, 30 Mar 2010 15:06:30 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 276137CC05A for ; Tue, 30 Mar 2010 15:06:30 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqUAAP/2sUuAlYtqkWdsb2JhbACbRQEBAQEJCwoHEQUdwHKCU4ItBIMgiwA X-IronPort-AV: E=Sophos;i="4.51,336,1267423200"; d="scan'208";a="39470369" Received: from mailhost.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.106]) by mailgateway.anl.gov with ESMTP; 30 Mar 2010 15:06:29 -0500 Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2UK6PiF029770; Tue, 30 Mar 2010 13:06:26 -0700 Mime-Version: 1.0 (Apple Message framework v1078) From: "Henry B. Hotz" In-Reply-To: <827A7FC8E8CF5076AB87AA9D@minbar.fac.cs.cmu.edu> Date: Tue, 30 Mar 2010 13:06:25 -0700 Message-Id: References: <827A7FC8E8CF5076AB87AA9D@minbar.fac.cs.cmu.edu> To: Jeffrey Hutzelman X-Mailer: Apple Mail (2.1078) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" Subject: Re: [Ietf-krb-wg] Notes from Kerberos WG meeting at IETF77 (drafty) X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 30, 2010, at 12:04 PM, Jeffrey Hutzelman wrote: >> - Consensus: hum please... >> + Yes (majority) >> + No strong objection. >> + Slight objection from Hank Holtz. > > Note that we don't determine consensus based on hums in meeting rooms - > that's really just a poll. Any conclusions we came to during the meeting > will be validated by discussion and/or a formal consensus call on this list. > > Hank's last name is "Hotz". No offense taken. ;-) > I recall that he had an objection, but no > longer remember what it was. It would be good to document that. My "objection" is that I'm not sure I understand the implications of allowing multiple principal names which are not all the same realm. Some other people in the room seemed to feel strongly that this should be allowed to support Enterprise infrastructures where a person might legitimately exist in multiple realms, IIUC. Drifting off-topic toward review of the Info Model. . . The reason I'm not sure I understand is that it appears to conflate authentication and authorization. I would expect the cryptographic identity, as used in the Kerberos protocol, to be closely tied to a specific principal name for authentication purposes. Defining multiple principal names to be equivalent, *especially* if they span multiple realms (and presumably multiple KDC's), is something I expect to do at an authorization level. That happens *after* the Kerberos authentication is complete. Since I know everyone is going to think of AD, let me point out that it has a multi-valued LDAP attribute, altSecurityIdentities, which simply lists all the principal names which refer to its entry. While they have optimized some wire exchanges out of existence, basically they do Kerberos normally. Then at the last minute they do an internal LDAP/authorization lookup against that attribute, and put the results into the authorization data field of the ticket. This is architecturally equivalent to using Kerberos for authentication and LDAP for authorization, so it does not confuse me at all. (I trust Larry will correct me if I've simplified things too much.) This is all a long-winded way of saying that I haven't studied the latest draft or thought about it enough to have an opinion, so I don't want to block the RFC from going forward. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 06:15:48 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A26B3A691D for ; Wed, 31 Mar 2010 06:15:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hG3DDQs7uwRa for ; Wed, 31 Mar 2010 06:15:47 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id EE9113A6928 for ; Wed, 31 Mar 2010 06:15:46 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D010633; Wed, 31 Mar 2010 08:16:17 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EF6B735; Wed, 31 Mar 2010 08:16:13 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A30D180E4C; Wed, 31 Mar 2010 08:16:13 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 54C1180E29 for ; Wed, 31 Mar 2010 08:16:12 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 32C077CC05A; Wed, 31 Mar 2010 08:16:12 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04068-02; Wed, 31 Mar 2010 08:16:12 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 193E27CC059 for ; Wed, 31 Mar 2010 08:16:12 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAGfoskvBCvxC/2dsb2JhbACDEpgjcbAqkFSBK4JragSOIw X-IronPort-AV: E=Sophos;i="4.51,341,1267423200"; d="scan'208";a="39515943" Received: from backup-server.nordu.net ([193.10.252.66]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 08:16:11 -0500 Received: from [192.36.125.216] (dhcp-216.pilsnet.sunet.se [192.36.125.216] (may be forged)) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o2VDG2gf023964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Mar 2010 15:16:05 +0200 (CEST) Message-ID: <4BB34B12.5020504@mnt.se> Date: Wed, 31 Mar 2010 15:16:02 +0200 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: Greg Hudson References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> In-Reply-To: <1269633254.5165.74.camel@ray> X-Scanned-By: MIMEDefang 2.63 on 193.10.252.66 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On 03/26/2010 08:54 PM, Greg Hudson wrote: > On Thu, 2010-03-25 at 19:08 -0400, Leif Johansson wrote: >> Yes I think everyone understands that and I claim that having a >> schema that doesn't separate key management from the management >> of other data does have security implications. > > What security implications? > > All I am hearing is: > > Step 1: It's important to protect the keys. > Step 2: ??? > Step 3: Therefore keys must be kept separate from other principal data. > > What goes wrong if they aren't separated? What are the security > considerations? > > Can you suggest a concrete change to reflect what you don't like about the text? Cheers Leif _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 09:18:42 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E03F23A6833 for ; Wed, 31 Mar 2010 09:18:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id me6aCK2A7BEF for ; Wed, 31 Mar 2010 09:18:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id A0DE23A68BD for ; Wed, 31 Mar 2010 09:17:15 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 8431A43; Wed, 31 Mar 2010 11:17:46 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id BF5D33C; Wed, 31 Mar 2010 11:17:44 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 78BBD80E4D; Wed, 31 Mar 2010 11:17:44 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 68E1180E4C for ; Wed, 31 Mar 2010 11:17:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 525F77CC05F; Wed, 31 Mar 2010 11:17:42 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03360-04; Wed, 31 Mar 2010 11:17:42 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 38A0D7CC05C for ; Wed, 31 Mar 2010 11:17:42 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApsEAJgSs0tFGcQc/2dsb2JhbACcJbguiFuFAAQ X-IronPort-AV: E=Sophos;i="4.51,342,1267423200"; d="scan'208";a="39532723" Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 11:17:41 -0500 Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 3D371201E2; Wed, 31 Mar 2010 12:17:41 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id B86B9413C; Wed, 31 Mar 2010 12:17:34 -0400 (EDT) From: Sam Hartman To: Leif Johansson References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> Date: Wed, 31 Mar 2010 12:17:34 -0400 In-Reply-To: <4BB34B12.5020504@mnt.se> (Leif Johansson's message of "Wed, 31 Mar 2010 15:16:02 +0200") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov In general, you want the schema to permit separation so that keys can be segregated for backup, or for privilege control. What it means to separate depends on what data model language you're talking about. For LDAP, I think it is important that it be possible to store keys in a separate object so that those objects can be segregated for backup. I think that most LDAP implementations have per-attribute access control. I don't think people should be required to deploy that way; I simply think the schema should support it. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 09:36:37 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4434C3A6A50 for ; Wed, 31 Mar 2010 09:36:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2rfpKuyXGtC for ; Wed, 31 Mar 2010 09:36:35 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id E6B343A6A6A for ; Wed, 31 Mar 2010 09:29:13 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 1EBC12E; Wed, 31 Mar 2010 11:29:45 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id C7C0A2B; Wed, 31 Mar 2010 11:29:43 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id A074A80E4D; Wed, 31 Mar 2010 11:29:43 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 9263E80E4C for ; Wed, 31 Mar 2010 11:29:42 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 73ABC7CC05E; Wed, 31 Mar 2010 11:29:42 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07670-06; Wed, 31 Mar 2010 11:29:42 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 51A517CC05A for ; Wed, 31 Mar 2010 11:29:42 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApsEAO8Us0tFGcQc/2dsb2JhbACcJbg4iFuCdIIMBIYlh34 X-IronPort-AV: E=Sophos;i="4.51,342,1267423200"; d="scan'208";a="39533925" Received: from permutation-city.suchdamage.org (HELO mail.suchdamage.org) ([69.25.196.28]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 11:29:42 -0500 Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id F0C5A20126; Wed, 31 Mar 2010 12:29:41 -0400 (EDT) Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 6F25C413C; Wed, 31 Mar 2010 12:29:35 -0400 (EDT) From: Sam Hartman To: Sam Hartman References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> Date: Wed, 31 Mar 2010 12:29:35 -0400 In-Reply-To: (Sam Hartman's message of "Wed, 31 Mar 2010 12:17:34 -0400") Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Jeffrey Hutzelman Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov >>>>> "Sam" == Sam Hartman writes: Sam> In general, you want the schema to permit separation so that Sam> keys can be segregated for backup, or for privilege control. Sam> What it means to separate depends on what data model language Sam> you're talking about. For LDAP, I think it is important that Sam> it be possible to store keys in a separate object so that those Sam> objects can be segregated for backup. I think that most LDAP Sam> implementations have per-attribute access control. Sam> I don't think people should be required to deploy that way; I Sam> simply think the schema should support it. Sam> _______________________________________________ ietf-krb-wg Sam> mailing list ietf-krb-wg@lists.anl.gov Sam> https://lists.anl.gov/mailman/listinfo/ietf-krb-wg The other separation you might want is to use different data models for key store updates and for the rest. For example my preferred admin strategy is to use LDAP for non-key-store operations and change/set password for key store ops. So, you want someone to be able to implement only key store or not key store in a particular data model. For most data models you want an implementation of that data model to be able to leave out/include key store. For deployments you also often want that flexibility. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 09:52:32 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 677833A6B8B for ; Wed, 31 Mar 2010 09:52:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfHFiy8ojE2o for ; Wed, 31 Mar 2010 09:52:31 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 252D23A69F2 for ; Wed, 31 Mar 2010 09:43:19 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 563BD2B; Wed, 31 Mar 2010 11:43:50 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D354E2E; Wed, 31 Mar 2010 11:43:49 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 9CBE380E4D; Wed, 31 Mar 2010 11:43:49 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D76EF80E4C for ; Wed, 31 Mar 2010 11:43:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B65167CC05A; Wed, 31 Mar 2010 11:43:47 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12513-05; Wed, 31 Mar 2010 11:43:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 8F9527CC05C for ; Wed, 31 Mar 2010 11:43:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwBAHQYs0sSCRkMnGdsb2JhbACDEpgiFQEBAQEBCAsICREisEyIBYhbgSuBLoE9agSOIw X-IronPort-AV: E=Sophos;i="4.51,342,1267423200"; d="scan'208";a="39534973" Received: from dmz-mailsec-scanner-1.mit.edu ([18.9.25.12]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 11:43:47 -0500 X-AuditID: 1209190c-b7c8cae00000610c-54-4bb37bc2f7ac Received: from mailhub-auth-1.mit.edu (MAILHUB-AUTH-1.MIT.EDU [18.9.21.35]) by dmz-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 3A.FE.24844.2CB73BB4; Wed, 31 Mar 2010 12:43:46 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id o2VGhj8H010658; Wed, 31 Mar 2010 12:43:45 -0400 Received: from [10.0.0.102] (c-24-61-11-81.hsd1.ma.comcast.net [24.61.11.81]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2VGhgvs011425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 31 Mar 2010 12:43:43 -0400 (EDT) From: Greg Hudson To: Sam Hartman In-Reply-To: References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> Date: Wed, 31 Mar 2010 12:43:42 -0400 Message-ID: <1270053822.23874.152.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 X-Brightmail-Tracker: AAAAAROG18g= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , "jhutz@cmu.edu" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, 2010-03-31 at 12:17 -0400, Sam Hartman wrote: > In general, you want the schema to permit separation so that keys can be > segregated for backup, or for privilege control. Thank you, Sam. Now that this has been explained, I can suggest the following change: REPLACE: The reason for separating the KeySet from the Principal is security. The security of Kerberos 5 depends absolutely on the security of the keys stored in the KDC. The KeySet type is provided to make this clear and to make separation of keys from other parts of the model clear. Implementations of this standard (eg an LDAP schema) MUST make a clear separation between the representation of KeySet from other information objects. WITH: The security of Kerberos 5 depends absolutely on the confidentiality and integrity of the keys stored in the KDC. Implementations of this standard MUST facilitate, to the extent possible, an administrator's ability to place more restrictive access controls on KeySets than on other principal data, and to arrange for more secure backup for KeySets. I feel a little weird saying "MUST facilitate," but the concept being expressed here is a little vague. What we want is to make something possible for a party three layers away from this standard: Data model --> Schema (e.g. for LDAP) --> Implementation --> Admin The model implementation may be built on an object-based substrate (like LDAP) or it may not. If it's an object-based substrate, then placing KeySets in separate objects will make it more likely to treat KeySets separately for privilege and backup, but that is still dependent on the server implementation. For example, you could imagine an embedded LDAP server which keeps all data in a single file and has no backup facilities beyond backing up the single file--in such a server, it would be very hard to do separate backup of key data regardless of how the LDAP schema is written. If the model implementation is instead built on an RPC-like substrate (like Web Services), then that standard has very little influence on the ability to do separate backup, but does have some influence on the ability to do separate privilege. For instance, the MIT kadmind's get_principal query would probably be expressed differently, or divided up into two queries, if it were designed to meet this constraint. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 09:55:39 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 74BAA3A6B9E for ; Wed, 31 Mar 2010 09:55:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HEO9PSs5ePGC for ; Wed, 31 Mar 2010 09:55:38 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 957253A6BC1 for ; Wed, 31 Mar 2010 09:45:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id B696533; Wed, 31 Mar 2010 11:46:11 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 7A6EA2E; Wed, 31 Mar 2010 11:46:10 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 5861580E4D; Wed, 31 Mar 2010 11:46:10 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 63E7380E4C for ; Wed, 31 Mar 2010 11:46:09 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 47CC87CC05C; Wed, 31 Mar 2010 11:46:09 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13662-01; Wed, 31 Mar 2010 11:46:09 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 2C46D7CC05A for ; Wed, 31 Mar 2010 11:46:09 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwBAKQZs0sSB0QinGdsb2JhbACDEpgiFQEBAQEBCAsICREisD+IBYhbgSuBSYEiagSOIw X-IronPort-AV: E=Sophos;i="4.51,342,1267423200"; d="scan'208";a="39535207" Received: from dmz-mailsec-scanner-5.mit.edu ([18.7.68.34]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 11:46:08 -0500 X-AuditID: 12074422-b7c13ae000003829-c8-4bb37c50b8a3 Received: from mailhub-auth-4.mit.edu (MAILHUB-AUTH-4.MIT.EDU [18.7.62.39]) by dmz-mailsec-scanner-5.mit.edu (Symantec Brightmail Gateway) with SMTP id A5.8F.14377.05C73BB4; Wed, 31 Mar 2010 12:46:08 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id o2VGk7Nl016467; Wed, 31 Mar 2010 12:46:07 -0400 Received: from [10.0.0.102] (c-24-61-11-81.hsd1.ma.comcast.net [24.61.11.81]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id o2VGk6sk011972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 31 Mar 2010 12:46:07 -0400 (EDT) From: Greg Hudson To: Sam Hartman In-Reply-To: References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> Date: Wed, 31 Mar 2010 12:46:06 -0400 Message-ID: <1270053966.23874.154.camel@ray> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 X-Brightmail-Tracker: AAAAAROG18g= X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , "jhutz@cmu.edu" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, 2010-03-31 at 12:29 -0400, Sam Hartman wrote: > The other separation you might want is to use different data models for > key store updates and for the rest. For example my preferred admin > strategy is to use LDAP for non-key-store operations and change/set > password for key store ops. There is already other language in the document about this, in sections 6.2 and 6.3. I am not proposing to change that language. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 11:04:39 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8BFF83A6AAE for ; Wed, 31 Mar 2010 11:04:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.469 X-Spam-Level: X-Spam-Status: No, score=-5.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USm6mCKLZZfd for ; Wed, 31 Mar 2010 11:04:38 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 0F4983A6988 for ; Wed, 31 Mar 2010 11:04:20 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 420CB2E; Wed, 31 Mar 2010 13:04:51 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 05D7A2B; Wed, 31 Mar 2010 13:04:48 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id CBC9D80E4B; Wed, 31 Mar 2010 13:04:48 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 4E7CA80DDF for ; Wed, 31 Mar 2010 13:04:47 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 30BD77CC061; Wed, 31 Mar 2010 13:04:47 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04399-04; Wed, 31 Mar 2010 13:04:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 15C937CC05C for ; Wed, 31 Mar 2010 13:04:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqEAADMrs0uAlYttkWdsb2JhbACbSQEBAQEJCwoHEQUdwUWFAASDI4sA X-IronPort-AV: E=Sophos;i="4.51,342,1267423200"; d="scan'208";a="39541345" Received: from smtp.jpl.nasa.gov (HELO mail.jpl.nasa.gov) ([128.149.139.109]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 13:04:46 -0500 Received: from laphotz.jpl.nasa.gov (laphotz.jpl.nasa.gov [128.149.133.44]) by smtp.jpl.nasa.gov (Switch-3.4.2/Switch-3.4.1) with ESMTP id o2VI4gAi017344; Wed, 31 Mar 2010 11:04:43 -0700 Mime-Version: 1.0 (Apple Message framework v1078) From: "Henry B. Hotz" In-Reply-To: <1270053822.23874.152.camel@ray> Date: Wed, 31 Mar 2010 11:04:42 -0700 Message-Id: <91A0ACC7-0D84-4721-9657-566FBEDCFB36@jpl.nasa.gov> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> <1270053822.23874.152.camel@ray> To: Greg Hudson X-Mailer: Apple Mail (2.1078) X-Source-IP: laphotz.jpl.nasa.gov [128.149.133.44] X-Source-Sender: hotz@jpl.nasa.gov X-AUTH: Authorized X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Sam Hartman , "jhutz@cmu.edu" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Mar 31, 2010, at 9:43 AM, Greg Hudson wrote: > I feel a little weird saying "MUST facilitate," but the concept being > expressed here is a little vague. MUST restrict (protect?) access to KeySet data. MAY allow less restrictive access to other data. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 12:53:41 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0E303A6A97 for ; Wed, 31 Mar 2010 12:53:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -105.319 X-Spam-Level: X-Spam-Status: No, score=-105.319 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WqVv4bhDFgkB for ; Wed, 31 Mar 2010 12:53:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 9EF843A6A29 for ; Wed, 31 Mar 2010 12:53:40 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id CABBE3B; Wed, 31 Mar 2010 14:54:11 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id D3E1931; Wed, 31 Mar 2010 14:54:08 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id B0C5180E4B; Wed, 31 Mar 2010 14:54:08 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 7EFA180DDF for ; Wed, 31 Mar 2010 14:54:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 5E7F77CC05A; Wed, 31 Mar 2010 14:54:06 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03399-03; Wed, 31 Mar 2010 14:54:06 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 3934B7CC059 for ; Wed, 31 Mar 2010 14:54:06 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: As4AAPtEs0vRhLcckWdsb2JhbACbNhUBAQEBCQsKBxEGHMFrhQAEjiM X-IronPort-AV: E=Sophos;i="4.51,343,1267423200"; d="scan'208";a="39548988" Received: from mx1.redhat.com ([209.132.183.28]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 14:54:05 -0500 Received: from int-mx04.intmail.prod.int.phx2.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o2VJs13s002349 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 31 Mar 2010 15:54:02 -0400 Received: from willson.li.ssimo.org (pilototp-int.redhat.com [10.11.232.41]) by int-mx04.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o2VJs0FY024331; Wed, 31 Mar 2010 15:54:01 -0400 Date: Wed, 31 Mar 2010 15:53:59 -0400 From: Simo Sorce To: Greg Hudson Message-ID: <20100331155359.6f01eb93@willson.li.ssimo.org> In-Reply-To: <1270053822.23874.152.camel@ray> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> <1270053822.23874.152.camel@ray> Organization: Red Hat, Inc. Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.17 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: "ietf-krb-wg@lists.anl.gov" , Sam Hartman , "jhutz@cmu.edu" Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov On Wed, 31 Mar 2010 12:43:42 -0400 Greg Hudson wrote: > On Wed, 2010-03-31 at 12:17 -0400, Sam Hartman wrote: > > In general, you want the schema to permit separation so that keys > > can be segregated for backup, or for privilege control. > > Thank you, Sam. Now that this has been explained, I can suggest the > following change: > > REPLACE: > > The reason for separating the KeySet from the Principal is > security. The security of Kerberos 5 depends absolutely on the > security of the keys stored in the KDC. The KeySet type is provided > to make this clear and to make separation of keys from other parts of > the model clear. > > Implementations of this standard (eg an LDAP schema) MUST make a > clear separation between the representation of KeySet from other > information objects. > > WITH: > > The security of Kerberos 5 depends absolutely on the confidentiality > and integrity of the keys stored in the KDC. Implementations of > this standard MUST facilitate, to the extent possible, an > administrator's ability to place more restrictive access controls on > KeySets than on other principal data, and to arrange for more secure > backup for KeySets. If the purpose is to unequivocally state that keys must be protected why don't we just say so ? REPLACE WITH: The security of Kerberos 5 is completely dependent on the confidentiality and integrity of the keys. Implementations of this standard SHALL include appropriate measures to protect keys from unauthorized access. Protection form unauthorized access SHOULD also be extended to any backup of key material. Other principal data information does not need the same level of protection. I removed "stored in the KDC" as keys may be stored elsewhere (for example in LDAP). Also I do not agree with the original where it claims that implementations MUST make it possible to separate data. As long as keys are protected it doesn't matter if they are separable form the information model point of view IMO. In fact they are not separable from principal data when using the standard database in current implementations. I don't see why we should make current implementations fall off the standard when separation is not strictly needed. If the wg *really* feels like it should strongly push separation in LDAP based implementations then I suggest the following additional text. ADDITIONAL TEXT: Implementations that use a general purpose storage (such as LDAP directories or SQL databases) that can be accessed by other agents beyond the KDC and related administrative client SHALL make it possible to separate access to key material from other principal data. Administrators SHOULD be allowed to apply stricter access control to key material while allowing more relaxed access to other principal data. I think it is a little redundant, as normally you do separate data in multiple attributes when dealing with LDAP, but other databases may not do so normally (for example the SQL case), so it probably make sense. Simo. P.S. My English is far from perfect so I welcome corrections. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg From ietf-krb-wg-bounces@lists.anl.gov Wed Mar 31 13:56:21 2010 Return-Path: X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A6AE3A6A21 for ; Wed, 31 Mar 2010 13:56:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.292 X-Spam-Level: X-Spam-Status: No, score=-5.292 tagged_above=-999 required=5 tests=[AWL=0.177, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YTTvxk7DSZix for ; Wed, 31 Mar 2010 13:56:20 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id 5E67F3A69FB for ; Wed, 31 Mar 2010 13:56:20 -0700 (PDT) Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 44DE531; Wed, 31 Mar 2010 15:56:51 -0500 (CDT) Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B2CC335; Wed, 31 Mar 2010 15:56:49 -0500 (CDT) Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 52E8C80E4B; Wed, 31 Mar 2010 15:56:49 -0500 (CDT) X-Original-To: ietf-krb-wg@lists.anl.gov Delivered-To: ietf-krb-wg@lists.anl.gov Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 23A3780DDF for ; Wed, 31 Mar 2010 15:56:48 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 024C57CC05A; Wed, 31 Mar 2010 15:56:48 -0500 (CDT) Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21432-04; Wed, 31 Mar 2010 15:56:47 -0500 (CDT) Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id DA6AE7CC05D for ; Wed, 31 Mar 2010 15:56:47 -0500 (CDT) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AskAADZUs0uAAtnGkWdsb2JhbACbORUBAQEBCQsKBxEFHbkIiFuFAASOIw X-IronPort-AV: E=Sophos;i="4.51,343,1267423200"; d="scan'208";a="39553286" Received: from smtp03.srv.cs.cmu.edu ([128.2.217.198]) by mailgateway.anl.gov with ESMTP; 31 Mar 2010 15:56:47 -0500 Received: from MINBAR.FAC.CS.CMU.EDU (MINBAR.FAC.CS.CMU.EDU [128.2.216.42]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o2VKuaLC007445 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Mar 2010 16:56:36 -0400 (EDT) Date: Wed, 31 Mar 2010 15:05:51 -0400 From: Jeffrey Hutzelman To: "Henry B. Hotz" , Greg Hudson Message-ID: <8FD8D0A026C0C6F6AC81A565@minbar.fac.cs.cmu.edu> In-Reply-To: <91A0ACC7-0D84-4721-9657-566FBEDCFB36@jpl.nasa.gov> References: <201003242118.o2OLIBLW010389@outgoing.mit.edu> <4BAA9763.5060806@mnt.se> <1269472974.7493.547.camel@ray> <75A36D34-D404-4FC0-AE73-D474BEF2ECB5@apple.com> <20100325144721.40a34c08@willson.li.ssimo.org> <4BABECFD.2000501@mnt.se> <1269633254.5165.74.camel@ray> <4BB34B12.5020504@mnt.se> <1270053822.23874.152.camel@ray> <91A0ACC7-0D84-4721-9657-566FBEDCFB36@jpl.nasa.gov> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Disposition: inline X-Scanned-By: mimedefang-cmuscs on 128.2.217.198 X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov Cc: ietf-krb-wg@lists.anl.gov, Sam Hartman , jhutz@cmu.edu Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets X-BeenThere: ietf-krb-wg@lists.anl.gov X-Mailman-Version: 2.1.13 Precedence: list List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: ietf-krb-wg-bounces@lists.anl.gov Errors-To: ietf-krb-wg-bounces@lists.anl.gov --On Wednesday, March 31, 2010 11:04:42 AM -0700 "Henry B. Hotz" wrote: > > On Mar 31, 2010, at 9:43 AM, Greg Hudson wrote: > >> I feel a little weird saying "MUST facilitate," but the concept being >> expressed here is a little vague. > > > MUST restrict (protect?) access to KeySet data. > > MAY allow less restrictive access to other data. We're getting ahead of ourselves here. This is a data model document, not a schema document. Implementations of this document are schemas, and the goal was to REQUIRE schemas to separate KeySet and other data sufficiently well that an implementation of the schema would give the administrator the flexibility to do so operationally. I think we've been trying to avoid, in this document, defining requirements for implementations of schemas based on it. In any case, what Henry proposes here looks like requirements on the access controls affecting that data. These are properly a matter of policy, and thus are up to the administrator, not us. What we want to do at the present stage is ensure that the administrator will be able to set a policy like the above; particularly, that access controls on KeySet data can be set more restrictively than on other data. Plus, of course, the backup issue Sam describes, and more generally, the ability to define separate policies and mechanisms for the management of keys. -- Jeff _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg