[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: Re: Roman Danyliw's Discuss on draft-ietf-6man-segment-routing-header-22: (with DISCUSS and COMMENT)
From: "Darren Dukes (ddukes)" <ddukes () cisco ! com>
Date: 2019-10-15 16:38:29
Message-ID: 3485D02E-7561-4B29-BA46-19AF77D7926D () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hi Roman, this text is in revision 25
https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-25
Can you acknowledge closure and update the discuss position?
Thanks!
Darren
On Oct 1, 2019, at 9:25 AM, Darren Dukes (ddukes) \
<ddukes@cisco.com<mailto:ddukes@cisco.com>> wrote:
Hi Roman, sorry for my delay in replying to your review. There was some overlap with \
others. Please see inline.
On Sep 4, 2019, at 2:50 PM, Roman Danyliw via Datatracker \
<noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
Roman Danyliw has entered the following ballot position for
draft-ietf-6man-segment-routing-header-22: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
(1) Section 7.1. This section seems to be enumerating the attacks possible
with source routing, and noting that the scope of these are limited to nodes
inside the SR domain because of SRH requires ingress filtering. No issue with
this position. This feedback is around the clarity of the attacks in question.
The text currently says:
(a) (from the CanSecWest reference in from RFC5095) "Such attacks include
bypassing filtering devices, reaching otherwise unreachable Internet systems,
network topology discovery, bandwidth exhaustion, and defeating anycast"
(b) In addition, "other known attacks on an IP network (e.g. DOS/DDOS,
topology discovery, man-in-the-middle, traffic interception/siphoning)" are
also noted.
-- Per (a), the issue is broader than "bypassing filtering devices", it's also
the "bypassing of network management, auditing or security devices".
-- Per (b), the enumeration of attacks using the parenthetical suggested that
these attacks are generically possible on "IP networks" and not SRH specific.
If that is the appropriate read, then somewhere in the earlier text it should
be noted that SRH can also facilitate traffic steering for DDoS, eavesdropping
and traffic manipulation through the manipulation (deletion, re-ordering) of
the SRHs. If (b) is a complementary list to (a) on SRH specific list of
attacks, then it needs to be reconciled for duplication with (a) (e.g., per
"bandwidth exhaustion" of (a) and "DOS/DDOS" of (b), are they the same?). I
think it is important to make clear what new attacks TTPs are possible with SRH
even if the attack type is already possible through another TTPs on a generic
IP network.
This section is overly wordy and not clear, let's see what it looks like if we start \
over and focus specifically on Source Routing Attacks.
<NEW>
7.1 Source Routing Attacks
An SR domain implements distributed and per node protection as described in section \
5.1. Additionally, domains deny traffic with spoofed addresses by implementing the \
recommendations in BCP 84.
Full implementation of the recommended protection blocks the attacks documented in \
[RFC5095] from outside the SR domain, including bypassing filtering devices, reaching \
otherwise unreachable Internet systems, network topology discovery, bandwidth \
exhaustion, and defeating anycast.
Failure to implement distributed and per node protection allows attackers to bypass \
filtering devices and exposes the SR Domain to the attacks from nodes outside the SR \
domain including reaching otherwise unreachable Internet systems, network topology \
discovery, bandwidth exhaustion, and defeating anycast. </NEW>
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
(2) I support Ben Kaduk's DISCUSS position.
Closing these with Ben.
(3) Section 2.1.2.1. Per "Local configuration determines when to check for an
HMAC and potentially indicates what the HMAC protects", can you clarify on how
the local config changes the fields/input/content of what is protected by the
HMAC? Subsequent text in this section seems to be clear on what gets passed as
input to the HMAC (i.e., the definition of "Text").
Proposed text with Ben will tighten this up and leave the paragraph as
"Local configuration determines when to check for an HMAC."
Thanks.
Darren
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: \
after-white-space;" class=""> Hi Roman, this text is in revision 25
<div class=""><a href="https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-25" \
class="">https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-25</a></div>
<div class=""><br class="">
</div>
<div class="">Can you acknowledge closure and update the discuss position?</div>
<div class=""><br class="">
</div>
<div class="">Thanks!</div>
<div class=""> Darren<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Oct 1, 2019, at 9:25 AM, Darren Dukes (ddukes) <<a \
href="mailto:ddukes@cisco.com" class="">ddukes@cisco.com</a>> wrote:</div> <br \
class="Apple-interchange-newline"> <div class=""><span style="caret-color: rgb(0, 0, \
0); font-family: CourierNewPSMT; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: \
inline !important;" class="">Hi Roman, sorry for my delay in replying to your \
review. There was some overlap with others.</span><br style="caret-color: \
rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <span \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">Please see inline.</span><br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <blockquote type="cite" style="font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> On Sep 4, 2019, at 2:50 PM, Roman Danyliw via \
Datatracker <<a href="mailto:noreply@ietf.org" class="">noreply@ietf.org</a>> \
wrote:<br class=""> <br class="">
Roman Danyliw has entered the following ballot position for<br class="">
draft-ietf-6man-segment-routing-header-22: Discuss<br class="">
<br class="">
When responding, please keep the subject line intact and reply to all<br class="">
email addresses included in the To and CC lines. (Feel free to cut this<br class="">
introductory paragraph, however.)<br class="">
<br class="">
<br class="">
Please refer to <a href="https://www.ietf.org/iesg/statement/discuss-criteria.html" \
class=""> https://www.ietf.org/iesg/statement/discuss-criteria.html</a><br class="">
for more information about IESG DISCUSS and COMMENT positions.<br class="">
<br class="">
<br class="">
The document, along with other ballot positions, can be found here:<br class="">
<a href="https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/" \
class="">https://datatracker.ietf.org/doc/draft-ietf-6man-segment-routing-header/</a><br \
class=""> <br class="">
<br class="">
<br class="">
----------------------------------------------------------------------<br class="">
DISCUSS:<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
(1) Section 7.1. This section seems to be enumerating the attacks possible<br \
class=""> with source routing, and noting that the scope of these are limited to \
nodes<br class=""> inside the SR domain because of SRH requires ingress filtering. \
No issue with<br class=""> this position. This feedback is around the \
clarity of the attacks in question.<br class=""> The text currently says:<br \
class=""> <br class="">
(a) (from the CanSecWest reference in from RFC5095) "Such attacks include<br \
class=""> bypassing filtering devices, reaching otherwise unreachable Internet \
systems,<br class=""> network topology discovery, bandwidth exhaustion, and defeating \
anycast"<br class=""> <br class="">
(b) In addition, "other known attacks on an IP network (e.g. DOS/DDOS,<br \
class=""> topology discovery, man-in-the-middle, traffic interception/siphoning)" \
are<br class=""> also noted.<br class="">
<br class="">
-- Per (a), the issue is broader than "bypassing filtering devices", it's also<br \
class=""> the "bypassing of network management, auditing or security devices".<br \
class=""> <br class="">
-- Per (b), the enumeration of attacks using the parenthetical suggested that<br \
class=""> these attacks are generically possible on "IP networks" and not SRH \
specific.<span class="Apple-converted-space"> </span><br class=""> If that is \
the appropriate read, then somewhere in the earlier text it should<br class=""> be \
noted that SRH can also facilitate traffic steering for DDoS, eavesdropping<br \
class=""> and traffic manipulation through the manipulation (deletion, re-ordering) \
of<br class=""> the SRHs. If (b) is a complementary list to (a) on SRH specific \
list of<br class=""> attacks, then it needs to be reconciled for duplication with (a) \
(e.g., per<br class=""> "bandwidth exhaustion" of (a) and "DOS/DDOS" of (b), are they \
the same?). I<br class=""> think it is important to make clear what new attacks \
TTPs are possible with SRH<br class=""> even if the attack type is already possible \
through another TTPs on a generic<br class=""> IP network.<br class="">
<br class="">
<br class="">
</blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <span style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">This \
section is overly wordy and not clear, let's see what it looks like if we start over \
and focus specifically on Source Routing Attacks.</span><br style="caret-color: \
rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <span style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" \
class=""><NEW></span><br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <span \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">7.1 Source Routing \
Attacks</span><br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <span \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">An SR domain implements \
distributed and per node protection as described in section 5.1. Additionally, \
domains deny traffic with spoofed addresses by implementing the recommendations in \
BCP 84.<span class="Apple-converted-space"> </span></span><br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <span style="caret-color: rgb(0, 0, 0); \
font-family: CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;" class="">Full implementation of the recommended protection blocks the \
attacks documented in [RFC5095] from outside the SR domain, including bypassing \
filtering devices, reaching otherwise unreachable Internet systems, network topology \
discovery, bandwidth exhaustion, and defeating anycast.</span><br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <span style="caret-color: rgb(0, 0, 0); \
font-family: CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;" class="">Failure to implement distributed and per node protection \
allows attackers to bypass filtering devices and exposes the SR Domain to the attacks \
from nodes outside the SR domain including reaching otherwise unreachable Internet \
systems, network topology discovery, bandwidth exhaustion, and defeating \
anycast.</span><br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <span style="caret-color: rgb(0, 0, 0); \
font-family: CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline \
!important;" class=""></NEW></span><br style="caret-color: rgb(0, 0, 0); \
font-family: CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <blockquote \
type="cite" style="font-family: CourierNewPSMT; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: \
auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class="">
----------------------------------------------------------------------<br class="">
COMMENT:<br class="">
----------------------------------------------------------------------<br class="">
<br class="">
(2) I support Ben Kaduk's DISCUSS position.<br class="">
</blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <span style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">Closing \
these with Ben.</span><br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <blockquote type="cite" style="font-family: CourierNewPSMT; font-size: \
12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: \
none;" class=""> <br class="">
(3) Section 2.1.2.1. Per "Local configuration determines when to check for \
an<br class=""> HMAC and potentially indicates what the HMAC protects", can you \
clarify on how<br class=""> the local config changes the fields/input/content of what \
is protected by the<br class=""> HMAC? Subsequent text in this section seems to \
be clear on what gets passed as<br class=""> input to the HMAC (i.e., the definition \
of "Text").<br class=""> </blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <span style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">Proposed \
text with Ben will tighten this up and leave the paragraph as<span \
class="Apple-converted-space"> </span></span><br style="caret-color: rgb(0, 0, \
0); font-family: CourierNewPSMT; font-size: 12px; font-style: normal; \
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <span \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">"Local configuration determines \
when to check for an HMAC."</span><br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <span style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" \
class="">Thanks.</span><br style="caret-color: rgb(0, 0, 0); font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <span \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class=""> Darren</span><br \
style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; font-size: 12px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""> <br style="caret-color: rgb(0, 0, 0); font-family: CourierNewPSMT; \
font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <blockquote type="cite" style="font-family: \
CourierNewPSMT; font-size: 12px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""> <br class="">
<br class="">
--------------------------------------------------------------------<br class="">
IETF IPv6 working group mailing list<br class="">
<a href="mailto:ipv6@ietf.org" class="">ipv6@ietf.org</a><br class="">
Administrative Requests:<span class="Apple-converted-space"> </span><a \
href="https://www.ietf.org/mailman/listinfo/ipv6" \
class="">https://www.ietf.org/mailman/listinfo/ipv6</a><br class="">
--------------------------------------------------------------------</blockquote>
</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--===============6894296900301796773==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic