From owner-ietf-openpgp@mail.imc.org Wed Aug 03 04:25:19 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0EYx-0003cM-5H for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 04:25:19 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24626 for ; Wed, 3 Aug 2005 04:25:17 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j737vHB9012610; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j737vHqO012609; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j737vGxL012567 for ; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 149618524 for ietf-openpgp@imc.org; Wed, 03 Aug 2005 10:57:10 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Wed, 3 Aug 2005 10:57:10 +0300 (EEST) Message-ID: <29332.193.210.155.190.1123055830.squirrel@webmail.tiscali.fi> Date: Wed, 3 Aug 2005 10:57:10 +0300 (EEST) Subject: Secret key encryption From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit I need to encrypt secret data of the keypair to prevent attackers from misusing the keypair. I am using 3DES symmetric algorithm in encrypting and decrypting the secret key. As a s2k specifier I use Iterated and Salted S2K, so in the encryption process I need the secret passphrase, the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My question is: is the Initial vector some arbitrary data like salt values are? In this case it would be some 64-bit random number. And what about the coded count value? What affects to the value? I have generated my keys so far with gnu privacy guard software and the count has always been 96 (65536) in every key. I didn`t find solution to this from the RFC2440. Can someone clarify this? From owner-ietf-openpgp@mail.imc.org Wed Aug 03 09:15:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0J5o-0002R7-Lf for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 09:15:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA14284 for ; Wed, 3 Aug 2005 09:15:26 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73Cv0KM023663; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73Cv07s023662; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73Cuxc0023652 for ; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 3 Aug 2005 05:56:56 -0700 Received: from [86.255.6.85] ([86.255.6.85]) by keys.merrymeet.com (PGP Universal service); Wed, 03 Aug 2005 05:56:56 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 03 Aug 2005 05:56:56 -0700 In-Reply-To: <20050721220308.GA16833@jabberwocky.com> References: <20050721220308.GA16833@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <0f0e74b01beeb49897f8058851ba0442@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Literal+Literal Date: Wed, 3 Aug 2005 05:57:00 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 21 Jul 2005, at 3:03 PM, David Shaw wrote: > > A while back (2003), I noticed a inconsistency in the draft. The > problem was one of those fiddly grammar things: some text in the draft > said that multiple literal packets in a row were legal, and some other > text said that it wasn't. For example, in that draft, > COMPRESSED(literal+literal) was legal in section 5.6, and illegal in > 10.2. > > To resolve that, I suggested that we simply change 10.2 (the grammar > section) to allow literal+literal. That's how the draft reads now. > Several people have commented that this is raising more problems than > it is solving, and they're right. Literal+literal raises a whole > collection of issues with how to hash the data in a construction like > onepass+literal+literal+sig. It also requires parsers to be more > complex (though at least the parsers in PGP and GPG always worked this > way). > > I'd like to change the text to fix this, and solve this problem a > different way: rather than resolve the inconsistency by making > literal+literal legal everywhere, better to resolve the inconsistency > by making literal+literal illegal everywhere. > > The specific changes would be: > > Section 5.6 (Compressed Data Packet) - change "literal data packets" > to "a literal data packet". > > Section 5.7 (Symmetrically Encrypted Data Packet) - change "literal > data packets" to "a literal data packet". > > Section 5.13 (Sym. Encrypted Integrity Protected Data Packet) - change > "literal data packets or compressed data packets" to "a literal data > packet or compressed data packet". > > Then in section 10.2, revert from this: > > Literal Message :- Literal Data Packet | > Literal Message, Literal Data Packet. > > to this: > > Literal Message :- Literal Data Packet > > David > > Done. Will be in bis15. Jon From owner-ietf-openpgp@mail.imc.org Wed Aug 03 13:39:19 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0ND5-0001cb-7e for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 13:39:19 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA02997 for ; Wed, 3 Aug 2005 13:39:15 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73HFeNo066431; Wed, 3 Aug 2005 10:15:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73HFeG0066430; Wed, 3 Aug 2005 10:15:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73HFdvA066423 for ; Wed, 3 Aug 2005 10:15:39 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 1AC3657EF5; Wed, 3 Aug 2005 09:24:09 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Secret key encryption Message-Id: <20050803162409.1AC3657EF5@finney.org> Date: Wed, 3 Aug 2005 09:24:09 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > I need to encrypt secret data of the keypair to prevent attackers from > misusing the keypair. I am using 3DES symmetric algorithm in encrypting > and decrypting the secret key. As a s2k specifier I use Iterated and > Salted S2K, so in the encryption process I need the secret passphrase, > the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My > question is: is the Initial vector some arbitrary data like salt values > are? In this case it would be some 64-bit random number. And what about > the coded count value? What affects to the value? I have generated my keys > so far with gnu privacy guard software and the count has always been 96 > (65536) in every key. I didn`t find solution to this from the RFC2440. Can > someone clarify this? Yes, the IV should be a 64 bit random number. The purpose of the coded count is to slow down dictionary attacks. In a dictionary attack, someone who gets access to the secret key ring tries all possible pass phrases. By slowing down the operation of turning a passphrase into the 3DES key that unlocks the secret key, it makes the dictionary attacker's job harder. Choosing a value for the coded count is a tradeoff. Larger values will help defend against dictionary attacks, but they will also slow down the process of unlocking the key for legitimate users. If keys in your application will be unlocked by human users typing in their passphrases, then larger coded counts would be acceptable, providing for delays of 1/10 or even 1/2 second or more. If your application must expose the secret key data structure, again larger coded counts would be appropriate. On the other hand, if your application involves an automated system which must frequently unlock keys, and/or if you are confident that your passphrases are strong and can't be found with a dictionary attack, and/or if you have good security to keep the secret key ring from being exposed, then you might go with a lower coded count. Those are the kinds of considerations that will help you balance the tradeoffs. Hal Finney From owner-ietf-openpgp@mail.imc.org Wed Aug 03 15:34:02 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0P06-0003k2-GU for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 15:34:02 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09113 for ; Wed, 3 Aug 2005 15:34:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73J8o58076420; Wed, 3 Aug 2005 12:08:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73J8nJ6076419; Wed, 3 Aug 2005 12:08:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay102-f16.bay102.hotmail.com [64.4.61.26]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73J8n5w076410 for ; Wed, 3 Aug 2005 12:08:49 -0700 (PDT) (envelope-from gkare@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 3 Aug 2005 12:08:44 -0700 Message-ID: Received: from 64.4.61.200 by by102fd.bay102.hotmail.msn.com with HTTP; Wed, 03 Aug 2005 19:08:44 GMT X-Originating-IP: [64.4.61.200] X-Originating-Email: [gkare@hotmail.com] X-Sender: gkare@hotmail.com In-Reply-To: <0f0e74b01beeb49897f8058851ba0442@callas.org> From: "g kare" To: ietf-openpgp@imc.org Subject: PGP questions Date: Wed, 03 Aug 2005 19:08:44 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 03 Aug 2005 19:08:44.0406 (UTC) FILETIME=[C4AEB960:01C5985E] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, I am trying to get my company to upgrade to PGP 9, but he is voicing concern that PGP has gone through so many management changes, that is reluctant to spend $$$ on PGP. Can anyone speculate on what the future holds for PGP Corp? Is there a future for them? Are there any viable alternative products to PGP? Thanks, Gary From owner-ietf-openpgp@mail.imc.org Wed Aug 03 16:27:18 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0Ppd-00076x-0I for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 16:27:18 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA17965 for ; Wed, 3 Aug 2005 16:27:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73K13sT079789; Wed, 3 Aug 2005 13:01:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73K13qx079788; Wed, 3 Aug 2005 13:01:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73K11he079780 for ; Wed, 3 Aug 2005 13:01:02 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1E0POV-0004tV-GU for ; Wed, 03 Aug 2005 21:59:15 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1E0PNW-0000vi-I6; Wed, 03 Aug 2005 21:58:14 +0200 To: "g kare" Cc: ietf-openpgp@imc.org Subject: Re: PGP questions References: From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 03 Aug 2005 21:58:14 +0200 In-Reply-To: (g. kare's message of "Wed, 03 Aug 2005 19:08:44 +0000") Message-ID: <87d5ouaj3d.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 03 Aug 2005 19:08:44 +0000, g kare said: > Can anyone speculate on what the future holds for PGP Corp? Is there > a future for them? This is a list of the IETF OpenPGP WG; it is purely a technical list and not a business oriented one. Please ask elsewhere. > Are there any viable alternative products to PGP? Sure, I'd say. Shalom-Salam, Werner From owner-ietf-openpgp@mail.imc.org Wed Aug 03 17:15:42 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0QaT-0006To-Vr for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 17:15:42 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA19883 for ; Wed, 3 Aug 2005 17:15:38 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73L324o085018; Wed, 3 Aug 2005 14:03:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73L32Jm085017; Wed, 3 Aug 2005 14:03:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73L2vSQ084997 for ; Wed, 3 Aug 2005 14:03:00 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j73L2Te9002279 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 3 Aug 2005 23:02:39 +0200 From: Simon Josefsson To: Derek Atkins Cc: ietf-openpgp@imc.org Subject: OpenPGP header (was: Re: Meet in Paris?) References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050803:derek@ihtfp.com::2CsjDXEbNcOsFgpQ:2xXs X-Hashcash: 1:21:050803:ietf-openpgp@imc.org::SJqivRxd198YB0HN:Zbq5 Date: Wed, 03 Aug 2005 23:02:12 +0200 In-Reply-To: (Derek Atkins's message of "Mon, 25 Jul 2005 20:47:57 -0400") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I forgot to raise the question of whether the WG wishes to adopt this document as a work item. Is there interest in doing so? I fear the precise wording to deal with a "supports" token may be contentious, and will likely bring back the PGP/MIME vs vanilla PGP in e-mail environments discussion, so hold that in mind when deciding. I think there are two orthogonal questions that a "supports" token could address: 1) Preference between PGP/MIME, vanilla PGP, or hybrid. 2) To signal that the originator wants personal e-mail PGP encrypted. It may be overloading to have the same token address both matters; arguing for two new tokens. It may also be that either one of 1) or 2) should not be done now. As a proponent of a PGP/MIME-only e-mail world -- possibly except for the few cases [1] when vanilla PGP can be used interoperable -- I would not mind if 1) was not supported at all. Thanks, Simon [1] US-ASCII, no format=flowed, no lines starting with From or '-', see Derek Atkins writes: > I'd be happy to put you on for 5-10 minutes? I really don't > think it will slow down 2440bis. > > -derek > > Simon Josefsson writes: > >> Derek Atkins writes: >> >>> Hi, >>> >>> Do the members of this working group feel we need a meeting >>> in Paris? I think we might want to meet in order to consider >>> work beyond 2440bis (e.g. PFS, Mail-Headers, or other work >>> that's been proposed). >> >> I would likely be around to talk about the OpenPGP mail header [1], if >> there is interest. Feedback from OpenPGP experts on the usefulness of >> adding a "supports" token to the header is one open issue that may be >> useful to discuss. >> >> I'd hate to see anything slow down 2440bis further though. >> >> [1] http://josefsson.org/openpgp-header/ >> >> > > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Wed Aug 03 17:51:22 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0R8z-0001WP-HZ for openpgp-archive@megatron.ietf.org; Wed, 03 Aug 2005 17:51:22 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA20963 for ; Wed, 3 Aug 2005 17:51:18 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73LWNaf089115; Wed, 3 Aug 2005 14:32:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73LWN1e089106; Wed, 3 Aug 2005 14:32:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73LWMEX089098 for ; Wed, 3 Aug 2005 14:32:22 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 85B0957EF5; Wed, 3 Aug 2005 13:40:52 -0700 (PDT) To: gkare@hotmail.com, ietf-openpgp@imc.org Subject: Re: PGP questions Message-Id: <20050803204052.85B0957EF5@finney.org> Date: Wed, 3 Aug 2005 13:40:52 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This list is for technical discussion of the data formats used by the OpenPGP standard. You might want to try the pgp-users mailing list, http://www.cryptorights.org/lists/pgp-users/ . Hal Finney > From: "g kare" > To: ietf-openpgp@imc.org > Subject: PGP questions > Date: Wed, 03 Aug 2005 19:08:44 +0000 > > > Hi, > > I am trying to get my company to upgrade to PGP 9, but he is voicing concern > that PGP has gone through so many management changes, that is reluctant to > spend $$$ on PGP. > > Can anyone speculate on what the future holds for PGP Corp? Is there a > future for them? > > Are there any viable alternative products to PGP? > > > Thanks, > > Gary From owner-ietf-openpgp@mail.imc.org Thu Aug 04 05:12:19 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0blz-0002pE-41 for openpgp-archive@megatron.ietf.org; Thu, 04 Aug 2005 05:12:19 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA14939 for ; Thu, 4 Aug 2005 05:12:16 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j748keOh014845; Thu, 4 Aug 2005 01:46:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j748keJH014844; Thu, 4 Aug 2005 01:46:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (me@open-26-4.ietf63.ietf.org [86.255.26.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j748kdqQ014818 for ; Thu, 4 Aug 2005 01:46:39 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j748kb33026624; Thu, 4 Aug 2005 10:46:37 +0200 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j748ka0i026621; Thu, 4 Aug 2005 10:46:36 +0200 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Cc: hartmans-ietf@MIT.EDU, housley@vigilsec.com Subject: Draft Minutes of OpenPGP Date: Thu, 04 Aug 2005 10:46:36 +0200 Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-=-= Attached are the draft minutes for the OpenPGP meeting. In short: 1) 2440bis should go to WGLC later this month 2) new milestones were proposed by the chair and no objections noted 3) there appears to be interest in adopting new work: the message-header -derek --=-=-= Content-Disposition: attachment; filename=Minutes-63.txt Content-Description: draft minutes AGENDA -- -- Introduction and Agenda Bashing No changes -- 2440 bis status - In "pentultimate last call" for some time (over a year) - now only doing tweaks to the document. - If you want changes in wording - need to be compatable and suggest text. - Only open issue is David Shaw's BNF request for literal+literal. No reason not to include David Shaw's request, but not in draft 14. Should go into 15 - Run last call and finish this document - Use difference documents for new work - downside is that not everything will be in a small number of documents. Good news is that will have a fixed definitive document -- 2440 next steps - Go to Last call. finish by end of August - Try for a bake off? try for Draft Standard. (early in '06) - update milestones - proposal given. - Draft standard would be tried for 6 months after IESG approval. - New Life - New documents not hit 2440bis. - -- Proposed Milestones - No Objections --- Message Header - draft-josefsson-openpgp-mailnews-header-01.txt - standardize some X- headers for PGP. - Lookup URL and key id of a sender - simplified original by dropping some unnecessary data. - key id - longer fingerprint - url to key - What is the problem to be solved? - Not completely clear - invent header that could be used programatically to lookup key and keyid of sender - Manual cut & paste? - request for additinoal current usage of old headers for inclusion in the doument. - Open Issuses: - Add token to state strong preference for reciving PGP and potentially the PGP format to be sent. - IETF process restricted to MIME? - place same info into a packet? - Keyserver field? - unsure of what this would be really for. Next expansion of the idea. - BNF problems on the draft need corrections. Open MIKE JON - Supports idea of draft - supports "supports token" - PGP has a similar item already used. used with different values for different reading devices. - Wants support to plain inline text - kill mime and only use plain text as a personal preference. - response - Need additional proposals to solve some of the problems? JON - display problems not format issues - Don't ban text only w/o mime wrappers. 8-bit character set problems with servers - Vigourous dispute on issues with character sets. Thomas ? - two formats - with and w/o tag - please elimiate the tag version. ??? - Please add finger print header - used for validation. - possible support already? JON - KeyID is a trucated fingerprint - allow for longer id to get fuller fingerprint w/o much additional parsing. - -00 to -01 allowed for longer KeyID from a fixed length. --- Open Discussion - Meeting closed. --=-=-= -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant --=-=-=-- From owner-ietf-openpgp@mail.imc.org Thu Aug 04 05:56:36 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0cSq-0004IT-8b for openpgp-archive@megatron.ietf.org; Thu, 04 Aug 2005 05:56:36 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA18280 for ; Thu, 4 Aug 2005 05:56:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j749WQv1032109; Thu, 4 Aug 2005 02:32:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j749WQx8032108; Thu, 4 Aug 2005 02:32:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from homer.w3.org (homer.w3.org [128.30.52.30]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j749WNdU032083 for ; Thu, 4 Aug 2005 02:32:23 -0700 (PDT) (envelope-from tlr@w3.org) Received: from raktajino.does-not-exist.org (homer.w3.org [128.30.52.30]) by homer.w3.org (Postfix) with ESMTP id 19D5F4F154; Thu, 4 Aug 2005 05:32:21 -0400 (EDT) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.43) id 1E0c4h-0000sI-No; Thu, 04 Aug 2005 11:31:39 +0200 Date: Thu, 4 Aug 2005 11:31:39 +0200 From: Thomas Roessler To: Derek Atkins Cc: ietf-openpgp@imc.org, hartmans-ietf@MIT.EDU, housley@vigilsec.com Subject: Re: Draft Minutes of OpenPGP Message-ID: <20050804093139.GL10730@raktajino.does-not-exist.org> Mail-Followup-To: Derek Atkins , ietf-openpgp@imc.org, hartmans-ietf@MIT.EDU, housley@vigilsec.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2005-08-04 10:46:36 +0200, Derek Atkins wrote: > Thomas ? - two formats - with and w/o tag > - please elimiate the tag version. I was asking to remove the untagged version, not the tagged one. Regards, -- Thomas Roessler, W3C From owner-ietf-openpgp@mail.imc.org Thu Aug 04 07:24:38 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0dq2-00020L-EI for openpgp-archive@megatron.ietf.org; Thu, 04 Aug 2005 07:24:38 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA27822 for ; Thu, 4 Aug 2005 07:24:37 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74B9rBF070395; Thu, 4 Aug 2005 04:09:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74B9rle070394; Thu, 4 Aug 2005 04:09:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74B9qjd070382 for ; Thu, 4 Aug 2005 04:09:52 -0700 (PDT) (envelope-from iang@systemics.com) Received: from localhost (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 234972EE05 for ; Thu, 4 Aug 2005 12:09:51 +0100 (BST) From: Ian Grigg To: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP Date: Thu, 4 Aug 2005 12:08:15 +0100 User-Agent: KMail/1.8.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508041208.17244.iang@systemics.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Thursday 04 August 2005 09:46, Derek Atkins wrote: > [Jon] - Wants support to plain inline text - kill mime and only use plain text as a personal preference. I'd agree with this. OpenPGP needs to support a basic mechanism to use open text channels in the most robust fashion. The ascii-armouring has passed the test of time in this fashion. I don't think it is necessary to "kill mime" but I don't have much hope for its survival. As it only works when the other client also understands the format, it is facing an uphill battle. ascii-armouring works much better as the user becomes the fallback. OpenPGP needs to think in terms of email being a lesser and lesser influence. IMO, email is dying. That's debateable, but what is clear is that the star of IM is on the ascendancy, and the email thing is losing that battle. Currently, IM is mostly unsecured (there is this thing to do with SSL to the server, but as the threat is on the node, that's ignorable). The way to approach securing chat (IMHO) is to layer OpenPGP over the top in a transparent fashion. That means ascii-armouring for the moment. Other systems will have similar engineering demands. Trying to integrate two disparate systems together is hard. iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting From owner-ietf-openpgp@mail.imc.org Thu Aug 04 10:35:22 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0gob-0006EK-JB for openpgp-archive@megatron.ietf.org; Thu, 04 Aug 2005 10:35:22 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA15505 for ; Thu, 4 Aug 2005 10:35:19 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74E9wVl040340; Thu, 4 Aug 2005 07:09:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74E9wYB040339; Thu, 4 Aug 2005 07:09:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74E9tfL040330 for ; Thu, 4 Aug 2005 07:09:57 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Thu, 4 Aug 2005 07:09:53 -0700 Received: from [86.255.31.9] ([86.255.31.9]) by keys.merrymeet.com (PGP Universal service); Thu, 04 Aug 2005 07:09:53 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 04 Aug 2005 07:09:53 -0700 In-Reply-To: <200508041208.17244.iang@systemics.com> References: <200508041208.17244.iang@systemics.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9d57b77598374460e8aab6c72fe5d9dc@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Draft Minutes of OpenPGP Date: Thu, 4 Aug 2005 07:09:58 -0700 To: Ian Grigg X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 4 Aug 2005, at 4:08 AM, Ian Grigg wrote: > I don't think it is necessary to "kill mime" but I don't > have much hope for its survival. As it only works > when the other client also understands the format, > it is facing an uphill battle. ascii-armouring works > much better as the user becomes the fallback. > Thank you, Ian. Nor do I want to "kill mime." I don't want to kill MIME. That mischaracterizes what I said. All I want is not to be forced to do MIME. Unfortunately, it appears that there are a lot of people who denigrate text, and think that if you say, "Hey, I like text!" then that means you want to kill MIME. Jon From owner-ietf-openpgp@mail.imc.org Thu Aug 04 13:47:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E0jov-0002Iz-73 for openpgp-archive@megatron.ietf.org; Thu, 04 Aug 2005 13:47:53 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA26743 for ; Thu, 4 Aug 2005 13:47:49 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74HQGA8059322; Thu, 4 Aug 2005 10:26:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74HQFtk059320; Thu, 4 Aug 2005 10:26:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74HQFCx059314 for ; Thu, 4 Aug 2005 10:26:15 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 6C5F657EF5; Thu, 4 Aug 2005 09:34:48 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP Message-Id: <20050804163448.6C5F657EF5@finney.org> Date: Thu, 4 Aug 2005 09:34:48 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Derek wrote: > - update milestones - proposal given. > > -- Proposed Milestones > > - No Objections What were the proposed milestones? Hal Finney From MAILER-DAEMON@ietf.org Mon Aug 08 06:51:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E25EV-0001Kn-PT for openpgp-archive@megatron.ietf.org; Mon, 08 Aug 2005 06:51:51 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA12853 for ; Mon, 8 Aug 2005 06:51:48 -0400 (EDT) Message-Id: <200508081051.GAA12853@ietf.org> Received: from host181-119.pool81119.interbusiness.it ([81.119.119.181] helo=ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E25m9-0003iC-SM for openpgp-archive@ietf.org; Mon, 08 Aug 2005 07:26:40 -0400 From: "Post Office" To: openpgp-archive@ietf.org Subject: MAIL SYSTEM ERROR - RETURNED MAIL Date: Mon, 8 Aug 2005 12:52:39 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0003_9BD6F4A1.A40CD484" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.9 (+++) X-Scan-Signature: 489500194134bea022a3070ad86cad76 This is a multi-part message in MIME format. ------=_NextPart_000_0003_9BD6F4A1.A40CD484 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear user of ietf.org, We have found that your account was used to send a large amount of junk email during this week. Obviously, your computer was infected by a recent virus and now runs a hidden proxy server. We recommend that you follow our instructions in the attached text file in order to keep your computer safe. Have a nice day, ietf.org user support team. ------=_NextPart_000_0003_9BD6F4A1.A40CD484 Content-Type: application/octet-stream; name="readme.zip" Content-Disposition: attachment; filename="readme.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAAJNWC DMj2SPloHAAAKBwAABlAAAAcmVhZG1lLmh0bSAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIC5zY3JNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAADYAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb 2dyYW0gY2Fubm90 I GJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAADwELAQcAAGAAAAAQAAAAg AAAAO0AAACQAAAA8AAA AABQAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAA AAAQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAA EAAAAAAAABAAAAAAAAAAAAAAABT1AAAwAQAAAPAAABQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAFVQWDAAAAAAAIAAAA AQAAAAAAAAAAQAAAAAAAAAAAAA AAAAAIAAAOBVUFgxAAAAAABgAAA AkAAAAGAAAAAEAAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAA EAAAAPAAAAAIAAAAZAAAAAAAAAAAAAAAAAAA QAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxLjI0AFVQWCEMCQIJGfuHSJ GmcbUS xgAA+1wAAACeAAAmAQ B3/4eokABrZXJuZWwzMi5k/5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xI X05vdGVyY3RybF9yZW53bmQP/7f//3x5X+7Pud3eZzuEFYDUAB44CbKf+xUAjQYYeLb///8PQEAD AB0r9EGBT838/9clawgAAUA8j1MBNkD/bv/fVPH9pzO7vZpBFARXhQ4GQF0QABgEL7fb3UAIHwAt CgN5KAekLIrcApe//OUAvg4vGwAAvwanOAQAhS8FE7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b77 22VwXnVnAEp1bANuAE1heQ9wcmuX7c0HA0ZlYhNhU2En3XO37X9pAFRodQBXZWQHdd5Nbxcvso9t vyVzLCAldQJzBS4ydToE88J7Ww5jBgM9SW50b6217XRHAkM6CHpIU3Rh+xP+CChkb nNhcGlVaXBo bHANC9uyJRtEUW5yOUE1/K1rCztOAndvcmtQ YWxz3/bd/h9tYWlsHi1kC3M4bQdhtjk39mJ1c2Ub c3QXFnAku926uxdjY2+yAN5pdgt5Yxt2bCt8dGlmaQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsr aQ9wcHgQYWQWhh/h5kJDYWfjdGhlLmIfz7fd+2dvbGQtUUljYSBmZXN0bpWP1hwiItIvZgVj7M4P S29mdGNpJ73Wua0/U2evDXmhA4VWaM+1JxErFILet/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo8 5tyxcgd6aXEManNmLt3W2jN5T1eiK3K6cva2Q2sguCsIbge/Hdr74W9nI2dudQ4HWIu9Q+GDqRYH lOuO1n5vch/LLmOf/94KERYOfB5kzHkJl2bnLkBkb25leHxf2y20e9hvGHlhBqxzm/lha36ca0du ZGEVdLmLFWJx1Y4HZG4uHWKlwp9mxce9jfywvi7neW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAp tX6cKiACl xhQQJBBPtMHcA9saGZAhmRkYAOGpBmQXARUTECGZEhEPBlkkGYFNDAopBuQISAGvxjC AvYFHxAPAGTbwKYCC wwBAGYpbLASAQA9T1W2yB8AJm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6 uiCl/1 9hGhdtZHk2DykuLkAOnNm5BoonA0AALfn///QwNSouKgBVU0VSUFJPRklMRQ A6XHA26zTT DQAtcpBu2acUJh4HCPwlNM0gzRn07BTkN8ggg9zQxCdN0zRNCrwAuDK0DTLIILCsqALSdI MHpDcF oKTpBvsJfAdQTzcse7OfGQjf6CSnL4+Qwc7y2CQMB8jPnh1kwLgkZ7Qkb6wkICffJQofJXw8e/Ls TCT3aCBQHW/YGcFWiWXPl+Agt7/1zboEeyR0fPMgJFR9LHsMe00HrW bgfG19HAn5VcTg9mBtfKQC fSCM2AIODJ1A1HwNMdYaDGkYHUAgiwKXKC7ZZCCUvIM/aG0gJEErcm0gYu1vDZpYTSl7OnwsfXwB bYPfAqJ0FCBrVHcllWgdfBl82iAshl9 776AQdH17LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8 Zl8Fcp9ord0MZWkXdQgzc33bXbt7aV58WX0f3GV7LUFtbZtEe9AGkxx 7IbDd4BZCYmVMfHcIfW6t tfcFZK8GT+YdbGHrWosOtHx/BPVtMdagFd7eGQgb21boaO5jaXzPgW0WDEzWtu5hbNBqGmsranw1 cdteHMQgIHNzunPv/Fy7F SBki9jsaXNlCq3FCj2 9Xug5rpWY3Y1rLub9PuG/RINjx3xQkAVibHks fN8itEIEL1oMfE9idk401wp1JhY5wAH5XPyNcHV/2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYt gnPucnV9o+z/khBoJlprPzkcVRmtuW17EnRDah17ROzBRusMhWSD8ld4Rx5CK3Ruur xQ2HQ5EdzB ucNbH0/eHZzBfaR8A 2Vm56O1CO9luAtUZ0qED/exdWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0 NGaNOGwLsX08n3KScsMKIaFRHgYSgqFwe9b2n3tW6nR1sUEJBkOtUzRAS0DbaIa2c0JD WX1zYR4N bUOVZ2FQE0hx uOWt0f7oKyBkYSxEd B0jdeZ7N3yHaBphFloQelqyggFte7PnNrxUuicVqxc6nGsa fXd7Gx8FWQqGw+h3fSMgrpeaoaM50JLNcvIljxasGYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZV nQ zPTXtWRs2ZNbds41AcfVQNv5GaYczNVGQCUtAuSYcZOD7/Sa+57XP9QXymfXb8pffGHm0XaShA YZRUeDPkWnGoqnRJZC4gttaWdAxGXZtHYevNCsmhCC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZb cBxrl/hnHGEtRp0BSrGqa wyqc+8FpAjlJ5RR3WNSH8JuzLW1bfAct1klDGV2WmabtVaeEXks9USE bVeqtUJaI0876Mwt470xUVkipR1ujt3YZiyERm9l bwnEmtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIu r20kRDEDDR+Pc/B7sWMMjQkb0n2ptQGhbe/dMyRpn0E3c8RDFTLGXHpwVD8rGWi4w3BpBHNa2Xhe JzA7fTdaILN6G3TDoXE8Lz5HIxwOTO13aSh0Di6NAAVAJEZ8T1opAg1HZuiAwJrbXsJGL9ggyS1h +E4VkOWVbxnisIHUgGwUhWRXqdT+TCR3e1MX+dJ1brddIGQgW+VdfA hpfOvCvq9ali 0AIORhsRwH DG5yUps emMVc+9qnbvtmU22CsD1DrBo4UN+9dLYawWZ2TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1a awC46zFca34M2uOJC2iWqom5nJsUVERGUeLtU2sxvr17PgAgTUHctuje7yBGe+J8+00WJGZec30z cwAgNTAk+w1fYHtQ6jVSLrhSQTUaW9fViCAJRABf7AM09xFVXg0UfEH6zeHAwFKjcxGXAZYay7pr Z1NmvPcNLDU1NCDxVUm1ttCWjm+4FHhVIInWltRNTajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPat MLEuMS4yJZYghA4GpgcgKE6zPDogbCQeERxy0ymUAcy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vO Ey4jAzho S9DFJQO2E93tLo0KcJfbgsCCNiwxdEI9tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJv wrvxUkNQVBRvOtqc7oe//Yd7uUJPWCBOTx1GT1VORHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzs a4Iet31rREFUQYWxvnuVZDQwMC1hcXIBmPH2vyVtLUUtT1BFb1VULMbQfjDQny4NIUFTzrL22jI2 qHDQuEG hbXe/LVJNU0BDUkU8QdF8MxXcR7Nj+ QIZDG//IaxkN1NZU1RFTS1GPFhESR m32vZT S1FV 70FCPXNrPGQo2As/PvfPbWKF44xsdS+xTpRYEvErLAi2MSQniH0xoyUwEBsa70Ih nulliAdEDVrg miCjdLcLbUaH2NNzByYHZQcbAvDpAE1cCCcPDE3IU0Vp6g2DrRZSpBzHMJp FU1OLTyx4FoV8j mUt 5FymL1kzDjoBJrnOxLJdAXR0Gu25jsyyK0StIQ2Yd8SEdOwTY21kAO7GBQMR dmUASWYATJAhWrMA 6+3nMWLZgF0AbM+PR5h6J4+7ACzhHXoPXweKE9xsQ2NjdQk3K4+2BNwAPgv1C5E84kbjRVIt sRxP To8kt9IYHAAAKCJQgdUI3yJDIlBBVKHk2rMXQXUK4fFmpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkW NCJYE0IIXRC6SmM7ECJM2EuYS0OsD2xb3yRe dWK1SyVUJbcFAw 6PdsdwE+HQ8Ij3cgA0cu3gGt4j fgAWLyc0wmsNRmgsA2cl9P8PKw0CAEFCQ0RFRkdISUpLTE1j4y+9wFBRUlNVVldYWVo0YwIuLLBx ZmfEaqVtQnBx/6VuDZu5dndrejAxMjM0NTaGHgT4Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0+9jwF7J FU4xbBowIx54GG5N5+jSUsEvbDFvtkV4C5R2YApENi6psjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBC eUCynaEBTc4eIFY5Ha62NgGbQ0IyLSqUttZUeZRAbVjVuG0LG6x0L/N4RzshCWLtLbwd7hF5PSJO IjEADzT0awVxLVbOaYAxaM4Ra08Y/EMHYq0ZaJhqiwoxF9CgYQaFCjfWPjGsnw2LPV8LAj7OT/cu M3UENDhYLuNO2ouZa1CMczYrsPdmJ71JP0fBqQKUumHN/yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16 WmpmMEWIbEPboW9+QWIxNjQivdfUuET7QGlRuNoL2OlIhEyPOlpkr9F2uaefU89Ee7cvovZIn4PW bgVDoz1113VixdqJbGmYN2KEXDDCpF6aMa8thwZL6rCsmZ03GDZYhC6NAElUM4i5eAn7ELK2lVhu o1JDTyQEPidopXdiNAd6EnsvkrnaGe8XLcvaT4LLSEVMAEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAl gyA2GYclXKNcKix 6rmujbsJyDTYjt2LBNwtBF9d4LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUv lRVKrdhLV6haaCY+FkVVUkxEwTUNHbAVeq5DsEbQQbXW3lwDTzovLzabE0PT17ZUeXFzTi/qYWis i/9CL qJwP2xwdj0xJpY9JirAb/1ocC Z0DT13ZWIm I2xbCmcm8XdxB2RPQd taO3cAOj5hi+1MXczo UC0vy1NzP6cw29 8pcyZrZ 3M9MAVst0OKkH09AI9VxVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0 mS0HJk09bUchaxCL nVMak+MDi0TiUWhsPXuGDdZiJudSbwic4ozwo88rzwaHpRd6Xy tbQRsazGCr GF+L7Lnc/v+D7CRTVot1CDPbV8ZF3FMD3W/eZpfb5XLf dOB34WEX4nLjZXK5XC7kX OVN5mnnY6bZ ds3o6S/qczfr7F2z7Zrt7 ifvRDvw8Tfy0O1vtm0f8/RuiF31iR4EC793C/Qv 2YCNRfxQaBmmjXlQ ikVvv/H/C/bYG8ADx1D/FQQQh4XAdFL+E4B9 C3dzBvoCfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ +4eZ7f91/AwAQ8VfXlvJwxa3g3Yn6/D9geybVr4Fflva/ldWjYUA/wBqWugOabCDxAzMv ezOEFZV cBGLNVw3E43vN/doiBAX1jP/gL0PAHT///9uiow9CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuA wkExR4C8IePUW0YOYW52UAZID2oBtNnc1o59WHcFVC23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZo BLldNnTLUMj0avVhB/Z2l83CZvf4Loz5+nj7Zd9vGgpKB4iLRQiLPYTYjX524X9Ag8AEUVCJuf/X 7oldCDmF8+XWAlzY/nUOaBhA36Z7n4AMUA6YfDidIQ8v1s3chKmfLSZ4Vgx20vD+SYA8CFx0D hk8 kI2jpnt22FAr1ghqIDZ0KNh3C9+ASWoCU2oDNAJ/0znTHHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQU EBFk6xDf7sxkJWA+dQ//+4N9CAK4w5rhD4wZa88gdf0+mpFiLB88NZBX1i08One/dWRQC8RiaZql x2jFNsTFxqZpmqbHyMnKy5qmaZrMzc7P0NE1TbNt0nM309TV1pfbZtkn11fY2W4D2mTbb03TNE2W d3NcQ3U0zYA0cm50VgvSDNJlc2kfNDXLru077lLv8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFd PxR1KSmDxgRW2iOVrbGOVp8h9FUI/ghJMl4/U1eLfCQMJUPDFy47+3QdRDj2s d6cdO1qEldLBhAC Xl9bw2r uhukfNO5oqAYTkCHpfoQg7FkPnJT7CM22b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT 0zQ1g3J2L 2ljTtM0TWVQcm9jh7Ox2T/ 8/XNOlB+RTrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9Z OT51Cw wdiiZZdXgJ2u7fb2XhDx5MBR+sWVkGIVgmFnafFgCcjx2YBXQpfgjfGRxfV2gcMXgiIyOw D7fAdrv4/2pQmVn3+YPCHmnS6AMV/9MZPAWtO8nBLRtMQRgERhKctXB7JSTr8pBdL5gjS2bJG 2i/ AWyAC/iVEV+kaJUfmC25Bfj+DREh4LffPCwQbqDMVY1sJJBMxABr21 oqQnjRDIFgGNk6tq ewGwtY EngOrO6z9J4YEHeoZawRWy/9uqwNpOxNrIgCdQWEVPZvW/8Dy PfZi8F5AttmUGQGdgZmx0U GyJHP 3QAMYgB1YgEMdv+/wNsM52o8mQn/UlAzwIXJD5zAjUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJBv D2ZkAGYWPm5ojBKzfAMw3+1mK/wwX4PFcMOctK NosQSffeHfw6E FacD9Q0cFw54mFWahaofwQXgb lMjB4RCfM/4bX/rBw4tEJCHrJYtU+ovwhMl0EYoKF3j77wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJ QIoIGnXVwV4167/bzv4HOkwkCHQHFvMFKg722RvJ99H4wMLDI8G9UQAQ7HQx7Tfw2S z8XQy/ /00Q D7Y4AtetsYEDRleJqAVZQ9pS+/1CWV38O8F1DTN12GOSbN/pLQZ A6/YrFAR4XYPmbrBNAFUMQ5O3 tn17Y4TJCDoCGEFC6+1QAQIv/+LxCivBNydWV4t99 ol1L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW /EYNIyPueeKX80YPvgQ+yhFZXN/a/28 OiEQd3ENGg/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0M iYA4vHMF3h9MStCDF087dQFGGSd+N96OzgBUahTvmbcTTbj4oj26liBdjhaL292IGesWECVwRLm1 pQiQUA1/uBDuFly3/9ywi0Iw/CAr81BhB8/arvTEO/DtdFEr/tm/tQPz7hw+jTQIA/cai88ryzvz 9Vu71I0Vcxv3hX4ri8Mrb3/7ticDL4oUM4itRjvxfPXru0H/hb7E9uXAfA8GK95AGQvoSUh19/At BOtmUEYZUA2NPCy4zw+5trae+C0Ar8LWtLpeW8v4nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6X ZfZ09y74ZPls65UYcvpsojmVkuX4ZEgQaLTgpaltC5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cK x FZWHJQlSlsFCAPXcPe2j8ARwfhqBDb8GGuG7cbTPvwEu6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoW UCwWdXnj4McYV4gbgFM1UEUfjtObfimuOXXmdF/W5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz +XvnwVe4aiiKWih1Hhq6/23MOMgDwTvHdgKL+EfmXzmCcaEGwc1/6wL50tsvnWBRgPkgdAUELnUD B9KlptvxDjPSmnqVPAINbW NjgVX 6+TvyyQKOF/7/QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgw g+EHQtPiwfgDioC42+3t7f8i0PbaG9L32ovCwz8DfC4EBn8pJZHecO5r0htJR dNUEaDPQ0sNjeyK jDlnDWQJnNpuPUALfPKbkZiGnhqCflNkEMUwOrd4DMkA/I5jG3v WlmaJFmb0FOLNuTBdDALkinW2 c9t0DgQ4FySdBgYIb1xoTgp0WTQ7wooO61g3SoYJAeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwN rf2lW+ 4D2IYUwekC86UL+LjlkvsDA9DzpJ+XOy5DBrFfoy01rKw0fYCkM7fCpRLBCXINt3OENV iJ tn2nRqRGDe0PBttiYbkMQQLaVnzjsx3IvGjJXxEPnsFeGl+HGgR562UtRh23JUrw6EMEl2AzYLr d Mdc2djU7Q30w/2/w9rhhBD DVUAXrDkhAfQZvY3uJjYgB6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3 UVn4ricAYPQ7ttTQvkh9a4 H+ueFfxQNV9nYr/BGF0nRKyE8XQAl+C4oTNvjS/4gMPkZASnX1xsMu RusnlPyOzbFgxgKlZgHXr/2dXIVnpSX/PwtU9o3GuxIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdA XnQD9/rEram SpxrnMFBbzBDOeHtGrsj2sXXoXhsoBVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/Y haFFU3KL3lApJoXBbvCL2Fk7F1l8H3MA1G1b20YKA07WwTX4CAZus4Dr KPRU4OsDOosOWHAvtdLJ FAHdeAEZ2FwQvdzuonzNEmFgfwmNQwoaFEzX3jWcAkneUmESoUPp6UMS2AXr7gyDwwYO4g0K 5EN3 Wy1hj0vDV+ g+f2G+AwNmgCSA+tAxIUD39viF/6vsdEMYV4xAU+P YtZVFWYvh5BR2sPCw2D/s74Mg LGm6 tG3 GBQn07 IkB+otaau5uO9+MIv+zFf1fz9ETRv4M R1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg7 3XU8LfG5tQILdBEzAZdQEa4NNvo7/YnRJEsZDmOh7quD7xAIiQoUdLbObW6LGFE5Cw8YQGj M/Z3+ VesBVZvZtCREEAZuh+EX1SgVRvOFjhC2u7u1at+gMF5dOFBVCjxVBnVvJ8rHZF90JEBTRAg/O7NJ VDGOXARVUxvPVip2Vchupljoct9s3YXtLygnNDvuD4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75 DyAahF/MbQ1ziA1/mfR9ZW4zsX0qMVmJjSTIMN+Sd1foliEcAxgRsRDrBPxntu4l4YO/CjcBNp8N 3pwsTQgPkQwDD4KDtyPha70ZVfTwcXR2cXuPdRVW1YHHE JjbiwdrOYLUPRhbPMbZYrz1dolGcQeN bsGL/UCSSZdqJeErXBJWQ+tyGw7rFPYciawmBgc5x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg 2y7ZHv8PFAoUGiX+H8QILw2LhLbHkVO ehS5kZZEkeVxEwY vR6GENYEsauGI9/ntdW4HEd3tv7Vwm A1hU+XIreHahrs7inBYRAiRqZDdytQ3NmEaRfNY9sSc6uNGur77QLVbkn4SrH7U7xVHjO8V0USG3 5CRo7A8iHBZaozQQNEkPKt4NuUrmX+jrcFf3Fg7fOsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0 RxyldI1GCGj/ODxdnyt3GKXU7Vf9sJXoAgOPN+5Wdalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2a gAf FD1HRAK9lX034yIb40gxZf89CvLIdo74AQDHq2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR1 62GNdwTRWGo166RCVzrkw pJWjne2na7mgBEK6JMVo9zWeGRMESiL QH1JABvW0AUHo3EVtY1CAxj4 gRkt+1n90wRrwFgG9Zv7leVk4Tr5g3r/dGLR/XYxLj EtBekJ744MC6EE+ cOL q6ltRhe2+FdIgAOA 6tCuhS5AMjyuujNIbYd0U2cQXiQBd5DBDwwzig7W9G0cYBXinV kTH2xbo2N7dcW7LMAcDNvimc0w CB0XRjI3XOKWBXXj2Ylc2Tw8QLGSy950PyhUFN5/Fax3eJeIBCtDWTwZFrrBSr1vQ Jg3jFRrie16 T/kEKwE3IN2DH9jrUMQrQA/CzhaymBUqhQvdjuQrBl4rQNxLJdy21XmtYSsVi4OzwLY3aBF x9+s+ PgY9Z4kjexOKBjwbpitqsneJgOR0Dy3NWdd4DdC 2ub22hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65 JyN6d9tILgdzP7ZOea/q2vA uLgFc7HwK1kCWHBhGvAP2xlHD0KJBI42UBguw0LA0gEYnAT eyIN1l h8aF25mhhgYZiNy7ZeEDQ0cON9kfA4AjAAzL3x02MDITEDyNRDcBgDgclUFOaMcZEAXtgW7MOvDm NesVECeE2DZcc8cUJoTeaqO2UUcPlD5VrQQ3akld+iVwEGAwegu1+Wx6BQtc+12ice1TRcY5HRKj dARwFsqGBTlDNffRC1up6wtMB/+OEzw61rol5xwcSIQqf+TivXvwGFMoi8srDRSs3VvQvDGjeLJJ jO8zb re5VYiP5ruAE714In4GbvhTi8WLz1oyQFmJLnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe6zbbxS 10oHCQh/2e297HRnkYoNYfghBdFye+sqQSC7MHwL/Tl/xRoOD4qIeQMA5 SOx/1vKh0ChGWvAZJn3 +VUVgr+NfoIMfrk9DDLrHWef/G2cIFUVBnwJPOsHCEZqYQnHfeEHwcN5XRdMmcEvASBg6wWu0UtN ohJrBjrDogoh5ngWvDUBJxTiH3TIRszA hINHLmzC1EaBqzR83pxQkNtbGOkXnF/iuA5W/0YXzKAw g9rixl23SjFI+5o5HhrSr1Cp3zidHHQet5gJWoDGs0Et K85SXI0P+0I3R0A4BPONhBVDJ3kbLNgB b1lAhffEUqurAVdE+M8WPxPmuqsgwK8 1RkeB+2ymk/7aKaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay 5EhkE+UTuhwVeiSEQm7mdnQzRCyR+C yRE0IsGRBGUXv60AKd +cswK8Q4FlD64ONWecpR/GsOU4sg uRMN3/j2jwJb6QNIefAffg8Dx9pAo3YrEr7IdcjWxe6xVL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQO VR93ATbRPSd/Eg2NjbWlYOC+MsvVKOLBom5H7Iyzg hhi8JOGVg0e3C2LdgYLh1Bobhw214aDWsji xMcPpw5qw+It2NlEPes/V xbdYhjwgGYFAJUcAYqvmbBLz4gGZIShfLmItWgdJIXRZehQk8gEeVCh syQNeP4NUB81C7U8ZywUY/47N3sT8in8/GwwEv5mz9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPII FhfONwRZSAaNjDxaYta2reuIsISpzW7x6mV5mPkhBkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruP YnQnQTvKfPQLaIPACmCk+GgtDAzn9CZkqH81UkBqf1AQVoBQZ84JeC1Qnu++w3chIlZjLXQjVmh/ Rwvu53u1t5yDxXj0/p RkwRU4uO37EO0rGr4KizbX6HzGA39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1 DjvzSotWCDtQCHMCeO7DW60MxmPmgfm9fgkcWsh2/x85 Xg R0XL+Q/FdTph7NaE8NSxJ0GTJoboxO Z0kMifD2MII9T/BFCIlO9GOOsYmJMbg1jX4Qx9yzp2p6/x8m/3ZCdZOzPx0wCFlFV18Uz7lIzkBf p/z0eidqj8Q4cGT/QAT omqxRpcYv9Ona0lGzYyPxqANmIBs4mTLNPXtSmQlXaOvfPVTJQKcZvHQO LIRXwkJFx81KVs4s/JjkgICGOW0TWS0Q +zW7KlJZYoG3V 52u1M7OD2H0LsbocDK1q+4fBEhxLpjO UCgeXgkcvP1+c2XEDA9WxkYFAWPBWaP7a9AJAjQyAHYHNezMa sFqAcAPU5NuW8QVIH4sdSDEfxdt lCu7uTH38Y1IBYXJb1To+nwOPSAcXgeD5DfrGiPXUtuLTgbGaA81swSu2il1tVusjR jroF12iX7r oWoF5Q33QSPHBMQ4Onaz2xEmHH/jaKzAL2xs7XaD/wEPlO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg 0A46CH4mV9j+gkgBO0wccuUFV91C9A2i2IH7oB+yGUI6Y5det4F9gf1WeUdXU1n0UltTi P9m O+FU O/DdVz+hKRoIcgpoauky/NTqsAAyFD9E1UmTu0Q3StQl nBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD +wMG4YQ2nucs4FFEYn992Aw9UHLPZLNqZDJ8zffbjKPno5AElMO53hs8wCGkzDUMEAx/iTYAnn4W nw+2CIqJIGIj HosVbQKICIvt1aJAfzb2OXUMG8FE/+3tfIi/KBYhW4ld/Dvef2ahQjTa2 MYrMBc0 +MmOW8B3/NQ kOkn/N4v0Vg jXqlwtGQQDxq7E7hiZiwceO9hPcduSg28TK1X8A1ZLA0krJdr+rtbK CYoZiBhAQXv3RzJdYGsrWwHyi18El6LROU90da+ZD45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhs X2Fe/VvMCHCb2YjTfTjWxF 1q+wuNjV8BT/iNHv8 tvHVdNbMVhVDPfhMERJYcFyqvlBAX2cxJXagR N59/7bkSfSO+Ec++GRQwgLoYFkBZfO3rDrcaNekUMWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1w G v7U22LshSBJP2Pg7wn5DteJN/DvHfj 8rwQz/B3w2S22x0S8WA847132sAY8V0RB8UxFCQYH6/lLp Hkj1WvcQNzY7W+b Cl8uL+zt9DIwxiYs2dRJtQl9oFBFoEBRYCLhALVbAg8QGTXW1PuNW6gDKSQAD +oDXYLAHKHAo7G0dtSjRj5p7V84Pwq5EE6RTTRVRVjp/eyvR9JMF8FDryM52BYvOiQNKfXMiXQ FN 9IhfpjfCuV+iPCUIJog9CIHfWijK8OqBffQAsNlGoltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5 X5T2RkMfsMwix/fGH7lT5YkyjGju8WAygMx8I7EVzra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpE YJ74DgwWKpWFJAS8RZ8tKyg7++QDW+vYtttv/Udki09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBfx cyhORHPUUv0v3BQ+iFQF4DgcPoJGPwzrLt1y6D8MMdSDRXCCaaDwRP9NbAhWLA83JtvJYF8JZI7r CEscYGu1ge6yg3SB4TsY6zQBfNAOYBIwGPTUWmVZli0BU29mdJZlWZZ3YXJl XE1ZlmVZaWNyb3MA lpNlb2ZcV1mWZdn7QU JcV0FlWZZlQjRcV2GWZVmWYiBGaWxlUJZlWSBOYW04SMFGL/2WdVE BuUWu 2p3M/qeh127PzMcCGZDMQAMWDJkV0PZ6rSJfGNA3G+DlJx+czP4+5llbxwWI1XsI97AAGqMN78D9 JxCDfiAoD4JqWSvJ/zhGt55oqywgPa4RIgYsg3eDUkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoP DfiSNIXwCSjlo3aVgIr9d7kAjhHYtmBHnwoJoM02s /H/QluKVfE8cHUSgPpsX6sIaPy2v1miil3y PHR1Gg94LlgCVP5/mw5idUc62nVD61I8aHUF939rL+t4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtc ZHUTDWJ0/ca75048ZGI3+3h0QDU8d191EcaG27weYXUMdQefKOucLOBDqeMafmkE9hb4OWT6GX0s DRvKW+/i/UfB4RShCjgJweAU7XNILPwNFTlOIHcz6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYvA4C dQmPX6ASY3DqXJ5lV07YXLCL7zv+qT4Sc8AM5dxOWTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/V BbMWP4A8OFz5GTw7E GcOFV0ReBjJcoyTaEBrpP1WfbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP 6 xEfzoqPmCRrrNe90Odm23A8OxsI0QB0rswwsnwRCdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27 wIRLKIkMSCJB2FF2VkKpSkNIJ1jhF7G11FAtWXkZ+PigsbwcTlt1ygNOGUabtBivDaZpml5n5 Uxv Y4KmaZphbCBTZZZlWZbwdHRpbmcsW0FZc5JUZSyb5bZtRtNw1NVy1mybbdfXB9h5StnaSTrb13Vd 19xG3S/eG98P4AvTNF1d4RPiTOPk5agddE3m52LoRL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwA LzRMZi QDchnEVExM0CjBJNdF2As77EaB7FAx1yAM4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2 sIizrPwlEY33JCIWip0Nx3wnTZ79iA/8aQ97tmODxg5DWd78LR7QIlA3Kzj owk 7ZpFbnWjtZ/tX7 a8QPpgVafrymb3a7kBUoP/QEREVFsP8FsX7YXxpoqGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8Ltcnd vNFe9sIBdArR6oHyIIO4FrvYFk0CCU4LFIj4DvD9wPnkfNujQV5jtbqCr4ELb4hz0 RnBUooE0Ah/ oQt1chS799BrihYz0IHiCv/tA7XB6F0UkTPCRk916mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR 6QgFC8HNZldw7N+ e8MYHZokBcgrcBwqy3Wz08NQHbPCDwMQyBMPINd7yL+QnZULtC3Dg3VYARmpC LiDjMirU9Ws7u//rHSt0q17fF/xU+Pt9+M/RbICzF9COeRlTJaxhsHvXPMpRPPUuoycxfHOgv6Ev Fl50Ix3tV86tsQZkVtOq+I/baWuq/abGB/UgJAI9KssgQAyEq ZZnuSZ99NH+yf0OAoWgHggQai4E WQ7ZC4gW2Jv4tkS8xyRQSwMEBMJQbjPdDSu8C gAFjsG+A62wa5qQwJIvRxN0Jeu6hXL3FpQK xAeW F7YsmO1uvCAJMMYCnxuN0ZgW02VFykWcbZFoawsHEBQNziHourIQoDrSA6Sx5itdDx5QpUB41GvO nbamArKKHjwwBSjEDBW/DVQcHMVbyx5miFvMs/Asnx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYw s8DAIysYTNWy6HwtMjzPhsvCHYgBAhKMFKwKcwFsCK5Tme6ytcZmRTXYBQYvoe02 gtypLgfeK1hd Trbns+AB4g Hsa+TYiNGbFZKoBCGIPGd0PyrGXqcsOMU6M00BQK+aZYhQvEdFiUvFEmPY8bsInWwF XYDHO93F/5PJoh8IB3c//ySV2Vvn74ZN+ugmRDZo2AYvaMjn5+fnKGi4IWikGmiUE2hwFbPm5wxo WAVoSFd5l0W8YxBoRBGQA3apSzzqLhFKNmg8PYx9dnIsICtoaBgHjVbxrBCQBoHD pjuYdC9ZUxzb S9AomeIFAWGOFG8VpF0YAX4k3beCkVreO8p0CCRBok3WNfQDWZQFQDfZf4QnA4XSiVX8fhoZGhcP fwP+gMJhiBQ3rfx85saEHkdAs0kU3L6QpFW0nyDfDZN WHI1wChqEHaFsIItKHbd6WqZpms4XA4iP lp3gTWSapKumV2gMJzRI1W3KfgRHGGtbx5d9JNJafUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOm httQ5hYwbwmBxojhJcMNCB/ZhkhNv1oIfUAfhBf+DP+L2oPDIdt+HR7b+3+vlD5aRzv7fOOApDcL eVuGv+FvNWotR1i5oCmDwQgD+IsBdf/G+5D1mff/IMxHWQP5O/p93kH3RjAMxagqQBLugzzFfQFo 9DYgFP80xaTpgsTMC70fWjKckIOk+DIAGeYzIJf4/L6IeIUJk1dGIW0nFIc3A2gEJzvxEFYPHwkl UHwQhRBu2u0euyMgEc0PfAcNJBEfWUOM+M3YNgV9UXLDmYxXfQ9d+oPHSp1M9v9+LCwbGnmxh5c3 dTMIAyDrCmyUDN3ewhuP93zUbB4LaOt2t5GNlWMCs05galAdycmFRi0wGfD+ZORl4SAtRvE78jg3 D+EFNog0GYMIA56PhC QQKHwWFuwu4TX 3JBYSFXwNhgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0 IRlCJpNZBLavdMHEDmWtVhetnibQZJZWR4YFFc74/bZrw7MWhCtEG2gU0NA79Tq88GGxHVs2csOf A6sFZDNmalWzsU7fCapZ3wdjSdewHmgwxgb dDBKFAefIEICmqH8knM4FBqkgS30HxoZrv59/IAGA vqhTV7usdSQwaGBjP8fniFMzX4jtNrN96k8m9VI5efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r 7xFTWAuaHd4qLBb7wuxsNhT6WRkaUDMHbW08cPtUrKzUXOaHAvh6k2cKMqkGtHtyBanq0 lfaUfcM IuSC339RREaaeuc9Eh4w17xEnMlXBXshf hhG1LRQi354A3M 5BsfgRCeXQCdZPCdwwIYdOCdFQJm5 W3GCDOwerRboZDAD+Ghw/7MzhN1Ude17BBuxb8sHzCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1o JA4gOCHYwJQI/FAHO9BLhEfighAPhcKEGY8g14QvQzisV2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k 40EYMvD9xmYHXl4TliZToMloy5fzP GiQWNKdzF BoEUdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiI vju6pjOUnrAG6iB96EnHJ4kD7IE7r30OakOFs9+qdh7rDlCwwxaMExEHgtYAbuIlbIAmAB5Ut/8C 8GZ/YN7oRHQ5SEh0LQgOdIGwQLQcBNC0H+oCn8EKzzDrJScEUSH06ZMvw4HBoOvvMK35/W0mMYgW gGYBHwgCz2Sd6+XtaXQdBHR0EHd1XtwxIjgCt4LH1/+xiK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm 3npIw20naEzhVhhfT1AJ+m9T0WfrheAS/yCKA0M8fHQe93Qa4vylnPsWPFx1HBIKaw+IAf8HgP9g u1R824sGIJNdwzx79pvKbPmLvYvTRooCQir2se6lAAx04jgJDXXr69Ul9AZto01BUn+L0Ukd3ErU aA7nZHXSF847+8DgRuvLP8nr J26hQG3 5sJsI6xk6B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8Pp Ckk8JKVdF22SUAsPSYAh+wn+RKk3Pm9TQv83x4Ypih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBy kaM3Nn49dD08KwM8YzU8fzOALaBxPIALQSlksm7REAIORls8130h2qd+xgQGDQZGB5Z490QKdLIM X 4AkBlhjkIOkaQqgCkGSAZmooAjbaaKHW6RaUBghajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl 4mmkgG6l/opMDbxfiAr+D3AB6f73X3PB4QTB7gQLzheISgGKSAE YAj5blmUPAgZeGQKKQAwGt98V 4D+KRAUMQgO9GCKxFc546wUMLMVkA4FXLnANgkWD6Hi5i K/CBChg7AEqFRf+ffBhPbIAC3FyJlBX X+itNgJc6Fw5KZMhFsCZnzWLRkJK8P++/gOKhAUriEQ183W7jVVBemeqC45Wl445uLgHBs5Latcw FJAB9BZaaNR9CTmXAxgR5nZP3g0EfQ0NQ wQKQwzrW4vW+DX4iAxOZUudTKGIudhyDR 2o IDaGEF17 BHKe4G1XnwG78ClEVq/ndCqIn22DdqNzBN09CAL6PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0 wVx3N/rei5y3tMCNn7TQZWPlIOabUAW7oWeMcQ9SD9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cN VS0Mqij/t1Vou1aqsaAW1ZUbwIHHEbAHGohskBaaje0mRxxoiBXXGEOzBsmg8hZ8ti2sRBAzT18n G/eAjiKaWU/t/G26KOV4i7jbaPApNVWzA5KxWdOit73NJFcF8r i YHUGz771qGlRXCslGr/tBVRSA jCJSXF9wQUy5UtxffAW5UWPRuYQjVgU0UeYm63ZGaPirV1Y YUA0FH OBhtGkzCUjI91IVK+TzDnSD EfjAw1NIRbnhon2fGgGvAX4IRQcPjArCaCR3wIob00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J +3OhDW74fUT4ib1E+kLsO3PAH15ZDEELg3yS3QpL9U3DjbVP9 KjEt6vdXnVzi7G/AT9Fu PfgAi1t BZ8jYSNorQcMEwxAd7vBSfUVUA/0IogYTj/8ZidXvgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbD cJ kOhY6xiiEpTAJjwhckHDChkxuAA0lDhHsX5yVtiCFucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7Acy RSFipsfeLnzqPWQUnEYBJ1X0CNrBgNJ+JRONgsjWJA5YMngJV4MUM0kCCnQKAA3ApVgDw9OX/xxA c9IUVJaDyP/rrCIVpfeOwluLC9XgCZl2PzBFGzmkYlfGBzAfIlrVgJr2o Mts/EI/wDvwVyJj6keW kW0ICFoMURAP36D7zY5IigY8DXQMjgh1dAQ8CeZqiRITMOtCJisRI8wq/jQlmg5uYkYyPjw6kA0K 2gb1ZioCBBc9DzhADfQliTiEDf/wEHwi2s4mSc6IED6B+Y2N/V 8xcr7rAU6ApBIAXc y5UAfCFVRB AP+YobXo035KqQ8FM Ve7DiQ4MTJHDbt7lTg6dWEe8CPFZKZGD9wRQOyKnrlG0soBRnTST4mmc01Y FsG5YV1CH8vCHwpCO9d86nUMAihCuvbXdR0L4zc+CnXxBQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1 DRzRFlRWhUM0UA8j6sZOjQrhDTbSDQCOkjVj/YVquQ11hPNHBIvCigrrH6Qo1C08Bxc4PHUU/Kxt fBI +H4i jFfGAIgAMgYEg20Y+DGLjBqzwdDJ7ECSEaSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZK UrKKlCCpvtFb+foJdRNBBzl/EoPSjQSAJvy/l9REQtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqb SL286NQsclM5QlAWMF3cKqC632zkW4VWG0NdMSf8s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkHMQBc gB8S5 WC MQFOW9P0jclWHar/lYrKuB9iD++T8LYuCy FLnp9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54 WTvGWVqXPd1sqxPPSIzjZr8F63bfIE4xiLxofARXN9ts883ENHwHPSt+LysmeHm2kTxsWjwrwUWT 8I8xPrvVGmDNt4EOZDZUUzRurU5zB7+NNvoAkuc7RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oi CwYeW149NIxqi6pl4+PQ6w3WG5oNQslob5n75/h17AjsR1Ho3Q ZCEevuO8IBAIMHLEQRDwGP05uh cpDPBRMrBn7RicgQZ35GAkn edUX eoCoFaCwq3xEO2PxqmXwfd30Y2iRga9Y+iBMOHvdZ4IzohK/8 qsaUOIdRQpEk/tOFh0/puOR2UIPYKiPfZ0PA3K6wKmioUqAt TJpjF1z/mDUkF9CCBumf1gGxgLMz V9keB2NIyUph8PdBjNiHBxAQXtY4+LbIRN9XH9Em2JmsFZJK/LPnI368SHqCABTcKNFkAXvscgHf 7OnS3FefOPC8Ao9 6fec+HIi+uVScW1DgdC tqGS1yBNkO3OGyuVSYqt6p+F39sVa47Qcg9LCdS0TD HqMA7/R1GLpyAI7K yodVGxaAK0j/7zFe0l0nWw+U9hQDKiFwWw0MS1bsPUWQkwPpUdAM7OYC+Tzs /Oz8BTRtHmpfu4RAV9XsXShMjNacOnsIc8nIk/DwdCTsDMT/JUvu7HREixuF23XHIdSOQwvfHbpK g+jjQN2+qkJIdDgCLkjbBAWLdGb4af5yox/Qhw/T6yV+Y3NDGLLvXSbr12jsBtAm 1oBF/jWxCAB0 WI2nZMAAyDecL/feuXh 8Dy93Yq+ApVA3Ti2juyRgj1kVXeIHno7nQDPXj2iRdGD3N+fxQYiMBfyd QD33cxEANl98GCSuF1egHtWmjhmsqYltR4FZIKjElhMkDCAJ Ae8sM1hZkbt09oLbdkIhinn7Edhc dBUEbPG9xS8YxoQFIlwFBU+zzwFDr1w4iwgbyGCRKw0Af1AymMDNaa uWwUhcv2uQVrniQeIrktmr DjFWwpchGFbNgBubyA+GlQE7Y2PkJp8ZLDcCMcBAD4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEV jhddqvM0V1WJ83XOEr7nUjaLNdZN1s2CTUbArVObs2UQpexpGtPxkQHr +HRaAsDC ecKGvlNRHY34 ypJJmu7rK KFT+Ajk5WxYF6Fd 1jldgssmVc+aWNqEXSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06o V6oNmZAAAC869qV XmCN7QDicBS32OzNIRyEkNqcUPLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTEC qA8gyCDAfERwCMF1DxY7dzb71yhj12N4WVf1NVA8wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17iC gWItchAOFyJRoVXdZjonU2YWSg0DJWRMH8PwsqCTaOAnaiAnSNYFYwBd ftyivwCw0l+Lz/fxuHMR PQ0PSwA suOBahHra/LecIzxZIQVzB2iA69xdE96sXDiuUH MLWIS7CzlodCwlIBpnV/J5PHMmJCcy NXCJkfwmJdwlaXDcADcbVHMGYDV79th1BGfeaGg7LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0p DINBcioLMj7J2ZMechcSFAoPg6gaumYoP8ZH6 UMcHkLe3FmKAjho2Cs8chO33XZKc2VC0DDrQT8H A3t4JTdIaJj39zYEOGM7u2zrQVk/JZRY8lKcwGyQMxgDNAQCdqncaEhHV0tQAyUiDDsDGJW7RcC+ JCVYETCkahnVBQP5/TArOCs4zSUcfYD8/gSozkRgeLlND l+fVMIFsv8l+HslAEVhhgCyACeKIiwD iBKmaZrmUACEgHx4dJqmaZpwbGhkYFxpmqZpWFRQTEid+5mmR EAACBUHA/iapmmWFOzk3N TMaZqm acS8tKykpmmappyUjIR8mqZpmnRsZFxUTGmapmlEODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp 4NzY0MimaZqmwLy4sKzYpmmapKCUjIQTXzRNZ7aXEwNsZFiapjvbUBOrQDs4MCh/ kKZpIBgMDBvR QUJBeXbZbQBFA76++UEAAUHy/+4qgQ RPXvtPQfVIjGD5QA37////FSkoMmExMy4mMyAsYSIgLy8u NWEjJ GEzNC9hKAIFYP9/BQ4SYSw uJSRvTExLZUEA+yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYs AzHdkG/2BRdD9zxF7GwW7MEzHgxRB/a37A0GAE9FQEEAm4R PRRQRGXGoUcQj3WQjyqEncGGdXNlg /1snAXNI2WCT3DH8XyeiEUR28gD+/4+l4XUnYE1IQ0gE7T90JpRCgmMC+rI0N7 ciVmlnTL5e6/+7 /98ArTgzC4ADehM4quFOvgBGCuwfkCrZB8BB//3//4zH7wG4y6Noe9/++9VKdlcSBiStT+sjqLH8 zBnn////Duw+7wvaYBqRk8pn2rKW51JJ8CujUI5mNWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplE iL1EqXm2yNO+I6L0/v//P0D3YW9X1C/bjEwPeZygNA4hXbCaKiQzLyQt//+FANglLS22uv4+zmNk MmNGZG95a+vu9jlvZCK0hlY3 OG8tZjtV//v/fyIoNSRBOe Urlhf2hqmaMWFlr49W/IDuTj20u/3/ /2uHxgZSB3HpQNQHvJnZwSjutgXK8Bod/5Yj/////x3IY1 DRKtIw2bzPAjjnYEn1CCNkX7cB8gGB EBsfZ////8/rhveoHFFu lxJVBUPAp+CZibqSpqeMoGCXRnb//1/+gsZMlLWsVbe+GwREqKLoueKu vZhDxssNa8wD///D/3i7vsC3MMZjINxOLE15pLwFq//l6I6fCiEK/5////q3Mf3+/4c/2mm7ZuCr xHGulURcyUV4kZWYpI/8///Ymqe5PeNeJBfthQVjaLXWvmsC5mLVeOHS8////72CGBok041Nzjy1 rr6QHMXEDj/pLqGnbb9VAkD/////4uBQSQ/DPxK2dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9R j3WcvlZHS05UQUBDQkJFQ0BEUC/Emk RER0Y2bkAkNf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+ oBI1IAwUzC1lzf+//f/ArX1EdhIXFithGHKB9xmxzPz5vHtymrLqh8R0t////79IQEd2uD4aOXIP wWRByocSaoYRzMV8eW6W/hG3/9b/ygQ9vjFFvlTFUUZ6gsgELU7P/4G5egb///+YG5q8vz2UzMR5 eREp01BjabrQbNlQbmU4/3/7/8vNRB22np6/wbgdNbpuNU6HxURjHcndRHhGmv/ ///8/OjbKfGFo KyQrOUK+lsKBQiMlRiGs8j7KDCVO7okQDP////8pGVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip /4FaXRL/t/+5vuz6nP64KU6Oyjw9yBwl/0FLqlD /3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1V Tg ////sba3N7pxUL4EMUMleEQ9ncxhEhARI3oq9x66////39spGFkSURdQnplCIDZZPudOwY9hRJZc oMgeRSh5////b/iBUy0n8TYpdDcMR77ynlrEqXjszAT5SVmFVVbp/7f4rVytKx0XW2VJPk68Jima jbBpFyO//f9/ew1E1U7crezgWjoBrVE9qAc YEvJC7UHsVUn/////5T1WSz5En+flPxCcQS16YJif 9odKMTdEykenLYIaatlf+P/ /UbhlWk7NlhX3fJhxXdZCPC1e5cyXtqJNerf/////7uW4GOKdTPgd 6dVB18p0eZOxw7CXa3miEccueSCUTXvQ////PFErUBh0gy/KvAQVhgRRBcJGEZgrQMEsjOz///+/ TUxbfcA nkQElmD/yeiHEgTVUK769FSWMJT0sGSlMv8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKt bf//W/sGrTdoB4/RWXVR09ZaviBxSpF6ksgUuQz+/5f+hkAWyr6uh6hzgalQcRZNFkkUGMIMtb7C JI7f4 DfNCv a9+n6sxQQORWHO/2/8/8y9JUnKRYB6A001DXKTqD9QyjS5eEXXNUQD/////5 c/qi8O PbJCdGC1xJM9TFZqxKyCvjWwRXo1 kEU3YARa/////9eLGEwx0mwKP0lNTkcSl//4F/ErGEN6Rj3Y R3+5LvW2/f///4E9VywmjrnIRdgCwrpRLOUcGvQqrdG1QZOofpmOPP+//S 8zEMLBQk7Mwk/pZgD2 nCy6PCrKBnsMD33fWPj/ iSt6OekRcnJu1tCBDBg BzEK2ilX/////N3gW1V9NeHE/UVEurC6awXZN qLZwepc8RlfPfdkC8vT//7/wsz7tPIafPc++R9sy9pY8RXcycrcYKhRpWyv/3/7/Sf9UV113t5Wy ArXMVXEtIVZcPE7KUMKARcgVxP+t//+ZfKyrczR+LUCVWlJMGEgrJ 29ZqN9JyXYCXej////Ch0Z6 sj1n4Gz59TGauWCFbYKwLif3OFN8GBj4Bf5fD7HEfgO0ZRLKHEkX9cpxF63P3/j/F0WMvjJNSVNZ yrnKxL49qudfOnbKD//// //LBbhFYjLASloa0exARTLgQKiT7Lqcd073W2yGScX7RP////8JR00n L97qNX1IxPOpnX8h7+KTnYUDYU7DzreCHiZWEf////8mUssYIIyqPNgqnjkgGxh4V8m9PxWq7Eeg vj4YCMqLgP////+gQsx9UXp/PFLKP0UBjrFfPyB4eEnIPcSdeacOD4Nyxv// //95nTJ0vUagr/J+ S0c975iqURJGQ4OqUp5ZxR5JRKtqFzf+/6XhHcS3KhKqnjVkZ0ahygegLJmzdf9G//8eCXkXLU 8p H9ZfdXEjP2Gpu3ZynHJL YtH/C///UE30miwTzfjGAU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7Z cTVPA0vCu wKrXx9GqEmuXoEBqrn/dRbHSAL+xv9LjTFOaklYrkvRUx+g67z IPLEpS9K//TeFNK3W 3Ufy7H5WF08Er8PZDLS/wf/SUfVg8yxOvcTV4sp7Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC 3bw5XP////9OqlNuMnxS/78xbGEpJVDGvSyzWFjFGr2NjTS9HIOnD/8v9f8zUFJQd 7iR8ciCamMq 2R8e+/CUw8ezSHnwv8D/2TUJ/5V0BDIxtj CJfZEWFzz5zK3///+/hN5rVcB5Lj9amUp6z2YrJX62 sAUeMkvkSqzgcdWd9P///whDRaKC9+jKGmMlZWcUSj1lp7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5G cqzWwoq+eGkYP356nD1hOv//hf8N+oW67LH/D Zn/Unn/9oEvnfTWLNgsuBs9Vf9L/P9wYL51sTcg umDkNEPKn0uXPYASXO2ANzL/v8H/BBjlZ5kWia+M3JFOtLF6tMKpQhApXXnAeKn0 /7/go/ds/Z38 6cK/AXpHST9C////l013+ZzjxWW+BULCuOFPSy3+nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9Jd VOp Wrrs+CjxABwS/0f//eq89mgLtR i mFSGwcn50eX8N8tzBQgZVA/4X//018fg2G zj5RKdEeQKJ9 L70p2sScIatur8J4/9b//201S9vNXZPuRyuvGEmNRU2JSUB0Rb0m 0afW+v//W7c/YLpUEHM+21G9 weVEvC8HX9tsBAF57d/4t66XlnDRgEwpbsmTwi83VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHA g7FjU/////9cLPcTFwTelRdzhKnZKMKQAUAYr2Z8+xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2 iCCKpD P4VosziiSNHYwMjyyWbf/////WKI4ikZBukzJ2iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL //+dDpyMM5o0ap9engICoTSgS RyWNd3//79epWqkfqcXTqaq++8qqVaobqsGqn6tXppErP///wsl E66xL8kcsPe12yySdLRvt7Y337m42ef3Kv/SX+i7Uro1ygWWe79t egSB/kdPEb9L////rm5LXESQ W cE5woMATzJYVUA0bqcsRDqIBRHb/7/BT2Pt2OyANOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYT JCYoNAoybrf//+ 0zgbAHL5JKs7I3kSgiJAwm2+cRMy5tvaH/v/3/Nnc3frwyOw34DKnGwIixTwls gW0hVxuRxqlVEv//f+td5Ih+pnEZgWwstLw0SAEfwIVggiJG9r9uMf////+6K58cnQDIR44BHqo7 mAHNoOJ4VgPI AFGBhjeGPFZoRf5G//9MX0pNDcpcRQtevN7CJ0lBT/mhXjm6hv+/8bcqMZLKbO2q WTdV2gwrDkopu1o8Y3f/En/jHqGq9mor8kOjB3SUfZf0WoUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis 7ADMW/z /9m5NjhHid11TQw73vhQUyC9ZyOVh/3+JhWAMw/InniuwP1kzXPn+8qi3If//// /s41rM Bk4mWXq9R49cOkkzS5UGyEoGd/rxmvc/yCBdJP//L/1Rcq0GFElJDPZhFF1lXYZNEYJxrdDsoGRR 5/3////lPkgWm4HE8bGqxC4UL5mXmBn6aTRW5YPhVsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlML Akn/hQv9EWyt8y7B1EU0OBRtfK09oHFG vND//0QSKVFYv9zsYJxeef3R33Hz9GX7QPEtfYMLi0uA FVS7W4MHiP///ws2EsuZy7o9sLf+AILKu8qQgKFRJ0iAqEPgwtv////ghE3/suseGoAc5PSdvhil wj9NQTSzhgdNA5SaEl/6/1PsdyGnIVOCCj5Cb3usjoISCzgUKvT/qw8xh Pe8XNEGergkZ/8X+lv4 H45JQgeC7NEVYDc6McjiNET/////lXkHSWKL1JupaokKgu5r7vZTBvPIH/QOqnj+5gaHT rf///// eo4/RwqegKJCEpqR2Sq+A47IF0U188qKAXQBMqCB9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV//// /3pKATV6gz0I2RHROYm+H+j5U5w22hFVGIR6yoa2kYdy//83+Ob/7LV4xzxnU3ZRZj3KXix54nBH KH2AJvxbfKsqDE8Xi0fvUhhG8tgXFP///y+UBrZ6FudzRgkWCH qANVBy4vQsSkqLAoM2eC28if+/ 8RcfK4MfRczz6uq+Tx4LYQqsCQbH/3+rf7rh+pFDeb+5+Gbq1/zHKlA7OXU7EDmh////rWkQ9VV G GAu1CKzrLbE0YLipwKTnol6IHAf//79VXDVDtpQE9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTV QKpH kIr/v/1/Nl0MNK8Ralxwtwo9rYRXt pNwh4FFCDS1O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv ///Neg26mK81HHq831kjkmgfScf6Olk0rjdWf6MStwsf+u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ6h 9H5/RQ//////NJptO8NpEkrDhUeaEngoovMhegFyTSq5NANGIHox5jT/xv//33hfX6zDV6wQFujZ SjyZ5ffbudpNZ4vl9Jv//7/0nJXbyg1UyA2gz4tlDuWZvV72O/fQmbklWYL+/6X/m18 9kWdcnfA e kNgWiNDnJ2UiZZ2/mF4IX9Tg/98FkTUMFs69Q73qd3KIHsi9Zvrf4C+uyeB2G3Vf+SvMoQB/ZRqS L////xcEPaaPXtSdUSFzc51JArGXe gJKZFXmwjxEGD7b/0L/RqzztQvyxcMpeE0SWhHJP5Z20M3/ ////LoUjxUZwLYCnQxfAww58zP1H/lcfpEJjLCTKkjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU 29sdt72JP09E0lP12xv9/9+mt0JbWEmDHao /4poUoxWR3BWJFUdC/3/rbMgBF6zbikl6Tltili/M n0GJ//Tf6v/y0CE93ikmIQlDCDZNPw0h5AKC////dy5xegxRninK 8aH/ZwZJ+lQ9qWBNXRncQ tMU 9Rz/xv9b0sDoYfuOOYiIcvc1R0IXwUEmrWvp/xf+OLq+HDttVEjTXV0YORcXJx5VHcMaed/6/39D uRYHeoefHzlqgtdFP0QztTUF/D5+DJb/L/T/ZEgX3BfdlRL2lK7q6lHcPL03W1RUGRdG/////5M2 VHDN1uEN76rqEiYYMf0jzLZViABFF3f8NUgREG5V1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/ 7dG8/FHNF+mDxq3L QL/w///FnZ8RiwCphMlAM6tEMlp5KYYvS0ZaaovJFP+3///iFEtZDsyPIq9x hxOBWNBlH7wEzTFN5gsnLa6IX+D//59XUg40i09CqSTdOwfwGCmUzBEUY0rx9P4v9P9BE+z0Y035 hDjyq3bbcoF5QjVgAcF9Qr/9/7dDuFdCgssJvjHo3jvtTfdGh4ohQKPoV1/g2/8cTanQCxITIvcU jkTivWE4rIC9rt/oL/SAVT8LWbkK9L5Tw3tEqX2vL/X/W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g 6R63mNhaiFo2S7a+uGFYAEKLdclPB8n//7/EoWIdhU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpV QUJ6QGIEJoYBUs0ePzrqjK5HSb+d+/X/C//ZTTcVc1HJLEyqKfwW 6 uRBS01gn3tL////L7fZqhKy 5OPXD6waxE0E2FMYPAWpjPzFuE/ZpEf/Ut/6RDk2U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPA VKpP0cqlqG+hTvf+Cxf4mUvLPfHUJr5nTUzJzD66t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+ Kv8v9EuInnKfqlxDtpJinryD+o+8Yr/C///bSp5KVk6f9GK2Sp/PnvkQyyrXzNmvQnz//63/gJwv /rEYagxpK0WSr8pJkqFFrUKcwej6gX+D//9KsfNCJ8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dk nyPoSVmZCsqXGhmig5pXvHnGCzS3H4iDOzSZ ////L3R2AVF5LWxu8O8W+1HKgEJtm OQ swG5DfoCj Qq3j////yF MyDp6ZowOhKwEGHvpcQA9V+xGh5Gr onjMMkv//36pTVWRXEHGztMtVUMlVSQA8yQcu 0zOz/41+68wIvIJrhLdaF0OCMmHHSSIDWv7/X+qtp+hAgFvCUrnh8ZDE+ ng cMKLenjee1/y/1A2e D2q/VQvMNRBClstF3JH4v8UbnUvJRY6KM7RGHJ4JgHWX////30FOUfgDnsRs9/d5J0fO615R/DBq ptu9GPr5UvnB/7/U//yMkS4JM0IrORjVEDQC8ZdGzrkRSlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoW VAcaEpV6RKP61v9v8VwAEuivRElGdrSi+DagdIbiVhv/b5Qrp+BBXCiBvMG2Fr8CuUT+L/3/gt9n TifgQ1qAwcSPzYk+1rkY2aFygIIdf//2/60ywKDE7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+hR ZELOn59Hsb58RVHt NREHOhk0PYIQF//hIxf/jd76tzRKSxgZ6x2znu1bEQ n2HZ573+IX+EQjGapO Cl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ7kpPtXzH0St9m8Yu+v///5KWzEBcUVARbkURdbbPryxZkh9F TsTj6mpxGroP/xf+Nzl6YFPO rMY8Ud+kVxFtVzQ4ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/ 1/i bywnYadLNhkZG8Bb4u0RWkBZ/YftW/z//1CJFExlnzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlb emNDK6kbgAan////l1VhaF+QKYzlULQZe5CDDv8j1FFiH6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9 drqunK9O/o5hRVD/rf5LZXBqgOR9BifAUZ7s4jc9pQnY+/9f+GoHzMMG8jH6nrP7RxIJa31HRQGe QorJPo3+/38svElziCe2mJoL9RorbLSTgxwDTt50/1/g/0g7g Kr/149HXITVbCo19w3WeoVhyrL8 Jf/////b2OXpl5B3iTlRkqlKt5qwnO7M1FflcVxjTxSpS8rcQf//wv9sYFzrkU1u8QQGDl2p/08B JzS64wqrM7FULf9fWOiztwTq/Rg1 dszMBNTC94r qRKZ/ib/198giCcZFmxOm/zEQQYCrKQw5//// /zSo0SdroZ1K6ySmse5 NYdV+bw5drPe01KS6UWEQHcuU//9v/7haCjfADqc0EwWoRXFW1O6astEN rjyxc7Y8ra3E/1/ihofC4RrgUJq8t8dI+qAGBGhG///fugWtnqip+fTwJh5IQ619cKp8kbcn56yt ql/i/6UxsUJzDim4X6ruONnNjT Udai5SX+D/NzxzgaTJBKXDMf/VWjqcv8v/v8D/UD1sl52XWU0h nEdeq1ft+CBEGWFJHKWh////WC9ueapnPDEYYzSk7hU3WOBUMCmNQUFrY S//v9R/SL/ap2nNUUCl ICUHKC0kWEG/HxIkNf///0ZGLigu8rft/E4WMyhGWwIzZEoupB73AGZ/qb/UBhW4KgIuNEwtz5y3 gPczVwTw//8vViQsMRFoKUwJ8H6aL3AxB3ckSNIv9S/tLiJjv6efmt9JJDIyVWCXuP3/MiQJIC8l Dn/6hD5FJC8iIP4uvwmA/1ZArSU0LTkPICyW/7/AfyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W//// G4i/LLIxOA0uXQ0oIzMgMzhzxG6cIdgAuCBOLvT//zMSSS9Mwf YmEw4jKzBVBDnDkV+8BSTrS/wF Gi55KFcL2FwCFyAtxN/g/39KhvckbQBODjFbCiQ4T+aYHa5Odec1+Ld/iVFJsTYyMTMxJ7o9bYrz dLFP/+5339BRUnXzC3hFVkhAgwlTTEMyS be/SP8Z9dI4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/N WkVyRh l2GrcRTXul/v// aVFGEc9kWkdCLW4YVmHtV0El/V/xTkodvHCr/8U5BCdj0b83IKpFYnoh byX9/y8tAyD2pSpNCgFXgUHBILpFzX FCj 8yJA3lGFGG+Iahj/7dtEW3MB YG+vhbCjL6qUdEAy3vj /41HMkYGQJo0Rspfwq+9TzOs+UEr3Q7YEVCBDDKuKg 6lLsEHMqVwiHMzTOEd2Le6ST3 CjjU1yIQv iMJC9oQMNGEAHEwL/Ld/woBDwLxBspXCkEDMVW7CvPlOSvFG7stDA5Sktqgii/7S/w3 0Q8KDRchG woZFwgg2sECOqA2X2LrvFh/Itvg1q cspbc1ANsHCb/W2 wX5AVspGyx5FVKk2+P2/DoFRx4VoucGq qUCxO0TIaZi33xrl/0wjSIE1BMonzMV133aFcRjrshEfSb7XJQvUy///1k5JHZ3IuDhGTvZGBhEG +BYJs+8UKTfbvzM3RshCwoJFqpkQLSCoAkQF5qr5vgC5kFujAxM lMdghaYakNec911xgm/DFMVf9 ix+DDDZIm6kHt0mq9CMAdUEKBBMPnI9R/xf2BQ0NQQAFFwARCANBFBK5yQdrGgoWEnMeMW2D1WpN 7k4ADQZcry1o8IcigaxgLLbVD0goEAxB52q1tsACzr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYI COQBADAKACRRBb9pJiCoHAFGaW5kQ0QBoPJsb3NlG0TM3hXUU2l6ZRfvf/tMTBFBDk1hcFZpZXdP Zg9ub2FvD lVubRAuA3JzIm53wy9LRW52EG9udquKjl1WImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq 4qy1VxoLUUOi27r3sQt7c F5nLUzDbl8gfkxpYnJOeUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3 PexU0ypNdQN4KBubtVtsF3JjD36wdBAH++daVh1GQ29wecVEZdqHN2 sGgxclSGHnCyDdwp1FU2PZ djv5bGVuVN9wUC9oDWELCsNXK1hEHbO3RUTxb8qRtlDEyXB5TZFsW3ZngiJNE0V4aUJB8WLdaHFk H/G9WcAm/y+ZjfeGDbsFZXChNkI 34sLDsDNuWpxlSXsRcaLL+xdsIPxechhUb5MVhpmiuEypDrwl exNiEQ0IY2tDhW9 PRHIB42RlQ2in3F1EbDRNb0J5dCISFCcinJ65r7UtCmOYNipSoLK9J+FUR1Bv aSgZSHvBZu1wRiZcvRMZhEOYMOg6bkVMuKwwaQlpnBakIiYEOk0YM9c4Q3UYfRk6JDlhb2ulRGUs lYQgxZVotcce45vAZxtLZXkMT3Dr3KNrMQtFag6AVlu9ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9k wvhtoKJhbodzZTCKNxdrjHIQ9gdpc2S99lwJehnyzhAUoniuW1AIIjk3oSszKmEqIQJKD2azVM0g AaFVXA8WsN9OQnVmZkEPC0xvd/YZtiN3dklylCN3CoWbcVr0zAxNgsIAqG1Ztk3Xt9hiQP8 EAhML ZVmWZTQXEhADq2VZlg8JFHM5v/+EvDxQRUwBA+AADwELAQeue9JsE3IqgDIEEAOCbGexkDULAjME mVvSzQcM0B40e9k b2BAHBgDAeQhAgFtkeAIYBUa4wnYrZH gBHi4v2JOgmKRwkOs2f7uwBCMgC2Au ZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu5QkAw8AGfL8pezQnQBuwew2UAABKQTwJAAAA/wAAAAAAYL4A kFAAjb4AgP//V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsR wAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu /BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+K AkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/E Bz+lM////Xon3uQEBAACKB0cs6D wBd/eAPwF1 8osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAA B81CD xwj/lozlAACVigdHCMB03In5eQcPtwdHUEe5V0jyrlX/lpDlAAAJwHQHiQODwwTr2P+WlOUAAGHp I0T//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAA AAAAAAAAAAAAAAAAAAIAAQAAAEAAAIACAAAAaAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjw AADoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEACQQAAIAAAADE8wAAKAEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAQAAANA AAICoAACAAAAAAAAAAAAAAAAAAAABAAkEAADAAAAA8PQAACIAAAAAAAAA A AAAAAEAMADgwAAAKAAAACAAAABAAAAAAQAEAAAAAACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AIAAAIAAAACAgACAAAAAgACAAICAAADAwMAAgICAAAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP// /wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AA AAAAAAAAAAAIiIiIiIiIiIiIiIiIiAAACP////////////////gAAAh///////////////94AA AI9//////////////3+AAACP9/////////////f/gAAAj/9///////////9//4AAAI//9/////// ///3//+AAACP //9/////////f///gAAAj///9///////9////4AAAI///3d3d3d3d3d///+AAACP //d/f39/f39/d///gAAAj/939/f39/f39/d//4AAAI/3f39/f39/f39/d/+AAACHd/f39/f39/f3 9/d3gAAAj39/f39/f39/f39/f4AAAI////////////////8AAAAI/// ////////////wAAAAAI// ////////////AAAAAAAI////////////8AAAAAAAAI///////////wAAAAAAAAAI//////////AA AAAAAAAAAI////////8AAAAAAAAAAAAI///////wAAAAAAAAAAAAAI//////A AAAAAAAAAAAAAAI iIi IiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AP///// //////////8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAPAAAAH4AAAD/AAAB/4AAA//AAAf/4AAP//AAH//4AD///AB/// 4A///////// /////////yMMAACgAAAAQAAAAIAAAAAEABAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/ AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAI/////// wAAiP/////4AACPj////48A AI/4///4/wAAj4+IiI+PAACI9/f39/g AAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAA AACIiIAAAAAAAAAAAAAAAAAAAAAAAAD//wAA//8AAMABAADAAQAA wAE AAMABAADAAQAAwAEAAMAB AADAAQAA4AMAAPAHAAD4DwAA/B8AAP//AAD//wAA8MQAAAAAAQACAC AgEAABAAQA6AIAAAEAEBAQ AAEABAAoAQAAAgAAAAAAAAAAAAAAAAAAALz1AACM9QAAAAAAAAAAAAAAAAAAyfUAAJz1AAAAAAAA AAAAAAAAAADW9QAApPUAAAAAAAAAAAAAAAAAA OH1AACs9QAAAAAAAAAAAAAAAAAA7PUA ALT1AAAA AAAAAAAAAAAAAAAAAAAAAAAAAPb1AAAE9gAAFPYAAAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAA AA AAA5AAC AAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwATVNWQ1JULmRsbABVU0VSMzIuZGxs AFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAA UmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAACrxK7/+CuZBateF45Ue3qKVB1bCqs6yG9UVCyiVEwCx5v76a4b BBZQyBTeVKSsF3DIFN5TyBTeJsgU3lXIFN5boJiCvvN1fIjzd3Iw83N8UJ/PfMZV7IUiVUCHUJhh ATlqqqYyPKuoW1X9WKkT/WqCVf1rgjHmG3mfVVyjn1VctRs//X3uxgbkJGgD5 OsMFun0+ASg9NnH AvT 6CYf0+g 4dcQuBXYF0YuCezYfonkj7+J7mcPCe7bvUns e/jJ7BLyNv7g6fn916Ip/f/JCACjBM n5nitZ/X/0SAIbZugKi6Wm9ooAefUVF3nx4UAYAvaoyfUFNHgK6F8p8nSnWfJ0xNcKv6IJ9DPj6A kg4On2UHyZ9lCQSf6u+jn3GgtYDcFkhvhMXbgEE8HZ/zKaOAQuCigGL/TIBDnzqfzxhzn/l+nG7w 6TGejV+/gRTUbZ7BBd6ew23znklqwIE1EJCBONqqcKOmfoDH5bOf1kWun594U5/W2LyAmYElgMAf 8oCSUnb8Lt8zE+AjMhMS6cQM FSXEDBT7Rwx9IdYT4uCBmAFQ/3AR MQeAKMLqn9uc2p/XP/SAKxuf n/cLY4Ai y5ef3o+ucXI4P4Gz4sOemvnynrfLbp5O lq+BQVtRnhujD54xsk1yKKMunRQNT4ISixqd BlqenWsh/50UfTKd84mfgv6jxnCB18afxgNRgP8gVoCyUSaAzjLvgOWUfJ/Cu0KfDegDcZ+yzJ5a SbCe2Gfdgeumq555iG6e2GadnlWcgJ55mDaIRRT0Z6MqWXghVwvsamYu Zw2hCOxqi6l4OvYNZw2p 2XHkfIGePrBdnivJJ5 4u0h6ej QhC nti6ZYHdjg6eIligb966/J/vUzSfqAkzgASPB5/t2W+A BHTi gBnqEoAWVDBweMmLgBxEdp +QghmAYwRyn5CClIBLSGSfvTN6n0QPbHATa52f2UUTgECVTYAigLiA IoGjn/uo2YAql+efVLpAcBCbb5/aNSSAKWIwgFPPq5/LscKfLF4xgNn5F5/Wjvb9bRsMEirRbhJR 5dASiymqmUJWCg1U4EoSiSVRErd5bHH2CuaescTEgcfhZJ4wL9+eLMcznjP4U561FAeeEDwtb+5k f4A1TpWABi8zgCud1J/Xl7+f15AkgDQFnZ/XheNzgRvFnMKVp1gLbDuDuw7XTrVz5YO56WAXrogM nFjB8TK0hSjdfivE3fNUZN1cQdzC/0AywmxXeFxx1lKc0s/p syFMD1wfMY5c+LrEXO+5o1zuutQd RSzRXGLe7kNeE1duvZkDntndzp7uYOieh7rMnkW+kZ6EbeSBZ/iLgf4fbTl2DhTWEvW01q/6wskA I6bWWP+ayU/8UB+LrVvJGEKIMEr5wQAlItjfhUOt340BId+M9HbAeYlO34VDl9+uxvZwj80Sn0E5 i59J6D6fSdj+n2cOKJ9U526A +X6In1Ws9CJdlYDSlPUIzbmons2SLCIfUPklzZe7G9IgLDbNkiu7 vYjVplJGCcBNuTSeUq YsTFJOxxFNsvzl7mfieoLfK1OCNRX8vWLrI71i6899lrPtfXUDWoKk3rmC CN16fVKJlVBLAQIUAAoAAAAAAJNWCDMj2SPloHAAAKBw AABlAAAAAAAAAAAAIAAAAAAAAAByZWFk bWUuaHRtICAgICAgICAg ICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAg ICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgLnNjclBLBQYAAAAAAQABAJM AAAAj cQAAAAA= ------=_NextPart_000_0003_9BD6F4A1.A40CD484-- From weixin1028@tom.com Mon Aug 08 21:16:47 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2IjX-0007rd-Rf for openpgp-archive@megatron.ietf.org; Mon, 08 Aug 2005 21:16:47 -0400 Received: from tom.com ([219.137.79.156]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA09973 for ; Mon, 8 Aug 2005 21:15:30 -0400 (EDT) Message-Id: <200508090115.VAA09973@ietf.org> Received: from WINXP-2005[192.168.1.103] by tom.com with SMTP id 770F30F4; Tue, 9 Aug 2005 09:14:53 +0900 From: =?GB2312?B?zqTUttDC?= Subject: =?GB2312?B?wu3AtM730cfW0Ln6zbbXyseizLi74Q==?= To: "openpgp-archive" Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: 8bit Reply-To: weixin1028@126.com Date: Tue, 9 Aug 2005 09:15:30 +0800 X-Mailer: Foxmail 4.2 [cn] Content-Transfer-Encoding: 8bit ÁªÏµÈË£ºÎ¤Ô¶Ð£¬020 85699496

ÈÈÏߵ绰 £º0086-20-85699496

 ÂíÀ´Î÷ÑÇ2005Öйú³ö¿ÚÉÌÆ·Õ¹ÀÀ»áôßͶ×ÊǢ̸»á

ʱ¼ä£º2005Äê12ÔÂ11ÈÕ-14ÈÕ

µØµã£ºÂíÀ´Î÷ÑÇ ¼ªÂ¡Æ ̫×ÓÊÀ½çóÒ×ÖÐÐÄ          

 

 

Ö÷°ìµ¥Î»£ºÖлªÈËÃñ¹²ºÍ¹úÉÌÎñ²¿£¨ÉÌ°ì¹ã[2005]1ºÅ£©

³Ð°ìµ¥Î»£ºÖйú¶ÔÍâóÒ×ÖÐÐÄ£¨¹ã½»»áΨһ³Ð°ìµ¥Î»£©

Э°ìµ¥Î»£ºÖйú¶ÔÍâóÒ×¹ãÖÝÕ¹ÀÀ¹«Ë¾

£¨Öйú¶ÔÍâóÒ×ÖÐÐÄÏÂÊô¹«Ë¾£©

Ö§³Öµ¥Î»£ºÖйúפÂíÀ´Î÷ÑÇ´óʹ¹Ý¾­¼ÃÉÌÎñ²ÎÔÞ´¦

ÖйúפмÓÆ¡¢Ì©¹úºÍÓ¡Äá´óʹ¹Ý¾­¼ÃÉÌÎñ²ÎÔÞ´¦ÂíÀ´Î÷ÑÇÖйú¾­¼ÃóÒ××ÜÉÌ»á

ÉϽìÓÐÀ´×ÔÂíÀ´Î÷ÑÇ¡¢Ð¼ÓÆ¡¢Ì©¹ú¡¢Ó¡¶ÈÄáÎ÷ÑÇ¡¢Ô½ÄÏ¡¢·ÆÂɱö¡¢ÎÄÀ³¡¢Ó¡¶È¡¢°Í»ù˹̹¡¢°¢À­²®ÁªºÏÇõ³¤¹úµÈ¶«ÃË¡¢ÄÏÑǵÄ10¸ö¹ú¼Ò18136Ãû¿ÍÉ̽ø³¡²Î¹ÛǢ̸£¬Õ¹»áÀۼƳɽ»4562¶àÍòÃÀÔª¡£

Ê׽춫ÑÇ·å»á½«ÓÚ12ÔÂ14ÈÕÔÚÂíÀ´Î÷ÑÇÊ׶¼¼ªÂ¡Æ¾ÙÐУ¬µÚ¾Å½ì¶«ÃËÓëÖÐÈÕº«Áìµ¼ÈË»áÒéÔòÌáÇ°Á½Ì죬ÓÚ12ÔÂ12ÈÕÔÚͬһµØµã¾ÙÐС£ÎªÅäºÏ¹ú¼Ò¶ÔÍâµÄÕþÖΡ¢¾­¼Ã»î¶¯ÒÔ´Ù½ø³ö¿Ú£¬ÎªÀ©´óÕ¹»áµÄ¹ú¼ÊÓ°ÏìÁ¦£¬¸üºÃµÄ·þÎñÓÚ²ÎÕ¹ÉÌ¡£ÂíÀ´Î÷ÑÇ2005Öйú³ö¿ÚÉÌÆ·Õ¹ÀÀ»áôßͶ×ÊǢ̸»áÔÚÆÚ¼ä¾ÙÐбؽ«ÔÚÂíÀ´Î÷ÑÇÄËÖ¶«ÃË¡¢¶«ÑÇ¡¢ÄÏÑÇÉ̽çÏÆÆðÖйú³±¡£

Õ¹»áÁ¢×ãÂíÀ´Î÷ÑÇÊг¡£¬ÃæÏò¶«ÃË£¬·øÉäÄÏÑǺÍÖж«µØÇø£¬ÎªÇøÓòÐԵĹú¼Êרҵ²©ÀÀ»á¡£

   ΪÁ˸üºÃµÄÖ§³Ö¹úÄÚÆóÒµ¶ÔÍâ·¢Õ¹£¬Õ¹»á½áÊøºó£¬Õþ¸®½«·µ»¹²ÎÕ¹ÆóÒµ50%-70%µÄչλ·ÑÓÃ,------

¼´ÉêÇë¹ú¼ÒÖÐСÆóÒµ¹ú¼ÊÊг¡¿ªÍØ×ʽð²¹Ìù¡£

 

¸½¼þ£º

1¡¢ÂíÀ´Î÷ÑÇ2005Öйú³ö¿ÚÉÌÆ·Õ¹ÀÀ»áôßͶ×ÊǢ̸»áÑûÇ뺯µç×Ó°æ

2¡¢Öйú¶ÔÍâóÒ×ÖÐÐÄ(É̹ã×Ö[2005]2ºÅ£©£¬³ÊËÍÉÌÎñ²¿£¬³­ËͲ¿ÑÇÖÞ˾¡¢Íâó˾µÄ¹ØÓÚÂíÀ´Î÷ÑÇ2004Öйú³ö¿ÚÉÌÆ·Õ¹ÀÀ»áôßͶ×ÊǢ̸»á¹¤×÷×ܽáµÄ±¨¸æ¡£

3¡¢ÖлªÈËÃñ¹²ºÍ¹úÉÌÎñ²¿£¨ÉÌ°ì¹ã[2005]1ºÅ£©£¬ÉÌÎñ²¿Ï·¢µ½¸÷Ê¡¡¢×ÔÖÎÇø¡¢Ö±Ï½ÊС¢¼Æ»®µ¥ÁÐÊм°Ð½®Éú²ú±øÍÅÉÌÎñÖ÷¹Ü²¿ÃŵĹØÓÚ¾Ù°ì"ÂíÀ´Î÷ÑÇ2005Öйú³ö¿ÚÉÌÆ·Õ¹ÀÀ»áôßͶ×ÊǢ̸»á"µÄ֪ͨ¡£

ÈçÐèÁ˽⸽¼þÏêϸÄÚÈÝÇë»Ø¸´µç×ÓÓÊÏäµØÖ·µ½

E-mail£º weixin1028@sina.com /xiaoliu7876@126.comÎÒ½«¾¡¿ì·¢E-mail¸øÄú¡£

 

ÁªÏµÈË£ºÎ¤Ô¶ÐÂÏÈÉú  ÊÖ»ú£º013824400360

µç»°£º020-85699496  85699453 

´«Õ棺020-85699496 

 

¡¡¡¡¡¡

 

From owner-ietf-openpgp@mail.imc.org Wed Aug 10 13:08:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2u3i-0007GN-6N for openpgp-archive@megatron.ietf.org; Wed, 10 Aug 2005 13:08:07 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA11545 for ; Wed, 10 Aug 2005 13:08:01 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AGlEwp050610; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AGlEHM050609; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AGlD2A050601 for ; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id CD1714507E; Wed, 10 Aug 2005 09:47:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id ACBDF4802A; Wed, 10 Aug 2005 09:47:09 -0700 (PDT) Date: Wed, 10 Aug 2005 09:47:09 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian Grigg Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP In-Reply-To: <200508041208.17244.iang@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 4 Aug 2005, Ian Grigg wrote: > Currently, IM is mostly unsecured (there is this thing > to do with SSL to the server, but as the threat is on > the node, that's ignorable). The way to approach > securing chat (IMHO) is to layer OpenPGP over the > top in a transparent fashion. OpenPGP has a lot of characteristics that one wouldn't particularly want in an IM privacy protocol. You might want to take a look at the "Off The Record Messaging" system designed by Goldberg and Borisov. Their WPES paper addresses the rationale behind ditching the OpenPGP threat model. http://www.cypherpunks.ca/otr/#docs (More generally, I agree with the sentiment that ASCII-armored OpenPGP is important for use with other protocols besides email, and should be the canonical format for OpenPGP, email and otherwise.) From owner-ietf-openpgp@mail.imc.org Wed Aug 10 13:31:49 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2uQf-0004xo-EN for openpgp-archive@megatron.ietf.org; Wed, 10 Aug 2005 13:31:49 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12719 for ; Wed, 10 Aug 2005 13:31:46 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AHGZ7P053226; Wed, 10 Aug 2005 10:16:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AHGZnb053225; Wed, 10 Aug 2005 10:16:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AHGX8t053216 for ; Wed, 10 Aug 2005 10:16:34 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id CCFA15D56; Wed, 10 Aug 2005 19:16:31 +0200 (CEST) Message-ID: <42FA366F.3030103@gmail.com> Date: Wed, 10 Aug 2005 19:16:31 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: "The OpenPGP mail and news header" extenssion X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE8895556DBA372FE22521D17" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE8895556DBA372FE22521D17 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I have recently discovered the power of OpenPGP. However, some of my friends now complain that my messages either contain some strange ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think that the only ultimate solution is to save the signature in the header. I think this simple extension should be sufficient: OpenPGP: id=12345678; url=http://example.com/key.txt; modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); version=GnuPG v1.4.1 (MingW32); comment=Using GnuPG with Thunderbird; signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= 'modification' holds the date of last modification of the public key; MUA can use it to detect whether the public key update is necessary. (not directly related to the topic, but good(?) idea anyway) 'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it. What do you think? PS: My opinion to the "Open Issues:'supports' field" is that is a very good idea, but OpenPGP header is the wrong location. I think it should be part of public key itself for two reasons: - The value would be unique and could be updated from keyserver at any time - It would be possible to get the value before you receive any mail from the given person. > Should it be in preferred priority order? Yes. I would also add 'preferred' field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. Regards, David Srbecky --------------enigE8895556DBA372FE22521D17 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+jZwKLLFgC3GUjoRAtaWAJwO2tdDgSu4pJj2Pnzre7uqxyMgxwCeJSzJ 1i3LE925jcXJHCgdG0GMMJg= =UlQN -----END PGP SIGNATURE----- --------------enigE8895556DBA372FE22521D17-- From owner-ietf-openpgp@mail.imc.org Wed Aug 10 14:33:15 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2vO7-0004BC-Ao for openpgp-archive@megatron.ietf.org; Wed, 10 Aug 2005 14:33:15 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA15746 for ; Wed, 10 Aug 2005 14:33:13 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AIEGIx058109; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AIEGua058108; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AIEFLC058102 for ; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id CE7335D16; Wed, 10 Aug 2005 20:14:14 +0200 (CEST) Message-ID: <42FA43F7.3020301@gmail.com> Date: Wed, 10 Aug 2005 20:14:15 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: "The OpenPGP mail and news header" extenssion X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hello, I have recently discovered the power of OpenPGP. However, some of my friends now complain that my messages either contain some strange ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think that the only ultimate solution is to save the signature in the header. I think this simple extension should be sufficient: OpenPGP: id=12345678; url=http://example.com/key.txt; modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); version=GnuPG v1.4.1 (MingW32); comment=Using GnuPG with Thunderbird; signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= 'modification' holds the date of last modification of the public key; MUA can use it to detect whether the public key update is necessary. (not directly related to the topic, but good(?) idea anyway) 'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it. What do you think? PS: My opinion to the "Open Issues:'supports' field" is that is a very good idea, but OpenPGP header is the wrong location. I think it should be part of public key itself for two reasons: - The value would be unique and could be updated from keyserver at any time - It would be possible to get the value before you receive any mail from the given person. > Should it be in preferred priority order? Yes. I would also add 'preferred' field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. PPS: Just out of curiosity, why are you using OpenPGP: id=12345678; url=http://example.com/key.txt; and not OpenPGP-ID: 12345678 OpenPGP-URL: http://example.com/key.txt I know, it looks better, but I am afraid it might be more difficult to implement and it might discourage developers from accepting the standard. Regards, David Srbecky From owner-ietf-openpgp@mail.imc.org Thu Aug 11 06:21:11 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3ABS-0001Lk-O0 for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 06:21:11 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA21548 for ; Thu, 11 Aug 2005 06:21:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7B9ndoi082091; Thu, 11 Aug 2005 02:49:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7B9ndQr082090; Thu, 11 Aug 2005 02:49:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7B9nXLB082055 for ; Thu, 11 Aug 2005 02:49:37 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7B9nEim013348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Aug 2005 11:49:17 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050811:ietf-openpgp@imc.org::+EhQGd7aExfzqkkr:7G9H X-Hashcash: 1:21:050811:dsrbecky@gmail.com::Ik5SQPgVPc+qXKpp:DDyB Date: Thu, 11 Aug 2005 11:48:52 +0200 In-Reply-To: <42FA366F.3030103@gmail.com> (David Srbecky's message of "Wed, 10 Aug 2005 19:16:31 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Hello, > > I have recently discovered the power of OpenPGP. However, some of my > friends now complain that my messages either contain some strange > ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since > I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think > that the only ultimate solution is to save the signature in the header. > > I think this simple extension should be sufficient: > > OpenPGP: id=12345678; > url=http://example.com/key.txt; > modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); > version=GnuPG v1.4.1 (MingW32); > comment=Using GnuPG with Thunderbird; > signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= > > 'modification' holds the date of last modification of the public key; > MUA can use it to detect whether the public key update is necessary. > (not directly related to the topic, but good(?) idea anyway) > > 'version', 'comment' and 'signature' are taken from the "signature.asc" > file and are intended to replace it. > > > What do you think? Hello. That is an interesting idea, and it does have some nice properties. However, I'm not sure the OpenPGP community will be helped by having yet another way of sending signed messages. We have effectively three different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid scheme.) If you are complaining about of lack of implementation support now, I doubt things won't be better with a fourth variant.... However, it is good to float this idea, to influence people to think differently. FWIW, I now recall a scheme used on UseNet, called X-PGP-Sig, it may be something like what you propose. I don't have more information on it though. > PS: My opinion to the "Open Issues:'supports' field" is that is a very > good idea, but OpenPGP header is the wrong location. I think it should > be part of public key itself for two reasons: > - The value would be unique and could be updated from keyserver at any > time > - It would be possible to get the value before you receive any mail > from the given person. Yes, these are valid reasons. IIRC, there are proposals for a public key notation packet for similar purposes. However, there are some situations where BOTH are useful. Or put differently, they are not mutually exclusive, but rather complementary. For example, when a mailing list want PGP signed messages. It could inject a 'OpenPGP: supports=pgpmime' header on all messages. Then recipient MUAs would be able to turn on PGP signing automatically. There is no public key that could contain a notation packet that would inform you of that. However, I am in general opposed to suggest vanilla PGP in e-mail in IETF standards until someone actually explain how to implement it. Vanilla PGP in e-mail is not interoperable today, because there is no description on how to handle things like non-ASCII, attachments and so on. >> Should it be in preferred priority order? > Yes. > > I would also add preferred field, which could take values 'insecure', > 'signed', 'encrypted' and 'signed,encrypted'. I initially thought this was over-engineering, but on second thought, it may be useful. Consider: OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign That would tell recipients that I wish to receive signed PGP/MIME e-mail. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt That would tell them I want message encrypted. Whether those messages are also signed could be up to the sender. I'm not sure a "signencrypt" value is useful. Thoughts? I don't think a "insecure" value is useful; if the preference token is absent, that would mean the same as insecure. Thanks, Simon From owner-ietf-openpgp@mail.imc.org Thu Aug 11 08:35:51 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3CHm-0006LC-Tm for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 08:35:51 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27581 for ; Thu, 11 Aug 2005 08:35:48 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCJis4035743; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCJiLt035742; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCJiTs035727 for ; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 3DEA05DE4; Thu, 11 Aug 2005 14:19:41 +0200 (CEST) Message-ID: <42FB4258.60900@gmail.com> Date: Thu, 11 Aug 2005 14:19:36 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - Named Attribute Subpacket (type 0) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5DCE95A148219DC07FFDC45B" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5DCE95A148219DC07FFDC45B Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, In my humble opinion this is the most important attribute of all. That's why I suggest assigning it the special type 0. This attribute is supposed to be used for any user specific, program specific or experimental data. It is similar to the mail X- headers - it allows users to store identifiable information, which is not suitable for standardization or is not standardized yet. Named Attribute Subpacket (type 0) ---------------------------------- Subpacket specific data: datatype - identifier - eg. 4 - UTF8 string name - UTF8 string - eg. "ICQ#" data - depends on datatype - eg. "123-456-789" NB: size of data is given by the size of subpacket minus the size of datatype identifier and the size of the name. Datatypes: 0 - reserved 1 - no data (it is just named flag) 2 - boolean 3 - integer 4 - UTF8 string 5 - URL 6 - image 7 - binary 8 - binary file 100-110 - private or experimental use NB: Binary type holds just some unspecified binary data. On the other hand, binary file type holds file that can be saved to disk and the name of the attribute represents its filename (including path???). I believe that this attribute would allow the user to store anything he wants in his public key. It does not matter what it is, the important thing is that is would be possible. Let the users and developers be creative! Regards, David Srbecky --------------enig5DCE95A148219DC07FFDC45B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0JdKLLFgC3GUjoRApUBAJ4hfMp03tUw0YcwecMujFqMqPg3yACdGUPE dvStTgHgSXOmsAxDxQkpECI= =uJyZ -----END PGP SIGNATURE----- --------------enig5DCE95A148219DC07FFDC45B-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 08:35:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3CHp-0006LO-8M for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 08:35:53 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27577 for ; Thu, 11 Aug 2005 08:35:48 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCL6vx036232; Thu, 11 Aug 2005 05:21:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCL6ZR036231; Thu, 11 Aug 2005 05:21:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCL5RI036219 for ; Thu, 11 Aug 2005 05:21:05 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 543BB5D93; Thu, 11 Aug 2005 14:21:04 +0200 (CEST) Message-ID: <42FB42AF.3010302@gmail.com> Date: Thu, 11 Aug 2005 14:21:03 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - vCard Subpacket (type 2) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5BE3228DC7DBC544FC64ECC6" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5BE3228DC7DBC544FC64ECC6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, You can store you name, email and Photo ID in your public key, but what about other information? I suggest to standardize 'vCard Subpacket'. vCard is already known and supported format in MUAs and so the cost of implementing this should be minimal. vCard Subpacket (type 2) ---------------------------------- Subpacket specific data: data - content of the vCard file Regards, David Srbecky --------------enig5BE3228DC7DBC544FC64ECC6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0KvKLLFgC3GUjoRAgBxAKCy9/GbQyAsVRGjT5nu3LR+oWJFJACfXQdQ vKWdjGKkvC2NcPnZTUVdnY8= =WZsc -----END PGP SIGNATURE----- --------------enig5BE3228DC7DBC544FC64ECC6-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 08:36:42 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3CIb-0006Vs-W9 for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 08:36:42 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA27617 for ; Thu, 11 Aug 2005 08:36:40 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCMfkY036673; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCMfUK036672; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCMeLq036661 for ; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id A9BF95D55; Thu, 11 Aug 2005 14:22:39 +0200 (CEST) Message-ID: <42FB430E.1040000@gmail.com> Date: Thu, 11 Aug 2005 14:22:38 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - Property Subpacket (type 3) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF5D60A9762DE3E5175233751" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF5D60A9762DE3E5175233751 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Follow-up to post: "The OpenPGP mail and news header" extenssion Hello, There are a lot of little attributes we may want to store with the public key. For example: 1 - supports MIME format 2 - supports inline format 3 - supports header format 4 - preferred format 5 - prefers signed mail 6 - prefers encrypted mail 7 - public key url etc... There are two approaches I would like to suggest which could solve this: - We can assign a subpacket for every such attribute - We can create specific subpacket to hold theses attributes: Property Subpacket (type 3) ------------------------------------- Subpacket specific data: id - identifier - eg. 1 data - depends on id - eg. true The advantage of this approach is that one relatively unimportant attribute will not consume whole 'User Attribute Packet' subpacket. Also, it should make deprecating/updating easier since all these attributes are members of one subpacket type. I really can not decide which approach is better. 'Property Subpacket' does not really describe the purpose of the subpacket, but I could not find any better name. Any suggestions? Regards, David Srbecky --------------enigF5D60A9762DE3E5175233751 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0MPKLLFgC3GUjoRAgsOAJ44v2gu293T43W/JA3jgQCnoMKX9ACfbbeV d9M4UgaCjK4XjTDA15I4JuA= =mrq2 -----END PGP SIGNATURE----- --------------enigF5D60A9762DE3E5175233751-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 08:39:57 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3CLl-0007Ec-8y for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 08:39:57 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA28053 for ; Thu, 11 Aug 2005 08:39:55 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCKOWS035991; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCKORQ035990; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCKNjd035977 for ; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 021C25D93; Thu, 11 Aug 2005 14:20:22 +0200 (CEST) Message-ID: <42FB4286.6070107@gmail.com> Date: Thu, 11 Aug 2005 14:20:22 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: Rename 'User Attribute Packet' subpacket - Photo ID Subpacket (type 1) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7B92E6CF5728EBAE3369E6BE" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7B92E6CF5728EBAE3369E6BE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I suggest that 'Image Attribute Subpacket' is renamed to 'Photo ID Subpacket' or anything similarly specific. 'Image Attribute Subpacket' defines data type, but not what the data actually represent. What if user stored two or more images? How do you guess what the individual attributes hold? For example, what if someone stores Photo ID and company logo? How do you differentiate them? I suggest this one is specified to be a Photo ID and any other content must be stored elsewhere. Regards, David Srbecky --------------enig7B92E6CF5728EBAE3369E6BE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0KGKLLFgC3GUjoRAtG4AJ9TCe+1zVKMGs2cuAtrbpQol26D+gCeM3Kk BUL134EEYFr9bs9WBIIcK50= =g8tn -----END PGP SIGNATURE----- --------------enig7B92E6CF5728EBAE3369E6BE-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 09:23:03 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3D1S-000811-UU for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 09:23:03 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01101 for ; Thu, 11 Aug 2005 09:22:59 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD3kj9051256; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BD3kWv051255; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD3jtr051241 for ; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 1B8A75322D; Thu, 11 Aug 2005 14:03:44 +0100 (BST) Message-ID: <42FB4DAA.5060803@systemics.com> Date: Thu, 11 Aug 2005 14:07:54 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: openpgp Subject: Re: Rename 'User Attribute Packet' subpacket - Photo ID Subpacket (type 1) References: <42FB4286.6070107@gmail.com> In-Reply-To: <42FB4286.6070107@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: > Hello, > > I suggest that 'Image Attribute Subpacket' is renamed to 'Photo ID > Subpacket' or anything similarly specific. 'Image Attribute Subpacket' > defines data type, but not what the data actually represent. What if > user stored two or more images? How do you guess what the individual > attributes hold? Er, that doesn't sound likely. What happens if someone assumes that the image is an ID because OpenPGP said so? The OpenPGP philosophy is to say nothing that it cannot cryptographically show. What a photo contains cannot be so shown. > For example, what if someone stores Photo ID and company logo? How do > you differentiate them? I suggest this one is specified to be a Photo ID > and any other content must be stored elsewhere. Only people can determine the difference between a Photo ID and a company logo. It's up to them, the tech plays no part in this. You might be suggesting that a user-signed comment be appended to the subpacket. Bear in mind that this group is in "last call" so any suggested changes should be pretty darn urgent. iang From owner-ietf-openpgp@mail.imc.org Thu Aug 11 09:23:04 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3D1U-00081G-50 for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 09:23:04 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA01104 for ; Thu, 11 Aug 2005 09:23:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BDA0k1053559; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BDA0X4053558; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD9xSn053548 for ; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id C35195322D; Thu, 11 Aug 2005 14:09:58 +0100 (BST) Message-ID: <42FB4F20.8060804@systemics.com> Date: Thu, 11 Aug 2005 14:14:08 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: openpgp Subject: Re: New 'User Attribute Packet' subpacket - Named Attribute Subpacket (type 0) References: <42FB4258.60900@gmail.com> In-Reply-To: <42FB4258.60900@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: > Hello, > > In my humble opinion this is the most important attribute of all. That's > why I suggest assigning it the special type 0. This attribute is > supposed to be used for any user specific, program specific or > experimental data. It is similar to the mail X- headers - it allows > users to store identifiable information, which is not suitable for > standardization or is not standardized yet. This sounds like a new feature request. I vote no, we are in last call. Apologies, I think you've turned up too late for this one. iang From owner-ietf-openpgp@mail.imc.org Thu Aug 11 11:19:32 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3EqB-0002Kb-DN for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 11:19:32 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08755 for ; Thu, 11 Aug 2005 11:19:24 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BF0c4f081149; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BF0cwr081148; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BF0ZwB081137 for ; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 52C8F531C9; Thu, 11 Aug 2005 16:00:34 +0100 (BST) Message-ID: <42FB690C.8070607@systemics.com> Date: Thu, 11 Aug 2005 16:04:44 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP References: <200508041208.17244.iang@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Len Sassaman wrote: > On Thu, 4 Aug 2005, Ian Grigg wrote: > > >>Currently, IM is mostly unsecured (there is this thing >>to do with SSL to the server, but as the threat is on >>the node, that's ignorable). The way to approach >>securing chat (IMHO) is to layer OpenPGP over the >>top in a transparent fashion. > > > OpenPGP has a lot of characteristics that one wouldn't particularly want > in an IM privacy protocol. Sure, it's a very general comment (and more specifically, I note that my own secure IM protocol doesn't as yet enjoy OpenPGP). > You might want to take a look at the "Off The > Record Messaging" system designed by Goldberg and Borisov. Their WPES > paper addresses the rationale behind ditching the OpenPGP threat model. > > http://www.cypherpunks.ca/otr/#docs Ah, now IMHO they bungled the threat model. Normally this wouldn't be an issue (I encourage all crypto experiments, even ones I think suck!), but the authors then go on to suggest that the user can repudiate and is protected because no-one can prove the messages were sent. The threat is on the node, and this includes your other party. If your other party says you sent the messages, then your silence, or your claim that it can't be proven, are inadequate. You actually have to say you didn't send the messages. So this means that the property of repudiability is only available if you lie, which is not only a contradictory approach, but also extraordinarily dangerous and in practice useless in court or in any adversarial setting. That is, OTR only works when it doesn't matter. This is taking crypto into the real world and not realising the real world has an ability to do things too. In practice, if any one tried the OTR approach in court, they would quite rightly be screwed. I think we are drifting off the OpenPGP charter though. > (More generally, I agree with the sentiment that ASCII-armored OpenPGP is > important for use with other protocols besides email, and should be the > canonical format for OpenPGP, email and otherwise.) Cool! iang From owner-ietf-openpgp@mail.imc.org Thu Aug 11 11:34:05 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3F4H-000610-8W for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 11:34:05 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09616 for ; Thu, 11 Aug 2005 11:34:02 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFEWlq082682; Thu, 11 Aug 2005 08:14:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BFEWlN082681; Thu, 11 Aug 2005 08:14:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFEVh0082675 for ; Thu, 11 Aug 2005 08:14:31 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 8E88F450AD; Thu, 11 Aug 2005 08:14:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 7A3A74802C; Thu, 11 Aug 2005 08:14:27 -0700 (PDT) Date: Thu, 11 Aug 2005 08:14:27 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian G Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP In-Reply-To: <42FB690C.8070607@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 11 Aug 2005, Ian G wrote: > That is, OTR only works when it doesn't matter. > > This is taking crypto into the real world and not > realising the real world has an ability to do things > too. In practice, if any one tried the OTR approach > in court, they would quite rightly be screwed. > > I think we are drifting off the OpenPGP charter > though. I'll try to bring this back to OpenPGP for a minute. The problem, as I see it, is that if Alice uses OpenPGP to sign and encrypt his messages, she's actually facing a worse situation in court than if she hadn't been using OpenPGP, should the other party turn against her. There now exists cryptographic signature data to establish, beyond the word of the other party, that Alice definitively send the messages in question. OTR allows is users to have strong authentication of encrypted messages without the *additional risk* that normal digital signatures introduce. Alice is no better off in the court scenario that you describe, using OTR vs. not using anything, but this way she can use an encryption system that doesn't expose her to greater potential danger, should the other party defect. --Len. From owner-ietf-openpgp@mail.imc.org Thu Aug 11 11:39:04 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3F96-0006UA-9h for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 11:39:04 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09888 for ; Thu, 11 Aug 2005 11:39:01 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFP0Ng083612; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BFP0AP083611; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7BFOxts083600 for ; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) (envelope-from I.Brown@cs.ucl.ac.uk) Received: from chemb041.chem.ucl.ac.uk by bells.cs.ucl.ac.uk with UK SMTP id ; Thu, 11 Aug 2005 16:24:31 +0100 Message-ID: <42FB6DAB.6020907@cs.ucl.ac.uk> Date: Thu, 11 Aug 2005 16:24:27 +0100 From: Ian Brown User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman CC: Ian G , ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > OTR allows is users to have strong authentication of encrypted messages > without the *additional risk* that normal digital signatures introduce. > Alice is no better off in the court scenario that you describe, using OTR > vs. not using anything, but this way she can use an encryption system that > doesn't expose her to greater potential danger, should the other party > defect. Adam Back and I suggested a way of doing this with OpenPGP at Usenix in 1998: http://www.cs.ucl.ac.uk/staff/i.brown/nts.htm From owner-ietf-openpgp@mail.imc.org Thu Aug 11 13:37:50 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3H00-0001Hw-M5 for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 13:37:50 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA15851 for ; Thu, 11 Aug 2005 13:37:47 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BHE25n092878; Thu, 11 Aug 2005 10:14:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BHE2Sn092877; Thu, 11 Aug 2005 10:14:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BHE0wN092867 for ; Thu, 11 Aug 2005 10:14:00 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 16F975D07; Thu, 11 Aug 2005 19:13:58 +0200 (CEST) Message-ID: <42FB8755.40008@gmail.com> Date: Thu, 11 Aug 2005 19:13:57 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Simon Josefsson Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig96FAC7289BABAEC127475F60" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig96FAC7289BABAEC127475F60 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > David Srbecky writes: >>OpenPGP: id=12345678; >> url=http://example.com/key.txt; >> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); >> version=GnuPG v1.4.1 (MingW32); >> comment=Using GnuPG with Thunderbird; >> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= >> >>'version', 'comment' and 'signature' are taken from the "signature.asc" >>file and are intended to replace it. > > > That is an interesting idea, and it does have some nice properties. > > However, I'm not sure the OpenPGP community will be helped by having > yet another way of sending signed messages. We have effectively three > different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid > scheme.) If you are complaining about of lack of implementation > support now, I doubt things won't be better with a fourth variant.... > I am not complaining about of lack of implementation. There are always going to be people with old or incompatible clients - even if the implementation involved only a minor change of a single line code! What I want is to use secure e-mail and not to bother anyone, at all - even for the cost that only a few people will be able to verify my signature. Such standard does not exist yet and so I suggest one :-) >>I would also add preferred field, which could take values 'insecure', >>'signed', 'encrypted' and 'signed,encrypted'. > > I'm not sure a "signencrypt" value is useful. Thoughts? It makes it complete, but I agree with you. I do not see a reason why someone would like to receive encrypted unsigned message. Thus, I would assume that preference=encrypt also means that recipient wants to receive messages signed. > I don't think a "insecure" value is useful; if the preference token is > absent, that would mean the same as insecure. Not necessarily. Absence of preference token means that sender does not support preference token or intentionally has not expressed any preference. On the other hand, preference=insecure means that user does *not* want to receive any signed or encrypted messages. I would imagine that many maillists will use this option to keep their messages clean. Maybe we can rename preference=insecure to something better. Ideas? To sum it up: OpenPGP: id=b565717f; url=http://josefsson.org/key.txt Sender does not support preference token or has not expressed any preference. You must decide whether to sign/encrypt message. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=insecure Sender does *not* want to the receive any signed or encrypted messages. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign Sender wants to receive signed unencrypted messages. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt Sender wants to receive signed encrypted messages. Thanks, David --------------enig96FAC7289BABAEC127475F60 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+4dWKLLFgC3GUjoRAnjvAJ0QbvBCpIICC4IILR8gCt4k6R03/wCeIj0T vR9ZdS0XP4vk/Z7OfSeUP1c= =T0mG -----END PGP SIGNATURE----- --------------enig96FAC7289BABAEC127475F60-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 14:24:30 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3HjB-0002pE-DL for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 14:24:30 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18035 for ; Thu, 11 Aug 2005 14:24:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI4x3o097430; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BI4x58097429; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI4wds097423 for ; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 5F28F42F08; Thu, 11 Aug 2005 19:04:57 +0100 (BST) Message-ID: <42FB9443.10200@systemics.com> Date: Thu, 11 Aug 2005 19:09:07 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Len Sassaman wrote: > On Thu, 11 Aug 2005, Ian G wrote: > > >>That is, OTR only works when it doesn't matter. >> >>This is taking crypto into the real world and not >>realising the real world has an ability to do things >>too. In practice, if any one tried the OTR approach >>in court, they would quite rightly be screwed. >> >>I think we are drifting off the OpenPGP charter >>though. > > > I'll try to bring this back to OpenPGP for a minute. Well, seeing as there is another thread on the relationship of signing to encryption, let's carry on :) > The problem, as I see > it, is that if Alice uses OpenPGP to sign and encrypt his messages, she's > actually facing a worse situation in court than if she hadn't been using > OpenPGP, should the other party turn against her. There now exists > cryptographic signature data to establish, beyond the word of the other > party, that Alice definitively send the messages in question. Right but this needs to be integrated into the real world. Firstly, what does that signature mean? What was it doing there? Because this question is unanswered, and I'd say, unanswerable, most people (in my experience) don't use signed email. They simply encrypt. Secondly, the way court works is that if one party tables a message, it's generally accepted at face value. In practice, the mere presence of the message is its own authentication. Only if the other party were to repudiate it would there be any question and then the notion of digsigs could be brought in. But even then, it is (IMHO) rather unlikely that any opinion would turn on such issues, as courts have their own ways of dealing with such things already. In general practice, people do not lie about documents in court, neither forging documents nor repudiating ones they themselves authored. And this is before any consideration of digsigs or OTR. So while your argument might be logical, it's relevance to actual practice is not clear. > OTR allows is users to have strong authentication of encrypted messages > without the *additional risk* that normal digital signatures introduce. Turn it around and ask how important strong authentication is? When was the last time you needed it in email or IM? I suggest it is something that we inherited from some military threat model that isn't really relevant to our environment. Once that disappears, there isn't really much point in OTR, and you may be better off just sending totally unauthenticated messages. With PFS, if you like. Others disagree of course. > Alice is no better off in the court scenario that you describe, using OTR > vs. not using anything, but this way she can use an encryption system that > doesn't expose her to greater potential danger, should the other party > defect. I fear it is the other way around? As a minor issue, if OTR's claim is that it encourages Alice to repudiate, and that were brought up in court, Alice might be in a strictly worse position. On the one hand, she is being dared to lie to the judge, and on the other, she's been seen to use a tool that has a sole advantage of repudiation. What is she going to do? Lie about the message, but accept the fact that she uses a tool that encourages her to lie about messages? This problem is a really difficult one, and I do like the fact that they attacked the problem. I've been toying with legal ways around this for years and have never yet came across a way that was worth it. I think it's really important to move towards PFS as a standard part of the crypto makup, for this and other reasons. But short of making messages disappear from your machine, I've yet to think of a way to make this happen in a strict p2p environment. iang From owner-ietf-openpgp@mail.imc.org Thu Aug 11 14:26:51 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3HlS-0003Ml-8w for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 14:26:51 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18198 for ; Thu, 11 Aug 2005 14:26:48 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI6mSk097516; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BI6ml8097515; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI6mLW097507 for ; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 3CE9D42F08; Thu, 11 Aug 2005 19:06:47 +0100 (BST) Message-ID: <42FB94B1.5000008@systemics.com> Date: Thu, 11 Aug 2005 19:10:57 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: <42FB8755.40008@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: >>> I would also add preferred field, which could take values 'insecure', >>> 'signed', 'encrypted' and 'signed,encrypted'. >> >> >> I'm not sure a "signencrypt" value is useful. Thoughts? > > > It makes it complete, but I agree with you. I do not see a reason why > someone would like to receive encrypted unsigned message. Thus, I would > assume that preference=encrypt also means that recipient wants to > receive messages signed. Er, I hope not! There are plenty of reasons to encrypt-only. Until someone can define the meaning of a signature, my standard advice is to not sign, which I'd recommend for all email, IM and so forth. iang From owner-ietf-openpgp@mail.imc.org Thu Aug 11 14:30:19 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3Hop-0004ju-20 for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 14:30:19 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18388 for ; Thu, 11 Aug 2005 14:30:17 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIHTSe099633; Thu, 11 Aug 2005 11:17:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BIHTpo099632; Thu, 11 Aug 2005 11:17:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIHSea099626 for ; Thu, 11 Aug 2005 11:17:28 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 022235D3B; Thu, 11 Aug 2005 20:17:26 +0200 (CEST) Message-ID: <42FB9635.2000702@gmail.com> Date: Thu, 11 Aug 2005 20:17:25 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Cc: jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> In-Reply-To: <42FB94B1.5000008@systemics.com> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig442891C5D0EF41ECF9DA8B29" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig442891C5D0EF41ECF9DA8B29 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ian G wrote: > David Srbecky wrote: > >>>> I would also add preferred field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. >>> >>> >>> I'm not sure a "signencrypt" value is useful. Thoughts? >> >> >> It makes it complete, but I agree with you. I do not see a reason why someone would like to receive encrypted unsigned message. Thus, I would assume that preference=encrypt also means that recipient wants to receive messages signed. > > > Er, I hope not! There are plenty of reasons to > encrypt-only. Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. I take it as that you advice to include preference=sign,encrypt Out of curiosity, is there any difference between preference=sign,encrypt and preference=encrypt,sign ? I mean, does the order matter? Can you both sign encrypted message and encrypt signed message? (Where the later means that you can not verify signature until you decrypt the message) David --------------enig442891C5D0EF41ECF9DA8B29 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+5Y2KLLFgC3GUjoRAgnjAJ9BNmktzzrtZCo9OYne6wh8z2pNfwCfQP75 7qKtD55GcRO9D/eKzBJ+tZU= =Pc/X -----END PGP SIGNATURE----- --------------enig442891C5D0EF41ECF9DA8B29-- From owner-ietf-openpgp@mail.imc.org Thu Aug 11 14:33:44 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3Hs7-0005JG-Nf for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 14:33:44 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18545 for ; Thu, 11 Aug 2005 14:33:42 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIFlvw099290; Thu, 11 Aug 2005 11:15:47 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BIFlAM099289; Thu, 11 Aug 2005 11:15:47 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from spam2.wiktel.com (spam2.wiktel.com [204.221.145.253]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIFk4Q099272 for ; Thu, 11 Aug 2005 11:15:46 -0700 (PDT) (envelope-from rlaager@wiktel.com) Received: from [10.10.0.185] (pepper.wiktel.com [206.9.80.4]) (authenticated bits=0) by spam2.wiktel.com (8.13.1/8.13.1) with ESMTP id j7BIFcBx012133 for ; Thu, 11 Aug 2005 13:15:38 -0500 Subject: Re: "The OpenPGP mail and news header" extenssion From: Richard Laager To: ietf-openpgp@imc.org In-Reply-To: <42FB8755.40008@gmail.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> Content-Type: text/plain Organization: Wikstrom Telecom Internet Date: Thu, 11 Aug 2005 13:15:44 -0500 Message-Id: <1123784144.6120.12.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 (2.2.2-5) Content-Transfer-Encoding: 7bit X-bounce-key: wiktel.com-1;rlaager@wiktel.com;1123784138;cLiFfW+wMi/YF4n9COC1GDJlOpI; X-Scanned-By: MIMEDefang 2.49 on 204.221.145.253 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Thu, 2005-08-11 at 19:13 +0200, David Srbecky wrote: > Maybe we can rename preference=insecure to something better. Ideas? Maybe one of these four options: preference={clear,plain}(text)? Richard Laager From owner-ietf-openpgp@mail.imc.org Thu Aug 11 16:20:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3JXV-0003RS-0z for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 16:20:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25447 for ; Thu, 11 Aug 2005 16:20:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BK0ZJP009727; Thu, 11 Aug 2005 13:00:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BK0ZsH009726; Thu, 11 Aug 2005 13:00:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BK0WjF009719 for ; Thu, 11 Aug 2005 13:00:33 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7BK0Ewn018145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Aug 2005 22:00:16 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050811:dsrbecky@gmail.com::G1GgC+jgFsOWaHsm:1nLp X-Hashcash: 1:21:050811:ietf-openpgp@imc.org::c8meAWOeuICcclCW:DG6f Date: Thu, 11 Aug 2005 21:59:55 +0200 In-Reply-To: <42FB8755.40008@gmail.com> (David Srbecky's message of "Thu, 11 Aug 2005 19:13:57 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Simon Josefsson wrote: >> David Srbecky writes: >>>OpenPGP: id=12345678; >>> url=http://example.com/key.txt; >>> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); >>> version=GnuPG v1.4.1 (MingW32); >>> comment=Using GnuPG with Thunderbird; >>> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= >>> >>> 'version', 'comment' and 'signature' are taken from the >>> "signature.asc" file and are intended to replace it. >> That is an interesting idea, and it does have some nice properties. >> However, I'm not sure the OpenPGP community will be helped by having >> yet another way of sending signed messages. We have effectively three >> different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid >> scheme.) If you are complaining about of lack of implementation >> support now, I doubt things won't be better with a fourth variant.... >> > I am not complaining about of lack of implementation. There are always > going to be people with old or incompatible clients - even if the > implementation involved only a minor change of a single line code! What > I want is to use secure e-mail and not to bother anyone, at all - even > for the cost that only a few people will be able to verify my signature. > Such standard does not exist yet and so I suggest one :-) I understand. Implement your scheme and write a draft about it! I think your ideas are too far-fetching to be reasonable added to this document. There are many details that has to be solved. >>> I would also add preferred field, which could take values >>> insecure', 'signed', 'encrypted' and 'signed,encrypted'. >> I'm not sure a "signencrypt" value is useful. Thoughts? > > It makes it complete, but I agree with you. I do not see a reason why > someone would like to receive encrypted unsigned message. Thus, I would > assume that preference=encrypt also means that recipient wants to > receive messages signed. The discussion here made me realize there may be merit with all three variants. >> I don't think a "insecure" value is useful; if the preference token is >> absent, that would mean the same as insecure. > > Not necessarily. Absence of preference token means that sender does not > support preference token or intentionally has not expressed any preference. > > On the other hand, preference=insecure means that user does *not* want > to receive any signed or encrypted messages. I would imagine that many > maillists will use this option to keep their messages clean. I'm not sure this is a good idea. The OpenPGP header is not protected in any way. If someone inject a 'OpenPGP: preference=insecure' and that caused MUAs to avoid a default behavior of signing/encrypting messages, that would be a security problem. > Maybe we can rename preference=insecure to something better. Ideas? I'm not sure the problem is in the name, it is in the semantics. A preference token should not enable downgrade attacks. > To sum it up: > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt > > Sender does not support preference token or has not expressed any > preference. You must decide whether to sign/encrypt message. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=insecure > > Sender does *not* want to the receive any signed or encrypted messages. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign > > Sender wants to receive signed unencrypted messages. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt > > Sender wants to receive signed encrypted messages. Makes sense in theory, but I'm worried that the 'insecure' preference will be incorrectly implemented, and that it would allow downgrade attacks. But if you make a good argument, you'll convince me otherwise. Thanks, Simon From owner-ietf-openpgp@mail.imc.org Thu Aug 11 16:25:10 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3Jbx-0004Yz-CS for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 16:25:10 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA25586 for ; Thu, 11 Aug 2005 16:25:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BJ661m003277; Thu, 11 Aug 2005 12:06:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BJ66HN003276; Thu, 11 Aug 2005 12:06:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BJ64TD003267 for ; Thu, 11 Aug 2005 12:06:05 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 862D54501A; Thu, 11 Aug 2005 12:06:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 5431248024; Thu, 11 Aug 2005 12:06:00 -0700 (PDT) Date: Thu, 11 Aug 2005 12:06:00 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian G Cc: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending In-Reply-To: <42FB9443.10200@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 11 Aug 2005, Ian G wrote: > Right but this needs to be integrated into the > real world. Firstly, what does that signature > mean? What was it doing there? Because this > question is unanswered, and I'd say, unanswerable, > most people (in my experience) don't use signed > email. They simply encrypt. Right. I'm one of those people. This does, however, leave one open to MITM attacks -- which are probably not that large of a threat in the general case, but when dealing with centralized, proprietary IM systems, could very well be a realistic problem. (This is why Trillian's SecureIM solution fails my sniff test.) > Secondly, the way court works is that if one > party tables a message, it's generally accepted > at face value. In practice, the mere presence > of the message is its own authentication. Actually, rules of evidence are a lot more complicated, particularly in criminal proceedings. It's pure speculation on my part to assume a non-reputable signature on a message would lessen doubt about tampering when presented to a third party, but I think it's reasonable speculation, and a problem worth avoiding. > > OTR allows is users to have strong authentication of encrypted messages > > without the *additional risk* that normal digital signatures introduce. > > Turn it around and ask how important strong > authentication is? When was the last time you > needed it in email or IM? I suggest it is something > that we inherited from some military threat model > that isn't really relevant to our environment. I can't agree with this, particularly in the IM environment. It would be trivial for one of the large IM service providers to intercept encrypted, but unauthenticated traffic through their systems. If you don't trust the IM service provider, it is essential that you have end-to-end encryption and authentication. > brought up in court, Alice might be in a > strictly worse position. On the one hand, > she is being dared to lie to the judge, > and on the other, she's been seen to use a > tool that has a sole advantage of repudiation. I'd hardly say that OTR's sole advantage is repudiation. Transparent encryption, perfect forward secrecy, and a quickly growing user-base are also significant advantages. OTR is a privacy tool. Avoiding the non-repudiation trap is a form of privacy. Simply put, users shouldn't be forced to make non-repudiatable attestations in order to achieve privacy for their communications. --Len. From owner-ietf-openpgp@mail.imc.org Thu Aug 11 18:20:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3LPA-0005BV-Ll for openpgp-archive@megatron.ietf.org; Thu, 11 Aug 2005 18:20:07 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA02604 for ; Thu, 11 Aug 2005 18:20:01 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BLu4Ij017735; Thu, 11 Aug 2005 14:56:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BLu4bu017734; Thu, 11 Aug 2005 14:56:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BLu1oY017727 for ; Thu, 11 Aug 2005 14:56:02 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 7BEF15D3D; Thu, 11 Aug 2005 23:56:00 +0200 (CEST) Message-ID: <42FBC96F.7040806@gmail.com> Date: Thu, 11 Aug 2005 23:55:59 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Simon Josefsson Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1C1A54B93FC265A366DAB143" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1C1A54B93FC265A366DAB143 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > > I understand. Implement your scheme and write a draft about it! I > think your ideas are too far-fetching to be reasonable added to this > document. There are many details that has to be solved. > This is something I hoped to be helped with. I think I lack the required language skill, background knowledge and experience to write a standard. Do you want to help? Please!!! > The discussion here made me realize there may be merit with all three > variants. > Three or maybe even four, five? I was trying to decide whether to use preference=sign,encrypt or preference=encrypt,sign and I realized that they may be different. You can: - sign and then encrypt - in which case only the recipient can verify signature after decryption - encrypt and then sign - in which case anyone can verify the signature before decryption, but no-one after decryption - sign, encrypt and then sign again - in which case anyone can verify signature before decryption and also the recipient can verify signature after decryption (in case someone likes to store decrypted messages) Is that correct? Anyway, I vote to use preference=encrypt,sign and ignore the rest. At least for the moment. >>On the other hand, preference=insecure means that user does *not* want >>to receive any signed or encrypted messages. I would imagine that many >>maillists will use this option to keep their messages clean. > > I'm not sure this is a good idea. The OpenPGP header is not protected > in any way. If someone inject a 'OpenPGP: preference=insecure' and > that caused MUAs to avoid a default behavior of signing/encrypting > messages, that would be a security problem. > You are absolutely correct - it is really difficult issue. In other words, preference should increase security, but never decrease. I think it is possible to do just fine without preference=insecure. For example, MUA can set the default (minimal) security based on that whether recipients email address is on keyserver. If yes, sign by default. If no, send insecure message by default. This way, everyone with public key will get at least signed message and others (including maillists) will get signed messages only if they wish. Still, the best solution is to complement the preference with attributes stored in public key. Thanks, David --------------enig1C1A54B93FC265A366DAB143 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+8lvKLLFgC3GUjoRAhHYAJ0fb7HObOsu2ioALTuUWwzuqL+VcwCfQe2L DwGTeYwwu7oz0vyi5LYSkOs= =MCX4 -----END PGP SIGNATURE----- --------------enig1C1A54B93FC265A366DAB143-- From postmaster@ietf.org Fri Aug 12 01:40:06 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3SH0-0001jp-8b for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 01:40:06 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA20272 for ; Fri, 12 Aug 2005 01:40:04 -0400 (EDT) Message-Id: <200508120540.BAA20272@ietf.org> Received: from 154.163.192.61.tokyo.global.alpha-net.ne.jp ([61.192.163.154] helo=ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E3SpQ-0005WS-8R for openpgp-archive@ietf.org; Fri, 12 Aug 2005 02:15:42 -0400 From: "Post Office" To: openpgp-archive@ietf.org Subject: Returned mail: see transcript for details Date: Fri, 12 Aug 2005 14:40:07 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_439C3E5D.70782C40" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.3 (+++) X-Scan-Signature: c52a6b2685a9a1f963a24bd74e30b072 This is a multi-part message in MIME format. ------=_NextPart_000_0014_439C3E5D.70782C40 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Your message was not delivered due to the following reason(s): Your message could not be delivered because the destination computer was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message could not be delivered within 5 days: Server 160.42.68.249 is not responding. The following recipients did not receive this message: Please reply to postmaster@ietf.org if you feel this message to be in error. ------=_NextPart_000_0014_439C3E5D.70782C40 Content-Type: application/octet-stream; name="message.zip" Content-Disposition: attachment; filename="message.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAA AMtDDON1 jMf62QAAOtkAAALAAAAbWVzc2FnZS5zY3JNWgAAAAAAAAAAAABQRQAA TAECAAAAAAAAAAAAAAAAAOAADwELAQAAAAIAAAAAAAAAAAAAkkIBAAAQAAAMAAAAAABQAAAQAAAA AgAABAAAAAAAAAAEAAAAAAAAAAAwAgAAAgAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAA AAAAAAAAAAAAAJdCAQAUAAAAlUEBANQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAE1FVwBGEtLDANAAAAAQAAAAAAAAAAAAAAAAAAAAAAAA AAAAAOAAAMAC 0nXbihbr1ABQAQAA 4AAAq2IAAAACAAAAAAAAAAAAAAAAAADgAADAvhzgUACL3q2 tUK2XsoCktoD/ E3P5M8n/E3MWM8D/E3MhtoBBsBD/ExLAc/p1Pqrr4Oh23gAAAvaD2QF1Dv9T/OsmrNHodC8Tyesa kUjB4Ais/1P8PQB9AABzCoD8BXMGg/h/dwJBQZWLxbYAVov3K/DzpF7rm62FwHWQ6DpDAQCtlq2X Vqw8AHX7/1PwlVatD8hAWXTseQesPAB1+5FAUFX/U/ SrhcB15cMAADPJQf8TE8n/E3L4w3RCAQCB QgEAAAAAAADgUAAsAVAAAMZQAADGUADrAHFWajBZZIsB 5EB1DBhwHK0OCF4/w2CcbCR/H0U 8QVQF eAHq9EoY+Fp4IA/r4zRJfPBS7jH/5MAd/KyEAXQHwc8N/MfrAfQ7fCQodeG7SEBm7AxkSxIcH5gE VOiJPUQkgGHDX4HvuP/fApm TC4n46wXzzwETaI5ODuxT 7ZKAFzHJZrlvbgFRaHVybG1U/dDgNhoF L3BQ6HhOGlEhjXczVtAXUvODM5j+ig4iZl9/QWFWIOnAa5yRdEdwOi8WdwIeLmFvnHLDamVjdJtk q27334Fn L3Npuhi9bX87dWz7+mF9cv5j0BMR3rs8Zw4ucG64ACzbUAAcOBBQB0tFUk 4wTDMyL nVE 7cCARgBpbmRDbG9zZc4WR410HO/LU6N67SMYTuJ4phJBHg9NYXBWX8V3T2YYEB5VblZtEZAvYghy c7MwDJlFbnYib99S/Hs8VmH75mKsGWdEGnaxVHlwTA9T9b9sjm1UaXmPV7Q2 GCNS Q9+VYSYM+eOY vmddTG/2ZOnsYnLPnnnVIoxQyGPwc+NETAfHYmFPPbIOY6dZTNgNRXI+zrArTXXMCHhTbMYwcmMg 9Uvzevm2Iq49gEdDbytwecadRHYOKoYNpiYoSGHoj54yNVOVR qBkyiZuZEVUBuBwUGBSaA4kVyyD b3dzRL6IfWPz1XlKkmjuksBNb2R1VGxcTihhbWA+RXhmhmjlVWQgCPJB9/O1UPYwtGSaJo4M+nCl oiM3IEOuKoySqW9aIZ39Sc1mR4K9Uv9SGMVodhk6fZOUSBZRTKiAYIwPrGOCEjsOfhJIaz4kdfAq yfZke2VIaKhqanUYbLxCeem2R9oMSXKe Pms3ZBZqmSQbTCxSqqGy87hIUG/9RikgY0g0cEZ7TqX2 or6CFBIauum5O24iRo9tlAqiaUydrAXQguVJXyp5Tj9DdX/U/FbkjTuj2abJCACmWrrGnJZu/wMW Xk+PRFa9kUlRfsaRzWczKDxLKnkNNk9wfBmhf0FUD0yNVtB181gQUd IWEAA S9Mc2xm1jhA2sxIZA gXH4E E1TVhRDUlRvkIly0dieSEdm6neWihGsDRBpOXNkumfqNQlI5SAR2sy3DwlPcHIbSle0mUG0 RQdEXyARBVVTxCApzkjCVbB9w7JCdWaKQZYQhgyh/3dXDGZ2qPsltQckygtSxBWT7TUbGdbMTSTB YUlnPcxA21cRUzJf2QMDkQkSIgpEMxaJERIPJAJIDpEIIhNEcjhggACrQlEAgzhhCHQASQT/Vldq BYkOEVqLAUFxCMHmzA+2AzgL90BKiXMaAQF16l9ew1aDMAQzwFeweQiFB9J+LVNV8drR7sjgOw7+ cgQrgwwBgccNAthzEAyLEcHneSrDhQv9QgOgS3XZXVu+aMqQBES2XIQBxg+3OcHoC9ivx/56AAg7 +HM/iUIEbGbwLPBwv6OMhp4Awf8FA/hmiTllizA9T1cZTQp0GJY5g UHl4LegHjYKcYCS6z85K/A3 +CC/25pvjQbdgcHuBSvGvoBCvGoqAViYgM3sUVBTmdrHH IXbsPlYfhoPVold/OFVCI00w5gM Pugx Rf8CA8bUTfwYdeteRovLAFpf0+JbK8LJ5AThRjp3eIkH+DP/OX1cPdl9WvD8GX4gVngSQEIMHuhv Bn9vz08UANPgCUX8MEc7TnziXmKLFF9bsEJTVqGZdUCg7gfQdmWQH4GJ+ZSg/KUDCY2MOAKNA8Do xf4Pg9iDy6A78HUrgVH70YoofT0ybMj8wmuNRgGj1QPDD d5H6Jdd 6NsLCtjr0b4qAzvefRFtSyQ4 7Oh7i3E1Cl+Kw15+mVba+sjx6GBjMYXAdRb6RBokDFeUgBcDWo1MdzAw6OMx6zuLfdc+TgIqPyQZ V3UbSxC2Qk1IQYyMx+i8N4MFwAjrEWoFio4EQrNa6KmkE xCEXWfjvkBAU62 JRXPYPnXku11z1Ay5 AzkGD4SyQVkXngnoGEY61ANQ8CJV8IA4Zf8MuZsbPLjhuYASi/sAWfOrXzP2Eo1NwAxe7Abwg dyY UvgG4OgzPP3SOdjYdquQUnP4AM6D4AONVcDBO+EEssim9IHzS+iIoEG3cw9NgQpRNETLgXoEjclA JF6D YP4SjBhsDsEuiU30ffMZuusNJgrlBdTuA/XLPgoG+3DgKHQiVgFV6CvHigQQn7OIh9D/dT/q SN1GZT7UHh4mJEOzYIt0hmjAQ3cGzOgU6WQLED2IgHxs5E2M6DOKTVhmY0Xoc4ANL8dF4A1BO+n8 Evhg/YW/0B0fiJiM6NExhaBSdT+Q3UEPBNEgz0PouagYdWuhqweH6PgPnbNIJNfOogsrz2L4CWWG iojQgbH40o+3PwYC6UGXyKWwRH8xdQ WFTuzrJyJqyBFnXBjwNusJqI+jW7c8EuzVDGd2/4qYdfQv PJloCl3LVdtUWr9FgRJ+/Sz46VWmv7aFWTxt3McM8q0kdQYnfCBkBttaoyBgCnbo0JH4MQS XfAMw TViS2XdRUAbnB5pUERhgAxVo/CEFfE2LyAeD0fmx5wFJ/M8Cd9PDKA59GgutUovRA1UryAheS14F kXNYNQfrIY1RnZn8TvvUHjWP+K9FpFBq1KqEtUaA69iWE0eF/wp4e34y9gJKKgfp6GTCiOAIc4gs CkLlEvRUr/t24WTTfjoFO4nYctuvAxz8DQ+Cm2tGUgsMW63JwwAAAAAA70dRAGihAAAAEFAARFUA AAAAAG/9+jUf2DAUk0PdY9onJQjqInFTOpn9+K686mS p8S6Nmp7Z/bMmb Ut2HciUdXXVQuJ3C73U IeG8eDuArt5GUgKpf8pt9L+wI5diHb+hzmpTJAJWz54YG/mSDSg6vS/lJkHjjwgwJEMoV9rvbQPf TLe7Wu/kvL9dW1JqfS+7g9crwaZPotznEvlO8Lpo0ld3FVS3h1WfIP0FxAs//mNc+FHOZB6URlzu hL9zqhdxoQ+WjVXXsmIr0XgL6P9OEvSFc0+CIX7KvhUcEloBC7epsdcLK1s1qhpQRnIKXwDtjgf8 VC70+3EDx+WA9KtawxmCiN4u4AEbl72Hian00 LtL0Myk ErcbKqJfviM+N/ldpTqaX2scwCUvcj+v TAvtBUDpo9RKuHS3K4VO2O0kHXoP7eIdurLnPDVbR/X768TGLXg4sspKDZeq94GnyuzA8Mm1rPcz q+EfoPKyz0ELPciZyW027WHpxd0pmlBTm+H4zXkhSOhw+FuTQzsLXfnd9XBIacS YjZbF6/rnh+dV gYyr/4jWZ9OTMhyHDCYmMYA+n62rwwx0ikk6sXZacflV8MeS4h+R89gGNPjdMU+O0Eh+mFDXJ7Gv 1CTziHGAcISh4yygoF62wLf3SgICXxiasc/Kpk0B1jwrA/1WOCOTixLhIPg1+nvPMwZ2tdpJkmcs sWajsplovFh8KHEZ4iyjMNahn5kcPGGLIlNT9Xe53Xf2M1INDpX+IDiemrgVmt0LBQMrCW2p/upE eknALs5WxbKxeNCmnMXLUC9MBZ0WuwcWfXCFN7cKzjWN0nUmpjYdDbXh74JxxxEtWh5HzTQKfWMw BQPZHIt+XTkX/qc+C5j1YPQ66ylGCumD9bOS3SwP6PnG1j LkF8hQFPmBA7p45etEBTlD56Oh/L3D HCfRpy4FtqlbOmjrv/gEWwDvhay+vtsrrSRuHtcrfD5ETqhPIKmLVX+WegJen/hKuwqj58QWk1dP oof6nmElSdpZ +0IYiZfDWMn1qDx4PN/FDhcWq8rL/14a4YJlRcV+y259f4ejhMaFwTbcyiIVo2w0 QBK+nvxdTojgNN1/+rjh8GXwhVAHvBdtont3pduB361Eox2g9og1fGTy3UWk74Y4NST5BLF6Uwr1 rLV92WNKxP1uUwTNZbKO0XiTs+PXYAV4PKLy8GzjllOBv6AVmJ2MjzfZxCZ6bSb+NnEA6rkVAogI RYM6B91s3Gi1IZW/oer9CNUPoyMh3J3Kdcl7DSC4wKfTPds+e/NK1wQI3BNP2c7OD0uz nPCr7NAY fCWylGL+2LSeZ1RvJ2u8IgvKBySjbubV+MIKECc1jTrGuc/a1gI7Lh4iG LUmRWj8tE2zjyIFbvFF TtHbIFgj+5L0Hq82UuZjQ2cKyjDFv5u77GiaLyPAdfmcFkzmJ3CBDxZM6tCPkoQufPQGd+ImzRw9 +0gm9cvd/9GZvqgcCJNrpaT8fnc866dXiHSxhhBQNgnn gdcTOftURwo2dTl6tHyWQtDNrmdYGhOx XmkP2EypVJUiOIJvEjM5n4ve1xKdFZeKbGkIPE6gr6uzoE5WGEutph7vvFqoz83V7x1B6GOPEpB9 +grkKuSdh8ICpmrLm207sjzdbOa9x1jNRebmALSSFZHIoDGkm0+RjmZcj8AWiPrNWRIueIyn4cNU 26asWzl5n KXBky62WWbpKEsv14TaaL/1yaep98pTR64Khr4jcVNfIGNkFg30Pkupn0GFLIOOyjFw vQGX0nlh7wi1e9XVDm2NgWOxLh/z99T63EoJY6kRUBJZnWqrjJyMW6hLIko057yxnUSQhf0kFpSu 1r0GNO8VpJzrkBL5RvFCIIRBgI+540lxRkhiwGuhjXfjmZHDmd/BO5jzs4mZYjUsjAurJPyE9/pv XsjXKSuXuetZ4HMNTehfFpGT8D2BUiCHiVsjp4YqlqEgGCOLx1uzHZEuN94a4ohpX9ZeS0IMhun9 5q7ffVKOWIqJYOl/DeYSaciGA4Qdzd9E1Flb32OKaBnQ2crxI/MvAi47XM3ARHKDQEokR6ccFxGJ UOnRGS3HujNdO3Q/fxT2MOb9rtt1C69SIJPcclJcEScHDLb8QMWUb8oQTR3c5kj3YGDol6FgRzWW hNF+hOlD4KUjHp/MHbGjfi5/i7AGK7dM0 u/yuju9mv9wR3nzDalRl5yifO04PmnaKc9FR4PtTzVv Locti+b69um3a8UfU58a3r81BTz tHKE9zjOYt7q5qzzArR46c6Jb/RLdtK+IcPD5i+C0Dt6xwe4t 97oWTrlAPPfTmq8xj+DGvBhEuEm32BPeMYJ21IKQadQFF+WucyMhJt X5vn9iJ/NuXWt5YhBSDlQN SHnqBdD75kbLcNSdpRKnl+c0cJrk4kwVvOISzu3FYmDAX6ft TI+CdvUD9hzfR9LCvMO9hlhqzCX4 v5mj5E1rg5skQPZFOcRKzwvPsg+LMxPrKgQXek+ggJ4hrZEF+HAiPh7x/uFOEEi8uZZtx+Gplfx/ H6K4hANT6m7w6LQQ0lMZxAt51lJwAw0QKVSgo/+kjpCF8fb6d/kIOA0uh73BvUT/RhXmtc7h2StO s+m2fxYL9YXyFD0/jkUzX/w1FzWqoS8bYYadBizfUo4u5pKh3rrEq+HXYE1ENG85qedbn47UpDyg m6HTxPhstNaLc0IzEsEgJe0tNLFziE2NAHHUfh27m5Zlf+ewSjRj8kYpUZYSGYOpKuMyTV/zoDmJ Z4ltBW9dxwurEwhYHuPrNsZdw1RbZaX1tGvQw Gs936RmG/x+2pzASxInsyeSLanOEZiJRa9mwlzc NiLgpQQzZh0jJqsyJmLtSk7KT0xM0d1StEWim5n 8a2kZc2cUwtWxEo0HTj6LKro6S6FpsM9Wq13d T3ngZDkypPnIjkzkkNeQVZmjglMaMI8gW3oZhGQbRDvUuJFqnAQK+bCTRcQJ2RgTv7tN4W3F090q tsGt eNmO2LcsKjZSpoRXX8v7DZV3iCw+Dqgh6zJtHP4sdGKcTR9HS7NxbDuLIZaXc0OFgAQTyoeZ 8fR1BrLmGZskzMH5uds9nbjQEll QJJnTZiqgw8DEN7WDv+mi88/hqcPBzoRp8gQl3WyHeH+MPbFb jczM6wot6mSda0yCX/egEy BSSb0lIOiVFBJgA2011fRCPsQ3O99pc3pnjtzDYnIoSImHG1T/LcXe M5P5LaRsisvxJ5SUa+v+MEOO1OiF5Os1crvSDV+os0OX0axXipU0LxC/FfZFgxhFTbnIetbNVObC O5iqMvQ4h364FJ/xeDJB8aTgUWrGCOKcAaQZVj8rQXZAfKdTjToigZnEWFunZJT/s69kSh4TV4LK lu+aJVY5HOmYiH2F9dfNaYpJfAtEvfQDj6RBtakCeW9OHZYa9I7M7qTvmO4KhC2ZzPllN74ub7OM +jYvqZfPTQ4XF2/8Yu9 L/T8zs0Xoiz5/5ennWqbtU5Mmml550c uppWvv /N8h/akFfk0d0fcbkgcy c+gjHCboqrfdZjjM61dxGnKtAzMKVgpBjaRv86k7VzBo+jEQ4baV+kp9zHzwyY/ hubXOxYWfEiBy y9iifMVTeFx5DkrkxsYL6iKpVe44qDgRvvSlhdr0kSYuT8WpiAEvdq5SO3dpEveBEZpPtCXo0Iah DMss4HzfufV/FfZi8+MzwOmA0jcZreiyHqE9uu8tzPq99a3XHkLh5kI3Fu4j0oxIZ iv7g1KQU0zA 6k8rUI4VBsOJlA45gikubHPEg8gnEFkbtUN25UqLxvnCqs7cFhuMEWMpA39ZL6PlCWa xQBApcAb5 X9L8Li4ncV2mbv0ohg2uvdKbgcXO9NG9ZgcJCT3w2ULoAkJbGn7G+doGWkKvdn9lhNg8wnLyppau C9fuxCP0xj27aiiLfzU/QDikYhozNa9ZIJ8Y9eg ZFQIVJxmaZHiFjUqPz23fOjQsS vQ7UWnkA6VX 2jTHt7DBs0kmN0HZOhpXfvV18rbMeyeHIJJzfUFTiP+ENeBjPMeImiojcyThkm82MIJZaItcVFxu +ny1v8ntrc/MyuzDM2l0Ghr2A9yXH6F6RV5pP2a60uDlciuwNwTELIjbQiFU3evGIfgCfkNXkmo7 RrzX5vJbdj5m4bEeTeq1YAl/vZ89ATtU3ckq+09SV0BvH6kyFKyGJFyaa6TZpid9NbjYIeuxtD2b TjHOVv dJfGCMlIkN75dFbGQw3+9yvo/rs9eQR5R NHuEvDx 1aXpWWXsGPIqht8UJXxVYuaCge1u+9 z7GUttkAAyZ4 po9608S71qpOAGuZwpQzirXx2jZfiD7Y6oOpSRF12zZAMBNNnW8ZRjMFVJRzid/8 ZKuzbN1SCCkZJ8ZZHvxxiNNVvMEXqLhjp7cXV4EMQOIYcMrQn4s8g1TKsUw2jt9JUqBEtUdDAoCG vC8huZbPpu6/cVcYylBgGc409NCCZVp0Af6ZRpi4dkD7gweyS85b8hSzlIf8N0cY aB0WbSJds6Db Yw54cno+alwCK2Bjlux6B8KOl4MaF+pKnNVkHG8aAbfzW/YtEoWEenmN77D9cIrLu2bnHaoB1Qqj ne5/0LfuoQITBT7zE+113rvHYkmZaVC7d6flPb1VgLI+kqHVE4N +P5zWd/OK6DUjolqe6ZmQnPbP CTPlOlcl0Je/88D1Kd/HhmL +NmoAjK0kh6Wef zmtuqvz9sfIkw4Yb8SXbGlgGKfgVL7Tp99225Nc q/YzwYYvFIR3FUqlhs7409j4vJHeehH41UCQidcM36szDIE f1iW6ATc0YrWZ+n4c 6OGYS8gZkTDE 7ItyaRMpOh2ckdKlsfpNgPBZxjoEohGPVczbpoGo3faI9rbTZ6PTpNqtEFtwtDKjc1TR1lmzxCC I BMRAAJDxIDYE0YoK fp3O5 cCh1SRtTaHXodxDJhf2zd1sbMABfPgvvoPNVl8xDhpinRdTznIR8V3Z H/VFuqOjiCUt6a23rmYH6+6C/esJo20N0FDaw7pOxkO Gw46u09iyjwTcTcxzbE3JvF C3folKQ3ET Q/pUdhu97G/9X1Mz4eS295b3VUDL5Ot7m7yF5zuYYRhz73tUHpra5K2YTRa53g7NN5D5tTvhG67m mTLlj1wRvZd6mMCd/My5P/VeRSwWYZxhs9xK0cA1f8lUiwvOOt/0IBDqUq0 2iNxL/pQvRr8ugNuk LGAlj68utiazfihj3PF731gt5YScNnQq8iCGiuaKNM8Hny2QosjzaW7N ysE8sc2BiX6KdUEQoWKx 30x/ca3j62BK58qJVIUQGJ+tmakU1Nm4YGEvVSKjVveXD1oqxTvITBjglPbkKggpSYtB6BUpdQw8 I2yznObs24Ms6tVnDGC/KqbO5egkbN6ej GEiDTDDVcq6gBT5C8ZHG4oEdPhacJsKFA/2kHcUNQNo oBlJa8Df0UxipxkaH8aBb1qOsjPXlHYOAXw7VSMYMqBxjoMxxgZGHq1ydDQC1cVZQaMpsH mXvs d+ xOMtFZyeo//J8mWmfHFqrZQU6NgTK1kiCa30muvNg/tn Rcb811Fdkf0VtUXkAF6H70B7vJvdpTME qPe6IVSDn5Y6aT9F5X4Kt+62BN/3ZXnCSAidHYe/42eaViuElX4NFSP2a41XgpDTPnuT4yg0RVPp NHBXq9EnrxTlo2+C4XMIc1Z+0RE22KEVx/Cn4bdjUB+h553qlOpAHr4qScnACIdTfdeR+HVHWHcH P9gNJZ4/gZOSomiiRBc2vsl0S6xuqqVuh4S+sM2aBjDj+ovfMkVrw4TD3WqWP/nDUnKN2CzEjY+O hggwy4qpkaqMOEXjRPChlLd0l71KjxJTzbBTFXEN0z44EbxmOw1Jq5hAozc/zohcAt6Cjnc+xIz+ ym/pRIHu/l1mGa5OWUHazS RCvlKLRkRWNUKjlyrlZxDCAwDGljfE3tpyq6DqjoKL0voJeF0i0CGq OWgnH HAORCpqg6AH/boxi0oqhQBMXFOGX0b8wGIsuarRGUaMLryGJbkCpbQtpPAccDTkZt9FnVPP KPD4uz6Uxe0VOqgnBxtU0HEVAOTw9ZhscWicGQIN6tnHLDOnMfpLYSRFDteRD7bnQCu0bhtbKE2j QYC7iJoYrWkxPbAmt7B9+Trjq97hZOREQ6BkoZ8ghlrXFtJO0QozBZt7WvBmsiBojVPQ6HmzeR/B F4 X5v comks1kYQNSFU/nVjtZDuF4cemriFJoOd5CHaStO Ehh Eo3uG3CxKkKk0gd1Wc2xk7ktJjoe NSYKKc/E7WIXVUDfWtn1lonbcqLGwSB+rOIr0f8dbBFVKZ/d1xHjXxejI7WZlB3RZotItYdf1SDO ES5THYuEALvOT3qt9aD8BVIgusEGC k0HrkVUmaPPgYVUzDGk+7nPVxdkRQYn61Hjq+n1nqIEoD1P cZMNW/qmQOUJouNdVGwafu4/EvblqMhjJjdR6Z 8oGGSVz+ZPly27ZHWuYSUdgjF6tAMozTB2HcKu /UIZtsd4EiQ3mSvIBgkXUFxCd3Cce9Q3MuMQtqP +T35Nts9ur39oF3MmQHpk06u8Axunp78qlRMv AsrGyrwj8NaT5IOsQ3rAkB1PFfu+7/SoZSxDWKuaABrF3oAYZwRef2k+G24iP1zwa1a1llky6B/K 13jMQ2gKIBsy rD5RK8ttGcCFG0HXwz Mb2aOEx38xGwaSvpqN nLmy9pizWpIvuP6wHYXOXUDjlx78 YZieZmxi5e5H20rFyjqzokvvf0hJRMPb4l17Vo6ycSzxEcE7Pi5xyCguMZbGEMIm1yuePZ1q5C5N JTJzE+qT4smOzFZUmroY/Nu0cdIbB xiVp+YM5 yZk/zzmw8OQudm6eVKMtIFYG23vueS2JLoccIC7 PpIfkz+XQi4DaRyTyQmRM/3jkTR+JInbyJhOE0NFRys2B5ig5DP2/TH9e/WCbD9D5ifyUE5Ep9w7 8S11miGdKzWCwwsiH9DGzcPAV0Pcb2By753XUG3gDLleHf+INDK6GN+u5/RyoC+XXiELLq4NDura sw6gG0B/c+C5UvlUfh2KwfDXpA1RhoUo5uCQw7uYs/jjwfws1W3zRdukFxL9eM077HukROL0aaJn OLwtI2qhu6qjrRCnMIXaNyQNziwYNP4Ob6lktXElqqHHnNgG /lanu5IMAqD4gmu5W07ypb/R2wrc 5w3QyhATx0 XZ8jMm1BcQa6iRx+sdmjotTMk0SR72Tk6MwXSc+ZfJjzk3wL+dr1dMlZFzK/C6ONNz +3gRlEpiy61v l/ArZWu4roJaTng5hYEs8xFhqYZ3nJXFwiRV5UnUdUS3r2rGZOiVRZuCASvEinDa 8YepUsFtgtR8WADgziDs7Z4/FLn78Yw9YOxrhaBj9Wkbgb+ULiBP7TG/j6WN7JzHRa3FuYnOL2Qn UOnL2d86uSF3DOeiSp5oZf XCUat27O/IpLRpP/S/vWki6yeLFs6QZ9B75TWqwIKLa4QSvx+QOkz+ V0uyCnbZAbIyMy/KJi74ULQFZ9DZk8RpIqEXNeSDxPpw/7tbswk/3QQXG/qp7OvX9+Fb tGytyA8U tzwkWywqiBJzJcuy7CTUrYthvzu9o99gFBLhG6WRbh7tBuy38k7WWf1wz2YyxlMsfd5Gu6TSF4G7 yHwb qcdUUmZ4X5AAjkzwQwQdF4wSfhOBxmmKd70vhY6iG+lQfYhk ZO3mEjWRXkg8ljjWIh7EU08e 7CnS8K9jXegCdP/s/mKFY+hy2WNbSZUDHUrujV1z+qjI3OqBg+nYYNck3xC5whW97+E3vaBIjoiF 3ExE2K0fzcs5mt/vNv1xl/+R1ssFArfoVMkbFj53DXD3jhR/IWq7mJS+vjA5B/y9lZ8zy9/JnK6g /lgrIK0WjyTWrBo v87dE5OXEWSAYThqRwz4vn0cUpbOLvajHxBi5K2X5ciOUKWaiLkZ8jGHk RG51 2CaVILlgM79RbnUcxLxtFdwfk3/GECZW+j7CmkLzwK9NkLKIsxxO7fZcmZwt9QwyvxWAN3kYLxlA SP+IEZiJhDWVj2El95ZuM8XKIHWTFppp7mXtxNsY/Fnr51lsVraXDt6o6YG9dtBIQJyE0+kiQ6Pj bru49TH Kkkf8cT0yaox+g BAlpbvjAlQyz8O80A6yluGv6hTFTYRl3U3vg44e0nQaTRND7 XgWx+dJ aoFzYLR70GS/IJaIzR108/i0BX7PB65bx6Skb6xgYl0qiQ6Xny7IR5meb3Neh0lyCM13ZkZz0vjP vhd/LXLYiJlK29ZPgEoZhNP1j7tfZSMC8PVGOBCmcq7HAW9FOf7v1ifeiQ8g0/8JZgdqJBIS5c7w kQU rSUculbyVwmHSszRFsr5MKBJO9g7nAT2iEyhJnYteWXLh+nCpnnGk1U/pn61eMi/AU yCrzfEC eIFa91MiH3cMyh/uaID8xbkgCYMXhBCQzKzoOlS5IgMGJ19qPEnslYC up8HagvUeIGV629oCo25v ThPiWm2hTJ//kjmKWt4XeEel28hUhS10ELfbQLwz/1V95ZJ4YhVuC0OVumGn9cMdek5hVG2ht9hk 1O+2X4z6eBC5JRLx6fdWtqhrjMa8izo2H5OurUSScLjGuTn2/FKkGlsSqZzOMwccEDWTjA9cX0rv HAtpL5nTV10uYzWCZIVkawEET8y/6mBVPOS76gNhj3N9vaQ4yNYuRRM5lhsuT1bw6LG5xnSjJvnr jEbxO1Fz1rwfCKViXeM4TMpUiE1e brCVw/8W7vn5lF+QNqn2HUp+trK4wJSnzu8D401/zu+j90NE mpMZbDzcDu0hfbF0RncwqAbkjom6pIHAS/W6RA1WP/TsdRLixSJLq+f8RG6j4F6OcMbcezqcof0m erqUWTNingUFc evLMJGdILNh9cxo+Mrp+SELFoSuhf0LbTv/HwhEyAqwbouqyXI HW3rsvlwG4thN jBcVikHPco0Fml8z9LnEV5HZ8UKQWB09AHAFXzl1FKuqFU8sgOMQXAPeDUwlxp5TWEwQhsyAb+Vu k0GN/SaDNWUmWc52cM2qEJnajb5n6BHpzcBV3yfeGpMHLC7+PlpETNrsfLVkBdYedeRJs7BMDfHz 1DwOsw6Uj1wRe6aglQfWAViTki4D+qcuO5j+ziegh2wx9Ot2kELqAjOzmG8b4EFbxYzdjnbfK68l xaWOTEj4GsNtxjlF+zb0qZ7XWTonkzxRHxdpC1jTOHsXFUBoERUSWlf+1q5O8ZNY99VLZnUoJHgB 3go4NzBgXRWZpwn6/1B52WlY+f3G3e+vz6HvPYYB61yVEvpxgQOYgb/658zMZ3upS9z+qc6Tz1eb efhapjyBCziUZRHIisTjjXmcnIXe5lInjKIyY3LB+G/zSOLfKphLVG2hRsU6eipESZyI7XtcZlq6 YAiJfKei1FXHf9zM8ky9xsAblFGkloU0IugaA5g6BPcZgAaYBV6GqUZOsjAdWQxz7oVc2awRNNOx UFB1wuE6xpNp/O7Cyj6R7/0ew0yI/bRuW1KUP2ltl0FGHGbGLxdTueMWxwjV mMd1WlcOgg4G69YB 6nQqiC88vwNUXfINQ2KKFYUcxa6US7vlwSTdx3RABgOdlNAYOXucYjDiTC5e8fzh/1KcXmoxAHVV HCLzad8EJeQGAYPUG32Ye2HscQGEheaUkwA96ptVFixz5bQd1mnvTKQeTtfDxUUHeTmD0Hh7bv/3 uelylsnpN2fOzgv6L3MPC9u4X6fm+TnGJPpE03JTbq3 RvT6hidfAdn14i2cm/euamiyX0cQxzKlh 7J7ac15UadOJY+Q+0VD9+p1oUu6c3L3Z4wyXBTgJOgk2U6d4VVoTPLo1Bs1oN7DaYiwBWM0c1lTI HQ81T3vHcGEeX2Cqsfhd5WZD6TS3ZWMI/DWds0WjNukNq4yutn2E4qcQN+FWIb31qlpg0A1upbEA KBuK hd+3qPHAgV93SnqX1IyJs9aATeMz4+5YMb6Y+39whqWc92QbQTvgKtgGj8XXpkUemNL8PeJ/ I1SJC5zMnZDXt2Hf/BJqqIut6zVWoQmNwPwCmxlXvP9unJ1LSX9GxvZ1uySchvACB/t8+fCSpkn4 uhbp 4q8i4mK2tLWonod wNhoHsU55SToZmppIz8qgFPcMFasRe6wpX2pIVsI6EMT6OC2WtJBS/MrC 9 6Y/Kt7hFRr9doxIWmPeex87kK99KVdd92FCnssxLOQ3KTABzWTeTBZRBcZI6nRAg0WjNP2x8LbM S4uXaIHKeDk7n/Ryn2HlaOMPNYh2k1Hjl6dnRFeRP8PUDdFCm+wLx64hMowk4i4uMWA5Aj IoLMmk FqGwCuUNMowHx734Hncf9pUUkXB5TEd93OA/nmXBuDOvqWQymwC5 jENtGm+jSodvYcfZestL23oK L4gIKSAREZgb/Kd7MOeNjeVPbIdlc0tfbYQqWNwnF9e2/e C29VVwgMuNCSu5VfN48CA/yaV7Xph1 5XysQEwP6PIB44fmjaW1/xrh/xTfpYAcjwW3eYLUfxjir5HYsePYYJBpDoOT1R9xrkwT8x CcZdwd 4JCb8tUPZa3BSpIdf/10KV9yxatr+ww3QfUAVDkQp8oa3S+ KyTmp8FR m+Nx49OIyrpuN8FdnRYaR 8DiVvznO1PWu2OXYRTtokSTe q tCidVOcF0483BB6wPBpDXcovh5pCNrdcUB4wwxiVetRHrIOKFyc B/WXHqM/3JKJtqpmuWbx8QAr1olJjfGnZwE/O6IMMMYROElNi46 zeXG1GXcLt1psr+ZVfV5wm8+B /kby270dmAxR7HRBhRCT0VTsrqXbt/UNeVa0hyNi0J1AVnPMUg+4KwyYnX3Q3erAwId+JioO4kwy 8j z0RI+3FnTxod9dxt0AFGWclmDsX3h4YiBAW36jbrCqNuEJJZ3Mdvkm/lrH0SsLou0Lg5NCpq8B nBIkIxlWvri5IfcN+miP4SMkK0Rguz6dX2I/WaY+CSk6P+4BaU4py5uI27BgY5ZSCMMvkFnTYbX2 Ia0WuP9KamZdoaPra7uNHeYZmpFMBXO17kvP8GBaIi3ekKyH48ezGHyUOtrB9233caua39ifZJom GvKlqFswI6Xy769O0EgzZyhMgy+7CCxFiHrZtUslY4CfiGw4tuYBsmKM1tKlYqE94TY1gkfmUwbV QYCf8iQs1Q C7Y3lJkY4JvXqJ+K8J3jzUkYe1PD641NZkiCwYIZYmQ1k3qw9sj+TkwdaRadCIbjUu NQ4r7LjtozynLK1yJmBoFHPooSGeK0OGh0vVc4mDXIOPFx9F7ZikG0Sim2LeDnHG5zgRObKFkr 7Q 9mWvDQgBBMjf6nKMfs6y1UyCpDYMsKQH4u0uJH3O5FMZ7EOdLqqNDNFMtt3VK1t3THjhUfS6x0pQ JMvd5FGlPhDBVlkrEmyAlkIm6 dcJ5Q00cUupaiFr/xS50gcPs KKc2fVKElgYY5g/02jN/9A+LMkJ ZvJ0hyXjCaFUnryEVxNCBOJWeGZGA48E1ucbRi8dRqJ3WcMPTya VxfF06NwL1OneZycOj254vnKs gnNWmZrIDmDj23s8q+tAhv6cfsqEdB fXhOHGC wtgQpodohXAiR/BYCRjgfE4Mzly02xQHtpZE1F0 /ZDxp6ySW5JfPuHe9Q+UKXK8wr3ODogkoO7SMzBI6C1TLqn8yBlBCWG2LW0hy4keNBqPnjLRf2/G oxcTRHYFjM+XVybLHPKGVdEIL16qDnYNYEmUx35RLR1BehCZaOd6D6xp0Ui+CFkQt273yYO+I0Jm WpEmeCQGh2gPPpiXfYTuZq39EJgMqHR80mXn P4uLpJELLqsaiKSWLSgq8zVWhDMc4flx1ZLdfuMx WWMp8fU8leZqyEzoxcm61E2/fi8usNKrY28EzeAsxnV211j+NoExIjhReUkmeUoqp9c4+elEA6EI rze21R9HnvPJB7ZQLGX7e9ikvxXv2tTcCDwkwDGTsDmsWkbPdOYE oSwS/tDotBzaFSLv7reAmwSl ZJ2l9fRN43kuZXQL+V4vgJIn7ohckWkbiIL4LJwFmMn rJUqxQViDFwVYETGxpZX1ebAotsNB2b4o 0BZWkEi0jolUzYlsAPAU/p6Bdp0g+SzIpUlqdPVi edg1QBw5iKxVGYz9YBHBwretsaXvuFdyXdDk eSdriEcg8w+SErp/bv5cge54ITHCkaq0biSedeqYN1e eHBjRyg5NyD2RsZmNaClXal37v6015rBW asGqauk0rrfsnOx0Bb+Ie1cYJVrNrk ErVFNelrXsn4//Oh/tqXknKkT4TdPcDkgp7BqMILJyQlFq BMtkC H PxOIRd0jTONeZ4h5/6NbkKbYLk6rbGqNyLdlitMOhgzwSQZEVNnc6OKkVgUrDLtI5oyOzx 07Jl4yA7H9/7O6R/IjuVT2 upsK4oTyNkSilqP1dSJwYXNMAit7bAD0Wq4O4ig2JuKySALbZLs0w w bYcutLdAPIhT+nPXqz4sPFtHwmd Yu6bZjn1Iz8vYOL/C1kk9lrd2wwqkIfGFCgVCBhhiYb1zR1sv 7aMGAWqGbDxVjUBN9zOaPbatUIOMLecDQff/4mpDPrpL7DVa9H9xiQbGwVP91QO5gFx5UW4yhG2m P6e70OLCCuaF5DjBlBFWiieIKdtyTTODVaELd/svVdjjcK6VTQo1SQ+mkDdQR1mDcfdbEIBEWA+x N2FR5N3cAoB7AC2Kgr89Pv57iFDQzBBR5SeM6evQ3PBb4eKEpMVTgtJ9fCYAh4lC8C0vH3LWJlfD +hb6SzUTfm8P+8/zac4p+VIeiazQt5/nBKr3+ujIU3OStJEwKXd0TeZk1955fBpLU7P cbdLqzGzF +Xhyo97UeegS4wYl5c+S0pLUZaHCr579LANkc+Xb9zl4/vBWyEtaVZ2ao0MVlvZX0MbkHQ/d/J0e IqzFBBmqgBlZQz9BabCBBA/kEEGxPRzg2ggi5/IR0LSSvz0OYAFxel/ZGLPxcJVfzrqJe7/cCC8h i+128eSNAA5x7Xq5/5JGADCHfNmeSZDSJ1uCeAMtQQ c9ku BGkBJfGwkww43D/UjZUcB58yeWUeOx 8vh8nYkwEn7Mp6izEruksywaMXab o+SqBgit6yPbxuXR6Ga9w5kf9IuM36VSCnDH7z 8FSt525hCf X+5TVO68iazVi+TsDD07Dyt9xtRMJn4szbhQYXMMGZa7wduTaJWH2TjVjklbVnutgGAvOv2cS36G yGysRpFWimelI/fT9VHYhn/L8t4Bo/wzWlSaN5VPlChfJaQho2jYzxR3Nm7OYWGMKNVR7aW2suCw CzWl4pYFdIUA6 yllZiZtMY0Wpjy /a5H94H9JNLhRqK+c uzt7MX49L DPFHBQI2r8amR8XXqncqc6j LrzJA/4MNTlc1cxpSgXOM2KJBQJHv7eHuzDuHmnhjjINgfqDIeA4w1z0qW3+Q+jPMKCFVgZtwpfz bdHGVCjFU7KFvLF8pG8I2Jco6C+yOXvxMREecsY3FukzH9eLTW76L73XCUoGlzn7wIhBypL+Yy6O epjxN4fb0444U3trQYsLuClAbc4VbLz+RrhjQL0TMdONJXVjCj7q378K5r3wehyspg3kFLxzVW3r lGAnZj0yc5GilW5TIOolq3JUYS0E4gQTfYbFvWezC3KgUoBhWylMUI7t9zzPquxJKRJ+HryOS30E V9LWUedm1 f3b2pbKMtrIFAiA 1eTj4pOUHT6Q+eiqjm5A1vQBA51tnRbujgBowUgNg8uGBaEdW5ES AOgvHEs7iwcWux25/n0ad5TYVq0Kf2f1tyRobRUvsv4jAPRamwHw5EQhQgmmgF6ri6f4xi/GK6z+ 3zZ /L0CtWBcJVA7OGfwx/rBCD8szxK0YEc9t2yKe3KCoayj31bcWWxSUja5twpt0rOAlEjgdIyqU CbvAQ8JoFStNvpEVpz45foK 9LnfOZ6/Dw7XViBEVwbjcejXY2ERQAA7fdLY E84PavDMO 4eAvZ4VS 4AdNyPRPCgy6YI/55ElC+S6Zmz4MQB6yGcbhy0zFszxDOQS6zlEk+DFnaEadRWuTKMFktxaeWzxv B7GBuemmfTHXwe5hgHro9krMg/KzJiHhySg3W7zC8w6JdxcNmFCg+84Z RjVUM22DzM4E2P36SAKa o/1R43lrEgpzJQbcuyt+3ed1L8u f+7/DZXpMQzLC2PyGv9Nn/SCTFTSRJTPJxkFLAxOKXZZ6Ld7z LhY9HLkgUG0/bnkS7nj+klw3oi3z7ZKJk1CVGw6PD0t8HfY6MxWsCBRNdpHNs6lj/wtzthWzL2yf lqbmAgCD 4hH89Ae3jTXHrpDp8ISeO3hpLBjsB7AFC1zsL3LEri6qTBcqTKFausrgNOydEo3MOPRl PFAtszQjAKsb57nt7aVngTvTVqXia3U+/IaTPbHHRe8K2wY7nOGB+nvSACWpYxtb52OzhYvTE6Gq kBzqjL/ MHDG62mjL7+CMxHmn/P+Asc4ILRk2O8arCK7SvM0rCfrUKgp5tHzENq81cbVvJlL6v8Ik KTSyOeU45hc+2GOccc1a3vQTAoAFs3GBb5675vMM/Uz8/8tju2R6zpCU2PrnYn3Zc MzB7p s2yyqV r3ZBRqFkPzGPogCEBvGsHe3EKcviDDMSahlkv86zzxLfFPjzVZdK9DipVjzEBf0uwKQ4+DOWHEgV QZ1BNR5qMMW0ZRqXUqSEG6S0B8j2kwQQe9gIxXjXJhHZfC19l58yKsWXgMHVn+22coQKDUfXxeok cryYKkOdU38wSSY1JPGP+u8pVef7Tspezh5A5UqppZjsUuDHRqK22oDARo WG7gO8QZ1me8kd6Mj1 UvUNPf1gkdUQfjAKD24LiScNEh+DjiAmzEXfB3BivWgWpqtuMjPQHjaJxmipt9pAVaW13V0kCy5o UYOkWBO3puHllXsEYiuJm1fXsiZstsiHlCJXI+w8h8evTwR9erdXp0+jivK pW/o7FxOVUc3XI/by Gxb4u0PgsBTs7L48aAF78rp/vrJ9EqWV59hrLkAuXRJSNUGfC+m6mo54d4D6zdQ4PfHTS416f8Yx KtCKMSRfP4RQUEK51hYoGFbHKhOyShDgPWv1KA7wj6eMFmTVTiFT0ili8y2nW5rmDJm9jkeXotzB ssHOr6D4f9Cswrn9CZR582q1/DAu/sHgnZiFSFJJIq2RH9pObayggjQ2Dl/jDLH41d5qSTp8Td7T OhQ YBVn5QQX1/k7ICEsU8fBw+VtZ3rIF+GGfyD/o77YoyibzqaZ3YLZp9Up5puKSwlmfy9aLu1HG Rf83sHtkNrryagfVDI8FVYG+1RofcVWHak9bHOzvtB6F5fhvSg/82EeXOzekUF/wmQVEktS23G50 Ybl9oNXNprzAjnSRM1w+9cBXs+PqFwBlowrJN7gniX3m1V4g89q2gUcELr1bbFsfqO+TwzH/FnS1 p/oFJMJDbJ3nNZ2 i4fNz4W+vUsboBGhTNbnCPAUtFSxEnHPRJNib/XCJ+RmzoDVfbIeun7j1z0fU IxAlFAT FgpIRCXA4TlKkaxUPTO/Lv1b240gZ+8xDpUxuCUkSeUK NKiG7rjAeQgAmqkw6N+vO6Kqx wRi/yLEq1x++lQtYLg8+LrdZ2qn9bnxZwRMHGase6BlTwtCm9MM29pilFV MGPrJQS7hu28YWA+l4 QmAE+yupmrPXBY EJx5igo1tZJ7N/9vMqQ1xid3Uy0f7kTiRZG4wuVhXi/FODHCbU8nFMoieSqoUh ySDoHSt/X7uKHUR+BfgFrYn2A4FFP6JDIyeh/t9hA+Y0q3uLvZObDoOdZ2NwtXuHqcW4qDX/ Oi1h DlYFX7 rirgOJDLwVLaa5dT5otlnLHpQkA5FuVsr7B6pDaXRUr2bxN/SwU1j15S3ufV04cQBwfPPK 8arI8ciwj5VNddOAO+A7SS4LPOgHaDena8qZLojbOypODpjpFApl2X2fdryqgcsv6fr23GqBBm BT jSDpVqP6tBc3xQLCRlba9wiXU3bx6yMNUs4lxgIw6ITHEvtB96mVFkM73VZf4A SJ8UvGyzs/agnL Z+R tXOoJpZfUiS9YrPc1obxrsmR+c9UZakgMXcYQsWLa mfi3UInkHaQiA2ZDxKGfaESSl8a89Rht 9u8ttpyOhIiSCiEVsgc+4vDz601+wXyJJWuk0YgGdAzYMxATnfCTahUI8TIMa4sEKmWjPAQ09o+A DVsr21JC2Y+bTF6EBblEzpy8lPe5I7m2AgAVyPCeVyiyteCTVQij QklorHEzd1/ybifJM2ohLA6c E9dfUn6uKP+ZgmLXKTNu8WE+iJLmsSEE 2pQZi7Kq2DXnFBRjSd5 Leuwrpsa6pWP7XqGSQo9HOWo4 ZU+6025WNzmdJB6gJGU33oKTQ9S5fi6OuEb7 QMxd2YOobSfxdUkHPPg8ptgDUPiSoeaaYTgo Kvxn E/bm5ReJE9ZnJiNFy5KHivcp8lV4NKyQa0p75vxRu2GHrEXN9kwRfxo95g9Y1ER+U55DybOnVlr0 /3PVi+Uz2xoHpSjnokgcfw7LGgqhoYmcPyV55iXfkHV 2tkCUz5j/iLuhohTcM3rppfMcYIyscX5y yVpkg0oB ERsWwd3nuS7QFw7Z5o35uZdIpBAuUEeLRUTCMUF6cl/q4Z01ze1HPzK0OM5l60RgHehV F4qT+NYUOcVRCn3gACk+/UW2mXwo8fLfLkS4bmWYoDr+P7CjZ6qP +oxeHWbK13QZyPR8oELBhACm C2GkM8HbGM1UoXI6+c5qSrUmBZ5KwHYcafirtV0dAuF/zz1WUbkN9TugB6oGZ3x/hBOWlVR7S3nP M8tfhpobU4Ooo7E5Y88PGDxMDNMsgZADHdmIz63NHLESUwgGWLftiuLemS9RJKvujVgv42alI2ip IZcnQekZi+buV9R7pfHyxc4Ahm1mbrrkL4XggZ I6+9CogmgaW53m9kPsyqvUYHeABcsg8CSvObVh fyNc2eJ+lEjQjRVS3p9Awh3tVqqy4LCvAiKvxmPZdlpY7xxuSBv3bgB1WOo4ENihqRTAu+U47ynw PLriV0PrDsh/fA6QCv4Njyi4MEjBnNHtG1Ufct4XrQlju5wr/PCqmZ9G7/F5u107eIWI+W8al1sP i94heHbZPj9jrJ6kDMGwZp9cIlJIWHQyhraUVcu+ZllIMIHZDyFC939ZN/UfUvtamRN4PBv3Sc+k /a7nS90oqgJCJq0SGH1+GgnsAvwF u2g3IrBw+7j1vtzhcSg+B3o HPKrSqAqT0H5an hInm33UAX8Q 0rov648lXd9BI7I2bfR5cvjQOE4C9aNudzRtNVu8pMYDOyRGs529SJTA8O3eWlJeq+z7XCdYzctJ GtevEDSQN1fQq FR /qSZuZ/4R015EZ/7M1QP12PyvRPIskUHmwvZYpRW67kgH7WtaE8Snlrh4JJXh Mc2fF u1+lmPKFPmambakxYRQbvtiVjKdokaN2TJix5nCGzM3zf8ay6BWu1RQ5Bznoa41p6n1Adew 6A87GjHGXVp5UeVRk8ZLaox8zUHg6ok9d1VxwIW6gKegnrwUCrL0F8tjZYJi6wNyvNULXselJJK3 ltxvDq WwUaFGToZ0elxy+1mB1KU/XAQkuNBkaRA+BqCXmUQYLQGUiOEafSAfyIy29UKTvHqyC5yN mGEJIeJX7oiwsJTFbLXwI3aUqoWVWEbyOUDNqX3VkQJNA B4c7bJub8XYtULG7eYKK/gytrznsZwV jcsnuz5a UQtVL609axWpbOH5VV6m1XU9bjPqtPkW vmExblF1zNCfELdYE6dzYACJjdrD9hG4hNVz 0LwFs2JxafGDuz4DSYM05TeLS508H9iZ4T CIEBwTf/dEhHjIAVB +I2OrymcezgLXivGGGHvb19UC YUCowBF3S2bumOhs3y4jOsgc /bngxLTmwthM27+bdFTzjGc8tYsPqz4tgbG68eZijfXh90xalzu3 uzvJ4GZNFgVSiLmDdb5IlkVpTDP08XA6qfMI3qagsPTozO/1KZDZGZg3V4zrdb0QNyrBKvq2izvR ktwSqLULG9pRPl4lTblUWtRJ08TDdxVwPgVqeqVQWRVK4etZ9X/uFzb45Wxj2Y2yC29XMKwPufQD WQO2Dlh68vkYioiMAXZczmQca/BXfzjiMScWnyDcnvfzVS8oDEvTDAlW+hhavZjbHsNyh1EIpFyp p4l/NJPt/9nwj4FFxB/kVnDSYuOJ6IY3+wdc78KQds1bKVyioHaz7QVzv8qg96ut2PqGyQQSQ4Y3 XpMoQg5xCPq/AUz/tFVbqPdrQQDY3+axYqdiJq5RbHsTf2+wRhAwvAGkFw7yZFkgU+Bn3yanpl1Y A9GpUvGrwY/79YxqmXkoaa0rgy0gwHJ7Sjdfu9Qki/pBYc7Ya/khhEvfM2I6svozixL9yn7nJ3uD 3/xPe2AkiU4Ual0jx/o5w084U6kA+wdcZ2aS+3AafTnZAwXeTGdcZeY8iKEpY1LeWEbbcXj/o7dp oQ2EZc7tC4PpINLBT/vd8NHHIroXJha/dqpLKfT22364qCzPgMjGLcWH3P/sVaoHauMCIebdyZQ2 bcLBpr7RUzeQEpNjJLvaL+SZ/67rf15U+rtcSpzBC6RYxla1kt+aoSVw5DsHbKApdQqsRSRABRi3 dgw ITM81KVvc6UaguoFH6C89BAglDKCdm5hBI0tO3cErPiNm4CfiCIi7MNZbYjrhXAqYlukVRra5 sDepwdEu9TzB dcDrfNIAfV8cqrtkoNMJZsi0wSY7kkt9HM1CXx1Nf83n0Bk6LxcRrZNE0z2W5f5n xHxrV+aOvKkSYh9rgd8TMWquJHp2bt3TZpP7eaobfhPbPgNWqy/s2ZB8/bzKPFV/Kcji7I2 k+p/1 crTT0PFG+iyd6ohHxRxB sqZkGrwf6heHZF5trc26LAgK0bAkB7dyy1BCuTVXFOaIbFSRTFCgMuZH 1Vr SK9JSoflAngAm9RpQjPkmhS2OlkTkpF2bMFVwbgofg8xAzV/o+eruYNFufM9pxIt03E3f0lOJ 4bOiZT2bV4yRNRcjvB53NFkRAlZ/a4yn9CTroGLRETT24KW/4TC6/1TPwtV59IMXPBaiKma0VOS4 e/mMVc0XK9LaEU8HJ5K+GYB4pyXkncuvvOgivkJwIXbRYlLuaLSBr9K9n11w6/E5 ABw5OicFKAvd J9u/tF/I0vUl9zY2 Hz3XldOiXGJFURfmMlYtxrTuEU+4B 1aG4aSC9VERWVyiAwm9jsVAIyub+zsT cBvCfbjdVAP+4chphN8aKjva1YDlrmLR4QqPsrZmkGqAUerTa6 TrzCG49rTS/VUbharFFKXQS1zf efBQxHN3i QFl9W6r/f27bL4uYGfGd1BEVkTZEoyR/QWpy4eksQqb43hrFMvIla5BVzpnz+gY3jmM WQn4HvHuHN2YGSHcY52OWewcipuz9tLzJb+msMhclNrt SFi6cvUzSzfDEBlsCsccfE3T1DVu3DwQ PiEPzVQPilQzXD6RaMu4haiFgvwc86dVWDy7MDxhnc88djrz2juf3mnG/K1Gpr8oLdgiSfZka01m usdd3JgNqmfR7eoRpQ7fFDfdRBoMa1kMrwAQnOcPmCC7ZgoiR4IV7tysTdnTbTdvUos30ysgjxTM YRr0oltE51DVv0v3fNxT/+NxB zv5K6vIyD /ChlBJlj9tOVDAweo2ZpPnkMrTPGtPcp4BQGAZCCWK 4ic0IQyAeeTh6rdAqoLyefD3IlkAzBL79dPy9/+Ja0z0Cse9qL5RXowSVlrZejagTdgzEWqi3kE2 l0ngpsBk2OmZux0CjnrCthwDysDvLL2 Xrycq3i6r6vmPLec6Lph/7efuJhKSGKYXasO rSFonkNpA nG5sosiW9jVEwzJptVISZ7M+eI8m3UuAB72igVMAkVPm2X4qKaQu09fsV9zjD6/cDpQuBDOh AuwF leuJpfJMTisBCxZRA5R+lDsUxyjINFZq3YltcWpwVpJLctBf0CBNuTmjtiQ7miWWkrAqgZt1VaZ2 5MUp8 ETmv8Psc/bfswuEUsET+iK+82D8ygDYIugRtFXs7KNkeSNjteQ/hF7wG3c2RTXfY0sZU6lk 4r29XARb0QfOV3FqiXEV4bMYcbSZk1d1rGaQcvyPuYSgfZ+eRhXVTP5WTVEJjQa/tLNzDauXao4j ej5qE0Akm8z0XsYOC ObpbxAwn51zUbXzLr/Qg0X3SBx2/sh4Ji/b4TT93cTjPc6i2h oHSn VXVmhI mzsK8+inNaxHVCqIUBVzYgTWKOlt8ps3USr3SZgT3fFpkfzT2Ta0Os2FoTnwkekco+c1gMV9M G4m mooX6uVIbBHcVG T2FQLd/9y3zTn6ukCFnSGYMgbc NfVqlrGG1x29/ZGy32HL1GCwqS5VtcITyL2h 8VyGyHdgNfp gETUCcgCHd5UKdNFGxEdJz/CDBgubQHgzAszrSTBf6H/TXp8NLMOV25JQm13uEJoT bbAkFsOAdxH/p0OAnJCglUMwPa1QIM+ryldZk91L7OFr0qHFJmTs/wOKZWIPTb37Jax4Gzz7wIOr 2s1sdS6LT2tuFph0o47SVzgfFalYubiheKpbc1QL8j6asXQ5iF1i2wQzag4frDVneN9NlsQzFLiQ gYIN5OPLEK/XEzIQx+dp6mFNoDnm98YUboW2v8LaneSU0v1gbu6vIWUbx1rh2qBhGpqvajFlwcXd jVTGegxvJS8j+suu+7saE+oqK322ffuui4 FrBdhg3es74dwpw/G3hgacRMiyTYIOh2JjWxcIuFq3 LYBg/7ukgI4St6DlFDzt9t+PZjLfhQ1ZhBaKwEfdtyI2QqTrgxXly7vP0LqtKvauS6e5cW3CA8Vk sATgerPA jUGZTgcquS+PYBWH atyAqldkzjfi8qGXfB+hqrpmLdRsG71NAGXhRI ZggtQDTo5v44Z 3 LrvjyG XuNvmABzmv17E9QsF/WER/TjZE+Uk/pc6HM+S fSqB9HTaz6zup bQegwmharB1CbCvbZWdH A1Vwp4cz2tcFTDhKWcKxu5bJUOLpUDYJJP2NG+85zC/pZZEu dcfnpUYZ1tvKUjLSl31lmRGPkus6 oQqNFYXPt0QmjLRS3bYCxKwz3DZoWNhhkAfHq7LOmXJFy2pc7bdx5TwIWtjLOY0gEejhpgAU4BNb DeJq3z3zp4Jtqn1TXK4t4Cx5t4jxdBqWogFlrgZnlsaCN7ims7vPXKZWSq7TC9/C070+2Jf0nnpU SBNjxcX05cqIYaRc0tCy1leRpzCFnML4XWYAgMK16Xtq2gkhtyu1iUCmJ8iw3eJsfYr4rxEPotXx 2PQ DmpsAATK4fno6CTGJVCgiZmORn5Dqc8DrRiK7iaWGl8zyjgxZBo7l n2FrBtYAOaahEwqsIYJH x/wxwd9dMAD/Y/7NAXFriFjq1eGm82K62DfuGIq3ICXV8a6EvXzp8uUXc03haHTaFpshaFeikFT3 970DDa/jOVx7QfON5MBeI/zsPTq3 m5tA11zmsHqNCb+5iWp+1/fcLBj/k6p6lykdq 31E3KXhKzok JGXcZIr2IO4aI1KyhnfNcLVvQTSNs+jgv0oyjeavqoqvo8n7fx37Vh44Pu48G12Xa131vWP3Gdgx o8UhbTkskijdXj3QbDJ52y1huPQSGiIWoCVnLuoNlhY+2E0ELgwOWadnO/XFxE84R/y6+4z1zvlf tNQBCGbl00e5w4BVY/nlENelQ6MJqrDN+me2BKF0kv5fWOyzZNTKCfMsiYlXWAcd2pMq3txUCbWX Nz4sb1qJY4qW9aE6lR3HYKD0Ioybb+fzA1pDpWgovp01QP8l5oNTBl+mHx2bgzmLR7DgbtAnJGRz XmEd80cTsEk++VhcyzPijMvlmS52SvM9/dmVmEPTUre0C94HgUPkg5W2qH/ZWW3nwrYb55LILcKW j9y5+KowkNorNwxFvSMozS5kbMLToZe62CWahx3fQ+jYOKlmcnDBvWQPmH/W1KUEBXIts/3Fw146 Snz71DVnYHv7LK6Gce8rinqGs0lqNzlcXMKS/3tKm1XpaeYl6WpNwrrNpgvW/4ZJjcZl8mxWSl9m ltthxAohXMBBwBsJNXYcbc4yMD7WOki2a2SUHjyddQvDmJJmN9NUntO/q+Tm6Rnm5ODblzwD6yTU q6XP0KTkX/Jl5UUuLS8oxUr8As6Zfc6gzfLvmjEthubmioEy4QYd TP7iICHABVXwQrHv5sxdoHuC K4v21rs975TmJmxFmdyF8iIIDRy4hP3OoIc7XiJwHCkvYWaSTE9UvcPrEqY/aM9yjsr3z8 IBsQ UD NfaYoEjLzt5q TwvwPCNC4vNxxBybekaS rWCTayXbAXSXxzwucWEE5SbUqasp4jHXEXjz+BvZ3znr LBK2Ne/jepZG z8q2Q1MIdER SD94yjKvkPab9lZvuXQezAUAM5FZPm0RpxTMX+YWo1vcKVCclR68e II7RTPbsLEW2XRZCKrTPu0J5hEPYGh56o6KuXG19QdLFKRd8/XC47I77Suv9KlRdRBa5zR670iIq DLse605H01g1vqfHkhwYRbkzL0frNhaJqnYZdgq3JGG0kgAKqVl 9x44OvKUmm53vJo+gOSlMga67 KjqdOqHKZty1amErcYvBCC9GZdWrJH/sbco3cljz089uFGOrI0h1hB1dUB 6OLWMLOxYZ8pp1tuJ5 qQGa6EWsKxopfeiRFCOOz96Nc5d8Op0o71leSs+pm8EOCnJB5 aeZXUHVrPoRN3qffUrcsiYmsv43 Jc85e9mUQFiSYw VgykXLkZcCBFvSjzZqU57HMngornKdB67+6OHm/DRELrZWRXf74N+OsozwaCf7 Rf9Jj39haT2V4OhsDeha62vtL6GpZT/YolXGkSx/bcWeEAwHbe0d9dbiNj1S/Sqdb1kUkkSHe9Ez Ap2aNuG9dIM08Xldk6KQi0tyGqgN5VLEy+qHiaB+VPrSqTMjLi8x0PKoW5ObE/8yRxYeeVHv72R1 Po64rYSoJR4b7fW3+ZecCwh/M1OR9ColJSBJEJ0vMcR/iozQZuvuUODGiKFezBbRQGbK6KLZrZ6k yOMxwT7BVSiybJvD0Ya+yuGc1YV Q3G9w/lVL9bu3mCU8ioQj3BPn7kCFmouB02JKAPWswrNbHaZH EUuWVkzAo1QqW+hJKj35tlGADQG2yD0RLKdWXlD8z9xgbu892jMg3f20curcAKBvB50Cf4qKP++h fnKt3At Zqh6+l3ErydQH7ugeesqlnvKPjR1S2l6yoE5pP0vS3sGxB6r3X0nKfjhKF5EZi1LRauXT gqKfJ iHzset S4NRyQnPD3O3t5bzfehA53THeF3LZxMv5U25TaEQQ2JAReGBx7KMExBNESFQ+fA07 iGDHdlDukjb2O0Us6VE3T4BHPnSsD/ZPVDxRdkgprqGlWhEZi08nwHjQYiVvAPvu/ZxF8PEOtHaG HeVusa9ps7rgXdifkuBd0DBOEdW/fQlcXFQYqmUB1gY SR4L/QAHAVBcmpxNCkiVfLfftjQrCbLFY rgtYx/pmZuyntgy HTYPQbj0CfAOEyYTxl/DYToHblbjt 3bhoh+ICCbMyJtDUKc4KoNDpA4b5Bvi9 ywsJPPR9jh/JeCoYw4KhRx+ln3fSEVD49ia2QaSUT7Z9XzhHcCJQLSrt2bpFujP7tEfZqsD5a9SU TVlk6jI9NF12oYVkLAhHbKBOUqFwLMwSRpOg9jDaY9jpm79AQpOOywbCFz7dibjjtX6eQNCREqLs Yd93ceukDBzsvz5lWHZDluVtBdN2t kD19r8/uBtN8RR5shBeXo+P7pdA34DQOBVppfMX/lKJ1Pun twPLp4OjQ90FleRnBKRO+W8OKT27Sb1Dy oRgGmpq1jUXu8l7UNcEeaFJR7PGY K3JkxPP2d+hz1a9 Tq9rcHJ1sGtzU2Ei8neS+GcKCWqJeGxKxPPpVrNOo5vEYJwZhU10Iu0NRroxrUzPXm1ifiRwemK9 z1HWYYNXFrYnkL+5yU+8mEnkmXOhK/erEZvqNhGxIV1cBMi3qTYVrpu/Gq5Uc TaG2G9qqO7P8Ga C Waeh zhQriyAAUDCuiWSMj3X5JozJBFyh4ut47Z HQy9LOx1hHIWUGXdcVrLiQqYWi9ICHuGBj5EtB M0BWF5WSqHaOZ0u1/4AY13u4Zykn7Wr0DataHReLQgG1sdt4WIK2DGwH232WgBeDGvDn8Y7igH3X COeBUDudWIsFlSyHtw9DZImW161Z +goryVWWPYvPlrodL7ZxkaeiwuWKK5CKiy4zYptUwj9uoJPQ 8wR16R8RjOqXo9thr4O8jdOMl0VQIXUpRmstlslMDr5hbXXMMu8f2Dy4BSHkZtYo/o9iZZggjGWB sSJcLZFpPR0FmVAkxQM6v4eQWvETFbYWyiPKgJtv+KVA0y3n+qNoj3elcuFJ6dpOdXZO9FrnsboD eXAv17M9UMXaESoKveWVZEh7f+6m2m6spFJmhjTLabN0+t4CFLEGN34SlkoXpnQIG+qtBUdA4qft mchYnw1fIgFu1KWW8DfAWZE/O5REhpMQN3S2QlTZnovZp6iFnKjEKvLYr6OqZXNQRf/XtAM+zRSz 7CjjOky+6NKanDCMFfhJuFxRVjiFmVda4DTfka75I/W9wsn0Ty8Go5muH+kMtVKkzJJvh7W5RBTT CtXCAcXRkeYECiWJBBLw8YO9NLZZi at0Cblt/l6tCTwZyR+SnY dnY1foO4tgD030 mtpKooukwHt+ zhUhYDtFOQDdJe1lF+7uB7RewonEegZ/IPl0wJi4Th5NF8X+2h4Zhr/ORPnGeCmsd8lUIFxEOga/ QtK3CMoT5LBTSssnK9po2RTE9ivMtWeTBA0cMs55PinIRuZs86T2Mpc5Z G rqQ4Iue7Uo0/+z0/Lk lOEV7jOQHYSWqPmW79UvslNvU4wxFTJl4GvWZ7AWEk5+ySKL YgRTc4E2PRfD5tR1g8FK9ssMDvY7 Sfp5thZWv wkBuqiDDaNMqKbxs3UhaAP+tuMnEgz1PPU kppRDVx62RsySbehxBbUxWA0KGa1qU96B j0iCZKoEzBUGDZSO6fc+yKiCAePEyTwnZqGVNkTqgQ/+WriTqBVqprHSjWotfVEiK3don2b6Uq9d GiK3l+FyJJLQF1fZaSwqEIAZsFY0NXyUe4s4WmJYNZ10sXHjHNAK6Aaf041xelKcV8tVIDLeuWI+ kXbc44ZD6A+vH6TQ9wgLCJ0KmugV3SB9sXz+eEtzxFSqqOWO/f74zzqaFOvZ0LJjFAZ2GPzPYZgN l9qL31A+Wu4PRIP152opLaxPqBFdO/YlwgynaDHQKhGHcWCzWWmEJ Cl3PAff9ezE68CkeTihzOO7 bBD77C/DJ7psf+yToP6boXkAHUdJiBLREKf2MHxynBzbtt3HFjtXNVrUPPbwvPWjPfazxaDc8+wY 3Gz K77+neEiLRKVVtQXv2IhT0GDVA4Q1C5mu2q8/TSxuV245GCsbIvWCerbt4bA8kmnOAtcjRcuC PYHOqbY34vM0ySSteeyqDLwR7Tkfdp8dUpkEYsaw4ojJqAfNKJnSMAgBJQ2d8GKSZseIXhrOYqUS bUBYCg3s/Mhgp8NABtk8deud36sDwC9iy+7CaWeKPCQsopal6Uk2YZ4pUcPJ O3c/mLjnahq9H0dG MtTpWr5zLNNiGfKJBFs0CYoi3EUhODxQ+n0cLHI3d/MRxECOtrvKY+CfygU/aET+EoAxdpikIzNu qBKVAN7DqjXYNiK75yKP5rVOh ru8dCYHp3USgiqTLwtNLxKZiZVfs7HtPD/LfRVgCXPql2j2UeQu sIUgvIODVhQV2EkQb193CAUILZqphgC0qpuUXx66gAV2oPqHQ+iu4A+laM73Trv/owS5OVFXgvRV eZvgjn35Ry9wZEdQtN6nIVu3fUHAdL2bZEj1w9WZx6gQX29Z4nDxrB3E4SSnBxmi3aC3lZKmMUYP 1macqVIPc6wkmKV8mDzBA+FZWHCEvObgzjuV24L5+FAW4BspiuYRsovJFX++kWJ2fMQ4VLtwMo+z lhQN06sKVaJo5qciEaDQltwFp2SQnHYY+8qk97SiN3yEed5MWf+l6iDeyVeMU3dEZ7yRJ/2NhTjc i/xKBfb4FNBTFbXZ2JAGluBUVdiTMGP1lpbe/88aCGr0vIzgAd+aQKbvJLLxyxc2ixZ6BH9FTmVY vYJUvH4vLJn3XkH7v+L92e7o 7ZSRCkQqZTsy+9Hdz26Ha05Cvhu5HMYkXYkq5OmYAPbjIwe3N/7X /kpVNEh4Fc70deLniBcfzUYqX0gR1lsdR2GpZRvtTD75YMXP74f8H+KnSwbm05c3iAMSKO8VbFkr kusDvwCcyZTO AgfcTOhBN1K1xWui+5oNbyLuVtCNx97JAw3G7kdaJT9qy74cNw0O9/bDtFA12aJN yaaFanldeHcOgzJ1GpSpSuRWEzywcCs5lcAVUvIkPJTL 3N9gVEEbV2LSU5YwDPZZXAjRJXVaucfo Znny3HR4MzBFoe4sSGyjzylNMauwKht0vkl a/vV15yF5OZGDII3SYQv7cHZiovb1zVo1+hKECeph io8asH+mbCXchA8xVgjQM543258AM4107PSLDGv3y8JfLjXm6fao qcrUKlK+gj92Z9IRBSrgs5r2 WBrneIkzUFsa3O4gsxP+ pD0qncGz3HsIbdEDFDLLt1lXJb4DJmffXADIkYzl+VnrVlt4vHAWw/4E Rtau6VacTsCWQS+3HrHL/+e/v34aBM68Zu9u2tj3CmZ6k0/Ih3sAoML5 fXdTikPy8TGx31HfHpEK MKnCjVKVB9qIkqVx3318/U3MPXu283f3hps9vE9vTNnmhpkqCVhHqv0QX+pZ3IYuDVTvulL3I42/ 0HqMi02FlzSgN4geen74fd+lKUm39zyXlyr zM7AxcMXHbwM378b5+gcVVeVhN24FZ4s4cAGMfvNw z726gizFIiYT0bCryl9cVPN2wbVgXNOjpHXX9IK61IU/Ju7h+nyEseVLQdISzi3RrTXTTQLUW9ig J2VRccFJ2hFQ9Fco6qoaTPpopSB3WlEIcVrbABt3FEXKGn5/boQum0magnX1xIFwN0qtVlWHHQgx 0NwTZa0e/zzzb4pfgDjGun3RUavPmH8Ow1WuLdJxE3gLfloFJSlhQN1jOVJNGeMp+yujWXrfHRbX p94sMxBxh3CSWYFjrGr11+06SgiNLQS+nitUABZaAPqfYUqh /ZlQNzWA3ICwcfJQuMo 0vN4P6rsQ 4BhBugo6A8irbHUzZ/0OCoxPUSCWWyeaxFPHM23ecB6J9Q9XO2vjwK+/9mcLsD9nsiovxagkEgeE 6K sV6nfs7g2CYeKvbAO3X/t2FZ7OQZlbXXXEydWgjuYH4xwY+P2NT3u7BBtDvL+8zSl6BqXwmWiK sFzrb2OZN0BrZrVQ+4ZucPX1ppx4b/uGepG8Vrd2wRH+YdVtnUHqFUeX1Yrcyr CIQQXv7juvo/Wx eb830kEXVsbJYcb6VtR/CmGzzTabzbrIgvwBWBrf0PuPc2rddIWamkOfNBZmf3+FNfqzmb0riQfn qYEqgGoHwR6uQg9 0NxEn8Ddt vZmbCABSh0WYrYJGF6pF7MGuoUxfMDV9r9nZ1LijJNiTgLSBgPRr wp9kPmhON3dg/DO0F/3kyKVFjEhLJpIxZpNdIXZkjbD9RW2IM5q2toFoIBgmq5ywmTRwyKVqcL54 wz/3+n0oeNO4eOh5sSA9vNvU1s3CaonDcLrGcbO+fiTuMG8qZL+/pAH5y0GkSteRZBzDe2pabMQK y3NL6mrAHtN6XXFgG6CUg8K1V0+8qRmEn COECm6RebKdS+iwPAe7wTaPuRv7au4GGQiLszXfPHoC s2VHPP53dbdeK05ijDSrOaUkmd7H7uyUCSAcq6SJcVVdaU9Mign3HmTz65sOAr9XZildg7wcEsq6 94iKswfw2W3pL4q9OM6nmlyc1lIFlRtUzn6c9cXTRLcVBRghE/d+Kw1b1SBp4MYQuw576brmowW8 kRGMuGXsrCeqZn5c4Ju348sGfY5/FFvDW1IZPLSlNdsKtPDPHpcsUEzFT8054h++YA2cy0YLTadN hmVtkpOdyX2a7vJnNcAirx13DGPXvzRQXm7y8jBJmg+VbXKxX90tf78pFbhv5bTCUpROm1gXOMEF k3VKLu5UnL0ItbMTUtLYGmdwOcwjrRZ1wZTFJ7JKR5gIhnMOn78ttp08bWToY rxCvGw0IL92ojX/ oq2dlIjj7bw/ALjdkWk/WgCwoK7+7UW2A5xj/Uzi gJsnwq+9dfwtfkl9tVA5Q2vPL 4wEulE2GHGm 2zniUxn6w8g3qnUGaRdjfQYoC4BktvYUSXUHLY4dciyuJAc5+F1R IlrHpY1HDtBYm9m/ bw4qAJ89 0lM8DlMKiWQu4lhsqWanlq3mQL9v7+BhMnXjntGtgfR/mFc3IXrwpmipXmJEG8Rdja+gcrRmwzgQ ALM /6B+O6Wwu6+WNvsIwB1dM4CipaFVL xOF0BUmFPhO2RIzWak0d01I9D0arQRCAS/e5wI7HL7vF PVMgvEq+DBkLMmkXRgX7b91mAyVomhMOvekzf1N5XQ79xeesoajHUlGpmAxOD1zo8cSim 2O6 bQX3 EW+QcDreSdP6H+IbIZ64nx3afaRCL645wsRC6+77R2zfXaONEbsKWSUfdV3JIBPxUizyXvNkyZpM l3EaoJG+7Zn mlJAt5PyVv0mmm1aI6gyjA8zNp9w9hEz372KAaipHxE1IG6mT90dBtaoCabMfeXBX 85vCEX2kXMHvNskPgtOdQlaTCQHSjYLZzG7pXtOOt kdqZohKAur+Hd77ejgxXrqQqCyybQHl4Uh+ Uoszt9kVZUJ5P8tm0Tt6Mm61utHm2L9QUT0UOopXUCe64bcVh6a7Z9fyOXW3N8lutlnXoToizbhK suPQ+dXkU349gb24hAxxmblkv9ww5i8/P7pNHMVOr8WPzCyCeSPqogf9tFqzISoaJfSTl/jRjtxz MBGMyWLN0puWNai5wvdPWnI2V8dwezv4ZKoW2ymVJo/H+QTih+XYMRbDGFv5XqyNlSWyzxC1GO9R TBU1PLj+et6JLVkdVSZAbVQCLrD3eO3JmSUWCmSUhykUAnmudMgupbNTL039ll8EdjAui7sZvaAK U+/64Qq8KkGIJSe3e0pDkCCfHzbThPt3DxYX9cu8fhC2NbX0kxsh/NwS3hWqYNIaYUNf4LrRGQAA AAAALNtQACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAA CA AAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAAAAACIiIiIiIiIiIiIiIiIgAAAj////////////////4AAAIf///////////////eAAACPf/// ////////// 9/gAAAj/f ////////////3/4AAAI//f///////////f/+AAACP//f/////////9/// gAAAj///f//////// 3///4AAAI////f///////f///+AAACP//93d3d 3d3d3f///gAAAj//3f39/ f39/f3f//4AAAI//d/f39/f39/f3f/+AAACP939/f39/f39/f3f/ gAAAh3f39/f39/f39/f3d4AA AI9/f39/f39/f39 /f3+AAACP////////////////AA AACP//////////////8AAAAACP//////// /////wAA AAAACP////////////AAAAAAAACP//////////8AAA AAAAAACP/////////wAAAAAAAA AACP////////AAAAAAAAAAAAC P//////8AAAAAAAAAAAAACP/////wAAAAAAAAAAAAAACIiIiIgA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///// ///////////AAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPA AAAD wAAAA8AAAAPAAAADwAAAB+AAAA/wAAAf+AAAP/wAAH/+AAD//wAB//+AA///wAf//+AP//// /////////////ygAAAAQAAAAIAAAAAEABAA A AAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA AACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8A AAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAI///////wAAiP/////4AACPj////48AAI/4///4/wAA j4+IiI+PAACI9/f39/gAAI9/f39/fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAA AAAAAAAAAAAAAAAAAAD//wAA//8AAMABAADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMA APAHAAD4DwAA/B8AAP//A AD//wAAAAABAAIAICAQAAEABADoAgAAAQAQEBAAAQAEACgBAAACAAAA AAAAAAAAAAAAAAAAAgADAAAAIAAAgA4AAACQAACAAAAAAAAAAAAA AAAAAAACAAEAAABAAACAAgAA AGgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAFgAAABjPQEA6AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAABAAkEAACAAAAAS0ABACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADQAACAqAAAgAAAAAAA AAAAAAAAAAAAAQAJBAAAwAAAAH NBAQAiAAAAAAAAAAAAAAABADAAa2VybmVsMzIuZGxsAExvYWRM aWJyYXJ5QQBHZXRQcm9jQWRkcmVzcwDpvb7+/wzgAAAAAAAAAAAAAGlCAQAM4AAACxck6f5A2xsL SAs49PlwCfQprar02kgR9La6nQuC5VcIMBA3/WfvxQiviNQIdjfr9+L/CghBGN0I0egSCFwu8 lBL AQIUAAoAAAAAAAMtDDON1jMf62QAAOtkAAALAAAAAAAAAAAAIAAAAAAAAABtZXNzYWdlLnNjclBL BQYAAAAAAQABADkAAAAUZQAAAAA= ------=_NextPart_000_0014_439C3E5D.70782C40-- From owner-ietf-openpgp@mail.imc.org Fri Aug 12 03:55:12 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3UNj-0002m0-ES for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 03:55:12 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA08951 for ; Fri, 12 Aug 2005 03:55:08 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C7ZGBg057374; Fri, 12 Aug 2005 00:35:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C7ZGGN057373; Fri, 12 Aug 2005 00:35:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C7ZE8i057352 for ; Fri, 12 Aug 2005 00:35:15 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 5747B531C3; Fri, 12 Aug 2005 08:35:13 +0100 (BST) Message-ID: <42FC522A.5060703@systemics.com> Date: Fri, 12 Aug 2005 08:39:22 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: ietf-openpgp@imc.org, jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> In-Reply-To: <42FB9635.2000702@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: > I take it as that you advice to include preference=sign,encrypt Yes, that would be better. > Out of curiosity, is there any difference between > preference=sign,encrypt and preference=encrypt,sign ? I mean, does the > order matter? Can you both sign encrypted message and encrypt signed > message? (Where the later means that you can not verify signature until > you decrypt the message) The order does matter, but in OpenPGP (IIRC) there is only sign-then-encrypt. Other systems offer different orders. Another possibility is that there are two forms of signature - being cleartext and binary. These two are certainly subject to preferences so you might want to include them some how. Then there is the issue of format for delivery, which would be either of ascii-armored, binary attachment, or pgp/mime. (out of those, my setting would be encrypt,ascii). Some or all of these may be expressed in the preferences in the keys themselves in some sense. iang From owner-ietf-openpgp@mail.imc.org Fri Aug 12 05:51:08 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3WBw-0003lR-Es for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 05:51:08 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA13668 for ; Fri, 12 Aug 2005 05:51:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9ZJgA084187; Fri, 12 Aug 2005 02:35:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C9ZJwE084186; Fri, 12 Aug 2005 02:35:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9ZH6B084179 for ; Fri, 12 Aug 2005 02:35:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 714945323B; Fri, 12 Aug 2005 10:35:16 +0100 (BST) Message-ID: <42FC6E4E.4030806@systemics.com> Date: Fri, 12 Aug 2005 10:39:26 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Len Sassaman wrote: > On Thu, 11 Aug 2005, Ian G wrote: (Does anyone want us to take this offline? Just shout...) >>Right but this needs to be integrated into the >>real world. Firstly, what does that signature >>mean? What was it doing there? Because this >>question is unanswered, and I'd say, unanswerable, >>most people (in my experience) don't use signed >>email. They simply encrypt. > > > Right. I'm one of those people. This does, however, leave one open to MITM > attacks -- which are probably not that large of a threat in the general > case, but when dealing with centralized, proprietary IM systems, could > very well be a realistic problem. (This is why Trillian's SecureIM > solution fails my sniff test.) Right. That's an interesting point. So GAIM uses AIM which is a proprietary IM system. Now, if that was all it was, *and* one assumed that MITM in AIM was a real threat, then this would be plausible logically, but still weak in terms of validation. The node threats are well documented: they are the viral and spyware threats on each party's nodes, and the party defection threat (your wife takes you to court, your boss grabs all your messages from others). So even in the face of an attacker who could conduct an MITM at AIM level, he still has better opportunities in keyloggers and so forth on your or your counter party's machine, and he's much more likely to go for an attack he can blame on someone else than to drag in AOL into an active attack. AFAIK, the TLAs will happily insert viruses and keyloggers into your PC, but they won't do an MITM. So why bother to defend against an unvalidated MITM attack and ignore the validated attacks that the user is actually having to deal with? In short, ignore MITM, or slot it later on. Look at what PRZ's new VoIP product does - sets up a chain of hashes. Why? Because he's been thinking about unprotected email and PGP email for the last 15 years, and he can see that MITM, if it exists, is a very very specialised threat that does not effect the 99.99% of the body net. (anyone found any doco on that btw?) >>Secondly, the way court works is that if one >>party tables a message, it's generally accepted >>at face value. In practice, the mere presence >>of the message is its own authentication. > > > Actually, rules of evidence are a lot more complicated, particularly in > criminal proceedings. It's pure speculation on my part to assume a > non-reputable signature on a message would lessen doubt about tampering > when presented to a third party, but I think it's reasonable speculation, > and a problem worth avoiding. Of course. I'm speaking from the small experience of having seen several (digitally) signed documents being presented in a couple of civil forums so it's an empirical observation, and there simply isn't enough experience to deal with this question. But in sum, the digsigs were considered "mostly harmless". At least, whatever view we techies have for digsigs was not matched by the way they were received. One of the reasons is that neither side dared to question the authenticity of a document that was tabled, signed or unsigned. That's because the risk of being shown to be wrong was extraordinarily high, so what tended to happen was that both sides said "they had not seen that document" which shifts the attention to whether the doc was seen by both parties, something that the digsig doesn't cover. >>>OTR allows is users to have strong authentication of encrypted messages >>>without the *additional risk* that normal digital signatures introduce. >> >>Turn it around and ask how important strong >>authentication is? When was the last time you >>needed it in email or IM? I suggest it is something >>that we inherited from some military threat model >>that isn't really relevant to our environment. > > > I can't agree with this, particularly in the IM environment. It would be > trivial for one of the large IM service providers to intercept encrypted, > but unauthenticated traffic through their systems. If you don't trust the > IM service provider, it is essential that you have end-to-end encryption > and authentication. No, this is all based on conjecture. Normal rational users, if they don't trust the IM service provider either switch to another, guard their talk such that it doesn't matter, or use nyms. And, practically speaking, the cost to the IM service provider in challenging that trust is way way higher than any plausible benefit that users could lose if they were MITM'd. It's just not a threat that matters that much, even though it is trivial to show that it is possible. Covering the MITM is as relevent as a bullet-proof pocket protector. Nice for geeks to own, but not a fashion accessory that users are likely to go for. >>brought up in court, Alice might be in a >>strictly worse position. On the one hand, >>she is being dared to lie to the judge, >>and on the other, she's been seen to use a >>tool that has a sole advantage of repudiation. > > > I'd hardly say that OTR's sole advantage is repudiation. Transparent > encryption, perfect forward secrecy, Those are very valuable. > and a quickly growing user-base are > also significant advantages. OTR is a privacy tool. Avoiding the > non-repudiation trap is a form of privacy. > > Simply put, users shouldn't be forced to make non-repudiatable attestations > in order to achieve privacy for their communications. No, this is to assume that dig sigs are indeed non-repudiable attestations. It's very easy to repudiate a digital signature. You just say you are using some proxy tool and you have no idea what it does. The non-repudiable digsig is a mistake by the crypto community, best off being totally expunged from the language. Don't try and repair such a badly broken tool, remove it from the toolbox and throw it away. It's complications like these that mean that we recommend that you should never sign using digsigs unless you know what it means. And also why the protocols have moved over to using secure MACs, as they don't carry the same stigma as having any meaning outside the protocol. iang From owner-ietf-openpgp@mail.imc.org Fri Aug 12 06:04:41 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3WP2-0006tq-VS for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 06:04:41 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA14225 for ; Fri, 12 Aug 2005 06:04:37 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9eIkI084486; Fri, 12 Aug 2005 02:40:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C9eItD084485; Fri, 12 Aug 2005 02:40:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9eGjI084476 for ; Fri, 12 Aug 2005 02:40:17 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 5B8669BAE; Fri, 12 Aug 2005 11:40:06 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: David Srbecky Cc: ietf-openpgp@imc.org, jas@extundo.com In-Reply-To: <42FB9635.2000702@gmail.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jT5SQ3qhMHNmGSOQlTfn" Organization: Unfix Date: Fri, 12 Aug 2005 11:38:28 +0200 Message-Id: <1123839508.7305.13.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-jT5SQ3qhMHNmGSOQlTfn Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2005-08-11 at 20:17 +0200, David Srbecky wrote: > Out of curiosity, is there any difference between=20 > preference=3Dsign,encrypt and preference=3Dencrypt,sign ? I mean, does th= e=20 > order matter? Can you both sign encrypted message and encrypt signed=20 > message? (Where the later means that you can not verify signature until=20 > you decrypt the message) * encrypt(sign(message)) The receiver is the only one being able to read it and knows it comes from you. * sign(encrypt(message)) This allows one to send a message, encrypted to another person, that person sees you send it, because of the signature, and that person can only read it, because of the crypt. Advantage here for privacy freaks: the receiver can never prove that the received message (cleartext) was sent by you. The person can only show the encrypted form, which doesn't tell a thing, unless that person shows in public that the person decrypts it, which nicely shows everybody that that person is telling some secret from you to the world. Of course if that person doesn't care about the latter then you are still stuffed, nothing to repudiate. * encrypt(sign(encrypt(message))) Like sign(encrypt) except that if somebody finds this thing that they can't figure out who the sender is, they can only identify the receiver. Greets, Jeroen --=-jT5SQ3qhMHNmGSOQlTfn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/G4UKaooUjM+fCMRAr4vAKC9mI9HQU6CNEL68Gfa8ycoL/sPJgCfa8LU /INY5buvR77/+IhXVat2ieQ= =h3xn -----END PGP SIGNATURE----- --=-jT5SQ3qhMHNmGSOQlTfn-- From owner-ietf-openpgp@mail.imc.org Fri Aug 12 12:40:32 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3ca8-0006Oo-Kv for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 12:40:32 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05068 for ; Fri, 12 Aug 2005 12:40:28 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CGNBc9024233; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CGNBYZ024232; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from spam1.wiktel.com (spam1.wiktel.com [204.221.145.252]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CGNAjZ024225 for ; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) (envelope-from rlaager@wiktel.com) Received: from [192.168.1.101] (69-89-193-188.unfiltered.dsl.wiktel.com [69.89.193.188]) (authenticated bits=0) by spam1.wiktel.com (8.13.1/8.13.1) with ESMTP id j7CGN4OL019161 for ; Fri, 12 Aug 2005 11:23:04 -0500 Subject: Re: Applicability of signed messages as proof of sending From: Richard Laager To: ietf-openpgp@imc.org In-Reply-To: <42FC6E4E.4030806@systemics.com> References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> Content-Type: text/plain Organization: Wikstrom Telecom Internet Date: Fri, 12 Aug 2005 11:23:08 -0500 Message-Id: <1123863788.19609.9.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 (2.2.2-5) Content-Transfer-Encoding: 7bit X-bounce-key: wiktel.com-1;rlaager@wiktel.com;1123863784;geJko+pI3tp6lBy0MehgEI+YE0w; X-Scanned-By: MIMEDefang 2.49 on 204.221.145.252 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Fri, 2005-08-12 at 10:39 +0100, Ian G wrote: > Len Sassaman wrote: > > On Thu, 11 Aug 2005, Ian G wrote: > > Right. I'm one of those people. This does, however, leave one open to MITM > > attacks -- which are probably not that large of a threat in the general > > case, but when dealing with centralized, proprietary IM systems, could > > very well be a realistic problem. (This is why Trillian's SecureIM > > solution fails my sniff test.) > > Right. That's an interesting point. So GAIM > uses AIM which is a proprietary IM system. Now, > if that was all it was, *and* one assumed that > MITM in AIM was a real threat, then this would > be plausible logically, but still weak in terms > of validation. Gaim (please not GAIM) supports a variety of protocols besides AIM, so that does change the threat model a bit. It'd be significantly easier to do a MITM attack on more documented and decentralized protocols. I'll admit that MITM attacks are rare and sophisticated, but if you're not guarding against them, the only take you prevent is casual snooping on the wire. If you're only going to worry about casual snooping, you could just as well use rot13 as your "encryption". (Granted, I'm exaggerating a little, but why bother with something as complex and secure as OpenPGP to prevent casual snooping.) Your points about keyloggers, etc. are very valid. Richard Laager From owner-ietf-openpgp@mail.imc.org Fri Aug 12 15:09:00 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3eto-0007wJ-5F for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 15:09:00 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA12634 for ; Fri, 12 Aug 2005 15:08:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CImGIt034968; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CImG7K034967; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CImGDw034961 for ; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id DAE495326F for ; Fri, 12 Aug 2005 19:48:14 +0100 (BST) Message-ID: <42FCEFE9.9090807@systemics.com> Date: Fri, 12 Aug 2005 19:52:25 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> In-Reply-To: <1123863788.19609.9.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Richard Laager wrote: > Gaim (please not GAIM) ... I took that one offline, as everyone here knows 'the story.' For the patient, here's a link I came across today on OpenPGP's web of trust. Nice graphs! http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/plot/ And here's today's emailtapping news. The court of appeals reversed a ruling, and said that ISPs could not copy and read emails. Meanwhile a survey found that small firms were failing to copy and escrow emails as instructed. And companies can now bring in massive eavesdropping tech to catch insiders doing bad things. E-mail wiretap case can proceed, court says http://news.com.com/E-mail+wiretap+case+can+proceed,+court+says/2100-1028_3-5829228.html?tag=nefd.top Study Finds Small Securities Firms Still Fail To Comply With SEC E-mail Archiving Regulations http://www.compliancepipeline.com/showArticle.jhtml?articleID=168601153 When E-Mail Isn't Monitored http://itmanagement.earthweb.com/secu/article.php/3526881 iang From owner-ietf-openpgp@mail.imc.org Fri Aug 12 17:42:18 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3hI9-0004pE-SM for openpgp-archive@megatron.ietf.org; Fri, 12 Aug 2005 17:42:18 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04620 for ; Fri, 12 Aug 2005 17:42:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CLR2GT063769; Fri, 12 Aug 2005 14:27:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CLR2Iw063768; Fri, 12 Aug 2005 14:27:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.liverton.net.nz (beryllium.liverton.net.nz [202.160.49.36]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CLR185063720 for ; Fri, 12 Aug 2005 14:27:01 -0700 (PDT) (envelope-from james.scott@liverton.com) Received: from fluorine (Not Verified[172.17.2.9]) by smtp.liverton.net.nz with NetIQ MailMarshal (v5.5.6.7) id ; Sat, 13 Aug 2005 09:24:52 +1200 Received: from mail.liverton.com (Not Verified[192.168.1.1]) by fluorine with NetIQ MailMarshal (v6,0,3,8) id ; Sat, 13 Aug 2005 09:26:53 +1200 Received: from Spooler by mail.liverton.com (Mercury/32 v4.01a) ID MO005EC8; 13 Aug 2005 09:26:54 +1200 Received: from spooler by mail.liverton.com (Mercury/32 v4.01a); 13 Aug 2005 09:26:48 +1200 Received: from LIVE011 (210.48.81.24) by Liverton Mail Server (Mercury/32 v4.01a) with ESMTP ID MG005EC7; 13 Aug 2005 09:26:46 +1200 From: "James Scott" To: Subject: RE: "The OpenPGP mail and news header" extenssion Date: Sat, 13 Aug 2005 09:26:41 +1200 Organization: Liverton Limited MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <~B00000edfd.00016e47.mml.2667484233@latte.josefsson.org> Thread-Index: AcWeu3PfTdxmcvNQSLaG8fRCR2iXzAADKyyw Message-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-SecureMail-Version: 1.0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > David Srbecky writes: > > > Simon Josefsson wrote: > >> David Srbecky writes: > >>>OpenPGP: id=12345678; > >>> url=http://example.com/key.txt; > >>> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); > >>> version=GnuPG v1.4.1 (MingW32); > >>> comment=Using GnuPG with Thunderbird; > >>> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= > >>> ...[snip] > > I understand. Implement your scheme and write a draft about > it! I think your ideas are too far-fetching to be reasonable > added to this document. There are many details that has to be solved. > You might like to note that the IETF MASS pre-working group is currently discussing just such a proposal, called DKIM. This is based on an amalgam of Yahoo Domain Keys, and Cisco Identified Internet Mail. Refer to http://mipassoc.org/mass/ for further details. James From owner-ietf-openpgp@mail.imc.org Sat Aug 13 12:48:02 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E3zAv-0007JU-BW for openpgp-archive@megatron.ietf.org; Sat, 13 Aug 2005 12:48:02 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29355 for ; Sat, 13 Aug 2005 12:47:58 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7DGW3kc089883; Sat, 13 Aug 2005 09:32:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7DGW3wY089882; Sat, 13 Aug 2005 09:32:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7DGW2UO089876 for ; Sat, 13 Aug 2005 09:32:02 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Sat, 13 Aug 2005 09:31:59 -0700 Received: from [192.168.1.11] ([24.53.94.200]) by keys.merrymeet.com (PGP Universal service); Sat, 13 Aug 2005 09:31:58 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sat, 13 Aug 2005 09:31:58 -0700 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <205017746c17d274312cbcc628ec91cf@callas.org> Content-Transfer-Encoding: 7bit Cc: From: Jon Callas Subject: Re: "The OpenPGP mail and news header" extenssion Date: Sat, 13 Aug 2005 09:32:06 -0700 To: "James Scott" X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 12 Aug 2005, at 2:26 PM, James Scott wrote: > You might like to note that the IETF MASS pre-working group is > currently > discussing just such a proposal, called DKIM. This is based on an > amalgam > of Yahoo Domain Keys, and Cisco Identified Internet Mail. > > Refer to http://mipassoc.org/mass/ for further details. > Actually, you should look at , which is the present accurate place. The above will redirect you to the latter, but it's better to go to the latter. Jon From owner-ietf-openpgp@mail.imc.org Sun Aug 14 09:37:24 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Ifz-0002E9-Th for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 09:37:24 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26071 for ; Sun, 14 Aug 2005 09:37:21 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDIhWB075212; Sun, 14 Aug 2005 06:18:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDIhfW075211; Sun, 14 Aug 2005 06:18:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDIfHH075187 for ; Sun, 14 Aug 2005 06:18:42 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 781C633C1A; Sun, 14 Aug 2005 14:18:38 +0100 (BST) Message-ID: <42FF44AF.3050502@algroup.co.uk> Date: Sun, 14 Aug 2005 14:18:39 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky CC: Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: <42FB8755.40008@gmail.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign > > Sender wants to receive signed unencrypted messages. Why would I care whether the sender wants to receive signed messages? Surely its all about whether I want to sign my messages? His preference is irrelevant, he can check the signature or not as he pleases. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 09:39:09 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Ihg-0002OI-TZ for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 09:39:09 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26143 for ; Sun, 14 Aug 2005 09:39:06 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDOuSG077561; Sun, 14 Aug 2005 06:24:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDOuVo077560; Sun, 14 Aug 2005 06:24:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDOtkq077546 for ; Sun, 14 Aug 2005 06:24:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 1CFE933C1E; Sun, 14 Aug 2005 14:24:54 +0100 (BST) Message-ID: <42FF4626.6010909@algroup.co.uk> Date: Sun, 14 Aug 2005 14:24:54 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: David Srbecky , ietf-openpgp@imc.org, jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> In-Reply-To: <1123839508.7305.13.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jeroen Massar wrote: > On Thu, 2005-08-11 at 20:17 +0200, David Srbecky wrote: > > >>Out of curiosity, is there any difference between >>preference=sign,encrypt and preference=encrypt,sign ? I mean, does the >>order matter? Can you both sign encrypted message and encrypt signed >>message? (Where the later means that you can not verify signature until >>you decrypt the message) > > > * encrypt(sign(message)) > > The receiver is the only one being able to read it and knows it comes > from you. > > > * sign(encrypt(message)) > > This allows one to send a message, encrypted to another person, that > person sees you send it, because of the signature, and that person can > only read it, because of the crypt. > > Advantage here for privacy freaks: the receiver can never prove that the > received message (cleartext) was sent by you. The person can only show > the encrypted form, which doesn't tell a thing, unless that person shows > in public that the person decrypts it, which nicely shows everybody that > that person is telling some secret from you to the world. Of course if > that person doesn't care about the latter then you are still stuffed, > nothing to repudiate. More importantly, perhaps, Krawczyk has shown that, in general, sign then encrypt is insecure. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 09:53:15 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4IvL-0004Q8-0G for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 09:53:15 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26537 for ; Sun, 14 Aug 2005 09:53:12 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDdNZ0082898; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDdNA8082897; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDdMgg082885 for ; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 77EF65D09; Sun, 14 Aug 2005 15:39:16 +0200 (CEST) Message-ID: <42FF4980.3050203@gmail.com> Date: Sun, 14 Aug 2005 15:39:12 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> In-Reply-To: <42FF44AF.3050502@algroup.co.uk> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC47F4C96962E0B3469E8841A" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC47F4C96962E0B3469E8841A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Ben Laurie wrote: > David Srbecky wrote: > >> OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign >> >> Sender wants to receive signed unencrypted messages. > > > Why would I care whether the sender wants to receive signed messages? You want to be polite and help to enhance the security. > Surely its all about whether I want to sign my messages? His preference > is irrelevant, Using preference=sign he explicitly expresses that he *wants* to receive signed messages. For example some people do not sign messages to maillist, but if the maillist sends you preference=sign, it means that it really *wants* signed messages. > he can check the signature or not as he pleases. How can he do that if you do not sign the message? The same holds for preference=encrypt. David --------------enigC47F4C96962E0B3469E8841A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/0mEKLLFgC3GUjoRAknjAJoDkgzabJ05y2kTcIuISyZ18Skc9QCgn6mF e8h+CgLzi24bfXS5or4pHJ0= =3sC2 -----END PGP SIGNATURE----- --------------enigC47F4C96962E0B3469E8841A-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 09:59:14 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4J18-000542-Bf for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 09:59:14 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26731 for ; Sun, 14 Aug 2005 09:59:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDibqX085080; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDibb5085079; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDiaHm085067 for ; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6223B33C1A; Sun, 14 Aug 2005 14:44:36 +0100 (BST) Message-ID: <42FF4AC5.2020301@algroup.co.uk> Date: Sun, 14 Aug 2005 14:44:37 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> In-Reply-To: <42FB94B1.5000008@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ian G wrote: > Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. Oh, please, the meaning of signatures is perfectly well defined in law. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 09:59:44 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4J1c-00055A-Ju for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 09:59:44 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA26753 for ; Sun, 14 Aug 2005 09:59:41 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDheBg084732; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDhejd084731; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDhdgJ084720 for ; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 66ADF33C1A; Sun, 14 Aug 2005 14:43:39 +0100 (BST) Message-ID: <42FF4A8C.3060000@algroup.co.uk> Date: Sun, 14 Aug 2005 14:43:40 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> <42FF4980.3050203@gmail.com> In-Reply-To: <42FF4980.3050203@gmail.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Srbecky wrote: > Ben Laurie wrote: > >>David Srbecky wrote: >> >> >>>OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign >>> >>>Sender wants to receive signed unencrypted messages. >> >> >>Why would I care whether the sender wants to receive signed messages? > > > You want to be polite and help to enhance the security. > > >>Surely its all about whether I want to sign my messages? His preference >>is irrelevant, > > > Using preference=sign he explicitly expresses that he *wants* to receive > signed messages. For example some people do not sign messages to > maillist, but if the maillist sends you preference=sign, it means that > it really *wants* signed messages. > >>he can check the signature or not as he pleases. > > How can he do that if you do not sign the message? > > The same holds for preference=encrypt. A preference for encrypted messages is a different thing, it doesn't harm the sender of the message in any way. Signing messages weakens plausible deniability. It may imply some standing that is not necessarily intended. These things can harm the sender. Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 10:12:17 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4JDl-0006vu-8r for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 10:12:17 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27629 for ; Sun, 14 Aug 2005 10:12:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDvGOH090088; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDvGwK090087; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDvF5w090075 for ; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 954725D80; Sun, 14 Aug 2005 15:57:14 +0200 (CEST) Message-ID: <42FF4DB4.4080309@gmail.com> Date: Sun, 14 Aug 2005 15:57:08 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> In-Reply-To: <42FF4A8C.3060000@algroup.co.uk> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigFEB9E5FADEFABAF2CFD656CB" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigFEB9E5FADEFABAF2CFD656CB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Ben Laurie wrote: > Signing messages weakens plausible deniability. It may imply some > standing that is not necessarily intended. These things can harm the > sender. If this is your consern, just ignore the flag and never sign messages, but please, let me tell you that I *prefer* signed messages. David --------------enigFEB9E5FADEFABAF2CFD656CB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/021KLLFgC3GUjoRAqaMAJ9XocrnOii7vXq+hJ+TiFGBX2tSvQCcCfRC qyHAlaAUA0Y7KU39UgHDH8M= =xWzQ -----END PGP SIGNATURE----- --------------enigFEB9E5FADEFABAF2CFD656CB-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 10:12:17 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4JDl-0006vv-A3 for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 10:12:17 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27630 for ; Sun, 14 Aug 2005 10:12:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDuN61089683; Sun, 14 Aug 2005 06:56:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDuNAj089682; Sun, 14 Aug 2005 06:56:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDuMmg089668 for ; Sun, 14 Aug 2005 06:56:22 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id C288C5CF8C; Sun, 14 Aug 2005 14:56:20 +0100 (BST) Message-ID: <42FF4E80.5020603@systemics.com> Date: Sun, 14 Aug 2005 15:00:32 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> In-Reply-To: <42FF4AC5.2020301@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ben Laurie wrote: > Ian G wrote: > >> Until someone can define the meaning >> of a signature, my standard advice is to not sign, >> which I'd recommend for all email, IM and so forth. > > > Oh, please, the meaning of signatures is perfectly well defined in law. Sorry I meant digital signatures. iang From owner-ietf-openpgp@mail.imc.org Sun Aug 14 10:26:18 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4JRK-0000Vw-GH for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 10:26:18 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA28688 for ; Sun, 14 Aug 2005 10:26:15 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EECONR095744; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EECOcR095742; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EECO4E095730 for ; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 3B6665D40; Sun, 14 Aug 2005 16:12:23 +0200 (CEST) Message-ID: <42FF5145.2040909@gmail.com> Date: Sun, 14 Aug 2005 16:12:21 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9068C91B33740587D712CE84" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9068C91B33740587D712CE84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > I understand. Implement your scheme and write a draft about it! I > think your ideas are too far-fetching to be reasonable added to this > document. There are many details that has to be solved. > Could you please outline a few of these details to be solved? Thanks, David --------------enig9068C91B33740587D712CE84 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/1FGKLLFgC3GUjoRAv8mAKCUGSCNYsIhSIWrH5aDB34Po1MWqwCguFBq ljpRg6J9C8fpu8jP8TwTtvA= =tTsO -----END PGP SIGNATURE----- --------------enig9068C91B33740587D712CE84-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 10:55:00 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Jt6-0003xD-9M for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 10:55:00 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA29567 for ; Sun, 14 Aug 2005 10:54:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEdX8g098147; Sun, 14 Aug 2005 07:39:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EEdX1S098146; Sun, 14 Aug 2005 07:39:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEdW9g098140 for ; Sun, 14 Aug 2005 07:39:32 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id F0C1633C1D; Sun, 14 Aug 2005 15:39:31 +0100 (BST) Message-ID: <42FF57A4.4060408@algroup.co.uk> Date: Sun, 14 Aug 2005 15:39:32 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> In-Reply-To: <42FF4E80.5020603@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ian G wrote: > Ben Laurie wrote: > >> Ian G wrote: >> >>> Until someone can define the meaning >>> of a signature, my standard advice is to not sign, >>> which I'd recommend for all email, IM and so forth. >> >> >> >> Oh, please, the meaning of signatures is perfectly well defined in law. > > Sorry I meant digital signatures. Well, in the UK, it is the Law Society's opinion that existing law applies equally to digital signatures. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 11:01:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Jzk-0004eH-Gg for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 11:01:52 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29753 for ; Sun, 14 Aug 2005 11:01:49 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEmYl7099204; Sun, 14 Aug 2005 07:48:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EEmYVo099203; Sun, 14 Aug 2005 07:48:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEmXjF099197 for ; Sun, 14 Aug 2005 07:48:33 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id AC00A531C9; Sun, 14 Aug 2005 15:48:32 +0100 (BST) Message-ID: <42FF5ABC.7060804@systemics.com> Date: Sun, 14 Aug 2005 15:52:44 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: openpgp Subject: The undefined nature of the digital signature References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> <42FF57A4.4060408@algroup.co.uk> In-Reply-To: <42FF57A4.4060408@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ben Laurie wrote: > Well, in the UK, it is the Law Society's opinion that existing law > applies equally to digital signatures. Good for them. So does that mean when user software uses a digsig to ensure message integrity, it also committed the user to a contract? In general, most of the digsig laws tended to fall back to stating that a digital signature was not to be rejected as a signature just because it was in digital form. Others said something much more complicated, and often created two disctinct legal regimes for digsigs. In all that, there remains a huge difference in the meaning of any given signature. Most applications have muffed this issue, often ascribing in vague terms several distinct purposes at once to the digsig. (OpenPGP has been most wise and ascribes no meaning to it, that I know of, which means it is up to the users to negotiate.) iang From owner-ietf-openpgp@mail.imc.org Sun Aug 14 11:10:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4K7j-0005eS-IA for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 11:10:07 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29949 for ; Sun, 14 Aug 2005 11:10:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EErmJ1099574; Sun, 14 Aug 2005 07:53:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EErmcp099573; Sun, 14 Aug 2005 07:53:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EErl0Z099565 for ; Sun, 14 Aug 2005 07:53:48 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C29B133C1A; Sun, 14 Aug 2005 15:53:44 +0100 (BST) Message-ID: <42FF5AF9.20800@algroup.co.uk> Date: Sun, 14 Aug 2005 15:53:45 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: openpgp Subject: Re: The undefined nature of the digital signature References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> <42FF57A4.4060408@algroup.co.uk> <42FF5ABC.7060804@systemics.com> In-Reply-To: <42FF5ABC.7060804@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ian G wrote: > Ben Laurie wrote: > >> Well, in the UK, it is the Law Society's opinion that existing law >> applies equally to digital signatures. > > > Good for them. So does that mean when user > software uses a digsig to ensure message > integrity, it also committed the user to > a contract? No, it means much the same as a written signature - that is, whatever was intended by the two parties, as should be clear from the signed document. > In general, most of the digsig laws tended to > fall back to stating that a digital signature > was not to be rejected as a signature just > because it was in digital form. Others said > something much more complicated, and often > created two disctinct legal regimes for digsigs. > > In all that, there remains a huge difference > in the meaning of any given signature. Most > applications have muffed this issue, often > ascribing in vague terms several distinct > purposes at once to the digsig. That's because signatures _are_ vague. IMO, attempts by techies to make signatures rigorous are misguided. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 11:42:04 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Kcd-0001Cq-RE for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 11:42:04 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00690 for ; Sun, 14 Aug 2005 11:42:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFUtvr002193; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFUtHP002192; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFUsDl002186 for ; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 7494533C1A; Sun, 14 Aug 2005 16:30:54 +0100 (BST) Message-ID: <42FF63AF.7000909@algroup.co.uk> Date: Sun, 14 Aug 2005 16:30:55 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> In-Reply-To: <1124033193.15215.12.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jeroen Massar wrote: > On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: > > > >>>* sign(encrypt(message)) > > > >>More importantly, perhaps, Krawczyk has shown that, in general, sign >>then encrypt is insecure. > > > Which exact paper do you mean? http://eprint.iacr.org/2001/045 > Also note that when you say that that is insecure you are also saying > that either/both the signing and/or the encryption are insecure in which > case the solution to the problem should be sought in a different > place... I have no idea what you mean. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 11:43:54 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4KeQ-0001R9-0M for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 11:43:54 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00731 for ; Sun, 14 Aug 2005 11:43:50 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFQg7N002020; Sun, 14 Aug 2005 08:26:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFQgJ9002019; Sun, 14 Aug 2005 08:26:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFQfDW002013 for ; Sun, 14 Aug 2005 08:26:41 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id A89578107; Sun, 14 Aug 2005 17:26:36 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF4626.6010909@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-xVcgsN8SJbUFh/zhWQcX" Organization: Unfix Date: Sun, 14 Aug 2005 17:26:32 +0200 Message-Id: <1124033193.15215.12.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-xVcgsN8SJbUFh/zhWQcX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > * sign(encrypt(message)) > More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > then encrypt is insecure. Which exact paper do you mean? Also note that when you say that that is insecure you are also saying that either/both the signing and/or the encryption are insecure in which case the solution to the problem should be sought in a different place... Greets, Jeroen --=-xVcgsN8SJbUFh/zhWQcX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/2KoKaooUjM+fCMRAlhQAKCMsperxdyuCreqFbpZklaH97dDwACfWsys Z61setx9NGlr0fgLmaCpjEI= =yG+b -----END PGP SIGNATURE----- --=-xVcgsN8SJbUFh/zhWQcX-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 11:53:57 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Ko8-0002fu-UK for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 11:53:57 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00959 for ; Sun, 14 Aug 2005 11:53:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFgJ7h003078; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFgJ0A003077; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFgInt003070 for ; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 712E433C1A; Sun, 14 Aug 2005 16:42:18 +0100 (BST) Message-ID: <42FF665B.4040509@algroup.co.uk> Date: Sun, 14 Aug 2005 16:42:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Laager CC: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> In-Reply-To: <1123863788.19609.9.camel@localhost> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Richard Laager wrote: > I'll admit that MITM attacks are rare and sophisticated, but if you're > not guarding against them, the only take you prevent is casual snooping > on the wire. If you're only going to worry about casual snooping, you > could just as well use rot13 as your "encryption". (Granted, I'm > exaggerating a little, but why bother with something as complex and > secure as OpenPGP to prevent casual snooping.) Your points about > keyloggers, etc. are very valid. I wish we could kill this myth that MitM is "rare and sophisticated". On wireless networks, they are common and trivial. On wired networks they are easy for the network admins to mount. The practice is sufficiently commonplace that many corps have their own CA keys in employees' browsers so they can forge X509 certs. Keylogging is a _much_ harder attack to mount. Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 12:01:25 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4KvM-0003cr-Ub for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 12:01:25 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01246 for ; Sun, 14 Aug 2005 12:01:21 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFjGUT003364; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFjGfq003363; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFjF5p003357 for ; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 78A317FAD; Sun, 14 Aug 2005 17:45:10 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF63AF.7000909@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-r7pY+udQXx+apkaFRbHW" Organization: Unfix Date: Sun, 14 Aug 2005 17:45:05 +0200 Message-Id: <1124034305.15215.17.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-r7pY+udQXx+apkaFRbHW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >=20 > >>Jeroen Massar wrote: > >=20 > > > >=20 > >>>* sign(encrypt(message)) > >=20 > > > >=20 > >>More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > >>then encrypt is insecure. > >=20 > >=20 > > Which exact paper do you mean? >=20 > http://eprint.iacr.org/2001/045 Which nicely says, already in the abstract btw, "Thus, while we show the generic security of SSL to be broken, the current standard implementations of the protocol that use the above modes of encryption are safe." Also, to really take care of your worries, one could do: encrypt(sign(encrypt(message)) which gives the same properties I specified before, although with some overhead. It will actually give an additional property that only the receiver is known and nobody else can figure out who send the message. Greets, Jeroen --=-r7pY+udQXx+apkaFRbHW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/2cBKaooUjM+fCMRAkIdAJ9PVjWI9UeZ2Gzut+8sE0uIBjkGmgCeIhNO UvMxjxhxRBv4WojvaaI2FwM= =ai5E -----END PGP SIGNATURE----- --=-r7pY+udQXx+apkaFRbHW-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 12:09:54 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4L3a-0005Eh-HA for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 12:09:54 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01731 for ; Sun, 14 Aug 2005 12:09:51 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFqTdL003714; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFqT2d003713; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFqS9c003707 for ; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6A80D33C1D; Sun, 14 Aug 2005 16:52:28 +0100 (BST) Message-ID: <42FF68BD.2000103@algroup.co.uk> Date: Sun, 14 Aug 2005 16:52:29 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> In-Reply-To: <1124034305.15215.17.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jeroen Massar wrote: > On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: >> >>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: >>> >>> >>>>Jeroen Massar wrote: >>> >>> >>> >>>>>* sign(encrypt(message)) >>> >>> >>> >>>>More importantly, perhaps, Krawczyk has shown that, in general, sign >>>>then encrypt is insecure. >>> >>> >>>Which exact paper do you mean? >> >>http://eprint.iacr.org/2001/045 > > > Which nicely says, already in the abstract btw, "Thus, while we show the > generic security of SSL to be broken, the current standard > implementations of the protocol that use the above modes of encryption > are safe." Sure. What does this have to do with OpenPGP's security? -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 12:49:56 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4LgJ-00032Q-U0 for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 12:49:56 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02942 for ; Sun, 14 Aug 2005 12:49:52 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGYEIQ006516; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGYEQH006515; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGYDGN006508 for ; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2EA5233C1A; Sun, 14 Aug 2005 17:34:13 +0100 (BST) Message-ID: <42FF7286.7020800@algroup.co.uk> Date: Sun, 14 Aug 2005 17:34:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> <42FF68BD.2000103@algroup.co.uk> <1124037118.15215.19.camel@firenze.zurich.ibm.com> In-Reply-To: <1124037118.15215.19.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jeroen Massar wrote: > On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: >> >>>On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: >>> >>> >>>>Jeroen Massar wrote: >>>> >>>> >>>>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: >>>>> >>>>> >>>>> >>>>>>Jeroen Massar wrote: >>>>> >>>>> >>>>> >>>>>>>* sign(encrypt(message)) >>>>> >>>>> >>>>> >>>>>>More importantly, perhaps, Krawczyk has shown that, in general, sign >>>>>>then encrypt is insecure. >>>>> >>>>> >>>>>Which exact paper do you mean? >>>> >>>>http://eprint.iacr.org/2001/045 >>> >>> >>>Which nicely says, already in the abstract btw, "Thus, while we show the >>>generic security of SSL to be broken, the current standard >>>implementations of the protocol that use the above modes of encryption >>>are safe." >> >>Sure. What does this have to do with OpenPGP's security? > > > psst... it was you bringing up that argument about the paper ;) Indeed - the result is general. The fact that SSL is secure gives no comfort for OpenPGP. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Sun Aug 14 12:49:59 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4LgN-00032f-CE for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 12:49:59 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02945 for ; Sun, 14 Aug 2005 12:49:55 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGW4rV006347; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGW4ak006346; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGW3di006339 for ; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 76F827FAD; Sun, 14 Aug 2005 18:32:00 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF68BD.2000103@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> <42FF68BD.2000103@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-l7bRLdaw9zlLEtvSAxe0" Organization: Unfix Date: Sun, 14 Aug 2005 18:31:58 +0200 Message-Id: <1124037118.15215.19.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-l7bRLdaw9zlLEtvSAxe0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > >=20 > >>Jeroen Massar wrote: > >> > >>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >>> > >>> > >>>>Jeroen Massar wrote: > >>> > >>> > >>> > >>>>>* sign(encrypt(message)) > >>> > >>> > >>> > >>>>More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > >>>>then encrypt is insecure. > >>> > >>> > >>>Which exact paper do you mean? > >> > >>http://eprint.iacr.org/2001/045 > >=20 > >=20 > > Which nicely says, already in the abstract btw, "Thus, while we show th= e > > generic security of SSL to be broken, the current standard > > implementations of the protocol that use the above modes of encryption > > are safe." >=20 > Sure. What does this have to do with OpenPGP's security? psst... it was you bringing up that argument about the paper ;) Greets, Jeroen --=-l7bRLdaw9zlLEtvSAxe0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/3H9KaooUjM+fCMRArBlAKC1lIKMc3MfhKGTz6MsEmzy7DtfOQCgl/FW aYQzjDLAMnktpsOTKbtuZsY= =CEbQ -----END PGP SIGNATURE----- --=-l7bRLdaw9zlLEtvSAxe0-- From owner-ietf-openpgp@mail.imc.org Sun Aug 14 13:11:27 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4M18-0006BY-QS for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 13:11:27 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA03463 for ; Sun, 14 Aug 2005 13:11:22 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGuKkv010071; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGuK5Q010070; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGuJLb010064 for ; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id B9CBE53225; Sun, 14 Aug 2005 17:56:18 +0100 (BST) Message-ID: <42FF78AE.2060504@systemics.com> Date: Sun, 14 Aug 2005 18:00:30 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: Richard Laager , ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> <42FF665B.4040509@algroup.co.uk> In-Reply-To: <42FF665B.4040509@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ben Laurie wrote: > > Richard Laager wrote: > >> I'll admit that MITM attacks are rare and sophisticated,... > > > I wish we could kill this myth that MitM is "rare and sophisticated". On > wireless networks, they are common and trivial. I don't think there is any myth that it is sophisticated or trivial - it gets done many times at conferences of hackers. The claim that is made is that it is expensive. As to whether it is common - the myth is easy to dispel by presenting some facts. Most times I've seen it claimed it has turned out to be something else. Got any? Facts, not claims that is.... It would be an enourmous service to the developers to know how much weight to put on MITM. Right now, theory says none because there is no case history. > On wired networks they are easy for the network admins to mount. The > practice is sufficiently commonplace that many corps have their own CA > keys in employees' browsers so they can forge X509 certs. Hmmm. Is that the sole reason? Or one of many reasons? And how often do they conduct this attack? > Keylogging is a _much_ harder attack to mount. Doesn't seem to slow down the phishers much... iang From owner-ietf-openpgp@mail.imc.org Sun Aug 14 13:41:10 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4MTt-0001pe-Qe for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 13:41:10 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA04066 for ; Sun, 14 Aug 2005 13:41:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHR532012022; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EHR51u012021; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHR5kQ012015 for ; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id F273E57EF5; Sun, 14 Aug 2005 09:36:14 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Encrypt then sign insecure? Message-Id: <20050814163614.F273E57EF5@finney.org> Date: Sun, 14 Aug 2005 09:36:14 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have changed the subject line as this is in regard to Ben's citation of Hugo Krawczyk's paper on the order of signing and encryption, http://eprint.iacr.org/2001/045, also published in Crypto 01. This paper doesn't apply to systems like OpenPGP which compose public key signatures with public key encryption. Rather, it investigates the composition of symmetric encryption (e.g. AES) with MAC. Krawczyk shows that it is not always safe to first MAC and then symmetrically encrypt, even if your MAC is secure and your symmetric encryption algorithm is secure. He does this by coming up with rather artificial types of MAC and encryption which are individually secure but which interact in a bad way when when put together like this. Krawczyk also shows some constructions that ARE always safe, including doing CBC with a secure cipher, then MACing the ciphertext. Again, this analysis is not applicable to the PK digital signatures and hybrid public/private key encryption used in OpenPGP. Hal Finney From owner-ietf-openpgp@mail.imc.org Sun Aug 14 13:58:21 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4MkV-0003nQ-OG for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 13:58:21 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA04543 for ; Sun, 14 Aug 2005 13:58:17 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHg9Ok012873; Sun, 14 Aug 2005 10:42:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EHg9DH012872; Sun, 14 Aug 2005 10:42:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from homer.w3.org (homer.w3.org [128.30.52.30]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHg6RK012865 for ; Sun, 14 Aug 2005 10:42:07 -0700 (PDT) (envelope-from tlr@w3.org) Received: from lavazza.does-not-exist.org (homer.w3.org [128.30.52.30]) by homer.w3.org (Postfix) with ESMTP id CD83D5BA75; Sun, 14 Aug 2005 11:40:20 -0400 (EDT) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.52) id 1E4Kay-0006FE-79; Sun, 14 Aug 2005 17:40:20 +0200 Date: Sun, 14 Aug 2005 17:40:20 +0200 From: Thomas Roessler To: Ben Laurie Cc: Ian G , David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion Message-ID: <20050814154019.GC18413@lavazza.does-not-exist.org> Mail-Followup-To: Ben Laurie , Ian G , David Srbecky , Simon Josefsson , openpgp References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42FF4AC5.2020301@algroup.co.uk> User-Agent: Mutt/1.5.10i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2005-08-14 14:44:37 +0100, Ben Laurie wrote: > Oh, please, the meaning of signatures is perfectly well defined > in law. More precisely, it is perfectly well defined in any number of laws, in any number of jurisdictions, and with any number of different results. (Just like the term "signature" itself, by the way.) -- Thomas Roessler, W3C From owner-ietf-openpgp@mail.imc.org Sun Aug 14 18:49:40 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4RIS-0001t3-Kr for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 18:49:40 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA17373 for ; Sun, 14 Aug 2005 18:49:36 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EMWZ4A011811; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EMWZu5011810; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ns5.townisp.com (ns5a.townisp.com [216.195.0.140]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EMWYGu011804 for ; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) (envelope-from blilly@erols.com) Received: from mail.blilly.com (dhcp-0-8-a1-c-fa-f7.cpe.townisp.com [216.49.158.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "marty.blilly.com", Issuer "Bruce Lilly" (not verified)) by ns5.townisp.com (Postfix) with ESMTP id 3F574299CD; Sun, 14 Aug 2005 18:32:34 -0400 (EDT) Received: from marty.blilly.com (marty.blilly.com [192.168.99.98] (may be forged)) by mail.blilly.com with ESMTP id j7EMWUEb005937(8.13.1/8.13.1/mail.blilly.com /etc/sendmail.mc.mail 1.26 2005/06/24 20:47:59) (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) ; Sun, 14 Aug 2005 18:32:30 -0400 Received: from marty.blilly.com (localhost [127.0.0.1]) (authenticated (0 bits)) by marty.blilly.com with ESMTP id j7EMWT5N005926(8.13.1/8.13.1/blilly.com submit.mc 1.3 2005/04/08 12:29:31) (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) ; Sun, 14 Aug 2005 18:32:29 -0400 From: Bruce Lilly Reply-To: Bruce Lilly Organization: Bruce Lilly To: "Hal Finney" Subject: Re: Encrypt then sign insecure? Date: Sun, 14 Aug 2005 18:32:17 -0400 User-Agent: KMail/1.8.2 Cc: ietf-openpgp@imc.org References: <20050814163614.F273E57EF5@finney.org> In-Reply-To: <20050814163614.F273E57EF5@finney.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508141832.19362@mail.blilly.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On Sun August 14 2005 12:36, Hal Finney wrote: > > I have changed the subject line as this is in regard to Ben's citation > of Hugo Krawczyk's paper on the order of signing and encryption, > http://eprint.iacr.org/2001/045, also published in Crypto 01. > > This paper doesn't apply to systems like OpenPGP which compose public > key signatures with public key encryption. Rather, it investigates the > composition of symmetric encryption (e.g. AES) with MAC. The same cannot be said of Davis' analysis of issues in http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html From owner-ietf-openpgp@mail.imc.org Sun Aug 14 19:39:12 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4S4O-0007Xm-U0 for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 19:39:12 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA19113 for ; Sun, 14 Aug 2005 19:39:08 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENHgvr015556; Sun, 14 Aug 2005 16:17:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7ENHgni015555; Sun, 14 Aug 2005 16:17:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENHfld015549 for ; Sun, 14 Aug 2005 16:17:41 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Sun, 14 Aug 2005 16:17:40 -0700 Received: from [169.231.1.245] ([169.231.1.245]) by keys.merrymeet.com (PGP Universal service); Sun, 14 Aug 2005 16:17:40 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 14 Aug 2005 16:17:40 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <42FB94B1.5000008@systemics.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "The OpenPGP mail and news header" extenssion Date: Sun, 14 Aug 2005 16:17:27 -0700 To: OpenPGP X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 11 Aug 2005, at 11:10 AM, Ian G wrote: > Er, I hope not! There are plenty of reasons to > encrypt-only. Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. > Oh, but Ian, it's my preference that you sign messages you send to me. It's *my* preference that I not sign, as I pretty much agree with you. This is just like my preference that everyone who phones me use caller id, but my preference that I disable it. Jon From owner-ietf-openpgp@mail.imc.org Sun Aug 14 20:01:59 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4SQQ-0001J9-WF for openpgp-archive@megatron.ietf.org; Sun, 14 Aug 2005 20:01:59 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19684 for ; Sun, 14 Aug 2005 20:01:56 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENk78O017813; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7ENk7YJ017812; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENk71j017806 for ; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Sun, 14 Aug 2005 16:46:04 -0700 Received: from [169.231.1.245] ([169.231.1.245]) by keys.merrymeet.com (PGP Universal service); Sun, 14 Aug 2005 16:46:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 14 Aug 2005 16:46:04 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <200508141832.19362@mail.blilly.com> References: <20050814163614.F273E57EF5@finney.org> <200508141832.19362@mail.blilly.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <35c5d151a8251f6b901fdf639e342cae@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Encrypt then sign insecure? Date: Sun, 14 Aug 2005 16:45:53 -0700 To: OpenPGP X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit > On Sun August 14 2005 12:36, Hal Finney wrote: >> >> I have changed the subject line as this is in regard to Ben's citation >> of Hugo Krawczyk's paper on the order of signing and encryption, >> http://eprint.iacr.org/2001/045, also published in Crypto 01. >> >> This paper doesn't apply to systems like OpenPGP which compose public >> key signatures with public key encryption. Rather, it investigates >> the >> composition of symmetric encryption (e.g. AES) with MAC. > > The same cannot be said of Davis' analysis of issues in > http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html > > Davis is merely making a mountain out of a molehill. Cryptography cannot protect you from sending a message to a bad actor. Not even things like OTR can [1]. A word to the wise is that you shouldn't sign any message that you would be embarrassed to be made public. Nonetheless, there's definitely a need to have secure messages that aren't signed. That's why we have the MDC construction in OpenPGP, so that you can have a reasonable assurance that a message arrived to you intact. Jon [1] This is not a slam on OTR, which I think is brilliant. It is merely an observation that if you use a full privacy-enabled system like OTR and someone pastes a copy of your conversation into their livejournal, the people who read that transcript will presume it to be accurate. Furthermore, the fact that you used a juicy technology like OTR will make people *more* not less likely to believe it was accurate. This is an observation on human nature. From owner-ietf-openpgp@mail.imc.org Mon Aug 15 01:59:58 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Y0q-0002ne-SM for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 01:59:58 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA01643 for ; Mon, 15 Aug 2005 01:59:55 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5dKx8065427; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5dKVX065426; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5dJMU065369 for ; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xgn-00034H-00 for ; Mon, 15 Aug 2005 07:39:13 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending Date: Mon, 15 Aug 2005 07:38:58 +0200 User-Agent: KMail/1.8 References: <42FF665B.4040509@algroup.co.uk> <42FF78AE.2060504@systemics.com> In-Reply-To: <42FF78AE.2060504@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3033786.ECMKuvl0Cn"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150738.58755@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart3033786.ECMKuvl0Cn Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sunday 14 August 2005 19:00, Ian G wrote: > Ben Laurie wrote: > > On wired networks they are easy for the network admins to mount. The > > practice is sufficiently commonplace that many corps have their own CA > > keys in employees' browsers so they can forge X509 certs. > > Hmmm. Is that the sole reason? Or one of many reasons? > > And how often do they conduct this attack? There are web-proxies on the market which do this in order to be able to=20 track HTTPS connections of employees. This is illegal or at least of=20 doubtful legality in most European countries, so I can't provide you with=20 examples of companies who do this. Konrad --nextPart3033786.ECMKuvl0Cn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDACpyClt766LaIH0RAn7bAJ9OG/93AV8AUmNekroL7ppNeBW2owCeOB54 7FljMa6CFgv8IJf40kwYawY= =mblj -----END PGP SIGNATURE----- --nextPart3033786.ECMKuvl0Cn-- From owner-ietf-openpgp@mail.imc.org Mon Aug 15 02:03:42 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Y4U-0003Ex-8q for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 02:03:42 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA05399 for ; Mon, 15 Aug 2005 02:03:41 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5oo7U069490; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5ooGb069489; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5oneM069440 for ; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xrw-00035X-00 for ; Mon, 15 Aug 2005 07:50:44 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Mon, 15 Aug 2005 07:50:28 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> In-Reply-To: <42FF4A8C.3060000@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1763041.dj7BaThLhZ"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150750.29627@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart1763041.dj7BaThLhZ Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sunday 14 August 2005 15:43, Ben Laurie wrote: > Signing messages weakens plausible deniability. It may imply some > standing that is not necessarily intended. These things can harm the > sender. On the other hand: not signing weakens the receivers trust into the sender.= =20 Just as an example: I can't be sure that your advise to not use signatures= =20 comes from a knowledgable OpenPGP expert, it could as well come from a=20 spammer lobbying against the use of crypto because it harms his business=20 model. Konrad --nextPart1763041.dj7BaThLhZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDAC0lClt766LaIH0RAhArAJ48OwjtBLZmsJxkbcfaQxVOS4WIkgCgmXoB 2swTsCQNIstfNeN/RrSIpG0= =pNOV -----END PGP SIGNATURE----- --nextPart1763041.dj7BaThLhZ-- From owner-ietf-openpgp@mail.imc.org Mon Aug 15 02:03:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4Y4Y-0003FC-6B for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 02:03:53 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA05468 for ; Mon, 15 Aug 2005 02:03:45 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5kdJO068020; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5kdcO068019; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5kc1i067981 for ; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xnh-00034z-00; Mon, 15 Aug 2005 07:46:22 +0200 From: Konrad Rosenbaum To: Ben Laurie , ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Mon, 15 Aug 2005 07:46:04 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <1124037118.15215.19.camel@firenze.zurich.ibm.com> <42FF7286.7020800@algroup.co.uk> In-Reply-To: <42FF7286.7020800@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4536509.UfVxNzYH4h"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150746.05068@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart4536509.UfVxNzYH4h Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sunday 14 August 2005 18:34, Ben Laurie wrote: > Indeed - the result is general. The fact that SSL is secure gives no > comfort for OpenPGP. The abstract also states that using the cipher in CBC is secure. When last = I=20 looked OpenPGP used CBC. Konrad --nextPart4536509.UfVxNzYH4h Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDACwdClt766LaIH0RAnP9AJ4uBSzWSJfQogl+Ll1DFnQVny1i3gCdGeOr UXcUM709R8ZK+9s1Xcoutmg= =916K -----END PGP SIGNATURE----- --nextPart4536509.UfVxNzYH4h-- From owner-ietf-openpgp@mail.imc.org Mon Aug 15 05:44:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4bWD-0004nJ-GY for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 05:44:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23115 for ; Mon, 15 Aug 2005 05:44:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RjgW067269; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9RjhW067268; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RimM067256 for ; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6294833C1A; Mon, 15 Aug 2005 10:27:43 +0100 (BST) Message-ID: <43006010.5000809@algroup.co.uk> Date: Mon, 15 Aug 2005 10:27:44 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <1124037118.15215.19.camel@firenze.zurich.ibm.com> <42FF7286.7020800@algroup.co.uk> <200508150746.05068@zaphod.konrad.silmor.de> In-Reply-To: <200508150746.05068@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > On Sunday 14 August 2005 18:34, Ben Laurie wrote: > >>Indeed - the result is general. The fact that SSL is secure gives no >>comfort for OpenPGP. > > > The abstract also states that using the cipher in CBC is secure. When last I > looked OpenPGP used CBC. Look again, then. OpenPGP uses CFB. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 05:44:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4bWD-0004nI-F1 for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 05:44:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23114 for ; Mon, 15 Aug 2005 05:44:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TE7C067791; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9TEA6067790; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TDuZ067777 for ; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 69A9633C1A; Mon, 15 Aug 2005 10:29:13 +0100 (BST) Message-ID: <4300606A.1080701@algroup.co.uk> Date: Mon, 15 Aug 2005 10:29:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> <200508150750.29627@zaphod.konrad.silmor.de> In-Reply-To: <200508150750.29627@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > On Sunday 14 August 2005 15:43, Ben Laurie wrote: > >>Signing messages weakens plausible deniability. It may imply some >>standing that is not necessarily intended. These things can harm the >>sender. > > > On the other hand: not signing weakens the receivers trust into the sender. > Just as an example: I can't be sure that your advise to not use signatures > comes from a knowledgable OpenPGP expert, it could as well come from a > spammer lobbying against the use of crypto because it harms his business > model. True enough, but the argument should stand no matter who I am. If you want to protect against spam using signatures there are other ways to do it that don't involve signing the content. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 05:44:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4bWD-0004nJ-GY for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 05:44:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23115 for ; Mon, 15 Aug 2005 05:44:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RjgW067269; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9RjhW067268; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RimM067256 for ; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6294833C1A; Mon, 15 Aug 2005 10:27:43 +0100 (BST) Message-ID: <43006010.5000809@algroup.co.uk> Date: Mon, 15 Aug 2005 10:27:44 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <1124037118.15215.19.camel@firenze.zurich.ibm.com> <42FF7286.7020800@algroup.co.uk> <200508150746.05068@zaphod.konrad.silmor.de> In-Reply-To: <200508150746.05068@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > On Sunday 14 August 2005 18:34, Ben Laurie wrote: > >>Indeed - the result is general. The fact that SSL is secure gives no >>comfort for OpenPGP. > > > The abstract also states that using the cipher in CBC is secure. When last I > looked OpenPGP used CBC. Look again, then. OpenPGP uses CFB. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 05:44:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4bWD-0004nI-F1 for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 05:44:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23114 for ; Mon, 15 Aug 2005 05:44:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TE7C067791; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9TEA6067790; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TDuZ067777 for ; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 69A9633C1A; Mon, 15 Aug 2005 10:29:13 +0100 (BST) Message-ID: <4300606A.1080701@algroup.co.uk> Date: Mon, 15 Aug 2005 10:29:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> <200508150750.29627@zaphod.konrad.silmor.de> In-Reply-To: <200508150750.29627@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Konrad Rosenbaum wrote: > On Sunday 14 August 2005 15:43, Ben Laurie wrote: > >>Signing messages weakens plausible deniability. It may imply some >>standing that is not necessarily intended. These things can harm the >>sender. > > > On the other hand: not signing weakens the receivers trust into the sender. > Just as an example: I can't be sure that your advise to not use signatures > comes from a knowledgable OpenPGP expert, it could as well come from a > spammer lobbying against the use of crypto because it harms his business > model. True enough, but the argument should stand no matter who I am. If you want to protect against spam using signatures there are other ways to do it that don't involve signing the content. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 06:01:20 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4bmS-0006pF-KI for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 06:01:20 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA23784 for ; Mon, 15 Aug 2005 06:01:18 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hw8P073032; Mon, 15 Aug 2005 02:43:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9hwC7073031; Mon, 15 Aug 2005 02:43:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9huZw073013 for ; Mon, 15 Aug 2005 02:43:57 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id BEE2433C1A; Mon, 15 Aug 2005 10:43:54 +0100 (BST) Message-ID: <430063DB.7070001@algroup.co.uk> Date: Mon, 15 Aug 2005 10:43:55 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050814163614.F273E57EF5@finney.org> In-Reply-To: <20050814163614.F273E57EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: > I have changed the subject line as this is in regard to Ben's citation > of Hugo Krawczyk's paper on the order of signing and encryption, > http://eprint.iacr.org/2001/045, also published in Crypto 01. > > This paper doesn't apply to systems like OpenPGP which compose public > key signatures with public key encryption. Rather, it investigates the > composition of symmetric encryption (e.g. AES) with MAC. > > Krawczyk shows that it is not always safe to first MAC and then > symmetrically encrypt, even if your MAC is secure and your symmetric > encryption algorithm is secure. He does this by coming up with rather > artificial types of MAC and encryption which are individually secure > but which interact in a bad way when when put together like this. > > Krawczyk also shows some constructions that ARE always safe, including > doing CBC with a secure cipher, then MACing the ciphertext. > > Again, this analysis is not applicable to the PK digital signatures and > hybrid public/private key encryption used in OpenPGP. This does not seem to me to be true. OpenPGP uses symmetric encryption under the hood, and signs the plaintext rather than the ciphertext. All that is needed is an oracle which will say whether the signature is correct or not. Furthermore, OpenPGP does not use CBC, so the security proof from the paper doesn't help. I agree that the paper uses rather an artificial cipher (though the MAC can be any MAC) but it isn't clear to me what the limits of the attack are. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 06:08:36 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4btS-0007hf-Bo for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 06:08:36 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA23967 for ; Mon, 15 Aug 2005 06:08:31 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hiT0072944; Mon, 15 Aug 2005 02:43:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9hiA2072943; Mon, 15 Aug 2005 02:43:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hfIo072900 for ; Mon, 15 Aug 2005 02:43:43 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7F9hUim027276 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 15 Aug 2005 11:43:31 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF5145.2040909@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050815:ietf-openpgp@imc.org::NNLKeTJRuC/J1lWt:6tq0 X-Hashcash: 1:21:050815:dsrbecky@gmail.com::owD2OET1AehqG4/4:9ZMv Date: Mon, 15 Aug 2005 11:43:10 +0200 In-Reply-To: <42FF5145.2040909@gmail.com> (David Srbecky's message of "Sun, 14 Aug 2005 16:12:21 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Simon Josefsson wrote: >> I understand. Implement your scheme and write a draft about it! I >> think your ideas are too far-fetching to be reasonable added to this >> document. There are many details that has to be solved. >> > > Could you please outline a few of these details to be solved? Canonicalization of the content to sign; it is not clear exactly what data should be signed. How to cope with gateway's that modify the message need also be discussed, e.g., you likely will need to use 7-bit MIME to be reasonable sure the message arrive intact. The OpenPGP header is not intended to be security critical or trust-worthy. The point of it was to assist mail clients or mailing list software to be able to provide a better default user experience. Changing that header to embed signature information changes fundamental assumption of what the header should be about, so I'd rather not work on this now. I do encourage you to try to experiment with the idea though. The tag=value structure of the OpenPGP header would allow you to use the same header name, although if you want to support S/MIME signatures in the same header, I think using Signature: may be cleaner. And in general, what the header is called is not that important. Regards, Simon From owner-ietf-openpgp@mail.imc.org Mon Aug 15 10:37:17 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4g5V-00016Q-40 for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 10:37:17 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06646 for ; Mon, 15 Aug 2005 10:37:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FEG89G073221; Mon, 15 Aug 2005 07:16:08 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7FEG8tD073220; Mon, 15 Aug 2005 07:16:08 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FEG6gF073195 for ; Mon, 15 Aug 2005 07:16:07 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2159D33C1A; Mon, 15 Aug 2005 15:16:05 +0100 (BST) Message-ID: <4300A3A6.4020409@algroup.co.uk> Date: Mon, 15 Aug 2005 15:16:06 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org, lpb@ece.cmu.edu Subject: Re: Section 5.2.3 of latest draft: bis14. References: <20050715234725.0293757E8C@finney.org> In-Reply-To: <20050715234725.0293757E8C@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: > Levi Broderick writes: > >>I noticed that the following bullet is missing from the latest draft. >>It used to appear between 'One-octet hash algorithm' and 'Hashed >>subpacket data set' in section 5.2.3. >> >> - Two-octet scalar octet count for following hashed subpacket >> data. Note that this is the length in octets of all of the hashed >> subpackets; a pointer incremented by this number will skip over >> the hashed subpackets. > > > This is definitely an error and needs to be fixed. I believe the idea was to eliminate this and the following instance for unhashed subpacket data sets, since the count is defined there. > A couple of other relatively minor points relating to this section. > > We now use the term "data set" for the hashed and unhashed subpackets: > > - Hashed subpacket data set. (zero or more subpackets) > > - Two-octet scalar octet count for the following unhashed > subpacket data. Note that this is the length in octets of all of > the unhashed subpackets; a pointer incremented by this number > will skip over the unhashed subpackets. > > - Unhashed subpacket data set. (zero or more subpackets) > > "Data set" is defined in the next section, 5.2.3.1: > > A subpacket data set consists of zero or more signature subpackets, > preceded by a two-octet scalar count of the length in octets of all > the subpackets; a pointer incremented by this number will skip over > the subpacket data set. > > This definition could be interpreted to mean that the data set includes > the two-octet scalar count. In fact, in the layout in 5.2.3 the data > set does not include the scalar count. 5.2.3.1 could be reworded to say > "A subpacket data set consists of zero or more signature subpackets, > AND IS preceded by a two-octet scalar count..." There's no penalty for clarity, right? So why not add "Note that the count is the number of bytes to skip after the count itself has been read", for instance. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Aug 15 11:20:16 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4gl5-0005fy-VR for openpgp-archive@megatron.ietf.org; Mon, 15 Aug 2005 11:20:16 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08348 for ; Mon, 15 Aug 2005 11:20:13 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FF4uks077883; Mon, 15 Aug 2005 08:04:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7FF4udM077882; Mon, 15 Aug 2005 08:04:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FF4sx1077875 for ; Mon, 15 Aug 2005 08:04:55 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 150700473 for ietf-openpgp@imc.org; Mon, 15 Aug 2005 18:04:49 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Mon, 15 Aug 2005 18:04:49 +0300 (EEST) Message-ID: <20699.193.210.155.190.1124118289.squirrel@webmail.tiscali.fi> Date: Mon, 15 Aug 2005 18:04:49 +0300 (EEST) Subject: Calculating signature over private key From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit I am calculating a signature over private keypair. How the data to be signed differs from the public key? Are the fields: Salt, Initial vector, Coded count, encrypted dsa x, encrypted sha1 hash (20 octets) included to the signed data? Can someone clarify this? From owner-ietf-openpgp@mail.imc.org Tue Aug 16 00:52:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4tR8-0000vM-C5 for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 00:52:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA06441 for ; Tue, 16 Aug 2005 00:52:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z4Ke048171; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4Z4wi048170; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z3cA048163 for ; Mon, 15 Aug 2005 21:35:03 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id C7EDD57EF5; Mon, 15 Aug 2005 20:44:17 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Calculating signature over private key Message-Id: <20050816034417.C7EDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:44:17 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: writes: > I am calculating a signature over private keypair. How the data to be > signed differs from the public key? Are the fields: Salt, Initial vector, > Coded count, encrypted dsa x, encrypted sha1 hash (20 octets) included to > the signed data? Can someone clarify this? OpenPGP does not support the notion of calculating a signature over a private keypair. Generally a signature is done on a public key as part of a certification of that key that will be publicly available. Signing a private key would not be useful because the private key material is normally not shared with others, so signature verification would be impossible. Hal From owner-ietf-openpgp@mail.imc.org Tue Aug 16 00:52:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4tR8-0000vN-C5 for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 00:52:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA06440 for ; Tue, 16 Aug 2005 00:52:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c9oY048510; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4c9og048509; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c8gS048502 for ; Mon, 15 Aug 2005 21:38:08 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 29FDD57EF5; Mon, 15 Aug 2005 20:47:24 -0700 (PDT) To: ben@algroup.co.uk, hal@finney.org Subject: Re: Encrypt then sign insecure? Cc: ietf-openpgp@imc.org Message-Id: <20050816034724.29FDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:47:24 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ; Tue, 16 Aug 2005 00:52:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z4Ke048171; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4Z4wi048170; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z3cA048163 for ; Mon, 15 Aug 2005 21:35:03 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id C7EDD57EF5; Mon, 15 Aug 2005 20:44:17 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Calculating signature over private key Message-Id: <20050816034417.C7EDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:44:17 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: writes: > I am calculating a signature over private keypair. How the data to be > signed differs from the public key? Are the fields: Salt, Initial vector, > Coded count, encrypted dsa x, encrypted sha1 hash (20 octets) included to > the signed data? Can someone clarify this? OpenPGP does not support the notion of calculating a signature over a private keypair. Generally a signature is done on a public key as part of a certification of that key that will be publicly available. Signing a private key would not be useful because the private key material is normally not shared with others, so signature verification would be impossible. Hal From owner-ietf-openpgp@mail.imc.org Tue Aug 16 00:52:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4tR8-0000vN-C5 for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 00:52:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA06440 for ; Tue, 16 Aug 2005 00:52:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c9oY048510; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4c9og048509; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c8gS048502 for ; Mon, 15 Aug 2005 21:38:08 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 29FDD57EF5; Mon, 15 Aug 2005 20:47:24 -0700 (PDT) To: ben@algroup.co.uk, hal@finney.org Subject: Re: Encrypt then sign insecure? Cc: ietf-openpgp@imc.org Message-Id: <20050816034724.29FDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:47:24 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > Hal Finney wrote: > > This paper doesn't apply to systems like OpenPGP which compose public > > key signatures with public key encryption. Rather, it investigates the > > composition of symmetric encryption (e.g. AES) with MAC. > ... > This does not seem to me to be true. OpenPGP uses symmetric encryption > under the hood, and signs the plaintext rather than the ciphertext. All > that is needed is an oracle which will say whether the signature is > correct or not. Krawczyk's paper is about combining MAC and symmetric encryption. That's not what OpenPGP does. We don't do MACs. > Furthermore, OpenPGP does not use CBC, so the security proof from the > paper doesn't help. That's true, but the point is that the paper is not about systems like OpenPGP at all. Hal Finney ietf-openpgp.imc.org> Ben Laurie wrote: > Hal Finney wrote: > > This paper doesn't apply to systems like OpenPGP which compose public > > key signatures with public key encryption. Rather, it investigates the > > composition of symmetric encryption (e.g. AES) with MAC. > ... > This does not seem to me to be true. OpenPGP uses symmetric encryption > under the hood, and signs the plaintext rather than the ciphertext. All > that is needed is an oracle which will say whether the signature is > correct or not. Krawczyk's paper is about combining MAC and symmetric encryption. That's not what OpenPGP does. We don't do MACs. > Furthermore, OpenPGP does not use CBC, so the security proof from the > paper doesn't help. That's true, but the point is that the paper is not about systems like OpenPGP at all. Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Aug 16 02:07:19 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4ubX-0002OH-Iv for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 02:07:19 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA16149 for ; Tue, 16 Aug 2005 02:07:17 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G5pKpI075057; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G5pKs8075055; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G5pKXM074975 for ; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d8e7.dip.t-dialin.net ([84.179.216.231] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4uLy-0006A2-00 for ; Tue, 16 Aug 2005 07:51:14 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Tue, 16 Aug 2005 07:50:55 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <200508150750.29627@zaphod.konrad.silmor.de> <4300606A.1080701@algroup.co.uk> In-Reply-To: <4300606A.1080701@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2879028.Mq6ueB6cKK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508160750.58672@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart2879028.Mq6ueB6cKK Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Monday 15 August 2005 11:29, Ben Laurie wrote: > Konrad Rosenbaum wrote: > > On the other hand: not signing weakens the receivers trust into the > > sender. Just as an example: I can't be sure that your advise to not use > > signatures comes from a knowledgable OpenPGP expert, it could as well > > come from a spammer lobbying against the use of crypto because it harms > > his business model. > > True enough, but the argument should stand no matter who I am. > > If you want to protect against spam using signatures there are other > ways to do it that don't involve signing the content. Hmm, bad example. I do not want to protect myself agains spam using=20 signatures (bayes filters are far more useful in that area), I want to=20 protect myself against impostors claiming to be trustworthy people and fool= =20 me into doing something stupid. Konrad --nextPart2879028.Mq6ueB6cKK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDAX7CClt766LaIH0RAurKAJ0TYfVBu/spO1toyw4Hw0Y2LNCHagCfU77U euAP2c6u0Bof25QrIDUoSJA= =/YxA -----END PGP SIGNATURE----- --nextPart2879028.Mq6ueB6cKK-- From owner-ietf-openpgp@mail.imc.org Tue Aug 16 06:26:24 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E4yeG-0004mM-G5 for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 06:26:24 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA01738 for ; Tue, 16 Aug 2005 06:26:21 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GA7fvL073749; Tue, 16 Aug 2005 03:07:41 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7GA7f3S073748; Tue, 16 Aug 2005 03:07:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GA7cm1073713 for ; Tue, 16 Aug 2005 03:07:38 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id E3D0E33C1A; Tue, 16 Aug 2005 11:07:36 +0100 (BST) Message-ID: <4301BAEA.1080509@algroup.co.uk> Date: Tue, 16 Aug 2005 11:07:38 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050816034724.29FDD57EF5@finney.org> In-Reply-To: <20050816034724.29FDD57EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: > Ben Laurie wrote: > >>Hal Finney wrote: >> >>>This paper doesn't apply to systems like OpenPGP which compose public >>>key signatures with public key encryption. Rather, it investigates the >>>composition of symmetric encryption (e.g. AES) with MAC. >> >>... >>This does not seem to me to be true. OpenPGP uses symmetric encryption >>under the hood, and signs the plaintext rather than the ciphertext. All >>that is needed is an oracle which will say whether the signature is >>correct or not. > > > Krawczyk's paper is about combining MAC and symmetric encryption. > That's not what OpenPGP does. We don't do MACs. Actually, the only point of the MAC is to tell whether decryption succeeded. Signatures do the same job. >>Furthermore, OpenPGP does not use CBC, so the security proof from the >>paper doesn't help. > > That's true, but the point is that the paper is not about systems like > OpenPGP at all. Yes it is. The required properties are: a) encryption and b) the possibility to detect errors in the plaintext. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Tue Aug 16 19:04:34 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E5ATy-0003rw-Of for openpgp-archive@megatron.ietf.org; Tue, 16 Aug 2005 19:04:34 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA19154 for ; Tue, 16 Aug 2005 19:04:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GMfIGf004367; Tue, 16 Aug 2005 15:41:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7GMfIi1004366; Tue, 16 Aug 2005 15:41:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GMfF8m004360 for ; Tue, 16 Aug 2005 15:41:17 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id E93C357EF5; Tue, 16 Aug 2005 14:50:32 -0700 (PDT) To: ben@algroup.co.uk, hal@finney.org Subject: Re: Encrypt then sign insecure? Cc: ietf-openpgp@imc.org Message-Id: <20050816215032.E93C357EF5@finney.org> Date: Tue, 16 Aug 2005 14:50:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > Hal Finney wrote: > > Krawczyk's paper is about combining MAC and symmetric encryption. > > That's not what OpenPGP does. We don't do MACs. > > Actually, the only point of the MAC is to tell whether decryption > succeeded. Signatures do the same job. I have to apologize to Ben, he's right about this. I went back and re-read Krawczyk's paper and it does apply to signatures as well as MACs. However, the actual result is somewhat different from what is often stated, which is that MAC-then-encrypt is potentially insecure. What he actually shows is that encryption that is secure against passive attacks (like chosen plaintext) is not necessarily secure against active attacks (like altering the ciphertext en route), and that this is not prevented by MAC-ing the data before encrypting. As Ben points out, it is also not prevented by signing the data before encrypting. In fact, nothing you do to the data before encrypting can prevent the attack Krawczyk shows, because he assumes certain properties of the decryption engine which cause it to abort before it even tries to process the decrypted data. Although Krawczyk suggests that "in a sense" the MAC can make things worse, in fact his attack never calls the MAC (nor would it verify a signature). He corrupts the data en route such that the decryption engine barfs on it, so the plaintext never gets processed at the receiving end. The attacker is assumed to be able to notice this response, which leaks information about the plaintext. Krawczyk basically shows that you can't use an encryption function which is really weak against active attacks, and then assume that an inner signature or MAC will save you. If the encryption function is bad enough, there is nothing you can do if you are going to wait until you decrypt. The only solution is to check integrity before beginning decryption. The bottom line is that at some level we do need to assume that our encryption functions do not have the horrible properties that Krawczyk had to assume in order to make his construction go through. Hal Finney From MAILER-DAEMON@ietf.org Wed Aug 17 04:55:26 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E5Jhm-0006A7-0q for openpgp-archive@megatron.ietf.org; Wed, 17 Aug 2005 04:55:26 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA15980 for ; Wed, 17 Aug 2005 04:55:23 -0400 (EDT) Message-Id: <200508170855.EAA15980@ietf.org> Received: from host181-119.pool81119.interbusiness.it ([81.119.119.181] helo=ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E5KHF-0008Qd-SD for openpgp-archive@ietf.org; Wed, 17 Aug 2005 05:32:08 -0400 From: "Automatic Email Delivery Software" To: openpgp-archive@ietf.org Subject: Returned mail: see transcript for details Date: Wed, 17 Aug 2005 10:56:18 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0003_97500F65.C5F2A02B" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.3 (+++) X-Scan-Signature: c72c29da2ca4b2bd12d89dfc936ad645 This is a multi-part message in MIME format. ------=_NextPart_000_0003_97500F65.C5F2A02B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This message was not delivered due to the following reason(s): Your message could not be delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message was not delivered within 3 days: Host 186.205.133.233 is not responding. The following recipients could not receive this message: Please reply to postmaster@ietf.org if you feel this message to be in error. ------=_NextPart_000_0003_97500F65.C5F2A02B Content-Type: application/octet-stream; name="document.zip" Content-Disposition: attachment; filename="document.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAAAlHETPZ3SvwoHAAAKBwAAA/AAAAZG9jdW1lbnQuZG9jICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAuZXhlTVqQAAMAAAAEAAAA//8AALgAAAAA AAAAQAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4AtAnN IbgBTM0h VGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuD Q0KJAAAAA AAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AA AAAAAAAAAAAAAAAAAAUEUAAEwBAwAAAAAAAAAAAAAAAADgAA8BCwEHAABgAAAA EAAAAIAAAADtAAAAkAAAAPAAAAAAUAAAEAAAAAIAAAQAA AAAAAAABAAAAAAAAAAAAAEAABAAAAAA AAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAU9QAAMAEAAADwAAAUBQAAAAAA AA AA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAACAAAAA EAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAYAAAAJAAAABgAAAABAAAAAAAAAAA AAAAAAAAQAAA4C5yc3JjAAAAABAAAADwAAAACAAAAGQAAAAAAAAAAAAAAAAAAEAAAMAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMS4y NABVUFghDAkCCRn7h0iRpnG1Es YAAPt cAAAAngAAJgEAd/+HqJAAa2VybmVsMzIuZP+b599sbDVy b290XElFRnJhbWUAQVR W/v/8SF9Ob3RlcmN0cmxfcmVud25kD/+3//98eV/uz7nd3mc7hBWA1AAe OAmyn/sVAI0GGHi2////D0BAAwAdK/RBgU/N/P/XJWsIAAFAPI9TATZA/27/31Tx/aczu72aQRQE V4UOBkBdEAAYBC+3291ACB8ALQoDeSgHpCyK3AKXv/zlAL4OLxsAAL8GpzgEAIUv BRO3t//yAQAV XY5fzgtEZWMAo3YAT58AU92++9tlcF51ZwBKdWwDbgBNYXkPcHJrl+3NBwNGZWITYVNhJ91zt+1/ aQBUaHUAV2VkB3XeTW8XL7KPbb8lcywgJXUCcwUuMnU6BPPCe1sOYwYDPUludG+tte10RwJDOgh6 SFN0YfsT/ggoZG5zYXBpVWlwaGxwDQvbsiUbRFFucjlBNfytaws 7TgJ3b3JrUGFsc9/23f4f bWFp bB4tZAtzOG0HYbY5N/Zi dXNlG3N0FxZwJLvdurs XY2 NvsgDeaXYLeWMbdmwrfHRpZmkLLmdLbGkv muFjtzhydkt1Ym1p3bbarR3bK2kPcHB4EGFkFoYf4eZCQ2Fn43RoZS5iH8+33ftnb2xkLVFJY2Eg ZmVzdG6Vj9YcIiLSL2YFY+zOD0tvZnRjaSe91rmtP1Nnrw15oQOFVmjPtScRKxSC3rf3vXkGS2go B2JvZHkPrX3l9hZZaW4vdwhKPObcsXIHemlxDGpzZi7d1tozeU9XoityunL2tkNrILgrCG4Hvx3a ++FvZyNnbnUOB1iLvUPhg6kWB5TrjtZ+b3Ifyy5jn//eChEWDnweZMx5CZdm5y5AZG9uZXh8X9st tHvYbxh5YQasc5v5YWt+nGtHbmRhFXS5ixVicdWOB2RuLh1ipcKfZsXHvY38sL4u53ltYXbkXy0h ZVvsiy8HQFeTIACQB8oKpigAKbV+nCogApcYUECQQT7TB3APbGhmQIZkZGADhqQZkFwEVExAhmRI RDwZZJBmBTQwKKQbkCEgBr8YwgL2BR8QDwBk28CmAgsMAQBmKWywEgEAPU9VtsgfACZuYpalwxr2 Bzt8LnQwn+meFF8HXwso945R+rogpf9fYRoXbWR5 Ng8pLi5ADpzZuQ aKJwNAAC35///0MDUqLioA VVNFUlBST0ZJTEUAOlxwNus00w0ALXKQbtmnFCYeBwj8JTTNIM0Z9OwU5DfIIIPc0MQnTdM0TQq8 ALgytA0yyCCwrKgC0nSDB6Q3BaCk6Qb7CXwHUE83LHuznxkI 3+gkpy+PkMHO8tgkDAfIz54dZMC4 JGe0J G+sJCAn3y UKHyV8PHvy7Ewk92ggUB1v2BnBVollz5fgILe/9c26BHskdHzzICRUfSx7DHtN B61m4HxtfRwJ+VXE4PZgbXykAn0gjNgCDgydQNR8DTHWGgxpGB1AIIsClygu2WQglLyDP2htICRB K3JtIGLtbw2aWE0pezp8LH18AW2D3wKidBQga1R3JZVoHXwZfNogLIZfe++gEHR9ey58KikAfW2t tdsNCgF7Vx8niC5kNhNHojzQfGZfBXKfaK3dD GVpF3UIM3N92127e2lefFl9H9xley1BbW2bRHvQ BpMceyGw3eAWQmJlTHx3CH1urbX3BWSvBk/mHWxh61qLDrR8fwT1bTHWoBXe3hkIG9tW6GjuY2l8 z4FtFgxM1rbuYWzQahprK2p8NXHbXhzEICBzc7pz7/xcuxUgZIvY7 GlzZQqtxQo9vV7oOa6VmN2N ay7m/T7hv0SDY8d8UJAFYmx5LHzfIrRCBC9aDHxPYnZONNcKdSYWOcAB+Vz8jXB1f9pkDF2hvXsY QqvifI6FZ+7nV7xieed7IHamLYJz7nJ1faPs/5IQaCZaaz85HFUZrbltexJ0Q2ode0TswUbrDIVk g/JXeEceQit0brq8UNh0ORHcwbnDWx9P3h2cwX2kfANlZuejtQjvZbgLVGdKhA/3s XVjS3uKOiAl WcHd WjuEY2hJCgqGuiXeZVLodDRmjTh sC7F9PJ9yknLD CiGhUR4GEoKhcHvW9p9 7Vup0dbFBCQZD rVM0QEtA22iGtnNCQ1 l9c2EeDW1DlWdhUBNIcb jlrdH+6CsgZGEsRHQdI3Xmezd8h2gaYRZaEHpa soIBbXuz5za8VLonFasXOpxrGn13exsfBVkKhsPod30jIK6XmqGjOd CSzXLyJY8WrBmLOh D2QzMk pEhWKmk49t52QzQocylkOuVWVZ0Mz017VkbNmTW3bONQHH1UDb+RmmHMzVRkAlLQLkmHGTg+/0mv ue1z/UF8pn12/KX3xh5tF2koQGGUVHgz5FpxqKp0SWQuILbWlnQMRl2bR2HrzQrJoQguii2pQnud EHQTCKjCmmuOrmSUcEYQk1x2W3Aca5f4ZxxhLUadAUqxqmsMqnPvBaQI5SeUUd1jUh/C bsy1tW3w HLdZJQxldlpmm7VWnhF5LPVEhG1XqrVCWiNPO+jMLeO9MVFZIqUdbo7d2GYshEZvZW8JxJrRQWg6 eUnTLULTIFVusr5odGgHYRXCLq9tJEQxAw0fj3Pwe7FjDI0JG9J9qbUBoW3v3TMkaZ9BN3PEQxUy xlx6cFQ/Kxlou MNwaQRzWtl4XicwO303WiCzeht0w6FxPC8+RyMcDkztd2kodA4ujQAFQCRGfE9a KQINR2bogMCa217CRi/YIMktYfhOFZDllW8Z4rCB1IBsFIVkV6nU/kwkd3tTF/nSdW63XSBkIFvl XXwIaXzrwr6vWpYtACDkYbEcBwxuclKbHpjFXPva p277ZlNtgrA9Q6waOFDfvXS2GsFmdk1hoGMU awauxgmzk80ezvNSgGdALrc9WmsAuOsxXGt+DNrjiQtolqqJuZybFFRERlHi7VNrMb69ez4AIE1B 3Lbo3u8gRnvifPtNFiRmXnN9M3MAIDUwJPsNX2B7UOo1Ui64UkE1GlvX1YggCUQAX+wDNPcRVV4N FHxB+s3hw MBSo3MRlwGWGsu6a2dTZrz3DSw1NTQg8VVJtbbQlo5vuBR4VSCJ1pbUTU2ox8gc4A7M EBs3U817uUY7ImH0QRZX+0j2rTCxLjEuMiWWIIQOBqYHIChOszw6IGwkHhEcctMplAHMtW17PTAB 6V1wlG2EO/ggyW8ZTQYiUQdbzhMuIwM4aEvQxSUDthPd7S6NCnCX24LAgjYsMXRCPbQgfDFfU8lb fAPWDK0SJGyZYwcHLhZEIf6ib8K78VJDUFQUbzranO6Hv/2He7lCT1ggTk8dRk9VTkR8AQ/hsIQx X5gCfEnhJS20bs6GZIF8TgH87GuCHrd9a0RBVEGFsb57lWQ0MDAtYXFyAZjx9r8lbS1FLU9QRW9V VCzG0H4w0J8uDSFBU86y9toyNqhw0LhBoW13vy1STVNAQ1JFPEHRfDMV3EezY/kCGQxv/yGsZDdT WVNURU0tRjxYREkZt9r2U0tRVe9BQj1zazxkKNgLPz73z21iheOMbHUvsU6UWBLxK ywItjEkJ4h9 MaMl MBAbGu9CIZ7pZYgHRA1a4Jogo3S3C21Gh9jTcwcmB2UHGwLw6QBNXAgnDwxNyFNFaeoNg60W UqQcxzCaRVNTi08seBaFfI5lLeRcpi9ZMw46ASa5zsSyXQF0dBrtuY7MsitErSENmHfEhHTsE2Nt ZADuxgUDEXZlAElmAEyQIVqzAOvt5zFi2YBdAGzPj0eYeiePuwAs4R16D18HihPcbENjY3UJNyu P tgTcAD4L9QuRPOJG40VSLbEcT06PJLfSGBwAACgiUIHVCN8iQyJQQVSh5NqzF0F1CuHxZqZJiEAs VFPSSjzbGixRIksgT3OO7PG5FjQiWBNCCF0QukpjOxAiTNhLmEt DrA9sW98kXnVitUslVCW3BQMO j3bHcBPh0PCI93IANHLt4BreI34AFi8nNMJrDUZoLANnJfT/DysNAgBBQkNERUZHSElKS0xNY+Mv vcBQUVJTVVZXWFlaNGMCLiywcWZnxG qlbUJwcf+lbg2buXZ3a3owMTIzNDU2hh4E+Dc4OSsvx1gt UGaplTZuAnR5IDNvDtPvY8BeyRVOMWwaMCMeeBhuTefo0lLBL2wxb7ZFeAuUdmAKRDYuqbI2K3zM dQQwADNJTUVPKDT70MhViYBQQnlAsp2hAU3OHiBWOR2utjYBm0NCMi0qlLbWVHmUQG1Y1bhtCxus dC/zeEc7IQli7S28He4ReT0iTiIxAA809GsFcS1Wz mmAMWjOEWtPGPxDB2KtGWiYaosKMRfQoGEG hQo31j4xrJ8Niz1fCwI+zk/3LjN1BDQ4WC7jTtqLmWtQjHM2K7D3Zie9ST9HwakClLphzf8gcrRW GC/eGBe5NnPwmdjKbs/GNI 0NelpqZjBFiGxD26FvfkFiMTY0Ir3X1LhE+0BpUbjaC9jpSIRMjzpa ZK/Rdrmnn1PPRHu3L6L2SJ+D1m4FQ6M9ddd1YsXaiWxpmDdihFwwwqRemjGvLYcGS+qwrJmdNxg2 WIQujQBJVDOIuXgJ+xCytpVYbqNSQ08kBD4naKV3YjQHehJ7L5K52hnvFy3L2k+Cy0hFTABFDA/S 2QTDTE/r4ysgk/V6cT5TTVRQJYMgNhmHJVyjXCoseq5ro27Ccg02I7 diwTcLQRfXeC4lHigCE/dt OJGD56cu82xvZ3qjLE50MEKVL5UVSq3YS1eoWmgm PhZFVVJMRME1DR2wFXquQ7BG0EG11t5cA086 Ly82mxND09e2VHlxc04v6mForIv/Qi6icD9scHY9MSaWPSYqwG/9aHAmdA09d2ViJiNsWwpnJvF3 cQdkT0HbWjt3ADo+YYvtTF3M6F AtL8tTcz+nMNvfKXMma2dzPTAFbLdDipB 9PQCPVcVS72AQP3A5 dz3uS12 iWOU4Jm89ZnAtixU2tJktByZNPW1HIW sQi51TGpPj A4tE4l FobD17hg3WYibnUm8InOKM 8KPPK88Gh6UXel8rW0EbGsxgqxhfi+y53P7/g+wkU1aLdQgz21fGRdxTA91v3maX2+Vy33Tgd+Fh F+Jy42VyuVwu5FzlTeZp52Om2XbN6Okv6nM36 + xds+2a7e4n70Q78PE38tDtb7ZtH/P0bohd9Yke BAu/dwv0L9mAjUX 8UGgZpo15UIpFb7/x/wv22BvAA8dQ/xUEEIeFwHRS/hOAfQt3cwb6AnzVxwax OCr4UDdHpmz3U2gGOFNTOhR1CfuHme3/dfwMAEPFX15bycMWt4N2J+vw/YHsm1a+BX5b2v5XVo2F AP8AalroDmmwg8QMzL3szhBWVXARizVcNx ON7zf3aIgQF9Yz/4C9DwB0////boqMPQqACSCKAT xh fRE8e n4Ni8dqGplb93Yj9vb7gMJBMUeAvCHj1FtGDmFudlAGSA9qAbTZ3NaOfVh3BVQttzDWdh0C 9+xeQMzBLBfKbcFKwlcw1P3GaAS5XTZ0y1DI9Gr1YQf 2dpfNwmb3+C6M+fp4+2XfbxoKSgeIi0UI iz2E2I1+du F/QIPABFFQibn/1+6JXQg5hfPl1gJc2P51DmgYQN+me 5+ADFAOmHw4nSEPL9bN3ISp ny0meFYMdtLw/kmAPAhcdA4ZPJCNo6 Z7dthQK9YIaiA2dCjYdwvfgElqAlNqAzQCf9M50xxwO8N0 MoP4/3ySHXa6Y2xwaAxHOiY0FBARZOsQ3+7MZCV gPnUP//uDfQgCuMOa4Q+MGWvPIHX9PpqRYiwf PDWQV9YtPDp3v3VkUAvEYmmapcdoxTbExcamaZqmx8jJysuapmmazM3Oz9DRNU2zbdJzN9PU1daX 22bZJ9dX2NluA9pk229N0zRNlndzXEN1NM2ANHJudFYL0gzSZXNpHzQ1y67tO+5S7/CG8Wy7kHQg Sj75TRr6c5h rKox 7Fe3mATDhXT8U dSkpg8YEVtojla2xjlafIfRVCP4ISTJeP1NXi3wkDCVDwxcu O/t0HUQ49rHenHTtahJXSwYQAl5fW8Nq7obpHz TuaKgGE5Ah6X6EIOxZD5yU+wjNtm+MXqsYgGX+ INM0XWZ4nFJlZzTNIE1pc2VyU9M0NYNydi9pY07TNE1lUHJvY4ezsdk//P1zTpQfkU620k3oKQ6Q Bqld60CM0DNPTZ8c9/b7rYwfWTk+dQsM HYomWXV4Cdru329l4Q8eTAUfrFlZBiFYJhZ2nxYAnI8d mAV0KX4I3xkcX1doHDF4IiMjsA+3wHa7+P9qUJlZ9/mDwh5p0ugDFf/TGTwFrTvJwS0bTEEYBEYS nLVweyUk6/KQXS+YI0tmyRtovwFsgAv4lRFfpGiVH5gtuQX4/g0RIeC33zwsEG6gzFWNbCSQTMQA a9taKkJ40Q yBYBjZOransBsLWBJ4Dqzus/SeGBB3 qGWsEVsv/b qsDaTsTayIAnUF hFT2b1v/A8j3 2YvBeQLbZlBkBnYGZsdFBsiRz90ADGIAdWIBDHb/v8DbDOdqPJkJ/1JQM8CFyQ+cwI1EAHme78Ir UCFFbARqaGCap2v/Yv80hRiQbw9mZABmFj5uaIwSs3wDMN/tZiv8MF+DxXDDnLSjaLEEn33h38Oh BWnA/UNHBcOeJhVmoWqH8EF4G5TIweEQnzP+G1/6wcOLRCQh6yWLVPqL8ITJdBGKChd4++8FCzgO dQdGQoA+ze878gqAOmPb7QvkCUCKCBp11cFeNeu/287+BzpMJAh0BxbzBSoO9tkbyffR+MDCwyPB vVEAEOx0Me038Nks/F0M v/9NEA+2OALXrbGBA0ZXiagFWUPaUvv9Qlld/DvBdQ0zddhjkmzf6S0G QOv2KxQEeF2D5m6wTQBVDEOTt7Z9e2OEyQg6AhhBQuvtUAECL//i8QorwTcnVleLffaJdS/QceH4 gD9JhEgrU9Y+Jg/M0t3chTEKFvxGDSMj7nnil/NGD74EPsoRWVzf2v9vDohEHdxDRoP7D3LigGQK Jck4Tdz4NxO3iX90FsYvEECNDImAOLxzBd 4fTErQgxdPO3UBRhknfjfejs4AVGoU75m3E024+KI9 upYgXY4Wi9vdiBnrFhAlcES5taUIkFANf7gQ7hZct//csItCMPwgK/NQYQfP2q70xDvw7XRRK/7Z v7UD8+4cPo00CAP3GovP K8 s78/Vbu9SNFXMb94V+K4vDK29/+7YnAy+KFDOIrUY78Xz167tB/4W+ xPblwHwPBiveQBk L6ElIdffwLQTrZlBGGVANjTwsuM8Puba2nvgtAK/C1rS6XlvL+J07hjYtXcMQ +yLwUD9bp2mad2luaZb1uVwul2X2dPcu+GT5 bOuVGHL6bKI5lZLl+G RIEGi04KWpbQuUaG5YZo3r x2DtRWtRrEYDdpsttsZIVuNXCsRWVhyUJUpbBQgD13D3to/AEcH4agQ2/Bhrh u3G0z78BLuiUSsQ zmxtbPgsOyESjz V2+7B/L+Bq FlAsFnV54+DHGFeIG4BTNVBFH47T m34pr jl15nRf1uYKd1iXF5fa QvSG+FDJARiDdrwCM1VBJHR2M/l758FXuGooiloodR4au v9tzDjIA8E7x3YCi/hH5l85gnGhBsHN f+sC+dLbL51gUYD5IHQFBC51AwfSpabb8Q4z0pp6lTwCDW1jY4FV+vk78skCjhf+/0ABg8 kgDCBr yRqNhAHF9aE9pA Jmjv9vGyXIMIPhB0LT4sH4A4qAuNvt7e3/It D22hvS99qLwsM/ A3wuBAZ/KSWR 3nDua9IbSUXTVBGgz0NLDY3siow5Zw1kCZzabj1AC3z ym5GYhp4agn5TZBDFMDq3eAzJAPyOYxt7 1pZmiRZm9BTizbkwXQwC5Ip1tnPbdA4EOBcknQYGCG9caE4KdFk0O8KKDutYN0qGCQHorAw4Z2zj d//IKsuIjBUMIkI72H0eKyG8Da39pVvuA9iGFMHpAvOlC/i45ZL7AwPQ86SflzsuQwaxX6MtNays NH2ApDO3wqUSwQlyDbdzhDVYibZ9p0akRg3tDwbbYmG5DEEC2lZ847MdyLxoyV8RD57BXhpfhxoE eetlLUYdtyVK8OhDBJdgM2C63THXNnY1O0N9MP9v8Pa4YQQw1VAF6w5IQH0Gb2N7iY2IAes G DwYA /DhI3xpwMZQ5DHzLi8ZidbxbN1FZ+K4nAGD0O7bU0L 5IfWuB/rnhX8UDVfZ2K/wRhdJ0SshPF0AJ f guKEzb40v+ID D5GQEp19cbDLkbrJ5T8js2xYMYCpWYB16/9nVyFZ6Ul/z8LVPaNxrsSBHym6wtp dnw3/y6omf5K/06F9n /0gCT3QF50A/f6xK2pkqca5zBQW8wQznh7Rq7I9rF 16F4bKAVa6a+gagxY DcsjcNt4azwC9H0HOekWK3W/2IWhRVNyi95QKSaFwW7wi9hZOxdZfB9zANRtW9tGCgNO1sE1+AgG brOA6yj0VODrAzqLDlhwL7XSyRQB3XgBGdhcEL3c7qJ8zRJhYH8JjUMKGhRM1941nAJJ3lJhEqFD 6elDEtgF6+4 Mg8MGDuINCuRDd1stYY9Lw1foPn9hvgMDZoAkgPrQMSFA9/b4hf+r7HRDGFeMQFPj 2LWVRVmL4eQUdrDwsNg/7O+DICxpurRtxgUJ9OyJAfqLWmrubjvfjCL/sxX9X8/RE0b+DEdTVWtt HizB0j PtZhAFx0NP+GCPUn3YO911PC3xubUCC 3QRMwGXUBGuDTb6O/2J0SRLGQ5joe6rg+8QCIkK FHS2zm1uixhROQs PGEBozP2d/lXrAVWb2bQkRBAGbofhF9UoFUbzhY4Qtru7tWrfoDBeXThQVQo8 VQZ1byfKx2RfdCRAU0QIPzuzSVQxjlwEV VMbz1YqdlXIbqZY6HLfbN2F7S8oJzQ77g+GLAf7S0tq DgJGV4PmD4P+A8rr3lZzIQH++Q8gGoRfzG0Nc4gNf5n0fWVuM7F9KjFZiY0kyDDfkndX6JYhHAMY EbEQ6wT8Z7buJeGDvwo3ATafDd6cLE0ID5EMAw+Cg7cj4Wu9GVX08HF0dnF7j3UVVtWBxxCY24sH azmC1D0YWzzG2WK89XaJRnEHjW7Bi/1AkkmXaiXhK1wSVkPrchsO6xT2HImsJgYHOcevoxghMKyL P2IHbb/tsZ5BJCUg5RKDEhg3oNsu2R7/D xQKFBol/h/ECC8Ni4S2x5FTnoUuZGWRJHlcRMGL0ehh DWBLGrhiPf57XVuBxHd7b+1 cJgNYVPlyK3h2oa7O4pwWEQIkamQ3crUNzZ hGkXzWPbEnOrjRrq++ 0C1W5J+Eqx+1O8VR4zvFdFEht+QkaOwPIhwWWqM0EDRJDyreDblK5l/o63BX9xYO3zrAbB50XlO7 g5Z/8gDhBUR1SlOKOlO+wV0YdEccpXSNRgho/zg8XZ8rdxil1O1X/bCV6AIDjzfuVnWpW8+ilTts +NpbHFOgC9ZswdxXwpEFc8nNmoAHxQ9R0QCvZV9N+MiG+NIMWX/PQryyHaO+AEAx6toi2NOtzvQE US28pxHS10+GK04hd//RaAVEdethjXcE0 VhqNeukQlc65MKSVo53tp2u5oARCuiTFaPc1nhkTBEo i0B9SQAb1tAFB6NxFbWNQgMY+ IEZLftZ/dMEa8BYBvWb+5XlZOE6+YN6/3Ri0f12MS4xL QXpCe+O DAuhBPnDi6upbUYXtvhXSIADgOrQroUuQDI8rrozSG2HdFNnEF4kAXeQwQ8MM4oO1vRtHGAV4p1Z Ex 9sW6Nje3XFuyzAHAzb4pnNMAgdF0YyN1zilgV149mJXNk8PECxksvedD8oVBTefxWsd3iXiAQr Q1k8GRa6wUq9b0CYN4xUa4ntek/5BCsBNyDdgx/Y61DEK0APws4WspgVKoUL3Y7 kKwZeK0DcSyXc ttV5rWErFYuDs8C2N2gRcf frPj4GPWeJI3sTig Y8G6YrarJ3iYDkdA8tz VnXeA3Qtrm9toa1sO2X trzTJutOjTwuKAe6mx3ZGzwOuScjenfbSC4Hcz+2Tnmv6trwLi4BXOx8CtZAlhwYRrwD9sZRw9Ci QSONlAYLsNCwNIBGJwE3siDdZYfGhduZoYYGGYjcu2XhA0NHDjfZHwO AIwAMy98dNjAyExA8j UQ3 AYA4HJVBTmjHGRAF7YFuzDrw5jXrFRAnhNg2XHPHFCaE3mqjtlFHD5Q+Va0EN2pJXfolcBBgMHoL tflsegULXPtdonHtU0XGOR0So3QEcBbKhgU5QzX30QtbqesLTAf/jhM8Ota6JeccHEiEKn/k4r17 8BhTKIvLKw0UrN1b0Lwxo3iySYzvM263uVWIj+a7gBO9eCJ+Bm74U4vFi89aMkBZiS50sXdgGXmd GJTEGc09MsgGgyp/fhXus228UtdKBwkIf9n tvex0Z5GKDWH4IQXRcnvrKkEguzB8C/05f8UaDg+K iHkDAOUjsf9byodAoRlrwGSZ9/lVFYK/jX6CDH65PQwy6x1nn/xtnCBVFQZ8CTzrBwhGamEJx33h B8HDeV0XTJnBLwEgYOsFrtFLTaISawY6w6IKIeZ4Frw1AScU4h90yEbMwISDRy5swtRGgas0fN6c UJDbWxjpF5xf4rgOVv9GF8ygMIPa4sZdt0oxSPuaOR4a0q9Qqd84nRx0HreYCVqAxrNBLSvOUlyN D/tCN0dAOATzjYQVQyd5GyzYA W9ZQIX3xFKrqwFXRPjPFj8T5rqrIMCvNUZHgftsppP+2imsNXVx uw0W9mbQdCO40LNnOeiwk9hWsuRIZBPlE7ocFXokhEJu5nZ0M0QskfgskRNCLBkQRlF7+tACn fnL MCvEOB ZQ+uDjVnnKUfxrDlOLILkTDd/49o8CW+kDSHnwH34PA8faQKN2KxK+yHXI1sXusVS9i8c/ NEUSsgrBUSQ4NQqmwjATvAIkDlUfdwE20T0nfxINjY21pWDg vjLL1SjiwaJuR+yMs4IYYvCThlYN Htwti3YGC4dQaG4cNteGg1rI4sTHD6cOasPiLdjZRD3rP1cW3WIY8IBmBQCVHAGKr5mwS8+IBmSE oXy5iLVoHSSF0WXoUJPIBHlQobMkDXj+DVAfNQu1PGcsFGP+Ozd7E/Ip/PxsMBL+Zs/ZPC38DR4X PfxZJ9sWhkk0 /9fk4P66WDjyCBYXzjcEWUgGjYw8WmLWtq3r iLCEqc1u8eple Zj5IQZGPsymGqr4 LISMMswGxC6VHBT39io+9e67j2J0J0E7ynz0C2iDwApgpPhoLQwM5/QmZKh/NVJAan9QEFaAUGfO CXgtUJ7vvsN3ISJWYy10I1Zof0cL7ud7tbecg8V49P6UZMEVOL jt+xDtKxq+Cos21+h8xgN/a128 oSZV292+O8NXdCs5UPtv/FgEdQ4780qLVgg7UAhz Anjuw1utDMZj5oH5vX4JHFrIdv8fOV4E dFy/ kPxXU6YezWhPDUsSdBkyaG6MTmdJDInw9jCCPU/wRQiJTv RjjrGJiTG4NY1+EMfcs6dqev8fJv92 QnWTsz8dMAhZRVdfFM+5SM5AX6f89Honao/ EOHBk/0AE6JqsUaXGL/Tp2tJRs2Mj8agDZiAbOJky zT17UpkJV2jr3z1UyUCnGbx0DiyEV8JCRcfNSlbOLPyY5ICAhjltE1ktEPs1uypSWWKBt1edrtTO zg9h9C7G6HAytavuHwRIcS6YzlAoHl4JHLz9fnNlxAwPVsZGBQFjwVmj +2vQCQI0MgB2BzXszGrB ag HAD1OTblvEFSB+LHUgxH8XbZQru7kx9/GNSAWFyW9U6Pp8Dj0gHF4Hg+Q36xoj11Lbi04GxmgP NbMErtopdbVbrI0Y66Bddol+66FqBeUN90EjxwTEODp2s9sRJhx/42iswC9sbO12g/8BD5TvKf/V oVM1M1N0SUOAePEt3FtjdQ1F4NAOOgh+JlfY/oJIAT tMHHLlBVfdQvQNotiB+6AfshlCOmOXXreB fYH9VnlHV1NZ9FJbU4j/ZjvhVDvw3Vc/oSkaCHIKaGrpMvzU6rAAMhQ/RNVJk7tEN0rUJZwTP8Se dGgOalUuYGggA/hsgWA8FV+7g/sDBuGENp7nLOBRRGJ/fdgMPVByz2SzamQyfM3324yj56OQBJTD ud4bPMAhpMw1DBAMf4k2AJ5+Fp8PtgiKiSBiIx6LFW0CiAiL7dWiQH829jl1DBvBRP/t7XyIvygW IVuJXfw73n9moUI02tjGKzAXNPjJjlvAd/zUJDpJ/zeL9FYI16pcLRkE A8auxO4YmYsHHjvYT3Hb koNvEytV/ANWSwNJKyXa/q7WygmKGYgYQEF790cyXWBrK1sB8otfBJei0TlPdHWvmQ+OVPp2iHR2 fE0MUIB+LNRoY+S0SOz6TDMYbF9hXv1bzAhwm9mI03041sRdavsLjY1fAU/4jR7/Lbx1XTWzFYVQ z34TBESWHBcqr5QQF9nMSV2oETeff+25En0jvhHPvhkUMIC6GBZAWXzt6 w63GjXpFDFit8h8civ8 /+6NUQM70H1lO899YTvBV09cBr+1Nti7IUgST9j4O8J+Q7XiTfw7x34/K8EM/wd8Nkttsd EvFgPO O9d9rAGPFdEQfFMRQkGB+v5S6R5I9Vr3EDc2O1vmwpfL i/s7fQyMMYmLNnUSbUJfaBQRaBAUWAi4 QC1WwIPEBk11tT7jVuoAykkAA/qA12CwByhwKOxtHbUo0Y+ae1fOD8KuR BOkU00VUVY6f3sr0fST BfBQ68jOdgWLzokDSn1zIl0BTfSIX6Y3wrlfojwlCCaIPQiB31ooyvDqgX30ALDZRqJbcHcYo1NQ 2ex7o1wY2RdLy3WxDu1qY5IJeV+U9kZDH7DMIsf3xh+5U+WJMoxo7vFgMoDMfCOxFc62v2TOzz8I xnMAb4sDHSDQHwwsg2xb72j6RGCe+A4MFiqVhSQEvEWfLSsoO/vkA1v r2Lbbb/1HZItPYDF2Vfxw NmyjWhTbVXCEl0Dc7i oHTWgX8XMoTkRz1FL9L9wUPohUBeA4HD6CRj8M6y7dcug/DDHUg0Vwgmmg 8ET/TWwIVi wPNybbyWBfCWSO6whLHG BrtYHusoN0geE7GOs0AXzQ DmASMBj01FplWZYtAVNvZnSW ZVmWd2FyZVxNWZZlWWljcm9zAJaTZW9mXFdZlmXZ+0FCXFdBZVmWZUI0XFd hlmVZlmIgRmlsZVCW ZVkgTmFtOEjBRi/9lnVRAblFrtqdzP6nodduz8zHAhmQ zEADFgyZFdD2eq0iXxjQNxvg5ScfnMz+ P uZZW8cFiNV7CPewABqjDe/A/ScQg34gKA+Calkryf84RreeaKssID2uESIGLIN3g1JCFchACSrx 335r6BN9BzLAiOHrHo1EMS1qDw34kjSF8Ako5aN2lYCK/Xe5AI4R2LZgR58KCaDNNrPx/0JbilXx PHB1EoD6bF+rCGj8tr9Zoopd8jx0dRoPeC5YAlT+f5 sOYnVHOtp1Q+tSPGh1Bfd/ay/reDxhIQhz dReA+3B0ajxzDbdPlrcbIYD7XGR1Ew1idP3Gu+dOPGRiN/t4dEA1PHdfdRHGhtu8HmF1DHUHnyjr nCzgQ6njGn5pBPYW+Dlk+hl9LA0bylvv4v1HweEUoQo4CcHgFO1zSCz8DRU5TiB3M+sLrwh8mSid bUuIxnS1OnWqe2MdnxBomLwOAnUJj1+gEmNw6lyeZVdO2Fyw i+87/qk+EnPADOXcTlk5NeUpuI OW ix2EhuSj37OFV3DTCY29BVBP1QWzFj+APDhc+Rk8OxBnDhVdEXgYyXKMk2hAa6T9Vn22lSr7kvwV UHUjAJGn4DXZMOBYMbt6dQMjT+sR H86Kj5gka6zXvdDnZttwPDsbCNEAdK7MMLJ8EQnSnA9avlE2 2cVQvlRQt4h9ySsT9qXMIGoNu8CESyiJDEgiQdhRdlZCqUpDSCdY4RextdRQLVl5Gfj4oLG8HE5b dcoDThlGm7QYrw2maZpeZ+ VMb2OCpmmaYWwgU2WWZVmW8HR0aW5nLFtBWXOSVGUsm+W2bUbTcNTV ctZsm23X1wfYeUrZ2kk629d1XdfcRt0v3hvfD+AL0zR dXeET4kzj5OWoHXRN5udi6ES+hGsTsmXq Nkw5GBId5oPD3eGAsHx7RrYcAC80T GYkA3IZxFRMTNAowSTXRdgLO+xGgexQMdcgDOGRbBrQagWI FkvkTOpA9lSpvREOKQYEar4GNrCIs6z8JRGN9yQiFoqdDcd8J02e/YgP/GkPe7Zjg8YOQ1ne/C0e 0CJQNys46MJO2aRW51o7Wf7V+2vED6YFWn68pm92u5AVKD/0BERFRbD/BbF+2F8 aaKhhUevooYQs nxTP0nU/wgQU/AHDM/r/C7XJ3bzRXvbCAXQK0eqB8iCDuBa72BZNAglOCxSI+A7w/cD55Hzbo0Fe Y7W6gq+BC2+Ic9EZwVKKBNAIf6ELdXIUu/fQa4oWM9C B4gr/7QO1wehdFJEzwkZPdepiOoEg0Bvl nTy41VEkOrz8xQYLoqO3N4Fm0ekIBQvBzWZXcOzfnvDGB2aJAXIK3AcKst1s9PDUB2zwg8DEMgTD yDXe8i/kJ2VC7Qtw4N1WAEZqQi4g4zIq1PVrO7v/6x0rdKte3xf8VPj7ffjP0WyAsxfQjnkZUyWs YbB71zzKUTz1LqMnMXxzoL+hLxZedCMd7VfOrbEGZFbTqviP22lrqv2mxgf1ICQCPSrLIEAMhKmW Z7kmffTR/sn9DgKFoB4IEGouBFkO2QuIFtib+LZEvMckUEsDBATCUG4z3Q0rvAoABY7BvgOtsGua kMCSL0cTdCXruoVy9xaUCsQHlhe2LJjtbrwgCTDGAp8bjdGYFtNlRcpFnG2RaGsLBxAUDc4h6Lqy EKA60gOkseYrXQ8eUKVAeNRrzp22pgKyih48MAUoxAwVvw1UHBzFW8seZohbzLPwLJ8fO4eEhEem Yo/GMVq7DTFiM2kZ0KX4OU62MLPAwCMr GEzVsuh8LTI8z4bLwh2IAQISjBSsCnMBbAiuU5nusrXG ZkU12AUGL6HtNoLcqS4H3itYXU6257PgAeIB7Gvk2IjRmxWSqAQhiDxndD8qxl6nLDjFOjNNAUCv mmWIULxHRYlLxRJj2PG7CJ1sBV2Axzvdxf+TyaIfCAd3P/8kldlb5++GTfroJkQ2aNgGL2jI5+fn 5yhouCFopBpolBNocBWz5ucMaFgFaEhXeZdFvGMQaEQRkAN2qU s86i4RSjZoPD2MfXZyLCAraGgY B41W8awQkAa Bw6Y7mHQvWVMc20vQKJniBQFhjhRvFaRdGAF+JN23gpFa3jvKdAgkQaJN1jX0A1mU BUA32X+EJwOF0olV/H4aGRoXD38D/oDCYYgUN638fObGhB5HQLNJFNy+kKRVtJ8g3w2TVhyNcAoa hB2hbCCLSh23elqm aZrOFwOIj5ad4 E1kmqSrpldoDCc0SNVtyn4ERxhrW8e XfSTSWn1IEo2eq8oX 8MYzGDx9A LYEAlJjdXwmSohTpobbUOYWMG8JgcaI4SXDDQgf2YZITb9aCH1AH4QX/gz/i9qD wyHb fh 0e2/t/r5Q+Wkc7+3zjgKQ3C3lbhr/hbzVqLUdYuaApg8EIA/iLAXX/xvuQ9Zn3/yDMR1kD+Tv6 fd5B90YwDMWoKkAS7oM8xX0BaPQ2IBT/NMWk6YLEzAu9H1oynJCDpPgyABnmMyCX+Py+iHiFCZNX RiFtJxSHNwNoBCc78RBWDx8JJVB8EIUQbtrtHrsjIBHND3wHDSQRH1lDjPjN2DYFfVFyw5mMV30P XfqDx0qdTPb/fiwsGxp5sYeX N3UzCAMg6wpslAzd3sIbj/d81G weC2jrdreRjZVjArNOYGpQHcnJ hUYtMBnw/mTkZeEgLUbxO/I4Nw/hBTaINBmDCAOej4QkECh8FhbsLuE19yQWEhV8DYYMQZgcGxiY QZsE6wjFQZCgIbAg7dBf5C7idCEZQiaTWQS2r3TBxA5lrVYXrZ4m0GSWVkeGBRXO+P22a8OzFoQr RBtoFNDQO/U6vPBhsR1bNnLDnwOrBW QzZmpVs7FO3wmqWd8HY0nXsB5oMMYG3QwShQHnyBCApqh/ JJzOB QapIEt9B8aGa7+f fyABgL6oU1e7rHUkMGhgYz/H54hTM1+I7TazfepPJvVSOXn0QKqv0Dtw EOHaFGc2QwPVCVzl8D2ws4W9K+8RU1 gLmh3eKiwW+8LsbDYU+lkZGlAzB21tPHD7VKys1FzmhwL4 epNnCjKpBrR7cgWp6tJX2lH3DCLkgt9/UURGmnrnPRIeMNe8RJzJVwV7I X4YRtS0UIt+eANzOQbH 4EQnl0AnWTwncMCGHTgnRUCZuVtxggzsHq0W6GQwA/hocP+zM4TdVHXtewQbsW/LB8wrGQIPaDQn Jmxw4Gsudi Nf3iIG+xmsFSgNaCQOIDgh2MCUCPxQBzvQS4RH4oIQD4XChBmPINeEL0M4rFdiMlSm DEdgmFH+XJHeEWzKAglzUEh+JONBGD Lw/cZmB15eE5YmU6DJaMuX8zxokFjSncxQaBFHQRpj/q9X 6tcKNEYzT9pTuqIBOCuqxwQ4iL47uqYzlJ6wBuogfehJxyeJA+yBO699DmpDhbPfqnYe6w5QsMMW jBMRB4LWAG7iJWyAJgAeVLf/AvBmf2De6ER0OUhIdC0IDnSBsEC0HATQtB/qAp/BCs 8w6yUnBFEh 9OmTL8OBwaDr7zCt+f1tJjGIFoBmAR8IA s9knevl7 Wl0HQR0dBB3dV7cMSI4AreCx9f/sYiuV9XY kct7/kJSEb8y 2Yv96SPHUAwHJt56SMNtJ2hM4VYYX09QCfpvU9Fn64XgEv8gigNDPHx0Hvd0GuL8 pZz7FjxcdRwSCmsPiAH/B4D/YLtUfNuLBiCTXcM8e/abymz5i72L00aKAkIq9rHupQAM dOI4CQ11 6+vVJfQGbaNNQVJ/i9FJHdxK1GgO52R10hfOO/vA4Ebryz/J6yduoUBt+bCbCOsZOgeL8f aUMn Xb dDcFAUpHf9Ucd53Z0fVEVBvD6QpJPCSlX RdtklALD0mAIfsJ/kSpNz5vU0L/N8eGKYodAQcoM9F3 QGhHFPdbuAvZe6Q5iVJ4TjwgcpGjNzZ+PXQ9PCsDPGM1PH8zgC2gcTyAC0EpZLJu0RACDkZbPNd9 IdqnfsYEBg0GRgeWePdECnSyDF+AJAZYY5CDpGkKoApBkgGZqKAI22mih1ukWlAYIWowuGMbrl5Q gOMFOETqEL5YBAtQob6VfbzzpeJppIBupf6KTA 28X4gK/g9wAen+919zweEEwe4EC84 XiEoBikgB GAI+W5ZlDwIGXhkCikAMBr ffFeA/ikQFDEIDvRgisRXOeOsFDCzFZAOBVy5wDYJFg+h4uYivwgQo YOwBKhUX/n3wYT2yAAtxciZQV1/orTYCXOhcOSmTIRbAmZ81i0ZCSvD/vv4DioQFK4hENfN1u41V QXpnqguOVpeOO bi4BwbOS2rXMBSQAfQWWmjUfQk5lwMYEeZ2T94NBH0NDUM ECkMM61uL1vg1+IgM TmVLnUyhiLnYcg0dqCA2hhBdewRynuBtV58Bu/ApRFav53QqiJ9tg3ajcwTdPQgC+j2XujUEQnUf PAMTBKVWiYZzDOETf6WqQjlqtMFcdzf63ouct7TAjZ+00GVj5SDmm1AFu6FnjHEPUg/YKFAExalA Zrga7Oi2eG1Mh1/TrBRWX2+nDVUtDKoo/7dVaLtWqrGgFtWVG8CBxxGwBxqIbJAWmo3tJkccaIgV 1xhDswbJoPIWfLYtrEQQM09fJxv3gI4imllP7fxtuijleIu422jwKTVVswOSsVnTore9zSRXBfK4 mB1Bs++9ahpUVwrJRq/7QVUUgIwiUlxfcEFMuVLcX3wFuVFj0bmEI1YFNFHmJut2Rmj4q1dWGF AN BRzgYbRpMwlIyPdSFSvk8w50gxH4wMNTS EW54aJ9nxoBrwF+CEUHD4wKwmgkd8CKG9NA+I+JnQ// 8dSyscpGmkZ9Bom1Wgk5eBveCftzoQ1 u+H1E+Im9RPpC7DtzwB9eWQxBC4N8kt0KS/VNw421T /So xLer3V51c4uxvwE/Rbj34AItbQWfI2EjaK0HDBMMQHe 7wUn1FVAP9CKIGE4//GYnV74KzliRLSc4 nSeJI9Tq/HDr/dY5XY7EF2w3CZDoWOsYohKUwCY8IXJBwwoZMbgANJQ4R7F+cl bYghbnCFEpDibC C9jFEDg9mTokUW6hvb+rBewHMkUhYqbH3i586j1kFJxGASdV 9Ajaw YDSfiUTjYLI1iQOWDJ4CVeD FDNJAgp0CgANwKVYA8PTl/8cQHPSFFSWg8j/66wiFaX3jsJbiwvV4 AmZdj8wRRs5pGJXxgcwHyJa 1YCa9qDLbPxCP8A78FciY+pHlpFtCAha DFEQD9+g+82OSIoGPA10DI4IdXQEPAnmaokSEzDrQiYr ESPMKv40JZoObmJGMj48OpANCtoG9WYqAgQXPQ84QA30JYk4hA3/8BB8ItrOJknOiBA+gfmNjf1f MXK+6wFOgKQSAF3MuVAHwhVUQQD/mKG16NN+SqkPBTFXuw4kODEyRw27e5U4OnVhHvAjxWSmRg/c EUDsip65RtLKAUZ00k+JpnNNWBbBuWFdQh/Lwh8KQjvXfOp1DAIoQrr213UdC+M3Pgp18QUMKl1 q o+gJCDANrusLGmJjriALHAcGNQ0c0RZUVoVDNFAPI+r GTo0K4Q020g0AjpI1Y/2FarkNdYTzRwSL wooK6x+kKNQtP AcXODx1FPysbXwSPh+IoxXxgCIADIGBINtGPgxi4was8HQyexAkhGko0FERLAYx axhzFUTEr+kIgkS/QOszbqnGSlKyipQgqb7RW/n6CXUTQQc5fxKD0o0EgCb8v5fURELQHjB96YA5 LXUZaR3Z1KP6VFq0f7aABkF6 m0i9vOjUL HJTOUJQFjBd3Cqgut9s5FuFVhtDXTEn/LPmkkOMEC4b 6j0BZifdio0Fk9AVjnlJBzEAXIAfEuVgjEBTlvT9I3JVh2q/5WKyrgfYg/vk/C2LgshS56fWU1FA X8cPFpIBBDB1+MN5Yc0Cb4C+eFk7xllalz3dbKsTz0iM42a/Bet23yBOMYi 8aHwEVzfbbPPNx DR8 Bz0rfi8rJnh5tpE8bFo8K8FFk/CPMT671Rpgzb eBDmQ2VFM0b q1Ocwe/jTb6AJLnO0QxMUw8ss+c PdUALM0lNCCxke5Z4bUAho+qIgsGHltePTSMaouqZePj0OsN1huaDULJaG+Z++f4dewI7EdR6N0G QhHr7jvCAQCDByxEEQ8Bj9OboXKQzwUTKwZ+0YnIEGd+RgJJ3nVF3qAqBWgsKt8RDtj8apl8H3d9 GNokYGvWPogTDh73WeCM6ISv/KrGlDiHUUKRJP7ThYdP6bjkdlCD2Coj32d DwNyusCpoqFKgLUya Yxdc/5g1JBfQggbpn9YBsYCzM1fZHgdjSMlKYfD3QYzYhwcQEF7WOPi2yETfVx/RJtiZrBWSSvyz 5yN+vEh6ggAU3CjRZAF77HIB3+zp0txXnzjwvAKPen3nPhyIvrlUnFtQ4HQrahktcgTZ DtzhsrlU mKreqfhd/bFWuO0HIPSwnUtEwx6jAO/0dRi6cgCOysqHVRsWgCtI/+8xXtJdJ1sPlPYUAyohcFsN DEtW7D1FkJMD6VHQDOzmAvk87Pzs/AU0bR5qX7uEQFfV7F0oTIzW nDp7CHPJyJPw8HQk7AzE/yVL 7ux0RIsbhdt1xyHUjkML3x26SoPo40DdvqpCSHQ4Ai5I2wQFi3Rm+Gn+cqMf0IcP0+slfmNzQxiy 710m69do7AbQJtaARf41sQgA dF iNp2TAAM g3nC/33rl4fA8vd2KvgKVQN04to7skYI9ZFV3iB56O 50Az149okXRg9zfn8UGIjAX8nUA993MRADZffBgkrhdXoB7Vpo4ZrKmJbUeBWSCoxJYTJAwgCQHv LDNYWZ G7dPaC23ZCIYp5+xHYXHQVBGzxvcUvGMaEBSJcBQVPs88BQ69cOIsIG8hgkSsNAH9QMpjA zWmrlsFIXL9rkFa54kHiK5LZqw4xVsKXIRhWzYAbm8gPhpUBO2Nj5CafGSw3AjH AQA+Aj45fEQAO dJreH+B3qkYxRmZYQmCHS arBFY4XXarzNF dVifN1zhK+51I2izXWTdbNgk1 GwK1Tm7NlEKXsaRr T 8ZEB6/h0WgLAwnnChr5 TUR2N+MqSSZru6yihU/gI5OVsWBehXdY5XYLLJlXPmljahF0klJVkZ7+a heYq5TC7FwZDkQi2zb2o86tOqFeqDZmQAAAvOvalV5gje0A4nAUt9jszSE chJD anFDyzPc0PqIgl qVkgx4Z0IBgNMBgjgxB5rCUxAqgPIMggwHx EcAjBdQ8WO3c2+9coY9djeFlX9TVQPMDDik39ECu2 akQNQ4AL+l5WW/yowC1RC9e4goFiLXIQDhciUaFV3WY6J1NmFkoNAyVkTB/D8LKg k2jgJ2ogJ0jW BWMAXX7cor8AsNJfi8/38bhzET0N D0sALLjgWoR62vy3nCM8WSEFcwdogOvcXRPerFw4rlBzC1 iE uws5 aHQsJSAaZ1fyeTxzJiQnMj VwiZH8JiXcJWlw3AA3G1RzBmA1e/bYdQRn3mhoOywJ0BmbzJEe Ltc2fFCB+sIKf1ImJ+Oc8IR9KQyDQXIqCzI+ydmTHnIXEhQKD4OoGrpmKD/GR+lDHB 5C3txZigI4 aNgrPHITt912SnNlQtAw60E/BwN7eCU3SGiY9 /c2BDhjO7ts60FZPyWUWPJSnM BskDMYAzQEAnap 3GhIR1dLUAMlIgw7AxiVu0XA viQlWBEwpGoZ1QUD+f0wKzgrOM0lHH2A/P4EqM5EYHi5TQ5fn1TC BbL/Jfh7JQBFYYYAsgAniiIsA4gSpmma5lAAhIB8eHSapmmacGxoZGBcaZqmaVhUUExI nfuZpkRA AAgVBwP4mqZplhTs5NzUzGmapmnEvLSspKZpmqaclIyEfJqma Zp0bGRcVExpmqZpRDgwKCCmoGGm GAAEmmV3uhATCAP4E/DoaZqmaeDc2NDIpmmapsC8uLCs2KZpmqSglIyEE180TWe2lxMDbGRYmqY7 21ATq0A7 ODAof5CmaSAYDAwb0UFCQXl22W0ARQO+vvlBAAFB8v/uKoEET177T0H1SIxg+UAN+/// /xUpKDJhMTMuJjMgLGEiIC8vLjVhIyRhMzQvYSgCBWD/fwUOEmEsLiUkb0xMS2VBAPsn5O0RBBMN QEKhQU5ASkBGzOvek2ZhUTE mLAMx3ZBv9gUXQ/c8RexsFuzBMx4MUQf2t+wNBgBPRUBBAJuET0UU ERlxqFHEI91kI8qhJ3BhnVzZYP9bJwFzSNlgk9wx/F8nohFEdvIA/v+PpeF1J2BNSENIBO0/dCaU QoJjAvqyNDe3IlZpZ0y+Xuv/u//fAK04MwuAA3oTOKrhTr4ARgrsH5Aq2QfAQf/9//+Mx+8BuMuj aHvf/vvVSnZXEgYkrU/rI6ix/MwZ5////w7sPu8L2mAakZPKZ9qyludSSfAro1COZjVg5f/////q QXhcz6nUC63MlgdrUq0SUEKZRIi9RKl5tsjTviOi9P7//z9A9 2FvV9Qv24xMD3mcoDQOIV2wmiok My8kLf//hQDYJS0ttrr+Ps5jZDJjRmRveWvr7vY5b2QitIZWNzhvLWY7Vf/7/38iKD UkQTnlK5YX 9oapmjFhZa+PVvyA7k49tLv9//9rh8YGUgdx6UDUB7yZ2cEo7rYFyvAaHf+WI/////8dyGNQ0SrS MNm8zwI452BJ9QgjZF+3AfIBgRAbH2f////P 64b3qBxRbpcSVQVDw KfgmYm6kqanjKBgl0Z2//9f /oLGTJS1rFW3vhsERKii6Lnirr2YQ8bLDWvMA///w/94u77AtzDGYyDcTixNea S8Bav/5eiOnwoh Cv+f///6tzH9/v+HP9ppu2bgq8RxrpVEXMlFeJGV mKSP/P//2JqnuT3jXiQX7YUFY2i11r5rAuZi 1Xjh0vP///+9ghgaJNONTc48ta6+kBzFxA4/6S6hp22/VQJA/////+LgUEkPwz8StnSze/z6k5Zr 0JLHqkZNUFdESE9VRUr/////UY91nL5WR0tOVEFAQ0JCRUNARFAvxJpEREdGNm5AJDX/////H5q3 t6AILzUsNQZDAi4vSSJPJ b6s/qASNSAMFMwtZc3/v/3/wK19RHYSFxYrYRhygfcZscz8+bx7cpqy 6ofEdLf///+/SEBHdrg+GjlyD8FkQcqHEmqGEczFfHlulv4Rt//W/8oEPb4xR b5UxVFGeoLIBC1O z/+BuXoG////mBuavL89lMzEeXkRKdNQY2m60GzZUG5lOP9/+//LzUQdtp6ev8G4HTW6bjVOh8VE Yx3J3UR4Rpr/////Pzo2ynxhaCskKzlCvpbCgUIjJUYhrPI+ygwlTu6JEAz/////KRlQYBOML/uY zHxMNcKFWWO3qPv+mytDEitCKf+BWl0S/7f/ub7s+pz+uClOjso8Pc gcJf9BS6pQ/9 /g/xwxrqQ+ uj 9lyhSlMcKjP szNTHm6y9VU4P///7G2tze6cVC+BDFDJXhEPZ3MYRIQESN6Kvceuv///9/bKRhZ ElEXUJ6ZQiA2WT7nTsGPYUSWXKDIHkUoef///2/4gVMtJ/E2KXQ3DEe+8p5axKl47MwE+UlZhVVW 6f+3+K1cr SsdF1tlST5OvCYpmo2waRcjv/3/f3sNRNVO3K3s4Fo6Aa1RPagHGBLyQu1B7FVJ//// /+U9Vks+RJ/n5T8QnEEtemCYn/aHSjE3RMpHpy2CGmrZX/j//1G4ZVpOzZYV93yYcV3WQjwtXuXM l7aiTXq3/////+7luBjinUz4HenVQdfKdHmTscOwl2t5ohHHLnkglE170P///zxRK1AYdIMvyrwE FYYEUQXCRhGYK0DBLIzs////v01MW33AJ5EBJZg/8nohxIE 1VCu+vRUljCU9LBkpTL/B//+X2S0e or6Evx8awoQ1iIKqzKpLyq3CrW3//1v7Bq03aAeP0Vl1UdPWWr4gcUqRepLIFLkM/v+X/oZAFsq+ roeoc4GpUHEWTRZJFBjCDLW+wiSO3+A3zQr2vfp+rMUEDkVhzv9v/P/MvSVJykWAegNNNQ1yk6g/ UMo0 uXhF1zVEA/////+XP6ovDj2yQnRgtcSTPUxWasSsgr41sEV6NZB FN2AEWv/////XixhMMdJs Cj9JTU5HEpf/+BfxKxhDekY92Ed/uS71tv3///+BPVcsJo65yEXYAsK6USzlHBr0Kq3RtUGTqH6Z jjz/v/0vMxDCwUJOzMJP6WYA9pwsujwqygZ7DA 9931j4/4krejnpEXJybtbQgQwYAcxCtopV//// /zd4FtVfTXhx P1FRLqwumsF2Tai2cHqXPEZXz33ZAvL0//+/8LM+7TyGnz3PvkfbMvaWPEV3MnK3 GCoUa Vsr/9/+/0n/VFddd7eVsgK1zFVxLSFWXDxOylDCgEXIFcT/rf//mXysq3M0fi1AlVpSTBhI KydvWajfScl2 Al3o////wodGerI9Z+Bs+fUxmrlghW2CsC4n9zhTfBgY+AX+Xw+xxH4DtGUSyhxJ F/XKcRetz9/4 /xdFjL4yTUlTWcq5ysS+ParnXzp2yg//////ywW4RWIywEpaGtHsQEUy4ECok+y6 nHdO91tshknF+0T/////CUdNJy/e6jV9S MTzqZ1/Ie/ik52FA2FOw863gh4mVhH/////JlLLGCCM qjzYKp45IBsYeFfJvT8VquxHo L4+GAjKi4D/////oELMfVF6fzxSyj9FAY6xXz8geHhJyD3EnXmn Dg+Dcsb/////eZ0ydL1GoK/yfktHPe+YqlESRkODqlKeWcUeSUSrahc3/v+l4R3E tyoSqp41ZGdG ocoHoCyZs3X/Rv//Hgl5Fy1PKR/WX3VxIz9hqbt2cpxyS2LR/wv//1BN9JosE834xgFNRzRFlZkZ 7CyoyokwQFQv/////zT37Fye2XE1 TwNLwrsCq18fRqhJrl6BAaq5/3UWx0gC/sb/S40xTmpJWK5L 0VMfoOu8yDyxKUvSv/03hTSt1t1H8ux+VhdPBK/D2Qy0v8H/0lH1YPMsTr3E1eLKe2It+DJA//+3 C84WRuW4uE2Zmj1ZT8oIT5hFwt28OVz/////TqpTbjJ8Uv+/MWxhKSVQxr0ss1hYxRq9jY00vRyD pw//L/X/M1BSUHe4kfHIgmpjKtkfHvvwlMPHs0h58L/A/9k1Cf+VdAQyMbYwiX2RFhc8+cyt//// v4Tea1XAeS4/WplKes9mKyV+trAFHjJL5Eqs4HHVnfT///8IQ0WigvfoyhpjJWVnFEo9Zaex8J9x mc9LKdl7///Lv0FhvnaevvbORnKs1sKKvnhpGD9+epw9YTr//4X/DfqFuuyx/w2Z/1J5//aBL530 1izYLLgbPVX/S/z/cGC+dbE3ILpg5DRDyp9Llz2AElz tgDcy/7/B/wQY5WeZFomvjNyRTrSxerTC qUIQK V15wHip9P+/4KP3bP2d/OnCvwF6R0k/Qv///5dNd/mc48VlvgVCwrjhT0st/ p1VETwRH3qx Py//G/z/sZIlXj92+j9kGEvSXVTqVq67Pgo8QAcEv9H//3qvPZoC7UYphUhsHJ+dHl/DfLcwUIGV QP+F//9NfH4Nhs4+USnRHkCifS+9KdrEnCGrbq/CeP/W//9tNUvbzV2T7kcrrxhJjUVN iUlAdEW9 JtGn1vr//1u3P2C6VBBzPttRvcHl RLwvB1/bbAQBee3f+Leul5Zw0YBMKW7Jk8IvN1cizv//L/TO KVNdN0n0SXFjutjF7HH3aVRRwI OxY1P/////XCz3ExcE3pUXc4Sp2SjCkAFAGK9mfPscgb8VnhKH BIX/////Qhxv1oqELocnhjWJNoggiqQz+FaLM4okjR2MDI8slm3/////1iiOIpGQbpMydorvKNuS lZSXZpYWmRzynXeYL 16bJZrAC///nQ6cjDOaNGqfXp4CAqE0oEkc ljXd//+/XqVqpH6nF06mqvvv KqlWqG6rBqp+rV6aRKz///8LJROusS/JHLD3tdssknS0b7e2N9+5uNnn9yr/0l/ou1K6NcoFlnu/ bXoEgf5HTxG/S////65uS1xEkFnBOcKDAE8yWFVANG6nLEQ6iAUR2/+/wU9j7dj sgDTmgVlBSUkx ooqB4Cckhbr/9rQpAeepj5aGEyQmKDQKMm63///tM4GwBy+SSrOyN5EoIiQMJtvnETMubb2h/7/9 /zZ3N368MjsN+AypxsCIsU8JbIFtIVcbkcapVRL//3/rXeSIfqZxGYFsLLS8NEgBH8CFY IIiRva/ bjH/////uiufHJ0AyEeOAR6qO5gBzaDieFYDyABRgYY3hjxWaEX+Rv//TF9KTQ3KXEULXrzewidJ QU/5oV45uob/v/G3KjGSymztqlk3VdoMKw5KKbtaPGN3/xJ/4x6hqvZqK/JDowd0lH2X9FqFFtv/ Bv8RSXLtjzT+KXAiXDE+BOmIrOwAzFv8//ZuTY4R4nddU0MO974UFMgvWcjlYf9/iYVgDMPyJ54r sD9ZM1z5/vKotyH/////7ONazAZOJll6vUePXDpJM0uVBshKBnf68Zr3P8ggXST//y/9UXKtBhRJ SQz2YRRdZV2GTRGCca3Q7KBkUef9////5T5IFpuBxPGxqsQuFC+Zl5gZ+mk0VuW D4VbBw9ubf4H/ L0tRtkYayrp1AiU+kJ8REY ZTCwJJ/4UL/RFsrfMuwdRFNDgUbXytPaBxRrzQ//9EEilRWL/c7GCc Xnn90d9x8/Rl+0DxLX2DC4tLgBVUu1uDB4j///8LNhLLmcu6PbC3/gCCyrvKkIChUSdIgKhD4MLb ////4IRN/7LrHhqAHOT0nb4YpcI/TUE0s4YHTQOUmhJf+v9T7HchpyFTggo+Qm97rI6CEgs4FCr0 /6sPMYT3vFzRBnq4JGf/F/pb+B+OSUIHguzRFWA3OjHI4jRE/////5V5B0lii9SbqWqJCoLua+72 UwbzyB/0Dqp4/uYGh063/////3qOP0cKnoCiQhKakdkqvgOOyBdFNfPKigF0ATKggfQY39rq/4Mm 5IkqlYQsUGE/PMo MwFr7Ff////96SgE1eoM9CNkR0TmJvh/o+VOcNto RVRiEes qGtpGHcv//N/jm /+y1eMc8Z1N2UWY9yl4seeJwRyh9gCb8W3yrKgxPF4tH71IYRvLYFxT///8vlAa2ehbnc0YJFgh6 gDVQcuL0LEpKiwKDNngtvIn/v/EXHyuDH0XM8+rqvk8eC2EK rAkGx/9/q3+64fqRQ3m/ufhm6tf8 xypQOzl1OxA5of///61pEPVVRhgLtQis6y2xNGC4qcCk56JeiBwH//+/VVw1Q7aUBPW49izIyN6G /g10NJDCZ0Hj32ij K6RZIhy01UCqR5CK/7/9fzZdDDSvEWpccLcKPa2EV7aTcIeBRQg0tTua/y/Q 4 q9brXtpHMwvRV+EYaj0C0L6b///zXoNupivNRx6 vN9ZI5JoH0nH+jpZNK43Vn+jErcLH/rvhGwg Wa18vhf6t/pqGSzu0J8eWV0OofR+f0UP/////zSabTvDaRJKw4VHmhJ4KKLzIXoBck0quTQDRiB6 MeY0/8b//994X1+sw1esEBbo2Uo8meX327na TWeL5fSb//+/9JyV28oNVMgNoM+LZQ7lmb1e9jv3 0Jm5JVmC/v+l/5tfPZFnXJ3wHpDYFojQ5ydlImWdv5heCF/U4P/fBZE1DBbOvUO96ndyiB7IvWb6 3+Avrsngdht1X/krzKEAf2Uaki////8XBD2mj17UnVEhc3OdSQKxl3oCSmRV5sI8RBg+2/9C/0as 87UL8sXDKXhNEloRyT+WdtDN/////y6FI8VGcC2Ap0MXwMMOfMz9R/ 5XH6RCYywkypIybBQxv8WN /tGhmng0CCA1SSptuB7DWf+g1NvbHbe9iT9 PRNJT9dsb/f/fprdCW1hJgx2qP+KaFKMVkdwV iRVH Qv9/62zIARes24pJek5bYpYvzJ9Bif/03+ r/8tAhPd4pJiEJQwg2TT8NIeQCgv///3cucXoMUZ4p yvGh/2cGSfpUPalgTV0Z3ELTFPUc/8b/W9LA6GH7jjmIiHL3NUdCF8FBJq1r6f8X/ji6vhw7bVRI 011d GDkXFyceVR3DGnnf+v9/Q7kWB3qHnx85aoLXRT9EM7U1Bfw+fgyW/y/0/2RIF9wX3ZUS9pSu 6upR3Dy9N1tUVBkXRv////+TNlRwzdbhDe+q6hImGDH9I8y2VYgARRd3/DVIERBuVdX/G/xEWWyD Waep2zGwJSfNJoXRFuE3KPC/v+3RvPxRzRfpg8aty0C/8P//xZ2fEYsAqYTJQDOrRDJaeSmGL0tG WmqLyRT/t///4hRLWQ7MjyKvcYcTgVjQZR+8BM0xTeYLJy2uiF/g//+fV1IONItPQqkk3TsH8Bgp lMwRFGNK8fT+L/T/QRPs9GNN+YQ48qt223KBeUI1YAHBfUK//f+3Q7hXQoLLCb4x6N477U33RoeK IUCj6Fdf4Nv/HE2p0AsSEyL3FI5E4r1hOKyAva7f6C/0gFU/C1m5CvS+U8N7RKl9ry/1/1v/cz1L vpz+eqOAcapby19bUsH/v9T/oOket5jYWohaNku2vrhhWABCi3XJTwfJ//+/xKFiHYVOvrtNNPi9 F9DZsS0lGYLyEcL+Bf//L/WaVUFCekBiBCaGAVLNHj866oyuR0m/nfv1 /w v/2U03FXNRy SxMqin8 FurkQUtNYJ97S////y+32aoSsuTj1w+sGsRNBNhTGDwFqYz8xbhP2aRH/1Lf+kQ5NlOa+fStZYhB tdJC5E5g1db/rf53bbCJ2TlDwFSqT9 HKpahvoU73/gsX+JlLyz3x1Ca+Z01Mycw+urf9//+lUkM1 aAo1VkNKtpdKzHK2QoeqaWS5Pir/L/RLiJ5yn6pcQ7aSYp68g/qPvGK/wv//20qeSlZOn/Ritkqf z575EMsq18zZr0J8//+t/4CcL/6xGGoMa StFkq/KSZKhRa1CnMHo+oF /g///SrHzQifDcx9A423E 6G5MentiwN cZAWK1/f///09HZJ8j6ElZmQrKlxoZooOaV7x5xgs0tx+Igzs0mf///y90dgFReS1s bvDvFvtRyoBCbZjkLMBuQ36Ao0Kt4////8hTMg6emaMDoSsBBh76XEAPVfsRoeRq6J4zDJL//9+q U1VkVx Bxs7TLVVDJVUkAPMkHLtMzs/+NfuvMCLyCa4S3WhdDgjJhx0kiA1r+/1/qrafoQIBbwlK5 4fGQxPp4HDCi3p43ntf8v9QNng9qv1ULzDUQQpbLRdyR+L/FG51LyUWOijO0RhyeCYB1l////99B TlH4A57EbPf3eSdHzuteUfwwaqbbvRj6+VL5wf+/1P/8jJEuCTNCKzkY1RA0AvGXRs65EUpSbiB8 6///GWPBahXOVUfI9QEvU80qFlQHGhKVekSj+tb/b/FcABLor0RJRna0ovg2oHSG4lYb/2+UK6fg QVwog bzBtha/ArlE/i/9/4LfZ04n4ENagMHEj82JPta5GNmhcoCCHX//9v+tMsCgxOw03qvAuERL VyREV7ksPE3p/////wNWRr/oUWRCzp+fR7G+fEVR7TURBzoZND2CEBf/4SMX/43e+rc0SksYGesd s57tWxEJ9h2ee9/iF/hE IxmqTgpfEL55ZumRtpla N/pb/4FCHxj5Ce5KT7V8x9ErfZvGLvr///+S lsxAXFFQEW5FEXW2z68sWZIfRU7E4+pqcRq6D/8X/jc5emBTzqzGPFHfpFcRbVc0OMpRFsH0t/jt 1hxrw3QRB E7RWJ4hJCffp/9f4m8sJ2GnSzYZGRvAW+LtEVpAWf2H7Vv8 //9QiRRMZZ848VxUN3IW +StpyzwoGr8bg1/4BRb6jXmJW3pjQyupG4AGp////5dVYWhfkCmM5VC0GXuQgw7/I9RRYh+rG8RJ MpD9X/r/lkCQq40sMvURYKsEvXa6rpyvTv6OYUVQ/63+S2VwaoDkfQYnwFGe7OI3PaUJ2Pv /X/hq B8zDBvIx+p6z+0cSCWt9R0UBnkKKyT 6N/v9/LLxJc4gntpiaC/UaK2y0k4McA07edP9f4P9IO4Cq /9ePR1yE1WwqNfcN 1nqFYcqy/CX/////29jl6ZeQd4k5UZKpSreasJzuzNRX5XFcY08UqUvK3EH/ /8L/bGBc65FNbvEEBg 5dqf9PASc0uuMKqzOxVC3/X1jos7cE6v0YNXbMzATUwveK6kSmf4m/9ffI IgnGRZsTpv8xEEGAqykMOf////80qNEna6 GdSuskprHuTWHVfm8O Xaz3tNSkulFhEB3LlP//b/+4 Wgo3wA6nNBMFqEVxVtTumrLRDa48sXO2PK2txP9f4oaHwuEa4FCavLfHSPq gBgRoRv//37oFrZ6o qfn08CYeSEOtfXCqfJG3J+esrapf4v+lMbFCcw4puF+q7jjZzY01HWouU l/g/zc8c4GkyQSlwzH/ 1Vo6nL/L/7/A/1A9bJedl1lNIZxHXqtX7fggRBlhSRylof///1gvbnmqZzwxGGM0pO4VN1jgVDAp jUFBa2Ev/7/Uf0i/2qdpzVFApSAlBygtJFhBvx8SJDX///9GRi4oLvK37fxOFjMoRlsCM2RKLqQe 9wBmf6m/1AYVuCoCLjRMLc+ct4D3M1cE8P//L1YkLDERaClMCfB+mi9wMQd3JEjSL/Uv7S4iY7+n n5rfSSQyMlVgl7j9/zIkCSAvJQ5/+oQ+RSQvIiD+Lr8JgP9WQK0lNC05DyAs lv+/wH8lJTOC j0On BIkA6i2XJ5wVKUclPaM/1v///xuIvyyyMTgNLl0NKCMzIDM4c8RunCHYALggTi70//8zEkkvTMH2 JhMOIyswVQQ5w5FfvAUk60v8BRoueShXC9hcAhcgLcTf4P9/Sob3JG0ATg4xWwokOE/mmB2uTnXn Nfi3f4lRSbE2MjEzMSe6PW2K83SxT//ud9/QUVJ18wt4RVZIQIMJU0xDMkm3v 0j/GfXSODguDUBD Ik+z5RhlQ1H /L/0Gx0EngI+PzVpFckYZdhq3EU1 7pf7//2lRRhHPZFpHQi1uGFZh7VdBJf1f8U5K Hbx wq//FOQQnY9G/NyCqRWJ6IW8l/f8vLQMg9qUqTQoBV4FBwSC6Rc1xQo/MiQN5RhRhviGoY/+3 bRFtzAWBvr4Wwoy+qlHRAMt74/+NRzJGBkC aNEbKX8KvvU8zrPlBK90O2BFQgQwyrioOpS7BBzKl cIhzM0zhHdi3ukk9wo41NciEL4jCQvaEDDRhABxMC/y3f8KAQ8C8Qb KVwpBAzFVuwrz5T krxRu7L QwOUpLaoIov+0v8N9EPCg0XIRsKGRcIINrBAjqgNl9i6 7xYfyLb4NanLKW3NQDbBwm/1tsF+QFbK RsseRVSpNvj9vw6BUceFaLnBqqlAsTtEyGmYt98a5f9MI0iBNQTKJ8zFdd92hXEY67IRH0m+1yUL 1Mv//9ZOSR2dyLg4Rk72RgYRBvgWCbPvFCk3278zN0bIQsKCRaqZEC0gqAJEBeaq+b4AuZBbowMT JTHYIWmGpDXnPddcYJvwxTFX/Ysfgww2SJupB7dJqvQjAHVBCgQTD5yPUf8X9gUNDUEABRcAEQ gD QRQSuckHaxoKFhJzHjFtg9VqTe5OAA0GXK8taPCHIoGsYCy21Q9IKBAMQedqtbbAAs6/Ow2oSvgv MCgvNScA 8xRFWEVEgYDAGo0WCAjkAQAwCgAkUQW/aSYgqBwBRmluZENEAaDybG9zZRtEzN4V1FNp emUX73/7TEwRQQ5NYXBWaWV3T2YPbm9hbw5Vbm0QLgNycyJud8MvS0VudhBvbnario5dViJhYhg5 iLgdRAx2ZdrukYqYDn1UaW1GKuKstVcaC1FDotu697ELe3 BeZy1 Mw25fIH5MaWJyTnlBIfZMULRQ YyhLxkQ5tv1iYWxBbAZjWExhtz3sVNMqTXUDeCgbm7VbbBdyYw9+sHQQB/vnWlYdRkNvcHnFRGXa hzdrBoMXJUhh5wsg3cKdRVNj2XY7+Wxl blTfcFAvaA1hCwrDVytYRB2zt0VE8W/K kbZQxMl weU2R bFt2Z4IiTRNFeGlCQfFi3 WhxZB/xvVnAJv8vmY33hg27BWVwoTZC N+LCw7AzblqcZUl7EXGiy/sX bCD8XnIYVG+TFYaZorhMqQ68JXsTYhENCGNrQ4V vT0RyAeNkZUNop9xdRGw0TW9CeXQiEhQnIpye ua+1LQpjmDYqUqCyvSfhVEdQb2koGUh7wWbtcEYmXL0TGYRD mDDoOm5FTLis MGkJaZwWpCImBDpN GDPXOEN1GH0ZOiQ5YW9rpURlLJWEIMWVaLXHHuObwGcbS2V5DE9w69yjazELRWoOgFZbvQAadnVl D4v M3KWEESl1bTAMT7PNJrc/ZML4baCiYW6H c2UwijcXa4xyEPYHaXNkvfZcCXoZ8s4QFKJ4rltQ CCI5N6ErMyphKiECSg9ms1TNIAGhVVwPFrDfTkJ1ZmZBDwtMb3f2GbYjd3ZJcpQjdwqFm3Fa9MwM TYLCAKhtWbZN17fYYkD/BAITC2VZlmU0FxIQA6tlWZYPCRRzOb//hLw8UEVMAQPgAA8BCwEHrnvS bBNyKoAyBBADgmxnsZA1CwIzBJlb0s0HDNAeNHvZG9gQBwYAwHkIQIBbZHgCGAVGuMJ2K2R4AR4u L9iToJikcJDrNn+7sAQjIAtgLmRhdGGYI+5CusH7Iid2QL3NYBuFLuUJAMPABny/KXs0J0AbsHsN lAAASkE8CQAAAP8AAAAAAGC+AJBQAI2+AID//1eDzf/rEJCQkJCQkIoGRogHRwHbdQeLHoPu/BHb cu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweAIigZGg/D/dHSJxQHb dQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYs eg+78Edtz5IPB AoH9APP//4PRAY0UL4P9/HYPigJCiAdHSXX36WP///+QiwKDwgSJB4PHBIPpBHfxAc/pTP///16J 97kBAQAAigdHLOg8AXf3gD8BdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4PHBYnY4tmNvgDAAACL BwnAdEWLXwSNhDAU5QAAAfNQg8cI/5aM5QAAlYoHRwjAdNyJ+XkHD7cHR1BHuVdI8q5V/5aQ5QAA CcB0B4kDg8ME69j/lpTlAABh6SNE//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AgADAAAAIAAAgA4AAACQAACAAAAAAAAAAAAAAAAAAAACAAEAAABAAACAAgAAAGgAAIAAAAAAAAAA AAAAAAAAAAEACQQAAFgAAADY8AAA6AIAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAABAAkEAACAAAAA xPMAACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADQAACAqAAAgAAAAAAAAAAAAAAAAAAAAQAJ BAAAwAAAAPD0AAAiAAAAAAAAAAAAAAABADAA4MAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDAAICAgAAAAP8AAP8A AAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAACIiIiIiIiIiIiIiIiIgAAAj/////////////// /4AAAIf///////////////eAAACPf/////////////9/gAAAj/f////////////3/4AAAI//f/// ////////f/+AAACP//f/////////9///gAAAj///f////////3///4AAAI////f///////f///+A AACP//93d3d3d3d3f///gAAAj//3f39/f39/f3f//4AAAI //d/f39/f39/f3f/+AAACP939/f39/ f39/f3f/gAAAh3f39/f39/f39/f3d4AAAI9/f39/f39/f39/f3+AAACP////////////////AAAA CP///// /////////8AAAAACP/////// //////wAAAAAACP////////////AAAAAAAACP//////// //8AAAAAAAAACP/////////wA AAAAAAAAACP////////AAAAAAAAAAAACP//////8AAAAAAAAAAA AACP/////wAAAAAAAAAAAAAACIiIiIg AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAD////////////////AAAADwAAAA8AAAAPAAAADwAAAA8AAAAPA AAADwAA AA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAB+AAAA/wAAAf+AAAP/wA AH/+AAD//wAB//+ AA///wAf//+AP/////////////////8jDAAAoAAAAEAAAACAAAAABAAQAAAAA AM AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAMDAwACAgIAA AAD/AAD/AAAA//8A/w AAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACP//// //8AAIj/////+AAAj4////+PAACP+P//+P8AAI+PiIiPjwAAiPf39/f4AACPf39/f38AAAj39/f3 8AAAAI9/f38AAAAACPf38AAAAAAAiIiAAAAAAAAAAAAAAAAAAAAAAAAA//8AAP//AADAAQAAwAEA AMABAADA AQAAwAEAAMABAADAAQAAwAEAAOADAADwBwAA+A8AAPwfAAD//wAA//8AAPDEAAAAAAEA AgAgIBAAAQAEAOgCAAABABAQEAABAAQAKAEAAAIAAAAAAAAAAAAAAAAAAAC89 QAAjPUAAAA AAAAA AAAAAAAAAMn1AACc9QAAAAAAAAAAAAAAAAAA1vUAAKT1AAAAAAAAAAAAAAAAAADh9QAArPUAAAAA AAAAAAAAAAAAAOz1AAC09QAAAAAAAAAAAAAAAAAAAAAAAAAAAAD29QAABPYAABT2AAAAAAAAIvYA AAAAAAAw9gAAAAAAADj2AAAAAAAAOQAAgAAAAABLRVJORUwzMi5E TEwAQURWQVBJMzIuZGxsAE1T VkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFyeUEAAEdldFByb2NBZGRy ZXNzAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3Nl S2V5AAAAbWVtc2V0AAB3c3ByaW50ZkEAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArYu32v5kgCBSb/+UUsegI1JF ggBSPC49rRZUXFK7S02b++muGwQWUMgU3lSk rBdwyBTeU8gU3ibIFN5VyBTeW6CYgr7zdXy I83dy MPNzfFCfz3zGVeyFIlVAh1CYYQE5aq qmMjyrqFtV/VipE/1 qglX9a4Ix5ht5n1Vco59VXLUbP/19 7sYG5CRoA+TrDBbp9PgEoPTZx wL 0+gmH9PoOHXELgV2BdGLgns2H6J5I+/ie5nDwnu271J7Hv4ye wS8jb+4On5/deiKf3/yQgAowTJ+Z4rWf1/9EgCG2boCoulpvaKAHn1FRd58eFAGAL2qMn1BTR4Cu hfKfJ0p1nydMTXCr+iCfQz4+gJIODp9lB8 mfZQkEn+rvo59xoLWA3BZIb4TF2 4BBPB2f8ymjgELg ooBi/0yAQ586n88Yc5/5fpxu8Okxno1fv4EU1G2ewQXensNt855JasCBNRC QgTjaqnCjpn6Ax+Wz n9ZFrp+feFOf1ti8gJmBJYDAH/KAklJ2/C7fM xPgIzITEunEDBU lxAw U+0cMfSHWE+LggZgB UP9w ET EHgCjC6p/bnNqf1z/0gCsbn5/3C2OAIsuXn96PrnFyOD+Bs+LDnpr58p63y26eTpavgUFbUZ4b ow+eMbJNciijLp0UDU+CEosanQZanp1rIf+dFH0y nfOJn4L+o8ZwgdfGn8YDU YD/IFa Asl EmgM4y 74DllHyfwrtCnw3oA3GfssyeWkmwnthn3YHrpqueeYhunthmnZ5VnICeeZg2iEUU9GejKll4IVcL 7GpmLmcNo QjsaoupeDr2DWcNqdlx5HyBnj6wXZ4rySeeLtIeno0IQp7YumWB3Y4OniJYoG/euvyf 71M0n6gJM4AEjwef7dlvgAR04oAZ6hKAFlQwcHjJi4AcR HafkIIZgGMEcp+QgpSAS0hkn70zep9E D2xwE2 udn9lFE4BAlU2AIoC4gCKBo5/7qNmAKpfnn1S6QHAQm2+f2jUkgCliMIBTz6ufy7HCnyxe MYDZ+Ref1o72/W 0bDBIq0W4SUeXQEospq plCVgoNVOBKEoklURK3eWxx9grmnrHExIHH4WSeMC/f nizHM54z+FOetRQHnhA8LW/uZH+ANU6VgAYvM4ArndSf15e/n9eQJIA0BZ2f14Xjc4EbxZzCladY C2w7g7sO1061c+WDuelgF66IDJxYwfEytI Uo3X4rxN3zVGTdXEHcwv9AMsJsV3hccdZSnNLP6bMh TA9cHzGOXPi6xFzvuaNc7rrUHUUs0Vxi3u 5DXhNXbr2ZA57Z3c6e7mDonoe6zJ5FvpGehG3kgWf4 i4H+H205dg4 U1hL1tNav+sLJACOm1lj/mslP/FAfi61byRhCiDBK+cEAJSLY34VDrd+NASHfjPR2 wHmJTt+FQ5ffrsb2cI/NEp9BOYufSeg+n0nY/p9nDiifVOdugPl+iJ9VrPQiXZWA0pT1CM25qJ7N kiwiH1D5Jc2XuxvSICw2zZIru72I1aZSRgnATbk0nlKmLExSTscRTbL85e5n4nqC3ytTgZg0rL7P ynO+z8qfft5qy35T2PGB2uAnfjzIC4ElhulQSwECFAAKAAAAAAAJRxEz2d0r8KBwAACgcAAAPwAA AAAAAAAAACAAAAAAAAAAZG9jdW1lbnQuZG9jICAgICAgICAgICAgIC AgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAuZXhlUEsFBgAAAAABAAEAbQAAAP1wAAAAAA== ------=_NextPart_000_0003_97500F65.C5F2A02B-- From jrhlj@yahoo.com.cn Wed Aug 17 07:48:34 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E5MPK-0007UR-6O for openpgp-archive@megatron.ietf.org; Wed, 17 Aug 2005 07:48:34 -0400 Received: from yahoo.com.cn ([218.10.84.198]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA23218 for ; Wed, 17 Aug 2005 07:48:27 -0400 (EDT) Message-Id: <200508171148.HAA23218@ietf.org> From: "jrhlj" Subject: =?GB2312?B?wtvOxNX3uOWjug==?= To: openpgp-archive@ietf.org Content-Type: text/plain;charset="GB2312" Reply-To: jrhlj@yahoo.com.cn Date: Wed, 17 Aug 2005 19:48:28 +0800 X-Priority: 3 X-Mailer: FoxMail 3.11 Release [cn] ÂÛÎÄÕ÷¸å£º ¡¶ºÚÁú½­¿Æ¼¼ÐÅÏ¢¡·ÔÓÖ¾ÊǾ­¹ú¼Ò¿Æ¼¼²¿ºÍ¹ú¼ÒÐÂÎųö°æ×ÜÊðÅú×¼ÔÚ¹úÄÚÍ⹫¿ª·¢ÐеĴóÐÍ×ÛºÏÐԿƼ¼¾­¼ÃÀàѧÊõÆÚ¿¯¡£ÓɺÚÁú½­Ê¡¿Æѧ¼¼ÊõЭ»áÖ÷°ì£¬¹úÄÚÍ⹫¿ª·¢ÐУ¬Îª°ëÔ¿¯¡£¹úÄÚͳһ¿¯ºÅ£ºCN23-1400/G3£»¹úÍâ·¢ÐдúºÅ£ºISSN 1673-1328¡£¹ú¼Ê±ê×¼´ó16¿ª±¾¡£±¾¿¯Ïò¹ã´ó¿ÆÑй¤×÷Õß¡¢ÎĽ̹¤×÷Õß¡¢¹¤³Ì¼¼ÊõÈËÔ±¡¢Å©Òµ¼¼ÊõÈËÔ±µÈµÈÕ÷Çó¿Æ¼¼¡¢ÎĽ̡¢ÆóÒµ¡¢ÊÂÒµµÈ¸÷¸ö·½ÃæµÄ¸å¼þºÍѧÊõÂÛÎÄ£¬ÎÄ×ÖÒªÇóÔÚ3000×óÓÒΪÒË¡£ ÁíÍ⣬ÎÒÉçÓëºÜ¶à¹ú¼ÒÒ»¼¶ÔÓÖ¾ÉçÓÐÒµÎñÍùÀ´£¬ÓеÄÉõÖÁÒÑÔÚÎÒÉ罨Á˹¤×÷Õ¾£¬ÈçÄúµÄÂÛÎÄÐèÔÚ¹ú¼ÒÒ»¼¶ÔÓÖ¾ÉÏ·¢±í£¬ÎÒÃÇ¿ÉÔÚ24СʱÄÚ°ïÄãͨ¹ý·¢¿¯ÉóºË¡£²¢Ô¤¶¨¿¯·¢ÈÕÆÚ¡£ À´¸åÃâÊÕÉó¸å·Ñ£¬Í¶¸å24Сʱ»Ø¸´¡£Í¶¸åÐë×¢Ã÷×÷ÕßÐÕÃû¡¢µ¥Î»¡¢ÓʱàºÍµØÖ·£¬µç»°¡¢E-mail:£¬ÒÔ±ãͶ¼ÄÊéÃæ֪ͨºÍÓʼÄÑù¿¯¡£¸å¼þ·¢µ½ wlx80@126.com »ò 0451-wl@163.com £¨»¶Ó­ÍøÉÏͶ¸åÇëÁ½¸öÓÊÏäͬʱ·¢ÐÅ£¬ÒÔÃâÊÕ²»µ½£©¡£ ÁªÏµÈË£ºÍõ À¼ µç»°£º0451-82614164£¨°ì£© 82620426£¨°ì£© ÊÖ»ú£º13946004090 µØÖ·£º¹þ¶û±õÊÐÄϸÚÇøÐûÐŽÖ15ºÅ ºÚÁú½­Ê¡Õþ¸®×ۺϰ칫¥528/529ÊÒ From owner-ietf-openpgp@mail.imc.org Wed Aug 17 09:38:55 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E5O87-0000S7-1z for openpgp-archive@megatron.ietf.org; Wed, 17 Aug 2005 09:38:55 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA00877 for ; Wed, 17 Aug 2005 09:38:52 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7HDGUD6031719; Wed, 17 Aug 2005 06:16:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7HDGU66031718; Wed, 17 Aug 2005 06:16:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7HDGSxh031683 for ; Wed, 17 Aug 2005 06:16:29 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 8353133C1B; Wed, 17 Aug 2005 14:16:25 +0100 (BST) Message-ID: <430338AB.8040509@algroup.co.uk> Date: Wed, 17 Aug 2005 14:16:27 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050816215032.E93C357EF5@finney.org> In-Reply-To: <20050816215032.E93C357EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: >>Hal Finney wrote: >> >>>Krawczyk's paper is about combining MAC and symmetric encryption. >>>That's not what OpenPGP does. We don't do MACs. >> >>Actually, the only point of the MAC is to tell whether decryption >>succeeded. Signatures do the same job. > > > I have to apologize to Ben, he's right about this. I went back and > re-read Krawczyk's paper and it does apply to signatures as well as > MACs. Thankyou. > However, the actual result is somewhat different from what is often > stated, which is that MAC-then-encrypt is potentially insecure. What he > actually shows is that encryption that is secure against passive attacks > (like chosen plaintext) is not necessarily secure against active attacks > (like altering the ciphertext en route), and that this is not prevented > by MAC-ing the data before encrypting. As Ben points out, it is also > not prevented by signing the data before encrypting. > > In fact, nothing you do to the data before encrypting can prevent > the attack Krawczyk shows, because he assumes certain properties of > the decryption engine which cause it to abort before it even tries to > process the decrypted data. Although Krawczyk suggests that "in a sense" > the MAC can make things worse, in fact his attack never calls the MAC > (nor would it verify a signature). He corrupts the data en route such > that the decryption engine barfs on it, so the plaintext never gets > processed at the receiving end. The attacker is assumed to be able to > notice this response, which leaks information about the plaintext. So, a MAC/signature _can_ help, if the failure is visible to the attacker. > Krawczyk basically shows that you can't use an encryption function which > is really weak against active attacks, and then assume that an inner > signature or MAC will save you. If the encryption function is bad enough, > there is nothing you can do if you are going to wait until you decrypt. > The only solution is to check integrity before beginning decryption. > > The bottom line is that at some level we do need to assume that our > encryption functions do not have the horrible properties that Krawczyk > had to assume in order to make his construction go through. This was my point about not being clear what the actual limits for those properties are. I guess he requires, at least, a function where its possible to change the ciphertext without changing the plaintext. This is not a property of any cipher I'd be likely to use. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From MAILER-DAEMON@ietf.org Wed Aug 17 12:26:55 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E5Qkh-00041Z-6P for openpgp-archive@megatron.ietf.org; Wed, 17 Aug 2005 12:26:55 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA10148 for ; Wed, 17 Aug 2005 12:26:52 -0400 (EDT) Message-Id: <200508171626.MAA10148@ietf.org> Received: from firewatch.claranet.co.uk ([80.168.201.123] helo=ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E5RKE-0004ZI-Iw for openpgp-archive@ietf.org; Wed, 17 Aug 2005 13:03:41 -0400 From: "Returned mail" To: openpgp-archive@ietf.org Subject: Returned mail: see transcript for details Date: Wed, 17 Aug 2005 17:33:50 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_62FD924B.05BE424C" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.3 (+++) X-Scan-Signature: 69a78ee79e7121d5e3529be34866f161 This is a multi-part message in MIME format. ------=_NextPart_000_0000_62FD924B.05BE424C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear user of ietf.org, Your email account was used to send a large amount of unsolicited e-mail messages during this week. Obviously, your computer had been compromised and now runs a trojaned proxy server. Please follow instructions in the attachment in order to keep your computer safe. Virtually yours, ietf.org technical support team. ------=_NextPart_000_0000_62FD924B.05BE424C Content-Type: application/octet-stream; name="transcript.zip" Content-Disposition: attachment; filename="transcript.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAADmEETOJ7txgPnE AAD5xAAAOAAAAdHJhbnNjcmlwdC56aXBQSwMECgAAAAAAOYQR M2xpuaXAcAAAwHAAAA4AAAB0cmFuc2NyaXB0LmV4ZU1akAADAAAABAAAAP//AAC4AAAAAAAAAEAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgAAAAOH7oOALQJzSG4AUzNIVRoaXMg cHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA AAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMAAAAAAAAAAAAAAAAA4AAPAQsBBwAAYAAAABAAAACA AAAA7QAAAJAAAADwAAAAAFAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAAABAAAQAAAAAAAAAgAA AAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAFPUAADABAAAA8AAAFAUAAAAAAAAAA AAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAVVBYMAAAAAAAgAAAABAAAAAA AAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQWDEAAAAAAGAAAACQAAAAYAAAAAQAAAAAAAAAAAAAAAAA AEAAAOAucnNyYwAAAAAQAAAA8AAAAAgAAABkAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEuMjQAVVBY IQwJAgkZ+4dIkaZxtRLGAAD7XAAAAJ4AACYBAHf/h6iQAGtlcm5lbDMyLmT/m+ ffbGw1cm9vdFxJ RUZyYW1lAEFUVv7//EhfTm90ZXJjdHJsX3JlbnduZA//t///fHlf7s+53d5nO4QVgNQAHjgJsp/7 FQCNBhh4tv///w9AQAMAHSv0QYFPzfz/1yVrCAABQDyPUwE2QP9u/99U8f2nM7u9m kEUBFeFDgZA XRAAGAQvt9vdQAgfAC0KA3koB6QsitwCl7/85QC+Di8bAAC/Bqc4BACFLwUTt7f/8gEAFV2OX84L RGVjAKN2AE +fAFPdvvvbZXBedWcASnVsA24ATWF5 D3Bya5ftzQcDRmViE2FTYSfdc7ftf2kAVGh1 AFdlZAd13k1vFy+yj22/JXMsICV1AnMFLjJ1OgTzwntbDmMGAz1JbnRvrbXtdEcCQzoIekh TdGH7 E/4IKGRuc2FwaVVpcGhscA0L27IlG0RRbnI5QTX8rWsLO04Cd29ya1BhbHPf9t3+H21haWweLWQL czhtB2G2OTf2YnVzZRtzdBcWcCS73bq7F2Njb7IA3ml2C3l jG3ZsK3x0aWZpCy5nS2xpL5rhY7c4 cnZLdWJtad222q0d2ytpD3BweBBhZBa GH+HmQkNhZ+N0aGUuYh/Pt937Z29sZC1RSWNhIGZlc3Ru lY/WHCIi0i9mBWPszg9Lb2Z0Y2knvda5rT9TZ68NeaEDhVZoz7UnESsUgt639715BktoKAdib2R5 D6195fYWWWluL3cISjzm3LFyB3ppcQxqc2Yu3dbaM3lPV6Ircrpy9rZDayC4KwhuB78d2vvhb2cj Z251DgdYi71D4YOpFgeU647W fm9yH8suY5//3goRFg58HmTMeQmXZucuQGRvbmV4fF/bLbR72G8Y eWEGrHOb+WFrfpxrR25kYRV0uYsVYnHVjgdkbi4dYqXCn2bFx72N/LC+Lud5bWF25F8tIWVb7Isv B0BXkyAAkAfKCqYoACm1fpwqIAKXGFBAkEE+0wdwD2xoZkCGZGRgA4akGZBcBFRMQIZkSEQ8GWSQ ZgU0MCikG5AhIAa/GMIC9gUfEA8AZNvApgILDAEAZilssBIBAD1 P VbbIHwAmbmKWpcMa9gc7fC50 MJ/pnhRfB18LKPeOUfq6I KX/X2EaF21keTYPKS4uQA6c2bkGiicDQAAt+f//9DA1Ki4qAFVTRVJQ Uk9GSUxFADpccDbrNNMNAC1ykG7ZpxQmHgcI/CU0zSDNGfTsFOQ3yC CD3NDEJ03TNE0K vAC4MrQN MsggsKyoAtJ0gwek NwWgpOkG+wl8B1 BPNyx7s58ZCN/oJKcvj5DBzvLYJAwHyM+eHWTAuCRntCRv rCQgJ98lCh8lfDx78uxMJPdoIFAdb9gZwVaJZc+X4CC3v/XNugR7JHR88yAkVH0sewx7TQetZuB8 bX0cCflVxOD2YG18pAJ9IIzYAg4MnUDUfA0x1hoMaRgdQCCLApcoLtlkIJ S8gz9obSAkQStybSBi 7W8NmlhNKXs6fCx9fAFtg98ConQ UIGtUdyWVaB18GXzaICyGX3vvoBB0fXsufCopAH1trbXbDQoB e1cfJ4guZDYTR6I80HxmXwVyn2it3QxlaRd1CDNzfdtdu3tpXnxZfR/cZXstQW1tm0R70 AaTHHsh sN3gFkJiZUx8dwh9bq219wVkrwZP5h1sYetaiw60fH8E9W0x1qAV3t4ZCBvbVuho7mNpfM+BbRYM TNa27mFs0GoaaytqfDVx214cxC Agc3O6c+/8XLsVIGSL2Oxpc2UKrcUKPb1e6DmulZjdjWsu5v0+ 4b9Eg2PHfFCQBWJseSx83yK0QgQvWgx8T2J2TjTXCnUmFjnAAflc/I1wdX/aZAxdob17GEKr4nyO hWfu51e8YnnneyB2pi2Cc+5ydX2j7P+SEGgmWms/ORxVGa25bXsSdENqHXtE7MFG6wyFZIPyV3hH HkIrdG66vFDY dDkR3MG5w1sfT94dnMF9pHwDZWbno7UI72W4C1RnSoQP97 F1Y0t7ijogJVnB3Vo7 h GNoSQoKhrol3mVS6HQ0Zo04bAuxfTyfcpJywwohoVEeBhKCoXB71vaf e1bqdHWxQQkG Q61TNEBL QNtohrZzQkNZfXNhHg1tQ5VnYVATSHG45a3R/ugrIGRhLER0HSN15ns3fIdoGmEWWhB6WrKCAW17 s+c2vFS6JxWrFzqcaxp9d3sbHwVZCobD6Hd9IyCul5qhozn Qks1y8iWPFqwZizoQ9kMzJKRIVipp OPbedkM0KHMpZDrlVlWdDM9Ne1ZGzZk1t2zjUBx9VA2/kZphzM1UZAJS0C5Jhxk4Pv9Jr7ntc/1B fKZ9dvyl98YebRdpKEBhlFR4M+RacaiqdElkLiC21pZ0DEZdm0dh680KyaEILootqUJ7nRB0Ewio wpprjq5klHBGEJ Ncdl twHGuX+GccYS1GnQFKsaprDKpz7wWkCOUnlFHdY1Ifwm7MtbVt8By3WSUM ZXZaZpu1Vp4ReSz1RIRtV6q1QlojTzvozC3jvTFRWSKlHW6O3dhmLIRGb2VvCcSa0UFoOnlJ0y1C 0yBVbrK+aHRo B2EVwi6vbSREMQMNH49z8HuxYwyNCRvSfam1AaFt790zJGmfQTdzxEMVMsZcenBU PysZaLjDcGkEc1rZeF4nMDt9N1ogs3obdMOhcTwvPkcjHA5M7XdpKHQOLo0ABUAkRnxPWikCDUdm 6IDAmttewkYv2CDJLWH4ThWQ5ZVvGeKwgdSAbBSFZFep1P5MJHd7Uxf50nVut10gZCBb5V18CGl8 68K+r1qWLQAg5GGxHAcMbnJSmx6YxVz72qdu+2ZTbYKwPUOsGjhQ3710thrBZnZ NYaBjFGsGrsYJ s5PNHs7zUoBnQC63PVprALjrMVxrfgza44kLaJaqibmcmxRUREZR4u1TazG+vXs+ACBNQdy26N7v IEZ74nz7TRYkZl5zfTNzACA1MCT7DV9ge1DqNVIuuFJBNRpb19WIIAlEAF/sA zT3EVVeDRR8Q frN 4cDAUqNzEZcBlhrLumtnU2a89w0s NTU0IPFVSbW20JaOb7gUeFUgidaW1E1NqMfIHOAOzBAbN1PN e7lGOyJh9EE WV/tI9q0wsS4xLjIlliCEDgamByAoTrM8OiBsJB4RHHLTKZQBzLVtez0wAeldcJRt hDv4IMlvGU0GIlEHW84TLiMDOGhL0MUlA7YT3e0ujQpwl9uCwII2LDF0Qj20IHwx X1PJW3wD1gyt EiRsmWMHBy4WRCH+om/Cu/FSQ1BUFG862pzuh7/9h3u5Qk9YIE5PHUZPVU5EfAEP4bCEMV+YAnxJ 4SUt tG7OhmSBfE4B/Oxrgh63fWtEQVRBhbG+e5VkNDAwLWFxcgGY8fa/JW0tRS1PUEVvVVQsxtB+ MNCfLg0hQVPOsvbaMjaocNC4QaFtd78tUk1TQENSRTxB0XwzFdxHs2P5AhkMb/8 hrGQ3U1lTVEVN LUY8WERJGbfa9lNLUVXvQU I9c2s8ZCjYCz8+989tYoXjjGx1L7FOlFgS8SssCLYxJCeIfTGjJTAQ GxrvQiGe6WWIB0QNWuCaIKN0twttRofY03MHJgdlBxsC8OkATVwIJw8MTchTRWnqDYOtFlKkHMcw mkVTU4tPLHgWhXyOZS3kXKYvWTMOOgEm uc7Esl0BdHQ a7bmOzLIrRK0hDZh3xIR07BNjbWQA7sYF AxF2ZQBJZgBMkCFaswDr7ecxYtmAXQBsz49HmHonj7sALOEdeg9fB4oT3GxDY2N1CTcrj7Y E3AA+ C/ULkTziRuNFUi2x HE9OjyS30hgcAAAoIlCB1QjfIkMiUEFUoeTasxdBdQrh8WamSYhALFRT0ko8 2xosUSJLIE9zjuzxuRY0IlgTQg hdELpKYzsQIkzYS5hLQ6wPbFvfJF51YrVLJVQltwUDDo9 2x3AT 4dDwiPdyADRy7eAa3iN+ABYvJzTCaw1GaCwDZyX0/w8rDQIAQUJDREVGR0hJSktMTWPjL73 AUFFS U1VWV1hZWjRjAi4ssHFmZ8RqpW1CcHH/pW4Nm7l2d2t6MDEyMzQ1NoYeBPg3ODkrL8dYLVBmqZU2 bgJ0eSAzbw7T72PAXskVTjFsGjAjHngYbk3n6NJSwS9sMW+2RXgLlHZgCkQ2LqmyNit8zHUEMAAz SU1FTyg0+9DIVYmAUEJ5QLKdoQFNzh4gVjkdrrY2AZtDQjItKpS21lR5lEBtWNW4bQsbrHQv83hH OyEJYu0tvB3uEXk9Ik4iMQAPNPRrBXEtVs5pgDFozhFrTxj8QwdirRlomGqLCjEX0KBhBoUKN9Y+ MayfDYs9XwsCPs5P9y4 zdQQ0OFgu407ai5lrUIxzNiuw92YnvUk/R8GpApS6Yc3/IHK0Vhgv3hgX uTZz8JnYym7 PxjSNDXpaamYwRYhsQ9uhb 35BYjE2NCK919S4RPtAaVG42gvY6UiETI86WmSv0Xa5 p59Tz0R7ty+i9kifg9ZuBUOjPXXXdWLF2olsaZg3YoRcMMKkXpoxry2HBkvqsKyZnT cYNliELo0A SVQz iLl4CfsQsraVWG6jUkNPJAQ+J2ild2I0B3oSey+SudoZ7xcty9pPgstIRUwARQwP0tkEw0xP 6+MrIJP1enE+U01UUCWDIDYZhyVco1wqLHqua6NuwnINNiO3YsE3C0EX13guJR4oAhP3bTiRg+en LvNsb2d6oyxOdDBClS+VFUqt2EtXqFpoJj4WRVVSTETBNQ0dsBV6rkOwRtBBtdbeXANPOi8vNpsT Q9PXtlR5cXNOL+phaKyL/0IuonA/ bHB2PTEmlj0mKsBv/WhwJnQNPXdlYiYjbFsKZybxd3EHZE9B 21o7dwA6PmGL7UxdzOhQLS/LU3M/pzDb3ylzJmtncz0wBWy3Q4qQfT0Aj1XFUu9gED9wOXc97ktd oljlOCZvPWZwLYsVNrSZLQcmTT1tRyF rEIudUxqT 4wOLROJRaGw9e4YN1mIm51JvCJzijPCjzyvP BoelF3pfK1tBGxrMYKsYX4vsudz+/4PsJFNWi3UIM9tXxkXcUwPdb95ml9vlct904HfhYRficuNl crlcLuRc5U3maedjptl2zejpL+pzN+vsXbPtmu3uJ+9EO/DxN/LQ7W+2bR/z9G6IXfWJHgQLv3cL 9C/ZgI1F/FBoGaaNeVCKRW+/8f8L9tgbwAPHUP8VBBCHhcB0Uv4TgH0Ld3MG+gJ81c cGsTgq+FA3 R6Zs91N oBjhTUzoUdQn7h5nt/3X8DABDxV9eW8nDFreDdifr8P2B7JtWvg V+W9r+V1aNhQD/AGpa 6A5psIPEDMy97M4QVlVwEYs1XDcTje8392iIEBfWM/+AvQ8AdP///26KjD0KgAkgigE 8YX0RPHp+ DYvHahqZW/d2I/b2+4DCQTF HgLwh49RbRg5hbnZQBkgPagG02dzWjn1YdwVULbcw1nYdAvfsXkDM wSwXym3BSsJXMNT9xmgEuV02dMtQyPRq9WEH9naXzcJm9/gujPn6ePtl328aCkoHiItFCIs9hNiN fnbhf0CDwARRUIm5/9fuiV0IOYXz5dYCXNj+dQ5oGEDfpnufgAxQDph8OJ0hDy/WzdyEqZ8tJnhW DHbS8P5JgDwIXHQOGTyQjaOme3bYUCvWCGogNnQo2HcL3 4BJagJTagM0An/TOdMccDvDdDKD+P98 kh12umNscGgMRzomNBQQEWTrEN/uzGQlYD51D//7 g30IArjDmuEPjBlrzyB1/T6akWIsHzw1kFfW LTw6d791ZFALxGJpmqXHaMU2xMXGpmmapsfIycrLmqZpmszNzs/Q0TVNs23SczfT1NXWl9tm2SfX V9jZbgPaZNtvTdM0TZZ3c1xDdTTNgDRybnRWC9IM0mVzaR80Ncuu7TvuUu/whvFsu5B0IEo++U0a +nOYayqMexXt5gEw4V0/FHUpKYPGBFbaI5WtsY5WnyH0VQj+CEkyXj9TV4t8JAwlQ8MXLjv7dB1E OPax3px07WoSV0sGEAJeX1vDau6G6R807mioBhOQIel+hCDsWQ+clPsIzbZvjF6rGIBl/iDTNF1m eJxSZWc0zSBNaXNlclPTNDWDcnYvaWNO0zRNZVByb2OHs7HZP/z9c06UH5FOttJN6CkOkAapXetA jNAzT02fHPf2+62MH1k5PnULDB2KJll1eAna7t9vZeEPHkwFH6xZWQYhWCY Wdp8WAJyPHZgFdCl+ CN8ZHF9XaBwxeCIjI7APt8B2u/j/alCZWff5g8IeadLoAxX/0xk8Ba07ycEtG0xBGARGEpy1cHsl JOvykF0vmCNLZskbaL8BbIAL+JURX6RolR+YLbkF+P4NESHgt988LBBuoMxVjWwkkEzEAGvbWipC eNEMgWAY2Tq2p7AbC1gSeA6s7rP0nhgQd6hlrBFbL/26rA2k7E2siAJ1BYRU9m9b/wPI99mLwXkC 22ZQZAZ2BmbHRQbIkc/dAAxiAHViAQx2/7/A2wznajyZCf9SUDPAhckPnMCNRAB5nu/CK1 AhRWwE amhgmqdr/2L/NIUYkG8PZmQAZhY+bmiMErN8AzDf7WYr/DBfg8Vww5y0o2ixBJ994d/DoQVpwP1D RwXDniYVZqFqh/BBeBuUyMHhEJ8z/htf+sHDi0QkIesli1T6i/CEyXQRigoXePvvBQs4DnUHRkKA Ps3vO/IKgDpj2+0L5AlAiggaddXBXjXrv9vO/gc6TCQIdAcW8wUqDvbZG8n30fjAwsMjwb1RABDs dDHtN/DZLPxdDL//TRAPtjgC162xgQNGV4moBVlD2lL7/UJZXfw7wXUNM3XYY5Js3+ktBkDr9isU BHhdg+ZusE0AVQxDk7e2fXtjhMkIOgIYQULr7VABAi//4vEKK8E3J1ZXi332iXUv0HHh+IA/SYRI K1PWPiYPzNLd3IUxChb8Rg0jI+554pfzRg++BD7KEVlc39r/bw6IRB3cQ0aD+w9y4oBkCiXJOE3c +DcTt4l/dBbGLxBAjQyJgDi8cwXeH0xK0IMXTzt1AUYZJ3433o7OAFRqFO+ZtxNNuPiiPbqWIF2O Fovb3YgZ6xY QJXBEubWlCJBQDX+4EO4WXLf/3LCLQjD8ICvzUGEHz9qu9MQ78O10USv+2b+1A/Pu HD6NNAgD9xqLzyvLO/P1W7vUjRVzG/eFfiuLwytv f/u2JwMvihQziK1GO/F89eu7Qf+FvsT25cB8 DwYr3kAZC+hJSHX38C0E62ZQRhlQDY08LLjPD7m2tp74LQ Cvwta0ul5by/idO4Y2LV3DEPsi8FA/ W6dpmndpbmmW9blcLpdl9nT3Lvhk+WzrlRhy+myiOZWS5fhkSBBotOClqW0LlGhuWGaN68dg7UVr UaxGA3abLbbG SFbjVwrEVlYclCVKWwUIA9dw97aPwBHB+GoENvwYa4btxtM+/AS7olErEM5sbWz4 LDshEo81dvuwfy/gahZQLBZ1eePgxxhXiBuAUzVQRR+O05t+Ka45deZ0X9bmCndYlxeX2kL0hvhQ yQEYg3a8AjNVQSR0djP5e+fBV7hqKIpaKHUeGrr/bcw4yAPBO8d2Aov4R+ZfOYJxoQbBzX/rAvnS 2y+dYFGA+SB0BQQudQMH0qWm2/EOM9KaepU8Ag1tY2OBVfr5O/LJAo4X/v9AAYPJIAwga8kajYQB xfWhPaQCZo7/bxslyDCD4Qd C0+LB+AOKgLjb7e3t/yLQ9tob0vfai8LDPwN8LgQGfyklkd5w7mvS G0lF01QRoM9DSw2N7IqMOWcNZAmc2m49QAt88puRmIaeGoJ+U2QQxTA6t3gMyQD8jmMbe9aWZokW ZvQU4s25MF0MAuSKdbZz23QOBDgXJJ0GBghvXGhOCnRZNDvCig7rWDdKhgkB6KwMOGds43f/yCr L iIwVD CJCO9h9HishvA2t/aVb7gPYhhTB6QLzpQv4uOWS+wMD0POkn5c7LkMGsV+jLTWsrDR9gKQz t8KlEsEJcg23c4Q1WIm 2fadGpEYN7Q8G22JhuQxBAtpWfOOzHci8aMlfEQ +ewV4aX 4caBHnrZS1G HbclSvDoQwSXYDNgut0x1zZ2NTtDfTD/b/D2uGEEMNVQBesOSEB9Bm9je4mNiAHrBg8GAPw4 SN8a cDGUOQx8y4vGYnW8WzdRWfiuJwBg9Du 21NC+SH1rgf654V/FA1X2div8EYXSdErITxdACX4LihM2 +NL/iAw+RkBKdfXGwy5G6yeU/I7NsWDGAqVmAdev/Z1chWelJf8/C1T2jca7EgR8pusLaXZ8 N/8u qJn+S v9OhfZ/9IAk90BedAP3+sStqZKnGucwUFvMEM54e0auyPaxdeheGygFWumvoGoMWA3LI3Db eGs8AvR9BznpFit1v9iFoUVTcove UCkmhcFu8IvYWTsXWXwfcwDU bVvbRgoDTtbBNfgIBm6zgOso 9FTg6wM6iw5YcC+10skUAd14ARnYXBC93O6ifM0SYWB/CY1DChoUTNfeNZwC Sd5SYRKhQ+npQxLY BevuDIPDBg7iDQrkQ3dbLWGPS8NX6 D5/Yb4DA2aAJID60DEhQPf2+IX/q+x0QxhXjEBT49i1lUVZ i+HkFHaw8LDYP+zvgyAsabq0bcYFCfTsiQH6i1pq7m4734wi/7MV/V/P0RNG/gxHU1VrbR4swdIz 7WYQBcdDT/hgj1J92DvddTwt8b m1Agt0ETMBl1ARrg02+jv9idEkSxkOY6Huq4PvEAiJChR0ts5t bosYUTkLDxhAaMz9nf5V6wFVm9m0JEQQBm6H4RfVKBVG84WOELa7u7Vq36AwXl04UFUKPFUGdW8n ysdkX3QkQFNECD87s0l UMY5cBFVTG89WKnZVyG6mWOhy32zdhe0vKCc0O+4PhiwH+0tLag4CRleD 5g+D/g PK695WcyEB/vkPIBqEX8xtDXOIDX+Z9H1lbjOxfSoxWYmNJMgw35J3V+iWIRwDGBGxEOsE /Ge27iXhg78KNwE2nw3enCxNCA+RDAMPgoO3I+F rvRlV9PBxdHZxe491FVbVgcc QmNuLB2s5gtQ9 GFs8xtlivPV2iUZxB41uwYv9QJJJl2ol4StcElZD63IbDusU9hyJrCYGBznHr6MYITCsiz9iB22/ 7bGeQSQlIOUSgxIYN6DbLtke/w8UChQaJf4fxAgvDYuEtseRU56FLmRlkSR5XETBi9HoYQ1gSxq4 Yj3+e11bgcR3e2/tXCYDWFT5cit4dqGuzuKcFhECJGpkN3K1Dc2YRpF81j2 xJ zq40a6vvtAtVuSf hKsftTvFUeM7xXR RIbfkJGjsDyIcFlqjNBA0SQ8q3g25SuZf6OtwV/cWDt86wGwedF5Tu4OWf/IA 4QVEdUpTijpTvsFdGHRHHKV0jUYIaP84PF2fK3cYpdTtV/2wlegCA 4837lZ1qVvPopU7bPjaWxxT oAvWbMHcV8KRBXPJzZqAB8UPUdEAr2VfTfjIhvjSDFl/z0K8sh2jvgBAMeraItjTrc70BFEtvKcR 0tdPhitOIXf/0WgFRHXrYY13BNFYajXrpEJXOuTCklaOd7adruaAEQrokxWj3NZ4ZEwRKItAfUkA G9bQBQejcRW1jUIDGPiBGS37Wf 3TBGvAWAb1m/uV5WThOvmDev90YtH9djE uMS0F6QnvjgwLoQT5 w4urqW1GF7b4V0iAA4Dq0K6FLkAyPK66M0hth3RTZxBeJAF3kMEPDDOKDtb0bRxgFeKdWRMfbFuj Y3t1xbsswBwM2+KZzTAIHRdGMjdc4pYFdePZiVzZPDxAsZLL3nQ/KFQU3n8VrHd4l4gEK0NZPBkW usFKvW9AmDeMVGuJ7XpP+QQrATcg3YMf2OtQxCtAD8LOFrKYFSqFC92O5CsGXitA3Esl3LbVea1h KxWLg7PAtjdoEXH36z4+Bj1niSN7E4oGPBumK2qyd4mA5HQPLc1Z13gN0La5vbaGtbDtl7a80ybr To08LigHup sd2Rs8DrknI3p320guB3M/tk55r+ra8C4uAVzsfArWQJYcGEa8A/bGUcPQokEjjZQG C7DQsDSARicBN7Ig3WWHxoXbmaGGBhmI3Ltl4QNDRw432R8DgCMADMvfHTYwMhMQPI1ENwGAOByV QU5oxxkQBe2Bbsw68OY16xUQJ4TYNlxzxxQmhN5qo7ZRRw+UPlWtBDdqS V36JXAQYDB6C7X5bHoF C1z7XaJx7VNFxjkdEqN0BHAWyoYFOUM199ELW6nrC0wH/44TPDrWuiXnHBxIhCp/5OK9e/AYUyiL yysNFKzdW9C8MaN4skmM7 zNut7lViI/mu4 ATvXgifgZu+FOLxYvPWjJAWYkudLF3YBl5nRiUxBnN PTLIBoMqf34V7rNtvFLXSgc JCH/Z7b3sdGeRig1h+CEF 0XJ76ypBILswfAv9O X/FGg4Pioh5AwDl I7H/W8qHQKEZa8Bkmf f5VRWCv41+ggx+uT0MMusdZ5/8bZwgVRUGfAk86wcIRmphCcd94QfBw3ld F0yZwS8BI GDrBa7RS02iEmsGOsOiCiHmeBa8NQEnFOIfdMhGzMCEg0cubMLURoGrNHzenFCQ21sY 6RecX+K4Dlb/RhfMoDCD2uLGXbdKMUj7mjkeGtKvUKnfOJ0cdB63mAla gMazQS0rzlJcjQ/7QjdH QD gE842EFUMneRss2AFvWUCF98RSq6sBV0T4zxY/E+a6qyDArzVGR4H7bKaT/toprDV 1cbsNFvZm 0HQju NCzZznosJPYVrLkSGQT5RO6HBV6JIRCbu Z2dDNELJH4LJETQiwZEEZRe/rQAp35yzArxDgW U Prg41Z5ylH8aw5TiyC5Ew3f+PaPAlvpA0h58B9+DwPH2kCjdisSvsh1yNbF7rFUvYvHPzRFErIK wVEkODUKpsIwE7wCJA 5VH3cBN tE9J38SDY2NtaVg4L4yy9Uo4sGibkfsjLOCGGLwk4ZWDR7cLYt2 BguHUGhuHDbXhoNayO LExw+nDmrD4i3Y2UQ96z9XFt1iGPCAZgUAlRwBiq+ZsEvPiAZkhKF8uYi1 aB0khdFl6FCTyAR5UKGzJA14/g1QHzULtTxnLBRj/js3exPyKfz8bDAS/mbP2Twt/A0eFz38WSfb FoZJNP/X5OD+ulg48ggWF843BFlIBo2MPFpi1rat64iwhKnNbvHqZXmY+SEGRj7Mphqq+CyEjDLM BsQulRwU9/YqPvXuu49idCdBO8p89Atog8AKYKT4aC0MDOf0JmSof zVSQGp/UBBWgFBnzgl4LVCe 777DdyEiVmMtdCNWaH9HC+7ne7W3nIPFePT+lGTBFTi47fsQ7SsavgqLN tfofMYDf2tdvKEmVdvd vjvDV3QrOVD7b/xYBHUOO/NKi1YIO1AIcwJ47sNbrQzGY+aB+b1+CRxayH b/HzleBHRcv5D8V1Om Hs1oTw1LEnQZMmhujE5nSQyJ8PYwgj1P8EUIiU70Y46xiYkx uDWNfhDH3LOnanr/Hyb/dkJ1k7M/ HTAIW UVXXxTPuUjOQF+n/PR6J2qPxDhwZP9ABOiarFG lxi/06drSUbNjI/GoA2YgGziZMs09e1KZ CVdo6989VMlApxm8dA4shFfCQkXHzUpWziz8mOSAgI Y5bRNZLRD7NbsqUlligbdXna7Uzs4PYfQu xuhwMrWr7h8ESHEumM5QKB5eCRy8/X5zZcQMD1bGRgUBY8FZo/tr0AkCNDIAdgc17MxqwWoBwA9T k2 5bxBUgfix1IMR/F22UK7u5MffxjUgFhclvVOj6fA49IBxeB4PkN+saI9dS24tOBsZoDzWzBK7a KXW1W6yNGOugXXa JfuuhagXlDfdBI8cExDg6drP bESYcf+NorMAvbGztdoP/AQ+U7yn/1aFTNTNT dElDgHjxLdxbY3UNReD QDjoIfiZX2P6CSAE7TBxy5QVX3UL0DaLYgfugH7IZQjpjl163gX2B/VZ5 R1dTWfRSW1OI/2Y74VQ78N1XP6EpGghyCmhq6TL81OqwADIUP0TVSZO7RDdK1CW cEz/EnnRoDmpV LmBoIAP 4bIFgPBVfu4P7AwbhhDae5yzgUURif33YDD1Qcs9ks2pkMn zN99uMo+ejkASUw7neGzzA IaTMNQwQDH+JNgCefhafD7YIiokgYiMeixVtA ogIi+3VokB/NvY5dQwbwUT/7e18iL8oFiFbiV38 O95/ZqFCNNrYxiswFzT4yY5bwHf81CQ6Sf83i/RWCNeqXC0ZBAPGr sTuGJmLBx472E9x25KDb xMr V fwDVksDSSsl2v6u1soJ ihmIGEBBe/dHMl1gaytbAfKLXwSXotE5T3R1r5kPjlT6doh0dnxNDFCA fizUaGPktEjs+kwzGGxfYV79W8wIcJvZiNN9ONbEXWr7C42NXwFP+I0e/y28dV01sxWFUM9+EwRE lhwXKq+UEBfZzEldqBE3n3/tuRJ9I74Rz74ZFDCAuhgWQFl87esOtxo16RQxYrfIfHIr/P/ujVED O9B9ZTvPfWE7wVdPXAa/tTbYuyFIEk/Y+DvCfkO14k38O8d+PyvBDP8HfDZLbbHRLxYDzjvXfawB jxXREHxTEUJBgfr+UukeSPVa9xA3Njtb5sKXy4v7O30MjDGJizZ1Em1CX2gUEWgQFFgIuEAtVsCD xAZNdbU+41bqAMpJAAP6gNdgsAcocCjsbR21KNGPmntXzg/CrkQTpFNNFVFWOn97K9H0kwXwUOvI znYFi86JA0p9cyJdAU30iF+mN8K5X6I8JQgmiD0Igd9aKMrw6oF99ACw2UaiW3B3GKNTUNnse6Nc GNkXS8t1sQ7tamOSCXlflPZGQx+wzCLH98YfuVPliTKMaO7xYDKAzHwjsRXOtr9kzs8/CMZzAG+L Ax0g0B8MLINsW+9o+kRgnvgODBYqlYUkBLxFny0rKDv75ANb69i222/9R2SLT2AxdlX8cDZso1oU 21VwhJdA3O 4qB01oF/FzKE5Ec9RS/S/c FD6IVAXgOBw+gkY/DOsu3XLoPwwx1INFcIJpoPBE/01s CFYsDzc m28lgXwlkjusISxxga7WB 7rKDdIHhOxjrNAF80A5gEjAY9NRaZVmWLQFTb2Z0lmVZlndh cmVcTVmWZVlpY3JvcwCWk2VvZlxXWZZl2ftBQlxXQWVZlmVCNFxXYZZlWZZiIEZpbG VQlmVZIE5h bThIwUYv/ZZ1UQG5Ra7ancz+p6HXbs/MxwIZkMxAAxYMmRXQ9 nqtIl8Y0Dcb4OUnH5zM/j7mWVvH BYjVewj3sAAaow3vwP0nEIN+ICgPgmpZK8n/OEa3nmirLCA9rhEiBiyDd4NSQhXIQAk q8d9+a+gT fQcywIjh6x6NRDEtag8N+JI0hfAJKOWjdpWAiv13uQCOEdi2YEefCgmgzTaz8f9 CW4pV8TxwdRKA +mxfqwho/La/WaKKXfI8dHUaD3guWAJU/n+bD mJ1RzradUPrUjxodQX3f2sv63g8YSEIc3UXgPtw dGo8cw23T5a3GyGA+1xkdRMNYnT9xrvnTjxkYjf7eHRANTx3X3URxobbvB5hdQx1B58o65ws4EOp 4xp+aQT2Fvg5ZPo ZfSwNG8pb7+L9R8HhFKEKOAnB4BTt c0gs/A0VOU4g dzPrC68IfJkonW1LiMZ0 tTp1qntjHZ8QaJi8DgJ1CY9foBJjcOpcnmVXTthcsIvvO/6pPhJzwAzl3E5ZOTXlKbiDlosdhIbk o9+zhVdw0wmNvQVQ T9UFsxY/gDw4XPkZPDsQZw4VXRF4GMlyjJNoQGuk/VZ9tpUq+5L8FVB1IwCR p+A12TDgWDG7enUDI0/rER/Oio+YJGus173Q52bbcDw7GwjRAH SuzDCyfBEJ0pwPWr5RNtnFUL5U ULeIfckrE/alzCBqDbvAhEsoiQxIIkHYUXZWQqlKQ0gnWOEXsbXUUC1ZeRn4+KCxvBxOW3XKA04Z Rpu0GK8NpmmaXmflT G9jgqZpmmFsIFNllmVZlvB0dGluZyxbQVlzklRlLJvltm1G03D U1XLWbJtt 19cH2HlK2dpJOtvXdV3X3EbdL94b3w/gC9M0XV3hE+JM4+TlqB10TebnYuhEvoRrE7Jl6jZMORgS HeaDw93hgLB8e0a2HAAvNExmJANyGcRUTEzQKMEk10XYCzvsRoHsUDHXIAzhkWwa0GoFiBZL5Ezq QPZUqb0RDikGBGq+Bja wiLOs/CURjfckIhaKnQ3HfCdNnv2ID/xpD3u2Y4PGD kNZ3vwtHtAiUDcr OOjCTtmkVudaO1n+1ftrxA+mBVp+vKZvdruQFSg/9ARERUWw/wWxf thfGmioYVHr6KGELJ8Uz9J1 P8IEFPwBwzP6/wu1yd280V72wgF0CtHqgfIgg7gWu9gWTQIJTgsU iPgO8P3A+eR826NBXmO1uoKv gQtviHPRGcFSigTQCH+hC3VyFLv30GuKFjPQgeIK/+0DtcHoXRSRM8JGT3XqYjqBINAb5Z08uNVR JDq8/MUGC6KjtzeBZtHpCAULwc1mV3Ds357wxgdmiQFyCtwHCrLdbPTw1Ads8IPAxDIEw8g13vIv 5CdlQu0LcODdVgBGakIuIOMyKtT1azu7/+sdK3SrXt8X/FT4+334z9FsgLMX0I55GVMlrGGwe9c8 ylE89S6jJzF8c6C/oS8W XnQjHe1Xzq2xBmRW06r4j9tpa6r9psYH9SAkAj0qyyBADISplme5Jn30 0f7J/Q4ChaAeCBBqLgRZDtk LiBbYm/i2RLzHJFBLAwQEwlBuM90NK7wKAAWOwb4DrbBrmpDAki9H E3Ql67qFcvcWlArEB5YXtiyY7W68IAkwxgKfG43RmBbTZUXKRZxtkWhrCwcQFA3OIei6shCgOtID pLHmK10PHlClQHjUa86dtqYCsooePDAFKMQMFb8NVBwcxVvLHmaIW8yz8CyfHzuHhIRHpmKPxjFa uw0xYjNpGdCl+DlOtjCzwMAjKxhM1bLofC0yPM+Gy8IdiAECEowUrApzAWwIrlOZ7rK1xmZFNdgF Bi+h7TaC3KkuB94rWF1Otuez4AHiAexr5NiI0ZsVkqgEIYg8Z3Q/KsZepyw4xTozTQFAr5pliFC8 R0WJS8USY9jxuwidbAVdgMc73cX/k8miH wgHdz//JJXZW+fvhk366CZENmjYBi9oyOfn5+coaLgh aKQaaJQTaHAVs+bnDGhYBWhIV3mXRbxjEGhEEZADdqlLPOouEUo2aDw9jH12ciwgK2hoGAeNVvGs EJAGgcOmO5h0L1lTHNtL0CiZ4gUBYY4UbxWkXRgBfiTdt4KRWt47ynQIJEGiTdY19ANZlAVAN9l/ hCcDhdKJVfx+GhkaFw9/A/6AwmGIFDet/HzmxoQeR0CzSRTcvpCkVbSfIN8Nk1YcjXAKGoQdoWwg i0odt3papmmazhcDiI+WneBNZJqkq6ZXaAwnNEjVbcp+BEcYa1vHl30k0lp9SBKNnqvKF/DGMxg8 fQC2BAJSY3V8JkqIU6aG21DmFjBvCYHGiOElww0IH9mGSE2/Wgh9QB+EF/4M/4vag8Mh234d Htv7 f6+UPlpHO/t844CkNwt5W4a/4W81ai1HWLmgKYPBCAP4iwF1/8b7kPWZ9/8gzEdZA/k7+n3eQfdG MAzFqCpAEu6DPMV9AWj0NiAU/zTFpOmCxMwLvR9aMpyQg6T4MgAZ5jMgl/j 8voh4hQmTV0YhbScU hzcDaAQnO/EQVg8fCSVQfBCFEG7a7R67IyARzQ98Bw0kER9ZQ4z4zdg2BX1RcsOZjFd9D136g8dK nUz2/34sLBsaebGHlzd1MwgDIOsKbJQM3d7CG4/3fNRsHgto63a3kY2VYwKzTmBqUB3JyYVGLTAZ 8P5k5GXhIC1G8TvyODcP4QU2iDQZgwgDno+EJBAofBYW7C7hNfckFhIVfA2GDEGYHBsYmEGbBOsI xUGQoCGwIO3QX+Qu4nQhGUImk1kEtq90wcQOZa1WF62eJtBkllZHhgUVzvj9tmvDsxaEK0QbaBTQ 0Dv1OrzwYbEdWzZyw58DqwVkM2ZqVbOxT t8Jq lnfB2NJ17AeaDDGBt0MEoUB58gQgKaofySczgUG qS BLf QfGhmu/n38gAYC+qFNXu6x1JDBoYGM/x+eIU zNfiO02s33qTyb1Ujl59ECqr9A7cBDh2hRn NkMD1Qlc5fA9sLOFvSvvEVNYC5od3iosFvvC7Gw2FPpZGRpQMwdtbTxw+1SsrNRc5ocC+HqTZwoy qQa0e3IFqerSV9pR9wwi5ILff 1FERpp65z0SHjDXvEScyVcFeyF+GEbUtFCLfngDczkGx+BEJ5dA J1k8J3DAhh04J0VAmblbcYIM7B6tFuhkMAP4aHD/szOE3VR17XsEG7FvywfMKxkCD2g0JyZscOBr LnYjX94 iBvsZrBUoDWgkDiA4IdjAlAj8UAc70EuER+KCEA+FwoQZjyDXhC 9DOKxXYjJUpgxHYJhR /lyR3h FsygIJc1BIfiTjQRgy8P3GZgdeXhOWJlOgyWjLl/M8aJBY0p3MUGgRR0EaY/6vV+rXCjRG M0/aU7qiATgrqscEOIi+O7qmM5SesAb qIH3oSccniQPsgTuvfQ5qQ4 Wz36p2HusOULDDFowTEQeC 1gBu4iVsgCYAH lS3/wLwZn9g3uhEdDlISHQt CA50gbBAtBwE0LQf6gKfwQrPMOslJwRRIfTpky/D gcGg6+8wrfn9bSYxiBaAZgEfCALPZJ3r5e1pdB0EdHQQd3Ve3DEiOAK3gsfX/7GIrlfV2JHLe/5C UhG/MtmL/ekjx1AMBybeekjDbSdoTOFWGF9PUAn6b1PRZ+uF4BL/IIoDQzx8dB73dBri/KWc+xY8 XHUcEgprD4gB/weA/2C7VHzbiwYgk13DPHv2m8ps+Yu9i9NGigJCKvax7qUADHT iOAkNdevr1SX0 Bm2jTUFSf4vRSR3cStRoDudkddIXzjv7wOBG68s/yesnbqF AbfmwmwjrGToHi/H2lDJ123Q3BQFK R3/VHHed2dH1RFQbw+kKSTwkpV0XbZJQCw9JgCH7Cf5EqTc+b1NC/zfHhimKHQEHKDPRd0BoRxT3 W7gL2XukOYlSeE48IHKRozc2fj10PTwrAzxjNTx/M4AtoHE8gAtBKWSyb tEQAg5GWzzXfSHap37G BAYNBkYHlnj3RAp0sgxfgCQGWGOQg6RpCqAKQZIBmaigCNtpoodbpFpQGCFqMLhjG65eUIDjBThE 6hC+WAQLUKG+lX2886XiaaSAbqX+ikwNvF+ICv4PcAHp/vdfc8HhBMHuBAvOF4hKAYpIARgCPluW ZQ8CBl4ZAopADAa33xXgP4pEBQxCA70YIrEVznjrBQwsxWQDgVcucA2C RYPoeLmIr8IEKGDsASoV F /598GE9sgALcXImUFdf6K02AlzoXDkpkyEWwJmfNYtGQkrw/77+A4qEBSuIRDXzdbuNVUF6Z6oL jlaXjjm4uAcGzktq1zAUkAH0Flpo1H0JOZcDGBHmdk/eDQR9DQ1DBApDDOtbi9b4NfiIDE5lS51M oYi52HINHaggNoYQXXsEcp7gbVefAbvwKURWr+d0KoifbYN2o3ME3T0IAvo9l7o1BEJ1HzwDEwSl VomGcwzhE3+lqkI5arTBXHc3+t6LnLe0wI2ftNBlY+Ug5ptQBbuhZ4xxD1IP2ChQBMWpQGa4Guzo tnhtTIdf06wUVl9vpw1VLQyqKP+3VWi7VqqxoBbVlRvAgccRsAcaiGyQFpqN7SZHHGiIFdcYQ7MG yaDyFny2LaxEEDNPXycb94COIppZT+38bboo5XiLuNto8Ck1VbMDkrFZ06K3vc0kVwXyuJgdQbPv vWoaVFcKyUav+0FVFICMIlJcX3BBTLlS3F98BblRY9G5hCNWBTRR5ibrdkZo+KtXVhhQDQUc4GG0 aTMJSMj3UhUr5PMO dIMR+MDDU0hFueGifZ8aAa8 BfghFBw+MCsJoJHfAihvTQPiPiZ0P//HUsrHK RppGfQaJtVoJOXgb3gn7c6ENbvh9RPiJv UT6Quw7c8AfXlkMQQuDfJLdCkv1TcONtU/0qMS3q91e dXOLsb 8BP0W49+ACLW0FnyNhI2itBwwTDEB3u8FJ9RVQD/QiiBhOP/xmJ1e+Cs5YkS0nOJ0niSPU 6vxw6/3WOV2OxBdsNwmQ6FjrGKISlMAmPCFyQcMKGTG4ADSUOEexfnJW2IIW5whRKQ4mwgv YxRA4 PZk6JFFuob2/qwXsBzJFIWKmx94ufOo9ZBScRgEn VfQI2sGA0n4lE42CyNYkDlgyeAlXgxQzSQIK dAoADcClWAPD05f/HEBz0hRUloPI/+usIhWl947CW4sL1eAJmXY/MEUbOaRiV8YHMB8iWtWAmvag y2z8Qj/AO/BXImPqR5aRbQgIWgxREA/foPvNjkiKBjwNdAyOCHV0BDwJ5mq JEhMw60ImKxEjzCr+ NCWaDm5iRjI+PDqQDQraBvVmKgIEFz0POEAN9CWJOIQN//AQfCLaziZJzogQPoH5jY39XzFyvusB ToCkEgBdzLlQB8IVVEEA/5 ihtejTfkqpDwUxV7sOJDgxMkcNu3uVODp1YR7wI8VkpkYP3BFA7Iqe uUbSygFGdNJPiaZzTVgWwblhXUIfy8IfCkI713zqdQwCKEK69td1HQvjNz4KdfEFDCpdaqPoCQgw Da7rCxpiY64gCxwHBjUNH NEWVFaFQzRQDyPqxk6NCuENNtINAI6SNWP9hWq5DXWE80cEi8KKCusf pCjULTwHFzg8dRT8rG18E j4fiKMV8YAiAAyBgSDbRj4MYuMGrPB0MnsQJIRpKNBRESwGMWsYcxVE xK/pCIJEv0DrM26pxkpSsoqUIKm+0Vv5+gl1E0EHOX8Sg9KNBIAm/L+X1ERC 0B4wfemAOS11GWkd 2dSj+lRatH+2gAZBeptIvbzo1CxyUzlCUBYwXdwqo LrfbORbhVYbQ10xJ/yz5pJDjBAuG+o9AWYn 3YqNBZPQFY55SQcxAFyAHxLlYIxAU5b0/SNyVYdqv+Visq4H 2IP75Pwti4LIUuen1lNRQF/HDxaS AQQwdfjDe WHNAm+AvnhZO8ZZWpc93WyrE89IjONmvwXrdt8gTjGIvGh8BFc322zzzcQ0fAc9 K34v KyZ4ebaRPGxaPCvBRZPwjzE+u9UaYM23gQ5kNlRTNG6tTnMHv402+gCS 5ztEMTFMPLLPnD3VACzN JTQgsZHuWeG1AIaPqiILBh5bXj00jGqLqmXj49DrDdYb mg1CyWhvmfvn+HXsCOxHUejdBkIR6+47 wgEAgwcsRBEPAY/Tm6FykM8FEysGftGJyBBnfk YCSd51Rd6gKgV oLCrfEQ7Y/GqZfB93fRjaJGBr 1j6IEw4e91ngjOiEr/yqxpQ4h1FCkST+04WHT+m45HZQg9gqI99nQ8DcrrAqaKhSoC1MmmMXXP+Y NSQX0IIG6Z/WAbGA szNX2R4HY0jJSmHw90GM2IcHEBBe1jj4tshE31cf0SbYmawVkkr8s+cjfrxI eoIAFNwo0WQBe+xyAd/s6dLcV5848LwCj3p95z4ciL65VJxbUOB0K2oZLXIE2Q7c4bK5VJiq3qn4 Xf2xVrjtByD0sJ1LRMMeowDv9HUYunIAjsrKh1UbFoArSP/vMV7SXSdbD5T2FAMqIXBbDQxLVuw9 RZCTA+lR0Azs5gL5POz87PwFNG0eal+7hEBX1exdKEyM1pw6ewhzyciT8PB0JOwMxP8lS+7sdESL G4Xbdcch1I5DC98duk qD6ONA3b6qQkh0OAIuSNsEBYt0Zvhp/nKjH9CHD9PrJX5jc0MYsu9dJuvX aOwG0CbWgEX+NbEIAHRYjadkwADIN5wv9965eHwPL3dir4ClUDdOLaO7JGCPWRVd4geejudAM9eP aJF0YPc35/FBiIwF/J1APfdzEQA2X3wYJK4XV6Ae1aaOGaypiW1HgVkgqMSWEyQMIAkB7ywzWFmR u3T2gtt2QiGKefsR2Fx0FQRs8b3FLxjGhAUiXAUFT7PPAUOvXDiLCBvIYJErDQB/UDKYwM1pq5bB SFy/a5BWueJB4iuS2asOMVbClyEYVs2AG5vID4aVATtjY+QmnxksNwIxwEAPgI+OXxEAD nSa3h/g d6 pGMUZmWEJgh0mqwRWOF12q8zRXVYnzdc4SvudSNos11k3Wz Y JNRsCtU5uzZRCl7Gka0/GRAev4 dFoCwMJ5woa+U1EdjfjKkkma7usooVP4COTlbFgXoV3WOV2CyyZVz5p Y2oRdJJSVZGe/moXmKuUw uxcGQ5EIts29qPOrTqhXqg2ZkAAALzr2pVeYI3tAOJwFLfY7M0hHISQ2pxQ8sz3ND6iIJalZIMeG dCAYDTAYI4MQeawlMQKoDyDIIMB8RHAIwX UPFjt3NvvXKG PXY3hZV/U1UDzAw4pN/RArtmpEDUOA C/peVlv8qMAtUQvXuIKBY i1yEA4XIlGhVd1mOidTZhZKDQMlZEwfw/CyoJNo4CdqICdI1gVjAF1+ 3K K/A LDSX4vP9/G4cxE9DQ9LACy44FqEetr8t5wjPFkhBXMHaIDr3F0T3qxcOK5QcwtYhLsLOWh0 LCUgGmdX8nk8cyYkJzI1cImR/CYl3CVpcNwANxtUcwZgNXv22HUEZ9 5oaDssCdAZm8yRHi7XNnxQ gfrCCn9SJifjnPCEfSkMg0FyKgsyPsnZkx5yFxIUCg+DqBq6Zig/xkfpQxwe Qt7cWYoC OGjYKzxy E7fddkpzZULQMOtBPwcDe3glN0homPf3NgQ4Yzu7bOtBWT8llFjyUpzAbJAzGAM0BAJ2qdxoSEdX S1ADJSIMOwMYlbtFwL4kJVgRMKRqGdU F A/n9MCs4KzjNJRx9gPz+BKjORGB4uU0OX59UwgWy/yX4 eyUARWGGALIAJ4oiLAOIEqZpmuZQAISAfHh0mqZpmnBsaGRgXGmapmlYVFBMSJ37maZEQAAIFQcD +JqmaZYU7OTc1MxpmqZp xLy0rKSmaZqmnJSMhHyapmmadGxkXFRMaZqmaUQ4MCggpqBh phgABJpl d7oQEwgD+BPw6Gmapmng3NjQyKZpmqbAvLiwrNimaZqkoJSMhBNfNE1ntpcTA2xkWJ qmO9tQE6tA Ozg wKH+QpmkgGAwMG9 FBQkF5dtltAEUDvr75QQABQfL/7iqBBE9e+09B9UiMYPlADfv///8VKSgy YTEzLiYzICxhIiAvLy41YSMkYTM0L2EoAgVg/38FDhJhLC4lJG9 MTEtlQQD7J+TtEQQTDUBCoUFO QEpARszr3pNmYVExJiwDMd2Qb/YFF0P3PEXsbBbswTMeDFEH9rfsDQYAT0VAQQCbhE9FFBEZcahR xCPdZCPKoSdwYZ1c2WD/WycBc0jZYJPcMfxfJ6IRRHbyAP7/ j6XhdSdgTUhDSATtP3QmlEKCYwL6 sjQ3tyJWaWdMvl7r/7v/3wCtODMLgAN6Eziq4U6+AEYK7B+QKtkHwEH//f//jMfvAbjLo2h73/77 1Up2VxIGJK1P6yOosfzMGef///8O7D7vC9pgGpGTymfaspbnUknwK6NQjmY1YOX/////6kF4XM+p 1AutzJYHa1KtElBCmUSIvUSp ebbI074jovT+//8/QPdhb1fUL9uMTA95nKA0DiFdsJoqJDMvJC3/ /4UA2CUtLba6/j7OY2QyY0Zkb3lr6+72OW9kIrSGVjc4by1mO1X/+/9/Iig1JEE55SuWF/aGqZox YWWvj1b8gO5OPbS7/f//a4fGBlIHcelA1Ae8mdnBKO62BcrwGh3/liP/////HchjUNEq0jDZvM8C OOdgSfUII2RftwHyAYEQGx9n////z +uG96gcUW6XElUFQ8Cn4JmJupKmp4ygYJdGdv//X/6CxkyU taxVt74bBESooui54q69mEPGyw1rzAP//8P/eLu+wLcwxmMg3 E4sTXmkvAWr/+Xojp8KIQr/n/// +rcx/f7/hz/aabtm4KvEca6VRFzJRXiRlZikj/z//9iap7k9414kF+2FBWNotda+awL mYtV44dLz ////vYIYGiTTjU3OPLWuvpA cxcQOP+kuoadtv1UCQP/////i4FBJD8M/ErZ0s3v8+pOWa9CSx6pG TVBXREhPVUVK/////1GPdZy+VkdLTlRBQENCQkVDQERQL8SaRERHRjZuQCQ1/////x+at7egCC81 LDUGQwIuL0kiTyW+rP6gEjUgDBTMLWXN/7/9/8CtfUR2EhcWK2EYcoH3GbHM/Pm8e3KasuqHxHS3 ////v0hAR3a4Pho5cg/BZEHKhxJqhhHMxXx5bpb+Ebf/1v/K BD2+MUW+VMVRRnqCyAQtTs//gbl6 Bv///5gbmry/PZTMxHl5ESnTUGNputBs2VBuZTj/f/v/y81EHba enr/ BuB01 um41TofFRGMdyd1E eEaa/////z86Nsp8YWgrJCs5Qr6WwoFCIyVGIazyPsoMJU7uiRAM/////ykZUGATjC/7mMx8TDXC hVljt6j7/psrQxIrQin/gVpdEv+3/7m+7Pqc/rgpT o7KPD3IHCX/QUuqUP/f4P8cMa6 kPro/ ZcoU pTHCoz7MzUx5usvVVOD///+xtrc3unFQvgQxQyV4RD2dzGESEBEjeir3Hrr////f2ykYWRJRF1Ce mUIgNlk+507Bj2FEllygyB5FKHn///9v+IFTLSfxNil0NwxHvvKeWsSpeOzMBPlJWYVVVun/t/it XK0rHRdbZ Uk+TrwmKZqNsGkXI7/9/397 D UTVTtyt7OBaOgGtUT2oBxgS8kLtQexVSf/////lPVZL PkSf5+U/EJxBLXpgmJ/2h0oxN0TKR6ctghpq2V/4//9RuGVaTs2WFfd8mHFd1kI8LV7lzJe2ok16 t//////u5bgY4p1M+B3p1UHXynR5k7HDsJdreaIRxy55IJRNe9D///88UStQGHSDL8q8BBWGBFEF w kYRmCtA wSyM7P/// 79NTFt9wCeRASWYP/J6IcSBNVQrvr0VJYwlPSwZKUy/wf//l9ktHqK+hL8f GsKENYiCqsyqS8qtwq1t//9b+watN2gH j9FZdVHT1lq+IHFKkXqSyBS5DP7/l/6GQBbKvq6Hq HOB qVBxFk0 WSRQYwgy1vsIkjt/gN80K9r36fqzFBA5FYc7/b/z/zL0lScpFgHoDTTUNcpOoP1DKNLl4 Rdc1RAP/////lz+qLw49skJ0YLXEkz1MVmrErIK+NbBFejWQRTdgBFr/////14sYTDHSbAo/SU1O RxKX//gX8SsYQ3pGPdhHf7ku9bb9////gT1XLCaOuchF2ALCulEs5Rwa9Cqt0 bVBk6h+mY48/7/9 LzMQwsFCTszCT+lmAPacLLo8KsoGewwPfd9Y+P+JK3o56RFycm7W0IEMGAHMQraKVf////83eBbV X014cT 9RUS6sLprBdk2otnB6lzxGV8992QLy9P//v/CzPu08hp89z75H2zL2ljxFdzJytxgqFGlb K//f/v9J/1RXXXe3lbICtcxVcS0hVlw8TspQwoBFyBXE/63//5l8rKtzNH4tQJVaUkwYSCsnb1mo 30nJdgJd6P///8KHRnqyPWfgbPn1MZq5YIVtg rAuJ/c4U3wYGPgF/l8PscR+A7RlEsocSRf1ynEX rc/f+P8XRYy+Mk1JU1nKucrEvj2q5186dsoP/////8sFuEViMsBKWhrR7EBFMuBAqJPsupx3Tvdb bIZJxftE/////wlHTScv3uo1fUjE86mdfyHv4pOdhQNhTsPOt4IeJlYR/////yZSyxggjKo82Cqe OSAbGHhXyb0/FarsR6C+PhgIyouA/////6BCzH1Ren88Uso/RQGOsV8/IHh4Scg9xJ15pw4Pg3LG /////3mdMnS9RqCv8n5LRz3vmKpREkZDg6pSnlnFHklEq2oXN/7/peEdxLcqEqqeNWRn RqHKB6As mbN1/0b//x4JeRctTykf1l91cSM/Yam7dnKcckti0f8L//9QTfSaLBPN+MYBTUc0RZWZGewsqMqJ MEBUL/////809+xcntlxNU8DS8K7AqtfH0aoSa5egQGquf91FsdIAv7G/0uNMU5qSViuS9FTH6Dr vMg8sSlL0r/9N4U0rd bdR/LsflYXTwSvw9kMtL/B/9JR9WDzLE69xNXiyntiLfgyQP//twvOFkbl uLhNmZo9WU/KCE+YRcLdvDlc/////06qU24yfFL/vzFsYSklUMa9LLNYWMUavY2NNL0cg6cP/y/1 /zNQUlB3uJHxyIJqYyrZHx778JTDx7NIefC/wP/ZNQn/lXQEMjG2MIl9kR YXPPnMrf///7+E3mtV wHkuP1qZSnrPZislfrawBR4yS+RKrOBx1Z30////CENFooL36MoaYyVlZxRKPWWnsfCfcZnPSynZ e///y79BYb52nr72zkZyrNbCir54aRg/fnqcPWE6//+F/w36hbrssf8Nmf9Sef/2gS+ d9NYs2Cy4 Gz1V/0v8 /3BgvnWxNyC6YOQ0Q8qfS5c9gBJc7YA3Mv+/wf8EGOVnmRaJr4zckU60sXq0wqlCECld ecB4q fT/v+Cj92z9nfzpwr8BekdJP0L///+XTXf5nOPFZb4FQsK44U9LLf6dVRE8ER96sT8v/xv8 /7GSJV4/dvo/ZBhL0l1U6lauuz4KPEAHBL/R//96rz2aAu1GKYVIbByfnR5fw3y3MFCBlUD/hf // T X x+DYbOPlEp0R5Aon0vvSnaxJwhq26vwnj/1v//bTVL281dk+5HK68YSY1FTYlJQHRFvSbRp9b6 //9btz9gulQQcz7bUb3B5US8Lwdf22wEAXnt3/i3rpeWcNGATCluyZPC LzdXIs7//y/0zilTXTdJ 9ElxY7rYxexx92lUUcCDsWNT/////1ws9xMXBN6VF3OEqdkowpABQBivZnz7H IG/FZ4ShwSF//// /0Icb9aKhC6HJ4Y1iTaIIIqkM/hWizOKJI0djAyPLJZt/////9YojiKRkG6TMnaK7yjbkpWUl2aW Fpkc8p13mC9emyWawAv//50OnIwzmjRqn16eAgKhNKBJHJY 13f//v16laqR+pxdOpqr77yqpVqhu qwaqfq1emkSs////CyUTrrEvyRyw97XbLJJ0tG+3tjffu bjZ5/cq/9Jf6LtSujXKBZZ7v216BIH+ R08Rv0v///+ubktcRJBZwTnCgwBPMlhVQDRupyxEO ogFEdv/v8FPY+3Y7IA05oFZ QUlJMaKKgeAn JIW6//a0KQHnqY+WhhMkJig0CjJut///7TOBsAcvkkqzsjeRKCIkDCbb5xEzLm29of+//f82dzd+ vDI7DfgMqcbAiLFPCWyBbSFXG5HGqVUS//9/613kiH6mcRmBbCy0vDRIAR/AhWCCIkb2v24x//// /7ornxydAMhHjgEeqjuYAc2g4nhWA8gAUYGGN4Y8VmhF/kb//0xfSk0NylxFC1683sInSUFP+aFe ObqG/7/xtyoxksp s7apZN1XaDCsOSim7Wjxjd/8Sf+Meoar2aivyQ6M HdJR9l/RahRbb/wb/EUly 7Y80/ilwIlwxPgTpiKzsAMxb/P/2bk2OEeJ3XVNDDve+FBTIL1nI5WH/f4mFYAzD8ieeK7A/WTNc +f7yqLch/////+zjW swGTiZZer1Hj1w6STNLlQbISgZ3+ vGa9z/IIF0k//8v /VFyrQYUSUkM9mEU XWVdhk0RgnGt0OygZFHn/f///+U+SBabgcTxsarELhQvmZeYGfppNFblg+FWwcPbm3+B/y9LUbZG Gsq6dQIlPpCfERGGUwsCSf+FC/0RbK3zLsHURTQ4FG18rT2gcUa80P//RBIpUVi/3Oxg nF55/dHf cfP0ZftA8S19gwuLS4AVVLtbgweI////CzYSy5nLuj2wt/4Agsq7ypCAoVEnSICoQ+DC2////+CE Tf+y6x4agBzk9J2+GKXC P01BNLOGB00DlJoSX/r/U+x3IachU4IKPkJve6yOghILOBQq9P+rDzGE 97xc0QZ6uCRn/xf6W/gfjklCB4Ls0RVgNzoxyOI0RP////+VeQdJYovUm6lqiQqC7mvu9lMG88gf 9A6qeP7mBodOt/////96jj9HCp6AokISmpHZKr4DjsgXRTXzyooBdAEyoIH0GN/a6v+DJuSJKpWE LFBhPzzKDMBa+xX/////ekoBNXqDPQjZEdE5ib4f6PlTnDbaEVUYhHrKhraRh3L//zf45v/stXjH PGdT dlFmPcpeLHnicEcofYAm/Ft8qyoMTxeLR+9SGEby 2BcU////L5QGtnoW53NGCRYIeoA1UHLi 9CxKSosCgzZ4LbyJ/7/xFx8rgx9FzPPq6r5PHgthCqwJBsf/f6t/uuH6kUN5v7n4ZurX/McqUDs5 dTsQOaH///+taRD1VUYYC7UIrOstsTRguKnApOeiXogcB///v1VcNUO2lAT1uPYsyMjehv4NdD SQ wmdB499ooyukWSIctNVAqke Qi v+//X82XQw0rxFqXHC3Cj2thFe2k3CHgUUINLU7mv8v0OKvW617 aRzML0VfhGGo9AtC+m///816DbqYrzUcerzfWSOSaB9Jx/o6WTSuN1Z/oxK3Cx/67 4RsIFmtfL4X +rf6ahks7tCfHlldDqH0fn9FD/////80mm07w2kSSsOFR5oSeCii8y F6AXJNKrk0A0YgejHmNP/G ///feF9frMNXrBAW6NlKPJnl99u52k1ni+X0m///v/ScldvKDVTIDaDPi2UO5Zm9XvY 799CZuSVZ gv7/pf+bXz2RZ1yd8B6 Q2BaI0OcnZSJlnb+YXghf1OD/3wWRNQwWzr1Dvep3cogeyL1m+t/gL67J 4HYbdV/5K8yhAH9lGpIv////FwQ9po9e1J1RIXNznUkCsZd6AkpkVebCPEQYPtv/Qv9GrPO1C/LF wyl4TRJaEck/lnbQzf////8uhSPFRnAtgKdDF8DDDnzM/Uf+Vx+kQmMsJMqSMmwUMb/Fjf7RoZp4 NAggNUkqbbgew1n/oNTb2x23vYk/T0TSU/XbG/3/36a3QltYSYMdqj/imhSjFZHcFYkVR0L/f+ts yAEXrNuKSXpOW2KWL8yfQYn/9N/q//LQIT3eKSYhCUMINk0/DSHkAoL///93LnF6DFGeKcrxof9n Bkn6VD2pYE1dGdxC0xT1HP/G/1vSwOhh+445iIhy9zVHQhfBQSata+n/F/44ur4cO21USNNdXRg5 FxcnHlUdwxp53/r/f0O5Fgd6h58fOWqC10U/RDO1NQX8Pn4Mlv8v9P9kSBfcF92VEvaUrurqUdw8 vTdbVFQZF0b/////kzZUcM3W4Q3vquoSJhgx/SPMtlWIAEUXd/w1SBEQblXV/xv8RFlsg1mnqdsx sCUnzSaF0RbhNyjwv7/t0bz8 Uc0X6YPGrctAv/D//8WdnxGLAKmEyUAzq0QyWnkphi9LRlpqi8kU /7f//+IUS1kOzI8ir3GHE4FY0GUfvATNMU3mCyctrohf4P//n1dSDjSLT0KpJN07B/AYKZTMERRj SvH0/i/0/0ET7PRjTfmEOPKrdttygXlCNWABwX1Cv/3/t0O4V0KCywm+MejeO+1N90aHiiFAo+hX X+Db/xxNqdALEhMi9xSOROK9YTisgL 2u3+gv9IBVPwtZu Qr0vlPDe0Spfa8v9f9b/3M9S76c/nqj gHGqW8tfW1LB/7/U/6DpHreY2FqIWjZLtr64YVgAQot1yU8Hyf//v8ShYh2FTr67TTT4vRfQ2bEt JRmC8hHC/gX//y/1mlVBQnpAYgQmhgFSzR4/OuqMrkdJv5379f8L/9lNNxVzUcksTKop/Bbq5EFL TWCfe0v///8vt9mqErLk49cPrBrETQTYUxg8Bam M/MW4T9mkR/9S3/pEOTZTmvn0rWWIQbXSQuRO YNXW/63+d22widk5Q8BUqk /RyqWob6FO9/4LF/iZS8s98dQmvmdNTMnMPrq3/f//pVJDNWgKNVZD SraXSsxytkKHqmlkuT4q/y/0S4iecp+qXEO2kmKevIP6j7xiv8L//9tKnkpWTp/0YrZKn8+e+RDL KtfM2a9CfP//rf+AnC/+sRhqDGkrRZKvykmSoUWtQpzB6 PqBf4P//0qx80Inw3MfQONtxOhuTHp7 YsDXGQFitf3///9PR2SfI+hJWZkKypcaGaKDmle8ecYLNLcfiIM7NJn///8vdHYBUXktbG7w7xb7 UcqAQm2Y5CzAb kN+gKNCreP////IUzIOnpmjA6ErAQYe+lxAD1X7EaHkauieMwyS///fqlNVZFcQ cbO0y1VQyVVJADzJBy7TM7P/jX7rzAi8gmuEt1oXQ4IyYcdJIgNa/v9f6q2n6ECAW8JSueHxkMT6 eBwwot6eN57X/L/UDZ4Par9VC8w1EEKWy0Xckfi/xRudS8lFjooztEYcngmAdZf////fQU5R+AOe xGz393knR87rXlH8MGqm270Y+vlS+cH/v9T//IyRLgkzQis5GNUQ NALxl0bOuRFKUm4gfOv //xlj wWoVzlVHyPUBL1PNKhZUBxoSlXpEo/rW/2/xXAAS6K9ESUZ2tKL4NqB0huJWG/9vlCun4EFcKIG8 wbYWvwK5RP4v/f+C32dOJ+BDWoDBxI /NiT7WuRjZoXKAgh1///b/rTLAoMTsNN6rwLhES1ckR Fe5 LDxN6f////8DVka/6FFkQs6fn0exvnxFUe01EQc6GTQ9ghAX/+EjF/+N3vq3NEpLGBnrHbOe7VsR CfYdnnvf4hf4RCMZqk4KXxC+eWbpkbaZWjf6W/+BQh8Y+QnuSk+1fMfRK32bxi76////kpbMQFxR UBFuRRF1ts+vLFmSH0VOxOPqanEaug//F/43OXpgU86sxjxR36RXEW1XNDjKURbB9Lf47dYca8N0 EQRO0VieISQn36f /X+JvLCdhp0s2GRkbwFvi7RFaQFn9h+1b/P//UIkUTGWfOPFcVDdyFvkracs8 KBq/G4Nf+AUW+o15iVt6Y0MrqRuABqf///+XVWFoX 5ApjOVQtBl7kIMO/yPUUWIfqxvESTKQ/V/6 /5ZAkKuNLD L1EWCrBL12uq6cr07+jmFFUP+t/ktlcGqA5H0GJ8BRnuziNz2lCdj7/1/4agfMwwby Mfqes/tHEglrfUdFAZ5Cisk+jf7/fyy8SXO IJ7aYmgv1GitstJODHANO 3nT/X+D/SDuAqv/Xj0dc hNVsKjX3DdZ6hWHKsvwl/////9vY5emXkHeJOVGSqUq3mrCc7szUV+VxXGNPFKlLytxB///C/2xg XOuRT W7xBAYOXan/TwEnNLrjCqszsVQt/19Y6LO3BOr9GDV2zMwE1ML3iupEpn+J v/X3yCI JxkWb E6b/MRBBgKspDDn/////NKjRJ2uhnUrrJKax7k1h 1X5vDl2s97TUpLpRYRAdy5T//2//uFoKN8AO pzQTBahFcVbU7pqy0Q2uPLFztjytrcT/X+KGh8LhGuBQmry3x0j6oAYEaEb//9+6Ba2eqKn59PAm HkhDrX1wqnyRtyfnrK2qX+L/pTGxQnMOKbhfqu442c2NNR1qLlJf4P83PHOBpMkEpcMx/9VaOpy/ y/+/wP9QPWyXnZdZTSGcR16rV+34IEQZYUkcpaH///9YL255qmc8MR hjNKTuFTdY4FQwKY1BQWth L/+/1H9Iv9qnac1RQKUgJQcoLSRYQb8fEiQ1////RkYuKC7yt+38ThYzKEZbAjNkSi6kHvcAZn+p v9QGFbgqAi40TC3PnLeA9zNXBPD//y 9WJCwxEWgpTAnwfpovcDEHdyRI0i/1L+0uImO/p5+a30kk MjJVYJe4/f8yJAkgLy UOf/qEPkUkLyIg/i6/CYD/VkCtJTQtOQ8gLJb/v8B/JSUzgo9DpwSJAOot lyecFSlHJT2jP9b///8biL8ssjE4DS5dDS gjMyAzOHPEbpwh2AC4IE4u9P//MxJJL0zB9iYTDiMr MFUEOcORX7wFJOtL/AUaLnkoVwvY XAIXIC3E3+D/f0qG9yRtAE4OMVsKJDhP5pgdrk515zX4t3+J UUmxNjIxMzEnuj1tivN0sU//7nff0FFSdfMLeEVWSECDCVNMQzJJt79I/xn10jg4Lg1AQyJPs+UY ZUNR/y/9BsdBJ4CPj81aRXJGGXYatxFNe6X+//9pUUYRz2RaR0ItbhhWYe1 XQSX9X/FOSh 28cKv/ xTkEJ2PRvzcgqkVieiFvJf3/Ly0DIPalKk0KAVeBQcEgukXNcUKPzIkDeUYUYb4hqGP/t20RbcwF gb6 +FsKMvqpR0QDLe+P/jUcyRgZAmjRGyl/Cr71PM6z5QSvdDtgRUIEMMq4qDqUuwQcypXCIczNM 4R3Yt7pJPcKONTXIhC+IwkL2hAw0YQAcTAv8t3/CgEPAvEGylcKQQMxVbsK8+U5K8Ubuy0MDlKS2 qCKL/tL/DfRDwoNFyEbChkXCCDawQI6oDZfYuu8WH8i2+DWpyyltzUA2wcJv9bbBfkBWykbLHkVU qTb4/b8OgVHHhWi5waqpQLE7RMh pmLffGuX/TCNIgTUE yifMxXXfdoVxGOuyER9JvtclC9TL///W Tkkdnci4OEZO9kYGEQb 4Fgmz7xQpN9u/MzdGyELCgkWqmRAtIKgCRAXmqvm+ALmQW6MDEyUx2CFp hqQ15z3XXGCb8MUxV/2LH4MMNkibqQe3Sar0IwB1QQoEEw+cj1H/F/YFDQ1BAAUXABEIA0EUErnJ B2saChYScx4xbYPVak3uTgANBlyvLWjwhyKBrGAsttU PSCgQDEHnarW2wALOvzsNqEr4LzAo LzUn APMURVhFRIGAwBqNFggI5AEAMAoAJFEFv2kmIKgcAUZpbmRDRAGg8mxvc2UbRMzeFdRTaXplF+9/ +0xMEUEOTWFwVmlld09mD25vYW8OVW5tEC4DcnMibnfDL0tFbnYQb252q4qOXVYiYWIYOYi4HUQM dmXa7pGKmA59VGltRirirLVXGgtRQ6LbuvexC3twXmctTMNuXyB+TGlick55QSH2TFC0UGMoS 8ZE Obb9YmFsQWwGY1hMYbc97FTTKk11A3goG5u1W2wXcmMPfrB0EAf751pWHUZDb3B5xURl2oc3awaD FyVIYecLIN3CnUVTY9l2O/lsZW5U33BQL2gNYQs Kw1crWEQds7dFRPFvypG2UMTJcHlNkWxbdmeC Ik0TRXhpQkHxYt1ocWQf8b1ZwCb/L5mN94YNuwVlcKE2QjfiwsOwM25anGVJexFxosv7F2wg/F5y GFRvkxWGmaK4TKkOvCV7E2IRDQhja0OFb09EcgHjZGVDaKfcXURsNE1vQnl0IhIUJyKcnrmvtS0K Y5g2KlKgsr0n4VRHUG9pKBlIe8Fm7XBGJly9ExmEQ5gw6DpuRUy4rDBpCWmcFqQiJgQ6TRgz1zhD dRh9GTokOWFva6VEZSy VhCDFlWi1xx7jm8BnG0tleQxPcOvco2sxC0VqDoBWW70AGnZ1ZQ+LzNyl hBEpdW0wDE+zzSa3P2TC+G2gomFuh3NlMIo3F2uMc hD2B2lzZL32XAl6GfLOEBSieK5bUAgiOTeh KzMqYSohAkoPZrNUzSABoVVcDxaw305Cd WZmQQ8LTG939hm2I3d2SXKUI3cKhZtxWvTMDE2CwgCo bVm2Tde32GJA/wQCEwtlWZZlNBcSEA OrZVmWDwkUczm //4S8PFBFTAED4AAPAQsBB6570mwTciqA MgQQA4JsZ7GQNQsCMwSZW9LNBwzQHjR 72RvYEAcGAMB5CECAW2R4AhgFRrjCditkeAEeLi/Yk6CY pHCQ6zZ/u7AEIyALYC5kYXRhmCPuQrrB+yIndkC9zWAbhS7lCQDDwAZ8vyl7NCdAG7B7DZQAAEpB PAkAAAD/AAAAAA BgvgCQUACNvgCA//9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix 6D7vwR23LtuAEA AAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/ 3R0icUB23UHix6D 7vwR2xHJAdt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz //+D0QGNFC+D/fx2 D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5AQEA AIoHRyzoPAF394A/AXXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AwAAAiwcJwHRF i18E jYQwFOUAAAHzUIPHCP+WjOUAAJWKB0cIwHTcifl5Bw+3 B0dQR7l XSPKuVf+WkOUAAAnAdAeJ A4PDBOvY/5aU5QAAYekjRP//AAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAwAA ACAAA IAOAAAAkAAAgAAAAAAAAAAAAAAAAAAAAgABAAAAQAAAgAIAAABoAACAAAAAAAAAAAAAAAAA AAABAAkEAABYAAAA2PAAAOgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAJBAAAgAAAAMTzAAAo AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA0AAAgKgAAIAAAAAAAAAAAAAAAAAAAAEACQQAAMAA AADw9AAAIgAAAAAAAAAAAAAAAQAwAODAAAAoAAAAIAAAAEAAAAABAAQAAAAAAIACAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAg IAAAMDAwACAgIAAAAD/AAD/AAAA//8A /wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAiIiIiIiIiIiIiIiIiIAAAI////////////////+AAACH ///////////////3gAAAj3//////////////f4AAAI/3////////////9/+AAACP/3////////// /3//gAAAj//3//////////f//4AAAI///3////////9///+AAACP ///3///////3////gAAAj/// d3d3d3d3d3///4AAAI//939/f39/f393//+AAACP/3f39/f39/f393//gAAAj/d/f39/f39/f393 /4AAAId39/f39/f39/f393eAAACPf39/f39/f39/f39/gAAAj////////////////wAAAAj///// //////////AAAAAAj/////////////8AAAAAAAj////////////wAAAAAAAAj///////////AAAA AAAAAAj/////////8AAAAAAAAAAAj////////wAAAAAAAAAAAAj///////AAAAAAAAAAAAAAj/// //8AAAAAAAAAAAAAAAiIiIiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA AAAAAAAAAAAAAAAAAAAA/// / ////////////wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AA AAPAAAADwAAAA8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAfgAAAP8AAAH/gAAD/8AAB//gAA //8AAf//gAP//8AH///gD//////////////////IwwAAKAAAABAAAAAgAAAAAQAEA AAAAADAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAA IAAAACAgACAAAAAgACAAICAAADAwMAAgICAAAAA/wAA /wAAAP//AP8AAAD/AP8A//8AAP///wAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj///////AACI //////gAAI+P////jwAAj/j///j/AACPj4iIj48AAIj39/f3+AAAj39/f39/AAAI9/f39/A AAACP f39/AAAAAAj39/AAAAAAAIiIgAAAAAAAAAAAAAAAAAAAAAAAAP//AAD//wAAwAEAAMABAADAAQAA wAEAAMABAADAAQAAwAEAAMABA ADgAwAA8AcAAPgPAAD8HwAA//8AAP//AADwxAAAAAABAAIAICAQ AAEABADoAgAAAQAQEBAAAQAEACgBAAACAAAAAAAAAAAAAAAA AAAAvPUAAIz1AAAAAAAAAAAAAAAA AADJ9QAAnPUAAAAAAAAAAAAAAAAAANb1AACk9QAAAAAAAAAAAAAAAAAA4fUAAKz1AAAAAAA AAAAA AAAAAADs9QAAtPUAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9vUAAAT2AAAU9gAAAAAAACL2AAAAAAAA M PYAAAAAAAA49gAAAAAAADkAAIAAAAAAS0VSTkVMMzIuRExMAEFEVkFQSTMyLmRsbABNU1ZDUlQu ZGxsAFVTRVIzMi5kbGwAV1MyXzMyLmRsbAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAA RXhpdFByb2Nlc3MAAABSZWdDbG9zZUtleQAAAG1lbXNldAA Ad3NwcmludGZBAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBViV7/AnY2wAI15j+fpSbA1QLJPyWG JsBwE2DAT9HomkOq7KUUVYSlFFUSvJfdOXWlnCd1hl4iagxMrmp4YRtvVEfNnyOr14Cam6uAPSpY n0/58YC5s/KfKf0lnyBTeYZuYK5pMuon3SLZk+irM9RpgzuDaaZP+nZXlEl2XegNM3JO7xjt1yHD QbSpw0hruMOPxPTcR/BTww/0Gdy 8vT1ycce9nV/tboIHdJudlf kcnTYNNp02Ef+dMkmggkArBTV4 ZrPFpNyIH8UmZdpWn1naojz82r5wa8VBlV7anFmE0jZ0JSIOhM99RvhCPey6BBSKOvv5A8JxbsMs Vz1rlpulz73tSvoXMVX8VvMeay7nVfRGmkqLSghKKY8YSnVPWnEIhI6BMHWEgTtu/57 SSkeeTjGm nkAyHJ7uumiBMqIJrp9VOUFGo/JBUaEAXtCzpl7 rRMFBEOsck6uzYMqwd57iwAfJEvH0gA0aUsZc bnKsTLnpDxIaNpwNDDkYDaTcTi9dUdTuH1fXwCitcd8r5X3AYa8MwIS8C0/KRCbAmKX/pv0wPZrW 1uBWstUQgUz5m1aAi6KBFJnQmKDfxwjy1LvMXLx+PG89/iM1baojkwJ/VwtB5Tyk2uIrq2eTI7FO fDVm8q4f0PHz2ryQs9oYGHzFXw4cxQi+MsV9vNvaoNeS6xbn+BslkBo0jJXwlSs+hgTMhRcEzNI5 zcWTUCtDoLlv0P/AgJN2QZ/oC9yfpxUen6cT15/q3v6ASm o3gD0Lsjv541/UM02z1LpxrdRjfcLL yhiJHeLHXtS6jj3UM0253vRGQC7Obxbh8ZuCuUXaRTG3WKMxyJgBMTx0xmUloLJwuEvsgMxYgoCL O8qfdHX8gIC6RZ80fPef8P1Bn35ZFLnF6xZJugkPXuuR6kkQ8XRW/spUFwlin1YDxuNWLS+6Ku47 FU7BdhPamIi92t/KBdrdUXja3b4qlXc6y9rX2olGm7eRtshOeqnYzbB7r1OLHdcK2qleTwFgjt/A bfRlh3dg3+bZBw9PmPkBs5iNhQOYqvF9h1ktW4S2gLtRtUqdKpioqOvWiO4BsFYUAKSSzsXQHejF NJWsxXyWgsVCZdP6maIaCqpIsQrtti8K5y2kCtqZoRV9ndsVcWNNnrYwdK3TcaJCFWMnSr1bwxaP Ru5d6pJJQhV8FUIfTpZCHJjtpKW8eEvmMkQfxEAGVNGuvVTTkeBUnEfvSwmC +EtBgis6FLbhymtX f8prV5ccx4mV1W4EBNUoGEfKJVzz1TpMEvtGpzMUg1/VC3VMMQt3T+YLfI3pFOqf8QsxS32faZss cmbzRp1LjRSdowfUnRMPYZ2g1mqdD2hAg l8RmJ2jCd6mDPV3SeGur1Y/kFdJSyOrVrW/8UmCIldJ 1RMZHGSf7XG/yhCecTDiniTkaZ5SkfCegw+CnoBIxIGMvNKBhztmqnd1R0U0b7NaOJZtRROJu5kR 0rqMbGhXRa6QzZdDkEY6+jns +qLM7QfO3ekHMSJ3EH4iSETH1M7KjI12yo4t4KG TwwJR/YlR36/v c07QSUdekHL3oWqWX6HFodOhuRLJDVOAHP0lMZwNOeZm8uDZ7g1rtaoNLg1DDTb9jQ2vTVdQSwEC FAAKAAAAAAA5hBEzbGm5pcBwAADAcAAADgAAAAAAAAAAACAAAAAAAAAAdHJhbnNjcmlwdC5leGVQ SwUGAAAAAAEAAQA8AAAA7HAAAAAAUEsBAhQACgAAAAAA OYQRM4nu3GA+cQAAPnEAAA4AAAAAAAAA AAAgAAAAAAAAAHRyYW5zY3JpcHQuemlwUEsFBgAAAAABAAEAPAAAAGpxAAAAAA== ------=_NextPart_000_0000_62FD924B.05BE424C-- From jrhlj@yahoo.com.cn Tue Aug 23 05:45:21 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7VLN-0000bh-Sq for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 05:45:21 -0400 Received: from yahoo.com.cn ([218.10.84.135]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA23556 for ; Tue, 23 Aug 2005 05:45:13 -0400 (EDT) Message-Id: <200508230945.FAA23556@ietf.org> From: "jrhlj" Subject: =?GB2312?B?wtvOxNX3uOWjug==?= To: openpgp-archive@ietf.org Content-Type: text/plain;charset="GB2312" Reply-To: jrhlj@yahoo.com.cn Date: Tue, 23 Aug 2005 17:45:19 +0800 X-Priority: 3 X-Mailer: FoxMail 3.11 Release [cn] ÂÛÎÄÕ÷¸å£º ¡¶ºÚÁú½­¿Æ¼¼ÐÅÏ¢¡·ÔÓÖ¾ÊǾ­¹ú¼Ò¿Æ¼¼²¿ºÍ¹ú¼ÒÐÂÎųö°æ×ÜÊðÅú×¼ÔÚ¹úÄÚÍ⹫¿ª·¢ÐеĴóÐÍ×ÛºÏÐԿƼ¼¾­¼ÃÀàѧÊõÆÚ¿¯¡£ÓɺÚÁú½­Ê¡¿Æѧ¼¼ÊõЭ»áÖ÷°ì£¬¹úÄÚÍ⹫¿ª·¢ÐУ¬Îª°ëÔ¿¯¡£¹úÄÚͳһ¿¯ºÅ£ºCN23-1400/G3£»¹úÍâ·¢ÐдúºÅ£ºISSN 1673-1328¡£¹ú¼Ê±ê×¼´ó16¿ª±¾¡£±¾¿¯Ïò¹ã´ó¿ÆÑй¤×÷Õß¡¢ÎĽ̹¤×÷Õß¡¢¹¤³Ì¼¼ÊõÈËÔ±¡¢Å©Òµ¼¼ÊõÈËÔ±µÈµÈÕ÷Çó¿Æ¼¼¡¢ÎĽ̡¢ÆóÒµ¡¢ÊÂÒµµÈ¸÷¸ö·½ÃæµÄ¸å¼þºÍѧÊõÂÛÎÄ£¬ÎÄ×ÖÒªÇóÔÚ3000×óÓÒΪÒË¡£ ÁíÍ⣬ÎÒÉçÓëºÜ¶à¹ú¼ÒÒ»¼¶ÔÓÖ¾ÉçÓÐÒµÎñÍùÀ´£¬ÓеÄÉõÖÁÒÑÔÚÎÒÉ罨Á˹¤×÷Õ¾£¬ÈçÄúµÄÂÛÎÄÐèÔÚ¹ú¼ÒÒ»¼¶ÔÓÖ¾ÉÏ·¢±í£¬ÎÒÃÇ¿ÉÔÚ24СʱÄÚ°ïÄãͨ¹ý·¢¿¯ÉóºË¡£²¢Ô¤¶¨¿¯·¢ÈÕÆÚ¡£ À´¸åÃâÊÕÉó¸å·Ñ£¬Í¶¸å24Сʱ»Ø¸´¡£Í¶¸åÐë×¢Ã÷×÷ÕßÐÕÃû¡¢µ¥Î»¡¢ÓʱàºÍµØÖ·£¬µç»°¡¢E-mail:£¬ÒÔ±ãͶ¼ÄÊéÃæ֪ͨºÍÓʼÄÑù¿¯¡£¸å¼þ·¢µ½ wlx80@126.com »ò 0451-wl@163.com £¨»¶Ó­ÍøÉÏͶ¸åÇëÁ½¸öÓÊÏäͬʱ·¢ÐÅ£¬ÒÔÃâÊÕ²»µ½£©¡£ ÁªÏµÈË£ºÍõ À¼ µç»°£º0451-82614164£¨°ì£© 82620426£¨°ì£© ÊÖ»ú£º13946004090 µØÖ·£º¹þ¶û±õÊÐÄϸÚÇøÐûÐŽÖ15ºÅ ºÚÁú½­Ê¡Õþ¸®×ۺϰ칫¥528/529ÊÒ From owner-ietf-openpgp@mail.imc.org Tue Aug 23 07:21:16 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7WqC-0003xk-1m for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 07:21:16 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA27948 for ; Tue, 23 Aug 2005 07:21:13 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NB2PE7044708; Tue, 23 Aug 2005 04:02:25 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NB2PvE044706; Tue, 23 Aug 2005 04:02:25 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NB2Nnb044605 for ; Tue, 23 Aug 2005 04:02:24 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 151390580 for ietf-openpgp@imc.org; Tue, 23 Aug 2005 14:02:17 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Tue, 23 Aug 2005 14:02:17 +0300 (EEST) Message-ID: <26831.193.210.155.190.1124794937.squirrel@webmail.tiscali.fi> Date: Tue, 23 Aug 2005 14:02:17 +0300 (EEST) Subject: Secret key signature packet From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit What is the content of the secret key signature packet? I know that open pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA s are not included in the signature packet. I assume that the content is: -Version number (1 octet) -Signature type (1 octet) -Public key algorithm (1 octet) -Hash algorithm (1 octet) -Hashed subpackets (n octets) -Sub packet (issuer key id 8 octets) Is this right? From owner-ietf-openpgp@mail.imc.org Tue Aug 23 13:23:12 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7cUS-0000Qh-RQ for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 13:23:12 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA16672 for ; Tue, 23 Aug 2005 13:23:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NGuqnY085469; Tue, 23 Aug 2005 09:56:52 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NGuqmH085468; Tue, 23 Aug 2005 09:56:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NGunVs085431 for ; Tue, 23 Aug 2005 09:56:49 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 2627D57EF7; Tue, 23 Aug 2005 09:06:32 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Secret key signature packet Message-Id: <20050823160632.2627D57EF7@finney.org> Date: Tue, 23 Aug 2005 09:06:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: From: > What is the content of the secret key signature packet? I know that open > pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA > s are not included in the signature packet. I assume that the content is: > > -Version number (1 octet) > -Signature type (1 octet) > -Public key algorithm (1 octet) > -Hash algorithm (1 octet) > -Hashed subpackets (n octets) > -Sub packet (issuer key id 8 octets) I'm sorry, I don't know what you mean by a secret key signature packet. As I noted earlier, we don't sign secret keys. There would be no point in creating a "signature" packet that was missing the signature fields, r and s. Maybe this will help. OpenPGP implementations usually store the public keys separately from the secret keys. Traditionally these stores are called "key rings". The public key ring contains public keys (your own public key and also those belonging to other people), user ids, and signatures. The secret key ring contains your own secret keys and their user ids. There is no need for signature packets on the secret key ring. If there are any signature packets there, they will be signatures over just the public key portion of the secret key packets. They are not secret key signatures, there is no such thing. Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Aug 23 14:31:01 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7dY5-0003GC-O5 for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 14:31:01 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21348 for ; Tue, 23 Aug 2005 14:31:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NHq1B2019688; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NHq1Cj019682; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.off.net (off.net [66.96.28.3]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NHq1rt019663 for ; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) (envelope-from adam@mail.off.net) Received: by mail.off.net (Postfix, from userid 948) id 1B7797702B1; Tue, 23 Aug 2005 13:51:51 -0400 (EDT) Received: by bitchcake.off.net (hashcash-sendmail, from uid 948); Tue, 23 Aug 2005 13:51:49 -0400 Date: Tue, 23 Aug 2005 13:51:49 -0400 From: Adam Back To: Hal Finney Cc: ietf-openpgp@imc.org, mkuusio@surfeu.fi, Adam Back Subject: Re: Secret key signature packet Message-ID: <20050823175149.GA10161@bitchcake.off.net> References: <20050823160632.2627D57EF7@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823160632.2627D57EF7@finney.org> User-Agent: Mutt/1.4.1i X-Hashcash: 1:20:050823:hal@finney.org::7Dkck9oQshwfygck:1p9m X-Hashcash: 1:20:050823:ietf-openpgp@imc.org::azG3mzG0GIGU+9my:F1g X-Hashcash: 1:20:050823:mkuusio@surfeu.fi::5q2kVXGIFQnU2+yG:1ypa X-Hashcash: 1:20:050823:adam@cypherspace.org::WmF1WjwQ45DvOMIw:439+ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I might be misunderstanding but I read the original poster to be maybe hinting at modification detection of the private key ring somehow. I am not sure of any attack based on modifying the private key in an undetectable way... that would generally seem to make invalid signatures, and inability to decrypt. On the other hand changing the trust markers, or changing public encryption keys of other parties -- that would seem dangerous. So there would be value in that, tho AFAIK this info is on the public key ring. (Also with some implementations I've noticed they can operate just with the private keyring as the private key is a superset of the public key.) Also the threat model is a bit arguable; if an attacker can modify the keyrings, he could likely also insert a keyboard logger; maybe there is some difference tho if for example the software is kept separate, and there is some risk of attacker modifying the just the data on the keyring storage device. Adam On Tue, Aug 23, 2005 at 09:06:32AM -0700, "Hal Finney" wrote: > > From: > > What is the content of the secret key signature packet? I know that open > > pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA > > s are not included in the signature packet. I assume that the content is: > > > > -Version number (1 octet) > > -Signature type (1 octet) > > -Public key algorithm (1 octet) > > -Hash algorithm (1 octet) > > -Hashed subpackets (n octets) > > -Sub packet (issuer key id 8 octets) > > I'm sorry, I don't know what you mean by a secret key signature packet. > As I noted earlier, we don't sign secret keys. There would be no point > in creating a "signature" packet that was missing the signature fields, > r and s. > > Maybe this will help. OpenPGP implementations usually store the public > keys separately from the secret keys. Traditionally these stores are > called "key rings". The public key ring contains public keys (your > own public key and also those belonging to other people), user ids, and > signatures. The secret key ring contains your own secret keys and their > user ids. There is no need for signature packets on the secret key ring. > If there are any signature packets there, they will be signatures over > just the public key portion of the secret key packets. They are not > secret key signatures, there is no such thing. > > Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Aug 23 14:56:11 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7dwQ-0000H4-QJ for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 14:56:11 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA23214 for ; Tue, 23 Aug 2005 14:56:08 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NIbwhw049121; Tue, 23 Aug 2005 11:37:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NIbwad049120; Tue, 23 Aug 2005 11:37:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [63.240.76.28]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NIbvtE049059 for ; Tue, 23 Aug 2005 11:37:57 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc13) with ESMTP id <2005082318375101300l7aase>; Tue, 23 Aug 2005 18:37:51 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7NIbv0m021155 for ; Tue, 23 Aug 2005 14:37:57 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7NIbo0U025423 for ; Tue, 23 Aug 2005 14:37:50 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7NIbnH7025422 for ietf-openpgp@imc.org; Tue, 23 Aug 2005 14:37:49 -0400 Date: Tue, 23 Aug 2005 14:37:49 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Secret key signature packet Message-ID: <20050823183749.GB25141@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050823160632.2627D57EF7@finney.org> <20050823175149.GA10161@bitchcake.off.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823175149.GA10161@bitchcake.off.net> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Aug 23, 2005 at 01:51:49PM -0400, Adam Back wrote: > > I might be misunderstanding but I read the original poster to be maybe > hinting at modification detection of the private key ring somehow. > > I am not sure of any attack based on modifying the private key in an > undetectable way... that would generally seem to make invalid > signatures, and inability to decrypt. Could the original poster be thinking of the Klima-Rosa attack and the secret key "s2k 254" SHA-1 protection? David From owner-ietf-openpgp@mail.imc.org Tue Aug 23 17:44:05 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E7gYs-0007S7-V1 for openpgp-archive@megatron.ietf.org; Tue, 23 Aug 2005 17:44:05 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA13536 for ; Tue, 23 Aug 2005 17:44:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NL0YdC018484; Tue, 23 Aug 2005 14:00:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NL0YX6018482; Tue, 23 Aug 2005 14:00:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.off.net (off.net [66.96.28.3]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NL0We8018458 for ; Tue, 23 Aug 2005 14:00:33 -0700 (PDT) (envelope-from adam@mail.off.net) Received: by mail.off.net (Postfix, from userid 948) id 5112D77036D; Wed, 24 Aug 2005 01:01:45 -0400 (EDT) Received: by bitchcake.off.net (hashcash-sendmail, from uid 948); Wed, 24 Aug 2005 01:01:41 -0400 Date: Wed, 24 Aug 2005 01:01:36 -0400 From: Adam Back To: Hal Finney Cc: ietf-openpgp@imc.org, mkuusio@surfeu.fi, Adam Back Subject: Re: Secret key signature packet Message-ID: <20050824050136.GA3783@bitchcake.off.net> References: <20050823160632.2627D57EF7@finney.org> <20050823175149.GA10161@bitchcake.off.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823175149.GA10161@bitchcake.off.net> User-Agent: Mutt/1.4.1i X-Hashcash: 1:20:050824:hal@finney.org::yAlkC4lpg4U+EKgF:0DzN X-Hashcash: 1:20:050824:ietf-openpgp@imc.org::1+4Vdizuy/5VIz3e:8MaD X-Hashcash: 1:20:050824:mkuusio@surfeu.fi::YFlwEqRm7SVvn/Ld:4XTR X-Hashcash: 1:20:050824:adam@cypherspace.org::cNsX29IWh4A3LV3G:3wwd Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I wrote: > I am not sure of any attack based on modifying the private key in an > undetectable way... that would generally seem to make invalid > signatures, and inability to decrypt. Actually, let me revise that: I think one could likely mount an attack based on ability to modify _parts of_ the private key. eg with RSA the relation e.d = 1 mod phi(n) would no longer hold and so forth likely leaking parts of the private key. And there was a long time ago some discussion and examples of how one could modify the CFB mode protection that is used for unsigned bulk encryption in PGP (in modes that do not have a MDC). Well lets see if the original poster can explain his use-case. But I think for the above reason it might be interesting in lets say an example where you were to keep your private keyring on a network drive (feeling secure in knowledge you have a good passphrase, or even perhaps a computer generated password that you have written down); the attack then would be that someone could modify the private keyring perhaps adaptively and thereby compute the private key. (Or similar attack private key ring on USB key; but USB key not physically secured, left where attacker can selectively change bits). btw for this use-case I think using the MDC mode for encrytping the private part would be a good step. Might be interesting also to MAC (with key derived from passphrase) any non-encrypted parts of the private (and public) keyrings. Adam From owner-ietf-openpgp@mail.imc.org Thu Aug 25 07:47:40 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8GCq-0003WV-L4 for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 07:47:40 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13536 for ; Thu, 25 Aug 2005 07:47:39 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PBPrwZ047136; Thu, 25 Aug 2005 04:25:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7PBPrEL047135; Thu, 25 Aug 2005 04:25:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PBPpn0047099 for ; Thu, 25 Aug 2005 04:25:52 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 151578961 for ietf-openpgp@imc.org; Thu, 25 Aug 2005 14:25:43 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Thu, 25 Aug 2005 14:25:43 +0300 (EEST) Message-ID: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> Date: Thu, 25 Aug 2005 14:25:43 +0300 (EEST) Subject: Signature calculation problem From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit My question is relating in public key signature calculation. Chapter 5.2.4 Computing signatures in the RFC2440 says: When a signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length of the key, and then the body of the key packet. What about in the situation when the public key packet length is 256 or smaller in bytes. In that case the length is only 1 octet and the tag is 0x98. Is the octet 0x98 replaced to 0x99 and one length octet (0x00) is inserted between packet tag and length octet to form a two-octet length? Am I right in this? From owner-ietf-openpgp@mail.imc.org Thu Aug 25 08:36:01 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8Gxd-0001Rd-LR for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 08:36:01 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA15423 for ; Thu, 25 Aug 2005 08:36:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PCKI7R067486; Thu, 25 Aug 2005 05:20:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7PCKIpD067481; Thu, 25 Aug 2005 05:20:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc14.comcast.net [204.127.198.54]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PCKHaZ067413 for ; Thu, 25 Aug 2005 05:20:17 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005082512200701400hfbqke>; Thu, 25 Aug 2005 12:20:11 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7PCK90m028515 for ; Thu, 25 Aug 2005 08:20:09 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7PCK6hs029805 for ; Thu, 25 Aug 2005 08:20:06 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7PCK6tu029804 for ietf-openpgp@imc.org; Thu, 25 Aug 2005 08:20:06 -0400 Date: Thu, 25 Aug 2005 08:20:06 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation problem Message-ID: <20050825122006.GB28248@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, Aug 25, 2005 at 02:25:43PM +0300, mkuusio@surfeu.fi wrote: > > My question is relating in public key signature calculation. Chapter 5.2.4 > Computing signatures in the RFC2440 says: When a signature is made over a > key, the hash data starts with the octet 0x99, followed by a two-octet > length of the key, and then the body of the key packet. What about in the > situation when the public key packet length is 256 or smaller in bytes. In > that case the length is only 1 octet and the tag is 0x98. Is the octet > 0x98 replaced to 0x99 and one length octet (0x00) is inserted between > packet tag and length octet to form a two-octet length? Am I right in > this? The hash data always starts with the octet 0x99, even if the key length is smaller than 256 bytes. That is the canonical key form used when making signatures or calculating fingerprints. For example, data that is hashed for a key that is 200 bytes long (a pretty small key) would begin: 0x99 0x00 0xC8. David From fangdaoqi110@126.com Thu Aug 25 23:15:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8Uh6-0003Bw-Ok for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 23:15:52 -0400 Received: from 126.com ([218.5.162.111]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10050 for ; Thu, 25 Aug 2005 23:15:46 -0400 (EDT) Message-Id: <200508260315.XAA10050@ietf.org> Received: from 2E[10.0.0.59] by 126.com with SMTP id 6F6A6D0F; Fri, 26 Aug 2005 11:14:30 +0800 From: =?GB2312?B?wdbPyMn6?= To: "openpgp-archive" Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 8bit Date: Fri, 26 Aug 2005 11:15:03 +0800 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Content-Transfer-Encoding: 8bit From fangdaoqi110@126.com Thu Aug 25 23:15:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8Uh6-0003Bx-PQ for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 23:15:52 -0400 Received: from 126.com ([218.5.162.111]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10051 for ; Thu, 25 Aug 2005 23:15:46 -0400 (EDT) Message-Id: <200508260315.XAA10051@ietf.org> Received: from 2E[10.0.0.59] by 126.com with SMTP id 096B4504; Fri, 26 Aug 2005 11:14:30 +0800 From: =?GB2312?B?wdbPyMn6?= To: "openpgp-archive" Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 8bit Date: Fri, 26 Aug 2005 11:15:03 +0800 X-Mailer: Foxmail 4.1 [cn] Content-Transfer-Encoding: 8bit From fangdaoqi110@126.com Thu Aug 25 23:15:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8Uh6-0003Bw-Ok for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 23:15:52 -0400 Received: from 126.com ([218.5.162.111]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10050 for ; Thu, 25 Aug 2005 23:15:46 -0400 (EDT) Message-Id: <200508260315.XAA10050@ietf.org> Received: from 2E[10.0.0.59] by 126.com with SMTP id 6F6A6D0F; Fri, 26 Aug 2005 11:14:30 +0800 From: =?GB2312?B?wdbPyMn6?= To: "openpgp-archive" Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 8bit Date: Fri, 26 Aug 2005 11:15:03 +0800 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Content-Transfer-Encoding: 8bit From fangdaoqi110@126.com Thu Aug 25 23:15:52 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8Uh6-0003Bx-PQ for openpgp-archive@megatron.ietf.org; Thu, 25 Aug 2005 23:15:52 -0400 Received: from 126.com ([218.5.162.111]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10051 for ; Thu, 25 Aug 2005 23:15:46 -0400 (EDT) Message-Id: <200508260315.XAA10051@ietf.org> Received: from 2E[10.0.0.59] by 126.com with SMTP id 096B4504; Fri, 26 Aug 2005 11:14:30 +0800 From: =?GB2312?B?wdbPyMn6?= To: "openpgp-archive" Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 8bit Date: Fri, 26 Aug 2005 11:15:03 +0800 X-Mailer: Foxmail 4.1 [cn] Content-Transfer-Encoding: 8bit From owner-ietf-openpgp@mail.imc.org Sat Aug 27 04:08:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8vjq-0007p4-Oi for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 04:08:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA02029 for ; Sat, 27 Aug 2005 04:08:28 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R7oKAZ071152; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7R7oKGU071151; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R7oJU8071138 for ; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id BE1D42B47D6; Sat, 27 Aug 2005 09:50:18 +0200 (CEST) Date: Sat, 27 Aug 2005 09:50:18 +0200 To: ietf-openpgp@imc.org Subject: Signature types Message-ID: <20050827075018.GA17967@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I am wondering if I understand the following correctly: 0x40 Timestamp signature. It is calculated directly on any document like a 0x00 signature (BTW, it would probably makes sense to introduce a 0x41 timestamp for textual documents), but the issuer of the signature does not claim authorship or endorse the document, just states the fact that the document existed at the time when the signature was issued. This one I do not understand at all: 0x50 Third-Party Confirmation signature. What is the signature calculated on? The document? The certified signature? Both? My guess would be that it is calculated on te document and includes in one (or more) subpackets the canonical hash of the certified signature(s). In this case the notary certifies the fact that the signatures are valid at the time of issuing this signature. But in this case a blind notary that certifies only the fact that the signature has been made before the time of issuing the singature should use standalone (0x02) signatures with a target signature subpacket. There is absolutely no point in 0x50 signatures without target signature subpackets in this setting, but I might have misunderstood something. Thanks in advance for the clarification. -- Daniel From owner-ietf-openpgp@mail.imc.org Sat Aug 27 05:42:08 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8xCR-0004ez-US for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 05:42:08 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA05240 for ; Sat, 27 Aug 2005 05:42:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R9L7SO004217; Sat, 27 Aug 2005 02:21:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7R9L7vV004216; Sat, 27 Aug 2005 02:21:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R9L6K0004203 for ; Sat, 27 Aug 2005 02:21:06 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id A838C5D014 for ; Sat, 27 Aug 2005 10:21:00 +0100 (BST) Message-ID: <43103173.8020805@systemics.com> Date: Sat, 27 Aug 2005 10:25:07 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Signature types References: <20050827075018.GA17967@epointsystem.org> In-Reply-To: <20050827075018.GA17967@epointsystem.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Daniel A. Nagy wrote: > ... [some stuff] On that section, but not on Daniel's question, it occurs to me that the caveat found half way down ("Please note that the vagueness...") could be usefully expanded to cover all of 5.2.1. Something like: 5.2.1. Signature Types There are a number of possible meanings for a signature. By convention, OpenPGP suggests meanings by the following signature type octets in any given signature. Please note that the vagueness of these signature claims is not a flaw, but a feature of the system. Cryptographic signing technology alone cannot make these claims true, and a relying party would need to examine the intentions of any signer, and the wider context of the system and environment in order to assess any claims. OpenPGP places final authority and responsibility on the receiver of any signature. 0x01:... Which then allows a simplification of the post-0x13 comment: 0x13:... Please note that one authority's casual certification might be more rigorous than some other authority's positive certification. These classifications allow a certification authority to issue fine-grained claims. Most OpenPGP implementations make their "key signatures" as 0x10 certifications. Some implementations can issue 0x11-0x13 certifications, but few differentiate between the types. As an alternate, such general commentary could append to the end of the section - but in legal terms, if it is a warning as to limitations, it should be at the front. Given the somewhat poisoned waters of digital signatures, I'd prefer to see the disclaims before any claims. iang PS: are we in final call already? From owner-ietf-openpgp@mail.imc.org Sat Aug 27 10:17:58 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E91VO-0000Gs-Et for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 10:17:58 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA15456 for ; Sat, 27 Aug 2005 10:17:55 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDxrOF002917; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RDxrNq002916; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [216.148.227.118]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDxrB5002878 for ; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <20050827135947015009pv3ue>; Sat, 27 Aug 2005 13:59:47 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7RDxl0m005036 for ; Sat, 27 Aug 2005 09:59:47 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7RDxj4W017891 for ; Sat, 27 Aug 2005 09:59:45 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7RDxjpM017890 for ietf-openpgp@imc.org; Sat, 27 Aug 2005 09:59:45 -0400 Date: Sat, 27 Aug 2005 09:59:45 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: ISSUE: misleading hash instructions Message-ID: <20050827135945.GB1832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This one is really easy to fix. In section 5.2.4 (Computing Signatures), the paragraph ordering implies incorrect things about a user ID certification signature (which hashes the public key plus user ID packet). The description of a user ID certification signature refers to "the data above", which given the paragraph ordering, is how to hash a signature for signing, and not a public key. If we just switch the position of the paragraph beginning "When a signature is made over a signature packet" with the paragraph beginning "A certification signature (type 0x10 through 0x13)" the problem goes away. David From owner-ietf-openpgp@mail.imc.org Sat Aug 27 10:18:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E91Vw-0000SL-NR for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 10:18:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA15494 for ; Sat, 27 Aug 2005 10:18:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDtxug001506; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RDtxgp001505; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDtxLJ001465 for ; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc11) with ESMTP id <2005082713555301100lg01fe>; Sat, 27 Aug 2005 13:55:53 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7RDtr0m005029 for ; Sat, 27 Aug 2005 09:55:53 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7RDtqd7017883 for ; Sat, 27 Aug 2005 09:55:52 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7RDtqUm017882 for ietf-openpgp@imc.org; Sat, 27 Aug 2005 09:55:52 -0400 Date: Sat, 27 Aug 2005 09:55:52 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827135551.GA1832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050827075018.GA17967@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050827075018.GA17967@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 09:50:18AM +0200, Daniel A. Nagy wrote: > > I am wondering if I understand the following correctly: > > 0x40 Timestamp signature. > > It is calculated directly on any document like a 0x00 signature (BTW, it > would probably makes sense to introduce a 0x41 timestamp for textual > documents), but the issuer of the signature does not claim authorship or > endorse the document, just states the fact that the document existed at the > time when the signature was issued. Signature over a signature, just like 0x50. It's not exactly made clear in section 5.2.1, but note that it gets a signature target subpacket. That only makes sense if it is a signature over a signature. Note that 0x40 actually existed in rfc-1991 as well (also a signature over a signature). > This one I do not understand at all: > > 0x50 Third-Party Confirmation signature. > > What is the signature calculated on? The document? The certified signature? > Both? The signature. I thought this one was pretty clear (from 5.2.1): This signature is a signature over some other OpenPGP signature packet(s). It is analogous to a notary seal on the signed data. David From owner-ietf-openpgp@mail.imc.org Sat Aug 27 11:44:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E92rU-0002BO-1F for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 11:44:53 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18247 for ; Sat, 27 Aug 2005 11:44:48 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFQm8X014400; Sat, 27 Aug 2005 08:26:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RFQmj5014399; Sat, 27 Aug 2005 08:26:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFQlHg014369 for ; Sat, 27 Aug 2005 08:26:47 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 508BD2B47C8; Sat, 27 Aug 2005 17:26:46 +0200 (CEST) Date: Sat, 27 Aug 2005 17:26:46 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827152645.GA20223@epointsystem.org> References: <20050827075018.GA17967@epointsystem.org> <20050827135551.GA1832@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050827135551.GA1832@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 09:55:52AM -0400, David Shaw wrote: > On Sat, Aug 27, 2005 at 09:50:18AM +0200, Daniel A. Nagy wrote: > > > > I am wondering if I understand the following correctly: > > > > 0x40 Timestamp signature. > > > > It is calculated directly on any document like a 0x00 signature (BTW, it > > would probably makes sense to introduce a 0x41 timestamp for textual > > documents), but the issuer of the signature does not claim authorship or > > endorse the document, just states the fact that the document existed at the > > time when the signature was issued. > > Signature over a signature, just like 0x50. It's not exactly made > clear in section 5.2.1, but note that it gets a signature target > subpacket. That only makes sense if it is a signature over a > signature. If the signature target subpacket is in the hashed part of the signature, it makes perfect sense with signatures on the document as well, as it binds the document to the signature (e.g. a party that has access only to the notary's public key can be assured that it is a valid signature on the document, provided that the notatry is trusted). > Note that 0x40 actually existed in rfc-1991 as well (also > a signature over a signature). It's actually RFC1991 that got me wondering: <40> - time stamping ("I saw this document") (*) ... Type <40> is intended to be a signature of a signature, as a notary seal on a signed document. Now, this is contradictory. If a signature does not have any cryptograpic binding (except the indirect one through the other signature) to the document, it cannot be used to assert the integrity thereof. Someone with the public key of the notary cannot verify this claim. Also, it makes a lot of sense to certify documents that have not been signed. Since there are no implementations of 0x40 signatures (to my knowledge) it is worth giving it a thought. A timestamp signature on (possibly unsigned) documents that can, if required, bind signatures to it is immensely useful > > This one I do not understand at all: > > > > 0x50 Third-Party Confirmation signature. > > > > What is the signature calculated on? The document? The certified signature? > > Both? > > The signature. I thought this one was pretty clear (from 5.2.1): > > This signature is a signature over some other OpenPGP > signature packet(s). It is analogous to a notary seal on the > signed data. Except that if it's a signature on the signature, then it cannot be analogous to a notary seal on the signed data (see above). Yet, a signature over a signature is also useful, as it can be issued by a blind notary that doesn't see the document. Also, it does prove to someone with access to all public keys the integrity of the document. In sum, if 0x40 would be a timestamp signature on the document while 0x50 a timestamp signature on the signature, it would make perfect sense, making both of them useful and not redundant at all. This won't contradict the wording of RFC2440, while RFC1991 contradicts itself, so being consistent with that one is hopeless to begin with. -- Daniel From owner-ietf-openpgp@mail.imc.org Sat Aug 27 11:56:13 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E932S-0004bF-4Q for openpgp-archive@megatron.ietf.org; Sat, 27 Aug 2005 11:56:13 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18651 for ; Sat, 27 Aug 2005 11:56:08 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFYRvQ014819; Sat, 27 Aug 2005 08:34:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RFYRNU014818; Sat, 27 Aug 2005 08:34:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFYQXU014810 for ; Sat, 27 Aug 2005 08:34:26 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 60BE02B47C8; Sat, 27 Aug 2005 17:34:25 +0200 (CEST) Date: Sat, 27 Aug 2005 17:34:25 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827153425.GB20223@epointsystem.org> References: <20050827075018.GA17967@epointsystem.org> <43103173.8020805@systemics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43103173.8020805@systemics.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 10:25:07AM +0100, Ian G wrote: > > Daniel A. Nagy wrote: > > ... [some stuff] > > On that section, but not on Daniel's question, it occurs to > me that the caveat found half way down ("Please note that > the vagueness...") could be usefully expanded to cover all > of 5.2.1. What the claim of the signature is can be indeed very vague, but what kind of objects are hashed to verify the signature should be unambiguous in the standard. I still maintain that there is a very legitimate need for a timestamp signature on any kind of data that has no meaning beyond the timestamp. A signature on a signature is also useful (for different purposes), but it cannot have the same signature type as the above signature, because the objects that they sign are different. Using 0x40 (and possibly 0x41) for the first purpose and 0x50 for the second seems logical and in line with RFC2440. -- Daniel From frankandries222@netscape.net Mon Aug 29 06:18:13 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9giS-0006nI-SY for openpgp-archive@megatron.ietf.org; Mon, 29 Aug 2005 06:18:12 -0400 Received: from netscape.net (proxy@200-103-168-034.fozit7001.dsl.brasiltelecom.net.br [200.103.168.34] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with SMTP id GAA28354 for ; Mon, 29 Aug 2005 06:18:08 -0400 (EDT) Message-ID: From: "ADMIN. DEPT." To: Subject: FROM MRS. DERIK Date: Mon, 29 Aug 2005 02:17:31 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1123 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 Content-Transfer-Encoding: 7bit FROM: GOVERNMENT ACCREDITED LICENSED LOTTERY EUROPEAN PRIZE AWARD DEPT. REF:EL3/9318/05 BATCH:8/163/EL. Attn:Dear Sir/Madam We are pleased to inform you of the result of the Lottery Winners International programs held on the 01/3/2005. Your e-mail address attached to ticket number :EL-23133 with serial number: EL-123542,batch number: EL-35,lottery ref number: EL-9318 and drew lucky numbers 7-1-8-36-4-22 which consequently won in the 1st category, you have therefore been approved for a lump sum pay out of US$1,500,000.00 (One Million, Five Hundred Thousand United States dollars) CONGRATULATIONS!!! Due to mix up of some numbers and names, we ask that you keep your winning information confidential until your claims has been processed and your money Remitted to you. This is part of our security protocol to avoid double claiming and unwarranted abuse of this program by some participants. All participants were selected through a computer ballot system drawn from over 40,000 company and 20,000,000 individual email addresses and names from all over the world. This promotional program takes place every year. This lottery was promoted and sponsored by a group of successful electronic dealers.we hope with part of your winning,you will take part in our next year US$20 million international lottery. To file for your claim, please contact our paying officer: Contact Person: Mr.Paul Zimmerman (Lottery Director) Remittance Director, Netherlands Lottery International Nl Company [Lotto International Netherlands], 107 Vanderloop 1902AB ,Amsterdam, The Netherlands TEL:+31-610-564-186 FAX:+31-847-456-822 Email: paulzim111@netscape.net Remember, all winning must be claimed not later than 7TH OF SEPT,2005.After this date all unclaimed funds will be included in the next stake. Please note in order to avoid unnecessary delays and complications please remember to quote your reference number and batch numbers in all correspondence. Furthermore, should there be any change of address do inform our agent as soon as possible. Congratulations once more from our members of staff and thank you for being part of our promotional program. yours Sincerely, Mrs.Queensley Derik, For Management. From owner-ietf-openpgp@mail.imc.org Wed Aug 31 08:02:26 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EARIP-0002yu-HP for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 08:02:26 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16194 for ; Wed, 31 Aug 2005 08:02:23 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VBSRGo091828; Wed, 31 Aug 2005 04:28:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VBSR2t091827; Wed, 31 Aug 2005 04:28:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VBSPZr091790 for ; Wed, 31 Aug 2005 04:28:26 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 11:28:19 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp004) with SMTP; 31 Aug 2005 13:28:19 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 12:28:05 +0100 Message-ID: <43159443.5040808@gmx.at> Date: Wed, 31 Aug 2005 12:28:03 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Encrypt subject X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! If I am in the wrong place, please advise me where to go. Sorry if that has been discussed before, but non-searchable list-archives are an abomination to the lord. So: I like PGP, and use it a lot in thunderbird+enigmail. However, as has cropped up several times on the enigmail mailinglist, it would be really nice to be able to hide the Subject: header of an email inside the encrypted mail body. Are there any ideas/proposals about this ? It kind of makes no sense to encrypt the body if a lot of the info can be gleaned from the subject. It was suggested that one could include something like: Header-Subject: mysubject into the encrypted mail, and just get it out again after decryption. I am sure if that could be put into a RFC of some sort it would be adopted by clients pretty fast. Ideas ? Discussion ? Sorry if I bored you to death, Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFZRDyD2v/adjdKMRAm8KAJ9hXFJbwM2zggs6NlIwO6HFZIO9/wCfUMXU 8QAliNRrKYejMe+G9AZ8BJ8= =IuHV -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Aug 31 08:50:14 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAS2g-0008K2-3i for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 08:50:14 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA18532 for ; Wed, 31 Aug 2005 08:50:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VCQHC7096159; Wed, 31 Aug 2005 05:26:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VCQHtu096158; Wed, 31 Aug 2005 05:26:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VCQGlc096151 for ; Wed, 31 Aug 2005 05:26:16 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EARll-0008N0-Gw for ; Wed, 31 Aug 2005 14:32:45 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EARZk-0000zC-7A; Wed, 31 Aug 2005 14:20:20 +0200 To: Karl Kashofer Cc: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <43159443.5040808@gmx.at> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 31 Aug 2005 14:20:20 +0200 In-Reply-To: <43159443.5040808@gmx.at> (Karl Kashofer's message of "Wed, 31 Aug 2005 12:28:03 +0100") Message-ID: <87vf1mqovv.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 31 Aug 2005 12:28:03 +0100, Karl Kashofer said: > However, as has cropped up several times on the enigmail mailinglist, it > would be really nice to be able to hide the Subject: header of an email > inside the encrypted mail body. Simply send your mail as an encrypted message/rfc2822 MIME message and put an innocent subject into the header. Whether it is useful to decrypt all mails to see just the subject is a different question, though. I use memonic subjects without any relation to the actual content; this helps to mentally sort such messages. Salam-Shalom, Werner From owner-ietf-openpgp@mail.imc.org Wed Aug 31 09:33:09 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EASiD-00061D-Af for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 09:33:09 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA20590 for ; Wed, 31 Aug 2005 09:33:05 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VD9XTL001007; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VD9Xr2001006; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from biglumber.com (biglumber.com [207.228.252.42]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VD9Wcw000990 for ; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) (envelope-from greg@turnstep.com) Received: (qmail 16313 invoked from network); 31 Aug 2005 13:09:27 -0000 Received: from unknown (HELO localhost) (207.228.252.42) by 0 with SMTP; 31 Aug 2005 13:09:27 -0000 From: "Greg Sabino Mullane" To: ietf-openpgp@imc.org Cc: karl.kashofer@gmx.at CC: karl.kashofer@gmx.at Subject: Re: Encrypt subject X-PGP-Key: 2529 DF6A B8F7 9407 E944 45B4 BC9B 9067 1496 4AC8 X-Request-PGP: http://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 In-Reply-To: <43159443.5040808@gmx.at> Date: Wed, 31 Aug 2005 13:09:27 -0000 X-Mailer: JoyMail 1.48 Message-ID: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > It kind of makes no sense to encrypt the body if a lot of the info can > be gleaned from the subject. True enough - so don't put any important information into the subject. Just use something standard like "Re: your mail" or use the output of M-x spook if you are feeling mischievous. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200508310906 https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkMVq4YACgkQvJuQZxSWSsj1RgCeNF+oWoO3iVIeK4PK5ziACBwT s+gAoPMLj0HiXlzvV7Hjw4l7K5LPW+Me =UGsD -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Aug 31 09:33:10 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EASiE-00061W-1f for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 09:33:10 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA20591 for ; Wed, 31 Aug 2005 09:33:05 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VDBtDN001240; Wed, 31 Aug 2005 06:11:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VDBtKT001238; Wed, 31 Aug 2005 06:11:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VDBsjK001229 for ; Wed, 31 Aug 2005 06:11:54 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 13:11:48 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp012) with SMTP; 31 Aug 2005 15:11:48 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 14:11:34 +0100 Message-ID: <4315AC86.40904@gmx.at> Date: Wed, 31 Aug 2005 14:11:34 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <43159443.5040808@gmx.at> <87vf1mqovv.fsf@wheatstone.g10code.de> In-Reply-To: <87vf1mqovv.fsf@wheatstone.g10code.de> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Werner ! >>However, as has cropped up several times on the enigmail mailinglist, it >>would be really nice to be able to hide the Subject: header of an email >>inside the encrypted mail body. > > > Simply send your mail as an encrypted message/rfc2822 MIME message and > put an innocent subject into the header. > > Whether it is useful to decrypt all mails to see just the subject is a > different question, though. I use memonic subjects without any > relation to the actual content; this helps to mentally sort such > messages. Isn't that an ugly workaround ? I know the Subject: is a header and is not part of the message body, but I am sure most people use PGP as transport security, once the email is here on my laptop it can be permanently decrypted. It cant be that hard to put the subject into the body before encryption, and get it out again after decryption can it ? Or are there any conceptual issues I am missing ? Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFayGyD2v/adjdKMRAgSEAKCyNO3BoOYw2GUcf3UsXbGkWnWmrwCfWDK1 01nO61ygdOQVmQYb+RMtse0= =t02n -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Aug 31 09:54:36 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAT2y-0004YB-HE for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 09:54:36 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21496 for ; Wed, 31 Aug 2005 09:54:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VDRJ8d002798; Wed, 31 Aug 2005 06:27:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VDRJ4A002797; Wed, 31 Aug 2005 06:27:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VDRI7v002614 for ; Wed, 31 Aug 2005 06:27:18 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 13:27:11 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp008) with SMTP; 31 Aug 2005 15:27:11 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 14:26:58 +0100 Message-ID: <4315B022.1080409@gmx.at> Date: Wed, 31 Aug 2005 14:26:58 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> In-Reply-To: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > True enough - so don't put any important information into the subject. Just > use something standard like "Re: your mail" or use the output of M-x spook if > you are feeling mischievous. Well that deprives me of the advantages of having a Subject: line. (i.e. meaningful listing in email client, sorting and searching,...) It cant be that the answer to this is "Dont use it." ? We have Comment: and Hash: lines inside the PGP markers, why cant we have Subject: ? I think this is a shortcoming of PGP email encryption and should be fixed, dont you ? Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFbAhyD2v/adjdKMRAjRZAKC2HoxblU8EW4h/rBSBEIg+L4b7tQCcDgr+ tlpoFO1DTBDtnvDUHj3j/lE= =GZA6 -----END PGP SIGNATURE----- From owner-ietf-openpgp@mail.imc.org Wed Aug 31 11:46:20 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAUn6-00025p-Kj for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 11:46:20 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA27533 for ; Wed, 31 Aug 2005 11:46:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VFR3uH018949; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VFR3n6018948; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VFR2Qw018934 for ; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 5C2912B47EA; Wed, 31 Aug 2005 17:26:56 +0200 (CEST) Date: Wed, 31 Aug 2005 17:26:56 +0200 To: ietf-openpgp@imc.org Subject: Information and meta-information Message-ID: <20050831152646.GB31148@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This email about encrypting the subject reminded me of a more general issue that I wanted to bring up here. I think that the current PGP/MIME standard has a very annoying flaw that is relatively easy to fix. Here's a short description: There is no distinction between PGP/MIME data and regular RFC2440 data, although all it would take is a flag in the Literal packet. This way, if I saved the PGP MESSAGE from an application/pgp-encrypted MIME chunk (which is doable even with MUAs ignorant of PGP/MIME), I could still decrypt it into a usable file (e.g. a jpeg image). I would suggest the following modification of RFC2440bis-14: 5.9. Literal Data Packet (Tag 11) A Literal Data packet contains the body of a message; data that is not to be further interpreted. The body of this packet consists of: - A one-octet field that describes how the data is formatted. If it is a 'b' (0x62), then the literal packet contains binary data. If it is a 'm' (0x6D), then the literal packet contains data in MIME canonical format. From owner-ietf-openpgp@mail.imc.org Wed Aug 31 19:52:12 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAcNH-000175-SM for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 19:52:12 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA27712 for ; Wed, 31 Aug 2005 19:52:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VNUaRT061942; Wed, 31 Aug 2005 16:30:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VNUahF061941; Wed, 31 Aug 2005 16:30:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VNUQDO061930 for ; Wed, 31 Aug 2005 16:30:32 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id BBED557EF5; Wed, 31 Aug 2005 15:40:25 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Encrypt subject Message-Id: <20050831224025.BBED557EF5@finney.org> Date: Wed, 31 Aug 2005 15:40:25 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Karl Kashofer writes: > We have Comment: and Hash: lines inside the PGP markers, why cant we > have Subject: ? > I think this is a shortcoming of PGP email encryption and should be > fixed, dont you ? The problem is that we do sort of have a solution to this already, which Werner described: use PGP/MIME. MIME allows for embedding one email message inside another, and the MIME security extensions, including PGP/MIME, show how to encrypt such an embedded message. The problem is that almost no mailers support this. Few enough even support PGP/MIME, and then they would also have to be smart enough to figure out what to do with an embedded email message. Replacing the enclosing message's headers with those from the embedded message is not an obvious thing to do. Your solution is simpler but it would still require implementation in the mailers. They would have to decrypt the message and then move the data from this new Subject: header up to the outer mail headers. This requires tight integration between the mail agent and the encryption layer of a type which generally does not exist today. Instead of rewriting mail agents to do this, it would probably be more productive to work to get wider general support for PGP/MIME, along with support for embedding email messages to protect the headers. Hal Finney From owner-ietf-openpgp@mail.imc.org Wed Aug 31 20:24:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAcsZ-0000pK-Fw for openpgp-archive@megatron.ietf.org; Wed, 31 Aug 2005 20:24:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA28639 for ; Wed, 31 Aug 2005 20:24:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j8109nuJ064761; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j8109nL3064760; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from darius.cyrusoft.com (darius.cyrusoft.com [63.163.82.2]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j8109nEq064754 for ; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) (envelope-from daboo@isamet.com) Received: from [10.0.1.2] (pool-141-158-125-55.pitt.east.verizon.net [141.158.125.55]) (authenticated bits=0) by darius.cyrusoft.com (8.12.9/8.12.9) with ESMTP id j81050uG006804 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Aug 2005 20:05:05 -0400 Date: Wed, 31 Aug 2005 20:09:37 -0400 From: Cyrus Daboo To: Hal Finney , ietf-openpgp@imc.org Subject: Re: Encrypt subject Message-ID: In-Reply-To: <20050831224025.BBED557EF5@finney.org> References: <20050831224025.BBED557EF5@finney.org> X-Mailer: Mulberry/4.0.3 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Spam-Status: No, hits=0.0 tests=none Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hi Hal, --On August 31, 2005 3:40:25 PM -0700 "Hal Finney" wrote: > The problem is that almost no mailers support this. Few enough even > support PGP/MIME, and then they would also have to be smart enough to > figure out what to do with an embedded email message. Replacing the > enclosing message's headers with those from the embedded message is not > an obvious thing to do. > ... it would probably be more > productive to work to get wider general support for PGP/MIME, along with > support for embedding email messages to protect the headers. What would be useful is a hint to receiving clients to 'promote' the embedded message/rfc822 header out of the multipart/signed. Perhaps we could have a MIME header in the message/rfc822 part to indicate that. We could try something like: Content-Disposition: promote-headers or invent a new header for this purpose. The one benefit of Content-Disposition is that it is easily accessible via IMAP. -- Cyrus Daboo Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j8109nuJ064761; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j8109nL3064760; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from darius.cyrusoft.com (darius.cyrusoft.com [63.163.82.2]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j8109nEq064754 for ; Wed, 31 Aug 2005 17:09:49 -0700 (PDT) (envelope-from daboo@isamet.com) Received: from [10.0.1.2] (pool-141-158-125-55.pitt.east.verizon.net [141.158.125.55]) (authenticated bits=0) by darius.cyrusoft.com (8.12.9/8.12.9) with ESMTP id j81050uG006804 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 31 Aug 2005 20:05:05 -0400 Date: Wed, 31 Aug 2005 20:09:37 -0400 From: Cyrus Daboo To: Hal Finney , ietf-openpgp@imc.org Subject: Re: Encrypt subject Message-ID: In-Reply-To: <20050831224025.BBED557EF5@finney.org> References: <20050831224025.BBED557EF5@finney.org> X-Mailer: Mulberry/4.0.3 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Spam-Status: No, hits=0.0 tests=none Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi Hal, --On August 31, 2005 3:40:25 PM -0700 "Hal Finney" wrote: > The problem is that almost no mailers support this. Few enough even > support PGP/MIME, and then they would also have to be smart enough to > figure out what to do with an embedded email message. Replacing the > enclosing message's headers with those from the embedded message is not > an obvious thing to do. > ... it would probably be more > productive to work to get wider general support for PGP/MIME, along with > support for embedding email messages to protect the headers. What would be useful is a hint to receiving clients to 'promote' the embedded message/rfc822 header out of the multipart/signed. Perhaps we could have a MIME header in the message/rfc822 part to indicate that. We could try something like: Content-Disposition: promote-headers or invent a new header for this purpose. The one benefit of Content-Disposition is that it is easily accessible via IMAP. -- Cyrus Daboo Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VNUaRT061942; Wed, 31 Aug 2005 16:30:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VNUahF061941; Wed, 31 Aug 2005 16:30:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VNUQDO061930 for ; Wed, 31 Aug 2005 16:30:32 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id BBED557EF5; Wed, 31 Aug 2005 15:40:25 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Encrypt subject Message-Id: <20050831224025.BBED557EF5@finney.org> Date: Wed, 31 Aug 2005 15:40:25 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Karl Kashofer writes: > We have Comment: and Hash: lines inside the PGP markers, why cant we > have Subject: ? > I think this is a shortcoming of PGP email encryption and should be > fixed, dont you ? The problem is that we do sort of have a solution to this already, which Werner described: use PGP/MIME. MIME allows for embedding one email message inside another, and the MIME security extensions, including PGP/MIME, show how to encrypt such an embedded message. The problem is that almost no mailers support this. Few enough even support PGP/MIME, and then they would also have to be smart enough to figure out what to do with an embedded email message. Replacing the enclosing message's headers with those from the embedded message is not an obvious thing to do. Your solution is simpler but it would still require implementation in the mailers. They would have to decrypt the message and then move the data from this new Subject: header up to the outer mail headers. This requires tight integration between the mail agent and the encryption layer of a type which generally does not exist today. Instead of rewriting mail agents to do this, it would probably be more productive to work to get wider general support for PGP/MIME, along with support for embedding email messages to protect the headers. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VFR3uH018949; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VFR3n6018948; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VFR2Qw018934 for ; Wed, 31 Aug 2005 08:27:03 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 5C2912B47EA; Wed, 31 Aug 2005 17:26:56 +0200 (CEST) Date: Wed, 31 Aug 2005 17:26:56 +0200 To: ietf-openpgp@imc.org Subject: Information and meta-information Message-ID: <20050831152646.GB31148@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This email about encrypting the subject reminded me of a more general issue that I wanted to bring up here. I think that the current PGP/MIME standard has a very annoying flaw that is relatively easy to fix. Here's a short description: There is no distinction between PGP/MIME data and regular RFC2440 data, although all it would take is a flag in the Literal packet. This way, if I saved the PGP MESSAGE from an application/pgp-encrypted MIME chunk (which is doable even with MUAs ignorant of PGP/MIME), I could still decrypt it into a usable file (e.g. a jpeg image). I would suggest the following modification of RFC2440bis-14: 5.9. Literal Data Packet (Tag 11) A Literal Data packet contains the body of a message; data that is not to be further interpreted. The body of this packet consists of: - A one-octet field that describes how the data is formatted. If it is a 'b' (0x62), then the literal packet contains binary data. If it is a 'm' (0x6D), then the literal packet contains data in MIME canonical format. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VDRJ8d002798; Wed, 31 Aug 2005 06:27:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VDRJ4A002797; Wed, 31 Aug 2005 06:27:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VDRI7v002614 for ; Wed, 31 Aug 2005 06:27:18 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 13:27:11 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp008) with SMTP; 31 Aug 2005 15:27:11 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 14:26:58 +0100 Message-ID: <4315B022.1080409@gmx.at> Date: Wed, 31 Aug 2005 14:26:58 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> In-Reply-To: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! > True enough - so don't put any important information into the subject. Just > use something standard like "Re: your mail" or use the output of M-x spook if > you are feeling mischievous. Well that deprives me of the advantages of having a Subject: line. (i.e. meaningful listing in email client, sorting and searching,...) It cant be that the answer to this is "Dont use it." ? We have Comment: and Hash: lines inside the PGP markers, why cant we have Subject: ? I think this is a shortcoming of PGP email encryption and should be fixed, dont you ? Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFbAhyD2v/adjdKMRAjRZAKC2HoxblU8EW4h/rBSBEIg+L4b7tQCcDgr+ tlpoFO1DTBDtnvDUHj3j/lE= =GZA6 -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VDBtDN001240; Wed, 31 Aug 2005 06:11:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VDBtKT001238; Wed, 31 Aug 2005 06:11:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VDBsjK001229 for ; Wed, 31 Aug 2005 06:11:54 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 13:11:48 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp012) with SMTP; 31 Aug 2005 15:11:48 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 14:11:34 +0100 Message-ID: <4315AC86.40904@gmx.at> Date: Wed, 31 Aug 2005 14:11:34 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <43159443.5040808@gmx.at> <87vf1mqovv.fsf@wheatstone.g10code.de> In-Reply-To: <87vf1mqovv.fsf@wheatstone.g10code.de> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Werner ! >>However, as has cropped up several times on the enigmail mailinglist, it >>would be really nice to be able to hide the Subject: header of an email >>inside the encrypted mail body. > > > Simply send your mail as an encrypted message/rfc2822 MIME message and > put an innocent subject into the header. > > Whether it is useful to decrypt all mails to see just the subject is a > different question, though. I use memonic subjects without any > relation to the actual content; this helps to mentally sort such > messages. Isn't that an ugly workaround ? I know the Subject: is a header and is not part of the message body, but I am sure most people use PGP as transport security, once the email is here on my laptop it can be permanently decrypted. It cant be that hard to put the subject into the body before encryption, and get it out again after decryption can it ? Or are there any conceptual issues I am missing ? Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFayGyD2v/adjdKMRAgSEAKCyNO3BoOYw2GUcf3UsXbGkWnWmrwCfWDK1 01nO61ygdOQVmQYb+RMtse0= =t02n -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VD9XTL001007; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VD9Xr2001006; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from biglumber.com (biglumber.com [207.228.252.42]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VD9Wcw000990 for ; Wed, 31 Aug 2005 06:09:33 -0700 (PDT) (envelope-from greg@turnstep.com) Received: (qmail 16313 invoked from network); 31 Aug 2005 13:09:27 -0000 Received: from unknown (HELO localhost) (207.228.252.42) by 0 with SMTP; 31 Aug 2005 13:09:27 -0000 From: "Greg Sabino Mullane" To: ietf-openpgp@imc.org Cc: karl.kashofer@gmx.at CC: karl.kashofer@gmx.at Subject: Re: Encrypt subject X-PGP-Key: 2529 DF6A B8F7 9407 E944 45B4 BC9B 9067 1496 4AC8 X-Request-PGP: http://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 In-Reply-To: <43159443.5040808@gmx.at> Date: Wed, 31 Aug 2005 13:09:27 -0000 X-Mailer: JoyMail 1.48 Message-ID: <2904dead36db793ce8a812bfbc7d59eb@biglumber.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > It kind of makes no sense to encrypt the body if a lot of the info can > be gleaned from the subject. True enough - so don't put any important information into the subject. Just use something standard like "Re: your mail" or use the output of M-x spook if you are feeling mischievous. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200508310906 https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkMVq4YACgkQvJuQZxSWSsj1RgCeNF+oWoO3iVIeK4PK5ziACBwT s+gAoPMLj0HiXlzvV7Hjw4l7K5LPW+Me =UGsD -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VCQHC7096159; Wed, 31 Aug 2005 05:26:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VCQHtu096158; Wed, 31 Aug 2005 05:26:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VCQGlc096151 for ; Wed, 31 Aug 2005 05:26:16 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EARll-0008N0-Gw for ; Wed, 31 Aug 2005 14:32:45 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EARZk-0000zC-7A; Wed, 31 Aug 2005 14:20:20 +0200 To: Karl Kashofer Cc: ietf-openpgp@imc.org Subject: Re: Encrypt subject References: <43159443.5040808@gmx.at> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 31 Aug 2005 14:20:20 +0200 In-Reply-To: <43159443.5040808@gmx.at> (Karl Kashofer's message of "Wed, 31 Aug 2005 12:28:03 +0100") Message-ID: <87vf1mqovv.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 31 Aug 2005 12:28:03 +0100, Karl Kashofer said: > However, as has cropped up several times on the enigmail mailinglist, it > would be really nice to be able to hide the Subject: header of an email > inside the encrypted mail body. Simply send your mail as an encrypted message/rfc2822 MIME message and put an innocent subject into the header. Whether it is useful to decrypt all mails to see just the subject is a different question, though. I use memonic subjects without any relation to the actual content; this helps to mentally sort such messages. Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7VBSRGo091828; Wed, 31 Aug 2005 04:28:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7VBSR2t091827; Wed, 31 Aug 2005 04:28:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7VBSPZr091790 for ; Wed, 31 Aug 2005 04:28:26 -0700 (PDT) (envelope-from karl.kashofer@gmx.at) Received: (qmail invoked by alias); 31 Aug 2005 11:28:19 -0000 Received: from unknown (EHLO hotmail.com) [81.189.102.241] by mail.gmx.net (mp004) with SMTP; 31 Aug 2005 13:28:19 +0200 X-Authenticated: #7548666 Received: from 127.0.0.1 (AVG SMTP 7.0.344 [267.10.16]); Wed, 31 Aug 2005 12:28:05 +0100 Message-ID: <43159443.5040808@gmx.at> Date: Wed, 31 Aug 2005 12:28:03 +0100 From: Karl Kashofer User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Encrypt subject X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ! If I am in the wrong place, please advise me where to go. Sorry if that has been discussed before, but non-searchable list-archives are an abomination to the lord. So: I like PGP, and use it a lot in thunderbird+enigmail. However, as has cropped up several times on the enigmail mailinglist, it would be really nice to be able to hide the Subject: header of an email inside the encrypted mail body. Are there any ideas/proposals about this ? It kind of makes no sense to encrypt the body if a lot of the info can be gleaned from the subject. It was suggested that one could include something like: Header-Subject: mysubject into the encrypted mail, and just get it out again after decryption. I am sure if that could be put into a RFC of some sort it would be adopted by clients pretty fast. Ideas ? Discussion ? Sorry if I bored you to death, Cheers, Karl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDFZRDyD2v/adjdKMRAm8KAJ9hXFJbwM2zggs6NlIwO6HFZIO9/wCfUMXU 8QAliNRrKYejMe+G9AZ8BJ8= =IuHV -----END PGP SIGNATURE----- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFYRvQ014819; Sat, 27 Aug 2005 08:34:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RFYRNU014818; Sat, 27 Aug 2005 08:34:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFYQXU014810 for ; Sat, 27 Aug 2005 08:34:26 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 60BE02B47C8; Sat, 27 Aug 2005 17:34:25 +0200 (CEST) Date: Sat, 27 Aug 2005 17:34:25 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827153425.GB20223@epointsystem.org> References: <20050827075018.GA17967@epointsystem.org> <43103173.8020805@systemics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43103173.8020805@systemics.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 10:25:07AM +0100, Ian G wrote: > > Daniel A. Nagy wrote: > > ... [some stuff] > > On that section, but not on Daniel's question, it occurs to > me that the caveat found half way down ("Please note that > the vagueness...") could be usefully expanded to cover all > of 5.2.1. What the claim of the signature is can be indeed very vague, but what kind of objects are hashed to verify the signature should be unambiguous in the standard. I still maintain that there is a very legitimate need for a timestamp signature on any kind of data that has no meaning beyond the timestamp. A signature on a signature is also useful (for different purposes), but it cannot have the same signature type as the above signature, because the objects that they sign are different. Using 0x40 (and possibly 0x41) for the first purpose and 0x50 for the second seems logical and in line with RFC2440. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFQm8X014400; Sat, 27 Aug 2005 08:26:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RFQmj5014399; Sat, 27 Aug 2005 08:26:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RFQlHg014369 for ; Sat, 27 Aug 2005 08:26:47 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 508BD2B47C8; Sat, 27 Aug 2005 17:26:46 +0200 (CEST) Date: Sat, 27 Aug 2005 17:26:46 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827152645.GA20223@epointsystem.org> References: <20050827075018.GA17967@epointsystem.org> <20050827135551.GA1832@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050827135551.GA1832@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 09:55:52AM -0400, David Shaw wrote: > On Sat, Aug 27, 2005 at 09:50:18AM +0200, Daniel A. Nagy wrote: > > > > I am wondering if I understand the following correctly: > > > > 0x40 Timestamp signature. > > > > It is calculated directly on any document like a 0x00 signature (BTW, it > > would probably makes sense to introduce a 0x41 timestamp for textual > > documents), but the issuer of the signature does not claim authorship or > > endorse the document, just states the fact that the document existed at the > > time when the signature was issued. > > Signature over a signature, just like 0x50. It's not exactly made > clear in section 5.2.1, but note that it gets a signature target > subpacket. That only makes sense if it is a signature over a > signature. If the signature target subpacket is in the hashed part of the signature, it makes perfect sense with signatures on the document as well, as it binds the document to the signature (e.g. a party that has access only to the notary's public key can be assured that it is a valid signature on the document, provided that the notatry is trusted). > Note that 0x40 actually existed in rfc-1991 as well (also > a signature over a signature). It's actually RFC1991 that got me wondering: <40> - time stamping ("I saw this document") (*) ... Type <40> is intended to be a signature of a signature, as a notary seal on a signed document. Now, this is contradictory. If a signature does not have any cryptograpic binding (except the indirect one through the other signature) to the document, it cannot be used to assert the integrity thereof. Someone with the public key of the notary cannot verify this claim. Also, it makes a lot of sense to certify documents that have not been signed. Since there are no implementations of 0x40 signatures (to my knowledge) it is worth giving it a thought. A timestamp signature on (possibly unsigned) documents that can, if required, bind signatures to it is immensely useful > > This one I do not understand at all: > > > > 0x50 Third-Party Confirmation signature. > > > > What is the signature calculated on? The document? The certified signature? > > Both? > > The signature. I thought this one was pretty clear (from 5.2.1): > > This signature is a signature over some other OpenPGP > signature packet(s). It is analogous to a notary seal on the > signed data. Except that if it's a signature on the signature, then it cannot be analogous to a notary seal on the signed data (see above). Yet, a signature over a signature is also useful, as it can be issued by a blind notary that doesn't see the document. Also, it does prove to someone with access to all public keys the integrity of the document. In sum, if 0x40 would be a timestamp signature on the document while 0x50 a timestamp signature on the signature, it would make perfect sense, making both of them useful and not redundant at all. This won't contradict the wording of RFC2440, while RFC1991 contradicts itself, so being consistent with that one is hopeless to begin with. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDxrOF002917; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RDxrNq002916; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [216.148.227.118]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDxrB5002878 for ; Sat, 27 Aug 2005 06:59:53 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <20050827135947015009pv3ue>; Sat, 27 Aug 2005 13:59:47 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7RDxl0m005036 for ; Sat, 27 Aug 2005 09:59:47 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7RDxj4W017891 for ; Sat, 27 Aug 2005 09:59:45 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7RDxjpM017890 for ietf-openpgp@imc.org; Sat, 27 Aug 2005 09:59:45 -0400 Date: Sat, 27 Aug 2005 09:59:45 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: ISSUE: misleading hash instructions Message-ID: <20050827135945.GB1832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This one is really easy to fix. In section 5.2.4 (Computing Signatures), the paragraph ordering implies incorrect things about a user ID certification signature (which hashes the public key plus user ID packet). The description of a user ID certification signature refers to "the data above", which given the paragraph ordering, is how to hash a signature for signing, and not a public key. If we just switch the position of the paragraph beginning "When a signature is made over a signature packet" with the paragraph beginning "A certification signature (type 0x10 through 0x13)" the problem goes away. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDtxug001506; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7RDtxgp001505; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7RDtxLJ001465 for ; Sat, 27 Aug 2005 06:55:59 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc11) with ESMTP id <2005082713555301100lg01fe>; Sat, 27 Aug 2005 13:55:53 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7RDtr0m005029 for ; Sat, 27 Aug 2005 09:55:53 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7RDtqd7017883 for ; Sat, 27 Aug 2005 09:55:52 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7RDtqUm017882 for ietf-openpgp@imc.org; Sat, 27 Aug 2005 09:55:52 -0400 Date: Sat, 27 Aug 2005 09:55:52 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature types Message-ID: <20050827135551.GA1832@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050827075018.GA17967@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050827075018.GA17967@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sat, Aug 27, 2005 at 09:50:18AM +0200, Daniel A. Nagy wrote: > > I am wondering if I understand the following correctly: > > 0x40 Timestamp signature. > > It is calculated directly on any document like a 0x00 signature (BTW, it > would probably makes sense to introduce a 0x41 timestamp for textual > documents), but the issuer of the signature does not claim authorship or > endorse the document, just states the fact that the document existed at the > time when the signature was issued. Signature over a signature, just like 0x50. It's not exactly made clear in section 5.2.1, but note that it gets a signature target subpacket. That only makes sense if it is a signature over a signature. Note that 0x40 actually existed in rfc-1991 as well (also a signature over a signature). > This one I do not understand at all: > > 0x50 Third-Party Confirmation signature. > > What is the signature calculated on? The document? The certified signature? > Both? The signature. I thought this one was pretty clear (from 5.2.1): This signature is a signature over some other OpenPGP signature packet(s). It is analogous to a notary seal on the signed data. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R9L7SO004217; Sat, 27 Aug 2005 02:21:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7R9L7vV004216; Sat, 27 Aug 2005 02:21:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R9L6K0004203 for ; Sat, 27 Aug 2005 02:21:06 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id A838C5D014 for ; Sat, 27 Aug 2005 10:21:00 +0100 (BST) Message-ID: <43103173.8020805@systemics.com> Date: Sat, 27 Aug 2005 10:25:07 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Signature types References: <20050827075018.GA17967@epointsystem.org> In-Reply-To: <20050827075018.GA17967@epointsystem.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel A. Nagy wrote: > ... [some stuff] On that section, but not on Daniel's question, it occurs to me that the caveat found half way down ("Please note that the vagueness...") could be usefully expanded to cover all of 5.2.1. Something like: 5.2.1. Signature Types There are a number of possible meanings for a signature. By convention, OpenPGP suggests meanings by the following signature type octets in any given signature. Please note that the vagueness of these signature claims is not a flaw, but a feature of the system. Cryptographic signing technology alone cannot make these claims true, and a relying party would need to examine the intentions of any signer, and the wider context of the system and environment in order to assess any claims. OpenPGP places final authority and responsibility on the receiver of any signature. 0x01:... Which then allows a simplification of the post-0x13 comment: 0x13:... Please note that one authority's casual certification might be more rigorous than some other authority's positive certification. These classifications allow a certification authority to issue fine-grained claims. Most OpenPGP implementations make their "key signatures" as 0x10 certifications. Some implementations can issue 0x11-0x13 certifications, but few differentiate between the types. As an alternate, such general commentary could append to the end of the section - but in legal terms, if it is a warning as to limitations, it should be at the front. Given the somewhat poisoned waters of digital signatures, I'd prefer to see the disclaims before any claims. iang PS: are we in final call already? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R7oKAZ071152; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7R7oKGU071151; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7R7oJU8071138 for ; Sat, 27 Aug 2005 00:50:20 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id BE1D42B47D6; Sat, 27 Aug 2005 09:50:18 +0200 (CEST) Date: Sat, 27 Aug 2005 09:50:18 +0200 To: ietf-openpgp@imc.org Subject: Signature types Message-ID: <20050827075018.GA17967@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I am wondering if I understand the following correctly: 0x40 Timestamp signature. It is calculated directly on any document like a 0x00 signature (BTW, it would probably makes sense to introduce a 0x41 timestamp for textual documents), but the issuer of the signature does not claim authorship or endorse the document, just states the fact that the document existed at the time when the signature was issued. This one I do not understand at all: 0x50 Third-Party Confirmation signature. What is the signature calculated on? The document? The certified signature? Both? My guess would be that it is calculated on te document and includes in one (or more) subpackets the canonical hash of the certified signature(s). In this case the notary certifies the fact that the signatures are valid at the time of issuing this signature. But in this case a blind notary that certifies only the fact that the signature has been made before the time of issuing the singature should use standalone (0x02) signatures with a target signature subpacket. There is absolutely no point in 0x50 signatures without target signature subpackets in this setting, but I might have misunderstood something. Thanks in advance for the clarification. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PCKI7R067486; Thu, 25 Aug 2005 05:20:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7PCKIpD067481; Thu, 25 Aug 2005 05:20:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc14.comcast.net [204.127.198.54]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PCKHaZ067413 for ; Thu, 25 Aug 2005 05:20:17 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <2005082512200701400hfbqke>; Thu, 25 Aug 2005 12:20:11 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7PCK90m028515 for ; Thu, 25 Aug 2005 08:20:09 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7PCK6hs029805 for ; Thu, 25 Aug 2005 08:20:06 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7PCK6tu029804 for ietf-openpgp@imc.org; Thu, 25 Aug 2005 08:20:06 -0400 Date: Thu, 25 Aug 2005 08:20:06 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation problem Message-ID: <20050825122006.GB28248@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, Aug 25, 2005 at 02:25:43PM +0300, mkuusio@surfeu.fi wrote: > > My question is relating in public key signature calculation. Chapter 5.2.4 > Computing signatures in the RFC2440 says: When a signature is made over a > key, the hash data starts with the octet 0x99, followed by a two-octet > length of the key, and then the body of the key packet. What about in the > situation when the public key packet length is 256 or smaller in bytes. In > that case the length is only 1 octet and the tag is 0x98. Is the octet > 0x98 replaced to 0x99 and one length octet (0x00) is inserted between > packet tag and length octet to form a two-octet length? Am I right in > this? The hash data always starts with the octet 0x99, even if the key length is smaller than 256 bytes. That is the canonical key form used when making signatures or calculating fingerprints. For example, data that is hashed for a key that is 200 bytes long (a pretty small key) would begin: 0x99 0x00 0xC8. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PBPrwZ047136; Thu, 25 Aug 2005 04:25:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7PBPrEL047135; Thu, 25 Aug 2005 04:25:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7PBPpn0047099 for ; Thu, 25 Aug 2005 04:25:52 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 151578961 for ietf-openpgp@imc.org; Thu, 25 Aug 2005 14:25:43 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Thu, 25 Aug 2005 14:25:43 +0300 (EEST) Message-ID: <4038.193.210.155.190.1124969143.squirrel@webmail.tiscali.fi> Date: Thu, 25 Aug 2005 14:25:43 +0300 (EEST) Subject: Signature calculation problem From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: My question is relating in public key signature calculation. Chapter 5.2.4 Computing signatures in the RFC2440 says: When a signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length of the key, and then the body of the key packet. What about in the situation when the public key packet length is 256 or smaller in bytes. In that case the length is only 1 octet and the tag is 0x98. Is the octet 0x98 replaced to 0x99 and one length octet (0x00) is inserted between packet tag and length octet to form a two-octet length? Am I right in this? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NL0YdC018484; Tue, 23 Aug 2005 14:00:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NL0YX6018482; Tue, 23 Aug 2005 14:00:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.off.net (off.net [66.96.28.3]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NL0We8018458 for ; Tue, 23 Aug 2005 14:00:33 -0700 (PDT) (envelope-from adam@mail.off.net) Received: by mail.off.net (Postfix, from userid 948) id 5112D77036D; Wed, 24 Aug 2005 01:01:45 -0400 (EDT) Received: by bitchcake.off.net (hashcash-sendmail, from uid 948); Wed, 24 Aug 2005 01:01:41 -0400 Date: Wed, 24 Aug 2005 01:01:36 -0400 From: Adam Back To: Hal Finney Cc: ietf-openpgp@imc.org, mkuusio@surfeu.fi, Adam Back Subject: Re: Secret key signature packet Message-ID: <20050824050136.GA3783@bitchcake.off.net> References: <20050823160632.2627D57EF7@finney.org> <20050823175149.GA10161@bitchcake.off.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823175149.GA10161@bitchcake.off.net> User-Agent: Mutt/1.4.1i X-Hashcash: 1:20:050824:hal@finney.org::yAlkC4lpg4U+EKgF:0DzN X-Hashcash: 1:20:050824:ietf-openpgp@imc.org::1+4Vdizuy/5VIz3e:8MaD X-Hashcash: 1:20:050824:mkuusio@surfeu.fi::YFlwEqRm7SVvn/Ld:4XTR X-Hashcash: 1:20:050824:adam@cypherspace.org::cNsX29IWh4A3LV3G:3wwd Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I wrote: > I am not sure of any attack based on modifying the private key in an > undetectable way... that would generally seem to make invalid > signatures, and inability to decrypt. Actually, let me revise that: I think one could likely mount an attack based on ability to modify _parts of_ the private key. eg with RSA the relation e.d = 1 mod phi(n) would no longer hold and so forth likely leaking parts of the private key. And there was a long time ago some discussion and examples of how one could modify the CFB mode protection that is used for unsigned bulk encryption in PGP (in modes that do not have a MDC). Well lets see if the original poster can explain his use-case. But I think for the above reason it might be interesting in lets say an example where you were to keep your private keyring on a network drive (feeling secure in knowledge you have a good passphrase, or even perhaps a computer generated password that you have written down); the attack then would be that someone could modify the private keyring perhaps adaptively and thereby compute the private key. (Or similar attack private key ring on USB key; but USB key not physically secured, left where attacker can selectively change bits). btw for this use-case I think using the MDC mode for encrytping the private part would be a good step. Might be interesting also to MAC (with key derived from passphrase) any non-encrypted parts of the private (and public) keyrings. Adam Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NIbwhw049121; Tue, 23 Aug 2005 11:37:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NIbwad049120; Tue, 23 Aug 2005 11:37:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [63.240.76.28]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NIbvtE049059 for ; Tue, 23 Aug 2005 11:37:57 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc13) with ESMTP id <2005082318375101300l7aase>; Tue, 23 Aug 2005 18:37:51 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j7NIbv0m021155 for ; Tue, 23 Aug 2005 14:37:57 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j7NIbo0U025423 for ; Tue, 23 Aug 2005 14:37:50 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j7NIbnH7025422 for ietf-openpgp@imc.org; Tue, 23 Aug 2005 14:37:49 -0400 Date: Tue, 23 Aug 2005 14:37:49 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Secret key signature packet Message-ID: <20050823183749.GB25141@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20050823160632.2627D57EF7@finney.org> <20050823175149.GA10161@bitchcake.off.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823175149.GA10161@bitchcake.off.net> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Aug 23, 2005 at 01:51:49PM -0400, Adam Back wrote: > > I might be misunderstanding but I read the original poster to be maybe > hinting at modification detection of the private key ring somehow. > > I am not sure of any attack based on modifying the private key in an > undetectable way... that would generally seem to make invalid > signatures, and inability to decrypt. Could the original poster be thinking of the Klima-Rosa attack and the secret key "s2k 254" SHA-1 protection? David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NHq1B2019688; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NHq1Cj019682; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.off.net (off.net [66.96.28.3]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NHq1rt019663 for ; Tue, 23 Aug 2005 10:52:01 -0700 (PDT) (envelope-from adam@mail.off.net) Received: by mail.off.net (Postfix, from userid 948) id 1B7797702B1; Tue, 23 Aug 2005 13:51:51 -0400 (EDT) Received: by bitchcake.off.net (hashcash-sendmail, from uid 948); Tue, 23 Aug 2005 13:51:49 -0400 Date: Tue, 23 Aug 2005 13:51:49 -0400 From: Adam Back To: Hal Finney Cc: ietf-openpgp@imc.org, mkuusio@surfeu.fi, Adam Back Subject: Re: Secret key signature packet Message-ID: <20050823175149.GA10161@bitchcake.off.net> References: <20050823160632.2627D57EF7@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050823160632.2627D57EF7@finney.org> User-Agent: Mutt/1.4.1i X-Hashcash: 1:20:050823:hal@finney.org::7Dkck9oQshwfygck:1p9m X-Hashcash: 1:20:050823:ietf-openpgp@imc.org::azG3mzG0GIGU+9my:F1g X-Hashcash: 1:20:050823:mkuusio@surfeu.fi::5q2kVXGIFQnU2+yG:1ypa X-Hashcash: 1:20:050823:adam@cypherspace.org::WmF1WjwQ45DvOMIw:439+ Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I might be misunderstanding but I read the original poster to be maybe hinting at modification detection of the private key ring somehow. I am not sure of any attack based on modifying the private key in an undetectable way... that would generally seem to make invalid signatures, and inability to decrypt. On the other hand changing the trust markers, or changing public encryption keys of other parties -- that would seem dangerous. So there would be value in that, tho AFAIK this info is on the public key ring. (Also with some implementations I've noticed they can operate just with the private keyring as the private key is a superset of the public key.) Also the threat model is a bit arguable; if an attacker can modify the keyrings, he could likely also insert a keyboard logger; maybe there is some difference tho if for example the software is kept separate, and there is some risk of attacker modifying the just the data on the keyring storage device. Adam On Tue, Aug 23, 2005 at 09:06:32AM -0700, "Hal Finney" wrote: > > From: > > What is the content of the secret key signature packet? I know that open > > pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA > > s are not included in the signature packet. I assume that the content is: > > > > -Version number (1 octet) > > -Signature type (1 octet) > > -Public key algorithm (1 octet) > > -Hash algorithm (1 octet) > > -Hashed subpackets (n octets) > > -Sub packet (issuer key id 8 octets) > > I'm sorry, I don't know what you mean by a secret key signature packet. > As I noted earlier, we don't sign secret keys. There would be no point > in creating a "signature" packet that was missing the signature fields, > r and s. > > Maybe this will help. OpenPGP implementations usually store the public > keys separately from the secret keys. Traditionally these stores are > called "key rings". The public key ring contains public keys (your > own public key and also those belonging to other people), user ids, and > signatures. The secret key ring contains your own secret keys and their > user ids. There is no need for signature packets on the secret key ring. > If there are any signature packets there, they will be signatures over > just the public key portion of the secret key packets. They are not > secret key signatures, there is no such thing. > > Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NGuqnY085469; Tue, 23 Aug 2005 09:56:52 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NGuqmH085468; Tue, 23 Aug 2005 09:56:52 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NGunVs085431 for ; Tue, 23 Aug 2005 09:56:49 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 2627D57EF7; Tue, 23 Aug 2005 09:06:32 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Secret key signature packet Message-Id: <20050823160632.2627D57EF7@finney.org> Date: Tue, 23 Aug 2005 09:06:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: From: > What is the content of the secret key signature packet? I know that open > pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA > s are not included in the signature packet. I assume that the content is: > > -Version number (1 octet) > -Signature type (1 octet) > -Public key algorithm (1 octet) > -Hash algorithm (1 octet) > -Hashed subpackets (n octets) > -Sub packet (issuer key id 8 octets) I'm sorry, I don't know what you mean by a secret key signature packet. As I noted earlier, we don't sign secret keys. There would be no point in creating a "signature" packet that was missing the signature fields, r and s. Maybe this will help. OpenPGP implementations usually store the public keys separately from the secret keys. Traditionally these stores are called "key rings". The public key ring contains public keys (your own public key and also those belonging to other people), user ids, and signatures. The secret key ring contains your own secret keys and their user ids. There is no need for signature packets on the secret key ring. If there are any signature packets there, they will be signatures over just the public key portion of the secret key packets. They are not secret key signatures, there is no such thing. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NB2PE7044708; Tue, 23 Aug 2005 04:02:25 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7NB2PvE044706; Tue, 23 Aug 2005 04:02:25 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7NB2Nnb044605 for ; Tue, 23 Aug 2005 04:02:24 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 151390580 for ietf-openpgp@imc.org; Tue, 23 Aug 2005 14:02:17 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Tue, 23 Aug 2005 14:02:17 +0300 (EEST) Message-ID: <26831.193.210.155.190.1124794937.squirrel@webmail.tiscali.fi> Date: Tue, 23 Aug 2005 14:02:17 +0300 (EEST) Subject: Secret key signature packet From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: What is the content of the secret key signature packet? I know that open pgp doesn`t support secret key signing so hash left 2 bytes, DSA r and DSA s are not included in the signature packet. I assume that the content is: -Version number (1 octet) -Signature type (1 octet) -Public key algorithm (1 octet) -Hash algorithm (1 octet) -Hashed subpackets (n octets) -Sub packet (issuer key id 8 octets) Is this right? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7HDGUD6031719; Wed, 17 Aug 2005 06:16:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7HDGU66031718; Wed, 17 Aug 2005 06:16:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7HDGSxh031683 for ; Wed, 17 Aug 2005 06:16:29 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 8353133C1B; Wed, 17 Aug 2005 14:16:25 +0100 (BST) Message-ID: <430338AB.8040509@algroup.co.uk> Date: Wed, 17 Aug 2005 14:16:27 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050816215032.E93C357EF5@finney.org> In-Reply-To: <20050816215032.E93C357EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: >>Hal Finney wrote: >> >>>Krawczyk's paper is about combining MAC and symmetric encryption. >>>That's not what OpenPGP does. We don't do MACs. >> >>Actually, the only point of the MAC is to tell whether decryption >>succeeded. Signatures do the same job. > > > I have to apologize to Ben, he's right about this. I went back and > re-read Krawczyk's paper and it does apply to signatures as well as > MACs. Thankyou. > However, the actual result is somewhat different from what is often > stated, which is that MAC-then-encrypt is potentially insecure. What he > actually shows is that encryption that is secure against passive attacks > (like chosen plaintext) is not necessarily secure against active attacks > (like altering the ciphertext en route), and that this is not prevented > by MAC-ing the data before encrypting. As Ben points out, it is also > not prevented by signing the data before encrypting. > > In fact, nothing you do to the data before encrypting can prevent > the attack Krawczyk shows, because he assumes certain properties of > the decryption engine which cause it to abort before it even tries to > process the decrypted data. Although Krawczyk suggests that "in a sense" > the MAC can make things worse, in fact his attack never calls the MAC > (nor would it verify a signature). He corrupts the data en route such > that the decryption engine barfs on it, so the plaintext never gets > processed at the receiving end. The attacker is assumed to be able to > notice this response, which leaks information about the plaintext. So, a MAC/signature _can_ help, if the failure is visible to the attacker. > Krawczyk basically shows that you can't use an encryption function which > is really weak against active attacks, and then assume that an inner > signature or MAC will save you. If the encryption function is bad enough, > there is nothing you can do if you are going to wait until you decrypt. > The only solution is to check integrity before beginning decryption. > > The bottom line is that at some level we do need to assume that our > encryption functions do not have the horrible properties that Krawczyk > had to assume in order to make his construction go through. This was my point about not being clear what the actual limits for those properties are. I guess he requires, at least, a function where its possible to change the ciphertext without changing the plaintext. This is not a property of any cipher I'd be likely to use. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GMfIGf004367; Tue, 16 Aug 2005 15:41:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7GMfIi1004366; Tue, 16 Aug 2005 15:41:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GMfF8m004360 for ; Tue, 16 Aug 2005 15:41:17 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id E93C357EF5; Tue, 16 Aug 2005 14:50:32 -0700 (PDT) To: ben@algroup.co.uk, hal@finney.org Subject: Re: Encrypt then sign insecure? Cc: ietf-openpgp@imc.org Message-Id: <20050816215032.E93C357EF5@finney.org> Date: Tue, 16 Aug 2005 14:50:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > Hal Finney wrote: > > Krawczyk's paper is about combining MAC and symmetric encryption. > > That's not what OpenPGP does. We don't do MACs. > > Actually, the only point of the MAC is to tell whether decryption > succeeded. Signatures do the same job. I have to apologize to Ben, he's right about this. I went back and re-read Krawczyk's paper and it does apply to signatures as well as MACs. However, the actual result is somewhat different from what is often stated, which is that MAC-then-encrypt is potentially insecure. What he actually shows is that encryption that is secure against passive attacks (like chosen plaintext) is not necessarily secure against active attacks (like altering the ciphertext en route), and that this is not prevented by MAC-ing the data before encrypting. As Ben points out, it is also not prevented by signing the data before encrypting. In fact, nothing you do to the data before encrypting can prevent the attack Krawczyk shows, because he assumes certain properties of the decryption engine which cause it to abort before it even tries to process the decrypted data. Although Krawczyk suggests that "in a sense" the MAC can make things worse, in fact his attack never calls the MAC (nor would it verify a signature). He corrupts the data en route such that the decryption engine barfs on it, so the plaintext never gets processed at the receiving end. The attacker is assumed to be able to notice this response, which leaks information about the plaintext. Krawczyk basically shows that you can't use an encryption function which is really weak against active attacks, and then assume that an inner signature or MAC will save you. If the encryption function is bad enough, there is nothing you can do if you are going to wait until you decrypt. The only solution is to check integrity before beginning decryption. The bottom line is that at some level we do need to assume that our encryption functions do not have the horrible properties that Krawczyk had to assume in order to make his construction go through. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GA7fvL073749; Tue, 16 Aug 2005 03:07:41 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7GA7f3S073748; Tue, 16 Aug 2005 03:07:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7GA7cm1073713 for ; Tue, 16 Aug 2005 03:07:38 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id E3D0E33C1A; Tue, 16 Aug 2005 11:07:36 +0100 (BST) Message-ID: <4301BAEA.1080509@algroup.co.uk> Date: Tue, 16 Aug 2005 11:07:38 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050816034724.29FDD57EF5@finney.org> In-Reply-To: <20050816034724.29FDD57EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: > Ben Laurie wrote: > >>Hal Finney wrote: >> >>>This paper doesn't apply to systems like OpenPGP which compose public >>>key signatures with public key encryption. Rather, it investigates the >>>composition of symmetric encryption (e.g. AES) with MAC. >> >>... >>This does not seem to me to be true. OpenPGP uses symmetric encryption >>under the hood, and signs the plaintext rather than the ciphertext. All >>that is needed is an oracle which will say whether the signature is >>correct or not. > > > Krawczyk's paper is about combining MAC and symmetric encryption. > That's not what OpenPGP does. We don't do MACs. Actually, the only point of the MAC is to tell whether decryption succeeded. Signatures do the same job. >>Furthermore, OpenPGP does not use CBC, so the security proof from the >>paper doesn't help. > > That's true, but the point is that the paper is not about systems like > OpenPGP at all. Yes it is. The required properties are: a) encryption and b) the possibility to detect errors in the plaintext. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G5pKpI075057; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G5pKs8075055; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G5pKXM074975 for ; Mon, 15 Aug 2005 22:51:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d8e7.dip.t-dialin.net ([84.179.216.231] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4uLy-0006A2-00 for ; Tue, 16 Aug 2005 07:51:14 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Tue, 16 Aug 2005 07:50:55 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <200508150750.29627@zaphod.konrad.silmor.de> <4300606A.1080701@algroup.co.uk> In-Reply-To: <4300606A.1080701@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2879028.Mq6ueB6cKK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508160750.58672@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart2879028.Mq6ueB6cKK Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 15 August 2005 11:29, Ben Laurie wrote: > Konrad Rosenbaum wrote: > > On the other hand: not signing weakens the receivers trust into the > > sender. Just as an example: I can't be sure that your advise to not use > > signatures comes from a knowledgable OpenPGP expert, it could as well > > come from a spammer lobbying against the use of crypto because it harms > > his business model. > > True enough, but the argument should stand no matter who I am. > > If you want to protect against spam using signatures there are other > ways to do it that don't involve signing the content. Hmm, bad example. I do not want to protect myself agains spam using=20 signatures (bayes filters are far more useful in that area), I want to=20 protect myself against impostors claiming to be trustworthy people and fool= =20 me into doing something stupid. Konrad --nextPart2879028.Mq6ueB6cKK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDAX7CClt766LaIH0RAurKAJ0TYfVBu/spO1toyw4Hw0Y2LNCHagCfU77U euAP2c6u0Bof25QrIDUoSJA= =/YxA -----END PGP SIGNATURE----- --nextPart2879028.Mq6ueB6cKK-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c9oY048510; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4c9og048509; Mon, 15 Aug 2005 21:38:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4c8gS048502 for ; Mon, 15 Aug 2005 21:38:08 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 29FDD57EF5; Mon, 15 Aug 2005 20:47:24 -0700 (PDT) To: ben@algroup.co.uk, hal@finney.org Subject: Re: Encrypt then sign insecure? Cc: ietf-openpgp@imc.org Message-Id: <20050816034724.29FDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:47:24 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > Hal Finney wrote: > > This paper doesn't apply to systems like OpenPGP which compose public > > key signatures with public key encryption. Rather, it investigates the > > composition of symmetric encryption (e.g. AES) with MAC. > ... > This does not seem to me to be true. OpenPGP uses symmetric encryption > under the hood, and signs the plaintext rather than the ciphertext. All > that is needed is an oracle which will say whether the signature is > correct or not. Krawczyk's paper is about combining MAC and symmetric encryption. That's not what OpenPGP does. We don't do MACs. > Furthermore, OpenPGP does not use CBC, so the security proof from the > paper doesn't help. That's true, but the point is that the paper is not about systems like OpenPGP at all. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z4Ke048171; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7G4Z4wi048170; Mon, 15 Aug 2005 21:35:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7G4Z3cA048163 for ; Mon, 15 Aug 2005 21:35:03 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id C7EDD57EF5; Mon, 15 Aug 2005 20:44:17 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Calculating signature over private key Message-Id: <20050816034417.C7EDD57EF5@finney.org> Date: Mon, 15 Aug 2005 20:44:17 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: writes: > I am calculating a signature over private keypair. How the data to be > signed differs from the public key? Are the fields: Salt, Initial vector, > Coded count, encrypted dsa x, encrypted sha1 hash (20 octets) included to > the signed data? Can someone clarify this? OpenPGP does not support the notion of calculating a signature over a private keypair. Generally a signature is done on a public key as part of a certification of that key that will be publicly available. Signing a private key would not be useful because the private key material is normally not shared with others, so signature verification would be impossible. Hal Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FF4uks077883; Mon, 15 Aug 2005 08:04:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7FF4udM077882; Mon, 15 Aug 2005 08:04:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FF4sx1077875 for ; Mon, 15 Aug 2005 08:04:55 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 150700473 for ietf-openpgp@imc.org; Mon, 15 Aug 2005 18:04:49 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Mon, 15 Aug 2005 18:04:49 +0300 (EEST) Message-ID: <20699.193.210.155.190.1124118289.squirrel@webmail.tiscali.fi> Date: Mon, 15 Aug 2005 18:04:49 +0300 (EEST) Subject: Calculating signature over private key From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I am calculating a signature over private keypair. How the data to be signed differs from the public key? Are the fields: Salt, Initial vector, Coded count, encrypted dsa x, encrypted sha1 hash (20 octets) included to the signed data? Can someone clarify this? Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FEG89G073221; Mon, 15 Aug 2005 07:16:08 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7FEG8tD073220; Mon, 15 Aug 2005 07:16:08 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7FEG6gF073195 for ; Mon, 15 Aug 2005 07:16:07 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2159D33C1A; Mon, 15 Aug 2005 15:16:05 +0100 (BST) Message-ID: <4300A3A6.4020409@algroup.co.uk> Date: Mon, 15 Aug 2005 15:16:06 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org, lpb@ece.cmu.edu Subject: Re: Section 5.2.3 of latest draft: bis14. References: <20050715234725.0293757E8C@finney.org> In-Reply-To: <20050715234725.0293757E8C@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: > Levi Broderick writes: > >>I noticed that the following bullet is missing from the latest draft. >>It used to appear between 'One-octet hash algorithm' and 'Hashed >>subpacket data set' in section 5.2.3. >> >> - Two-octet scalar octet count for following hashed subpacket >> data. Note that this is the length in octets of all of the hashed >> subpackets; a pointer incremented by this number will skip over >> the hashed subpackets. > > > This is definitely an error and needs to be fixed. I believe the idea was to eliminate this and the following instance for unhashed subpacket data sets, since the count is defined there. > A couple of other relatively minor points relating to this section. > > We now use the term "data set" for the hashed and unhashed subpackets: > > - Hashed subpacket data set. (zero or more subpackets) > > - Two-octet scalar octet count for the following unhashed > subpacket data. Note that this is the length in octets of all of > the unhashed subpackets; a pointer incremented by this number > will skip over the unhashed subpackets. > > - Unhashed subpacket data set. (zero or more subpackets) > > "Data set" is defined in the next section, 5.2.3.1: > > A subpacket data set consists of zero or more signature subpackets, > preceded by a two-octet scalar count of the length in octets of all > the subpackets; a pointer incremented by this number will skip over > the subpacket data set. > > This definition could be interpreted to mean that the data set includes > the two-octet scalar count. In fact, in the layout in 5.2.3 the data > set does not include the scalar count. 5.2.3.1 could be reworded to say > "A subpacket data set consists of zero or more signature subpackets, > AND IS preceded by a two-octet scalar count..." There's no penalty for clarity, right? So why not add "Note that the count is the number of bytes to skip after the count itself has been read", for instance. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hw8P073032; Mon, 15 Aug 2005 02:43:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9hwC7073031; Mon, 15 Aug 2005 02:43:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9huZw073013 for ; Mon, 15 Aug 2005 02:43:57 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id BEE2433C1A; Mon, 15 Aug 2005 10:43:54 +0100 (BST) Message-ID: <430063DB.7070001@algroup.co.uk> Date: Mon, 15 Aug 2005 10:43:55 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney CC: ietf-openpgp@imc.org Subject: Re: Encrypt then sign insecure? References: <20050814163614.F273E57EF5@finney.org> In-Reply-To: <20050814163614.F273E57EF5@finney.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: > I have changed the subject line as this is in regard to Ben's citation > of Hugo Krawczyk's paper on the order of signing and encryption, > http://eprint.iacr.org/2001/045, also published in Crypto 01. > > This paper doesn't apply to systems like OpenPGP which compose public > key signatures with public key encryption. Rather, it investigates the > composition of symmetric encryption (e.g. AES) with MAC. > > Krawczyk shows that it is not always safe to first MAC and then > symmetrically encrypt, even if your MAC is secure and your symmetric > encryption algorithm is secure. He does this by coming up with rather > artificial types of MAC and encryption which are individually secure > but which interact in a bad way when when put together like this. > > Krawczyk also shows some constructions that ARE always safe, including > doing CBC with a secure cipher, then MACing the ciphertext. > > Again, this analysis is not applicable to the PK digital signatures and > hybrid public/private key encryption used in OpenPGP. This does not seem to me to be true. OpenPGP uses symmetric encryption under the hood, and signs the plaintext rather than the ciphertext. All that is needed is an oracle which will say whether the signature is correct or not. Furthermore, OpenPGP does not use CBC, so the security proof from the paper doesn't help. I agree that the paper uses rather an artificial cipher (though the MAC can be any MAC) but it isn't clear to me what the limits of the attack are. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hiT0072944; Mon, 15 Aug 2005 02:43:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9hiA2072943; Mon, 15 Aug 2005 02:43:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9hfIo072900 for ; Mon, 15 Aug 2005 02:43:43 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7F9hUim027276 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 15 Aug 2005 11:43:31 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF5145.2040909@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050815:ietf-openpgp@imc.org::NNLKeTJRuC/J1lWt:6tq0 X-Hashcash: 1:21:050815:dsrbecky@gmail.com::owD2OET1AehqG4/4:9ZMv Date: Mon, 15 Aug 2005 11:43:10 +0200 In-Reply-To: <42FF5145.2040909@gmail.com> (David Srbecky's message of "Sun, 14 Aug 2005 16:12:21 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Simon Josefsson wrote: >> I understand. Implement your scheme and write a draft about it! I >> think your ideas are too far-fetching to be reasonable added to this >> document. There are many details that has to be solved. >> > > Could you please outline a few of these details to be solved? Canonicalization of the content to sign; it is not clear exactly what data should be signed. How to cope with gateway's that modify the message need also be discussed, e.g., you likely will need to use 7-bit MIME to be reasonable sure the message arrive intact. The OpenPGP header is not intended to be security critical or trust-worthy. The point of it was to assist mail clients or mailing list software to be able to provide a better default user experience. Changing that header to embed signature information changes fundamental assumption of what the header should be about, so I'd rather not work on this now. I do encourage you to try to experiment with the idea though. The tag=value structure of the OpenPGP header would allow you to use the same header name, although if you want to support S/MIME signatures in the same header, I think using Signature: may be cleaner. And in general, what the header is called is not that important. Regards, Simon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TE7C067791; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9TEA6067790; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9TDuZ067777 for ; Mon, 15 Aug 2005 02:29:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 69A9633C1A; Mon, 15 Aug 2005 10:29:13 +0100 (BST) Message-ID: <4300606A.1080701@algroup.co.uk> Date: Mon, 15 Aug 2005 10:29:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> <200508150750.29627@zaphod.konrad.silmor.de> In-Reply-To: <200508150750.29627@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Konrad Rosenbaum wrote: > On Sunday 14 August 2005 15:43, Ben Laurie wrote: > >>Signing messages weakens plausible deniability. It may imply some >>standing that is not necessarily intended. These things can harm the >>sender. > > > On the other hand: not signing weakens the receivers trust into the sender. > Just as an example: I can't be sure that your advise to not use signatures > comes from a knowledgable OpenPGP expert, it could as well come from a > spammer lobbying against the use of crypto because it harms his business > model. True enough, but the argument should stand no matter who I am. If you want to protect against spam using signatures there are other ways to do it that don't involve signing the content. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RjgW067269; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F9RjhW067268; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F9RimM067256 for ; Mon, 15 Aug 2005 02:27:45 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6294833C1A; Mon, 15 Aug 2005 10:27:43 +0100 (BST) Message-ID: <43006010.5000809@algroup.co.uk> Date: Mon, 15 Aug 2005 10:27:44 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Konrad Rosenbaum CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <1124037118.15215.19.camel@firenze.zurich.ibm.com> <42FF7286.7020800@algroup.co.uk> <200508150746.05068@zaphod.konrad.silmor.de> In-Reply-To: <200508150746.05068@zaphod.konrad.silmor.de> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Konrad Rosenbaum wrote: > On Sunday 14 August 2005 18:34, Ben Laurie wrote: > >>Indeed - the result is general. The fact that SSL is secure gives no >>comfort for OpenPGP. > > > The abstract also states that using the cipher in CBC is secure. When last I > looked OpenPGP used CBC. Look again, then. OpenPGP uses CFB. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5oo7U069490; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5ooGb069489; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5oneM069440 for ; Sun, 14 Aug 2005 22:50:50 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xrw-00035X-00 for ; Mon, 15 Aug 2005 07:50:44 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Mon, 15 Aug 2005 07:50:28 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> In-Reply-To: <42FF4A8C.3060000@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1763041.dj7BaThLhZ"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150750.29627@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart1763041.dj7BaThLhZ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 14 August 2005 15:43, Ben Laurie wrote: > Signing messages weakens plausible deniability. It may imply some > standing that is not necessarily intended. These things can harm the > sender. On the other hand: not signing weakens the receivers trust into the sender.= =20 Just as an example: I can't be sure that your advise to not use signatures= =20 comes from a knowledgable OpenPGP expert, it could as well come from a=20 spammer lobbying against the use of crypto because it harms his business=20 model. Konrad --nextPart1763041.dj7BaThLhZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDAC0lClt766LaIH0RAhArAJ48OwjtBLZmsJxkbcfaQxVOS4WIkgCgmXoB 2swTsCQNIstfNeN/RrSIpG0= =pNOV -----END PGP SIGNATURE----- --nextPart1763041.dj7BaThLhZ-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5kdJO068020; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5kdcO068019; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5kc1i067981 for ; Sun, 14 Aug 2005 22:46:39 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xnh-00034z-00; Mon, 15 Aug 2005 07:46:22 +0200 From: Konrad Rosenbaum To: Ben Laurie , ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion Date: Mon, 15 Aug 2005 07:46:04 +0200 User-Agent: KMail/1.8 References: <42FA366F.3030103@gmail.com> <1124037118.15215.19.camel@firenze.zurich.ibm.com> <42FF7286.7020800@algroup.co.uk> In-Reply-To: <42FF7286.7020800@algroup.co.uk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4536509.UfVxNzYH4h"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150746.05068@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart4536509.UfVxNzYH4h Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 14 August 2005 18:34, Ben Laurie wrote: > Indeed - the result is general. The fact that SSL is secure gives no > comfort for OpenPGP. The abstract also states that using the cipher in CBC is secure. When last = I=20 looked OpenPGP used CBC. Konrad --nextPart4536509.UfVxNzYH4h Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDACwdClt766LaIH0RAnP9AJ4uBSzWSJfQogl+Ll1DFnQVny1i3gCdGeOr UXcUM709R8ZK+9s1Xcoutmg= =916K -----END PGP SIGNATURE----- --nextPart4536509.UfVxNzYH4h-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5dKx8065427; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7F5dKVX065426; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7F5dJMU065369 for ; Sun, 14 Aug 2005 22:39:20 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from p54b3d159.dip.t-dialin.net ([84.179.209.89] helo=zaphod.local) by p15139323.pureserver.info with asmtp (Exim 3.35 #1 (Debian)) id 1E4Xgn-00034H-00 for ; Mon, 15 Aug 2005 07:39:13 +0200 From: Konrad Rosenbaum To: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending Date: Mon, 15 Aug 2005 07:38:58 +0200 User-Agent: KMail/1.8 References: <42FF665B.4040509@algroup.co.uk> <42FF78AE.2060504@systemics.com> In-Reply-To: <42FF78AE.2060504@systemics.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3033786.ECMKuvl0Cn"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200508150738.58755@zaphod.konrad.silmor.de> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --nextPart3033786.ECMKuvl0Cn Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 14 August 2005 19:00, Ian G wrote: > Ben Laurie wrote: > > On wired networks they are easy for the network admins to mount. The > > practice is sufficiently commonplace that many corps have their own CA > > keys in employees' browsers so they can forge X509 certs. > > Hmmm. Is that the sole reason? Or one of many reasons? > > And how often do they conduct this attack? There are web-proxies on the market which do this in order to be able to=20 track HTTPS connections of employees. This is illegal or at least of=20 doubtful legality in most European countries, so I can't provide you with=20 examples of companies who do this. Konrad --nextPart3033786.ECMKuvl0Cn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBDACpyClt766LaIH0RAn7bAJ9OG/93AV8AUmNekroL7ppNeBW2owCeOB54 7FljMa6CFgv8IJf40kwYawY= =mblj -----END PGP SIGNATURE----- --nextPart3033786.ECMKuvl0Cn-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENk78O017813; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7ENk7YJ017812; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENk71j017806 for ; Sun, 14 Aug 2005 16:46:07 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Sun, 14 Aug 2005 16:46:04 -0700 Received: from [169.231.1.245] ([169.231.1.245]) by keys.merrymeet.com (PGP Universal service); Sun, 14 Aug 2005 16:46:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 14 Aug 2005 16:46:04 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <200508141832.19362@mail.blilly.com> References: <20050814163614.F273E57EF5@finney.org> <200508141832.19362@mail.blilly.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <35c5d151a8251f6b901fdf639e342cae@callas.org> Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Encrypt then sign insecure? Date: Sun, 14 Aug 2005 16:45:53 -0700 To: OpenPGP X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > On Sun August 14 2005 12:36, Hal Finney wrote: >> >> I have changed the subject line as this is in regard to Ben's citation >> of Hugo Krawczyk's paper on the order of signing and encryption, >> http://eprint.iacr.org/2001/045, also published in Crypto 01. >> >> This paper doesn't apply to systems like OpenPGP which compose public >> key signatures with public key encryption. Rather, it investigates >> the >> composition of symmetric encryption (e.g. AES) with MAC. > > The same cannot be said of Davis' analysis of issues in > http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html > > Davis is merely making a mountain out of a molehill. Cryptography cannot protect you from sending a message to a bad actor. Not even things like OTR can [1]. A word to the wise is that you shouldn't sign any message that you would be embarrassed to be made public. Nonetheless, there's definitely a need to have secure messages that aren't signed. That's why we have the MDC construction in OpenPGP, so that you can have a reasonable assurance that a message arrived to you intact. Jon [1] This is not a slam on OTR, which I think is brilliant. It is merely an observation that if you use a full privacy-enabled system like OTR and someone pastes a copy of your conversation into their livejournal, the people who read that transcript will presume it to be accurate. Furthermore, the fact that you used a juicy technology like OTR will make people *more* not less likely to believe it was accurate. This is an observation on human nature. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENHgvr015556; Sun, 14 Aug 2005 16:17:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7ENHgni015555; Sun, 14 Aug 2005 16:17:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7ENHfld015549 for ; Sun, 14 Aug 2005 16:17:41 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Sun, 14 Aug 2005 16:17:40 -0700 Received: from [169.231.1.245] ([169.231.1.245]) by keys.merrymeet.com (PGP Universal service); Sun, 14 Aug 2005 16:17:40 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sun, 14 Aug 2005 16:17:40 -0700 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <42FB94B1.5000008@systemics.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: "The OpenPGP mail and news header" extenssion Date: Sun, 14 Aug 2005 16:17:27 -0700 To: OpenPGP X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 11 Aug 2005, at 11:10 AM, Ian G wrote: > Er, I hope not! There are plenty of reasons to > encrypt-only. Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. > Oh, but Ian, it's my preference that you sign messages you send to me. It's *my* preference that I not sign, as I pretty much agree with you. This is just like my preference that everyone who phones me use caller id, but my preference that I disable it. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EMWZ4A011811; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EMWZu5011810; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ns5.townisp.com (ns5a.townisp.com [216.195.0.140]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EMWYGu011804 for ; Sun, 14 Aug 2005 15:32:35 -0700 (PDT) (envelope-from blilly@erols.com) Received: from mail.blilly.com (dhcp-0-8-a1-c-fa-f7.cpe.townisp.com [216.49.158.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "marty.blilly.com", Issuer "Bruce Lilly" (not verified)) by ns5.townisp.com (Postfix) with ESMTP id 3F574299CD; Sun, 14 Aug 2005 18:32:34 -0400 (EDT) Received: from marty.blilly.com (marty.blilly.com [192.168.99.98] (may be forged)) by mail.blilly.com with ESMTP id j7EMWUEb005937(8.13.1/8.13.1/mail.blilly.com /etc/sendmail.mc.mail 1.26 2005/06/24 20:47:59) (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) ; Sun, 14 Aug 2005 18:32:30 -0400 Received: from marty.blilly.com (localhost [127.0.0.1]) (authenticated (0 bits)) by marty.blilly.com with ESMTP id j7EMWT5N005926(8.13.1/8.13.1/blilly.com submit.mc 1.3 2005/04/08 12:29:31) (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) ; Sun, 14 Aug 2005 18:32:29 -0400 From: Bruce Lilly Reply-To: Bruce Lilly Organization: Bruce Lilly To: "Hal Finney" Subject: Re: Encrypt then sign insecure? Date: Sun, 14 Aug 2005 18:32:17 -0400 User-Agent: KMail/1.8.2 Cc: ietf-openpgp@imc.org References: <20050814163614.F273E57EF5@finney.org> In-Reply-To: <20050814163614.F273E57EF5@finney.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508141832.19362@mail.blilly.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Sun August 14 2005 12:36, Hal Finney wrote: > > I have changed the subject line as this is in regard to Ben's citation > of Hugo Krawczyk's paper on the order of signing and encryption, > http://eprint.iacr.org/2001/045, also published in Crypto 01. > > This paper doesn't apply to systems like OpenPGP which compose public > key signatures with public key encryption. Rather, it investigates the > composition of symmetric encryption (e.g. AES) with MAC. The same cannot be said of Davis' analysis of issues in http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHg9Ok012873; Sun, 14 Aug 2005 10:42:09 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EHg9DH012872; Sun, 14 Aug 2005 10:42:09 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from homer.w3.org (homer.w3.org [128.30.52.30]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHg6RK012865 for ; Sun, 14 Aug 2005 10:42:07 -0700 (PDT) (envelope-from tlr@w3.org) Received: from lavazza.does-not-exist.org (homer.w3.org [128.30.52.30]) by homer.w3.org (Postfix) with ESMTP id CD83D5BA75; Sun, 14 Aug 2005 11:40:20 -0400 (EDT) Received: from roessler by lavazza.does-not-exist.org with local (Exim 4.52) id 1E4Kay-0006FE-79; Sun, 14 Aug 2005 17:40:20 +0200 Date: Sun, 14 Aug 2005 17:40:20 +0200 From: Thomas Roessler To: Ben Laurie Cc: Ian G , David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion Message-ID: <20050814154019.GC18413@lavazza.does-not-exist.org> Mail-Followup-To: Ben Laurie , Ian G , David Srbecky , Simon Josefsson , openpgp References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42FF4AC5.2020301@algroup.co.uk> User-Agent: Mutt/1.5.10i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2005-08-14 14:44:37 +0100, Ben Laurie wrote: > Oh, please, the meaning of signatures is perfectly well defined > in law. More precisely, it is perfectly well defined in any number of laws, in any number of jurisdictions, and with any number of different results. (Just like the term "signature" itself, by the way.) -- Thomas Roessler, W3C Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHR532012022; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EHR51u012021; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EHR5kQ012015 for ; Sun, 14 Aug 2005 10:27:05 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id F273E57EF5; Sun, 14 Aug 2005 09:36:14 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Encrypt then sign insecure? Message-Id: <20050814163614.F273E57EF5@finney.org> Date: Sun, 14 Aug 2005 09:36:14 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have changed the subject line as this is in regard to Ben's citation of Hugo Krawczyk's paper on the order of signing and encryption, http://eprint.iacr.org/2001/045, also published in Crypto 01. This paper doesn't apply to systems like OpenPGP which compose public key signatures with public key encryption. Rather, it investigates the composition of symmetric encryption (e.g. AES) with MAC. Krawczyk shows that it is not always safe to first MAC and then symmetrically encrypt, even if your MAC is secure and your symmetric encryption algorithm is secure. He does this by coming up with rather artificial types of MAC and encryption which are individually secure but which interact in a bad way when when put together like this. Krawczyk also shows some constructions that ARE always safe, including doing CBC with a secure cipher, then MACing the ciphertext. Again, this analysis is not applicable to the PK digital signatures and hybrid public/private key encryption used in OpenPGP. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGuKkv010071; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGuK5Q010070; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGuJLb010064 for ; Sun, 14 Aug 2005 09:56:20 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id B9CBE53225; Sun, 14 Aug 2005 17:56:18 +0100 (BST) Message-ID: <42FF78AE.2060504@systemics.com> Date: Sun, 14 Aug 2005 18:00:30 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: Richard Laager , ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> <42FF665B.4040509@algroup.co.uk> In-Reply-To: <42FF665B.4040509@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > > Richard Laager wrote: > >> I'll admit that MITM attacks are rare and sophisticated,... > > > I wish we could kill this myth that MitM is "rare and sophisticated". On > wireless networks, they are common and trivial. I don't think there is any myth that it is sophisticated or trivial - it gets done many times at conferences of hackers. The claim that is made is that it is expensive. As to whether it is common - the myth is easy to dispel by presenting some facts. Most times I've seen it claimed it has turned out to be something else. Got any? Facts, not claims that is.... It would be an enourmous service to the developers to know how much weight to put on MITM. Right now, theory says none because there is no case history. > On wired networks they are easy for the network admins to mount. The > practice is sufficiently commonplace that many corps have their own CA > keys in employees' browsers so they can forge X509 certs. Hmmm. Is that the sole reason? Or one of many reasons? And how often do they conduct this attack? > Keylogging is a _much_ harder attack to mount. Doesn't seem to slow down the phishers much... iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGYEIQ006516; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGYEQH006515; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGYDGN006508 for ; Sun, 14 Aug 2005 09:34:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2EA5233C1A; Sun, 14 Aug 2005 17:34:13 +0100 (BST) Message-ID: <42FF7286.7020800@algroup.co.uk> Date: Sun, 14 Aug 2005 17:34:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> <42FF68BD.2000103@algroup.co.uk> <1124037118.15215.19.camel@firenze.zurich.ibm.com> In-Reply-To: <1124037118.15215.19.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jeroen Massar wrote: > On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: >> >>>On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: >>> >>> >>>>Jeroen Massar wrote: >>>> >>>> >>>>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: >>>>> >>>>> >>>>> >>>>>>Jeroen Massar wrote: >>>>> >>>>> >>>>> >>>>>>>* sign(encrypt(message)) >>>>> >>>>> >>>>> >>>>>>More importantly, perhaps, Krawczyk has shown that, in general, sign >>>>>>then encrypt is insecure. >>>>> >>>>> >>>>>Which exact paper do you mean? >>>> >>>>http://eprint.iacr.org/2001/045 >>> >>> >>>Which nicely says, already in the abstract btw, "Thus, while we show the >>>generic security of SSL to be broken, the current standard >>>implementations of the protocol that use the above modes of encryption >>>are safe." >> >>Sure. What does this have to do with OpenPGP's security? > > > psst... it was you bringing up that argument about the paper ;) Indeed - the result is general. The fact that SSL is secure gives no comfort for OpenPGP. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGW4rV006347; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EGW4ak006346; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EGW3di006339 for ; Sun, 14 Aug 2005 09:32:04 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 76F827FAD; Sun, 14 Aug 2005 18:32:00 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF68BD.2000103@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> <42FF68BD.2000103@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-l7bRLdaw9zlLEtvSAxe0" Organization: Unfix Date: Sun, 14 Aug 2005 18:31:58 +0200 Message-Id: <1124037118.15215.19.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-l7bRLdaw9zlLEtvSAxe0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 16:52 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > >=20 > >>Jeroen Massar wrote: > >> > >>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >>> > >>> > >>>>Jeroen Massar wrote: > >>> > >>> > >>> > >>>>>* sign(encrypt(message)) > >>> > >>> > >>> > >>>>More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > >>>>then encrypt is insecure. > >>> > >>> > >>>Which exact paper do you mean? > >> > >>http://eprint.iacr.org/2001/045 > >=20 > >=20 > > Which nicely says, already in the abstract btw, "Thus, while we show th= e > > generic security of SSL to be broken, the current standard > > implementations of the protocol that use the above modes of encryption > > are safe." >=20 > Sure. What does this have to do with OpenPGP's security? psst... it was you bringing up that argument about the paper ;) Greets, Jeroen --=-l7bRLdaw9zlLEtvSAxe0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/3H9KaooUjM+fCMRArBlAKC1lIKMc3MfhKGTz6MsEmzy7DtfOQCgl/FW aYQzjDLAMnktpsOTKbtuZsY= =CEbQ -----END PGP SIGNATURE----- --=-l7bRLdaw9zlLEtvSAxe0-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFqTdL003714; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFqT2d003713; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFqS9c003707 for ; Sun, 14 Aug 2005 08:52:29 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6A80D33C1D; Sun, 14 Aug 2005 16:52:28 +0100 (BST) Message-ID: <42FF68BD.2000103@algroup.co.uk> Date: Sun, 14 Aug 2005 16:52:29 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> <1124034305.15215.17.camel@firenze.zurich.ibm.com> In-Reply-To: <1124034305.15215.17.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jeroen Massar wrote: > On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: >> >>>On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: >>> >>> >>>>Jeroen Massar wrote: >>> >>> >>> >>>>>* sign(encrypt(message)) >>> >>> >>> >>>>More importantly, perhaps, Krawczyk has shown that, in general, sign >>>>then encrypt is insecure. >>> >>> >>>Which exact paper do you mean? >> >>http://eprint.iacr.org/2001/045 > > > Which nicely says, already in the abstract btw, "Thus, while we show the > generic security of SSL to be broken, the current standard > implementations of the protocol that use the above modes of encryption > are safe." Sure. What does this have to do with OpenPGP's security? -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFjGUT003364; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFjGfq003363; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFjF5p003357 for ; Sun, 14 Aug 2005 08:45:16 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 78A317FAD; Sun, 14 Aug 2005 17:45:10 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF63AF.7000909@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> <42FF63AF.7000909@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-r7pY+udQXx+apkaFRbHW" Organization: Unfix Date: Sun, 14 Aug 2005 17:45:05 +0200 Message-Id: <1124034305.15215.17.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-r7pY+udQXx+apkaFRbHW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 16:30 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >=20 > >>Jeroen Massar wrote: > >=20 > > > >=20 > >>>* sign(encrypt(message)) > >=20 > > > >=20 > >>More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > >>then encrypt is insecure. > >=20 > >=20 > > Which exact paper do you mean? >=20 > http://eprint.iacr.org/2001/045 Which nicely says, already in the abstract btw, "Thus, while we show the generic security of SSL to be broken, the current standard implementations of the protocol that use the above modes of encryption are safe." Also, to really take care of your worries, one could do: encrypt(sign(encrypt(message)) which gives the same properties I specified before, although with some overhead. It will actually give an additional property that only the receiver is known and nobody else can figure out who send the message. Greets, Jeroen --=-r7pY+udQXx+apkaFRbHW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/2cBKaooUjM+fCMRAkIdAJ9PVjWI9UeZ2Gzut+8sE0uIBjkGmgCeIhNO UvMxjxhxRBv4WojvaaI2FwM= =ai5E -----END PGP SIGNATURE----- --=-r7pY+udQXx+apkaFRbHW-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFgJ7h003078; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFgJ0A003077; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFgInt003070 for ; Sun, 14 Aug 2005 08:42:19 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 712E433C1A; Sun, 14 Aug 2005 16:42:18 +0100 (BST) Message-ID: <42FF665B.4040509@algroup.co.uk> Date: Sun, 14 Aug 2005 16:42:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Laager CC: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> In-Reply-To: <1123863788.19609.9.camel@localhost> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Richard Laager wrote: > I'll admit that MITM attacks are rare and sophisticated, but if you're > not guarding against them, the only take you prevent is casual snooping > on the wire. If you're only going to worry about casual snooping, you > could just as well use rot13 as your "encryption". (Granted, I'm > exaggerating a little, but why bother with something as complex and > secure as OpenPGP to prevent casual snooping.) Your points about > keyloggers, etc. are very valid. I wish we could kill this myth that MitM is "rare and sophisticated". On wireless networks, they are common and trivial. On wired networks they are easy for the network admins to mount. The practice is sufficiently commonplace that many corps have their own CA keys in employees' browsers so they can forge X509 certs. Keylogging is a _much_ harder attack to mount. Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFUtvr002193; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFUtHP002192; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFUsDl002186 for ; Sun, 14 Aug 2005 08:30:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 7494533C1A; Sun, 14 Aug 2005 16:30:54 +0100 (BST) Message-ID: <42FF63AF.7000909@algroup.co.uk> Date: Sun, 14 Aug 2005 16:30:55 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> <1124033193.15215.12.camel@firenze.zurich.ibm.com> In-Reply-To: <1124033193.15215.12.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jeroen Massar wrote: > On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > >>Jeroen Massar wrote: > > > >>>* sign(encrypt(message)) > > > >>More importantly, perhaps, Krawczyk has shown that, in general, sign >>then encrypt is insecure. > > > Which exact paper do you mean? http://eprint.iacr.org/2001/045 > Also note that when you say that that is insecure you are also saying > that either/both the signing and/or the encryption are insecure in which > case the solution to the problem should be sought in a different > place... I have no idea what you mean. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFQg7N002020; Sun, 14 Aug 2005 08:26:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EFQgJ9002019; Sun, 14 Aug 2005 08:26:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EFQfDW002013 for ; Sun, 14 Aug 2005 08:26:41 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id A89578107; Sun, 14 Aug 2005 17:26:36 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: Ben Laurie Cc: ietf-openpgp@imc.org In-Reply-To: <42FF4626.6010909@algroup.co.uk> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> <42FF4626.6010909@algroup.co.uk> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-xVcgsN8SJbUFh/zhWQcX" Organization: Unfix Date: Sun, 14 Aug 2005 17:26:32 +0200 Message-Id: <1124033193.15215.12.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-xVcgsN8SJbUFh/zhWQcX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > Jeroen Massar wrote: > > * sign(encrypt(message)) > More importantly, perhaps, Krawczyk has shown that, in general, sign=20 > then encrypt is insecure. Which exact paper do you mean? Also note that when you say that that is insecure you are also saying that either/both the signing and/or the encryption are insecure in which case the solution to the problem should be sought in a different place... Greets, Jeroen --=-xVcgsN8SJbUFh/zhWQcX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/2KoKaooUjM+fCMRAlhQAKCMsperxdyuCreqFbpZklaH97dDwACfWsys Z61setx9NGlr0fgLmaCpjEI= =yG+b -----END PGP SIGNATURE----- --=-xVcgsN8SJbUFh/zhWQcX-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EErmJ1099574; Sun, 14 Aug 2005 07:53:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EErmcp099573; Sun, 14 Aug 2005 07:53:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EErl0Z099565 for ; Sun, 14 Aug 2005 07:53:48 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C29B133C1A; Sun, 14 Aug 2005 15:53:44 +0100 (BST) Message-ID: <42FF5AF9.20800@algroup.co.uk> Date: Sun, 14 Aug 2005 15:53:45 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: openpgp Subject: Re: The undefined nature of the digital signature References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> <42FF57A4.4060408@algroup.co.uk> <42FF5ABC.7060804@systemics.com> In-Reply-To: <42FF5ABC.7060804@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ian G wrote: > Ben Laurie wrote: > >> Well, in the UK, it is the Law Society's opinion that existing law >> applies equally to digital signatures. > > > Good for them. So does that mean when user > software uses a digsig to ensure message > integrity, it also committed the user to > a contract? No, it means much the same as a written signature - that is, whatever was intended by the two parties, as should be clear from the signed document. > In general, most of the digsig laws tended to > fall back to stating that a digital signature > was not to be rejected as a signature just > because it was in digital form. Others said > something much more complicated, and often > created two disctinct legal regimes for digsigs. > > In all that, there remains a huge difference > in the meaning of any given signature. Most > applications have muffed this issue, often > ascribing in vague terms several distinct > purposes at once to the digsig. That's because signatures _are_ vague. IMO, attempts by techies to make signatures rigorous are misguided. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEmYl7099204; Sun, 14 Aug 2005 07:48:34 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EEmYVo099203; Sun, 14 Aug 2005 07:48:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEmXjF099197 for ; Sun, 14 Aug 2005 07:48:33 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id AC00A531C9; Sun, 14 Aug 2005 15:48:32 +0100 (BST) Message-ID: <42FF5ABC.7060804@systemics.com> Date: Sun, 14 Aug 2005 15:52:44 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: openpgp Subject: The undefined nature of the digital signature References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> <42FF57A4.4060408@algroup.co.uk> In-Reply-To: <42FF57A4.4060408@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > Well, in the UK, it is the Law Society's opinion that existing law > applies equally to digital signatures. Good for them. So does that mean when user software uses a digsig to ensure message integrity, it also committed the user to a contract? In general, most of the digsig laws tended to fall back to stating that a digital signature was not to be rejected as a signature just because it was in digital form. Others said something much more complicated, and often created two disctinct legal regimes for digsigs. In all that, there remains a huge difference in the meaning of any given signature. Most applications have muffed this issue, often ascribing in vague terms several distinct purposes at once to the digsig. (OpenPGP has been most wise and ascribes no meaning to it, that I know of, which means it is up to the users to negotiate.) iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEdX8g098147; Sun, 14 Aug 2005 07:39:33 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EEdX1S098146; Sun, 14 Aug 2005 07:39:33 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EEdW9g098140 for ; Sun, 14 Aug 2005 07:39:32 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id F0C1633C1D; Sun, 14 Aug 2005 15:39:31 +0100 (BST) Message-ID: <42FF57A4.4060408@algroup.co.uk> Date: Sun, 14 Aug 2005 15:39:32 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> <42FF4E80.5020603@systemics.com> In-Reply-To: <42FF4E80.5020603@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ian G wrote: > Ben Laurie wrote: > >> Ian G wrote: >> >>> Until someone can define the meaning >>> of a signature, my standard advice is to not sign, >>> which I'd recommend for all email, IM and so forth. >> >> >> >> Oh, please, the meaning of signatures is perfectly well defined in law. > > Sorry I meant digital signatures. Well, in the UK, it is the Law Society's opinion that existing law applies equally to digital signatures. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EECONR095744; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EECOcR095742; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EECO4E095730 for ; Sun, 14 Aug 2005 07:12:24 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 3B6665D40; Sun, 14 Aug 2005 16:12:23 +0200 (CEST) Message-ID: <42FF5145.2040909@gmail.com> Date: Sun, 14 Aug 2005 16:12:21 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig9068C91B33740587D712CE84" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9068C91B33740587D712CE84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > I understand. Implement your scheme and write a draft about it! I > think your ideas are too far-fetching to be reasonable added to this > document. There are many details that has to be solved. > Could you please outline a few of these details to be solved? Thanks, David --------------enig9068C91B33740587D712CE84 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/1FGKLLFgC3GUjoRAv8mAKCUGSCNYsIhSIWrH5aDB34Po1MWqwCguFBq ljpRg6J9C8fpu8jP8TwTtvA= =tTsO -----END PGP SIGNATURE----- --------------enig9068C91B33740587D712CE84-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDvGOH090088; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDvGwK090087; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDvF5w090075 for ; Sun, 14 Aug 2005 06:57:16 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 954725D80; Sun, 14 Aug 2005 15:57:14 +0200 (CEST) Message-ID: <42FF4DB4.4080309@gmail.com> Date: Sun, 14 Aug 2005 15:57:08 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> <42FF4980.3050203@gmail.com> <42FF4A8C.3060000@algroup.co.uk> In-Reply-To: <42FF4A8C.3060000@algroup.co.uk> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigFEB9E5FADEFABAF2CFD656CB" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigFEB9E5FADEFABAF2CFD656CB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Ben Laurie wrote: > Signing messages weakens plausible deniability. It may imply some > standing that is not necessarily intended. These things can harm the > sender. If this is your consern, just ignore the flag and never sign messages, but please, let me tell you that I *prefer* signed messages. David --------------enigFEB9E5FADEFABAF2CFD656CB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/021KLLFgC3GUjoRAqaMAJ9XocrnOii7vXq+hJ+TiFGBX2tSvQCcCfRC qyHAlaAUA0Y7KU39UgHDH8M= =xWzQ -----END PGP SIGNATURE----- --------------enigFEB9E5FADEFABAF2CFD656CB-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDuN61089683; Sun, 14 Aug 2005 06:56:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDuNAj089682; Sun, 14 Aug 2005 06:56:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDuMmg089668 for ; Sun, 14 Aug 2005 06:56:22 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id C288C5CF8C; Sun, 14 Aug 2005 14:56:20 +0100 (BST) Message-ID: <42FF4E80.5020603@systemics.com> Date: Sun, 14 Aug 2005 15:00:32 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FF4AC5.2020301@algroup.co.uk> In-Reply-To: <42FF4AC5.2020301@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > Ian G wrote: > >> Until someone can define the meaning >> of a signature, my standard advice is to not sign, >> which I'd recommend for all email, IM and so forth. > > > Oh, please, the meaning of signatures is perfectly well defined in law. Sorry I meant digital signatures. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDibqX085080; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDibb5085079; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDiaHm085067 for ; Sun, 14 Aug 2005 06:44:37 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6223B33C1A; Sun, 14 Aug 2005 14:44:36 +0100 (BST) Message-ID: <42FF4AC5.2020301@algroup.co.uk> Date: Sun, 14 Aug 2005 14:44:37 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: David Srbecky , Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> In-Reply-To: <42FB94B1.5000008@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ian G wrote: > Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. Oh, please, the meaning of signatures is perfectly well defined in law. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDheBg084732; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDhejd084731; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDhdgJ084720 for ; Sun, 14 Aug 2005 06:43:40 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 66ADF33C1A; Sun, 14 Aug 2005 14:43:39 +0100 (BST) Message-ID: <42FF4A8C.3060000@algroup.co.uk> Date: Sun, 14 Aug 2005 14:43:40 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky CC: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> <42FF4980.3050203@gmail.com> In-Reply-To: <42FF4980.3050203@gmail.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: > Ben Laurie wrote: > >>David Srbecky wrote: >> >> >>>OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign >>> >>>Sender wants to receive signed unencrypted messages. >> >> >>Why would I care whether the sender wants to receive signed messages? > > > You want to be polite and help to enhance the security. > > >>Surely its all about whether I want to sign my messages? His preference >>is irrelevant, > > > Using preference=sign he explicitly expresses that he *wants* to receive > signed messages. For example some people do not sign messages to > maillist, but if the maillist sends you preference=sign, it means that > it really *wants* signed messages. > >>he can check the signature or not as he pleases. > > How can he do that if you do not sign the message? > > The same holds for preference=encrypt. A preference for encrypted messages is a different thing, it doesn't harm the sender of the message in any way. Signing messages weakens plausible deniability. It may imply some standing that is not necessarily intended. These things can harm the sender. Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDdNZ0082898; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDdNA8082897; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDdMgg082885 for ; Sun, 14 Aug 2005 06:39:23 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 77EF65D09; Sun, 14 Aug 2005 15:39:16 +0200 (CEST) Message-ID: <42FF4980.3050203@gmail.com> Date: Sun, 14 Aug 2005 15:39:12 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: ietf-openpgp@imc.org Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FF44AF.3050502@algroup.co.uk> In-Reply-To: <42FF44AF.3050502@algroup.co.uk> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC47F4C96962E0B3469E8841A" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC47F4C96962E0B3469E8841A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Ben Laurie wrote: > David Srbecky wrote: > >> OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign >> >> Sender wants to receive signed unencrypted messages. > > > Why would I care whether the sender wants to receive signed messages? You want to be polite and help to enhance the security. > Surely its all about whether I want to sign my messages? His preference > is irrelevant, Using preference=sign he explicitly expresses that he *wants* to receive signed messages. For example some people do not sign messages to maillist, but if the maillist sends you preference=sign, it means that it really *wants* signed messages. > he can check the signature or not as he pleases. How can he do that if you do not sign the message? The same holds for preference=encrypt. David --------------enigC47F4C96962E0B3469E8841A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC/0mEKLLFgC3GUjoRAknjAJoDkgzabJ05y2kTcIuISyZ18Skc9QCgn6mF e8h+CgLzi24bfXS5or4pHJ0= =3sC2 -----END PGP SIGNATURE----- --------------enigC47F4C96962E0B3469E8841A-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDOuSG077561; Sun, 14 Aug 2005 06:24:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDOuVo077560; Sun, 14 Aug 2005 06:24:56 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDOtkq077546 for ; Sun, 14 Aug 2005 06:24:55 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 1CFE933C1E; Sun, 14 Aug 2005 14:24:54 +0100 (BST) Message-ID: <42FF4626.6010909@algroup.co.uk> Date: Sun, 14 Aug 2005 14:24:54 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeroen Massar CC: David Srbecky , ietf-openpgp@imc.org, jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> <1123839508.7305.13.camel@firenze.zurich.ibm.com> In-Reply-To: <1123839508.7305.13.camel@firenze.zurich.ibm.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jeroen Massar wrote: > On Thu, 2005-08-11 at 20:17 +0200, David Srbecky wrote: > > >>Out of curiosity, is there any difference between >>preference=sign,encrypt and preference=encrypt,sign ? I mean, does the >>order matter? Can you both sign encrypted message and encrypt signed >>message? (Where the later means that you can not verify signature until >>you decrypt the message) > > > * encrypt(sign(message)) > > The receiver is the only one being able to read it and knows it comes > from you. > > > * sign(encrypt(message)) > > This allows one to send a message, encrypted to another person, that > person sees you send it, because of the signature, and that person can > only read it, because of the crypt. > > Advantage here for privacy freaks: the receiver can never prove that the > received message (cleartext) was sent by you. The person can only show > the encrypted form, which doesn't tell a thing, unless that person shows > in public that the person decrypts it, which nicely shows everybody that > that person is telling some secret from you to the world. Of course if > that person doesn't care about the latter then you are still stuffed, > nothing to repudiate. More importantly, perhaps, Krawczyk has shown that, in general, sign then encrypt is insecure. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDIhWB075212; Sun, 14 Aug 2005 06:18:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7EDIhfW075211; Sun, 14 Aug 2005 06:18:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7EDIfHH075187 for ; Sun, 14 Aug 2005 06:18:42 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 781C633C1A; Sun, 14 Aug 2005 14:18:38 +0100 (BST) Message-ID: <42FF44AF.3050502@algroup.co.uk> Date: Sun, 14 Aug 2005 14:18:39 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky CC: Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: <42FB8755.40008@gmail.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign > > Sender wants to receive signed unencrypted messages. Why would I care whether the sender wants to receive signed messages? Surely its all about whether I want to sign my messages? His preference is irrelevant, he can check the signature or not as he pleases. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7DGW3kc089883; Sat, 13 Aug 2005 09:32:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7DGW3wY089882; Sat, 13 Aug 2005 09:32:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7DGW2UO089876 for ; Sat, 13 Aug 2005 09:32:02 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Sat, 13 Aug 2005 09:31:59 -0700 Received: from [192.168.1.11] ([24.53.94.200]) by keys.merrymeet.com (PGP Universal service); Sat, 13 Aug 2005 09:31:58 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Sat, 13 Aug 2005 09:31:58 -0700 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <205017746c17d274312cbcc628ec91cf@callas.org> Content-Transfer-Encoding: 7bit Cc: From: Jon Callas Subject: Re: "The OpenPGP mail and news header" extenssion Date: Sat, 13 Aug 2005 09:32:06 -0700 To: "James Scott" X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Aug 2005, at 2:26 PM, James Scott wrote: > You might like to note that the IETF MASS pre-working group is > currently > discussing just such a proposal, called DKIM. This is based on an > amalgam > of Yahoo Domain Keys, and Cisco Identified Internet Mail. > > Refer to http://mipassoc.org/mass/ for further details. > Actually, you should look at , which is the present accurate place. The above will redirect you to the latter, but it's better to go to the latter. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CLR2GT063769; Fri, 12 Aug 2005 14:27:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CLR2Iw063768; Fri, 12 Aug 2005 14:27:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.liverton.net.nz (beryllium.liverton.net.nz [202.160.49.36]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CLR185063720 for ; Fri, 12 Aug 2005 14:27:01 -0700 (PDT) (envelope-from james.scott@liverton.com) Received: from fluorine (Not Verified[172.17.2.9]) by smtp.liverton.net.nz with NetIQ MailMarshal (v5.5.6.7) id ; Sat, 13 Aug 2005 09:24:52 +1200 Received: from mail.liverton.com (Not Verified[192.168.1.1]) by fluorine with NetIQ MailMarshal (v6,0,3,8) id ; Sat, 13 Aug 2005 09:26:53 +1200 Received: from Spooler by mail.liverton.com (Mercury/32 v4.01a) ID MO005EC8; 13 Aug 2005 09:26:54 +1200 Received: from spooler by mail.liverton.com (Mercury/32 v4.01a); 13 Aug 2005 09:26:48 +1200 Received: from LIVE011 (210.48.81.24) by Liverton Mail Server (Mercury/32 v4.01a) with ESMTP ID MG005EC7; 13 Aug 2005 09:26:46 +1200 From: "James Scott" To: Subject: RE: "The OpenPGP mail and news header" extenssion Date: Sat, 13 Aug 2005 09:26:41 +1200 Organization: Liverton Limited MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <~B00000edfd.00016e47.mml.2667484233@latte.josefsson.org> Thread-Index: AcWeu3PfTdxmcvNQSLaG8fRCR2iXzAADKyyw Message-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-SecureMail-Version: 1.0 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Simon Josefsson wrote: > David Srbecky writes: > > > Simon Josefsson wrote: > >> David Srbecky writes: > >>>OpenPGP: id=12345678; > >>> url=http://example.com/key.txt; > >>> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); > >>> version=GnuPG v1.4.1 (MingW32); > >>> comment=Using GnuPG with Thunderbird; > >>> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= > >>> ...[snip] > > I understand. Implement your scheme and write a draft about > it! I think your ideas are too far-fetching to be reasonable > added to this document. There are many details that has to be solved. > You might like to note that the IETF MASS pre-working group is currently discussing just such a proposal, called DKIM. This is based on an amalgam of Yahoo Domain Keys, and Cisco Identified Internet Mail. Refer to http://mipassoc.org/mass/ for further details. James Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CImGIt034968; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CImG7K034967; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CImGDw034961 for ; Fri, 12 Aug 2005 11:48:16 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id DAE495326F for ; Fri, 12 Aug 2005 19:48:14 +0100 (BST) Message-ID: <42FCEFE9.9090807@systemics.com> Date: Fri, 12 Aug 2005 19:52:25 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> <1123863788.19609.9.camel@localhost> In-Reply-To: <1123863788.19609.9.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Richard Laager wrote: > Gaim (please not GAIM) ... I took that one offline, as everyone here knows 'the story.' For the patient, here's a link I came across today on OpenPGP's web of trust. Nice graphs! http://www.cs.uu.nl/people/henkp/henkp/pgp/pathfinder/plot/ And here's today's emailtapping news. The court of appeals reversed a ruling, and said that ISPs could not copy and read emails. Meanwhile a survey found that small firms were failing to copy and escrow emails as instructed. And companies can now bring in massive eavesdropping tech to catch insiders doing bad things. E-mail wiretap case can proceed, court says http://news.com.com/E-mail+wiretap+case+can+proceed,+court+says/2100-1028_3-5829228.html?tag=nefd.top Study Finds Small Securities Firms Still Fail To Comply With SEC E-mail Archiving Regulations http://www.compliancepipeline.com/showArticle.jhtml?articleID=168601153 When E-Mail Isn't Monitored http://itmanagement.earthweb.com/secu/article.php/3526881 iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CGNBc9024233; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7CGNBYZ024232; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from spam1.wiktel.com (spam1.wiktel.com [204.221.145.252]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7CGNAjZ024225 for ; Fri, 12 Aug 2005 09:23:11 -0700 (PDT) (envelope-from rlaager@wiktel.com) Received: from [192.168.1.101] (69-89-193-188.unfiltered.dsl.wiktel.com [69.89.193.188]) (authenticated bits=0) by spam1.wiktel.com (8.13.1/8.13.1) with ESMTP id j7CGN4OL019161 for ; Fri, 12 Aug 2005 11:23:04 -0500 Subject: Re: Applicability of signed messages as proof of sending From: Richard Laager To: ietf-openpgp@imc.org In-Reply-To: <42FC6E4E.4030806@systemics.com> References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> <42FC6E4E.4030806@systemics.com> Content-Type: text/plain Organization: Wikstrom Telecom Internet Date: Fri, 12 Aug 2005 11:23:08 -0500 Message-Id: <1123863788.19609.9.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 (2.2.2-5) Content-Transfer-Encoding: 7bit X-bounce-key: wiktel.com-1;rlaager@wiktel.com;1123863784;geJko+pI3tp6lBy0MehgEI+YE0w; X-Scanned-By: MIMEDefang 2.49 on 204.221.145.252 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Fri, 2005-08-12 at 10:39 +0100, Ian G wrote: > Len Sassaman wrote: > > On Thu, 11 Aug 2005, Ian G wrote: > > Right. I'm one of those people. This does, however, leave one open to MITM > > attacks -- which are probably not that large of a threat in the general > > case, but when dealing with centralized, proprietary IM systems, could > > very well be a realistic problem. (This is why Trillian's SecureIM > > solution fails my sniff test.) > > Right. That's an interesting point. So GAIM > uses AIM which is a proprietary IM system. Now, > if that was all it was, *and* one assumed that > MITM in AIM was a real threat, then this would > be plausible logically, but still weak in terms > of validation. Gaim (please not GAIM) supports a variety of protocols besides AIM, so that does change the threat model a bit. It'd be significantly easier to do a MITM attack on more documented and decentralized protocols. I'll admit that MITM attacks are rare and sophisticated, but if you're not guarding against them, the only take you prevent is casual snooping on the wire. If you're only going to worry about casual snooping, you could just as well use rot13 as your "encryption". (Granted, I'm exaggerating a little, but why bother with something as complex and secure as OpenPGP to prevent casual snooping.) Your points about keyloggers, etc. are very valid. Richard Laager Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9eIkI084486; Fri, 12 Aug 2005 02:40:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C9eItD084485; Fri, 12 Aug 2005 02:40:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from purgatory.unfix.org (postfix@213-136-24-43.adsl.bit.nl [213.136.24.43]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9eGjI084476 for ; Fri, 12 Aug 2005 02:40:17 -0700 (PDT) (envelope-from jeroen@unfix.org) Received: from firenze.zurich.ibm.com (pat.zurich.ibm.com [195.176.20.45]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by purgatory.unfix.org (Postfix) with ESMTP id 5B8669BAE; Fri, 12 Aug 2005 11:40:06 +0200 (CEST) Subject: Re: "The OpenPGP mail and news header" extenssion From: Jeroen Massar To: David Srbecky Cc: ietf-openpgp@imc.org, jas@extundo.com In-Reply-To: <42FB9635.2000702@gmail.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jT5SQ3qhMHNmGSOQlTfn" Organization: Unfix Date: Fri, 12 Aug 2005 11:38:28 +0200 Message-Id: <1123839508.7305.13.camel@firenze.zurich.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-jT5SQ3qhMHNmGSOQlTfn Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2005-08-11 at 20:17 +0200, David Srbecky wrote: > Out of curiosity, is there any difference between=20 > preference=3Dsign,encrypt and preference=3Dencrypt,sign ? I mean, does th= e=20 > order matter? Can you both sign encrypted message and encrypt signed=20 > message? (Where the later means that you can not verify signature until=20 > you decrypt the message) * encrypt(sign(message)) The receiver is the only one being able to read it and knows it comes from you. * sign(encrypt(message)) This allows one to send a message, encrypted to another person, that person sees you send it, because of the signature, and that person can only read it, because of the crypt. Advantage here for privacy freaks: the receiver can never prove that the received message (cleartext) was sent by you. The person can only show the encrypted form, which doesn't tell a thing, unless that person shows in public that the person decrypts it, which nicely shows everybody that that person is telling some secret from you to the world. Of course if that person doesn't care about the latter then you are still stuffed, nothing to repudiate. * encrypt(sign(encrypt(message))) Like sign(encrypt) except that if somebody finds this thing that they can't figure out who the sender is, they can only identify the receiver. Greets, Jeroen --=-jT5SQ3qhMHNmGSOQlTfn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQBC/G4UKaooUjM+fCMRAr4vAKC9mI9HQU6CNEL68Gfa8ycoL/sPJgCfa8LU /INY5buvR77/+IhXVat2ieQ= =h3xn -----END PGP SIGNATURE----- --=-jT5SQ3qhMHNmGSOQlTfn-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9ZJgA084187; Fri, 12 Aug 2005 02:35:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C9ZJwE084186; Fri, 12 Aug 2005 02:35:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C9ZH6B084179 for ; Fri, 12 Aug 2005 02:35:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 714945323B; Fri, 12 Aug 2005 10:35:16 +0100 (BST) Message-ID: <42FC6E4E.4030806@systemics.com> Date: Fri, 12 Aug 2005 10:39:26 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Len Sassaman wrote: > On Thu, 11 Aug 2005, Ian G wrote: (Does anyone want us to take this offline? Just shout...) >>Right but this needs to be integrated into the >>real world. Firstly, what does that signature >>mean? What was it doing there? Because this >>question is unanswered, and I'd say, unanswerable, >>most people (in my experience) don't use signed >>email. They simply encrypt. > > > Right. I'm one of those people. This does, however, leave one open to MITM > attacks -- which are probably not that large of a threat in the general > case, but when dealing with centralized, proprietary IM systems, could > very well be a realistic problem. (This is why Trillian's SecureIM > solution fails my sniff test.) Right. That's an interesting point. So GAIM uses AIM which is a proprietary IM system. Now, if that was all it was, *and* one assumed that MITM in AIM was a real threat, then this would be plausible logically, but still weak in terms of validation. The node threats are well documented: they are the viral and spyware threats on each party's nodes, and the party defection threat (your wife takes you to court, your boss grabs all your messages from others). So even in the face of an attacker who could conduct an MITM at AIM level, he still has better opportunities in keyloggers and so forth on your or your counter party's machine, and he's much more likely to go for an attack he can blame on someone else than to drag in AOL into an active attack. AFAIK, the TLAs will happily insert viruses and keyloggers into your PC, but they won't do an MITM. So why bother to defend against an unvalidated MITM attack and ignore the validated attacks that the user is actually having to deal with? In short, ignore MITM, or slot it later on. Look at what PRZ's new VoIP product does - sets up a chain of hashes. Why? Because he's been thinking about unprotected email and PGP email for the last 15 years, and he can see that MITM, if it exists, is a very very specialised threat that does not effect the 99.99% of the body net. (anyone found any doco on that btw?) >>Secondly, the way court works is that if one >>party tables a message, it's generally accepted >>at face value. In practice, the mere presence >>of the message is its own authentication. > > > Actually, rules of evidence are a lot more complicated, particularly in > criminal proceedings. It's pure speculation on my part to assume a > non-reputable signature on a message would lessen doubt about tampering > when presented to a third party, but I think it's reasonable speculation, > and a problem worth avoiding. Of course. I'm speaking from the small experience of having seen several (digitally) signed documents being presented in a couple of civil forums so it's an empirical observation, and there simply isn't enough experience to deal with this question. But in sum, the digsigs were considered "mostly harmless". At least, whatever view we techies have for digsigs was not matched by the way they were received. One of the reasons is that neither side dared to question the authenticity of a document that was tabled, signed or unsigned. That's because the risk of being shown to be wrong was extraordinarily high, so what tended to happen was that both sides said "they had not seen that document" which shifts the attention to whether the doc was seen by both parties, something that the digsig doesn't cover. >>>OTR allows is users to have strong authentication of encrypted messages >>>without the *additional risk* that normal digital signatures introduce. >> >>Turn it around and ask how important strong >>authentication is? When was the last time you >>needed it in email or IM? I suggest it is something >>that we inherited from some military threat model >>that isn't really relevant to our environment. > > > I can't agree with this, particularly in the IM environment. It would be > trivial for one of the large IM service providers to intercept encrypted, > but unauthenticated traffic through their systems. If you don't trust the > IM service provider, it is essential that you have end-to-end encryption > and authentication. No, this is all based on conjecture. Normal rational users, if they don't trust the IM service provider either switch to another, guard their talk such that it doesn't matter, or use nyms. And, practically speaking, the cost to the IM service provider in challenging that trust is way way higher than any plausible benefit that users could lose if they were MITM'd. It's just not a threat that matters that much, even though it is trivial to show that it is possible. Covering the MITM is as relevent as a bullet-proof pocket protector. Nice for geeks to own, but not a fashion accessory that users are likely to go for. >>brought up in court, Alice might be in a >>strictly worse position. On the one hand, >>she is being dared to lie to the judge, >>and on the other, she's been seen to use a >>tool that has a sole advantage of repudiation. > > > I'd hardly say that OTR's sole advantage is repudiation. Transparent > encryption, perfect forward secrecy, Those are very valuable. > and a quickly growing user-base are > also significant advantages. OTR is a privacy tool. Avoiding the > non-repudiation trap is a form of privacy. > > Simply put, users shouldn't be forced to make non-repudiatable attestations > in order to achieve privacy for their communications. No, this is to assume that dig sigs are indeed non-repudiable attestations. It's very easy to repudiate a digital signature. You just say you are using some proxy tool and you have no idea what it does. The non-repudiable digsig is a mistake by the crypto community, best off being totally expunged from the language. Don't try and repair such a badly broken tool, remove it from the toolbox and throw it away. It's complications like these that mean that we recommend that you should never sign using digsigs unless you know what it means. And also why the protocols have moved over to using secure MACs, as they don't carry the same stigma as having any meaning outside the protocol. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C7ZGBg057374; Fri, 12 Aug 2005 00:35:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7C7ZGGN057373; Fri, 12 Aug 2005 00:35:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7C7ZE8i057352 for ; Fri, 12 Aug 2005 00:35:15 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 5747B531C3; Fri, 12 Aug 2005 08:35:13 +0100 (BST) Message-ID: <42FC522A.5060703@systemics.com> Date: Fri, 12 Aug 2005 08:39:22 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: ietf-openpgp@imc.org, jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> <42FB9635.2000702@gmail.com> In-Reply-To: <42FB9635.2000702@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: > I take it as that you advice to include preference=sign,encrypt Yes, that would be better. > Out of curiosity, is there any difference between > preference=sign,encrypt and preference=encrypt,sign ? I mean, does the > order matter? Can you both sign encrypted message and encrypt signed > message? (Where the later means that you can not verify signature until > you decrypt the message) The order does matter, but in OpenPGP (IIRC) there is only sign-then-encrypt. Other systems offer different orders. Another possibility is that there are two forms of signature - being cleartext and binary. These two are certainly subject to preferences so you might want to include them some how. Then there is the issue of format for delivery, which would be either of ascii-armored, binary attachment, or pgp/mime. (out of those, my setting would be encrypt,ascii). Some or all of these may be expressed in the preferences in the keys themselves in some sense. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BLu4Ij017735; Thu, 11 Aug 2005 14:56:04 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BLu4bu017734; Thu, 11 Aug 2005 14:56:04 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BLu1oY017727 for ; Thu, 11 Aug 2005 14:56:02 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 7BEF15D3D; Thu, 11 Aug 2005 23:56:00 +0200 (CEST) Message-ID: <42FBC96F.7040806@gmail.com> Date: Thu, 11 Aug 2005 23:55:59 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Simon Josefsson Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig1C1A54B93FC265A366DAB143" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1C1A54B93FC265A366DAB143 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > > I understand. Implement your scheme and write a draft about it! I > think your ideas are too far-fetching to be reasonable added to this > document. There are many details that has to be solved. > This is something I hoped to be helped with. I think I lack the required language skill, background knowledge and experience to write a standard. Do you want to help? Please!!! > The discussion here made me realize there may be merit with all three > variants. > Three or maybe even four, five? I was trying to decide whether to use preference=sign,encrypt or preference=encrypt,sign and I realized that they may be different. You can: - sign and then encrypt - in which case only the recipient can verify signature after decryption - encrypt and then sign - in which case anyone can verify the signature before decryption, but no-one after decryption - sign, encrypt and then sign again - in which case anyone can verify signature before decryption and also the recipient can verify signature after decryption (in case someone likes to store decrypted messages) Is that correct? Anyway, I vote to use preference=encrypt,sign and ignore the rest. At least for the moment. >>On the other hand, preference=insecure means that user does *not* want >>to receive any signed or encrypted messages. I would imagine that many >>maillists will use this option to keep their messages clean. > > I'm not sure this is a good idea. The OpenPGP header is not protected > in any way. If someone inject a 'OpenPGP: preference=insecure' and > that caused MUAs to avoid a default behavior of signing/encrypting > messages, that would be a security problem. > You are absolutely correct - it is really difficult issue. In other words, preference should increase security, but never decrease. I think it is possible to do just fine without preference=insecure. For example, MUA can set the default (minimal) security based on that whether recipients email address is on keyserver. If yes, sign by default. If no, send insecure message by default. This way, everyone with public key will get at least signed message and others (including maillists) will get signed messages only if they wish. Still, the best solution is to complement the preference with attributes stored in public key. Thanks, David --------------enig1C1A54B93FC265A366DAB143 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+8lvKLLFgC3GUjoRAhHYAJ0fb7HObOsu2ioALTuUWwzuqL+VcwCfQe2L DwGTeYwwu7oz0vyi5LYSkOs= =MCX4 -----END PGP SIGNATURE----- --------------enig1C1A54B93FC265A366DAB143-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BK0ZJP009727; Thu, 11 Aug 2005 13:00:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BK0ZsH009726; Thu, 11 Aug 2005 13:00:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BK0WjF009719 for ; Thu, 11 Aug 2005 13:00:33 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7BK0Ewn018145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Aug 2005 22:00:16 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050811:dsrbecky@gmail.com::G1GgC+jgFsOWaHsm:1nLp X-Hashcash: 1:21:050811:ietf-openpgp@imc.org::c8meAWOeuICcclCW:DG6f Date: Thu, 11 Aug 2005 21:59:55 +0200 In-Reply-To: <42FB8755.40008@gmail.com> (David Srbecky's message of "Thu, 11 Aug 2005 19:13:57 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Simon Josefsson wrote: >> David Srbecky writes: >>>OpenPGP: id=12345678; >>> url=http://example.com/key.txt; >>> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); >>> version=GnuPG v1.4.1 (MingW32); >>> comment=Using GnuPG with Thunderbird; >>> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= >>> >>> 'version', 'comment' and 'signature' are taken from the >>> "signature.asc" file and are intended to replace it. >> That is an interesting idea, and it does have some nice properties. >> However, I'm not sure the OpenPGP community will be helped by having >> yet another way of sending signed messages. We have effectively three >> different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid >> scheme.) If you are complaining about of lack of implementation >> support now, I doubt things won't be better with a fourth variant.... >> > I am not complaining about of lack of implementation. There are always > going to be people with old or incompatible clients - even if the > implementation involved only a minor change of a single line code! What > I want is to use secure e-mail and not to bother anyone, at all - even > for the cost that only a few people will be able to verify my signature. > Such standard does not exist yet and so I suggest one :-) I understand. Implement your scheme and write a draft about it! I think your ideas are too far-fetching to be reasonable added to this document. There are many details that has to be solved. >>> I would also add preferred field, which could take values >>> insecure', 'signed', 'encrypted' and 'signed,encrypted'. >> I'm not sure a "signencrypt" value is useful. Thoughts? > > It makes it complete, but I agree with you. I do not see a reason why > someone would like to receive encrypted unsigned message. Thus, I would > assume that preference=encrypt also means that recipient wants to > receive messages signed. The discussion here made me realize there may be merit with all three variants. >> I don't think a "insecure" value is useful; if the preference token is >> absent, that would mean the same as insecure. > > Not necessarily. Absence of preference token means that sender does not > support preference token or intentionally has not expressed any preference. > > On the other hand, preference=insecure means that user does *not* want > to receive any signed or encrypted messages. I would imagine that many > maillists will use this option to keep their messages clean. I'm not sure this is a good idea. The OpenPGP header is not protected in any way. If someone inject a 'OpenPGP: preference=insecure' and that caused MUAs to avoid a default behavior of signing/encrypting messages, that would be a security problem. > Maybe we can rename preference=insecure to something better. Ideas? I'm not sure the problem is in the name, it is in the semantics. A preference token should not enable downgrade attacks. > To sum it up: > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt > > Sender does not support preference token or has not expressed any > preference. You must decide whether to sign/encrypt message. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=insecure > > Sender does *not* want to the receive any signed or encrypted messages. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign > > Sender wants to receive signed unencrypted messages. > > OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt > > Sender wants to receive signed encrypted messages. Makes sense in theory, but I'm worried that the 'insecure' preference will be incorrectly implemented, and that it would allow downgrade attacks. But if you make a good argument, you'll convince me otherwise. Thanks, Simon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BJ661m003277; Thu, 11 Aug 2005 12:06:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BJ66HN003276; Thu, 11 Aug 2005 12:06:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BJ64TD003267 for ; Thu, 11 Aug 2005 12:06:05 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 862D54501A; Thu, 11 Aug 2005 12:06:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 5431248024; Thu, 11 Aug 2005 12:06:00 -0700 (PDT) Date: Thu, 11 Aug 2005 12:06:00 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian G Cc: ietf-openpgp@imc.org Subject: Re: Applicability of signed messages as proof of sending In-Reply-To: <42FB9443.10200@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> <42FB9443.10200@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 11 Aug 2005, Ian G wrote: > Right but this needs to be integrated into the > real world. Firstly, what does that signature > mean? What was it doing there? Because this > question is unanswered, and I'd say, unanswerable, > most people (in my experience) don't use signed > email. They simply encrypt. Right. I'm one of those people. This does, however, leave one open to MITM attacks -- which are probably not that large of a threat in the general case, but when dealing with centralized, proprietary IM systems, could very well be a realistic problem. (This is why Trillian's SecureIM solution fails my sniff test.) > Secondly, the way court works is that if one > party tables a message, it's generally accepted > at face value. In practice, the mere presence > of the message is its own authentication. Actually, rules of evidence are a lot more complicated, particularly in criminal proceedings. It's pure speculation on my part to assume a non-reputable signature on a message would lessen doubt about tampering when presented to a third party, but I think it's reasonable speculation, and a problem worth avoiding. > > OTR allows is users to have strong authentication of encrypted messages > > without the *additional risk* that normal digital signatures introduce. > > Turn it around and ask how important strong > authentication is? When was the last time you > needed it in email or IM? I suggest it is something > that we inherited from some military threat model > that isn't really relevant to our environment. I can't agree with this, particularly in the IM environment. It would be trivial for one of the large IM service providers to intercept encrypted, but unauthenticated traffic through their systems. If you don't trust the IM service provider, it is essential that you have end-to-end encryption and authentication. > brought up in court, Alice might be in a > strictly worse position. On the one hand, > she is being dared to lie to the judge, > and on the other, she's been seen to use a > tool that has a sole advantage of repudiation. I'd hardly say that OTR's sole advantage is repudiation. Transparent encryption, perfect forward secrecy, and a quickly growing user-base are also significant advantages. OTR is a privacy tool. Avoiding the non-repudiation trap is a form of privacy. Simply put, users shouldn't be forced to make non-repudiatable attestations in order to achieve privacy for their communications. --Len. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIHTSe099633; Thu, 11 Aug 2005 11:17:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BIHTpo099632; Thu, 11 Aug 2005 11:17:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIHSea099626 for ; Thu, 11 Aug 2005 11:17:28 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 022235D3B; Thu, 11 Aug 2005 20:17:26 +0200 (CEST) Message-ID: <42FB9635.2000702@gmail.com> Date: Thu, 11 Aug 2005 20:17:25 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org Cc: jas@extundo.com Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> <42FB94B1.5000008@systemics.com> In-Reply-To: <42FB94B1.5000008@systemics.com> X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig442891C5D0EF41ECF9DA8B29" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig442891C5D0EF41ECF9DA8B29 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Ian G wrote: > David Srbecky wrote: > >>>> I would also add preferred field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. >>> >>> >>> I'm not sure a "signencrypt" value is useful. Thoughts? >> >> >> It makes it complete, but I agree with you. I do not see a reason why someone would like to receive encrypted unsigned message. Thus, I would assume that preference=encrypt also means that recipient wants to receive messages signed. > > > Er, I hope not! There are plenty of reasons to > encrypt-only. Until someone can define the meaning > of a signature, my standard advice is to not sign, > which I'd recommend for all email, IM and so forth. I take it as that you advice to include preference=sign,encrypt Out of curiosity, is there any difference between preference=sign,encrypt and preference=encrypt,sign ? I mean, does the order matter? Can you both sign encrypted message and encrypt signed message? (Where the later means that you can not verify signature until you decrypt the message) David --------------enig442891C5D0EF41ECF9DA8B29 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+5Y2KLLFgC3GUjoRAgnjAJ9BNmktzzrtZCo9OYne6wh8z2pNfwCfQP75 7qKtD55GcRO9D/eKzBJ+tZU= =Pc/X -----END PGP SIGNATURE----- --------------enig442891C5D0EF41ECF9DA8B29-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIFlvw099290; Thu, 11 Aug 2005 11:15:47 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BIFlAM099289; Thu, 11 Aug 2005 11:15:47 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from spam2.wiktel.com (spam2.wiktel.com [204.221.145.253]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BIFk4Q099272 for ; Thu, 11 Aug 2005 11:15:46 -0700 (PDT) (envelope-from rlaager@wiktel.com) Received: from [10.10.0.185] (pepper.wiktel.com [206.9.80.4]) (authenticated bits=0) by spam2.wiktel.com (8.13.1/8.13.1) with ESMTP id j7BIFcBx012133 for ; Thu, 11 Aug 2005 13:15:38 -0500 Subject: Re: "The OpenPGP mail and news header" extenssion From: Richard Laager To: ietf-openpgp@imc.org In-Reply-To: <42FB8755.40008@gmail.com> References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> Content-Type: text/plain Organization: Wikstrom Telecom Internet Date: Thu, 11 Aug 2005 13:15:44 -0500 Message-Id: <1123784144.6120.12.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 (2.2.2-5) Content-Transfer-Encoding: 7bit X-bounce-key: wiktel.com-1;rlaager@wiktel.com;1123784138;cLiFfW+wMi/YF4n9COC1GDJlOpI; X-Scanned-By: MIMEDefang 2.49 on 204.221.145.253 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 2005-08-11 at 19:13 +0200, David Srbecky wrote: > Maybe we can rename preference=insecure to something better. Ideas? Maybe one of these four options: preference={clear,plain}(text)? Richard Laager Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI6mSk097516; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BI6ml8097515; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI6mLW097507 for ; Thu, 11 Aug 2005 11:06:48 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 3CE9D42F08; Thu, 11 Aug 2005 19:06:47 +0100 (BST) Message-ID: <42FB94B1.5000008@systemics.com> Date: Thu, 11 Aug 2005 19:10:57 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: Simon Josefsson , openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> <42FB8755.40008@gmail.com> In-Reply-To: <42FB8755.40008@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: >>> I would also add preferred field, which could take values 'insecure', >>> 'signed', 'encrypted' and 'signed,encrypted'. >> >> >> I'm not sure a "signencrypt" value is useful. Thoughts? > > > It makes it complete, but I agree with you. I do not see a reason why > someone would like to receive encrypted unsigned message. Thus, I would > assume that preference=encrypt also means that recipient wants to > receive messages signed. Er, I hope not! There are plenty of reasons to encrypt-only. Until someone can define the meaning of a signature, my standard advice is to not sign, which I'd recommend for all email, IM and so forth. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI4x3o097430; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BI4x58097429; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BI4wds097423 for ; Thu, 11 Aug 2005 11:04:59 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 5F28F42F08; Thu, 11 Aug 2005 19:04:57 +0100 (BST) Message-ID: <42FB9443.10200@systemics.com> Date: Thu, 11 Aug 2005 19:09:07 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Applicability of signed messages as proof of sending References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Len Sassaman wrote: > On Thu, 11 Aug 2005, Ian G wrote: > > >>That is, OTR only works when it doesn't matter. >> >>This is taking crypto into the real world and not >>realising the real world has an ability to do things >>too. In practice, if any one tried the OTR approach >>in court, they would quite rightly be screwed. >> >>I think we are drifting off the OpenPGP charter >>though. > > > I'll try to bring this back to OpenPGP for a minute. Well, seeing as there is another thread on the relationship of signing to encryption, let's carry on :) > The problem, as I see > it, is that if Alice uses OpenPGP to sign and encrypt his messages, she's > actually facing a worse situation in court than if she hadn't been using > OpenPGP, should the other party turn against her. There now exists > cryptographic signature data to establish, beyond the word of the other > party, that Alice definitively send the messages in question. Right but this needs to be integrated into the real world. Firstly, what does that signature mean? What was it doing there? Because this question is unanswered, and I'd say, unanswerable, most people (in my experience) don't use signed email. They simply encrypt. Secondly, the way court works is that if one party tables a message, it's generally accepted at face value. In practice, the mere presence of the message is its own authentication. Only if the other party were to repudiate it would there be any question and then the notion of digsigs could be brought in. But even then, it is (IMHO) rather unlikely that any opinion would turn on such issues, as courts have their own ways of dealing with such things already. In general practice, people do not lie about documents in court, neither forging documents nor repudiating ones they themselves authored. And this is before any consideration of digsigs or OTR. So while your argument might be logical, it's relevance to actual practice is not clear. > OTR allows is users to have strong authentication of encrypted messages > without the *additional risk* that normal digital signatures introduce. Turn it around and ask how important strong authentication is? When was the last time you needed it in email or IM? I suggest it is something that we inherited from some military threat model that isn't really relevant to our environment. Once that disappears, there isn't really much point in OTR, and you may be better off just sending totally unauthenticated messages. With PFS, if you like. Others disagree of course. > Alice is no better off in the court scenario that you describe, using OTR > vs. not using anything, but this way she can use an encryption system that > doesn't expose her to greater potential danger, should the other party > defect. I fear it is the other way around? As a minor issue, if OTR's claim is that it encourages Alice to repudiate, and that were brought up in court, Alice might be in a strictly worse position. On the one hand, she is being dared to lie to the judge, and on the other, she's been seen to use a tool that has a sole advantage of repudiation. What is she going to do? Lie about the message, but accept the fact that she uses a tool that encourages her to lie about messages? This problem is a really difficult one, and I do like the fact that they attacked the problem. I've been toying with legal ways around this for years and have never yet came across a way that was worth it. I think it's really important to move towards PFS as a standard part of the crypto makup, for this and other reasons. But short of making messages disappear from your machine, I've yet to think of a way to make this happen in a strict p2p environment. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BHE25n092878; Thu, 11 Aug 2005 10:14:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BHE2Sn092877; Thu, 11 Aug 2005 10:14:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BHE0wN092867 for ; Thu, 11 Aug 2005 10:14:00 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 16F975D07; Thu, 11 Aug 2005 19:13:58 +0200 (CEST) Message-ID: <42FB8755.40008@gmail.com> Date: Thu, 11 Aug 2005 19:13:57 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Simon Josefsson Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=234B89FE; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig96FAC7289BABAEC127475F60" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig96FAC7289BABAEC127475F60 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Simon Josefsson wrote: > David Srbecky writes: >>OpenPGP: id=12345678; >> url=http://example.com/key.txt; >> modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); >> version=GnuPG v1.4.1 (MingW32); >> comment=Using GnuPG with Thunderbird; >> signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= >> >>'version', 'comment' and 'signature' are taken from the "signature.asc" >>file and are intended to replace it. > > > That is an interesting idea, and it does have some nice properties. > > However, I'm not sure the OpenPGP community will be helped by having > yet another way of sending signed messages. We have effectively three > different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid > scheme.) If you are complaining about of lack of implementation > support now, I doubt things won't be better with a fourth variant.... > I am not complaining about of lack of implementation. There are always going to be people with old or incompatible clients - even if the implementation involved only a minor change of a single line code! What I want is to use secure e-mail and not to bother anyone, at all - even for the cost that only a few people will be able to verify my signature. Such standard does not exist yet and so I suggest one :-) >>I would also add preferred field, which could take values 'insecure', >>'signed', 'encrypted' and 'signed,encrypted'. > > I'm not sure a "signencrypt" value is useful. Thoughts? It makes it complete, but I agree with you. I do not see a reason why someone would like to receive encrypted unsigned message. Thus, I would assume that preference=encrypt also means that recipient wants to receive messages signed. > I don't think a "insecure" value is useful; if the preference token is > absent, that would mean the same as insecure. Not necessarily. Absence of preference token means that sender does not support preference token or intentionally has not expressed any preference. On the other hand, preference=insecure means that user does *not* want to receive any signed or encrypted messages. I would imagine that many maillists will use this option to keep their messages clean. Maybe we can rename preference=insecure to something better. Ideas? To sum it up: OpenPGP: id=b565717f; url=http://josefsson.org/key.txt Sender does not support preference token or has not expressed any preference. You must decide whether to sign/encrypt message. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=insecure Sender does *not* want to the receive any signed or encrypted messages. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign Sender wants to receive signed unencrypted messages. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt Sender wants to receive signed encrypted messages. Thanks, David --------------enig96FAC7289BABAEC127475F60 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+4dWKLLFgC3GUjoRAnjvAJ0QbvBCpIICC4IILR8gCt4k6R03/wCeIj0T vR9ZdS0XP4vk/Z7OfSeUP1c= =T0mG -----END PGP SIGNATURE----- --------------enig96FAC7289BABAEC127475F60-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFP0Ng083612; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BFP0AP083611; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31]) by above.proper.com (8.12.11/8.12.9) with SMTP id j7BFOxts083600 for ; Thu, 11 Aug 2005 08:25:00 -0700 (PDT) (envelope-from I.Brown@cs.ucl.ac.uk) Received: from chemb041.chem.ucl.ac.uk by bells.cs.ucl.ac.uk with UK SMTP id ; Thu, 11 Aug 2005 16:24:31 +0100 Message-ID: <42FB6DAB.6020907@cs.ucl.ac.uk> Date: Thu, 11 Aug 2005 16:24:27 +0100 From: Ian Brown User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman CC: Ian G , ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > OTR allows is users to have strong authentication of encrypted messages > without the *additional risk* that normal digital signatures introduce. > Alice is no better off in the court scenario that you describe, using OTR > vs. not using anything, but this way she can use an encryption system that > doesn't expose her to greater potential danger, should the other party > defect. Adam Back and I suggested a way of doing this with OpenPGP at Usenix in 1998: http://www.cs.ucl.ac.uk/staff/i.brown/nts.htm Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFEWlq082682; Thu, 11 Aug 2005 08:14:32 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BFEWlN082681; Thu, 11 Aug 2005 08:14:32 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BFEVh0082675 for ; Thu, 11 Aug 2005 08:14:31 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id 8E88F450AD; Thu, 11 Aug 2005 08:14:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id 7A3A74802C; Thu, 11 Aug 2005 08:14:27 -0700 (PDT) Date: Thu, 11 Aug 2005 08:14:27 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian G Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP In-Reply-To: <42FB690C.8070607@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> <42FB690C.8070607@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 11 Aug 2005, Ian G wrote: > That is, OTR only works when it doesn't matter. > > This is taking crypto into the real world and not > realising the real world has an ability to do things > too. In practice, if any one tried the OTR approach > in court, they would quite rightly be screwed. > > I think we are drifting off the OpenPGP charter > though. I'll try to bring this back to OpenPGP for a minute. The problem, as I see it, is that if Alice uses OpenPGP to sign and encrypt his messages, she's actually facing a worse situation in court than if she hadn't been using OpenPGP, should the other party turn against her. There now exists cryptographic signature data to establish, beyond the word of the other party, that Alice definitively send the messages in question. OTR allows is users to have strong authentication of encrypted messages without the *additional risk* that normal digital signatures introduce. Alice is no better off in the court scenario that you describe, using OTR vs. not using anything, but this way she can use an encryption system that doesn't expose her to greater potential danger, should the other party defect. --Len. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BF0c4f081149; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BF0cwr081148; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BF0ZwB081137 for ; Thu, 11 Aug 2005 08:00:38 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 52C8F531C9; Thu, 11 Aug 2005 16:00:34 +0100 (BST) Message-ID: <42FB690C.8070607@systemics.com> Date: Thu, 11 Aug 2005 16:04:44 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Len Sassaman Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP References: <200508041208.17244.iang@systemics.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Len Sassaman wrote: > On Thu, 4 Aug 2005, Ian Grigg wrote: > > >>Currently, IM is mostly unsecured (there is this thing >>to do with SSL to the server, but as the threat is on >>the node, that's ignorable). The way to approach >>securing chat (IMHO) is to layer OpenPGP over the >>top in a transparent fashion. > > > OpenPGP has a lot of characteristics that one wouldn't particularly want > in an IM privacy protocol. Sure, it's a very general comment (and more specifically, I note that my own secure IM protocol doesn't as yet enjoy OpenPGP). > You might want to take a look at the "Off The > Record Messaging" system designed by Goldberg and Borisov. Their WPES > paper addresses the rationale behind ditching the OpenPGP threat model. > > http://www.cypherpunks.ca/otr/#docs Ah, now IMHO they bungled the threat model. Normally this wouldn't be an issue (I encourage all crypto experiments, even ones I think suck!), but the authors then go on to suggest that the user can repudiate and is protected because no-one can prove the messages were sent. The threat is on the node, and this includes your other party. If your other party says you sent the messages, then your silence, or your claim that it can't be proven, are inadequate. You actually have to say you didn't send the messages. So this means that the property of repudiability is only available if you lie, which is not only a contradictory approach, but also extraordinarily dangerous and in practice useless in court or in any adversarial setting. That is, OTR only works when it doesn't matter. This is taking crypto into the real world and not realising the real world has an ability to do things too. In practice, if any one tried the OTR approach in court, they would quite rightly be screwed. I think we are drifting off the OpenPGP charter though. > (More generally, I agree with the sentiment that ASCII-armored OpenPGP is > important for use with other protocols besides email, and should be the > canonical format for OpenPGP, email and otherwise.) Cool! iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BDA0k1053559; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BDA0X4053558; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD9xSn053548 for ; Thu, 11 Aug 2005 06:10:00 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id C35195322D; Thu, 11 Aug 2005 14:09:58 +0100 (BST) Message-ID: <42FB4F20.8060804@systemics.com> Date: Thu, 11 Aug 2005 14:14:08 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: openpgp Subject: Re: New 'User Attribute Packet' subpacket - Named Attribute Subpacket (type 0) References: <42FB4258.60900@gmail.com> In-Reply-To: <42FB4258.60900@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: > Hello, > > In my humble opinion this is the most important attribute of all. That's > why I suggest assigning it the special type 0. This attribute is > supposed to be used for any user specific, program specific or > experimental data. It is similar to the mail X- headers - it allows > users to store identifiable information, which is not suitable for > standardization or is not standardized yet. This sounds like a new feature request. I vote no, we are in last call. Apologies, I think you've turned up too late for this one. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD3kj9051256; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BD3kWv051255; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BD3jtr051241 for ; Thu, 11 Aug 2005 06:03:46 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 1B8A75322D; Thu, 11 Aug 2005 14:03:44 +0100 (BST) Message-ID: <42FB4DAA.5060803@systemics.com> Date: Thu, 11 Aug 2005 14:07:54 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050726) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Srbecky Cc: openpgp Subject: Re: Rename 'User Attribute Packet' subpacket - Photo ID Subpacket (type 1) References: <42FB4286.6070107@gmail.com> In-Reply-To: <42FB4286.6070107@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky wrote: > Hello, > > I suggest that 'Image Attribute Subpacket' is renamed to 'Photo ID > Subpacket' or anything similarly specific. 'Image Attribute Subpacket' > defines data type, but not what the data actually represent. What if > user stored two or more images? How do you guess what the individual > attributes hold? Er, that doesn't sound likely. What happens if someone assumes that the image is an ID because OpenPGP said so? The OpenPGP philosophy is to say nothing that it cannot cryptographically show. What a photo contains cannot be so shown. > For example, what if someone stores Photo ID and company logo? How do > you differentiate them? I suggest this one is specified to be a Photo ID > and any other content must be stored elsewhere. Only people can determine the difference between a Photo ID and a company logo. It's up to them, the tech plays no part in this. You might be suggesting that a user-signed comment be appended to the subpacket. Bear in mind that this group is in "last call" so any suggested changes should be pretty darn urgent. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCMfkY036673; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCMfUK036672; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCMeLq036661 for ; Thu, 11 Aug 2005 05:22:41 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id A9BF95D55; Thu, 11 Aug 2005 14:22:39 +0200 (CEST) Message-ID: <42FB430E.1040000@gmail.com> Date: Thu, 11 Aug 2005 14:22:38 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - Property Subpacket (type 3) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigF5D60A9762DE3E5175233751" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF5D60A9762DE3E5175233751 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Follow-up to post: "The OpenPGP mail and news header" extenssion Hello, There are a lot of little attributes we may want to store with the public key. For example: 1 - supports MIME format 2 - supports inline format 3 - supports header format 4 - preferred format 5 - prefers signed mail 6 - prefers encrypted mail 7 - public key url etc... There are two approaches I would like to suggest which could solve this: - We can assign a subpacket for every such attribute - We can create specific subpacket to hold theses attributes: Property Subpacket (type 3) ------------------------------------- Subpacket specific data: id - identifier - eg. 1 data - depends on id - eg. true The advantage of this approach is that one relatively unimportant attribute will not consume whole 'User Attribute Packet' subpacket. Also, it should make deprecating/updating easier since all these attributes are members of one subpacket type. I really can not decide which approach is better. 'Property Subpacket' does not really describe the purpose of the subpacket, but I could not find any better name. Any suggestions? Regards, David Srbecky --------------enigF5D60A9762DE3E5175233751 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0MPKLLFgC3GUjoRAgsOAJ44v2gu293T43W/JA3jgQCnoMKX9ACfbbeV d9M4UgaCjK4XjTDA15I4JuA= =mrq2 -----END PGP SIGNATURE----- --------------enigF5D60A9762DE3E5175233751-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCL6vx036232; Thu, 11 Aug 2005 05:21:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCL6ZR036231; Thu, 11 Aug 2005 05:21:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCL5RI036219 for ; Thu, 11 Aug 2005 05:21:05 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 543BB5D93; Thu, 11 Aug 2005 14:21:04 +0200 (CEST) Message-ID: <42FB42AF.3010302@gmail.com> Date: Thu, 11 Aug 2005 14:21:03 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - vCard Subpacket (type 2) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5BE3228DC7DBC544FC64ECC6" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5BE3228DC7DBC544FC64ECC6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, You can store you name, email and Photo ID in your public key, but what about other information? I suggest to standardize 'vCard Subpacket'. vCard is already known and supported format in MUAs and so the cost of implementing this should be minimal. vCard Subpacket (type 2) ---------------------------------- Subpacket specific data: data - content of the vCard file Regards, David Srbecky --------------enig5BE3228DC7DBC544FC64ECC6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0KvKLLFgC3GUjoRAgBxAKCy9/GbQyAsVRGjT5nu3LR+oWJFJACfXQdQ vKWdjGKkvC2NcPnZTUVdnY8= =WZsc -----END PGP SIGNATURE----- --------------enig5BE3228DC7DBC544FC64ECC6-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCKOWS035991; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCKORQ035990; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCKNjd035977 for ; Thu, 11 Aug 2005 05:20:24 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 021C25D93; Thu, 11 Aug 2005 14:20:22 +0200 (CEST) Message-ID: <42FB4286.6070107@gmail.com> Date: Thu, 11 Aug 2005 14:20:22 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: Rename 'User Attribute Packet' subpacket - Photo ID Subpacket (type 1) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7B92E6CF5728EBAE3369E6BE" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7B92E6CF5728EBAE3369E6BE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I suggest that 'Image Attribute Subpacket' is renamed to 'Photo ID Subpacket' or anything similarly specific. 'Image Attribute Subpacket' defines data type, but not what the data actually represent. What if user stored two or more images? How do you guess what the individual attributes hold? For example, what if someone stores Photo ID and company logo? How do you differentiate them? I suggest this one is specified to be a Photo ID and any other content must be stored elsewhere. Regards, David Srbecky --------------enig7B92E6CF5728EBAE3369E6BE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0KGKLLFgC3GUjoRAtG4AJ9TCe+1zVKMGs2cuAtrbpQol26D+gCeM3Kk BUL134EEYFr9bs9WBIIcK50= =g8tn -----END PGP SIGNATURE----- --------------enig7B92E6CF5728EBAE3369E6BE-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCJis4035743; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7BCJiLt035742; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7BCJiTs035727 for ; Thu, 11 Aug 2005 05:19:44 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id 3DEA05DE4; Thu, 11 Aug 2005 14:19:41 +0200 (CEST) Message-ID: <42FB4258.60900@gmail.com> Date: Thu, 11 Aug 2005 14:19:36 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: New 'User Attribute Packet' subpacket - Named Attribute Subpacket (type 0) X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5DCE95A148219DC07FFDC45B" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5DCE95A148219DC07FFDC45B Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, In my humble opinion this is the most important attribute of all. That's why I suggest assigning it the special type 0. This attribute is supposed to be used for any user specific, program specific or experimental data. It is similar to the mail X- headers - it allows users to store identifiable information, which is not suitable for standardization or is not standardized yet. Named Attribute Subpacket (type 0) ---------------------------------- Subpacket specific data: datatype - identifier - eg. 4 - UTF8 string name - UTF8 string - eg. "ICQ#" data - depends on datatype - eg. "123-456-789" NB: size of data is given by the size of subpacket minus the size of datatype identifier and the size of the name. Datatypes: 0 - reserved 1 - no data (it is just named flag) 2 - boolean 3 - integer 4 - UTF8 string 5 - URL 6 - image 7 - binary 8 - binary file 100-110 - private or experimental use NB: Binary type holds just some unspecified binary data. On the other hand, binary file type holds file that can be saved to disk and the name of the attribute represents its filename (including path???). I believe that this attribute would allow the user to store anything he wants in his public key. It does not matter what it is, the important thing is that is would be possible. Let the users and developers be creative! Regards, David Srbecky --------------enig5DCE95A148219DC07FFDC45B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+0JdKLLFgC3GUjoRApUBAJ4hfMp03tUw0YcwecMujFqMqPg3yACdGUPE dvStTgHgSXOmsAxDxQkpECI= =uJyZ -----END PGP SIGNATURE----- --------------enig5DCE95A148219DC07FFDC45B-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7B9ndoi082091; Thu, 11 Aug 2005 02:49:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7B9ndQr082090; Thu, 11 Aug 2005 02:49:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7B9nXLB082055 for ; Thu, 11 Aug 2005 02:49:37 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j7B9nEim013348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 11 Aug 2005 11:49:17 +0200 From: Simon Josefsson To: David Srbecky Cc: openpgp Subject: Re: "The OpenPGP mail and news header" extenssion References: <42FA366F.3030103@gmail.com> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050811:ietf-openpgp@imc.org::+EhQGd7aExfzqkkr:7G9H X-Hashcash: 1:21:050811:dsrbecky@gmail.com::Ik5SQPgVPc+qXKpp:DDyB Date: Thu, 11 Aug 2005 11:48:52 +0200 In-Reply-To: <42FA366F.3030103@gmail.com> (David Srbecky's message of "Wed, 10 Aug 2005 19:16:31 +0200") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Srbecky writes: > Hello, > > I have recently discovered the power of OpenPGP. However, some of my > friends now complain that my messages either contain some strange > ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since > I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think > that the only ultimate solution is to save the signature in the header. > > I think this simple extension should be sufficient: > > OpenPGP: id=12345678; > url=http://example.com/key.txt; > modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); > version=GnuPG v1.4.1 (MingW32); > comment=Using GnuPG with Thunderbird; > signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= > > 'modification' holds the date of last modification of the public key; > MUA can use it to detect whether the public key update is necessary. > (not directly related to the topic, but good(?) idea anyway) > > 'version', 'comment' and 'signature' are taken from the "signature.asc" > file and are intended to replace it. > > > What do you think? Hello. That is an interesting idea, and it does have some nice properties. However, I'm not sure the OpenPGP community will be helped by having yet another way of sending signed messages. We have effectively three different flavors today. (Vanilla OpenPGP, PGP/MIME and a hybrid scheme.) If you are complaining about of lack of implementation support now, I doubt things won't be better with a fourth variant.... However, it is good to float this idea, to influence people to think differently. FWIW, I now recall a scheme used on UseNet, called X-PGP-Sig, it may be something like what you propose. I don't have more information on it though. > PS: My opinion to the "Open Issues:'supports' field" is that is a very > good idea, but OpenPGP header is the wrong location. I think it should > be part of public key itself for two reasons: > - The value would be unique and could be updated from keyserver at any > time > - It would be possible to get the value before you receive any mail > from the given person. Yes, these are valid reasons. IIRC, there are proposals for a public key notation packet for similar purposes. However, there are some situations where BOTH are useful. Or put differently, they are not mutually exclusive, but rather complementary. For example, when a mailing list want PGP signed messages. It could inject a 'OpenPGP: supports=pgpmime' header on all messages. Then recipient MUAs would be able to turn on PGP signing automatically. There is no public key that could contain a notation packet that would inform you of that. However, I am in general opposed to suggest vanilla PGP in e-mail in IETF standards until someone actually explain how to implement it. Vanilla PGP in e-mail is not interoperable today, because there is no description on how to handle things like non-ASCII, attachments and so on. >> Should it be in preferred priority order? > Yes. > > I would also add preferred field, which could take values 'insecure', > 'signed', 'encrypted' and 'signed,encrypted'. I initially thought this was over-engineering, but on second thought, it may be useful. Consider: OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign That would tell recipients that I wish to receive signed PGP/MIME e-mail. OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=encrypt That would tell them I want message encrypted. Whether those messages are also signed could be up to the sender. I'm not sure a "signencrypt" value is useful. Thoughts? I don't think a "insecure" value is useful; if the preference token is absent, that would mean the same as insecure. Thanks, Simon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AIEGIx058109; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AIEGua058108; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AIEFLC058102 for ; Wed, 10 Aug 2005 11:14:16 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id CE7335D16; Wed, 10 Aug 2005 20:14:14 +0200 (CEST) Message-ID: <42FA43F7.3020301@gmail.com> Date: Wed, 10 Aug 2005 20:14:15 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: "The OpenPGP mail and news header" extenssion X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, I have recently discovered the power of OpenPGP. However, some of my friends now complain that my messages either contain some strange ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think that the only ultimate solution is to save the signature in the header. I think this simple extension should be sufficient: OpenPGP: id=12345678; url=http://example.com/key.txt; modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); version=GnuPG v1.4.1 (MingW32); comment=Using GnuPG with Thunderbird; signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= 'modification' holds the date of last modification of the public key; MUA can use it to detect whether the public key update is necessary. (not directly related to the topic, but good(?) idea anyway) 'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it. What do you think? PS: My opinion to the "Open Issues:'supports' field" is that is a very good idea, but OpenPGP header is the wrong location. I think it should be part of public key itself for two reasons: - The value would be unique and could be updated from keyserver at any time - It would be possible to get the value before you receive any mail from the given person. > Should it be in preferred priority order? Yes. I would also add 'preferred' field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. PPS: Just out of curiosity, why are you using OpenPGP: id=12345678; url=http://example.com/key.txt; and not OpenPGP-ID: 12345678 OpenPGP-URL: http://example.com/key.txt I know, it looks better, but I am afraid it might be more difficult to implement and it might discourage developers from accepting the standard. Regards, David Srbecky Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AHGZ7P053226; Wed, 10 Aug 2005 10:16:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AHGZnb053225; Wed, 10 Aug 2005 10:16:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp.nextra.cz (smtp.nextra.cz [195.70.130.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AHGX8t053216 for ; Wed, 10 Aug 2005 10:16:34 -0700 (PDT) (envelope-from dsrbecky@gmail.com) Received: from [10.0.0.22] (160.240.broadband2.iol.cz [83.208.240.160]) by smtp.nextra.cz (Postfix) with ESMTP id CCFA15D56; Wed, 10 Aug 2005 19:16:31 +0200 (CEST) Message-ID: <42FA366F.3030103@gmail.com> Date: Wed, 10 Aug 2005 19:16:31 +0200 From: David Srbecky User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: openpgp Subject: "The OpenPGP mail and news header" extenssion X-Enigmail-Version: 0.92.0.0 OpenPGP: id=2DC6523A; url=http://www.volny.cz/davejp/OpenPGP.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE8895556DBA372FE22521D17" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE8895556DBA372FE22521D17 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I have recently discovered the power of OpenPGP. However, some of my friends now complain that my messages either contain some strange ---SIGNATURE--- (inlining) or some strange attachment (PGP/MIME). Since I doubt that OpenPGP will ever be supported by *all* MUAs, I thing think that the only ultimate solution is to save the signature in the header. I think this simple extension should be sufficient: OpenPGP: id=12345678; url=http://example.com/key.txt; modification=Tue, 9 Aug 2005 13:59:18 +0200 (CEST); version=GnuPG v1.4.1 (MingW32); comment=Using GnuPG with Thunderbird; signature=iD8DBasdQFC+Jqasd5X6K7Lza8L3FgC3GU2joRAkV+AaJ9AqD/Fs= 'modification' holds the date of last modification of the public key; MUA can use it to detect whether the public key update is necessary. (not directly related to the topic, but good(?) idea anyway) 'version', 'comment' and 'signature' are taken from the "signature.asc" file and are intended to replace it. What do you think? PS: My opinion to the "Open Issues:'supports' field" is that is a very good idea, but OpenPGP header is the wrong location. I think it should be part of public key itself for two reasons: - The value would be unique and could be updated from keyserver at any time - It would be possible to get the value before you receive any mail from the given person. > Should it be in preferred priority order? Yes. I would also add 'preferred' field, which could take values 'insecure', 'signed', 'encrypted' and 'signed,encrypted'. Regards, David Srbecky --------------enigE8895556DBA372FE22521D17 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+jZwKLLFgC3GUjoRAtaWAJwO2tdDgSu4pJj2Pnzre7uqxyMgxwCeJSzJ 1i3LE925jcXJHCgdG0GMMJg= =UlQN -----END PGP SIGNATURE----- --------------enigE8895556DBA372FE22521D17-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AGlEwp050610; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7AGlEHM050609; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from thetis.deor.org (thetis.deor.org [207.106.86.210]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7AGlD2A050601 for ; Wed, 10 Aug 2005 09:47:14 -0700 (PDT) (envelope-from rabbi@abditum.com) Received: by thetis.deor.org (Postfix, from userid 500) id CD1714507E; Wed, 10 Aug 2005 09:47:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by thetis.deor.org (Postfix) with ESMTP id ACBDF4802A; Wed, 10 Aug 2005 09:47:09 -0700 (PDT) Date: Wed, 10 Aug 2005 09:47:09 -0700 (PDT) From: Len Sassaman X-X-Sender: rabbi@thetis.deor.org To: Ian Grigg Cc: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP In-Reply-To: <200508041208.17244.iang@systemics.com> Message-ID: References: <200508041208.17244.iang@systemics.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thu, 4 Aug 2005, Ian Grigg wrote: > Currently, IM is mostly unsecured (there is this thing > to do with SSL to the server, but as the threat is on > the node, that's ignorable). The way to approach > securing chat (IMHO) is to layer OpenPGP over the > top in a transparent fashion. OpenPGP has a lot of characteristics that one wouldn't particularly want in an IM privacy protocol. You might want to take a look at the "Off The Record Messaging" system designed by Goldberg and Borisov. Their WPES paper addresses the rationale behind ditching the OpenPGP threat model. http://www.cypherpunks.ca/otr/#docs (More generally, I agree with the sentiment that ASCII-armored OpenPGP is important for use with other protocols besides email, and should be the canonical format for OpenPGP, email and otherwise.) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74HQGA8059322; Thu, 4 Aug 2005 10:26:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74HQFtk059320; Thu, 4 Aug 2005 10:26:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74HQFCx059314 for ; Thu, 4 Aug 2005 10:26:15 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 6C5F657EF5; Thu, 4 Aug 2005 09:34:48 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP Message-Id: <20050804163448.6C5F657EF5@finney.org> Date: Thu, 4 Aug 2005 09:34:48 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Derek wrote: > - update milestones - proposal given. > > -- Proposed Milestones > > - No Objections What were the proposed milestones? Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74E9wVl040340; Thu, 4 Aug 2005 07:09:58 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74E9wYB040339; Thu, 4 Aug 2005 07:09:58 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74E9tfL040330 for ; Thu, 4 Aug 2005 07:09:57 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Thu, 4 Aug 2005 07:09:53 -0700 Received: from [86.255.31.9] ([86.255.31.9]) by keys.merrymeet.com (PGP Universal service); Thu, 04 Aug 2005 07:09:53 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 04 Aug 2005 07:09:53 -0700 In-Reply-To: <200508041208.17244.iang@systemics.com> References: <200508041208.17244.iang@systemics.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9d57b77598374460e8aab6c72fe5d9dc@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Draft Minutes of OpenPGP Date: Thu, 4 Aug 2005 07:09:58 -0700 To: Ian Grigg X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 4 Aug 2005, at 4:08 AM, Ian Grigg wrote: > I don't think it is necessary to "kill mime" but I don't > have much hope for its survival. As it only works > when the other client also understands the format, > it is facing an uphill battle. ascii-armouring works > much better as the user becomes the fallback. > Thank you, Ian. Nor do I want to "kill mime." I don't want to kill MIME. That mischaracterizes what I said. All I want is not to be forced to do MIME. Unfortunately, it appears that there are a lot of people who denigrate text, and think that if you say, "Hey, I like text!" then that means you want to kill MIME. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74B9rBF070395; Thu, 4 Aug 2005 04:09:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j74B9rle070394; Thu, 4 Aug 2005 04:09:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j74B9qjd070382 for ; Thu, 4 Aug 2005 04:09:52 -0700 (PDT) (envelope-from iang@systemics.com) Received: from localhost (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 234972EE05 for ; Thu, 4 Aug 2005 12:09:51 +0100 (BST) From: Ian Grigg To: ietf-openpgp@imc.org Subject: Re: Draft Minutes of OpenPGP Date: Thu, 4 Aug 2005 12:08:15 +0100 User-Agent: KMail/1.8.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508041208.17244.iang@systemics.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Thursday 04 August 2005 09:46, Derek Atkins wrote: > [Jon] - Wants support to plain inline text - kill mime and only use plain text as a personal preference. I'd agree with this. OpenPGP needs to support a basic mechanism to use open text channels in the most robust fashion. The ascii-armouring has passed the test of time in this fashion. I don't think it is necessary to "kill mime" but I don't have much hope for its survival. As it only works when the other client also understands the format, it is facing an uphill battle. ascii-armouring works much better as the user becomes the fallback. OpenPGP needs to think in terms of email being a lesser and lesser influence. IMO, email is dying. That's debateable, but what is clear is that the star of IM is on the ascendancy, and the email thing is losing that battle. Currently, IM is mostly unsecured (there is this thing to do with SSL to the server, but as the threat is on the node, that's ignorable). The way to approach securing chat (IMHO) is to layer OpenPGP over the top in a transparent fashion. That means ascii-armouring for the moment. Other systems will have similar engineering demands. Trying to integrate two disparate systems together is hard. iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j749WQv1032109; Thu, 4 Aug 2005 02:32:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j749WQx8032108; Thu, 4 Aug 2005 02:32:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from homer.w3.org (homer.w3.org [128.30.52.30]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j749WNdU032083 for ; Thu, 4 Aug 2005 02:32:23 -0700 (PDT) (envelope-from tlr@w3.org) Received: from raktajino.does-not-exist.org (homer.w3.org [128.30.52.30]) by homer.w3.org (Postfix) with ESMTP id 19D5F4F154; Thu, 4 Aug 2005 05:32:21 -0400 (EDT) Received: from roessler by raktajino.does-not-exist.org with local (Exim 4.43) id 1E0c4h-0000sI-No; Thu, 04 Aug 2005 11:31:39 +0200 Date: Thu, 4 Aug 2005 11:31:39 +0200 From: Thomas Roessler To: Derek Atkins Cc: ietf-openpgp@imc.org, hartmans-ietf@MIT.EDU, housley@vigilsec.com Subject: Re: Draft Minutes of OpenPGP Message-ID: <20050804093139.GL10730@raktajino.does-not-exist.org> Mail-Followup-To: Derek Atkins , ietf-openpgp@imc.org, hartmans-ietf@MIT.EDU, housley@vigilsec.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 2005-08-04 10:46:36 +0200, Derek Atkins wrote: > Thomas ? - two formats - with and w/o tag > - please elimiate the tag version. I was asking to remove the untagged version, not the tagged one. Regards, -- Thomas Roessler, W3C Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j748keOh014845; Thu, 4 Aug 2005 01:46:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j748keJH014844; Thu, 4 Aug 2005 01:46:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (me@open-26-4.ietf63.ietf.org [86.255.26.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j748kdqQ014818 for ; Thu, 4 Aug 2005 01:46:39 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j748kb33026624; Thu, 4 Aug 2005 10:46:37 +0200 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j748ka0i026621; Thu, 4 Aug 2005 10:46:36 +0200 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Cc: hartmans-ietf@MIT.EDU, housley@vigilsec.com Subject: Draft Minutes of OpenPGP Date: Thu, 04 Aug 2005 10:46:36 +0200 Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --=-=-= Attached are the draft minutes for the OpenPGP meeting. In short: 1) 2440bis should go to WGLC later this month 2) new milestones were proposed by the chair and no objections noted 3) there appears to be interest in adopting new work: the message-header -derek --=-=-= Content-Disposition: attachment; filename=Minutes-63.txt Content-Description: draft minutes AGENDA -- -- Introduction and Agenda Bashing No changes -- 2440 bis status - In "pentultimate last call" for some time (over a year) - now only doing tweaks to the document. - If you want changes in wording - need to be compatable and suggest text. - Only open issue is David Shaw's BNF request for literal+literal. No reason not to include David Shaw's request, but not in draft 14. Should go into 15 - Run last call and finish this document - Use difference documents for new work - downside is that not everything will be in a small number of documents. Good news is that will have a fixed definitive document -- 2440 next steps - Go to Last call. finish by end of August - Try for a bake off? try for Draft Standard. (early in '06) - update milestones - proposal given. - Draft standard would be tried for 6 months after IESG approval. - New Life - New documents not hit 2440bis. - -- Proposed Milestones - No Objections --- Message Header - draft-josefsson-openpgp-mailnews-header-01.txt - standardize some X- headers for PGP. - Lookup URL and key id of a sender - simplified original by dropping some unnecessary data. - key id - longer fingerprint - url to key - What is the problem to be solved? - Not completely clear - invent header that could be used programatically to lookup key and keyid of sender - Manual cut & paste? - request for additinoal current usage of old headers for inclusion in the doument. - Open Issuses: - Add token to state strong preference for reciving PGP and potentially the PGP format to be sent. - IETF process restricted to MIME? - place same info into a packet? - Keyserver field? - unsure of what this would be really for. Next expansion of the idea. - BNF problems on the draft need corrections. Open MIKE JON - Supports idea of draft - supports "supports token" - PGP has a similar item already used. used with different values for different reading devices. - Wants support to plain inline text - kill mime and only use plain text as a personal preference. - response - Need additional proposals to solve some of the problems? JON - display problems not format issues - Don't ban text only w/o mime wrappers. 8-bit character set problems with servers - Vigourous dispute on issues with character sets. Thomas ? - two formats - with and w/o tag - please elimiate the tag version. ??? - Please add finger print header - used for validation. - possible support already? JON - KeyID is a trucated fingerprint - allow for longer id to get fuller fingerprint w/o much additional parsing. - -00 to -01 allowed for longer KeyID from a fixed length. --- Open Discussion - Meeting closed. --=-=-= -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant --=-=-=-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73LWNaf089115; Wed, 3 Aug 2005 14:32:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73LWN1e089106; Wed, 3 Aug 2005 14:32:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73LWMEX089098 for ; Wed, 3 Aug 2005 14:32:22 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 85B0957EF5; Wed, 3 Aug 2005 13:40:52 -0700 (PDT) To: gkare@hotmail.com, ietf-openpgp@imc.org Subject: Re: PGP questions Message-Id: <20050803204052.85B0957EF5@finney.org> Date: Wed, 3 Aug 2005 13:40:52 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This list is for technical discussion of the data formats used by the OpenPGP standard. You might want to try the pgp-users mailing list, http://www.cryptorights.org/lists/pgp-users/ . Hal Finney > From: "g kare" > To: ietf-openpgp@imc.org > Subject: PGP questions > Date: Wed, 03 Aug 2005 19:08:44 +0000 > > > Hi, > > I am trying to get my company to upgrade to PGP 9, but he is voicing concern > that PGP has gone through so many management changes, that is reluctant to > spend $$$ on PGP. > > Can anyone speculate on what the future holds for PGP Corp? Is there a > future for them? > > Are there any viable alternative products to PGP? > > > Thanks, > > Gary Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73L324o085018; Wed, 3 Aug 2005 14:03:02 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73L32Jm085017; Wed, 3 Aug 2005 14:03:02 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73L2vSQ084997 for ; Wed, 3 Aug 2005 14:03:00 -0700 (PDT) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j73L2Te9002279 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 3 Aug 2005 23:02:39 +0200 From: Simon Josefsson To: Derek Atkins Cc: ietf-openpgp@imc.org Subject: OpenPGP header (was: Re: Meet in Paris?) References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050803:derek@ihtfp.com::2CsjDXEbNcOsFgpQ:2xXs X-Hashcash: 1:21:050803:ietf-openpgp@imc.org::SJqivRxd198YB0HN:Zbq5 Date: Wed, 03 Aug 2005 23:02:12 +0200 In-Reply-To: (Derek Atkins's message of "Mon, 25 Jul 2005 20:47:57 -0400") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I forgot to raise the question of whether the WG wishes to adopt this document as a work item. Is there interest in doing so? I fear the precise wording to deal with a "supports" token may be contentious, and will likely bring back the PGP/MIME vs vanilla PGP in e-mail environments discussion, so hold that in mind when deciding. I think there are two orthogonal questions that a "supports" token could address: 1) Preference between PGP/MIME, vanilla PGP, or hybrid. 2) To signal that the originator wants personal e-mail PGP encrypted. It may be overloading to have the same token address both matters; arguing for two new tokens. It may also be that either one of 1) or 2) should not be done now. As a proponent of a PGP/MIME-only e-mail world -- possibly except for the few cases [1] when vanilla PGP can be used interoperable -- I would not mind if 1) was not supported at all. Thanks, Simon [1] US-ASCII, no format=flowed, no lines starting with From or '-', see Derek Atkins writes: > I'd be happy to put you on for 5-10 minutes? I really don't > think it will slow down 2440bis. > > -derek > > Simon Josefsson writes: > >> Derek Atkins writes: >> >>> Hi, >>> >>> Do the members of this working group feel we need a meeting >>> in Paris? I think we might want to meet in order to consider >>> work beyond 2440bis (e.g. PFS, Mail-Headers, or other work >>> that's been proposed). >> >> I would likely be around to talk about the OpenPGP mail header [1], if >> there is interest. Feedback from OpenPGP experts on the usefulness of >> adding a "supports" token to the header is one open issue that may be >> useful to discuss. >> >> I'd hate to see anything slow down 2440bis further though. >> >> [1] http://josefsson.org/openpgp-header/ >> >> > > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73K13sT079789; Wed, 3 Aug 2005 13:01:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73K13qx079788; Wed, 3 Aug 2005 13:01:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73K11he079780 for ; Wed, 3 Aug 2005 13:01:02 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1E0POV-0004tV-GU for ; Wed, 03 Aug 2005 21:59:15 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1E0PNW-0000vi-I6; Wed, 03 Aug 2005 21:58:14 +0200 To: "g kare" Cc: ietf-openpgp@imc.org Subject: Re: PGP questions References: From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 03 Aug 2005 21:58:14 +0200 In-Reply-To: (g. kare's message of "Wed, 03 Aug 2005 19:08:44 +0000") Message-ID: <87d5ouaj3d.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 03 Aug 2005 19:08:44 +0000, g kare said: > Can anyone speculate on what the future holds for PGP Corp? Is there > a future for them? This is a list of the IETF OpenPGP WG; it is purely a technical list and not a business oriented one. Please ask elsewhere. > Are there any viable alternative products to PGP? Sure, I'd say. Shalom-Salam, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73J8o58076420; Wed, 3 Aug 2005 12:08:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73J8nJ6076419; Wed, 3 Aug 2005 12:08:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay102-f16.bay102.hotmail.com [64.4.61.26]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73J8n5w076410 for ; Wed, 3 Aug 2005 12:08:49 -0700 (PDT) (envelope-from gkare@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 3 Aug 2005 12:08:44 -0700 Message-ID: Received: from 64.4.61.200 by by102fd.bay102.hotmail.msn.com with HTTP; Wed, 03 Aug 2005 19:08:44 GMT X-Originating-IP: [64.4.61.200] X-Originating-Email: [gkare@hotmail.com] X-Sender: gkare@hotmail.com In-Reply-To: <0f0e74b01beeb49897f8058851ba0442@callas.org> From: "g kare" To: ietf-openpgp@imc.org Subject: PGP questions Date: Wed, 03 Aug 2005 19:08:44 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 03 Aug 2005 19:08:44.0406 (UTC) FILETIME=[C4AEB960:01C5985E] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, I am trying to get my company to upgrade to PGP 9, but he is voicing concern that PGP has gone through so many management changes, that is reluctant to spend $$$ on PGP. Can anyone speculate on what the future holds for PGP Corp? Is there a future for them? Are there any viable alternative products to PGP? Thanks, Gary Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73HFeNo066431; Wed, 3 Aug 2005 10:15:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73HFeG0066430; Wed, 3 Aug 2005 10:15:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73HFdvA066423 for ; Wed, 3 Aug 2005 10:15:39 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 1AC3657EF5; Wed, 3 Aug 2005 09:24:09 -0700 (PDT) To: ietf-openpgp@imc.org, mkuusio@surfeu.fi Subject: Re: Secret key encryption Message-Id: <20050803162409.1AC3657EF5@finney.org> Date: Wed, 3 Aug 2005 09:24:09 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > I need to encrypt secret data of the keypair to prevent attackers from > misusing the keypair. I am using 3DES symmetric algorithm in encrypting > and decrypting the secret key. As a s2k specifier I use Iterated and > Salted S2K, so in the encryption process I need the secret passphrase, > the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My > question is: is the Initial vector some arbitrary data like salt values > are? In this case it would be some 64-bit random number. And what about > the coded count value? What affects to the value? I have generated my keys > so far with gnu privacy guard software and the count has always been 96 > (65536) in every key. I didn`t find solution to this from the RFC2440. Can > someone clarify this? Yes, the IV should be a 64 bit random number. The purpose of the coded count is to slow down dictionary attacks. In a dictionary attack, someone who gets access to the secret key ring tries all possible pass phrases. By slowing down the operation of turning a passphrase into the 3DES key that unlocks the secret key, it makes the dictionary attacker's job harder. Choosing a value for the coded count is a tradeoff. Larger values will help defend against dictionary attacks, but they will also slow down the process of unlocking the key for legitimate users. If keys in your application will be unlocked by human users typing in their passphrases, then larger coded counts would be acceptable, providing for delays of 1/10 or even 1/2 second or more. If your application must expose the secret key data structure, again larger coded counts would be appropriate. On the other hand, if your application involves an automated system which must frequently unlock keys, and/or if you are confident that your passphrases are strong and can't be found with a dictionary attack, and/or if you have good security to keep the secret key ring from being exposed, then you might go with a lower coded count. Those are the kinds of considerations that will help you balance the tradeoffs. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73Cv0KM023663; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j73Cv07s023662; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j73Cuxc0023652 for ; Wed, 3 Aug 2005 05:57:00 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 3 Aug 2005 05:56:56 -0700 Received: from [86.255.6.85] ([86.255.6.85]) by keys.merrymeet.com (PGP Universal service); Wed, 03 Aug 2005 05:56:56 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 03 Aug 2005 05:56:56 -0700 In-Reply-To: <20050721220308.GA16833@jabberwocky.com> References: <20050721220308.GA16833@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <0f0e74b01beeb49897f8058851ba0442@callas.org> Content-Transfer-Encoding: 7bit Cc: ietf-openpgp@imc.org From: Jon Callas Subject: Re: Literal+Literal Date: Wed, 3 Aug 2005 05:57:00 -0700 To: David Shaw X-Mailer: Apple Mail (2.622) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 21 Jul 2005, at 3:03 PM, David Shaw wrote: > > A while back (2003), I noticed a inconsistency in the draft. The > problem was one of those fiddly grammar things: some text in the draft > said that multiple literal packets in a row were legal, and some other > text said that it wasn't. For example, in that draft, > COMPRESSED(literal+literal) was legal in section 5.6, and illegal in > 10.2. > > To resolve that, I suggested that we simply change 10.2 (the grammar > section) to allow literal+literal. That's how the draft reads now. > Several people have commented that this is raising more problems than > it is solving, and they're right. Literal+literal raises a whole > collection of issues with how to hash the data in a construction like > onepass+literal+literal+sig. It also requires parsers to be more > complex (though at least the parsers in PGP and GPG always worked this > way). > > I'd like to change the text to fix this, and solve this problem a > different way: rather than resolve the inconsistency by making > literal+literal legal everywhere, better to resolve the inconsistency > by making literal+literal illegal everywhere. > > The specific changes would be: > > Section 5.6 (Compressed Data Packet) - change "literal data packets" > to "a literal data packet". > > Section 5.7 (Symmetrically Encrypted Data Packet) - change "literal > data packets" to "a literal data packet". > > Section 5.13 (Sym. Encrypted Integrity Protected Data Packet) - change > "literal data packets or compressed data packets" to "a literal data > packet or compressed data packet". > > Then in section 10.2, revert from this: > > Literal Message :- Literal Data Packet | > Literal Message, Literal Data Packet. > > to this: > > Literal Message :- Literal Data Packet > > David > > Done. Will be in bis15. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j737vHB9012610; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j737vHqO012609; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from surfeu.fi (mailbox.surfeu.fi [213.173.154.4]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j737vGxL012567 for ; Wed, 3 Aug 2005 00:57:17 -0700 (PDT) (envelope-from mkuusio@surfeu.fi) Received: from [213.173.154.9] (HELO surfeu.fi) by surfeu.fi (CommuniGate Pro SMTP 3.4.1) with SMTP id 149618524 for ietf-openpgp@imc.org; Wed, 03 Aug 2005 10:57:10 +0300 Received: from 193.210.155.190 (SquirrelMail authenticated user mkuusio) by webmail.tiscali.fi with HTTP; Wed, 3 Aug 2005 10:57:10 +0300 (EEST) Message-ID: <29332.193.210.155.190.1123055830.squirrel@webmail.tiscali.fi> Date: Wed, 3 Aug 2005 10:57:10 +0300 (EEST) Subject: Secret key encryption From: To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I need to encrypt secret data of the keypair to prevent attackers from misusing the keypair. I am using 3DES symmetric algorithm in encrypting and decrypting the secret key. As a s2k specifier I use Iterated and Salted S2K, so in the encryption process I need the secret passphrase, the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My question is: is the Initial vector some arbitrary data like salt values are? In this case it would be some 64-bit random number. And what about the coded count value? What affects to the value? I have generated my keys so far with gnu privacy guard software and the count has always been 96 (65536) in every key. I didn`t find solution to this from the RFC2440. Can someone clarify this?