From owner-ietf-openpgp@mail.imc.org Mon Oct 03 05:41:09 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMMon-0000ks-43 for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 05:41:09 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA16717 for ; Mon, 3 Oct 2005 05:41:06 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j939QAAn051702; Mon, 3 Oct 2005 02:26:10 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j939QAd1051701; Mon, 3 Oct 2005 02:26:10 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.206]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j939Q9Q1051690 for ; Mon, 3 Oct 2005 02:26:09 -0700 (PDT) (envelope-from rwillmer@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so84338nzo for ; Mon, 03 Oct 2005 02:26:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=e96cluUJR/0fubRO04ID2zqZtgkUGGjp4CkZIOaIEdPeDS5/1KFyjdqkPedkDSFU86aG2Gj9hiY+YhZconBLrH+i4kZfHyzyp3xwmkSRw8D+pIyvAuSr+Uu7l5fS6bIEKzXrQlItTTovMTkhyv1pV6aJTJwF9dztjk0xGgxiPzA= Received: by 10.36.2.1 with SMTP id 1mr25498nzb; Mon, 03 Oct 2005 02:26:04 -0700 (PDT) Received: by 10.36.222.9 with HTTP; Mon, 3 Oct 2005 02:26:03 -0700 (PDT) Message-ID: <5cd112870510030226n172cbc87q@mail.gmail.com> Date: Mon, 3 Oct 2005 10:26:03 +0100 From: Rachel Willmer Reply-To: Rachel Willmer To: ietf-openpgp@imc.org Subject: WG Goals and Milestones MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j939Q9Q1051696 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit Just looking at the IETF page for the working group , and it has the following under "Goals and Milestones" Done Submit PGP/MIME draft to IESG for consideration as PROPOSED standard May 01 Submit Multiple Sig draft to IESG for consideration as PROPOSED standard Jul 01 Begin RFC2440, PGP/MIME Interoperability testing Aug 01 Request DRAFT status for RFC2440 Are those still the goals the WG is working towards, or are there some other more up-to-date ones? Rachel From jjrbl@sohu.com Mon Oct 03 09:38:37 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMQWb-0002xD-Ul for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 09:38:37 -0400 Received: from sohu.com ([218.10.84.191]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA28786 for ; Mon, 3 Oct 2005 09:38:17 -0400 (EDT) Message-Id: <200510031338.JAA28786@ietf.org> From: =?GB2312?B?oba+rbzNyMuht9TT1r7J5w==?= Subject: =?GB2312?B?oba+rbzNyMuht9TT1r7J58LbzsTV97jlzajWqg==?= To: openpgp-archive@ietf.org Content-Type: text/plain;charset="GB2312" Reply-To: jjrbl@sohu.com Date: Mon, 3 Oct 2005 21:38:21 +0800 X-Priority: 3 X-Mailer: FoxMail 3.11 Release [cn] 《经纪人》杂志社论文征稿通知 《经纪人·科学与教育探索》是《经纪人》杂志的学术版,由中国国际经济科技法律人才学会主办。 《经纪人》杂志面向国内外公开出版发行。为国家一级综合类期刊。刊号CN11-4444/C,ISSN1009-3990。由《经纪人·科学与教育探索》编辑部编辑。本刊致力于经纪学、管理学、经济学、科学、教育等学科的研究,兼及哲学、历史学、政治学、法学、社会学等其他学科,注重学术性、理论性、探索性及应用性。它将坚持学术本位立场,以具有国际影响的高质量学术刊物为标准。热诚欢迎国内外专家、学者和广大社会科学工作者踊跃赐稿。本刊已加入《中国学术期刊》(光盘版),同时系CNKI中国期刊全文数据库来源期刊、中国学术期刊综合评价数据库来源期刊和中国人文社科引文数据库来源期刊,我们将为您的新著佳作尽快问世而努力。 二、征稿范围及要求: 1.稿件要求资料详实,理据充分,能成一家之言,并富于原创性。 2.请在正文前附上 150 字左右的文章摘要和 3~5 个关键词,同时注明作者出生年月、性别、籍贯、工作单位、职称(职务)、邮编、地址、电话号码等。 3.投稿一律采用Word文档格式发送电子邮件。来稿3000-6000 字(包括标点符号、空格)为易,编辑部在24小时内通知稿件录用情况。要求打印成文,同时寄交磁盘(或电子文本)。 投稿邮箱为jjrbl@sohu.com未用稿一律不退,两个月后未接到用稿通知或电话通知可自行处理。请勿一稿多投。稿件发表后,编辑部将赠送作者一本样刊。 三、学术道德和规范: 本刊维护学术的纯洁与道德的尊严,坚持严格的学术规范。凡涉及抄袭剽窃或不规范的稿件,请勿投稿。如有抄袭剽窃情形发生,本刊将给予公开谴责和批评。本刊尊重作者观点,但必要时也可能作相应技术处理,凡不愿修改者,请事先说明。 本刊感谢您的支持,期待您的指导。欢迎您订阅并惠赐佳作。 电话:0451-82623009(办) 82623367(办) 联系人:王龙贤 《经纪人·科学与教育探索》编辑部东北工作站 地址:哈尔滨市南岗区宣信街15号527/528室 From owner-ietf-openpgp@mail.imc.org Mon Oct 03 15:51:03 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMWL1-0002bm-Cp for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 15:51:03 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA27998 for ; Mon, 3 Oct 2005 15:51:01 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93JcnJj059686; Mon, 3 Oct 2005 12:38:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93JcnPM059683; Mon, 3 Oct 2005 12:38:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from srv224 (eva222.named1.com [69.31.86.150] (may be forged)) by above.proper.com (8.12.11/8.12.9) with SMTP id j93JcmuP059620 for ; Mon, 3 Oct 2005 12:38:48 -0700 (PDT) (envelope-from archive@mail-archive.com) Date: Mon, 3 Oct 2005 12:38:48 -0700 (PDT) From: archive@mail-archive.com Message-Id: <200510031938.j93JcmuP059620@above.proper.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Received: from jpdtoisw (0.112.18.237) by srv224; Mon, 3 Oct 2005 12:38:48 -0700 Message-ID: <003801c47b9c$ed37f2bb$dd834d08@jpdtoisw> Reply-To: From: To: Subject: HOMEMADE PETROL? YES! Date: Mon, 3 Oct 2005 12:38:48 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0037_01C44D08.DD83F2BB" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 ------=_NextPart_000_0037_01C44D08.DD83F2BB Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Hi! Your mail is ietf-openpgp@imc.org Your fax=20 Find OUT HOW to make PETROL FOR YOU CAR with the lowest losses or without t= hem at all! =A0 Have you ever heard about making the petrol on your own against buying that= at the filling station? Ask your friends, neighbours or relatives.=20 They wouldn't believe in that! I suggest you to make the high-octane gasoline for you automobile by yourse= lf using the simple and cheap technology. This technology allows you to pro= duce the petrol at home, garage, shed at any place you want.=20 You cut the losses essentially (up to 10 times) for using a personal car fo= r life and business. Reduced the costs for transport charges in your busine= ss you can pass ahead of your rivals essentially. You can afford yourself t= o go to work not thinking about buying the petrol. You can go you relatives= , friends living very far from you more often.=20 Costs for production 1 liter of high octane gasoline doesn't exceed 0,15 US= D ! You can make up to 20 liters of high octane gasoline per hour. You need= n't an expensive equipment and it is enough to have a school education. The= whole preparatory process doesn't take more than one week. After that you = can make the petrol unlimited! Read more www.petrol.7p.com 2 get ready ------=_NextPart_000_0037_01C44D08.DD83F2BB-- From owner-ietf-openpgp@mail.imc.org Mon Oct 03 19:56:10 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMaAE-0004cl-Ns for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 19:56:10 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29363 for ; Mon, 3 Oct 2005 19:56:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NkNBf087109; Mon, 3 Oct 2005 16:46:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93NkNUI087108; Mon, 3 Oct 2005 16:46:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NkMKf087096 for ; Mon, 3 Oct 2005 16:46:22 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Mon, 3 Oct 2005 16:46:21 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 03 Oct 2005 16:46:21 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 03 Oct 2005 16:46:21 -0700 In-Reply-To: <5cd112870510030226n172cbc87q@mail.gmail.com> References: <5cd112870510030226n172cbc87q@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WG Goals and Milestones Date: Mon, 3 Oct 2005 16:46:17 -0700 To: Rachel Willmer X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 3 Oct 2005, at 2:26 AM, Rachel Willmer wrote: > > Just looking at the IETF page for the working group > , and it has > the following under "Goals and Milestones" > > Done Submit PGP/MIME draft to IESG for consideration as > PROPOSED standard > May 01 Submit Multiple Sig draft to IESG for consideration as > PROPOSED standard > Jul 01 Begin RFC2440, PGP/MIME Interoperability testing > Aug 01 Request DRAFT status for RFC2440 > > Are those still the goals the WG is working towards, or are there some > other more up-to-date ones? Those goals have really all been met. Derek posted here a while ago (but not that long, they're part of the IETF63 notes) some updated goals, but they're not on the website. Here's what he had: Aug 05 WGLC for 2440bis Sep 05 Submit 2440bis to IESG as Proposed Standard Nov 05 Finish Interop Test Plan Jan 06 Begin 2440bis Interop Testing Mar 06 Request DRAFT Status for 2440bis From owner-ietf-openpgp@mail.imc.org Mon Oct 03 19:56:12 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMaAG-0004cx-02 for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 19:56:12 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA29365 for ; Mon, 3 Oct 2005 19:56:10 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NhJtw086860; Mon, 3 Oct 2005 16:43:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93NhJ4t086859; Mon, 3 Oct 2005 16:43:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NhI4Q086853 for ; Mon, 3 Oct 2005 16:43:18 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Mon, 3 Oct 2005 16:43:14 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 03 Oct 2005 16:43:14 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 03 Oct 2005 16:43:14 -0700 In-Reply-To: <20050922135632.GA1725@epointsystem.org> References: <20050922042955.GA30473@epointsystem.org> <20050922135632.GA1725@epointsystem.org> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <08A20B20-E224-4C3F-A29B-1013A2025FE6@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Plausible deniability (a feature to think about) Date: Mon, 3 Oct 2005 16:43:09 -0700 To: "Daniel A. Nagy" X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 22 Sep 2005, at 6:56 AM, Daniel A. Nagy wrote: >>> Now, there exists a cryptographic solution for this problem, >>> moreover, >>> RFC2440 even hints that it might be implemented in OpenPGP, >>> though I have >>> never seen it used: X9.42 Diffie-Hellman key agreement (see also >>> RFC2630, >>> RFC2631 and RFC2633). >>> >> >> X9.42 was only added to S/MIME for political reasons. AFAIK only one >> implementation ever supported it, and that was the USG-funded >> reference >> implementation that was required to support it. In addition, MS >> supported a >> read-only implementation just so they couldn't be accused of not >> supporting >> it. >> > > What political reasons? And why is there a reserved ID in OpenPGP? > Peter explained the political reasons around X9.42 in S/MIME. There are a different set of political things in OpenPGP. Remember that at the time, the RSA algorithm was patented in the US, and the US had export restrictions. Consequently, this created an amusing window in which what you could do where had very little to do with rationality, let alone good technical decisions. Actually, to be complete, *all* public key crypto was patented in the US, and nowhere else, but the discrete log patents all expired in late '97, and the RSA patent in late '00. Add to this the zaniness of The Internet Boom. The IETF as a whole decided in Munich in July '97 that all standards had to have discrete-log algorithms as MUST-implement algorithms, because of patent concerns. Just about everyone picked DSA for signing, but there was differences in ideas about what to pick for encryption. OpenPGP is based on PGP 3, which already had been built using Elgamal keys. That was decided. Other protocols, which had been RSA-only, looked around for what to do. The S/MIME people picked X9.42. Another factor in various discussions has been how to deal with certificate formats. It's pretty trivial to come up with an isomorphism between X.509 certs and OpenPGP certs for RSA keys. However, with OpenPGP using Elgamal, and S/MIME using X9.42, there was a difference. Consequently, to bridge any gap, we put in identifiers for X9.42 in OpenPGP, so that if they became popular, we could support them. As Peter Gutmann has said, it isn't clear that anyone ever used a single X9.42 key outside of interop testing. There aren't that many people using DSA certs, either. I don't think I've ever seen one in the wild. At PGP, we don't do any X.509/OpenPGP unification for discrete log keys. If you want that, you use RSA. > >> (I remember having a conversation with a rather baffled security >> application >> developer who wanted to see X9.42 in an S/MIME toolkit and just >> couldn't >> understand that although the spec had it as a MUST requirement, >> all the >> implementors knew that you should ignore it). >> > > X9.42 may be flawed (is it?), but DH key agreement is one of the > strongest > primitives in asymmetric cryptography. There's nothing wrong with X9.42 technical. Its non-use (and DSA's) are all layer 8 and 9 issues. Jon From owner-ietf-openpgp@mail.imc.org Mon Oct 03 23:03:32 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMd5X-0002p8-Kv for openpgp-archive@megatron.ietf.org; Mon, 03 Oct 2005 23:03:32 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA06989 for ; Mon, 3 Oct 2005 23:03:28 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j942nCBT011836; Mon, 3 Oct 2005 19:49:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j942nCBA011835; Mon, 3 Oct 2005 19:49:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpa.itss.auckland.ac.nz (groucho.itss.auckland.ac.nz [130.216.190.11]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j942nAH9011819 for ; Mon, 3 Oct 2005 19:49:10 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 81E55343C3; Tue, 4 Oct 2005 15:49:04 +1300 (NZDT) Received: from smtpa.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12428-23; Tue, 4 Oct 2005 15:49:04 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id AE98D3469B; Tue, 4 Oct 2005 15:49:03 +1300 (NZDT) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 4F25E37746; Tue, 4 Oct 2005 15:49:03 +1300 (NZDT) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1EMcrb-0000Wq-00; Tue, 04 Oct 2005 15:49:07 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jon@callas.org, nagydani@epointsystem.org Subject: Re: Plausible deniability (a feature to think about) Cc: ietf-openpgp@imc.org In-Reply-To: <08A20B20-E224-4C3F-A29B-1013A2025FE6@callas.org> Message-Id: Date: Tue, 04 Oct 2005 15:49:07 +1300 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas writes: >There's nothing wrong with X9.42 technical. Its non-use (and DSA's) are all >layer 8 and 9 issues. Actually X9.42 is a pretty awkward way to do key exchange. You can use Elgamal as a drop-in replacement for RSA, but X9.42 requires both sender and receiver certs to establish a key, and mixes in a large pile of other (largely unnecessary) complexity and extra parameters and data values for no good reason. It seems to have been heavily influenced by the Fortezza KEA mechanism. It's just a royal pain to implement no matter how you look at it. While I'm commenting on this, there isn't much problem with key formats, X9.42 and DSA are both from the DLP family so they use the same key generation and format. Well, almost, the X9.42 guys copied the DSA spec wrong and reversed two of the parameters, but apart from that they're identical. Peter. From owner-ietf-openpgp@mail.imc.org Tue Oct 04 11:39:46 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMotO-0005Dh-5L for openpgp-archive@megatron.ietf.org; Tue, 04 Oct 2005 11:39:46 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA03309 for ; Tue, 4 Oct 2005 11:39:42 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j94FI1oe095439; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j94FI1IK095438; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j94FI0dC095415 for ; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) (envelope-from rwillmer@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so235187nzo for ; Tue, 04 Oct 2005 08:17:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UIzoBoWgTZhQTs0GkTM0IJ7j4yuejS6RDk4XRCMaTVKbSeXXuHgcDKgzY7yud1BSjABQ5AlxHYNE+iQSiULh9xsKZDufLx+N6EVl5V6YZ5/3do/+JGG26l0i9m/q/c8SPzxz7j0rPDbNBW8Xmo5oTLGFQFH9ypny6wKw6Q5iDBU= Received: by 10.37.2.16 with SMTP id e16mr288850nzi; Tue, 04 Oct 2005 08:17:55 -0700 (PDT) Received: by 10.36.222.9 with HTTP; Tue, 4 Oct 2005 08:17:55 -0700 (PDT) Message-ID: <5cd112870510040817k61ac111et@mail.gmail.com> Date: Tue, 4 Oct 2005 16:17:55 +0100 From: Rachel Willmer Reply-To: Rachel Willmer To: ietf-openpgp@imc.org Subject: Re: WG Goals and Milestones In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <5cd112870510030226n172cbc87q@mail.gmail.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j94FI1dC095432 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 8bit On 04/10/05, Jon Callas wrote: > Those goals have really all been met. I rather thought they might have :-) Derek posted here a while ago > (but not that long, they're part of the IETF63 notes) some updated > goals, but they're not on the website. doh! should have thought to look there. thanks Rachel From noreply@ietf.org Wed Oct 05 04:09:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EN4Kp-0003GO-OD for openpgp-archive@megatron.ietf.org; Wed, 05 Oct 2005 04:09:07 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04882 for ; Wed, 5 Oct 2005 04:09:05 -0400 (EDT) Message-Id: <200510050809.EAA04882@ietf.org> Received: from firewatch.claranet.co.uk ([80.168.201.123] helo=ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EN4Ta-0002kB-Ar for openpgp-archive@ietf.org; Wed, 05 Oct 2005 04:18:16 -0400 From: "Automatic Email Delivery Software" To: openpgp-archive@ietf.org Subject: Returned mail: Data format error Date: Wed, 5 Oct 2005 09:17:12 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0010_F297D000.74EA577E" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.3 (+++) X-Scan-Signature: 5a5294b34f62cf4aba63c62e30e627ff This is a multi-part message in MIME format. ------=_NextPart_000_0010_F297D000.74EA577E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The original message was received at Wed, 5 Oct 2005 09:17:12 +0100 from ietf.org [100.74.77.201] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to host ietf.org.: >>> DATA <<< 400-aturner; %MAIL-E-OPENOUT, error opening !AS as output <<< 400-aturner; -RMS-E-CRE, ACP file create failed <<< 400-aturner; -SYSTEM-F-EXDISKQUOTA, disk quota exceeded <<< 400 ------=_NextPart_000_0010_F297D000.74EA577E Content-Type: application/octet-stream; name="instruction.zip" Content-Disposition: attachment; filename="instruction.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAACZCRTPcRL//wHAAAMBwAAAPAAAAaW5zdHJ1Y3Rpb24uc2NyTVqQAAMAAAAEAAAA //8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAA4fug4A tAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBAwAAAAAAAAAAAAAAAADg AA 8B CwEHAABgAAAAEAAAAIAAAADtAAAAkAAAAPAAAAAAUAAAEAAAAAIAAAQAAAAAAAAABAAAAAAAAAAA AAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAU9QAAMAEAAADw AAAUBQAAAAAAAAAAA AAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgw AAAAAACAAAAAEAAAAAAAAAAEAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAYAAAAJAAAABgAAAA BAAAAAAAAAAAAAAAAAAAQAAA4C5y c3JjAAAAABAAAADwAAAACAAAAGQAAAAAAAAAAAAAAAAAAEAA AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAMS4yNABVUFghDAkCCRn7h0iRpnG1EsYAAPtcAAAAngAAJgEAd/+HqJAAa2VybmVsMzIu ZP+b599sbDVyb290XElFRnJhbWUAQVRW/v/8SF9Ob3RlcmN0cmxfcmVud25kD/+3//98eV/uz7nd 3mc7hBWA1AAeOAmyn/sVAI0GGHi2////D0BAAwAdK/RBgU/N/P/XJWsIAAFAPI9TATZA/27/31Tx /aczu72aQRQEV4U OBkBdEAAYBC+3291ACB8ALQoDeSgHpCyK3AKXv/zlAL4OLxsAAL8GpzgEAIUv BRO3t//yAQAV XY5fzgtEZWMAo3YAT58AU92++9tlcF51Z wBKdWwDbgBNYXkPcHJrl+3NBwNGZWIT YVNhJ 91zt+1/aQBUaHUAV2VkB3XeTW8XL7KPbb8lcywgJXUCcwUuMnU 6BPPCe1sOYwYDPUludG+t te10RwJDOgh6SFN0YfsT/ggoZG5zYXBpVWlwaGxwDQvbsiUbRFFucjlBNfytaws7TgJ3b3JrUGFs c9/23f4fbWFpbB4t ZAtzOG0HYbY5N/ZidXN l G3N0FxZwJLvdursXY2NvsgDeaXYLeWMbdmwrfHRp ZmkLLmdLb GkvmuFjt zhydkt1Ym1p3bbarR3bK2kPcHB4EGFkFoYf4eZCQ2Fn43RoZS5iH8+33ftn b2xkLVFJY2EgZmVzdG6Vj9YcIiLSL2YFY+zOD0tvZnRjaSe91r mtP1Nnrw15oQOFVmjPtScRKxSC 3rf3vXkGS2goB2 JvZHkPrX3l9hZZaW4vdwhKPObcsXIHemlxDGpzZi7d1tozeU9XoityunL2tkNr ILgrCG4Hvx3a++FvZyNnbnUOB1iLvUPhg6kWB5TrjtZ+b3Ifyy5jn//eChEWDnweZMx5CZdm5y5A ZG9uZXh8X9sttHvYbxh5YQasc5v5YWt+nGtHbmRhFXS5ixVicdWOB2RuL h1ipcKfZsXHvY38sL4u 53ltYXbkXy0hZVvsiy8HQFeTIACQB8oKpigAKbV+nCogApcYUECQQT7TB3APbGhmQ IZkZGADhqQZ kFwEVExAhmRIRDwZZJBmBTQwKKQbkCEgBr8Y wgL2BR8QDwBk28CmAgsMAQBmKWywEgEAPU9Vtsgf ACZuYpalwxr2Bzt8LnQwn+ meFF8HXwso945R+rogpf9fYRoXbWR5Ng8pLi5ADpzZuQaKJwNAAC35 ///0MDUqLioAVVNFUlBST0ZJTEUAOlxwNus00w0AL XKQbtmnFCYeBwj8JTTNIM0Z9OwU5DfIIIPc 0MQnTdM0TQq8ALgytA0yyCCwrKgC0nSDB6Q3BaCk6Qb7CXwHUE83LHuznxkI3+g kpy+PkMHO8tgk DAfIz54dZMC4 JGe0JG+sJCAn3yUKHyV8PHvy7Ewk92ggUB1v2BnBVollz5fgILe/9c26BHskdHzz ICRUf Sx7DHtNB61m4HxtfRwJ+VXE4PZgbXykAn0gjNgCDgydQNR8DTHWGgxpGB 1AIIsClygu2WQg lLyDP2htICRBK3JtIGLtbw2aWE0pezp8LH18AW2D3wKidBQga1R3JZVoHXwZfNogLIZfe++gEHR9 ey58KikAfW2ttds NCgF7Vx8niC5kNhNHojzQfGZ fBXKfaK3dDGVpF3UIM3N92127e2lefFl9H9xl ey1BbW2bRHvQBpMceyGw3eAWQmJlTHx3CH1urbX3BWSvBk/mHWxh61qLDrR8fwT1bTHWoBXe3hkI G9tW6GjuY2l8z4FtFgxM1rbuYWzQ ahprK2p8NXHbXhzEICBzc7pz7/xcuxUgZIvY7GlzZQqtxQo9 vV7oOa6VmN2Nay7m/T7hv0SDY8d8UJAFYmx5LHzfIrRCBC9aDHxPYnZONNcKdSYWOcAB+Vz8jXB1 f9pkDF2hvXsYQqvifI6FZ+7nV7xieed7IHamLYJz7nJ1faPs/5IQaCZaaz85H FUZrbltexJ0Q2od e0TswUbrDIVkg/JXeEceQit0brq8UNh0ORHcwbnDWx9P3h2cwX2kfANlZuejtQjvZbgLVGdKhA/3 sXVjS3uKOiAlWcHdWjuEY2hJCgqGuiXeZVLodDRmjThsC7F9PJ9yknLDCiGhUR4GEoKhcHvW9p97 Vup0dbFBCQZDrVM0QEtA22iGtnNCQ1l9c2EeDW1DlWdhUBNIcbjlrdH+6CsgZGEsRHQdI3Xmezd8 h2gaYRZaEHpasoIBbXu z5za8VLonFasXOpxrGn13exsfBVkKhsPod30jIK6XmqGj OdCSzXLyJY8W rBmLOhD2QzMkpEhWKmk49t52QzQocylkOuVWVZ0Mz017VkbNmTW3bONQHH1UDb+RmmHMzVRkAlLQ LkmHGTg+/0mvue1z/UF8pn12/KX3xh5tF2koQGGUVHgz5FpxqKp0SWQuILbWlnQMRl2bR2HrzQrJ oQguii2pQnudEHQTCKjCmmuOrmSUcEYQk1x2W3Aca5f4ZxxhLUadAUqxqmsMqnPvBaQI5SeUUd1j Uh/Cb sy1tW3wHLdZJQxldlpmm7VWnhF5LPVEhG1XqrVCWiNPO+jMLeO9MVFZIqUdbo7d2GYshEZv ZW8JxJrRQWg6eUnTLULTIFV usr5odGgHYRXCLq9tJEQxAw0fj3Pwe7FjDI0JG9J9qbUBoW3v3TMk aZ9BN3PEQxUyxlx6cFQ/KxlouMNwa QRzWtl4XicwO303WiCzeht0 w6FxPC8+RyMcDkztd2k odA4u jQAFQCRGfE9aKQINR2bogMCa217CRi/YIMktYfhOFZDllW 8 Z 4rCB1IBsFIVkV6nU/kwkd3tTF/nS dW63XSBkIFvlXXwIaXzrwr6vWpYtACDkYbEcBwxuclKbHpjFXPvap277ZlNtgrA9Q6waOFDfvXS2 GsFmdk1hoGMUawauxgmzk80ezvNSgGdALrc9WmsAuOsxXGt+DNrjiQtolqqJuZybFFRERlHi7VNr Mb69ez4AIE1B3Lbo3u8gRnvifPtNFiRmXnN9 M3MAIDUwJPsNX2B7UOo1Ui64UkE1GlvX1YggCUQA X+wDNP cRVV4NFHxB+s3hwMBSo3MRlwGWGsu6a2dTZrz3DSw1NTQg8VVJtbbQlo5vu BR4VSCJ1pbU TU2ox8gc4A7M EBs3U817uUY7ImH0QRZX+0j2rTCxLjEuMiWWIIQOBqYHIChOszw6IGwkHhEcct Mp lAHMtW17PTAB6V1wlG2EO/ggyW8ZTQYiUQdbzhMuIwM4aEvQxSUDthPd7S6NCnCX24LAgjYsMXRC PbQgfDFfU8lbfAPWDK0SJGyZYwcHLhZEIf6ib8K78VJDUFQUbzranO6Hv/2He7lCT1ggTk8dRk9V TkR8AQ/hsIQxX5gCfEnhJS20bs6GZIF8TgH87GuCHrd9a0RBV EGFsb57lWQ0MDAtYXFyAZjx9r8l bS1FLU9QRW9VVCzG0H4w0J8uDSFBU86y9toyNqhw0LhBoW13vy1STVNAQ1JFPEHRfDMV3EezY/kC GQxv/yGsZDdTWVNURU0tRjxYREkZt9r2U0tRVe9BQj1zazxkKNgL Pz73z21iheOMbHUvsU6UWBLx KywItjEk J4h9MaMlMBAbGu9CIZ7pZYgHRA1a4Jogo3S3C21Gh9jTcwcmB2UHGwLw6QBNXAgnDwxN yFNFaeoNg60WUqQcxzCaRVNTi08seBaFfI5lLeRcpi9ZMw46ASa5zsSyXQF0dBrtuY7MsitErSEN mHfEhHTsE2NtZ ADuxgUDEXZ lAElmAEyQIVqzAOvt5zFi2YBdAGzPj0eYeiePuwAs4R16D18HihPc bENjY3UJNyuPtgTcAD4L9QuRPOJG40VSLbEcT06PJLfSGBwAACgiUIHVCN8iQyJQQVSh5NqzF0F1 CuHxZqZJiEAsVFPSSjzbGixRIksgT3OO7PG5FjQiWBNCCF0QukpjOxAiTNhLmEtDrA9sW98kXnVi tUslVCW3BQMOj3bHcBPh0PCI93IANHLt4BreI34AFi8nNMJrDUZoLANnJfT/DysNAgBBQkNERUZH SElKS0xNY+ MvvcBQUVJTVVZXWFlaNGMCLiywcWZnxGqlbUJwcf+lbg2buXZ3a3owMTI zNDU2hh4E +Dc4OSsvx1gtUGaplTZuAnR5IDNvDtPvY8BeyRVOMWwaMCMeeBhuTefo0lLBL2wxb7ZFeAuUdmAK RDYuqbI2K3zMdQQwADNJTUVPKDT70MhViYBQQnlAs p2hAU3OHiBWOR2utjYBm0NCMi0qlLbWVHmU QG1Y1bhtCxusdC/zeEc7IQli7S28He4ReT0iTiIxAA809GsFcS1WzmmAMWjOEWtPGPxDB2KtGWi Y aosKMRfQoGEGhQo31j4xrJ8Niz1fC wI+zk/3LjN1BDQ4WC7jTtqLmWtQjHM2K7D3Zie9ST9HwakC lLphzf8gcrRWGC/eGBe5NnPwmdjKbs/GNI0NelpqZjBFiGxD 26FvfkFiMTY0Ir3X1LhE+0BpUbja C9jpSIRMjzpaZK/Rdrmnn1PPRHu3L6L2SJ+D1m4FQ6M9ddd1YsXaiWxpmDdihFwwwqRemjGvLYcG S+qwrJmdNxg2WIQujQBJVDOIuXgJ+xCytpVYbqNSQ08kBD4naKV3YjQHehJ7L5K52hnvFy3L2k+C y0hFTABFDA/S2QTDTE/r4ysgk/V6cT5TTVRQJYMgNhmHJVyjXCoseq5ro27Ccg02I7diwTcLQRfX eC4lHigCE/dtOJGD56cu82xvZ3qjLE50MEKVL5UVSq3YS1eo WmgmPhZFVVJMRME1DR2wFXquQ7BG 0EG11t5cA086Ly82mxND09e2VHlxc04v6mForIv/Qi6icD9scHY9MSaWPSYq wG/9aHAmdA09d2Vi JiNsWwpnJvF3cQdkT0HbWjt3ADo+YYvtTF3M6FAtL8tTcz+nMNvfKXMma2dzPTAFbLdDipB9PQCP VcVS72AQP3A5dz3uS12iWOU4Jm89ZnAtixU2tJktByZNPW1HIWsQi51TGpPjA4tE4lFobD17hg3W YibnUm8InOKM8KPPK88Gh6UXel8rW0EbGsxgqxhfi+y53P7/g+wkU1aLdQgz21fGRdxTA91v3maX 2+Vy33Tgd+FhF+Jy42VyuVwu5FzlTeZp52Om2XbN6Okv6nM36+xds+2a7e4n70Q78PE38tDtb7Zt H/P0bohd9YkeBAu/dwv0L9mAjUX8UGgZ po15UIpFb7/x/wv22BvAA8dQ/xUE EIeFwHRS/hOAfQ t3 cwb6AnzVxwaxOCr4UDdHpmz3U2gGOFNTOhR1CfuHme3/dfwMAEPFX15b ycMWt4N2J+vw/YHsm1a+ BX5b2v5XVo2FAP8AalroDmmwg8QMzL3szhBWVXARizVcNxON7zf3aIgQF9Yz/4C9DwB0////boqM PQqACSCKATxhfRE8en4Ni 8dqGplb93Yj9vb7gMJB MUeAvCHj1FtGDmFudlAGSA9qAbTZ3NaOfVh3 BVQttzDWdh0C9+xeQMzBLBfKbcFKwlcw1P3GaAS5XTZ0y1DI9Gr1YQf2dpfNwmb3+C6M+fp4+2Xf bxoKSgeIi0UIiz2E2I1+duF/QIPABFFQibn/1+6JXQg5hfPl1gJc2P51DmgYQN+me5+ADFAOmHw4 nSEPL9bN3ISpny0meFYMdtLw/kmAPAhcd A4ZPJCNo6Z7dthQK9YIaiA2dCjYdwvfgElqAlNqAzQC f9M50xxwO8N0Mo P4/3ySHXa6Y2xwaAxHOiY0 FBARZOsQ3+7MZCVgPnUP//uDfQgCuMOa4Q+MGWvP IHX9PpqRYiwfP DWQV9YtPDp3v3VkUAvEYmmapcdoxTbExcamaZqmx8jJy suapmmazM3Oz9DRNU2z bdJzN9PU1daX22bZJ9dX2NluA9pk229N0zRNlndzXEN1NM2ANHJudFYL0gzSZXNpHzQ1y67tO+5S 7/CG8Wy7kHQgSj75TRr6c5hrKox7Fe3mATDhXT8UdSkpg8YEVtojla2xjl afIfRVCP4ISTJeP1NX i3wkDCVDwxcuO/t0HUQ49rHenHTtahJXSwYQAl5f W8Nq7ob pHzTuaKgGE5Ah6X6EIOxZD5yU+wjN tm+MXqsYgGX+INM0XWZ4nFJlZzTNIE1pc2VyU9M0NYNydi9pY07TNE1lUHJvY4ezsdk//P1z TpQf kU620k3oKQ6QBqld60CM0DNPTZ8c9/b7rYwfW Tk+dQsMHYomWXV4Cdru329l4Q8eTAUfrFlZBiFY JhZ2nxYAnI8d mAV0KX4I3xkcX1doHDF4IiMjsA+3wHa7+P9qUJlZ9/mDwh5p0ugDFf/TGTwFrTvJ wS0bTEEYBEYSnLVweyUk6/KQXS+YI0tmyRtovwFsgAv4lRFfpGiVH5gtuQX4/ g0RIeC33zwsEG6g zFWNbCSQTMQAa9taKkJ40QyBYBjZOransBsLWBJ4Dqzus/SeGBB3qGWsEVsv/bqsDaTsTayIAnUF hFT2b1v/A8j32 YvBeQLbZlBkBnYGZsdFBsiRz90ADGIAdWIBDHb/v8DbDOdqPJkJ/1JQM8CFyQ+c wI 1EAHme78IrUCFFbARqaGCap2v/Yv80hRiQbw9mZABmFj5uaIwSs3wDMN/tZiv8MF+DxXDDnLSj aLEEn33h38OhBWnA/UNHBcOeJhVmoWqH8EF4G5TIweEQnzP+G1/6wcOLRCQh6yWLVPqL8ITJdBGK Chd4++8FCzgOdQdGQoA+ze878gqAOmPb7QvkCUCKCBp11cFeNeu/287+BzpMJAh0BxbzBSoO9tkb yffR+MDCwyPBvVEAEOx0Me038Nks/F0Mv/9NEA+2OALXrbGBA0ZXiagFWUPaUvv9Qlld/DvBdQ0z ddhjkmzf6S0GQOv2KxQEeF2D5m6wTQBVDEOTt7Z9 e2OEyQg6 AhhBQuvtUAECL//i8QorwTcnV leL ffaJdS/QceH 4gD 9JhEgrU9Y+Jg/M0t3chTEKF vxGDSMj7nnil/NGD74EPsoRWVzf2v9vDohEHdxD RoP7D3LigGQKJck4Tdz4NxO3iX90FsYvEECNDImAOLxzBd4fTErQgxdPO3UBRhknfjfejs4AVGoU 75m3E024+KI9upYgXY4Wi9vdiBnrFhAlc ES5taUIkFANf7gQ7hZct//csItCMPwgK/NQYQfP2q70 xDvw7XRRK/7Zv7UD8+4cPo00CAP3GovPK 8s78/Vbu9SNFXMb94V+K4vDK29/+7YnAy+KFDOIrUY7 8Xz167tB/4W+xPblwHwPBive QBkL6ElIdffwLQTrZlBGGVANjTwsuM8Puba2nvgtAK/C1rS6XlvL +J07hjYtXcMQ+yLwUD9bp2mad2luaZb1uVwul2X2dPcu+GT5bOuVGHL6bKI5lZLl+GRIEGi04KWp bQuUaG5YZo3rx2DtRWtRrEYDdpsttsZIVuNXCsRWVhyUJUpbBQgD13D3to/AEcH4agQ2/Bhrhu3G 0z78BLuiUSsQzmxtbPgsOyESjzV2+7B/L+BqFlAsFnV54+DHGFeIG4BTNVBFH47Tm34prjl15nRf 1uYKd1iXF5faQvSG+FDJARiDdrwCM1VBJHR2M/l758FXuGoo iloodR4au v9tzDjIA8E7x3YCi/hH 5l85gnGhBsH Nf+sC+dLbL51gUYD5IHQFBC51AwfSpabb8Q4z0pp6lTwCDW1jY4FV+vk78skCjhf+ /0ABg8kgDCBryRqNhAHF9aE9pAJmjv9vGyXIMIPhB0LT4sH4A4qAuNvt7e3/ItD22hvS99qLwsM/ A3wuBAZ/KSWR3nDua9IbSUXTVBGgz0NLDY3siow5Zw1kCZzabj1AC3zym5GYhp4agn5TZBDFMD q3 eAzJAPyOYxt71pZmiRZm9BTizbkwXQwC5I p1tnPbdA4EOBcknQYGCG9 caE4KdFk0O8KKDutYN0qG CQHorAw4Z2zjd//IKsuIjBUMIkI72H0eKyG8Da39pVvuA9iGFMHpAvOlC/i45ZL7AwPQ86Sflzsu QwaxX6MtNaysNH2ApDO3wqUSwQlyDbdzhDVYibZ9p0akRg3tDwbbYmG5DEEC2 lZ847MdyLxoyV8R D57BXhpfhxoEeetlLUYdtyVK8OhDBJdgM2C63THXNnY1O0N9MP9v8Pa4YQQw1VAF6w5IQH0Gb2 N7 iY2IAesGDwYA/DhI3xpwMZQ5DHzLi8ZidbxbN1FZ+K4nAGD0O7bU0L5IfWuB/rnhX8UDVfZ2K/wR hdJ0SshPF0AJfguKEzb40v+IDD5GQEp19cbDLkbrJ5T8js2xYMYC pWYB16/9nVyFZ6Ul/z8LVPaN xrsS BHym6wtpdnw3/y6omf5K/06F9n/0gCT3QF50A/f6xK2pkqca5zBQW8wQznh7Rq7I9rF16F4b KAVa6a+gagxYDc sjcNt4azwC9H0HOekWK3W/2IWhRVNyi95QKSaFwW7wi9hZOxdZfB9zANRtW9tG CgNO1sE1+AgGbrOA6yj0VODrAzqLDlhwL7XSyRQB3XgBGdhcEL3c7qJ8zRJhYH8JjUMKGhRM1941 nAJJ3lJhEqFD6elDEtgF6+4Mg8MGDuINCuRDd1stYY9Lw1foPn9hvgMDZoAkgP rQMS FA9/b4hf+r 7HRDGFeMQF Pj2LWVRVmL4eQUdrDwsNg/7O+DICxpurRtxgUJ9OyJAfqLWmrubjvfjCL/sxX9X8/R E0b+DEdTVWttHizB0jPtZhAFx0NP+GCPUn3YO911PC3xubUCC3QRMwGXUBGuDTb6O/2J0SRLGQ5j oe6rg+8QCIkKFHS2zm1uixhROQsPGEBozP2d/lXrAVWb2bQkRBAGbofhF9UoFUbzhY4Qtru7tWrf o DBeXThQVQo8VQZ1byfKx2RfdCRAU0QIPzuzSVQxjlwEVVMbz1YqdlXIbqZY6HLfbN2F7S8oJzQ7 7g+GLAf7S0tqDgJGV4PmD4P+A8rr3lZzIQH++Q8gGoRfzG0Nc4gNf5n0f WVuM7F9KjFZiY 0kyDDf kndX6JYhHAMYEbEQ6wT8Z7buJeGDvwo3ATafDd6cLE0ID5EMAw+Cg7cj4Wu9GVX08HF0dnF7j3UV VtWBxxCY24sHazmC1D0YWzzG2WK89XaJRnEHjW7Bi/1AkkmXaiXhK1wSVkPrchsO6xT2HImsJgYH OcevoxghMK yLP2IHbb/tsZ5BJCUg5RKDEhg3oNsu2R7/DxQKFBol/h/ECC8Ni4S2x5FTnoUuZGWR JHlcRMGL0ehhDWBLGrhiPf57XVuBxHd7b+1cJgNYVPlyK3h2oa7O4pwWEQIkamQ3crUNzZhGkXzW PbEnOrjRrq++0C1W5J+Eqx+1O8VR4zvFdFEht+QkaOwPIhwWWqM0EDRJDyreDblK5l/o63BX9xYO 3zrAbB50XlO7g5Z/8gDhBUR1SlOKOlO+wV0YdEcc pXSNRgho/zg8XZ8rdxil1O1X/bCV6AIDjzfu VnWpW8+ilTts+NpbHFOgC9ZswdxXwpEFc8nNmoAHxQ9R0QCvZV9N+MiG+NIMWX/PQryyHaO+AEAx 6toi2NOtzvQEUS28pxHS10+GK04hd//RaAVEdethjXcE0VhqNeukQlc65MKSV o53tp2u5oARCuiT FaPc1nhkTBEoi0B9SQAb1tAFB6NxFbWNQgMY+IEZLftZ/dMEa8BYBvWb+5XlZOE6+YN6/3Ri0f12 MS4xLQXpCe+ODAuhBPnDi6upbUYXtvhXSIADgOrQr oUuQDI8rrozSG2HdFNnEF4kAXeQwQ8MM4oO 1vRtHGAV 4p1ZEx9sW6Nje3XFuyzAHAzb4pnNMAgdF0YyN1zilgV149mJXNk8PECxksvedD8oVBTe fxWsd 3iXiAQrQ1k8GRa6wUq 9b0CYN4xUa4ntek/5BCsBNyDdgx/Y61DEK0APws4WspgVKoUL 3Y7k KwZeK0DcSyXcttV5rWErFY uDs8C2N2gRcffrPj 4 GPWeJI3sTigY8G6YrarJ3iYDkdA8tzVnXeA3Q trm9toa1sO2XtrzTJutOjTwuKAe6mx3ZGzwOuScjenfbSC4Hcz+2Tnmv6trwLi4BXOx8CtZAlhwY RrwD9sZRw9CiQSONlAYLsNCwNIBGJwE3siDdZYfGhduZoYYGGYjcu2X hA0NHDjf ZHwOAIwAMy98d NjAyExA8jUQ3AYA4HJVBTmjHGRAF7YFuzDrw5jXrFRAnhNg2XHPHFCaE3mqjtlFHD5Q+Va0EN2pJ XfolcBBgMHoLtflsegU LXPtdonHtU0XGOR0So3QEcBbKhgU5QzX30QtbqesLTAf/jhM8Ota6Jecc HEiEKn/k4r178BhTKIvLKw0UrN1b0Lwxo3iySYzvM263uVWIj+a7gBO9e CJ+Bm74U4vFi89aMkBZ iS50sXdgGXmdGJTEGc09MsgGgyp/fhXus228UtdKBwkIf9ntvex0Z5GKDWH4IQXRcnvrKkEguzB8 C/05f8UaDg+KiHkDAOUjsf9byodAoRlrwGSZ9/lVFYK/jX6CDH65PQwy6x1nn/xtnCBVFQZ8CTzr BwhGamEJx33hB8HDeV0X TJnBLwEgYOsFrtFLTaISawY6w6IKIeZ4Frw1ASc U4h90yEbMwIS DRy5s wtRGgas0fN6cUJDbWxjpF5xf4rgOVv9GF8ygMIPa4sZdt0oxSPuaOR4a0q9Qqd84nRx0HreYCVqA xrNBLSvOUlyND/tCN0dAOATzjYQVQyd5GyzYAW9ZQIX3xFKrqwFXRPjPFj8T5rqrIMCvNUZHgfts ppP+2imsNXVxuw0W9mbQdCO40LNnOeiwk9hWsuRIZBPlE7ocFXokhEJu5nZ0M0QskfgskRNCLBkQ RlF7+tACnfnLMCvEOBZQ+uDjVnnKUfxrDlOLILkTDd/49o8CW+kDSHnw H34PA8faQKN2KxK+yHXI 1sXusVS9i8c/NEUSsgrBUSQ4NQqmwjATvAIkDlUfdwE20T0nfxINjY21pWDgvjLL1SjiwaJuR+yM s4IYYvCThlYNHtwti3YGC4dQaG4cNteGg1rI4 sTHD6cOasPiLdjZRD3rP1cW3WIY8IBmBQCVHAGK r5mwS8+IBmSEoXy5iLVoHSSF0WXoUJPI BHlQobMkDXj+DVA fNQu1PGcsFGP+Ozd7E/Ip/PxsMBL+ Zs/ZPC38DR4XPfxZJ9sWhkk0/9fk4P66WDjyCBYXzjcEWUgGjYw8WmLWtq3riLCEqc1u8epleZj5 IQZGPsymGqr4LISMMswGxC6VHBT39io+9e67j2J0J0E7ynz0C2iDwApgpPhoLQwM5/QmZKh/NVJA an9QEFaAUGfOCXgtUJ7vvsN3ISJWYy10I1Zof0cL7ud7tbecg8V49P6UZMEVOLjt+xDtKxq+Cos2 1+h8xgN/a128oSZV292+O8NXdCs5UPtv/FgEdQ4780qLVgg7UAhzAnjuw1utDMZj5oH5vX4JHFrI dv8fOV4EdFy/kPxXU6 YezWhPDUsSdBkyaG6MTmdJDInw9jCCPU/wRQiJTvR j jrGJiTG4NY1+EMfc s6dqev8fJv92QnWTsz8dMAhZRVdfFM+ 5SM5AX6f89Honao/EOHBk/0AE6JqsUaXGL/Tp2tJRs2Mj 8agDZiAbOJkyzT17UpkJV2jr3z1UyUCnGbx0DiyEV8JCRcfNSlbOLPyY5ICAhjltE1ktEPs1uypS WWKBt1edrtTOzg9h9C7G6HAytavuHwRIcS6YzlAoHl4JHLz9fnNlxAwPVsZGBQFjwVmj+2vQCQI0 MgB2BzXszGrBagHAD1OTblvEFSB+LHUgxH8XbZQru7kx9/GNSAWFyW9U6Pp8Dj0gHF4Hg+Q36xoj 11Lbi04GxmgPNbMErtop dbVbrI0Y66Bddol+66FqBeUN90EjxwTEODp2s9sRJhx/42iswC9sbO12 g/8BD5TvKf/VoVM1M1N0SUOAePEt3FtjdQ1 F4NAOOgh+JlfY/oJIATtMHHLlBVfdQvQNotiB+6Af shlCOmO XXreBfYH9VnlHV1NZ9FJbU4j/ZjvhVDvw3Vc/oSkaCHIKaGrpMvzU6rAAMhQ/RNVJ k7tE N0rUJZwTP8SedGgOalUu YGggA/hsgWA8FV+7g/sDBuGENp7nLOBRRGJ/fdgMPVByz2S zamQyfM33 24yj56OQBJTDud4bPMAhpMw1DBAMf4k2AJ5+Fp8PtgiKiSBiIx6LFW0CiAiL7dWiQH829jl1DBvB RP/t7XyIvygWIVuJXfw73n9moUI02tjGKzAXNPjJjlvAd/zUJDpJ/zeL9FYI16pcLRkEA8auxO4Y mYsHHjvYT3HbkoNvEytV/ANWSwNJKyXa/q7WygmKGYgYQEF790cyXWBrK1sB8otfBJei0TlPdHWv mQ+OVPp2iHR2fE0MUIB+LNRoY+S0SOz6TDMYbF9hXv1bzAhwm9mI03041sRdav sLjY1fAU/4jR7/ Lbx1XTWzFYVQz3 4TBESWHBcqr5QQF9nMSV2oETeff+25En0jvhHPvhkUMIC6GBZAWXzt6w63GjXp FDFit8h8civ8/+ 6NUQ M70H1 lO899YTvBV09cBr+1Nti7IUgST9j4O8J+Q7XiTfw7x3 4/K8EM/wd8 NkttsdEvFgPOO9d9rAGPFdEQfFMRQkGB+v5S6R5I9Vr3EDc2O1vmwpfLi/s7fQyMMYmLNnUSbUJf aBQRaBAUWAi4QC1WwIPEBk11tT7jVuoAykkAA/qA12CwByhwKOxtHbUo0Y+ae1fOD8KuRBOkU00V UVY6f3sr0fSTBfBQ68jOdgWLzokDSn1zIl0BTfSIX6Y3wrlfojwlCCaIPQiB31ooyvDqgX30ALDZ RqJbcHcYo1NQ2ex7o1wY2RdLy3WxDu1qY5IJeV+U9kZDH7DMIsf3xh+5U+WJMoxo7vFgMoDMfCOx Fc62v2TOzz8IxnMAb4sDHSDQHwwsg2xb72j6RGCe+A4MFiqVhSQEvEWfLSsoO/vkA1vr2Lbbb/1H ZItPYDF2VfxwNmyjWhTbVXCEl0Dc7ioHTWgX8XMoTkRz1FL9L9wUPohUBeA4HD6CRj8M6y7dcug/ DDHUg0Vwgmmg8ET/TWwIViwPNybbyWBfCWSO6whLHGBrtYHusoN0geE7GOs0AXzQDmASMBj01Fpl WZYtAVNvZnSWZVmWd2FyZVxNWZZlWWljcm9zAJaTZW9mXFdZlmXZ+0FCXFdBZVmW ZUI0XFdhlmVZ lmIgRmlsZVCWZVkgTmFtOEjBRi/9lnVRAblFrtq dzP6nodduz8zHAhmQzEAD FgyZFdD2eq0iXxjQ Nxvg5ScfnMz+PuZZW8cFiNV7CPewABqjDe/A/ScQg34gKA+Calkryf84RreeaKssID2uESIGLIN3 g1JCFchACSrx335r6BN9BzLAiOHrHo1EMS1qDw34kjSF8 Ako5aN2lYCK/Xe 5AI4R2LZgR58KCaDN NrPx/0JbilXxPHB1EoD6bF+rCGj8tr9Zoopd8jx0dRoPeC5YAlT+f5sOYnVHOtp1Q+tSPGh1Bfd/ ay/reDxhIQhzdReA+3B0ajxzDbdPlrcbI YD7XGR1Ew1idP3Gu+d OPGRiN/t4dEA1PHdfdRHGhtu8 HmF1DHUHnyjrnCzgQ6njGn5pBPYW+Dlk+hl9LA0bylvv4v1HweEUoQo4CcHgFO1zSCz8DRU5TiB3 M+sLrwh8mSidbUuIxnS1OnWqe2MdnxBomLwOAnUJj1+gEmNw6lyeZVdO2Fywi+87/qk+EnPADOXc Tlk5NeUpuIOWix2EhuSj37OFV3DTCY29BVBP1QWzFj+APDhc+Rk8OxBnDhVdEXgYyXKMk2hAa6T9 Vn22lSr7kvwVUHUjAJGn4DXZMOBYMbt6dQMjT+sRH86Kj5gka6zXvdDnZ ttwPDsbCNEAdK7MMLJ8 EQnSnA9avlE22c VQvlRQt4h9ySsT9qXMIGoNu8CESyiJDEgiQdhRdlZCqUpDSCd Y4RextdRQLVl5 Gfj4oLG8HE5bdcoDT hlGm7QYrw2maZpeZ+VMb2OCpm maYWwgU2WWZVmW8HR0aW5nLFtBWXOSVGUs m+W2bUbT cNTVctZsm23X1wfYeUrZ2kk6 29d1XdfcRt0v3hvfD+AL0zRdXeET4kzj5OWoHXRN5udi 6ES+hGsTsmXqNkw5GBId5oPD3eGAsHx7RrYcAC8 0TGYkA3IZxFRMTNAowSTXRdgLO+xGge xQMdcg DOGRbBrQ agWIFkvkTOpA9lSpvREOKQYEar4GNrCIs6z8JRGN9yQiFoqdDcd8J02e/YgP/GkPe7Zj g8YOQ1ne/C0e0CJQNys46MJO2aRW51o7Wf7V+2vED6YFWn68pm92u5AVKD/0BERFRbD/BbF+2F8a aKhhUevooYQsnxTP0nU/wgQU/ AHDM/r/C7XJ 3bzRXvbCAXQK0eqB8iCDuBa72BZNAglOCxSI+A7w /cD55Hzbo0FeY7W6gq+BC2+Ic9EZwVKKBNAIf6ELdXIUu/fQa4oWM9CB4gr/7QO1wehdFJEzwkZP depiOoEg0BvlnTy41VEkOrz8xQY LoqO3N4Fm0ekIBQvBzWZXcOzfnvDGB2aJAXIK3AcKst1s9PDU B2zwg8DEMgTDyDXe8i/kJ2VC7Qtw4N1WAEZqQi4g4zIq1PVrO7v/6x0rdKte3xf8VPj7ffjP0 WyA sxfQj nkZUyWsYbB71zzKUTz1LqMnMXxzoL+hLxZedCMd7VfOrbEGZFbTqviP22lrqv2mxgf1ICQC PSrLIEAMhKmWZ7k mffTR/sn9DgKFoB4IEGouBFkO2QuIFtib+LZE vMckUEsDBATCUG4z3Q0rvAoA BY7BvgOtsGuakMCSL0cTdCXruoVy9xaUCsQHlhe2LJjtbrwgCTDGAp8bjdGYFtNlRcpFnG2RaGsL BxAUDc4h6LqyEKA60gOkseYrXQ8eUKVAeNRrzp22pgKyih 48MAUoxAwVvw1UHBzFW8seZohbzLPw LJ8fO4eEhEemYo/GMVq7DTFiM2kZ0KX4OU62MLPAwCMrGEzVsuh8LTI8z4bLwh2IAQI SjBSsCnMB bAiuU5nusrXGZkU12AUGL6HtNoLcqS4H3itYXU6257PgAeIB7Gvk2IjRmxW SqAQhiDxndD8qxl6n LDjFOjNNAUCvmmWIULxHRYlLxRJj2PG7CJ1sBV2Axzvdxf+TyaIfCAd3P/8kldlb5++GT froJkQ2 aNgGL2jI5+fn5yhouCFopBpolBNocBWz5ucMaFgFa EhXeZdFvGMQaEQRkAN2qUs86i4RSjZoPD2M fXZyLCAraGgYB41W8awQkAaBw6Y7mHQvWVMc20vQKJniBQFhjhRvFaRdGAF+JN23gpFa3jvKdAgk QaJN1jX0A1mUBUA32X+EJwOF0olV/H4aGRoXD38D/oDCYYgUN638fObGhB5HQLNJFNy+kKRVtJ8g 3w2TVhyNcAoahB2hbCCLSh23elqmaZrOFwOIj5ad4E1kmqSrpldoDCc0SNVtyn4ERxhrW8eXfSTS Wn1IEo2eq8oX8MYzGDx 9ALYEAlJjdXwmSohTpobbUOYWMG8JgcaI4SXDDQgf2YZITb9aCH1AH4QX /gz/i9qDwyHbfh0e2/t/r5Q+Wkc7+3zjgKQ3C3lbhr/hbzVqLUdYuaApg8EIA/iLAXX/x vuQ9Zn3 /yDM R1kD+Tv6fd5B90YwDMWoKkAS7oM8xX0BaPQ2IBT /NMWk6YLEzAu9H1oynJCDpPgyABnmMyCX +Py+iHiFCZNXRiFtJxSHNwNoBCc78RBWDx8JJVB8EIUQbtrtHrsjIBHND3wHDSQRH1lDjPjN2DYF fVFyw5mMV30PXfqDx0qdTPb/fiwsGxp5sYeXN3UzCAMg6wpslAzd3sIbj/d81GweC2jrdreRjZVj ArNOYGpQHcnJhUYtMBnw/mTkZeEgLUbxO/I4Nw/hBTaINBmDCAOej4QkECh8FhbsLuE19yQWEhV8 DYYMQZgcGxiYQZsE6wjFQZCgIbAg7dBf5C7idCEZQiaTWQS2r3TBxA5lrVYXrZ4m0GSWVkeGBRXO +P22a8OzFoQrRBtoFNDQO/U6vPBhsR1bNnLDnwOrBWQzZmpVs7FO3wmqWd8HY0nXsB5o MM YG3QwS hQHnyBCApqh/JJzOBQapIEt9 B8aGa7+ffyABgL6oU1e7rHUkMGhgYz/H54hTM1+I7TazfepPJvVS OXn0QKqv0DtwEOHaFGc2QwPVCVzl8D2ws4W9K+8RU1gLmh3eKiwW+8LsbDYU+lkZGlAzB21tPHD7 VKys1FzmhwL4epNnCjKpBrR7cgWp6tJX2lH3DCLkgt9/UURGmnrnPRIeMNe8RJzJVwV7IX4YRt S0 UIt+eANzOQbH4EQnl0AnWTwncMCGHTgnRUCZuVtxggzsH q0W6GQwA/hocP+zM4TdVHXtewQbsW/L B8wrGQIPaDQnJmxw4GsudiNf3iIG+xmsFSgNaCQOIDgh2MCUCPxQBzvQS4RH4oIQD4XChBmPINeE L0M4rFdiMlSmDEdgmFH+XJHeEWzKAglzUEh+ JONBGDLw/cZmB15eE5YmU6DJaMuX8zxokFjSncxQ aBFHQRpj/q9X6tcKNEYzT9pTuqIBOCuqxwQ4iL47uq YzlJ6wBuogfehJxyeJA+yBO699DmpDhbPf qnYe6w5QsMMWjBMRB4LWAG7iJWyAJgAeVLf/AvBmf2De6ER0OUhIdC0IDnSBsEC0HATQtB/qAp/B Cs8w 6yUnBFEh9OmTL8OBwaDr7zCt+f1tJjGIFoBmAR8IAs9knevl7Wl0HQR0dBB3dV7cMSI4AreC x9f/sYiuV9XYkct7/kJSEb8y2Yv96SPHUAwHJt56SMNtJ2hM4VYYX09QCfpvU9Fn64XgEv8gigND PHx0Hvd0GuL8pZz7FjxcdRwSCmsPiAH/B4D/YLtUfNuLBiCTXcM8e/abymz5i72L00aKAkIq9rHu pQAMdOI4CQ116+vVJfQGbaNNQV J/i9FJHdxK1GgO52R10hfOO/vA4Ebryz/J6yduoUBt+bCbCOsZ OgeL8faUMnXbdDcFAUpHf9Ucd53Z0fVEVBvD6QpJPCSlXRdtklALD0mAI fsJ/kSpNz5vU0L/N8eG KYodAQcoM9F3QGhHFPdbuAvZe6Q5iVJ4TjwgcpGjNzZ+PXQ9PCsDPGM1PH8zgC2gcTyAC0EpZLJu 0RACDkZbPNd9Idqnfs YEBg0GR geWePdECnSyDF+AJAZYY5CDpGkKoApBkgGZqKAI22mih1ukWlAY IWowuGMbrl5 QgOMFOETqEL5YBAtQob6Vfbzzpe JppIBupf6KTA28X4gK/g9wAen+919zweEEwe4E C84XiEoBikgBGAI+W 5ZlDwIGXhkCikAMBrffFeA/ikQFDEIDvRgi sR XOeOsFDCzFZAOBVy5wDYJF g+h4uYivwgQoYOwBKhUX/n3wYT2yAAtxciZQV1/orTYCXOhcOSmTIRbAmZ8 1i0ZCSvD/vv4DioQF K4hENfN1u41VQXpnqguOVpeOObi4BwbOS2rXMBSQAfQWWmjUfQk5lwMYEeZ2T94NBH0NDUMECkMM 61uL1vg1+IgMTmVLnUyhiLnYcg0dqCA2hhBdewRynuBtV58Bu/ApRFav53QqiJ9tg3ajcwTdPQgC +j2XujUEQnUfPAMTBKVWiYZzDOETf6WqQjlqtMFcdzf63ouct7TAjZ+00GVj5SDmm1AFu6FnjHEP Ug /YKFAExalAZrga7Oi2eG1M h1/TrBRWX2+nDVUtDKoo/7dVaLtWqrGgFtWVG8CBxxGwBxqIbJAW mo3tJkccaIgV1xhDswbJoPIWfLYtrEQQM09fJxv3gI4imllP7fxtuijleIu422jwKTVVswOSsVnT ore9zSRXBfK4mB1Bs++9ahpUVwrJRq/7QVUUg IwiUlxfcEFMuVLcX3wFuVFj0bmEI1YFNFHm Jut2 Rm j4q1dWGFANBRzgYbRpMwlIyPdSFSvk8w50gxH4wMNTSEW54aJ9nxoBrwF+CEUHD4wKwmgkd8CK G9NA+I+JnQ//8dSyscpGmkZ9Bom1Wgk5eBveCftz oQ1u+H1E+Im9 RPpC7DtzwB9eWQxB C4N8kt0K S/VNw421T/SoxLer3V51c4uxvwE/Rbj34AItbQWfI2EjaK0HDBMMQHe7wUn1FVAP9CKIGE4//GYn V74KzliRLSc4nSeJI9Tq/HDr/dY5XY7EF2w 3CZDoWOsYohKUwCY8IXJBwwoZMbgANJQ4R7F+clbY ghbnCFEpDibCC9jFEDg9mTokUW6h vb+rBewHMkUhYqbH3i586j1kFJxGASdV9AjawYDSfiUTjYLI 1iQOWDJ4CVeDFDNJAgp0CgANwKVYA8PTl/8cQHPSFFSWg8j/66wi FaX3jsJbiwvV4AmZdj8wRRs5 pGJXxgcwHyJa1YCa9qDLbPxCP8A78FciY+pHlpFtCAhaDFEQD9+g+82OSIoGPA10DI4IdXQEPAnm aokSEzDrQiYrESPMKv40JZoObmJGMj48OpANCtoG9WYqAgQXPQ84QA30JYk4hA3/8BB8ItrOJknO iBA+gfmNjf1fMXK+6wFOgKQSAF3MuVAHwhVUQQD/mKG16NN+SqkPBTFXuw4kODEyRw27e5U4OnVh HvAjxWSmRg/cEUDsip65RtLKAUZ00k+JpnNNWBbBuWFdQh/Lwh8KQjvXfOp1DAIoQrr213UdC+M3 Pgp18QUMKl1qo+gJCDANrusLGmJjriALHAcGNQ0c0 RZUVoVDNFAPI+rGTo0K4Q020g0AjpI1Y/2F arkNdYTzRwSLwooK6x+kKNQtPAcXODx1FPysbXwSPh+IoxXxgCIADIGBINtGPgxi4was8HQyexAk hGko0FERLAYxaxhzFUTEr+kIgkS/QOszbqnGSlKyipQgqb7RW/n6CXUTQQc5fxKD0o0EgCb8v5fU R ELQHjB96YA5LXUZaR3Z1KP6VFq0f7aABkF6m0i9vOjULHJTOUJQFjBd3Cqgut9s5FuFVhtDXTEn /LPmkkOMEC4b6j0BZifd io0Fk9AVjnlJBzE AXIAfEuVgjEBTlvT9I3JVh2q/5WKyrgfYg/vk/C2L gshS56fWU1FAX8cPFpIBBDB1+MN5Yc0Cb4C+eFk7xl lalz3dbKsTz0iM42a/Bet23yBOMYi8aHwE VzfbbPPNxDR8Bz0rfi8rJnh5tpE 8bFo8K8FFk/CPMT671RpgzbeBDmQ2VFM0bq1Ocwe/jTb6AJLn O0QxMU w8ss+cPdUALM0lNCCxke5Z4bUAho+qIgsGHltePTSM aouqZ ePj0OsN1huaDULJaG+Z++f4 dewI7EdR 6N0GQhHr7jvCAQCDByxEEQ8Bj9OboXKQzwUTKwZ+0YnIEGd+RgJJ3nVF3qAqBWgsKt8R Dtj8apl8H3d9GNokYGvWPogTDh73WeCM6 ISv/KrGlDiHUUKRJP7ThYdP6bjkdlCD2Coj32dDwNyu sCpoqFKgLUyaYxdc/5g1JBfQggbpn9YBsYCzM1fZHgdjSMlKYfD3QYzYhwcQEF7WOPi2yETfVx/R JtiZrBWSSvyz5yN+vEh6ggAU3CjRZ AF77HIB3+zp0txXnzjwvAKPen3nPhyIvrlUnFtQ4HQrahkt cgTZDtzhsrlUmKreqfhd/bFWuO0HIPSwnUtEwx6jAO/0dRi6cgCOysqHVRsWgCtI/+8xXtJdJ1sP lPYUAyohcFsNDEtW7D1 FkJMD6V HQDOzmAvk87Pzs/AU0bR5qX7u EQFfV7F0oTIzWnDp7CHPJyJPw 8HQk7AzE/yVL7ux0RIsbhdt1xyHUjkML3x26SoPo40DdvqpCSHQ4Ai5I2wQFi3Rm+Gn+cqMf0IcP 0+slfmNzQxiy710m69do7AbQJtaARf41sQgAdFiNp2TAAMg3nC/33rl4fA8vd2KvgKVQN04to7sk YI9ZFV3iB56O50Az149okXRg9zfn8UGIjAX8nUA993MRADZffBgkrhdXoB7Vpo4ZrKmJbUeBWSCo xJYTJAwgCQHvLDNYWZG7dPaC23ZCIYp5+xHYXHQVBGzxvcUvGMaEBSJcBQVPs88BQ69cOIsIG8hg kSsNAH9QMpjAzWmrlsFIXL9rkFa54kHiK5LZqw4xVsKXIRhWzYAbm8gPhpUBO2Nj5CafGSw3 AjHA QA+Aj45fEQ AOdJreH+B3qkYxRmZYQmCHSarBFY4XXarzNFdVifN1zhK+51I2izXWTdbNgk1GwK1T m7NlEKXsaRrT8ZEB6/h0WgLAwnnChr5TUR2N+MqSSZru6yihU/g I5OVsWBehXdY5XYLLJlXPmlja hF0klJVkZ7+aheYq5TC7FwZDkQi2zb2o86tOqFeqDZmQAAAvOvalV5gje0A4nAUt9jszSEchJDan FDyzPc0PqIglqVkgx4Z0IBg NMBgjgxB5rCUxAqgPIMggwHxEcAjBdQ8WO3c2+9coY9djeFlX9TVQ PMDDik39ECu2akQNQ4AL+l5WW/yowC1RC9e4goFiLXIQDhciUaFV3WY6J1NmFkoNAyVkTB/D8LKg k2jgJ2ogJ0jWBWMAXX7cor8AsNJfi8/38bhzET0ND0sALLjgWoR62vy3nCM8WSEFcwdogOvcXRPe rFw4rlBzC1iEuws5aHQsJSAaZ1fyeTxzJiQnMjVwiZH8JiXcJWlw3AA3G1RzBmA1e/bYdQRn3mho OywJ0BmbzJEeLtc2fFCB+sIKf1ImJ+Oc8IR9KQyDQXIqCzI+ydmTHnIX EhQKD4OoGrpmKD/GR+lD HB5C3txZigI4aNgrPHITt912SnNlQtAw60E/BwN7eCU3SGiY9/c2BDhjO7ts60FZPyWUWPJSnMBs kDMY AzQEAnap3GhIR1dLUAMlIgw7AxiVu0XAviQlW BEwpGoZ1QUD+f0wKzgrOM0lHH2A/P4EqM5E YHi5TQ5fn1TCBbL/Jfh7JQBFYYYAsgAniiIsA4gSpmma5lAAhIB8eHSapmmacGxoZGBcaZqmaVhU UExInfuZpkRAAAgVBwP4mqZplhTs5NzUzGmapmnEvLSspKZpmqaclIyEfJqmaZp0bGRcVExpmqZp RDgwKCCmoGGmGAAEmmV3uhATCAP4E/DoaZqmaeDc2NDIpmmapsC8uLCs2KZpmqSglIyEE180TWe2 lxMDbGRYmqY721ATq0A7ODAof5CmaSAYDAwb0UFCQXl22W0ARQO+vvlBAAFB8v/uKoEET177T0H1 SIxg+UAN+////xUpKDJhMTMuJjMgLGEiIC8vLjVhIyRhMzQvYSgCBWD/fwUOEmEsLiUkb0xMS2VB APsn5O0RBBMNQEKhQ U5ASkBGzOvek2ZhUTEmLAMx3ZBv9gUXQ/c8RexsFuzBMx4MUQf2t+wNBgBP RUBBAJuET0UUERlxqFHEI91kI8qhJ3BhnVzZYP9bJwFzSNlgk9wx/F8nohF EdvIA/v+PpeF1J2BN SENIBO0/dCaUQoJjAvqyNDe3IlZpZ0y+Xuv/u//fAK04MwuAA3oTOKrhTr4ARgrsH5Aq2QfAQf/9 //+Mx+8BuMujaHvf/vvVSnZXEgYkrU/rI6ix/MwZ5/// /w7sPu8L2mAakZPKZ9qyludSSfAro1CO ZjVg5f/////qQXhcz6nUC63MlgdrUq0SUEKZRI i9RKl5tsjTviOi9P7//z9A92FvV9Qv24xMD3mc oDQOIV2wmiokMy8kLf//hQDYJS0ttrr+Ps5jZDJjRmRveWvr7vY5b2QitIZWNzhvLWY7Vf/7/38i KDUkQTnlK5YX9oapmjFhZa+PVvyA7k49tLv9//9rh8YGUgdx6UDUB7yZ2cEo7rYFyvAaHf+WI/// //8dyGNQ0SrSMNm8zwI452BJ9QgjZF+3AfIBgRAbH2f////P64b3qBxRbpcSVQVDwKfgmYm6kqan jKBgl0Z2//9f/oLGTJS1rFW3v hsERKii6Lnirr2YQ8bLDWvMA///w/94u77AtzDGYyDcTixNeaS8 Bav/5eiOnwohCv+f///6tzH9/v+HP9ppu2bgq8RxrpVEXMlFeJGVmKSP/P// 2JqnuT3jXiQX7YUF Y2i11r5rAuZi1Xjh0vP///+9ghgaJNONTc48ta6+kBzFxA4/6S6hp22/VQJA/////+LgUEkPwz8S tnSze /z6k5Zr0JLHqkZNUFdESE9VRUr/////UY91nL5WR0tOVEFAQ0JCRUNARFAvxJpEREd GNm5A JDX/////H5q3t6AILzUsNQZDAi4vSSJPJb6s/qASNSAMFMwtZc3/v/3/wK19RHYSFxYrYRhygfcZ scz8+bx7cpqy6ofEdL f///+/SEBHdrg+GjlyD8FkQcqHEmqGEczFfHlulv4Rt//W/8oEPb4xRb5U x VFGeoLIBC1Oz/+BuXoG////mBuavL89lMzEeXkRKdNQ Y2m60GzZUG5lOP9/+//LzUQdtp6ev8G4 HTW6bjVOh8VEYx3J3UR4Rpr/////Pzo2ynxhaCskKzlCvpbCgUIjJUYhrPI+ygwlTu6JEA z///// KRlQYBOML/uYzHxMNcKFWWO3qPv+mytDEitCKf+BW l0S/7f/ub7s+pz+uClOjso8PcgcJf9BS6pQ /9/g/xwxrqQ+uj9lyhSlMcK jPszNTHm6y9VU4P///7G2 tze6cVC+BDFDJXhEPZ3MYRIQESN6Kvce uv///9/bKRhZElEXUJ6ZQiA2WT7nTsGPYUSWXKDIHkUoef///2/4gVMtJ/E2KXQ3DEe+8p5axKl4 7MwE+UlZhVVW6f+3+K1crSsdF1tlST5OvCYpmo2waRcjv/3/f3sNRNVO3K3s4Fo6 Aa1RPagHGBLy Qu1B7FVJ/////+U9Vks+RJ/n5T8QnEEtemCYn/aHSjE3RM pHpy2CGmrZX/j//1G4ZVpOzZYV93yY cV3WQjwtXuXMl7aiTXq3/////+7luBjinUz4HenVQdfKdHmTscOwl2t5ohHHLnkglE170P///zxR K1AYdIMvyrwEFYYEUQXCRhGYK0DBLIzs////v01MW33AJ5EBJZg/8nohxIE1VCu+vRUljCU9LBkp TL/B//+X2S0eor6Evx8awoQ1iIKqzKpLyq3CrW3//1v7Bq03aAeP0Vl1UdPWWr4gcUqRepLIFLkM /v+X/oZAFsq+roeoc4GpUHEWTRZJFBjCDLW+wiSO3+A3zQr2vfp+rMUEDkVhzv9 v/P/MvSVJykWA egNNNQ1yk6g/UMo0uXhF1zVEA/////+XP6ovDj2yQnRgtcSTPUxWasSsgr41sEV6NZBFN2AEWv// ///XixhMMdJsCj9JTU5HEpf/+BfxKxh DekY92Ed/uS71tv3///+BPVcsJo65yEXYAsK6USzlHBr0 Kq3Rt UGTqH6Zjjz/v/0vMxDCwUJOzMJP6WYA9pwsujwqygZ7DA9931j4/4krejnpEXJybtbQgQwY AcxCtopV/////zd4FtVfTXhxP1FRLqwumsF2Tai2cHqXPEZXz33ZAvL0//+/8LM+7TyGnz3Pvk fb MvaWPEV3MnK3GCoUaVsr/9/+/0n/VFddd7eVsgK1zFVxLS FWXDxOylDCgEXIFcT/rf//mXysq3M0 fi1AlVpSTBhIKydvWajfScl2Al3o////wodGerI9Z+Bs+fUxmrlghW2CsC4n9zhTfBgY+AX+Xw+x xH4DtGUSyhxJF/XKcRetz9/4/xdFjL4yTUlTWcq5ysS+Pa rnX zp2yg//////ywW4RWIywEpaGtHs QEUy4ECok+y6nHdO91tshknF+0T/////CUdNJy/e6jV9SMTzqZ1/Ie/ik52FA2FOw863gh4mVhH/ ////JlLLGCCMqjzYKp45IBsYeFf JvT8VquxHoL4+GAjKi4D/////oELMfVF6fzxSyj9FAY6xXz8g eHhJyD3EnXmnDg+Dcsb/////eZ0ydL1GoK/yfktHPe+YqlESRkODqlKeWcUeSUSrahc3/v +l4R3E tyoSqp41ZGdGocoHo CyZs3X/Rv//Hgl5Fy1PKR/WX3VxIz9hqbt2cpxyS2LR/wv//1BN9JosE834 xgFNRzRFlZkZ7CyoyokwQFQv/////zT37Fye2XE1TwNLwrsCq18fRqhJrl6BAaq5/3UWx0gC/sb/ S40xTmpJWK5L0VMfoOu8yDyxKUvSv/03hTSt1t1 H8ux+VhdPBK/D2Qy 0v8H/0lH1YPMsTr3E1eLK e2It+DJA/ /+3C84WRuW4uE2 Zmj1ZT8oIT5hFwt28OVz/////TqpTbjJ8Uv+/MWxhKSVQxr0ss1hY xRq9jY00vRyDpw//L/X/M1BSUHe4kfHIgmpjKtkfHvvwlMPHs0h58L/A/9k 1Cf+VdAQyMbYwiX2R Fhc8+cyt////v4Tea1XAeS4/WplKes9mKyV+trAFHjJL 5Eqs4HHVnfT///8IQ0WigvfoyhpjJWVn FEo9Z aex8J9xmc9LKdl7///Lv0FhvnaevvbORnKs1sKKvnhpGD9+epw9YTr//4X/DfqFuuyx/w2Z /1J5//aBL5301izYLLgbPVX/S/z/cGC+dbE3ILpg5DRDyp9Llz2A ElztgDcy/7/B/wQY5WeZFomv jNyRTrSxerTCqUIQKV15wHip9P+/4KP3bP2d/OnCvwF6R0 k/Qv///5dNd/mc48VlvgVCwrjhT0st /p1VETwRH3qxPy//G/z/sZIlXj92+j9kGEvSXVTqVq67Pgo8QAcEv9H//3qvPZoC7UYphUhsHJ+d Hl/DfLcwUIGVQP+F//9NfH4Nhs4+USnRHkCifS+9KdrEn CGrbq/CeP/W//9tNUvbzV2T7kcrrxhJ jUVNi UlAdEW9JtGn1vr//1u3P2C6VBBzPttRvcHlRLwvB1/bbAQBee3f+Leul5 Zw0YBMKW7Jk8Iv N1cizv//L/TOKVNdN0n0SXFjutjF7HH3aVRRwIOxY1P/////X Cz3ExcE3pUXc4Sp2SjCkAFAGK9m fPscgb8VnhKHBIX/////Qhxv1oqELocnhjWJNoggiqQz+FaLM4okjR2MDI8slm3/////1iiOIpGQ bpMydorvKNuSlZSXZpYWmRzynXeYL16bJZrAC///nQ6cjDOaNGqfXp4CAqE0oEkcljXd//+/Xq Vq pH6nF06mqvvvKqlWqG6rBqp+rV6aRKz///8LJROusS/JHLD3tdssknS0b7e2N9+5uNnn9yr/0l /o u1K6NcoFlnu/bXoEgf5HTxG/S////65uS1xEkFnBOcKD AE8yWFVANG6nLEQ6iAUR2/+/wU9j7djs gDTmgVlBSUkxooqB4Cckhbr/9rQpAeepj5aGEyQmKDQKMm63///tM4GwBy+SSrOy N5EoIiQMJtvn ETMubb2h/7/9/zZ3N368MjsN+AypxsCIsU8JbIFtIVcbkcapVRL//3/rXeSIfqZxGYFsLLS8NEgB H8CFYIIiRva/bjH/////uiufHJ0AyEeOAR6qO5gBzaDieFYDyABRgYY3hjxWaEX+Rv//TF9KTQ3K XEULXrzewidJQU /5oV45uob/v/G3KjGSymztqlk3VdoMKw5KKbtaPGN3/xJ/4x6hqvZqK/JDowd0 lH2X9FqFFtv/Bv8RSXLtjzT+KXAiXDE+BOmIrOwAzFv8//ZuTY4R4nddU0MO974UFMgvWcjlYf9/ iYVgDMPyJ54rsD9ZM1z5/vKotyH/////7ONazAZOJll6vUePXDpJM0uVBshKBnf68Zr3P8ggXST/ /y/9UXKtBhRJSQz2YRRdZV2GTRGCca3Q7KBkUef9////5T5IFpuBxPGxqsQuFC+Zl5gZ+mk0VuWD 4VbBw9ubf4H/L0tR tkYayrp1AiU+kJ8REYZTCwJJ/4UL/RFsrfMuwdRFNDgUbXytPaBxRrzQ//9E EilRWL/c7GCcXnn90d9x8/Rl+0DxLX2DC4t LgBVUu1uDB4j///8LNhLLmc u6PbC3/gCC yrvKkICh USdIgKhD4 MLb////4IRN/7L rHhqAHOT0nb4YpcI/TUE0s4YHTQOU mhJf+v9T7HchpyFTggo+Qm97 rI6CEgs4FCr0/6sPMYT3vFzRBnq4JGf/F/pb+B+OSUIHguzRFWA3OjHI4jRE/////5V5B0lii9Sb qWqJCoLua+72UwbzyB/0Dqp4/uYG h063/////3qOP0cKnoCiQhKakdkqvgOOyBdFNfPKigF0ATKg gfQY39rq/4Mm5IkqlYQsUGE/PMoMwFr7Ff////96SgE1eoM9CNkR0TmJvh/o+VOcNtoRVRiEesqG tpGHcv//N/jm/+y1eMc8Z1N2UWY9yl4seeJwRyh9gCb8W3yrKgxPF4tH71IYRvLYFxT///8vlAa2 ehbnc0YJFgh6gDVQcuL0LEpKiwKDNngtvIn/v/EXHyuDH0XM8+rqvk8eC2EKrAkGx/9/q3+64fq R Q3m/ufhm6tf8xypQOzl1OxA5of///61pEPVVRhgLtQis6y2xNGC4qcCk56JeiBwH//+/VVw1Q7aU BPW49izIyN6G/g 10NJDCZ0Hj32ijK6RZIhy01UCqR5CK/7/9fzZdDDSvEWpccLcKPa2EV7aTcIeB R Qg0tTua/y/Q4q9brXtpHMwvRV+EYaj0C0L6b///zXoNu pivNRx6vN9ZI5JoH0nH+jpZNK43Vn+j ErcLH/rvhGwgWa18vhf6t/pqGSzu0J8eWV0Oo fR+f0UP/////zSabTvDaRJKw4VHmhJ4KKLzIXoB ck0quTQDRiB6MeY0/8b//994X1+sw1esEBbo2Uo8meX327naTWeL5fSb//+/9JyV28oNVMgNoM+L ZQ7lmb1e9jv30Jm5JVmC/v+l/5tfPZFnXJ3wHpDYFojQ5ydlImWdv5heCF/U4P/fBZE1DBbOvUO9 6ndyiB7IvWb63+Avrsngdht1X/krzKEAf2Uaki////8XBD2mj17UnVEhc3OdSQKxl3oCSmRV5sI8 RBg+2/9C/0as87UL8sXDKXhNEloRyT+WdtDN/////y6 FI8VGcC2Ap0MXwM MOfMz9R/5XH6RCYywk ypIybBQxv8WN/tGhmng0CCA1SSptuB7DWf+g1NvbHbe9iT9PRNJT9dsb/f/fprdCW1hJgx2qP+Ka FKMVkdwViRVHQv9/62zIARes24pJek5bYpY vzJ9Bif/03 +r/8tAhPd4pJiEJQwg2TT8NIeQCgv// /3cucXoMUZ4pyvGh/2cGSfpUPalgTV0Z3ELTFPUc/8b/W9LA6GH7jjmIiHL3NUdCF8FBJq 1r6f8X /ji6vhw7bVRI011dGDkXFyceVR3DGnnf+v9/Q7kWB3qHnx85aoLXRT9EM7U1Bfw+fgyW/y/0/2RI F9wX3ZUS9pSu6upR3Dy9N1tUVBkXRv////+TNlRwzdbhDe+q6hImGDH9I8y2VYgARRd3/DVIERBu VdX/G/xEWWyDWaep2zGwJSfNJoXRFuE3KPC/v+3RvPxRzRfpg8aty0C/8P//xZ2fEYsAqYTJQDOr RDJaeSmGL0 tGWmqLyRT /t///4hRLWQ7 MjyKvcYcTgVjQZR+8BM0xTeYLJy2uiF/g//+fV1IONItP Qqkk3TsH8BgplMwRFGNK8fT+L/T/QRPs9GNN+YQ48qt223KBeUI1YAHBfUK//f+3Q7hXQoLLCb4x 6N477U33RoeKIUCj6Fdf4Nv/HE2p0AsSEyL3FI5E4r1hOKyAva 7f6C/0gFU/C1m5CvS+U8N7RKl9 ry/1/1v/cz1Lvpz+eqOAcapby19bUsH/ v9T/oOket5jYWohaNku2vrhhWABCi3XJTwfJ//+/xKFi HYVOvrtNNPi 9F9DZsS0lGYLyEcL+Bf//L/WaVUFCekBiBCaG AVLNHj866oyuR0m/nfv1/wv/2U03 FXNRySxMqin8FurkQUtNYJ97S////y+32aoSsuTj1w+sGsRNBNhTGDwFqYz8xbhP2aRH/1Lf+kQ5 NlOa+fStZYhBtdJC5E5g1db/rf53bbCJ2TlDwFSqT9HKpahvoU73/gsX+JlLyz3x1Ca+Z01Mycw+ urf 9// +lUkM1aAo1VkNKtpdKzHK2QoeqaWS5Pir/L/RLiJ5yn6pcQ7 aSYp68g/qPvGK/wv//20qe SlZOn/Ritkqfz575EMsq18zZr0J8//+t/4CcL/6xGGoMaStFkq/KSZKhRa1CnMHo+oF/g///SrHz QifDcx9A423E6G5Me ntiwNcZAWK1/ f///09HZJ8j6ElZmQrKlxoZooOaV7x5xgs0tx+Igzs0mf// /y90dgFReS1sbvDvFvtRyoBCbZjkLMBuQ36Ao0Kt4////8hTMg6emaMDoSsBBh76XEAPVfsRoeRq 6J4zDJL//9+qU1VkVxBxs7TLVVDJVUkAPMkHLtMz s/+NfuvMCLyCa4S3WhdDgjJhx0kiA1r+/1/q rafoQIBbwlK54fGQxPp4HDCi3p43ntf8v9QNng9qv1ULzDUQQpbLRdyR+L/FG51LyUWOijO0Rhye CYB1l////99BTlH4A57EbPf3eSdHzuteUfwwaqbbvRj6+VL5wf+/1P/8jJEuCTNCKzkY1RA0AvGX Rs65EUpSbi B86///GWPBahXOVUfI9QEvU80qFlQHGhKVekSj+tb/b/FcABLor0RJRna0ovg2oHSG 4lYb/2+UK6fgQVwogbzBtha/ArlE/i/9/4LfZ04n4ENagMHEj82JPta5GNmhcoCCHX//9 v+ tMsCg xOw03qvAuERLVyREV7ksPE3p/////wNWRr/oUWRCzp+fR7G+fEVR7TURBzoZND2CEBf/4SMX /43e +rc0SksYGesds57tWxEJ9h2ee9/iF/hEIxmqTgpfEL55ZumRtplaN/pb/4FCHxj5Ce5KT7V8x9Er fZvGLvr///+SlsxAXFFQEW5FEXW2z68sWZIfRU7E4+pqcRq6D/8X/jc5emBTzqzGP FHfpFcRbVc0 OMpRFsH0t/jt1hxrw3QRBE7RWJ4hJCffp/9f4m8sJ2GnSzYZGRvAW+LtEVpAWf2H7Vv8 //9QiRRM ZZ848VxUN3IW+StpyzwoGr8bg1/4B Rb6jXmJW3pjQyupG4AGp////5dVYWhfkCmM5VC0GXuQgw7/ I9RRYh+rG8RJMpD9X/r/lkCQq40sMvURYKsE vXa6rpyvTv6OYUVQ/63+S2VwaoDkfQYnwFGe7OI3 PaUJ2Pv/X/hqB8zDBvIx+p6z+0cSCWt9R0UBnkKKyT6N/v9/LLxJc4gntpiaC/UaK2y0k4McA07e dP9f4P9IO4Cq/9ePR1yE1WwqNfcN1nqFYcqy/CX/////29jl6ZeQd4k5UZKpSreasJzuzNRX5XFc Y08UqUvK3EH//8L/bGBc65FNbvEEBg5dqf9PASc0uuMKq zOxVC3/X1jos7cE6v0YNXbMzATUwveK 6kSmf4m/9ffIIgnGRZsTpv8xEEGAqykMOf////80qNEna6 GdSuskprHuTWHVfm8OXaz3tNSkulFh EB3LlP//b/+4Wgo3wA6nNBMFqEVxVtTumrLRDa48sXO2PK2txP9f4oaHwuEa4FCavLfHSPqgBgRo Rv//37oFrZ6 oqfn08CYeSEOtfXCqfJG3J+esrapf4v+lMbFCcw4puF+q7jjZzY01HWouUl/g/zc8 c4GkyQSlwzH/1Vo6nL/L/7/A/1A9bJedl1lNIZxH XqtX7fggRBlhSRylof///1gvbnmqZzwxGGM0 pO4VN1jgVDApjUFBa2Ev/7/Uf0i/2qdpzVFApSAlBygtJFhBvx8SJDX///9GRi4oLvK37fxOFjMo RlsCM2RKLqQe9wBmf 6m/1AYVuCoCLjRMLc+ct4D3M1cE8P//L1YkLD ERaClMCfB+mi9wMQd3JEjS L/Uv7S4iY7+nn5rfSSQyMlVgl7j9/zIkCSAv JQ5/+oQ+RSQvIiD+Lr8JgP9WQK0lNC05DyAslv+/ wH8lJTOCj0OnBIkA6i2XJ5wVKUclPaM/1v///xuIvyyyMTgNLl0 NKCMzIDM4c8RunCHYALggTi70 //8zEkkvTMH2JhMOIyswVQQ5w5FfvAUk60v8BRoueShXC9hcAhcgLcTf4P9/Sob3JG0ATg4xWwok O E/mmB2uTnXnNfi3f4lRSbE2MjEzMS e6PW2K83SxT//ud9/QUVJ18wt4RVZIQIMJU0xDMkm3v0j/ GfXSODguDUBDIk+z5RhlQ1H/L/0Gx0EngI+PzVpFckY Zdhq3EU17pf7//2l RRhHPZFpHQi1uGFZh 7VdBJf1f8U5KHbxwq//FOQQnY9G/NyCqRWJ6IW8l/f8vLQMg9qUqTQoBV4FBwSC6Rc1xQo/MiQN5 RhRhviGoY/+3bRFtzAWBvr4Wwoy+qlHRAMt74/+NRzJGBkCaNEbKX8KvvU8zrPlBK90O2BFQgQwy rioOpS7BBzKlcIhzM0zhHdi3ukk9wo41NciEL4jCQvaEDDRhABxMC/y3f 8KAQ 8C8QbKVwpBAzFVu wrz5TkrxRu7LQwOUpLaoIov+0v8N9EPCg0XIRsKGRcIINrBAjqgNl9i67xYfyLb4NanLKW3NQDbB wm/1tsF+QFbKRsseRVSpNvj9vw6BUceFaL nBqqlAsTtEyGmYt98a5f9MI0iBNQTKJ8zFd d92hXEY 67IRH0m+1yUL1Mv//9ZOSR2dyLg4Rk72RgYRBvgWCbPvFCk327 8zN0bIQsKCRaqZEC 0gqAJEBeaq +b4AuZBbowMTJTHYIWmGpDXnPddcYJvwxTFX/Ysfgww2SJupB7 dJq vQjAHVBCgQTD5yPUf8X9 gUN DUEABRcAEQgDQRQSuckHaxoKFhJzHjFtg9VqTe5OAA0GXK8taPCHIoGsYCy21Q9IKBA MQedqtbbA As6/Ow2oSvgvMCgvNScA8xRFWEVEgYDAGo0WCAjkAQAwCgAkUQW/aSYgqBwBRmluZENEAaDybG9z ZRtEzN4V1FNpemUX73/7TEwRQQ5NYXBWaWV3T2YPbm9hbw5Vbm0QLgNycyJud8MvS0VudhBvbnar io5dViJhYhg5iLgdRAx2Zd rukYqYDn1UaW1GKuKstVcaC1FDotu697ELe3BeZy1Mw25fIH5MaWJy TnlBIfZ MULRQYyhLxkQ5tv1iYWxBbAZjWExhtz3sVNMqTXUDeCgbm7VbbBdyYw9+sHQQB/vnWlYd RkNvcHnFRGXahzdrBoMXJUhh5wsg3cKdRVNj2XY7+WxlblTfcFAvaA1hCwrDVytYRB2zt0VE8W/K kbZQxMlweU2RbFt2Z4IiTRNFeGlCQfFi3WhxZB/xvVnAJv8vmY33hg27BWVwoTZCN+LCw7A zblqc ZUl7EXGiy/sXbCD8XnIYVG+TFYaZorhMqQ68JXsTYhENCGNrQ4VvT0RyAeNkZUNop9xdRGw0TW9C eXQiEhQnIpyeua+1LQpjmDYqUqCyvSfhVEdQb2koGUh7wWbtcEYmXL0TGYRDmDDoOm5FTLisMGkJ aZwWpCImBDpNGDPXOEN1GH0ZOiQ5YW9rpURlLJWEIMWVaLXHHuObwGcbS2V5DE9w69yjazELRWoO gFZbvQAadnV lD4vM3KWEESl1bTAMT7PNJrc/ZML4baCiYW6Hc2UwijcXa4xyEPYHaXNkvfZcCXoZ 8s4QF KJ4rltQCCI5N6ErMyphKiE CSg9ms1TNIAGhVVwPFrDfTkJ1ZmZBDwtMb3f2GbYjd3ZJcpQj dwqFm3Fa9MwMTYLCAKhtWbZN17fYYkD/BAITC2 VZlmU0FxIQA6tlWZYPCRRzOb//hLw8UEVMAQPg AA8B CwEHrnvSbBNyK oAyBBADgmxnsZA1CwIzBJlb0s0HDNAeNHvZG9gQ BwYAwHkIQIBbZHgCGAVG uMJ2K2R4AR4uL9iToJik cJDrNn+7sAQjIAtgLmRhdGGYI+5CusH7Iid2QL3NYBuFLuUJAMPABny/ KXs0J0AbsHsNlAAASkE8CQAAAP8AAAAAAGC+AJBQA I2+AID//1eDzf/rEJCQkJCQkIoGRogHRwHb dQeLHoPu/BHbcu24AQAAAAHbdQeLHoPu/BHbEcAB23PvdQmLHoPu/BHbc+QxyYPoA3INweA IigZG g/D/dHSJxQHbdQeLHoPu/BHbEckB23UHix6D7vwR2xHJdSBBAdt1B4seg+78EdsRyQHbc+91CYse g+78Edtz5IPBAoH9APP//4PRAY0UL4P9/HYPi gJCiAdHSXX36WP///+QiwKDwgSJB4PHB IPpBHfx Ac/pTP///16J97k BAQAAigdHLOg8A Xf3gD8BdfKLB4pfBGbB6AjBwBCGxCn4gOvoAfCJB4 PHBYnY 4tmNvgDAAACLBwnAdEWLXwSNhDAU5QAAAfNQg8cI/5aM5QAAlYoHRwjA dNyJ+ XkHD7cHR1BHuVdI 8q5V/5aQ5QAACcB0B4kDg8ME69j/lpTlAABh6SNE//8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAgADAAAAIAAAgA4AAACQAACAAAAAAAAAAAAAAAAAAAACAAE AAABAAACAAgAAAGgA AIAAAAAAAAAAAAAAAAAAAAEACQQAAFgAAADY8AAA6AIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB AAkEAACAAAAAxPMAACgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAADQAACAqAAAgAAAAAAAAAAA AAAAAAAAAQAJBAAAwAAAAPD0AAAiAAAAAAAAAAAAAAABADAA4MAAACgAAAAgAAAAQAAAAAEABAAA AAAAgAIAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAA AwMDAAICA gAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIiIiIiIiIiIiIiIiIgAAAj/// /////////////4AAAIf///////////////eAAACPf/////////////9/gAAAj/f////////////3 /4AAAI//f///////////f/+AAACP//f/////////9///gAAAj///f////////3///4AAAI////f/ ///// /f///+AAACP//93d3d3d3d3f///gAAAj//3f39/f39/f3f//4AAAI//d/f39/f39/f3f/+A AACP939/f39/f39/f3f/gAAAh3f39/f39/f39/f3d4AAAI9/f39/f39/f39/f3+AAACP//////// ////////AAAACP//////////////8AAAAACP/////////////wAAAAAACP////////////AAAAAA AACP//////////8AAAAAAAAACP/////////wAAAAAAAAAACP////////AAAAAAAAAAAACP////// 8AAAAAAAAAAAAACP/////wAAAAAAAAAAAAAACIiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAD////////////////AAAADwAAAA8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAB +AAAA/w AAAf+AAAP/wAAH/+AA D//wAB//+AA///wAf//+AP/////////////////8jDAAAoAAAAEAAAACAA AAABAAQAAAAAAMAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAA AMDAwACAgIAAAAD/AAD/AAAA//8A/wAAAP8A /wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAACP//////8AAIj/////+AAAj4////+PAACP+P//+P8AAI+PiIiPjwAAiPf39/f4AACPf39/ f38AAAj39/f38AAAAI9/f38AAAAACPf38AAAAAAAiIiAAAAAAAAAAAAAA AAAAAAAAAAA//8AAP// AADAAQAAwAEAAMABAAD AAQAAwAEAAMABAADAAQAAwAEAAOADAADwBwAA+A8AAPwfAAD//wAA//8A APDEAAAAAAEAAgAgIBAAAQAEAOgCAAABABAQEAABA AQAKAEAAAIAAAAAAAAAAAAAAAAAAAC89QAA jPUAAAAAAAAAAAAAAAAAAMn1AACc9QAAAAAAAAAAAAAAAAAA1vUAAKT1AAAAAAAAAAAAAAAAAADh 9QAArPUAAAAAAAAAAAAAAAAAAOz1AAC09QAAAAAAAAAAAAAAAAAAAAAAAAAAAAD29QAABPYAABT2 AAAAAAAAIvYAAAAAAAAw9gAAAAAAADj2AAAAAAAAOQAAgAAAAABLRVJORUwzMi5ETEwAQURWQVBJ MzIuZGx sAE1TVkNSVC5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAABMb2FkTGlicmFyeUEAAEdl dFByb2NBZGRyZXNzAABF eGl0UH JvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAbWVtc2V0AAB3c3ByaW50 ZkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvjRdioFjouK+ cfvVvvFx8UE4T5a+nOTbvs0pFL6OzaiaQ6rspRRVhKUUVRK8l905daWcJ3WGXiJqDEyuanhhG29U R82fI6vXgJqbq4A9KlifT/nxgLmz8p8p/SWfIFN5hm5grmky6ifdItmT6Ksz1GmDO4Nppk/6dleU SXZd6A0zck7vGO3XI cNBtKnDSGu4w4/E9NxH8FPDD/QZ3Ly9PXJxx72dX+1uggd0m52V+Ry dNg02 nTYR/50ySaCCQCsFNXhms8Wk3IgfxSZl2lafWdqiPPzavnBrxUGVXtqcWYTSNnQlIg6Ez31G+EI9 7LoEFIo6+/kDwnFuwyxXPWuWm6XPve1K+hcxVfxW8x5rLudV9EaaSotKCEopjxhKdU9acQiEjoEw dYSBO27/ntJKR55OMaaeQDIc nu66aIEyogmun1U5QUaj8kFRoQBe0LOmXutEwUEQ6xyTq7NgyrB3 nuLAB8k S8fSADRpSxlxucqxMuekPEho2nA0MORgNpNxOL11R1O4fV9fAKK1x3yvlfcBhrwzAhLwL T8pEJsCYpf+m/TA9mtbW4Fay1RCBTPmbVoCLooEUmdCYoN/HCPLUu8xcvH48bz3+IzVtqiOTAn9X C0HlPKTa4iurZ5MjsU58NWbyrh/Q8fPavJCz2hgYfMVfDhzFCL4yxX2829qg15LrFuf4GyWQGjSM lfCVKz6GBMyFFwTM 0jnNxZNQ K0OguW/Q/8CAk3ZBn+g L3J+nFR6fpxPXn+re/oBKaje APQuyO/nj X9QzTbPUunGt1GN9wsvKGIkd4sde 1LqOPdQzTbne9EZALs5vFuHxm4K5RdpFMbdYozHImAExPHTG ZSWgsnC4S+yAzF iCgIs7yp90dfyAgLpFnzR895/w/UGfflkUucXrFkm6CQ9e65HqSRDxdFb+ylQX CWKfVgPG41YtL7oq7jsVTsF2E9qYiL3a38oF2t1ReNrdviqVdzrL 2tfaiUa bt5G2yE56qdjNsHuv U4sd1wraqV5PAWCO38Bt9GWHd2Df5tkHD0+Y+QGzmI2FA5iq8X2HWS1bhLaAu1G1Sp0qmKio69aI 7g GwVhQApJLOxdAd6MU0lazFfJaCxUJl0/qZoh oKqkixCu22LwrnLaQK2pmhFX2d2xVxY02etjB0 rdNxokIVYydKvVvDFo9G7l3qkklCFXwVQh9OlkIcmO2kpbx4S+Yy RB/EQAZU0a69VNOR4FScR+9L CYL4S0GCKzoUtuHKa1d/ymtXlxzHiZXVbgQE1SgYR8olXPPVOkwS+0anMxSDX9ULdUwxC3dP5gt8 jekU6p/xCzFLfZ9pmyxyZvNGnUuN FJ2jB9SdEw9hnaDWap0PaECCXxGYnaMJ3qYM9XdJ4a 6vVj+Q V0lLI6tWtb/xSYIiV0nVExkcZJ/tcb/KEJ5xMOKeJORpnlKR8J6DD4KegEjEgYy80oGHO2aqd3VH RTRvs1o4lm1FE4m7mRHSuoxsaFdFrpDNl0OQRjs0JDv7bNE6BgDAPgb/P6ARsD+fRQn JGctCkKHL Dg2GHxPAQu9sIxjvbCMr4GKVqx8X6rwf+wvr4ErFCx8m51kNU4Ac/SUxnA055mby4NnuDWu1qg 0u DUMNNv2NDa9NV1BLAQIUAAoAAAAAACZCRTPcRL//wHAAAMBwAAAPAAAAAAAAAAAAIAAAAAAAAABp bnN0cnVjdGlvbi5zY3JQSwUGAAAAAAEAAQA9AAAA7XAAAAAA ------=_NextPart_000_0010_F297D000.74EA577E-- From owner-ietf-openpgp@mail.imc.org Wed Oct 05 17:27:47 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ENGnj-0002nM-Cy for openpgp-archive@megatron.ietf.org; Wed, 05 Oct 2005 17:27:47 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01991 for ; Wed, 5 Oct 2005 17:27:43 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j95LBIY4089777; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j95LBIIw089776; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j95LBHaC089769 for ; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id EEB1457EF9; Wed, 5 Oct 2005 14:11:58 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Signature calculation language Message-Id: <20051005211158.EEB1457EF9@finney.org> Date: Wed, 5 Oct 2005 14:11:58 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Some of the language in the draft about signature calculations is confusing and misleading. The brief descriptions in 5.2.1 Signature Types are contradicted by 5.2.4 Computing Signatures. We should make clear that 5.2.4 is authoritative. I suggest that we add to the beginning of 5.2.1, "See section 5.2.4 for detailed information on how to compute and verify signatures of each type." Particular problems: 0x18: Subkey Binding Signature This signature is a statement by the top-level signing key that indicates that it owns the subkey. This signature is calculated directly on the subkey itself, not on any User ID or other packets. A signature that binds a signing subkey also has an embedded signature subpacket in this binding signature which contains a 0x19 signature made by the signing subkey on the primary key. The signature is actually calculated over both the primary key and subkey packets, although here it says it is not calcualted over any other packets. (A separate issue is that the last sentence here should have a SHOULD: "A signature that binds a signing subkey SHOULD have an embedded...") 0x19 Primary Key Binding Signature This signature is a statement by a signing subkey, indicating that it is owned by the primary key. This signature is calculated directly on the primary key itself, and not on any User ID or other packets. Same issue here, the signature is calculated over both the primary key and the subkey packets. 0x28: Subkey revocation signature The signature is calculated directly on the subkey being revoked. A revoked subkey is not to be used. Only revocation signatures by the top-level signature key that is bound to this subkey, or by an authorized revocation key, should be considered valid revocation signatures. This is actually correct, I guess (I don't think PGP supports subpacket revocation signatures). According to 5.2.4 the hash is over just the subkey packet and does not include the primary key packet, unlike ordinary subkey signatures. That seems a little inconsistent to me - is this how other people have implemented it? A couple of comments on section 5.2.4: When a signature is made over a signature packet, the hash data starts with the octet 0x88, followed by the four-octet length of the signature, and then the body of the signature packet. The unhashed subpacket data of the signature packet being hashed is not included in the hash and the unhashed subpacket data length value is set to zero. (Note that this is an old-style packet header for a signature packet with the length-of-length set to zero). The parenthetical note at the end should go after the first sentence. For consistency with other descriptions in this section, we should refer explicitly here to the Third-Party Confirmation Signature, type 0x50, which I think is the only one for which this description applies. One thing that is missing in these two sections is a clear statement that certificate revocation signatures are calculated over the same data as the certificate being revoked. 5.2.1 just says: 0x30: Certification revocation signature This signature revokes an earlier User ID certification signature (signature class 0x10 through 0x13) or direct-key signature (0x1F). It should be issued by the same key that issued the revoked signature or an authorized revocation key. The signature should have a later creation date than the signature it revokes. with no comments about what it is computed over, and 5.2.4 doesn't clearly describe this case either. We could change that last sentence to say, "The signature is computed over the same data as the certificate that it revokes, and should have a later creation date than that certificate." I am also not in love with the classic description of document signatures in 5.2.4: The signature data is simple to compute for document signatures (types 0x00 and 0x01), for which the document itself is the data. First, it is presumptuous and uninformative to say something is simple. "The document itself is the data" has a certain Zen koan quality but does not plainly say what it means. And this fails to distinguish between text and binary signatures; for text signatures, the document itself is not the (hashed) data, but rather the canonicalized document. How about this: "For binary document signatures (type 0x00), the document data is hashed directly. For text document signatures (type 0x01), the document is canonicalized by converting line endings to , and the resulting data is hashed." Hal Finney From MAILER-DAEMON Fri Oct 07 02:34:35 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ENloR-0006BL-25 for openpgp-archive@megatron.ietf.org; Fri, 07 Oct 2005 02:34:35 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA28272 for ; Fri, 7 Oct 2005 02:34:33 -0400 (EDT) Received: from mx2.istruzione.it ([193.206.15.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ENlxa-00067t-Ro for openpgp-archive@ietf.org; Fri, 07 Oct 2005 02:44:08 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by mx2.istruzione.it (Mail Service) with ESMTP id EC41EB17F2 for ; Fri, 7 Oct 2005 08:34:19 +0200 (CEST) MIME-Version: 1.0 Subject: VIRUS (Win32/MyDoom.O!Worm): IN UNA E-MAIL DA LEI INVIATA In-Reply-To: <20051007063414.43EB5B182A@mx2.istruzione.it> Message-ID: Content-Type: multipart/report; report-type=delivery-status; boundary="----------=_1128666859-23029-5" From: "Content-filter at perseus.trampi.mpi.it" To: Date: Fri, 7 Oct 2005 08:34:19 +0200 (CEST) X-Spam-Score: 1.2 (+) X-Scan-Signature: 00e94c813bef7832af255170dca19e36 This is a multi-part message in MIME format... ------------=_1128666859-23029-5 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit VIRUS ALERT Il sistema di scansione ha rilevato un problema in una email presumibilmente inviate da Lei -> (), per il seguente destinatario: -> segrcsa.no@istruzione.it La consegna del messaggio non e' potuta avvenire Di seguito i riferimenti della e-Mail inviata: ------------------------- BEGIN HEADERS ----------------------------- Return-Path: Received: from ietf.org (host94-103.pool81119.interbusiness.it [81.119.103.94]) by mx2.istruzione.it (Mail Service) with ESMTP id 43EB5B182A for ; Fri, 7 Oct 2005 08:34:14 +0200 (CEST) From: openpgp-archive@ietf.org To: segrcsa.no@istruzione.it Subject: Status Date: Fri, 7 Oct 2005 08:20:51 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_3BE0F329.82E87483" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20051007063414.43EB5B182A@mx2.istruzione.it> -------------------------- END HEADERS ------------------------------ ------------=_1128666859-23029-5 Content-Type: message/delivery-status Content-Disposition: inline Content-Description: Delivery error report Content-Transfer-Encoding: 7bit Reporting-MTA: dns; perseus.trampi.mpi.it Received-From-MTA: smtp; mx2.istruzione.it ([127.0.0.1]) Arrival-Date: Fri, 7 Oct 2005 08:34:17 +0200 (CEST) Final-Recipient: rfc822; segrcsa.no@istruzione.it Action: failed Status: 5.7.1 Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=23029-04 - VIRUS: Win32/MyDoom.O!Worm Last-Attempt-Date: Fri, 7 Oct 2005 08:34:19 +0200 (CEST) ------------=_1128666859-23029-5 Content-Type: text/rfc822-headers Content-Disposition: inline Content-Description: Undelivered-message headers Content-Transfer-Encoding: 7bit Received: from ietf.org (host94-103.pool81119.interbusiness.it [81.119.103.94]) by mx2.istruzione.it (Mail Service) with ESMTP id 43EB5B182A for ; Fri, 7 Oct 2005 08:34:14 +0200 (CEST) From: openpgp-archive@ietf.org To: segrcsa.no@istruzione.it Subject: Status Date: Fri, 7 Oct 2005 08:20:51 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_3BE0F329.82E87483" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20051007063414.43EB5B182A@mx2.istruzione.it> ------------=_1128666859-23029-5-- From owner-ietf-openpgp@mail.imc.org Fri Oct 07 12:07:25 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ENukm-0006n1-VV for openpgp-archive@megatron.ietf.org; Fri, 07 Oct 2005 12:07:25 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA27744 for ; Fri, 7 Oct 2005 12:07:21 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j97Frenb031327; Fri, 7 Oct 2005 08:53:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j97FreIm031326; Fri, 7 Oct 2005 08:53:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j97FrY6N031278 for ; Fri, 7 Oct 2005 08:53:35 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 81C342B47DA; Fri, 7 Oct 2005 17:53:22 +0200 (CEST) Date: Fri, 7 Oct 2005 17:53:22 +0200 To: Hal Finney , ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051007155316.GA20782@epointsystem.org> References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051005211158.EEB1457EF9@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This, I agree, is the worst part of RFC2440, causing me a lot of trouble (I would actualy go further: it's almost useless in its present form; I ended up figuring things out from PGP and GPG sources and interoperability experiments). Instead of just tweaking the language, however, I would suggest the inclusion of an overview table in which one can look up which signature type is calculated on exactly what data, in what format, in which order. It would be tremendously useful for implementers. -- Daniel From owner-ietf-openpgp@mail.imc.org Mon Oct 10 07:01:25 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOvPJ-0001az-7l for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 07:01:25 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA01221 for ; Mon, 10 Oct 2005 07:01:20 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AAjCMp005121; Mon, 10 Oct 2005 03:45:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AAjCoK005120; Mon, 10 Oct 2005 03:45:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AAj8I2005108 for ; Mon, 10 Oct 2005 03:45:11 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A081E33C1B for ; Mon, 10 Oct 2005 11:45:02 +0100 (BST) Message-ID: <434A45B9.5060707@algroup.co.uk> Date: Mon, 10 Oct 2005 11:43:05 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Cleartext Signatures X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Section 7 says that the last bit of a cleartext signature is: "The ASCII armored signature(s) including the '-----BEGIN PGP SIGNATURE-----' Armor Header and Armor Tail Lines." This is ambiguous, since in previous sections "Armor Header" has referred to name/value pairs, of which there could be none or more than one, and not the "-----blah-----" line, which is called the "Armor Header Line". Since I have seen signature both with and without headers (i.e. some with no headers do not have a blank line between the header line and the armoured text), I'd like to know what is actually correct here! Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Oct 10 10:33:15 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOyiI-0004Ch-Jy for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 10:33:15 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14185 for ; Mon, 10 Oct 2005 10:33:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEFDM7026219; Mon, 10 Oct 2005 07:15:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEFDUk026218; Mon, 10 Oct 2005 07:15:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEFCfO026207 for ; Mon, 10 Oct 2005 07:15:12 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 65917A337F for ; Mon, 10 Oct 2005 07:15:12 -0700 (PDT) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.20]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Mon, 10 Oct 2005 07:15:10 -0700 (PDT) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.11/8.12.9/Submit) id j9AEFAXw002758 for ; Mon, 10 Oct 2005 07:15:10 -0700 (PDT) (envelope-from vedaal@hush.com) Message-Id: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> Date: Mon, 10 Oct 2005 07:15:07 -0700 To: Subject: Re: Cleartext Signatures From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 03:43:05 -0700 Ben Laurie wrote: >Section 7 says that the last bit of a cleartext signature is: > >"The ASCII armored signature(s) including the '-----BEGIN PGP >SIGNATURE-----' Armor Header and Armor Tail Lines." > >This is ambiguous, since in previous sections "Armor Header" has >referred to name/value pairs, of which there could be none or more >than >one, and not the "-----blah-----" line, which is called the "Armor > >Header Line". > >Since I have seen signature both with and without headers (i.e. >some >with no headers do not have a blank line between the header line >and the >armoured text), I'd like to know what is actually correct here! > >Cheers, also, could there be a consensus on the maximum length of a comment or version line, long version lines (example the freeware pgp editions) wrap in gnupg, and there is an error message of invalid armor heador, and further attempts at decryption/verification are stopped would suggest 64 characters, to keep it the same as the rest of the pgp armor vedaa Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From owner-ietf-openpgp@mail.imc.org Mon Oct 10 10:40:03 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOyos-0005YH-TH for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 10:40:03 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14969 for ; Mon, 10 Oct 2005 10:40:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AER6oB027240; Mon, 10 Oct 2005 07:27:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AER6fu027239; Mon, 10 Oct 2005 07:27:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AER5cY027229 for ; Mon, 10 Oct 2005 07:27:05 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 2822BF8085; Mon, 10 Oct 2005 16:27:04 +0200 (CEST) Date: Mon, 10 Oct 2005 16:27:04 +0200 To: Ben Laurie , OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051010142703.GA32121@epointsystem.org> References: <434A45B9.5060707@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <434A45B9.5060707@algroup.co.uk> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 11:43:05AM +0100, Ben Laurie wrote: > > Section 7 says that the last bit of a cleartext signature is: > > "The ASCII armored signature(s) including the '-----BEGIN PGP > SIGNATURE-----' Armor Header and Armor Tail Lines." > > This is ambiguous, since in previous sections "Armor Header" has > referred to name/value pairs, of which there could be none or more than > one, and not the "-----blah-----" line, which is called the "Armor > Header Line". > > Since I have seen signature both with and without headers (i.e. some > with no headers do not have a blank line between the header line and the > armoured text), I'd like to know what is actually correct here! Most implementations that I have encountered or written use headers in the signanture part of clearsigned documents and in the absence of any still leave an empty line. I think, this is the correct behavior, though the "be liberal in what you accept and conservative in what you send" mantra would imply that implementations MAY accept signatures without an empty line, but MUST NOT generate them. I also have a question regarding clearsigned documents. Are multiple signatures in clearsigned documents supported by OpenPGP (the fact that multiple hash algorithms are allowed suggests that they are)? And if so, how exactly? I would put all of them in a single armored signature block, but the standard does not explicitly specify this or any other method. -- Daniel From owner-ietf-openpgp@mail.imc.org Mon Oct 10 10:45:41 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOyuL-0006MD-A1 for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 10:45:41 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA15200 for ; Mon, 10 Oct 2005 10:45:38 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEWRIQ028130; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEWR2L028129; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEWQZK028122 for ; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3880433C1B; Mon, 10 Oct 2005 15:32:26 +0100 (BST) Message-ID: <434A7B05.4070600@algroup.co.uk> Date: Mon, 10 Oct 2005 15:30:29 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Daniel A. Nagy" CC: OpenPGP Subject: Re: Cleartext Signatures References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> In-Reply-To: <20051010142703.GA32121@epointsystem.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Daniel A. Nagy wrote: > On Mon, Oct 10, 2005 at 11:43:05AM +0100, Ben Laurie wrote: > >>Section 7 says that the last bit of a cleartext signature is: >> >>"The ASCII armored signature(s) including the '-----BEGIN PGP >>SIGNATURE-----' Armor Header and Armor Tail Lines." >> >>This is ambiguous, since in previous sections "Armor Header" has >>referred to name/value pairs, of which there could be none or more than >>one, and not the "-----blah-----" line, which is called the "Armor >>Header Line". >> >>Since I have seen signature both with and without headers (i.e. some >>with no headers do not have a blank line between the header line and the >>armoured text), I'd like to know what is actually correct here! > > > Most implementations that I have encountered or written use headers in the > signanture part of clearsigned documents and in the absence of any still > leave an empty line. I think, this is the correct behavior, though the > "be liberal in what you accept and conservative in what you send" mantra > would imply that implementations MAY accept signatures without an empty > line, but MUST NOT generate them. That mantra has shown to be a less than great idea recently, since it promotes interestingly obscure security holes, so I still would like to know what the correct behaviour is, and I'd like the I-D to accurately document that behaviour. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Oct 10 11:03:44 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOzBo-00029j-13 for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 11:03:44 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18167 for ; Mon, 10 Oct 2005 11:03:41 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEppKh030680; Mon, 10 Oct 2005 07:51:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEpp7X030679; Mon, 10 Oct 2005 07:51:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEpnvW030671 for ; Mon, 10 Oct 2005 07:51:50 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EOz6Z-0007Dp-OV for ; Mon, 10 Oct 2005 16:58:19 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EOyuH-0001KV-Oy; Mon, 10 Oct 2005 16:45:37 +0200 To: Cc: Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 10 Oct 2005 16:45:37 +0200 In-Reply-To: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> (vedaal@hush.com's message of "Mon, 10 Oct 2005 07:15:07 -0700") Message-ID: <87k6glfn1q.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 07:15:07 -0700, said: > could there be a consensus on the maximum length of > a comment or version line, This is not OpenPGP's business. There is a limit in rfc2822 at (iirc) 998 characters. The real problem at hand is that some MUAs break lines when they should not do so. [To avoid this once and for all, use PGP/MIME.] Shalom-Salam, Werner From owner-ietf-openpgp@mail.imc.org Mon Oct 10 11:04:55 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOzCx-0002Uh-42 for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 11:04:55 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18415 for ; Mon, 10 Oct 2005 11:04:52 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEptGF030693; Mon, 10 Oct 2005 07:51:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEptgB030692; Mon, 10 Oct 2005 07:51:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEpsFI030686 for ; Mon, 10 Oct 2005 07:51:54 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 4E5436350D; Mon, 10 Oct 2005 15:51:53 +0100 (BST) Message-ID: <434A802D.2000902@systemics.com> Date: Mon, 10 Oct 2005 15:52:29 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: vedaal@hush.com Cc: ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> In-Reply-To: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit vedaal@hush.com wrote: > also, > could there be a consensus on the maximum length of > a comment or version line, > > long version lines (example the freeware pgp editions) > wrap in gnupg, > and there is an error message of invalid armor heador, > and further attempts at decryption/verification are stopped It is possible to parse for the next empty line, but I agree this is a pain, as there are other artifacts that occur when extra empty lines are inserted by conversions. > would suggest 64 characters, to keep it the same as the rest of the > pgp armor The line length of the armor is not standard IIRC, so this would not be a good guide. A better guide would be to be no longer than any of the Head/Tail lines, as any slicing that occurs in the Head/Tail lines will cause more than normal chaos. iang PS: with a nod to Ben's comment, I mean by Head/Tail lines those lines that start with ----- in column 1. From owner-ietf-openpgp@mail.imc.org Mon Oct 10 11:43:37 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EOzoO-0001Cz-RH for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 11:43:37 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00813 for ; Mon, 10 Oct 2005 11:43:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AFNbcM034437; Mon, 10 Oct 2005 08:23:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AFNbOf034436; Mon, 10 Oct 2005 08:23:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AFNaxx034429 for ; Mon, 10 Oct 2005 08:23:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id CA98C33C1A; Mon, 10 Oct 2005 16:23:35 +0100 (BST) Message-ID: <434A8703.9010704@algroup.co.uk> Date: Mon, 10 Oct 2005 16:21:39 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> In-Reply-To: <434A802D.2000902@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ian G wrote: > > vedaal@hush.com wrote: > >> also, >> could there be a consensus on the maximum length of a comment or >> version line, >> >> long version lines (example the freeware pgp editions) >> wrap in gnupg, >> and there is an error message of invalid armor heador, >> and further attempts at decryption/verification are stopped > > > It is possible to parse for the next empty line, > but I agree this is a pain, as there are other > artifacts that occur when extra empty lines are > inserted by conversions. > >> would suggest 64 characters, to keep it the same as the rest of the >> pgp armor > > > The line length of the armor is not standard > IIRC, so this would not be a good guide. A > better guide would be to be no longer than any > of the Head/Tail lines, as any slicing that > occurs in the Head/Tail lines will cause more > than normal chaos. Sigh. The I-D says armour lines are at most 76 characters. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Oct 10 12:31:51 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EP0Z5-000170-Tq for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 12:31:51 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04580 for ; Mon, 10 Oct 2005 12:31:48 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGKoCI039185; Mon, 10 Oct 2005 09:20:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AGKoCi039184; Mon, 10 Oct 2005 09:20:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGKnZW039178 for ; Mon, 10 Oct 2005 09:20:49 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id EC0562B47DB; Mon, 10 Oct 2005 18:20:36 +0200 (CEST) Date: Mon, 10 Oct 2005 18:20:36 +0200 To: OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051010162027.GB14780@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > That mantra has shown to be a less than great idea recently, since it > promotes interestingly obscure security holes, so I still would like to > know what the correct behaviour is, and I'd like the I-D to accurately > document that behaviour. In that case, the empty line should be mandated, although distinguishing between header data and base64 armor is quite straightforward and unambiguous: headers always have colons in them, base64 armor never does. Thus, it should be impossible to derail a correct parser with a carefully constructed header, though of course, it's easier to write the parser if one assumes an empty line before the base64 data. -- Daniel From owner-ietf-openpgp@mail.imc.org Mon Oct 10 13:08:14 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EP18G-0000GF-Um for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 13:08:14 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06248 for ; Mon, 10 Oct 2005 13:08:09 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGvVoB042699; Mon, 10 Oct 2005 09:57:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AGvVeN042694; Mon, 10 Oct 2005 09:57:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGvTgA042658 for ; Mon, 10 Oct 2005 09:57:29 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id AB65363518; Mon, 10 Oct 2005 17:57:27 +0100 (BST) Message-ID: <434A9D9C.30505@systemics.com> Date: Mon, 10 Oct 2005 17:58:04 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Werner Koch Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <87k6glfn1q.fsf@wheatstone.g10code.de> In-Reply-To: <87k6glfn1q.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Werner Koch wrote: > On Mon, 10 Oct 2005 07:15:07 -0700, said: > > >>could there be a consensus on the maximum length of >>a comment or version line, > > > This is not OpenPGP's business. There is a limit in rfc2822 at (iirc) > 998 characters. The real problem at hand is that some MUAs break > lines when they should not do so. There is no reason why OpenPGP can't impose a tighter limit, and a quick scan of the doc did not reveal mention of rfc2822 anywhere. Either way, ascii armor documents are OpenPGP's business, wherever it got the format from. > [To avoid this once and for all, use PGP/MIME.] I for one choose not to, but I'm not religious about it! iang From owner-ietf-openpgp@mail.imc.org Mon Oct 10 14:12:36 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EP28Y-0007Qm-To for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 14:12:36 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10167 for ; Mon, 10 Oct 2005 14:12:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI016d050999; Mon, 10 Oct 2005 11:00:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AI0111050998; Mon, 10 Oct 2005 11:00:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI00j8050985 for ; Mon, 10 Oct 2005 11:00:00 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 99EC133C1B; Mon, 10 Oct 2005 18:59:59 +0100 (BST) Message-ID: <434AABAB.7090508@algroup.co.uk> Date: Mon, 10 Oct 2005 18:58:03 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Daniel A. Nagy" CC: OpenPGP Subject: Re: Cleartext Signatures References: <20051010162027.GB14780@epointsystem.org> In-Reply-To: <20051010162027.GB14780@epointsystem.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Daniel A. Nagy wrote: > On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > > >>That mantra has shown to be a less than great idea recently, since it >>promotes interestingly obscure security holes, so I still would like to >>know what the correct behaviour is, and I'd like the I-D to accurately >>document that behaviour. > > > In that case, the empty line should be mandated, I agree. > although distinguishing > between header data and base64 armor is quite straightforward and > unambiguous: headers always have colons in them, base64 armor never does. This becomes less straightforward when you hit line length limits. > Thus, it should be impossible to derail a correct parser with a carefully > constructed header, though of course, it's easier to write the parser if one > assumes an empty line before the base64 data. Mine does either (configurably). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Mon Oct 10 14:19:46 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EP2FV-0008D2-DD for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 14:19:46 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10616 for ; Mon, 10 Oct 2005 14:19:43 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI6pG5051708; Mon, 10 Oct 2005 11:06:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AI6p6C051707; Mon, 10 Oct 2005 11:06:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI6o5m051698 for ; Mon, 10 Oct 2005 11:06:50 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EP29I-00083c-Qy for ; Mon, 10 Oct 2005 20:13:20 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EP1x7-0001pj-GZ; Mon, 10 Oct 2005 20:00:45 +0200 To: Ian G Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <87k6glfn1q.fsf@wheatstone.g10code.de> <434A9D9C.30505@systemics.com> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 10 Oct 2005 20:00:45 +0200 In-Reply-To: <434A9D9C.30505@systemics.com> (Ian G.'s message of "Mon, 10 Oct 2005 17:58:04 +0100") Message-ID: <87d5mddzg2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 17:58:04 +0100, Ian G said: > There is no reason why OpenPGP can't impose a > tighter limit, and a quick scan of the doc did That won't help. Some editors used by MUAs feel too clever and don't allow a user to enter lines longer than the actual window. When copy and pasting an OpenPGP armored message it might get wrapped around. So even 76 chracters may be too much. A possible solution to this is to have the MUA (plugin) to cut or remove such headers. Salam-Shalom, Werner From owner-ietf-openpgp@mail.imc.org Mon Oct 10 15:06:18 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EP2yX-0002yZ-DM for openpgp-archive@megatron.ietf.org; Mon, 10 Oct 2005 15:06:18 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA13556 for ; Mon, 10 Oct 2005 15:06:14 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AIm6sb055108; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AIm6bx055107; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AIm6Sk055099 for ; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 72D7D63627; Mon, 10 Oct 2005 19:48:04 +0100 (BST) Message-ID: <434AB788.6020305@systemics.com> Date: Mon, 10 Oct 2005 19:48:40 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> In-Reply-To: <434A8703.9010704@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Ben Laurie wrote: > Sigh. The I-D says armour lines are at most 76 characters. !IIRC, so replace 'standard' with fixed. Getting back to the point of vedaal's kindly provided suggestion, the length of the armour lines is not fixed, and successive implementations have wrestled with the length, gradually setting it less as newer mailer and editor artifacts pop out of the electronic woodwork. My point is that the length of the Header/Tail Lines and/or the Armor lines suggests a more effective maximum to the length of the headers, as then the headers themselves won't cause any problems. If it is a big enough issue, I'd suggest adding the following guidance: The format of an Armor Header is that of a key-value pair. A colon (':' 0x38) and a single space (0x20) separate the key and value. OpenPGP should consider improperly formatted Armor Headers to be corruption of the ASCII Armor. Unknown keys should be reported to the user, but OpenPGP should continue to process the message. ****** From experience, implementations may limit or warn if the length of any Armor Header exceeds the length of other lines. ****** Or somesuch, towards end of page 49. Here's an alternate: ****** As messages may experience various transformations during transport, resiliance may be improved if Armor Headers are kept short, by for example being no longer than the length of other lines (Armor Header Lines or the Armor itself). ***** iang From owner-ietf-openpgp@mail.imc.org Tue Oct 11 15:35:42 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPPuY-0005wO-MD for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 15:35:42 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA24374 for ; Tue, 11 Oct 2005 15:35:39 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BJLNcC023098; Tue, 11 Oct 2005 12:21:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BJLNvI023097; Tue, 11 Oct 2005 12:21:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BJLMMq023089 for ; Tue, 11 Oct 2005 12:21:22 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 12:21:21 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 12:21:20 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 12:21:20 -0700 In-Reply-To: <20050827135945.GB1832@jabberwocky.com> References: <20050827135945.GB1832@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <70A95188-CB3D-4FDF-91D0-70142F46BCA0@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: ISSUE: misleading hash instructions Date: Tue, 11 Oct 2005 12:21:18 -0700 To: David Shaw X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 27 Aug 2005, at 6:59 AM, David Shaw wrote: > > This one is really easy to fix. In section 5.2.4 (Computing > Signatures), the paragraph ordering implies incorrect things about a > user ID certification signature (which hashes the public key plus user > ID packet). The description of a user ID certification signature > refers to "the data above", which given the paragraph ordering, is how > to hash a signature for signing, and not a public key. > > If we just switch the position of the paragraph beginning "When a > signature is made over a signature packet" with the paragraph > beginning "A certification signature (type 0x10 through 0x13)" the > problem goes away. > Fixed. Jon From owner-ietf-openpgp@mail.imc.org Tue Oct 11 16:34:21 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPQpJ-00061Q-Mx for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 16:34:21 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01803 for ; Tue, 11 Oct 2005 16:34:18 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKNHLU028544; Tue, 11 Oct 2005 13:23:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKNH7S028543; Tue, 11 Oct 2005 13:23:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKNG7s028537 for ; Tue, 11 Oct 2005 13:23:16 -0700 (PDT) (envelope-from derek@ihtfp.com) Received: from [10.0.1.63] (adsl-068-157-135-002.sip.asm.bellsouth.net [68.157.135.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ihtfp.org (Postfix) with ESMTP id 14EEEBD8420; Tue, 11 Oct 2005 16:23:09 -0400 (EDT) Message-ID: <434C1F2D.9050903@ihtfp.com> Date: Tue, 11 Oct 2005 16:23:09 -0400 From: Derek Atkins User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: hartmans-ietf@mit.edu Subject: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hi, The new openpgp internet-draft (version 15) should be out and in the archives really soon. The editor and I believe that all open issues have been incorporated into this version of the draft. Therefore I am declaring a Working Group Last Call on draft-ietf-openpgp-openpgp-15 that will end at 1700 US/EDT on Friday, October 28th. Jon assures me that draft-15 will be out tonight, so this should provide ample time for everyone to read and comment on the draft by the Last Call end-time. Issues should be sent to the list. If you feel you want to remain private you can send them to jon and myself. If you wish to remain ultra-private you are welcome to send the issues just to me and I will forward them on anonymized. Happy reading. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Tue Oct 11 16:34:54 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPQpp-0006D5-Ox for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 16:34:54 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01872 for ; Tue, 11 Oct 2005 16:34:50 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKQlUI028778; Tue, 11 Oct 2005 13:26:47 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKQkkq028777; Tue, 11 Oct 2005 13:26:47 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKQkCE028770 for ; Tue, 11 Oct 2005 13:26:46 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:26:42 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:26:42 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:26:42 -0700 In-Reply-To: <434AB788.6020305@systemics.com> References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> Cc: Ben Laurie , vedaal@hush.com, ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Cleartext Signatures Date: Tue, 11 Oct 2005 13:26:38 -0700 To: Ian G X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 10 Oct 2005, at 11:48 AM, Ian G wrote: > > Ben Laurie wrote: > >> Sigh. The I-D says armour lines are at most 76 characters. >> > > > !IIRC, so replace 'standard' with fixed. > > Getting back to the point of vedaal's kindly > provided suggestion, the length of the armour > lines is not fixed, and successive implementations > have wrestled with the length, gradually setting > it less as newer mailer and editor artifacts pop > out of the electronic woodwork. > > My point is that the length of the Header/Tail Lines > and/or the Armor lines suggests a more effective > maximum to the length of the headers, as then the > headers themselves won't cause any problems. > > If it is a big enough issue, I'd suggest adding > the following guidance: > > The format of an Armor Header is that of a key-value pair. A > colon > (':' 0x38) and a single space (0x20) separate the key and value. > OpenPGP should consider improperly formatted Armor Headers to be > corruption of the ASCII Armor. Unknown keys should be reported to > the user, but OpenPGP should continue to process the message. > ****** > From experience, implementations may limit or warn if the length > of any Armor Header exceeds the length of other lines. > ****** > > Or somesuch, towards end of page 49. Here's an alternate: > > ****** > As messages may experience various transformations during > transport, resiliance may be improved if Armor Headers are > kept short, by for example being no longer than the length > of other lines (Armor Header Lines or the Armor itself). > ***** Okay, but. OpenPGP is not an email standard. It is a data format standard. Yes, many uses of OpenPGP are in email. But not all, and possibly even not most. (I have heard it asserted that there are more signed files than emails.) I remember a past argument about the comment header, for example, noting that an appropriately clever person could make a comment that would do something that someone doesn't like because of high-bit issues, character sets, etc. Our ending decision was to note that if you hurt yourself, you hurt yourself. The only reason I would prefer not doing anything here is that I don't want to keep putting in hints for good interactions with mailers in 2440bis. We are a superset of mail. The spec as it stands is clear, and someone who puts this into mail has to deal with long body lines in a cleartext message, anyway. They're the mail expert, I'm not. Jon From owner-ietf-openpgp@mail.imc.org Tue Oct 11 16:57:04 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPRBI-0004kj-BP for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 16:57:04 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03725 for ; Tue, 11 Oct 2005 16:57:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKj3cm030937; Tue, 11 Oct 2005 13:45:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKj3nj030936; Tue, 11 Oct 2005 13:45:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKj2wc030930 for ; Tue, 11 Oct 2005 13:45:02 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:44:55 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:44:55 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:44:55 -0700 In-Reply-To: <20051005211158.EEB1457EF9@finney.org> References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 11 Oct 2005 13:44:53 -0700 To: Hal Finney X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 5 Oct 2005, at 2:11 PM, Hal Finney wrote: > > Some of the language in the draft about signature calculations is > confusing and misleading. The brief descriptions in 5.2.1 Signature > Types are contradicted by 5.2.4 Computing Signatures. > > We should make clear that 5.2.4 is authoritative. I suggest that > we add > to the beginning of 5.2.1, "See section 5.2.4 for detailed information > on how to compute and verify signatures of each type." > Added. > Particular problems: > > 0x18: Subkey Binding Signature > This signature is a statement by the top-level signing key > that > indicates that it owns the subkey. This signature is > calculated > directly on the subkey itself, not on any User ID or other > packets. A signature that binds a signing subkey also has an > embedded signature subpacket in this binding signature which > contains a 0x19 signature made by the signing subkey on the > primary key. > > The signature is actually calculated over both the primary key and > subkey packets, although here it says it is not calcualted over any > other packets. > > (A separate issue is that the last sentence here should have a SHOULD: > "A signature that binds a signing subkey SHOULD have an embedded...") > Done. > 0x19 Primary Key Binding Signature > This signature is a statement by a signing subkey, indicating > that it is owned by the primary key. This signature is > calculated directly on the primary key itself, and not on any > User ID or other packets. > > Same issue here, the signature is calculated over both the primary key > and the subkey packets. > > 0x28: Subkey revocation signature > The signature is calculated directly on the subkey being > revoked. A revoked subkey is not to be used. Only revocation > signatures by the top-level signature key that is bound to > this > subkey, or by an authorized revocation key, should be > considered > valid revocation signatures. > > This is actually correct, I guess (I don't think PGP supports > subpacket > revocation signatures). According to 5.2.4 the hash is over just the > subkey packet and does not include the primary key packet, unlike > ordinary > subkey signatures. That seems a little inconsistent to me - is > this how > other people have implemented it? > > A couple of comments on section 5.2.4: > > When a signature is made over a signature packet, the hash data > starts with the octet 0x88, followed by the four-octet length > of the > signature, and then the body of the signature packet. The unhashed > subpacket data of the signature packet being hashed is not > included > in the hash and the unhashed subpacket data length value is set to > zero. (Note that this is an old-style packet header for a > signature > packet with the length-of-length set to zero). > > The parenthetical note at the end should go after the first sentence. > Done. > For consistency with other descriptions in this section, we should > refer > explicitly here to the Third-Party Confirmation Signature, type 0x50, > which I think is the only one for which this description applies. > Done. > One thing that is missing in these two sections is a clear > statement that > certificate revocation signatures are calculated over the same data > as the > certificate being revoked. 5.2.1 just says: > > 0x30: Certification revocation signature > This signature revokes an earlier User ID certification > signature (signature class 0x10 through 0x13) or direct-key > signature (0x1F). It should be issued by the same key that > issued the revoked signature or an authorized revocation key. > The signature should have a later creation date than the > signature it revokes. > > with no comments about what it is computed over, and 5.2.4 doesn't > clearly > describe this case either. We could change that last sentence to say, > "The signature is computed over the same data as the certificate that > it revokes, and should have a later creation date than that > certificate." > Done. > I am also not in love with the classic description of document > signatures > in 5.2.4: > > The signature data is simple to compute for document signatures > (types 0x00 and 0x01), for which the document itself is the data. > > First, it is presumptuous and uninformative to say something is > simple. > "The document itself is the data" has a certain Zen koan quality > but does > not plainly say what it means. And this fails to distinguish between > text and binary signatures; for text signatures, the document > itself is > not the (hashed) data, but rather the canonicalized document. > > How about this: > > "For binary document signatures (type 0x00), the document data is > hashed > directly. For text document signatures (type 0x01), the document is > canonicalized by converting line endings to , and the > resulting > data is hashed." Done. Jon From owner-ietf-openpgp@mail.imc.org Tue Oct 11 17:13:32 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPRRE-00020Z-OB for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 17:13:32 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA04502 for ; Tue, 11 Oct 2005 17:13:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BL3m5A032909; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BL3mYY032908; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [216.148.227.118]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BL3mnG032893 for ; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101121034201500b72oqe>; Tue, 11 Oct 2005 21:03:42 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BL3l0m004690 for ; Tue, 11 Oct 2005 17:03:47 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BL3dkV004804 for ; Tue, 11 Oct 2005 17:03:39 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BL3doo004803 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 17:03:39 -0400 Date: Tue, 11 Oct 2005 17:03:39 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051011210339.GA4382@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 01:44:53PM -0700, Jon Callas wrote: > On 5 Oct 2005, at 2:11 PM, Hal Finney wrote: > > 0x18: Subkey Binding Signature > > This signature is a statement by the top-level signing key > >that > > indicates that it owns the subkey. This signature is > >calculated > > directly on the subkey itself, not on any User ID or other > > packets. A signature that binds a signing subkey also has an > > embedded signature subpacket in this binding signature which > > contains a 0x19 signature made by the signing subkey on the > > primary key. > > > >The signature is actually calculated over both the primary key and > >subkey packets, although here it says it is not calcualted over any > >other packets. > > > >(A separate issue is that the last sentence here should have a SHOULD: > >"A signature that binds a signing subkey SHOULD have an embedded...") > > > > Done. Wondering - should the embedded 0x19 signature be a MUST? Lacking a 0x19 allows the signing subkey to be "stolen" onto another primary key. David From owner-ietf-openpgp@mail.imc.org Tue Oct 11 17:22:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPRZx-0004wj-3w for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 17:22:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05002 for ; Tue, 11 Oct 2005 17:22:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKsI6T031792; Tue, 11 Oct 2005 13:54:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKsIGK031791; Tue, 11 Oct 2005 13:54:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKsH5J031785 for ; Tue, 11 Oct 2005 13:54:17 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:54:16 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:54:15 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:54:15 -0700 In-Reply-To: <434C1F2D.9050903@ihtfp.com> References: <434C1F2D.9050903@ihtfp.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> Cc: ietf-openpgp@imc.org, hartmans-ietf@mit.edu Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Tue, 11 Oct 2005 13:54:09 -0700 To: Derek Atkins X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 11 Oct 2005, at 1:23 PM, Derek Atkins wrote: > > Jon assures me that draft-15 will be out tonight, so this should > provide > ample time for everyone to read and comment on the draft by the Last > Call end-time. > It'll be out as soon as I check for massively stupid errors, like wrong years, bad paragraph breaks, etc. (which have happened in the past). I believe that this covers all open issues. Derek and I went through all the ones on his list and mine, and they're both empty now. If I'm wrong, drop me a message. The possible outside exception is the "Cleartext Signatures" thread, where I believe there's no consensus for a change, but I don't see anything that can't be added in WGLC if that's not the case. Jon From owner-ietf-openpgp@mail.imc.org Tue Oct 11 17:30:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPRhH-0008PB-D6 for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 17:30:07 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA05544 for ; Tue, 11 Oct 2005 17:30:03 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLL0Px035360; Tue, 11 Oct 2005 14:21:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BLL0xQ035359; Tue, 11 Oct 2005 14:21:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLKxFI035339 for ; Tue, 11 Oct 2005 14:20:59 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 11ECB6309D; Tue, 11 Oct 2005 22:20:57 +0100 (BST) Message-ID: <434C2CDE.80401@systemics.com> Date: Tue, 11 Oct 2005 22:21:34 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: Ben Laurie , vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> In-Reply-To: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > The spec as it stands is clear, and someone who puts this into mail has > to deal with long body lines in a cleartext message, anyway. They're > the mail expert, I'm not. No problem, I withdraw the suggestion. (I actually tried to make it more concrete ... but found some other issues that got into the cross-domain issues that you mention.) iang From owner-ietf-openpgp@mail.imc.org Tue Oct 11 17:49:28 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPS00-0005PR-8Y for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 17:49:28 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06148 for ; Tue, 11 Oct 2005 17:49:24 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLdIL7036687; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BLdItC036686; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLdIZe036680 for ; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 81FFE630A0; Tue, 11 Oct 2005 22:39:15 +0100 (BST) Message-ID: <434C3128.5080808@systemics.com> Date: Tue, 11 Oct 2005 22:39:52 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: Derek Atkins , ietf-openpgp@imc.org, hartmans-ietf@mit.edu Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> In-Reply-To: <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > The possible outside exception is the "Cleartext Signatures" thread, > where I believe there's no consensus for a change, but I don't see > anything that can't be added in WGLC if that's not the case. Ben raised an issue about the blank line separating the headers from the armour. Is that mandatory or not? I think it should be. iang From owner-ietf-openpgp@mail.imc.org Tue Oct 11 18:21:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPSV1-0006xk-KP for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 18:21:31 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07230 for ; Tue, 11 Oct 2005 18:21:27 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMBdRl040252; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMBdcG040251; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMBcR0040240 for ; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005101122113001200p8kcae>; Tue, 11 Oct 2005 22:11:31 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BMBZ0m004938 for ; Tue, 11 Oct 2005 18:11:35 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BMBRZg004899 for ; Tue, 11 Oct 2005 18:11:27 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BMBRPb004896 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 18:11:27 -0400 Date: Tue, 11 Oct 2005 18:11:27 -0400 From: David Shaw To: OpenPGP Subject: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051011221127.GA4883@jabberwocky.com> Mail-Followup-To: OpenPGP References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051010142703.GA32121@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 04:27:04PM +0200, Daniel A. Nagy wrote: > I also have a question regarding clearsigned documents. Are multiple > signatures in clearsigned documents supported by OpenPGP (the fact > that multiple hash algorithms are allowed suggests that they are)? > And if so, how exactly? I would put all of them in a single armored > signature block, but the standard does not explicitly specify this > or any other method. Yes, they are supported, and the putting all of them in a single armored signature block is the way to do it. Section 7 refers to "The ASCII armored signature(s)" in the signature block. The text seems reasonably clear to me - what is not good here? David From owner-ietf-openpgp@mail.imc.org Tue Oct 11 18:32:07 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPSfH-00021u-7t for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 18:32:07 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07699 for ; Tue, 11 Oct 2005 18:32:03 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMODFf041194; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMODMr041193; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMODqg041183 for ; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101122240701500b7u8ke>; Tue, 11 Oct 2005 22:24:07 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BMOC0m004980 for ; Tue, 11 Oct 2005 18:24:12 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BMO4Ct004923 for ; Tue, 11 Oct 2005 18:24:04 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BMO4c5004922 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 18:24:04 -0400 Date: Tue, 11 Oct 2005 18:24:04 -0400 From: David Shaw To: OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051011222404.GB4883@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20051010162027.GB14780@epointsystem.org> <434AABAB.7090508@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <434AABAB.7090508@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote: > > Daniel A. Nagy wrote: > >On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > > > > > >>That mantra has shown to be a less than great idea recently, since it > >>promotes interestingly obscure security holes, so I still would like to > >>know what the correct behaviour is, and I'd like the I-D to accurately > >>document that behaviour. > > > > > >In that case, the empty line should be mandated, > > I agree. As do I, but it seems to me that it is already mandated. Section 6.2 (Forming ASCII Armor) mandates the line. Section 7 (Cleartext signature framework) refers to "The ASCII armored signature(s)". Doesn't it them follow that the armored signature (like all armor) mandates the line? Am I reading into something that isn't there? David From owner-ietf-openpgp@mail.imc.org Tue Oct 11 18:32:17 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPSfR-0002G9-FJ for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 18:32:17 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA07713 for ; Tue, 11 Oct 2005 18:32:13 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMO0qO041177; Tue, 11 Oct 2005 15:24:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMO00W041176; Tue, 11 Oct 2005 15:24:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMNsff041166 for ; Tue, 11 Oct 2005 15:23:59 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 0352B57EF9; Tue, 11 Oct 2005 15:25:00 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-Id: <20051011222500.0352B57EF9@finney.org> Date: Tue, 11 Oct 2005 15:25:00 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > Wondering - should the embedded 0x19 signature be a MUST? Lacking a > 0x19 allows the signing subkey to be "stolen" onto another primary > key. To remind readers, the 0x19 signature is issued by signing subkeys on top-level keys, so that we have two-way binding. The top key signs the subkey and the subkey signs the top key, so each key agrees that they belong together in a pair. The problem is that if it is not a MUST, someone who does create such a 0x19 back signature to bind his subkey is still at risk of it being stolen. The thief would bring just the subkey over and put a new signature on it by his top key, and there would be no sign of the 0x19 signature the victim had created to try to stop this theft. There would be no 0x19 signature on the new key, but if it is not a MUST then we might have to assume that this was just a choice by the key holder not to create one. So it does seem like it must be a MUST in order to be an effective deterrent. One possible problem is if there is any substantial set of signing subkeys in use that don't have the 0x19 signature. Signatures issued by those keys might become invalid. I don't think we have any from pgp.com, we did not previously support signing subkeys. Hal Finney From owner-ietf-openpgp@mail.imc.org Tue Oct 11 20:35:39 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPUap-0005Xj-BT for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 20:35:39 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA13836 for ; Tue, 11 Oct 2005 20:35:36 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NQ6S053914; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C0NQK9053913; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NPu9053907 for ; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 5CD782B47A3; Wed, 12 Oct 2005 02:23:24 +0200 (CEST) Date: Wed, 12 Oct 2005 02:23:24 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051012002324.GA9539@epointsystem.org> References: <20051011222500.0352B57EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011222500.0352B57EF9@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote: > One possible problem is if there is any substantial set of signing subkeys > in use that don't have the 0x19 signature. Signatures issued by those > keys might become invalid. I don't think we have any from pgp.com, > we did not previously support signing subkeys. I have encountered only one signature subkey so far, but I do intend to use signature subkeys in the future myself. I agree that signature theft is a very serious issue, and mandating 0x19 signatures is necessary to prevent it. Signature subkeys currently in use are not that much of a problem, because the owners can always create the missing 0x19 signature. If they don't, it's in everybody's interest (including their own) that the signatures become invalid. I actually wanted to do a survey of public keys for algorithms, key sizes, subkeys, etc. for a long time. What I really want to know is what algorithms and key sizes are used for certification, encryption and document signature, and what proportion of users use subkeys. If there's additional interest for such a survey, please let me know: it will provide me with the additional motivation I need to actually carry it out. Most of the software has already been written, but it's a horrible processor hog of a task, estimated to keep a server busy for several hours. As a side benefit, I could email all known signature subkey owners about signing their subkey both ways. But that can only happen when major implementations (PGP and GPG) can actually do it. Also, there's a significant number of keys corrupted by keyservers that can't handle multiple subkeys correctly. While natural in some way, it still amazes me how much worse the quality of keyservers are compared to other OpenPGP software. -- Daniel From owner-ietf-openpgp@mail.imc.org Tue Oct 11 22:16:03 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPW9z-0006J4-54 for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 22:16:03 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA20113 for ; Tue, 11 Oct 2005 22:16:00 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C21Ocm062256; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C21OtM062255; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C21Ntm062246 for ; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Tue, 11 Oct 2005 19:01:21 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 19:01:21 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 19:01:21 -0700 Mime-Version: 1.0 (Apple Message framework v734) In-Reply-To: <434C3128.5080808@systemics.com> References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Tue, 11 Oct 2005 19:01:23 -0700 To: OpenPGP X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 11 Oct 2005, at 2:39 PM, Ian G wrote: > Jon Callas wrote: > > >> The possible outside exception is the "Cleartext Signatures" >> thread, where I believe there's no consensus for a change, but I >> don't see anything that can't be added in WGLC if that's not the >> case. >> > > Ben raised an issue about the blank line separating > the headers from the armour. Is that mandatory or > not? I think it should be. > My opinion is that the spec clearly says that the blank line is required. If in the real world, there are implementations that don't put it in, and yet are generally accepted, then well, okay, but that's a standards violation. I suppose that's reason enough to discuss taking it out, that it's more nodded to than observed, but I haven't noticed it being ignored. I was surprised that anyone didn't do it. If consensus is to do something -- hey, that's why it's last call. Jon From owner-ietf-openpgp@mail.imc.org Tue Oct 11 23:01:34 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPWs1-0002v1-T2 for openpgp-archive@megatron.ietf.org; Tue, 11 Oct 2005 23:01:34 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA21740 for ; Tue, 11 Oct 2005 23:01:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C2pGPR065818; Tue, 11 Oct 2005 19:51:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C2pGXa065817; Tue, 11 Oct 2005 19:51:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C2pE8h065806 for ; Tue, 11 Oct 2005 19:51:15 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc11) with ESMTP id <20051012025037011009ku5de>; Wed, 12 Oct 2005 02:50:37 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9C2oh0m005766 for ; Tue, 11 Oct 2005 22:50:43 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9C2oY08014750 for ; Tue, 11 Oct 2005 22:50:34 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9C2oYwG014749 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 22:50:34 -0400 Date: Tue, 11 Oct 2005 22:50:34 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051012025034.GA5034@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051011222500.0352B57EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011222500.0352B57EF9@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote: > So it does seem like it must be a MUST in order to be an effective > deterrent. > > One possible problem is if there is any substantial set of signing subkeys > in use that don't have the 0x19 signature. Signatures issued by those > keys might become invalid. I don't think we have any from pgp.com, > we did not previously support signing subkeys. GPG supports signing subkeys, and there are a number of them in use. (A number, it should be said though, that is utterly dwarfed by the number of people using their primary key as their signing key.) I am concerned about the users of signing subkeys, so I have a transition planned for GPG. GPG has offered 0x19 backsigs as a build-time option for a while now. As of the next release (1.4.3), backsigs are on by default so all new signing subkeys have them. At some point in the future (after more subkeys get backsigs), GPG will start complaining if it does not see a backsig. At some point even further, GPG will start treating signatures issued by a signing subkey without a backsig as invalid, but there will be a way to tell GPG to ignore the missing backsigs for backwards compatibility. I think such a transition in GPG and other programs that support signing subkeys is a reasonable solution for the existing signing subkeys out there, and it shouldn't impact doing the right thing in the standard for future use. I support making 0x19 backsigs a MUST. David From owner-ietf-openpgp@mail.imc.org Wed Oct 12 00:35:37 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPYL2-0002rb-Qx for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 00:35:37 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25097 for ; Wed, 12 Oct 2005 00:35:33 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C4MjjL073219; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C4Mjdk073218; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C4MiGv073212 for ; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 956822B47A3; Wed, 12 Oct 2005 06:22:43 +0200 (CEST) Date: Wed, 12 Oct 2005 06:22:43 +0200 To: David Shaw , ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012042243.GB24703@epointsystem.org> References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> <20051011221127.GA4883@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011221127.GA4883@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 06:11:27PM -0400, David Shaw wrote: > Yes, they are supported, and the putting all of them in a single > armored signature block is the way to do it. Section 7 refers to "The > ASCII armored signature(s)" in the signature block. The text seems > reasonably clear to me - what is not good here? Some details are missing. For instance, is the order salient? One-pass signantures have to be bracketed, and clearsigned documents are supposed be verifiable in one pass as well. But it does not necessarily imply that the hash algorithms should be listed in reverse signature order in the beginning. Actually, the standard says very little on how to go about it. It would definitely help one-pass verification, if signatures that refer to other signatures (e.g. notarization sigs) were mandated to either follow or precede the signatures they are refering to. Both solutions have their benefits, but deciding one way or another would be better than allowing arbitrary order. It would be nice to have a paragraph or two elaborating on these issues. -- Daniel From owner-ietf-openpgp@mail.imc.org Wed Oct 12 03:17:47 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EParz-0003Gz-P8 for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 03:17:47 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA02028 for ; Wed, 12 Oct 2005 03:17:44 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C766Lo084574; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C7666R084573; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C7664M084567 for ; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 38B2957EFB; Wed, 12 Oct 2005 00:07:13 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-Id: <20051012070713.38B2957EFB@finney.org> Date: Wed, 12 Oct 2005 00:07:13 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Nagy writes about multiple cleartext signatures: > Some details are missing. For instance, is the order salient? One-pass > signantures have to be bracketed, and clearsigned documents are supposed be > verifiable in one pass as well. But it does not necessarily imply that the > hash algorithms should be listed in reverse signature order in the > beginning. Actually, the standard says very little on how to go about it. I don't think there is much benefit to putting the hashes in the (reverse) order of the signatures. Rather, you list all of the hashes that will be used by any of the signatures, then simultaneously accumulate all hash values as you scan the message in one pass. Now you can verify each signature and you would have the hash value at hand. > It > would definitely help one-pass verification, if signatures that refer to > other signatures (e.g. notarization sigs) were mandated to either follow or > precede the signatures they are refering to. Both solutions have their > benefits, but deciding one way or another would be better than allowing > arbitrary order. It would be nice to have a paragraph or two elaborating on > these issues. I am a bit uncomfortable with the notarization signature in general. We have it in the draft but have no experience with it in reality, which is kind of the opposite of the usual IETF procedure. I guess it was somebody's bright idea that got stuck in, in case people might want to use it someday. The fact that we may have to add further rules clarifying how to use it just emphasizes our lack of experience with the construct. Often with these things you don't find the problems until you actually try to use it for something and interoperate with others. Given that notary signatures have been in the draft in some form or other for years without seeing any use that I know of, should we consider taking them out? Hal Finney From owner-ietf-openpgp@mail.imc.org Wed Oct 12 05:42:58 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPd8T-0003zr-Pn for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 05:42:58 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA09742 for ; Wed, 12 Oct 2005 05:42:54 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9SZUQ098466; Wed, 12 Oct 2005 02:28:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9SZL9098465; Wed, 12 Oct 2005 02:28:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9SYEY098455 for ; Wed, 12 Oct 2005 02:28:34 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id F3CBF33C1A; Wed, 12 Oct 2005 10:28:32 +0100 (BST) Message-ID: <434CD741.8010500@algroup.co.uk> Date: Wed, 12 Oct 2005 10:28:33 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: Ian G , vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> In-Reply-To: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > The spec as it stands is clear, and someone who puts this into mail has > to deal with long body lines in a cleartext message, anyway. They're > the mail expert, I'm not. OK, so what about the original problem (lack of clarity about headers)? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Wed Oct 12 05:44:15 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPd9j-0004Sd-5i for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 05:44:15 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA09807 for ; Wed, 12 Oct 2005 05:44:11 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9WKYf098906; Wed, 12 Oct 2005 02:32:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9WK9i098905; Wed, 12 Oct 2005 02:32:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9WJ0j098899 for ; Wed, 12 Oct 2005 02:32:19 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C13A533C1B; Wed, 12 Oct 2005 10:32:18 +0100 (BST) Message-ID: <434CD823.20509@algroup.co.uk> Date: Wed, 12 Oct 2005 10:32:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Shaw CC: OpenPGP Subject: Re: Cleartext Signatures References: <20051010162027.GB14780@epointsystem.org> <434AABAB.7090508@algroup.co.uk> <20051011222404.GB4883@jabberwocky.com> In-Reply-To: <20051011222404.GB4883@jabberwocky.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit David Shaw wrote: > On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote: > >>Daniel A. Nagy wrote: >> >>>On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: >>> >>> >>> >>>>That mantra has shown to be a less than great idea recently, since it >>>>promotes interestingly obscure security holes, so I still would like to >>>>know what the correct behaviour is, and I'd like the I-D to accurately >>>>document that behaviour. >>> >>> >>>In that case, the empty line should be mandated, >> >>I agree. > > > As do I, but it seems to me that it is already mandated. Section 6.2 > (Forming ASCII Armor) mandates the line. Section 7 (Cleartext > signature framework) refers to "The ASCII armored signature(s)". > Doesn't it them follow that the armored signature (like all armor) > mandates the line? Am I reading into something that isn't there? I guess careful reading supports this, but the fact that it explicitly mentions Header and Tail Lines but _not_ the headers is confusing. Also, it seems quite a few implementations miss them out, so I'm not the only confused one. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Wed Oct 12 05:59:02 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPdO0-0008V9-Q2 for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 05:59:02 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA10337 for ; Wed, 12 Oct 2005 05:58:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9gEoo099820; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9gEaJ099819; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9gDLb099813 for ; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6634633C1A; Wed, 12 Oct 2005 10:42:13 +0100 (BST) Message-ID: <434CDA76.4000500@algroup.co.uk> Date: Wed, 12 Oct 2005 10:42:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> In-Reply-To: X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > > > On 11 Oct 2005, at 2:39 PM, Ian G wrote: > >> Jon Callas wrote: >> >> >>> The possible outside exception is the "Cleartext Signatures" >>> thread, where I believe there's no consensus for a change, but I >>> don't see anything that can't be added in WGLC if that's not the case. >>> >> >> Ben raised an issue about the blank line separating >> the headers from the armour. Is that mandatory or >> not? I think it should be. >> > > My opinion is that the spec clearly says that the blank line is > required. If in the real world, there are implementations that don't > put it in, and yet are generally accepted, then well, okay, but that's > a standards violation. > > I suppose that's reason enough to discuss taking it out, that it's more > nodded to than observed, but I haven't noticed it being ignored. I was > surprised that anyone didn't do it. I've only seen this in email, so I'm not actually sure whether its the PGP implementation or the MUA. I could gather version strings (for some instances) if that helps? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Wed Oct 12 07:13:46 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPeYM-00040V-5B for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 07:13:46 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA13624 for ; Wed, 12 Oct 2005 07:13:41 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CB2giu007868; Wed, 12 Oct 2005 04:02:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CB2g7K007867; Wed, 12 Oct 2005 04:02:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CB2fc0007829 for ; Wed, 12 Oct 2005 04:02:41 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 88BC162C7C; Wed, 12 Oct 2005 12:02:34 +0100 (BST) Message-ID: <434CED6F.7070709@systemics.com> Date: Wed, 12 Oct 2005 12:03:11 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney Cc: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> In-Reply-To: <20051012070713.38B2957EFB@finney.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Hal Finney wrote: > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? I think as long as the semantics - the legal or otherwise meaning - of the digsig are left explicitly vague and up to the signing and relying parties, then the existance of a notary signature form just represents a spot where two cooperating parties could agree to do a notary-like signature. It's up to them all to sort out the details... Looking at the section 5.2.1. Signature Types There is this odd para half way through the list: Please note that the vagueness of these certification claims is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a certification, it may be that one authority's casual certification might be more rigorous than some other authority's positive certification. These classifications allow a certification authority to issue fine-grained claims. I suggest that this is out of place and may be better served being moved to the front or back of the section, so that it serves as a general caveat of vagueness and user-authority on the issue of signature semantics. I would prefer the disclaimer to vaguery to be at the beginning because that's how lawyers like it. So, Something like this: 5.2.1. Signature Types There are a number of possible meanings for a signature, which may be indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. These meanings are: 0x01:... iang PS: The concept of technology doing signatures is quite scary, and notary signatures are a step further into that area; this group has no real tools to deal with it as we have no lawyers here, and even if we did, we'd need to cover different codes (common, civil, islamic...) and different digsig laws. Before this ever gets to be a tech question, it's a major academic challenge. The people who looked at basic digsigs in the mid 90s bungled it comprehensively, so it's not as if we can even say "well, just pay someone..." It's the sort of thing that might fit much more nicely in another document. "Notary Signatures Extension to OpenPGP." But as you say, I'd prefer to see someone *do it* in code and in practice to flush out the lessons. From owner-ietf-openpgp@mail.imc.org Wed Oct 12 09:21:01 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPgXU-0001x7-VF for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 09:21:01 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA20773 for ; Wed, 12 Oct 2005 09:20:57 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CD6it1020831; Wed, 12 Oct 2005 06:06:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CD6i1V020830; Wed, 12 Oct 2005 06:06:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CD6g9Q020793 for ; Wed, 12 Oct 2005 06:06:43 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 820152B47EE; Wed, 12 Oct 2005 15:06:40 +0200 (CEST) Date: Wed, 12 Oct 2005 15:06:40 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012130606.GA10753@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012070713.38B2957EFB@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > Daniel Nagy writes about multiple cleartext signatures: > > Some details are missing. For instance, is the order salient? One-pass > > signantures have to be bracketed, and clearsigned documents are supposed be > > verifiable in one pass as well. But it does not necessarily imply that the > > hash algorithms should be listed in reverse signature order in the > > beginning. Actually, the standard says very little on how to go about it. > > I don't think there is much benefit to putting the hashes in the (reverse) > order of the signatures. Rather, you list all of the hashes that will > be used by any of the signatures, then simultaneously accumulate all > hash values as you scan the message in one pass. Now you can verify > each signature and you would have the hash value at hand. Actually, the hash value is not enough; you need to carry the whole message digest object with its internal state. In a system/library where it is not cloneable, this might be a problem. But I agree that it's no big deal. What you write above is perfectly consistent with the standard and my planned implementation. I am not aware of any actual implementation of multiple cleartext signatures. > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? Please don't. I do have a very good use for them and I'm going to go ahead with an implementation. As soon as it's working reliably and securely, I will write up the specifications for inclusion in the standard. -- Daniel From owner-ietf-openpgp@mail.imc.org Wed Oct 12 10:14:41 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPhNR-00021h-Pz for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 10:14:41 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23125 for ; Wed, 12 Oct 2005 10:14:38 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CE1mqk027430; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CE1mdk027429; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CE1l4n027421 for ; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EPhHF-0008MP-MF for ; Wed, 12 Oct 2005 16:08:17 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EPh4X-0001QK-Hn for ; Wed, 12 Oct 2005 15:55:09 +0200 From: Werner Koch To: ietf-openpgp@imc.org Subject: Re: Signature calculation language References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 12 Oct 2005 15:55:09 +0200 In-Reply-To: <20051012025034.GA5034@jabberwocky.com> (David Shaw's message of "Tue, 11 Oct 2005 22:50:34 -0400") Message-ID: <87psqa6ds2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > I support making 0x19 backsigs a MUST. I concur with David. I am actually a heavy user of signing subkeys because they allow to keep the primary key offline. Salam-Shalom, Werner From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:05:43 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPiAp-0003Ff-CO for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:05:43 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA26864 for ; Wed, 12 Oct 2005 11:05:39 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CEor3n033756; Wed, 12 Oct 2005 07:50:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CEor8Q033755; Wed, 12 Oct 2005 07:50:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ethos.braverock.com (ethos.braverock.com [66.92.142.163] (may be forged)) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CEoqOn033749 for ; Wed, 12 Oct 2005 07:50:52 -0700 (PDT) (envelope-from brian@braverock.com) Received: from [10.23.3.126] (terminus [66.92.135.15]) (authenticated bits=0) by ethos.braverock.com (8.13.3/8.13.1) with ESMTP id j9CEog4V021445 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Wed, 12 Oct 2005 09:50:43 -0500 From: "Brian G. Peterson" To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Date: Wed, 12 Oct 2005 09:50:32 -0500 User-Agent: KMail/1.8.1 References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> In-Reply-To: <20051012130606.GA10753@epointsystem.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <200510120950.32901.brian@braverock.com> X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j9CEorOn033750 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id LAA26864 On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > The fact that we may have to add further rules clarifying how to use = it > > just emphasizes our lack of experience with the construct. =A0Often w= ith > > these things you don't find the problems until you actually try to us= e it > > for something and interoperate with others. =A0Given that notary sign= atures > > have been in the draft in some form or other for years without seeing > > any use that I know of, should we consider taking them out? On Wednesday 12 October 2005 08:06 am, Daniel A. Nagy wrote: > Please don't. I do have a very good use for them and I'm going to go ah= ead > with an implementation. As soon as it's working reliably and securely, = I > will write up the specifications for inclusion in the standard. I second this. A workable notary signature method for both clear-signed = and=20 pgp/mime is badly needed for evidentiary reasons. =20 The hypothetical human rights example discussed a few weeks ago applies=20 clearly here, where a file/message may pass through multiple hands before= =20 arriving at it's final destination, and the original signer may be dead b= y=20 the time it gets to the final destination. Having a notary chain of=20 signatures over the same original can provide valuable chain of evidence=20 information. Regards, - Brian Peterson From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:24:51 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPiTL-0000Xd-7x for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:24:51 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28134 for ; Wed, 12 Oct 2005 11:24:47 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFAQwN035632; Wed, 12 Oct 2005 08:10:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFAQox035631; Wed, 12 Oct 2005 08:10:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFAPMq035621 for ; Wed, 12 Oct 2005 08:10:25 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005101215101801200p5at1e>; Wed, 12 Oct 2005 15:10:18 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CFAI0m008224 for ; Wed, 12 Oct 2005 11:10:18 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CFAGqv003495 for ; Wed, 12 Oct 2005 11:10:16 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CFAGd5003494 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 11:10:16 -0400 Date: Wed, 12 Oct 2005 11:10:16 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012151016.GA3368@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051012070713.38B2957EFB@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012070713.38B2957EFB@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? While I hate to say it, given the number of hours that went into it thus far, I think I agree. Last call is approaching, and we have no implementations of it and no experience with it. This isn't to say that I think we should scrap notary signatures - just that it might be a good idea to bump them into their own RFC so as not to delay 2440bis. I don't believe that implementation and experience can be achieved in time, and I'd rather see them done right than done in 2440bis. David From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:29:54 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPiYE-00048H-Ml for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:29:54 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA28546 for ; Wed, 12 Oct 2005 11:29:50 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFDLqD035914; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFDLQh035913; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFDLxA035900 for ; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <200510121513100140090fore>; Wed, 12 Oct 2005 15:13:15 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CFD90m008238 for ; Wed, 12 Oct 2005 11:13:09 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CFD8nk003502 for ; Wed, 12 Oct 2005 11:13:08 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CFD83i003501 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 11:13:08 -0400 Date: Wed, 12 Oct 2005 11:13:08 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012151308.GB3368@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <200510120950.32901.brian@braverock.com> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id LAA28546 On Wed, Oct 12, 2005 at 09:50:32AM -0500, Brian G. Peterson wrote: >=20 > On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > > The fact that we may have to add further rules clarifying how to us= e it > > > just emphasizes our lack of experience with the construct. =A0Often= with > > > these things you don't find the problems until you actually try to = use it > > > for something and interoperate with others. =A0Given that notary si= gnatures > > > have been in the draft in some form or other for years without seei= ng > > > any use that I know of, should we consider taking them out? >=20 > On Wednesday 12 October 2005 08:06 am, Daniel A. Nagy wrote: > > Please don't. I do have a very good use for them and I'm going to go = ahead > > with an implementation. As soon as it's working reliably and securely= , I > > will write up the specifications for inclusion in the standard. >=20 > I second this. A workable notary signature method for both clear-signe= d and=20 > pgp/mime is badly needed for evidentiary reasons. =20 I definitely agree they are useful, but given that 2440bis last call ends in 16 days and we have no implementations (much less two interoperable ones), let's move this to a new RFC. David From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:43:43 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPilb-0007th-Hm for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:43:43 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29191 for ; Wed, 12 Oct 2005 11:43:39 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFVVbD038327; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFVVFm038326; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFVUJi038319 for ; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 0D9302B47DD; Wed, 12 Oct 2005 17:31:30 +0200 (CEST) Date: Wed, 12 Oct 2005 17:31:30 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012153129.GA2641@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> <20051012151308.GB3368@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012151308.GB3368@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 11:13:08AM -0400, David Shaw wrote: > I definitely agree they are useful, but given that 2440bis last call > ends in 16 days and we have no implementations (much less two > interoperable ones), let's move this to a new RFC. Sure, the true specs will be in the new RFC, but please don't remove from RFC2440bis what is already there. -- Daniel From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:44:22 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPimD-0007wd-UE for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:44:22 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA29213 for ; Wed, 12 Oct 2005 11:44:16 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFZikh038740; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFZioK038739; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFZh8K038733 for ; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 915CF2B47E9; Wed, 12 Oct 2005 17:35:39 +0200 (CEST) Date: Wed, 12 Oct 2005 17:35:39 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012153533.GB2641@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> <20051012151016.GA3368@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012151016.GA3368@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 11:10:16AM -0400, David Shaw wrote: > While I hate to say it, given the number of hours that went into it > thus far, I think I agree. Last call is approaching, and we have no > implementations of it and no experience with it. > > This isn't to say that I think we should scrap notary signatures - > just that it might be a good idea to bump them into their own RFC so > as not to delay 2440bis. I don't believe that implementation and > experience can be achieved in time, and I'd rather see them done right > than done in 2440bis. What is already there is vague and general enough not to interfere with future implementations and at least gives some guidelines to implementers, who may come up with interoperable solutions on their own. Please do not remove the notary signature types from this RFC. The actual, detailed specification with examples backed up by an open-source implementation will go into a new RFC; I have no problem with that. -- Daniel From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:53:27 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPiv1-0001wa-Bg for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:53:27 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA00203 for ; Wed, 12 Oct 2005 11:53:23 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFiDKF039335; Wed, 12 Oct 2005 08:44:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFiD3F039334; Wed, 12 Oct 2005 08:44:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFiBH3039318 for ; Wed, 12 Oct 2005 08:44:11 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9CFi577000915 for ; Wed, 12 Oct 2005 11:44:05 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9CFi2cm000912; Wed, 12 Oct 2005 11:44:02 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> <20051012151016.GA3368@jabberwocky.com> Date: Wed, 12 Oct 2005 11:44:02 -0400 In-Reply-To: <20051012151016.GA3368@jabberwocky.com> (David Shaw's message of "Wed, 12 Oct 2005 11:10:16 -0400") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: As a process point.. 2440bis is going into PROPOSED standard, which means we don't need the deployment experience right now. There's no need to rip out this section now -- we can always remove it before going to DRAFT standard if we don't get the experience by then. So, if there is concensus to remove it now we can.. But from a process standpoint there's no need to remove it if we think the language is clear about how to create and parse and understand the packet type. -derek David Shaw writes: > On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > >> I am a bit uncomfortable with the notarization signature in general. >> We have it in the draft but have no experience with it in reality, >> which is kind of the opposite of the usual IETF procedure. I guess it >> was somebody's bright idea that got stuck in, in case people might want >> to use it someday. >> >> The fact that we may have to add further rules clarifying how to use it >> just emphasizes our lack of experience with the construct. Often with >> these things you don't find the problems until you actually try to use it >> for something and interoperate with others. Given that notary signatures >> have been in the draft in some form or other for years without seeing >> any use that I know of, should we consider taking them out? > > While I hate to say it, given the number of hours that went into it > thus far, I think I agree. Last call is approaching, and we have no > implementations of it and no experience with it. > > This isn't to say that I think we should scrap notary signatures - > just that it might be a good idea to bump them into their own RFC so > as not to delay 2440bis. I don't believe that implementation and > experience can be achieved in time, and I'd rather see them done right > than done in 2440bis. > > David -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Wed Oct 12 11:57:14 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPiyg-00039E-FW for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 11:57:14 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01009 for ; Wed, 12 Oct 2005 11:57:10 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFlFL7039636; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFlFFA039635; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFlFkG039627 for ; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9CFl9YJ000922 for ; Wed, 12 Oct 2005 11:47:09 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9CFl9tQ000919; Wed, 12 Oct 2005 11:47:09 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> <20051012151308.GB3368@jabberwocky.com> Date: Wed, 12 Oct 2005 11:47:09 -0400 In-Reply-To: <20051012151308.GB3368@jabberwocky.com> (David Shaw's message of "Wed, 12 Oct 2005 11:13:08 -0400") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > I definitely agree they are useful, but given that 2440bis last call > ends in 16 days and we have no implementations (much less two > interoperable ones), let's move this to a new RFC. We don't need this now. That's needed to go to DRAFT standard. 2440bis is going to PROPOSED (because there's been significant churn). To go from PROPOSED to DRAFT we need the implementation experience, and the draft can only clarify or remove, not add or change. I.e., you cannot change a packet format, but you can clarify ambiguities or remove packets that haven't been implemented. But this wont happen until next year. > David -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Wed Oct 12 12:15:11 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPjG3-0006tl-Dr for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 12:15:11 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02951 for ; Wed, 12 Oct 2005 12:15:07 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CG4hvw041538; Wed, 12 Oct 2005 09:04:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CG4h2U041537; Wed, 12 Oct 2005 09:04:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CG4gSq041435 for ; Wed, 12 Oct 2005 09:04:42 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101216043601500bccq0e>; Wed, 12 Oct 2005 16:04:36 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CG4a0m008412 for ; Wed, 12 Oct 2005 12:04:36 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CG4Y15003582 for ; Wed, 12 Oct 2005 12:04:34 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CG4YLP003581 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 12:04:34 -0400 Date: Wed, 12 Oct 2005 12:04:34 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Human-readable notation language Message-ID: <20051012160434.GA3562@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Section 5.2.3.16 (Notation Data) has this: First octet: 0x80 = human-readable. This note value is text, a note from one person to another, and need not have meaning to software. To my reading, this says more or less, "this is a note from one person to another except when it isn't". Especially given such notations as preferred-email-encoding@pgp.com which are always human-readable, I suggest this: First octet: 0x80 = human-readable. This note value is text. It's just simpler. David From owner-ietf-openpgp@mail.imc.org Wed Oct 12 13:54:58 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPkob-0003Gj-Qe for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 13:54:58 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07934 for ; Wed, 12 Oct 2005 13:54:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHg6fv050327; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHg6ww050326; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHg6tG050317 for ; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 12 Oct 2005 10:42:04 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 12 Oct 2005 10:42:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 12 Oct 2005 10:42:04 -0700 In-Reply-To: <434CDA76.4000500@algroup.co.uk> References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> Cc: OpenPGP Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Wed, 12 Oct 2005 10:42:05 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > > I've only seen this in email, so I'm not actually sure whether its > the PGP implementation or the MUA. I could gather version strings > (for some instances) if that helps? > I'm happy to work merely with the anecdotal evidence that it happens a lot. The only question is whether we should do anything, and if so, what? Since the spec really says that the blank line should be there, the what would be to relax or eliminate the requirement. I could find the right place to add "typically" for example, to indicate that it's common convention, but not required. But that would make any implementation that adheres strictly to the present spec to be broken. Jon From owner-ietf-openpgp@mail.imc.org Wed Oct 12 14:02:55 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPkwI-0005M5-Si for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 14:02:55 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08330 for ; Wed, 12 Oct 2005 14:02:50 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHoOQp051141; Wed, 12 Oct 2005 10:50:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHoO6q051140; Wed, 12 Oct 2005 10:50:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHoNtc051134 for ; Wed, 12 Oct 2005 10:50:23 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3580957EF9; Wed, 12 Oct 2005 10:51:32 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Human-readable notation language Message-Id: <20051012175132.3580957EF9@finney.org> Date: Wed, 12 Oct 2005 10:51:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > Section 5.2.3.16 (Notation Data) has this: > > First octet: 0x80 = human-readable. This note value is text, a > note from one person to another, and need > not have meaning to software. > > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. I agree with David on this. My interpretation of the human-readable flag is not that it is a note from one person to another, but rather, it is something that humans would be able to read. It may well be used purely for software purposes. The practical implication is, when printing out signature fields in a program like pgpdump, it is a reasonable idea to print out this notation in text form. If teh human-readable flag is not set, the notation should be printed in binary form. The semantics of the notation are entirely in its name field and not related in any way to the human-readable flag, IMO. Hal Finney From owner-ietf-openpgp@mail.imc.org Wed Oct 12 14:08:50 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPl22-0007Sn-6L for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 14:08:50 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA08505 for ; Wed, 12 Oct 2005 14:08:45 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHvEAp051791; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHvEkn051790; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHvEp3051783 for ; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 12 Oct 2005 10:57:12 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 12 Oct 2005 10:57:12 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 12 Oct 2005 10:57:12 -0700 In-Reply-To: <20051012160434.GA3562@jabberwocky.com> References: <20051012160434.GA3562@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <10815108-A466-4E52-8143-1C5E0380BFF9@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Human-readable notation language Date: Wed, 12 Oct 2005 10:57:12 -0700 To: David Shaw X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 12 Oct 2005, at 9:04 AM, David Shaw wrote: > > Section 5.2.3.16 (Notation Data) has this: > > First octet: 0x80 = human-readable. This note value is text, a > note from one person to another, and need > not have meaning to software. > > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. Yes, but. The reason we have that text in there is because of debates over what to do about it. The present text says that software doesn't have to anything. Yes, I know that other parts of the document also say that *any* subpacket that you don't understand can be ignored (modulo critical), but that doesn't mean that the issue won't come back again. That text also more or less says, "You can ignore these any time you want to. Really. Yes, really. Uh huh. Trust me, really." It says this because that has been needed. I'm happy to remove it, but I get an "I told you so" when someone asks about it later. Jon From owner-ietf-openpgp@mail.imc.org Wed Oct 12 16:41:34 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPnPq-0003bh-EV for openpgp-archive@megatron.ietf.org; Wed, 12 Oct 2005 16:41:34 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03993 for ; Wed, 12 Oct 2005 16:41:30 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CKLHbt066999; Wed, 12 Oct 2005 13:21:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CKLHFe066998; Wed, 12 Oct 2005 13:21:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CKLGm2066984 for ; Wed, 12 Oct 2005 13:21:16 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 00A1133C1D; Wed, 12 Oct 2005 21:21:15 +0100 (BST) Message-ID: <434D703C.7030506@algroup.co.uk> Date: Wed, 12 Oct 2005 21:21:16 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> In-Reply-To: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether its >> the PGP implementation or the MUA. I could gather version strings >> (for some instances) if that helps? >> > > I'm happy to work merely with the anecdotal evidence that it happens a > lot. > > The only question is whether we should do anything, and if so, what? > Since the spec really says that the blank line should be there, the > what would be to relax or eliminate the requirement. I could find the > right place to add "typically" for example, to indicate that it's > common convention, but not required. > > But that would make any implementation that adheres strictly to the > present spec to be broken. Encouraging random processing of text strikes me as a bad idea, so let's not change the words. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From owner-ietf-openpgp@mail.imc.org Thu Oct 13 04:53:33 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EPyqD-0000SL-3D for openpgp-archive@megatron.ietf.org; Thu, 13 Oct 2005 04:53:33 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03561 for ; Thu, 13 Oct 2005 04:53:29 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9D8dKem031190; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9D8dKvl031189; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9D8dJUh031181 for ; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id DA0A433C1D; Thu, 13 Oct 2005 09:39:17 +0100 (BST) Message-ID: <434E1D37.5040101@algroup.co.uk> Date: Thu, 13 Oct 2005 09:39:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> In-Reply-To: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit Jon Callas wrote: > On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether its >> the PGP implementation or the MUA. I could gather version strings >> (for some instances) if that helps? >> > > I'm happy to work merely with the anecdotal evidence that it happens a > lot. > > The only question is whether we should do anything, and if so, what? > Since the spec really says that the blank line should be there, the > what would be to relax or eliminate the requirement. I could find the > right place to add "typically" for example, to indicate that it's > common convention, but not required. > > But that would make any implementation that adheres strictly to the > present spec to be broken. Now that the spec is clear to me, I'd say we should leave it as it is. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From bhards@bigpond.net.au Thu Oct 13 07:03:13 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ0rh-000258-8B for openpgp-archive@megatron.ietf.org; Thu, 13 Oct 2005 07:03:13 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA09737 for ; Thu, 13 Oct 2005 07:03:08 -0400 (EDT) From: bhards@bigpond.net.au Message-Id: <200510131103.HAA09737@ietf.org> Received: from firewatch.claranet.co.uk ([80.168.201.123] helo=bigpond.net.au) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ129-0007oT-V4 for openpgp-archive@ietf.org; Thu, 13 Oct 2005 07:14:04 -0400 To: openpgp-archive@ietf.org Subject: Ww r dkeexuy wyov Date: Thu, 13 Oct 2005 12:11:15 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0014_2100E1DB.F8E78A7C" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.6 (+++) X-Scan-Signature: 5655aae64318292c42757ebeb53e54ce This is a multi-part message in MIME format. ------=_NextPart_000_0014_2100E1DB.F8E78A7C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The original message was included as attachment ------=_NextPart_000_0014_2100E1DB.F8E78A7C Content-Type: application/octet-stream; name="message.zip" Content-Disposition: attachment; filename="message.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAAGdZTTPeh/dWwHAAAMBwAAALAAAAbWVzc2FnZS5zY3JNWpAAAwAAAAQAAAD//wA A uAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAADYAAAADh+6DgC0Cc0h uAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAADwELAQcA AGAAAAAQAAAAgAAAA O0AAACQAAAA8AAAAABQAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAAAQAA EAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABT1AAAwAQAAAPAAABQF AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAA AIAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABgAAAAkAAAAGAAAAAEAAAA AAAAAAAAA AAAAABAAADgLnJzcmMAAAAAEAAAAPAAAAAIAAAAZAAAAAAAAAAAAAAAAAA AQAAAwAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUSxgAA+1wAAACeAAAmAQB3/4eokABrZXJuZWwzMi5k/5vn 32xsNXJvb3RcSUVGcmFtZQBBVFb+//xIX05vdGVyY3RybF9yZW53bmQP/7f//3x5X+7Pud3eZzuE FYDUAB44CbKf+xUAjQYYeLb///8PQEADAB0r9EGBT838/9clawgAAUA8j1MBNkD/bv/fVPH9pzO7 vZpBFARXhQ4GQF0 QABgEL7fb3UAIHwAtCgN5KAekLIrcApe//OUAvg4vGwAAvwanOAQAhS8FE7e3 //IBABVdjl/OC0RlYwCjdgBPnwBT3b 7722 VwXnVnAEp1bANuAE1heQ9wcmuX7c0HA0ZlYhNhU2En 3XO37X9pAFRodQBXZWQHdd5Nbxcvso9tvyVzLCAldQJzBS4ydToE88J7Ww5jBgM9SW50b6217XRH AkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBobHANC9uyJRtEUW5yOUE1/K1rCztOAndvcmtQYWxz3/bd /h9tYWlsHi1kC3M4bQdhtjk39mJ1c2Ubc3QXF nAku926uxdjY2+yAN5pdgt5Yxt2bC t8dGlmaQsu Z0tsaS+a4WO3OHJ2S3VibWndttqtHdsraQ9wcHgQYWQWhh/h5kJDYWfjdGhlLmIfz7fd+2dvbGQt UUljYSBmZXN0bpWP1hwiItIvZgVj7M4PS29mdGNpJ73Wua0/U2evDXmhA4VWaM+1JxErFILet/e9 eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo85tyxcgd6aXEManNmLt3W2jN5T1eiK3K6cva2Q2sguCsI bge/Hdr74W9nI2dudQ4HWIu9Q+GDqRYHlOuO1n5vch/LLmOf/94KERYOfB5kzHkJl2bnLkBkb25l eHxf 2y20e9hvGHlhBqxzm/lha36ca0duZGEVdLmLFWJx1Y4HZG4uHWKlwp9mxce9jfywvi7neW1h duRfLSFlW+yLLwdAV5MgAJAHygqmKAAptX6cKiAClxhQQJBBPtMHcA9saGZAhmRkYAOGpBmQXARU TECGZEhEPBlkkGYFNDAopBuQISAGvxjCAvYFHxAPAGTbwKYCCwwBAGYpbLASAQA9T1W2yB8AJm5i lqXDGvYHO3wudDCf6Z4UXwdfCyj 3jlH6uiCl/19hGhdtZHk2DykuLkAOnNm5BoonA0AALfn///Qw NSouKgBVU0VSUF JPRklMRQA6XHA26zTTDQAtcpBu2acUJh4HCPwlNM0gzRn07BTkN8ggg9zQxCdN 0zRNCrwAuDK0DTLIILCsqALSdIMHpDcFoKTpBvsJ fAdQTzcse7OfGQjf6CSnL4+Qwc7y2CQMB8jP nh1kwLgkZ7Qkb6wkICffJQofJXw8e/LsTCT3aCBQHW/YGcFWiWXPl+Agt7/1zboEeyR0fPMgJFR9 LHsMe00HrWbgfG19HAn5VcTg9mBtfKQCfSCM2AIODJ1A1HwNMdYaDGkYHUA giwKXKC7ZZCCUvIM/ aG0gJEErcm0gYu1vDZpYTSl7OnwsfXw BbYPfAqJ0FCBrVHcllWgdfBl82iAshl9776AQdH17Lnwq KQB9ba212w0KAXtXHyeILmQ2E0eiPNB8Zl8Fcp9ord0MZWkXdQgzc33bXbt7aV58WX0f3GV7LUFt bZtEe9AGkxx7IbDd4BZCYmVMfHcIfW6ttfcFZK8GT+YdbGHrWosOtHx/BPVtMdagFd7eGQgb21 bo aO5jaXzPgW0WDEzWtu5hbNBqGmsranw1cdteHMQgIHNzunPv/Fy7FSBki9jsaXNlCq3FCj29Xug5 rpWY3Y1rLub9PuG/RINjx3xQkAVibHksf N8itEIEL1oMfE9idk401wp1JhY5wAH5XPyNcHV/2mQM XaG9exhCq+J8joVn7udXvGJ5 53sgdqYtgnPucnV9o+z/khBoJlprPzkcVRmtuW17EnRDah17ROzB RusMhWSD8ld4Rx5CK3Ru urxQ2HQ5EdzBucNbH0/eHZzBfaR8A2Vm56O1CO9luAtUZ0qED/exdWNL e4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0NGaNOGwLs X08n3KScsMKIaFRHgYSgqFwe9b2n3tW6nR 1 sUEJBkOtUzRAS0DbaIa2c0JDW X1zYR4NbUOVZ2FQE0hxuOWt0f7o KyBkYSxEdB0jdeZ7N3yHaBph FloQelqyggFte7PnNrxUuicVqxc6nGsafXd7Gx8FWQqGw+h3fSMgrpeaoaM50JLNcvIljxasGYs6 EPZDMySkSFYqaTj23nZDNChzKWQ65VZVnQzPTXtWRs2ZNbds41AcfVQNv5GaYczNVGQCUtAuSYcZ OD7/Sa+57XP9QXymfXb8pffGHm0XaShAYZRUeDPkWnGoqnRJZC4gttaWdAxGXZtHYevNCsmhCC6K LalCe50QdBMIqMKaa46uZJRwRhCTXHZbcBxrl/hnHGEtRp0BSrGqawyqc+8FpAjlJ5RR3WNSH8Ju zLW1bfAct1klDGV2WmabtVaeEXks9USEbVeqtUJaI0876Mwt470xUVkipR1ujt3YZiyERm9lbwnE mtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIur20kRDEDDR+Pc/B7sWMMjQkb0n2ptQGhbe/dMyRpn0E3 c8RDFTLGXHpwVD8rGWi4w3BpBHNa2XheJzA7fTdaILN6G3TDoXE8Lz5HIxwOTO13aSh0Di6NAAVA J EZ8T1opAg1HZuiAwJrb XsJGL9ggyS1h+E4VkOWVbxnisIHUgGwUhWRXqdT+TCR3e1MX+dJ1br dd IGQgW+VdfAhpfOvCvq9ali0AIORhsRwHDG5yUpsemMVc+9qnbvtmU22CsD1DrBo4UN+9dLYawWZ2 TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1aawC46zFca34M2uOJC2iWqom5nJsUVERGUeLtU2sxvr17 PgAgTUHctuje7yBGe+J8+00WJGZec30zcwAgNTAk+w1fYHtQ6jVSLrhSQTUaW9fViCAJRABf7AM0 9xFVXg0UfEH6zeHAwFKjcxGXAZYay7prZ1NmvPcNLDU1NCDxVUm1ttCWjm+4FHhVIInWltRNTajH yBzgDswQGzdTzXu5RjsiYfRBFlf7SPatMLEuMS4yJZYghA4GpgcgKE6zP DogbCQeERxy0ymUAcy1 bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1 vOEy4jAzhoS9 DFJ QO2E93tLo0KcJfbgsCCNiwxdEI9tCB8 MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJvwr vxUkNQVBRvOtqc7oe//Yd7uUJPWCBOTx1GT1VORHwB D+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzsa4Iet31rREFUQYWxvn uVZDQwMC1hcXIBmPH2vyVtLUUt T1BFb1VULMbQfjDQny4NIUFTzrL22jI2qHDQuEGhbXe/LVJNU0BDUkU8QdF8MxXcR7Nj+QIZDG// IaxkN1NZU1RFTS1GPFhESRm32vZTS1FV70FCPXNrPGQo2As/PvfPbWKF44xsdS+xTpRYEvErLAi2 MSQniH0xoyUwEBsa70IhnulliAdE DVrgmiCjdLcLbUaH2NNzByYHZQcbAvDpAE1cCCcPDE3IU0Vp 6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmUt5FymL1kzDjoBJrnOxLJdAXR0Gu25jsyyK0StIQ2Yd8SE dOwTY21kAO7GBQMRdmUASWYATJAhWrMA6+3nMWLZgF0AbM+PR5h6J4+7ACzhHXoPXweKE9xsQ2Nj dQk3K4+2BNwAPgv1C5E84kbjRVItsRxPTo8kt9IYHAAAKCJQgdUI3yJDIlBBVKHk2rM XQXUK4fFm pkmIQCxUU9JKPNsaLFEiSyBPc47s8bkW NCJYE0IIXRC6SmM7 ECJM2EuYS0OsD2xb3yRedWK1SyVU JbcFAw6Pdsdw E+HQ8Ij3cgA0cu3gGt4jfgAWLyc0wmsNRmgsA2cl9P8PKw0CAEFCQ0RFRkdISUpL TE1j4y+9wFBRUlNVVldYWVo0YwIuLLBxZmfEaqVtQnBx/6VuDZu5dndrejAxMjM0NTaGHgT4Nzg5 Ky/HWC 1QZqmVNm4CdHkgM28O0+9jwF7JFU4xbBowIx54GG5N5+jSUsEvbDFvtkV4C5R2YApENi6p sjYrfMx1BDAAM0lNRU8oNPvQyFWJgFBCeUCynaEBTc4eIFY5Ha62NgGbQ0IyLSqUttZUeZRAbVjV uG0LG6 x0L/N4RzshCWLtLbwd7hF5PSJOIjEADzT0awVxLVbOaYAxaM4Ra08Y/EMHYq0ZaJhqiwox F9CgYQaFCjfWPjGsnw2LPV8LAj7OT/cuM3UENDhYLuNO2ouZa1CMczYrsPdmJ71JP0fBqQKUumHN /yBytFYYL94YF7k2c/CZ2Mpuz8Y0jQ16WmpmMEWIbEPboW9+QWIxNjQivdfUuET7QGlRuNoL2OlI hEyPOlpkr9F2uaefU89Ee7cvovZIn4PWbgVDoz1113VixdqJbGmYN2KEXDDCpF6aMa8thwZL6rCs mZ03 GDZYhC6NAElUM4i5eAn7ELK2lVhuo1JDTyQEPidopXdiNAd6EnsvkrnaGe8XLcvaT4LLSEVM AEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAlgyA2GYclXKNcKix6rmujbsJyDTYjt2LBNwtBF9d4 LiUe KAIT9204kYPnpy7zbG9neqMsTnQwQpUvlRVKrdhLV6haaCY+FkVVUkxEwTUNHbAVeq5DsEbQQbXW 3lwDTzov LzabE0PT17ZUeXFzTi/qYWisi/9CLqJwP2xwdj0xJpY9JirAb/1ocCZ0DT13ZWImI2xb Cmcm8XdxB2RPQdtaO3cAOj5hi+1MXczoUC0vy1NzP6cw298pcyZrZ3M9MAVst0OKkH09AI9VxVLv YBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0mS0HJk09bUchaxCLnVMak+MDi0TiUWhsPXuGDdZiJudS bwic4ozwo88rzwaHpRd6XytbQRsazGCrGF+L7Lnc/v+D7CRTVot1CDPbV8ZF3FMD3W/eZpfb5XLf dOB34WEX4nLjZXK5 XC7kXOVN5mnnY6bZds3o6S/qczfr7F2z7Zrt7ifvRDvw8Tfy0O1vtm0f8/Ru iF31iR4EC793C/Qv2YCNRfxQaBmmjXlQikVvv/H/C/bYG8ADx1D/FQQQh4XAdFL+E4B9C3dzBvoC fNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn6/D9geybVr4Fflva /ldWjYUA/wBqWugOabCDxAzMvezOEFZVcBGLNVw3E43vN/doiBAX1jP/gL0PAHT///9uiow9CoAJ IIoBPGF9ETx6fg2Lx2oamVv3diP29vuAwkExR4C8IePUW0YOYW52UAZID2oBtNnc1o59WHcFVC23 MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZoBLldNnTL UM j0avVhB/Z2l83CZvf4Loz5+nj7Zd9vGgpK B4iLRQiLPYTYjX 524X9Ag8AEUVCJuf/X7oldCDmF8+XWAlzY/nUOaBhA36Z7n4AMUA6YfDidIQ8v 1s3chKmfLSZ4Vgx20vD+SYA8CFx0Dhk8kI2jpnt22FAr1ghqIDZ0KNh3C9+ASWoCU2oDNAJ/0znT HHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQUEBFk6xDf7sxkJWA+dQ//+4N9CAK4w5rhD4wZa88gdf0+ mpFiLB88NZBX1i08One/dWRQC8RiaZqlx 2jFNsTFxqZpmqbHyMnKy5qmaZrMzc7P0NE1TbNt0nM3 09TV1pfbZtkn11fY2W4D2mTbb03TNE2Wd3NcQ3U0zYA0cm50VgvSDNJlc2kfNDXLru077lLv8Ibx bLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFdPxR1KSmDxgRW2iOVrbGOVp8h9FUI/ghJMl4/U1eLfCQM JUPDFy47+3QdRDj2sd6cdO1qEldLBhACXl9bw2ruhukfNO5oqAYTkCHpfoQg7FkPnJT7CM22b4xe qxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT0zQ1g3J2L2ljTtM0TWVQ cm9jh7Ox2T/8/XNOlB+RTrbS TegpDpAGqV3rQIzQM09Nnxz39vutjB9ZOT51CwwdiiZZdXgJ2u7fb2XhDx5MBR+sWVkGIVgmFnaf FgCcjx2YBXQpfgjfGRxfV2gcMXgiIyO wD7fAdrv4/2pQmVn3+YPCHmnS6AMV/9MZPAWtO8nBLRt M QRgERhKctXB7J STr8pBdL5gjS2bJG2i/AWyAC/iV EV+kaJUfmC25Bfj+DREh4LffPCwQbqDMVY1s JJBMxABr21oqQnjRDIFgGNk6tqewGwtYEngOrO6z9J4YEHeoZawRWy/9uqwNpOxNrIgCdQWEVPZv W/8DyPfZi8F5AttmUGQGdgZmx0UGyJHP3QAMYgB1YgEMdv+/wNsM52o8mQn/UlAzwIXJD5zAjUQA eZ7vwitQIUVsBGpoYJqna/9i/zSFGJBvD2ZkA GYWPm5ojBKzfAMw3+1mK/wwX4PFcMOctKNosQSf feHfw6EFacD9Q0cFw54mFWahaofwQXgblMjB4RCfM/4bX/rBw4tEJCHrJ YtU+ovwhMl0EYoKF3j7 7wULOA51B0ZCgD7N7zvyCoA6Y9vtC+QJQIoIGnXVwV4167/bzv4HOkwkCHQH FvMFKg722RvJ99H 4 wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00QD7Y4AtetsYED RleJqAVZQ9pS+/1CWV38O8F1DTN12GOS bN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3tn17Y4TJCDoCGEFC6+1QAQIv/+LxCivBNydWV4t99ol1 L9Bx4fiAP0mESCtT1j4mD8zS3dyFMQoW/EYNIyPueeKX80YPvgQ+yhFZXN/a/28OiEQd3ENGg/sP cuKAZAolyThN3Pg3E7eJf3QWxi8QQI0MiYA4vHMF3h9MStCDF087dQFGGSd+N96OzgBUahTvmbcT Tbj4oj26liBdjhaL292IGesWECVwRLm1pQiQUA1/uBDuFly3/9ywi0Iw/CAr81BhB8/arvTEO/Dt dFEr/tm/tQPz7hw+jTQIA/cai88ryzvz9Vu71I0Vcxv3hX4ri8Mrb3/7ticDL4oUM4itRjvxfPXr u0H/hb7E9uXAfA8GK95AGQvoSUh19/AtBOtmUEYZUA2NPCy4zw+5trae+C0Ar8LWtLpeW8v4nTuG Ni1dwxD7IvBQP1unaZp3aW 5plvW5XC6XZfZ09y74ZPls65 UYcvpsojmVkuX4ZE gQaLTgpaltC 5Ro blhmjevHYO1Fa1GsRgN2my 22xkhW41cKxFZWHJQlSlsFCAPXcPe2j8AR wfhqBDb8GGuG7cbTPvwE u6JRKxDObG1s+Cw7IRKPNXb7sH8v4GoWUCwWdXnj4McYV4gbgFM1UEUfjtObfimuOXXmdF/W5gp3 WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz+XvnwVe4aiiKWih1Hhq6/23MOMgDwTvHdgKL+EfmXzmC caEGwc1/6wL50tsvnWBRgPkgdAUELnUDB9KlptvxDjPSmnqVPAINbWNjgVX6+TvyyQKO F/7/QAGD ySAMIGvJ Go2EAcX1oT2kAmaO/28bJcgwg+EHQtPiwfgDioC42+3t7f8i0Pb aG9L32ovCwz8DfC4E Bn8pJZHecO5r0htJRdNUEaDPQ 0sNjeyKjDlnDWQJnNpuPUALfPK bkZiGn hqCflNkEMUwOrd4DMkA /I5jG3vWlmaJFmb0FOLNuTBdDALkinW2c9t0DgQ4FySdBgYIb1xoTgp0WT Q7wooO61g3SoYJAeis DDhnb ON3/8gqy4iMFQw iQjvYfR4rIbwNrf2lW+4D2IYUwekC86UL+LjlkvsDA9DzpJ+XOy5D BrFf oy01rKw0fYCkM7fCpRLBCXINt3OENViJtn2nRqRGDe0PBttiYbkMQQLaVnzjsx3IvGjJXxEPnsFe Gl+HGgR562UtRh23JUrw6EMEl 2A zYLrdMdc2djU7Q30w/2/w9rhhBDDVUAXrDkhAfQZvY3uJjYgB 6wYPBgD8OEjfGnAxlDkMfMuLxmJ1vFs3UVn4ricAYPQ7ttTQvkh9a4H+ueFfxQNV9nYr/BGF0nRK yE8XQAl+C4oTNvjS/4gMPkZASnX1xsMuRusnlPyOzbFgxgKlZgHXr/2dXIVnpSX/PwtU9o3GuxIE fKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdAXnQD9/rEramSpxrnMFBbzBDOeHtGrsj2sXXoXhsoB Vrp r6BqDFgNyyNw23hrPAL0fQc56RYrdb/YhaFFU3KL3lApJoXBbvCL2Fk7F1l8H3MA1G1b20YKA07W wTX4CAZus4DrKPRU4OsDOosOWHAvtdLJFAHdeAEZ2FwQvdzuonzNEmFgfwmNQwoaFEzX3jWcAkne UmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3Wy1hj0vDV+g+f2G+AwNmgCSA+tAxIUD39 viF/6vsdEMY V4xAU+ PYtZVFWYvh5BR2 sPCw2D/s74MgLGm6tG3GBQn07IkB+otaau5uO9+MIv+zFf1fz9ETRv4M R1NVa20eLMHSM+1mEAXHQ0/4YI9Sfdg73XU8LfG5tQILdBEzAZdQEa4NNvo7/YnRJEsZDmO h7quD 7xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+VesBVZvZtCREEAZuh+EX1SgVRvOFjhC2u7u1at+gMF5d OFBVCjxVBnVvJ8rHZF90JEBTRAg/O7NJVDGOXARVUxvPVip2Vchupljoct9s3YXtLygnNDvuD4Ys B/tLS2oOAkZXg+YPg/4D yuveVnMhAf75DyAahF/MbQ1ziA1/mfR9ZW 4zsX0qMVmJjSTIMN+Sd1fo liEcAxgRsRDrBPxntu4l4YO/CjcBNp8N3pwsTQgPkQwDD4KDtyPh a70ZVfTwcXR2cXuPdRVW1YHH EJjbiwdrOYLUPRhbPMbZYrz1dolGcQeNbsGL/UCSSZdqJeErXBJWQ+tyGw7rFPYciawmBgc5x6+j GCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg2y7ZHv8PFAoUGiX+H8Q ILw2LhLbHkVOehS5kZZEkeVxE wYvR6GENYEsauGI9/ntdW4HEd3tv7VwmA1hU+XIreHahrs7inBYRAiRqZDdytQ3NmEaRfNY9sSc6 uNGur77QLVbkn4SrH7U7xVHjO8V0USG35CRo7A8iHBZaozQQNEkPKt4Nu UrmX+jrcFf3Fg7fOsBs HnReU7uDln/yAOEFRHVKU4o6U77BXRh0RxyldI1GCGj/ODxdnyt3GKXU7Vf9sJXoAgOPN+5Wdalb z6KVO2z42lscU6AL1mzB3FfCkQVzyc2agAfFD1HRAK9lX034yIb40gxZf89CvLIdo74AQDHq2iLY 063O9ARRLbynEdLXT4YrTiF3/9FoBU R162GNdwTRWGo166RCVzrkwpJWjne2na7mgBEK6JMVo9zW eGRMESiLQH1JABvW0AUHo3EVtY1CAxj4gRkt+1n90wRrwFgG9Zv7leVk4Tr5g3r/dGLR/XYxLjEt BekJ744MC6EE+cOLq6ltRhe2+FdIgAOA6tCuhS5AMjyuu jNIbYd0U2cQXiQBd5DBDwwzig7W9G0c YBXinVkTH2x bo2N7dcW7LMAcDNvimc0wCB0XRjI3XOKWBXXj2Ylc2Tw8QL GSy950PyhUFN5/Fax3 eJeIBCtDWTwZFrrB Sr1vQJg3jFRrie16T/kEKwE3 IN2DH9jrUMQrQA/CzhaymBUqhQvdjuQrBl4r QNxLJdy21XmtYSsVi4OzwLY3aBFx9+s+PgY9Z4kjexOKBjwbpitqsneJgOR0Dy3NWdd4 DdC2ub22 hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65JyN6d9tILgdzP7ZOea/q2vAuLgFc7HwK1kCWHBhGvAP2 xlHD0KJBI42UBguw0LA0gEYnATeyIN1lh8aF25mhhgYZiNy7ZeEDQ0cON9kfA4AjAAzL3x02MDIT EDyNRDcBgDgclUFOaMcZ EAXtgW7MOvDmNesVECeE2DZcc8cUJoTeaqO2UUcPlD5VrQQ3akld+iVw EGAwegu1+Wx6BQtc+12ice1T RcY5HRKjdARwFsqGBTlDNffRC1up6wtMB/+OEzw61rol5xwcSIQq f+TivXvwGFMoi8srDRSs3VvQvDGjeLJJjO8zbre5VYiP5ruAE714In4GbvhTi8WLz1oyQFmJLnSx d2AZeZ0YlMQZzT0yyAaDKn9+Fe6zbbxS10 oHCQh/2e297HRnkYoNYfghBdFye+sqQSC7MHwL/Tl/ xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3+VUVgr+NfoIMfrk9DDLrHWef/G2cIFUVBnwJPOsHCEZq YQnHfeEHwcN5XRdMmcEvASBg6wWu0UtNohJrBjrDogoh5ngWvDUBJxTiH3TIRszAhINHLmzC1EaB qzR83pxQkNtbGOkXnF/iuA5W/0YXzKAwg9rixl23SjFI+5o5HhrSr1Cp3zidHHQet5gJWoDGs0Et K85 SXI0P+0I3R0A4BPONhBVDJ3kbLNgBb1lAhffEUqurAVdE+M8WPxPmuqsgwK81R keB+2ymk/7a Kaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay5EhkE+UTuhwVeiSEQm7mdnQzRCyR+CyRE0IsGRBGUXv6 0AKd+cswK8Q4FlD64ONWecpR/GsOU4sguRMN3/j2jwJb6QNIefAf fg8Dx9pAo3YrEr7IdcjWxe6x VL2Lxz80RRKyCsFRJDg1CqbCMBO8AiQOVR93ATbRPSd/Eg2NjbWlYOC+MsvVKOLBom5H7Iyzghhi 8JOGVg0e3C2LdgYLh1Bobhw21 4aDWsjixMcPpw5qw+It2NlEPes/VxbdYhjwg GYFAJUcAYqvmbBL z4gGZIShfLmItWgdJIXRZehQk8gEeVChsyQNeP4NUB81C7U8Zyw UY/47N3sT8in8/GwwEv5mz9k8 LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPIIFhfONwRZSAaNjDxaYta2reuIsISpzW7x6mV5mPkhBkY+ zKYaqvgshIwyzAbELpUcFPf2Kj717ruPYnQnQTvKfPQLaIPACmCk+GgtDAzn9CZkqH81UkBqf1AQ VoBQZ84JeC1 Qnu++w3chIlZjLXQjVmh/Rwvu53u1t5yDxXj0/pRkwRU4uO37EO0rGr4KizbX6HzG A39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1DjvzSotWCDtQCHMCeO7DW60MxmPmgfm9fgk cWsh2/x85 XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxOZ0kMifD2MII9T/BFCIlO9GOOsYmJMbg1jX4Qx9yzp2p6 /x8m/3ZCdZOzPx0wCFlFV18Uz7lIzk Bfp/z0eidqj8Q4cGT/QATomqxRpcYv9Ona0lGzYyPxqANm IBs4mTLNPXtSmQlXaOvfPVTJQKcZvHQOLIRXwkJFx81KVs4s/JjkgICGOW0TWS0Q+zW7KlJZYoG3 V52u1M7OD2H0LsbocDK1q+4fBEhxLpjOUCgeXgkcvP1+c2XEDA9WxkYFAWPBWaP7a9AJAjQyAHYH NezMasFqAcAPU5NuW8QVIH4sdSDEfxdtlCu7uTH38Y1IBYXJb1To+nwOPSA cXgeD5DfrGiPXUtuL TgbGaA81swSu2il1tV usjRjroF12iX7roWoF5Q33QSPHBMQ4Onaz2xEmHH/jaKzAL2xs7XaD/wEP lO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg0A46CH4mV9j+gkgBO0wccuUFV91C9A2i2IH7oB+yGUI6 Y5det4F9gf1WeUdX U1n0UltTiP9mO+FUO/DdVz+hKRoIcgpoauky/NTqsAAyFD9E1UmTu0Q3StQl nBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD+wMG4 YQ2nucs4FF EYn992Aw9UHLPZLNqZDJ8zffbjKPn o5AElMO53hs8wCGkzDUME Ax/iTYAnn4Wnw+2CIqJIGIjHosVbQKICI vt1aJAfzb2OXUMG8FE/+3t fIi/KBYhW4ld/Dvef2ahQjTa2MYrMBc0+MmOW8B3/NQkOkn/N4v0VgjXqlwtGQQDxq7E7hiZiwce O9hPcduSg28TK1X8A1ZLA0krJdr+ rtbKCYoZi BhAQXv3RzJdYGsrWwHyi18El6LROU90da+ZD45U +naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhsX2Fe/VvMCHCb2YjTfTjWx F1q+wuNjV8BT/iNHv8tvHVd NbMVhVDPfhMERJYcFyqvlBAX2cxJXagRN59/7bkS fSO+Ec++GRQwgL oYFkBZfO3rDrcaNekUMWK3 yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wGv7U22LshSBJP2Pg7wn5DteJN/DvHfj8rwQz/B3 w2S22x 0S8WA847132sAY8V0RB8UxFCQYH6/lLpHkj1WvcQNzY7W+bCl8uL+zt9DIwxiYs2d RJtQl9oFBFo EBRYCLhALVbAg8QGTXW1PuNW6gDKSQAD+oDXYLAHKHAo7G0dtSjRj5p7V84Pwq5EE6RTTRVRVjp/ eyvR9J MF8FDryM52BYvOiQNKfXMiXQFN9IhfpjfCuV+iPCUIJog9CIHfWijK8OqBffQAsNlGoltw dxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5X5T2RkMfsMwix/fGH7lT5YkyjGju8WAygMx8I7EVzra/ ZM7PPwjGcwBviwMdINAfDCyDbFv vaPpEYJ74DgwWKpWFJAS8RZ8tKyg7++QDW+vYtttv/Udki09g MXZV/HA2bKNaFNtVcISXQN zuKgdNa BfxcyhORH PUUv0v3BQ+iFQF4DgcPoJGPwzrLt1y6D8MMdSD RXCCaaDwRP9NbAhWLA83JtvJYF8J ZI7rCEscYGu1ge6yg3SB4TsY6zQBfNAOYBIwGPT UWmVZli0B U29mdJZlWZZ3YXJlXE1ZlmVZaWNyb3MAlpNlb2ZcV1mWZdn7QUJcV0FlWZ ZlQjRcV2GWZVmWYiBG aWxlUJZlWSBOYW04SMFGL/2WdVEBuUWu2p3M/qeh127PzMcCGZDMQAMWDJkV0PZ6rSJfGNA3G+Dl Jx+czP4+5llbxwWI1XsI97AAGqMN78D9JxCDfiAoD4JqWSvJ/zh Gt55oqywgPa4RIgYsg3eDUkIV yEAJKvHffmvoE30HMsCI4esejUQxLWoPDfiSNIXwCSjlo3aVgIr9d7k A jhHYtmBHnwoJoM02s/H/ QluKVfE8cHUSgPpsX6sIaPy2v1miil3yPHR1Gg94LlgCVP5/mw5idUc62nVD61I8aHUF939rL+t4 PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtcZHUTDWJ0/ca75048ZGI3+3h0QDU8d191EcaG27weYXUM dQefKOucLOBDqeMafmkE9hb4OWT6GX0sDRv KW+/i/UfB4RShCjgJweAU7XNILPwNFTlOIHcz6wuv CHyZKJ1tS4jGdLU6dap7Yx2fEG iYvA4CdQmPX6ASY3DqXJ5lV07YXLCL7zv+qT4Sc8AM5dxOWTk1 5Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/VBbMWP4A8OFz5GTw7EGcOFV0ReB jJcoyTaEBrpP1WfbaV KvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP6xEfzoqPmCRrrNe90Odm23A8OxsI0QB0rswwsn wRCdKc D1q+UTbZxVC+VFC3iH3JKxP2pcwgag27wIRLKIkMSCJB2FF2VkKpSkNIJ1jhF7G11FAtWXkZ+Pig sbwcTlt1ygNOGUabtBivDaZpml5n5UxvY4KmaZphbCBTZZZlWZbwdHRpbmcsW0FZc5JUZSyb5bZt RtNw1NVy1mybbdfXB9h5StnaSTrb13Vd19xG3S/eG98P4AvTNF1d4RPiTOPk5agddE3m52LoRL6E axOyZeo2TDkYEh3mg8Pd4YCwfHtGthwALzR MZiQDchnEVExM0CjBJNdF2As77EaB7FAx1yAM4ZFs GtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2sIizrPwlEY33JCIWip0Nx3wnTZ79iA/8aQ97tmODxg5D Wd78LR7QIlA3Kzjowk7ZpFbnWjtZ/tX7a8QPpgVafrymb3a7kBUoP/QE REVFsP8FsX7YXxpoqGFR 6+ihhCyfFM/SdT/C BBT8AcMz+v8LtcndvNFe9sIBdArR6oHyIIO4FrvYFk0CCU4LFIj4DvD9wPnk fNuj QV5jtbqCr4ELb4hz 0RnBUooE0Ah/oQ t1chS799BrihYz0IHiCv/tA7 XB6F0UkTPCRk916mI6 gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR6QgFC8HNZldw7N+e8MYHZokBcgrcBwqy3Wz08NQHbPCD wMQyBMPINd7yL+QnZULtC3Dg3VYA RmpCLiDjMirU9Ws7u//rHSt0q17fF/xU+Pt9+M/RbICzF9CO eRlTJaxhsHvXPMpRPPUuoycxfHOgv6EvFl50Ix3tV86tsQZkVtOq+I /baWuq/abGB/UgJAI9Kssg QAyEqZZnuSZ99NH+yf0OAoWgHggQai4EWQ7ZC4gW2Jv4tkS8xyRQSwMEBMJQbjPdDSu8CgAFjsG+ A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeWF7YsmO1uvCAJMMYCnxuN0ZgW02VFykWcbZFoawsHEBQN ziHourIQoDrSA6Sx5itdDx5QpUB41GvOnbamArKKHjwwBSjEDBW/DVQcHMVbyx5miFvMs/Asnx87 h4SER6Zi j8YxWrsNMWIzaRnQpfg5Tr Yws8DAIysYTNWy6HwtMjzPhsvCHYgBAhKMFKwKcwFsCK5T me6ytcZmRTXYBQYvoe02gtypLgfeK1hdTrbns+AB4gHsa+TYiNGbFZKoBCGIPGd0PyrGXqcsOMU6 M00BQK+aZYhQvEdFiUvFEmPY8bs InWwFXYDHO93F/5PJoh8IB3c//ySV2Vvn74ZN+ugmRDZo2AYv aMjn5+fnKGi4IWikGmiUE2hwFbPm5wxoWAVoSFd5l0W8YxBoRBGQA3apSzzqLhFKNmg8PYx9dnIs ICtoaBgHjVbxrBCQBoHDpjuYdC9ZUxzbS9AomeIFAWGOF G8VpF0YAX4k3beCkVreO8p0CCRBok3W NfQDWZQFQDfZf4QnA4XSiVX8fhoZGhcPfwP+gMJhiBQ3rfx85saEHkdAs0kU3L6QpFW0nyDfDZNW HI1wChqEHaFsIItKHbd6WqZpms4XA4iPlp3gTWSapKumV2gMJzRI1W3KfgRHGGtbx5d9JNJafUgS jZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOm httQ5hYwbwmBxojhJcMNCB/ZhkhNv1oIfUAfhBf+DP+L 2oPDIdt+HR7b+3+vlD5aRzv7fOOApDcLeVuGv+FvNWotR1i5oCmDwQgD+IsBdf/G+5D1mff/IMxH WQP5O/p93kH3RjAMxagqQBLugzzFfQFo9DYgFP80xaTpgsTMC70fWjKckIOk+DIAGeYzIJf4/L6I eIUJk1dGIW0nFIc3A2gEJzvxEFYPHwklUHwQhRBu2u0euyMgEc0PfAcNJBEfWUOM+M3YNgV9UXLD mYxXfQ9d+oPHSp1M9v9+LCw bGnmxh5c3dTMIAyDrCmyUDN3ewhuP93zUbB4LaOt2t5GNlWMCs05g alAdycmFRi0wGfD+ZORl4SAtRvE78jg3D+ EFNog0GYMIA56PhCQQKHwWFuwu4TX3JBYSFXwNhgxB mBwbGJ hBmwT rCMVBkKAhsCDt0F/kLuJ0IRlCJpNZBLavdMHEDmWtVhetnibQZJZWR4YFFc74/bZr w7MWhCtEG2gU0NA79Tq88GGxHVs2csOfA6sFZ DNmalWzsU7fCapZ3wdjS de wHmgwxgbdDBKFAef I EICmqH8knM4FBqkgS30HxoZrv59/IAGAvqhTV7usdSQwaGBjP8fniFMzX4jtNrN96k8m9VI5efRA qq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r7xFTWAuaHd4qLBb7wuxsNhT6WRkaUDMHbW08cPtUrKzU XOaHAvh6k2cKMqkGtHtyBanq0lfaUfcMIuSC339RREaaeuc9Eh4w17xEnMlXBXshfhhG1LRQi354 A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5W3GCDOwerRboZDAD+Ghw/7Mz hN1Ude17BBuxb8sHzCsZ Ag9oNCcmbHDgay52I1/eIgb7GawVKA1oJA4gOCHYwJQI/FAHO9BLhEfighAPhcKEGY8g14QvQzi s V2IyVKYMR2CYUf5ckd4RbMoCCXNQSH4k40EYMvD9xmYHXl4TliZToMloy5fzPGiQWNKdzFBoEUdB GmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiIvju6pjOUnrAG6iB96EnHJ4kD7IE7r30OakOFs9+qdh7r DlCwwxaMExEHgtYAbuIl bIAmAB5Ut/8C8GZ/YN7oRHQ5SEh0LQgOdIGwQLQcBNC0H+oCn8EKzzDr JScEUSH06ZMvw4HBoOvvMK35/W0mMYgWgGYBHwgCz2Sd6+X taXQdBHR0EHd1XtwxI jgCt4LH1/+x iK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm3npIw20naEzhVhhfT1AJ+m9T0WfrheAS/yCKA0M8fHQe 93Qa4vylnPsWPFx1HBIKaw+IAf8HgP9gu1R824sGIJNdwzx79pvKbPmLvYvTRo oCQir2se6lAA x0 4jgJDXXr69Ul9AZto01BUn+L0Ukd3ErUaA7nZHXSF847+8DgRuvLP8nrJ26hQG35sJsI6 xk6B4vx 9pQyddt0NwUBSkd/1Rx3ndnR9URUG8PpCkk8JKVdF22SUAsPSYAh+wn+RKk3Pm9TQv83x4Ypih0B Bygz0XdAaEcU91u4C9l7pDmJUnhOPCBykaM3Nn49dD08KwM8YzU8fzOALaBxPIALQSlksm7REAIO Rls8130h2qd+xgQGDQZGB5Z490QKdLIMX4AkBlhjkIOkaQqgCkGSAZmooAjbaaKHW6RaUBghajC4 YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl4mmkgG6l/opMDbxfiAr+D3AB6f73X3PB4QTB7gQLzheI SgGKSAEYAj5blmUPAgZeGQKKQAwGt98V4D+KRAUMQgO9GCKxFc546wUMLMVkA4FXLnANgkWD6Hi5 iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBXX+itNgJc6Fw5KZMhFsCZnzWLRkJK8P++ /gOKhAUriEQ1 83W7jVVBemeqC45Wl445uLgHBs5LatcwFJAB9BZaaNR9CTmX AxgR5nZP3g0EfQ0NQwQKQwzrW4vW +DX4iAxOZUudTKGIudhyDR2oIDaGEF17BHKe4G1XnwG78Cl EVq/ndCqIn22DdqNzBN09CAL6PZ e6 NQRCdR88AxMEpVaJhnMM4RN/pa pCOWq0wVx3N/rei5y3tMCNn7TQZWPlIOabUAW7oWeMcQ9SD9go UATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cNVS0Mqij/t1Vou1aqsaAW1ZUbwIHHEbAHGohskBaaje0m RxxoiBXXGEOzBsmg8hZ8ti2sRBAzT18nG/eAjiKaWU/t/G26KOV4i7jbaPApNV WzA5KxWdOit73N JFcF8riYHUGz 771qGlRXCslGr/tBVRSAjCJSXF9wQUy5UtxffAW5UWPRuYQjVgU0UeYm63ZGaPir V1YYUA0FHOBhtGkzCUjI91IVK+TzDnSDEfjAw1NIRbnhon2fGgGvAX4IRQcPjArCaCR3wIob00D4 j4mdD//x1LKxykaaRn0GibVaCTl4G94J+3OhDW74fUT4ib1E+kLsO3PAH15ZDEELg3yS3QpL9U3D jbVP9KjEt6vdXnVzi7G/AT9FuPfgAi1tBZ8jYSNorQcMEwxAd7vBSfUVUA/0IogYTj/8ZidXvgrO WJEtJzidJ4kj1Or8cOv91jldjsQXbDcJkOhY6xiiEpTAJjwhckHD ChkxuAA0lDhHsX5yVtiCFucI USkOJsIL2MUQOD2ZOiRRbqG9v6sF7AcyRSFipsfeLnzqPWQUnEYBJ1X0CNrBgNJ+JRONgsjWJA 5Y MngJV4MUM0kCCnQKAA3ApVgDw9OX/xxA c9IUVJaDyP/rrCIVpfeOwluLC9XgCZl2PzBFGzmkYlfG Bz AfIlrVgJr2oMts/EI/wDvwVyJj6keWkW0ICFoMUR AP36D7zY5IigY8DXQMjgh1dAQ8CeZqiRIT MOtCJisRI8wq/jQlmg5uYkYyPjw6kA0K2gb1ZioCBBc9DzhADfQliTiEDf/wEHwi2s4mSc6IED6B +Y2N/V8xcr7rAU6ApBIAXcy5UAf CFVRBAP+YobXo035KqQ8FMVe7DiQ4MTJHDbt7lTg6dWEe8CPF ZKZGD9wRQOyKnrlG 0soBRnTST4mmc01YFsG5YV1CH8vCHwpCO9 d86nUMAihCuvbXdR0L4zc+CnXx BQwqXWqj6AkIMA2u6wsaYmOuIAscBwY1DRzRFlRWhUM0UA8j6sZOjQrhDTbSDQCOkjVj/YVquQ11 hPNHBIvCigrrH6Qo1C08Bxc4PHUU/KxtfBI+H4ijFfGAIgAMgYEg20Y+DGLjBqzwdDJ7E CSEaSjQ UREsBjFrGHMVRMSv6QiCRL9A6zNuqcZKUrKKlCCpvtFb+foJdRNBBzl/EoPSjQSAJvy/l9REQtAe MH3pgDktdRlpHdnUo/pUWrR/toAGQXqbSL286NQsclM5QlAWMF3cKqC632zkW4VWG0NdMSf8s+aS Q4wQLhvqP QFmJ92KjQWT0BWOeUkHMQBcgB8S5WCMQ FOW9P0jclWHar/lYrKuB9iD++T8LYuCyFLn p 9ZTUUBfxw8WkgEEMHX4w3lhzQJvgL54WTvGWVqXPd1s qxPPSIzjZr8F63bfIE4xiLxofARXN9ts 883ENHwHPSt+Ly smeHm2kTxsWjwrwUWT8I8xPrvVGmDNt4EOZDZUUzRurU5zB7+NNvoAkuc7RDEx TDyyz5w91 QAszSU0ILGR7lnhtQCGj6oiCwYeW149NIxqi6pl4+PQ6w3WG5oNQslob5n75/h17Ajs R1Ho3Q ZCEevuO8IBAIMHLEQRDwGP05uhcpDPBRMrBn7RicgQZ35GAknedUXeoCoFaCwq3xEO2Pxq mXwfd3 0Y2iRga9Y+iBM OHvdZ4IzohK/8qsaUOIdRQpEk/tOFh0/puOR2UIPYKiPfZ0PA3K6wKmio UqAtTJpjF1z/mDUkF9CCBumf1gGxgLMzV9keB2NIyUph8PdBjNiHBxAQXtY4+LbIRN9XH9Em2Jms FZJK/LPnI368 SHqCABTcKNFkAXvscgHf7OnS3FefOPC8Ao96fec+HIi+uVScW1DgdCtqGS1yBNkO 3OGyuVSYqt6p+F39sVa47Qcg9LCdS0TDHqMA7/R1GLpyAI7KyodVGxaAK0j/7zFe0l0nWw+U9hQD KiFwWw0MS1bsPUWQkwPpUdAM7OYC+Tzs/Oz 8BTRtHmpfu4RAV9XsXShMjNacOnsIc8nIk/DwdCTs DMT/JUvu7HREixuF23XHIdSOQwvfHbpKg+jjQN2+qkJIdDgCLkjbBAWLdGb4af5yox/Qhw/T6yV+ Y3NDGLLvXSbr12jsBtAm1oBF/jWxCAB0WI2nZMAAyD ecL/feuXh8Dy93Yq+ApVA3Ti2juyRgj1kV XeIHno7nQDPXj2iRdGD3N+fxQYiMBfydQD33cxEANl98GCSuF1egHtWmjhmsqYltR4FZIKjElhMk DCAJAe8sM1hZkbt09oLbdkIhinn7EdhcdBUEbPG9x S8YxoQFIlwFBU+zzwFDr1w4iwgbyGCRKw0A f1AymMDNaauWw Uhcv2uQVrniQeIrktmrDjFWwpchGFbNgBubyA+GlQE7Y2P kJp8ZLDcCMcBAD4CP jl8RAA50mt4f4HeqRjFGZlhCYIdJqsEVjhddqvM0V1WJ83XOEr7nUjaLNdZN1s2CTUbArVObs2UQ pexpGtPxkQHr+HRaAsDCecKGvlNRHY34ypJJmu7rKKFT+Ajk5WxYF6Fd1jldgssmVc+aWNqEXSSU lWRnv5qF5irlMLsXBkORCLbNvajzq06oV6oNmZAAAC869qVXmCN7QDicBS32OzNIRyEkNqcUPLM9 zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTECqA8gyCDAfERwCMF1D xY7dzb7 1yhj12N4WVf1NVA8wMOK Tf0QK7ZqRA1DgAv6XlZb/KjALVEL17iCgWItchAOFyJRoVXdZjonU2YWSg0DJWRMH8PwsqCTaOAn aiAnSNYFYwBdftyivwCw0l+Lz/fxuHMRP Q0PSwAsuOBahHra/LecIzxZIQVzB2iA69xdE96sXDiu UHMLWIS7CzlodCwlIBpn V/J5PHMmJCcyNXCJkfwmJdwlaXDcADcbVHMGYDV79th1BGfeaGg7LAnQ GZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0pDINBcioLMj7J2ZMechcSFAoPg6gaumYoP8ZH 6UMcHkLe 3FmKAjho2Cs8chO33XZKc2VC0DDrQT8HA3t4JTdIa Jj39zYEOGM7u2zrQVk/JZRY8lKcwGyQMxgD NAQCd qncaEhHV0tQAyUiDDsDGJW7RcC+JCVYETCkahnVBQP5/TArOCs4zSUcfYD8/gSozkRgeLlN Dl+fVMIFsv8l+HslAEVhhgCyACeKIiwDiBKmaZrmUACEgHx4dJqmaZpwbGhkYFxpmqZpWFRQTEid +5mmREAACBUHA/iapmmWFOzk3NTMaZqmacS8tKykpmmappyUjIR8mqZpmnRsZFxUTGmapmlEODAo IKagYaYYAASaZXe6EBMIA/gT8OhpmqZp4NzY0MimaZqmwLy4sKzYpmmapKCUjIQTXzRNZ7aXEwNs ZFiapjvbUBOrQDs4MCh/kKZpI BgMD BvRQUJBeXbZbQBFA76++UEAA UHy/+4qgQRPXvtPQfVIjGD5 QA37// //FSkoMmExMy4mMyAsYSIgLy8uNWEjJGEzNC9hKAIFYP9/BQ4SYSwuJSRvTExLZUEA+yfk 7REEEw1AQqFBTkBKQEbM696TZmFRMSYsAzHdkG/2BRdD9zxF7GwW7M EzHgxRB/a37A0GAE9FQEEA m4RPRRQRGXGoUcQj3WQjyqEncGGdXNlg/1snAXNI2WCT3DH8XyeiEUR28gD+/4+l4XU nYE1IQ0gE 7T90JpRCgmMC+rI0N7ciVmlnTL5e6/+7/98ArTgzC4ADehM4quFOvgBGCuwfkCrZB8BB//3//4zH 7wG4y6Noe9/++9VKdlcSBiStT+sjqLH8zBnn////Duw+7wvaYBqRk8pn2rKW51JJ8Cu jUI5mNWDl /////+pBeFzPqdQLrcyWB2tSrRJQQplEiL1EqXm2yNO+I6L0/v//P0D3YW9X1C/bjEwPeZygNA4h XbCaKiQzLyQt//+FANglLS22uv4+zmNkMmNGZG95a+vu9jlvZCK0hlY3OG8tZjtV//v/fyIoNSRB OeUrlhf2hqmaMWFlr49W/IDuTj20u/3//2uHxgZSB3HpQNQHvJnZwSjutgXK8Bod/5Yj/////x3I Y1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGBEBsfZ////8/rhveoHFFulxJVBUPAp+CZibqSpqeMoGCX Rnb//1/+gsZMlLWsVbe+Gw REqKLoueKuvZhDxssNa8wD///D/3i7vsC3MMZjINxOLE15pLwFq//l 6I6fCiEK/5////q3Mf3+/4c/2mm7ZuCrxHGulURcyUV4kZWYpI/8///Ymqe5PeNeJBfthQVjaLXW vmsC5mLVeOHS8////72CG Bok041Nzjy1rr6QHMXEDj/pLqGnbb9VAkD/////4uBQSQ/DPxK2dLN7 /PqTl mvQkseqRk1QV0RIT1VFS v////9Rj3WcvlZHS05UQUBDQkJFQ0BEUC/EmkRER0Y2bkAkNf// //8fmre3oAgvNSw1BkMCLi9JIk8lvqz+oBI1IAwUzC1lzf+//f/ArX1EdhIXFithGHKB9xmxzPz5 vHtymrLqh8R0t////79IQEd2uD4aOXIPwWRByocSao YRzMV8eW6W/hG3/9b/ygQ9vjFFvlTFUUZ6 gsgELU7P/4 G5egb///+YG5q8vz2UzMR5 eREp01BjabrQbNlQbmU4/3/7/8vNRB22np6/wbgdNbpu NU6HxURjHcndRHhGmv////8/OjbKfGFoKyQrOUK+lsKBQiMlRiGs8j7KD CVO7okQDP////8pGVBg E4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip/4FaXRL/t/+5vuz6nP64KU6Oyjw9yBwl/0FLqlD/3+D/ HDGupD66 P2XKFKUxwqM+zM1MebrL1VTg////sba3N7pxUL4EMUMleEQ9ncxhEhARI3oq9x66/// / 39spGFkSURdQnplCIDZZPudOwY9hRJZcoMgeRSh5////b/iBU y0n8TYpdDcMR77ynlrEqXjszAT5 SVmFVVbp/7f4rVytKx0XW2VJPk68JimajbBpFyO//f9/ew1E1U7crezgWjoBrVE9qAcYEvJC7UHs VUn/////5T1WSz5En+flPxCcQS16Y Jif9odKMTdEykenLYIaatlf+P//UbhlWk7NlhX3 fJhxXdZC PC1e5cyXtqJNerf/////7uW4GOKdTPgd6dVB18p0eZOxw7CXa3miEccueSCUTXvQ////PFErUBh0 gy/KvAQVhgRRBcJGEZgrQMEsjOz///+/TUxbfcAnkQElmD/yeiHEgTVUK769FSWMJT0sGSlMv8H/ /5fZLR6ivoS/HxrChDWIgqrMqkvKrcKtbf//W/sGrTdoB4/RWXVR09ZaviBxSpF6ksgUuQz+/5f+ hkAWyr6uh6 hzgalQcRZNFkkU GMIMtb7CJI7f4DfNCva9+n6sxQQORWHO/2/8/8y 9JUnKRYB6A001 DXKTqD9QyjS5eEXXNUQD/////5c/qi8OPbJCdGC1xJM9TFZqxKyC vjWwRXo1kEU3YARa/////9eL GEwx0mwKP0lNTkcSl//4F/ErGEN6Rj 3YR3+5LvW2/f///4E9VywmjrnIRdgCw rpRLOUcGvQqrdG1 QZOofpmOPP+//S8zEMLBQk7Mwk/pZ gD2nCy6PCrKBnsMD33fWPj/iSt6OekRcnJu1tCBDBgBzEK2 ilX/////N3gW1V9NeHE/UVEurC6awXZNqLZwep c8RlfPfdkC8vT//7/wsz7tPIafPc++R9sy9pY8 RXcycrcYKhRpWyv/3/7/Sf9UV113t5WyArXMVXEtIVZcPE7KUMKARcgVxP+t//+ZfKyrczR+LUCV WlJMGEgrJ29ZqN9JyXYCXej////Ch0Z6sj1n4Gz59TGauWCFbYKwLif3OFN8GBj4Bf5fD7HEfgO0 ZRLKHEkX9cpxF63P3/j/F0WMvjJNSVNZyrnKxL49qudfOnbKD//////LBbhFYjLASloa0exARTLg QKiT7Lqcd073W2yGScX7RP////8JR00nL97qNX1IxP OpnX8h7+KTnYUDYU7DzreCHiZWEf////8m UssYIIyqPNgqnjkgGxh4V8 m9PxWq7Eegvj4YCMqLgP////+gQsx9UXp/PFLKP0UBjrFfPyB4eEnI PcSdeacOD4Nyxv////95nTJ0vUagr /J+S0c975iqURJGQ4OqUp5ZxR5JRKtqFzf+/6XhHcS3KhKq njVkZ0ahygegLJmzdf9G//8eCXkXL U8pH9ZfdXEjP2Gpu3ZynHJLYtH/ C///UE30m iwTzfjGAU1H NEWVmRnsLKjKiTBAVC//////NPfsXJ7ZcTVPA0vCuwKrXx9GqEmuXoEBqrn/dRbHSAL+xv9LjTFO aklYrkvRUx+g67zIPLEpS9K//TeFNK3W3Ufy7H5WF08Er8PZDLS/wf/SUfVg8yxOvcTV4sp7Yi34 MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC3bw5XP////9OqlNuMnxS/78xbGEpJVDGvSyzWFjFGr2N jTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq2R8e+/CUw8ez SHnwv8D/2TUJ/5V0BDIxtjCJfZEWFzz5 zK3///+/hN5rVcB5Lj9amUp6z2YrJX62sAUeMkvkSqzgcdWd9P///whDRaKC9+jKGmMlZWcUSj1l p7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5GcqzWwoq+eGkYP356nD1hOv//hf8N+oW67LH/DZn/Unn/ 9oEvnfTWLNgsuBs9Vf9L/P9wYL51sTcgumDkNEPK n0uXPYASXO2ANzL/v8H/BBjlZ5kWia+M3JFO tLF6tMKpQh ApXXnAe Kn0/7/go/ds/Z386cK/AXpHST9C////l013+ZzjxWW+BULCuOFPSy3+nVUR PBEferE/L/8b/P+xkiVeP3b6P2QYS9JdVOpWrrs+CjxABwS/0f//eq89mgLtRimFSGwcn50eX8N8 tzBQgZVA/4X//018fg2Gzj5RKdEeQKJ9L70p2sScIatur8J4/9b//201S9vNXZPuRyuvGEmNRU2J SUB0Rb0m0afW+v//W7c/YLpUEHM+21G9weVEvC8HX9tsBAF57d/4t66XlnDRgEwpbsmTwi83VyLO //8v9M4pU103SfRJcWO62MXscfdpVFHAg7FjU/////9cLPcTFwTelRdzhKnZKMKQAUAYr2Z8+xyB vxWeEocEhf////9CHG/WioQuhyeGNYk2iCCKpDP4VosziiSNHYwMjyyWbf/////WKI4ikZBukzJ2 iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL//+dDpyM M5o0ap9engICoTSgSRyWNd3// 79epWqkfqcX Tqaq++8qqVaobqsGqn6tXppErP///wslE66xL8kcsPe12yySdLRvt7Y337m42ef3Kv/SX+i7Uro1 ygW We79tegSB/kdPEb9L////rm5LXESQWcE5woMATzJYVUA0bqcsRDqIBRHb/7/BT2Pt2OyANOaB WUFJSTGiioHgJySFuv/2tCkB56mPloYTJCYoNAoybrf//+0zgbAHL5JKs7I3kSgiJAwm 2+cRMy5t vaH/v/3/Nnc3frwyOw34DKnGwIixTwlsgW0hVxuRxqlVEv//f+td5Ih+pnEZgWwstLw0SAEfwIVg giJG9r9uMf////+6K58cnQDIR44BHqo7mAHNoOJ4VgPIAFGBhjeGPFZoRf5G//9MX0pNDcpcRQte vN7CJ0lBT/ mhXjm6hv+/8bcqMZLKbO2qWTdV2gwrDkopu1o8Y3f/En/jHqGq9mor8kOjB3SUfZf0 WoUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis7ADMW/z/9m5NjhHid11TQw73vhQUyC9ZyOVh/3+JhWAM w/InniuwP1kzXPn+8qi3If//// /s41rMBk4mWXq9R49cOkkzS5UGyEoGd/rxmvc/yCBdJP//L/1R cq0GFElJDPZhFF 1lXYZNEYJxrdDsoGRR5/3////lPkgWm4HE8bGqxC4UL5mXmBn6aTRW5YPhVsHD 25t/gf8vS1G2RhrKunUCJT6QnxERhlMLAkn/hQv9EWyt8y7B1EU0OBRtfK09oHFGvND//0QSKVFY v9zsYJxeef3R33Hz9GX7Q PEtfYMLi0uAFVS7W4MHiP///ws2EsuZy7o9sLf+AILKu8qQgKFRJ0iA qEPgwtv////ghE3/suseGoAc5PSdvhilwj9NQTSzhgdNA5S aEl/6/1PsdyGnIVOCCj5Cb3usjoIS CzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4H45JQgeC7NEVYDc6McjiNET/////lXkHSWKL1JupaokK gu5r7vZTBvPIH/QOqnj+5gaHTrf/////eo4/RwqegKJCEpqR2Sq+A47IF0U188qKAXQBMqCB9Bjf 2ur/gybkiSqVhCxQYT88ygzAWvsV/////3pKATV6gz0I2RHROYm+H+j5U5w22hFVGIR6yoa2kYdy //83+Ob/7LV4xzxnU3ZRZj3KXix54nBHKH2AJvxbfKsqDE8Xi0fvUhhG8tgXFP///y+UBrZ6Fudz RgkWCHqANVBy4vQsSkqLAo M2eC28if+/8RcfK4MfRczz6uq+Tx4LYQqsCQbH/3+rf7rh+pFDeb+5 +Gbq1/zHKlA7OXU7EDmh////rWkQ9VVGGAu1CKzrLbE0YLipwKTnol6IHAf//79VXDVDtpQE9bj2 LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTVQKpHkIr/v/1/Nl0MNK8Ralxwtwo9rYRXtpNwh4FFCDS1 O5r/L9Dir1ute2kczC9FX4RhqPQLQvpv///Neg26mK81HHq831kjkmgfScf6Olk0rjdWf6MStwsf +u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ6h9H5/RQ/ /////NJptO8NpEkrDhUeaEngoovMhegFyTSq 5 NANGIHox5jT/xv//33hfX6zDV6wQFujZSjyZ5ffbudpNZ4vl9Jv//7/0nJXbyg1UyA2gz4tlDuWZ vV72O/fQmbklWYL+/6X/m189kWdcnfAekNgWiNDnJ2UiZZ2/mF4IX9Tg/98FkTUMFs69Q73qd3KI Hsi9Zvrf4C+uyeB2G3Vf+SvMoQB/ZRqSL////xcEPaaPXtSdUSFzc51JArGXegJKZFXm wjxEGD7b /0L/RqzztQvyxcMpeE0SWhH JP5Z20M3/////LoUjxUZwLYCnQxfAww58zP1H/lcfpEJjLCTKkjJs FDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU29sdt72JP09E0lP12xv9/9+mt0JbWEmDHao/4poUoxWR 3BWJFUdC/3/rbMgBF6zbikl6Tltili/M n0GJ//Tf6v/y0CE93ikmIQlDCDZNPw0h5AKC////dy5x egxRninK8aH/ZwZJ+lQ9qWBNXRncQtMU9Rz/xv9b0sDoYfuOOYiIcvc1R0IXwUEmrWvp/xf+OLq+ HDttVEjTXV0YORcXJx5VHcMaed/6/39DuRYHeoefHzlqgt dFP0QztTUF/D5+DJb/L/T/ZEgX3Bfd lRL2lK7q6lHcPL03W1RUGRdG/////5M2VHDN1uEN76rqEiYYMf0jzLZViABFF3f8NUgREG5V1f8b /ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/7dG8/FHNF+mDxq3LQL/w///FnZ8RiwCphMlAM6tEMlp5 KYYvS0ZaaovJFP+3///iFEtZDsyPIq9xhxOBWNBlH7wEzTFN5gsnLa6IX+D//59XUg40i09CqSTd OwfwGCmUzBEUY0rx9P4v 9P9BE+z0Y035hDjyq3bbcoF5QjVgAcF9Q r/9/7dDuFdCgssJvjHo3jvt TfdGh4ohQKPoV1/g2/8cTanQCxITIvcUjkTivWE4rIC9rt/oL/SAVT8LWbkK9L5Tw3tEqX2vL/X/ W/9zPUu+nP56o4Bxq lvLX1tSwf+/1P+g6R63mNhaiFo2S7a+uGFYAEKLdclPB8n//7/EoWIdhU6+ u000+L0X0NmxLSUZgvIRwv4F//8v9ZpVQUJ6QGIEJoYBUs0ePzrqjK5HSb+d+/X/C//ZTTcVc1HJ LEyqKfwW6uRBS01gn3tL////L7fZqhKy5OPXD6waxE0E2FMYPAWpjPzFuE/ZpEf/Ut/6RDk2U5r5 9K1liEG10kLkTmDV1v+t/ndtsInZOUPAVKpP0cqlqG+hTvf+Cxf4mUvLPfHUJr5nTUzJzD66t/3/ /6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+Kv8v9EuInnKfqlxDtpJinryD+o+8Yr/C///bSp5KVk6f 9GK2Sp/PnvkQyyrXzNmvQnz// 63/gJwv/rEYagxpK0WSr8pJkqFFrUKcwej6gX+D//9KsfNCJ8Nz H0DjbcTobkx6e2LA1xkBYrX9////T0dknyPoSVmZCsqXGhmig5pXvHnGCzS3H4iDOzSZ////L3R 2 AVF5LWxu8O8W+1HKgEJtmOQswG5Df oCjQq3j/// /yFMyDp6ZowOhKwEGHvpcQA9V+xGh5GronjMM kv//3 6pTVWRXEHGztMtVUMlVSQA8yQcu0zOz/41+68wIvIJrhLdaF0OCMmHHSSIDWv7/X+qtp+hA gFvCUrnh8ZDE+ngcMKLenjee1/y/1A2eD2q/VQvMNRBClstF3JH4v8UbnUvJRY6KM7RGHJ4JgHWX ////30FOUfgDnsRs9/d5J0fO615R/DBqptu9GPr5UvnB/7/U//yMkS4JM0IrORjVEDQ C8ZdGzrkR SlJuIHzr//8ZY8FqFc5VR8j1AS9TzSoW VAcaEpV6RKP61v9v8VwAEuivRElGdrSi+DagdIbiVhv/ b5Qrp+BBXCiBvMG2Fr8CuUT+L/3/gt9nTifgQ1qAwcSPzYk+1rkY2aFygIIdf//2/60ywKDE7DTe q8C4REtXJERXuSw8Ten/////A1ZGv+hRZELOn59Hsb58RVHtN REHOhk0PYIQF//hIxf/jd76tzRK SxgZ6x2znu1bEQn2HZ573+IX+ EQjGapOCl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ7kpPtXzH0St9m8Yu +v///5KWzEBcUVARbkURdbbPryxZkh9FTsTj6mpxGroP/xf+Nzl6YFPOrMY8Ud+kVxFtVzQ4ylEW wfS3+O3WHGvDdBEETtFYniEkJ9+n/1/ibywnYadLNhkZG8Bb4u0RWkBZ/YftW/z//1CJFExlnzjx XFQ3chb5K2nLPCgavxuDX/gFFvqNeYlbemNDK6kbgAan////l1VhaF+QKYzlULQZe5CDDv8j1FFi H6sbxEkykP1f+v+WQJCrjSwy9RFgqwS9drqunK9O/o5hRVD/rf5LZXBqgOR9BifAUZ7s4jc9p QnY +/9f+GoHzMMG8jH6nrP7RxIJa31HRQGeQorJPo3+/38svElziCe2mJoL9RorbLSTgxwDTt50/1/g /0g7gKr/149HXITVbCo19w3WeoVhyrL8Jf/////b2OXpl5B3iTlRkqlKt5qwnO7M1FflcVxjTxSp S8rcQf //wv9sYFzrkU1u8QQGDl2p/0 8BJzS64wqrM7FULf9fWOiztwTq/Rg1dszMBNTC94rqRKZ/ ib/198giCcZFmxOm/zEQQYCrKQw5/////zSo0SdroZ1K6ySmse5NYdV+bw5drPe01KS6UWEQHcuU //9v/7haCjfADqc0EwWoRXFW1O6astENrjyxc7Y8ra3E/1/ihofC4RrgUJq8t8dI+qAGBGhG///f ugWtnqip+fTwJh5IQ619cK p8kbcn56ytql/i/6UxsUJzDim4X6ruONnNjTUdai5SX+D/NzxzgaTJ BKXDMf/VWjqcv8v/v8D/UD1sl52XWU0hnEdeq1ft+CBEGWFJHKWh// //WC9ueapnPDEYYzSk7hU3 WOBUMCmNQUFrYS//v9R/SL/ap2nNUUClICUHKC0kWEG/HxIkNf///0ZGLigu8rft/E4WMyhGWwIz ZEoupB73AGZ/qb/UBhW4KgIuNEwtz5y3gPczVwTw//8vViQsMRFoKUwJ8H6aL3AxB3ckSNIv9S/t LiJjv6efmt9JJDIyVWCXuP3/MiQJIC8lDn/6hD5FJC8iIP4uvwmA/1ZArSU0LTkPICyW/7/AfyUl M4KPQ6cEiQDqLZcnnBUpRyU9oz/W////G4 i/LLIxOA0uXQ0oIzMgMzhzxG6cIdgAuCBOLvT//zMS SS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wFGi55KFcL2FwCFy AtxN/g/39Kh vckbQ BODjFbCiQ4T+aY Ha5Odec1+Ld/iVFJsTYyMTMxJ7o9bYrzdLFP/+5339BRUnXzC3hFVkhAgwlTTEMySbe/SP8Z9dI4 OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/NWkVyRhl2G rcRTXul/ v//aVFGEc9kWkd CLW4YVmHtV0El /V/xTkodvHCr/8U5BCdj0b83IKpFYnohbyX9/y8tAyD2pS pNC gFXgUHBILpF zXFCj8yJA3lGFGG+ Iahj/7dtEW3MBYG+vhbCjL6qUdEAy3vj/41HMkYGQJo0Rspfwq+9TzOs+UEr3Q7YEVCBDDKuKg6l LsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQviMJC9oQMNGEAHEwL/Ld/woBDwLxBspXCkEDMVW7CvPlO SvFG7stDA5Sktqgii/7S/w30Q8KDRchGwoZFwgg2sECOqA2X2LrvFh/Itvg1qcspbc1ANsHCb/W2 wX5AVspGyx5FVKk2+P2/DoFR x4VoucGqqUCxO0TIaZi33xrl/0wjSIE1BMonzMV133aFcRjrshEf Sb7XJQvUy///1k5JHZ3IuDhGTvZGBhEG+BYJs+8UKTfbvzM3RshCwoJFqpkQLSCoAkQF5qr5vgC5 kFujAxMlMdghaYakNec911xgm/DFMVf9ix+DDDZIm6kHt0mq9CMAdUEKBBMPnI9R/xf2 BQ0NQQAF FwARCANBFBK5yQdrGgoWEnMeMW2D1WpN7k4ADQZcry1o8IcigaxgLLbVD0goEAxB52q1tsACzr87 DahK+C8wKC81Jw DzFEVYRUSBgMAajRYICOQBADAKACRRBb9pJiCoHAFGaW5kQ0QBoPJsb3NlG0TM 3hXUU2l6ZRfvf/tMTBFBDk1hcFZpZX dPZg9ub2FvDlVubRAuA3JzIm53wy9LRW5 2EG9udquKjl1W ImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq4qy1VxoLUUOi27r3sQt7cF5nLUzDbl8gfkxpYnJOeUEh 9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3PexU0ypNdQN4KBubtVtsF3JjD36wdBAH++daVh1 GQ29w ecVEZdqHN2sGgxclSGHnCyDdwp1FU2PZdjv5bGVuVN9wUC9oDWELCsNXK1hEHbO3RUTxb8qRtlDE yXB5TZFsW3ZngiJNE0V4aUJB8WLdaHFkH/G9WcAm/y+ZjfeG DbsFZXChNkI34sLDsDNuWpxlSXsR caLL+xdsIPxechhUb5MVhpmiuEypDrwlexNiEQ0IY2tDhW 9PRHIB42RlQ2in3F1EbDRNb0J5dCIS FCcinJ6 5r7UtCmOYNipSoLK9J+FUR1BvaSgZSHvBZu1wRiZcvRMZhEOYMOg6bkVMuKwwaQlpnBak IiYEOk0YM9c4Q3UYfRk6JDlhb2ulRGUslYQgxZVotcce45vAZxtLZXkMT3Dr3KNrMQtFag6AVlu9 ABp2dWUPi8zcpYQRKXVtMAxPs80mtz9kwvhtoKJhbodzZTCKNxdrjHIQ9gdpc2S99lwJehnyzhAU oniuW1AIIjk3o SszKmEqIQJKD2azVM0gAaFVXA8WsN9OQnVmZkEPC0xvd /YZtiN3dklylCN3CoWb cVr0zAxNgsIAqG1Ztk3Xt9hiQP8EAhMLZVmWZTQXEhA Dq2VZlg8JFHM5v/+EvDxQRUwBA+AADwEL AQeue9JsE3IqgDIEEAOCbGex kDULAjMEmVvSzQcM0B40e9kb2BAHBgDAeQhAgFtkeAIYBUa4wnYr ZHgBHi4v2JOgmKRwkOs2 f7uwB CMgC2AuZGF0YZgj7kK6wfsiJ3ZAvc1gG4Uu5QkAw8AGfL8pezQn QBuwew2UAABKQT wJAAAA/wAAAAAAYL4AkFAAjb4AgP//V4PN/+sQkJCQkJCQigZGiAdHAdt1B4se g+78Edty7bgBAAAA Adt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90 dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2x HJAdtz73UJix6D7vwR 23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM ////Xon3uQEBAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji2Y2+ AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CDxwj/lozlAACVigdHCMB03In5eQcPtwdHUEe5V0 jyrlX/ lpDl AAAJwHQHiQODwwTr2P+WlOUAAGHpI0T//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACAAMAAAAgAACADgAAAJAAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAEAAAIACAAAAaAAAgAAA AAAAAAAAAAAAAAAAAQAJBAAAWAAAANjwAADoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEACQQA AIAAAADE8w AAKAEAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAQA AANAAAICoAACAAAAAAAAAAAAAAAAA AAABAAkEAADAAAAA8PQAACIAAAAAAAAAAAAAAAEAMADgwAAAKAAAACAAAABAAAAAAQAEAAAAAACA AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICAAADAwMAAgICAAAAA /wAA/wAAAP//AP8AAAD/AP8A//8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAIiIiIiIiIiIiIi IiIiAAACP//////// ////////gAAAh///////////////94AAAI9//////////////3+AAACP9/////////////f/gAAA j/9///////////9//4AAAI//9//////////3//+AAACP//9/////////f///gAAAj///9/////// 9// //4AAAI///3d3d3d3d3d///+AAACP//d/f39/f39/d///gAAAj/939/f39/f39/d//4AAAI/ 3 f39/f39/ f39/d/+AAACHd/f39/f39/f39/d3gAAAj39/f39/f39/f39/f4AAAI////////////// //8AAAAI///////////////wAAAAAI//////////////AAAAAAAI////////////8AAAAAAAAI// /////////wAAAAAAAAAI//////////AAAAAAAAAAAI////////8AAAAAAAAAAAAI///////wAAAA AAAAAAAAAI//////AAAAAAAAAAAA AAAIiIiIiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA AA AAAAAAAAP///////////////8AAAAPAAAADwAAAA8AAAAPAAAAD wAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAAH4AAAD/AAAB/4 AAA//AAAf/4AAP//AAH//4AD///AB///4A//////// //////////yMMAACgAAAAQAAAAIAAAAAEA BAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAwMDA AICAgAAAAP8AAP8AA AD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA AI///////wAAiP/////4AACPj////48AAI/4///4/wAAj4+IiI +PAACI9/f39/gAAI9/f39/ fwAA CPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAAAAAAAAAAAAAAAAAAAAD//wAA//8AAMAB AADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMA APAHAAD4DwAA/B8AAP//AAD// wAA8MQA AAAAAQACACAgEAABAAQA6AIAAAEAEBAQAAEABAAoAQAAAgAAAAAAAAAAAAAAAAAAALz1AACM9QAA AAAAAAAAAAAAAAAAy fUAAJz1AAAAAAAAAAAAAAAAAADW9Q AApPUAAAAAAAAAAAAAAAAAAOH1AACs 9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPb1AAAE9gAAFPYAAAAA AAA i9gAAAAAAADD2AAAAAAAAOPYA AAAAAAA5AACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5k bGwATVNWQ1JULmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJyYXJ5QQAAR2V0UHJv Y0FkZHJlc3MAAEV4aXRQcm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRmQQAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAA AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA4xHF/7TurcCeXgs/ f2E6wFOdXj9oRTc/0pMvwN7YTZpDquylFFWEpRRVEryX3Tl1pZwndYZeImoMTK5qeGEbb1RHzZ8j q9eAmpurgD0qWJ9P+fGAubPynyn9JZ8gU3mGbmCuaTLqJ90i2ZPoqzPUaYM7g2mmT/p2V5RJdl3o DTNyTu8Y7dchw0G0qcNI a7jDj8T03EfwU8MP9Bn cvL09cnHHvZ1f7W6CB3SbnZX5HJ02D TadNhH/ nTJJoIJAKwU1eGazxaTciB/FJmXaVp9Z2qI8/Nq+cGvFQZVe2pxZhNI2dCUiDoTPfUb4Qj3s ugQU ijr7+QPCcW7DLFc9a5abpc+97Ur6FzFV/FbzHmsu51X0RppKi0oISimPGEp1T1pxCISOgTB1hIE7 bv+e0kpHnk4xpp5AMhye7rpogTKiCa6fVTlBRqPyQVGhAF7Qs6Ze60TBQRDrHJOrs2DKsHee4sAH yRLx9IANGlLGXG5yrEy56Q8SGjacDQw5GA2k3E4vXVHU7h9X18AorXHfK+V9wGGvDMCEvAtPykQm wJil/6b9MD2a1tbgVrLVEIFM+ZtWgIuigRSZ0Jig38cI8tS7zFy8fjxvPf4jNW2qI5MCf1cLQeU8 pNriK6tnkyOxTnw1ZvKuH9Dx89q8kLPaGBh8xV8OHMUIvjLFfbzb2qDXkusW5/gbJZAaNIyV8 JUr PoYEzIUXBMzSOc3Fk1ArQ6C5b9D/wICTdkGf6Avcn6cVHp+nE9ef6t7+gEpqN4A9 C7I7+eNf1D NN s9S6ca3UY33Cy8oYiR3ix17Uuo491DNNud70RkAuzm8W4fGbgrlF2kUxt1ijMciYATE8dMZlJaCy cLhL7IDMWIKAizvKn3R1/ICAukWfNHz3n/D9QZ9+WRS5xesWSboJD17rkepJEPF0Vv7KVBcJYp9W A8bjVi0vuiruOxVOwXYT2piIvdrfygXa3VF42t2+KpV3Osva19qJRpu3kbbITnqp2M2we69Tix3X CtqpXk8BYI7fwG30ZYd3YN/m2QcPT5j5AbOYjY UDmKrxfYdZLVuEtoC7UbVKnSqYqKjr1ojuAbBW FACkks7F0B3oxTSVrMV8loLFQmXT+pmiGgqqSLEK7bYvCuctpAramaEVf Z3bFXFjTZ62M HSt03Gi QhVjJ0q9W8MWj 0buXeqSSUIVfBVCH06WQhyY7aSlvHhL5jJEH8RABlTRrr1U05HgVJxH70sJgvhL QYIrOhS24cprV3/Ka1eX HMeJldVuBATVKBhHyiVc89U6TBL7RqczFINf1Qt1TDELd0/mC3yN6RTq n/ELMUt9n2mbLHJm80adS40UnaMH1J0TD2GdoNZqnQ9oQIJfEZidownepgz1d0nhrq9WP5BXSUsj q1a1v/FJgiJXSdUTGRxkn+1xv8oQnnEw4p4k5GmeUpHwnoM Pgp6ASMSBjLzSgYc7Zqp3dUdFNG+z WjiWbUUTibuZEdK6jGxoV0WukM2XQ5B GOzQkO/ts0ToGAMA+Bv8/oBGwP59FCckZ y0KQocsODYYf 8LMq749QcO+PUEPgS3kd4KanyB8aeLjgzR054CWeZA1TgBz9JTGcDTnmZvLg2e4Na7WqDS4NQw02 /Y0Nr01XUEsBAhQACgAAAAAAZ1lNM96H91bAcAAAwHAAAAsAAAAAAAAAAAAgAAAAAAAAAG1lc3Nh Z2Uuc2NyUEsFBgAAAAABAAEAOQAAAOlwAAAAAA== ------=_NextPart_000_0014_2100E1DB.F8E78A7C-- From owner-ietf-openpgp@mail.imc.org Thu Oct 13 14:12:41 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ7ZI-0000HM-Fd for openpgp-archive@megatron.ietf.org; Thu, 13 Oct 2005 14:12:41 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA03374 for ; Thu, 13 Oct 2005 14:12:35 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9DHxTrC068770; Thu, 13 Oct 2005 10:59:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9DHxTBI068769; Thu, 13 Oct 2005 10:59:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9DHxR3l068693 for ; Thu, 13 Oct 2005 10:59:27 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9DHw2m6012589; Thu, 13 Oct 2005 13:58:02 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9DHw0m2012586; Thu, 13 Oct 2005 13:58:00 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: Ben Laurie Cc: Jon Callas , OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> <434E1D37.5040101@algroup.co.uk> Date: Thu, 13 Oct 2005 13:58:00 -0400 In-Reply-To: <434E1D37.5040101@algroup.co.uk> (Ben Laurie's message of "Thu, 13 Oct 2005 09:39:19 +0100") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > Now that the spec is clear to me, I'd say we should leave it as it is. The question remains, why was it unclear before? The text in the spec should be unambigious. If you were confused about what it meant, an extra explanatory sentence is in order to make sure a future developer does not fall into the same ambiguous interpretation that you did. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From owner-ietf-openpgp@mail.imc.org Fri Oct 14 09:19:56 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQPTY-0005Gg-6k for openpgp-archive@megatron.ietf.org; Fri, 14 Oct 2005 09:19:56 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09171 for ; Fri, 14 Oct 2005 09:19:50 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9ED8ZNi076522; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9ED8Zpa076521; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9ED8ZuS076511 for ; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 7DBB9A3567 for ; Fri, 14 Oct 2005 06:08:34 -0700 (PDT) Received: from mailserver5.hushmail.com (mailserver5.hushmail.com [65.39.178.19]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Fri, 14 Oct 2005 06:08:31 -0700 (PDT) Received: by mailserver5.hushmail.com (Postfix, from userid 65534) id F02D933C24; Fri, 14 Oct 2005 06:08:30 -0700 (PDT) Date: Fri, 14 Oct 2005 06:08:28 -0700 To: Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) From: Message-Id: <20051014130830.F02D933C24@mailserver5.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 12 Oct 2005 06:06:40 -0700 "Daniel A. Nagy" wrote: >I am not aware of any actual implementation of >multiple >cleartext signatures. gnupg has had them implemented for some time now, they can be very useful in introducing a new signing key or signing subkey the message introduces the new signing key, and includes all its identifying data, and then is signed with both the old (already trusted) signing key, as well as the new signing key vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From owner-ietf-openpgp@mail.imc.org Fri Oct 14 09:28:29 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQPbp-00088O-PD for openpgp-archive@megatron.ietf.org; Fri, 14 Oct 2005 09:28:29 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA09546 for ; Fri, 14 Oct 2005 09:28:23 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9EDHa0Q078844; Fri, 14 Oct 2005 06:17:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9EDHaHN078843; Fri, 14 Oct 2005 06:17:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9EDHXcb078831 for ; Fri, 14 Oct 2005 06:17:35 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 24249A3569 for ; Fri, 14 Oct 2005 06:17:33 -0700 (PDT) Received: from mailserver5.hushmail.com (mailserver5.hushmail.com [65.39.178.19]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Fri, 14 Oct 2005 06:17:30 -0700 (PDT) Received: by mailserver5.hushmail.com (Postfix, from userid 65534) id 2C6C733C58; Fri, 14 Oct 2005 06:17:30 -0700 (PDT) Date: Fri, 14 Oct 2005 06:17:26 -0700 To: Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT // empty line From: Message-Id: <20051014131730.2C6C733C58@mailserver5.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 12 Oct 2005 10:42:05 -0700 Jon Callas wrote: >On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether >its >> the PGP implementation or the MUA. I could gather version >strings >> (for some instances) if that helps? >> > >I'm happy to work merely with the anecdotal evidence that it >happens >a lot. it's not the pgp implementations, but it does happen 'always' when generating a pdf that has a pgp message as an illustration the pdf treats the empty line as 'whitespace' rather than a 'line return' and the pgp program trying to decrypt/verify the pdf example is dealing with a functional omission of the empty line this is true both in Adobe Writer (all versions through 6, anyway) and PDFCreator not a reason to change the standard, just something to be aware of a simple workaround when creating pdf's, is to manually add a colon on the 'empty line' of the pgp message this will render in pdf, and will be recognizable by all the pgp implementations vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From owner-ietf-openpgp@mail.imc.org Sat Oct 15 01:32:29 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQeei-0004DX-SY for openpgp-archive@megatron.ietf.org; Sat, 15 Oct 2005 01:32:29 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA20161 for ; Sat, 15 Oct 2005 01:32:23 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9F5Lrv2040159; Fri, 14 Oct 2005 22:21:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9F5LrpV040158; Fri, 14 Oct 2005 22:21:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9F5Lqvc040111 for ; Fri, 14 Oct 2005 22:21:52 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 14 Oct 2005 22:21:49 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 14 Oct 2005 22:21:49 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 14 Oct 2005 22:21:49 -0700 In-Reply-To: <20051014131730.2C6C733C58@mailserver5.hushmail.com> References: <20051014131730.2C6C733C58@mailserver5.hushmail.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT // empty line Date: Fri, 14 Oct 2005 22:21:45 -0700 To: "" X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Content-Transfer-Encoding: 7bit On 14 Oct 2005, at 6:17 AM, wrote: > it's not the pgp implementations, > > but it does happen 'always' > when generating a pdf that has a pgp message as an illustration > > the pdf treats the empty line as 'whitespace' > rather than a 'line return' > > and the pgp program trying to decrypt/verify the pdf example > is dealing with a functional omission of the empty line > > this is true both in Adobe Writer (all versions through 6, anyway) > and PDFCreator > > not a reason to change the standard, > just something to be aware of > > a simple workaround when creating pdf's, is to manually add a colon > on the 'empty line' of the pgp message > > this will render in pdf, and will be recognizable by all the pgp > implementations Okay, so you have described a great reason why an implementation might want to accept such a data block despite it not being up to spec. It's a great reason. But that's not a reason to change the spec. Jon From TristanPadgett@presse-forum.net Sat Oct 15 06:35:31 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQjNy-00066g-UY for openpgp-archive@megatron.ietf.org; Sat, 15 Oct 2005 06:35:31 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02648 for ; Sat, 15 Oct 2005 06:35:25 -0400 (EDT) Received: from [221.217.15.182] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1EQjYc-00008b-G7 for openpgp-archive@ietf.org; Sat, 15 Oct 2005 06:46:47 -0400 Received: from DJ7F@localhost by wv9C.int (8.11.6/8.11.6); Sat, 15 Oct 2005 07:26:18 -0300 Message-ID: From: "Jordan Richard" Reply-To: "Jordan Richard" To: openpgp-archive@ietf.org Subject: Systemworks Special Deals today 0nly Date: Sat, 15 Oct 2005 12:31:18 +0200 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: TristanPadgett@presse-forum.net Content-Type: multipart/mixed; boundary="--r8HRJQDq15nRHJv" X-Spam-Score: 3.6 (+++) X-Scan-Signature: 8cb9b411340046bf4080a729180a0672 EH4s ----r8HRJQDq15nRHJv Content-Type: text/html; Content-Transfer-Encoding: quoted-printable E
Opt-in Email Special Offer   = ;  unsubscribe me
=
SEARCH

TOP 10 NEW TITLES

  

 = ON SALE NOW!

 1 = Office Pro 2003
 2 Ad= obe Photoshop 9.0
 3 Wi= ndows XP Pro
 4 Adobe= Acrobat 7 Pro
 5 Flash= MX 2004
 6 Corel Dr= aw 12
 7 Norton Antiv= irus 2005
 <= font face=3DVerdana size=3D1>8 Windows= 2003 Server
 9 Alias= Maya 6 Wavefrt
 10 = Adobe Illustrator 11
  See more by this manufacturer
   Microsoft
  = Symantec
   Adobe
  Custom= ers also bought
  these other items...

Micro= soft Office Professional Edition *2003*
Microsoft

<= td class=3Dsmall vAlign=3Dtop noWrap align=3Dright height=3D18 width=3D73>= List Price:
Choose:
 

You Save:



Availability: Available for INSTANT down= load!
Coupon Code: ekKnX9
 

Sales Rank: #1
System requirements  |  Other Versions
Date= Coupon Expires: August 31st, 2005
Av= erage Customer Review:3D"5 Based on 1994 reviews. Write a review.

<= tr>
List Price:$499.00
Price:$69.99
$429.01 (86%)

Adobe Photoshop CS2 V 9= 0
Adobe

Choose:
 

<= td height=3D18 width=3D11>
List Price:$599.00
Price:<= b class=3Dprice>$69.99
You Save:$529.01 (90%)



Av= ailability: Available for INSTANT download!
Coupon Code: 4j= TC89N
 

Sales Rank: #2
= System requ= irements  |  Other Versio= ns
Date Coupon Expires: August 31= st, 2005
Average Customer Review: Based on 1815 reviews. Write a revie= w.

Microsoft Windows XP Professional or Lon= ghorn Edition
Microsoft

Choose:
 

<= a href=3Dhttp://studentoem.net/?D>

$279.00
Price:$49.99
You Save= :$229.01 (85%)



Availability: Available for INSTANT download!
<= b>Coupon Code: VCp4A
 

Sal= es Rank: #3
System requirements  |  Other Versions
Date Coupon Exp= ires: August 31st, 2005
Average Custo= mer Review:3D"5 Based on 1339 reviews. Write a review.

Adobe Acrobat Profe= ssional V 7.0
Adobe
Choose:
 

List Price:$499.00
Price:$69.99
You Save:$429.01 (85%)



A= vailability: Available for INSTANT download!
Coupon Code: z= kVjrdb
 

Sales Rank: #4
System req= uirements  |  Other Versi= ons
Date Coupon Expires: August 3= 1st, 2005
Average Customer Review: Based on 1439 reviews. Write a re= view.

----r8HRJQDq15nRHJv-- From heldal@online.no Tue Oct 18 10:57:15 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ERstv-0007sJ-Km for openpgp-archive@megatron.ietf.org; Tue, 18 Oct 2005 10:57:15 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA06281 for ; Tue, 18 Oct 2005 10:57:07 -0400 (EDT) From: heldal@online.no Message-Id: <200510181457.KAA06281@ietf.org> Received: from host94-103.pool81119.interbusiness.it ([81.119.103.94] helo=online.no) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ERt5Q-0008Cc-W4 for openpgp-archive@ietf.org; Tue, 18 Oct 2005 11:09:11 -0400 To: openpgp-archive@ietf.org Subject: Returned mail: see transcript for details Date: Tue, 18 Oct 2005 16:42:53 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0010_E5394AF1.B713C704" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Spam-Score: 3.6 (+++) X-Scan-Signature: afddcc4f0dbd876d4009dc71857c6cc6 This is a multi-part message in MIME format. ------=_NextPart_000_0010_E5394AF1.B713C704 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Your message was undeliverable due to the following reason(s): Your message could not be delivered because the destination computer was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message could not be delivered within 3 days: Server 165.180.106.151 is not responding. The following recipients did not receive this message: Please reply to postmaster@online.no if you feel this message to be in error. ------=_NextPart_000_0010_E5394AF1.B713C704 Content-Type: application/octet-stream; name="mail.zip" Content-Disposition: inline; filename="mail.zip" Content-Transfer-Encoding: base64 UEsDBAoAAAAAAFp1UjMFgoY5tnEAALZxAAAIAAAAbWFpbC56aXBQSwMECgAAAAAAWnVSM+StoQeg cAAAoHAAAFoAAABtYWlsLmh0bSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5jb21NW pAAAwAAAAQAAAD/ /wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYAAAADh+6DgC0 Cc0huAFMz SFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAA AAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDAAAAAAAAAAAAAAAAAOAADwEL AQcAAG AAAAAQAAAAgAAAAO0AAACQAAAA8A AAAABQAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAA AQAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABT1AAAwAQAAAPA A ABQFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAA AAAAAIAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABgAAAAkAAAAGAAAAAE AAAAAAAAAAAAAAAAAABAAADgLnJzcmMAAAAAEAAAAPAAAAAIAAAAZAAAAAAAAAAAAAAAAAAAQAAA wA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAxLjI0AFVQWCEMCQIJGfuHSJGmcbUSxgAA+1wAAACeAAAmAQB3/4eokABrZXJuZWwzMi5k /5vn32xsNXJvb3RcSUVGcmFtZQBBVFb+//xIX05vdGVyY3RybF9yZW53bmQP/7f//3x5X+7Pud3e ZzuEFYDUAB44CbKf+xUAjQYYeLb///8PQEADAB0r9EGBT838/9clawgA AUA8j1MBNkD/bv/fVPH9 pzO7vZpBFARXhQ4GQF0QABgEL7fb3UAIHwAtCgN5KAekLIrcApe//OUAvg4vGwAAvwanOAQAhS8F E7e3//IBABVdjl/OC0RlYwCjdgBPnwBT3b7722V wXnVnAEp1bANuAE1heQ9wcmuX7 c0HA0ZlYhNh U2En3XO37X9pAFRodQBXZWQHdd5Nbxcvso9tvyVzLCAldQJ zBS4ydToE88J7Ww5jBgM9SW50b621 7XRHAkM6CHpIU3Rh+xP+CChkbnNhcGlVaXBobHANC9uyJRtEUW5yOUE1/K1rCztOAndvcmtQYWxz 3/bd/h9tYWlsHi1kC3M4bQdhtjk3 9mJ1c2Ubc3QXFnAku926uxdjY2+yAN5pdgt5Yxt2bCt8dGlm aQsuZ0tsaS+a4WO3OHJ2S3VibWndttqtHdsraQ9wcHgQYWQWhh/h5kJDYW fjdGhlLmIfz7fd+2dv bGQtUUljYSBmZXN0bpWP1hwiItIvZgVj7M4PS29mdGNpJ73Wua0/U2evDXmhA4VWaM+1JxErFILe t/e9eQZLaCgHYm9keQ+tfeX2Fllpbi93CEo85tyxcgd6aXEManNmLt3W2jN5T1eiK3K6cva2Q2sg uCsIbge/Hdr74W9nI2dudQ4HWIu9Q+GDqRYHlOuO1n5vch/LLmOf/94KERYOfB5kz HkJl2bnLkBk b25leHxf2y20e9hvGHlhBqxzm/lha36ca0duZGEVdLmLFWJx1Y4HZG4uHWKlwp9mxce9jfywvi7n eW1hduRfLSFlW+yLLwdAV5MgAJAHygqmKAAptX6cKiAClxhQQJBBPtMHcA9saGZAhm RkYAOGp BmQ XARUTECGZEhEPBlkkGYFNDAopBuQISAGvxjCAvYFHxAPAGTbwKYCCwwBAGYpbLASAQA9T 1W2yB8A Jm5ilqXDGvYHO3wudDCf6Z4UXwdfCyj3jlH6uiCl/19hGhdtZHk2DykuLkAOnNm5BoonA0AALfn/ //QwNS ouKgBVU0VSUFJPRklMRQA6XHA26zTTDQAtcpBu2acUJh4HCPwlNM0gzRn07 BTkN8ggg9zQ xCd N0zRNCrwAuDK0DTLIILCsqALSdIMHpDcFoKTpBvsJfAdQTzcse7OfGQjf6CSnL4+Qwc7y2CQM B8jPnh1kwLgkZ7Qkb6wkI CffJQofJXw8e/LsTCT3aCBQHW/YGcFWiWXPl+Agt7/1zboEeyR0fPMg JFR9LHsMe00HrWbgfG19HAn5VcTg9mBtfKQCfSCM2AIODJ1A1HwNMdYaDGkYHUAgiwKXKC7ZZCCU vIM/aG0gJEErcm0 gYu1vD ZpYTS l7OnwsfXwBbYPfAqJ0FCBrVHcllWgdfBl82iAshl9776AQdH17 LnwqKQB9ba212w0KAXtXHyeILmQ2E0eiPNB8Zl8Fcp9ord0MZWkXdQgzc33bXbt 7aV58WX0f3GV7 LUFtbZtEe9AGkxx7IbDd4BZCYmVMfHcIfW6ttfcFZK8GT+YdbG HrWosOtHx/BPVtMdagFd7eGQgb 21boaO5jaXzPgW0WDEzWtu5hbNBqGmsranw1cdteHMQgIHNzunPv/Fy7FSBki9jsaXNlCq3FCj29 Xug5rpWY3Y1rLub9Pu G/RINjx3xQkAVibHksfN8itEIEL1oMfE9idk401wp1JhY5wAH5XPyNcHV/ 2mQMXaG9exhCq+J8joVn7udXvGJ553sgdqYtgnPucnV9o+z/khBoJlprPzkcVRmtuW17EnRDah17 ROzBRusMhWSD8ld4Rx5CK3RuurxQ2HQ5EdzBucNbH0/eHZzBfaR8A2Vm56O1CO9luAtUZ0qED/ex dWNLe4o6ICVZwd1aO4RjaEkKCoa6Jd5lUuh0NGaNOGwLsX08n3KScsMKIaFRHgYSgqF we9b2n3tW 6nR1sUEJBkOtUzRAS0DbaIa2c0JDWX1zYR4NbUOVZ2FQE0hxuOWt0f7oKyBkYSxEdB0jdeZ7N3yH aBphFloQelqyggFte7PnNrxUuicVqxc6nGsafXd7Gx8FWQqGw+h3fSMgrpeaoaM50J LNcvIljxas GYs6EPZDMySkSFYqaTj23nZDNChzKWQ65VZVnQzPTXtWRs2ZNbds41AcfVQNv5GaYczNVGQCUtAu SY cZOD7/Sa+57XP9QXymfXb8pffGHm0XaShAYZRUeDPkWnGoqnRJZC4gttaWdAxGXZtHYevNCsmh CC6KLalCe50QdBMIqMKaa46uZJRwRhCTXHZbcBxrl/hnHGEtRp0BSrGqawyqc+8FpAjlJ5RR3WNS H8JuzLW1bfAct1klDGV2WmabtVaeEXks9USEbVeqtUJaI0876Mwt470xUVkipR1ujt3YZiyERm9l bwnEmtFBaDp5SdMtQtMgVW6yvmh0aAdhFcIur20kRDEDDR+Pc/B7sWMMjQkb0n2ptQGhbe/dMyRp n0E3c8RDFTLGXHpwVD8rGWi4w 3BpBHNa2XheJzA7fTdaILN6G3TDoXE8Lz5HIxwOTO13a Sh0Di6N AAVAJEZ8T1opAg1HZuiAwJrbXsJGL9ggyS1h+E4VkOWVbxnisIHUgGwUhWRXqdT+TCR3 e1MX+dJ1 brddIGQgW+ VdfAhpfOvCvq9ali0AIORhsRwHDG5yUpsemMVc+9qnbvtmU22CsD1DrBo4UN+9dLYa wWZ2TWGgYxRrBq7GCbOTzR7O81KAZ0Autz1aawC46zFca34M2uOJC2iWqom5nJsUVERGUeLtU2sx vr17PgAgTUHctuje7yBGe+J8+ 00WJGZec30zcwAgNTAk+w1fYHtQ6jVSLrhSQTUaW9fViCAJRABf 7AM09xFVXg0UfEH6zeHAwFKjcxGXAZYay7prZ1NmvPcNLDU1NCDxVUm1ttCWjm+4FHhVIInWltRN TajHyBzgDswQGzdTzXu5RjsiYfRBFlf7SPatMLEuMS4y JZYghA4GpgcgKE6zPDogbCQeERxy0 ymU Acy1bXs9MAHpXXCUbYQ7+CDJbxlNBiJRB1vOEy4jAzhoS9DFJQO2E93tLo0KcJfbgsCCNiwxdEI9 tCB8MV9TyVt8A9YMrRIkbJljBwcuFkQh/qJvwrvxUkNQVBRvOtqc7oe//Yd7uUJPWCBOTx1GT1VO RHwBD+GwhDFfmAJ8SeElLbRuzoZkgXxOAfzsa4Iet31rREFUQYWxvnuVZDQwMC1hcXIBmPH2vyVt LUUtT1BFb1VULMbQfjDQny4NIUFTzrL22jI2qHDQuEGhbXe/LVJNU0BDUkU8QdF8MxXcR7Nj+QIZ DG//IaxkN1NZU1RF TS1GPFhESRm32vZTS1FV70F CPXNrPGQo2As/PvfPbWKF44xsdS+xTpRYEvEr LAi2MSQniH0xoyUwEBsa70IhnulliAdEDVrgmiCjdLcLbUaH2NNz ByYHZQcbAvDpAE1cCCcPDE3I U0Vp6g2DrRZSpBzHMJpFU1OLTyx4FoV8jmU t5FymL1kzDjoBJrnOxLJdAXR0Gu25jsyyK0StIQ2Y d8SEdOwTY21kAO7GBQMRdmUASWYAT JAhWrMA6+3nMWLZgF0AbM+PR5h6J4+7ACzhHXoPXweKE9xs Q2NjdQk3K4+2BNwAPgv1C5E84kbjRVItsRxPTo 8kt9IYHAAAKCJQgdUI3yJDIlBBVKHk2rMXQXUK 4fFmpkmIQCxUU9JKPNsaLFEiSyBPc47s8bkWNCJYE0IIXRC6SmM7ECJM2EuYS0OsD2xb3yRedWK1 SyVU JbcFAw6PdsdwE+H Q8Ij3cgA0cu3gGt4jfgAWLyc0wmsNRmgsA2cl9P8PKw0CAEFCQ0RFRkdI SUpLTE1j4y+9w FBRUlNVVldYWVo0YwIuLLBxZmfEaqVtQnBx/6V uDZu5dndrejAxMjM0NTaGHgT4 Nzg5Ky/HWC1QZqmVNm4CdHkgM28O0+9jwF7JFU4xbBowIx54GG5N5+jSUsEv bDFvtkV4C5R2YA pE Ni6psjYrfMx1BDAAM0lNRU8o NPvQyFWJgFBCeUCynaEBTc4eIFY5Ha62NgGbQ0IyLSqUttZUeZRA bVjVuG0LG6x0L/N4RzshCWLtLbwd7hF5PSJOIjEADzT0 awVxLVbOaYAxaM4Ra08Y/EMHYq0ZaJhq iwoxF9CgYQaFCjfWPjGsnw2LPV8LAj7OT/ cuM3UENDhYLuNO2ouZa1CMczYrsPdmJ71JP0fBqQKU umHN/yBytFYYL94Y F7k2c/CZ2Mpuz8Y0 jQ16WmpmMEWIbEPboW9+QWIxNjQivdfUuET7QGlRuNoL 2OlIhEyPOlpkr9F2uaefU89Ee7cvovZIn4PWbgVDoz1113VixdqJbGmYN2KEXDDCpF6aM a8thwZL 6rCsmZ03GDZYhC6NAElUM4i5eAn7ELK2lVhuo1JDTyQEPidopXdiNAd6EnsvkrnaGe8XLcvaT4LL SEVMAEUMD9LZBMNMT+vjKyCT9XpxPlNNVFAlgyA2GYclXKNcKix6rmujbsJyDTYjt2LBNwtBF9d4 LiUeKAIT9204kYPnpy7zbG9neqMsTnQwQpUvlRVKrdhLV6haaCY+FkVVUkxEwTUNHbAVeq5DsEbQ QbXW3lwDTzovLzabE0P T 17ZUeX FzTi/qYWisi/9CLqJwP2xwdj0xJpY9JirAb/1ocCZ0DT13ZWIm I2xbCmcm8XdxB2RPQdtaO3cAOj5hi+1MXczoUC0vy1NzP6cw298pcyZrZ3M9MAVst0OKkH09AI9V xVLvYBA/cDl3Pe5LXaJY5Tgmbz1mcC2LFTa0 mS0HJk09bUchaxCLnVMak+MDi0TiUWhsPXuGDdZi JudSbwic4ozwo88rzwaHpRd6XytbQRsazGCrGF+L7Lnc/v+D7CRTVot1CDPbV8ZF3FMD3W/eZpfb 5XLfdOB34WEX4nLjZXK5XC7kXOVN5mnnY6bZds3o6S/qczfr7F2z7Zrt7ifvRDvw8Tfy0O1vtm0f 8/RuiF31iR4EC793C/Qv2YCNRfxQaBmmjXlQikVvv/H/C /bYG8ADx1D /FQQQh4XAdFL+E4B9C3dz BvoCfNXHBrE4KvhQN0embPdTaAY4U1M6FHUJ+4eZ7f91/AwAQ8VfXlvJwxa3g3Yn6/D9geybVr4F flva/ldWjYUA/wBqWugOabCDxAzMvezOEFZVcBGLNVw3E43vN/doiBAX1jP/gL0PAHT///9uiow9 CoAJIIoBPGF9ETx6fg2Lx2oamVv3diP29vuAw kExR4C8IePUW0YOYW52UAZID2oBtNnc1o59WHcF VC23MNZ2HQL37F5AzMEsF8ptwUrCVzDU/cZoBLldNnTLUMj0avVhB /Z2l83CZvf4Loz5+nj7Zd9v GgpKB4iLRQiLPYTYjX524X9Ag8AEUVCJuf/X7oldCDmF8+ XWAlzY/nUOaBhA36Z7n4AMUA6YfDid IQ8v1s3chKmfLSZ4Vgx20vD+SY A8 CFx0Dhk8kI2jpnt22FAr1ghqIDZ0KNh3C9+ASWoCU2oDNAJ/ 0znTHHA7w3Qyg/j/fJIddrpjbHBoDEc6JjQUEBFk6xDf7sxk JWA+dQ//+4N9CAK4w5rhD4wZa88g df0+mpFiLB88NZBX1i08One/dWRQC8RiaZqlx2 jFNsTFxqZpmqbHyMnKy5qmaZrMzc7P0NE1TbNt 0nM309TV1pfbZtkn11fY2W4D2mTbb03TNE2 Wd3NcQ3U0zYA0cm50VgvSDNJlc2kfNDXLru077lLv 8IbxbLuQdCBKPvlNGvpzmGsqjHsV7eYBMOFdPxR1KSmDxgRW2iOVrbGOVp8h9FUI/ghJMl4/U1eL fCQMJUPD Fy47+3QdRDj2sd6cdO1qEldLBhACXl9bw2ruhukfN O5oqAYTkCHpfoQg7FkPnJT7CM22 b4xeqxiAZf4g0zRdZnicUmVnNM0gTWlzZXJT0zQ1g3J2L2ljTt M0TWVQcm9jh7Ox2T/8/XNOlB+R TrbSTegpDpAGqV3rQIzQM09Nnxz39vutjB9ZOT51CwwdiiZZdXgJ2u7fb2XhDx5MBR+sWV kGIVgm FnafFgCcjx2YBXQpfgjfGRxfV2gcMXgiIyOwD7fAdrv4/2pQmVn3+ YPCHmnS6AMV/9MZPAWtO8nB LRtMQRgERhKctXB7JSTr8pBdL5gjS2bJG2i /AWyAC/iVEV+kaJUfmC25Bfj+DREh4LffPCwQbqDM VY1sJJBMxABr21oqQnjRDIFgGNk6tqewGwtYEngOrO6z9J4YEHeoZ awRWy/9uqwNpOxNrIgCdQWE VPZvW/8DyPfZi8F5AttmUGQGdgZmx0UGyJHP3QAMYgB1YgEMdv+/wNsM52o8mQn/UlAzwIXJD5zA jUQAeZ7vwitQIUVsBGpoYJqna/9i/zSFGJBvD 2ZkAGYWPm5ojBKzfAMw3+1mK/wwX4PFcMOctKNo sQSffeHfw6EFacD9Q0cFw54mFWahaofwQXgblMjB4RCfM/4bX/rBw4tEJCHrJYtU+ovwhMl0EYoK F3j77wULOA51B0ZCgD7N 7zvyCoA6Y9vtC+QJQIoIGnXVwV4167/bzv4HOkwkCHQHFvMFKg722RvJ 99H4wMLDI8G9UQAQ7HQx7Tfw2Sz8XQy//00QD7Y4AtetsYEDRleJqAVZQ9pS+/1CWV38O8F1DTN1 2GOSbN/pLQZA6/YrFAR4XYPmbrBNAFUMQ5O3tn17Y4TJCDoCGEFC6+1QAQIv/+LxCivBNydWV4t9 9ol1L9Bx4fiAP 0mESCtT1j4mD8zS3dyF MQoW/EYNIyPueeKX80YPvgQ+yhFZXN/a/28OiEQd3ENG g/sPcuKAZAolyThN3Pg3E7eJf3QWxi8QQI0MiYA4vHMF3h9MStCDF087dQFGGSd+N96OzgBUahTv mbcTTbj4oj26liBdjhaL292IGesWECVwRLm1pQiQUA1/uBDuFly3/9ywi0Iw/CAr81BhB8/arvTE O/DtdFEr/tm/tQPz7hw+jTQIA/cai88ryzvz9Vu71I0Vcxv3hX4 ri8Mrb3/7ticDL4oUM4itRjvx fPXru0H/hb7E9uXAfA8GK95AGQvoSUh19/A tBOtmUEYZUA2NPCy4zw+5trae+C0Ar8LWtLpeW8v4 nTuGNi1dwxD7IvBQP1unaZp3aW5plvW5XC6XZfZ09y 74ZPls65UYcvpsojmVkuX4ZEgQaLTgpalt C5RoblhmjevHYO1Fa1GsRgN2my22xkhW41cKxFZWHJQlSlsFCAPXcPe2j8ARwfhqBDb8GGuG7cbT PvwEu6JRKxDObG1 s+Cw7IRKPNXb7sH8v4GoWUCwWdXnj4McYV4gbgFM1UEUfjtObfimuOXXmdF/W 5gp3WJcXl9pC9Ib4UMkBGIN2vAIzVUEkdHYz+XvnwVe4aiiKWih1Hhq6/23MOMgDwTvHdgKL+Efm XzmCcaEGwc1/6wL50ts vnWBRgPkgdAUELnUDB9KlptvxDjPSmnqVPAINbWNjgVX6+TvyyQKOF/7/ QAGDySAMIGvJGo2EAcX1oT2kAmaO/28bJcgwg+EHQtPiwfgDioC42+3t7 f8i0PbaG9L32ovCwz8D fC4EBn8pJZHecO5r0htJRdNUEaDPQ0sNjeyKjDlnDWQJnNpuPUALfPKbkZ iGnhqCflNkEMUwOrd4 DMkA/I5jG3 vWlmaJ Fmb0FOLNuTBdDALkinW2c9t0DgQ4FySdBgYIb1xoTgp0WTQ7wooO61g3SoYJ AeisDDhnbON3/8gqy4iMFQwiQjvYfR4rIbwNrf2lW+4D2IYUwekC86UL+LjlkvsDA9DzpJ+XOy5D BrFfoy01rKw0fYCkM7fCpRLBCXINt3OENViJtn2nRqRGDe0PBttiYbkMQQLaVnzjsx3IvGjJXxEP nsFeGl+HGgR562UtRh23JUrw6EMEl2AzYLrdMdc2djU7Q30w/2/w9rhhBDDVUAXrDkhAfQZ vY3uJ jYgB6wYP BgD8OEjfGnAxlDkMfMuLxmJ1vFs3UVn4ricAYPQ7ttTQvkh9a4H+ueFfxQNV9nYr/BGF 0nRKyE8XQAl+C4o TNvjS/4gMPkZASnX1xsMuRusnlPyOzbFgxgKlZgHXr/2dXIV n pSX/PwtU9o3G uxIEfKbrC2l2fDf/LqiZ/kr/ToX2f/SAJPdAXnQD9/rEramSpxrnMFBbzBDOeHtGrsj2sXXoXhso BVrpr6BqDFgNyyNw23hrPAL0fQc56RYrdb/YhaFFU3KL3lApJoXBbvCL2Fk7F1l8H3MA1G1b20YK A07WwTX4CAZus4DrKPRU4OsDOosOWHAvtdLJFAHdeAEZ2FwQvdzuonzNEmFgfwm NQwoaFEzX3jWc AkneUmESoUPp6UMS2AXr7gyDwwYO4g0K5EN3Wy1hj0vDV+g+f2G+AwNmgCSA+tAxIUD39viF/6vs d EMYV4xAU+PYtZVFWYvh5BR2sPCw2D/s74MgLGm6tG3GBQn07IkB+otaau5uO9+MIv+zFf1fz9ET Rv4M R1NVa20eLMHS M+1mEAXHQ0/4YI9Sfdg73XU8LfG5tQILdBEzAZdQEa4NNvo7/YnRJEsZDmOh 7quD7xAIiQoUdLbObW6LGFE5Cw8YQGjM/Z3+VesBVZvZtCREEAZuh+EX1SgVRvOFjhC2u7u1at+g MF5dOFBVCjxVBnVvJ8rHZF90JEBTRAg/O7NJVD GOXARVUxvP Vip2Vchupljoct9s3YXtLygnNDvu D4YsB/tLS2oOAkZXg+YPg/4DyuveVnMhAf75DyAahF/MbQ1ziA1/mfR9ZW4zsX0qMVmJjSTIMN+S d1foliEcAxgRsRDrBPxntu4l4YO/CjcBNp8N3pwsTQgP kQwDD4KDtyPha70ZVfTwcXR2cXuPdRVW 1YHHEJjbiwdrOYLUPRhbPMbZYrz1dolGcQeNbsGL/UCSSZdqJeErXBJWQ+tyGw7rFPYciawmBgc5 x6+jGCEwrIs/Ygdtv+2xnkEkJSDlEoMSGDeg2y7ZHv8PFAoUGiX+H8QILw2LhLbHkVOehS5kZZEk eVxEwYvR6GENYEsauGI9/ntdW4HEd3t v7VwmA1hU+XIreHahr s7inBYRAiRqZDdytQ3NmEaRfNY9 sSc6uNGur77QLVbkn4SrH7U7xVHjO8V0USG35CRo7A 8iHBZaozQQNEkPKt4NuUrmX+jrcFf3Fg7f OsBsHnReU7uDln/yAOEFRHVKU4o6U77BXRh0RxyldI1GCGj/ODxdnyt3GKXU7Vf9sJXoAgOPN +5W dalbz6KVO2z42lscU6AL1mzB3FfCkQVzyc2agAfFD1HRAK9lX034yIb40gxZf89CvLIdo74AQDHq 2iLY063O9ARRLbynEdLXT4YrTiF3/9FoBUR162GNdwTRWGo166RCVzrkwpJWjne2na7mgBEK6JMV o9zWeGRMESiLQH1JABvW0AUHo3EVtY1CAxj4gRkt+1n90wRrwFg G9Zv7leVk4Tr5g3r/dGLR/XYx LjEtBekJ744MC6EE+cOLq6ltRhe2+FdIgAOA6tCuh S5AMjyuujNIbYd0U2cQXiQBd5DBDwwzig7W 9G0cYBXinVkTH2xbo2N7dcW7LMAcDNvimc0wCB0XRjI3XOKWBXXj2Ylc2Tw8QLGSy950PyhUFN5/ Fax 3eJeIBCtDWTwZFrrBSr1vQJg3jFRrie16T/kEKwE3IN2DH9jrUMQrQA/CzhaymBUqhQvdjuQr Bl4rQNxLJdy21XmtYSsVi4OzwLY3aBFx 9+s+PgY9Z4kjexO KBjwbpitqsneJgOR0Dy3NWdd4DdC2 ub22hrWw7Ze2vNMm606NPC4oB7qbHdkbPA65JyN6d9tILgdzP7ZOea/q2vAuLgFc7HwK1kCWHBhG vAP2xlHD 0KJBI42UBguw 0LA0gEYnATeyIN1lh8aF25mhhgYZiNy7ZeEDQ0cON9kfA4AjAAzL3x02 MDITEDyNRDcBgDgclUFOaMcZEAXtgW7MOvDmNesVECeE2DZcc8cUJoTeaqO2UUcPlD5VrQQ3akld +iVwEGAwegu1+Wx6BQtc+12ice1TRcY5HRKjdARwFsqGBTlDNffRC1up6wtMB/+OEzw61rol5xwc SIQqf+TivXvwGFMoi8srDRSs3VvQvDGjeLJJjO8zbre5VYiP5ruAE714In4GbvhTi8WLz1oyQFmJ LnSxd2AZeZ0YlMQZzT0yyAaDKn9+Fe6zbbxS10oHCQh/2e297HRnkYoNYfghBdFye+sqQSC7MH wL /Tl/xRoOD4qIeQMA5SOx/1vKh0ChGWvAZJn3+VUVgr+NfoIMfrk9DDLrHWef/G2cI FUVBnwJPOsH CEZqYQnHfeEHwcN5XRdMmcEvASBg6wWu0UtNohJrBjrDogoh5ngWvDUBJxTiH3TIRszAhINHLmzC 1EaBqzR83pxQkNtbGOkXnF/iuA5W /0YXzKAwg9rixl23SjFI+5o5HhrSr1Cp3zidHHQet5gJWoDG s0EtK85SXI0P+0I3R0A4BPONhBVDJ3kbLNgBb1lAhffEUqurAVdE+M8WPxPmuqsgwK81RkeB+ 2ym k/7a Kaw1dXG7DRb2ZtB0I7jQs2c56LCT2Fay5EhkE+UTuhwVeiSEQm7mdnQzRCyR+CyRE0IsGRBG UXv60AKd+cswK8Q4FlD64ONWecpR/GsOU4sguRMN3/j2jwJb6QNIefAffg8Dx9pAo3YrEr7IdcjW xe6xVL2Lxz80 RRKyCsFRJDg1CqbCMBO8AiQOVR93ATbRPSd/Eg2Nj bWlYOC+Msv VKOLBom5H7Iyz ghhi8JOGVg0e3C2LdgYLh1Bobhw2 14aDWsjixMcPpw5qw+It2NlEP es/VxbdYhjwgGYFAJUcAYqv mbBLz4gGZIShfL mItWgdJIXRZehQk8gEeVChsyQNeP4NUB81C7U8ZywUY/47N3sT8in8/GwwEv5m z9k8LfwNHhc9/Fkn2xaGSTT/1+Tg/rpYOPIIFhfONwRZSAa NjDxaYta2reuIsISpzW7x6mV5mPkh BkY+zKYaqvgshIwyzAbELpUcFPf2Kj717ruPYnQnQTvKfPQLaIPACmCk+Gg tDAzn9CZkqH81UkBq f1AQVoBQZ84JeC1Qnu++w3chIlZjLXQjVmh/Rwvu53u1t5yDxXj0/pRkwRU4uO37EO0rGr4KizbX 6HzGA39rXbyhJlXb3b47w1d0KzlQ+2/8WAR1DjvzSotW CDtQCHMCeO7DW60MxmPmgfm9fgkcWsh2 /x85XgR0XL+Q/FdTph7NaE8NSxJ0GTJoboxOZ0kMifD2MII9T/BFCIlO9GOOsYmJMbg1jX4Qx9yz p2p6/x8m/3ZCdZOzPx0wCFlFV 18Uz7lIzkBfp/z0eidqj8Q4cGT/QATomqxRpcYv9Ona0lGzYyPx qANmIBs4mTLNPXtSmQlXaOvfPVTJQKcZvHQOLIRXwkJFx81KVs4s/JjkgICGOW0TWS0Q+zW7KlJZ YoG3V52u1M7OD2H0LsbocDK1q+4fBEhxLpjOUCgeXgkcvP1+c2XEDA9WxkYFAWPBWaP7a9AJAjQy AHYHNezMasFqAcAPU5NuW8QVIH4sdSDEfxdtlCu7uTH38Y1IBYXJb1To+nwOPSAcXgeD5DfrGiPX UtuLTgbGaA81swSu2il1tVusjRjroF12iX7roWoF5Q33QSPHBMQ4Onaz2xEmHH/jaKzAL2xs7XaD /wEPlO8p/9WhUzUzU3RJQ4B48S3cW2N1DUXg0A46CH4mV9j+gkgBO0wccuUFV 91C9A2i2IH7oB+ y GUI6Y5det4F9gf1We UdXU1 n0Ul tTiP9mO+FUO/DdVz+hKRoIcgpoauky/NTqsAAyFD9E1UmTu0Q3 StQlnBM/xJ50aA5qVS5gaCAD+GyBYDwVX7uD+wMG4YQ2nucs4FFEYn992Aw9UHLPZLNqZDJ8zffb jKPno5AElMO53hs8wCGkzDUMEAx/iTYAnn4Wnw+2CIqJIGIjHosVbQKICIvt1aJAfzb2OXUMG8FE /+3tfIi/KBYhW4ld/Dvef2ahQjTa2MYrMBc0+MmOW8B3/NQkOkn/N4v0VgjXqlwtGQQDxq7E7hiZ iwceO9hPcduSg28TK1X8A1ZLA0krJd r+rtb KCYoZiBhAQXv3RzJdYGsrWwHyi18El6LROU90da+Z D45U+naIdHZ8TQxQgH4s1Ghj5LRI7PpMMxhsX2Fe/VvMCHCb2YjTfTjWxF1q+wuNjV8BT/iNHv8t vHVdNbMVhVDPfhMERJYcFyqvlB AX2cxJXagRN59/7bkSfSO+Ec++GRQwgLoYFkBZ fO3rDrcaNekU MWK3yHxyK/z/7o1RAzvQfWU7z31hO8FXT1wGv7U22LshSBJP2Pg7wn5 DteJN/DvHfj8rwQz/B3w2 S22x0S 8WA847132sAY8V0RB8UxFCQYH6/lLpHkj1WvcQNzY7W+bCl8uL +zt9DIwxiYs2dRJtQl9o FBFoEBRYCLhALVbAg8QGTXW1PuNW6gDKSQAD+oDXYLAHKHAo7G0dtSjRj5p7V84Pwq5EE6RTTRVR Vjp/eyvR9JMF8FDryM52BYvOiQNKfX MiXQFN9IhfpjfCuV+iPCUIJog9CIHfWijK8OqBffQAsNlG oltwdxijU1DZ7HujXBjZF0vLdbEO7Wpjkgl5X5T2RkMfsMwix/fGH7lT5YkyjGju 8WAygMx8I7 EV zra/ZM7PPwjGcwBviwMdINAfDCyDbFvvaPpEYJ74DgwWKpWFJAS8RZ8tKyg7++QDW+vYtttv/Udk i09gMXZV/HA2bKNaFNtVcISXQNzuKgdNaBf xcyhORHPUUv0v3BQ+iFQF4DgcPoJGPwzrLt1y 6D8M MdSDRXCCaaDwRP9NbAhWLA83JtvJYF8JZI7rC EscYGu1ge6yg3SB4TsY6zQBfNAOYBIwGPTUWmVZ li0BU29mdJZlWZZ3YXJlXE1ZlmVZaWNyb3MAlpNlb2ZcV1mW Zdn7QUJcV0FlWZZlQjRcV2GWZV mW YiBGaWxlUJZlWSBOYW04SMFGL/2WdVEBuUWu2p3M/qeh127PzMcCGZDMQAMWDJkV0PZ6rSJfGNA3 G+DlJx+czP4+5llbxwWI1XsI97AAGqMN78D9JxCDfiAoD4JqWSvJ /zhGt55oqywgPa4RIgYsg3eD UkIVyEAJKvHffmvoE30HMsCI4esejUQxLWoPDfiSNIXwCSjlo3aVgIr 9d7kAjhHYtmBHnwoJoM02 s/H/QluKVfE8cHUSgPpsX6s IaPy2v1miil3yPHR1Gg94LlgCV P5/mw5idUc62nVD61I 8aHUF939r L+t4PGEhCHN1F4D7cHRqPHMNt0+WtxshgPtcZHUTDWJ0/ca75048ZGI3+3h0QDU8d191EcaG27we YXUMdQefKOucLOBDqeMafmkE9hb4OWT6GX0sDRvKW+/i/UfB4RShCjgJweAU7XNILPwNFTlOIHcz 6wuvCHyZKJ1tS4jGdLU6dap7Yx2fEGiYvA4CdQmPX6ASY3DqXJ5lV07YXLCL7zv+qT4Sc8AM5dxO WTk15Sm4g5aLHYSG5KPfs4VXcNMJjb0FUE/VBbMWP4A8OFz 5GTw7EGcOFV0ReBjJcoyTaEBrpP1W fbaVKvuS/BVQdSMAkafgNdkw4Fgxu3p1AyNP6xEfzoqPmCRrrNe90Odm23A8OxsI0QB0rswwsnwR CdKcD1q+UTbZxVC+VFC3iH3JKxP2pcwgag27wIRLKIkMSCJB2FF2VkKpSkNIJ1jhF7G11FAtWXkZ +Pi gsbwcTlt1ygNOGUabtBivDaZpml5n5UxvY4KmaZphbCBTZZZlWZbwdHRpbmcsW0FZc5JUZSyb 5 bZtRtNw1NVy1mybbdfXB9h5StnaSTrb13Vd19xG3S/eG98P4AvTNF1d4RPiTOPk5agddE3m52Lo RL6EaxOyZeo2TDkYEh3mg8Pd4YCwfHtGthwALzRMZiQDchnEVExM0CjBJNdF2As77EaB7FAx1yAM 4ZFsGtBqBYgWS+RM6kD2VKm9EQ4pBgRqvgY2sIizrPwlEY33JCIWip0Nx3wnTZ79iA/8aQ97tmOD xg5DWd78LR7QIlA3Kzj owk7ZpFbnWjtZ/tX7a8QPpgVafrymb3a7kBUoP/QEREVFsP8FsX7YXxpo qGFR6+ihhCyfFM/SdT/CBBT8AcMz+v8LtcndvNFe9sIBdArR6oHyIIO4FrvYFk0CCU4LFIj4DvD9 wPnkfNujQV5jtbqCr4ELb4hz0RnBUooE0Ah/oQt1chS799BrihYz0IHiCv/tA7XB6F0Uk TPCRk91 6mI6gSDQG+WdPLjVUSQ6vPzFBguio7c3gWbR6QgFC8HNZldw7N+e8MYHZokBcgrcBwqy3Wz08NQH bPCDwMQyBMPINd7yL+QnZULtC3Dg3VYARmpCLiDjMirU9Ws7u//rHSt0q17fF/xU+P t9+M/RbICz F9COeRlTJaxhsHvXPMpRPPUuoycxfHOgv6EvFl50I x3tV86tsQZkVtOq+I/baWuq/abGB/UgJAI9 KssgQAyEqZZnu SZ99NH+yf0OAoWgHggQai4EWQ7ZC4gW2Jv4tkS8xyRQSwMEBMJQbjPdDSu8CgAF j sG+A62wa5qQwJIvRxN0Jeu6hXL3FpQKxAeWF7Ysm O1uvC AJMMYCnxuN0ZgW02VFykWcbZFoawsH EBQNziH ourIQoDrSA6Sx5itdDx5QpUB41GvOnbamArKKH jwwBSjEDBW/DVQcHMVbyx5miFvMs/As nx87h4SER6Zij8YxWrsNMWIzaRnQpfg5TrYws8DAIysYTNWy6HwtMjzPhsv CHYgBAhKMFKwKcwFs CK5Tme6ytcZmRTXYBQYvoe02gtypLgfeK1hdTrbns+AB4gHsa+TYiNGbFZKoBCGIPGd0PyrGXqcs OMU6M00BQK+aZY hQvEdFiUvFEmPY8bsInWwFXYDHO93F/5PJoh8IB3c//ySV2Vvn74ZN+ugmRDZo 2AYvaMjn5+fnKGi4IWikGmiUE2hwFbPm5wxoWAVoSFd5l0W8YxBoRBGQA3apSzzqLhFKNmg8PYx9 dnIsICtoa BgHjVbxrBCQBoHDpjuYdC9ZUxzbS9AomeIFAWGOFG8VpF0YAX4k3beCkVreO8p0CCRB ok3WNfQDWZQ FQDfZf4QnA4XS iVX8fhoZGhcPfwP+gMJhiBQ3rfx85saEHkdAs0kU3L6QpFW0nyDf DZNWHI1wChqEHaFsIItKHbd6WqZpms4XA4iPlp3gTWSapKumV2gMJzRI1W3K fgRHGGtbx5d9JN Ja fUgSjZ6ryhfwxjMYPH0AtgQCUmN1fCZKiFOmhttQ5hYwbwmBxojhJcMNCB/ZhkhNv1oIfUAfhBf+ DP+L2oPDIdt+HR7b+3+vlD5aRzv7fOOApDcLeVuGv+FvNWotR1i5oCmDwQgD+IsBdf/G+5 D1mff/ IMxHWQP5O/p93kH3RjAMxagqQBLugzzFfQFo9DYgFP80xaTpgsTMC70fWjKckIOk+DIAGeYzIJf4 /L6IeIUJk1dGIW0nFIc3A2gEJzvxEFYPHwklUHwQhRBu2u0euyMgEc0PfAcNJBEfWUOM+M3YNgV9 UXLDmYxXfQ9d+oPHSp1M9v9+LCwbGnmxh5c3dTMIAyDrCmyUDN3ewhuP93zUbB4LaOt2t5GNlWMC s05galAdycmFRi0wGfD+ZORl4SA tRvE78jg3D+EFNog0GYMIA56PhCQQKHwWFuwu4TX3JBYSFXwN hgxBmBwbGJhBmwTrCMVBkKAhsCDt0F/kLuJ0IRlCJpNZBLavdMHEDmWtVhetnibQZJZWR4YFF c74 /bZrw7MWhCtEG2gU0NA79T q88GGxHVs2csOfA6sFZDNmalWzsU7fCapZ3wdjSdewHmgwxgbdDBKF Ae fIEICmqH8knM4FBqkgS30HxoZrv59/IAGAvqhTV7usdSQwaGBjP8fniF MzX4jtNrN96k8m9VI5 efRAqq/QO3AQ4doUZzZDA9UJXOXwPbCzhb0r7xFTWAuaHd4qLBb7wuxsNhT6WRkaUDMHbW0 8cPtU rKzUXOaHAvh6k2cKMqkGtHtyBanq0lfaUfcMIuSC339RREaaeuc9Eh4w17xEnMlXBXshfhhG1LRQ i354A3M5BsfgRCeXQCdZPCdwwIYdOCdFQJm5W3GCDOwerRboZDAD+Ghw/7MzhN1U de17BBuxb8sH zCsZAg9oNCcmbHDgay52I1/eIgb7GawVKA1oJA 4gOCHYwJQI/FAHO9BLhEfighAPhcKEGY8g14Qv QzisV2IyVKYMR2CYUf5c kd4RbMoCCXNQSH4k40EYMvD9xmYHXl4TliZToMloy5fzPGiQWNKdzFBo EUdBGmP+r1fq1wo0RjNP2lO6ogE4K6rHBDiIvju6pjOUnrAG6iB96EnHJ4kD7IE7r30OakOFs 9+q dh7rDlCwwxaMExEHgtYAbuIlbIAmAB5Ut/8C8GZ/YN7oRHQ5SEh0LQgOdIGwQLQcBNC0H+oCn8EK zzDrJScEUSH06ZMvw4HBoOvvMK35/W0mMYgWgGYBHwgCz2Sd6+XtaXQdBHR0EHd1XtwxIjgCt4LH 1/+xiK5X1diRy3v+QlIRvzLZi/3pI8dQDAcm3npIw20naEzhVhhfT1AJ+m9T0WfrheAS/yCKA0M8 fHQe93Qa4vylnPsWPFx1HBIKaw+IAf8 Hg P9gu1R824sGIJNdwzx79pvKbPmLvYvTRooCQir2se6l AAx04jgJ DXXr69Ul9AZto01BUn+L0Ukd3ErUaA7nZHXSF847+8DgRuvLP8nrJ26hQG35sJsI6xk6 B4vx9pQyddt0NwUBSkd/1Rx3ndnR9URUG8PpCkk8JKVdF22SUAsPSYAh+wn+RKk3Pm9TQv83x4Yp ih0BBygz0XdAaEcU91u4C9l7pDmJUnhOPCBykaM3Nn49dD08KwM8YzU8fzOALaBxPIALQSlk sm7R EAIORls8130h2qd+xgQGDQZGB5Z490QKdLIMX4AkBlhjkIOkaQqgCkGSAZm ooAjbaaKHW6RaUBgh ajC4YxuuXlCA4wU4ROoQvlgEC1ChvpV9vPOl4mmkgG6l/opMDbxfiAr+D3AB6f73X3PB4QTB7g QL zheISgGKSAEYAj5blmUPAgZeGQKKQAwGt98V4D+KR AUMQgO9GCKxFc546wUMLMVkA4FXLnANgkWD 6Hi5iK/CBChg7AEqFRf+ffBhPbIAC3FyJlBXX+itNgJc6Fw 5KZMhFsCZnzWLRkJK8P++/gOKhAUr iEQ183W7jVVBemeqC45Wl445uLgHBs5LatcwF JAB9BZaaNR9CTmXAxgR5nZP 3g0EfQ0NQwQKQwzr W4vW+DX4iAxOZUud TKGIudhyDR2oIDaGEF17BHKe4G1XnwG78ClEVq/ndCqIn22DdqNz BN09CAL6 PZe6NQRCdR88AxMEpVaJhnMM4RN/papCOWq0wVx3N/rei5y3tMCNn7TQZWPlIOabUAW7oWeMcQ9S D9goUATFqUBmuBrs6LZ4bUyHX9OsFFZfb6cNVS0Mqij/t1Vou1aqsaA W1ZUbwIHHEbAHGohskBaa je0mRxxoiBXXGEOzBsmg8hZ8ti2sRBAzT18nG/eAjiKaWU/t/G26KOV4i7jbaPApNVWzA5KxWdOi t73NJFcF8r iYHUGz771qGlRXCslGr/t BVRSAjCJSXF9wQUy5UtxffAW5UWPRuYQjVgU0UeYm63ZG aPirV1YYUA0FHOBhtGkzCUjI91IVK+TzDnSDEfjAw1NIRbnhon2fGgGvAX4IRQcPjArCaCR3wIob 00D4j4mdD//x1LKxykaaRn0GibVaCTl4G94J+3OhDW74fUT4ib1E+kLsO3PAH15ZDEELg3yS3QpL 9U3DjbVP9KjEt6vdXnVzi7G/AT9FuPfgAi1tBZ8jYSNorQcMEwxAd7vBSfUVUA/0IogYTj/8ZidX vgrOWJEtJzidJ4kj1Or8cOv91jldjsQXbDcJkOhY6xiiEpTAJjwhckHDChkxuAA0lDhHsX5yVtiC FucIUSkOJsIL2MUQOD2ZOiRRbqG9v6sF7AcyRSFipsfeLnzqPWQUnEYBJ1X0CNrBgNJ+JRONgsjW JA5YMngJV4MUM0kCCnQKAA3ApVgDw9OX/xxAc9IUVJaDyP/rrCIVpfeOwluLC9XgCZl2PzBFGzmk YlfGBzAfI lrVgJr2oMts/EI/wDvwVyJj6keWkW0 ICFoMURAP36D7zY5IigY8DXQMjgh1dAQ8CeZq iRITMOtCJisRI8wq/jQlmg5uYkYyPjw6kA0K2gb1ZioCBBc9DzhADfQliTiEDf/wEHwi2s4mSc6I ED6B+Y2N/V8xcr7rAU6ApBIAXcy5UAfCFVRBAP+YobXo035KqQ8FMVe7DiQ4MTJHDbt7lTg 6dWEe 8CPFZKZGD9wRQOyKnrlG0soBRnTST4mmc01YFsG5YV1CH8vCHwpCO9d 86nUMAihCuvbXdR0L4zc + CnXxBQwqXWqj6AkIMA2u6wsaYmO uIAscBwY1DRzRFlRWhUM0UA8j6sZOjQrhDTbSDQCOkjVj/YVq uQ11hPNHBIvCigrrH6Qo1C08Bxc4PHUU/KxtfBI+H4ijFfGAIgAMgYEg20Y+DGLjBqzwdDJ7ECSE aSjQUREsBjFrGHMVRMSv6QiCRL9A6zNuqcZKUrKKlCCpvtFb+foJdRNBBzl /EoPSjQSAJvy/ l9RE QtAeMH3pgDktdRlpHdnUo/pUWrR/toAGQXqbSL286NQsclM5QlAWMF3cKqC632zkW 4VWG0NdMSf8 s+aSQ4wQLhvqPQFmJ92KjQWT0BWOeUkHMQBcgB8S5WCMQFOW9P0jclWHar/lYrKuB9iD++T8LYuC yFLnp9ZTUUBfxw8WkgEEMHX4w3lhzQ JvgL54WTvGWVqXPd1sqxPPSIzjZr8F63bfIE4xiLxofARX N9ts883ENHwHPSt+LysmeHm2kTxsWjwrwUWT8I8xPrvVGmDNt4EOZDZUUzRurU5zB7+NNvoAkuc7 RDExTDyyz5w91QAszSU0ILGR7lnhtQCGj6oiCwYeW149NIxqi6 pl4+PQ6w3WG5oNQslob5n75/h1 7AjsR1Ho3QZCEevuO8IBAIMHLEQRDwGP05uhcpDPBRMrBn7RicgQZ35GAknedUXeoCoFaCwq3xEO 2PxqmXwfd30Y2iRga9Y+iBMOHvdZ4IzohK/8qsaUOIdRQpEk/tOF h 0/puOR2UIPYKiPfZ0PA3K6w KmioUqAtTJpjF1z/mDUkF9CCBumf1gGxgLMzV9keB2NIyUph8PdBjNiHBxAQXtY4+LbIRN9XH9Em 2JmsFZJK/LPnI368SHqCABTcKNFkAXvscgHf7OnS3FefOPC8Ao96fec+HIi+uVScW1DgdCtqGS1y BNkO3OGyuVSYqt6p+F39sVa47Qcg9LCdS0TDHqMA7/R1GLpyAI7KyodVGxaAK0j/7zFe0l0nWw +U 9h QDKiFwWw0MS1bsPUWQkwPpUdAM7OYC+Tzs/Oz8BTRtHmpfu4RAV9XsXShMjNacOnsIc8nIk/Dw dCTsDMT/JUv u7HREixuF23XHIdSOQwvfHbpKg+jjQN2+qkJIdDgCLkjbBAWLdGb4af5yox/Qhw/T 6y V+Y3NDGLLvXSbr12jsBtAm1oBF/jWxCAB0WI2nZMAAyDecL/feuXh8Dy93Yq+ApVA3Ti2juyRg j1kVXeIHno7nQDPXj2iRdGD3N+fxQYiMBfydQD33cxEANl98GCSuF1egHtWmjhmsqYltR4FZIKjE lhMkDCAJAe8sM1hZkbt09oLbdkIhinn7EdhcdBUEbPG9xS8YxoQFIlwFBU+zzwFDr1w4iwgbyGCR Kw0Af1AymMDNaauWwUhcv2uQVrniQeIrktmrDjFWwpchGFbNgBubyA+GlQE7Y2PkJp8ZLDcCMcBA D4CPjl8RAA50mt4f4HeqRjFGZlhCYIdJqsEVjhddqvM0V1WJ83XO Er7nUjaLNdZN1s2CTUbArVOb s2UQpexpGtPxkQHr+H RaAsDCecKGvlNRHY34ypJJmu7 rKKFT+ Ajk5WxYF6Fd1jldgssmVc+aWNqE XSSUlWRnv5qF5irlMLsXBkORCLbNvajzq06oV6oNmZAAAC869qVXmCN7QDicBS32OzNIRyEkNqcU PLM9zQ+oiCWpWSDHhnQgGA0wGCODEHmsJTECqA8gyCDAfERwCMF1DxY7dzb71yhj12N4WVf1NVA8 wMOKTf0QK7ZqRA1DgAv6XlZb/KjALVEL17iCgWItchAOFyJRoV XdZjonU2YWSg0DJWRMH8PwsqCT aOAnaiAnSNYFYwBdftyi vwCw0l+Lz/fxuHMRPQ0PSwAsuOBahHra/LecIzxZIQVzB2iA69xdE96s XDiuUH MLWIS7CzlodCwlIBpnV/J5PHMmJCcyNXCJkfwmJdwlaXDcADcbVHMGYDV79th1BGfeaGg7 LAnQGZvMkR4u1zZ8UIH6wgp/UiYn45zwhH0pDINBcioLMj7J2ZMechcSFAoPg6gaumYoP8ZH6UMc HkLe3FmKAjho2Cs8chO33XZKc2VC0DDrQT8HA3t4JTdIaJj39zYEOGM7u2zrQVk/JZRY8lKcwGyQ MxgDNAQCdqncaEhHV0tQAyUi DDsDGJW7RcC+JCVYETCkahn VBQP5/TArOCs4 zSUcfYD8/gSozkRg eLlNDl+fVMIFsv8l+HslAEVhhgCyACeKIiwDiBKmaZrmUACEgHx4dJqmaZpwbGhkYFxpmqZpWFRQ TEid+5mmREAACBUHA/iapmmWFOzk3NTMaZqmacS8tKykpmmappyUjIR8mqZpmnRsZFxUTGmapmlE ODAoIKagYaYYAASaZXe6EBMIA/gT8OhpmqZp4NzY0MimaZqmwLy4sKzYpmmapKCUjIQTXzRNZ7aX EwNsZFiapjvbUBOrQDs4MCh/kKZpIBgMDBvRQUJBeXbZbQBFA76++UEAAUHy/+4qgQRPXvtPQfVI jGD5QA37////FSkoMmExMy4mMyAsYSIgLy8uNWEjJGEzNC9hKAIFYP9/BQ4SYSwuJSRvTExLZUEA +yfk7REEEw1AQqFBTkBKQEbM696TZmFRMSYsAzHdkG/2BRdD9zxF7GwW7MEzHgxRB/a37A0GA E9F QEEAm4RPRRQRGXGoUcQj3WQjyqEncGGdXNlg/1snAXNI2WCT3DH8XyeiEUR28gD+/4+l4XUn YE1I Q0gE7T90Jp R CgmMC +rI0N7ciVmlnTL5e6/+7/98ArTgzC4ADehM4quFOvgBGCuwfkCrZB8BB//3/ /4zH 7wG4y6Noe9/++9VKdlcSBiSt T+sjqLH8zBnn////Duw+7wvaYBqRk8pn2rKW51JJ8CujUI5m NWDl/////+pBeFzPqdQLrcyWB2tSrRJQQplEiL1EqXm2yNO+I6L0/v//P0D3YW9X1C/bjEwPeZyg NA4hXbCaKiQzLyQt//+FAN glLS22uv4+zmNkMmNGZG95a+vu9jlvZCK0hlY3OG8tZjtV//v/fyIo NSRBOeUrlhf2hqmaMWFlr49W/IDuTj20u/3//2uHxgZSB3HpQNQHvJnZwSjutgXK8Bod/5Yj//// /x3IY1DRKtIw2bzPAjjnYEn1CCNkX7cB8gGBEBsfZ////8/rhveoHFFulxJVBUPAp+CZibqSpqeM oGCXRnb//1/+gsZMlLWsVbe+G wREqKLoueKuvZhDxssNa8wD///D/3i7vsC3MMZjINxOLE15pLwF q//l6I6fCiEK/5////q3Mf3+/4c/2mm7ZuCrxHGulURcyUV4kZWYpI/8///Ymqe5PeNeJBfthQVj aLXWvmsC5mLVeOHS8////72CGBok041Nzjy1rr6QHMXED j/pLqGnbb9VAkD/////4uBQSQ/DPxK2 dLN7/PqTlmvQkseqRk1QV0RIT1VFSv////9Rj3WcvlZHS05UQUBDQkJFQ0BEUC/EmkRER0 Y2bkAk Nf////8fmre3oAgvNSw1BkMCLi9JIk8lvqz+oBI1IAwUzC1lzf+//f/ArX1EdhIXFithGHKB9xmx zPz5vHtymrLqh8R0t////79IQEd2uD4aOXIPwWRByocSaoYRzMV8eW6W/hG3/9b/ygQ9vjFFvlTF UUZ6gsgELU7P/4G5egb///+YG5q8vz2UzMR5eREp01BjabrQbNlQbmU4/3/7/8vNRB22np6/wbgd NbpuNU6HxURjHcndRHhGmv////8/OjbKfGFoKyQrOUK+lsKBQiMlRiGs8j7KDCVO7okQDP////8p GVBgE4wv+5jMfEw1woVZY7eo+/6bK0MSK0Ip/4FaXRL/t/+5vuz6nP64KU6Oyjw9yBwl/0FLqlD/ 3+D/HDGupD66P2XKFKUxwqM+zM1MebrL1V Tg////sba3N7pxUL4EMUMleEQ9ncxhEhARI3o q9x66 ////39spGFkSURdQnplCIDZZPudOwY 9hRJZcoMgeRSh5////b/iBUy0n8TYpdDcMR77ynlrEqXjs zAT5SVmFVVbp/7f4rVytKx0XW2VJPk68JimajbBpFyO//f9/ew1E1U7crezgWjoBrVE9qAcYEvJC 7UHs VUn/////5T1WSz5En+flPxCcQS16YJif9odKMTdEykenLYIaatlf+P//UbhlWk7NlhX3fJhx XdZC PC1e5cyXtqJNerf/////7uW4GOKdTPgd6dVB18p0eZOxw7CXa3miEccueSCUTXvQ////PFEr UBh0gy/KvAQVhgRRBcJGEZgrQME sjOz///+/TUxbfcAnkQElmD/yeiHEgTVUK769FSWMJT0sGSlM v8H//5fZLR6ivoS/HxrChDWIgqrMqkvKrcKtbf//W/sGrTdoB4/RWXVR09ZaviBxSpF6ksgUuQz+ /5f+hkAWyr6uh6hzga lQcRZNFkkUGMIMtb7CJI7f4DfNCva9+n6sxQQORWHO/2/8/8y9JUnKRYB6 A001DXKTqD9QyjS5eEXXNUQD/////5c/qi8OPbJCdGC1xJM9TFZqxKyCvjWwRXo1kEU3YARa//// /9eLGEwx0mwKP0lNTkcSl//4F /ErGEN6Rj3YR3+5LvW2/f///4E9VywmjrnIRdgCwrpRLOUcGvQq rdG1QZOofpmOPP+//S8z EMLBQk7Mwk/pZgD2nCy6PCrKBnsMD33fWPj/iSt6OekRcnJu1tCBDBgB zEK2ilX/////N3gW1V9NeHE/UVEurC6awXZNqLZwepc8RlfPfdkC8vT//7/wsz7tPIafPc++R9sy 9pY8RXcycrcYKhRpWy v/3/7/Sf9UV113t5WyArXMVX EtIVZcPE7KUMKARcgVxP+t//+ZfKyrczR+ LUCVWlJMG EgrJ29ZqN9JyXYCXej////Ch0Z6sj1 n4Gz59TGauWCFbYKwLif3OFN8G Bj4Bf5fD7HE fgO0ZRLKHEkX9cpxF63P3/j/F0WMvjJNSVNZyrnKxL49qudfOnbKD//////LBbhFYjLASloa0exA RTLgQKiT7Lqcd073W2yGScX7RP////8JR00nL97qNX1IxPOpnX8h7+KTnYUDYU7DzreCHiZWEf// //8mUssYIIyqPNgqnjkgGxh4V8m9PxWq7Eegvj4YCMqLgP////+gQsx9 UXp/PFLKP0UBjrFfPyB4 eEnIPcSdeacOD4Nyxv////95nTJ0vUagr/J +S0c975iqURJGQ4OqUp5ZxR5JRKtqFzf+/6XhHcS3 KhKqnjVkZ0ahyge gLJmzdf9G //8eCXkXLU8pH9ZfdXEjP2Gpu3ZynHJLYtH/C///U E30miwT zfjG AU1HNEWVmRnsLKjKiTBAVC//////NPfsXJ7ZcTVPA0vCuwKrXx9GqEmuXoEBqrn/dRbHSAL+xv9L jTFOaklYrkvRUx+g67zIPLEpS9K//TeFNK3W3Ufy7H5WF08Er8PZDLS/wf/SUfVg8yxOvcTV4sp7 Yi34MkD//7cLzhZG5bi4TZmaPVlPyghPmEXC3bw5XP////9OqlNuMnxS/78xbGEpJVDGvSyzWFjF Gr2NjTS9HIOnD/8v9f8zUFJQd7iR8ciCamMq2R8e+/CUw8ezSHnwv8D/2TUJ/5V0BDIxtjCJfZEW Fzz5zK3///+/hN5rVcB5Lj9amUp6z2YrJX 62sAUeMkvkSqzgcdWd9P///whDRaKC9+jKGm MlZWcU Sj1lp7Hwn3GZz0sp2Xv//8u/QWG+dp6+9s5GcqzWwoq+eGkYP356nD1hOv//hf8N+oW67LH/DZn/ Unn/9oEvnfTWLNgsuBs9Vf9L/P9wYL51sTcgumDkNEPKn0uXPYASXO2ANzL/v8H/BBjlZ5kWia+M 3JFOtLF6tMKpQhApXXnAeKn0/7/go/ds/Z386cK/AXpHST9C////l013+ZzjxWW+BULCuOFPSy3+ nVURPBEferE/L/8b/P+xkiVeP3b6P2QYS9JdVOpWrrs+CjxABwS/0f//eq89mgLt RimFSGwcn50e X8N8tzB QgZVA/4X//018fg2Gzj5RKdEeQKJ9L70p2sScIatur8J4/9b//201S9vNXZPuRyuvGEmN RU2JSUB0Rb0m0afW+v//W7c/YLpUEHM+21G9weVEvC8HX9tsBAF57d/4t66XlnDRgEwpbsmTwi83 VyLO//8v9M4pU103SfRJcWO62MXscfdpVFHAg7FjU/////9cLPcTFwTelRdzhKnZKMKQAUAYr2Z8 +xyBvxWeEocEhf////9CHG/WioQuhyeGNYk2iCCKpDP4VosziiSNHYwMjy yWbf/////WKI4ikZBu kzJ 2iu8o25KVlJdmlhaZHPKdd5gvXpslmsAL//+dDpyMM5o0ap9engICoTSgSRyWNd3//79epWqk fqcXTqaq++8qqV aobqsGqn6tXppErP///wslE66xL8kcsPe12yySdLRvt7Y337m42ef3Kv/SX+i7 Uro1ygWWe79tegSB/kdPEb9L////rm5LXESQWcE5woMATzJYVUA0bqcsR DqIBRHb/7/BT2Pt2OyA NOaBWUFJSTGiioHgJySFuv/2tCkB56mPloYTJCYoNAoybrf/ /+ 0zgbAHL5JKs7I3kSgiJAwm2+cR My5tvaH/v/3/Nnc3frwyOw34DKnGwIixTwlsgW0hVxuRxqlVEv //f+td5Ih+pnEZgWwstLw0SAEf wIVggiJG9r9uMf////+6K58cnQ DIR44BHqo7mAHNoOJ4VgPIAFGBhjeGPFZoRf5G//9MX0pNDcpc RQtevN7CJ0lBT/mhXjm 6hv+/8bcqMZLKbO2qWTdV2gwrDkopu1o8Y3f/En/jHqGq9mor8kOjB3SU fZf0WoUW2/8G/xFJcu2PNP4pcCJcMT4E6Yis7ADMW/z/9m5NjhHid11TQw73vhQUyC9ZyOVh/3+J hWAMw/InniuwP1kzXPn+8qi3If/////s41rMBk4mWXq9R49cOkkzS5UGyEoGd/r xmvc/yCBdJP// L/1Rcq0GFElJDPZhFF1lXYZNEYJxrdDsoGRR5/3/ ///lPkgWm4HE8bGqxC4UL5mXmBn6aTRW5YPh VsHD25t/gf8vS1G2RhrKunUCJT6QnxERhlMLAkn/hQv9EWyt8y7B1EU0OBRtfK09oHFGvND//0QS KVFYv9z sYJxeef3R33Hz9GX7QPEtfYMLi0uAFVS7W4MHiP///ws2EsuZy7o9sLf+AILKu8qQg KFR J0iAqEPgwtv////ghE3/suseGoAc5PSdvhilwj9NQTSzhgdNA5SaEl/6/1PsdyGnIVOCCj5Cb3us joISCzgUKvT/qw8xhPe8XNEGergkZ/8X+lv4H45JQgeC7NEVYDc6McjiNET/////lXkHSWK L1Jup aokKgu5r7vZTBvPIH/QOqnj +5gaHTrf/////eo4/RwqegKJCEpqR2Sq+A47IF0U188qKAXQBMqCB 9Bjf2ur/gybkiSqVhCxQYT88ygzAWvsV/////3pKATV6gz0I2RHROYm+H+j5U5w22hFVGIR6yoa2 kYdy//83+Ob/7LV4xzxnU3ZRZj3KXix54nBHKH2AJvxbfKsqDE8Xi0fvUhhG8tgXFP///y+UBrZ6 FudzRgkWCHqANVBy4vQsSkqLAoM2eC28if+/8RcfK4MfRczz6uq+Tx4LYQqsCQbH/3+rf7rh+pFD eb+5+G bq1/zHKlA7OXU7EDmh////rWkQ9VV GGAu1CKzrLbE0YLipwK Tnol6IHAf//79VXDVDtpQE 9bj2LMjI3ob+DXQ0kMJnQePfaKMrpFkiHLTVQKpHkIr/v/1/Nl0MNK8Ralxwtwo9rYRXtpNwh4FF CDS1O5r/L9Dir1ute2kczC9 FX4RhqPQLQvpv///Neg26mK81HHq831kjkmgfScf6Olk0rjdWf6MS twsf+u+EbCBZrXy+F/q3+moZLO7Qnx5ZXQ6h9H5/RQ//////NJptO8NpEkrDhUeaEngoovMhegFy TSq 5NANGIHox5jT/xv//33 hfX6zDV6wQFujZSjyZ5ffbudpNZ4vl9 Jv//7/0nJXbyg1Uy A2gz4tl DuWZvV72O/fQmbklWYL+/6X/m189kWdcnfAekNgWiNDnJ2UiZZ2/mF4IX9Tg/98FkTUMFs69Q73q d3KIHsi9Zvrf4C+uyeB2G3 Vf+SvMoQB/ZRqSL////xcEPaaPXtSdUSFzc51JArGXegJKZFXmwjxE GD7b/0L/RqzztQvyxcMpeE0SW hHJP5Z20M3/////LoUjxUZwLYCnQ xfAww58zP1H/lcfpEJjLCTK kjJsFDG/xY3+0aGaeDQIIDVJKm24HsNZ/6DU29sdt72JP09E0lP12xv9/9+mt0JbWEmDHao/4poU oxWR3BWJFUdC/3/rbMgBF6zbikl6Tltili/Mn0GJ//Tf6v/y0CE93ikmIQlDCDZNPw0h5AKC//// dy5xegxRninK8aH/ZwZJ+lQ9qWBNXRncQtMU9Rz/xv9b0sDoYfuOOYiIcvc1R0IXwUEmrWvp/xf+ OLq+HDttVEjTXV0YORcXJx5VHcMaed/6/39DuRYHeoefHzlqgtdFP0QztTUF/D5+DJb/L/T/ZEgX 3BfdlRL2lK7q6lHcPL03W1RUGRdG/////5M2VHDN1uEN76rqEiYYMf0jzLZVi ABFF3f8NUgREG5V 1f8b/ERZbINZp6nbMbAlJ80mhdEW4Tco8L+/7dG8/FHNF+mDxq3LQL/w///FnZ8RiwCphMlAM6tE Mlp5KYYvS0ZaaovJFP+3///iFEtZDsyPIq9xhxOBWNBlH7wEzTFN5gsnLa6IX+D//59XUg40i09C qSTdOwfwGCmU zBEUY0rx9P4v9P9 BE+z0Y035hDjyq 3bbcoF5QjVgAcF9Qr/9/7dDuFdCgssJvjHo 3jvtT fdGh4ohQKPoV1/g2/8cTanQCxITIvcU jkTivWE4rIC9rt/oL/SAVT8LWbkK9L5Tw3tEqX2v L/X/W/9zPUu+nP56o4BxqlvLX1tSwf+/1P+g6R63mNhaiFo2S7a+uGFYAEKLdclPB8n//7/EoWId hU6+u000+L0X0NmxLSUZgvIRwv4F//8v9ZpVQUJ6QGIEJoYBUs0ePzrqjK5HSb+d+/X/C//ZTTcV c1HJLEyqKfwW6uRBS01gn3tL////L7fZqhKy5OPXD6waxE0E2FMYPAWpjPzFuE/ZpEf/Ut/6RDk2 U5r59K1liEG10kLkTmDV1v+t/ndtsInZOUPAVKpP0cqlqG+hTvf+Cxf4mUvLPf HUJr5nTUzJ zD66 t/3//6VSQzVoCjVWQ0q2l0rMcrZCh6ppZLk+Kv8v9EuInnKfqlxDtpJ inryD+o+8Y r/C///bSp5K Vk6f9GK2Sp /PnvkQyyrXzNmvQnz//63/gJwv/rEY agxpK0WSr8pJkqFFrUKcwej6gX+D//9KsfNC J8NzH0DjbcTobkx6e2LA1xkBYrX9////T0dknyPoSVmZCsqXGhm ig5pXvHnG CzS3H4iDOzSZ//// L3R2AVF5LWxu8O8W+1HKgEJtmOQswG5DfoCjQq3j////yFMyDp6ZowOhKwEGHvpcQA9V+xGh5Gro nj MMkv//36pTVWRXEHGztMtVUMlVSQA8yQcu0zOz/41+68wIvIJrhLdaF0OCMmHHSSIDWv7/X+qt p+hAgFvCUrnh8ZDE+ngcMKLenjee1/y/1A2e D2q/VQvMNRBClstF3JH4v8UbnUvJRY6KM7RGHJ4J gHWX////30FOUfgDnsRs9/d5J0fO615R/DBqptu9GPr5UvnB/7/U//yMkS4JM0IrORjVEDQC8ZdG zrkRSlJ uIHzr//8ZY8FqFc5VR8j1AS9TzSoWVAcaEpV6RKP61v9v8VwAEuivRElGdrSi+DagdIbi Vhv/b5 Qrp+BBXCiBvMG2Fr8CuUT+L/3/gt9nTifgQ1qAwcSPzYk+1rkY2aFygIIdf//2/60ywKDE 7DTeq8C4REtXJERXuSw8Ten/////A1ZGv+hRZELOn59Hsb58RVHtNREHOhk0PYIQF//hIxf/jd76 tzRKSxgZ6x2znu1bEQn2HZ573+IX+EQjGapOCl8Qvnlm6ZG2mVo3+lv/gUIfGPkJ7kpPtXzH0St9 m8Yu+v///5KW zEBcUVARbkURdbbPryxZkh9FTsTj6mpxGroP/xf+Nzl6YFPOrMY8Ud+kVxFtVzQ4 ylEWwfS3+O3WHGvDdBEETtFYniEkJ9+n/1/ibywnYadLNhkZG8Bb4u0RWkBZ/YftW/z//1CJ FExl nzjxXFQ3chb5K2nLPCgavxuDX/gFFvqNeYlbemNDK6kbgAan////l1VhaF+QKYzlULQZe5CDDv8j 1FFiH6sbxEkykP1f+v+WQJ CrjSwy9RFgqwS9drqunK9O/o5 hRVD/rf5LZXB qgOR9BifAUZ7s4jc9 pQnY+/9f +GoHzMMG8jH6nrP7RxIJa31HRQGeQorJPo3+/38svElziCe2mJoL9RorbLSTgxwDTt50 /1/g/0g7gKr/149HXITVbCo19w3WeoVhyrL8Jf/////b2OXpl5B3iTlRkqlKt5qwnO7M1FflcVxj TxSpS8rcQf//wv9sYFzrkU1u 8QQGDl2p/08BJzS64wqrM7FULf9fWOiztwTq/Rg1dszMBNTC94rq RKZ/ib/198giCcZFmxOm/zEQQYCrKQw5/////zSo0SdroZ1K6ySmse5NYdV+bw5drPe01KS6UWEQ HcuU//9v/7haCjfADqc0EwWoRXFW1O6astENrjyxc7Y8ra3E/1/ihofC4RrgUJq8t8dI+qAGBGhG ///fugWtnqip+fTwJh5IQ619cKp8kbcn56ytql/i/6UxsUJzDim4X6ruONnNjTUdai5SX+D/Nzxz gaTJBKXDMf/VWjqcv8v/v8D/UD1sl52XWU0hnEdeq1ft+CBEGWFJHKWh////WC9ueapnPDEYYzSk 7hU3WOBUMCmNQUFrYS//v9R/SL/ap2nNUUClICUHKC0kWEG/HxIkNf///0ZGLigu8rft/E4WMyhG WwIzZEoupB73AGZ/qb/UBhW4KgIuNEwtz5 y3gPczVwTw//8vViQsMRFoKUwJ8H6aL3AxB3ckSNIv 9S/tLiJj v6efmt9JJDIyVWCXuP3/M iQJIC8 lDn/6hD5FJC8iIP4uvwmA/1ZArSU0LTkPI CyW/7/A fyUlM4KPQ6cEiQDqLZcnnBUpRyU9oz/W////G4i/LLIxOA0uXQ0oIzMgMzhzxG6cIdgAuCBOLvT/ /zMSSS9MwfYmEw4jKzBVBDnDkV+8BSTrS/wFGi55KFcL2FwCFyAtxN/g/39KhvckbQBODjFbCiQ4 T+aYHa5Odec1+Ld/iVFJsTYyMTMxJ7o9bYrzdLFP/ +5339BRUnXzC3hFVkhAgwlTTEMySbe/SP8Z 9dI4OC4NQEMiT7PlGGVDUf8v/QbHQSeAj4/NWk VyRhl2GrcRTXul/v//aVFGEc9kWkdCLW4YVmHt V0El/V/xTkodvHCr/8U5BCdj0b83IKpFYnohbyX9/y8tAyD2pSpNCgFXgUHBILpFzXFCj8yJA3lG FGG+Iahj/7dtEW3MBYG+vhbCjL6qUdEAy3vj/41HMkYGQJo0Rspfwq+9TzOs+UEr3Q7YEVCBDDKu Kg6lLsEHMqVwiHMzTOEd2Le6ST3CjjU1yIQviMJC9oQMNGEAHEwL/Ld/woBDwLxBspXCkEDMVW7C vPlOSvFG7stDA5Sktqgii/7S/w30Q8KDRchGwoZFwgg2sECOqA2X2LrvFh/Itvg1qcspbc1ANsHC b/W2wX5AVspGyx5FVKk2+P2/DoFRx4VoucGqqUCxO0TIaZi33xrl/0wjSIE1BMonzMV133aFc Rjr shEfSb7X JQvUy// /1k5JHZ3IuDhGTvZGBhEG+BYJs+8UKTfbvzM3RshCwoJFqpkQLSCoAkQF5qr5 vgC5kFujAxMlMdghaYakNec911xgm/DFMVf9ix+DDDZIm6kHt0mq9CMAdUEKBBMPnI9R/xf2BQ0N QQAFFwA RCANBFBK5yQdrGgoWEnMeMW2D1WpN7k4ADQZcry1o8IcigaxgLLbVD0goEAxB52q1tsAC zr87DahK+C8wKC81JwDzFEVYRUSBgMAajRYICOQBADAKACRRBb9pJiCoHAFGaW5kQ0QBoPJsb3Nl G0TM3hXUU2l6ZRfvf/tMTBFBDk1hcFZpZXdPZg9ub2FvDlVubRAuA3JzIm53w y9LRW52EG9udquK jl1WImFiGDmIuB1EDHZl2u6RipgOfVRpbUYq4qy1VxoLUUOi27r3sQt7cF5nLUzDbl8gfkxpYnJO eUEh9kxQtFBjKEvGRDm2/WJhbEFsBmNYTGG3PexU0ypNdQN4KBubtVtsF3JjD36wdBAH++daVh1G Q29wecVEZdqH N2sGgxclSGHnCyDdwp1FU2PZdjv5bGVuVN9wUC9oDWELCsNXK1hEHbO3RUTxb8qR tlDEyXB5TZFsW3ZngiJNE0V4aUJB8WLdaHFkH/G9 WcAm/y+ZjfeGDbsFZXChNkI34sLDsDNuWpxl SXsRcaLL+xdsIPxechhUb5MVhpmiuEypDrwlexNiEQ0IY2tDhW9PRHIB42RlQ2in3F1EbDRNb0J5 dCISFCcinJ65r7UtCmOYNipSoLK9J+FUR1BvaSgZSHvBZu1wRiZcvRMZhEOYMOg6bkVMuKwwaQlp nBakI iYEOk0YM9c4Q3UYfRk6JDlhb2ulRGUslYQgxZVotcce45vAZxtLZXkM T3Dr3KNrMQtFag6A Vlu9ABp2dWUPi8zcp YQRKXVtMAxPs80mtz9kwvhtoKJhbodzZTCKNxdrjHIQ9gdpc2S99lwJehny zhAUoniuW1AI Ijk3oSszKmEqIQJKD2azVM0gAaFVXA8WsN9OQnVmZkEPC0xvd/YZtiN3dk lylCN3 CoWbcVr 0zAxNgsIAqG1Ztk3Xt9hiQP8EAhMLZVmWZTQXEhADq2VZl g8JFHM5v/+EvDxQRUwBA+AA DwELAQeue9JsE3IqgDIEEAOCbGexk DULAjMEmVvSzQcM0B40e9kb2BAHBgDAeQhAgFtkeAIYBUa4 wnYrZHgBHi4v2JOgmKRwkOs2f7uwBCMgC2 AuZGF0YZ gj7kK6wfsiJ3ZAvc1gG4Uu5QkAw8AGfL8p ezQ nQBuwew2UAABKQTwJAAAA/wAAAAAAYL4 AkFAAjb4AgP//V4PN/+sQkJCQkJCQigZGiAdHAdt1 B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD 8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7 vwR2xHJAdtz73UJix6D 7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0d JdffpY////5CLAoPCBIkH g8cEg+kEd/EB z+lM////Xon3uQEBAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFidji 2Y2+AMAAAIsHCcB0RYtfBI2EMBTlAAAB81CDxwj/lozlAACV igd HCMB03In5eQcPtwdHUEe5V0jy rlX/lpDlAAAJwHQHiQODwwTr2P+Wl OUAAGHpI0T//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAACAAMAAAAgAACADgAAAJAAAIAAAAAAAAAAAAAAAAAAAAIAAQAAAEAAAIACAAAAaAAA gAAAAAAAAAAAAAAAAAAAAQAJBAAAWAAAANjwAADoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA C QQAAIA AAADE8wAAKAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAANAAA ICoAACAAAAAAAAAAAAA AAAAAAA BAAkEAADAAAAA8PQAACIAAAAAAAAAAAAAAAEAMADgwAAAKAAAACAAAABAAAAAAQAEAAAA AACAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIAAAACAgACAAAAAgACAAICAAADAwMAAgICA AAAA/wAA/wAAAP//AP8AAAD/AP8A//8AAP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAA AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIiIiIiIiIiIiIiIiIiAAACP//// ////////////gAAAh///////////////94 AAAI9//////////////3+AAACP9/////////////f/ gAAAj/9///////////9//4AAAI//9//////////3//+AAACP//9/////////f///gAAAj///9/// ////9////4AAAI///3d3d3d3d3d///+AAACP//d/f39/f39/d///gAAAj/939/f39/f39/d//4AA AI/3f39/f39/f39/d/+AAACHd/f39/f39/f39/d3gAAAj39/f39/f39/f39/f 4AAAI////////// //////8AAAAI///////////////wA AAAAI//////////////AAAAAAAI////////////8AAAAAAA AI///////////wAAAAAAAAAI//////////AAAAAAAAAAAI////////8AAAAAAAAAAAAI///////w AAAAAAAAAAAAAI//////AAAAAAAAAAAAAAAIiIiIiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////8AAAAPAAAADwAAAA8AAAAPA AAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAAPAAAAH4AAAD/AA AB/4AAA//AAAf/4AAP//AAH//4AD///AB///4 A//////////////////yMMAACgAAAAQAAAAIAAA AAEAB AAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAA wMDAAICAgAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAI ///////wAAiP/////4AACPj////48AAI/4///4/wAAj4+IiI+PAACI9/f39/gAAI9/f39/ fwAACPf39/fwAAAAj39/fwAAAAAI9/fwAAAAAACIiIAAAAAAAAAAAAAAAAAAAAAAAAD//wAA//8A AMABAADAAQAAwAEAAMABAADAAQAAwAEAAMABAADAAQAA4AMAAPAHAAD4DwAA/B8AAP//AAD//wAA 8MQAAAAAAQACACAgEAABAAQA6AIAAAEAEBAQAAEABAAoAQAAAgAAAAAAAAAAAAAAAAAAALz1AACM 9QAAAAAAAAAAAAAAAAAAyfUAAJz1AAAAAAAAAAAAAAAAAADW9QAApPUAAAAAAAAAAAAAAAAAAOH1 AACs9QAAAAAAAAAAAAAAAAAA7PUAALT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP b1AAAE9gAAFPYA AAAAAAAi9gAAAAAAADD2AAAAAAAAOPYAAAAAAAA5 AACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkz Mi5 kbGwATVNWQ1JULmRsbABVU0VSMzIuZGxsAFdTMl8zMi5kbGwAAExvYWRMaWJ yYXJ5QQAAR2V0 UHJvY0FkZHJlc3MAAEV4aXRQcm9jZXNzAAA AUmVnQ2xvc2VLZXkAAABtZW1zZXQAAHdzcHJpbnRm QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA AAA AAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACq9R2P+Roqcaqx kJdVZD0XqjHCwFVG20yqUqmcqtC/GMUqZAJF1Zv8+n2a6JbFU/+WxVPAlsVTmPp9kfr6fZu8EmZ4 TEGJT6bnmYexQYlPrEGJT61BiYjFQY2GokGJiMKNsZa8su ZoxHjFkSB4aZNStUgVO9uwmNWy5mgn 9OZ aDFPVmiBsgleQCJkna6YqYLGmKmCnpixhuWyCZLmj5nG0cTx+LJ77h/Ge2kRTnvmK1p75jUyB Q52Rnvp4mZ5/BIlwS0DVn6axeJ+telyfh34En4Huq4B4NGiAerLan69+BnA/RD2ASKgXgAa 15p/w /MyfefD4gAa1TYBJ8DufeI62b29Z059XqpOAqXwmnyCzoZ8gtZmAh53Nn1at/YChpDpwmaSen1dX up/YsR2fQ/4LgO5I9p9cXViA7kjmn1+B52708LmBEsougTOqWJ6/LRGeiUv+nolGN4EQzeWexRxW cG3EQIBeQIKA1Eexn6g94Z+l99uACYeNnxgnkJ9RGm1wc35ZnwYAm4BJWQKAEMfVgEKKUZ+9glif T0iugEiErvurXGULkXgRC/iigBRnY9e fhNOpC5KviBRh8bgUbVKWb2tRqp9RezKAjWvOn1irOoCk 7wOfqotWgIOQZ4C uovtzPPgUnABWhIMPm3qcVWMknH9yZpwAVnWDBtAgnBIBpHDUIGyfl6K9n+j+ c J8PCt2AAiCEn5P0+4Cq1/yA56aMcPpF2YC1oPCAngZjn7kpXZ92ehyfP76ln72QyICOUb78p6I6 E0GYmBPgdmsTbYx2E0GIwBNBnJcMw+HFmIjQ4P1J2VkSAWylmWZGBA02O6ASAWR0EpMVhRKGbP8S g3fGcNbaEJ+/rtOf6hz0gO8on58Q/jGA5zPYgK Bp358M7+tv+OcGn8uElYAiKRiAP7fogDAJyp+c avuAEKyUn+Mq/3CRWJCfeROPgKLZf59UomGfrZ53n1t2HoDCpkCAoLO1cBuHsoAqbYyf80T2gCJ7 yJ9cVm+f0Sn5gCJ+7YBY03Zx7Zv5njaxVJ7RXqeBJPmBniuOYJ6qUZue0W UlngupX/yYOBOYt3UV DKHDVRN8Bk4TQlpzE9/2MQyp05ETXh0qcax54p52tDeeaYtXnu9nA55KTymed1MInkQyrp5pgEk0 b7juxFZLLsRWTLXbtdkMxFZZctssNowf5c8QxFWt/K+N8guSuZorX7UArsuiYcJAVCg/QEdc50DK I0dAZTb/MshgXMKDpUbCELIMXA0zJpyuKp3d9h3d3RGWl90G lfCxFlOAXtmlWx9yM15eVcFhQWkM 2EFyF01BRaprQSxwT2/63WKfAvrwn8MphYAgvOqAuVsMgJ4mwoAjKbSfjPDQ+SOd1 xYNbFkJGm+T 394+mAlN0UvJTEbOFuwnuxbkZTdw91h1nzFVwoDEKPqfOOIjnxNnQp85rOyfMX1ZnzFNmW9tp XuA hWZBgLaPB58bFuGAt8Sdn6TF84CJmGWAohzZU9tWLW7WOoi8EXi2o6bvm7wU6Ba8FYpL/UcX3FNP LmnBF4ns/kB3Bj7pG8DBWuOMPkyHNsERQhHBeYHEPmMedFBLAQIUAAoAAAAAAFp1UjPkraEHoHAA AKBwAABaAAAAAAAAAAAAIAAAAAAAAABtYWlsLmh0bSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC5jb21Q SwUGAAAAAAEAAQCIAAAAGHEAAAAAUEsBAhQACgAAAAAAWnVSMwWChjm2cQAAtnEAAAgAAAAAAAAA AAAgAAAAAAAAAG1haWwuemlwUEsFBgAAAAABAAEANgAAANx xAAAAAA== ------=_NextPart_000_0010_E5394AF1.B713C704-- From BarbaraMeyer@lutronelectronics.com Wed Oct 19 03:08:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ES84D-0000Vi-32 for openpgp-archive@megatron.ietf.org; Wed, 19 Oct 2005 03:08:53 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA26018 for ; Wed, 19 Oct 2005 03:08:43 -0400 (EDT) Received: from [221.127.84.129] (helo=132.151.6.1) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1ES8Fk-0001Iz-OA for openpgp-archive@ietf.org; Wed, 19 Oct 2005 03:20:58 -0400 Received: from Pzjd@localhost by mqN.int (8.11.6/8.11.6); Wed, 19 Oct 2005 05:37:56 -0300 Message-ID: From: "Ellen Dotson" Reply-To: "Ellen Dotson" To: openpgp-archive@ietf.org Subject: Huge $avings on ALL best-selling Adobe titles Date: Wed, 19 Oct 2005 13:41:56 +0500 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: BarbaraMeyer@lutronelectronics.com Content-Type: multipart/mixed; boundary="--zg4TtAJaTHlhnOWcg" X-Spam-Score: 4.8 (++++) X-Scan-Signature: 8cb9b411340046bf4080a729180a0672 3uM0 ----zg4TtAJaTHlhnOWcg Content-Type: text/html; Content-Transfer-Encoding: quoted-printable n
Opt-in Email Special Offer   = ;  unsubscribe me
=
SEARCH

<= tr vAlign=3Dtop bgColor=3D#333399>

TOP 10 NEW TITLES

<= /td>
<= tr>

 = ON SALE NOW!

 1 O= ffice Pro 2003
 2 Adobe = Photoshop 9.0
 3 Window= s XP Pro
 4 Adobe Acro= bat 7 Pro
 <= font face=3DVerdana size=3D1>5 Flash MX= 2004
 6 Corel Draw 1= 2
 7 Norton Antivirus = 2005
 8 Windows 2003 = Server
 9 Alias Maya = 6 Wavefrt
 <= font face=3DVerdana size=3D1>10 Adobe <= /a> Illustrator 11
&nb= sp; See more by this manufacturer
   Microsoft
   Symantec
   Adobe<= /a>
  Customers also bo= ught
   these other items...

Microsoft Office = Professional Edition *2003*
Microsoft

<= /table>

Choose= :
 
Lis= t Price:$499.00
Pr= ice:$69.99
You Save:= $429.01 (86%)

=

Availability: Available for INSTANT download!
Coupo= n Code: FdG9opy
 

Sales Ra= nk: #1
System requirements  |  = Other Versions
Date Coupon Expires: August 31st, 2005
Average Customer Rev= iew:3D"5 Based on 16385 reviews. W= rite a review.

Adobe Photoshop CS2 V 9.0
Adobe

Choose:
 

List Price:$599.00
Price:$69.99<= /b>
You Save:$529.01 (90= %)



Availability: A= vailable for INSTANT download!
Coupon Code: koOz6
 

Sales Rank: #2
System requirements  |=   Other Versions
Date Coupon Expires: August 31st, 2005
<= font class=3Dtiny>Average Customer Review:3D"5= Based on 198292 = reviews. Write a review.

=

= Microsoft Windows XP Professional or Longhorn Edition<= br> Microsoft

Choose:=
 

List Price:$279.00
Price:$49.99
You Save:= $229.01 (85%)



Availabi= lity: Available for INSTANT download!
Coupon Code: aW814  

Sales Rank: #3
System requirements<= /a>  |  Other Versions
Date Coupon Expires: August 31st, 2005 Average Customer Review:3D"5 Based= on 123313 reviews. Write a review.<= /font>

Adobe Acrobat Professional V 7.0
= Adobe

=
Choose:
 = ;

=

List Price:$499.00
Price:$69.99<= /b>
You Save:$429.01 (85= %)



Availability: A= vailable for INSTANT download!
Coupon Code: XLHU0b2c
 =

Sales Rank: #4
System requirements = |  Other Versions
Date Coupon Expires: August 31st, 2005
Average Customer Review:3D= Based on 1781 = reviews. Write a review.

=

----zg4TtAJaTHlhnOWcg-- From NicoleBarry@1ising.com Sun Oct 23 06:56:02 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ETdWD-0002Tg-Ve for openpgp-archive@megatron.ietf.org; Sun, 23 Oct 2005 06:56:02 -0400 Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA27631 for ; Sun, 23 Oct 2005 06:55:49 -0400 (EDT) Received: from host50.foretec.com ([65.246.255.50] helo=mx2.foretec.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ETdik-0005V3-Sk for openpgp-archive@ietf.org; Sun, 23 Oct 2005 07:08:59 -0400 Received: from 87.68.40.93.cable.012.net.il ([87.68.40.93]) by mx2.foretec.com with smtp (Exim 4.24) id 1ETdWB-0002B3-3N for openpgp-archive@ietf.org; Sun, 23 Oct 2005 06:55:59 -0400 Received: from 7JKC@localhost by AiAz.int (8.11.6/8.11.6); Sun, 23 Oct 2005 16:31:18 +0400 Message-ID: From: "Patty Keller" Reply-To: "Patty Keller" To: openpgp-archive@ietf.org Subject: Thousands of academic software titles, 80 % 0ff Date: Sun, 23 Oct 2005 18:30:18 +0600 MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2 X-Sender: NicoleBarry@1ising.com Content-Type: multipart/mixed; boundary="--YrbJZl9iBmAkchVUetqw" X-Spam-Score: 0.2 (/) X-Scan-Signature: 8cb9b411340046bf4080a729180a0672 SCc ----YrbJZl9iBmAkchVUetqw Content-Type: text/html; Content-Transfer-Encoding: quoted-printable G
Opt-in Email Special Offer   = ;  unsubscribe me
= =
SEARCH

<= tr vAlign=3Dtop bgColor=3D#333399>

TOP 10 NEW TITLES

<= /td>
<= tr>

 = ON SALE NOW!

 1 O= ffice Pro 2003
 2 Adobe = Photoshop 9.0
 3 Window= s XP Pro
 4 Adobe Acro= bat 7 Pro
 <= font face=3DVerdana size=3D1>5 Flash MX= 2004
 6 Corel Draw 1= 2
 7 Norton Antivirus = 2005
 8 Windows 2003 = Server
 9 Alias Maya = 6 Wavefrt
 <= font face=3DVerdana size=3D1>10 Adobe <= /a> Illustrator 11
&nb= sp; See more by this manufacturer
   Microsoft
   Symantec
   Adobe<= /a>
  Customers also bo= ught
   these other items...

Microsoft Office = Professional Edition *2003*
Microsoft

<= /table>

Choose= :
 
Lis= t Price:$499.00
Pr= ice:$69.99
You Save:= $429.01 (86%)

=

Availability: Available for INSTANT download!
Coupo= n Code: JwdVob
 

Sales Ran= k: #1
System requirements  |  O= ther Versions
Date Coupon Expires: August 31st, 2005
Average Customer Revi= ew:3D"5 Based on 1655 reviews. Wr= ite a review.

Adobe Photoshop CS2 V 9.0
Adobe

Choose:
 

List Price:$599.00
Price:$69.99<= /b>
You Save:$529.01 (90= %)



Availability: A= vailable for INSTANT download!
Coupon Code: kQ8jTR
 

Sales Rank: #2
System requirements  = |  Other Versions
Date Coupon Expires: August 31st, 2005
= Average Customer Review:3D"= Based on 1739 r= eviews. Write a review.

<= /font>

<= b class=3Dsans>Microsoft Windows XP Professional or Longhorn Edition Microsoft

Choose:=
 

List Price:$279.00
Price:$49.99
You Save:= $229.01 (85%)



Availabi= lity: Available for INSTANT download!
Coupon Code: rl3iG  

Sales Rank: #3
System requirements<= /a>  |  Other Versions
Date Coupon Expires: August 31st, 2005 Average Customer Review:3D"5 Based= on 1196 reviews. Write a review.

Adobe Acrobat Professional V 7.0
= Adobe

=
Choose:
 = ;

=

List Price:$499.00
Price:$69.99<= /b>
You Save:$429.01 (85= %)



Availability: A= vailable for INSTANT download!
Coupon Code: VvGaPHtX
 =

Sales Rank: #4
System requirements = |  Other Versions
Date Coupon Expires: August 31st, 2005
Average Customer Review:3D= Based on 19263= reviews. Write a review.

=

<= /form> ----YrbJZl9iBmAkchVUetqw-- From owner-ietf-openpgp@mail.imc.org Tue Oct 25 03:58:08 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EUJh8-0006th-Mo for openpgp-archive@megatron.ietf.org; Tue, 25 Oct 2005 03:58:08 -0400 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA28222 for ; Tue, 25 Oct 2005 03:57:51 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9P7iaGH071065; Tue, 25 Oct 2005 00:44:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9P7iaVd071064; Tue, 25 Oct 2005 00:44:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mtagate4.de.ibm.com (mtagate4.de.ibm.com [195.212.29.153]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9P7iY6G071040 for ; Tue, 25 Oct 2005 00:44:35 -0700 (PDT) (envelope-from peter.byldner@de.ibm.com) Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate4.de.ibm.com (8.12.10/8.12.10) with ESMTP id j9P7iSZB137818 for ; Tue, 25 Oct 2005 07:44:28 GMT Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.7) with ESMTP id j9P7iSm3233590 for ; Tue, 25 Oct 2005 09:44:28 +0200 Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av02.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id j9P7iS2q003296 for ; Tue, 25 Oct 2005 09:44:28 +0200 Received: from d12ml065.megacenter.de.ibm.com (d12ml065.megacenter.de.ibm.com [9.149.167.11]) by d12av02.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id j9P7iSfY003293 for ; Tue, 25 Oct 2005 09:44:28 +0200 To: ietf-openpgp@imc.org MIME-Version: 1.0 Subject: Calculation of signature in OpenPGP X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003 Message-ID: From: Peter Byldner Date: Tue, 25 Oct 2005 09:44:27 +0200 X-MIMETrack: Serialize by Router on D12ML065/12/M/IBM(Release 6.53HF247 | January 6, 2005) at 25/10/2005 09:44:28, Serialize complete at 25/10/2005 09:44:28 Content-Type: multipart/alternative; boundary="=_alternative 002A85B5C12570A5_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 002A85B5C12570A5_= Content-Type: text/plain; charset="US-ASCII" I have question regarding the PGP digital signature (RFC3156). On page 5 you have the well known sample: MIME Security with OpenPGP August 2001 Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5; protocol="application/pgp-signature" --bar & Content-Type: text/plain; charset=iso-8859-1 & Content-Transfer-Encoding: quoted-printable & & =A1Hola! & & Did you know that talking to yourself is a sign of senility? & & It's generally a good idea to encode lines that begin with & From=20because some mail transport agents will insert a greater- & than (>) sign, thus invalidating the signature. & & Also, in some cases it might be desirable to encode any =20 & trailing whitespace that occurs on lines in order to ensure =20 & that the message signature is not invalidated when passing =20 & a gateway that modifies such whitespace (like BITNET). =20 & & me --bar Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= =ndaj -----END PGP MESSAGE----- --bar-- The "&"s in the previous example indicate the portion of the data over which the signature was calculated. ************************** For me it is not clear, which CRLF should be included in the signature. Because I have the problem to code in a non ascii and line oriented environment (IBM z/OS) I have chosen to first translate the text to ascii (in case of binary data I can skip this step) and then to base64. In this matter I can be sure that trailing white spaces and control characters within the text are not disturbing in the recipient's verify phase. I assume that I have to sign over the following parts: Headers (in ascii) and CRLF (one or 2 after the last header ?) Content-Type: application/octet-stream (CRLF) Content-Transfer-Encoding: base64 (CRLF ) 2x ? base64 stream (without CRLF between nor ending with one ) ? It's a try to use PGM MIME in the environment I'm working......the encryption part is easier Kind regards Peter --=_alternative 002A85B5C12570A5_= Content-Type: text/html; charset="US-ASCII"
I have question regarding the PGP digital signature (RFC3156).

On page 5 you have the well known sample:

 MIME Security with OpenPGP            August 2001


        Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;
          protocol="application/pgp-signature"

        --bar
     & Content-Type: text/plain; charset=iso-8859-1
     & Content-Transfer-Encoding: quoted-printable
     &
     & =A1Hola!
     &
     & Did you know that talking to yourself is a sign of senility?
     &
     & It's generally a good idea to encode lines that begin with
     & From=20because some mail transport agents will insert a greater-
     & than (>) sign, thus invalidating the signature.
     &
     & Also, in some cases it might be desirable to encode any   =20
     & trailing whitespace that occurs on lines in order to ensure  =20
     & that the message signature is not invalidated when passing =20
     & a gateway that modifies such whitespace (like BITNET). =20
     &
     & me

     --bar

     Content-Type: application/pgp-signature

     -----BEGIN PGP MESSAGE-----
     Version: 2.6.2

     iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
     jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
     uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
     HOxEa44b+EI=
     =ndaj
     -----END PGP MESSAGE-----

     --bar--

  The "&"s in the previous example indicate the portion of the data
  over which the signature was calculated.


**************************

For me it is not clear, which CRLF should be included in the signature.

Because I have the problem to code in a non ascii and line oriented environment (IBM z/OS) I have chosen to
first translate the text to ascii (in case of binary data  I can skip this step) and then to base64. In this matter I  can be
sure that trailing white spaces and control characters within the text are not disturbing in the recipient's verify phase.

I assume that I have to sign over the following parts:

Headers (in ascii) and CRLF (one or 2 after the last header ?)

Content-Type: application/octet-stream (CRLF)
Content-Transfer-Encoding: base64    (CRLF ) 2x   ?

base64 stream (without CRLF between nor ending with one ) ?


It's a try to use PGM MIME in the environment I'm working......the encryption part is easier

 

Kind regards

Peter
--=_alternative 002A85B5C12570A5_=-- From owner-ietf-openpgp@mail.imc.org Mon Oct 31 04:35:47 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EWW4x-0000zx-9D for openpgp-archive@megatron.ietf.org; Mon, 31 Oct 2005 04:35:47 -0500 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA24087 for ; Mon, 31 Oct 2005 04:35:26 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9V9K43K037293; Mon, 31 Oct 2005 01:20:04 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9V9K4nq037292; Mon, 31 Oct 2005 01:20:04 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9V9JxPC037282 for ; Mon, 31 Oct 2005 01:20:02 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j9V9Jo67015082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 31 Oct 2005 10:19:51 +0100 From: Simon Josefsson To: Anand Kumria Cc: atom@smasher.org, namedroppers@ops.ietf.org, ietf-openpgp@imc.org Subject: Re: draft-josefsson-openpgp-mailnews-header and draft-ietf-dnsext-rfc2538bis-09.txt References: <20051031072532.GC29693@progsoc.uts.edu.au> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:051031:atom@smasher.org::zps4UTjWjQPDkkXk:DFD X-Hashcash: 1:21:051031:ietf-openpgp@imc.org::65CcOm6jPNVce6UH:05TY X-Hashcash: 1:21:051031:wildfire@progsoc.uts.edu.au::CMH89fihcir08DM5:32Lv X-Hashcash: 1:21:051031:namedroppers@ops.ietf.org::5o48/ciODQblpBLq:4HKV Date: Mon, 31 Oct 2005 10:19:49 +0100 In-Reply-To: <20051031072532.GC29693@progsoc.uts.edu.au> (Anand Kumria's message of "Mon, 31 Oct 2005 18:25:32 +1100") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Anand Kumria writes: > Hi there, > > The openpgp-mailnews-header defines a mechanism for senders to notify > recipients of both their preferences (w.r.t OpenPGP keys) and the keying > material to be used (e.g. keyid). > > dnsext-rfc2538bis defines a mechanism where keying material is stored > within the DNS (e.g. OpenPGP). The overlap here is that users may wish > to store their key in the DNS (via dnsext-rfc2538bis) and refer to them > using openpgp-mailnews-header. > > Since openpgp-mailnews-header specifies using a URI to refer to the > location, it would seem -- to me at least -- that there needs to be some > kind of URI specification to allow you to refer to DNS resource records. > > Is there one already, or work underway to produce a DNS URI spec.? Hi Anand! Thanks for your interest. The document you refer to is in the RFC Editor's queue; see also . Cheers, Simon From owner-ietf-openpgp@mail.imc.org Mon Oct 31 05:28:53 2005 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EWWuI-00036n-Hx for openpgp-archive@megatron.ietf.org; Mon, 31 Oct 2005 05:28:53 -0500 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA27607 for ; Mon, 31 Oct 2005 05:28:29 -0500 (EST) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9VAC5sY042742; Mon, 31 Oct 2005 02:12:05 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9VAC533042741; Mon, 31 Oct 2005 02:12:05 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9VAC3xn042732 for ; Mon, 31 Oct 2005 02:12:04 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j9VABv4h019126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 31 Oct 2005 11:11:58 +0100 From: Simon Josefsson To: ietf-openpgp@imc.org Subject: OpenPGP mail/news header -02 References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:051031:internet-drafts@ietf.org::jwZBWJ4Itu1Fic7K:lQb X-Hashcash: 1:21:051031:i-d-announce@ietf.org::JItYRLh7T1K5U6yQ:4Cl0 X-Hashcash: 1:21:051031:ietf-openpgp@imc.org::yTYX5gQnqWtXdlY9:F/D Date: Mon, 31 Oct 2005 11:11:56 +0100 In-Reply-To: (Internet-Drafts@ietf.org's message of "Fri, 23 Sep 2005 15:50:01 -0400") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi everyone! FYI: I submitted an updated version of this document a few weeks ago. The changes since -01 are small: A new "preference" field has been added, to signal whether the sender wish that e-mail should be signed, encrypted or both. Given previous discussions, I feel that we won't be able to reach consensus on a "supports" token, to signal preference between PGP/MIME, inline PGP (or even a combined PGP+MIME mode), so I am will drop it altogether unless someone proposes text. The problem in proposing text is that there is no specifications, at least that I know about, that describe how OpenPGP is used in e-mail, except for PGP/MIME. And no, RFC 2440 is not sufficient, as it doesn't describe interaction with non-ASCII, format=flowed, attachments, UseNet signatures and perhaps other things that I forget. The remaining issue is to fix the ABNF schema. Once that is finished, I will ask the IESG to publish this as an individual draft. Thanks, Simon Internet-Drafts@ietf.org writes: > Title : The OpenPGP mail and news header > Author(s) : A. Smasher, S. Josefsson > Filename : draft-josefsson-openpgp-mailnews-header-02.txt > > This document describes the OpenPGP mail and news header field. The > field provide information about the sender's OpenPGP key. > > See for more information. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-josefsson-openpgp-mailnews-header-02.txt Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9VAC5sY042742; Mon, 31 Oct 2005 02:12:05 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9VAC533042741; Mon, 31 Oct 2005 02:12:05 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9VAC3xn042732 for ; Mon, 31 Oct 2005 02:12:04 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j9VABv4h019126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 31 Oct 2005 11:11:58 +0100 From: Simon Josefsson To: ietf-openpgp@imc.org Subject: OpenPGP mail/news header -02 References: OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:051031:internet-drafts@ietf.org::jwZBWJ4Itu1Fic7K:lQb X-Hashcash: 1:21:051031:i-d-announce@ietf.org::JItYRLh7T1K5U6yQ:4Cl0 X-Hashcash: 1:21:051031:ietf-openpgp@imc.org::yTYX5gQnqWtXdlY9:F/D Date: Mon, 31 Oct 2005 11:11:56 +0100 In-Reply-To: (Internet-Drafts@ietf.org's message of "Fri, 23 Sep 2005 15:50:01 -0400") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi everyone! FYI: I submitted an updated version of this document a few weeks ago. The changes since -01 are small: A new "preference" field has been added, to signal whether the sender wish that e-mail should be signed, encrypted or both. Given previous discussions, I feel that we won't be able to reach consensus on a "supports" token, to signal preference between PGP/MIME, inline PGP (or even a combined PGP+MIME mode), so I am will drop it altogether unless someone proposes text. The problem in proposing text is that there is no specifications, at least that I know about, that describe how OpenPGP is used in e-mail, except for PGP/MIME. And no, RFC 2440 is not sufficient, as it doesn't describe interaction with non-ASCII, format=flowed, attachments, UseNet signatures and perhaps other things that I forget. The remaining issue is to fix the ABNF schema. Once that is finished, I will ask the IESG to publish this as an individual draft. Thanks, Simon Internet-Drafts@ietf.org writes: > Title : The OpenPGP mail and news header > Author(s) : A. Smasher, S. Josefsson > Filename : draft-josefsson-openpgp-mailnews-header-02.txt > > This document describes the OpenPGP mail and news header field. The > field provide information about the sender's OpenPGP key. > > See for more information. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-josefsson-openpgp-mailnews-header-02.txt Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9V9K43K037293; Mon, 31 Oct 2005 01:20:04 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9V9K4nq037292; Mon, 31 Oct 2005 01:20:04 -0800 (PST) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from yxa.extundo.com (root@178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9V9JxPC037282 for ; Mon, 31 Oct 2005 01:20:02 -0800 (PST) (envelope-from jas@extundo.com) Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3) with ESMTP id j9V9Jo67015082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 31 Oct 2005 10:19:51 +0100 From: Simon Josefsson To: Anand Kumria Cc: atom@smasher.org, namedroppers@ops.ietf.org, ietf-openpgp@imc.org Subject: Re: draft-josefsson-openpgp-mailnews-header and draft-ietf-dnsext-rfc2538bis-09.txt References: <20051031072532.GC29693@progsoc.uts.edu.au> OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:051031:atom@smasher.org::zps4UTjWjQPDkkXk:DFD X-Hashcash: 1:21:051031:ietf-openpgp@imc.org::65CcOm6jPNVce6UH:05TY X-Hashcash: 1:21:051031:wildfire@progsoc.uts.edu.au::CMH89fihcir08DM5:32Lv X-Hashcash: 1:21:051031:namedroppers@ops.ietf.org::5o48/ciODQblpBLq:4HKV Date: Mon, 31 Oct 2005 10:19:49 +0100 In-Reply-To: <20051031072532.GC29693@progsoc.uts.edu.au> (Anand Kumria's message of "Mon, 31 Oct 2005 18:25:32 +1100") Message-ID: User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Anand Kumria writes: > Hi there, > > The openpgp-mailnews-header defines a mechanism for senders to notify > recipients of both their preferences (w.r.t OpenPGP keys) and the keying > material to be used (e.g. keyid). > > dnsext-rfc2538bis defines a mechanism where keying material is stored > within the DNS (e.g. OpenPGP). The overlap here is that users may wish > to store their key in the DNS (via dnsext-rfc2538bis) and refer to them > using openpgp-mailnews-header. > > Since openpgp-mailnews-header specifies using a URI to refer to the > location, it would seem -- to me at least -- that there needs to be some > kind of URI specification to allow you to refer to DNS resource records. > > Is there one already, or work underway to produce a DNS URI spec.? Hi Anand! Thanks for your interest. The document you refer to is in the RFC Editor's queue; see also . Cheers, Simon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9P7iaGH071065; Tue, 25 Oct 2005 00:44:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9P7iaVd071064; Tue, 25 Oct 2005 00:44:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mtagate4.de.ibm.com (mtagate4.de.ibm.com [195.212.29.153]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9P7iY6G071040 for ; Tue, 25 Oct 2005 00:44:35 -0700 (PDT) (envelope-from peter.byldner@de.ibm.com) Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate4.de.ibm.com (8.12.10/8.12.10) with ESMTP id j9P7iSZB137818 for ; Tue, 25 Oct 2005 07:44:28 GMT Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VERS6.7) with ESMTP id j9P7iSm3233590 for ; Tue, 25 Oct 2005 09:44:28 +0200 Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1]) by d12av02.megacenter.de.ibm.com (8.12.11/8.13.3) with ESMTP id j9P7iS2q003296 for ; Tue, 25 Oct 2005 09:44:28 +0200 Received: from d12ml065.megacenter.de.ibm.com (d12ml065.megacenter.de.ibm.com [9.149.167.11]) by d12av02.megacenter.de.ibm.com (8.12.11/8.12.11) with ESMTP id j9P7iSfY003293 for ; Tue, 25 Oct 2005 09:44:28 +0200 To: ietf-openpgp@imc.org MIME-Version: 1.0 Subject: Calculation of signature in OpenPGP X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003 Message-ID: From: Peter Byldner Date: Tue, 25 Oct 2005 09:44:27 +0200 X-MIMETrack: Serialize by Router on D12ML065/12/M/IBM(Release 6.53HF247 | January 6, 2005) at 25/10/2005 09:44:28, Serialize complete at 25/10/2005 09:44:28 Content-Type: multipart/alternative; boundary="=_alternative 002A85B5C12570A5_=" Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multipart message in MIME format. --=_alternative 002A85B5C12570A5_= Content-Type: text/plain; charset="US-ASCII" I have question regarding the PGP digital signature (RFC3156). On page 5 you have the well known sample: MIME Security with OpenPGP August 2001 Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5; protocol="application/pgp-signature" --bar & Content-Type: text/plain; charset=iso-8859-1 & Content-Transfer-Encoding: quoted-printable & & =A1Hola! & & Did you know that talking to yourself is a sign of senility? & & It's generally a good idea to encode lines that begin with & From=20because some mail transport agents will insert a greater- & than (>) sign, thus invalidating the signature. & & Also, in some cases it might be desirable to encode any =20 & trailing whitespace that occurs on lines in order to ensure =20 & that the message signature is not invalidated when passing =20 & a gateway that modifies such whitespace (like BITNET). =20 & & me --bar Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= =ndaj -----END PGP MESSAGE----- --bar-- The "&"s in the previous example indicate the portion of the data over which the signature was calculated. ************************** For me it is not clear, which CRLF should be included in the signature. Because I have the problem to code in a non ascii and line oriented environment (IBM z/OS) I have chosen to first translate the text to ascii (in case of binary data I can skip this step) and then to base64. In this matter I can be sure that trailing white spaces and control characters within the text are not disturbing in the recipient's verify phase. I assume that I have to sign over the following parts: Headers (in ascii) and CRLF (one or 2 after the last header ?) Content-Type: application/octet-stream (CRLF) Content-Transfer-Encoding: base64 (CRLF ) 2x ? base64 stream (without CRLF between nor ending with one ) ? It's a try to use PGM MIME in the environment I'm working......the encryption part is easier Kind regards Peter --=_alternative 002A85B5C12570A5_= Content-Type: text/html; charset="US-ASCII"
I have question regarding the PGP digital signature (RFC3156).

On page 5 you have the well known sample:

 MIME Security with OpenPGP            August 2001


        Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;
          protocol="application/pgp-signature"

        --bar
     & Content-Type: text/plain; charset=iso-8859-1
     & Content-Transfer-Encoding: quoted-printable
     &
     & =A1Hola!
     &
     & Did you know that talking to yourself is a sign of senility?
     &
     & It's generally a good idea to encode lines that begin with
     & From=20because some mail transport agents will insert a greater-
     & than (>) sign, thus invalidating the signature.
     &
     & Also, in some cases it might be desirable to encode any   =20
     & trailing whitespace that occurs on lines in order to ensure  =20
     & that the message signature is not invalidated when passing =20
     & a gateway that modifies such whitespace (like BITNET). =20
     &
     & me

     --bar

     Content-Type: application/pgp-signature

     -----BEGIN PGP MESSAGE-----
     Version: 2.6.2

     iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
     jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
     uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
     HOxEa44b+EI=
     =ndaj
     -----END PGP MESSAGE-----

     --bar--

  The "&"s in the previous example indicate the portion of the data
  over which the signature was calculated.


**************************

For me it is not clear, which CRLF should be included in the signature.

Because I have the problem to code in a non ascii and line oriented environment (IBM z/OS) I have chosen to
first translate the text to ascii (in case of binary data  I can skip this step) and then to base64. In this matter I  can be
sure that trailing white spaces and control characters within the text are not disturbing in the recipient's verify phase.

I assume that I have to sign over the following parts:

Headers (in ascii) and CRLF (one or 2 after the last header ?)

Content-Type: application/octet-stream (CRLF)
Content-Transfer-Encoding: base64    (CRLF ) 2x   ?

base64 stream (without CRLF between nor ending with one ) ?


It's a try to use PGM MIME in the environment I'm working......the encryption part is easier

 

Kind regards

Peter
--=_alternative 002A85B5C12570A5_=-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9F5Lrv2040159; Fri, 14 Oct 2005 22:21:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9F5LrpV040158; Fri, 14 Oct 2005 22:21:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9F5Lqvc040111 for ; Fri, 14 Oct 2005 22:21:52 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Fri, 14 Oct 2005 22:21:49 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Fri, 14 Oct 2005 22:21:49 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 14 Oct 2005 22:21:49 -0700 In-Reply-To: <20051014131730.2C6C733C58@mailserver5.hushmail.com> References: <20051014131730.2C6C733C58@mailserver5.hushmail.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT // empty line Date: Fri, 14 Oct 2005 22:21:45 -0700 To: "" X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 14 Oct 2005, at 6:17 AM, wrote: > it's not the pgp implementations, > > but it does happen 'always' > when generating a pdf that has a pgp message as an illustration > > the pdf treats the empty line as 'whitespace' > rather than a 'line return' > > and the pgp program trying to decrypt/verify the pdf example > is dealing with a functional omission of the empty line > > this is true both in Adobe Writer (all versions through 6, anyway) > and PDFCreator > > not a reason to change the standard, > just something to be aware of > > a simple workaround when creating pdf's, is to manually add a colon > on the 'empty line' of the pgp message > > this will render in pdf, and will be recognizable by all the pgp > implementations Okay, so you have described a great reason why an implementation might want to accept such a data block despite it not being up to spec. It's a great reason. But that's not a reason to change the spec. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9EDHa0Q078844; Fri, 14 Oct 2005 06:17:36 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9EDHaHN078843; Fri, 14 Oct 2005 06:17:36 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9EDHXcb078831 for ; Fri, 14 Oct 2005 06:17:35 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 24249A3569 for ; Fri, 14 Oct 2005 06:17:33 -0700 (PDT) Received: from mailserver5.hushmail.com (mailserver5.hushmail.com [65.39.178.19]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Fri, 14 Oct 2005 06:17:30 -0700 (PDT) Received: by mailserver5.hushmail.com (Postfix, from userid 65534) id 2C6C733C58; Fri, 14 Oct 2005 06:17:30 -0700 (PDT) Date: Fri, 14 Oct 2005 06:17:26 -0700 To: Cc: Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT // empty line From: Message-Id: <20051014131730.2C6C733C58@mailserver5.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 12 Oct 2005 10:42:05 -0700 Jon Callas wrote: >On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether >its >> the PGP implementation or the MUA. I could gather version >strings >> (for some instances) if that helps? >> > >I'm happy to work merely with the anecdotal evidence that it >happens >a lot. it's not the pgp implementations, but it does happen 'always' when generating a pdf that has a pgp message as an illustration the pdf treats the empty line as 'whitespace' rather than a 'line return' and the pgp program trying to decrypt/verify the pdf example is dealing with a functional omission of the empty line this is true both in Adobe Writer (all versions through 6, anyway) and PDFCreator not a reason to change the standard, just something to be aware of a simple workaround when creating pdf's, is to manually add a colon on the 'empty line' of the pgp message this will render in pdf, and will be recognizable by all the pgp implementations vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9ED8ZNi076522; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9ED8Zpa076521; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9ED8ZuS076511 for ; Fri, 14 Oct 2005 06:08:35 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 7DBB9A3567 for ; Fri, 14 Oct 2005 06:08:34 -0700 (PDT) Received: from mailserver5.hushmail.com (mailserver5.hushmail.com [65.39.178.19]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Fri, 14 Oct 2005 06:08:31 -0700 (PDT) Received: by mailserver5.hushmail.com (Postfix, from userid 65534) id F02D933C24; Fri, 14 Oct 2005 06:08:30 -0700 (PDT) Date: Fri, 14 Oct 2005 06:08:28 -0700 To: Cc: Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) From: Message-Id: <20051014130830.F02D933C24@mailserver5.hushmail.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, 12 Oct 2005 06:06:40 -0700 "Daniel A. Nagy" wrote: >I am not aware of any actual implementation of >multiple >cleartext signatures. gnupg has had them implemented for some time now, they can be very useful in introducing a new signing key or signing subkey the message introduces the new signing key, and includes all its identifying data, and then is signed with both the old (already trusted) signing key, as well as the new signing key vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9DHxTrC068770; Thu, 13 Oct 2005 10:59:29 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9DHxTBI068769; Thu, 13 Oct 2005 10:59:29 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9DHxR3l068693 for ; Thu, 13 Oct 2005 10:59:27 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9DHw2m6012589; Thu, 13 Oct 2005 13:58:02 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9DHw0m2012586; Thu, 13 Oct 2005 13:58:00 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: Ben Laurie Cc: Jon Callas , OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> <434E1D37.5040101@algroup.co.uk> Date: Thu, 13 Oct 2005 13:58:00 -0400 In-Reply-To: <434E1D37.5040101@algroup.co.uk> (Ben Laurie's message of "Thu, 13 Oct 2005 09:39:19 +0100") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie writes: > Now that the spec is clear to me, I'd say we should leave it as it is. The question remains, why was it unclear before? The text in the spec should be unambigious. If you were confused about what it meant, an extra explanatory sentence is in order to make sure a future developer does not fall into the same ambiguous interpretation that you did. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9D8dKem031190; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9D8dKvl031189; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9D8dJUh031181 for ; Thu, 13 Oct 2005 01:39:20 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id DA0A433C1D; Thu, 13 Oct 2005 09:39:17 +0100 (BST) Message-ID: <434E1D37.5040101@algroup.co.uk> Date: Thu, 13 Oct 2005 09:39:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> In-Reply-To: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether its >> the PGP implementation or the MUA. I could gather version strings >> (for some instances) if that helps? >> > > I'm happy to work merely with the anecdotal evidence that it happens a > lot. > > The only question is whether we should do anything, and if so, what? > Since the spec really says that the blank line should be there, the > what would be to relax or eliminate the requirement. I could find the > right place to add "typically" for example, to indicate that it's > common convention, but not required. > > But that would make any implementation that adheres strictly to the > present spec to be broken. Now that the spec is clear to me, I'd say we should leave it as it is. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CKLHbt066999; Wed, 12 Oct 2005 13:21:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CKLHFe066998; Wed, 12 Oct 2005 13:21:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CKLGm2066984 for ; Wed, 12 Oct 2005 13:21:16 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 00A1133C1D; Wed, 12 Oct 2005 21:21:15 +0100 (BST) Message-ID: <434D703C.7030506@algroup.co.uk> Date: Wed, 12 Oct 2005 21:21:16 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> In-Reply-To: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > >> >> I've only seen this in email, so I'm not actually sure whether its >> the PGP implementation or the MUA. I could gather version strings >> (for some instances) if that helps? >> > > I'm happy to work merely with the anecdotal evidence that it happens a > lot. > > The only question is whether we should do anything, and if so, what? > Since the spec really says that the blank line should be there, the > what would be to relax or eliminate the requirement. I could find the > right place to add "typically" for example, to indicate that it's > common convention, but not required. > > But that would make any implementation that adheres strictly to the > present spec to be broken. Encouraging random processing of text strikes me as a bad idea, so let's not change the words. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHvEAp051791; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHvEkn051790; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHvEp3051783 for ; Wed, 12 Oct 2005 10:57:14 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 12 Oct 2005 10:57:12 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 12 Oct 2005 10:57:12 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 12 Oct 2005 10:57:12 -0700 In-Reply-To: <20051012160434.GA3562@jabberwocky.com> References: <20051012160434.GA3562@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <10815108-A466-4E52-8143-1C5E0380BFF9@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Human-readable notation language Date: Wed, 12 Oct 2005 10:57:12 -0700 To: David Shaw X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 9:04 AM, David Shaw wrote: > > Section 5.2.3.16 (Notation Data) has this: > > First octet: 0x80 = human-readable. This note value is text, a > note from one person to another, and need > not have meaning to software. > > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. Yes, but. The reason we have that text in there is because of debates over what to do about it. The present text says that software doesn't have to anything. Yes, I know that other parts of the document also say that *any* subpacket that you don't understand can be ignored (modulo critical), but that doesn't mean that the issue won't come back again. That text also more or less says, "You can ignore these any time you want to. Really. Yes, really. Uh huh. Trust me, really." It says this because that has been needed. I'm happy to remove it, but I get an "I told you so" when someone asks about it later. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHoOQp051141; Wed, 12 Oct 2005 10:50:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHoO6q051140; Wed, 12 Oct 2005 10:50:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHoNtc051134 for ; Wed, 12 Oct 2005 10:50:23 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 3580957EF9; Wed, 12 Oct 2005 10:51:32 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Human-readable notation language Message-Id: <20051012175132.3580957EF9@finney.org> Date: Wed, 12 Oct 2005 10:51:32 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > Section 5.2.3.16 (Notation Data) has this: > > First octet: 0x80 = human-readable. This note value is text, a > note from one person to another, and need > not have meaning to software. > > To my reading, this says more or less, "this is a note from one person > to another except when it isn't". Especially given such notations as > preferred-email-encoding@pgp.com which are always human-readable, I > suggest this: > > First octet: 0x80 = human-readable. This note value is text. > > It's just simpler. I agree with David on this. My interpretation of the human-readable flag is not that it is a note from one person to another, but rather, it is something that humans would be able to read. It may well be used purely for software purposes. The practical implication is, when printing out signature fields in a program like pgpdump, it is a reasonable idea to print out this notation in text form. If teh human-readable flag is not set, the notation should be printed in binary form. The semantics of the notation are entirely in its name field and not related in any way to the human-readable flag, IMO. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHg6fv050327; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CHg6ww050326; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CHg6tG050317 for ; Wed, 12 Oct 2005 10:42:06 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Wed, 12 Oct 2005 10:42:04 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Wed, 12 Oct 2005 10:42:04 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 12 Oct 2005 10:42:04 -0700 In-Reply-To: <434CDA76.4000500@algroup.co.uk> References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> <434CDA76.4000500@algroup.co.uk> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <01725AA9-E53F-4E9F-9625-912B905D96BF@callas.org> Cc: OpenPGP Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Wed, 12 Oct 2005 10:42:05 -0700 To: Ben Laurie X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 12 Oct 2005, at 2:42 AM, Ben Laurie wrote: > > I've only seen this in email, so I'm not actually sure whether its > the PGP implementation or the MUA. I could gather version strings > (for some instances) if that helps? > I'm happy to work merely with the anecdotal evidence that it happens a lot. The only question is whether we should do anything, and if so, what? Since the spec really says that the blank line should be there, the what would be to relax or eliminate the requirement. I could find the right place to add "typically" for example, to indicate that it's common convention, but not required. But that would make any implementation that adheres strictly to the present spec to be broken. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CG4hvw041538; Wed, 12 Oct 2005 09:04:43 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CG4h2U041537; Wed, 12 Oct 2005 09:04:43 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CG4gSq041435 for ; Wed, 12 Oct 2005 09:04:42 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101216043601500bccq0e>; Wed, 12 Oct 2005 16:04:36 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CG4a0m008412 for ; Wed, 12 Oct 2005 12:04:36 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CG4Y15003582 for ; Wed, 12 Oct 2005 12:04:34 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CG4YLP003581 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 12:04:34 -0400 Date: Wed, 12 Oct 2005 12:04:34 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Human-readable notation language Message-ID: <20051012160434.GA3562@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Section 5.2.3.16 (Notation Data) has this: First octet: 0x80 = human-readable. This note value is text, a note from one person to another, and need not have meaning to software. To my reading, this says more or less, "this is a note from one person to another except when it isn't". Especially given such notations as preferred-email-encoding@pgp.com which are always human-readable, I suggest this: First octet: 0x80 = human-readable. This note value is text. It's just simpler. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFlFL7039636; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFlFFA039635; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFlFkG039627 for ; Wed, 12 Oct 2005 08:47:15 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9CFl9YJ000922 for ; Wed, 12 Oct 2005 11:47:09 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9CFl9tQ000919; Wed, 12 Oct 2005 11:47:09 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> <20051012151308.GB3368@jabberwocky.com> Date: Wed, 12 Oct 2005 11:47:09 -0400 In-Reply-To: <20051012151308.GB3368@jabberwocky.com> (David Shaw's message of "Wed, 12 Oct 2005 11:13:08 -0400") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > I definitely agree they are useful, but given that 2440bis last call > ends in 16 days and we have no implementations (much less two > interoperable ones), let's move this to a new RFC. We don't need this now. That's needed to go to DRAFT standard. 2440bis is going to PROPOSED (because there's been significant churn). To go from PROPOSED to DRAFT we need the implementation experience, and the draft can only clarify or remove, not add or change. I.e., you cannot change a packet format, but you can clarify ambiguities or remove packets that haven't been implemented. But this wont happen until next year. > David -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFiDKF039335; Wed, 12 Oct 2005 08:44:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFiD3F039334; Wed, 12 Oct 2005 08:44:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from cliodev.pgp.com (nsc69.38.10-97.newsouth.net [69.38.10.97]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFiBH3039318 for ; Wed, 12 Oct 2005 08:44:11 -0700 (PDT) (envelope-from warlord@MIT.EDU) Received: from cliodev.pgp.com (cliodev.pgp.com [127.0.0.1]) by cliodev.pgp.com (8.13.1/8.13.1) with ESMTP id j9CFi577000915 for ; Wed, 12 Oct 2005 11:44:05 -0400 Received: (from warlord@localhost) by cliodev.pgp.com (8.13.1/8.13.1/Submit) id j9CFi2cm000912; Wed, 12 Oct 2005 11:44:02 -0400 X-Authentication-Warning: cliodev.pgp.com: warlord set sender to warlord@MIT.EDU using -f From: Derek Atkins To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> <20051012151016.GA3368@jabberwocky.com> Date: Wed, 12 Oct 2005 11:44:02 -0400 In-Reply-To: <20051012151016.GA3368@jabberwocky.com> (David Shaw's message of "Wed, 12 Oct 2005 11:10:16 -0400") Message-ID: User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: As a process point.. 2440bis is going into PROPOSED standard, which means we don't need the deployment experience right now. There's no need to rip out this section now -- we can always remove it before going to DRAFT standard if we don't get the experience by then. So, if there is concensus to remove it now we can.. But from a process standpoint there's no need to remove it if we think the language is clear about how to create and parse and understand the packet type. -derek David Shaw writes: > On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > >> I am a bit uncomfortable with the notarization signature in general. >> We have it in the draft but have no experience with it in reality, >> which is kind of the opposite of the usual IETF procedure. I guess it >> was somebody's bright idea that got stuck in, in case people might want >> to use it someday. >> >> The fact that we may have to add further rules clarifying how to use it >> just emphasizes our lack of experience with the construct. Often with >> these things you don't find the problems until you actually try to use it >> for something and interoperate with others. Given that notary signatures >> have been in the draft in some form or other for years without seeing >> any use that I know of, should we consider taking them out? > > While I hate to say it, given the number of hours that went into it > thus far, I think I agree. Last call is approaching, and we have no > implementations of it and no experience with it. > > This isn't to say that I think we should scrap notary signatures - > just that it might be a good idea to bump them into their own RFC so > as not to delay 2440bis. I don't believe that implementation and > experience can be achieved in time, and I'd rather see them done right > than done in 2440bis. > > David -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFZikh038740; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFZioK038739; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFZh8K038733 for ; Wed, 12 Oct 2005 08:35:44 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 915CF2B47E9; Wed, 12 Oct 2005 17:35:39 +0200 (CEST) Date: Wed, 12 Oct 2005 17:35:39 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012153533.GB2641@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> <20051012151016.GA3368@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012151016.GA3368@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 11:10:16AM -0400, David Shaw wrote: > While I hate to say it, given the number of hours that went into it > thus far, I think I agree. Last call is approaching, and we have no > implementations of it and no experience with it. > > This isn't to say that I think we should scrap notary signatures - > just that it might be a good idea to bump them into their own RFC so > as not to delay 2440bis. I don't believe that implementation and > experience can be achieved in time, and I'd rather see them done right > than done in 2440bis. What is already there is vague and general enough not to interfere with future implementations and at least gives some guidelines to implementers, who may come up with interoperable solutions on their own. Please do not remove the notary signature types from this RFC. The actual, detailed specification with examples backed up by an open-source implementation will go into a new RFC; I have no problem with that. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFVVbD038327; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFVVFm038326; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFVUJi038319 for ; Wed, 12 Oct 2005 08:31:31 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 0D9302B47DD; Wed, 12 Oct 2005 17:31:30 +0200 (CEST) Date: Wed, 12 Oct 2005 17:31:30 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012153129.GA2641@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> <20051012151308.GB3368@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012151308.GB3368@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 11:13:08AM -0400, David Shaw wrote: > I definitely agree they are useful, but given that 2440bis last call > ends in 16 days and we have no implementations (much less two > interoperable ones), let's move this to a new RFC. Sure, the true specs will be in the new RFC, but please don't remove from RFC2440bis what is already there. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFDLqD035914; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFDLQh035913; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc14.comcast.net [216.148.227.89]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFDLxA035900 for ; Wed, 12 Oct 2005 08:13:21 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc14) with ESMTP id <200510121513100140090fore>; Wed, 12 Oct 2005 15:13:15 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CFD90m008238 for ; Wed, 12 Oct 2005 11:13:09 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CFD8nk003502 for ; Wed, 12 Oct 2005 11:13:08 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CFD83i003501 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 11:13:08 -0400 Date: Wed, 12 Oct 2005 11:13:08 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012151308.GB3368@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> <200510120950.32901.brian@braverock.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200510120950.32901.brian@braverock.com> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 09:50:32AM -0500, Brian G. Peterson wrote: > > On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > > The fact that we may have to add further rules clarifying how to use it > > > just emphasizes our lack of experience with the construct. 燨ften with > > > these things you don't find the problems until you actually try to use it > > > for something and interoperate with others. 燝iven that notary signatures > > > have been in the draft in some form or other for years without seeing > > > any use that I know of, should we consider taking them out? > > On Wednesday 12 October 2005 08:06 am, Daniel A. Nagy wrote: > > Please don't. I do have a very good use for them and I'm going to go ahead > > with an implementation. As soon as it's working reliably and securely, I > > will write up the specifications for inclusion in the standard. > > I second this. A workable notary signature method for both clear-signed and > pgp/mime is badly needed for evidentiary reasons. I definitely agree they are useful, but given that 2440bis last call ends in 16 days and we have no implementations (much less two interoperable ones), let's move this to a new RFC. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFAQwN035632; Wed, 12 Oct 2005 08:10:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CFAQox035631; Wed, 12 Oct 2005 08:10:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CFAPMq035621 for ; Wed, 12 Oct 2005 08:10:25 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005101215101801200p5at1e>; Wed, 12 Oct 2005 15:10:18 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9CFAI0m008224 for ; Wed, 12 Oct 2005 11:10:18 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9CFAGqv003495 for ; Wed, 12 Oct 2005 11:10:16 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9CFAGd5003494 for ietf-openpgp@imc.org; Wed, 12 Oct 2005 11:10:16 -0400 Date: Wed, 12 Oct 2005 11:10:16 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012151016.GA3368@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051012070713.38B2957EFB@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012070713.38B2957EFB@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? While I hate to say it, given the number of hours that went into it thus far, I think I agree. Last call is approaching, and we have no implementations of it and no experience with it. This isn't to say that I think we should scrap notary signatures - just that it might be a good idea to bump them into their own RFC so as not to delay 2440bis. I don't believe that implementation and experience can be achieved in time, and I'd rather see them done right than done in 2440bis. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CEor3n033756; Wed, 12 Oct 2005 07:50:53 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CEor8Q033755; Wed, 12 Oct 2005 07:50:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from ethos.braverock.com (ethos.braverock.com [66.92.142.163] (may be forged)) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CEoqOn033749 for ; Wed, 12 Oct 2005 07:50:52 -0700 (PDT) (envelope-from brian@braverock.com) Received: from [10.23.3.126] (terminus [66.92.135.15]) (authenticated bits=0) by ethos.braverock.com (8.13.3/8.13.1) with ESMTP id j9CEog4V021445 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Wed, 12 Oct 2005 09:50:43 -0500 From: "Brian G. Peterson" To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Date: Wed, 12 Oct 2005 09:50:32 -0500 User-Agent: KMail/1.8.1 References: <20051012070713.38B2957EFB@finney.org> <20051012130606.GA10753@epointsystem.org> In-Reply-To: <20051012130606.GA10753@epointsystem.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <200510120950.32901.brian@braverock.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j9CEorOn033750 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > The fact that we may have to add further rules clarifying how to use it > > just emphasizes our lack of experience with the construct. 燨ften with > > these things you don't find the problems until you actually try to use it > > for something and interoperate with others. 燝iven that notary signatures > > have been in the draft in some form or other for years without seeing > > any use that I know of, should we consider taking them out? On Wednesday 12 October 2005 08:06 am, Daniel A. Nagy wrote: > Please don't. I do have a very good use for them and I'm going to go ahead > with an implementation. As soon as it's working reliably and securely, I > will write up the specifications for inclusion in the standard. I second this. A workable notary signature method for both clear-signed and pgp/mime is badly needed for evidentiary reasons. The hypothetical human rights example discussed a few weeks ago applies clearly here, where a file/message may pass through multiple hands before arriving at it's final destination, and the original signer may be dead by the time it gets to the final destination. Having a notary chain of signatures over the same original can provide valuable chain of evidence information. Regards, - Brian Peterson Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CE1mqk027430; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CE1mdk027429; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CE1l4n027421 for ; Wed, 12 Oct 2005 07:01:48 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EPhHF-0008MP-MF for ; Wed, 12 Oct 2005 16:08:17 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EPh4X-0001QK-Hn for ; Wed, 12 Oct 2005 15:55:09 +0200 From: Werner Koch To: ietf-openpgp@imc.org Subject: Re: Signature calculation language References: <20051011222500.0352B57EF9@finney.org> <20051012025034.GA5034@jabberwocky.com> Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Wed, 12 Oct 2005 15:55:09 +0200 In-Reply-To: <20051012025034.GA5034@jabberwocky.com> (David Shaw's message of "Tue, 11 Oct 2005 22:50:34 -0400") Message-ID: <87psqa6ds2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, 11 Oct 2005 22:50:34 -0400, David Shaw said: > I support making 0x19 backsigs a MUST. I concur with David. I am actually a heavy user of signing subkeys because they allow to keep the primary key offline. Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CD6it1020831; Wed, 12 Oct 2005 06:06:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CD6i1V020830; Wed, 12 Oct 2005 06:06:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CD6g9Q020793 for ; Wed, 12 Oct 2005 06:06:43 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 820152B47EE; Wed, 12 Oct 2005 15:06:40 +0200 (CEST) Date: Wed, 12 Oct 2005 15:06:40 +0200 To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012130606.GA10753@epointsystem.org> References: <20051012070713.38B2957EFB@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051012070713.38B2957EFB@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Oct 12, 2005 at 12:07:13AM -0700, "Hal Finney" wrote: > > Daniel Nagy writes about multiple cleartext signatures: > > Some details are missing. For instance, is the order salient? One-pass > > signantures have to be bracketed, and clearsigned documents are supposed be > > verifiable in one pass as well. But it does not necessarily imply that the > > hash algorithms should be listed in reverse signature order in the > > beginning. Actually, the standard says very little on how to go about it. > > I don't think there is much benefit to putting the hashes in the (reverse) > order of the signatures. Rather, you list all of the hashes that will > be used by any of the signatures, then simultaneously accumulate all > hash values as you scan the message in one pass. Now you can verify > each signature and you would have the hash value at hand. Actually, the hash value is not enough; you need to carry the whole message digest object with its internal state. In a system/library where it is not cloneable, this might be a problem. But I agree that it's no big deal. What you write above is perfectly consistent with the standard and my planned implementation. I am not aware of any actual implementation of multiple cleartext signatures. > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? Please don't. I do have a very good use for them and I'm going to go ahead with an implementation. As soon as it's working reliably and securely, I will write up the specifications for inclusion in the standard. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CB2giu007868; Wed, 12 Oct 2005 04:02:42 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9CB2g7K007867; Wed, 12 Oct 2005 04:02:42 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9CB2fc0007829 for ; Wed, 12 Oct 2005 04:02:41 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 88BC162C7C; Wed, 12 Oct 2005 12:02:34 +0100 (BST) Message-ID: <434CED6F.7070709@systemics.com> Date: Wed, 12 Oct 2005 12:03:11 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hal Finney Cc: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) References: <20051012070713.38B2957EFB@finney.org> In-Reply-To: <20051012070713.38B2957EFB@finney.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hal Finney wrote: > I am a bit uncomfortable with the notarization signature in general. > We have it in the draft but have no experience with it in reality, > which is kind of the opposite of the usual IETF procedure. I guess it > was somebody's bright idea that got stuck in, in case people might want > to use it someday. > > The fact that we may have to add further rules clarifying how to use it > just emphasizes our lack of experience with the construct. Often with > these things you don't find the problems until you actually try to use it > for something and interoperate with others. Given that notary signatures > have been in the draft in some form or other for years without seeing > any use that I know of, should we consider taking them out? I think as long as the semantics - the legal or otherwise meaning - of the digsig are left explicitly vague and up to the signing and relying parties, then the existance of a notary signature form just represents a spot where two cooperating parties could agree to do a notary-like signature. It's up to them all to sort out the details... Looking at the section 5.2.1. Signature Types There is this odd para half way through the list: Please note that the vagueness of these certification claims is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a certification, it may be that one authority's casual certification might be more rigorous than some other authority's positive certification. These classifications allow a certification authority to issue fine-grained claims. I suggest that this is out of place and may be better served being moved to the front or back of the section, so that it serves as a general caveat of vagueness and user-authority on the issue of signature semantics. I would prefer the disclaimer to vaguery to be at the beginning because that's how lawyers like it. So, Something like this: 5.2.1. Signature Types There are a number of possible meanings for a signature, which may be indicated in a signature type octet in any given signature. Please note that the vagueness of these meanings is not a flaw, but a feature of the system. Because OpenPGP places final authority for validity upon the receiver of a signature, it may be that one signer's casual act might be more rigorous than some other authority's positive act. These meanings are: 0x01:... iang PS: The concept of technology doing signatures is quite scary, and notary signatures are a step further into that area; this group has no real tools to deal with it as we have no lawyers here, and even if we did, we'd need to cover different codes (common, civil, islamic...) and different digsig laws. Before this ever gets to be a tech question, it's a major academic challenge. The people who looked at basic digsigs in the mid 90s bungled it comprehensively, so it's not as if we can even say "well, just pay someone..." It's the sort of thing that might fit much more nicely in another document. "Notary Signatures Extension to OpenPGP." But as you say, I'd prefer to see someone *do it* in code and in practice to flush out the lessons. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9gEoo099820; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9gEaJ099819; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9gDLb099813 for ; Wed, 12 Oct 2005 02:42:14 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 6634633C1A; Wed, 12 Oct 2005 10:42:13 +0100 (BST) Message-ID: <434CDA76.4000500@algroup.co.uk> Date: Wed, 12 Oct 2005 10:42:14 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: OpenPGP Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> In-Reply-To: X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > > > On 11 Oct 2005, at 2:39 PM, Ian G wrote: > >> Jon Callas wrote: >> >> >>> The possible outside exception is the "Cleartext Signatures" >>> thread, where I believe there's no consensus for a change, but I >>> don't see anything that can't be added in WGLC if that's not the case. >>> >> >> Ben raised an issue about the blank line separating >> the headers from the armour. Is that mandatory or >> not? I think it should be. >> > > My opinion is that the spec clearly says that the blank line is > required. If in the real world, there are implementations that don't > put it in, and yet are generally accepted, then well, okay, but that's > a standards violation. > > I suppose that's reason enough to discuss taking it out, that it's more > nodded to than observed, but I haven't noticed it being ignored. I was > surprised that anyone didn't do it. I've only seen this in email, so I'm not actually sure whether its the PGP implementation or the MUA. I could gather version strings (for some instances) if that helps? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9WKYf098906; Wed, 12 Oct 2005 02:32:20 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9WK9i098905; Wed, 12 Oct 2005 02:32:20 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9WJ0j098899 for ; Wed, 12 Oct 2005 02:32:19 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id C13A533C1B; Wed, 12 Oct 2005 10:32:18 +0100 (BST) Message-ID: <434CD823.20509@algroup.co.uk> Date: Wed, 12 Oct 2005 10:32:19 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Shaw CC: OpenPGP Subject: Re: Cleartext Signatures References: <20051010162027.GB14780@epointsystem.org> <434AABAB.7090508@algroup.co.uk> <20051011222404.GB4883@jabberwocky.com> In-Reply-To: <20051011222404.GB4883@jabberwocky.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw wrote: > On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote: > >>Daniel A. Nagy wrote: >> >>>On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: >>> >>> >>> >>>>That mantra has shown to be a less than great idea recently, since it >>>>promotes interestingly obscure security holes, so I still would like to >>>>know what the correct behaviour is, and I'd like the I-D to accurately >>>>document that behaviour. >>> >>> >>>In that case, the empty line should be mandated, >> >>I agree. > > > As do I, but it seems to me that it is already mandated. Section 6.2 > (Forming ASCII Armor) mandates the line. Section 7 (Cleartext > signature framework) refers to "The ASCII armored signature(s)". > Doesn't it them follow that the armored signature (like all armor) > mandates the line? Am I reading into something that isn't there? I guess careful reading supports this, but the fact that it explicitly mentions Header and Tail Lines but _not_ the headers is confusing. Also, it seems quite a few implementations miss them out, so I'm not the only confused one. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9SZUQ098466; Wed, 12 Oct 2005 02:28:35 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C9SZL9098465; Wed, 12 Oct 2005 02:28:35 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C9SYEY098455 for ; Wed, 12 Oct 2005 02:28:34 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id F3CBF33C1A; Wed, 12 Oct 2005 10:28:32 +0100 (BST) Message-ID: <434CD741.8010500@algroup.co.uk> Date: Wed, 12 Oct 2005 10:28:33 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas CC: Ian G , vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> In-Reply-To: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > The spec as it stands is clear, and someone who puts this into mail has > to deal with long body lines in a cleartext message, anyway. They're > the mail expert, I'm not. OK, so what about the original problem (lack of clarity about headers)? -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C766Lo084574; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C7666R084573; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C7664M084567 for ; Wed, 12 Oct 2005 00:06:06 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 38B2957EFB; Wed, 12 Oct 2005 00:07:13 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-Id: <20051012070713.38B2957EFB@finney.org> Date: Wed, 12 Oct 2005 00:07:13 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel Nagy writes about multiple cleartext signatures: > Some details are missing. For instance, is the order salient? One-pass > signantures have to be bracketed, and clearsigned documents are supposed be > verifiable in one pass as well. But it does not necessarily imply that the > hash algorithms should be listed in reverse signature order in the > beginning. Actually, the standard says very little on how to go about it. I don't think there is much benefit to putting the hashes in the (reverse) order of the signatures. Rather, you list all of the hashes that will be used by any of the signatures, then simultaneously accumulate all hash values as you scan the message in one pass. Now you can verify each signature and you would have the hash value at hand. > It > would definitely help one-pass verification, if signatures that refer to > other signatures (e.g. notarization sigs) were mandated to either follow or > precede the signatures they are refering to. Both solutions have their > benefits, but deciding one way or another would be better than allowing > arbitrary order. It would be nice to have a paragraph or two elaborating on > these issues. I am a bit uncomfortable with the notarization signature in general. We have it in the draft but have no experience with it in reality, which is kind of the opposite of the usual IETF procedure. I guess it was somebody's bright idea that got stuck in, in case people might want to use it someday. The fact that we may have to add further rules clarifying how to use it just emphasizes our lack of experience with the construct. Often with these things you don't find the problems until you actually try to use it for something and interoperate with others. Given that notary signatures have been in the draft in some form or other for years without seeing any use that I know of, should we consider taking them out? Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C4MjjL073219; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C4Mjdk073218; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C4MiGv073212 for ; Tue, 11 Oct 2005 21:22:45 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 956822B47A3; Wed, 12 Oct 2005 06:22:43 +0200 (CEST) Date: Wed, 12 Oct 2005 06:22:43 +0200 To: David Shaw , ietf-openpgp@imc.org Subject: Re: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051012042243.GB24703@epointsystem.org> References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> <20051011221127.GA4883@jabberwocky.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011221127.GA4883@jabberwocky.com> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 06:11:27PM -0400, David Shaw wrote: > Yes, they are supported, and the putting all of them in a single > armored signature block is the way to do it. Section 7 refers to "The > ASCII armored signature(s)" in the signature block. The text seems > reasonably clear to me - what is not good here? Some details are missing. For instance, is the order salient? One-pass signantures have to be bracketed, and clearsigned documents are supposed be verifiable in one pass as well. But it does not necessarily imply that the hash algorithms should be listed in reverse signature order in the beginning. Actually, the standard says very little on how to go about it. It would definitely help one-pass verification, if signatures that refer to other signatures (e.g. notarization sigs) were mandated to either follow or precede the signatures they are refering to. Both solutions have their benefits, but deciding one way or another would be better than allowing arbitrary order. It would be nice to have a paragraph or two elaborating on these issues. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C2pGPR065818; Tue, 11 Oct 2005 19:51:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C2pGXa065817; Tue, 11 Oct 2005 19:51:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C2pE8h065806 for ; Tue, 11 Oct 2005 19:51:15 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc11) with ESMTP id <20051012025037011009ku5de>; Wed, 12 Oct 2005 02:50:37 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9C2oh0m005766 for ; Tue, 11 Oct 2005 22:50:43 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9C2oY08014750 for ; Tue, 11 Oct 2005 22:50:34 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9C2oYwG014749 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 22:50:34 -0400 Date: Tue, 11 Oct 2005 22:50:34 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051012025034.GA5034@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051011222500.0352B57EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011222500.0352B57EF9@finney.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote: > So it does seem like it must be a MUST in order to be an effective > deterrent. > > One possible problem is if there is any substantial set of signing subkeys > in use that don't have the 0x19 signature. Signatures issued by those > keys might become invalid. I don't think we have any from pgp.com, > we did not previously support signing subkeys. GPG supports signing subkeys, and there are a number of them in use. (A number, it should be said though, that is utterly dwarfed by the number of people using their primary key as their signing key.) I am concerned about the users of signing subkeys, so I have a transition planned for GPG. GPG has offered 0x19 backsigs as a build-time option for a while now. As of the next release (1.4.3), backsigs are on by default so all new signing subkeys have them. At some point in the future (after more subkeys get backsigs), GPG will start complaining if it does not see a backsig. At some point even further, GPG will start treating signatures issued by a signing subkey without a backsig as invalid, but there will be a way to tell GPG to ignore the missing backsigs for backwards compatibility. I think such a transition in GPG and other programs that support signing subkeys is a reasonable solution for the existing signing subkeys out there, and it shouldn't impact doing the right thing in the standard for future use. I support making 0x19 backsigs a MUST. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C21Ocm062256; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C21OtM062255; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C21Ntm062246 for ; Tue, 11 Oct 2005 19:01:24 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Tue, 11 Oct 2005 19:01:21 -0700 Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 19:01:21 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 19:01:21 -0700 Mime-Version: 1.0 (Apple Message framework v734) In-Reply-To: <434C3128.5080808@systemics.com> References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> <434C3128.5080808@systemics.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Tue, 11 Oct 2005 19:01:23 -0700 To: OpenPGP X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 11 Oct 2005, at 2:39 PM, Ian G wrote: > Jon Callas wrote: > > >> The possible outside exception is the "Cleartext Signatures" >> thread, where I believe there's no consensus for a change, but I >> don't see anything that can't be added in WGLC if that's not the >> case. >> > > Ben raised an issue about the blank line separating > the headers from the armour. Is that mandatory or > not? I think it should be. > My opinion is that the spec clearly says that the blank line is required. If in the real world, there are implementations that don't put it in, and yet are generally accepted, then well, okay, but that's a standards violation. I suppose that's reason enough to discuss taking it out, that it's more nodded to than observed, but I haven't noticed it being ignored. I was surprised that anyone didn't do it. If consensus is to do something -- hey, that's why it's last call. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NQ6S053914; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9C0NQK9053913; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9C0NPu9053907 for ; Tue, 11 Oct 2005 17:23:26 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 5CD782B47A3; Wed, 12 Oct 2005 02:23:24 +0200 (CEST) Date: Wed, 12 Oct 2005 02:23:24 +0200 To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051012002324.GA9539@epointsystem.org> References: <20051011222500.0352B57EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051011222500.0352B57EF9@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 03:25:00PM -0700, "Hal Finney" wrote: > One possible problem is if there is any substantial set of signing subkeys > in use that don't have the 0x19 signature. Signatures issued by those > keys might become invalid. I don't think we have any from pgp.com, > we did not previously support signing subkeys. I have encountered only one signature subkey so far, but I do intend to use signature subkeys in the future myself. I agree that signature theft is a very serious issue, and mandating 0x19 signatures is necessary to prevent it. Signature subkeys currently in use are not that much of a problem, because the owners can always create the missing 0x19 signature. If they don't, it's in everybody's interest (including their own) that the signatures become invalid. I actually wanted to do a survey of public keys for algorithms, key sizes, subkeys, etc. for a long time. What I really want to know is what algorithms and key sizes are used for certification, encryption and document signature, and what proportion of users use subkeys. If there's additional interest for such a survey, please let me know: it will provide me with the additional motivation I need to actually carry it out. Most of the software has already been written, but it's a horrible processor hog of a task, estimated to keep a server busy for several hours. As a side benefit, I could email all known signature subkey owners about signing their subkey both ways. But that can only happen when major implementations (PGP and GPG) can actually do it. Also, there's a significant number of keys corrupted by keyservers that can't handle multiple subkeys correctly. While natural in some way, it still amazes me how much worse the quality of keyservers are compared to other OpenPGP software. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMODFf041194; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMODMr041193; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMODqg041183 for ; Tue, 11 Oct 2005 15:24:13 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101122240701500b7u8ke>; Tue, 11 Oct 2005 22:24:07 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BMOC0m004980 for ; Tue, 11 Oct 2005 18:24:12 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BMO4Ct004923 for ; Tue, 11 Oct 2005 18:24:04 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BMO4c5004922 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 18:24:04 -0400 Date: Tue, 11 Oct 2005 18:24:04 -0400 From: David Shaw To: OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051011222404.GB4883@jabberwocky.com> Mail-Followup-To: OpenPGP References: <20051010162027.GB14780@epointsystem.org> <434AABAB.7090508@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <434AABAB.7090508@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote: > > Daniel A. Nagy wrote: > >On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > > > > > >>That mantra has shown to be a less than great idea recently, since it > >>promotes interestingly obscure security holes, so I still would like to > >>know what the correct behaviour is, and I'd like the I-D to accurately > >>document that behaviour. > > > > > >In that case, the empty line should be mandated, > > I agree. As do I, but it seems to me that it is already mandated. Section 6.2 (Forming ASCII Armor) mandates the line. Section 7 (Cleartext signature framework) refers to "The ASCII armored signature(s)". Doesn't it them follow that the armored signature (like all armor) mandates the line? Am I reading into something that isn't there? David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMO0qO041177; Tue, 11 Oct 2005 15:24:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMO00W041176; Tue, 11 Oct 2005 15:24:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMNsff041166 for ; Tue, 11 Oct 2005 15:23:59 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id 0352B57EF9; Tue, 11 Oct 2005 15:25:00 -0700 (PDT) To: dshaw@jabberwocky.com, ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-Id: <20051011222500.0352B57EF9@finney.org> Date: Tue, 11 Oct 2005 15:25:00 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: David Shaw writes: > Wondering - should the embedded 0x19 signature be a MUST? Lacking a > 0x19 allows the signing subkey to be "stolen" onto another primary > key. To remind readers, the 0x19 signature is issued by signing subkeys on top-level keys, so that we have two-way binding. The top key signs the subkey and the subkey signs the top key, so each key agrees that they belong together in a pair. The problem is that if it is not a MUST, someone who does create such a 0x19 back signature to bind his subkey is still at risk of it being stolen. The thief would bring just the subkey over and put a new signature on it by his top key, and there would be no sign of the 0x19 signature the victim had created to try to stop this theft. There would be no 0x19 signature on the new key, but if it is not a MUST then we might have to assume that this was just a choice by the key holder not to create one. So it does seem like it must be a MUST in order to be an effective deterrent. One possible problem is if there is any substantial set of signing subkeys in use that don't have the 0x19 signature. Signatures issued by those keys might become invalid. I don't think we have any from pgp.com, we did not previously support signing subkeys. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMBdRl040252; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BMBdcG040251; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BMBcR0040240 for ; Tue, 11 Oct 2005 15:11:39 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005101122113001200p8kcae>; Tue, 11 Oct 2005 22:11:31 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BMBZ0m004938 for ; Tue, 11 Oct 2005 18:11:35 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BMBRZg004899 for ; Tue, 11 Oct 2005 18:11:27 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BMBRPb004896 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 18:11:27 -0400 Date: Tue, 11 Oct 2005 18:11:27 -0400 From: David Shaw To: OpenPGP Subject: Multiple signatures in clearsigned messages (was Re: Cleartext Signatures) Message-ID: <20051011221127.GA4883@jabberwocky.com> Mail-Followup-To: OpenPGP References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051010142703.GA32121@epointsystem.org> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 04:27:04PM +0200, Daniel A. Nagy wrote: > I also have a question regarding clearsigned documents. Are multiple > signatures in clearsigned documents supported by OpenPGP (the fact > that multiple hash algorithms are allowed suggests that they are)? > And if so, how exactly? I would put all of them in a single armored > signature block, but the standard does not explicitly specify this > or any other method. Yes, they are supported, and the putting all of them in a single armored signature block is the way to do it. Section 7 refers to "The ASCII armored signature(s)" in the signature block. The text seems reasonably clear to me - what is not good here? David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLdIL7036687; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BLdItC036686; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLdIZe036680 for ; Tue, 11 Oct 2005 14:39:18 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 81FFE630A0; Tue, 11 Oct 2005 22:39:15 +0100 (BST) Message-ID: <434C3128.5080808@systemics.com> Date: Tue, 11 Oct 2005 22:39:52 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: Derek Atkins , ietf-openpgp@imc.org, hartmans-ietf@mit.edu Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT References: <434C1F2D.9050903@ihtfp.com> <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> In-Reply-To: <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > The possible outside exception is the "Cleartext Signatures" thread, > where I believe there's no consensus for a change, but I don't see > anything that can't be added in WGLC if that's not the case. Ben raised an issue about the blank line separating the headers from the armour. Is that mandatory or not? I think it should be. iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLL0Px035360; Tue, 11 Oct 2005 14:21:00 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BLL0xQ035359; Tue, 11 Oct 2005 14:21:00 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BLKxFI035339 for ; Tue, 11 Oct 2005 14:20:59 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 11ECB6309D; Tue, 11 Oct 2005 22:20:57 +0100 (BST) Message-ID: <434C2CDE.80401@systemics.com> Date: Tue, 11 Oct 2005 22:21:34 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jon Callas Cc: Ben Laurie , vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> In-Reply-To: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas wrote: > The spec as it stands is clear, and someone who puts this into mail has > to deal with long body lines in a cleartext message, anyway. They're > the mail expert, I'm not. No problem, I withdraw the suggestion. (I actually tried to make it more concrete ... but found some other issues that got into the cross-domain issues that you mention.) iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BL3m5A032909; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BL3mYY032908; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from rwcrmhc12.comcast.net (rwcrmhc13.comcast.net [216.148.227.118]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BL3mnG032893 for ; Tue, 11 Oct 2005 14:03:48 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005101121034201500b72oqe>; Tue, 11 Oct 2005 21:03:42 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j9BL3l0m004690 for ; Tue, 11 Oct 2005 17:03:47 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j9BL3dkV004804 for ; Tue, 11 Oct 2005 17:03:39 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j9BL3doo004803 for ietf-openpgp@imc.org; Tue, 11 Oct 2005 17:03:39 -0400 Date: Tue, 11 Oct 2005 17:03:39 -0400 From: David Shaw To: ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051011210339.GA4382@jabberwocky.com> Mail-Followup-To: ietf-openpgp@imc.org References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Oct 11, 2005 at 01:44:53PM -0700, Jon Callas wrote: > On 5 Oct 2005, at 2:11 PM, Hal Finney wrote: > > 0x18: Subkey Binding Signature > > This signature is a statement by the top-level signing key > >that > > indicates that it owns the subkey. This signature is > >calculated > > directly on the subkey itself, not on any User ID or other > > packets. A signature that binds a signing subkey also has an > > embedded signature subpacket in this binding signature which > > contains a 0x19 signature made by the signing subkey on the > > primary key. > > > >The signature is actually calculated over both the primary key and > >subkey packets, although here it says it is not calcualted over any > >other packets. > > > >(A separate issue is that the last sentence here should have a SHOULD: > >"A signature that binds a signing subkey SHOULD have an embedded...") > > > > Done. Wondering - should the embedded 0x19 signature be a MUST? Lacking a 0x19 allows the signing subkey to be "stolen" onto another primary key. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKsI6T031792; Tue, 11 Oct 2005 13:54:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKsIGK031791; Tue, 11 Oct 2005 13:54:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKsH5J031785 for ; Tue, 11 Oct 2005 13:54:17 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:54:16 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:54:15 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:54:15 -0700 In-Reply-To: <434C1F2D.9050903@ihtfp.com> References: <434C1F2D.9050903@ihtfp.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <6EF12DFA-D34D-45C9-9746-E8FB18FAC66C@callas.org> Cc: ietf-openpgp@imc.org, hartmans-ietf@mit.edu Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Date: Tue, 11 Oct 2005 13:54:09 -0700 To: Derek Atkins X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 11 Oct 2005, at 1:23 PM, Derek Atkins wrote: > > Jon assures me that draft-15 will be out tonight, so this should > provide > ample time for everyone to read and comment on the draft by the Last > Call end-time. > It'll be out as soon as I check for massively stupid errors, like wrong years, bad paragraph breaks, etc. (which have happened in the past). I believe that this covers all open issues. Derek and I went through all the ones on his list and mine, and they're both empty now. If I'm wrong, drop me a message. The possible outside exception is the "Cleartext Signatures" thread, where I believe there's no consensus for a change, but I don't see anything that can't be added in WGLC if that's not the case. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKj3cm030937; Tue, 11 Oct 2005 13:45:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKj3nj030936; Tue, 11 Oct 2005 13:45:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKj2wc030930 for ; Tue, 11 Oct 2005 13:45:02 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:44:55 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:44:55 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:44:55 -0700 In-Reply-To: <20051005211158.EEB1457EF9@finney.org> References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Signature calculation language Date: Tue, 11 Oct 2005 13:44:53 -0700 To: Hal Finney X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 5 Oct 2005, at 2:11 PM, Hal Finney wrote: > > Some of the language in the draft about signature calculations is > confusing and misleading. The brief descriptions in 5.2.1 Signature > Types are contradicted by 5.2.4 Computing Signatures. > > We should make clear that 5.2.4 is authoritative. I suggest that > we add > to the beginning of 5.2.1, "See section 5.2.4 for detailed information > on how to compute and verify signatures of each type." > Added. > Particular problems: > > 0x18: Subkey Binding Signature > This signature is a statement by the top-level signing key > that > indicates that it owns the subkey. This signature is > calculated > directly on the subkey itself, not on any User ID or other > packets. A signature that binds a signing subkey also has an > embedded signature subpacket in this binding signature which > contains a 0x19 signature made by the signing subkey on the > primary key. > > The signature is actually calculated over both the primary key and > subkey packets, although here it says it is not calcualted over any > other packets. > > (A separate issue is that the last sentence here should have a SHOULD: > "A signature that binds a signing subkey SHOULD have an embedded...") > Done. > 0x19 Primary Key Binding Signature > This signature is a statement by a signing subkey, indicating > that it is owned by the primary key. This signature is > calculated directly on the primary key itself, and not on any > User ID or other packets. > > Same issue here, the signature is calculated over both the primary key > and the subkey packets. > > 0x28: Subkey revocation signature > The signature is calculated directly on the subkey being > revoked. A revoked subkey is not to be used. Only revocation > signatures by the top-level signature key that is bound to > this > subkey, or by an authorized revocation key, should be > considered > valid revocation signatures. > > This is actually correct, I guess (I don't think PGP supports > subpacket > revocation signatures). According to 5.2.4 the hash is over just the > subkey packet and does not include the primary key packet, unlike > ordinary > subkey signatures. That seems a little inconsistent to me - is > this how > other people have implemented it? > > A couple of comments on section 5.2.4: > > When a signature is made over a signature packet, the hash data > starts with the octet 0x88, followed by the four-octet length > of the > signature, and then the body of the signature packet. The unhashed > subpacket data of the signature packet being hashed is not > included > in the hash and the unhashed subpacket data length value is set to > zero. (Note that this is an old-style packet header for a > signature > packet with the length-of-length set to zero). > > The parenthetical note at the end should go after the first sentence. > Done. > For consistency with other descriptions in this section, we should > refer > explicitly here to the Third-Party Confirmation Signature, type 0x50, > which I think is the only one for which this description applies. > Done. > One thing that is missing in these two sections is a clear > statement that > certificate revocation signatures are calculated over the same data > as the > certificate being revoked. 5.2.1 just says: > > 0x30: Certification revocation signature > This signature revokes an earlier User ID certification > signature (signature class 0x10 through 0x13) or direct-key > signature (0x1F). It should be issued by the same key that > issued the revoked signature or an authorized revocation key. > The signature should have a later creation date than the > signature it revokes. > > with no comments about what it is computed over, and 5.2.4 doesn't > clearly > describe this case either. We could change that last sentence to say, > "The signature is computed over the same data as the certificate that > it revokes, and should have a later creation date than that > certificate." > Done. > I am also not in love with the classic description of document > signatures > in 5.2.4: > > The signature data is simple to compute for document signatures > (types 0x00 and 0x01), for which the document itself is the data. > > First, it is presumptuous and uninformative to say something is > simple. > "The document itself is the data" has a certain Zen koan quality > but does > not plainly say what it means. And this fails to distinguish between > text and binary signatures; for text signatures, the document > itself is > not the (hashed) data, but rather the canonicalized document. > > How about this: > > "For binary document signatures (type 0x00), the document data is > hashed > directly. For text document signatures (type 0x01), the document is > canonicalized by converting line endings to , and the > resulting > data is hashed." Done. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKQlUI028778; Tue, 11 Oct 2005 13:26:47 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKQkkq028777; Tue, 11 Oct 2005 13:26:47 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKQkCE028770 for ; Tue, 11 Oct 2005 13:26:46 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 13:26:42 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 13:26:42 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 13:26:42 -0700 In-Reply-To: <434AB788.6020305@systemics.com> References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> <434AB788.6020305@systemics.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <66EFCDC2-6A03-4897-9FDD-C2BA2942C444@callas.org> Cc: Ben Laurie , vedaal@hush.com, ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Cleartext Signatures Date: Tue, 11 Oct 2005 13:26:38 -0700 To: Ian G X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 10 Oct 2005, at 11:48 AM, Ian G wrote: > > Ben Laurie wrote: > >> Sigh. The I-D says armour lines are at most 76 characters. >> > > > !IIRC, so replace 'standard' with fixed. > > Getting back to the point of vedaal's kindly > provided suggestion, the length of the armour > lines is not fixed, and successive implementations > have wrestled with the length, gradually setting > it less as newer mailer and editor artifacts pop > out of the electronic woodwork. > > My point is that the length of the Header/Tail Lines > and/or the Armor lines suggests a more effective > maximum to the length of the headers, as then the > headers themselves won't cause any problems. > > If it is a big enough issue, I'd suggest adding > the following guidance: > > The format of an Armor Header is that of a key-value pair. A > colon > (':' 0x38) and a single space (0x20) separate the key and value. > OpenPGP should consider improperly formatted Armor Headers to be > corruption of the ASCII Armor. Unknown keys should be reported to > the user, but OpenPGP should continue to process the message. > ****** > From experience, implementations may limit or warn if the length > of any Armor Header exceeds the length of other lines. > ****** > > Or somesuch, towards end of page 49. Here's an alternate: > > ****** > As messages may experience various transformations during > transport, resiliance may be improved if Armor Headers are > kept short, by for example being no longer than the length > of other lines (Armor Header Lines or the Armor itself). > ***** Okay, but. OpenPGP is not an email standard. It is a data format standard. Yes, many uses of OpenPGP are in email. But not all, and possibly even not most. (I have heard it asserted that there are more signed files than emails.) I remember a past argument about the comment header, for example, noting that an appropriately clever person could make a comment that would do something that someone doesn't like because of high-bit issues, character sets, etc. Our ending decision was to note that if you hurt yourself, you hurt yourself. The only reason I would prefer not doing anything here is that I don't want to keep putting in hints for good interactions with mailers in 2440bis. We are a superset of mail. The spec as it stands is clear, and someone who puts this into mail has to deal with long body lines in a cleartext message, anyway. They're the mail expert, I'm not. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKNHLU028544; Tue, 11 Oct 2005 13:23:17 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BKNH7S028543; Tue, 11 Oct 2005 13:23:17 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.ihtfp.org (MAIL.IHTFP.ORG [204.107.200.6]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BKNG7s028537 for ; Tue, 11 Oct 2005 13:23:16 -0700 (PDT) (envelope-from derek@ihtfp.com) Received: from [10.0.1.63] (adsl-068-157-135-002.sip.asm.bellsouth.net [68.157.135.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ihtfp.org (Postfix) with ESMTP id 14EEEBD8420; Tue, 11 Oct 2005 16:23:09 -0400 (EDT) Message-ID: <434C1F2D.9050903@ihtfp.com> Date: Tue, 11 Oct 2005 16:23:09 -0400 From: Derek Atkins User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: ietf-openpgp@imc.org CC: hartmans-ietf@mit.edu Subject: WGLC for draft-ietf-openpgp-openpgp-15 ends Oct 28 1700EDT Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, The new openpgp internet-draft (version 15) should be out and in the archives really soon. The editor and I believe that all open issues have been incorporated into this version of the draft. Therefore I am declaring a Working Group Last Call on draft-ietf-openpgp-openpgp-15 that will end at 1700 US/EDT on Friday, October 28th. Jon assures me that draft-15 will be out tonight, so this should provide ample time for everyone to read and comment on the draft by the Last Call end-time. Issues should be sent to the list. If you feel you want to remain private you can send them to jon and myself. If you wish to remain ultra-private you are welcome to send the issues just to me and I will forward them on anonymized. Happy reading. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BJLNcC023098; Tue, 11 Oct 2005 12:21:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9BJLNvI023097; Tue, 11 Oct 2005 12:21:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9BJLMMq023089 for ; Tue, 11 Oct 2005 12:21:22 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Tue, 11 Oct 2005 12:21:21 -0700 Received: from [216.102.208.14] ([216.102.208.14]) by keys.merrymeet.com (PGP Universal service); Tue, 11 Oct 2005 12:21:20 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 11 Oct 2005 12:21:20 -0700 In-Reply-To: <20050827135945.GB1832@jabberwocky.com> References: <20050827135945.GB1832@jabberwocky.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <70A95188-CB3D-4FDF-91D0-70142F46BCA0@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: ISSUE: misleading hash instructions Date: Tue, 11 Oct 2005 12:21:18 -0700 To: David Shaw X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 27 Aug 2005, at 6:59 AM, David Shaw wrote: > > This one is really easy to fix. In section 5.2.4 (Computing > Signatures), the paragraph ordering implies incorrect things about a > user ID certification signature (which hashes the public key plus user > ID packet). The description of a user ID certification signature > refers to "the data above", which given the paragraph ordering, is how > to hash a signature for signing, and not a public key. > > If we just switch the position of the paragraph beginning "When a > signature is made over a signature packet" with the paragraph > beginning "A certification signature (type 0x10 through 0x13)" the > problem goes away. > Fixed. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AIm6sb055108; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AIm6bx055107; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AIm6Sk055099 for ; Mon, 10 Oct 2005 11:48:06 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 72D7D63627; Mon, 10 Oct 2005 19:48:04 +0100 (BST) Message-ID: <434AB788.6020305@systemics.com> Date: Mon, 10 Oct 2005 19:48:40 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ben Laurie Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> <434A8703.9010704@algroup.co.uk> In-Reply-To: <434A8703.9010704@algroup.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ben Laurie wrote: > Sigh. The I-D says armour lines are at most 76 characters. !IIRC, so replace 'standard' with fixed. Getting back to the point of vedaal's kindly provided suggestion, the length of the armour lines is not fixed, and successive implementations have wrestled with the length, gradually setting it less as newer mailer and editor artifacts pop out of the electronic woodwork. My point is that the length of the Header/Tail Lines and/or the Armor lines suggests a more effective maximum to the length of the headers, as then the headers themselves won't cause any problems. If it is a big enough issue, I'd suggest adding the following guidance: The format of an Armor Header is that of a key-value pair. A colon (':' 0x38) and a single space (0x20) separate the key and value. OpenPGP should consider improperly formatted Armor Headers to be corruption of the ASCII Armor. Unknown keys should be reported to the user, but OpenPGP should continue to process the message. ****** From experience, implementations may limit or warn if the length of any Armor Header exceeds the length of other lines. ****** Or somesuch, towards end of page 49. Here's an alternate: ****** As messages may experience various transformations during transport, resiliance may be improved if Armor Headers are kept short, by for example being no longer than the length of other lines (Armor Header Lines or the Armor itself). ***** iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI6pG5051708; Mon, 10 Oct 2005 11:06:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AI6p6C051707; Mon, 10 Oct 2005 11:06:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI6o5m051698 for ; Mon, 10 Oct 2005 11:06:50 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EP29I-00083c-Qy for ; Mon, 10 Oct 2005 20:13:20 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EP1x7-0001pj-GZ; Mon, 10 Oct 2005 20:00:45 +0200 To: Ian G Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <87k6glfn1q.fsf@wheatstone.g10code.de> <434A9D9C.30505@systemics.com> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 10 Oct 2005 20:00:45 +0200 In-Reply-To: <434A9D9C.30505@systemics.com> (Ian G.'s message of "Mon, 10 Oct 2005 17:58:04 +0100") Message-ID: <87d5mddzg2.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 17:58:04 +0100, Ian G said: > There is no reason why OpenPGP can't impose a > tighter limit, and a quick scan of the doc did That won't help. Some editors used by MUAs feel too clever and don't allow a user to enter lines longer than the actual window. When copy and pasting an OpenPGP armored message it might get wrapped around. So even 76 chracters may be too much. A possible solution to this is to have the MUA (plugin) to cut or remove such headers. Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI016d050999; Mon, 10 Oct 2005 11:00:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AI0111050998; Mon, 10 Oct 2005 11:00:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AI00j8050985 for ; Mon, 10 Oct 2005 11:00:00 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 99EC133C1B; Mon, 10 Oct 2005 18:59:59 +0100 (BST) Message-ID: <434AABAB.7090508@algroup.co.uk> Date: Mon, 10 Oct 2005 18:58:03 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Daniel A. Nagy" CC: OpenPGP Subject: Re: Cleartext Signatures References: <20051010162027.GB14780@epointsystem.org> In-Reply-To: <20051010162027.GB14780@epointsystem.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel A. Nagy wrote: > On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > > >>That mantra has shown to be a less than great idea recently, since it >>promotes interestingly obscure security holes, so I still would like to >>know what the correct behaviour is, and I'd like the I-D to accurately >>document that behaviour. > > > In that case, the empty line should be mandated, I agree. > although distinguishing > between header data and base64 armor is quite straightforward and > unambiguous: headers always have colons in them, base64 armor never does. This becomes less straightforward when you hit line length limits. > Thus, it should be impossible to derail a correct parser with a carefully > constructed header, though of course, it's easier to write the parser if one > assumes an empty line before the base64 data. Mine does either (configurably). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGvVoB042699; Mon, 10 Oct 2005 09:57:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AGvVeN042694; Mon, 10 Oct 2005 09:57:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGvTgA042658 for ; Mon, 10 Oct 2005 09:57:29 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id AB65363518; Mon, 10 Oct 2005 17:57:27 +0100 (BST) Message-ID: <434A9D9C.30505@systemics.com> Date: Mon, 10 Oct 2005 17:58:04 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Werner Koch Cc: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <87k6glfn1q.fsf@wheatstone.g10code.de> In-Reply-To: <87k6glfn1q.fsf@wheatstone.g10code.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Werner Koch wrote: > On Mon, 10 Oct 2005 07:15:07 -0700, said: > > >>could there be a consensus on the maximum length of >>a comment or version line, > > > This is not OpenPGP's business. There is a limit in rfc2822 at (iirc) > 998 characters. The real problem at hand is that some MUAs break > lines when they should not do so. There is no reason why OpenPGP can't impose a tighter limit, and a quick scan of the doc did not reveal mention of rfc2822 anywhere. Either way, ascii armor documents are OpenPGP's business, wherever it got the format from. > [To avoid this once and for all, use PGP/MIME.] I for one choose not to, but I'm not religious about it! iang Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGKoCI039185; Mon, 10 Oct 2005 09:20:50 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AGKoCi039184; Mon, 10 Oct 2005 09:20:50 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AGKnZW039178 for ; Mon, 10 Oct 2005 09:20:49 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id EC0562B47DB; Mon, 10 Oct 2005 18:20:36 +0200 (CEST) Date: Mon, 10 Oct 2005 18:20:36 +0200 To: OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051010162027.GB14780@epointsystem.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote: > That mantra has shown to be a less than great idea recently, since it > promotes interestingly obscure security holes, so I still would like to > know what the correct behaviour is, and I'd like the I-D to accurately > document that behaviour. In that case, the empty line should be mandated, although distinguishing between header data and base64 armor is quite straightforward and unambiguous: headers always have colons in them, base64 armor never does. Thus, it should be impossible to derail a correct parser with a carefully constructed header, though of course, it's easier to write the parser if one assumes an empty line before the base64 data. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AFNbcM034437; Mon, 10 Oct 2005 08:23:37 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AFNbOf034436; Mon, 10 Oct 2005 08:23:37 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AFNaxx034429 for ; Mon, 10 Oct 2005 08:23:36 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id CA98C33C1A; Mon, 10 Oct 2005 16:23:35 +0100 (BST) Message-ID: <434A8703.9010704@algroup.co.uk> Date: Mon, 10 Oct 2005 16:21:39 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian G CC: vedaal@hush.com, ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> <434A802D.2000902@systemics.com> In-Reply-To: <434A802D.2000902@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Ian G wrote: > > vedaal@hush.com wrote: > >> also, >> could there be a consensus on the maximum length of a comment or >> version line, >> >> long version lines (example the freeware pgp editions) >> wrap in gnupg, >> and there is an error message of invalid armor heador, >> and further attempts at decryption/verification are stopped > > > It is possible to parse for the next empty line, > but I agree this is a pain, as there are other > artifacts that occur when extra empty lines are > inserted by conversions. > >> would suggest 64 characters, to keep it the same as the rest of the >> pgp armor > > > The line length of the armor is not standard > IIRC, so this would not be a good guide. A > better guide would be to be no longer than any > of the Head/Tail lines, as any slicing that > occurs in the Head/Tail lines will cause more > than normal chaos. Sigh. The I-D says armour lines are at most 76 characters. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEptGF030693; Mon, 10 Oct 2005 07:51:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEptgB030692; Mon, 10 Oct 2005 07:51:55 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEpsFI030686 for ; Mon, 10 Oct 2005 07:51:54 -0700 (PDT) (envelope-from iang@systemics.com) Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 4E5436350D; Mon, 10 Oct 2005 15:51:53 +0100 (BST) Message-ID: <434A802D.2000902@systemics.com> Date: Mon, 10 Oct 2005 15:52:29 +0100 From: Ian G Organization: http://financialcryptography.com/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050921) X-Accept-Language: en-us, en MIME-Version: 1.0 To: vedaal@hush.com Cc: ietf-openpgp@imc.org Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> In-Reply-To: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: vedaal@hush.com wrote: > also, > could there be a consensus on the maximum length of > a comment or version line, > > long version lines (example the freeware pgp editions) > wrap in gnupg, > and there is an error message of invalid armor heador, > and further attempts at decryption/verification are stopped It is possible to parse for the next empty line, but I agree this is a pain, as there are other artifacts that occur when extra empty lines are inserted by conversions. > would suggest 64 characters, to keep it the same as the rest of the > pgp armor The line length of the armor is not standard IIRC, so this would not be a good guide. A better guide would be to be no longer than any of the Head/Tail lines, as any slicing that occurs in the Head/Tail lines will cause more than normal chaos. iang PS: with a nod to Ben's comment, I mean by Head/Tail lines those lines that start with ----- in column 1. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEppKh030680; Mon, 10 Oct 2005 07:51:51 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEpp7X030679; Mon, 10 Oct 2005 07:51:51 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEpnvW030671 for ; Mon, 10 Oct 2005 07:51:50 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1EOz6Z-0007Dp-OV for ; Mon, 10 Oct 2005 16:58:19 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1EOyuH-0001KV-Oy; Mon, 10 Oct 2005 16:45:37 +0200 To: Cc: Subject: Re: Cleartext Signatures References: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> From: Werner Koch Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Mon, 10 Oct 2005 16:45:37 +0200 In-Reply-To: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> (vedaal@hush.com's message of "Mon, 10 Oct 2005 07:15:07 -0700") Message-ID: <87k6glfn1q.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 07:15:07 -0700, said: > could there be a consensus on the maximum length of > a comment or version line, This is not OpenPGP's business. There is a limit in rfc2822 at (iirc) 998 characters. The real problem at hand is that some MUAs break lines when they should not do so. [To avoid this once and for all, use PGP/MIME.] Shalom-Salam, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEWRIQ028130; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEWR2L028129; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEWQZK028122 for ; Mon, 10 Oct 2005 07:32:27 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 3880433C1B; Mon, 10 Oct 2005 15:32:26 +0100 (BST) Message-ID: <434A7B05.4070600@algroup.co.uk> Date: Mon, 10 Oct 2005 15:30:29 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Daniel A. Nagy" CC: OpenPGP Subject: Re: Cleartext Signatures References: <434A45B9.5060707@algroup.co.uk> <20051010142703.GA32121@epointsystem.org> In-Reply-To: <20051010142703.GA32121@epointsystem.org> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Daniel A. Nagy wrote: > On Mon, Oct 10, 2005 at 11:43:05AM +0100, Ben Laurie wrote: > >>Section 7 says that the last bit of a cleartext signature is: >> >>"The ASCII armored signature(s) including the '-----BEGIN PGP >>SIGNATURE-----' Armor Header and Armor Tail Lines." >> >>This is ambiguous, since in previous sections "Armor Header" has >>referred to name/value pairs, of which there could be none or more than >>one, and not the "-----blah-----" line, which is called the "Armor >>Header Line". >> >>Since I have seen signature both with and without headers (i.e. some >>with no headers do not have a blank line between the header line and the >>armoured text), I'd like to know what is actually correct here! > > > Most implementations that I have encountered or written use headers in the > signanture part of clearsigned documents and in the absence of any still > leave an empty line. I think, this is the correct behavior, though the > "be liberal in what you accept and conservative in what you send" mantra > would imply that implementations MAY accept signatures without an empty > line, but MUST NOT generate them. That mantra has shown to be a less than great idea recently, since it promotes interestingly obscure security holes, so I still would like to know what the correct behaviour is, and I'd like the I-D to accurately document that behaviour. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AER6oB027240; Mon, 10 Oct 2005 07:27:06 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AER6fu027239; Mon, 10 Oct 2005 07:27:06 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AER5cY027229 for ; Mon, 10 Oct 2005 07:27:05 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 2822BF8085; Mon, 10 Oct 2005 16:27:04 +0200 (CEST) Date: Mon, 10 Oct 2005 16:27:04 +0200 To: Ben Laurie , OpenPGP Subject: Re: Cleartext Signatures Message-ID: <20051010142703.GA32121@epointsystem.org> References: <434A45B9.5060707@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <434A45B9.5060707@algroup.co.uk> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, Oct 10, 2005 at 11:43:05AM +0100, Ben Laurie wrote: > > Section 7 says that the last bit of a cleartext signature is: > > "The ASCII armored signature(s) including the '-----BEGIN PGP > SIGNATURE-----' Armor Header and Armor Tail Lines." > > This is ambiguous, since in previous sections "Armor Header" has > referred to name/value pairs, of which there could be none or more than > one, and not the "-----blah-----" line, which is called the "Armor > Header Line". > > Since I have seen signature both with and without headers (i.e. some > with no headers do not have a blank line between the header line and the > armoured text), I'd like to know what is actually correct here! Most implementations that I have encountered or written use headers in the signanture part of clearsigned documents and in the absence of any still leave an empty line. I think, this is the correct behavior, though the "be liberal in what you accept and conservative in what you send" mantra would imply that implementations MAY accept signatures without an empty line, but MUST NOT generate them. I also have a question regarding clearsigned documents. Are multiple signatures in clearsigned documents supported by OpenPGP (the fact that multiple hash algorithms are allowed suggests that they are)? And if so, how exactly? I would put all of them in a single armored signature block, but the standard does not explicitly specify this or any other method. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEFDM7026219; Mon, 10 Oct 2005 07:15:13 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AEFDUk026218; Mon, 10 Oct 2005 07:15:13 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AEFCfO026207 for ; Mon, 10 Oct 2005 07:15:12 -0700 (PDT) (envelope-from vedaal@hush.com) Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 65917A337F for ; Mon, 10 Oct 2005 07:15:12 -0700 (PDT) Received: from mailserver3.hushmail.com (mailserver3.hushmail.com [65.39.178.20]) by smtp3.hushmail.com (Postfix) with ESMTP for ; Mon, 10 Oct 2005 07:15:10 -0700 (PDT) Received: (from nobody@localhost) by mailserver3.hushmail.com (8.12.11/8.12.9/Submit) id j9AEFAXw002758 for ; Mon, 10 Oct 2005 07:15:10 -0700 (PDT) (envelope-from vedaal@hush.com) Message-Id: <200510101415.j9AEFAXw002758@mailserver3.hushmail.com> Date: Mon, 10 Oct 2005 07:15:07 -0700 To: Cc: Subject: Re: Cleartext Signatures From: Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Mon, 10 Oct 2005 03:43:05 -0700 Ben Laurie wrote: >Section 7 says that the last bit of a cleartext signature is: > >"The ASCII armored signature(s) including the '-----BEGIN PGP >SIGNATURE-----' Armor Header and Armor Tail Lines." > >This is ambiguous, since in previous sections "Armor Header" has >referred to name/value pairs, of which there could be none or more >than >one, and not the "-----blah-----" line, which is called the "Armor > >Header Line". > >Since I have seen signature both with and without headers (i.e. >some >with no headers do not have a blank line between the header line >and the >armoured text), I'd like to know what is actually correct here! > >Cheers, also, could there be a consensus on the maximum length of a comment or version line, long version lines (example the freeware pgp editions) wrap in gnupg, and there is an error message of invalid armor heador, and further attempts at decryption/verification are stopped would suggest 64 characters, to keep it the same as the rest of the pgp armor vedaa Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AAjCMp005121; Mon, 10 Oct 2005 03:45:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j9AAjCoK005120; Mon, 10 Oct 2005 03:45:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9AAj8I2005108 for ; Mon, 10 Oct 2005 03:45:11 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.219] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A081E33C1B for ; Mon, 10 Oct 2005 11:45:02 +0100 (BST) Message-ID: <434A45B9.5060707@algroup.co.uk> Date: Mon, 10 Oct 2005 11:43:05 +0100 From: Ben Laurie User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP Subject: Cleartext Signatures X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Section 7 says that the last bit of a cleartext signature is: "The ASCII armored signature(s) including the '-----BEGIN PGP SIGNATURE-----' Armor Header and Armor Tail Lines." This is ambiguous, since in previous sections "Armor Header" has referred to name/value pairs, of which there could be none or more than one, and not the "-----blah-----" line, which is called the "Armor Header Line". Since I have seen signature both with and without headers (i.e. some with no headers do not have a blank line between the header line and the armoured text), I'd like to know what is actually correct here! Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j97Frenb031327; Fri, 7 Oct 2005 08:53:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j97FreIm031326; Fri, 7 Oct 2005 08:53:40 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.epointsystem.org (120.156-228-195.hosting.adatpark.hu [195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j97FrY6N031278 for ; Fri, 7 Oct 2005 08:53:35 -0700 (PDT) (envelope-from nagydani@epointsystem.org) Received: by mail.epointsystem.org (Postfix, from userid 1001) id 81C342B47DA; Fri, 7 Oct 2005 17:53:22 +0200 (CEST) Date: Fri, 7 Oct 2005 17:53:22 +0200 To: Hal Finney , ietf-openpgp@imc.org Subject: Re: Signature calculation language Message-ID: <20051007155316.GA20782@epointsystem.org> References: <20051005211158.EEB1457EF9@finney.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051005211158.EEB1457EF9@finney.org> User-Agent: Mutt/1.5.6+20040907i From: nagydani@epointsystem.org (Daniel A. Nagy) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This, I agree, is the worst part of RFC2440, causing me a lot of trouble (I would actualy go further: it's almost useless in its present form; I ended up figuring things out from PGP and GPG sources and interoperability experiments). Instead of just tweaking the language, however, I would suggest the inclusion of an overview table in which one can look up which signature type is calculated on exactly what data, in what format, in which order. It would be tremendously useful for implementers. -- Daniel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j95LBIY4089777; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j95LBIIw089776; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j95LBHaC089769 for ; Wed, 5 Oct 2005 14:11:18 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id EEB1457EF9; Wed, 5 Oct 2005 14:11:58 -0700 (PDT) To: ietf-openpgp@imc.org Subject: Signature calculation language Message-Id: <20051005211158.EEB1457EF9@finney.org> Date: Wed, 5 Oct 2005 14:11:58 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Some of the language in the draft about signature calculations is confusing and misleading. The brief descriptions in 5.2.1 Signature Types are contradicted by 5.2.4 Computing Signatures. We should make clear that 5.2.4 is authoritative. I suggest that we add to the beginning of 5.2.1, "See section 5.2.4 for detailed information on how to compute and verify signatures of each type." Particular problems: 0x18: Subkey Binding Signature This signature is a statement by the top-level signing key that indicates that it owns the subkey. This signature is calculated directly on the subkey itself, not on any User ID or other packets. A signature that binds a signing subkey also has an embedded signature subpacket in this binding signature which contains a 0x19 signature made by the signing subkey on the primary key. The signature is actually calculated over both the primary key and subkey packets, although here it says it is not calcualted over any other packets. (A separate issue is that the last sentence here should have a SHOULD: "A signature that binds a signing subkey SHOULD have an embedded...") 0x19 Primary Key Binding Signature This signature is a statement by a signing subkey, indicating that it is owned by the primary key. This signature is calculated directly on the primary key itself, and not on any User ID or other packets. Same issue here, the signature is calculated over both the primary key and the subkey packets. 0x28: Subkey revocation signature The signature is calculated directly on the subkey being revoked. A revoked subkey is not to be used. Only revocation signatures by the top-level signature key that is bound to this subkey, or by an authorized revocation key, should be considered valid revocation signatures. This is actually correct, I guess (I don't think PGP supports subpacket revocation signatures). According to 5.2.4 the hash is over just the subkey packet and does not include the primary key packet, unlike ordinary subkey signatures. That seems a little inconsistent to me - is this how other people have implemented it? A couple of comments on section 5.2.4: When a signature is made over a signature packet, the hash data starts with the octet 0x88, followed by the four-octet length of the signature, and then the body of the signature packet. The unhashed subpacket data of the signature packet being hashed is not included in the hash and the unhashed subpacket data length value is set to zero. (Note that this is an old-style packet header for a signature packet with the length-of-length set to zero). The parenthetical note at the end should go after the first sentence. For consistency with other descriptions in this section, we should refer explicitly here to the Third-Party Confirmation Signature, type 0x50, which I think is the only one for which this description applies. One thing that is missing in these two sections is a clear statement that certificate revocation signatures are calculated over the same data as the certificate being revoked. 5.2.1 just says: 0x30: Certification revocation signature This signature revokes an earlier User ID certification signature (signature class 0x10 through 0x13) or direct-key signature (0x1F). It should be issued by the same key that issued the revoked signature or an authorized revocation key. The signature should have a later creation date than the signature it revokes. with no comments about what it is computed over, and 5.2.4 doesn't clearly describe this case either. We could change that last sentence to say, "The signature is computed over the same data as the certificate that it revokes, and should have a later creation date than that certificate." I am also not in love with the classic description of document signatures in 5.2.4: The signature data is simple to compute for document signatures (types 0x00 and 0x01), for which the document itself is the data. First, it is presumptuous and uninformative to say something is simple. "The document itself is the data" has a certain Zen koan quality but does not plainly say what it means. And this fails to distinguish between text and binary signatures; for text signatures, the document itself is not the (hashed) data, but rather the canonicalized document. How about this: "For binary document signatures (type 0x00), the document data is hashed directly. For text document signatures (type 0x01), the document is canonicalized by converting line endings to , and the resulting data is hashed." Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j94FI1oe095439; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j94FI1IK095438; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.202]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j94FI0dC095415 for ; Tue, 4 Oct 2005 08:18:01 -0700 (PDT) (envelope-from rwillmer@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so235187nzo for ; Tue, 04 Oct 2005 08:17:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UIzoBoWgTZhQTs0GkTM0IJ7j4yuejS6RDk4XRCMaTVKbSeXXuHgcDKgzY7yud1BSjABQ5AlxHYNE+iQSiULh9xsKZDufLx+N6EVl5V6YZ5/3do/+JGG26l0i9m/q/c8SPzxz7j0rPDbNBW8Xmo5oTLGFQFH9ypny6wKw6Q5iDBU= Received: by 10.37.2.16 with SMTP id e16mr288850nzi; Tue, 04 Oct 2005 08:17:55 -0700 (PDT) Received: by 10.36.222.9 with HTTP; Tue, 4 Oct 2005 08:17:55 -0700 (PDT) Message-ID: <5cd112870510040817k61ac111et@mail.gmail.com> Date: Tue, 4 Oct 2005 16:17:55 +0100 From: Rachel Willmer Reply-To: Rachel Willmer To: ietf-openpgp@imc.org Subject: Re: WG Goals and Milestones In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <5cd112870510030226n172cbc87q@mail.gmail.com> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j94FI1dC095432 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 04/10/05, Jon Callas wrote: > Those goals have really all been met. I rather thought they might have :-) Derek posted here a while ago > (but not that long, they're part of the IETF63 notes) some updated > goals, but they're not on the website. doh! should have thought to look there. thanks Rachel Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j942nCBT011836; Mon, 3 Oct 2005 19:49:12 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j942nCBA011835; Mon, 3 Oct 2005 19:49:12 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpa.itss.auckland.ac.nz (groucho.itss.auckland.ac.nz [130.216.190.11]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j942nAH9011819 for ; Mon, 3 Oct 2005 19:49:10 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 81E55343C3; Tue, 4 Oct 2005 15:49:04 +1300 (NZDT) Received: from smtpa.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12428-23; Tue, 4 Oct 2005 15:49:04 +1300 (NZDT) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id AE98D3469B; Tue, 4 Oct 2005 15:49:03 +1300 (NZDT) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 4F25E37746; Tue, 4 Oct 2005 15:49:03 +1300 (NZDT) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1EMcrb-0000Wq-00; Tue, 04 Oct 2005 15:49:07 +1300 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: jon@callas.org, nagydani@epointsystem.org Subject: Re: Plausible deniability (a feature to think about) Cc: ietf-openpgp@imc.org In-Reply-To: <08A20B20-E224-4C3F-A29B-1013A2025FE6@callas.org> Message-Id: Date: Tue, 04 Oct 2005 15:49:07 +1300 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jon Callas writes: >There's nothing wrong with X9.42 technical. Its non-use (and DSA's) are all >layer 8 and 9 issues. Actually X9.42 is a pretty awkward way to do key exchange. You can use Elgamal as a drop-in replacement for RSA, but X9.42 requires both sender and receiver certs to establish a key, and mixes in a large pile of other (largely unnecessary) complexity and extra parameters and data values for no good reason. It seems to have been heavily influenced by the Fortezza KEA mechanism. It's just a royal pain to implement no matter how you look at it. While I'm commenting on this, there isn't much problem with key formats, X9.42 and DSA are both from the DLP family so they use the same key generation and format. Well, almost, the X9.42 guys copied the DSA spec wrong and reversed two of the parameters, but apart from that they're identical. Peter. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NkNBf087109; Mon, 3 Oct 2005 16:46:23 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93NkNUI087108; Mon, 3 Oct 2005 16:46:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NkMKf087096 for ; Mon, 3 Oct 2005 16:46:22 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for ; Mon, 3 Oct 2005 16:46:21 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 03 Oct 2005 16:46:21 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 03 Oct 2005 16:46:21 -0700 In-Reply-To: <5cd112870510030226n172cbc87q@mail.gmail.com> References: <5cd112870510030226n172cbc87q@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: WG Goals and Milestones Date: Mon, 3 Oct 2005 16:46:17 -0700 To: Rachel Willmer X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 3 Oct 2005, at 2:26 AM, Rachel Willmer wrote: > > Just looking at the IETF page for the working group > , and it has > the following under "Goals and Milestones" > > Done Submit PGP/MIME draft to IESG for consideration as > PROPOSED standard > May 01 Submit Multiple Sig draft to IESG for consideration as > PROPOSED standard > Jul 01 Begin RFC2440, PGP/MIME Interoperability testing > Aug 01 Request DRAFT status for RFC2440 > > Are those still the goals the WG is working towards, or are there some > other more up-to-date ones? Those goals have really all been met. Derek posted here a while ago (but not that long, they're part of the IETF63 notes) some updated goals, but they're not on the website. Here's what he had: Aug 05 WGLC for 2440bis Sep 05 Submit 2440bis to IESG as Proposed Standard Nov 05 Finish Interop Test Plan Jan 06 Begin 2440bis Interop Testing Mar 06 Request DRAFT Status for 2440bis Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NhJtw086860; Mon, 3 Oct 2005 16:43:19 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93NhJ4t086859; Mon, 3 Oct 2005 16:43:19 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93NhI4Q086853 for ; Mon, 3 Oct 2005 16:43:18 -0700 (PDT) (envelope-from jon@callas.org) Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Mon, 3 Oct 2005 16:43:14 -0700 Received: from [63.251.255.205] ([63.251.255.205]) by keys.merrymeet.com (PGP Universal service); Mon, 03 Oct 2005 16:43:14 -0700 X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 03 Oct 2005 16:43:14 -0700 In-Reply-To: <20050922135632.GA1725@epointsystem.org> References: <20050922042955.GA30473@epointsystem.org> <20050922135632.GA1725@epointsystem.org> Mime-Version: 1.0 (Apple Message framework v734) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <08A20B20-E224-4C3F-A29B-1013A2025FE6@callas.org> Cc: ietf-openpgp@imc.org Content-Transfer-Encoding: 7bit From: Jon Callas Subject: Re: Plausible deniability (a feature to think about) Date: Mon, 3 Oct 2005 16:43:09 -0700 To: "Daniel A. Nagy" X-Mailer: Apple Mail (2.734) Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On 22 Sep 2005, at 6:56 AM, Daniel A. Nagy wrote: >>> Now, there exists a cryptographic solution for this problem, >>> moreover, >>> RFC2440 even hints that it might be implemented in OpenPGP, >>> though I have >>> never seen it used: X9.42 Diffie-Hellman key agreement (see also >>> RFC2630, >>> RFC2631 and RFC2633). >>> >> >> X9.42 was only added to S/MIME for political reasons. AFAIK only one >> implementation ever supported it, and that was the USG-funded >> reference >> implementation that was required to support it. In addition, MS >> supported a >> read-only implementation just so they couldn't be accused of not >> supporting >> it. >> > > What political reasons? And why is there a reserved ID in OpenPGP? > Peter explained the political reasons around X9.42 in S/MIME. There are a different set of political things in OpenPGP. Remember that at the time, the RSA algorithm was patented in the US, and the US had export restrictions. Consequently, this created an amusing window in which what you could do where had very little to do with rationality, let alone good technical decisions. Actually, to be complete, *all* public key crypto was patented in the US, and nowhere else, but the discrete log patents all expired in late '97, and the RSA patent in late '00. Add to this the zaniness of The Internet Boom. The IETF as a whole decided in Munich in July '97 that all standards had to have discrete-log algorithms as MUST-implement algorithms, because of patent concerns. Just about everyone picked DSA for signing, but there was differences in ideas about what to pick for encryption. OpenPGP is based on PGP 3, which already had been built using Elgamal keys. That was decided. Other protocols, which had been RSA-only, looked around for what to do. The S/MIME people picked X9.42. Another factor in various discussions has been how to deal with certificate formats. It's pretty trivial to come up with an isomorphism between X.509 certs and OpenPGP certs for RSA keys. However, with OpenPGP using Elgamal, and S/MIME using X9.42, there was a difference. Consequently, to bridge any gap, we put in identifiers for X9.42 in OpenPGP, so that if they became popular, we could support them. As Peter Gutmann has said, it isn't clear that anyone ever used a single X9.42 key outside of interop testing. There aren't that many people using DSA certs, either. I don't think I've ever seen one in the wild. At PGP, we don't do any X.509/OpenPGP unification for discrete log keys. If you want that, you use RSA. > >> (I remember having a conversation with a rather baffled security >> application >> developer who wanted to see X9.42 in an S/MIME toolkit and just >> couldn't >> understand that although the spec had it as a MUST requirement, >> all the >> implementors knew that you should ignore it). >> > > X9.42 may be flawed (is it?), but DH key agreement is one of the > strongest > primitives in asymmetric cryptography. There's nothing wrong with X9.42 technical. Its non-use (and DSA's) are all layer 8 and 9 issues. Jon Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j93JcnJj059686; Mon, 3 Oct 2005 12:38:49 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j93JcnPM059683; Mon, 3 Oct 2005 12:38:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from srv224 (eva222.named1.com [69.31.86.150] (may be forged)) by above.proper.com (8.12.11/8.12.9) with SMTP id j93JcmuP059620 for ; Mon, 3 Oct 2005 12:38:48 -0700 (PDT) (envelope-from archive@mail-archive.com) Date: Mon, 3 Oct 2005 12:38:48 -0700 (PDT) From: archive@mail-archive.com Message-Id: <200510031938.j93JcmuP059620@above.proper.com> Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Received: from jpdtoisw (0.112.18.237) by srv224; Mon, 3 Oct 2005 12:38:48 -0700 Message-ID: <003801c47b9c$ed37f2bb$dd834d08@jpdtoisw> Reply-To: From: To: Subject: HOMEMADE PETROL? YES! Date: Mon, 3 Oct 2005 12:38:48 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0037_01C44D08.DD83F2BB" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 ------=_NextPart_000_0037_01C44D08.DD83F2BB Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Hi! Your mail is ietf-openpgp@imc.org Your fax=20 Find OUT HOW to make PETROL FOR YOU CAR with the lowest losses or without t= hem at all! =A0 Have you ever heard about making the petrol on your own against buying that= at the filling station? Ask your friends, neighbours or relatives.=20 They wouldn't believe in that! I suggest you to make the high-octane gasoline for you automobile by yourse= lf using the simple and cheap technology. This technology allows you to pro= duce the petrol at home, garage, shed at any place you want.=20 You cut the losses essentially (up to 10 times) for using a personal car fo= r life and business. Reduced the costs for transport charges in your busine= ss you can pass ahead of your rivals essentially. You can afford yourself t= o go to work not thinking about buying the petrol. You can go you relatives= , friends living very far from you more often.=20 Costs for production 1 liter of high octane gasoline doesn't exceed 0,15 US= D ! You can make up to 20 liters of high octane gasoline per hour. You need= n't an expensive equipment and it is enough to have a school education. The= whole preparatory process doesn't take more than one week. After that you = can make the petrol unlimited! Read more www.petrol.7p.com 2 get ready ------=_NextPart_000_0037_01C44D08.DD83F2BB-- Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j939QAAn051702; Mon, 3 Oct 2005 02:26:10 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j939QAd1051701; Mon, 3 Oct 2005 02:26:10 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.206]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j939Q9Q1051690 for ; Mon, 3 Oct 2005 02:26:09 -0700 (PDT) (envelope-from rwillmer@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so84338nzo for ; Mon, 03 Oct 2005 02:26:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=e96cluUJR/0fubRO04ID2zqZtgkUGGjp4CkZIOaIEdPeDS5/1KFyjdqkPedkDSFU86aG2Gj9hiY+YhZconBLrH+i4kZfHyzyp3xwmkSRw8D+pIyvAuSr+Uu7l5fS6bIEKzXrQlItTTovMTkhyv1pV6aJTJwF9dztjk0xGgxiPzA= Received: by 10.36.2.1 with SMTP id 1mr25498nzb; Mon, 03 Oct 2005 02:26:04 -0700 (PDT) Received: by 10.36.222.9 with HTTP; Mon, 3 Oct 2005 02:26:03 -0700 (PDT) Message-ID: <5cd112870510030226n172cbc87q@mail.gmail.com> Date: Mon, 3 Oct 2005 10:26:03 +0100 From: Rachel Willmer Reply-To: Rachel Willmer To: ietf-openpgp@imc.org Subject: WG Goals and Milestones MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j939Q9Q1051696 Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Just looking at the IETF page for the working group , and it has the following under "Goals and Milestones" Done Submit PGP/MIME draft to IESG for consideration as PROPOSED standard May 01 Submit Multiple Sig draft to IESG for consideration as PROPOSED standard Jul 01 Begin RFC2440, PGP/MIME Interoperability testing Aug 01 Request DRAFT status for RFC2440 Are those still the goals the WG is working towards, or are there some other more up-to-date ones? Rachel