From dkg@fifthhorseman.net Tue Mar 5 01:42:09 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81AE421F882F for ; Tue, 5 Mar 2013 01:42:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rsgR8Tl666C for ; Tue, 5 Mar 2013 01:42:09 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id D498D21F8739 for ; Tue, 5 Mar 2013 01:42:08 -0800 (PST) Received: from [192.168.13.131] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 9AFFCF979 for ; Tue, 5 Mar 2013 04:42:03 -0500 (EST) Message-ID: <5135BDE6.1070200@fifthhorseman.net> Date: Tue, 05 Mar 2013 04:41:58 -0500 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130112 Icedove/17.0.2 MIME-Version: 1.0 To: IETF OpenPGP X-Enigmail-Version: 1.6a1pre Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2ECKHHSAGDABWTNSASOOH" Subject: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 09:42:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2ECKHHSAGDABWTNSASOOH Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi good OpenPGP people-- I use both OpenPGP and OTR. my OTR implementation has its own public key= =2E I can see a use case for indicating my OTR public key directly as a subkey on my main OpenPGP key, so that anyone who knows me via the OpenPGP web of trust could have their tools automatically authenticate me (without having to do any of the various OTR authentication handshakes explicitly). I also think i would like this subkey to be unambiguously identified as an OTR public key, so that it is not accepted for use in any other context (e.g. it would be bad if someone who was able to compromise my OTR client and steal my OTR key was able to use the secret key material to impersonate me over SSH). How could i indicate such a clear constraint? I have a couple of ideas, and would be happy to hear people's thoughts: A) allocate 0x40 of the usage flags [0] to mean "use in OTR". What kind of work needs to be done to get a new bit allocated there? Is allocating a new bit reasonable? B) use the "authentication" usage flag with a critical notation. Since the OTR subkey is clearly used for authentication purposes, perhaps the right way to go is to mark the key as authentication- capable in the usage flags, but also add a critical notation that indicating that the scope of use is limited to otr. Does such a thing already exist? Option A seems cleaner to me (since no existing implementations would mistake such a marked subkey as useful for anything else), but i worry about how it would scale in the bigger picture -- how many such bits are we going to need to allocate if keys can be useful elsewhere? OTOH, maybe that's not a big deal. And option B seems risky in the near term -- how many OpenPGP implementations will actually respect the critical bit and reject that subkey binding signature if they know that they are not in the OTR context? Suggestions? Is there some other way i should approach this? --dkg [0] https://tools.ietf.org/html/rfc4880#section-5.2.3.21 ------enig2ECKHHSAGDABWTNSASOOH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJRNb3mXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznpaCcP/AjWC3GYhjc0xDtc1KBPGj0G Yec3axE1bzranWJ2Bl+FWjs4HGU01+aBLmbCgD5yRp+KS2s9xege2jwHuLehM7bz c4Ag0vfP/HmEX3Z4x+Mwn4LCXySPyM96G67/Wbaod23IgEEjoRO0FZeey/ywxgtj B7Kj0goMSpOUpe5t7/baASzKOei8q7yVAyZti8JO58jqQUY4d7XDGZjYSHo0MBwV R/NuXRMB/CaFH+QGKQBMHLbG9wnkcS8FSYiM9e8o3OrHHC7xvp/GnPw5oJByiY6S hQIs4bUM9NwMHDdzIGiokXhwe0H0DkxNLXMIkrKlzf/OTSL4MTS1TVAQ8SxU7Aw6 DiP+oirq7b8GTs6HmmAPUbloJU0UwYwYPTUTxClxTPR01ZFoMaVxUwULiDu0IuZl E5YayFgBXUV50n/qYTVyE0hDFwQxJsaBNomPlJRBqRjU94g8P0sitbqaw+FI7f/4 E1u4g92XSOfP/SnSrk6tefOdGN5Rm630nuTULW4QG8mG4m6+Ah7S3bl/q1yIMf+g oMesn9FYKi70U5wK0syfgTo35DebTsG/ayia+yjhdVt3uH5vtqYvgNC+aABsuuZN +Fv6BS45aiWT52Cdb8qJqqLhlrf/754wb7aKrt8JqqpRiwjS0iQSgFaOaHdjr+bu MxxhBdY8oTOB6KnMYa2x =jsj2 -----END PGP SIGNATURE----- ------enig2ECKHHSAGDABWTNSASOOH-- From jon@callas.org Tue Mar 5 06:59:22 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7658721F86EA for ; Tue, 5 Mar 2013 06:59:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcJEo4SVhQP8 for ; Tue, 5 Mar 2013 06:59:22 -0800 (PST) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 12D5721F86DC for ; Tue, 5 Mar 2013 06:59:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 62D98225D57A; Tue, 5 Mar 2013 06:59:21 -0800 (PST) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udm4s+q+uFOD; Tue, 5 Mar 2013 06:59:21 -0800 (PST) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 1D9F6225D56E; Tue, 5 Mar 2013 06:59:19 -0800 (PST) Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Tue, 05 Mar 2013 06:59:21 -0800 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 05 Mar 2013 06:59:21 -0800 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Jon Callas In-Reply-To: <5135BDE6.1070200@fifthhorseman.net> Date: Tue, 5 Mar 2013 06:59:19 -0800 Message-Id: <321F2843-1BA5-4934-B4B8-102A9AA4E6FE@callas.org> References: <5135BDE6.1070200@fifthhorseman.net> To: Daniel Kahn Gillmor X-Mailer: Apple Mail (2.1499) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: IETF OpenPGP , Jon Callas Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 14:59:22 -0000 Notations are specifically designed for open-ended additions to whatever. Jon From dshaw@jabberwocky.com Tue Mar 5 07:19:17 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D25221F861B for ; Tue, 5 Mar 2013 07:19:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDe6SMZjXjZH for ; Tue, 5 Mar 2013 07:19:16 -0800 (PST) Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id 6F70A21F8606 for ; Tue, 5 Mar 2013 07:19:14 -0800 (PST) Received: from dshaw.nasuni.net (vpn.nasuni.com [173.166.63.186]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id r25FJC2w005550 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 5 Mar 2013 10:19:13 -0500 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: David Shaw In-Reply-To: <5135BDE6.1070200@fifthhorseman.net> Date: Tue, 5 Mar 2013 10:19:12 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> References: <5135BDE6.1070200@fifthhorseman.net> To: Daniel Kahn Gillmor X-Mailer: Apple Mail (2.1499) Cc: IETF OpenPGP Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 15:19:17 -0000 On Mar 5, 2013, at 4:41 AM, Daniel Kahn Gillmor = wrote: > Hi good OpenPGP people-- >=20 > I use both OpenPGP and OTR. my OTR implementation has its own public = key. >=20 > I can see a use case for indicating my OTR public key directly as a > subkey on my main OpenPGP key, so that anyone who knows me via the > OpenPGP web of trust could have their tools automatically authenticate > me (without having to do any of the various OTR authentication > handshakes explicitly). >=20 > I also think i would like this subkey to be unambiguously identified = as > an OTR public key, so that it is not accepted for use in any other > context (e.g. it would be bad if someone who was able to compromise my > OTR client and steal my OTR key was able to use the secret key = material > to impersonate me over SSH). >=20 > How could i indicate such a clear constraint? >=20 > I have a couple of ideas, and would be happy to hear people's = thoughts: >=20 > A) allocate 0x40 of the usage flags [0] to mean "use in OTR". >=20 > What kind of work needs to be done to get a new bit allocated there? > Is allocating a new bit reasonable? >=20 > B) use the "authentication" usage flag with a critical notation. >=20 > Since the OTR subkey is clearly used for authentication purposes, > perhaps the right way to go is to mark the key as authentication- > capable in the usage flags, but also add a critical notation that > indicating that the scope of use is limited to otr. Does such a > thing already exist? >=20 > Option A seems cleaner to me (since no existing implementations would > mistake such a marked subkey as useful for anything else), but i worry > about how it would scale in the bigger picture -- how many such bits = are > we going to need to allocate if keys can be useful elsewhere? >=20 > OTOH, maybe that's not a big deal. And option B seems risky in the = near > term -- how many OpenPGP implementations will actually respect the > critical bit and reject that subkey binding signature if they know = that > they are not in the OTR context? I'd do this with a notation (option B, which can be marked as critical = if you desire). The Usage flags are helpful but I don't think they have = the ability to carry enough information to really state what you are = trying to say. Usage is more "this key can may be used for = authentication", and it sounds like what you're looking for is "this key = may be used for authentication, but only in the context of OTR". I can't speak for all OpenPGP implementations, but GPG will correctly = reject a subkey binding signature if it has a critical notation that GPG = doesn't know about. I'm not sure if that helps or hurts your plan, = though, as without adding code to GPG to understand your notation, you = won't easily be able to show a connection from your OpenPGP key to the = OTR subkey. David From wk@gnupg.org Tue Mar 5 08:02:50 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7050721F8883 for ; Tue, 5 Mar 2013 08:02:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.599 X-Spam-Level: X-Spam-Status: No, score=-12.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eWbY21o2bwCq for ; Tue, 5 Mar 2013 08:02:49 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id B1ACB21F8639 for ; Tue, 5 Mar 2013 08:02:49 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.72 #1 (Debian)) id 1UCuKH-0006EP-62 for ; Tue, 05 Mar 2013 17:02:49 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.77 #3 (Debian)) id 1UCuCz-0001Bn-Qp; Tue, 05 Mar 2013 16:55:17 +0100 From: Werner Koch To: David Shaw References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=1E42B367; url=finger:wk@g10code.com Date: Tue, 05 Mar 2013 16:55:17 +0100 In-Reply-To: <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> (David Shaw's message of "Tue, 5 Mar 2013 10:19:12 -0500") Message-ID: <87obexlu3e.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: IETF OpenPGP , Daniel Kahn Gillmor Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 16:02:50 -0000 On Tue, 5 Mar 2013 16:19, dshaw@jabberwocky.com said: > plan, though, as without adding code to GPG to understand your > notation, you won't easily be able to show a connection from your > OpenPGP key to the OTR subkey. Actually this would be an argument in favor of key flags - the changes to the code would be much easier. RFC4880 says about key flags: This subpacket contains a list of binary flags that hold information about a key. It is a string of octets, and an implementation MUST NOT assume a fixed size. This is so it can grow over time. If a ^^^^^^^^^^^^^^^^^^^ list is shorter than an implementation expects, the unstated flags are considered to be zero. The defined flags are as follows: Thus back in 1997/98 we must have assumed that key flags are a useful thing. I agree that we should not add new key flags without a strong reason. XMPP, however, is evolving to a very useful protocol and OTR is the preferred way of securing it in the real world (much like PGP was used instead of X.509). A discussion right now at cryptography@ stresses the importance of OTR over the originally designed Jabber security features. Given that OTR is a different use case than data storage or mail encryption, I think adding a new key flags for OTR is justified. Maybe we could come up with a more generic term, but to me OTR would be fine ('o' is not yet used as letter describing a key capability ;-). While we are at it: What about using 0x40 of the first octet to indicate that the private component of the key is stored on offline medium? That "offline key" would nicely go with "split key" (0x10) and "group key" (0x80). OTR may then go into the second octet. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jon@callas.org Tue Mar 5 08:10:44 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE9521F8999 for ; Tue, 5 Mar 2013 08:10:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zi75LrvL3l2g for ; Tue, 5 Mar 2013 08:10:43 -0800 (PST) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id CD90121F8901 for ; Tue, 5 Mar 2013 08:10:43 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 67B3F225F883; Tue, 5 Mar 2013 08:10:43 -0800 (PST) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4h01IISKpIP7; Tue, 5 Mar 2013 08:10:34 -0800 (PST) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id E8FD8225F860; Tue, 5 Mar 2013 08:10:30 -0800 (PST) Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Tue, 05 Mar 2013 08:10:34 -0800 X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 05 Mar 2013 08:10:34 -0800 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Jon Callas In-Reply-To: <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> Date: Tue, 5 Mar 2013 08:10:30 -0800 Message-Id: References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> To: David Shaw X-Mailer: Apple Mail (2.1499) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: IETF OpenPGP , Jon Callas , Daniel Kahn Gillmor Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 16:10:44 -0000 On Mar 5, 2013, at 7:19 AM, David Shaw wrote: >=20 > I'd do this with a notation (option B, which can be marked as critical = if you desire). The Usage flags are helpful but I don't think they have = the ability to carry enough information to really state what you are = trying to say. Usage is more "this key can may be used for = authentication", and it sounds like what you're looking for is "this key = may be used for authentication, but only in the context of OTR". Usage flags are there for broad declarations. For example, so that you = use an RSA key for encryption but not signing, or a signing key for = authentication-based signing, but not documents. If you're really going to put protocol-specific notes in, then notations = are the way to go. >=20 > I can't speak for all OpenPGP implementations, but GPG will correctly = reject a subkey binding signature if it has a critical notation that GPG = doesn't know about. I'm not sure if that helps or hurts your plan, = though, as without adding code to GPG to understand your notation, you = won't easily be able to show a connection from your OpenPGP key to the = OTR subkey. There's a problem with criticality as a concept in general, and that is = that if you really do private development, it can cause things to = explode in ways that are not useful. In this case, we have an authentication-only subkey that's intended to = be used for OTR. If you mark it as authentication-only, it's not going = to be used for document signing, which is really what you want. It's = possible that some other authentication protocol could grab it, but is = that really a problem? This brings us to the problem with criticality. It's supposed to keep = some item from being used in an unknown way. But it can also fail in = unexpected ways. I've seen criticality flags cause all sorts of weird = issues in other systems, and the usual fix is not to make it critical. Jon From dshaw@jabberwocky.com Tue Mar 5 08:31:11 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EAE221F8606 for ; Tue, 5 Mar 2013 08:31:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ubUIXqrUwa9 for ; Tue, 5 Mar 2013 08:31:11 -0800 (PST) Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id 1154321F8896 for ; Tue, 5 Mar 2013 08:31:02 -0800 (PST) Received: from dshaw.nasuni.net (vpn.nasuni.com [173.166.63.186]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id r25GUshL006253 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 5 Mar 2013 11:30:55 -0500 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: David Shaw In-Reply-To: <87obexlu3e.fsf@vigenere.g10code.de> Date: Tue, 5 Mar 2013 11:30:54 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <87obexlu3e.fsf@vigenere.g10code.de> To: Werner Koch X-Mailer: Apple Mail (2.1499) Cc: IETF OpenPGP Subject: [openpgp] Offline key flag (was Re: marking subkeys as constrained for specific use -- new key usage flags?) X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 16:31:11 -0000 On Mar 5, 2013, at 10:55 AM, Werner Koch wrote: > While we are at it: What about using 0x40 of the first octet to = indicate > that the private component of the key is stored on offline medium? = That > "offline key" would nicely go with "split key" (0x10) and "group key" > (0x80). OTR may then go into the second octet. Can you give an example why would someone want to publish that their = private key is offline? I'm not sure I see a use for that. David From wk@gnupg.org Tue Mar 5 08:57:52 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAF2211E80F0 for ; Tue, 5 Mar 2013 08:57:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.599 X-Spam-Level: X-Spam-Status: No, score=-11.599 tagged_above=-999 required=5 tests=[AWL=-1.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGLEwXc1W8ps for ; Tue, 5 Mar 2013 08:57:52 -0800 (PST) Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id 98E7C11E80E4 for ; Tue, 5 Mar 2013 08:57:50 -0800 (PST) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.72 #1 (Debian)) id 1UCvBV-00089R-1j for ; Tue, 05 Mar 2013 17:57:49 +0100 Received: from wk by vigenere.g10code.de with local (Exim 4.77 #3 (Debian)) id 1UCv7f-0001PR-9o; Tue, 05 Mar 2013 17:53:51 +0100 From: Werner Koch To: David Shaw References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <87obexlu3e.fsf@vigenere.g10code.de> Organisation: g10 Code GmbH X-message-flag: Mails containing HTML will not be read! Please send only plain text. OpenPGP: id=1E42B367; url=finger:wk@g10code.com Date: Tue, 05 Mar 2013 17:53:51 +0100 In-Reply-To: (David Shaw's message of "Tue, 5 Mar 2013 11:30:54 -0500") Message-ID: <87k3pllrds.fsf@vigenere.g10code.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: IETF OpenPGP Subject: Re: [openpgp] Offline key flag X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2013 16:57:53 -0000 On Tue, 5 Mar 2013 17:30, dshaw@jabberwocky.com said: > Can you give an example why would someone want to publish that their private key is offline? I'm not sure I see a use for that. I have two encryption keys but only one marked as offline. If someone wants to send a quick message he would encrypt to the non-offline key. If he has to tell me something really secret, he would select the offline key, assuming that I will move the message to a non-networked box where the offline key is stored. I am not sure whether this is really useful for most users, but split and group keys are also somewhat esoteric and not even defined in OpenPGP. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dshaw@jabberwocky.com Tue Mar 5 16:26:45 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE44D21F8650 for ; Tue, 5 Mar 2013 16:26:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PVn0Z8neP1qK for ; Tue, 5 Mar 2013 16:26:45 -0800 (PST) Received: from walrus.jabberwocky.com (walrus.jabberwocky.com [173.9.29.57]) by ietfa.amsl.com (Postfix) with ESMTP id 213F621F8523 for ; Tue, 5 Mar 2013 16:26:45 -0800 (PST) Received: from grover.home.jabberwocky.com (grover.home.jabberwocky.com [172.24.84.28]) (authenticated bits=0) by walrus.jabberwocky.com (8.14.4/8.14.4) with ESMTP id r260Qb2Z010102 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 5 Mar 2013 19:26:37 -0500 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: David Shaw In-Reply-To: <87k3pllrds.fsf@vigenere.g10code.de> Date: Tue, 5 Mar 2013 19:26:37 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <87obexlu3e.fsf@vigenere.g10code.de> <87k3pllrds.fsf@vigenere.g10code.de> To: Werner Koch X-Mailer: Apple Mail (2.1499) Cc: IETF OpenPGP Subject: Re: [openpgp] Offline key flag X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2013 00:26:46 -0000 On Mar 5, 2013, at 11:53 AM, Werner Koch wrote: > On Tue, 5 Mar 2013 17:30, dshaw@jabberwocky.com said: >=20 >> Can you give an example why would someone want to publish that their = private key is offline? I'm not sure I see a use for that. >=20 > I have two encryption keys but only one marked as offline. If someone > wants to send a quick message he would encrypt to the non-offline key. > If he has to tell me something really secret, he would select the > offline key, assuming that I will move the message to a non-networked > box where the offline key is stored. Ah, that's a good point. It's still up to the sender which key to use, = but you can choose to give a hint. > I am not sure whether this is really useful for most users, but split > and group keys are also somewhat esoteric and not even defined in > OpenPGP. Yes. I've wondered about the split key bit in the past. The group key = bit seems fairly straightforward: if the bit it set, then the verifier = of a signature is effectively being told the sender isn't a person, but = a group, so the verifier can't expect that a single person was = responsible (and similar logic for encryption). Of course, there is = nothing forcing the owners of a group key to set the bit, but if they = want to, it's there. David From dkg@fifthhorseman.net Thu Mar 7 05:45:06 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBC6E21F8CD8 for ; Thu, 7 Mar 2013 05:45:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZETlTD2NgMC for ; Thu, 7 Mar 2013 05:45:06 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 5686D21F8CD7 for ; Thu, 7 Mar 2013 05:45:06 -0800 (PST) Received: from [192.168.13.132] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 88CECF979 for ; Thu, 7 Mar 2013 08:45:03 -0500 (EST) Message-ID: <513899DF.60109@fifthhorseman.net> Date: Thu, 07 Mar 2013 08:45:03 -0500 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130112 Icedove/17.0.2 MIME-Version: 1.0 To: IETF OpenPGP References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> In-Reply-To: X-Enigmail-Version: 1.6a1pre Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2KNIBAQBHNFPVWGJJBVEQ" Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2013 13:45:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2KNIBAQBHNFPVWGJJBVEQ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/05/2013 11:10 AM, Jon Callas wrote: > In this case, we have an authentication-only subkey that's intended to = be used for OTR. If you mark it as authentication-only, it's not going to= be used for document signing, which is really what you want. It's possib= le that some other authentication protocol could grab it, but is that rea= lly a problem? well, yes, this was my original concern. i wrote: >> (e.g. it would be bad if someone who was able to compromise my >> OTR client and steal my OTR key was able to use the secret key materia= l >> to impersonate me over SSH). We already have systems in place (e.g. monkeysphere) that permit the use of authentication-capable subkeys for ssh systems. so if i was to mark my OTR key as authentication-capable, and critical notations were not widely respected, that wouldn't turn out very well. > This brings us to the problem with criticality. It's supposed to keep s= ome item from being used in an unknown way. But it can also fail in unexp= ected ways. I've seen criticality flags cause all sorts of weird issues i= n other systems, and the usual fix is not to make it critical. If criticality is fraught with problems, doesn't that suggest extending the usage flags is a more responsible way to go? or should i create a subkey with all usage flags set to 0, and then include a notation to indicate the use? that way, the subkey wouldn't be used by any existing system except the ones willing to parse and interpret the notation, regardless of its criticality. --dkg ------enig2KNIBAQBHNFPVWGJJBVEQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJROJnfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznpIeQP/36nrL5aV+7hLEgQRXj1e+z7 Nn93w6Tk03+sHdxPvD2x1zeEJPsLA24oOez6M1YdENpk0PZ0Ifja4wkJcEs2Kz+J knmsMZwSp+jF/spoXCcQCt8RJoGUKmOofM2YzX7bLpzpTnBYYsT1EAodp+LssykC n/yqHgJ9REs192qAPaHOmCe+kU+trRkA2FD1A1fjvj1CEoWvzybvIwfHb1tB2M1Q 7uLS/zxi5ZKBZlsVUU+5M+zrWX185s8nUoZMcvkbDWwcXKNtOcT8qq3Gg6JPJz1D gVxfX37bEtOPV6vcaueM5TKIgdevF1DtgX0MJQTIbUL1fZQHseR49yPYSpFTGWwu rv54XR2g4Gg7mJCKRKLcYuw6DzehqHDWWy7lDR8YtnEgigO35AiUShJfHvP2QH1J 74JsiXv6qMvwlFiC+y6ZAsibFJR4VWps6OnOx8/k9NmNw3m+2Z5aAF98HJ75Wpz2 6nvCdCznm2+6BDkzagsBd80nbf2ft1wTioarqguhVgJdpIQ5XE6ZKgxvu7kjLjC9 F3t0tXkjiWlD5aKMrTU5O2Z4iBGj7zFam7JfO0H+q1JZjWL0uAnTw9b2gpz5owgd QOy9+tz0WBqa7aGmA+x1GPPH55S+Vpn/JkQu1GrvBJC6Xx6+RWoLQFsJUYuzXjWw KUxUuDKF1wOPOO0a9Bnk =mXWd -----END PGP SIGNATURE----- ------enig2KNIBAQBHNFPVWGJJBVEQ-- From jon@callas.org Thu Mar 7 10:59:40 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F116921F89B3 for ; Thu, 7 Mar 2013 10:59:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CgHiSL4bwSsW for ; Thu, 7 Mar 2013 10:59:39 -0800 (PST) Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id 7197821F8992 for ; Thu, 7 Mar 2013 10:59:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id C592B22B8BCA; Thu, 7 Mar 2013 10:59:35 -0800 (PST) X-Virus-Scanned: amavisd-new at merrymeet.com Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrhHtcI+Z39S; Thu, 7 Mar 2013 10:59:26 -0800 (PST) Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 4457822B8BB1; Thu, 7 Mar 2013 10:59:25 -0800 (PST) Received: from [172.16.13.170] ([23.24.110.141]) by keys.merrymeet.com (PGP Universal service); Thu, 07 Mar 2013 10:59:26 -0800 X-PGP-Universal: processed; by keys.merrymeet.com on Thu, 07 Mar 2013 10:59:26 -0800 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) From: Jon Callas In-Reply-To: <513899DF.60109@fifthhorseman.net> Date: Thu, 7 Mar 2013 10:59:20 -0800 Message-Id: <781CC72A-0F9F-4672-BE5F-1330EA2F9131@callas.org> References: <5135BDE6.1070200@fifthhorseman.net> <6F1173CD-290C-4A38-BD80-152C5E553D1F@jabberwocky.com> <513899DF.60109@fifthhorseman.net> To: Daniel Kahn Gillmor X-Mailer: Apple Mail (2.1499) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: IETF OpenPGP , Jon Callas Subject: Re: [openpgp] marking subkeys as constrained for specific use -- new key usage flags? X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2013 18:59:40 -0000 On Mar 7, 2013, at 5:45 AM, Daniel Kahn Gillmor = wrote: >=20 > If criticality is fraught with problems, doesn't that suggest = extending > the usage flags is a more responsible way to go? No, because either you want *that* to be critical, too, which has the = same criticality issue, or criticality is not important in which case = the notation works too. My comment was one about criticality in general. We have criticality = because there were people in the late '90s who thought it was a good = idea. It *is* a good idea, but it is such a subtle idea that it's = Shannon information, kolmogorov complexity, etc. is more than one bit. >=20 > or should i create a subkey with all usage flags set to 0, and then > include a notation to indicate the use? that way, the subkey wouldn't > be used by any existing system except the ones willing to parse and > interpret the notation, regardless of its criticality. Well, if you did that, you wouldn't not be RFC 4880 compliant. There is = a way to do this within the standard -- the notation. The whole reason that we have notations is so that if you want to do = something on your own, there's a supported way to do that. What's wrong = with using the supported way, as opposed to violating the standard with = hacks? (I'm not above violating standards with hacks, but I expect to = have to answer that question, myself.) If my cynical beliefs about criticality scared you away from doing the = right thing, then I apologize. I never intended to do that. I was merely = pointing out that if you put the critical flag on it, then it possibly = would have unintended failure modes and meta-failures. The correct thing to do is a notation. Put the critical flag on it. = Please. Jon From dkg@fifthhorseman.net Tue Mar 12 14:07:06 2013 Return-Path: X-Original-To: openpgp@ietfa.amsl.com Delivered-To: openpgp@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96E7C11E810A for ; Tue, 12 Mar 2013 14:07:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDSo3NaJDVAL for ; Tue, 12 Mar 2013 14:07:06 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 1619111E80E9 for ; Tue, 12 Mar 2013 14:07:06 -0700 (PDT) Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id E0DCFF980 for ; Tue, 12 Mar 2013 17:07:04 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id E30B81FF23; Tue, 12 Mar 2013 17:07:04 -0400 (EDT) From: Daniel Kahn Gillmor To: IETF OpenPGP User-Agent: Notmuch/0.15.2 (http://notmuchmail.org) Emacs/23.4.1 (x86_64-pc-linux-gnu) Date: Tue, 12 Mar 2013 17:07:01 -0400 Message-ID: <87li9s2uq2.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Subject: [openpgp] primary key binding signatures (0x19) for non-signing subkeys X-BeenThere: openpgp@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Ongoing discussion of OpenPGP issues." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 21:07:06 -0000 --=-=-= Content-Type: text/plain hi OpenPGP folks-- I'm wondering whether authentication-capable subkeys should require primary key binding signatures (aka "back-sigs" or "cross-certifications"). There seems to be consensus that signing-capable subkeys need back-sigs, but it's not clear whether authentication-capable subkeys need the same thing. RFC 4880 says: > For subkeys that can issue signatures, the subkey binding signature > MUST contain an Embedded Signature subpacket with a primary key > binding signature (0x19) issued by the subkey on the top-level key. Many (all?) authentication schemes that use public keys involve making a signature of some data during the authentication exchange. This suggests to me that authentication-capable subkeys should have a back-sig. Also, i'm considering the possibility of OTR-OpenPGP linkage i mentioned in a previous thread. It occurs to me that if Alice manages to authenticate Bob using some OTR handshake, and she wants to bootstrap her way from that mutual authentication into an OpenPGP authentication, then a back-sig is critical. Mallory can already make her own OpenPGP primary key, attach Bob's User ID to it, and then attach Bob's actual OTR key as a subkey. If Alice just scans the keyserver for primary keys that have Bob's OTR key as a subkey, there is no way for her to distinguish between Bob's actual key and Mallory's Fake-Bob key. A back-sig would provide such a distinguishing mechanism. Practically, at least one common implementation (GnuPG) does not create a back-sig for authentication-capable keys. Should it do so? Do other implementations do so? Are there any downsides to including a back-sig in every authentication-capable subkey? Regards, --dkg --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJRP5j1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpciFUP/A1eKqB4YCzG8Y7jEITkJWqk bjboO8M34jfsW1N1+CzQwosug0c3jdADj01LVchAuKp7gCsTkQ1xdv/Gh34H6L4o Xh1ILFrxZQ4epiBX+lGMOozCvgYIUSIRj81QWYCtRiVCQH4VNLyCQHKJ2w15uw16 gipqmBw+YA5LgEj5ip1W6SGIyG21Z7Eao1bGdRcrpzHxc06qnDahJKGFBojMPc8p 0HnOsd5B/peERKKH+oeU4nPArGQVNCIfNm6a8MPGF1mdZoL+VUA1l7QDkMUTudyL N7I5IPPy6iUJoM5b6M7wWyXPlRNFbq+fc27IqeYx01Mmw+cKTDuwGih+CyQ0BFaY LB5gkPJG68FE2dnTqDGGldspI5588tMEog8DrN27RhnELVMZP6bCEokCGE6hcQoL WOZIr0rRL99OCQ7ip6xMA+TAXihpJ/ExCsxYE/Wx+ljNsZ8IuhvBt3xDNuHcNcdj N3/BVnQOfyIDKwG28JvOBoK89eCPGZuQWHCZ0sr/mwsgF31fdoMQyJZ3CuDEQKU4 pRlMKSL53M/0i7qO/hHo4ZwQQLJ1QffDSlUDip4baZL+4dmT3g6NPtlxzmkcNdid FDJAOtSWoOslG5/VptvE1WvKOH393JgiwiUIHEyY7iedHhLULbvxlUuejxYVNemw Fo+aiE/35j9v784o5GA/ =2An7 -----END PGP SIGNATURE----- --=-=-=--