[18358] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Alaric Dailey)
Thu Sep 1 13:35:43 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 01 Sep 2005 11:15:18 -0500
From: Alaric Dailey <alaricd@pengdows.com>
To: cryptography@metzdowd.com
In-Reply-To: <4316B046.4060109@st.cs.uni-sb.de>
This is a cryptographically signed message in MIME format.
--------------ms010205060400030407000904
Content-Type: multipart/alternative;
boundary="------------010906080106020508010508"
This is a multi-part message in MIME format.
--------------010906080106020508010508
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
If I may inject my humble opinion(that isn't necessarily a response to
this peticular email), I may not be as informed as some but....
While I admit that PKI is flawed, I don't see anyway that PSK could used
effectively.
How are PSKs going to be shared in a secure way?
are we talking about generating a new key for every connection?
if so how do you validate the key?
if not, how do you validate that the key hasn't been compromised by
someone who put up a phishing site?
In my opinion, PSK has the same problems as all symmetric encryption,
its great if you can share the secret securely, but distribution to the
masses makes it infeasible.
>From the way I see it, if site logins were done using a client
certificate, like the USPS electronic postmark site
<https://www.uspsepm.com> allows and should enforce, then the security
issues wouldn't be issues, as there would be nothing usable handed off
to an attacker. Furthermore the site could be sure of the users
identity, something none of the other solutions I have seen address.
--
*Alaric Dailey* Everyone deserves privacy.
Thawte 'Web of Trust' Notary Seal <http://www.thawte.com/wot> Thawte
'Web of Trust' Notary <http://www.thawte.com/wot>
CAcert 'Web of Trust' Assurer <http://www.cacert.org/wot.php?id=3>
Notary Public CAcert 'Web of Trust' Assurer Seal <http://www.cacert.org>
ATTENTION USERS OF MICROSOFT OUTLOOK AN MICROSOFT OUTLOOK EXPRESS:
Some versions of these products have trouble replying to digitally
signed emails, like this one.
For more information on this error, and how to fix it please visit Mark
Nobles website here <http://www.marknoble.com/tutorial/smime/smime.aspx>.
Stephan Neuhaus wrote:
> James A. Donald wrote:
>
>> But does not, in fact, prevent.
>
>
> Let me rephrase that. Are we now at a point where we must admit that
> PKI isn't going to happen for the Web and that we therefore must face
> the rewriting of an unknown (but presumably large) number of lines of
> code to accomodate PSKs? If that's so, I believe that PSKs will have
> deployment problems as large as PKI's that will prevent their
> widespread acceptance.
>
> That's because PSKs (as I have understood them) have storage and
> management issues that CA certificates don't have, four of which are
> that there will be a lot more PSKs than CA certificates, that you
> can't preinstall them in browsers, that the issue of how to exchange
> PSKs securely in the first place is left as an exercise for the reader
> (good luck!), and that there is a revocation problem.
>
> To resolve any of those issues, code will need to be written, both on
> the client side and on the server side (except for the secure exchange
> of PSKs, which is IMHO unresolvable without changes to the business
> workflow). The client side code is manageable, because the code will
> be used by many people so that it may be worthwhile to spend the
> effort. But the server side? There are many more server applications
> than there are different Web browsers, and each one would have to be
> changed. At the very least, they'd need an administrative interface
> to enter and delete PSKs. That means that supporting PSKs is going to
> cost the businesses money (both to change their code and to change
> their workflow), money that they'd rather not spend on something that
> they probably perceive as the customer's (i.e., not their) problem,
> namely phishing.
>
> Some German banks put warnings on their web pages that they'll never
> ask you for private information such as passwords. SaarLB
> (http://www.saarlb.de) even urges you to check the certificate
> fingerprint and provides well-written instructions on how to do that.
> In return, they'll assume no responsibility if someone phishes your
> PIN and TANs. They might, out of goodwill, reimburse you. Then again,
> they might not. I believe that SaarLB could win in court. So where
> is the incentive for SaarLB to spend the money for PSK support?
>
> Fun,
>
> Stephan
--------------010906080106020508010508
Content-Type: multipart/related;
boundary="------------060309000508000101000408"
--------------060309000508000101000408
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
If I may inject my humble opinion(that isn't necessarily a response to
this peticular email), I may not be as informed as some but....<br>
<br>
While I admit that PKI is flawed, I don't see anyway that PSK could
used effectively.<br>
<br>
How are PSKs going to be shared in a secure way? <br>
are we talking about generating a new key for every connection? <br>
if so how do you validate the key? <br>
if not, how do you validate that the key hasn't been compromised by
someone who put up a phishing site?<br>
<br>
In my opinion, PSK has the same problems as all symmetric encryption,
its great if you can share the secret securely, but distribution to the
masses makes it infeasible.<br>
<br>
>From the way I see it, if site logins were done using a client
certificate, like the <a href="https://www.uspsepm.com">USPS
electronic postmark site</a> allows and should enforce, then the
security issues wouldn't be issues, as there would be nothing usable
handed off to an attacker. Furthermore the site could be sure of the
users identity, something none of the other solutions I have seen
address.<br>
<br>
<br>
<br>
<div class="moz-signature">-- <br>
<title>Pengdows eMail Signature</title>
<meta http-equiv="Content-Type" content="text/html; ">
<meta http-equiv="Content-Language" content="en-us">
<table border="1" bordercolor="#000055" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td>
<table border="1" bordercolor="#000055" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td colspan="3">
<table bgcolor="#000055" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td align="left" nowrap="nowrap" valign="top"> <font
color="#ffffff"><b>Alaric Dailey</b></font></td>
<td align="right" nowrap="nowrap" valign="top"><font
color="#ffffff">Everyone deserves privacy.</font></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="3">
<table cellpadding="2" cellspacing="2" width="100%">
<tbody>
<tr>
<td width="88"><a href="http://www.thawte.com/wot"><img
src="cid:part1.06090203.09070405@pengdows.com"
alt="Thawte ‘Web of Trust’ Notary Seal" border="0"></a></td>
<td align="left"><font size="-1"><a
href="http://www.thawte.com/wot">Thawte ‘Web of Trust’ Notary</a><br>
<a href="http://www.cacert.org/wot.php?id=3">CAcert
‘Web of Trust’ Assurer</a><br>
Notary Public</font></td>
<td align="right" width="88"><a
href="http://www.cacert.org"><img
src="cid:part2.00060101.04000305@pengdows.com"
alt="CAcert ‘Web of Trust’ Assurer Seal" border="0"></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr bordercolor="#000055" align="left">
<td colspan="3"><font size="-2"><font color="#ff0000">ATTENTION
USERS OF MICROSOFT OUTLOOK AN MICROSOFT OUTLOOK EXPRESS:</font><br>
Some versions of these products have trouble replying to digitally
signed emails, like this one.<br>
For more information on this error, and how to fix it please visit Mark
Nobles website <a
href="http://www.marknoble.com/tutorial/smime/smime.aspx">here</a>.</font></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<!-- --></div>
<br>
<br>
Stephan Neuhaus wrote:
<blockquote cite="mid4316B046.4060109@st.cs.uni-sb.de" type="cite">James
A. Donald wrote:
<br>
<blockquote type="cite">But does not, in fact, prevent. </blockquote>
<br>
Let me rephrase that. Are we now at a point where we must admit that
PKI isn't going to happen for the Web and that we therefore must face
the rewriting of an unknown (but presumably large) number of lines of
code to accomodate PSKs? If that's so, I believe that PSKs will have
deployment problems as large as PKI's that will prevent their
widespread acceptance.
<br>
<br>
That's because PSKs (as I have understood them) have storage and
management issues that CA certificates don't have, four of which are
that there will be a lot more PSKs than CA certificates, that you can't
preinstall them in browsers, that the issue of how to exchange PSKs
securely in the first place is left as an exercise for the reader (good
luck!), and that there is a revocation problem.
<br>
<br>
To resolve any of those issues, code will need to be written, both on
the client side and on the server side (except for the secure exchange
of PSKs, which is IMHO unresolvable without changes to the business
workflow). The client side code is manageable, because the code will
be used by many people so that it may be worthwhile to spend the
effort. But the server side? There are many more server applications
than there are different Web browsers, and each one would have to be
changed. At the very least, they'd need an administrative interface to
enter and delete PSKs. That means that supporting PSKs is going to
cost the businesses money (both to change their code and to change
their workflow), money that they'd rather not spend on something that
they probably perceive as the customer's (i.e., not their) problem,
namely phishing.
<br>
<br>
Some German banks put warnings on their web pages that they'll never
ask you for private information such as passwords. SaarLB
(<a class="moz-txt-link-freetext" href="http://www.saarlb.de">http://www.saarlb.de</a>) even urges you to check the certificate
fingerprint and provides well-written instructions on how to do that.
In return, they'll assume no responsibility if someone phishes your PIN
and TANs. They might, out of goodwill, reimburse you. Then again, they
might not. I believe that SaarLB could win in court. So where is the
incentive for SaarLB to spend the money for PSK support?
<br>
<br>
Fun,
<br>
<br>
Stephan
<br>
</blockquote>
<br>
<div class="moz-signature"><!-- --></div>
</body>
</html>
--------------060309000508000101000408
Content-Type: image/gif;
name="seal_wot.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.06090203.09070405@pengdows.com>
Content-Disposition: inline;
filename="seal_wot.gif"
R0lGODlhWABJAPcAAA8ME6OLL4EAK8bB1H5UAE0zBqyKFnx2j0UzgK+qwTspejIiar8AQK2m
m0U4bn13b/zw9CocWZIlSDkwVsW5YEUIEZSPp93b5H5pN2lblqcAOOvGIDMzM85wj5GNn1tS
ev75kZEmHjAmUN28wcxmZqAQQLehRcwgWad3EIuDo4yRjsBSZCQgLJkAM1RYVFpMif/mbduR
nTckc2tEAJxvAYqNhtbU3MdwjVYPG7cgUrNtPvDw8Lu5wlk1O/XZa7g6OvPUYWtpbYgRWmxk
htafB0cicpqTsSgaUzElWoGBgLS2s6sWK2E/A350oKowWE5Fa4FWXUAmAJ9QHeS5TrUAPIhG
CBoRGm5jk21WJ4wAL5WTUcWMkJRuHdRAcSMYSt/NZpqEXKSkpO7IRMWkONra2WVYUpJ6RMPC
yFJBib9ggGJWh8VeUsUAQkBCPZ18HVgiKeO1ql8VUq+NN3ReOCcyJoAua/Tg54sQObQFSR8U
QEM6XmRfcDgnc7tAaT8kGSIZQTcqY/f399/e3qGejoV8oo1cAL+AlXNzcrWRIZlmACweWe/A
z7+oXrQtNaSft20kbsGpqa1acxsSOTUjcNaUa4xGLZGGtJV2Pv/rAHRnoHVujd22I83K10U0
e1VSTbRwh9GAm5YRJsSLDYV4e5WOrvvwfYyCrr+7zmUTGGBGGE80F7szSZoMU9+ftVJGd6eH
Oefm6qaln2NUlbWyv6VxB7yDBM2gr52DOjo2RGZmZl1OkZc9S18pDIF8kpeKSLQULtvKzpyT
vBcQMYR4q6pAY52WelRPZNBvf0oSG1I3HWMZZcGgFcu8bExJR0pDZPLx9XsPIP7wKGVee8oQ
TnFMAN7DVqusrp9KGEEmEv7hfL6GV4GBbM3J3cSoQcJAVaGRbW1pe0s6hMzMzJmZmeOqtF8c
ah8XOurQ2T0xYtSvvHpaFz8tfK0AOsC7tbR+CpSVj2tcmnx9e+rd3zAgZHRrkMwzZua/zIFx
RP/MACkfSykhY////3AMHZkAM62DGv///yH5BAUUAP8ALAAAAABYAEkAAAj/AP8JHEiwoMFx
CBMqXMiwocOHEBUanEix4LghLxAo2Mixo8ePIEOKHLkRwYsh4yqqHHhAo0gZMGOSnEmTJIID
Kytq+hiz54KfkybVHLqxpwyamnIaPOARZtCnnWDtOzVvAUyiNGU8DcqHJk6lAse5LNopmKMm
PxeoCbTP0ZGqRuPC5EOXLslJVxw5crWAKx+5R0umBEuvaYZ9bSNEmNcEsSYvb+cFNZq271bA
Pk8hRrfY8qTKnuvSA/sPjcdJjfdpekIPkIV9gZw5s+CI1Id5kvEmGHDK0ZB5DujRe+FZF5qt
Ga5cubAPlrTnuDsRmsXpFClXVf2iATvu4wIjsI0x///gaN8OHjZsIA5ET5GDARdOndqB2BG6
Z/tsIMEd7hlV3FcgJqCAnBxhAX4XDCDVPr0okttGg63UXUcyLDBLcxP0ksIEnMB2QD55DMHW
GV6kYIQiR3iRzwCI6ZHAPs84cIQiLD7DGRLMWQDePmf04gF5iA2Rx5AXPvNBBFbBFKFKE3IE
U4c2SPJHPujQx4MwQ+qB3yx5eOGFK5ockCFizoATpBevIXYAmm3l8QFi4AgjjDSIWZCPbHp4
gNgFbwWlwJIVNbkRH65INcsfIkxA5z4WSOLlmwxK0otUgcCSQgrmIcqWBc7swwkZ+8wyQaUi
5KHnPsZgyUN4Z+zg6g7PPP9jgxeK+AkoRYJuNAR+47DAAS69qPnHEUcQgpgxB9Snhwh/nLEP
GcJI0iEZsOyQT7CwdAgOkeZN4GiHgUygxxPkPqHHBBP0KdStEzW5Djp7iINYPG144kkYiEkj
AhJIlBeIMVJdIIkkXTLHw8Cn7rOHMHqwFaqjXqhngznmeKHZPnF26aUIT3ixmK1KjRPYB2Go
gN8+SdDRjAvOBrKHMw4A0uEFetC3gzH56JGmBUNC2ijBmu1Q6hFISAVLqV4MgdgO0uSTDxIH
wHJAZzGxe9BGvSiRCwBtyBuINWHkQkYg4rQhjRquXBDIGZJosiAsA8wS6xBeKpLgH39AJqIm
XSr/ZgFbNjiypiagNnfBDjYMsdiDf4a8ThLWBEEHALjsYY0gswyBSxAq5MJBM00op4YeQzrj
gRFDiPClKyIcoZgr6ECmiINqyI6bIkMMwAkhMh4xgSbqnTEEEopZxpHVBamwRyzx5OIJIfR8
gA6/SAAiggvxNNMMOISogc7sKBJLrGKK4WY+bmmdH9QCEYhPfvteeln+U8crdUgsKhySSzCm
ZBAOIOdbQD5qkARP7IEUmXAFH35yvgZ65ikx2cpTFhBABs6DfLh5SlcgZL+S5QIcwcjEC9Yh
waAYIxZByEUKhiGLTtClhJPBjAzTshXQ0K8jyBuIDWowjiS4IAX9C4cC/+QiAhWoIAm9sAQ8
hFiXmNQFK0WRoUw+kkOBKGEcKojHIcTBA7A55BDxGMc73iEOJYQhImhMoxqr+A+E1OCDIUTD
OkIyiXi8owYgzIQcocjHmSDPZu8YRA08cYAgigQQ8chiHvfIR13oYiO6gAdd0AAPBVASHpjU
BV0imUm7cHAiDSiDEkYZi23sIRjD0MVYPjKBGtTgAQdQohD7mIBnwEQq4ZjEKS4gg2AMiBtB
4caAHEE/dikhAG5QhR40sYc2OAKVsggHAub4EWOM8RArlMUqsTKMfYQjHPu4QBPmAYsEfGcf
DuQGN3DzogxOgl1mEAMIKKAObACAa+BoQiYyYP8cabqEDyKIRyySsEhq8hEN+7hCEwKXAEDs
IwWKIMU+SEHRI82DGzZQwwdsMIAZWeVWgngFEEAAAiCMgQYzYEIB/NAMY1xhn8ZBAwL4gIt3
oJB//usjR55BCusMARZvckUEJMqJomrCQR0SECE8Ng8Z3KoYY/BBNmBQilJEAx9EcEchUpqK
VJRhCFfIgCwckItBKC8YTciITjeiTiN5YR+rIpZEU2S7oqYoWE/o061uUQ0QZGOqMIgGJjCB
VXckggBMYII6sJCLYZzQGvHoRRwN2sdgxMpLPHjGALwk0Q949jYXtYFnX5RXyQCqHXLwgV+z
4YNucIEAiaBBIRKRiK3/RiEKTKCGH1gQRnAYwQiZUOVaFXCYU3jJWEbg7ID2oYgFJBVGydVr
Qb4xhaqWggJzmIMUpHCNEIRgBjOgRiGoUYAC3BYAVmiDejUxDHgwso8VigBkFCM+3LSPWA6y
b/wgY1qCkEGkfmUEBirxiwL/YgmhgAYvmDDb2lKDAAQwLxMIoI4DNEG4a53EBRe3YQa+z3yz
Gx+SnEoQJUSVGffAQCMKvAZKxGALK0gwKiZciBrbOBG1IIIbepHKbUIRJkD5TJA1bD7LULDI
QVkSGKqB4kus2BtwEFAg5GGLXfADB7mFMDVmgGMiLOMBltAjZeErw8tEUIKNE4gg5EABX5hh
/8UkkAdszrGIQFSqHbtABQ5mAGE+00IUiLhHNmc53JFQUpN14SQmexKhQXRDC2ZYwy/WIOdA
kGMV3rBDIBDXgCurghqgLoQ7EHGLIJhChD4udEdehBhudAImwhSQBgdDhlt8QQs6+MUPorwP
CBzjF94ghz3kQQYlQAEHWPbzqM0ADlO4d8yq5kg3TaGWZ5hzEupsYJIF0oBuZOMbP/hFnBFz
Dm/8ogMrWMUIbKCEUeAAGarg8qgDcI8DsJDQ0fbILhcwO0c8YzEY1agDPvZOgVA3G4zQwRJI
YAfExOAXq1gEOUABDHFYYxRvqEAymECLUZf61GrN90fUCT6JKua5Fv8geEr+C4RSfEHhlA6E
HUggbghAABY2aMc4DpHxZCSDBu5wxyV6EURoi7yW5EsALE5eIPnlJiXt8HYpqqGNJTQCDpv+
9S9WYAtgnCEMNSgDMirwhlR03AD3QCuGRe6R4n5AoqRgOl2bOwk+pGTJVa1GNxqxhDW4yh4r
WMISPtGOksWjBxXQeCKCHoBYipntPLmCVHiKogjY1XW5sXutvwADGABhCjoIRSgoAQtYAAMS
WwBb/hCv8ULQghbLuAQhCBFNyINEw+8r34bhoiRYDOIbFPgCEMSwiWuIXhvtOIMSrDGOGgSB
9cnAAi3cYAC0E+LCqYZ8hTZcPAtapX7/IEP/A77BiGpsgAjXgAY0KgGGIx5C7ImPPhfcEAAD
cEETzn6v7SnkfRiCXyA8UgwmQAREIAWocIBv8AZjF39YwAX+cAu34AZzcH1rt39NIUM4ZBD7
IAjfUH+FgAOJl3jYoAqfhgIPaAaXwAW5cGr6Z2iY9IIwoWiIxgeUVBLwMFN0gUk4iAAvqIN1
YTXPIA6DYAbqUAAjyARdRQ2JcIJmwAVzYG+1VxO+NCDBNExB4UswcRgZIANRISBNMAmHMSAZ
8BRVtAOx4AksgA0FAF4zUAi1gAi+kIITiGpEIQPgAT4LkG3z0E7z4Es/oYXnFA4LcArPUBUL
cBhqMDtPpxRhgAYO/zABHOAHflAA4mWCKtheLXgX4FFfnJBRGwULMwIeuKEG+5CIAbI7roB5
80CKHyA7H+U464AAsugADsABHJAKXFAGyhFyQ2GH+zA+FyUgA5BXRyBRs0OKaqAYV5BUCeBR
h9GK6sJGbdQRsYgA4YAGaOAKL9BPRkcSvoRfecgNSDAANqA6Q7UPioGMR+AKTYAir/EBzYWI
mKckISMS1SiL3eiN6Pgx6nQE99GMERAgjvABHQIIxfhQavAinDEP8thc9JgT4yAEFuhL89OP
bGJR/tYcUxMBgFBLzfEYb9GQViEE0jgObCAERWB7FaKIQcF9GIQb4kMs5nNfMtmSiyMEbP9Q
kmzABnggBOWQkvkGE+gDZA1kiPz2PmmhCEgplHEQByWwkzq5kzvJCkKgDEBZaFoBQzDUf+tz
ZAtQBMogBKzADlTAAFAZMlKZlmq5lmzZllLJAHBplnE5l3RZl3T5lnAplVHplnzZl375l4B5
lhAJmNPQBSewk/VwmDtZmF2QlvXQBZDZBfWwkydgmI4ZmZPJBpU5DYjZmH65l33ZBftgB3C5
CKAAl8cAAYhhB/VQmgOyCFRABa2wD+cQm64pIDFABfWwD6c5DRBADnHJl6DJl6IJAWmgAaZJ
BTmwD62ABzlwDnagAbFJBfZgDy1wnewAAbOZA9LJAIuwCBqgAbP/GZ6gsA850AoQgAfswA5m
6ZYliQd/KZqgYAdZYA+goAEdsA94cJ2RsA9OoAHrWZ0CIABZsAL+CQGfkAUa4J3nQAzEAJ1Z
0AIlYAf2sA83cJ3d2ZZ4UJKsEJ/7UAIQEAn22QLleZ0tQAz7QAwtIJ0CKgAt0Ap20AK2cA4u
SgWLICD2sAsEqgF9sA/2kAVAKp1uyQrS+A914KEtYAgUaghZkAb+GaFOKgERaqM/GqGqKSAS
0ALs8J13MALncAc7qgH7YAgDqqXtyZZ1QBr0AJ+huQ8tcAeqSaYgeg6RkAYQYJ1T+p1AaqAd
4KD7kKDIuQhZIAHPYAsuSpZjWqZU4JZ42TAa3PEIfimaLZAFhpCoWeAEFcqcJRCkNiqoWYCe
LTCg6UCjLVCdWSAAlaqi7MmbO3qma/kIRSoQB9ChfUkFGmCiAxqhkwqkQGqmDHCrKxqevNqr
4bmrvcqevxqh7NmWrPAVpPEPmoCTfEkF7BCewKql1WqiK1qWDGCr4Zmt2oqt1mqtyMoO2+qq
UikESfGsLPEIbMqW3Tqd1Iqs1PqtZbmT8Sqv+rqv0xmXtrmWePAIzsquYUEPdcAK75qWdrmw
eLmwDmuXaYkHrFAH9BCrErJGGJuxEEERAQEAOw==
--------------060309000508000101000408
Content-Type: image/gif;
name="cacert-wotseal73.gif"
Content-Transfer-Encoding: base64
Content-ID: <part2.00060101.04000305@pengdows.com>
Content-Disposition: inline;
filename="cacert-wotseal73.gif"
R0lGODlhSQBJAIcAAAAAGAAAIQAAKQAAMQAAOQAAQgAIOQAIQgAQQgAQSgAYSgAYUgAhUgAh
WgApUgApWgApYwApawAxWgAxYwA5YwA5awBCawBCcwClAACtAAC1AAC9AAhCawhCcwhKawhK
cwi9CAjGCBBKcxBKexBScxBSexC9EBDGEBhScxhSexhaexi1KRi9IRjGGCFSeyFaeyFahCFj
hCHGISlaeylahClalCljhCm1OSnOKTFjhDFjjDFrjDHOMTlrjDnOOUJrjEJzjEJzlEJznELG
QkLOQkLOSkpzlEp7lEp7nEp7rUrOSkrWSlJ7lFJ7nFKEnFKEpVLOWlLWUlLWa1LeSlqEnFqE
pVrWWmOErWOMpWPOhGPWY2PWa2uMpWuMrWuUpWuUrWvWa3OUrXOcrXOctXPea3Pec3ucrXuc
tXultXvee4SctYSltYSlvYTWjITWlITehITnhIylvYylzoytvYytxoytzoyt3ozejJStvZSt
xpS1xpTelJTnlJT3hJytxpy1xpy13py9xpznnKW9zqXnpa29zq3Gzq3G1q3nrbW957XG1rXO
1rXnvbXvtb21773G1r3O1r3O3r3vvb33tcbG78bO3sbO78bW3sbW98bW/8bvxsbvzs7W3s7W
587evc7e3s7e587vzs73ztbe59bn59bn/9bv3tb3ztb31t7e597n597n797n/9733ufn7+fv
tefvvefv7+fv9+f35+f/3u/v9+/35+/39+//7/f3zvf39/f3//f/Wvf/lPf/9/f/////AP//
CP//GP//If//Mf//Of//Qv//Uv//Wv//Y///a///c///e///hP//jP//lP//nP//pf//rf//
tf//vf//xv//zv//1v//3v//5///7///9///////////////////////////////////////
////////////////////////////////////////////////////////////////////////
/////////////////////////////////yH5BAAAAP8ALAAAAABJAEkAAAj/ALkJHEiwoMGD
CBMqXJiQUxM8DAvOCXMkohkzThRiqRQR4ZoBEgikGFiL2ygnTkYZDDJggoCFoxRYGGCDYKAz
WLBU+TAgVseDFASyGRCJG5aXZxgkUFQQS8+ILwt+lEBhgoQJYX5yg0QAoaoHQbhZmCAwASeB
ty4JfMCAGyiEarn1yKHqki6BgwII9NKW2y+BsVxxYypQ0S2BqlSGYXCJ1EESLy4loFALS18s
ChpQ4aaASw8GZAkOYnDgATcGMwdAEmjDNLcUbUUwQPKHgIceCb4IJLCIm4oFCoIoGCEgqEEa
Y+N8OKJAoBHTLkoosiAhhaGoeAWs7kBlghmEMYPU/zIC5IGD1z046AbSlkvXKtwGWUjY4wEW
sQy8mGTwQUITsRSElRRBArwlliEKrIGQIQMM9MEE2wikS3OxMKAgN0EsIBAFWSH0Ql8TzLcV
AXHgUQUeIeoylE8DCSDGLR6YpsAZBw1CQQkCucLAfQLhkcAfoPH1HwMicENAGDmoZBADQHBT
CwE0ChQDAw88kBQFCYRGkBgHHDDSLQd0SBAQBEygwA/cfDFAbwL9ocADYVAAZwIKUCDYAwoc
oNWeBIWBwFl8BiqoRnkQsNmgiCbKjR4BEACRopAKJMsokAyCxx+DKMLJKoPqIk0yx0ATYaQG
1RJHDylYUOUEE1RJgQg5YP+hyF0/VRMMMMAgE40tT1CBBRfActEEYYLqgkUHFFggQgouvODs
Cy6kIIIFFVTwQRglMbQNMsAU44wdAq1BlQXkqtrDoHFOsOwLKbTr7rvRSjsBBUewmJA1yGDD
TSkFGCFQDx3E225ffNrwKrvvJqxwCuy+utA0zQjEBQUUDMJNExy8+8IDbGqV7MIgK+zCB0Uq
BE0vrCFL4xEdwGtBDntSK3DINH+AwkK6MMONJRWQK1AKHySMgnEdHVEBzeyK0AEHNrswM9A3
K6QNMMOYAQEHTOGRscIVd2QjCSGLYBUJOeQwg6oZC2wzQ8sAUw0gd4Gi7MIW8MiQBR0grDC5
bHD/SpIhMFAQcLtrMwSLgVVQEPTCy9Kq0BwTPO1ugI4bNIgIFDBc+EJyvPqBBSjovXdRC6mw
eMIvSABfQbY08sYbogh0xAPSRr0QDQz0vGy7uydc90IoMpuwCxScW1Are0TRQgYYRCEQ5BaM
JFA210izzDHGFGMMMbzUUUUOKmBeAQU1XNA74SUnhEYKr86MuUG6CPKGJrcgokEGkuA1QQXc
PHMrrgAEIDIIogpI4CEJr3hBBzxggaCxywKrQYguqKCLNVggc5O7EEEkkQZcDCQNGdDCQP5w
hWsQAxjSoIY2phGNZzADGcXwBCsOU5Bg9CITeEACCiRggRdQIEoHqYUC/w6FhQdETwQkyNZA
UFGGPRAEFxjgQUGocQx9ZUEKBolAD3MQBCzEARO5wNVAflGJGTyAAjBDiCKugiZupIIGrMpI
QQjhA0TM0Y4EoYYxpiEQDBSBIIqYwIPIRbEHPKF/dFCSQCrxAgUYyCBniN7RWGSICfjBIG/Y
ACEYUo0TaoMbiMDAHQbShBCtIQcieOAhWMOAWBHLDGIqyBE+EC0OMCCC3FAFJjMgg4H4YgOa
OIg2ojGQKA7EAxNQSQ888IKg0fAPFOAAxSrABcE46SCigw0QPsENSbiBEZXbQAYysIEWYCAD
C9GEOJ03mASs5hMWAFsF7FYLJEYLc0QKArEIQv83DoxBE2UoAhTaYIqBtOB+GNBAKyTICB8w
Twk0PILx4oDBrg0kBxaIl7NEIIE8HGRhLqhATVpBBA3czwdw8IVAZhE7g2ziDT4AAfM00AiC
VIBFR4geCSzgt3BNAHUWqIhBQGqBNnbTBPcbpwY2IIMlKOEGK0jqOKeqAUYUpBDGi4UIUmmB
mhDkFg5YmGsKArKiHk8LJ8iASdfKVrYqYZMGycGjIPEBsFlAP2Q9Xbs2ZjGyLowDxjPILgSx
hSGwwASIPQEOonAHVCiEAkpShM3YFxeCUIECKkhY3oa6sA+8gFQDgcRYIYFEJB6kENFTGMEG
MgPGcUCCKg2UGcZ6CST/WiCWBIGBXttl0YEE4XzumoASCeKLUKDCg3vqgZZUsVULWKwW0IXu
XYDggb0xoSBhyCjX+moQTSBCEMH8ySguaC8bBO0D46tWtZIFXMKhYLiVzGaqhGqQWQhCEGWA
a0QiSYFVCuQLqV1YCUJGgUIQJBYOkNxWaWgQQrwhDVZALkOAIE0xDEQRGKTZXw/loPayT4MF
kYQWwMADxxKkEPQdyCiQ6AGvssYCmdVwwkgmywC/i6MIaYUVoiADPOLlKgaBXLQKPBBS0E7G
ezPwQPBwtIVRYAcIsUJM9ZuHjxmkB9r1QPrS9ADJaXieBNEFyUA2AQ4ThMcamIRAurNV2w2E
/wHuIh6UB6KDCXCgXHi2QHUVRsuCxCFyZHbBI7nRig0YmhaUqIrm3ByfLrtLBRIIrDaAIAQj
WPrSRmBCELSbMAlwkyAN9HKqLNCEPwjmDSGYwh6U61n3FgQInHaXBLrAjWpA4xkKgTPXQMyN
Nfw0ZDtVlQiylYifqo3RY/ZdHGoNDWVEDCFAGx4H0kiQIDQZpD4UkUA4ANzNxSfD7lqW36ax
jGIkwyOAftdOATWQXUxLcpl9gFG5kVOFicDNWKBANgFLkGkUQxjHOAgkbOyuCrDhIHXamwI8
OpA/d1bb3Njq3oAoEGkIAxjKMMgvou2yJh1kBhWo7gtIQAEbVO45Cv9DwQWNConq7E2RA8HG
MIBx7qYQvF0T2IVHMHdB3QzEFcQTHrSC3QMlCwRjz3rWB2iQkJnjGpAUaFbSN1ZZg6ziCiNw
BEEi2WQSiKACD6jAD7j75gew6uxmCktCmhGMbISZSmhnFQNcfJBspKEPk8AFGyTAgGSVSwRN
eARCZLGGPxj+8H+Yg2MUsgu3E8QQl0K84Rl+kFbwgQxKIMMpXFEJSChCEZDgBINBS/rSm54h
caABxRCwutOb3gYBgEEYXoCCCvjL9aWHAQEMhLkPUBv3kSJFcQQCgweg6AMG+QTMuXEJRY5i
9LX4w0DYzY1F2EsgoBg9LplfuYJUwqtseAn/HuREEE4oYADnXw1XBsAABADpAAzQpUAqoKc5
BEABbYnDAASgbSA06kjcYAMCoAA6wA1UEAABYDcKQQBqwQlmQhAHsBlhAADZdwC6gQRUcgSl
FBecsCODIACRcFlhQACDoAcDgQAOwE1d1SqxwAESdQCjQHYJQTFA0AM2IBsDEQsEQDSDcQAl
gwfzIS0DcQZdMRDSggBVF2kCgQUEoEHkggA/oQYMoAMSRwISQBCHoAAJ4DhzgABjJRYqkCMT
oCED8SYKKAYPkAMMIAAMYGFCQQESsHwJ4QoKAAMDoQpXUXWqQCX2ogh1IhCcYB8m4QAToCBh
cQkP8FmWNQE/0ARzwVAQTNAAeIUQoOAaqoAAejIQt6A4L1AJOxEuAjBBdpgmAXAYcZAA3DAH
dUIWKdAgRsAAMsgcBJED/MMNOyAB8mcQm0EBCoAAA0AAyEcQtdAqZ6cUApAAYRAL+HcAbOhz
arAACZAARnAJDGAADnAXCIAA28cNj/AACfCLBpCG3GAICbBaCBEHYRAGj4JdaKASuhAGXHAG
EUQKYeAFaNAJBLEGWPBcTfAF2dJF1ycQl4AFYcAGhUArn2AECgh8DHkQAQEAOw==
--------------060309000508000101000408--
--------------010906080106020508010508--
--------------ms010205060400030407000904
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKXzCC
Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI
EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv
bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi
BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5
NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy
Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC
dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB
kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh
d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD
gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi
w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb
NU1341YheILcIRk13iSx0x1G/11fZU8wggOKMIIC86ADAgECAgMPYJswDQYJKoZIhvcNAQEE
BQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1
MDgyODAwNDMzOFoXDTA2MDgyODAwNDMzOFowgakxDzANBgNVBAQTBkRhaWxleTEPMA0GA1UE
KhMGQWxhcmljMRYwFAYDVQQDEw1BbGFyaWMgRGFpbGV5MSMwIQYJKoZIhvcNAQkBFhRhbGFy
aWNkQHBlbmdkb3dzLmNvbTEnMCUGCSqGSIb3DQEJARYYYWxhcmljZGFpbGV5QGhvdG1haWwu
Y29tMR8wHQYJKoZIhvcNAQkBFhBieXRld3VsZkBhaW0uY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsndiAxzl3D2f+nOTQcPlwWoTD1hFN58Boc3BeiW/0eV2FwwsC0c6
37enTowaLbGOYU5JOGU6uYi/eYUeY7Ge3uN18ShOhRUsTWDQ3Y8yclz68kTyVctByWvYxECB
2Bm6QTI166T8y1y2N3+sfpecYJSpdDVq6cL82znGJyYVGVkInhahfj2QSF09LL2hDoUpVOdG
Qu2gRMye7Uy5fZ012bzqbOJAAwzM+am5BxEeXD8HamN9tZymCXWEGmZBdcrpk9XVDcnDHYfe
639ApqU+Dbi6uyYAtc1QhFiaeWMxCwTBSumWQsw3Sgfm+xxuKTcu41yQnrtQTMT2tUJqRKJ7
+QIDAQABo4GBMH8wDwYDVR0PAQH/BAUDAwf5gDARBglghkgBhvhCAQEEBAMCBaAwSwYDVR0R
BEQwQoEUYWxhcmljZEBwZW5nZG93cy5jb22BGGFsYXJpY2RhaWxleUBob3RtYWlsLmNvbYEQ
Ynl0ZXd1bGZAYWltLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBADBypc1c
SLRlwln5n2/MksNpJb0CXi71MeqR4RG5JlBYuALF/SxCKwfU4CCw8azboRszQNPLgicQUTT8
EZpDr4f+s9xK2R0V6mKNDtHSMHUdW3w5zlGchhqua+zfHWlJovkMiP3Tpukb53V2aMtGoh6B
QFZEq8nSiHAOhLLNdgT+MIIDijCCAvOgAwIBAgIDD2CbMA0GCSqGSIb3DQEBBAUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNTA4MjgwMDQz
MzhaFw0wNjA4MjgwMDQzMzhaMIGpMQ8wDQYDVQQEEwZEYWlsZXkxDzANBgNVBCoTBkFsYXJp
YzEWMBQGA1UEAxMNQWxhcmljIERhaWxleTEjMCEGCSqGSIb3DQEJARYUYWxhcmljZEBwZW5n
ZG93cy5jb20xJzAlBgkqhkiG9w0BCQEWGGFsYXJpY2RhaWxleUBob3RtYWlsLmNvbTEfMB0G
CSqGSIb3DQEJARYQYnl0ZXd1bGZAYWltLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALJ3YgMc5dw9n/pzk0HD5cFqEw9YRTefAaHNwXolv9HldhcMLAtHOt+3p06MGi2x
jmFOSThlOrmIv3mFHmOxnt7jdfEoToUVLE1g0N2PMnJc+vJE8lXLQclr2MRAgdgZukEyNeuk
/Mtctjd/rH6XnGCUqXQ1aunC/Ns5xicmFRlZCJ4WoX49kEhdPSy9oQ6FKVTnRkLtoETMnu1M
uX2dNdm86mziQAMMzPmpuQcRHlw/B2pjfbWcpgl1hBpmQXXK6ZPV1Q3Jwx2H3ut/QKalPg24
ursmALXNUIRYmnljMQsEwUrplkLMN0oH5vscbik3LuNckJ67UEzE9rVCakSie/kCAwEAAaOB
gTB/MA8GA1UdDwEB/wQFAwMH+YAwEQYJYIZIAYb4QgEBBAQDAgWgMEsGA1UdEQREMEKBFGFs
YXJpY2RAcGVuZ2Rvd3MuY29tgRhhbGFyaWNkYWlsZXlAaG90bWFpbC5jb22BEGJ5dGV3dWxm
QGFpbS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAwcqXNXEi0ZcJZ+Z9v
zJLDaSW9Al4u9THqkeERuSZQWLgCxf0sQisH1OAgsPGs26EbM0DTy4InEFE0/BGaQ6+H/rPc
StkdFepijQ7R0jB1HVt8Oc5RnIYarmvs3x1pSaL5DIj906bpG+d1dmjLRqIegUBWRKvJ0ohw
DoSyzXYE/jGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMPYJswCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwOTAxMTYxNTE4WjAjBgkqhkiG9w0BCQQxFgQUWt3h
ah7LokGXOLtVYA/UDA95AzQwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw9gmzB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMPYJswDQYJKoZIhvcNAQEBBQAEggEAVBqmYeP+19QT42de
lFS4WSV5PXF+E+7t9cm9gl5tDBiKBk3hSb/0z11SpUZQtiB0O51ouEgrHWpcT3SjBJkIqrOy
jjqeSsgZkFPws/IP//A+RhLwieviODmfeNcrrWXnc+IN1lq11W3oZBQ/GrnoN0IPPIfe0M5v
5C8RF8nKjFZ246HIs4OqaSWPGxDV2wUD5kaIrEeIt25lThsIvh8AEX47/10folSnr1NKg9Oq
qjCCeNSUiKVU1yxpmgOUBKnkM1jVQAzZrMzJfYSkwdSaEId0wzu8lmsmXHUhUBhKMhww/6Rs
BUKICfsLn3mulRH8Cg760uoVfjHdZLPRfQPhhwAAAAAAAA==
--------------ms010205060400030407000904--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
