From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path:
Received: from mp10.migadu.com ([2001:41d0:2:4a6f::])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
by ms5.migadu.com with LMTPS
id kACzID1G9WIJsAAAbAwnHQ
(envelope-from )
for ; Thu, 11 Aug 2022 20:11:09 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
by mp10.migadu.com with LMTPS
id IMapHz1G9WJ+5wAAG6o9tA
(envelope-from )
for ; Thu, 11 Aug 2022 20:11:09 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by aspmx1.migadu.com (Postfix) with ESMTPS id 08DAE7D1D
for ; Thu, 11 Aug 2022 20:11:09 +0200 (CEST)
Received: from localhost ([::1]:38560 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1oMCeC-0002V5-5h
for larch@yhetil.org; Thu, 11 Aug 2022 14:11:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53224)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from )
id 1oMCe7-0002SW-Cp
for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:36986)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from )
id 1oMCe7-0000u3-4L
for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
(envelope-from ) id 1oMCe7-0005jK-0A
for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#57091: Git authentication reports subkey fingerprints
Resent-From: Maxime Devos
Original-Sender: "Debbugs-submit"
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 11 Aug 2022 18:11:02 +0000
Resent-Message-ID:
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 57091
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Tobias Geerinckx-Rice
Cc: ludo@gnu.org, 57091@debbugs.gnu.org
X-Debbugs-Original-Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= ,
bug-guix@gnu.org, 57091@debbugs.gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.166024146222019
(code B ref -1); Thu, 11 Aug 2022 18:11:02 +0000
Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 18:11:02 +0000
Received: from localhost ([127.0.0.1]:54967 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from )
id 1oMCe5-0005iy-JO
for submit@debbugs.gnu.org; Thu, 11 Aug 2022 14:11:02 -0400
Received: from lists.gnu.org ([209.51.188.17]:54048)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from ) id 1oMCe3-0005iq-Q0
for submit@debbugs.gnu.org; Thu, 11 Aug 2022 14:11:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53220)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from )
id 1oMCe3-0002S8-Jm
for bug-guix@gnu.org; Thu, 11 Aug 2022 14:10:59 -0400
Received: from albert.telenet-ops.be ([2a02:1800:110:4::f00:1a]:40434)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from )
id 1oMCdz-0000tT-3S
for bug-guix@gnu.org; Thu, 11 Aug 2022 14:10:59 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
by albert.telenet-ops.be with bizsmtp
id 6JAp2800620ykKC06JApFg; Thu, 11 Aug 2022 20:10:51 +0200
Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be>
Date: Thu, 11 Aug 2022 20:10:48 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.12.0
Content-Language: en-US
References: <87iln12kjc.fsf@inria.fr>
<78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org>
<5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr>
From: Maxime Devos
In-Reply-To:
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------SRz3u5mokG55nU3qYAeswkVb"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1660241451; bh=z0FfxyIphdHf9x7obNvcg0n2I5ZpYfn13kSh0Tb5Gg8=;
h=Date:To:Cc:References:From:Subject:In-Reply-To;
b=fgvr4DuLLv+illwMYHswqVg4hhyjrpnBqGZnQQE9d5ZJ5DaGzRpCM1UcSGTXl5i8S
sE0Np4UQTOh60v6l/b8xxJ8SSiDbHmyL/TgEyM1fkoRmzvmulEGzEsQKw2NND+BkTo
ia4Wft933ROfDruabFf8otDayEQ2RJxMGdrq5+qG+a2lcoL6fjS3lfU6EXGlbLB3pj
gu/MDnjQ2uGYF5gr6UhvoH1wSB4lS7EMNVxV74AaIqHBVbNtLD9PUWnaeLr1PFoylp
RylGeOFGppmssagUq39RpzXpwT9c5MxBkuQQNTJAeT5xafFTd8seythAozKw6xsVKB
kfug+ZdCQRaxQ==
Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a;
envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix"
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
s=key1; t=1660241469;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-type:resent-cc:resent-from:resent-sender:
resent-message-id:in-reply-to:in-reply-to:references:references:
list-id:list-help:list-unsubscribe:list-subscribe:list-post:
dkim-signature; bh=A+lx96+DRoe/qOGTIdMQarLjK0pD5v3NyTqxaQvmsx4=;
b=ktc5Qqj50tXMUfqsR15s1Yu76lbxPYUjqb5pTNmY1YCbytvtNR2f8lo9hMOkzt4KwLiPhX
C95Wl8CgOob7OgS0zRiawl1fGDVzVtN10Rbqsn/mjfqZ0q2RlErT6UWgZSlp9YqHd+k1Qp
Jv13AkVX5hxnH3ciZxJ8SZQ4n2khMVXNcptw2kOpoibNg3GSdA3dsyy6+sMJx+7IwC5wVm
nMjdcZMinMST9xZpuSUPzX/gCMdldnA8+7v004rQmmy/aqrRXEV36bClwxuTSUjsopvlAb
vnPYBV7StN7zpDeHOe7gsfXA9sBvI+qzDV/OFE5cX1QfcKIEmfxJdioiT4YKAQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660241469; a=rsa-sha256; cv=none;
b=B7TdJjDhZj+V3ZTKhkpP9r+ANBCRlhf1ISmhXr9uNov+JwJszcQN8iIbNp/Nffcdwg6Nj8
0Auu8JqmP9UJgrDWTTGtCfqvdmU+79N3CNkXIhyw7uewBwjAb5LcqZrtlXG7mJ5+3rDjMZ
UCbNX3mHEFnoKBEI7f61wjGkin2gG2w9bH83vJisyJ48bH9XT/Iff29c5Sk4Uv9/lDEXf4
RrIZRrwZATupT5dEkkygGxS0+tgpT/E8/eLK6WmXqMiQM2ighpHB22o6pT0HeXX1cawBzx
M31TULvU3694ZZXVUIMoOj3Vq7Tao8EnXgkrHfgKZNrPQaICYn5X+BsHkQL9Kg==
ARC-Authentication-Results: i=1;
aspmx1.migadu.com;
dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fgvr4DuL;
dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 3.02
Authentication-Results: aspmx1.migadu.com;
dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fgvr4DuL;
dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 08DAE7D1D
X-Spam-Score: 3.02
X-Migadu-Scanner: scn0.migadu.com
X-TUID: H6echZO88ffm
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------SRz3u5mokG55nU3qYAeswkVb
Content-Type: multipart/mixed; boundary="------------nlXmMSZjxpQx43Aco8zZRsth";
protected-headers="v1"
From: Maxime Devos
To: Tobias Geerinckx-Rice
Cc: bug-guix@gnu.org, =?UTF-8?Q?Ludovic_Court=c3=a8s?= ,
57091@debbugs.gnu.org
Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be>
Subject: Re: bug#57091: Git authentication reports subkey fingerprints
References: <87iln12kjc.fsf@inria.fr>
<78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org>
<5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr>
In-Reply-To:
--------------nlXmMSZjxpQx43Aco8zZRsth
Content-Type: multipart/mixed; boundary="------------OWJnhYPKO0mshRsPcilPs8DW"
--------------OWJnhYPKO0mshRsPcilPs8DW
Content-Type: multipart/alternative;
boundary="------------F0CGEnD4qaZ0t3sibgCnpsH0"
--------------F0CGEnD4qaZ0t3sibgCnpsH0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
DQpPbiAxMS0wOC0yMDIyIDE4OjMxLCBUb2JpYXMgR2VlcmluY2t4LVJpY2Ugd3JvdGU6DQo+
PiDCoMKgwqDCoCogRXhwaXJhdGlvbiB0aW1lcyBhbmQgR1BHLWxldmVsIHJldm9jYXRpb24g
bXVzdCBiZSBpZ25vcmVkIChmb3INCj4+IHRpbWUtdHJhdmVsLCBhbmQgcHVsbGluZyBmcm9t
IGFuIG9sZCBHdWl4KSwgc2ltaWxhcmx5IHRvIHdoeSBpdCBtdXN0DQo+PiBiZSBpZ25vcmVk
IGZvciB3aGVuIG5vIHN1YmtleXMgYXJlIHVzZWQNCj4+IMKgwqDCoMKgICogU29tZW9uZSB1
c2VkIHRvIEdQRy1zdHlsZSBzdWJrZXlzIGdlbmVyYXRlcyBhIG5ldyBzdWJrZXkgdG8NCj4+
IHJlcGxhY2Ugb2xkIGV4cGlyZWQgc3Via2V5IG9yIHJldm9rZXMgb2xkIHN1YmtleSwgd2l0
aG91dCBrZWVwaW5nIGluDQo+PiBtaW5kIHRoYXQgR3VpeCBkb2Vzbid0IHRha2UgdGhhdCBp
biBhY2NvdW50Lg0KPj4gwqDCoMKgwqAgKiBBbiBhdHRhY2tlciB1c2VzIGEgY29tcHJvbWlz
ZWQtYnV0LXJldm9rZWQtb3ItZXhwaXJlZCBzdWJrZXkgdG8NCj4+IGNvbXByb21pc2UgdGhl
IGNoYW5uZWwuDQo+DQo+IFdoeSBkb2VzIG5vbmUgb2YgdGhpcyBhcHBseSB0byBwcmltYXJ5
IGtleXM/IA0KDQpGb3IgcHJpbWFyeSBrZXlzIGFzIHRoZXkgYXJlIGN1cnJlbnRseSB1c2Vk
IGluIEd1aXgsIHRvIHJldm9rZSBhIGtleSANCihmcm9tIEd1aXgnIHBvaW50IG9mIHZpZXcp
LCB5b3UgcmVtb3ZlIGl0IGZyb20gLmd1aXgtYXV0aG9yaXphdGlvbnMsIGRvbmUuDQoNCkZv
ciByZXZva2luZyBzdWJrZXlzLCB5b3UgdHJ1c3QgR1BHIG9yIHdoYXRldmVyIHRvIHRha2Ug
Y2FyZSBvZiB0aGluZ3MsIA0KYnV0IEd1aXgtbW9kaWZpZWQtdG8tYWxsb3ctc3Via2V5cy10
b28gZG9lc24ndCBoYXZlIGEgY2x1ZSB0aGF0IHRoZSANCnN1YmtleSBzaG91bGQgYmUgY29u
c2lkZXJlZCByZXZva2VkLCBzZSBidWxsZXQgbGlzdCBhYm92ZS4NCg0KVGhhdCBjb3VsZCBi
ZSBzb2x2ZWQgYnkgYWxzbyBhZGRpbmcgYSBsaXN0IG9mIHJldm9rZWQgc3Via2V5cyB0byAN
Ci5ndWl4LWF1dGhvcml6YXRpb24sIGJ1dCB0aGF0IHNlZW1zIG9wcG9zaXRlIHRvIHRoZSBw
cm9wb3NlZCBjaGFuZ2UuDQoNCj4+IEV4cGlyYXRpb24gdGltZXMgbWlnaHQgYmUgc29sdmFi
bGUgYnkgdGFraW5nIHRoZSBjb21taXQgdGltZSBvZiB0aGUNCj4+IHByZXZpb3VzIGNvbW1p
dCBhcyAnY3VycmVudCB0aW1lJyAobm90IHRoZSBjb21taXQgdGhhdCB3YXMgc2lnbmVkLA0K
Pj4gb3RoZXJ3aXNlIGFuIGF0dGFja2VyIGNvdWxkIGp1c3QgbGllKS4gSSBkb24ndCBrbm93
IGEgc29sdXRpb24gZm9yDQo+PiBHUEctbGV2ZWwgcmV2b2NhdGlvbiBvZiBvbGQgc3Via2V5
cyBidXQgSSBoYXZlbid0IGxvb2tlZCBlaXRoZXIuDQo+DQo+IEdpdCBjb21taXQgZGF0ZXMg
YXJlbid0IHJlbGlhYmxlLsKgIFJlcXVpcmluZyB0aGF0IHRoZXkgYmUgYWNjdXJhdGUgDQo+
IGdvaW5nIGZvcndhcmQgd291bGQgYmUgaW1wb3NpbmcgeWV0IGFub3RoZXIgJ2FydGlmaWNp
YWwnL2lkaW9zeW5jcmF0aWMgDQo+IGxpbWl0YXRpb24uwqAgSSB0aGluayB3ZSBzaG91bGQg
YmUgdmVyeSBoZXNpdGFudCB0byBidWlsZCBhIA0KPiB2ZXJpZmljYXRpb24gc3lzdGVtIG9u
IGFzc3VtcHRpb25zIHN0YWNrZWQganVzdCBzby4NClllcywgZm9yYmlkZGluZyBzZXR0aW5n
IHRoZSBkYXRldGltZSB0byBzb21ldGhpbmcgd2F5IG9mZiAoZS5nLiANCjE5NzAtMDEtMDEp
IGZvciBwcml2YWN5IG9yIHN1Y2ggaXMgcXVpdGUgYSBsaW1pdGF0aW9uLg0KDQpUaGV5IGRv
IG5vdCBoYXZlIHRvIGJlIGFjY3VyYXRlIGhvd2V2ZXIsIGFzIGxvbmcgYXMgdGhlIGRpc2Ny
ZXBhbmNpZXMgaW4gDQpjb21taXQgZGF0ZXMgLyBhY3R1YWwgdGltZSAoKikgYXJlIHNtYWxs
IGNvbXBhcmVkIHRvIHRoZSBleHBpcmF0aW9uIHRpbWVzLg0KDQooKikgb2Ygbm9uLWF0dGFj
a2VycyAtLSBhc3N1bWluZyBmcmVxdWVudCBjb21taXRzLCBhbiBhdHRhY2tlciBjYW5ub3Qg
DQp0cmljayB0aGUgZXhwaXJhdGlvbiBtZWNoYW5pc20gaW50byBsYXJnZSB0aW1lIGRpZmZl
cmVuY2UuIFRoYXQgbWlnaHQgDQpub3QgYmUgZ29vZCBlbm91Z2ggZm9yIGJyYW5jaGVzIGxp
a2UgJ3dpcC1mb28nIG9yIGNoYW5uZWxzIHdpdGggDQppbmZyZXF1ZW50IGNvbW1pdHMgdGhv
dWdoLg0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQo=
--------------F0CGEnD4qaZ0t3sibgCnpsH0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 11-08-2022 18:31, Tobias
Geerinckx-Rice wrote:
=C2=A0=C2=A0=C2=
=A0=C2=A0* Expiration
times and GPG-level revocation must be ignored (for
time-travel, and pulling from an old Guix), similarly to why it
must
be ignored for when no subkeys are used
=C2=A0=C2=A0=C2=A0=C2=A0 * Someone used to GPG-style subkeys gene=
rates a new subkey
to
replace old expired subkey or revokes old subkey, without
keeping in
mind that Guix doesn't take that in account.
=C2=A0=C2=A0=C2=A0=C2=A0 * An attacker uses a compromised-but-rev=
oked-or-expired
subkey to
compromise the channel.
Why does none of this apply to primary keys?
For primary keys as they are currently used in Guix, to revoke a
key (from Guix' point of view), you remove it from
.guix-authorizations, done.
For revoking subkeys, you trust GPG or whatever to take care of
things, but Guix-modified-to-allow-subkeys-too doesn't have a clue
that the subkey should be considered revoked, se bullet list
above.
That could be solved by also adding a list of revoked subkeys to
.guix-authorization, but that seems opposite to the proposed
change.
Expiration ti=
mes
might be solvable by taking the commit time of the
previous commit as 'current time' (not the commit that was
signed,
otherwise an attacker could just lie). I don't know a solution
for
GPG-level revocation of old subkeys but I haven't looked
either.
Git commit dates aren't reliable.=C2=A0 Requiring that they be
accurate going forward would be imposing yet another
'artificial'/idiosyncratic limitation.=C2=A0 I think we should be=
very hesitant to build a verification system on assumptions
stacked just so.
Yes, forbidding setting the datetime to something way off (e.g.
1970-01-01) for privacy or such is quite a limitation.
They do not have to be accurate however, as long as the
discrepancies in commit dates / actual time (*) are small compared
to the expiration times.
(*) of non-attackers -- assuming frequent commits, an attacker
cannot trick the expiration mechanism into large time difference.=C2=
=A0
That might not be good enough for branches like 'wip-foo' or
channels with infrequent commits though.
Greetings,
Maxime.
--------------F0CGEnD4qaZ0t3sibgCnpsH0--
--------------OWJnhYPKO0mshRsPcilPs8DW
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----
--------------OWJnhYPKO0mshRsPcilPs8DW--
--------------nlXmMSZjxpQx43Aco8zZRsth--
--------------SRz3u5mokG55nU3qYAeswkVb
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYvVGKAUDAAAAAAAKCRBJ4+4iGRcl7rAT
AQCFZgIgmybSVg+yB+rwJFwWR+K6e6QbfA4qjZb5c5KTZQEAl94IHKy6x2AgjHnQLpFF2G6+IFhx
jsd333nmwH1zewg=
=5kwJ
-----END PGP SIGNATURE-----
--------------SRz3u5mokG55nU3qYAeswkVb--