From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id kACzID1G9WIJsAAAbAwnHQ (envelope-from ) for ; Thu, 11 Aug 2022 20:11:09 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id IMapHz1G9WJ+5wAAG6o9tA (envelope-from ) for ; Thu, 11 Aug 2022 20:11:09 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 08DAE7D1D for ; Thu, 11 Aug 2022 20:11:09 +0200 (CEST) Received: from localhost ([::1]:38560 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oMCeC-0002V5-5h for larch@yhetil.org; Thu, 11 Aug 2022 14:11:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53224) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oMCe7-0002SW-Cp for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36986) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oMCe7-0000u3-4L for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oMCe7-0005jK-0A for bug-guix@gnu.org; Thu, 11 Aug 2022 14:11:03 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#57091: Git authentication reports subkey fingerprints Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 11 Aug 2022 18:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57091 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Tobias Geerinckx-Rice Cc: ludo@gnu.org, 57091@debbugs.gnu.org X-Debbugs-Original-Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , bug-guix@gnu.org, 57091@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.166024146222019 (code B ref -1); Thu, 11 Aug 2022 18:11:02 +0000 Received: (at submit) by debbugs.gnu.org; 11 Aug 2022 18:11:02 +0000 Received: from localhost ([127.0.0.1]:54967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMCe5-0005iy-JO for submit@debbugs.gnu.org; Thu, 11 Aug 2022 14:11:02 -0400 Received: from lists.gnu.org ([209.51.188.17]:54048) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oMCe3-0005iq-Q0 for submit@debbugs.gnu.org; Thu, 11 Aug 2022 14:11:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53220) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oMCe3-0002S8-Jm for bug-guix@gnu.org; Thu, 11 Aug 2022 14:10:59 -0400 Received: from albert.telenet-ops.be ([2a02:1800:110:4::f00:1a]:40434) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oMCdz-0000tT-3S for bug-guix@gnu.org; Thu, 11 Aug 2022 14:10:59 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id 6JAp2800620ykKC06JApFg; Thu, 11 Aug 2022 20:10:51 +0200 Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be> Date: Thu, 11 Aug 2022 20:10:48 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Content-Language: en-US References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> From: Maxime Devos In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------SRz3u5mokG55nU3qYAeswkVb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1660241451; bh=z0FfxyIphdHf9x7obNvcg0n2I5ZpYfn13kSh0Tb5Gg8=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=fgvr4DuLLv+illwMYHswqVg4hhyjrpnBqGZnQQE9d5ZJ5DaGzRpCM1UcSGTXl5i8S sE0Np4UQTOh60v6l/b8xxJ8SSiDbHmyL/TgEyM1fkoRmzvmulEGzEsQKw2NND+BkTo ia4Wft933ROfDruabFf8otDayEQ2RJxMGdrq5+qG+a2lcoL6fjS3lfU6EXGlbLB3pj gu/MDnjQ2uGYF5gr6UhvoH1wSB4lS7EMNVxV74AaIqHBVbNtLD9PUWnaeLr1PFoylp RylGeOFGppmssagUq39RpzXpwT9c5MxBkuQQNTJAeT5xafFTd8seythAozKw6xsVKB kfug+ZdCQRaxQ== Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a; envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660241469; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=A+lx96+DRoe/qOGTIdMQarLjK0pD5v3NyTqxaQvmsx4=; b=ktc5Qqj50tXMUfqsR15s1Yu76lbxPYUjqb5pTNmY1YCbytvtNR2f8lo9hMOkzt4KwLiPhX C95Wl8CgOob7OgS0zRiawl1fGDVzVtN10Rbqsn/mjfqZ0q2RlErT6UWgZSlp9YqHd+k1Qp Jv13AkVX5hxnH3ciZxJ8SZQ4n2khMVXNcptw2kOpoibNg3GSdA3dsyy6+sMJx+7IwC5wVm nMjdcZMinMST9xZpuSUPzX/gCMdldnA8+7v004rQmmy/aqrRXEV36bClwxuTSUjsopvlAb vnPYBV7StN7zpDeHOe7gsfXA9sBvI+qzDV/OFE5cX1QfcKIEmfxJdioiT4YKAQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660241469; a=rsa-sha256; cv=none; b=B7TdJjDhZj+V3ZTKhkpP9r+ANBCRlhf1ISmhXr9uNov+JwJszcQN8iIbNp/Nffcdwg6Nj8 0Auu8JqmP9UJgrDWTTGtCfqvdmU+79N3CNkXIhyw7uewBwjAb5LcqZrtlXG7mJ5+3rDjMZ UCbNX3mHEFnoKBEI7f61wjGkin2gG2w9bH83vJisyJ48bH9XT/Iff29c5Sk4Uv9/lDEXf4 RrIZRrwZATupT5dEkkygGxS0+tgpT/E8/eLK6WmXqMiQM2ighpHB22o6pT0HeXX1cawBzx M31TULvU3694ZZXVUIMoOj3Vq7Tao8EnXgkrHfgKZNrPQaICYn5X+BsHkQL9Kg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fgvr4DuL; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 3.02 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fgvr4DuL; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 08DAE7D1D X-Spam-Score: 3.02 X-Migadu-Scanner: scn0.migadu.com X-TUID: H6echZO88ffm This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------SRz3u5mokG55nU3qYAeswkVb Content-Type: multipart/mixed; boundary="------------nlXmMSZjxpQx43Aco8zZRsth"; protected-headers="v1" From: Maxime Devos To: Tobias Geerinckx-Rice Cc: bug-guix@gnu.org, =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 57091@debbugs.gnu.org Message-ID: <95099292-6aeb-1ef2-ce96-0f216ac9b93f@telenet.be> Subject: Re: bug#57091: Git authentication reports subkey fingerprints References: <87iln12kjc.fsf@inria.fr> <78149f79-5620-fae9-1ba3-4ed25c2154c5@telenet.be> <878rnvxelk.fsf@gnu.org> <5330DDA4-F1AD-4F99-B6A5-5CDA2D975983@tobias.gr> In-Reply-To: --------------nlXmMSZjxpQx43Aco8zZRsth Content-Type: multipart/mixed; boundary="------------OWJnhYPKO0mshRsPcilPs8DW" --------------OWJnhYPKO0mshRsPcilPs8DW Content-Type: multipart/alternative; boundary="------------F0CGEnD4qaZ0t3sibgCnpsH0" --------------F0CGEnD4qaZ0t3sibgCnpsH0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAxMS0wOC0yMDIyIDE4OjMxLCBUb2JpYXMgR2VlcmluY2t4LVJpY2Ugd3JvdGU6DQo+ PiDCoMKgwqDCoCogRXhwaXJhdGlvbiB0aW1lcyBhbmQgR1BHLWxldmVsIHJldm9jYXRpb24g bXVzdCBiZSBpZ25vcmVkIChmb3INCj4+IHRpbWUtdHJhdmVsLCBhbmQgcHVsbGluZyBmcm9t IGFuIG9sZCBHdWl4KSwgc2ltaWxhcmx5IHRvIHdoeSBpdCBtdXN0DQo+PiBiZSBpZ25vcmVk IGZvciB3aGVuIG5vIHN1YmtleXMgYXJlIHVzZWQNCj4+IMKgwqDCoMKgICogU29tZW9uZSB1 c2VkIHRvIEdQRy1zdHlsZSBzdWJrZXlzIGdlbmVyYXRlcyBhIG5ldyBzdWJrZXkgdG8NCj4+ IHJlcGxhY2Ugb2xkIGV4cGlyZWQgc3Via2V5IG9yIHJldm9rZXMgb2xkIHN1YmtleSwgd2l0 aG91dCBrZWVwaW5nIGluDQo+PiBtaW5kIHRoYXQgR3VpeCBkb2Vzbid0IHRha2UgdGhhdCBp biBhY2NvdW50Lg0KPj4gwqDCoMKgwqAgKiBBbiBhdHRhY2tlciB1c2VzIGEgY29tcHJvbWlz ZWQtYnV0LXJldm9rZWQtb3ItZXhwaXJlZCBzdWJrZXkgdG8NCj4+IGNvbXByb21pc2UgdGhl IGNoYW5uZWwuDQo+DQo+IFdoeSBkb2VzIG5vbmUgb2YgdGhpcyBhcHBseSB0byBwcmltYXJ5 IGtleXM/IA0KDQpGb3IgcHJpbWFyeSBrZXlzIGFzIHRoZXkgYXJlIGN1cnJlbnRseSB1c2Vk IGluIEd1aXgsIHRvIHJldm9rZSBhIGtleSANCihmcm9tIEd1aXgnIHBvaW50IG9mIHZpZXcp LCB5b3UgcmVtb3ZlIGl0IGZyb20gLmd1aXgtYXV0aG9yaXphdGlvbnMsIGRvbmUuDQoNCkZv ciByZXZva2luZyBzdWJrZXlzLCB5b3UgdHJ1c3QgR1BHIG9yIHdoYXRldmVyIHRvIHRha2Ug Y2FyZSBvZiB0aGluZ3MsIA0KYnV0IEd1aXgtbW9kaWZpZWQtdG8tYWxsb3ctc3Via2V5cy10 b28gZG9lc24ndCBoYXZlIGEgY2x1ZSB0aGF0IHRoZSANCnN1YmtleSBzaG91bGQgYmUgY29u c2lkZXJlZCByZXZva2VkLCBzZSBidWxsZXQgbGlzdCBhYm92ZS4NCg0KVGhhdCBjb3VsZCBi ZSBzb2x2ZWQgYnkgYWxzbyBhZGRpbmcgYSBsaXN0IG9mIHJldm9rZWQgc3Via2V5cyB0byAN Ci5ndWl4LWF1dGhvcml6YXRpb24sIGJ1dCB0aGF0IHNlZW1zIG9wcG9zaXRlIHRvIHRoZSBw cm9wb3NlZCBjaGFuZ2UuDQoNCj4+IEV4cGlyYXRpb24gdGltZXMgbWlnaHQgYmUgc29sdmFi bGUgYnkgdGFraW5nIHRoZSBjb21taXQgdGltZSBvZiB0aGUNCj4+IHByZXZpb3VzIGNvbW1p dCBhcyAnY3VycmVudCB0aW1lJyAobm90IHRoZSBjb21taXQgdGhhdCB3YXMgc2lnbmVkLA0K Pj4gb3RoZXJ3aXNlIGFuIGF0dGFja2VyIGNvdWxkIGp1c3QgbGllKS4gSSBkb24ndCBrbm93 IGEgc29sdXRpb24gZm9yDQo+PiBHUEctbGV2ZWwgcmV2b2NhdGlvbiBvZiBvbGQgc3Via2V5 cyBidXQgSSBoYXZlbid0IGxvb2tlZCBlaXRoZXIuDQo+DQo+IEdpdCBjb21taXQgZGF0ZXMg YXJlbid0IHJlbGlhYmxlLsKgIFJlcXVpcmluZyB0aGF0IHRoZXkgYmUgYWNjdXJhdGUgDQo+ IGdvaW5nIGZvcndhcmQgd291bGQgYmUgaW1wb3NpbmcgeWV0IGFub3RoZXIgJ2FydGlmaWNp YWwnL2lkaW9zeW5jcmF0aWMgDQo+IGxpbWl0YXRpb24uwqAgSSB0aGluayB3ZSBzaG91bGQg YmUgdmVyeSBoZXNpdGFudCB0byBidWlsZCBhIA0KPiB2ZXJpZmljYXRpb24gc3lzdGVtIG9u IGFzc3VtcHRpb25zIHN0YWNrZWQganVzdCBzby4NClllcywgZm9yYmlkZGluZyBzZXR0aW5n IHRoZSBkYXRldGltZSB0byBzb21ldGhpbmcgd2F5IG9mZiAoZS5nLiANCjE5NzAtMDEtMDEp IGZvciBwcml2YWN5IG9yIHN1Y2ggaXMgcXVpdGUgYSBsaW1pdGF0aW9uLg0KDQpUaGV5IGRv IG5vdCBoYXZlIHRvIGJlIGFjY3VyYXRlIGhvd2V2ZXIsIGFzIGxvbmcgYXMgdGhlIGRpc2Ny ZXBhbmNpZXMgaW4gDQpjb21taXQgZGF0ZXMgLyBhY3R1YWwgdGltZSAoKikgYXJlIHNtYWxs IGNvbXBhcmVkIHRvIHRoZSBleHBpcmF0aW9uIHRpbWVzLg0KDQooKikgb2Ygbm9uLWF0dGFj a2VycyAtLSBhc3N1bWluZyBmcmVxdWVudCBjb21taXRzLCBhbiBhdHRhY2tlciBjYW5ub3Qg DQp0cmljayB0aGUgZXhwaXJhdGlvbiBtZWNoYW5pc20gaW50byBsYXJnZSB0aW1lIGRpZmZl cmVuY2UuIFRoYXQgbWlnaHQgDQpub3QgYmUgZ29vZCBlbm91Z2ggZm9yIGJyYW5jaGVzIGxp a2UgJ3dpcC1mb28nIG9yIGNoYW5uZWxzIHdpdGggDQppbmZyZXF1ZW50IGNvbW1pdHMgdGhv dWdoLg0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQo= --------------F0CGEnD4qaZ0t3sibgCnpsH0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 11-08-2022 18:31, Tobias Geerinckx-Rice wrote:
=C2=A0=C2=A0=C2= =A0=C2=A0* Expiration times and GPG-level revocation must be ignored (for
time-travel, and pulling from an old Guix), similarly to why it must
be ignored for when no subkeys are used
=C2=A0=C2=A0=C2=A0=C2=A0 * Someone used to GPG-style subkeys gene= rates a new subkey to
replace old expired subkey or revokes old subkey, without keeping in
mind that Guix doesn't take that in account.
=C2=A0=C2=A0=C2=A0=C2=A0 * An attacker uses a compromised-but-rev= oked-or-expired subkey to
compromise the channel.

Why does none of this apply to primary keys?

For primary keys as they are currently used in Guix, to revoke a key (from Guix' point of view), you remove it from .guix-authorizations, done.

For revoking subkeys, you trust GPG or whatever to take care of things, but Guix-modified-to-allow-subkeys-too doesn't have a clue that the subkey should be considered revoked, se bullet list above.

That could be solved by also adding a list of revoked subkeys to .guix-authorization, but that seems opposite to the proposed change.

Expiration ti= mes might be solvable by taking the commit time of the
previous commit as 'current time' (not the commit that was signed,
otherwise an attacker could just lie). I don't know a solution for
GPG-level revocation of old subkeys but I haven't looked either.

Git commit dates aren't reliable.=C2=A0 Requiring that they be accurate going forward would be imposing yet another 'artificial'/idiosyncratic limitation.=C2=A0 I think we should be= very hesitant to build a verification system on assumptions stacked just so.
Yes, forbidding setting the datetime to something way off (e.g. 1970-01-01) for privacy or such is quite a limitation.

They do not have to be accurate however, as long as the discrepancies in commit dates / actual time (*) are small compared to the expiration times.

(*) of non-attackers -- assuming frequent commits, an attacker cannot trick the expiration mechanism into large time difference.=C2= =A0 That might not be good enough for branches like 'wip-foo' or channels with infrequent commits though.

Greetings,
Maxime.
--------------F0CGEnD4qaZ0t3sibgCnpsH0-- --------------OWJnhYPKO0mshRsPcilPs8DW Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------OWJnhYPKO0mshRsPcilPs8DW-- --------------nlXmMSZjxpQx43Aco8zZRsth-- --------------SRz3u5mokG55nU3qYAeswkVb Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYvVGKAUDAAAAAAAKCRBJ4+4iGRcl7rAT AQCFZgIgmybSVg+yB+rwJFwWR+K6e6QbfA4qjZb5c5KTZQEAl94IHKy6x2AgjHnQLpFF2G6+IFhx jsd333nmwH1zewg= =5kwJ -----END PGP SIGNATURE----- --------------SRz3u5mokG55nU3qYAeswkVb--