IETF Logo Mail Archive

Re: [CFRG] Kyber 'interactive key agreement'?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 04 August 2022 22:00 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19642C15A721 for <cfrg@ietfa.amsl.com>; Thu, 4 Aug 2022 15:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoBAaes0ny_J for <cfrg@ietfa.amsl.com>; Thu, 4 Aug 2022 15:00:11 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7BEAC14F721 for <cfrg@irtf.org>; Thu, 4 Aug 2022 15:00:10 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 274GmhlK017111; Thu, 4 Aug 2022 16:59:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=iIeGByW3lhf2HpVbrxo8UsLPrpMfai70bgdiXJqp6OM=; b=X0Y+UhnMzoF5zUJzlWsJams70s2YT7/bUtmQtPxxqNUeAgVhNlvFzrLv99+7sLq0liAl QAym5VmUGfcTVCs5mhOQyEVxeZnKc0OBuqogMQpHz6a6HetVkg6g4aej3FUoFtD0AyzJ FXstmM0ZPsPgSPqhMGRkdU81iTKwVgKcYyWAnKO6amDUpUCmLm5jBASvpLaQQPPcOFP2 BaQwlZiXiDK7YDSUDNUJzmw8JL7hon0YazU6/7Mm/1mPomc+J2h4Xk2oFuMiRm0gjulZ nQEemxDxFat+r0XLRl8tHbymXLruHrhPjnTi7LyKtDchVptUQX1WPAFefzBzz9NSSvNQ yg==
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2042.outbound.protection.outlook.com [104.47.56.42]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3hmymrrpa9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Aug 2022 16:59:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VT7QdtAj8PaKcZNn9FFOmeO5QkGZAXByTdzENb4T+8/FTSTjCE4NODQhwwH9x2ZS0YXgj9ndzjqQVHoJNhVPSVKQj05Wx3CnteXvevyc2QMyUhp44PIUNL93Y6vmdpJMI3gRxwx8BtXGjZDL34bZjkdHoU2canZhXTaGHVib5TUBwgvLWeL4rqywmy/+h/Yw57e+oKzzfwC+Alc7LSLPUovb8IzAUfg4lIhBgfV3A0O83CHMb7pKhQpwF+qRAcQscMsHHMKkQOXNUrQhSRNiAylE/q0sNltESzseCsoefJlmS9eS4R1u9LTmZohIJ3bAIPYA9vt5n906JBShX/dlBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iIeGByW3lhf2HpVbrxo8UsLPrpMfai70bgdiXJqp6OM=; b=P7BR8cVXEULfPinx4qpxUnOOWAlgXei24vKGFqBDuePsHSbUh5OwEU7+tPutTzn0RnZaohUoJ6l2X/BoXiex96op2NxD/dQAHgIna+aFVfePtnY7S67X+Q5n/zI3ZQwPwyn+XNXrnphmu7Aa9H2va3pAszc1yqiUvdx4m//MHbCDx/g3qOoFyzrA1l8llr9aCDM0n+JY2txKYQRiH90DrL5KA6MbgZu4Za0gJ0YhlJTzu/B9ONKop7ZmrrLSEeJwNiUIo3JKVdu4h9PI274bHEh2lWiK7eRBPzNxGb0BnTSSjqPm/L5f+jL64CxBwzfLiV8D5ippjXcao+dbuu1iNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH7PR11MB6498.namprd11.prod.outlook.com (2603:10b6:510:1f1::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.26; Thu, 4 Aug 2022 21:59:52 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::ed02:6e67:98f7:f33d]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::ed02:6e67:98f7:f33d%8]) with mapi id 15.20.5504.014; Thu, 4 Aug 2022 21:59:51 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Phillip Hallam-Baker <phill@hallambaker.com>, Jeff Burdges <burdges@gnunet.org>
CC: IRTF CFRG <cfrg@irtf.org>, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
Thread-Topic: [CFRG] Kyber 'interactive key agreement'?
Thread-Index: AQHYqEwNQzWR/k92EkiaUskRmP1YrK2fSDyQ
Date: Thu, 04 Aug 2022 21:59:51 +0000
Message-ID: <CH0PR11MB57390B55AF072C1706ED04749F9F9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CAMm+LwiGXMUwTiM=7OSTj47F=qxsaXqOqXEvcGedKo1cKAXadA@mail.gmail.com> <5CD18980-6C52-4CCA-8EF0-F7C45D1CB0F1@getmailspring.com> <CAMm+LwjfWGWR2StRtQGbahcyq+L+CGHdmsu7ZVHO8PyCnepDFg@mail.gmail.com> <950A7700-0514-416A-A0BC-43C9CB85628B@ll.mit.edu>
In-Reply-To: <950A7700-0514-416A-A0BC-43C9CB85628B@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d6c90f86-cca0-404a-49d7-08da7664a7e2
x-ms-traffictypediagnostic: PH7PR11MB6498:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5HS0UE2FxaHenrmfKun+7lqlaG+9O0THM10xXGPcKMSMKqJJ7NkZ0870QWlK9Vq0YuZNsGESDLSTgMIxt5TW+i7mDgxARfT3fmpmR9EuDogfb+7J3mS60L6IHVYel+9H/wtGwstkECqmowhsc0Ibma/bay9aNwMrHyR/m747K6D1zmuZ0xlt4ogtDjJQxn1u6KrIzBQo0IN3h2i03ea1Hlm6+xDOpmBbY6hnYPeNQ6kmN58sOKIcpOiueXb7X5L1TSiSSaT+xSCSQqULmN2aA56Yxx+N3+jNmkzJ556GphhstYgJLCGmWcoKk3Yj/K5WEu50BGxY4Sc3FOqhVttvOlQUpycez1unfGvO1fiDAa8R5kJZvkapbOO1P5Jr22r8djd7r+NiCAsZCvfUMXd8bcXK5yaEt9MRC5gN5KcsAitX+W8k9cCmcwvqLADLUUrtVQm7vB1M9MCWIc9flLsMHdAViFeaqq8lTiYsCvJdfGXNTM68xATGTDU/sH7pWhh4mJPLe7YJClDsDDX51PKsg9gEshCofxLahcVAMm2jYSgY3M3I0yJws0z2q+ITMIjGXueCBVnWZHmCpj+BKuHMLqucClsPLV5BnO49jp6lbb8ck5qEcbgjIadLAmdqMKgKAYT5JLsu7noGVQVlOfSlZg6sh8RBI0Y4lZVz63aZIJPiIpfJKraObEHEdjnxDzlRLhDsjOUz0tL19Qz4jclsMsbMhuLTqOKcCJNZZ8GBhqWlhsWk87BNhgIhvKBTMxEnFh+/nxTArljacLZ7wzZttnherEVFVo1G4N7p1MMrkhCjsABCJXSXnBhF2fMUmayX3ItCUJ59Fjy4dIyVpmiawg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(346002)(376002)(396003)(366004)(39860400002)(136003)(86362001)(4326008)(83380400001)(5660300002)(66946007)(2906002)(66446008)(76116006)(52536014)(64756008)(316002)(66556008)(66476007)(8936002)(8676002)(54906003)(966005)(478600001)(122000001)(53546011)(6506007)(55016003)(110136005)(26005)(7696005)(9686003)(41300700001)(33656002)(38100700002)(186003)(38070700005)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lVdXQBxUD7K52LSQwFSHkZTv05enhoVMcEMsyKlhShiVYZusRI8nzqfUfdfyC10YjvnU2zJK+IQ3rUn+Q2GXIBPi/c6EoyO4kDcS3z/ztKn87BIOzk8PX5Sb6JN0cMkyySMSOhVyv70SFq7kdL5hdyW4o74N0DiVrcXVEYLM+yoHT9Y5nYo91Bg9HJlYSR/9VVMGvq72qlYkTI7N+lU6vc8W5D1fBY9PqrjQHmamg2vHNUvAqz2vTd1IkhPk1C+2JBTFvM6k7MKPOkm2Fl1DoJGL/QUuQP92+pTnvnBjcPxK3iY3dnMsB/Zio/onW4kUZOopK7WSY9N36yOo9IBS1q4uZ1KVnYn1WYMmUt8GfPegAmV7PBfD7anldvsd8oUjX/wNhwL7tGY3EicsLL2Mv+Fe7Cr9S61zrauZYQWd7F2MifgfJIMIjTTUVx4tih+YvUPpl2tQuy5oKq1hfgmWtq/RVirzBZx8fkwFCSyqX0xZKjs5nihLquBuSQRrkpPHL9aVH1NaCuUps8IbVYiepL4mrhn2vBOYwteCL3Lh4NhQUK1SavToOZ71C50F3rpPlOUJUo/i1a27pXGh+8ikCnUCbh/IWbIwgqB8HVSUPjre755bC84Hjr/7boLgRxGOEgtpUIfvy0ji7rIZLcjDPpmAndGke8+yOzncEp1a+Ig+wWIMaY56UV02Y8sVvxYFur1/xDlNNDQGdBCBffbjkfn8j3gcHZfV1ke/z6RNQm+fw55/NwMRCNB4dzrO+aRX01J3JU3AIuGCoCELoYDxf0xb4MQRDByfIRewsb8mstq6ryJjh1ZgMFtCx++GthkqdXCDaUqb1Bob8N276ET7A9nEb7Gux6cuMfUeceE/olkwgCR8iFzFkZbuf6PoPlqT77Q66OF0e+90pPCQ3WHx6GUlkJ/3zq5CRG2aGiHBGlbEn8OEtP7KqPY3yPn+Xv9afZ7dP6OIFEjhhQneoJkpTbCkz9mUe6q/sbucVOkiTUisalIMyCCol65egHIdUAqzrQI8fUSpCyp7WavDmxQ72dG1HJu79pkgACHUd4KAsy63piJ5R2KX53NNar3w+fVJolRwrrOYjMHdiDQ8Gwt+8duXNtEULChcHprqxf9RqFc2yFVy417Eb9jWJ96wbTu6jdLBf6Yxz90peUpYW7Goyz9fO79tqbNDF2YoNa929wRx5QaPQUUcdIj9cHLUqZdszO9ahrVe3K9oBTYPF9wc7Qw+U3j4KSnpwBoY/32X+KrZ1C+YQpbH4pzi4RhNqUryUPP4IPMJ48BQtEIU3kd4u4WSi+l/KvRbsidGXG1qZs/ryIFap7QUvXR6ChfFlW4MJknoGKDM09yxYF4N36TtMGv3QEWJ8fLnBEx8uftvJrSVaseqcY7uAzGXv7+axrQQPIpyoCZt5aG/t8WbV7EO5hQPI70Fx+omDJpOrCOB/yaT5y5BYSVvesVFsJWk7T3nPWCUCjMale/zih8AUv1UyVtg9hzPsSOQR0j+wrTP+1gI8ss8yosqxSAGmtgj29CtS4i75qYt58jYsVe9W3+LVlMQan39z/6/ysXtqGX7tMmiFKeyqAGK5NBlICD2R/Xq8iYdfjb/BfN/3qGO4Vbm6w==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6c90f86-cca0-404a-49d7-08da7664a7e2
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2022 21:59:51.1622 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jh6FSVasMesolOpwnuEQ6LzuRbKFQum4/hyxXkq6MoSGsvtK1U4hLKfH2j9vq39VzXdXQ6gLBOO4GXGJaisn0z//WL1PdPWjqZvEsW7qwwA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6498
X-Proofpoint-GUID: LjqjWik2CXZfsoCIAnnFgxiK8-IoYQqa
X-Proofpoint-ORIG-GUID: LjqjWik2CXZfsoCIAnnFgxiK8-IoYQqa
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-04_04,2022-08-04_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 phishscore=0 suspectscore=0 adultscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2208040092
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ojj9hnJ3HfRx6501I28EKwKuRKI>
Subject: Re: [CFRG] Kyber 'interactive key agreement'?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 22:00:15 -0000

Uri said:
> In fact, the KEM (crypto_kem_enc(), to be specific) tells the caller what the shared secret will be. This reduces the need for the “post-processing” of the shared secret with KDF to actually generate symmetric keys for the subsequent traffic protection

This is actually a point of contention. I know that the NIST round 3 KEM candidates all finish with a round of SHAKE, and so have this property, but I have not seen any global definition of KEM that requires this property. For example, RFC 5990 which takes RSA-KEM and turns it into a Key Transport specifically does that “post-processing” (RFC 5990 p. 13):

   3. Derive a key-encrypting key KEK of length kekLen bytes from the
      (shared secret) byte string Z using the underlying key derivation function:

         KEK = KDF (Z, kekLen)



So, unless I'm missing something, if you're designing a crypto protocol where choice of algs is left to runtime config, then I think you still need to run the shared secret through a KDF to be sure. (I would love to be wrong about this ...)

---
Mike Ounsworth

From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: August 4, 2022 4:49 PM
To: Phillip Hallam-Baker <phill@hallambaker.com>; Jeff Burdges <burdges@gnunet.org>
Cc: IRTF CFRG <cfrg@irtf.org>; Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
Subject: [EXTERNAL] Re: [CFRG] Kyber 'interactive key agreement'?

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________________
I’m not sure I fully understand this discussion, but let me jump in. ;-)

IMHO, for the “protocol engineers” there’s nothing to understand about the NIST PQC algorithms, except that

a. These algorithms are all Key Encapsulation Mechanisms, and not Key Agreement mechanisms like, e.g., (EC)DH(E). In that sense, logically they are quite similar to the old now-deprecated RSA key encapsulation, where the client would generate a random symmetric key, encrypt it with the server’s RSA public key, and send this “encapsulated” symmetric key to the server. Thus, you cannot use them directly as a replacement for DH, period. You can create a Key Agreement protocol that uses NIST PQC KEMs as building blocks.
b. Luckily, PQC algorithms do some processing – NIST API does not even allow the caller to pass in the symmetric key to wrap/encapsulate. In fact, the KEM (crypto_kem_enc(), to be specific) tells the caller what the shared secret will be. This reduces the need for the “post-processing” of the shared secret with KDF to actually generate symmetric keys for the subsequent traffic protection, though all the protocols I’m aware of, including mine, do apply KDF to the KEM output.

You wrote that one can use Kyber as a drop-in replacement for ECDH. IMHO, it’s not quite correct, because in DH both sides contribute to the algorithm output, and here the control is on the “wrapper” side…
--
V/R,
Uri

There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


From: CFRG <mailto:cfrg-bounces@irtf.org> on behalf of Phillip Hallam-Baker <mailto:phill@hallambaker.com>
Date: Thursday, August 4, 2022 at 16:18
To: Jeff Burdges <mailto:burdges@gnunet.org>
Cc: CFRG <mailto:cfrg@irtf.org>, Bas Westerbaan <mailto:bas=40cloudflare.com@dmarc.ietf.org>
Subject: Re: [CFRG] Kyber 'interactive key agreement'?



On Thu, Aug 4, 2022 at 2:47 PM Jeff Burdges <mailto:burdges@gnunet.org> wrote:


On Aug 4 2022, at 6:38 pm, Phillip Hallam-Baker <mailto:phill@hallambaker.com> wrote:
> Having discussed this in other forums, it appears to me that the
> fundamental problem here is that we need more than a ten minute
> introduction to PQC algorithms before the protocol development
> community can fully get to grips with what is going on.

Yes.

You'll want to understand the Fujisaki-Okamoto Transform (FO)
https://blog.cryptographyengineering.com/2018/07/

In essence, Alice's key would be vulnerable if she completed a key
exchange with a maliciously constructed public key, so instead Bob
reveals his secret key in an encrypted payload inside the first protocol
move.  Alice simply aborts if she cannot recompute the public key Bob provided.

NIST appear to have chosen the parameters for this competition with extreme subtlety. People who are finding problems here appear to be looking inside the black boxes NIST drew. They drew those boxes for a reason


The description of the parameters seems to be misleading some:

int crypto_kem_enc(unsigned char *ct,
                   unsigned char *ss,
                   const unsigned char *pk)

int crypto_kem_dec(unsigned char *ss,
                   const unsigned char *ct,
                   const unsigned char *sk)

Where:

sk is a sequence of bytes describing a private key
pk is a sequence of bytes describing a private key
ss is a sequence of bytes being the shared secret
ct is a sequence of bytes being the ciphertext

But in DH terms, ct is not a ciphertext, it is a key agreement blob and ss is the key agreement output.

If we write the signatures as:

Wrap (byte[] public, out byte[] recipientData, out byte[] sharedSecret)
UnWrap (byte[] private, byte[] recipientData, out byte[] sharedSecret)

We can see that Alice can't mistakenly reveal data by encrypting to Mallet's maliciously formed public key because Alice does not use her private key in the Wrap operation.

I know I can drop Kyber into my key exchange schemes for the Mesh because I can write the exact same signatures for ECDH.


RSA has serious issues as a result of the algorithm providing plaintext recovery and the fact that the security provided is not constant across all the bits.

As you say, for Noise, this is a drop in replacement. ss, is never used for any purpose other than to feed a KDF.

I am neither surprised nor particularly concerned about Signal's Axolotl ratchet. The notion that we should make use of all the available shared entropy when rekeying is a good principle. The Signal approach to this seems to be overly inflexible.


Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email