IETF Logo Mail Archive

Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 03 March 2022 09:40 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93E83A14A2 for <cose@ietfa.amsl.com>; Thu, 3 Mar 2022 01:40:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.59
X-Spam-Level:
X-Spam-Status: No, score=0.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URI_GOOGLE_PROXY=2.497] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=WogsAkWk; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=WogsAkWk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5nj2yH4yAwL for <cose@ietfa.amsl.com>; Thu, 3 Mar 2022 01:40:51 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20612.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::612]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E35133A1498 for <cose@ietf.org>; Thu, 3 Mar 2022 01:40:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UfMPWW3iKmLYs5abccJq010qNvJ5uGNvvJDBYMpSQD8=; b=WogsAkWkvasuvxllEsPhdvx2jsDTqlqLJ2dsWf3/oLA0uO/f4fz+CqKetuK3ZmxN+c5/x/yz+YEGEqr1GtjLEej7+LzCJX5prqQIrAjWzbvEF+ZFclkMRBYl1PiVpJ7O1k+CTdUYUsusaH6uLs6gQWnmX+2mGwwSvgmDscANISg=
Received: from AM3PR03CA0062.eurprd03.prod.outlook.com (2603:10a6:207:5::20) by PR2PR08MB4906.eurprd08.prod.outlook.com (2603:10a6:101:26::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 09:40:44 +0000
Received: from VE1EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:207:5:cafe::f) by AM3PR03CA0062.outlook.office365.com (2603:10a6:207:5::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14 via Frontend Transport; Thu, 3 Mar 2022 09:40:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT053.mail.protection.outlook.com (10.152.19.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Thu, 3 Mar 2022 09:40:43 +0000
Received: ("Tessian outbound 2877e54fe176:v113"); Thu, 03 Mar 2022 09:40:43 +0000
X-CR-MTA-TID: 64aa7808
Received: from 8c3b7d2ad589.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E2CE285C-E428-4EF0-B336-24D6F7297A64.1; Thu, 03 Mar 2022 09:40:36 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8c3b7d2ad589.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 03 Mar 2022 09:40:36 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NtlWTCbTtQh3C27JQVl1D6pIlMJ7XiKF46D/y+zxeU2h2gd6x8FbX3se4A7Bp1I0enlMHIpoYGuQwoC1xaovfHXYTVGsOuUBcIVV9UNiWzPE6qIw36D9lBAaevFpI0xytlFKRCYEy5/XEsqIVyWu/vmVHfXF62deC8ICd1V4xcO9C/JQdz2jstdIe02Bm20CiI8PzSMweqGIFl9XFHmyuuXZcvAEWFxYurKMrw6h3TG4eoVLtsUbCB/UVmIQZDS7Kva0hKWkejLW4bpyV3OL2HNpCyDnhimTJll+1VgPrr2Og/PaahSJ4upfY893N6AzU21BkA3Q0dLLtp21JRGV/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UfMPWW3iKmLYs5abccJq010qNvJ5uGNvvJDBYMpSQD8=; b=mFyJmAMjM+ZCHpajgP/wpKcpotcZ17cE337WO72tShrTKq0taWWQWLXUYf/7UeaERWEOo4L47nS3SuGwqzMy3y8ZEYTR1JBdYpwa2lEwaGDQZJS0XXHuhLljrapo+WVzTipZlzhKSz3MGEYIQzlrr7KUF/THYSUqqGoPYGBk16e5hgsMGVXe2R97aJ2kmEmcCfyXQ66EHX44OJ4nK/9rWD27mLfofkH8lerGQK9m1DIh5sN4XH1G5s+oVIismpXHLEB0bvfsMckXfMr0ZWyLz1cYB9PZbrl1Qa4drSGMkPtj5ECiotlOERRe0a29UomT+/YHfP1t2cwOF32yTrx0Ag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UfMPWW3iKmLYs5abccJq010qNvJ5uGNvvJDBYMpSQD8=; b=WogsAkWkvasuvxllEsPhdvx2jsDTqlqLJ2dsWf3/oLA0uO/f4fz+CqKetuK3ZmxN+c5/x/yz+YEGEqr1GtjLEej7+LzCJX5prqQIrAjWzbvEF+ZFclkMRBYl1PiVpJ7O1k+CTdUYUsusaH6uLs6gQWnmX+2mGwwSvgmDscANISg=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by AM6PR08MB3429.eurprd08.prod.outlook.com (2603:10a6:20b:49::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 09:40:33 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8%5]) with mapi id 15.20.5038.014; Thu, 3 Mar 2022 09:40:33 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Tobias Looker <tobias.looker=40mattr.global@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
Thread-Index: AQHYLe2WRhRO0cNsYEy31uS81Xo4sayrwO6ggACI4DCAAR5gcA==
Date: Thu, 3 Mar 2022 09:40:33 +0000
Message-ID: <DBBPR08MB5915AD36862DC964C5AB0C73FA049@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <SY4P282MB1274BCAC469DFE3B7284DFB29D039@SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM> <DBBPR08MB5915A5EE40B555A4953E7BA0FA039@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10050EBE6EAB4E80584A31B9F5039@SJ0PR00MB1005.namprd00.prod.outlook.com>
In-Reply-To: <SJ0PR00MB10050EBE6EAB4E80584A31B9F5039@SJ0PR00MB1005.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-03-02T16:30:35Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=ab235a01-05b5-46c9-a77d-4b53244cb079; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
x-ts-tracking-id: 4140A65BEF9EA540A179D314DB3F91BA.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: d9a8ae75-b0d6-467f-c1ee-08d9fcf9e303
x-ms-traffictypediagnostic: AM6PR08MB3429:EE_|VE1EUR03FT053:EE_|PR2PR08MB4906:EE_
X-Microsoft-Antispam-PRVS: <PR2PR08MB49069773BFC4F86A50437E04FA049@PR2PR08MB4906.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: guZJ/LBNLgdJipDKGxBTkG77JnoGtq3Zg7Ff2LuclIZfI2DNsTXFILuHiRzPM8aG/tXfg8vrY8lE6fac85udx5/+mpUeLaIF6LMG3iaN4R7Lv4CS8H1mUGQgb4xzPe3Sye68eVYxauNEBUP4naimWjzx2UcZnEqmYDH+TDNpdO28r7wsz0TYJQhFoGJt5TnHB6gLSBpIvyBrgpRH6qm5zkFySzV7Q/hYYAMkqEniCipTY431I6lthYdOryDLIHMJ3mNB4ym1UuSs6QsniyiGXvo0imYag7XCD5r9wlEkDfPR4+rG1WUIjWArHOm8y/kJ+W+QhAQhUX7YTXY3Q6PUcxS+WJ+kCIPrWTh9unT8GNP2lzIdnz6vdWxa4mMbXE7TH1TMM3c9Uwdih6dDkAiTtyzLg/f/Gk9FTsTRDR2IFXtOLoSM9GApHjK7kZQ7hn2qMiOiRAIdc+flRW3ScR4vDC/vyCi0+rcsM7MDJeHe+273d2tUG5WLC1ZcchH9tO2Aa+NHPNcvF8EIDyo0Z9zUNb8X6g6POtnNvFS/Z4sBtoqEBtBbLQsfM16O6dtxrWtn7SOultZf+KL2vpeEn1DKCmR4lUrHoAnWK3X1+CKUs+YtzcqzInFIFdCnPccNJjbj6Ti/iuiHM1RxmeyMmQHGWBrhLMbaoNKyaZ2GAzVjwIdXzh0z6e0+/dJ8CTtM95AI77wQCXV4MRL6Tj/eB9H8f5lfEJGdx09cGH7ZQH/otocQ31zoPKMfDUint8I0GEjgZqwezEqFD/5Zuf65vDQRL6knjSX8TcVe+UReOwDIYHb84qa1l8Qn/jPCf59/WFeh
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(33656002)(166002)(122000001)(5660300002)(71200400001)(38070700005)(53546011)(55016003)(66476007)(9686003)(8676002)(76116006)(508600001)(6506007)(7696005)(66946007)(64756008)(38100700002)(9326002)(66446008)(8936002)(45080400002)(66556008)(186003)(110136005)(26005)(316002)(2906002)(83380400001)(966005)(86362001)(52536014); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915AD36862DC964C5AB0C73FA049DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3429
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT053.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 3040546d-8d9a-4ea5-090b-08d9fcf9dceb
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 2lMlYAQMA2Zo+erroBEiVispCfwEiH6EReEqMvyeW5wWto7Z2snsklbXraUUX6+H+8S+du//YQ2D+d23682scb9fe5EkVzunYg5VxR4/wlHtImQdt1goIV+nTHVp5Krh+mLRYwThUVwC5Ui0ypfgsCdOBGM8lzd1PVO9WSCduT8pL+pm/SXZmXpJrsmS542Ol41PyFlPFbi09OF6NqU7P8uVSZ3Enie+RM6feMh+B95dX+JmS8ChTvbbczUCjJ2vvqHe4EF1Gs1EdZMi1g0rXoBIXh5Wo+ygG2AOHpXmjxD5lAaJPR2ZLhfJaZyjHcRg+GC+vBkfsQp5nG4/sX8rasJEoDByG6YkUAlCxNyTz32D6f2evyxmHC9Gz7XII/7TnUEqGJtMFCN696IHptObBxvC9l+FkskyQMAcBIZ4L4A5ID8ERbeav/gvAK5EjPc+s4DgdQRkA/w0dpU3UAoRE/OZRtDU180i/vJcDjOI8mA9MCg/FEgw1MiRis433HI4csWT5UFtcVBIc8n2fpRM+iBR06XrmYq41MGA4h6Jt7g1XNeLyxENTDN/kywBW0OQqwIu4/Iw/i7vw2plwKXNIZmhm3cJk7j+a9r5wEDb5TwSGR5YMdKlPap2tay83pwvn3izTsSHwnyp/yhyEuDtWlweoMZE8zCykIzdHQnSkKyP9psBoRQR4UWti850OjnzVtni027lKJ1GGyZqUDtXPCSL7pnrPUYhw8pRWdKJm1nIX97c+g7/I1NlT5aXB7KSxvNdtKmh88bGFshyH/Y3TM6LuVYkSQ5XqSpx1luBiFI=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(81166007)(2906002)(52536014)(9326002)(86362001)(8936002)(82310400004)(5660300002)(356005)(40460700003)(166002)(30864003)(26005)(186003)(9686003)(110136005)(336012)(6506007)(7696005)(45080400002)(508600001)(55016003)(53546011)(966005)(47076005)(70586007)(70206006)(36860700001)(8676002)(33656002)(83380400001)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2022 09:40:43.3960 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d9a8ae75-b0d6-467f-c1ee-08d9fcf9e303
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT053.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR2PR08MB4906
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/qJRMDyrlg8pnY-VK7dJ3SaeM6OY>
Subject: Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2022 09:40:56 -0000

Hi Mike,

Thanks for the quick response. Section 5.3 of the JWT RFC explains what is being done but no use case is given. Why would someone want to encrypt a claim and then put the plaintext version into the outer header.

The argument (in JWT) is given as follows:

"
   This might be used, for
   instance, in application processing rules to determine whether and
   how to process the JWT before it is decrypted.
"

>From a security point of view it is not clever to make decisions based on unprotected data when the same data is encrypted in the actual payload.

On top of that Section 5.3 of the JWT RFC furthermore does not mandate that the recipient compares the unencrypted data with the version of the encrypted data. (Only a SHOULD is given and that is even softened in the rest of the sentence.)

Ciao
Hannes


From: Mike Jones <Michael.Jones@microsoft.com>
Sent: Wednesday, March 2, 2022 6:35 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>om>; Tobias Looker <tobias.looker=40mattr.global@dmarc.ietf.org>rg>; cose@ietf.org
Subject: RE: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers


The use case is the same as that which motivated Section 5.3 of JWT "Replicating Claims as Header Parameters" https://datatracker.ietf.org/doc/html/rfc7519#section-5.3 - encrypted CWTs for which you'd like to have unencrypted instances of particular claims to determine how to process the CWT prior to decrypting it.  Note that https://datatracker.ietf.org/doc/html/rfc7519#section-10.4 explicitly registers the "iss", "sub", and "aud" claims as JWE header parameter values exactly for this purpose.



This draft defines a syntax for COSE to likewise enable the corresponding CWT claims to be passed in the clear in the COSE header, just as JWT claims can be replicated as JOSE header parameters when needed.



                                                                                  -- Mike

From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: Wednesday, March 2, 2022 12:21 AM
To: Tobias Looker <tobias.looker=40mattr.global@dmarc.ietf.org<mailto:tobias.looker=40mattr.global@dmarc.ietf.org>>; cose@ietf.org<mailto:cose@ietf.org>
Cc: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Subject: RE: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Hi Tobias,

Could you say something about the use cases or provide an example of what you want to accomplish?

Ciao
Hannes

From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> On Behalf Of Tobias Looker
Sent: Wednesday, March 2, 2022 5:32 AM
To: cose@ietf.org<mailto:cose@ietf.org>
Cc: mbj@microsoft.com<mailto:mbj@microsoft.com>
Subject: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Hi All,

This is an email to introduce the newly submitted draft titled "CBOR Web Token (CWT) Claims in COSE Headers", the current abstract is as follows.

"This document describes how to include CBOR Web Token (CWT) claims in the header parameters of any COSE structure. This functionality helps to facilitate applications that wish to make use of CBOR Web Token (CWT) claims in encrypted COSE structures and/or COSE structures featuring detached signatures, while having some of those claims be available before decryption and/or without inspecting the detached payload."

https://datatracker.ietf.org/doc/draft-looker-cose-cwt-claims-in-headers/

As covered in the introduction of this draft, a similar mechanism already exists for JWT and we see value in providing a way to do the same with CWTs.


Thanks,

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>



Tobias Looker

MATTR
CTO

+64 (0) 27 378 0461
tobias.looker@mattr.global<mailto:tobias.looker@mattr.global>

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>

[Mattr on LinkedIn]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>

[Mattr on Twitter]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>

[Mattr on Github]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email