IETF Logo Mail Archive

Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 30 June 2021 12:15 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3473A1A75 for <masque@ietfa.amsl.com>; Wed, 30 Jun 2021 05:15:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YgMa_Lro70CZ for <masque@ietfa.amsl.com>; Wed, 30 Jun 2021 05:15:16 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60041.outbound.protection.outlook.com [40.107.6.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B75AE3A1A73 for <masque@ietf.org>; Wed, 30 Jun 2021 05:15:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NSSC0w7OxQzECpVzZQAb5vPJrBK+N2XqODWv5eogvexNJWGmIDdrXMGpHS3t46DTNMXhh9MA8Bxas4ZgMl03nNlP3KbzIK6vtMFvpmzyrCrG4vqicFZ+qQHkWRVU65+GCOs+gk9GcBOzHCvBkf8ifjID+Kvbv4UwmyutcNDrAkjYNlNQ4hwD0Gu4LosQ2QhblXFrOR03BTrYRT7chriYNo0xRGUHlGj4nELX/uTv6IQ+Et0yvyy4YB29BjkA5MoZ+SxxHvpDKvXOCUPBs/KV+SztztwxGvbOgFSLZayO9e/7bXgxYibTLjNLkWIGPZsL6CmBowVzu4dAsNjKx06lYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZfDs47RdAysC0c28ogf79049MfN2447jfCKaLxzg14=; b=Z6TJOXPqgYtbjV430k/uhE2DuBYHTD8knfd7tlD43jA5M+ljRTtmlT9CLjBRbhE8zzC6ZSeQCN17baFTaCQ4rxFR/FqaTfHfCTSqJoCPJnMr/Z55Ix0rUKo5/SNPVpX7+Svx/NG7XR3nxHJ/Sr+yxARmDVZcr6if/0CgMrNM7Md+Am3Liixtpku1byIzYEJT6WSk+5CiaJPKs/jNSZ55cc+kV8zSsYRhYU2W1jdMks3MdYpWphKYHZgYCLtze47GRtEr9DTGckcUD7wmWfX06emM7N0GR/TXj46LdKUxFv2caH7req6ypYc+aCy66gdNaq2YGMc7BbtVgNEXEfp0ng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZfDs47RdAysC0c28ogf79049MfN2447jfCKaLxzg14=; b=FJGEg4it/lemL8IHv5gIQbo47C9BpazkNTGFjyBKI6AEbaaY9FvcwSe5OTRs/wvxpEyPFiuxhd259XIMZD6N0/lunhiG5f7gtxt9lJJDCNDoTi1mAuuoUxKBd3B2fVTFWFSLpxsiHnyv4c0MFLunFCCY4Df4DmRXg65IwtrLy2M=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR07MB3228.eurprd07.prod.outlook.com (2603:10a6:7:37::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.12; Wed, 30 Jun 2021 12:15:12 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::5c2c:3dc8:8947:e043%3]) with mapi id 15.20.4287.022; Wed, 30 Jun 2021 12:15:12 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "achernya@google.com" <achernya@google.com>
CC: "masque@ietf.org" <masque@ietf.org>, "martin.h.duke@gmail.com" <martin.h.duke@gmail.com>, "caw@heapingbits.net" <caw@heapingbits.net>, "dschinazi.ietf@gmail.com" <dschinazi.ietf@gmail.com>
Thread-Topic: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
Thread-Index: AQHXUjxBf3ikf/VJnEKptAWJfzyNZKr9pm+QgALDNwCAAOyaAIACrmiAgAAGCgCABDtegIAAQG6AgAB6woCAAAPNgIAABHOAgAADggCAAMMrAIACuCGAgB1BsICAAAkQgIABJBQAgACHsICAAS/SAA==
Date: Wed, 30 Jun 2021 12:15:11 +0000
Message-ID: <b25f08627d0a927dea99efc1402ff8d1c5acb7d7.camel@ericsson.com>
References: <d314198b-6c01-4b15-84d8-9896b5fdee80@www.fastmail.com> <HE1PR0702MB3772355483E2771650C6D679953F9@HE1PR0702MB3772.eurprd07.prod.outlook.com> <746F7E16-37BD-49EF-896A-649D394CCB05@ericsson.com> <CAPDSy+6PjZk0Kea6154V3=GF-8bs+0Mr+FtFfi-girGh3uAVrQ@mail.gmail.com> <3deea8212d66731de5c81abae353f3e9322f2d57.camel@ericsson.com> <CAPDSy+68DoVrRiC7uEn1-Ze_5LDn9mt7-f+ZeovTTYAUh=w2Og@mail.gmail.com> <21d8fc788051b570768e53d6d9355ed51b423c0a.camel@ericsson.com> <CAKKJt-d-FzXVdJpUTacb4m7ESyB6nzkk1BQSf8rHtReOvD=5Jw@mail.gmail.com> <CAM4esxSE=misCJX=73h-kF+RQdQLC2WBhwv3nv5QgR8HK17diw@mail.gmail.com> <CAM4esxQatk4-ENdz+2jCbpRtr8hT0nLWbVLbb64RMJwvBf2qDA@mail.gmail.com> <CAHbWFkQ6YAhqgbbsAPC-i2Rv-_LRZ4R3NKTk4of200GUt38A_g@mail.gmail.com> <91475be5-dee4-435e-a65b-1cde43ffff0e@www.fastmail.com> <74934214da56424b57d7985f49e58b20482d6310.camel@ericsson.com> <CAPDSy+6JU9trGDDPpNa+2Xirq=q0FtpOaE9Sy0gUmdXs=N36bA@mail.gmail.com> <9287d53cbca722b586b4a7684f07bbf89717fa3f.camel@ericsson.com> <CAPDSy+4DMD65w5Cigqc8W09NjjmXq0krtGasSEVuz+kyJwzGGQ@mail.gmail.com> <757d0b2b5828a7855f6bbdfcd8aa3ac7a6125334.camel@ericsson.com> <CAHbWFkQp6KSeOitaXK-4=HCRqG24r3ayt00_oQ0D=XcwMQ6Wbg@mail.gmail.com>
In-Reply-To: <CAHbWFkQp6KSeOitaXK-4=HCRqG24r3ayt00_oQ0D=XcwMQ6Wbg@mail.gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cc36fce9-f1f4-45d2-d1e7-08d93bc0b5d5
x-ms-traffictypediagnostic: HE1PR07MB3228:
x-microsoft-antispam-prvs: <HE1PR07MB3228E0A9A797603B3A77840495019@HE1PR07MB3228.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bGFZKgtuiODx88MoLTW+LuiFsKQxYX4tFNzmVahY/MlD5v5QA8NAw7Wuzp0Nvny7he0J1iAMfqr8+F/4evueY6AokuIjmvzU/O7YM4HhUi74v0vKX/3PcuXAvejT2RsV1y4FeO+gaDm2nJzE7SiU5jTmeHOIsKNB8yD/XIsKdjeC9MUuj71vH/IQhRDDCoRUjrADs8B+ILEHe0LtfJZ1CBqmy9gJlDNtK6myc9VQzhvIMxMwPRy3/VhQGK91BnEIesR+BgrvdScuMpmwt60v78m36zJCFZefe7Yn7beGge6Fiyk0GCXZdgWYj7O03/qCK6JBHdYzU+4CHWe6n0/hCa6ev/a1/8j5nf5Hidq3ewGixITHCzwYhdgVrW+ZC7lbCKmgVbir97MJ7JsrZq75+e5M4ZTzCmyahDvQVVuHzxHFkICxFBgXlgVnF1dR4omjhe8t2mQ5WZvsyonnEm/LtZTi6ZMX0iRyRyDYRMW+OvggsIvh04i5dtk3qjWjy5Q+m2PnzrmLYl3Rm/0s5BmXxaeJU1U0Nmjux3QffcYMnsOoxkENGiWdgZW2GCTwR4yj32KlNDbi4Ig3Z5EmTdVcrILq+fAEPVCAm3a1fggS5NdLmVBQnBI6Uqnm8pyI5qA7sR89LT533t3YQG3uJhYpul0pwB89bafMmK8xPwvmB0qQhIkaY/WJ79gQ2tvKQd34VfTda//0KPIpdtyn+1+IWQT4J70WDdw/fwOxQfAjlkI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(346002)(366004)(376002)(36756003)(2906002)(5660300002)(122000001)(71200400001)(38100700002)(54906003)(316002)(478600001)(99936003)(83380400001)(26005)(6916009)(6486002)(186003)(86362001)(66446008)(64756008)(8676002)(66556008)(66476007)(66616009)(76116006)(66946007)(8936002)(4326008)(6512007)(44832011)(2616005)(53546011)(6506007)(99106002)(554374003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: krCDMV46dW5vChkrIjmlNpxZFvLqoaf5TMZlnKe1XS/BWWvQtpZz4lR3pad4aCxhGYXUw03CDa59sbYT52o3XP7rFeKFA9MdqQDlgWpwCZEfqW9m2zMnjiXflq2gTYCIea7ErPnIghX/s7b7h9FPOj7fMIXbsukNVGAYRWqxoR9roTHxNohHh4y/fl3PfdpowHjB1HJZbPbE/ARsTk33q6aYa6HV5ECOF8XAdMgAuAZoGU/wvLW67tJF4Ets8PRE8NU3vOIQQxqXY/NrHE6zrihX56BTiEL3wn4jqgAIY9uEPGqU5DU2tK/2yj+a0LRZ+hNSGpoVdHdfTy792wOR0XdHFQVCTKPytUQxZriXv4TCgHAQMMHE7PVPKgwb00qVjWoRgg43vXM2N1G26HjFMyjG1nEErxAKLajAWua5CBWKyd5fWzAAVgh//+CJdGlXyU6rdgRIUw7GlyNQgpUYrOiznw8LTnAiB2mM9JXvy5UzGaOcBA6RnBM4V0VXbpshBL6ImJ1tfaMjKYKW2oW4WCIq5Yya7vd0w2PFvKHveTCrXP5e2P1SHwTm4jjovCmfrWmXaXoxRXX5Wjk4SqQJy6GLnVh2FKqSY/cZWAvZu411DTue2T+vEutTPBoXKwuR2H8OHd4DPkK+fB1kZYTZXCj7QYcbK5z7Z7ozCj5uDGXpl0KwOPGb/PdZ9GlaBtJViTZ+jPPicOw5iRmffsHoL669yxOjwUaRiyMFztwfAsUxr0ZGnU+sxWAOq+Uk1bs7+z4nrTROiFz/qZs08RdyQmXLwylG4tPtFBeUGeP+LL/lmTUG/mIH4+jlnbqyPibz5RCFigFbTtrbNDogGBwHE88Y8UofZRQnjCy0+hvBuAaBitFEUQoYdcPejI1Yq7AdZWrGGcXJaIVX0HTehCUTvFr4mpvkGt5i2f3CC1XPxDzuNEzi6w9s5+yUyl9Mn7dIygyltjFU+FqHryOTo5upgI4Deyhch76POfo8zkucyAVhmL6eDipbK+3IOlN14ZYPQ8pwQNPrv1aRPWwxIRmyTl+Q3f344Z5EhmWmEw6gKVClM4BHS9EU8pbIccnGOJ8/hRo4WLoe2dJByGvlTj6vgZ9y5o26JTh+Eyt9wRsfxcDmdCAWI7skXhsXlxSusP82Stfsk9mohQgVLc4sufFS/CIBw+22/emBx/RREDRgWZE2yxDXot5q6i1Wca4Wa25fIZ6TC90QnAIVHzKbfDiRMZJsyPJNApm3Kp7llrreKHBEd73u8GN/H0HGCzPSZMOemmNxM/DwXbh1AMFcVt0y46gASHzIneLqpX2KsL9wfzK2Ug2dtYhUJZ2KH91yjJ7d
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-N3uejNksTopGmjn/YTcy"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc36fce9-f1f4-45d2-d1e7-08d93bc0b5d5
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2021 12:15:11.8555 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FyJDronYSkkuX8ofgrsbdkn5iBaMV8oDB1vRQYj9C/iFD/FM8/imxjdHxT3rc9nqlcjzUhOahcXaL4MaUN/8KUwdyBXM5+xhI0PnksZ8fCY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3228
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/nEhn0C0laDWrxcVqDSc9pZv3XA0>
Subject: Re: [Masque] WGLC for "Requirements for a MASQUE Protocol to Proxy IP Traffic"
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 12:15:21 -0000

Hi,
I think you stated your view. I have stated my view. I think the best
is to progress, I just hope that there will not be an extensive
discussion against splitting the document if we get caught in a
situation where my fears are realized and we are getting feedback that
is directly related to the network to network use case and will take
some work to finish. 
Cheers
Magnus


On Tue, 2021-06-29 at 14:07 -0400, Alex Chernyakhovsky wrote:
> Hi Magnus,
> Inline.
> 
> Sincerely,
> -Alex
> 
> 
> 
> On Tue, Jun 29, 2021 at 6:02 AM Magnus Westerlund <
> magnus.westerlund@ericsson.com> wrote:
> > Hi David,
> > 
> > 
> > 
> > On Mon, 2021-06-28 at 09:36 -0700, David Schinazi wrote:
> > 
> > > Hi Magnus,
> > 
> > > 
> > 
> > > Thank you for clarifying *what* you would prefer to see in scope.
> > 
> > > Can you explain *why* you are advocating for those topics?
> > 
> > 
> > 
> > So the reason I am advocating for additional care in relation to
> > routing
> > 
> > information is the fact that a malicous and successful injection of
> > a route into
> > 
> > a network can be used as an tool to attack third parties. You could
> > potentially
> > 
> > divert traffic to perform other attacks or monitoring for
> > survailence or
> > 
> > information gathering.
> 
> These concerns are valid, but they apply to a system implementation,
> not the protocol. As we've discussed numerous times, these sorts of
> things can be accomplished with IPSec, yet the IPSec RFCs do not go
> into the details that you are requesting. I am not saying that we
> shouldn't have such guidance, but we have no requirement that it
> appear in the same document nor be published at the same time as the
> rest of the work we are currently discussing. I believe we're all in
> agreement there --- but I don't understand what concretely you're
> concerned about delaying if we are going to be able to break things
> up into separate documents, if/when that becomes necessary. 
> >  
> > 
> > 
> > 
> > And I think the main difference between the network to network VPN
> > case compared
> > 
> > to the customer VPN, is that the later only forwards traffic with a
> > destination
> > 
> > of the address/network the MASQUE Server lent to the MASQUE client.
> > That makes
> > 
> > the threat model match the leaf node, not a transit or multihomed
> > network which
> > 
> > network to network VPN easily create. 
> 
> Again, this is a system concern, not a protocol one. A sufficiently
> extensible protocol, as we are aiming to design, can handle both of
> these cases regardless of what policy and considerations we end up
> having in place. Our goal is to design this sufficiently extensible
> protocol. 
> >  
> > 
> > 
> > 
> > And with that change to the threat model the mitigations and
> > security
> > 
> > considerations are impacted. Which in terms is what I fear will
> > delay the
> > 
> > specification additionally. Do you think you can write a
> > specification without
> > 
> > bringing up the security considerations for the protocol field that
> > carries
> > 
> > route prefix information?
> 
> Yes, I explicitly believe we can do so, and this is evidenced by the
> IPSec RFCs. For example, RFC4301, which talks about the IPSec
> security architecture, makes no mention of this.
> We cannot operate without some abstractions, or else we will end up
> caught up in discussions that can make no progress. It is sufficient
> for us to begin implementation work and note that security
> considerations exist and operators are responsible for validating
> these routes per their own policy. 
> >  
> > 
> > 
> > 
> > The requirements document is very clear in Section 3.5 that a
> > protocol mechanism
> > 
> > is needed for route negotiation. That negotiation will be used to
> > affect the
> > 
> > MASQUE endpoints routing state. Which in its tern requires the
> > implementation to
> > 
> > consider which traffic it should accept. Yes, there is a trust
> > question here in
> > 
> > regards to authenticy and identity of who makes a statement about
> > that
> > 
> > authenticity in the request. But it is also a question of what
> > threats are
> > 
> > inherent in this mechanism and what each endpoint needs to consider
> > when using
> > 
> > this mechanism to safely use it to forwards traffic through the
> > tunnel. 
> > 
> > 
> > 
> > > In particular, you seem to be treating the routing table as
> > 
> > > something unique that needs to be handled differently, and I
> > 
> > > don't understand that. Many HTTP methods involve changing
> > 
> > > local state - if I click the Like button on a website, a database
> > 
> > > gets updated somewhere, for example. The routing table is a
> > 
> > > database, and it's unclear to me why it needs to be treated
> > 
> > > differently. It seems absolutely reasonable to have text in the
> > 
> > > security considerations section that states that servers
> > shouldn't
> > 
> > > let unauthenticated clients modify any server databases without
> > 
> > > checks, but it sounds like you're suggesting that the protocol
> > 
> > > solution document be opinionated about trust, and that would
> > 
> > > severely limit the applicability of the protocol - various use-
> > cases
> > 
> > > will have different means of authenticating clients and picking
> > 
> > > policies for what a client is allowed to do, and we cannot
> > preclude
> > 
> > > those.
> > 
> > 
> > 
> > 
> > 
> > The routing information carried in a MASQUE specific mechanism that
> > directly
> > 
> > impact what traffic that MASQUE endpoint will forward and what
> > mechanisms will
> > 
> > be needed to mitigate threats is the same as any HTTP application.
> > So this is
> > 
> > not the same as a general HTTP using applicaiton. The HTTP using
> > application
> > 
> > will have to evaluate the risks with the implemented function in
> > that
> > 
> > application, just like I asking us to carefully consider the impact
> > of the
> > 
> > application MASQUE. 
> > 
> > 
> > 
> > And when it comes to authentication mechanism I think for
> > interoperability it
> > 
> > will be necessary for the MASQUE application to require something
> > to be
> > 
> > mandatory to implement, even if that is the Mandatory to implement
> > by the
> > 
> > targeted HTTP versions. However, MASQUE service clearly have
> > similar
> > 
> > considerations to TURN servers where the failure to early on
> > consider if one had
> > 
> > mechanisms that was suited to the use cases. The issue with TURN
> > was that for
> > 
> > example WebRTC services wanted to provision its users with user
> > individual
> > 
> > credentials where the TURN services could be a contracted thrid
> > party service
> > 
> > that supported many WebRTC services concurrently.
> > 
> > 
> > 
> > But to conclude all I am really expecting is that the security
> > considerations
> > 
> > and the mitigations in the MASQUE protocol specification consider
> > the MASQUE
> > 
> > application in all its use cases listed in the requirements.
> 
> Again, we have to operate at a reasonable level of abstraction. What
> you're suggesting amounts to turning these documents into a massive
> compendium, to which I see limited benefit. 
> >  
> > 
> > 
> > 
> > Cheers
> > 
> > 
> > 
> > Magnus Westerlund
> >

v2.23.0 | Report a Bug | By Email