IETF Logo Mail Archive

Re: [nfsv4] New Version Notification for draft-dnoveck-nfsv4-security-08.txt

Chuck Lever III <chuck.lever@oracle.com> Sat, 23 March 2024 14:36 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD668C14F5FE for <nfsv4@ietfa.amsl.com>; Sat, 23 Mar 2024 07:36:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b="cqgyKosT"; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b="b6VbvHYG"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2cSJMOMzHHU for <nfsv4@ietfa.amsl.com>; Sat, 23 Mar 2024 07:36:48 -0700 (PDT)
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 860A7C151997 for <nfsv4@ietf.org>; Sat, 23 Mar 2024 07:36:48 -0700 (PDT)
Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 42NBQV0C030635; Sat, 23 Mar 2024 14:36:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2023-11-20; bh=xXEBCs89CEwMzZoMvt80XIe4gC7Ot2iNqwUEkr6QLYk=; b=cqgyKosT91bbrV/M+4EkcTPN9xiuJ1TFmotJOrCzF64Y24/9uKFy0jLxFwBGA7SvXOen eWUW5NXF0UbixA9Tk3j7f/yv+UoQINwBoT55laCiIPs5xKlWRPLeMMsKM2oNfeJ3zwH0 msb8AHK9Cl/DMCrmOqsIRn+5URfOxiyKBONyJsKXFVXbHg4npAaMLTLMz3rGmZ3Gn7oH GhO14N6dXv8JIOsyw8tZudCkTnfliHUVthziIpglBukidZTCeT44pUDqMJr002/VDqiF MAAoFdP7co42R1EnDXRmxf5Gkjm2HR7opV1NAB6I4o0Cd5hBPP3nwf3jh9o+Ym3FlCal Tg==
Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3x1ppugg5a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 23 Mar 2024 14:36:46 +0000
Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 42NAjWhJ020256; Sat, 23 Mar 2024 14:36:45 GMT
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2168.outbound.protection.outlook.com [104.47.55.168]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3x1nh44src-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 23 Mar 2024 14:36:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dp0FjPM49WUEHjvuJaFG8OD/tIZBZx9PnyfJ36/iMs3oT/SOB8lsnJSf3MZKFzvk1A4vF9tQEPvWAV7jQL3VJXMJ1OpZlgQ9R/Hqj1Zs8JGO22ynPIKkZmoTf8BFTeSEwwS26HpJEYCTMJDiIco0L18IqrzhtNf0MiAaIAobMCpHjbkGCWYyrYXZQ9yphXZXucyF1hoeZ2DcSAVPLMPHDpjGPVts5uVuKqNabih3iL+MWNuX6gfiuQ7I5SYgElTApxOnyushFFUXFHpWnIWsc5kctxUMZiC+E7te2wKaCVFoEaN6q0WVwHj7d4qkpNJ0aglIFxSjcKQy7CUBzKOTcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xXEBCs89CEwMzZoMvt80XIe4gC7Ot2iNqwUEkr6QLYk=; b=a90EhIeiKsabQ7IG/j2moKufiYy5ojtUoaInAh7OrPD0szL9ouHs9DbYHstgwvoxOOwPb36+Ju92dn2TaD3v5D1J8AHI1BIeRvbYnEVTNPxciTroQgRwAnItqRvztpULpHgYgVNlEcK4PxmE3XxBRJkTjIsulCfesIXdeB1kvjwOX3GxSo6zAs0+q0IiaiQ6shpT91HehtsgpqBY8kZKIw2EsWhiS1+1u0g6epkaQuO1170MxrewJYOnfh/f9Ogjf1rVSTfQUG34F6okF52hOZz7TVK6AsvrRMad5Zbjsv69s7+OhUddy8IzlLyxtm+5YajDpRGohymSYLk3Jzh+Qw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xXEBCs89CEwMzZoMvt80XIe4gC7Ot2iNqwUEkr6QLYk=; b=b6VbvHYGWO6OhVq42UMnT3DIRMT436Su/QC7PJ405DT7do8HH1uGCaMJ+u6Btg26x8TEaAJvqNYurCqwdpCogXLqGZj9mC8vTJjwhYVW7WXJt57cXf4bcy3ZgsuU7NcirBq28o0V4ObiblLAc/VcO91KVKjh38NY1rnHbHucano=
Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by PH0PR10MB7062.namprd10.prod.outlook.com (2603:10b6:510:283::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.24; Sat, 23 Mar 2024 14:36:43 +0000
Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::ad12:a809:d789:a25b]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::ad12:a809:d789:a25b%4]) with mapi id 15.20.7409.010; Sat, 23 Mar 2024 14:36:43 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: Rick Macklem <rick.macklem@gmail.com>
CC: David Noveck <davenoveck@gmail.com>, NFSv4 <nfsv4@ietf.org>, Chuck Lever <chucklever@gmail.com>
Thread-Topic: [nfsv4] New Version Notification for draft-dnoveck-nfsv4-security-08.txt
Thread-Index: AQHaegsMmZcv6Df/j0W6MFIVrCLY1rFEewcAgADv4gA=
Date: Sat, 23 Mar 2024 14:36:43 +0000
Message-ID: <757E9A61-94D8-44C6-9AEA-3941FD9DD851@oracle.com>
References: <170947740288.2806.283512371684207764@ietfa.amsl.com> <CADaq8jeHa0PPye1xtUyHipFa60tuCOufW_7uXmY3UV9RwuySqg@mail.gmail.com> <CAM5tNy4JpwZmPAQH8SFFPvAWE3qWmxrgdDTw5+StNFxzOAcpbw@mail.gmail.com> <9DBE4C96-42B7-43E7-8430-D87FC337CDA3@oracle.com> <CAM5tNy4JhjdxbT1ZK=dXE82=6P9jrY=ARoMc9DQ6Jd2dhx3xqw@mail.gmail.com>
In-Reply-To: <CAM5tNy4JhjdxbT1ZK=dXE82=6P9jrY=ARoMc9DQ6Jd2dhx3xqw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.400.31)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|PH0PR10MB7062:EE_
x-ms-office365-filtering-correlation-id: c293dec0-ed14-4eb0-991a-08dc4b46a8b9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OpTP9nIzkD+Q6TKuazZh1YihClVulX5+QwYhaX270iOxbjHOtasZXch1V010THqhbE7Qy5PfLPlkiJ7XVR6msXyWjLx9oF7tOBtVjG3imyUUP07u0X4DZ6wSzrr3PBBUvadvF0laSxR3+opt2MzpwkBSR6oP3+t2XfN6uTQ1Ty+50YvZymmsh166Mq+yP7kfRC1v8Ov1u9RMP6y/QSgtFHBTD3czDq7B2VbWz0Mkps45bAJXCBUCZZCMGj9dmD3zhrofCoYM1vu8wIVihY54YW80EKvWnYDyjWqCLs0kcLzNAHUD0bvFhiwzyz2U6oxRM2nEpCUmN0yzZqlyD0kMby0aubLj0WgPnnuXn+ufxOOUEH3jui97UDiiqj62PHo4DCZb+9OiM4q1iuHgzBi61ZDKqzKbbjceQRmv7M7DbXTclzhot04CrmddWWe7WqiE0H0VufIJH2Q5+l6qZBnqPIem/mQj8dEmduTifhXKjFT6ItZrqLdweceSyF+7wJgJxkr/sgSWfc1/Omhv6PfM73qualrV58OSsmNZmePYGVg4hy6/5wmFgT3ioRzxNh8tjEMgY3gqIJN7B6XGD26jKR48IN9NCxUfvm7uCUSK1+GNbQ+R33MSD6lGXji1MKcO5nr5fz1zZWnxz4WMfDSECratW9df4MJedCTfnITCSTKUBoF0AttXauBZaok6kXrcNhhwRdsjX/UkJSzpPTgX4Y6wjwWLTQRPm4IQSFo62Mw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5128.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Y6DdECrJNzHTNL+EffoxSQhZmGHfTC1zzhto42Eoz2GxQmVNHWfqLQBWkQnILVMNCSx6vrSfp+qzAopLFXTTFGng/z5aYk4DSn3UcWp4pNXjV6NLYVzmvchkvo6Q7fOElBnMvDCnQ3nn1h0gq6maB8AdppbHfrBA2BiTNpE4MzMwv6iVuT82ftsMoEOoB75/aMObuem4ezPztj9O24Rw/ijaQDHXxJK3lLwhLZthB6ifZBOdYEjEKEaq/ngsXee82NV4RGF9rvqjv5Ukgk2JfmvByBbKH5xhw88W/q2Ht1VaAEo1Wj6eLL8Jkz4Baa5sLca6oJrBR1f3PdKU/mhZ/fyy6UqqWhkb0cAnn+xR9+EFAzraNY+lks1sjmltU2Lun60/mRBlWy67GfZ36vV5uYTvNWzgjnsKHYqpU+018GgJU4bs8tLA6zysUGn7htHMpCVf6ECK5Mkjxlvsy1uY9RnG23SKwkQwtPGab21p8yXEIbQmSCcTjGlvNxRqOkOEe0NF/Ox7FOqNhbDeqVmVQYhUF5cn1G1bF4oR9xUNyE8OIwcgdkEeDWcOHDuJ6y9ETIQbKGrP0fGdd9sUgmf1G45CoQR5fQ9tsyGplAx8KJUUoSlBJ1rNP3W+8YbZo9hWfmSmJvX/S2+FewTF/qpSRw23vWGqIzdZZRjK6ez7lUHb7lBT4rT35eJNrtbKekrbY96uq/nucUuvKJ6Asvpu2RI5RB6zQLDVzPvW2Jd4FPXFM0HQaGXZ2XtbAhOZN1hAifYkN/FWTOHaxGbdNxzxzh68aMOD/LFTDezzf+pLAcylDksaQlxjJjrzyir3usFP9KCreC88kIduRyVVUmOdlj6TsElqi5pT2x9HaT9Olr5bOubPCJwXTeh2QYP2HrAXB/RHXvWHV3/24RNkHylpR3u2GS+/Jh9pQ4fZjtbMxyjG0cVNihK9x2I1coHIn5N0YEesCO4fzozlG8dAHoUPlz3WY8wVnvmkMSjebTtA+D/GzDCasPIq4nd4BqjVdnlUyt7xf15yGJ9PnUXBzfiMVsgPtEUJflKJ4rHO9D5aqjeLVdyVvxTnngr+Qxjak5bp8fhbpmzhZ1XvD2hRYx3JIoJyMUTS0REIDVaIIAPLtCTED2uStGPD5+GeUDcwsFQ+L1Zb+juPrsTBTE5RgGfRsjuWUPbwvv5m4yMA9pw0TTYEy/VO7HZ/B/44VMdWJOfiC1hB/hRsZvOFfBs2ZFP11GVEu2deNTlr042FfNFSQRfZ1LE/VloVv8lI2cVBqDbX4g7FDJwjCbuWPq5/3JeX8QyfD4HWhnSLRkhgEJOZeHt27xCDk5OMKP6uH0ZA9JQ3q3UNJVXg9RM/ovGwDuLl/NrwuJRLzR6Bh9m3R3+shc1Q2r4Dg1zTqLoBEuIJDTErukY1UhoVpUH6qPih+/JkF9z/kWgmL1ZjvyVxdPitdFOz/CYLPGn06MyhLxQNGydjwPlVr0UHl60pZ5DtRafNuZd5NiBWM+c+ltSCXWwrHv4ArUjPgWtaXwP7XHUw4bwb3I7rrmEn+5S5iviWfemL+2vE89TCDFr88hwE3DxxP7uTAnj4b3lzwrewSorV2RHj6587vYxPL3lpNP7P/U2+3Q==
Content-Type: text/plain; charset="utf-8"
Content-ID: <2BCA5D47E6FD0243886FD0E6452E8C36@namprd10.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: kOk8iazVGzmsTBSv+5nYd+C2Fmr1pEzownRcKZlvYts+4MTWhXST9G9ZYKx10sOeGWUeJqm7EGNgMtCIN5pSszxcgyXGbKVnpQL22HCxe2GbfGNnSbLxbzPln9fOEf+P3piCFRDPfTAsCVIMPwkaZW0eAvKLbZd7R741mxisrJSjhSzoKazHsd0ZNUCTStxo83l8fQh9Hwd8yui93h3eSNUzz/v/6eLSFxpa6QK9RbjDtECmoOTYybAAqGWauMFSxP6ELuPTPJGBT4PbIwisOpPjqTjF2hd4BJKvO4ReNakxFCi1qH6fNYrwomnSJw58CdNx1XLE+IlfLdg7/mF+IYx07VCoorerWanypDaLFDF09rAlT/GX3MxgwLkZt5iJr3fWtwb04xgJHfqPO0eI3bToO6XCFSY7WFKiclNASzbpikkV/PLYUEDXzx0PZsMQROCKQLj6UTm8q6eNWP8uT44WXM4dxcuq6O/uSHh8wgK+yzNnKKDSWz08d3AjyLotJXj7hc77sSWXQeT7n/5FuyHetUyaQHsE35m0GC38ONPvwNdVsAXrtcDk+yHaUTl4L2CixWIey+BbufzzJIMLjq9OhK98rfCMDZYmAJU65PM=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c293dec0-ed14-4eb0-991a-08dc4b46a8b9
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2024 14:36:43.0230 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ODsS5g/xukND64TiIwj+vcDzH5VrXNXQMEVqg+G1TvQlcBaLBT8k5mkt6Ogquuu8OZL701IrQeXpn4rT49/RFA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR10MB7062
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-23_10,2024-03-21_02,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403210000 definitions=main-2403230099
X-Proofpoint-ORIG-GUID: BVMIKSAHBTH64peCeU9GLds3J3jF34X_
X-Proofpoint-GUID: BVMIKSAHBTH64peCeU9GLds3J3jF34X_
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/HcCkYCEqkzUKBOpEj0dNi7yGyyk>
Subject: Re: [nfsv4] New Version Notification for draft-dnoveck-nfsv4-security-08.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 14:36:50 -0000


> On Mar 22, 2024, at 8:17 PM, Rick Macklem <rick.macklem@gmail.com> wrote:
> 
> On Tue, Mar 19, 2024 at 7:38 AM Chuck Lever III <chuck.lever@oracle.com> wrote:
>> 
>> 
>> 
>>> On Mar 19, 2024, at 10:27 AM, Rick Macklem <rick.macklem@gmail.com> wrote:
>>> 
>>> There are a couple of issues that this RFC could discuss/define related to this.
>>> - Chuck and I diverged w.r.t. how to implement this.
>>> a) I preferred putting the user name in the X.509 certificate presented during
>>>      TLS handshake.
>>> b) Chuck preferred a database on the NFSv4 server, keyed on certificate
>>>     issuer/serial#.
>>> (Chuck may have changed his mind, since his post was related to
>>> implementation a).)
>>> This can be considered just an implementation detail chosen by NFS server
>>> implementors, but it might be nice to have some standardization (for
>>> example, the
>>> exact format of the field in the X.509 certificate for a)).
>> 
>> IMO this falls in the category of server implementation detail.
>> I don't recall saying a serial# database should be required.
>> 
>> But, not something that goes on the wire, certainly, and
>> therefore outside the purview of the IETF.
> Wel, I said "maybe" and I'm still a "maybe".
> The working group has been very good at underspecifying things
> in the past and they still cause problems.
> For example, take the case of the domain component of Owner and
> Owner_group strings. What are they?
> I honestly do not know.
> I believe David does discuss this in his security draft.
> 
> Suppose Linux implements the "imbed a username in the X.509 certificate
> for TLS identity squashing", but at some point it is decided that Linux should
> not use a FreeBSD OID and chooses to use a different OID.
> (I used a FreeBSD OID, since I did not know how to acquire anything else and
> used the otherName componenent of SubjectAltName at the suggestion of
> Ben Kaduk.)
> Then you end up with a similar but non-identical way of doing it and sysadmins
> have to deal with potentially N different ways to create X.509 certs for clients
> to use with different servers. (These X.509 certs do go on the wire.)
> 
> Now, if by "server implementation detail" you were simply referring to choosing
> a) versus b), then I would agree.

That's all I meant: a) versus b) is an implementation detail.

If there's some question about the form of the SAN string
the server will use for squashing the RPC user identity,
then I agree, that will need standards action.


> I'll admit I have not explored standardization of the way to insert a
> username in
> a X.509 certificate.
> 
> However, I agree that resolving what to do with SP4_MACH_CRED is more
> important.
> I'd like to see either:
> - SP4_MACH_CRED extended to support any appropriate RPC layer
>  machine credential and any appropriate integrity/privacy provision
>  instead of the RPCSEC_GSS specific requirement in RFC8881.
> OR
> - A new SP4_MACH_CRED like variant for the above as an extension
>  to NFSv4.2.
> Then, along with the above, a specification for doing this for RPC-over-TLS.
> 
> rick
>> 
>> --
>> Chuck Lever
>> 
>> 

--
Chuck Lever

v2.23.0 | Report a Bug | By Email