IETF Logo Mail Archive

Re: [OAUTH-WG] For review/discussion: Cedar profile of OAuth Rich Authorization Requests

Justin Richer <jricher@mit.edu> Fri, 23 February 2024 22:17 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE76DC14F610 for <oauth@ietfa.amsl.com>; Fri, 23 Feb 2024 14:17:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XfGj0hQiUYVj for <oauth@ietfa.amsl.com>; Fri, 23 Feb 2024 14:17:36 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2127.outbound.protection.outlook.com [40.107.94.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78CB4C14F5FE for <oauth@ietf.org>; Fri, 23 Feb 2024 14:17:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LyiAHIdUiywmUhu6bZeU7XFbn9hi956lX9//EuwefJOIhezKKjGFH5IPIfu+AVOkA0Tqx0OYrCcn7f0yaooDCSXodIKe4WOzP+KN+omCLPLEUOiSK3Epj79bFTGsCigakxSLCQKI5j2hSPHkyJDKkvp/PF2aelgYLp1Gwgo3VKsgpI4WwiT079p51P4VzhGXlSbRCIDfMcvP0jVkvxxOMCGH2GqI3L7azzu4LmnBSkN5oxLyH/K6qDVIAfkzk9btdu+qXmT0OIamrh6cfnm7oJ2pW1tCxJ4xflWacQDGRZhDpHrCUg4UeTpnGMD0mDutC2PQQxslhFPD6DRO1DEBgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ghm9Dql5MC54ldtjSgWs4p23pd4UZxs2t3UlK3LUp7w=; b=cKnBMxqZT2I9+/yW+fzv41ABy4G8hOBCHD8iRvqszLSOKEfgBzA4ttrQjmkY6ke58691NscLXELurFHU1FJ7/pYwiV+cGXBdpHoJ/Zxqpk+Jgkyxd7NygJQBTASID0i5I3z9ZgfyGMwF9MWCTOX6rrbxHnxJwWzpZBeo8BkM8UWEC7sXdPs1GR8YGl6oQSwbecqDPjPLSJqPsyey1s74Qa8YbqVT90MypXpk4ePFpObrQpkJ+x5rffCs8C14yKXQ5a2WHVyseWxf+q1I4DTsFB5HL61+DZiptMfu5lG47evUaHlUh/YamFyTr3MNQt9wPQpLg9yUTmJwcvCM2sANgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ghm9Dql5MC54ldtjSgWs4p23pd4UZxs2t3UlK3LUp7w=; b=ClmYBHOscju12AxLKXyTOyLcdJDClw/Dy3Ql2TJOAPJ7z96KRhS4k54Dtik8U0l+HNggTMFVzNcuyIO9M+SNRFSqt0mcQDgISs7jY/vGYvcAGRajRK+vRCRzKbuVa2w5iEP7BOcv9h/rf4r4TAhPqjOxdXd3Ntjs+YomH3FUjH8=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SJ0PR01MB6352.prod.exchangelabs.com (2603:10b6:a03:293::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.22; Fri, 23 Feb 2024 22:17:32 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::c5bd:292f:c37:64dc]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::c5bd:292f:c37:64dc%3]) with mapi id 15.20.7316.018; Fri, 23 Feb 2024 22:17:32 +0000
From: Justin Richer <jricher@mit.edu>
To: Brian Campbell <bcampbell@pingidentity.com>
CC: "Cecchetti, Sarah" <sarahcec=40amazon.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] For review/discussion: Cedar profile of OAuth Rich Authorization Requests
Thread-Index: AQHaZQ4cW3N0LiMaZkuc+tmme/CzyLEWq/2AgAGmJQCAABIFdoAADDWAgAARrAA=
Date: Fri, 23 Feb 2024 22:17:32 +0000
Message-ID: <9D1F1381-FF77-4F56-8B22-4120EB930644@mit.edu>
References: <05d124f46a7f400195076ec95686b794@amazon.com> <775BA7EF-7254-46D9-B936-A7862FCE95BD@mit.edu> <CA+k3eCQxG8ZYXU1kCWJba3esv2B9cLvwrfQQ0E5PpFhRAYRgWg@mail.gmail.com> <68b84b5ae8854610ad34186e2193fe9f@amazon.com> <CA+k3eCTRak_VRUeA0t5-57XPp29xqeF2o-6VbN6i_bwjvOuW6A@mail.gmail.com>
In-Reply-To: <CA+k3eCTRak_VRUeA0t5-57XPp29xqeF2o-6VbN6i_bwjvOuW6A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SJ0PR01MB6352:EE_
x-ms-office365-filtering-correlation-id: 01e2b228-2a39-49a1-9197-08dc34bd3b2d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YzykgvDiyMvSzJQpVuCEHXuu0ptDVWbP7DAe9UWbJeMrRJ0R/7UxUmLHX0r/RkpWa56cUilH4WICjjxhSsh3IFasDlgGKqIBn7GiR1A09WseHo3kB72OaVTEoXT3lNygiL6qNMBDxEbo5rjYryZnLW/M/Pwoa9TVYmU5HNvbKD5NWSZU9Q3D2+WYaAawUb3c8ntnEaWFVpfXDTdq3ZEQUPpKJCee71iLUYMoGc9RnMftddBUuNglhn6Lqdz0nJ4ylz5eHW4ljs6bcgPxPFsOtT/rtT4Vds1NCzGZ/59GPZa2FV5X6aaFEA/OvcrJk1we2g9kwavdH3q+2weSU1aBwpre8C6Ks15UbBmBgiGkeGJoM8zflmVg5tnNKJ17dQ7P+4GiI1+/Qdh8uQai6qPnbNyo4v0ZSapvf+Mq47RUDXhNTUg1+2ajumpbz294qFbrHrdlCZSCPIELaFikjprCnPFY62n6fQtKFuA1iVDcftLR9otW9R5h7ah+7N5f0AVCShgCMLIaTJp+C72oYFrLaWka7/gO3994KETUsp9bOt6f32lZwCgJ7ily7hRyWc5eDD3bvDCVh76w4q6vq5+4OmIGNZJ7Tobo8v87jCy00O0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LV8PR01MB8677.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(230273577357003)(230473577357003)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WgouJuMOEula+HYceBOyw6VoJbvkVCS2sxFGGhpEpFHk/jCvfpAB5H9/Q9rt5BIGd52Mtjq+7IQSzO+06KLroaqzWtddeW7tStaHV4Am7fIHABbJdEak5wO/8LMgvKrns5Ubyw6jGjdQna6snph/CbLiYbJMi87EPVHGiW+pC5y2XosvREeu3+Zc+D5cMUaHFM+Ot/sLYZOLWr3i5mAJENVo614XjG5D3Mdpoa8l/2kYitTggd+UvSGJwUYwEaSWmwiNIKReipv5ZxYrMWlG3uOBkbBLaZq38N/rfUgI6kTZZbaDRD5kOoGFqC4O67hhjRfK60VQPFwmQ5LvpZpXdkLiqc7ZASqbt+rsGPDzPUAvxQVhDoNooo41sDtFFpmkhZyYFpQpfu5qbgbWw7HVVypXx59lTyByFmievBGexmCGnEHAc/+U4fBKnF82mL+uNyCXvCLNANNow8BCe+8L1Pdy5ETsH75LXDiXi4gkAfoBz6UcwuBuBvR1uM1oGO81J+kO90cXP40Ttm0qMaQO00l7/vCEmcL2JDFw8wLzB9gi0ofYcPz+bVguIAEeYeCr9ag4A0EU9jSNyb3CN7KFijcNufmLjRh/l3xrwe5zYFliwP2+Wyy5Fty7SUCkXj2PgWXhLxT3yuG2TLtIwyzkjECmjOQqmlaGi+Rd8GgTLaqIe1gTU69aT8aV1DeKrz67X33tbyIaYAZDkcnlaVbcynzWXeibqgG8EZO2kD1zBlEBYm6zo7K9FTmBwkl7FWWaAsbtTJDgA3ThmRuAk0eVnNJCt5c7VPF59BxfUpIQFqdU45Zu0Qlf8wUP3h6KBFt7zwn7QmMwaJxWd1s6B/JJSVN64lIP754KeKsy9pleDHIWB/HytSJzwshayy67dbQomuWpgljh4oGbgjO0BEO2SfPKYsM8gyYj1Uh53oocviFQ3h8cUOeNj3rn5oATU8QcEbWlBtoI6J2PdrKCob3dDeLgX5+Xtgv+6it5ynkm3WZsLw+eQlbo549PTZO/D924QWH+lzgCtN7dWi9JpI4DCQDFEYnp8VmVXZBh5jwqIGgosOI5H6HZGpb8s3V5xaDp2GaNOaFUL40tFKc7vUfLPc6pt7ev8NVtKAFO0AeveAN/JSbUXw8uulgF7QUBP3dGrYqMHUAV2AzR86yVekH6Rt5qTPiMpJELWlTSvuYAPGBzudYLXAIVzrMNpx1HL/UtF4F5APPQiTwD9He31OXdjSr7TN/uZoDcp/JxJ5GzQGZgOAvYaNcF4r9mHpyV9pqb5jVs+M299wBmiW6aCUPAiWkKGpgyqVZsZ4B5MZyPCuna9PQMEjBAhQmz4y5/9uA8smTPUh6esxqntce3ePe1ahpWI63TAJkWKFcy+5p9M/bI1N7oSj1kUSdqSxeIvZ3bcMqaqZ8SFD5sgFwYRj13+CCSrgxEz6S9cnextFaV2h4GHTm91Q0K+ikKCIChlUB8ZXgSi5g9p2tsBgdCOh7JJSf8VDRkEiem8kPOCj5+D+xV37EqFoPETKbw1ylrEJSvom4tptTGusY60igwlvpzbC2DJjD6NH5+iSc7WwinKqvS1WmkZp5zqOK237f1WKuZ
Content-Type: multipart/alternative; boundary="_000_9D1F1381FF774F568B224120EB930644mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01e2b228-2a39-49a1-9197-08dc34bd3b2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2024 22:17:32.5634 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8Gb8KnqEOjLXIVf8xkQ71UVnzBpzF2uirdUu4L8iuhcTQ8u6b2ZLYdSgxfIHVALB
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6352
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/QAo9hdRZ8-SrUTlZQxNIk8OvO3c>
Subject: Re: [OAUTH-WG] For review/discussion: Cedar profile of OAuth Rich Authorization Requests
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2024 22:17:41 -0000

On top of that, since the RAR structure is fundamentally an array, existing open banking stuff could still use their types alongside the cedar type, if they wanted. Combining them would be an interesting exercise for each ecosystem, but you’ll run into that regardless of the vertical.

— Justin

On Feb 23, 2024, at 4:14 PM, Brian Campbell <bcampbell@pingidentity.com> wrote:

Yeah, communication of intent was not supposed to be the purpose of the type parameter value. Although I do (now) see how many of the examples in RAR/RFC9396 kinda read that way. The https://www.rfc-editor.org/rfc/rfc9396.html#section-2-2.2 definition of type tries to convey what it is intended to do, which is that it "determines the allowable contents of the object that contains it." Shortly after at https://www.rfc-editor.org/rfc/rfc9396.html#section-2.1-2 it talks about using a collision-resistant value for applications expected to be widely deployed (e.g., beyond a single AS), which seems appropriate for Cedar, and is followed by an example that uses a URL as the type value.




On Fri, Feb 23, 2024 at 1:38 PM Cecchetti, Sarah <sarahcec=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote:

Interesting. We considered using the type parameter, but decided against it. In the examples in the spec, the spirit of type seems to be an indication of the intent of the request (for example "customer_information" or "payment_initiation.") We were concerned about breaking existing open banking implementations if we took away the ability for the client to include an intent in the request and substitute the format of the request. We would like for existing open banking implementations to simply use a consistent format for their requests, not to override the intent of the request if that's something that's important for them to communicate.

If communication of intent is not important, we're happy to just specify the content the type parameter and define a new policySet parameter, or possibly just give guidance to put a policy set within "privileges."


Sarah Cecchetti


________________________________
From: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org<mailto:40pingidentity.com@dmarc.ietf.org>>
Sent: Friday, February 23, 2024 11:25:56 AM
To: Justin Richer
Cc: Cecchetti, Sarah; oauth
Subject: RE: [EXTERNAL] [OAUTH-WG] For review/discussion: Cedar profile of OAuth Rich Authorization Requests


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

I'm inferring some intent (apologies if I've got it wrong!) but I think it'd make the most sense for this work to start with defining a RAR type value (something like "https://cedarpolicy.com<https://cedarpolicy.com/>") and define that type as having the "policySet"  parameter. An updated example figure 1 from the draft would look like the below.  As Justin said, RAR intends the “type” field as the extensibility point that defines the semantics of all other parts in the typed object. So it would be saying this is a Cedar type authorization_details element and it contains this "policySet" parameter that has the actual Cedar policy in it.



{
"type": "https://cedarpolicy.com<https://cedarpolicy.com/>"
"policySet": "
  permit (
        principal == BankA::User::\"696d28c8-8912-41d2-b182-aa7087323318\",
        action == BankA::Action::\"initiate\",
    resource == Creditor::\"https://example.com/payments\<https://example.com/payments%5C>"
        )
        when { context.instructedAmount.currency == \"EUR\" &&
    context.instructedAmount.amount == decimal(\"123.50\") &&
    resource.creditorName == \"Merchant A\" &&
    resource.creditorAccount.bic == \"ABCIDEFFXXX\" &&
    resource.creditorAccount.iban == \"DE02100100109307118603\" &&
    context.remittanceInformationUnstructured == \"Ref Number Merchant\"
        };
"
}

On Thu, Feb 22, 2024 at 11:15 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:
Hi Sarah,

Thanks for putting that draft together. As one of the authors of RAR, I wanted to chime in.

First, I do think that this is a great use of RAR. The whole idea behind RAR was to give people structures that they could use beyond what scopes allow, and tying this to a computable policy language like Cedar makes a lot of sense to a lot of use cases. In particular, as with any other RAR object, this could show up in the client’s request to the AS, the AS’s response to the client, or the token’s resulting metadata (basically AS message to the RS via the token), and having an explicit policy in each of those places deserves discussion.

Next, I wanted to provide some specific feedback about the implementation proposed in the draft, because I think there are a few ways it could go and each might make sense.

One of the benefits to RAR is that it’s the “type” field that defines the semantics of all other parts in the typed object — which also makes interoperable definitions a bit trickier. With that in mind, what is the intended target of the “rarFormat” and “policySet” fields?

Is the goal of this draft to define another set of “Common Data Fields” to be used across different types, as is done in RAR section 2.2? (https://www.rfc-editor.org/rfc/rfc9396.html#name-common-data-fields) If so, that should be called out explicitly, as is done in RFC9396. Are there intended interactions with other common data fields, such as filtering the policy based on location or action, for example?

Or is the goal that these be defined in a specific set of “type” values that would comply to this format? If so, what are the conditions for using and extending this format? The way the “rarFormat” text is currently written, it seems to put constraints on the rest of the object defined by the “type”, so is the intent that you’d have rar-cedar-compliant types that follow this pattern?

Or is the goal to define a generic and extensible field set that can be re-used by other policy languages? That seems to be hinted at with the separate format and data fields, but as written only one is defined so it’s difficult to tell, at this stage, what the intended abstraction points are. If only one is defined, then would it make sense to just define a single “cedarPolicy” parameter instead of the two? And if there’s another format that comes along, it can follow Cedar’s example and do something similar. The “type” would define how to handle having different policy formats in a single object, to avoid overlaps.

And if the answer to all of this is “I don’t know”, that’s also reasonable at this stage as these are great questions for the WG to answer. :)

Finally, since RAR is based on JSON data types, and Cedar uses multi-line strings (at least for display in the examples), the intent of this value translation is going to have to be spelled out. As in, a real example on the wire would need to have all the newlines encoded as \n and the like, in order to be JSON. This is almost certainly me reading too much into the hand-crafted examples on a new drafts, but I wanted to raise this as something that’ll need to be solved for Cedar and, depending on the answers above, other languages. In other words, can we always assume that a policy is always encoded as a single string, or is there other structure that might work better? This is not my area of expertise and I have no opinions on the answer, so if strings are good enough that’s fine by me. :)

Thank you, and I hope to see this work continue!

 — Justin

On Feb 21, 2024, at 5:06 PM, Cecchetti, Sarah <sarahcec=40amazon.com@dmarc.ietf.org<mailto:40amazon.com@dmarc.ietf.org>> wrote:

I have submitted a new draft:

https://datatracker.ietf.org/doc/html/draft-cecchetti-oauth-rar-cedar

This is intended to be a profile of RFC 9396 OAuth 2.0 Rich Authorization Requests (OAuth RAR). OAuth RAR defines an authorization_details parameter, but leaves the format of the parameter open. This profile defines a rarFormat parameter to further constrain authorization_details to use a specific format called "cedar."

The use case for this draft is the same as the OAuth RAR use case - i.e. open banking specifically, and fine-grained authorization generally. The intent is to make the standard more interoperable by specifying the policy language which will be used to communicate the authorization request and response. The language used in these examples is Cedar, an open-source policy language - https://www.cedarpolicy.com/en. Putting Cedar policy sets within an OAuth token enables the client and RS to conduct transactions which conform to specific fine-grained policies which have been blessed(signed) by the AS.

Open Questions:

  1.  Should we create a separate informational draft defining the Cedar language itself within the universe of the IETF? Or is it fine to leave that undefined?
  2.  Is rarFormat the right name for this parameter?
  3.  Should policySet be required?
  4.  I tried to keep this draft fairly simple and duplicate examples in the OAuth RAR RFC without redundantly stating what is already defined there. Did I include too little? Too much?

This is my first draft submission, so any and all feedback is welcome, and apologies if my xml is incorrectly formatted. I'm ignorant about many things in the standards process. :)

Sarah Cecchetti

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

v2.23.0 | Report a Bug | By Email