[OAUTH-WG] Re: Review of draft-ietf-oauth-selective-disclosure-jwt-10

Brian Campbell <bcampbell@pingidentity.com> Thu, 22 August 2024 15:06 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5430C15152D for <oauth@ietfa.amsl.com>; Thu, 22 Aug 2024 08:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MlpN4T9nu76 for <oauth@ietfa.amsl.com>; Thu, 22 Aug 2024 08:06:33 -0700 (PDT)
Received: from mail-oo1-xc2a.google.com (mail-oo1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4DCC151066 for <oauth@ietf.org>; Thu, 22 Aug 2024 08:06:33 -0700 (PDT)
Received: by mail-oo1-xc2a.google.com with SMTP id 006d021491bc7-5dca00a72easo669634eaf.2 for <oauth@ietf.org>; Thu, 22 Aug 2024 08:06:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1724339193; x=1724943993; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0qpCXr6d6u1OlNtXVLTQ5B73vkeTaq0iEUZWClF8wgA=; b=bKUPLDlvRm1J4FIqQ5+yS8q23lANCj5vErIOXJR0yHG3zrRsVtAR3hE6dWJccvdxjT 3tVqmNKsZT0w8LML0DcqwBaf+kI2Kmo2vxAiVgZHVHRv8Q/cXpQWXC/WiwO1FIE3Amtx IZpu3q2T885BwmfKQ3bvefCRTl4Iwx+awgh69FwO/zINpgWVZu+i5N6Va8CY4YnFRxh8 soKbbNVQpd1MaX+tbgda5ZW1vmCAByKQR6EFzXNIormbwdTgd4TTKwTdwbHaRLmX0qT0 cPojcWlC/d7FNoV0FgRGGhn+Aq2niStjQlgPGlblQe1IAj2OISsCUg7QKrSnGEy3acZx hGnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724339193; x=1724943993; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0qpCXr6d6u1OlNtXVLTQ5B73vkeTaq0iEUZWClF8wgA=; b=mqY9fen4J24E4MbnFtDFV+b4yR6XoWMOlW/5SZgde3sOjpmDyywwAtA8X8S+ZZER77 yGak/lhv9/i0xXxXv3qS6Whhgkmy20esb8rH2OgwNexDJj0vaKXYU7U6u2xQ1c3IK8mY ImrKc2QSq8IOnjBvh466jH1VTH9QQu6NoARuV0ZSaGwpP8J8sC4KqjkP4Ep1uv5lLO6L BsR2s+2K+PSIhbFzVrxB5n2ObC02FH5Z2nQUM64N1cBDa7NTT8Dm6wGpUV79JyEjyb5+ lj7uto0DJ0kEIc1a2hyKwxp2UBhRbXoEm/M4jV4fJr4GIQv66I7qdsz3M2AVHgBD+18J 5iww==
X-Forwarded-Encrypted: i=1; AJvYcCXFPO17wSU23NK6aEsr6qR8ydAiYm9Ulkv5nhjo+AxAG9ybN2/Y20XEaOu9BZFxztim726AQA==@ietf.org
X-Gm-Message-State: AOJu0YwR6PKP2xzD2+t7zYtpS2BLZYFObWNkArVIihvmfnLkDpXqxhkE RZZL5WHQHn9SxPLckupib6sueHfo8vs33f4YEz1u/PukZsvNckpzm9KkSCipkCi7K+b+2dzxHFY WKv1g/AKffiNPu7NOcWY04rAPJqbIrRDMlR8q1YPhe+U/8yZjh/2jAt+KdgEmBKz2E+1yI501d3 Fsg8ryAugRzA==
X-Google-Smtp-Source: AGHT+IGSFWj3BJONKZ+HRZQBUMgBpcKZl110JBoPWlJbfjPR/U2T6VyjeduABcAAykVp4g67HVoZOpLlyMTS1ffecM4=
X-Received: by 2002:a05:6358:248e:b0:1b3:94cc:6526 with SMTP id e5c5f4694b2df-1b59f922143mr713131455d.2.1724339192146; Thu, 22 Aug 2024 08:06:32 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR02MB7439CC07D6FB13A1DAA664E1B7BE2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCQRU95pNKEdRFoAOLaKR=QLZZMYE9NoF2Yeg=_cenF=gw@mail.gmail.com> <CAFje9Pi=V+pHriMwa3wSPT7wHLa6J60KRuN8TYXHZKXrRWe1jQ@mail.gmail.com> <SA0PR02MB743411EE36263FEC5110C393B7822@SA0PR02MB7434.namprd02.prod.outlook.com>
In-Reply-To: <SA0PR02MB743411EE36263FEC5110C393B7822@SA0PR02MB7434.namprd02.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 22 Aug 2024 09:06:05 -0600
Message-ID: <CA+k3eCTH2MjjJhi6HEUcyFyBnoHZTNLGOwMYUX=1e2M=r3Smxw@mail.gmail.com>
To: Michael Jones <michael_b_jones@hotmail.com>
Content-Type: multipart/alternative; boundary="000000000000059dc00620470155"
Message-ID-Hash: CLWQ4VK6X4AMT5F2WPYI663GMOCZ45TN
X-Message-ID-Hash: CLWQ4VK6X4AMT5F2WPYI663GMOCZ45TN
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: Review of draft-ietf-oauth-selective-disclosure-jwt-10
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cPD_LWWEPedQR3SiU17Juamtwt8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Michael B. Jones, Sir,

I have endeavored to reply inline below to the remaining comments
and/or addressing them with further updates to the source of the draft,
which will appear in the -11 revision that hopefully will be published
soon.

I have the honor to be Your Obedient Servant,
B. Cam

On Sat, Aug 17, 2024 at 12:06 PM Michael Jones <michael_b_jones@hotmail.com>
wrote:

> Thanks very much for addressing the majority of my comments and for
> replying to the rest of them.  I’m replying inline to the remaining ones
> that I believe should still be addressed.  I’ve deleted the ones from this
> thread that I’m satisfied with the responses to.
>
>
>
>                                                                 Best
> wishes,
>
>                                                                 -- Mike
>
>
>
> *From:* Kristina Yasuda <yasudakristina@gmail.com>
> *Sent:* Wednesday, August 14, 2024 6:07 AM
> *To:* Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
> *Cc:* Michael Jones <michael_b_jones@hotmail.com>; oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Re: Review of
> draft-ietf-oauth-selective-disclosure-jwt-10
>
>
>
> Thank you very much, Mike.
>
>
>
> Majority of your comments have been incorporated in this PR
> https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/452,
> which has been merged.
>
> Below, in bold, please find explanations for the points that have not been
> reflected.
>
>
>
> We appreciate your review.
>
>
>
> Best,
>
> Kristina
>
>
>
> *1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>*:
> The usage of “Holder” in “used a number of times by the user (the "Holder"
> of the JWT)” inconsistent with its usage in the definitions, which defines
> “Holder” as being “an entity”.  The usage here in the introduction makes
> the holder into a person rather than an entity.  Please adjust the language
> here to not confuse the user who utilizes the holder with the holder itself.
>
> *-> Holder is defined as an entity and a person can be considered an
> entity. We also have a phrase "the user (the "Holder" of the JWT)" in the
> introduction. Hence the editors consider the current wording to be
> sufficient.*
>
>
>
> Since “Holder” is sometimes used in the spec to refer to the Wallet
> software and sometimes used to refer to the person using the Wallet, I
> believe that readers would be well served to make a clear terminological
> distinction between the two.
>

We've intentionally avoided using the term "Wallet" to date and should
remain consistent with that. But will expand the text defining Holder to
better accommodate its use throughout the document.


 *1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>*:
> In “"Claims" here refers to both object properties (name-value pairs) as
> well as array elements.” change “array elements” to “elements in arrays
> that are the values of name/value pairs” (or something like that).  Without
> saying what the array elements are, readers will be confused about what’s
> being referred to.  I’d apply this clarification in *4.1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-4.1>SD-JWT
> and Disclosures
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-sd-jwt-and-disclosures>
> *and other applicable locations as well.
>
> *->  There is a misunderstanding. the intended meaning here is exactly
> what the text says: "each element in the array (regardless if it is a
> name/value pair or not, an array element as a string counts too) can be
> selectively disclosed".*
>
>
>
> The fact that a misunderstanding is possible and occurred leads me to
> believe that a clarification of this phrase is needed.  Readers won’t
> necessarily know where the “array elements” being referred to occur in the
> data structures.  That was certainly my experience, hence my initial
> comment.  Possible wording that’s simpler than my initial proposed wording
> could be “array elements occurring within Claim values”.  Or clarify it
> with different wording of your choosing.
>

While I am personally quite sympathetic to the "that a misunderstanding is
possible" line of reasoning, the use of the words "array elements" to
mean array elements is the most concise and meaningful terminology the
document authors were able to conceive of to convey the concept of elements
in arrays. I believe it would be a disservice to readers to embellish the
wording.



> *1.1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1.1>Feature
> Summary
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-feature-summary>*:
> In “A format for enabling selective disclosure in nested JSON data
> structures, supporting selectively disclosable object properties
> (name-value pairs) and array elements”, consider expanding “array elements”
> in the same manner as the preceding comment to make the meaning more
> evident.
>
> *->  same as above. There is a misunderstanding. the intended meaning here
> is exactly what the text says: "each element in the array (regardless if it
> is a name/value pair or not, an array element as a string counts too) can
> be selectively disclosed".*
>
>
>
> Same response as my previous comment.
>

Same response as my previous comment but I can't help but wonder if there's
a different misunderstanding at play here...



>  *1.2.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1.2>Conventions
> and Terminology
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-conventions-and-terminology>*:
> I suggest moving the “base64url” definition to the Terms and Definitions
> section and use a parallel structure to that at
> https://www.rfc-editor.org/rfc/rfc7519.html#section-2.  Specifically, say
> “The “base64url” term denotes the URL-safe base64 encoding without padding
> defined in Section 2 of [RFC7515].”  Then introduce the rest of the
> definitions with the phrase “These terms are defined by this
> specification:” as is done in RFC 7519.  The current presentation is fairly
> jarring.
>
> *-> Current text already points to Section 2 of RFC7515. The editors
> consider the current definition sufficient and clear enough.*
>
>
>
> Yes, the definition is clear, but it’s in the wrong place.  Definitions
> belong in the Terms and Definitions section.  The current location leaves
> it strangely hang in a different section by itself, separate from the other
> definitions in the spec.
>

The editors consider the current location, a section called "Conventions
and Terminology", sufficient and appropriate for the mention of a piece of
terminology established by convention in a previously published RFC.


*5.3.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-5.3>Key
> Binding JWT
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-key-binding-jwt>*:
> Change “MUST NOT be none.” to “It MUST NOT be "none".”.
>
> *-> Changed to “It MUST NOT be `none`.”. it is exactly the same wording as
> in DPoP RFC.*
>
>
>
> The current wording is a sentence fragment – not a complete sentence.  The
> fact that that error slipped through in DPoP isn’t a reason not to correct
> it here.
>

There is indeed a misunderstanding on this one. The comparable wording in
DPoP/RFC9449 is actually a complete sentence and this draft will be fixed
so that it will also have a complete sentence.


 *5.3.2.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-5.3.2>Validating
> the Key Binding JWT
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-validating-the-key-binding->*:
> In “if the SD-JWT contains a cnf value with a jwk member, the Verifier
> could parse the provided JWK and use it to verify the Key Binding JWT.”,
> change “could” to “MUST”.  Make this normative to increase interoperability!
>
> *-> the sentence you point at is an example, so we cannot add a normative
> statement here. We changed "should" to "would" to reflect the intent behind
> the suggestion.*
>
>
>
> OK.  Please address this then by adding this normative sentence at an
> appropriate place in the specification.  “When the SD-JWT contains a cnf
> value with a jwk member, this key MUST be used to very the Key Binding JWT.”
>

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/435 made
the cnf claim the way to enable key binding with that increased
interoperability as a primary aim.


>  *6.1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*:
> There are many places from here on where the label “SHA-256 Hash” is used,
> for instance “SHA-256 Hash: jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4”.
> Change all of these to “Base64url-Encoded SHA-256 Hash” for correctness.
>
> *-> Editors consider it to be sufficiently clear from the specification
> text that it is a base64url-endoded hash. This would also require changes
> to the tooling and might unintentionally make the examples harder to read.*
>
>
>
> The fact remains that the current wording is factually incorrect and
> therefore needs to be corrected.  If this can be done by updating the
> tooling, that’s actually good, since it means that it will be consistently
> corrected everywhere the error occurs.
>

The statement that the current wording is factually incorrect is itself
factually incorrect. The current wording might not be as descriptive as
you'd like but it is correct. In what way does the encoding make it not a
SHA-256 Hash? Asking rhetorically.


> *8.1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-8.1>Verification
> of the SD-JWT
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-verification-of-the-sd-jwt>*:
> Delete “nbf” from “claims such as nbf, iat, and exp” and everywhere else
> in the spec, other than in *10.7.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-10.7>Selectively-Disclosable
> Validity Claims
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-selectively-disclosable-val>*,
> where both “iat” and “nbf” should be listed, as described in my comment
> there.  “iat” (Issued At) is a standard validity claim in JWT tokens (for
> instance, ID Tokens), whereas “nbf” (Not Before) is rarely used, since it
> is only useful when future-dating tokens, which is rare.
>
> *-> "nbf" is used merely as an example here. the fact that it might be
> used rarely does not mean it cannot be used as an example, since it is a
> registered claim in JWT RFC.*
>
>
>
> Sure, it’s an example, but the examples should nonetheless reflect best
> practices.  Please delete “nbf” here.
>

I'd be curious to see some documentation or citation, beyond your personal
opinion, that supports the assertion that any of that is "best practice".

There are two occurrences of "[like or such as] nbf, iat, and exp" in the
draft.

In
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-11.4-8
they are mentioned in the context of "claims carrying time information",
which is what they all are.

In
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-8.1-4.6
they are mentioned in the context of claims to check regarding the validity
of the SD-JWT. The "nbf" claim, as you likely know from (I think?) having
written the text in RFC7519
<https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5>, has
normative requirements around when the "JWT MUST NOT be accepted for
processing." As such, it is entirely appropriate in the context of
mentioning some validity-controlling claims. The only normative requirement
on the "iat" claim
<https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6>, however, is
about the syntax of its value. Rejecting a token based on the "iat" value
can be required by a specific profile of JWT, such as was done in DPoP, but
is otherwise something that is at the discretion of an
implementation/deployment and something that has apparently been the cause
of some interoperability problems
<https://mailarchive.ietf.org/arch/msg/oauth/Qkz2HqOzdVM0oyDPSeOdo-iLN8E/>.
Arguably "iat" shouldn't be in that list.


 *10.7.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-10.7>Selectively-Disclosable
> Validity Claims
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-selectively-disclosable-val>*:
> Add “iat (Issued At) to the validity claims list before “nbf”, and change
> “nbf (Not Before)” to “nbf (Not Before) (if present)”.  “iat” (Issued At)
> is a standard validity claim in JWT tokens (for instance, ID Tokens),
> whereas “nbf” (Not Before) is rarely used, since it is only useful when
> future-dating tokens, which is rare.  Change all uses of “nbf” to “iat”
> elsewhere in the spec.
>
> *-> same as above. "nbf" is used merely as an example here. the fact that
> it might be used rarely does not mean it cannot be used as an example,
> since it is a registered claim in JWT RFC.*
>
>
>
> As above, the examples should reflect best practices.  Please at least add
> “iat” to this list, even if you choose to retain “nbf”.
>

As above, but in the context of the content in that section, "iat" does not
belong in this list.



> Everywhere:  Consider changing the name “…” to something more indicative
> of its function, such as “_sd_element” or “_sd_item”.  Or alternatively, at
> least provide rationale for why that non-obvious name was chosen.
>
> *-> we have extensively bikeshedded this claim name, and this one was
> chosen because it is concise and natural since '...' is what is used when
> something is omitted in a list. there seems to have been some
> misunderstanding how disclosure in the arrays work, so hopefully with the
> clarifications above, this claim also feels more appropriate than before.*
>
>
>
> I wouldn’t say that there’s a misunderstanding in how disclosure in arrays
> work.  Rather, I’d say that the current exposition of array disclosure can
> leave readers wondering what is meant, and could be improved by the
> suggested clarifications above.
>
>
>
> Thank you for explaining that “…” is intended to be understood as the
> ellipsis character, and the intuition behind it.  Its usage in that way is
> slightly odd, since the ellipsis character is used in place of omitted
> content, whereas in this case it’s used with the opposite meaning to
> introduce content that is NOT omitted (content that is disclosed).
>

I don't see how it is at all odd; the “…” and disclosure digest are used in
place of content omitted from the main payload. The ellipsis is often used
in place of content omitted from the context at hand.



>
> Be that as it may, I understand very well the reasons for keeping the
> claim name as it is.  Nonetheless, I think it would be helpful to readers
> to add a comment when the claim name is introduced about why this otherwise
> non-obvious claim name was chosen.  The sentence you add could be something
> like “The claim name “…” was chosen because the ellipsis character,
> typically entered as three period characters, is used in contexts where
> content is omitted (not disclosed).”  Or choose your own wording.  Give
> readers the intuition behind the choice.
>

Will add something along those lines to the draft.



>
> Finally, this comment was incompletely addressed:
>
> Section *11.1. *
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-11.1>*Storage
> of Signed User Data*
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-storage-of-signed-user-data>:
> Please change “OpenID Connect” to “OpenID Connect [OpenID.Core]” (adding
> the missing citation).
>

Will add that missing citation.



>
>
>                                                                 Best
> wishes,
>
>                                                                 -- Mike
>
>
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._