Re: [Privacy-pass] Francesca Palombini's Discuss on draft-ietf-privacypass-auth-scheme-12: (with DISCUSS)
Francesca Palombini <francesca.palombini@ericsson.com> Tue, 19 September 2023 06:18 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 461C7C14CE45; Mon, 18 Sep 2023 23:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbntBn3VDrhq; Mon, 18 Sep 2023 23:18:52 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2083.outbound.protection.outlook.com [40.107.21.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 790D2C14CF09; Mon, 18 Sep 2023 23:18:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cRT2ieAsZPD1/39rpVNTe+XLhrfw2uAvKhPOlk4JcD7erAlXAlSl+MbPpEAK6Kh5h/CwCxeZtkDjCdo7TjYdg4u9AYY5RxHRn2tzS8ocGSpBh19r96ITdssynMemle5Wn+iDH+SnZ5e34u8OAKmeyNHXS+ZNoB0bsvRRyGFctDia6+c/7udDFLvv9A+V9/zHODvQW95VVTtxvpGeOokKlsIPcZSZ4kAHk2map7sFyWJW2yEfKuAiFwaGRYpj/uglc+gVt1w6H3p5QrUuORwxFqIcwRAWUsR53y3GgrGetSIWF2p/BCqqA4AsCi6zT5M/y1Bg7QA/UUs47ih+DgAqBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0k4re+ph/CJ5X6IZ+Tc7wKvgEY8v5Eyl5hykIZtvVg4=; b=FJEMbzGTxdrLcXOPNpELoVZ4ZU1Vc6wmVBon2TPaPyy1nJNK1NCz4a8gZXYJJSSpNZUoj84K1B+ShC96ymCqMiL8Y4RiiOKmWRoynXqgcJ4sVHYlzu4m2aimp6C31YFdGs0YbwMT3zdd8PS6lrnUSBCSWQx+Ma1wRn1aw2WBBbHz8yj8pRwspg4vk5H2MezY6SHWWfNr800ZT4++b/O1sspnS2VMHILuNTOMOAm0nVK+A2c2moiCHaaQhDN4jTRy4FrCWupLI2aFKantk8OQMXnIOOetOSWDyUMWiYIgBfsBccpKSbGvs3w3bkHkUEtoSs18u32m2RHF5FCSAseoLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0k4re+ph/CJ5X6IZ+Tc7wKvgEY8v5Eyl5hykIZtvVg4=; b=koEfTVi9wrTuEjEBzt2eXojLp9rPGHzXaO8r8+gbp20drX1o7LF3WKQHyBuIbuIMumWHoVcdoW3wne7E7EccZm1ckLb9JCDGtsDiH8Lw/PjYRj4BwRPzykJIN7L4jlY3HOrj8goRr3hEPak9jSn0HjKQ3dQGJRU7jR86HrasJbs=
Received: from AS1PR07MB8616.eurprd07.prod.outlook.com (2603:10a6:20b:474::16) by AS1PR07MB8877.eurprd07.prod.outlook.com (2603:10a6:20b:47c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.26; Tue, 19 Sep 2023 06:18:46 +0000
Received: from AS1PR07MB8616.eurprd07.prod.outlook.com ([fe80::28c7:96a:e4fa:428d]) by AS1PR07MB8616.eurprd07.prod.outlook.com ([fe80::28c7:96a:e4fa:428d%5]) with mapi id 15.20.6792.026; Tue, 19 Sep 2023 06:18:46 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Tommy Pauly <tpauly@apple.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
CC: The IESG <iesg@ietf.org>, "draft-ietf-privacypass-auth-scheme@ietf.org" <draft-ietf-privacypass-auth-scheme@ietf.org>, "privacypass-chairs@ietf.org" <privacypass-chairs@ietf.org>, "privacy-pass@ietf.org" <privacy-pass@ietf.org>, "ietf@bemasc.net" <ietf@bemasc.net>, "mt@lowentropy.net" <mt@lowentropy.net>
Thread-Topic: [Privacy-pass] Francesca Palombini's Discuss on draft-ietf-privacypass-auth-scheme-12: (with DISCUSS)
Thread-Index: AQHZ2yxFM8vxdtY8Kk2ItUrfkw1ajrAODdMAgAmwlACACgyJhQ==
Date: Tue, 19 Sep 2023 06:18:21 +0000
Message-ID: <AS1PR07MB8616952FF8AE0F81BD93E1DB98FAA@AS1PR07MB8616.eurprd07.prod.outlook.com>
References: <169339102955.43666.8940565436478379561@ietfa.amsl.com> <08925049-A30B-482D-A915-88686668949D@apple.com> <7975BE5E-15BE-4B30-8BD7-121AD3B31979@apple.com>
In-Reply-To: <7975BE5E-15BE-4B30-8BD7-121AD3B31979@apple.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8616:EE_|AS1PR07MB8877:EE_
x-ms-office365-filtering-correlation-id: 46207e58-806d-450e-cca8-08dbb8d847f2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Yyfcx3xRUzDGQKZopQJWhInBRukPl+s90GMqwzRB2ST9l9ESr+FTvDZ8sbby1hcvyVJzrZxk8wM3QUuZhZ6cTeY+f3tzrxr4dT18C1gRhc/HxNYJHCs8pJ8eyGb7IVR3mBgiBa/OMjSW43LVxRmhV8Ym1XgrXMC+E/95HOmPDVI7c6ck6NwV4RYIJyxCCqYvjwNFCg3DgnvepPd3mD15yjQ66aSFjQ6PJoCsYacndcliXd74q5te/3kRHg8ouE9RdtaYDe/tIXg0gN1Sw+vJqzp4Cy+cDR3KCeQqfcPrSKmWaHF5AzrQrppLrOhDjE2cpKXdb54gqYNuyeI5Pbb13LQj2/A8zH9aKa5UvOWHXG51n8VF06kqgHBCgI6GutOtkGL5poXYYgBR48FjIsuu8nyYFX1S6N50HOwnJmJsBGhnvuhabPin9S3RBpidGrHlkFuh2qSOYqVqJRwDnW8kkz/uHDyIrfXQCZxJ7skdSj1ph9BFoaHfLErN1i13r6S/9P822EQRBrsaZu9P5i52Gs+mBC4lDVhLGtJwSHx6SuJOF2Ia24ZfGYFJNrJCOgHWKXhDmvpueG43YGEG3vv1OLfQGjwPEfgxzcNoTcbRJFR9TzZ7Lv52iU2wpMvl3SoszB3g9MfUri1vpX2L0JuJEc9TI/wVgUN97zUREKG3Mheie5FYYCw3QZ++NRp9EatS
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS1PR07MB8616.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(136003)(39860400002)(346002)(366004)(396003)(451199024)(186009)(1800799009)(966005)(6666004)(55016003)(166002)(21615005)(44832011)(6506007)(7696005)(53546011)(86362001)(54906003)(316002)(9686003)(64756008)(66446008)(66946007)(41300700001)(66556008)(38070700005)(38100700002)(66476007)(76116006)(110136005)(71200400001)(478600001)(5660300002)(82960400001)(8936002)(8676002)(52536014)(33656002)(2906002)(66899024)(4326008)(122000001)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: V7YLX9D6WoK9gnAtr14r02O/Hk1Ti9+vj3kaQBIsm34/ZopSBKbjAYfvoFkVblDpoMGnQQiWpD0FZ/1pcqLYXwF3JMIGSQ98/UFFbPyWBGOSoS04LXFDJ53V/bgNj/CER918WfMHpm60uZUYxp8SU8mnhjdGPuPNxnOWTiuPqDC7p03q8cc5jh0zTpSpVYXFkauCwlzWIAimWgZMsfZXtroz0qX1m0QyMV9h/8+/hmzgWObdliAxCKGt+zcobhI9Npa/V4XgwohLATuUNXD0Ex+nv7ghy4FvJcvSspDtMyOlAJq8zxMC6qrbUVebtOlc/MsD4+CiIfBRKhUbqO1RjpzsEbykMSl+pTc8eyvbPuwlvc9cgHYjBMkT7wRix0ynY1EQr0a5Sxriv0tjCd9Bs/RDhcdbszYcfdSAIcHsO0XQiiFKyf6vjWGFQQRy9Mu4nrEDQDw30Nc7JSs9HMjFG3ecK0NIeL0i8CB/8bSwVUCyTJZIT0PXhKvQkhJmO+2PHO3KtTWrW3GyhCy6MFD27tlLOjB1gqguSyQXbTfzA3r3/YK0CoL1gL+109pyTGNC0gFEiCQ/yJWw+yt9SpYfDoE7CM2Msc4h3CMRcfYvM5eP9Mbwf+nekxeUTw5CRjDrHtl1TKb3X1izLdk4ls+oVae0iGbhr4U8d5k35M/ovQvJbaJynR5C7MJ6HoOSR8JfzvnHYn288kN+gTq+BO91EgB5wqNtDsUtt5r9/3PD0WzjwjlNCt/GpKrnYQGx5dcWmS8q8K/eWOqXjG6JBJc/LGUceeTOR1qJJlLf1cgnCH8N8ngeYIN2ZpQMw1UXrM/nFboyyOfYYiuaQSOuPaqEzHZ/mtlSkPp9npDIg/tXjgCtWFR2AkyBM07YRlpyMqOWUfp8K2Z1EGRbw+HQ56UvRDoZ5uANNuSlyMKkILUF61Ts5FLktFEQb8NHaB6qxuud3sqSYWln7zvHWP7NlKBVB+89Y0B0TlP04yI2rqa3tPwRcWG4MbEndblVsBrNaqhAfO/265MKnn9xxUxKaf7tnQkZqJvyhX0d6sAtJoukkzBfSpgg0ScaNythZuj5EVLvlqxrqXwQf1Pn3ZVfKeXjTOosZMTp3KFIgsixcUINQO0x8oXBaOIS1lamOLEukrtuHYyS/EWZi1CiYZEOWA3bFFvhTuj0joy5WRBgo11I3JKrvjTSGQl7k78XRefeFKZgbNd1kgS206S0iaypFzrQZ7dPbUvcvsTIBuStf7lQtBZ/lr8Djm6jQk1VltOYwNDI6TGOwCxSj3f8/mHvGVdjrAw67Cl4JUMuOLGVp/FPcPX7lVK+axJCSN9vM4pPgJKa0t3jUGsT4rV2fx6H3n9wDN9zDiAwOzFHBRDXup9a5UG2kW2kcvv+J4vz31ebd3WZA1zRsfamwEEyMHMrjZ2OzVEZSEtRWcguHcfk+Wg6rREOyUolIzAlBx84NNWXDni/0O83W+/K1QmVqCXzRMZ2BGa4mvmBlRzfvRdaGLRnC6G+AwZvbY7NF/LwHTYo/W5YaObULFViHNrwO+kYHYbxVL6w3xceR/FUyeq4monfUzGYcrjPhQbqPckFLJfm91WonWuFunTpCRrATXWySLO7xKJkaCVe/xHE4PmldTnTFFuEymRUtm1kpnqEtknV3ypHHwo5Wy5G9pCBUAWWMGLH0tfdzpO72dCg2ZTZhu9Bqi8=
Content-Type: multipart/alternative; boundary="_000_AS1PR07MB8616952FF8AE0F81BD93E1DB98FAAAS1PR07MB8616eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8616.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 46207e58-806d-450e-cca8-08dbb8d847f2
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2023 06:18:46.2301 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DfKLoDVnrIKvFtEVAXAQpRHtQVY7VRJbBZoj4bu5MoU/fDJffF7geHwSypQC6veso5GVEjnijkZPrxOXIy4GniTBaZXvR8jGXwQI7oXlUudQEKAPgOGGmt3CbZuME2vl
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR07MB8877
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/OppkGYBuRpFTYq9S_GEPSPA2VOI>
Subject: Re: [Privacy-pass] Francesca Palombini's Discuss on draft-ietf-privacypass-auth-scheme-12: (with DISCUSS)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2023 06:18:56 -0000
I just updated my ballot. Thank you again Martin, and thank you authors for the work! Francesca From: Tommy Pauly <tpauly@apple.com> Date: Tuesday, 12 September 2023 at 22:48 To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> Cc: Francesca Palombini <francesca.palombini@ericsson.com>, The IESG <iesg@ietf.org>, draft-ietf-privacypass-auth-scheme@ietf.org <draft-ietf-privacypass-auth-scheme@ietf.org>, privacypass-chairs@ietf.org <privacypass-chairs@ietf.org>, privacy-pass@ietf.org <privacy-pass@ietf.org>, ietf@bemasc.net <ietf@bemasc.net>, mt@lowentropy.net <mt@lowentropy.net> Subject: Re: [Privacy-pass] Francesca Palombini's Discuss on draft-ietf-privacypass-auth-scheme-12: (with DISCUSS) To follow up here, we’ve published a revision of the auth-scheme document to address the comments here: https://www.ietf.org/archive/id/draft-ietf-privacypass-auth-scheme-13.html Thanks! Tommy On Sep 6, 2023, at 9:49 AM, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote: Hi Francesca, We’ve been going through the various issues from Martin (and we’ve merged many of the smaller / editorial changes). I did want to highlight a PR I just opened to address the main issues that your DISCUSS is based on: https://github.com/ietf-wg-privacypass/base-drafts/pull/474<https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-664591941691977b&q=1&e=fdac17ef-b264-4394-bb4f-18a69003d362&u=https%3A%2F%2Fgithub.com%2Fietf-wg-privacypass%2Fbase-drafts%2Fpull%2F474> Specifically, this removes the web-specific considerations, and replaces the “user interaction” section with sections on “client behavior” and “origin behavior”. The pieces of the old text that still apply generally have been recontextualized and reorganized. Thanks! Tommy On Aug 30, 2023, at 3:23 AM, Francesca Palombini via Datatracker <noreply@ietf.org> wrote: Francesca Palombini has entered the following ballot position for draft-ietf-privacypass-auth-scheme-12: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-privacypass-auth-scheme/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the work on this document. Many thanks to Martin Thomson for his in-depth HTTPDIR review: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0156.html. Martin brings up a number of very valid comments (https://github.com/ietf-wg-privacypass/base-drafts/issues/created_by/martinthomson<https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-0604b8bdedbd1d56&q=1&e=fdac17ef-b264-4394-bb4f-18a69003d362&u=https%3A%2F%2Fgithub.com%2Fietf-wg-privacypass%2Fbase-drafts%2Fissues%2Fcreated_by%2Fmartinthomson>) some of which I think should be easily addressed. Some of these however seem more important and I am looking forward to the authors replies. Posting Martin's review below (and CC'ing him in), for archiving purposes. -- This document describes a new authentication scheme for HTTP that enables authorization via Privacy Pass. I've been tracking this work at a high level, but I've never reviewed this document in any detail until now. After taking a closer look, I've found quite a few problems. https://github.com/ietf-wg-privacypass/base-drafts/issues<https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-91fc6b10f156d872&q=1&e=fdac17ef-b264-4394-bb4f-18a69003d362&u=https%3A%2F%2Fgithub.com%2Fietf-wg-privacypass%2Fbase-drafts%2Fissues> lists 23 new issues. https://github.com/ietf-wg-privacypass/base-drafts/pull/459<https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-4f576d70bff73778&q=1&e=fdac17ef-b264-4394-bb4f-18a69003d362&u=https%3A%2F%2Fgithub.com%2Fietf-wg-privacypass%2Fbase-drafts%2Fpull%2F459> suggests some editorial fixes on top of those. A number of those issues are significant enough to suggest that the document is not ready. I expect that most will be easily handled, but there are a couple of trickier ones. https://github.com/ietf-wg-privacypass/base-drafts/issues/448<https://protect2.fireeye.com/v1/url?k=31323334-501cfaf3-313273af-454445554331-0625ca2cccc56b70&q=1&e=fdac17ef-b264-4394-bb4f-18a69003d362&u=https%3A%2F%2Fgithub.com%2Fietf-wg-privacypass%2Fbase-drafts%2Fissues%2F448> is serious enough to draw special attention to. In short, Section 3 of the document is very problematic as it makes a lot of assumptions about a particular deployment environment. Some of those assumptions are -- I think -- bad. It looks like the intent of this section is to describe how this mechanism might be deployed safely to the Web. This raises a number of concerns: 1. This is an IETF document. The W3C is probably in a better position to come to conclusions about what is (or isn't) appropriate for deployment to the Web. 2. The bounds on user agent behaviour are not specified in sufficient detail. There is definitely a case to be made for this to be deployed to the web as envisaged, with different implementations making their own choices. But if the intent is to describe the nature of the risks involved in deployment to the Web, then there is not enough detail to guide the successful implementation and deployment of this feature. 3. There are a number of implicit assumptions throughout that are not adequately explained. For instance, there is discussion of use of this mechanism across origins or sites, despite that violating established Web norms. There is discussion of that cross-site transfer occurring without user involvement, which is a oft-used safeguard against such privacy leaks. But the necessary preconditions for that transfer are not articulated. There are potentially scenarios where this sort of transfer could be safe, but there are great many where it is absolutely not. The document seems to be assuming that the token carries a very particular signal along with it, namely that the client acts on behalf of an entity that the attester (and transitively, the issuer) believe not to be abusive. I've suggested in the issue that this section needs considerable revision. There are general requirements on the use of the protocol that are currently buried in amoungst Web-specific requirements. Those will need to be teased out. It's possible that the accompanying architecture document could cover this material, but I'm not seeing it there. Then there are the Web-specific requirements that really belong in a Web-specific document, which is probably something that the W3C is in a better position to produce than the IETF. Here, the precise set of safeguards will probably be some mixture of client-specific policy and widely-agreed policy, so getting that mix right will need careful consideration. Despite all this, I'm generally supportive of this protocol. It is a design that should work well in a great many contexts, but getting this right for the Web requires more than this document provides. -- Privacy-pass mailing list Privacy-pass@ietf.org https://www.ietf.org/mailman/listinfo/privacy-pass -- Privacy-pass mailing list Privacy-pass@ietf.org https://www.ietf.org/mailman/listinfo/privacy-pass
- [Privacy-pass] Francesca Palombini's Discuss on d… Francesca Palombini via Datatracker
- Re: [Privacy-pass] Francesca Palombini's Discuss … Tommy Pauly
- Re: [Privacy-pass] Francesca Palombini's Discuss … Tommy Pauly
- Re: [Privacy-pass] Francesca Palombini's Discuss … Francesca Palombini