[Rats] Re: Security considerations of remote attestation (RFC9334)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 30 January 2025 13:54 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E5CAC14F5E5 for <rats@ietfa.amsl.com>; Thu, 30 Jan 2025 05:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keu99ZWFyiH8 for <rats@ietfa.amsl.com>; Thu, 30 Jan 2025 05:54:46 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 897B9C151525 for <rats@ietf.org>; Thu, 30 Jan 2025 05:54:46 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5d3cf094768so1453083a12.0 for <rats@ietf.org>; Thu, 30 Jan 2025 05:54:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738245285; x=1738850085; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GuY25vcawy9qG5m7UZOegVvHa1eJpWiux3cVutFgKIU=; b=RjCq/O7OmB2lZYj+PLQE3w5eaPYuuVVaDuqdtRMrapaMpcBU/Jo5UfVTb9Ba+EUisT CrHgoFSSIGc44gzqBD9prqhhckJViz9m2Xm2ab8hH/C/PHAD+ny1jqMVT3Yqvmc+NC8b XxVHnJq+qxXaCGspWo9EB2Cwgf+iWcrDde63o5Z4n4vRVjlzERqrW5MbCjQklSVj9T9Z l89t21vqjVyy4NejEuJCZYm9BQeZf+wW5BlaONPk5yOed/g+YwSFFvEEGGJ6dDjZmuTF +SHKWhGnTg1wRV3xHsPAv7a+0oMZFRqH27AI8CUz/S+Hk7BPiEpDXet41xMCSQKtd4Qt 9BOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738245285; x=1738850085; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GuY25vcawy9qG5m7UZOegVvHa1eJpWiux3cVutFgKIU=; b=xG3UyNIjcR00b0MBYhYc0BJMMtyMDFePaEvzLou5PTW/B7c19A9XQrFSsGIrYFugD3 khAYIeZoTtOgcXQ/2l+Y+eIm4qRf8Lak2IkBNXkkAqFjQfHAQVOTHhslQ8m9elQgDspr pdPoEf7qsviLt+juQtoE/iuRCfY1T6QZWV6aXK/f2wnK5e3GZgbC7DsSYBeZ0kUJL8Uf hEEfVB6AhnvBZFDA2P7LN/2RGn62xWGfo+9WX9Eg4gN/BhKn12MnHpX1GDUDhEGGQfYA X5nrmZ1GwjRriNBZTAW6A5wnJhFQrpIY/2FykimRqu/ZBB1M6ssflXyd5fixLhtzI3/y wEPA==
X-Forwarded-Encrypted: i=1; AJvYcCUN3peOUvTWWo21BJW3YRUGtuYy3suIEhmMCattv93UB9ue+uI0y/CwggwyEGPxsksBMBLn@ietf.org
X-Gm-Message-State: AOJu0YztyH54O8Bk0oVTGvkRHJl9b/uayt+zEPhh3HX8xXtvV5bzAZCQ GUpkbEHQP1OYjgbhjJ0sctZe53KoRI97RFVhDqVBFbCxB2bSYZrntde+3X5A4x5+FsX2zdmfADW OfY6e4+1L18OrsVfN11MprhH4XKo=
X-Gm-Gg: ASbGncslydL8IGC7QQhFSsSrRlnKikBZ2tnc5mZQqLtoZNWZYzwx3ibMC2fHM1Rs+4Z ZR0xbopfg8q4O1+/trtxtlrgvgZzV3SLUjlLyh9+chytFb/LU8wr66Eg0g2zKe6unmktycwuwyg ==
X-Google-Smtp-Source: AGHT+IET9M9YIMQV0d6U6aNozbvp0XZZEP0wGAl6rFAcTJyDT+wtnX5tHDvvPqjHn6KE/bVyQRZU7WVeOoNQBOfH5wA=
X-Received: by 2002:a05:6402:909:b0:5d9:f9b8:e7fb with SMTP id 4fb4d7f45d1cf-5dc5efe74cdmr6546536a12.22.1738245284637; Thu, 30 Jan 2025 05:54:44 -0800 (PST)
MIME-Version: 1.0
References: <4ffdd034-05ec-4565-9cad-b40ff82f83fc@tu-dresden.de> <57ff8532-ffa7-4dfc-8f51-2bb8764e4a25@gmail.com> <0bf9fa63-3d3e-47fc-b757-d7f8c0d3fa9c@tu-dresden.de> <8f765ee8-08e4-4fd6-9362-aee70e0b09fc@gmail.com> <CO1PR11MB5169C33046305CE096FEA36DE51C2@CO1PR11MB5169.namprd11.prod.outlook.com> <003f6611-efd4-4b41-8bd8-a1e8d89dab8a@tu-dresden.de> <2753ea96e5c842e2832b68e762638760@huawei.com> <2ce75ea8-791b-4d42-be64-326309b70fbe@tu-dresden.de> <CO1PR11MB5169293FDD81C96F542A4D91E5E32@CO1PR11MB5169.namprd11.prod.outlook.com> <4fe69a8b-ff45-45c3-88f1-59bf22c4d185@tu-dresden.de> <CAHbuEH6+A9z2P2mK1mUJUMCkC5VbawU5B09k6s1pm0YwXJygEQ@mail.gmail.com> <775705ed-44d3-8c67-198d-1b6363892793@ietf.contact> <210cc843-b50c-4115-ac6e-c12e9f45461f@tu-dresden.de> <e4a7dc89-57d8-1817-5673-c44721a9d959@ietf.contact> <554d067d-7660-4c10-b98b-79921dec1326@tu-dresden.de> <c91a4168-680e-1932-60b8-3828be35ca34@ietf.contact> <CO1PR11MB5169B2854A7EA62D198C8FFCE5EE2@CO1PR11MB5169.namprd11.prod.outlook.com> <1df33769-8d62-4d88-b2db-ac42903569aa@tu-dresden.de>
In-Reply-To: <1df33769-8d62-4d88-b2db-ac42903569aa@tu-dresden.de>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 30 Jan 2025 08:54:06 -0500
X-Gm-Features: AWEUYZmW0ZcyDaQnu86fyUFi1_9mLzpvezlbGvaz1A6qLM2HQleSRIGxladSJAg
Message-ID: <CAHbuEH7-tqmRWhVwYT-S6KGOO6M_5d_M4MQVr47-8S+ZfyFV4w@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="000000000000b9322d062cecc4f3"
Message-ID-Hash: V6SUMYT2P5AX5WMQOUEYBPVFOGT64JQA
X-Message-ID-Hash: V6SUMYT2P5AX5WMQOUEYBPVFOGT64JQA
X-MailFrom: kathleen.moriarty.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Smith, Ned" <ned.smith@intel.com>, "Panwei (William)" <william.panwei@huawei.com>, John Kemp <stable.pseudonym@gmail.com>, "rats@ietf.org" <rats@ietf.org>, Dave Thaler <dthaler1968@googlemail.com>, Henk Birkholz <henk.birkholz@ietf.contact>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: Security considerations of remote attestation (RFC9334)
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/7THG83R5FjLLEPLcWL5Eb14WgP4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Usama. Thank you for outlining your goals for the workshop. I'll insert some questions and comments that I believe should be helpful. On Thu, Jan 30, 2025 at 6:43 AM Muhammad Usama Sardar < muhammad_usama.sardar@tu-dresden.de> wrote: > Thank you Ned for sharing your perspective. My point is simply that we > should not make such hand-wavey statements that we know are wrong. As > Kathleen rightly pointed out, such statements are often more problematic > than helpful. Regarding the statements falling apart, I thought I have > already demonstrated that via three keys to which at least Laurence agreed > [1] and there was no disagreement yet on the list. Do you disagree? If so, > please explain why? > > A useful result of the discussion so far has been: > > - We need to disambiguate Attestation and Authentication. One does not > necessarily imply the other and we can have one without the other (even if > people believe they have designed a protocol to achieve both). One needs to > specify which of the three keys [2] are used by a specific attested TLS > solution. > - Authentication has something to do with *long-term identity.* > > Ah, this is not true. Identity may or may not be tied to authentication. If you read through NIST SP 800-63, there is a clear delineation for levels of authentication. The basic level is only that the same credentials are used and that can be verified. There are numerous use cases, such as social media accounts, where there is no identity proofing required. This could be narrowed to an authentication level or the levels where identity proofing is tied to the issuance of credentials. > > - Attestation has something to do with *measurements*. The use of > Attestation without qualifying it with what *exactly* is measured > does not make any sense to me, e.g., I mentioned about MITM when Kernel, OS > and App are not measured. > > I'd say it's more the capture and assurance that evidence was captured and signed through a process where you know that evidence was happening on that system. You are working to guarantee that there was no MITM when taking those measurements to have an assurance, hence the use of immutable hardware and the TEE. > > > Apart from above, there are open questions (in no particular order and in > the context of Confidential Computing threat model [3]) that we plan to > discuss in Brussels tomorrow and we will bring back the results to the WG: > > - What is the "long-term identity" of VM-based TEE? Who provisions > (and signs) this "long-term identity"? If it is still the CSP, it trivially > breaks the claimed Confidential Computing threat model. If it is some other > entity, how is that entity trusted? > - Somewhat related: Who is the "owner" of VM-based TEE? How that > "ownership" is determined? > > Isn't this key derived from the immutable one on the hardware RoT (e.g. TPM)? Because of this, you can regenerate keys as needed without taxing the TPM above its capacity. > > - > - What does "freshness" mean for long-lived workloads? > - In what ways is the distinction between "freshness" and "recentness" > helpful for protocol analysis? > - How to provide both Attestation and Authentication in TLS? > > Let's keep these separate, please. In the case of a CDN, we may be authenticating the business and use of the customer's domain through X.509 certificates and trusted key pairs. The identity proofing process varies for different levels of certificates and minimally looks at things like the tax identification number and sometimes has strict re-authentication of the roles who handle the updates for certificates and associated key pairs. For attestation, we are relying on hardware certificates and keys that were burned in at a factory to a root of the hardware vendor. These are distinct trust chains that are in no way related. If we provide both, they each need to be associated with a validation of their individual trust chains to assure at the level the system and process was developed. > - What security does Attester-generated nonce in one-way (vs. mutual) > Attestation for single-layered Attester provide? (referring back to the EAT > discussion) > > Maybe Laurence could chime in here? I assume you are referring to each entity attesting their environment to each other, is that correct? > - I believe keys for Authentication and Attestation should be > separate, and using same keys for both does not add anything to security > [4]. I would like to see a practical counter-example. > > I think this would tie into the lowest level of authentication where you don't have identity proofing as required. See the above statements on the chain of trust. > > - > - Should we include key protection level in the formal analysis of > attested TLS? > > YES! This will help with the level of trustworthiness and will vary based on the properties of the key protection for attestation (hardware and immutable, virtual with protection and refresh processes, etc.). > > - Is there something important missing in the security goals? [5] > > For all, please feel free to provide insights -- if you have any -- to any > of those. > Thank you for this very nice and helpful outline. I'd love to see focus on this to help you with the workshop and research goals. Best regards, Kathleen > > Thanks, > > Usama > > [1] > https://mailarchive.ietf.org/arch/msg/rats/tyX4nkJqk4fYWBUfmRqfELI3nFw/ > > [2] > https://mailarchive.ietf.org/arch/msg/rats/6K2kZVCh6TPZHSz_VGxwseh6Dec/ > > [3] > https://www.ietf.org/archive/id/draft-fossati-tls-attestation-08.html#section-9.1 > > [4] > https://muhammad-usama-sardar.github.io/rats-unprotected-evidence/draft-usama-rats-unprotected-evidence.html > > [5] > https://mailarchive.ietf.org/arch/msg/rats/qm5CYRM4bNZ_HbrHLAebKZxWGII/ > > > On 29.01.25 22:14, Smith, Ned wrote: > > > I am pretty sure that nobody intended to start an axiomatic proof > > I think this is true. > > > > I think Usama is trying to map the various hand-wavey statements (that > weren’t trying to be expressed in a way that makes sense for formal > methods) into something that is meaningful to formal methods. But maybe > Usama / others who are familiar with formal methods could show their work > so to speak and explain where the various statements fall apart, but more > importantly, what would a statement look like that is useful? > > > > -Ned > > > > -- Best regards, Kathleen
- [Rats] Security considerations of remote attestat… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Alexander Stein
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… junzhang
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Thomas Fossati
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Carsten Bormann
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Laffey, Tom (HPE Aruba Networks)
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Jens Finkhäuser
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Panwei (William)
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Giridhar Mandyam
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… lgl island-resort.com
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… Dave Thaler
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Kathleen Moriarty
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… Henk Birkholz
- [Rats] Re: Security considerations of remote atte… John Kemp
- [Rats] Re: Security considerations of remote atte… Michael Richardson
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar
- [Rats] Re: Security considerations of remote atte… Smith, Ned
- [Rats] Re: Security considerations of remote atte… Muhammad Usama Sardar