Re: [SCITT] Intel is taking the lead on a Trust Service Registry
Dick Brooks <dick@reliableenergyanalytics.com> Sat, 15 July 2023 16:47 UTC
Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D3D9C15106C for <scitt@ietfa.amsl.com>; Sat, 15 Jul 2023 09:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=reliableenergyanalytics.com header.b="GIhiV2Cw"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="mSaOEPmn"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQV5-pwvKVzB for <scitt@ietfa.amsl.com>; Sat, 15 Jul 2023 09:47:52 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8AA6C14CE39 for <scitt@ietf.org>; Sat, 15 Jul 2023 09:47:52 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 9D05932007E8; Sat, 15 Jul 2023 12:47:51 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sat, 15 Jul 2023 12:47:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= reliableenergyanalytics.com; h=cc:cc:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:reply-to:sender:subject :subject:to:to; s=fm3; t=1689439671; x=1689526071; bh=AaobwZOFWR z++19IMX9LpRkhI2WhJUjgh6jjcpXo3M8=; b=GIhiV2CwQ8KSLcx62f/SSPK3YP ahi5e1RoDPrwi6RdaoAVnyyhNHULu/rKGGq0cJzJfgFMKVR3ziLS8fjiV8zMyQga ntVEU8GmX1C7Fg4m3FsTuOX+GaO5t+BbpQ/SXvVKvb9EBswXCrxC+z7CrmXhfO/g vCs+97PbOkB5ynpOxtrpoAhwvoVvVJ12O2iqpaflXN7+lsIly1Em0gO4AtrmSRra HGucTUanNe1ypsrKnOZpx7yHCc6JUpcFv52i5hm2kbyFUgMeCwwtFAv+9PE35pnm veCWLUnl1DA4x/W2jxTqWa61BxK11tp5Ly/M41Z+01HUIThLM+6lY4gO742A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; t=1689439671; x=1689526071; bh=A aobwZOFWRz++19IMX9LpRkhI2WhJUjgh6jjcpXo3M8=; b=mSaOEPmnq6690PKGq 8JMAMUQ5mQVC63983SNhdgAKqv89cVJgT/rfJegoPxF6w5Twn4VHfGZp6DTyDKfL JIbS8pPMrN3qg2XkP68bicT0VtshF5cwjeM0yGheOxsdG0BY70O0wiB88/e6RXOJ JbxgrrtzxlEPk9BTAyQ94S7LjKlQBujMWavvfpjlhCn9BYYV4ziWvuUsZQ4f6QeU 1hzDzcHA3yRkg/NnqwfEhgFuBgLPJpYs8Xi43jnGFojpQFCiAqTW5BYhxXY4dA/j GgNH4c6QzaYkZbVfpMa7NvwuQ9db8sfn5GkwEDkUPArMHQVQoqI9qSicOSnrqgSv ZcnSw==
X-ME-Sender: <xms:ts2yZGt9Z7n2mpkpg9EwiOisK96aMyVi-o0XxBp_yZEAASg-EdNKNw> <xme:ts2yZLekWJyQWlW4uASQpPq2hZxDUkdqBGd0-AwML_xYAunUveFi-wknty-HbIjqI 0YAMR7jqobeFoQ8qw>
X-ME-Received: <xmr:ts2yZBzkzrcuORrrvsEfwNSJNSHYOtVyxdOIMNQZA7orOoHgAvq8LQ4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrfeekgddutdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdlqdehmdenucfjughrpehrhffvvehfjgfuffhokfggtgfothesrhdt ghepvddtjeenucfhrhhomhepfdffihgtkhcuuehrohhokhhsfdcuoeguihgtkhesrhgvlh hirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomheqnecuggftrfgrthhtvghr nhepgeefudekgfffgefguddvhfeuffehgfdtveffhffgfeetudffuddvjeeihfegteffne cuffhomhgrihhnpegvnhgvrhhghigtvghnthhrrghlrdgtohhmpdhrvghlihgrsghlvggv nhgvrhhghigrnhgrlhihthhitghsrdgtohhmpdhinhhtvghlrdgtohhmpdhgihhthhhusg drtghomhdpihgvthhfrdhorhhgpdifihhkihhpvgguihgrrdhorhhgpdihohhuthhusggv rdgtohhmpdhnihhsthdrghhovhdpvghinhhprhgvshhsfihirhgvrdgtohhmnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepughitghksehrvghl ihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhm
X-ME-Proxy: <xmx:t82yZBO0u_r6skl-nKYDYlcoq8iuBNFj-NxCshGyxJZYibxq7s_tnw> <xmx:t82yZG-CfB0KBWzVD-BEoaeRI7q5fzc7Kep3RnIP3BOmMkrTCEXAwA> <xmx:t82yZJXfbWymJDQzOjmD6c66XxvI15FMh1rOYkVpZWhez6TTIrCxfw> <xmx:t82yZMkOINZCOp6F9OHSr_YXB5MEVn8J0dEN2459NH2gZW6LrlhOJA>
Feedback-ID: i57d944d0:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 15 Jul 2023 12:47:50 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'John Andersen' <johnandersenpdx@gmail.com>
Cc: 'Hannes Tschofenig' <hannes.tschofenig@gmx.net>, scitt@ietf.org
References: <238d01d990ad$81b699b0$8523cd10$@reliableenergyanalytics.com> <CAPFAYiVeq0Y+4U=yjia6CvpsXEC6HbtunHkj07SMp2X+Mz+ZfA@mail.gmail.com> <242d01d990bd$f8423ed0$e8c6bc70$@reliableenergyanalytics.com> <CAPFAYiVMA+HSFjBbXOd8F9VdRYiMcVPqobc2AyX79zekUz5MTw@mail.gmail.com> <246501d990c3$9d1fa6e0$d75ef4a0$@reliableenergyanalytics.com> <CAPFAYiX+arF6HMBfkGRAU==NJnK-KrSYqefQKh_wjOUVw9eQ0w@mail.gmail.com> <CAPFAYiXbzyL=+3u_8TV8B7icwFJq1DT5wjqGCbNi10Wa7uNNjw@mail.gmail.com> <012001d9b585$9daae200$d900a600$@gmx.net> <01cc01d9b589$cad87270$60895750$@reliableenergyanalytics.com> <CAPFAYiUAw=gV80rP+1jFSmi6mrsfzgcNL1JLbzBjkQExNw7buQ@mail.gmail.com>
In-Reply-To: <CAPFAYiUAw=gV80rP+1jFSmi6mrsfzgcNL1JLbzBjkQExNw7buQ@mail.gmail.com>
Date: Sat, 15 Jul 2023 12:47:48 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <1b1a01d9b73c$17ff0510$47fd0f30$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_1B1B_01D9B71A.90F07250"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGtoQ4c+B6TqAZxglWuG/ovVVgzAwJd05bjAr2KISsB5lXH8QKSsrIoAT9qvQMBUTYIGgNgtVrqAqq7aFUCXEcaFq9uzWqA
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/Q4xezHDvQCZJiFwqcEPPJKoN5HE>
Subject: Re: [SCITT] Intel is taking the lead on a Trust Service Registry
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Jul 2023 16:47:58 -0000
John, I can’t speak to all use cases, but the one’s I am familiar with aren’t really interested in seeing the “in-toto” or SLSA sausage making details that take place during software development, test and build processes. People are really interested in knowing the answer to one question when a new software vulnerability is reported, “Are the software products running in my ecosystem at risk from the new vulnerability?” Armed with this information they can take mitigating action to reduce the window of susceptibility when new exploitable vulnerabilities are reported. SBOM and Vulnerability Disclosure Reports (VDR) are used to answer this question using the process described here: https://energycentral.com/c/iu/how-use-sbom-software-vulnerability-monitoring The FDA use case being discussed for the Hackathon shows how to locate both the SBOM and VDR to answer this question for a specific product. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: John Andersen <johnandersenpdx@gmail.com> Sent: Saturday, July 15, 2023 12:33 PM To: dick@reliableenergyanalytics.com Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>; scitt@ietf.org Subject: Re: [SCITT] Intel is taking the lead on a Trust Service Registry Thanks guys, We’re trying to outline a methodology for securing a rolling release across a poly repo development topology. Amber is a piece which can fit into that methodology. S2C2F recommends rebuilding OSS and mirroring. When pulling directly from upstream without org specific patches, this results in duplication of builds across the industry, lots of wasted compute. By leveraging artifact upload admission control policy engines running in attested environments we can enable trusted cross org data sharing. As build systems build software and store the content addresses of the BOMs and associated metadata in transparency services, they enable downstream users to verify when third parties are running that specific software within attestation enabled environments. Just as builds of OSS are attested, we can attest to the trust we have in that OSS via the same mechanisms, by running projects like OpenSSF scorecard within the same style of environment we use to build packages. Federation of built package and trust attestations via transparency services enables peer to peer (or org to org) communication of what we expect software to be when built (SLSA) and if we think one should use the software (Scorecard). This also forms the basis for a sort of review system. I know this is fairly abstract, but once again, from the definition of the reference entity perspective we can about the methodology for trusting components. Confidential compute and attestations from image builds within those environments are one way we can facilitate decentralization of communication of data related to trustworthiness. This is because we potentially (future looking) can tie attestations back to arbitrary hardware roots of trust. Obviously that’s not the current setup, but independent verification leveraging end user defined sets of hardware rooted public keys could potentially facilitate true decentralized communication in a trustworthy manner. That's the hope at least, please shoot holes in that until it’s solid or falls over. Thank you, John On Thu, Jul 13, 2023 at 05:59 Dick Brooks <dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> > wrote: John, Here’s the link to the Project Amber story that Hannes is referring to: https://www.intel.com/content/www/us/en/newsroom/news/trust-service-startup-inside-chip-company.html Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: Hannes Tschofenig <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net> > Sent: Thursday, July 13, 2023 8:29 AM To: 'John Andersen' <johnandersenpdx@gmail.com <mailto:johnandersenpdx@gmail.com> >; dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> Cc: scitt@ietf.org <mailto:scitt@ietf.org> Subject: AW: [SCITT] Intel is taking the lead on a Trust Service Registry Thanks for pointing us to your work, John. Project Amber, as pointed out by Dick, is an attestation verification service (the verifier in the IETF RATS terminology). Intel has ben operating such a service in the past for prior Intel attestation technologies. How is your project on “Rolling Alice” related to Project Amber? Ciao Hannes Von: SCITT <scitt-bounces@ietf.org <mailto:scitt-bounces@ietf.org> > Im Auftrag von John Andersen Gesendet: Samstag, 27. Mai 2023 20:36 An: dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> Cc: John Whiteman <john.whiteman@owasp.org <mailto:john.whiteman@owasp.org> >; ofcio@omb.eop.gov <mailto:ofcio@omb.eop.gov> ; scitt@ietf.org <mailto:scitt@ietf.org> ; scrm-nist <scrm-nist@nist.gov <mailto:scrm-nist@nist.gov> >; swsupplychain-eo <swsupplychain-eo@nist.gov <mailto:swsupplychain-eo@nist.gov> > Betreff: Re: [SCITT] Intel is taking the lead on a Trust Service Registry This talk is the foundation for this work: https://gist.github.com/07b8c7b4a9e05579921aa3cc8aed4866#file-rolling_alice_progress_report_0003_down_the_dependency_rabbit_hole_bsides_portland_2019-md Progress is slow but steady. The goal is to bake as much of the methology’s risk analysis and reaction capabilities into existing tooling, processes, formats, and infrastructure as possible. Thank you, John On Sat, May 27, 2023 at 11:19 John Andersen <johnandersenpdx@gmail.com <mailto:johnandersenpdx@gmail.com> > wrote: I wholeheartedly agree with you!!! Hence the pursuit of Alice Intelligence (AI, John W gets credit for that acronym) https://mailarchive.ietf.org/arch/msg/scitt/iEAhuuicVxgoXJiAZIGmpZOctcc/ Thank you, John On Sat, May 27, 2023 at 10:49 Dick Brooks <dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> > wrote: Thanks, John. I’m doubtful that open source, volunteer, software maintainers will want to invest their energies doing the tedious work of analyzing software supply chain risk assessment data and preserve tamper-proof evidence that can be presented in a lawsuit or audit, and support/operate an online, reliable service to answer consumer queries like “Is this software product vulnerable as of right now?”. It’s a lot of tedious work, that must be done in order to operate a credible, legitimate “Trust Registry” Service, that also costs money to operate. But I’ve been wrong before, I never thought anyone would buy a “pet rock” but some did. https://en.wikipedia.org/wiki/Pet_Rock Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: John Andersen <johnandersenpdx@gmail.com <mailto:johnandersenpdx@gmail.com> > Sent: Saturday, May 27, 2023 1:32 PM To: John Whiteman <john.whiteman@owasp.org <mailto:john.whiteman@owasp.org> >; dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> Cc: ofcio@omb.eop.gov <mailto:ofcio@omb.eop.gov> ; scitt@ietf.org <mailto:scitt@ietf.org> ; scrm-nist <scrm-nist@nist.gov <mailto:scrm-nist@nist.gov> >; swsupplychain-eo <swsupplychain-eo@nist.gov <mailto:swsupplychain-eo@nist.gov> > Subject: Re: [SCITT] Intel is taking the lead on a Trust Service Registry Hi Dick, Thanks for sending those and looping them into this discussion. Sections 2.1.1 and 3.2 respectively look related to the high level goals of the use case doc. We plan to leverage threat models heavily (https://m.youtube.com/watch?v=TMlC_iAK3Rg) to assist with risk determination and further sharing of vuln details including how much data to share about the architecture of the system context in question for the triggering event. We want to enable OSS maintainers, and the secure software forges to have these same capabilities. Thank you, John On Sat, May 27, 2023 at 10:09 Dick Brooks <dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> > wrote: Thanks, John. I’m not familiar with the vuln sharing goals of OpenSSF stream 8, but I am familiar with the NIST Vulnerability Disclosure concepts in SP 800-216 and C-SCRM SP 800-161: https://csrc.nist.gov/publications/detail/sp/800-216/final This document recommends guidance for establishing a federal vulnerability disclosure framework, properly handling vulnerability reports, and communicating the mitigation and/or remediation of vulnerabilities. The framework allows for local resolution support while providing federal oversight and should be applied to all software, hardware, and digital services under federal control. The SP 800-216 framework is also in harmony with SP 800-161 RA-5 Vulnerability Disclosure Reports, where software suppliers provide consumers with software product vulnerability disclosures, at the SBOM component level: https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: John Andersen <johnandersenpdx@gmail.com <mailto:johnandersenpdx@gmail.com> > Sent: Saturday, May 27, 2023 12:58 PM To: dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> Cc: ofcio@omb.eop.gov <mailto:ofcio@omb.eop.gov> ; scitt@ietf.org <mailto:scitt@ietf.org> ; scrm-nist <scrm-nist@nist.gov <mailto:scrm-nist@nist.gov> >; swsupplychain-eo <swsupplychain-eo@nist.gov <mailto:swsupplychain-eo@nist.gov> > Subject: Re: [SCITT] Intel is taking the lead on a Trust Service Registry WIP but related: https://github.com/ietf-scitt/use-cases/pull/18 Have been mocking up how we can run SCITT within TEEs which leverage the Amber attestation environment to attest to validity of insert policy run (https://github.com/scitt-community/scitt-api-emulator/pull/27#issuecomment-1528073552 ) within hermetic builds. This facilitates a recursive trust relationship which enables dependency review (trust propagation) of OSS. Results are federated across the decentralized network of software forges. This work is in pursuit of the vuln sharing goals of OpenSSF stream 8. Thank you, John On Sat, May 27, 2023 at 08:11 Dick Brooks <dick@reliableenergyanalytics.com <mailto:dick@reliableenergyanalytics.com> > wrote: Hello Everyone, This announcement from Intel is further proof that a “Trust Service” is becoming a foundational requirement for trustworthy computing. A Trust Service Startup Inside the Chip Company https://www.intel.com/content/www/us/en/newsroom/news/trust-service-startup-inside-chip-company.html Amen to this: ““Attestation is the ability for you to prove that something is what it says it is,” Yeluri explains. “And that is really the ground truth in confidential computing. If you can’t attest and say it is truly what it is, confidential computing is immaterial.” “Before taking that big step, Yeluri and team checked with a couple dozen customers — banks, manufacturers, telecommunications services — and received votes of support.” The following observation is “spot on” based on REA’s experience operating the SAG Community Trust Registry ™ (SAG-CTR ™): “A few suggested Intel just build it as open source. But Yeluri and team believed that while the core attestation primitives can be open sourced, a solution could only succeed “as a turnkey service. That means somebody has to operate it at scale,” he says, “and we think we can do that.” REA agrees with the above statement, operating a reliable, trustworthy “trust service” at scale, like REA’s SAG-CTR, is a lot of work that requires the analysis, storage and maintenance of evidence that is trustworthy and can be presented during a lawsuit or audit, that cannot be properly operated by open source volunteers. https://www.einpresswire.com/article/545051889/announcing-the-sag-ctr-tm-community-trust-registry-for-digitally-signed-software Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 -- SCITT mailing list SCITT@ietf.org <mailto:SCITT@ietf.org> https://www.ietf.org/mailman/listinfo/scitt
- [SCITT] Intel is taking the lead on a Trust Servi… Dick Brooks
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen
- Re: [SCITT] Intel is taking the lead on a Trust S… Dick Brooks
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen
- Re: [SCITT] Intel is taking the lead on a Trust S… Dick Brooks
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen
- Re: [SCITT] Intel is taking the lead on a Trust S… Hannes Tschofenig
- Re: [SCITT] Intel is taking the lead on a Trust S… Dick Brooks
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen
- Re: [SCITT] Intel is taking the lead on a Trust S… Dick Brooks
- Re: [SCITT] Intel is taking the lead on a Trust S… Tschofenig, Hannes
- Re: [SCITT] Intel is taking the lead on a Trust S… John Andersen