Re: [lamps] [EXTERNAL] Re: PQ-hybrid or PQ-Composite?
Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 27 October 2022 01:14 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E786C1526FA for <spasm@ietfa.amsl.com>; Wed, 26 Oct 2022 18:14:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.706
X-Spam-Level:
X-Spam-Status: No, score=-2.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQyRIst-VOpy for <spasm@ietfa.amsl.com>; Wed, 26 Oct 2022 18:14:34 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE854C1526F6 for <spasm@ietf.org>; Wed, 26 Oct 2022 18:14:28 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 29QIrDvm003372; Wed, 26 Oct 2022 20:14:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=Wl8OR8rlCDhKKTTrZNCaLnk7HXUq9vh9JNKPbr9jzmY=; b=fB6NhkYiqH502ZiyFLlMRbalTvDJPceOIZo8I+XjbsFKlJ12KJkvg+xq5u9/NsFxHdYP JCMUpoyQ1bn29IgypiNE/Msv83D8fWetJEIQXd8nnb3iNYJOfYz5287Ljbp9Yw9rF0CK xKCnDiDV/0X3OXAoHdh+uh0wxqyNuSjkvHUKDjvfeVQ/dVfE+Yj2a1b3wGkbk+oRcYvr immwaAUpXEt4Ab1LN2ffmvEyiycj/maUGXalMbapmqavmnZPxwfq30SXR5w30Gg3C/6V W2rhbrfoRy1u7oI5a2WPRWi4fqec6JQsIEFX0S0suFqMCeIxgNtu3l3TjaHbPM5WKWxz 8w==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2175.outbound.protection.outlook.com [104.47.59.175]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3kfajg95wf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Oct 2022 20:14:22 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HIiPRvmm/IxKYzErGhpTUfSq3VqGgH0s012N3OQawRkHkQblD26eIVtrM5UgcCFlfKf6pglNRa/94PqQD9513JgIMhfanUasD/MUtHbJdE1W3FsM9Lp14IK5hW8nD/lfx2yWJtLJ4yRunH/F1wB3WGwtz6IVLD/4+UNeJ4laquRXkgLaJmgSPddrDG88I0HYS0ioQMZa+tqFZWSCeOWlNyLxmiRwcHSSEVj7In5VYO0ytw7QU/a2yBonBWIxSK9/sYh/gN8VUaUH4o+9hqy1wDb2++jG/Ln4/7TiWbqIF5p18BgYEOUudiP7TecCMdNbxdc7+viqnRjeSgF0tcOXpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Wl8OR8rlCDhKKTTrZNCaLnk7HXUq9vh9JNKPbr9jzmY=; b=VaLvkstmX5NKNw1v3/MZ2IgS18kg0KEAX+TnZLbBtQwioHdPrbcIBHjeuh67kWvJyeb7WI/Kdu4E/59jExGMsLSrEckwTYa/VTmner4JfnOVvu/eImOI+M7uvuJbYd/sGpo4Qw56CE+ZZeXu86ZcwbdHf0EEoDrtwSewQvDiN3NJsJQR527kSxNZ4pSRlDKnbzJ8NsW5ZHZ82H+dHeYcJqe3Z5HfA/LlRJ0mkJ0dzS2g0Sgd/py/Fl2UdE1x+9Ca76Qw/X0wzeYe6yoWe/JYIZLGjayiKX1gqkQWtKZaMuO5XUbSDVwC4e3mAAYJS0bXCGtKEuNtkco/576LHthgpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by IA1PR11MB6266.namprd11.prod.outlook.com (2603:10b6:208:3e6::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.21; Thu, 27 Oct 2022 01:14:16 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21%4]) with mapi id 15.20.5746.028; Thu, 27 Oct 2022 01:14:16 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: tjtncks <tjtncks@gmail.com>, "Kampanakis, Panos" <kpanos@amazon.com>, 'LAMPS' <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] PQ-hybrid or PQ-Composite?
Thread-Index: AdjpZtAPzR6/tkP+QRGmuipS8Ui0UAABAxmwAAz13QAAAEj5Zw==
Date: Thu, 27 Oct 2022 01:14:16 +0000
Message-ID: <CH0PR11MB57399D221ACF9D9C786500B79F339@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB57392D1E75E74D87A65B76389F309@CH0PR11MB5739.namprd11.prod.outlook.com> <6359d6e2.170a0220.7526f.36c4@mx.google.com>
In-Reply-To: <6359d6e2.170a0220.7526f.36c4@mx.google.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|IA1PR11MB6266:EE_
x-ms-office365-filtering-correlation-id: f8fa3108-ffed-4085-775f-08dab7b8913a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JKF60sWi9zgioC37gSGZIa8SezPT5gQuyLhkS1unC/H8bsX6T8q/fSF8HAJo5aYZ3DNW8O3fRE+CtAXIXH4pkXlU3C9R6sIdndrsReRM0IRYwbQcDQ48YudIoiMu8jF47EBTfIq91R/62q8m1Xfl2gJdNH9y7pPqj4/LClogMJWHolrMNddHzqmOgDQKA8wT93y1A7JBe01QQDV1ItDF9oQ3PLGtG9aW2G29fikGnVM+FM/zVUNl1fgxN7A5xdLPAoyYzmKPUXmFJmjGaxXUBNkbrIjmIAhSVUYONKN+c9dJwfy/nNnUOKqUIakgTmP2HhrKmw6O+mq8JCTHhk8wQvX7V3lFpHCBFDDuZQpaWvVBAJ1uFygAfVTYeoYvAQsxy+uDFwF92iapD/RqDvG0dmjgc8za+cSKqHlgoojBxixFhXJ7tUqu4ar3WLfhjGT7PzoGcbSkSXWtcDku8lrWzVdcJUoqrmpCdE5dUVY5N8Rz8breTKF6apkpQfd25Pyhqr6p5KRISk54frxJDtBvljKgtbwcq5vzzp8uillGepJJzle+c9CebO/rieidE5xWhkcNKpvNDxbrKtHGQ3Ph+WC5k/OyQwB7YiRSu9271zhe9S68ykBJKU9rtUmTvtomapkVm8DR+0Zpo4+QBbSyjjtKHZJCuIfPQ0cNxeVVHt9MMcEGXSXdxjlri1ZQBt7xGYLPTrfJvgzVMmnnrOoW46kriSb9HeYmlV5LAbIiwIelksqgEjhBikbco7yum72OH+4bnnp0SLIwz0t1UghRd5Khv5u1Rcz5LemPbnQ0zhA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(346002)(39860400002)(366004)(376002)(396003)(136003)(451199015)(38070700005)(478600001)(166002)(8936002)(52536014)(110136005)(33656002)(83380400001)(7696005)(38100700002)(6506007)(76116006)(122000001)(66946007)(66446008)(966005)(66556008)(8676002)(66476007)(64756008)(53546011)(41300700001)(9686003)(5660300002)(186003)(55016003)(2906002)(26005)(86362001)(66574015)(316002)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5ZtQX0le6LrekMHhRMXZFuHi2l4+fAZvNSI0mlhF08tDSfpG5NpPAT1Hb/kHa+Jng1u2pN5aBzoePrRFKjkhWjQkWU5iyINFWhQ8ShDXtwBPcq8R76IjS8di89j7/hRiugWQ2GA0NBG/FZkawg4jv7BolzUGZPKq7I7UrKCIjLB9oYT1kCP0c4BluLwCZMsWqg8t0xgpBnqCi4Sf/khlqo0HX7Ulp8PyVUhEVKYzSimtthDira4iIweXon7Y1SE+TEsVQ6Did123wzfqLhRcgovlq+OEbmFq+tY4vr/RhYq/ZS+JDSIa3FJRieNHLf/HAhyo+9zHilVcl3hcvnN0niW4Aewr8+dyDCAlY3g8WLOm7Oyh2OugzzBwUxRoFlR5xWLGXdwiHp2XvCUMLwL/dZQAW6Gg1oHXILNoBfVn5RG1E1SNTYXBfdGIa0C5onGtFT4e4AfePFox6AOMDl6b4a05b9cj4k28XgTKNaJMvxShEeEZFxT5vqNciz2GyxeKhDFe9xn/KVLj6jycky3qKD2l3MctpOS1Zdyu6WI1oBUbMFUKIc9gV7MPXIs+ajzo+JT78qvqZY2ZrE/yVeXG7Y8hn71hNUV6hETy9+FvbyEmb9a5YNc1y8vzgRQhpwcXyFIc2fevsNNPQFZp3BEvJL0HamkB0YhnnIuKXNlN1/CfZLxGMqjIUvQ2RC+45NY/8SnT3Z0YFu2uTWExLs1F4PKkCT2BmUSyIyfevNjsm0y8jiC9e6/F+7ne0FO4oaPAUx9oLk097g2e8u2xhppPxczVnw7gLmlLJ9isTO53v0pv3hwAR2pueDVqepWDfI2n0GgqmhPphDkJ9qIXrA8W4VPPwHfC4Du+fZNtJOlxa1rJ9onY+Hx3L5fqjDozQgWU7y9B0XCbyAFlehn7DfcORlcP8AnwWkhuq1oSbWVu/C0HSOZ5U9+dAf36g+AoWSE3zeTqnNw/nq2CiNTHdbGkAOuvvRNFxHbjJpNel5d9HcC/IBHbyWhhpzD8wCxsV7JEHN2zccO+u89jY+yZBIByz3L3cIxc6I3r1ogHkEuGK0xNVlHswaGXXL5zxW7x1esNCzAFJLJo28wcgbd7leazY5dwd0KpzintsR+sKlMVJ1ZodiyY0/p6GOAd6H6UEDmmtBsz3T3dW5wp3n/oyfa9HgRN31OhhW2uJug1Ax+Aft3FKT9XqYDbH9uVfqW6Jy1JR+WhzvvezaISuplO95bQG2uWLwtr+NAu51gT3bHDp9gIhPqBqy0zO2rLikygCIND9DhdXZhy34Q8QQ9bTStzjvtcMF9Jkm0hQ77MEoV4IsW2sc2v8D8lCMNkxEK+Xsm36ij0c5moz73zY9w3uK/PXRMbQ+BqCec7xjpar1d/tRubpXeCFXeIGkCb8zt0buhmgI2TurYoBfrbFH4N3KHOm55mxPGRd9Gk4rgI9j+NyntTVRH4qO8mjFZ88C4SC5XlgsOXX54B3wuGFYU/1ey+IH4mFKOxcqEyMD7iADD+LrZoQFLt9NB9QL1zVw/YKJtL43gZ1nUpeWcRLykykzjjdCptMArFLDP/wDY2qpDEdyOrXywpugn6nDhmrwJEaNQsFNu570bwIF2xa1HexAUVTXppBOkHiWrP5THuYYRopD8=
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB57399D221ACF9D9C786500B79F339CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f8fa3108-ffed-4085-775f-08dab7b8913a
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2022 01:14:16.4270 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qeKW2AC0hcbuHA3YbdbhXR9IzGt8RJxY6Fm6TjHfCL/lyRyf6ONPQ6zAyzYJ+u5s5XxKGzTeAD8FV4UhtmVh3FrycT+BaOjhf5adFu+0PQA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6266
X-Proofpoint-ORIG-GUID: jLYc8fjLRkMXg3skEyqcL3t0lpe37f-x
X-Proofpoint-GUID: jLYc8fjLRkMXg3skEyqcL3t0lpe37f-x
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-26_10,2022-10-26_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 clxscore=1011 impostorscore=0 spamscore=0 adultscore=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 priorityscore=1501 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2210270006
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/VJPJXLquDjEjEmRysiGrdsL-Nwc>
Subject: Re: [lamps] [EXTERNAL] Re: PQ-hybrid or PQ-Composite?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2022 01:14:38 -0000
Correct, downgrade / stripping _on the certificate_ will not work for the reason you state. I'm thinking about the signature(s) on whatever document you're signing, for example an S/MIME email or PDF. A hybrid certificate is allowed to produce either 1 or 2 signatures. Imagine the signer produces 2 signatures but the verifier only receives 1, can it detect this? That depends on how the protocol (S/MIME, pdf, etc) handles Hybrid Certs. The exact details of how to produce and verify Catalyst Hybrid certificates are in https://datatracker.ietf.org/doc/html/draft-truskovsky-lamps-pq-hybrid-x509-01 (ex.: the inner signature needs to be removed from the TBSCerficate after verifying the outer signature but before verifying the inner signature), and we're also standardized by ITU-T (I don't have the document link handy). --- Mike Ounsworth ________________________________ From: tjtncks <tjtncks@gmail.com> Sent: Wednesday, October 26, 2022 7:54:44 PM To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Kampanakis, Panos <kpanos@amazon.com>; 'LAMPS' <spasm@ietf.org> Subject: [EXTERNAL] Re: [lamps] PQ-hybrid or PQ-Composite? WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________ about downgrade attack, wouldn't stripping pq extension breaks the outer signiture, as it is still a part of TBScertificate for classic alg? not sure how hybrid signiture will verify, as by adding sig itself change the signiture of extensions asn object: so it have to signed something else: I don't get how it will work without effetively nest a full certificate inside of that extension -------- 원본 이메일 -------- 발신: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> 날짜: 22/10/27 04:03 (GMT+09:00) 받은 사람: "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>, 'LAMPS' <spasm@ietf.org> 제목: Re: [lamps] PQ-hybrid or PQ-Composite? Ah, you beat me to it! Yes, ISARA has announced intent to dedicate the Hybrid Cert ("Catalyst") IP to the public domain. The way I see it is this (off the top of my head, not a carefully researched answer): Pros of Catalyst Hybrid: * Extends X.509 in "the obvious way" via an extension. * Fully backwards compatible because legacy clients will simply ignore the unrecognized non-critical extension. * Avoids combinatorial explosion of pairwise OIDs. * "Complexity" of checking both signatures lives at the X.509 layer. Cons of Catalyst Hybrid (and Pros of composite): * Hybrid Catalyst does not provide any encoding for transmitting multiple signatures, so you still need to either modify all the protocols to carry two signatures, or use a composite signature value. * You carry the (very large) PQ key and sig over the network whether or not the client uses it (ie very hard to negotiate algs when a hybrid cert is in use). * It is very difficult to audit what crypto was actually used at runtime since the server has no way to know whether the client actually checked the PQ part. * Compare that with composite where you either negotiate a traditional OID or a composite OID and it's very clear what's being used. * Catalyst Hybrid is not resistant to stripping / downgrade attack (ie Catalyst Hybrid certs only really make sense in an OR mode; though I suppose you could make them an AND mode by marking the extension CRITICAL). * "Complexity" of checking both signatures lives at the crypto alg layer. So as much as I'd like it to be as straight-forward of "We have Hybrid again, so let's drop Composite", I don't think it's that simple. I think there are strong advantages to each. I think I speak for Entrust that see value in supporting both Catalyst Hybrid and Composite certificates (as well as pure PQ / multi-cert), and would keep all three in our toolbox to recommend to customers depending on the details of their migration needs. But I agree that they are very similar and this is a good discussion to have. --- Mike Ounsworth -----Original Message----- From: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> Sent: October 26, 2022 1:24 PM To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; 'LAMPS' <spasm@ietf.org> Subject: [EXTERNAL] PQ-hybrid or PQ-Composite? WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ Hi Mike, composite drafts authors, and WG, Sorry for the monkey wrench. I am sure you are aware of this https://urldefense.com/v3/__https://www.isara.com/company/newsroom/isara-dedicates-four-hybrid-certificate-patents-to-the-public.html__;!!FJ-Y8qCqXTj2!aztm9JK1STn0XcErfeMf5yXQFR_5MMDuqP3WVKhZK9uu1C041s2dbh6qgNpa4nZj588VU3vhLFDl6BrRRvVIpDYvnCIBq3gm_SO6$ . ISARA seems to have opened up the patents they had on hybrid certs. Hybrid certs do the same thing as composites, but they add the additional algorithm in an optional extension, not concatenated. One advantage of hybrids is that we don't need a bunch PQ-composite OIDs. One disadvantage could be that the PQ-verifier needs to be careful to verify and not ignore the extension. If the IPR is indeed open for use now, should the WG be discussing which is the better option? Rgs, Panos Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!djoOC1HF8WuuXZ1K4QU_V8A4UZdS2mZ7rBiyXeakQ09_IIpXMkKwA6AZSG6YQsAWFK0NRV-DLaBt_S6m0ZxD$>
- [lamps] PQ-hybrid or PQ-Composite? Kampanakis, Panos
- Re: [lamps] PQ-hybrid or PQ-Composite? Mike Ounsworth
- Re: [lamps] PQ-hybrid or PQ-Composite? tjtncks
- Re: [lamps] [EXTERNAL] Re: PQ-hybrid or PQ-Compos… Mike Ounsworth