Re: [SPICE] Revised Charter
Michael Prorock <mprorock@mesur.io> Wed, 07 February 2024 14:34 UTC
Return-Path: <michael.prorock@mesur.io>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97DD5C14F703 for <spice@ietfa.amsl.com>; Wed, 7 Feb 2024 06:34:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L4l2xKFr0I_h for <spice@ietfa.amsl.com>; Wed, 7 Feb 2024 06:34:54 -0800 (PST)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41E76C14F6ED for <spice@ietf.org>; Wed, 7 Feb 2024 06:34:54 -0800 (PST)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a3566c0309fso88024166b.1 for <spice@ietf.org>; Wed, 07 Feb 2024 06:34:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20230601.gappssmtp.com; s=20230601; t=1707316492; x=1707921292; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zQHRZWaInpwUBsQwS9x6+I51q14QyuE194d8iwtavm0=; b=w9VKC8XoIY67ndOZiy9DIZpYdRn39P1KQjZOJPrOb1Twwi+wcw6DDQz+MSA6XJz1Ug y8K9R1hn/Oa12EFILQZdcHcHfpcRblMYTWqwqRl+FIOWMl4Xs7cjyMscKMuHUoqU53xI JaQR5GGLeUXs2DBDMhcPVMcNzm3iWxKnTuCCccVASo0VHfFmzbdbMbOUanM6xr0+mLJg aQ2Xn+qALMVNZDbsZQZjDWl5Ukd/Iidq3qVlUMfU4r290wEskdCJCFiWtZDhWOP6+dwk oOy+O3D06Pi05p0KHdESv6zA4oaELsQvgUDSO6tKPU8u59PfZLwooaZs+TvCP2LvSYT4 vaLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707316492; x=1707921292; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zQHRZWaInpwUBsQwS9x6+I51q14QyuE194d8iwtavm0=; b=QSLblmA2mx0ILShhlc7phQHSv4dNIUmWgIhh422LAn9ddPLz1M5Tc7uWWZE8LTvzue uVpZw9M11ksh6Vd/5neVMa8i8xbtz3UOr8pqZxLmz10JgPcjuD977+RtGcMKWjEuOA1v wriNZJuS36AqRCrLrseAI3SHmoQ9nF6Or4xnwHyKx6ddSUB9SZh3WWRMNVil/t2JVjZv ybwzXUJuQo+4CxGVS2aDYT6RgtoqpjpVOXJQQNoJYk2quiL83Ada9g39MZog0J1BLDPu vhwzuka6r6ePH5Jl8O/938EKOL70NhMIK4lxIxFP8bktGIrRo//CyxeJrte9TyIv6n0K /IvA==
X-Gm-Message-State: AOJu0YwauUPiACnLjr9mqDl2J8Wc1AI26I5E+JXeTVxYPExrntsWDt7z FVbx4DXCAGDadySw7PJp+JUCvhQYOrjA03CDwZ6uv4FVPvtVJng336YVdDKXyMwdrNCDrk7e3MN YLZhIg2uwDgBzXWHgTfnLxzOaCgNttEsl8V9m
X-Google-Smtp-Source: AGHT+IFwFDJRiouWeBCKPQLRgQJMb1jH8fMFBSkLnzmYsicbu2FUvYr/FsXDxMNewM/D8Nm2C3Ysaliu3N4RNjcc6Ko=
X-Received: by 2002:a17:906:15c5:b0:a28:c5dc:4802 with SMTP id l5-20020a17090615c500b00a28c5dc4802mr4234938ejd.31.1707316491623; Wed, 07 Feb 2024 06:34:51 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com> <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAN8C-_LuOZ6yGLQ6XmuKTpCJCMW+sVMsrtgnCaHZmSDoctYjiA@mail.gmail.com> <BN2P110MB1107BE3E49B8612EBF11A383DC46A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAGJKSNQ+NiHpFFBLFdFPg-1t-CSU+GVui5LrddNyXiUa2PAw=Q@mail.gmail.com>
In-Reply-To: <CAGJKSNQ+NiHpFFBLFdFPg-1t-CSU+GVui5LrddNyXiUa2PAw=Q@mail.gmail.com>
From: Michael Prorock <mprorock@mesur.io>
Date: Wed, 07 Feb 2024 07:34:39 -0700
Message-ID: <CAGJKSNSrRwtTsMe1kjqfX47xqXJpDJ=boFS3yd_7Jd_G7guzzA@mail.gmail.com>
To: Michael Prorock <mprorock@mesur.io>
Cc: Roman Danyliw <rdd@cert.org>, Orie Steele <orie@transmute.industries>, "spice@ietf.org" <spice@ietf.org>
Content-Type: multipart/related; boundary="00000000000000cb0c0610cb99a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/pDo6gJIabRjTOtMsK8cY28qZyKY>
Subject: Re: [SPICE] Revised Charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 14:34:58 -0000
I have pulled those suggestions into a PR here: https://github.com/transmute-industries/ietf-spice-charter/pull/23 Mike Prorock CTO, Founder https://mesur.io/ On Tue, Feb 6, 2024 at 12:20 PM Michael Prorock <mprorock@mesur.io> wrote: > Thanks Roman, > That google doc is extremely helpful. > > Orie (and list) I will take a stab at a PR that reflects this feedback. > > Mike Prorock > CTO, Founder > https://mesur.io/ > > > > On Tue, Feb 6, 2024 at 11:52 AM Roman Danyliw <rdd@cert.org> wrote: > >> Hi! >> >> >> >> Thanks so much for this PR and the related discussion. I have a bit more >> feedback: >> >> >> >> (1) Editorially, this overall charter text is too long and includes >> things that I don’t believe help constrain the scope. I wanted to be >> constructive with a proposal but I didn’t know how to best convey proposed >> editorial changes on a PR with an explanation. I made a GDoc with track >> changes/suggestions, >> https://docs.google.com/document/d/1mmaB4Ll8jEpgmuoGNLwks51Set5yxLX7Cc3btq4q_9k/edit?usp=sharing. >> If this is not usable, I can find a different way to pass along the changes. >> >> >> >> A few motivating ideas include reducing the background and reducing the >> number of times parts of the architecture defined. I also proposed the >> removal of all individual documents as I wasn’t sure how “related >> documents” helped narrow the scope. >> >> >> >> (2) The “Goals” section includes a long list of “topics will be >> considered in the milestones”. While I can see how these would be >> important properties of digital credentials, it wasn’t clear to me who they >> constrain the future solution. For example: >> >> >> >> -- What does "consider" mean? Using a dictionary definition, "consider" >> means the solution wouldn't have to deliver any of these properties. >> >> >> >> -- Are these properties going to be provided by unique specifications >> produced by the WG? >> >> >> >> -- These topics are described in a level of detail that would make it >> challenging to assess whether the property was realized. For example, >> "Confidentiality (ensuring information is protected from unauthorized >> access" is the textbook definition of confidentiality. What is >> "unauthorized" in the context of the architecture framed above? >> "Availability (efficiently information processing, minimizing data in >> flight ...", what's "efficient enough", how many bits "in flight" is too >> many or few? >> >> >> >> I wonder if this list could be much shorter? Perhaps some reduced set of >> properties can be woven in the text to describe the desired framework. >> >> >> >> (3) Per the “Meta Discovery”: >> >> >> >> -- As design guidance or constraining the solution space, the current >> text would benefit from refinement. It doesn't commit to HTTP; or define >> or commit to supporting constrained device >> >> >> >> -- Per the link draft-ietf-oauth-sd-jwt-vc, my superficial read of the >> abstract suggests that it is a “data format”. Is that work that will be >> done here too? I’m confused primarily because the current charter text >> talks about HTTP and device types but the OAuth document seems more >> concrete on the support token type, omits the protocol and device types >> >> >> >> -- Per the “not limited to JSON”, what ecosystem does this text intend to >> support? Is it only the artifact described in the “selective disclosure of >> claims” program of work? >> >> >> >> (4) Per the “Selective Disclosure of Claims”, I had trouble understanding >> what kind of solution is being described. Specifically, I wasn’t sure what >> underlying technologies were being built on. >> >> >> >> -- JOSE/COSE was mentioned in the “Goals/In Scope” section. Is that a >> dependency? >> >> >> >> -- Is this deliverable defining new token format? Augmenting the CWT >> claim registry? Adding claims into the COSE registries? CBOR tags? >> >> >> >> -- The existing JOSE charter (https://datatracker.ietf.org/wg/jose/about/) >> already has in scope: >> >> >> >> -- "Standards Track document(s) specifying representation(s) of >> JSON-based claims and/or proofs enabling selective disclosure of these >> claims and/or proofs, and that also aims to prevent the ability to >> correlate by different verifiers." >> >> -- Standards Track document(s) defining CBOR-based representations >> corresponding to all the above, building upon the COSE and CWT >> specifications in the same way that the above build on JOSE and JWT. >> >> >> >> In what way will this selective disclosure document be different from a >> JWP? >> >> >> >> -- Is this work going to profile other/existing token formats to describe >> how to extend/augment them into being digital credentials? Put into >> another way, is this working going to specify a new “envelope” for >> selective disclosure of claims (e.g., alternative to JWP), or is it going >> to profile/reuse an “envelope” (e.g., JWP) described elsewhere and provide >> guidance on how specific industries can add their own claims into it to >> construct digital credential? >> >> >> >> (5) Editorial. In whatever way this program of work text is refined, that >> needs to be summarized back in the “Goals” section. >> >> >> >> Regards, >> >> Roman >> >> >> >> *From:* Orie Steele <orie@transmute.industries> >> *Sent:* Friday, January 19, 2024 2:05 PM >> *To:* Roman Danyliw <rdd@cert.org> >> *Cc:* spice@ietf.org >> *Subject:* Re: [SPICE] Revised Charter >> >> >> >> Roman, >> >> Thank you for your detailed comments. >> >> I have raised this PR which I believe addresses all of them: >> >> https://github.com/transmute-industries/ietf-spice-charter/pull/22 >> >> However, some of your comments are questions, which I feel it is better >> to answer on the list, in case no text change is needed to address them. >> >> Inline for the rest: >> >> >> >> On Thu, Jan 18, 2024 at 4:44 PM Roman Danyliw <rdd@cert.org> wrote: >> >> Hi! >> >> >> >> Thanks for all of the iteration to get to this text. I have a few >> questions and comments. >> >> >> >> ** Per the “Background” Section: >> >> >> >> -- “Some sets of claim names are registered with IANA and originate from >> the IETF, OIDF and other standards organizations.” >> >> >> >> o Editorially, at no point in the text so far has there been any link >> made between “sets of claims” and a “digital credential”. The introductory >> paragraph talks about “values” and “attributes” of claims. I recommend >> some bridging text. >> >> >> >> I have added some text to the introduction to address this. >> >> >> >> >> o As a reader, I’m not sure why I am being told this detail. No >> subsequent text in the deliverables mentions that claims from other SDOs >> need to be used or that they are being built upon. >> >> >> I added references to the existing registries, and highlighted that JWT >> claims focus on people, whereas many of the CWT claims focus on devices. >> >> The background context for this is that we think that organizations other >> than the IETF, will likely need to describe claims, because a single global >> registry won't fit all of them... and would likely overwhelm the designated >> experts who might not be able to evaluate if a new claim in needed for >> every element in the periodic table, or for every organic chemistry >> molecule, or for claims specific to a regional government. >> >> >> >> >> -- “IETF and IRTF working groups have developed foundational building >> blocks with BBS Signatures, RSA Blind Signatures, Verifiable Random >> Functions, or other Selective-Disclosure and collection limitation >> techniques.” >> >> >> >> o Editorial nit. IRTF doesn’t have WGs, it has research groups. The IESG >> will flag this. >> >> >> Thanks, I have clarified that IRTF has research groups. >> >> >> >> >> o There are assertions of foundational building blocks but the text >> doesn’t narrative how this work would build on them. One can infer that >> BBS/VRF/etc are the crypto that will be used. The IETF WG references of >> “Selective-Disclosure” and “collection limitation techniques” is what? >> Recommend either citing WGs or RFC/drafts if this link is important. >> >> >> I have added citations. >> >> >> >> >> o I’m trying to keep the IETF/IRTF lanes clear. Coordination with CFRG >> is noted later. Is there coordination, or reuse? What planned activities >> in this WG would alter the course of CFRG? >> >> >> I clarified how we think SPICE will consume work from CRFG, and how we >> might provide comments on use cases, for example: >> >> A use case for BBS Blind Signatures is privacy preserving credentials, >> such as proving that a human passed a captcha previously and should not be >> challenged again, like is done with privacy pass. >> >> >> >> >> ** Per the “Key Design Properties of Digital Credentials” section >> >> >> >> -- What is the intended use of this section? In what way does this text >> scope the planned work? For example, will the WG deliver some version of >> those as part of the “A document specifying the selective disclosure of >> claims in a secure and privacy-friendly manner”? Are those related to the >> planned architecture deliverable?) >> >> >> Yes, these are essentially topics we think the architecture will address, >> and that SOME credential formats can support. >> >> There has been a lot of discussion about limiting credential formats to >> just the ones that can do all of these (SPICE will only work on BBS >> verifier-verifier unlinkable hardware isolated TEE credentials), but that >> position does not have consensus in my opinion. >> >> >> >> >> -- I’m a little confused by the framing of this section as being able >> design properties of “digital credentials” but the >> “In-Scope”/”Goal”/”Deliverable” sections aren’t linked to digital >> credentials. Some editorial bridging is needed. >> >> >> I hope I have addressed this. >> >> >> >> >> ** Strongly recommend merging “In-Scope” and “Goals” sections. Move the >> text currently in Goals to the end of the current “In Scope” text (i.e., >> reverse the order). Editorially, charters typically first say what they >> will do and then describe who they will work with. >> >> >> Done. >> >> >> >> >> ** Per the “Goals” >> >> >> >> -- Per the text “Additionally, the SPICE WG will coordinate with other >> SDOs, such as ISO or W3C, on data model elements or protocols needed to >> support existing credential use cases” >> >> >> >> o what is the thinking behind “support existing credential use cases”? >> Are these new design goals? >> >> >> An example of an existing digital credential could be the identity >> credential based on SD-JWT or ISO mDoc described here: >> >> - https://github.com/WICG/identity-credential >> >> If SPICE develops SD-CWT, we would hope that it was influenced by the >> work that it is attempting to improve on. >> >> However, unlike WIMSE, we are not trying to make a credential that is >> "only for workloads" or "only for people". >> >> As an analogy, WIMSE credentials being "only for workloads" are inspired >> by attempts to use "JWT and DPoP" which are similarly an >> "existing credential use case". >> >> >> >> >> o I observe that ISO is a very BIG organization. IETF even has multiple >> liaisons for subsets of ISO. Can this text be more specific about the >> relevant links? >> >> >> I removed direct references to other organizations, which I imagine might >> raise new objections however I will counter with this argument: >> >> Unless you are an active member of those organizations, and those >> organizations are building digital credentials, and you are contributing to >> both groups, I don't see a lot of value in calling out that the >> organizations exist. >> >> I think Manu Fontaine has been most vocal on the desire to reference TCG >> and CCC, but I don't understand how he plans to coordinate SPICE related >> deliverables (as described in the charter) with those groups, so I will let >> him argue to add this back : ) >> >> Similarly Denis has mentioned ISO, I am not aware of anyone who is >> actively contributing to the ISO work on mDoc / mobile drivers licenses / >> covid vaccinations that is also planning to contribute to SPICE, but I >> think they are welcome to contribute regardless of if ISO is mentioned >> directly by name. >> >> >> >> >> ** Per the “In-Scope” >> >> >> >> -- Per the text “The SPICE WG will consider the use of TEEs (Trusted >> Execution Environments) for managing key material and digital credentials.” >> Can that design be made now? Can this be deferred for future charter >> scope? I’m practically asking what “consider” means here. It seems like a >> conditional scope (i.e., “we don’t know if we want to deliver this but we >> want it in scope”). >> >> >> I removed this, it's been a recurring point of contention. Some folks >> feel that TEE is essential, others don't. I don't see the sentence adding >> any value to the charter, and I do see it continuing to cause confusion. >> >> I did move some references to it to the "design considerations" of the >> digital credentials section. >> >> >> >> -- Per the text “Focusing on crisp technical specifications and producing >> separate informative guidance documents helps to keep technical interested >> parties involved”, I observe that the planned deliverables only include a >> single informative architecture. Is that sufficient? >> >> >> I think so. >> >> >> >> Perhaps that is the lesson learned? >> >> >> Much of the charter debate has reinforced this point. >> >> It is easy to talk about the "philosophical value" of digital >> credentials, or even "desirable privacy properties", without discussing how >> to build anything that can be implemented. >> >> I would say that this will remain the primary risk of the architecture >> deliverable. >> >> >> >> >> ** Per the Deliverables? >> >> >> >> -- Will the meta-discovery document describe a single protocol? multiple >> protocols for discovery? Does it build on any prior work protocol work >> (e.g., is it an HTTP API? COAP?) >> >> >> Short answer is we don't know. >> >> It seems very likely that HTTP will be a component, but we don't want to >> preclude other transports such as QR Codes, NFC, Bluetooth, etc... >> >> The point of this document is not to address all of these, but to provide >> a concrete way to discover the optionality that exists in the wild today. >> >> I added some related drafts that we have worked on trying to characterize >> this challenge. >> >> >> >> -- Per a “document specifying the selective disclosure of claims in a >> secure and privacy-friendly manner”: >> >> >> >> o What is the relation between this document and digital credential (the >> substance of the front matter)? Is this providing a framework/set of >> claims to let others produce their own digital credentials with particular >> security properties? >> >> >> Yes, I added some references, and extra text to try to make this clearer. >> >> >> >> >> o What is the relationship between the “security” and “privacy-friendly” >> properties and the more detailed key design properties? >> >> >> I think it's mostly just repeating the design properties, I think the new >> text addresses this. >> >> >> >> >> o What is the encoding of the claims for this document? JSON and CBOR are >> noted in the lesson learned but not in the explicit scoping. >> >> >> At this point, we don't seem to be able to agree to pick just one, but >> there does seem to be consensus to pull the useful digital credential parts >> from each, and harmonize them. >> >> As an example, SCITT built "receipts" which SD-JWT does not support, >> OAuth built SD-JWT which COSE does not support, so SCITT cannot use it. >> >> Both rely on the `iss` , `sub` and `cnf` claims, which are supported in >> JOSE and COSE, and are essential to the "3 roles", issuer (AS), holder >> (client) (of credentials, maker of presentations) and verifier (RP)... >> >> Another example would be how JWT supported claims in headers, but CWT did >> not until recently, and when that feature was added, we learned that kccs >> had already ported part of it... for those who want the details: >> >> - https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/22/ >> - >> https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/10/ >> >> in https://www.iana.org/assignments/cose/cose.xhtml#header-parameters >> >> The claims disclosure document, will address this kind of challenge, when >> deploying credentials based on CWT and JWT, in a similar way to how EAT >> attempted to address this in: >> >> >> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-25#name-the-claims >> >> Hopefully these comments are helpful, if you like I can merge the PR or I >> can leave it open and make adjustments in case you have further comments. >> >> Regards, >> >> OS >> >> >> >> >> Roman >> >> >> >> *From:* Orie Steele <orie@transmute.industries> >> *Sent:* Thursday, January 18, 2024 1:19 PM >> *To:* spice@ietf.org >> *Subject:* [SPICE] Revised Charter >> >> >> >> Hello Spice Enthusiasts, >> >> Our revised draft charter can be found here: >> >> - >> https://github.com/transmute-industries/ietf-spice-charter/blob/8f140a014ed13a21ff308b4d48d745ead67d8c54/charter.md >> >> Thanks to everyone who contributed text on github and through the mailing >> list. >> >> As mentioned on our calls, I will submit a bof request with the draft >> charter text as of today. >> >> If anyone has objections to the current charter text, please provide NEW >> and OLD suggestions through the mailing list (on a seperate thread), so we >> can finalize any remaining gaps. >> >> If you support the current draft charter text, please reply to this email >> indicating that you support the current text. >> >> I support the current charter text. >> >> Regards, >> >> OS >> >> >> >> -- >> >> >> >> >> *ORIE STEELE *Chief Technology Officer >> www.transmute.industries >> >> [image: Image removed by sender.] <https://transmute.industries/> >> >> >> >> >> -- >> >> >> >> >> *ORIE STEELE *Chief Technology Officer >> www.transmute.industries >> >> [image: Image removed by sender.] <https://transmute.industries/> >> -- >> SPICE mailing list >> SPICE@ietf.org >> https://www.ietf.org/mailman/listinfo/spice >> >
- [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Mahmoud Alkhraishi
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Denis