Re: [TLS] The future of external PSK in TLS 1.3

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 21 September 2020 12:36 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E66033A0DCB for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0hnv547j; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0hnv547j
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ddcGHS_Hy3od for <tls@ietfa.amsl.com>; Mon, 21 Sep 2020 05:36:02 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70040.outbound.protection.outlook.com [40.107.7.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A19F3A0BA8 for <tls@ietf.org>; Mon, 21 Sep 2020 05:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=0hnv547jjelqiNQuihRbzQp+Dwu/h2QqQazDVrxoehRbwC2xaNGvRr0XhtFZUxTlFRz9t9qA8nYGc/UmNTBI6Ln6hCy4FQTRdq5mdfHkxLwedEuQEDSz4Tz4xTKJr3YbNEZ/Vu6sqkQofo2BawkEkyKPWenn9MbGJzHPFfyFh5U=
Received: from AM5PR04CA0024.eurprd04.prod.outlook.com (2603:10a6:206:1::37) by AM4PR0802MB2371.eurprd08.prod.outlook.com (2603:10a6:200:5d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 12:35:58 +0000
Received: from VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:1:cafe::91) by AM5PR04CA0024.outlook.office365.com (2603:10a6:206:1::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11 via Frontend Transport; Mon, 21 Sep 2020 12:35:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT018.mail.protection.outlook.com (10.152.18.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15 via Frontend Transport; Mon, 21 Sep 2020 12:35:58 +0000
Received: ("Tessian outbound a0bffebca527:v64"); Mon, 21 Sep 2020 12:35:57 +0000
X-CR-MTA-TID: 64aa7808
Received: from 7a9225055295.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 67E01385-DC54-45A7-AEE2-CB4C975E6121.1; Mon, 21 Sep 2020 12:35:52 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7a9225055295.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Sep 2020 12:35:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g7t2dS03m9nDaR1XzFEm5v5BTgpeaFxZiliq9p2ZWrGg5n3YIK/i0/cVaeMjMlcRILDqHs+oD1XnT/DDl4RlEgVY1pMuKTcyNOlh0iA5mlivh1iySTsgYMRcGmaPS8evKUxBm9RSpNKVjFNNNKIT3rfnh66aQ1vdyQmnsdwm1cZQcnfEIurPIfgqrjBPHhZgH57qHRWjKB10pL2JF6oX42WYJPMQDv0/3z648gVv96Is4JVxI5conBVx/WcjoLljbxW/DK5qOr2cNrpw2VDh3shgkckUMMIXCAP/v5x5MSz64TkrQFtzE2rZchNZx2VpMteezr7VP1yMfTt4nIqHBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=FsLqXdWc+ZMUeiATkJl7SL4lszriMQcJX36EhBUBuM0nCgMbk/a0YoMRMygLn2VNA8X7U/FAMvc/WLwM1mWAR9jQEm/Navvzu2MBXtkmyNac0qakjNbIb95aoWlDIV7Gx0TFRsgO0b+WFT/pw6NyF69TcszNFOdT02dsPVLF6oxenc4pQpoOftacqgjIjLsZd56Fh2yCs6USOdBIoCuYPKwJ04KuVKUJZ4wYaQzdl10pOPsWmCW8u/rIIzzfSCa/qqCVDG9AUjIXiOfOieP4t/x9zo3FigkkSctsoB0qLIOMHjqMXnkZKdaiXjXyo2DC5BwVJPGuOA5nYRcstCjNdA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4NFzSRC+znT/3Msn/NJYHE+kKyJujG+mhjbXAufQ6g=; b=0hnv547jjelqiNQuihRbzQp+Dwu/h2QqQazDVrxoehRbwC2xaNGvRr0XhtFZUxTlFRz9t9qA8nYGc/UmNTBI6Ln6hCy4FQTRdq5mdfHkxLwedEuQEDSz4Tz4xTKJr3YbNEZ/Vu6sqkQofo2BawkEkyKPWenn9MbGJzHPFfyFh5U=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM8PR08MB5620.eurprd08.prod.outlook.com (2603:10a6:20b:1c6::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14; Mon, 21 Sep 2020 12:35:50 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3391.026; Mon, 21 Sep 2020 12:35:50 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Pascal Urien <pascal.urien@gmail.com>
CC: Filippo Valsorda <filippo@ml.filippo.io>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] The future of external PSK in TLS 1.3
Thread-Index: AQHWjng9Pwzr8fTsOkSjvpJZy/djPKlv2BqIgABG0ACAArYqkIAABVSAgAAN+cCAABiIgIAABC8g
Date: Mon, 21 Sep 2020 12:35:50 +0000
Message-ID: <AM0PR08MB3716239A095ED0F7D6072CE4FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <77039F11-188E-4408-8B39-57B908DDCB80@ericsson.com> <1600516093048.75181@cs.auckland.ac.nz> <2f2ecb30-bef5-414a-8ff7-d707d773c7ea@www.fastmail.com> <AM0PR08MB3716AAADBE7D2A6F3E29664BFA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXQdVO_SAVT1kciiH1EgQqenaYDeXnFD9gfa3BKTNFBjig@mail.gmail.com> <AM0PR08MB3716D1CD8D13C68C91ADE322FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com>
In-Reply-To: <CAEQGKXS-HyESGOU9iiYCXKdJk-wMkDnO4eYK2iVs21E3gtVOPQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 3067B1F6E0413540BC087C95A9C4C5D2.0
x-checkrecipientchecked: true
Authentication-Results-Original: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.149]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 36c1804a-8b05-407f-f493-08d85e2ae422
x-ms-traffictypediagnostic: AM8PR08MB5620:|AM4PR0802MB2371:
X-Microsoft-Antispam-PRVS: <AM4PR0802MB2371F2BDD03C20A8E75A78A7FA3A0@AM4PR0802MB2371.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: SvhrIPNLxJzqMWIGji0PDOpwXlBLNirqy3pYq2mjIKZVf7jCq470MncAHF/1kcnvb9Q6NbwvlLiVCEp7nMjO4hSqtmwGanu6zToc5p0ROVNGOLTfHcMFIott+eWmMkD5Ly2qtPjNeJFRcH/UqzzPS0P3OlR7rakswPtjHdAkepx5sXurn3o/q0ukIbVyPPZRN7508YfXM1ixir/rX8RNtP5hTp1y9aGEQIEtkY6Opr6qgIMf8Wiv2RAfOe1VH2oYCb1SISff8yUjkrnjxF2N8gx7Ae5v3CvlNvs2TOLPHmv+a8de5TZHSM51jpShWsAuyzCm4u0IIPkyAeJukge7mTeu6svwgVRd5yEHy54V3/cGoJH1TGTS/N51aPO0mwG6lELnXSQCnCDbkXX7IfmILA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(366004)(136003)(346002)(376002)(8676002)(7696005)(54906003)(6916009)(76116006)(316002)(478600001)(64756008)(86362001)(2906002)(66446008)(6506007)(53546011)(966005)(66476007)(66556008)(66946007)(55016002)(71200400001)(8936002)(33656002)(9686003)(166002)(26005)(5660300002)(52536014)(186003)(9326002)(4326008)(66574015)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: uecybRvO+MQklHSEYV7NCQmeJDh32qkLB2aDLkcRzfCW/WVmPY+qfI66uju0Y8ctTwCuX8EF2GTOOGRvb5SaNVnwv6rpJfuCQBEjaG8x58n16TDLdrcmbyTkNadNT79IXkMejEc5QwQQAhQdIfTIEmPiQ/jsrAWY9WpaKM4wEfGLNd/fkFtqjpN6znnx6mkmU0DmKnDOdS8EZaqGz5A3450cMKnLkQ+PbrX96GaRSR/BU7pKEVSyDE6M1lQzJjrIsL0laMwzVV/CuYl/OZop6Jhe15xrQqfyJKRYPgyF6mvcSshQTJKzqjTHdjkDC+LUK2dynlOZmtxQETFZFgKI+6G7jjsjojoWcOs5F1si8xcOb9XNrA3bVR+umqt+VT7wC+aPQR5KgGElP/LtOApdNUrwzpaf0a9aaOHjhFygKSdPbjLqXnJpF60/D9BXNpB4dEWmaxzqkGutmQiYCGe9KyV33v9iOTtf9YEUrsRNHx39WCNbGIrI/n1ykiBgnf98nzeVokibD4EN5269Vat/rV3/gwJZadZHqxYv8U7DATi9ns7gjX+j+uVt5L+5RuPn8GSiIet6hkDZy386jL9rEkL+fPUZphunB1uVGCCv8ONJACniETEZ+HXqMJwu5SzDd3K24nyiGjyW3Pegkn8oSg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716239A095ED0F7D6072CE4FA3A0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5620
Original-Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 22927718-fc9f-44fc-c6e0-08d85e2adfd3
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: IHh3TqHJwBQtx9DKpqMdX7BA1OXYXua6yv2GjdqpkUClLKECABVWX9gWdU9hplvtM81GsySxPXgsl/L/Qag5EX3gFhIPUaVVNmdHtccjTVDYRLhEY8MqeePLsQAqqplJQgz3q9Pf7PLAMyI58/Fqb9fjLolQEj+WXIZj7EQ7bFpq/l46s+e647dCAbc9f7w4+578MhI4ctw6vfqB1fjOJNWmi7Dq2HfWYmX+3rlCGbQ1lIRls6JR1nYnNkbM8LrDZaeUcT3iZ7TXJMRvri4XSpnTdgr7GT3sfJ32V/kVG9WRItIYd1Fyq04gBqavIEZhz1sH+xdJ5a0PGTA9ddqOTfGTLtF2tM/Ye6hnzozRxT+j38IdAQj+VyhU7w09/IbRDVQLSFCkLxd8MHunPgIe+XcvnDZ2rKmEFiq+3XgWOMvj4AXqiAFbEUJv9/xm+SHTo+6xeTOFC62xpWjsRaTMJFpucEZatNQWQKK45O1sXts=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(396003)(346002)(136003)(376002)(46966005)(9326002)(2906002)(6862004)(52536014)(47076004)(316002)(36906005)(166002)(70206006)(82740400003)(54906003)(9686003)(4326008)(55016002)(8676002)(356005)(7696005)(6506007)(33964004)(53546011)(70586007)(33656002)(336012)(8936002)(82310400003)(83380400001)(86362001)(81166007)(26005)(66574015)(5660300002)(186003)(478600001)(966005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2020 12:35:58.0529 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 36c1804a-8b05-407f-f493-08d85e2ae422
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2371
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/h5-ICzl-QI_cY3OpdysLAOy1HYY>
Subject: Re: [TLS] The future of external PSK in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 12:36:06 -0000

Hi Pascal,

are you saying that the stack on the secure element uses WolfSSL or OpenSSL? I am sure that WolfSSL works well but for code size reasons I doubt OpenSSL is possible. Can you confirm?

In case of WolfSSL, you have multiple options for credentials, including plain PSK, PSK-ECDHE, raw public keys, and certificates as I noted in my mail to the UTA list:
https://mailarchive.ietf.org/arch/msg/uta/RJ4wU77D6f7qslfwrc16jkrPTew/

Ciao
Hannes

From: Pascal Urien <pascal.urien@gmail.com>
Sent: Monday, September 21, 2020 2:01 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Filippo Valsorda <filippo@ml.filippo.io>io>; tls@ietf.org
Subject: Re: [TLS] The future of external PSK in TLS 1.3

Hi Hannes

Yes it has been tested with several  3.04 Javacards  commercially available

In the draft https://tools.ietf.org/html/draft-urien-tls-se-00   Section 5-ISO 7816 Use Case, the exchanges are done with the existing implementation

TLS-SE TLS1.3 PSK+ECDH server works with ESP8266 or Arduino+Ethernet boards

For client software we use OPENSSL or WolfSSL

Pascal




Le lun. 21 sept. 2020 à 12:35, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> a écrit :
Hi Pascal,

Thanks for the pointer to the draft.

Since I am surveying implementations for the update of RFC 7925 (see https://datatracker.ietf.org/doc/draft-ietf-uta-tls13-iot-profile/) I was wondering whether there is an implementation of this approach.

Ciao
Hannes


From: Pascal Urien <pascal.urien@gmail.com<mailto:pascal.urien@gmail.com>>
Sent: Monday, September 21, 2020 11:44 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Cc: Filippo Valsorda <filippo@ml.filippo.io<mailto:filippo@ml.filippo.io>>; tls@ietf.org<mailto:tls@ietf.org>
Subject: Re: [TLS] The future of external PSK in TLS 1.3

Hi All

Here is an example of PSK+ECDHE for IoT

https://tools.ietf.org/html/draft-urien-tls-se-00  uses TLS1.3 server  PSK+ECDHE for secure elements

The security level in these devices is as high as EAL5+

The computing time is about 1.4s for a PSK+ECDHE session (AES-128-CCM, + secp256r1)

The real critical resource is the required RAM size, less than 1KB in our experiments

The secure element  only needs a classical TCP/IP interface (i.e. sockets like)

Trusted PSK should avoid selfie attacks

Pascal



Le lun. 21 sept. 2020 à 11:29, Hannes Tschofenig <mailto:Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> a écrit :
Hi Filippo,

• Indeed, if the SCADA industry has a particular need, they should profile TLS for use in that industry, and not require we change the recommendation for the open Internet.

We have an IoT profile for TLS and it talks about the use of PSK, see https://tools.ietf.org/html/rfc7925

On the “open Internet” (probably referring to the Web usage) you are not going to use PSKs in TLS. There is a separate RFC that provides recommendations for that environmnent, see RFC 752. That RFC is currently being revised, see https://datatracker.ietf.org/doc/draft-sheffer-uta-rfc7525bis/

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
TLS mailing list
mailto:TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.