IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-cert-abridge Update

"Ackermann, Michael" <MAckermann@bcbsm.com> Wed, 06 March 2024 13:58 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7B27C14F5E6 for <tls@ietfa.amsl.com>; Wed, 6 Mar 2024 05:58:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cYkyhyTVp-E9 for <tls@ietfa.amsl.com>; Wed, 6 Mar 2024 05:58:39 -0800 (PST)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA09FC14F5FA for <tls@ietf.org>; Wed, 6 Mar 2024 05:58:39 -0800 (PST)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id 7086623BEE9 for <tls@ietf.org>; Wed, 6 Mar 2024 07:58:38 -0600 (CST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=D219MG8f08PZWAX7/zpVr5QihsROedA2U2ZRq4FtkaH0Cvbe2hMzaWLrufwLyfzY g/jiC6rCLRlbVdp89KfXj16tQm+PWi9r6m69KIGxZdxfxCRdVYwaUQh70p7qkQ OgIBvFJOxLGKxySPZokpEi2ONFR8KeVL31oKIFvaMBPvY=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1709733518; bh=WxUmh8ti1SSJqiYyo26hwPwvKxjvRVC8n+0FJMrw1LA=; h=From:To:Subject:Date; b=VN9A3+ecxuiHS8oPEayMnlWBOzz0XiQAByWDMVzhmyDzewIpKzEhmyGhf89OVAIWs kCUOlN1HlPooRFsIe+s6SjjgOC7LT6u++2f9ImF6PxtPL6IqZpmbBNn6GcQIx1k7Hg EGVSBDhUvxzbdsPyJ8+KpCrYLz6vb6jJMz20aSxI=
Received: from imsva2.bcbsm.com (inetmta04.bcbsm.com [12.107.172.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id 65C5B41A1471; Wed, 6 Mar 2024 07:58:37 -0600 (CST)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 20018FE055; Wed, 6 Mar 2024 08:58:37 -0500 (EST)
X-IMSS-DKIM-Authentication-Result: imsva2.bcbsm.com; sigcount=0
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D6C83FE04E; Wed, 6 Mar 2024 08:58:36 -0500 (EST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (unknown [104.47.59.168]) by imsva2.bcbsm.com (Postfix) with ESMTPS; Wed, 6 Mar 2024 08:58:36 -0500 (EST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CsXdmq2vC3lS5t0JsfvqOOJTQkZI1M8zpH/aFAR9Cgxh+ZOH25LzYJ6kkrBHbF2BdLncJoBIlCTPUHB+M10vrnn/3uAsYo0TgC8PAEi9cE0iNpGkF/sYhh356Ufm3A0DVkH7EVbzxvVrKeynceUV9ehxq6LSCll2Nky2R2zmWdZLazJpiTHcYmGcfwWIIGKllwfDgg1Ljh4iYAOCPhEzmej4PPrfbMyuWbRpScPujJJyxrlX8EC9XroCfSepForIpTES5B6goBAMYdG8GM71qqbb2faiY74Jt7AUnTE3vdOqQcboHLgIAxEYlKjQRN/tSbd2necOYSvXVeTN0UPXeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=giLXx4PmDWJX9naF307BLjJr2wyxeYlTR+htKBQipWY=; b=k6hbGIM8Mfao47Cx5TF+RFjHt0IIU5Zjk7PeBqsRHgntE9rfDMjjfRpjARwl/baSp5OmNoXf4DCHJBhVEMivXmQhcDC9PwTAad94G1USM2TKy6R3eeKlHrZWRT7zJ2gMIP5Tw9C464BgZ707+XKi1z4AqANGsZlIiuYsc4Yc5in4FmU2tGV4USOongjIJxe4hAsSPznqDMJ6yi4qUxh5yngd02UD0VD2COHxye8LRJJ8V6Hee6oOojnEkSd8YvXN1SG+86K9qaXXGxnOwPGBZeIeOLOdJ/kiz4F6T9+9A0JrJY9pfVFjqioda9qumPZDp+gQEtHTTPIwBDdGPprKfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
Received: from CY8PR14MB5954.namprd14.prod.outlook.com (2603:10b6:930:61::22) by CY5PR14MB5725.namprd14.prod.outlook.com (2603:10b6:930:43::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.24; Wed, 6 Mar 2024 13:58:34 +0000
Received: from CY8PR14MB5954.namprd14.prod.outlook.com ([fe80::51e5:ab17:bb5b:3012]) by CY8PR14MB5954.namprd14.prod.outlook.com ([fe80::51e5:ab17:bb5b:3012%5]) with mapi id 15.20.7339.035; Wed, 6 Mar 2024 13:58:34 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-ietf-tls-cert-abridge Update
Thread-Index: AQHaa9joyZp6CWOje0en87yrohjDsrEj10mAgAPnboCAANDQgIACHzYAgAAWO2A=
Date: Wed, 06 Mar 2024 13:58:34 +0000
Message-ID: <CY8PR14MB595445C2232855EEDA71643AD7212@CY8PR14MB5954.namprd14.prod.outlook.com>
References: <b022bf36-d26f-4d0d-8ebe-155382ba9dfd@dennis-jackson.uk> <933f2fdb3f8a4fd48b61c07652e189b5@amazon.com> <96ab0812-0777-4106-b031-234dacd4435c@dennis-jackson.uk> <ca149a141fe341f69aa354efbf4394bb@amazon.com> <a325ebda-9eb8-443c-bd31-0c8f145f3b48@dennis-jackson.uk>
In-Reply-To: <a325ebda-9eb8-443c-bd31-0c8f145f3b48@dennis-jackson.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CY8PR14MB5954:EE_|CY5PR14MB5725:EE_
x-ms-office365-filtering-correlation-id: 8a990fe0-8a4b-4bed-4899-08dc3de583c1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ImiBzJ21vdzN3vxT8p03nGucT3npebqbO0DoXv/liQeiGaH5V8iDEvnKTdL3/Ntakhri8n3OsIwZGpL7BVsOi6kOcIKbC0vTl/kK+bPxUtA0RnRk2DehmSiT7F+Ptqomd4Q10peI5ea3CfqKvgaOVYyQMWZJA7gD8kLDGKRPtW5f2wpHk4Et8MyoPJuB+l+cNX/5Lumyt6v/1uQL3L+RxFKuizJRQJNTHpV32t2R7erTruBfDaPlU2f3cqV4XjmFbtWqp6skP7VqX1uYpVt/yJlRS8Wk4BkL6rR1djuMdxvzSYUnaoyJXtI6IE3k4zv7/GvU+c+zrtPpAbuYyRR+NqHiP3dSskCWh7Vgn+gwXB30xaF0jNBfwH6xsEKwan8JFOu16xpESIuf+1BRvmXLnrP0GJ7SuhppFex/CkXyymw0eugCLEOloOBhq6YtuClDjH2QsdXWompm8jcLlVJ5rYa5jUTbtgEk9IsMh1n44Kxk965dVbE6TymJOi2GEoXShi/mVfJNNvmXHo4Nrbsv6p7+2Y4wOwS3mxsIzTJnGAgB32VvOysTKDctrxwj2aHNh7J82xWhEZxRjSqhZNjkVCI+ng6grhBdAacZ8enFjLrwlYLiHckRhZ3xme360PcxVOBjxopQvhj95/dW4+TYY49LBTgHZD2Q88cofuLsckg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY8PR14MB5954.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Ubnb4sJRCKQf9BuJjIhcJgIMXD1gy7a6o/ilTeKrRBc4S+odo1DYKQjyG9t6j4VMPt+iXX7+HGq/uuSmlh1J8F2oemV2kNUre2Dirc5N8vAo41LCVyyJnipwrw0umaIyCyCfZS9Acu8+eHSxwo6NdpzQoVF9QgMATCWNZGSoi+QOz4FTgADBESGy4oEcQ53s3momAQPTpgAKiKetEMt/x1asRCNuDJOahVtLvbzNWiBw6or3wKxrNOSKgSyRom7NCXNi9C0aFrMBRQd0vWiPJNkS7SZNN154ptQ1YO1A+KCGeH0Q22FyV6t8R8T3rk1t75clrRzdipHzrWEIGxSWMH0KYY3frtrWoOyxL7BMW6JR1O151QhaIyAb48oXDxPw9cZ6JTkrw0Dd9Opz2fzAXNlFL7jbrJ0sPWtoS/6oXbq/k1QYDbUbmEtEAuyLiiHeK2mCL10xroaYl4StthYH2xWGy0/nuzzzyLgaMAXtfzAY+gU/5hhCalPjJgR0PgVY/JBj7wfFl0iYw6xfoUZ7Zrp98mBhfkH2ubHv99Bnk2dQQ0ACMMBBVGQpHev8qpca0PIr55t13miXAJudsuZI7HPP/AGymd6vuiSjquv0AjWxBV6WU0FgxIeJ3WmoWHznQstTO6dYNcJlkkKK0/fR1gmyBf4s0PBOJaKcbRFhmnES6H9b7wKajbCvmVYzdhps92yErBxiAOA/+M8/JDdwmbm2VxNSxY9oW/V/qWNw5AzIJj25MKsi8e2Oca1YBZhWEqY/Mnw6yrXGU3nF4HkYH4MFThUnduf/SJxzfwKgREVVu6nr80xVZ1DU5BP88UuCKN++stbKiRwgXigps/A4zrzZhOxhoHKINBKD9eO4cUvGCp7XUlsUCIfU++eH9Z4jpzHtlqq10t84cHVNm1UbgoLAavv+PU3zou+w/pG8LCG4OdkzM5TOH/e91lK5gYpQJ1GDb76AQlFuiOhFcslKPD+jX3knYkpad6LksTbJXoMH57fWxqBRuYGA/cVweUFc21xImqjMbdT4ymt60+IbeLTepPUoRGNU0GpbvZ6Be82bRGXJh4kYDtBBJ6kcXjCOEGxA45NKCfxC6b3IA4jeLhsGC7JKcTKDpCbzaZz0subVqSpQkopbvuHnZZGOMkiFUUmNyU0x+wBnukEFpW/nmsc5jHUUXx5VICqsSUHBMiSn8SeFfgmf93Mr0fEvk19Yok7POwYHl049Pq0CBS7d3/7+svTkacUrZZoODYuqyYg1J6bb+4auEnywp7TuQdSffwjTc3aTk8m07BIqEaRbwjUzvL1lwQ78r3+maPbl6PYiEtNmOWYXpdPH1ENGjAu0p2k6kmR0atBrSgHs30RtYcJAVChDmwYM8vcI+Q9RbCyzNvuEnp/Q86feyifNV5hYKjt4+qQkNlfyPLNF9GnShm1sgp4RufUz3xJDxrvXAxsSEa6SK5r2TJ2qLvq9F9Kdp3rR0EAsjEMx5ViI0A86bSkyj3vxyd2zGxg+kWHveb4y1H7VGml6Nr0mucx+SVlHnTdD4EMrUbBVIOYbyFj8lZf1uwFVXBUhjeFUtsXjmB5IjDRb1NuVsg1nRkoMUH0z
Content-Type: multipart/alternative; boundary="_000_CY8PR14MB595445C2232855EEDA71643AD7212CY8PR14MB5954namp_"
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY8PR14MB5954.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8a990fe0-8a4b-4bed-4899-08dc3de583c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2024 13:58:34.6959 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wR8PrtP1ztCxmmWgQQg0W5E6SgfKdKj8CZnbqLNnTLWenovlgdNSMXELlSt26x6qv7VgGVVLZHah+zM00Q7Qcg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR14MB5725
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm02.z120.zixworks.com
X-VPM-GROUP-ID: c88b56bb-aa8a-4d3b-b257-e264c16ba5a7
X-VPM-MSG-ID: 4eb17155-9992-42f5-9ac8-73ca90a5912c
X-VPM-ENC-REGIME: TLS,Plaintext
X-VPM-IS-HYBRID: 0
X-VPM: TLS Sent
X-VPM-TLS-SENDER: vmvpm02.z120.zixworks.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/k7VNubxh4QtVwDj4oNMeebUPrbg>
Subject: Re: [TLS] draft-ietf-tls-cert-abridge Update
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 13:58:44 -0000

But I thought retired people were supposed to sleep in?????????????

From: TLS <tls-bounces@ietf.org> On Behalf Of Dennis Jackson
Sent: Wednesday, March 6, 2024 7:39 AM
To: tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-cert-abridge Update

[External email]

Hi Panos,
On 05/03/2024 04:14, Kampanakis, Panos wrote:
Hi Dennis,

> I can see two different ways to handle it. Either as you suggest, we have it be a runtime decision and we just prefix the compressed form with a byte to indicate whether pass 2 has been used. Alternatively, we can define two codepoints, (pass 1 + pass 2, pass 1).
> I'd like to experiment with both operations and measure what the real world difference is first, then we can make a decision on how to proceed. There's also been more interest in the non-webpki use case than I expected, so that needs to factor in to whichever option we pick.

Maybe these will not matter for the scenario I am considering. Let’s say the client advertised support for draft-ietf-tls-cert-abridge. And the server sent back
- CompressedCertificate which includes the 2 identifiers for the ICA and RootCA from Pass 1.
- uncompressed, traditional CertificateEnty of the end-entity certificate

Or it sent back

- uncompressed, traditional CertificateEnties for the  ICA and RootCA certs
- CompressedCertificate which includes the ZStandard compressed (based on the Pass2 dictionary) end-entity cert

My point is that nothing should prevent the client from being able to handle these two scenarios and normative language should point that out. Any software that can parse certs in compressed form, ought to be able to parse them in regular form if the server did not support Pass1 (CA cers were not available for some reason) or Pass2 (eg. if CT Logs were not available for some reason).

Am I overseeing something?


Yes I think so. TLS1.3 Certificate Compression applies to the entire Certificate Message, not individual CertificateEntries in that message. Those individual entries don't currently carry identifiers about what type they are, their type is negotiated earlier in the EncryptedExtensions extension.

So to handle this as you propose, we'd need to define a type field for each entry to specify whether that particular entry had undergone a particular pass (or both). In my message, I was suggesting either have it be a single label for the entire message or putting the label into the TLS1.3 Cert Compression codepoint.

Best,
Dennis

From: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org><mailto:ietf=40dennis-jackson.uk@dmarc.ietf.org>
Sent: Monday, March 4, 2024 10:47 AM
To: Kampanakis, Panos <kpanos@amazon.com><mailto:kpanos@amazon.com>; TLS List <tls@ietf.org><mailto:tls@ietf.org>
Subject: RE: [EXTERNAL] [TLS] draft-ietf-tls-cert-abridge Update


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Hi Panos,

On 02/03/2024 04:09, Kampanakis, Panos wrote:
Hi Dennis,

I created a git issue https://github.com/tlswg/draft-ietf-tls-cert-abridge/issues/23 but I am pasting it here for the sake of the discussion:

What does the client do if the server only does Pass 1 and compresses / omits the chain certs but does not compress the end-entity certs (Pass 2)?

The client should be fine with that. It should be able to reconstruct the chain and used the uncompressed end-entity cert. It should not fail the handshake. I suggest the Implementation Complexity Section to say something like

I can see two different ways to handle it. Either as you suggest, we have it be a runtime decision and we just prefix the compressed form with a byte to indicate whether pass 2 has been used. Alternatively, we can define two codepoints, (pass 1 + pass 2, pass 1).

I'd like to experiment with both operations and measure what the real world difference is first, then we can make a decision on how to proceed. There's also been more interest in the non-webpki use case than I expected, so that needs to factor in to whichever option we pick.

Best,
Dennis

> Servers MAY chose to compress just the cert chain or the end-certificate depending on their ability to perform Pass 1 or 2 respectively. Client MUST be able to process a compressed chain or an end-entity certificate independently.

Thanks,
Panos


From: TLS <tls-bounces@ietf.org><mailto:tls-bounces@ietf.org> On Behalf Of Dennis Jackson
Sent: Friday, March 1, 2024 8:03 AM
To: TLS List <tls@ietf.org><mailto:tls@ietf.org>
Subject: [EXTERNAL] [TLS] draft-ietf-tls-cert-abridge Update


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Hi all,

I wanted to give a quick update on the draft.

On the implementation side, we have now landed support for TLS Certificate Compression in Firefox Nightly which was a prerequisite for experimenting with this scheme (thank you to Anna Weine). We're working on a rust crate implementing the current draft and expect to start experimenting with abridged certs in Firefox (with a server-side partner) ahead of IETF 120.

On the editorial side, I've addressed the comments on presentation and clarification made since IETF 117 which are now in the editors copy - there's an overall diff here [1] and atomic changes here [2] . There are two small PRs I've opened addressing minor comments by Ben Schwarz on fingerprinting considerations [3] and Jared Crawford on the ordering of certificates [4]. Feedback is welcome via mail or on the PRs directly.

Best,
Dennis

[1] https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-tls-cert-abridge&url_2=https://tlswg.github.io/draft-ietf-tls-cert-abridge/draft-ietf-tls-cert-abridge.txt

[2] https://github.com/tlswg/draft-ietf-tls-cert-abridge/commits/main/

[3] https://github.com/tlswg/draft-ietf-tls-cert-abridge/pull/21/files

[4] https://github.com/tlswg/draft-ietf-tls-cert-abridge/pull/19/files



_______________________________________________

TLS mailing list

TLS@ietf.org<mailto:TLS@ietf.org>

https://www.ietf.org/mailman/listinfo/tls


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.


This message was secured by Zix(R).

v2.23.0 | Report a Bug | By Email