Re: [Txauth] alternative charter writeup
Dick Hardt <dick.hardt@gmail.com> Thu, 16 January 2020 23:21 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2C5120802 for <txauth@ietfa.amsl.com>; Thu, 16 Jan 2020 15:21:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdNox7bRv1of for <txauth@ietfa.amsl.com>; Thu, 16 Jan 2020 15:21:39 -0800 (PST)
Received: from mail-lj1-x244.google.com (mail-lj1-x244.google.com [IPv6:2a00:1450:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19E9B12081A for <txauth@ietf.org>; Thu, 16 Jan 2020 15:21:39 -0800 (PST)
Received: by mail-lj1-x244.google.com with SMTP id r19so24479368ljg.3 for <txauth@ietf.org>; Thu, 16 Jan 2020 15:21:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=H3nxSl/pIKNbOubsOnOZZrmNhMwLUDHJV9213gjXrvI=; b=BUOQWoyrAY67kXjz9ijL2yx672TY7A8ZlHtO8Zh2jrxuq436riSvjFerTvdFuosbMN C+2zoEUtvq7ywWynLBjK0FgFqkH93caeTnT9CG9UGy8jH2zOGDARbL8dMo9mJXvt+uXc qJasu4kD5y8bKE2V9vO2kIXBUTwfAvBIjfLUfnak1le67D3eXAA1iGb5rkLNHHcRtIIb PfeCxGTF7FupfZRycs+TyeZ4yRlOX8sH/6GDW2e15PMwTI7xeuUQcYlFD7mCQPX64KDf 30Df0VxDfOgukwe35UYgLMs/ZnO1VXRCalfefLZcIXm6BiAzsbNNim1WOYbZvMqJyT5R Q/cA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=H3nxSl/pIKNbOubsOnOZZrmNhMwLUDHJV9213gjXrvI=; b=klAApW6EHOi4vRyifCifC2hfn+hP+VKPOIXkxjyG2USng6bvkzS0WfyQSfdKVWIHed rJufY4L78J8r19caNxHzQAILvOi/DnSWCSaA/171gYTnJQ6KBudbeiF8HX50OIpk7RmK yL8wVk1fXIEsO9HNVCztRCIMRkBKVmAoDYo1LsRrEF48S9F+vtkFvGi6jqqAmRcYoDRK +uqmkR+Qwh2yjbjhkc6ZDeXHH70w/uTFAM2jH4QjwQc2z4DKWSwLwoNYNljOUlGO0hrb bRm6c9S+toqcws4J9GXl1CWcKGmsBueIDYJgavEu7pnw0hHsp7PI3/bJ95FWR283gZBs nUEg==
X-Gm-Message-State: APjAAAWXO5SL0becmW3Xtm+LXoiQ7z3UEYpUnzg150VbtkmN3scEFlmt 8HAsz3Tw/H2w+fnxqCokadRwz2RrclaXhlUw0RspqkXV
X-Google-Smtp-Source: APXvYqxtf4OF9/tkmxBkagQGeBk6fyxQHN4+/p/6U+qdY2MQB+pPX6UyaZ40yC7u8niYNShOVxO8s/lvD5cmw8T4BD8=
X-Received: by 2002:a2e:9e4c:: with SMTP id g12mr3791878ljk.15.1579216897144; Thu, 16 Jan 2020 15:21:37 -0800 (PST)
MIME-Version: 1.0
References: <CAD9ie-sGfRGPFa4jBUeoVcG+CO=PvG-Ys-HrUMs7kVdt1zT3vA@mail.gmail.com> <FE8064D0-02CF-4BF1-AF25-0E52D9362D27@mit.edu> <CAD9ie-tAquhg=o1_cmKg_rO3mn9FeqCTDtY07XMqMOdhRWrD5Q@mail.gmail.com> <B758A8F2-211F-4637-84AE-3FD6974C546F@amazon.com> <CAD9ie-u5aV+FShiseuNRu_Ayp3EJjrN=zM1XBJW+vc9wDdL3NQ@mail.gmail.com> <A6D90193-D3FC-4BDB-8F4C-55A30ED252EE@amazon.com> <B88684FE-9ECE-4326-8DA2-F6A14E0D6ED0@mit.edu> <CAD9ie-tgXONsgr1cW=5X12Wdi+=iGZrnDtCfMzy-Vf-maezFHg@mail.gmail.com> <857A822F-E819-443E-8D92-5A5BD682D3AF@mit.edu> <40DEDA03-58E1-46EE-A46E-15D448283762@hardjono.net> <5F952C70-8EE2-440A-9334-5FBC19CE2A5E@mit.edu> <D3801C15-1089-4383-AAD9-10C867170181@hardjono.net> <301ADD9B-CCC9-447D-B652-EB377961FBD6@mit.edu> <3119F975-5ED2-4E5E-B6D4-997871FF6EF6@hardjono.net>
In-Reply-To: <3119F975-5ED2-4E5E-B6D4-997871FF6EF6@hardjono.net>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Thu, 16 Jan 2020 15:21:25 -0800
Message-ID: <CAD9ie-uVjbqPKCRYKH-E3c8ftcZ19k=4LLJPh9Yh9AyTtO3gWQ@mail.gmail.com>
To: Thomas Hardjono <ietf-txauth@hardjono.net>
Cc: Justin Richer <jricher@mit.edu>, Thomas Hardjono <hardjono@mit.edu>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002d7ebc059c4a16de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/G8cVnkzXuBTchRbU5tSzQVvg3M4>
Subject: Re: [Txauth] alternative charter writeup
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2020 23:21:46 -0000
What I have understood we are enabling is a separation between the user using the client software, and the user that is the resource owner. Justin: is that what you had in mind? ᐧ On Thu, Jan 16, 2020 at 3:17 PM Thomas Hardjono <ietf-txauth@hardjono.net> wrote: > Yes, I see that sentence ("This protocol will allow an authorizing party > to delegate access to client software through an authorization server"). > That's very specific, which is good. > > Just wanted to be sure that the bullet further below ("Delegation between > multiple users") also makes sense given that the first sentence is talking > about delegation to a piece of software. > > It’s a big jump between (i) a person delegating to a piece of software, to > (ii) a person delegating to another person. > > Sorry for being pedantic. > > > > -- thomas -- > > > > -----Original Message----- > From: Justin Richer <jricher@mit.edu> > Date: Thursday, January 16, 2020 at 5:50 PM > To: Thomas Hardjono <ietf-txauth@hardjono.net> > Cc: "hardjono@mit.edu" <hardjono@mit.edu>, "txauth@ietf.org" < > txauth@ietf.org> > Subject: Re: [Txauth] alternative charter writeup > > I get that, but that’s why the proposed charter text tries to be very > explicit about who is delegating to whom (or what) and for what purpose. > That’s why delegation to software and delegation between users are both > listed separately. > > — Justin > > > On Jan 16, 2020, at 4:07 PM, Thomas Hardjono <ietf-txauth@hardjono.net> > wrote: > > > > The problem is that the word "delegation" is generally a very loaded > term. > > > > I understand that WGs need wiggle room, but I'm concerned that this kind > of loose wording may cause confusion down the road. > > > > > > > >>> What I think is very much out of scope is cross-domain policy > processing. > > > > Agree. > > > > > > > > -----Original Message----- > > From: Txauth <txauth-bounces@ietf.org> on behalf of Justin Richer < > jricher@mit.edu> > > Date: Thursday, January 16, 2020 at 11:54 AM > > To: Thomas Hardjono <ietf-txauth@hardjono.net> > > Cc: "hardjono@mit.edu" <hardjono@mit.edu>, "txauth@ietf.org" < > txauth@ietf.org> > > Subject: Re: [Txauth] alternative charter writeup > > > > On Jan 16, 2020, at 11:43 AM, Thomas Hardjono <ietf-txauth@hardjono.net> > wrote: > >> > >> > >> Looks good, but I have a clarification question: > >> > >>>>> - Delegation between multiple users > >> > >> What does this mean exactly? > >> > >> Is it the "multi-hop" delegation (Alice to Bob to Charlize to ...) > >> > >> Or does it only the "1-hop" delegation concurrently (Alice to Bob; > Alice to Charlize; Alice to…) > > > > My thinking was that at the very least we want to allow the person > running the client software and the person doing the authorization to be > different people. This is the UMA use case (Alice to bob) and the CIBA use > case (agent getting someone to log in). I think chaining can follow that, > where Bob can then let Charlie do something. This is also along the lines > of the token exchange model of OAuth 2, with continuously down-scoped > access. > > > > What I think is very much out of scope is cross-domain policy > processing. > > > > — Justin > > > >> > >> -- thomas -- > >> > >> > >> > >> -----Original Message----- > >> From: Txauth <txauth-bounces@ietf.org> on behalf of Justin Richer < > jricher@mit.edu> > >> Date: Thursday, January 16, 2020 at 10:46 AM > >> To: "txauth@ietf.org" <txauth@ietf.org> > >> Cc: "rdd@cert.org" <rdd@cert.org>, "Richard Backman, Annabelle" < > richanna@amazon.com>, Benjamin Kaduk <kaduk@mit.edu>, Dick Hardt < > dick.hardt@gmail.com> > >> Subject: Re: [Txauth] alternative charter writeup > >> > >> Here’s my updated text incorporating the feedback so far: > >> > >> > >> This group is chartered to develop a delegation protocol for identity, > authorization, and API access. This protocol will allow an authorizing > party to delegate access to client software through an authorization > server. The use cases supported by this protocol will include widely > deployed use cases currently supported by OAuth 2.0 and OpenID Connect (an > extension of OAuth 2.0) as well as new use cases not enabled by OAuth 2.0. > >> > >> > >> The delegation process will be acted upon by multiple parties in the > protocol, each performing a specific role. The protocol will decouple the > interaction channels, such as the end user’s browser, from the delegation > channel, which happens directly between the client and the authorization > server (in contrast with OAuth 2 which is initiated by the client > redirecting the user’s browser). The client will involve the authorizing > party as necessary through interaction mechanisms indicated by the > protocol. This decoupling avoids many of the security concerns and > technical challenges of OAuth 2.0 as well as providing a non-invasive path > for supporting future types of clients and interaction channels. > >> > >> > >> Additionally, the delegation process will allow for: > >> > >> > >> - Fine-grained specification of resource access > >> > >> - Approval of identity claims and multiple resources in a single > interaction > >> > >> - Delegation between multiple users > >> > >> - Web, mobile, single-page, interaction-constrained, and other types of > client applications > >> > >> > >> The group will define extension points for this protocol to allow for > flexibility in areas including: > >> > >> > >> - Cryptographic agility for keys, message signatures, and proof of > possession > >> > >> - User interaction mechanisms including web and non-web methods > >> > >> - Mechanisms for providing user, software, organization, and other > pieces of information used in authorization decisions > >> > >> - Token presentation mechanisms and key bindings > >> > >> > >> Additionally, the group will provide mechanisms for management of the > protocol lifecycle including: > >> > >> > >> - Discovery of the authorization server > >> > >> - Revocation of active tokens > >> > >> - Query of token rights by resource servers > >> > >> > >> Although the artifacts for this work are not intended or expected to be > backwards-compatible with OAuth 2.0 or OpenID Connect, the group will > attempt to simplify porting from OAuth 2.0 and OpenID Connect to the new > protocol where possible. > >> > >> > >> While the initial work will focus on using HTTP for communication > between the client and the authorization server, the working group will > seek to take advantage of optimization features of HTTP2 and HTTP3 where > possible, and will strive to enable simple mapping to other protocols such > as COAP. > >> > >> > >> > >> > >> > >> It’s definitely a lot, but I think we’ve got a good handle on what > we’re working on, and what the boundaries are. I think this is both too > much of an effort and too much of a break to do this in the OAuth WG, where > there’s already still plenty of work to be done. We’re leaning a lot on > lessons learned from the OAuth 2 world and its extensions, including OIDC > and UMA2. We’ve got the attention of a lot of the right people to start > this as well. > >> > >> So to the AD’s: Ben and Roman — what’s the next step? This should be a > new working group and like to get it started so that we can have our first > meeting in Vancouver. > >> > >> — Justin > >> > >> > >> On Jan 14, 2020, at 12:12 AM, Dick Hardt <dick.hardt@gmail.com> wrote: > >> > >> Sounds good to me. > >> > >> On Mon, Jan 13, 2020 at 6:24 PM Justin Richer <jricher@mit.edu> wrote: > >> > >> > >> I can get behind this kind of addition. I like Annabelle’s framing of > it in terms of decoupling, and some explanation of why we’re doing it in > relation to OAuth 2’s approach. One of the key things, to me, is that we’re > making a break from OAuth 2’s core architecture but doing so for very > specific reasons. > >> > >> — Justin > >> > >> > >> On Jan 13, 2020, at 8:54 PM, Richard Backman, Annabelle < > richanna@amazon.com> wrote: > >> > >> It’s not just about the initial communication, though. I the key thing > to emphasize is the decoupling the protocol from delegation channels, which > addresses the aforementioned security/complexity issues and also provides a > path to support future delegation channel types without significant changes > to the protocol (unlike OAuth 2.0, where extensions like Device Flow and > PAR introduce substantial changes to the core protocol flow on both client > and AS). Since the protocol isn’t assuming a particular front channel, it’s > easier to add support for a new one. > >> > >> Proposal, altered from Dick’s suggestion: > >> This group is chartered to develop a delegated identity and > authorization protocol. The use cases supported by this protocol will > include widely deployed use cases currently supported by OAuth 2.0, and > OpenID Connect, an extension of OAuth 2.0. This protocol will be decoupled > from delegation channels such as an end user’s web browser and operate > primarily through a channel between the client and the authorization > server, avoiding many of the security concerns and technical challenges of > OAuth 2.0 and providing a non-invasive path for adding support for future > types of clients and delegation channels. > >> > >> – > >> Annabelle Richard Backman > >> AWS Identity > >> > >> > >> > >> From: Dick Hardt <dick.hardt@gmail.com> > >> Date: Monday, January 13, 2020 at 4:35 PM > >> To: "Richard Backman, Annabelle" <richanna@amazon.com> > >> Cc: Justin Richer <jricher@mit.edu>, "txauth@ietf.org" <txauth@ietf.org > > > >> Subject: Re: [Txauth] alternative charter writeup > >> > >> > >> > >> I agree, some more "why" would help a broader audience understand the > motivations. How about this change to the first paragraph? > >> > >> > >> > >> This group is chartered to develop a delegated identity and > authorization protocol. The use cases supported by this protocol will > include widely deployed use cases currently supported by OAuth 2.0, and > OpenID Connect, an extension of OAuth 2.0. In contrast to OAuth 2.0, where > the protocol is initiated by redirecting the user's browser to an > authorization server, this protocol will be initiated by the client > directly interacting with the authorization server, which will mitigate > many of the security concerns and technical challenges of OAuth 2.0. > >> > >> > >> > >> > >> > >> On Mon, Jan 13, 2020 at 3:38 PM Richard Backman, Annabelle < > richanna@amazon.com> wrote: > >> > >> > >> While I agree with the goals stated in this charter, if I read this > from the perspective of someone who hasn’t been our meetings or listened to > Justin’s presentations, I’m hard pressed to see what the point of this > group is, relative to the OAuth WG. I’d expect this charter to provide at > least a cursory explanation of what problem it is trying to solve. In this > case, the problem should be partially defined in relation to OAuth. What > will this WG do that the OAuth WG hasn’t already done or isn’t already > doing? > >> > >> How about adding something like the following to paragraph 2: > >> > >> The protocol will mitigate many of the security concerns and technical > challenges of OAuth 2.0 by communicating over secure channels between the > client and the authorization server, and minimizing the amount of > information transmitted over untrusted channels. > >> > >> – > >> Annabelle Richard Backman > >> AWS Identity > >> > >> > >> > >> From: Txauth <txauth-bounces@ietf.org> on behalf of Dick Hardt < > dick.hardt@gmail.com> > >> Date: Friday, January 10, 2020 at 6:57 PM > >> To: Justin Richer <jricher@mit.edu> > >> Cc: "txauth@ietf.org" <txauth@ietf.org> > >> Subject: Re: [Txauth] alternative charter writeup > >> > >> > >> > >> This looks even better! Thanks Justin. > >> > >> > >> What do others think of the proposed charter now? > >> > >> > >> ᐧ > >> > >> > >> On Fri, Jan 10, 2020 at 12:43 PM Justin Richer <jricher@mit.edu> wrote: > >> > >> > >> Thanks, Dick. I’ve been working on an updated charter based on > everyone’s feedback, and I was aiming to have out today anyway, so this > timing is helpful. So here’s my take on a new charter, incorporating some > of your points below: > >> > >> > >> > >> This group is chartered to develop a delegation protocol for identity, > authorization, and API access. This protocol will allow an authorizing > party to delegate access to client software through an authorization > server. The use cases supported by this protocol will include widely > deployed use cases currently supported by OAuth 2.0 and OpenID Connect. > >> > >> > >> > >> The delegation process will be acted upon by multiple parties in the > protocol, each performing a specific role. The protocol will be initiated > by the client interacting directly with the authorization server (in > contrast with OAuth 2 which is initiated by the client redirecting the > user’s browser). The client will involve the authorizing party as necessary > through interaction mechanisms indicated by the protocol. > >> > >> > >> > >> Additionally, the delegation process will allow for: > >> > >> > >> > >> - Fine-grained specification of resource access > >> > >> - Approval of identity claims and multiple resources in a single > interaction > >> > >> - Delegation between multiple users > >> > >> - Web, mobile, single-page, and other types of client applications > >> > >> > >> > >> The group will define extension points for this protocol to allow for > flexibility in areas including: > >> > >> > >> > >> - Cryptographic agility for keys, message signatures, and proof of > possession > >> > >> - User interaction mechanisms including web and non-web methods > >> > >> - Mechanisms for providing user, software, organization, and other > pieces of information used in authorization decisions > >> > >> - Token presentation mechanisms and key bindings > >> > >> > >> > >> Additionally, the group will provide mechanisms for management of the > protocol lifecycle including: > >> > >> > >> > >> - Discovery of the authorization server > >> > >> - Revocation of active tokens > >> > >> - Query of token rights by resource servers > >> > >> > >> > >> Although the artifacts for this work are not intended or expected to be > backwards-compatible with OAuth 2.0 or OpenID Connect, the group will > attempt to simplify porting from OAuth 2.0 and OpenID Connect to the new > protocol where possible. > >> > >> While the initial work will focus on using HTTP for communication > between the client and the authorization server, the working group will > seek to take advantage of optimization features of HTTP2 and HTTP3, and > will strive to enable simple mapping to other protocols such as COAP. > >> > >> > >> > >> > >> > >> On Jan 10, 2020, at 12:04 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > >> > >> > >> Hey > >> > >> > >> I've written an alternative charter that I hope captures some of the > feedback on Justin's charter. > >> > >> > >> > >> I found it easier to rewrite the charter to broaden the marketplace of > ideas. > >> > >> > >> > >> Key ideas: > >> > >> > >> > >> - This work supports existing OAuth 2.0, and OpenID Connect use cases. > >> > >> > >> > >> - The client interacts directly with the authorization server. > >> > >> > >> > >> /Dick > >> > >> > >> > >> ---- > >> > >> > >> This group is chartered to develop a delegated identity and > authorization protocol.. The use cases supported by this protocol will > include widely deployed use cases currently supported by OAuth 2.0, and > OpenID Connect. In contrast to OAuth 2.0 and OpenID Connect, where the > protocol is initiated by redirecting the user's browser to an authorization > server, this protocol will be initiated by the client directly interacting > with the authorization server.. > >> > >> > >> Additionally, the protocol will allow: > >> > >> - fine-grained specification of resource access > >> > >> - the user to approve requests for identity claims and access to > multiple resources in one interaction > >> > >> - web, mobile, single-page, and other client applications > >> > >> - taking advantage of optimization features in HTTP2 and HTTP3 > >> > >> > >> The group will define extension points for this protocol to allow for > flexibility in areas including: > >> > >> > >> - discovery of the authorization server > >> > >> - cryptographic agility for keys, message signatures, and proof of > possession > >> > >> - user interaction mechanisms including web and non-web methods- token > presentation mechanisms and key bindings > >> > >> > >> Although the artifacts for this work are not intended or expected to be > backwards-compatible with OAuth 2.0 or OpenID Connect, they will attempt to > simplify porting from OAuth 2.0 and OpenID Connect, and strive to reuse > existing semantics such as client identifiers, OAuth 2.0 scopes and access > tokens, and OpenID Connect ID Tokens and claims. > >> > >> > >> While the initial work will focus on using HTTP for communication > between the client and the authorization server, the working group will > strive to enable simple mapping to other protocols such as COAP. > >> > >> > >> > >> > >> > >> > >> > >> ᐧ > >> > >> -- > >> Txauth mailing list > >> Txauth@ietf.org > >> https://www.ietf.org/mailman/listinfo/txauth > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> -- > >> Txauth mailing list > >> Txauth@ietf.org > >> https://www.ietf.org/mailman/listinfo/txauth > >> > >> > >> -- > >> Txauth mailing list > >> Txauth@ietf.org > >> https://www.ietf.org/mailman/listinfo/txauth > > > > -- > > Txauth mailing list > > Txauth@ietf.org > > https://www.ietf.org/mailman/listinfo/txauth > > > > > > > > -- > Txauth mailing list > Txauth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Adrian Hope-Bailie
- Re: [Txauth] alternative charter writeup Yaron Sheffer
- Re: [Txauth] alternative charter writeup Lee McGovern
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Richard Backman, Annabelle
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Richard Backman, Annabelle
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Torsten Lodderstedt
- Re: [Txauth] alternative charter writeup Thomas Hardjono
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Richard Backman, Annabelle
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Thomas Hardjono
- Re: [Txauth] alternative charter writeup Richard Backman, Annabelle
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Thomas Hardjono
- Re: [Txauth] alternative charter writeup Dick Hardt
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Justin Richer
- Re: [Txauth] alternative charter writeup Richard Backman, Annabelle
- Re: [Txauth] alternative charter writeup Justin Richer