From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7A2A9AC06C6 for ; Sat, 11 May 2024 00:24:52 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=6jEqYD74v2d22nuceGZA0wjEM+J/LNh3Uk5GkXAaF1c=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20240206; t=1715387090; v=1; b=xEnMnAgVImBHI/amaFmiuJAtOMus2WKNbFHQUTqSptMcQRvb7Nyy4bDxmvE8vz93VAWH0s58 ifnqfSrHBy+QRHtseYLtDPXNWW0wgDXV7SunOuyxudBnCNSMtGCItWAjMKU5rWVqJ1D1NXmnGnL npwStwtL5vM3jTXn8+VaSbugxBAtLt55xIK6apxb+iyspBCY+nOpTwE4H13NNkmlCPICIVrvFH8 3hyzAnyOdVBgjVmvTTZrMQBQVJd8eLWqmrLeajgM7SFy+vyWX+IOcwtqvDwOeWq/b9WVUDkgNX9 BWFbQYxkbmz5296Y3yTfGWlul9UqqtOlOPcA9vg8zyfPg== X-Received: by 127.0.0.2 with SMTP id 9BBtYY7687511xAcq8h7NMUV; Fri, 10 May 2024 17:24:50 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by mx.groups.io with SMTP id smtpd.web11.5108.1715387089447006099 for ; Fri, 10 May 2024 17:24:49 -0700 X-CSE-ConnectionGUID: 4UKgVN2iSHOwDLwGhGoJdg== X-CSE-MsgGUID: 4jwD+qjpQ+WaMHRjpRxw6Q== X-IronPort-AV: E=McAfee;i="6600,9927,11069"; a="22797901" X-IronPort-AV: E=Sophos;i="6.08,152,1712646000"; d="scan'208,217";a="22797901" X-Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2024 17:24:49 -0700 X-CSE-ConnectionGUID: zgAWO19fRLWvoHeM2ppDAg== X-CSE-MsgGUID: Q5fdkn+mT+KV5xqO2mqj5A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,152,1712646000"; d="scan'208,217";a="29843833" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa010.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 10 May 2024 17:24:49 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 10 May 2024 17:24:48 -0700 X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 10 May 2024 17:24:47 -0700 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Fri, 10 May 2024 17:24:47 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.40) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 10 May 2024 17:24:47 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CH3PR11MB7819.namprd11.prod.outlook.com (2603:10b6:610:125::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.51; Sat, 11 May 2024 00:24:45 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::6444:ca4c:aa3e:f8d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::6444:ca4c:aa3e:f8d2%4]) with mapi id 15.20.7544.048; Sat, 11 May 2024 00:24:45 +0000 From: "Yao, Jiewen" To: Doug Flick , "devel@edk2.groups.io" CC: Pierre Gondois Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Thread-Topic: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Thread-Index: AQHaodWy8++ksZGQUU6r61Zd6rNeobGQQqKAgAC3OACAADVdkA== Date: Sat, 11 May 2024 00:24:45 +0000 Message-ID: References: <28887.1715375548214810238@groups.io> In-Reply-To: <28887.1715375548214810238@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CH3PR11MB7819:EE_ x-ms-office365-filtering-correlation-id: 333af5db-b688-4731-135f-08dc7150c281 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?HKCEQg7QIT7oF8+qiRPJijTCG/Nm6HkfN2j5kXr1ELXkv/naqJQYWXM1Rb5V?= =?us-ascii?Q?YlgPDIA1PYVm2VNObQqLM4e9Pi68+CUW0WUXdOp3EEMNT24eQb6lGScBApAp?= =?us-ascii?Q?/mJZLXXHpj3vnvFelHBCAhqmg2/mjW7BvNg80yWvenCSNHg3UyJsbTHpVcCE?= =?us-ascii?Q?RK4x3qEARucmQlVp5hAbvkvq7b8ehs9m4MdwVghjHBrlIVmd2EYepbBrJGrm?= =?us-ascii?Q?nAcoWY1FfJPT6uiPH3AGETwtK1wILGbMQ3XYJogw206Dc9CfwGDXfoZeZ3jX?= =?us-ascii?Q?61iCjm1ZMq52PrDbhK13htm8EFvE9mv4/oqY+XLfjGVhl+hNlfk6LfhboafG?= =?us-ascii?Q?N19ZJsVVXMqtukxdvyHB94RlQRTZnpMcDyK6EW8ThzBBmBQ2SzyFpo8eubQ6?= =?us-ascii?Q?LtrtdeZT6cHNaYFqdBgHS1UUrVSX9bbuo7OXs9h5NrU3g9a27afKRiYlsaLS?= =?us-ascii?Q?nZ0YXPD+NyrmHCDch3vfJSbBmygMZIunln6wzepAWhCC4U6nS/aT8EwF8U5w?= =?us-ascii?Q?7yraoswbyC6eiJexSxj0Om+VWkkEkZkG6DdTaYeS+NU+cDS6WT+ZJz6L1NVa?= =?us-ascii?Q?CeF2aqEI5bYZ+64xeNtcCIa8qGSwwCDS8OgxoSUdO5mfAI1EmMmLpQzP8k4y?= =?us-ascii?Q?UJzINHxOtM7LIcg0QaY3INdWbg5Ewi1nXtq2vSBTNauWu3+OUpD6IM7BFHAZ?= =?us-ascii?Q?SAUhYIs6wcxLXLQzDl3b/ACmDUpVMadWbpB0+JwDrR0Tdx5BOyLKcYZAwYqu?= =?us-ascii?Q?S11fN1/zflVl3TEJTfKL43DxaSBG2uNF+sq9BYbUVqGx12NQYw28bbdrO8Yy?= =?us-ascii?Q?93j7EjEDg47eNWuHdqLxdZd32y29V5LYn7MQtOJwciZj+0KqyvL7RMSUVoxa?= =?us-ascii?Q?KvOrXBAX6xHyrfztuxbfNoYX6dxoQ1A795de9gwAzo+voPxAOZGoKDiIyfoH?= =?us-ascii?Q?uKKjd6S1+Pc7W9n7cIDd+Dk+uiWgYvTTmZX0NqqN/0SGAKz1qlxkUHR6ZHeb?= =?us-ascii?Q?DAWVN71nIdBy+CIcbNrNS5OWU4ErTl5OlNy1xOJe8Q4M27uHs/YL8TYcT6T2?= =?us-ascii?Q?C6b+hgKTggp9/KxQa8sqmF6Xu//eVvyPSVQ3QfWYTS/df4M+ei3uOcBPnQi/?= =?us-ascii?Q?gr/RkXrbh+TnIHodRPv+Iql0f/d/EBd1fQgiXQh1A+fOiC+smzG8jr3X482t?= =?us-ascii?Q?BMs7Nz8vD10pUgXt2rBTVjUdMiccjRjO1TI917dIcVn3lYgaQSSCGV8ldDPg?= =?us-ascii?Q?izfxDJKmEtgifp8q8jrBqpKctAAnNmRtUdqpUF+Cj6inoFonV5jzKKsLpqD1?= =?us-ascii?Q?GWc=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?R23SN/TkyUk51t3Mb2XdJB9qAV65HVKPeNTouy8WErZNtkjF6X0Mhb6vgfuy?= =?us-ascii?Q?jAv8EN5Qu6843gHsBScZlZgPgPb+f0D5np6xuq2XNbcbrgSESxi46TlrFnCT?= =?us-ascii?Q?Wb3xjz63t6B4pw49fgRfPwLCfNbly8pZXIGSD+d0zBxBOd05YJfMTCiu8HYf?= =?us-ascii?Q?fS4duAEPWjVSfs7hMmrSV6Y+itHvCP9ZPyAWxSbleGKWzQcBrGVmxRz/Mnb7?= =?us-ascii?Q?5ucty7l33DsWbJxjIfoHpzsTldyW4YkQKCB7FjDLF66ZcNJ4HYbCGCwaf5iZ?= =?us-ascii?Q?fwnvRimFNO0mAMHKJrctWE2ohE9NjPL9Ob+fhpQJh6KQmbQVeXOV6eGYhywI?= =?us-ascii?Q?n/5JAxPPJqdK67bnGFclXhlnCa4AEg01DmIj3XBcK6apurJKNzxjhdqQgfNz?= =?us-ascii?Q?mfs/0BIHJQIOMGGYPqFZa9g0E003rgYgmT4GZeedEWEwUFrOfGBECkXIDsWk?= =?us-ascii?Q?NVtcV0/vpHZuojgjVxmoUXoc5/0eZU612fcfIm0Vq9c4tPqKUgWImBrZHleK?= =?us-ascii?Q?nlR0CwHlhB/uJBT4njqs0yNQwOfHy+bAkABpzfHATT63JHRCBpfuHyxoS/X8?= =?us-ascii?Q?nFEYR8lH6+3vG+vkEou4ody3qKzGrVMnihPB7l1XgAoyUwHKQUyX0RANpCgH?= =?us-ascii?Q?QVB37K4o+XY5l64/F+3BqHgpMcCAmGAmHmiPNiQSHA8K3MoGRNOtzV3VXHAz?= =?us-ascii?Q?/GXIMEX3gRSlT44jMDwxq9v12UpFGJXxuAFP0CsWF4FftqJd5D8lbDd8U2kI?= =?us-ascii?Q?Seu4sb+BJukMjsvXpZGLJ/vekTZYFf3wqW5DnDA88xH/YMPn+g/kLYg0GvaJ?= =?us-ascii?Q?7OqC4UnZvnpXT9JEaPmI1vnYcsvIj3+0gRVDn+wIRhZxLKpJSelWAhBgWKbY?= =?us-ascii?Q?V8VjdLW7Fs9yu2jomptZrVQpRRSj1TNCUbz/VyQpWiuExziLQq1WAtHHNEQk?= =?us-ascii?Q?fGnX8rlciztpJf48HEjTeGuiTN79IbBHM5l9XiDBXkwHZz1HGP8DoTRuv7s0?= =?us-ascii?Q?8XvA6jwoUvirgq7RNTIuafixc3E9v9DigogJkgmZ15MT9oTuL3XG525Z2TyF?= =?us-ascii?Q?1PCEdPTs8SQEJvkpJBrV4SaK06XDpnPDOVKLOe7DqH9qhknsS+TgNjFzCTdr?= =?us-ascii?Q?xnnYQtoQL5kQFPqt5eaqLqsBg7vhoi2EkuUVtTGFEmi4jXI1qZrBvJwWmuRy?= =?us-ascii?Q?Hio2dbEpPy3F4lf00n3/s9m2R4Co5KRAlazO1/xDgw/025AWu6mZocFuMMZ3?= =?us-ascii?Q?fSlzwtIIkq/Lov4yamt3fPl3/e24OZ7smFMFdCIJFk8uxCLQV+yS24aI7/Uy?= =?us-ascii?Q?Qw4sKMc+Z0cKBhCwceHHZQCl72JbG7tF2pJM3ALiLWlW9UTMG2jR5hlczx4q?= =?us-ascii?Q?BnHFrh0B813f0EMpy3dbTs7soz2jUVGuUk5Zss1aww+kBe7FmRoXaKkKMr0G?= =?us-ascii?Q?y0Nj0D++L47uUCzFsXwlPIm63KjF/D5pxu+CtrvuAQ6MGnam9KnsYRoJAxxS?= =?us-ascii?Q?TlHiQpDSyAV5kFI8yc1nNS3v4jjY0kS6Y3vYNJ/b8K9uKDclZthE1E6BQFnc?= =?us-ascii?Q?jFwXmSkjmbkZCWoqYQefC0fO+95Uz0XHSOuIU7Na?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 333af5db-b688-4731-135f-08dc7150c281 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2024 00:24:45.3936 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lq+Al7JqNHCK6EkzsPOc2oN62D+2k/qr66DDX3IWh2Z8qF16e8YFzq2u2CoYsu/IViwa7Wc4wEkiImzTxKH4/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB7819 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 10 May 2024 17:24:49 -0700 Resent-From: jiewen.yao@intel.com Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: S1SmLw9VgEVccqNVm5cqMZdZx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MW4PR11MB5872E62FE762D1275C9E0A5B8CE02MW4PR11MB5872namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=xEnMnAgV; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_MW4PR11MB5872E62FE762D1275C9E0A5B8CE02MW4PR11MB5872namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks to confirm that. I am OK on what you have said. Since the ARM part is added by Pierre Gondois pierre.gondois@arm.com, I will let him comment if there is any concern on= the change for ARM. Thank you Yao, Jiewen From: Doug Flick via groups.io Sent: Saturday, May 11, 2024 5:12 AM To: Yao, Jiewen ; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove inco= rrect limitation on GetRng So, I'm trying to consult with some RNG experts because I'm by no means an = expert and anything I say should be taken with huge grain of salt. When I g= et the experts take, I'll share it. Basically, the way I read this code is that it by no means tries to enforce= any entropy requirement outside of what you ask for. My understanding is the 256 Bit Entropy requirements comes from when you ar= e using a DRNG algorithm such as: #define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ {0xa7af67cb, 0x603b, 0x4d42,\ {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96}} #define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ {0xc5149b43, 0xae85, 0x4f53,\ {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7}} #define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ {0x44f0de6e, 0x4d8c, 0x4045, \ {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e}} "When a Deterministic Random Bit Generator (DRBG) is used on the output of = a (raw) entropy source, its security level must be at least 256 bits." https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-= generator-protocol That is, the seed of these algorithms must be at a minimum 256 bits from yo= ur entropy source. Now when you call for instance EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID On an INTEL CPU it uses the Intel RDRAND Instruction https://github.com/tianocore/edk2/blob/4b6ee06a090d956f80b4a92fb9bf03098a37= 2f39/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L108C45-L108C51 Which from what I can tell the generator takes pairs of 256-bit raw entropy= samples generated by the hardware entropy source and applies them to an Ad= vanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which reduce= s them to a single 256-bit conditioned entropy sample. https://en.wikipedia.org/wiki/RDRAND https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digi= tal-random-number-generator-drng-software-implementation-guide.html Which means, if you are implementing these algorithms in software, you must= comply with the 256 bit entropy requirement for your source. However in ou= r case the CPU is performing that requirement for us. Again I'm no expert. So if an expert is reading this and I'm completely wro= ng please let me know :) -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118828): https://edk2.groups.io/g/devel/message/118828 Mute This Topic: https://groups.io/mt/105996584/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_MW4PR11MB5872E62FE762D1275C9E0A5B8CE02MW4PR11MB5872namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Thanks to confirm that.

I am OK on what you have said.

 

Since the ARM part is added by Pierre Gondois pierre.gondois@arm.com, I will let him comment if there is any concern = on the change for ARM.

 

Thank you

Yao, Jiewen

 

 

From: Doug Flick via groups.io <dougflick= =3Dmicrosoft.com@groups.io>
Sent: Saturday, May 11, 2024 5:12 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remo= ve incorrect limitation on GetRng

 

So, I'm trying to consult with some RNG experts because I'm by no means = an expert and anything I say should be taken with huge grain of salt. When = I get the experts take, I'll share it.

Basically, the way I read this code is that it by no means tries to enfo= rce any entropy requirement outside of what you ask for.

My understanding is the 256 Bit Entropy requirements comes from when you= are using a DRNG algorithm such as:

#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \
 {0xa7af67cb, 0x603b, 0x4d42,\
 {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96}}
 
#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \
 {0xc5149b43, 0xae85, 0x4f53,\
 {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7}}
 
#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \
 {0x44f0de6e, 0x4d8c, 0x4045, \
 {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e}}

"When a Deterministic Random Bit Generator (DRBG) is used on the ou= tput of a (raw) entropy source, its security level must be at least 256 bit= s."

https://uefi.org/specs/= UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol<= o:p>

That is, the seed of these algorithms must be at a minimum 256 bits from= your entropy source.

Now when you call for instance EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID

On an INTEL CPU it uses the Intel RDRAND Instruction

https://github.com/tianocore/edk2/blob/4b= 6ee06a090d956f80b4a92fb9bf03098a372f39/SecurityPkg/RandomNumberGenerator/Rn= gDxe/Rand/RngDxe.c#L108C45-L108C51

Which from what I can tell the generator takes pairs of 256-bit raw entr= opy samples generated by the hardware entropy source and applies them to an= Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which red= uces them to a single 256-bit conditioned entropy sample.

https= ://en.wikipedia.org/wiki/RDRAND

https://www.intel.com/content/www/us/en/developer= /articles/guide/intel-digital-random-number-generator-drng-software-impleme= ntation-guide.html

Which means, if you are implementing these algorithms in software, you m= ust comply with the 256 bit entropy requirement for your source. However in= our case the CPU is performing that requirement for us.

Again I'm no expert. So if an expert is reading this and I'm completely = wrong please let me know :)

_._,_._,_

Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118828) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_MW4PR11MB5872E62FE762D1275C9E0A5B8CE02MW4PR11MB5872namp_--