* Dave Horsfall:
Take the plaintext and the ciphertext, and XOR them together. Does the
result reveal anything about the key or the painttext?
Yes, their length.
___
The cryptography mailing list
cryptography@metzdowd.com
* John Gilmore:
[John here. Let's try some speculation about what this phrase,
fabricating digital keys, might mean.]
Most likely, as part of his job at the contractor, he had
administrator access to a system which was used for key management,
perhaps to apply security updates, manage backups
* Steven Bellovin:
Does anyone know of any ciphers where bits of keys modify the
control path, rather than just data operations?
AES. See François Koeune, Jean-Jacques Quisqater, A timing attack
aganst Rijndael. Université catholique de Louvain, Technicl Report
CG-1999.
Essentially, officials want Congress to require all services that
enable communications — including encrypted e-mail transmitters like
BlackBerry, social networking Web sites like Facebook and software
that allows direct “peer to peer” messaging like Skype — to be
technically
, if you're
anonymous and oppressed, you're still oppressed.
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
introducing additional
round trips because there is no explicit handshake. Lack of handshake
generally makes error recovery quite complex once there are multiple
protocol versions you need to support, but handshaking is *not* a
consequence of layering.
--
Florian Weimerfwei...@bfk.de
* Donald Eastlake:
It's always possible to make protocols more secure at higher cost.
On the other hand, group key vulnerabilities are nothing new. It's
just that many protocol designers seem to not understand them. Back
when Cisco proposed XAUTH for IPsec, there was a heated discussion
about
about the URL case I mentioned), but only to
up to a degree.
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
implementing CCM?
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
* Thierry Moreau:
Florian Weimer wrote:
* Thierry Moreau:
For which purpose(s) is the DNS root signature key an attractive
target?
You might be able to make it to CNN if your spin is really good.
But even without this self-restraint, there would be no spin for a CNN
story. Dedication
* John Levine:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login process, a botted PC can wait
-trusted source is quite risky.
(It turns out that the current signing schemes have not been designed
for this type of application, but the general crypto community is very
slow at realizing this discrepancy.)
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http
. (And the priming response is already
larger than 600 bytes due to IPv6 records.)
DNSKEY RRsets are more interesting. But in the end, this is not a DNS
problem, it's a lack of regulation of the IP layer.
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http
by private analysis. (It is somewhat at odds with my own
conclusions.)
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
to our lack of
means to build machine registers which can store integers in the
mathematical sense.
--
Florian Weimerfwei...@bfk.de
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
* Stephan Somogyi:
At 13:08 -0500 03.03.2009, Adam Fields wrote:
When compelled to give out your password
Unless I'm misunderstanding the ruling, Boucher is not being compelled
to produce his passphrase (like he could under RIPA Section 49 in the
UK), but he is being told to produce the
[Moderator's note: I've been clamping down on the IP discussion since
not much more really new was being said, but I'm allowing this through
because it brings up an interesting side point -- I will reply to it
to move to that discussion. --Perry]
* Perry E. Metzger:
However, a cert seems almost
* Jerry Leichter:
Any speculations (beyond bureaucracy at its finest)?
I wild guess would be fraudulent testing organizations which claim to
have been subject to fraud themselves, and the testing standards body
answered with some sort of regulation.
(For certain German language test instances
* Jerry Leichter:
I got in touch with the company and actually received intelligent
responses both at their 800 number - I placed my order that way - and
in a response from their customer service people. Most remarkable -
almost all organizations ignore such communication. It's ironic
* Dirk-Willem van Gulik:
Been looking at the Telnic (dev.telnic.org) effort.
In essence; NAPTR dns records which contain private details such as a
phone number. These are encrypted against the public keys of your
friends (so if you have 20 friends and 3 phone numbers visible to all
friends
* James A. Donald:
Is there a way of constructing a digital signature so
that the signature proves that at least m possessors of
secret keys corresponding to n public keys signed, for n
a dozen or less, without revealing how many more than m,
or which ones signed?
What about this?
* Peter Gutmann:
On a semi-related topic, it'd be interesting to get some discussion about FF3
removing the FF2 SSL indicators of the padlock and (more visibly) the
background colour-change for the URL bar when SSL is active and replacing it
with a spoof-friendly indicator that's part of
* Eric Rescorla:
Why do you say a couple of megabytes? 99% of the value would be
1024-bit RSA keys. There are ~32,000 such keys.
There are three sets of keys, for big-endian 32-bit, little-endian
32-bit and little-endian 64-bit. On top of that, openssl genrsa
generates different keys
I've got a function f : S - X x S where S = (Z/2Z)**96 and
X = (Z/2Z)**32. Suppose that s_0 is fixed and (x_i, s_i) = f(s_{i-1}).
(f implements a PRNG. The s_i are subsequent internal states and the
x_i are results.)
Now f happens to be linear. I know the values of x_i, x_{i+1}, ...,
x_{i+k}
* Karsten Nohl:
The benefits clearly outweigh the risks since half a year after
announcing the vulnerabilities, Mifare Classic is hopefully not used
in any high security application anymore.
Isn't this a bit of wishful thinking?
The dynamics are probably very involved because you usually
* Jack Lloyd:
Perhaps there is something subtle here that is more dangerous than the
well known problems, and all these source port randomization and
transaction id randomization fixes are just a smokescreen of sorts for
a fix for something Dan found.
It's not a smokescreen, it's a
* John Levine:
CERT/CC mentions this:
| It is important to note that without changes to the DNS protocol, such
| as those that the DNS Security Extensions (DNSSEC) introduce, these
| mitigations cannot completely prevent cache poisoning.
Why wouldn't switching to TCP lookups solve the problem?
* Paul Hoffman:
The take-away here is not that Dan didn't discover the problem, but
Dan got it fixed.
I haven't seen credible claims that the underlying issue can actually be
fixed in the classic DNS protocol. There are workarounds on top of
workarounds. A real fix requires more or less
* Allen:
Interesting tidbit:
http://www.epaynews.com/index.cgi?survey=ref=browsef=viewid=121516308313743148197block=
Nick Ogden, a Briton who launched one of the world's first e-commerce
processors in 1994, has developed a system for voice-signed financial
transactions. The Voice Transact
* Arshad Noor:
I may be a little naive, but can a protocol itself enforce proper
key-management? I can certainly see it facilitating the required
discipline, but I can't see how a protocol alone can enforce it.
Any examples you can cite where this has been done, would be very
helpful.
As
* Stephan Neuhaus:
This article: http://www.spiegel.de/wirtschaft/0,1518,563606,00.html
(sorry, German only) describes a judgment made by a German district
court which says that banks are liable for damages due to phishing
attacks.
District court may be a bit misleading, it's the entry-level
* Peter Gutmann:
Or is it unreasonable to expect that the specs match what is actually needed
for interoperability with existing implementations (mostly in the TLS, S/MIME
area)?
There is very little correspondence between PKI specs and reality.
I should have written that my main goal was to
* Peter Gutmann:
[1] Show of hands, how many people here not directly involved with X.509 work
knew that the spec required that all extensions in CA root certificates
(trust anchors in recent X.509 jargon) be ignored by an implementation?
So if you put in name constraints, key
* Arshad Noor:
The author of an article that appeared in InformationWeek this week
(June 30, 2008) on Enterprise Key Management Infrastructure (EKMI):
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
states the following:
There are, of course, obstacles
* Peter Gutmann:
Florian Weimer [EMAIL PROTECTED] writes:
* Peter Gutmann:
[1] Show of hands, how many people here not directly involved with X.509
work
knew that the spec required that all extensions in CA root certificates
(trust anchors in recent X.509 jargon) be ignored
* Perry E. Metzger:
Excerpt:
Jennifer Caukin, Skype's director of corporate communications
replied to us: We have not received any subpoenas or court
orders asking us to perform a live interception or wiretap of
Skype-to-Skype communications. In any event, because of
* Dave Korn:
In a major change of stance, Canada-based Research In Motion (RIM)
may allow the Indian government to intercept non-corporate emails
sent over BlackBerrys.
Research In Motion (RIM), the Canadian
* Peter Gutmann:
Debian seem to be particularly bad for not reporting changes to
maintainers,
This shouldn't be the case. There's a clear policy that non-packaging
changes (basically, anything beyond trivial build fixes and pathname
changes for FHS compliance) should be submitted upstream.
* Ben Laurie:
Jonathan S. Shapiro wrote:
Ben: I'm idly curious. Was this exceptionally unusual case where use of
uninitialized memory was valid properly commented in the code?
It's mentioned in the manpage for a function that eventually calls the
function that was (correctly) patched--through
* Ben Laurie:
I must confess that I said that because I did not have the energy to
figure out the other routes to adding entropy, such as adding an int
(e.g. a PID, which I'm told still makes it in there).
The PID dependency is there because of the need for fork
support--obviously, the PRNG
, or if the code is actually bogus.
(And for most (all?) non-trivial software, source code acquisition
costs are way below validiation costs, so public availability of
source code is indeed a red herring.)
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de
* James A. Donald:
From time to time I hear that DNSSEC is working fine, and on examining
the matter I find it is working fine except that
Seems to me that if DNSSEC is actually working fine, I should be able
to provide an authoritative public key for any domain name I control,
and
) if this message turns out to be
spam. There's nothing related to confidentiality that I know of.
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721
approaches:
|
| * The content of a page disappears when its respective encryption key
| is deleted, a very fast operation. [...]
AFAICS, the patent does not reference the paper.
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100
* Ivan Krstić:
We've recently had to jump through the BIS crypto export hoops at
OLPC. Our systems both ship with crypto built-in and, due to their
Fedora underpinnings, allow end-user installation of various crypto
libraries -- all open-source -- through our servers. It was a
nightmare; the
* William Allen Simpson:
Assuming,
Dp := any electronic document submitted by some person, converted to its
canonical form
Cp := a electronic certificate irrefutably identifying the other person
submitting the document
Cn := certificate of the notary
Tn := timestamp
* Ivan Krstić:
On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote:
But this exhibits an issue with disk-based encryption: you can't
really know what they are doing, and if they are doing it right.
(Given countless examples of badly-deployed cryptography, this isn't
just paranoia, but a real
* Simon Josefsson:
One would assume that if you disable the password, the data would NOT be
accessible. Making it accessible should require a read+decrypt+write of
the entire disk, which would be quite time consuming. It may be that
this is happening in the background, although it isn't
* Hal Finney:
Information on the quality of AV and other security products is widely
available on the net, in magazines and other places that consumers
might look for reviews and comparisons. This is completely unlike
the situation with individual used cars. I don't see this analogy as
* John Ioannidis:
Florian Weimer wrote:
It's also an open question whether network operators subject to
interception requirements can legally offer built-in E2E encryption
capabilities without backdoors.
You probably meant device vendors, not network operators. The whole
*point* of E2E
* Ian Farquhar:
Crypto has been an IP minefield for some years. With the expiry of
certain patents, and the availability of other unencumbered crypto
primitives (eg. AES), we may see this change. But John's other
points are well made, and still valid. Downloadable MP3 ring tones
are a
* Peter Fairbrother:
I forgot to mention that Pt.3 also includes coercive demands for
access keys - so for instance if Mr Bill Gates came to the UK, and if
there was some existing question about Microsoft's behaviour in some
perhaps current EU legal matter, Mr Gates could be required to give
* Udhay Shankar N.:
Hasn't this already been going on a while? I'm only surprised there
hasn't been a big public incident yet.
Doesn't this one count?
| According to Chief Superintendent Arye Edelman, head of the Tel Aviv
| fraud squad, which ran the investigation, Haephrati used two methods
* Ian G.:
Banks are the larger and more informed party.
But not as far as client-side fraudulent activity is concerned. After
all, the attacked systems are not under their administrative control.
They need to provide systems that are reasonable given the situation
(anglo courts generally
* Anne Lynn Wheeler:
In the mid-90s, financial institutions looking at the internet for
online, commercial banking and cash management (i.e. business
equivalent to consumer online banking) were extremely conflicted
... they frequently were almost insisting on their own appliance at
the
* Jerry Leichter:
OK, I could live with that as stated. But:
The code also adds: We reserve the right to request access to
your computer or device in order to verify that you have taken
all reasonable steps to protect your computer or device and
safeguard your
* John Ioannidis:
I wonder how much it cost them to find current addresses for
everybody so we could be notified.
I guess it's pretty easy because your personal information is
available to so many organizations, without any safeguards.
Obviously, they had your social security number (it's only
* Victor Duchovni:
But no one is issuing certificates which are suitable for use with
SMTP (in the sense that the CA provides a security benefit). As far
as I know, there isn't even a way to store mail routing information in
X.509 certificates.
There is no need to store routing
* Victor Duchovni:
That's good of you not to expect it, given that zero of the major CAs
seem to support ECC certs today, and even if they did, those certs
would not work in IE on XP.
We are not talking about this year or next of course. My estimate is
that Postfix releases designed this
* Ian G.:
My worry was that they hadn't open sourced the architecture component,
the part that wasn't meant to be replaceable. However even if open
sourced, Sun may still wield a stick over the providers by insisting
that they manage the signing process for the providers.
The signing
* Ian G.:
Does anyone know what Sun failed to opensource in the crypto part of
Java?
The Sun JCE provider appears to be missing, which means that few
cryptographic algorithms are actually implemented in the source drop.
All the symmetric encryption algorithms are missing, for instance.
* Travis H.:
Also there's a semantic issue; am I attesting to the plaintext,
or the ciphertext? It's possible the difference could be important.
With sign, then encrypt, it's also possible that the receiver decrypts
the message, and then leaks it, potentially giving the impression that
the
* Perry E. Metzger:
This seems to me to be, yet again, an instance where failure to
consider threat models is a major cause of security failure.
Sorry, but where's the security failure? Where can you buy hardware
devices that can copy HD disks? Or download software that does, with
a readily
* Peter Gutmann:
Dave Korn [EMAIL PROTECTED] writes:
Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread
non-acceptance.
I realise this is a bit of a cheap shot, but:
How will this be any different from the current situation?
You can see that the keys change and
* Simon Josefsson:
However, in practice I don't believe many will trust the root key
alone -- for example, I believe most if not all Swedish ISPs would
configure in trust of the .se key as well.
There are some examples that such static configuration is extremely
bad. Look at the problems
* James A. Donald:
Obviously financial institutions should sign their
messages to their customers, to prevent phishing. The
only such signatures I have ever seen use gpg and come
from niche players.
Deutsche Postbank uses S/MIME, and they are anything but a niche
player. It doesn't help
* Perry E. Metzger:
If you go over to, say, www.fidelity.com, you will find that you can't
even get to the http: version of the page any more -- you are always
redirected to the https: version.
Of course, this only helps if users visit the site using bookmarks
that were created after the
* Saqib Ali:
You can read about the competition, which will come to a close in the
next 90 days at:
http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html
In the process, the following document has been published:
I hesitate to use the syllable crypto in describing this paper,
but those who have not seen it may find it interesting.
http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf
Or profitable.
In a weired sense, yes. If I understand the paper correctly, the
authors show
* James A. Donald:
DOS is now a major problem - every business, online
games, money movers, banks, porno sites, casinos, now
comes under DOS attack from extortionists.
How do Hamiltonian paths protect against the H.R.4411 attack?
(Part of the DoS problem online casinos face is that due to
* Steven M. Bellovin:
Again -- the scheme isn't foolproof, but it's probably *good enough*.
I agree that if you consider this scheme in isolation, it's better
than plain user names and passwords. But I wonder if it significantly
increases customer confusion because banks told their customer
* Douglas F. Calvert:
I remember seeing a paper about identifying private keys in RAM. I
thought it was by Rivest but I can not locate it for the life of me.
Does anyone remember reading something like this? The basic operation
was to identify areas in RAM that had certain characteristics
* Steven M. Bellovin:
I wonder how accurate this is. It's certainly true that some drives have
vendor passwords to unlock them. It's hard to see how they could break
through (good) software encryption,
A lot of software tends to create temporary files in random places.
If you don't encrypt
* Travis H.:
On 7/11/06, Hal Finney [EMAIL PROTECTED] wrote:
: So what went wrong? Answer: NIST failed to recognize that table lookups
: do not take constant time. âTable lookup: not vulnerable to timing
: attacks, NIST stated in [19, Section 3.6.2]. NIST's statement was,
: and is,
* Steven M. Bellovin:
I have more than a passing aquaintance with the complexity of phone
switch software; doing that was *hard* for anyone, especially anyone
not a switch developer.
Isn't Ericsson's switching software written in Erlang, is highly
modular and officially supports run-time code
* Anne Lynn Wheeler:
Florian Weimer wrote:
FINREAD is really interesting. I've finally managed to browse the
specs, and it looks as if this platform can be used to build something
that is secure against compromised hosts. However, I fear that the
support costs are too high, and that's why
* Ka-Ping Yee:
Passpet's strategy is to customize a button that you click. We
are used to recognizing toolbar buttons by their appearance, so
it seems plausible that if the button has a custom per-user icon,
users are unlikely to click on a spoofed button with the wrong
icon. Unlike other
* Anne Lynn Wheeler:
Florian Weimer wrote:
If you've deployed two-factor authentication (like German banks did in
the late 80s/early 90s), the relevant attacks do involve compromised
customer PCs. 8-( Just because you can't solve it with your technology
doesn't mean you can pretend
* James A. Donald:
The obvious solution to the phishing crisis is the widespread
deployment of SRP, but this does not seem to happening. SASL-SRP was
recently dropped. What is the problem?
There is no way to force an end user to enter a password only over
SRP. That's why SRP is not
* Sandy Harris:
Recent news stories seem to me to make it obvious that anyone with privacy
concerns (i.e. more-or-less everyone) should be encrypting as much of their
communication as possible. Implementing opportunistic encryption is the
best way I know of to do that for the Internet.
I'm
* Travis H.:
IIUC, protocol design _should_ be easy, you just perform some
finite-state analysis and verify that, assuming your primitives are
ideal, no protocol-level operations break it.
Is this still true if you don't know your actual requirements?
* Hadmut Danisch:
The only precise definition I found is in a law dictionary where it is
defined as a legal term.
The OED might also be helpful:
B. [...] 2. a. A chief actor or doer; the chief person engaged in
some transaction or function, esp. in relation to one employed by or
acting
* Bill Stewart:
Or you could try using the Google Keyserver -
just because there isn't one
doesn't mean you can't type in 9E94 4513 3983 5F70
or 9383DE06 or [EMAIL PROTECTED] PGP Key
and see what's in Google's cache.
What a peculiar advice. We know for sure that Google logs these
* Werner Koch:
On Sat, 11 Feb 2006 12:36:52 +0100, Simon Josefsson said:
1) It invoke exit, as you have noticed. While this only happen
in extreme and fatal situations, and not during runtime,
it is not that serious. Yet, I agree it is poor design to
do this in a library.
* Ulrich Kuehn:
In 2000 someone here in Germany already demonstrated how to attack
smart card based HBCI transactions. Those transactions are
authorized by an RSA signature done by the card.
Here's a link: http://www.heise.de/newsticker/meldung/9349
The attack relyed on the card reader not
* Nicholas Bohm:
[EMAIL PROTECTED] wrote:
You know, I'd wonder how many people on this
list use or have used online banking.
To start the ball rolling, I have not and won't.
--dan
I do.
My bank provides an RSA SecureId, so I feel reasonably safe against
anyone other than the bank.
You know, I'd wonder how many people on this
list use or have used online banking.
To start the ball rolling, I have not and won't.
Why? Repudiating transactions is easier than ever. As a consumer, I
fear technology which is completely secure according to experts, but
which can be broken
* Eugen Leitl:
The German PIN/TAN system is reasonably secure, being an effective
one-time pad distributed through out of band channel (mailed dead
tree in a tamperproof envelope).
Some banks have optimized away the special envelope. 8-(
It is of course not immune to phishing (PIN/TAN
* Jonathan Thornburg:
Ahh, but how do you know that the transaction actually sent to the
bank is the same as the one you thought you authorized with that OTP?
If your computer (or web browser) has been cracked, you can't trust
_anything_ it displays. There are already viruses in the wild
* Peter Gutmann:
I haven't been following the IPSec mailing lists of late -- can anyone
who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such test
suites can only reveal missing checks for boundary conditions, leading to
out- of-bounds
* William Allen Simpson:
Quoting Photuris: Design Criteria, LNCS, Springer-Verlag, 1999:
The hallmark of successful Internet protocols is that they are
relatively simple. This aids in analysis of the protocol design,
improves implementation interoperability, and reduces operational
* William Allen Simpson:
Florian Weimer wrote:
Photuris uses a baroque variable-length integer encoding similar to
that of OpenPGP, a clear warning sign. 8-/
On the contrary:
+ a VERY SIMPLE variable-length integer encoding, where every number
has EXACTLY ONE possible representation
* Perry E. Metzger:
I haven't been following the IPSec mailing lists of late -- can anyone
who knows details explain what the issue is?
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to
* Charlie Kaufman:
The probability of a single run of Miller-Rabin or Fermat not
detecting that a randomly chosen number is composite is almost
vanishingly small.
How do you chose a random integer, that this, based on which
probability distribution? 8-)
Anyway, one can show that for some
* James A. Donald:
I figured that the obvious solution to all this was to deploy zero
knowledge technologies, where both parties prove knowledge of the
shared secret without revealing the shared secret.
Keep in mind that one party runs the required software on a computed
infected with
* Perry E. Metzger:
Via cryptome:
http://evilscientists.de/blog/?page_id=343
The Cisco VPN Client uses weak encryption to store user and group
passwords in your local profile file. I coded a little tool to
reveal the saved passwords from a given profile file.
If this is true,
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015
- - -
Cisco Client Parameters
Allow Password Storage on Client - Check this box to allow IPSec
clients to store their login passwords on their local
* R. A. Hettinga quotes:
Today RSA is perhaps best known for staging a prestigious annual security
conference and for selling 20 million little devices that display a
six-digit code computer users must type to gain access to computer
networks. The code, which changes every minute as
* Udhay Shankar N.:
http://nytimes.com/2005/08/17/business/worldbusiness/17code.html
Chinese Cryptologists Get Invitations to a U.S. Conference, but No Visas
Didn't something similar happen at the FIRST conference in Hawaii a
couple of years ago? It's sad that it's going to happen again next
1 - 100 of 138 matches
Mail list logo
