es open the possibility of a
protocol change that implemented some sort of Clipper-like functionality.
A silent change like that would be *very* ominous.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The
YPTOGRAM almost 3 years ago
(http://www.schneier.com/crypto-gram-0308.html#6), as did Eric Rescorla
(http://www.rtfm.com/movabletype/archives/2003_10.html#000546); it's also
been in Slate (http://www.slate.com/id/2113157/fr/rss/).
--Steven M. Bellovin, http://www.cs.co
some years ago.)
The real point here is carelessness with access controls. *That's* what
we have to fight. It's certainly better if databases don't exist; as I
said, I think that these exist because of customer demand, not government
mandates.
--Steven M. Bellovin, ht
pted data has not been tampered with.
>
See "Space-Efficient Block Storage Integrity", Alina Oprea, Mike Reiter,
Ke Yang, NDSS 2005,
http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Wed, 26 Apr 2006 22:24:22 -0400, Derek Atkins <[EMAIL PROTECTED]> wrote:
> Quoting "Steven M. Bellovin" <[EMAIL PROTECTED]>:
>
> > In an article on disk encryption
> > (http://www.theregister.co.uk/2006/04/26/pgp_infosec/), the following
> > parag
source, PGP says it can guarantee no back
doors, but that cyber sleuths can use its master keys if
neccessary.
What is a "master key" in this context?
--Steven M. Bellovin, http://www.cs.columbi
asswords), at least in
part because they were developed at the Eagle Pub. Whether it was modesty
on his part, the fact that these things were group efforts, or the fine
IPA they serve there I don't know...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
There's a long AP wire story on wiretapping in Europe; see
http://www.washingtonpost.com/wp-dyn/content/article/2006/04/08/AR2006040800529.html
There are a number of intriguing statements in the article. For
example, in Italy 106,000 wiretaps were approved last year. By
contrast, in the US there
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=6265092168&ruhttp%3A%2F%2Fsearch.ebay.com%3A80%2Fsearch%2Fsearch.dll%3Ffrom%3DR40%26satitle%3D6265092168%26fvi%3D1
http://www.theregister.co.uk/2006/03/29/enigma_for_sale/
--Steven M. Bellovin, http://www.cs.columbia.
ble via
their web archive.) It shows Dilbert saying that he'd never buy
anything online because he doesn't want his credit card number floating
around the net. He then hands his credit card to a waitress, who comes
back wearing a fur coat.
--Steven M. Bellovin, http://
f
they don't fit in cache the cipher will be quite slow -- memory
bandwidth hasn't increased nearly as rapidly as CPU speed; modern
machines utterly rely on their caches.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---
it down to my laptop. This way, I don't have to trust my
employer, my ISP, etc. And I use SSL or SSH -- with checking of the
far-side certificates -- for transport.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
--
http://www.net-security.org/article.php?id=901
The really interesting part is the implication that there's still a lot
of 40-bit crypto out there...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
According to the BBC, the British government is talking to Microsoft
about putting in a back door for the file encryption mechanisms.
http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
In message <[EMAIL PROTECTED]>, Werner Koch writes:
>On Tue, 14 Feb 2006 13:00:33 -0500, Steven M Bellovin said:
>
>> Let me suggest a C-compatible possibility: pass an extra parameter to
>> the library routines, specifying a procedure to call if serious errors
>> o
the higher level to do something
different if appropriate, and this loss of flexibility is a bad thing.
As noted, the best answer is a modern language that supports
exceptions. (Sorry, SIGABRT and setjmp/longjmp just don't cut it.)
Let me suggest a C-compatible possibility: pass an extr
calls to a prepaid phone. Think about who could manage
that.
http://www.guardian.co.uk/mobile/article/0,,1701298,00.html
http://www.globetechnology.com/servlet/story/RTGAM.20060202.wcelltap0202/BNStory/International/
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB177/info_ops_roadmap.pdf
Note that there's a plentiful supply of black pixels included...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptog
nkgeek.com/gadgets/security/6d7f/
Again -- what is the assurance level that they do a good enough job,
and against what enemy?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Uns
nventional encryption algorithms. Given that AES is rated for top
secret traffic by NSA, I will assert that any enemy who has a chance of
attacking it can devote considerable resources to data recovery from
smashed CDs.)
--Steven M. Bellovin, http://www.cs.columbi
That's more or less what they did when they declassified Skipjack,
though they may have used a real printer and scanner instead. Some
people laughed at NSA's technical ineptitude -- didn't they know how to
print to PDF directly? Others realized that NSA understood the problem
http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf
One wonders how long it will be till someone finds an error...
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
http://www.networkworld.com/news/2005/121505-tape-encryption.html
"Proposed standards for protecting data on disk or tape are gathering steam
within the IEEE and could be supported in products as soon as next year,
according to proponents."
--Steven M. Bell
y -- it's less
than an hour's worth of transmission. The conclusion is that if you're
encrypting a LAN, you need AES or you need to rekey fairly often.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
quantum states.
...
The new chip, which is made of gallium arsenide, should be easily
scaled and mass-produced, because it's made using microlithography --
the same process that makes microchips.
...
--Steven M. Bellovin, http://www.cs.columbia.edu
Without going into the details of the purported CIA "rendition" of
prisoners to other countries ("it's not torture; we're just outsourcing
interrogration to places with less legal overhead"), there may be a
SIGINT connection. The following text appeared in an AP wire story
today about a purpor
In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes:
>
>The Chicago Sun Times reports that, for the right price, you can buy
>just about anyone's cell phone records:
>
>http://www.suntimes.com/output/news/cst-nws-privacy05.html
>
>Quite disturbing.
Yes, but it's also bad reporting -- the new
nning
simultaneously. Both of those are much smaller changes than a
capability-based OS. (Hmm -- who was it who noted that capability-
based systems were the wave of the future, and always would be?)
A final note -- multiple IP addresses is not the same as multiple
machines. Lots of hosting compa
recommendations; the second discusses security against parasitic
emanation attacks (i.e., TEMPEST).
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubs
rifying a shared secret, should be
>part of the browser chrome, rather than a particular
>application of generic web forms.
>
No -- what phishers are after is money. They get that today by going
after shared secrets. If banks change, they'll change.
--Ste
, both Firefox and IE have such --
generate a lot of keys, and run them through DIEHARD. Then warn your
users to use only approved mechanisms for generating their certificate
requests -- you just can't do any better.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes:
>I have been unable to find any evidence in the text of said
>resolutions that they in any way altered or amended the law on this,
>even temporarily. Perhaps it is the argument of the President's
>lawyers that something analogous to a stat
ever heard of was for paypa1.com. As
I recall, they did have a certificate.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ddress bar.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
she
decodes. Instead of thermal noise, proper external noise generators
should be used when the communication is not aimed to be stealth.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Ma
In message <[EMAIL PROTECTED]>, "Janusz A. Urbanowicz
" writes:
>
>Bank
>statements come on paper or in S/MIME signed emails.
This is interesting -- the bank is using S/MIME? What mail readers are
common among its clientele? How is the bank's certificate checke
use is
probably better, but it's *definitely* a much less attractive target
for malware writers.
Problems? I did have my credit card number stolen, but almost
certainly not that way. The bank believes it was a random card number
generator.
--Steven M. Bellovin, htt
http://www.nsa.gov/vietnam/
These are the documents related to the claim that NSA suppressed many
of the intercepts relating to the so-called Gulf of Tonkin incident.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
The Quest For Cryptologic Centralization and the Establishment of NSA:
1940-1952
http://www.fas.org/irp/nsa/quest.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Steve Gibon is now offering a "GRC's Ultra High Security
Password Generator" -- a web page that provides you with
"totally random" data in 3 formats: 64 hex digits, 63 printable
characters, or 63 alphanumerics. The page suggests using
them for passwords, WEP and WPA, VPN shared secrets, and more.
program space) to
>code against such issues.
Decent test case generators.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Bruce Schneier's newsletter Cryptogram has the following fascinating
link: http://www.fas.org/irp/eprint/heath.pdf
It's the story of effects of a single spy who betrayed keys and
encryptor designs.
--Steven M. Bellovin, http://www.cs.columbi
very
>different malformed packets.
>
I mostly agree with you, with one caveat: the complexity of a spec can
lead to buggier implementations. Sure, even relatively simple
protocols can be implemented poorly, but complex ones have more places
to go wrong. (It's ins
try should have been doing: they're writing test case generators
that stress parsers. So far, they've been extremely successful against
IKEv1, ASN.1, SNMP, and more. This should surprise no one and depress
everyone.
http://www.ee.oulu.fi/research/ouspg/protos/index.html is the home page
I stumbled on the following link:http://cryptome.org/dprk/dprk-papers.htm
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptog
EKE patent. Since it wasn't patented, there was no one willing to
spend the money on legal fees to fight that claim, per a story I heard.
Have a look at
http://web.archive.org/web/20041018153649/integritysciences.com/history.html
for some history.
http://mathworld.wolfram.com/news/2005-11-08/rsa-640/
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
27;re
>working with key material and not plaintext/ciphertext.
>
Don't ever encrypt the same message twice that way, or you're likely to
fall to a common modulus attack, I believe.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
--
h 15K entries, a high figure even today, you're not going
to increase the attacker's work factor by more than a few bits. As for
the dictionary size -- they felt (probably correctly) that the size
expansion was already large enough that tha
http://www.newscientist.com/article.ns?id=dn8223&feedId=online-news_rss091
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cry
n that case was used to superencipher a
codebook, by adding the 5-digit OTP number to the 5-digit code value.
Non-random digits in such a setting are more or less irrelevant, unless
there is enough of a pattern that it helps you strip off the
supere
/files/2005-031%20security%20evaluation.pdf.sig)
The author of the report, Tom Berson, has been in this business for many
years; I have a great deal of respect for him.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>Steven M. Bellovin wrote:
>> As Eric Rescorla and I showed, though, none of the network protocols
>> are ready for deployment of a new hash function. That is, newer
>> versions of OpenSSL support may SHA
note that most machines are *never*
upgrade, only replaced.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
for software licensed under GPL.
>
I think that that's a fair summary.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
guessed. Note that the web page we're discussing is from Feb 2005,
*after* Wang et al had successfully attacked MD5, though before the
publication of their SHA-1 results. NSA still has enough confidence in
SHA-384 to rate it for Top Secret traffic. I wonder what they're going
to sa
Have a look at http://www.nsa.gov/publications/publi00039.cfm . The
one-time pad was used to superencrypt a codebook; two different
codebooks were used. Most of the successful decryptions were done by
1952; there was some additional help from a partial codebook recovered
in 1953. Here's the
an important point. When *many* people are doing the "wrong"
thing, the problem isn't the people, it's the mechanism they're being
asked to use.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---
of the game is information security, and that's
far more than crypto. Sometimes, in fact, the two conflict.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsu
http://csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptograph
h of engineering,
failure to observe such elementary precautions would have
long been against the law.
>From Tony Hoare's 1980 Turing Award lecture.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
lled
$25-million represented by a licensing contract for our
Elliptic Curve Cryptography (ECC) technology by the NSA,
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
be served. We look forward to seeing you there!
___
Colloquium mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/colloquium
--
--Steven M. Bellovin, http://www.
d; knowledge of that (say, by intercepting
the email) lets you at your account, which will display the last 5
digits of your credit cards.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography M
,
James Hughes and Paul Leyland.
--- End of Forwarded Message
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
Under some circumstances, you could do a
call-out to a C module just for the crypto, but it's by no means
obvious that that's a major improvement.
Again -- what is your threat model?
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
if *all necessary patent rights* are owned (or licensed) by
Sun. For obvious reasons, it's remarkably hard to get someone to say
that they don't have a claim on some product.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---
In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>I wrote some code to show the internal state of MD5 during a collision...
>
>http://www.shmoo.com/md5-collision.html
>
Very nice, though you need to give a scale of rounds -- how many
horizontal lines per round?
In message <[EMAIL PROTECTED]>, Adam Back writes:
>On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote:
>> In message <[EMAIL PROTECTED]>, Adam Back writes:
>> >Thats broken, just like the "WAP GAP" ... for security you want
>> >
In message <[EMAIL PROTECTED]>, Chris Kuethe writes:
>On 8/26/05, Steven M. Bellovin <[EMAIL PROTECTED]> wrote:
>> ...
>> If you don't trust your (or your correspondents') IM servers, it may be
>> a different situation. I haven't read Google
easy
to read, given their length and the complexity of the protocol.)
Do I support e2e crypto? Of course I do! But the cost -- not the
computational cost; the management cost -- is quite high; you need to
get authentic public keys for all of your corresponden
ves
to 64 characters, mirroring the password styles of the day, unsalted.
That's 64^8. It still comes to 1.5 million reels of tape, however, so
I still don't believe it.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Florian Weimer writes:
>* Steven M. Bellovin:
>
>> In message <[EMAIL PROTECTED]>, Florian Weimer writes:
>>
>>>
>>>Can't you strip the certificates which have expired from the CRL? (I
>>>know that with
>
One can easily conceive of schemes that don't have such problems, such
as simply publishing the hash of revoked certificates, or using a Bloom
filter based on the hashes.
Of course, that doesn't mean that was how it was done...
use of the new path, there is reason to think the attack will get
even better. Shamir noted that 2^63 is within reach of a distributed
Internet effort to actually find one.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---
nbelievably
cumbersome".
I don't disagree with Perry's basic statement -- that a lot of people
try to solve the wrong problem. Here, though, we have a tool. It
remainds to be determined if it's a hammer, screwdriver, or wrench, and
hence what problems to a
as a cryptographic key with known plaintext (i.e., in challenge/
response protocols).
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "u
l enough. (Besides, how do you know
if you'll actually notice it?)
\endns
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
the next version of the paper.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Eric Rescorla and I have written a paper "Deploying a New Hash Algorithm".
A draft is available at http://www.cs.columbia.edu/~smb/papers/new-hash.ps
and http://www.cs.columbia.edu/~smb/papers/new-hash.pdf .
Here's the abstract:
As a result of recent discoveries, the strength of hash
sibly, it simply didn't
fit their real purpose of attracting more customers.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
on is really being authenticated?
(I alluded to this in a 1997 panel session talk; see
http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm )
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptog
ental fees if I
don't present the card separately. Hmm -- the account is old enough
that the expiration date on my credit card has long since expired.
They've never asked me for an update. Maybe they're using a reputation
system?)
--Steven M. Bellovin, ht
for you to log int o E-Gold, checks
your balance, and drains your account except for .004 grams of gold.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe
http://www.baltimoresun.com/news/nationworld/bal-te.nsa07jul07,1,6042171.story?coll=bal-home-headlines&cset=true&ctrack=1&cset=true
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The
umber of questions that need
to be answered about any such system before it's even possible to
discuss it intelligently.
> And
>whenever I enter the US, I have to give the fingerprints of my index
>fingers and they take a picture of me. That's worse than an ID card.
Agreed.
rise there
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
l sorts of other channels -- application data,
timing data (the remote fingerprinting paper mentioned this one), etc.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsub
h now says he's
warning people even against doing their own implementations.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
in Google's
>cache is the intro page, with an abstract. The paper (pdf and ps) and a slide
>
>show are inaccessible, and are not in Google's cache.
>
>Anyone saved a copy?
It's on Vern's web page:
http://www.icir.org/vern/papers/witty-draft.pdf or
In message <[EMAIL PROTECTED]>, "Perry E. Metzger" writes:
>
>"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
>>>They're still doing the wrong thing. Unless the page was transmitted
>>>to you securely, you have no way to trust th
w few pages people would visit on the
site, though, he estimated that it would increase his costs by a factor
of about 15. (I didn't verify the numbers; I know from experience that
he's competent and has his hear in the right place re security).
--Steven M. Bellovin, h
ipment of tapes to a credit bureau.) 2 involved
hacking, one was an inside job, one was a stolen laptop, and 2 were
fraudulent use of logins and passwords.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
of information
that the authors could gather about network configurations at different
sites: as we all know, traffic analysis is a powerful technique.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
Th
ress.20050526.03.htm
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Ian G writes:
>On Tuesday 31 May 2005 02:17, Steven M. Bellovin wrote:
>> In message <[EMAIL PROTECTED]>, "James A. Donald" writes:
>> >--
>> >PKI was designed to defeat man in the middle attacks
>> >bas
ing -- that's what's behind "pharming" attacks. In
other words, it's a real threat, too.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
]>[EMAIL PROTECTED], with "Comments on SP 800-57,
Part 2" in the subject line.
Elaine Barker
100 Bureau Drive, Stop 8930
Gaithersburg, MD 20899
Phone: 301-975-2911
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
--
http://www.vnunet.com/news/1162433
"Something like this cannot continue forever," he said.
"The dimensions are small enough now that we're approaching
the size of atoms and that's a fundamental block. I think
the law has another 10-20 years before fundamental limits
I found this on Simson Garfinkel's blog (http://www.simson.net/blog/):
March 13, 2005 kohnfelder78
I have put Lauren Kohnfelder's 1978 undergraduate thesis
into a single PDF file, OCR'ed it, and put it online (with
his permission).
If you are interested in
201 - 300 of 364 matches
Mail list logo