Tyler Close [EMAIL PROTECTED] writes:
I have demonstrated the theory behind YURLs by providing an
implementation, the Waterken Browser, and by explaining how two
other widely used systems implement the theory.
Having an implementation demonstrates nothing whatsoever about
security -- many
by eye. It is a neat idea, and
certainly instructive, but I don't know that I particularly love it.
The YURL idea seems to suffer from most of the same flaws.
--
Perry E. Metzger[EMAIL PROTECTED
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
1) The YURL makes key management and replacement effectively
impossible.
Well, I would have said it suggests a different
method.
Instead of regimented, hierarchical and fixed
key management - an idea of poor track
For making things like IP fragmentation ids and other similar protocol
elements unpredictable, it would be useful to have what I'll call a
cryptographic ergodic sequence generator -- that is, a generator that
will produce a sequence of n bit numbers such that there are no
repeats until you pass
Headquarters.
http://www.elonka.com/kryptos/CyrillicProjectorAnnouncement.html
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Richard Schroeppel [EMAIL PROTECTED] writes:
(Responding to the chorus of protocol professionals saying please do
not roll your own)
I imagine the Plumbers Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
newcomers. No longer
. The
alternatives aren't any simpler or easier, and are almost always
dangerous.
There isn't a guild. People just finally realize what is needed in
order to make critical -- and I do mean critical -- pieces of
infrastructure safe enough for use.
--
Perry E. Metzger[EMAIL PROTECTED
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
...
Dumb cryptography kills people.
What's your threat model? Or, that's your threat
model?
Applying the above threat model as written up in
The Codebreakers to, for example, SSL and its
original credit card nreeds would
will help you make your system far more secure than it
would otherwise be.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ronald L. Rivest [EMAIL PROTECTED] writes:
What is aperture minimization? That's a new term for me...
Never heard of it before. Google has never seen it either...
(Perhaps others on the list would be curious as well...)
I'm sure you have heard of it, just under other names.
The term
Simon Josefsson [EMAIL PROTECTED] writes:
Several people have now suggested using TLS, but nobody seem to also
refute the arguments made earlier against building VPNs over TCP, in
http://sites.inka.de/~bigred/devel/tcp-tcp.html.
Well, I agree, the most reasonable thing to do is to use ipsec,
I was asked by someone to anonymously forward the following reply to
Joshua Hill to the list. (Second time in a week, and on the same topic!)
If you reply, please don't put my name in the reply -- this isn't my
comment.
--
Peter Clay [EMAIL PROTECTED] writes:
Having spent much of the past few weeks trying to sort out a workable VPN
solution, I think this is a good but doomed idea. http://vpn.ebootis.de/
has the best free windows IPsec configuration tool I've found, but that
doesn't help. Why? Because IPsec
[Moderator's note: Forwarded anonymously at the sender's request, so
if you reply to this, please cut my name out of it, it isn't my
message --Perry]
--
Perry, please forward anonymously.
On Friday, Oct 10, 2003, at 22:48
is not TLS, and TLS's properties are not those
of X.509.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
is that it is a good idea to be conservative.
Ditto.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the benefits.
The cost of MITM
We've heard a bit recently from certain parties, especially Ian Grigg,
claiming that one should use a cost/benefit analysis before using
TLS. The claim seems to be that it provides more protection than one
really needs.
However, there are many perfectly free (in both senses) TLS
implementations,
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
The cost of MITM protection is, in practice, zero.
Not true! The cost is from 10 million dollars to
100 million dollars per annum. Those certs cost
money, Perry!
They cost nothing at all. I use certs every day that I've
I allowed through a couple of messages on UCE from The Usual Suspects,
partially because they discussed things like anonymous remailers etc.,
but unless something very interesting comes through I'd like to end
this here, given that we're not really the right list for the
discussion.
Perry
We're having some trouble with a subtle bug on one of our mail
delivery machines for cryptography, which appears to have slowed down
delivery of the list recently. I unfortunately may have to send out a
couple of test messages to the list, like this one, so we can trace
the problem completely.
: address (which I do every day) etc. are
not really on topic.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
There have been more press releases about quantum crypto products
lately.
I will summarize my opinion simply -- even if they can do what is
advertised, they aren't very useful. They only provide link security,
and at extremely high cost. You can easily just run AES+HMAC on all
the bits crossing
John Lowry [EMAIL PROTECTED] writes:
Perry is absolutely right.
There is no point in pursuing this.
It might even be analogous to what we now know about computers.
We were warned that there would never be a need for more than
A half-dozen - after all, they were extremely expensive just to
In my opinion, the various hashcash-to-stop-spam style schemes are not
very useful, because spammers now routinely use automation to break
into vast numbers of home computers and use them to send their
spam. They're not paying for CPU time or other resources, so they
won't care if it takes more
very slow to start). Hope this helps a few people, and if you
have other apps with problems, please post about them below.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe
No, I'm not dead, I've just been extremely delinquent in moderating
the list.
I should be sending out the queued messages that are still relevant
over the next few days, and then we'll be back to normal.
Perry
-
The
to guard.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
-- it will make everyone a lot safer.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
/. is running yet another story on quantum cryptography today, with
the usual breathless hype:
http://science.slashdot.org/article.pl?sid=04/04/12/133623
I'm especially unimpressed with the Does this spell the
end of the field of cryptography? comment.
For those who don't know much about what
Adi Shamir Eran Tromer find you can literally listen in on your
computer doing RSA computations:
http://www.wisdom.weizmann.ac.il/~tromer/acoustic/
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography
Moderator's Note:
One of the main delays I have in moderating the list has been the
massive increase in spam that has happened in the last six months. I
have had to wade through first two or three spams per real list
message, and then five or ten, and finally one hundred or more. Most
days, I
Moderator's Note:
As of now, if you want to be able to send a message to the list, you
have to be a subscriber. Otherwise, the message will bounce at the
SMTP transaction with my mail server.
The old fashioned method of forwarding non-member posts to the
moderator (me) for approval was swamping
This article claims the code for the permissive action links on many
US nuclear weapons in the 1960s was well known to be .
http://www.cdi.org/blair/permissive-action-links.cfm
--
Perry E. Metzger[EMAIL PROTECTED
technology staff
Colossus Mk2, a wartime code-breaker hailed as one of the first
electronic computers, has been rebuilt and reunited with Bletchley
Park veterans.
http://news.bbc.co.uk/1/hi/technology/3754887.stm
--
Perry E. Metzger[EMAIL PROTECTED
useful for making sure your mail is actually
secure, but I think it is a valuable thing to turn on as much as one
can, if only to reduce casual eavesdropping. It certainly can't stop
(for the most part) concerted attacks, but I don't think most people
view it as being useful for that.
--
Perry E
card when she's about to run out.
http://www.wired.com/news/infostructure/0,1377,63670,00.html
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
FYI, /. has posted a story on this, but, true to form, they confuse
one time passwords with one time pads.
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: PORTIA Workshop on Sensitive Data (fwd)
If you think that [EMAIL PROTECTED] would be interested
in the enclosed, please forward it.
Sincerely,
Joan FEigenbaum
-- Forwarded message --
Date: Fri, 4 Jun 2004 06:54:33 -0400 (EDT)
From: Joan
James Bamford, of The Puzzle Palace and Body of Secrets fame, has
written a new book called A Pretext for War. Has anyone out there
read it yet? If so, does it have any interesting new NSA or other
general SIGINT related content?
Perry
[Forwarded on John's behalf...]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: W Post: US gets 126,000,000 intelligence intercepts a day?
Date: Wed, 02 Jun 2004 21:39:36 -0700
From: John Gilmore [EMAIL PROTECTED]
The government receives 126 million intelligence intercepts a day.
I've
/
Actual practical impact on cryptography? Likely zero, even if it turns
out the proof is correct (which of course we don't know yet), but it
still is neat for math geeks.
--
Perry E. Metzger[EMAIL PROTECTED
://news.bbc.co.uk/1/hi/technology/3804895.stm
No real new info, but some good background. Several familiar names,
such as Ross Anderson, are interviewed.
[Note: I found out about the article from Eric Rescorla's blog.]
--
Perry E. Metzger[EMAIL PROTECTED
These folks have a service that will find the text that hashed to an
MD5 if the text is less than or equal to 8 characters in length and
matches [0-9a-z]+
http://passcracking.com/
--
Perry E. Metzger[EMAIL PROTECTED
Date: Mon, 5 Jul 2004 13:29:39 -0400 (EDT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: PORTIA workshop on sensitive data, July 8-9, 2004, Stanford Univ.
The final workshop program is available at
http://crypto.stanford.edu/portia/workshops/2004_7_prog.html
Some potential
, and who are also unlikely to be willing to pay more money to
gain privacy, I think the implementation of such tags is unlikely.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe
I've been watching the webcast. The team that did the
md4/md5/haval-128/ripemd attacks just presented, and although it was
interesting it included precious few details of the attack beyond the
fact that it was a twist on differential cryptanalysis. Is there any
more information available at this
and Yu in simpler terms for those of us who find the extant
documentation incomprehensible?
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography
I saw this on /.:
http://www.techworld.com/storage/news/index.cfm?NewsID=2430
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
Ian Grigg [EMAIL PROTECTED] writes:
R.A. Hettinga wrote:
http://worldnetdaily.com/news/printer-friendly.asp?ARTICLE_ID=41030
An engineer and RFID expert with Intel claims there is little danger of
unauthorized people reading the new passports. Roy Want told the newssite:
It is actually
WASHINGTON (Reuters) -- The U.S. Air Force quietly has put into
service a new weapon designed to jam enemy satellite communications, a
significant step toward U.S. control of space.
http://www.cnn.com/2004/TECH/space/11/01/satellite.jamming.reut/index.html
Perry
://www.securityfocus.com/news/9978
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Another article on serial numbers embedded in the output of color
printers and copiers:
http://story.news.yahoo.com/news?tmpl=storycid=1093e=4u=/pcworld/20041122/tc_pcworld/118664
-
The Cryptography Mailing List
Unsubscribe by
Just got this in email -- I thought it might be of interest to the
readership.
Perry
Date: Tue, 23 Nov 2004 17:41:49 -0800
From: Fyodor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: FBI Subpoenas
Message-ID: [EMAIL PROTECTED]
Dear Nmap hackers,
Let me first wish you Americans a happy
Cryptome just published some updates to the crypto export regulations:
http://cryptome.org/bis120904.txt
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Charlie asked me to forward this.
From: Charlie Kaufman [EMAIL PROTECTED]
Sent: Tuesday, March 08, 2005 12:46 PM
To: cryptography@metzdowd.com
Subject: Re: comments wanted on gbde
Steve Bellovin writes:
A discussion -- I'll be polite and call it that -- has erupted on
some mailing lists about
Forwarded at PHK's request.
To: Perry E. Metzger [EMAIL PROTECTED]
Subject: Please forward to cryptography@ list.
From: Poul-Henning Kamp [EMAIL PROTECTED]
Date: Tue, 08 Mar 2005 14:29:20 +0100
I have read the comments on gbde in the archive of the cryptography@
list and I would like to attach
Your humble moderator asks...
Does anyone know of a mailing list system that handles having
multiple, rotating moderators cleanly? I'd like to avoid many-week
delays like the one I've just caused.
Perry
-
The Cryptography
At long last, the DES FIPSes are withdrawn:
http://cryptome.org/nist051905.txt
Perry
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
for the obvious
reasons
You are wrong there again.
Where are you getting your information from? Whomever your informant
is, they're not giving you accurate information.
--
Perry E. Metzger[EMAIL PROTECTED
, and that
human error is extremely pervasive. I've yet to sit in a conference
room and think oh, if I only had more statistical data, but I've
frequently been frustrated by gross incompetence.
--
Perry E. Metzger[EMAIL PROTECTED
Daniel Carosone [EMAIL PROTECTED] writes:
On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
So we need to see a Choicepoint for listening and sniffing and so
forth.
No, we really don't.
Perhaps we do - not so much as a source of hard statistical data, but
as a source
than 0.3 sec on an old Pentium III 450MHz computer, and in 0.06 sec on
a Pentium IV 3Ghz HT computer.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Matt Crawford [EMAIL PROTECTED] writes:
On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
2) They also have a way of forcing pairing to happen, by impersonating
one of the devices and saying oops! I need to pair again! to the
other.
Do the devices then pair again without user
level decision to screw their users, so much the worse.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ben Laurie [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Have a look, for example, at http://www.americanexpress.com/
which encourages users to type in their credentials, in the clear,
into a form that came from lord knows where and sends the information
lord knows where. Spoof the site
james hughes [EMAIL PROTECTED] writes:
There are large institution with 1000s of tape drives and 1,000,000
or more cartridges. Even simple solutions are huge to implement. This
is a non-trivial matter. The technical solutions are possible, there
are vendors out there that are already doing
[EMAIL PROTECTED] writes:
One thing that irritates me is that most security audits (that verify
compliance with regulations) are done by accountants. No disrespect for
accountants here, they are smart people, but most of them lack the
security knowledge needed to really help with the
Jerrold Leichter [EMAIL PROTECTED] writes:
If you look at their site now, they *claim* to have fixed it: The login box
has a little lock symbol on it. Click on that, and you get a pop-up window
discussing the security of the page. It says that although the page itself
isn't protected,
Steven M. Bellovin [EMAIL PROTECTED] writes:
They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who cleverly sent you an
altered version of the page.
They're doing
Dan Kaminsky [EMAIL PROTECTED] writes:
2) The cost in question is so small as to be unmeasurable.
Yes, because key management is easy or free.
In this case it is. As I've said, even having all your tapes for six
months at a time use the same key is better than putting the tapes in
the clear.
R. Hirschfeld [EMAIL PROTECTED] writes:
From: Perry E. Metzger [EMAIL PROTECTED]
Date: Wed, 08 Jun 2005 19:01:37 -0400
The other major offender are organizations (such as portions of
Verizon) that subcontract payment systems to third parties. They are
training their users to expect
Ben Laurie [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Steven M. Bellovin [EMAIL PROTECTED] writes:
They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who
Quoting:
The U.S. Department of Justice is quietly shopping around the
explosive idea of requiring Internet service providers to retain
records of their customers' online activities.
http://news.com.com/Your+ISP+as+Net+watchdog/2100-1028_3-5748649.html
--
Perry E. Metzger
[EMAIL PROTECTED] (Peter Gutmann) writes:
[EMAIL PROTECTED] (Hal Finney) writes:
Steven M. Bellovin writes:
Dan Bernstein has a new cache timing attack on AES:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
This is a pretty alarming attack.
It is? Recovering a key from a
Jerrold Leichter [EMAIL PROTECTED] writes:
Usage in first of these may be subject to Bernstein's attack. It's much
harder to see how one could attack a session key in a properly implemented
system the same way. You would have to inject a message into the ongoing
session.
I gave an
My girlfriend just got an (apparently legitimate from what I can tell)
HTML email from her credit card company, complete with lots of lovely
images and an exhortation to sign up for their new secure online
ShopSafe service that apparently generates one time credit card
numbers on the fly.
Here's
John Levine [EMAIL PROTECTED] writes:
On the other hand, MBNA's mail practices would be laughable if they
weren't entirely in line with every other bank in the country.
The fact that others do laughable things doesn't make their
practices any less laughable. Stupid things remain stupid no
Perry E. Metzger [EMAIL PROTECTED] writes:
Oh, and what companies are involved? The card is Fidelity branded, but
it is really an MBNA production, with online marketing and card
servicing (like this piece) being done by Individualized BankCard
Services. One would think that everyone
I'm forwarding this article, originally from the Cypherpunks mailing
list (I saw it on Dave Farber's Interesting People) because I find
the security implications important.
HOWEVER, I'm warning in advance that I'm not going to forward a lot of
followups, especially if they are unoriginal and/or
-memory-data tradeoff which results in a new tradeoff
curve.
By the way, much thanks to Eric Rescorla for pointing this out to me.
Perry
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
, telephone numbers,
descriptions of vehicles, and vehicle identification (VIN) numbers for
every driver in Moscow.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending
[EMAIL PROTECTED] writes:
But nevertheless, I do not understand why americans are so afraid of
an ID card.
Perhaps I can explain why I am.
I do not trust governments. I've inherited this perspective. My
grandfather sent his children abroad from Speyer in Germany just after
the ascension of
Dirk-Willem van Gulik [EMAIL PROTECTED] writes:
And you may have then noticed the interesting effect; in Germany we have
mandatory cards - carry them round always - but virtually have to show
them. And only to officials often.
In the US they have no official card - yet even the lowest clerk
Dan Kaminsky [EMAIL PROTECTED] writes:
Credit card fraud has gone *down* since 1992, and is actually falling:
1992: $2.6B
2003: $882M
2004: $788M
We're on the order of 4.7 cents on the $100.
http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm
If it's any
Adam Shostack [EMAIL PROTECTED] writes:
I think those numbers are misleading. The FTC reports ID theft as a
$50B problem, but I haven't seen that broken down by vector. I
suspect most of it is CC (rather than cheque, mortgage/line of
credit/auto loan), but have no data.
If you or anyone
Jerrold Leichter [EMAIL PROTECTED] writes:
In doing this calculation, be careful about the assumptions you make
about how effective the countermeasures will be. The new systems
may be more secure, but people will eventually come up with ways to
break them. The history of security measures
Florian Weimer [EMAIL PROTECTED] writes:
I share your general concern, but it's not the ID cards which worry
me. After all, forgeable passports are only a very, very weak form of
defense in an age of non-invasive biometric applications which operate
in real-time. (I know, we aren't quite
Nick Owen [EMAIL PROTECTED] writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.
Far better would be to have a token with a display attached to the
PC. The
Peter Fairbrother [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
A system in which the credit card was replaced by a small, calculator
style token with a smartcard style connector could effectively
eliminate most of the in person and over the net fraud we experience,
and thus get rid
for RFID (RFID
being a large scale solution waiting for problems), but at the same
time we've lost quite a bit.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
[EMAIL PROTECTED] writes:
Nick Owen writes:
| I think that the cost of two-factor authentication will plummet in the
| face of the volumes offered by e-banking.
Would you or anyone here care to analyze
what I am presuming is the market failure
of Amex Blue in the sense of its chipcard
Florian Weimer [EMAIL PROTECTED] writes:
* Perry E. Metzger:
Nick Owen [EMAIL PROTECTED] writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.
Far better
Ben Laurie [EMAIL PROTECTED] writes:
That could be fixed. I think the right design for such a device has
it only respond to signed and encrypted requests from the issuing
bank directed at the specific device, and only make signed and
encrypted replies directed only at the specific issuing
Ben Laurie [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Anonymity is a concern to me, too, but I suspect that it is hard to
get anonymity in a credit card transaction using current means, even
if the merchant isn't online. Pseudonymity, perhaps.
Can we not aim higher than merely doing
John Denker [EMAIL PROTECTED] writes:
My point here is that knowing who I am shouldn't be a
crime, nor should it contribute to enabling any crime.
Suppose you know who I am. Suppose you know my date of
birth, social security number, and great-great-grandmother's
maiden name. As Spike said,
, a
picture and/or digitally stored fingerprints collected when the
account was opened seem like a simple and cheap way of improving
security.
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Many of you may remember Stuart Baker from the crypto export policy
wars. I still remember him telling me in a conversation after a New
York Bar Association debate on the subject that the Internet would
never be of any economic importance. Anyway, without further comment:
. The token can store the bank's key
without any need for a cert, either. Neither needs to check the
certification of such keys -- the mere presence of the key in the
correct part of storage indicates it is valid, the same way that a
.ssh key file needs no certification, only existence.
--
Perry E
[EMAIL PROTECTED] (Peter Gutmann) writes:
Perry E. Metzger [EMAIL PROTECTED] writes:
Why is it, then, that banks are not taking digital photographs of customers
when they open their accounts so that the manager's computer can pop up a
picture for him, which the bank has had in possession
1 - 100 of 626 matches
Mail list logo
