From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 28 Mar 2024 11:50:58 -0700 Received: from mail-oi1-f187.google.com ([209.85.167.187]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rpuq2-0007Ek-1o for bitcoindev@gnusha.org; Thu, 28 Mar 2024 11:50:58 -0700 Received: by mail-oi1-f187.google.com with SMTP id 5614622812f47-3c3c73e89fdsf1240203b6e.0 for ; Thu, 28 Mar 2024 11:50:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711651852; cv=pass; d=google.com; s=arc-20160816; b=tkEIPudLbS3hUCyk+ARK0VZnhwOMVTqXLw0QOZ8VIWNo3hWDv8fKLv1oQ1buVpN6r/ 4b4oUWJqu+cVR4N87muLY0Qr2z6iklqWxKTmAKWZPGPVujwWDTQVHFPxjKMHv29TCH0N r511+nq4iuf8c860yv3sTSbu2LiKK9W9ahXVuNebJiZ84daXIReMlRfehITLNgM3+JT3 pWlUn1F+RW8p5sIv8AHq75LsdcTKAM0ebkYApP2bfcVxOZELgv4tVom2L/++72jXH6X7 0CG5SBtVwGDkQv45Dm5qHSJoj/pylDVIuZysmgD0Y3CrWqrM6rSHpNtwYxmOi8W0iTUO 2EfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=; fh=JzeGCGfhOA6QJfVajsn/MzMH/uWj53Elf19/rsmH9I0=; b=hZxdzwLa4QGT2B9GSDXO9x+/ApLnxU030yg30ENb48jZhaAGKpZFRyex8CXTmMGBR+ dcrkcw1b2TLokzcJSUxq7EAI8SmCN4i9i27+mxECs2prWkSiE/ggTdbH0kVHrYbkivij AUso8ShByCd9D3ThgiozKY//TFM8xMcoey2Dixn9SSD/mv/beE9bijAeIwBeezdKD6H2 vmj8vBtXaaooZt4u5Y/XidtrsT8h19D26GsIfoNvRVXI8XoxiOp+0+BS06NWKWdk6Dx9 AAb3gi4a7Qoyov4hoe+JGoWfMnaxqNoas4D2HkzXpPSy4zGFuUTDLg5yPuZ1cQeu54uB vRHg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1711651851; x=1712256651; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=; b=bEWM9OIHRF0jt/PtEX4sYgkX7tthFaIdYuJe5vgVUDWaltB4DZl+L+WnVNSNNrXf90 yCFboI7YmR94gXzugQnJetvm4+Uldj6MUM4DB0QsupC0Z+FX2Ebnopb23ocr0PGfICLL ki3wrce4upFbw7OkaZd6ppbxSZq1lwh54eYUrH1d21tuln1ajQaob78Vp+lOvNp9YYC7 qC7foT2RnbUYtqZ2pt+syQapEJFHSSslkXFI96wzHvM3TgvUH3Sh/0qXpd9gx6DG8Fp+ aSqAGnfiCDTZXS8CybG+1fGB9zpanvCwyn4BBOl0YKTrd4bMDuLH1FTlFTU6smvgoqHw Yp4Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711651851; x=1712256651; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=; b=FdLaZb5V5ZsHJWzRsE7ihSFty2dBLsFAkAo+cEdnBlvbhwC0BjMFIj61NOQRzw02vU SDIGbIKd9/zvwnV3BOhjDljNuYBiYnMlHSm0RxAaq9zodhDW61I0Pb3Yi2zcsTysiYis /LL9aYtCH6/nCEmhTvibIFTNcAhVlzWXMyW8/usfr917MT20dY/M5AMO66Qp2QjXligO EtvF8ZI6a+CoLSdkg1zUNc2ZusNE9T8PwUIiktVFlE7CwSv7qwAfRcJwC+byPcFh1fyD JiLKqoW48TRMvIIQHKarC+r0oZqm5DjCQDSTGp54PZYS5NQCFiV80ElFkvvuX/kA0jKo CLog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711651852; x=1712256652; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=sVG/JjB9vK+fGaCdNlfbQkos1UAObbjYz9ISFiSl6D4=; b=BYuahA3uX6I9DThXW0VhPNk4/8H6pQmS6TwVz5K7XeHXfpLuZ7/4XGIYDF18Hla3vV lPaPY98vBFiRB/VJHH4yYuvFX9CRg+acS7DQ7Ner02e5dM7PprFpM/xtkkoHxIUUVpTQ aVxuTKnjo0NJBSrAdkivy9Ujeg6yDTa6wFGVRbCE775QU/MhRYqFA7TmRwqNKgaut/9M mDTUKgWnJtf8iH1mavGivM9sVcZ7EoArkbgYd/smZrSqAOBzwAX2+kNZcRQUYNOcZb7W 2Z556xKN3Bo8Qo9Y0fvxD6oS3WKvsEJvl/GP5TUvgsVXUkzFrboQAI8Snso/zUmQdlqr mbwg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXyQzJYr2vFWeeJwEpMqbpRYtwji9uLPh4ytadMeti6O/VR2brCj5hodDGuN4bcvdYaA/EWXWiTgj1TN3rg2C04vnI1te4= X-Gm-Message-State: AOJu0Yzx0qFYgo6Bh8agE3VssWO46MIjsRcrv8c7Q4Vk2P1bTLC9Aojp omRFbq0EJnQzZLwmjxKGA+8cDhb2tzHTb9hkEE/+1M7+BJq6/AhP X-Google-Smtp-Source: AGHT+IGCzWmZH+opk76QypKM671KCdkWdYdoY9+KbMZJ7Pd4wwt8s4H3EHRbgMMT69wEx3ogCXzK4A== X-Received: by 2002:a05:6808:3c8f:b0:3c3:ee38:cc81 with SMTP id gs15-20020a0568083c8f00b003c3ee38cc81mr159836oib.23.1711651850672; Thu, 28 Mar 2024 11:50:50 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:622a:1818:b0:42e:cef8:7f63 with SMTP id t24-20020a05622a181800b0042ecef87f63ls1700983qtc.0.-pod-prod-09-us; Thu, 28 Mar 2024 11:50:49 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWy5GgtvSIFOFeegDcUITPwdu/VrUQcMKf0CkwtIYiy5f/sIU8ASVcC8o5szAl+Q23wPtPpz5is05HVzAQKDmGvE2iw3Ky0i8jOcFE= X-Received: by 2002:a05:620a:1a04:b0:78b:c210:39fe with SMTP id bk4-20020a05620a1a0400b0078bc21039femr11988qkb.8.1711651849774; Thu, 28 Mar 2024 11:50:49 -0700 (PDT) Received: by 2002:a05:620a:2953:b0:78a:59df:2777 with SMTP id af79cd13be357-78b8a9a4eb3ms85a; Thu, 28 Mar 2024 11:34:55 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVufATauLI0krRynVo3tqr9wq5s9RMKYWkft5e7wBdNLEKGSbAV05jrvZiqXGraPiPFWuVHig0yJuSx+0Ny77VsR5cilmz48VT5fZI= X-Received: by 2002:a05:6214:4902:b0:696:8017:8732 with SMTP id pd2-20020a056214490200b0069680178732mr120840qvb.14.1711650894457; Thu, 28 Mar 2024 11:34:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1711650894; cv=none; d=google.com; s=arc-20160816; b=jneVKODWtoPCN4J8BG9TiJi95vuhP/4tBT3Pncmciu384VyLPh6Zcx5DFmZHOQeNiy JjVflmCeIIK/JITibYWuV4Jgc/xh/f2SqTicMm5bhdUdRTE3+U8rQ7eN4X395sxYSZmd 0/ycOLwr+2kTvmR3xLjPOzzEXm2FtgG+W5fuHxPBKto/Jp1M3vciy54GCDICHRUZr4gT Fj56vjBVoUOn4y2xkMfjWtn/vNGuXlY4UiYeCrqXyt/p/PHnw9jkmvmdB2nJiQrn+sRD mxi/zmTBiES3svNb2M9XrK50pV8Y5fMh1aeaHqRNJxElx6s4UlXBsz6oIyuj0Y+y118B r+ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=gAjK5bzzl2Qd1rlMbT5IFQblQ/+Trj+hd0SIkglS//Y=; fh=d5JtCUGvWbFGey+B+GYxDiBL9DHe1nSyWkexWjGLhIw=; b=r8J5g5m96cK6Ll+RQ6Uh38uvGbAyxGibR0rNPUtNgcbrK/F2Kl1B45y1OffV3dprp0 zuRcWu97vYghjrArNP1cEGVQqXw0fMN4qVIl18YeGlhdyA62hYqcngEcX2l7LURh+PnL wALBoVI4MgQJPmK+qnmAtUPMka5ugjTtSMVjuE62Xr74FtvMzvgRaiedaapMvTax1N3F 20yanInJ1WM6b1sFHlkYHCQ+yc8bkkjWqUhoTQh/9DGJeEpgkrYid0QTjoWzI1Lsce8y G57IwYo/EnnZAVhHVFw4PTwJ12ZlT71DtwqdoMDOZvhlZiPHEey/v7ihgCsNMeLaPBPM BUAQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com. [2607:f8b0:4864:20::d2b]) by gmr-mx.google.com with ESMTPS id i16-20020a0cab50000000b0068f10446451si205295qvb.7.2024.03.28.11.34.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Mar 2024 11:34:54 -0700 (PDT) Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) client-ip=2607:f8b0:4864:20::d2b; Received: by mail-io1-xd2b.google.com with SMTP id ca18e2360f4ac-7c8ae457b27so32227939f.2 for ; Thu, 28 Mar 2024 11:34:54 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCV+Ex3LTXSs6Mp1AxCP9TDm8u/DJ6hoiLjrIV4EGfTW8/AX67GYRtnIrTdDRweO7Gk64TD/ptz79okADi9jSyy4/Hip0keesmOs0yQ= X-Received: by 2002:a6b:6708:0:b0:7cc:9dc:70a6 with SMTP id b8-20020a6b6708000000b007cc09dc70a6mr4114224ioc.21.1711650893732; Thu, 28 Mar 2024 11:34:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Antoine Riard Date: Thu, 28 Mar 2024 18:34:42 +0000 Message-ID: Subject: Re: [bitcoindev] A Free-Relay Attack Exploiting RBF Rule #6 To: Steve Lee Cc: Peter Todd , "David A. Harding" , bitcoindev@googlegroups.com Content-Type: multipart/alternative; boundary="0000000000008021850614bcc7c6" X-Original-Sender: antoine.riard@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fnvJ5b7L; spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=antoine.riard@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --0000000000008021850614bcc7c6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Steve, > He literally cites a reference to an example. About CVE-2017-12842, the report of Sergio Demian Lerner available here gives more information on the reporting process of the vulnerability: https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-de= sign/ I'll attract attention on the following words of Sergio himself: "and as I said in the first paragraph, the weakness was already known by some developers. But I still don't understand (1) why so many people knew about it but underestimated it badly, (2) why there was no attempt to fix it." Sadly, from my experience reporting weaknesses or reviewing security patches in Bitcoin Core, senior developers in this field are still aware of more vulnerabilities than they usually have time to fix them. Additionally, sometimes "ambiguous" patches are deliberately done where a lightweight weakness is fixed and argued in public as such, when in reality more severe issues are hardened under the hood. In the present case making non-standard 64 bytes transactions without witness in Bitcoin Core 16.0 added a belt-and-suspender in face of block-malleability validation issues that could split the network _and_ it leveled up the bar for double-spending SPV clients. That latest exploitation scenario was the one which was early disclosed by Peter in June 2018. Coming back to the present "free-relay" bandwidth wasting class of attack disclosure, I effectively myself think a 4-days delay was a bit short for a full disclosure. Comparing to CVE-2021-31876 (core's lack of inheritance signaling), full disclosure report is available here: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.htm= l The initial report was made 2021-03-19. We didn't go the route of landing a covert patch as it was appreciated that potential DoS risks outweighs the safety of non-anchors exposed LN channels. Weakness report was made available the 2021-05-06 after noticing maintainers of most-likely exposed Bitcoin softwares, so a delay of 50-days. As a reminder, in the full disclosure report I myself champion some changes in the BOLT protocol such as dynamic upgrades that would make handling this kind of security issues easier [0]. I believe in the present "free-relay" bandwidth wasting, letting a minimal 2-weeks delay would have been more reasonable. Security list members might be in flight travels or at conferences, or under other operational constraints and domain experts in the area of transaction-relay might not be available to give full-fledged answers. Even if you have private contacts of someone, don't rush them to get an answer when it can be midnight in their time zones and they're recovering from jet lags. On the other hand, if you don't receive a satisfying answer as a security finding reporter after 2 weeks, or an acknowledgement of email reporting reception after ~72 hours from vendors, I still think you're free to move ahead with a full disclosure. Sadly, I had "bad faith" vendor cases in my career as a security researcher in considerations of ethical infosec rules. Best, Antoine [0] By the way the pinning vector exposed in CVE-2021-31876 still affects LDK channels as the commit beef584c `negotiate_anchors_zero_fee_htlc_tx` is false by default. And this is not fixed by v3 without avoiding all nversion=3D2 by an on-chain confirmation to be replayed (L792, src/validation.cpp - commit d1e9a02). I"ll be polite and not ask what LDK maintainers are doing with their time. Le mer. 27 mars 2024 =C3=A0 22:14, Steve Lee a =C3= =A9crit : > > > On Wed, Mar 27, 2024 at 2:56=E2=80=AFPM Peter Todd w= rote: > >> >> I'm not the only person who thinks this looks like harassment. The fact >> is you >> started this conversation with: "I'm especially concerned given your pas= t >> history of publicly revealing vulnerabilities before they could be quiet= ly >> patched and the conflict of interest of you using this disclosure to >> advocate >> for a policy change you are championing." >> >> You haven't substantiated any of this. > > > He literally cites a reference to an example. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > bitcoindev+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTYREgDdGO= KV%3DgwFJ%2BT59L%3DqHqbewz4vw%40mail.gmail.com > > . > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/CALZpt%2BEK26%3DE6U9OdY%2Bc9LVQnGtb-f5zzKt5RTwBoHpr_SSxcA%40mail= .gmail.com. --0000000000008021850614bcc7c6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Steve,

> He literally cites a ref= erence to an example.

About CVE-2017-12842, =C2=A0the report of Sergio Demian= Lerner available here gives more information on the reporting process of t= he vulnerability:

<= div>I'll attract attention on the following words of Sergio himself:

"and as I said in the first=C2=A0paragraph, the= weakness was already known by some developers. But I still don't under= stand (1) why so many people knew about it but underestimated it badly, (2)= why there was no attempt to fix it."

Sadly, = from my experience reporting weaknesses or reviewing security patches in Bi= tcoin Core, senior developers in this field are still aware of more vulnera= bilities than they usually have time to fix them. Additionally, sometimes &= quot;ambiguous" patches are deliberately done where a lightweight weak= ness is fixed and argued in public as such, when in reality more severe iss= ues are hardened under the hood.

In the present ca= se making non-standard 64 bytes transactions without witness in Bitcoin Cor= e 16.0 added a belt-and-suspender in face of block-malleability validation = issues that could split the network _and_ it leveled up the bar for double-= spending SPV clients. That latest exploitation scenario was the one which w= as early disclosed by Peter in June 2018.

Coming b= ack to the present "free-relay" bandwidth wasting class of attack= disclosure, I effectively myself think a 4-days delay was a bit short for = a full disclosure.

Comparing to CVE-2021-31876 (co= re's lack of inheritance signaling), full disclosure report is availabl= e here:

The init= ial report was made 2021-03-19. We didn't go the route of landing a cov= ert patch as it was appreciated that potential DoS risks outweighs the safe= ty of non-anchors exposed LN channels. Weakness report was made available t= he 2021-05-06 after noticing maintainers of most-likely exposed Bitcoin sof= twares, so a delay of 50-days. As a reminder, in the full disclosure report= I myself champion some changes in the BOLT protocol such as dynamic upgrad= es that would make handling this kind of security issues easier [0].
<= div>
I believe in the present "free-relay" bandwidt= h wasting, letting a minimal 2-weeks delay would have been more reasonable.= Security list members might be in flight travels or at conferences, or und= er other operational constraints and domain experts in the area of transact= ion-relay might not be available to give full-fledged answers. Even if you = have private contacts of someone, don't rush them to get an answer when= it can be midnight in their time zones and they're recovering from jet= lags.

On the other hand, if you don't receive= a satisfying answer as a security finding reporter after 2 weeks, or an ac= knowledgement of email reporting reception after ~72 hours from vendors, I = still think you're free to move ahead with a full disclosure. Sadly, I = had "bad faith" vendor cases in my career as a security researche= r in considerations of ethical=C2=A0infosec rules.

Best,
Antoine

[0] By the way the pinnin= g vector exposed in CVE-2021-31876 still affects LDK channels as the commit= beef584c=C2=A0`negotiate_anchors_zero_fee_htlc_tx` is false by default. An= d this is not fixed by v3 without avoiding all nversion=3D2 by an on-chain = confirmation to be replayed (L792, src/validation.cpp - commit d1e9a02). I&= quot;ll be polite and not ask what LDK maintainers are doing with their tim= e.


Le=C2=A0mer. 27 mars 2024 =C3=A0=C2=A022:= 14, Steve Lee <steven.j.lee@gm= ail.com> a =C3=A9crit=C2=A0:


On Wed, Mar 27, 2024 at 2:56=E2=80=AFPM Peter Todd= <pete@petertodd= .org> wrote:

I'm not the only person who thinks this looks like harassment. The fact= is you
started this conversation with: "I'm especially concerned given yo= ur past
history of publicly revealing vulnerabilities before they could be quietly<= br> patched and the conflict of interest of you using this disclosure to advoca= te
for a policy change you are championing."

You haven't substantiated any of this.

He literally cites a reference to an example.

--
You received this message because you are subscribed to a topic in the Goog= le Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this topic, visit https://group= s.google.com/d/topic/bitcoindev/EJYoeNTPVhg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bitco= indev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/CABu3BAeYsMG7TuM_htTY= REgDdGOKV%3DgwFJ%2BT59L%3DqHqbewz4vw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://group= s.google.com/d/msgid/bitcoindev/CALZpt%2BEK26%3DE6U9OdY%2Bc9LVQnGtb-f5zzKt5= RTwBoHpr_SSxcA%40mail.gmail.com.
--0000000000008021850614bcc7c6--