Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-11 Thread John DOE 

Well I am not a guru on this subject and did not want to put my nose into that 
( well this is my MsD project at the moment ) but as far as I know 
impersonation is not the only thing we try to achieve when we are using such 
things. We also use one way hash functions to get a value out of our message 
and this hash function is only private to us and the server keeps another 
function that can only verify if the hash value is really generated by us and 
is correct.This helps avoiding impersonation and altering of the message by 
third parties.Of course key management ( especially generation ) is not 
something easy ( 2 integers of 64 digits and prime is not as easy to generate 
as writing hello world in C ) but I do not believe it has necessity in the 
e-mail groups since we are not corresponding about money transitions of billion 
dolars and if you think the lamest thing in the world would be relaying from an 
e-mail server to this security list by an email that comes from [EMAIL 
PROTECTED] it does not show such significance.

PS : Mr Bouse thanx a lot for your attention in helping me. I think I have 
solved the problem with your help.There are great guys here and he is one of 
them.

John.


--- =?ISO-8859-1?Q?=22J=FCrgen_A=2E_Erhard=22?= <[EMAIL PROTECTED]>
> wrote:
>Part: 1
>> "ozymandias" == ozymandias G desiderata 
><[EMAIL PROTECTED]> writes:
>
>ozymandias> Of course, this would be a different story if the web
>ozymandias> of trust were in more common usage, but it's not,
>
>Ever think of *why* that is?  And whether this is in any way related
>to people's keys not being on keyservers?
>
>ozymandias> outside of debian-maintainers and some small klatches
>ozymandias> of die-hard cypherpunks, some of whom are too paranoid
>ozymandias> to admit who they know anyway.
>
>Never seen that face, no officer, I don't know that man.  Barely even
>know my own face.  ;-)
>
>Bye, J
>
>-- 
> Jürgen A. Erhard  ([EMAIL PROTECTED], [EMAIL PROTECTED])
>  My WebHome: http://members.tripod.com/Juergen_Erhard"; 
> target="_new">http://members.tripod.com/Juergen_Erhard
>  "First there was nothing, and God created the light.  Now there was
> light, and there was still nothing, but you could see it."  -- Guy Sie
>Part: 2
>Attached File: Unnamed
>Download border="0" src="/email/images/attach.gif">

_
Get your free e-mail account: http://www.petekmail.com

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread John DOE 


Well I am not a guru on this subject and did not want to put my nose into that ( well 
this is my MsD project at the moment ) but as far as I know impersonation is not the 
only thing we try to achieve when we are using such things. We also use one way hash 
functions to get a value out of our message and this hash function is only private to 
us and the server keeps another function that can only verify if the hash value is 
really generated by us and is correct.This helps avoiding impersonation and altering 
of the message by third parties.Of course key management ( especially generation ) is 
not something easy ( 2 integers of 64 digits and prime is not as easy to generate as 
writing hello world in C ) but I do not believe it has necessity in the e-mail groups 
since we are not corresponding about money transitions of billion dolars and if you 
think the lamest thing in the world would be relaying from an e-mail server to this 
security list by an email that comes from [EMAIL PROTECTED] it does not show 
such significance.

PS : Mr Bouse thanx a lot for your attention in helping me. I think I have solved the 
problem with your help.There are great guys here and he is one of them.

John.


--- =?ISO-8859-1?Q?=22J=FCrgen_A=2E_Erhard=22?= <[EMAIL PROTECTED]>
> wrote:
>Part: 1
>> "ozymandias" == ozymandias G desiderata 
><[EMAIL PROTECTED]> writes:
>
>ozymandias> Of course, this would be a different story if the web
>ozymandias> of trust were in more common usage, but it's not,
>
>Ever think of *why* that is?  And whether this is in any way related
>to people's keys not being on keyservers?
>
>ozymandias> outside of debian-maintainers and some small klatches
>ozymandias> of die-hard cypherpunks, some of whom are too paranoid
>ozymandias> to admit who they know anyway.
>
>Never seen that face, no officer, I don't know that man.  Barely even
>know my own face.  ;-)
>
>Bye, J
>
>-- 
> Jürgen A. Erhard  ([EMAIL PROTECTED], [EMAIL PROTECTED])
>  My WebHome: http://members.tripod.com/Juergen_Erhard"; 
>target="_new">http://members.tripod.com/Juergen_Erhard
>  "First there was nothing, and God created the light.  Now there was
> light, and there was still nothing, but you could see it."  -- Guy Sie
>Part: 2
>Attached File: Unnamed
>Download border="0" src="/email/images/attach.gif">

_
Get your free e-mail account: http://www.petekmail.com


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Jürgen A. Erhard 
> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:

ozymandias> Of course, this would be a different story if the web
ozymandias> of trust were in more common usage, but it's not,

Ever think of *why* that is?  And whether this is in any way related
to people's keys not being on keyservers?

ozymandias> outside of debian-maintainers and some small klatches
ozymandias> of die-hard cypherpunks, some of whom are too paranoid
ozymandias> to admit who they know anyway.

Never seen that face, no officer, I don't know that man.  Barely even
know my own face.  ;-)

Bye, J

-- 
 Jürgen A. Erhard  ([EMAIL PROTECTED], [EMAIL PROTECTED])
  My WebHome: http://members.tripod.com/Juergen_Erhard
  "First there was nothing, and God created the light.  Now there was
 light, and there was still nothing, but you could see it."  -- Guy Sie


pgpM15UagoRPy.pgp
Description: PGP signature

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread "Jürgen A. Erhard" 

> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:

ozymandias> Of course, this would be a different story if the web
ozymandias> of trust were in more common usage, but it's not,

Ever think of *why* that is?  And whether this is in any way related
to people's keys not being on keyservers?

ozymandias> outside of debian-maintainers and some small klatches
ozymandias> of die-hard cypherpunks, some of whom are too paranoid
ozymandias> to admit who they know anyway.

Never seen that face, no officer, I don't know that man.  Barely even
know my own face.  ;-)

Bye, J

-- 
 Jürgen A. Erhard  ([EMAIL PROTECTED], [EMAIL PROTECTED])
  My WebHome: http://members.tripod.com/Juergen_Erhard
  "First there was nothing, and God created the light.  Now there was
 light, and there was still nothing, but you could see it."  -- Guy Sie

 PGP signature

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Tim Haynes 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hubert Chan <[EMAIL PROTECTED]> writes:

[snip]
> BTW, I don't know why people sign their mail to mailing lists (other than
> things like debian-security-announce). I do it because I think that all
> e-mail, and for that matter, all internet traffic, should be encrypted. 
> Of course this doesn't work on a mailing list (although there is an
> attempt to make a mailing list where it works), and signing seems to be
> the next best thing. It's also a big proclamation that "I am a PGP/GnuPG
> user," along with my sig that says, "Please encrypt *all* e-mail to me." 
> ;-)

It gives you one facet of someone's identity for later use - eg if I wanted
to know if you're the same Hubert as elseplaces, I'd compare GPG-keys. Or
if I wanted to know if someone else of the same name wasn't you, I'd
compare GPG-keys.

IOW, of itself a signed message proves nothing. OTOH when you put it with
other things, it starts to add crypto-strong value.

~Tim
- -- 
The blade cuts clean through|[EMAIL PROTECTED]
  the island soil,  |http://spodzone.org.uk/
The years roll back and |
the world grows small   |
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard 


iEYEARECAAYFAjtLS40ACgkQh3MeQyZWueTefgCfYjUNwSu9GNXHtWwooPPnHWgS
RsQAoIa6w4QHUaO9vlzQPdmEibY0biTe
=DW8P
-END PGP SIGNATURE-

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Hubert Chan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:

ozymandias> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert> PS. If you're going to PGP-sign your messages, you might want to
Hubert> upload your key to a server, so that we can check the sig.

ozymandias> At this late date, I'm a little confused as to what the
ozymandias> benefit of key servers are, and I'm even a little bit
ozymandias> confused why people PGP / GnuPG sign their mail to mailing
ozymandias> lists. As you will no doubt notice, I've gone along with
ozymandias> common practice and created a GnuPG key for use with mailing
ozymandias> lists and other low-trust / low-threat environments. I'm
ozymandias> just not sure why.

Keyservers are for distributing keys easily.  It's a whole lot easier to
upload once than to have people ask for your key.  In addition, I'd much
rather trust a key that I obtained a couple months before I needed to
encrypt something to you, than if I obtained it a couple
days/hours/minutes before by asking you to e-mail it to me.

BTW, I don't know why people sign their mail to mailing lists (other
than things like debian-security-announce).  I do it because I think
that all e-mail, and for that matter, all internet traffic, should be
encrypted.  Of course this doesn't work on a mailing list (although
there is an attempt to make a mailing list where it works), and signing
seems to be the next best thing.  It's also a big proclamation that "I
am a PGP/GnuPG user," along with my sig that says, "Please encrypt *all*
e-mail to me." ;-)

ozymandias> Let me explain.

ozymandias> It seems to me that the use of signatures on these lists is
ozymandias> to prove an association between a user and an e-mail
ozymandias> address, i.e. "yes, this e-mail actually comes from the
ozymandias> From: address specified in the header".  No more, no
ozymandias> less.

Actually, it doesn't even do that, since anyone can fake a key with that
e-mail address.  But that's a different story...

ozymandias> Unless you know me or have some other stake in knowing that
ozymandias> said mail is from where it says it is, this information is
ozymandias> of little use to you.

If the signature checks out fine, then we don't have much information.
If the signature doesn't check out, then we know that someone's doing
something nasty.  And it's harder to spoof a signature to an entire
mailing list.

Of course, no one is going to go through the effort of spoofing in a
simple mailing list.  So if, for whatever reason, I need to send you an
encrypted message a couple years down the road, and am unable to verify
your key, I would have at least one data point indicating that the key
that I have is "probably" correct, if I can check your signature with
it.

ozymandias> Furthermore, even if you do care, there's nothing stopping
ozymandias> determined attackers from inserting keys that misrepresent
ozymandias> themselves into the key server -- unless you as a recipient
ozymandias> decide to verify the fingerprint of my key. Since that step
ozymandias> must be accomplished anyway, how much of an additional
ozymandias> hassle is it to ask me for my key in the first place?

Key distribution and verification is best done over two separate
channels, if it's done over the Internet.  One channel can be spoofed,
but two channels is harder.

If it's done in meatspace, fingerprint verification is a lot easier than
distribution.  It's easier to verify a fingerprint over the phone than
to read off your key.  Fingerprints can be printed on business cards,
but keys cannot (unless you have a huge business card, or use a
micro-dot).

- -- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7S0mKZRhU33H9o38RAmizAJ0bpwN2B7CC55wtZKWcwsMeOoDXqACfQ3+u
+RhrS9mls1t2/M61HgvD9X4=
=lfT8
-END PGP SIGNATURE-

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Tim Haynes 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hubert Chan <[EMAIL PROTECTED]> writes:

[snip]
> BTW, I don't know why people sign their mail to mailing lists (other than
> things like debian-security-announce). I do it because I think that all
> e-mail, and for that matter, all internet traffic, should be encrypted. 
> Of course this doesn't work on a mailing list (although there is an
> attempt to make a mailing list where it works), and signing seems to be
> the next best thing. It's also a big proclamation that "I am a PGP/GnuPG
> user," along with my sig that says, "Please encrypt *all* e-mail to me." 
> ;-)

It gives you one facet of someone's identity for later use - eg if I wanted
to know if you're the same Hubert as elseplaces, I'd compare GPG-keys. Or
if I wanted to know if someone else of the same name wasn't you, I'd
compare GPG-keys.

IOW, of itself a signed message proves nothing. OTOH when you put it with
other things, it starts to add crypto-strong value.

~Tim
- -- 
The blade cuts clean through|[EMAIL PROTECTED]
  the island soil,  |http://spodzone.org.uk/
The years roll back and |
the world grows small   |
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard 

iEYEARECAAYFAjtLS40ACgkQh3MeQyZWueTefgCfYjUNwSu9GNXHtWwooPPnHWgS
RsQAoIa6w4QHUaO9vlzQPdmEibY0biTe
=DW8P
-END PGP SIGNATURE-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Hubert Chan 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:

ozymandias> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert> PS. If you're going to PGP-sign your messages, you might want to
Hubert> upload your key to a server, so that we can check the sig.

ozymandias> At this late date, I'm a little confused as to what the
ozymandias> benefit of key servers are, and I'm even a little bit
ozymandias> confused why people PGP / GnuPG sign their mail to mailing
ozymandias> lists. As you will no doubt notice, I've gone along with
ozymandias> common practice and created a GnuPG key for use with mailing
ozymandias> lists and other low-trust / low-threat environments. I'm
ozymandias> just not sure why.

Keyservers are for distributing keys easily.  It's a whole lot easier to
upload once than to have people ask for your key.  In addition, I'd much
rather trust a key that I obtained a couple months before I needed to
encrypt something to you, than if I obtained it a couple
days/hours/minutes before by asking you to e-mail it to me.

BTW, I don't know why people sign their mail to mailing lists (other
than things like debian-security-announce).  I do it because I think
that all e-mail, and for that matter, all internet traffic, should be
encrypted.  Of course this doesn't work on a mailing list (although
there is an attempt to make a mailing list where it works), and signing
seems to be the next best thing.  It's also a big proclamation that "I
am a PGP/GnuPG user," along with my sig that says, "Please encrypt *all*
e-mail to me." ;-)

ozymandias> Let me explain.

ozymandias> It seems to me that the use of signatures on these lists is
ozymandias> to prove an association between a user and an e-mail
ozymandias> address, i.e. "yes, this e-mail actually comes from the
ozymandias> From: address specified in the header".  No more, no
ozymandias> less.

Actually, it doesn't even do that, since anyone can fake a key with that
e-mail address.  But that's a different story...

ozymandias> Unless you know me or have some other stake in knowing that
ozymandias> said mail is from where it says it is, this information is
ozymandias> of little use to you.

If the signature checks out fine, then we don't have much information.
If the signature doesn't check out, then we know that someone's doing
something nasty.  And it's harder to spoof a signature to an entire
mailing list.

Of course, no one is going to go through the effort of spoofing in a
simple mailing list.  So if, for whatever reason, I need to send you an
encrypted message a couple years down the road, and am unable to verify
your key, I would have at least one data point indicating that the key
that I have is "probably" correct, if I can check your signature with
it.

ozymandias> Furthermore, even if you do care, there's nothing stopping
ozymandias> determined attackers from inserting keys that misrepresent
ozymandias> themselves into the key server -- unless you as a recipient
ozymandias> decide to verify the fingerprint of my key. Since that step
ozymandias> must be accomplished anyway, how much of an additional
ozymandias> hassle is it to ask me for my key in the first place?

Key distribution and verification is best done over two separate
channels, if it's done over the Internet.  One channel can be spoofed,
but two channels is harder.

If it's done in meatspace, fingerprint verification is a lot easier than
distribution.  It's easier to verify a fingerprint over the phone than
to read off your key.  Fingerprints can be printed on business cards,
but keys cannot (unless you have a huge business card, or use a
micro-dot).

- -- 
Hubert Chan <[EMAIL PROTECTED]> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Please encrypt *all* e-mail to me.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7S0mKZRhU33H9o38RAmizAJ0bpwN2B7CC55wtZKWcwsMeOoDXqACfQ3+u
+RhrS9mls1t2/M61HgvD9X4=
=lfT8
-END PGP SIGNATURE-


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Nick Phillips 
On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
> actually, you can get your public key signed by certification authorities.
> That would be ideal, but there aren't many people out there getting their
> keys certified.

Which is for the most part an utter waste of time, as they don't properly
verify that you are who you say you are anyway.

-- 
Nick Phillips -- [EMAIL PROTECTED]
People are beginning to notice you.  Try dressing before you leave the house.

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Nick Phillips 

On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
> actually, you can get your public key signed by certification authorities.
> That would be ideal, but there aren't many people out there getting their
> keys certified.

Which is for the most part an utter waste of time, as they don't properly
verify that you are who you say you are anyway.

-- 
Nick Phillips -- [EMAIL PROTECTED]
People are beginning to notice you.  Try dressing before you leave the house.


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-10 Thread Philippe BARNETCHE 
actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.

On Mon, Jul 09, 2001 at 06:58:24PM -0700, ozymandias G desiderata wrote:
> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
> 
> > PS. If you're going to PGP-sign your messages, you might want to upload
> > your key to a server, so that we can check the sig.
> 
> At this late date, I'm a little confused as to what the benefit of key
> servers are, and I'm even a little bit confused why people PGP / GnuPG
> sign their mail to mailing lists. As you will no doubt notice, I've
> gone along with common practice and created a GnuPG key for use with
> mailing lists and other low-trust / low-threat environments. I'm just
> not sure why.
> 
> Let me explain.
> 
> It seems to me that the use of signatures on these lists is to prove
> an association between a user and an e-mail address, i.e. "yes, this
> e-mail actually comes from the From: address specified in the header".
> No more, no less. Unless you know me or have some other stake in
> knowing that said mail is from where it says it is, this information
> is of little use to you. Furthermore, even if you do care, there's
> nothing stopping determined attackers from inserting keys that
> misrepresent themselves into the key server -- unless you as a
> recipient decide to verify the fingerprint of my key. Since that step
> must be accomplished anyway, how much of an additional hassle is it to
> ask me for my key in the first place?
> 
> Of course, this would be a different story if the web of trust were in
> more common usage, but it's not, outside of debian-maintainers and
> some small klatches of die-hard cypherpunks, some of whom are too
> paranoid to admit who they know anyway.
> 
> Sorry for the off-topicness, but you pushed one of my buttons, Hubert.
> 
> Forrest L Norvell,
> GnuPG key available upon request ;)
> 
> -- 
>. . . the self-reflecting image of a narcotized mind . . .
> ozymandias G desiderata [EMAIL PROTECTED] desperate, deathless
> (415)558-9064http://www.aoaioxxysz.com/  ::AOAIOXXYSZ::



-- 
Philippe BARNETCHE
AGISphere
14, Boulevard Vital Bouhot
92200 NEUILLY/SEINE
01 47 45 99 92
06 10 01 68 11

Re: signatures and keyservers (was Re: Apache, mod_auth_pam, pam_krb4, and you)

2001-07-09 Thread Philippe BARNETCHE 

actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.

On Mon, Jul 09, 2001 at 06:58:24PM -0700, ozymandias G desiderata wrote:
> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
> 
> > PS. If you're going to PGP-sign your messages, you might want to upload
> > your key to a server, so that we can check the sig.
> 
> At this late date, I'm a little confused as to what the benefit of key
> servers are, and I'm even a little bit confused why people PGP / GnuPG
> sign their mail to mailing lists. As you will no doubt notice, I've
> gone along with common practice and created a GnuPG key for use with
> mailing lists and other low-trust / low-threat environments. I'm just
> not sure why.
> 
> Let me explain.
> 
> It seems to me that the use of signatures on these lists is to prove
> an association between a user and an e-mail address, i.e. "yes, this
> e-mail actually comes from the From: address specified in the header".
> No more, no less. Unless you know me or have some other stake in
> knowing that said mail is from where it says it is, this information
> is of little use to you. Furthermore, even if you do care, there's
> nothing stopping determined attackers from inserting keys that
> misrepresent themselves into the key server -- unless you as a
> recipient decide to verify the fingerprint of my key. Since that step
> must be accomplished anyway, how much of an additional hassle is it to
> ask me for my key in the first place?
> 
> Of course, this would be a different story if the web of trust were in
> more common usage, but it's not, outside of debian-maintainers and
> some small klatches of die-hard cypherpunks, some of whom are too
> paranoid to admit who they know anyway.
> 
> Sorry for the off-topicness, but you pushed one of my buttons, Hubert.
> 
> Forrest L Norvell,
> GnuPG key available upon request ;)
> 
> -- 
>. . . the self-reflecting image of a narcotized mind . . .
> ozymandias G desiderata [EMAIL PROTECTED] desperate, deathless
> (415)558-9064http://www.aoaioxxysz.com/  ::AOAIOXXYSZ::



-- 
Philippe BARNETCHE
AGISphere
14, Boulevard Vital Bouhot
92200 NEUILLY/SEINE
01 47 45 99 92
06 10 01 68 11


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]