From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 15:05:36 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AD171065673 for ; Sat, 17 Apr 2010 15:05:36 +0000 (UTC) (envelope-from tjg@soe.ucsc.edu) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mx1.freebsd.org (Postfix) with ESMTP id 21EF68FC1D for ; Sat, 17 Apr 2010 15:05:35 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 30E4210082B7 for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail-01.cse.ucsc.edu Received: from mail-01.cse.ucsc.edu ([127.0.0.1]) by localhost (mail-01.cse.ucsc.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u8gEe4eCeAfg for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 131ED100824B for ; Sat, 17 Apr 2010 07:49:55 -0700 (PDT) Date: Sat, 17 Apr 2010 07:49:55 -0700 (PDT) From: Tim Gustafson To: freebsd-security@freebsd.org Message-ID: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [98.234.59.118] X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0 ([unknown])/5.0.20_GA_3127.RHEL5_64) Subject: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 15:05:36 -0000 Hi, I run a few web servers with need to be PCI compliant. Apparently there's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l for us to maintain our compliance level. I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is still at 0.9.8k. Using RELENG_8 isn't really an option for me because the last I upgraded to that level, ipfw was broken and I'm not sure that the problem with ipfw has been fixed (Luigi tells me that it has, but I haven't had time to test it yet). Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? Or will I be stuck with 0.9.8k until I move to RELENG_8? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354 From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 16:01:13 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A88A21065673 for ; Sat, 17 Apr 2010 16:01:13 +0000 (UTC) (envelope-from tjg@soe.ucsc.edu) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mx1.freebsd.org (Postfix) with ESMTP id 8EB618FC0C for ; Sat, 17 Apr 2010 16:01:13 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 4ADA110082F3; Sat, 17 Apr 2010 09:01:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at mail-01.cse.ucsc.edu Received: from mail-01.cse.ucsc.edu ([127.0.0.1]) by localhost (mail-01.cse.ucsc.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8-t3K5-G1ob; Sat, 17 Apr 2010 09:01:13 -0700 (PDT) Received: from mail-01.cse.ucsc.edu (mail-01.cse.ucsc.edu [128.114.48.32]) by mail-01.cse.ucsc.edu (Postfix) with ESMTP id 3105810080E6; Sat, 17 Apr 2010 09:01:13 -0700 (PDT) Date: Sat, 17 Apr 2010 09:01:13 -0700 (PDT) From: Tim Gustafson To: APseudoUtopia Message-ID: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [98.234.59.118] X-Mailer: Zimbra 5.0.20_GA_3127.RHEL5_64 (ZimbraWebClient - FF3.0 ([unknown])/5.0.20_GA_3127.RHEL5_64) Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 16:01:13 -0000 > This isn't an answer to your question, but you could > always use OpenSSL from the ports tree. I'm hesitant to do so because in the past I've had problem when I've used the ports to upgrade base OS-level stuff, like OpenSSL or Sendmail, then the buildworld cycle overwrites the ports library and the ports library overwrites the OS-level stuff and so on, which in the past has caused general mayhem. It seems to me that the exploits purported to exist in 0.9.8k are serious enough to merit an upgrade to 0.9.8l for everyone. Is there a reason why you wouldn't want to upgrade to 0.9.8l? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354 From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 16:12:43 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AB7D1065672 for ; Sat, 17 Apr 2010 16:12:43 +0000 (UTC) (envelope-from apseudoutopia@gmail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id D3F938FC1A for ; Sat, 17 Apr 2010 16:12:42 +0000 (UTC) Received: by wwa36 with SMTP id 36so2189309wwa.13 for ; Sat, 17 Apr 2010 09:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Nvx1+1JetMBUelK3AK6OORdRPY279SqLtRLlOSYLO18=; b=fwyvoaeuU6fLotY1kW7HTy5JaL+028tZJLgRUf4lom1KrqMa52QZNRs/OzphC8Fkzs X3BGibp0EoPgSK7nZxkklGgZ7/SaM793RHu1luJcYuKGcQNi64lMPDEWMPa34ySmG6HL 8MwAZ4914nNetvQLZoVdRYmsMlugqGAia6c2Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=New2q15eMCcN0id+9fAIFMfBNKgpyK0gtZ9fi/l6nyvaFHNHIejCNMAlXV/ZYFz/da l3P8FSHHWO6XlzGs49duEBLheEq/WyJDks36xAi6+1hbQrC4iUw1MqkXqT7LLp+4QQiK ge5uil5RZ26YKuX7rNbu19EQKrsY4HwKi53v4= MIME-Version: 1.0 Received: by 10.216.220.219 with HTTP; Sat, 17 Apr 2010 08:12:03 -0700 (PDT) In-Reply-To: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> References: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> Date: Sat, 17 Apr 2010 11:12:03 -0400 Received: by 10.216.174.129 with SMTP id x1mr2014015wel.140.1271517123721; Sat, 17 Apr 2010 08:12:03 -0700 (PDT) Message-ID: From: APseudoUtopia To: Tim Gustafson Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 16:12:43 -0000 On Sat, Apr 17, 2010 at 10:49 AM, Tim Gustafson wrote: > Hi, > > I run a few web servers with need to be PCI compliant. =C2=A0Apparently t= here's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l = for us to maintain our compliance level. > > I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is st= ill at 0.9.8k. =C2=A0Using RELENG_8 isn't really an option for me because t= he last I upgraded to that level, ipfw was broken and I'm not sure that the= problem with ipfw has been fixed (Luigi tells me that it has, but I haven'= t had time to test it yet). > > Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? =C2=A0Or w= ill I be stuck with 0.9.8k until I move to RELENG_8? > > Tim Gustafson This isn't an answer to your question, but you could always use OpenSSL from the ports tree. http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssl/ It's at version 1.0.0. From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 16:43:42 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE4491065674 for ; Sat, 17 Apr 2010 16:43:42 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [IPv6:2001:470:a803::1]) by mx1.freebsd.org (Postfix) with ESMTP id 760278FC16 for ; Sat, 17 Apr 2010 16:43:42 +0000 (UTC) Received: from mail.geekcn.org (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 77781A57788; Sun, 18 Apr 2010 00:43:41 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by mail.geekcn.org (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with LMTP id 56LHEMAjH4iZ; Sun, 18 Apr 2010 00:43:35 +0800 (CST) Received: from delta.delphij.net (c-69-181-249-146.hsd1.ca.comcast.net [69.181.249.146]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 8AB78A57792; Sun, 18 Apr 2010 00:43:34 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=Iu6L5zC3fLVMiBgNg6frZlw2zB4NIXp+6kQQ6nKB5O1HtoxyVKcS+Z2WU8EKdGFS/ ki+l1y2EWuIAx91++2Lcw== Message-ID: <4BC9E532.5020108@delphij.net> Date: Sat, 17 Apr 2010 09:43:30 -0700 From: Xin LI Organization: The Geek China Organization User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.9) Gecko/20100408 Thunderbird/3.0.4 ThunderBrowse/3.2.8.1 MIME-Version: 1.0 To: Tim Gustafson References: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> X-Enigmail-Version: 1.0.1 OpenPGP: id=3FCA37C1; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 16:43:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010/04/17 07:49, Tim Gustafson wrote: > Hi, > > I run a few web servers with need to be PCI compliant. Apparently there's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l for us to maintain our compliance level. > > I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is still at 0.9.8k. Using RELENG_8 isn't really an option for me because the last I upgraded to that level, ipfw was broken and I'm not sure that the problem with ipfw has been fixed (Luigi tells me that it has, but I haven't had time to test it yet). > > Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? Or will I be stuck with 0.9.8k until I move to RELENG_8? RELENG_8_0 is considered as "frozen" which means we will do massive upgrade there. RELENG_8 would have the latest OpenSSL. Note that "cheery picking" style of changes _may_ be permitted on RELENG_8_0 per re@ and security-officer@'s decision. If you know what the problem is, please feel free to let secteam@FreeBSD.org know, ideally with a reference to OpenSSL bug tracking system, a CVE number, etc. so we will be able to handle it more quickly. We do have patched RELENG_8_0 before 8.0-RELEASE for a few SSL protocol flaws. http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc Hope this helps. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLyeUyAAoJEATO+BI/yjfB1+MH/09y/TwPiSBwo/du9g3MdUX/ hiT0zI1FKgjEVEYw/QkEKD5F5TJLVQqhmgrW//JYzpVYt2w+QVZuEbuH2Mtf/wXk 6Py8Un3mUjeC7O2gEKmi0XgWX5cyFPariF4DGiXrZE0aO1y3xg/9SYwvuYX2dXdQ 4loqv4A74qTDiBedm/dLVFG7wlED5Tk03fgtvbyhbdEH5Dy7JnvUvgUc1P4/c2dN zkBs4lRn+zd31itORyq1HmvmD5dWcpbXeEyb7OoSDZAsreCWfn5I623oEdhoumem bJWsv8pSU6qc9ENY5Oot4CLhnweT3UvnMBTebM4egqG9YSvTwIRDqaVkHaPLdtw= =UH5d -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 17:53:57 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34DEE1065672 for ; Sat, 17 Apr 2010 17:53:57 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id B7AAE8FC15 for ; Sat, 17 Apr 2010 17:53:56 +0000 (UTC) Received: (qmail 32349 invoked by uid 399); 17 Apr 2010 17:53:55 -0000 Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 17 Apr 2010 17:53:55 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4BC9F5B2.8080300@FreeBSD.org> Date: Sat, 17 Apr 2010 10:53:54 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.9) Gecko/20100330 Thunderbird/3.0.4 MIME-Version: 1.0 To: Tim Gustafson References: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu> X-Enigmail-Version: 1.0.1 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, APseudoUtopia Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 17:53:57 -0000 On 04/17/10 09:01, Tim Gustafson wrote: >> This isn't an answer to your question, but you could always use >> OpenSSL from the ports tree. > > I'm hesitant to do so because in the past I've had problem when I've > used the ports to upgrade base OS-level stuff, like OpenSSL or > Sendmail, then the buildworld cycle overwrites the ports library and > the ports library overwrites the OS-level stuff and so on, which in > the past has caused general mayhem. Read the src.conf man page for knobs to disable parts of the base that you install from ports. Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 17:56:48 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D81C106564A for ; Sat, 17 Apr 2010 17:56:48 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id B9D2E8FC17 for ; Sat, 17 Apr 2010 17:56:47 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o3HHuhH5053776 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 17 Apr 2010 18:56:43 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4BC9F65B.3030909@infracaninophile.co.uk> Date: Sat, 17 Apr 2010 18:56:43 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Tim Gustafson References: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu> In-Reply-To: <1576323409.700861271520073086.JavaMail.root@mail-01.cse.ucsc.edu> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-security@freebsd.org, APseudoUtopia Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 17:56:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/04/2010 17:01:13, Tim Gustafson wrote: >> This isn't an answer to your question, but you could >> always use OpenSSL from the ports tree. > > I'm hesitant to do so because in the past I've had problem when I've > used the ports to upgrade base OS-level stuff, like OpenSSL or Sendmail, > then the buildworld cycle overwrites the ports library and the ports > library overwrites the OS-level stuff and so on, which in the past has > caused general mayhem. This is why you *don't* want to use the overwrite base option. It has it's uses, but for most people it's better to steer clear. Instead, install OpenSSL 1.0.0 from ports. Make sure your /etc/make.conf contains this: WITH_OPENSSL_PORT= yes Then rebuild any ports that link against any of the OpenSSL shlibs. Only ported software gets linked against the ports version of OpenSSL, so you might want to switch to the ports version of eg. sendmail. Note that there are still security bugs in many versions up to and including 0.9.8m, and you should probably upgrade to at least 0.9.8n: http://www.openssl.org/news/secadv_20100324.txt > It seems to me that the exploits purported to exist in 0.9.8k are > serious enough to merit an upgrade to 0.9.8l for everyone. Is there > a reason why you wouldn't want to upgrade to 0.9.8l? The bugs in 0.9.8k (to do with MITM code injection) were worked around at the time by disabling session renegotiation. Most of the time this is invisible to end users and solves the vulnerability, but some applications might cease to work. If your base system is patched up to date or you've at least applied this: http://security.freebsd.org/advisories/FreeBSD-SA-09:15.ssl.asc then it will contain a small patch to the SSL libraries with the work around as above. The OpenSSL version number wasn't bumped, so idiot security scans will still think you are vulnerable to the MITM attack even though that is not the case. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvJ9lsACgkQ8Mjk52CukIz5zQCfdf9K0ageAUSDhSlOKJ0V3RGl NM8An3tKJnm0wbccS6EPrtcUTT9IURPa =PZm3 -----END PGP SIGNATURE-----