<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">It’s all possible, but it isn’t something we’ve put a lot of effort into. Why not? Well if the DB tables are stolen, you’ve got some serious issues anyway. Unlike user passwords, where hashing and salting are a very good idea indeed, these are all randomly generated high entropy values that are designed to be rotated relatively easily. Getting a user to pick and use a new password is a huge friction point. Getting a client to configure a new secret or get a new token is almost assumed by the protocols. <div class=""><br class=""></div><div class="">Tokens don’t really need to be stored as-is, though it’s simpler that way to do the lookup. And the truth is that if your database is stolen, you’d want to rotate everything anyway even if it’s hashed, for the simple reason that someone got their hands on your DB and you shouldn’t trust that it wasn’t manipulated. The good news here is that because it’s not user passwords, those secrets won’t be usable outside of your AS.<div class=""><br class=""></div><div class="">Furthermore, some operations do need the client secret available in its original unhashed form. Namely: dynamic client configuration management (unless you want to rotate the secret on every read/update), and the client_secret_jwt authentication methods and HS* token signing mechanisms. All of those need the client secret as-is to function and won’t work on a hashed value. </div><div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Dec 13, 2016, at 6:54 AM, Chris Hutton <<a href="mailto:chris.hutton@callsign.com" class="">chris.hutton@callsign.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class="">Yes, from your link</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class="">"It sounds like we are generating the client's secret, and that needs to be passed on to the client after it is generated (and this is the ONLY time we need the plaintext). If so, then would it work to just notify the client about the secret (using some secure means) after it's generated, but before it is stored & encoded?"</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class="">Seems to confirm the investigation I was doing.</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">Dominik Schmich wrote:</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><blockquote cite="mid:BC07D7EA39C6184BA034EA776CB2C46D013767F2@UCDEDC1PWXMR007.de.db.com" type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><div class="WordSection1" style="page: WordSection1;"><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 10pt;" class="">Classification:<span class="Apple-converted-space"> </span><b class="">For internal use only</b></span><o:p class=""></o:p></p><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Ahh, got it<span class="Apple-converted-space"> </span></span><span style="font-size: 11pt; font-family: Wingdings; color: rgb(31, 73, 125);" class="">J</span><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">I guess it can be related to<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/55" style="color: purple; text-decoration: underline;" class="">https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/55</a><span class="Apple-converted-space"> </span>aswell.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;"><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Beste Grüße / Kind regards,<br class="">Dominik Schmich</span><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""></o:p></span></p><div class=""><div style="border-style: solid none none; border-top-color: rgb(225, 225, 225); border-top-width: 1pt; padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><a moz-do-not-send="true" name="_____replyseparator" class=""></a><b class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class="">From:</span></b><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class=""><span class="Apple-converted-space"> </span>Chris Hutton [<a class="moz-txt-link-freetext" href="mailto:chris.hutton@callsign.com" style="color: purple; text-decoration: underline;">mailto:chris.hutton@callsign.com</a>]<span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Dienstag, 13. Dezember 2016 12:17<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Dominik Schmich<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:dominik.schmich@db.com" style="color: purple; text-decoration: underline;"><dominik.schmich@db.com></a><br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span><a class="moz-txt-link-abbreviated" href="mailto:jricher@mit.edu" style="color: purple; text-decoration: underline;">jricher@mit.edu</a>;<span class="Apple-converted-space"> </span><a class="moz-txt-link-abbreviated" href="mailto:mitreid-connect@mit.edu" style="color: purple; text-decoration: underline;">mitreid-connect@mit.edu</a><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [mitreid-connect] Storage of Tokens in DB [I]<o:p class=""></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">Hi Dominik,<br class=""><br class="">It was more of a theoretical solution rather than a branch on GitHub. We have implemented our own OAuth2TokenRepository and this seems to be one level higher up the code calling stack<br class=""><br class="">Dominik Schmich wrote:<o:p class=""></o:p></p><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 10pt;" class="">Classification:<span class="Apple-converted-space"> </span><b class="">For internal use only</b></span><o:p class=""></o:p></p><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Hi Chris,</span><o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""> </span><o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">can you point me to „your proposed solution“? I didn’t find it<span class="Apple-converted-space"> </span></span><span lang="EN-US" style="font-size: 11pt; font-family: Wingdings; color: rgb(31, 73, 125);" class="">J</span><o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""> </span><o:p class=""></o:p></div><div class=""><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;"><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Beste Grüße / Kind regards,<br class="">Dominik Schmich</span><o:p class=""></o:p></p></div><div class=""><div style="border-style: solid none none; border-top-color: rgb(225, 225, 225); border-top-width: 1pt; padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><b class=""><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class="">From:</span></b><span lang="EN-US" style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class=""><span class="Apple-converted-space"> </span>Chris Hutton [<a moz-do-not-send="true" href="mailto:chris.hutton@callsign.com" style="color: purple; text-decoration: underline;" class="">mailto:chris.hutton@callsign.com</a>]<span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Dienstag, 13. Dezember 2016 12:04<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Dominik Schmich<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="mailto:dominik.schmich@db.com" style="color: purple; text-decoration: underline;" class=""><dominik.schmich@db.com></a><br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="mailto:jricher@mit.edu" style="color: purple; text-decoration: underline;" class="">jricher@mit.edu</a>;<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="mailto:mitreid-connect@mit.edu" style="color: purple; text-decoration: underline;" class="">mitreid-connect@mit.edu</a><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [mitreid-connect] Storage of Tokens in DB [I]</span><o:p class=""></o:p></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""> <o:p class=""></o:p></div><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">It seems that you could can pass a JTI or hashed value into the DefaultOAuth2ProviderTokenService (OAuth2TokenEntityService) before it calls the JpaOAuth2TokenRepository (OAuth2TokenRepository).<span class="Apple-converted-space"> </span><br class=""><br class="">There are a couple of methods to watch out for:<br class="">- OAuth2TokenRepository#getAccessTokenByValue<br class="">- OAuth2TokenRepository#getRefreshTokenByValue<br class="">With both these methods in my proposed solution, the parameter would become the hashed value or JTI.<br class=""><br class="">There are a number of methods in the /tokens api that expose the token object for example TokenAPI#getAccessTokenById using m.put(JsonEntityView.ENTITY, token); however I don't think external API clients use the token value.<o:p class=""></o:p></p><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">--<span class="Apple-converted-space"> </span><br class="">Chris Hutton<span class="Apple-converted-space"> </span><o:p class=""></o:p></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Head of Development<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Callsign Inc.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">[C]<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="https://get.callsign.com/chris" style="color: purple; text-decoration: underline;" class="">chris</a><o:p class=""></o:p></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br class=""><br class="">--------------------------------------------------------------- This message<br class="">was pgp signed but couldn't be verified successfully. Typically this is caused<br class="">because Deutsche Bank hasn't yet trusted the PGP key of the sender.<o:p class=""></o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br class=""><span style="font-family: Arial, sans-serif;" class=""><br class="">---<br class="">Die Europäische Kommission hat unter<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="http://ec.europa.eu/consumers/odr/" style="color: purple; text-decoration: underline;" class="">http://ec.europa.eu/consumers/odr/</a><span class="Apple-converted-space"> </span>eine Europäische Online-Streitbeilegungsplattform (OS-Plattform) errichtet. Die OS-Plattform kann ein Verbraucher für die außergerichtliche Beilegung einer Streitigkeit aus Online-Verträgen mit einem in der EU niedergelassenen Unternehmen nutzen.<br class=""><br class="">Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="https://www.deutsche-bank.de/Pflichtangaben" style="color: purple; text-decoration: underline;" class="">https://www.deutsche-bank.de/Pflichtangaben</a>. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.<br class=""><br class="">The European Commission has established a European online dispute resolution platform (OS platform) under<a moz-do-not-send="true" href="http://ec.europa.eu/consumers/odr/" style="color: purple; text-decoration: underline;" class="">http://ec.europa.eu/consumers/odr/</a>. The OS platform can be used by a consumer for the extra-judicial settlement of a dispute of online contracts with a provider established in the EU companies.<br class=""><br class="">Please refer to<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="https://www.db.com/disclosures" style="color: purple; text-decoration: underline;" class="">https://www.db.com/disclosures</a><span class="Apple-converted-space"> </span>for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.</span><o:p class=""></o:p></div></blockquote><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">--<span class="Apple-converted-space"> </span><br class="">Chris Hutton<span class="Apple-converted-space"> </span><o:p class=""></o:p></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Head of Development<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">Callsign Inc.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">[C]<span class="Apple-converted-space"> </span><a moz-do-not-send="true" href="https://get.callsign.com/chris" style="color: purple; text-decoration: underline;" class="">chris</a><o:p class=""></o:p></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br class=""><br class="">--------------------------------------------------------------- This message<br class="">was pgp signed but couldn't be verified successfully. Typically this is caused<br class="">because Deutsche Bank hasn't yet trusted the PGP key of the sender.<o:p class=""></o:p></div></div><br class=""><font face="Arial" size="3" class=""><br class="">---<br class="">Die Europäische Kommission hat unter<span class="Apple-converted-space"> </span><a class="moz-txt-link-freetext" href="http://ec.europa.eu/consumers/odr/" style="color: purple; text-decoration: underline;">http://ec.europa.eu/consumers/odr/</a><span class="Apple-converted-space"> </span>eine Europäische Online-Streitbeilegungsplattform (OS-Plattform) errichtet. Die OS-Plattform kann ein Verbraucher für die außergerichtliche Beilegung einer Streitigkeit aus Online-Verträgen mit einem in der EU niedergelassenen Unternehmen nutzen.<br class=""><br class="">Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter<span class="Apple-converted-space"> </span><a class="moz-txt-link-freetext" href="https://www.deutsche-bank.de/Pflichtangaben" style="color: purple; text-decoration: underline;">https://www.deutsche-bank.de/Pflichtangaben</a>. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.<br class=""><br class="">The European Commission has established a European online dispute resolution platform (OS platform) under<span class="Apple-converted-space"> </span><a class="moz-txt-link-freetext" href="http://ec.europa.eu/consumers/odr/" style="color: purple; text-decoration: underline;">http://ec.europa.eu/consumers/odr/</a>. The OS platform can be used by a consumer for the extra-judicial settlement of a dispute of online contracts with a provider established in the EU companies.<br class=""><br class="">Please refer to<span class="Apple-converted-space"> </span><a class="moz-txt-link-freetext" href="https://www.db.com/disclosures" style="color: purple; text-decoration: underline;">https://www.db.com/disclosures</a><span class="Apple-converted-space"> </span>for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.<br class=""></font></blockquote><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class=""><div class="moz-signature" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">--<span class="Apple-converted-space"> </span><br class="">Chris Hutton<div class="">Head of Development</div><div class="">Callsign Inc.</div><div class="">[C]<span class="Apple-converted-space"> </span><a href="https://get.callsign.com/chris" style="color: purple; text-decoration: underline;" class="">chris</a><br class=""></div></div></div></blockquote></div><br class=""></div></div></body></html>