From weiler+secdir@watson.org  Mon Aug  1 09:16:29 2011
Return-Path: <weiler+secdir@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDC7C11E80E4 for <secdir@ietfa.amsl.com>; Mon,  1 Aug 2011 09:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MI-enzPWbp5d for <secdir@ietfa.amsl.com>; Mon,  1 Aug 2011 09:16:29 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id 3FDCD11E8077 for <secdir@ietf.org>; Mon,  1 Aug 2011 09:16:29 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id p71GGZqR037828 for <secdir@ietf.org>; Mon, 1 Aug 2011 12:16:35 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id p71GGZ1Z037824 for <secdir@ietf.org>; Mon, 1 Aug 2011 12:16:35 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Mon, 1 Aug 2011 12:16:35 -0400 (EDT)
From: Samuel Weiler <weiler+secdir@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: secdir@ietf.org
Message-ID: <alpine.BSF.2.00.1108011215060.55379@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Mon, 01 Aug 2011 12:16:35 -0400 (EDT)
Subject: [secdir] assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 16:16:30 -0000

The last assignment message was well before the Quebec meeting.

Russ Mundy is next in the rotation.

Review instructions and related resources are at:
         http://tools.ietf.org/area/sec/trac/wiki/SecDirReview


For telechat 2011-08-11

Reviewer                 LC end     Draft
Derek Atkins           T 2011-07-04 draft-ietf-roll-of0-15
Rob Austein            T 2011-07-18 draft-shiomoto-ccamp-switch-programming-05
Alan DeKok             T 2011-07-11 draft-ietf-mpls-mldp-recurs-fec-04
Sam Hartman            TR2011-07-19 draft-ietf-msec-gdoi-update-09
Love Hornquist-Astrand T 2011-07-15 draft-ietf-softwire-dslite-radius-ext-04
Joe Salowey            T 2011-05-30 draft-ietf-mpls-lsp-ping-enhanced-dsmap-10
Carl Wallace           T 2011-07-21 draft-forte-lost-extensions-07
Sam Weiler             T 2011-07-20 draft-gutmann-cms-hmac-enc-05


For telechat 2011-08-25

Reviewer                 LC end     Draft
Chris Lonvick          T 2011-08-12 draft-ietf-pim-hello-intid-01
Ondrej Sury            T 2011-06-30 draft-ietf-sidr-rescerts-provisioning-10

Last calls and special requests:

Reviewer                 LC end     Draft
Tobias Gondrom           2011-08-04 draft-doria-genart-experience-04
Jeffrey Hutzelman        2011-07-22 draft-ietf-p2psip-base-17
Charlie Kaufman          2011-07-19 draft-ietf-dane-use-cases-05
Scott Kelly              2011-08-22 draft-dijkstra-urn-ogf-06
Stephen Kent             2011-08-15 draft-ietf-karp-threats-reqs-03
Tero Kivinen             2011-08-26 draft-gundavelli-v6ops-pmipv6-address-reservations-00
Warren Kumari            2011-08-12 draft-ietf-krb-wg-clear-text-cred-01
Julien Laganier          2011-08-12 draft-ietf-lisp-lig-03
Barry Leiba              2011-08-12 draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
Matt Lepinski            2011-08-16 draft-ietf-ospf-auth-trailer-ospfv3-05
David McGrew             2011-08-24 draft-kivinen-ipsecme-secure-password-framework-01
Catherine Meadows       R2011-04-13 draft-ietf-speechsc-mrcpv2-25
Catherine Meadows        2011-08-09 draft-yevstifeyev-ion-report-06
Kathleen Moriarty        -          draft-ietf-hybi-thewebsocketprotocol-10
Russ Mundy               2011-06-30 draft-ietf-karp-design-guide-02
Tim Polk                 2011-05-11 draft-ietf-vrrp-unified-mib-09
Tina TSOU                2011-04-23 draft-shin-augmented-pake-08
Glen Zorn                2011-06-28 draft-li-pwe3-ms-pw-pon-04

From new-work-bounces@ietf.org  Mon Aug  1 06:39:35 2011
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3546011E80BB; Mon,  1 Aug 2011 06:39:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1312205975; bh=mOy38YlhHycvvMPk2ZkGlp9UkFb4Rmc6gz91Z+2B3eE=; h=From:Date:To:Message-Id:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=XCVVAgfYYRr6jSChgYnLX4u9jTtynXx0zZIjJf5cYDGprYkyvUOxVo6GpmahvAjOf AZSNF7IEGTlRAwIdN9+YUBhn0gbdfn/3ILnaoPFevBE0N2BpHA9wwibJvhKpM7oWBg EB/pnvtuq6/+RO8pfYCa56wcwbx4xl2Fm/Pw+JHk=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D9D11E8090 for <new-work@ietfa.amsl.com>; Mon,  1 Aug 2011 06:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.669
X-Spam-Level: 
X-Spam-Status: No, score=-9.669 tagged_above=-999 required=5 tests=[AWL=0.929,  BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H63MTd1+VNE8 for <new-work@ietfa.amsl.com>; Mon,  1 Aug 2011 06:39:31 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 2C9B621F8BAB for <new-work@ietf.org>; Mon,  1 Aug 2011 06:39:31 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by jay.w3.org with esmtp (Exim 4.69) (envelope-from <ij@w3.org>) id 1QnsiV-0006sl-Ov; Mon, 01 Aug 2011 09:39:35 -0400
From: Ian Jacobs <ij@w3.org>
Date: Mon, 1 Aug 2011 09:39:35 -0400
To: new-work@ietf.org
Message-Id: <1CD4A8C5-37F1-43F7-ABE7-6BAD6399AD95@w3.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Mon, 01 Aug 2011 09:27:56 -0700
Subject: [secdir] [new-work] Proposed W3C Charters: Tracking Protection Working Group, Privacy Interest Group (until 2011-08-29)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 13:39:35 -0000

Hello,

Today W3C Advisory Committee Representatives received a Proposal to revise the Privacy Activity [0] (see the W3C Process Document description of Activity Proposals [1]). This proposal includes draft charters for two groups:

  Tracking Protection Working Group 
  http://www.w3.org/2011/tracking-protection/charter-draft 
  
  Privacy Interest Group:
  http://www.w3.org/2011/07/privacy-ig-charter

As part of ensuring that the community is aware of proposed work at W3C, this draft charter is public during the Advisory Committee review period.

W3C invites public comments through 2011-08-29 on the proposed charter. Please send comments to public-new-work@w3.org, which has a public archive: 
  http://lists.w3.org/Archives/Public/public-new-work/

Other than comments sent in formal responses by W3C Advisory Committee Representatives, W3C cannot guarantee a response to comments. If you work for a W3C Member [2], please coordinate your comments with your Advisory Committee Representative. For example, you may wish to make public comments via this list and have your Advisory Committee Representative refer to it from his or her formal review comments.

If you should have any questions or need further information, please contact Nick Doty, Privacy Analyst <npdoty@w3.org>.

Thank you,

Ian Jacobs, Head of W3C Communications

[0] http://www.w3.org/Privacy/Activity
[1]
http://www.w3.org/2005/10/Process-20051014/activities#ActivityCreation
[2] http://www.w3.org/Consortium/Member/List

--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work

From new-work-bounces@ietf.org  Mon Aug  1 06:42:15 2011
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76E3911E80BB; Mon,  1 Aug 2011 06:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1312206135; bh=IF1+o8F49Y035JA4reDZojU0/+XrNrZBC/BK0yOo/sI=; h=From:Date:To:Message-Id:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=ghs8+xOpJJ+Yp4vJv1X8Ke+naT9Z3AhRQIZnpmzCwa/KM9+xAfkVH8l+Y4dLDC2jH nMH3WL5FMfdfEYvc8j+I5r4COaK+G7qz5veKHf6VqQ8KmZmdKsnDhHk+470Mqe+eCH nhE2B6sX+72mf7A3HU8DD/bzP+FCOE+REKviEfBU=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A5411E80CF for <new-work@ietfa.amsl.com>; Mon,  1 Aug 2011 06:42:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.834
X-Spam-Level: 
X-Spam-Status: No, score=-9.834 tagged_above=-999 required=5 tests=[AWL=0.165,  BAYES_00=-2.599, J_CHICKENPOX_48=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdNWjrH138EH for <new-work@ietfa.amsl.com>; Mon,  1 Aug 2011 06:42:13 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 8459711E809D for <new-work@ietf.org>; Mon,  1 Aug 2011 06:42:13 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by jay.w3.org with esmtp (Exim 4.69) (envelope-from <ij@w3.org>) id 1Qnsl9-00074f-N4; Mon, 01 Aug 2011 09:42:19 -0400
From: Ian Jacobs <ij@w3.org>
Date: Mon, 1 Aug 2011 09:42:19 -0400
To: new-work@ietf.org
Message-Id: <E0950024-608A-4557-8E99-7EAFC3B4F0A8@w3.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Mon, 01 Aug 2011 09:27:56 -0700
Subject: [secdir] [new-work] Proposed W3C Charter: Semantic Web Health Care and Life	Sciences Interest Group (until 2011-08-29)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 13:42:15 -0000

Hello,

Today W3C Advisory Committee Representatives received a Proposal to revise the Semantic Web Activity [0] (see the W3C Process Document description of Activity Proposals [1]). This proposal includes a draft charter for the Semantic Web Health Care and Life Sciences Interest Group: 
  http://www.w3.org/2011/05/HCLSIGCharter-proposal

As part of ensuring that the community is aware of proposed work at W3C, this draft charter is public during the Advisory Committee review period.

W3C invites public comments through 2011-08-29 on the proposed charter. Please send comments to public-new-work@w3.org, which has a public archive:
  http://lists.w3.org/Archives/Public/public-new-work/

Other than comments sent in formal responses by W3C Advisory Committee Representatives, W3C cannot guarantee a response to comments. If you work for a W3C Member [2], please coordinate your comments with your Advisory Committee Representative. For example, you may wish to make public comments via this list and have your Advisory Committee Representative refer to it from his or her formal review comments.

If you should have any questions or need further information, please contact Eric Prud'hommeaux, Team Contact <eric@w3.org>.

Thank you,

Ian Jacobs, Head of W3C Communications

[0] http://www.w3.org/2001/sw/
[1]
http://www.w3.org/2005/10/Process-20051014/activities#ActivityCreation
[2] http://www.w3.org/Consortium/Member/List
--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work

From hartmans@mit.edu  Mon Aug  1 09:51:09 2011
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A365D21F8ED0; Mon,  1 Aug 2011 09:51:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.126
X-Spam-Level: 
X-Spam-Status: No, score=-104.126 tagged_above=-999 required=5 tests=[AWL=-1.861, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VH7KF+vc6MiK; Mon,  1 Aug 2011 09:51:09 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 35A5521F8ECC; Mon,  1 Aug 2011 09:51:09 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 5CE6A202B2; Mon,  1 Aug 2011 12:54:00 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 2A3E3422B; Mon,  1 Aug 2011 12:51:11 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf@ietf.org,secdir@ietf.org
Date: Mon, 01 Aug 2011 12:51:11 -0400
Message-ID: <tsl8vrd2hz4.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-ietf-msec-gdoi-update@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-msec-gdoi-update
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 16:51:09 -0000

This update to the GDOI specification significantly improves clarity and
readability.
However, there is one issue that I think should be addressed prior to
publication:


At the top of page 11, the spec claims that a seq payload protects
against group members responding to groupkey-pull messages sent prior to
joining the group.
I'm reasonably sure that should be groupkey-push messages; I believe the
nonce payloads provide replay protection for the pull exchange.

Actually, it's more complicated than that.  Section 3.3 also seems to
believe the sequence number is about pull exchanges. However it says
that  a GM should always expect the push message sequence number to be
reset to 1.
Why is that reasonable? If a group is ongoing, don't we want to tell new
members what the sequence number currently is rather than having them
assume it is 1? The push message is multicast, so we cannot maintain a
separate sequence number for each member.

I think either there is some sort of error with the description of the
replay mechanisms or it requires significantly more explanation.

From charliek@microsoft.com  Mon Aug  1 11:23:24 2011
Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7555521F8C1E; Mon,  1 Aug 2011 11:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level: 
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tMSIUwYO8DeM; Mon,  1 Aug 2011 11:23:23 -0700 (PDT)
Received: from smtp.microsoft.com (mail3.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id C793521F8C1D; Mon,  1 Aug 2011 11:23:23 -0700 (PDT)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (157.54.80.48) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 1 Aug 2011 11:23:30 -0700
Received: from TK5EX14MBXC110.redmond.corp.microsoft.com ([169.254.1.232]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.01.0323.007; Mon, 1 Aug 2011 11:23:29 -0700
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-dane-use-cases.all@tools.ietf.org" <draft-ietf-dane-use-cases.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-dane-use-cases-05
Thread-Index: AcxQbxWROXeC/GIUT5izxUdoB44tOQ==
Date: Mon, 1 Aug 2011 18:23:29 +0000
Message-ID: <D80EDFF2AD83E648BD1164257B9B091232B1F019@TK5EX14MBXC110.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [157.54.51.70]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] secdir review of draft-ietf-dane-use-cases-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 18:23:24 -0000

I have reviewed this document as part of the security directorate's ongoing=
 effort to review all IETF documents being processed by the IESG.=A0 These =
comments were written primarily for the benefit of the security area direct=
ors.=A0 Document editors and WG chairs should treat these comments just lik=
e any other last call comments.

DANE is the latest in a long series of attempts to use DNSSEC to securely d=
istribute the public keys corresponding to DNS names as an alternative/supp=
lement to the PKIX based PKI that has evolved to be both not very secure an=
d not very convenient. Using DNSSEC as an alternative/supplement is a great=
 idea, but it has failed many times in the past both for political reasons =
and because DNSSEC wasn't really there yet. This document is a requirements=
 document, which gives it license to leave out a few of the more controvers=
ial details of the design.

I am strongly supportive of this effort, and have no complaints with any of=
 the contents of this document. There are a few issues that I think could h=
ave been addressed more clearly, but presumably that will come in future do=
cuments.

DANE is primarily pitched in this document as a supplement to the existing =
PKIX based PKI, and also it is stated that the keys are only intended to be=
 used in the context of TLS (mostly for server authentication, but optional=
ly also for client authentication if the client is identified by a DNS name=
). This means that having DANE information posted in DNS could cause a conn=
ection that succeeded without DANE to fail, but it could not cause a connec=
tion that failed without DANE to succeed. In this context, it helps address=
 the security problems with the de facto Internet PKI, but not the convenie=
nce problems. It does permit, however, (in scenario #3) the DANE informatio=
n to replace the Internet PKI (in the sense of supporting TLS connections t=
o servers that don't have certificates from configured trust roots). It is =
left to endnode configuration to decide whether to trust such information, =
and the single biggest issue that will face people deploying DANE is whethe=
r to trust such information or not.

DANE will permit different kinds of information to be posted in DNS concern=
ing how to authenticate entities claiming to represent a particular DNS nam=
e. This document doesn't say whether one of them will be a raw public key. =
That would be the most straightforward thing to do, but also the most contr=
oversial. What it emphasizes is the ability to specify which CA or CAs are =
allowed to issue certificates for a particular DNS name. This would close t=
he biggest single security gap in the de facto Internet PKI - that any trus=
t root can generate bogus certificates for any DNS name, and many of the tr=
ust roots are under the control of dubious entities. The document was not c=
lear as to whether the CAs are identified by name or by public key, but ref=
erences to its certificate imply they will be identified by both.

Interesting details:

The document calls for being able to co-locate multiple servers on a single=
 physical host distinguished by different ports where different certificate=
s are required to authenticate the services on the different ports. I don't=
 know that PKIX supports that functionality, so this would be an extension.

The document does not mention co-locating multiple servers on a single phys=
ical host distinguished by different DNS names supplied in header fields, b=
ut that would fall out of any reasonable design.

The document calls for being able to work when the application service name=
 is the result of following a DNS redirection chain (e.g., via CNAME or DNA=
ME), but does not suggest a mechanism. There may be technical options with =
different security semantics... this will be an interesting area to watch.

There is a suggestion on page 8 (ref: "a downgrade attack") that DANE infor=
mation can be used to inform a client that a service is capable of acceptin=
g TLS connections and that a client might (based on that information) refus=
e to connect not over TLS, but no mention of this important feature elsewhe=
re in the document.

Typos:

P2: "ciertificate" -> "certificate"
P10: "Opportunistic Security" -> "Opportunistic Security:"


From tobias.gondrom@gondrom.org  Mon Aug  1 19:51:14 2011
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C705D11E8158 for <secdir@ietfa.amsl.com>; Mon,  1 Aug 2011 19:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.761
X-Spam-Level: 
X-Spam-Status: No, score=-94.761 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fspVXS8GsRfa for <secdir@ietfa.amsl.com>; Mon,  1 Aug 2011 19:51:02 -0700 (PDT)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by ietfa.amsl.com (Postfix) with ESMTP id 4EBD011E8156 for <secdir@ietf.org>; Mon,  1 Aug 2011 19:50:59 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1;  q=dns; c=nofws; s=default; d=gondrom.org; b=uieixYzsKwwSYum7uVEjGjEq6ESa+VliL0hR9JwVtMUuPn8pYGx9wNvB97NwTBQhWm4F2VzxHFDN8nTNaBLljV6toPs5ZuBrJULCeuXviloM4+LJcS6c/AVm2YeRO6t4; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type;
Received: (qmail 7641 invoked from network); 2 Aug 2011 04:50:45 +0200
Received: from ip-64-119-211-105.static.fibrenoire.ca (HELO ?172.16.52.23?) (64.119.211.105) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Aug 2011 04:50:44 +0200
Message-ID: <4E376603.8090009@gondrom.org>
Date: Tue, 02 Aug 2011 03:50:43 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110627 Thunderbird/5.0
MIME-Version: 1.0
To: ietf@ietf.org, secdir@ietf.org, iesg@ietf.org,  draft-doria-genart-experience.all@tools.ietf.org, gen-art@ietf.org
Content-Type: multipart/alternative; boundary="------------070603010908060305070700"
Subject: [secdir] Secdir review of draft-doria-genart-experience-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 02:51:15 -0000

This is a multi-part message in MIME format.
--------------070603010908060305070700
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is informational and covers the experiences of the General 
Area Review Team.
The Security Considerations of the draft are sufficient.

The following three comments:
1. minor editorial in section 4.3Form of Review
=> maybe replace the word "stole" with "derived" or any other word.
"Rather than invent new guidelines, the Gen-ART requirements for the 
form of a review stole liberally from" / "Rather than invent new 
guidelines, the Gen-ART requirements for the form of a review derived 
liberally from"

2. Section 12:
is it beneficial to list all current members of the Gen-ART per name in 
the draft?
- first are there any privacy issues with that?
- when adding or removing people from the team,the list in the I-D might 
become outdated and give false information on the current status. Would 
it be more appropriate/easier to update the draft to reference the 
current list of reviewers (e.g. on a tools web page) instead of listing 
them in the I-D?

3. Section 10 Security Considerations:  is ok so far.
On a personal comment/addition:
But maybe worth considering is that availability and integrity of sent 
reviews is also important:
I noticed that recently some emails to mail-aliases did not get 
delivered to the respective lists and therefore reviews and/or answers 
to reviews might not be received by the individuals on these lists.
Unfortunately this happens in some random fashion (for the same sender 
email and ietf tools aliases within a short time frame, some times it 
happens some times it doesn't), without a timely warning (but usually 
with a failure message 3-5 days after the email message has been 
posted). First investigations may suggest that this could be due to some 
spam filter or mail server configuration issues, however other reasons 
might also apply.
This can obviously impair the quality of the public review process if 
individual comments and reviews will not be delivered.

Kind regards, Tobias





--------------070603010908060305070700
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=ISO-8859-1">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Arial">I have reviewed this document as part of the
      security directorate's <br>
      ongoing effort to review all IETF documents being processed by the
      <br>
      IESG.&nbsp; These comments were written primarily for the benefit of
      the <br>
      security area directors.&nbsp; Document editors and WG chairs should
      treat <br>
      these comments just like any other last call comments.<br>
      <br>
      This document is informational and covers the experiences of the
      General Area Review Team. <br>
      The Security Considerations of the draft are sufficient. <br>
      <br>
      The following three comments: <br>
      1. minor editorial in section 4.3</font><font face="Arial"> Form
      of Review<br>
    </font><font face="Arial">=&gt; maybe replace the word "stole" with
      "derived" or any other word.<br>
      "Rather than invent new guidelines, the Gen-ART requirements for
      the form of a review stole liberally from" / </font><font
      face="Arial">"Rather than invent new guidelines, the Gen-ART
      requirements for the form of a review derived liberally from"<br>
    </font><br>
    <font face="Arial">2. Section 12: <br>
      is it beneficial to list all current members of the Gen-ART per
      name in the draft? <br>
      - first are there any privacy issues with that? <br>
      - when adding or removing people from the team,</font><font
      face="Arial"> the list in the I-D might become outdated and give
      false information on the current status. </font><font
      face="Arial"> Would it be more appropriate/easier to update the
      draft to reference the current list </font><font face="Arial"> </font><font
      face="Arial">of reviewers </font><font face="Arial">(e.g. on a
      tools web page) </font><font face="Arial">instead of listing them
      in the I-D? <br>
      <br>
      3. Section 10 Security Considerations:&nbsp; is ok so far. <br>
      On a personal comment/addition: <br>
      But maybe worth considering is that availability and integrity of
      sent reviews is also important: <br>
      I noticed that recently some emails to mail-aliases did not get
      delivered to the respective lists and therefore reviews and/or
      answers to reviews might not be received by the individuals on
      these lists. <br>
      Unfortunately this happens in some random fashion (for the same
      sender email and ietf tools aliases within a short time frame,
      some times it happens some times it doesn't), without a timely
      warning (but usually with a failure message 3-5 days after the
      email message has been posted). First investigations may suggest
      that this could be due to some spam filter or mail server
      configuration issues, however other reasons might also apply. <br>
      This can obviously impair the quality of the public review process
      if individual comments and reviews will not be delivered. <br>
      <br>
      Kind regards, Tobias<br>
      <br>
      <br>
      <br>
      <br>
    </font>
  </body>
</html>

--------------070603010908060305070700--

From meadows@itd.nrl.navy.mil  Mon Aug  1 13:57:49 2011
Return-Path: <meadows@itd.nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 158AB1F0C47; Mon,  1 Aug 2011 13:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZvPXGNQ5Zho; Mon,  1 Aug 2011 13:57:48 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id 4D4271F0C39; Mon,  1 Aug 2011 13:57:47 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id p71KvpYm012836; Mon, 1 Aug 2011 16:57:52 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id p71Kvo3R006886; Mon, 1 Aug 2011 16:57:50 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2011080116574930976 ; Mon, 01 Aug 2011 16:57:49 -0400
From: Catherine Meadows <meadows@itd.nrl.navy.mil>
Content-Type: multipart/alternative; boundary=Apple-Mail-12-1065674257
Date: Mon, 1 Aug 2011 17:07:19 -0400
Message-Id: <13293658-6CBF-44D9-8D85-4838FBCDF53C@itd.nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, draft-yevstifeyev-ion-report.all@tools.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Tue, 02 Aug 2011 07:31:53 -0700
Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
Subject: [secdir] secdir review of draft-yevstifeyev-ion-report-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 20:57:49 -0000

--Apple-Mail-12-1065674257
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

I have reviewed this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.
  This draft reports on the IETF Operational Notes Process (ION) process =
experiment,
which was intended to provide a repository for operational documents =
that were intended to stand
somewhere between RFC's and Internet Drafts by being less permanent than =
RFC's but easier to reference
than Internet Drafts.  This document describes the RFC's related to this =
experiment, and the IONs that were published.
It also formally notes the termination of the experiment, and the reason =
for its termination: namely that IESG statements and web pages
already fulfilled the purpose which IONs were designed for.  The =
document also gives a description of the subsequent history of the IONs, =
all except one of which
were re-published in another form.

This document does not have much to do with security, since it  merely =
records the history of the of an experimental method of publishing =
documents,
and the only issue was that an acceptable method of publishing the =
documents already existed.  However, I have a little problem with the =
statement in the security
considerations section that=20

IONs did not include protocol specifications and therefore
   terminating this series is not believed to have any impact on
   security of the Internet.

I can think of plenty of IETF documents that don't have include protocol =
specifications but do
have an impact on security, e.g. informational RFC's on best security =
practices.  I would recommend
that the authors instead say that since the it was determined that the =
information in IONs could be distributed by other means,
terminating this series should not have any impact on security.




Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil


--Apple-Mail-12-1065674257
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><pre =
class=3D"wiki"><div><span class=3D"Apple-style-span" style=3D"font-family:=
 Helvetica; white-space: normal; "><pre class=3D"wiki">I have reviewed =
this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.</pre><div>&nbsp; =
This draft reports on the IETF Operational Notes Process (ION) process =
experiment,</div><div>which was intended to provide a repository for =
operational documents that were intended to stand</div><div>somewhere =
between RFC's and Internet Drafts by being less permanent than RFC's but =
easier to reference</div><div>than Internet Drafts. &nbsp;This document =
describes the RFC's related to this experiment, and the IONs that were =
published.</div><div>It also formally notes the termination of the =
experiment, and the reason for its termination: namely that IESG =
statements and web pages</div><div>already fulfilled the purpose which =
IONs were designed for. &nbsp;The document also gives a description of =
the subsequent history of the IONs, all except one of =
which</div><div>were re-published in another =
form.</div><div><br></div><div>This document does not have much to do =
with security, since it &nbsp;merely records the history of the of an =
experimental method of publishing documents,</div><div>and the only =
issue was that an acceptable method of publishing the documents already =
existed. &nbsp;However, I have a little problem with the statement in =
the security</div><div>considerations section =
that&nbsp;</div><div><br></div><div><div>IONs did not include protocol =
specifications and therefore</div><div>&nbsp; &nbsp;terminating this =
series is not believed to have any impact on</div><div>&nbsp; =
&nbsp;security of the Internet.</div></div><div><br></div><div>I can =
think of plenty of IETF documents that don't have include protocol =
specifications but do</div><div>have an impact on security, e.g. =
informational RFC's on best security practices. &nbsp;I would =
recommend</div><div>that the authors instead say that since the it was =
determined that the information in IONs could be distributed by other =
means,</div><div>terminating this series should not have any impact on =
security.</div></span></div><br></pre><pre =
class=3D"wiki"><div><br></div><br><br></pre><div>
<div style=3D"font-size: 12px; ">Catherine Meadows<br>Naval Research =
Laboratory<br>Code 5543<br>4555 Overlook Ave., S.W.<br>Washington DC, =
20375<br>phone: 202-767-3490<br>fax: 202-404-7942<br>email:&nbsp;<a =
href=3D"mailto:catherine.meadows@nrl.navy.mil">catherine.meadows@nrl.navy.=
mil</a></div>
</div>
<br></body></html>=

--Apple-Mail-12-1065674257--

From meadows@itd.nrl.navy.mil  Mon Aug  1 14:12:01 2011
Return-Path: <meadows@itd.nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3241C21F8B81; Mon,  1 Aug 2011 14:12:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level: 
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8GGwtF4NtFH; Mon,  1 Aug 2011 14:11:59 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id 62FDF21F8B80; Mon,  1 Aug 2011 14:11:59 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id p71LC6tv014464; Mon, 1 Aug 2011 17:12:06 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id p71LC5jD007688; Mon, 1 Aug 2011 17:12:05 -0400 (EDT)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2011080117120430994 ; Mon, 01 Aug 2011 17:12:04 -0400
From: Catherine Meadows <meadows@itd.nrl.navy.mil>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary=Apple-Mail-13-1066529069
Date: Mon, 1 Aug 2011 17:21:34 -0400
References: <201108012057.p71KvxYm012838@fw5540.nrl.navy.mil>
To: draft-yevstifeyev-ion-report.all@tools.ietf.org, secdir@ietf.org, iesg@ietf.org
Message-Id: <379B79DC-4F5E-48CD-979A-AC6CE7C7BF9B@itd.nrl.navy.mil>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Tue, 02 Aug 2011 07:31:53 -0700
Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
Subject: [secdir] secdir review of draft-yevstifeyev-ion-report-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 21:12:01 -0000

--Apple-Mail-13-1066529069
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Resend of my previous message:  I mistyped the tools email address.

Cathy


I have reviewed this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.

  This draft reports on the IETF Operational Notes Process (ION) process =
experiment,
which was intended to provide a repository for operational documents =
that were intended to stand
somewhere between RFC's and Internet Drafts by being less permanent than =
RFC's but easier to reference
than Internet Drafts.  This document describes the RFC's related to this =
experiment, and the IONs that were published.
It also formally notes the termination of the experiment, and the reason =
for its termination: namely that IESG statements and web pages
already fulfilled the purpose which IONs were designed for.  The =
document also gives a description of the subsequent history of the IONs, =
all except one of which
were re-published in another form.

This document does not have much to do with security, since it  merely =
records the history of the of an experimental method of publishing =
documents,
and the only issue was that an acceptable method of publishing the =
documents already existed.  However, I have a little problem with the =
statement in the security
considerations section that=20

IONs did not include protocol specifications and therefore
   terminating this series is not believed to have any impact on
   security of the Internet.

I can think of plenty of IETF documents that don't have include protocol =
specifications but do
have an impact on security, e.g. informational RFC's on best security =
practices.  I would recommend
that the authors instead say that since the it was determined that the =
information in IONs could be distributed by other means,
terminating this series should not have any impact on security.




Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil





Begin forwarded message:

> From: Mail Delivery Subsystem <MAILER-DAEMON@fw5540.nrl.navy.mil>
> Date: August 1, 2011 4:57:59 PM EDT
> To: <meadows@itd.nrl.navy.mil>
> Subject: Returned mail: see transcript for details
>=20
> The original message was received at Mon, 1 Aug 2011 16:57:52 -0400 =
(EDT)
> from sun1.fw5540.net [10.0.0.11]
>=20
>   ----- The following addresses had permanent fatal errors -----
> <draft-yevstifeyev-ion-report.all@tools.org>
>    (reason: 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... =
User unknown)
>=20
>   ----- Transcript of session follows -----
> ... while talking to mail.medispecialty.com.:
>>>> RCPT To:<draft-yevstifeyev-ion-report.all@tools.org>
> <<< 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User =
unknown
> 550 5.1.1 <draft-yevstifeyev-ion-report.all@tools.org>... User unknown
> Reporting-MTA: dns; fw5540.nrl.navy.mil
> Received-From-MTA: DNS; sun1.fw5540.net
> Arrival-Date: Mon, 1 Aug 2011 16:57:52 -0400 (EDT)
>=20
> Final-Recipient: RFC822; draft-yevstifeyev-ion-report.all@tools.org
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; mail.medispecialty.com
> Diagnostic-Code: SMTP; 550 5.1.1 =
<draft-yevstifeyev-ion-report.all@tools.org>... User unknown
> Last-Attempt-Date: Mon, 1 Aug 2011 16:57:59 -0400 (EDT)
>=20
> From: Catherine Meadows <meadows@itd.nrl.navy.mil>
> Date: August 1, 2011 5:07:19 PM EDT
> To: iesg@ietf.org, secdir@ietf.org, =
draft-yevstifeyev-ion-report.all@tools.org
> Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
> Subject: secdir review of draft-yevstifeyev-ion-report-06
>=20
>=20


--Apple-Mail-13-1066529069
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Resend of my previous message: &nbsp;I mistyped the tools email =
address.<div><br></div><div>Cathy</div><div><br><br><div>I have reviewed =
this document as part of the security =
directorate's&nbsp;</div><div>ongoing effort to review all IETF =
documents being processed by the&nbsp;</div><div>IESG. &nbsp;These =
comments were written primarily for the benefit of =
the&nbsp;</div><div>security area directors. &nbsp;Document editors and =
WG chairs should treat&nbsp;</div><div>these comments just like any =
other last call comments.</div><br>&nbsp; This draft reports on the IETF =
Operational Notes Process (ION) process experiment,<br>which was =
intended to provide a repository for operational documents that were =
intended to stand<br>somewhere between RFC's and Internet Drafts by =
being less permanent than RFC's but easier to reference<br>than Internet =
Drafts. &nbsp;This document describes the RFC's related to this =
experiment, and the IONs that were published.<br>It also formally notes =
the termination of the experiment, and the reason for its termination: =
namely that IESG statements and web pages<br>already fulfilled the =
purpose which IONs were designed for. &nbsp;The document also gives a =
description of the subsequent history of the IONs, all except one of =
which<br>were re-published in another form.<br><br>This document does =
not have much to do with security, since it &nbsp;merely records the =
history of the of an experimental method of publishing documents,<br>and =
the only issue was that an acceptable method of publishing the documents =
already existed. &nbsp;However, I have a little problem with the =
statement in the security<br>considerations section =
that&nbsp;<br><br>IONs did not include protocol specifications and =
therefore<br>&nbsp; &nbsp;terminating this series is not believed to =
have any impact on<br>&nbsp; &nbsp;security of the Internet.<br><br>I =
can think of plenty of IETF documents that don't have include protocol =
specifications but do<br>have an impact on security, e.g. informational =
RFC's on best security practices. &nbsp;I would recommend<br>that the =
authors instead say that since the it was determined that the =
information in IONs could be distributed by other means,<br>terminating =
this series should not have any impact on =
security.<br><br><br><br><br>Catherine Meadows<br>Naval Research =
Laboratory<br>Code 5543<br>4555 Overlook Ave., S.W.<br>Washington DC, =
20375<br>phone: 202-767-3490<br>fax: 202-404-7942<br>email:&nbsp;<a =
href=3D"mailto:catherine.meadows@nrl.navy.mil">catherine.meadows@nrl.navy.=
mil</a><br><br><br><br><br><div><br><div>Begin forwarded =
message:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite"><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>From: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">Mail Delivery Subsystem =
&lt;MAILER-DAEMON@fw5540.nrl.navy.mil&gt;<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>Date: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;">August 1, 2011 =
4:57:59 PM EDT<br></span></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>To: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">&lt;meadows@itd.nrl.navy.mil&gt;<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>Subject: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;"><b>Returned mail: =
see transcript for details</b><br></span></div><br>The original message =
was received at Mon, 1 Aug 2011 16:57:52 -0400 (EDT)<br>from =
sun1.fw5540.net [10.0.0.11]<br><br> &nbsp;&nbsp;----- The following =
addresses had permanent fatal errors =
-----<br>&lt;draft-yevstifeyev-ion-report.all@tools.org&gt;<br> =
&nbsp;&nbsp;&nbsp;(reason: 550 5.1.1 =
&lt;draft-yevstifeyev-ion-report.all@tools.org&gt;... User =
unknown)<br><br> &nbsp;&nbsp;----- Transcript of session follows =
-----<br>... while talking to mail.medispecialty.com.:<br><blockquote =
type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">RCPT =
To:&lt;draft-yevstifeyev-ion-report.all@tools.org&gt;<br></blockquote></bl=
ockquote></blockquote>&lt;&lt;&lt; 550 5.1.1 =
&lt;draft-yevstifeyev-ion-report.all@tools.org&gt;... User =
unknown<br>550 5.1.1 =
&lt;draft-yevstifeyev-ion-report.all@tools.org&gt;... User =
unknown<br>Reporting-MTA: dns; fw5540.nrl.navy.mil<br>Received-From-MTA: =
DNS; sun1.fw5540.net<br>Arrival-Date: Mon, 1 Aug 2011 16:57:52 -0400 =
(EDT)<br><br>Final-Recipient: RFC822; =
draft-yevstifeyev-ion-report.all@tools.org<br>Action: failed<br>Status: =
5.1.1<br>Remote-MTA: DNS; mail.medispecialty.com<br>Diagnostic-Code: =
SMTP; 550 5.1.1 &lt;draft-yevstifeyev-ion-report.all@tools.org&gt;... =
User unknown<br>Last-Attempt-Date: Mon, 1 Aug 2011 16:57:59 -0400 =
(EDT)<br><br><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, =
127, 1.0);"><b>From: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">Catherine Meadows =
&lt;meadows@itd.nrl.navy.mil&gt;<br></span></div><div style=3D"margin-top:=
 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, =
127, 1.0);"><b>Date: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">August 1, 2011 5:07:19 PM EDT<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: =
</b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">iesg@ietf.org, secdir@ietf.org, =
draft-yevstifeyev-ion-report.all@tools.org<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Cc: =
</b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">Catherine Meadows =
&lt;meadows@itd.nrl.navy.mil&gt;<br></span></div><div style=3D"margin-top:=
 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, =
127, 1.0);"><b>Subject: </b></span><span style=3D"font-family:'Helvetica';=
 font-size:medium;"><b>secdir review of =
draft-yevstifeyev-ion-report-06</b><br></span></div><br><font =
class=3D"Apple-style-span" face=3D"monospace"><span =
class=3D"Apple-style-span" style=3D"white-space: =
pre;"><br></span></font></blockquote></div><br></div></body></html>=

--Apple-Mail-13-1066529069--

From jsalowey@cisco.com  Tue Aug  2 10:25:58 2011
Return-Path: <jsalowey@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94FB411E807F; Tue,  2 Aug 2011 10:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.099
X-Spam-Level: 
X-Spam-Status: No, score=-105.099 tagged_above=-999 required=5 tests=[AWL=-2.500, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUFAyJnOPcsJ; Tue,  2 Aug 2011 10:25:58 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id DDEFE11E807B; Tue,  2 Aug 2011 10:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jsalowey@cisco.com; l=830; q=dns/txt; s=iport; t=1312305968; x=1313515568; h=from:content-transfer-encoding:subject:date:message-id: to:mime-version; bh=/wuhDS+q0Pjfif7BxO55hh0Z4HycIMVcnxPOZ0KOOng=; b=HS8cCBLPWOCoRbrTS1+lRwVa2wZHsukD+jkW/8PGefocSc/DQR7WXqd6 8nFFAG7hwfp9WIVn2rXLD/jmZh7wj7aeH42GHBzxQon/nWiF+St+3Dd/O WVqOh4aipHv6Vl2uVZ9n2BemjR7/bhhuTChm3xKj4nVPdvSQznk6px++n 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvwEAGsyOE6rRDoJ/2dsb2JhbABCp2V3gVkBJ4F9ATSoaQGedIVjXwSHWoshhQeLfQ
X-IronPort-AV: E=Sophos;i="4.67,307,1309737600";  d="scan'208";a="8886544"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by rcdn-iport-5.cisco.com with ESMTP; 02 Aug 2011 17:26:07 +0000
Received: from [10.33.249.202] ([10.33.249.202]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p72HQ6uv030845; Tue, 2 Aug 2011 17:26:06 GMT
From: Joe Salowey <jsalowey@cisco.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Tue, 2 Aug 2011 10:26:02 -0700
Message-Id: <6B1C78CB-B687-45B1-BA74-1B02FDFCB86D@cisco.com>
To: secdir@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-mpls-lsp-ping-enhanced-dsmap.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [secdir] secdir review of draft-ietf-mpls-lsp-ping-enhanced-dsmap-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 17:25:58 -0000

I have reviewed this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.

This document describes modifications to LSP Ping to allow it to work =
with MPLS tunnels.  It is possible that in some cases a provider may not =
want to disclose information about tunnels.  The security considerations =
in the document describe mechanisms to keep this information private.   =
In addition the security considerations reference RFC 4379 which seems =
sufficient. =20

One nit: the first sentence in section 1 is missing a closing =
parenthesis.=20

Joe=

From ietfdbh@comcast.net  Wed Aug  3 13:45:28 2011
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D8B11E8096 for <secdir@ietfa.amsl.com>; Wed,  3 Aug 2011 13:45:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZ3yq6ud+RsD for <secdir@ietfa.amsl.com>; Wed,  3 Aug 2011 13:45:27 -0700 (PDT)
Received: from qmta11.emeryville.ca.mail.comcast.net (qmta11.emeryville.ca.mail.comcast.net [76.96.27.211]) by ietfa.amsl.com (Postfix) with ESMTP id DF48711E8090 for <secdir@ietf.org>; Wed,  3 Aug 2011 13:45:26 -0700 (PDT)
Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92]) by qmta11.emeryville.ca.mail.comcast.net with comcast id FwkH1h0071zF43QABwlcRA; Wed, 03 Aug 2011 20:45:36 +0000
Received: from davidPC ([67.189.235.106]) by omta24.emeryville.ca.mail.comcast.net with comcast id FwkW1h00Y2JQnJT8kwkXwY; Wed, 03 Aug 2011 20:44:35 +0000
From: "David Harrington" <ietfdbh@comcast.net>
To: <carlberg@g11.org.uk>, "'Stephen Hanna'" <shanna@juniper.net>
References: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net><AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net> <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
In-Reply-To: <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
Date: Wed, 3 Aug 2011 16:45:24 -0400
Message-ID: <72EB8D918E1340B78140B407CFDF8BAE@davidPC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MIMEOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
Thread-index: AcxLhz1rdtZ6yE5iS46ImQV7TaxW6gGgZf0Q
Cc: lionel.morand@orange-ftgroup.com, draft-ietf-dime-priority-avps.all@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-dime-priority-avps-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 20:45:28 -0000

Hi,

Documents containing MIB modules must include a discussion of the
sensitivity of the tables/objects in the MIB module. This includes the
possible impact to the managed technologies that could be caused by an
unauthorized or misguided change to a configuration, for example.
Certainly the potential impact of using MIB objects to change the
relative priority of a managed technology's sessions would need to be
included in the read-write security considerations of the MIB module.
See https://svn.tools.ietf.org/area/ops/trac/wiki/mib-security

Using AVPs in Diameter to affect a similar change to the relative
priority of a managed technology's sessions warrants a similar
consideration of the sensitivity of the specific AVPs.   

David Harrington
Director, IETF Transport Area
Member of SECDIR, OPSDIR, and MIB Doctors directorates
ietfdbh@comcast.net (preferred for ietf)
dbharrington@huaweisymantec.com
+1 603 828 1401 (cell)

> -----Original Message-----
> From: secdir-bounces@ietf.org 
> [mailto:secdir-bounces@ietf.org] On Behalf Of carlberg@g11.org.uk
> Sent: Tuesday, July 26, 2011 7:24 AM
> To: Stephen Hanna
> Cc: lionel.morand@orange-ftgroup.com; 
> draft-ietf-dime-priority-avps.all@tools.ietf.org; 
> ietf@ietf.org; secdir@ietf.org
> Subject: Re: [secdir] secdir review of 
> draft-ietf-dime-priority-avps-04
> 
> Steve,
> 
> 
> Quoting Stephen Hanna <shanna@juniper.net>:
> 
> > Thanks for your response, Ken.
> >
> > Removing the last sentence that you quoted would make things
worse.
> > Readers of this draft should definitely familiarize themselves
with
> > the security considerations related to priority. We should make
that
> > easier, not harder. The fact that those considerations also apply
to
> > other RFCs does not remove the fact that they apply to this 
> one also.
> 
> but those considerations do not directly apply to DIAMETER.
> 
> > You cannot publish a document whose security considerations
section
> > says (as this one effectively does today), "There are lots 
> of security
> > considerations related to this document. To understand them,
please
> > dig through all the referenced documents and figure it out 
> yourself."
> > Doing that digging and analysis is the job of the document
editors.
> 
> agreed, speaking in the general sense.  But again, the security  
> considerations of these other protocols do not apply to the 
> operation  
> of Diameter.
> 
> > In order to ease the burden on you, I think a reasonable
compromise
> > would be for YOU to review the documents referenced and decide
which
> > have the most relevant security considerations. Then you could
list
> > those explicitly in the last paragraph of the Security 
> Considerations.
> 
> I'm concerned about the implications of your recommendation.  If we

> extend this position to other work in the IETF, then efforts like  
> defining MIBs would mean that each MIB draft would need to perform a

> security considerations analysis of each protocol that an objects  
> refers to in the context of SNMP.  And one can extend the argument  
> that each protocol operating on top of TCP (and/or UDP) and IP would

> need to perform an analysis on how TCP/UDP and IP may affect 
> the upper  
> layer protocol.  We don't do that today.
> 
> cheers,
> 
> -ken
> 
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> 


From bew@cisco.com  Wed Aug  3 17:33:19 2011
Return-Path: <bew@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D87211E80AD for <secdir@ietfa.amsl.com>; Wed,  3 Aug 2011 17:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level: 
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NVIPwxpuXBw for <secdir@ietfa.amsl.com>; Wed,  3 Aug 2011 17:33:18 -0700 (PDT)
Received: from nm14-vm0.access.bullet.mail.sp2.yahoo.com (nm14-vm0.access.bullet.mail.sp2.yahoo.com [98.139.44.162]) by ietfa.amsl.com (Postfix) with SMTP id B136121F8A1A for <secdir@ietf.org>; Wed,  3 Aug 2011 17:33:18 -0700 (PDT)
Received: from [98.139.44.98] by nm14.access.bullet.mail.sp2.yahoo.com with NNFMP; 04 Aug 2011 00:33:31 -0000
Received: from [98.139.44.89] by tm3.access.bullet.mail.sp2.yahoo.com with NNFMP; 04 Aug 2011 00:33:31 -0000
Received: from [127.0.0.1] by omp1026.access.mail.sp2.yahoo.com with NNFMP; 04 Aug 2011 00:33:31 -0000
X-Yahoo-Newman-Id: 856812.12373.bm@omp1026.access.mail.sp2.yahoo.com
Received: (qmail 66807 invoked from network); 4 Aug 2011 00:33:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1312418011; bh=GO+MhJKahbyAlZaMN6o650wDPcm8Hxt7fWE34ftbTvU=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer; b=GzD49y8CA//jhUxDfxBjaxuKahbVIMQohep/89w6G7OXEgygR69zkMQItn4lf6gEY6tntbLNJsudPprY/WOVMs42KbMT0VT9hJYeWqF/37k9JFM9dQq5n81KWIHJ6lzx7qCBkYj7i+VxZw8vjgchwViHX2hITVRnotIVXAoYl9E=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: uPaRxfIVM1kn_E6BO_MeaKKbxbVIIvaKDXCh3BAkR3eVE7K a82unTc2oaj5eR6Va01SF.eshziem6PXt0p0mO6DLVZxiE7z1hrgfHWl6TR8 mvSU8YVCS1awmZn0S2CWxV3UiSKD8rejx.8SoAL6DoLsMvgSh2t.L0R59ePQ vdMjbUC7aVa4t7bFgOSxzNOLwk2Zha_yqSvTNdKMRB7c4lLVA4hZ81X6ISNu G3efVCiq64sY_4Xxu36sQufVm13jR1bbYRO7IRGVduVsDq3TSLHneTjFFdVx BEbcSCEGP1RLLucTGUZg2IDWJ7BPKAhOKoHv5y0uXck6q2a9iu0309itIFo6 5PljGxjOE9XWYIvdHHHpIjvi3PYT7bjlaSFwQP0GfDmyWz_z2oTnr5I378g0 59EuhWrc.3PVAHDXgYj3qxDAoK8mE33w93U0US9psQNL_
X-Yahoo-SMTP: 32nDaXmswBB_JniSOQ0NY72Nq.3.ushdrbBADol90kQ-
Received: from stealth-10-32-244-210.cisco.com (bew@70.239.230.164 with plain) by smtp107.sbc.mail.gq1.yahoo.com with SMTP; 03 Aug 2011 17:33:31 -0700 PDT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Brian Weis <bew@cisco.com>
In-Reply-To: <tsl8vrd2hz4.fsf@mit.edu>
Date: Wed, 3 Aug 2011 17:33:30 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B61042D-0BB4-42EA-970B-DDA36A659DA9@cisco.com>
References: <tsl8vrd2hz4.fsf@mit.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>
X-Mailer: Apple Mail (2.1084)
Cc: draft-ietf-msec-gdoi-update@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-msec-gdoi-update
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2011 00:33:19 -0000

Hi Sam,

Thanks for your review.

Your first comment is pointing out a typo (groupkey-pull should be =
groupkey-push), which I've fixed.

The anti-replay description in Section 3.3 should not say that the push =
message sequence number will be reset to 1. Text earlier in this section =
says that the SEQ payload carries the next expected sequence number, and =
so when the KEK is installed that is the number that should be =
installed. I've adjusted the text to say this: "If this group has a KEK, =
the KEK policy and keys are marked as ready for use and the GM knows to =
expect a sequence number not less than the one distributed in the SEQ =
payload." Let me know if that change sufficiently clears up the =
confusion.

Thanks,
Brian

On Aug 1, 2011, at 9:51 AM, Sam Hartman wrote:

>=20
> This update to the GDOI specification significantly improves clarity =
and
> readability.
> However, there is one issue that I think should be addressed prior to
> publication:
>=20
>=20
> At the top of page 11, the spec claims that a seq payload protects
> against group members responding to groupkey-pull messages sent prior =
to
> joining the group.
> I'm reasonably sure that should be groupkey-push messages; I believe =
the
> nonce payloads provide replay protection for the pull exchange.
>=20
> Actually, it's more complicated than that.  Section 3.3 also seems to
> believe the sequence number is about pull exchanges. However it says
> that  a GM should always expect the push message sequence number to be
> reset to 1.
> Why is that reasonable? If a group is ongoing, don't we want to tell =
new
> members what the sequence number currently is rather than having them
> assume it is 1? The push message is multicast, so we cannot maintain a
> separate sequence number for each member.
>=20
> I think either there is some sort of error with the description of the
> replay mechanisms or it requires significantly more explanation.
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview


--=20
Brian Weis
Security Standards and Technology, SRTG, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com






From hartmans@mit.edu  Thu Aug  4 06:25:19 2011
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AAC121F8A1A; Thu,  4 Aug 2011 06:25:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.985
X-Spam-Level: 
X-Spam-Status: No, score=-103.985 tagged_above=-999 required=5 tests=[AWL=-1.720, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id po6YCBo4zDpF; Thu,  4 Aug 2011 06:25:19 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id F1AFA21F89C2; Thu,  4 Aug 2011 06:25:18 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 19301201C7; Thu,  4 Aug 2011 09:28:14 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 461134234; Thu,  4 Aug 2011 09:25:22 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Brian Weis <bew@cisco.com>
References: <tsl8vrd2hz4.fsf@mit.edu> <8B61042D-0BB4-42EA-970B-DDA36A659DA9@cisco.com>
Date: Thu, 04 Aug 2011 09:25:22 -0400
In-Reply-To: <8B61042D-0BB4-42EA-970B-DDA36A659DA9@cisco.com> (Brian Weis's message of "Wed, 3 Aug 2011 17:33:30 -0700")
Message-ID: <tsld3glux4t.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-ietf-msec-gdoi-update@tools.ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-msec-gdoi-update
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2011 13:25:19 -0000

>>>>> "Brian" == Brian Weis <bew@cisco.com> writes:

    Brian> Hi Sam, Thanks for your review.

    Brian> Your first comment is pointing out a typo (groupkey-pull
    Brian> should be groupkey-push), which I've fixed.

    Brian> The anti-replay description in Section 3.3 should not say
    Brian> that the push message sequence number will be reset to
    Brian> 1. Text earlier in this section says that the SEQ payload
    Brian> carries the next expected sequence number, and so when the
    Brian> KEK is installed that is the number that should be
    Brian> installed. I've adjusted the text to say this: "If this group
    Brian> has a KEK, the KEK policy and keys are marked as ready for
    Brian> use and the GM knows to expect a sequence number not less
    Brian> than the one distributed in the SEQ payload." Let me know if
    Brian> that change sufficiently clears up the confusion.

Yes, all looks good.
The typo plus the text in 3e.3 caused me to wonder whether something
more complex than I had anticipated was going on with replay.
The new text is quite clear.

From nitinb@juniper.net  Tue Aug  2 10:43:40 2011
Return-Path: <nitinb@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F83311E80AC; Tue,  2 Aug 2011 10:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b+H8hBHkwU71; Tue,  2 Aug 2011 10:43:39 -0700 (PDT)
Received: from exprod7og120.obsmtp.com (exprod7og120.obsmtp.com [64.18.2.18]) by ietfa.amsl.com (Postfix) with ESMTP id 5D77811E807F; Tue,  2 Aug 2011 10:43:35 -0700 (PDT)
Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob120.postini.com ([64.18.6.12]) with SMTP ID DSNKTjg3TwakdAT6qWBFxpwv0sxuc8oxbgWq@postini.com; Tue, 02 Aug 2011 10:43:49 PDT
Received: from EMBX02-HQ.jnpr.net ([fe80::18fe:d666:b43e:f97e]) by P-EMHUB03-HQ.jnpr.net ([::1]) with mapi; Tue, 2 Aug 2011 10:42:39 -0700
From: Nitin Bahadur <nitinb@juniper.net>
To: Joe Salowey <jsalowey@cisco.com>, "secdir@ietf.org" <secdir@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-mpls-lsp-ping-enhanced-dsmap.all@tools.ietf.org" <draft-ietf-mpls-lsp-ping-enhanced-dsmap.all@tools.ietf.org>
Date: Tue, 2 Aug 2011 10:42:37 -0700
Thread-Topic: secdir review of draft-ietf-mpls-lsp-ping-enhanced-dsmap-10
Thread-Index: AcxROUtATAhp5ZDQQ3KcFelWnqIRjQAAkYTr
Message-ID: <CA5D851D.1F892%nitinb@juniper.net>
In-Reply-To: <6B1C78CB-B687-45B1-BA74-1B02FDFCB86D@cisco.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Thu, 04 Aug 2011 08:03:41 -0700
Subject: Re: [secdir] secdir review of draft-ietf-mpls-lsp-ping-enhanced-dsmap-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 17:43:40 -0000

Thanks Joe for your review. I will address the nit.

Nitin


On 8/2/11 10:26 AM, "Joe Salowey" <jsalowey@cisco.com> wrote:

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes modifications to LSP Ping to allow it to work with =
MPLS tunnels.  It is possible that in some cases a provider may not want to=
 disclose information about tunnels.  The security considerations in the do=
cument describe mechanisms to keep this information private.   In addition =
the security considerations reference RFC 4379 which seems sufficient.

One nit: the first sentence in section 1 is missing a closing parenthesis.

Joe


From new-work-bounces@ietf.org  Wed Aug  3 09:17:51 2011
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA07C21F873D; Wed,  3 Aug 2011 09:17:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1312388271; bh=UtGtFUDoXUwN5V7mSc6/vQGk3ditmAtt65QkAoLCbsA=; h=From:Date:To:Message-Id:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=KiUnMV6DqgsqpEPnmFQNqpak6lAaTVQOXJYwLT7g+0fWuJZc2t2h+pdnHhqvKQG03 qi8Q+TRbNbzNawWdMDH9zlC1axzUo8/oWjBiJ7XXXE0qKxnkUzwF0iUpjTOk4ECRFF 8QhRxvGrrzSIIlYgJj6TjqZ+uCfZaqDMunDZm9xs=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67CC021F873D for <new-work@ietfa.amsl.com>; Wed,  3 Aug 2011 09:17:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.189
X-Spam-Level: 
X-Spam-Status: No, score=-10.189 tagged_above=-999 required=5 tests=[AWL=0.410, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cwA+JYP5dHeI for <new-work@ietfa.amsl.com>; Wed,  3 Aug 2011 09:17:50 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id E38FC21F86B6 for <new-work@ietf.org>; Wed,  3 Aug 2011 09:17:49 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by jay.w3.org with esmtp (Exim 4.69) (envelope-from <IJ@w3.org>) id 1Qoe8v-0002Y4-ER; Wed, 03 Aug 2011 12:18:01 -0400
From: Ian Jacobs <IJ@w3.org>
Date: Wed, 3 Aug 2011 11:18:01 -0500
To: new-work@ietf.org
Message-Id: <EFA444BB-C3C0-4B85-B417-84553D8FFE2F@w3.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Thu, 04 Aug 2011 08:03:41 -0700
Subject: [secdir] [new-work] Proposed W3C Charter: Model-Based UI Working Group	(until 2011-08-31)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 16:17:52 -0000

Hello,

Today W3C Advisory Committee Representatives received a Proposal to revise the Ubiquitous Web Applications Activity [0] (see the W3C Process Document description of Activity Proposals [1]). This proposal includes a draft charter for the Model-Based UI Working Group: 
  http://www.w3.org/2011/01/mbui-wg-charter

As part of ensuring that the community is aware of proposed work at W3C, this draft charter is public during the Advisory Committee review period.

W3C invites public comments through 2011-08-31 on the proposed charter. Please send comments to public-new-work@w3.org, which has a public archive:
  http://lists.w3.org/Archives/Public/public-new-work/

Other than comments sent in formal responses by W3C Advisory Committee Representatives, W3C cannot guarantee a response to comments. If you work for a W3C Member [2], please coordinate your comments with your Advisory Committee Representative. For example, you may wish to make public comments via this list and have your Advisory Committee Representative refer to it from his or her formal review comments.

If you should have any questions or need further information, please contact Dave Raggett, Team Contact <dsr@w3.org>.

Thank you,

Ian Jacobs, Head of W3C Communications

[0] http://www.w3.org/2007/uwa/Activity.html
[1]
http://www.w3.org/2005/10/Process-20051014/activities#ActivityCreation
[2] http://www.w3.org/Consortium/Member/List



--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work

From weiler@watson.org  Fri Aug  5 07:45:25 2011
Return-Path: <weiler@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B4421F8C06 for <secdir@ietfa.amsl.com>; Fri,  5 Aug 2011 07:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level: 
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050,  BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3cz5XRIMHGJ for <secdir@ietfa.amsl.com>; Fri,  5 Aug 2011 07:45:25 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id 2EE2F21F8B8D for <secdir@ietf.org>; Fri,  5 Aug 2011 07:45:25 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id p75EjgQH003922 for <secdir@ietf.org>; Fri, 5 Aug 2011 10:45:42 -0400 (EDT) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id p75EjfxQ003918 for <secdir@ietf.org>; Fri, 5 Aug 2011 10:45:42 -0400 (EDT) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Fri, 5 Aug 2011 10:45:41 -0400 (EDT)
From: Samuel Weiler <weiler@watson.org>
To: secdir@ietf.org
Message-ID: <alpine.BSF.2.00.1108051043170.68899@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Fri, 05 Aug 2011 10:45:42 -0400 (EDT)
Subject: [secdir] assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 14:45:25 -0000

One new assignment (to Russ Mundy), and one doc added to the telehcat 
agenda (assigned to J. Hutz).  Otherwise, things are pretty much 
unchanged from Monday.

Review instructions and related resources are at:
         http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

Sandy Murphy is next in the rotation.

For telechat 2011-08-11

Reviewer                 LC end     Draft
Derek Atkins           T 2011-07-04 draft-ietf-roll-of0-15
Rob Austein            T 2011-07-18 draft-shiomoto-ccamp-switch-programming-05
Alan DeKok             T 2011-07-11 draft-ietf-mpls-mldp-recurs-fec-04
Love Hornquist-Astrand T 2011-07-15 draft-ietf-softwire-dslite-radius-ext-04
Jeffrey Hutzelman      T 2011-07-22 draft-ietf-p2psip-base-18
Stephen Kent           TR2011-08-01 draft-ietf-tsvwg-rsvp-security-groupkeying-10
Matt Lepinski          TR2011-07-13 draft-burgin-ipsec-suiteb-profile-01
Carl Wallace           T 2011-07-21 draft-forte-lost-extensions-07
Sam Weiler             T 2011-07-20 draft-gutmann-cms-hmac-enc-05


For telechat 2011-08-25

Reviewer                 LC end     Draft
Chris Lonvick          T 2011-08-12 draft-ietf-pim-hello-intid-01
Russ Mundy             T 2011-08-15 draft-ietf-v6ops-3gpp-eps-03
Ondrej Sury            T 2011-06-30 draft-ietf-sidr-rescerts-provisioning-10

Last calls and special requests:

Reviewer                 LC end     Draft
Scott Kelly              2011-08-22 draft-dijkstra-urn-ogf-06
Stephen Kent             2011-08-15 draft-ietf-karp-threats-reqs-03
Tero Kivinen             2011-08-26 draft-gundavelli-v6ops-pmipv6-address-reservations-00
Warren Kumari            2011-08-12 draft-ietf-krb-wg-clear-text-cred-01
Julien Laganier          2011-08-12 draft-ietf-lisp-lig-03
Barry Leiba              2011-08-12 draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
Matt Lepinski            2011-08-16 draft-ietf-ospf-auth-trailer-ospfv3-05
David McGrew             2011-08-24 draft-kivinen-ipsecme-secure-password-framework-01
Catherine Meadows       R2011-04-13 draft-ietf-speechsc-mrcpv2-25
Kathleen Moriarty        -          draft-ietf-hybi-thewebsocketprotocol-10
Russ Mundy               2011-06-30 draft-ietf-karp-design-guide-03
Tim Polk                 2011-05-11 draft-ietf-vrrp-unified-mib-09
Tina TSOU                2011-04-23 draft-shin-augmented-pake-08
Glen Zorn                2011-06-28 draft-li-pwe3-ms-pw-pon-04


From carl@redhoundsoftware.com  Fri Aug  5 13:28:22 2011
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E2F611E80BB; Fri,  5 Aug 2011 13:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWacSnKZN3nI; Fri,  5 Aug 2011 13:28:21 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 00C4111E80B2; Fri,  5 Aug 2011 13:28:20 -0700 (PDT)
Received: by yxp4 with SMTP id 4so2293529yxp.31 for <multiple recipients>; Fri, 05 Aug 2011 13:28:39 -0700 (PDT)
Received: by 10.90.241.5 with SMTP id o5mr9935agh.187.1312576119129; Fri, 05 Aug 2011 13:28:39 -0700 (PDT)
Received: from [192.168.1.42] (cpe-67-242-104-93.stny.res.rr.com [67.242.104.93]) by mx.google.com with ESMTPS id s13sm2420778anm.6.2011.08.05.13.28.37 (version=SSLv3 cipher=OTHER); Fri, 05 Aug 2011 13:28:38 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.12.0.110505
Date: Fri, 05 Aug 2011 16:28:33 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Message-ID: <CA619C69.83D2%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-forte-lost-extensions-06.txt
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: draft-forte-lost-extensions.all@tools.ietf.org
Subject: [secdir] secdir review of draft-forte-lost-extensions-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 20:28:22 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This draft defines extensions to the LoST protocol defined in RFC 5222.
Where RFC 5222 focuses on emergency services.  This draft addresses usage
of the protocol for non-emergency services.  The draft adds three new
types of <findService> queries: N nearest, within distance X and servedBy.
 The security considerations section is very brief and primarily addresses
potential problems with a LOST server that provides emergency and
non-emergency service support being over loaded by non-emergency requests.
 A few additional concerns that may warrant mention in the document are
below.

Privacy is not mentioned in this draft at all.  RFC 5222 mentions using
HTTP over TLS.  Queries for some types of non-emergency services may raise
privacy concerns not associated with seeking emergency services.
Similarly, the draft does not mention integrity.  The lack of privacy or
integrity for responses residing in a cache may be worth mentioning as
well. 

The draft does not discuss error handling at all.  Some types of errors
associated with the extensions do not seem to fit into the errors
described in RFC 5222.  For example, could a server return an error when a
requested area was too large for a query?  Is the server allowed to place
its own limits less than a client requests?  These concerns may not arise
in 
the 5222 context, where non-overlapping service regions are a mitigation.

Given the commercial focus of the draft, the potential for stale
information to be returned by a server seems high and probably worth a
mention.  For example, a pizza service may have closed.

Services are identified by URN.  RFC 5222 uses URNs defined in RFC 5031,
which does not apply here.  Who manages the URNs for this draft?  It's
worth noting the examples within this draft use different URNs to
reference the important pizza service.

A few nits, on page 11 correct "consinstent".  Also the next to last
paragraph on page 11 is a little difficult to parse.  



From kivinen@iki.fi  Sun Aug  7 12:41:40 2011
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB94C21F87C9; Sun,  7 Aug 2011 12:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gh1Q7Hhjhkl; Sun,  7 Aug 2011 12:41:40 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1898C21F8752; Sun,  7 Aug 2011 12:41:39 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id p77JfsXU012836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Aug 2011 22:41:54 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id p77Jfr0B018012; Sun, 7 Aug 2011 22:41:53 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20030.60033.707219.106399@fireball.kivinen.iki.fi>
Date: Sun, 7 Aug 2011 22:41:53 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 6 min
X-Total-Time: 5 min
Cc: draft-gundavelli-v6ops-pmipv6-address-reservations.all@tools.ietf.org
Subject: [secdir] Review of draft-gundavelli-v6ops-pmipv6-address-reservations-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2011 19:41:41 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document does two IANA allocations, one for the reserved IPv6
interface identifier for Proxy Mobile IPv6 and another for the
reserved IANA Ethernet unicast address for the Proxy Mobile IPv6. The
security considerations section points to the Proxy Mobile IPv6 RFC
(RFC5213) and Reserved IPv6 Interface Identifiers RFC (RFC 5453)
saying there is no additional security considerations known at this
point of time beyond them.

Only thing that seems bit odd, that there is no obvious point where
the allocated reserved IANA values would be inserted, so I do not know
whether the final values will be put to the RFC or whether users of
them need to go to the IANA registries to find the values. If users
are required to find the values from the IANA registries, adding
direct pointer to the registry might be useful. 
-- 
kivinen@iki.fi

From kivinen@iki.fi  Mon Aug  8 00:24:43 2011
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2472C21F8749; Mon,  8 Aug 2011 00:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odupWkNbpQB1; Mon,  8 Aug 2011 00:24:42 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5354321F8747; Mon,  8 Aug 2011 00:24:41 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id p787OvGn026559 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Aug 2011 10:24:57 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id p787Ouju029088; Mon, 8 Aug 2011 10:24:56 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20031.36679.939388.184818@fireball.kivinen.iki.fi>
Date: Mon, 8 Aug 2011 10:24:55 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Sri Gundavelli <sgundave@cisco.com>
In-Reply-To: <CA648D6A.23B39%sgundave@cisco.com>
References: <20030.60033.707219.106399@fireball.kivinen.iki.fi> <CA648D6A.23B39%sgundave@cisco.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 2 min
X-Total-Time: 1 min
Cc: draft-gundavelli-v6ops-pmipv6-address-reservations.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-gundavelli-v6ops-pmipv6-address-reservations-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 07:24:43 -0000

Sri Gundavelli writes:
> Thanks for your review. This document upon getting published should stand as
> the reference for the assigned/reserved values. The below IANA section
> should reflect the assigned/reserved values. It also identifies the
> registries from which the value will be assigned.

I would have assume those actions items to have disappear from the
final document after they been done. 

> Probably, the main section of the document can also reflect the assigned
> value. It currently says, the values will be assigned, but the following
> rewording should make it more clear.
> 
> ----
> OLD:
> This specification reserves an IPv6 interface identifier for Proxy Mobile
> IPv6 [RFC5213]. 
> 
> NEW:
> This specification reserves the IPv6 interface identifier, <IANA-1>, for the
> use of Proxy Mobile IPv6 [RFC5213].
> ---
> OLD:
> Furthermore, this specification also reserves a IANA Ethernet unicast
> address for Proxy Mobile IPv6 use.
> 
> NEW:
> Furthermore, this specification also reserves the Ethernet unicast address,
> IANA-2, for the use of Proxy Mobile IPv6.
> ----
> 
> Does this help ?

Yes.
-- 
kivinen@iki.fi

From mlepinski@bbn.com  Mon Aug  8 06:33:08 2011
Return-Path: <mlepinski@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A49E221F8A69 for <secdir@ietfa.amsl.com>; Mon,  8 Aug 2011 06:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FiIzY+NkVPnr for <secdir@ietfa.amsl.com>; Mon,  8 Aug 2011 06:33:08 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 0B1FB21F86AB for <secdir@ietf.org>; Mon,  8 Aug 2011 06:33:07 -0700 (PDT)
Received: from [128.89.254.201] (port=4693) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.74 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1QqPxV-000LSR-J8 for secdir@ietf.org; Mon, 08 Aug 2011 09:33:33 -0400
Message-ID: <4E3FE5C8.10107@bbn.com>
Date: Mon, 08 Aug 2011 09:34:00 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: secdir@ietf.org
References: <4E209E78.9040804@bbn.com>
In-Reply-To: <4E209E78.9040804@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [secdir] Secdir review of draft-burgin-ipsec-suiteb-profile
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 13:33:08 -0000

I just read the -01 version of this draft, and the changes have 
addressed the comments I made in the review of the -00 version.

- Matt Lepinski

On 7/15/2011 4:09 PM, Matt Lepinski wrote:
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This informational document defines a profile of behavior that IPsec 
> implementations must adhere in order to be Suite B compliant. The 
> authors claim that this profile does not introduce any new security 
> concerns that are not already covered in existing RFCs on IPsec, IKE, 
> and their use with ECDSA (i.e., RFCs 4303, 4754, 5759, 5996). After 
> reviewing this document, I would agree with this assessment.
>
> ---------------------
>
> The following are specific comments based on my review of the document:
>
> In Section 3, there is a table that includes the heading "IANA 
> assigned DH group #", which is a bit unclear. I would recommend 
> inserting text below the table that indicates the specific IANA 
> registry to which the table refers. In this case, it is the IANA 
> registry of IKEv2 Diffie-Hellman Group Transform IDs (Transform Type 
> 4) ... see http://www.iana.org/assignments/ikev2-parameters
>
> In the second paragraph of Section 5, in the context of 
> implementations that are configured with a minimum level of security 
> of 128 bits, the draft has the following text: "Suite-B-GCM-128 and 
> Suite-B-GMAC-128, if offered, must appear in the IKEv2 and IPsec SA 
> payloads before any offerings of Suite-B-GCM-256 and 
> Suite-B-GMAC-256". This appears to be the only lower-case "must" in 
> the document, and lower-case "must" in this type of specification can 
> be confusing to implementers. There seems to be no security or 
> interoperability reason why one would place the 128 suites first. 
> Indeed, the reason for this requirement seems to be to prevent systems 
> with a minimum security level of 128 bits from agreeing on a 256 suite 
> (which I would suppose is for efficiency reasons???). Therefore, I 
> would suggest that the authors replace the lower-case "must" with a 
> capital "SHOULD". Alternatively, if the authors believe that the use 
> of normative language here is inappropriate, then I would recommend 
> rephrasing the sentence so as to avoid the use of the word "must".
>
> Since Suite B compliant IPsec implementations use Elliptic Curve 
> Diffe-Hellman for key exchange within IKE, the authors should consider 
> adding a reference to RFC 5903.
>
> The IANA considerations section is currently listed as "TBD". I would 
> recommend the authors include a sentence indicating that this document 
> makes no requests of IANA (or else remove the section completely).
>
>
>
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
>


From sgundave@cisco.com  Sun Aug  7 18:43:31 2011
Return-Path: <sgundave@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0128B21F87FA; Sun,  7 Aug 2011 18:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.069
X-Spam-Level: 
X-Spam-Status: No, score=-3.069 tagged_above=-999 required=5 tests=[AWL=-0.470, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OPAxzgjoPF7r; Sun,  7 Aug 2011 18:43:30 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 5519A21F87F0; Sun,  7 Aug 2011 18:43:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=sgundave@cisco.com; l=3186; q=dns/txt; s=iport; t=1312767835; x=1313977435; h=date:subject:from:to:cc:message-id:in-reply-to: mime-version:content-transfer-encoding; bh=mhsRD6htGvGaJ8QMZP1mhT8PadmV7k0qmUtxgPxK+Gc=; b=lFAnHBVEZ5ffcJMQUamtv5lPEY7xXEfmBAMfyEDFhsXLwjeRLE59ByTf EAw0bAVcwVbLxJYARg0/CLN3AxU/72Xqk2+UzbhPA8uPl840eqZfNywAk 5c0wYXMdL/IxrrOpkK/VzZmHkDNBIkkjdLR33kyBu1egzG0iRpiSS23yP U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAAg/P06rRDoI/2dsb2JhbABCpzV3gUABAQEBAgESAScCATwFDQEIgR0BAQQBDQUih0ucUAGdTIZGBIdciyaFEYt3
X-IronPort-AV: E=Sophos;i="4.67,334,1309737600"; d="scan'208";a="10639075"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by rcdn-iport-4.cisco.com with ESMTP; 08 Aug 2011 01:43:53 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p781hrA4002617; Mon, 8 Aug 2011 01:43:53 GMT
Received: from xmb-sjc-214.amer.cisco.com ([171.70.151.145]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675);  Sun, 7 Aug 2011 18:43:53 -0700
Received: from 10.32.246.212 ([10.32.246.212]) by xmb-sjc-214.amer.cisco.com ([171.70.151.145]) with Microsoft Exchange Server HTTP-DAV ;  Mon,  8 Aug 2011 01:43:52 +0000
User-Agent: Microsoft-Entourage/12.30.0.110427
Date: Sun, 07 Aug 2011 18:43:54 -0700
From: Sri Gundavelli <sgundave@cisco.com>
To: Tero Kivinen <kivinen@iki.fi>, <iesg@ietf.org>, <secdir@ietf.org>
Message-ID: <CA648D6A.23B39%sgundave@cisco.com>
Thread-Topic: Review of draft-gundavelli-v6ops-pmipv6-address-reservations-00
Thread-Index: AcxVbKFsELdODFTpp0+9wSeQYlI+Uw==
In-Reply-To: <20030.60033.707219.106399@fireball.kivinen.iki.fi>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 08 Aug 2011 01:43:53.0093 (UTC) FILETIME=[A0E28350:01CC556C]
X-Mailman-Approved-At: Mon, 08 Aug 2011 08:47:26 -0700
Cc: draft-gundavelli-v6ops-pmipv6-address-reservations.all@tools.ietf.org
Subject: Re: [secdir] Review of draft-gundavelli-v6ops-pmipv6-address-reservations-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 01:43:31 -0000

Hi Tero:

> Only thing that seems bit odd, that there is no obvious point where
> the allocated reserved IANA values would be inserted, so I do not know
> whether the final values will be put to the RFC or whether users of
> them need to go to the IANA registries to find the values. If users
> are required to find the values from the IANA registries, adding
> direct pointer to the registry might be useful.


Thanks for your review. This document upon getting published should stand as
the reference for the assigned/reserved values. The below IANA section
should reflect the assigned/reserved values. It also identifies the
registries from which the value will be assigned.

"  This document requires the following two IANA actions.

   o  Action-1: This specification reserves an IPv6 interface identifier
      for Proxy Mobile IPv6 [RFC5213].  This fixed identifier needs to
      be reserved from the registry, "Reserved IPv6 Interface
      Identifiers".

   o  Action-2: This specification reserves a IANA Ethernet unicast
      address for Proxy Mobile IPv6.  This address needs to be reserved
      from the block.  "IANA Ethernet Address block - Unicast Use".
"

Probably, the main section of the document can also reflect the assigned
value. It currently says, the values will be assigned, but the following
rewording should make it more clear.

----
OLD:
This specification reserves an IPv6 interface identifier for Proxy Mobile
IPv6 [RFC5213]. 

NEW:
This specification reserves the IPv6 interface identifier, <IANA-1>, for the
use of Proxy Mobile IPv6 [RFC5213].
---
OLD:
Furthermore, this specification also reserves a IANA Ethernet unicast
address for Proxy Mobile IPv6 use.

NEW:
Furthermore, this specification also reserves the Ethernet unicast address,
IANA-2, for the use of Proxy Mobile IPv6.
----

Does this help ?

Regards
Sri





On 8/7/11 12:41 PM, "Tero Kivinen" <kivinen@iki.fi> wrote:

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> This document does two IANA allocations, one for the reserved IPv6
> interface identifier for Proxy Mobile IPv6 and another for the
> reserved IANA Ethernet unicast address for the Proxy Mobile IPv6. The
> security considerations section points to the Proxy Mobile IPv6 RFC
> (RFC5213) and Reserved IPv6 Interface Identifiers RFC (RFC 5453)
> saying there is no additional security considerations known at this
> point of time beyond them.
> 
> Only thing that seems bit odd, that there is no obvious point where
> the allocated reserved IANA values would be inserted, so I do not know
> whether the final values will be put to the RFC or whether users of
> them need to go to the IANA registries to find the values. If users
> are required to find the values from the IANA registries, adding
> direct pointer to the registry might be useful. 


From clonvick@cisco.com  Mon Aug  8 13:52:14 2011
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BF4B21F884E; Mon,  8 Aug 2011 13:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level: 
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTNQUq14HcwA; Mon,  8 Aug 2011 13:52:13 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id A1BA821F8841; Mon,  8 Aug 2011 13:52:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=1177; q=dns/txt; s=iport; t=1312836760; x=1314046360; h=date:from:to:subject:message-id:mime-version; bh=ER2mIDbbrPIIYo6NmfFrz+PeqKnpGSjR6KI/YekfhNY=; b=DcqoVjw5a1EuiUgqw6EcQEc1XvA9PSteW9CKwHBB36kiW1g0AiP3hEYj OA0uhYcow5ezUqK37Ss6Q02kBMD2jxvtzZilljdhx0+5ftvEZidMW50JZ MutyAunB6n1+JHuTmiQIZlXInKNhkipKds7ZwuSVKfYEaEUycrsrw/+NB 4=;
X-IronPort-AV: E=Sophos;i="4.67,339,1309737600"; d="scan'208";a="10981856"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by rcdn-iport-5.cisco.com with ESMTP; 08 Aug 2011 20:52:40 +0000
Received: from sjc-cde-021.cisco.com (sjc-cde-021.cisco.com [171.69.20.56]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p78Kqdqw009359; Mon, 8 Aug 2011 20:52:39 GMT
Date: Mon, 8 Aug 2011 13:52:39 -0700 (PDT)
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-pim-hello-intid-01.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>
Message-ID: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 20:52:14 -0000

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Overall I find the document to be of good quality and I agree that the 
security considerations section is adequate.

While PIM is certainly not my strong suit the document is understandable 
except for the following paragraph from Section 2.1:

    The Local Interface Identifier MUST be non-zero.  The reason for
    this, is that some protocols may want to only optionally refer to an
    Interface using the Interface Identifier Hello option, and use the
    value of 0 to show that it is not referred to.  Note that the value
    of 0 is not a valid ifIndex as defined in [RFC1213].

This seems to be saying that the Local Interface Identifier must not be 0, 
except when some protocol wants to use the Interface Identifier Hello to 
not refer to any actual interface.  Which leaves me confused.

Regards,
Chris

From clonvick@cisco.com  Mon Aug  8 13:58:58 2011
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F78311E80B4; Mon,  8 Aug 2011 13:58:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.599
X-Spam-Level: 
X-Spam-Status: No, score=-104.599 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id adBUiUwSD-Fv; Mon,  8 Aug 2011 13:58:57 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id BB55F11E80AE; Mon,  8 Aug 2011 13:58:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=1605; q=dns/txt; s=iport; t=1312837165; x=1314046765; h=date:from:to:subject:in-reply-to:message-id:references: mime-version; bh=oprCJ30nEMsOIenroh/j/jelL9PpgFIgSSPXXutWYD8=; b=AdpHar2DDx7kTSu2S/p5u8KhpguZ1nAKA7d/eq+JCVWMDQy1ad+h0+vx wOraeX/b2pI4+VmuUXBBpO7J2dEPog0fgWCg/NYEXkN7+FqeKnHBeMAiz taszB9hKEkUxkylenyatliL6fxwV7xH23r+IWpV17o9blss1Lu0sAaCsV 4=;
X-IronPort-AV: E=Sophos;i="4.67,339,1309737600"; d="scan'208";a="10984562"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by rcdn-iport-5.cisco.com with ESMTP; 08 Aug 2011 20:59:24 +0000
Received: from sjc-cde-021.cisco.com (sjc-cde-021.cisco.com [171.69.20.56]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p78KxNeG029466; Mon, 8 Aug 2011 20:59:23 GMT
Date: Mon, 8 Aug 2011 13:59:23 -0700 (PDT)
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-pim-hello-intid.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>
In-Reply-To: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com>
Message-ID: <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com>
References: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2011 20:58:58 -0000

Hi,

Resending because I keep forgetting to remove the "-xx" from the document 
title to make the mailer happy.

Thanks,
Chris

On Mon, 8 Aug 2011, Chris Lonvick wrote:

> Hi,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> Overall I find the document to be of good quality and I agree that the 
> security considerations section is adequate.
>
> While PIM is certainly not my strong suit the document is understandable 
> except for the following paragraph from Section 2.1:
>
>    The Local Interface Identifier MUST be non-zero.  The reason for
>    this, is that some protocols may want to only optionally refer to an
>    Interface using the Interface Identifier Hello option, and use the
>    value of 0 to show that it is not referred to.  Note that the value
>    of 0 is not a valid ifIndex as defined in [RFC1213].
>
> This seems to be saying that the Local Interface Identifier must not be 0, 
> except when some protocol wants to use the Interface Identifier Hello to not 
> refer to any actual interface.  Which leaves me confused.
>
> Regards,
> Chris
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>

From warren@kumari.net  Mon Aug  8 20:06:38 2011
Return-Path: <warren@kumari.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 953E211E808F; Mon,  8 Aug 2011 20:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OteLJ7j7UFb7; Mon,  8 Aug 2011 20:06:38 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 1ED2211E8070; Mon,  8 Aug 2011 20:06:37 -0700 (PDT)
Received: from [192.168.1.4] (24-104-73-2-ip-static.hfc.comcastbusiness.net [24.104.73.2]) by vimes.kumari.net (Postfix) with ESMTPSA id 3ED961B40CC6; Mon,  8 Aug 2011 23:07:04 -0400 (EDT)
From: Warren Kumari <warren@kumari.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 8 Aug 2011 20:07:02 -0700
Message-Id: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net>
To: secdir@ietf.org, iesg@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Cc: draft-yount-krb-cred-clear-text.all@tools.ietf.org
Subject: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 03:06:38 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the Security =
Area
Directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document formalizes the unencrypted form of the KRB-CRED message.

I am not a Kerberos expert (nor do I play one on TV) so this review is =
going to have limited value.

I am unclear as to whether there is a need for this facility -- there =
could be additional explanation and justification for why this is =
needed. Assuming that there is a need for this, the document seems well =
written.

The Security Considerations section outlines risks incurred by not =
having encryption, and specifies that this must only be used with a =
transport such as TLS that provides integrity and confidentiality. What =
is unclear from the security considerations section is that this =
transport must provide end to end security -- for example an IPSec VPN =
provides "a transport where sender and recipient identities can been =
established be known to each other and provides confidentiality and =
integrity.", but presumably the intent is that the encryption be between =
the applications -- IMO this should be clarified.=20

I feel that there should advice provided regarding under what conditions =
use of this is appropriate -- but, than again, maybe this is obvious to =
someone who actually understands Kerberos :-P

Nit:
Section 3:
  s/MUST BE/MUST be/

W





From kathleen.moriarty@emc.com  Tue Aug  9 06:43:39 2011
Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B8B21F8A7B for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 06:43:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level: 
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYn+p-vpT6lv for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 06:43:39 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id D510B21F8A62 for <secdir@ietf.org>; Tue,  9 Aug 2011 06:43:38 -0700 (PDT)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p79Di3Pn011147 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Aug 2011 09:44:04 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd04.lss.emc.com [10.254.222.226]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Tue, 9 Aug 2011 09:40:51 -0400
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p79DejYK009416; Tue, 9 Aug 2011 09:40:50 -0400
Received: from mx06a.corp.emc.com ([169.254.1.199]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Tue, 9 Aug 2011 09:40:49 -0400
From: <kathleen.moriarty@emc.com>
To: <secdir@ietf.org>, <draft-ietf-hybi-thewebsocketprotocol.all@tools.ietf.org>
Date: Tue, 9 Aug 2011 09:40:48 -0400
Thread-Topic: Review of draft-ietf-hybi-thewebsocketprotocol-10
Thread-Index: AcxWmfJhGmz5s5NJRjOvSfjSk3FwEA==
Message-ID: <AE31510960917D478171C79369B660FA0E05485F1E@MX06A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Cc: ifette+ietf@google.com
Subject: [secdir] Review of draft-ietf-hybi-thewebsocketprotocol-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 13:43:39 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Description: The WebSocket protocol consists of an opening
   handshake followed by basic message framing, layered over TCP.  The
   goal of this technology is to provide a mechanism for browser-based
   applications that need two-way communication with servers that does
   not rely on opening multiple HTTP connections (e.g. using
   XMLHttpRequest or <iframe>s and long polling).


This document is ready once the security considerations identified in the G=
en-ART review are addressed.

Note: The Gen-ART review covered some security and protocol semantics alrea=
dy, thank you Richard.  Richard identified some subtle security issues and =
developed the "masking" concept in the draft.  It looks like his review fro=
m Gen-ART is also on version 10, so I am not certain if his considerations =
were addressed fully yet.

There are a few 'catch all' paragraphs in the security section to enforce t=
he need for secure coding - making sure the server only accepts what it is =
supposed to accept (but just at a high level).  They also hit upon the use =
of proxies and what can happen in the middle.


Best regards,
Kathleen


From alexey.melnikov@isode.com  Tue Aug  9 06:50:40 2011
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3F321F8A30 for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 06:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.567
X-Spam-Level: 
X-Spam-Status: No, score=-102.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fp2dHrOsvLgD for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 06:50:39 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by ietfa.amsl.com (Postfix) with ESMTP id 87CDF21F8B7B for <secdir@ietf.org>; Tue,  9 Aug 2011 06:50:38 -0700 (PDT)
Received: from [188.28.117.11] (188.28.117.11.threembb.co.uk [188.28.117.11])  by rufus.isode.com (submission channel) via TCP with ESMTPA  id <TkE7RQALhAOr@rufus.isode.com>; Tue, 9 Aug 2011 14:51:04 +0100
Message-ID: <4E413B4D.9090309@isode.com>
Date: Tue, 09 Aug 2011 14:51:09 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090303 SeaMonkey/1.1.15
To: kathleen.moriarty@emc.com
References: <AE31510960917D478171C79369B660FA0E05485F1E@MX06A.corp.emc.com>
In-Reply-To: <AE31510960917D478171C79369B660FA0E05485F1E@MX06A.corp.emc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-hybi-thewebsocketprotocol.all@tools.ietf.org, ifette+ietf@google.com, secdir@ietf.org
Subject: Re: [secdir] Review of draft-ietf-hybi-thewebsocketprotocol-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 13:50:40 -0000

Hi Kathleen,
Thank you for the review.
 
kathleen.moriarty@emc.com wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> Description: The WebSocket protocol consists of an opening
>    handshake followed by basic message framing, layered over TCP.  The
>    goal of this technology is to provide a mechanism for browser-based
>    applications that need two-way communication with servers that does
>    not rely on opening multiple HTTP connections (e.g. using
>    XMLHttpRequest or <iframe>s and long polling).
>
>
> This document is ready once the security considerations identified in the Gen-ART review are addressed.
>
> Note: The Gen-ART review covered some security and protocol semantics already, thank you Richard.  Richard identified some subtle security issues and developed the "masking" concept in the draft.  It looks like his review from Gen-ART is also on version 10, so I am not certain if his considerations were addressed fully yet.
>   
The purpose of masking will be clarified, hopefully in -11.

I think the WG either agreed to Richard's issues, or agreed to disagree. 
They were discussed in details in the HYBI WG meeting in Quebec.
> There are a few 'catch all' paragraphs in the security section to enforce the need for secure coding - making sure the server only accepts what it is supposed to accept (but just at a high level).  They also hit upon the use of proxies and what can happen in the middle.
>
>
> Best regards,
> Kathleen
>
>   


From carl@redhoundsoftware.com  Tue Aug  9 09:54:48 2011
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB2B21F8634; Tue,  9 Aug 2011 09:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.288
X-Spam-Level: 
X-Spam-Status: No, score=-3.288 tagged_above=-999 required=5 tests=[AWL=-0.312, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOlorQo3EZk8; Tue,  9 Aug 2011 09:54:47 -0700 (PDT)
Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com [209.85.210.45]) by ietfa.amsl.com (Postfix) with ESMTP id 67B5321F8610; Tue,  9 Aug 2011 09:54:47 -0700 (PDT)
Received: by pzk33 with SMTP id 33so475086pzk.18 for <multiple recipients>; Tue, 09 Aug 2011 09:55:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.166.11 with SMTP id o11mr6679389wfe.170.1312908916246; Tue, 09 Aug 2011 09:55:16 -0700 (PDT)
Received: by 10.143.30.17 with HTTP; Tue, 9 Aug 2011 09:55:16 -0700 (PDT)
X-Originating-IP: [67.242.104.93]
In-Reply-To: <CA66D032.486B%forte@att.com>
References: <CA619C69.83D2%carl@redhoundsoftware.com> <CA66D032.486B%forte@att.com>
Date: Tue, 9 Aug 2011 12:55:16 -0400
Message-ID: <CAGNP4BnJRg4M2+Ja74yUBA9b=BSf7hObTFDS2feBfDX038-96w@mail.gmail.com>
From: Carl Wallace <carl@redhoundsoftware.com>
To: "Andrea G. Forte" <forte@att.com>
Content-Type: multipart/alternative; boundary=000e0cd2e3289348bf04aa156d4d
Cc: draft-forte-lost-extensions.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-forte-lost-extensions-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 16:54:48 -0000

--000e0cd2e3289348bf04aa156d4d
Content-Type: text/plain; charset=ISO-8859-1

A few responses are inline.  Generally your responses are fine but I think
including your thoughts in the draft would be helpful.

On Tue, Aug 9, 2011 at 12:33 PM, Andrea G. Forte <forte@att.com> wrote:

> <snip>
> >
> >
> >The draft does not discuss error handling at all.  Some types of errors
> >associated with the extensions do not seem to fit into the errors
> >described in RFC 5222.  For example, could a server return an error when a
> >requested area was too large for a query?  Is the server allowed to place
> >its own limits less than a client requests?  These concerns may not arise
> >in
> >the 5222 context, where non-overlapping service regions are a mitigation.
>
>
> [AGF]
> I am not convinced we need additional error messages.
> Generally speaking, I do not think the draft should limit what the server
> can do with its content. Given a large area, a server could decide to
> return the highest rated POIs only, or perhaps a fixed subset, or all of
> them. I do not think that we can classify such behaviors as LoST errors.
> These seem to be policy issues rather than errors.
>
> [CW] It doesn't seem necessarily true to me that the extensions do not
introduce new error conditions, but highlighting the expectation that a
server can adjust a request in order to provide service would be helpful.
 Does there need to be some means for the server to indicate to the client
that there may be some additional related responses that can't be retrieved
using the provided request?  If not, it seems like there may be some blind
spots for some queries.


> >
> >Given the commercial focus of the draft, the potential for stale
> >information to be returned by a server seems high and probably worth a
> >mention.  For example, a pizza service may have closed.
>
>
> [AGF]
> This draft addresses extensions to the protocol used to convey information
> about location-based services. The way this information is maintained is
> out of scope.
> Similarly, for emergency services, if the boundaries of a PSAP change they
> have to be updated in the DB used by the LoST server. The way these are
> updated is not in the scope of RFC5222.
>
> [CW]
My point was the information is likely more volatile in the commercial
context and noting this is worthwhile since the issues probably does not
arise (at least as frequently) in the RFC 5222 context.  As with the others,
it seems worth noting somewhere even if the way the update is performed is
out of scope.


> <snip>
>

--000e0cd2e3289348bf04aa156d4d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div>A few responses are inline. =A0Generally your responses are fine but I=
 think including your thoughts in the draft would be helpful.</div><br><div=
 class=3D"gmail_quote">On Tue, Aug 9, 2011 at 12:33 PM, Andrea G. Forte <sp=
an dir=3D"ltr">&lt;<a href=3D"mailto:forte@att.com">forte@att.com</a>&gt;</=
span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;"><div class=3D"im">&lt;snip&gt;
</div><div class=3D"im">&gt;<br>
&gt;<br>
&gt;The draft does not discuss error handling at all. =A0Some types of erro=
rs<br>
&gt;associated with the extensions do not seem to fit into the errors<br>
&gt;described in RFC 5222. =A0For example, could a server return an error w=
hen a<br>
&gt;requested area was too large for a query? =A0Is the server allowed to p=
lace<br>
&gt;its own limits less than a client requests? =A0These concerns may not a=
rise<br>
&gt;in<br>
&gt;the 5222 context, where non-overlapping service regions are a mitigatio=
n.<br>
<br>
<br>
</div>[AGF]<br>
I am not convinced we need additional error messages.<br>
Generally speaking, I do not think the draft should limit what the server<b=
r>
can do with its content. Given a large area, a server could decide to<br>
return the highest rated POIs only, or perhaps a fixed subset, or all of<br=
>
them. I do not think that we can classify such behaviors as LoST errors.<br=
>
These seem to be policy issues rather than errors.<br>
<div class=3D"im"><br></div></blockquote><div>[CW] It doesn&#39;t seem nece=
ssarily true to me that the extensions do not introduce new error condition=
s, but highlighting the expectation that a server can adjust a request in o=
rder to provide service would be helpful. =A0Does there need to be some mea=
ns for the server to indicate to the client that there may be some addition=
al related responses that can&#39;t be retrieved using the provided request=
? =A0If not, it seems like there may be some blind spots for some queries.<=
/div>
<div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex;"><div class=3D"im">
<br>
&gt;<br>
&gt;Given the commercial focus of the draft, the potential for stale<br>
&gt;information to be returned by a server seems high and probably worth a<=
br>
&gt;mention. =A0For example, a pizza service may have closed.<br>
<br>
<br>
</div>[AGF]<br>
This draft addresses extensions to the protocol used to convey information<=
br>
about location-based services. The way this information is maintained is<br=
>
out of scope.<br>
Similarly, for emergency services, if the boundaries of a PSAP change they<=
br>
have to be updated in the DB used by the LoST server. The way these are<br>
updated is not in the scope of RFC5222.<br>
<div class=3D"im"><br></div></blockquote><div>[CW]</div><div>My point was t=
he information is likely more volatile in the commercial context and noting=
 this is worthwhile since the issues probably does not arise (at least as f=
requently) in the RFC 5222 context. =A0As with the others, it seems worth n=
oting somewhere even if the way the update is performed is out of scope. =
=A0</div>
<div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex;"><div class=3D"im">&lt;snip&gt=
;</div></blockquote></div>

--000e0cd2e3289348bf04aa156d4d--

From kent@bbn.com  Tue Aug  9 12:12:44 2011
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2BD321F8C13 for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 12:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.614
X-Spam-Level: 
X-Spam-Status: No, score=-106.614 tagged_above=-999 required=5 tests=[AWL=-0.016, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Ve24w19-ynE for <secdir@ietfa.amsl.com>; Tue,  9 Aug 2011 12:12:43 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB2921F8CB3 for <secdir@ietf.org>; Tue,  9 Aug 2011 12:12:43 -0700 (PDT)
Received: from dhcp89-089-043.bbn.com ([128.89.89.43]:49201) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Qqrjk-000Jyi-4C for secdir@ietf.org; Tue, 09 Aug 2011 15:13:12 -0400
Mime-Version: 1.0
Message-Id: <p06240806ca6737102dc7@[128.89.89.43]>
Date: Tue, 9 Aug 2011 15:13:09 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-899205305==_ma============"
Subject: [secdir] draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 19:12:44 -0000

--============_-899205305==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

This is a quick re-check.

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document (draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt) 
compares group keying vs. per-neighbor or per-interface keying 
options for RSVP. It also examines the applicability of various 
protocol security mechanisms (e.g., IPsec and the RSVP INTEGRITY 
object) in different "trust" contexts, and for different RSVP message 
types.

This is a very well-written document. The Security Consideration 
section is but one sentence, because the whole document is an 
analysis of security issues associated with key management and 
protocol options for RSVP security. I wish more documents were of 
this quality!
--============_-899205305==_ma============
Content-Type: text/html; charset="us-ascii"

<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
 --></style><title>draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt</title
></head><body>
<div><font size="+1" color="#000000">This is a quick
re-check.</font></div>
<div><font size="+1" color="#000000"><br></font></div>
<div><font size="+1" color="#000000">I reviewed this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.&nbsp; These comments were
written primarily for the benefit of the security area directors.&nbsp;
Document editors and WG chairs should treat these comments just like
any other last call comments.</font><br>
<font size="+1" color="#000000"></font></div>
<div><font size="+1" color="#000000">This document
(draft-ietf-tsvwg-rsvp-security-groupkeying-10.txt) compares group
keying vs. per-neighbor or per-interface keying options for RSVP. It
also examines the applicability of various protocol security
mechanisms (e.g., IPsec and the RSVP INTEGRITY object) in different
"trust" contexts, and for different RSVP message types.<br>
<br>
This is a<u> very well-written</u> document. The Security
Consideration section is but one sentence, because the whole document
is an analysis of security issues associated with key management and
protocol options for RSVP security. I wish more documents were of this
quality!</font></div>
</body>
</html>
--============_-899205305==_ma============--

From derek@ihtfp.com  Tue Aug  9 15:00:02 2011
Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2851721F86D7; Tue,  9 Aug 2011 15:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.988
X-Spam-Level: 
X-Spam-Status: No, score=-101.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlNs6JNaaB4l; Tue,  9 Aug 2011 15:00:01 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id 4E88421F86B6; Tue,  9 Aug 2011 15:00:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id E359B2602BC; Tue,  9 Aug 2011 18:00:29 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 06816-06; Tue,  9 Aug 2011 18:00:28 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [192.168.248.158]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id BF55E260230; Tue,  9 Aug 2011 18:00:28 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id p79M0SYE030065; Tue, 9 Aug 2011 18:00:28 -0400
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Tue, 09 Aug 2011 18:00:28 -0400
Message-ID: <sjmr54uutxf.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: pthubert@cisco.com, roll-chairs@tools.ietf.org
Subject: [secdir] sec-dir review of draft-ietf-roll-of0-15.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 22:00:02 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

   The Routing Protocol for Low Power and Lossy Networks (RPL)
   specification defines a generic Distance Vector protocol that is
   adapted to a variety of networks types by the application of specific
   Objective Functions.  An Objective Function defines how a RPL node
   selects and optimizes routes within a RPL Instance based on the
   information objects available.  This document specifies a basic
   Objective Function that relies only on the objects that are defined
   in RPL and does not use any extension.

The security considerations section references the same I.D. twice:

   described in [I-D.ietf-roll-rpl] and [I-D.ietf-roll-rpl].  This

I suspect that the second instance is a typo and instead it should
refer to a different specification?

Beyond that, I see no security issues with this document.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

From kent@bbn.com  Wed Aug 10 11:51:46 2011
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040F721F8B13 for <secdir@ietfa.amsl.com>; Wed, 10 Aug 2011 11:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psRnX7FgSl7B for <secdir@ietfa.amsl.com>; Wed, 10 Aug 2011 11:51:45 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 65CE921F8B1B for <secdir@ietf.org>; Wed, 10 Aug 2011 11:51:44 -0700 (PDT)
Received: from dhcp89-089-043.bbn.com ([128.89.89.43]:49219) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1QrDt2-000PuJ-8F for secdir@ietf.org; Wed, 10 Aug 2011 14:52:16 -0400
Mime-Version: 1.0
Message-Id: <p0624080aca6883578cf1@[128.89.89.43]>
Date: Wed, 10 Aug 2011 14:52:14 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/mixed; boundary="============_-899120161==_============"
Subject: [secdir] secdir review of draft-ietf-karp-threats-reqs-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2011 18:51:46 -0000

--============_-899120161==_============
Content-Type: multipart/alternative; boundary="============_-899120161==_ma============"

--============_-899120161==_ma============
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

I reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document (draft-ietf-karp-threats-reqs-03) is a document 
intended to help guide protocol development in the KARP WG. The 
abstract states  "This document has two main parts - the first 
describes the threat analysis for attacks against routing protocols' 
transports and the second enumerates the requirements for addressing 
the described threats." The threat analysis is VERY badly written; it 
is a hodgepodge of attack discussions, using mostly non-standard 
security terminology, and peppered with a lot of redundant 
statements. The requirements discussion is somewhat better, but also 
suffers from use of poor terminology, an ad hoc approach to 
organization, and substantial redundancy. I have provided extensive 
comments and some questions in the attached PDF (an MS Word change 
tracked version of the document). The comments are so extensive as to 
not admit discussion in this message.

Section 1.1 provides definitions for terms used in the document, and 
it has a number of problems. I suggest that the authors refer to NIST 
SP 800 series documents for definitions of terms associated with 
cryptographic keying, and to the IETF Security Glossary (RFC 4949) 
for other security terms. Also, many terms are used in the threat 
discussion (Section 2) that should be described based on the 4949 
glossary, rather than what appear to be author-generated definitions.
The goals discussion (Section 1.5) is one of the few sections of the 
document without major problems (other than editing).

This document needs to be sent back to the WG for substantial revision.

Steve
--============_-899120161==_ma============
Content-Type: text/html; charset="us-ascii"

<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
 --></style><title>secdir review of
draft-ietf-karp-threats-reqs-03</title></head><body>
<div><font size="+1" color="#000000">I reviewed this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.&nbsp; These comments were
written primarily for the benefit of the security area directors.&nbsp;
Document editors and WG chairs should treat these comments just like
any other last call comments.</font><br>
</div>
<div><font size="+1" color="#000000">This document
(draft-ietf-karp-threats-reqs-03) is a document intended to help guide
protocol development in the KARP WG. The abstract states&nbsp; "This
document has two main parts - the first describes the threat analysis
for attacks against routing protocols' transports and the second
enumerates the requirements for addressing the described threats."
The threat analysis is VERY badly written; it is a hodgepodge of
attack discussions, using mostly non-standard security terminology,
and peppered with a lot of redundant statements. The requirements
discussion is somewhat better, but also suffers from use of poor
terminology, an ad hoc approach to organization, and substantial
redundancy. I have provided extensive comments and some questions in
the attached PDF (an MS Word change tracked version of the document).
The comments are so extensive as to not admit discussion in this
message.<br>
<br>
Section 1.1 provides definitions for terms used in the document, and
it has a number of problems. I suggest that the authors refer to NIST
SP 800 series documents for definitions of terms associated with
cryptographic keying, and to the IETF Security Glossary (RFC 4949) for
other security terms. Also, many terms are used in the threat
discussion (Section 2) that should be described based on the 4949
glossary, rather than what appear to be author-generated
definitions.<br>
The goals discussion (Section 1.5) is one of the few sections of the
document without major problems (other than editing).<br>
<br>
This document needs to be sent back to the WG for substantial
revision.<br>
<br>
Steve</font></div>
</body>
</html>
--============_-899120161==_ma============--
--============_-899120161==_============
Content-Id: <p0624080aca6883578cf1@[128.89.89.43].0.0>
Content-Type: application/msword; name="draft-ietf-karp-threats-reqs-03.doc"
 ; x-mac-type="5738424E"
 ; x-mac-creator="4D535744"
Content-Disposition: attachment; filename="draft-ietf-karp-threats-reqs-03.doc"
Content-Transfer-Encoding: base64

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAEAAAAowEA
AAAAAAAAEAAApQEAAAEAAAD+////AAAAAJ8BAACgAQAAoQEAAKIBAAD/////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
///spcEAgYEJBAAA8BK/AAAAAAABEQABAAEACAAAEhABAA4AYmpiarXMtcwAAAAAAAAA
AAAAAAAAAAAAAAAJBBYAJMQCANemAADXpgAAFt0AAAAAAAAAAAAAAAAAAPsqAAAAAAAA
AAAAAAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAAAAAAAAAAA
ALcAAAAAABgIAAAAAAAAGAgAANkVAAAAAAAA2RUAAAAAAADzFQAAbg0AAHsqAACcAQAA
FywAABQAAAAAAAAAAAAAACssAAAAAAAAKywAAAAAAAArLAAAAAAAACssAAAAAAAAKywA
AOQAAAAPLQAAzAEAACssAAAAAAAArD0AANwBAADbLgAAAAAAANsuAAAAAAAA2y4AAAAA
AADbLgAAAAAAANsuAAAAAAAA2y4AAAAAAADbLgAAAAAAANsuAAAAAAAAKT0AAAIAAAAr
PQAAAAAAACs9AAAAAAAAKz0AAAAAAAArPQAAAAAAACs9AAAAAAAAKz0AAAAAAACIPwAA
ogIAACpCAABaAAAAKz0AABUAAAAAAAAAAAAAAAAAAAAAAAAA2RUAABoAAADbLgAAwgQA
AAAAAAAAAAAAAAAAAAAAAADbLgAAAAAAANsuAAAAAAAAnTMAACwDAADJNgAAmAEAACs9
AAAAAAAA8TwAAAAAAADZFQAAAAAAANkVAAAAAAAA2y4AAAAAAAAAAAAAAAAAANsuAAAA
AAAAQD0AADAAAADxPAAAAAAAAPE8AAAAAAAA8TwAAAAAAABhOAAAkAQAANkVAAAAAAAA
2y4AAAAAAADZFQAAAAAAANsuAAAAAAAAKT0AAAAAAAAAAAAAAAAAAPE8AAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2y4AAAAA
AAApPQAAAAAAAAAAAAAAAAAA8TwAAAAAAAAAAAAAAAAAAPE8AAAAAAAA2RUAAAAAAADZ
FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKfbuI1XzAEAAAAAAAAA
ACssAAAAAAAA8TwAAAAAAADxPAAAAAAAAAAAAAAAAAAADT0AABwAAABwPQAAPAAAAKw9
AAAAAAAA8TwAAAAAAACEQgAAAAAAAPE8AAAAAAAAhEIAAAAAAADxPAAAAAAAAPE8AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhIwAAGgcAAPE8AAAcAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANsuAAAAAAAA2y4AAAAAAADbLgAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//
//8AAAAA/////wAAAAD/////AAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAP////8A
AAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYCAAAhwwAAJ8UAAA6AQAABwAMAQ8ADQEAAAkE
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA0NDUtBUlAgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBHLiBMZWJvdml0eg1JbnRlcm5ldC1EcmFmdCAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEp1bmlwZXIgTmV0d29ya3Ms
IEluYy4NSW50ZW5kZWQgc3RhdHVzOiBJbmZvcm1hdGlvbmFsICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgTS4gQmhhdGlhDUV4cGlyZXM6IERlY2VtYmVyIDIwLCAy
MDExICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBbGNhdGVsLUx1Y2VudA0g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgUi4gV2hpdGUNICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBTeXN0ZW1zDSAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
SnVuZSAxOCwgMjAxMQ0NDVRoZSBUaHJlYXQgQW5hbHlzaXMgYW5kIFJlcXVpcmVtZW50
cyBmb3IgQ3J5cHRvZ3JhcGhpYyBBdXRoZW50aWNhdGlvbiBvZg0gICAgICAgICAgICAg
ICAgICAgICBSb3V0aW5nIFByb3RvY29scycgVHJhbnNwb3J0cw0gICAgICAgICAgICAg
ICAgICAgIGRyYWZ0LWlldGYta2FycC10aHJlYXRzLXJlcXMtMDMNDUFic3RyYWN0DQ0g
ICBEaWZmZXJlbnQgcm91dGluZyBwcm90b2NvbHMgZXhpc3QgYW5kIGVhY2ggZW1wbG95
cyBpdHMgb3duIG1lY2hhbmlzbQ0gICBmb3Igc2VjdXJpbmcgdGhlIHByb3RvY29sIHBh
Y2tldHMgb24gdGhlIHdpcmUuICBXaGlsZSBtb3N0IGFscmVhZHkNICAgaGF2ZSBzb21l
IG1ldGhvZCBmb3IgYWNjb21wbGlzaGluZyBjcnlwdG9ncmFwaGljIG1lc3NhZ2UNICAg
YXV0aGVudGljYXRpb24sIGluIG1hbnkgY2FzZXMgdGhlIGV4aXN0aW5nIG1ldGhvZHMg
YXJlIG91dGRhdGVkLA0gICB2dWxuZXJhYmxlIHRvIGF0dGFjaywgYW5kIGVtcGxveSBj
cnlwdG9ncmFwaGljIGFsZ29yaXRobXMgdGhhdCBoYXZlDSAgIGJlZW4gZGVwcmVjYXRl
ZC4gIFRoZSAiS2V5aW5nIGFuZCBBdXRoZW50aWNhdGlvbiBmb3IgUm91dGluZw0gICBQ
cm90b2NvbHMiIChLQVJQKSBlZmZvcnQgYWltcyB0byBvdmVyaGF1bCBhbmQgaW1wcm92
ZSB0aGVzZQ0gICBtZWNoYW5pc21zLg0NICAgVGhpcyBkb2N1bWVudCBoYXMgdHdvIG1h
aW4gcGFydHMgLSB0aGUgZmlyc3QgZGVzY3JpYmVzIHRoZSB0aHJlYXQNICAgYW5hbHlz
aXMgZm9yIGF0dGFja3MgYWdhaW5zdCByb3V0aW5nIHByb3RvY29scycgdHJhbnNwb3J0
cwUgYW5kIHRoZQ0gICBzZWNvbmQgZW51bWVyYXRlcyB0aGUgcmVxdWlyZW1lbnRzIGZv
ciBhZGRyZXNzaW5nIHRoZSBkZXNjcmliZWQNICAgdGhyZWF0cy4gIFRoaXMgZG9jdW1l
bnQsIGFsb25nIHdpdGggdGhlIEtBUlAgZGVzaWduIGd1aWRlIHdpbGwgYmUNICAgdXNl
ZCBieSBLQVJQIGRlc2lnbiB0ZWFtcyBmb3Igc3BlY2lmaWMgcHJvdG9jb2wgcmV2aWV3
IGFuZCBvdmVyaGF1bC4NICAgVGhpcyBkb2N1bWVudCByZWZsZWN0cyB0aGUgaW5wdXQg
b2YgYm90aCB0aGUgSUVURidzIFNlY3VyaXR5IEFyZWEgYW5kDSAgIFJvdXRpbmcgQXJl
YSBpbiBvcmRlciB0byBmb3JtIGEgam9pbnRseSBhZ3JlZWQgdXBvbiBndWlkYW5jZS4N
DVN0YXR1cyBvZiB0aGlzIE1lbW8NDSAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgaXMgc3Vi
bWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCB0aGUNICAgcHJvdmlzaW9ucyBv
ZiBCQ1AgNzggYW5kIEJDUCA3OS4NDSAgIEludGVybmV0LURyYWZ0cyBhcmUgd29ya2lu
ZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5nDSAgIFRhc2sgRm9y
Y2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmli
dXRlDSAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBs
aXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtDSAgIERyYWZ0cyBpcyBhdCBodHRwOi8vZGF0
YXRyYWNrZXIuaWV0Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLg0NICAgSW50ZXJuZXQtRHJh
ZnRzIGFyZSBkcmFmdCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXgg
bW9udGhzDSAgIGFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRl
ZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55DSAgIHRpbWUuICBJdCBpcyBpbmFwcHJv
cHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFmdHMgYXMgcmVmZXJlbmNlDSAgIG1hdGVy
aWFsIG9yIHRvIGNpdGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3b3JrIGluIHByb2dyZXNz
LiINDSAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gRGVjZW1iZXIg
MjAsIDIwMTEuDQ0NDUxlYm92aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1i
ZXIgMjAsIDIwMTEgICAgICAgICAgICAgICBbUGFnZSAxXQ0MDUludGVybmV0LURyYWZ0
ICAgICAgICBLQVJQIFRocmVhdHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1
bmUgMjAxMQ0NDUNvcHlyaWdodCBOb3RpY2UNDSAgIENvcHlyaWdodCAoYykgMjAxMSBJ
RVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBpZGVudGlmaWVkIGFzIHRoZQ0gICBkb2N1
bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC4NDSAgIFRoaXMgZG9jdW1l
bnQgaXMgc3ViamVjdCB0byBCQ1AgNzggYW5kIHRoZSBJRVRGIFRydXN0J3MgTGVnYWwN
ICAgUHJvdmlzaW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3VtZW50cw0gICAoaHR0cDov
L3RydXN0ZWUuaWV0Zi5vcmcvbGljZW5zZS1pbmZvKSBpbiBlZmZlY3Qgb24gdGhlIGRh
dGUgb2YNICAgcHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZp
ZXcgdGhlc2UgZG9jdW1lbnRzDSAgIGNhcmVmdWxseSwgYXMgdGhleSBkZXNjcmliZSB5
b3VyIHJpZ2h0cyBhbmQgcmVzdHJpY3Rpb25zIHdpdGggcmVzcGVjdA0gICB0byB0aGlz
IGRvY3VtZW50LiAgQ29kZSBDb21wb25lbnRzIGV4dHJhY3RlZCBmcm9tIHRoaXMgZG9j
dW1lbnQgbXVzdA0gICBpbmNsdWRlIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgdGV4dCBh
cyBkZXNjcmliZWQgaW4gU2VjdGlvbiA0LmUgb2YNICAgdGhlIFRydXN0IExlZ2FsIFBy
b3Zpc2lvbnMgYW5kIGFyZSBwcm92aWRlZCB3aXRob3V0IHdhcnJhbnR5IGFzDSAgIGRl
c2NyaWJlZCBpbiB0aGUgU2ltcGxpZmllZCBCU0QgTGljZW5zZS4NDQ1UYWJsZSBvZiBD
b250ZW50cw0NICAgMS4gIEludHJvZHVjdGlvbiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAzDSAgICAgMS4xLiAgVGVybWlub2xv
Z3kgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAg
Mw0gICAgIDEuMi4gIFJlcXVpcmVtZW50cyBMYW5ndWFnZSAgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gIDYNICAgICAxLjMuICBTY29wZSAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA2DSAgICAg
MS40LiAgSW5jcmVtZW50YWwgQXBwcm9hY2ggLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAgNw0gICAgIDEuNS4gIEdvYWxzICAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDgNICAgICAxLjYuICBO
b24tR29hbHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIDExDSAgICAgMS43LiAgQXVkaWVuY2UgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMQ0NICAgMi4gIFRocmVhdHMgIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IDEzDSAgICAgMi4xLiAgVGhyZWF0cyBJbiBTY29wZSAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxMw0gICAgIDIuMi4gIFRocmVhdHMgT3V0IG9m
IFNjb3BlIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMTUNDSAg
IDMuICBSZXF1aXJlbWVudHMgZm9yIFBoYXNlIDEgb2YgYSBSb3V0aW5nIFByb3RvY29s
IFRyYW5zcG9ydCdzDSAgICAgICBTZWN1cml0eSBVcGRhdGUgIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAxNw0NICAgNC4gIFNlY3VyaXR5
IENvbnNpZGVyYXRpb25zICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIDIyDQ0gICA1LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAgLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gMjMNDSAgIDYuICBBY2tub3dsZWRnZW1l
bnRzIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAy
NA0NICAgNy4gIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIDI1DSAgICAgNy4xLiAgTm9ybWF0aXZlIFJlZmVy
ZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyNQ0gICAg
IDcuMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5jZXMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gMjUNDSAgIEF1dGhvcnMnIEFkZHJlc3NlcyAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAyNw0NDQ0NDQ1MZWJv
dml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDIwLCAyMDExICAgICAg
ICAgICAgICAgW1BhZ2UgMl0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAgS0FSUCBUaHJl
YXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBKdW5lIDIwMTENDQ0xLiAgSW50
cm9kdWN0aW9uDQ0gICBJbiBNYXJjaCAyMDA2IHRoZSBJbnRlcm5ldCBBcmNoaXRlY3R1
cmUgQm9hcmQgKElBQikgaGVsZCBhIHdvcmtzaG9wDSAgIG9uIHRoZSB0b3BpYyBvZiAi
VW53YW50ZWQgSW50ZXJuZXQgVHJhZmZpYyIuICBUaGUgcmVwb3J0IGZyb20gdGhhdA0g
ICB3b3Jrc2hvcCBpcyBkb2N1bWVudGVkIGluIFtSRkM0OTQ4XS4gIFNlY3Rpb24gOC4x
IG9mIHRoYXQgZG9jdW1lbnQNICAgc3RhdGVzICJBIHNpbXBsZSByaXNrIGFuYWx5c2lz
IHdvdWxkIHN1Z2dlc3QgdGhhdCBhbiBpZGVhbCBhdHRhY2sNICAgdGFyZ2V0IG9mIG1p
bmltYWwgY29zdCBidXQgbWF4aW1hbCBkaXNydXB0aW9uIGlzIHRoZSBjb3JlIHJvdXRp
bmcNICAgaW5mcmFzdHJ1Y3R1cmUuIiAgU2VjdGlvbiA4LjIgY2FsbHMgZm9yICJbdF1p
Z2h0ZW5pbmcgdGhlIHNlY3VyaXR5IG9mDSAgIHRoZSBjb3JlIHJvdXRpbmcgaW5mcmFz
dHJ1Y3R1cmUuIiAgRm91ciBtYWluIHN0ZXBzIHdlcmUgaWRlbnRpZmllZA0gICBmb3Ig
dGhhdCB0aWdodGVuaW5nOg0NICAgbyAgTW9yZSBzZWN1cmUgbWVjaGFuaXNtcyBhbmQg
cHJhY3RpY2VzIGZvciBvcGVyYXRpbmcgcm91dGVycy4gIFRoaXMNICAgICAgd29yayBp
cyBiZWluZyBhZGRyZXNzZWQgaW4gdGhlIE9QU0VDIFdvcmtpbmcgR3JvdXAuDQ0gICBv
ICBDbGVhbmluZyB1cCB0aGUgSW50ZXJuZXQgUm91dGluZyBSZWdpc3RyeSByZXBvc2l0
b3J5IChJUlIpLCBhbmQNICAgICAgc2VjdXJpbmcgYm90aCB0aGUgZGF0YWJhc2UgYW5k
IHRoZSBhY2Nlc3MsIHNvIHRoYXQgaXQgY2FuIGJlIHVzZWQNICAgICAgZm9yIHJvdXRp
bmcgdmVyaWZpY2F0aW9ucy4gIFRoaXMgd29yayBzaG91bGQgYmUgYWRkcmVzc2VkIHRo
cm91Z2gNICAgICAgbGlhaXNvbnMgd2l0aCB0aG9zZSBydW5uaW5nIHRoZSBJUlIncyBn
bG9iYWxseS4NDSAgIG8gIFNwZWNpZmljYXRpb25zIGZvciBjcnlwdG9ncmFwaGljIHZh
bGlkYXRpb24gb2Ygcm91dGluZyBtZXNzYWdlDSAgICAgIGNvbnRlbnQuICBUaGlzIHdv
cmsgd2lsbCBsaWtlbHkgYmVpcyBiZWluZyBhZGRyZXNzZWQgaW4gdGhlIFNJRFIgV29y
a2luZw0gICAgICBHcm91cC4NDSAgIG8gIFNlY3VyaW5nIHRoZSByb3V0aW5nIHByb3Rv
Y29scycgcGFja2V0cyBvbiB0aGUgd2lyZQUNDSAgIFRoaXMgZG9jdW1lbnQgYWRkcmVz
c2VzIHRoZSBsYXN0IGl0ZW0gaW4gdGhlIGxpc3QgYWJvdmUsIHNlY3VyaW5nIHRoZQ0g
ICB0aGUgdHJhbnNtaXNzaW9uIG9mIHJvdXRpbmcgcHJvdG9jb2wgcGFja2V0cyBvbiB0
aGUgd2lyZSwgb3IgcmF0aGVyDSAgIHNlY3VyaW5nIHJvdXRpbmcgcHJvdG9jb2wgdHJh
bnNwb3J0BS4gIFRoaXMgZWZmb3J0IGlzIHJlZmVycmVkIHRvIGFzDSAgIEtleWluZyBh
bmQgQXV0aGVudGljYXRpb24gZm9yIFJvdXRpbmcgUHJvdG9jb2xzLCBvciAiS0FSUCIu
ICBUaGlzDSAgIGRvY3VtZW50IHNwZWNpZmljYWxseSBhZGRyZXNzZXMgdGhlIHRocmVh
dCBhbmFseXNpcyBmb3IgcGVyIHBhY2tldA0gICByb3V0aW5nIHByb3RvY29sIHRyYW5z
cG9ydCBhdXRoZW50aWNhdGlvbiAoYW5kIGludGVncml0eSksIGFuZCB0aGUgcmVxdWly
ZW1lbnRzIGZvcg0gICBwcm90b2NvbHMgdG8gbWl0aWdhdGUgdGhvc2UgdGhyZWF0cy4N
DSAgIFRoaXMgZG9jdW1lbnQgaXMgb25lIG9mIHR3byB0aGF0IHRvZ2V0aGVyIGZvcm0g
dGhlIGd1aWRhbmNlIGFuZA0gICBpbnN0cnVjdGlvbnMgZm9yIEtBUlAgZGVzaWduIHRl
YW1zIHdvcmtpbmcgdG8gb3ZlcmhhdWwgcm91dGluZw0gICBwcm90b2NvbCB0cmFuc3Bv
cnQgc2VjdXJpdHkuICBUaGUgb3RoZXIgZG9jdW1lbnQgaXMgdGhlIEtBUlAgRGVzaWdu
DSAgIEd1aWRlIFtJLUQuaWV0Zi1rYXJwLWRlc2lnbi1ndWlkZV0uDQ0xLjEuICBUZXJt
aW5vbG9neQ0NICAgV2l0aGluIHRoZSBzY29wZSBvZiB0aGlzIGRvY3VtZW50LCB0aGUg
Zm9sbG93aW5nIHdvcmRzLCB3aGVuDSAgIGJlZ2lubmluZyB3aXRoIGEgY2FwaXRhbCBs
ZXR0ZXIsIG9yIHNwZWxsZWQgaW4gYWxsIGNhcGl0YWxzLCBob2xkIHRoZQ0gICBtZWFu
aW5ncyBkZXNjcmliZWQgdG8gdGhlIHJpZ2h0IG9mIGVhY2ggdGVybS4gIElmIHRoZSBz
YW1lIHdvcmQgaXMNICAgdXNlZCB1bi1jYXBpdGFsaXplZCwgdGhlbiBpdCBpcyBpbnRl
bmRlZCB0byBoYXZlIGl0cyBjb21tb24gZW5nbGlzaEVuZ2xpc2gNICAgZGVmaW5pdGlv
bi4NDQ0NDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAy
MCwgMjAxMSAgICAgICAgICAgICAgIFtQYWdlIDNdDQwNSW50ZXJuZXQtRHJhZnQgICAg
ICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAgICAgICAgSnVuZSAy
MDExDQ0NICAgICAgUFNLIChQcmUtU2hhcmVkIEtleSkNDSAgICAgIEEga2V5IHVzZWQg
YnkgYm90aCBwZWVycyBpbiBhIHNlY3VyZSBjb25maWd1cmF0aW9uLiAgVXN1YWxseQ0g
ICAgICBleGNoYW5nZWQgb3V0LW9mLWJhbmQgcHJpb3IgdG8gYSBmaXJzdCBjb25uZWN0
aW9uBS4NDSAgICAgIFJvdXRpbmcgUHJvdG9jb2wNDSAgICAgIFdoZW4gdXNlZCB3aXRo
IGNhcGl0YWwgIlIiIGFuZCAiUCIgaW4gdGhpcyBkb2N1bWVudCB0aGUgdGVybQ0gICAg
ICByZWZlcnMgdGhlIFJvdXRpbmcgUHJvdG9jb2wgZm9yIHdoaWNoIHdvcmsgaXMgYmVp
bmcgZG9uZSB0bw0gICAgICBwcm92aWRlIG9yIGVuaGFuY2UgaXRzIHBlZXIgYXV0aGVu
dGljYXRpb24gbWVjaGFuaXNtcy4NDSAgICAgIFBSRg0NICAgICAgSW4gY3J5cHRvZ3Jh
cGh5LCBhIHBzZXVkb3JhbmRvbSBmdW5jdGlvbiBmYW1pbHksIGFiYnJldmlhdGVkIFBS
RiwNICAgICAgaXMgYSBjb2xsZWN0aW9uIG9mIGVmZmljaWVudGx5LWNvbXB1dGFibGUg
ZnVuY3Rpb25zIHdoaWNoIGVtdWxhdGUNICAgICAgYSByYW5kb20gb3JhY2xlIGluIHRo
ZSBmb2xsb3dpbmcgd2F5OiBObyBlZmZpY2llbnQgYWxnb3JpdGhtIGNhbg0gICAgICBk
aXN0aW5ndWlzaCAod2l0aCBzaWduaWZpY2FudCBhZHZhbnRhZ2UpIGJldHdlZW4gYSBm
dW5jdGlvbiBjaG9zZW4NICAgICAgcmFuZG9tbHkgZnJvbSB0aGUgUFJGIGZhbWlseSBh
bmQgYSByYW5kb20gb3JhY2xlIChhIGZ1bmN0aW9uIHdob3NlDSAgICAgIG91dHB1dHMg
YXJlIGZpeGVkIGRldGVybWluZWQgY29tcGxldGVseSBhdCByYW5kb20pLiAgSW5mb3Jt
YWxseSwgYSBQUkYgdGFrZXMNICAgICAgYSBzZWNyZXQga2V5IGFuZCBhIHNldCBvZiBp
bnB1dCB2YWx1ZXMgYW5kIHByb2R1Y2VzIHJhbmRvbS1zZWVtaW5nDSAgICAgIG91dHB1
dCB2YWx1ZXMgZm9yIGVhY2ggaW5wdXQgdmFsdWUuDQ0gICAgICBLREYgKEtleSBkZXJp
dmF0aW9uIGZ1bmN0aW9uKQ0NICAgICAgQSBLREYgaXMgYSBmdW5jdGlvbiBpbiB3aGlj
aCBhbiBpbnB1dCBrZXkgYW5kIG90aGVyIGlucHV0IGRhdGEgaXMNICAgICAgdXNlZCB0
byBnZW5lcmF0ZSAob3IgZGVyaXZlKSBrZXlpbmcgbWF0ZXJpYWwgdGhhdCBjYW4gYmUg
ZW1wbG95ZWQNICAgICAgYnkgY3J5cHRvZ3JhcGhpYyBhbGdvcml0aG1zLiAgVGhlIGtl
eSB0aGF0IGlzIGlucHV0IHRvIGEgS0RGIGlzDSAgICAgIGNhbGxlZCBhIGtleSBkZXJp
dmF0aW9uIGtleS4gIEtERnMgY2FuIGJlIHVzZWQgdG8gZ2VuZXJhdGUgb25lIG9yDSAg
ICAgIG1vcmUga2V5cyBmcm9tIGVpdGhlciAoaSkgYSB1bmlmb3JtbHkgdHJ1bHkgcmFu
ZG9tIG9yIHBzZXVkb3JhbmRvbSBzZWVkDSAgICAgIHZhbHVlIG9yIChpaSkgYSBEaWZm
aWUtSGVsbG1hbiBzaGFyZWQgc2VjcmV0BSBvciAoaWlpKSBhIG5vbi0NICAgICAgdW5p
Zm9ybSByYW5kb20gc291cmNlBSBvciAoaXYpIGEgcGFzc3BocmFzZQUuDQ0gICAgICBJ
ZGVudGlmaWVyDQ0gICAgICBUaGUgdHlwZSBhbmQgdmFsdWUgdXNlZCBieSBvbmUgcGVl
ciBvZiBhbiBhdXRoZW50aWNhdGVkBSBtZXNzYWdlDSAgICAgIGV4Y2hhbmdlIHRvIHNp
Z25pZnkgdG8gdGhlIG90aGVyIHBlZXIgd2hvIHRoZXkFIGFyZS4gIFRoZQ0gICAgICBJ
ZGVudGlmaWVyIGlzIHVzZWQgYnkgdGhlIHJlY2VpdmVyIGFzIGFuIGxvb2t1cCBpbmRl
eCBpbnRvIGEgdGFibGUNICAgICAgY29udGFpbmluZyBmdXJ0aGVyIGluZm9ybWF0aW9u
IGFib3V0IHRoZSBwZWVyIHRoYXQgaXMgcmVxdWlyZWQgdG8NICAgICAgY29udGludWUg
cHJvY2Vzc2luZyB0aGUgbWVzc2FnZSwgZm9yIGV4YW1wbGUgYSBTZWN1cml0eQ0gICAg
ICBBc3NvY2lhdGlvbiAoU0EpIG9yIGtleXMuDQ0gICAgICBJZGVudGl0eSBQcm9vZgUN
DSAgICAgIE9uY2UgdGhlIGZvcm0FIG9mIGlkZW50aXR5IGlzIGRlY2lkZWQsIHRoZW4g
dGhlcmUgbXVzdCBiZSBhDSAgICAgIGNyeXB0b2dyYXBoaWMgcHJvb2Ygb2YgdGhhdCBp
ZGVudGl0eSwgdGhhdCB0aGUgcGVlciByZWFsbHkgaXMgd2hvDSAgICAgIHRoZXkgYXNz
ZXJ0IHRoZW1zZWx2ZXMFIHRvIGJlLiAgUHJvb2Ygb2YgaWRlbnRpdHkgY2FuIGJlIGFy
cmFuZ2VkDSAgICAgIGJldHdlZW4FIHRoZSBwZWVycyBpbiBhIGZldyB3YXlzLCBmb3Ig
ZXhhbXBsZSBwcmUtc2hhcmVkIGtleXMsIHJhdw0gICAgICBhc3N5bWV0cmljYXN5bW1l
dHJpYyBrZXlzBSwgb3IgYSBtb3JlIHVzZXItZnJpZW5kbHkgcmVwcmVzZW50YXRpb24g
b2YNDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAyMCwg
MjAxMSAgICAgICAgICAgICAgIFtQYWdlIDRdDQwNSW50ZXJuZXQtRHJhZnQgICAgICAg
IEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAgICAgICAgSnVuZSAyMDEx
DQ0NICAgICAgYXNzeW1ldHJpY2FzeW1tZXRyaWMga2V5cywgc3VjaCBhcyBhIGNlcnRp
ZmljYXRlBS4gIENlcnRpZmljYXRlcyBjYW4gYmUgdXNlZA0gICAgICBpbiBhIHdheSBy
ZXF1aXJpbmcgbm8gYWRkaXRpb25hbCBzdXBwb3J0aW5nIHN5c3RlbXMgLS0gZS5nLiBw
dWJsaWMNICAgICAga2V5cyBmb3IgZWFjaCBwZWVyIGNhbiBiZSBtYWludGFpbmVkIGxv
Y2FsbHkgZm9yIHZlcmlmaWNhdGlvbiB1cG9uDSAgICAgIGNvbnRhY3QFLiAgQ2VydGlm
aWNhdGUgbWFuYWdlbWVudCBjYW4gYmUgbWFkZSBtb3JlIHNpbXBsZXNpbXBsZXIgYW5k
DSAgICAgIHNjYWxhYmxlIHdpdGggdGhlIHVzZSBvZiBtaW5vciBhZGRpdGlvbmFsIHN1
cHBvcnRpbmcgc3lzdGVtcywgYXMNICAgICAgaXMgdGhlIGNhc2Ugd2l0aCBzZWxmLXNp
Z25lZCBjZXJ0aWZpY2F0ZXMgYW5kIGEgZmxhdCBmaWxlIGxpc3Qgb2YNICAgICAgImFw
cHJvdmVkIHRodW1icHJpbnRzIi4gIFNlbGYtc2lnbmVkIGNlcnRpZmljYXRlcyB3aWxs
IGhhdmUNICAgICAgc29tZXdoYXQgbG93ZXIgc2VjdXJpdHkgcHJvcGVydGllcyB0aGFu
IENlcnRpZmljYXRlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5DSAgICAgIHNpZ25lZCBj
ZXJ0aWZpY2F0ZXMFIC4gIFRoZSB1c2Ugb2YgdGhlc2UgZGlmZmVyZW50IGlkZW50aXR5
IHByb29mcw0gICAgICB2YXJ5IGluIGVhc2Ugb2YgZGVwbG95bWVudCwgZWFzZSBvZiBv
bmdvaW5nIG1hbmFnZW1lbnQsIHN0YXJ0dXANICAgICAgZWZmb3J0LCBvbmdvaW5nIGVm
Zm9ydCBhbmQgbWFuYWdlbWVudCwgc2VjdXJpdHkgc3RyZW5ndGgsIGFuZA0gICAgICBj
b25zZXF1ZW5jZXMgZnJvbSBsb3NzIG9mIHNlY3JldHMgZnJvbSBvbmUgcGFydCBvZiB0
aGUgc3lzdGVtIHRvDSAgICAgIHRoZSByZXN0IG9mIHRoZSBzeXN0ZW0uICBGb3IgZXhh
bXBsZSwgdGhleSBkaWZmZXIgaW4gcmVzaXN0YW5jZSB0bw0gICAgICBhIHNlY3VyaXR5
IGJyZWFjaCwgYW5kIHRoZSBlZmZvcnQgcmVxdWlyZWQgdG8gcmVtZWRpYXRlIHRoZSB3
aG9sZQ0gICAgICBzeXN0ZW0gaW4gdGhlIGV2ZW50IG9mIHN1Y2ggYSBicmVhY2guICBU
aGUgcG9pbnQgaGVyZSBpcyB0aGF0DSAgICAgIHRoZXJlIGFyZSBvcHRpb25zLCBtYW55
IG9mIHdoaWNoIGFyZSBxdWl0ZSBzaW1wbGUgdG8gZW1wbG95IGFuZA0gICAgICBkZXBs
b3kuDQ0gICAgICBTQSAoU2VjdXJpdHkgQXNzb2NpYXRpb24FKQ0NICAgICAgVGhlIHBh
cmFtZXRlcnMgYW5kIGtleXMgdGhhdCB0b2dldGhlciBmb3JtIHRoZSByZXF1aXJlZA0g
ICAgICBpbmZvcm1hdGlvbiBmb3IgcHJvY2Vzc2luZyBzZWN1cmUgc2Vzc2lvbnMFIGJl
dHdlZW4gKG9yIGFtb25nKSBwZWVycy4NICAgICAgRXhhbXBsZXMgb2YgaXRlbXMgdGhh
dCBtYXkgZXhpc3QgYmUgYXNzb2NpYXRlZCB3aXRoIGluIGFuIFNBIGluY2x1ZGU6IElk
ZW50aWZpZXIsDSAgICAgIFBTSywgVHJhZmZpYyBLZXksIGNyeXB0b2dyYXBoaWMgYWxn
b3JpdGhtcywga2V5IGxpZmV0aW1lcwUuDQ0gICAgICBLTVAgKEtleSBNYW5hZ2VtZW50
IFByb3RvY29sKQ0NICAgICAgQSBwcm90b2NvbCB1c2VkIGJldHdlZW4gcGVlcnMgZm9y
IGNyZWF0aW9uLCBkaXN0cmlidXRpb24gYW5kDSAgICAgIG1haW50ZW5hbmNlIG9mIHNl
Y3JldCBrZXlzBS4gIEl0IGRldGVybWluZXMgaG93IHNlY3JldCBrZXlzIGFyZQ0gICAg
ICBnZW5lcmF0ZWQgYW5kIG1hZGUgYXZhaWxhYmxlIHRvIGJvdGggdGhlIHBhcnRpZXMu
ICBJZiBzZXNzaW9uIG9yDSAgICAgIHRyYWZmaWMga2V5cyBhcmUgYmVpbmcgdXNlZCwg
S01QIGlzIHJlc3BvbnNpYmxlIGZvciBnZW5lcmF0aW5nDSAgICAgIHRoZW0gYW5kIGRl
dGVybWluaW5nIHdoZW4gdGhleSBzaG91bGQgYmUgcmVuZXdlZC4NDSAgICAgIEEgS01Q
IGlzIGhlbHBmdWwgYmVjYXVzZSBpdCBuZWdvdGlhdGVzIHVuaXF1ZSwgcGFpciB3aXNl
BSwgcmFuZG9tDSAgICAgIGtleXMgd2l0aG91dCBhZG1pbmlzdHJhdG9yIGludm9sdmVt
ZW50LiAgSXQgYWxzbyBuZWdvdGlhdGVzLCBhcw0gICAgICBtZW50aW9uZWQgZWFybGll
ciwgc2V2ZXJhbCBvZiB0aGUgU0EgcGFyYW1ldGVycyByZXF1aXJlZCBmb3IgdGhlDSAg
ICAgIHNlY3VyZSBjb25uZWN0aW9uLCBpbmNsdWRpbmcga2V5IGxpZmUgdGltZXMuICBJ
dCBrZWVwcyB0cmFjayBvZg0gICAgICB0aG9zZSBsaWZldGltZXMgdXNpbmcgY291bnRl
cnMFLCBhbmQgbmVnb3RpYXRlcyBuZXcga2V5cyBhbmQNICAgICAgcGFyYW1ldGVycyBi
ZWZvcmUgdGhleSBleHBpcmUsIGFnYWluLCB3aXRob3V0IGFkbWluaXN0cmF0b3INICAg
ICAgaW50ZXJhY3Rpb24uICBBZGRpdGlvbmFsbHksIGluIHRoZSBldmVudCBvZiBhIHNl
Y3VyaXR5IGJyZWFjaCwgY2hhbmdpbmcgdGhlDSAgICAgIEtNUCBrZXkFIHdpbGwgaW1t
ZWRpYXRlbHkgY2F1c2UgYSByZWtleSB0byBvY2N1ciBmb3IgdGhlIFRyYWZmaWMNICAg
ICAgS2V5LCBhbmQgdGhvc2UgbmV3IFRyYWZmaWMgS2V5cyB3aWxsIGJlIGluc3RhbGxl
ZCBhbmQgdXNlZCBpbiB0aGUNICAgICAgY3VycmVudCBjb25uZWN0aW9uLg0NICAgICAg
S01QIEZ1bmN0aW9uDQ0NDQ0NDUxlYm92aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMg
RGVjZW1iZXIgMjAsIDIwMTEgICAgICAgICAgICAgICBbUGFnZSA1XQ0MDUludGVybmV0
LURyYWZ0ICAgICAgICBLQVJQIFRocmVhdHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAg
ICAgIEp1bmUgMjAxMQ0NDSAgICAgIEFueSBhY3R1YWwgS01QIHVzZWQgaW4gdGhlIGdl
bmVyYWwgS0FSUCBzb2x1dGlvbiBmcmFtZXdvcmsNDSAgICAgIFBlZXIgS2V5DQ0gICAg
ICBLZXlzIHRoYXQgYXJlIHVzZWQgYmV0d2VlbiAob3IgYW1vbmcpIHBlZXJzIGFzIGEg
YmFzaXMgZm9yIHRoZSBpZGVudGlmeWluZyBvbmUgYW5vdGhlcnR5IHByb29mBS4gIFRo
ZXNlDSAgICAgIGtleXMgbWF5IG9yIG1heSBub3QgYmUgY29ubmVjdGlvbi0gc3BlY2lm
aWMsIGRlcGVuZGluZyBvbiBob3cgdGhleQ0gICAgICB3ZXJlIGVzdGFibGlzaGVkLCBh
bmQgd2hhdCBmb3JtcyBvZiBpZGVudGl0eSBhbmQgaWRlbnRpdHkgcHJvb2YgaXNhcmUN
ICAgICAgYmVpbmcgdXNlZCBpbiB0aGUgc3lzdGVtLiAgVGhpcyBBIHBlZXIga2V5IHdv
dWxkIGdlbmVyYWxseSB3b3VsZCBiZSBnaXZlbiBwcm92aWRlZCBieSB0aGVhDSAgICAg
IEtNUCB0aGF0IHdvdWxkIGxhdGVyIGJlIHVzZWQgdG8gZGVyaXZlIGZyZXNoIHRyYWZm
aWMga2V5cy4NDSAgICAgIFRyYWZmaWMgS2V5DQ0gICAgICBUaGUgYWN0dWFsIGtleSAo
b3Igc2V0IG9mIGtleXMFKSB1c2VkIGZvciBwcm90ZWN0aW5nIHRoZSByb3V0aW5nDSAg
ICAgIHByb3RvY29sIHRyYWZmaWMuICBTaW5jZSB0aGUgdHJhZmZpYyBrZXlzIHVzZWQg
aW4gYSBwYXJ0aWN1bGFyDSAgICAgIGNvbm5lY3Rpb24gYXJlIG5vdCBhIGZpeGVkIHBh
cnQgb2YgYSBkZXZpY2UgY29uZmlndXJhdGlvbiBubyBkYXRhDSAgICAgIGV4aXN0cyBh
bnl3aGVyZSBlbHNlIGluIHRoZSBvcGVyYXRvcidzIHN5c3RlbXMgd2hpY2ggY2FuIGJl
DSAgICAgIHN0b2xlbiwgZS5nLiBpbiB0aGUgY2FzZSBvZiBhIHRlcm1pbmF0ZWQgb3Ig
dHVybmVkIGVtcGxveWVlLiAgSWYgYQ0gICAgICBzZXJ2ZXIgb3Igb3RoZXIgZGF0YSBz
dG9yZSBpcyBzdG9sZW4gb3IgY29tcHJvbWlzZWQsIHRoZSB0aGlldmVzDSAgICAgIGdh
aW4gbm8gYWNjZXNzIHRvIGN1cnJlbnQgdHJhZmZpYyBrZXlzLiAgVGhleSBtYXkgZ2Fp
biBhY2Nlc3MgdG8NICAgICAga2V5IGRlcml2YXRpb24gbWF0ZXJpYWwsIGxpa2UgYSBQ
U0ssIGJ1dCBub3QgY3VycmVudCB0cmFmZmljIGtleXMNICAgICAgaW4gdXNlLg0NMS4y
LiAgUmVxdWlyZW1lbnRzIExhbmd1YWdlDQ0gICBUaGUga2V5IHdvcmRzICJNVVNUIiwg
Ik1VU1QgTk9UIiwgIlJFUVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsDSAgICJT
SE9VTEQiLCAiU0hPVUxEIE5PVCIsICJSRUNPTU1FTkRFRCIsICJNQVkiLCBhbmQgIk9Q
VElPTkFMIiBpbiB0aGlzDSAgIGRvY3VtZW50IGFyZSB0byBiZSBpbnRlcnByZXRlZCBh
cyBkZXNjcmliZWQgaW4gUkZDMjExOSBbUkZDMjExOV0uDQ0gICBXaGVuIHVzZWQgaW4g
bG93ZXIgY2FzZSwgdGhlc2Ugd29yZHMgY29udmV5IHRoZWlyIHR5cGljYWwgdXNlIGlu
DSAgIGNvbW1vbiBsYW5ndWFnZSwgYW5kIGFyZSBub3QgdG8gYmUgaW50ZXJwcmV0ZWQg
YXMgZGVzY3JpYmVkIGluDSAgIFJGQzIxMTkgW1JGQzIxMTldLg0NMS4zLiAgU2NvcGUN
DSAgIFRocmVlIGJhc2ljIHNlcnZpY2VzBSAob3IgdGVjaG5pcXVlcykgbWF5IGJlIGVt
cGxveWVkIGluIG9yZGVyIHRvDSAgIHNlY3VyZSBhbnkgcGllY2Ugb2YgZGF0YSBhcyBp
dCBpcyB0cmFuc21pdHRlZCBvdmVyIHRoZSB3aXJlOiBwcml2YWN5Y29uZmlkZW50aWFs
aXR5LA0gICBhdXRoZW50aWNhdGlvbmF1dGhlbnRpY2l0eSwgYW5kIG1lc3NhZ2Ugb3Ig
aW50ZWdyaXR5LiAgVGhlIGZvY3VzIGZvciB0aGlzIGVmZm9ydCwNICAgYW5kIHRoZSBz
Y29wZSBmb3IgdGhpcyByb2FkbWFwIGRvY3VtZW50LCB3aWxsIGJlIG1lc3NhZ2UNICAg
YXV0aGVudGljYXRpb24gYW5kIHBhY2tldAUgaW50ZWdyaXR5IG9ubHkuICBUaGlzIHdv
cmsgZXhwbGljaXRseQ0gICBleGNsdWRlcywgYXQgdGhpcyBwb2ludCBpbiB0aW1lLCBw
cml2YWN5IHNlcnZpY2VzLiAgTm9uLXJlcHVkaWF0aW9uDSAgIGlzIGFsc28gZXhjbHVk
ZWQgYXMgYSBnb2FsIGF0IHRoaXMgdGltZS4gIFNpbmNlIHRoZSBvYmplY3RpdmUgb2Yg
bW9zdA0gICByb3V0aW5nIHByb3RvY29scyBpcyB0byBicm9hZGx5IGFkdmVydGlzZSB0
aGUgcm91dGluZyB0b3BvbG9neSwNICAgcm91dGluZyBwcm90b2NvbCBwYWNrZXRzIGFy
ZSBjb21tb25seSBzZW50IGluIHRoZSBjbGVhcjsNICAgY29uZmlkZW50aWFsaXR5IGlz
IG5vdCBub3JtYWxseSByZXF1aXJlZCBmb3Igcm91dGluZyBwcm90b2NvbHMuDSAgIEhv
d2V2ZXIsIGVuc3VyaW5nIHRoYXQgcm91dGluZyBwZWVycyB0cnVseSBhcmUgdGhlIGF1
dGhlbnRpY2FsbHkgaWRlbnRpZmllZCB0cnVzdGVkIHBlZXJzDSAgIGV4cGVjdGVkLCBh
bmQgdGhhdCBubyByb2d1ZSBwZWVycyBvciB1bmF1dGhlbnRpY2F0ZWQgcGFja2V0cyBj
YW4gY29tcHJvbWlzZSB0aGUNICAgc3RhYmlsaXR5IG9mIHRoZSByb3V0aW5nIGVudmly
b25tZW50IGlzIGNyaXRpY2FsLCBhbmQgdGh1cyBvdXIgZm9jdXMuDSAgIFByaXZhY3kg
Q29uZmlkZW50aWFsaXR5IGFuZCBub24tcmVwdWRpYXRpb24gbWF5IGJlIGFkZHJlc3Nl
ZCBpbiBmdXR1cmUgd29yay4NDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJl
cyBEZWNlbWJlciAyMCwgMjAxMSAgICAgICAgICAgICAgIFtQYWdlIDZdDQwNSW50ZXJu
ZXQtRHJhZnQgICAgICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAg
ICAgICAgSnVuZSAyMDExDQ0NICAgT1NQRiBbUkZDNTcwOV0sIElTLUlTIFtSRkM1MzEw
XSwgTERQIFtSRkM1MDM2XSwgYW5kIFJJUAUgYWxyZWFkeSBoYXZlDSAgIGV4aXN0aW5n
IG1lY2hhbmlzbXMgZm9yIGNyeXB0b2dyYXBoaWNhbGx5IGF1dGhlbnRpY2F0aW5nIGFu
ZA0gICBpbnRlZ3JpdHkgY2hlY2tpbmcgdGhlIHBhY2tldHMFIG9uIHRoZSB3aXJlLiAg
UHJvZHVjdHMgd2l0aCB0aGVzZQ0gICBtZWNoYW5pc21zIGhhdmUgYWxyZWFkeSBiZWVu
IHByb2R1Y2VkLCBjb2RlIGhhcyBhbHJlYWR5IGJlZW4gd3JpdHRlbiwNICAgYW5kIGJv
dGggaGF2ZSBiZWVuIG9wdGltaXplZCBmb3IgdGhlc2UgZXhpc3Rpbmcgc2VjdXJpdHkg
bWVjaGFuaXNtcy4gIFJhdGhlcg0gICB0aGFuIHR1cm4gYXdheSBmcm9tIHRoZXNlIG1l
Y2hhbmlzbXMsIHRoaXMgZG9jdW1lbnQgYWltcyB0byBlbmhhbmNlDSAgIHRoZW0sIHVw
ZGF0aW5nIHRoZW0gdG8gbW9kZXJuIGFuZCBzZWN1cmUgbGV2ZWxzLg0NICAgVGhlcmVm
b3JlLCB0aGUgc2NvcGUgb2YgdGhpcyByb2FkbWFwIG9mIHdvcmsgaW5jbHVkZXM6DQ0g
ICBvICBNYWtpbmcgdXNlIG9mIGV4aXN0aW5nIHJvdXRpbmcgcHJvdG9jb2wgdHJhbnNw
b3J0IHNlY3VyaXR5DSAgICAgIG1lY2hhbmlzbXMFLCB3aGVyZSB0aGV5IGV4aXN0LCBh
bmQgZW5oYW5jaW5nIG9yIHVwZGF0aW5nIHRoZW0gYXMNICAgICAgbmVjZXNzYXJ5IGZv
ciBtb2Rlcm4gY3J5cHRvZ3JhcGhpYyBiZXN0IHByYWN0aWNlcw0NICAgbyAgRGV2ZWxv
cGluZyBhIGZyYW1ld29yayBmb3IgdXNpbmcgYXV0b21hdGljIGtleSBtYW5hZ2VtZW50
IGluIG9yZGVyDSAgICAgIHRvIGVhc2UgZGVwbG95bWVudCwgbG93ZXIgY29zdCBvZiBv
cGVyYXRpb24sIGFuZCBhbGxvdyBmb3IgcmFwaWQNICAgICAgcmVzcG9uc2VzIHRvIHNl
Y3VyaXR5IGJyZWFjaGVzDQ0gICBvICBTcGVjaWZ5aW5nIHRoZQUgYXV0b21hdGVkIGtl
eSBtYW5hZ2VtZW50IHByb3RvY29sIHRoYXQgbWF5IGJlDSAgICAgIGNvbWJpbmVkIHdp
dGggdGhlIGJpdHMtb24tdGhlLXdpcmUgbWVjaGFuaXNtcy4NDSAgIFRoaXMgZG9jdW1l
bnQgZG9lcyBub3QgY29udGFpbiBwcm90b2NvbCBzcGVjaWZpY2F0aW9ucy4gIEluc3Rl
YWQsIGl0DSAgIGRlZmluZXMgdGhlIGFyZWFzIHdoZXJlIHByb3RvY29sIHNwZWNpZmlj
YXRpb24gd29yayBpcyBuZWVkZWQgYW5kDSAgIHNldHMgYSBkaXJlY3Rpb24sIGEgc2V0
IG9mIHJlcXVpcmVtZW50cywgYW5kIGEgcmVsYXRpdmUgcHJpb3JpdHkgcHJpb3JpdGll
cyBmb3INICAgYWRkcmVzc2luZyB0aGF0IHNwZWNpZmljYXRpb24gd29yay4NDSAgIFRo
ZXJlIGFyZSBhIHNldCBvZiB0aHJlYXRzIHRvIHJvdXRpbmcgcHJvdG9jb2xzIHRoYXQg
YXJlIGNvbnNpZGVyZWQNICAgaW4tc2NvcGUgZm9yIHRoaXMgZG9jdW1lbnQsIGFuZCBh
IHNldCBjb25zaWRlcmVkIG91dC1vZi0gc2NvcGUuDSAgIFRoZXNlIGFyZSBkZXNjcmli
ZWQgaW4gZGV0YWlsIGluIHRoZSBUaHJlYXRzIChTZWN0aW9uIDIpIHNlY3Rpb24NICAg
YmVsb3cuDQ0xLjQuICBJbmNyZW1lbnRhbCBBcHByb2FjaA0NICAgVGhlIHdvcmsgYWxz
byBzZXJ2ZXMgYXMgYW4gYWdyZWVtZW50IGJldHdlZW4gdGhlIFJvdXRpbmcgQXJlYSBh
bmQgdGhlDSAgIFNlY3VyaXR5IEFyZWEgYWJvdXQgdGhlIHByaW9yaXRpZXMgYW5kIHdv
cmsgcGxhbiBmb3IgaW5jcmVtZW50YWxseQ0gICBkZWxpdmVyaW5nIHRoZSBhYm92ZSB3
b3JrLiAgVGhlIHByaW5jaXBsZSBvZiCTY3Jhd2wsIHdhbGssIHJ1bpQgd2lsbCBiZQ0g
ICBpbiBwbGFjZWVtcGxveWVkLiBhbmQgVGh1cyByb3V0aW5nIHByb3RvY29sIGF1dGhl
bnRpY2F0aW9uIG1lY2hhbmlzbXMgbWF5IG5vdCBnbw0gICBpbW1lZGlhdGVseSBmcm9t
IHRoZWlyIGN1cnJlbnQgc3RhdGUgdG8gYSBzdGF0ZSBjb250YWluaW5nIHJlZmxlY3Rp
bmcgdGhlIGJlc3QNICAgcG9zc2libGUsIG1vc3QgbW9kZXJuIHNlY3VyaXR5IHByYWN0
aWNlcy4gIFRoaXMgcG9pbnQgaXMgaW1wb3J0YW50IGFzDSAgIHRoZXJlIHdpbGwgYmUg
dGltZXMgd2hlbiB0aGUgYmVzdC1zZWN1cml0eS1wb3NzaWJsZSB3aWxsIGdpdmUgd2F5
IHRvDSAgIHZhc3RseS0gaW1wcm92ZWQtb3Zlci1jdXJyZW50LXNlY3VyaXR5LWJ1dC1h
ZG1pdHRlZGx5LW5vdC15ZXQtYmVzdC0NICAgc2VjdXJpdHktIHBvc3NpYmxlLCBpbiBv
cmRlciB0aGF0IGluY3JlbWVudGFsIHByb2dyZXNzIHRvd2FyZCBhIG1vcmUNICAgc2Vj
dXJlIEludGVybmV0IG1heSBiZSBhY2hpZXZlZC4gIEFzIHN1Y2gsIHRoaXMgZG9jdW1l
bnQgd2lsbCBjYWxsDSAgIG91dCBwbGFjZXMgd2hlcmUgYWdyZWVtZW50IGhhcyBiZWVu
IHJlYWNoZWQgb24gc3VjaCB0cmFkZSBvZmZzLg0NICAgSW5jcmVtZW50YWwgc3RlcHMg
d2lsbCBuZWVkIHRvIGJlIHRha2VuIGZvciBhIGZldyB2ZXJ5IHByYWN0aWNhbA0gICBy
ZWFzb25zLiAgRmlyc3QsIHRoZXJlIGFyZSBhIGNvbnNpZGVyYWJsZSBudW1iZXIgb2Yg
ZGVwbG95ZWQgcm91dGluZw0gICBkZXZpY2VzIGluIG9wZXJhdGluZyBuZXR3b3JrcyB0
aGF0IHdpbGwgbm90IGJlIGFibGUgdG8gcnVuIHRoZSBtb3N0DQ0NDUxlYm92aXR6LCBl
dCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEgICAgICAgICAgICAg
ICBbUGFnZSA3XQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQIFRocmVhdHMgYW5k
IFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDSAgIG1vZGVybiBjcnlw
dG9ncmFwaGljIG1lY2hhbmlzbXMgd2l0aG91dCBzaWduaWZpY2FudCBhbmQgdW5hY2Nl
cHRhYmxlDSAgIHBlcmZvcm1hbmNlIHBlbmFsdGllcy4gIFRoZSByb2FkbWFwIGZvciBh
bnkgb25lIHJvdXRpbmcgcHJvdG9jb2wgTVVTVA0gICBhbGxvdyBmb3IgaW5jcmVtZW50
YWwgaW1wcm92ZW1lbnRzIG9uIGV4aXN0aW5nIG9wZXJhdGlvbmFsIGRldmljZXMuDSAg
IFNlY29uZCwgY3VycmVudCByb3V0aW5nIHByb3RvY29sIHBlcmZvcm1hbmNlIG9uIGRl
cGxveWVkIGRldmljZXMgaGFzDSAgIGJlZW4gYWNoaWV2ZWQgb3ZlciB0aGUgbGFzdCAy
MCB5ZWFycyB0aHJvdWdoIGV4dGVuc2l2ZSB0dW5pbmcgb2YNICAgc29mdHdhcmUgYW5k
IGhhcmR3YXJlIGVsZW1lbnRzLCBhbmQgaXMgYSBjb25zdGFudCBmb2N1cyBmb3INICAg
aW1wcm92ZW1lbnQgYnkgdmVuZG9ycyBhbmQgb3BlcmF0b3JzIGFsaWtlLiAgVGhlIGlu
dHJvZHVjdGlvbiBvZiBuZXcNICAgc2VjdXJpdHkgbWVjaGFuaXNtcyBhZmZlY3RzIHRo
aXMgcGVyZm9ybWFuY2UgYmFsYW5jZS4gIFRoZQ0gICBwZXJmb3JtYW5jZSBpbXBhY3Qg
b2YgYW55IGluY3JlbWVudGFsIHN0ZXAgb2Ygc2VjdXJpdHkgaW1wcm92ZW1lbnQNICAg
d2lsbCBuZWVkIHRvIGJlIHdlaWdoZWQgYnkgdGhlIGNvbW11bml0eSwgYW5kIGludHJv
ZHVjZWQgaW4gc3VjaCBhDSAgIHdheSB0aGF0IGFsbG93cyB0aGUgdmVuZG9yIGFuZCBv
cGVyYXRvciBjb21tdW5pdHkgYSBwYXRoIHRvIGFkb3B0aW9uDSAgIHRoYXQgdXBob2xk
cyByZWFzb25hYmxlIHBlcmZvcm1hbmNlIG1ldHJpY3MuICBUaGVyZWZvcmUsIGNlcnRh
aW4NICAgc3BlY2lmaWNhdGlvbiBlbGVtZW50cyBtYXkgYmUgaW50cm9kdWNlZCBjYXJy
eWluZyB0aGUgIlNIT1VMRCINICAgZ3VpZGFuY2UsIHdpdGggdGhlIGludGVudGlvbiB0
aGF0IHRoZSBzYW1lIG1lY2hhbmlzbSB3aWxsIGNhcnJ5IGENICAgIk1VU1QiIGluIHRo
ZSBuZXh0YSBmdXR1cmUgcmVsZWFzZSBvZiB0aGUgc3BlY2lmaWNhdGlvbi4NDSAgIFRo
aXMgYXBwcm9hY2ggZ2l2ZXMgdGhlIHZlbmRvcnMgYW5kIGltcGxlbWVudG9ycyB0aGUg
Z3VpZGFuY2UgdGhleSBuZWVkIHRvDSAgIHR1bmUgdGhlaXIgc29mdHdhcmUgYW5kIGhh
cmR3YXJlIGFwcHJvcHJpYXRlbHkgb3ZlciB0aW1lLiAgTGFzdCwgc29tZQ0gICBzZWN1
cml0eSBtZWNoYW5pc21zIHJlcXVpcmUgdGhlIGJ1aWxkIG91dCBvZiBvdGhlciBvcGVy
YXRpb25hbA0gICBzdXBwb3J0IHN5c3RlbXMsIGFuZCB0aGlzIHdpbGwgdGFrZSB0aW1l
LiAgQW4gZXhhbXBsZSB3aGVyZSB0aGVzZQ0gICB0aHJlZSByZWFzb25zIGFyZSBhdCBw
bGF5IGluIGFuIGluY3JlbWVudGFsIGltcHJvdmVtZW50IHJvYWRtYXAgaXMNICAgc2Vl
biBpbiB0aGUgaW1wcm92ZW1lbnQgb2YgQkdQJ3MgW1JGQzQyNzFdIHNlY3VyaXR5IHZp
YSB0aGUgdXBkYXRlIG9mDSAgIHRoZSBUQ1AgQXV0aGVudGljYXRpb24gT3B0aW9uIChU
Q1AtQU8pIFtSRkM1OTI1XSBlZmZvcnQuICBJdCB3b3VsZCBiZQ0gICBpZGVhbCwgYW5k
IHJlZmxlY3QgYmVzdCBjb21tb24gc2VjdXJpdHkgcHJhY3RpY2UsIHRvIGhhdmUgYSBm
dWxseQ0gICBzcGVjaWZpZWQga2V5IG1hbmFnZW1lbnQgcHJvdG9jb2wgZm9yIG5lZ290
aWF0aW5nIFRDUC1BTydzDSAgIGF1dGhlbnRpY2F0aW9uIGtleWluZyBtYXRlcmlhbCwg
ZS5nLiwgdXNpbmcgY2VydGlmaWNhdGVzIGZvciBwZWVyIGF1dGhlbnRpY2F0aW9uLg0g
ICBpbiB0aGUga2V5aW5nLg0NICAgSG93ZXZlciwgaW4gdGhlIHNwaXJpdCBvZiBpbmNy
ZW1lbnRhbCBkZXBsb3ltZW50LCB3ZSB3aWxsIGZpcnN0DSAgIGFkZHJlc3MgaXNzdWVz
IGxpa2UgY3J5cHRvZ3JhcGhpYyBhbGdvcml0aG0gYWdpbGl0eSwgcmVwbGF5IGF0dGFj
a3MsDSAgIFRDUCBzZXNzaW9uIHJlc2V0dGluZyBpbiB0aGUgYmFzZSBUQ1AtQU8gcHJv
dG9jb2wgYmVmb3JlIHdlIGxheWVyIGtleQ0gICBtYW5hZ2VtZW50IG9uIHRvcCBvZiBp
dC4NDTEuNS4gIEdvYWxzDQ0gICBUaGUgZ29hbHMgYW5kIGdlbmVyYWwgZ3VpZGFuY2Ug
Zm9yIHRoZSBLQVJQIHdvcmsgZm9sbG93LjoNDSAgIDEuICBQcm92aWRlIGF1dGhlbnRp
Y2F0aW9uIGFuZCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBmb3IgcGFja2V0cwUgb24NICAg
ICAgIHRoZSB3aXJlIG9mIGV4aXN0aW5nIHJvdXRpbmcgcHJvdG9jb2xzDQ0gICAyLiAg
RGVsaXZlciBEZWZpbmUgYSBwYXRoIHRvIGluY3JlbWVudGFsbHkgaW1wcm92ZSBzZWN1
cml0eSBvZiB0aGUgcm91dGluZw0gICAgICAgaW5mcmFzdHJ1Y3R1cmUgYXMgZXhwbGFp
bmVkIGluIHRoZSBlYXJsaWVyIHNlY3Rpb25zLg0NICAgMy4gIFRoZSBkZXBsb3lhYmls
aXR5IG9mIHRoZSBpbXByb3ZlZCBzZWN1cml0eSBzb2x1dGlvbnMgb24gY3VycmVudGx5
DSAgICAgICBydW5uaW5nIHJvdXRpbmcgaW5mcmFzdHJ1Y3R1cmUgZXF1aXBtZW50BS4g
IFRoaXMgYmVncyB0aGUNICAgICAgIGNvbnNpZGVyYXRpb24gb2YgdGhlIGN1cnJlbnQg
c3RhdGUgb2YgcHJvY2Vzc2luZyBwb3dlciBhdmFpbGFibGUNICAgICAgIG9uIHJvdXRl
cnMgaW4gdGhlIG5ldHdvcmsgdG9kYXkuDQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAg
ICBFeHBpcmVzIERlY2VtYmVyIDIwLCAyMDExICAgICAgICAgICAgICAgW1BhZ2UgOF0N
DA1JbnRlcm5ldC1EcmFmdCAgICAgICAgS0FSUCBUaHJlYXRzIGFuZCBSZXF1aXJlbWVu
dHMgICAgICAgICAgICBKdW5lIDIwMTENDQ0gICA0LiAgT3BlcmF0aW9uYWwgZGVwbG95
YWJpbGl0eSAtIEEgc29sdXRpb26ScyBhY2NlcHRhYmlsaXR5IHdpbGwgYWxzbw0gICAg
ICAgYmUgbWVhc3VyZWQgYnkgaG93IGRlcGxveWFibGUgdGhlIHNvbHV0aW9uIGlzIGJ5
IGNvbW1vbiBvcGVyYXRvcg0gICAgICAgdGVhbXMgdXNpbmcgY29tbW9uIGRlcGxveW1l
bnQgcHJvY2Vzc2VzIGFuZCBpbmZyYXN0cnVjdHVyZXMuDSAgICAgICAgICAgICBTcGVj
aWZpY2FsbHksIEkuZS4gIFd3ZSB3aWxsIHRyeSB0byBtYWtlIHRoZXNlIHNvbHV0aW9u
cyBmaXQgYXMgd2VsbCBhcyBwb3NzaWJsZQ0gICAgICAgaW50byBjdXJyZW50IG9wZXJh
dGlvbmFsIHByYWN0aWNlcyBvcgUgcm91dGVyIGRlcGxveW1lbnQuICBUaGlzDSAgICAg
ICB3aWxsIGJlIGhlYXZpbHkgaW5mbHVlbmNlZCBieSBvcGVyYXRvciBpbnB1dCwgdG8g
ZW5zdXJlIHRoYXQgd2hhdA0gICAgICAgd2Ugc3BlY2lmeSBjYW4gLS0gYW5kLCBtb3Jl
IGltcG9ydGFudGx5LCB3aWxsIC0tIGJlIGRlcGxveWVkIG9uY2UNICAgICAgIHNwZWNp
ZmllZCBhbmQgaW1wbGVtZW50ZWQgYnkgdmVuZG9ycy4gIERlcGxveW1lbnQgb2YNICAg
ICAgIGluY3JlbWVudGFsbHkgbW9yZSBzZWN1cmUgcm91dGluZyBpbmZyYXN0cnVjdHVy
ZSBpbiB0aGUgSW50ZXJuZXQNICAgICAgIGlzIHRoZSBmaW5hbCBtZWFzdXJlIG9mIHN1
Y2Nlc3MuICBNZWFzdXJhYmx5LCB3ZSB3b3VsZCBsaWtlIHRvDSAgICAgICBzZWUgYW4g
aW5jcmVhc2UgaW4gdGhlIG51bWJlciBvZiBzdXJ2ZXllZCByZXNwb25kZW50cyB3aG8g
cmVwb3J0DSAgICAgICBkZXBsb3lpbmcgdGhlIHVwZGF0ZWQgYXV0aGVudGljYXRpb24g
YW5kIGludGVncml0eSBtZWNoYW5pc21zIGFueXdoZXJlIGFjcm9zc2luDSAgICAgICB0
aGVpciBuZXR3b3JrcywgYXMgd2VsbCBhcyBhIHNoYXJwIHJpc2UgaW4gdXNhZ2UgZm9y
IHRoZSB0b3RhbA0gICAgICAgcGVyY2VudGFnZSBvZiB0aGVpciBuZXR3b3JrJ3Mgcm91
dGVycy4NDSAgICAgICBJbnRlcnZpZXdzIHdpdGggb3BlcmF0b3JzIHNob3cgc2V2ZXJh
bCBwb2ludHMgYWJvdXQgcm91dGluZw0gICAgICAgc2VjdXJpdHkuICBGaXJzdCwgb3Zl
ciA3MCUgb2Ygb3BlcmF0b3JzIGhhdmUgZGVwbG95ZWQgdHJhbnNwb3J0DSAgICAgICBj
b25uZWN0aW9uIHByb3RlY3Rpb24gdmlhIFRDUC1NRDUgW1JGQzM1NjJdIG9uIHRoZWly
IGVFQkdQBQ0gICAgICAgW0lTUjIwMDhdIHNlc3Npb25zLiAgT3ZlciA1NSUgYWxzbyBk
ZXBsb3kgTUQ1IHRoaXMgVENQIG9wdGlvbiBvbiB0aGVpciBpSUJHUAUgY29ubmVjdGlv
bnMsDSAgICAgICBhbmQgNTAlIGRlcGxveSBtYWtlIHVzZSBvZiBrZXllZCBNRDUgIGlu
dGVncml0eSBmZWF0dXJlcyBvZmZlcmVkIG9uIHNvbWUgb3RoZXIgSUdQBS4gIFRoZSBz
dXJ2ZXkgc3RhdGVzIHRoYXQgImENICAgICAgIGNvbnNpZGVyYWJsZSBpbmNyZWFzZSB3
YXMgb2JzZXJ2ZWQgb3ZlciBwcmV2aW91cyBlZGl0aW9ucyBvZiB0aGUNICAgICAgIHN1
cnZleSBmb3IgdXNlIG9mIFRDUCBNRDUgd2l0aCBleHRlcm5hbCBwZWVycyAoZUJHUCks
IGludGVybmFsDSAgICAgICBwZWVycyAoaUJHUCkgYW5kIE1ENSBleHRlbnNpb25zIGZv
ciBJR1BzLiIgIFRob3VnaCB0aGUgZGF0YSBpcw0gICAgICAgbm90IGNhcHR1cmVkIGlu
IHRoZSByZXBvcnQsIHRoZSBhdXRob3JzIGJlbGlldmUgYW5lY2RvdGFsbHkgdGhhdA0g
ICAgICAgb2YgdGhvc2Ugd2hvIGhhdmUgZGVwbG95ZWQgTUQ1BSBzb21ld2hlcmUgaW4g
dGhlaXIgbmV0d29yaywgb25seQ0gICAgICAgYWJvdXQgMjUtMzAlIG9mIHRoZSByb3V0
ZXJzIGluIHRoZWlyIG5ldHdvcmsgYXJlIGRlcGxveWVkIHdpdGgNICAgICAgIHRoZSBh
dXRoZW50aWNhdGlvbiBlbmFibGVkLiAgTm9uZSByZXBvcnQgdXNpbmcgSVBzZWMgW1JG
QzQzMDFdIHRvDSAgICAgICBwcm90ZWN0IHRoZSByb3V0aW5nIHByb3RvY29sLCBhbmQg
dGhpcyB3YXMgYSBkZWNsaW5lIGZyb20gdGhlIGZldw0gICAgICAgdGhhdCByZXBvcnRl
ZCBkb2luZyBzbyBpbiB0aGUgcHJldmlvdXMgeWVhcidzIHJlcG9ydC4gIA0NRnJvbSBt
eQUNICAgICAgIHBlcnNvbmFsIGNvbnZlcnNhdGlvbnMgd2l0aCBvcGVyYXRvcnMsIG9m
IHRob3NlIHVzaW5nIE1ENSwgYWxtb3N0DSAgICAgICBhbGwgcmVwb3J0IGRlcGxveWlu
ZyB3aXRodXNpbmcgb25lLCAgc2luZ2xlIG1hbnVhbGx5LWRpc3RyaWJ1dGVkIGtleSB0
aHJvdWdob3V0IHRoZQ0gICAgICAgZW50aXJlIG5ldHdvcmsuICBUaGVzZSBzYW1lIG9w
ZXJhdG9ycyByZXBvcnQgdGhhdCB0aGUgb25lIHNpbmdsZQ0gICAgICAga2V5IGhhcyBu
b3QgYmVlbiBjaGFuZ2VkIHNpbmNlIGl0IHdhcyBvcmlnaW5hbGx5IGluc3RhbGxlZCwN
ICAgICAgIHNvbWV0aW1lcyBmaXZlIG9yIG1vcmUgeWVhcnMgYWdvLiAgV2hlbiBhc2tl
ZCB3aHksIHBhcnRpY3VsYXJseQ0gICAgICAgZm9yIHRoZSBjYXNlIG9mIHByb3RlY3Rp
bmcgQkdQIHNlc3Npb25zIHVzaW5nIFRDUCBNRDUsIHRoZSBmb2xsb3dpbmcgcmVhc29u
cyBhcmUNICAgICAgIG9mdGVuIGdpdmVuOg0NICAgICAgIEEuIENoYW5naW5nIHRoZSBr
ZXlzIHRyaWdnZXJzIGEgVENQIHJlc2V0LCBhbmQgdGh1cyBib3VuY2VzIHRoZQ0gICAg
ICAgICAgbGlua3MvYWRqYWNlbmNpZXMsIHVuZGVybWluaW5nIFNlcnZpY2UgTGV2ZWwg
QWdyZWVtZW50cw0gICAgICAgICAgKFNMQXMpLg0NICAgICAgIEIuIEZvciBleHRlcm5h
bCBwZWVycywgdGhlIGRpZmZpY3VsdHkgb2YgY29vcmRpbmF0aW9uIHdpdGggdGhlIG90
aGVyDSAgICAgICAgICBvcmdhbml6YXRpb24gaXMgYW4gaXNzdWUuICBPbmNlIHRoZXkg
ZmluZCB0aGUgY29ycmVjdCBjb250YWN0DSAgICAgICAgICBhdCB0aGUgb3RoZXIgb3Jn
YW5pemF0aW9uIChub3QgYWx3YXlzIHNvIGVhc3kpLCB0aGUNICAgICAgICAgIGNvb3Jk
aW5hdGlvbiBmdW5jdGlvbiBpcyBzZXJpYWxpemVkIGFuZCBvbiBhIHBlciBwZWVyL0FT
DSAgICAgICAgICBiYXNpcy4gIFRoZSBjb29yZGluYXRpb24gaXMgdmVyeSBjdW1iZXJz
b21lIGFuZCB0ZWRpb3VzIHRvDSAgICAgICAgICBleGVjdXRlIGluIHByYWN0aWNlLg0N
DQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAyMCwgMjAx
MSAgICAgICAgICAgICAgIFtQYWdlIDldDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgIEtB
UlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAgICAgICAgSnVuZSAyMDExDQ0N
ICAgICAgIEMuIEtleXMgbXVzdCBiZSBjaGFuZ2VkIGF0IHByZWNpc2VseSB0aGUgc2Ft
ZSB0aW1lLCBvciBhdCBsZWFzdA0gICAgICAgICAgd2l0aGluIDYwIHNlY29uZHMgKGFz
IHN1cHBvcnRlZCBieSB0d28gbWFqb3IgdmVuZG9ycykgaW4gb3JkZXINICAgICAgICAg
IHRvIGxpbWl0IGNvbm5lY3Rpdml0eSBvdXRhZ2UgZHVyYXRpb24FLiAgVGhpcyBpcyBp
bmNyZWRpYmx5DSAgICAgICAgICBkaWZmaWN1bHQgdG8gZG8sIG9wZXJhdGlvbmFsbHks
IGVzcGVjaWFsbHkgYmV0d2VlbiBkaWZmZXJlbnQNICAgICAgICAgIG9yZ2FuaXphdGlv
bnMuDQ0gICAgICAgRC4gUmVsYXRpdmVseSBLZXkgY2hhbmdlIGlzIHBlcmNlaXZlZCBh
cyBhIHJlbGF0aXZlbHkgbG93IHByaW9yaXR5IGNvbXBhcmVkIHRvIG90aGVyIG9wZXJh
dGlvbmFsIGlzc3Vlcy4NDSAgICAgICBFLiBMYWNrIG9mIHN0YWZmIHRvIGltcGxlbWVu
dCB0aGUgY2hhbmdlcyBvbiBhIGRldmljZS0gYnktIGRldmljZSBiYXNpcy4NDSAgICAg
ICBGLiBUaGVyZSBhcmUgdGhyZWUgdXNlIGNhc2VzIGZvciBvcGVyYXRpb25hbCBwZWVy
aW5nIGF0IHBsYXkNICAgICAgICAgIGhlcmU6IHBlZXJzIGFuZCBpbnRlcmNvbm5lY3Rp
b24gd2l0aCBvdGhlciBvcGVyYXRvcnMsIEludGVybmFsDSAgICAgICAgICBpQkdQLCBh
bmQgb3RoZXIgcm91dGluZyBzZXNzaW9ucyB3aXRoaW4gYSBzaW5nbGUgb3BlcmF0b3Is
IGFuZA0gICAgICAgICAgb3BlcmF0b3ItdG8tY3VzdG9tZXItQ1BFIGRldmljZXMuICBB
bGwgdGhyZWUgaGF2ZSB2ZXJ5DSAgICAgICAgICBkaWZmZXJlbnQgcHJvcGVydGllcywg
YW5kIGFsbCBhcmUgcmVwb3J0ZWQgYXMgY3VtYmVyc29tZS4gIE9uZQ0gICAgICAgICAg
b3BlcmF0b3IgcmVwb3J0ZWQgdGhhdCB0aGUgc2FtZSBrZXkgaXMgdXNlZCBmb3IgYWxs
IGN1c3RvbWVyDSAgICAgICAgICBwcmVtaXNlIGVxdWlwbWVudCAoQ1BFKS4gIFRoZSBz
YW1lIG9wZXJhdG9yIHJlcG9ydGVkIHRoYXQgaWYgdGhlDSAgICAgICAgICBjdXN0b21l
ciBtYW5kYXRlZCBpdCwgYSB1bmlxdWUga2V5IGNvdWxkIGJlIGNyZWF0ZWQsIGFsdGhv
dWdoIHRoZQ0gICAgICAgICAgbGFzdCB0aW1lIHRoaXMgb2NjdXJyZWQgaXQgY3JlYXRl
ZCBzdWNoIGFuIG9wZXJhdGlvbmFsDSAgICAgICAgICBoZWFkYWNoZSB0aGF0IHRoZSBh
ZG1pbmlzdHJhdG9ycyBub3cgdXN1YWxseSB0ZWxsIGN1c3RvbWVycw0gICAgICAgICAg
dGhhdCB0aGUgb3B0aW9uIGRvZXNuJ3QgZXZlbiBleGlzdCwgdG8gYXZvaWQgdGhlIGRp
ZmZpY3VsdGllcy4NICAgICAgICAgIFRoZXNlIGN1c3RvbWVyLXVuaXF1ZSBrZXlzIGFy
ZSBuZXZlciBjaGFuZ2VkLCB1bmxlc3MgdGhlDSAgICAgICAgICBjdXN0b21lciBkZW1h
bmRzIHNvLiAgVGhlIG1haW4gdGhyZWF0IGF0IHBsYXkgaGVyZSBpcyB0aGF0IGENICAg
ICAgICAgIHRlcm1pbmF0ZWQgZW1wbG95ZWUgZnJvbSBzdWNoIGFuIG9wZXJhdG9yIHdo
byBoYWQgYWNjZXNzIHRvDSAgICAgICAgICB0aGUgb25lIChvciBmZXcpIGtleXMgdXNl
ZCBmb3IgYXV0aGVudGljYXRpb24gaW4gdGhlc2UNICAgICAgICAgIGVudmlyb25tZW50
cyBjb3VsZCBlYXNpbHkgd2FnZSBhbiBhdHRhY2sgLS0gb3Igb2ZmZXIgdGhlIGtleXMN
ICAgICAgICAgIHRvIG90aGVycyB3aG8gd291bGQgd2FnZSB0aGUgYXR0YWNrIC0tIGFu
ZCBicmluZyBkb3duIG1hbnkgb2YNICAgICAgICAgIHRoZSBhZGphY2VuY2llcywgY2F1
c2luZyBkZXN0YWJpbGl6YXRpb24gdG8gdGhlIHJvdXRpbmcNICAgICAgICAgIHN5c3Rl
bQUuDQ0gICA1LiAgV2hhdGV2ZXIgbWVjaGFuaXNtcyB3ZSBLQVJQIHNwZWNpZnkgc3Bl
Y2lmaWVzIG5lZWQgdG8gYmUgZWFzaWVyIHRvIGRlcGxveSB0aGFuIHRoZSBjdXJyZW50
DSAgICAgICBtZXRob2RzIHRvIGRlcGxveSwgYW5kIHNob3VsZCBwcm92aWRlIG9idmlv
dXMgb3BlcmF0aW9uYWwNICAgICAgIGVmZmljaWVuY3kgZ2FpbnMgYWxvbmcgd2l0aCBz
aWduaWZpY2FudGx5IGJldHRlciBzZWN1cml0eSBhbmQNICAgICAgIHRocmVhdCBwcm90
ZWN0aW9uLiAgVGhpcyBjb21iaW5hdGlvbiBvZiB2YWx1ZSBtYXkgYmUgZW5vdWdoIHRv
DSAgICAgICBkcml2ZSBtdWNoIGJyb2FkZXIgYWRvcHRpb24uDQ0gICA2LiAgQWRkcmVz
cyB0aGUgdGhyZWF0cyBlbnVtZXJhdGVkIGFib3ZlIGluIHRoZSAiVGhyZWF0cyIgc2Vj
dGlvbg0gICAgICAgKFNlY3Rpb24gMikgZm9yIGVhY2ggcm91dGluZyBwcm90b2NvbCwg
YWxvbmcgYSByb2FkbWFwBS4gIE5vdCBhbGwNICAgICAgIHRocmVhdHMgbWF5IGJlIGFi
bGUgdG8gYmUgYWRkcmVzc2VkIGluIHRoZSBmaXJzdCBzcGVjaWZpY2F0aW9uDSAgICAg
ICB1cGRhdGUgZm9yIGFueSBvbmUgcHJvdG9jb2wuICBSb2FkbWFwcwUgd2lsbCBiZSBk
ZWZpbmVkIHNvIHRoYXQNICAgICAgIGJvdGggdGhlIHNlY3VyaXR5IGFyZWEgYW5kIHRo
ZSByb3V0aW5nIGFyZWEgYWdyZWUgb24gaG93IHRoZQ0gICAgICAgdGhyZWF0cyB3aWxs
IGJlIGFkZHJlc3NlZCBjb21wbGV0ZWx5IG92ZXIgdGltZS4NDSAgIDcuICBDcmVhdGUg
YSByZS11c2FibGUgYXJjaGl0ZWN0dXJlLCBmcmFtZXdvcmssIGFuZCBndWlkZWxpbmVz
IGZvcg0gICAgICAgdmFyaW91cyBJRVRGIHdvcmtpbmcgdGVhbXMgZ3JvdXBzIHdobyB3
aWxsIGFkZHJlc3MgdGhlc2Ugc2VjdXJpdHkNICAgICAgIGltcHJvdmVtZW50cyBmb3Ig
dmFyaW91cyBSb3V0aW5nIFByb3RvY29scy4gIFRoZSBjcnV4IG9mIHRoZSBLQVJQDSAg
ICAgICB3b3JrIGlzIHRvIHJlLXVzZSB0aGF0IGZyYW1ld29yawUgYXMgbXVjaCBhcyBw
b3NzaWJsZSBhY3Jvc3MNICAgICAgIHJlbGV2YW50IFJvdXRpbmcgUHJvdG9jb2xzLiAg
Rm9yIGV4YW1wbGUsIGRlc2lnbmVycyBzaG91bGQgYWltIHRvDQ0NDUxlYm92aXR6LCBl
dCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEgICAgICAgICAgICAg
IFtQYWdlIDEwXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQIFRocmVhdHMgYW5k
IFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDSAgICAgICByZS11c2Ug
dGhlIGtleSBtYW5hZ2VtZW50IHByb3RvY29sIHRoYXQgd2lsbCBiZSBkZWZpbmVkIGZv
ciBCR1Ancw0gICAgICAgVENQLUFPIGtleSBlc3RhYmxpc2htZW50IGZvciBhcyBtYW55
IG90aGVyIHJvdXRpbmcgcHJvdG9jb2xzIGFzDSAgICAgICBwb3NzaWJsZS4gIFRoaXMg
aXMgYnV0IG9uZSBleGFtcGxlLg0NICAgOC4gIEJyaWRnZSBhbnkgZ2FwcyBiZXR3ZWVu
IElFVEYncyBSb3V0aW5nIGFuZCBTZWN1cml0eSBBcmVhcyBieQ0gICAgICAgcmVjb3Jk
aW5nIGFncmVlbWVudHMgb24gd29yayBpdGVtcywgcm9hZG1hcHMsIGFuZCBndWlkYW5j
ZSBmcm9tDSAgICAgICB0aGUgY29nbml6YW50IEFyZWEgbGVhZHMgRGlyZWN0b3JzIGFu
ZCB0aGUgSW50ZXJuZXQgQXJjaGl0ZWN0dXJlIEJvYXJkIChJQUIsDSAgICAgICBodHRw
Oi8vd3d3LmlhYi5vcmcpLg0NMS42LiAgTm9uLUdvYWxzDQ0gICBUaGUgZm9sbG93aW5n
IHR3byBnb2FscyBhcmUgY29uc2lkZXJlZCBvdXQtb2Ytc2NvcGUgZm9yIHRoaXMgZWZm
b3J0Og0NICAgbyAgUHJpdmFjeSBDb25maWRlbnRpYWxpdHkgb2YgdGhlIHBhY2tldHMg
b24gdGhlIHdpcmUuICBPbmNlIHRoaXMgcm9hZG1hcCBpcw0gICAgICByZWFsaXplZCwg
d2UgbWF5IHJldmlzaXQgd29yayBvbiBwcml2YWN5Lg0NICAgbyAgTWVzc2FnZSBjb250
ZW50IHZhbGlkaXR5IChyb3V0aW5nIGRhdGFiYXNlIHZhbGlkaXR5KS4gIFRoaXMgd29y
aw0gICAgICBpcyBiZWluZyBhZGRyZXNzZWQgaW4gb3RoZXIgSUVURiBlZmZvcnRzLCBs
aWtlIFNJRFIuDQ0xLjcuICBBdWRpZW5jZQ0NICAgVGhlIGF1ZGllbmNlIGZvciB0aGlz
IGRvY3VtZW50IGluY2x1ZGVzOg0NICAgbyAgUm91dGluZyBBcmVhIHdvcmtpbmcgZ3Jv
dXAgY2hhaXJzIGFuZCBwYXJ0aWNpcGFudHMgLSBUaGVzZSBwZW9wbGUNICAgICAgYXJl
IGNoYXJnZWQgd2l0aCB1cGRhdGVzIHRvIHRoZSBSb3V0aW5nIFByb3RvY29sIHNwZWNp
ZmljYXRpb25zLg0gICAgICBBbnkgYW5kIGFsbCBjcnlwdG9ncmFwaGljIGF1dGhlbnRp
Y2F0aW9uIHdvcmsgb24gdGhlc2UNICAgICAgc3BlY2lmaWNhdGlvbnMgd2lsbCBvY2N1
ciBpbiBSb3V0aW5nIEFyZWEgd29ya2luZyBncm91cHMsIHdpdGgNICAgICAgY2xvc2Ug
cGFydG5lcnNoaXAgd2l0aCB0aGUgU2VjdXJpdHkgQXJlYS4gIENvLSBhZHZpc29ycyBm
cm9tIHRoZQ0gICAgICBTZWN1cml0eSBBcmVhIG1heSBvZnRlbiBiZSBuYW1lZCBmb3Ig
dGhlc2UgcGFydG5lcnNoaXAgZWZmb3J0cy4NDSAgIG8gIFNlY3VyaXR5IEFyZWEgcmV2
aWV3ZXJzIG9mIFJyb3V0aW5nIGFBcmVhIGRvY3VtZW50cyAtIFRoZXNlIHBlb3BsZQ0g
ICAgICBhcmUgZGVsZWdhdGVkIGJ5IHRoZSBTZWN1cml0eSBBcmVhIERpcmVjdG9ycyB0
byBwZXJmb3JtIHJldmlld3Mgb24NICAgICAgcm91dGluZyBwcm90b2NvbCBzcGVjaWZp
Y2F0aW9ucyBhcyB0aGV5IHBhc3MgdGhyb3VnaCB3b3JraW5nIGdyb3VwDSAgICAgIGxh
c3QgY2FsbCBvciBJRVNHIHJldmlldy4gIFRoZXkgd2lsbCBwYXkgcGFydGljdWxhciBh
dHRlbnRpb24gdG8NICAgICAgdGhlIHVzZSBvZiBjcnlwdG9ncmFwaGljIGF1dGhlbnRp
Y2F0aW9uIGFuZCBjb3JyZXNwb25kaW5nBSBzZWN1cml0eQ0gICAgICBtZWNoYW5pc21z
IGZvciB0aGUgcm91dGluZyBwcm90b2NvbHMuICBUaGV5IHdpbGwgZW5zdXJlIHRoYXQN
ICAgICAgaW5jcmVtZW50YWwgc2VjdXJpdHkgaW1wcm92ZW1lbnRzIGFyZSBiZWluZyBt
YWRlLCBpbiBsaW5lIHdpdGgNICAgICAgdGhpcyByb2FkbWFwLg0NICAgbyAgU2VjdXJp
dHkgQXJlYSBlbmdpbmVlcnMgLSBUaGVzZSBwZW9wbGUgcGFydG5lciB3aXRoIHJvdXRp
bmcgYXJlYQ0gICAgICBhdXRob3JzL2Rlc2lnbmVycyBvbiB0aGUgc2VjdXJpdHkgbWVj
aGFuaXNtcyBpbiByb3V0aW5nIHByb3RvY29sDSAgICAgIHNwZWNpZmljYXRpb25zLiAg
U29tZSBvZiB0aGVzZSBzZWN1cml0eSBhcmVhIGVuZ2luZWVycyB3aWxsIGJlDSAgICAg
IGFzc2lnbmVkIGJ5IHRoZSBTZWN1cml0eSBBcmVhIERpcmVjdG9ycywgd2hpbGUgb3Ro
ZXJzIHdpbGwgYmUNICAgICAgaW50ZXJlc3RlZCBwYXJ0aWVzIGluIHRoZSByZWxldmFu
dCB3b3JraW5nIGdyb3Vwcy4NDSAgIG8gIE9wZXJhdG9ycyAtIFRoZSBvcGVyYXRvcnMg
YXJlIGEga2V5IGF1ZGllbmNlIGZvciB0aGlzIHdvcmssIGFzIHRoZQ0gICAgICB3b3Jr
IGlzIGNvbnNpZGVyZWQgdG8gaGF2ZSBzdWNjZWVkZWQgb25seSBpZiB0aGUgb3BlcmF0
b3JzIGRlcGxveSB0aGUNICAgICAgdGVjaG5vbG9neSwgcHJlc3VtYWJseSBkdWUgdG8g
YSBwZXJjZXB0aW9uIG9mIHNpZ25pZmljYW50bHkNDQ0NTGVib3ZpdHosIGV0IGFsLiAg
ICAgICAgRXhwaXJlcyBEZWNlbWJlciAyMCwgMjAxMSAgICAgICAgICAgICAgW1BhZ2Ug
MTFdDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWly
ZW1lbnRzICAgICAgICAgICAgSnVuZSAyMDExDQ0NICAgICAgaW1wcm92ZWQgc2VjdXJp
dHkgdmFsdWUgY291cGxlZCB3aXRoIHJlbGF0aXZlIHNpbWlsYXJpdHkgdG8NICAgICAg
ZGVwbG95bWVudCBjb21wbGV4aXR5IGFuZCBjb3N0LiAgQ29udmVyc2VseSwgdGhlIHdv
cmsgd2lsbCBiZQ0gICAgICBjb25zaWRlcmVkIGEgZmFpbHVyZSBpZiB0aGUgb3BlcmF0
b3JzIGRvIG5vdCBjYXJlIHRvIGRlcGxveSBpdCwNICAgICAgZWl0aGVyIGR1ZSB0byBs
YWNrIG9mIHZhbHVlIG9yIHBlcmNlaXZlZCAob3IgcmVhbCkgb3Zlci0NICAgICAgY29t
cGxleGl0eSBvZiBvcGVyYXRpb25zLiAgQW5kIGFzIHN1Y2hBcyBhIHJlc3VsdCwgdGhl
IEdST1cgYW5kIE9QU0VDIFdHcw0gICAgICBzaG91bGQgYmUga2VwdCBzcXVhcmVseSBp
biB0aGUgbG9vcCBhcyB3ZWxsLg0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N
DQ0NDQ0NDQ0NDQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2Vt
YmVyIDIwLCAyMDExICAgICAgICAgICAgICBbUGFnZSAxMl0NDA1JbnRlcm5ldC1EcmFm
dCAgICAgICAgS0FSUCBUaHJlYXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBK
dW5lIDIwMTENDQ0yLiAgVGhyZWF0cw0NICAgSW4gUkZDIDQ5NDkgW1JGQzQ5NDkFXSwg
YSB0aHJlYXQgaXMgZGVmaW5lZCBhcyBhIHBvdGVudGlhbCBmb3INICAgdmlvbGF0aW9u
IG9mIHNlY3VyaXR5LCB3aGljaCBleGlzdHMgd2hlbiB0aGVyZSBpcyBhIGNpcmN1bXN0
YW5jZSwNICAgY2FwYWJpbGl0eSwgYWN0aW9uLCBvciBldmVudCB0aGF0IGNvdWxkIGJy
ZWFjaCBzZWN1cml0eSBhbmQgY2F1c2UNICAgaGFybS4gIFRoaXMgc2VjdGlvbiBkZWZp
bmVzIHRoZSB0aHJlYXRzIHRoYXQgYXJlIGluIHNjb3BlIGZvciB0aGlzDSAgIHJvYWRt
YXAsIGFuZCB0aG9zZSB0aGF0IGFyZSBleHBsaWNpdGx5IG91dCBvZiBzY29wZS4gIFRo
aXMgZG9jdW1lbnQNICAgbGV2ZXJhZ2VzIHRoZSAiR2VuZXJpYyBUaHJlYXRzIHRvIFJv
dXRpbmcgUHJvdG9jb2xzIiBtb2RlbCwgUkZDIDQ1OTMNICAgW1JGQzQ1OTNdLCBjYXBp
dGFsaXplcyB0ZXJtcyBmcm9tIHRoYXQgZG9jdW1lbnQsIGFuZCBvZmZlcnMgYSB0ZXJz
ZQ0gICBkZWZpbml0aW9uIG9mIHRob3NlIHRlcm1zLiAgKE1vcmUgdGhvcm91Z2ggZGVz
Y3JpcHRpb24gb2Ygcm91dGluZw0gICBwcm90b2NvbCB0aHJlYXRzIHNvdXJjZXMsIG1v
dGl2YXRpb25zLCBjb25zZXF1ZW5jZXMgYW5kIGFjdGlvbnMgY2FuDSAgIGJlIGZvdW5k
IGluIFJGQyA0NTkzIFtSRkM0NTkzXSBpdHNlbGYpLiAgVGhlIHRocmVhdCBsaXN0aW5n
cyBiZWxvdw0gICBleHBhbmQgdXBvbiB0aGVzZSB0aHJlYXQgZGVmaW5pdGlvbnMuDQ0y
LjEuICBUaHJlYXRzIEluIFNjb3BlBQ0NICAgVGhlIHRocmVhdHMgdGhhdCB3aWxsIGJl
IGFkZHJlc3NlZCBpbiB0aGlzIHJvYWRtYXAgYXJlIHRob3NlIGZyb20NICAgT1VUU0lE
RVJTLCBhdHRhY2tlcnMgdGhhdCBtYXkgcmVzaWRlIGFueXdoZXJlIGluIHRoZSBJbnRl
cm5ldCwgaGF2ZQ0gICB0aGUgYWJpbGl0eSB0byBzZW5kIElQIHRyYWZmaWMgdG8gdGhl
IHJvdXRlciwgbWF5IGJlIGFibGUgdG8gb2JzZXJ2ZQ0gICB0aGUgcm91dGVyJ3MgcmVw
bGllcywgYW5kIG1heSBldmVuIGNvbnRyb2wgdGhlIHBhdGggZm9yIGEgbGVnaXRpbWF0
ZQ0gICBwZWVyJ3MgdHJhZmZpYy4gIFRoZXNlIE9VVFNJREVSUyBhcmUgbm90IGxlZ2l0
aW1hdGUgcGFydGljaXBhbnRzIGluIHRoZSByb3V0aW5nDSAgIHByb3RvY29sLiAgTWVz
c2FnZSBhdXRoZW50aWNhdGlvbiBhbmQgaW50ZWdyaXR5IHByb3RlY3Rpb24NICAgc3Bl
Y2lmaWNhbGx5IGFpbXMgdG8gaWRlbnRpZnkgcGFja2V0cyBvcmlnaW5hdGluZyBmcm9t
IE9VVFNJREVSUy4NDSAgIFRoZSBjb25jZXB0IG9mIE9VVFNJREVSUyBjYW4gYmUgZnVy
dGhlciByZWZpbmVkIHRvIGluY2x1ZGUgYXR0YWNrZXJzDSAgIHdobyBhcmUgdGVybWlu
YXRlZCBlbXBsb3llZXMFLCBhbmQgdGhvc2Ugc2l0dGluZyBvbi1wYXRoLg0NICAgbyAg
T24tUGF0aAUgLSBhdHRhY2tlcnMgd2l0aCBjb250cm9sIG9mIGEgbmV0d29yayByZXNv
dXJjZSBvciBhIHRhcCAoYSBmb3JtIG9mIHBhc3NpdmUgd2lyZXRhcHBpbmcpDSAgICAg
IGFsb25nIHRoZSBwYXRoIG9mIHBhY2tldHMgYmV0d2VlbiB0d28gcm91dGVycwUuICBB
biBvbi1wYXRoDSAgICAgIG91dHNpZGVyIGNhbiBhdHRlbXB0IGEgbWFuLWluLXRoZS1t
aWRkbGUgKE1pVE0pIGF0dGFjayAoYW4gYWN0aXZlIHdpcmV0YXBwaW5nIGF0dGFjayks
IA1pbiBhZGRpdGlvbiB0bw0gICAgICBzZXZlcmFsIG90aGVyIGF0dGFjayBjbGFzc2Vz
LiAgQSBtYW4taW4tdGhlLW1pZGRsZSAoTWl0TSkgYXR0YWNrDSAgICAgIG9jY3VycyB3
aGVuIGFuIGF0dGFja2VyIHdobyBoYXMgYWNjZXNzIHRvIHBhY2tldHMgZmxvd2luZyBi
ZXR3ZWVuDSAgICAgIHR3byBwZWVycyB0YW1wZXJzIHdpdGggdGhvc2UgcGFja2V0cyBp
biBzdWNoIGEgd2F5IHRoYXQgYm90aCBwZWVycw0gICAgICB0aGluayB0aGV5IGFyZSB0
YWxraW5nIHRvIGVhY2ggb3RoZXIgZGlyZWN0bHksIHdoZW4gaW4gZmFjdCB0aGV5DSAg
ICAgIGFyZSBhY3R1YWxseSB0YWxraW5nIHRvIHRoZSBhdHRhY2tlcgUgb25seS4gIFBy
b3RvY29scyBjb25mb3JtaW5nDSAgICAgIHRvIHRoaXMgcm9hZG1hcCB3aWxsIHVzZSBj
cnlwdG9ncmFwaGljIG1lY2hhbmlzbXMgdG8gcHJldmVudCBkZXRlY3RhDSAgICAgIG1h
bi1pbi10aGUtbWlkZGxlIGF0dGFja2VyIGZyb20gc2l0dWF0aW5nIGhpbXNlbGYgdW5k
ZXRlY3RlZE1pVE0gYXR0YWNrcyBhbmQgcmVqZWN0IHBhY2tldHMgZnJvbSBzdWNoIGF0
dGFja3MgKGkuZS4sIHRyZWF0IHRoZW0gYXMgbm90IGF1dGhlbnRpYykuDQ0gICBvICBU
ZXJtaW5hdGVkIEVtcGxveWVlcyAtIGluIHRoaXMgY29udGV4dCwgdGhvc2Ugd2hvIGhh
ZCBhY2Nlc3MNICAgICAgcm91dGVyIGNvbmZpZ3VyYXRpb24gdGhhdCBpbmNsdWRlZCBr
ZXlzIG9yIGtleWluZyBtYXRlcmlhbCAoZS5nLiwgbGlrZQ0gICAgICBwcmUtc2hhcmVk
IGtleXMpIHVzZWQgaW4gc2VjdXJpbmcgdGhlIHJvdXRpbmcgcHJvdG9jb2wFBS4gIFVz
aW5nIHRoaXMNICAgICAgbWF0ZXJpYWwsIHRoZSBhdHRhY2tlciBjb3VsZCBzZW5kIHBy
b3Blcmx5IE1BQydkIHNwb29mZWQgcGFja2V0cyB0aGF0IHBhc3MgdGhlIGludGVncml0
eSBhbmQgYXV0aGVudGljaXR5IGNoZWNrcyBiYXNlZCBvbiBtZXNzYWdlIGF1dGhlbnRp
Y2F0aW9uIGNvZGVzIChNQUNzKS4gVGhlIHJlc3VsdGluZw0gICAgICB0cmFmZmljIG1p
Z2h0IGFwcGVhcmluZyB0byBjb21lIGZyb20gcm91dGVyIEEgdG8gcm91dGVyIEIsIGFu
ZCB0aHVzIHRoZSBhdHRhY2tlciBjb3VsZCBpbXBlcnNvbmF0ZQ0gICAgICBhbiBhdXRo
b3JpemVkIHBlZXIuICBUaGUgYXR0YWNrZXIgY291bGQgdGhlbiBzZW5kIGZhbHNlIHRy
YWZmaWMNICAgICAgdGhhdCBjaGFuZ2VzIGFkdmVyc2VseSBhZmZlY3RzdGhlIG5ldHdv
cmsgYmVoYXZpb3IgZnJvbSBpdHMgb3BlcmF0b3IncyBkZXNpZ24uICBUaGUNICAgICAg
Z29hbCBvZiBhZGRyZXNzaW5nIHRoaXMgc291cmNlIHRocmVhdCBzcGVjaWZpY2FsbHkg
aXMgdG8gY2FsbCBvdXQgdGhlDSAgICAgIGNhc2Ugd2hlcmUgbmV3IGtleXMgb3Iga2V5
aW5nIG1hdGVyaWFsIGJlY29tZXMgbmVjZXNzYXJ5IHZlcnkNICAgICAgcXVpY2tseSwg
d2l0aCBsaXR0bGUgb3BlcmF0aW9uYWwgZXhwZW5zZSwgdXBvbiB0aGUgdGVybWluYXRp
b24gb2YNDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAy
MCwgMjAxMSAgICAgICAgICAgICAgW1BhZ2UgMTNdDQwNSW50ZXJuZXQtRHJhZnQgICAg
ICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAgICAgICAgSnVuZSAy
MDExDQ0NICAgICAgc3VjaCBhbiBlbXBsb3llZSAod2l0aCBhY2Nlc3MgdG8gc3VjaCBt
YXRlcmlhbCkuICBUaGlzIGdyb3VwaW5nIHRocmVhdCBjbGFzcyBjb3VsZCBhbHNvIHJl
ZmVycyB0byBhbnkgYXR0YWNrZXINICAgICAgd2hvIHNvbWVob3cgbWFuYWdlc2QgdG8g
Z2FpbiBhY2Nlc3MgdG8ga2V5aW5nIG1hdGVyaWFsLCBhbmQgc2FpZA0gICAgICBhY2Nl
c3MgaGFkIGJlZW4gZGV0ZWN0ZWQgYnkgdGhlIG9wZXJhdG9ycyBzdWNoIHRoYXQgdGhl
IG9wZXJhdG9ycw0gICAgICBoYXZlIGFuIG9wcG9ydHVuaXR5IHRvIG1vdmUgdG8gbmV3
IGtleXMgaW4gb3JkZXIgdG8gcHJldmVudCBjb3VudGVyIGFuDSAgICAgIGF0dGFjayBp
ZiB0aGlzIHR5cGUuLg0NICAgVGhlc2UgYXR0YWNrIGFjdGlvbnMgYXJlIGluIHNjb3Bl
IGZvciB0aGlzIHJvYWRtYXA6DQ0gICBvICBTcG9vZmluZwUgLSB3aGVuIGFuIHVuYXV0
aG9yaXplZCBkZXZpY2UgYXNzdW1lcyB0aGUgaWRlbnRpdHkgb2YgYW4NICAgICAgYXV0
aG9yaXplZCBvbmUuICBTcG9vZmluZyBjYW4gYmUgdXNlZCwgZm9yIGV4YW1wbGUsIHRv
IGluamVjdA0gICAgICBtYWxpY2lvdXMgcm91dGluZyBpbmZvcm1hdGlvbiB0aGF0IGNh
dXNlcyB0aGUgZGlzcnVwdGlvbiBvZg0gICAgICBuZXR3b3JrIHNlcnZpY2VzLiAgU3Bv
b2ZpbmcgY2FuIGFsc28gYmUgdXNlZCB0byBjYXVzZSBhIG5laWdoYm9yDSAgICAgIHJl
bGF0aW9uc2hpcCB0byBmb3JtIHRoYXQgc3Vic2VxdWVudGx5IGRlbmllcyB0aGUgZm9y
bWF0aW9uIG9mIHRoZQ0gICAgICByZWxhdGlvbnNoaXAgd2l0aCB0aGUgbGVnaXRpbWF0
ZSByb3V0ZXIuDQ0gICBvICBGYWxzaWZpY2F0aW9uIAUtIGFuIGFjdGlvbiB3aGVyZWJ5
IGFuIGF0dGFja2VyIHNlbmRzIGZhbHNlIHJvdXRpbmcNICAgICAgaW5mb3JtYXRpb24u
ICBUbyBmYWxzaWZ5IHRoZSByb3V0aW5nIGluZm9ybWF0aW9uLCBhbiBhdHRhY2tlciBo
YXMNICAgICAgdG8gYmUgZWl0aGVyIHRoZSBvcmlnaW5hdG9yIG9yIGEgZm9yd2FyZGVy
IG9mIHRoZSByb3V0aW5nDSAgICAgIGluZm9ybWF0aW9uLiAgRmFsc2lmaWNhdGlvbiBt
YXkgb2NjdXIgYnkgYW4gb3JpZ2luYXRvciwgb3IgYQ0gICAgICBmb3J3YXJkZXIsIGFu
ZCBtYXkgaW52b2x2ZSBvdmVyY2xhaW1pbmcsIG1pc2NsYWltaW5nLCBvcg0gICAgICBt
aXN0YXRlbWVudCBvZiBuZXR3b3JrIHJlc291cmNlIHJlYWNoYWJpbGl0eS4gIFdlIG11
c3QgYmUgY2FyZWZ1bA0gICAgICB0byByZW1lbWJlciB0aGF0IGluIHRoaXMgd29yayB3
ZSBhcmUgb25seSB0YXJnZXRpbmcgZmFsc2lmaWNhdGlvbg0gICAgICBmcm9tIG91dHNp
ZGVycyBhcyBtYXkgb2NjdXIgZnJvbSB0YW1wZXJpbmcgd2l0aCBwYWNrZXRzIGluIGZs
aWdodC4NICAgICAgRmFsc2lmaWNhdGlvbiBmcm9tIEJZWkFOVElORVMgKHNlZSB0aGUg
VGhyZWF0cyBPdXQgb2YgU2NvcGUNICAgICAgc2VjdGlvbiAoU2VjdGlvbiAyLjIpIGJl
bG93KSBhcmUgbm90IGFkZHJlc3NlZCBieSB0aGUgS0FSUCBlZmZvcnQuDQ0gICBvICBJ
bnRlcmZlcmVuY2UFIC0gd2hlbiBhbiBhdHRhY2tlciBpbmhpYml0cyB0aGUgZXhjaGFu
Z2VzIGJ5DSAgICAgIGxlZ2l0aW1hdGUgcm91dGVycy4gIFRoZSB0eXBlcyBvZiBpbnRl
cmZlcmVuY2UgYWRkcmVzc2VkIGJ5IHRoaXMNICAgICAgd29yayBpbmNsdWRlOg0NICAg
ICAgQS4gIEFkZGluZyBub2lzZQUNDSAgICAgIEIuICBSZXBsYXlpbmcgb3V0LWRhdGVk
IHBhY2tldHMNDSAgICAgIEMuICBJbnNlcnRpbmcgcHJvdG9jb2wgcGFja2V0cw0NICAg
ICAgRC4gIENvcnJ1cHRpbmcgcHJvdG9jb2wgcGFja2V0cw0NICAgICAgRS4gIEJyZWFr
aW5nIHN5bmNocm9uaXphdGlvbg0NICAgICAgRi4gIENoYW5naW5nIG1lc3NhZ2UgY29u
dGVudA0NICAgbyAgRG9TIGF0dGFja3Mgb24gdHJhbnNwb3J0IHN1Yi1zeXN0ZW1zYXQg
dGhlIHRyYW5zcG9ydCBsYXllciAtIFRoaXMgaW5jbHVkZXMgYW55IG90aGVyIERvUw0g
ICAgICBhdHRhY2tzIHNwZWNpZmljYWxseSBiYXNlZCBvbiB0aGUgYWJvdmUgYXR0YWNr
IHR5cGVzBS4gIFRoaXMgaXMNICAgICAgd2hlbiBhbiBhdHRhY2tlciBzZW5kcyBzcG9v
ZmVkIHBhY2tldHMgYWltZWQgYXQgaGFsdGluZyBvcg0gICAgICBwcmV2ZW50aW5nIHRo
ZSB1bmRlcmx5aW5nIHByb3RvY29sIG92ZXIgd2hpY2ggdGhlIHJvdXRpbmcgcHJvdG9j
b2wNICAgICAgcnVucwUuICBGb3IgZXhhbXBsZSwgQkdQIHJ1bm5pbmcgb3ZlciBUTFMg
d2lsbCBzdGlsbCBub3Qgc29sdmUgdGhlDSAgICAgIHByb2JsZW0gb2YgYmVpbmcgYWJs
ZSB0byBzZW5kIGEgVENQIEZJTiBvciBUQ1AgUlNUIGFuZCBjYXVzaW5nIHRoZQ0NDQ1M
ZWJvdml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDIwLCAyMDExICAg
ICAgICAgICAgICBbUGFnZSAxNF0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAgS0FSUCBU
aHJlYXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBKdW5lIDIwMTENDQ0gICAg
ICBwZWVyIEJHUCBzZXNzaW9uIHRvIGdvIGRvd24uICBTaW5jZSB0aGlzIGF0dGFjayBk
ZXBlbmRzIG9uIHNwb29maW5nBSwNICAgICAgb3BlcmF0b3JzIGFyZSBlbmNvdXJhZ2Vk
IHRvIGRlcGxveSBwcm9wZXIgYXV0aGVudGljYXRpb24NICAgICAgbWVjaGFuaXNtcyB0
byBwcmV2ZW50IHN1Y2ggYXR0YWNrcy4gIFJvdXRpbmcgUHJvdG9jb2xzIHNob3VsZCB0
aHVzDSAgICAgIGJlIG1hZGUgcmVzaWxpZW50BSB0byBwb3RlbnRpYWwgYXR0YWNrcyBv
biB0aGUgbGF5ZXJzIGFib3ZlIHdoaWNoDSAgICAgIHRoZXkgcnVuLg0NICAgbyAgRG9T
IGF0dGFja3MgdXNpbmcgdGhlIGF1dGhlbnRpY2F0aW9uIG1lY2hhbmlzbSAtIFRoaXMg
aW5jbHVkZXMgYW4NICAgICAgYXR0YWNrZXIgc2VuZGluZyBwYWNrZXRzIHdoaWNoIHRo
YXQgY29uZnVzZSBvciBvdmVyd2hlbG0gYSBzZWN1cml0eQ0gICAgICBtZWNoYW5pc20g
aXRzZWxmLiAgQW4gZXhhbXBsZSBpcyBpbml0aWF0aW5nIGFuIG92ZXJ3aGVsbWluZyBs
b2FkDSAgICAgIG9mIHNwb29mZWQgYXV0aGVudGljYXRlZCByb3V0aW5nIHByb3RvY29s
IHBhY2tldHMgdGhhdCBjb250YWluIGEgTUFDLCBzbyB0aGF0IHRoZQ0gICAgICByZWNl
aXZlciBuZWVkcyB0byBwcm9jZXNzIGNoZWNrIHRoZSBNQUMgY2hlY2ssIG9ubHkgdG8g
ZGlzY2FyZCB0aGUgc3Bvb2ZlZA0gICAgICBwYWNrZXQsIHNlbmRpbmcgY29uc3VtaW5n
IHN1YnN0YW50aWFsIENQVSBsZXZlbHMgcmlzaW5ncmVzb3VyY2VzLiAgQW5vdGhlciBl
eGFtcGxlIGlzIHdoZW4gYW4NICAgICAgYXR0YWNrZXIgc2VuZHMgYW4gb3ZlcndoZWxt
aW5nIGxvYWQgb2Yga2V5aW5nIHByb3RvY29sIGluaXRpYXRpb25zDSAgICAgIGZyb20g
Ym9ndXMgc291cmNlcy4gIEFsbCBvdGhlciBwb3NzaWJsZSBEb1MgYXR0YWNrcwUgYXJl
IG91dCBvZg0gICAgICBzY29wZSAoc2VlIG5leHQgc2VjdGlvbikuDQ0gICBvICBCcnV0
ZSBGb3JjZSBBdHRhY2tzIEFnYWluc3QgUGFzc3dvcmQvS2V5cyAtIFRoaXMgaW5jbHVk
ZXMgZWl0aGVyDSAgICAgIG9ubGluZSBvciBvZmZsaW5lIGF0dGFja3Mgd2hlcmUgYXR0
ZW1wdHMgYXJlIG1hZGUgcmVwZWF0ZWRseSB1c2luZw0gICAgICBkaWZmZXJlbnQga2V5
cy9wYXNzd29yZHMgdW50aWwgYSBtYXRjaCBpcyBmb3VuZC4gIFdoaWxlIGl0IGlzDSAg
ICAgIGltcG9zc2libGUgdG8gbWFrZSBicnV0ZSBmb3JjZSBhdHRhY2tzIG9uIGtleXMg
Y29tcGxldGVseQ0gICAgICB1bnN1Y2Nlc3NmdWwsIHByb3BlciBkZXNpZ24gY2FuIG1h
a2Ugc3VjaCBhdHRhY2tzIG11Y2ggaGFyZGVyIHRvDSAgICAgIHN1Y2NlZWQuICBGb3Ig
ZXhhbXBsZSwgdGhlIGtleSBsZW5ndGggc2hvdWxkIGJlIHN1ZmZpY2llbnRseSBsb25n
DSAgICAgIHNvIHRoYXQgY292ZXJpbmcgdGhlIGVudGlyZSBzcGFjZSBvZiBwb3NzaWJs
ZSBrZXlzIGlzIGltcHJvYmFibGUNICAgICAgdXNpbmcgY29tcHV0YXRpb25hbCBwb3dl
ciBleHBlY3RlZCB0byBiZSBhdmFpbGFibGUgMTAgeWVhcnMgb3V0IG9yDSAgICAgIG1v
cmUuICBVc2luZyBwZXIgc2Vzc2lvbiBrZXlzIGlzIGFub3RoZXIgd2lkZWx5IHVzZWQg
bWV0aG9kIGZvcg0gICAgICByZWR1Y2luZyB0aGUgbnVtYmVyIG9mIGJydXRlIGZvcmNl
IGF0dGFja3MgYXMgdGhpcyB3b3VsZCBtYWtlIGl0DSAgICAgIGRpZmZpY3VsdCB0byBn
dWVzcyB0aGUga2V5cwUuDQ0yLjIuICBUaHJlYXRzIE91dCBvZiBTY29wZQ0NICAgVGhy
ZWF0cyBmcm9tIEJZWkFOVElORSBzb3VyY2VzIC0tIGZhdWx0eSwgbWlzY29uZmlndXJl
ZCwgb3Igc3VidmVydGVkDSAgIHJvdXRlcnMsIGkuZS4sIGxlZ2l0aW1hdGUgcGFydGlj
aXBhbnRzIGluIHRoZSByb3V0aW5nIHByb3RvY29sIC0tIGFyZQ0gICBvdXQgb2Ygc2Nv
cGUgZm9yIHRoaXMgcm9hZG1hcAUuICBBbnkgb2YgdGhlIGF0dGFja3MgZGVzY3JpYmVk
IGluIHRoZQ0gICBhYm92ZSBzZWN0aW9uIChTZWN0aW9uIDIuMSkgdGhhdCBtYXkgYmUg
bGV2aWVkIGJ5IGEgQllaQU5USU5FIHNvdXJjZQ0gICBhcmUgdGhlcmVmb3JlIGFsc28g
b3V0IG9mIHNjb3BlLg0NICAgSW4gYWRkaXRpb24sIHRoZXNlIG90aGVyIGF0dGFjayBh
Y3Rpb25zIGFyZSBvdXQgb2Ygc2NvcGUgZm9yIHRoaXMNICAgd29yazoNDSAgIG8gIFNu
aWZmaW5nIC0gcGFzc2l2ZSBvYnNlcnZhdGlvbiBvZiByb3V0ZSBtZXNzYWdlIGNvbnRl
bnRzIGluIGZsaWdodAUNDSAgIG8gIEZhbHNpZmljYXRpb24gYnkgQnl6YW50aW5lIHNv
dXJjZXMgLSB1bmF1dGhvcml6ZWQgbWVzc2FnZSBjb250ZW50DSAgICAgIGJ5IGEgbGVn
aXRpbWF0ZSBhdXRob3JpemVkIHNvdXJjZQUuDQ0gICBvICBJbnRlcmZlcmVuY2UgZHVl
IHRvBToNDSAgICAgIEEuICBOb3QgZm9yd2FyZGluZyBwYWNrZXRzIC0gY2Fubm90IGJl
IHByZXZlbnRlZCB3aXRoDSAgICAgICAgICBjcnlwdG9ncmFwaGljIGF1dGhlbnRpY2F0
aW9uBQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDIw
LCAyMDExICAgICAgICAgICAgICBbUGFnZSAxNV0NDA1JbnRlcm5ldC1EcmFmdCAgICAg
ICAgS0FSUCBUaHJlYXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBKdW5lIDIw
MTENDQ0gICAgICBCLiAgRGVsYXlpbmcgcHJvdG9jb2wgcGFja2V0cyAtIGNhbm5vdCBi
ZSBwcmV2ZW50ZWQgd2l0aA0gICAgICAgICAgY3J5cHRvZ3JhcGhpYyBhdXRoZW50aWNh
dGlvbgUNDSAgICAgIEMuICBEZW5pYWwgb2YgcmVjZWlwdCAtIGNhbm5vdCBiZSBwcmV2
ZW50ZWQgd2l0aCBjcnlwdG9ncmFwaGljDSAgICAgICAgICBhdXRoZW50aWNhdGlvbgUN
DSAgICAgIEQuICBVbmF1dGhvcml6ZWQgbWVzc2FnZSBjb250ZW50BSAtIHRoZSB3b3Jr
IG9mIHRoZSBJRVRGJ3MgU0lEUg0gICAgICAgICAgd29ya2luZyBncm91cA0gICAgICAg
ICAgKGh0dHA6Ly93d3cuaWV0Zi5vcmcvaHRtbC5jaGFydGVycy9zaWRyLWNoYXJ0ZXIu
aHRtbCkuDQ0gICAgICBFLiAgQW55IG90aGVyIHR5cGUgb2YgRG9TIGF0dGFjawUuICBG
b3IgZXhhbXBsZSwgYSBmbG9vZCBvZiB0cmFmZmljDSAgICAgICAgICB0aGF0IGZpbGxz
IHRoZSBsaW5rIGFoZWFkIG9mIHRoZSByb3V0ZXIsIHNvIHRoYXQgdGhlIHJvdXRlciBp
cw0gICAgICAgICAgcmVuZGVyZWQgdW51c2FibGUgYW5kIHVucmVhY2hhYmxlIGJ5IHZh
bGlkIHBhY2tldHMgaXMgTk9UIGFuDSAgICAgICAgICBhdHRhY2sgdGhhdCB0aGlzIHdv
cmsgd2lsbCBhZGRyZXNzLiAgTWFueSBvdGhlciBzdWNoIGV4YW1wbGVzDSAgICAgICAg
ICBjb3VsZCBiZSBjb250cml2ZWQuDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N
DQ0NDQ0NDUxlYm92aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAs
IDIwMTEgICAgICAgICAgICAgIFtQYWdlIDE2XQ0MDUludGVybmV0LURyYWZ0ICAgICAg
ICBLQVJQIFRocmVhdHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAx
MQ0NDTMuICBSZXF1aXJlbWVudHMgZm9yIFBoYXNlIDEgb2YgYSBSb3V0aW5nIFByb3Rv
Y29sIFRyYW5zcG9ydCdzIFNlY3VyaXR5DSAgICBVcGRhdGUNDSAgIFRoZSBmb2xsb3dp
bmcgbGlzdCBvZiByZXF1aXJlbWVudHMgU0hPVUxEIGJlIGFkZHJlc3NlZCBieSBhIEtB
UlAgV29yaw0gICBQaGFzZSAxIHNlY3VyaXR5IHVwZGF0ZSB0byBhbnkgUm91dGluZyBQ
cm90b2NvbCAoYWNjb3JkaW5nIHRvIHNlY3Rpb24NICAgNC4xIG9mIHRoZSBLQVJQIERl
c2lnbiBHdWlkZSBbSS1ELmlldGYta2FycC1kZXNpZ24tZ3VpZGVdIGRvY3VtZW50KS4N
ICAgSVQgSVMgUkVDT01NRU5ERUQgdGhhdCBhbnkgUGhhc2UgMSBzZWN1cml0eSB1cGRh
dGUgdG8gYSBSb3V0aW5nDSAgIFByb3RvY29sIGNvbnRhaW4gYSBzZWN0aW9uIG9mIHRo
ZSBzcGVjaWZpY2F0aW9uIGRvY3VtZW50IHRoYXQNICAgZGVzY3JpYmVzIGhvdyBlYWNo
IG9mIHRoZXNlIHJlcXVpcmVtZW50cyBhcmUgaXMgbWV0LiAgSXQgaXMgZnVydGhlcg0g
ICBSRUNPTU1FTkRFRCB0aGF0IHRleHR1YWwFIGp1c3RpZmljYXRpb24gYmUgcHJlc2Vu
dGVkIGZvciBhbnkNICAgcmVxdWlyZW1lbnRzIHRoYXQgYXJlIE5PVCBhZGRyZXNzZWQu
DQ0gICAxLiAgIENsZWFyIGRlZmluaXRpb25zIG9mIHdoaWNoIGVsZW1lbnRzIG9mIHRo
ZSB0cmFuc21pc3Npb24gdHJhbnNtaXR0ZWQgZGF0YSAoZnJhbWUsDSAgICAgICAgcGFj
a2V0LCBzZWdtZW50LCBldGMuKSBhcmUgcHJvdGVjdGVkIGJ5IHRoZSBhdXRoZW50aWNh
dGlvbg0gICAgICAgIG1lY2hhbmlzbQ0NICAgMi4gICBTdHJvbmcgY3J5cHRvZ3JhcGhp
YyBhbGdvcml0aG1zLCBhbmQgYXMgZGVmaW5lZCBhbmQgYWNjZXB0ZWQgYnkgdGhlIHNl
Y3VyaXR5DSAgICAgICAgY29tbXVuaXR5LCBNVVNUIGJlIHNwZWNpZmllZC4gIFNUaGUg
b3B0aW9uIGVjdXJpdHkgbWVjaGFuaXNtcyBzaG91bGQgdXNlIGFsZ29yaXRobXMNICAg
ICAgICBjb25zaWRlcmVkIGFjY2VwdGVkBSBieSB0aGUgSUVURidzIFNlY3VyaXR5IGNv
bW11bml0eSwgd2hpY2ggYXJlDSAgICAgICAgY29uc2lkZXJlZCBhcHByb3ByaWF0ZWx5
IHNhZmUuICBUaGUgdXNlIG9mIG5vbi1zdGFuZGFyZCBvcg0gICAgICAgIHVucHVibGlz
aGVkIGFsZ29yaXRobXMgU0hPVUxEIEJFIGF2b2lkZWQuDQ0gICAzLiAgIEFsZ29yaXRo
bSBhZ2lsaXR5IGZvciB0aGUgY3J5cHRvZ3JhcGhpYyBhbGdvcml0aG1zIHVzZWQgaW4g
dGhlDSAgICAgICAgYXV0aGVudGljYXRpb24gTVVTVCBiZSBzcGVjaWZpZWQsIGkuZS4g
bW9yZSB0aGFuIG9uZSBhbGdvcml0aG0NICAgICAgICBNVVNUIGJlIHNwZWNpZmllZCBh
bmQgaXQgTVVTVCBiZSBjbGVhciBob3cgbmV3IGFsZ29yaXRobXMgTUFZIGJlDSAgICAg
ICAgc3BlY2lmaWVkIGFuZCB1c2VkIHdpdGhpbiB0aGUgcHJvdG9jb2wFLiAgVGhpcyBy
ZXF1aXJlbWVudCBleGlzdHMNICAgICAgICBpbiBjYXNlIG9uZSBhbGdvcml0aG0gZ2V0
cyBicm9rZW4gc3VkZGVubHkFLiAgUmVzZWFyY2ggdG8NICAgICAgICBpZGVudGlmeSB3
ZWFrbmVzcyBpbiBhbGdvcml0aG1zIGlzIGNvbnN0YW50LiAgQnJlYWtpbmcgYSBjaXBo
ZXINICAgICAgICBpc24ndCBhIG1hdHRlciBvZiBpZiwgYnV0IHdoZW4gaXQgd2lsbCBv
Y2N1ci4gIEl0J3MgaGlnaGx5DSAgICAgICAgdW5saWtlbHkgdGhhdCB0d28gZGlmZmVy
ZW50IGFsZ29yaXRobXMgd2lsbCBiZSBicm9rZW4NICAgICAgICBzaW11bHRhbmVvdXNs
eQUuICBTbywgaWYgdHdvIGFyZSBzdXBwb3J0ZWQsIGFuZCBvbmUgZ2V0cyBicm9rZW4s
DSAgICAgICAgd2UgY2FuIHVzZSB0aGUgb3RoZXIgdW50aWwgd2UgZ2V0IGEgbmV3IG9u
ZSBpbiBwbGFjZS4gIEhhdmluZw0gICAgICAgIHRoZSBhYmlsaXR5IHdpdGhpbiB0aGUg
cHJvdG9jb2wgc3BlY2lmaWNhdGlvbiB0byBzdXBwb3J0IHN1Y2ggYW4NICAgICAgICBl
dmVudCwgaGF2aW5nIGFsZ29yaXRobSBhZ2lsaXR5LCBpcyBlc3NlbnRpYWwuICBNYW5k
YXRpbmcgdHdvDSAgICAgICAgYWxnb3JpdGhtcyBwcm92aWRlcyBib3RoIGEgcmVkdW5k
YW5jeSwgYW5kIGEgbWVjaGFuaXNtIGZvcg0gICAgICAgIGVuYWN0aW5nIHRoYXQgcmVk
dW5kYW5jeSB3aGVuIG5lZWRlZAUuICBGdXJ0aGVyLCB0aGUgbWVjaGFuaXNtDSAgICAg
ICAgTVVTVCBkZXNjcmliZSB0aGUgZ2VuZXJpYyBpbnRlcmZhY2UgZm9yIG5ldyBjcnlw
dG9ncmFwaGljDSAgICAgICAgYWxnb3JpdGhtcyB0byBiZSB1c2VkLCBzbyB0aGF0IGlt
cGxlbWVudGVycyBjYW4gdXNlIGFsZ29yaXRobXMNICAgICAgICBvdGhlciB0aGFuIHRo
b3NlIHNwZWNpZmllZCwgYW5kIHNvIHRoYXQgbmV3IGFsZ29yaXRobXMgbWF5IGJlDSAg
ICAgICAgc3BlY2lmaWVkIGFuZCBzdXBwb3J0ZWQgaW4gdGhlIGZ1dHVyZS4NDSAgIDQu
ICAgU2VjdXJlIHVzZSBvZiBzaW1wbGUFIFBTS3MsIG9mZmVyaW5nIGJvdGggb3BlcmF0
aW9uYWwgY29udmVuaWVuY2UNICAgICAgICBhcyB3ZWxsIGFzIGJ1aWxkaW5nIHNvbWV0
aGluZyBvZiBhIGZlbmNlIGFyb3VuZCBzdHVwaWRpdHkFLCBNVVNUDSAgICAgICAgYmUg
c3BlY2lmaWVkLg0NICAgNS4gICBSZXBsYXkgb2Ygcm91dGluZyBwcm90b2NvbCBwYWNr
ZXRzIHJlcGxheSBzaG91bGRuknQgYWZmZWN0IHRoZSByb3V0aW5nDSAgICAgICAgc3lz
dGVtBS4gIEZvciBub24gVENQIGJhc2VkIHByb3RvY29scyBsaWtlIE9TUEYgW1JGQzIz
MjhdLCBJUy1JUw0gICAgICAgIFtSRkMxMTk1XSAsIGV0Yy4sIHR3byByb3V0ZXJzIGFy
ZSBzYWlkIHRvIGhhdmUgYSBzZXNzaW9uIHVwIGlmDQ0NDUxlYm92aXR6LCBldCBhbC4g
ICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEgICAgICAgICAgICAgIFtQYWdl
IDE3XQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQIFRocmVhdHMgYW5kIFJlcXVp
cmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDSAgICAgICAgdGhleSBhcmUgYWJs
ZSB0byBleGNoYW5nZSBwcm90b2NvbCBwYWNrZXRzLiAgUGFja2V0cyBjYXB0dXJlZA0g
ICAgICAgIGZyb20gb25lIHNlc3Npb24gbXVzdCBub3QgYmUgYWJsZSB0byBiZSByZS1z
ZW50IGFuZCBhY2NlcHRlZA0gICAgICAgIGR1cmluZyBhIGxhdGVyIHNlc3Npb24FLiAg
QWRkaXRpb25hbGx5LCByZXBsYXkgbWVjaGFuaXNtcyBtdXN0DSAgICAgICAgd29yayBj
b3JyZWN0bHkgZXZlbiBpbiB0aGUgcHJlc2VuY2Ugb2Ygcm91dGluZyBwcm90b2NvbCBw
YWNrZXQNICAgICAgICBwcmlvcml0aXphdGlvbiBieSB0aGUgcm91dGVyLg0NICAgNi4g
ICBBIGNoYW5nZSBvZiBzZWN1cml0eSBwYXJhbWV0ZXJzBSBSRVFVSVJFUywgYW5kIGV2
ZW4gZm9yY2VzLCBhDSAgICAgICAgY2hhbmdlIG9mIHNlc3Npb24gdHJhZmZpYyBrZXlz
Lg0NICAgNy4gICBJbnRyYS1jb25uZWN0aW9uIHJlLWtleWluZyB3aGljaCBvY2N1cnMg
d2l0aG91dCBhIGJyZWFrIG9yDSAgICAgICAgaW50ZXJydXB0aW9uIHRvIHRoZSBjdXJy
ZW50IHBlZXJpbmcFIHNlc3Npb24sIGFuZCwgaWYgcG9zc2libGUsDSAgICAgICAgd2l0
aG91dCBkYXRhIGxvc3MsIE1VU1QgYmUgc3BlY2lmaWVkLiAgS2V5cyBuZWVkIHRvIGJl
IGNoYW5nZWQNICAgICAgICBwZXJpb2RpY2FsbHksIGZvciBvcGVyYXRpb25hbCBwcml2
YWNleSBjb25maWRlbnRpYWxpdHkgKGUuZy4gd2hlbiBhbg0gICAgICAgIGFkbWluaXN0
cmF0b3Igd2hvIGhhZCBhY2Nlc3MgdG8gdGhlIGtleXMgbGVhdmVzIGFuIG9yZ2FuaXph
dGlvbikNICAgICAgICBhbmQgZm9yIGVudHJvcHkgcHVycG9zZXMsIGFuZCBhIHJlLWtl
eWluZyBtZWNoYW5pc20gZW5hYmxlcyB0aGUNICAgICAgICBkZXBsb3llcnMgb3BlcmF0
b3JzIHRvIGV4ZWN1dGUgdGhlIGNoYW5nZSB3aXRob3V0IHByb2R1Y3Rpdml0eSBsb3Nz
Lg0NICAgOC4gICBFZmZpY2llbnQgcmUta2V5aW5nIFNIT1VMRCBiZSBwcm92aWRlZC4g
IFRoZSBzcGVjaWZpY2Fpb25zcGVjaWZpY2F0aW9uIFNIT1VMRA0gICAgICAgIHN1cHBv
cnQgcmVrZXlpbmcgZHVyaW5nIGEgY29ubmVjdGlvbiB3aXRob3V0IHRoZSBuZWVkIHRv
IGV4cGVuZA0gICAgICAgIHVuZHVlBSBjb21wdXRhdGlvbmFsIHJlc291cmNlcy4gIElu
IHBhcnRpY3VsYXIsIHRoZSBzcGVjaWZpY2F0aW9uDSAgICAgICAgU0hPVUxEIGF2b2lk
IHRoZSBuZWVkIHRvIHRyeS9jb21wdXRlIG11bHRpcGxlIGtleXMgb24gYSBnaXZlbg0g
ICAgICAgIHBhY2tldC4NDSAgIDkuICAgUHJldmVudCBEb1MgYXR0YWNrcyBhcyB0aG9z
ZSBkZXNjcmliZWQgYXMgaW4tc2NvcGUgaW4gdGhlDSAgICAgICAgdGhyZWF0cyBzZWN0
aW9uIFNlY3Rpb24gMi4xIGFib3ZlBS4NDSAgIDEwLiAgRGVmYXVsdAUgbWVjaGFuaXNt
cyBhbmQgYWxnb3JpdGhtcyBzcGVjaWZpZWQgYW5kIGRlZmluZWQgYXJlDSAgICAgICAg
UkVRVUlSRUQgZm9yIGFsbCBpbXBsZW1lbnRhdGlvbnMuDQ0gICAxMS4gIEZvciBiYWNr
d2FyZCBjb21wYXRpYmlsdHljb21wYXRpYmlsaXR5IHJlYXNvbnMsIG1hbnVhbCBrZXlp
bmcgTVVTVCBiZQ0gICAgICAgIHN1cHBvcnRlZC4NDSAgIDEyLiAgQXJjaGl0ZWN0dXJl
IG9mIHRoZSBzcGVjaWZpY2F0aW9uIFNIT1VMRCBjb25zaWRlciBhbmQgYWxsb3cgZm9y
DSAgICAgICAgZnV0dXJlIHVzZSBvZiBhIEtNUC4NDSAgIDEzLiAgVGhlIGF1dGhlbnRp
Y2F0aW9uBSBtZWNoYW5pc20gaW4gdGhlIFJvdXRpbmcgUHJvdG9jb2wgTVVTVCBiZQ0g
ICAgICAgIGRlY291cGxlZCBmcm9tIHRoZSBrZXkgbWFuYWdlbWVudCBzeXN0ZW0gdXNl
ZC4gIEl0IE1VU1QgYmUNICAgICAgICBvYnZpb3VzIGhvdyB0aGUga2V5aW5nIG1hdGVy
aWFsIHdhcyBvYnRhaW5lZCwgYW5kIHRoZSBwcm9jZXNzDSAgICAgICAgZm9yIG9idGFp
bmluZyB0aGUga2V5aW5nIG1hdGVyaWFsIE1VU1QgZXhpc3Qgb3V0c2lkZSBvZiB0aGUN
ICAgICAgICBSb3V0aW5nIFByb3RvY29sLiAgVGhpcyB3aWxsIGFsbG93IGZvciB0aGUg
dmFyaW91cyBrZXkNICAgICAgICBnZW5lcmF0aW9uIG1ldGhvZHMsIGxpa2UgbWFudWFs
IGtleXMgYW5kIEtNUHMsIHRvIGJlIHVzZWQgd2l0aA0gICAgICAgIHRoZSBzYW1lIFJv
dXRpbmcgUHJvdG9jb2wgbWVjaGFuaXNtLg0NICAgMTQuICBDb252ZXJnZW5jZSB0aW1l
cyBvZiB0aGUgUm91dGluZyBQcm90b2NvbHMgU0hPVUxEIE5PVCBiZQ0gICAgICAgIG1h
dGVyaWFsbHkgYWZmZWN0ZWQuICBNYXRlcmlhbGx5IGhlcmUgaXMgZGVmaW5lZCBhcyBh
bnl0aGluZw0gICAgICAgIGdyZWF0ZXIgdGhhbiBhIDUlIGNvbnZlcmdlbmNlIHRpbWUg
aW5jcmVhc2UFLiAgTm90ZSB0aGF0DSAgICAgICAgY29udmVyZ2VuY2UgaXMgZGlmZmVy
ZW50IHRoYW4gYm9vdCB0aW1lLiAgQWxzbyBub3RlIHRoYXQNICAgICAgICBjb252ZXJn
ZW5jZSB0aW1lIGhhcyBhIGxvdCB0byBkbyB3aXRoIHRoZSBzcGVlZCBvZiBwcm9jZXNz
b3JzDQ0NDUxlYm92aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAs
IDIwMTEgICAgICAgICAgICAgIFtQYWdlIDE4XQ0MDUludGVybmV0LURyYWZ0ICAgICAg
ICBLQVJQIFRocmVhdHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAx
MQ0NDSAgICAgICAgdXNlZCBvbiBpbmRpdmlkdWFsIHJvdXRpbmcgcGVlcnMsIGFuZCB0
aGlzIHByb2Nlc3NpbmcgcG93ZXINICAgICAgICBpbmNyZWFzZXMgYnkgTW9vcmUncyBs
YXcgb3ZlciB0aW1lLCBtZWFuaW5nIHRoYXQgdGhlIHNhbWUgcm91dGUNICAgICAgICBj
YWxjdWxhdGlvbnMgYW5kIHRhYmxlIHBvcHVsYXRpb24gcm91dGluZXMgd2lsbCBkZWNy
ZWFzZSBpbg0gICAgICAgIGR1cmF0aW9uIG92ZXIgdGltZS4gIFRoZXJlZm9yZSwgdGhp
cyByZXF1aXJlbWVudCBzaG91bGQgYmUNICAgICAgICBjb25zaWRlcmVkIG9ubHkgaW4g
dGVybXMgb2YgdG90YWwgbnVtYmVyIG9mIHByb3RvY29sIHBhY2tldHMNICAgICAgICB0
aGF0IG11c3QgYmUgZXhjaGFuZ2VkLCBhbmQgbGVzcyBmb3IgdGhlIGNvbXB1dGF0aW9u
YWwgaW50ZW5zaXR5DSAgICAgICAgb2YgcHJvY2Vzc2luZyBhbnkgb25lIG1lc3NhZ2Uu
ICBBbHRlcm5hdGl2ZWx5IHRoaXMgY2FuIGJlDSAgICAgICAgc2ltcGxpZmllZCBieSBz
YXlpbmcgdGhhdCB0aGUgbmV3IG1lY2hhbmlzbXMgc2hvdWxkIG9ubHkgcmVzdWx0DSAg
ICAgICAgaW4gYSBtaW5pbWFsIGluY3JlYXNlIGluIHRoZSBudW1iZXIgb2Ygcm91dGlu
ZyBwcm90b2NvbCBwYWNrZXRzDSAgICAgICAgcGFzc2VkIGJldHdlZW4gdGhlIHBlZXJz
Lg0NICAgMTUuICBUaGUgY2hhbmdlcyB0byBvciBhZGRpdGlvbiBvZiBzZWN1cml0eSBt
ZWNoYW5pc21zIFNIT1VMRCBOT1QgY2F1c2UNICAgICAgICBhIHJlZnJlc2ggb2Ygcm91
dGUgdXBkYXRlcwUgb3IgY2F1c2UgYWRkaXRpb25hbCByb3V0ZSB1cGRhdGVzIHRvDSAg
ICAgICAgYmUgZ2VuZXJhdGVkLg0NICAgMTYuICBSb3V0ZXIgaW1wbGVtZW50YXRpb25z
IHByb3ZpZGUgcHJpb3JpdGl6ZWQgdHJlYXRtZW50IHRvIGZvciBjZXJ0YWluDSAgICAg
ICAgcHJvdG9jb2wgcGFja2V0cy4gIEZvciBleGFtcGxlLCBPU1BGIEhFTExPIHBhY2tl
dHMgYW5kIEFDS3MgYXJlDSAgICAgICAgcHJpb3JpdGl6ZWQgZm9yIHByb2Nlc3Npbmcg
YWJvdmUgb3RoZXIgT1NQRiBwYWNrZXRzLiAgVGhlDSAgICAgICAgYXV0aGVudGljYXRp
b24gbWVjaGFuaXNtIFNIT1VMRCBOT1QgaW50ZXJmZXJlIHdpdGggdGhlIGFiaWxpdHkN
ICAgICAgICB0byBvYnNlcnZlIGFuZCBlbmZvcmNlIHN1Y2ggcHJpb3JpdGl6YXRpb24F
LiAgQW55IGVmZmVjdCBvbiBzdWNoDSAgICAgICAgcHJpb3JpdHkgbWVjaGFuaXNtcyBN
VVNUIGJlIGV4cGxpY2l0bHkgZG9jdW1lbnRlZCBhbmQNICAgICAgICBqdXN0aWZpZWQu
IFJlcGxheSBtZWNoYW5pc21zIHByb3ZpZGVkIGJ5IHRoZSByb3V0aW5nIHByb3RvY29s
cw0gICAgICAgIE1VU1Qgd29yayBldmVuIGlmIGNlcnRhaW4gcHJvdG9jb2wgcGFja2V0
cyBhcmUgb2ZmZXJlZA0gICAgICAgIHByaW9yaXRpemVkIHRyZWF0bWVudC4NDSAgIDE3
LiAgVGhlIGF1dGhlbnRpY2F0aW9uIG1lY2hhbmlzbSBkb2VzIG5vdCBwcm92aWRlIG1l
c3NhZ2UNICAgICAgICBjb25maWRlbnRpYWxpdHksIGJ1dCBTSE9VTEQgTk9UIHByZWNs
dWRlIHRoZSBwb3NzaWJpbGl0eSBvZg0gICAgICAgIGNvbmZpZGVudGlhbGl0eSBzdXBw
b3J0IGJlaW5nIGFkZGVkIGluIHRoZSBmdXR1cmUFLg0NICAgMTguICBSb3V0aW5nIHBy
b3RvY29scyBNVVNUIG9ubHkgc2VuZCBtaW5pbWFsIGluZm9ybWF0aW9uIHJlZ2FyZGlu
Zw0gICAgICAgIHRoZSBhdXRoZW50aWNhdGlvbiBtZWNoYW5pc21zIGFuZCB0aGUgcGFy
YW1ldGVycyBpbiBpdHMgcHJvdG9jb2wNICAgICAgICBwYWNrZXRzIHRvIGF2b2lkIGV4
cG9zaW5nIHRoZSBpbmZvcm1hdGlvbiB0byBwYXJ0aWVzIG9uIHRoZQ0gICAgICAgIHBh
dGgFLg0NICAgMTkuICBJbiBtb3N0IHJvdXRpbmcgcHJvdG9jb2xzIChlLmcuLCBPU1BG
IFtSRkMyMzI4XSwgSVMtSVMgW1JGQzExOTVdLCBCRkQNICAgICAgICBbUkZDNTg4MF0s
IFJJUCBbUkZDMjQ1M10sIGV0Yy4pLCBhbGwgc3BlYWtlcnMgc2hhcmUgdGhlIHNhbWUg
a2V5DSAgICAgICAgb24gYSBicm9hZGNhc3Qgc2VnbWVudC4gIFBvc3Nlc3Npb24gb2Yg
dGhlIGtleSBpdHNlbGYgaXMgdXNlZA0gICAgICAgIGZvciBpZGVudGl0eSB2YWxpZGF0
aW9uLCBhbmQgbm8gb3RoZXIgaWRlbnRpdHkgY2hlY2sgaXMgdXNlZC4NICAgICAgICBU
aGlzIG9wZW5zIGEgd2luZG93IGZvciBhbiBhdHRhY2sgd2hlcmUgdGhlIHNlbmRlciBj
YW4NICAgICAgICBtYXNxdWVyYWRlIGFzIHNvbWUgb3RoZXIgbmVpZ2hib3IuICBSb3V0
aW5nIHByb3RvY29scyBTSE9VTEQNICAgICAgICB0aHVzIHVzZSBzb21lIG90aGVyIGlu
Zm9ybWF0aW9uIGJlc2lkZXMgdGhlIGtleSB0byB2YWxpZGF0ZSBhdXRoZW50aWNhdGUg
YQ0gICAgICAgIG5laWdoYm9yLiAgT25lIGNvdWxkIGxvb2sgYXQgW1JGQzYwMzldIGZv
ciBkZXRhaWxzIG9uIHN1Y2gNICAgICAgICBhdHRhY2tzBS4NDSAgIDIwLiAgUm91dGlu
ZyBwcm90b2NvbHMgdGhhdCByZWx5IG9uIHRoZSBJUCBoZWFkZXIgKG9yIGluZm9ybWF0
aW9uDSAgICAgICAgYmV5b25kIHNlcGFyYXRlIGZyb20gdGhlIHJvdXRpbmcgcHJvdG9j
b2wgcGF5bG9hZCkgdG8gaWRlbnRpZnkgdGhlIG5laWdoYm9yDSAgICAgICAgd2hpY2gg
dGhhdCBvcmlnaW5hdGVkIHRoZSBwYWNrZXQsIG11c3QgTVVTVCBlaXRoZXIgcHJvdGVj
dCB0aGUgSVAgaGVhZGVyIG9yDSAgICAgICAgcHJvdmlkZSBzb21lIG90aGVyIG1lYW5z
IHRvIGlkZW50aWZ5BSB0aGUgbmVpZ2hib3IuICBbUkZDNjAzOV0NDQ0NTGVib3ZpdHos
IGV0IGFsLiAgICAgICAgRXhwaXJlcyBEZWNlbWJlciAyMCwgMjAxMSAgICAgICAgICAg
ICAgW1BhZ2UgMTldDQwNSW50ZXJuZXQtRHJhZnQgICAgICAgIEtBUlAgVGhyZWF0cyBh
bmQgUmVxdWlyZW1lbnRzICAgICAgICAgICAgSnVuZSAyMDExDQ0NICAgICAgICBkZXNj
cmliZXMgc29tZSBhdHRhY2tzIHRoYXQgYXJlIGJhc2VkIG9uIHRoaXMuDQ0gICAyMS4g
IFRoZSBFdmVyeSBuZXcgKEtBUlAtZGV2ZWxvcGVkKSBzZWN1cml0eSBhbmQgYXV0aGVu
dGljYXRpb24gbWVjaGFuaXNtcyBNVVNUIHN1cHBvcnQNICAgICAgICBpbmNyZW1lbnRh
bCBkZXBsb3ltZW50LiAgSXQgd2lsbCBub3QgYmUgZmVhc2libGUgdG8gZGVwbG95IGEg
bmV3DSAgICAgICAgUm91dGluZyBQcm90b2NvbCBhdXRoZW50aWNhdGlvbiBtZWNoYW5p
c20gdGhyb3VnaG91dCB0aGUgYSBuZXR3b3JrDSAgICAgICAgaW5zdGFudGFuZW91c2x5
LiAgSXQgYWxzbyBtYXkgbm90IGJlIHBvc3NpYmxlIHRvIGRlcGxveSBzdWNoIGENICAg
ICAgICBtZWNoYW5pc20gdG8gYWxsIHJvdXRlcnMgaW4gYSBsYXJnZSBhdXRvbm9tb3Vz
IHN5c3RlbSAoQVMpIGF0DSAgICAgICAgb25lIHRpbWUuICBQcm9wb3NlZCBzb2x1dGlv
bnMgU0hPVUxEBSBzdXBwb3J0IGFuIGluY3JlbWVudGFsDSAgICAgICAgZGVwbG95bWVu
dCBtZXRob2QgdGhhdCBwcm92aWRlcyBzb21lIGJlbmVmaXQgZm9yIHRob3NlIHdobw0g
ICAgICAgIHBhcnRpY2lwYXRlLiAgQmVjYXVzZSBvZiB0aGlzLCB0aGVyZSBhcmUgc2V2
ZXJhbCByZXF1aXJlbWVudHMNICAgICAgICB0aGF0IGFueSBwcm9wb3NlZCBLQVJQIG1l
Y2hhbmlzbSBzaG91bGQgY29uc2lkZXIuDQ0gICAgICAgIEEuICBUaGUgUm91dGluZyBQ
cm90b2NvbCBzZWN1cml0eSBtZWNoYW5pc20gTVVTVCBlbmFibGUgZWFjaA0gICAgICAg
ICAgICByb3V0ZXIgdG8gY29uZmlndXJlIHVzZSBvZiB0aGUgc2VjdXJpdHkgbWVjaGFu
aXNtIG9uIGEgcGVyLQ0gICAgICAgICAgICBwZWVyIGJhc2lzIHdoZXJlIHRoZSBjb21t
dW5pY2F0aW9uIGlzIG9uZS1vbi1vbmVwZWVyLXRvLXBlZXIgKHVuaWNhc3QpLg0NICAg
ICAgICBCLiAgVGhlIEV2ZXJ5IG5ldyAoS0FSUC1kZXZlbG9wZWQpIHNlY3VyaXR5ICBt
ZWNoYW5pc20gTVVTVCBwcm92aWRlIGJhY2t3YXJkIGNvbXBhdGliaWxpdHkNICAgICAg
ICAgICAgaW4gdGhlIG1lc3NhZ2UgZm9ybWF0dGluZywgdHJhbnNtaXNzaW9uLCBhbmQg
cHJvY2Vzc2luZyBvZg0gICAgICAgICAgICByb3V0aW5nIGluZm9ybWF0aW9uIGNhcnJp
ZWQgdGhyb3VnaCBhIG1peGVkIHNlY3VyaXR5DSAgICAgICAgICAgIGVudmlyb25tZW50
BS4gIE1lc3NhZ2UgZm9ybWF0dGluZyBpbiBhIGZ1bGx5IHNlY3VyZWQNICAgICAgICAg
ICAgZW52aXJvbm1lbnQgTUFZIGJlIGhhbmRsZWQgaW4gYSBub24tYmFja3dhcmQgY29t
cGF0aWJsZQ0gICAgICAgICAgICBmYXNoaW9uIHRob3VnaCBjYXJlIG11c3QgYmUgdGFr
ZW4gdG8gZW5zdXJlIHRoYXQgcm91dGluZw0gICAgICAgICAgICBwcm90b2NvbCBwYWNr
ZXRzIGNhbiB0cmF2ZXJzZSBpbnRlcm1lZGlhdGUgcm91dGVycyB3aGljaHRoYXQNICAg
ICAgICAgICAgZG9uJ3Qgc3VwcG9ydCB0aGUgbmV3IGZvcm1hdC4NDSAgICAgICAgQy4g
IEluIGFuIGVudmlyb25tZW50IHdoZXJlIGJvdGggc2VjdXJlZCBhbmQgbm9uLXNlY3Vy
ZWQgc3lzdGVtcw0gICAgICAgICAgICBhcmUgaW50ZXJvcGVyYXRpbmcsIGEgbWVjaGFu
aXNtIE1VU1QgZXhpc3QgZm9yIHNlY3VyZWQNICAgICAgICAgICAgc3lzdGVtcyB0byBp
ZGVudGlmeSB3aGV0aGVyIGFuIG9yaWdpbmF0b3IgcGVlcgUgaW50ZW5kZWQgdGhlDSAg
ICAgICAgICAgIGluZm9ybWF0aW9uIHRvIGJlIHNlY3VyZWQuDQ0gICAgICAgIEQuICBJ
biBhbiBlbnZpcm9ubWVudCB3aGVyZSBzZWN1cmVkIHNlcnZpY2UgaXMgaW4gdGhlIHBy
b2Nlc3Mgb2YNICAgICAgICAgICAgYmVpbmcgZGVwbG95ZWQsIGEgbWVjaGFuaXNtIE1V
U1QgZXhpc3QgdG8gc3VwcG9ydCBhDSAgICAgICAgICAgIHRyYW5zaXRpb24gZnJlZSBv
ZiBzZXJ2aWNlIGludGVycnVwdGlvbiAoY2F1c2VkIGJ5IHRoZQ0gICAgICAgICAgICBk
ZXBsb3ltZW50IHBlciBzZSkuDQ0gICAyMi4gIFRoZSBpbnRyb2R1Y3Rpb24gb2YgbWVj
aGFuaXNtcyB0byBpbXByb3ZlIHJvdXRpbmcgDWF1dGhlbnRpY2F0aW9uDSAgICAgICAg
YW5kIHNlY3VyaXR5IG1heSBpbmNyZWFzZSB0aGUgcHJvY2Vzc2luZyBwZXJmb3JtZWQg
YnkgYSByb3V0ZXIuDSAgICAgICAgU2luY2UgbW9zdCBvZiB0aGUgY3VycmVudGx5IGRl
cGxveWVkIHJvdXRlcnMgZG8gbm90IGhhdmUNICAgICAgICBoYXJkd2FyZSB0byBhY2Nl
bGVyYXRlIGNyeXB0b2dyYXBoaWMgb3BlcmF0aW9ucywgdGhlc2UNICAgICAgICBvcGVy
YXRpb25zIGNvdWxkIGltcG9zZSBhIHNpZ25pZmljYW50IHByb2Nlc3NpbmcgYnVyZGVu
IHVuZGVyDSAgICAgICAgc29tZSBjaXJjdW1zdGFuY2VzLiAgVGh1cyBwcm9wb3NlZCBz
b2x1dGlvbnMgc2hvdWxkIGJlIGV2YWx1YXRlZA0gICAgICAgIGNhcmVmdWxseSB3aXRo
IHJlZ2FyZCB0byB0aGUgcHJvY2Vzc2luZyBidXJkZW4gdGhleSBtYXkgaW1wb3NlLA0g
ICAgICAgIHNpbmNlIGRlcGxveW1lbnQgbWF5IGJlIGltcGVkZWQgaWYgbmV0d29yayBv
cGVyYXRvcnMgcGVyY2VpdmUNICAgICAgICB0aGF0IGEgc29sdXRpb24gd2lsbCBpbXBv
c2UgYSBwcm9jZXNzaW5nIGJ1cmRlbiB3aGljaCBlaXRoZXINICAgICAgICBwcm92b2tl
cyBpbmN1cnMgc3Vic3RhbnRpYWwgY2FwaXRhbCBleHBlbnNlLCBvciB0aHJlYXRlbnMg
dG8NICAgICAgICBkZXN0YWJpbGl6ZSByb3V0ZXJzLg0NDQ0NDUxlYm92aXR6LCBldCBh
bC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEgICAgICAgICAgICAgIFtQ
YWdlIDIwXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQIFRocmVhdHMgYW5kIFJl
cXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDSAgIDIzLiAgR2l2ZW4gdGhl
IGhpZ2ggbnVtYmVyBSBvZiByb3V0ZXJzIHRoYXQgd291bGQgcmVxdWlyZSB0aGUgbmV3
DSAgICAgICAgYXV0aGVudGljYXRpb24gbWVjaGFuaXNtcyBpbiBhIHR5cGljYWwgSVNQ
IGRlcGxveW1lbnQsIHNvbHV0aW9ucw0gICAgICAgIGNhbiBpbmNyZWFzZSB0aGVpciBh
cHBlYWwgYnkgbWluaW1pemluZyB0aGUgYnVyZGVuIGltcG9zZWQgb24NICAgICAgICBh
bGwgcm91dGVycyBpbiBmYXZvciBvZiBjb25maW5pbmcgc2lnbmlmaWNhbnQgd29yayBs
b2FkcyB0byBhDSAgICAgICAgcmVsYXRpdmVseSBzbWFsbCBudW1iZXIgb2YgZGV2aWNl
cy4gIE9wdGlvbmFsIGZlYXR1cmVzIG9yDSAgICAgICAgaW5jcmVhc2VkIGFzc3VyYW5j
ZSB0aGF0IHByb3Zva2VzIGVuZ2VuZGVycyBtb3JlIHBlcnZhc2l2ZSBwcm9jZXNzaW5n
IGxvYWRzDSAgICAgICAgTUFZIGJlIG1hZGUgYXZhaWxhYmxlIGZvciBkZXBsb3ltZW50
cyB3aGVyZSB0aGUgYWRkaXRpb25hbA0gICAgICAgIHJlc291cmNlcyBhcmUgZWNvbm9t
aWNhbGx5IGp1c3RpZmlhYmxlLg0NICAgMjQuICBUaGUgbk5ldyBhdXRoZW50aWNhdGlv
biBhbmQgc2VjdXJpdHkgbWVjaGFuaXNtcyBzaG91bGQgbm90IHJlbHkNICAgICAgICBv
biBzeXN0ZW1zIGV4dGVybmFsIHRvIHRoZSByb3V0aW5nIHN5c3RlbSAodGhlIGVxdWlw
bWVudCB0aGF0IGlzDSAgICAgICAgcGVyZm9ybWluZyBmb3J3YXJkaW5nBSkuICBJbiBv
cmRlciB0byBlbnN1cmUgdGhlIHJhcGlkDSAgICAgICAgaW5pdGlhbGl6YXRpb24gYW5k
L29yIHJldHVybiB0byBzZXJ2aWNlIG9mIGZhaWxlZCBub2RlcyBpdCBpcw0gICAgICAg
IGltcG9ydGFudCB0byByZWR1Y2UgcmVsaWFuY2Ugb24gdGhlc2UgZXh0ZXJuYWwgc3lz
dGVtcyB0byB0aGUNICAgICAgICBncmVhdGVzdCBleHRlbnQgcG9zc2libGUuICBUaGVy
ZWZvcmUsIHByb3Bvc2VkIHNvbHV0aW9ucyBTSE9VTEQNICAgICAgICBOT1QgcmVxdWly
ZSBjb25uZWN0aW9ucyB0byBleHRlcm5hbCBzeXN0ZW1zLCBiZXlvbmQgdGhvc2UNICAg
ICAgICBkaXJlY3RseSBpbnZvbHZlZCBpbiBwZWVyaW5nIHJlbGF0aW9uc2hpcHMsIGlu
IG9yZGVyIHRvIHJldHVybg0gICAgICAgIHRvIGZ1bGwgc2VydmljZS4gIEl0IGlzLCBo
b3dldmVyLCBhY2NlcHRhYmxlIGZvciB0aGUgcHJvcG9zZWQNICAgICAgICBzb2x1dGlv
bnMgdG8gcmVxdWlyZSBwb3N0IGluaXRpYWxpemF0aW9uIHN5bmNocm9uaXphdGlvbiB3
aXRoDSAgICAgICAgZXh0ZXJuYWwgc3lzdGVtcyBpbiBvcmRlciB0byBmdWxseSBzeW5j
aHJvbml6ZSB0aGUgc2VjdXJpdHkNICAgICAgICBpbmZvcm1hdGlvbi4NDQ0NDQ0NDQ0N
DQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJl
cyBEZWNlbWJlciAyMCwgMjAxMSAgICAgICAgICAgICAgW1BhZ2UgMjFdDQwNSW50ZXJu
ZXQtRHJhZnQgICAgICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAg
ICAgICAgSnVuZSAyMDExDQ0NNC4gIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zDQ0gICBU
aGlzIGRvY3VtZW50IGlzIG1vc3RseSBhYm91dCBzZWN1cml0eSBjb25zaWRlcmF0aW9u
cyBmb3IgdGhlIEtBUlANICAgZWZmb3J0cywgYm90aCB0aHJlYXRzIGFuZCByZXF1aXJl
bWVudHMgZm9yIHNvbHZpbmcgYWRkcmVzc2luZyB0aG9zZSB0aHJlYXRzLg0gICBNb3Jl
IGRldGFpbGVkIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHdlcmUgcGxhY2VkIGluIHRo
ZSBTZWN1cml0eQ0gICBDb25zaWRlcmF0aW9ucyBzZWN0aW9uIG9mIHRoZSBLQVJQIERl
c2lnbiBHdWlkZQ0gICBbSS1ELmlldGYta2FycC1kZXNpZ24tZ3VpZGVdIGRvY3VtZW50
Lg0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDUxlYm92
aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEgICAgICAg
ICAgICAgIFtQYWdlIDIyXQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQIFRocmVh
dHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDTUuICBJQU5B
IENvbnNpZGVyYXRpb25zDQ0gICBUaGlzIGRvY3VtZW50IGhhcyBubyBhY3Rpb25zIGZv
ciBJQU5BLg0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N
DQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDIwLCAy
MDExICAgICAgICAgICAgICBbUGFnZSAyM10NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAg
S0FSUCBUaHJlYXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBKdW5lIDIwMTEN
DQ02LiAgQWNrbm93bGVkZ2VtZW50cw0NICAgVGhlIG1ham9yaXR5IG9mIHRoZSB0ZXh0
IGZvciB2ZXJzaW9uIC0wMCBvZiB0aGlzIGRvY3VtZW50IHdhcyB0YWtlbg0gICBmcm9t
IGRyYWZ0LWxlYm92aXR6LWthcnAtcm9hZG1hcCwgYXV0aG9yZWQgYnkgR3JlZ29yeSBM
ZWJvdml0ei4NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N
DQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAgICBFeHBpcmVzIERlY2VtYmVyIDIwLCAy
MDExICAgICAgICAgICAgICBbUGFnZSAyNF0NDA1JbnRlcm5ldC1EcmFmdCAgICAgICAg
S0FSUCBUaHJlYXRzIGFuZCBSZXF1aXJlbWVudHMgICAgICAgICAgICBKdW5lIDIwMTEN
DQ03LiAgUmVmZXJlbmNlcw0NNy4xLiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMNDSAgIFtS
RkMyMTE5XSAgQnJhZG5lciwgUy4sICJLZXkgd29yZHMgZm9yIHVzZSBpbiBSRkNzIHRv
IEluZGljYXRlDSAgICAgICAgICAgICAgUmVxdWlyZW1lbnQgTGV2ZWxzIiwgQkNQIDE0
LCBSRkMgMjExOSwgTWFyY2ggMTk5Ny4NDSAgIFtSRkM0NTkzXSAgQmFyYmlyLCBBLiwg
TXVycGh5LCBTLiwgYW5kIFkuIFlhbmcsICJHZW5lcmljIFRocmVhdHMgdG8NICAgICAg
ICAgICAgICBSb3V0aW5nIFByb3RvY29scyIsIFJGQyA0NTkzLCBPY3RvYmVyIDIwMDYu
DQ0gICBbUkZDNDk0OF0gIEFuZGVyc3NvbiwgTC4sIERhdmllcywgRS4sIGFuZCBMLiBa
aGFuZywgIlJlcG9ydCBmcm9tIHRoZQ0gICAgICAgICAgICAgIElBQiB3b3Jrc2hvcCBv
biBVbndhbnRlZCBUcmFmZmljIE1hcmNoIDktMTAsIDIwMDYiLA0gICAgICAgICAgICAg
IFJGQyA0OTQ4LCBBdWd1c3QgMjAwNy4NDTcuMi4gIEluZm9ybWF0aXZlIFJlZmVyZW5j
ZXMNDSAgIFtJLUQuaWV0Zi1rYXJwLWRlc2lnbi1ndWlkZV0NICAgICAgICAgICAgICBM
ZWJvdml0eiwgRy4gYW5kIE0uIEJoYXRpYSwgIktleWluZyBhbmQgQXV0aGVudGljYXRp
b24gZm9yDSAgICAgICAgICAgICAgUm91dGluZyBQcm90b2NvbHMgKEtBUlApIERlc2ln
biBHdWlkZWxpbmVzIiwNICAgICAgICAgICAgICBkcmFmdC1pZXRmLWthcnAtZGVzaWdu
LWd1aWRlLTAyICh3b3JrIGluIHByb2dyZXNzKSwNICAgICAgICAgICAgICBNYXJjaCAy
MDExLg0NICAgW0lTUjIwMDhdICBNY1BoZXJzb24sIEQuIGFuZCBDLiBMYWJvdml0eiwg
Ildvcmxkd2lkZSBJbmZyYXN0cnVjdHVyZQ0gICAgICAgICAgICAgIFNlY3VyaXR5IFJl
cG9ydCIsIE9jdG9iZXIgMjAwOCwNICAgICAgICAgICAgICA8aHR0cDovL3d3dy5hcmJv
cm5ldHdvcmtzLmNvbS9kbWRvY3VtZW50cy9JU1IyMDA4X1VTLnBkZj4uDQ0gICBbUkZD
MTE5NV0gIENhbGxvbiwgUi4sICJVc2Ugb2YgT1NJIElTLUlTIGZvciByb3V0aW5nIGlu
IFRDUC9JUCBhbmQNICAgICAgICAgICAgICBkdWFsIGVudmlyb25tZW50cyIsIFJGQyAx
MTk1LCBEZWNlbWJlciAxOTkwLg0NICAgW1JGQzIzMjhdICBNb3ksIEouLCAiT1NQRiBW
ZXJzaW9uIDIiLCBTVEQgNTQsIFJGQyAyMzI4LCBBcHJpbCAxOTk4Lg0NICAgW1JGQzI0
NTNdICBNYWxraW4sIEcuLCAiUklQIFZlcnNpb24gMiIsIFNURCA1NiwgUkZDIDI0NTMs
DSAgICAgICAgICAgICAgTm92ZW1iZXIgMTk5OC4NDSAgIFtSRkMzNTYyXSAgTGVlY2gs
IE0uLCAiS2V5IE1hbmFnZW1lbnQgQ29uc2lkZXJhdGlvbnMgZm9yIHRoZSBUQ1AgTUQ1
DSAgICAgICAgICAgICAgU2lnbmF0dXJlIE9wdGlvbiIsIFJGQyAzNTYyLCBKdWx5IDIw
MDMuDQ0gICBbUkZDNDI3MV0gIFJla2h0ZXIsIFkuLCBMaSwgVC4sIGFuZCBTLiBIYXJl
cywgIkEgQm9yZGVyIEdhdGV3YXkNICAgICAgICAgICAgICBQcm90b2NvbCA0IChCR1At
NCkiLCBSRkMgNDI3MSwgSmFudWFyeSAyMDA2Lg0NICAgW1JGQzQzMDFdICBLZW50LCBT
LiBhbmQgSy4gU2VvLCAiU2VjdXJpdHkgQXJjaGl0ZWN0dXJlIGZvciB0aGUNICAgICAg
ICAgICAgICBJbnRlcm5ldCBQcm90b2NvbCIsIFJGQyA0MzAxLCBEZWNlbWJlciAyMDA1
Lg0NICAgW1JGQzQ5NDldICBTaGlyZXksIFIuLCAiSW50ZXJuZXQgU2VjdXJpdHkgR2xv
c3NhcnksIFZlcnNpb24gMiIsDSAgICAgICAgICAgICAgUkZDIDQ5NDksIEF1Z3VzdCAy
MDA3Lg0NICAgW1JGQzUwMzZdICBBbmRlcnNzb24sIEwuLCBNaW5laSwgSS4sIGFuZCBC
LiBUaG9tYXMsICJMRFANICAgICAgICAgICAgICBTcGVjaWZpY2F0aW9uIiwgUkZDIDUw
MzYsIE9jdG9iZXIgMjAwNy4NDQ0NTGVib3ZpdHosIGV0IGFsLiAgICAgICAgRXhwaXJl
cyBEZWNlbWJlciAyMCwgMjAxMSAgICAgICAgICAgICAgW1BhZ2UgMjVdDQwNSW50ZXJu
ZXQtRHJhZnQgICAgICAgIEtBUlAgVGhyZWF0cyBhbmQgUmVxdWlyZW1lbnRzICAgICAg
ICAgICAgSnVuZSAyMDExDQ0NICAgW1JGQzUzMTBdICBCaGF0aWEsIE0uLCBNYW5yYWws
IFYuLCBMaSwgVC4sIEF0a2luc29uLCBSLiwgV2hpdGUsIFIuLA0gICAgICAgICAgICAg
IGFuZCBNLiBGYW50bywgIklTLUlTIEdlbmVyaWMgQ3J5cHRvZ3JhcGhpYw0gICAgICAg
ICAgICAgIEF1dGhlbnRpY2F0aW9uIiwgUkZDIDUzMTAsIEZlYnJ1YXJ5IDIwMDkuDQ0g
ICBbUkZDNTcwOV0gIEJoYXRpYSwgTS4sIE1hbnJhbCwgVi4sIEZhbnRvLCBNLiwgV2hp
dGUsIFIuLCBCYXJuZXMsIE0uLA0gICAgICAgICAgICAgIExpLCBULiwgYW5kIFIuIEF0
a2luc29uLCAiT1NQRnYyIEhNQUMtU0hBIENyeXB0b2dyYXBoaWMNICAgICAgICAgICAg
ICBBdXRoZW50aWNhdGlvbiIsIFJGQyA1NzA5LCBPY3RvYmVyIDIwMDkuDQ0gICBbUkZD
NTg4MF0gIEthdHosIEQuIGFuZCBELiBXYXJkLCAiQmlkaXJlY3Rpb25hbCBGb3J3YXJk
aW5nIERldGVjdGlvbg0gICAgICAgICAgICAgIChCRkQpIiwgUkZDIDU4ODAsIEp1bmUg
MjAxMC4NDSAgIFtSRkM1OTI1XSAgVG91Y2gsIEouLCBNYW5raW4sIEEuLCBhbmQgUi4g
Qm9uaWNhLCAiVGhlIFRDUA0gICAgICAgICAgICAgIEF1dGhlbnRpY2F0aW9uIE9wdGlv
biIsIFJGQyA1OTI1LCBKdW5lIDIwMTAuDQ0gICBbUkZDNjAzOV0gIE1hbnJhbCwgVi4s
IEJoYXRpYSwgTS4sIEphZWdnbGksIEouLCBhbmQgUi4gV2hpdGUsICJJc3N1ZXMNICAg
ICAgICAgICAgICB3aXRoIEV4aXN0aW5nIENyeXB0b2dyYXBoaWMgUHJvdGVjdGlvbiBN
ZXRob2RzIGZvciBSb3V0aW5nDSAgICAgICAgICAgICAgUHJvdG9jb2xzIiwgUkZDIDYw
MzksIE9jdG9iZXIgMjAxMC4NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0N
DUxlYm92aXR6LCBldCBhbC4gICAgICAgIEV4cGlyZXMgRGVjZW1iZXIgMjAsIDIwMTEg
ICAgICAgICAgICAgIFtQYWdlIDI2XQ0MDUludGVybmV0LURyYWZ0ICAgICAgICBLQVJQ
IFRocmVhdHMgYW5kIFJlcXVpcmVtZW50cyAgICAgICAgICAgIEp1bmUgMjAxMQ0NDUF1
dGhvcnMnIEFkZHJlc3Nlcw0NICAgR3JlZ29yeSBMZWJvdml0eg0gICBKdW5pcGVyIE5l
dHdvcmtzLCBJbmMuDSAgIDExOTQgTm9ydGggTWF0aGlsZGEgQXZlLg0gICBTdW5ueXZh
bGUsIENhbGlmb3JuaWEgIDk0MDg5LTEyMDYNICAgVVNBDQ0gICBFbWFpbDogZ3JlZ29y
eS5pZXRmQGdtYWlsLmNvbQ0NDSAgIE1hbmF2IEJoYXRpYQ0gICBBbGNhdGVsLUx1Y2Vu
dA0gICBCYW5nYWxvcmUsDSAgIEluZGlhDQ0gICBQaG9uZToNICAgRW1haWw6IG1hbmF2
LmJoYXRpYUBhbGNhdGVsLWx1Y2VudC5jb20NDQ0gICBSdXNzIFdoaXRlDSAgIENpc2Nv
IFN5c3RlbXMNICAgVVNBDQ0gICBQaG9uZToNICAgRW1haWw6IHJ1c3NAY2lzY28uY29t
DQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ1MZWJvdml0eiwgZXQgYWwuICAgICAgICBF
eHBpcmVzIERlY2VtYmVyIDIwLCAyMDExICAgICAgICAgICAgICBbUGFnZSAyN10NDQVJ
IHRoaW5rIHRoaXMgY2hhcmFjdGVyaXphdGlvbiBpcyBtaXNsZWFkaW5nLiBJZiB0aGUg
Y29uY2VybiBpcyBhdHRhY2tzIGFnYWluc3QgdGhlIJN0cmFuc3BvcnRzlCB1c2VkIGJ5
IHJvdXRpbmcgcHJvdG9jb2xzLCB0aGVuIG5vIGF0dGFja3MgYWdhaW5zdCBzZWN1cml0
eSBtZWNoYW5pc21zIGJ1aWx0IGludG8gdGhlIHByb3RvY29scyB0aGVtc2VsdmVzIHdv
dWxkIGJlIGluIHNjb3BlLiAgIE1vc3Qgb2YgdGhlIHJvdXRpbmcgcHJvdG9jb2xzIGJl
aW5nIGRpc2N1c3NlZCBoYXZlIHNlY3VyaXR5IG1lY2hhbmlzbXMgYnVpbHQgaW50byB0
aGUgcHJvdG9jb2xzIHRoZW1zZWx2ZXMuDQVBbHRob3VnaCB0aGUgcGhyYXNlIJNvbiB0
aGUgd2lyZZQgaXMgdXNlZCBpbiB0aGUgS0FSUCBjaGFydGVyLiBJdCBzZWVtcyByZWR1
bmRhbnQuIFdoYXQgcm91dGluZyBwcm90b2NvbHMgZXhjaGFuZ2UgcGFja2V0cyB2aWEg
b3RoZXIgdGhhbiCTb24gdGhlIHdpcmWUIG1lYW5zPw0FUG9vciBjaG9pY2Ugb2YgdGVy
bXMsIHNpbmNlIG1vc3Qgb2YgdGhpcyBkb2N1bWVudCBzZWVtcyB0byBmb2N1cyBvbiB0
aGUgcm91dGluZyBwcm90b2NvbCBQRFVzLCBub3Qgb24gdHJhbnNwb3J0IGxheWVyIHNl
Y3VyaXR5LiANBVRoaXMgZGVmaW5pdGlvbiBleGNsdWRlcyBtdWx0aWNhc3Qga2V5cyAo
k2JvdGggcGVlcnOUIGFuZCB0aGUgcGhyYXNlIJNzZWN1cmUgY29uZmlndXJhdGlvbpQg
aXMgYXQgYmVzdCByZWR1bmRhbnQuIFRoZSCTdXN1YWxseSBleGNoYW5nZWQgb3V0IG9m
IGJhbmSUIGlzIGFuIG9kZCBjaGFyYWN0ZXJpemF0aW9uLiBXaGVuIGlzIGEgUFNLIG5v
dCBjb25maWd1cmVkIGluIGFuIE9PQiBmYXNoaW9uPyBBbmQsIGlmIHRoZSBrZXkgY29t
ZXMgZnJvbSBhIHRoaXJkIHBhcnR5LCBpdCB3b3VsZCBtb3JlIGFjY3VyYXRlbHkgZGVz
Y3JpYmVkIGFzIGhhdmluZyBiZWVuIJNkaXN0cmlidXRlZJQgdG8gdGhlIHBlZXJzLCB2
cy4gk2V4Y2hhbmdlZC6UIFRoZSBzZWNvbmQgc3RyaW5nIG9mIHdvcmRzIGluIHRoZSBk
ZWZpbml0aW9uIGlzIG5vdCBhIHNlbnRlbmNlLg0FRG8geW91IG1lYW4gdGhlIG91dHB1
dCBvZiBhIERIIGV4Y2hhbmdlPyANBVdoeSBkaXN0aW5ndWlzaCBiZXR3ZWVuIGkgYW5k
IGlpaT8NBUlzIHRoZSBpbnRlbnQgdG8gY2FwdHVyZSBhIGh1bWFuIG1lbW9yYWJsZSBz
ZWNyZXQgdmFsdWUgaGVyZT8gSWYgc28sIHRoZW4ganVzdCBzYXkgdGhhdC4NBU5vdCBh
bHdheXMgYXV0aGVudGljYXRlZC4NBVRoZXkgaXMgcGx1cmFsLCBidXQgdGhlICAoYXBw
YXJlbnQpIGFudGVjZWRlbnQgk3BlZXKUIGlzIHNpbmd1bGFyLg0FV2h5IGlzIHRoaXMg
bm90IGp1c3Qgk2F1dGhlbnRpY2F0aW9uP5QNBU5vdCB0aGUganVzdCBmb3JtLCB0aGUg
c3BlY2lmaWMgaWRlbnRpdHkgcGVyIHNlLg0FQWdhaW4sIHRoZW1zZWx2ZXMgaXMgcGx1
cmFsLCBidXQgdGhlIGFudGVjZWRlbnQgaXMgcGVlciwgYSBzaW5ndWxhciBub3VuIQ0F
k0JldHdlZW6UIGltcGxpZXMgcGFpcndpc2UuIERvIHlvdSBtZWFucyB0byBleGNsdWRl
IG11bHRpY2FzdCBvciBncm91cCBrZXlpbmc/DQVBIHJhdyBhc3ltbWV0cmljIGtleSB0
aGF0IGlzIG5vdCBhIFBTSyBkb2VzIG5vdCBwcm92aWRlIGEgYmFzaXMgZm9yIHByb29m
IG9mIGlkZW50aXR5Lg0FQSBjZXJ0aWZpY2F0ZSBpcyBub3QgbWVyZWx5IGEgk21vcmUg
dXNlciAgZnJpZW5kbHkgcmVwcmVzZW50YXRpb24ghZQgDQVUaGlzIHNlbnRlbmNlIGlz
IGFtYmlndW91cy4NBSCTc29tZXdoYXQgbG93ZXI/lCBhbiBTUyBjZXJ0aWZpY2F0ZSBw
cm92aWRlcyBubyBwcm9vZiBvZiBpZGVudGl0eS4gSXQgaXMgYSBjb252ZW5pZW50IGZv
cm1hdCBmb3IgY29udmV5YW5jZSBvZiBhIHB1YmxpYyBrZXksIGFsZ29yaXRobSBpbmZv
LCAgYW5kIGEgcHVycG9ydGVkIGlkZW50aXR5DQV1c2UgdGhlIFJGQyA0OTQ5IGRlZmlu
dGlvbjogk0EgcmVsYXRpb25zaGlwIGVzdGFibGlzaGVkIGJldHdlZW4gdHdvIG9yIG1v
cmUgZW50aXRpZXMgdG8gZW5hYmxlIHRoZW0gdG8gcHJvdGVjdCBkYXRhIHRoZXkgZXhj
aGFuZ2UulA0Fd2hhdCBpcyBhIHNlc3Npb24sIGFuZCBkb2VzIG9uZSBTQSBwcm90ZWN0
aW9uIG11bHRpcGxlIHNlc3Npb25zLCBhcyBzdWdnZXN0ZWQgaGVyZT8NBVNlZSBSRkMg
NDk0OSBmb3IgYSBiZXR0ZXIgZGVmaW5pdGlvbi4NBUFnYWluLCBzZWUgNDk0OSBmb3Ig
YSBiZXR0ZXIgYmFzZSBmb3IgdGhpcyBkZWZpbml0aW9uLg0FTm8gZ3JvdXAga2V5cyBo
ZXJlPyBQYWlyd2lzZSBpbXBsaWVzICB0aGF0IGV4YWN0bHkgMiBlbnRpdGllcyBzaGFy
ZSBhIGtleQ0FTm90IGFsd2F5cz8NBVlvdSBoYXZlIG5vdCBkZWZpbmVkIGEgS01QIGtl
eSwgYW5kIEkgdGhpbmsgdGhlIHRlcm0gaXMgZ2VuZXJhbGx5IGFtYmlndW91cy4gRGlk
IHlvdSBtZWFuIEtFSyBvciBrZXkgYWdyZWVtZW50IGtleSwgb3Iga2V5IGRpc3RyaWJ1
dGlvbiAga2V5PyANBSBub3QgYWNjdXJhdGUuIEFuIFJTQSBwdWJsaWMga2V5IG9mdGVu
IGlzIHVzZWQgdG8gcHJvdmUgaWRlbnRpdHksIHlldCBpcyBub3QgcGFpcndpc2UgKGFz
IHRoZSBvcmlnaW5hbGx5IHdvcmRpbmcgb2YgdGhlIHNlbnRlbmNlIGltcGxpZWQpDQVB
IHRyYWZmaWMga2V5IGlzIG9uZSBrZXkuIE1vcmUgdGhhbiBvbmUgdHJhZmZpYyBrZXkg
bWF5IGJlIHVzZWQgdG8gcHJvdGVjdCB0cmFmZmljIG9uIGEgIGNvbm5lY3Rpb24sIGUu
Zy4sIElQc2VjIHVzZXMgb25lIGtleSBwZXIgKHVuaWNhc3QpIFNBLCBhbmQgYSB1bmlj
YXN0IFNBIGlzIHVuaWRpcmVjdGlvbmFsLg0FU2VydmljZXMgYXJlIG5vdCBtZWNoYW5p
c21zDQVXaHkgk21lc3NhZ2WUIGF1dGhlbnRpY2F0aW9uIGJ1dCCTcGFja2V0lCBpbnRl
Z3JpdHk/ICBEbyB5b3UgbWVhbnMgcm91dGluZyBwcm90b2NvbCBQRFVzPw0FV2h5IG5v
ICBjaXRlIGhlcmU/DQVQYWNrZXRzIG9yIHJvdXRpbmcgcHJvdG9jb2wgUERVcz8NBUZv
ciBPU1BGLCBJUy1JUyBhbmQgUklQLCB0aGUgYXV0aGVudGljYXRpb24gbWVjaGFuaXNt
cyBhcmUgTk9UIGJhc2VkIG9uIGEgZm9ybSBvZiB0cmFuc3BvcnQgKHByb3RvY29sKSBz
ZWN1cml0eTsgdGhleSBhcmUgYnVpbHQgaW50byB0aGUgcm91dGluZyBwcm90b2NvbHMg
cGVyIHNlLiBMRFAgY2FsbHMgZm9yIHVzZSBvZiBUTFMuIA0FSnVzdCBvbmU/DQVBZ2Fp
biwgZG8geW91IG1lYW4gcGFja2V0cyBvciAgcm91dGluZyBwcm90b2NvbCBQRFVzPw0F
Tm90IGEgc2VudGVuY2UsIGFuZCBhbWJpZ3VvdXMgYXMgd2VsbCAoLg0FQW5kPw0FRmly
c3QgdXNlLCBleHBhbmQgdGhlIGFjcm9ueW0NBUZpcnN0IHVzZSwgZXhwYW5kIHRoZSBh
Y3JvbnltDQVGaXJzdCB1c2UsIGV4cGFuZCB0aGUgYWNyb255bQ0FRG8geW91IG1lYW4g
VENQLU1ENSBvciBhbnkga2V5ZWQgTUQ1IGludGVncml0eSBmZWF0dXJlIG9mIGFuIElH
UD8NBVRoZXJlIGFyZSAzIGNvLWF1dGhvcnMsIHNvIJNteZQgaXMgaW5hcHByb3ByaWF0
ZSBoZXJlLg0FSG93IGRvZXMgdGhpcyBkaWZmZXIgZnJvbSBBIGFib3ZlPw0FU2VudGVu
Y2UgaXMgd2F5IHRvbyBsb25nLg0FTm90IGEgc2VudGVuY2UuDQVQbHVyYWwgaGVyZSwg
YnV0IGp1c3Qgb24gcm9hZG1hcCBpbiB0aGUgcHJldmlvdXMgc2VudGVuY2UgYW5kIHRo
cm91Z2hvdXQgdGhlIGRvY3VtZW50IHByZXZpb3VzbHkuIFdoaWNoIGlzIGl0Pw0FSnVz
dCB0aGUgZnJhbWV3b3JrPyBZb3UgY2l0ZWQgYW4gYXJjaGl0ZWN0dXJlIGFuZCBndWlk
ZWxpbmVzIGluIHRoZSBwcmV2aW9pdXMgc2VudGVuY2UNBU9kZCB0ZXJtLCBhcyBjcnlw
dG9ncmFwaGljIGF1dGhlbnRpY2F0aW9uIGlzIGEgc2VjdXJpdHkgbWVjaGFuaXNtLiBE
byB5b3UgbWVhbiCTcmVsYXRlZJQgaGVyZT8NBVlvdSBjaXRlIDQ5NDkgZm9yIHRoZSBk
ZWZpbml0aW9uIG9mIHRocmVhdHMsIGJ1dCBmYWlsIHRvIHVzZSBpdCBmb3IgbW9zdCBv
dGhlciBkZWZpbml0aW9ucyAoaW4gc2VjdGlvbiAxLjEgYW5kIGluIDIuMSkuIHdoeT8N
BVRoaXMgc2VjdGlvbiBpcyBhIGhvZGdlcG9kZ2Ugb2YgdGVybXMsIG1hbnkgb2Ygd2hp
Y2ggYXJlIGJhZGx5IGRlZmluZWQgYW5kIG9mdGVuIHJlZHVuZGFudC4gSXSScyBuZWVk
IHRvIGJlIHRob3JvdWdobHkgcmUtd3JpdHRlbi4NBUEgdGVybWluYXRlZCBlbXBsb3ll
ZSB3aG8gaGFzIGFjY2VzcyB0byBrZXlzIHRoYXQgd2VyZSBub3QgY2hhbmdlZCB3aGVu
IGhlIGxlZnQgZ2VuZXJhbGx5IHdvdWxkIGJlIGNvbnNpZGVyZWQgYW4gaW5zaWRlci4N
BU1pVE0gaXMgYSBjbGFzcyBvZiBhdHRhY2tzLCBidXQgk3Rlcm1pbmF0ZWQgZW1wbG95
ZWVzlCByZXByZXNlbnQgYSBjbGFzcyBvZiBhZHZlcnNhcmllcy4gdGh1cyB0aGUgY2xh
c3NlcyBoZXJlIGFyZSBub3QgcGFyYWxsZWwuDQVTaW5jZSBjb25maWRlbnRpYWxpdHkg
aXMgbm90IGEgc2VjdXJpdHkgc2VydmljZSBiZWluZyBjb25zaWRlcmVkLCB5b3UgbmVl
ZCB0byBleHBsYWluIHRoZSByZWxldmFuY2Ugb2YgcGFzc2l2ZSBhdHRhY2tzIHRvIHRo
ZSBpbnRlZ3JpdHkgYW5kIGF1dGhlbnRpY2F0aW9uIHNlcnZpY2VzIHRoYXQgYXJlIGlu
IHNjb3BlLg0FQSBNaVRNIG1heSBhbGxvdyBzb21lIHBhY2tldHMgdG8gcGFzcyB3L28g
dGFtcGVyaW5nLCBzbyB0aGUgk29ubHmUIGlzIG1pc2xlYWRpbmcuDQVUaGVzZSAgYXJl
IGluc2lkZXJzIQ0FWW91IGZhaWwgdG8gaW5kaWNhdGUgd2hldGhlciB0aGlzIGNsYXNz
IG9mIGFkdmVyc2FyeSBpcyBhY3RpbmcgaW4gYW4gb2ZmIHBhdGggb3Igb249cGF0aCBm
YXNoaW9uLCBhbiBpbXBvcnRhbnQgcGFydCBvZiB0aGUgYXR0YWNrIHByb2ZpbGUuDQVX
aHkgZGlkbpJ0IHlvdSBzdGFydCB3aXRoIHRoZSA0OTQ5IGRlZmluaXRpb24gZm9yIHNw
b29maW5nPyANBXNlY3Rpb24gMS42OiBzYXlzIHRoYXQgk01lc3NhZ2UgY29udGVudCB2
YWxpZGl0eSAocm91dGluZyBkYXRhYmFzZSB2YWxpZGl0eSmUIGlzIGEgbm9uLWdvYWwu
IFRoaXMgYXR0YWNrIChieSBhbiBvdXRzaWRlcikgaXMganVzdCBhbiBhdXRoZW50aWNh
dGlvbiBmYWlsdXJlIG9mLCBhbmQgZG9lcyBub3QgbmVlZCB0byBiZSBkZXNjcmliZWQg
c2VwYXJhdGVseS4NBU5vdCBhIHN0YW5kYXJkIGF0dGFjayB0ZXJtLiBSZXBsYXkgaXMg
YSB0eXBlIG9mIGFjdGl2ZSBhdHRhY2suIFJlLW9yZGVyaW5nIGlzIGEgdHlwZSBvZiBh
dHRhY2suIE1hc3F1ZXJhZGluZyB5aWVsZHMgk2luc2VydGluZyBwcm90b2NvbCBwYWNr
ZXRzLpQgQ29ycnVwdGluZyBwYWNrZXRzIGlzIGFuIGludGVncml0eSB2aW9sYXRpb24s
IGFuZCBpcyB0aGUgZW5jb21wYXNzaW5nIGNhc2UgZm9yIJNmYWxzaWZpY2F0aW9uLpQg
k2NoYW5naW5nIG1lc3NhZ2UgY29udGVudJQgaXMgYWxzbyBhbiBpbnRlZ3JpdHkgYXR0
YWNrIGV4YW1wbGUuICBUaGlzIGxpc3QgaXMgcmVkdW5kYW50LiBZb3Ugc2hvdWxkIGp1
c3QgZGVzY3JpYmUgYWN0aXZlIGF0dGFjayB0eXBlcyAgKHRoYXQgaGF2ZSBiZWVuIHdl
bGwgZG9jdW1lbnRlZCBmb3IgMjUrIHllYXJzKSwgYW5kIHRoZW4gZGlzY3VzcyBob3cg
dGhlc2UgbWFwIHRvIHJvdXRpbmcgcHJvdG9jb2xzLg0FVGhpcyBpcyBhbWJpZ3VvdXMu
IEFyZSB5b3UgdGFsa2luZyAgYWJvdXQgYSBwaHlzaWNhbCBsYXllciBhdHRhY2sgb24g
YSB3aXJlbGVzcyBsaW5rPw0FVGhpcyBzZW50ZW5jZSBzdWdnZXN0cyB0aGF0IHRoaXMg
YnVsbGV0IGlzIHJlZHVuZGFudC4NBU5vdCBuZWNlc3NhcmlseSBzcG9vZmVkIHBhY2tl
dHMuIEEgRG9TIGF0dGFjayBjb3VsZCByZXN1bHQgaWYgdGhlIHBhY2tldHMgZmlsbCBh
biBpbnB1dCBidWZmZXIgYW5kIGNhdXNlIGxlZ2l0aW1hdGUgcGFja2V0cyB0byBiZSBk
cm9wcGVkLCBiZWZvcmUgdGhlIGNsYWltZWQgcGFja2V0IG9yaWdpbiBjYW4gYmUgZXhh
bWluZWQuIA0FQW4gYWR2ZXJzZSBlZmZlY3QgdGhhdCByZXN1bHRzIGZyb20gc3Bvb2Zp
bmcgaXMgY291bnRlcmVkIGJ5IGRldGVjdGluZyBhbiByZWplY3Rpbmcgc3Bvb2ZlZCB0
cmFmZmljLiBTbywgYWdhaW4gdGhpcyBkaXNjdXNzIGlzIGxhcmdlbHkgcmVkdW5kYW50
LiANBVRoaXMgc2VlbXMgb2RkLiBBcmUgeW91IHN1Z2dlc3RpbmcgdGhhdCBCR1Agc2hv
dWxkIGJlIGNoYW5nZWQgdG8gYmVjb21lIHJlc2lsaWVudCB0byBzcG9vZmVkIFRDUCBS
U1RzLCBpbnN0ZWFkIG9yIHNlY3VyaW5nIHRoZSBUQ1AgbGF5ZXI/DQVQcm9iYWJseSBu
b3Qgd2hhdCB5b3Ugd2FudCB0byBzYXksIGFzIGl0IHN1Z2dlc3RzIHRoYXQgeW91IGhh
dmUgY2FyZWZ1bGx5IGlkZW50aWZpZWQgYWxsIHRoZSBEb1MgYXR0YWNrcyBvZiBpbnRl
cmVzdC4gIChSZWFkaW5nIHRoaXMgc2VjdGlvbiBJIHdvdWxkIG5vdCBiZSBjb252aW5j
ZWQgb2YgdGhhdC4pDQUgVGhlIElFVEYgcmVndWxhcmx5IG1hbmRhdGVzIGtleSBzaXpl
cyBmb3Igc2VjdXJpdHkgcHJvdG9jb2xzLCB3aGVuIG1hbmRhdG9yeS10by1pbXBsZW1l
bnQgYWxnb3JpdGhtcyBhcmUgc3BlY2lmaWVkLiAgIFdoeSBicmluZyB0aGlzIHVwIGhl
cmU/IChJbiBjb250cmFzdCwgSSBkb26SdCB0aGluayB3ZSBoYXZlIGV2ZXIgbWFuZGF0
ZWQgcGFzc3dvcmQgc2l6ZXMgb3IgZW50cm9weSBsZXZlbHMsIHNvIIUpDQVTdWNoIGF0
dGFja3Mgd2VyZSBhbHJlYWR5IGRlY2xhcmVkIG91dCBvZiBzY29wZSBpbiBTZWN0aW9u
IDEuNiwgd2hlcmUgdGhlIGZvbGxvd2luZyB0ZXh0IGFwcGVhcnM6IJNNZXNzYWdlIGNv
bnRlbnQgdmFsaWRpdHkgKHJvdXRpbmcgZGF0YWJhc2UgdmFsaWRpdHkpLpQNBVlvdSBw
cm9iYWJseSBkbyBub3Qgd2FudCB0byBydWxlIHRoaXMgb3V0LCBhcyBpdCBpcyBhIHdh
eSBmb3IgYW4gYXR0YWNrZXIgdG8gZ2F0aGVyIGRhdGEgbmVlZGVkIHRvIHBlcmZvcm0g
YW4gb2ZmLXBhdGggcGFja2V0IGluamVjdGlvbiBhdHRhY2suIEFuZCwgdGhpcyBzZWVt
cyB0byBjb25mbGljdCB3aXRoIHRoZSBicm9hZCBkZWZpbml0aW9uIG9mIGFuIG9uLXBh
dGggYXR0YWNrICggk4VhdHRhY2tlcnMgd2l0aCBjb250cm9sIG9mIGEgbmV0d29yayBy
ZXNvdXJjZSBvciBhIHRhcIWUKSBwcmVzZW50ZWQgaW4gc2VjdGlvbiAyLjEhDQVyZWR1
bmRhbnQNBWFnYWluLCCTaW50ZXJmZXJlbmNllCBpcyBhIHRlcnJpYmxlLCBub24tc3Rh
bmRhcmQgdGVybSB0byBjaGFyYWN0ZXJpemUgYXR0YWNrcw0FaWYgb25lIHVzZXMgc2Vx
dWVuY2UgbnVtYmVycywgYSByZWNlaXZlciBjYW4gZGV0ZWN0IHRoaXMgZm9ybSBvZiBh
IE1pVE0gYXR0YWNrcywgc28gd2h5IHJ1bGUgaXQgb3V0Pw0FVGltZXN0YW1wcyBjYW4g
YmUgdXNlZCB0byBkZXRlY3QgZGVsYXlzLiBXaGVuICBkaWQgY3J5cHRvZ3JhcGhpYyBh
dXRoIGJlY29tZSB0aGUgT05MWSBzZWN1cml0eSBtZWNoYW5pc20/IA0FU2luY2Ugbm9u
LXJlcHVkaWF0aW9uIHdhcyBkZWNsYXJlZCBvdXQgb2Ygc2NvcGUsIHRoaXMgaXMganVz
dCBvbmUgb2YgbWFueSBOUi1yZWxhdGVkIGF0dGFja3MgdGhhdCBhcmUgaXJyZWxldmFu
dC4gQWxzbywgaXQgbGlrZWx5IGlzIGV4Y2x1ZGVkIGJ5IHRoZSBzZWN0aW9uIDEuNiB0
ZXh0Lg0FQWdhaW4sIGFscmVhZHkgYWRkcmVzc2VzIGJ5IHRoZSBzZWN0aW9uIDEuNiBl
eGNsdXNpb24gcnVsZS4NBZNhbnkgb3RoZXKUIGlzIGEgcXVlc3Rpb25hYmxlIGNoYXJh
Y3Rlcml6YXRpb24sIGZvciB0aGUgcmVhc29ucyBJIGNpdGVkIGVhcmxpZXIuIA0FQXMg
b3Bwb3NlZCB0byBwaWN0b2dyYXBoaWMgKA0FTm90IGEgbWVhbmluZ2Z1bCB0ZXJtLiBB
bHNvLCB0aGUgU2VjdXJpdHkgQURzIHdpbGwgZW5zdXJlIHRoaXMsIHNvIIUNBUFsZ29y
aXRobSBhZ2lsaXR5IGRvZXMgTk9UIHJlcXVpcmUgdGhhdCBtb3JlIHRoYW4gb25lIGFs
Z29yaXRobSBiZSCTc3BlY2lmaWVkLpQgIEl0IG1lYW5zIHRoYXQgdGhlcmUgbXVzdCBi
ZSBhIHdheSB0byBpZGVudGlmeSB3aGljaCBhbGdvcml0aG1zIGFyZSB1c2VkIGluIGEg
cHJvdG9jb2wsIGFuZCBhIHdheSB0byB0cmFuc2l0aW9uIGZyb20gb25lIHRvIGFub3Ro
ZXIuDQVJdCAgYWxzbyBleGlzdHMgYmVjYXVzZSBhbGdvcml0aG1zIGFnZSBvdmVyIHRp
bWUsIG9mdGVuIGdyYWNlZnVsbHkgKC4NBU5vbnNlbnNlLg0FQXMgbm90ZWQgYWJvdmUs
IHRoaXMgaXMgTk9UIHdoYXQgYWxnb3JpdGhtIGFnaWxpdHkgbWVhbnMsIG5vciBpdCBp
cyB3aGF0IEFOWSBTZWN1cml0eSBBRHMgaGF2ZSBtYW5kYXRlZCBmb3IgQU5ZIHNlY3Vy
aXR5IHByb3RvY29scy4NBVdoYXQgaXMgYSCTc2ltcGxllCBQU0ssIGFuZCB3aGF0IGlz
IGFuIGV4YW1wbGUgb2YgYSBub3Qgc2ltcGxlIFBTSz8NBVdlIHB1dCBhIGZlbmNlIGFy
b3VuZCBzdHVwaWRpdHkgYmVjYXVzZSB3ZSB3YW4gdG8gcHJvdGVjdCBpdCBmcm9tID8/
Pw0FRG8geW91IG1lYW4gdGhhdCB0aGUgcm91dGluZyBwcm90b2NvbCBTSE9VTEQgYmUg
YWJsZSB0byBkZXRlY3QgYW5kIHJlamVjdCByZXBsYXllZCBwYWNrZXRzIChQRFVzKT8N
BVRoYXQgaXMgdGVjaG5pY2FsbHkgYSBtYXR0ZXIgb2Ygk3BlZXIgZW50aXR5IGF1dGhl
bnRpY2F0aW9ulCBzZWUgUkZDIDQ5NDkuICBSZXBsYXkgd2l0aGluIGEgc2Vzc2lvbiBp
cyBhZGRyZXNzZWQgYnkgk3N0cmVhbSBpbnRlZ3JpdHmUIG1lY2hhbmlzbXMgKDQ5NDkp
Lg0FU2luY2UgdGhpcyBkb2N1bWVudCBoYXMgbm90IHNwZWNpZmllZCB3aGF0IJNzZWN1
cml0eSBwYXJhbWV0ZXJzlCBhcmUsIHRoaXMgaXNuknQgYSBnb29kIHJlcXVpcmVtZW50
Lg0FU291bmRzIEJHUC1jZW50cmljDQVOb3QgdmVyeSBwcmVjaXNlLg0FVXN1YWxseSBv
bmUgZG9lcyBub3QgcHJldmVudCBEb1MgYXR0YWNrcy4gT25lIGRldGVjdHMgYW5kIHJl
amVjdHMsIGFzIHNvb24gYXMgcG9zc2libGUsIHRyYWZmaWMgdGhhdCBjb25zdGl0dXRl
cyB0aGUgRG9TIGF0dGFjay4NBURvIHlvdSBtZWFuIG1hbmRhdG9yeSB0byBpbXBsZW1l
bnQ/IA0FSW50ZWdyaXR5IHRvby4NBUFyZSB0aGVyZSBnZW5lcmFsbHkgYWNjZXB0ZWQg
bWF0aCBtb2RlbHMgZm9yIGVhY2ggb2YgdGhlIHRhcmdldCByb3V0aW5nIHByb3RvY29s
cyB0aGF0IHdpbGwgZW5hYmxlIGRlc2lnbmVycyBvZiBzZWN1cml0eSBtZWNoYW5pc21z
IHRvIHZlcmlmeSB0aGF0IHRoaXMgcmVxdWlyZW1lbnQgaXMgYmVpbmcgbWV0Pw0FSXMg
dGhpcyBhIGdlbmVyaWMgcm91dGluZyBwcm90b2NvbCB0ZXJtIG9yIGlzIGl0IEJHUC1j
ZW50cmljPw0FSXQgaXMgdW5saWtlbHkgdGhhdCBhdXRoZW50aWNhdGlvbiBtZWNoYW5p
c21zIHdvdWxkIGludGVyZmVyZSB3aXRoIHRoaXMsIGJ1dCBpbnRlZ3JpdHkgbWVjaGFu
aXNtcyAoZS5nLiwgZm9yIHN0cmVhbSBpbnRlZ3JpdHkpIG1pZ2h0LiBTbywgaXMgdGhp
cyBhIGNhc2Ugd2hlcmUgdGhlIHVzZSBvZiCTYXV0aGVudGljYXRpb26UIGFzIGEgZ2Vu
ZXJpYyBzZWN1cml0eSB0ZXJtIGlzIGNhdXNpbmcgY29uZnVzaW9uPw0FVGhpcyBpcyBh
IHNpbGx5IHN0YXRlbWVudC4gQXV0aGVudGljYXRpb24gbWVjaGFuaXNtcyBETyBOT1Qg
cHJvdmlkZSBjb25maWRlbnRpYWxpdHkuIEFsc28sIEkgZG9uknQgcmVjYWxsIGV2ZXIg
c2VlaW5nIGEgZGVzaWduIGluIHdoaWNoIGFuIGF1dGhlbnRpY2F0aW9uIG1lY2hhbmlz
bSBwcmVjbHVkZWQgdXNlIG9mIGNvbmZpZGVudGlhbGl0eSwgd2hlbiBib3RoIHdlcmUg
aW50ZW5kZWQgdG8gYmUgcHJvY2Vzc2VkIGF0IHRoZSBzYW1lIHBvaW50Lg0FTm9uc2Vu
c2UuIFdobyBiZWxpZXZlcyB0aGlzIGlzIGEgbGVnaXRpbWF0ZSBjb25jZXJuPyANBVRo
aXMgaXMgYSB2ZXJ5IG9kZCBzdGF0ZW1lbnQuIEl0IGJhc2ljYWxseSBzYXlzIHRoYXQg
aWYgeW91IGhhdmUgYSByb3V0aW5nIHByb3RvY29sIHRoYXQgdXNlcyBtdWx0aWNhc3Qg
b24gYSBsaW5rLCBhbmQgaWYgYSBncm91cCBrZXkgaXMgdXNlZCB0byBwcm92aWRlIGdy
b3VwLWdyYW51bGFyaXR5IGF1dGhlbnRpY2F0aW9uLCB5b3Ugc2hvdWxkIHVzZSBzb21l
IGFkZGl0aW9uYWwgbWV0aG9kIHRvIHByb3ZpZGUgcGVyLXBlZXIgYXV0aGVudGljYXRp
b24uIElmIGZpbmVyIGdyYW51bGFyaXR5IGF1dGhlbnRpY2F0aW9uIGlzIHJlcXVpcmVk
LCB0aGVuIG1heWJlIGdyb3VwIGtleWluZyBpcyBpbmFwcHJvcHJpYXRlLg0FQXV0aGVu
dGljYXRlPw0FU0hPVUxEIGhlcmUsIGJ1dCBNVVNUIHR3byBzZW50ZW5jZSBhYm92ZSEg
UGljayBvbmUuDQVTaW5jZSB0aGUgc2NvcGUgb2YgdGhpcyB3b3JrIGlzIHBlZXItdG8t
cGVlciBhdXRoZW50aWNhdGlvbiBhbmQgaW50ZWdyaXR5LCBjYW6SdCBvbmUganVzdCAg
bmVnb3RpYXRlIHVzZSBvZiB0aGUgbmV3LCBzZWN1cmVkIHZlcnNpb24gb2YgdGhlIHBy
b3RvY29sIG9uZSBhIHBlZXItYnktcGVlciBiYXNpcywgYW5kIGF2b2lkIHRoZSBuZWVk
IGZvciBiYWNrd2FyZCBjb21wYXRpYmlsaXR5IGluIG1hbnkgcmVzcGVjdHM/IEFsc28s
IHRoZSByZWZlcmVuY2UgdG8gdHJhdmVyc2luZyByb3V0ZXJzIHRoYXQgZG8gbm90IHN1
cHBvcnQgdGhlIG5ldyBtZWNoYW5pc21zIHNlZW1zIHRvIGluY29uc2lzdGVudCB3aXRo
IHRoZSBwZWVyLXRvLXBlZXIgIG1vZGVsLCBleGNlcHQgZm9yIGEgcm91dGluZyBwcm90
b2NvbCBsaWtlIFJTVlAgKHdoaWNoIGlzIG5vdCBtZW50aW9uZWQgYW55d2hlcmUgaW4g
dGhpcyBkb2N1bWVudCkuDQWTT3JpZ2luYXRvcpQgc2VlbXMgbGlrZSBhbiBvZGQgdGVy
bSBoZXJlLCBzaW5jZSB0aGUgc2NvcGUgb2YgdGhpcyB3b3JrIGlzIG1vc3RseSB0cmFu
c3BvcnQgc2VjdXJpdHkuIEFsc28sIGlmIG9uZSBuZWVkcyB0byBlc3RhYmxpc2ggYW4g
U0Egd2l0aCBhIHBlZXIgdG8gZWZmZWN0IGF1dGhlbnRpY2F0aW9uLCBpc26SdCB0aGF0
IGVub3VnaCB0byBsZXQgeW91IGsgbm93IGlmIHRoZSBwZWVyIGlzIHNlY3VyaXR5LWVu
YWJsZWQ/DQVTaW5jZSBJU1BzIGNvbWUgaW4gYWxsIHNlaXplcywgdGhlIHRlcm0gk2hp
Z2ggbnVtYmVyc5Qgc2VlbXMgcXVlc3Rpb25hYmxlIGhlcmUuDQVUb28gYnJvYWQgYSBy
ZXF1aXJlbWVudC4gVGhlIHRoaXJkIHNlbnRlbmNlIGlzIGEgYmV0dGVyIGNoYXJhY3Rl
cml6YXRpb24gb2YgdGhlIHJlYWwgY29uY2VybiBoZXJlLg0NDQAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAEIAADDCwAAxgsAACUNAAAm
DQAAVR4AAFYeAAAVHwAAIx8AACsfAACRHwAAkh8AAN4fAADkHwAASiAAAEsgAAAjIQAA
MyEAAFcjAABYIwAAjCMAAJMjAACaIwAA3CQAAN0kAAD0JQAA+yUAAEEnAAD58ujy2PLC
8sK48tjyovLY8pjyjvJ4a/LY8lXyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArAAiB
FWgRVBsAFmh4BcgAF2gOb6YAY0gBAGRoAAAAAGRoAAAAAGRoq1P4ZhkBCIEESAEABWgf
TPhGFWgRVBsAFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoKmsWAGNIAQBkaAAAAABkaAAA
AABkaB9M+EYTAQiBBEgBAAVoH0z4RhZoeAXIABMBCIEESAEABWioU/hmFmh4BcgAKwAI
gRVoEVQbABZoeAXIABdoKmsWAGNIAQBkaAAAAABkaAAAAABkaB5M+EYTAQiBBEgBAAVo
p1P4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaIYHXwBjSAEAZGgAAAAAZGgAAAAAZGin
U/hmHgNqAAAAABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQATAQiBBEgBAAVoGEz4RhZo
eAXIAAwVaBFUGwAWaHgFyAAADBVoEVQbABZohgdfABwACAAAAQgAAAIIAAADCAAATAgA
AJUIAADeCAAAJwkAAHAJAAC5CQAAAgoAAAMKAAAECgAATQoAAIAKAAC0CgAAtQoAAL4K
AAC/CgAABwsAAE0LAACJCwAAzQsAABQMAABUDAAAkwwAAKIMAACjDAAA6AwAAC8NAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHS8NAAByDQAAtw0AAP8NAABI
DgAAiQ4AAIoOAACeDgAAnw4AAOAOAAAEDwAABQ8AAEoPAACMDwAA1A8AABEQAAASEAAA
WxAAAKMQAADlEAAAIxEAACQRAABdEQAAXhEAAF8RAABgEQAAqREAAKsRAAD0EQAA9REA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAd9REAAPYRAAAHEgAACBIA
AEsSAAB2EgAAdxIAALgSAADhEgAAJBMAAGQTAACtEwAA9RMAADsUAAB+FAAAqhQAAKsU
AACsFAAAvhQAAL8UAAAIFQAAURUAAJoVAADjFQAALBYAAHUWAAC+FgAABxcAAAgXAABR
FwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB1RFwAAmhcAAOMXAADk
FwAAJhgAAG8YAABwGAAAuRgAALoYAAADGQAABBkAAE0ZAABOGQAAlxkAAOAZAAApGgAA
KhoAAHMaAAB0GgAAdRoAAHYaAAB3GgAAeBoAAHkaAADCGgAAxBoAAA0bAAAOGwAADxsA
ACAbAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHSAbAAAhGwAAaBsA
AK4bAAD0GwAAORwAAH4cAADHHAAADR0AACUdAAAmHQAAbh0AAKgdAACpHQAA7x0AADce
AAB/HgAAtR4AALYeAAD7HgAASh8AAFcfAABYHwAAkx8AAJQfAADdHwAAJCAAAGwgAACx
IAAA9yAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAd9yAAAE4hAAB2
IQAAdyEAALohAAD8IQAAQyIAAGoiAABrIgAAfSIAAH4iAAC+IgAAByMAAE0jAACbIwAA
qiMAAKsjAACsIwAArSMAAK4jAACvIwAAsCMAAPkjAAD7IwAARCQAAEUkAABGJAAAYSQA
AGIkAAClJAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB2lJAAA3yQA
AOAkAAD3JAAA+CQAADslAAB9JQAAuiUAALslAADFJQAAxiUAAA4mAABWJgAAnSYAAOYm
AAAvJwAAgicAAMsnAAD1JwAA9icAABooAAAbKAAAYygAAKsoAADxKAAAOSkAAIcpAADL
KQAA/ykAAAAqAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHUEnAABH
JwAAUScAAFInAABdJwAAWykAAGUpAABqKQAAaykAALkpAAC6KQAA5ikAAOcpAAD8KQAA
/SkAAE8qAABQKgAAjSoAAI4qAADGKgAAxyoAAMgqAADPKgAAnSsAAJ4rAACzKwAAtCsA
AEYsAABHLAAAfywAAIAsAADBLAAAyywAAOnf0unLtauey47LjsuOy47LjsuEy27LjsuO
y47LjstYAAAAAAAAAAAAAAAAKwAIgRVoEVQbABZoeAXIABdoJQ5gAGNIAQBkaAAAAABk
aAAAAABkaDVM+EYrAAiBFWgRVBsAFmh4BcgAF2i5YLYAY0gBAGRoAAAAAGRoAAAAAGRo
51L4ZhMBCIEESAEABWjnUvhmFmh4BcgAHgNqAAAAABZoeAXIADBKEwA8CIFPSgMAUUoD
AFUIAQAZAQiBBEgBAAVoL0z4RhVoEVQbABZoeAXIABMBCIEESAEABWgvTPhGFmh4BcgA
KwAIgRVoEVQbABZoeAXIABdoph2aAGNIAQBkaAAAAABkaAAAAABkaC9M+EYMFWgRVBsA
Fmh4BcgAABkBCIEESAEABWhrUvhmFWgRVBsAFmh4BcgAEwEIgQRIAQAFaGtS+GYWaHgF
yAArAAiBFWgRVBsAFmh4BcgAF2gQJXcAY0gBAGRoAAAAAGRoAAAAAGRoa1L4ZgAgACoA
ABEqAAASKgAAWSoAAJkqAADiKgAAKisAAGgrAACIKwAAiSsAAJ8rAACgKwAA4isAACos
AAByLAAAuywAAActAAAILQAACS0AAAotAABTLQAAVS0AAJ4tAACfLQAAoC0AAPMtAAA8
LgAAhS4AANAuAAAXLwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB3L
LAAA1SwAANosAADbLAAApi0AALAtAAC6LQAA1i0AANctAACSLgAAky4AALkuAADELgAA
yy4AAM8vAADbLwAA6C8AAOkvAAAMMAAADTAAAA4wAABVMgAAVjIAAMcyAADIMgAA0TIA
ANUyAADcMgAABDMAAPLr2+vFuOvb69vropjrgnhr69uC69vr2+thV+sAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAATAQiBBEgBAAVoZVL4ZhZoeAXIABMBCIEESAEABWht
UvhmFmh4BcgAGQEIgQRIAQAFaDhM+EYVaBFUGwAWaHgFyAATAQiBBEgBAAVoOEz4RhZo
eAXIACsACIEVaBFUGwAWaHgFyAAXaHN7YwBjSAEAZGgAAAAAZGgAAAAAZGg4TPhGEwEI
gQRIAQAFaDdM+EYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2hze2MAY0gBAGRoAAAAAGRo
AAAAAGRoN0z4RhkBCIEESAEABWg2TPhGFWgRVBsAFmh4BcgAKwAIgRVoEVQbABZoeAXI
ABdoXguwAGNIAQBkaAAAAABkaAAAAABkaDZM+EYeA2oAAAAAFmh4BcgAMEoTADwIgU9K
AwBRSgMAVQgBAAwVaBFUGwAWaHgFyAAAGQEIgQRIAQAFaDVM+EYVaBFUGwAWaHgFyAAA
HBcvAABfLwAAoS8AAPMvAAA8MAAAgjAAAMYwAAANMQAAVjEAAJ4xAADiMQAAKDIAADYy
AAA3MgAAWDIAAFkyAACXMgAA4zIAADszAAB9MwAAfjMAAKIzAACjMwAA5jMAACw0AABz
NAAAuDQAAPA0AADxNAAAOTUAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXI
AAAdBDMAAAozAAAcMwAAHTMAACAzAAB6MwAAezMAAAY0AAAHNAAALzUAADA1AAB6NQAA
ezUAAJY1AACXNQAAMDYAADE2AADFNgAAzjYAAPA2AADxNgAArzgAALo4AADDOAAAzzgA
ANM4AADZOAAA6jgAAPI4AADzOAAAIzkAACQ5AADp39Lpy7vLu8u7y7HLscu7y7HLu8un
y52Hy31nu8tdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwEIgQRIAQAFaElM+EYW
aHgFyAArAAiBFWgRVBsAFmh4BcgAF2gMEngAY0gBAGRoAAAAAGRoAAAAAGRoblL4ZhMB
CIEESAEABWhuUvhmFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoDBJ4AGNIAQBkaAAAAABk
aAAAAABkaG1S+GYTAQiBBEgBAAVobVL4ZhZoeAXIABMBCIEESAEABWhsUvhmFmh4BcgA
EwEIgQRIAQAFaEdM+EYWaHgFyAAeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgB
AAwVaBFUGwAWaHgFyAAAGQEIgQRIAQAFaEpM+EYVaBFUGwAWaHgFyAATAQiBBEgBAAVo
Skz4RhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaNYjSABjSAEAZGgAAAAAZGgAAAAAZGhK
TPhGAB85NQAAfzUAAMY1AAAMNgAATzYAAJE2AADjNgAAKjcAAHI3AACMNwAAjTcAAKA3
AAChNwAAojcAAKM3AACkNwAApTcAAKY3AADvNwAA8TcAADo4AAA7OAAAPDgAAH04AAB+
OAAAjTgAAI44AAD8OAAARTkAAJE5AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBn
ZHgFyAAAHSQ5AAAlOQAAajkAAGs5AACLOQAAjTkAAJA5AACSOQAAnTkAALI5AAC3OQAA
wTkAAMI5AADIOQAA0jkAANg5AADbOQAA4TkAAOk5AADqOQAA7TkAAPA5AADxOQAAUToA
AFg6AABrOgAAbDoAAD4+AAA/PgAAQD4AAFA+AACsPgAAsz4AAOni2OLC2OLC4qzYn6zi
2OKslZ/irNjif+Jv4m/iWeJZAAAAAAAAAAAAAAAAAAArAAiBFWgRVBsAFmh4BcgAF2i+
NhgAY0gBAGRoAAAAAGRoAAAAAGRocFL4Zh4DagAAAAAWaHgFyAAwShMAPAiBT0oDAFFK
AwBVCAEAKwAIgRVoEVQbABZoeAXIABdoDBJ4AGNIAQBkaAAAAABkaAAAAABkaG1S+GYT
AQiBBEgBAAVob1L4ZhZoeAXIABkBCIEESAEABWhuUvhmFWgRVBsAFmh4BcgAKwAIgRVo
EVQbABZoeAXIABdoTCTQAGNIAQBkaAAAAABkaAAAAABkaG5S+GYrAAiBFWgRVBsAFmh4
BcgAF2hlTG0AY0gBAGRoAAAAAGRoAAAAAGRoblL4ZhMBCIEESAEABWhuUvhmFmh4BcgA
DBVoEVQbABZoeAXIAAArAAiBFWgRVBsAFmh4BcgAF2hRWnQAY0gBAGRoAAAAAGRoAAAA
AGRoSUz4RgAgkTkAAPI5AAAzOgAANDoAAEY6AABHOgAAjjoAANM6AAAbOwAAXTsAAKY7
AADtOwAANDwAAHw8AACKPAAAizwAAKc8AACoPAAA7zwAADc9AAB8PQAAfT0AAME9AAAD
PgAAGT4AABo+AAAmPgAAJz4AAGw+AADEPgAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA
BA8AZ2R4BcgAAB2zPgAAwj4AAMc+AADVPgAA4T4AAOM+AADvPgAA8T4AAPI+AABxPwAA
cj8AABNBAAAZQQAAHUEAACFBAAAuQQAAL0EAADpBAABCQQAAR0EAAElBAABTQQAAcEEA
AIBBAADnQQAA70EAAP5BAAD17tj17tj1y+677qXuj4V4bqWP7qXuhe5YTgAAAAAAAAAA
AAAAAAAAAAAAAAAAAAATAQiBBEgBAAVoxlL4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAX
aIJJoQBjSAEAZGgAAAAAZGgAAAAAZGjGUvhmEwEIgQRIAQAFaHJS+GYWaHgFyAAZAQiB
BEgBAAVoxVL4ZhVoEVQbABZoeAXIABMBCIEESAEABWjFUvhmFmh4BcgAKwAIgRVoEVQb
ABZoeAXIABdogkmhAGNIAQBkaAAAAABkaAAAAABkaMVS+GYrAAiBFWgRVBsAFmh4BcgA
F2gRcsoAY0gBAGRoAAAAAGRoAAAAAGRoclL4Zh4DagAAAAAWaHgFyAAwShMAPAiBT0oD
AFFKAwBVCAEAGQEIgQRIAQAFaHBS+GYVaBFUGwAWaHgFyAArAAiBFWgRVBsAFmh4BcgA
F2i+NhgAY0gBAGRoAAAAAGRoAAAAAGRocFL4ZgwVaBFUGwAWaHgFyAAAEwEIgQRIAQAF
aHBS+GYWaHgFyAAAGsQ+AAAZPwAAVT8AAJk/AADgPwAAKUAAAGxAAACoQAAA60AAAEhB
AACbQQAA5EEAADRCAAA1QgAANkIAADdCAACAQgAAgkIAAMtCAADMQgAAzUIAABZDAABW
QwAAm0MAAORDAAA0RAAAe0QAAK9EAACwRAAA6kQAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
AAAAAAQPAGdkeAXIAAAd/kEAAP9BAAAHQwAACEMAAAlDAAARQwAAd0MAAHhDAACEQwAA
rkMAALZDAADOQwAA1kMAAOJDAADjQwAAC0QAAA1EAAAXRAAAIEQAADxFAAA9RQAAdkYA
AHdGAACZRwAArUcAALhHAACYSQAAmUkAAKlJAACqSQAAtkkAAL5JAADHSQAAyEkAAMxJ
AADRSQAAOkoAAEVKAABPSgAAUEoAAPLr2+vF69vF68Xrxeu767Hrsevb69vrm5Hrh+uH
63GH63GH63GHZAAZAQiBBEgBAAVo4VL4ZhVoEVQbABZoeAXIACsACIEVaBFUGwAWaHgF
yAAXaAUrbABjSAEAZGgAAAAAZGgAAAAAZGjhUvhmEwEIgQRIAQAFaOFS+GYWaHgFyAAT
AQiBBEgBAAVo1VL4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaAcm3ABjSAEAZGgAAAAA
ZGgAAAAAZGjVUvhmEwEIgQRIAQAFaMdS+GYWaHgFyAATAQiBBEgBAAVoxlL4ZhZoeAXI
ACsACIEVaBFUGwAWaHgFyAAXaKQGOABjSAEAZGgAAAAAZGgAAAAAZGjGUvhmHgNqAAAA
ABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQAMFWgRVBsAFmh4BcgAABkBCIEESAEABWjG
UvhmFWgRVBsAFmh4BcgAACfqRAAA60QAACxFAABzRQAAq0UAAKxFAAD1RQAAPEYAAGFG
AABiRgAApkYAANtGAADcRgAAJEcAAGlHAAC8RwAA40cAAORHAAArSAAAbkgAALJIAAC8
SAAAvUgAANhIAADZSAAAIkkAAGhJAACzSQAAB0oAAFlKAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAAAAAAAEDwBnZHgFyAAAHVlKAACiSgAA6koAADFLAAB5SwAAv0sAAAJMAAADTAAA
R0wAAI9MAADWTAAA10wAANhMAADZTAAAIk0AACRNAABtTQAAbk0AAG9NAAC3TQAAAE4A
AEdOAACPTgAA004AABJPAABaTwAAmE8AAN5PAAAkUAAAbFAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAAAAAAAAQPAGdkeAXIAAAdUEoAAPRKAAD1SgAAPUsAAD5LAABEUQAATFEAAFRR
AAB8UQAAhVEAABNTAAAgUwAA8FMAAP9TAAAFVAAABlQAABBUAAAWVAAAQFQAAEFUAABC
VAAAVVQAAI1VAACOVQAAj1UAANNVAADUVQAADlYAAPnj+eP5zcP5w/mt+a3DoPmW+Zb5
gPmWavla+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgNq
AAAAABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQArAAiBFWgRVBsAFmh4BcgAF2jkSDMA
Y0gBAGRoAAAAAGRoAAAAAGRo5FL4ZisACIEVaBFUGwAWaHgFyAAXaM1+9ABjSAEAZGgA
AAAAZGgAAAAAZGjkUvhmEwEIgQRIAQAFaORS+GYWaHgFyAAZAQiBBEgBAAVo41L4ZhVo
EVQbABZoeAXIACsACIEVaBFUGwAWaHgFyAAXaM1+9ABjSAEAZGgAAAAAZGgAAAAAZGjj
UvhmEwEIgQRIAQAFaONS+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2gSQZ8AY0gBAGRo
AAAAAGRoAAAAAGRo41L4ZisACIEVaBFUGwAWaHgFyAAXaB5AHQBjSAEAZGgAAAAAZGgA
AAAAZGjhUvhmDBVoEVQbABZoeAXIABtsUAAAsFAAAPJQAAA3UQAAc1EAAHRRAADCUQAA
C1IAAE1SAACSUgAA2FIAACFTAABqUwAAr1MAAO1TAABCVAAAVFQAAFVUAACYVAAA4FQA
AClVAABFVQAARlUAAFJVAABTVQAAkFUAAJFVAADYVQAABlYAAAdWAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHQ5WAAAWVgAAHFYAAB1WAAAKVwAAC1cAAFNY
AABUWAAA+1gAAAFZAAAVWQAAHFkAAB1ZAACEWQAAhVkAAG9bAAB9WwAAiFsAAJdbAACZ
WwAArlsAAK9bAADVXAAA1lwAANdcAADaXAAA21wAAOxcAAD1XAAADV0AAOnf0su7y7HL
m7Gbscu7y5HLe5HLkctxW8u7y1HLAAAAAAAAAAAAAAAAABMBCIEESAEABWjqUvhmFmh4
BcgAKwAIgRVoEVQbABZoeAXIABdoF23ZAGNIAQBkaAAAAABkaAAAAABkaOtS+GYTAQiB
BEgBAAVo61L4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaLwJcgBjSAEAZGgAAAAAZGgA
AAAAZGjpUvhmEwEIgQRIAQAFaOlS+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2j3IK4A
Y0gBAGRoAAAAAGRoAAAAAGRo6FL4ZhMBCIEESAEABWjoUvhmFmh4BcgAHgNqAAAAABZo
eAXIADBKEwA8CIFPSgMAUUoDAFUIAQAMFWgRVBsAFmh4BcgAABkBCIEESAEABWjlUvhm
FWgRVBsAFmh4BcgAEwEIgQRIAQAFaOVS+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2hp
R/cAY0gBAGRoAAAAAGRoAAAAAGRo5VL4ZgAdB1YAAFVWAACRVgAAklYAANtWAAAcVwAA
ZFcAAIxXAACNVwAAjlcAAI9XAACQVwAA2VcAANtXAAAkWAAAJVgAACZYAABuWAAAtlgA
APpYAABYWQAAn1kAAOhZAAAxWgAAbVoAALVaAAD7WgAAQ1sAAJpbAADgWwAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB3gWwAADlwAAA9cAABSXAAAmVwAANxc
AAA+XQAAtV0AAP1dAABDXgAAiV4AANFeAAAZXwAAX18AAKhfAADxXwAAMGAAADFgAAA6
YAAAg2AAAN5gAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHDwBDJAFFxoAAAAEA71L4ZgAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAGdkeAXIAAAEDwBnZHgFyAAAFA1dAAARXQAAIF0AACFdAAAqXQAA
K10AACxdAAAvXQAAMF0AAE1dAABUXQAAX10AAGBdAABmXQAAaV0AAGpdAABrXQAAhl0A
AJddAACYXQAA9l4AAPdeAAAvYAAAMWAAAOnf0svBq8uby4V7bnvLVEd7y5vLm8s9AAAA
EwEIgQRIAQAFaO9S+GYWaHgFyAAZAQiBBEgBAAVo61L4ZhVoEVQbABZoeAXIADMACIEV
aBFUGwAWaHgFyAAXaJcmkQBjSAEAY0gAAGNIAQBkaAAAAABkaAAAAABkaOxS+GYZAQiB
BEgBAAVo7FL4ZhVoEVQbABZoeAXIABMBCIEESAEABWjsUvhmFmh4BcgAKwAIgRVoEVQb
ABZoeAXIABdolyaRAGNIAQBkaAAAAABkaAAAAABkaOxS+GYeA2oAAAAAFmh4BcgAMEoT
ADwIgU9KAwBRSgMAVQgBACsACIEVaBFUGwAWaHgFyAAXaBdt2QBjSAEAZGgAAAAAZGgA
AAAAZGjrUvhmEwEIgQRIAQAFaOtS+GYWaHgFyAAMFWgRVBsAFmh4BcgAABkBCIEESAEA
BWjqUvhmFWgRVBsAFmh4BcgAEwEIgQRIAQAFaOpS+GYWaHgFyAArAAiBFWgRVBsAFmh4
BcgAF2hFOA4AY0gBAGRoAAAAAGRoAAAAAGRo6lL4ZgAXMWAAADhgAAA5YAAAlWAAAKNg
AACoYAAArGAAAK5gAAC2YAAAvGAAAMpgAAAbYQAAH2EAAMdhAADSYQAA1mEAAN9hAADX
YgAA22IAAItlAACMZQAADWYAABhmAAA2ZgAAQGYAAKVmAACqZgAAsGYAALFmAACyZgAA
tGYAALVmAAC2ZgAAvGYAAMJmAABJZwAAUWcAAPnp+dPJ+cnT+cn5s/mp+an5qfnp+ZOJ
fPmJ+YmT+YmT+XL5XCsACIEVaBFUGwAWaHgFyAAXaBBbGwBjSAEAZGgAAAAAZGgAAAAA
ZGjxUvhmEwEIgQRIAQAFaPFS+GYWaHgFyAAZAQiBBEgBAAVo8FL4ZhVoEVQbABZoeAXI
ABMBCIEESAEABWjwUvhmFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoXTe2AGNIAQBkaAAA
AABkaAAAAABkaPBS+GYTAQiBBEgBAAVo71L4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAX
aA9yAQBjSAEAZGgAAAAAZGgAAAAAZGjvUvhmEwEIgQRIAQAFaO5S+GYWaHgFyAArAAiB
FWgRVBsAFmh4BcgAF2jgMDUAY0gBAGRoAAAAAGRoAAAAAGRo7lL4Zh4DagAAAAAWaHgF
yAAwShMAPAiBT0oDAFFKAwBVCAEADBVoEVQbABZoeAXIACTeYAAAJmEAAGlhAACwYQAA
CGIAABxiAAAdYgAAZGIAAKZiAAC4YgAAuWIAAAVjAABNYwAAi2MAAM5jAAATZAAAMmQA
ADNkAAA0ZAAANWQAADZkAAB/ZAAAgWQAAMpkAADLZAAAzGQAABNlAABcZQAAomUAAOll
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHellAAACZgAAA2YAAHNm
AAB0ZgAAxGYAAMVmAAAJZwAAUmcAAJtnAADcZwAAJWgAAGxoAAC3aAAAA2kAAERpAACK
aQAA02kAABZqAABdagAAo2oAAORqAAAsawAAdGsAALZrAADJawAAymsAACxsAABtbAAA
smwAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAdUWcAAFxnAABdZwAA
YGcAAGFnAAC5ZwAAumcAAL1nAACHaAAAjWgAANJoAADVaAAAxmsAAMdrAADlawAA6GsA
AOxrAADtawAA9WsAAPtrAAD+awAA/2sAABFsAAAbbAAAOmwAAERsAACfbQAAoG0AAB5u
AAAfbgAAFm8AABxvAAAibwAA+e/57/nVv/m1+bX5pfmPhXiPeIV4+YX5j/ml+aX5YlgA
AAAAAAAAAAAAAAATAQiBBEgBAAVo9FL4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaKMT
XQBjSAEAZGgAAAAAZGgAAAAAZGj0UvhmGQEIgQRIAQAFaPNS+GYVaBFUGwAWaHgFyAAT
AQiBBEgBAAVo81L4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaMpTuABjSAEAZGgAAAAA
ZGgAAAAAZGjzUvhmHgNqAAAAABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQATAQiBBEgB
AAVo8lL4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaHxTLABjSAEAZGgAAAAAZGgAAAAA
ZGjyUvhmMwAIgRVoEVQbABZoeAXIABdofFMsAGNIAQBjSAAAY0gBAGRoAAAAAGRoAAAA
AGRo8lL4ZhMBCIEESAEABWjxUvhmFmh4BcgADBVoEVQbABZoeAXIACCybAAA+GwAABxt
AAAdbQAAYm0AAKttAADxbQAAOG4AAHxuAACzbgAAtG4AAPpuAABDbwAAjG8AANBvAAAZ
cAAAGnAAABtwAAAccAAAZXAAAGdwAACwcAAAsXAAALJwAAD7cAAAQnEAAG1xAABucQAA
snEAAPlxAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHSJvAAAjbwAA
s28AALRvAABScQAAbHEAAARyAAAOcgAAE3IAABlyAAAicgAAI3IAACdyAAArcgAAS3IA
AGZyAADKcgAA0nIAAOFyAADicgAASnUAAEt1AABYdQAAXHUAAMV1AADGdQAAx3UAAM51
AADPdQAA0HUAAAV3AAAGdwAAcnkAAHd5AAB6eQAA8uvb68Xru+vFu67ru+vF65i7ruuC
63jreGLrYnjr2+tY6wAAEwEIgQRIAQAFaPlS+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgA
F2hEK4wAY0gBAGRoAAAAAGRoAAAAAGRo91L4ZhMBCIEESAEABWj3UvhmFmh4BcgAKwAI
gRVoEVQbABZoeAXIABdoEzTXAGNIAQBkaAAAAABkaAAAAABkaPdS+GYrAAiBFWgRVBsA
Fmh4BcgAF2j/Gc0AY0gBAGRoAAAAAGRoAAAAAGRo9lL4ZhkBCIEESAEABWj2UvhmFWgR
VBsAFmh4BcgAEwEIgQRIAQAFaPZS+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2jpFGUA
Y0gBAGRoAAAAAGRoAAAAAGRo9lL4Zh4DagAAAAAWaHgFyAAwShMAPAiBT0oDAFFKAwBV
CAEADBVoEVQbABZoeAXIAAAZAQiBBEgBAAVo9FL4ZhVoEVQbABZoeAXIAAAi+XEAAE1y
AABpcgAAanIAAHpyAAB7cgAAw3IAAMRyAAAUcwAARHMAAEVzAACMcwAAx3MAAMhzAADX
cwAA2HMAAAR0AAAFdAAATXQAAJR0AADRdAAAFnUAAF11AACjdQAApHUAAO11AAA2dgAA
f3YAAMZ2AAAQdwAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB0QdwAA
U3cAAJh3AACsdwAArXcAAPR3AAA7eAAAgHgAAMR4AAD9eAAA/ngAAEd5AACTeQAA1XkA
ANZ5AADXeQAA2HkAACF6AAAjegAAbHoAAG16AABuegAAsHoAAPR6AAA6ewAAeXsAAMl7
AAD8ewAA/XsAAP57AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHXp5
AAB+eQAAmnsAAKV7AACwewAA1XwAANZ8AADjfAAA5HwAAGF/AABofwAAxn8AAMd/AAD5
gAAA/4AAAAiBAAAJgQAAI4IAACSCAABPggAAUIIAAIiCAACTggAAlIIAAJyCAACnggAA
qIIAANyCAADdggAAGoMAACGDAAAngwAARoMAAEiDAADp4unY4tjiyOKy4sjinJKF4sji
yOJ7cXtxe+LI4nvicVsAAAAAAAAAAAAAAAAAKwAIgRVoEVQbABZoeAXIABdoB19qAGNI
AQBkaAAAAABkaAAAAABkaCxT+GYTAQiBBEgBAAVoK1P4ZhZoeAXIABMBCIEESAEABWgq
U/hmFmh4BcgAGQEIgQRIAQAFaPtS+GYVaBFUGwAWaHgFyAATAQiBBEgBAAVo+1L4ZhZo
eAXIACsACIEVaBFUGwAWaHgFyAAXaNVvXgBjSAEAZGgAAAAAZGgAAAAAZGj7UvhmKwAI
gRVoEVQbABZoeAXIABdo1W9eAGNIAQBkaAAAAABkaAAAAABkaPpS+GYeA2oAAAAAFmh4
BcgAMEoTADwIgU9KAwBRSgMAVQgBABMBCIEESAEABWj5UvhmFmh4BcgADBVoEVQbABZo
eAXIAAArAAiBFWgRVBsAFmh4BcgAF2hoPRMAY0gBAGRoAAAAAGRoAAAAAGRo+VL4ZgAh
/nsAAP97AAAAfAAAAXwAAAJ8AAADfAAABHwAAAV8AAAGfAAAB3wAAAh8AAAJfAAACnwA
AAt8AAAMfAAADXwAAA58AAAPfAAAEHwAABF8AAASfAAAE3wAABR8AAAVfAAAFnwAABd8
AAAYfAAAGXwAABp8AAAbfAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgA
AB0bfAAAHHwAAB18AAAefAAAH3wAACB8AAAhfAAAInwAACN8AAAkfAAAJXwAACZ8AAAn
fAAAKHwAACl8AAByfAAAdHwAAL18AAC+fAAAv3wAAMt8AADMfAAADn0AAFN9AACYfQAA
3n0AACV+AABtfgAAtH4AAPl+AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgF
yAAAHfl+AABAfwAAhn8AAK9/AACwfwAAyH8AAMl/AAAOgAAAVYAAAJ2AAADlgAAAOIEA
AHaBAAC7gQAAvIEAAASCAABBggAAQoIAAKmCAADrggAASYMAAFiDAACfgwAA54MAADCE
AAB3hAAAv4QAAAqFAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA7wAAAAAAAAAAAAAAAO8AAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDwBnZHgFyABvxgcBAQAsU/hmZCYBAAQPAGdk
eAXIAAAbSIMAAEmDAAB6gwAAkIMAAJeDAAChhAAAooQAAKeEAAD6hAAAAoUAAAiFAAAJ
hQAAEIUAAEyFAABYhQAAoYUAACiGAAAvhgAAM4YAAEmGAABKhgAA483GsMagisZ0anTG
dGpgxlZAxjYAAAAAEwEIgQRIAQAFaC9T+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2j9
B58AY0gBAGRoAAAAAGRoAAAAAGRoLlP4ZhMBCIEESAEABWguU/hmFmh4BcgAEwEIgQRI
AQAFaCxT+GYWaHgFyAATAQiBBEgBAAVoK1P4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAX
aCMwUABjSAEAZGgAAAAAZGgAAAAAZGgrU/hmKwAIgRVoEVQbABZoeAXIABdoB19qAGNI
AQBkaAAAAABkaAAAAABkaC1T+GYeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgB
ACsACIEVaBFUGwAWaHgFyAAXaKMu3ABjSAEAZGgAAAAAZGgAAAAAZGgqU/hmDBVoEVQb
ABZoeAXIAAArAAiBFWgRVBsAFmh4BcgAF2gHX2oAY0gBAGRoAAAAAGRoAAAAAGRoLFP4
ZjgACIEBCIEESAEABWgsU/hmFWgRVBsAFmh4BcgAF2gHX2oAY0gBAGRoAAAAAGRoAAAA
AGRoLFP4ZhQKhQAAo4UAAKSFAADnhQAANIYAAICGAAAzhwAAnIcAAOKHAAA8iAAAiIgA
AMyIAAAUiQAAFYkAABaJAAAXiQAAYIkAAGKJAACriQAArIkAAK2JAAAiigAAaYoAALGK
AAD+igAAGosAABuLAABSiwAAU4sAAJyLAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAE
DwBnZHgFyAAAHUqGAABwhgAAcoYAAKiGAAC/hgAAxoYAACOHAAAyhwAAOYcAAEeHAABN
hwAAUIcAAH2HAACQhwAA7YcAAPWHAAAGiAAACYgAABqIAAA1iAAAWogAAGGIAABniAAA
aIgAAK6JAAC4iQAAw4kAAOKJAADqiQAA84kAAP+JAAAAigAABooAABCKAAARigAALIoA
ADSKAAA6igAA+en50/nJv/m/+an5v/mTiZP5k/mTiXz5ZvmJ+WaJfGb5iflm+QAAAAAA
AAAAAAAAAAAAACsACIEVaBFUGwAWaHgFyAAXaHIkAwBjSAEAZGgAAAAAZGgAAAAAZGgy
U/hmGQEIgQRIAQAFaDJT+GYVaBFUGwAWaHgFyAATAQiBBEgBAAVoMlP4ZhZoeAXIACsA
CIEVaBFUGwAWaHgFyAAXaKxttgBjSAEAZGgAAAAAZGgAAAAAZGgyU/hmKwAIgRVoEVQb
ABZoeAXIABdoIxZ4AGNIAQBkaAAAAABkaAAAAABkaDBT+GYTAQiBBEgBAAVoMFP4ZhZo
eAXIABMBCIEESAEABWgvU/hmFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoI3QsAGNIAQBk
aAAAAABkaAAAAABkaC9T+GYeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgBAAwV
aBFUGwAWaHgFyAAlOooAADuKAAA8igAA64oAAPOKAAD6igAA+4oAAAqLAAAYiwAAYYsA
AGKLAAD2jAAA94wAAKyPAACtjwAATZAAAE6QAAAekQAANpEAAEyRAAClkQAAppEAAEWS
AABGkgAAbJMAAHGTAAB0kwAAdZMAAK+TAACwkwAAUZQAAFKUAAD6lAAAAJUAAASVAAD1
39jC9bXY9dil2KXYpdil2I+F2KXYpdiPhXjYpdil2GJYAAATAQiBBEgBAAVoR1P4ZhZo
eAXIACsACIEVaBFUGwAWaHgFyAAXaK9jBgBjSAEAZGgAAAAAZGgAAAAAZGhHU/hmGQEI
gQRIAQAFaEpT+GYVaBFUGwAWaHgFyAATAQiBBEgBAAVoSlP4ZhZoeAXIACsACIEVaBFU
GwAWaHgFyAAXaC4KAABjSAEAZGgAAAAAZGgAAAAAZGhKU/hmHgNqAAAAABZoeAXIADBK
EwA8CIFPSgMAUUoDAFUIAQAZAQiBBEgBAAVoM1P4ZhVoEVQbABZoeAXIACsACIEVaBFU
GwAWaHgFyAAXaGIZ6gBjSAEAZGgAAAAAZGgAAAAAZGgzU/hmDBVoEVQbABZoeAXIAAAr
AAiBFWgRVBsAFmh4BcgAF2hyJAMAY0gBAGRoAAAAAGRoAAAAAGRoM1P4ZhMBCIEESAEA
BWgzU/hmFmh4BcgAACKciwAA4IsAACKMAABpjAAAsowAAOGMAADijAAAK40AAHONAACz
jQAA9o0AADWOAAB9jgAAxY4AAA6PAABQjwAAmY8AAJqPAADbjwAAIpAAADaQAAA3kAAA
T5AAAFCQAAB2kAAAd5AAAJyQAACdkAAAw5AAAMSQAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
AAAAAAAEDwBnZHgFyAAAHcSQAADnkAAA6JAAAAuRAAAMkQAAa5EAALGRAADykQAAO5IA
AISSAADNkgAAzpIAAM+SAADQkgAAGZMAABuTAABkkwAAZZMAAGaTAACykwAA8ZMAADqU
AACClAAAkpQAAJOUAADblAAAJZUAAGyVAADElQAAFZYAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAAAAAAAAQPAGdkeAXIAAAdBJUAAAWVAAB9lQAAi5UAAKSVAAC4lQAA3JUAAOSVAADp
lQAA6pUAAPGVAAD3lQAADJYAABSWAAAjlgAAK5YAADSWAAA1lgAAQZYAAEWWAABSlgAA
W5YAAPuWAAD8lgAACpoAAAuaAADcmgAA3ZoAAAicAAAJnAAAepwAAHucAACXnAAAmJwA
AP2cAAD+nAAA/Z0AAP6dAABdngAAXp4AAIaeAACHngAAJp8AACefAABmogAAZ6IAANii
AADy69Xry+u1q57rteur67WrnqvrtavrjuuO647rjuuO647rjuuO647rjuuO64TrAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwEIgQRIAQAFaGdT+GYWaHgFyAAeA2oA
AAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgBABkBCIEESAEABWhbU/hmFWgRVBsAFmh4
BcgAEwEIgQRIAQAFaFtT+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2iIIl4AY0gBAGRo
AAAAAGRoAAAAAGRoW1P4ZhMBCIEESAEABWhaU/hmFmh4BcgAKwAIgRVoEVQbABZoeAXI
ABdoiCJeAGNIAQBkaAAAAABkaAAAAABkaFpT+GYMFWgRVBsAFmh4BcgAABkBCIEESAEA
BWhHU/hmFWgRVBsAFmh4BcgAAC4VlgAAeZYAAMKWAAAIlwAAKJcAACmXAABwlwAAuZcA
AP2XAAA9mAAAhJgAAMyYAAATmQAAXJkAAKKZAADpmQAADZoAAA6aAAApmgAAKpoAAHOa
AAC8mgAABJsAAEybAABwmwAAcZsAALabAAC/mwAAwJsAAAqcAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAAAAAAAEDwBnZHgFyAAAHQqcAAALnAAAU5wAAH2cAAB+nAAAmpwAAJucAADX
nAAA/5wAAACdAAABnQAAAp0AAEudAABNnQAAlp0AAJedAACYnQAA150AAP+dAAAAngAA
RZ4AAF+eAABgngAApp4AAL6eAAD/ngAAAJ8AAEqfAACTnwAA2p8AAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAd2p8AACKgAABAoAAAQaAAAEKgAABDoAAARKAA
AEWgAABGoAAAR6AAAEigAABJoAAASqAAAEugAABMoAAATaAAAE6gAABPoAAAUKAAAFGg
AABSoAAAU6AAAFSgAABVoAAAVqAAAFegAABYoAAAWaAAAFqgAABboAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB1boAAAXKAAAF2gAABeoAAAX6AAAGCgAABh
oAAAYqAAAGOgAABkoAAAraAAAK+gAAD4oAAA+aAAAPqgAABCoQAATaEAAE6hAACXoQAA
4KEAACiiAABrogAArKIAAPOiAAAzowAAW6MAAFyjAAC1owAA+KMAAAqkAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHdiiAADcogAA3qIAAN+iAAAOowAAD6MA
AI+jAACcowAArKMAAK2jAAAapAAAKKQAADSkAAA4pAAAOqQAADukAACHpAAAiKQAAJOk
AAClpAAApqQAANekAADYpAAAgKYAAIGmAADOpgAAz6YAAL2nAAC+pwAANKkAADWpAABq
qgAAa6oAANmqAADaqgAAAasAAAurAAAjqwAA6d/Sy7vLpZuOy5vLpZuOy5t4m47Lu8u7
y7vLu8u7y7vLu8tuywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAQiBBEgB
AAVocVP4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaO5cCgBjSAEAZGgAAAAAZGgAAAAA
ZGhoU/hmGQEIgQRIAQAFaGhT+GYVaBFUGwAWaHgFyAATAQiBBEgBAAVoaFP4ZhZoeAXI
ACsACIEVaBFUGwAWaHgFyAAXaPcnCgBjSAEAZGgAAAAAZGgAAAAAZGhoU/hmHgNqAAAA
ABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQAMFWgRVBsAFmh4BcgAABkBCIEESAEABWhn
U/hmFWgRVBsAFmh4BcgAEwEIgQRIAQAFaGdT+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgA
F2hrMjQAY0gBAGRoAAAAAGRoAAAAAGRoZ1P4ZgAlCqQAAAukAABgpAAAvKQAAAWlAABI
pQAAeqUAAHulAADCpQAACaYAAFKmAACcpgAA3qYAACanAABppwAAp6cAAPCnAAA2qAAA
f6gAAMWoAAAIqQAAT6kAAJGpAADYqQAAHqoAAE2qAABOqgAAmKoAAOGqAAD3qgAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB33qgAA+KoAAEerAACQqwAA16sA
ANirAADZqwAA2qsAACOsAAAlrAAAbqwAAG+sAABwrAAAtqwAAPusAABCrQAAia0AAK+t
AACwrQAA9q0AAB6uAAAfrgAAYq4AAKquAADxrgAAPq8AAIevAADPrwAAHLAAAB2wAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHSOrAAAqqwAAMasAADKrAABV
qwAAVqsAABmtAAAarQAA160AANitAAAcrgAAHa4AAI2uAACOrgAAF68AACCvAAAvrwAA
MK8AANevAADhrwAA6q8AAOuvAABSsAAAXrAAAGuwAADIsAAAybAAAMexAADIsQAA2rEA
ANuxAADp4tjiyOLI4sjivuLI4qiekeJ7cWTiTmTiyOLI4sgAACsACIEVaBFUGwAWaHgF
yAAXaM1R+wBjSAEAZGgAAAAAZGgAAAAAZGh2U/hmGQEIgQRIAQAFaHZT+GYVaBFUGwAW
aHgFyAATAQiBBEgBAAVodlP4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaN1FBABjSAEA
ZGgAAAAAZGgAAAAAZGh2U/hmGQEIgQRIAQAFaHVT+GYVaBFUGwAWaHgFyAATAQiBBEgB
AAVodVP4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaN1FBABjSAEAZGgAAAAAZGgAAAAA
ZGh1U/hmEwEIgQRIAQAFaHRT+GYWaHgFyAAeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBR
SgMAVQgBABMBCIEESAEABWhwU/hmFmh4BcgADBVoEVQbABZoeAXIAAArAAiBFWgRVBsA
Fmh4BcgAF2hYG6cAY0gBAGRoAAAAAGRoAAAAAGRocVP4ZgAeHbAAAHOwAAC7sAAABbEA
AEuxAABbsQAAXLEAAJ6xAADKsQAAy7EAABCyAAA6sgAAO7IAAImyAACcsgAAnbIAAOWy
AAACswAAA7MAAEmzAACMswAA0rMAABa0AABVtAAAnLQAAMm0AADKtAAAC7UAAFC1AACR
tQAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB3bsQAAULIAAFyyAABp
sgAAcbIAAHKyAAAdswAAHrMAAIO1AACEtQAAW7kAAF65AAC0uQAAtbkAAC+6AAAyugAA
NboAADa6AABBuwAAQrsAAKi7AACpuwAA97wAAPi8AADbvQAA3L0AAAK+AAAIvgAAUr4A
AFO+AADbvgAA3L4AAMG/AADKvwAA1r8AAPnj1vnM+bz5vPmy+bz5nJKF+bz5kvm8+bz5
e/l7+XH5W3EAAAAAAAAAACsACIEVaBFUGwAWaHgFyAAXaPVXYABjSAEAZGgAAAAAZGgA
AAAAZGiHU/hmEwEIgQRIAQAFaIdT+GYWaHgFyAATAQiBBEgBAAVohlP4ZhZoeAXIABkB
CIEESAEABWiCU/hmFWgRVBsAFmh4BcgAEwEIgQRIAQAFaIJT+GYWaHgFyAArAAiBFWgR
VBsAFmh4BcgAF2hxWXwAY0gBAGRoAAAAAGRoAAAAAGRoglP4ZhMBCIEESAEABWiBU/hm
Fmh4BcgAHgNqAAAAABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQATAQiBBEgBAAVoeFP4
ZhZoeAXIABkBCIEESAEABWh4U/hmFWgRVBsAFmh4BcgAKwAIgRVoEVQbABZoeAXIABdo
/kpCAGNIAQBkaAAAAABkaAAAAABkaHhT+GYMFWgRVBsAFmh4BcgAIpG1AADStQAAGLYA
ABm2AAAatgAAG7YAAGS2AABmtgAAr7YAALC2AACxtgAA9bYAAD23AACBtwAAxLcAAAm4
AABSuAAAlLgAANy4AAAkuQAARrkAAEe5AACSuQAA27kAAPG5AADyuQAAProAAIa6AADI
ugAAD7sAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAdD7sAAFi7AACW
uwAA3bsAABy8AAA7vAAAPLwAAHq8AAC+vAAA+rwAAPu8AABCvQAAi70AAM+9AADevQAA
370AAC2+AAB2vgAAvL4AAAK/AABBvwAAhr8AANm/AAAcwAAALsAAAC/AAAB0wAAAyMAA
ABzBAABjwQAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB3WvwAA178A
ACvAAAAswAAAfMAAAIPAAACQwAAAkcAAANDAAADWwAAA2sAAANvAAADwwAAA8cAAAPLA
AAD3wAAA+8AAAPzAAABIwQAAScEAADzCAABAwgAARcIAAEbCAABKwgAAS8IAAE/CAABb
wgAAZMIAAHfCAAAVwwAA8uvb68W7ruvFu67ru+vFu67r2+uYjq7rhHdt61frAAAAAAAA
AAAAAAAAAAAAAAAAAAArAAiBFWgRVBsAFmh4BcgAF2hEB9sAY0gBAGRoAAAAAGRoAAAA
AGRojVP4ZhMBCIEESAEABWiNU/hmFmh4BcgAGQEIgQRIAQAFaI1T+GYVaBFUGwAWaHgF
yAATAQiBBEgBAAVojFP4ZhZoeAXIABMBCIEESAEABWiOU/hmFmh4BcgAKwAIgRVoEVQb
ABZoeAXIABdovXzAAGNIAQBkaAAAAABkaAAAAABkaIpT+GYZAQiBBEgBAAVoilP4ZhVo
EVQbABZoeAXIABMBCIEESAEABWiKU/hmFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoSi9I
AGNIAQBkaAAAAABkaAAAAABkaIpT+GYeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMA
VQgBAAwVaBFUGwAWaHgFyAAAGQEIgQRIAQAFaIdT+GYVaBFUGwAWaHgFyAAAHmPBAABk
wQAAZcEAAGbBAACvwQAAscEAAPrBAAD7wQAA/MEAADPCAAA0wgAAj8IAANjCAAAjwwAA
asMAALDDAAD1wwAAOMQAAH7EAAC4xAAAucQAAP7EAABGxQAAmsUAAJvFAAD+xQAARcYA
AIbGAADHxgAAC8cAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAdFcMA
ABnDAAAawwAAG8MAANzDAADdwwAAeMUAAILFAACYxQAAp8UAAKvFAACwxQAAscUAALXF
AAC2xQAAusUAAM/FAADQxQAAncYAAJ7GAACPxwAAlMcAAJjHAAAryAAALMgAAHvIAADp
39LLu8ul38uPhXjLhcuFj8u7y2JYy07LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EwEIgQRIAQAFaJpT+GYWaHgFyAATAQiBBEgBAAVoj1P4ZhZoeAXIACsACIEVaBFUGwAW
aHgFyAAXaNNmewBjSAEAZGgAAAAAZGgAAAAAZGiPU/hmGQEIgQRIAQAFaIxT+GYVaBFU
GwAWaHgFyAATAQiBBEgBAAVojFP4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaL9KuABj
SAEAZGgAAAAAZGgAAAAAZGiMU/hmKwAIgRVoEVQbABZoeAXIABdo3wh5AGNIAQBkaAAA
AABkaAAAAABkaItT+GYeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgBAAwVaBFU
GwAWaHgFyAAAGQEIgQRIAQAFaItT+GYVaBFUGwAWaHgFyAATAQiBBEgBAAVoi1P4ZhZo
eAXIACsACIEVaBFUGwAWaHgFyAAXaL18wABjSAEAZGgAAAAAZGgAAAAAZGiLU/hmABkL
xwAAUMcAAJnHAADDxwAAxMcAAA3IAABQyAAAmcgAAMDIAADByAAACskAAErJAACNyQAA
rckAAK7JAADpyQAA+MkAAEDKAACBygAAwMoAAAbLAABPywAAl8sAAN3LAAAizAAAZ8wA
AITMAACFzAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAADvAAAAAAAAAAAAAAAA
7wAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAACw8AZ2R4BcgAb8YHAQEAnVP4ZmQmAQAEDwBnZHgFyAAA
G3vIAACGyAAAisgAAIvIAACMyAAAJMkAACXJAADoyQAA6ckAAATKAAAqzAAAM8wAADnM
AAA6zAAAPM0AAD3NAACczgAA6d/JvLWrtY54tWJYS7U7tQAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAeA2oAAAAAFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgBABkB
CIEESAEABWieU/hmFWgRVBsAFmh4BcgAEwEIgQRIAQAFaJ5T+GYWaHgFyAArAAiBFWgR
VBsAFmh4BcgAF2gkRaEAY0gBAGRoAAAAAGRoAAAAAGRonlP4ZisACIEVaBFUGwAWaHgF
yAAXaCRFoQBjSAEAZGgAAAAAZGgAAAAAZGidU/hmOAAIgQEIgQRIAQAFaJ1T+GYVaBFU
GwAWaHgFyAAXaCRFoQBjSAEAZGgAAAAAZGgAAAAAZGidU/hmABMBCIEESAEABWicU/hm
Fmh4BcgADBVoEVQbABZoeAXIAAAZAQiBBEgBAAVomlP4ZhVoEVQbABZoeAXIACsBCIED
agAAAAAESAEABWiaU/hmFmh4BcgAMEoTADwIgU9KAwBRSgMAVQgBEwEIgQRIAQAFaJpT
+GYWaHgFyAArAAiBFWgRVBsAFmh4BcgAF2jkbhEAY0gBAGRoAAAAAGRoAAAAAGRomlP4
ZgAQhcwAAIbMAACHzAAAiMwAAInMAADSzAAA1MwAAB3NAAAezQAAH80AAGTNAACtzQAA
880AADnOAAB7zgAAz84AABLPAABCzwAAQ88AAIvPAADUzwAAE9AAAFnQAACf0AAA59AA
ACnRAABw0QAAttEAAPzRAABA0gAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4
BcgAAB2czgAApc4AAK7OAACvzgAAzc4AAM7OAABKzwAAUM8AAFHPAADxzwAA8s8AAI/R
AACQ0QAAmNEAAJnRAACa0wAAotMAAKzTAACt0wAAFuUAABflAABj5gAAZOYAAAPnAAAE
5wAAhecAAIbnAAAw6QAAMekAADLpAABc6QAAXekAAIDpAACB6QAA6d/Sy9/LtavLm8ur
y6vLhXtuy2RgZGBkYGRWYGRgZGBkAAAAEhZoeAXIAENKFgBPSgQAUUoEAAAGFmh4BcgA
ABMDagAAAAAWaHgFyAAwShMAVQgBGQEIgQRIAQAFaHtT+GYVaBFUGwAWaHgFyAATAQiB
BEgBAAVoe1P4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaMlm/ABjSAEAZGgAAAAAZGgA
AAAAZGh7U/hmHgNqAAAAABZoeAXIADBKEwA8CIFPSgMAUUoDAFUIAQATAQiBBEgBAAVo
oFP4ZhZoeAXIACsACIEVaBFUGwAWaHgFyAAXaMsydwBjSAEAZGgAAAAAZGgAAAAAZGig
U/hmDBVoEVQbABZoeAXIAAAZAQiBBEgBAAVon1P4ZhVoEVQbABZoeAXIABMBCIEESAEA
BWifU/hmFmh4BcgAKwAIgRVoEVQbABZoeAXIABdoJUauAGNIAQBkaAAAAABkaAAAAABk
aJ9T+GYAIUDSAABV0gAAVtIAAFfSAABY0gAAWdIAAFrSAABb0gAAXNIAAF3SAABe0gAA
X9IAAGDSAABh0gAAYtIAAGPSAABk0gAAZdIAAGbSAABn0gAAaNIAAGnSAABq0gAAa9IA
AGzSAABt0gAAbtIAAG/SAABw0gAAcdIAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAAAAAAAAQP
AGdkeAXIAAAdcdIAAHLSAABz0gAAvNIAAL7SAAAH0wAACNMAAAnTAAAl0wAAJtMAAGzT
AAC80wAAAdQAADTUAABe1AAAX9QAAGDUAABh1AAAYtQAAGPUAABk1AAAZdQAAGbUAABn
1AAAaNQAAGnUAABq1AAAa9QAAGzUAABt1AAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAA
BA8AZ2R4BcgAAB1t1AAAbtQAAG/UAABw1AAAcdQAAHLUAABz1AAAdNQAAHXUAAB21AAA
d9QAAHjUAAB51AAAetQAAHvUAAB81AAAfdQAAH7UAAB/1AAAgNQAAIHUAACC1AAAg9QA
AITUAACF1AAAhtQAAIfUAACI1AAAidQAAIrUAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAAAA
AAAEDwBnZHgFyAAAHYrUAADT1AAA1dQAAB7VAAAf1QAAINUAADjVAAA51QAAY9UAAGTV
AABl1QAAZtUAAGfVAABo1QAAadUAAGrVAABr1QAAbNUAAG3VAABu1QAAb9UAAHDVAABx
1QAActUAAHPVAAB01QAAddUAAHbVAAB31QAAeNUAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
AAAAAAQPAGdkeAXIAAAdeNUAAHnVAAB61QAAe9UAAHzVAAB91QAAftUAAH/VAACA1QAA
gdUAAILVAACD1QAAhNUAAIXVAACG1QAAh9UAAIjVAACJ1QAAitUAAIvVAACM1QAAjdUA
AI7VAACP1QAAkNUAAJHVAACS1QAAk9UAANzVAADe1QAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAAAAAAABA8AZ2R4BcgAAB3e1QAAJ9YAACjWAAAp1gAAPtYAAD/WAACG1gAAydYAAMrW
AADL1gAAzNYAAM3WAADO1gAAz9YAANDWAADR1gAA0tYAANPWAADU1gAA1dYAANbWAADX
1gAA2NYAANnWAADa1gAA29YAANzWAADd1gAA3tYAAN/WAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAAAAAAAEDwBnZHgFyAAAHd/WAADg1gAA4dYAAOLWAADj1gAA5NYAAOXWAADm1gAA
59YAAOjWAADp1gAA6tYAAOvWAADs1gAA7dYAAO7WAADv1gAA8NYAAPHWAADy1gAA89YA
APTWAAD11gAA9tYAAPfWAAD41gAAQdcAAEPXAACM1wAAjdcAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAAAAAAAAQPAGdkeAXIAAAdjdcAAI7XAACd1wAAntcAALnXAAC61wAA/NcAAD3Y
AAA+2AAAhdgAAL/YAADA2AAACNkAAErZAABv2QAAcNkAAI3ZAACO2QAArtkAAPfZAAAy
2gAAdNoAAI7aAACP2gAA1toAAATbAABN2wAATtsAAJTbAADP2wAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAAAAAAABA8AZ2R4BcgAAB3P2wAA0NsAABfcAAAY3AAAVdwAAHLcAABz3AAA
u9wAAPHcAADy3AAANd0AAHDdAABx3QAAs90AAO7dAADv3QAAMt4AAFfeAABY3gAAlN4A
AMreAADL3gAAzN4AAM3eAAAW3wAAGN8AAGHfAABi3wAAY98AAKrfAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAA
AAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHarfAADj3wAAG+AAABzgAABk4AAAquAAAOHg
AADi4AAAKuEAAFXhAABW4QAAk+EAAM7hAADP4QAAGOIAAGHiAACT4gAAlOIAAJXiAACW
4gAAl+IAAJjiAACZ4gAAmuIAAJviAACc4gAAneIAAJ7iAACf4gAAoOIAAPoAAAAAAAAA
AAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAA
AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAAdoOIAAKHiAACi4gAAo+IAAKTiAACl4gAA
puIAAKfiAACo4gAAqeIAAKriAACr4gAArOIAAK3iAACu4gAAr+IAALDiAACx4gAAsuIA
ALPiAAC04gAAteIAAP7iAAAA4wAASeMAAErjAABL4wAAXuMAAF/jAABz4wAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAAAAAAABA8AZ2R4BcgAAB1z4wAAjeMAAKnjAADO4wAA1eMAANbj
AAD34wAA+OMAAPnjAAAJ5AAAG+QAACnkAAAy5AAAM+QAAD3kAABn5AAAaOQAAGnkAAB3
5AAAiOQAAI/kAACQ5AAAmuQAALPkAAC05AAAteQAALbkAAC35AAAuOQAALnkAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA
+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAA
APoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAA
AAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAA
AAAA+gAAAAAAAAAAAAAAAAAAAAAEDwBnZHgFyAAAHbnkAAC65AAAu+QAALzkAAC95AAA
vuQAAL/kAADA5AAAweQAAMLkAADD5AAAxOQAAMXkAADG5AAAx+QAAMjkAADJ5AAAyuQA
AMvkAADM5AAAFeUAABblAABj5gAAA+cAAIXnAAAx6QAAXOkAAIDpAADa6QAA+gAAAAAA
AAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAA
AAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAA
AAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAA
AAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoA
AAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6
AAAAAAAAAAAAAAAA+AAAAAAAAAAAAAAAAPgAAAAAAAAAAAAAAAD4AAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAPgAAAAAAAAAAAAAAAD4AAAAAAAAAAAAAAAA+AAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAARQAAAQPAGdkeAXIAAAcgekAANrpAADb6QAA9ekAAPbp
AAA56gAAOuoAAGHqAABi6gAAk+oAAJTqAADe6gAA3+oAAC7rAAAv6wAAhusAAIfrAADN
6wAAzusAAOrrAADr6wAAk+wAAJTsAACY7AAAF+0AABjtAAAZ7QAAbe0AAG7tAACU7QAA
le0AAMztAADN7QAAF+4AABjuAAAk7gAAJe4AALTuAAC17gAAP+8AAEDvAAD07wAA9e8A
ABHwAAAS8AAAbPAAAG3wAACA8AAAgfAAAKPwAACk8AAAYvEAAGPxAABt8QAAbvEAAKTx
AACl8QAAy/EAAMzxAADO8QAAz/EAANTxAADV8QAA8/EAAPTxAAAS8gAAE/IAADHyAAAy
8gAAdPIAAHXyAACs8gAArfIAANDyAADR8gAA6/IAAOzyAAD88gAA/fIAAGzzAABt8wAA
xPMAAMXzAAD88vzy/PL88vzy/PL88vzy/PL88vzy/OXY8vzy/PL88vzy/PL88vzy/PL8
8vzy/PL88vzy/PL88vzR/PL88vzy/PL88vzy/PL88vzy/PL88vzyAAAAAAwJagUASvAW
aHgFyAAAGBVoDSStABZoeAXIAENKFgBPSgQAUUoEAAAYFWgNJK0AFmh4BcgAQ0oYAE9K
AwBRSgMAABMDagAAAAAWaHgFyAAwShMAVQgBBhZoeAXIAFLa6QAA9ekAADnqAABh6gAA
k+oAAN7qAAAu6wAAhusAAM3rAADq6wAAk+wAABjtAABt7QAAlO0AAMztAAAX7gAAJO4A
ALTuAAA/7wAA9O8AABHwAABs8AAAgPAAAKPwAABi8QAAbfEAAKTxAADO8QAA1PEAAP0A
AAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9
AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA
/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD4AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAA
AP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAA
AAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAA
AAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAA
AAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAABFAAAHNTxAADz8QAAEvIAADHy
AAB08gAArPIAANDyAADr8gAA/PIAAGzzAADE8wAAJPQAAKL0AAAm9QAAofUAACP2AADb
9gAALvcAAET3AADQ9wAADvgAAN34AAC8+gAAE/sAAEr7AAAJ/AAAnfwAACj9AADZ/QAA
w/4AAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAA
AAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAA
AAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAA
AAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAA
AAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAA
AAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAA
AAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0A
AAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEUAAAdxfMAACT0AAAl9AAA
ovQAAKP0AAAm9QAAJ/UAAKH1AACi9QAAI/YAACT2AADb9gAA3PYAAC73AAAv9wAARPcA
AEX3AADQ9wAA0fcAAA74AAAP+AAAJ/gAAFv4AADd+AAA3vgAALz6AAC9+gAAE/sAABT7
AABK+wAAS/sAAAn8AAAK/AAAnfwAAJ78AAAo/QAAKf0AANn9AADa/QAAw/4AAMT+AAAn
/wAAW/8AAF7/AABf/wAAPgABAHMAAQCRAAEAkgABAJwAAQCdAAEA7AABAO0AAQBSAQEA
UwEBAL4BAQC/AQEAZgIBAGcCAQCjAgEApAIBAPYCAQD3AgEAEgMBABMDAQAUAwEAFQMB
AFoDAQBbAwEAMAQBADEEAQB0BAEAdQQBAHcEAQB4BAEAggQBAIMEAQAHBQEACAUBAEwF
AQBNBQEAkwUBAJQFAQD3BQEA+AUBAJIGAQCTBgEA+AYBAPkGAQAMBwEADQcBAPzy/PL8
8vzy/PL88vzy/PL88vzy/Ov88vzy/PL88vzy/PL88vzy/PL86/zy/Ov88vzy/PL88vzy
/PL88vzy/OT88vzy/PL85Pzy/PL88vzy/PL88vzy/PL88gAADAlqBQBK8BZoeAXIAAAM
FWgRVBsAFmh4BcgAABMDagAAAAAWaHgFyAAwShMAVQgBBhZoeAXIAFrD/gAAXv8AAJEA
AQCcAAEA7AABAFIBAQC+AQEAZgIBAKMCAQD2AgEAFAMBAFoDAQAwBAEAdwQBAIIEAQAH
BQEATAUBAJMFAQD3BQEAkgYBAPgGAQAMBwEAHwcBAKEHAQDHBwEA1wcBAIoIAQDJCAEA
tgkBALgKAQD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAA
AAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAA
AAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0A
AAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9
AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA
/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAA
AP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAA
AAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFAAAHQ0HAQAfBwEA
IAcBAKEHAQCiBwEAxwcBAMgHAQDXBwEA2AcBAIoIAQCLCAEAyQgBAMoIAQC2CQEAtwkB
ALgKAQC5CgEA7woBAPAKAQBQDAEAUQwBAF8MAQBgDAEAlAwBAJUMAQBlDgEAZg4BAFsP
AQBcDwEArA8BAK0PAQAREAEAEhABAPzy/PL88vzy/PL88vzy/PL88vzy/PL88vzy/PL8
8vzrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAADBVoEVQbABZoeAXIAAATA2oAAAAAFmh4BcgAMEoTAFUIAQYWaHgFyAAguAoBAO8K
AQBQDAEAXwwBAJQMAQBlDgEAWw8BAKwPAQAQEAEAERABABIQAQD9AAAAAAAAAAAAAAAA
/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAA
AP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAPsAAAAAAAAAAAAA
AAD2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPAGdkeAXIAAABAAAAARQAAAoiADpw
eAXIAB+w0C8gsO49IbA4BCKwOAQjkNACJJDQAiWwAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI4E
GAASAAEAFAEPAAIAAwADAAMAAAAEAAgAAACYAAAAngAAAJ4AAACeAAAAngAAAJ4AAACe
AAAAngAAAJ4AAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAB2AgAA
dgIAAHYCAAB2AgAAdgIAAHYCAAB2AgAAdgIAAHYCAAA2BgAANgYAADYGAAA2BgAANgYA
ADYGAAA+AgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYG
AAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2
BgAANgYAADYGAAA2BgAAqAAAADYGAAA2BgAAFgAAADYGAAA2BgAANgYAADYGAAA2BgAA
NgYAADYGAAA2BgAAuAAAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYA
ADYGAAA2BgAANgYAAGgBAABIAQAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYG
AAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2
BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAA
NgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYA
ADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYGAAA2BgAANgYAADYG
AAA2BgAANgYAADYGAAA2BgAANgYAADYGAACwAwAANgYAADYGAAA2BgAANgYAADYGAAA2
BgAANgYAADYGAAA2BgAANgYAADIGAAAaAAAAwAMAANADAADgAwAA8AMAAAAEAAAQBAAA
IAQAADAEAABABAAAUAQAAGAEAABwBAAAgAQAAJAEAADAAwAA0AMAAOADAADwAwAAAAQA
ABAEAAAyBgAAKAIAANgBAADoAQAAIAQAADAEAABABAAAUAQAAGAEAABwBAAAgAQAAJAE
AADAAwAA0AMAAOADAADwAwAAAAQAABAEAAAgBAAAMAQAAEAEAABQBAAAYAQAAHAEAACA
BAAAkAQAAMADAADQAwAA4AMAAPADAAAABAAAEAQAACAEAAAwBAAAQAQAAFAEAABgBAAA
cAQAAIAEAACQBAAAwAMAANADAADgAwAA8AMAAAAEAAAQBAAAIAQAADAEAABABAAAUAQA
AGAEAABwBAAAgAQAAJAEAADAAwAA0AMAAOADAADwAwAAAAQAABAEAAAgBAAAMAQAAEAE
AABQBAAAYAQAAHAEAACABAAAkAQAAMADAADQAwAA4AMAAPADAAAABAAAEAQAACAEAAAw
BAAAQAQAAFAEAABgBAAAcAQAAIAEAACQBAAAOAEAAFgBAAD4AQAACAIAABgCAABWAgAA
fgIAACAAAABPSgMAUEoDAFFKAwBfSAEEbUgJBG5ICQRzSAkEdEgJBAAAAAA8AABg8f8C
ADwADBAAABBdVQAAAAYATgBvAHIAbQBhAGwAAAACAAAAFABDShgAX0gBBG1ICQRzSAkE
dEgJBAAAAAAAAAAAAAAAAAAAAAAAAEQAQWDy/6EARAAMDQAAAAAAAAAAFgBEAGUAZgBh
AHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgAIABGAG8AbgB0AAAAAABSAGkA8/+zAFIA
DL0AAAAAAAAAAAwAVABhAGIAbABlACAATgBvAHIAbQBhAGwAAAAcABf2AwAANNYGAAEK
A2wANNYGAAEFAwAAYfYDAAACAAsAAAAoAGsg9P/BACgAAA0AAAAAAAAAAAcATgBvACAA
TABpAHMAdAAAAAIADAAAAAAAQABaQAEA8gBAAAwMEACTVLYAMAYKAFAAbABhAGkAbgAg
AFQAZQB4AHQAAAACAA8AEABDShUAT0oGAFFKBgBhShUARgD+D6IAAQFGAAwADwCTVLYA
MAYPAFAAbABhAGkAbgAgAFQAZQB4AHQAIABDAGgAYQByAAAAEABDShUAT0oGAFFKBgBh
ShUARACZQAEAEgFEAAwNEgAqaxYAMAYMAEIAYQBsAGwAbwBvAG4AIABUAGUAeAB0AAAA
AgARABAAQ0oSAE9KBwBRSgcAYUoSAEoA/g+iACEBSgAMAREAKmsWADAGEQBCAGEAbABs
AG8AbwBuACAAVABlAHgAdAAgAEMAaABhAHIAAAAQAENKEgBPSgcAUUoHAGFKEgBCACdA
ogAxAUIADA0AAKYdmgAwBhEAQwBvAG0AbQBlAG4AdAAgAFIAZQBmAGUAcgBlAG4AYwBl
AAAACABDShIAYUoSADgAHkABAEIBOAAMDRUAph2aADAGDABDAG8AbQBtAGUAbgB0ACAA
VABlAHgAdAAAAAIAFAAEAGFKGABCAP4PogBRAUIADAEUAKYdmgAwBhEAQwBvAG0AbQBl
AG4AdAAgAFQAZQB4AHQAIABDAGgAYQByAAAACABDShgAYUoYAEgAagBBAUIBSAAMDRcA
ph2aADAGDwBDAG8AbQBtAGUAbgB0ACAAUwB1AGIAagBlAGMAdAAAAAIAFgAOADUIgUNK
FABcCIFhShQARgD+D1IBcQFGAAwBFgCmHZoAMAYUAEMAbwBtAG0AZQBuAHQAIABTAHUA
YgBqAGUAYwB0ACAAQwBoAGEAcgAAAAYANQgBXAgBUEsDBBQABgAIAAAAIQAbiY4b/gAA
ABwCAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbKyRz2rDMAzG74O9g/F1JE53GGMk6WHt
bvtz6B5AOEpilsjGVkv79lPSFsYohcEuBlnS9/0klcv9OKgdxuQ8VXqRF1ohWd846ir9
uXnJHrVKDNTA4AkrfcCkl/XtTbk5BExKuilVumcOT8Yk2+MIKfcBSTKtjyOwhLEzAewX
dGjui+LBWE+MxBlPGrouV9jCdmC13sv3kUTatXo+1k1WlYYQBmeBBdRMWVOX7wIeXYPq
AyK/wShVhgUBf76L/LrWjppfwJlvW2ex8XY7CmY+S979xfMVSIaN/+N8EjsDXFhWxCFd
2daFCU/nyKVz3mjqXUhnBzPftv4GAAD//wMAUEsDBBQABgAIAAAAIQCl1qfnwAAAADYB
AAALAAAAX3JlbHMvLnJlbHOEj89qwzAMh++FvYPRfVHSwxgldi+lkEMvo30A4Sh/aCIb
2xvr20/HBgq7CISk7/epPf6ui/nhlOcgFpqqBsPiQz/LaOF2Pb9/gsmFpKclCFt4cIaj
e9u1X7xQ0aM8zTEbpUi2MJUSD4jZT7xSrkJk0ckQ0kpF2zRiJH+nkXFf1x+YnhngNkzT
9RZS1zdgro+oyf+zwzDMnk/Bf68s5UUEbjeUTGnkYqGoL+NTvZCoZarUHtC1uPnW/QEA
AP//AwBQSwMEFAAGAAgAAAAhAGt5lhaDAAAAigAAABwAAAB0aGVtZS90aGVtZS90aGVt
ZU1hbmFnZXIueG1sDMxNCsMgEEDhfaF3kNk3Y7soRWKyy6679gBDnBpBx6DSn9vX5eOD
N87fFNWbSw1ZLJwHDYplzS6It/B8LKcbqNpIHMUsbOHHFebpeBjJtI0T30nIc1F9I9WQ
ha213SDWtSvVIe8s3V65JGo9i0dX6NP3KeJF6ysmCgI4/QEAAP//AwBQSwMEFAAGAAgA
AAAhAJ1ci74QBwAAhx0AABYAAAB0aGVtZS90aGVtZS90aGVtZTEueG1s7FlPbxtFFL8j
8R1Ge28TJ06aRHWq2LEJtGmj2C3qcbw79k4zu7OaGSfxDbVHJCREQRyoxI0DAiq1Epfy
aQJFUKR+Bd7M7K534nHjlAAVNIfWO/t7b977vT/zZ69eO04YOiRCUp42gtrlxQCRNOQR
TYeN4Havc2ktQFLhNMKMp6QRjIkMrm2++85VvKFikhAE8qncwI0gVirbWFiQIQxjeZln
JIV3Ay4SrOBRDBcigY9Ab8IWlhYXVxcSTNMApTgBtbcGAxoS1NMqg81CeZvBY6qkHgiZ
6GrVxJEw2OigphFyLFtMoEPMGgHME/GjHjlWAWJYKnjRCBbNX7CweXUBb+RCTM2Qrch1
zF8ulwtEB0tmTjHsl5PWOvX1K9ulfgNgahrXbrdb7VqpzwBwGIKn1paqznpnrdYsdFZA
9ue07tbiymLdxVf0L0/ZvN5sNlfWc1usUgOyP+tT+LXF1frWkoM3IItfmcLXm1ut1qqD
NyCLX53Cd66sr9ZdvAHFjKYHU2gd0E4n115CBpzteOFrAF9bzOETFGRDmV16igFP1axc
S/A9LjoA0ECGFU2RGmdkgEPI4hZmtC+ongBvEFx5Y4dCOTWk50IyFDRTjeCDDENFTPS9
fPbdy2dP0Mn9pyf3fzx58ODk/g9WkSO1g9NhVerFN5/+8egj9PuTr188/NyPl1X8L99/
/PNPn/mBUD4Tc55/8fjXp4+ff/nJb98+9MC3BO5X4T2aEIlukiO0zxNwzLDiWk764nwS
vRjTqsRWOpQ4xXoWj/62ih30zTFm2INrEpfBOwLahw/43uieY3A3FiOVx9vx7HqcOMBd
zlmTCy8L1/VcFZp7o3Ton1yMqrh9jA99c7dw6sS3Pcqgb1KfylZMHDP3GE4VHpKUKKTf
8QNCPHzdpdThdZeGgks+UOguRU1MvZT0aN/JponQDk0gLmOfgRBvh5vdO6jJmc/rbXLo
IqEqMPMY3yPMofE9PFI48ans4YRVCb+BVewzsjsWYRXXlgoiPSSMo3ZEpPTJ3BLgbyXo
16F1+MO+y8aJixSKHvh03sCcV5Hb/KAV4yTzYbs0javY9+UBpChGe1z54LvcrRD9DHHA
6cxw36HECffZ3eA2HTomTRJEvxkJHUto1U4HTmj6qnacQDfO3bm4dgwN8PlXjzyZ9aY2
4i0gwVcJO6fa7yzc6abb4iKib37P3cajdI9Amk8vPG9b7tuWG/znW+6sep630U56K7Rd
vb2xm2KzRU5m7pAHlLGuGjNyQ5pNsoR1IurAoJYzp0NSnpiyGH7mfd3BDQU2Mkhw9SFV
cTfGGWywa4FWMpS56qFEGZdwsDPDXt0aD5t0ZY+FK/rAYPuBxGqXR3Z4WQ8X54JSjVlt
hubwWUy0rBXMO9nylVwpuP06k9W0UXPPVjOmmVbnzFa6DDGcdg0GSzZhA4Jg2wIsr8L5
XE8NBxPMSKR5t2tvERYThb8nRLnX1pEYR8SGyBmusFkzsStSyFwQQEp5Qnc+NkvWgLSz
jTBpMTt/5iS5UDAhWZfdqWpiabW2WIqOGsH6ytJKgEKcNYIBHEnhZ5JB0KTesmE2hHud
UAmbtWfWoinSicfr/qyqwS3DjIJxyjgTUm1jGdsYmld5qFiqZ7L2L63UdbJdjAM2UV/D
iuU1SJF/zQoItRtaMhiQUFWDXRnR3NnHvBPykSKiG0dHqM9GYh9D+IFT7U9EJdwsmILW
D3ANptk2r9zemnea6uWTwdlxzLIY591SX6MUFWfhpt5KG8xTxTzwzWu7ce78ruiKvyhX
qmn8P3NFLwdw0F+OdARCuIUVGOl6bQRcqJhDF8piGnYErPumd0C2wFUqvAby4S7Y/C/I
of7f1pzVYcoazmtqnw6RoLCcqFgQsgdtyWTfGcpq+dJjVbJckcmoirkys2b3ySFhPd0D
V3UPDlAMqW66Sd4GDO50/rnPeQX1h3qPUq03p4eUS6etgX9642KLGZw6tZfQ+VvwX5ro
Wf2svBEv1siqI/rFZJdUL6rCWfzW1/OpXtOEeRbgylprO9aUx0srhXEQxWmPYbDcz2Rw
XYP0P7D+UREy+2FBL6g9vg+9FcF3Assfgqy+pLsaZJBukPZXH/Y9dtAmk1Zlqc13Ppq1
YrG+4I1qOe8psrVl88T7nGSXmyh3OqcWL5LsnGGHazs2k2qI7OkShaFBcQ4xgTFfpKof
jXj/HgR6G67nR8x+RpIZPJk6yPaEya4+j8b5TybtgmuzTp9hNJKl+2SAaHRcnD9KJmwJ
2U8ZxRbZoLWYTrRScNl3aHAFc7wWtatlKbx0tnApYWaGll0KmxsynwL4kJU3bn20A7xt
stZrXVwFUyz9K5TNYbyfMu/JZ17K7EHxlYF6DcrU8aspy5kC8qYTDz5FCgxHk67pv7Do
2Ew3Kbv5JwAAAP//AwBQSwMEFAAGAAgAAAAhAA3RkJ+2AAAAGwEAACcAAAB0aGVtZS90
aGVtZS9fcmVscy90aGVtZU1hbmFnZXIueG1sLnJlbHOEj00KwjAUhPeCdwhvb9O6EJEm
3YjQrdQDhOQ1DTY/JFHs7Q2uLAguh2G+mWm7l53JE2My3jFoqhoIOumVcZrBbbjsjkBS
Fk6J2TtksGCCjm837RVnkUsoTSYkUiguMZhyDidKk5zQilT5gK44o49W5CKjpkHIu9BI
93V9oPGbAXzFJL1iEHvVABmWUJr/s/04GolnLx8WXf5RQXPZhQUoosbM4CObqkwEylu6
usTfAAAA//8DAFBLAQItABQABgAIAAAAIQAbiY4b/gAAABwCAAATAAAAAAAAAAAAAAAA
AAAAAABbQ29udGVudF9UeXBlc10ueG1sUEsBAi0AFAAGAAgAAAAhAKXWp+fAAAAANgEA
AAsAAAAAAAAAAAAAAAAALwEAAF9yZWxzLy5yZWxzUEsBAi0AFAAGAAgAAAAhAGt5lhaD
AAAAigAAABwAAAAAAAAAAAAAAAAAGAIAAHRoZW1lL3RoZW1lL3RoZW1lTWFuYWdlci54
bWxQSwECLQAUAAYACAAAACEAnVyLvhAHAACHHQAAFgAAAAAAAAAAAAAAAADVAgAAdGhl
bWUvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQABgAIAAAAIQAN0ZCftgAAABsBAAAnAAAA
AAAAAAAAAAAAABkKAAB0aGVtZS90aGVtZS9fcmVscy90aGVtZU1hbmFnZXIueG1sLnJl
bHNQSwUGAAAAAAUABQBdAQAAFAsAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGlu
Zz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KPGE6Y2xyTWFwIHhtbG5zOmE9Imh0
dHA6Ly9zY2hlbWFzLm9wZW54bWxmb3JtYXRzLm9yZy9kcmF3aW5nbWwvMjAwNi9tYWlu
IiBiZzE9Imx0MSIgdHgxPSJkazEiIGJnMj0ibHQyIiB0eDI9ImRrMiIgYWNjZW50MT0i
YWNjZW50MSIgYWNjZW50Mj0iYWNjZW50MiIgYWNjZW50Mz0iYWNjZW50MyIgYWNjZW50
ND0iYWNjZW50NCIgYWNjZW50NT0iYWNjZW50NSIgYWNjZW50Nj0iYWNjZW50NiIgaGxp
bms9ImhsaW5rIiBmb2xIbGluaz0iZm9sSGxpbmsiLz4MAFMAdABlAHAAaABlAG4AIABL
AGUAbgB0ACUFAACRFwAAShgAANwcAAC5IQAA5iEAAPwhAABPIgAAjSIAAJ0jAACzIwAA
RiQAAH8kAADaJAAA1iUAAJImAAAMKAAAVSoAAMcqAAB6KwAABiwAAC8tAAAwLgAA8C4A
APIwAABrMgAAPjYAAHE3AAAHOwAAdzsAADw9AAB2PgAA000AAApPAACEUQAA2lQAAC9V
AACXVQAA9lYAADhYAACLXQAAxmMAAJ9lAAAeZgAAs2cAAAVvAADjdAAAxncAACN6AABP
egAA3HoAAKF8AABwfgAAcX4AAGGDAAD2hAAArIcAAE2IAACliQAARYoAAK+LAABRjAAA
+44AAAqSAADckgAACJQAAHqUAACXlAAA/ZQAAP2VAABdlgAAhpYAACaXAAAOmwAA15wA
AICeAADOngAAvZ8AADShAABqogAA2aIAAFWjAAAZpQAA16UAAI2mAADIqAAAx6kAANqp
AAAdqwAAg60AALSxAABBswAA97QAANu1AAAruAAASLkAANy7AACdvgAAisAAADzFAADx
xwAAEggBAAMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAHBdoCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAASBhoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAq0hoCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAS0loCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
JxVnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAQBVnCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAAVRVnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAIBZnCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAAMxZnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAo0lo
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAZRZnCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAAeBZnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAMwNoCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAAmhZnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAuRZnCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA6xZnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAA
AAAAKhdnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA2kloCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAAsRpnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAASRlnCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAkxlnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
qhlnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAxBlnCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAA2BlnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAIRpnCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAAZhpnCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAcgRo
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAgwRoCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAA5RhoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAgRloCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAA9hhoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA6BloCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA1x1oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAA
AAAAJB5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA1R5oCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAAfB9oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAgR9oCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAbh9oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
1B9oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA9x9oCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAAfSBoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAJCFoCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAAUiFoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAcCFo
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAArSFoCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAAayJoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAqy9oCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAAojJoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAOiNoCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAxyxoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAA
AAAA7y1oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA0i1oCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAAKS5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAxC5oCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAlS9oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
ADBoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA0DBoCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAAsTBoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA0zFoCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAACDJoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAWTJo
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAdzRoCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAA2jdoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAEjhoCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAAjDhoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA0zhoCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAUDloCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAA
AAAAgzloCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAZjloCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAAsTloCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA1jloCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAFDpoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
KzpoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAApDpoCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAA/zpoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAIDtoCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAAbTtoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAApTto
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAujtoCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAAsTxoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAmzxoCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAA3DxoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAADj1oCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAtj1oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAA
AAAACD5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAJz5oCgMAUwBUAEsAAAAAAAAA
AAAAAAAAAAAAAAAAOj5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAkT5oCgMAUwBU
AEsAAAAAAAAAAAAAAAAAAAAAAAAAzj5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA
5T5oCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA4D9oCgMAUwBUAEsAAAAAAAAAAAAA
AAAAAAAAAAAAD0BoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAWEBoCgMAUwBUAEsA
AAAAAAAAAAAAAAAAAAAAAAAA0kBoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAANUFo
CgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAA4UFoCgMAUwBUAEsAAAAAAAAAAAAAAAAA
AAAAAAAADkJoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAU0JoCgMAUwBUAEsAAAAA
AAAAAAAAAAAAAAAAAAAAr0VoCgMAUwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAArEZoCgMA
UwBUAEsAAAAAAAAAAAAAAAAAAAAAAAAAP0doCptT+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAKhT+GYAAAAAAAAAAAAAAAAAAKpT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAKxT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAA
AAAAAAAAAAAAAK1T+GYAAAAAAAAAAAAAAAAAAK1T+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAA
AAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAA
AAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAA
AAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAA
AAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYA
AAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT
+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAA
AJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAA
AAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAAAAAAAAAAAJtT+GYAAAAAAAAA
AAAAAAAAAJxT+GYAAAAAAAAAAAAAAAAAAJ9T+GYAAAAAAAAAAAAAAAAAAKJT+GYAAAAA
AAAAAAAAAAAAAAAAAABNAQAA7QEAAG8CAAAbBAAARgQAAGoEAADEBAAA3wQAACMFAABL
BQAAfQUAAMgFAAAYBgAAcAYAALcGAADUBgAAfQcAAAIIAABXCAAAfggAALYIAAABCQAA
DgkAAJ4JAAApCgAA3goAAPsKAABWCwAAagsAAI0LAABMDAAAVwwAAI4MAAC4DAAAvgwA
AN0MAAD8DAAAGw0AAF4NAACWDQAAug0AANUNAADmDQAAVg4AAK4OAAAODwAAjA8AABAQ
AACLEAAADREAAMURAAAYEgAALhIAALoSAAD4EgAAxxMAAKYVAAD9FQAANBYAAPMWAACH
FwAAEhgAAMMYAACtGQAASBoAAHsbAACGGwAA1hsAADwcAACoHAAAUB0AAI0dAADgHQAA
/h0AAEQeAAAaHwAAYR8AAGwfAADxHwAANiAAAH0gAADhIAAAfCEAAOIhAAD2IQAACSIA
AIsiAACxIgAAwSIAAHQjAACzIwAAoCQAAKIlAADZJQAAOicAAEknAAB+JwAATykAAEUq
AACWKgAA+ioAAP0qAAAAAAAAEggBAAYAAMQCAAAA/////wAIAABBJwAAyywAAAQzAAAk
OQAAsz4AAP5BAABQSgAADlYAAA1dAAAxYAAAUWcAACJvAAB6eQAASIMAAEqGAAA6igAA
BJUAANiiAAAjqwAA27EAANa/AAAVwwAAe8gAAJzOAACB6QAAxfMAAA0HAQASEAEADQEA
ABUBAAAXAQAAGQEAABsBAAAdAQAAHwEAACIBAAAkAQAAJwEAACgBAAArAQAALQEAADAB
AAA0AQAANgEAADcBAAA6AQAAPwEAAEIBAABEAQAARwEAAEkBAABLAQAATQEAAFsBAABe
AQAAYAEAAAAIAAAvDQAA9REAAFEXAAAgGwAA9yAAAKUkAAAAKgAAFy8AADk1AACROQAA
xD4AAOpEAABZSgAAbFAAAAdWAADgWwAA3mAAAOllAACybAAA+XEAABB3AAD+ewAAG3wA
APl+AAAKhQAAnIsAAMSQAAAVlgAACpwAANqfAABboAAACqQAAPeqAAAdsAAAkbUAAA+7
AABjwQAAC8cAAIXMAABA0gAAcdIAAG3UAACK1AAAeNUAAN7VAADf1gAAjdcAAM/bAACq
3wAAoOIAAHPjAAC55AAA2ukAANTxAADD/gAAuAoBABIQAQAOAQAADwEAABABAAARAQAA
EgEAABMBAAAUAQAAFgEAABgBAAAaAQAAHAEAAB4BAAAgAQAAIQEAACMBAAAlAQAAJgEA
ACkBAAAqAQAALAEAAC4BAAAvAQAAMQEAADIBAAAzAQAANQEAADgBAAA5AQAAOwEAADwB
AAA9AQAAPgEAAEABAABBAQAAQwEAAEUBAABGAQAASAEAAEoBAABMAQAATgEAAE8BAABQ
AQAAUQEAAFIBAABTAQAAVAEAAFUBAABWAQAAVwEAAFgBAABZAQAAWgEAAFwBAABdAQAA
XwEAAGEBAAD//2UACgAAAAABHBdoCv////8AAAABSBhoCv////8AAAABq0hoCv////8A
AAABS0loCv////8AAAABJxVnCv////8AAAABQBVnCv////8AAAABVRVnCv////8AAAAB
IBZnCv////8AAAABMxZnCv////8AAAABo0loCv////8AAAABZRZnCv////8AAAABeBZn
Cv////8AAAABMwNoCv////8AAAABmhZnCv////8AAAABuRZnCv////8AAAAB6xZnCv//
//8AAAABKhdnCv////8AAAAB2kloCv////8AAAABsRpnCv////8AAAABSRlnCv////8A
AAABkxlnCv////8AAAABqhlnCv////8AAAABxBlnCv////8AAAAB2BlnCv////8AAAAB
IRpnCv////8AAAABZhpnCv////8AAAABcgRoCv////8AAAABgwRoCv////8AAAAB5Rho
Cv////8AAAABgRloCv////8AAAAB9hhoCv////8AAAAB6BloCv////8AAAAB1x1oCv//
//8AAAABJB5oCv////8AAAAB1R5oCv////8AAAABfB9oCv////8AAAABgR9oCv////8A
AAABbh9oCv////8AAAAB1B9oCv////8AAAAB9x9oCv////8AAAABfSBoCv////8AAAAB
JCFoCv////8AAAABUiFoCv////8AAAABcCFoCv////8AAAABrSFoCv////8AAAABayJo
Cv////8AAAABqy9oCv////8AAAABojJoCv////8AAAABOiNoCv////8AAAABxyxoCv//
//8AAAAB7y1oCv////8AAAAB0i1oCv////8AAAABKS5oCv////8AAAABxC5oCv////8A
AAABlS9oCv////8AAAABADBoCv////8AAAAB0DBoCv////8AAAABsTBoCv////8AAAAB
0zFoCv////8AAAABCDJoCv////8AAAABWTJoCv////8AAAABdzRoCv////8AAAAB2jdo
Cv////8AAAABEjhoCv////8AAAABjDhoCv////8AAAAB0zhoCv////8AAAABUDloCv//
//8AAAABgzloCv////8AAAABZjloCv////8AAAABsTloCv////8AAAAB1jloCv////8A
AAABFDpoCv////8AAAABKzpoCv////8AAAABpDpoCv////8AAAAB/zpoCv////8AAAAB
IDtoCv////8AAAABbTtoCv////8AAAABpTtoCv////8AAAABujtoCv////8AAAABsTxo
Cv////8AAAABmzxoCv////8AAAAB3DxoCv////8AAAABDj1oCv////8AAAABtj1oCv//
//8AAAABCD5oCv////8AAAABJz5oCv////8AAAABOj5oCv////8AAAABkT5oCv////8A
AAABzj5oCv////8AAAAB5T5oCv////8AAAAB4D9oCv////8AAAABD0BoCv////8AAAAB
WEBoCv////8AAAAB0kBoCv////8AAAABNUFoCv////8AAAAB4UFoCv////8AAAABDkJo
Cv////8AAAABU0JoCv////8AAAABr0VoCv////8AAAABrEZoCv////8AAAABP0doCv//
//8bBQAAjRcAAEEYAADSHAAAsyEAAOAhAADyIQAAQiIAAIkiAACYIwAAryMAADwkAAB4
JAAA1iQAAMslAACLJgAAACgAAEoqAAC/KgAAcSsAAAIsAAArLQAAKC4AAO0uAADtMAAA
ZzIAADY2AABrNwAABDsAAHA7AAAyPQAAcz4AAMxNAAABTwAAglEAANVUAAAqVQAAlFUA
APNWAAA2WAAAg10AAMBjAACYZQAAFmYAAKpnAAD4bgAA3HQAAMF3AAAaegAAS3oAANV6
AACZfAAAaH4AAGh+AABZgwAA4YQAAKCHAABIiAAAoIkAAEGKAACniwAASIwAAPSOAAAG
kgAA1ZIAAAKUAAB0lAAAlZQAAO+UAADvlQAAT5YAAH+WAAAglwAAB5sAAM+cAAB4ngAA
xp4AAK+fAAAuoQAAZKIAANCiAABPowAAEqUAAM2lAACGpgAAw6gAAMKpAADTqQAAD6sA
AHutAACtsQAAM7MAAPG0AADXtQAAJLgAAEC5AADWuwAAkr4AAHvAAAA2xQAA58cAABjd
AAAAAAAAAQAAAAIAAAADAAAABAAAAAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAM
AAAADQAAAA4AAAAPAAAAEAAAABEAAAASAAAAEwAAABQAAAAVAAAAFgAAABcAAAAYAAAA
GQAAABoAAAAbAAAAHAAAAB0AAAAeAAAAHwAAACAAAAAhAAAAIgAAACMAAAAkAAAAJQAA
ACYAAAAnAAAAKAAAACkAAAAqAAAAKwAAACwAAAAtAAAALgAAAC8AAAAwAAAAMQAAADIA
AAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAOgAAADsAAAA8AAAAPQAAAD4AAAA/
AAAAQAAAAEEAAABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAA
TAAAAE0AAABOAAAATwAAAFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAA
AFkAAABaAAAAWwAAAFwAAABdAAAAXgAAAF8AAABgAAAAYQAAAGIAAABjAAAAZAAAACUF
AACRFwAAShgAANwcAAC5IQAA5iEAAPwhAABPIgAAjSIAAJ0jAACzIwAARiQAAH8kAADa
JAAA1iUAAJImAAAMKAAAVSoAAMcqAAB6KwAABiwAAC8tAAAwLgAA8C4AAPIwAABrMgAA
PjYAAHE3AAAHOwAAdzsAADw9AAB2PgAA000AAApPAACEUQAA2lQAAC9VAACXVQAA9lYA
ADhYAACLXQAAxmMAAJ9lAAAeZgAAs2cAAAVvAADjdAAAxncAACN6AABPegAA3HoAAKF8
AABwfgAAcX4AAGGDAAD2hAAArIcAAE2IAACliQAARYoAAK+LAABRjAAA+44AAAqSAADc
kgAACJQAAHqUAACXlAAA/ZQAAP2VAABdlgAAhpYAACaXAAAOmwAA15wAAICeAADOngAA
vZ8AADShAABqogAA2aIAAFWjAAAZpQAA16UAAI2mAADIqAAAx6kAANqpAAAdqwAAg60A
ALSxAABBswAA97QAANu1AAAruAAASLkAANy7AACdvgAAisAAADzFAADxxwAAGN0AAAAA
AABDAAAASwAAAC8GAAA1BgAAYAkAAGgJAAB5EgAAgRIAAK0UAAC2FAAApRYAAKoWAABP
GgAAZxoAALAbAAC4GwAAFSEAABkhAABWIQAAVyEAAAolAAASJQAApi8AAK4vAAA3OgAA
PzoAANlEAADhRAAA9koAAPtKAACdTgAAqk4AAJBPAACYTwAAOVAAAEZQAABuVgAAclYA
ALFaAAC1WgAANlwAAD5cAAAcaAAAJGgAAPVoAAD6aAAAjWkAAJNpAADYcQAA4HEAACl0
AAAxdAAAG3sAAB97AABMfQAAUH0AAB5/AAAifwAAF4EAAB+BAAAXhgAAI4YAACWGAAAw
hgAAO4YAAEaGAADQigAA2IoAAAKVAAAKlQAAmpYAAKCWAABkmAAAbJgAAAOaAAAbmgAA
4JwAAOacAABsogAAcKIAANqjAADiowAAtqkAAL2pAACGrAAAiqwAABuuAAAjrgAAfbIA
AIGyAABmuQAAbrkAAInEAACRxAAAc8oAAHvKAAA6zAAAUswAAIrMAACSzAAAk80AAJvN
AACUzgAAqc4AAL/OAADHzgAA+M4AAADPAADIzwAAz88AAEzQAABS0AAAztAAANfQAACU
0QAArNEAALzRAADE0QAAstIAALrSAABc0wAAYtMAACbUAAAs1AAAANUAAAfVAACP1QAA
ktUAAP3VAAAD1gAAZtYAAG/WAAB11gAAetYAAM3WAADV1gAAfdcAAIPXAAC/1wAAxNcA
ADbYAAA82AAAQtgAAEfYAABv2QAAddkAAILZAACI2QAA3dkAAOPZAAD12QAA/NkAALXa
AAC92gAAatsAAHLbAACb2wAAo9sAAPzbAAAB3AAAzNwAANTcAAAW3QAAXd8AAGHfAAB1
4QAAduEAAOzjAAD14wAApeQAAK7kAABm6AAAaugAAJ3oAACh6AAAnukAAKLpAACx6wAA
uusAAKLtAACm7QAA3u4AAOLuAAD/9AAAA/UAADD5AAA0+QAAP/sAAEL7AADZ/AAA3PwA
APD9AAD0/QAAEwgBAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcA
HAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH
ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwA
BwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAbAAcAHAAHABwABwAcAAcAHAAHABwABwAc
AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcA
HAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH
ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcABwAcAAcAHAAHAAQABwAcAAcA
HAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwABAAAABAAA
AAgAAADlAAAAAAAAAAAAAAB4BcgAAAAAABbdAAAQCAEAEwgBAAEAAAAAAAAAAQAAAP9A
AhAAAAAAAAAAEggBAGAAABAAQAAA//8CAAAABwBVAG4AawBuAG8AdwBuAAwAUwB0AGUA
cABoAGUAbgAgAEsAZQBuAHQA//8CAAgAAAAAAAAAAAAAAAAAAAAAAAAAAQD//wIAAAAA
AAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAACAAAAEcGkAEAAAICBgMFBAUCAwQDAAAA
AAAAAAAAAAAAAAAAAQAAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAA
ADUGkAECAAIABQAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAgAAAAABTAHkAbQBiAG8A
bAAAADMGkAEAAAILBgQCAgICAgQDAAAAAAAAAAAAAAAAAAAAAQAAAAAAAABBAHIAaQBh
AGwAAAA3BpABAAACBAUDBQQGAwIEAwAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAQwBhAG0A
YgByAGkAYQAAADUGkAEAAAIABQAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAQAAAAAAAABN
AG8AbgBhAGMAbwAAADsGkAECAAUCAQIBCAQIBwgAAAAAAAAAAAAAAQAAAAAAAAAAgAAA
AABXAGkAbgBnAGQAaQBuAGcAcwAAADcGkAEAAAIABQAAAAAAAAADAAAAAAAAAAAAAAAA
AAAAAQAAAAAAAABDAG8AdQByAGkAZQByAAAAQwaQAQAAPAbsvf+//wAAAAMAAAAAAAAA
AAAAAAAAAAABAAAAAAAAAEwAdQBjAGkAZABhACAARwByAGEAbgBkAGUAAAAgAAQAcYiI
GADw0AIAAGgBAAAAABhM+EatU/hmAAAAAJsAsQAAAPsfAABMtgAAGwBdAAAABAADEIQB
AAAAAAAAAAAAABsAAQAAAAEAAAAAAAAA6QMA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApQbAB7QAtACAABI0AAAQ
ABkAZAAAABkAAADf3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAuBAAAAAAIQQBAAPAQAAgA/P0B
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkgAAAAAAADx/w8AAAE/AAAAAAAAwwMAAP//
/3////9/AAAAAP///3////9/////fxBdVQAABAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAP//EgAAAAAAAAAAAAAAAAAAAAwAUwB0AGUAcABoAGUAbgAgAEsAZQBuAHQADABT
AHQAZQBwAGgAZQBuACAASwBlAG4AdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA/v8AAAMKAQAAAAAAAAAAAAAAAAAAAAAAAQAAAOCFn/L5T2gQ
q5EIACsns9kwAAAA5CIAABEAAAABAAAAkAAAAAIAAACYAAAAAwAAAKQAAAAEAAAAsAAA
AAUAAADIAAAABwAAANQAAAAIAAAA6AAAAAkAAAAAAQAAEgAAAAwBAAAKAAAAMAEAAAwA
AAA8AQAADQAAAEgBAAAOAAAAVAEAAA8AAABcAQAAEAAAAGQBAAATAAAAbAEAABEAAAB0
AQAAAgAAABAnAAAeAAAABAAAAAAAAAAeAAAABAAAAAAAAAAeAAAAEAAAAFN0ZXBoZW4g
S2VudAAAAAAeAAAABAAAAAAAAAAeAAAADAAAAE5vcm1hbC5kb3RtAB4AAAAQAAAAU3Rl
cGhlbiBLZW50AAAAAB4AAAAEAAAAMTU1AB4AAAAcAAAATWljcm9zb2Z0IE1hY2ludG9z
aCBXb3JkAAAAAEAAAAAAZgO6GAAAAEAAAAAAcLxF0lbMAUAAAAAAHqKbjVfMAQMAAAAb
AAAAAwAAAPsfAAADAAAATLYAAAMAAAAAAAAARwAAAGghAAD+////UElDVCFeAAAAAACA
AGIAEQL/DAD//gAAAEgAAABIAAAAAAAAAIAAYgAAAAAAHgABAAqAAYABf/9//wCa/wAA
AIDEAAAAAACAAGIAAAADAAAAAABIAAAASAAAABAAEAADAAUAAAAQCpg9+AAAAAAAAAAA
AIAAYgAAAAAAgABiAAALAAQhohjGAQQhf/8LABjGon//ARjGf/8LABjGon//ARjGf/8L
ABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjG
on//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/9GABjG+n//
AHe9/nOcBHvee953vXved73+e94Cf/973ne9/nve1n//Cnvee95//3e9e953vXvee953
vXvee97xf/8BGMZ//00AGMb6f/8Hc5xnOWMYYxh3vXOcYxhjGP5rWgdjGGtac5xjGG97
Zzla1nOc13//B3Ocb3t//3OcZzljGGMYZzn+a1oAd73yf/8BGMZ//1YAGMb6f/8Oe95v
e297c5xve3Occ5xrWnvec5xve3Ocb3trWnve3X///m97DXe9b3tve3veb3tve2tac5xv
e3Ocb3tznHvef//+c5wAe97xf/8BGMZ//1sAGMb6f/8Oe95ve3Ocb3tve3Ocb3tznHe9
c5xve3Oca1p3vXve3n//Cne9c5xve297a1prWm97f/93vWtac5z+b3sHd71ve297f/93
vXOcb3t3vfF//wEYxn//YQAYxvp//xN73mtaa1pznGtab3tnOWtab3t3vWtac5xrWne9
b3tznHved71ve2ta/m97Bmtaa1p3vXOcb3tve2ta4H//CW97c5x//297Yxhve2tac5x3
vXe98n//ARjGf/9ZABjG+n//AHve/HOcA297c5x3vXve/XOcEG97d7173nvec5xznHe9
b3tznG97c5x3vXOcc5xve297e97hf/8Fd71znH//d71znG97/nOcAHe98n//ARjGf/9e
ABjG+n//Am97a1prWv5vexRrWnOce95znGc5a1prWmc5YxhrWmtae953vWc5c5x//3e9
ZzlrWne9d73if/8Jb3trWnOcb3tnOW97a1p3vWtad739a1rxf/8BGMZ//18AGMb6f/8J
e95znGtac5xznHe9c5x3vXvee97+d70Ic5xve3Occ5x//3e9d71znH///Xe9AHve4n//
CHvec5x3vXOcd71znHe9e953vf5znAJ3vXe9e97yf/8BGMZ//yEAGMa6f/8IZzlnOX//
ZzlWtWMYZzljGHOc8n//ARjGf/8LABjGon//ARjGf/8pABjGv3//BmtaYxhnOV73Yxhz
nGta/l73A2MYVrVa1nOc8n//ARjGf/8lABjGvn//AHe9/n//B3ved71znH//e953vXOc
d73xf/8BGMZ//ykAGMa/f/8Md71nOWMYXvdznHe9a1prWn//c5xrWmc5b3vxf/8BGMZ/
/wsAGMaif/8BGMZ//wsAGMaif/8BGMZ//wsAGMaif/8BGMZ//wsAGMaif/8BGMZ//5sA
GMb6f/8Md71jGGtac5xznGMYb3tve2taZzl//3Oca1r+b3sFa1pve297d713vWta/m97
IWc5a1pve297c5xve2c5ZzlrWmtac5x3vXOcb3tve3vec5xve297a1prWnOcb3trWm97
a1pnOW97c5x73m97b3trWm97/mtaCnOcd71ve2tac5x3vWtae953vWc5e97yf/8BGMZ/
/4EAGMb5f/8Kc5xznHvee953vXOcd71znHOce9573v5znABve/5znAt73nvec5xznHe9
e95znHOca1pznHOcd738c5wOe953vXe9c5x//3vec5xve2tad71znG97a1p3vWc5/nOc
BHvee95znHOcd733c5wCe9573nOc8X//ARjGf/9DABjG5X//FW97Zzlve2c5d71ve2ta
c5xve2tab3tnOXOca1pve2tac5xznH//b3trWm97+2taAW97d73cf/8BGMZ//zoAGMbl
f//+d70Dc5x3vXOcc5z4d70Nc5x73n//e953vXe9c5xznG97d71znHvec5x73tx//wEY
xn//TwAYxuZ//x9ve1a1Zzla1mMYc5xve2MYXvdjGG97Zzle91rWYxhrWmc5Yxhe92MY
Xvda1mc5a1pnOWMYXvda1mtaa1pnOW973X//ARjGf/8XABjG2H//AHe99X//AHve2X//
ARjGf/8LABjGon//ARjGf/8dABjG+n//A3vec5x73ne9/nveAHe9sX//ARjGf/8hABjG
+n//CHOcXvdjGGc5a1pve2MYa1p3vbJ//wEYxn//CwAYxqJ//wEYxn//CwAYxqJ//wEY
xn//kQAYxvd//wN3vXOcc5xrWv1znA5ve3vee95znHe9b3t3vXOcd7173ne9c5xznG97
d73+c5wRd7173nvec5xznHe9b3t//3vec5x3vXOce953vXe9b3t73nve/m97FXvec5xz
nHved71znHe9e9573nOcc5x73ne9c5xznG97d71znHOce95ve3ve8X//ARjGf/+VABjG
93//F3e9b3tve3Ocb3trWm97a1pve3ved71znG97b3tznG97a1pznG97a1pznG97c5xr
Wv5vewJ3vXOca1r+b3sje95znGtaa1p3vXOcZzlrWnOcd71znGc5YxhrWnOcZzlve3e9
d71znG97d713vWtaa1p3vW97ZzlrWnOcZzlrWmtab3tnOXe98X//ARjGf/+TABjG93//
PXOca1prWnved71nOWtab3tve3Ocb3tve3e9c5xve2tad71znGtab3tnOXOca1pve2ta
f/9znGtaa1pnOWtaZzlznHe9d71rWne9c5xve2tad71znGtac5xrWne9f/9//297Xvdr
WnOcb3t3vW97a1prWmc5f/9znGc5d73+a1oBZzl3ve9//wEYxn//jwAYxvd//wR73ne9
c5x//3ve/ne9AXOcd73+c5w0e95znHOce95znHOcd713vXOcd713vXOce95ve3Occ5x3
vXOcd71znHvee953vXvee953vXOce9573nOcc5x3vXe9f/9//3ved71znHe9d7173ne9
c5xznHe9e953vXOcd713vXOcc5xrWu5//wEYxn//fwAYxvd//wxve2taZzlnOXOcd71n
OWc5YxhznG97YxhnOf5rWihve3Oca1prWnvec5xnOWtaa1pjGGMYa1pznG97YxhrWnOc
a1pznHOca1pve2c5YxhznGtaZzlve2c5YxhnOXOcd71ve2MYa1pnOWtaa1pjGHe95X//
ARjGf/9xABjG+3//AHve/n//AHve/ne9B3vee953vXe9c5x73nvec5z8d70Ee953vXe9
f/973v13vQBrWv13vRFznHe9c5x3vXvec5xznG97d713vXOcc5x3vWtad71znHe9e978
d70Cc5xznHve5X//ARjGf/+TABjG+3//AGta/n//A297Xvde92MY/l73OGtaYxhjGFrW
a1pnOV73a1p//3OcZzlznGtaWtZe92MYc5xve2MYWtZe9173b3tve2MYXvdve2taXvdj
GGc5XvdnOWc5Yxhve2c5WtZe92c5Yxhe91a1c5xve1rWYxhznH+cf3t/OW85VrVa1mMY
XvdjGOx//wEYxn//UwAYxvt//wB3vfd//wF73nve93//Bnvef/9//3vef/9//3ve/n//
AHve9n///nve/X//AHve/H//BXvef71/nH+cf9573v5//wB73ux//wEYxn//lQAYxvd/
/z9znGMYa1pjGF73XvdnOVrWZzljGG97b3tnOW97b3ta1mc5Zzle92MYa1p//297WtZe
92taa1pa1la1YxhnOV73c5xve2MYZzle9173ZzljGFrWZzla1l73YxhnOXe9b3tjGGta
WtZe92taZzlnOVa1XvdznG97Zzle9173d71ve/5e9wBznPB//wEYxn//XwAYxvd//wB7
3vx//wB73vl//wl73n//f/973nOcf/9//3ved7173v5//w573n//f/973n//e9573ne9
d7173n//f/973n//e977f/8Ee9573n//f/973uJ//wEYxn//iQAYxvd//zxve1rWXvde
93Ocb3ta1lrWXvdjGF73Yxhe92MYXvdnOXvef/9znGMYXvdznH//b3te91rWZzlnOWMY
a1pve173Xvdve297Xvde92c5WtZe9173ZzlrWmMYXvdnOWtaXvdznG97Zzle93e9b3te
92MYXvdrWmc5XvdrWul//wEYxn//fQAYxvd//wx3vXOcd71znHe9d71znHOcd713vXve
f/9znP5vexpznH//e95znGtac5x3vW97f/93vXOcd71znHved713vXvee953vXOcd71v
e3e9d71znH//e978d70Hc5x3vXOcd71znHved71znP53vQB73uh//wEYxn//gwAYxvd/
/yFznG97c5xve297a1pve297a1p3vX//d71ve2taYxhnOXOce95znGtac5xznGtad717
3nOca1pve2c5d713vW97d713vf5rWhJznGc5ZzlrWnvec5xrWmtac5xznG97XvdrWnOc
b3trWne9d71znP5nOQB3veh//wEYxn//JQAYxvd//wp3vW97c5xrWne9c5xznHe9b3tv
e3vet3//ARjGf/8nABjG93//C3e9ZzlrWnOca1prWm97b3trWmc5c5x73rh//wEYxn//
CwAYxqJ//wEYxn//CwAYxqJ//wEYxn//jQAYxvd//zBznF73c5xrWnOcc5xe92c5a1pj
GF73ZzlnOXveb3trWmc5c5xve2taYxhznG97YxhnOW97d71znGc5ZzlrWm97c5x73nve
b3trWmc5c5xve2tab3tve2MYe95znFrWZzlnOf5rWgdjGGc5d71ve2taZzl3vW97/mta
AWc5Yxjtf/8BGMZ//30AGMb2f//+d70Ef/973ne9e9573v53vf573gd3vXe9f/9//3ve
e95//3ve/ne9BXvec5x3vXe9e953vf1//wV3vXe9e9573ne9d739e94Sd713vXecd713
vXecd713vX/ef953vXe9e71//3e9d7173ne9e97tf/8BGMZ//5MAGMb3f/8pc5xe92c5
YxhnOWMYZzlnOXOcb3tnOWMYd71znFrWZzlrWl73XvdjGHOcb3tjGF73YxhrWmMYXvd3
vW97a1pjGF73a1prWmMYb3tve173a1pe92ta/mMYFWtab3t//2r3Zvdm917WYtZetWLW
XtZm92b3bxhve2MYYxhrWmtaYxhe93Oc73//ARjGf/9jABjG83//Ane9f/93vfZ//wh7
3ne9f/9//3ved71//3//e975f//+d73+f/8We9573n//f/973nvef/9/nH+9e717nHu9
d5x/3necf95/vX+ce9573n//f/973ux//wEYxn//jwAYxvd//z9ve1rWXvdjGF73Xvdr
Wm97XvdjGFrWVrVe92c5XvdjGF73c5xve2c5XvdznG97Yxhe91rWYxhnOWMYVrVa1l73
YxhnOXOcb3tnOV73d71ve173WtZa1mMYXvde92MYa1pjGGtab3tnOVrWc5xve1a1Xvde
92MYZzlnOV73Xvdve+x//wEYxn//XQAYxvZ//wB73vl//wF3vXOc/X//AHve+X//AXve
e977f/8Pe9573n//f/973n//f/973nOcd71znHvef/973n//e976f/8Ae97+f/8Dd717
3n//e97sf/8BGMZ//5MAGMb3f/9Bc5xnOWMYYxhe9173ZzlrWnvef/93vWc5ZzljGG97
b3te92MYYxha1la1XvdjGG97f/9ve2MYa1pe9173a1prWmMYZzlnOXOcb3tnOV73c5xv
e2c5Xvde93e9b3ta1l73YxhnOVrWc5xve1rWXvdrWlrWc5xrWl73b3tve3vea1pa1nOc
7n//ARjGf/+JABjG93//Anved713vf1znAx73nOcb3tve2tad7173m97d71znHvec5x7
3v53vQlznHOce953vXOcc5x73nvec5x3vf5znAxve3e9e953vXOcc5xve3e9c5xznG97
f/973v5znAd3vXOce9573nOcd71znHve/nOcA297d713vXOc73//ARjGf/+VABjG93//
AHe9/mtaP3Occ5xnOXvec5xrWmc5a1p73ne9ZzlrWm97b3tnOXe9d71rWmtaZzlnOXe9
d71znGtaf/9znGMYa1prWnOcb3tznG97e95rWmtac5xve297a1pve2tae953vW97b3tz
nGtaa1p3vXOca1prWne9d71ve297a1pznGc5a1pve3Oc8H//ARjGf/+TABjG93//CHOc
Zzl3vXOce9573mtac5xznP1veyl73ne9c5xrWm97c5xve2tac5x73nOcb3tznHvee95z
nG97c5xve3//e95ve3e9c5xznG97b3t73nOcb3tznHved71rWmc5Zzlve3e9e95znG97
b3v9c5wKd7173ne9b3tznHOce9573m97c5xznPJ//wEYxn//lwAYxvd//y173nOcc5xv
e3e9d71rWm97c5xrWmtab3tznHved71znG97d71ve297c5xve3e9e95znGtad7173m97
Zzlve297e953vW97f/93vW97c5xznHe9e95znGtad713vf5znAB///53vRBrWm97c5xv
e3e9c5xrWn//c5xrWnOcb3t3vXe9b3tve3e98n//ARjGf/+DABjG93//GW97a1pve2ta
d71znG97d71znGtab3trWne9e95znHe9d71ve3OcYxhrWnvec5xznHe9c5z+b3sLc5x3
vXe9e95rWm97c5xrWnOcc5x3vXe9/m97A2taa1pznHve/m97CXved71ve297d71nOW97
b3trWne96X//ARjGf/+BABjG93//AHe9/nOcGHe9c5xve3Ocd71ve3e9c5x3vXvec5x7
3nvec5x3vW97c5x//3vec5x73ne9d71znHOc/ne9AXveb3v9c5wWa1p//3e9b3trWne9
c5xznHe9e95nOXOcc5x73ne9a1pve3Ocb3tve3Occ5x3vel//wEYxn//CwAYxqJ//wEY
xn//CwAYxqJ//wEYxn//NwAYxvp//xNve1rWZzla1mtaXvdve297WtZznG97YxhnOWMY
b3trWla1WtZa1nOcvX//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/9rABjG93//
BHe9c5x//3vef//+e979f/8Ie95//3vee95//3ved71//3ve/X//A3e9f/973nve/n//
B3vee95//3//e9573ne9d739f/8De9573n//e977f//+e94Cf/9//3ve6H//ARjGf/+J
ABjG93//Gne9ZzlrWmMYc5x3vWc5YxhjGF73Zzle92MYb3trWmMYa1pe92tad71znGc5
c5xve2MYXvda1v5nOR9jGF73b3tznGtac5xve2taZzlve3veb3tnOWMYYxhrWl73Yxhe
9173YxhjGHOcb3tjGGtaa1pznG97a1pe93Oc6n//ARjGf/9HABjG93//AHe9/XOcEHe9
c5x3vXOcc5x73nveb3t3vXOca1prWne9e95rWne9e979c5wFa1pve3e9e95rWne9zH//
ARjGf/9LABjG93//BG97a1pznG97c5z9b3sWa1p3vXe9b3t73ne9a1pve3//f/9znHe9
c5xrWm97d713vWtab3t73nved71znMx//wEYxn//CwAYxqJ//wEYxn//CwAYxqJ//wEY
xn//kwAYxvd//0F3vW97a1pve2tab3trWmc5d71rWmtab3trWmtac5x3vXe9b3tve3Oc
c5xrWm97a1pve3Ocb3t3vXe9Zzlve297a1pnOWtaa1pznHe9d71rWne9c5xve2tad71z
nHOca1pve2tab3trWmc5f/9ve2tab3trWnOca1pnOWtab3tznG97d73uf/8BGMZ//4sA
GMb3f/8ge95znHe9c5xznHe9c5x3vXved71znHe9c5x3vXOce9573nOcd7173nvec5xz
nHe9c5xznG97c5x73m97c5xznG97/XOcCXvee95znH//e953vXOce953vXe9/nOcCHe9
c5x3vXved71znG97a1p3vf5znAN3vXe9b3t3ve5//wEYxn//jQAYxvd//z5ve173Xvda
1nOca1pjGGMYZzljGG97c5xve173WtZa1mtac5x//3//a1pa1l73ZzlznG97YxhjGFrW
d71ve173Zzle92MYe95ve173a1pjGF73XvdznGtaXvdjGHe9b3te92taYxhznG97WtZn
OV73a1prWmMYYxhe92c5c5zrf/8BGMZ//00AGMb0f/8Ae978f/8De95//3//e97+f/8A
e97wf/8Le95//3//d71//3//c5x//3//e9573ne9/n//AXvee97+f/8Ae97jf/8BGMZ/
/5UAGMb3f/8Cb3te9173/WMYPW97b3tWtV73Yxha1la1Xvde92c5c5xve1rWb3tve2c5
XvdjGF73Zzle91rWb3tjGFrWZzla1mMYZzlrWn//f/9rWl73WtZznG97a1pnOV73d71v
e1rWd71ve2MYXvdnOWMYXvde93e9a1pnOV73Yxhe92c5WtZe9297e97xf/8BGMZ//1MA
GMb3f/8He9573n//e953vX//f/973vx//wB73vx///573vt//wB73vt//wF73nve/X//
B3vee95//3vee95//3//e976f/8Ae97lf/8BGMZ//38AGMb3f/8sc5xjGGc5XvdnOWc5
b3t3vWMYb3tve173d71ve2MYZzle92c5b3tznGtaWtZe92c5XvdnOWc5XvdjGF73Xvdz
nHOcYxhe92c5c5xve173Zzle92taWtZnOV73/mc5CGtaYxhe92c5Yxhe92MYb3t73uV/
/wEYxn//CwAYxqJ//wEYxn//CwAYxqJ//wEYxn//lwAYxvd//y973nOcc5x3vXe9c5x3
vXOce953vXOcd71znG97d7173nved713vXvee95ve3e9c5xve3//e95znHe9d71znHe9
d71znHe9e9573ne9c5x3vXved713vXOcd7173nvef//+d70Lc5x3vXe9c5x73nvec5x3
vXvec5x73nve/ne9A3Occ5x3vXve8n//ARjGf/+ZABjG93//P3e9b3tve2taZzlznGc5
a1pznG97a1pznGc5c5xve3e9c5xnOW97c5xznGc5c5xnOXOce95znGc5a1pve2MYYxhr
Wmtab3t3vXe9a1pnOW97b3tznHOcb3tnOX//c5xznG97ZzlnOWtaa1pnOWMYd71znGta
f/9znGtab3t3vW97/mtaAm97Zzl3vfJ//wEYxn//kQAYxvd//w93vWtab3tve3Oca1pr
Wne9c5xrWnOce95ve297ZzlrWv5vew9//3e9b3trWm97c5xve2tab3tve3//d71ve3ve
d71nOf5vexFznGc5b3trWnOcc5xve3e9d71rWm97a1prWnved71nOW97c5z9a1oIc5x7
3ne9a1p//3e9b3tve3e98X//ARjGf/+LABjG93//Dne9b3tznHe9d71ve2tae953vXOc
e9573mc5b3tve/5znBBve3//d713vWtac5xznG97c5xznG97f/93vW97f/973m97/XOc
B3e9c5xznHe9d71rWn//d739c5wGf/93vW97c5xznG97b3v+c5wGe953vXOce953vXOc
a1rwf/8BGMZ//4MAGMb3f/8Pc5x3vW97YxhznH//f/93vWtae9573m97d7173m97b3v+
a1okb3trWmtac5xve2c5b3t3vXOcc5x3vXe9a1prWne9c5xve2tab3trWm97a1pnOXe9
a1prWm97ZzlrWnOcd713vWtad713vWtaZzn7a1oAd73rf/8BGMZ//4kAGMb3f/8We953
vXOcc5x3vXvef/973ne9e9573nOce9573nOcc5xnOWtac5x3vWtac5x3vf5znAh73nve
c5x73nvec5x3vXvee97+d70Yc5x3vXOcd7173ne9c5x3vXOcd71znHvee95znHved713
vXOcd71znHe9d71znHe9e97rf/8BGMZ//4UAGMb3f/86a1pa1lrWYxhe92taYxhjGHOc
b3te93e9b3tnOW97b3tjGGc5Yxhve297Yxhe91rWa1pve173Yxhe9173d71ve2MYXvde
93Ocb3te93Oce95nOV73XvdjGHOcb3trWnOca1pe92c5Yxha1mMYXvde9297e9573ud/
/wEYxn//FwAYxsd//wB3vf5//wB73uF//wEYxn//CwAYxqJ//wEYxn//QgAYxvd//wF7
3ne99X//AHve/n//AHve/n//AXvee972f/8Ae979f/8Ae97+f/8De9573n//f//9e97g
f/8BGMZ//3UAGMb3f/8Fc5xe92taYxhve3e9/mMYEl73Zzle9173b3tnOV73Zzla1mc5
d71ve173b3trWne9a1pe91rW/mMYFXOcb3te93Ocb3ta1l73XvdWtVa1WtZe93e9c5xn
OWtaf/9znGMYYxhznHOc4X//ARjGf/8RABjG3H//AHveyH//ARjGf/8LABjGon//ARjG
f/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/97
ABjG+n//D3Ocb3tjGGtaa1pznGc5c5x3vX//c5xnOXved71rWnve+X//GG97a1pnOWta
c5xrWmtac5xznGMYa1prWmMYYxhnOWtae953vWc5c5x//3e9ZzlnOW978n//CHOcb3tn
OWtaZzl3vXOce9573vJ//wEYxn//dgAYxvp//w973nOcc5x3vXe9e953vXOcc5x//3ve
d7173nvec5x3vfl//wh3vXe9a1pznHOcd713vXvee97+d70Jc5xznHe9c5x//3ved71z
nH//e97+d73yf/8Id713vXvec5xve3vee953vXve8n//ARjGf/8LABjGon//ARjGf/8L
ABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjG
on//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//
ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjG
f/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8LABjGon//ARjGf/8L
AAAAoghCAQAAf/8Dn3//AP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
/v8AAAMKAQAAAAAAAAAAAAAAAAAAAAAAAQAAAALVzdWcLhsQk5cIACss+a4wAAAA+AAA
AAwAAAABAAAAaAAAAA8AAABwAAAABQAAAIwAAAAGAAAAlAAAABEAAACcAAAAFwAAAKQA
AAALAAAArAAAABAAAAC0AAAAEwAAALwAAAAWAAAAxAAAAA0AAADMAAAADAAAANkAAAAC
AAAAECcAAB4AAAAUAAAAQkJOIFRlY2hub2xvZ2llcwAAAAADAAAAhAEAAAMAAABdAAAA
AwAAAN/fAAADAAAAAAAMAAsAAAAAAAAACwAAAAAAAAALAAAAAAAAAAsAAAAAAAAAHhAA
AAEAAAABAAAAAAwQAAACAAAAHgAAAAYAAABUaXRsZQADAAAAAQAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFAAAABgAAAAcAAAAIAAAACQAA
AAoAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMAAAAUAAAAFQAAABYA
AAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAAACIAAAAj
AAAAJAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAA
MAAAADEAAAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAA
AD0AAAA+AAAAPwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkA
AABKAAAASwAAAEwAAABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABW
AAAAVwAAAFgAAABZAAAAWgAAAFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAA
YwAAAGQAAABlAAAAZgAAAGcAAABoAAAAaQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAA
AHAAAABxAAAAcgAAAHMAAAB0AAAAdQAAAHYAAAB3AAAAeAAAAHkAAAB6AAAAewAAAHwA
AAB9AAAAfgAAAH8AAACAAAAAgQAAAIIAAACDAAAAhAAAAIUAAACGAAAAhwAAAIgAAACJ
AAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAAkAAAAJEAAACSAAAAkwAAAJQAAACVAAAA
lgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0AAACeAAAAnwAAAKAAAAChAAAAogAA
AKMAAACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAAqwAAAKwAAACtAAAArgAAAK8A
AACwAAAAsQAAALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgAAAC5AAAAugAAALsAAAC8
AAAAvQAAAL4AAAC/AAAAwAAAAMEAAADCAAAAwwAAAMQAAADFAAAAxgAAAMcAAADIAAAA
yQAAAMoAAADLAAAAzAAAAM0AAADOAAAAzwAAANAAAADRAAAA0gAAANMAAADUAAAA1QAA
ANYAAADXAAAA2AAAANkAAADaAAAA2wAAANwAAADdAAAA3gAAAN8AAADgAAAA4QAAAOIA
AADjAAAA5AAAAOUAAADmAAAA5wAAAOgAAADpAAAA6gAAAOsAAADsAAAA7QAAAO4AAADv
AAAA8AAAAPEAAADyAAAA8wAAAPQAAAD1AAAA9gAAAPcAAAD4AAAA+QAAAPoAAAD7AAAA
/AAAAP0AAAD+AAAA/wAAAAABAAABAQAAAgEAAAMBAAAEAQAABQEAAAYBAAAHAQAACAEA
AAkBAAAKAQAACwEAAAwBAAANAQAADgEAAA8BAAAQAQAAEQEAABIBAAATAQAAFAEAABUB
AAAWAQAAFwEAABgBAAAZAQAAGgEAABsBAAAcAQAAHQEAAB4BAAAfAQAAIAEAACEBAAAi
AQAAIwEAACQBAAAlAQAAJgEAACcBAAAoAQAAKQEAACoBAAArAQAALAEAAC0BAAAuAQAA
LwEAADABAAAxAQAAMgEAADMBAAA0AQAANQEAADYBAAA3AQAAOAEAADkBAAA6AQAAOwEA
ADwBAAA9AQAAPgEAAD8BAABAAQAAQQEAAEIBAABDAQAARAEAAEUBAABGAQAARwEAAEgB
AABJAQAASgEAAEsBAABMAQAATQEAAE4BAABPAQAAUAEAAFEBAABSAQAAUwEAAFQBAABV
AQAAVgEAAFcBAABYAQAAWQEAAFoBAABbAQAAXAEAAF0BAABeAQAAXwEAAGABAABhAQAA
YgEAAP7///9kAQAAZQEAAGYBAABnAQAAaAEAAGkBAABqAQAAawEAAGwBAABtAQAAbgEA
AG8BAABwAQAAcQEAAHIBAABzAQAAdAEAAHUBAAB2AQAAdwEAAHgBAAB5AQAAegEAAHsB
AAB8AQAAfQEAAH4BAAB/AQAAgAEAAIEBAACCAQAAgwEAAIQBAAD+////hgEAAIcBAACI
AQAAiQEAAIoBAACLAQAAjAEAAI0BAACOAQAAjwEAAJABAACRAQAAkgEAAJMBAACUAQAA
lQEAAJYBAAD+////mAEAAJkBAACaAQAAmwEAAJwBAACdAQAAngEAAP7////9/////f//
//3////9////pAEAAP7////+/////v//////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////UgBvAG8AdAAgAEUAbgB0AHIAeQAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYABQH//////////wMA
AAAGCQIAAAAAAMAAAAAAAABGAAAAAAAAAAAAAAAArfXbuI1XzAGmAQAAgAAAAAAAAAAx
AFQAYQBiAGwAZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAADgACAf////8FAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAGMBAACEQgAAAAAAAFcAbwByAGQARABvAGMAdQBtAGUAbgB0AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAIBAQAAAP//////
////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACTEAgAAAAAA
BQBTAHUAbQBtAGEAcgB5AEkAbgBmAG8AcgBtAGEAdABpAG8AbgAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAACgAAgECAAAABAAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAACFAQAAFCMAAAAAAAAFAEQAbwBjAHUAbQBlAG4AdABTAHUAbQBt
AGEAcgB5AEkAbgBmAG8AcgBtAGEAdABpAG8AbgAAAAAAAAAAAAAAOAACAf//////////
/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJcBAAAAEAAAAAAA
AAEAQwBvAG0AcABPAGIAagAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAASAAIA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////
//////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD+////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////
////////////////////////////////////////AQD+/wIAAQD/////BgkCAAAAAADA
AAAAAAAARiAAAABNaWNyb3NvZnQgV29yZCA5Ny0yMDA0IERvY3VtZW50AP7///9OQjZX
EAAAAFdvcmQuRG9jdW1lbnQuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
--============_-899120161==_============--

From sra@hactrn.net  Wed Aug 10 22:40:11 2011
Return-Path: <sra@hactrn.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAAC921F8ABB; Wed, 10 Aug 2011 22:40:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.952
X-Spam-Level: 
X-Spam-Status: No, score=-99.952 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FoJWsNKqa+8B; Wed, 10 Aug 2011 22:40:11 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) by ietfa.amsl.com (Postfix) with ESMTP id 4412721F877F; Wed, 10 Aug 2011 22:40:11 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-66-30-16-106.hsd1.ma.comcast.net [66.30.16.106]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (not verified)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 96E56BBDC; Thu, 11 Aug 2011 05:40:43 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [127.0.0.1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id E18E03DA59E; Thu, 11 Aug 2011 01:40:42 -0400 (EDT)
Date: Thu, 11 Aug 2011 01:40:42 -0400
From: Rob Austein <sra@hactrn.net>
To: iesg@ietf.org, secdir@ietf.org, draft-shiomoto-ccamp-switch-programming.all@tools.ietf.org
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20110811054042.E18E03DA59E@minas-ithil.hactrn.net>
Subject: [secdir] draft-shiomoto-ccamp-switch-programming-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 05:40:11 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft is a bit of Talmudic commentary on the RSVP-TE scripture.
The draft at hand defines no new protocol, nor does it define any new
operational procedure.  Rather, it attempts to summarize and clarify
guidance from the existing specifications on the subject of when it is
"safe" to assume that Label Switched Paths (LSPs) have been set up on
the data plane and may be used for sending traffic.

The kicker here is the definition of "safe".  As the subject is
traffic engineering, loss of money and data are of course issues, but
the more disturbing issue is that (according to the authors -- I have
no reason to disbelieve them but have not independently verified this)
there is a risk of bodily harm to "service personnel", because, for
some of the technologies that use this protocol, deciding to start
sending data equates to turning on lasers.

As this draft defines nothing new, it would be hard to claim that the
risk factor here is this draft's fault.  The Security Considerations
section does call out the human safety issue, albeit briefly.

The discussion of the ResvConf message in section 3.3 is a bit odd.
It seems to be saying that waiting for the ResvConf message would be
an excellent way of being sure it's "safe" to start transmitting, but
that implementations should nevertheless not use this mechanism,
because it would be wasteful (ie, this is traffic engineering) and
unreliable (because many GMPLS implementations don't bother with this
message).  Given the human safety concerns raised in this draft I was
a bit surprised by this approach, I would have expected instead a
discussion of the merits of requiring implementations to support this
behavior so that it could be made mandatory.   But I could easily be
missing something here, as I'm not an MPLS expert.

From forte@att.com  Tue Aug  9 09:32:52 2011
Return-Path: <forte@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F318821F8B54; Tue,  9 Aug 2011 09:32:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level: 
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xvxHn8M58AIl; Tue,  9 Aug 2011 09:32:51 -0700 (PDT)
Received: from mail120.messagelabs.com (mail120.messagelabs.com [216.82.250.83]) by ietfa.amsl.com (Postfix) with ESMTP id 3C55E21F8A96; Tue,  9 Aug 2011 09:32:51 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: forte@att.com
X-Msg-Ref: server-12.tower-120.messagelabs.com!1312907598!31982132!1
X-StarScan-Version: 6.2.17; banners=-,-,-
X-Originating-IP: [144.160.20.145]
Received: (qmail 31670 invoked from network); 9 Aug 2011 16:33:19 -0000
Received: from sbcsmtp6.sbc.com (HELO mlpd192.enaf.sfdc.sbc.com) (144.160.20.145) by server-12.tower-120.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9 Aug 2011 16:33:19 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id p79GXhd2020283; Tue, 9 Aug 2011 12:33:44 -0400
Received: from alpd052.aldc.att.com (alpd052.aldc.att.com [130.8.42.31]) by mlpd192.enaf.sfdc.sbc.com (8.14.4/8.14.4) with ESMTP id p79GXZik020129; Tue, 9 Aug 2011 12:33:36 -0400
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id p79GX8w3000573; Tue, 9 Aug 2011 12:33:09 -0400
Received: from [151.109.8.213] (dn151-109-8-213.dhcpn.ugn.att.com [151.109.8.213]) by alpd052.aldc.att.com (8.14.4/8.14.4) with ESMTP id p79GWxPE000316; Tue, 9 Aug 2011 12:33:00 -0400
User-Agent: Microsoft-MacOutlook/14.12.0.110505
Date: Tue, 09 Aug 2011 12:33:41 -0400
From: "Andrea G. Forte" <forte@att.com>
To: Carl Wallace <carl@redhoundsoftware.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Message-ID: <CA66D032.486B%forte@att.com>
Thread-Topic: secdir review of draft-forte-lost-extensions-06.txt
In-Reply-To: <CA619C69.83D2%carl@redhoundsoftware.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Mailman-Approved-At: Thu, 11 Aug 2011 08:02:35 -0700
Cc: draft-forte-lost-extensions.all@tools.ietf.org
Subject: Re: [secdir] secdir review of draft-forte-lost-extensions-06.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 16:32:52 -0000

Carl,

Thank you for your review. Please read comments inline.

-Andrea


On 8/5/11 4:28 PM, "Carl Wallace" <carl@redhoundsoftware.com> wrote:

>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the IESG.
>These comments were written primarily for the benefit of the security area
>directors.  Document editors and WG chairs should treat these comments
>just like any other last call comments.
>
>This draft defines extensions to the LoST protocol defined in RFC 5222.
>Where RFC 5222 focuses on emergency services.  This draft addresses usage
>of the protocol for non-emergency services.  The draft adds three new
>types of <findService> queries: N nearest, within distance X and servedBy.
> The security considerations section is very brief and primarily addresses
>potential problems with a LOST server that provides emergency and
>non-emergency service support being over loaded by non-emergency requests.
> A few additional concerns that may warrant mention in the document are
>below.
>
>Privacy is not mentioned in this draft at all.  RFC 5222 mentions using
>HTTP over TLS.  Queries for some types of non-emergency services may raise
>privacy concerns not associated with seeking emergency services.
>Similarly, the draft does not mention integrity.  The lack of privacy or
>integrity for responses residing in a cache may be worth mentioning as
>well.


[AGF]
As this draft was meant to add functionalities to the LoST protocol (hence
the 'extensions' in the name), I assumed that it was clear that everything
else mentioned in RFC5222 and not mentioned in our draft would still
stand. However, to make this more clear, I have added a paragraph in the
Security section to address your concerns.


> 
>
>The draft does not discuss error handling at all.  Some types of errors
>associated with the extensions do not seem to fit into the errors
>described in RFC 5222.  For example, could a server return an error when a
>requested area was too large for a query?  Is the server allowed to place
>its own limits less than a client requests?  These concerns may not arise
>in 
>the 5222 context, where non-overlapping service regions are a mitigation.


[AGF]
I am not convinced we need additional error messages.
Generally speaking, I do not think the draft should limit what the server
can do with its content. Given a large area, a server could decide to
return the highest rated POIs only, or perhaps a fixed subset, or all of
them. I do not think that we can classify such behaviors as LoST errors.
These seem to be policy issues rather than errors.


>
>Given the commercial focus of the draft, the potential for stale
>information to be returned by a server seems high and probably worth a
>mention.  For example, a pizza service may have closed.


[AGF]
This draft addresses extensions to the protocol used to convey information
about location-based services. The way this information is maintained is
out of scope. 
Similarly, for emergency services, if the boundaries of a PSAP change they
have to be updated in the DB used by the LoST server. The way these are
updated is not in the scope of RFC5222.


>
>Services are identified by URN.  RFC 5222 uses URNs defined in RFC 5031,
>which does not apply here.  Who manages the URNs for this draft?  It's
>worth noting the examples within this draft use different URNs to
>reference the important pizza service.


[AGF]
We have submitted a draft on this very issue in the past and encountered
some resistance. Other people in the IETF thought we should leave this
issue to experts in other non-IETF bodies. We are now trying to resume
such work.
(http://tools.ietf.org/html/draft-forte-ecrit-service-classification-03)


>
>A few nits, on page 11 correct "consinstent".  Also the next to last
>paragraph on page 11 is a little difficult to parse.


[AGF]
Thanks.


>
>



From stig@venaas.com  Tue Aug  9 14:32:16 2011
Return-Path: <stig@venaas.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B09821F8B11; Tue,  9 Aug 2011 14:32:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.583
X-Spam-Level: 
X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ud6EM-D6rDO; Tue,  9 Aug 2011 14:32:15 -0700 (PDT)
Received: from ufisa.uninett.no (ufisa.uninett.no [IPv6:2001:700:1:2:158:38:152:126]) by ietfa.amsl.com (Postfix) with ESMTP id BE75821F8B10; Tue,  9 Aug 2011 14:32:15 -0700 (PDT)
Received: from [10.33.12.82] (128-107-239-233.cisco.com [128.107.239.233]) by ufisa.uninett.no (Postfix) with ESMTPSA id C3D408045; Tue,  9 Aug 2011 23:32:43 +0200 (CEST)
Message-ID: <4E41A777.4030401@venaas.com>
Date: Tue, 09 Aug 2011 14:32:39 -0700
From: Stig Venaas <stig@venaas.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Chris Lonvick <clonvick@cisco.com>
References: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com> <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com>
In-Reply-To: <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 11 Aug 2011 08:02:35 -0700
Cc: draft-ietf-pim-hello-intid.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 21:32:16 -0000

Thanks for the review, please see below.

On 8/8/2011 1:59 PM, Chris Lonvick wrote:
> Hi,
>
> Resending because I keep forgetting to remove the "-xx" from the
> document title to make the mailer happy.
>
> Thanks,
> Chris
>
> On Mon, 8 Aug 2011, Chris Lonvick wrote:
>
>> Hi,
>>
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the
>> IESG. These comments were written primarily for the benefit of the
>> security area directors. Document editors and WG chairs should treat
>> these comments just like any other last call comments.
>>
>> Overall I find the document to be of good quality and I agree that the
>> security considerations section is adequate.
>>
>> While PIM is certainly not my strong suit the document is
>> understandable except for the following paragraph from Section 2.1:
>>
>> The Local Interface Identifier MUST be non-zero. The reason for
>> this, is that some protocols may want to only optionally refer to an
>> Interface using the Interface Identifier Hello option, and use the
>> value of 0 to show that it is not referred to. Note that the value
>> of 0 is not a valid ifIndex as defined in [RFC1213].
>>
>> This seems to be saying that the Local Interface Identifier must not
>> be 0, except when some protocol wants to use the Interface Identifier
>> Hello to not refer to any actual interface. Which leaves me confused.

Perhaps there is a better way to explain it. To see what I'm talking
about, please have a look at section 3.6.2 of
http://tools.ietf.org/html/draft-hou-pim-ecmp-01

The message format includes both Neighbor address and Interface ID,
but use of the Interface ID is optional. If the Neighbor address is
sufficient for uniqueness, then Interface ID 0 is sent. Basically,
the idea is that instead of using some TLV format, it is easier to
always have an Interface ID field, and use the value 0 as saying
not in use, or unspecified.

I'm happy if you can think of a better way of phrasing it.

Stig


>> Regards,
>> Chris
>> _______________________________________________
>> secdir mailing list
>> secdir@ietf.org
>> https://www.ietf.org/mailman/listinfo/secdir
>> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>>


From clonvick@cisco.com  Mon Aug 15 12:28:12 2011
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8613511E80EB; Mon, 15 Aug 2011 12:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.632
X-Spam-Level: 
X-Spam-Status: No, score=-103.632 tagged_above=-999 required=5 tests=[AWL=-1.633, BAYES_00=-2.599, J_CHICKENPOX_42=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGnEvwDab+Kr; Mon, 15 Aug 2011 12:28:12 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id C7C1A11E80D7; Mon, 15 Aug 2011 12:28:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=2165; q=dns/txt; s=iport; t=1313436538; x=1314646138; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=WgLSJWfVa7Y6kPcAS4nAebQxF+Tu+hSKpIdrnO9PqNU=; b=Z/ClvEFjtkEwiklZhxcyXiXT9sW7//TfGkiNZm/OP+4UDMvUka4Nnfgu tION26c279rE7f93Nxn6uLepsqFNu6IZ4obk2GdvcAsk4c3DmaVFkf+1t SGAzcaEe/+T93diyTP2VZAajVnvQ862GLre6tw9jcmd0C6fGzaG/Ak8rt s=;
X-IronPort-AV: E=Sophos;i="4.67,375,1309737600"; d="scan'208";a="13310433"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by rcdn-iport-1.cisco.com with ESMTP; 15 Aug 2011 19:28:56 +0000
Received: from sjc-cde-021.cisco.com (sjc-cde-021.cisco.com [171.69.20.56]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id p7FJSuES028585; Mon, 15 Aug 2011 19:28:56 GMT
Date: Mon, 15 Aug 2011 12:28:56 -0700 (PDT)
From: Chris Lonvick <clonvick@cisco.com>
To: Stig Venaas <stig@venaas.com>
In-Reply-To: <4E41A777.4030401@venaas.com>
Message-ID: <Pine.GSO.4.63.1108151207440.2825@sjc-cde-021.cisco.com>
References: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com> <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com> <4E41A777.4030401@venaas.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: draft-ietf-pim-hello-intid.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 19:28:12 -0000

Hi Stig,

On Tue, 9 Aug 2011, Stig Venaas wrote:
<some elided>
>> > 
>> >  While PIM is certainly not my strong suit the document is
>> >  understandable except for the following paragraph from Section 2.1:
>> > 
>> >  The Local Interface Identifier MUST be non-zero. The reason for
>> >  this, is that some protocols may want to only optionally refer to an
>> >  Interface using the Interface Identifier Hello option, and use the
>> >  value of 0 to show that it is not referred to. Note that the value
>> >  of 0 is not a valid ifIndex as defined in [RFC1213].
>> > 
>> >  This seems to be saying that the Local Interface Identifier must not
>> >  be 0, except when some protocol wants to use the Interface Identifier
>> >  Hello to not refer to any actual interface. Which leaves me confused.
>
> Perhaps there is a better way to explain it. To see what I'm talking
> about, please have a look at section 3.6.2 of
> http://tools.ietf.org/html/draft-hou-pim-ecmp-01
>
> The message format includes both Neighbor address and Interface ID,
> but use of the Interface ID is optional. If the Neighbor address is
> sufficient for uniqueness, then Interface ID 0 is sent. Basically,
> the idea is that instead of using some TLV format, it is easier to
> always have an Interface ID field, and use the value 0 as saying
> not in use, or unspecified.
>
> I'm happy if you can think of a better way of phrasing it.

How about:

    The Local Interface Identifier is normally non-zero.  Since the value
    of 0 is not a valid ifIndex as defined in [RFC1213], it's use in
    this field has special meaning.  A Local Interface Identifier of 0 will
    indicate that the Router Identifier is sufficiently unique for
    identification for the protocol using it.  For example, this field is
    non-zero when used in IPv4 when one or more RPF neighbors in the ECMP
    bundle are unnumbered.  For other IPv4 usage, this field is zero'ed
    when sent, and ignored when received.  If the "Router ID" part of the
    "Interface ID" is zero, the field MUST be ignored, regardless of its
    value.

Does that work?

Thanks,
Chris

From clonvick@cisco.com  Tue Aug 16 05:58:12 2011
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86CF221F8A4E; Tue, 16 Aug 2011 05:58:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.224
X-Spam-Level: 
X-Spam-Status: No, score=-103.224 tagged_above=-999 required=5 tests=[AWL=-1.225, BAYES_00=-2.599, J_CHICKENPOX_42=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBm3Biefjsyo; Tue, 16 Aug 2011 05:58:11 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id AE02F21F89BE; Tue, 16 Aug 2011 05:58:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=clonvick@cisco.com; l=4264; q=dns/txt; s=iport; t=1313499540; x=1314709140; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=rP4BwXvdWR895ue73D56Bk38VgrXxdOxdVQMM+6Cx5o=; b=AS9TVE+rDTNh9vYtE8ouCt5WBZ7R8I/3zKJ7Kj99vrdmU0lqiQyANtX2 VkSv8iUIo98er0PYbUTBGn7AbD71DE2FoOooqyfoChcV27TrgpxyrYuOW LxOO2p6hWZZBPDjcEovZnv7FjlSL9j2YqOIDIWqD2jImp5fR+gDvDYCmo s=;
X-IronPort-AV: E=Sophos;i="4.67,380,1309737600"; d="scan'208";a="13539507"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by rcdn-iport-1.cisco.com with ESMTP; 16 Aug 2011 12:58:58 +0000
Received: from sjc-cde-021.cisco.com (sjc-cde-021.cisco.com [171.69.20.56]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p7GCwwpA018548; Tue, 16 Aug 2011 12:58:58 GMT
Date: Tue, 16 Aug 2011 05:58:57 -0700 (PDT)
From: Chris Lonvick <clonvick@cisco.com>
To: Stig Venaas <stig@venaas.com>
In-Reply-To: <4E497CA1.9030907@venaas.com>
Message-ID: <Pine.GSO.4.63.1108160543220.2825@sjc-cde-021.cisco.com>
References: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com> <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com> <4E41A777.4030401@venaas.com> <Pine.GSO.4.63.1108151207440.2825@sjc-cde-021.cisco.com> <4E497CA1.9030907@venaas.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: draft-ietf-pim-hello-intid.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2011 12:58:12 -0000

Hi Stig,

On Mon, 15 Aug 2011, Stig Venaas wrote:

> On 8/15/2011 12:28 PM, Chris Lonvick wrote:
>>  Hi Stig,
>>
>>  On Tue, 9 Aug 2011, Stig Venaas wrote:
>>  <some elided>
>> > > > >  While PIM is certainly not my strong suit the document is
>> > > >  understandable except for the following paragraph from Section 2.1:
>> > > > >  The Local Interface Identifier MUST be non-zero. The reason for
>> > > >  this, is that some protocols may want to only optionally refer to an
>> > > >  Interface using the Interface Identifier Hello option, and use the
>> > > >  value of 0 to show that it is not referred to. Note that the value
>> > > >  of 0 is not a valid ifIndex as defined in [RFC1213].
>> > > > >  This seems to be saying that the Local Interface Identifier must 
>> > > > >  not
>> > > >  be 0, except when some protocol wants to use the Interface 
>> > > >  Identifier
>> > > >  Hello to not refer to any actual interface. Which leaves me 
>> > > >  confused.
>> > 
>> >  Perhaps there is a better way to explain it. To see what I'm talking
>> >  about, please have a look at section 3.6.2 of
>> >  http://tools.ietf.org/html/draft-hou-pim-ecmp-01
>> > 
>> >  The message format includes both Neighbor address and Interface ID,
>> >  but use of the Interface ID is optional. If the Neighbor address is
>> >  sufficient for uniqueness, then Interface ID 0 is sent. Basically,
>> >  the idea is that instead of using some TLV format, it is easier to
>> >  always have an Interface ID field, and use the value 0 as saying
>> >  not in use, or unspecified.
>> > 
>> >  I'm happy if you can think of a better way of phrasing it.
>>
>>  How about:
>>
>>  The Local Interface Identifier is normally non-zero. Since the value
>>  of 0 is not a valid ifIndex as defined in [RFC1213], it's use in
>
> No. Maybe I should just remove the rationale and just write:
>
> The Local Interface Identifier MUST be non-zero. Note that the value
> of 0 is not a valid ifIndex as defined in [RFC1213].
>
> Basically, this document specifies what is sent in this Hello option,
> and the Local Interface Identifier MUST be non-zero. Always. The
> point is that other protocols may have messages containing a value referring 
> to a Local Interface Identifier, and in those messages,
> they may choose to use the invalid Local Interface Identifier value
> 0 to have a special meaning. But it might be better not explaining
> that here?

Ahhh... (Light bulb goes on, etc.)  I'll leave it up to you to include or 
exclude.  Like I said, I'm not well versed in multicast.  If you feel that 
someone who understands the basics will easily catch on to this, then 
leave it in.

>
> For e.g. the ECMP draft, the protocol always include a field that
> may contain an Interface ID. In cases where they don't want to
> reference an ID, they set this field to 0, which is known to be an
> invalid ID.
>
> Note that I don't want to talk about ECMP in this draft, if necessary
> I would like to just modify the current statement:
>
>    The reason for this, is that some protocols may want to only
>    optionally refer to an Interface using the Interface Identifier
>    Hello option, and use the value of 0 to show that it is not
>    referred to.
>
> into some other generic statement saying the same. Would this be
> better?:
>
>    The reason for this, is that some protocols may have messages
>    that optionally reference an Interface Identifier, and they
>    may use the value of 0 to show that no Interface Identifier is
>    being referenced.

I like that wording a bit more.

Thanks,
Chris

>
> Stig
>
>>  this field has special meaning. A Local Interface Identifier of 0 will
>>  indicate that the Router Identifier is sufficiently unique for
>>  identification for the protocol using it. For example, this field is
>>  non-zero when used in IPv4 when one or more RPF neighbors in the ECMP
>>  bundle are unnumbered. For other IPv4 usage, this field is zero'ed
>>  when sent, and ignored when received. If the "Router ID" part of the
>>  "Interface ID" is zero, the field MUST be ignored, regardless of its
>>  value.
>>
>>  Does that work?
>>
>>  Thanks,
>>  Chris
>
>
>

From stig@venaas.com  Mon Aug 15 13:07:22 2011
Return-Path: <stig@venaas.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F05B521F8C1B; Mon, 15 Aug 2011 13:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.3
X-Spam-Level: 
X-Spam-Status: No, score=-102.3 tagged_above=-999 required=5 tests=[AWL=-0.301, BAYES_00=-2.599, J_CHICKENPOX_42=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yRIv3BICpV2L; Mon, 15 Aug 2011 13:07:21 -0700 (PDT)
Received: from ufisa.uninett.no (ufisa.uninett.no [IPv6:2001:700:1:2:158:38:152:126]) by ietfa.amsl.com (Postfix) with ESMTP id 232AD21F8BDE; Mon, 15 Aug 2011 13:07:20 -0700 (PDT)
Received: from [10.33.12.82] (128-107-239-233.cisco.com [128.107.239.233]) by ufisa.uninett.no (Postfix) with ESMTPSA id 37266802A; Mon, 15 Aug 2011 22:08:05 +0200 (CEST)
Message-ID: <4E497CA1.9030907@venaas.com>
Date: Mon, 15 Aug 2011 13:08:01 -0700
From: Stig Venaas <stig@venaas.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Chris Lonvick <clonvick@cisco.com>
References: <Pine.GSO.4.63.1108081328200.22397@sjc-cde-021.cisco.com> <Pine.GSO.4.63.1108081358020.22397@sjc-cde-021.cisco.com> <4E41A777.4030401@venaas.com> <Pine.GSO.4.63.1108151207440.2825@sjc-cde-021.cisco.com>
In-Reply-To: <Pine.GSO.4.63.1108151207440.2825@sjc-cde-021.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 16 Aug 2011 12:42:44 -0700
Cc: draft-ietf-pim-hello-intid.all@tools.ietf.org, Michael McBride <mmcbride@cisco.com>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-pim-hello-intid-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2011 20:07:22 -0000

On 8/15/2011 12:28 PM, Chris Lonvick wrote:
> Hi Stig,
>
> On Tue, 9 Aug 2011, Stig Venaas wrote:
> <some elided>
>>> > > While PIM is certainly not my strong suit the document is
>>> > understandable except for the following paragraph from Section 2.1:
>>> > > The Local Interface Identifier MUST be non-zero. The reason for
>>> > this, is that some protocols may want to only optionally refer to an
>>> > Interface using the Interface Identifier Hello option, and use the
>>> > value of 0 to show that it is not referred to. Note that the value
>>> > of 0 is not a valid ifIndex as defined in [RFC1213].
>>> > > This seems to be saying that the Local Interface Identifier must not
>>> > be 0, except when some protocol wants to use the Interface Identifier
>>> > Hello to not refer to any actual interface. Which leaves me confused.
>>
>> Perhaps there is a better way to explain it. To see what I'm talking
>> about, please have a look at section 3.6.2 of
>> http://tools.ietf.org/html/draft-hou-pim-ecmp-01
>>
>> The message format includes both Neighbor address and Interface ID,
>> but use of the Interface ID is optional. If the Neighbor address is
>> sufficient for uniqueness, then Interface ID 0 is sent. Basically,
>> the idea is that instead of using some TLV format, it is easier to
>> always have an Interface ID field, and use the value 0 as saying
>> not in use, or unspecified.
>>
>> I'm happy if you can think of a better way of phrasing it.
>
> How about:
>
> The Local Interface Identifier is normally non-zero. Since the value
> of 0 is not a valid ifIndex as defined in [RFC1213], it's use in

No. Maybe I should just remove the rationale and just write:

The Local Interface Identifier MUST be non-zero. Note that the value
of 0 is not a valid ifIndex as defined in [RFC1213].

Basically, this document specifies what is sent in this Hello option,
and the Local Interface Identifier MUST be non-zero. Always. The
point is that other protocols may have messages containing a value 
referring to a Local Interface Identifier, and in those messages,
they may choose to use the invalid Local Interface Identifier value
0 to have a special meaning. But it might be better not explaining
that here?

For e.g. the ECMP draft, the protocol always include a field that
may contain an Interface ID. In cases where they don't want to
reference an ID, they set this field to 0, which is known to be an
invalid ID.

Note that I don't want to talk about ECMP in this draft, if necessary
I would like to just modify the current statement:

    The reason for this, is that some protocols may want to only
    optionally refer to an Interface using the Interface Identifier
    Hello option, and use the value of 0 to show that it is not
    referred to.

into some other generic statement saying the same. Would this be
better?:

    The reason for this, is that some protocols may have messages
    that optionally reference an Interface Identifier, and they
    may use the value of 0 to show that no Interface Identifier is
    being referenced.

Stig

> this field has special meaning. A Local Interface Identifier of 0 will
> indicate that the Router Identifier is sufficiently unique for
> identification for the protocol using it. For example, this field is
> non-zero when used in IPv4 when one or more RPF neighbors in the ECMP
> bundle are unnumbered. For other IPv4 usage, this field is zero'ed
> when sent, and ignored when received. If the "Router ID" part of the
> "Interface ID" is zero, the field MUST be ignored, regardless of its
> value.
>
> Does that work?
>
> Thanks,
> Chris


From hartmans@mit.edu  Thu Aug 18 13:22:54 2011
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B470621F8B73; Thu, 18 Aug 2011 13:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.874
X-Spam-Level: 
X-Spam-Status: No, score=-103.874 tagged_above=-999 required=5 tests=[AWL=-1.609, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHXPJmIb0TES; Thu, 18 Aug 2011 13:22:51 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id CFEF621F8B72; Thu, 18 Aug 2011 13:22:50 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id E43DD2016A; Thu, 18 Aug 2011 16:26:08 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id EA4C442B7; Thu, 18 Aug 2011 16:23:39 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Warren Kumari <warren@kumari.net>
References: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net>
Date: Thu, 18 Aug 2011 16:23:39 -0400
In-Reply-To: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net> (Warren Kumari's message of "Mon, 8 Aug 2011 20:07:02 -0700")
Message-ID: <tslhb5e31v8.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-yount-krb-cred-clear-text.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 20:22:54 -0000

Hi.
I have one question about the. changes in the last rev.
Why exactly do we need end-to-end security?
Why would some protocol that provided sufficient hop-by-hop security,
for example an AAA transport with confidentiality and
draft-ietf-abfab-aaa-saml transporting a krb-cred message?

From hartmans@mit.edu  Thu Aug 18 15:22:32 2011
Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BCBC11E80BD; Thu, 18 Aug 2011 15:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.836
X-Spam-Level: 
X-Spam-Status: No, score=-103.836 tagged_above=-999 required=5 tests=[AWL=-1.571, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xu1qE2v-1ygF; Thu, 18 Aug 2011 15:22:31 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by ietfa.amsl.com (Postfix) with ESMTP id 9C69611E80B9; Thu, 18 Aug 2011 15:22:31 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 680272016A; Thu, 18 Aug 2011 18:25:44 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 5686B42B7; Thu, 18 Aug 2011 18:23:15 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Russell J Yount <rjy@cmu.edu>
References: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net> <tslhb5e31v8.fsf@mit.edu> <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu>
Date: Thu, 18 Aug 2011 18:23:15 -0400
In-Reply-To: <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu> (Russell J. Yount's message of "Thu, 18 Aug 2011 21:24:14 +0000")
Message-ID: <tslk4aa1hrg.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "draft-yount-krb-cred-clear-text.all@tools.ietf.org" <draft-yount-krb-cred-clear-text.all@tools.ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 22:22:32 -0000

>>>>> "Russell" == Russell J Yount <rjy@cmu.edu> writes:

    Russell> Sam, I was thinking an intermediate node resending a number
    Russell> KRB-CRED messages could substitute previously received
    Russell> KRB-CRED messages.

    Russell> Eg.  Node receives Joe's credentials and forwards Joe's
    Russell> credential.  Node receives Jill's credentials and forwards
    Russell> Joe's credential.  Whatever action Jill credentials where
    Russell> be used to perform now would be performed as Joe.

Right such can happen.
Part of hop-by-hop security is trusting the hops.
There are situations where this is appropriate and situations where it
is entirely inappropriate.

From rjy@cmu.edu  Thu Aug 18 14:23:22 2011
Return-Path: <rjy@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05FD21F0C3C; Thu, 18 Aug 2011 14:23:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level: 
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FA4hrWjo5+V; Thu, 18 Aug 2011 14:23:21 -0700 (PDT)
Received: from relay-exchange.andrew.cmu.edu (RELAY-EXCH-01.ANDREW.CMU.EDU [128.2.105.45]) by ietfa.amsl.com (Postfix) with ESMTP id 71DA421F8880; Thu, 18 Aug 2011 14:23:21 -0700 (PDT)
Received: from PGH-MSGHT-01.andrew.ad.cmu.edu (PGH-MSGHT-01.ANDREW.AD.CMU.EDU [128.2.105.39]) by relay-exchange.andrew.cmu.edu (8.14.4/8.14.4) with ESMTP id p7ILOF1g019612 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 18 Aug 2011 17:24:15 -0400
Received: from PGH-MSGMB-03.andrew.ad.cmu.edu ([169.254.1.157]) by PGH-MSGHT-01.andrew.ad.cmu.edu ([128.2.105.39]) with mapi id 14.01.0270.001; Thu, 18 Aug 2011 17:24:14 -0400
From: Russell J Yount <rjy@cmu.edu>
To: Sam Hartman <hartmans-ietf@mit.edu>, Warren Kumari <warren@kumari.net>
Thread-Topic: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
Thread-Index: AQHMVkFveH+4P1fDk0yirhqEYHgVfJUjKAX6gAAEBcA=
Date: Thu, 18 Aug 2011 21:24:14 +0000
Message-ID: <26BE721B42199440805DB836552EA796053F1A@PGH-MSGMB-03.andrew.ad.cmu.edu>
References: <EBDDC31C-A2D0-4FF5-8EE8-D7061EA23805@kumari.net> <tslhb5e31v8.fsf@mit.edu>
In-Reply-To: <tslhb5e31v8.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [128.2.42.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version: 5.6.0.2009776, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.8.18.211516
X-SMTP-Spam-Clean: 8% ( MULTIPLE_RCPTS 0.1, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1000_1099 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_EDU_TLD 0, WEBMAIL_SOURCE 0, WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_XOIP 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MULTIPLE_RCPTS_CC_X2 0, __PHISH_SPEAR_STRUCTURE_1 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS )
X-SMTP-Spam-Score: 8%
X-Scanned-By: MIMEDefang 2.60 on 128.2.105.45
X-Mailman-Approved-At: Fri, 19 Aug 2011 03:19:27 -0700
Cc: "draft-yount-krb-cred-clear-text.all@tools.ietf.org" <draft-yount-krb-cred-clear-text.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2011 21:25:50 -0000

Sam,

I was thinking an intermediate node resending a number KRB-CRED messages co=
uld substitute previously received KRB-CRED messages.=20

Eg.=20
   Node receives Joe's credentials and forwards Joe's credential.
   Node receives Jill's credentials and forwards Joe's credential.
Whatever action Jill credentials where be used to perform now would be perf=
ormed as Joe.

Warren may have other thoughts on this.

-Russ


-----Original Message-----
From: Sam Hartman [mailto:hartmans-ietf@mit.edu]=20
Sent: Thursday, August 18, 2011 4:24 PM
To: Warren Kumari
Cc: secdir@ietf.org; iesg@ietf.org; draft-yount-krb-cred-clear-text.all@too=
ls.ietf.org
Subject: Re: [secdir] secdir review of draft-yount-krb-cred-clear-text-01.t=
xt


Hi.
I have one question about the. changes in the last rev.
Why exactly do we need end-to-end security?
Why would some protocol that provided sufficient hop-by-hop security,
for example an AAA transport with confidentiality and
draft-ietf-abfab-aaa-saml transporting a krb-cred message?

From new-work-bounces@ietf.org  Thu Aug 18 20:27:34 2011
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 116C511E8085; Thu, 18 Aug 2011 20:27:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1313724454; bh=ur5dItzEBr2JxqwYLy78kGYoT9U3meQ747s9NTE9Z8o=; h=From:Date:To:Message-Id:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=QdELN5TDKeCbAwXatLZ7kXlW9u/g7oyf5y6yYCKWJY2td7fhpSUI0sX2ImTGCEpD7 9VmsqYRebzI5xvJSzHTIDKCNlLv6H4103GOSLcmwlrGDM4zNSDqZ9CH7lKs12FbZ7i wLOgOWw6/IP96H51vMXwzjuM59pOBx9ZGwUBgUdk=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97A7E11E8085 for <new-work@ietfa.amsl.com>; Thu, 18 Aug 2011 20:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.362
X-Spam-Level: 
X-Spam-Status: No, score=-9.362 tagged_above=-999 required=5 tests=[AWL=-0.622, BAYES_20=-0.74, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGn+Yr6t65t4 for <new-work@ietfa.amsl.com>; Thu, 18 Aug 2011 20:27:32 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE9711E8082 for <new-work@ietf.org>; Thu, 18 Aug 2011 20:27:31 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by jay.w3.org with esmtp (Exim 4.69) (envelope-from <ij@w3.org>) id 1QuFkw-0007wG-0S; Thu, 18 Aug 2011 23:28:26 -0400
From: Ian Jacobs <ij@w3.org>
Date: Thu, 18 Aug 2011 22:28:25 -0500
To: new-work@ietf.org
Message-Id: <0AA01EC5-1D95-4DBB-BA81-8887F8E32277@w3.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Fri, 19 Aug 2011 03:19:27 -0700
Subject: [secdir] [new-work] Proposed W3C Charter: Browser Testing aAnd Tools Working	Group (until 2011-08-26)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 03:27:34 -0000

Hello,

On 22 July, W3C Advisory Committee Representatives received a Proposal for a new Web Testing Activity (see the W3C Process
Document description of Activity Proposals [1]). The Activity Proposal:
 http://www.w3.org/2011/05/activity-proposal.html

includes draft charters for two groups:

   Browser Testing and Tools Working Group   
   http://www.w3.org/2011/08/browser-testing-charter

   Web Testing Interest Group Charter    
   http://www.w3.org/2011/05/testing-ig-charter

As part of ensuring that the community is aware of proposed work at W3C, these draft charters are public during the Advisory Committee review period. 

W3C invites public comments through 2011-08-26 on the proposed charters. Please send comments to public-new-work@w3.org, which has a public archive: 
  http://lists.w3.org/Archives/Public/public-new-work/

Other than comments sent in formal responses by W3C Advisory Committee Representatives, W3C cannot guarantee a response to
comments. If you work for a W3C Member [2], please coordinate your comments with your Advisory Committee Representative. For
example, you may wish to make public comments via this list and have your Advisory Committee Representative refer to it from his
or her formal review comments.

If you should have any questions or need further information, please contact Mike Smith, Activity Lead <mike@w3.org>.

Thank you,

Ian Jacobs, Head of W3C Communications

[1]
http://www.w3.org/2005/10/Process-20051014/activities#ActivityCreation
[2] http://www.w3.org/Consortium/Member/List
--
Ian Jacobs (ij@w3.org)    http://www.w3.org/People/Jacobs/
Tel:                                      +1 718 260 9447

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work

From weiler+secdir@watson.org  Fri Aug 19 05:27:38 2011
Return-Path: <weiler+secdir@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F03321F85A3 for <secdir@ietfa.amsl.com>; Fri, 19 Aug 2011 05:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLBZTwBIxjBS for <secdir@ietfa.amsl.com>; Fri, 19 Aug 2011 05:27:37 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id 832BE21F85A1 for <secdir@ietf.org>; Fri, 19 Aug 2011 05:27:37 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id p7JCSXLb061883 for <secdir@ietf.org>; Fri, 19 Aug 2011 08:28:33 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id p7JCSWHk061876 for <secdir@ietf.org>; Fri, 19 Aug 2011 08:28:33 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Fri, 19 Aug 2011 08:28:32 -0400 (EDT)
From: Samuel Weiler <weiler+secdir@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: secdir@ietf.org
Message-ID: <alpine.BSF.2.00.1108190826580.38830@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Fri, 19 Aug 2011 08:28:33 -0400 (EDT)
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 12:27:38 -0000

Review instructions and related resources are at:
         http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

Ondrej Sury is next in the rotation.

For telechat 2011-08-25

Reviewer                 LC end     Draft
Barry Leiba            T 2011-08-12 draft-ietf-mpls-rsvp-te-no-php-oob-mapping-09
Russ Mundy             T 2011-08-15 draft-ietf-v6ops-3gpp-eps-03
Sandy Murphy           T 2011-08-25 draft-ietf-mpls-tp-on-demand-cv-06
Magnus Nystrom         T 2011-08-25 draft-ietf-yam-rfc4409bis-02
Ondrej Sury            T 2011-06-30 draft-ietf-sidr-rescerts-provisioning-10


For telechat 2011-09-08

Reviewer                 LC end     Draft
Jeffrey Hutzelman      T 2011-07-22 draft-ietf-p2psip-base-18
Radia Perlman          T 2011-08-26 draft-ietf-pwe3-mpls-tp-gal-in-pw-01
Tim Polk               T 2011-08-29 draft-ietf-pkix-rfc5272-bis-05
Yaron Sheffer          T -          draft-weil-shared-transition-space-request-03

Last calls and special requests:

Reviewer                 LC end     Draft
Scott Kelly              2011-08-22 draft-dijkstra-urn-ogf-06
Julien Laganier          2011-08-12 draft-ietf-lisp-lig-04
Matt Lepinski            2011-08-16 draft-ietf-ospf-auth-trailer-ospfv3-05
David McGrew             2011-08-24 draft-kivinen-ipsecme-secure-password-framework-01
Catherine Meadows       R2011-04-13 draft-ietf-speechsc-mrcpv2-25
Russ Mundy               2011-06-30 draft-ietf-karp-design-guide-03
Hilarie Orman            2011-08-29 draft-ietf-krb-wg-otp-preauth-18
Tim Polk                 2011-05-11 draft-ietf-vrrp-unified-mib-09
Eric Rescorla            2011-09-08 draft-jesske-dispatch-update3326-reason-responses-05
Vincent Roca             2011-09-06 draft-salgueiro-mmusic-image-iana-registration-08
Joe Salowey              2011-09-08 draft-eggert-successful-bar-bof-06
Juergen Schoenwaelder    2011-08-25 draft-ietf-idr-deprecate-as-sets-05
Tina TSOU                2011-04-23 draft-shin-augmented-pake-08
Glen Zorn                2011-06-28 draft-li-pwe3-ms-pw-pon-04



From j.schoenwaelder@jacobs-university.de  Fri Aug 19 07:14:54 2011
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FCD321F8AF2; Fri, 19 Aug 2011 07:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.09
X-Spam-Level: 
X-Spam-Status: No, score=-103.09 tagged_above=-999 required=5 tests=[AWL=0.159, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42QFsnx9gwNF; Fri, 19 Aug 2011 07:14:53 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by ietfa.amsl.com (Postfix) with ESMTP id 3785D21F8AF0; Fri, 19 Aug 2011 07:14:53 -0700 (PDT)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id BED6020C1B; Fri, 19 Aug 2011 16:15:49 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id GoXDInTARofL; Fri, 19 Aug 2011 16:15:48 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 22FA620C15; Fri, 19 Aug 2011 16:15:48 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 3F1AD1A35229; Fri, 19 Aug 2011 16:15:40 +0200 (CEST)
Date: Fri, 19 Aug 2011 16:15:40 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-idr-deprecate-as-sets.all@tools.ietf.org
Message-ID: <20110819141540.GE28373@elstar.local>
Mail-Followup-To: iesg@ietf.org, secdir@ietf.org, draft-ietf-idr-deprecate-as-sets.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [secdir] secdir review of draft-ietf-idr-deprecate-as-sets-05.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 14:14:54 -0000

I have reviewed this document as part of the security
directorate'songoing effort to review all IETF documents being
processed by the IESG.  These comments were written primarily for the
benefit of thesecurity area directors.  Document editors and WG chairs
should treat these comments just like any other last call comments.

This I-D deprecates the BGBP AS_SETs and AS_CONFED_SETs path
attributes and I see no security issues with this document and the
Security Considerations section seems appropriate.

My only editorial nit is to spell out the acronym RPKI in the Security
Considerations section and to perhaps change the short running title
to "Deprecation of AS_SET and AS_CONFED_SET".

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

From ondrej.sury@nic.cz  Fri Aug 19 09:10:13 2011
Return-Path: <ondrej.sury@nic.cz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 645C821F8B1D; Fri, 19 Aug 2011 09:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OMckKXlXj1W; Fri, 19 Aug 2011 09:10:12 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id B8E3421F8A36; Fri, 19 Aug 2011 09:10:11 -0700 (PDT)
Received: from [IPv6:2001:1488:ac14:1400:d03d:a0:8f9b:2ed1] (unknown [IPv6:2001:1488:ac14:1400:d03d:a0:8f9b:2ed1]) by mail.nic.cz (Postfix) with ESMTPSA id C66332A0BC8; Fri, 19 Aug 2011 18:10:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1313770259; bh=quEVv3/fiXHAxLDyewn0tcXrART6QNMJrlU9mGB5FFI=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: Message-Id:To:Mime-Version; b=OJwkB439tbDHjd21IK0tEB2f130KL/8IQHWcTAYmGM2PO8NlC5Te0PQajq94URXqv qDAleaM5WsQAkxBnGlGGnVf7pY258nDM1f1e66MSuE6YGBnaHUdWijrwA4PdNTpA6C 212ghvBiHfZJBFvdmqie9f3n7buMelYwqn2vgh1Q=
From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= <ondrej.sury@nic.cz>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Fri, 19 Aug 2011 18:10:59 +0200
Message-Id: <C5559F41-D328-47F2-A463-00F118ED61D5@nic.cz>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-sidr-rescerts-provisioning.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1244.3)
X-Mailer: Apple Mail (2.1244.3)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Subject: [secdir] secdir review of draft-ietf-sidr-rescerts-provisioning-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 16:10:13 -0000

I have reviewed this document as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.

This I-D is a part of RPKI infrastructure built in the SIDR WG.  And
this document defines a framework for certificate management =
interactions
between a resource issuer and a resource recipient.

I am not following the SIDR working group and thus I found it quite
hard to review this draft.  (So sorry for the big delay, it took me
a while to find a time get at least quick introduction into RPKI.)

I read the document and the security considerations and I consider them
well thought, but there are some parts which are a bit confusing for
someone not involved in the whole RPKI stuff.

1. I think that you should move the I-D.sidr-arch and I-D.sidr-res-certs
from Informative to Normative References.  The document uses much of the
terminology ("resources", "Resource Certificates", etc.) which cannot be
understood without reading at least those two.

2. In the terminology and the scope you use terms "Certificates"
and "Certificate Authority" and it's not clear if you talk about X.509
or RPKI.  I think you should add few sentences from I-D.sidr-res-certs
to explain the very basics of Resource Certificates to the reader of =
this
draft.

Apart from the difficulty to understand the document I found that all my
concerns from reading the draft were addressed in the security =
considerations.
However I would recommend to review the security of the output of the =
SIDR
WG as a whole, because it defines quite an important infrastructure =
which
will have an impact on the IPv4/6 resource handling.  Personally I think
that I may have overlooked something by reviewing just this one document
without thorough review of all related drafts.

O.
--
 Ond=C5=99ej Sur=C3=BD
 vedouc=C3=AD v=C3=BDzkumu/Head of R&D department
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    Laborato=C5=99e CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------


From scott@hyperthought.com  Fri Aug 19 10:26:32 2011
Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 320E821F8BA2 for <secdir@ietfa.amsl.com>; Fri, 19 Aug 2011 10:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WPhPC9Ai3v0D for <secdir@ietfa.amsl.com>; Fri, 19 Aug 2011 10:26:31 -0700 (PDT)
Received: from smtp112.iad.emailsrvr.com (smtp112.iad.emailsrvr.com [207.97.245.112]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8AD21F8B9E for <secdir@ietf.org>; Fri, 19 Aug 2011 10:26:31 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp41.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 6A4482904BE; Fri, 19 Aug 2011 13:27:27 -0400 (EDT)
X-Virus-Scanned: OK
Received: from dynamic11.wm-web.iad.mlsrvr.com (dynamic11.wm-web.iad1a.rsapps.net [192.168.2.218]) by smtp41.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 27748290501; Fri, 19 Aug 2011 13:27:27 -0400 (EDT)
Received: from hyperthought.com (localhost [127.0.0.1]) by dynamic11.wm-web.iad.mlsrvr.com (Postfix) with ESMTP id 11934E00AF;  Fri, 19 Aug 2011 13:27:27 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com)  with HTTP; Fri, 19 Aug 2011 10:27:27 -0700 (PDT)
Date: Fri, 19 Aug 2011 10:27:27 -0700 (PDT)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-dijkstra-urn-ogf.all@tools.ietf.org
MIME-Version: 1.0
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
Message-ID: <1313774847.06915599@apps.rackspace.com>
X-Mailer: webmail7.0
Subject: [secdir] secdir review of draft-dijkstra-urn-ogf-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 17:26:32 -0000

I have reviewed this document as part of the security directorate's ongoing=
 effort to review all IETF documents being processed by the IESG.  These co=
mments were written primarily for the benefit of the security area director=
s.  Document editors and WG chairs should treat these comments just like an=
y other last call comments.=0A=0AFrom the abstract, this document describes=
 a URN namespace for naming persistent resources for the Open Grid Forum. T=
he security considerations section says that there are no additional securi=
ty considerations beyond those normally associated with use and resolution =
of URNs in general, and that implementers should check the Open Grid Forum =
registry/docs before assuming a given identifier is valid or has a certain =
meaning.=0A=0AI don't have much experience with URNs and any associated sec=
urity issues, but this seems reasonable to me. I don't see any other issues=
 with this doc.=0A=0A--Scott=0A


From barryleiba@gmail.com  Fri Aug 19 11:09:30 2011
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A4221F8B68; Fri, 19 Aug 2011 11:09:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.035
X-Spam-Level: 
X-Spam-Status: No, score=-103.035 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0kuEdPABip7; Fri, 19 Aug 2011 11:09:29 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id A8A2621F8B62; Fri, 19 Aug 2011 11:09:29 -0700 (PDT)
Received: by ywm21 with SMTP id 21so2564024ywm.31 for <multiple recipients>; Fri, 19 Aug 2011 11:10:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=+TK5QT4nFynySXOvv6IlRsNJLuxJ+iPeCv4tEdViLAo=; b=YTkf3LPiN2HzJWs6BTCf/uPf1Y/N4Vzc79Yz/iS3rKuUTuiWPDEWhZuNOE5RAS3JuZ jl4Ys6TbYOjkh+RAfq9chstvMHvlIWkiK3nzJApFQbvCGCTE4r2Onp+yhxAZveDXBnwo Jm1GtbjOCETwBpUFm5VyEpxohHixb5rfyjU28=
MIME-Version: 1.0
Received: by 10.236.195.70 with SMTP id o46mr407946yhn.21.1313777424636; Fri, 19 Aug 2011 11:10:24 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.236.209.37 with HTTP; Fri, 19 Aug 2011 11:10:24 -0700 (PDT)
Date: Fri, 19 Aug 2011 14:10:24 -0400
X-Google-Sender-Auth: gSKb_WAFK0ragT4lNh8inRft1Fc
Message-ID: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: secdir@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 18:09:30 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

It's a simple draft, defining a few new flags, and I don't see any
problems with it.

I have one minor question; in section 2.2 is this:

      An Ingress LSR sets the OOB mapping indication flag to signal the
      Egress LSR that binding of RSVP-TE LSP to an application and
      payload identification is being signaled out-of-band. This flag
      MUST NOT be modified by any other LSRs in the network. LSRs other
      than the Egress LSRs SHOULD ignore this flag.

On that last "SHOULD": what does it mean for any other LSR *not* to
ignore the flag?  That is, what can they do?  How can they not ignore
it, since there's no defined behaviour for them to do with it?

Barry

From adrian@olddog.co.uk  Mon Aug 22 06:58:09 2011
Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A558521F8B4B; Mon, 22 Aug 2011 06:58:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.592
X-Spam-Level: 
X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[AWL=0.007,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9MUva3ZqoBt; Mon, 22 Aug 2011 06:58:09 -0700 (PDT)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by ietfa.amsl.com (Postfix) with ESMTP id E0C0A21F8B4A; Mon, 22 Aug 2011 06:58:08 -0700 (PDT)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id p7MDx8b3029125;  Mon, 22 Aug 2011 14:59:08 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id p7MDx7xx029119 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 22 Aug 2011 14:59:08 +0100
From: "Adrian Farrel" <adrian@olddog.co.uk>
To: "'Barry Leiba'" <barryleiba@computer.org>, <secdir@ietf.org>
References: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com>
In-Reply-To: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com>
Date: Mon, 22 Aug 2011 14:59:07 +0100
Message-ID: <065801cc60d3$a9d77f20$fd867d60$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQL7uy7LvXWYMvZs8RqlX4lyiECh2pLKL5qg
Content-Language: en-gb
Cc: draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org, iesg@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 13:58:09 -0000

Since the authors and document shepherd haven't responded, and since Stephen
mentions the review in Comment, I will take on responding...

> I have one minor question; in section 2.2 is this:
> 
>       An Ingress LSR sets the OOB mapping indication flag to signal the
>       Egress LSR that binding of RSVP-TE LSP to an application and
>       payload identification is being signaled out-of-band. This flag
>       MUST NOT be modified by any other LSRs in the network. LSRs other
>       than the Egress LSRs SHOULD ignore this flag.
> 
> On that last "SHOULD": what does it mean for any other LSR *not* to
> ignore the flag?  That is, what can they do?  How can they not ignore
> it, since there's no defined behaviour for them to do with it?

There is a difference between not being told to do something, and being told to
not do something.

It would be extreme, IMHO, to say that a transit LSR MUST ignore the flag.
The fact that there is no behavior required of the transit LSR and nothing that
pertains to the LSP that can be thought of for the LSR to do, is not reason to
forbid the LSR from looking at the flag, saying "Ooooh, that's interesting", and
sending a message to its third cousin in Baltimore to gossip about the fact.
In the same way that a router "SHOULD" ignore the source IP address on a packet
when it routes it, there is no reason to prohibit examination of the field.

Cheers,
Adrian


From barryleiba@gmail.com  Mon Aug 22 07:11:04 2011
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB77821F8AF3; Mon, 22 Aug 2011 07:11:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.035
X-Spam-Level: 
X-Spam-Status: No, score=-103.035 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ep2PX42Sm63R; Mon, 22 Aug 2011 07:11:03 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3886F21F8AF1; Mon, 22 Aug 2011 07:11:02 -0700 (PDT)
Received: by yie12 with SMTP id 12so4384477yie.31 for <multiple recipients>; Mon, 22 Aug 2011 07:12:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=xRKznNf9ecHvs98APJVMy7aNCX/EgMf8SnfB4tfCZ/o=; b=cpGEv8+y7WFQ2al1o2CsqigkWbZspWqP8CJGoCKv1qzxiEsNyZ3uv0Q56QEp3qPAv6 5FOmMKY5+wCDzLJ256AhrIFGdxztOJ36LWBLeik8arATUOVPqbPIr7jWKHPQ3NqYDd+m F+IKUAGQn5+5bTxSa5Uonbng6uVaSTPSJzbpw=
MIME-Version: 1.0
Received: by 10.236.181.166 with SMTP id l26mr14316725yhm.89.1314022327064; Mon, 22 Aug 2011 07:12:07 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.236.209.137 with HTTP; Mon, 22 Aug 2011 07:12:06 -0700 (PDT)
In-Reply-To: <065801cc60d3$a9d77f20$fd867d60$@olddog.co.uk>
References: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com> <065801cc60d3$a9d77f20$fd867d60$@olddog.co.uk>
Date: Mon, 22 Aug 2011 10:12:06 -0400
X-Google-Sender-Auth: WI8BTPl3Dn4Wt4uFaxloe-GYF4Q
Message-ID: <CALaySJJKb=at2yYHAojy5hgGskkcmkoyuowA+BchEE1RK-YQGw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: adrian@olddog.co.uk
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 14:11:04 -0000

> Since the authors and document shepherd haven't responded, and since Step=
hen
> mentions the review in Comment, I will take on responding...

Thanks.

>> I have one minor question; in section 2.2 is this:
...
>> On that last "SHOULD": what does it mean for any other LSR *not* to
>> ignore the flag? =A0That is, what can they do? =A0How can they not ignor=
e
>> it, since there's no defined behaviour for them to do with it?
...
> It would be extreme, IMHO, to say that a transit LSR MUST ignore the flag=
.
> The fact that there is no behavior required of the transit LSR and nothin=
g that
> pertains to the LSP that can be thought of for the LSR to do, is not reas=
on to
> forbid the LSR from looking at the flag, saying "Ooooh, that's interestin=
g", and
> sending a message to its third cousin in Baltimore to gossip about the fa=
ct.
> In the same way that a router "SHOULD" ignore the source IP address on a =
packet
> when it routes it, there is no reason to prohibit examination of the fiel=
d.

OK... works for me.  As I said, it was just a minor question.

For what it's worth, I think I would put such situations in
non-normative language, as something like, "This flag is not
applicable to, and has no use for LSRs other than the Egress LSRs ."
But what's there is fine.  Thanks for answering my query.

Barry

From tlyu@mit.edu  Mon Aug 22 11:45:23 2011
Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65E8F21F87D9; Mon, 22 Aug 2011 11:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.155
X-Spam-Level: 
X-Spam-Status: No, score=-104.155 tagged_above=-999 required=5 tests=[AWL=-0.556, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2QnVRw49lD4h; Mon, 22 Aug 2011 11:45:23 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (DMZ-MAILSEC-SCANNER-1.MIT.EDU [18.9.25.12]) by ietfa.amsl.com (Postfix) with ESMTP id C264421F893C; Mon, 22 Aug 2011 11:45:22 -0700 (PDT)
X-AuditID: 1209190c-b7bdeae000000a26-02-4e52a3c2e5ac
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 93.42.02598.2C3A25E4; Mon, 22 Aug 2011 14:45:22 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id p7MIkPoD021370;  Mon, 22 Aug 2011 14:46:26 -0400
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id p7MIkHnp000106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 22 Aug 2011 14:46:23 -0400 (EDT)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id p7MIkHp4017471; Mon, 22 Aug 2011 14:46:17 -0400 (EDT)
To: Rob Austein <sra@hactrn.net>
References: <20110811054042.E18E03DA59E@minas-ithil.hactrn.net>
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 22 Aug 2011 14:46:17 -0400
In-Reply-To: <20110811054042.E18E03DA59E@minas-ithil.hactrn.net> (Rob Austein's message of "Thu, 11 Aug 2011 01:40:42 -0400")
Message-ID: <ldvy5yl7092.fsf@cathode-dark-space.mit.edu>
Lines: 30
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDIsWRmVeSWpSXmKPExsUixG6nrntocZCfwcZvIhbHdyxjtJjxZyKz xYeFD1kspmx9x+LA4tF25zKTx5IlP5k8vlz+zBbAHMVlk5Kak1mWWqRvl8CV8XrHcfaCnzwV G3ZvYW9gPMrVxcjJISFgIvHk2CtWCFtM4sK99WxdjFwcQgL7GCXudV2CcjYwSvScuM0M4Vxh kmju2cEI4XQxSrzZdZgdpF9EQEGi69A3JhCbWSBdYlXDcjYQW1jAQeL2yy1gNUIC9hKP9/Sz dDFycLAJSEscXVwGEmYRUJW4dvYn2BmcArUSkzdAtPIKWEgcP9UB1sojwCnx6OxlJoi4oMTJ mU9YIFZpSdz495JpAqPgLCSpWUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFuka6uVmluil ppRuYgQFMqckzw7GNweVDjEKcDAq8fA+MAn0E2JNLCuuzD3EKMnBpCTKaw2MAyG+pPyUyozE 4oz4otKc1OJDjBIczEoivPd7gHK8KYmVValF+TApaQ4WJXHegzsc/IQE0hNLUrNTUwtSi2Cy MhwcShK89SBDBYtS01Mr0jJzShDSTBycIMN5gIYXg9TwFhck5hZnpkPkTzEqSonzRoEkBEAS GaV5cL2wRPOKURzoFWHeCpAqHmCSgut+BTSYCWjwhJUBIINLEhFSUg2MxrKPD9b016R5+7BU XP/MqyRnVHBiYbrmArl/uXLzktg2PmXP057UZjtHNrVhbfgyXqtgSb72hffvLnF7d0IiL6oi /w73pZuh5x7w5B612zVju9qkZBFhp/CljK0fuRYob9hZmFRjsNPmdZlHgqNA2O3/k6P43/33 uH0/wOA9Z/Y/dYOt8QlKLMUZiYZazEXFiQBM9DHkDwMAAA==
Cc: draft-shiomoto-ccamp-switch-programming.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] draft-shiomoto-ccamp-switch-programming-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 18:45:23 -0000

Rob Austein <sra@hactrn.net> writes:

> The kicker here is the definition of "safe".  As the subject is
> traffic engineering, loss of money and data are of course issues, but
> the more disturbing issue is that (according to the authors -- I have
> no reason to disbelieve them but have not independently verified this)
> there is a risk of bodily harm to "service personnel", because, for
> some of the technologies that use this protocol, deciding to start
> sending data equates to turning on lasers.

I am not inclined to believe that this physical safety issue is
severe.  Having worked with lasers, though not network equipment that
uses them, I can say that good general laser safety practices should
substantially reduce the risk of injury to personnel.  (e.g., safety
eyewear; treating any aperture, fiber, etc. that is capable of
emitting a laser beam as if it could do so at any moment; putting beam
stops in place to protect against accidental exposure; etc.)

IMHO, if the physical safety of your personnel relies substantially on
the good behavior of some person or equipment located possibly
thousands of miles away, your industrial hygiene program could use
some improvement.

It may be that prevailing practices in the industry are not as
conservative, such that the advice about physical safety due to
unexpected laser activation is warranted.  (Are there operators here
who could comment?)  From a risk management perspective, I think it
would be better for an operator to institute better laser safety
practices locally.  I believe optical patch panels with integral beam
stops are available, for example.

From zali@cisco.com  Mon Aug 22 12:45:47 2011
Return-Path: <zali@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E083721F8BA7; Mon, 22 Aug 2011 12:45:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.371
X-Spam-Level: 
X-Spam-Status: No, score=-2.371 tagged_above=-999 required=5 tests=[AWL=0.228,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UOwDmP1WUjSo; Mon, 22 Aug 2011 12:45:47 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 1D16721F8BA2; Mon, 22 Aug 2011 12:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=zali@cisco.com; l=2157; q=dns/txt; s=iport; t=1314042413; x=1315252013; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to:cc; bh=hdNkjBGEcy2UsME4PHee+0t/7yDaZSGb4RpyfsWr1wQ=; b=OATphETc64QyPGnlCUihS+xTDp82o32CPeeJfiQvliVyIgY1OARu4+xd Ulg5ng8C5gCkQ/CXvnNDWREhlyz+mWc7/At/brtAjqRB9benyVH54K64x h3WCzH4nhooG12nIBNiNOxmKlys/wEd+QgxtILrCLZoydlQ2fcTXuwQ2k 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtIAALyxUk6tJV2c/2dsb2JhbABBmDuPWneBQAEBAQEDEgEdSQwEAgEIEQQBAQsGFwEGASAlCQgBAQQBEggangIBnnqFaV8EhzEvkEmEYYcf
X-IronPort-AV: E=Sophos;i="4.68,264,1312156800"; d="scan'208";a="15425625"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-2.cisco.com with ESMTP; 22 Aug 2011 19:46:52 +0000
Received: from xbh-rcd-102.cisco.com (xbh-rcd-102.cisco.com [72.163.62.139]) by rcdn-core-5.cisco.com (8.14.3/8.14.3) with ESMTP id p7MJkqWC018204;  Mon, 22 Aug 2011 19:46:52 GMT
Received: from xmb-rcd-103.cisco.com ([72.163.62.145]) by xbh-rcd-102.cisco.com with Microsoft SMTPSVC(6.0.3790.4675);  Mon, 22 Aug 2011 14:46:52 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 Aug 2011 14:46:51 -0500
Message-ID: <7CC717E2F49DAA4A827DA3FEA237111B05BA3147@XMB-RCD-103.cisco.com>
In-Reply-To: <CALaySJJKb=at2yYHAojy5hgGskkcmkoyuowA+BchEE1RK-YQGw@mail.gmail.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
Thread-Index: Acxg1YOrNUKqTl8IRCeuf69EHYWXRwALnnkQ
References: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com><065801cc60d3$a9d77f20$fd867d60$@olddog.co.uk> <CALaySJJKb=at2yYHAojy5hgGskkcmkoyuowA+BchEE1RK-YQGw@mail.gmail.com>
From: "Zafar Ali (zali)" <zali@cisco.com>
To: "Barry Leiba" <barryleiba@computer.org>, <adrian@olddog.co.uk>
X-OriginalArrivalTime: 22 Aug 2011 19:46:52.0350 (UTC) FILETIME=[3D52C5E0:01CC6104]
X-Mailman-Approved-At: Mon, 22 Aug 2011 12:49:52 -0700
Cc: draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 19:45:48 -0000

Hi Adrian-=20

Thanks for taken care of the comment; very much appreciated.=20

Ross/ Adrian-=20

I saw the email that a word-smiting related comment from Ross has been =
put as a note to RFC editor by Adrian. I.e., we assume no action from =
authors is required. Please advise, if otherwise.=20

Thanks

Regards ... Zafar=20


> -----Original Message-----
> From: barryleiba@gmail.com [mailto:barryleiba@gmail.com] On Behalf Of
> Barry Leiba
> Sent: Monday, August 22, 2011 10:12 AM
> To: adrian@olddog.co.uk
> Cc: secdir@ietf.org; draft-ietf-mpls-rsvp-te-no-php-oob-
> mapping.all@tools.ietf.org; iesg@ietf.org
> Subject: Re: secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-
> mapping-08
>=20
> > Since the authors and document shepherd haven't responded, and since
> Stephen
> > mentions the review in Comment, I will take on responding...
>=20
> Thanks.
>=20
> >> I have one minor question; in section 2.2 is this:
> ...
> >> On that last "SHOULD": what does it mean for any other LSR *not* to
> >> ignore the flag? =A0That is, what can they do? =A0How can they not =
ignore
> >> it, since there's no defined behaviour for them to do with it?
> ...
> > It would be extreme, IMHO, to say that a transit LSR MUST ignore the
> flag.
> > The fact that there is no behavior required of the transit LSR and
> nothing that
> > pertains to the LSP that can be thought of for the LSR to do, is not
> reason to
> > forbid the LSR from looking at the flag, saying "Ooooh, that's
> interesting", and
> > sending a message to its third cousin in Baltimore to gossip about =
the
> fact.
> > In the same way that a router "SHOULD" ignore the source IP address =
on
> a packet
> > when it routes it, there is no reason to prohibit examination of the
> field.
>=20
> OK... works for me.  As I said, it was just a minor question.
>=20
> For what it's worth, I think I would put such situations in
> non-normative language, as something like, "This flag is not
> applicable to, and has no use for LSRs other than the Egress LSRs ."
> But what's there is fine.  Thanks for answering my query.
>=20
> Barry

From yaronf.ietf@gmail.com  Mon Aug 22 14:16:38 2011
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFBAD21F8B7E; Mon, 22 Aug 2011 14:16:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level: 
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bXkC8KjW81X; Mon, 22 Aug 2011 14:16:38 -0700 (PDT)
Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by ietfa.amsl.com (Postfix) with ESMTP id B61D821F8B70; Mon, 22 Aug 2011 14:16:37 -0700 (PDT)
Received: by wwe5 with SMTP id 5so2521944wwe.1 for <multiple recipients>; Mon, 22 Aug 2011 14:17:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=DSkvl38cE3LIpxmpnPDF+WEVq8OnMNhBCET8KAeM9K4=; b=ZjdDldgyUXWmd/E09jkVLe85bNpx+t10TzLf1mVzLED7SuqKAdQ3EQopdasgiQ5fJa 3ScEa9fPLYsh8gBTh4g9lon1VF2WS7UYJcP+cy2Kh9TjeV/CiAFSz/LFy+1MGJBS0zrn 1rmp1M3sdpZNNjIHqCeMO0VRYxHxssyt3Cvf0=
Received: by 10.216.166.136 with SMTP id g8mr2348177wel.24.1314047861528; Mon, 22 Aug 2011 14:17:41 -0700 (PDT)
Received: from [10.0.0.3] (bzq-79-181-242-252.red.bezeqint.net [79.181.242.252]) by mx.google.com with ESMTPS id fm9sm5148626wbb.44.2011.08.22.14.17.38 (version=SSLv3 cipher=OTHER); Mon, 22 Aug 2011 14:17:40 -0700 (PDT)
Message-ID: <4E52C76D.30204@gmail.com>
Date: Tue, 23 Aug 2011 00:17:33 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: secdir@ietf.org,  draft-weil-shared-transition-space-request.all@tools.ietf.org,  iesg@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [secdir] SecDir review of draft-weil-shared-transition-space-request-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 21:16:38 -0000

[Sorry if you receive this message twice. Please respond to this address.]

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

Summary

Security considerations are missing and should be added.

Details

A number of objections were raised on the main IETF mailing list. Not 
being an expert on IPv6 transition strategies, I will not opine on the 
value of the proposed address space. However from the point of view of 
security, the draft needs to be improved.

For motivation, the draft refers to a "problem statement" draft, 
draft-bdgks-arin-shared-transition-space. Looking at the security 
considerations in draft-bdgks, it is clear that the current document 
should say much more than "this is not a protocol; there are no security 
implications," as it currently does. I'm afraid I disagree on both 
counts: this is indeed a protocol (it defines who is allowed to use 
these addresses and for what purpose, and it *should* specify how this 
can be enforced), and there are clear security implications: you don't 
want people outside the ISP's network (or the ISP's own customers, for 
that matter) to spoof tunnel termination points.

Following up on draft-bdgks, the current document should at least advise 
on (and better yet, mandate solutions for) "best practices associated 
with the use of this space, including considerations relating to 
filtering, routing, etc.".

Thanks,
     Yaron


From yaronf@gmx.com  Mon Aug 22 14:13:57 2011
Return-Path: <yaronf@gmx.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 899CE21F8B79 for <secdir@ietfa.amsl.com>; Mon, 22 Aug 2011 14:13:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ftw1d-LzlNwv for <secdir@ietfa.amsl.com>; Mon, 22 Aug 2011 14:13:57 -0700 (PDT)
Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.43]) by ietfa.amsl.com (Postfix) with SMTP id DCB2321F8B7E for <secdir@ietf.org>; Mon, 22 Aug 2011 14:13:56 -0700 (PDT)
Received: (qmail invoked by alias); 22 Aug 2011 21:15:00 -0000
Received: from bzq-79-181-242-252.red.bezeqint.net (EHLO [10.0.0.3]) [79.181.242.252] by mail.gmx.com (mp-eu006) with SMTP; 22 Aug 2011 23:15:00 +0200
X-Authenticated: #63966379
X-Provags-ID: V01U2FsdGVkX18ST7Zcw2sS54+ZYDlyQDLm0aLywSoCnUz6ChboiR kP6ngBvts5Lhu8
Message-ID: <4E52C6C8.5070804@gmx.com>
Date: Tue, 23 Aug 2011 00:14:48 +0300
From: Yaron Sheffer <yaronf@gmx.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: secdir@ietf.org,  draft-weil-shared-transition-space-request.all@tools.ietf.org,  iesg@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-Mailman-Approved-At: Mon, 22 Aug 2011 14:21:29 -0700
Subject: [secdir] SecDir review of draft-weil-shared-transition-space-request-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 21:13:57 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Summary

Security considerations are missing and should be added.

Details

A number of objections were raised on the main IETF mailing list. Not being an expert on IPv6 transition strategies, I will not opine on the value of the proposed address space. However from the point of view of security, the draft needs to be improved.

For motivation, the draft refers to a "problem statement" draft, draft-bdgks-arin-shared-transition-space. Looking at the security considerations in draft-bdgks, it is clear that the current document should say much more than "this is not a protocol; there are no security implications," as it currently does. I'm afraid I disagree on both counts: this is indeed a protocol (it defines who is allowed to use these addresses and for what purpose, and it *should* specify how this can be enforced), and there are clear security implications: you don't want people outside the ISP's network (or the ISP's own customers, for that matter) to spoof tunnel termination points.

Following up on draft-bdgks, the current document should at least advise on (and better yet, mandate solutions for) "best practices associated with the use of this space, including considerations relating to filtering, routing, etc.".

Thanks,
     Yaron


From rcallon@juniper.net  Mon Aug 22 19:54:10 2011
Return-Path: <rcallon@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1976021F8B5B; Mon, 22 Aug 2011 19:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.573
X-Spam-Level: 
X-Spam-Status: No, score=-106.573 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lcwtdrf1Bbcw; Mon, 22 Aug 2011 19:54:09 -0700 (PDT)
Received: from exprod7og117.obsmtp.com (exprod7og117.obsmtp.com [64.18.2.6]) by ietfa.amsl.com (Postfix) with ESMTP id 0568021F8B47; Mon, 22 Aug 2011 19:53:56 -0700 (PDT)
Received: from P-EMHUB02-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob117.postini.com ([64.18.6.12]) with SMTP ID DSNKTlMWf7n8cQkfrYw7IhFcR3B+7yC0Qekj@postini.com; Mon, 22 Aug 2011 19:55:16 PDT
Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 22 Aug 2011 19:51:30 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Mon, 22 Aug 2011 22:51:29 -0400
From: Ross Callon <rcallon@juniper.net>
To: "Zafar Ali (zali)" <zali@cisco.com>, Barry Leiba <barryleiba@computer.org>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Date: Mon, 22 Aug 2011 22:51:30 -0400
Thread-Topic: secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
Thread-Index: Acxg1YOrNUKqTl8IRCeuf69EHYWXRwALnnkQAA7Wh/A=
Message-ID: <DF7F294AF4153D498141CBEFADB17704C3494381F1@EMBX01-WF.jnpr.net>
References: <CALaySJLyNKHp0_QzaTbbX0FB9RASprJ2cknZQjp_=RqFgno4LQ@mail.gmail.com><065801cc60d3$a9d77f20$fd867d60$@olddog.co.uk> <CALaySJJKb=at2yYHAojy5hgGskkcmkoyuowA+BchEE1RK-YQGw@mail.gmail.com> <7CC717E2F49DAA4A827DA3FEA237111B05BA3147@XMB-RCD-103.cisco.com>
In-Reply-To: <7CC717E2F49DAA4A827DA3FEA237111B05BA3147@XMB-RCD-103.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org" <draft-ietf-mpls-rsvp-te-no-php-oob-mapping.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-mpls-rsvp-te-no-php-oob-mapping-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2011 02:54:10 -0000

> Ross/ Adrian-=20
>
> I saw the email that a word-smiting related comment from
> Ross has been put as a note to RFC editor by Adrian. I.e.,
> we assume no action from authors is required. Please advise,
> if otherwise.=20
>
> Thanks
> Regards ... Zafar=20

You are correct. No action needed for my editorial nit (Adrian did it alrea=
dy).=20

thanks, Ross

From mcgrew@cisco.com  Tue Aug 23 07:51:18 2011
Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92A6A21F8922; Tue, 23 Aug 2011 07:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level: 
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=4.001, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 291ifXs1js7X; Tue, 23 Aug 2011 07:51:16 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 68EE521F888A; Tue, 23 Aug 2011 07:51:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mcgrew@cisco.com; l=2295; q=dns/txt; s=iport; t=1314111144; x=1315320744; h=message-id:from:to:content-transfer-encoding: mime-version:subject:date:cc; bh=TUL+en/SkTMxjfJLzL/oRKxiZolaiZwChp0Mc/3s6KI=; b=aSsQefKfFSTx3u9jG5iMYAWNIfGYZjYS8nmkjgPgcssTnO1DJwuiWezf NdwK/s3eQWORauQKvDoYWCNwUJnaP9wxGTuxEM6MljeA8SIEssBd6zjpZ 92v11/JIQADRuB9WeaF1M1L2yrq3mAHmzzT1UckbpZyuWWnDQM0N7QgKX 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvwEADS+U05Io8UQ/2dsb2JhbABBqBx3gVkBFBECP0uBKKQkAZ8wg0eCIl8Eh2GLOIUNjA0
X-IronPort-AV: E=Sophos;i="4.68,270,1312156800"; d="scan'208";a="51667482"
Received: from bgl-core-1.cisco.com ([72.163.197.16]) by ams-iport-2.cisco.com with ESMTP; 23 Aug 2011 14:52:21 +0000
Received: from [192.168.1.104] ([10.86.252.244]) by bgl-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p7NEqIvG006925; Tue, 23 Aug 2011 14:52:19 GMT
Message-Id: <2CC18677-7F6F-4F33-877D-C9043298650B@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: secdir@ietf.org, draft-kivinen-ipsecme-secure-password-framework.all@tools.ietf.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 23 Aug 2011 07:52:17 -0700
X-Mailer: Apple Mail (2.936)
Cc: "iesg@ietf.org IESG" <iesg@ietf.org>
Subject: [secdir] secdir review of kivinen-ipsecme-secure-password-framework-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2011 14:51:18 -0000

I have reviewed this document as part of the security directorate's  
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the  
security area directors.  Document editors and WG chairs should treat  
these comments just like any other last call comments.

The intended status of this document is Informational, but in some  
sense it is performing actions with implications for standards.  It  
implies, but does not state, that IANA should not allocate the "IKEv2  
Authentication Method" numbers requested by three experimental drafts  
([1], [2], [3]).  The motivation for this draft is that "each of ([1],  
[2], [3]) used different method to negotiate" the use of the method,  
but it does not clarify where the difficulty arises - each of those  
three documents defines its own IKEv2 Authentication Method.

The Security Considerations section punts to [1], [2], and [3], but  
this document would be more useful if it provided a comparison of the  
existing methods.  There are some signficiant differences (for  
instance, [2] has special considerations for RFC5282, but [1] and [3]  
do not), and the absence of a securty analysis puts a burden on the  
user of the framework.

The document has many nits, and needs an editorial pass.  Some  
suggested changes below:

Abstract:
"This document specifies a common way so those methods can agree on  
which method is to be used in current connection." -> "This document  
specifies a way to agree on which method is to be used in current  
connection. "
Introduction:
"As each of those documents used different method to negotiate the use  
of the method ..." -> "As each of those documents used a different  
technique to negotiate the use of the method ..."
I suggest removing "This document does not create new protocol or even  
define a protocol which could be used to do anything."
Section 2.
"The proposed negotiation exchange would be:" -> "The secure password  
negotiation exchange is:"
IANA Considerations:
"TBD Secure Password Authentication Method" -> " TBD Generic Secure  
Password Authentication Method"
notes:
[1] harkins-ipsecme-spsk-auth
[2] kuegler-ipsecme-pace-ikev2
[3] shin-augmented-pake

From kivinen@iki.fi  Wed Aug 24 05:14:42 2011
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB5E21F8B02; Wed, 24 Aug 2011 05:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level: 
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4AB0DubgtdV; Wed, 24 Aug 2011 05:14:41 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFFF121F8AF7; Wed, 24 Aug 2011 05:14:40 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id p7OCFduL000162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Aug 2011 15:15:39 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id p7OCFaUR004099; Wed, 24 Aug 2011 15:15:36 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20052.60264.832576.497620@fireball.kivinen.iki.fi>
Date: Wed, 24 Aug 2011 15:15:36 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: David McGrew <mcgrew@cisco.com>
In-Reply-To: <2CC18677-7F6F-4F33-877D-C9043298650B@cisco.com>
References: <2CC18677-7F6F-4F33-877D-C9043298650B@cisco.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 17 min
X-Total-Time: 17 min
Cc: "iesg@ietf.org IESG" <iesg@ietf.org>, draft-kivinen-ipsecme-secure-password-framework.all@tools.ietf.org, secdir@ietf.org
Subject: [secdir] secdir review of kivinen-ipsecme-secure-password-framework-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 12:14:42 -0000

David McGrew writes:
> The intended status of this document is Informational, but in some  
> sense it is performing actions with implications for standards.

I think all of those 3 drafts are listed as for Experimental status
not for standards track. Also it is meant to be so that each of those
drafts would be not need to make normative reference to this document,
i.e. they will copy all the text they need to make documents
self-standing. This document will mostly just include background
information.

> It implies, but does not state, that IANA should not allocate the
> "IKEv2 Authentication Method" numbers requested by three
> experimental drafts ([1], [2], [3]). The motivation for this draft
> is that "each of ([1], [2], [3]) used different method to negotiate"
> the use of the method, but it does not clarify where the difficulty
> arises - each of those three documents defines its own IKEv2
> Authentication Method.

The IKEv2 Authentication Method is indicated way too late to be used
for negotiation of the method. It is sent along the AUTH payload
inside the last IKE_AUTH exchange, which means the implementations
need to know the method to be used earlier (i.e. before they start the
IKE_AUTH).

> The Security Considerations section punts to [1], [2], and [3], but  
> this document would be more useful if it provided a comparison of the  
> existing methods.

For my point of view all of the documents are mostly same, I do not
think there is any major differences in them. Because of this I think
it is not possible for me to provide such comparison. 

> There are some signficiant differences (for instance, [2] has
> special considerations for RFC5282, but [1] and [3] do not),

As far as I know the [2] is the only one which have special issues
with RFC5282, and even with that it is just that the method reuses the
same encryption method than IKEv2 SA uses for some other uses, and in
that other use the authenticated encryption cipher is not suitable.

> and the absence of a securty analysis puts a burden on the user of
> the framework.

My hope is that this framework is not needed anymore in the future,
i.e. that there would not be 4th version of the secure password method
using this framework. Unfortunately that might not be so, and that is
the main reason of putting out this document.

As this document will be something that is not really needed for
implementing any of [1], [2], or [3] (each of those documents will be
self-sufficient) the only reason to publish this is to provide generic
text in case we have one more of those methods in the future, so it
can follow the same rules than those 3 existing ones. This document
is also useful for someone implementing multiple of those existing
protocols, so the implementor can know which rules were used, without
the need to compare actual protocols exactly. 

> The document has many nits, and needs an editorial pass.  Some  
> suggested changes below:
> 
> Abstract:
> "This document specifies a common way so those methods can agree on  
> which method is to be used in current connection." -> "This document  
> specifies a way to agree on which method is to be used in current  
> connection. "
> Introduction:
> "As each of those documents used different method to negotiate the use  
> of the method ..." -> "As each of those documents used a different  
> technique to negotiate the use of the method ..."
> I suggest removing "This document does not create new protocol or even  
> define a protocol which could be used to do anything."
> Section 2.
> "The proposed negotiation exchange would be:" -> "The secure password  
> negotiation exchange is:"
> IANA Considerations:
> "TBD Secure Password Authentication Method" -> " TBD Generic Secure  
> Password Authentication Method"

Done. 
-- 
kivinen@iki.fi

From mundy@sparta.com  Wed Aug 24 14:42:17 2011
Return-Path: <mundy@sparta.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB51721F8D61; Wed, 24 Aug 2011 14:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,  BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aBh265nU941S; Wed, 24 Aug 2011 14:42:17 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 27C2021F8D5F; Wed, 24 Aug 2011 14:42:16 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p7OLhRO6031822; Wed, 24 Aug 2011 16:43:27 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p7OLhP7R028728; Wed, 24 Aug 2011 16:43:26 -0500
Received: from [192.94.214.97] ([192.94.214.97]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);  Wed, 24 Aug 2011 17:43:23 -0400
User-Agent: Microsoft-Entourage/12.25.0.100505
Date: Wed, 24 Aug 2011 17:43:14 -0400
From: Russ Mundy <mundy@sparta.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org>
Message-ID: <CA7AE8B2.C2F68%mundy@sparta.com>
Thread-Topic: secdir Review of draft-ietf-v6ops-3gpp-eps
Thread-Index: AcxiptOJyMiiEtDT+UKl56ec35rfXg==
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 24 Aug 2011 21:43:25.0355 (UTC) FILETIME=[DA4E27B0:01CC62A6]
Cc: Russ Mundy <mundy@sparta.com>
Subject: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 21:42:17 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
        
While I do agree with the factual correctness of the Security Considerations
section (the document does not _introduce_ any security related concerns),
the support for IPv6 in 3GPP networks described in document certainly does
have a number of security concerns.  Some obvious examples, use of DHCP
based address management and access control/authorization of the PDN
Connection (shown in Figure 8).  Although these and other security issues
are likely addressed in various other documents, it would be useful to make
a definitive statement to that effect in the Security Considerations
section.  It would be even more useful if some more specific references were
to be included in parts of the document that clearly deal with security
issues such as address management and access control and authorization.
        
        
        Russ Mundy
        
        
        
        



From magnusn@gmail.com  Wed Aug 24 23:08:13 2011
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D059721F8AB8; Wed, 24 Aug 2011 23:08:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level: 
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fD-ER5epyoNj; Wed, 24 Aug 2011 23:08:13 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8E65021F855B; Wed, 24 Aug 2011 23:08:12 -0700 (PDT)
Received: by gxk19 with SMTP id 19so1740853gxk.31 for <multiple recipients>; Wed, 24 Aug 2011 23:09:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Uby91FOKoUIWQZUDi5PVigVhj0DRXB+nZh/2J5LUoOw=; b=TOjO13ZtSV/G6xSJF6bqc12tUoo3phG0RFy4XF+PI2HMC+kxdWUGUztgBY+4dwI1KC C7hqh8fmXNrDCTf/ujHOawv19HC9BSUg1sBYhFOS6oiugDFSWuVjsGPbdUnVbownaBQY uzVUEiFbidoxXpQqJYlKh4YKnoZXFIjgz1Xd0=
MIME-Version: 1.0
Received: by 10.150.254.5 with SMTP id b5mr457475ybi.240.1314252564873; Wed, 24 Aug 2011 23:09:24 -0700 (PDT)
Received: by 10.150.96.19 with HTTP; Wed, 24 Aug 2011 23:09:24 -0700 (PDT)
Date: Wed, 24 Aug 2011 23:09:24 -0700
Message-ID: <CADajj4ZJ_5qoBxPsUY6xWL4Tf_d_QgwP0Ooj2=x31LuDwC4ceA@mail.gmail.com>
From: =?ISO-8859-1?Q?Magnus_Nystr=F6m?= <magnusn@gmail.com>
To: iesg@ietf.org, secdir@ietf.org,  draft-ietf-yam-rfc4409bis-02@tools.ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] Secdir review of draft-ietf-yam-rfc4409bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 06:08:13 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. =A0These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This document updates RFC 4409 by clarifying MSA/MTA/MUA behavior
and providing further guidance.

The security considerations section seems relevant and I have no other
comments on this document.

-- Magnus

From jouni.nospam@gmail.com  Thu Aug 25 03:49:05 2011
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5467321F85EC; Thu, 25 Aug 2011 03:49:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level: 
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[AWL=-0.560, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IE69-F-gl+kf; Thu, 25 Aug 2011 03:49:04 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id A820021F85C0; Thu, 25 Aug 2011 03:49:04 -0700 (PDT)
Received: by yie12 with SMTP id 12so1931805yie.31 for <multiple recipients>; Thu, 25 Aug 2011 03:50:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=dOnmtK1vZFSsCLzPCBPf2P7YP8AmKF6CScfHDF2VHro=; b=imXmzn4tXs9B1Hz5fth0qff5zPWAL/2E4zmU4FWZ+pQMiovgs0k1g6eMoCutVNip6k bjw5pfRwY5pM5dnSoo6cd48DvF04koCApblYPgqXMXMiKPMSB6xNL79//+OHvA5NaMq8 XD6y7yADAAP5HhI6E9viMf2G81XhSumb1sBLM=
Received: by 10.90.23.34 with SMTP id 34mr6222495agw.90.1314269417409; Thu, 25 Aug 2011 03:50:17 -0700 (PDT)
Received: from [10.255.132.23] ([192.100.123.77]) by mx.google.com with ESMTPS id f4sm683009yhn.41.2011.08.25.03.50.15 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 25 Aug 2011 03:50:16 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <CA7AE8B2.C2F68%mundy@sparta.com>
Date: Thu, 25 Aug 2011 13:50:09 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com>
To: Russ Mundy <mundy@sparta.com>
X-Mailer: Apple Mail (2.1084)
Cc: draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 10:49:05 -0000

Russ,

Thanks for the review. You are echoing the same thing as the most in =
IESG. I crafted a bit of text that could be put into the security =
considerations section. I don't know if this would be enough.

- JOuni

----


   In 3GPP access the UE and the network always perform a mutual
   authentication during the network attachment [TS.33102][TS.33401].
   Furthermore, each time a PDP Context/PDN Connection gets created,
   a new connection, a modification of an existing connection and
   an assignment of an IPv6 prefix or an IP address can be authorized
   against the PCC infrastructure [TS.23203] and/or PDN's AAA server.

   The wireless part of the 3GPP link between the UE and the (e)NodeB
   as well as the signaling messages between the UE and the MME/SGSN
   can be protected depending on the regional regulation an operator
   deployment policy. User plane traffic can be confidentially
   protected. The control plane is always at least integrity and=20
   replay protected, and may also be confidentially protected. The
   protection within the transmission part of the network depends
   on the operator deployment policy.

   Due the nature of 3GPP point-to-point link model, the UE and the
   first hop router (PGW/GGSN or SGW) are the only nodes on the link,
   which mitigates most of the known on-link attacks. For off-link IPv6
   attacks the 3GPP EPS is as vulnerable as any IPv6 system. There has
   also been concerns that UE IP stack might use permanent subscriber
   identities, such as IMSI and MSISDN, as the source for IPv6 address
   Interface Identifier. This would be a privacy threat and allow
   tracking of subscribers, and therefore use of IMSI and MSISDN as the
   Interface Identifier is prohibited. However, there is no standardized
   method to block such misbehaving UEs.




   [TS.33102]
              3GPP, "3G Security;  Security architecture",
              3GPP TS 33.102 10.0.0, December 2010.


   [TS.33401]
              3GPP, "3GPP System Architecture Evolution (SAE);=20
              Security architecture", 3GPP TS 33.401 10.1.1,
              June 2011.

On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote:

>=20
> I have reviewed this document as part of the security directorate's =
ongoing
> effort to review all IETF documents being processed by the IESG.  =
These
> comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments =
just
> like any other last call comments.
>=20
> While I do agree with the factual correctness of the Security =
Considerations
> section (the document does not _introduce_ any security related =
concerns),
> the support for IPv6 in 3GPP networks described in document certainly =
does
> have a number of security concerns.  Some obvious examples, use of =
DHCP
> based address management and access control/authorization of the PDN
> Connection (shown in Figure 8).  Although these and other security =
issues
> are likely addressed in various other documents, it would be useful to =
make
> a definitive statement to that effect in the Security Considerations
> section.  It would be even more useful if some more specific =
references were
> to be included in parts of the document that clearly deal with =
security
> issues such as address management and access control and =
authorization.
>=20
>=20
>        Russ Mundy
>=20
>=20
>=20
>=20
>=20
>=20


From Sandra.Murphy@cobham.com  Thu Aug 25 16:31:36 2011
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 298AE21F8B62; Thu, 25 Aug 2011 16:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.213
X-Spam-Level: 
X-Spam-Status: No, score=-102.213 tagged_above=-999 required=5 tests=[AWL=0.386, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ary7MYR0QkC; Thu, 25 Aug 2011 16:31:35 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id C8B2321F8B5D; Thu, 25 Aug 2011 16:31:34 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p7PNWjBl009300; Thu, 25 Aug 2011 18:32:45 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p7PNWcKA027916; Thu, 25 Aug 2011 18:32:39 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.112]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 25 Aug 2011 19:32:36 -0400
Date: Thu, 25 Aug 2011 19:32:35 -0400 (Eastern Daylight Time)
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: secdir@ietf.org, iesg@ietf.org
Message-ID: <Pine.WNT.4.64.1108251917420.7464@SMURPHY-LT.columbia.ads.sparta.com>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 25 Aug 2011 23:32:36.0101 (UTC) FILETIME=[45446B50:01CC637F]
Cc: draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-mpls-tp-on-demand-cv
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 23:31:36 -0000

I reviewed draft-ietf-mpls-tp-on-demand-cv as part of the security
directorate's ongoing effort to review all IETF documents being processed
by the IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This draft extends LSP-PING to provide ping/traceroute for MPLS-TP LSPs 
and PWs, using G-ACh when the intermediate nodes would not be able to 
provide the IP service LSP-PING requires.

Background: LSP-PING (RFC4379) was defined to provide connectivity checks 
(like ping) and route tracing checks (like traceroute) for MPLS LSPs. 
LSP-PING uses an IP packet format to be carried as payload under the MPLS 
labels (RFC4379).  Each node is presumed to have an IP host stack to 
process the IP packet format.  Pseudowires (PW - RFC 3985) are constructed 
over varying packet switched nodes types, including MPLS as well as IP, so 
could not count on the IP capability being present in any PW node.  PWE3 
defined their own connection verification (VCCV - RFC5085) function, which 
uses a PW control channel feature, identified in MPLS networks by a ACH - 
Associated Channel Header (RFC4385).  A generic version (G-ACh) of the PW 
control channel ACH was defined for use with LSPs (and "Sections", haven't 
quite grasped that yet) - RFC5586.  MPLS-TP (RFC5921) is a "profile" of 
MPLS for providing a transport service and this draft was needed to 
provide MPLS-TP its own ping/traceroute capability using the G-ACh.

Security comments

This draft defines a new Channel Type for the G-ACh control channel 
defined in RFC5586.  The Channel Type indicates the particular protocol 
using the generic G-ACh.   The security considerations section of RFC5586 
says that:

    The security considerations for the associated control channel are
    described in RFC 4385 [RFC4385].  Further security considerations
    MUST be described in the relevant associated channel type
    specification.

And RFC4385 makes a stronger warning:

    An application using a PW Associated Channel must be aware that the
    channel can potentially be misused.  Any application using the
    Associated Channel MUST therefore fully consider the resultant
    security issues, and provide mechanisms to prevent an attacker from
    using this as a mechanism to disrupt the operation of the PW or the
    PE, and to stop this channel from being used as a conduit to deliver
    packets elsewhere.  The selection of a suitable security mechanism
    for an application using a PW Associated Channel is outside the scope
    of this document.

Finally, RFC5921 (MPLS-TP) reiterates that:

    A third and last area of concern relates to the processing of the
    actual contents of G-ACh messages.  It is necessary that the
    definition of the protocols using these messages carried over a G-ACh
    include appropriate security measures.

This draft's security considerations section is brief and only points to 
the security considerations of LSP-PING:

    The draft does not introduce any new security considerations.  Those
    discussed in [RFC4379] are also applicable to this document.

Perhaps the authors considered this adequate to satisfy the requirements 
from 5586 and 4385 and 5921 for consideration of the security issues.  But 
I am not sure that all the security discussion of RFC4379 apply to this 
new CV protocol.

RFC4379 (LSP-PING) and RFC5085 (VCCV) both discuss the concerns about 
misuse of the control channel - intercepting or injecting packets, 
flooding, etc.  LSP-PING discusses potential mitigation techniques based 
on rate limiting to the UDP port, and filtering and access lists based on 
the source and destination addresses of the LSP-PING payload.  This draft 
defines source and destination ID TLVs for the non-IP use of this 
on-demand-cv, which contain identifiers (see 
draft-ietf-mpls-tp-identifiers) that sound like they could also be used 
for filters and access lists (the "global ID" is typically the ASN and the 
"node ID" is typically the IP address -- but specifically not required to 
be - for example, probably not when they are "compatible with ITU-T 
transport-based operations".). Unfortunately, the source and destination 
ID TLVs are a MAY, so they don't have to appear.  So I don't believe that 
the mitigations suggested in RFC4379 apply to this draft in a 
straightforward way.

VCCV has a different suggestion for protection:

                                                  However the
       implementation of the connectivity verification protocol expands
       the range of possible data-plane attacks.  For this reason
       implementations MUST provide a method to secure the data plane.
       This can be in the form of encryption of the data by running IPsec
       on MPLS packets encapsulated according to [RFC4023], or by
       providing the ability to architect the MPLS network in such a way
       that no external MPLS packets can be injected (private MPLS
       network).

(Note that when VCCV and MPLS-TP talk about data plane attacks they mean 
the payloads in the control channel, not the user data traffic.)

RFC4023 is encapsulating MPLS in IP or GRE, so again these techniques 
would not apply to the non-IP case that is the motivation for this draft. 
Of course, the "private MPLS network" mitigation will continue to work. 
(Probably not in inter-domain applications - perhaps inter-domain pings 
would be rare.)

So I doubt that this draft can rely completely on the security 
considerations section of LSP-PING and don't know if it needs to take the 
security considerations advice of VCCV and MPLS-TP.  I do believe that the 
needs to decide how to handle the MUST requirements in the security 
considerations of 4385/5586/5921.


Editorial comments:

This draft says it updates RFC4379.  But I was unclear about some 
sections, for example, sections 3.1 and 3.2 that talk about IP 
encapsulation.  Section 3.1 in particular does not seem to extend RFC4379 
at all, and it says:

           This form of On-demand CV OAM MUST be supported for MPLS-TP
    LSPs when IP addressing is in use.

Will LSP-PING packets be considered one "form" of On-demand CV?

The draft defines new TLVs and sub-TLVs.  But it also refers often to 
"On-demand CV payload".  It appears this means the entire LSP-PING packet 
as defined in RFC4379 section 3 but it is not clear whether this means 
those packets that include both old TLVs and/or new TLV/sub-TLVs, or those 
packets with only the new TLVs/sub-TLVs.  It wouldn't take much to make 
this clear.
As there are requirements for what happens with "On-demand CV payload", 
(e.g. in section 3.3, if the reply mode is 4 then the "On-demand CV 
payload MUST directly follow the ACH header"), it would be good to be very 
clear what is meant by "On-demand CV payload".

In section 3.3, in the following:

    If the Reply mode indicated in an On-demand CV Request is 4 (Reply
    via application level control channel), the On-demand CV reply
    message MUST be sent on the reverse path of the LSP using ACH.  The
    On-demand CV payload MUST directly follow the ACH header and IP
    and/or UDP headers MUST NOT be attached.

Does this same restriction on the placement of the On-demand CV payload 
apply to the echo request as well?

In the "MUST be sent on the reverse path of the LSP using ACH" -- is that 
"MUST (be sent on the reverse path of the LSP) (using ACH)" or "MUST be 
sent on the reverse path of (the LSP that is using ACH)".  I'm thinking 
the first is right, but I am not sure.

In the following:

    If a node receives an MPLS echo request with a reply mode other than
    4 (reply via application level control channel), and if the node
    supports that reply mode, then it MAY respond using that reply mode.
    If the node does not support the reply mode requested, or is unable
    to reply using the requested reply mode in any specific instance, the
    node MUST drop the echo request packet and not attempt to send a
    response.

The section does not say what happens if the reply mode *is* 4, but the 
node does not support reply mode 4.  I don't know if that ever could 
happen.  I believe the same response holds - drop the request.

I believe the "that reply mode" means the requested reply mode, not the 4 
reply mode.

RFC5586 discusses examples of "ACH TLVs" as source and destination 
information.  It places restrictions on the definition of ACH TLVs in any 
new Channel Type, such as this draft:

    If the G-ACh message MAY be preceded by one or more ACH TLVs, then
    this MUST be explicitly specified in the definition of an ACH Channel
    Type.  If the ACH Channel Type definition does state that one or more
    ACH TLVs MAY precede the G-ACh message, an ACH TLV Header MUST follow
    the ACH.  If no ACH TLVs are required in a specific associated
    channel packet, but the Channel Type nevertheless defines that ACH
    TLVs MAY be used, an ACH TLV Header MUST be present but with a length
    field set to zero to indicate that no ACH TLV follow this header.

    If an ACH Channel Type specification does not explicitly specify that
    ACH TLVs MAY be used, then the ACH TLV Header MUST NOT be used.

I do not know if the Source and Destination Identifier TLVs are ACH TLVs 
or if they can precede the G-ACh.  It looks to me like different 
interpretations of whether these two paragraphs apply to the 
source/destination TLVs could change the packet ordering and content.

Section 3.4.2 and 3.4.3 (part of the Reverse Path CV discussion) say:

               The requesting node (on receipt of the response) can use
    the Reverse-path Target FEC Stack TLV to perform reverse path
    connectivity verification.

and

    On receipt of the echo response, the requesting node MUST perform the
    following checks:

    1.  Perform interface and label-stack validation to ensure that the
        packet is received on the reverse path of the bi-directional LSP
    2.  If the Reverse-Path Target FEC Stack TLV is present in the echo
        response, then perform FEC validation.

Does only the requesting node perform the FEC validation check on the 
Reverse-Path Target FEC Stack?  Don't intermediate nodes do the check?

Section 4.2.2

    The On-demand CV route tracing responses will be received on the LSP
    itself and the presence of an ACH header with channel type of On-
    demand CV is an indicator that the packet contains On-demand CV
                                                      ^an
    payload.

The "On-demand CV" Channel Type is not defined until the IANA 
considerations section.  A forward reference would be good.

Section 4.2.3

    unable to identify the LSP on which the echo response would to be
                                                          would be

                    All responses MUST always be sent on a LSP path using
    the ACH header and ACH channel type of On-demand CV.

Section 3.3 says that requests in a non-IP ACH case SHOULD be sent with 
reply mode of 4 [i.e., could be other than 4] and responses when the reply 
mode is not 4 can be sent using the requested reply mode.  Reply modes 2&3 
are IP encapsulation - does this mean that they must also use the ACH 
header?

Section 5:
5.  Applicability

    The procedures specified in this document for non-IP encapsulation
    apply only to MPLS-TP Transport paths.  This includes LSPs and PWs
    when IP encapsulation is not desired.  However, when IP addressing is
    used, as in non MPLS-TP LSPs, procedures specified in [RFC4379] MUST
    be used.

If this document applies only to MPLS-TP, why place requirements on cases 
that fall outside the scope of this document?  Is there an implication 
that the procedures in RFC4379 differ from the procedures in this draft in 
those non MPLS-TP LSPs?  What does this imply about section 3.1 "LSP-Ping 
with IP encapsulation"?  I obviously am somewhat confused about the area 
of overlap, if any, between RFC4379 and this draft.

--Sandy


From weiler+secdir@watson.org  Sat Aug 27 03:36:35 2011
Return-Path: <weiler+secdir@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC6921F86B6 for <secdir@ietfa.amsl.com>; Sat, 27 Aug 2011 03:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FP8Q81fJdyPV for <secdir@ietfa.amsl.com>; Sat, 27 Aug 2011 03:36:34 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by ietfa.amsl.com (Postfix) with ESMTP id BC75621F8634 for <secdir@ietf.org>; Sat, 27 Aug 2011 03:36:34 -0700 (PDT)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id p7RAbpYS076276 for <secdir@ietf.org>; Sat, 27 Aug 2011 06:37:52 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id p7RAboQE076268 for <secdir@ietf.org>; Sat, 27 Aug 2011 06:37:51 -0400 (EDT) (envelope-from weiler+secdir@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Sat, 27 Aug 2011 06:37:49 -0400 (EDT)
From: Samuel Weiler <weiler+secdir@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: secdir@ietf.org
Message-ID: <alpine.BSF.2.00.1108270630090.7149@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Sat, 27 Aug 2011 06:37:52 -0400 (EDT)
Subject: [secdir] Assignments
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: secdir-secretary@mit.edu
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2011 10:36:35 -0000

Review instructions and related resources are at:
         http://tools.ietf.org/area/sec/trac/wiki/SecDirReview

Carl Wallace is next in the rotation.

For telechat 2011-09-08

Reviewer                 LC end     Draft
Jeffrey Hutzelman      T 2011-07-22 draft-ietf-p2psip-base-18
Radia Perlman          T 2011-08-26 draft-ietf-pwe3-mpls-tp-gal-in-pw-01
Tim Polk                 2011-08-29 draft-ietf-pkix-rfc5272-bis-05
Ondrej Sury              -          draft-ietf-intarea-ipv6-required-01


Last calls and special requests:

Reviewer                 LC end     Draft
Julien Laganier          2011-08-12 draft-ietf-lisp-lig-04
Matt Lepinski            2011-08-16 draft-ietf-ospf-auth-trailer-ospfv3-06
Catherine Meadows       R2011-04-13 draft-ietf-speechsc-mrcpv2-25
Russ Mundy               2011-06-30 draft-ietf-karp-design-guide-03
Hilarie Orman            2011-08-29 draft-ietf-krb-wg-otp-preauth-18
Tim Polk                 2011-05-11 draft-ietf-vrrp-unified-mib-09
Eric Rescorla            2011-09-08 draft-jesske-dispatch-update3326-reason-responses-05
Vincent Roca             2011-09-06 draft-salgueiro-mmusic-image-iana-registration-08
Joe Salowey              2011-09-08 draft-eggert-successful-bar-bof-06
Tina TSOU                2011-04-23 draft-shin-augmented-pake-08
Tina TSOU                -          draft-ietf-websec-origin-04
Glen Zorn                2011-06-28 draft-li-pwe3-ms-pw-pon-04


From radiaperlman@gmail.com  Sat Aug 27 15:32:26 2011
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D2DE21F8B30; Sat, 27 Aug 2011 15:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.024
X-Spam-Level: 
X-Spam-Status: No, score=-4.024 tagged_above=-999 required=5 tests=[AWL=-0.425, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivvrmkfhuHCO; Sat, 27 Aug 2011 15:32:26 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7CD21F8B2A; Sat, 27 Aug 2011 15:32:25 -0700 (PDT)
Received: by ewy19 with SMTP id 19so2092897ewy.31 for <multiple recipients>; Sat, 27 Aug 2011 15:33:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Z/c3X8/YdFwHJKla3leR50NxEQLoWK9T23Y06yMctOc=; b=vbovY2DhnYfvYC01bY+Lm+zsKHbj2o5fJRQsdEP0zETSESCVf7PVgtNIOPzuvDRQFy VVOyokIh2DgvCiU4Ov3NWhR6cSFOhtlLw1S9t7jpK3hFhJaU09l4UOGajDAFj4mKKJcF XDACP0hHsLg5kvXKCTuQYwOEbQ+5H2W/iPZTY=
MIME-Version: 1.0
Received: by 10.213.19.134 with SMTP id a6mr1579855ebb.138.1314484424973; Sat, 27 Aug 2011 15:33:44 -0700 (PDT)
Received: by 10.213.7.12 with HTTP; Sat, 27 Aug 2011 15:33:44 -0700 (PDT)
Date: Sat, 27 Aug 2011 15:33:44 -0700
Message-ID: <CAFOuuo7S6BazDO=vUv2yJX08xByS0raPz60W_3WxOh0xoidB9Q@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: secdir@ietf.org, iesg@ietf.org,  draft-ietf-pwe3-mpls-tp-gal-in-pw.all@ietf.org
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] Secdir review of draft-ietf-pwe3-mpls-tp-gal-in-pw-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2011 22:32:26 -0000

This I-D has =96 as stated correctly in its security considerations
section =96 no security implications. It is essentially a one line
errata to RFC5586. RFC5586 states that  a GAL (Generic Associated
Channel Label) MUST NOT be used with PWs (Pseudo-Wires). This I-D
changes the MUST NOT to a MAY. Any security considerations in using
this mechanism would be described in the specification of the
associated channel type, and there are no special considerations that
would apply in the case of Pseudo-Wires.

Radia

From glenzorn@gmail.com  Sun Aug 28 05:37:25 2011
Return-Path: <glenzorn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E42921F883A; Sun, 28 Aug 2011 05:37:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.549
X-Spam-Level: 
X-Spam-Status: No, score=-3.549 tagged_above=-999 required=5 tests=[AWL=0.050,  BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PC7Xa2C2cacu; Sun, 28 Aug 2011 05:37:24 -0700 (PDT)
Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com [209.85.210.45]) by ietfa.amsl.com (Postfix) with ESMTP id C3CA021F8770; Sun, 28 Aug 2011 05:37:24 -0700 (PDT)
Received: by pzk33 with SMTP id 33so16178040pzk.18 for <multiple recipients>; Sun, 28 Aug 2011 05:38:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=RxZ+3PUPsbtc5KAqEiT4x7aDyj0v1iLsGUgbkCmMCKo=; b=ShUHesxsIQSseh4ZONXLFwajgJDfY2FpdXTKsXsOcVVQpfCBxZRuCVutmddqsRkoEn RE9KqImPgtEEu6DO6ulE82x84pcRI6aklegRbvf4jnm+5UVh+tYKpGUzHoXYW4pGds4a VQP7T+GQ2mPIvxv3b+FAD727lMO/8jJzMCsCQ=
Received: by 10.142.188.10 with SMTP id l10mr1876723wff.9.1314535124177; Sun, 28 Aug 2011 05:38:44 -0700 (PDT)
Received: from [192.168.1.98] (ppp-124-121-211-19.revip2.asianet.co.th. [124.121.211.19]) by mx.google.com with ESMTPS id m1sm12958591pbf.3.2011.08.28.05.38.38 (version=SSLv3 cipher=OTHER); Sun, 28 Aug 2011 05:38:42 -0700 (PDT)
Message-ID: <4E5A36CC.6070506@gmail.com>
Date: Sun, 28 Aug 2011 19:38:36 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: hongyu.lihongyu@huawei.com, daniel@olddog.co.uk, robin@huawei.com,  The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, pwe3-chairs@ietf.org,  adrian@olddog.co.uk
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [secdir] secdir review of draft-li-pwe3-ms-pw-pon-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2011 12:37:25 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

I have virtually no knowledge of MPLS and no desire to acquire any.  I
do know a little bit about PON, probably enough to be dangerous.  For
these reasons I will not comment upon the technical aspects of the
document, instead limiting my comments to editorial issues and the
Security Considerations section.  I do have one general question,
though: just out of curiosity, why is this not a pwe3 WG document?


EDITORIAL

Abstract

The acronym "MPLS" should be expanded on first use

s/an MPLS Packet Switched Network/a MPLS Packet Switched Network/

It is sometimes lamented that the people writing the IETF standards are
most often not the people implementing said standards.  I think that
this may actually be a blessing in disguise, however: if the people
writing the standards really don't know the difference between a pointer
to an object (e.g, "[RFC3985]") and the object itself (RFC 3985), I
don't want them writing code!


Section 7.1

The references to  G.987 and G.987.3 are formatted differently from
those for the other ITU-T documents.

The references for RFC 3031, RFC 4447 and RFC 5036 are formatted
incorrectly (leading '"' and trailing '".' characters).


SECURITY CONSIDERATIONS

This section seems woefully inadequate to me.  It is a single paragraph,
reproduced in full (with interspersed commentary) below.

   G-PON/XG-PON has its own security mechanism to guarantee each ONU is
   isolated on the G-PON/XG-PON link layer.

Where is the G-PON security mechanism defined?  Presumably in one of the
6 ITU-T standards referenced, but which one?

   Other security issues are
   unchanged from those applying as standard to PWs and MS-PWs.  Please
   refer to the referenced architectures and protocol specifications for
   further details.

One of the referenced architectures, specified in RFC 3895, says

   It is outside the scope of this
   specification to fully analyze and review the risks of PWE3,
   particularly as these risks will depend on the PSN.  An example
   should make the concern clear.  A number of IETF standards employ
   relatively weak security mechanisms when communicating nodes are
   expected to be connected to the same local area network.  The Virtual
   Router Redundancy Protocol [RFC3768] is one instance.  The relatively
   weak security mechanisms represent a greater vulnerability in an
   emulated Ethernet connected via a PW.

This seems to me to specifically assign risk analysis and review of
novel pseudowires (which this would seem to be) to the designers of
such, but this draft does not show any evidence of that analysis.



From hilarie@purplestreak.com  Sun Aug 28 23:47:33 2011
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3276921F85C4; Sun, 28 Aug 2011 23:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtyxRzw31zjw; Sun, 28 Aug 2011 23:47:32 -0700 (PDT)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by ietfa.amsl.com (Postfix) with ESMTP id 70CEB21F85B9; Sun, 28 Aug 2011 23:47:32 -0700 (PDT)
Received: from mx03.mta.xmission.com ([166.70.13.213]) by out02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1QxveQ-0008TB-Uw; Mon, 29 Aug 2011 00:48:54 -0600
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=sylvester.rhmr.com) by mx03.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1QxveQ-0001pQ-1x; Mon, 29 Aug 2011 00:48:54 -0600
Received: from sylvester.rhmr.com (localhost [127.0.0.1]) by sylvester.rhmr.com (8.14.4/8.14.3/Debian-9.1ubuntu1) with ESMTP id p7T6mAXR005857; Mon, 29 Aug 2011 00:48:10 -0600
Received: (from hilarie@localhost) by sylvester.rhmr.com (8.14.4/8.14.4/Submit) id p7T6mAkG005855; Mon, 29 Aug 2011 00:48:10 -0600
Date: Mon, 29 Aug 2011 00:48:10 -0600
Message-Id: <201108290648.p7T6mAkG005855@sylvester.rhmr.com>
From: "Hilarie Orman" <hilarie@purplestreak.com>
To: secdir@ietf.org, iesg@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx03.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=purplestreak.com; ; ; sender=hilarie@purplestreak.com; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;secdir@ietf.org, iesg@ietf.org
X-Spam-Relay-Country: 
X-SA-Exim-Version: 4.2.1 (built Fri, 06 Aug 2010 16:31:04 -0600)
X-SA-Exim-Scanned: Yes (on mx03.mta.xmission.com)
Cc: gareth.richards@rsa.com
Subject: [secdir] Review of OTP Pre-authentication, draft-ietf-krb-wg-otp-preauth-18
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2011 06:47:33 -0000

Security review of OTP Pre-authentication, draft-ietf-krb-wg-otp-preauth-18

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

The document defines how to use "one-time passwords" with Kerberos
pre-authentication, over a secure tunnel between the client and the
key distribution center (the KDC).  A secure tunnel mechanism called
"FAST", the subject a Crypto eprint paper and another Kerberos RFC,
defines the use of cryptography.  The OTP system uses its FAST key as
part of generating its own one-time keys, and this combination is
meant to protect against man-in-the-middle attacks.

Although this document seems is in almost all respects well-written,
it is difficult to review because of nesting depths of RFCs on which
it relies, and because of the "ifs".  The narrative description of the
protocol has so many "ifs" that it is difficult to keep track of
them.  There are approximately 100 conditionals.

Diagrams might be helpful.

The protocol security relies directly on the ability to decrypt a
nonce.  A nonce sent by the challenging part must be encrypted by the
responder using a one-time key that both parties can computer from
their shared state.  The challenger decrypts and compares to the
nonce.  This is something that Needham's "prudent principles" warns
against, and in this case I cannot discount the advice.  This is
because the document does not supply exact definitions of cipher
functions.  Instead, it relies on generic elements of the cipher
suite.

The key derivation function ultimately depends on the "random-to-key"
function of the cipher suite, but even finding this information
involves looking at other RFCs and doing Google searches.  So, it is
difficult to review the security in general, and I cannot dissuade
myself from thinking, even after reading the well-done security
considerations section, that the authentication method might have
flaws.  The devil is in the details and the details are generic.

In "2.3. PIN Change", we read "Most OTP tokens involve the use of a
PIN in the generation of the OTP value."  Is there a reference for a
common OTP system that uses PINs?

An editorial comment about the security consideration re "remaining
entropy" ... this is really an issue about secrecy, not information
theory, and I would call it "secret information".

Reference to "Cryptology ePrint Archive" should include a URL for
the archive, which is a service of the IACR (www.iacr.org).

Hilarie

From ondrej.sury@nic.cz  Mon Aug 29 00:29:20 2011
Return-Path: <ondrej.sury@nic.cz>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E910F21F8829; Mon, 29 Aug 2011 00:29:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.25
X-Spam-Level: 
X-Spam-Status: No, score=-1.25 tagged_above=-999 required=5 tests=[AWL=0.449,  BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0fAmWcfMwyhj; Mon, 29 Aug 2011 00:29:19 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by ietfa.amsl.com (Postfix) with ESMTP id 2061821F8834; Mon, 29 Aug 2011 00:29:18 -0700 (PDT)
Received: from kimac.office.nic.cz (fw.nic.cz [217.31.207.1]) by mail.nic.cz (Postfix) with ESMTPSA id 46A9A2A2CD6; Mon, 29 Aug 2011 09:30:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.cz; s=default; t=1314603038; bh=8EvNORJy0PNIB3x3ss+tOJBGeEPt4OlbNBG0CjdBI0c=; h=From:Content-Type:Content-Transfer-Encoding:Subject:Date: Message-Id:To:Mime-Version; b=l57vV2qa1LSOgYGusDu/jykk5Lg2bUlegZlkOjRsMJfAwRxr/9RB1S42HbVFeqf+v opNWEHFiquNVj0n2+Ztd1k3sNGBf5Rj5yALH1o4/zb2sRoBnQkNYaMKOgWInRBN42H R++AyuPauV5PnzHt1BfdJKvTv/WdxR396cNgyj6I=
From: =?utf-8?Q?Ond=C5=99ej_Sur=C3=BD?= <ondrej.sury@nic.cz>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Mon, 29 Aug 2011 09:30:37 +0200
Message-Id: <4A95EF20-2477-4569-94CC-871F70BA0527@nic.cz>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-intarea-ipv6-required.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1244.3)
X-Mailer: Apple Mail (2.1244.3)
X-Virus-Scanned: clamav-milter 0.96.5 at mail
X-Virus-Status: Clean
Subject: [secdir] secdir review of draft-ietf-intarea-ipv6-required-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2011 07:29:20 -0000

I have reviewed draft-ietf-intarea-ipv6-required-01 as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors=20
and WG chairs should treat these comments just like any other last=20
call comments.

I agree with the security considerations of this document, which says
"there are no direct security considerations, but existing documented
security considerations for implementing IPv6 will apply".

I also wholeheartedly agree with the contents of the document (IP is
IPv4+IPv6 and not only IPv4), but from my IANAL-view I have a little
concern about enforceability of the document and the impact on
implementors and vendors.  Nevertheless the document is correct from
the technical viewpoint and we needed this document decade ago.

O.
--
 Ond=C5=99ej Sur=C3=BD
 vedouc=C3=AD v=C3=BDzkumu/Head of R&D department
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    Laborato=C5=99e CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.sury@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------


From stbryant@cisco.com  Mon Aug 29 11:55:46 2011
Return-Path: <stbryant@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408FF21F8C5E; Mon, 29 Aug 2011 11:55:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.541
X-Spam-Level: 
X-Spam-Status: No, score=-110.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fue8RLzb+cPu; Mon, 29 Aug 2011 11:55:45 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 6E18B21F8C47; Mon, 29 Aug 2011 11:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=stbryant@cisco.com; l=3673; q=dns/txt; s=iport; t=1314644230; x=1315853830; h=message-id:date:from:reply-to:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=XCIPRclwNrp4TNCje/5s+QeZo5wctFRq4sdHUJTuJ4U=; b=jQA3enzwrZmKNC+lyFoKJUmNxCLc2mJhnqOw61kIst1YECUuO6IZQyVn eD4pqawGZXNvcXD2RRAtJqdicujE1WxsKf+n38xAgpV/n92ugyMVKHx0R VCfM4z1s0YgrObOGCh6upLC2LBTHv67J5PRZXcrr6JbBxhUa2uzZJRWao Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAHrgW06Q/khM/2dsb2JhbABCp3N3gUABAQEBAxIBAgEiQAEQCxgJFg8JAwIBAgFFBg0BBwEBHodUmn8BgyUPAZtUhkwEkx+RBQ
X-IronPort-AV: E=Sophos;i="4.68,297,1312156800"; d="scan'208";a="113030044"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by ams-iport-1.cisco.com with ESMTP; 29 Aug 2011 18:57:07 +0000
Received: from cisco.com (mrwint.cisco.com [64.103.70.36]) by ams-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p7TIv7Jw018651; Mon, 29 Aug 2011 18:57:07 GMT
Received: from stbryant-mac2.local (localhost [127.0.0.1]) by cisco.com (8.14.4+Sun/8.8.8) with ESMTP id p7TIv2G8019877; Mon, 29 Aug 2011 19:57:02 +0100 (BST)
Message-ID: <4E5BE0FD.2070704@cisco.com>
Date: Mon, 29 Aug 2011 19:57:01 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: Glen Zorn <glenzorn@gmail.com>
References: <4E5A36CC.6070506@gmail.com>
In-Reply-To: <4E5A36CC.6070506@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: daniel@olddog.co.uk, "secdir@ietf.org" <secdir@ietf.org>, pwe3-chairs@ietf.org, The IESG <iesg@ietf.org>, adrian@olddog.co.uk, hongyu.lihongyu@huawei.com, robin@huawei.com
Subject: Re: [secdir] secdir review of draft-li-pwe3-ms-pw-pon-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2011 18:55:46 -0000

Hi Glen,

"just out of curiosity, why is this not a pwe3 WG document?"

The PWE3 WG considered that a PW running over a layer that
the IETF was not responsible for was out of their scope.
IETF is responsible for IP and MPLS, but not PON.

However the document was reviewed by the PWE3 WG, and
they are fine with the document being sponsored by their
AD.

- Stewart



On 28/08/2011 13:38, Glen Zorn wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> I have virtually no knowledge of MPLS and no desire to acquire any.  I
> do know a little bit about PON, probably enough to be dangerous.  For
> these reasons I will not comment upon the technical aspects of the
> document, instead limiting my comments to editorial issues and the
> Security Considerations section.  I do have one general question,
> though: just out of curiosity, why is this not a pwe3 WG document?
>
>
> EDITORIAL
>
> Abstract
>
> The acronym "MPLS" should be expanded on first use
>
> s/an MPLS Packet Switched Network/a MPLS Packet Switched Network/
>
> It is sometimes lamented that the people writing the IETF standards are
> most often not the people implementing said standards.  I think that
> this may actually be a blessing in disguise, however: if the people
> writing the standards really don't know the difference between a pointer
> to an object (e.g, "[RFC3985]") and the object itself (RFC 3985), I
> don't want them writing code!
>
>
> Section 7.1
>
> The references to  G.987 and G.987.3 are formatted differently from
> those for the other ITU-T documents.
>
> The references for RFC 3031, RFC 4447 and RFC 5036 are formatted
> incorrectly (leading '"' and trailing '".' characters).
>
>
> SECURITY CONSIDERATIONS
>
> This section seems woefully inadequate to me.  It is a single paragraph,
> reproduced in full (with interspersed commentary) below.
>
>     G-PON/XG-PON has its own security mechanism to guarantee each ONU is
>     isolated on the G-PON/XG-PON link layer.
>
> Where is the G-PON security mechanism defined?  Presumably in one of the
> 6 ITU-T standards referenced, but which one?
>
>     Other security issues are
>     unchanged from those applying as standard to PWs and MS-PWs.  Please
>     refer to the referenced architectures and protocol specifications for
>     further details.
>
> One of the referenced architectures, specified in RFC 3895, says
>
>     It is outside the scope of this
>     specification to fully analyze and review the risks of PWE3,
>     particularly as these risks will depend on the PSN.  An example
>     should make the concern clear.  A number of IETF standards employ
>     relatively weak security mechanisms when communicating nodes are
>     expected to be connected to the same local area network.  The Virtual
>     Router Redundancy Protocol [RFC3768] is one instance.  The relatively
>     weak security mechanisms represent a greater vulnerability in an
>     emulated Ethernet connected via a PW.
>
> This seems to me to specifically assign risk analysis and review of
> novel pseudowires (which this would seem to be) to the designers of
> such, but this draft does not show any evidence of that analysis.
>
>
>


-- 
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html



From stephen.farrell@cs.tcd.ie  Tue Aug 30 04:51:22 2011
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B1F921F872A; Tue, 30 Aug 2011 04:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.171
X-Spam-Level: 
X-Spam-Status: No, score=-106.171 tagged_above=-999 required=5 tests=[AWL=0.428, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcyuKkkp9kyl; Tue, 30 Aug 2011 04:51:21 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 033E621F86E0; Tue, 30 Aug 2011 04:51:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id DBEB81535EF; Tue, 30 Aug 2011 12:52:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1314705160; bh=vmbMeFgmRdLsIs a3hoC5lG/+TpPTYTH4sMfE3PoNG7E=; b=rZW/Umr0ctQ+JrwC4nqcG1ViUlWClL R5gli9r3pd/IWlKqHgtfa8TFprAO6d5pjOeIRe1elEfqXEmcbzsGrgEVtQTbPZTs tdKne4kHaQgFm/Vg0UgPeFo1zvE4PFiedRDR09Gjdae2Caxr7yTy5nk+ovFKOm1z IwEUIrHoR/K+iA42VqP4q0Vx34v93lbYf2WU3iya7RXvZXTD7lxrqOZ04tUteJbq yuxovrb2jtVYLsjsLsk2j2psOAtx5+leBGOBFssGIJw1ZEy+/Bed5yEm+NUoGEMR zmsyiBg55cH/zDT9sV6R4mi5rVZWuRo9YvOClGQR3t5IUcX4w8KhlhBw==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id FAvB7m9TkyQ5; Tue, 30 Aug 2011 12:52:40 +0100 (IST)
Received: from [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c] (unknown [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id A74261535EE; Tue, 30 Aug 2011 12:52:31 +0100 (IST)
Message-ID: <4E5CCEF5.1020303@cs.tcd.ie>
Date: Tue, 30 Aug 2011 12:52:21 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: jouni korhonen <jouni.nospam@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com>
In-Reply-To: <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: secdir@ietf.org, draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org, iesg@ietf.org, Russ Mundy <mundy@sparta.com>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 11:51:22 -0000

Hi Jouni,

Just checking - do you intend to push out a new version with this
included before the telechat next week?

A few nits below as well.

Ta,
Stephen.

On 08/25/2011 11:50 AM, jouni korhonen wrote:
> Russ,
>
> Thanks for the review. You are echoing the same thing as the most in IESG. I crafted a bit of text that could be put into the security considerations section. I don't know if this would be enough.
>
> - JOuni
>
> ----
>
>
>     In 3GPP access the UE and the network always perform a mutual
>     authentication during the network attachment [TS.33102][TS.33401].
>     Furthermore, each time a PDP Context/PDN Connection gets created,
>     a new connection, a modification of an existing connection and
>     an assignment of an IPv6 prefix or an IP address can be authorized
>     against the PCC infrastructure [TS.23203] and/or PDN's AAA server.
>
>     The wireless part of the 3GPP link between the UE and the (e)NodeB
>     as well as the signaling messages between the UE and the MME/SGSN
>     can be protected depending on the regional regulation an operator
>     deployment policy. User plane traffic can be confidentially

s/confidentially/confidentiality/ would be better.

If you can add references as to how that can be achieved that
would also be good.

The same points apply for the control plane I guess.

>     protected. The control plane is always at least integrity and
>     replay protected, and may also be confidentially protected. The
>     protection within the transmission part of the network depends
>     on the operator deployment policy.
>
>     Due the nature of 3GPP point-to-point link model, the UE and the
>     first hop router (PGW/GGSN or SGW) are the only nodes on the link,
>     which mitigates most of the known on-link attacks. For off-link IPv6
>     attacks the 3GPP EPS is as vulnerable as any IPv6 system. There has

s/has/have/

>     also been concerns that UE IP stack might use permanent subscriber

s/UE IP stack/the UE IP stack/

>     identities, such as IMSI and MSISDN, as the source for IPv6 address
>     Interface Identifier. This would be a privacy threat and allow
>     tracking of subscribers, and therefore use of IMSI and MSISDN as the
>     Interface Identifier is prohibited. However, there is no standardized
>     method to block such misbehaving UEs.

Prohibited by whom? Maybe add a reference?

>
>
>
>
>     [TS.33102]
>                3GPP, "3G Security;  Security architecture",
>                3GPP TS 33.102 10.0.0, December 2010.
>
>
>     [TS.33401]
>                3GPP, "3GPP System Architecture Evolution (SAE);
>                Security architecture", 3GPP TS 33.401 10.1.1,
>                June 2011.
>
> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote:
>
>>
>> I have reviewed this document as part of the security directorate's ongoing
>> effort to review all IETF documents being processed by the IESG.  These
>> comments were written primarily for the benefit of the security area
>> directors. Document editors and WG chairs should treat these comments just
>> like any other last call comments.
>>
>> While I do agree with the factual correctness of the Security Considerations
>> section (the document does not _introduce_ any security related concerns),
>> the support for IPv6 in 3GPP networks described in document certainly does
>> have a number of security concerns.  Some obvious examples, use of DHCP
>> based address management and access control/authorization of the PDN
>> Connection (shown in Figure 8).  Although these and other security issues
>> are likely addressed in various other documents, it would be useful to make
>> a definitive statement to that effect in the Security Considerations
>> section.  It would be even more useful if some more specific references were
>> to be included in parts of the document that clearly deal with security
>> issues such as address management and access control and authorization.
>>
>>
>>         Russ Mundy
>>
>>
>>
>>
>>
>>
>
>

From jouni.nospam@gmail.com  Tue Aug 30 06:06:29 2011
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630F221F8AF2; Tue, 30 Aug 2011 06:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbBNcSIrHqHt; Tue, 30 Aug 2011 06:06:28 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1063321F8AD6; Tue, 30 Aug 2011 06:06:27 -0700 (PDT)
Received: by bkar4 with SMTP id r4so6073469bka.31 for <multiple recipients>; Tue, 30 Aug 2011 06:07:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=dwyPfAuiu1BUjhAln176uONmDz1jxgf87tMhTErYwUM=; b=qaBTG2e0prxTzcJ7+wIRxRkoz0LTrpVkpBvBhE4ejyVuqFTBWz4wDHGPNsC8MKR6pu b20nzycMIH0SLdJWeEWCGy5nxCbvZW7/MebOcUwxRSkhhUWzG0z4z4QBiVfFS8kryC5c GhsSiKB/mSQ9mj1yclIDrYGKTFij5CGifTh7s=
Received: by 10.204.128.67 with SMTP id j3mr84387bks.71.1314709674344; Tue, 30 Aug 2011 06:07:54 -0700 (PDT)
Received: from a88-112-142-200.elisa-laajakaista.fi (a88-112-142-200.elisa-laajakaista.fi [88.112.142.200]) by mx.google.com with ESMTPS id n11sm18385bkd.14.2011.08.30.06.07.51 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 30 Aug 2011 06:07:52 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <4E5CCEF5.1020303@cs.tcd.ie>
Date: Tue, 30 Aug 2011 16:07:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1084)
Cc: secdir@ietf.org, draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org, iesg@ietf.org, Russ Mundy <mundy@sparta.com>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 13:06:29 -0000

Stephen,

Thanks for picking up the nits. And yes, I would push out a new version =
with the additional security consideration text below, *if* folks think =
it is worth having it there.

And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity") as =
the IID, the reference would be Section 5.3.1.2.2 of [TS.23401].

- Jouni


On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote:

>=20
> Hi Jouni,
>=20
> Just checking - do you intend to push out a new version with this
> included before the telechat next week?
>=20
> A few nits below as well.
>=20
> Ta,
> Stephen.
>=20
> On 08/25/2011 11:50 AM, jouni korhonen wrote:
>> Russ,
>>=20
>> Thanks for the review. You are echoing the same thing as the most in =
IESG. I crafted a bit of text that could be put into the security =
considerations section. I don't know if this would be enough.
>>=20
>> - JOuni
>>=20
>> ----
>>=20
>>=20
>>    In 3GPP access the UE and the network always perform a mutual
>>    authentication during the network attachment [TS.33102][TS.33401].
>>    Furthermore, each time a PDP Context/PDN Connection gets created,
>>    a new connection, a modification of an existing connection and
>>    an assignment of an IPv6 prefix or an IP address can be authorized
>>    against the PCC infrastructure [TS.23203] and/or PDN's AAA server.
>>=20
>>    The wireless part of the 3GPP link between the UE and the (e)NodeB
>>    as well as the signaling messages between the UE and the MME/SGSN
>>    can be protected depending on the regional regulation an operator
>>    deployment policy. User plane traffic can be confidentially
>=20
> s/confidentially/confidentiality/ would be better.
>=20
> If you can add references as to how that can be achieved that
> would also be good.
>=20
> The same points apply for the control plane I guess.
>=20
>>    protected. The control plane is always at least integrity and
>>    replay protected, and may also be confidentially protected. The
>>    protection within the transmission part of the network depends
>>    on the operator deployment policy.
>>=20
>>    Due the nature of 3GPP point-to-point link model, the UE and the
>>    first hop router (PGW/GGSN or SGW) are the only nodes on the link,
>>    which mitigates most of the known on-link attacks. For off-link =
IPv6
>>    attacks the 3GPP EPS is as vulnerable as any IPv6 system. There =
has
>=20
> s/has/have/
>=20
>>    also been concerns that UE IP stack might use permanent subscriber
>=20
> s/UE IP stack/the UE IP stack/
>=20
>>    identities, such as IMSI and MSISDN, as the source for IPv6 =
address
>>    Interface Identifier. This would be a privacy threat and allow
>>    tracking of subscribers, and therefore use of IMSI and MSISDN as =
the
>>    Interface Identifier is prohibited. However, there is no =
standardized
>>    method to block such misbehaving UEs.
>=20
> Prohibited by whom? Maybe add a reference?
>=20
>>=20
>>=20
>>=20
>>=20
>>    [TS.33102]
>>               3GPP, "3G Security;  Security architecture",
>>               3GPP TS 33.102 10.0.0, December 2010.
>>=20
>>=20
>>    [TS.33401]
>>               3GPP, "3GPP System Architecture Evolution (SAE);
>>               Security architecture", 3GPP TS 33.401 10.1.1,
>>               June 2011.
>>=20
>> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote:
>>=20
>>>=20
>>> I have reviewed this document as part of the security directorate's =
ongoing
>>> effort to review all IETF documents being processed by the IESG.  =
These
>>> comments were written primarily for the benefit of the security area
>>> directors. Document editors and WG chairs should treat these =
comments just
>>> like any other last call comments.
>>>=20
>>> While I do agree with the factual correctness of the Security =
Considerations
>>> section (the document does not _introduce_ any security related =
concerns),
>>> the support for IPv6 in 3GPP networks described in document =
certainly does
>>> have a number of security concerns.  Some obvious examples, use of =
DHCP
>>> based address management and access control/authorization of the PDN
>>> Connection (shown in Figure 8).  Although these and other security =
issues
>>> are likely addressed in various other documents, it would be useful =
to make
>>> a definitive statement to that effect in the Security Considerations
>>> section.  It would be even more useful if some more specific =
references were
>>> to be included in parts of the document that clearly deal with =
security
>>> issues such as address management and access control and =
authorization.
>>>=20
>>>=20
>>>        Russ Mundy
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>=20
>>=20


From glenzorn@gmail.com  Tue Aug 30 06:11:48 2011
Return-Path: <glenzorn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB38821F8B23; Tue, 30 Aug 2011 06:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGT872MlGu2A; Tue, 30 Aug 2011 06:11:48 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id C3D2021F8B21; Tue, 30 Aug 2011 06:11:47 -0700 (PDT)
Received: by qyk34 with SMTP id 34so2211894qyk.10 for <multiple recipients>; Tue, 30 Aug 2011 06:13:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=EOV8LFi/nfjR+xjWdwhXUc/YaQOPvM9wFXH42dW4rU0=; b=IouGYuXw4V8x/QpouHORmYDiw5AnvSui03F6n/k7uvYGDersmG09ENVF2cMNKWdZW9 SA6VE6QrAIsf3WC/YyGPHkqt+8Fmgio63s0emT1PeXrj2MYCZ6mIME1Jy0bu+YW35TIe bPcXD+v/1O9AXWd5xWW3HVhV3sEnS9+QOb5/k=
Received: by 10.224.184.3 with SMTP id ci3mr2608929qab.185.1314709994563; Tue, 30 Aug 2011 06:13:14 -0700 (PDT)
Received: from [192.168.1.98] (ppp-124-120-231-171.revip2.asianet.co.th. [124.120.231.171]) by mx.google.com with ESMTPS id gj8sm9952113qab.3.2011.08.30.06.13.06 (version=SSLv3 cipher=OTHER); Tue, 30 Aug 2011 06:13:13 -0700 (PDT)
Message-ID: <4E5CE1DD.90607@gmail.com>
Date: Tue, 30 Aug 2011 20:13:01 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: stbryant@cisco.com
References: <4E5A36CC.6070506@gmail.com> <4E5BE0FD.2070704@cisco.com>
In-Reply-To: <4E5BE0FD.2070704@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: daniel@olddog.co.uk, "secdir@ietf.org" <secdir@ietf.org>, pwe3-chairs@ietf.org, The IESG <iesg@ietf.org>, adrian@olddog.co.uk, hongyu.lihongyu@huawei.com, robin@huawei.com
Subject: Re: [secdir] secdir review of draft-li-pwe3-ms-pw-pon-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 13:11:48 -0000

On 8/30/2011 1:57 AM, Stewart Bryant wrote:
> Hi Glen,
> 
> "just out of curiosity, why is this not a pwe3 WG document?"
> 
> The PWE3 WG considered that a PW running over a layer that
> the IETF was not responsible for was out of their scope.

Thanks for satisfying my curiosity!

...

From stephen.farrell@cs.tcd.ie  Tue Aug 30 06:21:31 2011
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30CC21F8744; Tue, 30 Aug 2011 06:21:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.21
X-Spam-Level: 
X-Spam-Status: No, score=-106.21 tagged_above=-999 required=5 tests=[AWL=0.389, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H5zuG+YmmJzk; Tue, 30 Aug 2011 06:21:30 -0700 (PDT)
Received: from scss.tcd.ie (hermes.cs.tcd.ie [134.226.32.56]) by ietfa.amsl.com (Postfix) with ESMTP id 9209221F85F2; Tue, 30 Aug 2011 06:21:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 83F401535EF; Tue, 30 Aug 2011 14:22:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1314710560; bh=Bv+LjS8bHuvJD0 AqMpeCLEDUd8HQPrD0AGuxofPZy7s=; b=qznmaq4SGftwicztzyR3ENPgSuWdmH 0DrYHrpTw3H/xUUgznQGWQK16FtxLowW7juJERy1GO1vxv3UHWPoFU0aCjB/m39c mParS5NarmZfhpEe0FfYU1Xnk9DWNcklfAsYMi+u3YV2d/hWomkt+J0E0Q58gC3D P+F8JNxlBA1fkZ/ZFpzGam99YdOW/kNu3D9s5bYZ27Oknapdq4dU28p79Y0qWNBm uA/k29Tu0TXS+hYXvPQxHRP8bnZkBeoiXRBd4Oh0Au7Hbvp4lODHzvCxQEO1237Z 4HmhyEbllsPBwyPzqXHQvmvTcnxZvr2UZWlhEVu/nNHfOGZsUCiFhFOA==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id M4NPADeqIUVF; Tue, 30 Aug 2011 14:22:40 +0100 (IST)
Received: from [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c] (unknown [IPv6:2001:770:10:203:a288:b4ff:fe9c:bc5c]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id 961A81535EE; Tue, 30 Aug 2011 14:22:35 +0100 (IST)
Message-ID: <4E5CE411.7070708@cs.tcd.ie>
Date: Tue, 30 Aug 2011 14:22:25 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: jouni korhonen <jouni.nospam@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie> <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com>
In-Reply-To: <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Russ Mundy <mundy@sparta.com>, draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 13:21:31 -0000

I think its worth including. Why don't you talk to Ron and
see if he'd prefer you to push out a version now or not and
we can go from there.

Cheers,
S.

On 08/30/2011 02:07 PM, jouni korhonen wrote:
>
> Stephen,
>
> Thanks for picking up the nits. And yes, I would push out a new version with the additional security consideration text below, *if* folks think it is worth having it there.
>
> And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity") as the IID, the reference would be Section 5.3.1.2.2 of [TS.23401].
>
> - Jouni
>
>
> On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote:
>
>>
>> Hi Jouni,
>>
>> Just checking - do you intend to push out a new version with this
>> included before the telechat next week?
>>
>> A few nits below as well.
>>
>> Ta,
>> Stephen.
>>
>> On 08/25/2011 11:50 AM, jouni korhonen wrote:
>>> Russ,
>>>
>>> Thanks for the review. You are echoing the same thing as the most in IESG. I crafted a bit of text that could be put into the security considerations section. I don't know if this would be enough.
>>>
>>> - JOuni
>>>
>>> ----
>>>
>>>
>>>     In 3GPP access the UE and the network always perform a mutual
>>>     authentication during the network attachment [TS.33102][TS.33401].
>>>     Furthermore, each time a PDP Context/PDN Connection gets created,
>>>     a new connection, a modification of an existing connection and
>>>     an assignment of an IPv6 prefix or an IP address can be authorized
>>>     against the PCC infrastructure [TS.23203] and/or PDN's AAA server.
>>>
>>>     The wireless part of the 3GPP link between the UE and the (e)NodeB
>>>     as well as the signaling messages between the UE and the MME/SGSN
>>>     can be protected depending on the regional regulation an operator
>>>     deployment policy. User plane traffic can be confidentially
>>
>> s/confidentially/confidentiality/ would be better.
>>
>> If you can add references as to how that can be achieved that
>> would also be good.
>>
>> The same points apply for the control plane I guess.
>>
>>>     protected. The control plane is always at least integrity and
>>>     replay protected, and may also be confidentially protected. The
>>>     protection within the transmission part of the network depends
>>>     on the operator deployment policy.
>>>
>>>     Due the nature of 3GPP point-to-point link model, the UE and the
>>>     first hop router (PGW/GGSN or SGW) are the only nodes on the link,
>>>     which mitigates most of the known on-link attacks. For off-link IPv6
>>>     attacks the 3GPP EPS is as vulnerable as any IPv6 system. There has
>>
>> s/has/have/
>>
>>>     also been concerns that UE IP stack might use permanent subscriber
>>
>> s/UE IP stack/the UE IP stack/
>>
>>>     identities, such as IMSI and MSISDN, as the source for IPv6 address
>>>     Interface Identifier. This would be a privacy threat and allow
>>>     tracking of subscribers, and therefore use of IMSI and MSISDN as the
>>>     Interface Identifier is prohibited. However, there is no standardized
>>>     method to block such misbehaving UEs.
>>
>> Prohibited by whom? Maybe add a reference?
>>
>>>
>>>
>>>
>>>
>>>     [TS.33102]
>>>                3GPP, "3G Security;  Security architecture",
>>>                3GPP TS 33.102 10.0.0, December 2010.
>>>
>>>
>>>     [TS.33401]
>>>                3GPP, "3GPP System Architecture Evolution (SAE);
>>>                Security architecture", 3GPP TS 33.401 10.1.1,
>>>                June 2011.
>>>
>>> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote:
>>>
>>>>
>>>> I have reviewed this document as part of the security directorate's ongoing
>>>> effort to review all IETF documents being processed by the IESG.  These
>>>> comments were written primarily for the benefit of the security area
>>>> directors. Document editors and WG chairs should treat these comments just
>>>> like any other last call comments.
>>>>
>>>> While I do agree with the factual correctness of the Security Considerations
>>>> section (the document does not _introduce_ any security related concerns),
>>>> the support for IPv6 in 3GPP networks described in document certainly does
>>>> have a number of security concerns.  Some obvious examples, use of DHCP
>>>> based address management and access control/authorization of the PDN
>>>> Connection (shown in Figure 8).  Although these and other security issues
>>>> are likely addressed in various other documents, it would be useful to make
>>>> a definitive statement to that effect in the Security Considerations
>>>> section.  It would be even more useful if some more specific references were
>>>> to be included in parts of the document that clearly deal with security
>>>> issues such as address management and access control and authorization.
>>>>
>>>>
>>>>         Russ Mundy
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>
>

From jouni.nospam@gmail.com  Wed Aug 31 00:38:52 2011
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C228621F8C58; Wed, 31 Aug 2011 00:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level: 
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTLDt6EvxP9C; Wed, 31 Aug 2011 00:38:52 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id BE72321F8C3E; Wed, 31 Aug 2011 00:38:50 -0700 (PDT)
Received: by mail-bw0-f44.google.com with SMTP id r4so647303bka.31 for <multiple recipients>; Wed, 31 Aug 2011 00:40:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=Io2bd84fOLusDfwLDOly3LSK6eYf0wdFOhpKziz3A1U=; b=XR1ufOa8oQKuFwUwvHl5bGHZG9RGVj2TpJMdbINikxH44mSwNix438Ybr44izlrmio uxgYJUDU1OUsJx+WoVZwRuj632rjPcSNjdX1CDfioupnHiSmcu+qeKY+AzUbc+nfYeNf LZAeoWyDTHQPpO+9+SdcF1O6EETB2wTe3abXY=
Received: by 10.204.147.219 with SMTP id m27mr64491bkv.112.1314776419968; Wed, 31 Aug 2011 00:40:19 -0700 (PDT)
Received: from wlan-032.research.netlab.hut.fi (wlan-032.research.netlab.hut.fi [195.148.126.33]) by mx.google.com with ESMTPS id z6sm243039bks.57.2011.08.31.00.40.17 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 31 Aug 2011 00:40:18 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <13205C286662DE4387D9AF3AC30EF456D48D92B2CD@EMBX01-WF.jnpr.net>
Date: Wed, 31 Aug 2011 10:40:11 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <65E295F7-0904-417C-B483-98413B451DE9@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie> <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com> <4E5CE411.7070708@cs.tcd.ie> <13205C286662DE4387D9AF3AC30EF456D48D92B2CD@EMBX01-WF.jnpr.net>
To: Ronald Bonica <rbonica@juniper.net>
X-Mailer: Apple Mail (2.1084)
Cc: "draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org" <draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org>, Russ Mundy <mundy@sparta.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 07:38:52 -0000

I have just uploaded -05 with updated security considerations section.

- Jouni


On Aug 30, 2011, at 4:43 PM, Ronald Bonica wrote:

> I think that it would be a good idea to spin a new version before the =
call next week.
>=20
>                                            Ron
>=20
>=20
>> -----Original Message-----
>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf =
Of
>> Stephen Farrell
>> Sent: Tuesday, August 30, 2011 9:22 AM
>> To: jouni korhonen
>> Cc: Russ Mundy; draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org;
>> iesg@ietf.org; secdir@ietf.org
>> Subject: Re: secdir Review of draft-ietf-v6ops-3gpp-eps
>>=20
>>=20
>> I think its worth including. Why don't you talk to Ron and
>> see if he'd prefer you to push out a version now or not and
>> we can go from there.
>>=20
>> Cheers,
>> S.
>>=20
>> On 08/30/2011 02:07 PM, jouni korhonen wrote:
>>>=20
>>> Stephen,
>>>=20
>>> Thanks for picking up the nits. And yes, I would push out a new
>> version with the additional security consideration text below, *if*
>> folks think it is worth having it there.
>>>=20
>>> And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity")
>> as the IID, the reference would be Section 5.3.1.2.2 of [TS.23401].
>>>=20
>>> - Jouni
>>>=20
>>>=20
>>> On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote:
>>>=20
>>>>=20
>>>> Hi Jouni,
>>>>=20
>>>> Just checking - do you intend to push out a new version with this
>>>> included before the telechat next week?
>>>>=20
>>>> A few nits below as well.
>>>>=20
>>>> Ta,
>>>> Stephen.
>>>>=20
>>>> On 08/25/2011 11:50 AM, jouni korhonen wrote:
>>>>> Russ,
>>>>>=20
>>>>> Thanks for the review. You are echoing the same thing as the most
>> in IESG. I crafted a bit of text that could be put into the security
>> considerations section. I don't know if this would be enough.
>>>>>=20
>>>>> - JOuni
>>>>>=20
>>>>> ----
>>>>>=20
>>>>>=20
>>>>>    In 3GPP access the UE and the network always perform a mutual
>>>>>    authentication during the network attachment
>> [TS.33102][TS.33401].
>>>>>    Furthermore, each time a PDP Context/PDN Connection gets
>> created,
>>>>>    a new connection, a modification of an existing connection and
>>>>>    an assignment of an IPv6 prefix or an IP address can be
>> authorized
>>>>>    against the PCC infrastructure [TS.23203] and/or PDN's AAA
>> server.
>>>>>=20
>>>>>    The wireless part of the 3GPP link between the UE and the
>> (e)NodeB
>>>>>    as well as the signaling messages between the UE and the
>> MME/SGSN
>>>>>    can be protected depending on the regional regulation an
>> operator
>>>>>    deployment policy. User plane traffic can be confidentially
>>>>=20
>>>> s/confidentially/confidentiality/ would be better.
>>>>=20
>>>> If you can add references as to how that can be achieved that
>>>> would also be good.
>>>>=20
>>>> The same points apply for the control plane I guess.
>>>>=20
>>>>>    protected. The control plane is always at least integrity and
>>>>>    replay protected, and may also be confidentially protected. The
>>>>>    protection within the transmission part of the network depends
>>>>>    on the operator deployment policy.
>>>>>=20
>>>>>    Due the nature of 3GPP point-to-point link model, the UE and
>> the
>>>>>    first hop router (PGW/GGSN or SGW) are the only nodes on the
>> link,
>>>>>    which mitigates most of the known on-link attacks. For off-link
>> IPv6
>>>>>    attacks the 3GPP EPS is as vulnerable as any IPv6 system. There
>> has
>>>>=20
>>>> s/has/have/
>>>>=20
>>>>>    also been concerns that UE IP stack might use permanent
>> subscriber
>>>>=20
>>>> s/UE IP stack/the UE IP stack/
>>>>=20
>>>>>    identities, such as IMSI and MSISDN, as the source for IPv6
>> address
>>>>>    Interface Identifier. This would be a privacy threat and allow
>>>>>    tracking of subscribers, and therefore use of IMSI and MSISDN
>> as the
>>>>>    Interface Identifier is prohibited. However, there is no
>> standardized
>>>>>    method to block such misbehaving UEs.
>>>>=20
>>>> Prohibited by whom? Maybe add a reference?
>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>    [TS.33102]
>>>>>               3GPP, "3G Security;  Security architecture",
>>>>>               3GPP TS 33.102 10.0.0, December 2010.
>>>>>=20
>>>>>=20
>>>>>    [TS.33401]
>>>>>               3GPP, "3GPP System Architecture Evolution (SAE);
>>>>>               Security architecture", 3GPP TS 33.401 10.1.1,
>>>>>               June 2011.
>>>>>=20
>>>>> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote:
>>>>>=20
>>>>>>=20
>>>>>> I have reviewed this document as part of the security
>> directorate's ongoing
>>>>>> effort to review all IETF documents being processed by the IESG.
>> These
>>>>>> comments were written primarily for the benefit of the security
>> area
>>>>>> directors. Document editors and WG chairs should treat these
>> comments just
>>>>>> like any other last call comments.
>>>>>>=20
>>>>>> While I do agree with the factual correctness of the Security
>> Considerations
>>>>>> section (the document does not _introduce_ any security related
>> concerns),
>>>>>> the support for IPv6 in 3GPP networks described in document
>> certainly does
>>>>>> have a number of security concerns.  Some obvious examples, use =
of
>> DHCP
>>>>>> based address management and access control/authorization of the
>> PDN
>>>>>> Connection (shown in Figure 8).  Although these and other =
security
>> issues
>>>>>> are likely addressed in various other documents, it would be
>> useful to make
>>>>>> a definitive statement to that effect in the Security
>> Considerations
>>>>>> section.  It would be even more useful if some more specific
>> references were
>>>>>> to be included in parts of the document that clearly deal with
>> security
>>>>>> issues such as address management and access control and
>> authorization.
>>>>>>=20
>>>>>>=20
>>>>>>        Russ Mundy
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>=20
>>>>>=20
>>>=20
>>>=20