From nobody Thu Feb 1 14:39:31 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C2112F28B; Thu, 1 Feb 2018 14:39:18 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Christian Huitema To: Cc: rtg-bfd@ietf.org, draft-ietf-bfd-yang.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.71.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151752475872.25625.14658191049524252377@ietfa.amsl.com> Date: Thu, 01 Feb 2018 14:39:18 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-bfd-yang-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 22:39:19 -0000 Reviewer: Christian Huitema Review result: Has Nits BFD, defined in RFC5880, is a protocol intended to detect faults in the bidirectional path between two forwarding engines, including interfaces, data link(s), and to the extent possible the forwarding engines themselves, with potentially very low latency. The Yang module defined in this draft enables management of this protocol, such as toggling parameters or receiving notifications. As stated in the security section, the module is "to be accessed via the NETCONF protocol [RFC6241]", and as such its security is pretty much tied to that of NETCONF. My only nit comes from reading section 6.8.16 of RFC 5880, about "Administrative Control". This points to an obvious issue when the administrator of a router disables BFD on a particular link, either by mistake or by malice. This will make future failures harder to notify, and can affect operation of the network. Nothing much can be done about that on the node itself, but I would expect that disabling BFD would raise some kind of alarm at the other end of the link. I did not understand how that alarm is described in the Yang module, but that may be because I am not all that familiar with Yang. From nobody Thu Feb 1 14:49:26 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D780126CC7; Thu, 1 Feb 2018 14:49:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfnzFIOtGCgT; Thu, 1 Feb 2018 14:49:18 -0800 (PST) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5289B12EAF6; Thu, 1 Feb 2018 14:49:10 -0800 (PST) Received: by mail-wm0-x230.google.com with SMTP id r71so9072921wmd.1; Thu, 01 Feb 2018 14:49:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=1r6GTDNDm2BDy8hRc1onJO6PJmDiRLhcbRoteF8cmYs=; b=bPXPfEwzsZuWMZS/36zVM0DPIc5bF4Xu5SlTfJJEiBJd0WoxWizYe3QffYJKnubDly v8/x5b8rTMgaYT0Z5J8JElv5DuRnoTwgW83jfPkmFBpOWsYfXuqub5C+TAund7E1vCrT 7KS6rxo8/iXaUMYmpJuDyXe2vg7vIWYotyM9l4oHdCWPikZ9jGjk856EFjyq+MrYODNZ V2dbzOeSBUsOvGyB7iRSbECHS1zSJPw8k0/X+eWEjCakdbMf1z/uqB/N5TUTjs3iE0wE rHQeNwijW0I8GvWeBCZkwbjEPiJJfU3YHesU8bygYM9/x5YcIdr1iFVrwV0b2OloV294 i4oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=1r6GTDNDm2BDy8hRc1onJO6PJmDiRLhcbRoteF8cmYs=; b=eUnmdN1CeKHth/Wm1xDWv90utHjYGwdA11WSr2IGHM5BnrqmqpnbhNN5/SRCx1k3bh sMR6gw58c8GDcGgPKQVM4/GwOWTvsifhMrWtOMHLgTideXGKR5UcyhbLReoIvGQuWYT4 C1f3eDs2W0V3hzne1999C+uumbplXV3J+Rt787GVkAcX+iZa1ng4ZVhlm6ualmUAejhu Cb36oCD9X9HUTXqOWW/Zd7u8VajYn648ty12NwCgf/IlD2BJKbhHrZUtVa6vzhqTjgGF b27gtXhGITh3DPfqobGLNzqi86j8ytnfwSxh7dkMcjepAy4M75yNAhxLOf33lFXBb5rS GY9Q== X-Gm-Message-State: AKwxytdCEnbBw30NnENmLDxoyRO8D63TRayIM+qFuYx7iRkTUgOcO+sa MQrBaRm71q1QiS6izHuHiXNswdg6mdk= X-Google-Smtp-Source: AH8x227dtJNnYwutzybb75DfRKY6FJR/mrvqQE4EMOe0FNojmiv4M7WOZYU1uDXtvO5sIdgdDqrfUw== X-Received: by 10.80.194.194 with SMTP id u2mr11656026edf.84.1517525348589; Thu, 01 Feb 2018 14:49:08 -0800 (PST) Received: from [192.168.2.110] (dsl-linz7-18-136.utaonline.at. [81.189.18.136]) by smtp.googlemail.com with ESMTPSA id f11sm575661edf.26.2018.02.01.14.49.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 01 Feb 2018 14:49:07 -0800 (PST) To: Shawn Emery , secdir@ietf.org, draft-ietf-mmusic-trickle-ice-sip.all@tools.ietf.org, mmusic@ietf.org References: From: Thomas Stach Message-ID: <5aba6339-a109-9602-3266-b69aef1d08a0@gmail.com> Date: Thu, 1 Feb 2018 23:49:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------1AF24D32A8E44FBFF09D06BA" Content-Language: en-US Archived-At: Subject: Re: [secdir] Review of draft-ietf-mmusic-trickle-ice-sip-12 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 22:49:20 -0000 This is a multi-part message in MIME format. --------------1AF24D32A8E44FBFF09D06BA Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Shawn, first of all apologies for the delay in responding to your review. Thanks for your effort. Responses inline On 2018-01-23 01:56, Shawn Emery wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This draft specifies how the Session Initiation Protocol (SIP) can use the > non-blocking version of the Interactive Connectivity Establishment > (ICE) protocol, > Trickle ICE, and defines a new registry for this usage. > > The security considerations section does exist and defers security > concerns to > draft-ietf-mmusic-ice-sip-sdp, RFC 6086, and draft-ietf-ice-trickle. > > 1. draft-ietf-mmusic-ice-sip-sdp > This will hopefully be available for a secdir review in the near > future, see general > comments concern below. > 2. RFC 6086 > 6086 prescribes S/MIME if the environment requires payloads to be > private and > also suggests a digest-challenge in order to provide integrity protection. > 3. draft-ietf-ice-trickle > defers to draft-ietf-ice-rfc5245bis.  ice-sip should reference the > 5245bis draft > directly. I won't duplicate Stephen's efforts in reviewing 5245bis. > > General comments: > > I'm concerned about the normative references to ietf-mmusic-ice-sip-sdp. > This draft should progress before or along with any dependents. As far as I can tell both draft will be progresses together in order to have the contents in-sync > > Editorial comments: > > Some of the abbreviations that are not expanded and are not listed as well > known by the RFC Editor: > > SDP > AOR > STUN > TURN > GRUU (needs to be expanded in Section 3.1) > > making it cumbersome to follow the specification. Sorry for that. I'll provide the necessary expansions. Thanks again for your review! Regards Thomas > > Shawn. > -- --------------1AF24D32A8E44FBFF09D06BA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Shawn,

first of all apologies for the delay in responding to your review.

Thanks for your effort.

Responses inline


On 2018-01-23 01:56, Shawn Emery wrote:
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies how the Session Initiation Protocol (SIP) can use the
non-blocking version of the Interactive Connectivity Establishment (ICE) protocol,
Trickle ICE, and defines a new registry for this usage.

The security considerations section does exist and defers security concerns to
draft-ietf-mmusic-ice-sip-sdp, RFC 6086, and draft-ietf-ice-trickle.

1. draft-ietf-mmusic-ice-sip-sdp
This will hopefully be available for a secdir review in the near future, see general
comments concern below.
2. RFC 6086
6086 prescribes S/MIME if the environment requires payloads to be private and
also suggests a digest-challenge in order to provide integrity protection.
3. draft-ietf-ice-trickle
defers to draft-ietf-ice-rfc5245bis.  ice-sip should reference the 5245bis draft
directly.  I won't duplicate Stephen's efforts in reviewing 5245bis.

General comments:

I'm concerned about the normative references to ietf-mmusic-ice-sip-sdp.
This draft should progress before or along with any dependents.
As far as I can tell both draft will be progresses together in order to have the contents in-sync

Editorial comments:

Some of the abbreviations that are not expanded and are not listed as well
known by the RFC Editor:

SDP
AOR
STUN
TURN
GRUU (needs to be expanded in Section 3.1)

making it cumbersome to follow the specification.
Sorry for that. I'll provide the necessary expansions.

Thanks again for your review!
Regards
Thomas

Shawn.
--

--------------1AF24D32A8E44FBFF09D06BA-- From nobody Thu Feb 1 19:01:40 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9AC112EB14; Thu, 1 Feb 2018 19:01:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.531 X-Spam-Level: X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLlgia-NglUX; Thu, 1 Feb 2018 19:01:27 -0800 (PST) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B1241205D3; Thu, 1 Feb 2018 19:01:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2176; q=dns/txt; s=iport; t=1517540487; x=1518750087; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=PjdUJsdvrppO/MzFX/scYaIzh2h2A5syxBVwtowbPFI=; b=g6WtkVe1rCx7kgxyI+ZgFj06QM6xiv+jpYysmoEY/gEcvQkj+7u4pbAJ t1gLb9PpNzK9/Ifc4ho1hGlGDzTtoZYQlzFlJvJW2DZv8JM/s7/7bCVsM lVbihQDUDaih35d0dgYzyJe8zcyX/DpoSjuxfUpmEOQq9SPK4O2NNpfEp U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DfAADx03Na/4MNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNCgVsoCoNWiiSOLYFbl2+CFwqFOwIaghdUGAEBAQEBAQEBAms?= =?us-ascii?q?ohSQGIxFFEAIBCBoCJgICAjAVEAIEAQ0FijWuFoInimMBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEdgQ+DWoIVgVeCEQyCeYMvBIFvF4MAMYI0AQSkIwKVbJQxlz8CERk?= =?us-ascii?q?BgTsBHzmBUHAVZwGBf4JQBRyCBniKVYEXAQEB?= X-IronPort-AV: E=Sophos;i="5.46,445,1511827200"; d="scan'208";a="350742710" Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Feb 2018 03:01:26 +0000 Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id w1231QZc023796 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 2 Feb 2018 03:01:26 GMT Received: from xch-rcd-005.cisco.com (173.37.102.15) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 1 Feb 2018 21:01:25 -0600 Received: from xch-rcd-005.cisco.com ([173.37.102.15]) by XCH-RCD-005.cisco.com ([173.37.102.15]) with mapi id 15.00.1320.000; Thu, 1 Feb 2018 21:01:25 -0600 From: "Reshad Rahman (rrahman)" To: Christian Huitema , "secdir@ietf.org" CC: "rtg-bfd@ietf.org" , "draft-ietf-bfd-yang.all@ietf.org" , "ietf@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-bfd-yang-09 Thread-Index: AQHTm62AiPKYaoJtDUuDmicV6NCuCqOQ0XOA Date: Fri, 2 Feb 2018 03:01:25 +0000 Message-ID: References: <151752475872.25625.14658191049524252377@ietfa.amsl.com> In-Reply-To: <151752475872.25625.14658191049524252377@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.27.0.171010 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.86.240.20] Content-Type: text/plain; charset="utf-8" Content-ID: <7A0A92C08043014887BC38C356C8EE9C@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-bfd-yang-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 03:01:29 -0000 Q2hyaXN0aWFuLCB0aGFuayB5b3UgZm9yIHRoZSByZXZpZXcuDQoNClJlZ2FyZGluZyB0aGUgY29u Y2VybiBleHByZXNzZWQgYmVsb3csIHRoZSBhbGFybSBpcyBpc3N1ZWQgYXQgdGhlIG90aGVyIGVu ZCB2aWEgdGhlIE5vdGlmaWNhdGlvbnMgKHNlY3Rpb24gMi4zKS4NCg0KUmVnYXJkcywNClJlc2hh ZC4NCg0KDQpPbiAyMDE4LTAyLTAxLCA1OjM5IFBNLCAiQ2hyaXN0aWFuIEh1aXRlbWEiIDxodWl0 ZW1hQGh1aXRlbWEubmV0PiB3cm90ZToNCg0KICAgIFJldmlld2VyOiBDaHJpc3RpYW4gSHVpdGVt YQ0KICAgIFJldmlldyByZXN1bHQ6IEhhcyBOaXRzDQogICAgDQogICAgQkZELCBkZWZpbmVkIGlu IFJGQzU4ODAsIGlzIGEgcHJvdG9jb2wgaW50ZW5kZWQgdG8gZGV0ZWN0IGZhdWx0cyBpbiB0aGUN CiAgICBiaWRpcmVjdGlvbmFsIHBhdGggYmV0d2VlbiB0d28gZm9yd2FyZGluZyBlbmdpbmVzLCBp bmNsdWRpbmcgaW50ZXJmYWNlcywgZGF0YQ0KICAgIGxpbmsocyksIGFuZCB0byB0aGUgZXh0ZW50 IHBvc3NpYmxlIHRoZSBmb3J3YXJkaW5nIGVuZ2luZXMgdGhlbXNlbHZlcywgd2l0aA0KICAgIHBv dGVudGlhbGx5IHZlcnkgbG93IGxhdGVuY3kuIFRoZSBZYW5nIG1vZHVsZSBkZWZpbmVkIGluIHRo aXMgZHJhZnQgZW5hYmxlcw0KICAgIG1hbmFnZW1lbnQgb2YgdGhpcyBwcm90b2NvbCwgc3VjaCBh cyB0b2dnbGluZyBwYXJhbWV0ZXJzIG9yIHJlY2VpdmluZw0KICAgIG5vdGlmaWNhdGlvbnMuDQog ICAgDQogICAgQXMgc3RhdGVkIGluIHRoZSBzZWN1cml0eSBzZWN0aW9uLCB0aGUgbW9kdWxlIGlz ICJ0byBiZSBhY2Nlc3NlZCB2aWEgdGhlDQogICAgTkVUQ09ORiBwcm90b2NvbCBbUkZDNjI0MV0i LCBhbmQgYXMgc3VjaCBpdHMgc2VjdXJpdHkgaXMgcHJldHR5IG11Y2ggdGllZCB0bw0KICAgIHRo YXQgb2YgTkVUQ09ORi4NCiAgICANCiAgICBNeSBvbmx5IG5pdCBjb21lcyBmcm9tIHJlYWRpbmcg c2VjdGlvbiA2LjguMTYgb2YgUkZDIDU4ODAsIGFib3V0DQogICAgIkFkbWluaXN0cmF0aXZlIENv bnRyb2wiLiBUaGlzIHBvaW50cyB0byBhbiBvYnZpb3VzIGlzc3VlIHdoZW4gdGhlDQogICAgYWRt aW5pc3RyYXRvciBvZiBhIHJvdXRlciBkaXNhYmxlcyBCRkQgb24gYSBwYXJ0aWN1bGFyIGxpbmss IGVpdGhlciBieSBtaXN0YWtlDQogICAgb3IgYnkgbWFsaWNlLiBUaGlzIHdpbGwgbWFrZSBmdXR1 cmUgZmFpbHVyZXMgaGFyZGVyIHRvIG5vdGlmeSwgYW5kIGNhbiBhZmZlY3QNCiAgICBvcGVyYXRp b24gb2YgdGhlIG5ldHdvcmsuIE5vdGhpbmcgbXVjaCBjYW4gYmUgZG9uZSBhYm91dCB0aGF0IG9u IHRoZSBub2RlDQogICAgaXRzZWxmLCBidXQgSSB3b3VsZCBleHBlY3QgdGhhdCBkaXNhYmxpbmcg QkZEIHdvdWxkIHJhaXNlIHNvbWUga2luZCBvZiBhbGFybSBhdA0KICAgIHRoZSBvdGhlciBlbmQg b2YgdGhlIGxpbmsuIEkgZGlkIG5vdCB1bmRlcnN0YW5kIGhvdyB0aGF0IGFsYXJtIGlzIGRlc2Ny aWJlZCBpbg0KICAgIHRoZSBZYW5nIG1vZHVsZSwgYnV0IHRoYXQgbWF5IGJlIGJlY2F1c2UgSSBh bSBub3QgYWxsIHRoYXQgZmFtaWxpYXIgd2l0aCBZYW5nLg0KICAgIA0KICAgIA0KDQo= From nobody Fri Feb 2 08:18:57 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEBAE12D96D for ; Fri, 2 Feb 2018 08:18:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.32 X-Spam-Level: X-Spam-Status: No, score=-4.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaOnDKWU_jqX for ; Fri, 2 Feb 2018 08:18:49 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7685212D95B for ; Fri, 2 Feb 2018 08:18:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1517588327; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ABGCiz6H6gBAaCPrfDWhS4BFB1GHSfsg4+CtQn/voXw=; b=Qv6/VIdPRXFi1mvVlc5GpbZb8dJx4bIJworsxjNkVbyNzbkc09I2q3cEij1ia/Mf AP/WEkOOaS9cRf+0q2GqQGoRKS3iL/qUszSKLEx4ZaaooJzDqeu8B0fdaCv+d7jC YNN8ugTNVrgDjI4K+pgfSDosScOYM+bWvV/p9xDqi7M=; X-AuditID: c1b4fb30-399ff70000004778-d4-5a748f67906d Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.183.39]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 2B.5C.18296.76F847A5; Fri, 2 Feb 2018 17:18:47 +0100 (CET) Received: from ESESSMB109.ericsson.se ([169.254.9.195]) by ESESSHC007.ericsson.se ([153.88.183.39]) with mapi id 14.03.0352.000; Fri, 2 Feb 2018 17:18:47 +0100 From: Christer Holmberg To: "ice@ietf.org" , "draft-ietf-ice-rfc5245bis.all@ietf.org" , "ietf@ietf.org" , "ice@ietf.org" , "tsv-art@ietf.org" , "ops-dir@ietf.org" , "gen-art@ietf.org" , "secdir@ietf.org" Thread-Topic: Draft new version: rfc5245bis-17 Thread-Index: AQHTnEGAcUvoKBl4Z0eS6V6HGGyjQw== Date: Fri, 2 Feb 2018 16:18:46 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.7.7.170905 x-originating-ip: [153.88.183.146] Content-Type: multipart/alternative; boundary="_000_D69A5EC32A6C2christerholmbergericssoncom_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFIsWRmVeSWpSXmKPExsUyM2K7um56f0mUwe0rBhbHf/xht7j66jOL xbcLtRbPNs5nsehtWsJs8WHhQxaLWXsWsTiweyxZ8pMpgDGKyyYlNSezLLVI3y6BK2PCgfnM BTs5Ky7cvMDcwDiPo4uRk0NCwERiZtNhZhBbSOAwo8TyVuMuRi4gezGjRMfPM4xdjBwcbAIW Et3/tEHiIgLXmCQmLzzPAtIgLKAp8XXDF3YQW0RAT+LXwSOMMPbli//ZQHpZBFQkDnzhBQnz ClhLPJl1CKyVUUBM4vupNUwgNrOAuMStJ/OZIO4RkFiy5zwzhC0q8fLxP1YQWxRo5IYTt9kh 4koSPzZcYoHoTZBYcPI8I8R8QYmTM5+wTGAUmoVk7CwkZbOQlEHEdSQW7P7EBmFrSyxb+JoZ xj5z4DFUr7XE+Qn3mJDVLGDkWMUoWpxanJSbbmSkl1qUmVxcnJ+nl5dasokRGGMHt/w22MH4 8rnjIUYBDkYlHl7+npIoIdbEsuLK3EOMEhzMSiK823yBQrwpiZVVqUX58UWlOanFhxilOViU xHlPevJGCQmkJ5akZqemFqQWwWSZODilGhjnT5uw780DDrPe1ruqPA/0VP7FPG+4Ocu9Rr5z RmgDv+Pywk/r14d66j/0ubhCeEqGVGHkj+3bWmau1unaujugNm650/7H2Yr1bvfzbN8rX6/u L3pcULI4+VZl4yO+uCV/S+ZP/vx1/61I+8wkncQQ28Q+j8oT+bfDNT+kS0qfELlgc+n8CSUl luKMREMt5qLiRACNuKD3rQIAAA== Archived-At: Subject: [secdir] Draft new version: rfc5245bis-17 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 16:18:52 -0000 --_000_D69A5EC32A6C2christerholmbergericssoncom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Based on the gen-art, ops-dir, sec-dir and tsv-art directorate reviews, I h= ave submitted a new version (-17) of draft-ietf-ice-rfc5245bis. Thank You! Regards, Christer --_000_D69A5EC32A6C2christerholmbergericssoncom_ Content-Type: text/html; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable
Hi,

Based on the gen-art, ops-dir, sec-dir and tsv-art directorate reviews= , I have submitted a new version (-17) of draft-ietf-ice-rfc5245bis.

Thank You!

Regards,

Christer
--_000_D69A5EC32A6C2christerholmbergericssoncom_-- From nobody Fri Feb 2 10:16:35 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4046912DA22 for ; Fri, 2 Feb 2018 10:16:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5b33ROl8BU4 for ; Fri, 2 Feb 2018 10:16:30 -0800 (PST) Received: from omr-a018e.mx.aol.com (omr-a018e.mx.aol.com [204.29.186.64]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C00E11252BA for ; Fri, 2 Feb 2018 10:16:29 -0800 (PST) Received: from mtaout-aac01.mx.aol.com (mtaout-aac01.mx.aol.com [172.27.2.33]) by omr-a018e.mx.aol.com (Outbound Mail Relay) with ESMTP id B823A3800083; Fri, 2 Feb 2018 13:16:28 -0500 (EST) Received: from iMac-Study.fios-router.home (pool-108-49-30-217.bstnma.fios.verizon.net [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-aac01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 2D55C38000087; Fri, 2 Feb 2018 13:16:27 -0500 (EST) To: secdir@ietf.org, jorge.rabadan@nokia.com, senad.palislamovic@nokia.com, wim.henderickx@nokia.com, sajassi@cisco.com, uttaro@att.com, martin.vigoureux@nokia.com, stephane.litkowski@orange.com, aretana.ietf@gmail.com From: Stephen Kent Message-ID: Date: Fri, 2 Feb 2018 13:16:26 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------F104C7E00EA0F3C8114A308F" Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1b02215a74aafb31ed X-AOL-IP: 108.49.30.217 Archived-At: Subject: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 18:16:33 -0000 This is a multi-part message in MIME format. --------------F104C7E00EA0F3C8114A308F Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit SECDIR review of draft-ietf- bess-evpn-usage-07 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.These comments were written with the intent of improving security requirements and considerations in IETF drafts.Comments not addressed in last call may be included in AD reviews during the IESG review.Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the applicability of an Ethernet VPN (EVPN) enabled via BGP MPLS, in what the authors say is a “fairly common deployment scenario.” It intended status is INFORMATIONAL. The document complements RFC 7432, which already defines BGP MPLS-based EVPN technology. Section 2 (Terminology) The acronym PE (provider edge?) is used here, but not defined. Section 3 This section describes the common deployment scenario that is the focus of this document. The scenario involves three customer sites; one requires multi-homing to two provider access points, while the other two sites are single-homed. The goal is to make all three sites appear to be on the same Ethernet. Section 3.2 describes rationale (motivation) for using this technology (vs. VPLS) to satisfy the service and redundancy requirements. That’s not exactly an “applicability” discussion, but … Section 4 describes the provisioning model for the chosen deployment scenario. Section 5 describes what route update processing capabilities are needs by the provider equipment, in support of this deployment scenario. Section 6 is rather long; it describes the EVPN initialization procedures in detail for MAC-based forwarding. Section 7 provides a similar description for MPLS-based forwarding. Section 8 compares the two approaches and Section 9 discuss traffic flow optimization (to avoid flooding traffic to all sites when such flooding is not needed). Section 10 (Security Considerations) consists of only one sentence, which refers to the corresponding discussion in RFC 7432. Additional text should be provided here to explain why this document does not add any new security considerations. Presumably the rationale is that the provisioning model and initialization procedures described here are a subset of the more general discussion in 7432 and thus no new security concerns arise as a result of this more detailed information. I am not in a position to judge whether that potential rationale is true. I reviewed the Security Considerations section of RFC 7432. It contains about 1.5 pages of text. The first paragraph there cites security considerations text in RFCs 4761, 4762, and 4364 and the text there is generally well-written. However, there is a significant omission, one that should have been noted in the SECDIR review of that document. Specifically, 7432 cites NONE of the BGP security RFCs produced by the SIDR WG (e.g., RFCs 6480-93 et al), even though they preceded publication of that RFC. Since those documents represented the latest proposals for improving BGP security at the time, they ought to have been cited and a very brief discussion of their relevance to EVPN BGP MPLS deployments. I suggest that this document rectify this omission, i.e., cite several of the BGP secure origin authentication RFCs, and the recent BGPSec RFCs (8205-11), and note the relevance of those standards to EVPN BGP MPLS deployments. Comments on Grammar/Typos There are a several places in the text where sentences are un-grammatical. For example: “… irrespectively of the number of affected services… “ -> “…irrespective of the number of affected services …” “ … we can use ingress replication for on EVI100 …” -> “…we can use ingress replication for EVI100 and …” “In regards to service interfaces …” -> “With regard to service interfaces …” “…(and even suppress) the ARP-flooding.” -> “…(and even suppress) ARP-flooding.” “…certain parameters which are not service-specific…” -> “certain parameters that are not service-specific..” “In our use-case, besides the above parameters, the same LACP parameters will be configured in PE1 and PE2 for the ESI, so that CE2 can send different flows to PE1 and PE2 for the same CE-VID as though they were forming a single system from the CE2 perspective.” Sentence too long “E.g.: PE1 and PE2 CE-VID binding …” -> “For example, PE1 and PE2 CE-VID binding …” “PE3 is only required to export MAC …” -> “PE3 is required to export only MAC …” --------------F104C7E00EA0F3C8114A308F Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

SECDIR review of draft-ietf- bess-evpn-usage-07

 

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving security requirements and considerations in IETF drafts.  Comments not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.

 

This document describes the applicability of an Ethernet VPN (EVPN) enabled via BGP MPLS, in what the authors say is a “fairly common deployment scenario.” It intended status is INFORMATIONAL. The document complements RFC 7432, which already defines BGP MPLS-based EVPN technology.

 

Section 2 (Terminology)

 

The acronym PE (provider edge?) is used here, but not defined.

 

Section 3

 

This section describes the common deployment scenario that is the focus of this document. The scenario involves three customer sites; one requires multi-homing to two provider access points, while the other two sites are single-homed. The goal is to make all three sites appear to be on the same Ethernet.

 

Section 3.2 describes rationale (motivation) for using this technology (vs. VPLS) to satisfy the service and redundancy requirements. That’s not exactly an “applicability” discussion, but …

 

Section 4 describes the provisioning model for the chosen deployment scenario. Section 5 describes what route update processing capabilities are needs by the provider equipment, in support of this deployment scenario. Section 6 is rather long; it describes the EVPN initialization procedures in detail for MAC-based forwarding. Section 7 provides a similar description for MPLS-based forwarding. Section 8 compares the two approaches and Section 9 discuss traffic flow optimization (to avoid flooding traffic to all sites when such flooding is not needed).

 

Section 10 (Security Considerations) consists of only one sentence, which refers to the corresponding discussion in RFC 7432. Additional text should be provided here to explain why this document does not add any new security considerations. Presumably the rationale is that the provisioning model and initialization procedures described here are a subset of the more general discussion in 7432 and thus no new security concerns arise as a result of this more detailed information. I am not in a position to judge whether that potential rationale is true.

 

I reviewed the Security Considerations section of RFC 7432. It contains about 1.5 pages of text. The first paragraph there cites security considerations text in RFCs 4761, 4762, and 4364 and the text there is generally well-written. However, there is a significant omission, one that should have been noted in the SECDIR review of that document. Specifically, 7432 cites NONE of the BGP security RFCs produced by the SIDR WG (e.g., RFCs 6480-93 et al), even though they preceded publication of that RFC. Since those documents represented the latest proposals for improving BGP security at the time, they ought to have been cited and a very brief discussion of their relevance to EVPN BGP MPLS deployments. I suggest that this document rectify this omission, i.e., cite several of the BGP secure origin authentication RFCs, and the recent BGPSec RFCs (8205-11), and note the relevance of those standards to EVPN BGP MPLS deployments.




Comments on Grammar/Typos

 

There are a several places in the text where sentences are un-grammatical. For example:

 

“… irrespectively of the number of affected services… “

->

“…irrespective of the number of affected services …”

 

“ … we can use ingress replication for on EVI100 …”

->

“…we can use ingress replication for EVI100 and …”

 

“In regards to service interfaces …”

->

“With regard to service interfaces …”

 

“…(and even suppress) the ARP-flooding.”

->

“…(and even suppress) ARP-flooding.”

 

“…certain parameters which are not service-specific…”

->

“certain parameters that are not service-specific..”

 

“In our use-case, besides the above parameters, the same LACP

parameters will be configured in PE1 and PE2 for the ESI, so that CE2

can send different flows to PE1 and PE2 for the same CE-VID as though

they were forming a single system from the CE2 perspective.”

 

Sentence too long

 

“E.g.: PE1 and PE2 CE-VID binding …”

->

“For example, PE1 and PE2 CE-VID binding …”

 

“PE3 is only required to export MAC …”

->

“PE3 is required to export only MAC …”


--------------F104C7E00EA0F3C8114A308F-- From nobody Fri Feb 2 13:22:05 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1431276AF for ; Fri, 2 Feb 2018 13:22:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjuTcf1EQEtf for ; Fri, 2 Feb 2018 13:22:02 -0800 (PST) Received: from mail-ot0-x22c.google.com (mail-ot0-x22c.google.com [IPv6:2607:f8b0:4003:c0f::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 528951243FE for ; Fri, 2 Feb 2018 13:22:02 -0800 (PST) Received: by mail-ot0-x22c.google.com with SMTP id e64so1755556ote.4 for ; Fri, 02 Feb 2018 13:22:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=YDhxgViUbeKa7GSv4pzApprDm9j/JrKT62GHJcXe+S8=; b=XfLhQc/izWQs2KT1EaMmPOq1fbH9DeqzLdLNI3wboWWKue+2R0hdmRLLfKeipueWj1 ulVtfeeqMzs6LVWXwix6yGUtknX0emZymLJeyvrTFtFzA+VyqYoWHehYBR4TV0FrGnGr pcsfxcodxvtDMjQ1v+cceLjbUlKg1rkWJa2FdJ94rNIu/QRHPWkkToI4UEkIikAIdJQ9 ejOlocqerdSpb7I9/PojqZgMwnki0OYLVkssDYrMhhgaEXo3TpY4ypglw6lnbcyUEJeR i4wxPBGhQlenn/WKM6pGQaj5YV8e9OifEo7URB1Vb9XNFqvmtm6aadi6SrAPtX/culb8 lQ2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=YDhxgViUbeKa7GSv4pzApprDm9j/JrKT62GHJcXe+S8=; b=WkqfYibZ8+emf9E8hLXSsKP042qYfpCQmNglrY3qTfQyZz3YvL87SipFrwc21Ai73o 0LvLz2dZNz7NODxxoHMvjaPjIgtKAy+siACCqQeLLyYGQpudbsuEz9BSaLmlPWEJ2ZFD kUPCd1Z2Ea4pif6WoECHPhpWqBzZG1U3cPRT0JN3hMitB+Lt1QaWFSX6S3GUJ2XyvWS4 LO5PD70AWS42FgWESBalIQcwb2c79Vl5kocFBrGhvxpT/K5hf3uk0cSR0Q2Z2bMqBBf2 7f/TzUcwgZrthQ5Jk9agxHRDK2IIpGgVP9s74YRDKLzAmHU6EfQwvvoKivL7bBeP3FxR 7mzQ== X-Gm-Message-State: APf1xPAVTcSLJqMEDsZmrwVi+m28yBbS7o9JS+I/ZcCzovMU7LlwAK7L Sp4KtOOB5b65V/ceqI4YFETusQp+GRDCg+RuzC4= X-Google-Smtp-Source: AH8x224KaTsKpPaNUmDRpYr9F0Nmjx0T3ff0o5gzkCQJHjbnnk2ePgzyyPIT98TCDntnPUrU8qhA3c51WBrNJbBhS1g= X-Received: by 10.157.114.150 with SMTP id t22mr3101717otj.164.1517606521773; Fri, 02 Feb 2018 13:22:01 -0800 (PST) Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 2 Feb 2018 16:22:01 -0500 From: Alvaro Retana In-Reply-To: References: X-Mailer: Airmail (467) MIME-Version: 1.0 Date: Fri, 2 Feb 2018 16:22:01 -0500 Message-ID: To: Stephen Kent , wim.henderickx@nokia.com, sajassi@cisco.com, uttaro@att.com, jorge.rabadan@nokia.com, stephane.litkowski@orange.com, martin.vigoureux@nokia.com, secdir@ietf.org, senad.palislamovic@nokia.com Content-Type: multipart/alternative; boundary="94eb2c137f4ea3a17d0564414d1a" Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 21:22:04 -0000 --94eb2c137f4ea3a17d0564414d1a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On February 2, 2018 at 1:16:28 PM, Stephen Kent (stkent@verizon.net) wrote: Steve: Hi! How are you? ... Section 10 (Security Considerations) consists of only one sentence, which refers to the corresponding discussion in RFC 7432. Additional text should be provided here to explain why this document does not add any new security considerations. Presumably the rationale is that the provisioning model and initialization procedures described here are a subset of the more general discussion in 7432 and thus no new security concerns arise as a result of this more detailed information. I am not in a position to judge whether that potential rationale is true. Fair enough. I reviewed the Security Considerations section of RFC 7432. It contains about 1.5 pages of text. The first paragraph there cites security considerations text in RFCs 4761, 4762, and 4364 and the text there is generally well-written. However, there is a significant omission, one that should have been noted in the SECDIR review of that document. Specifically, 7432 cites NONE of the BGP security RFCs produced by the SIDR WG (e.g., RFCs 6480-93 et al), even though they preceded publication of that RFC. Since those documents represented the latest proposals for improving BGP security at the time, they ought to have been cited and a very brief discussion of their relevance to EVPN BGP MPLS deployments. I suggest that this document rectify this omission, i.e., cite several of the BGP secure origin authentication RFCs, and the recent BGPSec RFCs (8205-11), and note the relevance of those standards to EVPN BGP MPLS deployments. The work from sidr doesn=E2=80=99t directly apply to EVPN simply because th= e ROAs and BGPSec have been specified only for IPv4/IPv6 and not for the Address Family used by EVPN. Maybe a statement like that is what you=E2=80=99re looking for =E2=80=94 bu= t I don=E2=80=99t think it is appropriate to go any further in this document. Thanks! Alvaro. --94eb2c137f4ea3a17d0564414d1a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =
On February 2,= 2018 at 1:16:28 PM, Stephen Kent (st= kent@verizon.net) wrote:

=
Steve:

Hi!=C2=A0 How are you?

=
...

Section 10 (Security Considerations) consis= ts of only one sentence, which refers to the corresponding discussion in RF= C 7432. Additional text should be provided here to explain why this documen= t does not add any new security considerations. Presumably the rationale is= that the provisioning model and initialization procedures described here a= re a subset of the more general discussion in 7432 and thus no new security= concerns arise as a result of this more detailed information. I am not in = a position to judge whether that potential rationale is true.

Fair enough.

I r= eviewed the Security Considerations section of RFC 7432. It contains about = 1.5 pages of text. The first paragraph there cites security considerations = text in RFCs 4761, 4762, and 4364 and the text there is generally well-writ= ten. However, there is a significant omission, one that should have been no= ted in the SECDIR review of that document. Specifically, 7432 cites NONE of= the BGP security RFCs produced by the SIDR WG (e.g., RFCs 6480-93 et al), = even though they preceded publication of that RFC. Since those documents re= presented the latest proposals for improving BGP security at the time, they= ought to have been cited and a very brief discussion of their relevance to= EVPN BGP MPLS deployments. I suggest that this document rectify this omiss= ion, i.e., cite several of the BGP secure origin authentication RFCs, and t= he recent BGPSec RFCs (8205-11), and note the relevance of those standards = to EVPN BGP MPLS deployments.

The work from sidr doesn=E2=80=99t directly apply to EVP= N simply because the ROAs and BGPSec have been specified only for IPv4/IPv6= and not for the Address Family used by EVPN.

Maybe a statement like that is what you=E2=80=99re looking for =E2= =80=94 but I don=E2=80=99t think it is appropriate to go any further in thi= s document.

Thanks!

A= lvaro.
--94eb2c137f4ea3a17d0564414d1a-- From nobody Fri Feb 2 14:06:54 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C82F312D7EC for ; Fri, 2 Feb 2018 14:06:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.92 X-Spam-Level: X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGm0ZVaeGfv8 for ; Fri, 2 Feb 2018 14:06:52 -0800 (PST) Received: from omr-m008e.mx.aol.com (omr-m008e.mx.aol.com [204.29.186.7]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E70E2126C23 for ; Fri, 2 Feb 2018 14:06:51 -0800 (PST) Received: from mtaout-maa02.mx.aol.com (mtaout-maa02.mx.aol.com [172.26.222.142]) by omr-m008e.mx.aol.com (Outbound Mail Relay) with ESMTP id 6B10D3800157; Fri, 2 Feb 2018 17:06:50 -0500 (EST) Received: from iMac-Study.fios-router.home (pool-108-49-30-217.bstnma.fios.verizon.net [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-maa02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 655D438000084; Fri, 2 Feb 2018 17:06:49 -0500 (EST) To: Alvaro Retana , wim.henderickx@nokia.com, sajassi@cisco.com, uttaro@att.com, jorge.rabadan@nokia.com, stephane.litkowski@orange.com, martin.vigoureux@nokia.com, secdir@ietf.org, senad.palislamovic@nokia.com References: From: Stephen Kent Message-ID: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> Date: Fri, 2 Feb 2018 17:06:48 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------463283F9B20D6FC7131D2707" Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1ade8e5a74e0f91d4c X-AOL-IP: 108.49.30.217 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 22:06:54 -0000 This is a multi-part message in MIME format. --------------463283F9B20D6FC7131D2707 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Alvaro, > On February 2, 2018 at 1:16:28 PM, Stephen Kent (stkent@verizon.net > ) wrote: > > Steve: > > Hi!  How are you? I'm well. Thanks for asking. > > ... >> >> Section 10 (Security Considerations) consists of only one sentence, >> which refers to the corresponding discussion in RFC 7432. Additional >> text should be provided here to explain why this document does not >> add any new security considerations. Presumably the rationale is that >> the provisioning model and initialization procedures described here >> are a subset of the more general discussion in 7432 and thus no new >> security concerns arise as a result of this more detailed >> information. I am not in a position to judge whether that potential >> rationale is true. >> > Fair enough. > Good. >> >> I reviewed the Security Considerations section of RFC 7432. It >> contains about 1.5 pages of text. The first paragraph there cites >> security considerations text in RFCs 4761, 4762, and 4364 and the >> text there is generally well-written. However, there is a significant >> omission, one that should have been noted in the SECDIR review of >> that document. Specifically, 7432 cites NONE of the BGP security RFCs >> produced by the SIDR WG (e.g., RFCs 6480-93 et al), even though they >> preceded publication of that RFC. Since those documents represented >> the latest proposals for improving BGP security at the time, they >> ought to have been cited and a very brief discussion of their >> relevance to EVPN BGP MPLS deployments. I suggest that this document >> rectify this omission, i.e., cite several of the BGP secure origin >> authentication RFCs, and the recent BGPSec RFCs (8205-11), and note >> the relevance of those standards to EVPN BGP MPLS deployments. >> > The work from sidr doesn’t directly apply to EVPN simply because the > ROAs and BGPSec have been specified only for IPv4/IPv6 and not for the > Address Family used by EVPN. > > Maybe a statement like that is what you’re looking for — but I don’t > think it is appropriate to go any further in this document. > A statement explaining why AS origin authentication and BGPSec are not relevant would address my concerns. Thanks, Stevce --------------463283F9B20D6FC7131D2707 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
Alvaro,
On February 2, 2018 at 1:16:28 PM, Stephen Kent (stkent@verizon.net) wrote:

Steve:

Hi!  How are you?
I'm well. Thanks for asking.

...

Section 10 (Security Considerations) consists of only one sentence, which refers to the corresponding discussion in RFC 7432. Additional text should be provided here to explain why this document does not add any new security considerations. Presumably the rationale is that the provisioning model and initialization procedures described here are a subset of the more general discussion in 7432 and thus no new security concerns arise as a result of this more detailed information. I am not in a position to judge whether that potential rationale is true.

Fair enough.

Good.

I reviewed the Security Considerations section of RFC 7432. It contains about 1.5 pages of text. The first paragraph there cites security considerations text in RFCs 4761, 4762, and 4364 and the text there is generally well-written. However, there is a significant omission, one that should have been noted in the SECDIR review of that document. Specifically, 7432 cites NONE of the BGP security RFCs produced by the SIDR WG (e.g., RFCs 6480-93 et al), even though they preceded publication of that RFC. Since those documents represented the latest proposals for improving BGP security at the time, they ought to have been cited and a very brief discussion of their relevance to EVPN BGP MPLS deployments. I suggest that this document rectify this omission, i.e., cite several of the BGP secure origin authentication RFCs, and the recent BGPSec RFCs (8205-11), and note the relevance of those standards to EVPN BGP MPLS deployments.

The work from sidr doesn’t directly apply to EVPN simply because the ROAs and BGPSec have been specified only for IPv4/IPv6 and not for the Address Family used by EVPN.

Maybe a statement like that is what you’re looking for — but I don’t think it is appropriate to go any further in this document.

A statement explaining why AS origin authentication and BGPSec are not relevant would address my concerns.

Thanks,

Stevce
 --------------463283F9B20D6FC7131D2707-- From nobody Fri Feb 2 15:28:08 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9DAE126C23; Fri, 2 Feb 2018 15:28:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hiuzE2Q1JCL5; Fri, 2 Feb 2018 15:28:06 -0800 (PST) Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 3417D126CD6; Fri, 2 Feb 2018 15:28:06 -0800 (PST) Received: from thinny.local (unknown [218.188.70.131]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id E1C9F1022404C; Fri, 2 Feb 2018 15:28:04 -0800 (PST) To: "iesg@ietf.org" , "secdir@ietf.org" , draft-ietf-trill-address-flush.all@ietf.org From: Dan Harkins Message-ID: <220f1836-65b0-bc29-d5e2-402e0eb057d3@lounge.org> Date: Fri, 2 Feb 2018 15:28:02 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------D27CB40C61E29D79B6BDE2AA" Content-Language: en-US Archived-At: Subject: [secdir] secdir review of draft-ietf-trill-address-flush-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 23:28:07 -0000 This is a multi-part message in MIME format. --------------D27CB40C61E29D79B6BDE2AA Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit   Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft defines a new message to tell TRILL implementations to flush certain reachability information it has learned. It seems quite extensible and complete. The security considerations are adequate and discuss what would happen if these messages are not secured. The draft is "Ready" for publication. One editorial nit (to show I really did read it!): in section 2.2, "...where using a set of contiguous blocks if cumbersome." should be "is cumbersome" I think. regards, Dan. --------------D27CB40C61E29D79B6BDE2AA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
  Hello,
  I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

  This draft defines a new message to tell TRILL implementations to
flush certain reachability information it has learned. It seems quite
extensible and complete. The security considerations are adequate and
discuss what would happen if these messages are not secured. 

  The draft is "Ready" for publication.

  One editorial nit (to show I really did read it!): in section 2.2,
"...where using a set of contiguous blocks if cumbersome." should be
"is cumbersome" I think.

  regards,

  Dan.
--------------D27CB40C61E29D79B6BDE2AA-- From nobody Fri Feb 2 16:32:45 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C2812D80F; Fri, 2 Feb 2018 16:32:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.449 X-Spam-Level: X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6VZT4tzWBxRm; Fri, 2 Feb 2018 16:32:42 -0800 (PST) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3053C126B6E; Fri, 2 Feb 2018 16:32:42 -0800 (PST) Received: by mail-oi0-x22c.google.com with SMTP id c189so16648199oib.12; Fri, 02 Feb 2018 16:32:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eAuN9uz2BuKv5PxT6/EbgVP2KsbQuQOgsjmWTwDm2fU=; b=Mmo3uC68IH/NjiidewTIFSO5KOW/H4HS0mpiWQNnjE1G7rGQHxNerNKSC0gPl2krLz 8WRIpypYRQsiWGy6VPiMnrdfy+571UmlXRlSYDpj3kukSfnRncMJpMMhOU1+8bZbrBE6 CbOJPi4zHsUu6SFc9KEoMqknAK9q2bB4ZNLVMpMUqQNt01tLuMyvAo+MNAhf0YLqFLpo 8rkM+1mWsbzJMMBCNbQxceW+EWupk5JwGKRsDIQMhEYHxqqi9m2U38P8ksla/zjZbGnY n/FwT1wwG16aZBly5G5jWNP/cCKyVC7uIfh8oJ384azjgFb/EgakniV50WXsnJ/cNg/M Uf9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eAuN9uz2BuKv5PxT6/EbgVP2KsbQuQOgsjmWTwDm2fU=; b=QRaQJ7kXZpgITxBMYIPGpj05P2KdIw4kbIZSQ2OYuQAaMpz/CjxVpZ3x0EVmPJF6ng h+OUZ6cdzj3xYwhKv9a0tI4iJdl8D4YCq2MBa1PpXtJRfx+8AlLVYz+5EL7vB5ePxtta kXAVcW31JLE1Atkq9sdanbTKlOp2YHvNpCLkjkHWMtP8hkFb6q63gcY28jssKIHY7F2R 4Wya3g8r5yVtBTjgcWAgSBGyCcHKXv2vCOwQSUfBCzok8c5ApuisIzm9Zttgr53vtW1d bxfxTTzVXKJ5uUQrchOG9RYGloFVku+E4pNJT8W4vUzuOt7E+hiZywxgf5qaoMxrz09G ja7w== X-Gm-Message-State: AKwxyte9yxznOm59DVV+hnPKTOCsq8ZHKrx5zxPW+XVwF7tR+lomVeCc d54Kd8CJsTG2fpKCX22cygHISWtQT66L/NK7CKc= X-Google-Smtp-Source: AH8x226sM5FLTLHRJ6FopxknCm6QkOF8SnYPwqeIfIh8/HPRERcjn4jWoANJ08TnaYNioQmuqu+eN961GkhoTQG3TMY= X-Received: by 10.202.214.84 with SMTP id n81mr17833706oig.294.1517617961312; Fri, 02 Feb 2018 16:32:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.168.67.205 with HTTP; Fri, 2 Feb 2018 16:32:25 -0800 (PST) In-Reply-To: <220f1836-65b0-bc29-d5e2-402e0eb057d3@lounge.org> References: <220f1836-65b0-bc29-d5e2-402e0eb057d3@lounge.org> From: Donald Eastlake Date: Fri, 2 Feb 2018 19:32:25 -0500 Message-ID: To: Dan Harkins Cc: "iesg@ietf.org" , "secdir@ietf.org" , draft-ietf-trill-address-flush.all@ietf.org Content-Type: multipart/alternative; boundary="001a113debda7d2874056443f763" Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-trill-address-flush-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Feb 2018 00:32:44 -0000 --001a113debda7d2874056443f763 Content-Type: text/plain; charset="UTF-8" Hi Dan, Thanks for your review. I've fixed the typo you noticed in the current source file so it should get fixed the next time a revision is uploaded. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com On Fri, Feb 2, 2018 at 6:28 PM, Dan Harkins wrote: > > Hello, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This draft defines a new message to tell TRILL implementations to > flush certain reachability information it has learned. It seems quite > extensible and complete. The security considerations are adequate and > discuss what would happen if these messages are not secured. > > The draft is "Ready" for publication. > > One editorial nit (to show I really did read it!): in section 2.2, > "...where using a set of contiguous blocks if cumbersome." should be > "is cumbersome" I think. > > regards, > > Dan. > > > > --001a113debda7d2874056443f763 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Dan,

Thanks for your review.

I've fixed the typo you noticed in the current source= file so it should get fixed the next time a revision is uploaded.

Thanks,
Donald
=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=C2=A0Donald E. Eastlake 3rd =C2=A0 +1-508-333-2270 (cell)
=C2=A0155= Beaver Street, Milford, MA 01757 USA
=C2=A0d3e3e3@gmail.com

On Fri, Feb 2, 2018 at 6:28 PM, Dan Harkins = <dharkins@lounge.org> wrote:
=20 =20 =20

=C2=A0 Hello,
  I have reviewed this docume=
nt as part of the security directorate's=20
ongoing effort to review all IETF documents being processed by the=20
IESG.  These comments were written primarily for the benefit of the=20
security area directors.  Document editors and WG chairs should treat=20
these comments just like any other last call comments.

  This draft defines a new message to tell TRILL implementations to
flush certain reachability information it has learned. It seems quite
extensible and complete. The security considerations are adequate and
discuss what would happen if these messages are not secured.=20

  The draft is "Ready" for publication.

  One editorial nit (to show I really did read it!): in section 2.2,
"...where using a set of contiguous blocks if cumbersome." should=
 be
"is cumbersome" I think.

  regards,

  Dan.

--001a113debda7d2874056443f763-- From nobody Sat Feb 3 12:03:35 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD53F12DA23; Sat, 3 Feb 2018 12:03:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vD6E3Hugfy_t; Sat, 3 Feb 2018 12:03:19 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7C6F12DA19; Sat, 3 Feb 2018 12:03:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1318; q=dns/txt; s=iport; t=1517688199; x=1518897799; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=1peUSAt/o1xM73F9n1Cm/fz32MNpG2yUplVJ+3vkijk=; b=dmIWvEO/t2XaiVD6f6UFwWMfcru/I8QIqeZ5STKwPqcML8ZOQiKL6jIX EO6STI4Qg4pu1ICu2jGXMQZAAnoWXl2Zv0s1VrEi+CowiPoewpYUuuu5D MzAy4qhZudILFK5k5KTyvRoTaA+JSk4YrGhePthJ4v3EnbpHuJ1QhVjUo Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DGAQBgFHZa/4YNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNRZnAoCoNbmE+ZSoIYCiOFGAIagh5WFgEBAQEBAQEBAmsohSQ?= =?us-ascii?q?GIxFFEAIBCA4MAiYCAgIwFRACBAENBYo1ELwNgieIcIIGAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBGAWBD4NbghWDaIMFgy8CAoFvgxcxgjQBBKQlAogXjViUN41tiVw?= =?us-ascii?q?CERkBgTsBJQEygVBwFWcBghuEd3gMiwqBFwEBAQ?= X-IronPort-AV: E=Sophos;i="5.46,456,1511827200"; d="scan'208";a="351589172" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Feb 2018 20:03:17 +0000 Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id w13K3HPD028062 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 3 Feb 2018 20:03:17 GMT Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Sat, 3 Feb 2018 15:03:16 -0500 Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Sat, 3 Feb 2018 15:03:16 -0500 From: "Acee Lindem (acee)" To: Liang Xia , "secdir@ietf.org" CC: "draft-ietf-rtgwg-ni-model.all@ietf.org" , "ietf@ietf.org" , "rtgwg@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-rtgwg-ni-model-06 Thread-Index: AQHTkQc9uq8Yg6SETUWosZYM8aIeVaOTMfyA Date: Sat, 3 Feb 2018 20:03:16 +0000 Message-ID: References: <151635383693.27079.16419648768867795104@ietfa.amsl.com> In-Reply-To: <151635383693.27079.16419648768867795104@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.152.198] Content-Type: text/plain; charset="utf-8" Content-ID: <7F823BCB5820B249A554128DCB0EFC72@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-rtgwg-ni-model-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Feb 2018 20:03:21 -0000 SGkgTGlhbmcsIA0KDQpUaGFua3MgZm9yIHRoZSByZXZpZXcuIFRoZXNlIGNoYW5nZXMgd2lsbCBi ZSBpbiB0aGUgLTA3IGFsb25nIHdpdGggQWxpYSdzIGNvbW1lbnRzLiBTZWUgb25lIGlubGluZS4N Cg0K77u/T24gMS8xOS8xOCwgNDoyNCBBTSwgIkxpYW5nIFhpYSIgPGZyYW5rLnhpYWxpYW5nQGh1 YXdlaS5jb20+IHdyb3RlOg0KDQogICAgUmV2aWV3ZXI6IExpYW5nIFhpYQ0KICAgIFJldmlldyBy ZXN1bHQ6IEhhcyBJc3N1ZXMNCiAgICANCiAgICBGb3IgdGhlIHNlY3Rpb24gb2YgU2VjdXJpdHkg Q29uc2lkZXJhdGlvbnM6DQogICAgMS4geW91IG1heSByZWZlciB0byB0ZW1wbGV0ZSBpbg0KICAg IGh0dHBzOi8vdHJhYy5pZXRmLm9yZy90cmFjL29wcy93aWtpL3lhbmctc2VjdXJpdHktZ3VpZGVs aW5lcyB0byBhZGQgc29tZQ0KICAgIHJlcXVpcmVkIGdlbmVyYWwgc2VjdXJpdHkgY29uc2lkZXJh dGlvbnM7DQogICAgDQogICAgMi4gQWNjb3JkaW5nIHRvIHRoZSBhYm92ZSB0ZW1wbGV0ZSwgW1JG QzUyNDZdLCBbUkZDNjI0MV0sIFtSRkM2MjQyXSwgW1JGQzY1MzZdLA0KICAgIGFuZCBbUkZDODA0 MF0gbXVzdCBiZSAibm9ybWF0aXZlIHJlZmVyZW5jZXMiOw0KICAgIA0KICAgIDMuIEkgZG9uJ3Qg c2VlIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9uIGNvbnRlbnQgYWJvdXQgdGhlIHJlYWRhYmxl IGRhdGENCiAgICBub2Rlcy4gSXMgaXQgbWlzc2VkLCBvciB0aGVyZSBhcmUgbm90IHN1Y2ggcmVh ZGFibGUgZGF0ZSBub2RlcyBuZWVkIHRvIGJlDQogICAgY29uc2lkZXJlZD8NCg0KTm8gLSB0aGVy ZSBhcmUgbm8gJ2NvbmZpZyBmYWxzZScgZGF0YSBub2Rlcy4gVGhlcmUgaXMgbW9yZSB0aG91Z2h0 ZnVsbmVzcyBwdXQgaW50byB0aGVzZSAiU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMiIHRoYW4gbW9z dCBZQU5HIG1vZGVscy4gDQoNClRoYW5rcywNCkFjZWUgDQogICAgDQogICAgDQoNCg== From nobody Tue Feb 6 16:40:27 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024D512711A; Tue, 6 Feb 2018 16:40:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.23 X-Spam-Level: X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZ2QSShu3655; Tue, 6 Feb 2018 16:40:19 -0800 (PST) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D45E8126DFB; Tue, 6 Feb 2018 16:40:15 -0800 (PST) X-AuditID: 1209190e-449ff70000006d70-a3-5a7a4aedc1b3 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 94.F9.28016.DEA4A7A5; Tue, 6 Feb 2018 19:40:14 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w170eCRN015137; Tue, 6 Feb 2018 19:40:13 -0500 Received: from localhost (nyc-02.triskelion.com [162.243.175.178]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w170eBYC011609; Tue, 6 Feb 2018 19:40:12 -0500 From: Taylor Yu To: iesg@ietf.org, secdir@ietf.org, draft-ietf-rtgwg-lne-model.all@ietf.org Date: Wed, 07 Feb 2018 00:40:10 +0000 Message-ID: Lines: 57 MIME-Version: 1.0 Content-Type: text/plain X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRmVeSWpSXmKPExsUixCmqrfvOqyrKYE2ExYfnuxgtZvyZyGzx YeFDFgdmjyVLfjIFMEZx2aSk5mSWpRbp2yVwZWxbt4itYL1oxZ+129gbGLcIdjFyckgImEgc WTiXvYuRi0NIYDGTxPNFH1kgnA2MEqcO9rJBOF8ZJZoXPQdyODjYBOQkLt8KBukWEfCWWH1g HyOILSxgLnF8+XkWEJtFQFWi6+BrVhCbV8BG4svkSWA1PAKcErOn9rBBxAUlTs58AlbPLCAh cfDFC+YJjDyzkKRmIUktYGRaxSibklulm5uYmVOcmqxbnJyYl5dapGusl5tZopeaUrqJERwu knw7GCc1eB9iFOBgVOLhvbG2MkqINbGsuDL3EKMkB5OSKG/qlIooIb6k/JTKjMTijPii0pzU 4kOMEhzMSiK8QZuAynlTEiurUovyYVLSHCxK4rzuJtpRQgLpiSWp2ampBalFMFkZDg4lCd54 z6ooIcGi1PTUirTMnBKENBMHJ8hwHqDhEiA1vMUFibnFmekQ+VOMxhw3XrxuY+aYtuxNG7MQ S15+XqqUOG+bB1CpAEhpRmke3DRQzC/6vH7TK0ZxoOeEeSeADOQBpgu4ea+AVjEBrboRBPJH cUkiQkqqgXFbbnFPwG73FQI+tvvWx1iU8M0N9Om+YSqlGnGx56vlxejfxzUZnGc+zXiSGfnI N+SfwpWmO/oRlQGqCbeTzm30y9DNaXAzfVPhcjOjMjLQKffHoyl6S9qaXfP5fzmaf2ctUXt8 cn3lNfuHJVqCn3+lidxt+1YrM7fzhN6+6ZKCEozC4frGSizFGYmGWsxFxYkA3EYdrNQCAAA= Archived-At: Subject: [secdir] secdir review of draft-ietf-rtgwg-lne-model-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 00:40:21 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready With Issues. I agree somewhat with the Major Concerns in Russ Housley's Gen-ART review https://datatracker.ietf.org/doc/review-ietf-rtgwg-lne-model-05-genart-lc-housley-2018-01-20/ although I disagree that it makes the document Not Ready. > Major Concerns: > > Section 4 listed three data nodes that are sensitive or vulnerable: > - /logical-network-elements/logical-network-element > - /logical-network-elements/logical-network-element/managed > - /if:interfaces/if:interface/bind-lne-name > > All three of them deserve a bit more discussion, although the middle > one is covered in much more detail than the other two. If a bad actor > gets "unauthorized access" is there something more specific about each > of these that can be said? The characterization of "network > malfunctions, delivery of packets to inappropriate destinations, and > other problems" seems very broad. Consequences that are specific to > these data nodes would be more helpful to the reader. My limited understanding is that there is a lot of variation in the security impact among specific equipment models and deployment scenarios. Therefore, they would likely need to be analyzed on a case-by-case basis. Perhaps there should be Security Considerations text to this effect, maybe with some broad guidance about how to do such an analysis? For example, does changing the "bind-lne-name" of an interface have the effect of making it unavailable to the LNE it was previously associated with, while providing the new LNE with an unconfigured new interface? Or does it also carry some configuration or routing state from the former LNE with it to the new LNE? The latter might have a greater security impact. This final paragraph in the Security Considerations of this document seems copied almost verbatim from that of RFC 8022: > Unauthorized access to any of these lists can adversely affect the > security of both the local device and the network. This may lead to > network malfunctions, delivery of packets to inappropriate > destinations, and other problems. That seems to have been acceptable for RFC 8022, but perhaps we should do better here? Or do we follow the precedent that this level of detail in the Security Considerations of YANG specifications is acceptable? Best regards, -Taylor From nobody Thu Feb 8 06:03:19 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C0A712D96C for ; Thu, 8 Feb 2018 06:03:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.919 X-Spam-Level: X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTKqjMHpopT6 for ; Thu, 8 Feb 2018 06:03:09 -0800 (PST) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20107.outbound.protection.outlook.com [40.107.2.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11FA012DA05 for ; Thu, 8 Feb 2018 06:03:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Dn9TlkH03AxyfaWVvH6z3l05Rf91eTqiUU4KJpsmOsQ=; b=DZvGjcFBTfdU56StI7imMbPIf3VpuYnzyoa68N44etVLR7rEa+PoJe2UX/Cm/ctTqZM3ce5YvjCMT+5a07xgZZFdQbD/l+oPD1lcT7lZfixUFHVD/d3cffiC/1+44ibhyVa5rVyHJQfVVSOqjGo3PAp1kzkkl06RU4JFpm3noiY= Received: from AM4PR07MB3409.eurprd07.prod.outlook.com (10.171.189.158) by AM4PR07MB3073.eurprd07.prod.outlook.com (10.171.188.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.7; Thu, 8 Feb 2018 14:03:05 +0000 Received: from AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085]) by AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085%2]) with mapi id 15.20.0506.007; Thu, 8 Feb 2018 14:03:04 +0000 From: "Rabadan, Jorge (Nokia - US/Mountain View)" To: Stephen Kent , Alvaro Retana , "Henderickx, Wim (Nokia - BE/Antwerp)" , "sajassi@cisco.com" , "uttaro@att.com" , "stephane.litkowski@orange.com" , "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" , "secdir@ietf.org" , "Palislamovic, Senad (Nokia - US)" Thread-Topic: SECDIR review of draft-ietf- bess-evpn-usage-07 Thread-Index: AQHTnFHz0wf12N+xhkuJ9V8mooRWQaORnxaAgAAMgwCACPeYgA== Date: Thu, 8 Feb 2018 14:03:04 +0000 Message-ID: <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> References: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> In-Reply-To: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180204 x-originating-ip: [88.27.177.143] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB3073; 7:N7Mpqx1Lk2y4HPyfLL8YIMGUCGKkpaFHt7IbDQuOebJa6olKAzuMxcf3uGdsQRhtFWWctTyJDLD4QWTr/lEQDLNU+rFaoqhxy6hb+rnWboAgtxx8OpI2TywY9wapc/+W5GtmnekOvoEmB8dtYKa9JVgdO9oKcgdyx5VASJEc6JkleFhA+zJ7e/xm03Lxyaw6IdmCtEFI+L7yEvTX5hC6FrTu4jtUM5EyZkZ3NJlDflLKNRVKePcYOJmgCmzKAmHg x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(346002)(376002)(396003)(39860400002)(39380400002)(366004)(199004)(189003)(2900100001)(6436002)(3660700001)(5660300001)(58126008)(110136005)(53936002)(81156014)(82746002)(6246003)(5250100002)(2501003)(81166006)(8676002)(97736004)(316002)(83716003)(3846002)(6486002)(478600001)(236005)(6512007)(8656006)(83506002)(54896002)(6306002)(105586002)(99286004)(6116002)(68736007)(106356001)(86362001)(53546011)(6506007)(36756003)(7736002)(59450400001)(66066001)(2906002)(39060400002)(229853002)(102836004)(186003)(2201001)(76176011)(6346003)(14454004)(26005)(3280700002)(6636002)(25786009)(2950100002)(33656002)(8936002)(921003)(560514002)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB3073; H:AM4PR07MB3409.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: fcbf732d-063a-410b-bb51-08d56efcac38 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:AM4PR07MB3073; x-ms-traffictypediagnostic: AM4PR07MB3073: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(82608151540597)(85827821059158)(97927398514766)(88262167912993)(95692535739014)(18271650672692)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231101)(11241501184)(806099)(2400082)(944501161)(93006095)(93001095)(6055026)(6041288)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM4PR07MB3073; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3073; x-forefront-prvs: 0577AD41D6 received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com; x-microsoft-antispam-message-info: GkuslUAW6n189kthPbcmUvHVuFwCHVLIxKXo3/TuVX3qVuchsHJI6vws1syhHw7wTcE7rvPMeP+tg96QzXkaVsRknOWLQb7bBQzdThG087egXfuWudPGahvZ84iOn5dd spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_9D77D57CE135479E832869470CC4FF31nokiacom_" MIME-Version: 1.0 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-Network-Message-Id: fcbf732d-063a-410b-bb51-08d56efcac38 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2018 14:03:04.1912 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3073 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 14:03:12 -0000 --_000_9D77D57CE135479E832869470CC4FF31nokiacom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 S2VudCwNCg0KVGhhbmsgeW91IHZlcnkgbXVjaCBmb3IgeW91ciBjb21tZW50cy4NCkkgaGF2ZSBm aXhlZCB0aGUgZ3JhbW1hciBlcnJvcnMsIGFkZGVkIFBFIHRvIHRoZSB0ZXJtaW5vbG9neSBzZWN0 aW9uIGFuZCBhZGRlZCB0aGlzIHRvIHRoZSBzZWN1cml0eSBzZWN0aW9uOg0KDQrigJxUaGUgcHJv Y2VkdXJlcyBkZXNjcmliZWQgaW4gdGhpcyBkb2N1bWVudCBhcmUgYSBzdWJzZXQgb2YgdGhlIHBy b2NlZHVyZXMgaW4gW1JGQzc0MzJdIGFuZCB0aHVzIG5vIG5ldyBzZWN1cml0eSBjb25jZXJucyBh cmlzZS7igJ0NCg0KDQpBbHZhcm8sIEkgYXNzdW1lIHdlIGRvbuKAmXQgbmVlZCB0byBwb3N0IGEg bmV3IHZlcnNpb24gYW5kIGl0IGNhbiB3YWl0IHRpbGwgdGhlIG5leHQgcmV2aWV3cywgcmlnaHQ/ DQoNClRoYW5rIHlvdS4NCkpvcmdlDQoNCkZyb206IFN0ZXBoZW4gS2VudCA8c3RrZW50QHZlcml6 b24ubmV0Pg0KRGF0ZTogRnJpZGF5LCBGZWJydWFyeSAyLCAyMDE4IGF0IDExOjA2IFBNDQpUbzog QWx2YXJvIFJldGFuYSA8YXJldGFuYS5pZXRmQGdtYWlsLmNvbT4sICJIZW5kZXJpY2t4LCBXaW0g KE5va2lhIC0gQkUvQW50d2VycCkiIDx3aW0uaGVuZGVyaWNreEBub2tpYS5jb20+LCAic2FqYXNz aUBjaXNjby5jb20iIDxzYWphc3NpQGNpc2NvLmNvbT4sICJ1dHRhcm9AYXR0LmNvbSIgPHV0dGFy b0BhdHQuY29tPiwgIlJhYmFkYW4sIEpvcmdlIChOb2tpYSAtIFVTL01vdW50YWluIFZpZXcpIiA8 am9yZ2UucmFiYWRhbkBub2tpYS5jb20+LCAic3RlcGhhbmUubGl0a293c2tpQG9yYW5nZS5jb20i IDxzdGVwaGFuZS5saXRrb3dza2lAb3JhbmdlLmNvbT4sICJWaWdvdXJldXgsIE1hcnRpbiAoTm9r aWEgLSBGUi9QYXJpcy1TYWNsYXkpIiA8bWFydGluLnZpZ291cmV1eEBub2tpYS5jb20+LCAic2Vj ZGlyQGlldGYub3JnIiA8c2VjZGlyQGlldGYub3JnPiwgIlBhbGlzbGFtb3ZpYywgU2VuYWQgKE5v a2lhIC0gVVMpIiA8c2VuYWQucGFsaXNsYW1vdmljQG5va2lhLmNvbT4NClN1YmplY3Q6IFJlOiBT RUNESVIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtIGJlc3MtZXZwbi11c2FnZS0wNw0KDQpBbHZhcm8s DQpPbiBGZWJydWFyeSAyLCAyMDE4IGF0IDE6MTY6MjggUE0sIFN0ZXBoZW4gS2VudCAoc3RrZW50 QHZlcml6b24ubmV0PG1haWx0bzpzdGtlbnRAdmVyaXpvbi5uZXQ+KSB3cm90ZToNCg0KU3RldmU6 DQoNCkhpISAgSG93IGFyZSB5b3U/DQpJJ20gd2VsbC4gVGhhbmtzIGZvciBhc2tpbmcuDQoNCg0K Li4uDQpTZWN0aW9uIDEwIChTZWN1cml0eSBDb25zaWRlcmF0aW9ucykgY29uc2lzdHMgb2Ygb25s eSBvbmUgc2VudGVuY2UsIHdoaWNoIHJlZmVycyB0byB0aGUgY29ycmVzcG9uZGluZyBkaXNjdXNz aW9uIGluIFJGQyA3NDMyLiBBZGRpdGlvbmFsIHRleHQgc2hvdWxkIGJlIHByb3ZpZGVkIGhlcmUg dG8gZXhwbGFpbiB3aHkgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBhZGQgYW55IG5ldyBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucy4gUHJlc3VtYWJseSB0aGUgcmF0aW9uYWxlIGlzIHRoYXQgdGhlIHBy b3Zpc2lvbmluZyBtb2RlbCBhbmQgaW5pdGlhbGl6YXRpb24gcHJvY2VkdXJlcyBkZXNjcmliZWQg aGVyZSBhcmUgYSBzdWJzZXQgb2YgdGhlIG1vcmUgZ2VuZXJhbCBkaXNjdXNzaW9uIGluIDc0MzIg YW5kIHRodXMgbm8gbmV3IHNlY3VyaXR5IGNvbmNlcm5zIGFyaXNlIGFzIGEgcmVzdWx0IG9mIHRo aXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbi4gSSBhbSBub3QgaW4gYSBwb3NpdGlvbiB0byBq dWRnZSB3aGV0aGVyIHRoYXQgcG90ZW50aWFsIHJhdGlvbmFsZSBpcyB0cnVlLg0KDQpGYWlyIGVu b3VnaC4NCkdvb2QuDQoNCkkgcmV2aWV3ZWQgdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNl Y3Rpb24gb2YgUkZDIDc0MzIuIEl0IGNvbnRhaW5zIGFib3V0IDEuNSBwYWdlcyBvZiB0ZXh0LiBU aGUgZmlyc3QgcGFyYWdyYXBoIHRoZXJlIGNpdGVzIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHRl eHQgaW4gUkZDcyA0NzYxLCA0NzYyLCBhbmQgNDM2NCBhbmQgdGhlIHRleHQgdGhlcmUgaXMgZ2Vu ZXJhbGx5IHdlbGwtd3JpdHRlbi4gSG93ZXZlciwgdGhlcmUgaXMgYSBzaWduaWZpY2FudCBvbWlz c2lvbiwgb25lIHRoYXQgc2hvdWxkIGhhdmUgYmVlbiBub3RlZCBpbiB0aGUgU0VDRElSIHJldmll dyBvZiB0aGF0IGRvY3VtZW50LiBTcGVjaWZpY2FsbHksIDc0MzIgY2l0ZXMgTk9ORSBvZiB0aGUg QkdQIHNlY3VyaXR5IFJGQ3MgcHJvZHVjZWQgYnkgdGhlIFNJRFIgV0cgKGUuZy4sIFJGQ3MgNjQ4 MC05MyBldCBhbCksIGV2ZW4gdGhvdWdoIHRoZXkgcHJlY2VkZWQgcHVibGljYXRpb24gb2YgdGhh dCBSRkMuIFNpbmNlIHRob3NlIGRvY3VtZW50cyByZXByZXNlbnRlZCB0aGUgbGF0ZXN0IHByb3Bv c2FscyBmb3IgaW1wcm92aW5nIEJHUCBzZWN1cml0eSBhdCB0aGUgdGltZSwgdGhleSBvdWdodCB0 byBoYXZlIGJlZW4gY2l0ZWQgYW5kIGEgdmVyeSBicmllZiBkaXNjdXNzaW9uIG9mIHRoZWlyIHJl bGV2YW5jZSB0byBFVlBOIEJHUCBNUExTIGRlcGxveW1lbnRzLiBJIHN1Z2dlc3QgdGhhdCB0aGlz IGRvY3VtZW50IHJlY3RpZnkgdGhpcyBvbWlzc2lvbiwgaS5lLiwgY2l0ZSBzZXZlcmFsIG9mIHRo ZSBCR1Agc2VjdXJlIG9yaWdpbiBhdXRoZW50aWNhdGlvbiBSRkNzLCBhbmQgdGhlIHJlY2VudCBC R1BTZWMgUkZDcyAoODIwNS0xMSksIGFuZCBub3RlIHRoZSByZWxldmFuY2Ugb2YgdGhvc2Ugc3Rh bmRhcmRzIHRvIEVWUE4gQkdQIE1QTFMgZGVwbG95bWVudHMuDQoNClRoZSB3b3JrIGZyb20gc2lk ciBkb2VzbuKAmXQgZGlyZWN0bHkgYXBwbHkgdG8gRVZQTiBzaW1wbHkgYmVjYXVzZSB0aGUgUk9B cyBhbmQgQkdQU2VjIGhhdmUgYmVlbiBzcGVjaWZpZWQgb25seSBmb3IgSVB2NC9JUHY2IGFuZCBu b3QgZm9yIHRoZSBBZGRyZXNzIEZhbWlseSB1c2VkIGJ5IEVWUE4uDQoNCk1heWJlIGEgc3RhdGVt ZW50IGxpa2UgdGhhdCBpcyB3aGF0IHlvdeKAmXJlIGxvb2tpbmcgZm9yIOKAlCBidXQgSSBkb27i gJl0IHRoaW5rIGl0IGlzIGFwcHJvcHJpYXRlIHRvIGdvIGFueSBmdXJ0aGVyIGluIHRoaXMgZG9j dW1lbnQuDQpBIHN0YXRlbWVudCBleHBsYWluaW5nIHdoeSBBUyBvcmlnaW4gYXV0aGVudGljYXRp b24gYW5kIEJHUFNlYyBhcmUgbm90IHJlbGV2YW50IHdvdWxkIGFkZHJlc3MgbXkgY29uY2VybnMu DQoNClRoYW5rcywNCg0KU3RldmNlDQoNCg== --_000_9D77D57CE135479E832869470CC4FF31nokiacom_ Content-Type: text/html; charset="utf-8" Content-ID: <1D236E3FD5C78A45BAFAB3BEC448490C@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpIZWx2ZXRpY2E7DQoJcGFub3NlLTE6MCAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1m YW1pbHk6Q29uc29sYXM7DQoJcGFub3NlLTE6MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQt ZmFjZQ0KCXtmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIFwoQm9keSBDU1wpIjsNCglwYW5v c2UtMTowIDAgNSAwIDAgMCAwIDIgMCAwO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1z b05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFy Z2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNh bGlicmkiLHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5 bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l O30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJp b3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0K cC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUt bmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0 OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpz cGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250 LWZhbWlseTpDb25zb2xhczsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJ e21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2Ug V29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIu MHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUi IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+S2VudCwgPG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt ZmFtaWx5OkNvbnNvbGFzIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPlRoYW5rIHlvdSB2 ZXJ5IG11Y2ggZm9yIHlvdXIgY29tbWVudHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5JIGhhdmUg Zml4ZWQgdGhlIGdyYW1tYXIgZXJyb3JzLCBhZGRlZCBQRSB0byB0aGUgdGVybWlub2xvZ3kgc2Vj dGlvbiBhbmQgYWRkZWQgdGhpcyB0byB0aGUgc2VjdXJpdHkgc2VjdGlvbjo8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 Q29uc29sYXMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+4oCcVGhlIHByb2NlZHVyZXMg ZGVzY3JpYmVkIGluIHRoaXMgZG9jdW1lbnQgYXJlIGEgc3Vic2V0IG9mIHRoZSBwcm9jZWR1cmVz IGluIFtSRkM3NDMyXSBhbmQgdGh1cyBubyBuZXcgc2VjdXJpdHkgY29uY2VybnMgYXJpc2Uu4oCd PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LWZhbWlseTpDb25zb2xhcyI+QWx2YXJvLCBJIGFzc3VtZSB3ZSBkb27igJl0IG5lZWQg dG8gcG9zdCBhIG5ldyB2ZXJzaW9uIGFuZCBpdCBjYW4gd2FpdCB0aWxsIHRoZSBuZXh0IHJldmll d3MsIHJpZ2h0PzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNv bGFzIj5UaGFuayB5b3UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5Kb3JnZTxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpD b25zb2xhcyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVy Om5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBj bSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206DQo8L3Nw YW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5TdGVwaGVu IEtlbnQgJmx0O3N0a2VudEB2ZXJpem9uLm5ldCZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+RnJpZGF5 LCBGZWJydWFyeSAyLCAyMDE4IGF0IDExOjA2IFBNPGJyPg0KPGI+VG86IDwvYj5BbHZhcm8gUmV0 YW5hICZsdDthcmV0YW5hLmlldGZAZ21haWwuY29tJmd0OywgJnF1b3Q7SGVuZGVyaWNreCwgV2lt IChOb2tpYSAtIEJFL0FudHdlcnApJnF1b3Q7ICZsdDt3aW0uaGVuZGVyaWNreEBub2tpYS5jb20m Z3Q7LCAmcXVvdDtzYWphc3NpQGNpc2NvLmNvbSZxdW90OyAmbHQ7c2FqYXNzaUBjaXNjby5jb20m Z3Q7LCAmcXVvdDt1dHRhcm9AYXR0LmNvbSZxdW90OyAmbHQ7dXR0YXJvQGF0dC5jb20mZ3Q7LCAm cXVvdDtSYWJhZGFuLCBKb3JnZSAoTm9raWEgLSBVUy9Nb3VudGFpbiBWaWV3KSZxdW90OyAmbHQ7 am9yZ2UucmFiYWRhbkBub2tpYS5jb20mZ3Q7LA0KICZxdW90O3N0ZXBoYW5lLmxpdGtvd3NraUBv cmFuZ2UuY29tJnF1b3Q7ICZsdDtzdGVwaGFuZS5saXRrb3dza2lAb3JhbmdlLmNvbSZndDssICZx dW90O1ZpZ291cmV1eCwgTWFydGluIChOb2tpYSAtIEZSL1BhcmlzLVNhY2xheSkmcXVvdDsgJmx0 O21hcnRpbi52aWdvdXJldXhAbm9raWEuY29tJmd0OywgJnF1b3Q7c2VjZGlyQGlldGYub3JnJnF1 b3Q7ICZsdDtzZWNkaXJAaWV0Zi5vcmcmZ3Q7LCAmcXVvdDtQYWxpc2xhbW92aWMsIFNlbmFkIChO b2tpYSAtIFVTKSZxdW90OyAmbHQ7c2VuYWQucGFsaXNsYW1vdmljQG5va2lhLmNvbSZndDs8YnI+ DQo8Yj5TdWJqZWN0OiA8L2I+UmU6IFNFQ0RJUiByZXZpZXcgb2YgZHJhZnQtaWV0Zi0gYmVzcy1l dnBuLXVzYWdlLTA3PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij48YSBuYW1lPSJfTWFpbE9yaWdpbmFsQm9keSI+QWx2YXJvLDxvOnA+PC9v OnA+PC9hPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7 bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2IGlkPSJibG9vcF9jdXN0b21mb250Ij4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJt c28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpI ZWx2ZXRpY2E7Y29sb3I6YmxhY2siPk9uIEZlYnJ1YXJ5IDIsIDIwMTggYXQgMToxNjoyOCBQTSwg U3RlcGhlbiBLZW50ICg8L3NwYW4+PC9zcGFuPjxhIGhyZWY9Im1haWx0bzpzdGtlbnRAdmVyaXpv bi5uZXQiPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFu IHN0eWxlPSJmb250LWZhbWlseTpIZWx2ZXRpY2EiPnN0a2VudEB2ZXJpem9uLm5ldDwvc3Bhbj48 L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PC9zcGFu PjwvYT48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBz dHlsZT0iZm9udC1mYW1pbHk6SGVsdmV0aWNhO2NvbG9yOmJsYWNrIj4pDQogd3JvdGU6PC9zcGFu Pjwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3Bh biBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rp dj4NCjxkaXYgaWQ9ImJsb29wX2N1c3RvbWZvbnQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9y aWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJibG9vcF9jdXN0b21mb250Ij4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTpIZWx2ZXRpY2E7Y29sb3I6YmxhY2siPlN0ZXZlOjwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5bGU9 Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNr Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJibG9vcF9j dXN0b21mb250Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0 eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9zcGFuPjwvcD4NCjwv ZGl2Pg0KPGRpdiBpZD0iYmxvb3BfY3VzdG9tZm9udCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWls T3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6SGVsdmV0aWNhO2NvbG9yOmJs YWNrIj5IaSEmbmJzcDsgSG93IGFyZSB5b3U/PC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0ibXNv LWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxv OnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJt c28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpI ZWx2ZXRpY2EiPkknbSB3ZWxsLiBUaGFua3MgZm9yIGFza2luZy48L3NwYW4+PC9zcGFuPjxzcGFu IHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxicj4NCjxicj4NCjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21h cmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdiBpZD0iYmxvb3BfY3VzdG9tZm9udCI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0ibXNv LWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9ImJsb29w X2N1c3RvbWZvbnQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2 LjBwdCI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4g c3R5bGU9ImZvbnQtZmFtaWx5OkhlbHZldGljYTtjb2xvcjpibGFjayI+Li4uPC9zcGFuPjwvc3Bh bj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHls ZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4tYm90dG9tOjUu MHB0O2ZvbnQtdmFyaWFudC1jYXBzOm5vcm1hbDt0ZXh0LWFsaWduOnN0YXJ0O3dvcmQtc3BhY2lu ZzowcHgiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQ7Zm9udC12YXJpYW50LWNhcHM6bm9ybWFsO3RleHQtYWxpZ246c3RhcnQ7d29yZC1zcGFj aW5nOjBweCI+DQo8c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48 c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6SGVsdmV0aWNhO2NvbG9yOmJsYWNrIj5TZWN0aW9uIDEw IChTZWN1cml0eSBDb25zaWRlcmF0aW9ucykgY29uc2lzdHMgb2Ygb25seSBvbmUgc2VudGVuY2Us IHdoaWNoIHJlZmVycyB0byB0aGUgY29ycmVzcG9uZGluZyBkaXNjdXNzaW9uIGluIFJGQyA3NDMy LiBBZGRpdGlvbmFsIHRleHQgc2hvdWxkIGJlIHByb3ZpZGVkIGhlcmUNCiB0byBleHBsYWluIHdo eSB0aGlzIGRvY3VtZW50IGRvZXMgbm90IGFkZCBhbnkgbmV3IHNlY3VyaXR5IGNvbnNpZGVyYXRp b25zLiBQcmVzdW1hYmx5IHRoZSByYXRpb25hbGUgaXMgdGhhdCB0aGUgcHJvdmlzaW9uaW5nIG1v ZGVsIGFuZCBpbml0aWFsaXphdGlvbiBwcm9jZWR1cmVzIGRlc2NyaWJlZCBoZXJlIGFyZSBhIHN1 YnNldCBvZiB0aGUgbW9yZSBnZW5lcmFsIGRpc2N1c3Npb24gaW4gNzQzMiBhbmQgdGh1cyBubyBu ZXcgc2VjdXJpdHkgY29uY2VybnMNCiBhcmlzZSBhcyBhIHJlc3VsdCBvZiB0aGlzIG1vcmUgZGV0 YWlsZWQgaW5mb3JtYXRpb24uIEkgYW0gbm90IGluIGEgcG9zaXRpb24gdG8ganVkZ2Ugd2hldGhl ciB0aGF0IHBvdGVudGlhbCByYXRpb25hbGUgaXMgdHJ1ZS48L3NwYW4+PHNwYW4gc3R5bGU9ImNv bG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2Nr cXVvdGU+DQo8L2Rpdj4NCjxwIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWls eTpIZWx2ZXRpY2EiPkZhaXIgZW5vdWdoLjwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 L2Jsb2NrcXVvdGU+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYu MHB0Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBz dHlsZT0iZm9udC1mYW1pbHk6SGVsdmV0aWNhIj5Hb29kLjwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5 bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PGJyPg0KPGJyPg0KPG86cD48L286 cD48L3NwYW4+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFyZ2lu LWJvdHRvbTo1LjBwdDtmb250LXZhcmlhbnQtY2Fwczpub3JtYWw7dGV4dC1hbGlnbjpzdGFydDt3 b3JkLXNwYWNpbmc6MHB4Ij4NCjxkaXY+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdp bi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdDtmb250LXZhcmlhbnQtY2Fwczpub3JtYWw7 dGV4dC1hbGlnbjpzdGFydDt3b3JkLXNwYWNpbmc6MHB4Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQ7Zm9udC12YXJpYW50LWNhcHM6bm9ybWFsO3RleHQt YWxpZ246c3RhcnQ7d29yZC1zcGFjaW5nOjBweCI+DQo8c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJr Ol9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6SGVsdmV0aWNhO2Nv bG9yOmJsYWNrIj5JIHJldmlld2VkIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9u IG9mIFJGQyA3NDMyLiBJdCBjb250YWlucyBhYm91dCAxLjUgcGFnZXMgb2YgdGV4dC4gVGhlIGZp cnN0IHBhcmFncmFwaCB0aGVyZSBjaXRlcyBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyB0ZXh0IGlu IFJGQ3MNCiA0NzYxLCA0NzYyLCBhbmQgNDM2NCBhbmQgdGhlIHRleHQgdGhlcmUgaXMgZ2VuZXJh bGx5IHdlbGwtd3JpdHRlbi4gSG93ZXZlciwgdGhlcmUgaXMgYSBzaWduaWZpY2FudCBvbWlzc2lv biwgb25lIHRoYXQgc2hvdWxkIGhhdmUgYmVlbiBub3RlZCBpbiB0aGUgU0VDRElSIHJldmlldyBv ZiB0aGF0IGRvY3VtZW50LiBTcGVjaWZpY2FsbHksIDc0MzIgY2l0ZXMgTk9ORSBvZiB0aGUgQkdQ IHNlY3VyaXR5IFJGQ3MgcHJvZHVjZWQgYnkgdGhlIFNJRFINCiBXRyAoZS5nLiwgUkZDcyA2NDgw LTkzIGV0IGFsKSwgZXZlbiB0aG91Z2ggdGhleSBwcmVjZWRlZCBwdWJsaWNhdGlvbiBvZiB0aGF0 IFJGQy4gU2luY2UgdGhvc2UgZG9jdW1lbnRzIHJlcHJlc2VudGVkIHRoZSBsYXRlc3QgcHJvcG9z YWxzIGZvciBpbXByb3ZpbmcgQkdQIHNlY3VyaXR5IGF0IHRoZSB0aW1lLCB0aGV5IG91Z2h0IHRv IGhhdmUgYmVlbiBjaXRlZCBhbmQgYSB2ZXJ5IGJyaWVmIGRpc2N1c3Npb24gb2YgdGhlaXIgcmVs ZXZhbmNlIHRvDQogRVZQTiBCR1AgTVBMUyBkZXBsb3ltZW50cy4gSSBzdWdnZXN0IHRoYXQgdGhp cyBkb2N1bWVudCByZWN0aWZ5IHRoaXMgb21pc3Npb24sIGkuZS4sIGNpdGUgc2V2ZXJhbCBvZiB0 aGUgQkdQIHNlY3VyZSBvcmlnaW4gYXV0aGVudGljYXRpb24gUkZDcywgYW5kIHRoZSByZWNlbnQg QkdQU2VjIFJGQ3MgKDgyMDUtMTEpLCBhbmQgbm90ZSB0aGUgcmVsZXZhbmNlIG9mIHRob3NlIHN0 YW5kYXJkcyB0byBFVlBOIEJHUCBNUExTIGRlcGxveW1lbnRzLjwvc3Bhbj48c3BhbiBzdHlsZT0i Y29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Rpdj4NCjxwIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxlPSJtc28t Ym9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpIZWx2 ZXRpY2EiPlRoZSB3b3JrIGZyb20gc2lkciBkb2VzbuKAmXQgZGlyZWN0bHkgYXBwbHkgdG8gRVZQ TiBzaW1wbHkgYmVjYXVzZSB0aGUgUk9BcyBhbmQgQkdQU2VjIGhhdmUgYmVlbiBzcGVjaWZpZWQg b25seSBmb3IgSVB2NC9JUHY2IGFuZCBub3QgZm9yIHRoZSBBZGRyZXNzDQogRmFtaWx5IHVzZWQg YnkgRVZQTi48L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkhlbHZldGljYSI+TWF5YmUgYSBzdGF0ZW1lbnQgbGlr ZSB0aGF0IGlzIHdoYXQgeW914oCZcmUgbG9va2luZyBmb3Ig4oCUIGJ1dCBJIGRvbuKAmXQgdGhp bmsgaXQgaXMgYXBwcm9wcmlhdGUgdG8gZ28gYW55IGZ1cnRoZXIgaW4gdGhpcyBkb2N1bWVudC48 L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0i bXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 SGVsdmV0aWNhIj5BIHN0YXRlbWVudCBleHBsYWluaW5nIHdoeSBBUyBvcmlnaW4gYXV0aGVudGlj YXRpb24gYW5kIEJHUFNlYyBhcmUgbm90IHJlbGV2YW50IHdvdWxkIGFkZHJlc3MgbXkgY29uY2Vy bnMuPGJyPg0KPGJyPg0KVGhhbmtzLDxicj4NCjxicj4NClN0ZXZjZTxicj4NCjxicj4NCjwvc3Bh bj48L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PC9z cGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_9D77D57CE135479E832869470CC4FF31nokiacom_-- From nobody Thu Feb 8 06:32:49 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0283E126E64 for ; Thu, 8 Feb 2018 06:32:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TDZem4uZhZt for ; Thu, 8 Feb 2018 06:32:44 -0800 (PST) Received: from omr-m001e.mx.aol.com (omr-m001e.mx.aol.com [204.29.186.1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8D61201F2 for ; Thu, 8 Feb 2018 06:32:44 -0800 (PST) Received: from mtaout-mba02.mx.aol.com (mtaout-mba02.mx.aol.com [172.26.133.110]) by omr-m001e.mx.aol.com (Outbound Mail Relay) with ESMTP id A32133800089; Thu, 8 Feb 2018 09:32:43 -0500 (EST) Received: from Steves-MacBook-Pro.local (0x5374657665732d4d6163426f6f6b2d50726f2e6c6f63616c [202.56.236.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-mba02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 9134F3800008A; Thu, 8 Feb 2018 09:32:40 -0500 (EST) To: "Rabadan, Jorge (Nokia - US/Mountain View)" , Alvaro Retana , "Henderickx, Wim (Nokia - BE/Antwerp)" , "sajassi@cisco.com" , "uttaro@att.com" , "stephane.litkowski@orange.com" , "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" , "secdir@ietf.org" , "Palislamovic, Senad (Nokia - US)" References: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> From: Stephen Kent Message-ID: Date: Thu, 8 Feb 2018 09:32:37 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> Content-Type: multipart/alternative; boundary="------------3620A12250AB41C0E1A523FA" x-aol-global-disposition: G x-aol-sid: 3039ac1a856e5a7c5f883bad X-AOL-IP: 202.56.236.238 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 14:32:46 -0000 This is a multi-part message in MIME format. --------------3620A12250AB41C0E1A523FA Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Jorge, > Kent, > Steve is my first name. > > Thank you very much for your comments. > > I have fixed the grammar errors, added PE to the terminology section > great > > and added this to the security section: > > The procedures described in this document are a subset of the > procedures in [RFC7432] and thus no new security concerns arise. > fine. How about adding a couple of sentences after that, noting why the SIDR BGP origin authentication and route security RFCs are not relevant, e.g., "The standards produced by the SIDR WG, which address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11) do not apply here. This is because EVPNs rely on BGP to convey information about Ethernet address space, not IPv4/v6 address space." Steve > --------------3620A12250AB41C0E1A523FA Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit

Jorge,

Kent,

Steve is my first name.

Thank you very much for your comments.

I have fixed the grammar errors, added PE to the terminology section

great

and added this to the security section:

The procedures described in this document are a subset of the procedures in [RFC7432] and thus no new security concerns arise.

fine.

How about adding a couple of sentences after that, noting why the SIDR BGP origin authentication and route security RFCs are not relevant, e.g.,

"The standards produced by the SIDR WG, which address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11) do not apply here. This is because EVPNs rely on BGP to convey information about Ethernet address space, not IPv4/v6 address space."

Steve


--------------3620A12250AB41C0E1A523FA-- From nobody Thu Feb 8 11:15:56 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D9F127337 for ; Thu, 8 Feb 2018 11:15:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9XKskeszSFFi for ; Thu, 8 Feb 2018 11:15:52 -0800 (PST) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0701.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::701]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60A9D126E3A for ; Thu, 8 Feb 2018 11:15:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P8Z+cwqQirELvLkmyEOzuTtuhedNTkWNw1eBbuwX1ik=; b=L3ZP1DDIOL1i5gDUMcRbbOw0xkHe1rF8AmwlARwELF4D4b0C1bNPR9+YG+vKqKCeC8wyBcqHx/1gs74v9cI4zo7Hq/3Vj1TxmuOtDyaI8ZuQJtp+qIL9m88DJ4Ei3QNTXo5oUAqisiJS4boGGOyO9vE7srd+w6ujVGAiIbP2t+k= Received: from AM4PR07MB3409.eurprd07.prod.outlook.com (10.171.189.158) by AM4PR07MB3379.eurprd07.prod.outlook.com (10.171.189.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.7; Thu, 8 Feb 2018 19:15:47 +0000 Received: from AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085]) by AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085%2]) with mapi id 15.20.0506.007; Thu, 8 Feb 2018 19:15:46 +0000 From: "Rabadan, Jorge (Nokia - US/Mountain View)" To: Stephen Kent , Alvaro Retana , "Henderickx, Wim (Nokia - BE/Antwerp)" , "sajassi@cisco.com" , "uttaro@att.com" , "stephane.litkowski@orange.com" , "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" , "secdir@ietf.org" , "Palislamovic, Senad (Nokia - US)" Thread-Topic: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 Thread-Index: AQHTnFHz0wf12N+xhkuJ9V8mooRWQaORnxaAgAAMgwCACPeYgP//93+AgABf34A= Date: Thu, 8 Feb 2018 19:15:46 +0000 Message-ID: References: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180204 authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com; x-originating-ip: [135.245.20.28] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB3379; 7:JGsXj72bLZJQDiNlLYTKJw5LjlbbLkwkNhxN7uxgLUxsrbArRNm9Q+nxpKTrZlMKk1YOI7Yd0odbZTA2ln3AJyfwE1ig3QpngWeJTGoz8Vcb1aFDxXfgAHWzKpX7hWWKpck5p9zLBMMJ3FY694URRQxt538ZpowU+d5PN4XqxZemd68JQYXx11KdWYSMPVJqj8wfxTMDgzucfAi5WR3vvFd1sq45pCtnl/j3Z8AZ1Gaxg8Cgp/b67nqZ0f9khdU0 x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(366004)(346002)(376002)(396003)(189003)(199004)(6512007)(186003)(6486002)(81156014)(83506002)(2950100002)(25786009)(14454004)(82746002)(5250100002)(5660300001)(2501003)(316002)(39060400002)(229853002)(6246003)(6306002)(53936002)(6436002)(54896002)(97736004)(6636002)(2906002)(68736007)(36756003)(106356001)(478600001)(66066001)(2900100001)(7736002)(105586002)(93886005)(3280700002)(3660700001)(102836004)(8936002)(59450400001)(81166006)(26005)(8676002)(3846002)(86362001)(6116002)(9326002)(99286004)(110136005)(6506007)(2201001)(33656002)(83716003)(58126008)(53546011)(76176011)(8656006)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB3379; H:AM4PR07MB3409.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 4915c9be-9de7-4937-ccb1-08d56f285b8d x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:AM4PR07MB3379; x-ms-traffictypediagnostic: AM4PR07MB3379: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(82608151540597)(85827821059158)(97927398514766)(88262167912993)(95692535739014)(18271650672692)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231101)(11241501184)(806099)(2400082)(944501161)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(6072148)(201708071742011); SRVR:AM4PR07MB3379; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3379; x-forefront-prvs: 0577AD41D6 received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: CGZn0rkmLxqCBCv5QTpIa4dzLWc2/NXvagqEVw38yawZVGc9uJ7jmz9a+mooKK3pqmiR0+MZZ0V3VWMjeQfpYr8Rs4uC0+4azrigojQYNcX6gOSAnUDydGNd7Pg9hNBy spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_AA54F427E09D4E49BE03051EDAF5EEC7nokiacom_" MIME-Version: 1.0 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4915c9be-9de7-4937-ccb1-08d56f285b8d X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2018 19:15:46.7406 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3379 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 19:15:55 -0000 --_000_AA54F427E09D4E49BE03051EDAF5EEC7nokiacom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgU3RldmUsDQoNClBsZWFzZSBzZWUgaW4tbGluZS4NClRoYW5rIHlvdSENCkpvcmdlDQoNCkZy b206IFN0ZXBoZW4gS2VudCA8c3RrZW50QHZlcml6b24ubmV0Pg0KRGF0ZTogVGh1cnNkYXksIEZl YnJ1YXJ5IDgsIDIwMTggYXQgMzozMiBQTQ0KVG86ICJSYWJhZGFuLCBKb3JnZSAoTm9raWEgLSBV Uy9Nb3VudGFpbiBWaWV3KSIgPGpvcmdlLnJhYmFkYW5Abm9raWEuY29tPiwgQWx2YXJvIFJldGFu YSA8YXJldGFuYS5pZXRmQGdtYWlsLmNvbT4sICJIZW5kZXJpY2t4LCBXaW0gKE5va2lhIC0gQkUv QW50d2VycCkiIDx3aW0uaGVuZGVyaWNreEBub2tpYS5jb20+LCAic2FqYXNzaUBjaXNjby5jb20i IDxzYWphc3NpQGNpc2NvLmNvbT4sICJ1dHRhcm9AYXR0LmNvbSIgPHV0dGFyb0BhdHQuY29tPiwg InN0ZXBoYW5lLmxpdGtvd3NraUBvcmFuZ2UuY29tIiA8c3RlcGhhbmUubGl0a293c2tpQG9yYW5n ZS5jb20+LCAiVmlnb3VyZXV4LCBNYXJ0aW4gKE5va2lhIC0gRlIvUGFyaXMtU2FjbGF5KSIgPG1h cnRpbi52aWdvdXJldXhAbm9raWEuY29tPiwgInNlY2RpckBpZXRmLm9yZyIgPHNlY2RpckBpZXRm Lm9yZz4sICJQYWxpc2xhbW92aWMsIFNlbmFkIChOb2tpYSAtIFVTKSIgPHNlbmFkLnBhbGlzbGFt b3ZpY0Bub2tpYS5jb20+DQpTdWJqZWN0OiBSZTogW3NlY2Rpcl0gU0VDRElSIHJldmlldyBvZiBk cmFmdC1pZXRmLSBiZXNzLWV2cG4tdXNhZ2UtMDcNCg0KDQpKb3JnZSwNCktlbnQsDQpTdGV2ZSBp cyBteSBmaXJzdCBuYW1lLg0KW0pPUkdFXSBTb3JyeSBhYm91dCB0aGF0ISBJIHNob3VsZCBoYXZl IHBhaWQgbW9yZSBhdHRlbnRpb24uDQoNCg0KDQpUaGFuayB5b3UgdmVyeSBtdWNoIGZvciB5b3Vy IGNvbW1lbnRzLg0KSSBoYXZlIGZpeGVkIHRoZSBncmFtbWFyIGVycm9ycywgYWRkZWQgUEUgdG8g dGhlIHRlcm1pbm9sb2d5IHNlY3Rpb24NCmdyZWF0DQoNCmFuZCBhZGRlZCB0aGlzIHRvIHRoZSBz ZWN1cml0eSBzZWN0aW9uOg0KDQrigJxUaGUgcHJvY2VkdXJlcyBkZXNjcmliZWQgaW4gdGhpcyBk b2N1bWVudCBhcmUgYSBzdWJzZXQgb2YgdGhlIHByb2NlZHVyZXMgaW4gW1JGQzc0MzJdIGFuZCB0 aHVzIG5vIG5ldyBzZWN1cml0eSBjb25jZXJucyBhcmlzZS7igJ0NCg0KZmluZS4NCg0KSG93IGFi b3V0IGFkZGluZyBhIGNvdXBsZSBvZiBzZW50ZW5jZXMgYWZ0ZXIgdGhhdCwgbm90aW5nIHdoeSB0 aGUgU0lEUiBCR1Agb3JpZ2luIGF1dGhlbnRpY2F0aW9uIGFuZCByb3V0ZSBzZWN1cml0eSBSRkNz IGFyZSBub3QgcmVsZXZhbnQsIGUuZy4sDQoNCiJUaGUgc3RhbmRhcmRzIHByb2R1Y2VkIGJ5IHRo ZSBTSURSIFdHLCB3aGljaCBhZGRyZXNzIHNlY3VyZSByb3V0ZSBvcmlnaW4gYXV0aGVudGljYXRp b24gKGUuZy4sIFJGQ3MgNjQ4MC05MykgYW5kIHJvdXRlIGFkdmVydGlzZW1lbnQgc2VjdXJpdHkg KGUuZy4sIFJGQ3MgODIwNS0xMSkgZG8gbm90IGFwcGx5IGhlcmUuIFRoaXMgaXMgYmVjYXVzZSBF VlBOcyAgcmVseSBvbiBCR1AgdG8gY29udmV5IGluZm9ybWF0aW9uIGFib3V0IEV0aGVybmV0IGFk ZHJlc3Mgc3BhY2UsIG5vdCBJUHY0L3Y2IGFkZHJlc3Mgc3BhY2UuIg0KW0pPUkdFXSBobW0uLi4g aG93IGFib3V0IHRoaXMgaW5zdGVhZDoNCuKAnFRoZSBzdGFuZGFyZHMgcHJvZHVjZWQgYnkgdGhl IFNJRFIgV0csIHdoaWNoIGFkZHJlc3Mgc2VjdXJlIHJvdXRlIG9yaWdpbiBhdXRoZW50aWNhdGlv biAoZS5nLiwgUkZDcyA2NDgwLTkzKSBhbmQgcm91dGUgYWR2ZXJ0aXNlbWVudCBzZWN1cml0eSAo ZS5nLiwgUkZDcyA4MjA1LTExKSBkbyBub3QgYXBwbHkgdG8gdGhlIEVWUE4gZmFtaWx5LCBoZW5j ZSB0aGV5IGFyZSBub3QgcmVsZXZhbnQgdG8gW1JGQzc0MzJdIG9yIHRoaXMgZG9jdW1lbnQu4oCd DQoNClRoZSByZWFzb24gaXMgYmVjYXVzZSBFVlBOIGNvbnZleXMgRXRoZXJuZXQgYWRkcmVzcyBz cGFjZSBidXQgYWxzbyBzb21lIG90aGVyIGluZm9ybWF0aW9uLg0KDQoNClN0ZXZlDQoNCg0KDQo= --_000_AA54F427E09D4E49BE03051EDAF5EEC7nokiacom_ Content-Type: text/html; charset="utf-8" Content-ID: <65B0920CAA391D4AB030821E0B6200B7@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczpkdD0i dXVpZDpDMkY0MTAxMC02NUIzLTExZDEtQTI5Ri0wMEFBMDBDMTQ4ODIiIHhtbG5zOm09Imh0dHA6 Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vb2ZmaWNlLzIwMDQvMTIvb21tbCIgeG1sbnM9Imh0dHA6 Ly93d3cudzMub3JnL1RSL1JFQy1odG1sNDAiPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJD b250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI+DQo8bWV0YSBu YW1lPSJHZW5lcmF0b3IiIGNvbnRlbnQ9Ik1pY3Jvc29mdCBXb3JkIDE1IChmaWx0ZXJlZCBtZWRp dW0pIj4NCjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAy IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q29uc29sYXM7DQoJ cGFub3NlLTE6MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls eToiVGltZXMgTmV3IFJvbWFuIFwoQm9keSBDU1wpIjsNCglwYW5vc2UtMTowIDAgNSAwIDAgMCAw IDIgMCAwO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9y bWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0 Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJ Y29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bh bi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6 cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29ub3JtYWwwLCBsaS5t c29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJ bXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjExLjBwdDsN Cglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0K CXttc28tc3R5bGUtdHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseTpDb25zb2xhczsNCgljb2xv cjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIwDQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0K Lk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXpl OjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJ bWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJ e3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJF Ti1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlv bjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNv bGFzIj5IaSBTdGV2ZSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpD b25zb2xhcyI+UGxlYXNlIHNlZSBpbi1saW5lLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+VGhhbmsg eW91ITxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Sm9yZ2U8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPjxv OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl ci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5Gcm9tOg0KPC9zcGFuPjwvYj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+U3RlcGhlbiBLZW50ICZsdDtz dGtlbnRAdmVyaXpvbi5uZXQmZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPlRodXJzZGF5LCBGZWJydWFy eSA4LCAyMDE4IGF0IDM6MzIgUE08YnI+DQo8Yj5UbzogPC9iPiZxdW90O1JhYmFkYW4sIEpvcmdl IChOb2tpYSAtIFVTL01vdW50YWluIFZpZXcpJnF1b3Q7ICZsdDtqb3JnZS5yYWJhZGFuQG5va2lh LmNvbSZndDssIEFsdmFybyBSZXRhbmEgJmx0O2FyZXRhbmEuaWV0ZkBnbWFpbC5jb20mZ3Q7LCAm cXVvdDtIZW5kZXJpY2t4LCBXaW0gKE5va2lhIC0gQkUvQW50d2VycCkmcXVvdDsgJmx0O3dpbS5o ZW5kZXJpY2t4QG5va2lhLmNvbSZndDssICZxdW90O3NhamFzc2lAY2lzY28uY29tJnF1b3Q7ICZs dDtzYWphc3NpQGNpc2NvLmNvbSZndDssICZxdW90O3V0dGFyb0BhdHQuY29tJnF1b3Q7ICZsdDt1 dHRhcm9AYXR0LmNvbSZndDssDQogJnF1b3Q7c3RlcGhhbmUubGl0a293c2tpQG9yYW5nZS5jb20m cXVvdDsgJmx0O3N0ZXBoYW5lLmxpdGtvd3NraUBvcmFuZ2UuY29tJmd0OywgJnF1b3Q7Vmlnb3Vy ZXV4LCBNYXJ0aW4gKE5va2lhIC0gRlIvUGFyaXMtU2FjbGF5KSZxdW90OyAmbHQ7bWFydGluLnZp Z291cmV1eEBub2tpYS5jb20mZ3Q7LCAmcXVvdDtzZWNkaXJAaWV0Zi5vcmcmcXVvdDsgJmx0O3Nl Y2RpckBpZXRmLm9yZyZndDssICZxdW90O1BhbGlzbGFtb3ZpYywgU2VuYWQgKE5va2lhIC0gVVMp JnF1b3Q7ICZsdDtzZW5hZC5wYWxpc2xhbW92aWNAbm9raWEuY29tJmd0Ozxicj4NCjxiPlN1Ympl Y3Q6IDwvYj5SZTogW3NlY2Rpcl0gU0VDRElSIHJldmlldyBvZiBkcmFmdC1pZXRmLSBiZXNzLWV2 cG4tdXNhZ2UtMDc8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPHAgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PGEgbmFtZT0iX01h aWxPcmlnaW5hbEJvZHkiPkpvcmdlLDxvOnA+PC9vOnA+PC9hPjwvcD4NCjxibG9ja3F1b3RlIHN0 eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2lu LWJvdHRvbS1hbHQ6YXV0bzttYXJnaW4tbGVmdDozNi4wcHQiPg0KPHNwYW4gc3R5bGU9Im1zby1i b29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNv bGFzIj5LZW50LA0KPC9zcGFuPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ibG9j a3F1b3RlPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+U3RldmUgaXMgbXkg Zmlyc3QgbmFtZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0i Zm9udC1mYW1pbHk6Q29uc29sYXMiPltKT1JHRV0gU29ycnkgYWJvdXQgdGhhdCEgSSBzaG91bGQg aGF2ZSBwYWlkIG1vcmUgYXR0ZW50aW9uLjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHls ZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48YnI+DQo8YnI+DQo8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t Ym90dG9tOjUuMHB0Ij4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1h cmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bWFyZ2luLWxlZnQ6 MzYuMHB0Ij4NCjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxz cGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttYXJnaW4tbGVmdDozNi4wcHQiPg0K PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9 ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj5UaGFuayB5b3UgdmVyeSBtdWNoIGZvciB5b3VyIGNvbW1l bnRzLjwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87 bWFyZ2luLWxlZnQ6MzYuMHB0Ij4NCjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmln aW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+SSBoYXZlIGZpeGVk IHRoZSBncmFtbWFyIGVycm9ycywgYWRkZWQgUEUgdG8gdGhlIHRlcm1pbm9sb2d5IHNlY3Rpb24N Cjwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPmdyZWF0PGJyPg0KPGJyPg0KPG86cD48 L286cD48L3NwYW4+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6NS4wcHQ7bWFy Z2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1z by1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21hcmdpbi1s ZWZ0OjM2LjBwdCI+DQo8c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5 Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPmFuZCBhZGRlZCB0aGlzIHRvIHRo ZSBzZWN1cml0eSBzZWN0aW9uOjwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1i b3R0b20tYWx0OmF1dG87bWFyZ2luLWxlZnQ6MzYuMHB0Ij4NCjxzcGFuIHN0eWxlPSJtc28tYm9v a21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xh cyI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0bzttYXJnaW4tbGVmdDozNi4wcHQiPg0KPHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFp bE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj7igJxUaGUg cHJvY2VkdXJlcyBkZXNjcmliZWQgaW4gdGhpcyBkb2N1bWVudCBhcmUgYSBzdWJzZXQgb2YgdGhl IHByb2NlZHVyZXMgaW4gW1JGQzc0MzJdIGFuZCB0aHVzIG5vIG5ldyBzZWN1cml0eSBjb25jZXJu cyBhcmlzZS7igJ08L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvO21hcmdpbi1sZWZ0OjM2LjBwdCI+DQo8c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9N YWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPiZuYnNw Ozwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPmZpbmUuPGJyPg0KPGJyPg0KSG93IGFi b3V0IGFkZGluZyBhIGNvdXBsZSBvZiBzZW50ZW5jZXMgYWZ0ZXIgdGhhdCwgbm90aW5nIHdoeSB0 aGUgU0lEUiBCR1Agb3JpZ2luIGF1dGhlbnRpY2F0aW9uIGFuZCByb3V0ZSBzZWN1cml0eSBSRkNz IGFyZSBub3QgcmVsZXZhbnQsIGUuZy4sPGJyPg0KPGJyPg0KJnF1b3Q7VGhlIHN0YW5kYXJkcyBw cm9kdWNlZCBieSB0aGUgU0lEUiBXRywgd2hpY2ggYWRkcmVzcyBzZWN1cmUgcm91dGUgb3JpZ2lu IGF1dGhlbnRpY2F0aW9uIChlLmcuLCBSRkNzIDY0ODAtOTMpIGFuZCByb3V0ZSBhZHZlcnRpc2Vt ZW50IHNlY3VyaXR5IChlLmcuLCBSRkNzIDgyMDUtMTEpIGRvIG5vdCBhcHBseSBoZXJlLiBUaGlz IGlzIGJlY2F1c2UgRVZQTnMmbmJzcDsgcmVseSBvbiBCR1AgdG8gY29udmV5IGluZm9ybWF0aW9u IGFib3V0IEV0aGVybmV0IGFkZHJlc3MNCiBzcGFjZSwgbm90IElQdjQvdjYgYWRkcmVzcyBzcGFj ZS4mcXVvdDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9u dC1mYW1pbHk6Q29uc29sYXMiPltKT1JHRV0gaG1tLi4uIGhvdyBhYm91dCB0aGlzIGluc3RlYWQ6 PG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPuKAnFRoZSBzdGFuZGFyZHMg cHJvZHVjZWQgYnkgdGhlIFNJRFIgV0csIHdoaWNoIGFkZHJlc3Mgc2VjdXJlIHJvdXRlIG9yaWdp biBhdXRoZW50aWNhdGlvbiAoZS5nLiwgUkZDcyA2NDgwLTkzKSBhbmQgcm91dGUgYWR2ZXJ0aXNl bWVudCBzZWN1cml0eSAoZS5nLiwgUkZDcyA4MjA1LTExKSBkbyBub3QgYXBwbHkgdG8gdGhlIEVW UE4gZmFtaWx5LA0KIGhlbmNlIHRoZXkgYXJlIG5vdCByZWxldmFudCB0byBbUkZDNzQzMl0gb3Ig dGhpcyBkb2N1bWVudC7igJ08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i bXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij5UaGUgcmVhc29uIGlzIGJlY2F1c2UgRVZQ TiBjb252ZXlzIEV0aGVybmV0IGFkZHJlc3Mgc3BhY2UgYnV0IGFsc28gc29tZSBvdGhlciBpbmZv cm1hdGlvbi48L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9k eSI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj48bzpwPjwvbzpwPjwvc3Bhbj48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBw dCI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PGJyPg0KPGJy Pg0KU3RldmUgPG86cD48L286cD48L3NwYW4+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdp bi10b3A6NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWls T3JpZ2luYWxCb2R5Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Jsb2NrcXVvdGU+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48c3BhbiBz dHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48YnI+DQo8YnI+DQo8L3NwYW4+ PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_AA54F427E09D4E49BE03051EDAF5EEC7nokiacom_-- From nobody Thu Feb 8 23:51:25 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 03885129511; Thu, 8 Feb 2018 23:51:15 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tero Kivinen To: Cc: ietf@ietf.org, draft-ietf-bess-dci-evpn-overlay.all@ietf.org, bess@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151816267496.1260.17184693315315179259@ietfa.amsl.com> Date: Thu, 08 Feb 2018 23:51:15 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-bess-dci-evpn-overlay-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 07:51:15 -0000 Reviewer: Tero Kivinen Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes how Network Virtualization Overlays (NVO) can be connected to a Wide Area Network (WAN) in order to extend the layer-2 connectivity required for some tenants. The security considerations section refers to several other documents describing other technologies (RFC7432], [EVPN-Overlays], [RFC7623], [RFC4761] and [RFC4762]) and continues to describe that the "DCI using GWs" method covered by this document is more secure than the other method "DCI using ASBRs". From nobody Thu Feb 8 23:56:12 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ACD412420B for ; Thu, 8 Feb 2018 23:56:11 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151816297145.1200.6056276296295672265.idtracker@ietfa.amsl.com> Date: Thu, 08 Feb 2018 23:56:11 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 07:56:11 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-02-08 Reviewer LC end Draft Donald Eastlake 2018-01-31 draft-farrel-sfc-convent-05 Ólafur Guðmundsson 2018-02-07 draft-ietf-tls-dnssec-chain-extension-06 Steve Hanna 2018-02-05 draft-ietf-trill-ecn-support-05 Brian Weis R2018-01-26 draft-ietf-idr-bgp-prefix-sid-14 For telechat 2018-02-22 Reviewer LC end Draft Stephen Farrell R2018-01-26 draft-ietf-ice-rfc5245bis-17 Tobias Gondrom 2018-02-21 draft-ietf-sacm-nea-swima-patnc-02 Christian Huitema R2018-02-19 draft-ietf-lwig-crypto-sensors-05 Leif Johansson 2018-02-20 draft-ietf-nvo3-hpvr2nve-cp-req-15 Benjamin Kaduk 2018-02-14 draft-ietf-rtgwg-backoff-algo-07 Scott Kelly 2018-02-09 draft-ietf-bess-fat-pw-bgp-03 Adam Montville 2018-02-22 draft-ietf-bier-ospf-bier-extensions-10 Russ Mundy 2018-02-22 draft-ietf-bier-isis-extensions-06 Sandra Murphy 2018-02-19 draft-ietf-lime-yang-connection-oriented-oam-model-05 Yoav Nir 2018-02-15 draft-ietf-modern-problem-framework-03 For telechat 2018-03-08 Reviewer LC end Draft Derek Atkins 2018-02-22 draft-ietf-bier-mvpn-09 Daniel Gillmor 2018-03-05 draft-gutmann-scep-09 Watson Ladd None draft-ietf-rmcat-sbd-09 Ben Laurie None draft-ietf-6tisch-6top-protocol-09 Barry Leiba None draft-ietf-6man-ndpioiana-02 Chris Lonvick None draft-ietf-6lo-rfc6775-update-11 David Mandelberg 2018-02-22 draft-ietf-ice-trickle-16 Daniel Migault 2018-02-21 draft-ietf-sidr-slurm-06 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-09 Charlie Kaufman 2018-02-14 draft-ietf-mmusic-sdp-bundle-negotiation-48 Matthew Miller 2018-02-20 draft-ietf-tram-stunbis-15 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ólafur Guðmundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Next in the reviewer rotation: Magnus Nystrom Hilarie Orman Radia Perlman Derrell Piper Tim Polk Vincent Roca Kyle Rose Joseph Salowey Rich Salz Stefan Santesson From nobody Fri Feb 9 01:01:31 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ECC141200E5; Fri, 9 Feb 2018 01:01:20 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Stephen Farrell To: Cc: draft-ietf-ice-rfc5245bis.all@ietf.org, ietf@ietf.org, ice@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151816688090.1120.13030962642627909709@ietfa.amsl.com> Date: Fri, 09 Feb 2018 01:01:20 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-ice-rfc5245bis-17 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 09:01:21 -0000 Reviewer: Stephen Farrell Review result: Ready The diff from -16 to -17 resolved the issues I raised earlier so this one seems ready to me. From nobody Fri Feb 9 01:15:33 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80EC912420B for ; Fri, 9 Feb 2018 01:15:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.321 X-Spam-Level: X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYVJNmR-fwV2 for ; Fri, 9 Feb 2018 01:15:23 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 311B8127698 for ; Fri, 9 Feb 2018 01:15:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1518167719; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=BX9hLP8IVCLmtjboahS84jX1lA3RjLILkSPznZxELbE=; b=AbnfYZ0709zNdfe7vSjhNkQB9KRpV3gC5jLkRdgE2JsoaGB4YPmNLva4nwodsWG+ uB/tndW7XIVlklztbCnZlj/bktEzwJsPnv8DvKCtqvxiBfs8LgCeFxtxRPBrBlCv cGmeHOIGS2UsJk+pzD5GCTDLkpAifeET04/+8EoGjZI=; X-AuditID: c1b4fb25-859119c00000341b-0e-5a7d66a7922d Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.183.42]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 34.AD.13339.7A66D7A5; Fri, 9 Feb 2018 10:15:19 +0100 (CET) Received: from ESESSMB109.ericsson.se ([169.254.9.195]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.03.0352.000; Fri, 9 Feb 2018 10:15:15 +0100 From: Christer Holmberg To: Stephen Farrell , "secdir@ietf.org" CC: "draft-ietf-ice-rfc5245bis.all@ietf.org" , "ietf@ietf.org" , "ice@ietf.org" Thread-Topic: Secdir telechat review of draft-ietf-ice-rfc5245bis-17 Thread-Index: AQHToYSPAt637vBTKkqDdD+xiXa7uqObyeWw Date: Fri, 9 Feb 2018 09:15:14 +0000 Message-ID: <7594FB04B1934943A5C02806D1A2204B6C16131E@ESESSMB109.ericsson.se> References: <151816688090.1120.13030962642627909709@ietfa.amsl.com> In-Reply-To: <151816688090.1120.13030962642627909709@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.154] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkkeLIzCtJLcpLzFFi42KZGbFdS3d5Wm2Uwb5XhhbHf/xht/h2odbi 2cb5LBYfFj5ksZi+9xq7A6vH2u6rbB5LlvxkCmCK4rJJSc3JLEst0rdL4MrY0dPHXNDFWrHh egdTA+MPli5GTg4JAROJ2c3L2boYuTiEBA4zSsx+8xXKWcwo8erQAfYuRg4ONgELie5/2iAN IgJhEvffH2IFqWEWmMko8frnS0aQhLCAs8SMBe+YIYpcJG7eamKCsI0klrRsAbNZBFQkjq99 xQZi8wr4SrRfngnWKwTU+23hZrCLOIF6v7WeAoszCohJfD+1BqyXWUBc4taT+UwQVwtILNlz nhnCFpV4+fgfK4StJLHo9mcmkJuZBTQl1u/Sh2hVlJjS/ZAdYq2gxMmZT1gmMIrOQjJ1FkLH LCQds5B0LGBkWcUoWpxanJSbbmSsl1qUmVxcnJ+nl5dasokRGEEHt/xW3cF4+Y3jIUYBDkYl Ht5DFrVRQqyJZcWVuYcYJTiYlUR4y2KBQrwpiZVVqUX58UWlOanFhxilOViUxHlPevJGCQmk J5akZqemFqQWwWSZODilGhgt7Scu2fioM5Ft4c1TKe3mr/33rZzXZXnsG1u/u8az5irBcs/0 WZqiLfFzfzNP4+3bdyZAS8dkxfJ76mumRJ7XZfum2nBeZ2VQclz7141HvTNV3HU1Si0P9PCm vnu5Q0bkgO0si9nch157tbrPPWpjETlRaubf5UdS39ce5K7e+9mnUn/C/5NKLMUZiYZazEXF iQDY+9uenAIAAA== Archived-At: Subject: Re: [secdir] Secdir telechat review of draft-ietf-ice-rfc5245bis-17 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 09:15:24 -0000 VGhhbmtzIFN0ZXBoZW4hIDopDQoNClJlZ2FyZHMsDQoNCkNocmlzdGVyDQoNCi0tLS0tT3JpZ2lu YWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBTdGVwaGVuIEZhcnJlbGwgW21haWx0bzpzdGVwaGVuLmZh cnJlbGxAY3MudGNkLmllXSANClNlbnQ6IDA5IEZlYnJ1YXJ5IDIwMTggMTE6MDENClRvOiBzZWNk aXJAaWV0Zi5vcmcNCkNjOiBkcmFmdC1pZXRmLWljZS1yZmM1MjQ1YmlzLmFsbEBpZXRmLm9yZzsg aWV0ZkBpZXRmLm9yZzsgaWNlQGlldGYub3JnDQpTdWJqZWN0OiBTZWNkaXIgdGVsZWNoYXQgcmV2 aWV3IG9mIGRyYWZ0LWlldGYtaWNlLXJmYzUyNDViaXMtMTcNCg0KUmV2aWV3ZXI6IFN0ZXBoZW4g RmFycmVsbA0KUmV2aWV3IHJlc3VsdDogUmVhZHkNCg0KVGhlIGRpZmYgZnJvbSAtMTYgdG8gLTE3 IHJlc29sdmVkIHRoZSBpc3N1ZXMgSSByYWlzZWQgZWFybGllciBzbyB0aGlzIG9uZSBzZWVtcyBy ZWFkeSB0byBtZS4gDQoNCg== From nobody Fri Feb 9 02:57:02 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CFA51200C1 for ; Fri, 9 Feb 2018 02:57:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qD08v_fJjhw for ; Fri, 9 Feb 2018 02:56:59 -0800 (PST) Received: from omr-m003e.mx.aol.com (omr-m003e.mx.aol.com [204.29.186.3]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B4CC126BF0 for ; Fri, 9 Feb 2018 02:56:59 -0800 (PST) Received: from mtaout-maa02.mx.aol.com (mtaout-maa02.mx.aol.com [172.26.222.142]) by omr-m003e.mx.aol.com (Outbound Mail Relay) with ESMTP id 5ED1B3800095; Fri, 9 Feb 2018 05:56:58 -0500 (EST) Received: from Steves-MacBook-Pro.local (0x5374657665732d4d6163426f6f6b2d50726f2e6c6f63616c [202.56.236.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-maa02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 4411B3800008A; Fri, 9 Feb 2018 05:56:55 -0500 (EST) To: "Rabadan, Jorge (Nokia - US/Mountain View)" , Alvaro Retana , "Henderickx, Wim (Nokia - BE/Antwerp)" , "sajassi@cisco.com" , "uttaro@att.com" , "stephane.litkowski@orange.com" , "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" , "secdir@ietf.org" , "Palislamovic, Senad (Nokia - US)" References: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> From: Stephen Kent Message-ID: <8e511c57-4af2-8dbb-9c54-72fdee74b9c3@verizon.net> Date: Fri, 9 Feb 2018 05:56:52 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------F48EC307A061DB0E17B8D9FC" x-aol-global-disposition: G x-aol-sid: 3039ac1ade8e5a7d7e770ae2 X-AOL-IP: 202.56.236.238 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 10:57:01 -0000 This is a multi-part message in MIME format. --------------F48EC307A061DB0E17B8D9FC Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Jorge, > [JORGE] hmm... how about this instead: > > “The standards produced by the SIDR WG, which address secure route > origin authentication (e.g., RFCs 6480-93) and route advertisement > security (e.g., RFCs 8205-11) do not apply to the EVPN family, hence > they are not relevant to [RFC7432] or this document.” > > The reason is because EVPN conveys Ethernet address space but also > some other information. > First, I'm not sure if the sentence immediately above is intended to be part of the text, or if it is a comment to me. I'm, assuming the latter, in which case I think more info would help the reader to understand why those RFCs are not applicable. Saying that the RFCs "do not apply to the EVPN family" does not seem clear enough, although I agree that noting RFC 7432 is a good idea.. How about: “The standards produced by the SIDR WG address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11). They protect the integrity and authenticity of IP address advertisements and ASN/IP prefix bindings. This document, and [RFC7432], use BGP to convey other info, e.g., MAC addresses, and thus the protections offered by the SIDR WG RFCs are not applicable in this context." Steve --------------F48EC307A061DB0E17B8D9FC Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Jorge,

[JORGE] hmm... how about this instead:

“The standards produced by the SIDR WG, which address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11) do not apply to the EVPN family, hence they are not relevant to [RFC7432] or this document.”

 

The reason is because EVPN conveys Ethernet address space but also some other information.

First, I'm not sure if the sentence immediately above is intended to be part of the text, or if it is a comment to me.  I'm, assuming the latter, in which case I think more info would help the reader to understand why those RFCs are not applicable. Saying that the RFCs "do not apply to the EVPN family" does not seem clear enough, although I agree that noting RFC 7432 is a good idea.. How about:

“The standards produced by the SIDR WG address secure route origin authentication (e.g., RFCs 6480-93) and route advertisement security (e.g., RFCs 8205-11). They protect the integrity and authenticity of IP address advertisements and ASN/IP prefix bindings. This document, and  [RFC7432], use BGP to convey other info, e.g., MAC addresses, and thus the protections offered by the SIDR WG RFCs are not applicable in this context."

Steve
 --------------F48EC307A061DB0E17B8D9FC-- From nobody Fri Feb 9 03:45:16 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA3A127775 for ; Fri, 9 Feb 2018 03:45:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.92 X-Spam-Level: X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnwVQnTkgpMa for ; Fri, 9 Feb 2018 03:45:11 -0800 (PST) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0130.outbound.protection.outlook.com [104.47.0.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BB87126BF0 for ; Fri, 9 Feb 2018 03:45:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jLc0eXnUM+HFSx0kYwIfNlhSpoNl7cz9mCd2xQp0Jx8=; b=nC1tCec8bwNl0B2fGvZgm769zFKPDghHyxxplaUe3Y+yYsW33bL3yJkGSPRZLfRzc3dFxucEqkMt2n6wXXsTXDfCmPgHsBVBad9Ou+u4q7UrScE9dOE0Ws4+eFHvEQFqM0F9enl8SnKq2QcHaaBxtc4+aiQ/VqdqngL91uxuJjI= Received: from AM4PR07MB3409.eurprd07.prod.outlook.com (10.171.189.158) by AM4SPR8PMB258.eurprd07.prod.outlook.com (10.167.90.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.506.9; Fri, 9 Feb 2018 11:45:07 +0000 Received: from AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085]) by AM4PR07MB3409.eurprd07.prod.outlook.com ([fe80::7047:bc78:522d:6085%2]) with mapi id 15.20.0506.007; Fri, 9 Feb 2018 11:45:05 +0000 From: "Rabadan, Jorge (Nokia - US/Mountain View)" To: Stephen Kent , Alvaro Retana , "Henderickx, Wim (Nokia - BE/Antwerp)" , "sajassi@cisco.com" , "uttaro@att.com" , "stephane.litkowski@orange.com" , "Vigoureux, Martin (Nokia - FR/Paris-Saclay)" , "secdir@ietf.org" , "Palislamovic, Senad (Nokia - US)" Thread-Topic: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 Thread-Index: AQHTnFHz0wf12N+xhkuJ9V8mooRWQaORnxaAgAAMgwCACPeYgP//93+AgABf34CAAPYvAIAAHjsA Date: Fri, 9 Feb 2018 11:45:05 +0000 Message-ID: References: <18631468-67d6-e3ca-0bef-92cdcb3ccd66@verizon.net> <9D77D57C-E135-479E-8328-69470CC4FF31@nokia.com> <8e511c57-4af2-8dbb-9c54-72fdee74b9c3@verizon.net> In-Reply-To: <8e511c57-4af2-8dbb-9c54-72fdee74b9c3@verizon.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180204 authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorge.rabadan@nokia.com; x-originating-ip: [88.27.177.143] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4SPR8PMB258; 7:7lmfkU5uSatRxii9uX6lRI0JffzyibrPoY9nEUwXyZIDJWwCng+aUBGfhmAzcmLUB76dJVpbYK+EWZajV/hhhGNdweBS/jVZHK1ySk/I6jnNvRINnWpix85np4Qt9dpClOyY5tMB+UDTbD6EbvnhZfR4AJvbXnQjYX9ldyvNVjpcIcV6TWnAMGHH2kNsex8px6/glKXnQv9fddIrXAaZA3yYVqzYL6/hZEfnflOKZwW26f5dOGiX6UF+ICWsn5vU x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(39380400002)(396003)(39860400002)(366004)(346002)(376002)(189003)(199004)(8936002)(2950100002)(97736004)(6636002)(561944003)(3280700002)(53936002)(6436002)(2201001)(39060400002)(6486002)(83716003)(6306002)(54896002)(86362001)(229853002)(82746002)(8676002)(76176011)(33656002)(81166006)(6512007)(81156014)(6246003)(25786009)(7736002)(186003)(2501003)(105586002)(8656006)(83506002)(106356001)(66066001)(59450400001)(99286004)(3660700001)(6506007)(53546011)(36756003)(14454004)(26005)(478600001)(5660300001)(5250100002)(93886005)(2900100001)(316002)(110136005)(58126008)(3846002)(6116002)(68736007)(102836004)(2906002)(921003)(1121003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4SPR8PMB258; H:AM4PR07MB3409.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 71d01976-ce66-416f-08d2-08d56fb29031 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:AM4SPR8PMB258; x-ms-traffictypediagnostic: AM4SPR8PMB258: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(82608151540597)(85827821059158)(97927398514766)(88262167912993)(95692535739014)(18271650672692)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(3231101)(11241501184)(806099)(2400082)(944501161)(10201501046)(93006095)(93001095)(6055026)(6041288)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM4SPR8PMB258; BCL:0; PCL:0; RULEID:; SRVR:AM4SPR8PMB258; x-forefront-prvs: 057859F9C5 received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Af82Eb7TnqoXOo9MyJHNM4CyzAu+g6lKJVLxV+HbVaEMhG1O170FTORaS0S0lQHsPrMYz6jzKk5JEd1RxIur4/H/XqJIhMNiflVVUm+Z3OkQ4oUMLVxIC74Itdvwu67b spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_D2A2602EEE894D71AE77A3F7472FF3ADnokiacom_" MIME-Version: 1.0 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 71d01976-ce66-416f-08d2-08d56fb29031 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2018 11:45:05.5850 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4SPR8PMB258 Archived-At: Subject: Re: [secdir] SECDIR review of draft-ietf- bess-evpn-usage-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 11:45:13 -0000 --_000_D2A2602EEE894D71AE77A3F7472FF3ADnokiacom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U3RldmUsDQoNCllvdXIgcHJvcG9zYWwgbG9va3MgdmVyeSBnb29kIHRvIG1lLg0KSeKAmWxsIGFk ZCBpdCB0byB0aGUgZG9jdW1lbnQuDQoNClRoYW5rIHlvdSENCkpvcmdlDQoNCg0KRnJvbTogU3Rl cGhlbiBLZW50IDxzdGtlbnRAdmVyaXpvbi5uZXQ+DQpEYXRlOiBGcmlkYXksIEZlYnJ1YXJ5IDks IDIwMTggYXQgMTE6NTcgQU0NClRvOiAiUmFiYWRhbiwgSm9yZ2UgKE5va2lhIC0gVVMvTW91bnRh aW4gVmlldykiIDxqb3JnZS5yYWJhZGFuQG5va2lhLmNvbT4sIEFsdmFybyBSZXRhbmEgPGFyZXRh bmEuaWV0ZkBnbWFpbC5jb20+LCAiSGVuZGVyaWNreCwgV2ltIChOb2tpYSAtIEJFL0FudHdlcnAp IiA8d2ltLmhlbmRlcmlja3hAbm9raWEuY29tPiwgInNhamFzc2lAY2lzY28uY29tIiA8c2FqYXNz aUBjaXNjby5jb20+LCAidXR0YXJvQGF0dC5jb20iIDx1dHRhcm9AYXR0LmNvbT4sICJzdGVwaGFu ZS5saXRrb3dza2lAb3JhbmdlLmNvbSIgPHN0ZXBoYW5lLmxpdGtvd3NraUBvcmFuZ2UuY29tPiwg IlZpZ291cmV1eCwgTWFydGluIChOb2tpYSAtIEZSL1BhcmlzLVNhY2xheSkiIDxtYXJ0aW4udmln b3VyZXV4QG5va2lhLmNvbT4sICJzZWNkaXJAaWV0Zi5vcmciIDxzZWNkaXJAaWV0Zi5vcmc+LCAi UGFsaXNsYW1vdmljLCBTZW5hZCAoTm9raWEgLSBVUykiIDxzZW5hZC5wYWxpc2xhbW92aWNAbm9r aWEuY29tPg0KU3ViamVjdDogUmU6IFtzZWNkaXJdIFNFQ0RJUiByZXZpZXcgb2YgZHJhZnQtaWV0 Zi0gYmVzcy1ldnBuLXVzYWdlLTA3DQoNCg0KSm9yZ2UsDQpbSk9SR0VdIGhtbS4uLiBob3cgYWJv dXQgdGhpcyBpbnN0ZWFkOg0K4oCcVGhlIHN0YW5kYXJkcyBwcm9kdWNlZCBieSB0aGUgU0lEUiBX Rywgd2hpY2ggYWRkcmVzcyBzZWN1cmUgcm91dGUgb3JpZ2luIGF1dGhlbnRpY2F0aW9uIChlLmcu LCBSRkNzIDY0ODAtOTMpIGFuZCByb3V0ZSBhZHZlcnRpc2VtZW50IHNlY3VyaXR5IChlLmcuLCBS RkNzIDgyMDUtMTEpIGRvIG5vdCBhcHBseSB0byB0aGUgRVZQTiBmYW1pbHksIGhlbmNlIHRoZXkg YXJlIG5vdCByZWxldmFudCB0byBbUkZDNzQzMl0gb3IgdGhpcyBkb2N1bWVudC7igJ0NCg0KVGhl IHJlYXNvbiBpcyBiZWNhdXNlIEVWUE4gY29udmV5cyBFdGhlcm5ldCBhZGRyZXNzIHNwYWNlIGJ1 dCBhbHNvIHNvbWUgb3RoZXIgaW5mb3JtYXRpb24uDQpGaXJzdCwgSSdtIG5vdCBzdXJlIGlmIHRo ZSBzZW50ZW5jZSBpbW1lZGlhdGVseSBhYm92ZSBpcyBpbnRlbmRlZCB0byBiZSBwYXJ0IG9mIHRo ZSB0ZXh0LCBvciBpZiBpdCBpcyBhIGNvbW1lbnQgdG8gbWUuICBJJ20sIGFzc3VtaW5nIHRoZSBs YXR0ZXIsIGluIHdoaWNoIGNhc2UgSSB0aGluayBtb3JlIGluZm8gd291bGQgaGVscCB0aGUgcmVh ZGVyIHRvIHVuZGVyc3RhbmQgd2h5IHRob3NlIFJGQ3MgYXJlIG5vdCBhcHBsaWNhYmxlLiBTYXlp bmcgdGhhdCB0aGUgUkZDcyAiZG8gbm90IGFwcGx5IHRvIHRoZSBFVlBOIGZhbWlseSIgZG9lcyBu b3Qgc2VlbSBjbGVhciBlbm91Z2gsIGFsdGhvdWdoIEkgYWdyZWUgdGhhdCBub3RpbmcgUkZDIDc0 MzIgaXMgYSBnb29kIGlkZWEuLiBIb3cgYWJvdXQ6DQoNCuKAnFRoZSBzdGFuZGFyZHMgcHJvZHVj ZWQgYnkgdGhlIFNJRFIgV0cgYWRkcmVzcyBzZWN1cmUgcm91dGUgb3JpZ2luIGF1dGhlbnRpY2F0 aW9uIChlLmcuLCBSRkNzIDY0ODAtOTMpIGFuZCByb3V0ZSBhZHZlcnRpc2VtZW50IHNlY3VyaXR5 IChlLmcuLCBSRkNzIDgyMDUtMTEpLiBUaGV5IHByb3RlY3QgdGhlIGludGVncml0eSBhbmQgYXV0 aGVudGljaXR5IG9mIElQIGFkZHJlc3MgYWR2ZXJ0aXNlbWVudHMgYW5kIEFTTi9JUCBwcmVmaXgg YmluZGluZ3MuIFRoaXMgZG9jdW1lbnQsIGFuZCAgW1JGQzc0MzJdLCB1c2UgQkdQIHRvIGNvbnZl eSBvdGhlciBpbmZvLCBlLmcuLCBNQUMgYWRkcmVzc2VzLCBhbmQgdGh1cyB0aGUgcHJvdGVjdGlv bnMgb2ZmZXJlZCBieSB0aGUgU0lEUiBXRyBSRkNzIGFyZSBub3QgYXBwbGljYWJsZSBpbiB0aGlz IGNvbnRleHQuIg0KDQpTdGV2ZQ0KDQo= --_000_D2A2602EEE894D71AE77A3F7472FF3ADnokiacom_ Content-Type: text/html; charset="utf-8" Content-ID: <35B267C1206FB841969A226AE5F1BEB0@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFz Ow0KCXBhbm9zZS0xOjIgMTEgNiA5IDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1m YW1pbHk6IlRpbWVzIE5ldyBSb21hbiBcKEJvZHkgQ1NcKSI7DQoJcGFub3NlLTE6MCAwIDUgMCAw IDAgMCAyIDAgMDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1z b05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAw MDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5 Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0 ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K CWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1h bDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25v cm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1z by1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBjbTsNCglmb250LXNpemU6 MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxT dHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OkNv bnNvbGFzOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxl LXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlv bjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0 IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwv c3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9 IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+U3RldmUsPG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5 OkNvbnNvbGFzIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPllvdXIgcHJvcG9zYWwgbG9v a3MgdmVyeSBnb29kIHRvIG1lLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+SeKAmWxsIGFkZCBpdCB0 byB0aGUgZG9jdW1lbnQuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNvbnNvbGFzIj48bzpwPiZuYnNwOzwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6 Q29uc29sYXMiPlRoYW5rIHlvdSE8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPkpvcmdlPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFt aWx5OkNvbnNvbGFzIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6Q29uc29sYXMiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQg I0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTIuMHB0O2NvbG9yOmJsYWNrIj5Gcm9tOg0KPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+U3RlcGhlbiBLZW50ICZsdDtzdGtlbnRAdmVyaXpv bi5uZXQmZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPkZyaWRheSwgRmVicnVhcnkgOSwgMjAxOCBhdCAx MTo1NyBBTTxicj4NCjxiPlRvOiA8L2I+JnF1b3Q7UmFiYWRhbiwgSm9yZ2UgKE5va2lhIC0gVVMv TW91bnRhaW4gVmlldykmcXVvdDsgJmx0O2pvcmdlLnJhYmFkYW5Abm9raWEuY29tJmd0OywgQWx2 YXJvIFJldGFuYSAmbHQ7YXJldGFuYS5pZXRmQGdtYWlsLmNvbSZndDssICZxdW90O0hlbmRlcmlj a3gsIFdpbSAoTm9raWEgLSBCRS9BbnR3ZXJwKSZxdW90OyAmbHQ7d2ltLmhlbmRlcmlja3hAbm9r aWEuY29tJmd0OywgJnF1b3Q7c2FqYXNzaUBjaXNjby5jb20mcXVvdDsgJmx0O3NhamFzc2lAY2lz Y28uY29tJmd0OywgJnF1b3Q7dXR0YXJvQGF0dC5jb20mcXVvdDsgJmx0O3V0dGFyb0BhdHQuY29t Jmd0OywNCiAmcXVvdDtzdGVwaGFuZS5saXRrb3dza2lAb3JhbmdlLmNvbSZxdW90OyAmbHQ7c3Rl cGhhbmUubGl0a293c2tpQG9yYW5nZS5jb20mZ3Q7LCAmcXVvdDtWaWdvdXJldXgsIE1hcnRpbiAo Tm9raWEgLSBGUi9QYXJpcy1TYWNsYXkpJnF1b3Q7ICZsdDttYXJ0aW4udmlnb3VyZXV4QG5va2lh LmNvbSZndDssICZxdW90O3NlY2RpckBpZXRmLm9yZyZxdW90OyAmbHQ7c2VjZGlyQGlldGYub3Jn Jmd0OywgJnF1b3Q7UGFsaXNsYW1vdmljLCBTZW5hZCAoTm9raWEgLSBVUykmcXVvdDsgJmx0O3Nl bmFkLnBhbGlzbGFtb3ZpY0Bub2tpYS5jb20mZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBb c2VjZGlyXSBTRUNESVIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtIGJlc3MtZXZwbi11c2FnZS0wNzxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8cCBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5Kb3JnZSw8bzpwPjwvbzpwPjwvcD4NCjxi bG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0 bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzttYXJnaW4tbGVmdDozNi4wcHQiPg0KPGEgbmFt ZT0iX01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpDb25zb2xhcyI+ W0pPUkdFXSBobW0uLi4gaG93IGFib3V0IHRoaXMgaW5zdGVhZDo8L3NwYW4+PG86cD48L286cD48 L2E+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDph dXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO21hcmdpbi1sZWZ0OjM2LjBwdCI+DQo8c3Bh biBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij7igJxUaGUgc3RhbmRhcmRz IHByb2R1Y2VkIGJ5IHRoZSBTSURSIFdHLCB3aGljaCBhZGRyZXNzIHNlY3VyZSByb3V0ZSBvcmln aW4gYXV0aGVudGljYXRpb24gKGUuZy4sIFJGQ3MgNjQ4MC05MykgYW5kIHJvdXRlIGFkdmVydGlz ZW1lbnQgc2VjdXJpdHkgKGUuZy4sIFJGQ3MgODIwNS0xMSkgZG8gbm90IGFwcGx5IHRvIHRoZSBF VlBOIGZhbWlseSwgaGVuY2UgdGhleSBhcmUNCiBub3QgcmVsZXZhbnQgdG8gW1JGQzc0MzJdIG9y IHRoaXMgZG9jdW1lbnQu4oCdPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFs dDphdXRvO21hcmdpbi1sZWZ0OjM2LjBwdCI+DQo8c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9N YWlsT3JpZ2luYWxCb2R5Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0 b20tYWx0OmF1dG87bWFyZ2luLWxlZnQ6MzYuMHB0Ij4NCjxzcGFuIHN0eWxlPSJtc28tYm9va21h cms6X01haWxPcmlnaW5hbEJvZHkiPlRoZSByZWFzb24gaXMgYmVjYXVzZSBFVlBOIGNvbnZleXMg RXRoZXJuZXQgYWRkcmVzcyBzcGFjZSBidXQgYWxzbyBzb21lIG90aGVyIGluZm9ybWF0aW9uLjxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PHNwYW4gc3R5bGU9Im1zby1ib29r bWFyazpfTWFpbE9yaWdpbmFsQm9keSI+Rmlyc3QsIEknbSBub3Qgc3VyZSBpZiB0aGUgc2VudGVu Y2UgaW1tZWRpYXRlbHkgYWJvdmUgaXMgaW50ZW5kZWQgdG8gYmUgcGFydCBvZiB0aGUgdGV4dCwg b3IgaWYgaXQgaXMgYSBjb21tZW50IHRvIG1lLiZuYnNwOyBJJ20sIGFzc3VtaW5nIHRoZSBsYXR0 ZXIsIGluIHdoaWNoIGNhc2UgSSB0aGluaw0KIG1vcmUgaW5mbyB3b3VsZCBoZWxwIHRoZSByZWFk ZXIgdG8gdW5kZXJzdGFuZCB3aHkgdGhvc2UgUkZDcyBhcmUgbm90IGFwcGxpY2FibGUuIFNheWlu ZyB0aGF0IHRoZSBSRkNzICZxdW90O2RvIG5vdCBhcHBseSB0byB0aGUgRVZQTiBmYW1pbHkmcXVv dDsgZG9lcyBub3Qgc2VlbSBjbGVhciBlbm91Z2gsIGFsdGhvdWdoIEkgYWdyZWUgdGhhdCBub3Rp bmcgUkZDIDc0MzIgaXMgYSBnb29kIGlkZWEuLiBIb3cgYWJvdXQ6PGJyPg0KPGJyPg0K4oCcVGhl IHN0YW5kYXJkcyBwcm9kdWNlZCBieSB0aGUgU0lEUiBXRyBhZGRyZXNzIHNlY3VyZSByb3V0ZSBv cmlnaW4gYXV0aGVudGljYXRpb24gKGUuZy4sIFJGQ3MgNjQ4MC05MykgYW5kIHJvdXRlIGFkdmVy dGlzZW1lbnQgc2VjdXJpdHkgKGUuZy4sIFJGQ3MgODIwNS0xMSkuIFRoZXkgcHJvdGVjdCB0aGUg aW50ZWdyaXR5IGFuZCBhdXRoZW50aWNpdHkgb2YgSVAgYWRkcmVzcyBhZHZlcnRpc2VtZW50cyBh bmQgQVNOL0lQIHByZWZpeCBiaW5kaW5ncy4NCiBUaGlzIGRvY3VtZW50LCBhbmQmbmJzcDsgW1JG Qzc0MzJdLCB1c2UgQkdQIHRvIGNvbnZleSBvdGhlciBpbmZvLCBlLmcuLCBNQUMgYWRkcmVzc2Vz LCBhbmQgdGh1cyB0aGUgcHJvdGVjdGlvbnMgb2ZmZXJlZCBieSB0aGUgU0lEUiBXRyBSRkNzIGFy ZSBub3QgYXBwbGljYWJsZSBpbiB0aGlzIGNvbnRleHQuJnF1b3Q7PGJyPg0KPGJyPg0KU3RldmU8 YnI+DQo8YnI+DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRt bD4NCg== --_000_D2A2602EEE894D71AE77A3F7472FF3ADnokiacom_-- From nobody Fri Feb 9 07:39:40 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D5712D777; Fri, 9 Feb 2018 07:39:38 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Barry Leiba To: Cc: draft-ietf-6man-ndpioiana.all@ietf.org, ipv6@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151819077870.1168.11205080066617672948@ietfa.amsl.com> Date: Fri, 09 Feb 2018 07:39:38 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-6man-ndpioiana-02 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 15:39:39 -0000 Reviewer: Barry Leiba Review result: Ready This document fills a gap created by RFC 6275 by creating a necessary IANA registry. The document is well written and ready to go, with no security implications that I can imagine. I read Al Morton's OpsDir review. Commenting on that: - I think the document can go ahead with or without the changes that Al suggests, but... - I agree that it'd be useful to show the reserved bits in the registry table, except that I'd give the reference for it as RFC 4861, not 6275. - The text in Section 4 already does say what the registration policy is, and I don't think "or IESG Approval" should be added. - I don't think it's necessary to add "updates 6275", though I wouldn't object to it. - I agree that adding section references would be nice. I found the fields easily by searching on their names, but I'm a general fan of using section references to make things clearer to readers. -- Barry From nobody Sat Feb 10 21:55:51 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3184E127369; Sat, 10 Feb 2018 21:55:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.681 X-Spam-Level: X-Spam-Status: No, score=0.681 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id coYtCVotG4Td; Sat, 10 Feb 2018 21:55:41 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-oln040092006025.outbound.protection.outlook.com [40.92.6.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9CE1201F8; Sat, 10 Feb 2018 21:55:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UkehpXPJS2wO0sXvUI1pZx+neVkdmyQ9jyvasFlO3p8=; b=L5Znl2vu0SUV9XUNdGRUxTp9VLsICQl/unlev1kWV0hzTuJiP3gvZwSBs3MRDn3MZIH68LKCnsg156sYA6E9/kDRd9rPvg1swgrIQqgimYmHDnXYh3iWfihSDeYcR504BV/NepY+QFooPz5k22cSLbt2UYqY4fgTaX/smTz4/8FY/spqJQtZTxMWkr5VfvmKCRWZfSsu/DFKHi2nIotfSt8/YwVV3Wz7P10mFpbrgAQ4XL/qvSuXbobID03LDWDVsaZuCS+9cb6JfleYd79tq6dfwtvRAdzrjwEsYJsT0qhtQCLlRytt/CS7PHzBdI+rsl27p85GeCoaouZyjPp+GQ== Received: from CO1NAM03FT017.eop-NAM03.prod.protection.outlook.com (10.152.80.52) by CO1NAM03HT213.eop-NAM03.prod.protection.outlook.com (10.152.81.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.464.13; Sun, 11 Feb 2018 05:55:41 +0000 Received: from DM5PR04MB1099.namprd04.prod.outlook.com (10.152.80.51) by CO1NAM03FT017.mail.protection.outlook.com (10.152.80.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.485.12 via Frontend Transport; Sun, 11 Feb 2018 05:55:41 +0000 Received: from DM5PR04MB1099.namprd04.prod.outlook.com ([10.174.242.37]) by DM5PR04MB1099.namprd04.prod.outlook.com ([10.174.242.37]) with mapi id 15.20.0485.013; Sun, 11 Feb 2018 05:55:41 +0000 From: Charlie Kaufman To: "secdir@ietf.org" , "iesg@ietf.org" , "draft-ietf-mmusic-sdp-bundle-negotiation.all@ietf.org" Thread-Topic: Secdir review of draft-ietf-mmusic-sdp-bundle-negotiation-48 Thread-Index: AQHTovy5RO7AatX+n0q+gBTE9V2YxA== Date: Sun, 11 Feb 2018 05:55:40 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:9888AE3077CC10185979F3693B0ECFA160771C1223DB8B3937973A88B93B2510; UpperCasedChecksum:6BDA55342C6B38BC6010A56C96F4673161C7D94604A6F299160BCB4E3618D0E5; SizeAsReceived:7125; Count:43 x-tmn: [xwGQEsLK2QEdbJb2IYa02JEdN00MJe3iCkMvm/xwOkqtLhuESiw32w9BcVFV2Z6v] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO1NAM03HT213; 6:VKL9I0bbhh1Vyzsiet4K2XOqc484qbCzY9cScAKLAPXuQGh8UyKwpMCOBxzkkW+yQSQ+ZpGXs19CRP4lkMR/vxqOsvUVH1MwZhneuYtx8wsw8GU2eEO1I86WKNuyWWh6k2cSKtxZXBkFDPlibmwVeoZOHl008O605tEuS6TKp/NEE7xKV0VrIcmkjZYsTKf1+hkeI49wMJz3bQ3eeE5TRrzHXFJ7YeZIaQwqVigPFF7ENv3EKgAgtNbx8bd1JJYlkt2RB2f7adBor7b/c+2+owKDyUhitRreU8riDSi+EJRaUNsoQeUzee53eZk+vbXNnatQNboVx1FH+aebvQ9rqPRdQ+W5ken860gzo8TlaWM=; 5:+FsM0oGP9YqZBtEa2tJF6ZQsp7pfgXkG4ixDPbweV5S8S9zP1uvOEo5QAhRBY/tH8VnrRfifjJESxMjlupbe58V5bE2REqy615GWdXernIDdNa+H6Z2bs5H7JTXgD3mag5uEhjYjyqwDl/yK9i/Zes0oSG2Y+ckRGl9SKouDX3c=; 24:GiW7ZLs0reDCLqDRFsNucFzI92NqxN1OsYn8mzqM2gYqCyi/Ujnza08e35rDvcHokHxzTI529S2rJ2uKXJ1jwzuXjW5X9hy0+m3r/2rPW6I=; 7:7kRu9xiQwpPxYWGWWxIvKH6wjUfbp6i8JGnMCDhFRvXtiez51NxcWIglzCG9k+bAE7ODRBi1AabgW/uFCIHGr/qD6h6BASoKxjJGvGwSJOqUHTsRrEG74OwVvDvEC5n4ZkZGjKHkIupk3aZBPM78zbVXQj5ajNaivv6sjC1o6Y9AM/4bDDPJaiAD1b9Ivak7QTNdgyFp2HtsnnEhzzF1hUobYlXqivZ8c3v3fuqm2wgxn/SAcTNjrZF0GFHbx4jW x-incomingheadercount: 43 x-eopattributedmessage: 0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045); SRVR:CO1NAM03HT213; x-ms-traffictypediagnostic: CO1NAM03HT213: x-ms-office365-filtering-correlation-id: 92950c86-09a4-46ee-bf0b-08d57114151f x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(444000031); SRVR:CO1NAM03HT213; BCL:0; PCL:0; RULEID:; SRVR:CO1NAM03HT213; x-forefront-prvs: 058043A388 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM03HT213; H:DM5PR04MB1099.namprd04.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_DM5PR04MB10994723AD8C5B269E076A24DFF00DM5PR04MB1099namp_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 92950c86-09a4-46ee-bf0b-08d57114151f X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2018 05:55:40.9698 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM03HT213 Archived-At: Subject: [secdir] Secdir review of draft-ietf-mmusic-sdp-bundle-negotiation-48 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2018 05:55:44 -0000 --_000_DM5PR04MB10994723AD8C5B269E076A24DFF00DM5PR04MB1099namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have reviewed this document as part of the security directorate's ongoing= effort to review all IETF documents being processed by the IESG. These co= mments were written primarily for the benefit of the security area director= s. Document editors and WG chairs should treat these comments just like an= y other last call comments. This specification defines an enhancement to the RTP Control Protocol (RTCP= ) defined in RFC3264. The enhancement allows multiple items over a single R= TP channel with interleaved packets. This is harder than one would expect i= n part because the protocol change has to deal with backward compatibility = and interoperability between implementations that include the enhancement a= nd those that don't. While I can't claim to have understood the entire spec, I can confidently a= gree with the authors that this enhancement does not change the security co= nsiderations from those specified in RFCs 3264 and 5888. Other thoughts: The use of the term "Unique Address" for the combination of an IP address a= nd a port number is a little confusing, especially when interleaved with re= ferences to 5-tuples as connection identifiers. Since this protocol is alwa= ys (?) transmitted over UDP, it would be good to mention somewhere that two= unique addresses together make a connection identifier (where UDP is impli= ed) and that a Unique Address is the combination of an IP address and a UDP= port number. Given the large numbers of NATs out there, I'm surprised the protocol does = not make itself a little more NAT friendly by allowing an address specifica= tion with an ability to specify "The IP address from which this message is = arriving" so that NAT'd connections will be handled correctly (at least in = the most common case). Section 18 (examples) is a very welcome addition that I wish were present i= n more RFCs. It goes a long way toward making otherwise difficult to parse = sections of the document more comprehensible. --Charlie --_000_DM5PR04MB10994723AD8C5B269E076A24DFF00DM5PR04MB1099namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I have reviewed this document as part of the security directorate's ongo= ing effort to review all IETF documents being processed by the IESG.  = These comments were written primarily for the benefit of the security area = directors.  Document editors and WG chairs should treat these comments just like any other last call comments.


This specification defines an enhancement to the RTP Control Protocol (R= TCP) defined in RFC3264. The enhancement allows multiple items over a singl= e RTP channel with interleaved packets. This is harder than one would expec= t in part because the protocol change has to deal with backward compatibility and interoperability between imple= mentations that include the enhancement and those that don't.


While I can't claim to have understood the entire spec, I can confidentl= y agree with the authors that this enhancement does not change the security= considerations from those specified in RFCs 3264 and 5888.


Other thoughts:


The use of the term "Unique Address" for the combination of an= IP address and a port number is a little confusing, especially when interl= eaved with references to 5-tuples as connection identifiers. Since this pro= tocol is always (?) transmitted over UDP, it would be good to mention somewhere that two unique addresses together m= ake a connection identifier (where UDP is implied) and that a Unique Addres= s is the combination of an IP address and a UDP port number.


Given the large numbers of NATs out there, I'm surprised the protocol do= es not make itself a little more NAT friendly by allowing an address specif= ication with an ability to specify "The IP address from which this mes= sage is arriving" so that NAT'd connections will be handled correctly (at least in the most common case).


Section 18 (examples) is a very welcome addition that I wish were presen= t in more RFCs. It goes a long way toward making otherwise difficult to par= se sections of the document more comprehensible.


 --Charlie




--_000_DM5PR04MB10994723AD8C5B269E076A24DFF00DM5PR04MB1099namp_-- From nobody Sun Feb 11 08:25:58 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00880126DEE for ; Sun, 11 Feb 2018 08:25:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.32 X-Spam-Level: X-Spam-Status: No, score=-4.32 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x3BcM2cIKsAD for ; Sun, 11 Feb 2018 08:25:54 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 545121201F2 for ; Sun, 11 Feb 2018 08:25:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1518366352; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=rhOy3brmOvzpNh7LlP/ZTxv0fiM34g7QTFhoeUEim6Y=; b=O1ihiI3Mu6YoG3u8KqX/kn9FEw31HuRDFAW9V2h33SwDGKPoav+byzijpyYPG871 +5rwpk9llOG30jJl+QuPMWkuQiGSdPyqj47Mswx3xDMCNNRM8ub+1HBhURifw4tA Fb5OSgLLp0FNfy84lU1mKf6PiImG8cF0ykK2gajJzS8=; X-AuditID: c1b4fb30-399ff70000004778-b5-5a806e906808 Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id F9.2B.18296.09E608A5; Sun, 11 Feb 2018 17:25:52 +0100 (CET) Received: from ESESSMB109.ericsson.se ([169.254.9.195]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.03.0352.000; Sun, 11 Feb 2018 17:25:51 +0100 From: Christer Holmberg To: Charlie Kaufman , "secdir@ietf.org" , "iesg@ietf.org" , "draft-ietf-mmusic-sdp-bundle-negotiation.all@ietf.org" Thread-Topic: Secdir review of draft-ietf-mmusic-sdp-bundle-negotiation-48 Thread-Index: AQHTovy5RO7AatX+n0q+gBTE9V2YxKOfX5OA Date: Sun, 11 Feb 2018 16:25:51 +0000 Message-ID: <7594FB04B1934943A5C02806D1A2204B6C165419@ESESSMB109.ericsson.se> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.150] Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B6C165419ESESSMB109erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprEIsWRmVeSWpSXmKPExsUyM2K7h+6EvIYog2XfRCym/T7BYnHi/TdW ixl/JjJbfFj4kMWBxWPJkp9MHptfv2AOYIrisklJzcksSy3St0vgyrjSu52l4FJmxa/zC9kb GE/GdDFyckgImEjcPnyYrYuRi0NI4DCjxM7XzxkhnCWMEtt+/wNyODjYBCwkuv9pg8RFBN4y Svx5PZ0ZpFtYwFOitekvM0iNiICXxM7djiBhEQEjie2v97CD2CwCqhK7Tu5jArF5BXwlzk8+ zwhiCwnESBxcBRHnFIiVmN9+mQ3EZhQQk/h+ag1YnFlAXOLWk/lMEIcKSCzZc54ZwhaVePn4 HyuErSSxYvslRoj6fIme359YIXYJSpyc+YRlAqPwLCSjZiEpm4WkDCKuI7Fg9yc2CFtbYtnC 18ww9pkDj5mQxRcwsq9iFC1OLU7KTTcy0kstykwuLs7P08tLLdnECIypg1t+G+xgfPnc8RCj AAejEg9vq2pDlBBrYllxZe4hRgkOZiUR3hspQCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8Jz15 o4QE0hNLUrNTUwtSi2CyTBycUg2Mqj6S9xSn7zi5vebQfPNvUr9XOV9p+m5Vdvemym6nFes+ 1nO0q55atXujanTAfIud7/6mKMy2CPy24fHT376ntK5nivHe2Hh0s+9M93SJXYkOScs23vtm 6jbNaeEOobXhYttj2uuP3vnpkDX7itP+B/Oc3Cb93sAbXpJVZnxg5lVDJqOw78ZiX5VYijMS DbWYi4oTAdx56E2lAgAA Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-mmusic-sdp-bundle-negotiation-48 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2018 16:25:57 -0000 --_000_7594FB04B1934943A5C02806D1A2204B6C165419ESESSMB109erics_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Charlie, Thanks for your review! Please see inline. >I have reviewed this document as part of the security directorate's ongoin= g effort to review all IETF documents being processed by the IESG. These >= comments were written primarily for the benefit of the security area direct= ors. Document editors and WG chairs should treat these comments just like = any >other last call comments. > >This specification defines an enhancement to the RTP Control Protocol (RTC= P) defined in RFC3264. The enhancement allows multiple items over a single = >RTP channel with interleaved packets. This is harder than one would expect= in part because the protocol change has to deal with backward compatibilit= y >and interoperability between implementations that include the enhancemen= t and those that don't. > >While I can't claim to have understood the entire spec, I can confidently = agree with the authors that this enhancement does not change the security >= considerations from those specified in RFCs 3264 and 5888. > >Other thoughts: > >The use of the term "Unique Address" for the combination of an IP address = and a port number is a little confusing, especially when interleaved with >= references to 5-tuples as connection identifiers. Since this protocol is al= ways (?) transmitted over UDP, it would be good to mention somewhere that t= wo >unique addresses together make a connection identifier (where UDP is im= plied) and that a Unique Address is the combination of an IP address and a = UDP >port number. "Unique Address" will be changed to "Unique Address:Port", similar to e.g.,= "BUNDLE Address:Port". The definition already indicates that it includes t= he port: "Unique address: An address:port combination that is assigned to only= one "m=3D" section in an offer or answer." > Given the large numbers of NATs out there, I'm surprised the protocol doe= s not make itself a little more NAT friendly by > allowing an address specification with an ability to specify "The IP addr= ess from which this message is arriving" so that > NAT'd connections will be handled correctly (at least in the most common = case). In SDP Offer/Answer (RFC 3264) you always indicate the address:port where y= ou will RECEIVE media. That has caused some problems every now and then, bu= t it's not within the scope of the draft to change that. However, BUNDLE actually mandates usage of the SAME address:port for both s= ending AND receiving media, so in practise you DO indicate from where media= will be sent :) >Section 18 (examples) is a very welcome addition that I wish were present = in more RFCs. It goes a >long way toward making otherwise difficult to parse sections of the docume= nt more comprehensible. Good :) It is also worth noting that, as BUNDLE is an extension to RFC 3264 (SDP Of= fer/Answer), one needs to be familiar with that specification in order to f= ully understand BUNDLE. Regards, Christer --_000_7594FB04B1934943A5C02806D1A2204B6C165419ESESSMB109erics_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Charlie= ,

 = ;

Thanks for= your review! Please see inline.

 

>I have reviewed this document as part of the security di= rectorate's ongoing effort to review all IETF documents being processed by = the IESG.  These >comments were written primarily for = the benefit of the security area directors.  Document editors and WG c= hairs should treat these comments just like any >other last call comments.=

> 

>This specification defines an enhancement to the RTP Con= trol Protocol (RTCP) defined in RFC3264. The enhancement allows multiple it= ems over a single >RTP channel with interleaved packets= . This is harder than one would expect in part because the protocol change = has to deal with backward compatibility >and interoperability between impleme= ntations that include the enhancement and those that don't.

> 

>While I can't claim to have understood the entire spec, = I can confidently agree with the authors that this enhancement does not cha= nge the security >considerations from those specified = in RFCs 3264 and 5888.

> 

>Other thoughts:

> 

>The use of the term "Unique Address" for the c= ombination of an IP address and a port number is a little confusing, especi= ally when interleaved with >references to 5-tuples as connection= identifiers. Since this protocol is always (?) transmitted over UDP, it wo= uld be good to mention somewhere that two >unique addresses together make a con= nection identifier (where UDP is implied) and that a Unique Address is the = combination of an IP address and a UDP >port number.

 

“Unique Address” will be changed to “Unique Address:P= ort”, similar to e.g., “BUNDLE Address:Port”. The definit= ion already indicates that it includes the port:

 

      “Unique address: An address:port c= ombination that is assigned to only one "m=3D" section in an offe= r or answer.”

 

> Given the large numbers of NATs out there, I'm surprise= d the protocol does not make itself a little more NAT friendly by

> allowing an address specification with an ability to specify &q= uot;The IP address from which this message is arriving" so that

> NAT'd connections will be handled correctly (at least in the mo= st common case).

 

In SDP Offer/Answer (RFC 3264) you always indicate the address:port whe= re you will RECEIVE media. That has caused some problems every now and then= , but it’s not within the scope of the draft to change that.

 

However, BUNDLE actually mandates usage of the SAME address:port for bo= th sending AND receiving media, so in practise you DO indicate from where m= edia will be sent :)

 

>Section 18 (examples) is a very welcome addition that I = wish were present in more RFCs. It goes a

>long way toward making otherwise difficult to parse sections of = the document more comprehensible.

 

Good :)

 

It is also worth noting that, as BUNDLE is an extension to RFC 3264 (SD= P Offer/Answer), one needs to be familiar with that specification in order = to fully understand BUNDLE.

 

Regards,

 

Christer

 

--_000_7594FB04B1934943A5C02806D1A2204B6C165419ESESSMB109erics_-- From nobody Sun Feb 11 16:54:30 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0800126E64; Sun, 11 Feb 2018 16:54:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.749 X-Spam-Level: X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Mn1i0QChQil; Sun, 11 Feb 2018 16:54:23 -0800 (PST) Received: from mail-ot0-x22f.google.com (mail-ot0-x22f.google.com [IPv6:2607:f8b0:4003:c0f::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84D3D12025C; Sun, 11 Feb 2018 16:54:23 -0800 (PST) Received: by mail-ot0-x22f.google.com with SMTP id q9so12593415oti.0; Sun, 11 Feb 2018 16:54:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=/jzDWqOlzyGxzbyFWamQBdOYBrGBDFx/HG9ekiCe5+M=; b=Q2kIdY6NU8m37PgXfi+cq4zgVh3q72M8L34b2V4KtGB0aRYnqq0xYa7r1XNdbjUkRm rk61T0cBjEAk1mhrlw2dqVCrPy16SHdeFgDCmqHBmMQlNzVak4F2t1eUn7aYqkwbFxjA kSsiVS2Fc6mrGW2wC2sNCwJyZ9r0md8DHclMlvaQNgtF9dJgfN4CN64QJnu7wr+1zK3Y KdDBA4uvyzyP9rDBaXVj+us9Bq6euJcdYqkLfkfROOOSfIP4p8lho6lGVtooyJsDyfTK 5zmnyLZFhA2zY4x5gD0oOgQrto5u/r62BboAhVEBGHLTTV93Ixh36ld75Sm99rQ21mTj weug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=/jzDWqOlzyGxzbyFWamQBdOYBrGBDFx/HG9ekiCe5+M=; b=VY50nODhos7CddinrD0enEnKKXWXWcQxoHZ4mqtkqsdvI4MIE+t9kfjPxuee0S2cCx 2kLAy3/96O6hOS7MLXc4VfAGB2poILONAt5P1WiILlf5gh+t0HDBa8XL333nbZSUHnVI yatd84F1XIMCR7J5cIUiXqZXOQip7joRjcqDdM8RkAaQqQN6g7/SjVgIRP5hH/6ZIJYt HzafpGUg817o3+m8vedCFeUNY1OsVAG3AV7778A+z4OilmONXg8NVn7Og4UMqIkLulvt ugx8gOo2SOOHyiM9opfSZx2cMs15jy3+aaxsleVNU6TG48ygSkPrSb44Qv4gK82AqpU8 jVUQ== X-Gm-Message-State: APf1xPCueqmr0F0T/2llu8R0c6lXytIZ8iGscrbxf0e0sn2IS1pJszdH yi8Hyh2LRIyO4OHAuU17S4qJ2Hbzw8W+iK7nKSr27zug X-Google-Smtp-Source: AH8x2244TByw7zQZ8jhTcZRxRrae3oF0KCE39BfXbfByEpuFHAjB6RcKSQtCBmEyK3bIM09c0LlzIzI521zzk2jBYTA= X-Received: by 10.157.17.171 with SMTP id v40mr7952791otf.287.1518396862461; Sun, 11 Feb 2018 16:54:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.168.67.205 with HTTP; Sun, 11 Feb 2018 16:54:06 -0800 (PST) From: Donald Eastlake Date: Sun, 11 Feb 2018 19:54:06 -0500 Message-ID: To: "iesg@ietf.org" Cc: secdir@ietf.org, draft-farrel-sfc-convent.all@ietf.org Content-Type: multipart/alternative; boundary="94eb2c1914449d7d4f0564f95191" Archived-At: Subject: [secdir] SECDIR review of drat-farrel-sfc-convent-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 00:54:25 -0000 --94eb2c1914449d7d4f0564f95191 Content-Type: text/plain; charset="UTF-8" I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and others should treat these comments just like any other late last call comments. The summary of the review is Ready. This document specifies a new "None" value for the Next Hop Protocol field of the NSH header and places some implementation conditions on its use. It lists some use case types for such packets, which would have NSH meta data but no following protocol data, but does not fully specify any particular use. The Security Considerations section in conjunction with the implementation conditions in the document seems more than adequate for the mere additional of this field value. Additional Security Considerations will be required in future documents specifying particular uses of this field value. Draft references should be updated when they have issued as RFCs but I'm sure the RFC Editor will handle this. My apologies that this review is late. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com --94eb2c1914449d7d4f0564f95191 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I have reviewed this document as part of the security= directorate's ongoing effort to review all IETF documents being proces= sed by the=C2=A0
IESG. Document editors and others should treat t= hese comments just like any other late last call comments.

The summary of the review is Ready.

This = document specifies a new "None" value for the Next Hop Protocol f= ield of the NSH header and places some implementation conditions on its use= . It lists some use case types for such packets, which would have NSH meta = data but no following protocol data, but does not fully specify any particu= lar use.

The Security Considerations section in co= njunction with the implementation conditions in the document seems more tha= n adequate for the mere additional of this field value. Additional Security= Considerations will be required in future documents specifying particular = uses of this field value.

Draft references should = be updated when they have issued as RFCs but I'm sure the RFC Editor wi= ll handle this.

My apologies that this review is l= ate.

Thanks,
Don= ald
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D
=C2=A0Donald E. Eastlake 3rd =C2=A0 +1-508-3= 33-2270 (cell)
=C2=A0155 Beaver Street, Milford, MA 01757 USA
=C2=A0<= a href=3D"mailto:d3e3e3@gmail.com" target=3D"_blank">d3e3e3@gmail.com
--94eb2c1914449d7d4f0564f95191-- From nobody Tue Feb 13 07:33:28 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C64F126CB6; Tue, 13 Feb 2018 07:33:21 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Montville To: Cc: bier@ietf.org, draft-ietf-bier-ospf-bier-extensions.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151853600160.14260.14154798734920051411@ietfa.amsl.com> Date: Tue, 13 Feb 2018 07:33:21 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-bier-ospf-bier-extensions-11 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2018 15:33:22 -0000 Reviewer: Adam Montville Review result: Not Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security ADs may prefer to see an elaborated Security Considerations section. From my perspective, the single sentence seeking to ensure that malformed TLV and Sub-TLV permutations don't result in hard OSPF failures is insufficient. What could be the outcome of such hard failures (i.e. what does an implementer need to understand about not heeding such considerations)? Also, a reader might presume that there are no additional BIER security considerations not otherwise handled in RFCs 8279 and 8296 respectively. If such a presumption is correct, then I would recommend explicitly stating so and perhaps even referring the reader to those Security Considerations for anything that may apply to this extension. Finally, in the first sentence of the Security Considerations, there exists "must" - is that intended to be MUST? I don't have any further comments on this draft from a nit perspective nor from an efficacy perspective when it comes to routing, as this isn't my area of expertise. Kind regards, Adam From nobody Wed Feb 14 13:10:39 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E89B12D868; Wed, 14 Feb 2018 13:10:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.231 X-Spam-Level: X-Spam-Status: No, score=-4.231 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKKtKo790Vv7; Wed, 14 Feb 2018 13:10:32 -0800 (PST) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8321212D867; Wed, 14 Feb 2018 13:10:28 -0800 (PST) X-AuditID: 1209190e-cefff700000063b2-48-5a84a5c2dc20 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 65.1B.25522.2C5A48A5; Wed, 14 Feb 2018 16:10:27 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w1ELAMuI031370; Wed, 14 Feb 2018 16:10:23 -0500 Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1ELAIrZ001829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Feb 2018 16:10:20 -0500 Date: Wed, 14 Feb 2018 15:10:17 -0600 From: Benjamin Kaduk To: draft-ietf-rtgwg-backoff-algo.all@ietf.org, iesg@ietf.org, secdir@ietf.org Message-ID: <20180214211017.GI12363@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrBIsWRmVeSWpSXmKPExsUixG6nont4aUuUQdMEJovr22+wWcz4M5HZ 4sPChywOzB5LlvxkCmCM4rJJSc3JLEst0rdL4MpYvX4qc8Fiw4oPr78xNjC+U+9i5OSQEDCR 2LG8k7WLkYtDSGAxk8TlxgksIAkhgY2MEifaqyASZ5kkrr6fygqSYBFQlfj6fTEbiM0moCLR 0H2ZGcQWEfCTuLv0JpgtLGAlMeHdNUYQm1dAR2Lr9assELagxMmZT8BsZgEtiRv/XjJ1MXIA 2dISy/9xgIRFBZQl9vYdYp/AyDsLSccsJB2zEDoWMDKvYpRNya3SzU3MzClOTdYtTk7My0st 0jXWy80s0UtNKd3ECAouTkm+HYyTGrwPMQpwMCrx8N6wbIkSYk0sK67MPcQoycGkJMo7gxMo xJeUn1KZkVicEV9UmpNafIhRgoNZSYTX+HxzlBBvSmJlVWpRPkxKmoNFSZzX3UQ7SkggPbEk NTs1tSC1CCYrw8GhJMF7cgnQUMGi1PTUirTMnBKENBMHJ8hwHqDhM0BqeIsLEnOLM9Mh8qcY jTluvHjdxszxa9PeTmYhlrz8vFQpcd5qkFIBkNKM0jy4aaAEIZG9v+YVozjQc8K8K0GqeIDJ BW7eK6BVTECrdLUbQVaVJCKkpBoYF4SsaZd7sCi3hu1aVVdXvL7+hqOH80+7Hjom4Sl7v1/X 3kJkvsfSySXvknNX5KkHTlNQ+PI/9iSjdOrkK09c+E4s0M3kll5xMeqJyIej7TtnPE1rv63+ an3UM/m3Xw/zvLeuays7d+vXna51d/Yr2szLe/q2QClrl4uthFrvqpBLq2L/3tE7rsRSnJFo qMVcVJwIAEP17yDrAgAA Archived-At: Subject: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2018 21:10:33 -0000 Hi all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. >From a security perspective, this document is Ready. It specifies a standard scheme that can be used to back off SPF calculations during periods of frequent IGP events, avoiding excessive resource consumption performing calculations that would be rendered redundant (or just be useless) soon. The security considerations correctly note that an attacker that can generate IGP events would be able to delay the IGP convergence time, which is true both for this scheme and all schemes previously in use. (I might use more words to say the same thing if I was writing it, but that probably reflects more on me than the document.) I do have some questions about the actual proposed FSM, though -- I suspect that I am just making some implicit assumptions that may not be grounded in reality. In particular, I am basically assuming that INITIAL_SPF_DELAY < SHORT_SPF_DELAY < LONG_SPF_DELAY < HOLDDOWN_INTERVAL. (The draft itself only has it as RECOMMENDED for SPF_INITIAL_DELAY <= SPF_SHORT_DELAY <= SPF_LONG_DELAY in Section 6, yes, with the different spellings, but has a MUST for HOLDDOWN_INTERVAL > TIME_TO_LEARN_INTERVAL.) This would potentially affect the state machine for events 1, 6, and 7. In transition 1, we say to only start the SPF_TIMER if it is not already running, but I do not see a way for it to already be running unless the HOLDDOWN_TIMER value is less than one or more of the SPF_TIMER values. Similarly, I don't see how transition 7 could ever happen, since an IGP event moves us out of the QUIET state, and I assume that the SPF_TIMER would fire before the HOLDDOWN_TIMER, since the latter is reset on every IGP event and I assume the latter has a larger value. Transition 6 is a little less clear, but is also similar -- if HOLDDOWN_TIMER is larger than LEARN_TIMER, then LEARN_TIMER must fire before HOLDDOWN_TIMER, and we leave SHORT_WAIT to go to LONG_WAIT before we could consider leaving SHORT_WAIT to go back to QUIET. So, am I making some flawed assumptions? (Are there examples of situations that clearly demonstrate the flaw?) Also, to confirm my understanding, suppose a scenario happens where an IGP participant sees an event, then a gap of 100ms, then three IGP events at equal 10ms intervals, with the SPF delays at the example values of 0/50/2000 ms and TIME_TO_LEARN of 1s. The first event triggers a SPF computation immediately, then we go to SHORT_WAIT, the first of the three events kicks off a SPF_TIMER for 50ms, which is reset by the next two events, the SPF timer fires and we recompute the SPF, then TIME_TO_LEARN fires and we go to LONG_WAIT until the HOLDDOWN_TIMER fires. Or maybe the SPF calculation takes more than 200ms, so when the second IGP event fires, we abort the currently in-progress calculation and don't start another one until 50ms after the last event? I bring this up because of the text in the second paragraph of Section 4 that talks of computing the post-failure routing table in "a single route computation". But if I understand correctly, the *single* computation only happens in the second case here, when the calculation takes some hundreds of milliseconds; otherwise we still have *two* computations (one triggered while we're in QUIET and the second triggered in SHORT_DELAY). So I'm not sure I fully understand the expected scenario. I also am probably having some problems with terminology, presumably just my misunderstanding, which hopefully can be set straight easily. In the Introduction, we have a "desire to compute a new Shortest Path First (SPF) as soon as a failure is detected", which is using SPF as it is a data structure (e.g., the result of an algorithm), whereas my intuition has SPF referring to the algorithm [class] but not its output. In section 3, we talk of "computation of the routing table, by the IGP", which gets me confused about whether "the IGP" represents a network protocol for conveying (e.g.) link state information, an algorithm for SPF computation, or a router that performs SPF computations. In section 6 we talk of "the number of protocols reactions/computations triggered by IGP SPF". Is this just in the sense of "each SPF calculation triggers a bunch of other stuff"? I think this is another case about me being confused whether "SPF" means an algorithm, a specific computation using that algorithm, etc. Some other editorial notes: It's probably better to cite RFC 8174 instead of/in addition to RFC 2119, especially since there is at least a lowercase "may" present. It's unclear that "temporally close" in "multiple temporally close failures over a short time" really adds any value, in the Introduction. In section 2, last bullet point on page 3, "SPF_DELAY timers values" probably doesn't need the plural "timers" (so, either "timer" or the possessive "timers'"), though I am mindful of the recent discussion on ietf@ about (non-)American English. The second sentence of the bullet is also a sentence fragment and not a complete sentence. SRLG is used without expansion in multiple places, but does not appear on https://www.rfc-editor.org/materials/abbrev.expansion.txt as a "well-known" abbreviation. In section 6, we find the awkward construction "play it safe and start with safe, i.e., longer timers". Probably we want to say "safe values" as the noun, and maybe consider rewording to avoid the duplicate "safe" and/or the colloquialism "play it safe". Section 8 says: [...]. FIBs are installed after multiple steps such as flooding of the IGP event across the network, SPF wait time, SPF computation, FIB distribution across line cards, and FIB update. This document only addresses the first contribution. which makes me try to match up "the first contribution" with the flooding, when I assume it's meant to match up with the SPF wait time. -Benjamin From nobody Wed Feb 14 16:38:59 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B66EB12D835 for ; Wed, 14 Feb 2018 16:38:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.209 X-Spam-Level: X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GG1GzrR5cgdz for ; Wed, 14 Feb 2018 16:38:56 -0800 (PST) Received: from mail.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38A781275C5 for ; Wed, 14 Feb 2018 16:38:56 -0800 (PST) Received: from mail.amsl.com (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTPS id 7E8FB1CAE4A for ; Wed, 14 Feb 2018 16:38:24 -0800 (PST) Received: from mail-it0-f44.google.com (mail-it0-f44.google.com [209.85.214.44]) by c8a.amsl.com (Postfix) with ESMTPSA id 5CD661CAE3C for ; Wed, 14 Feb 2018 16:38:24 -0800 (PST) Received: by mail-it0-f44.google.com with SMTP id w63so3667134ita.3 for ; Wed, 14 Feb 2018 16:38:56 -0800 (PST) X-Gm-Message-State: APf1xPAYbr3gv65sVu3npeSuvRZN8n/9fuJEAmhcJx/Gw1mp15wdpjEd IbMvZeU3nWjipPOm66ifaHoqT4+fN6XHqIeB1ns= X-Google-Smtp-Source: AH8x224t+hSojE5wr91hPRHTL0anJhSR5UjeM8LUv6f0dGF94DLKf6iZmm5AEBivWjXUj0qFDYCsSyKagRyJ63JkMxc= X-Received: by 10.36.132.76 with SMTP id h73mr1180225itd.110.1518655135555; Wed, 14 Feb 2018 16:38:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.1.68 with HTTP; Wed, 14 Feb 2018 16:38:35 -0800 (PST) From: Glen Date: Wed, 14 Feb 2018 16:38:35 -0800 X-Gmail-Original-Message-ID: Message-ID: To: secdir@ietf.org Content-Type: multipart/alternative; boundary="001a113b9308e42d3d056535734a" Archived-At: Subject: [secdir] Possible missed messages on this list X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 00:38:58 -0000 --001a113b9308e42d3d056535734a Content-Type: text/plain; charset="UTF-8" Possible missed messages on this list Dear list participants - An upgrade to the IETF's custom mail processing software today resulted in some delivery failures for *some* messages to *some* recipients on this list, over the past 3 hours. We invite you to check the mail archives for this list, at: https://mailarchive.ietf.org/arch/search/?email_list=secdir to ensure that you have received all the relevant messages for this list today. We apologize for the inconvenience. Glen -- Glen Barney IT Director AMS (IETF Secretariat) --001a113b9308e42d3d056535734a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Possible missed messages on this list

Dear list participants -
An upgrade to the IETF's custom mail processing software today resulted i= n some delivery failures for *some* messages to *some* recipients on this list, over the past 3 hours.

We invite you to check the mail archiv= es for this list, at:

https://mailarchive.ietf.org/arch/search/?email= _list=3Dsecdir

to ensure that you have received all the relevant= messages for this list today.

We apologize for the inconvenience.
Glen
--
Glen Barney
IT Director
AMS (IETF Secretariat)




--001a113b9308e42d3d056535734a-- From nobody Wed Feb 14 17:45:34 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA801126D05 for ; Wed, 14 Feb 2018 17:45:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2vbCAy8J63t for ; Wed, 14 Feb 2018 17:45:27 -0800 (PST) Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F04F31270AC for ; Wed, 14 Feb 2018 17:45:24 -0800 (PST) Received: from CMOut01 (unknown [10.0.90.82]) by gproxy3.mail.unifiedlayer.com (Postfix) with ESMTP id A7117400FF for ; Wed, 14 Feb 2018 18:45:24 -0700 (MST) Received: from box313.bluehost.com ([69.89.31.113]) by CMOut01 with id AplM1x00P2SSUrH01plQEl; Wed, 14 Feb 2018 18:45:24 -0700 X-Authority-Analysis: v=2.2 cv=Rf/gMxlv c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=Op4juWPpsa0A:10 a=48vgC7mUAAAA:8 a=NU8yDOOJHQZyhqKhIhMA:9 a=QEXdDO2ut3YA:10 a=w1C3t2QeGrPiZgrLijVG:22 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fVNVvbR01nJs0GsVwnEYpO/SiEYgLQO4adGS0tN1+XA=; b=T2twDP8m4TwsE+ZD54ocxHCEBU S0jv0mYLXYtST3ewA47EMXjQ7NQd5PPE+7FA99coC1btbCQLKeJz0vixQ/ASquG6oNpCMUyCGmw7l W/V0OU+LdafjDvNLPgWt3bM1u; Received: from pool-100-15-86-101.washdc.fios.verizon.net ([100.15.86.101]:43518 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from ) id 1em8bx-003Pmi-FS; Wed, 14 Feb 2018 18:45:21 -0700 To: Taylor Yu , iesg@ietf.org, secdir@ietf.org, draft-ietf-rtgwg-lne-model.all@ietf.org References: From: Lou Berger Message-ID: <46f5f092-3131-fd5d-2d4e-3acbf9bc06de@labn.net> Date: Wed, 14 Feb 2018 20:45:19 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box313.bluehost.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - labn.net X-BWhitelist: no X-Source-IP: 100.15.86.101 X-Exim-ID: 1em8bx-003Pmi-FS X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: pool-100-15-86-101.washdc.fios.verizon.net ([IPv6:::1]) [100.15.86.101]:43518 X-Source-Auth: lberger@labn.net X-Email-Count: 27 X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ== X-Local-Domain: yes Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-lne-model-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 01:45:29 -0000 Hi Taylor,     Please see responses below. On 2/6/2018 7:40 PM, Taylor Yu wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > The summary of the review is Ready With Issues. > > I agree somewhat with the Major Concerns in Russ Housley's Gen-ART > review > https://datatracker.ietf.org/doc/review-ietf-rtgwg-lne-model-05-genart-lc-housley-2018-01-20/ > although I disagree that it makes the document Not Ready. > >> Major Concerns: >> >> Section 4 listed three data nodes that are sensitive or vulnerable: >> - /logical-network-elements/logical-network-element >> - /logical-network-elements/logical-network-element/managed >> - /if:interfaces/if:interface/bind-lne-name >> >> All three of them deserve a bit more discussion, although the middle >> one is covered in much more detail than the other two. If a bad actor >> gets "unauthorized access" is there something more specific about each >> of these that can be said? The characterization of "network >> malfunctions, delivery of packets to inappropriate destinations, and >> other problems" seems very broad. Consequences that are specific to >> these data nodes would be more helpful to the reader. > My limited understanding is that there is a lot of variation in the > security impact among specific equipment models and deployment > scenarios. Therefore, they would likely need to be analyzed on a > case-by-case basis. Perhaps there should be Security Considerations > text to this effect, maybe with some broad guidance about how to do such > an analysis? I think this is still a little too vague for me to know what to add. On the other hand... > For example, does changing the "bind-lne-name" of an interface have the > effect of making it unavailable to the LNE it was previously associated > with, while providing the new LNE with an unconfigured new interface? > Or does it also carry some configuration or routing state from the > former LNE with it to the new LNE? The latter might have a greater > security impact. This is *very* helpful, we in fact have considered this case under the general text, but highlighting in here makes perfect senses. How about:      Implementations should pay particular attention to when       changes to this leaf are permitted as removal of an interface from       an LNE can have major impact on the LNEs operation as it is       similar to physically removing an interface from the       device. Implementations can reject an reassignment using the       previously described error message generation. > This final paragraph in the Security Considerations of this document > seems copied almost verbatim from that of RFC 8022: > >> Unauthorized access to any of these lists can adversely affect the >> security of both the local device and the network. This may lead to >> network malfunctions, delivery of packets to inappropriate >> destinations, and other problems. > That seems to have been acceptable for RFC 8022, but perhaps we should > do better here? Or do we follow the precedent that this level of > detail in the Security Considerations of YANG specifications is > acceptable? Note that https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines doesn't include this text so if you'd like we can remove it to remain consistent with current guidelines. Thank you for the comments! Lou > Best regards, > -Taylor > From nobody Thu Feb 15 08:17:25 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C6B12D949; Thu, 15 Feb 2018 08:17:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.629 X-Spam-Level: X-Spam-Status: No, score=-2.629 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HV57aFtuedxY; Thu, 15 Feb 2018 08:17:16 -0800 (PST) Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A207126B7E; Thu, 15 Feb 2018 08:17:16 -0800 (PST) Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id 14DF340E56; Thu, 15 Feb 2018 17:17:15 +0100 (CET) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.42]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id E72F71A0054; Thu, 15 Feb 2018 17:17:14 +0100 (CET) Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM41.corporate.adroot.infra.ftgroup ([fe80::c845:f762:8997:ec86%19]) with mapi id 14.03.0382.000; Thu, 15 Feb 2018 17:17:14 +0100 From: To: Benjamin Kaduk , "Acee Lindem (acee)" CC: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" Thread-Topic: secdir review of draft-ietf-rtgwg-backoff-algo-07 Thread-Index: AQHTpdhC0cjOCtUzOESk7b49x53dv6OlOZOg Date: Thu, 15 Feb 2018 16:17:14 +0000 Message-ID: <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> References: <20180214211017.GI12363@mit.edu> In-Reply-To: <20180214211017.GI12363@mit.edu> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.4] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 16:17:19 -0000 Hi Benjamin,=20 Many thanks for your careful and useful review. Please see inline [Bruno] the proposed resolution. Regarding the posting of draft -08, I'd propose to wait 24H for your possib= le follow up, plus possible OPSDIR & GENART review; unless Alia has other i= nstructions. (Note that I'll be on PTO next week). Acee, There are a few questions for you. Please looks for "Acee, any opinion on t= his?" > -----Original Message----- > From: Benjamin Kaduk [mailto:kaduk@mit.edu] > Sent: Wednesday, February 14, 2018 10:10 PM > To: draft-ietf-rtgwg-backoff-algo.all@ietf.org; iesg@ietf.org; secdir@ie= tf.org > Subject: secdir review of draft-ietf-rtgwg-backoff-algo-07 >=20 > Hi all, >=20 > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. >=20 > >From a security perspective, this document is Ready.=20 =20 [Bruno] Excellent, thanks. > It specifies a > standard scheme that can be used to back off SPF calculations during > periods of frequent IGP events, avoiding excessive resource > consumption performing calculations that would be rendered redundant > (or just be useless) soon. The security considerations correctly > note that an attacker that can generate IGP events would be able to > delay the IGP convergence time, which is true both for this scheme > and all schemes previously in use. (I might use more words to say > the same thing if I was writing it, but that probably reflects more > on me than the document.) >=20 >=20 > I do have some questions about the actual proposed FSM, though -- I > suspect that I am just making some implicit assumptions that may not > be grounded in reality. In particular, I am basically assuming that > INITIAL_SPF_DELAY < SHORT_SPF_DELAY < LONG_SPF_DELAY < > HOLDDOWN_INTERVAL. (The draft itself only has it as RECOMMENDED for > SPF_INITIAL_DELAY <=3D SPF_SHORT_DELAY <=3D SPF_LONG_DELAY in Section 6, > yes, with the different spellings, but has a MUST for > HOLDDOWN_INTERVAL > TIME_TO_LEARN_INTERVAL.) > This would potentially affect the state machine for events 1, 6, and > 7. [Bruno] Thanks for detecting the misspelling. Corrected.=20 =20 > In transition 1, we say to only start the SPF_TIMER if it is not already > running, but I do not see a way for it to already be running unless > the HOLDDOWN_TIMER value is less than one or more of the SPF_TIMER > values. =20 [Bruno] I agree. 2 comments: - IMO, it feels safer to check that SPF_TIMER is not already running, plus = this is more consistent with other states - As you have noted, the draft does not mandate that HOLDDOWN_TIMER > *_SPF= _DELAY. Hence this check is indeed required. =20 > Similarly, I don't see how transition 7 could ever happen, since an IGP > event moves us out of the QUIET state, and I assume that the > SPF_TIMER would fire before the HOLDDOWN_TIMER, since the latter is > reset on every IGP event and I assume the latter has a larger value. =20 [Bruno] Same answer: the draft does not mandate that HOLDDOWN_TIMER > *_SPF= _DELAY. > Transition 6 is a little less clear, but is also similar -- if > HOLDDOWN_TIMER is larger than LEARN_TIMER, then LEARN_TIMER must > fire before HOLDDOWN_TIMER, and we leave SHORT_WAIT to go to > LONG_WAIT before we could consider leaving SHORT_WAIT to go back to > QUIET. =20 [Bruno] I agree with you. i.e. transition 6 should never be used if HOLDDOW= N_INTERVAL > TIME_TO_LEARN_INTERVAL which is a MUST in the draft. At this point, I'd rather keep it as this gives more robustness to the FSM.= (I'm not fully confident that any implementation/configuration interface w= ould enforce it) Also, during previous reviews, we were rather asked to ind= icate more/all transitions rather than main ones. However, I'm open to other opinions. Acee, any opinion on this? =20 > So, am I making some flawed assumptions? (Are there examples of > situations that clearly demonstrate the flaw?) =20 [Bruno]=20 Your assumptions are logical but not mandated by the draft, hence the FSM n= eeds to work even without those assumptions. One could argue that your assumptions are valid. But another one may argue = that he wants freedom in choosing the timers' value; plus that the FSM shou= ld be robust to any timers' values. =20 > Also, to confirm my understanding, suppose a scenario happens where > an IGP participant sees an event, then a gap of 100ms, then three > IGP events at equal 10ms intervals, with the SPF delays at the > example values of 0/50/2000 ms and TIME_TO_LEARN of 1s. The first > event triggers a SPF computation immediately, then we go to > SHORT_WAIT, the first of the three events kicks off a SPF_TIMER for > 50ms,=20 [Bruno] Agreed > which is reset by the next two events, [Bruno] I don't think I agree. This case is handle by transition "2: IGP event" which triggers the followi= ng actions o Reset HOLDDOWN_TIMER to HOLDDOWN_INTERVAL. o If SPF_TIMER is not already running, start it with value SHORT_= SPF_DELAY. o Remain in current state. So in your example, the second (of the three events) arrives 10ms after the= start of the 50ms SPF_TIMER. i.e. SPF_TIMER is already running and hence n= ot changed. > the SPF timer fires and > we recompute the SPF, then TIME_TO_LEARN fires and we go to > LONG_WAIT until the HOLDDOWN_TIMER fires. [Bruno] Agreed with the above. > Or maybe the SPF > calculation takes more than 200ms, so when the second IGP event > fires, we abort the currently in-progress calculation and don't > start another one until 50ms after the last event?=20 [Bruno] The FSM does not take into account the SPF computation time. Hence = the behavior is not changed by the SPF computation time. The draft does not talk about aborting the SPF computation. I guess that on= e implementation may choose to abort the SPF computation, but it must not c= hange the FSM state/timers due to this abortion. (otherwise, this implement= ation would be out of sync with other nodes/implementations) > I bring this up > because of the text in the second paragraph of Section 4 that talks > of computing the post-failure routing table in "a single route > computation". [Bruno] The point is the number of SPF computation may be lower than the nu= mber of IGP events. In the FSM, this is achieved with the following action " o If SPF_TIMER is= not already running, start it with value LONG_SPF_DELAY.". Which, IOW (neg= ation form), says that if the SPF_TIMER is already running, we do nothing (= new) and hence the new IGP event do not trigger an additional SPF computati= on. > But if I understand correctly, the *single* > computation only happens in the second case here, when the > calculation takes some hundreds of milliseconds; otherwise we still > have *two* computations (one triggered while we're in QUIET and the > second triggered in SHORT_DELAY). So I'm not sure I fully > understand the expected scenario. =20 [Bruno] The expected scenario is that multiple IGP events may be handled by= a single SPF computation. The typical real life situation is a node failure. This is a single failure= but a link state IGP will trigger and flood N IGP_events (one per IGP neig= hbors of the failed node). This is because (in short) an IGP link state can= not advertise the failure of a node, but only the failure of a link.=20 Ideally, we should wait for these N IGP_events before computing the SPF com= putations because: - it's only by taking into account the N IGP_events that we correctly refle= ct the real network topology (i.e. the node failure). - computing an SPF before receiving all N events, will require computing an= other SPF shortly after. i.e. the first computation is wasted ressources. The issue is that we don't know how many IGP events we should wait for. Hen= ce the FSM defines and uses duration "TIME_TO_LEARN_INTERVAL". This duratio= n "should" be able to be evaluated a priori by the network operator (as it = is the max of the detection time, origination time, and flooding time). > I also am probably having some problems with terminology, presumably > just my misunderstanding, which hopefully can be set straight > easily. =20 [Bruno] Please comment/ask questions if the above is not clear or does not = address your point. =20 > In the Introduction, we have a "desire to compute a new Shortest > Path First (SPF) as soon as a failure is detected", which is using > SPF as it is a data structure (e.g., the result of an algorithm), > whereas my intuition has SPF referring to the algorithm [class] but > not its output. =20 [Bruno] You are right that SPF is the algo (and SPT the result). Unfortunately, this gets too subtle for my level of English. "Acee, any op= inion on this?" =20 > In section 3, we talk of "computation of the routing table, by the > IGP", which gets me confused about whether "the IGP" represents a > network protocol for conveying (e.g.) link state information, an > algorithm for SPF computation, or a router that performs SPF > computations. =20 [Bruno] IGP is usually a protocol. In this sentence, it is meant as the IGP= process of the router. Again, I'm open to reformulation. "Acee, any opinion on this?" =20 > In section 6 we talk of "the number of protocols > reactions/computations triggered by IGP SPF". Is this just in the sense > of "each SPF calculation triggers a bunch of other stuff"?=20 [Bruno] Yes, exactly. Again by "protocol reaction" it's meant router's proc= esses implementing those protocols. FYI, typical protocol I could think of are BGP and PCE, but possibly other = IGP (like) in case of route redistribution. > I think > this is another case about me being confused whether "SPF" means an > algorithm, a specific computation using that algorithm, etc. =20 [Bruno] I agree that this is the same case. "Acee, any opinion on this?" >=20 >=20 > Some other editorial notes: >=20 > It's probably better to cite RFC 8174 instead of/in addition to RFC > 2119, especially since there is at least a lowercase "may" present. =20 [Bruno] ok, done. =20 > It's unclear that "temporally close" in "multiple temporally close > failures over a short time" really adds any value, in the > Introduction. =20 [Bruno] ok, done: OLD: However, when the network is experiencing multiple temporally close fa= ilures over a short period of time, there is a conflicting desire to limit = the frequency of SPF computations. NEW: However, when the network is experiencing multiple failures over a sho= rt period of time, there is a conflicting desire to limit the frequency of = SPF computations. =20 > In section 2, last bullet point on page 3, "SPF_DELAY timers values" > probably doesn't need the plural "timers" (so, either "timer" or > the possessive "timers'"), though I am mindful of the recent > discussion on ietf@ about (non-)American English. The second > sentence of the bullet is also a sentence fragment and not a > complete sentence. [Bruno] ok: - I trust you on your first point and picked the possessive option - I agree with you on the second point Currently changed to: OLD: Always try to avoid different SPF_DELAY timers values across different rout= ers in the area/level. Even though not all routers will receive IGP message= s at the same time, due to differences both in the distance from the origin= ator of the IGP event and in flooding implementations. NEW: Always try to avoid different SPF_DELAY timers' values across different rou= ters in the area/level. This requires specific consideration as different r= outers may receive IGP messages at different interval or even order, due to= differences both in the distance from the originator of the IGP event and = in flooding implementations. That being said, I'm not a native English speaker and Acee is kind enough t= o spend time correcting my errors. Therefore, Acee and obviously the RFC ed= itor may further edit this text. =20 > SRLG is used without expansion in multiple places, but does not > appear on https://www.rfc-editor.org/materials/abbrev.expansion.txt > as a "well-known" abbreviation. [Bruno] ok, expanded on first use. =20 =20 > In section 6, we find the awkward construction "play it safe and > start with safe, i.e., longer timers". Probably we want to say > "safe values" as the noun, and maybe consider rewording to avoid the > duplicate "safe" and/or the colloquialism "play it safe". =20 [Bruno] ok OLD: In case of doubt, it's RECOMMENDED to play it safe and start with safe= , i.e., longer timers. NEW: In case of doubt, it's RECOMMENDED to start with safer (i.e. longer) t= imer values. Again, text may be subject to further revision. =20 > Section 8 says: >=20 > [...]. FIBs > are installed after multiple steps such as flooding of the IGP event > across the network, SPF wait time, SPF computation, FIB distribution > across line cards, and FIB update. This document only addresses the > first contribution. >=20 > which makes me try to match up "the first contribution" with the > flooding, when I assume it's meant to match up with the SPF wait > time. =20 [Bruno] You are absolute right. Thanks for the catch. OLD: FIBs are installed after multiple steps such as flooding of the IGP e= vent across the network, SPF wait time, SPF computation, FIB distribution a= cross line cards, and FIB update. This document only addresses the first co= ntribution. NEW: FIBs are installed after multiple steps such as flooding of the IGP ev= ent across the network, SPF wait time, SPF computation, FIB distribution ac= ross line cards, and FIB update. This document only addresses the contribut= ion from the SPF wait time. Thanks again for your careful review. --Bruno=20 > -Benjamin ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Thu Feb 15 11:50:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC0E120227; Thu, 15 Feb 2018 11:50:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bza0mOhzKH4e; Thu, 15 Feb 2018 11:50:37 -0800 (PST) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29347124D68; Thu, 15 Feb 2018 11:50:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24788; q=dns/txt; s=iport; t=1518724237; x=1519933837; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=UTRJ41sqLfsJocU2B+uo2K0WAFSD687VHDSV6taga5A=; b=DsvYhe1jjZt6LRtVjSJ5sN1Ga1NYoMRPjgOYWvg9/rD4vDeh7nhqlt/7 biYefg+40bWbTZjaAqTmn69/lPP2EYECzlfslII11gOXnVE5L3QpCsmwu v/PL68OP9dP1Bdat8xtczmxmT+si6b9mDFy0mdMAVKfyZLeRIYLGidbEu c=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DPAACw44Va/5FdJa1dDgsBAQEBAQEBA?= =?us-ascii?q?QEBAQEHAQEBAQGDJS1mPwEwKAqDW4oljgOCAoEXlkUVggMKI4UYAhqCKFQYAQI?= =?us-ascii?q?BAQEBAQECayiFIwEBAQMBIxFFDAQCAQgRBAEBAwIREgMCAgIwFAEICAIEAQ0FG?= =?us-ascii?q?YoUCBCvDoIniHeCEwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ+DdIIngz8pgwW?= =?us-ascii?q?EXRIBDAYBCBcXKIJYMYI0BYpliWCFL4o+CQKMJoldDoIRhiqLfYsWjFkCERkBg?= =?us-ascii?q?TsBHzlgcXAVZwGCG4JVHIEKAQI6P3gBAYtHAQQKGIENgRkBAQE?= X-IronPort-AV: E=Sophos;i="5.46,517,1511827200"; d="scan'208";a="70842280" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Feb 2018 19:50:36 +0000 Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w1FJoZlm019145 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 15 Feb 2018 19:50:35 GMT Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 15 Feb 2018 14:50:34 -0500 Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Thu, 15 Feb 2018 14:50:34 -0500 From: "Acee Lindem (acee)" To: "bruno.decraene@orange.com" , Benjamin Kaduk CC: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" Thread-Topic: secdir review of draft-ietf-rtgwg-backoff-algo-07 Thread-Index: AQHTpdhDc67BJzvH8k6BmQGZavRxVaOl+QIA///nyIA= Date: Thu, 15 Feb 2018 19:50:34 +0000 Message-ID: References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> In-Reply-To: <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.152.195] Content-Type: text/plain; charset="utf-8" Content-ID: <262C937A8E89424AA76F866649628DDD@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2018 19:50:41 -0000 SGkgQnJ1bm8sIEJlbmphbWluLCANCg0KVGhhbmtzIHRvIEJlbmphbWluIGZvciByZXZpZXcgYW5k IEJydW5vIGZvciB0aGUgZGV0YWlsZWQgcmVzcG9uc2UuIFNlZSBteSByZXNwb25zZXMgcHJlY2Vk ZWQgYnkgW0FjZWVdLiANCg0KDQrvu79PbiAyLzE1LzE4LCAxMToxNyBBTSwgImJydW5vLmRlY3Jh ZW5lQG9yYW5nZS5jb20iIDxicnVuby5kZWNyYWVuZUBvcmFuZ2UuY29tPiB3cm90ZToNCg0KICAg IEhpIEJlbmphbWluLCANCiAgICANCiAgICBNYW55IHRoYW5rcyBmb3IgeW91ciBjYXJlZnVsIGFu ZCB1c2VmdWwgcmV2aWV3Lg0KICAgIFBsZWFzZSBzZWUgaW5saW5lIFtCcnVub10gdGhlIHByb3Bv c2VkIHJlc29sdXRpb24uDQogICAgDQogICAgUmVnYXJkaW5nIHRoZSBwb3N0aW5nIG9mIGRyYWZ0 IC0wOCwgSSdkIHByb3Bvc2UgdG8gd2FpdCAyNEggZm9yIHlvdXIgcG9zc2libGUgZm9sbG93IHVw LCBwbHVzIHBvc3NpYmxlIE9QU0RJUiAmIEdFTkFSVCByZXZpZXc7IHVubGVzcyBBbGlhIGhhcyBv dGhlciBpbnN0cnVjdGlvbnMuIChOb3RlIHRoYXQgSSdsbCBiZSBvbiBQVE8gbmV4dCB3ZWVrKS4N CiAgICANCiAgICBBY2VlLA0KICAgIFRoZXJlIGFyZSBhIGZldyBxdWVzdGlvbnMgZm9yIHlvdS4g UGxlYXNlIGxvb2tzIGZvciAiQWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8iDQogICAgDQogICAg DQogICAgID4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCiAgICAgPiBGcm9tOiBCZW5qYW1p biBLYWR1ayBbbWFpbHRvOmthZHVrQG1pdC5lZHVdDQogICAgID4gU2VudDogV2VkbmVzZGF5LCBG ZWJydWFyeSAxNCwgMjAxOCAxMDoxMCBQTQ0KICAgICA+IFRvOiBkcmFmdC1pZXRmLXJ0Z3dnLWJh Y2tvZmYtYWxnby5hbGxAaWV0Zi5vcmc7IGllc2dAaWV0Zi5vcmc7IHNlY2RpckBpZXRmLm9yZw0K ICAgICA+IFN1YmplY3Q6IHNlY2RpciByZXZpZXcgb2YgZHJhZnQtaWV0Zi1ydGd3Zy1iYWNrb2Zm LWFsZ28tMDcNCiAgICAgPiANCiAgICAgPiBIaSBhbGwsDQogICAgID4gDQogICAgID4gSSBoYXZl IHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0b3Jh dGUncw0KICAgICA+IG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMg YmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZQ0KICAgICA+IElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJl IHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUNCiAgICAgPiBzZWN1cml0 eSBhcmVhIGRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNoYWlycyBzaG91bGQg dHJlYXQNCiAgICAgPiB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2UgYW55IG90aGVyIGxhc3QgY2Fs bCBjb21tZW50cy4NCiAgICAgPiANCiAgICAgPiA+RnJvbSBhIHNlY3VyaXR5IHBlcnNwZWN0aXZl LCB0aGlzIGRvY3VtZW50IGlzIFJlYWR5LiANCiAgICAgDQogICAgW0JydW5vXSBFeGNlbGxlbnQs IHRoYW5rcy4NCiAgICANCiAgICAgPiAgSXQgc3BlY2lmaWVzIGENCiAgICAgPiBzdGFuZGFyZCBz Y2hlbWUgdGhhdCBjYW4gYmUgdXNlZCB0byBiYWNrIG9mZiBTUEYgY2FsY3VsYXRpb25zIGR1cmlu Zw0KICAgICA+IHBlcmlvZHMgb2YgZnJlcXVlbnQgSUdQIGV2ZW50cywgYXZvaWRpbmcgZXhjZXNz aXZlIHJlc291cmNlDQogICAgID4gY29uc3VtcHRpb24gcGVyZm9ybWluZyBjYWxjdWxhdGlvbnMg dGhhdCB3b3VsZCBiZSByZW5kZXJlZCByZWR1bmRhbnQNCiAgICAgPiAob3IganVzdCBiZSB1c2Vs ZXNzKSBzb29uLiAgVGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGNvcnJlY3RseQ0KICAgICA+ IG5vdGUgdGhhdCBhbiBhdHRhY2tlciB0aGF0IGNhbiBnZW5lcmF0ZSBJR1AgZXZlbnRzIHdvdWxk IGJlIGFibGUgdG8NCiAgICAgPiBkZWxheSB0aGUgSUdQIGNvbnZlcmdlbmNlIHRpbWUsIHdoaWNo IGlzIHRydWUgYm90aCBmb3IgdGhpcyBzY2hlbWUNCiAgICAgPiBhbmQgYWxsIHNjaGVtZXMgcHJl dmlvdXNseSBpbiB1c2UuICAoSSBtaWdodCB1c2UgbW9yZSB3b3JkcyB0byBzYXkNCiAgICAgPiB0 aGUgc2FtZSB0aGluZyBpZiBJIHdhcyB3cml0aW5nIGl0LCBidXQgdGhhdCBwcm9iYWJseSByZWZs ZWN0cyBtb3JlDQogICAgID4gb24gbWUgdGhhbiB0aGUgZG9jdW1lbnQuKQ0KICAgICA+IA0KICAg ICA+IA0KICAgICA+IEkgZG8gaGF2ZSBzb21lIHF1ZXN0aW9ucyBhYm91dCB0aGUgYWN0dWFsIHBy b3Bvc2VkIEZTTSwgdGhvdWdoIC0tIEkNCiAgICAgPiBzdXNwZWN0IHRoYXQgSSBhbSBqdXN0IG1h a2luZyBzb21lIGltcGxpY2l0IGFzc3VtcHRpb25zIHRoYXQgbWF5IG5vdA0KICAgICA+IGJlIGdy b3VuZGVkIGluIHJlYWxpdHkuICBJbiBwYXJ0aWN1bGFyLCBJIGFtIGJhc2ljYWxseSBhc3N1bWlu ZyB0aGF0DQogICAgID4gSU5JVElBTF9TUEZfREVMQVkgPCBTSE9SVF9TUEZfREVMQVkgPCBMT05H X1NQRl9ERUxBWSA8DQogICAgID4gSE9MRERPV05fSU5URVJWQUwuICAoVGhlIGRyYWZ0IGl0c2Vs ZiBvbmx5IGhhcyBpdCBhcyBSRUNPTU1FTkRFRCBmb3INCiAgICAgPiBTUEZfSU5JVElBTF9ERUxB WSA8PSBTUEZfU0hPUlRfREVMQVkgPD0gU1BGX0xPTkdfREVMQVkgaW4gU2VjdGlvbiA2LA0KICAg ICA+IHllcywgd2l0aCB0aGUgZGlmZmVyZW50IHNwZWxsaW5ncywgYnV0IGhhcyBhIE1VU1QgZm9y DQogICAgID4gSE9MRERPV05fSU5URVJWQUwgPiBUSU1FX1RPX0xFQVJOX0lOVEVSVkFMLikNCiAg ICAgPiBUaGlzIHdvdWxkIHBvdGVudGlhbGx5IGFmZmVjdCB0aGUgc3RhdGUgbWFjaGluZSBmb3Ig ZXZlbnRzIDEsIDYsIGFuZA0KICAgICA+IDcuDQogICAgDQogICAgW0JydW5vXSBUaGFua3MgZm9y IGRldGVjdGluZyB0aGUgbWlzc3BlbGxpbmcuIENvcnJlY3RlZC4gDQogICAgIA0KICAgICA+IElu IHRyYW5zaXRpb24gMSwgd2Ugc2F5IHRvIG9ubHkgc3RhcnQgdGhlIFNQRl9USU1FUiBpZiBpdCBp cyBub3QgYWxyZWFkeQ0KICAgICA+IHJ1bm5pbmcsIGJ1dCBJIGRvIG5vdCBzZWUgYSB3YXkgZm9y IGl0IHRvIGFscmVhZHkgYmUgcnVubmluZyB1bmxlc3MNCiAgICAgPiB0aGUgSE9MRERPV05fVElN RVIgdmFsdWUgaXMgbGVzcyB0aGFuIG9uZSBvciBtb3JlIG9mIHRoZSBTUEZfVElNRVINCiAgICAg PiB2YWx1ZXMuDQogICAgIA0KICAgIFtCcnVub10gSSBhZ3JlZS4NCiAgICAyIGNvbW1lbnRzOg0K ICAgIC0gSU1PLCBpdCBmZWVscyBzYWZlciB0byBjaGVjayB0aGF0IFNQRl9USU1FUiBpcyBub3Qg YWxyZWFkeSBydW5uaW5nLCBwbHVzIHRoaXMgaXMgbW9yZSBjb25zaXN0ZW50IHdpdGggb3RoZXIg c3RhdGVzDQogICAgLSBBcyB5b3UgaGF2ZSBub3RlZCwgdGhlIGRyYWZ0IGRvZXMgbm90IG1hbmRh dGUgdGhhdCBIT0xERE9XTl9USU1FUiA+ICpfU1BGX0RFTEFZLiBIZW5jZSB0aGlzIGNoZWNrIGlz IGluZGVlZCByZXF1aXJlZC4NCiAgICAgDQogICAgID4gU2ltaWxhcmx5LCBJIGRvbid0IHNlZSBo b3cgdHJhbnNpdGlvbiA3IGNvdWxkIGV2ZXIgaGFwcGVuLCBzaW5jZSBhbiBJR1ANCiAgICAgPiBl dmVudCBtb3ZlcyB1cyBvdXQgb2YgdGhlIFFVSUVUIHN0YXRlLCBhbmQgSSBhc3N1bWUgdGhhdCB0 aGUNCiAgICAgPiBTUEZfVElNRVIgd291bGQgZmlyZSBiZWZvcmUgdGhlIEhPTERET1dOX1RJTUVS LCBzaW5jZSB0aGUgbGF0dGVyIGlzDQogICAgID4gcmVzZXQgb24gZXZlcnkgSUdQIGV2ZW50IGFu ZCBJIGFzc3VtZSB0aGUgbGF0dGVyIGhhcyBhIGxhcmdlciB2YWx1ZS4NCiAgICAgDQogICAgW0Jy dW5vXSBTYW1lIGFuc3dlcjogdGhlIGRyYWZ0IGRvZXMgbm90IG1hbmRhdGUgdGhhdCBIT0xERE9X Tl9USU1FUiA+ICpfU1BGX0RFTEFZLg0KICAgIA0KICAgICA+IFRyYW5zaXRpb24gNiBpcyBhIGxp dHRsZSBsZXNzIGNsZWFyLCBidXQgaXMgYWxzbyBzaW1pbGFyIC0tIGlmDQogICAgID4gSE9MRERP V05fVElNRVIgaXMgbGFyZ2VyIHRoYW4gTEVBUk5fVElNRVIsIHRoZW4gTEVBUk5fVElNRVIgbXVz dA0KICAgICA+IGZpcmUgYmVmb3JlIEhPTERET1dOX1RJTUVSLCBhbmQgd2UgbGVhdmUgU0hPUlRf V0FJVCB0byBnbyB0bw0KICAgICA+IExPTkdfV0FJVCBiZWZvcmUgd2UgY291bGQgY29uc2lkZXIg bGVhdmluZyBTSE9SVF9XQUlUIHRvIGdvIGJhY2sgdG8NCiAgICAgPiBRVUlFVC4NCiAgICAgDQog ICAgW0JydW5vXSBJIGFncmVlIHdpdGggeW91LiBpLmUuIHRyYW5zaXRpb24gNiBzaG91bGQgbmV2 ZXIgYmUgdXNlZCBpZiBIT0xERE9XTl9JTlRFUlZBTCA+IFRJTUVfVE9fTEVBUk5fSU5URVJWQUwg d2hpY2ggaXMgYSBNVVNUIGluIHRoZSBkcmFmdC4NCiAgICBBdCB0aGlzIHBvaW50LCBJJ2QgcmF0 aGVyIGtlZXAgaXQgYXMgdGhpcyBnaXZlcyBtb3JlIHJvYnVzdG5lc3MgdG8gdGhlIEZTTS4gKEkn bSBub3QgZnVsbHkgY29uZmlkZW50IHRoYXQgYW55IGltcGxlbWVudGF0aW9uL2NvbmZpZ3VyYXRp b24gaW50ZXJmYWNlIHdvdWxkIGVuZm9yY2UgaXQpIEFsc28sIGR1cmluZyBwcmV2aW91cyByZXZp ZXdzLCB3ZSB3ZXJlIHJhdGhlciBhc2tlZCB0byBpbmRpY2F0ZSBtb3JlL2FsbCB0cmFuc2l0aW9u cyByYXRoZXIgdGhhbiBtYWluIG9uZXMuDQogICAgSG93ZXZlciwgSSdtIG9wZW4gdG8gb3RoZXIg b3BpbmlvbnMuDQogICAgQWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8NCg0KW0FjZWVdIEkgYWdy ZWUgd2Ugc2hvdWxkIGtlZXAgaXQgYmFzZWQgb24gdGhlIGRyYWZ0IGhpc3RvcnkuIA0KDQogICBU cmFuc2l0aW9uIDY6IEhPTERET1dOX1RJTUVSIGV4cGlyYXRpb24sIHdoaWxlIGluIFNIT1JUX1dB SVQuIFRoaXMNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cmFuc2l0aW9uIHdvdWxkIG5v cm1hbGx5IG5vdCBvY2N1ciBzaW5jZQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIChIT0xE RE9XTl9JTlRFUlZBTCA+IFRJTUVfVE9fTEVBUk5fSU5URVJWQUwpLiANCiAgICANCiAgICAgDQog ICAgID4gU28sIGFtIEkgbWFraW5nIHNvbWUgZmxhd2VkIGFzc3VtcHRpb25zPyAgKEFyZSB0aGVy ZSBleGFtcGxlcyBvZg0KICAgICA+IHNpdHVhdGlvbnMgdGhhdCBjbGVhcmx5IGRlbW9uc3RyYXRl IHRoZSBmbGF3PykNCiAgICAgDQogICAgW0JydW5vXSANCiAgICBZb3VyIGFzc3VtcHRpb25zIGFy ZSBsb2dpY2FsIGJ1dCBub3QgbWFuZGF0ZWQgYnkgdGhlIGRyYWZ0LCBoZW5jZSB0aGUgRlNNIG5l ZWRzIHRvIHdvcmsgZXZlbiB3aXRob3V0IHRob3NlIGFzc3VtcHRpb25zLg0KICAgIE9uZSBjb3Vs ZCBhcmd1ZSB0aGF0IHlvdXIgYXNzdW1wdGlvbnMgYXJlIHZhbGlkLiBCdXQgYW5vdGhlciBvbmUg bWF5IGFyZ3VlIHRoYXQgaGUgd2FudHMgZnJlZWRvbSBpbiBjaG9vc2luZyB0aGUgdGltZXJzJyB2 YWx1ZTsgcGx1cyB0aGF0IHRoZSBGU00gc2hvdWxkIGJlIHJvYnVzdCB0byBhbnkgdGltZXJzJyB2 YWx1ZXMuDQogICAgIA0KICAgICA+IEFsc28sIHRvIGNvbmZpcm0gbXkgdW5kZXJzdGFuZGluZywg c3VwcG9zZSBhIHNjZW5hcmlvIGhhcHBlbnMgd2hlcmUNCiAgICAgPiBhbiBJR1AgcGFydGljaXBh bnQgc2VlcyBhbiBldmVudCwgdGhlbiBhIGdhcCBvZiAxMDBtcywgdGhlbiB0aHJlZQ0KICAgICA+ IElHUCBldmVudHMgYXQgZXF1YWwgMTBtcyBpbnRlcnZhbHMsIHdpdGggdGhlIFNQRiBkZWxheXMg YXQgdGhlDQogICAgID4gZXhhbXBsZSB2YWx1ZXMgb2YgMC81MC8yMDAwIG1zIGFuZCBUSU1FX1RP X0xFQVJOIG9mIDFzLiAgVGhlIGZpcnN0DQogICAgID4gZXZlbnQgdHJpZ2dlcnMgYSBTUEYgY29t cHV0YXRpb24gaW1tZWRpYXRlbHksIHRoZW4gd2UgZ28gdG8NCiAgICAgPiBTSE9SVF9XQUlULCB0 aGUgZmlyc3Qgb2YgdGhlIHRocmVlIGV2ZW50cyBraWNrcyBvZmYgYSBTUEZfVElNRVIgZm9yDQog ICAgID4gNTBtcywgDQogICAgDQogICAgW0JydW5vXSBBZ3JlZWQNCiAgICANCiAgICAgPiB3aGlj aCBpcyByZXNldCBieSB0aGUgbmV4dCB0d28gZXZlbnRzLA0KICAgIA0KICAgIFtCcnVub10gSSBk b24ndCB0aGluayBJIGFncmVlLg0KICAgIFRoaXMgY2FzZSBpcyBoYW5kbGUgYnkgdHJhbnNpdGlv biAiMjogSUdQIGV2ZW50IiB3aGljaCB0cmlnZ2VycyB0aGUgZm9sbG93aW5nIGFjdGlvbnMNCiAg ICANCiAgICAgICAgICAgIG8gIFJlc2V0IEhPTERET1dOX1RJTUVSIHRvIEhPTERET1dOX0lOVEVS VkFMLg0KICAgICAgICAgICAgbyAgSWYgU1BGX1RJTUVSIGlzIG5vdCBhbHJlYWR5IHJ1bm5pbmcs IHN0YXJ0IGl0IHdpdGggdmFsdWUgIFNIT1JUX1NQRl9ERUxBWS4NCiAgICAgICAgICAgIG8gIFJl bWFpbiBpbiBjdXJyZW50IHN0YXRlLg0KICAgIA0KICAgIA0KICAgIFNvIGluIHlvdXIgZXhhbXBs ZSwgdGhlIHNlY29uZCAob2YgdGhlIHRocmVlIGV2ZW50cykgYXJyaXZlcyAxMG1zIGFmdGVyIHRo ZSBzdGFydCBvZiB0aGUgNTBtcyBTUEZfVElNRVIuIGkuZS4gU1BGX1RJTUVSIGlzIGFscmVhZHkg cnVubmluZyBhbmQgaGVuY2Ugbm90IGNoYW5nZWQuDQogICAgDQogICAgID4gIHRoZSBTUEYgdGlt ZXIgZmlyZXMgYW5kDQogICAgID4gd2UgcmVjb21wdXRlIHRoZSBTUEYsIHRoZW4gVElNRV9UT19M RUFSTiBmaXJlcyBhbmQgd2UgZ28gdG8NCiAgICAgPiBMT05HX1dBSVQgdW50aWwgdGhlIEhPTERE T1dOX1RJTUVSIGZpcmVzLg0KICAgIA0KICAgIFtCcnVub10gQWdyZWVkIHdpdGggdGhlIGFib3Zl Lg0KICAgIA0KICAgICA+ICBPciBtYXliZSB0aGUgU1BGDQogICAgID4gY2FsY3VsYXRpb24gdGFr ZXMgbW9yZSB0aGFuIDIwMG1zLCBzbyB3aGVuIHRoZSBzZWNvbmQgSUdQIGV2ZW50DQogICAgID4g ZmlyZXMsIHdlIGFib3J0IHRoZSBjdXJyZW50bHkgaW4tcHJvZ3Jlc3MgY2FsY3VsYXRpb24gYW5k IGRvbid0DQogICAgID4gc3RhcnQgYW5vdGhlciBvbmUgdW50aWwgNTBtcyBhZnRlciB0aGUgbGFz dCBldmVudD8gDQogICAgDQogICAgW0JydW5vXSBUaGUgRlNNIGRvZXMgbm90IHRha2UgaW50byBh Y2NvdW50IHRoZSBTUEYgY29tcHV0YXRpb24gdGltZS4gSGVuY2UgdGhlIGJlaGF2aW9yIGlzIG5v dCBjaGFuZ2VkIGJ5IHRoZSBTUEYgY29tcHV0YXRpb24gdGltZS4NCiAgICBUaGUgZHJhZnQgZG9l cyBub3QgdGFsayBhYm91dCBhYm9ydGluZyB0aGUgU1BGIGNvbXB1dGF0aW9uLiBJIGd1ZXNzIHRo YXQgb25lIGltcGxlbWVudGF0aW9uIG1heSBjaG9vc2UgdG8gYWJvcnQgdGhlIFNQRiBjb21wdXRh dGlvbiwgYnV0IGl0IG11c3Qgbm90IGNoYW5nZSB0aGUgRlNNIHN0YXRlL3RpbWVycyBkdWUgdG8g dGhpcyBhYm9ydGlvbi4gKG90aGVyd2lzZSwgdGhpcyBpbXBsZW1lbnRhdGlvbiB3b3VsZCBiZSBv dXQgb2Ygc3luYyB3aXRoIG90aGVyIG5vZGVzL2ltcGxlbWVudGF0aW9ucykNCiAgICANCiAgICAg PiAgSSBicmluZyB0aGlzIHVwDQogICAgID4gYmVjYXVzZSBvZiB0aGUgdGV4dCBpbiB0aGUgc2Vj b25kIHBhcmFncmFwaCBvZiBTZWN0aW9uIDQgdGhhdCB0YWxrcw0KICAgICA+IG9mIGNvbXB1dGlu ZyB0aGUgcG9zdC1mYWlsdXJlIHJvdXRpbmcgdGFibGUgaW4gImEgc2luZ2xlIHJvdXRlDQogICAg ID4gY29tcHV0YXRpb24iLg0KICAgIA0KICAgIFtCcnVub10gVGhlIHBvaW50IGlzIHRoZSBudW1i ZXIgb2YgU1BGIGNvbXB1dGF0aW9uIG1heSBiZSBsb3dlciB0aGFuIHRoZSBudW1iZXIgb2YgSUdQ IGV2ZW50cy4NCiAgICBJbiB0aGUgRlNNLCB0aGlzIGlzIGFjaGlldmVkIHdpdGggdGhlIGZvbGxv d2luZyBhY3Rpb24gIiBvICBJZiBTUEZfVElNRVIgaXMgbm90IGFscmVhZHkgcnVubmluZywgc3Rh cnQgaXQgd2l0aCB2YWx1ZSBMT05HX1NQRl9ERUxBWS4iLiBXaGljaCwgSU9XIChuZWdhdGlvbiBm b3JtKSwgc2F5cyB0aGF0IGlmIHRoZSBTUEZfVElNRVIgaXMgYWxyZWFkeSBydW5uaW5nLCB3ZSBk byBub3RoaW5nIChuZXcpIGFuZCBoZW5jZSB0aGUgbmV3IElHUCBldmVudCBkbyBub3QgdHJpZ2dl ciBhbiBhZGRpdGlvbmFsIFNQRiBjb21wdXRhdGlvbi4NCiAgICANCiAgICAgPiAgIEJ1dCBpZiBJ IHVuZGVyc3RhbmQgY29ycmVjdGx5LCB0aGUgKnNpbmdsZSoNCiAgICAgPiBjb21wdXRhdGlvbiBv bmx5IGhhcHBlbnMgaW4gdGhlIHNlY29uZCBjYXNlIGhlcmUsIHdoZW4gdGhlDQogICAgID4gY2Fs Y3VsYXRpb24gdGFrZXMgc29tZSBodW5kcmVkcyBvZiBtaWxsaXNlY29uZHM7IG90aGVyd2lzZSB3 ZSBzdGlsbA0KICAgICA+IGhhdmUgKnR3byogY29tcHV0YXRpb25zIChvbmUgdHJpZ2dlcmVkIHdo aWxlIHdlJ3JlIGluIFFVSUVUIGFuZCB0aGUNCiAgICAgPiBzZWNvbmQgdHJpZ2dlcmVkIGluIFNI T1JUX0RFTEFZKS4gIFNvIEknbSBub3Qgc3VyZSBJIGZ1bGx5DQogICAgID4gdW5kZXJzdGFuZCB0 aGUgZXhwZWN0ZWQgc2NlbmFyaW8uDQogICAgIA0KICAgIFtCcnVub10gVGhlIGV4cGVjdGVkIHNj ZW5hcmlvIGlzIHRoYXQgbXVsdGlwbGUgSUdQIGV2ZW50cyBtYXkgYmUgaGFuZGxlZCBieSBhIHNp bmdsZSBTUEYgY29tcHV0YXRpb24uDQogICAgVGhlIHR5cGljYWwgcmVhbCBsaWZlIHNpdHVhdGlv biBpcyBhIG5vZGUgZmFpbHVyZS4gVGhpcyBpcyBhIHNpbmdsZSBmYWlsdXJlIGJ1dCBhIGxpbmsg c3RhdGUgSUdQIHdpbGwgdHJpZ2dlciBhbmQgZmxvb2QgTiBJR1BfZXZlbnRzIChvbmUgcGVyIElH UCBuZWlnaGJvcnMgb2YgdGhlIGZhaWxlZCBub2RlKS4gVGhpcyBpcyBiZWNhdXNlIChpbiBzaG9y dCkgYW4gSUdQIGxpbmsgc3RhdGUgY2Fubm90IGFkdmVydGlzZSB0aGUgZmFpbHVyZSBvZiBhIG5v ZGUsIGJ1dCBvbmx5IHRoZSBmYWlsdXJlIG9mIGEgbGluay4gDQogICAgSWRlYWxseSwgd2Ugc2hv dWxkIHdhaXQgZm9yIHRoZXNlIE4gSUdQX2V2ZW50cyBiZWZvcmUgY29tcHV0aW5nIHRoZSBTUEYg Y29tcHV0YXRpb25zIGJlY2F1c2U6DQogICAgLSBpdCdzIG9ubHkgYnkgdGFraW5nIGludG8gYWNj b3VudCB0aGUgTiBJR1BfZXZlbnRzIHRoYXQgd2UgY29ycmVjdGx5IHJlZmxlY3QgdGhlIHJlYWwg bmV0d29yayB0b3BvbG9neSAoaS5lLiB0aGUgbm9kZSBmYWlsdXJlKS4NCiAgICAtIGNvbXB1dGlu ZyBhbiBTUEYgYmVmb3JlIHJlY2VpdmluZyBhbGwgTiBldmVudHMsIHdpbGwgcmVxdWlyZSBjb21w dXRpbmcgYW5vdGhlciBTUEYgc2hvcnRseSBhZnRlci4gaS5lLiB0aGUgZmlyc3QgY29tcHV0YXRp b24gaXMgd2FzdGVkIHJlc3NvdXJjZXMuDQogICAgDQogICAgVGhlIGlzc3VlIGlzIHRoYXQgd2Ug ZG9uJ3Qga25vdyBob3cgbWFueSBJR1AgZXZlbnRzIHdlIHNob3VsZCB3YWl0IGZvci4gSGVuY2Ug dGhlIEZTTSBkZWZpbmVzIGFuZCB1c2VzIGR1cmF0aW9uICJUSU1FX1RPX0xFQVJOX0lOVEVSVkFM Ii4gVGhpcyBkdXJhdGlvbiAic2hvdWxkIiBiZSBhYmxlIHRvIGJlIGV2YWx1YXRlZCBhIHByaW9y aSBieSB0aGUgbmV0d29yayBvcGVyYXRvciAoYXMgaXQgaXMgdGhlIG1heCBvZiB0aGUgZGV0ZWN0 aW9uIHRpbWUsIG9yaWdpbmF0aW9uIHRpbWUsIGFuZCBmbG9vZGluZyB0aW1lKS4NCiAgICANCiAg ICAgPiBJIGFsc28gYW0gcHJvYmFibHkgaGF2aW5nIHNvbWUgcHJvYmxlbXMgd2l0aCB0ZXJtaW5v bG9neSwgcHJlc3VtYWJseQ0KICAgICA+IGp1c3QgbXkgbWlzdW5kZXJzdGFuZGluZywgd2hpY2gg aG9wZWZ1bGx5IGNhbiBiZSBzZXQgc3RyYWlnaHQNCiAgICAgPiBlYXNpbHkuDQogICAgIA0KICAg IFtCcnVub10gUGxlYXNlIGNvbW1lbnQvYXNrIHF1ZXN0aW9ucyBpZiB0aGUgYWJvdmUgaXMgbm90 IGNsZWFyIG9yIGRvZXMgbm90IGFkZHJlc3MgeW91ciBwb2ludC4NCiAgICAgDQogICAgID4gSW4g dGhlIEludHJvZHVjdGlvbiwgd2UgaGF2ZSBhICJkZXNpcmUgdG8gY29tcHV0ZSBhIG5ldyBTaG9y dGVzdA0KICAgICA+IFBhdGggRmlyc3QgKFNQRikgYXMgc29vbiBhcyBhIGZhaWx1cmUgaXMgZGV0 ZWN0ZWQiLCB3aGljaCBpcyB1c2luZw0KICAgICA+IFNQRiBhcyBpdCBpcyBhIGRhdGEgc3RydWN0 dXJlIChlLmcuLCB0aGUgcmVzdWx0IG9mIGFuIGFsZ29yaXRobSksDQogICAgID4gd2hlcmVhcyBt eSBpbnR1aXRpb24gaGFzIFNQRiByZWZlcnJpbmcgdG8gdGhlIGFsZ29yaXRobSBbY2xhc3NdIGJ1 dA0KICAgICA+IG5vdCBpdHMgb3V0cHV0Lg0KICAgICANCiAgICBbQnJ1bm9dIFlvdSBhcmUgcmln aHQgdGhhdCBTUEYgaXMgdGhlIGFsZ28gKGFuZCBTUFQgdGhlIHJlc3VsdCkuDQogICAgVW5mb3J0 dW5hdGVseSwgdGhpcyBnZXRzIHRvbyBzdWJ0bGUgZm9yIG15IGxldmVsIG9mIEVuZ2xpc2guICAi QWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8iDQoNCltBY2VlXSBCZW4gaXMgdGVjaG5pY2FsbHkg Y29ycmVjdC4gSG93ZXZlciwgaW5mb3JtYWxseSwgd2Ugb2Z0ZW4gcmVmZXIgdG8gYW4gIlNQRiIg Z2VuZXJpY2FsbHkgdG8gcmVmZXIgYm90aCB0byB0aGUgYWxnb3JpdGhtIGFuZCBhbiBpbnN0YW5j ZSBvZiB0aGUgYWxnb3JpdGhtIGNvbXB1dGF0aW9uLiBXZSBjb3VsZCBjaGFuZ2UgaXQgdG86IA0K DQoNCiAgT0xEOiBJbiBnZW5lcmFsLCB3aGVuIHRoZSBuZXR3b3JrIGlzIHN0YWJsZSwgdGhlcmUg aXMgYSBkZXNpcmUgdG8gY29tcHV0ZQ0KICAgICAgICAgICBhIG5ldyBTaG9ydGVzdCBQYXRoIEZp cnN0IChTUEYpIGFzIHNvb24gYXMgYSBmYWlsdXJlIGlzIGRldGVjdGVkIGluDQogIE5ldzogSW4g Z2VuZXJhbCwgd2hlbiB0aGUgbmV0d29yayBpcyBzdGFibGUsIHRoZXJlIGlzIGEgZGVzaXJlIHRv IHRyaWdnZXIgDQogICAgICAgICAgICBhIG5ldyBTaG9ydGVzdCBQYXRoIEZpcnN0IChTUEYpIGNv bXB1dGF0aW9uIGFzIHNvb24gYXMgYSBmYWlsdXJlIGlzIGRldGVjdGVkIGluDQoNCiAgICAgDQog ICAgID4gSW4gc2VjdGlvbiAzLCB3ZSB0YWxrIG9mICJjb21wdXRhdGlvbiBvZiB0aGUgcm91dGlu ZyB0YWJsZSwgYnkgdGhlDQogICAgID4gSUdQIiwgd2hpY2ggZ2V0cyBtZSBjb25mdXNlZCBhYm91 dCB3aGV0aGVyICJ0aGUgSUdQIiByZXByZXNlbnRzIGENCiAgICAgPiBuZXR3b3JrIHByb3RvY29s IGZvciBjb252ZXlpbmcgKGUuZy4pIGxpbmsgc3RhdGUgaW5mb3JtYXRpb24sIGFuDQogICAgID4g YWxnb3JpdGhtIGZvciBTUEYgY29tcHV0YXRpb24sIG9yIGEgcm91dGVyIHRoYXQgcGVyZm9ybXMg U1BGDQogICAgID4gY29tcHV0YXRpb25zLg0KICAgICANCiAgICBbQnJ1bm9dIElHUCBpcyB1c3Vh bGx5IGEgcHJvdG9jb2wuIEluIHRoaXMgc2VudGVuY2UsIGl0IGlzIG1lYW50IGFzIHRoZSBJR1Ag cHJvY2VzcyBvZiB0aGUgcm91dGVyLg0KICAgIEFnYWluLCBJJ20gb3BlbiB0byByZWZvcm11bGF0 aW9uLiAiQWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8iDQoNCltBY2VlXSBJIGRvbid0IHRoaW5r IHdlIG5lZWQgdG8gY2hhbmdlIHRoaXMuIElHUCBpcyBhIHdlbGwta25vd24gYWNyb255bS4gDQog ICAgICAgICAgICAgaHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvbWF0ZXJpYWxzL2FiYnJldi5l eHBhbnNpb24udHh0DQoNCiAgICAgDQogICAgID4gSW4gc2VjdGlvbiA2IHdlIHRhbGsgb2YgInRo ZSBudW1iZXIgb2YgcHJvdG9jb2xzDQogICAgID4gcmVhY3Rpb25zL2NvbXB1dGF0aW9ucyB0cmln Z2VyZWQgYnkgSUdQIFNQRiIuICBJcyB0aGlzIGp1c3QgaW4gdGhlIHNlbnNlDQogICAgID4gb2Yg ImVhY2ggU1BGIGNhbGN1bGF0aW9uIHRyaWdnZXJzIGEgYnVuY2ggb2Ygb3RoZXIgc3R1ZmYiPyAN CiAgICANCiAgICBbQnJ1bm9dIFllcywgZXhhY3RseS4gQWdhaW4gYnkgInByb3RvY29sIHJlYWN0 aW9uIiBpdCdzIG1lYW50IHJvdXRlcidzIHByb2Nlc3NlcyBpbXBsZW1lbnRpbmcgdGhvc2UgcHJv dG9jb2xzLg0KICAgIEZZSSwgdHlwaWNhbCBwcm90b2NvbCBJIGNvdWxkIHRoaW5rIG9mIGFyZSBC R1AgYW5kIFBDRSwgYnV0IHBvc3NpYmx5IG90aGVyIElHUCAobGlrZSkgaW4gY2FzZSBvZiByb3V0 ZSByZWRpc3RyaWJ1dGlvbi4NCiAgICANCiAgICAgPiBJIHRoaW5rDQogICAgID4gdGhpcyBpcyBh bm90aGVyIGNhc2UgYWJvdXQgbWUgYmVpbmcgY29uZnVzZWQgd2hldGhlciAiU1BGIiBtZWFucyBh bg0KICAgICA+IGFsZ29yaXRobSwgYSBzcGVjaWZpYyBjb21wdXRhdGlvbiB1c2luZyB0aGF0IGFs Z29yaXRobSwgZXRjLg0KICAgICANCiAgICBbQnJ1bm9dIEkgYWdyZWUgdGhhdCB0aGlzIGlzIHRo ZSBzYW1lIGNhc2UuICJBY2VlLCBhbnkgb3BpbmlvbiBvbiB0aGlzPyINCg0KW0FjZWVdIFdlIGNv dWxkIGNoYW5nZSAiSUdQIFNQRiIgdG8gIklHUCBTUEYgY29tcHV0YXRpb24iLiANCg0KDQogICAg PiANCiAgICAgPiANCiAgICAgPiBTb21lIG90aGVyIGVkaXRvcmlhbCBub3RlczoNCiAgICAgPiAN CiAgICAgPiBJdCdzIHByb2JhYmx5IGJldHRlciB0byBjaXRlIFJGQyA4MTc0IGluc3RlYWQgb2Yv aW4gYWRkaXRpb24gdG8gUkZDDQogICAgID4gMjExOSwgZXNwZWNpYWxseSBzaW5jZSB0aGVyZSBp cyBhdCBsZWFzdCBhIGxvd2VyY2FzZSAibWF5IiBwcmVzZW50Lg0KICAgICANCiAgICBbQnJ1bm9d IG9rLCBkb25lLg0KICAgICANCiAgICAgPiBJdCdzIHVuY2xlYXIgdGhhdCAidGVtcG9yYWxseSBj bG9zZSIgaW4gIm11bHRpcGxlIHRlbXBvcmFsbHkgY2xvc2UNCiAgICAgPiBmYWlsdXJlcyBvdmVy IGEgc2hvcnQgdGltZSIgcmVhbGx5IGFkZHMgYW55IHZhbHVlLCBpbiB0aGUNCiAgICAgPiBJbnRy b2R1Y3Rpb24uDQogICAgIA0KICAgIFtCcnVub10gb2ssIGRvbmU6DQogICAgDQogICAgT0xEOiBI b3dldmVyLCB3aGVuIHRoZSBuZXR3b3JrIGlzIGV4cGVyaWVuY2luZyBtdWx0aXBsZSB0ZW1wb3Jh bGx5IGNsb3NlIGZhaWx1cmVzIG92ZXIgYSBzaG9ydCBwZXJpb2Qgb2YgdGltZSwgdGhlcmUgaXMg YSBjb25mbGljdGluZyBkZXNpcmUgdG8gbGltaXQgdGhlIGZyZXF1ZW5jeSBvZiBTUEYgY29tcHV0 YXRpb25zLg0KICAgIA0KICAgIE5FVzogSG93ZXZlciwgd2hlbiB0aGUgbmV0d29yayBpcyBleHBl cmllbmNpbmcgbXVsdGlwbGUgZmFpbHVyZXMgb3ZlciBhIHNob3J0IHBlcmlvZCBvZiB0aW1lLCB0 aGVyZSBpcyBhIGNvbmZsaWN0aW5nIGRlc2lyZSB0byBsaW1pdCB0aGUgZnJlcXVlbmN5IG9mIFNQ RiBjb21wdXRhdGlvbnMuDQogICAgDQogICAgIA0KICAgICA+IEluIHNlY3Rpb24gMiwgbGFzdCBi dWxsZXQgcG9pbnQgb24gcGFnZSAzLCAiU1BGX0RFTEFZIHRpbWVycyB2YWx1ZXMiDQogICAgID4g cHJvYmFibHkgZG9lc24ndCBuZWVkIHRoZSBwbHVyYWwgInRpbWVycyIgKHNvLCBlaXRoZXIgInRp bWVyIiBvcg0KICAgICA+IHRoZSBwb3NzZXNzaXZlICJ0aW1lcnMnIiksIHRob3VnaCBJIGFtIG1p bmRmdWwgb2YgdGhlIHJlY2VudA0KICAgICA+IGRpc2N1c3Npb24gb24gaWV0ZkAgYWJvdXQgKG5v bi0pQW1lcmljYW4gRW5nbGlzaC4gIFRoZSBzZWNvbmQNCiAgICAgPiBzZW50ZW5jZSBvZiB0aGUg YnVsbGV0IGlzIGFsc28gYSBzZW50ZW5jZSBmcmFnbWVudCBhbmQgbm90IGENCiAgICAgPiBjb21w bGV0ZSBzZW50ZW5jZS4NCiAgICANCiAgICBbQnJ1bm9dIG9rOg0KICAgIC0gSSB0cnVzdCB5b3Ug b24geW91ciBmaXJzdCBwb2ludCBhbmQgcGlja2VkIHRoZSBwb3NzZXNzaXZlIG9wdGlvbg0KICAg IC0gSSBhZ3JlZSB3aXRoIHlvdSBvbiB0aGUgc2Vjb25kIHBvaW50DQogICAgDQogICAgQ3VycmVu dGx5IGNoYW5nZWQgdG86DQogICAgT0xEOg0KICAgIEFsd2F5cyB0cnkgdG8gYXZvaWQgZGlmZmVy ZW50IFNQRl9ERUxBWSB0aW1lcnMgdmFsdWVzIGFjcm9zcyBkaWZmZXJlbnQgcm91dGVycyBpbiB0 aGUgYXJlYS9sZXZlbC4gRXZlbiB0aG91Z2ggbm90IGFsbCByb3V0ZXJzIHdpbGwgcmVjZWl2ZSBJ R1AgbWVzc2FnZXMgYXQgdGhlIHNhbWUgdGltZSwgZHVlIHRvIGRpZmZlcmVuY2VzIGJvdGggaW4g dGhlIGRpc3RhbmNlIGZyb20gdGhlIG9yaWdpbmF0b3Igb2YgdGhlIElHUCBldmVudCBhbmQgaW4g Zmxvb2RpbmcgaW1wbGVtZW50YXRpb25zLg0KICAgIA0KICAgIE5FVzoNCiAgICBBbHdheXMgdHJ5 IHRvIGF2b2lkIGRpZmZlcmVudCBTUEZfREVMQVkgdGltZXJzJyB2YWx1ZXMgYWNyb3NzIGRpZmZl cmVudCByb3V0ZXJzIGluIHRoZSBhcmVhL2xldmVsLiBUaGlzIHJlcXVpcmVzIHNwZWNpZmljIGNv bnNpZGVyYXRpb24gYXMgZGlmZmVyZW50IHJvdXRlcnMgbWF5IHJlY2VpdmUgSUdQIG1lc3NhZ2Vz IGF0IGRpZmZlcmVudCBpbnRlcnZhbCBvciBldmVuIG9yZGVyLCBkdWUgdG8gZGlmZmVyZW5jZXMg Ym90aCBpbiB0aGUgZGlzdGFuY2UgZnJvbSB0aGUgb3JpZ2luYXRvciBvZiB0aGUgSUdQIGV2ZW50 IGFuZCBpbiBmbG9vZGluZyBpbXBsZW1lbnRhdGlvbnMuDQoNCg0KICAgIFRoYXQgYmVpbmcgc2Fp ZCwgSSdtIG5vdCBhIG5hdGl2ZSBFbmdsaXNoIHNwZWFrZXIgYW5kIEFjZWUgaXMga2luZCBlbm91 Z2ggdG8gc3BlbmQgdGltZSBjb3JyZWN0aW5nIG15IGVycm9ycy4gVGhlcmVmb3JlLCBBY2VlIGFu ZCBvYnZpb3VzbHkgdGhlIFJGQyBlZGl0b3IgbWF5IGZ1cnRoZXIgZWRpdCB0aGlzIHRleHQuDQoN CltBY2VlXSBJIHRoaW5rICJTUEZfREVMQVkgdGltZXIgdmFsdWVzIiByZWFkcyBiZXR0ZXIgYXMg YSBzaW5nbGUgcGx1cmFsIGNvbXBvdW5kIG5vdW4uIERvIHlvdSBkaXNhZ3JlZT8gU2VlIGNsYXJp ZmljYXRpb24gYmVsb3c6DQogICAgDQogQWx3YXlzIHRyeSB0byBhdm9pZCBkaWZmZXJlbnQgU1BG X0RFTEFZIHRpbWVyIHZhbHVlcyBhY3Jvc3MgZGlmZmVyZW50IHJvdXRlcnMgaW4gdGhlIGFyZWEv bGV2ZWwuIFRoaXMgcmVxdWlyZXMgc3BlY2lmaWMgY29uc2lkZXJhdGlvbiBhcyBkaWZmZXJlbnQg cm91dGVycyBtYXkgcmVjZWl2ZSBJR1AgbWVzc2FnZXMgYXQgYSBkaWZmZXJlbnQgaW50ZXJ2YWwg b3IgZXZlbiBpbiBhIGRpZmZlcmVudCBvcmRlciwgZHVlIHRvIGRpZmZlcmVuY2VzIGJvdGggaW4g dGhlIGRpc3RhbmNlIGZyb20gdGhlIG9yaWdpbmF0b3Igb2YgdGhlIElHUCBldmVudCBhbmQgaW4g Zmxvb2RpbmcgaW1wbGVtZW50YXRpb25zLiANCg0KICAgIA0KICAgIA0KICAgICANCiAgICAgPiBT UkxHIGlzIHVzZWQgd2l0aG91dCBleHBhbnNpb24gaW4gbXVsdGlwbGUgcGxhY2VzLCBidXQgZG9l cyBub3QNCiAgICAgPiBhcHBlYXIgb24gaHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvbWF0ZXJp YWxzL2FiYnJldi5leHBhbnNpb24udHh0DQogICAgID4gYXMgYSAid2VsbC1rbm93biIgYWJicmV2 aWF0aW9uLg0KICAgIA0KICAgIFtCcnVub10gb2ssIGV4cGFuZGVkIG9uIGZpcnN0IHVzZS4NCiAg ICAgDQogICAgIA0KICAgICA+IEluIHNlY3Rpb24gNiwgd2UgZmluZCB0aGUgYXdrd2FyZCBjb25z dHJ1Y3Rpb24gInBsYXkgaXQgc2FmZSBhbmQNCiAgICAgPiBzdGFydCB3aXRoIHNhZmUsIGkuZS4s IGxvbmdlciB0aW1lcnMiLiAgUHJvYmFibHkgd2Ugd2FudCB0byBzYXkNCiAgICAgPiAic2FmZSB2 YWx1ZXMiIGFzIHRoZSBub3VuLCBhbmQgbWF5YmUgY29uc2lkZXIgcmV3b3JkaW5nIHRvIGF2b2lk IHRoZQ0KICAgICA+IGR1cGxpY2F0ZSAic2FmZSIgYW5kL29yIHRoZSBjb2xsb3F1aWFsaXNtICJw bGF5IGl0IHNhZmUiLg0KICAgICANCiAgICBbQnJ1bm9dIG9rDQogICAgDQogICAgT0xEOiBJbiBj YXNlIG9mIGRvdWJ0LCBpdCdzIFJFQ09NTUVOREVEIHRvIHBsYXkgaXQgc2FmZSBhbmQgc3RhcnQg d2l0aCBzYWZlLCBpLmUuLCBsb25nZXIgdGltZXJzLg0KICAgIE5FVzogSW4gY2FzZSBvZiBkb3Vi dCwgaXQncyBSRUNPTU1FTkRFRCB0byBzdGFydCB3aXRoIHNhZmVyIChpLmUuIGxvbmdlcikgdGlt ZXIgdmFsdWVzLg0KICAgIA0KICAgIEFnYWluLCB0ZXh0IG1heSBiZSBzdWJqZWN0IHRvIGZ1cnRo ZXIgcmV2aXNpb24uDQogICAgIA0KW0FjZWVdOiBJbiBjYXNlIG9mIGRvdWJ0LCBpdCdzIFJFQ09N TUVOREVEIHRvIHN0YXJ0IHdpdGggc2FmZXIgKGkuZS4sIGxvbmdlcikgdGltZXIgdmFsdWVzLiAg ICAgIA0KDQogICAgID4gU2VjdGlvbiA4IHNheXM6DQogICAgID4gDQogICAgID4gICAgWy4uLl0u IEZJQnMNCiAgICAgPiAgICBhcmUgaW5zdGFsbGVkIGFmdGVyIG11bHRpcGxlIHN0ZXBzIHN1Y2gg YXMgZmxvb2Rpbmcgb2YgdGhlIElHUCBldmVudA0KICAgICA+ICAgIGFjcm9zcyB0aGUgbmV0d29y aywgU1BGIHdhaXQgdGltZSwgU1BGIGNvbXB1dGF0aW9uLCBGSUIgZGlzdHJpYnV0aW9uDQogICAg ID4gICAgYWNyb3NzIGxpbmUgY2FyZHMsIGFuZCBGSUIgdXBkYXRlLiAgVGhpcyBkb2N1bWVudCBv bmx5IGFkZHJlc3NlcyB0aGUNCiAgICAgPiAgICBmaXJzdCBjb250cmlidXRpb24uDQogICAgID4g DQogICAgID4gd2hpY2ggbWFrZXMgbWUgdHJ5IHRvIG1hdGNoIHVwICJ0aGUgZmlyc3QgY29udHJp YnV0aW9uIiB3aXRoIHRoZQ0KICAgICA+IGZsb29kaW5nLCB3aGVuIEkgYXNzdW1lIGl0J3MgbWVh bnQgdG8gbWF0Y2ggdXAgd2l0aCB0aGUgU1BGIHdhaXQNCiAgICAgPiB0aW1lLg0KICAgICANCiAg ICBbQnJ1bm9dIFlvdSBhcmUgYWJzb2x1dGUgcmlnaHQuIFRoYW5rcyBmb3IgdGhlIGNhdGNoLg0K ICAgIA0KICAgIE9MRDogIEZJQnMgYXJlIGluc3RhbGxlZCBhZnRlciBtdWx0aXBsZSBzdGVwcyBz dWNoIGFzIGZsb29kaW5nIG9mIHRoZSBJR1AgZXZlbnQgYWNyb3NzIHRoZSBuZXR3b3JrLCBTUEYg d2FpdCB0aW1lLCBTUEYgY29tcHV0YXRpb24sIEZJQiBkaXN0cmlidXRpb24gYWNyb3NzIGxpbmUg Y2FyZHMsIGFuZCBGSUIgdXBkYXRlLiBUaGlzIGRvY3VtZW50IG9ubHkgYWRkcmVzc2VzIHRoZSBm aXJzdCBjb250cmlidXRpb24uDQogICAgTkVXOiBGSUJzIGFyZSBpbnN0YWxsZWQgYWZ0ZXIgbXVs dGlwbGUgc3RlcHMgc3VjaCBhcyBmbG9vZGluZyBvZiB0aGUgSUdQIGV2ZW50IGFjcm9zcyB0aGUg bmV0d29yaywgU1BGIHdhaXQgdGltZSwgU1BGIGNvbXB1dGF0aW9uLCBGSUIgZGlzdHJpYnV0aW9u IGFjcm9zcyBsaW5lIGNhcmRzLCBhbmQgRklCIHVwZGF0ZS4gVGhpcyBkb2N1bWVudCBvbmx5IGFk ZHJlc3NlcyB0aGUgY29udHJpYnV0aW9uIGZyb20gdGhlIFNQRiB3YWl0IHRpbWUuDQogICAgDQog ICAgVGhhbmtzIGFnYWluIGZvciB5b3VyIGNhcmVmdWwgcmV2aWV3Lg0KDQpZZXMgLSBUaGFuayB5 b3UsIA0KQWNlZSANCg0KICAgIA0KICAgIC0tQnJ1bm8gDQogICAgDQogICAgID4gLUJlbmphbWlu DQogICAgDQogICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KICAgIA0KICAgIENlIG1lc3NhZ2UgZXQgc2VzIHBpZWNlcyBq b2ludGVzIHBldXZlbnQgY29udGVuaXIgZGVzIGluZm9ybWF0aW9ucyBjb25maWRlbnRpZWxsZXMg b3UgcHJpdmlsZWdpZWVzIGV0IG5lIGRvaXZlbnQgZG9uYw0KICAgIHBhcyBldHJlIGRpZmZ1c2Vz LCBleHBsb2l0ZXMgb3UgY29waWVzIHNhbnMgYXV0b3Jpc2F0aW9uLiBTaSB2b3VzIGF2ZXogcmVj dSBjZSBtZXNzYWdlIHBhciBlcnJldXIsIHZldWlsbGV6IGxlIHNpZ25hbGVyDQogICAgYSBsJ2V4 cGVkaXRldXIgZXQgbGUgZGV0cnVpcmUgYWluc2kgcXVlIGxlcyBwaWVjZXMgam9pbnRlcy4gTGVz IG1lc3NhZ2VzIGVsZWN0cm9uaXF1ZXMgZXRhbnQgc3VzY2VwdGlibGVzIGQnYWx0ZXJhdGlvbiwN CiAgICBPcmFuZ2UgZGVjbGluZSB0b3V0ZSByZXNwb25zYWJpbGl0ZSBzaSBjZSBtZXNzYWdlIGEg ZXRlIGFsdGVyZSwgZGVmb3JtZSBvdSBmYWxzaWZpZS4gTWVyY2kuDQogICAgDQogICAgVGhpcyBt ZXNzYWdlIGFuZCBpdHMgYXR0YWNobWVudHMgbWF5IGNvbnRhaW4gY29uZmlkZW50aWFsIG9yIHBy aXZpbGVnZWQgaW5mb3JtYXRpb24gdGhhdCBtYXkgYmUgcHJvdGVjdGVkIGJ5IGxhdzsNCiAgICB0 aGV5IHNob3VsZCBub3QgYmUgZGlzdHJpYnV0ZWQsIHVzZWQgb3IgY29waWVkIHdpdGhvdXQgYXV0 aG9yaXNhdGlvbi4NCiAgICBJZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIGVtYWlsIGluIGVycm9y LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgYW5kIGRlbGV0ZSB0aGlzIG1lc3NhZ2UgYW5kIGl0 cyBhdHRhY2htZW50cy4NCiAgICBBcyBlbWFpbHMgbWF5IGJlIGFsdGVyZWQsIE9yYW5nZSBpcyBu b3QgbGlhYmxlIGZvciBtZXNzYWdlcyB0aGF0IGhhdmUgYmVlbiBtb2RpZmllZCwgY2hhbmdlZCBv ciBmYWxzaWZpZWQuDQogICAgVGhhbmsgeW91Lg0KICAgIA0KICAgIA0KDQo= From nobody Thu Feb 15 16:04:27 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B1BC127077; Thu, 15 Feb 2018 16:04:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.23 X-Spam-Level: X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6T-mKs7xaK6t; Thu, 15 Feb 2018 16:04:19 -0800 (PST) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0403124235; Thu, 15 Feb 2018 16:04:18 -0800 (PST) X-AuditID: 1209190e-0fdff7000000724f-44-5a862001b6e9 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 0C.F6.29263.100268A5; Thu, 15 Feb 2018 19:04:17 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w1G04FMH000894; Thu, 15 Feb 2018 19:04:16 -0500 Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1G04BHL007148 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 15 Feb 2018 19:04:13 -0500 Date: Thu, 15 Feb 2018 18:04:11 -0600 From: Benjamin Kaduk To: "Acee Lindem (acee)" Cc: "bruno.decraene@orange.com" , "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" Message-ID: <20180216000410.GP12363@mit.edu> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFKsWRmVeSWpSXmKPExsUixCmqrcuo0BZl8GyHtMXkt/OYLX7smMNs cX37DTaLGX8mMlt8WPiQxYHVY8rvjaweS5b8ZPJoeXaSLYA5issmJTUnsyy1SN8ugSvjwZEf jAW/pzFWPF06i6WB8UZ+FyMHh4SAicTyxtguRi4OIYHFTBL3F05hhXA2Mkpcb5jCBuGcZZI4 f2oZSxcjJweLgKrEyYV72UBsNgEViYbuy8wgk0QENCW2vGcBqWcWeMco8WP7FGaQGmEBO4m9 N24wgti8AjoSM5e8gxp6m1GiY9Y+doiEoMTJmU/AFjALqEv8mXcJbCizgLTE8n8cEGF5ieat s8FmcgrYSkzeuQisVVRAWWJv3yH2CYyCs5BMmoVk0iyESbOQTFrAyLKKUTYlt0o3NzEzpzg1 Wbc4OTEvL7VI11gvN7NELzWldBMjOAIk+XYwTmrwPsQowMGoxMO7obc1Sog1say4MvcQoyQH k5Iob9Z5oBBfUn5KZUZicUZ8UWlOavEhRgkOZiUR3luvgXK8KYmVValF+TApaQ4WJXFedxPt KCGB9MSS1OzU1ILUIpisDAeHkgSvvnxblJBgUWp6akVaZk4JQpqJgxNkOA/QcC6QGt7igsTc 4sx0iPwpRmOODQtftDFz3Hjxuo1ZiCUvPy9VSpx3hxxQqQBIaUZpHtw0UBKTyN5f84pRHOg5 Yd4GkIE8wAQIN+8V0ComoFW8SiB/FJckIqSkGhhVrDd90LzHsdc7wmap02X1qh1dl1qk1u3b F6TeKR/7XHfpld6QPVuNp8jxfTYNOn3q74nY9c9/PVpy7t/ZozKPfj5VYzgnMMmEaWtBzraE 3ojN/oaJVQml8Vsy3xTOC9pduHzDf0/Dhye0HNV2yLrKHXHdHPyTYyXz9/kdDsu1HCRNbTR7 eeKUWIozEg21mIuKEwFKMUF3PQMAAA== Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 00:04:21 -0000 [also inline] On Thu, Feb 15, 2018 at 07:50:34PM +0000, Acee Lindem (acee) wrote: > Hi Bruno, Benjamin, > > Thanks to Benjamin for review and Bruno for the detailed response. See my responses preceded by [Acee]. > > > On 2/15/18, 11:17 AM, "bruno.decraene@orange.com" wrote: > > Hi Benjamin, > > Many thanks for your careful and useful review. > Please see inline [Bruno] the proposed resolution. > > Regarding the posting of draft -08, I'd propose to wait 24H for your possible follow up, plus possible OPSDIR & GENART review; unless Alia has other instructions. (Note that I'll be on PTO next week). > > Acee, > There are a few questions for you. Please looks for "Acee, any opinion on this?" > > > > -----Original Message----- > > From: Benjamin Kaduk [mailto:kaduk@mit.edu] > > Sent: Wednesday, February 14, 2018 10:10 PM > > To: draft-ietf-rtgwg-backoff-algo.all@ietf.org; iesg@ietf.org; secdir@ietf.org > > Subject: secdir review of draft-ietf-rtgwg-backoff-algo-07 > > > > Hi all, > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > >From a security perspective, this document is Ready. > > [Bruno] Excellent, thanks. > > > It specifies a > > standard scheme that can be used to back off SPF calculations during > > periods of frequent IGP events, avoiding excessive resource > > consumption performing calculations that would be rendered redundant > > (or just be useless) soon. The security considerations correctly > > note that an attacker that can generate IGP events would be able to > > delay the IGP convergence time, which is true both for this scheme > > and all schemes previously in use. (I might use more words to say > > the same thing if I was writing it, but that probably reflects more > > on me than the document.) > > > > > > I do have some questions about the actual proposed FSM, though -- I > > suspect that I am just making some implicit assumptions that may not > > be grounded in reality. In particular, I am basically assuming that > > INITIAL_SPF_DELAY < SHORT_SPF_DELAY < LONG_SPF_DELAY < > > HOLDDOWN_INTERVAL. (The draft itself only has it as RECOMMENDED for > > SPF_INITIAL_DELAY <= SPF_SHORT_DELAY <= SPF_LONG_DELAY in Section 6, > > yes, with the different spellings, but has a MUST for > > HOLDDOWN_INTERVAL > TIME_TO_LEARN_INTERVAL.) > > This would potentially affect the state machine for events 1, 6, and > > 7. > > [Bruno] Thanks for detecting the misspelling. Corrected. > > > In transition 1, we say to only start the SPF_TIMER if it is not already > > running, but I do not see a way for it to already be running unless > > the HOLDDOWN_TIMER value is less than one or more of the SPF_TIMER > > values. > > [Bruno] I agree. > 2 comments: > - IMO, it feels safer to check that SPF_TIMER is not already running, plus this is more consistent with other states > - As you have noted, the draft does not mandate that HOLDDOWN_TIMER > *_SPF_DELAY. Hence this check is indeed required. > > > Similarly, I don't see how transition 7 could ever happen, since an IGP > > event moves us out of the QUIET state, and I assume that the > > SPF_TIMER would fire before the HOLDDOWN_TIMER, since the latter is > > reset on every IGP event and I assume the latter has a larger value. > > [Bruno] Same answer: the draft does not mandate that HOLDDOWN_TIMER > *_SPF_DELAY. > > > Transition 6 is a little less clear, but is also similar -- if > > HOLDDOWN_TIMER is larger than LEARN_TIMER, then LEARN_TIMER must > > fire before HOLDDOWN_TIMER, and we leave SHORT_WAIT to go to > > LONG_WAIT before we could consider leaving SHORT_WAIT to go back to > > QUIET. > > [Bruno] I agree with you. i.e. transition 6 should never be used if HOLDDOWN_INTERVAL > TIME_TO_LEARN_INTERVAL which is a MUST in the draft. > At this point, I'd rather keep it as this gives more robustness to the FSM. (I'm not fully confident that any implementation/configuration interface would enforce it) Also, during previous reviews, we were rather asked to indicate more/all transitions rather than main ones. > However, I'm open to other opinions. > Acee, any opinion on this? > > [Acee] I agree we should keep it based on the draft history. > It's probably okay to leave the transition in. Mostly I just wanted to make sure that I wasn't missing something that would cause it to happen. > Transition 6: HOLDDOWN_TIMER expiration, while in SHORT_WAIT. This > transition would normally not occur since > (HOLDDOWN_INTERVAL > TIME_TO_LEARN_INTERVAL). Sounds good to me. > > > So, am I making some flawed assumptions? (Are there examples of > > situations that clearly demonstrate the flaw?) > > [Bruno] > Your assumptions are logical but not mandated by the draft, hence the FSM needs to work even without those assumptions. > One could argue that your assumptions are valid. But another one may argue that he wants freedom in choosing the timers' value; plus that the FSM should be robust to any timers' values. > Okay, so it sounds like we don't have any concrete scenarios in mind but want to leave some flexibility for implementors/configuration choices. That may well be a reasonable tradeoff. > > Also, to confirm my understanding, suppose a scenario happens where > > an IGP participant sees an event, then a gap of 100ms, then three > > IGP events at equal 10ms intervals, with the SPF delays at the > > example values of 0/50/2000 ms and TIME_TO_LEARN of 1s. The first > > event triggers a SPF computation immediately, then we go to > > SHORT_WAIT, the first of the three events kicks off a SPF_TIMER for > > 50ms, > > [Bruno] Agreed > > > which is reset by the next two events, > > [Bruno] I don't think I agree. > This case is handle by transition "2: IGP event" which triggers the following actions > > o Reset HOLDDOWN_TIMER to HOLDDOWN_INTERVAL. > o If SPF_TIMER is not already running, start it with value SHORT_SPF_DELAY. > o Remain in current state. > > > So in your example, the second (of the three events) arrives 10ms after the start of the 50ms SPF_TIMER. i.e. SPF_TIMER is already running and hence not changed. > Good point, thanks for the correction. > > the SPF timer fires and > > we recompute the SPF, then TIME_TO_LEARN fires and we go to > > LONG_WAIT until the HOLDDOWN_TIMER fires. > > [Bruno] Agreed with the above. > > > Or maybe the SPF > > calculation takes more than 200ms, so when the second IGP event > > fires, we abort the currently in-progress calculation and don't > > start another one until 50ms after the last event? > > [Bruno] The FSM does not take into account the SPF computation time. Hence the behavior is not changed by the SPF computation time. > The draft does not talk about aborting the SPF computation. I guess that one implementation may choose to abort the SPF computation, but it must not change the FSM state/timers due to this abortion. (otherwise, this implementation would be out of sync with other nodes/implementations) > Agreed. I'm also inclined to agree with the GenArt reviewer's suggestion to add some discussion of (not) aborting SPF computation to the document, but do not insist on it. > > I bring this up > > because of the text in the second paragraph of Section 4 that talks > > of computing the post-failure routing table in "a single route > > computation". > > [Bruno] The point is the number of SPF computation may be lower than the number of IGP events. > In the FSM, this is achieved with the following action " o If SPF_TIMER is not already running, start it with value LONG_SPF_DELAY.". Which, IOW (negation form), says that if the SPF_TIMER is already running, we do nothing (new) and hence the new IGP event do not trigger an additional SPF computation. > I agree that the number of SPF computations may be lower than the number of IGP events. I am not sure that "a single route computation" is correct; perhaps "a single additional route computation" is better. > > But if I understand correctly, the *single* > > computation only happens in the second case here, when the > > calculation takes some hundreds of milliseconds; otherwise we still > > have *two* computations (one triggered while we're in QUIET and the > > second triggered in SHORT_DELAY). So I'm not sure I fully > > understand the expected scenario. > > [Bruno] The expected scenario is that multiple IGP events may be handled by a single SPF computation. > The typical real life situation is a node failure. This is a single failure but a link state IGP will trigger and flood N IGP_events (one per IGP neighbors of the failed node). This is because (in short) an IGP link state cannot advertise the failure of a node, but only the failure of a link. > Ideally, we should wait for these N IGP_events before computing the SPF computations because: > - it's only by taking into account the N IGP_events that we correctly reflect the real network topology (i.e. the node failure). > - computing an SPF before receiving all N events, will require computing another SPF shortly after. i.e. the first computation is wasted ressources. > > The issue is that we don't know how many IGP events we should wait for. Hence the FSM defines and uses duration "TIME_TO_LEARN_INTERVAL". This duration "should" be able to be evaluated a priori by the network operator (as it is the max of the detection time, origination time, and flooding time). > > > I also am probably having some problems with terminology, presumably > > just my misunderstanding, which hopefully can be set straight > > easily. > > [Bruno] Please comment/ask questions if the above is not clear or does not address your point. > My main question here can be summarized with the proposal to add the word "additional", above. > > In the Introduction, we have a "desire to compute a new Shortest > > Path First (SPF) as soon as a failure is detected", which is using > > SPF as it is a data structure (e.g., the result of an algorithm), > > whereas my intuition has SPF referring to the algorithm [class] but > > not its output. > > [Bruno] You are right that SPF is the algo (and SPT the result). > Unfortunately, this gets too subtle for my level of English. "Acee, any opinion on this?" > > [Acee] Ben is technically correct. However, informally, we often refer to an "SPF" generically to refer both to the algorithm and an instance of the algorithm computation. We could change it to: > > > OLD: In general, when the network is stable, there is a desire to compute > a new Shortest Path First (SPF) as soon as a failure is detected in > New: In general, when the network is stable, there is a desire to trigger > a new Shortest Path First (SPF) computation as soon as a failure is detected in That would help me, the naive reader, thanks. (But if the other usage is accepted among experts, there's no need to change it just on my account.) > > > In section 3, we talk of "computation of the routing table, by the > > IGP", which gets me confused about whether "the IGP" represents a > > network protocol for conveying (e.g.) link state information, an > > algorithm for SPF computation, or a router that performs SPF > > computations. > > [Bruno] IGP is usually a protocol. In this sentence, it is meant as the IGP process of the router. > Again, I'm open to reformulation. "Acee, any opinion on this?" > > [Acee] I don't think we need to change this. IGP is a well-known acronym. > https://www.rfc-editor.org/materials/abbrev.expansion.txt Perhaps my question was not well phrased. I propose OLD: computation of the routing table, by the IGP NEW: computation of the routing table, by the IGP participant (or something similar), since the IGP just serves to distribute the LSDB (conceptually), and the computation of the routing table is done by each router internally (i.e., not directly using the IGP in question). Or is the previous sentence not true? > > > In section 6 we talk of "the number of protocols > > reactions/computations triggered by IGP SPF". Is this just in the sense > > of "each SPF calculation triggers a bunch of other stuff"? > > [Bruno] Yes, exactly. Again by "protocol reaction" it's meant router's processes implementing those protocols. > FYI, typical protocol I could think of are BGP and PCE, but possibly other IGP (like) in case of route redistribution. > > > I think > > this is another case about me being confused whether "SPF" means an > > algorithm, a specific computation using that algorithm, etc. > > [Bruno] I agree that this is the same case. "Acee, any opinion on this?" > > [Acee] We could change "IGP SPF" to "IGP SPF computation". Sounds good to me. > > > > > > > Some other editorial notes: > > > > It's probably better to cite RFC 8174 instead of/in addition to RFC > > 2119, especially since there is at least a lowercase "may" present. > > [Bruno] ok, done. > > > It's unclear that "temporally close" in "multiple temporally close > > failures over a short time" really adds any value, in the > > Introduction. > > [Bruno] ok, done: > > OLD: However, when the network is experiencing multiple temporally close failures over a short period of time, there is a conflicting desire to limit the frequency of SPF computations. > > NEW: However, when the network is experiencing multiple failures over a short period of time, there is a conflicting desire to limit the frequency of SPF computations. > > > > In section 2, last bullet point on page 3, "SPF_DELAY timers values" > > probably doesn't need the plural "timers" (so, either "timer" or > > the possessive "timers'"), though I am mindful of the recent > > discussion on ietf@ about (non-)American English. The second > > sentence of the bullet is also a sentence fragment and not a > > complete sentence. > > [Bruno] ok: > - I trust you on your first point and picked the possessive option > - I agree with you on the second point > > Currently changed to: > OLD: > Always try to avoid different SPF_DELAY timers values across different routers in the area/level. Even though not all routers will receive IGP messages at the same time, due to differences both in the distance from the originator of the IGP event and in flooding implementations. > > NEW: > Always try to avoid different SPF_DELAY timers' values across different routers in the area/level. This requires specific consideration as different routers may receive IGP messages at different interval or even order, due to differences both in the distance from the originator of the IGP event and in flooding implementations. > > > That being said, I'm not a native English speaker and Acee is kind enough to spend time correcting my errors. Therefore, Acee and obviously the RFC editor may further edit this text. > > [Acee] I think "SPF_DELAY timer values" reads better as a single plural compound noun. Do you disagree? See clarification below: > > Always try to avoid different SPF_DELAY timer values across different routers in the area/level. This requires specific consideration as different routers may receive IGP messages at a different interval or even in a different order, due to differences both in the distance from the originator of the IGP event and in flooding implementations. This would be my preference, but I did not want to bias the authors with my initial message. > > > > > SRLG is used without expansion in multiple places, but does not > > appear on https://www.rfc-editor.org/materials/abbrev.expansion.txt > > as a "well-known" abbreviation. > > [Bruno] ok, expanded on first use. > > > > In section 6, we find the awkward construction "play it safe and > > start with safe, i.e., longer timers". Probably we want to say > > "safe values" as the noun, and maybe consider rewording to avoid the > > duplicate "safe" and/or the colloquialism "play it safe". > > [Bruno] ok > > OLD: In case of doubt, it's RECOMMENDED to play it safe and start with safe, i.e., longer timers. > NEW: In case of doubt, it's RECOMMENDED to start with safer (i.e. longer) timer values. > > Again, text may be subject to further revision. > > [Acee]: In case of doubt, it's RECOMMENDED to start with safer (i.e., longer) timer values. > > > Section 8 says: > > > > [...]. FIBs > > are installed after multiple steps such as flooding of the IGP event > > across the network, SPF wait time, SPF computation, FIB distribution > > across line cards, and FIB update. This document only addresses the > > first contribution. > > > > which makes me try to match up "the first contribution" with the > > flooding, when I assume it's meant to match up with the SPF wait > > time. > > [Bruno] You are absolute right. Thanks for the catch. > > OLD: FIBs are installed after multiple steps such as flooding of the IGP event across the network, SPF wait time, SPF computation, FIB distribution across line cards, and FIB update. This document only addresses the first contribution. > NEW: FIBs are installed after multiple steps such as flooding of the IGP event across the network, SPF wait time, SPF computation, FIB distribution across line cards, and FIB update. This document only addresses the contribution from the SPF wait time. Sounds good. > Thanks again for your careful review. > > Yes - Thank you, You're welcome! -Benjamin From nobody Fri Feb 16 00:28:34 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30C5D12D7F5; Fri, 16 Feb 2018 00:28:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.63 X-Spam-Level: X-Spam-Status: No, score=-2.63 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 048Zi6hGYC2q; Fri, 16 Feb 2018 00:28:30 -0800 (PST) Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87B09120724; Fri, 16 Feb 2018 00:28:29 -0800 (PST) Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id EA0FD40C98; Fri, 16 Feb 2018 09:28:27 +0100 (CET) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.32]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id B8D3A20066; Fri, 16 Feb 2018 09:28:27 +0100 (CET) Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM32.corporate.adroot.infra.ftgroup ([fe80::8924:188:2124:a046%19]) with mapi id 14.03.0382.000; Fri, 16 Feb 2018 09:28:27 +0100 From: To: "Acee Lindem (acee)" , Benjamin Kaduk CC: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" Thread-Topic: secdir review of draft-ietf-rtgwg-backoff-algo-07 Thread-Index: AQHTpdhD0cjOCtUzOESk7b49x53dv6Ol+QIA///nyICAANNwIA== Date: Fri, 16 Feb 2018 08:28:26 +0000 Message-ID: <14030_1518769707_5A86962B_14030_441_1_53C29892C857584299CBF5D05346208A4799C5FF@OPEXCLILM21.corporate.adroot.infra.ftgroup> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.2] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 08:28:32 -0000 VGhhbmtzIEFjZWUuDQpJJ3ZlIHVwZGF0ZWQgdGhlIGRyYWZ0IGFzIHBlciB5b3VyIHN1Z2dlc3Rp b25zLg0KSSdsbCBwb3N0IHRoZSByZXZpc2lvbiBpbiBhIGZldyBob3Vycy4NCg0KLS1CcnVubw0K DQogPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KID4gRnJvbTogQWNlZSBMaW5kZW0gKGFj ZWUpIFttYWlsdG86YWNlZUBjaXNjby5jb21dDQogPiBTZW50OiBUaHVyc2RheSwgRmVicnVhcnkg MTUsIDIwMTggODo1MSBQTQ0KID4gVG86IERFQ1JBRU5FIEJydW5vIElNVC9PTE47IEJlbmphbWlu IEthZHVrDQogPiBDYzogZHJhZnQtaWV0Zi1ydGd3Zy1iYWNrb2ZmLWFsZ28uYWxsQGlldGYub3Jn OyBpZXNnQGlldGYub3JnOyBzZWNkaXJAaWV0Zi5vcmcNCiA+IFN1YmplY3Q6IFJlOiBzZWNkaXIg cmV2aWV3IG9mIGRyYWZ0LWlldGYtcnRnd2ctYmFja29mZi1hbGdvLTA3DQogPiANCiA+IEhpIEJy dW5vLCBCZW5qYW1pbiwNCiA+IA0KID4gVGhhbmtzIHRvIEJlbmphbWluIGZvciByZXZpZXcgYW5k IEJydW5vIGZvciB0aGUgZGV0YWlsZWQgcmVzcG9uc2UuIFNlZSBteSByZXNwb25zZXMgcHJlY2Vk ZWQNCiA+IGJ5IFtBY2VlXS4NCiA+IA0KID4gDQogPiDvu79PbiAyLzE1LzE4LCAxMToxNyBBTSwg ImJydW5vLmRlY3JhZW5lQG9yYW5nZS5jb20iIDxicnVuby5kZWNyYWVuZUBvcmFuZ2UuY29tPiB3 cm90ZToNCiA+IA0KID4gICAgIEhpIEJlbmphbWluLA0KID4gDQogPiAgICAgTWFueSB0aGFua3Mg Zm9yIHlvdXIgY2FyZWZ1bCBhbmQgdXNlZnVsIHJldmlldy4NCiA+ICAgICBQbGVhc2Ugc2VlIGlu bGluZSBbQnJ1bm9dIHRoZSBwcm9wb3NlZCByZXNvbHV0aW9uLg0KID4gDQogPiAgICAgUmVnYXJk aW5nIHRoZSBwb3N0aW5nIG9mIGRyYWZ0IC0wOCwgSSdkIHByb3Bvc2UgdG8gd2FpdCAyNEggZm9y IHlvdXIgcG9zc2libGUgZm9sbG93IHVwLCBwbHVzDQogPiBwb3NzaWJsZSBPUFNESVIgJiBHRU5B UlQgcmV2aWV3OyB1bmxlc3MgQWxpYSBoYXMgb3RoZXIgaW5zdHJ1Y3Rpb25zLiAoTm90ZSB0aGF0 IEknbGwgYmUgb24gUFRPDQogPiBuZXh0IHdlZWspLg0KID4gDQogPiAgICAgQWNlZSwNCiA+ICAg ICBUaGVyZSBhcmUgYSBmZXcgcXVlc3Rpb25zIGZvciB5b3UuIFBsZWFzZSBsb29rcyBmb3IgIkFj ZWUsIGFueSBvcGluaW9uIG9uIHRoaXM/Ig0KID4gDQogPiANCiA+ICAgICAgPiAtLS0tLU9yaWdp bmFsIE1lc3NhZ2UtLS0tLQ0KID4gICAgICA+IEZyb206IEJlbmphbWluIEthZHVrIFttYWlsdG86 a2FkdWtAbWl0LmVkdV0NCiA+ICAgICAgPiBTZW50OiBXZWRuZXNkYXksIEZlYnJ1YXJ5IDE0LCAy MDE4IDEwOjEwIFBNDQogPiAgICAgID4gVG86IGRyYWZ0LWlldGYtcnRnd2ctYmFja29mZi1hbGdv LmFsbEBpZXRmLm9yZzsgaWVzZ0BpZXRmLm9yZzsgc2VjZGlyQGlldGYub3JnDQogPiAgICAgID4g U3ViamVjdDogc2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLXJ0Z3dnLWJhY2tvZmYtYWxnby0w Nw0KID4gICAgICA+DQogPiAgICAgID4gSGkgYWxsLA0KID4gICAgICA+DQogPiAgICAgID4gSSBo YXZlIHJldmlld2VkIHRoaXMgZG9jdW1lbnQgYXMgcGFydCBvZiB0aGUgc2VjdXJpdHkgZGlyZWN0 b3JhdGUncw0KID4gICAgICA+IG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1 bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZQ0KID4gICAgICA+IElFU0cuICBUaGVzZSBjb21t ZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUNCiA+ICAg ICAgPiBzZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNo YWlycyBzaG91bGQgdHJlYXQNCiA+ICAgICAgPiB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2UgYW55 IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCiA+ICAgICAgPg0KID4gICAgICA+ID5Gcm9tIGEg c2VjdXJpdHkgcGVyc3BlY3RpdmUsIHRoaXMgZG9jdW1lbnQgaXMgUmVhZHkuDQogPiANCiA+ICAg ICBbQnJ1bm9dIEV4Y2VsbGVudCwgdGhhbmtzLg0KID4gDQogPiAgICAgID4gIEl0IHNwZWNpZmll cyBhDQogPiAgICAgID4gc3RhbmRhcmQgc2NoZW1lIHRoYXQgY2FuIGJlIHVzZWQgdG8gYmFjayBv ZmYgU1BGIGNhbGN1bGF0aW9ucyBkdXJpbmcNCiA+ICAgICAgPiBwZXJpb2RzIG9mIGZyZXF1ZW50 IElHUCBldmVudHMsIGF2b2lkaW5nIGV4Y2Vzc2l2ZSByZXNvdXJjZQ0KID4gICAgICA+IGNvbnN1 bXB0aW9uIHBlcmZvcm1pbmcgY2FsY3VsYXRpb25zIHRoYXQgd291bGQgYmUgcmVuZGVyZWQgcmVk dW5kYW50DQogPiAgICAgID4gKG9yIGp1c3QgYmUgdXNlbGVzcykgc29vbi4gIFRoZSBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucyBjb3JyZWN0bHkNCiA+ICAgICAgPiBub3RlIHRoYXQgYW4gYXR0YWNr ZXIgdGhhdCBjYW4gZ2VuZXJhdGUgSUdQIGV2ZW50cyB3b3VsZCBiZSBhYmxlIHRvDQogPiAgICAg ID4gZGVsYXkgdGhlIElHUCBjb252ZXJnZW5jZSB0aW1lLCB3aGljaCBpcyB0cnVlIGJvdGggZm9y IHRoaXMgc2NoZW1lDQogPiAgICAgID4gYW5kIGFsbCBzY2hlbWVzIHByZXZpb3VzbHkgaW4gdXNl LiAgKEkgbWlnaHQgdXNlIG1vcmUgd29yZHMgdG8gc2F5DQogPiAgICAgID4gdGhlIHNhbWUgdGhp bmcgaWYgSSB3YXMgd3JpdGluZyBpdCwgYnV0IHRoYXQgcHJvYmFibHkgcmVmbGVjdHMgbW9yZQ0K ID4gICAgICA+IG9uIG1lIHRoYW4gdGhlIGRvY3VtZW50LikNCiA+ICAgICAgPg0KID4gICAgICA+ DQogPiAgICAgID4gSSBkbyBoYXZlIHNvbWUgcXVlc3Rpb25zIGFib3V0IHRoZSBhY3R1YWwgcHJv cG9zZWQgRlNNLCB0aG91Z2ggLS0gSQ0KID4gICAgICA+IHN1c3BlY3QgdGhhdCBJIGFtIGp1c3Qg bWFraW5nIHNvbWUgaW1wbGljaXQgYXNzdW1wdGlvbnMgdGhhdCBtYXkgbm90DQogPiAgICAgID4g YmUgZ3JvdW5kZWQgaW4gcmVhbGl0eS4gIEluIHBhcnRpY3VsYXIsIEkgYW0gYmFzaWNhbGx5IGFz c3VtaW5nIHRoYXQNCiA+ICAgICAgPiBJTklUSUFMX1NQRl9ERUxBWSA8IFNIT1JUX1NQRl9ERUxB WSA8IExPTkdfU1BGX0RFTEFZIDwNCiA+ICAgICAgPiBIT0xERE9XTl9JTlRFUlZBTC4gIChUaGUg ZHJhZnQgaXRzZWxmIG9ubHkgaGFzIGl0IGFzIFJFQ09NTUVOREVEIGZvcg0KID4gICAgICA+IFNQ Rl9JTklUSUFMX0RFTEFZIDw9IFNQRl9TSE9SVF9ERUxBWSA8PSBTUEZfTE9OR19ERUxBWSBpbiBT ZWN0aW9uIDYsDQogPiAgICAgID4geWVzLCB3aXRoIHRoZSBkaWZmZXJlbnQgc3BlbGxpbmdzLCBi dXQgaGFzIGEgTVVTVCBmb3INCiA+ICAgICAgPiBIT0xERE9XTl9JTlRFUlZBTCA+IFRJTUVfVE9f TEVBUk5fSU5URVJWQUwuKQ0KID4gICAgICA+IFRoaXMgd291bGQgcG90ZW50aWFsbHkgYWZmZWN0 IHRoZSBzdGF0ZSBtYWNoaW5lIGZvciBldmVudHMgMSwgNiwgYW5kDQogPiAgICAgID4gNy4NCiA+ IA0KID4gICAgIFtCcnVub10gVGhhbmtzIGZvciBkZXRlY3RpbmcgdGhlIG1pc3NwZWxsaW5nLiBD b3JyZWN0ZWQuDQogPiANCiA+ICAgICAgPiBJbiB0cmFuc2l0aW9uIDEsIHdlIHNheSB0byBvbmx5 IHN0YXJ0IHRoZSBTUEZfVElNRVIgaWYgaXQgaXMgbm90IGFscmVhZHkNCiA+ICAgICAgPiBydW5u aW5nLCBidXQgSSBkbyBub3Qgc2VlIGEgd2F5IGZvciBpdCB0byBhbHJlYWR5IGJlIHJ1bm5pbmcg dW5sZXNzDQogPiAgICAgID4gdGhlIEhPTERET1dOX1RJTUVSIHZhbHVlIGlzIGxlc3MgdGhhbiBv bmUgb3IgbW9yZSBvZiB0aGUgU1BGX1RJTUVSDQogPiAgICAgID4gdmFsdWVzLg0KID4gDQogPiAg ICAgW0JydW5vXSBJIGFncmVlLg0KID4gICAgIDIgY29tbWVudHM6DQogPiAgICAgLSBJTU8sIGl0 IGZlZWxzIHNhZmVyIHRvIGNoZWNrIHRoYXQgU1BGX1RJTUVSIGlzIG5vdCBhbHJlYWR5IHJ1bm5p bmcsIHBsdXMgdGhpcyBpcyBtb3JlIGNvbnNpc3RlbnQNCiA+IHdpdGggb3RoZXIgc3RhdGVzDQog PiAgICAgLSBBcyB5b3UgaGF2ZSBub3RlZCwgdGhlIGRyYWZ0IGRvZXMgbm90IG1hbmRhdGUgdGhh dCBIT0xERE9XTl9USU1FUiA+ICpfU1BGX0RFTEFZLg0KID4gSGVuY2UgdGhpcyBjaGVjayBpcyBp bmRlZWQgcmVxdWlyZWQuDQogPiANCiA+ICAgICAgPiBTaW1pbGFybHksIEkgZG9uJ3Qgc2VlIGhv dyB0cmFuc2l0aW9uIDcgY291bGQgZXZlciBoYXBwZW4sIHNpbmNlIGFuIElHUA0KID4gICAgICA+ IGV2ZW50IG1vdmVzIHVzIG91dCBvZiB0aGUgUVVJRVQgc3RhdGUsIGFuZCBJIGFzc3VtZSB0aGF0 IHRoZQ0KID4gICAgICA+IFNQRl9USU1FUiB3b3VsZCBmaXJlIGJlZm9yZSB0aGUgSE9MRERPV05f VElNRVIsIHNpbmNlIHRoZSBsYXR0ZXIgaXMNCiA+ICAgICAgPiByZXNldCBvbiBldmVyeSBJR1Ag ZXZlbnQgYW5kIEkgYXNzdW1lIHRoZSBsYXR0ZXIgaGFzIGEgbGFyZ2VyIHZhbHVlLg0KID4gDQog PiAgICAgW0JydW5vXSBTYW1lIGFuc3dlcjogdGhlIGRyYWZ0IGRvZXMgbm90IG1hbmRhdGUgdGhh dCBIT0xERE9XTl9USU1FUiA+ICpfU1BGX0RFTEFZLg0KID4gDQogPiAgICAgID4gVHJhbnNpdGlv biA2IGlzIGEgbGl0dGxlIGxlc3MgY2xlYXIsIGJ1dCBpcyBhbHNvIHNpbWlsYXIgLS0gaWYNCiA+ ICAgICAgPiBIT0xERE9XTl9USU1FUiBpcyBsYXJnZXIgdGhhbiBMRUFSTl9USU1FUiwgdGhlbiBM RUFSTl9USU1FUiBtdXN0DQogPiAgICAgID4gZmlyZSBiZWZvcmUgSE9MRERPV05fVElNRVIsIGFu ZCB3ZSBsZWF2ZSBTSE9SVF9XQUlUIHRvIGdvIHRvDQogPiAgICAgID4gTE9OR19XQUlUIGJlZm9y ZSB3ZSBjb3VsZCBjb25zaWRlciBsZWF2aW5nIFNIT1JUX1dBSVQgdG8gZ28gYmFjayB0bw0KID4g ICAgICA+IFFVSUVULg0KID4gDQogPiAgICAgW0JydW5vXSBJIGFncmVlIHdpdGggeW91LiBpLmUu IHRyYW5zaXRpb24gNiBzaG91bGQgbmV2ZXIgYmUgdXNlZCBpZiBIT0xERE9XTl9JTlRFUlZBTCA+ DQogPiBUSU1FX1RPX0xFQVJOX0lOVEVSVkFMIHdoaWNoIGlzIGEgTVVTVCBpbiB0aGUgZHJhZnQu DQogPiAgICAgQXQgdGhpcyBwb2ludCwgSSdkIHJhdGhlciBrZWVwIGl0IGFzIHRoaXMgZ2l2ZXMg bW9yZSByb2J1c3RuZXNzIHRvIHRoZSBGU00uIChJJ20gbm90IGZ1bGx5IGNvbmZpZGVudA0KID4g dGhhdCBhbnkgaW1wbGVtZW50YXRpb24vY29uZmlndXJhdGlvbiBpbnRlcmZhY2Ugd291bGQgZW5m b3JjZSBpdCkgQWxzbywgZHVyaW5nIHByZXZpb3VzIHJldmlld3MsIHdlDQogPiB3ZXJlIHJhdGhl ciBhc2tlZCB0byBpbmRpY2F0ZSBtb3JlL2FsbCB0cmFuc2l0aW9ucyByYXRoZXIgdGhhbiBtYWlu IG9uZXMuDQogPiAgICAgSG93ZXZlciwgSSdtIG9wZW4gdG8gb3RoZXIgb3BpbmlvbnMuDQogPiAg ICAgQWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8NCiA+IA0KID4gW0FjZWVdIEkgYWdyZWUgd2Ug c2hvdWxkIGtlZXAgaXQgYmFzZWQgb24gdGhlIGRyYWZ0IGhpc3RvcnkuDQogPiANCiA+ICAgIFRy YW5zaXRpb24gNjogSE9MRERPV05fVElNRVIgZXhwaXJhdGlvbiwgd2hpbGUgaW4gU0hPUlRfV0FJ VC4gVGhpcw0KID4gICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRyYW5zaXRpb24gd291bGQg bm9ybWFsbHkgbm90IG9jY3VyIHNpbmNlDQogPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg KEhPTERET1dOX0lOVEVSVkFMID4gVElNRV9UT19MRUFSTl9JTlRFUlZBTCkuDQogPiANCiA+IA0K ID4gICAgICA+IFNvLCBhbSBJIG1ha2luZyBzb21lIGZsYXdlZCBhc3N1bXB0aW9ucz8gIChBcmUg dGhlcmUgZXhhbXBsZXMgb2YNCiA+ICAgICAgPiBzaXR1YXRpb25zIHRoYXQgY2xlYXJseSBkZW1v bnN0cmF0ZSB0aGUgZmxhdz8pDQogPiANCiA+ICAgICBbQnJ1bm9dDQogPiAgICAgWW91ciBhc3N1 bXB0aW9ucyBhcmUgbG9naWNhbCBidXQgbm90IG1hbmRhdGVkIGJ5IHRoZSBkcmFmdCwgaGVuY2Ug dGhlIEZTTSBuZWVkcyB0byB3b3JrIGV2ZW4NCiA+IHdpdGhvdXQgdGhvc2UgYXNzdW1wdGlvbnMu DQogPiAgICAgT25lIGNvdWxkIGFyZ3VlIHRoYXQgeW91ciBhc3N1bXB0aW9ucyBhcmUgdmFsaWQu IEJ1dCBhbm90aGVyIG9uZSBtYXkgYXJndWUgdGhhdCBoZSB3YW50cw0KID4gZnJlZWRvbSBpbiBj aG9vc2luZyB0aGUgdGltZXJzJyB2YWx1ZTsgcGx1cyB0aGF0IHRoZSBGU00gc2hvdWxkIGJlIHJv YnVzdCB0byBhbnkgdGltZXJzJyB2YWx1ZXMuDQogPiANCiA+ICAgICAgPiBBbHNvLCB0byBjb25m aXJtIG15IHVuZGVyc3RhbmRpbmcsIHN1cHBvc2UgYSBzY2VuYXJpbyBoYXBwZW5zIHdoZXJlDQog PiAgICAgID4gYW4gSUdQIHBhcnRpY2lwYW50IHNlZXMgYW4gZXZlbnQsIHRoZW4gYSBnYXAgb2Yg MTAwbXMsIHRoZW4gdGhyZWUNCiA+ICAgICAgPiBJR1AgZXZlbnRzIGF0IGVxdWFsIDEwbXMgaW50 ZXJ2YWxzLCB3aXRoIHRoZSBTUEYgZGVsYXlzIGF0IHRoZQ0KID4gICAgICA+IGV4YW1wbGUgdmFs dWVzIG9mIDAvNTAvMjAwMCBtcyBhbmQgVElNRV9UT19MRUFSTiBvZiAxcy4gIFRoZSBmaXJzdA0K ID4gICAgICA+IGV2ZW50IHRyaWdnZXJzIGEgU1BGIGNvbXB1dGF0aW9uIGltbWVkaWF0ZWx5LCB0 aGVuIHdlIGdvIHRvDQogPiAgICAgID4gU0hPUlRfV0FJVCwgdGhlIGZpcnN0IG9mIHRoZSB0aHJl ZSBldmVudHMga2lja3Mgb2ZmIGEgU1BGX1RJTUVSIGZvcg0KID4gICAgICA+IDUwbXMsDQogPiAN CiA+ICAgICBbQnJ1bm9dIEFncmVlZA0KID4gDQogPiAgICAgID4gd2hpY2ggaXMgcmVzZXQgYnkg dGhlIG5leHQgdHdvIGV2ZW50cywNCiA+IA0KID4gICAgIFtCcnVub10gSSBkb24ndCB0aGluayBJ IGFncmVlLg0KID4gICAgIFRoaXMgY2FzZSBpcyBoYW5kbGUgYnkgdHJhbnNpdGlvbiAiMjogSUdQ IGV2ZW50IiB3aGljaCB0cmlnZ2VycyB0aGUgZm9sbG93aW5nIGFjdGlvbnMNCiA+IA0KID4gICAg ICAgICAgICAgbyAgUmVzZXQgSE9MRERPV05fVElNRVIgdG8gSE9MRERPV05fSU5URVJWQUwuDQog PiAgICAgICAgICAgICBvICBJZiBTUEZfVElNRVIgaXMgbm90IGFscmVhZHkgcnVubmluZywgc3Rh cnQgaXQgd2l0aCB2YWx1ZSAgU0hPUlRfU1BGX0RFTEFZLg0KID4gICAgICAgICAgICAgbyAgUmVt YWluIGluIGN1cnJlbnQgc3RhdGUuDQogPiANCiA+IA0KID4gICAgIFNvIGluIHlvdXIgZXhhbXBs ZSwgdGhlIHNlY29uZCAob2YgdGhlIHRocmVlIGV2ZW50cykgYXJyaXZlcyAxMG1zIGFmdGVyIHRo ZSBzdGFydCBvZiB0aGUgNTBtcw0KID4gU1BGX1RJTUVSLiBpLmUuIFNQRl9USU1FUiBpcyBhbHJl YWR5IHJ1bm5pbmcgYW5kIGhlbmNlIG5vdCBjaGFuZ2VkLg0KID4gDQogPiAgICAgID4gIHRoZSBT UEYgdGltZXIgZmlyZXMgYW5kDQogPiAgICAgID4gd2UgcmVjb21wdXRlIHRoZSBTUEYsIHRoZW4g VElNRV9UT19MRUFSTiBmaXJlcyBhbmQgd2UgZ28gdG8NCiA+ICAgICAgPiBMT05HX1dBSVQgdW50 aWwgdGhlIEhPTERET1dOX1RJTUVSIGZpcmVzLg0KID4gDQogPiAgICAgW0JydW5vXSBBZ3JlZWQg d2l0aCB0aGUgYWJvdmUuDQogPiANCiA+ICAgICAgPiAgT3IgbWF5YmUgdGhlIFNQRg0KID4gICAg ICA+IGNhbGN1bGF0aW9uIHRha2VzIG1vcmUgdGhhbiAyMDBtcywgc28gd2hlbiB0aGUgc2Vjb25k IElHUCBldmVudA0KID4gICAgICA+IGZpcmVzLCB3ZSBhYm9ydCB0aGUgY3VycmVudGx5IGluLXBy b2dyZXNzIGNhbGN1bGF0aW9uIGFuZCBkb24ndA0KID4gICAgICA+IHN0YXJ0IGFub3RoZXIgb25l IHVudGlsIDUwbXMgYWZ0ZXIgdGhlIGxhc3QgZXZlbnQ/DQogPiANCiA+ICAgICBbQnJ1bm9dIFRo ZSBGU00gZG9lcyBub3QgdGFrZSBpbnRvIGFjY291bnQgdGhlIFNQRiBjb21wdXRhdGlvbiB0aW1l LiBIZW5jZSB0aGUgYmVoYXZpb3IgaXMNCiA+IG5vdCBjaGFuZ2VkIGJ5IHRoZSBTUEYgY29tcHV0 YXRpb24gdGltZS4NCiA+ICAgICBUaGUgZHJhZnQgZG9lcyBub3QgdGFsayBhYm91dCBhYm9ydGlu ZyB0aGUgU1BGIGNvbXB1dGF0aW9uLiBJIGd1ZXNzIHRoYXQgb25lIGltcGxlbWVudGF0aW9uDQog PiBtYXkgY2hvb3NlIHRvIGFib3J0IHRoZSBTUEYgY29tcHV0YXRpb24sIGJ1dCBpdCBtdXN0IG5v dCBjaGFuZ2UgdGhlIEZTTSBzdGF0ZS90aW1lcnMgZHVlIHRvIHRoaXMNCiA+IGFib3J0aW9uLiAo b3RoZXJ3aXNlLCB0aGlzIGltcGxlbWVudGF0aW9uIHdvdWxkIGJlIG91dCBvZiBzeW5jIHdpdGgg b3RoZXIgbm9kZXMvaW1wbGVtZW50YXRpb25zKQ0KID4gDQogPiAgICAgID4gIEkgYnJpbmcgdGhp cyB1cA0KID4gICAgICA+IGJlY2F1c2Ugb2YgdGhlIHRleHQgaW4gdGhlIHNlY29uZCBwYXJhZ3Jh cGggb2YgU2VjdGlvbiA0IHRoYXQgdGFsa3MNCiA+ICAgICAgPiBvZiBjb21wdXRpbmcgdGhlIHBv c3QtZmFpbHVyZSByb3V0aW5nIHRhYmxlIGluICJhIHNpbmdsZSByb3V0ZQ0KID4gICAgICA+IGNv bXB1dGF0aW9uIi4NCiA+IA0KID4gICAgIFtCcnVub10gVGhlIHBvaW50IGlzIHRoZSBudW1iZXIg b2YgU1BGIGNvbXB1dGF0aW9uIG1heSBiZSBsb3dlciB0aGFuIHRoZSBudW1iZXIgb2YgSUdQDQog PiBldmVudHMuDQogPiAgICAgSW4gdGhlIEZTTSwgdGhpcyBpcyBhY2hpZXZlZCB3aXRoIHRoZSBm b2xsb3dpbmcgYWN0aW9uICIgbyAgSWYgU1BGX1RJTUVSIGlzIG5vdCBhbHJlYWR5IHJ1bm5pbmcs DQogPiBzdGFydCBpdCB3aXRoIHZhbHVlIExPTkdfU1BGX0RFTEFZLiIuIFdoaWNoLCBJT1cgKG5l Z2F0aW9uIGZvcm0pLCBzYXlzIHRoYXQgaWYgdGhlIFNQRl9USU1FUg0KID4gaXMgYWxyZWFkeSBy dW5uaW5nLCB3ZSBkbyBub3RoaW5nIChuZXcpIGFuZCBoZW5jZSB0aGUgbmV3IElHUCBldmVudCBk byBub3QgdHJpZ2dlciBhbiBhZGRpdGlvbmFsDQogPiBTUEYgY29tcHV0YXRpb24uDQogPiANCiA+ ICAgICAgPiAgIEJ1dCBpZiBJIHVuZGVyc3RhbmQgY29ycmVjdGx5LCB0aGUgKnNpbmdsZSoNCiA+ ICAgICAgPiBjb21wdXRhdGlvbiBvbmx5IGhhcHBlbnMgaW4gdGhlIHNlY29uZCBjYXNlIGhlcmUs IHdoZW4gdGhlDQogPiAgICAgID4gY2FsY3VsYXRpb24gdGFrZXMgc29tZSBodW5kcmVkcyBvZiBt aWxsaXNlY29uZHM7IG90aGVyd2lzZSB3ZSBzdGlsbA0KID4gICAgICA+IGhhdmUgKnR3byogY29t cHV0YXRpb25zIChvbmUgdHJpZ2dlcmVkIHdoaWxlIHdlJ3JlIGluIFFVSUVUIGFuZCB0aGUNCiA+ ICAgICAgPiBzZWNvbmQgdHJpZ2dlcmVkIGluIFNIT1JUX0RFTEFZKS4gIFNvIEknbSBub3Qgc3Vy ZSBJIGZ1bGx5DQogPiAgICAgID4gdW5kZXJzdGFuZCB0aGUgZXhwZWN0ZWQgc2NlbmFyaW8uDQog PiANCiA+ICAgICBbQnJ1bm9dIFRoZSBleHBlY3RlZCBzY2VuYXJpbyBpcyB0aGF0IG11bHRpcGxl IElHUCBldmVudHMgbWF5IGJlIGhhbmRsZWQgYnkgYSBzaW5nbGUgU1BGDQogPiBjb21wdXRhdGlv bi4NCiA+ICAgICBUaGUgdHlwaWNhbCByZWFsIGxpZmUgc2l0dWF0aW9uIGlzIGEgbm9kZSBmYWls dXJlLiBUaGlzIGlzIGEgc2luZ2xlIGZhaWx1cmUgYnV0IGEgbGluayBzdGF0ZSBJR1Agd2lsbA0K ID4gdHJpZ2dlciBhbmQgZmxvb2QgTiBJR1BfZXZlbnRzIChvbmUgcGVyIElHUCBuZWlnaGJvcnMg b2YgdGhlIGZhaWxlZCBub2RlKS4gVGhpcyBpcyBiZWNhdXNlIChpbg0KID4gc2hvcnQpIGFuIElH UCBsaW5rIHN0YXRlIGNhbm5vdCBhZHZlcnRpc2UgdGhlIGZhaWx1cmUgb2YgYSBub2RlLCBidXQg b25seSB0aGUgZmFpbHVyZSBvZiBhIGxpbmsuDQogPiAgICAgSWRlYWxseSwgd2Ugc2hvdWxkIHdh aXQgZm9yIHRoZXNlIE4gSUdQX2V2ZW50cyBiZWZvcmUgY29tcHV0aW5nIHRoZSBTUEYgY29tcHV0 YXRpb25zDQogPiBiZWNhdXNlOg0KID4gICAgIC0gaXQncyBvbmx5IGJ5IHRha2luZyBpbnRvIGFj Y291bnQgdGhlIE4gSUdQX2V2ZW50cyB0aGF0IHdlIGNvcnJlY3RseSByZWZsZWN0IHRoZSByZWFs IG5ldHdvcmsNCiA+IHRvcG9sb2d5IChpLmUuIHRoZSBub2RlIGZhaWx1cmUpLg0KID4gICAgIC0g Y29tcHV0aW5nIGFuIFNQRiBiZWZvcmUgcmVjZWl2aW5nIGFsbCBOIGV2ZW50cywgd2lsbCByZXF1 aXJlIGNvbXB1dGluZyBhbm90aGVyIFNQRiBzaG9ydGx5DQogPiBhZnRlci4gaS5lLiB0aGUgZmly c3QgY29tcHV0YXRpb24gaXMgd2FzdGVkIHJlc3NvdXJjZXMuDQogPiANCiA+ICAgICBUaGUgaXNz dWUgaXMgdGhhdCB3ZSBkb24ndCBrbm93IGhvdyBtYW55IElHUCBldmVudHMgd2Ugc2hvdWxkIHdh aXQgZm9yLiBIZW5jZSB0aGUgRlNNDQogPiBkZWZpbmVzIGFuZCB1c2VzIGR1cmF0aW9uICJUSU1F X1RPX0xFQVJOX0lOVEVSVkFMIi4gVGhpcyBkdXJhdGlvbiAic2hvdWxkIiBiZSBhYmxlIHRvIGJl DQogPiBldmFsdWF0ZWQgYSBwcmlvcmkgYnkgdGhlIG5ldHdvcmsgb3BlcmF0b3IgKGFzIGl0IGlz IHRoZSBtYXggb2YgdGhlIGRldGVjdGlvbiB0aW1lLCBvcmlnaW5hdGlvbiB0aW1lLA0KID4gYW5k IGZsb29kaW5nIHRpbWUpLg0KID4gDQogPiAgICAgID4gSSBhbHNvIGFtIHByb2JhYmx5IGhhdmlu ZyBzb21lIHByb2JsZW1zIHdpdGggdGVybWlub2xvZ3ksIHByZXN1bWFibHkNCiA+ICAgICAgPiBq dXN0IG15IG1pc3VuZGVyc3RhbmRpbmcsIHdoaWNoIGhvcGVmdWxseSBjYW4gYmUgc2V0IHN0cmFp Z2h0DQogPiAgICAgID4gZWFzaWx5Lg0KID4gDQogPiAgICAgW0JydW5vXSBQbGVhc2UgY29tbWVu dC9hc2sgcXVlc3Rpb25zIGlmIHRoZSBhYm92ZSBpcyBub3QgY2xlYXIgb3IgZG9lcyBub3QgYWRk cmVzcyB5b3VyIHBvaW50Lg0KID4gDQogPiAgICAgID4gSW4gdGhlIEludHJvZHVjdGlvbiwgd2Ug aGF2ZSBhICJkZXNpcmUgdG8gY29tcHV0ZSBhIG5ldyBTaG9ydGVzdA0KID4gICAgICA+IFBhdGgg Rmlyc3QgKFNQRikgYXMgc29vbiBhcyBhIGZhaWx1cmUgaXMgZGV0ZWN0ZWQiLCB3aGljaCBpcyB1 c2luZw0KID4gICAgICA+IFNQRiBhcyBpdCBpcyBhIGRhdGEgc3RydWN0dXJlIChlLmcuLCB0aGUg cmVzdWx0IG9mIGFuIGFsZ29yaXRobSksDQogPiAgICAgID4gd2hlcmVhcyBteSBpbnR1aXRpb24g aGFzIFNQRiByZWZlcnJpbmcgdG8gdGhlIGFsZ29yaXRobSBbY2xhc3NdIGJ1dA0KID4gICAgICA+ IG5vdCBpdHMgb3V0cHV0Lg0KID4gDQogPiAgICAgW0JydW5vXSBZb3UgYXJlIHJpZ2h0IHRoYXQg U1BGIGlzIHRoZSBhbGdvIChhbmQgU1BUIHRoZSByZXN1bHQpLg0KID4gICAgIFVuZm9ydHVuYXRl bHksIHRoaXMgZ2V0cyB0b28gc3VidGxlIGZvciBteSBsZXZlbCBvZiBFbmdsaXNoLiAgIkFjZWUs IGFueSBvcGluaW9uIG9uIHRoaXM/Ig0KID4gDQogPiBbQWNlZV0gQmVuIGlzIHRlY2huaWNhbGx5 IGNvcnJlY3QuIEhvd2V2ZXIsIGluZm9ybWFsbHksIHdlIG9mdGVuIHJlZmVyIHRvIGFuICJTUEYi IGdlbmVyaWNhbGx5IHRvDQogPiByZWZlciBib3RoIHRvIHRoZSBhbGdvcml0aG0gYW5kIGFuIGlu c3RhbmNlIG9mIHRoZSBhbGdvcml0aG0gY29tcHV0YXRpb24uIFdlIGNvdWxkIGNoYW5nZSBpdCB0 bzoNCiA+IA0KID4gDQogPiAgIE9MRDogSW4gZ2VuZXJhbCwgd2hlbiB0aGUgbmV0d29yayBpcyBz dGFibGUsIHRoZXJlIGlzIGEgZGVzaXJlIHRvIGNvbXB1dGUNCiA+ICAgICAgICAgICAgYSBuZXcg U2hvcnRlc3QgUGF0aCBGaXJzdCAoU1BGKSBhcyBzb29uIGFzIGEgZmFpbHVyZSBpcyBkZXRlY3Rl ZCBpbg0KID4gICBOZXc6IEluIGdlbmVyYWwsIHdoZW4gdGhlIG5ldHdvcmsgaXMgc3RhYmxlLCB0 aGVyZSBpcyBhIGRlc2lyZSB0byB0cmlnZ2VyDQogPiAgICAgICAgICAgICBhIG5ldyBTaG9ydGVz dCBQYXRoIEZpcnN0IChTUEYpIGNvbXB1dGF0aW9uIGFzIHNvb24gYXMgYSBmYWlsdXJlIGlzIGRl dGVjdGVkIGluDQogPiANCiA+IA0KID4gICAgICA+IEluIHNlY3Rpb24gMywgd2UgdGFsayBvZiAi Y29tcHV0YXRpb24gb2YgdGhlIHJvdXRpbmcgdGFibGUsIGJ5IHRoZQ0KID4gICAgICA+IElHUCIs IHdoaWNoIGdldHMgbWUgY29uZnVzZWQgYWJvdXQgd2hldGhlciAidGhlIElHUCIgcmVwcmVzZW50 cyBhDQogPiAgICAgID4gbmV0d29yayBwcm90b2NvbCBmb3IgY29udmV5aW5nIChlLmcuKSBsaW5r IHN0YXRlIGluZm9ybWF0aW9uLCBhbg0KID4gICAgICA+IGFsZ29yaXRobSBmb3IgU1BGIGNvbXB1 dGF0aW9uLCBvciBhIHJvdXRlciB0aGF0IHBlcmZvcm1zIFNQRg0KID4gICAgICA+IGNvbXB1dGF0 aW9ucy4NCiA+IA0KID4gICAgIFtCcnVub10gSUdQIGlzIHVzdWFsbHkgYSBwcm90b2NvbC4gSW4g dGhpcyBzZW50ZW5jZSwgaXQgaXMgbWVhbnQgYXMgdGhlIElHUCBwcm9jZXNzIG9mIHRoZSByb3V0 ZXIuDQogPiAgICAgQWdhaW4sIEknbSBvcGVuIHRvIHJlZm9ybXVsYXRpb24uICJBY2VlLCBhbnkg b3BpbmlvbiBvbiB0aGlzPyINCiA+IA0KID4gW0FjZWVdIEkgZG9uJ3QgdGhpbmsgd2UgbmVlZCB0 byBjaGFuZ2UgdGhpcy4gSUdQIGlzIGEgd2VsbC1rbm93biBhY3JvbnltLg0KID4gICAgICAgICAg ICAgIGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL21hdGVyaWFscy9hYmJyZXYuZXhwYW5zaW9u LnR4dA0KID4gDQogPiANCiA+ICAgICAgPiBJbiBzZWN0aW9uIDYgd2UgdGFsayBvZiAidGhlIG51 bWJlciBvZiBwcm90b2NvbHMNCiA+ICAgICAgPiByZWFjdGlvbnMvY29tcHV0YXRpb25zIHRyaWdn ZXJlZCBieSBJR1AgU1BGIi4gIElzIHRoaXMganVzdCBpbiB0aGUgc2Vuc2UNCiA+ICAgICAgPiBv ZiAiZWFjaCBTUEYgY2FsY3VsYXRpb24gdHJpZ2dlcnMgYSBidW5jaCBvZiBvdGhlciBzdHVmZiI/ DQogPiANCiA+ICAgICBbQnJ1bm9dIFllcywgZXhhY3RseS4gQWdhaW4gYnkgInByb3RvY29sIHJl YWN0aW9uIiBpdCdzIG1lYW50IHJvdXRlcidzIHByb2Nlc3NlcyBpbXBsZW1lbnRpbmcNCiA+IHRo b3NlIHByb3RvY29scy4NCiA+ICAgICBGWUksIHR5cGljYWwgcHJvdG9jb2wgSSBjb3VsZCB0aGlu ayBvZiBhcmUgQkdQIGFuZCBQQ0UsIGJ1dCBwb3NzaWJseSBvdGhlciBJR1AgKGxpa2UpIGluIGNh c2Ugb2YNCiA+IHJvdXRlIHJlZGlzdHJpYnV0aW9uLg0KID4gDQogPiAgICAgID4gSSB0aGluaw0K ID4gICAgICA+IHRoaXMgaXMgYW5vdGhlciBjYXNlIGFib3V0IG1lIGJlaW5nIGNvbmZ1c2VkIHdo ZXRoZXIgIlNQRiIgbWVhbnMgYW4NCiA+ICAgICAgPiBhbGdvcml0aG0sIGEgc3BlY2lmaWMgY29t cHV0YXRpb24gdXNpbmcgdGhhdCBhbGdvcml0aG0sIGV0Yy4NCiA+IA0KID4gICAgIFtCcnVub10g SSBhZ3JlZSB0aGF0IHRoaXMgaXMgdGhlIHNhbWUgY2FzZS4gIkFjZWUsIGFueSBvcGluaW9uIG9u IHRoaXM/Ig0KID4gDQogPiBbQWNlZV0gV2UgY291bGQgY2hhbmdlICJJR1AgU1BGIiB0byAiSUdQ IFNQRiBjb21wdXRhdGlvbiIuDQogPiANCiA+IA0KID4gICAgID4NCiA+ICAgICAgPg0KID4gICAg ICA+IFNvbWUgb3RoZXIgZWRpdG9yaWFsIG5vdGVzOg0KID4gICAgICA+DQogPiAgICAgID4gSXQn cyBwcm9iYWJseSBiZXR0ZXIgdG8gY2l0ZSBSRkMgODE3NCBpbnN0ZWFkIG9mL2luIGFkZGl0aW9u IHRvIFJGQw0KID4gICAgICA+IDIxMTksIGVzcGVjaWFsbHkgc2luY2UgdGhlcmUgaXMgYXQgbGVh c3QgYSBsb3dlcmNhc2UgIm1heSIgcHJlc2VudC4NCiA+IA0KID4gICAgIFtCcnVub10gb2ssIGRv bmUuDQogPiANCiA+ICAgICAgPiBJdCdzIHVuY2xlYXIgdGhhdCAidGVtcG9yYWxseSBjbG9zZSIg aW4gIm11bHRpcGxlIHRlbXBvcmFsbHkgY2xvc2UNCiA+ICAgICAgPiBmYWlsdXJlcyBvdmVyIGEg c2hvcnQgdGltZSIgcmVhbGx5IGFkZHMgYW55IHZhbHVlLCBpbiB0aGUNCiA+ICAgICAgPiBJbnRy b2R1Y3Rpb24uDQogPiANCiA+ICAgICBbQnJ1bm9dIG9rLCBkb25lOg0KID4gDQogPiAgICAgT0xE OiBIb3dldmVyLCB3aGVuIHRoZSBuZXR3b3JrIGlzIGV4cGVyaWVuY2luZyBtdWx0aXBsZSB0ZW1w b3JhbGx5IGNsb3NlIGZhaWx1cmVzIG92ZXIgYSBzaG9ydA0KID4gcGVyaW9kIG9mIHRpbWUsIHRo ZXJlIGlzIGEgY29uZmxpY3RpbmcgZGVzaXJlIHRvIGxpbWl0IHRoZSBmcmVxdWVuY3kgb2YgU1BG IGNvbXB1dGF0aW9ucy4NCiA+IA0KID4gICAgIE5FVzogSG93ZXZlciwgd2hlbiB0aGUgbmV0d29y ayBpcyBleHBlcmllbmNpbmcgbXVsdGlwbGUgZmFpbHVyZXMgb3ZlciBhIHNob3J0IHBlcmlvZCBv ZiB0aW1lLA0KID4gdGhlcmUgaXMgYSBjb25mbGljdGluZyBkZXNpcmUgdG8gbGltaXQgdGhlIGZy ZXF1ZW5jeSBvZiBTUEYgY29tcHV0YXRpb25zLg0KID4gDQogPiANCiA+ICAgICAgPiBJbiBzZWN0 aW9uIDIsIGxhc3QgYnVsbGV0IHBvaW50IG9uIHBhZ2UgMywgIlNQRl9ERUxBWSB0aW1lcnMgdmFs dWVzIg0KID4gICAgICA+IHByb2JhYmx5IGRvZXNuJ3QgbmVlZCB0aGUgcGx1cmFsICJ0aW1lcnMi IChzbywgZWl0aGVyICJ0aW1lciIgb3INCiA+ICAgICAgPiB0aGUgcG9zc2Vzc2l2ZSAidGltZXJz JyIpLCB0aG91Z2ggSSBhbSBtaW5kZnVsIG9mIHRoZSByZWNlbnQNCiA+ICAgICAgPiBkaXNjdXNz aW9uIG9uIGlldGZAIGFib3V0IChub24tKUFtZXJpY2FuIEVuZ2xpc2guICBUaGUgc2Vjb25kDQog PiAgICAgID4gc2VudGVuY2Ugb2YgdGhlIGJ1bGxldCBpcyBhbHNvIGEgc2VudGVuY2UgZnJhZ21l bnQgYW5kIG5vdCBhDQogPiAgICAgID4gY29tcGxldGUgc2VudGVuY2UuDQogPiANCiA+ICAgICBb QnJ1bm9dIG9rOg0KID4gICAgIC0gSSB0cnVzdCB5b3Ugb24geW91ciBmaXJzdCBwb2ludCBhbmQg cGlja2VkIHRoZSBwb3NzZXNzaXZlIG9wdGlvbg0KID4gICAgIC0gSSBhZ3JlZSB3aXRoIHlvdSBv biB0aGUgc2Vjb25kIHBvaW50DQogPiANCiA+ICAgICBDdXJyZW50bHkgY2hhbmdlZCB0bzoNCiA+ ICAgICBPTEQ6DQogPiAgICAgQWx3YXlzIHRyeSB0byBhdm9pZCBkaWZmZXJlbnQgU1BGX0RFTEFZ IHRpbWVycyB2YWx1ZXMgYWNyb3NzIGRpZmZlcmVudCByb3V0ZXJzIGluIHRoZQ0KID4gYXJlYS9s ZXZlbC4gRXZlbiB0aG91Z2ggbm90IGFsbCByb3V0ZXJzIHdpbGwgcmVjZWl2ZSBJR1AgbWVzc2Fn ZXMgYXQgdGhlIHNhbWUgdGltZSwgZHVlIHRvDQogPiBkaWZmZXJlbmNlcyBib3RoIGluIHRoZSBk aXN0YW5jZSBmcm9tIHRoZSBvcmlnaW5hdG9yIG9mIHRoZSBJR1AgZXZlbnQgYW5kIGluIGZsb29k aW5nDQogPiBpbXBsZW1lbnRhdGlvbnMuDQogPiANCiA+ICAgICBORVc6DQogPiAgICAgQWx3YXlz IHRyeSB0byBhdm9pZCBkaWZmZXJlbnQgU1BGX0RFTEFZIHRpbWVycycgdmFsdWVzIGFjcm9zcyBk aWZmZXJlbnQgcm91dGVycyBpbiB0aGUNCiA+IGFyZWEvbGV2ZWwuIFRoaXMgcmVxdWlyZXMgc3Bl Y2lmaWMgY29uc2lkZXJhdGlvbiBhcyBkaWZmZXJlbnQgcm91dGVycyBtYXkgcmVjZWl2ZSBJR1Ag bWVzc2FnZXMgYXQNCiA+IGRpZmZlcmVudCBpbnRlcnZhbCBvciBldmVuIG9yZGVyLCBkdWUgdG8g ZGlmZmVyZW5jZXMgYm90aCBpbiB0aGUgZGlzdGFuY2UgZnJvbSB0aGUgb3JpZ2luYXRvciBvZiB0 aGUNCiA+IElHUCBldmVudCBhbmQgaW4gZmxvb2RpbmcgaW1wbGVtZW50YXRpb25zLg0KID4gDQog PiANCiA+ICAgICBUaGF0IGJlaW5nIHNhaWQsIEknbSBub3QgYSBuYXRpdmUgRW5nbGlzaCBzcGVh a2VyIGFuZCBBY2VlIGlzIGtpbmQgZW5vdWdoIHRvIHNwZW5kIHRpbWUNCiA+IGNvcnJlY3Rpbmcg bXkgZXJyb3JzLiBUaGVyZWZvcmUsIEFjZWUgYW5kIG9idmlvdXNseSB0aGUgUkZDIGVkaXRvciBt YXkgZnVydGhlciBlZGl0IHRoaXMgdGV4dC4NCiA+IA0KID4gW0FjZWVdIEkgdGhpbmsgIlNQRl9E RUxBWSB0aW1lciB2YWx1ZXMiIHJlYWRzIGJldHRlciBhcyBhIHNpbmdsZSBwbHVyYWwgY29tcG91 bmQgbm91bi4gRG8geW91DQogPiBkaXNhZ3JlZT8gU2VlIGNsYXJpZmljYXRpb24gYmVsb3c6DQog PiANCiA+ICBBbHdheXMgdHJ5IHRvIGF2b2lkIGRpZmZlcmVudCBTUEZfREVMQVkgdGltZXIgdmFs dWVzIGFjcm9zcyBkaWZmZXJlbnQgcm91dGVycyBpbiB0aGUgYXJlYS9sZXZlbC4NCiA+IFRoaXMg cmVxdWlyZXMgc3BlY2lmaWMgY29uc2lkZXJhdGlvbiBhcyBkaWZmZXJlbnQgcm91dGVycyBtYXkg cmVjZWl2ZSBJR1AgbWVzc2FnZXMgYXQgYSBkaWZmZXJlbnQNCiA+IGludGVydmFsIG9yIGV2ZW4g aW4gYSBkaWZmZXJlbnQgb3JkZXIsIGR1ZSB0byBkaWZmZXJlbmNlcyBib3RoIGluIHRoZSBkaXN0 YW5jZSBmcm9tIHRoZSBvcmlnaW5hdG9yIG9mDQogPiB0aGUgSUdQIGV2ZW50IGFuZCBpbiBmbG9v ZGluZyBpbXBsZW1lbnRhdGlvbnMuDQogPiANCiA+IA0KID4gDQogPiANCiA+ICAgICAgPiBTUkxH IGlzIHVzZWQgd2l0aG91dCBleHBhbnNpb24gaW4gbXVsdGlwbGUgcGxhY2VzLCBidXQgZG9lcyBu b3QNCiA+ICAgICAgPiBhcHBlYXIgb24gaHR0cHM6Ly93d3cucmZjLWVkaXRvci5vcmcvbWF0ZXJp YWxzL2FiYnJldi5leHBhbnNpb24udHh0DQogPiAgICAgID4gYXMgYSAid2VsbC1rbm93biIgYWJi cmV2aWF0aW9uLg0KID4gDQogPiAgICAgW0JydW5vXSBvaywgZXhwYW5kZWQgb24gZmlyc3QgdXNl Lg0KID4gDQogPiANCiA+ICAgICAgPiBJbiBzZWN0aW9uIDYsIHdlIGZpbmQgdGhlIGF3a3dhcmQg Y29uc3RydWN0aW9uICJwbGF5IGl0IHNhZmUgYW5kDQogPiAgICAgID4gc3RhcnQgd2l0aCBzYWZl LCBpLmUuLCBsb25nZXIgdGltZXJzIi4gIFByb2JhYmx5IHdlIHdhbnQgdG8gc2F5DQogPiAgICAg ID4gInNhZmUgdmFsdWVzIiBhcyB0aGUgbm91biwgYW5kIG1heWJlIGNvbnNpZGVyIHJld29yZGlu ZyB0byBhdm9pZCB0aGUNCiA+ICAgICAgPiBkdXBsaWNhdGUgInNhZmUiIGFuZC9vciB0aGUgY29s bG9xdWlhbGlzbSAicGxheSBpdCBzYWZlIi4NCiA+IA0KID4gICAgIFtCcnVub10gb2sNCiA+IA0K ID4gICAgIE9MRDogSW4gY2FzZSBvZiBkb3VidCwgaXQncyBSRUNPTU1FTkRFRCB0byBwbGF5IGl0 IHNhZmUgYW5kIHN0YXJ0IHdpdGggc2FmZSwgaS5lLiwgbG9uZ2VyDQogPiB0aW1lcnMuDQogPiAg ICAgTkVXOiBJbiBjYXNlIG9mIGRvdWJ0LCBpdCdzIFJFQ09NTUVOREVEIHRvIHN0YXJ0IHdpdGgg c2FmZXIgKGkuZS4gbG9uZ2VyKSB0aW1lciB2YWx1ZXMuDQogPiANCiA+ICAgICBBZ2FpbiwgdGV4 dCBtYXkgYmUgc3ViamVjdCB0byBmdXJ0aGVyIHJldmlzaW9uLg0KID4gDQogPiBbQWNlZV06IElu IGNhc2Ugb2YgZG91YnQsIGl0J3MgUkVDT01NRU5ERUQgdG8gc3RhcnQgd2l0aCBzYWZlciAoaS5l LiwgbG9uZ2VyKSB0aW1lciB2YWx1ZXMuDQogPiANCiA+ICAgICAgPiBTZWN0aW9uIDggc2F5czoN CiA+ICAgICAgPg0KID4gICAgICA+ICAgIFsuLi5dLiBGSUJzDQogPiAgICAgID4gICAgYXJlIGlu c3RhbGxlZCBhZnRlciBtdWx0aXBsZSBzdGVwcyBzdWNoIGFzIGZsb29kaW5nIG9mIHRoZSBJR1Ag ZXZlbnQNCiA+ICAgICAgPiAgICBhY3Jvc3MgdGhlIG5ldHdvcmssIFNQRiB3YWl0IHRpbWUsIFNQ RiBjb21wdXRhdGlvbiwgRklCIGRpc3RyaWJ1dGlvbg0KID4gICAgICA+ICAgIGFjcm9zcyBsaW5l IGNhcmRzLCBhbmQgRklCIHVwZGF0ZS4gIFRoaXMgZG9jdW1lbnQgb25seSBhZGRyZXNzZXMgdGhl DQogPiAgICAgID4gICAgZmlyc3QgY29udHJpYnV0aW9uLg0KID4gICAgICA+DQogPiAgICAgID4g d2hpY2ggbWFrZXMgbWUgdHJ5IHRvIG1hdGNoIHVwICJ0aGUgZmlyc3QgY29udHJpYnV0aW9uIiB3 aXRoIHRoZQ0KID4gICAgICA+IGZsb29kaW5nLCB3aGVuIEkgYXNzdW1lIGl0J3MgbWVhbnQgdG8g bWF0Y2ggdXAgd2l0aCB0aGUgU1BGIHdhaXQNCiA+ICAgICAgPiB0aW1lLg0KID4gDQogPiAgICAg W0JydW5vXSBZb3UgYXJlIGFic29sdXRlIHJpZ2h0LiBUaGFua3MgZm9yIHRoZSBjYXRjaC4NCiA+ IA0KID4gICAgIE9MRDogIEZJQnMgYXJlIGluc3RhbGxlZCBhZnRlciBtdWx0aXBsZSBzdGVwcyBz dWNoIGFzIGZsb29kaW5nIG9mIHRoZSBJR1AgZXZlbnQgYWNyb3NzIHRoZQ0KID4gbmV0d29yaywg U1BGIHdhaXQgdGltZSwgU1BGIGNvbXB1dGF0aW9uLCBGSUIgZGlzdHJpYnV0aW9uIGFjcm9zcyBs aW5lIGNhcmRzLCBhbmQgRklCIHVwZGF0ZS4gVGhpcw0KID4gZG9jdW1lbnQgb25seSBhZGRyZXNz ZXMgdGhlIGZpcnN0IGNvbnRyaWJ1dGlvbi4NCiA+ICAgICBORVc6IEZJQnMgYXJlIGluc3RhbGxl ZCBhZnRlciBtdWx0aXBsZSBzdGVwcyBzdWNoIGFzIGZsb29kaW5nIG9mIHRoZSBJR1AgZXZlbnQg YWNyb3NzIHRoZQ0KID4gbmV0d29yaywgU1BGIHdhaXQgdGltZSwgU1BGIGNvbXB1dGF0aW9uLCBG SUIgZGlzdHJpYnV0aW9uIGFjcm9zcyBsaW5lIGNhcmRzLCBhbmQgRklCIHVwZGF0ZS4gVGhpcw0K ID4gZG9jdW1lbnQgb25seSBhZGRyZXNzZXMgdGhlIGNvbnRyaWJ1dGlvbiBmcm9tIHRoZSBTUEYg d2FpdCB0aW1lLg0KID4gDQogPiAgICAgVGhhbmtzIGFnYWluIGZvciB5b3VyIGNhcmVmdWwgcmV2 aWV3Lg0KID4gDQogPiBZZXMgLSBUaGFuayB5b3UsDQogPiBBY2VlDQogPiANCiA+IA0KID4gICAg IC0tQnJ1bm8NCiA+IA0KID4gICAgICA+IC1CZW5qYW1pbg0KID4gDQogPiANCiA+IF9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fDQogPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXw0KID4gDQogPiAgICAgQ2UgbWVzc2FnZSBldCBzZXMgcGllY2VzIGpvaW50ZXMgcGV1dmVu dCBjb250ZW5pciBkZXMgaW5mb3JtYXRpb25zIGNvbmZpZGVudGllbGxlcyBvdQ0KID4gcHJpdmls ZWdpZWVzIGV0IG5lIGRvaXZlbnQgZG9uYw0KID4gICAgIHBhcyBldHJlIGRpZmZ1c2VzLCBleHBs b2l0ZXMgb3UgY29waWVzIHNhbnMgYXV0b3Jpc2F0aW9uLiBTaSB2b3VzIGF2ZXogcmVjdSBjZSBt ZXNzYWdlIHBhcg0KID4gZXJyZXVyLCB2ZXVpbGxleiBsZSBzaWduYWxlcg0KID4gICAgIGEgbCdl eHBlZGl0ZXVyIGV0IGxlIGRldHJ1aXJlIGFpbnNpIHF1ZSBsZXMgcGllY2VzIGpvaW50ZXMuIExl cyBtZXNzYWdlcyBlbGVjdHJvbmlxdWVzIGV0YW50DQogPiBzdXNjZXB0aWJsZXMgZCdhbHRlcmF0 aW9uLA0KID4gICAgIE9yYW5nZSBkZWNsaW5lIHRvdXRlIHJlc3BvbnNhYmlsaXRlIHNpIGNlIG1l c3NhZ2UgYSBldGUgYWx0ZXJlLCBkZWZvcm1lIG91IGZhbHNpZmllLiBNZXJjaS4NCiA+IA0KID4g ICAgIFRoaXMgbWVzc2FnZSBhbmQgaXRzIGF0dGFjaG1lbnRzIG1heSBjb250YWluIGNvbmZpZGVu dGlhbCBvciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uIHRoYXQgbWF5IGJlDQogPiBwcm90ZWN0ZWQg YnkgbGF3Ow0KID4gICAgIHRoZXkgc2hvdWxkIG5vdCBiZSBkaXN0cmlidXRlZCwgdXNlZCBvciBj b3BpZWQgd2l0aG91dCBhdXRob3Jpc2F0aW9uLg0KID4gICAgIElmIHlvdSBoYXZlIHJlY2VpdmVk IHRoaXMgZW1haWwgaW4gZXJyb3IsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBhbmQgZGVsZXRl IHRoaXMgbWVzc2FnZSBhbmQgaXRzDQogPiBhdHRhY2htZW50cy4NCiA+ICAgICBBcyBlbWFpbHMg bWF5IGJlIGFsdGVyZWQsIE9yYW5nZSBpcyBub3QgbGlhYmxlIGZvciBtZXNzYWdlcyB0aGF0IGhh dmUgYmVlbiBtb2RpZmllZCwgY2hhbmdlZA0KID4gb3IgZmFsc2lmaWVkLg0KID4gICAgIFRoYW5r IHlvdS4NCiA+IA0KID4gDQoNCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fCgpDZSBtZXNzYWdlIGV0IHNlcyBwaWVjZXMgam9p bnRlcyBwZXV2ZW50IGNvbnRlbmlyIGRlcyBpbmZvcm1hdGlvbnMgY29uZmlkZW50aWVsbGVzIG91 IHByaXZpbGVnaWVlcyBldCBuZSBkb2l2ZW50IGRvbmMKcGFzIGV0cmUgZGlmZnVzZXMsIGV4cGxv aXRlcyBvdSBjb3BpZXMgc2FucyBhdXRvcmlzYXRpb24uIFNpIHZvdXMgYXZleiByZWN1IGNlIG1l c3NhZ2UgcGFyIGVycmV1ciwgdmV1aWxsZXogbGUgc2lnbmFsZXIKYSBsJ2V4cGVkaXRldXIgZXQg bGUgZGV0cnVpcmUgYWluc2kgcXVlIGxlcyBwaWVjZXMgam9pbnRlcy4gTGVzIG1lc3NhZ2VzIGVs ZWN0cm9uaXF1ZXMgZXRhbnQgc3VzY2VwdGlibGVzIGQnYWx0ZXJhdGlvbiwKT3JhbmdlIGRlY2xp bmUgdG91dGUgcmVzcG9uc2FiaWxpdGUgc2kgY2UgbWVzc2FnZSBhIGV0ZSBhbHRlcmUsIGRlZm9y bWUgb3UgZmFsc2lmaWUuIE1lcmNpLgoKVGhpcyBtZXNzYWdlIGFuZCBpdHMgYXR0YWNobWVudHMg bWF5IGNvbnRhaW4gY29uZmlkZW50aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24gdGhhdCBt YXkgYmUgcHJvdGVjdGVkIGJ5IGxhdzsKdGhleSBzaG91bGQgbm90IGJlIGRpc3RyaWJ1dGVkLCB1 c2VkIG9yIGNvcGllZCB3aXRob3V0IGF1dGhvcmlzYXRpb24uCklmIHlvdSBoYXZlIHJlY2VpdmVk IHRoaXMgZW1haWwgaW4gZXJyb3IsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBhbmQgZGVsZXRl IHRoaXMgbWVzc2FnZSBhbmQgaXRzIGF0dGFjaG1lbnRzLgpBcyBlbWFpbHMgbWF5IGJlIGFsdGVy ZWQsIE9yYW5nZSBpcyBub3QgbGlhYmxlIGZvciBtZXNzYWdlcyB0aGF0IGhhdmUgYmVlbiBtb2Rp ZmllZCwgY2hhbmdlZCBvciBmYWxzaWZpZWQuClRoYW5rIHlvdS4KCg== From nobody Fri Feb 16 02:35:39 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EA3F9126C23 for ; Fri, 16 Feb 2018 02:35:37 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.72.1 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151877733795.4824.2668861253156528994.idtracker@ietfa.amsl.com> Date: Fri, 16 Feb 2018 02:35:37 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 10:35:38 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-02-22 Reviewer LC end Draft Tobias Gondrom 2018-02-21 draft-ietf-sacm-nea-swima-patnc-02 Christian Huitema R2018-02-19 draft-ietf-lwig-crypto-sensors-05 Leif Johansson 2018-02-20 draft-ietf-nvo3-hpvr2nve-cp-req-15 Scott Kelly 2018-02-09 draft-ietf-bess-fat-pw-bgp-03 Russ Mundy 2018-02-22 draft-ietf-bier-isis-extensions-07 Sandra Murphy 2018-02-19 draft-ietf-lime-yang-connection-oriented-oam-model-05 Yoav Nir 2018-02-15 draft-ietf-modern-problem-framework-03 For telechat 2018-03-08 Reviewer LC end Draft Derek Atkins 2018-02-22 draft-ietf-bier-mvpn-09 Daniel Gillmor 2018-03-05 draft-gutmann-scep-09 Watson Ladd None draft-ietf-rmcat-sbd-09 Ben Laurie None draft-ietf-6tisch-6top-protocol-09 Chris Lonvick None draft-ietf-6lo-rfc6775-update-11 David Mandelberg 2018-02-22 draft-ietf-ice-trickle-16 Daniel Migault 2018-02-21 draft-ietf-sidr-slurm-06 Magnus Nystrom None draft-ietf-trill-multi-topology-05 Hilarie Orman None draft-ietf-trill-directory-assisted-encap-09 Radia Perlman None draft-ietf-i2rs-yang-dc-fabric-network-topology-06 Derrell Piper None draft-ietf-i2rs-rib-data-model-10 Tim Polk None draft-ietf-core-object-security-08 Vincent Roca None draft-ietf-core-cocoa-02 Kyle Rose None draft-ietf-ace-cbor-web-token-12 Joseph Salowey 2018-03-01 draft-ietf-teas-rsvp-ingress-protection-13 Rich Salz 2018-03-01 draft-ietf-tls-tls13-24 Stefan Santesson 2018-03-01 draft-ietf-tls-iana-registry-updates-04 Yaron Sheffer 2018-02-28 draft-ietf-netmod-syslog-model-21 Rifaat Shekh-Yusef 2018-02-27 draft-ietf-teas-rsvp-egress-protection-09 Melinda Shore 2018-02-27 draft-ietf-lisp-signal-free-multicast-07 Paul Wouters 2018-02-23 draft-ietf-i2rs-rib-info-model-14 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-09 Leif Johansson R2018-02-26 draft-ietf-homenet-babel-profile-05 Matthew Miller 2018-02-20 draft-ietf-tram-stunbis-15 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Robert Sparks 2018-02-26 draft-ietf-softwire-map-mib-12 Tina Tsou 2018-02-26 draft-ietf-softwire-dslite-yang-14 Sean Turner 2018-02-26 draft-ietf-hip-rfc4423-bis-18 Carl Wallace 2018-02-26 draft-ietf-hip-native-nat-traversal-27 David Waltermire 2018-02-26 draft-ietf-hip-dex-06 Brian Weis 2018-02-23 draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 Klaas Wierenga 2018-02-23 draft-ietf-nfsv4-layout-types-09 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ólafur Guðmundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Liang Xia 2018-02-25 draft-ietf-anima-autonomic-control-plane-13 Next in the reviewer rotation: Taylor Yu Dacheng Zhang Derek Atkins John Bradley Shaun Cooley Roman Danyliw Alan DeKok Donald Eastlake Shawn Emery Stephen Farrell From nobody Fri Feb 16 04:34:21 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8834124F57; Fri, 16 Feb 2018 04:34:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.63 X-Spam-Level: X-Spam-Status: No, score=-2.63 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OcupQh_1VQJL; Fri, 16 Feb 2018 04:34:16 -0800 (PST) Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB3A124BE8; Fri, 16 Feb 2018 04:34:16 -0800 (PST) Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr25.francetelecom.fr (ESMTP service) with ESMTP id 980171812D4; Fri, 16 Feb 2018 13:34:14 +0100 (CET) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.43]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id 665D91A0076; Fri, 16 Feb 2018 13:34:14 +0100 (CET) Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILM5F.corporate.adroot.infra.ftgroup ([fe80::e172:f13e:8be6:71cc%18]) with mapi id 14.03.0382.000; Fri, 16 Feb 2018 13:34:14 +0100 From: To: Benjamin Kaduk CC: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" , "Acee Lindem (acee)" Thread-Topic: secdir review of draft-ietf-rtgwg-backoff-algo-07 Thread-Index: AQHTpdhD0cjOCtUzOESk7b49x53dv6Ol+QIA///nyICAADYagIAAyZUg Date: Fri, 16 Feb 2018 12:34:13 +0000 Message-ID: <23454_1518784454_5A86CFC6_23454_358_1_53C29892C857584299CBF5D05346208A4799CED8@OPEXCLILM21.corporate.adroot.infra.ftgroup> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216000410.GP12363@mit.edu> In-Reply-To: <20180216000410.GP12363@mit.edu> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.2] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 12:34:20 -0000 SGkgQmVuamFtaW4sDQoNCj4gRnJvbTogQmVuamFtaW4gS2FkdWsgW21haWx0bzprYWR1a0BtaXQu ZWR1XQ0KID4gU2VudDogRnJpZGF5LCBGZWJydWFyeSAxNiwgMjAxOCAxOjA0IEFNDQo+IA0KID4g W2Fsc28gaW5saW5lXQ0KDQpQbGVhc2Ugc2VlIGlubGluZSBbQnJ1bm8yXQ0KIA0KID4gT24gVGh1 LCBGZWIgMTUsIDIwMTggYXQgMDc6NTA6MzRQTSArMDAwMCwgQWNlZSBMaW5kZW0gKGFjZWUpIHdy b3RlOg0KID4gPiBIaSBCcnVubywgQmVuamFtaW4sDQogPiA+DQogPiA+IFRoYW5rcyB0byBCZW5q YW1pbiBmb3IgcmV2aWV3IGFuZCBCcnVubyBmb3IgdGhlIGRldGFpbGVkIHJlc3BvbnNlLiBTZWUg bXkgcmVzcG9uc2VzIHByZWNlZGVkDQogPiBieSBbQWNlZV0uDQogPiA+DQogPiA+DQogPiA+IO+7 v09uIDIvMTUvMTgsIDExOjE3IEFNLCAiYnJ1bm8uZGVjcmFlbmVAb3JhbmdlLmNvbSIgPGJydW5v LmRlY3JhZW5lQG9yYW5nZS5jb20+IHdyb3RlOg0KID4gPg0KID4gPiAgICAgSGkgQmVuamFtaW4s DQogPiA+DQogPiA+ICAgICBNYW55IHRoYW5rcyBmb3IgeW91ciBjYXJlZnVsIGFuZCB1c2VmdWwg cmV2aWV3Lg0KID4gPiAgICAgUGxlYXNlIHNlZSBpbmxpbmUgW0JydW5vXSB0aGUgcHJvcG9zZWQg cmVzb2x1dGlvbi4NCiA+ID4NCiA+ID4gICAgIFJlZ2FyZGluZyB0aGUgcG9zdGluZyBvZiBkcmFm dCAtMDgsIEknZCBwcm9wb3NlIHRvIHdhaXQgMjRIIGZvciB5b3VyIHBvc3NpYmxlIGZvbGxvdyB1 cCwgcGx1cw0KID4gcG9zc2libGUgT1BTRElSICYgR0VOQVJUIHJldmlldzsgdW5sZXNzIEFsaWEg aGFzIG90aGVyIGluc3RydWN0aW9ucy4gKE5vdGUgdGhhdCBJJ2xsIGJlIG9uIFBUTw0KID4gbmV4 dCB3ZWVrKS4NCiA+ID4NCiA+ID4gICAgIEFjZWUsDQogPiA+ICAgICBUaGVyZSBhcmUgYSBmZXcg cXVlc3Rpb25zIGZvciB5b3UuIFBsZWFzZSBsb29rcyBmb3IgIkFjZWUsIGFueSBvcGluaW9uIG9u IHRoaXM/Ig0KID4gPg0KID4gPg0KID4gPiAgICAgID4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS0NCiA+ID4gICAgICA+IEZyb206IEJlbmphbWluIEthZHVrIFttYWlsdG86a2FkdWtAbWl0LmVk dV0NCiA+ID4gICAgICA+IFNlbnQ6IFdlZG5lc2RheSwgRmVicnVhcnkgMTQsIDIwMTggMTA6MTAg UE0NCiA+ID4gICAgICA+IFRvOiBkcmFmdC1pZXRmLXJ0Z3dnLWJhY2tvZmYtYWxnby5hbGxAaWV0 Zi5vcmc7IGllc2dAaWV0Zi5vcmc7IHNlY2RpckBpZXRmLm9yZw0KID4gPiAgICAgID4gU3ViamVj dDogc2VjZGlyIHJldmlldyBvZiBkcmFmdC1pZXRmLXJ0Z3dnLWJhY2tvZmYtYWxnby0wNw0KID4g PiAgICAgID4NCiA+ID4gICAgICA+IEhpIGFsbCwNCiA+ID4gICAgICA+DQogPiA+ICAgICAgPiBJ IGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJl Y3RvcmF0ZSdzDQogPiA+ICAgICAgPiBvbmdvaW5nIGVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYg ZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUNCiA+ID4gICAgICA+IElFU0cuICBUaGVz ZSBjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUN CiA+ID4gICAgICA+IHNlY3VyaXR5IGFyZWEgZGlyZWN0b3JzLiAgRG9jdW1lbnQgZWRpdG9ycyBh bmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdA0KID4gPiAgICAgID4gdGhlc2UgY29tbWVudHMganVz dCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwgY29tbWVudHMuDQogPiA+ICAgICAgPg0KID4gPiAg ICAgID4gPkZyb20gYSBzZWN1cml0eSBwZXJzcGVjdGl2ZSwgdGhpcyBkb2N1bWVudCBpcyBSZWFk eS4NCiA+ID4NCiA+ID4gICAgIFtCcnVub10gRXhjZWxsZW50LCB0aGFua3MuDQogPiA+DQogPiA+ ICAgICAgPiAgSXQgc3BlY2lmaWVzIGENCiA+ID4gICAgICA+IHN0YW5kYXJkIHNjaGVtZSB0aGF0 IGNhbiBiZSB1c2VkIHRvIGJhY2sgb2ZmIFNQRiBjYWxjdWxhdGlvbnMgZHVyaW5nDQogPiA+ICAg ICAgPiBwZXJpb2RzIG9mIGZyZXF1ZW50IElHUCBldmVudHMsIGF2b2lkaW5nIGV4Y2Vzc2l2ZSBy ZXNvdXJjZQ0KID4gPiAgICAgID4gY29uc3VtcHRpb24gcGVyZm9ybWluZyBjYWxjdWxhdGlvbnMg dGhhdCB3b3VsZCBiZSByZW5kZXJlZCByZWR1bmRhbnQNCiA+ID4gICAgICA+IChvciBqdXN0IGJl IHVzZWxlc3MpIHNvb24uICBUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgY29ycmVjdGx5DQog PiA+ICAgICAgPiBub3RlIHRoYXQgYW4gYXR0YWNrZXIgdGhhdCBjYW4gZ2VuZXJhdGUgSUdQIGV2 ZW50cyB3b3VsZCBiZSBhYmxlIHRvDQogPiA+ICAgICAgPiBkZWxheSB0aGUgSUdQIGNvbnZlcmdl bmNlIHRpbWUsIHdoaWNoIGlzIHRydWUgYm90aCBmb3IgdGhpcyBzY2hlbWUNCiA+ID4gICAgICA+ IGFuZCBhbGwgc2NoZW1lcyBwcmV2aW91c2x5IGluIHVzZS4gIChJIG1pZ2h0IHVzZSBtb3JlIHdv cmRzIHRvIHNheQ0KID4gPiAgICAgID4gdGhlIHNhbWUgdGhpbmcgaWYgSSB3YXMgd3JpdGluZyBp dCwgYnV0IHRoYXQgcHJvYmFibHkgcmVmbGVjdHMgbW9yZQ0KID4gPiAgICAgID4gb24gbWUgdGhh biB0aGUgZG9jdW1lbnQuKQ0KID4gPiAgICAgID4NCiA+ID4gICAgICA+DQogPiA+ICAgICAgPiBJ IGRvIGhhdmUgc29tZSBxdWVzdGlvbnMgYWJvdXQgdGhlIGFjdHVhbCBwcm9wb3NlZCBGU00sIHRo b3VnaCAtLSBJDQogPiA+ICAgICAgPiBzdXNwZWN0IHRoYXQgSSBhbSBqdXN0IG1ha2luZyBzb21l IGltcGxpY2l0IGFzc3VtcHRpb25zIHRoYXQgbWF5IG5vdA0KID4gPiAgICAgID4gYmUgZ3JvdW5k ZWQgaW4gcmVhbGl0eS4gIEluIHBhcnRpY3VsYXIsIEkgYW0gYmFzaWNhbGx5IGFzc3VtaW5nIHRo YXQNCiA+ID4gICAgICA+IElOSVRJQUxfU1BGX0RFTEFZIDwgU0hPUlRfU1BGX0RFTEFZIDwgTE9O R19TUEZfREVMQVkgPA0KID4gPiAgICAgID4gSE9MRERPV05fSU5URVJWQUwuICAoVGhlIGRyYWZ0 IGl0c2VsZiBvbmx5IGhhcyBpdCBhcyBSRUNPTU1FTkRFRCBmb3INCiA+ID4gICAgICA+IFNQRl9J TklUSUFMX0RFTEFZIDw9IFNQRl9TSE9SVF9ERUxBWSA8PSBTUEZfTE9OR19ERUxBWSBpbiBTZWN0 aW9uIDYsDQogPiA+ICAgICAgPiB5ZXMsIHdpdGggdGhlIGRpZmZlcmVudCBzcGVsbGluZ3MsIGJ1 dCBoYXMgYSBNVVNUIGZvcg0KID4gPiAgICAgID4gSE9MRERPV05fSU5URVJWQUwgPiBUSU1FX1RP X0xFQVJOX0lOVEVSVkFMLikNCiA+ID4gICAgICA+IFRoaXMgd291bGQgcG90ZW50aWFsbHkgYWZm ZWN0IHRoZSBzdGF0ZSBtYWNoaW5lIGZvciBldmVudHMgMSwgNiwgYW5kDQogPiA+ICAgICAgPiA3 Lg0KID4gPg0KID4gPiAgICAgW0JydW5vXSBUaGFua3MgZm9yIGRldGVjdGluZyB0aGUgbWlzc3Bl bGxpbmcuIENvcnJlY3RlZC4NCiA+ID4NCiA+ID4gICAgICA+IEluIHRyYW5zaXRpb24gMSwgd2Ug c2F5IHRvIG9ubHkgc3RhcnQgdGhlIFNQRl9USU1FUiBpZiBpdCBpcyBub3QgYWxyZWFkeQ0KID4g PiAgICAgID4gcnVubmluZywgYnV0IEkgZG8gbm90IHNlZSBhIHdheSBmb3IgaXQgdG8gYWxyZWFk eSBiZSBydW5uaW5nIHVubGVzcw0KID4gPiAgICAgID4gdGhlIEhPTERET1dOX1RJTUVSIHZhbHVl IGlzIGxlc3MgdGhhbiBvbmUgb3IgbW9yZSBvZiB0aGUgU1BGX1RJTUVSDQogPiA+ICAgICAgPiB2 YWx1ZXMuDQogPiA+DQogPiA+ICAgICBbQnJ1bm9dIEkgYWdyZWUuDQogPiA+ICAgICAyIGNvbW1l bnRzOg0KID4gPiAgICAgLSBJTU8sIGl0IGZlZWxzIHNhZmVyIHRvIGNoZWNrIHRoYXQgU1BGX1RJ TUVSIGlzIG5vdCBhbHJlYWR5IHJ1bm5pbmcsIHBsdXMgdGhpcyBpcyBtb3JlDQogPiBjb25zaXN0 ZW50IHdpdGggb3RoZXIgc3RhdGVzDQogPiA+ICAgICAtIEFzIHlvdSBoYXZlIG5vdGVkLCB0aGUg ZHJhZnQgZG9lcyBub3QgbWFuZGF0ZSB0aGF0IEhPTERET1dOX1RJTUVSID4gKl9TUEZfREVMQVku DQogPiBIZW5jZSB0aGlzIGNoZWNrIGlzIGluZGVlZCByZXF1aXJlZC4NCiA+ID4NCiA+ID4gICAg ICA+IFNpbWlsYXJseSwgSSBkb24ndCBzZWUgaG93IHRyYW5zaXRpb24gNyBjb3VsZCBldmVyIGhh cHBlbiwgc2luY2UgYW4gSUdQDQogPiA+ICAgICAgPiBldmVudCBtb3ZlcyB1cyBvdXQgb2YgdGhl IFFVSUVUIHN0YXRlLCBhbmQgSSBhc3N1bWUgdGhhdCB0aGUNCiA+ID4gICAgICA+IFNQRl9USU1F UiB3b3VsZCBmaXJlIGJlZm9yZSB0aGUgSE9MRERPV05fVElNRVIsIHNpbmNlIHRoZSBsYXR0ZXIg aXMNCiA+ID4gICAgICA+IHJlc2V0IG9uIGV2ZXJ5IElHUCBldmVudCBhbmQgSSBhc3N1bWUgdGhl IGxhdHRlciBoYXMgYSBsYXJnZXIgdmFsdWUuDQogPiA+DQogPiA+ICAgICBbQnJ1bm9dIFNhbWUg YW5zd2VyOiB0aGUgZHJhZnQgZG9lcyBub3QgbWFuZGF0ZSB0aGF0IEhPTERET1dOX1RJTUVSID4N CiA+ICpfU1BGX0RFTEFZLg0KID4gPg0KID4gPiAgICAgID4gVHJhbnNpdGlvbiA2IGlzIGEgbGl0 dGxlIGxlc3MgY2xlYXIsIGJ1dCBpcyBhbHNvIHNpbWlsYXIgLS0gaWYNCiA+ID4gICAgICA+IEhP TERET1dOX1RJTUVSIGlzIGxhcmdlciB0aGFuIExFQVJOX1RJTUVSLCB0aGVuIExFQVJOX1RJTUVS IG11c3QNCiA+ID4gICAgICA+IGZpcmUgYmVmb3JlIEhPTERET1dOX1RJTUVSLCBhbmQgd2UgbGVh dmUgU0hPUlRfV0FJVCB0byBnbyB0bw0KID4gPiAgICAgID4gTE9OR19XQUlUIGJlZm9yZSB3ZSBj b3VsZCBjb25zaWRlciBsZWF2aW5nIFNIT1JUX1dBSVQgdG8gZ28gYmFjayB0bw0KID4gPiAgICAg ID4gUVVJRVQuDQogPiA+DQogPiA+ICAgICBbQnJ1bm9dIEkgYWdyZWUgd2l0aCB5b3UuIGkuZS4g dHJhbnNpdGlvbiA2IHNob3VsZCBuZXZlciBiZSB1c2VkIGlmIEhPTERET1dOX0lOVEVSVkFMID4N CiA+IFRJTUVfVE9fTEVBUk5fSU5URVJWQUwgd2hpY2ggaXMgYSBNVVNUIGluIHRoZSBkcmFmdC4N CiA+ID4gICAgIEF0IHRoaXMgcG9pbnQsIEknZCByYXRoZXIga2VlcCBpdCBhcyB0aGlzIGdpdmVz IG1vcmUgcm9idXN0bmVzcyB0byB0aGUgRlNNLiAoSSdtIG5vdCBmdWxseSBjb25maWRlbnQNCiA+ IHRoYXQgYW55IGltcGxlbWVudGF0aW9uL2NvbmZpZ3VyYXRpb24gaW50ZXJmYWNlIHdvdWxkIGVu Zm9yY2UgaXQpIEFsc28sIGR1cmluZyBwcmV2aW91cyByZXZpZXdzLCB3ZQ0KID4gd2VyZSByYXRo ZXIgYXNrZWQgdG8gaW5kaWNhdGUgbW9yZS9hbGwgdHJhbnNpdGlvbnMgcmF0aGVyIHRoYW4gbWFp biBvbmVzLg0KID4gPiAgICAgSG93ZXZlciwgSSdtIG9wZW4gdG8gb3RoZXIgb3BpbmlvbnMuDQog PiA+ICAgICBBY2VlLCBhbnkgb3BpbmlvbiBvbiB0aGlzPw0KID4gPg0KID4gPiBbQWNlZV0gSSBh Z3JlZSB3ZSBzaG91bGQga2VlcCBpdCBiYXNlZCBvbiB0aGUgZHJhZnQgaGlzdG9yeS4NCiA+ID4N CiA+IA0KID4gSXQncyBwcm9iYWJseSBva2F5IHRvIGxlYXZlIHRoZSB0cmFuc2l0aW9uIGluLiAg TW9zdGx5IEkganVzdCB3YW50ZWQgdG8gbWFrZQ0KID4gc3VyZSB0aGF0IEkgd2Fzbid0IG1pc3Np bmcgc29tZXRoaW5nIHRoYXQgd291bGQgY2F1c2UgaXQgdG8gaGFwcGVuLg0KID4gDQogPiA+ICAg IFRyYW5zaXRpb24gNjogSE9MRERPV05fVElNRVIgZXhwaXJhdGlvbiwgd2hpbGUgaW4gU0hPUlRf V0FJVC4gVGhpcw0KID4gPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNpdGlvbiB3 b3VsZCBub3JtYWxseSBub3Qgb2NjdXIgc2luY2UNCiA+ID4gICAgICAgICAgICAgICAgICAgICAg ICAgICAgIChIT0xERE9XTl9JTlRFUlZBTCA+IFRJTUVfVE9fTEVBUk5fSU5URVJWQUwpLg0KID4g DQogPiBTb3VuZHMgZ29vZCB0byBtZS4NCiA+IA0KID4gPg0KID4gPiAgICAgID4gU28sIGFtIEkg bWFraW5nIHNvbWUgZmxhd2VkIGFzc3VtcHRpb25zPyAgKEFyZSB0aGVyZSBleGFtcGxlcyBvZg0K ID4gPiAgICAgID4gc2l0dWF0aW9ucyB0aGF0IGNsZWFybHkgZGVtb25zdHJhdGUgdGhlIGZsYXc/ KQ0KID4gPg0KID4gPiAgICAgW0JydW5vXQ0KID4gPiAgICAgWW91ciBhc3N1bXB0aW9ucyBhcmUg bG9naWNhbCBidXQgbm90IG1hbmRhdGVkIGJ5IHRoZSBkcmFmdCwgaGVuY2UgdGhlIEZTTSBuZWVk cyB0byB3b3JrDQogPiBldmVuIHdpdGhvdXQgdGhvc2UgYXNzdW1wdGlvbnMuDQogPiA+ICAgICBP bmUgY291bGQgYXJndWUgdGhhdCB5b3VyIGFzc3VtcHRpb25zIGFyZSB2YWxpZC4gQnV0IGFub3Ro ZXIgb25lIG1heSBhcmd1ZSB0aGF0IGhlIHdhbnRzDQogPiBmcmVlZG9tIGluIGNob29zaW5nIHRo ZSB0aW1lcnMnIHZhbHVlOyBwbHVzIHRoYXQgdGhlIEZTTSBzaG91bGQgYmUgcm9idXN0IHRvIGFu eSB0aW1lcnMnIHZhbHVlcy4NCiA+ID4NCiA+IA0KID4gT2theSwgc28gaXQgc291bmRzIGxpa2Ug d2UgZG9uJ3QgaGF2ZSBhbnkgY29uY3JldGUgc2NlbmFyaW9zIGluIG1pbmQNCiA+IGJ1dCB3YW50 IHRvIGxlYXZlIHNvbWUgZmxleGliaWxpdHkgZm9yIGltcGxlbWVudG9ycy9jb25maWd1cmF0aW9u DQogPiBjaG9pY2VzLiAgVGhhdCBtYXkgd2VsbCBiZSBhIHJlYXNvbmFibGUgdHJhZGVvZmYuDQog PiANCiA+ID4gICAgICA+IEFsc28sIHRvIGNvbmZpcm0gbXkgdW5kZXJzdGFuZGluZywgc3VwcG9z ZSBhIHNjZW5hcmlvIGhhcHBlbnMgd2hlcmUNCiA+ID4gICAgICA+IGFuIElHUCBwYXJ0aWNpcGFu dCBzZWVzIGFuIGV2ZW50LCB0aGVuIGEgZ2FwIG9mIDEwMG1zLCB0aGVuIHRocmVlDQogPiA+ICAg ICAgPiBJR1AgZXZlbnRzIGF0IGVxdWFsIDEwbXMgaW50ZXJ2YWxzLCB3aXRoIHRoZSBTUEYgZGVs YXlzIGF0IHRoZQ0KID4gPiAgICAgID4gZXhhbXBsZSB2YWx1ZXMgb2YgMC81MC8yMDAwIG1zIGFu ZCBUSU1FX1RPX0xFQVJOIG9mIDFzLiAgVGhlIGZpcnN0DQogPiA+ICAgICAgPiBldmVudCB0cmln Z2VycyBhIFNQRiBjb21wdXRhdGlvbiBpbW1lZGlhdGVseSwgdGhlbiB3ZSBnbyB0bw0KID4gPiAg ICAgID4gU0hPUlRfV0FJVCwgdGhlIGZpcnN0IG9mIHRoZSB0aHJlZSBldmVudHMga2lja3Mgb2Zm IGEgU1BGX1RJTUVSIGZvcg0KID4gPiAgICAgID4gNTBtcywNCiA+ID4NCiA+ID4gICAgIFtCcnVu b10gQWdyZWVkDQogPiA+DQogPiA+ICAgICAgPiB3aGljaCBpcyByZXNldCBieSB0aGUgbmV4dCB0 d28gZXZlbnRzLA0KID4gPg0KID4gPiAgICAgW0JydW5vXSBJIGRvbid0IHRoaW5rIEkgYWdyZWUu DQogPiA+ICAgICBUaGlzIGNhc2UgaXMgaGFuZGxlIGJ5IHRyYW5zaXRpb24gIjI6IElHUCBldmVu dCIgd2hpY2ggdHJpZ2dlcnMgdGhlIGZvbGxvd2luZyBhY3Rpb25zDQogPiA+DQogPiA+ICAgICAg ICAgICAgIG8gIFJlc2V0IEhPTERET1dOX1RJTUVSIHRvIEhPTERET1dOX0lOVEVSVkFMLg0KID4g PiAgICAgICAgICAgICBvICBJZiBTUEZfVElNRVIgaXMgbm90IGFscmVhZHkgcnVubmluZywgc3Rh cnQgaXQgd2l0aCB2YWx1ZSAgU0hPUlRfU1BGX0RFTEFZLg0KID4gPiAgICAgICAgICAgICBvICBS ZW1haW4gaW4gY3VycmVudCBzdGF0ZS4NCiA+ID4NCiA+ID4NCiA+ID4gICAgIFNvIGluIHlvdXIg ZXhhbXBsZSwgdGhlIHNlY29uZCAob2YgdGhlIHRocmVlIGV2ZW50cykgYXJyaXZlcyAxMG1zIGFm dGVyIHRoZSBzdGFydCBvZiB0aGUgNTBtcw0KID4gU1BGX1RJTUVSLiBpLmUuIFNQRl9USU1FUiBp cyBhbHJlYWR5IHJ1bm5pbmcgYW5kIGhlbmNlIG5vdCBjaGFuZ2VkLg0KID4gPg0KID4gDQogPiBH b29kIHBvaW50LCB0aGFua3MgZm9yIHRoZSBjb3JyZWN0aW9uLg0KID4gDQogPiA+ICAgICAgPiAg dGhlIFNQRiB0aW1lciBmaXJlcyBhbmQNCiA+ID4gICAgICA+IHdlIHJlY29tcHV0ZSB0aGUgU1BG LCB0aGVuIFRJTUVfVE9fTEVBUk4gZmlyZXMgYW5kIHdlIGdvIHRvDQogPiA+ICAgICAgPiBMT05H X1dBSVQgdW50aWwgdGhlIEhPTERET1dOX1RJTUVSIGZpcmVzLg0KID4gPg0KID4gPiAgICAgW0Jy dW5vXSBBZ3JlZWQgd2l0aCB0aGUgYWJvdmUuDQogPiA+DQogPiA+ICAgICAgPiAgT3IgbWF5YmUg dGhlIFNQRg0KID4gPiAgICAgID4gY2FsY3VsYXRpb24gdGFrZXMgbW9yZSB0aGFuIDIwMG1zLCBz byB3aGVuIHRoZSBzZWNvbmQgSUdQIGV2ZW50DQogPiA+ICAgICAgPiBmaXJlcywgd2UgYWJvcnQg dGhlIGN1cnJlbnRseSBpbi1wcm9ncmVzcyBjYWxjdWxhdGlvbiBhbmQgZG9uJ3QNCiA+ID4gICAg ICA+IHN0YXJ0IGFub3RoZXIgb25lIHVudGlsIDUwbXMgYWZ0ZXIgdGhlIGxhc3QgZXZlbnQ/DQog PiA+DQogPiA+ICAgICBbQnJ1bm9dIFRoZSBGU00gZG9lcyBub3QgdGFrZSBpbnRvIGFjY291bnQg dGhlIFNQRiBjb21wdXRhdGlvbiB0aW1lLiBIZW5jZSB0aGUgYmVoYXZpb3IgaXMNCiA+IG5vdCBj aGFuZ2VkIGJ5IHRoZSBTUEYgY29tcHV0YXRpb24gdGltZS4NCiA+ID4gICAgIFRoZSBkcmFmdCBk b2VzIG5vdCB0YWxrIGFib3V0IGFib3J0aW5nIHRoZSBTUEYgY29tcHV0YXRpb24uIEkgZ3Vlc3Mg dGhhdCBvbmUgaW1wbGVtZW50YXRpb24NCiA+IG1heSBjaG9vc2UgdG8gYWJvcnQgdGhlIFNQRiBj b21wdXRhdGlvbiwgYnV0IGl0IG11c3Qgbm90IGNoYW5nZSB0aGUgRlNNIHN0YXRlL3RpbWVycyBk dWUgdG8gdGhpcw0KID4gYWJvcnRpb24uIChvdGhlcndpc2UsIHRoaXMgaW1wbGVtZW50YXRpb24g d291bGQgYmUgb3V0IG9mIHN5bmMgd2l0aCBvdGhlciBub2Rlcy9pbXBsZW1lbnRhdGlvbnMpDQog PiA+DQogPiANCiA+IEFncmVlZC4gIEknbSBhbHNvIGluY2xpbmVkIHRvIGFncmVlIHdpdGggdGhl IEdlbkFydCByZXZpZXdlcidzDQogPiBzdWdnZXN0aW9uIHRvIGFkZCBzb21lIGRpc2N1c3Npb24g b2YgKG5vdCkgYWJvcnRpbmcgU1BGIGNvbXB1dGF0aW9uDQogPiB0byB0aGUgZG9jdW1lbnQsIGJ1 dCBkbyBub3QgaW5zaXN0IG9uIGl0Lg0KID4gDQogPiA+ICAgICAgPiAgSSBicmluZyB0aGlzIHVw DQogPiA+ICAgICAgPiBiZWNhdXNlIG9mIHRoZSB0ZXh0IGluIHRoZSBzZWNvbmQgcGFyYWdyYXBo IG9mIFNlY3Rpb24gNCB0aGF0IHRhbGtzDQogPiA+ICAgICAgPiBvZiBjb21wdXRpbmcgdGhlIHBv c3QtZmFpbHVyZSByb3V0aW5nIHRhYmxlIGluICJhIHNpbmdsZSByb3V0ZQ0KID4gPiAgICAgID4g Y29tcHV0YXRpb24iLg0KID4gPg0KID4gPiAgICAgW0JydW5vXSBUaGUgcG9pbnQgaXMgdGhlIG51 bWJlciBvZiBTUEYgY29tcHV0YXRpb24gbWF5IGJlIGxvd2VyIHRoYW4gdGhlIG51bWJlciBvZiBJ R1ANCiA+IGV2ZW50cy4NCiA+ID4gICAgIEluIHRoZSBGU00sIHRoaXMgaXMgYWNoaWV2ZWQgd2l0 aCB0aGUgZm9sbG93aW5nIGFjdGlvbiAiIG8gIElmIFNQRl9USU1FUiBpcyBub3QgYWxyZWFkeSBy dW5uaW5nLA0KID4gc3RhcnQgaXQgd2l0aCB2YWx1ZSBMT05HX1NQRl9ERUxBWS4iLiBXaGljaCwg SU9XIChuZWdhdGlvbiBmb3JtKSwgc2F5cyB0aGF0IGlmIHRoZSBTUEZfVElNRVINCiA+IGlzIGFs cmVhZHkgcnVubmluZywgd2UgZG8gbm90aGluZyAobmV3KSBhbmQgaGVuY2UgdGhlIG5ldyBJR1Ag ZXZlbnQgZG8gbm90IHRyaWdnZXIgYW4gYWRkaXRpb25hbA0KID4gU1BGIGNvbXB1dGF0aW9uLg0K ID4gPg0KID4gDQogPiBJIGFncmVlIHRoYXQgdGhlIG51bWJlciBvZiBTUEYgY29tcHV0YXRpb25z IG1heSBiZSBsb3dlciB0aGFuIHRoZQ0KID4gbnVtYmVyIG9mIElHUCBldmVudHMuICBJIGFtIG5v dCBzdXJlIHRoYXQgImEgc2luZ2xlIHJvdXRlDQogPiBjb21wdXRhdGlvbiIgaXMgY29ycmVjdDsg cGVyaGFwcyAiYSBzaW5nbGUgYWRkaXRpb25hbCByb3V0ZQ0KID4gY29tcHV0YXRpb24iIGlzIGJl dHRlci4NCiANCltCcnVubzJdIG9rLCBjaGFuZ2VkLg0KDQogDQogPiA+ICAgICAgPiAgIEJ1dCBp ZiBJIHVuZGVyc3RhbmQgY29ycmVjdGx5LCB0aGUgKnNpbmdsZSoNCiA+ID4gICAgICA+IGNvbXB1 dGF0aW9uIG9ubHkgaGFwcGVucyBpbiB0aGUgc2Vjb25kIGNhc2UgaGVyZSwgd2hlbiB0aGUNCiA+ ID4gICAgICA+IGNhbGN1bGF0aW9uIHRha2VzIHNvbWUgaHVuZHJlZHMgb2YgbWlsbGlzZWNvbmRz OyBvdGhlcndpc2Ugd2Ugc3RpbGwNCiA+ID4gICAgICA+IGhhdmUgKnR3byogY29tcHV0YXRpb25z IChvbmUgdHJpZ2dlcmVkIHdoaWxlIHdlJ3JlIGluIFFVSUVUIGFuZCB0aGUNCiA+ID4gICAgICA+ IHNlY29uZCB0cmlnZ2VyZWQgaW4gU0hPUlRfREVMQVkpLiAgU28gSSdtIG5vdCBzdXJlIEkgZnVs bHkNCiA+ID4gICAgICA+IHVuZGVyc3RhbmQgdGhlIGV4cGVjdGVkIHNjZW5hcmlvLg0KID4gPg0K ID4gPiAgICAgW0JydW5vXSBUaGUgZXhwZWN0ZWQgc2NlbmFyaW8gaXMgdGhhdCBtdWx0aXBsZSBJ R1AgZXZlbnRzIG1heSBiZSBoYW5kbGVkIGJ5IGEgc2luZ2xlIFNQRg0KID4gY29tcHV0YXRpb24u DQogPiA+ICAgICBUaGUgdHlwaWNhbCByZWFsIGxpZmUgc2l0dWF0aW9uIGlzIGEgbm9kZSBmYWls dXJlLiBUaGlzIGlzIGEgc2luZ2xlIGZhaWx1cmUgYnV0IGEgbGluayBzdGF0ZSBJR1Agd2lsbA0K ID4gdHJpZ2dlciBhbmQgZmxvb2QgTiBJR1BfZXZlbnRzIChvbmUgcGVyIElHUCBuZWlnaGJvcnMg b2YgdGhlIGZhaWxlZCBub2RlKS4gVGhpcyBpcyBiZWNhdXNlIChpbg0KID4gc2hvcnQpIGFuIElH UCBsaW5rIHN0YXRlIGNhbm5vdCBhZHZlcnRpc2UgdGhlIGZhaWx1cmUgb2YgYSBub2RlLCBidXQg b25seSB0aGUgZmFpbHVyZSBvZiBhIGxpbmsuDQogPiA+ICAgICBJZGVhbGx5LCB3ZSBzaG91bGQg d2FpdCBmb3IgdGhlc2UgTiBJR1BfZXZlbnRzIGJlZm9yZSBjb21wdXRpbmcgdGhlIFNQRiBjb21w dXRhdGlvbnMNCiA+IGJlY2F1c2U6DQogPiA+ICAgICAtIGl0J3Mgb25seSBieSB0YWtpbmcgaW50 byBhY2NvdW50IHRoZSBOIElHUF9ldmVudHMgdGhhdCB3ZSBjb3JyZWN0bHkgcmVmbGVjdCB0aGUg cmVhbCBuZXR3b3JrDQogPiB0b3BvbG9neSAoaS5lLiB0aGUgbm9kZSBmYWlsdXJlKS4NCiA+ID4g ICAgIC0gY29tcHV0aW5nIGFuIFNQRiBiZWZvcmUgcmVjZWl2aW5nIGFsbCBOIGV2ZW50cywgd2ls bCByZXF1aXJlIGNvbXB1dGluZyBhbm90aGVyIFNQRiBzaG9ydGx5DQogPiBhZnRlci4gaS5lLiB0 aGUgZmlyc3QgY29tcHV0YXRpb24gaXMgd2FzdGVkIHJlc3NvdXJjZXMuDQogPiA+DQogPiA+ICAg ICBUaGUgaXNzdWUgaXMgdGhhdCB3ZSBkb24ndCBrbm93IGhvdyBtYW55IElHUCBldmVudHMgd2Ug c2hvdWxkIHdhaXQgZm9yLiBIZW5jZSB0aGUgRlNNDQogPiBkZWZpbmVzIGFuZCB1c2VzIGR1cmF0 aW9uICJUSU1FX1RPX0xFQVJOX0lOVEVSVkFMIi4gVGhpcyBkdXJhdGlvbiAic2hvdWxkIiBiZSBh YmxlIHRvIGJlDQogPiBldmFsdWF0ZWQgYSBwcmlvcmkgYnkgdGhlIG5ldHdvcmsgb3BlcmF0b3Ig KGFzIGl0IGlzIHRoZSBtYXggb2YgdGhlIGRldGVjdGlvbiB0aW1lLCBvcmlnaW5hdGlvbiB0aW1l LA0KID4gYW5kIGZsb29kaW5nIHRpbWUpLg0KID4gPg0KID4gPiAgICAgID4gSSBhbHNvIGFtIHBy b2JhYmx5IGhhdmluZyBzb21lIHByb2JsZW1zIHdpdGggdGVybWlub2xvZ3ksIHByZXN1bWFibHkN CiA+ID4gICAgICA+IGp1c3QgbXkgbWlzdW5kZXJzdGFuZGluZywgd2hpY2ggaG9wZWZ1bGx5IGNh biBiZSBzZXQgc3RyYWlnaHQNCiA+ID4gICAgICA+IGVhc2lseS4NCiA+ID4NCiA+ID4gICAgIFtC cnVub10gUGxlYXNlIGNvbW1lbnQvYXNrIHF1ZXN0aW9ucyBpZiB0aGUgYWJvdmUgaXMgbm90IGNs ZWFyIG9yIGRvZXMgbm90IGFkZHJlc3MgeW91ciBwb2ludC4NCiA+ID4NCiA+IA0KID4gTXkgbWFp biBxdWVzdGlvbiBoZXJlIGNhbiBiZSBzdW1tYXJpemVkIHdpdGggdGhlIHByb3Bvc2FsIHRvIGFk ZCB0aGUNCiA+IHdvcmQgImFkZGl0aW9uYWwiLCBhYm92ZS4NCiANCltCcnVubzJdIG9rLiBUaGFu a3MgZm9yIHRoZSBzdW1tYXJ5IGFuZCB0aGUgcHJvcG9zZWQgdGV4dC4NCiANCiA+ID4gICAgICA+ IEluIHRoZSBJbnRyb2R1Y3Rpb24sIHdlIGhhdmUgYSAiZGVzaXJlIHRvIGNvbXB1dGUgYSBuZXcg U2hvcnRlc3QNCiA+ID4gICAgICA+IFBhdGggRmlyc3QgKFNQRikgYXMgc29vbiBhcyBhIGZhaWx1 cmUgaXMgZGV0ZWN0ZWQiLCB3aGljaCBpcyB1c2luZw0KID4gPiAgICAgID4gU1BGIGFzIGl0IGlz IGEgZGF0YSBzdHJ1Y3R1cmUgKGUuZy4sIHRoZSByZXN1bHQgb2YgYW4gYWxnb3JpdGhtKSwNCiA+ ID4gICAgICA+IHdoZXJlYXMgbXkgaW50dWl0aW9uIGhhcyBTUEYgcmVmZXJyaW5nIHRvIHRoZSBh bGdvcml0aG0gW2NsYXNzXSBidXQNCiA+ID4gICAgICA+IG5vdCBpdHMgb3V0cHV0Lg0KID4gPg0K ID4gPiAgICAgW0JydW5vXSBZb3UgYXJlIHJpZ2h0IHRoYXQgU1BGIGlzIHRoZSBhbGdvIChhbmQg U1BUIHRoZSByZXN1bHQpLg0KID4gPiAgICAgVW5mb3J0dW5hdGVseSwgdGhpcyBnZXRzIHRvbyBz dWJ0bGUgZm9yIG15IGxldmVsIG9mIEVuZ2xpc2guICAiQWNlZSwgYW55IG9waW5pb24gb24gdGhp cz8iDQogPiA+DQogPiA+IFtBY2VlXSBCZW4gaXMgdGVjaG5pY2FsbHkgY29ycmVjdC4gSG93ZXZl ciwgaW5mb3JtYWxseSwgd2Ugb2Z0ZW4gcmVmZXIgdG8gYW4gIlNQRiIgZ2VuZXJpY2FsbHkgdG8N CiA+IHJlZmVyIGJvdGggdG8gdGhlIGFsZ29yaXRobSBhbmQgYW4gaW5zdGFuY2Ugb2YgdGhlIGFs Z29yaXRobSBjb21wdXRhdGlvbi4gV2UgY291bGQgY2hhbmdlIGl0IHRvOg0KID4gPg0KID4gPg0K ID4gPiAgIE9MRDogSW4gZ2VuZXJhbCwgd2hlbiB0aGUgbmV0d29yayBpcyBzdGFibGUsIHRoZXJl IGlzIGEgZGVzaXJlIHRvIGNvbXB1dGUNCiA+ID4gICAgICAgICAgICBhIG5ldyBTaG9ydGVzdCBQ YXRoIEZpcnN0IChTUEYpIGFzIHNvb24gYXMgYSBmYWlsdXJlIGlzIGRldGVjdGVkIGluDQogPiA+ ICAgTmV3OiBJbiBnZW5lcmFsLCB3aGVuIHRoZSBuZXR3b3JrIGlzIHN0YWJsZSwgdGhlcmUgaXMg YSBkZXNpcmUgdG8gdHJpZ2dlcg0KID4gPiAgICAgICAgICAgICBhIG5ldyBTaG9ydGVzdCBQYXRo IEZpcnN0IChTUEYpIGNvbXB1dGF0aW9uIGFzIHNvb24gYXMgYSBmYWlsdXJlIGlzIGRldGVjdGVk IGluDQogPiANCiA+IFRoYXQgd291bGQgaGVscCBtZSwgdGhlIG5haXZlIHJlYWRlciwgdGhhbmtz LiAgKEJ1dCBpZiB0aGUgb3RoZXINCiA+IHVzYWdlIGlzIGFjY2VwdGVkIGFtb25nIGV4cGVydHMs IHRoZXJlJ3Mgbm8gbmVlZCB0byBjaGFuZ2UgaXQganVzdA0KID4gb24gbXkgYWNjb3VudC4pDQog PiANCiA+ID4NCiA+ID4gICAgICA+IEluIHNlY3Rpb24gMywgd2UgdGFsayBvZiAiY29tcHV0YXRp b24gb2YgdGhlIHJvdXRpbmcgdGFibGUsIGJ5IHRoZQ0KID4gPiAgICAgID4gSUdQIiwgd2hpY2gg Z2V0cyBtZSBjb25mdXNlZCBhYm91dCB3aGV0aGVyICJ0aGUgSUdQIiByZXByZXNlbnRzIGENCiA+ ID4gICAgICA+IG5ldHdvcmsgcHJvdG9jb2wgZm9yIGNvbnZleWluZyAoZS5nLikgbGluayBzdGF0 ZSBpbmZvcm1hdGlvbiwgYW4NCiA+ID4gICAgICA+IGFsZ29yaXRobSBmb3IgU1BGIGNvbXB1dGF0 aW9uLCBvciBhIHJvdXRlciB0aGF0IHBlcmZvcm1zIFNQRg0KID4gPiAgICAgID4gY29tcHV0YXRp b25zLg0KID4gPg0KID4gPiAgICAgW0JydW5vXSBJR1AgaXMgdXN1YWxseSBhIHByb3RvY29sLiBJ biB0aGlzIHNlbnRlbmNlLCBpdCBpcyBtZWFudCBhcyB0aGUgSUdQIHByb2Nlc3Mgb2YgdGhlIHJv dXRlci4NCiA+ID4gICAgIEFnYWluLCBJJ20gb3BlbiB0byByZWZvcm11bGF0aW9uLiAiQWNlZSwg YW55IG9waW5pb24gb24gdGhpcz8iDQogPiA+DQogPiA+IFtBY2VlXSBJIGRvbid0IHRoaW5rIHdl IG5lZWQgdG8gY2hhbmdlIHRoaXMuIElHUCBpcyBhIHdlbGwta25vd24gYWNyb255bS4NCiA+ID4g ICAgICAgICAgICAgIGh0dHBzOi8vd3d3LnJmYy1lZGl0b3Iub3JnL21hdGVyaWFscy9hYmJyZXYu ZXhwYW5zaW9uLnR4dA0KID4gDQogPiBQZXJoYXBzIG15IHF1ZXN0aW9uIHdhcyBub3Qgd2VsbCBw aHJhc2VkLiAgSSBwcm9wb3NlDQogPiANCiA+IE9MRDogY29tcHV0YXRpb24gb2YgdGhlIHJvdXRp bmcgdGFibGUsIGJ5IHRoZSBJR1ANCiA+IA0KID4gTkVXOiBjb21wdXRhdGlvbiBvZiB0aGUgcm91 dGluZyB0YWJsZSwgYnkgdGhlIElHUCBwYXJ0aWNpcGFudA0KID4gDQogPiAob3Igc29tZXRoaW5n IHNpbWlsYXIpLCBzaW5jZSB0aGUgSUdQIGp1c3Qgc2VydmVzIHRvIGRpc3RyaWJ1dGUgdGhlDQog PiBMU0RCIChjb25jZXB0dWFsbHkpLCBhbmQgdGhlIGNvbXB1dGF0aW9uIG9mIHRoZSByb3V0aW5n IHRhYmxlIGlzDQogPiBkb25lIGJ5IGVhY2ggcm91dGVyIGludGVybmFsbHkgKGkuZS4sIG5vdCBk aXJlY3RseSB1c2luZyB0aGUgSUdQIGluDQogPiBxdWVzdGlvbikuICBPciBpcyB0aGUgcHJldmlv dXMgc2VudGVuY2Ugbm90IHRydWU/DQogDQpbQnJ1bm8yXSBXaGF0IGFib3V0Og0KTkVXOiAgQ29t cHV0YXRpb24gb2YgdGhlIHJvdXRpbmcgdGFibGUsIGJ5IHRoZSBJR1AgaW1wbGVtZW50YXRpb24s DQoNCigiSUdQIHBhcnRpY2lwYW50IiBkb2VzIG5vdCBzb3VuZCBsaWtlIGFuIHVzdWFsIHRlcm0g dG8gbWUpDQoNCi0tQnJ1bm8NCiANCiA+ID4NCiA+ID4gICAgICA+IEluIHNlY3Rpb24gNiB3ZSB0 YWxrIG9mICJ0aGUgbnVtYmVyIG9mIHByb3RvY29scw0KID4gPiAgICAgID4gcmVhY3Rpb25zL2Nv bXB1dGF0aW9ucyB0cmlnZ2VyZWQgYnkgSUdQIFNQRiIuICBJcyB0aGlzIGp1c3QgaW4gdGhlIHNl bnNlDQogPiA+ICAgICAgPiBvZiAiZWFjaCBTUEYgY2FsY3VsYXRpb24gdHJpZ2dlcnMgYSBidW5j aCBvZiBvdGhlciBzdHVmZiI/DQogPiA+DQogPiA+ICAgICBbQnJ1bm9dIFllcywgZXhhY3RseS4g QWdhaW4gYnkgInByb3RvY29sIHJlYWN0aW9uIiBpdCdzIG1lYW50IHJvdXRlcidzIHByb2Nlc3Nl cyBpbXBsZW1lbnRpbmcNCiA+IHRob3NlIHByb3RvY29scy4NCiA+ID4gICAgIEZZSSwgdHlwaWNh bCBwcm90b2NvbCBJIGNvdWxkIHRoaW5rIG9mIGFyZSBCR1AgYW5kIFBDRSwgYnV0IHBvc3NpYmx5 IG90aGVyIElHUCAobGlrZSkgaW4gY2FzZSBvZg0KID4gcm91dGUgcmVkaXN0cmlidXRpb24uDQog PiA+DQogPiA+ICAgICAgPiBJIHRoaW5rDQogPiA+ICAgICAgPiB0aGlzIGlzIGFub3RoZXIgY2Fz ZSBhYm91dCBtZSBiZWluZyBjb25mdXNlZCB3aGV0aGVyICJTUEYiIG1lYW5zIGFuDQogPiA+ICAg ICAgPiBhbGdvcml0aG0sIGEgc3BlY2lmaWMgY29tcHV0YXRpb24gdXNpbmcgdGhhdCBhbGdvcml0 aG0sIGV0Yy4NCiA+ID4NCiA+ID4gICAgIFtCcnVub10gSSBhZ3JlZSB0aGF0IHRoaXMgaXMgdGhl IHNhbWUgY2FzZS4gIkFjZWUsIGFueSBvcGluaW9uIG9uIHRoaXM/Ig0KID4gPg0KID4gPiBbQWNl ZV0gV2UgY291bGQgY2hhbmdlICJJR1AgU1BGIiB0byAiSUdQIFNQRiBjb21wdXRhdGlvbiIuDQog PiANCiA+IFNvdW5kcyBnb29kIHRvIG1lLg0KID4gDQogPiA+DQogPiA+ICAgICA+DQogPiA+ICAg ICAgPg0KID4gPiAgICAgID4gU29tZSBvdGhlciBlZGl0b3JpYWwgbm90ZXM6DQogPiA+ICAgICAg Pg0KID4gPiAgICAgID4gSXQncyBwcm9iYWJseSBiZXR0ZXIgdG8gY2l0ZSBSRkMgODE3NCBpbnN0 ZWFkIG9mL2luIGFkZGl0aW9uIHRvIFJGQw0KID4gPiAgICAgID4gMjExOSwgZXNwZWNpYWxseSBz aW5jZSB0aGVyZSBpcyBhdCBsZWFzdCBhIGxvd2VyY2FzZSAibWF5IiBwcmVzZW50Lg0KID4gPg0K ID4gPiAgICAgW0JydW5vXSBvaywgZG9uZS4NCiA+ID4NCiA+ID4gICAgICA+IEl0J3MgdW5jbGVh ciB0aGF0ICJ0ZW1wb3JhbGx5IGNsb3NlIiBpbiAibXVsdGlwbGUgdGVtcG9yYWxseSBjbG9zZQ0K ID4gPiAgICAgID4gZmFpbHVyZXMgb3ZlciBhIHNob3J0IHRpbWUiIHJlYWxseSBhZGRzIGFueSB2 YWx1ZSwgaW4gdGhlDQogPiA+ICAgICAgPiBJbnRyb2R1Y3Rpb24uDQogPiA+DQogPiA+ICAgICBb QnJ1bm9dIG9rLCBkb25lOg0KID4gPg0KID4gPiAgICAgT0xEOiBIb3dldmVyLCB3aGVuIHRoZSBu ZXR3b3JrIGlzIGV4cGVyaWVuY2luZyBtdWx0aXBsZSB0ZW1wb3JhbGx5IGNsb3NlIGZhaWx1cmVz IG92ZXIgYQ0KID4gc2hvcnQgcGVyaW9kIG9mIHRpbWUsIHRoZXJlIGlzIGEgY29uZmxpY3Rpbmcg ZGVzaXJlIHRvIGxpbWl0IHRoZSBmcmVxdWVuY3kgb2YgU1BGIGNvbXB1dGF0aW9ucy4NCiA+ID4N CiA+ID4gICAgIE5FVzogSG93ZXZlciwgd2hlbiB0aGUgbmV0d29yayBpcyBleHBlcmllbmNpbmcg bXVsdGlwbGUgZmFpbHVyZXMgb3ZlciBhIHNob3J0IHBlcmlvZCBvZiB0aW1lLA0KID4gdGhlcmUg aXMgYSBjb25mbGljdGluZyBkZXNpcmUgdG8gbGltaXQgdGhlIGZyZXF1ZW5jeSBvZiBTUEYgY29t cHV0YXRpb25zLg0KID4gPg0KID4gPg0KID4gPiAgICAgID4gSW4gc2VjdGlvbiAyLCBsYXN0IGJ1 bGxldCBwb2ludCBvbiBwYWdlIDMsICJTUEZfREVMQVkgdGltZXJzIHZhbHVlcyINCiA+ID4gICAg ICA+IHByb2JhYmx5IGRvZXNuJ3QgbmVlZCB0aGUgcGx1cmFsICJ0aW1lcnMiIChzbywgZWl0aGVy ICJ0aW1lciIgb3INCiA+ID4gICAgICA+IHRoZSBwb3NzZXNzaXZlICJ0aW1lcnMnIiksIHRob3Vn aCBJIGFtIG1pbmRmdWwgb2YgdGhlIHJlY2VudA0KID4gPiAgICAgID4gZGlzY3Vzc2lvbiBvbiBp ZXRmQCBhYm91dCAobm9uLSlBbWVyaWNhbiBFbmdsaXNoLiAgVGhlIHNlY29uZA0KID4gPiAgICAg ID4gc2VudGVuY2Ugb2YgdGhlIGJ1bGxldCBpcyBhbHNvIGEgc2VudGVuY2UgZnJhZ21lbnQgYW5k IG5vdCBhDQogPiA+ICAgICAgPiBjb21wbGV0ZSBzZW50ZW5jZS4NCiA+ID4NCiA+ID4gICAgIFtC cnVub10gb2s6DQogPiA+ICAgICAtIEkgdHJ1c3QgeW91IG9uIHlvdXIgZmlyc3QgcG9pbnQgYW5k IHBpY2tlZCB0aGUgcG9zc2Vzc2l2ZSBvcHRpb24NCiA+ID4gICAgIC0gSSBhZ3JlZSB3aXRoIHlv dSBvbiB0aGUgc2Vjb25kIHBvaW50DQogPiA+DQogPiA+ICAgICBDdXJyZW50bHkgY2hhbmdlZCB0 bzoNCiA+ID4gICAgIE9MRDoNCiA+ID4gICAgIEFsd2F5cyB0cnkgdG8gYXZvaWQgZGlmZmVyZW50 IFNQRl9ERUxBWSB0aW1lcnMgdmFsdWVzIGFjcm9zcyBkaWZmZXJlbnQgcm91dGVycyBpbiB0aGUN CiA+IGFyZWEvbGV2ZWwuIEV2ZW4gdGhvdWdoIG5vdCBhbGwgcm91dGVycyB3aWxsIHJlY2VpdmUg SUdQIG1lc3NhZ2VzIGF0IHRoZSBzYW1lIHRpbWUsIGR1ZSB0bw0KID4gZGlmZmVyZW5jZXMgYm90 aCBpbiB0aGUgZGlzdGFuY2UgZnJvbSB0aGUgb3JpZ2luYXRvciBvZiB0aGUgSUdQIGV2ZW50IGFu ZCBpbiBmbG9vZGluZw0KID4gaW1wbGVtZW50YXRpb25zLg0KID4gPg0KID4gPiAgICAgTkVXOg0K ID4gPiAgICAgQWx3YXlzIHRyeSB0byBhdm9pZCBkaWZmZXJlbnQgU1BGX0RFTEFZIHRpbWVycycg dmFsdWVzIGFjcm9zcyBkaWZmZXJlbnQgcm91dGVycyBpbiB0aGUNCiA+IGFyZWEvbGV2ZWwuIFRo aXMgcmVxdWlyZXMgc3BlY2lmaWMgY29uc2lkZXJhdGlvbiBhcyBkaWZmZXJlbnQgcm91dGVycyBt YXkgcmVjZWl2ZSBJR1AgbWVzc2FnZXMgYXQNCiA+IGRpZmZlcmVudCBpbnRlcnZhbCBvciBldmVu IG9yZGVyLCBkdWUgdG8gZGlmZmVyZW5jZXMgYm90aCBpbiB0aGUgZGlzdGFuY2UgZnJvbSB0aGUg b3JpZ2luYXRvciBvZiB0aGUNCiA+IElHUCBldmVudCBhbmQgaW4gZmxvb2RpbmcgaW1wbGVtZW50 YXRpb25zLg0KID4gPg0KID4gPg0KID4gPiAgICAgVGhhdCBiZWluZyBzYWlkLCBJJ20gbm90IGEg bmF0aXZlIEVuZ2xpc2ggc3BlYWtlciBhbmQgQWNlZSBpcyBraW5kIGVub3VnaCB0byBzcGVuZCB0 aW1lDQogPiBjb3JyZWN0aW5nIG15IGVycm9ycy4gVGhlcmVmb3JlLCBBY2VlIGFuZCBvYnZpb3Vz bHkgdGhlIFJGQyBlZGl0b3IgbWF5IGZ1cnRoZXIgZWRpdCB0aGlzIHRleHQuDQogPiA+DQogPiA+ IFtBY2VlXSBJIHRoaW5rICJTUEZfREVMQVkgdGltZXIgdmFsdWVzIiByZWFkcyBiZXR0ZXIgYXMg YSBzaW5nbGUgcGx1cmFsIGNvbXBvdW5kIG5vdW4uIERvIHlvdQ0KID4gZGlzYWdyZWU/IFNlZSBj bGFyaWZpY2F0aW9uIGJlbG93Og0KID4gPg0KID4gPiAgQWx3YXlzIHRyeSB0byBhdm9pZCBkaWZm ZXJlbnQgU1BGX0RFTEFZIHRpbWVyIHZhbHVlcyBhY3Jvc3MgZGlmZmVyZW50IHJvdXRlcnMgaW4g dGhlIGFyZWEvbGV2ZWwuDQogPiBUaGlzIHJlcXVpcmVzIHNwZWNpZmljIGNvbnNpZGVyYXRpb24g YXMgZGlmZmVyZW50IHJvdXRlcnMgbWF5IHJlY2VpdmUgSUdQIG1lc3NhZ2VzIGF0IGEgZGlmZmVy ZW50DQogPiBpbnRlcnZhbCBvciBldmVuIGluIGEgZGlmZmVyZW50IG9yZGVyLCBkdWUgdG8gZGlm ZmVyZW5jZXMgYm90aCBpbiB0aGUgZGlzdGFuY2UgZnJvbSB0aGUgb3JpZ2luYXRvciBvZg0KID4g dGhlIElHUCBldmVudCBhbmQgaW4gZmxvb2RpbmcgaW1wbGVtZW50YXRpb25zLg0KID4gDQogPiBU aGlzIHdvdWxkIGJlIG15IHByZWZlcmVuY2UsIGJ1dCBJIGRpZCBub3Qgd2FudCB0byBiaWFzIHRo ZSBhdXRob3JzDQogPiB3aXRoIG15IGluaXRpYWwgbWVzc2FnZS4NCiA+IA0KID4gPg0KID4gPg0K ID4gPg0KID4gPiAgICAgID4gU1JMRyBpcyB1c2VkIHdpdGhvdXQgZXhwYW5zaW9uIGluIG11bHRp cGxlIHBsYWNlcywgYnV0IGRvZXMgbm90DQogPiA+ICAgICAgPiBhcHBlYXIgb24gaHR0cHM6Ly93 d3cucmZjLWVkaXRvci5vcmcvbWF0ZXJpYWxzL2FiYnJldi5leHBhbnNpb24udHh0DQogPiA+ICAg ICAgPiBhcyBhICJ3ZWxsLWtub3duIiBhYmJyZXZpYXRpb24uDQogPiA+DQogPiA+ICAgICBbQnJ1 bm9dIG9rLCBleHBhbmRlZCBvbiBmaXJzdCB1c2UuDQogPiA+DQogPiA+DQogPiA+ICAgICAgPiBJ biBzZWN0aW9uIDYsIHdlIGZpbmQgdGhlIGF3a3dhcmQgY29uc3RydWN0aW9uICJwbGF5IGl0IHNh ZmUgYW5kDQogPiA+ICAgICAgPiBzdGFydCB3aXRoIHNhZmUsIGkuZS4sIGxvbmdlciB0aW1lcnMi LiAgUHJvYmFibHkgd2Ugd2FudCB0byBzYXkNCiA+ID4gICAgICA+ICJzYWZlIHZhbHVlcyIgYXMg dGhlIG5vdW4sIGFuZCBtYXliZSBjb25zaWRlciByZXdvcmRpbmcgdG8gYXZvaWQgdGhlDQogPiA+ ICAgICAgPiBkdXBsaWNhdGUgInNhZmUiIGFuZC9vciB0aGUgY29sbG9xdWlhbGlzbSAicGxheSBp dCBzYWZlIi4NCiA+ID4NCiA+ID4gICAgIFtCcnVub10gb2sNCiA+ID4NCiA+ID4gICAgIE9MRDog SW4gY2FzZSBvZiBkb3VidCwgaXQncyBSRUNPTU1FTkRFRCB0byBwbGF5IGl0IHNhZmUgYW5kIHN0 YXJ0IHdpdGggc2FmZSwgaS5lLiwgbG9uZ2VyDQogPiB0aW1lcnMuDQogPiA+ICAgICBORVc6IElu IGNhc2Ugb2YgZG91YnQsIGl0J3MgUkVDT01NRU5ERUQgdG8gc3RhcnQgd2l0aCBzYWZlciAoaS5l LiBsb25nZXIpIHRpbWVyIHZhbHVlcy4NCiA+ID4NCiA+ID4gICAgIEFnYWluLCB0ZXh0IG1heSBi ZSBzdWJqZWN0IHRvIGZ1cnRoZXIgcmV2aXNpb24uDQogPiA+DQogPiA+IFtBY2VlXTogSW4gY2Fz ZSBvZiBkb3VidCwgaXQncyBSRUNPTU1FTkRFRCB0byBzdGFydCB3aXRoIHNhZmVyIChpLmUuLCBs b25nZXIpIHRpbWVyIHZhbHVlcy4NCiA+ID4NCiA+ID4gICAgICA+IFNlY3Rpb24gOCBzYXlzOg0K ID4gPiAgICAgID4NCiA+ID4gICAgICA+ICAgIFsuLi5dLiBGSUJzDQogPiA+ICAgICAgPiAgICBh cmUgaW5zdGFsbGVkIGFmdGVyIG11bHRpcGxlIHN0ZXBzIHN1Y2ggYXMgZmxvb2Rpbmcgb2YgdGhl IElHUCBldmVudA0KID4gPiAgICAgID4gICAgYWNyb3NzIHRoZSBuZXR3b3JrLCBTUEYgd2FpdCB0 aW1lLCBTUEYgY29tcHV0YXRpb24sIEZJQiBkaXN0cmlidXRpb24NCiA+ID4gICAgICA+ICAgIGFj cm9zcyBsaW5lIGNhcmRzLCBhbmQgRklCIHVwZGF0ZS4gIFRoaXMgZG9jdW1lbnQgb25seSBhZGRy ZXNzZXMgdGhlDQogPiA+ICAgICAgPiAgICBmaXJzdCBjb250cmlidXRpb24uDQogPiA+ICAgICAg Pg0KID4gPiAgICAgID4gd2hpY2ggbWFrZXMgbWUgdHJ5IHRvIG1hdGNoIHVwICJ0aGUgZmlyc3Qg Y29udHJpYnV0aW9uIiB3aXRoIHRoZQ0KID4gPiAgICAgID4gZmxvb2RpbmcsIHdoZW4gSSBhc3N1 bWUgaXQncyBtZWFudCB0byBtYXRjaCB1cCB3aXRoIHRoZSBTUEYgd2FpdA0KID4gPiAgICAgID4g dGltZS4NCiA+ID4NCiA+ID4gICAgIFtCcnVub10gWW91IGFyZSBhYnNvbHV0ZSByaWdodC4gVGhh bmtzIGZvciB0aGUgY2F0Y2guDQogPiA+DQogPiA+ICAgICBPTEQ6ICBGSUJzIGFyZSBpbnN0YWxs ZWQgYWZ0ZXIgbXVsdGlwbGUgc3RlcHMgc3VjaCBhcyBmbG9vZGluZyBvZiB0aGUgSUdQIGV2ZW50 IGFjcm9zcyB0aGUNCiA+IG5ldHdvcmssIFNQRiB3YWl0IHRpbWUsIFNQRiBjb21wdXRhdGlvbiwg RklCIGRpc3RyaWJ1dGlvbiBhY3Jvc3MgbGluZSBjYXJkcywgYW5kIEZJQiB1cGRhdGUuIFRoaXMN CiA+IGRvY3VtZW50IG9ubHkgYWRkcmVzc2VzIHRoZSBmaXJzdCBjb250cmlidXRpb24uDQogPiA+ ICAgICBORVc6IEZJQnMgYXJlIGluc3RhbGxlZCBhZnRlciBtdWx0aXBsZSBzdGVwcyBzdWNoIGFz IGZsb29kaW5nIG9mIHRoZSBJR1AgZXZlbnQgYWNyb3NzIHRoZQ0KID4gbmV0d29yaywgU1BGIHdh aXQgdGltZSwgU1BGIGNvbXB1dGF0aW9uLCBGSUIgZGlzdHJpYnV0aW9uIGFjcm9zcyBsaW5lIGNh cmRzLCBhbmQgRklCIHVwZGF0ZS4gVGhpcw0KID4gZG9jdW1lbnQgb25seSBhZGRyZXNzZXMgdGhl IGNvbnRyaWJ1dGlvbiBmcm9tIHRoZSBTUEYgd2FpdCB0aW1lLg0KID4gDQogPiBTb3VuZHMgZ29v ZC4NCiA+IA0KID4gPiAgICAgVGhhbmtzIGFnYWluIGZvciB5b3VyIGNhcmVmdWwgcmV2aWV3Lg0K ID4gPg0KID4gPiBZZXMgLSBUaGFuayB5b3UsDQogPiANCiA+IFlvdSdyZSB3ZWxjb21lIQ0KID4g DQogPiAtQmVuamFtaW4NCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fCgpDZSBtZXNzYWdlIGV0IHNlcyBwaWVjZXMgam9pbnRl cyBwZXV2ZW50IGNvbnRlbmlyIGRlcyBpbmZvcm1hdGlvbnMgY29uZmlkZW50aWVsbGVzIG91IHBy aXZpbGVnaWVlcyBldCBuZSBkb2l2ZW50IGRvbmMKcGFzIGV0cmUgZGlmZnVzZXMsIGV4cGxvaXRl cyBvdSBjb3BpZXMgc2FucyBhdXRvcmlzYXRpb24uIFNpIHZvdXMgYXZleiByZWN1IGNlIG1lc3Nh Z2UgcGFyIGVycmV1ciwgdmV1aWxsZXogbGUgc2lnbmFsZXIKYSBsJ2V4cGVkaXRldXIgZXQgbGUg ZGV0cnVpcmUgYWluc2kgcXVlIGxlcyBwaWVjZXMgam9pbnRlcy4gTGVzIG1lc3NhZ2VzIGVsZWN0 cm9uaXF1ZXMgZXRhbnQgc3VzY2VwdGlibGVzIGQnYWx0ZXJhdGlvbiwKT3JhbmdlIGRlY2xpbmUg dG91dGUgcmVzcG9uc2FiaWxpdGUgc2kgY2UgbWVzc2FnZSBhIGV0ZSBhbHRlcmUsIGRlZm9ybWUg b3UgZmFsc2lmaWUuIE1lcmNpLgoKVGhpcyBtZXNzYWdlIGFuZCBpdHMgYXR0YWNobWVudHMgbWF5 IGNvbnRhaW4gY29uZmlkZW50aWFsIG9yIHByaXZpbGVnZWQgaW5mb3JtYXRpb24gdGhhdCBtYXkg YmUgcHJvdGVjdGVkIGJ5IGxhdzsKdGhleSBzaG91bGQgbm90IGJlIGRpc3RyaWJ1dGVkLCB1c2Vk IG9yIGNvcGllZCB3aXRob3V0IGF1dGhvcmlzYXRpb24uCklmIHlvdSBoYXZlIHJlY2VpdmVkIHRo aXMgZW1haWwgaW4gZXJyb3IsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBhbmQgZGVsZXRlIHRo aXMgbWVzc2FnZSBhbmQgaXRzIGF0dGFjaG1lbnRzLgpBcyBlbWFpbHMgbWF5IGJlIGFsdGVyZWQs IE9yYW5nZSBpcyBub3QgbGlhYmxlIGZvciBtZXNzYWdlcyB0aGF0IGhhdmUgYmVlbiBtb2RpZmll ZCwgY2hhbmdlZCBvciBmYWxzaWZpZWQuClRoYW5rIHlvdS4KCg== From nobody Fri Feb 16 05:56:23 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C83412D887; Fri, 16 Feb 2018 05:56:12 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rich Salz To: Cc: ietf@ietf.org, draft-ietf-tls-tls13.all@ietf.org, tls@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151878937218.4977.11435268279455285944@ietfa.amsl.com> Date: Fri, 16 Feb 2018 05:56:12 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-tls-tls13-24 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 13:56:12 -0000 Reviewer: Rich Salz Review result: Ready I have discovered an elegant little proof that shows TLS 1.3 is not secure, unfortunately I do not have the room to fit it in this textbox. I will send email tomorrow... No, seriously, this protocol has been designed with the help of world-class cryptographers and academics. It has been analyzed with verification tools. It has been tweaked as necessary to get around middlebox ossification. It is available in two highly popular browsers and at least one widely-used open source toolkit. This document is READY. From nobody Fri Feb 16 06:06:38 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A501E12D87F for ; Fri, 16 Feb 2018 06:06:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3cLdYkc8GPp6 for ; Fri, 16 Feb 2018 06:06:31 -0800 (PST) Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2464812D86B for ; Fri, 16 Feb 2018 06:06:31 -0800 (PST) Received: from smtp9.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 61A2457D0; Fri, 16 Feb 2018 09:06:26 -0500 (EST) Received: from app29.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 536A85608; Fri, 16 Feb 2018 09:06:26 -0500 (EST) X-Sender-Id: scott@hyperthought.com Received: from app29.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Fri, 16 Feb 2018 09:06:26 -0500 Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app29.wa-webapps.iad3a (Postfix) with ESMTP id 441466098C; Fri, 16 Feb 2018 09:06:26 -0500 (EST) Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Fri, 16 Feb 2018 06:06:26 -0800 (PST) X-Auth-ID: scott@hyperthought.com Date: Fri, 16 Feb 2018 06:06:26 -0800 (PST) From: "Scott G. Kelly" To: "secdir@ietf.org" , "iesg@ietf.org" , draft-ietf-bess-fat-pw-bgp-all@ietf.org MIME-Version: 1.0 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: quoted-printable Importance: Normal X-Priority: 3 (Normal) X-Type: plain Message-ID: <1518789986.277131687@apps.rackspace.com> X-Mailer: webmail/12.11.1-RC Archived-At: Subject: [secdir] secdir review of draft-ietf-bess-fat-pw-bgp-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 14:06:33 -0000 I have reviewed this document as part of the security directorate's ongoing= effort to review all IETF documents being processed by the IESG. These com= ments were written primarily for the benefit of the security area directors= . Document editors and WG chairs should treat these comments just like any= other last call comments.=0A=0AThe summary of the review is Ready with iss= ues.=0A=0AFrom the last line of the abstract, this draft updates RFC 4761 b= y defining new flags in the Control Flags field of the Layer2 Info Extended= Community.=0A=0AI'm not expert in routing protocols, so I can't say for su= re that the one minor issue I'm calling out is the only one. The security c= onsiderations section is very brief, saying only=0A=0A This extension to = BGP does not change the underlying security issues=0A inherent in the exi= sting [RFC4271].=0A=0ARFC4271 is the BGP4 RFC. I agree that those security = considerations apply, but as noted in the abstract, this draft updates RFC4= 761, and since that document calls out additional security considerations, = don't those also apply here? Shouldn't this document's security considerati= ons also reference RFC4761?=0A=0A--Scott From nobody Fri Feb 16 06:08:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ADE312D87E for ; Fri, 16 Feb 2018 06:08:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 986F4pb8nFCG for ; Fri, 16 Feb 2018 06:08:42 -0800 (PST) Received: from smtp106.iad3a.emailsrvr.com (smtp106.iad3a.emailsrvr.com [173.203.187.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8CA912751F for ; Fri, 16 Feb 2018 06:08:42 -0800 (PST) Received: from smtp6.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp6.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id C301254C4; Fri, 16 Feb 2018 09:08:37 -0500 (EST) Received: from app34.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp6.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id AEEAC556E; Fri, 16 Feb 2018 09:08:37 -0500 (EST) X-Sender-Id: scott@hyperthought.com Received: from app34.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Fri, 16 Feb 2018 09:08:37 -0500 Received: from hyperthought.com (localhost.localdomain [127.0.0.1]) by app34.wa-webapps.iad3a (Postfix) with ESMTP id 9EE66A0044; Fri, 16 Feb 2018 09:08:37 -0500 (EST) Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Fri, 16 Feb 2018 06:08:37 -0800 (PST) X-Auth-ID: scott@hyperthought.com Date: Fri, 16 Feb 2018 06:08:37 -0800 (PST) From: "Scott G. Kelly" To: "Scott G. Kelly" Cc: "secdir@ietf.org" , "iesg@ietf.org" , draft-ietf-bess-fat-pw-bgp-all@tools.ietf.org MIME-Version: 1.0 Content-Type: text/plain;charset=UTF-8 Content-Transfer-Encoding: quoted-printable Importance: Normal X-Priority: 3 (Normal) X-Type: plain In-Reply-To: <1518789986.277131687@apps.rackspace.com> References: <1518789986.277131687@apps.rackspace.com> Message-ID: <1518790117.64868211@apps.rackspace.com> X-Mailer: webmail/12.11.1-RC Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-bess-fat-pw-bgp-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 14:08:44 -0000 Resending due to bounce from draft-ietf-bess-fat-pw-bgp-all@ietf.org=0A=0A= =0AOn Friday, February 16, 2018 6:06am, "Scott G. Kelly" said:=0A=0A> I have reviewed this document as part of the security d= irectorate's ongoing effort=0A> to review all IETF documents being processe= d by the IESG. These comments were=0A> written primarily for the benefit of= the security area directors. Document=0A> editors and WG chairs should tr= eat these comments just like any other last call=0A> comments.=0A> =0A> The= summary of the review is Ready with issues.=0A> =0A> From the last line of= the abstract, this draft updates RFC 4761 by defining new=0A> flags in the= Control Flags field of the Layer2 Info Extended Community.=0A> =0A> I'm no= t expert in routing protocols, so I can't say for sure that the one minor= =0A> issue I'm calling out is the only one. The security considerations sec= tion is very=0A> brief, saying only=0A> =0A> This extension to BGP does = not change the underlying security issues=0A> inherent in the existing [= RFC4271].=0A> =0A> RFC4271 is the BGP4 RFC. I agree that those security con= siderations apply, but as=0A> noted in the abstract, this draft updates RFC= 4761, and since that document calls=0A> out additional security considerati= ons, don't those also apply here? Shouldn't=0A> this document's security co= nsiderations also reference RFC4761?=0A> =0A> --Scott=0A> =0A> ____________= ___________________________________=0A> secdir mailing list=0A> secdir@ietf= .org=0A> https://www.ietf.org/mailman/listinfo/secdir=0A> wiki: http://tool= s.ietf.org/area/sec/trac/wiki/SecDirReview=0A> From nobody Fri Feb 16 06:43:12 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAC051241F5; Fri, 16 Feb 2018 06:43:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c70jW_a-_4KY; Fri, 16 Feb 2018 06:43:03 -0800 (PST) Received: from mail-ot0-x22b.google.com (mail-ot0-x22b.google.com [IPv6:2607:f8b0:4003:c0f::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6CDC120047; Fri, 16 Feb 2018 06:43:02 -0800 (PST) Received: by mail-ot0-x22b.google.com with SMTP id l24so2890459otj.3; Fri, 16 Feb 2018 06:43:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=RUP4S4w4RRBIxAkxpN147BfNnYs19DwlkkIOm0tTpvA=; b=Ynn1tPPhbEh6yeGI9clB2p1xwdEUphujy2HnktoUu/UK0ErSSveuqphaXFeRfdJTN1 AmBwVzbbLjHtmip1EOAo8MrBcMwlFtOmosmAklZuWrsD9g+dBGy+soGdp1u9f02Guvxm aVlWq2DpecIfrrgO1ty5eQ4pdJx+XKifKTBy3Xw/kT0u0hlKbE5Kn8+p84lDS87KUjZj nNUXg0b94JwMg6+xMQR9P8NvdbWgwzwi6xgi7ZPIhlmDXBpxYLbGMRvlmHlUfTpObqha uxmDRrcZLf7ozU6+oIxKCnNJqDSvka98o+gOc+J5RfM/rJnt9IyUELP/fxOeEvxW6pUE dUAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=RUP4S4w4RRBIxAkxpN147BfNnYs19DwlkkIOm0tTpvA=; b=XaB7V95UW3I5BjZDt5tpnT2N87EnOoHgoe3qXur63oMztWqU5VcM26VccsMLw7Xywd V7p1putxNvO5qnMHaE7szXxoUBvVAazIKM6KhKK6AqFi6QtjC4l2Fmqnez+0pEu1Ta1/ sFf87pUtEkooIwUvQNBW8BC9p3Bab2QdSBbCTuDJ1QonriGVbwzHCOdlArhLzTbpE4dp ljT1WGl1BuGmjJxTbfqQCTW1Ou9O5fQaI4C1MRYGYAhvh4OmXMUNUbEBSDUpbHNao763 Z+4nDrAjCmw59eHTd84qCvZBNm8kB/10DjNbm0aXWrfQYDKjhLy9W/0M9IlV1X1V9jwJ 8sHw== X-Gm-Message-State: APf1xPBh94xMQg6c2bAxn1NC9k10P6Twgm4eloMeMiuSO9DgjfejRbqW ItlUWmCb3tt2I7r8EwouPFrK5jd1RpMnAKTSR8w= X-Google-Smtp-Source: AH8x224byOXttgGPHbbrZJkVjhwvccmu9CF9WGCiA3aNa+P0K+571fqfJledbbJ2f5bIjF1WLVcXf4qfZYAA+oiE60I= X-Received: by 10.157.36.137 with SMTP id z9mr4346135ota.175.1518792182242; Fri, 16 Feb 2018 06:43:02 -0800 (PST) Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 16 Feb 2018 06:43:01 -0800 From: Alvaro Retana In-Reply-To: <1518790117.64868211@apps.rackspace.com> References: <1518789986.277131687@apps.rackspace.com> <1518790117.64868211@apps.rackspace.com> X-Mailer: Airmail (467) MIME-Version: 1.0 Date: Fri, 16 Feb 2018 06:43:01 -0800 Message-ID: To: "Scott G. Kelly" Cc: draft-ietf-bess-fat-pw-bgp.all@ietf.org, "iesg@ietf.org" , "secdir@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c03556482a4410565555c29" Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-bess-fat-pw-bgp-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 14:43:06 -0000 --94eb2c03556482a4410565555c29 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Scott: Hi! Thanks for the review! The correct address is draft-ietf-bess-fat-pw-bgp.all@ietf.org. (.all, not -all). I=E2=80=99m including it in this reply. BTW, yes the security considerations should also reference rfc4761. That comment had come up in another review and the authors should have it queued up for the next version. Alvaro. On February 16, 2018 at 9:08:47 AM, Scott G. Kelly (scott@hyperthought.com) wrote: Resending due to bounce from draft-ietf-bess-fat-pw-bgp-all@ietf.org On Friday, February 16, 2018 6:06am, "Scott G. Kelly" < scott@hyperthought.com> said: > I have reviewed this document as part of the security directorate's ongoing effort > to review all IETF documents being processed by the IESG. These comments were > written primarily for the benefit of the security area directors. Documen= t > editors and WG chairs should treat these comments just like any other last call > comments. > > The summary of the review is Ready with issues. > > From the last line of the abstract, this draft updates RFC 4761 by defining new > flags in the Control Flags field of the Layer2 Info Extended Community. > > I'm not expert in routing protocols, so I can't say for sure that the one minor > issue I'm calling out is the only one. The security considerations section is very > brief, saying only > > This extension to BGP does not change the underlying security issues > inherent in the existing [RFC4271]. > > RFC4271 is the BGP4 RFC. I agree that those security considerations apply, but as > noted in the abstract, this draft updates RFC4761, and since that document calls > out additional security considerations, don't those also apply here? Shouldn't > this document's security considerations also reference RFC4761? > > --Scott > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview > --94eb2c03556482a4410565555c29 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =
Scott:

Hi!=C2=A0 Thanks for the review!

The correct address is=C2=A0draft-ietf-bess-fat-pw-bgp.all@ietf.org= . (.all, not -all).=C2=A0 I=E2=80=99m including it in this reply.
=

BTW, yes the security con= siderations should also reference rfc4761.=C2=A0 That comment had come up i= n another review and the authors should have it queued up for the next vers= ion.

Alvaro.

On February 16, 2018 at 9:08:47 AM, Scott G. Kell= y (scott@hyperthought.com) wr= ote:

Resending due to bounce from draft-ietf-bess-fat-pw-bgp-all@ietf.org


O= n Friday, February 16, 2018 6:06am, "Scott G. Kelly" <scott@hyperthought.com> said:
=
> I have reviewed this document as part of the security directorate&= #39;s ongoing effort
> to review all IETF documents being processed b= y the IESG. These comments were
> written primarily for the benefit o= f the security area directors. Document
> editors and WG chairs shou= ld treat these comments just like any other last call
> comments.
= >
> The summary of the review is Ready with issues.
>
&= gt; From the last line of the abstract, this draft updates RFC 4761 by defi= ning new
> flags in the Control Flags field of the Layer2 Info Extend= ed Community.
>
> I'm not expert in routing protocols, so = I can't say for sure that the one minor
> issue I'm calling o= ut is the only one. The security considerations section is very
> bri= ef, saying only
>
> This extension to BGP does not change t= he underlying security issues
> inherent in the existing [RFC4271]= .
>
> RFC4271 is the BGP4 RFC. I agree that those security con= siderations apply, but as
> noted in the abstract, this draft updates= RFC4761, and since that document calls
> out additional security con= siderations, don't those also apply here? Shouldn't
> this do= cument's security considerations also reference RFC4761?
>
&g= t; --Scott
>
> _______________________________________________=
> secdir mailing list
> sec= dir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.i= etf.org/area/sec/trac/wiki/SecDirReview
> =20

--94eb2c03556482a4410565555c29-- From nobody Fri Feb 16 10:26:31 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6F1129515; Fri, 16 Feb 2018 10:26:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6YIIe_1w3yY; Fri, 16 Feb 2018 10:26:28 -0800 (PST) Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B6512D778; Fri, 16 Feb 2018 10:26:27 -0800 (PST) X-AuditID: 1209190f-4b9ff70000000258-48-5a872252cc9f Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 00.27.00600.252278A5; Fri, 16 Feb 2018 13:26:26 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w1GIQPsl030298; Fri, 16 Feb 2018 13:26:25 -0500 Received: from mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1GIQKw6019781 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 16 Feb 2018 13:26:23 -0500 Date: Fri, 16 Feb 2018 12:26:21 -0600 From: Benjamin Kaduk To: bruno.decraene@orange.com Cc: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" , "Acee Lindem (acee)" Message-ID: <20180216182620.GA12363@mit.edu> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216000410.GP12363@mit.edu> <23454_1518784454_5A86CFC6_23454_358_1_53C29892C857584299CBF5D05346208A4799CED8@OPEXCLILM21.corporate.adroot.infra.ftgroup> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <23454_1518784454_5A86CFC6_23454_358_1_53C29892C857584299CBF5D05346208A4799CED8@OPEXCLILM21.corporate.adroot.infra.ftgroup> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGKsWRmVeSWpSXmKPExsUixCmqrBuk1B5lsPuwvsXkt/OYLX7smMNs cX37DTaLGX8mMlt8WPiQxYHVY8rvjaweS5b8ZPJoeXaSLYA5issmJTUnsyy1SN8ugSuj78RP xoLpAhUn1zxlbmDs4+li5OSQEDCR6Pv0hr2LkYtDSGAxk8SEY00sEM5GRokfL89BZc4ySdz9 PI0dpIVFQFVi5fl2NhCbTUBFoqH7MjOILSIgK/HnaCMjSAOzwB1Gib2n3zCBJIQF7CT23rjB CGLzCuhIrHn+DWrqHyaJJdf/sEAkBCVOznwCZjMLqEv8mXcJaCoHkC0tsfwfB0RYXqJ562xm kF5OgQ5GibMrl4ItEBVQltjbd4h9AqPgLCSjZiEZNQth1CwkoxYwsqxilE3JrdLNTczMKU5N 1i1OTszLSy3SNdHLzSzRS00p3cQIjgJJ/h2Mcxq8DzEKcDAq8fA+eNwWJcSaWFZcmXuIUZKD SUmUd9FDoBBfUn5KZUZicUZ8UWlOavEhRgkOZiUR3ucg5bwpiZVVqUX5MClpDhYlcV53E+0o IYH0xJLU7NTUgtQimKwMB4eSBG+OYnuUkGBRanpqRVpmTglCmomDE2Q4D9BwdpAa3uKCxNzi zHSI/ClGXY4bL163MQux5OXnpUqJ884FKRIAKcoozYObA0peEtn7a14xigO9JczbBFLFA0x8 cJNeAS1hAlrCq9QKsqQkESEl1cDoL/Jz3r8pUb93pt9Y87BZZ7LUE2uZ1GM3Fb/0VVfcqotg E+qMnJi3W3Hl7mkehrINNYtN1UseLJ4tNPtwwqKtRQtLdc/EZees+SPsJytyRMHyoNNXm52Z KdyMufd62XI3TJbtbIg5ZrU5w4XtovbR7BMdKibTHZiXL1vs6rp8FVPwLi325OVKLMUZiYZa zEXFiQA8pirbOQMAAA== Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 18:26:31 -0000 [inline, trimming a bunch of agreed-upon stuff] On Fri, Feb 16, 2018 at 12:34:13PM +0000, bruno.decraene@orange.com wrote: > Hi Benjamin, > > > From: Benjamin Kaduk [mailto:kaduk@mit.edu] > > Sent: Friday, February 16, 2018 1:04 AM > > > > [also inline] > > Please see inline [Bruno2] > > > On Thu, Feb 15, 2018 at 07:50:34PM +0000, Acee Lindem (acee) wrote: > > > Hi Bruno, Benjamin, > > > > > > Thanks to Benjamin for review and Bruno for the detailed response. See my responses preceded > > by [Acee]. > > > > > > > > > On 2/15/18, 11:17 AM, "bruno.decraene@orange.com" wrote: > > > > > > > > > > In section 3, we talk of "computation of the routing table, by the > > > > IGP", which gets me confused about whether "the IGP" represents a > > > > network protocol for conveying (e.g.) link state information, an > > > > algorithm for SPF computation, or a router that performs SPF > > > > computations. > > > > > > [Bruno] IGP is usually a protocol. In this sentence, it is meant as the IGP process of the router. > > > Again, I'm open to reformulation. "Acee, any opinion on this?" > > > > > > [Acee] I don't think we need to change this. IGP is a well-known acronym. > > > https://www.rfc-editor.org/materials/abbrev.expansion.txt > > > > Perhaps my question was not well phrased. I propose > > > > OLD: computation of the routing table, by the IGP > > > > NEW: computation of the routing table, by the IGP participant > > > > (or something similar), since the IGP just serves to distribute the > > LSDB (conceptually), and the computation of the routing table is > > done by each router internally (i.e., not directly using the IGP in > > question). Or is the previous sentence not true? > > [Bruno2] What about: > NEW: Computation of the routing table, by the IGP implementation, > > ("IGP participant" does not sound like an usual term to me) That works for me. Thanks again! -Ben From nobody Fri Feb 16 11:21:47 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 952E81200C1; Fri, 16 Feb 2018 11:21:39 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Yoav Nir To: Cc: modern@ietf.org, draft-ietf-modern-problem-framework.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151880889952.1465.16611057002784350280@ietfa.amsl.com> Date: Fri, 16 Feb 2018 11:21:39 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-modern-problem-framework-03 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 19:21:40 -0000 Reviewer: Yoav Nir Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and others should treat these comments just like any other late last call comments. The document is well-written although it uses a lot of jargon without defining it first. For example: An increasing number of enterprises, over-the- top voice-over-IP (VoIP) providers VoIP I understand. What is over-the-top? Since the target audience is IETF people who are more well-versed in telephony jargon than I am, this is probably fine. What I didn't like about this is the introduction in section 1. It reads like a marketing document rather than a technical one. For example: The challenges of utilizing telephone numbers (TNs) on the Internet have been known for some time. It's only challenging if I want to use a TN on the Internet. Why do I want to do that? Thanks to the increasing sophistication of consumer mobile devices as Internet endpoints as well as telephones, users now associate TNs with many Internet applications other than telephony. So because my phone is so sophisticated and has IP, I now associate phone numbers with Internet applications? Why? The Security Considerations section is fine, but I think this is one draft that should have privacy considerations either as a separate section or as a paragraph in the Security Considerations section. It should be called out that the administrative data often contains PII - real names and addresses of users and the usage of phone numbers as identifiers on the Internet allows for mapping these real names and addresses to transactions on the Internet. I think this deserves a mention From nobody Sat Feb 17 15:30:33 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AC9012D7EA; Sat, 17 Feb 2018 15:30:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4nL9Byu0hki; Sat, 17 Feb 2018 15:30:31 -0800 (PST) Received: from Mail.Yoyodyne.COM (mail.yoyodyne.com [139.60.72.138]) by ietfa.amsl.com (Postfix) with SMTP id 1467212D7E6; Sat, 17 Feb 2018 15:30:30 -0800 (PST) Received: from [IPv6:2603:3024:1748::4] ([2603:3024:1748::4]) by Mail.Yoyodyne.COM via Internet for (and others); Sat, 17 Feb 2018 15:30:30 PST From: Derrell Piper Content-Type: multipart/signed; boundary="Apple-Mail=_CBDF97FC-F7D5-4A75-9FCF-C0230D397E55"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Message-Id: Date: Sat, 17 Feb 2018 15:30:29 -0800 To: The IESG , secdir@ietf.org, draft-ietf-i2rs-rib-data-model.all@ietf.org X-Mailer: Apple Mail (2.3445.5.20) Archived-At: Subject: [secdir] draft-ietf-i2rs-rib-data-model X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2018 23:30:32 -0000 --Apple-Mail=_CBDF97FC-F7D5-4A75-9FCF-C0230D397E55 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. This document defines a YANG data model for the Routing Information Base (RIB). The Security Considerations section states that it's intended to run over SSH (NETCONF) or TLS (RESTCONF) and thus relies on discretionary access control defined by these underlying protocols along with the security of SSH/TLS. It further calls out the 'RIB', 'route', and 'nexthop' subtrees being defined, as being sensitive. Useful references: RFC6536 defines the network access control mechanism, RFC7921 explains the security environment for I2RS, and RFC8241 discusses the specific security requirements for I2RS. --Apple-Mail=_CBDF97FC-F7D5-4A75-9FCF-C0230D397E55 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcPdH3FAEATSMj56DLFinjYm9kMIFAlqIuxUACgkQLFinjYm9 kMI+UA//VkKrx8eiIA/RGVogK3frbrfU2BWc4KKm6nyVJ1Q2ovpYFyNVhx59njSr /POVRK5NRPXvmyiSCobaXVo3qtcZNm22j343a3q0Nox7H3MEvSX3sebJNDyNqOng XJdP0xgwg+HHxofNh4VKhf59w1Tji8S8uI3G55wOryCU6q/RWg6qjWR8hwdKTE5O ybI2sCgRAUoB9mEnFpKLioaKRZZv3OwBnQuTyCZOMXxEktXKyuSLNufeWovt4Jx4 kwMqnB3+++7XuWzgd92/R8R1YvHJzr2xuf5IfxfTNsY6qflhTozd/G2lLReWpqeV dU5MEVTK3A/kgPrnYjVucx5IQtGk7UrGw9+YkxmG6dqS5xeX+med3GuDPLRos/md CLVL9iH4LaP+4SxHTcDI+Z48qdNIIfUMo57w1ZESZAtz0tNFWHplWNXRgaqDc7KX YXLzpTPe7gLxxM9PfziBCWw/emocSyhASEaqGcL6uHqijp5pUYIWsN5M+vJ+bUar oEWQdKD4GDm7Q335WSesQQ0JarIEYvrpVy24wWqpOotHWyO1OPeLpM6KM8AJT84Q NAQvdYdzFQ8qHpMu5kZiAv3ComDBMo5UPtDcf9PzY9MKi94smfdD9RUFP0apB6mt OC7hmU8PC7gPqaBvBjgrpdHZqQ9ttwk3/k+TpT0U8zCAMJPIeGo= =/rwy -----END PGP SIGNATURE----- --Apple-Mail=_CBDF97FC-F7D5-4A75-9FCF-C0230D397E55-- From nobody Sat Feb 17 19:06:32 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DD1712D7EC; Sat, 17 Feb 2018 19:06:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fdZyJgPbhxSr; Sat, 17 Feb 2018 19:06:24 -0800 (PST) Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8B1B12AF84; Sat, 17 Feb 2018 19:06:24 -0800 (PST) Received: by mail-io0-x22c.google.com with SMTP id t22so8063871iob.3; Sat, 17 Feb 2018 19:06:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=5UMgPtlzDvCXLTAEm+vdv5Cv6msdo5e/pWS4fPK0/Yc=; b=FG8i+807SrI2aMGjg11Qar8eepGXSRwxNYI9I5TkYncCmI+NEj2i/1Q/jVl4jzVdI0 BV0AY5OlMQCBW5n2WCGnZcXo0VAivUUq3TmOBvCdJ7vwNWv2qgRpBX58+n9bIh/Wl20+ uGOMK10Hw0Tgk+h1sKxhxtss89G4m3ZUbLkD2/QD2KaJu+f+afMu1tV+gORPlcMuRcFb yszvjEfVjorW+h1y6SxoOquhgeGgYOIXW2l9uY50YhJhwE0ckvEkUGi2hPizAIK2H6qW 6lwfnE36/LG1VzZIOx0zIecJc+5ulSUlN342wSUwsxGdEQnzs4dovakesmgsE0SmhA3O lnuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=5UMgPtlzDvCXLTAEm+vdv5Cv6msdo5e/pWS4fPK0/Yc=; b=Cxe/hHULHEGjZ5lllh/vA5rKPe7e563e+NNFSXJImkKGCIliBOOU3eT5A5yoDKsLA8 i43pm06/HuzWua2yIa1kEoQC3LuuLuDnWu8xwtgskPxje2d7DHIkHjYxKJFIEQwLisQl JUgHTr2AgVxU/OJqQv/GxpUV7vMQWRtNLccgqjTXpZrZetlTnR7YTm94gHkWnpQKchzi nkwUjHT/UYFWG7OGDgOdfeZKdtLYztjcZ4Wc4LAv8wPynQc0NMYtX8dTbI61YSciEO8D UUnnE26ZcRcEdHInTTbD4r+PqRvPUZtiaqwLVj/YWzAQ6SEJcAa/dlpkUsEmY5PKOVyO PtZA== X-Gm-Message-State: APf1xPDAYMcDH6T+vyjHDyLxtjGx1JUNQQsOSfyn+z3laEDnpxd3GUZT LyOQbsSD0WBlkLt6piKeWmLq44UFltc2JxLp3aX2/A== X-Google-Smtp-Source: AH8x226l5GBngor15EkWqnU5byhkky0oWspI4Rcc4NUDupCEvaIEZ5Tdiy5ATP4m0RYuEqJo3K0SIOHQX6g+txoHv18= X-Received: by 10.107.40.72 with SMTP id o69mr15000892ioo.56.1518923183181; Sat, 17 Feb 2018 19:06:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.7.3 with HTTP; Sat, 17 Feb 2018 19:06:22 -0800 (PST) From: Radia Perlman Date: Sat, 17 Feb 2018 19:06:22 -0800 Message-ID: To: "secdir@ietf.org" , The IESG , draft-ietf-i2rs-yang-dc-fabric-network-topology.all@tools.ietf.org Content-Type: multipart/alternative; boundary="001a1141fb82c652e2056573dcb4" Archived-At: Subject: [secdir] secdir review of draft-ietf-i2rs-yang-dc-fabric-network-topology-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 03:06:26 -0000 --001a1141fb82c652e2056573dcb4 Content-Type: text/plain; charset="UTF-8" Summary: No security issues found I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document introduces a YANG model to manage multiple types of networks, and even a network consisting of mixed technologies, with one model. As they point out in the security considerations section, if there was no authentication of network management traffic, people could do bad things, but the assumption is that this will run over TLS or SSH. Therefore, no security issues are raised by this document. Radia --001a1141fb82c652e2056573dcb4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Summary:=C2=A0 No security issues found

I have reviewed this= document as part of the security directorate's ongoing
effort to=C2=A0review=C2=A0all IETF documen= ts being processed by the IESG.=C2=A0 These
comments were written primarily for = the benefit of the security area
directors.=C2=A0 Document editors and WG chairs= should treat these comments just
like any other last call comments.

This document introduces a YANG model to manage multiple types of = networks, and even a network consisting of mixed technologies, with one mod= el.=C2=A0 As they point out in the security considerations section, if ther= e was no authentication of network management traffic, people could do bad = things, but the assumption is that this will run over TLS or SSH.=C2=A0 The= refore, no security issues are raised by this document.

Radia

--001a1141fb82c652e2056573dcb4-- From nobody Sun Feb 18 06:31:07 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 736DF124BE8; Sun, 18 Feb 2018 06:30:57 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Yaron Sheffer To: Cc: draft-ietf-netmod-syslog-model.all@ietf.org, ietf@ietf.org, netmod@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151896425742.27914.9664814474838013064@ietfa.amsl.com> Date: Sun, 18 Feb 2018 06:30:57 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-netmod-syslog-model-21 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 14:30:57 -0000 Reviewer: Yaron Sheffer Review result: Has Issues General Comments * The semantics of pattern matching is not clear: "and/or the message text" - are there cases where you only match the text but not the facility/severity? * It's very confusing to specify rollover in minutes, but retention in hours. People are bound to get this one wrong. * Interface selection: the feature makes sense, but I think the description is incorrect. "This leaf sets the source interface to be used to send messages to the remote syslog server. If not set, messages sent to a remote syslog server will contain the IP address of the interface the syslog message uses to exit the network element". AFAIK the source IP will always correspond to the interface, but this feature allows you to select a particular one. * Usage examples: the second example lists a specific IPv6 address, but the Yang snippet shows a domain name. * A generic question (I am new to the Yang ecosystem): I understand most implementers will use this module from https://github.com/YangModels/yang/blob/master/standard/ietf/DRAFT/ietf-syslog.yang - is this the expectation? If so, why not add a link from the RFC into the repo, to make it easier for people to find? Security Comments * I think almost all writable data nodes here are sensitive, because a network attacker's first move is to block any logging on the host, and many of the data nodes here can be used for this purpose. * Re: readable data nodes, I'm not sure which are sensitive, and the document should give an example or two rather than just say "some". Otherwise the security advice is not actionable. One example: "remote" sections leak information about other hosts in the network. * Write operations... can have a negative effect on network operations. - I would add "and on network security", because logs are often used to detect security breaches. * Also add an advice, similar to the one on "pattern match", that the private key used for signing log messages MUST NOT be used for any other purpose, and that the implementation of this data node must ensure this property (I'm not sure how). The rationale: if the TLS private key is used, for example, this could result in a signing oracle for TLS and eventually a MITM attack. From nobody Sun Feb 18 07:38:42 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8AE124BE8; Sun, 18 Feb 2018 07:38:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvpHNx8lq_41; Sun, 18 Feb 2018 07:38:31 -0800 (PST) Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F63120454; Sun, 18 Feb 2018 07:38:28 -0800 (PST) Received: by mail-it0-x22b.google.com with SMTP id p204so6628112itc.4; Sun, 18 Feb 2018 07:38:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version; bh=ntwp0tEBjaHEVvoi/MA62D1g5SedewIzV3yihPEX6aA=; b=tLGvF/tPqcrKiXTD3mi9QwlbTqdHf9HUBn8X7eflhzzgvSw+50AvB5x+Br4LrarqxC A8t3J8HnYPq2cdcJGlVZhGflNGKWjDtYXQm24ltPrb+e3dtToeHAt00hDQtr4x6GIYn4 n4EEXoSEvAQce9KeBRIemUbTQwmvEzrPsOzSxD9nBp7H+C/U353rR1yzFtGiQrAZdJn7 eT5468MCsUFMQWVxKyDSpUOl4V5y0kjl7aURWwfv5hwlGuD1DRLcHR+U8UmYoP/JzEb+ 70OldxTjD5yVE11wiBeoc06d+gvsq14iW6HRqCSN6qR6ZTkTtWgTxHAKvAsuMGljRWSs ioUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version; bh=ntwp0tEBjaHEVvoi/MA62D1g5SedewIzV3yihPEX6aA=; b=COeCKj9SFWWzYXMfYJPesoOHsu2oTeA5qBLYTDudR2PGgMxkjQrS/iD2vSZR5lO/AM rZLm1AGlOOlPoTJk0QaTih2P4c5djvxmFmXiNtN4fRxTq/9Ji4hXIRgkMPaa+2KbpuR3 DiqENjDVt94bS8sZCGeQUzuHU6ig2P9VzKhKEikV/N+PYaslaIoClhHsyBumGSXwToI2 5S7X+gssFGFK0SwS0R6btVxmHCO7QYoZ2XhqrylhR8ygqScnSvdX8WQZ+ztk42MknigI Crs0wSGKn36uChWlM2bkF6aSobAThdY1hDrRaX6c+0YfTy9zf4XfDRMthMA03LKXx+nQ /gpw== X-Gm-Message-State: APf1xPAgASOMXXPscMk8YFNBvMLq1J4QNmyWLNasFmGonHssZg6CjdVb VRy2YQD/27EAHZz3ImyS1niNIQ== X-Google-Smtp-Source: AH8x2276e7e64JqESG+JCtp0sUZFqFXcZJSsZEwEUnis2XnXwt6e+I0znTeT8zc9W+2/aiaPG4WhWA== X-Received: by 10.36.40.16 with SMTP id h16mr16555969ith.125.1518968307295; Sun, 18 Feb 2018 07:38:27 -0800 (PST) Received: from Chriss-Air.attlocal.net ([2600:1700:d590:b2f0:8480:406f:34a8:4d24]) by smtp.googlemail.com with ESMTPSA id 12sm3286586itm.1.2018.02.18.07.38.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Feb 2018 07:38:26 -0800 (PST) To: "iesg@ietf.org" , "secdir@ietf.org" , draft-ietf-6lo-rfc6775-update.all@ietf.org From: Chris Lonvick Message-ID: <5A899DF0.7050607@gmail.com> Date: Sun, 18 Feb 2018 09:38:24 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------070403020901040600000305" Archived-At: Subject: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2018 15:38:33 -0000 This is a multi-part message in MIME format. --------------070403020901040600000305 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. I skimmed through the document, which appears thorough and well laid out. The Security Considerations section is appropriate. Below are some nits that I found in the Security Considerations section: Current: Backbone Router in a way that prevents tempering with or replaying Suggested: s/tempering/tampering/ Current: This specification recommends to using privacy techniques (see Suggested: s/to using/the use of/ Section B.5 is a section on Requirements Related to Security. This is an appropriate threat model. Also, just because I'm a bit late in doing this, I reviewed the Privacy Considerations section of this document. This is also well written and provides guidance to implementers in the way of pointers to other RFCs. Regards, Chris --------------070403020901040600000305 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Hello,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready with Nits.

I skimmed through the document, which appears thorough and well laid out.

The Security Considerations section is appropriate.

Below are some nits that I found in the Security Considerations section:

Current:
Backbone Router in a way that prevents tempering with or replaying
Suggested:
s/tempering/tampering/

Current:
This specification recommends to using privacy techniques (see
Suggested:
s/to using/the use of/

Section B.5 is a section on Requirements Related to Security. This is an appropriate threat model.

Also, just because I'm a bit late in doing this, I reviewed the Privacy Considerations section of this document. This is also well written and provides guidance to implementers in the way of pointers to other RFCs.

Regards,
Chris
--------------070403020901040600000305-- From nobody Mon Feb 19 01:30:20 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B374F12706D; Mon, 19 Feb 2018 01:30:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9IT_jkO4YKm; Mon, 19 Feb 2018 01:30:17 -0800 (PST) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D982612426E; Mon, 19 Feb 2018 01:30:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9462; q=dns/txt; s=iport; t=1519032617; x=1520242217; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=B+lKThF2lLfxPHQXmLjU7kSoccb8VmHGQ9amOiTJZqI=; b=ILc6KEeG83e5F0nVJHnz1AslGygIdG3VD1IxOLw6IyKvzPn2PHPjtB+W jmcI2mPlHepg4nLHAhU5bFoaFTw7mDG2UmrLtawPPf7FrWHh4UbkgHVTr bedUZmtPHEAvK9JlDPHNZT32sOj9UG387E1MpOZ3VdK4UMuDFHAGykZyf 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DZAACSmIpa/4sNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYJadWZwKAqDXYoljgOCAoEXh3+IboVcghYKhTsCGoI1VBgBAgE?= =?us-ascii?q?BAQEBAQJrKIUjAQEBBCMKXAIBCBEEAQEoAwICAh8RFAkIAgQBEgiJNkwDFapvg?= =?us-ascii?q?icmhw4NgTKCEwEBAQEBAQEBAQEBAQEBAQEBAQEBAR2FC4IogVeBaIMugmyCbYJ?= =?us-ascii?q?hgmUFinSZDDUJApB9hQKCKYIFkCKLFoM4iSQCERkBgTsBHzmBUXAVgn2CVByCB?= =?us-ascii?q?ngRjSiBGQEBAQ?= X-IronPort-AV: E=Sophos; i="5.46,534,1511827200"; d="scan'208,217"; a="72141794" Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Feb 2018 09:30:16 +0000 Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1J9UFNR005981 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 19 Feb 2018 09:30:16 GMT Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 19 Feb 2018 03:30:15 -0600 Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1320.000; Mon, 19 Feb 2018 03:30:15 -0600 From: "Pascal Thubert (pthubert)" To: Chris Lonvick , "iesg@ietf.org" , "secdir@ietf.org" , "draft-ietf-6lo-rfc6775-update.all@ietf.org" Thread-Topic: SECDIR Review of draft-ietf-6lo-rfc6775-update-11 Thread-Index: AQHTqM6rcOWuXcDXhEm3Q2Hv6eXNxqOrdkHg Date: Mon, 19 Feb 2018 09:29:54 +0000 Deferred-Delivery: Mon, 19 Feb 2018 09:29:34 +0000 Message-ID: References: <5A899DF0.7050607@gmail.com> In-Reply-To: <5A899DF0.7050607@gmail.com> Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.228.216.13] Content-Type: multipart/alternative; boundary="_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] SECDIR Review of draft-ietf-6lo-rfc6775-update-11 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 09:30:19 -0000 --_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmtzIGEgYnVuY2ggQ2hyaXMgOg0KDQpJIGFwcGxpZWQgdGhlIHJlY29tbWVuZGVkIGNoYW5n ZXMuIFRoZXkgd2lsbCBhcHBlYXIgaW4gdGhlIG5leHQgcHVibGljYXRpb24uDQoNClRha2UgY2Fy ZSwNCg0KUGFzY2FsDQoNCkZyb206IENocmlzIExvbnZpY2sgW21haWx0bzpsb252aWNrLmlldGZA Z21haWwuY29tXQ0KU2VudDogZGltYW5jaGUgMTggZsOpdnJpZXIgMjAxOCAxNjozOA0KVG86IGll c2dAaWV0Zi5vcmc7IHNlY2RpckBpZXRmLm9yZzsgZHJhZnQtaWV0Zi02bG8tcmZjNjc3NS11cGRh dGUuYWxsQGlldGYub3JnDQpTdWJqZWN0OiBTRUNESVIgUmV2aWV3IG9mIGRyYWZ0LWlldGYtNmxv LXJmYzY3NzUtdXBkYXRlLTExDQoNCkhlbGxvLA0KDQpJIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1 bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9uZ29pbmcgZWZmb3J0 IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2VkIGJ5IHRoZSBJRVNH LiBUaGVzZSBjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBv ZiB0aGUgc2VjdXJpdHkgYXJlYSBkaXJlY3RvcnMuIERvY3VtZW50IGVkaXRvcnMgYW5kIFdHIGNo YWlycyBzaG91bGQgdHJlYXQgdGhlc2UgY29tbWVudHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0 IGNhbGwgY29tbWVudHMuDQoNClRoZSBzdW1tYXJ5IG9mIHRoZSByZXZpZXcgaXMgUmVhZHkgd2l0 aCBOaXRzLg0KDQpJIHNraW1tZWQgdGhyb3VnaCB0aGUgZG9jdW1lbnQsIHdoaWNoIGFwcGVhcnMg dGhvcm91Z2ggYW5kIHdlbGwgbGFpZCBvdXQuDQoNClRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9u cyBzZWN0aW9uIGlzIGFwcHJvcHJpYXRlLg0KDQpCZWxvdyBhcmUgc29tZSBuaXRzIHRoYXQgSSBm b3VuZCBpbiB0aGUgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbjoNCg0KQ3VycmVudDoN CkJhY2tib25lIFJvdXRlciBpbiBhIHdheSB0aGF0IHByZXZlbnRzIHRlbXBlcmluZyB3aXRoIG9y IHJlcGxheWluZw0KU3VnZ2VzdGVkOg0Kcy90ZW1wZXJpbmcvdGFtcGVyaW5nLw0KDQpDdXJyZW50 Og0KVGhpcyBzcGVjaWZpY2F0aW9uIHJlY29tbWVuZHMgdG8gdXNpbmcgcHJpdmFjeSB0ZWNobmlx dWVzIChzZWUNClN1Z2dlc3RlZDoNCnMvdG8gdXNpbmcvdGhlIHVzZSBvZi8NCg0KU2VjdGlvbiBC LjUgaXMgYSBzZWN0aW9uIG9uIFJlcXVpcmVtZW50cyBSZWxhdGVkIHRvIFNlY3VyaXR5LiBUaGlz IGlzIGFuIGFwcHJvcHJpYXRlIHRocmVhdCBtb2RlbC4NCg0KQWxzbywganVzdCBiZWNhdXNlIEkn bSBhIGJpdCBsYXRlIGluIGRvaW5nIHRoaXMsIEkgcmV2aWV3ZWQgdGhlIFByaXZhY3kgQ29uc2lk ZXJhdGlvbnMgc2VjdGlvbiBvZiB0aGlzIGRvY3VtZW50LiBUaGlzIGlzIGFsc28gd2VsbCB3cml0 dGVuIGFuZCBwcm92aWRlcyBndWlkYW5jZSB0byBpbXBsZW1lbnRlcnMgaW4gdGhlIHdheSBvZiBw b2ludGVycyB0byBvdGhlciBSRkNzLg0KDQpSZWdhcmRzLA0KQ2hyaXMNCg== --_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjsN Cgljb2xvcjpibGFjazt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsNCgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7 fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlv cml0eTo5OTsNCgljb2xvcjojOTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0K cC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUt bmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0 OjBjbTsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjsN Cgljb2xvcjpibGFjazt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJz b25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjoj MUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0K CWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3 OTIuMHB0Ow0KCW1hcmdpbjo3MC44NXB0IDcwLjg1cHQgNzAuODVwdCA3MC44NXB0O30NCmRpdi5X b3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0 ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEw MjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNo YXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAv Pg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgYmdj b2xvcj0id2hpdGUiIGxhbmc9IkVOLVVTIiBsaW5rPSIjMDU2M0MxIiB2bGluaz0iIzk1NEY3MiI+ DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oyxz YW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPlRoYW5rcyBhIGJ1bmNoIENocmlzJm5ic3A7OjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtj b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SSBhcHBsaWVkIHRoZSByZWNv bW1lbmRlZCBjaGFuZ2VzLiBUaGV5IHdpbGwgYXBwZWFyIGluIHRoZSBuZXh0IHB1YmxpY2F0aW9u LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+VGFrZSBjYXJlLDxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp Zjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+UGFzY2FsPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8ZGl2IHN0eWxl PSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBw dCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6d2luZG93dGV4dCI+RnJvbTo8L3NwYW4+ PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli cmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjp3aW5kb3d0ZXh0Ij4gQ2hyaXMgTG9udmljayBbbWFp bHRvOmxvbnZpY2suaWV0ZkBnbWFpbC5jb21dDQo8YnI+DQo8Yj5TZW50OjwvYj4gZGltYW5jaGUg MTggZsOpdnJpZXIgMjAxOCAxNjozODxicj4NCjxiPlRvOjwvYj4gaWVzZ0BpZXRmLm9yZzsgc2Vj ZGlyQGlldGYub3JnOyBkcmFmdC1pZXRmLTZsby1yZmM2Nzc1LXVwZGF0ZS5hbGxAaWV0Zi5vcmc8 YnI+DQo8Yj5TdWJqZWN0OjwvYj4gU0VDRElSIFJldmlldyBvZiBkcmFmdC1pZXRmLTZsby1yZmM2 Nzc1LXVwZGF0ZS0xMTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQi PkhlbGxvLDxicj4NCjxicj4NCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQg b2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFs bCBJRVRGIGRvY3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuIFRoZXNlIGNvbW1l bnRzIHdlcmUgd3JpdHRlbiBwcmltYXJpbHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0 eSBhcmVhIGRpcmVjdG9ycy4gRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzDQogc2hvdWxk IHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1l bnRzLiA8YnI+DQo8YnI+DQpUaGUgc3VtbWFyeSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5IHdpdGgg Tml0cy48YnI+DQo8YnI+DQpJIHNraW1tZWQgdGhyb3VnaCB0aGUgZG9jdW1lbnQsIHdoaWNoIGFw cGVhcnMgdGhvcm91Z2ggYW5kIHdlbGwgbGFpZCBvdXQuPGJyPg0KPGJyPg0KVGhlIFNlY3VyaXR5 IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gaXMgYXBwcm9wcmlhdGUuIDxicj4NCjxicj4NCkJlbG93 IGFyZSBzb21lIG5pdHMgdGhhdCBJIGZvdW5kIGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9u cyBzZWN0aW9uOjxicj4NCjxicj4NCkN1cnJlbnQ6PGJyPg0KQmFja2JvbmUgUm91dGVyIGluIGEg d2F5IHRoYXQgcHJldmVudHMgdGVtcGVyaW5nIHdpdGggb3IgcmVwbGF5aW5nPGJyPg0KU3VnZ2Vz dGVkOjxicj4NCnMvdGVtcGVyaW5nL3RhbXBlcmluZy88YnI+DQo8YnI+DQpDdXJyZW50Ojxicj4N ClRoaXMgc3BlY2lmaWNhdGlvbiByZWNvbW1lbmRzIHRvIHVzaW5nIHByaXZhY3kgdGVjaG5pcXVl cyAoc2VlPGJyPg0KU3VnZ2VzdGVkOjxicj4NCnMvdG8gdXNpbmcvdGhlIHVzZSBvZi88YnI+DQo8 YnI+DQpTZWN0aW9uIEIuNSBpcyBhIHNlY3Rpb24gb24gUmVxdWlyZW1lbnRzIFJlbGF0ZWQgdG8g U2VjdXJpdHkuIFRoaXMgaXMgYW4gYXBwcm9wcmlhdGUgdGhyZWF0IG1vZGVsLjxicj4NCjxicj4N CkFsc28sIGp1c3QgYmVjYXVzZSBJJ20gYSBiaXQgbGF0ZSBpbiBkb2luZyB0aGlzLCBJIHJldmll d2VkIHRoZSBQcml2YWN5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24gb2YgdGhpcyBkb2N1bWVudC4g VGhpcyBpcyBhbHNvIHdlbGwgd3JpdHRlbiBhbmQgcHJvdmlkZXMgZ3VpZGFuY2UgdG8gaW1wbGVt ZW50ZXJzIGluIHRoZSB3YXkgb2YgcG9pbnRlcnMgdG8gb3RoZXIgUkZDcy48YnI+DQo8YnI+DQpS ZWdhcmRzLDxicj4NCkNocmlzPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRt bD4NCg== --_000_bd3ee6f5c7ed48c0ba5b86efd7bc0bf7XCHRCD001ciscocom_-- From nobody Mon Feb 19 11:29:14 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A573F1204DA; Mon, 19 Feb 2018 11:29:01 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Robert Sparks To: Cc: softwires@ietf.org, ietf@ietf.org, draft-ietf-softwire-map-mib.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151906854162.18694.12176468721174276678@ietfa.amsl.com> Date: Mon, 19 Feb 2018 11:29:01 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-softwire-map-mib-12 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 19:29:02 -0000 Reviewer: Robert Sparks Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready for publication as Standards Track RFC >From the technical summary in the shepherd's writeup: "Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a stateless tunnelling transition mechanism to provide the IPv4 connectivity over IPv6 access networks. This documents defines the corresponding Management Information Base (MIB) for using Internet-Standard Management Framework. This MIB module may be used for configuration and monitoring of MAP-E devices." The document has a detailed security considerations section. From nobody Mon Feb 19 12:22:53 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E1104124E15; Mon, 19 Feb 2018 12:22:40 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Christian Huitema To: Cc: lwip@ietf.org, ietf@ietf.org, draft-ietf-lwig-crypto-sensors.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151907176089.18767.4773052547289438438@ietfa.amsl.com> Date: Mon, 19 Feb 2018 12:22:40 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-lwig-crypto-sensors-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 20:22:41 -0000 Reviewer: Christian Huitema Review result: Ready I already reviewed the previous version of this draft. I like its practical approach of implementations and the cost of various algorithms, and I think that the data in the draft will be useful when discussing security approaches for small devices. I am happy to see the feedback on privacy issues was taken into account. The document now states clearly that "long-term static identities makes it easy to track the devices (and their owners) when they move... (or) across ownership changes." I have just one small nit. I like the recommendation "to generate new identities at appropriate times during their lifecycle. For example, after a factory reset or an ownership handover." I wish that it would be somehow listed as one of the bullets in section 9, "Summary". From nobody Mon Feb 19 13:02:56 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B28124E15; Mon, 19 Feb 2018 13:02:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.512 X-Spam-Level: X-Spam-Status: No, score=-14.512 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfyTvtP0Cy22; Mon, 19 Feb 2018 13:02:35 -0800 (PST) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80EC1200B9; Mon, 19 Feb 2018 13:02:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4928; q=dns/txt; s=iport; t=1519074155; x=1520283755; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=/yCfbAmTmkbCAKl83ZW8xBGkSK+deaNnrcZfYRHn+J0=; b=ZiiXr73ozCsdv9Z2Gboji8daUev0+e2ELp1nFzwfTWbxqVDI0K8AL8zh 4tOvJEuf5xQ51moGQxWJr9gncord3RjELof+E+fvqZNR9EqOb7WZKUy+S LbJ6/Ek1XexLGbYBJZmEyEw39tYPpwwCc4iDqwGXNIMbfXpKlnNp2YOHb w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DmAADTOota/5NdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNPZnAoCoNdiiWOBIMZh3+OSoIWCiWFFgIagkFUGAECAQEBAQE?= =?us-ascii?q?BAmsohSQGIxFFEAIBCBoCJgICAh8RFRACBAENBYoKAxUQtm2CJ4c6DYEyghMBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEYBYEPg3gEgiiBV4FoKYMFgmxEAoFbFoMXMYI?= =?us-ascii?q?0BZJSkS41CQKIIohbhQuCIJInixaCcEiJJAIRGQGBOwEfOYFRcBVkAYIYhHZ4j?= =?us-ascii?q?EqBGQEBAQ?= X-IronPort-AV: E=Sophos;i="5.46,536,1511827200"; d="scan'208";a="72968250" Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Feb 2018 21:02:34 +0000 Received: from xch-rcd-011.cisco.com (xch-rcd-011.cisco.com [173.37.102.21]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id w1JL2Yvl009232 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 19 Feb 2018 21:02:34 GMT Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-RCD-011.cisco.com (173.37.102.21) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 19 Feb 2018 15:02:26 -0600 Received: from xch-aln-015.cisco.com ([173.36.7.25]) by XCH-ALN-015.cisco.com ([173.36.7.25]) with mapi id 15.00.1320.000; Mon, 19 Feb 2018 15:02:26 -0600 From: "Clyde Wildes (cwildes)" To: Yaron Sheffer , "secdir@ietf.org" CC: "draft-ietf-netmod-syslog-model.all@ietf.org" , "ietf@ietf.org" , "netmod@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-netmod-syslog-model-21 Thread-Index: AQHTqMUZsEq/edddJ0uDZKwhfsdUyqOsnO2A Date: Mon, 19 Feb 2018 21:02:26 +0000 Message-ID: <6E582464-6EDB-4D55-9E8B-BEC68929DF9A@cisco.com> References: <151896425742.27914.9664814474838013064@ietfa.amsl.com> In-Reply-To: <151896425742.27914.9664814474838013064@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.154.131.4] Content-Type: text/plain; charset="utf-8" Content-ID: <2C52E5A62AB9A447BD783A3B7E4DA356@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-netmod-syslog-model-21 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 21:02:37 -0000 WWFyb24sDQoNClRoYW5rcyBmb3IgeW91ciByZXZpZXcuIE15IGFuc3dlcnMgYXJlIGlubGluZSBh cyBbY2x3MV0uDQoNCk9uIDIvMTgvMTgsIDY6MzEgQU0sICJZYXJvbiBTaGVmZmVyIiA8eWFyb25m LmlldGZAZ21haWwuY29tPiB3cm90ZToNCg0KICAgIFJldmlld2VyOiBZYXJvbiBTaGVmZmVyDQog ICAgUmV2aWV3IHJlc3VsdDogSGFzIElzc3Vlcw0KICAgIA0KICAgIEdlbmVyYWwgQ29tbWVudHMN CiAgICANCiAgICAqIFRoZSBzZW1hbnRpY3Mgb2YgcGF0dGVybiBtYXRjaGluZyBpcyBub3QgY2xl YXI6ICJhbmQvb3IgdGhlIG1lc3NhZ2UgdGV4dCIgLQ0KICAgIGFyZSB0aGVyZSBjYXNlcyB3aGVy ZSB5b3Ugb25seSBtYXRjaCB0aGUgdGV4dCBidXQgbm90IHRoZSBmYWNpbGl0eS9zZXZlcml0eT8g Kg0KICAgIA0KW2NsdzFdIFllcy4gVGhlcmUgYXJlIHRocmVlIGNhc2VzOiAxLiBNYXRjaCBvbiBm YWNpbGl0eS9zZXZlcml0eTsgMi4gTWF0Y2ggb24gdGhlIHJlZ2V4IHBhdHRlcm47IDMuIE1hdGNo IG9uIGJvdGggZmFjaWxpdHkvc2V2ZXJpdHkgYW5kIHRoZSByZWdleCBwYXR0ZXJuLg0KDQogICAg SXQncyB2ZXJ5IGNvbmZ1c2luZyB0byBzcGVjaWZ5IHJvbGxvdmVyIGluIG1pbnV0ZXMsIGJ1dCBy ZXRlbnRpb24gaW4gaG91cnMuDQogICAgUGVvcGxlIGFyZSBib3VuZCB0byBnZXQgdGhpcyBvbmUg d3JvbmcuDQoNCltjbHcxXSBJIHdpbGwgY2hhbmdlIHRoZSByZXRlbnRpb24gdG8gbWludXRlcyB1 bmxlc3Mgb3RoZXJzIG9iamVjdC4NCg0KICAgICogSW50ZXJmYWNlIHNlbGVjdGlvbjogdGhlIGZl YXR1cmUNCiAgICBtYWtlcyBzZW5zZSwgYnV0IEkgdGhpbmsgdGhlIGRlc2NyaXB0aW9uIGlzIGlu Y29ycmVjdC4gIlRoaXMgbGVhZiBzZXRzIHRoZQ0KICAgIHNvdXJjZSBpbnRlcmZhY2UgdG8gYmUg dXNlZCB0byBzZW5kIG1lc3NhZ2VzIHRvIHRoZSByZW1vdGUgc3lzbG9nIHNlcnZlci4gSWYNCiAg ICBub3Qgc2V0LCBtZXNzYWdlcyBzZW50IHRvIGEgcmVtb3RlIHN5c2xvZyBzZXJ2ZXIgd2lsbCBj b250YWluIHRoZSBJUCBhZGRyZXNzIG9mDQogICAgdGhlIGludGVyZmFjZSB0aGUgc3lzbG9nIG1l c3NhZ2UgdXNlcyB0byBleGl0IHRoZSBuZXR3b3JrIGVsZW1lbnQiLiBBRkFJSyB0aGUNCiAgICBz b3VyY2UgSVAgd2lsbCBhbHdheXMgY29ycmVzcG9uZCB0byB0aGUgaW50ZXJmYWNlLCBidXQgdGhp cyBmZWF0dXJlIGFsbG93cyB5b3UNCiAgICB0byBzZWxlY3QgYSBwYXJ0aWN1bGFyIG9uZS4NCg0K W2NsdzFdIFlvdSBhcmUgY29ycmVjdC4gSSB3aWxsIG1vZGlmeSB0aGUgZGVzY3JpcHRpb24gdG8g bWFrZSB0aGlzIGNsZWFyZXIuIEhvdyBhYm91dDoNCg0KIlRoaXMgbGVhZiBzZXRzIHRoZSBzb3Vy Y2UgaW50ZXJmYWNlIHRvIGJlIHVzZWQgdG8gc2VuZCBtZXNzYWdlcyB0byB0aGUgcmVtb3RlIHN5 c2xvZyBzZXJ2ZXIuIElmDQpub3Qgc2V0LCBtZXNzYWdlcyBjYW4gYmUgc2VudCBvbiBhbnkgaW50 ZXJmYWNlLiINCg0KICAgICogVXNhZ2UgZXhhbXBsZXM6IHRoZSBzZWNvbmQgZXhhbXBsZSBsaXN0 cyBhDQogICAgc3BlY2lmaWMgSVB2NiBhZGRyZXNzLCBidXQgdGhlIFlhbmcgc25pcHBldCBzaG93 cyBhIGRvbWFpbiBuYW1lLiANCg0KW2NsdzFdIFRoYW5rcyBmb3IgY2F0Y2hpbmcgdGhpcyBlcnJv ci4gSSB3aWxsIGZpeCB0aGlzIGluIHRoZSBuZXh0IHJldmlzaW9uLg0KDQogICAgKiBBIGdlbmVy aWMNCiAgICBxdWVzdGlvbiAoSSBhbSBuZXcgdG8gdGhlIFlhbmcgZWNvc3lzdGVtKTogSSB1bmRl cnN0YW5kIG1vc3QgaW1wbGVtZW50ZXJzIHdpbGwNCiAgICB1c2UgdGhpcyBtb2R1bGUgZnJvbQ0K ICAgIGh0dHBzOi8vZ2l0aHViLmNvbS9ZYW5nTW9kZWxzL3lhbmcvYmxvYi9tYXN0ZXIvc3RhbmRh cmQvaWV0Zi9EUkFGVC9pZXRmLXN5c2xvZy55YW5nDQogICAgLSBpcyB0aGlzIHRoZSBleHBlY3Rh dGlvbj8gSWYgc28sIHdoeSBub3QgYWRkIGEgbGluayBmcm9tIHRoZSBSRkMgaW50byB0aGUNCiAg ICByZXBvLCB0byBtYWtlIGl0IGVhc2llciBmb3IgcGVvcGxlIHRvIGZpbmQ/DQoNCltjbHcxXSBJ dCBpcyBzdGFuZGFyZCBwcmFjdGljZSB0byBpbmNsdWRlIHRoZSBtb2RlbCBpbiB0aGUgUkZDIEFG QUlLLiBJIGhhdmUgbm90IHNlZW4gZ2l0aHViIGxpbmtzIHB1Ymxpc2hlZCBpbiBhbnkgb3RoZXIg UkZDcy4NCiAgICANCiAgICBTZWN1cml0eSBDb21tZW50cw0KICAgIA0KICAgICogSSB0aGluayBh bG1vc3QgYWxsIHdyaXRhYmxlIGRhdGEgbm9kZXMgaGVyZSBhcmUgc2Vuc2l0aXZlLCBiZWNhdXNl IGEgbmV0d29yaw0KICAgIGF0dGFja2VyJ3MgZmlyc3QgbW92ZSBpcyB0byBibG9jayBhbnkgbG9n Z2luZyBvbiB0aGUgaG9zdCwgYW5kIG1hbnkgb2YgdGhlIGRhdGENCiAgICBub2RlcyBoZXJlIGNh biBiZSB1c2VkIGZvciB0aGlzIHB1cnBvc2UuDQoNCltjbHcxXSBJIHdpbGwgcmV3b3JkIHRoZSBz ZWN1cml0eSBzZWN0aW9uIHRvIGluY2x1ZGUgYWxsIHdyaXRlYWJsZSBub2RlcyBhcyBzZW5zaXRp dmUuDQoNCiAgICAqIFJlOiByZWFkYWJsZSBkYXRhIG5vZGVzLCBJJ20gbm90DQogICAgc3VyZSB3 aGljaCBhcmUgc2Vuc2l0aXZlLCBhbmQgdGhlIGRvY3VtZW50IHNob3VsZCBnaXZlIGFuIGV4YW1w bGUgb3IgdHdvIHJhdGhlcg0KICAgIHRoYW4ganVzdCBzYXkgInNvbWUiLiBPdGhlcndpc2UgdGhl IHNlY3VyaXR5IGFkdmljZSBpcyBub3QgYWN0aW9uYWJsZS4gT25lDQogICAgZXhhbXBsZTogInJl bW90ZSIgc2VjdGlvbnMgbGVhayBpbmZvcm1hdGlvbiBhYm91dCBvdGhlciBob3N0cyBpbiB0aGUg bmV0d29yay4NCg0KW2NsdzFdIFRoaXMgdGV4dCB3YXMgbGlmdGVkIGZyb20gYW5vdGhlciBtb2Rl bC4gSSB3aWxsIHJldmlldyB0aGUgcmVhZGFibGUgbm9kZXMgYW5kIHVwZGF0ZS4NCg0KICAgICog V3JpdGUgb3BlcmF0aW9ucy4uLiBjYW4gaGF2ZSBhIG5lZ2F0aXZlIGVmZmVjdCBvbiBuZXR3b3Jr IG9wZXJhdGlvbnMuIC0gSSB3b3VsZA0KICAgIGFkZCAiYW5kIG9uIG5ldHdvcmsgc2VjdXJpdHki LCBiZWNhdXNlIGxvZ3MgYXJlIG9mdGVuIHVzZWQgdG8gZGV0ZWN0IHNlY3VyaXR5DQogICAgYnJl YWNoZXMuIA0KDQpbY2x3MV0gSSB3aWxsIGFkZCB0aGlzIHBocmFzZS4NCg0KICAgICogQWxzbyBh ZGQgYW4gYWR2aWNlLCBzaW1pbGFyIHRvIHRoZSBvbmUgb24gInBhdHRlcm4gbWF0Y2giLCB0aGF0 IHRoZQ0KICAgIHByaXZhdGUga2V5IHVzZWQgZm9yIHNpZ25pbmcgbG9nIG1lc3NhZ2VzIE1VU1Qg Tk9UIGJlIHVzZWQgZm9yIGFueSBvdGhlcg0KICAgIHB1cnBvc2UsIGFuZCB0aGF0IHRoZSBpbXBs ZW1lbnRhdGlvbiBvZiB0aGlzIGRhdGEgbm9kZSBtdXN0IGVuc3VyZSB0aGlzDQogICAgcHJvcGVy dHkgKEknbSBub3Qgc3VyZSBob3cpLiBUaGUgcmF0aW9uYWxlOiBpZiB0aGUgVExTIHByaXZhdGUg a2V5IGlzIHVzZWQsIGZvcg0KICAgIGV4YW1wbGUsIHRoaXMgY291bGQgcmVzdWx0IGluIGEgc2ln bmluZyBvcmFjbGUgZm9yIFRMUyBhbmQgZXZlbnR1YWxseSBhIE1JVE0NCiAgICBhdHRhY2suDQoN CltjbHcxXSBJIHdpbGwgYWRkIHRoaXMgYWR2aWNlLg0KDQpUaGFua3MsDQoNCkNseWRlICAgIA0K ICAgIA0KDQo= From nobody Mon Feb 19 18:18:09 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81BA0126BF3; Mon, 19 Feb 2018 18:17:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.407 X-Spam-Level: X-Spam-Status: No, score=-0.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q75Yrt6w6uDl; Mon, 19 Feb 2018 18:17:57 -0800 (PST) Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B34B1243FE; Mon, 19 Feb 2018 18:17:57 -0800 (PST) Received: by mail-pg0-x233.google.com with SMTP id y8so6563182pgr.9; Mon, 19 Feb 2018 18:17:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=T0uJ5I3ZkxWILYpcGW636VG16zpNV2elAKzNIASHxHo=; b=UbW6ZQcBhO1tiGsAnJ4Hy32mmivMHHrkfsKNEQo1kLVBuwm7ariaYd9lBeFQoUWYsi AxNt1mZigF1sz86KjwUwnGkZx7tqAGllKWh1/ro4/6AxnCKbK62SBAwmi4LqX6Wt0xRU 5YqljwBIXFobnOXuRrwGCx7vTRJRKy6uhkTqU5DY++zjTN57UcGmMz8PUAEs12QiN7FV z92R8GuChfPnlKVr50+EyFF84cv6YyiZ9i1LZNyCIH9TtbiMA9FF94PbHQaENbs9IVB2 yDcINuItDXXnb5AAo+tu6/GGurimsugpezdQbkZbx1ZD5MYYoRW1EBAEEXZCX4PTwVD0 eedA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=T0uJ5I3ZkxWILYpcGW636VG16zpNV2elAKzNIASHxHo=; b=efs/3nPa1xHGViEEKuonubYObxZlt5/6j16ExjNNQyScLQ7Q34Usk13lH2pNrgvQru McYLcv5gwy6SN2+XMNzasU31X7u35STYs6HYRbyIiuBGQov6rOkiKd9BiKIR3f7LQvwn Z9xVbRqvijy+1XZ9N3i1UiZa+irtjrUy1AlFRofffZ8rElRPMgK6rEpYpN8VS/Pz4p7E 5LJI06AmpPCbpS5VGuS7ZPVaTfna1v4vTX8jFgg9PGgsC94GcJszCz2fsgvklsxNtap2 udc6oRALtQZ0rONiDjrSMXlhj60HPdUoBp8tbpESV26DGw/9KCVf/Htac8N72u7i5h8K ulbw== X-Gm-Message-State: APf1xPAAHYPQwpWnVT2tNVhAMYarUMiRLcckOyxqvaMKYtW70IeOzU6z /JGqR+N65j77McFbCoDwgpWubkxZ X-Google-Smtp-Source: AH8x226ZwRLfSJNDj/b49Wz2K4LvjpdEoYbNF3BFqI+W/0ipK5YIdC9VFvmNbRfjpjrrnfZ1oTNgxw== X-Received: by 10.98.103.136 with SMTP id t8mr11504724pfj.177.1519093076571; Mon, 19 Feb 2018 18:17:56 -0800 (PST) Received: from [10.255.69.75] (c-67-180-23-75.hsd1.ca.comcast.net. [67.180.23.75]) by smtp.gmail.com with ESMTPSA id n17sm17354564pfj.67.2018.02.19.18.17.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Feb 2018 18:17:55 -0800 (PST) To: "Clyde Wildes (cwildes)" , "secdir@ietf.org" Cc: "draft-ietf-netmod-syslog-model.all@ietf.org" , "ietf@ietf.org" , "netmod@ietf.org" References: <151896425742.27914.9664814474838013064@ietfa.amsl.com> <6E582464-6EDB-4D55-9E8B-BEC68929DF9A@cisco.com> From: Yaron Sheffer Message-ID: <4694018c-0be5-e78c-38ed-8745da01d019@gmail.com> Date: Mon, 19 Feb 2018 14:55:56 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <6E582464-6EDB-4D55-9E8B-BEC68929DF9A@cisco.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-netmod-syslog-model-21 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 02:17:58 -0000 Hi Clyde, Thank you for responding to my comments. I am OK with all of your responses. Best, Yaron On 19/02/18 13:02, Clyde Wildes (cwildes) wrote: > Yaron, > > Thanks for your review. My answers are inline as [clw1]. > > On 2/18/18, 6:31 AM, "Yaron Sheffer" wrote: > > Reviewer: Yaron Sheffer > Review result: Has Issues > > General Comments > > * The semantics of pattern matching is not clear: "and/or the message text" - > are there cases where you only match the text but not the facility/severity? * > > [clw1] Yes. There are three cases: 1. Match on facility/severity; 2. Match on the regex pattern; 3. Match on both facility/severity and the regex pattern. > > It's very confusing to specify rollover in minutes, but retention in hours. > People are bound to get this one wrong. > > [clw1] I will change the retention to minutes unless others object. > > * Interface selection: the feature > makes sense, but I think the description is incorrect. "This leaf sets the > source interface to be used to send messages to the remote syslog server. If > not set, messages sent to a remote syslog server will contain the IP address of > the interface the syslog message uses to exit the network element". AFAIK the > source IP will always correspond to the interface, but this feature allows you > to select a particular one. > > [clw1] You are correct. I will modify the description to make this clearer. How about: > > "This leaf sets the source interface to be used to send messages to the remote syslog server. If > not set, messages can be sent on any interface." > > * Usage examples: the second example lists a > specific IPv6 address, but the Yang snippet shows a domain name. > > [clw1] Thanks for catching this error. I will fix this in the next revision. > > * A generic > question (I am new to the Yang ecosystem): I understand most implementers will > use this module from > https://github.com/YangModels/yang/blob/master/standard/ietf/DRAFT/ietf-syslog.yang > - is this the expectation? If so, why not add a link from the RFC into the > repo, to make it easier for people to find? > > [clw1] It is standard practice to include the model in the RFC AFAIK. I have not seen github links published in any other RFCs. > > Security Comments > > * I think almost all writable data nodes here are sensitive, because a network > attacker's first move is to block any logging on the host, and many of the data > nodes here can be used for this purpose. > > [clw1] I will reword the security section to include all writeable nodes as sensitive. > > * Re: readable data nodes, I'm not > sure which are sensitive, and the document should give an example or two rather > than just say "some". Otherwise the security advice is not actionable. One > example: "remote" sections leak information about other hosts in the network. > > [clw1] This text was lifted from another model. I will review the readable nodes and update. > > * Write operations... can have a negative effect on network operations. - I would > add "and on network security", because logs are often used to detect security > breaches. > > [clw1] I will add this phrase. > > * Also add an advice, similar to the one on "pattern match", that the > private key used for signing log messages MUST NOT be used for any other > purpose, and that the implementation of this data node must ensure this > property (I'm not sure how). The rationale: if the TLS private key is used, for > example, this could result in a signing oracle for TLS and eventually a MITM > attack. > > [clw1] I will add this advice. > > Thanks, > > Clyde > > From nobody Tue Feb 20 07:00:34 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 54D3912D873; Tue, 20 Feb 2018 07:00:32 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Daniel Migault To: Cc: ietf@ietf.org, draft-ietf-sidr-slurm.all@ietf.org, sidr@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151913883228.4660.15594261925083651299@ietfa.amsl.com> Date: Tue, 20 Feb 2018 07:00:32 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-sidr-slurm-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 15:00:32 -0000 Reviewer: Daniel Migault Review result: Has Nits Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits: • section 1: Introduction However, an RPKI relying party may want to override some of the information expressed via putative TAs and the certificates It seems that TA is being used for the first time here. The acronym should be extended to ease the reading of the document. I am reading it as Trust Anchor. • section 2. RPKI RPs with SLURM SLURM provides a simple way to enable RPs to establish a local, It seems to me the acronym RP is used for the first time. It seems that it should be expanded to ease the reading of the document. I am reading it as Relaying Party. • section 6 Security considerations I My reading is that the section catches the criticality of the SLURM files and that network operators are already familiar provisioning critical data. As such I believe the section is sufficiently clear. • whole document: It seems that BGPSec, and BGPsec are used together. I believe this should be harmonized to BGPsec. Yours, Daniel From nobody Tue Feb 20 09:27:53 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 939E1124F57; Tue, 20 Feb 2018 09:27:51 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Rifaat Shekh-Yusef To: Cc: draft-ietf-teas-rsvp-egress-protection.all@ietf.org, ietf@ietf.org, teas@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151914767152.4003.2724168782038044771@ietfa.amsl.com> Date: Tue, 20 Feb 2018 09:27:51 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-teas-rsvp-egress-protection-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 17:27:51 -0000 Reviewer: Rifaat Shekh-Yusef Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. "A backup egress MUST be configured on the ingress of an LSP to protect a primary egress of the LSP if and only if the backup egress is not indicated in another place." Can you define "another place"? Is it the "primary egress"? others? "To protect a primary egress of an LSP, a backup egress MUST be configured on the primary egress of the LSP to protect the primary egress if and only if the backup egress is not indicated in another place." Can you define "another place"? Is it the "ingress"? others? "Note that protecting a primary egress of a P2P LSP carrying service traffic through a backup egress requires that the backup egress trust the primary egress for the information received for a service label as UA label." Can you elaborate on this statement? How would the backup egress trust the primary egress? Regards, Rifaat From nobody Wed Feb 21 15:56:27 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CECD01200E5 for ; Wed, 21 Feb 2018 15:56:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFukJbieHJ0a for ; Wed, 21 Feb 2018 15:56:17 -0800 (PST) Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C68120724 for ; Wed, 21 Feb 2018 15:56:17 -0800 (PST) Received: by mail-pf0-x22f.google.com with SMTP id a17so1351114pff.8 for ; Wed, 21 Feb 2018 15:56:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=c8F6KZpOe0zxESool/xSpnqku28ADNVuM6Ky1o6d3Cg=; b=ZYy/WWeJx6isZ3YKY3hxLszvidIEskj0VhAYUorEwiNzYZmxjaFZDvhLUjYRWQ53Nb Xbm86pg97B5mq/PnxIvt+xuiT/4FhpbfenPLhxSQ3QP2Qb1ArUixLi4KQ7Um0oqFZdD0 nwg0xmvE9YZ4948apLHteYwskEFbCWG7ip/pM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=c8F6KZpOe0zxESool/xSpnqku28ADNVuM6Ky1o6d3Cg=; b=i2LLgD1c/saQmP7TmwNf7+WCTzw9j7PnCBbWKKTKo09ENljxoTLTIHhlu0MADjKBci c0skiWTypjZXHQ+Fe9z7K0FmVU0EIF0zItYfwCQQg0g4HxmJt09E33/A7p634VYH6Jlk o0j5VfLO5dS4OA9xX6HOiLqYqgKAgzqQ1T4u2NWQ32NGy3DJdQrnBcm3m6bKpNy+KytS 8U4s/J8sQsiADjonKTfxIiyL3VlmF2sLCRMjOJIlFNislLjdaEl/VU90+ppVvPtzS4qO Yt7jAuaibRK9nM1J+Os5U3qQpRzYBh/TWo1nSnz/I7FiI79JxzEnnj+vha5SY2I7hk09 1+Yw== X-Gm-Message-State: APf1xPCcRzk8uSM8Lk8FHUttUtFeQSYYS7OHqgg0zQ3OK9pKB0XWXQNm BPqRrP+mMTYIE1ui5VVi3UqV5w== X-Google-Smtp-Source: AH8x225SA55+iVdF28Rdj8QMwsarU/KUq1orgeFhUXSSLNdQnl+JMzezD5dJME0z/z7ne24tMKEuqw== X-Received: by 10.99.121.5 with SMTP id u5mr4045135pgc.444.1519257376578; Wed, 21 Feb 2018 15:56:16 -0800 (PST) Received: from dragon.local ([2620:101:80f4:224:38da:32b0:3821:d1f4]) by smtp.gmail.com with ESMTPSA id e13sm59180229pgt.82.2018.02.21.15.56.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2018 15:56:15 -0800 (PST) To: David Mandelberg , iesg@ietf.org, secdir@ietf.org, draft-ietf-ice-trickle.all@ietf.org References: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> From: Peter Saint-Andre Message-ID: <28d45621-7f57-5f76-d85e-ab220fe4061d@mozilla.com> Date: Wed, 21 Feb 2018 15:56:13 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OWl4WYXM6Qonqz7RIibVv6VedmUiDvOJe" Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-ice-trickle-16 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 23:56:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OWl4WYXM6Qonqz7RIibVv6VedmUiDvOJe Content-Type: multipart/mixed; boundary="AH1IwxNXXJflrNwGEc8dPhalpfNy7bSxb"; protected-headers="v1" From: Peter Saint-Andre To: David Mandelberg , iesg@ietf.org, secdir@ietf.org, draft-ietf-ice-trickle.all@ietf.org Message-ID: <28d45621-7f57-5f76-d85e-ab220fe4061d@mozilla.com> Subject: Re: secdir review of draft-ietf-ice-trickle-16 References: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> In-Reply-To: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> --AH1IwxNXXJflrNwGEc8dPhalpfNy7bSxb Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/21/18 2:09 PM, David Mandelberg wrote: > Hi, Hi David, thanks for the review. > The summary of the review is: ready with nits. >=20 > (nit) Section 2: What is a "ufrag pair"? Is it short for username > fragment pair? I might have just missed it, but I don't see a definitio= n > in the referenced terminology. Perhaps it's a term of art, but in draft-ietf-ice-rfc5245bis it's called the "Username Fragment and Password" so I suggest we use that. > (nit) Section 15: If I understand correctly, the signaling protocol als= o > needs to guarantee that the end-of-candidates indication is not > re-ordered with respect to any trickled candidates. Is that correct? Is= > it worth adding to the requirements? Good catch - in-order delivery applies here as well. OLD o A signaling protocol MUST deliver each trickled candidate not more than once and in the same order it was conveyed (see Section 8). NEW o A signaling protocol MUST deliver each trickled candidate or end-of-candidates indication not more than once and in the same order it was conveyed (see Section 8). We might want to also modify the text in Section 8, as follows: OLD When candidates are trickled, the signaling protocol MUST deliver each candidate to the receiving Trickle ICE implementation not more than once and in the same order it was conveyed. If the signaling protocol provides any candidate retransmissions, they need to be hidden from the ICE implementation. NEW When candidates are trickled, the signaling protocol MUST deliver each candidate (and any end-of-candidates indication as described in Section 8.2) to the receiving Trickle ICE implementation not more than once and in the same order it was conveyed. If the signaling protocol provides any candidate retransmissions, they need to be hidden from the ICE implementation. Peter --AH1IwxNXXJflrNwGEc8dPhalpfNy7bSxb-- --OWl4WYXM6Qonqz7RIibVv6VedmUiDvOJe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENVUj07j078lgnb70ZWGMGH9oFKkFAlqOBx4ACgkQZWGMGH9o FKm6VA/+LUyPdemGx2acTMZW7CAtNzSZWkQt/WvseoOs28Op5aOh96VUcJ7hf8WA Q4Vls9wN0GZBU6Npp/sgrp594uDmehbKFZsoenzoxWaF/OMvKn8kf3X5UGumTUpy 8FotryMXQRN/cIUK1dBsd9NzSS8RrFbPIaiIMtl20v3ZLcVRzqEg957uvFgEeKix 5A1U3DlKryn7RGIwEHPd6lDdNAgsRrWQogDfbkmP2DnGxhAP4o7kFbu2nQgVPOPI NpaSs7x9tZpsPasV8jgb3ACKseWcJbDDfEQPSPpjYKkw5SAH6OzQwGEs5Ajdq/mr pl/Ljdif6nm0q2hjW1h/l8iLzGqHmuKwm+cBUXoQ5ctszHoeVFTVxKLGcg0GQmCZ uzMHUtohRywdKtO0quEkhlBLh3suMc5a5S73DM75P01wc6qBBxiWuSwW3Tg0jS8m smSBJJvM26UpRBpe0EufVsLkJ7Y3xROJP1GiqZ/La/e7fZuJdAdGjYDO4/yYKgBy pAauwB+Gd3EGrTFe2k5tOjb1HIQJ98FC1USYrsqlV4u1THYH8Z8veGAitC1B0l9j O0Dk8Ioz7W3EyNeoQ9OZ8gLToZNHgd1fyTJBbPX2k0dGze+GZYsiYhKdicGtCnTE 1v+BBwffPud8fn+D5/pk9AxQGHQtMzve9Ao/Tc7jUfY4V8uxB2g= =vmvq -----END PGP SIGNATURE----- --OWl4WYXM6Qonqz7RIibVv6VedmUiDvOJe-- From nobody Thu Feb 22 10:01:42 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A7677126DEE for ; Thu, 22 Feb 2018 10:01:40 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Tero Kivinen To: X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Reply-to: secdir-secretary@mit.edu Message-ID: <151932250067.8196.17532999470627968921.idtracker@ietfa.amsl.com> Date: Thu, 22 Feb 2018 10:01:40 -0800 Archived-At: Subject: [secdir] Assignments X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 18:01:41 -0000 Review instructions and related resources are at: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview For telechat 2018-02-22 Reviewer LC end Draft Tobias Gondrom 2018-02-21 draft-ietf-sacm-nea-swima-patnc-02 Leif Johansson 2018-02-20 draft-ietf-nvo3-hpvr2nve-cp-req-15 Adam Montville R2018-02-22 draft-ietf-bier-ospf-bier-extensions-14 Russ Mundy 2018-02-22 draft-ietf-bier-isis-extensions-07 Sandra Murphy 2018-02-19 draft-ietf-lime-yang-connection-oriented-oam-model-06 For telechat 2018-03-08 Reviewer LC end Draft Derek Atkins 2018-03-06 draft-ietf-trill-transport-over-mpls-07 Derek Atkins 2018-02-22 draft-ietf-bier-mvpn-10 John Bradley 2018-03-06 draft-ietf-trill-smart-endnodes-08 Shaun Cooley 2018-03-06 draft-ietf-trill-over-ip-14 Roman Danyliw 2018-03-06 draft-ietf-trill-multilevel-unique-nickname-05 Alan DeKok 2018-03-06 draft-ietf-tls-record-limit-02 Stephen Farrell 2018-03-07 draft-ietf-netmod-rfc6087bis-18 Daniel Gillmor 2018-03-08 draft-ietf-l2sm-l2vpn-service-model-08 Magnus Nystrom 2018-03-06 draft-ietf-trill-multi-topology-05 Hilarie Orman 2018-03-06 draft-ietf-trill-directory-assisted-encap-09 Tim Polk 2018-03-02 draft-ietf-core-object-security-08 Kyle Rose 2018-03-06 draft-ietf-ace-cbor-web-token-12 Joseph Salowey 2018-03-01 draft-ietf-teas-rsvp-ingress-protection-13 Melinda Shore 2018-02-27 draft-ietf-lisp-signal-free-multicast-07 Paul Wouters 2018-02-23 draft-ietf-i2rs-rib-info-model-14 Dacheng Zhang 2018-03-06 draft-ietf-trill-vendor-channel-00 For telechat 2018-04-05 Reviewer LC end Draft Donald Eastlake 2018-03-06 draft-ietf-teas-scheduled-resources-06 Shawn Emery 2018-03-06 draft-ietf-pce-lsp-setup-type-08 Daniel Gillmor 2018-03-05 draft-gutmann-scep-09 Watson Ladd 2018-03-02 draft-ietf-rmcat-sbd-10 Ben Laurie None draft-ietf-6tisch-6top-protocol-09 David Mandelberg 2018-02-22 draft-ietf-ice-trickle-16 Matthew Miller 2018-02-20 draft-ietf-tram-stunbis-15 Vincent Roca None draft-ietf-core-cocoa-03 Stefan Santesson 2018-03-01 draft-ietf-tls-iana-registry-updates-04 Klaas Wierenga 2018-02-23 draft-ietf-nfsv4-layout-types-09 Last calls: Reviewer LC end Draft John Bradley None draft-ietf-acme-acme-09 Daniel Franke 2018-03-06 draft-ietf-mmusic-rid-13 Leif Johansson R2018-02-26 draft-ietf-homenet-babel-profile-05 Russ Mundy 2017-09-14 draft-spinosa-urn-lex-12 Tina Tsou 2018-02-26 draft-ietf-softwire-dslite-yang-14 Sean Turner 2018-02-26 draft-ietf-hip-rfc4423-bis-18 Carl Wallace 2018-02-26 draft-ietf-hip-native-nat-traversal-27 David Waltermire 2018-02-26 draft-ietf-hip-dex-06 Brian Weis 2018-02-23 draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 Taylor Yu 2018-03-16 draft-housley-suite-b-to-historic-04 Early review requests: Reviewer Due Draft Daniel Franke 2018-01-31 draft-ietf-intarea-provisioning-domains-00 Ólafur Guðmundsson 2018-01-09 draft-ietf-opsawg-nat-yang-09 Liang Xia 2018-02-25 draft-ietf-anima-autonomic-control-plane-13 Next in the reviewer rotation: Tobias Gondrom Ólafur Guðmundsson Phillip Hallam-Baker Steve Hanna Dan Harkins Paul Hoffman Russ Housley Christian Huitema Leif Johansson Benjamin Kaduk From nobody Thu Feb 22 10:09:01 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E3B12D889; Thu, 22 Feb 2018 10:08:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eJ60iBz_3-40; Thu, 22 Feb 2018 10:08:58 -0800 (PST) Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3345512D883; Thu, 22 Feb 2018 10:08:57 -0800 (PST) Received: by mail-qk0-x234.google.com with SMTP id s188so7592202qkb.2; Thu, 22 Feb 2018 10:08:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=utEMXbdM/4TC+Yl3Ixj+VGUsJvz5LgYYnKE8OyQF4+Q=; b=tziic+Pr2YoN2DHUgCUR3ybnQOi5V98YtBmaCdF1aii6ytETXg5i3rcikEbo75zoal 93gcRGkfpyOrkLjhkFf9HUdZINao0jwXz32QiBSWYmCYqD0c97HBe+TgFJlu6JI33aWr /KuT1oL2o9YNwW5Ele63K6i100sO+5IX9nvQwechNCbm8ecGY/1QFkU+I83SoNpKtKsH P4GLX5E5lRHUc530zNU5eogXwZ3RhfnJV1T4lkpwveZB0epefukgP6oB/vqHG9WJ9JWf 9pmQ9ukMo9/yVaLCfjfsz3F2kWThHzQ4ZFbgeL8UaELe/u6/xz2BKXLCiunUSifxbVLQ LTTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=utEMXbdM/4TC+Yl3Ixj+VGUsJvz5LgYYnKE8OyQF4+Q=; b=f44i6z9YKvAsocCeheveAHJ+onGACR8gHZ8XahWIKF8V/3zdB3EnBZvB7C59bHGh8Q x1tWXYq4L9lIJxBJqmkjTXzvDss3VlEbMVm+N6Q0TR1M2l+hoHQZFNyQZS+MWs0ThLqx HCFXc1MCgwtgyqAkT2maHwR3iKEn2t+m8roOtZBrRcKKWvlIQCn+qFAhkti2jChchZZt AjhTpprtcQIXvOyGfpehvw3ukO8hMmfDH3aUYvpMo7Tc2QMqoeM9KGDUIb32rRssy/lf aP3bDWEm2bIUeY5kWwGpysWXHtvxtu37kxt6LQalsCrGUrvqs5VXeEEMxzLHxGA3WADv FNHg== X-Gm-Message-State: APf1xPBlj76WZy49CaAwrJac4pWuC1bizTBW3G2Kr51a+C9xsGjx+gyb s0uRm4e4bTvZoFbmgCTCr0E5D2b3tZQ4GTusH2AXGvnX X-Google-Smtp-Source: AG47ELvDmhkGsxGiuWVouYm14FGGLtH77MsKkq1l1pUbVQMIujktrpuWOZ6D31sZXeOaTrbetFS7Y3riIeSD+stPZn0= X-Received: by 10.55.154.207 with SMTP id c198mr12245653qke.313.1519322936869; Thu, 22 Feb 2018 10:08:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.137.180 with HTTP; Thu, 22 Feb 2018 10:08:47 -0800 (PST) From: Watson Ladd Date: Thu, 22 Feb 2018 10:08:47 -0800 Message-ID: To: "" , secdir@ietf.org, draft-ietf-rmcat-sbd-10.all@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [secdir] Secdir review of draft-ietf-rmcat-sbd-10 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 18:09:00 -0000 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is READY. I am unqualified to weigh in on the heavy networking aspects of this draft, but I nevertheless found it approachable and understandable. My one minor editorial comment is that the section with parameters describes the effects, but never describes what the parameters are. Sincerely, Watson From nobody Thu Feb 22 11:16:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1892124B18; Thu, 22 Feb 2018 11:16:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0hO0F2ABZ5TF; Thu, 22 Feb 2018 11:16:43 -0800 (PST) Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9CC0120724; Thu, 22 Feb 2018 11:16:42 -0800 (PST) Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 5B49828B003B; Thu, 22 Feb 2018 14:16:41 -0500 (EST) Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 3F2901F804E; Thu, 22 Feb 2018 14:16:41 -0500 (EST) From: Sandra Murphy Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <6324F19D-53CD-447B-A9C8-857532C223F4@tislabs.com> Date: Thu, 22 Feb 2018 14:16:38 -0500 Cc: Sandra Murphy , draft-ietf-lime-yang-connection-oriented-oam-model.all@ietf.org To: IETF Security Directorate X-Mailer: Apple Mail (2.3273) Archived-At: Subject: [secdir] review of draft-ietf-lime-yang-connection-oriented-oam-model-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 19:16:45 -0000 I have reviewed this document as part of the security directorate's=20 ongoing effort to review all IETF documents being processed by the=20 IESG. These comments were written primarily for the benefit of the=20 security area directors. Document editors and WG chairs should treat=20 these comments just like any other last call comments. Summary: This draft presents a generic connection oriented yang model. I am a novice on YANG models. I did some review to try to analyze this = draft, but any comments I make must take into account my lack of = background. I did review the IETF tutorial on YANG, which was helpful. I also = looked at draft-ietf-netmod-revised-datastores-07, = draft-ietf-netmod-yang-tree-diagrams-02, draft-ietf-trill-yang-oam-05, = draft-ietf-lime-yang-connectionless-oam-18, RFC7276, to varying levels = of depth. This gives you an idea of what fundamental concepts I might = have missed. The security considerations section discusses the protocol protections = provided by the underlying transport layers=E2=80=99 security. It also = points out that NETCONF =E2=80=9Cprovides the means to restrict = access=E2=80=9D and then describes the subtrees and data nodes of the = model that are particularly sensitive or vulnerable. The dual draft for = connectionless oam does the same. The outline seems adequate, I have no = way to judge if the list is sufficient. Subtree hierarchies down to data nodes are described. I=E2=80=99m not = sure why the tree hierarchy is described - perhaps the protections for = each lower levels of the hierarchy is increasingly sensitive and would = need protections that exceed the parent=E2=80=99s. =20 One of the examples of a sensitive component is a data node that is = taken from the TRILL extensions provided in Section 7. Later working = group completion of the TRILL data model might change that data node. =20= I believe that a generic YANG cam model also exists, defined in = draft-ietf-lime-yang-oam-model, which appears in a =E2=80=9Creference=E2=80= =9D in a =E2=80=9Crevision=E2=80=9D definition. Is this connection = oriented model an extension of the YANG generic oam model. The document = talks of this model as if it is a new model; it refers to itself as a = =E2=80=9Cgeneric base model=E2=80=9D. Note my back of background - I = might not understand the YANG hierarchy. =20 This document does not address its relationship to the generic YANG oam = model, although it does address the dual connectionless model = draft-ietf-lime-yang-connectionless-oam-18. At any rate, draft-ietf-lime-yang-oam-model should be explicitly = mentioned and added to the reference list. It is not clear to me what the relationship is between models that are = extensions of the YANG generic base model, and those that are extensions = to this YANG connection oriented generic base model. For example, a = TRILL extension to the generic base model exists, but this document = defines =E2=80=9Csnippets=E2=80=9D of TRILL extensions of this = connection oriented generic base model. Should tools implement both? I found many nits, and gave up on finding them all. The RFC Editor will = find them, I=E2=80=99m sure. I=E2=80=99ve put a list at the end. I have some most substantive comments and confusion about Sections 3, 4, = and 7. Section 3 This section is describing the connection oriented generic base YANG = model, but continually mixes in the term generic YANG model. Since a = generic YANG model seems to exist, this is confusing. e.g. 3. Architecture of Generic YANG Model for OAM but then the first sentence says In this document we define a generic YANG model for connection oriented OAM protocols. and then The Generic YANG model acts as the root for other OAM YANG models. Is that describing this model, or the generic YANG model of = draft-ietf-lime-yang-oam-model? and Figure 1 depicts the relationship of different OAM YANG models to the Generic YANG Model for connection oriented OAM. The Generic YANG model for OAM provides =E2=80=A6 Is the second Generic YANG model this model or the truly generic yang = model? The figure starts with "Connection Oriented gen OAM YANG=E2=80=9D with = =E2=80=9CTRILL OAM YANG=E2=80=9D underneath. But the figure title is = "Relationship of OAM YANG model to generic (base) YANG model=E2=80=9D. = Also, TRILL has an extension of the truly generic yang model in = draft-ietf-trill-yang-oam-05. Does the diagram refer to that model or = to the extension =E2=80=9Csnippets=E2=80=9D defined in Section 7 of this = document. Sec 4 pg 8 The default mode of OAM is referred to as the Base Mode and specifies default values for each of model parameters. . . . on. The default values of these depend on the technology. Base Mode for TRILL is defined in [RFC7455]. Base mode for other technologies and future extensions developed in IETF will be defined in their corresponding documents. So each new technology extending this connection oriented base YANG = model must redefine the default values for the model parameters? tools. The OAM tools used here are limited to OAM toolset specified in section 5.1 of [RFC7276].=20 What is meant by =E2=80=9Cused here=E2=80=9D? Is this standard limited = to the tools of RF7276? Section 7 This section "demonstrates the usability of the connection-oriented YANG = OAM data model=E2=80=9D by supplying =E2=80=9Csnippets of = technology-specific model extensions for illustrative purposes=E2=80=9D. = It notes that this is not a complete extension, which would have to = come from the working groups. There is continued lack of distinction = between this documents connection oriented base YANG model and the = generic base YANG model. I am confused about what it means to have a model that extends the = generic base YANG model and one that extends the connection oriented = generic base model of this document. How are the two extensions = related? Can they be used simultaneously in the same network? Would = they both be implemented on a device? Sec 7.1 pg 41 The TRILL YANG module is augmenting connection oriented OAM module for both configuration and RPC commands. This is not clear. Does this mean "The TRILL connection oriented YANG = module described in this section augments the connection oriented OAM = module of this document=E2=80=A6" The TRILL YANG module requires the base TRILL module ([I-D.ietf- trill-yang])=20 This is not in the reference list. It is perhaps intended to be = draft-ietf-trill-yang-oam-05. Sec 7.1.1.1 pg 42 identity trill{ base co-oam:technology-types; description "trill type"; } In draft-ietf-trill-yang-oam-05, the similar definition is: identity trill { base goam:technology-types; description "trill type"; } So draft-ietf-trill-yang-oam-05 does extend the =E2=80=9Cgoam=E2=80=9D = model and this draft extend the =E2=80=9Cco-oam=E2=80=9D model. = Correct? Would both identities be used in managing a device? =E2=80=94Sandy Nits Sec 1 pg 3 ITU-T [G.8013], MEF Service OAM, MPLS-TP [RFC6371], TRILL [RFC7455] all missing an =E2=80=9Cand=E2=80=9D in there somewhere, I think. Sec 2.2 pg 5 Connectivity Verification - Connectivity Verification are used to verify that a destination is connected. It are also referred to =E2=80=9Cis used=E2=80=9D and =E2=80=9Cis also referred=E2=80=9D Sec 2.2 pg 6 diagnostics. On-demand OAM method requires only transient configuration. =E2=80=9CA On-demand OAM=E2=80=9D or =E2=80=9CThe On-demand OAM=E2=80=9D Sec 3 pg 6 technology- specific YANG models can inherit constructs from the base =E2=80=9Ctechnology-specific=E2=80=9D Sec 4 pg 7 Under each Maintenance Domain there is one or more Maintenance Association (MA). In TRILL this can be per Fine-Grained Label. =E2=80=9CAssociations=E2=80=9D It is not clear about TRILL - are multiple MA=E2=80=99s defined per = Fine-Grained Label? If so, are there multiple Fine-Grained Labels under = the Maintenance Domain? What is the MD - FGL - MA structure? In the vertical direction orthogonal to the Maintenance Domain, presented are the commands. =20 I do not understand this, particularly the =E2=80=9Cpresented are the = commands=E2=80=9D part. That is not usual word order and I can not = rearrange the sentence to make sense. And what is meant by =E2=80=9Cverti= cal direction=E2=80=9D? Sec 4 pg 8 tools. The OAM tools used here are limited to OAM toolset specified in section 5.1 of [RFC7276].=20 =E2=80=9Cto the OAM toolset=E2=80=9D Sec 4.1 pg 8 module. Within the container "domains", separate list is maintained =E2=80=9Ca separate list=E2=80=9D Sec 4.4 pg 10 The RPC model facilitates issuing commands to a "server" (in this case to the device that need to execute the OAM command) and obtain a =E2=80=9Cneeds=E2=80=9D =E2=80=9Cand obtaining=E2=80=9D Sec 4.5 pg 13 Notification is sent on defect condition and defect clears with Maintenance Domain Name, MA Name =E2=80=9CNotification is sent on detecting a defect condition and on = clearing the defect=E2=80=9D? Sec 4.6 pg 13 Grouping for monitoring statistics is to be used by YANG modules which Augment YANG to provide statistics what does the =E2=80=9CAugment YANG=E2=80=9D mean here? What is being = augmented - the generic base model or this connection oriented base = model? Sec 5 pg 20 description "If no proactive Continuity Check (CC) OAM packets from the source Maintenance End Point (MEP) (and in the case of Connectivity Verification , this includes the requirement to have the expected unique, technology dependent source MEP identifier) are received within the interval.=E2=80=9D; This is unclear. =E2=80=9Cto have the =E2=80=A6 identifier=E2=80=9D - = to possess it? not received packets from it?=20 Sec 5 page 29 container domains { description "Contains configuration related data. Within the container is list of fault domains. Within each domian has List of Maintenance Association (MA).=E2=80=9D; what does the =E2=80=9CWithin each domian has List=E2=80=9D part mean? = Within each domain there is a list=E2=80=9D =E2=80=9Clist=E2=80=9D not =E2=80=9CLIST=E2=80=9D, unless that=E2=80=99s = a identifier somewhere. and description "Define the list of fault Domains within the ietf-connection-oriented-oam module.=E2=80=9D; This is the only place =E2=80=9Cfault domain=E2=80=9D is used. Should = that term be defined somewhere? Sec 7.2 pg 44 The MPLS-TP OAM YANG module can augment connection oriented OAM Module with some technology-specific details.=20 =E2=80=9Cthe=E2=80=9D or =E2=80=9Cthis=E2=80=9D =E2=80=9Cconnection = oriented OAM module=E2=80=9D Other places, the text says =E2=80=9Cconnection oriented base model=E2=80=9D= . Consistency could help. Sec 7.2.2 pg 46 can be inherited in the MPLS-TP OAM model and set by Connection Oriented base model as default values. Why is connection oriented capitalized here? From nobody Thu Feb 22 11:58:04 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BBDE12DA40; Thu, 22 Feb 2018 11:58:02 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Stephen Farrell To: Cc: ietf@ietf.org, netmod@ietf.org, draft-ietf-netmod-rfc6087bis.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151932948231.8096.10376000064045374752@ietfa.amsl.com> Date: Thu, 22 Feb 2018 11:58:02 -0800 Archived-At: Subject: [secdir] Secdir telechat review of draft-ietf-netmod-rfc6087bis-18 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 19:58:02 -0000 Reviewer: Stephen Farrell Review result: Ready I reviewed the diff between -18 and RFC6087. [1] [1] https://www.ietf.org/rfcdiff?url1=rfc6087&url2=draft-ietf-netmod-rfc6087bis-18 I assume the security ADs were involved already in discussion about the new security considerations template in 3.7.1 and the text there does seem fine to me, so I won't even nit-pick about it:-) I do have some other nits to note though. - There are a number of URLs given for access to updated materials that use http schemed URLs and that do not use https schemed URLs. There was a recent IESG statement to the effect that those'd be better as https URLs. The first such example is in 3.1. In fact that URL is re-directed (for me) to https. I think a general pass to fix such URLs to use https wherever possible would be easy and better practice. - Some of the namespaces use http schemed URLs, for example in section 4.2. I don't know if people are expected to de-reference such URLs, but if they are then it'd be good to say if https is better to use or not. (I'd argue it is.) If those URLs are not expected to be de-referenced, then saying that would be good. (Not that it'd stop people de-referencing 'em so the change is better in any case;-) Cheers, S. From nobody Thu Feb 22 12:03:54 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCAE12DA0A; Thu, 22 Feb 2018 12:03:38 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Brian Weis To: Cc: draft-ietf-xrblock-rtcweb-rtcp-xr-metrics.all@ietf.org, iesg@ietf.org, xrblock@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151932981864.8184.11842090487013149974@ietfa.amsl.com> Date: Thu, 22 Feb 2018 12:03:38 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 20:03:39 -0000 Reviewer: Brian Weis Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes monitoring features related to media streams in Web real-time communication (WebRTC). The monitoring features are sent in Sender and Receiver Reports through RTCP along with other metrics related to the transport of multimedia flows. The new monitoring features are comprised of packet counts and other packet-related statistics (e.g., jitter). The Security Considerations states that there are no additional security considerations beyond those mentioned in related documents, and I believe this is true. There is one reference in this section that needs to be fixed: [RFC3792] is not correct. I assumed it should have been RFC 6792. Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 to identify the source for "concealment metrics". A security reviewer will naturally want to know what property "concealment" is intended to provide, and it took some hunting down to find it and determine that it wasn't relevant. From nobody Thu Feb 22 13:12:34 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEE5F12DA27; Thu, 22 Feb 2018 13:12:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.989 X-Spam-Level: X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 419XJ6a42Xst; Thu, 22 Feb 2018 13:12:30 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A068212DA24; Thu, 22 Feb 2018 13:12:30 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 13B33E207F; Thu, 22 Feb 2018 16:12:29 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 24559-07; Thu, 22 Feb 2018 16:12:28 -0500 (EST) Received: from securerf.ihtfp.org (IHTFP-DHCP-250.IHTFP.ORG [192.168.248.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 09D89E2053; Thu, 22 Feb 2018 16:12:28 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1519333948; bh=A9S56toJS9/g0rTaRHzQlEk67G8gxq0NLtbpk6bXT7I=; h=From:To:Cc:Subject:Date; b=eXTPs5sOjLU2P62hdUi+bA9sd6Bai/SrP7Nn5Nk/QPWpzYtTs3TrVcKHAN2e8iLMt EA3oheUYSyp+hQqbVtjxbOt1pzNOBT4FhwMn2mfIfudYuRfjxtmBa51bPztJOsv16k OjN4kmscP0DNPGGXH/FCUHgnUJj0YJ3fBFv3s6vY= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.15.2/Submit) id w1MLCROA007440; Thu, 22 Feb 2018 16:12:27 -0500 From: Derek Atkins To: iesg@ietf.org, secdir@ietf.org Cc: bier-chairs@ietf.org, prz@juniper.net, andrew.dolganow@nokia.com, aldrin.ietf@gmail.com, masivaku@cisco.com, erosen@juniper.net Date: Thu, 22 Feb 2018 16:12:27 -0500 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: [secdir] sec-dir review of draft-ietf-bier-mvpn-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 21:12:33 -0000 Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready to publish. Details: Obviously the security of this solution is based on the full trust of the complete end-to-end BIER network. There is no cryptography to ensure that a packet is not manipulated enroute which would change the bit-fields. The good news is that it's probably hard to inject a BIER-headed packet into the network from the outside (once it hits an external router it would be re-encapsulated). On the other hand there is nothing to stop a bad-actor internal router from creating a bogus BIER header or modifying an existing BIER header. I suspect this is already handled in the MPLS and IGP Security Considerations, but I wanted to ensure that the IESG was aware of this restriction (which is not explicitly stated here). -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Feb 22 13:46:06 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4404C12D950; Thu, 22 Feb 2018 13:46:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.23 X-Spam-Level: X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6D9TF7Y42OIx; Thu, 22 Feb 2018 13:46:02 -0800 (PST) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B3A012420B; Thu, 22 Feb 2018 13:46:02 -0800 (PST) Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id EAFF27615A615; Thu, 22 Feb 2018 21:45:57 +0000 (GMT) Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 22 Feb 2018 21:45:59 +0000 Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.168]) by SJCEML703-CHM.china.huawei.com ([169.254.5.179]) with mapi id 14.03.0382.000; Thu, 22 Feb 2018 13:45:56 -0800 From: Huaimo Chen To: Rifaat Shekh-Yusef , "secdir@ietf.org" CC: "draft-ietf-teas-rsvp-egress-protection.all@ietf.org" , "ietf@ietf.org" , "teas@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-teas-rsvp-egress-protection-09 Thread-Index: AQHTqnAoz+h2spacWkiZ4uzsCmYfVaOwjCSg Date: Thu, 22 Feb 2018 21:45:55 +0000 Message-ID: <5316A0AB3C851246A7CA5758973207D463A52635@sjceml521-mbs.china.huawei.com> References: <151914767152.4003.2724168782038044771@ietfa.amsl.com> In-Reply-To: <151914767152.4003.2724168782038044771@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.47.155.146] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-teas-rsvp-egress-protection-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 21:46:04 -0000 SGkgUmlmYWF0LA0KDQogICAgVGhhbmsgeW91IG11Y2ggZm9yIHlvdXIgdGltZSBhbmQgeW91ciB2 YWx1YWJsZSBjb21tZW50cy4NCiAgICBBbnN3ZXJzIHRvIHlvdXIgcXVlc3Rpb25zIGFyZSBpbmxp bmUgYmVsb3cgd2l0aCBwcmVmaXggW0hDXS4NCiAgICBXb3VsZCB5b3UgbWluZCByZXZpZXdpbmcg dGhlbSB0byBzZWUgaWYgdGhleSBhZGRyZXNzIHRoZSBpc3N1ZXM/DQoNCkJlc3QgUmVnYXJkcywN Ckh1YWltbw0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFJpZmFhdCBTaGVraC1Z dXNlZiBbbWFpbHRvOnJpZmFhdC5pZXRmQGdtYWlsLmNvbV0gDQpTZW50OiBUdWVzZGF5LCBGZWJy dWFyeSAyMCwgMjAxOCAxMjoyOCBQTQ0KVG86IHNlY2RpckBpZXRmLm9yZw0KQ2M6IGRyYWZ0LWll dGYtdGVhcy1yc3ZwLWVncmVzcy1wcm90ZWN0aW9uLmFsbEBpZXRmLm9yZzsgaWV0ZkBpZXRmLm9y ZzsgdGVhc0BpZXRmLm9yZw0KU3ViamVjdDogU2VjZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJh ZnQtaWV0Zi10ZWFzLXJzdnAtZWdyZXNzLXByb3RlY3Rpb24tMDkNCg0KUmV2aWV3ZXI6IFJpZmFh dCBTaGVraC1ZdXNlZg0KUmV2aWV3IHJlc3VsdDogSGFzIElzc3Vlcw0KDQpJIGhhdmUgcmV2aWV3 ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1cml0eSBkaXJlY3RvcmF0ZSdzIG9u Z29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJvY2Vzc2Vk IGJ5IHRoZSBJRVNHLiAgVGhlc2UgY29tbWVudHMgd2VyZSB3cml0dGVuIHByaW1hcmlseSBmb3Ig dGhlIGJlbmVmaXQgb2YgdGhlIHNlY3VyaXR5IGFyZWEgZGlyZWN0b3JzLiAgRG9jdW1lbnQgZWRp dG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0IGxpa2Ug YW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KICAgIkEgYmFja3VwIGVncmVzcyBNVVNU IGJlIGNvbmZpZ3VyZWQgb24gdGhlIGluZ3Jlc3Mgb2YgYW4gTFNQIHRvDQogICBwcm90ZWN0IGEg cHJpbWFyeSBlZ3Jlc3Mgb2YgdGhlIExTUCBpZiBhbmQgb25seSBpZiB0aGUgYmFja3VwIGVncmVz cw0KICAgaXMgbm90IGluZGljYXRlZCBpbiBhbm90aGVyIHBsYWNlLiINCg0KQ2FuIHlvdSBkZWZp bmUgImFub3RoZXIgcGxhY2UiPyBJcyBpdCB0aGUgInByaW1hcnkgZWdyZXNzIj8gb3RoZXJzPw0K IA0KW0hDXSBZZXMuIEFub3RoZXIgcGxhY2UgaW4gdGhpcyBjb250ZXh0IGlzIHRoZSBwcmltYXJ5 IGVncmVzcy4gDQpXZSB3aWxsIHVwZGF0ZSB0aGUgZG9jdW1lbnQgYWNjb3JkaW5nbHkgYXMgYmVs b3c6DQogICAiQSBiYWNrdXAgZWdyZXNzIE1VU1QgYmUgY29uZmlndXJlZCBvbiB0aGUgaW5ncmVz cyBvZiBhbiBMU1AgdG8NCiAgIHByb3RlY3QgYSBwcmltYXJ5IGVncmVzcyBvZiB0aGUgTFNQIGlm IGFuZCBvbmx5IGlmIHRoZSBiYWNrdXAgZWdyZXNzDQogICBpcyBub3QgY29uZmlndXJlZCBvbiB0 aGUgcHJpbWFyeSBlZ3Jlc3MuIg0KDQoNCg0KICAgIlRvIHByb3RlY3QgYSBwcmltYXJ5IGVncmVz cyBvZiBhbiBMU1AsIGEgYmFja3VwIGVncmVzcyBNVVNUIGJlDQogICBjb25maWd1cmVkIG9uIHRo ZSBwcmltYXJ5IGVncmVzcyBvZiB0aGUgTFNQIHRvIHByb3RlY3QgdGhlIHByaW1hcnkNCiAgIGVn cmVzcyBpZiBhbmQgb25seSBpZiB0aGUgYmFja3VwIGVncmVzcyBpcyBub3QgaW5kaWNhdGVkIGlu IGFub3RoZXINCiAgIHBsYWNlLiIgICANCg0KQ2FuIHlvdSBkZWZpbmUgImFub3RoZXIgcGxhY2Ui PyBJcyBpdCB0aGUgImluZ3Jlc3MiPyBvdGhlcnM/DQogICANCltIQ10gWWVzLiBBbm90aGVyIHBs YWNlIGluIHRoaXMgY29udGV4dCBpcyB0aGUgaW5ncmVzcy4gDQpXZSB3aWxsIHVwZGF0ZSB0aGUg ZG9jdW1lbnQgYWNjb3JkaW5nbHkgYXMgYmVsb3c6DQogICAiVG8gcHJvdGVjdCBhIHByaW1hcnkg ZWdyZXNzIG9mIGFuIExTUCwgYSBiYWNrdXAgZWdyZXNzIE1VU1QgYmUNCiAgIGNvbmZpZ3VyZWQg b24gdGhlIHByaW1hcnkgZWdyZXNzIG9mIHRoZSBMU1AgdG8gcHJvdGVjdCB0aGUgcHJpbWFyeQ0K ICAgZWdyZXNzIGlmIGFuZCBvbmx5IGlmIHRoZSBiYWNrdXAgZWdyZXNzIGlzIG5vdCBjb25maWd1 cmVkIG9uIHRoZSANCiAgIGluZ3Jlc3MuIg0KDQoNCg0KICAgIk5vdGUgdGhhdCBwcm90ZWN0aW5n IGEgcHJpbWFyeSBlZ3Jlc3Mgb2YgYSBQMlAgTFNQIGNhcnJ5aW5nIHNlcnZpY2UNCiAgIHRyYWZm aWMgdGhyb3VnaCBhIGJhY2t1cCBlZ3Jlc3MgcmVxdWlyZXMgdGhhdCB0aGUgYmFja3VwIGVncmVz cyB0cnVzdA0KICAgdGhlIHByaW1hcnkgZWdyZXNzIGZvciB0aGUgaW5mb3JtYXRpb24gcmVjZWl2 ZWQgZm9yIGEgc2VydmljZSBsYWJlbA0KICAgYXMgVUEgbGFiZWwuIg0KICAgDQpDYW4geW91IGVs YWJvcmF0ZSBvbiB0aGlzIHN0YXRlbWVudD8gDQpIb3cgd291bGQgdGhlIGJhY2t1cCBlZ3Jlc3Mg dHJ1c3QgdGhlIHByaW1hcnkgZWdyZXNzPw0KDQpbSENdIFRoZSBpbmZvcm1hdGlvbiBtYXkgYmUg c2VudCB0byB0aGUgYmFja3VwIGVncmVzcyBmcm9tIHRoZSANCiJwcmltYXJ5IGVncmVzcyIgdGhy b3VnaCBhbm90aGVyIHByb3RvY29sIHN1Y2ggYXMgQkdQLiBUaGUgYmFja3VwIGVncmVzcw0KbmVl ZCB0byAgbWFrZSBzdXJlIHRoYXQgdGhlICJwcmltYXJ5IGVncmVzcyIgdGhhdCBhbm90aGVyIHBy b3RvY29sIHVzZXMgDQppcyB0aGUgc2FtZSBwcmltYXJ5IGVncmVzcyB0byBiZSBwcm90ZWN0ZWQu IA0KVGhlIGJhY2t1cCBlZ3Jlc3MgbWF5IGNoZWNrIHdoZXRoZXIgdGhlIHJlbW90ZSBlbmQgb2Yg dGhlIEJHUCBzZXNzaW9uIA0KaXMgdGhlIHByaW1hcnkgZWdyZXNzIGlmIEJHUCBpcyB1c2VkIHRv IHNlbmQgdGhlIGluZm9ybWF0aW9uIHRvIHRoZSANCmJhY2t1cCBlZ3Jlc3MgZnJvbSB0aGUgInBy aW1hcnkgZWdyZXNzIi4NCldlIHdpbGwgdXBkYXRlIHRoZSBkb2N1bWVudCBhY2NvcmRpbmdseSBh cyBiZWxvdzoNCiAgIk5vdGUgdGhhdCBwcm90ZWN0aW5nIGEgcHJpbWFyeSBlZ3Jlc3Mgb2YgYSBQ MlAgTFNQIGNhcnJ5aW5nIHNlcnZpY2UNCiAgIHRyYWZmaWMgdGhyb3VnaCBhIGJhY2t1cCBlZ3Jl c3MgcmVxdWlyZXMgdGhhdCB0aGUgYmFja3VwIGVncmVzcyBtYWtlDQogICBzdXJlIHRoYXQgdGhl ICJwcmltYXJ5IGVncmVzcyIgc2VuZGluZyB0aGUgYmFja3VwIGVncmVzcyB0aGUgaW5mb3JtYXRp b24gDQogICBvbiBhIHNlcnZpY2UgbGFiZWwgYXMgVUEgbGFiZWwgdGhyb3VnaCBhbm90aGVyIHBy b3RvY29sIHN1Y2ggYXMgQkdQIGlzIA0KICAgdGhlIHNhbWUgcHJpbWFyeSBlZ3Jlc3MgdG8gYmUg cHJvdGVjdGVkLiINCg0KDQpSZWdhcmRzLA0KIFJpZmFhdA0KDQoNCg== From nobody Thu Feb 22 14:00:19 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF1A812946D; Thu, 22 Feb 2018 14:00:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.989 X-Spam-Level: X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5-_vabQqHRl; Thu, 22 Feb 2018 14:00:17 -0800 (PST) Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADDF212420B; Thu, 22 Feb 2018 14:00:17 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 8778DE2087; Thu, 22 Feb 2018 17:00:16 -0500 (EST) Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 25121-10; Thu, 22 Feb 2018 17:00:15 -0500 (EST) Received: from securerf.ihtfp.org (IHTFP-DHCP-250.IHTFP.ORG [192.168.248.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 3FE79E2053; Thu, 22 Feb 2018 17:00:15 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1519336815; bh=fWcDTxOEuUwkfLEm5qJ7UMZG7UEStFEnoOVCoHTbHxE=; h=From:To:Cc:Subject:Date; b=q5WFeS2D35FcD6mZivDxRPMByXc0CBrBJlhfX3W2gzlLZGAcPzt+qZgiKR13doCtP bl29VsxW9lQpESazd9uqoceACajQHacSIIBZolDNyWhFETDx8aSzcy0WWBeszuRmh6 /rpG1sCTb/A+fI9P+DR/V1vXWmBwo1HGwf85WnxA= Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.15.2/Submit) id w1MM0EsL008569; Thu, 22 Feb 2018 17:00:14 -0500 From: Derek Atkins To: iesg@ietf.org, secdir@ietf.org Cc: trill-chairs@ietf.org, lucyyong@gmail.com, d3e3e3@gmail.com, kingstonsmiler@gmail.com, mohammed.umair2@gmail.com Date: Thu, 22 Feb 2018 17:00:14 -0500 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Virus-Scanned: Maia Mailguard 1.0.2a Archived-At: Subject: [secdir] sec-dir review of draft-ietf-trill-transport-over-mpls-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 22:00:18 -0000 Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready to publish (with minor edits). Details: There is a typo in Figure 2 on page 7 where you have two instances of "Tenant2 Site 2". I suspect that RBat2 should be labeled Tenant2 Site 1. The same mistake is in Figure 4 on page 11. -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant From nobody Thu Feb 22 14:21:11 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132E112420B; Thu, 22 Feb 2018 14:21:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUP2Znlpinv5; Thu, 22 Feb 2018 14:21:08 -0800 (PST) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id CCD65120725; Thu, 22 Feb 2018 14:21:07 -0800 (PST) Received: from [192.168.2.28] (198-84-205-59.cpe.teksavvy.com [198.84.205.59]) by mail.networkradius.com (Postfix) with ESMTPSA id B8F081FE7; Thu, 22 Feb 2018 22:21:06 +0000 (UTC) From: Alan DeKok Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> Date: Thu, 22 Feb 2018 17:21:05 -0500 To: draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Archived-At: Subject: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 22:21:10 -0000 I have reviewed this document as part of the security directorate's = ongoing effort to review all IETF documents being processed by the IESG. = These comments were written primarily for the benefit of the security = area directors. Document editors and WG chairs should treat these = comments just like any other last call comments. The summary of the review is ready with nits. 4. The "record_size_limit" Extension ... an endpoint MUST NOT send a value higher than the protocol-defined maximum record size ... Comment: That's good, so later we have: The record size limit can interact with the maximum transmission unit (MTU) in DTLS, but it is a separate and independent constraint on record size. Nit: perhaps say that this is an *additional* constraint. Which is (to = me) a clearer indication that both constraints must be matched. = "independent" constraints sound like not only they vary independently, = but that they can be applied independently (i.e. separately). Saying = "additional" constraint is a clearer indication that both constraints = must be applied at the same time. In particular, it is not appropriate to use the record size limit in place of path MTU detection.=20 Q: How would that be done? I don't mean that the document needs to = explain how to do something wrong. I mean that it would be good to = explain the misunderstanding which would lead to using record size limit = in place of path MTU detection. e.g. "the reception of an illegal_parameter error on a session gives = no information about the allowed MTU size" The record size limit is a fixed property of an endpoint that is set during the handshake and fixed thereafter. In comparison, the MTU is determined by the network path and can change dynamically over time. Comment: it would be good to give guidance on what to do here, and what = happens in error cases. e.g. should the record size limit to be set at the start of a session = to the *smallest expected MTU*? If so, what are the side effects? Or what about this - the MTU is large at the start of a session, and a = record size limit is negotiated which matches that MTU. At some later = time, the MTU changes to a lower value than the negotiated record size = limit. What happens then? The application may receive an ICMP message = indicating destination unreachable, with a code indicating fragmentation = needed. If Don't Fragment (DF) is not set.. the packet cannot be sent. Should the session be closed? If not, why not? If so, should the = application keep track of minimum MTU across multiple sessions, and = negotiate a value of record size limit which is more likely to work? It would be good to have guidance for edge / error conditions. They = tend to be a source of network problems and interoperability issues. 5. Deprecating "max_fragment_length" ...A server that supports the "record_size_limit" extension MUST ignore and "max_fragment_length" Nit: this is probably "any" instead of "and". 7. IANA Considerations ... This document registers the "record_size_limit" extension in the TLS "ExtensionType Values" registry ... In the same registry, the "max_fragment_length" [[has been|will be]] changed to a status of not recommended. Comment: the registry has no "status" column. It may be useful to update that registry to add a "deprecated" note, = perhaps as is done with the ICMP parameters registry: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml In which case the "max_fragment_length" entry should be changed to: Value 1 Extension name max_fragment_length (deprecated) Reference RFC6066, draft-ietf-tls-record-limit= From nobody Thu Feb 22 17:19:24 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1B16126BF6; Thu, 22 Feb 2018 17:19:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_UDbbQau7v6; Thu, 22 Feb 2018 17:19:21 -0800 (PST) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EA5E12422F; Thu, 22 Feb 2018 17:19:21 -0800 (PST) Received: by mail-oi0-x22c.google.com with SMTP id j81so3238800oia.0; Thu, 22 Feb 2018 17:19:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=r0KWuIocE0v127Vap9UAAz8R+PCzVsoe9eQWglsBQxE=; b=CY7xQ+88k2TrVIsHzCE15ptrMcV1sZ1MMwIXANEdDJwNUtEGJ9OKfGNKyzwd75Owip uSMonBRPeCbWN9ys3CKWCC+IHpR6Yxb27ASGhN/wFGBIpEk0TNbAT1XmXi6unxYylB8q XYTn5MwmNiYoGOHpzbyqbyZ8fZBxlHiyx7zMmub6ymYErP+fwTtixKxRl2ZJa6lKWGBw L5cSFow2AypOsqlxHkKV4695M2z16Hpt/Jkl73+AMTdMZA5qeSbBk8lOdMhRAJ1GdhSo oPtzH3WOVPkQ5FzOFqXmBFtyVR/w6eG0KTHzxzahsFBz5oaeUWiz9aOjUeyqMJDMlZkC 1Z9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=r0KWuIocE0v127Vap9UAAz8R+PCzVsoe9eQWglsBQxE=; b=p86TV/KT37E5JfCzOZB1sO4v508O5xn9o7vGNE1oyQauFK2LwEYihMLXfKZbRkb4Se EAdNSYdVpbrtZqr1l5mTYtkTFestUiS5uE+K83iQq1zFSjkqnNEqier6+bkVGI8FEidc M7NmGXydB0ueYj8HiaKsFVslFuxFRiGbIPsb9gEpgrsd1ZQz8yFlXf1SjjhRKSFdgOEO hEsHGyw2M+S2W+alSpQFn1qwGjSQhfHWIahNpDygXEsHybzCKqlIVQbtrlhqDeNUAyaH fOxZSji0vFOvBo4WxImP2APwr0B82cNYXhvPkk+LOi5SKmFlg3w+Y1fPhAq7ydupT9gg A8Ng== X-Gm-Message-State: APf1xPBJKv/voiH1LL0Jq87/YWEjTJk0ORuZCdGWW3dwZ6vhfdtX9sfr jqj91zH5k+HpBFO2+z+NectLr7Df0ZGCEQOm/FY= X-Google-Smtp-Source: AH8x227EySnr6zifmre2aMATxmK5R0wlJSfsg4OCVW0WUZg/2MiDvPABY8ulzJElDn+62KO+0IAoCJFkZJ068hfBLNU= X-Received: by 10.202.236.4 with SMTP id k4mr6153432oih.215.1519348760191; Thu, 22 Feb 2018 17:19:20 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.16.85 with HTTP; Thu, 22 Feb 2018 17:19:19 -0800 (PST) In-Reply-To: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> From: Martin Thomson Date: Fri, 23 Feb 2018 12:19:19 +1100 Message-ID: To: Alan DeKok Cc: draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 01:19:23 -0000 Thanks Alan, A few changes based on your feedback here: https://github.com/tlswg/tls-record-limit/pull/17 On Fri, Feb 23, 2018 at 9:21 AM, Alan DeKok wrote: > In particular, it is not appropriate to use the record > size limit in place of path MTU detection. > > Q: How would that be done? I don't mean that the document needs to explain how to do something wrong. I mean that it would be good to explain the misunderstanding which would lead to using record size limit in place of path MTU detection. How would you mess this up? Set record_size_limit to your MTU with the expectation that this is sufficient. Worse, the expectation that peer has also done this. The remainder of the paragraph is intended to make that distinction clear. i.e., this limit is inherently fixed by negotiation, the other is dynamic. > Comment: it would be good to give guidance on what to do here, and what happens in error cases. DTLS (RFC 6347) already has some fairly extensive guidance on PMTUD, which I didn't want to replicate here. You hit a lot of the issues in your questions. With some better citations, this is what I came up with: +The path maximum transmission unit (PMTU) in DTLS also limits the size of +records. The record size limit SHOULD be set independently of PMTU. The +record size limit is fixed during the handshake and so is best set based on +constraints at the endpoint and not the current network environment. In +comparison, the PMTU is determined by the network path and can change +dynamically over time. See {{?PMTU=RFC8201}} and Section 4.1.1.1 of {{?DTLS}} +for more detail on PMTU discovery. > Comment: the registry has no "status" column. Ahh, a problem of concurrent updates. draft-ietf-tls-iana-registry-updates (which is going out just ahead of this) adds that column. I don't think that there was any intention of creating an explicit dependency, which won't make sense in 5 years time, but I guess we can add an informational reference. From nobody Thu Feb 22 17:50:28 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53FDA12E03B; Thu, 22 Feb 2018 17:50:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avwFsBwUIbZC; Thu, 22 Feb 2018 17:50:05 -0800 (PST) Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF7E9126DD9; Thu, 22 Feb 2018 17:50:04 -0800 (PST) X-AuditID: 1209190e-901ff7000000463b-16-5a8f734ab7e1 Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id E2.AC.17979.A437F8A5; Thu, 22 Feb 2018 20:50:03 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w1N1o15K021605; Thu, 22 Feb 2018 20:50:02 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1N1nvQM002406 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 22 Feb 2018 20:50:00 -0500 Date: Thu, 22 Feb 2018 19:49:57 -0600 From: Benjamin Kaduk To: Martin Thomson Cc: Alan DeKok , draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Message-ID: <20180223014957.GA50954@kduck.kaduk.org> References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIKsWRmVeSWpSXmKPExsUixCmqrOtd3B9l0NPCadH0uYndYv8ZHosZ fyYyW1w784/R4sPChywOrB4tR1tYPHbOusvusWTJT6YA5igum5TUnMyy1CJ9uwSujA9bNzAW nGCv2PB/JUsDYw9bFyMnh4SAicS7pTuAbC4OIYHFTBLHnn2EcjYySlz98o8ZwrnKJPHwwh5W kBYWAVWJ9Zv2gdlsAioSDd2XmUFsEQFdiUVnH7CDNDALdDJKfN+/kqWLkYNDWMBJYuXNBJAa XqB1T1t3QW3oZZR4vPQGC0RCUOLkzCdgNrOAlsSNfy+ZQHqZBaQllv/jAAlzCgRKdL3uBdsr KqAssbfvEPsERoFZSLpnIemehdC9gJF5FaNsSm6Vbm5iZk5xarJucXJiXl5qka6xXm5miV5q SukmRnA4S/LtYJzU4H2IUYCDUYmHN6KkN0qINbGsuDL3EKMkB5OSKG9PbH+UEF9SfkplRmJx RnxRaU5q8SFGCQ5mJRHePUJAOd6UxMqq1KJ8mJQ0B4uSOK+7iXaUkEB6YklqdmpqQWoRTFaG g0NJgndSEVCjYFFqempFWmZOCUKaiYMTZDgP0PCpIDW8xQWJucWZ6RD5U4zGHG0rn7Qxc9x4 8bqNWYglLz8vVUqcNwykVACkNKM0D24aKCVJZO+vecUoDvScMG8tSBUPMJ3BzXsFtIoJaNUF rl6QVSWJCCmpBsYT/WqHniz6v/73qWNvZ30p6mZedKaZz5uZeUbetKUrfs/fILf5dVpM668N 277zBjF4bJ089e+XLb0adyU3rlmXsDQv02Mrp6VQnOmvb/fvrKkU9m+W/nQg59HnfVtM/ZKe uR25OHFvBMPrhIucWz83FP2zE7l1Xfh9cPZa2a64iz4uews4g181KbEUZyQaajEXFScCAELT bs0kAwAA Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 01:50:21 -0000 On Fri, Feb 23, 2018 at 12:19:19PM +1100, Martin Thomson wrote: > Thanks Alan, Yes, thanks! > > A few changes based on your feedback here: > https://github.com/tlswg/tls-record-limit/pull/17 > > On Fri, Feb 23, 2018 at 9:21 AM, Alan DeKok wrote: > > > Comment: the registry has no "status" column. > > Ahh, a problem of concurrent updates. > draft-ietf-tls-iana-registry-updates (which is going out just ahead of > this) adds that column. I don't think that there was any intention of > creating an explicit dependency, which won't make sense in 5 years > time, but I guess we can add an informational reference. Unfortunately draft-ietf-tls-iana-registry-updates is on the 5 April telechat and will need to undergo another IETF Last Call to call out downrefs for a handful of documents that it needs to Update. So, probably we should shuffle things around so the depndency goes the other way. -Benjamin From nobody Thu Feb 22 18:01:53 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E4475126DD9; Thu, 22 Feb 2018 18:01:41 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: David Waltermire To: Cc: hipsec@ietf.org, draft-ietf-hip-dex.all@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151935130185.22539.7608018209255295739@ietfa.amsl.com> Date: Thu, 22 Feb 2018 18:01:41 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-hip-dex-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 02:01:42 -0000 Reviewer: David Waltermire Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with issues. In general this document is clearly-written and well-organized. It was a fun read overall. I have the following concerns with the draft: ----------------------------------------------------------- Section 2.1: You should use text from RFC8174 to indicate that lowercase versions of the keywords are not normative. Something like the following would work: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Section 4.1.3.1: "it can be long-lived with no need for rekeying" Small is open to interpretation. It would be useful to include some guidance on the expected amount of data to be exchanged before rekeying would be needed, or why this is a practical impossibility. Section 5.3.2 and 5.3.3: In the paragraph on TRANSPORT_FORMAT_LIST, it would be good to document the specific ESP parameter value to be used from: https://www.iana.org/assignments/hip-parameters/hip-parameters.xml#transport-modes. This will remove any ambiguity. Section 6.6: In items #5 and #6, what is "an acceptable time span"? Some guidance here would be helpful. I believe this is discussed earlier in the draft. Perhaps a reference back may provide some clarity? Section 6.9: In #1, under what circumstances would the NOTIFY packet not be dropped silently? Why is this not a MUST? Some explanation would be useful here. In general, many of the SHOULDs in the section 6 subsections, could use further justification. Section 8: What is "a reasonable delta time"? Some guidance here would be useful. Section 9 (Security Considerations): "The puzzle mechanism using CMAC may need further study regarding the level of difficulty." Study of what? Is the concern here that the impact on constrained devices at a higher level of difficulty is not well understood? Or is this concern around identifying best practices around raising the difficulty under specific conditions? A sentence or two on this would be helpful for the reader to better understand the issue. I don't see a mention of the non-protected Host Identity issue from section 1.1 here. With regards to the 4th bullet, the text in section 3 should be referenced regarding HIT collisions. (nit)-> Referencing back to the relevant sections for the other bullets may also be useful. >From section 5.3.1, I don't see a mention of the issues around dealing with I1 storms addressed here. Section 10: It can be useful for IANA to reference the specific registry by name and URL in the IANA considerations. It can also be useful to include the actual table in the IANA considerations section. These are embedded in section 5 in the current document. Suggest moving these tables to the IANA consideration section. I found the following nits in the draft: ------------------------------------------------- Section 1.1: In the text "any signaling that indicates such anonymity should be ignored" it would be useful to provide an example of such signaling. /may carry data payload/may carry a data payload/ The packets are referred to as 1st, 2nd, 3rd, and 4th here, and as I1, R1, I2, and R2 in section 4. Consider use a consistent naming approach throughout this document to improve clarity. Section 1.2: Section 8 is not included in this summary. Suggest adding a sentence about it. (nit) Section 10 is not linked as well. Section 2: /Terms and Definitions/Terms, Notation, and Definitions/ Section 3: "other methods are used to map the data packets to the corresponding HIs" What are these other methods? What if ESP is not used and the SPI is not an option? Section 4.1.2.3: In the diagram, I think there is a missing arrow between I2-SENT and R2-SENT. Please double check. Also, this diagram is far from simple. Maybe name this section "HIP State Diagram"? Section 4.1.3.2: "Even though this input" Please clarify the "this" indefinite article. Section 4.1.4: /This will limit state/Using non-volatile storage will limit state/ This section should reference section 6.11, since some of the content is duplicated there. Section 5.2.3: /It is defined in/The HOST_ID parameter is defined in/ Section 5.2.5: /at least 64 bit/at least 64 bits/ Update the reference "#I and the puzzle solution #J (see [RFC7401])" to point to section 4.1.2 in RFC7401. Section 5.3.2: The discussion of difficulty K touches on a local policy issue that is discussed in section 7. It could be useful to reference section 7 from here. Update "(see [RFC7401])" to point to section 4.1.2 in RFC7401. /based on which it chose the ECDH/based on which the Responder chose the ECDH/ Regards, David Waltermire From nobody Thu Feb 22 20:11:59 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9528C1200F1; Thu, 22 Feb 2018 20:11:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.231 X-Spam-Level: X-Spam-Status: No, score=-4.231 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ombKVG4zb5DI; Thu, 22 Feb 2018 20:11:55 -0800 (PST) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E83312008A; Thu, 22 Feb 2018 20:11:55 -0800 (PST) Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 5A392B5791D86; Fri, 23 Feb 2018 04:11:51 +0000 (GMT) Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.361.1; Fri, 23 Feb 2018 04:11:51 +0000 Received: from NKGEML513-MBS.china.huawei.com ([169.254.2.231]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0361.001; Fri, 23 Feb 2018 12:11:48 +0800 From: Qin Wu To: Sandra Murphy , IETF Security Directorate CC: "draft-ietf-lime-yang-connection-oriented-oam-model.all@ietf.org" Thread-Topic: review of draft-ietf-lime-yang-connection-oriented-oam-model-05 Thread-Index: AQHTrBGywew+im61okiQMEXB4yY01KOxUGvg Date: Fri, 23 Feb 2018 04:11:48 +0000 Message-ID: References: <6324F19D-53CD-447B-A9C8-857532C223F4@tislabs.com> In-Reply-To: <6324F19D-53CD-447B-A9C8-857532C223F4@tislabs.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.136.79.67] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] review of draft-ietf-lime-yang-connection-oriented-oam-model-05 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 04:11:57 -0000 VGhhbmtzIFNhbmRyYSBmb3IgdmFsdWFibGUgcmV2aWV3LCBzZWUgbXkgcmVwbHkgaW5saW5lIGJl bG93LiBOb3RlIHRoYXQgd2UgaGF2ZSB1cGRhdGVkIHRvIHYtMDYsIHNvbWUgb2YgeW91ciBjb21t ZW50cyB5b3UgcmFpc2VkIGFyZSBmaXhlZC4NCg0KLVFpbg0KLS0tLS3pgq7ku7bljp/ku7YtLS0t LQ0K5Y+R5Lu25Lq6OiBTYW5kcmEgTXVycGh5IFttYWlsdG86c2FuZHlAdGlzbGFicy5jb21dIA0K 5Y+R6YCB5pe26Ze0OiAyMDE45bm0MuaciDIz5pelIDM6MTcNCuaUtuS7tuS6ujogSUVURiBTZWN1 cml0eSBEaXJlY3RvcmF0ZQ0K5oqE6YCBOiBTYW5kcmEgTXVycGh5OyBkcmFmdC1pZXRmLWxpbWUt eWFuZy1jb25uZWN0aW9uLW9yaWVudGVkLW9hbS1tb2RlbC5hbGxAaWV0Zi5vcmcNCuS4u+mimDog cmV2aWV3IG9mIGRyYWZ0LWlldGYtbGltZS15YW5nLWNvbm5lY3Rpb24tb3JpZW50ZWQtb2FtLW1v ZGVsLTA1DQoNCkkgaGF2ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNl Y3VyaXR5IGRpcmVjdG9yYXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRv Y3VtZW50cyBiZWluZyBwcm9jZXNzZWQgYnkgdGhlIElFU0cuICBUaGVzZSBjb21tZW50cyB3ZXJl IHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgc2VjdXJpdHkgYXJlYSBk aXJlY3RvcnMuICBEb2N1bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRo ZXNlIGNvbW1lbnRzIGp1c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpT dW1tYXJ5OiBUaGlzIGRyYWZ0IHByZXNlbnRzIGEgZ2VuZXJpYyBjb25uZWN0aW9uIG9yaWVudGVk IHlhbmcgbW9kZWwuDQoNCkkgYW0gYSBub3ZpY2Ugb24gWUFORyBtb2RlbHMuICBJIGRpZCBzb21l IHJldmlldyB0byB0cnkgdG8gYW5hbHl6ZSB0aGlzIGRyYWZ0LCBidXQgYW55IGNvbW1lbnRzIEkg bWFrZSBtdXN0IHRha2UgaW50byBhY2NvdW50IG15IGxhY2sgb2YgYmFja2dyb3VuZC4NCg0KSSBk aWQgcmV2aWV3IHRoZSBJRVRGIHR1dG9yaWFsIG9uIFlBTkcsIHdoaWNoIHdhcyBoZWxwZnVsLiAg SSBhbHNvIGxvb2tlZCBhdCBkcmFmdC1pZXRmLW5ldG1vZC1yZXZpc2VkLWRhdGFzdG9yZXMtMDcs IGRyYWZ0LWlldGYtbmV0bW9kLXlhbmctdHJlZS1kaWFncmFtcy0wMiwgZHJhZnQtaWV0Zi10cmls bC15YW5nLW9hbS0wNSwgZHJhZnQtaWV0Zi1saW1lLXlhbmctY29ubmVjdGlvbmxlc3Mtb2FtLTE4 LCBSRkM3Mjc2LCB0byB2YXJ5aW5nIGxldmVscyBvZiBkZXB0aC4gIFRoaXMgZ2l2ZXMgeW91IGFu IGlkZWEgb2Ygd2hhdCBmdW5kYW1lbnRhbCBjb25jZXB0cyBJIG1pZ2h0IGhhdmUgbWlzc2VkLg0K DQpUaGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbiBkaXNjdXNzZXMgdGhlIHByb3Rv Y29sIHByb3RlY3Rpb25zIHByb3ZpZGVkIGJ5IHRoZSB1bmRlcmx5aW5nIHRyYW5zcG9ydCBsYXll cnPigJkgc2VjdXJpdHkuICBJdCBhbHNvIHBvaW50cyBvdXQgdGhhdCBORVRDT05GIOKAnHByb3Zp ZGVzIHRoZSBtZWFucyB0byByZXN0cmljdCBhY2Nlc3PigJ0gYW5kIHRoZW4gZGVzY3JpYmVzIHRo ZSBzdWJ0cmVlcyBhbmQgZGF0YSBub2RlcyBvZiB0aGUgbW9kZWwgdGhhdCBhcmUgcGFydGljdWxh cmx5IHNlbnNpdGl2ZSBvciB2dWxuZXJhYmxlLiAgVGhlIGR1YWwgZHJhZnQgZm9yIGNvbm5lY3Rp b25sZXNzIG9hbSBkb2VzIHRoZSBzYW1lLiAgVGhlIG91dGxpbmUgc2VlbXMgYWRlcXVhdGUsIEkg aGF2ZSBubyB3YXkgdG8ganVkZ2UgaWYgdGhlIGxpc3QgaXMgc3VmZmljaWVudC4NCg0KU3VidHJl ZSBoaWVyYXJjaGllcyBkb3duIHRvIGRhdGEgbm9kZXMgYXJlIGRlc2NyaWJlZC4gIEnigJltIG5v dCBzdXJlIHdoeSB0aGUgdHJlZSBoaWVyYXJjaHkgaXMgZGVzY3JpYmVkIC0gcGVyaGFwcyB0aGUg cHJvdGVjdGlvbnMgZm9yIGVhY2ggbG93ZXIgbGV2ZWxzIG9mIHRoZSBoaWVyYXJjaHkgaXMgaW5j cmVhc2luZ2x5IHNlbnNpdGl2ZSBhbmQgd291bGQgbmVlZCBwcm90ZWN0aW9ucyB0aGF0IGV4Y2Vl ZCB0aGUgcGFyZW504oCZcy4gIA0KDQpPbmUgb2YgdGhlIGV4YW1wbGVzIG9mIGEgc2Vuc2l0aXZl IGNvbXBvbmVudCBpcyBhIGRhdGEgbm9kZSB0aGF0IGlzIHRha2VuIGZyb20gdGhlIFRSSUxMIGV4 dGVuc2lvbnMgcHJvdmlkZWQgaW4gU2VjdGlvbiA3LiAgTGF0ZXIgd29ya2luZyBncm91cCBjb21w bGV0aW9uIG9mIHRoZSBUUklMTCBkYXRhIG1vZGVsIG1pZ2h0IGNoYW5nZSB0aGF0IGRhdGEgbm9k ZS4gICANCg0KSSBiZWxpZXZlIHRoYXQgYSBnZW5lcmljIFlBTkcgY2FtIG1vZGVsIGFsc28gZXhp c3RzLCBkZWZpbmVkIGluIGRyYWZ0LWlldGYtbGltZS15YW5nLW9hbS1tb2RlbCwgd2hpY2ggYXBw ZWFycyBpbiBhIOKAnHJlZmVyZW5jZeKAnSBpbiBhIOKAnHJldmlzaW9u4oCdIGRlZmluaXRpb24u IElzIHRoaXMgY29ubmVjdGlvbiBvcmllbnRlZCBtb2RlbCBhbiBleHRlbnNpb24gb2YgdGhlIFlB TkcgZ2VuZXJpYyBvYW0gbW9kZWwuICBUaGUgZG9jdW1lbnQgdGFsa3Mgb2YgdGhpcyBtb2RlbCBh cyBpZiBpdCBpcyBhIG5ldyBtb2RlbDsgaXQgcmVmZXJzIHRvIGl0c2VsZiBhcyBhIOKAnGdlbmVy aWMgYmFzZSBtb2RlbOKAnS4gICBOb3RlIG15IGJhY2sgb2YgYmFja2dyb3VuZCAtIEkgbWlnaHQg bm90IHVuZGVyc3RhbmQgdGhlIFlBTkcgaGllcmFyY2h5LiAgDQoNCltRaW5dOiBTb3JyeSBmb3Ig Y29uZnVzaW9uLCB0aGUgZ2VuZXJpYyBjb25uZWN0aW9uIG9yaWVudGVkIHlhbmcgbW9kZWwgZGVz Y3JpYmVkIGFib3ZlIGlzIHRoZSBZQU5HIGdlbmVyaWMgb2FtIG1vZGVsLiBJdCBpcyBzdXBlcmZs dW91cyB0byBlbXBoYXNpemUgZ2VuZXJpYyBjb25uZWN0aW9uIG9yaWVudGVkIHlhbmcgbW9kZWwg aW4gZXZlcnlwbGFjZS4NCg0KVGhpcyBkb2N1bWVudCBkb2VzIG5vdCBhZGRyZXNzIGl0cyByZWxh dGlvbnNoaXAgdG8gdGhlIGdlbmVyaWMgWUFORyBvYW0gbW9kZWwsIGFsdGhvdWdoIGl0IGRvZXMg YWRkcmVzcyB0aGUgZHVhbCBjb25uZWN0aW9ubGVzcyBtb2RlbCBkcmFmdC1pZXRmLWxpbWUteWFu Zy1jb25uZWN0aW9ubGVzcy1vYW0tMTguDQoNCltRaW5dOiBZZXMsIGl0IGRvZXMsIHRoZXJlIGlz IHR3byB0eXBlIG9mIGdlbmVyaWMgWUFORyBvYW0gbW9kZWxzLCBvbmUgaXMgY29ubmVjdGlvbi1v cmllbnRlZCwgb25lIGlzIGNvbm5lY3Rpb25sZXNzLCB0aGlzIGlzIGJhc2VkIG9uIFdHIGNvbnNl bnN1cyB0byBzZXBhcmF0ZSBvbmUgZ2VuZXJpYyBPQU0gbW9kZWwgaW50byB0d28gZ2VuZXJpYyBt b2RlbHMuDQpUaGVuIHRlY2hub2xvZ3kgc3BlY2lmaWMgT0FNIG1vZGVsIGNhbiBhdWdtZW50IHRo ZXNlIHR3byBnZW5lcmljIFlBTkcgb2FtIG1vZGVscyB3aXRoIHRlY2hub2xvZ3kgc3BlY2lmaWMg ZGV0YWlscyByZXNwZWN0aXZsZXkuDQoNCkF0IGFueSByYXRlLCBkcmFmdC1pZXRmLWxpbWUteWFu Zy1vYW0tbW9kZWwgc2hvdWxkIGJlIGV4cGxpY2l0bHkgbWVudGlvbmVkIGFuZCBhZGRlZCB0byB0 aGUgcmVmZXJlbmNlIGxpc3QuDQoNCltRaW5dOk5vLCBkcmFmdC1pZXRmLWxpbWUteWFuZy1vYW0t bW9kZWwgaGFzIGJlZW4gcmVwbGFjZWQgYnkgZHJhZnQtaWV0Zi1saW1lLXlhbmctY29ubmVjdGlv bi1vcmllbnRlZC1vYW0tbW9kZWwuDQoNCkl0IGlzIG5vdCBjbGVhciB0byBtZSB3aGF0IHRoZSBy ZWxhdGlvbnNoaXAgaXMgYmV0d2VlbiBtb2RlbHMgdGhhdCBhcmUgZXh0ZW5zaW9ucyBvZiB0aGUg WUFORyBnZW5lcmljIGJhc2UgbW9kZWwsIGFuZCB0aG9zZSB0aGF0IGFyZSBleHRlbnNpb25zIHRv IHRoaXMgWUFORyBjb25uZWN0aW9uIG9yaWVudGVkIGdlbmVyaWMgYmFzZSBtb2RlbC4gIEZvciBl eGFtcGxlLCBhIFRSSUxMIGV4dGVuc2lvbiB0byB0aGUgZ2VuZXJpYyBiYXNlIG1vZGVsIGV4aXN0 cywgYnV0IHRoaXMgZG9jdW1lbnQgZGVmaW5lcyDigJxzbmlwcGV0c+KAnSBvZiBUUklMTCBleHRl bnNpb25zIG9mIHRoaXMgY29ubmVjdGlvbiBvcmllbnRlZCBnZW5lcmljIGJhc2UgbW9kZWwuICBT aG91bGQgdG9vbHMgaW1wbGVtZW50IGJvdGg/DQoNCltRaW5dOiBBZ2FpbiwgWUFORyBnZW5lcmlj IGJhc2UgbW9kZWwgYXJlIHJlZmVycmVkIHRvIFlBTkcgY29ubmVjdGlvbiBvcmllbnRlZCBnZW5l cmljIGJhc2UgbW9kZWwuDQpUYWtlIFRyaWxsIGFzIGFuIGV4YW1wbGUsIFRSSUxMIE9BTSBpcyBj bGFzc2lmaWVkIGFzIGNvbm5lY3Rpb24gb3JpZW50ZWQgT0FNIHRlY2hub2xvZ3ksIHRoZXJlZm9y ZSBUUklMTCBPQU0gbW9kZWwgaXMgdGhlIGV4dGVuc2lvbiBvZiBZQU5HIGNvbm5lY3Rpb24gb3Jp ZW50ZWQgZ2VuZXJpYyBiYXNlIG1vZGVsLg0KDQpJIGZvdW5kIG1hbnkgbml0cywgYW5kIGdhdmUg dXAgb24gZmluZGluZyB0aGVtIGFsbC4gIFRoZSBSRkMgRWRpdG9yIHdpbGwgZmluZCB0aGVtLCBJ 4oCZbSBzdXJlLiAgSeKAmXZlIHB1dCBhIGxpc3QgYXQgdGhlIGVuZC4NCg0KW1Fpbl06IFRoYW5r cywgaXQgaGVscHMuDQoNCkkgaGF2ZSBzb21lIG1vc3Qgc3Vic3RhbnRpdmUgY29tbWVudHMgYW5k IGNvbmZ1c2lvbiBhYm91dCBTZWN0aW9ucyAzLCA0LCBhbmQgNy4NCg0KU2VjdGlvbiAzDQoNClRo aXMgc2VjdGlvbiBpcyBkZXNjcmliaW5nIHRoZSBjb25uZWN0aW9uIG9yaWVudGVkIGdlbmVyaWMg YmFzZSBZQU5HIG1vZGVsLCBidXQgY29udGludWFsbHkgbWl4ZXMgaW4gdGhlIHRlcm0gZ2VuZXJp YyBZQU5HIG1vZGVsLiAgU2luY2UgYSBnZW5lcmljIFlBTkcgbW9kZWwgc2VlbXMgdG8gZXhpc3Qs IHRoaXMgaXMgY29uZnVzaW5nLg0KDQpbUWluXTogU2VlIGFib3ZlLg0KDQplLmcuDQoNCjMuICBB cmNoaXRlY3R1cmUgb2YgR2VuZXJpYyBZQU5HIE1vZGVsIGZvciBPQU0NCg0KYnV0IHRoZW4gdGhl IGZpcnN0IHNlbnRlbmNlIHNheXMNCg0KICAgSW4gdGhpcyBkb2N1bWVudCB3ZSBkZWZpbmUgYSBn ZW5lcmljIFlBTkcgbW9kZWwgZm9yIGNvbm5lY3Rpb24NCiAgIG9yaWVudGVkIE9BTSBwcm90b2Nv bHMuDQoNCmFuZCB0aGVuDQogICAgICBUaGUgR2VuZXJpYyBZQU5HIG1vZGVsIGFjdHMgYXMgdGhl IHJvb3QgZm9yIG90aGVyIE9BTSBZQU5HDQogICBtb2RlbHMuDQoNCklzIHRoYXQgZGVzY3JpYmlu ZyB0aGlzIG1vZGVsLCBvciB0aGUgZ2VuZXJpYyBZQU5HIG1vZGVsIG9mIGRyYWZ0LWlldGYtbGlt ZS15YW5nLW9hbS1tb2RlbD8NCg0KW1Fpbl06IFdpbGwgY2hhbmdlIHRoZSB0aXRsZSB0byAiIEFy Y2hpdGVjdHVyZSBvZiBHZW5lcmljIFlBTkcgTW9kZWwgZm9yIGNvbm5lY3Rpb24tb3JpZW50ZWQg T0FNICIgdG8gZ2V0IHRoZSB0ZXJtIGNvbnNpc3RlbnQuDQphbmQNCg0KICAgICAgICAgICAgICAg ICAgICAgICAgIEZpZ3VyZSAxIGRlcGljdHMgdGhlIHJlbGF0aW9uc2hpcCBvZiBkaWZmZXJlbnQN CiAgIE9BTSBZQU5HIG1vZGVscyB0byB0aGUgR2VuZXJpYyBZQU5HIE1vZGVsIGZvciBjb25uZWN0 aW9uIG9yaWVudGVkDQogICBPQU0uICBUaGUgR2VuZXJpYyBZQU5HIG1vZGVsIGZvciBPQU0gcHJv dmlkZXMg4oCmDQoNCklzIHRoZSBzZWNvbmQgR2VuZXJpYyBZQU5HIG1vZGVsIHRoaXMgbW9kZWwg b3IgdGhlIHRydWx5IGdlbmVyaWMgeWFuZyBtb2RlbD8NCg0KW1Fpbl06IFdpbGwgY2hhbmdlICIg VGhlIEdlbmVyaWMgWUFORyBtb2RlbCBmb3IgT0FNIHByb3ZpZGVzIOKApiIgaW50byAiIFRoZSBH ZW5lcmljIFlBTkcgbW9kZWwgZm9yIGNvbm5lY3Rpb24tb3JpZW50ZWQgT0FNIHByb3ZpZGVzIOKA piIgdG8gZ2V0IHRleHQgY29uc2lzdGVudC4NCg0KVGhlIGZpZ3VyZSBzdGFydHMgd2l0aCAiQ29u bmVjdGlvbiBPcmllbnRlZCBnZW4gT0FNIFlBTkfigJ0gd2l0aCDigJxUUklMTCBPQU0gWUFOR+KA nSB1bmRlcm5lYXRoLiAgQnV0IHRoZSBmaWd1cmUgdGl0bGUgaXMgIlJlbGF0aW9uc2hpcCBvZiBP QU0gWUFORyBtb2RlbCB0byBnZW5lcmljIChiYXNlKSBZQU5HIG1vZGVs4oCdLiAgQWxzbywgVFJJ TEwgaGFzIGFuIGV4dGVuc2lvbiBvZiB0aGUgdHJ1bHkgZ2VuZXJpYyB5YW5nIG1vZGVsIGluIGRy YWZ0LWlldGYtdHJpbGwteWFuZy1vYW0tMDUuICBEb2VzIHRoZSBkaWFncmFtIHJlZmVyIHRvIHRo YXQgbW9kZWwgb3IgdG8gdGhlIGV4dGVuc2lvbiDigJxzbmlwcGV0c+KAnSBkZWZpbmVkIGluIFNl Y3Rpb24gNyBvZiB0aGlzIGRvY3VtZW50Lg0KDQpbUWluXTogTm90ZSB0aGF0IFRSSUxMIE9BTSBt b2RlbCBpcyBleHRlbnNpb24gb2YgYm90aCBUUklMTCBZQU5HIG1vZGVsIGFuZCBDb25uZWN0aW9u IG9yaWVudGVkIGdlbiBPQU0gWUFORyBtb2RlbC4gSW4gdGhpcyBkb2N1bWVudCwgd2Ugb25seSBz aG93cyBpbiBmaWd1cmUgMSB0aGF0IFRSSUxMIE9BTSBZQU5HIG1vZGVsIGlzIGV4dGVuc2lvbiBv ZiBDb25uZWN0aW9uIG9yaWVudGVkIGdlbiBPQU0gWUFORyBtb2RlbCBmb3Igc2ltcGxpY2l0eSBh bmQgc2NvcGUgY29uc2lkZXJhdGlvbi4gSW4gb3RoZXIgd29yZHMsIFRSSUxMIE9BTSBZQU5HIGRl c2NyaWJlZCBpbiBmaWd1cmUgaXMgcmVmZXJyZWQgdG8gdGhlIG1vZGVsIGRlZmluZWQgaW4gaW4g ZHJhZnQtaWV0Zi10cmlsbC15YW5nLW9hbS0wNS4NCmRyYWZ0LWlldGYtdHJpbGwteWFuZy1vYW0t MDUgbmVlZHMgdG8gYmUgdXBkYXRlZCB0byBnZXQgY29uc2lzdGVudCB3aXRoIGRyYWZ0LWlldGYt bGltZS15YW5nLWNvbm5lY3Rpb24tb3JpZW50ZWQtb2FtLW1vZGVsLTA1LCBlLmcuLCBjaGFuZ2Ug cHJlZml4IGluIHRoZSBtb2R1bGUgZnJvbSBnb2FtIGludG8gImNvLW9hbSIuDQpIb3BlIHRoaXMg Y2xhcmlmaWVzLg0KDQpTZWMgNCBwZyA4DQoNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIFRoZSBkZWZhdWx0DQogICBtb2RlIG9mIE9BTSBpcyBy ZWZlcnJlZCB0byBhcyB0aGUgQmFzZSBNb2RlIGFuZCBzcGVjaWZpZXMgZGVmYXVsdA0KICAgdmFs dWVzIGZvciBlYWNoIG9mIG1vZGVsIHBhcmFtZXRlcnMuDQogICAuIC4gLg0KICAgb24uICBUaGUg ZGVmYXVsdCB2YWx1ZXMgb2YgdGhlc2UgZGVwZW5kIG9uIHRoZSB0ZWNobm9sb2d5LiAgQmFzZSBN b2RlDQogICBmb3IgVFJJTEwgaXMgZGVmaW5lZCBpbiBbUkZDNzQ1NV0uICBCYXNlIG1vZGUgZm9y IG90aGVyIHRlY2hub2xvZ2llcw0KICAgYW5kIGZ1dHVyZSBleHRlbnNpb25zIGRldmVsb3BlZCBp biBJRVRGIHdpbGwgYmUgZGVmaW5lZCBpbiB0aGVpcg0KICAgY29ycmVzcG9uZGluZyBkb2N1bWVu dHMuDQoNClNvIGVhY2ggbmV3IHRlY2hub2xvZ3kgZXh0ZW5kaW5nIHRoaXMgY29ubmVjdGlvbiBv cmllbnRlZCBiYXNlIFlBTkcgbW9kZWwgbXVzdCByZWRlZmluZSB0aGUgZGVmYXVsdCB2YWx1ZXMg Zm9yIHRoZSBtb2RlbCBwYXJhbWV0ZXJzPw0KDQpbUWluXTogZWFjaCBuZXcgdGVjaG5vbG9neSBl eHRlbmRpbmcgdGhpcyBjb25uZWN0aW9uIG9yaWVudGVkIGJhc2UgWUFORyBtb2RlbCBpbmhlcml0 IHRoZXNlIGRlZmF1bHQgdmFsdWUgZGVmaW5lZCBpbiBiYXNlIFlBTkcgbW9kZWwgb3IgcmVkZWZp bmUgZGVmYXVsdCB2YWx1ZXMsDQpUaGUgZGVmYXVsdCB2YWx1ZXMgZGVmaW5lZCBpbiB0ZWNobm9s b2d5IHNwZWNpZmljIG1vZGVsIHdpbGwgb3ZlcnJpZGUgdGhlIGRlZmF1bHQgdmFsdWUgZGVmaW5l ZCBpbiBiYXNlIFlBTkcgbW9kZWwuDQoNCiAgIHRvb2xzLiAgVGhlIE9BTSB0b29scyB1c2VkIGhl cmUgYXJlIGxpbWl0ZWQgdG8gT0FNIHRvb2xzZXQgc3BlY2lmaWVkDQogICBpbiBzZWN0aW9uIDUu MSBvZiBbUkZDNzI3Nl0uIA0KDQpXaGF0IGlzIG1lYW50IGJ5IOKAnHVzZWQgaGVyZeKAnT8gIElz IHRoaXMgc3RhbmRhcmQgbGltaXRlZCB0byB0aGUgdG9vbHMgb2YgUkY3Mjc2Pw0KDQpbUWluXTog dGhlIHByZXZpb3VzIHNlbnRlbmNlIHNhaWQ6DQoiDQpUaGUgT0FNIGVudGl0aWVzIGluIHRoZSBn ZW5lcmljIFlBTkcgbW9kZWwgZGVmaW5lZCBoZXJlIHdpbGwgYmUNCiAgIGVpdGhlciBleHBsaWNp dGx5IG9yIGltcGxpY2l0bHkgY29uZmlndXJlZCB1c2luZyBhbnkgb2YgdGhlIE9BTQ0KICAgdG9v bHMuIFNvICJ1c2VkIGhlcmUiIG1lYW5zIGRlc2NyaWJlZCBhYm92ZSwNCiINCkFzIGNsYXJpZmll ZCBpbiB0aGUgdGV4dCwgT0FNIHRvb2xzIG5vdCB0aGlzIHN0YW5kYXJkIGlzIGxpbWl0ZWQgdG8g dGhlIHRvb2xzIG9mIFJGQzcyNzYuDQoNClNlY3Rpb24gNw0KDQpUaGlzIHNlY3Rpb24gImRlbW9u c3RyYXRlcyB0aGUgdXNhYmlsaXR5IG9mIHRoZSBjb25uZWN0aW9uLW9yaWVudGVkIFlBTkcgT0FN IGRhdGEgbW9kZWzigJ0gYnkgc3VwcGx5aW5nIOKAnHNuaXBwZXRzIG9mIHRlY2hub2xvZ3ktc3Bl Y2lmaWMgbW9kZWwgZXh0ZW5zaW9ucyBmb3IgaWxsdXN0cmF0aXZlIHB1cnBvc2Vz4oCdLiAgSXQg bm90ZXMgdGhhdCB0aGlzIGlzIG5vdCBhIGNvbXBsZXRlIGV4dGVuc2lvbiwgd2hpY2ggd291bGQg aGF2ZSB0byBjb21lIGZyb20gdGhlIHdvcmtpbmcgZ3JvdXBzLiAgVGhlcmUgaXMgY29udGludWVk IGxhY2sgb2YgZGlzdGluY3Rpb24gYmV0d2VlbiB0aGlzIGRvY3VtZW50cyBjb25uZWN0aW9uIG9y aWVudGVkIGJhc2UgWUFORyBtb2RlbCBhbmQgdGhlIGdlbmVyaWMgYmFzZSBZQU5HIG1vZGVsLg0K DQpbUWluXTogU2VlIGFib3ZlLg0KSSBhbSBjb25mdXNlZCBhYm91dCB3aGF0IGl0IG1lYW5zIHRv IGhhdmUgYSBtb2RlbCB0aGF0IGV4dGVuZHMgdGhlIGdlbmVyaWMgYmFzZSBZQU5HIG1vZGVsIGFu ZCBvbmUgdGhhdCBleHRlbmRzIHRoZSBjb25uZWN0aW9uIG9yaWVudGVkIGdlbmVyaWMgYmFzZSBt b2RlbCBvZiB0aGlzIGRvY3VtZW50LiAgSG93IGFyZSB0aGUgdHdvIGV4dGVuc2lvbnMgcmVsYXRl ZD8gIENhbiB0aGV5IGJlIHVzZWQgc2ltdWx0YW5lb3VzbHkgaW4gdGhlIHNhbWUgbmV0d29yaz8g IFdvdWxkIHRoZXkgYm90aCBiZSBpbXBsZW1lbnRlZCBvbiBhIGRldmljZT8NCg0KW1Fpbl06IGRy YWZ0LWlldGYtbGltZS15YW5nLW9hbS1tb2RlbCBoYXMgYmVlbiByZXBsYWNlZCBieSBkcmFmdC1p ZXRmLWxpbWUteWFuZy1jb25uZWN0aW9uLW9yaWVudGVkLW9hbS1tb2RlbC4gRG9uJ3Qgd29ycnkg YWJvdXQgaXQgYW55IG1vcmUuDQoNClNlYyA3LjEgcGcgNDENCg0KICAgVGhlIFRSSUxMIFlBTkcg bW9kdWxlIGlzIGF1Z21lbnRpbmcgY29ubmVjdGlvbiBvcmllbnRlZCBPQU0gbW9kdWxlDQogICBm b3IgYm90aCBjb25maWd1cmF0aW9uIGFuZCBSUEMgY29tbWFuZHMuDQoNClRoaXMgaXMgbm90IGNs ZWFyLiAgRG9lcyB0aGlzIG1lYW4gIlRoZSBUUklMTCBjb25uZWN0aW9uIG9yaWVudGVkIFlBTkcg bW9kdWxlIGRlc2NyaWJlZCBpbiB0aGlzIHNlY3Rpb24gYXVnbWVudHMgdGhlIGNvbm5lY3Rpb24g b3JpZW50ZWQgT0FNIG1vZHVsZSBvZiB0aGlzIGRvY3VtZW504oCmIg0KDQogICBUaGUgVFJJTEwg WUFORyBtb2R1bGUgcmVxdWlyZXMgdGhlIGJhc2UgVFJJTEwgbW9kdWxlIChbSS1ELmlldGYtDQog ICB0cmlsbC15YW5nXSkgDQoNClRoaXMgaXMgbm90IGluIHRoZSByZWZlcmVuY2UgbGlzdC4gIEl0 IGlzIHBlcmhhcHMgaW50ZW5kZWQgdG8gYmUgZHJhZnQtaWV0Zi10cmlsbC15YW5nLW9hbS0wNS4N Cg0KW1Fpbl06IFRoaXMgaXMgaW50ZW5kZWQsIGFzIEkgY2xhcmlmaWVkIGFib3ZlLCBUUklMTCBP QU0gWUFORyBtb2RlbCBpcyBleHRlbnNpb24gb2YgYm90aCBUUklMTCBZQU5HIG1vZGVsIGFuZCBD b25uZWN0aW9uLW9yaWVudGVkIE9BTSBZQU5HIG1vZGVsLiBJIHdpbGwgYWRkIGEgZmV3IHRleHQg dG8gbWFrZSB0aGlzIGNsZWFyLg0KDQpTZWMgNy4xLjEuMSBwZyA0Mg0KDQogICAgICBpZGVudGl0 eSB0cmlsbHsNCiAgICAgICBiYXNlIGNvLW9hbTp0ZWNobm9sb2d5LXR5cGVzOw0KICAgICAgIGRl c2NyaXB0aW9uDQogICAgICAgICJ0cmlsbCB0eXBlIjsNCiAgICAgIH0NCg0KSW4gZHJhZnQtaWV0 Zi10cmlsbC15YW5nLW9hbS0wNSwgdGhlIHNpbWlsYXIgZGVmaW5pdGlvbiBpczoNCg0KICAgaWRl bnRpdHkgdHJpbGwgeyAgICBiYXNlIGdvYW06dGVjaG5vbG9neS10eXBlczsgICAgZGVzY3JpcHRp b24NCiAgICJ0cmlsbCB0eXBlIjsgIH0NCg0KU28gZHJhZnQtaWV0Zi10cmlsbC15YW5nLW9hbS0w NSBkb2VzIGV4dGVuZCB0aGUg4oCcZ29hbeKAnSBtb2RlbCBhbmQgdGhpcyBkcmFmdCBleHRlbmQg dGhlIOKAnGNvLW9hbeKAnSBtb2RlbC4gIENvcnJlY3Q/DQoNCldvdWxkIGJvdGggaWRlbnRpdGll cyBiZSB1c2VkIGluIG1hbmFnaW5nIGEgZGV2aWNlPw0KDQpbUWluXTogQXMgeW91IGtub3csIERl ZXBhayBpcyBhbiBhdXRob3Igb2YgYm90aCBkcmFmdC1pZXRmLXRyaWxsLXlhbmctb2FtIGFuZCBk cmFmdC1pZXRmLWxpbWUteWFuZy1jb25uZWN0aW9uLW9yaWVudGVkLW9hbS1tb2RlbC4NCmRyYWZ0 LWlldGYtdHJpbGwteWFuZy1vYW0gbmVlZHMgdG8gYmUgdXBkYXRlZCB0byByZXBsYWNlIGdvYW0g d2l0aCAiY28tb2FtIi4NCg0K4oCUU2FuZHkNCg0KTml0cw0KDQpTZWMgMSBwZyAzDQoNCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJVFUtVA0KICAgW0cuODAxM10sIE1F RiBTZXJ2aWNlIE9BTSwgTVBMUy1UUCBbUkZDNjM3MV0sIFRSSUxMIFtSRkM3NDU1XSBhbGwNCg0K bWlzc2luZyBhbiDigJxhbmTigJ0gaW4gdGhlcmUgc29tZXdoZXJlLCBJIHRoaW5rLg0KDQpbUWlu XTogRml4ZWQNClNlYyAyLjIgcGcgNQ0KDQogICBDb25uZWN0aXZpdHkgVmVyaWZpY2F0aW9uICAt IENvbm5lY3Rpdml0eSBWZXJpZmljYXRpb24gYXJlIHVzZWQgdG8NCiAgICAgIHZlcmlmeSB0aGF0 IGEgZGVzdGluYXRpb24gaXMgY29ubmVjdGVkLiAgSXQgYXJlIGFsc28gcmVmZXJyZWQgdG8NCg0K 4oCcaXMgdXNlZOKAnSBhbmQg4oCcaXMgYWxzbyByZWZlcnJlZOKAnQ0KDQpbUWluXTogRml4ZWQg aW4gdi0wNiBhbHJlYWR5Lg0KDQpTZWMgMi4yIHBnIDYNCg0KICAgICAgZGlhZ25vc3RpY3MuICBP bi1kZW1hbmQgT0FNIG1ldGhvZCByZXF1aXJlcyBvbmx5IHRyYW5zaWVudA0KICAgICAgY29uZmln dXJhdGlvbi4NCg0K4oCcQSBPbi1kZW1hbmQgT0FN4oCdIG9yIOKAnFRoZSBPbi1kZW1hbmQgT0FN 4oCdDQoNCltRaW5dOiBGaXhlZC4NCg0KU2VjIDMgcGcgNg0KDQogICB0ZWNobm9sb2d5LSBzcGVj aWZpYyBZQU5HIG1vZGVscyBjYW4gaW5oZXJpdCBjb25zdHJ1Y3RzIGZyb20gdGhlIGJhc2UNCg0K 4oCcdGVjaG5vbG9neS1zcGVjaWZpY+KAnQ0KDQpbUWluXTogRml4ZWQuDQoNClNlYyA0IHBnIDcN Cg0KICAgVW5kZXIgZWFjaCBNYWludGVuYW5jZSBEb21haW4gdGhlcmUgaXMgb25lIG9yIG1vcmUg TWFpbnRlbmFuY2UNCiAgIEFzc29jaWF0aW9uIChNQSkuICBJbiBUUklMTCB0aGlzIGNhbiBiZSBw ZXIgRmluZS1HcmFpbmVkIExhYmVsLg0KDQrigJxBc3NvY2lhdGlvbnPigJ0NCg0KW1Fpbl06Rml4 ZWQNCkl0IGlzIG5vdCBjbGVhciBhYm91dCBUUklMTCAtIGFyZSBtdWx0aXBsZSBNQeKAmXMgZGVm aW5lZCBwZXIgRmluZS1HcmFpbmVkIExhYmVsPyAgSWYgc28sIGFyZSB0aGVyZSBtdWx0aXBsZSBG aW5lLUdyYWluZWQgTGFiZWxzIHVuZGVyIHRoZSBNYWludGVuYW5jZSBEb21haW4/ICBXaGF0IGlz IHRoZSBNRCAtIEZHTCAtIE1BIHN0cnVjdHVyZT8NCg0KW1Fpbl06IEluIFRSSUxMLCBNQSBpcyBj b3JyZXNwb25kaW5nIHRvIEZpbmUtR3JhaW5lZCBMYWJlbCwgd2lsbCBtYWtlIHRoaXMgY2xlYXIu DQoNCiAgIEluIHRoZSB2ZXJ0aWNhbCBkaXJlY3Rpb24gb3J0aG9nb25hbCB0byB0aGUgTWFpbnRl bmFuY2UgRG9tYWluLA0KICAgcHJlc2VudGVkIGFyZSB0aGUgY29tbWFuZHMuICANCg0KSSBkbyBu b3QgdW5kZXJzdGFuZCB0aGlzLCBwYXJ0aWN1bGFybHkgdGhlIOKAnHByZXNlbnRlZCBhcmUgdGhl IGNvbW1hbmRz4oCdIHBhcnQuICBUaGF0IGlzIG5vdCB1c3VhbCB3b3JkIG9yZGVyIGFuZCBJIGNh biBub3QgcmVhcnJhbmdlIHRoZSBzZW50ZW5jZSB0byBtYWtlIHNlbnNlLiAgQW5kIHdoYXQgaXMg bWVhbnQgYnkg4oCcdmVydGljYWwgZGlyZWN0aW9u4oCdPw0KDQpbUWluXTogVGhlIHZlcnRpY2Fs IGRpcmVjdGlvbiBpcyByZWZlcnJlZCB0byBtYW5hZ2VtZW50IHBsYW5lIHByb3RvY29sIGRpcmVj dGlvbihlLmcuLCBORVRDT05GLFNOTVApIHdoaWNoIGlzIHVzZWQgYmV0d2VlbiB0aGUgbWFuYWdl bWVudCBzeXN0ZW0gYW5kIG1hbmFnZWQgZGV2aWNlcy4NCkkgcHJvcG9zZWQgdG8gY2hhbmdlIGFz IGZvbGxvd3M6DQoiSW4gdGhlIG1hbmFnZW1lbnQgcHJvdG9jb2wgZGlyZWN0aW9uIG9ydGhvZ29u YWwgdG8gdGhlIE1haW50ZW5hbmNlIERvbWFpbiwgcHJlc2VudGVkIGFyZSB0aGUgY29tbWFuZHMu Ig0KU2VjIDQgcGcgOA0KDQogICB0b29scy4gIFRoZSBPQU0gdG9vbHMgdXNlZCBoZXJlIGFyZSBs aW1pdGVkIHRvIE9BTSB0b29sc2V0IHNwZWNpZmllZA0KICAgaW4gc2VjdGlvbiA1LjEgb2YgW1JG QzcyNzZdLiANCg0K4oCcdG8gdGhlIE9BTSB0b29sc2V04oCdDQoNCltRaW5dOkZpeGVkLg0KU2Vj IDQuMSBwZyA4DQoNCiAgIG1vZHVsZS4gIFdpdGhpbiB0aGUgY29udGFpbmVyICJkb21haW5zIiwg c2VwYXJhdGUgbGlzdCBpcyBtYWludGFpbmVkDQoNCuKAnGEgc2VwYXJhdGUgbGlzdOKAnQ0KW1Fp bl06Rml4ZWQuDQpTZWMgNC40IHBnIDEwDQoNCiAgIFRoZSBSUEMgbW9kZWwgZmFjaWxpdGF0ZXMg aXNzdWluZyBjb21tYW5kcyB0byBhICJzZXJ2ZXIiIChpbiB0aGlzDQogICBjYXNlIHRvIHRoZSBk ZXZpY2UgdGhhdCBuZWVkIHRvIGV4ZWN1dGUgdGhlIE9BTSBjb21tYW5kKSBhbmQgb2J0YWluIGEN Cg0K4oCcbmVlZHPigJ0NCg0K4oCcYW5kIG9idGFpbmluZ+KAnQ0KW1Fpbl06Rml4ZWQuDQpTZWMg NC41IHBnIDEzDQoNCiAgIE5vdGlmaWNhdGlvbiBpcyBzZW50IG9uIGRlZmVjdCBjb25kaXRpb24g YW5kIGRlZmVjdCBjbGVhcnMgd2l0aA0KICAgTWFpbnRlbmFuY2UgRG9tYWluIE5hbWUsIE1BIE5h bWUNCg0K4oCcTm90aWZpY2F0aW9uIGlzIHNlbnQgb24gZGV0ZWN0aW5nIGEgZGVmZWN0IGNvbmRp dGlvbiBhbmQgb24gY2xlYXJpbmcgdGhlIGRlZmVjdOKAnT8NCltRaW5dOk9rYXksIGFjY2VwdGVk Lg0KU2VjIDQuNiBwZyAxMw0KDQogICBHcm91cGluZyBmb3IgbW9uaXRvcmluZyBzdGF0aXN0aWNz IGlzIHRvIGJlIHVzZWQgYnkgWUFORyBtb2R1bGVzDQogICB3aGljaCBBdWdtZW50IFlBTkcgdG8g cHJvdmlkZSBzdGF0aXN0aWNzDQoNCndoYXQgZG9lcyB0aGUg4oCcQXVnbWVudCBZQU5H4oCdIG1l YW4gaGVyZT8gV2hhdCBpcyBiZWluZyBhdWdtZW50ZWQgLSB0aGUgZ2VuZXJpYyBiYXNlIG1vZGVs IG9yIHRoaXMgY29ubmVjdGlvbiBvcmllbnRlZCBiYXNlIG1vZGVsPw0KW1Fpbl06IHJlZmVycmVk IHRvIHRoaXMgY29ubmVjdGlvbi1vcmllbnRlZCBiYXNlIG1vZGVsLCB3aWxsIG1ha2UgdGhpcyBj bGVhciBpbiB0aGUgdGV4dC4NClNlYyA1IHBnIDIwDQoNCiAgICBkZXNjcmlwdGlvbg0KICAgICAg IklmIG5vIHByb2FjdGl2ZSBDb250aW51aXR5IENoZWNrIChDQykNCiAgICAgICBPQU0gcGFja2V0 cyBmcm9tIHRoZSBzb3VyY2UgTWFpbnRlbmFuY2UgRW5kIFBvaW50DQogICAgICAgKE1FUCkgKGFu ZCBpbiB0aGUgY2FzZSBvZiBDb25uZWN0aXZpdHkNCiAgICAgICBWZXJpZmljYXRpb24gLCB0aGlz IGluY2x1ZGVzIHRoZQ0KICAgICAgIHJlcXVpcmVtZW50IHRvIGhhdmUgdGhlIGV4cGVjdGVkIHVu aXF1ZSwNCiAgICAgICB0ZWNobm9sb2d5IGRlcGVuZGVudCBzb3VyY2UgTUVQDQogICAgICAgaWRl bnRpZmllcikgYXJlIHJlY2VpdmVkIHdpdGhpbiB0aGUgaW50ZXJ2YWwu4oCdOw0KDQpUaGlzIGlz IHVuY2xlYXIuICDigJx0byBoYXZlIHRoZSDigKYgaWRlbnRpZmllcuKAnSAtIHRvIHBvc3Nlc3Mg aXQ/ICBub3QgcmVjZWl2ZWQgcGFja2V0cyBmcm9tIGl0PyANCg0KW1Fpbl06VGhlIHRleHQgY29t ZXMgZnJvbSBSRkM2MzcxIHNlY3Rpb24gNS4xLjEuMSwgd2lsbCBjaGFuZ2UgdGV4dCB0byBtYWtl IGl0IGNsZWFyLg0KDQpTZWMgNSBwYWdlIDI5DQoNCiAgY29udGFpbmVyIGRvbWFpbnMgew0KICAg IGRlc2NyaXB0aW9uDQogICAgICAiQ29udGFpbnMgY29uZmlndXJhdGlvbiByZWxhdGVkIGRhdGEu IFdpdGhpbiB0aGUgY29udGFpbmVyDQogICAgICAgaXMgbGlzdCBvZiBmYXVsdCBkb21haW5zLiBX aXRoaW4gZWFjaCBkb21pYW4gaGFzIExpc3Qgb2YNCiAgICAgICBNYWludGVuYW5jZSBBc3NvY2lh dGlvbiAoTUEpLuKAnTsNCg0Kd2hhdCBkb2VzIHRoZSDigJxXaXRoaW4gZWFjaCBkb21pYW4gaGFz IExpc3TigJ0gcGFydCBtZWFuPyAgV2l0aGluIGVhY2ggZG9tYWluIHRoZXJlIGlzIGEgbGlzdOKA nQ0KDQrigJxsaXN04oCdIG5vdCDigJxMSVNU4oCdLCB1bmxlc3MgdGhhdOKAmXMgYSBpZGVudGlm aWVyIHNvbWV3aGVyZS4NCg0KW1Fpbl06V2lsbCBjaGFuZ2UgaW50bzoNCiJXaXRoaW4gdGhlIGNv bnRhaW5lciwgdGhlcmUgaXMgYSBsaXN0IG9mIGZhdWx0IGRvbWFpbnMuIEVhY2ggZG9tYWluIGhh cyBhIGxpc3Qgb2YgTWFpbnRlbmFuY2UgQXNzb2NpYXRpb24oTUEpLiINCmFuZA0KICAgICAgZGVz Y3JpcHRpb24NCiAgICAgICAgIkRlZmluZSB0aGUgbGlzdCBvZiBmYXVsdCBEb21haW5zIHdpdGhp biB0aGUNCiAgICAgICAgIGlldGYtY29ubmVjdGlvbi1vcmllbnRlZC1vYW0gbW9kdWxlLuKAnTsN Cg0KVGhpcyBpcyB0aGUgb25seSBwbGFjZSDigJxmYXVsdCBkb21haW7igJ0gaXMgdXNlZC4gIFNo b3VsZCB0aGF0IHRlcm0gYmUgZGVmaW5lZCBzb21ld2hlcmU/DQoNCltRaW5dOmZhdWx0IGRvbWFp biByZWZlcnJlZCB0byBkb21haW4sIHdpbGwgZml4IHRoaXMuDQoNClNlYyA3LjIgcGcgNDQNCg0K ICAgVGhlIE1QTFMtVFAgT0FNIFlBTkcgbW9kdWxlIGNhbiBhdWdtZW50IGNvbm5lY3Rpb24gb3Jp ZW50ZWQgT0FNDQogICBNb2R1bGUgd2l0aCBzb21lIHRlY2hub2xvZ3ktc3BlY2lmaWMgZGV0YWls cy4gDQoNCuKAnHRoZeKAnSBvciDigJx0aGlz4oCdIOKAnGNvbm5lY3Rpb24gb3JpZW50ZWQgT0FN IG1vZHVsZeKAnQ0KDQpPdGhlciBwbGFjZXMsIHRoZSB0ZXh0IHNheXMg4oCcY29ubmVjdGlvbiBv cmllbnRlZCBiYXNlIG1vZGVs4oCdLiAgQ29uc2lzdGVuY3kgY291bGQgaGVscC4NCg0KW1Fpbl06 Rml4ZWQuDQoNClNlYyA3LjIuMiBwZyA0Ng0KDQogICBjYW4gYmUgaW5oZXJpdGVkIGluIHRoZSBN UExTLVRQIE9BTSBtb2RlbCBhbmQgc2V0IGJ5IENvbm5lY3Rpb24NCiAgIE9yaWVudGVkIGJhc2Ug bW9kZWwgYXMgZGVmYXVsdCB2YWx1ZXMuDQoNCldoeSBpcyBjb25uZWN0aW9uIG9yaWVudGVkIGNh cGl0YWxpemVkIGhlcmU/DQpbUWluXTpGaXhlZCBpbiB2LTA2IGFscmVhZHkuDQoNCg0KDQoNCg== From nobody Thu Feb 22 20:33:18 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA1C120227; Thu, 22 Feb 2018 20:33:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYKb8zKKpXHK; Thu, 22 Feb 2018 20:33:15 -0800 (PST) Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFFF212008A; Thu, 22 Feb 2018 20:33:15 -0800 (PST) Received: by mail-it0-x236.google.com with SMTP id a203so3768972itd.1; Thu, 22 Feb 2018 20:33:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RP5VQc60Wt69iwTmA88Tley6Q6LU88VhmBGH9+KdegM=; b=VhZJhepENbeAU8wA3GrKLF3yO2fOmbg210UrydsIDKc6pub3mloc/Y6PxffTEqNU8B 8ONrT0PiiEfRezRs4yP52AINfoeN5QS7Ej+3RopwoA30JxErS4TP9dL9QxOx3BdJlvST Cvh+UCY1r6h5uFonkcVw2s0dsVsy3qvQecprzt8qNwi7CJELLMJKC9W7ZCtjYgVZpqkK ISqdJiK6Uo6fSbjVbf1y1+iL0/fHykN7nZ8GjGbbnZIL3YTmtBZDez0nymo/WM1MTlWL BZwVnvfuO61h9Dp30KzQuLT6b/CIRFy86UljVCcxcFLqJi/Ak9JmpvifEQRSvUqTcQBA ovJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RP5VQc60Wt69iwTmA88Tley6Q6LU88VhmBGH9+KdegM=; b=jh1bkEqf95um5eKf4f9z6yfyfmJw90mcPWcgZvy2tZ/IDhkTuNhxrX7Harb4DQtXmw FWIiEv8edcBOVds16YUnrTHUSAl4E4yUnWFfue4n37zyZRAJOf9Sugr7OJfsrj8YuUEF WWRriH5qX/MaJlfCNHnov8p7MuJ9xY22ygvKeh0kRCkyUBPb7KOwItSLpeH4iOQlj/6D dLs0egG2RgKpILvQ1VoUcriq7s4gpQxe0dMVkgj9JJI6n0OrjT1/279qVmkNRzqRQSrD TUwiOagZhDQof2ZA5ECTbrnr/znt1Qr4oCewwMGuFA2Xnshmhv8Ju1E5kcqa3v2nydvh WgGw== X-Gm-Message-State: APf1xPBFKhwGROwySdQGmzHFWLDF0BCpHJqOCMczwYEV7uIHBqQkok/1 BTIBz1O5Z02qZN06sm2IhldMowWObXmFTV4knBA= X-Google-Smtp-Source: AH8x227BiWxxE/xrhctghQlJMp/aHfZyMbtSsjHPci69IpNoD7nGlesQ254eT19n1U5WLNH8b4v9yiXfLfUTPZPPGdU= X-Received: by 10.36.216.8 with SMTP id b8mr883260itg.107.1519360395101; Thu, 22 Feb 2018 20:33:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.204.66 with HTTP; Thu, 22 Feb 2018 20:33:14 -0800 (PST) In-Reply-To: <20180223014957.GA50954@kduck.kaduk.org> References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> <20180223014957.GA50954@kduck.kaduk.org> From: Martin Thomson Date: Fri, 23 Feb 2018 15:33:14 +1100 Message-ID: To: Benjamin Kaduk Cc: Alan DeKok , draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 04:33:17 -0000 On Fri, Feb 23, 2018 at 12:49 PM, Benjamin Kaduk wrote: > Unfortunately draft-ietf-tls-iana-registry-updates is on the 5 April > telechat and will need to undergo another IETF Last Call to call out > downrefs for a handful of documents that it needs to Update. So, > probably we should shuffle things around so the depndency goes the > other way. I don't think that this is so urgent that it can't wait for the registry updates to happen. From nobody Fri Feb 23 06:06:57 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 119D612E054; Fri, 23 Feb 2018 06:06:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0nNFql7O4xr; Fri, 23 Feb 2018 06:06:49 -0800 (PST) Received: from mail-ua0-x231.google.com (mail-ua0-x231.google.com [IPv6:2607:f8b0:400c:c08::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 494FF12E046; Fri, 23 Feb 2018 06:06:49 -0800 (PST) Received: by mail-ua0-x231.google.com with SMTP id x4so5767278uaj.11; Fri, 23 Feb 2018 06:06:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=B9UPCHQt0auNhIgIhjeYyUyGm8NawEBTLzUekcD8yIM=; b=IdWmz6/poRayKhlloAEBo49vRUmFbi8ErlLSX1dyES2uYs2cpkGFMR+HVYaPC349XB x4d4d2e2VFfdiRfgPfT2gF0sc/LgqKDwVkA/rol4M+wlGHSlddiZM0oyKUoVVG0/3C5L BUdnYCoZpEm7Sd8jrMkxt8mLABv2ASdM+i7F50nya53Yqc8ztGhiJlI9dd7ouer3FSsb BHPP08xmHYOe5Ww2CpUPxpSB3/OrXOWVKtgpQ3E6QVFoTIvOOQTmskiP2SxBDGE/UTF/ 3jdvO9Zo+Hu11xVd+cPImU2pLqLOITl/2XPlPJlll1T8M0T+01Hz3sClWb7W3w0AG84K NR+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=B9UPCHQt0auNhIgIhjeYyUyGm8NawEBTLzUekcD8yIM=; b=Zs2C5KhjG8kRPVQ6X6/zFC4E8UJru8EhZ7bskX/atZXKtaOE7ez7mJP6wHxS64inu7 XbskVSEUuvvY6Zxn3GrfHwtNpgTb9UonHaT5QNpRCAcYs6avjM1B+B+j7jIW+7B34S+/ Veik+LUejZ060f1SWcjDFOqpM6WMyB4yur/dwmumv7d8HfMxwTzK64GNqlE988Q0YG71 jTbfcC7oravE1tLrMydr5krJ87RdIxDGplF17pMkxrnkTkT2S8+tsIqJ3xuzO2zO7bYx h57Oq6+oYixvIEp0ka5VFtghD9moXBcu5iRp5iUKUGz0hCsiVIMtWMTC7kUKdzzHX0y7 hhOQ== X-Gm-Message-State: APf1xPDMWTvl3G+oRF0uNGR3UN05wreL5gw5PFmCRPTrsuIjRGUmiPKF QDpvOmbipTzKhfiST4bNKVmPE5BoZCHJE06E8w4= X-Google-Smtp-Source: AG47ELv9OT/3ukcjrkUvIKvJLuiavnH/S1BXDA+3PqgqkGmj5F0+7IC1vjOj/nJu48z3Gxob8omgaH6mYrpRqlNBJWs= X-Received: by 10.176.78.203 with SMTP id x11mr1317977uah.194.1519394808376; Fri, 23 Feb 2018 06:06:48 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.45.148 with HTTP; Fri, 23 Feb 2018 06:06:47 -0800 (PST) In-Reply-To: <5316A0AB3C851246A7CA5758973207D463A52635@sjceml521-mbs.china.huawei.com> References: <151914767152.4003.2724168782038044771@ietfa.amsl.com> <5316A0AB3C851246A7CA5758973207D463A52635@sjceml521-mbs.china.huawei.com> From: Rifaat Shekh-Yusef Date: Fri, 23 Feb 2018 09:06:47 -0500 Message-ID: To: Huaimo Chen Cc: "secdir@ietf.org" , "draft-ietf-teas-rsvp-egress-protection.all@ietf.org" , "ietf@ietf.org" , "teas@ietf.org" Content-Type: multipart/alternative; boundary="089e08e4f993d3b4f10565e1ab34" Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-teas-rsvp-egress-protection-09 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 14:06:51 -0000 --089e08e4f993d3b4f10565e1ab34 Content-Type: text/plain; charset="UTF-8" Hi Huaimo, I am fine with the new suggested changes to the text. Regards, Rifaat On Thu, Feb 22, 2018 at 4:45 PM, Huaimo Chen wrote: > Hi Rifaat, > > Thank you much for your time and your valuable comments. > Answers to your questions are inline below with prefix [HC]. > Would you mind reviewing them to see if they address the issues? > > Best Regards, > Huaimo > -----Original Message----- > From: Rifaat Shekh-Yusef [mailto:rifaat.ietf@gmail.com] > Sent: Tuesday, February 20, 2018 12:28 PM > To: secdir@ietf.org > Cc: draft-ietf-teas-rsvp-egress-protection.all@ietf.org; ietf@ietf.org; > teas@ietf.org > Subject: Secdir last call review of draft-ietf-teas-rsvp-egress- > protection-09 > > Reviewer: Rifaat Shekh-Yusef > Review result: Has Issues > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > "A backup egress MUST be configured on the ingress of an LSP to > protect a primary egress of the LSP if and only if the backup egress > is not indicated in another place." > > Can you define "another place"? Is it the "primary egress"? others? > > [HC] Yes. Another place in this context is the primary egress. > We will update the document accordingly as below: > "A backup egress MUST be configured on the ingress of an LSP to > protect a primary egress of the LSP if and only if the backup egress > is not configured on the primary egress." > > > > "To protect a primary egress of an LSP, a backup egress MUST be > configured on the primary egress of the LSP to protect the primary > egress if and only if the backup egress is not indicated in another > place." > > Can you define "another place"? Is it the "ingress"? others? > > [HC] Yes. Another place in this context is the ingress. > We will update the document accordingly as below: > "To protect a primary egress of an LSP, a backup egress MUST be > configured on the primary egress of the LSP to protect the primary > egress if and only if the backup egress is not configured on the > ingress." > > > > "Note that protecting a primary egress of a P2P LSP carrying service > traffic through a backup egress requires that the backup egress trust > the primary egress for the information received for a service label > as UA label." > > Can you elaborate on this statement? > How would the backup egress trust the primary egress? > > [HC] The information may be sent to the backup egress from the > "primary egress" through another protocol such as BGP. The backup egress > need to make sure that the "primary egress" that another protocol uses > is the same primary egress to be protected. > The backup egress may check whether the remote end of the BGP session > is the primary egress if BGP is used to send the information to the > backup egress from the "primary egress". > We will update the document accordingly as below: > "Note that protecting a primary egress of a P2P LSP carrying service > traffic through a backup egress requires that the backup egress make > sure that the "primary egress" sending the backup egress the information > on a service label as UA label through another protocol such as BGP is > the same primary egress to be protected." > > > Regards, > Rifaat > > > --089e08e4f993d3b4f10565e1ab34 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Huaimo,

I am fine with the new sugge= sted changes to the text.

Regards,
= =C2=A0Rifaat


On Thu, Feb 22, 2018 at 4:45 PM, Huaimo Chen <h= uaimo.chen@huawei.com> wrote:
Hi Rifaat,

=C2=A0 =C2=A0 Thank you much for your time and your valuable comments.
=C2=A0 =C2=A0 Answers to your questions are inline below with prefix [HC].<= br> =C2=A0 =C2=A0 Would you mind reviewing them to see if they address the issu= es?

Best Regards,
Huaimo
-----Original Message-----
From: Rifaat Shekh-Yusef [mailto:r= ifaat.ietf@gmail.com]
Sent: Tuesday, February 20, 2018 12:28 PM
To: secdir@ietf.org
Cc: = draft-ietf-teas-rsvp-egress-protection.all@ietf.org; ietf@ietf.org; tea= s@ietf.org
Subject: Secdir last call review of draft-ietf-teas-rsvp-egress-protec= tion-09

Reviewer: Rifaat Shekh-Yusef
Review result: Has Issues

I have reviewed this document as part of the security directorate's ong= oing effort to review all IETF documents being processed by the IESG.=C2=A0= These comments were written primarily for the benefit of the security area= directors.=C2=A0 Document editors and WG chairs should treat these comment= s just like any other last call comments.

=C2=A0 =C2=A0"A backup egress MUST be configured on the ingress of an = LSP to
=C2=A0 =C2=A0protect a primary egress of the LSP if and only if the backup = egress
=C2=A0 =C2=A0is not indicated in another place."

Can you define "another place"? Is it the "primary egress&qu= ot;? others?

[HC] Yes. Another place in this context is the primary egress.
We will update the document accordingly as below:
=C2=A0 =C2=A0"A backup egress MUST be configured on t= he ingress of an LSP to
=C2=A0 =C2=A0protect a primary egress of the LSP if and only if the backup = egress
=C2=A0 =C2=A0is not configured on the primary egress."



=C2=A0 =C2=A0"To protect a primary egress of an LSP, a backup egress M= UST be
=C2=A0 =C2=A0configured on the primary egress of the LSP to protect the pri= mary
=C2=A0 =C2=A0egress if and only if the backup egress is not indicated in an= other
=C2=A0 =C2=A0place."

Can you define "another place"? Is it the "ingress"? ot= hers?

[HC] Yes. Another place in this context is the ingress.
We will update the document accordingly as below:
=C2=A0 =C2=A0"To protect a primary egress of an LSP, = a backup egress MUST be
=C2=A0 =C2=A0configured on the primary egress of the LSP to protect the pri= mary
=C2=A0 =C2=A0egress if and only if the backup egress is not configur= ed on the
=C2=A0 =C2=A0ingress."



=C2=A0 =C2=A0"Note that protecting a primary egress of a P2P LSP carry= ing service
=C2=A0 =C2=A0traffic through a backup egress requires that the backup egres= s trust
=C2=A0 =C2=A0the primary egress for the information received for a service = label
=C2=A0 =C2=A0as UA label."

Can you elaborate on this statement?
How would the backup egress trust the primary egress?

[HC] The information may be sent to the backup egress from the
"primary egress" through another protocol such as BGP. The backup= egress
need to=C2=A0 make sure that the "primary egress" that another pr= otocol uses
is the same primary egress to be protected.
The backup egress may check whether the remote end of the BGP session
is the primary egress if BGP is used to send the information to the
backup egress from the "primary egress".
We will update the document accordingly as below:
=C2=A0 "Note that protecting a primary egress of a P2= P LSP carrying service
=C2=A0 =C2=A0traffic through a backup egress requires that the backu= p egress make
=C2=A0 =C2=A0sure that the "primary egress" sending the backup eg= ress the information
=C2=A0 =C2=A0on a service label as UA label through another protocol such a= s BGP is
=C2=A0 =C2=A0the same primary egress to be protected."


Regards,
=C2=A0Rifaat



--089e08e4f993d3b4f10565e1ab34-- From nobody Fri Feb 23 06:49:23 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62EF8127337; Fri, 23 Feb 2018 06:49:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J47junh1KSmV; Fri, 23 Feb 2018 06:49:14 -0800 (PST) Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 5B4C01270A3; Fri, 23 Feb 2018 06:49:14 -0800 (PST) Received: from [192.168.2.28] (198-84-205-59.cpe.teksavvy.com [198.84.205.59]) by mail.networkradius.com (Postfix) with ESMTPSA id 2FA9D1FE8; Fri, 23 Feb 2018 14:49:13 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Alan DeKok In-Reply-To: Date: Fri, 23 Feb 2018 09:49:11 -0500 Cc: draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> To: Martin Thomson X-Mailer: Apple Mail (2.3124) Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 14:49:16 -0000 On Feb 22, 2018, at 8:19 PM, Martin Thomson = wrote: > A few changes based on your feedback here: > https://github.com/tlswg/tls-record-limit/pull/17 Thanks. That helps. > The remainder of the paragraph is intended to make that distinction > clear. i.e., this limit is inherently fixed by negotiation, the other > is dynamic. My point is that those two limits may agree or disagree dynamically. = So it would be good to give guidance on what to do when a previous = agreement dynamically changes to disagreement. >> Comment: it would be good to give guidance on what to do here, and = what happens in error cases. >=20 > DTLS (RFC 6347) already has some fairly extensive guidance on PMTUD, > which I didn't want to replicate here. You hit a lot of the issues in > your questions. With some better citations, this is what I came up > with: That still doesn't give guidance. What happens if the record size = limit is fine at the start of a session, and then MTU changes, and the = packets no longer make it through? What does the application do? RFC 6347 Section 4.1.1.1 gives some guidance, but I think not enough. = Exposing the MTU to the application is good, but what does the = application *do* with this information? e.g. PMTU should be exposed to the application as per Section 4.1.1.1 = of {{?DTLS}}. If the PTMU changes, the application may discover that = the new MTU is smaller than the record size limit. In that situation, = the only recourse available may be to close the session, and to open a = newer one with a smaller record size limit that is compatible with the = new MTU. Alan DeKok. From nobody Fri Feb 23 08:45:57 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB372127136; Fri, 23 Feb 2018 08:45:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIrAarwqlrKv; Fri, 23 Feb 2018 08:45:50 -0800 (PST) Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E97C1241F3; Fri, 23 Feb 2018 08:45:50 -0800 (PST) Received: by mail-qk0-x234.google.com with SMTP id s198so11479974qke.5; Fri, 23 Feb 2018 08:45:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=w1sVR7MRyMIgJzvaT2a+500eAh2EMh8B78ACzNUX5/E=; b=Rrump+vv0FiPsQxUAaqwq8Nrnd7+J88Opv/xEjYs+JbyxO3bi0mgXFICtsVehLuqnl knCZDfteRONPhhAHUt2OKqe2MVUryA3nMsJBhlJCHHFHV8KQ07Qe1ywCJ38U3zSig/8O nLXsUpVEnLhUmajvOZfW2XtDVl4Hj7U1k3XPhqVjTiYQSm7sDvko9rsoXAtaLZpMgPS/ Zu/RK4Yq7Inr+pgGEIqGJhPeLy/ELCwk0eKvZ051dalk46Phe0PxNzBVgyaB2ItM8tUv t77tzgHMNmVyXVq76McBqSsFusqaCkXBbRx/ozsI4T6ecXhQOb6SI45cFMOCN240d6Ax tYQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=w1sVR7MRyMIgJzvaT2a+500eAh2EMh8B78ACzNUX5/E=; b=X8bXwK1a9lxZkHtx3iBF9S/4il8SvEcE8jq2ImOZfXa/3A8z3qOkyMEW0PLdYLC9ZH FfU9aFHMTiPViZD1FTotgzY7g61TJ+zVDImBDEshXzgd2l4ZtPVBT/VrOifj2jyMFqK4 GXTZUcJ0sZnb6fkPfvqUzUKgLHrq53cfiHXkSg0fina8DAan5lEYFxEIQ1h+85CyU3au DZmGdIZ48Vz0Rn0MkhUWDnGDtcRG5wqh7LqT9/E9HXcxk5EgrzEoA5bUQkrCFsM242WU 9g+HiYrBgMccWxiUxrLdI8HmMWxVU31LzG+lRAoR/7gsG0xLdq5y6AXY0e/cqrqu7HC9 3tXw== X-Gm-Message-State: APf1xPDNaBrJCQzphSCK6ZxSVEbAucW8M7xawE770hpFTluI2spCv3Bm sznGvm8Pl4/tBj728xV6BIVVuUuVRi1g5C0ezx8= X-Google-Smtp-Source: AG47ELtVGumIrrczTRz3Thwhj+7ezZ2rqCsa5xOedhrVyjnFOhqXQrkL8fTOVqklPV2DMyCKaMbhxQ4++oygB84tWFQ= X-Received: by 10.55.155.19 with SMTP id d19mr3354009qke.193.1519404349497; Fri, 23 Feb 2018 08:45:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.149.178 with HTTP; Fri, 23 Feb 2018 08:45:09 -0800 (PST) In-Reply-To: References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> <20180223014957.GA50954@kduck.kaduk.org> From: Kathleen Moriarty Date: Fri, 23 Feb 2018 11:45:09 -0500 Message-ID: To: Martin Thomson Cc: Benjamin Kaduk , draft-ietf-tls-record-limit@ietf.org, IETF SecDir , IESG , Alan DeKok Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 16:45:52 -0000 On Thu, Feb 22, 2018 at 11:33 PM, Martin Thomson wrote: > On Fri, Feb 23, 2018 at 12:49 PM, Benjamin Kaduk wrote: >> Unfortunately draft-ietf-tls-iana-registry-updates is on the 5 April >> telechat and will need to undergo another IETF Last Call to call out >> downrefs for a handful of documents that it needs to Update. So, >> probably we should shuffle things around so the depndency goes the >> other way. > > I don't think that this is so urgent that it can't wait for the > registry updates to happen. OK, I can move it to the next telechat and Ben can take over the AD role for the draft. Thanks. -- Best regards, Kathleen From nobody Fri Feb 23 11:17:28 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04E971241F3; Fri, 23 Feb 2018 11:17:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIPb6XHRuSpM; Fri, 23 Feb 2018 11:17:25 -0800 (PST) Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18F361205F0; Fri, 23 Feb 2018 11:17:24 -0800 (PST) X-AuditID: 1209190f-81bff70000005fde-fc-5a9068c28737 Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 57.DE.24542.3C8609A5; Fri, 23 Feb 2018 14:17:23 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id w1NJHI8Q032473; Fri, 23 Feb 2018 14:17:20 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1NJHE6j014966 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 23 Feb 2018 14:17:17 -0500 Date: Fri, 23 Feb 2018 13:17:14 -0600 From: Benjamin Kaduk To: Alan DeKok Cc: Martin Thomson , draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Message-ID: <20180223191714.GG50954@kduck.kaduk.org> References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupmleLIzCtJLcpLzFFi42IRYrdT1z2cMSHKYPJbM4umz03sFvvP8FjM +DOR2eLamX+MFh8WPmRxYPVoOdrC4rFz1l12jyVLfjIFMEdx2aSk5mSWpRbp2yVwZew+dpep 4Bx/xZ/VV9gaGNfwdDFyckgImEh8b1/N2MXIxSEksJhJYuXNXkaQhJDARkaJr9vzIRJXmSRm rPvLCpJgEVCVeLBrBguIzSagItHQfZkZxBYR0JJYsH4RC0gDs0APo8T2O9PBEsIClhI3pp1m A7F5gdbtmHGRDWLqKUaJGUsOskIkBCVOznwCNpUZaNKNfy+Zuhg5gGxpieX/OEDCnALuEn1f TzCB2KICyhJ7+w6xT2AUmIWkexaS7lkI3QsYmVcxyqbkVunmJmbmFKcm6xYnJ+blpRbpmujl ZpbopaaUbmIEhTOnJP8OxjkN3ocYBTgYlXh4I8QnRAmxJpYVV+YeYpTkYFIS5Y2yAArxJeWn VGYkFmfEF5XmpBYfYpTgYFYS4S173h8lxJuSWFmVWpQPk5LmYFES53U30Y4SEkhPLEnNTk0t SC2CycpwcChJ8J5KBxoqWJSanlqRlplTgpBm4uAEGc4DNNwCpIa3uCAxtzgzHSJ/ilGX48aL 123MQix5+XmpUuK8d9KAigRAijJK8+DmgNKQRPb+mleM4kBvCfN+BBnFA0xhcJNeAS1hAlpy gasXZElJIkJKqoFx06IaKx6X7T2li5Z6PrmX313brON0KmS5kVbHoRcxfMJXlGI+Vm+e4Put vPrkncXLYlczvUrVVmm/b603/Yx40+OqXIs/s/VWLE03OWH/7hjb1D5p9f9GG/Z33ej8vNUs unBHcGuD0G3rhQkv2IpmP9f32GdXqRDtrtivrSgdILQ7+/59Y2clluKMREMt5qLiRAB//f6A HgMAAA== Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 19:17:27 -0000 On Fri, Feb 23, 2018 at 09:49:11AM -0500, Alan DeKok wrote: > On Feb 22, 2018, at 8:19 PM, Martin Thomson wrote: > > A few changes based on your feedback here: > > https://github.com/tlswg/tls-record-limit/pull/17 > > Thanks. That helps. > > > The remainder of the paragraph is intended to make that distinction > > clear. i.e., this limit is inherently fixed by negotiation, the other > > is dynamic. > > My point is that those two limits may agree or disagree dynamically. So it would be good to give guidance on what to do when a previous agreement dynamically changes to disagreement. > > >> Comment: it would be good to give guidance on what to do here, and what happens in error cases. > > > > DTLS (RFC 6347) already has some fairly extensive guidance on PMTUD, > > which I didn't want to replicate here. You hit a lot of the issues in > > your questions. With some better citations, this is what I came up > > with: > > That still doesn't give guidance. What happens if the record size limit is fine at the start of a session, and then MTU changes, and the packets no longer make it through? What does the application do? > > RFC 6347 Section 4.1.1.1 gives some guidance, but I think not enough. Exposing the MTU to the application is good, but what does the application *do* with this information? > > e.g. PMTU should be exposed to the application as per Section 4.1.1.1 of {{?DTLS}}. If the PTMU changes, the application may discover that the new MTU is smaller than the record size limit. In that situation, the only recourse available may be to close the session, and to open a newer one with a smaller record size limit that is compatible with the new MTU. The record size limit is a cap, not a mandatory record size. So, the application could just send smaller records that fit within the new PMTU, provided both sides have the proper logic around PMTU discovery and record sizing. -Benjamin From nobody Fri Feb 23 19:28:12 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 69E7812895E; Fri, 23 Feb 2018 19:28:05 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Liang Xia To: Cc: anima@ietf.org, ietf@ietf.org, draft-ietf-anima-autonomic-control-plane.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151944288538.13853.12008661353663855742@ietfa.amsl.com> Date: Fri, 23 Feb 2018 19:28:05 -0800 Archived-At: Subject: [secdir] Secdir early review of draft-ietf-anima-autonomic-control-plane-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 03:28:05 -0000 Reviewer: Liang Xia Review result: Has Issues In general, this document is well-written and considers security issues carefully throughout the whole architecture. nits: Abstract: /or not misconfigured/or misconfigured/ the fifth paragraph of section 6.1: the last ")" is redundant, therefore can be deleted some section titles don't comply the rule of starting from a capital letter section 6.5 /("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2", see [RFC7296]/("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2", see [RFC7296])/ suggestion: all the Figures (e.g., Figure 1,2...) should have a title for explanation section 2, please update the last paragraph to reference RFC8174 to indicate that lowercase versions of the keywords are not normative Section 11 (Security Considerations) Since section 9.2 has described the self-protection properties of ACP well, it may be useful in this section to mention them as a whole. From nobody Sun Feb 25 10:59:23 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 13009127241; Sun, 25 Feb 2018 10:59:16 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Paul Wouters To: Cc: i2rs@ietf.org, ietf@ietf.org, draft-ietf-i2rs-rib-info-model.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151958515603.12934.11779217462614817262@ietfa.amsl.com> Date: Sun, 25 Feb 2018 10:59:16 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 18:59:16 -0000 Reviewer: Paul Wouters Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has Issues. This Informational draft specifies an information model for routing information bases (RIBs) , and hints at how a read/write API would look like. I think the document should be improved to clarify this API beyond a simple mention of SSH and TLS in its own section, outside of the Security Consideration section. For example, if this is TLS, what is used? Something restful? xml? json? What would the URI be? And for ssh, what kind of access would be given? How is this restricted to the RIB API ? From nobody Sun Feb 25 15:44:56 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F84A1241F5; Sun, 25 Feb 2018 15:44:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.945 X-Spam-Level: X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3WEO64k2QjH; Sun, 25 Feb 2018 15:44:48 -0800 (PST) Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8E821205F0; Sun, 25 Feb 2018 15:44:44 -0800 (PST) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.251.46; From: "Susan Hares" To: "'Paul Wouters'" , Cc: , , References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> In-Reply-To: <151958515603.12934.11779217462614817262@ietfa.amsl.com> Date: Sun, 25 Feb 2018 18:44:41 -0500 Message-ID: <002a01d3ae92$9b899660$d29cc320$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHQD0Pdn7l6HalH48dRcUIzKK9LGaO9BWww Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 23:44:50 -0000 Paul: The current I2RS RIB Data model is a yang model which can be access via netconf and restconf with the restrictions in the network management datastore architecture. Are you looking for us to specify the netconf/restconf suite protocols, and the CBOR for binary in this section. If you are looking for more than that, are you looking for what is in https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/ Thank you, Sue Hares WG co-chair -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Paul Wouters Sent: Sunday, February 25, 2018 1:59 PM To: secdir@ietf.org Cc: i2rs@ietf.org; ietf@ietf.org; draft-ietf-i2rs-rib-info-model.all@ietf.org Subject: [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 Reviewer: Paul Wouters Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has Issues. This Informational draft specifies an information model for routing information bases (RIBs) , and hints at how a read/write API would look like. I think the document should be improved to clarify this API beyond a simple mention of SSH and TLS in its own section, outside of the Security Consideration section. For example, if this is TLS, what is used? Something restful? xml? json? What would the URI be? And for ssh, what kind of access would be given? How is this restricted to the RIB API ? _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs From nobody Sun Feb 25 15:51:20 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E942124BAC; Sun, 25 Feb 2018 15:51:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.945 X-Spam-Level: X-Spam-Status: No, score=0.945 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqIl8wob8_sS; Sun, 25 Feb 2018 15:51:12 -0800 (PST) Received: from hickoryhill-consulting.com (50-245-122-97-static.hfc.comcastbusiness.net [50.245.122.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21DC21241F5; Sun, 25 Feb 2018 15:51:12 -0800 (PST) X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=166.176.251.46; From: "Susan Hares" To: "'Paul Wouters'" , Cc: , , References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> <002a01d3ae92$9b899660$d29cc320$@ndzh.com> In-Reply-To: <002a01d3ae92$9b899660$d29cc320$@ndzh.com> Date: Sun, 25 Feb 2018 18:51:08 -0500 Message-ID: <003901d3ae93$82750910$875f1b30$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHQD0Pdn7l6HalH48dRcUIzKK9LGQL4ahFmo6VFDDA= Content-Language: en-us X-Authenticated-User: skh@ndzh.com Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 23:51:13 -0000 Paul: I hit return to soon. Thank you for the security review. Cheerily, Susan Hares -----Original Message----- From: Susan Hares [mailto:shares@ndzh.com] Sent: Sunday, February 25, 2018 6:45 PM To: 'Paul Wouters'; secdir@ietf.org Cc: i2rs@ietf.org; ietf@ietf.org; draft-ietf-i2rs-rib-info-model.all@ietf.org Subject: RE: [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 Paul: The current I2RS RIB Data model is a yang model which can be access via netconf and restconf with the restrictions in the network management datastore architecture. Are you looking for us to specify the netconf/restconf suite protocols, and the CBOR for binary in this section. If you are looking for more than that, are you looking for what is in https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/ Thank you, Sue Hares WG co-chair -----Original Message----- From: i2rs [mailto:i2rs-bounces@ietf.org] On Behalf Of Paul Wouters Sent: Sunday, February 25, 2018 1:59 PM To: secdir@ietf.org Cc: i2rs@ietf.org; ietf@ietf.org; draft-ietf-i2rs-rib-info-model.all@ietf.org Subject: [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 Reviewer: Paul Wouters Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Has Issues. This Informational draft specifies an information model for routing information bases (RIBs) , and hints at how a read/write API would look like. I think the document should be improved to clarify this API beyond a simple mention of SSH and TLS in its own section, outside of the Security Consideration section. For example, if this is TLS, what is used? Something restful? xml? json? What would the URI be? And for ssh, what kind of access would be given? How is this restricted to the RIB API ? _______________________________________________ i2rs mailing list i2rs@ietf.org https://www.ietf.org/mailman/listinfo/i2rs From nobody Sun Feb 25 17:31:55 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8FA81273B1; Sun, 25 Feb 2018 17:31:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ss0Kr489CYu; Sun, 25 Feb 2018 17:31:47 -0800 (PST) Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 528971271FD; Sun, 25 Feb 2018 17:31:47 -0800 (PST) Received: by mail-oi0-x22b.google.com with SMTP id j79so9515181oib.12; Sun, 25 Feb 2018 17:31:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RDdwhU2awrnO8FcKYTTNthurUQVe3WQQbd6YT8IKmgw=; b=KzWv9yHDcM9LK47CipLhWjXA6Bmk1CAU7mMTzsUc2zbuFa7y01YLZCZ/dJAfBVgi0m audGk1qp9P4tb+LvJWZu6pNu5z99aZJJQKc7lFRJnR2qAJHkphpB3dXUoqYA0SLrTEEC 3f5HhWWQehGr5d890hTMHtgZwELgXCe6TiM/bNnfxTsi9PxrK4v7n2Oeq+lsdy5uQWsd DYO4iQ9OpZKXKEvKjVyGL0uMA8Ui4OPZBMOTV67xux0h+OUntJNgUGMeP4HhkB347PCe UKnEzychb7b6QGgyPKwVORAF0XCDpqAkuioTFJrNzeybZln2YirNy7W5oEPgfePR+v35 G6Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RDdwhU2awrnO8FcKYTTNthurUQVe3WQQbd6YT8IKmgw=; b=ee6pJpxytUKRxkEt4XtzL8YXevBEcKGKc4lyf3R8SQEuXJdJAPv75vrP6LNHOe5kaf 13pX7NVHxSxJJFm15XgSd77lwkSX+GYLuo7o/Ge+D5g22ihEQRwH8LRcHsUA4IlxYTDJ Zo1jJXdWHKPPGfHiZ7Va6SRWXbCq/8CzLAeXIJDJ5t2ur97Xn46tvjZdjb4DW4F4da9B +G2kGafNDzbUsB0FMvt+YhPz23kRwnlCGfpR/o2zbcI7qoj1Sc67Bxwj1I3OtQ3FPaPw nOGUmhx/nwkJoObCICwouagKcmHHCPFZQ2niZOORYe76V5DlqwMIAOhhFw/c08kWDo+m ILhQ== X-Gm-Message-State: APf1xPDBmxHInjmFSBfQp9IPiNzuAKftS/vDnVW/6mMdRI63uLMrkq7y aVPIhcjMnDqDKTpx1qDftfJl4/cUaFplPlZo8EAA2Tg/ X-Google-Smtp-Source: AG47ELuZ/oqftAGCQEWDSlUkkOzvicCG3MnTZFXwrzN5yX85T+qgBJJOW0bX/sA5RuIRdqOsl5+Nl1wid5Zf2HQIsrQ= X-Received: by 10.202.235.133 with SMTP id j127mr5744504oih.346.1519608706461; Sun, 25 Feb 2018 17:31:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.16.85 with HTTP; Sun, 25 Feb 2018 17:31:45 -0800 (PST) In-Reply-To: <20180223191714.GG50954@kduck.kaduk.org> References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> <20180223191714.GG50954@kduck.kaduk.org> From: Martin Thomson Date: Mon, 26 Feb 2018 12:31:45 +1100 Message-ID: To: Benjamin Kaduk , Hannes Tschofenig Cc: Alan DeKok , draft-ietf-tls-record-limit@ietf.org, IESG , secdir@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 01:31:49 -0000 On Sat, Feb 24, 2018 at 6:17 AM, Benjamin Kaduk wrote: > The record size limit is a cap, not a mandatory record size. That's right. Alan, does that address your primary concern? > On Fri, Feb 23, 2018 at 09:49:11AM -0500, Alan DeKok wrote: >> RFC 6347 Section 4.1.1.1 gives some guidance, but I think not enough. Exposing the MTU to the application is good, but what does the application *do* with this information? In many cases, nothing. My understanding of DTLS implementations is that the size of a write determines the size of the packet that is ultimately sent. Say I write 100 octets to the socket, so DTLS writes out a record of 128 octets. What stacks do when a write exceeds PMTU differs. The same applies to this new limit: * The stack I work on splits records based on its understanding of the MTU, but it only learns that during the handshake and so relies mostly on the application making smaller writes. (There is currently no way to set the MTU, which is an open bug.) It also sends a single record in each packet for application data, so the net effect of a large write is multiple UDP datagrams with one record each. If your stack operates like this, then the information is pretty much just advisory. The only thing you might contemplate is changing any coalescing rules you might have to compensate. * If a stack did automatic splits, but then put multiple records in the same datagram, that's the same for a using application. * If a stack rejects large writes and forces the application to write within its constraints, then that stack needs to be clear about what limit was in force, such as through the use of specific error codes. Such stack that adds this feature would need to be careful about introducing this feature. From nobody Sun Feb 25 22:12:42 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0EBD128C0A; Sun, 25 Feb 2018 22:12:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rJczWm8fPpB3; Sun, 25 Feb 2018 22:12:30 -0800 (PST) Received: from mail-pl0-x22c.google.com (mail-pl0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E83BF126BF7; Sun, 25 Feb 2018 22:12:29 -0800 (PST) Received: by mail-pl0-x22c.google.com with SMTP id w21so8720776plp.11; Sun, 25 Feb 2018 22:12:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=7wNePP6U9AyJG7nLu59rXN9Del3Cd+STRmOA/t3WUWw=; b=QgPVCrCP117W2HldvjEDyxJ8oG2upRzUcyUJ5NSIf1wMVtf3xQhlYBuQH0ZSM8ZcRV oNKPbY1Gygb9iWbAbT2z7KmJwyVRhEY+/1uiX5WVyEZsqHQV3uHyJuTH4gIt+bUaO4gc vBibM4bb0qSht/yFNks0jvoIfLMRMLliAmL/aVgKTZjD6niMfuMaxnPF5Nex7iSJDLj0 swGvh+452Zl1jw1LSI/L45LArr5sEXez3r2B13Vg1sQUeMXl78yTTAfM9ws2FHSRuTzI Pqg/wt8ZEFA9TP7gycfEOQ3kLmodhJ3G0ZW3MOEGhP4YwpUzgeINeqdwSOSWxHI7f5IQ mb1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=7wNePP6U9AyJG7nLu59rXN9Del3Cd+STRmOA/t3WUWw=; b=Pni9ngay+vS67+OXun5dVLDe58xoqV3KmCTXgfwVJvbdUGXHF+RQ0G9GR9m2wovvJ/ GdHxnF3BQB4BytZ3WPMniRgtQ2e3Uo0ywNQBHJj0ZQyaziE8Ke6FcrZcnncm8WTmlaA2 2PdGATL4Ifn1OMEEYN9wuA0T3DwmZCU59C1geZm0SRhFfxdmRXxdm0FWTfTe5nxM0/YS Wk3W/58SiAddPe8H+CDQVlgZ3Gjp7K0jeLqQr6WcNJisma6TB6PZGiXvItxZa5CQYpwO TMR0lOajKl2QVdEp7lYGGF0KsscMJTs7h8Q0NfPjB/iY870X4TwsdRpqjomWc8WY7AyY tqng== X-Gm-Message-State: APf1xPAnKG2s7hMpx2S/MH8RkTdE6opdc/YuTE3mijuQqua2ma1Z2TT8 plDn5B8i6nKFjv5nweyAexQmjEFR X-Google-Smtp-Source: AH8x226TalvvcZ0kBVKx67j1/9Q0mCQarR7xvqbuqDRxxdeVSkOKhDgqDgIoFON07Q/biNRh6TPUrA== X-Received: by 2002:a17:902:2de4:: with SMTP id p91-v6mr9650957plb.405.1519625548984; Sun, 25 Feb 2018 22:12:28 -0800 (PST) Received: from ?IPv6:2601:647:4700:1280:f95b:566c:c56e:e915? ([2601:647:4700:1280:f95b:566c:c56e:e915]) by smtp.gmail.com with ESMTPSA id w4sm15242335pfb.125.2018.02.25.22.12.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Feb 2018 22:12:28 -0800 (PST) From: Mahesh Jethanandani Message-Id: <299A242A-9342-48E6-8189-AAF7B9A3143A@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_ABD45F25-6C24-42D7-9E52-3D1015B13160" Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Date: Sun, 25 Feb 2018 22:18:14 -0800 In-Reply-To: <151958515603.12934.11779217462614817262@ietfa.amsl.com> Cc: secdir@ietf.org, i2rs@ietf.org, ietf@ietf.org, draft-ietf-i2rs-rib-info-model.all@ietf.org To: Paul Wouters References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> X-Mailer: Apple Mail (2.3445.5.20) Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 06:12:32 -0000 --Apple-Mail=_ABD45F25-6C24-42D7-9E52-3D1015B13160 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Feb 25, 2018, at 10:59 AM, Paul Wouters wrote: >=20 > Reviewer: Paul Wouters > Review result: Has Issues >=20 > I have reviewed this document as part of the security directorate's = ongoing > effort to review all IETF documents being processed by the IESG. = These > comments were written primarily for the benefit of the security area = directors. > Document editors and WG chairs should treat these comments just like = any > other last call comments. >=20 > The summary of the review is Has Issues. >=20 > This Informational draft specifies an information model for routing = information > bases (RIBs) , and hints at how a read/write API would look like. I = think the > document should be improved to clarify this API beyond a simple = mention of SSH > and TLS in its own section, outside of the Security Consideration = section. For > example, if this is TLS, what is used? Something restful? xml? json? = What would > the URI be? And for ssh, what kind of access would be given? How is = this > restricted to the RIB API ? When I was reviewing the draft, I was wondering if the document needs a = Security Considerations section. I would say that the information model = should describe the routing information. I do not think it should = specify it. It is more the data model (draft-ietf-i2rs-rib-data-model) = that defines or specifies the model, and should have security = considerations documented. Suggest /specifies/describes/g >=20 >=20 > _______________________________________________ > i2rs mailing list > i2rs@ietf.org > https://www.ietf.org/mailman/listinfo/i2rs Mahesh Jethanandani mjethanandani@gmail.com --Apple-Mail=_ABD45F25-6C24-42D7-9E52-3D1015B13160 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

On Feb 25, 2018, at 10:59 AM, Paul Wouters <paul@nohats.ca> = wrote:

Reviewer: Paul Wouters
Review result: Has = Issues

I have reviewed this document as = part of the security directorate's  ongoing
effort to = review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the = security area directors.
Document editors and WG chairs = should treat  these comments just like any
other last = call comments.

The summary of the review is = Has Issues.

This Informational draft = specifies an information model for routing information
bases= (RIBs) , and hints at how a read/write API would look like. I think = the
document should be improved to clarify this API beyond = a simple mention of SSH
and TLS in its own section, = outside of the Security Consideration section. For
example, = if this is TLS, what is used? Something restful? xml? json? What = would
the URI be? And for ssh, what kind of access would = be given? How is this
restricted to the RIB API ?

When I was = reviewing the draft, I was wondering if the document needs a Security = Considerations section. I would say that the information model = should describe the routing information. I = do not think it should specify it. It is more the data model = (draft-ietf-i2rs-rib-data-model) that defines or specifies the model, = and should have security considerations documented.

Suggest /specifies/describes/g



_______________________________________________
i2rs mailing list
i2rs@ietf.org
https://www.ietf.org/mailman/listinfo/i2rs

Mahesh Jethanandani
mjethanandani@gmail.com

= --Apple-Mail=_ABD45F25-6C24-42D7-9E52-3D1015B13160-- From nobody Sun Feb 25 23:13:18 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40AC312D0C3; Sun, 25 Feb 2018 23:13:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.231 X-Spam-Level: X-Spam-Status: No, score=-4.231 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGtjE33_gc0i; Sun, 25 Feb 2018 23:13:05 -0800 (PST) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2A53120721; Sun, 25 Feb 2018 23:13:05 -0800 (PST) Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 91864E6ACA4C4; Mon, 26 Feb 2018 07:13:01 +0000 (GMT) Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 26 Feb 2018 07:12:47 +0000 Received: from NKGEML513-MBS.china.huawei.com ([169.254.2.231]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0361.001; Mon, 26 Feb 2018 15:12:39 +0800 From: "Huangyihong (Rachel)" To: Brian Weis , "secdir@ietf.org" CC: "draft-ietf-xrblock-rtcweb-rtcp-xr-metrics.all@ietf.org" , "iesg@ietf.org" , "xrblock@ietf.org" Thread-Topic: [xrblock] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 Thread-Index: AQHTrBhBszHQ7OW7xk269kEdXDO4JqO2SdFg Date: Mon, 26 Feb 2018 07:12:38 +0000 Message-ID: <51E6A56BD6A85142B9D172C87FC3ABBB9C6975D2@nkgeml513-mbs.china.huawei.com> References: <151932981864.8184.11842090487013149974@ietfa.amsl.com> In-Reply-To: <151932981864.8184.11842090487013149974@ietfa.amsl.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.134.153.152] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] [xrblock] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 07:13:08 -0000 Hi Brian, Thank you for the comments. We'll fix these nits in the next version. BR, Rachel > -----Original Message----- > From: xrblock [mailto:xrblock-bounces@ietf.org] On Behalf Of Brian Weis > Sent: Friday, February 23, 2018 4:04 AM > To: secdir@ietf.org > Cc: draft-ietf-xrblock-rtcweb-rtcp-xr-metrics.all@ietf.org; iesg@ietf.org= ; > xrblock@ietf.org > Subject: [xrblock] Secdir last call review of > draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08 >=20 > Reviewer: Brian Weis > Review result: Has Nits >=20 > I have reviewed this document as part of the security directorate's ongoi= ng > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area dire= ctors. > Document editors and WG chairs should treat these comments just like any > other last call comments. >=20 > This document describes monitoring features related to media streams in > Web real-time communication (WebRTC). The monitoring features are sent i= n > Sender and Receiver Reports through RTCP along with other metrics related= to > the transport of multimedia flows. The new monitoring features are compri= sed > of packet counts and other packet-related statistics (e.g., jitter). >=20 > The Security Considerations states that there are no additional security > considerations beyond those mentioned in related documents, and I believe > this is true. There is one reference in this section that needs to be fix= ed: > [RFC3792] is not correct. I assumed it should have been RFC 6792. >=20 > Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 t= o > identify the source for "concealment metrics". A security reviewer will n= aturally > want to know what property "concealment" is intended to provide, and it t= ook > some hunting down to find it and determine that it wasn't relevant. >=20 > _______________________________________________ > xrblock mailing list > xrblock@ietf.org > https://www.ietf.org/mailman/listinfo/xrblock From nobody Mon Feb 26 06:32:14 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 947C7124BE8; Wed, 21 Feb 2018 10:48:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1519238896; bh=UO5nCRNFNroDBI7pgVq0dZOqK+3vxd+jRLh6exhX1O8=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Cc; b=Lx/4ZCB9F7cTNADio6wtEbZanu2R4KDN/OSjQ3mJDeRCrLl8RTFZdOUPA6zLqRyeC 7j64SlgRJcPlF9Y/veuDMmcvOnfbQjhX40k+FxzPiGYZQEBU8GYnZpm6CgCzi3w1Es daXxxIcjpSmWH/7p9gPSv2uR7MXx/ZiWGMV7GExU= X-Original-To: new-work@ietfa.amsl.com Delivered-To: new-work@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9115D124BE8 for ; Wed, 21 Feb 2018 10:48:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YN9lHG9I1euv for ; Wed, 21 Feb 2018 10:48:12 -0800 (PST) Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6D33124BAC for ; Wed, 21 Feb 2018 10:48:11 -0800 (PST) Received: by mail-qt0-x233.google.com with SMTP id f4so3199691qtj.6 for ; Wed, 21 Feb 2018 10:48:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version:thread-index :content-language; bh=we3UXcVqQbPPLMUpAUcSkTVqpIM7YyXt4U6DL6E1B8c=; b=oyl3nmAxORcUoAdjTrNVFlAxabkXJq2prJDvea0bpiVqDffLnCi/43bp1aVXBW2KvM gRthw6fbhGc0dCLE5OluiSiChd3wFB3IfQ+V2mEaWyqgWpUjOMPzvC0zwGOU3H/eZSUN PmuPVpkwHCh+H/XcHr8pp/N2wQ3NkIVJxJcZqVZzFJCiQQ9/zhO3uwSACtAiu97Mpjwn /kHwdPhQO7zNlFIY7QSNQL2jtX8sd0DxwD8uEH1fSwMXmAhHUxETTfnxZ65t51FfsWAf dATMO8d3JBTlwe6bKSogpmkOadYzbrqgFhPvRvM0pZU8q0AGhyAjx4pULjul6or2G8TM 44UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :thread-index:content-language; bh=we3UXcVqQbPPLMUpAUcSkTVqpIM7YyXt4U6DL6E1B8c=; b=KIpiBzEmVRSywHqN+p/kR70VG8OCSMJ3pDwsc5CRPOVV07fEyfGVplfq3l03Gpa9HC ADueSQUpGKRZmlUwgAEbs5wD09gVsIvtDPIOWE1msNeEXjxvKinSmzkzXkBti2w+GZN3 WtNjqCl0kbOEue6nCdyZ/llIUQs132qgRIcZSkDKGSqymomWttbMP74LnwzyHkut9Cx/ DJ2MEgHFknhmo3EYZlmyjjrF/l5CTb+xytMJgPvXs/7Rce1gDLEsIbUpYaK5TKL0cctf dS9qW8J0yQnPyyEoT9RFll2gPsGYpN9U7qxoA+bGXy8mA1NSfc+yOluqAtnWFBaucVHw KKuA== X-Gm-Message-State: APf1xPAbAYnI8iiRsIaKWnThzgJz7xvVKEDJL6+cf34s6t+GeeXI5wvM ymgR3TvTqeGLZBGCsaK3/YvH4w== X-Google-Smtp-Source: AH8x224jggUx/UORsB27e0qQVVg9u4bUZIHfBEAhbbvlSXcWjzIxF/CeK0LPsKO3K5FNSIC/SvHkKQ== X-Received: by 10.237.59.232 with SMTP id s37mr6609782qte.83.1519238886020; Wed, 21 Feb 2018 10:48:06 -0800 (PST) Received: from DESKTOPGUNUVB7 (pool-98-117-240-238.hrbgpa.ftas.verizon.net. [98.117.240.238]) by smtp.gmail.com with ESMTPSA id g8sm22329697qta.30.2018.02.21.10.48.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2018 10:48:05 -0800 (PST) From: "John DAmbrosia" To: Date: Wed, 21 Feb 2018 13:48:07 -0500 Message-ID: <043f01d3ab44$83abda40$8b038ec0$@gmail.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdOrRIMX0YG+jRwUSxi8YzTCFjZe8Q== Content-Language: en-us Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Precedence: list Cc: 'Paul Nikolich' Content-Type: multipart/mixed; boundary="===============1465732248533043682==" Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Mon, 26 Feb 2018 06:32:11 -0800 Subject: [secdir] [new-work] IEEE 802 Mar 2018 PARs Under Consideration X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 18:48:17 -0000 This is a multipart message in MIME format. --===============1465732248533043682== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0440_01D3AB1A.9AD66E80" Content-Language: en-us This is a multipart message in MIME format. ------=_NextPart_000_0440_01D3AB1A.9AD66E80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit All, The following Project Authorization Requests (PARs) will be considered at the IEEE 802 Mar 2018 Plenary: * P802.1CBcv - Amendment: Information Model, YANG Data Model and Management Information Base Module, PAR and CSD * 802.1DC - Standard for Quality of Service Provision by Network Systems PAR and CSD * 802.1CBdb - Amendment: Extended Stream Identification Functions, PAR and CSD * 802.1Qcz - Amendment: Congestion Isolation, PAR and CSD * P60802 - Standard: Time-Sensitive Networking Profile for Industrial Automation, PAR and CSD * 802.3cg, Amendment: 10 Mb/s Operation over Single Balanced Twisted-pair Cabling and Associated Power Delivery, PAR Modification and CSD Modification * 802.3ck - Amendment: 100 Gb/s Signaling, PAR and CSD * 802.3cm - Amendment: 400Gb/s over MMF, PAR and CSD * 802.11bb - Amendment: Light Communications (LC), PAR and CSD * 802.15.4w - Amendment: LPWA (Low Power Wide Area), PAR and CSD * 802.15.4x - Amendment: FANE (Field Area Network Enhancements), PAR and CSD * 802.15.4y - Amendment: SECN (Security Next Generation), PAR and CSD * 802.15.4z - Amendment: EIR (Enhanced IR-UWB Ranging), PAR and CSD * 802.22.3 - Standard: Spectrum Characterization and Occupancy Sensing , PAR Modification , PAR Extension , and CSD The PARs can be found at http://www.ieee802.org/PARs.shtml along with the supporting IEEE 802 Criteria for Standards Development, or CSD, (which includes the 5 criteria, i.e. the explanations of how they fit the IEEE 802 criteria for initiating new work). Any comments on a proposed PAR should be sent to the Working Group chair identified on the PAR to be received by 6:30 PM (Chicago, IL, USA, CST ), Tuesday, Mar 6 (12:30am UTC, Mar 7, 2018) Regards, John D'Ambrosia Recording Secretary, IEEE 802 LMSC ------=_NextPart_000_0440_01D3AB1A.9AD66E80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable IEEE 802 Mar 2018 PARs Under Consideration

All,

The = following Project Authorization Requests (PARs) will be considered at = the IEEE 802 Mar 2018 Plenary:

·       P802.1CBcv - Amendment: Information Model, YANG = Data Model and Management Information Base Module, PAR and = CSD

·       802.1DC - Standard for Quality = of Service Provision by Network Systems
PAR and = CSD

·       802.1CBdb -  Amendment: = Extended Stream Identification Functions, PAR and = CSD

·       802.1Qcz - Amendment: = Congestion Isolation, PAR and = CSD

·       P60802 - Standard:  = Time-Sensitive Networking Profile for Industrial = Automation, PAR and = CSD

·       802.3cg, Amendment: 10 Mb/s = Operation over Single Balanced Twisted-pair Cabling and Associated Power = Delivery, PAR = Modification = and CSD Modification

·       802.3ck - Amendment: 100 Gb/s = Signaling, PAR and = CSD

·       802.3cm - Amendment: 400Gb/s = over MMF, PAR and = CSD

·       802.11bb - Amendment:  = Light Communications (LC), PAR and = CSD

·       802.15.4w - Amendment: LPWA = (Low Power  Wide Area), = PAR and = CSD

·       802.15.4x - Amendment: FANE = (Field Area Network Enhancements), = PAR and = CSD

·       802.15.4y - Amendment: SECN = (Security Next Generation), PAR and = CSD

·       802.15.4z - Amendment: EIR = (Enhanced IR-UWB Ranging), PAR and = CSD

·       802.22.3 - Standard: Spectrum = Characterization and Occupancy Sensing , PAR Modification, PAR Extension, and = CSD

The PARs can be found at http://www.ieee802.org/PARs.shtml along with the supporting IEEE 802 Criteria for = Standards Development, or CSD, (which includes the 5 criteria, i.e. the = explanations of how they fit the IEEE 802 criteria for initiating new = work).

Any = comments on a proposed PAR should be sent to the Working Group chair = identified on the PAR to be received by 6:30 PM (Chicago, = IL, USA, CST ), Tuesday, = Mar 6 (12:30am UTC, = Mar = 7, 2018)

Regards,

John D’Ambrosia

Recording Secretary, IEEE 802 LMSC

------=_NextPart_000_0440_01D3AB1A.9AD66E80-- --===============1465732248533043682== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work --===============1465732248533043682==-- From david+work@mandelberg.org Wed Feb 21 14:09:14 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE4B124C27 for ; Wed, 21 Feb 2018 14:09:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKzoU1eev4jV for ; Wed, 21 Feb 2018 14:09:13 -0800 (PST) Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D14AA12DB6B for ; Wed, 21 Feb 2018 14:09:11 -0800 (PST) X_CMAE_Category: , , X-CNFS-Analysis: v=2.2 cv=fpieXxwf c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=Op4juWPpsa0A:10 a=bmmO2AaSJ7QA:10 a=BTUBnpS-AAAA:8 a=iiazv-oawmH03g7Men8A:9 a=QEXdDO2ut3YA:10 a=pblkFgjdBCuYZ9-HdJ6i:22 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Authed-Username: ZHNlb21uQHJjbi5jb20= Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.mail=david+work@mandelberg.org; spf=neutral; sender-id=neutral Authentication-Results: smtp01.rcn.cmh.synacor.com header.from=david+work@mandelberg.org; sender-id=neutral Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN) Received-SPF: neutral (smtp01.rcn.cmh.synacor.com: 209.6.43.168 is neither permitted nor denied by domain of mandelberg.org) Received: from [209.6.43.168] ([209.6.43.168:33412] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from ) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id DE/9C-48647-50EED8A5; Wed, 21 Feb 2018 17:09:09 -0500 Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 34D7A1C6099; Wed, 21 Feb 2018 17:09:06 -0500 (EST) To: iesg@ietf.org, secdir@ietf.org, draft-ietf-ice-trickle.all@ietf.org From: David Mandelberg Organization: David Mandelberg, LLC Message-ID: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> Date: Wed, 21 Feb 2018 17:09:04 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: X-Mailman-Approved-At: Mon, 26 Feb 2018 06:32:11 -0800 Subject: [secdir] secdir review of draft-ietf-ice-trickle-16 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 22:31:34 -0000 Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is: ready with nits. (nit) Section 2: What is a "ufrag pair"? Is it short for username fragment pair? I might have just missed it, but I don't see a definition in the referenced terminology. (nit) Section 15: If I understand correctly, the signaling protocol also needs to guarantee that the end-of-candidates indication is not re-ordered with respect to any trickled candidates. Is that correct? Is it worth adding to the requirements? -- Freelance cyber security consultant, software developer, and more https://david.mandelberg.org/ From nobody Mon Feb 26 06:32:23 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F50912E8B1 for ; Wed, 21 Feb 2018 19:05:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axIOMsnfXo8M for ; Wed, 21 Feb 2018 19:05:29 -0800 (PST) Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 664FC12E8AE for ; Wed, 21 Feb 2018 19:05:28 -0800 (PST) X_CMAE_Category: , , X-CNFS-Analysis: v=2.2 cv=IeLFYiia c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=Op4juWPpsa0A:10 a=bmmO2AaSJ7QA:10 a=BTUBnpS-AAAA:8 a=N4ERlS6yprhKTvH9DewA:9 a=QEXdDO2ut3YA:10 a=pblkFgjdBCuYZ9-HdJ6i:22 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Authed-Username: ZHNlb21uQHJjbi5jb20= Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=david+work@mandelberg.org; spf=neutral; sender-id=neutral Authentication-Results: smtp02.rcn.cmh.synacor.com header.from=david+work@mandelberg.org; sender-id=neutral Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN) Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 209.6.43.168 is neither permitted nor denied by domain of mandelberg.org) Received: from [209.6.43.168] ([209.6.43.168:33484] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from ) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id 36/5F-63577-6733E8A5; Wed, 21 Feb 2018 22:05:26 -0500 Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 61F801C609C; Wed, 21 Feb 2018 21:58:46 -0500 (EST) To: Peter Saint-Andre , iesg@ietf.org, secdir@ietf.org, draft-ietf-ice-trickle.all@ietf.org References: <02c7b2a3-6e15-7a1c-7781-19cd3c8656ab@mandelberg.org> <28d45621-7f57-5f76-d85e-ab220fe4061d@mozilla.com> From: David Mandelberg Organization: David Mandelberg, LLC Message-ID: Date: Wed, 21 Feb 2018 21:58:43 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <28d45621-7f57-5f76-d85e-ab220fe4061d@mozilla.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: X-Mailman-Approved-At: Mon, 26 Feb 2018 06:32:11 -0800 Subject: Re: [secdir] secdir review of draft-ietf-ice-trickle-16 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 03:05:30 -0000 On 02/21/2018 06:56 PM, Peter Saint-Andre wrote: > Good catch - in-order delivery applies here as well. > > OLD > o A signaling protocol MUST deliver each trickled candidate not more > than once and in the same order it was conveyed (see Section 8). > > NEW > o A signaling protocol MUST deliver each trickled candidate or > end-of-candidates indication not more than once and in the same > order it was conveyed (see Section 8). > > We might want to also modify the text in Section 8, as follows: > > OLD > When candidates are trickled, the signaling protocol MUST deliver > each candidate to the receiving Trickle ICE implementation not more > than once and in the same order it was conveyed. If the signaling > protocol provides any candidate retransmissions, they need to be > hidden from the ICE implementation. > > NEW > When candidates are trickled, the signaling protocol MUST deliver > each candidate (and any end-of-candidates indication as described in > Section 8.2) to the receiving Trickle ICE implementation not more > than once and in the same order it was conveyed. If the signaling > protocol provides any candidate retransmissions, they need to be > hidden from the ICE implementation. Looks good to me. -- Freelance cyber security consultant, software developer, and more https://david.mandelberg.org/ From nobody Mon Feb 26 06:32:31 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DC98E12D77C; Fri, 23 Feb 2018 07:34:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1519400042; bh=OIVlJphvtEYYMKIRy5xhb+Gj7EGGrb04ndFpLzq9B9s=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=aiJ17A5qud3ssba/hgDWCzDMn84eTHfi9ZKmYe8svBRLF/+UnQj5kxdlhyhyX3YqB hHdc+NLbmI7bdiYs96U9MYVPASk65qa/tdPg8WCyLnZMW2uzxfNBtfOcPTF+p7deuw yqDKneUiNtfwXYpHdNMU27Ie0DiWPMPZZEIEjIzA= X-Original-To: new-work@ietf.org Delivered-To: new-work@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AF8127201 for ; Fri, 23 Feb 2018 07:33:56 -0800 (PST) MIME-Version: 1.0 From: The IESG To: X-Test-IDTracker: no X-IETF-IDTracker: 6.72.3 Auto-Submitted: auto-generated Precedence: bulk MIME-Version: 1.0 Reply_to: Message-ID: <151940003678.24195.6913927693740380558.idtracker@ietfa.amsl.com> Date: Fri, 23 Feb 2018 07:33:56 -0800 Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Mon, 26 Feb 2018 06:32:11 -0800 Subject: [secdir] [new-work] WG Review: Security Dispatch (secdispatch) X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 15:34:03 -0000 A new IETF WG has been proposed in the Security Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2018-03-05. Security Dispatch (secdispatch) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: TBD Assigned Area Director: Eric Rescorla Security Area Directors: Kathleen Moriarty Eric Rescorla Mailing list: TBD Group page: https://datatracker.ietf.org/group/secdispatch/ Charter: https://datatracker.ietf.org/doc/charter-ietf-secdispatch/ The Security Dispatch working group is chartered to consider proposals for new work in the SEC area an if the work is appropriate for the IETF and there is sufficient interest, identify, or help create, an appropriate venue for the work. In order to help the proposed new work succeed, the working group aims to assist the proposed new work in: 1. Providing a clear problem statement, motivation and deliverables. 2. Ensuring that there has been adequate mailing list discussion reflecting sufficient interest, a sufficient number of individuals have expressed a willingness to contribute, and there is WG consensus before the proposed new work can be dispatched. 3. Looking for and identifying commonalities and overlap amongst published or ongoing protocol work and the proposed new work. Such commonalities may indicate the possibility of reusing existing protocols or elements thereof published by other WGs, or expanding and/or refactoring the scope of deliverables in an existing active WG. 4. Protecting the architectural integrity of IETF protocols and ensuring that new work has general applicability. 5. Ensuring that the new work considers and seeks to improve security and privacy. Precedence will be given to documents which have evidence of interest in the form of active drafts and list discussion. Options for handling new work include: - Directing the work to an existing WG. - Developing a proposal for a BOF. - Developing a charter for a new WG. - Making recommendations that documents be AD-sponsored (which ADs may or may not choose to follow). - By agreement with SEC ADs, processing simple administrative documents. - Deferring the decision for the new work. - Rejecting the new work. The WG will attempt to come to a prompt resolution of the appropriate disposition of each proposal during the WG meeting. If the group decides that a particular topic needs to be addressed by a new WG, the normal IETF chartering process will be followed, including, for instance, IETF-wide review of the proposed charter. Proposals for large work efforts SHOULD lead to a BOF where the topic can be discussed in front of the entire IETF community. The SECDISPATCH WG will not do any protocol work. Specifically, SECDISPATCH will always opt to find a location for technical work; the only work that SECDISPATCH is not required to delegate (or defer, or reject) is administrative work such as IANA actions. Documents progressed as AD-sponsored would typically include those that do not have general applicability to IETF protocols, but rather are only applicable to specific use cases and network deployments, for which the scope must be clearly specified. Proposed new work may be deferred in cases where the WG does not have enough information for the chairs to determine consensus. New work may be rejected in cases where there is not sufficient WG interest or the proposal has been considered and rejected in the past, unless a substantially revised proposal is put forth, including compelling new reasons for accepting the work. A major objective of the SECDISPATCH WG is to provide timely, clear dispositions of new efforts. Thus, where there is consensus to take on new work, the WG will strive to quickly find a home for it. While most new work in the SEC area is expected to be considered in the SECDISPATCH working group, there may be times where that is not appropriate. At the discretion of the area directors, new efforts may follow other paths beside SECDISPATCH. For example work may go directly to BoFs (this is appropriate in cases of major new work which would clearly need a new WG), may be initiated in other working groups when it clearly belongs in that group, or may be directly AD sponsored. Milestones: TBD _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From nobody Mon Feb 26 06:32:37 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D5F12E884; Fri, 23 Feb 2018 07:38:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1519400305; bh=BGr645UFlFA/Qdk0ecrWT9GPvj6hErbsu9OrcoRv8To=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe; b=pOvn0/Exl7bnui9ZoPpbgf75+QxiYTbjdK9IqrobxxWPlfKQxr5S3RfiLk87ga9zL uFmEorAL3293gbH1rzvBc4eZp5zhIaF+1vX4fW/RvqTCzm47vBaHu/DxISO47wmihG hzIsqEgorqfkkt5QAvezXRMq+VyKzea9JF23nHV8= X-Original-To: new-work@ietf.org Delivered-To: new-work@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 97093127599 for ; Fri, 23 Feb 2018 07:38:19 -0800 (PST) MIME-Version: 1.0 From: The IESG To: X-Test-IDTracker: no X-IETF-IDTracker: 6.72.3 Auto-Submitted: auto-generated Precedence: bulk MIME-Version: 1.0 Reply_to: Message-ID: <151940029961.24151.5687234115206887818.idtracker@ietfa.amsl.com> Date: Fri, 23 Feb 2018 07:38:19 -0800 Archived-At: X-BeenThere: new-work@ietf.org X-Mailman-Version: 2.1.22 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: new-work-bounces@ietf.org Sender: "new-work" Archived-At: X-Mailman-Approved-At: Mon, 26 Feb 2018 06:32:11 -0800 Subject: [secdir] [new-work] WG Review: Trusted Execution Environment Provisioning (teep) X-BeenThere: secdir@ietf.org List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 15:38:26 -0000 The Trusted Execution Environment Provisioning (teep) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2018-03-05. Trusted Execution Environment Provisioning (teep) ----------------------------------------------------------------------- Current status: BOF WG Chairs: Nancy Cam-Winget Dave Thaler Assigned Area Director: Kathleen Moriarty Security Area Directors: Kathleen Moriarty Eric Rescorla Mailing list: Address: teep@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/teep Archive: https://mailarchive.ietf.org/arch/browse/teep/ Group page: https://datatracker.ietf.org/group/teep/ Charter: https://datatracker.ietf.org/doc/charter-ietf-teep/ The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features such as isolated execution and integrity of Trusted Applications, along with provisions for maintaining the confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM, and Intel using the TrustZone and the SGX technology, respectively. To programmatically install, update, and delete applications in a TEE, the Trusted Execution Environment Provisioning protocol runs between a service within the TEE on a given device, a relay application or service access point on the device's network stack and a server-side infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and the server side requires information about the device characteristics in the form of attestation and the device-side may require information about the server. Privacy considerations have to be taken into account with authentication features and attestation. This working group aims to develop an application layer protocol providing TEEs providing lifecycle management and security domain management for trusted applications. A security domain allows a service provider's applications to be isolated so that one security domain cannot be influenced by another domain, unless the domain exposes an API to allow inter-domain interactions. The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use of public key cryptography. The group will produce the following deliverables. The first draft is an architecture document describing the involved entities, their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that describes the above-described functionality that will be developed. The choice of encoding format(s) will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy, and operational properties. The group will maintain a close relationship with the IETF SUIT working group, GlobalPlatform, Trusted Computing Group, and other relevant standards to ensure interoperability, compatibility, and proper use of existing TEE-relevant application layer interfaces. Milestones: Mar 2018 - Adopt an Architecture document Mar 2018 - Adopt a solution document Aug 2018 - Progress Solution document to the IESG for publication Dec 2018 - Begin WGLC for Architecture document Jan 2019 - Progress Architecture document to the IESG for publication Jul 2019 - Begin WGLC for Solution document _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work From nobody Tue Feb 27 00:18:40 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72FD1200B9; Tue, 27 Feb 2018 00:18:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.196 X-Spam-Level: X-Spam-Status: No, score=-1.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZJ4-r-iq2ym; Tue, 27 Feb 2018 00:18:36 -0800 (PST) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50132.outbound.protection.outlook.com [40.107.5.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0777F1201F2; Tue, 27 Feb 2018 00:18:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9MAGGywAC7Do8VJII7a7julmBvl0X4Fr/iLo+cZUI14=; b=Txbeazvu6TIbOkPiHtk4BZRy3PFeq7zjGcWzqQkMOq+cNvuovOQmsGRjQILq1CZhPZRwztKvAznxQgJspvoHuq1B03KO4bREbubaFqeaOTyD0/pkD+bwVrZCFwRIrN/86YJB3XnIpE3oOUfGU3CCOIbi36cbWj0HpqPuGY6eOVY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=dieter.beller@nokia.com; Received: from [10.150.39.222] (131.228.32.190) by AM4PR07MB3411.eurprd07.prod.outlook.com (2603:10a6:205:a::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.548.6; Tue, 27 Feb 2018 08:18:29 +0000 From: Dieter Beller To: Benjamin Kaduk , iesg@ietf.org, secdir@ietf.org, draft-ietf-teas-lsp-diversity.all@ietf.org References: <20170829215133.GP96685@kduck.kaduk.org> Organization: Nokia Message-ID: Date: Tue, 27 Feb 2018 09:18:26 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20170829215133.GP96685@kduck.kaduk.org> Content-Type: multipart/mixed; boundary="------------AF11D4C94E0BC8C2DD27A4AD" Content-Language: en-US X-Originating-IP: [131.228.32.190] X-ClientProxiedBy: HE1PR09CA0089.eurprd09.prod.outlook.com (2603:10a6:7:3d::33) To AM4PR07MB3411.eurprd07.prod.outlook.com (2603:10a6:205:a::32) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 5f8dbe2b-a8ea-41be-bb23-08d57dbaaf23 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(49563074)(7193020); SRVR:AM4PR07MB3411; X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 3:u3enyJcDQTOQBpXQURVcCuHji8SEL/x73jFeQv6r8guaQaaNJtnrV+sXK63WCM+1+pJq+xo3/HsHX1CANBNu1M9xRu3a1FojsbjBnQiLoK6wqDQtKBkORgZD/48OaQGyZORtD8eLtDIQ1//V7rrqLQzhFLRU0irqFGLku+DiHhIXDF+AtiJ8rDI9jTXjXH0NmBvNYRCklUS9Drlh/hFOtCV2feh92z8ubL0tbf3tkPBoZ0Nlwxnq7RlV2h94S75B; 25:YmUf0pfADsrgkrQ9zJkcfWy7YLc2cGvNrqbpgT9Y2qAJgXEz7Qm7Z+cyIhyZEY8olvQrCqbI1vh5TVDIcdTMWaeIAEiTU8oC5hHdfz4reZ/iDN6ZccwHgxbbS5JzeHgzemlavAQ3JeQ3MCtd9yacevSi9ZPAfl0Omez/rHBD8u3lF9EKYXC3Sn0dTBF+Nm+5kVXfsvOw9a763yTMoy8Deznpz5f5V0qDvKXDK6M5L9oIb7qyXSxFDJ6xLVMT3D3eIHJs9DeJhtSzW5jDIrysGbHYsG83ODLFuhMY7seS2xOWKUl1fytzkCWApqUL5OMwNJ5S4JBVHQGUjJLZ3SvhYw==; 31:EJ+5Whvj+TIPA31g+NKNAQV46ajsbJHSD4SQghwoUkmfyzEudHzc+/M9+YoNJqOMBd/CdtPg3eFemXo5d33lUIhb04a0YCiMezZ4vH/06Sy0URL+j+7wLdNXiIDq+0OsGRbo3cy6+0CPKw7PT8w45zSh1nyrdCMimly93YEC+IcbvaqHGorTQkJyLv1GnTO3s+zXv4pI2GCSUbjhX6Eu/c2TVIsIr/k9gWryCEfh73Q= X-MS-TrafficTypeDiagnostic: AM4PR07MB3411: X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 20:yXPom+MFW4D5mlfKKNmRDGFEZSw0yV2NdrbuWBWqTUl5vVa1zW2chfWaY/RT9d6pxF+BnPBEFElZl3PuYTJO5fJ4LyGX+i7lw8i3faHD5c+rKNQ25odERFXYfn4vovgtSuQSSFmIRRo82ucTTpSV2+3n7hhIG3Qh1gJxYBVsUGrHhK9EENXcyHstyxSsj7JiQ81z5H7Ye3pv5hA8EZcgNcC4S0bM5OZ2vlkOP1X1X00pueVnrfuK0rLZHzEVB0SNmZzrfC9XBKMo6GbyklteopOuzokK+yQZVAMgo28u5kzwVP4iFdHmNn6c6kvQkoO55qdpua6vknoZS3DBraOy33Rib26zh53yMgfWdqfqU6d6hmuPhDJim+Yl3o9JVyu/ZDloHFRXNaDWmuMpt5PxXDGXohQRtZAkkq2mjZ0N+JjDUJCw1gCGBdyRAb3KYZMhsh8DTNml8OoxewCR/JH2dIiuBd8HSbrzSBzbMqRtRz9oIHCI+0xvXNRP8YJnpGYo; 4:cNsqUzXZTcVRGMpeRVzKlUsX5+bQ+grDcrBMP5XQl6oQXtUPBeOifUVU2BgTAHm4KdGS7wm1fzZFhLi9iJGVZ99d7MgzMpvodm7fwgGOX+nMLcq65xRv8CGqH2QssIeheA81Cig7Wd4VoP02g60w84ZqFwyjeAJpBu3B7s6BCKbk/cM2V+3iMNlVoWwkS4iOYRteOwXlUN1aRUsclxKO3rAs00pRbblf24aHRnLRUu9/NU5B/BbaVnLOy9vX1Z8Hs8/xdh+bQniPtMAxmb1BZGrQUNsl5eCAg7rgdS4lpp8q2QVAip2UzBI4sznqVI7Ysg/sb38mLSDY+OgYDLI63o1n7uPLGii6722CxrVBlpg= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231220)(11241501184)(806099)(944501161)(52105095)(3002001)(6055026)(6041288)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM4PR07MB3411; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3411; X-Forefront-PRVS: 05961EBAFC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6049001)(366004)(376002)(346002)(39860400002)(39380400002)(396003)(199004)(189003)(53754006)(16586007)(64126003)(966005)(6306002)(7736002)(16576012)(54896002)(37036004)(81166006)(568964002)(31696002)(86362001)(81156014)(33964004)(97736004)(65806001)(31686004)(236005)(105586002)(229853002)(106356001)(68736007)(478600001)(21480400003)(8676002)(66066001)(58126008)(4610100001)(65956001)(2950100002)(21440400002)(65826007)(53936002)(4620100001)(1560700002)(76176011)(52116002)(6116002)(2171002)(6246003)(3846002)(25786009)(36916002)(386003)(6486002)(5660300001)(2906002)(8936002)(316002)(5890100001)(59450400001)(6666003)(36756003)(84326002)(2476003)(186003)(16200700003)(606006)(53546011)(16526019)(77096007)(53946003)(26005)(559001)(569006); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB3411; H:[10.150.39.222]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM4PR07MB3411; 23:dGP3Z8wVOjKKlYajgkIg0E2RwaBC286dz8xqa+FWc?= =?us-ascii?Q?oT1ml2k45NGpHsPvTZ6nUADgj+AEJL/Nmb52sPeiBFCiJ0TgHz7BoTmA1aTo?= =?us-ascii?Q?XXhCLawygnc/cVVepP361hpdZIyH6fmWmem6YDFTxzL6obsMj7LRaANSjNhF?= =?us-ascii?Q?fxatiJlSnxTTV7nCN5CXnbi/N5scWUNgD4QVPT/rMVYVYtuMdzfGwzWY45gi?= =?us-ascii?Q?7VCJrA4sxwRH/wzvFNVHP8nOxIRbNjGkO33OHqBdJ0MXc/qfEQ3tIpLfxjmo?= =?us-ascii?Q?O62k/Siw3mbmw+NKa0BI42t6Sqfrg3dE+CmU/IjHmXFgtgBjzqDc9w/07gOa?= =?us-ascii?Q?lDl5dtsbk+DW7Qo4lKD6/sDKoSvNhTrVvExu+iKYUcwTX412D/z4ABFx2E2G?= =?us-ascii?Q?YSlT9hnJcPPZPiQ391Ev76UUcpObTZaVEL049WF6cd7beNKX+nnc9U3nZWas?= =?us-ascii?Q?l49Cg1iInD0z2ON4+zD7+nk2rZvc9GW5U3xSMy7mSpbojxvKmOmSHsVU5hSi?= =?us-ascii?Q?E+T7Juss5DewG/1TGLs4qvVzAZOvtuC4cho4DBmJSnLTxAxSUPPj2/cG0Lpn?= =?us-ascii?Q?uVTgKFU9hzfoaZE4OeMvyGxcOoofFk9Ayqil2sVZtnUVKmKH+VhdftMgvF8X?= =?us-ascii?Q?GzznLL4k8bNggx88hJFXk87NqigPEn+rLPUPz8Vv3Zp41k2Ca+V/yukvB1Gm?= =?us-ascii?Q?SXkfXNlu45EL/HZmar2m4BIgkut1xA0A38Ft8i6rlpoIiuJjx+FMtf99Qn3N?= =?us-ascii?Q?ZKuPTZAf+dvTH13CyorkItiWA8BZadoxwzdZUkKj/h0MfbQzy2UnglVt8O3E?= =?us-ascii?Q?m81ttW/gLphyBFiWybC5mj6TCjRDBNOETn3N4lXCwuap1OoLGLmlZ82JGUsc?= =?us-ascii?Q?sFpJzwMDDq8Tp/IJwYZUhfSZ1mN6tvS6yqtRi8+4VR27zMX6S31+SDNYipnZ?= =?us-ascii?Q?oZEUhHdoX5BGDhscDkNPJCNf/ik4ZqJ7dUNvDaO5pPHVgPoeDVGxOu3ZMynL?= =?us-ascii?Q?AwDpPpJOr6jSkcjq8PoRPfAo50pazJXizLZg0Rj7LEQP08kz5zfo9IExQtUo?= =?us-ascii?Q?SFumF7ZBfwd98L29tnZXMFSbpCMxK689I5g83HLoN0BoMMUNLRUeVEy39hpt?= =?us-ascii?Q?tiUN9Hi2qggWpbYimzJHSUNw9lpoL0EkMzhhDNjoW0Jmbi2mGMmyW31tRsjR?= =?us-ascii?Q?kXiVBi7T/XciW9OQ/EBmRyuqWXHgxNe7Fif3BHL+IWycULlldY74g20xuozj?= =?us-ascii?Q?DXFpSoJBlESfRldHhjyr3cKSeaqU3IfL1+M/esegTOyhfsdg21nFWQ2rZ6Y4?= =?us-ascii?Q?yp0lYP8hqjeLlGl3EBBIRvQqVi6SjZivoDdNYY+BCInCw4M1XGuCQo84qQ9j?= =?us-ascii?Q?kFh6qgQYZEnCMbnNSQte2nOxpJ9FbtbYh9EcoAd2xvvggaqkmOPadFEVzK+k?= =?us-ascii?Q?b+Mi5UMsJUx8jOOrCL3H652bI33UTERttMsw4h2MdIGgna/+AvupyUndDHrC?= =?us-ascii?Q?pw63WxKzv8ndEZ8/hxmb24RcYcCsH/q3WMuuuaWphlTGCvtT2u0XTg/zkDLM?= =?us-ascii?Q?RicdeY3imt3EhAUPqsyT/jeIFdDbh+YJHsc3bth2cItZIMtDC5La/kBZnhnn?= =?us-ascii?Q?ihKKEIjrNUXLYKu1H0cyCB1W8wlY3Y3wP2GgD+Mtu+Uk1aCCb92SSJljH0/K?= =?us-ascii?Q?dKO5D528QrlUXZYJ6WrKsbCB/5fmartmgLhhCW7uuZ8PtM=3D?= X-Microsoft-Antispam-Message-Info: kBEjkSSAeLUQmUFNDCvETDAd4pnnKNzONSDg4Iku7aSDwQxlD5lDDm50n49hzDSN53J9gPDAf7/FtIquZnai/Q== X-Microsoft-Exchange-Diagnostics: 1; AM4PR07MB3411; 6:hi4TaYVWLI7fapki2F2I5EPKEiXR5sv4vBBIiJmGCSFeqR32uPejdqbb8lOE+Gk8khMNu7N2GIpgN08pVIWZwh/Y4cdRHgyXtTGb7iu8paRS83fVz+RpuGBFyd/theSHvu1sLXGPz24gFcdZGSm956uy0bl5/cQdj+Scz/ZsYR4hNsCFu4vSSHqJpAOKkm+fry7khFOlmeVzeclNot4HY4fwxttbwz87ezw9ViK8RjagnZOtDBehxAkQ62J6/wCW1XTHOEzKu9FbEw5c1bRdm2wWo9FbiUQpyCCwLTPf+2WRPqKVHVTImn7k/VFndv2jJWAYiasHfUXeB+ti/5Q75H5kGF7hMLO7ObRD0WGoNEA=; 5:+bm8MxAh4Xwx+U84Y8RG0eI4ZZyPHvD2xoMfJbY91gyWiCAPOoZUqb/hRujRC8Fece43pVqJxwBoo+IqnpvVQLhj9nhz95A3FSiEwiR7MaIrQyfjqLZw2zIUchnv8/9mSTuBSlYfh2WFU+tDP3hyzD2oQw1gRyxvf6skJNyIoos=; 24:nt3e1E0ae+g/qMM3JzZw4OYUUt+RQjkYg4aFl3MW8QTvOdVkVbCQBl+Rdp5rOLzJeHyn1kJxWai8HMqcB3N7kS0uvcMmVfdVyxyYP/8JCQA=; 7:s7k+4kMNFfupYbBIMRwuRIwVobVzl4M+6YjB77gKLEHG5l+kGFuKGMziIxznb3jam4VNU61oSWhkmAGHOl7nWF0BSOVY0pYJpyM3JVsBAZRKa9akn4KCYOoT0tNmoTPQAHKfnnCyfylBBK+78cKXq9zxjcz2Q5/FkaMiMCKm5X/xjxKvvDxzM/ANwCgDotzij9Z72v2FKefp4xa1i7poxa1EXbFR93LHvr9KPkNNd4TEdz+Rp4+lv97DfWFNsLez SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2018 08:18:29.2742 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5f8dbe2b-a8ea-41be-bb23-08d57dbaaf23 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3411 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-teas-lsp-diversity-08 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 08:18:39 -0000 --------------AF11D4C94E0BC8C2DD27A4AD Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Hi Ben,

our apologies for the delayed response.

Please find attached revision 10 of draft-ietf-teas-lsp-diversity, which has not been submitted yet.
All changes compared to revision 08 are still visible. Revision 09 has been submitted during IETF100 with some IESG review comments incorporated.

Please find our answers to your comments below.

Could you please let us know whether your comments are adequately addressed.


Thanks,
Dieter and co-authors
On 29.08.2017 23:51, Benjamin Kaduk wrote:
Hi all,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

In summary, I think this document is ready with nits (largely editorial).

OK

The main point of the document is to allow for source nodes to request
path diversity in new LSPs being created, in the case where the source
node does not have full knowledge of the relevant topology.  (The case
where the source node does have such knowledge is already handled via
eXclude Route Objects and Explicit Exclusion Route Subobjects.)  My
understanding is that the main reason to request such path diversity
is to introduce redundancy and improve the system functionality in
the case of (localized) outages, but this does not really seem to
be emphasized in the Introduction -- maybe it should?

Following sentence added to the Abstract:

A typical LSP diversity use case is protection, where two LSPs should follow different paths through the network in order to avoid
single points of failure, thus greatly improving service availability.

Path diversity is effected by the use of a "reference path" that already
exists between a source and destination, and requesting that the new
path is diverse with respect to that reference path.  Similarly to the
above, it may be helpful to explictly introduce the notion of a reference
path instead of introducing it implicitly, in passing.

"reference path": see new Terms and Abbreviations section and Introduction

Do you suggest that this term shall be used also in the other sections?

The security considerations largely refer to/include by reference RFCs
5920, 2205, 3209, 3473, and 4874, though not all of these are listed
as normative references.  (I'm not sure whether there is a convention
for such cases.)

RFCs 5920 and 2205 moved from informative to normative references.

  Of those, RFC 3473 also refers to RFC 2747, and there
may (or may not) be value in flattening the chain of references by explicitly
mentioning RFC 2747 here as well.  To a large extent, those references
do seem to cover the relevant security considerations for this document,
as there is little that is conceptually new in this document.

RFC2747 added as normative reference and listed in the Security Considerations section.

  The final
paragraph of the security considerations calls out an exception to
the rule from RFC 4874 that XRO could/should be removed from the Path
message to avoid leaking internal information, because the diversity
subobject needs to be preserved in order to perform its function.  One could
potentially claim that even the diversity subobject is leaking some information
about the internal network in some cases, but since the "leaked" information
is essentially an opaque identifier, the usual case would generally be
that it is worth the minor leak in order to obtain path diversity, as
this document states.
Should a sentece be added at the end of the Security Considerations stating this? For example:

Passing the opaque identifiers from one domain to another may be considered as minor leak that is worth
to obtain diversity.

Whenever new identifiers are issued, the corresponding privacy considerations
should also be considered.  Given that the role of a core network is
probably (?) considered to be just transit, I am not very concerned
about path identifiers leaking information (or correlations) about what
physical path a given set of data traverses.

The core network is indeed just transit.

I suppose one could consider potential security/privacy issues inherent
in path diversity as well, which seems mostly limited to the case where
only a subset of nodes/links are compromised in some fashion (monitored
or subject to traffic injection).  In that case, someone knowing that
a reference path is not subject to attack could try to create a new
(diverse) path in an attempt to have the new path traverse the compromised
equipment.  But that seems quite far-fetched as an attack, especially
in the context of the RFC 5920 model where the core is considered to
be equally/globally trusted.

Agreed

I'm also possibly confused at the requirements introduced in section 2.3
(page 19) for the node performing path computation to take action when
a previously unknown (excluded) path becomes known, or when LSPs (?)
change so that a requested exclusion is no longer satisfied.  This seems
to require that the PCE store all XRO subobjects along with the path
state, so as to be able to do this processing upon (all!) LSP changes.
Is the extra storage and/or computation likely to be a significant burden
on the PCE that might lead to resource-exhaustion and denial of service?

No,  it is well known that a PCE is powerful entity and should be capable of handling highly complex scenarios.
Please see RFC5520 for more information.

There is also some minor risk in section 1.3 (page 8) where PAS assignment
and distribution is left as out of scope for this document -- certain
assignment schemes could leak information or allow outside parties to guess
"new" values that would be treated as valid by the core network.  But it's
hard to see this leading to a concrete attack, especially when the PAS
number space is only 32 bits wide.

Agreed - no changes made to the document.


I'll mention a few of the more significant editorial issues here, and
defer the really nitty-gritty stuff to a later message with narrower
scope, in the interest of expediency (as this document is scheduled
for this week's telechat).

It may be worth double-checking that acronyms not listed as "well-known"
at https://www.rfc-editor.org/materials/abbrev.expansion.txt are expanded
at first use; UNI-N and RRO are a couple that I noticed while reviewing.

In the abstract:

   [...] Three different
   mechanisms are supported how LSP diversity can be accomplished in
   the provider or core network: the signaled diversity type, indicates
   whether diversity is based on client, path computation engine (PCE),
   or network assigned identifiers.

am I correct to infer that "indicates whether diversity is based on client"
is supposed to clarify what "signaled diversity type" means, so that
the rest of the sentence is a three-element list corresponding to the
three diversity identifiers introduced by this document?  If so, it's
probably better to put it inside parentheses than offset by commas,
or even to reword it entirely to just be something like "a client-initiated
method".

The abstract has been significantly revised - see attachment.

The next sentence could also be made smoother, something about assuming
that LSPs are created at a slow rate and exist for a long time, so that it
is reasonable to assume that a given (reference) path currently existing,
with a well-known identifier, will continue to exist and can be used
as a reference when creating the new path.

The abstract was modified along the lines of the proposed text.

At the top of page 4, "exemplified" should probably be something like
"illustrated" (this particular diagram is not really the epitome of
path exclusion).

In page 4, a "single-homed UNI" is referred to.  My understanding was that
the UNI was akin to an edge in the topology graph, and that "single-homed"
would more commonly apply to an EN (but maybe my understanding is incorrect).

Changed as follows:

Such a single point of failure can be avoided when the EN device
is connected to two different CN devices...

Page 5, first complete paragraph, does "across the UNI boundary" just
mean in the CN to EN direction?

No, there are restrictions in both directions. Client network topology information is typically not shared withe the core network
(there can be more client network nodes beyond the ENs) 

At the end of section 1 (just before section 1.1), the listing
"client-initiated, allocated by the (core) network or managed by a PCE"
should probably have the last two swapped, to match the ordering used
in the rest of the document.

Sentence changed as proposed.

At the bottom of page 5 (last line), should "LSP IS = L1" be
"LSP ID = L2" (S-->D and 1-->2)?  Also, the previous line has
"LSP-IDENTIFIER12" which probably is meant to just be the '2'.

This paragraph was corrected - we got the same comments from other reviewers.

Page 8, third paragraph, "included for exclusion" is a little awkward
of a phrasing; "[i]f a PAS identifier is used as an exclusion identifier"
might be better.

Sentence changed as proposed.

Page 11 just lists the three diversity identifier types created by
this document; should there be consideration of (text for) how to
allocate additional types in the future?

No - all conceivable use cases based on existing IETF work are covered.

The string "IPv4/ IPv6" appears many times in the text; I believe it's
more conventionally written without the space, as "IPv4/IPv6".

Changed based on comments from other reviewers.

Crossing from page 16 to page 16, "sends [...] request from ingress node to
egress node including diversity constraints to a PCE" is potentially
confusing about what is being sent where, since it's the request for
a path [from ingress node to egress node] that is sent to the PCE.  So,
"path computation request for a path from ingress node to egress node"
might be better, or even reordering things more drastically.

Text changed as follows:

In case of DI type "PCE Allocated Identifier" and "Network
Assigned Identifier", the nodes in the domain that perform path
computation SHOULD process the diversity information signaled in
the XRO/EXRS Diversity subobjects as follows. In the PCE case,
the ingress node of a domain sends a path computation request for
a path from ingress node to egress node including diversity
constraints to a PCE. Or,in the PAS case, the ingress node is
capable to calculate the path for the new LSP from ingress node
to the egress node taking the diversity constraints into account.

The last two sentences of the Security Considerations are a little hard
to read; I might reword them, potentially as:

However, when the diversity subobjects specified in this document are used,
removing at the administrative boundary an XRO containing these diversity
subobjects would result in the request for diversity being dropped at
the boundary, and path computation would be unlikely to produce the requested
divers path.  As such, diversity subobjects MUST be retained in an XRO
crossing an administrative boundary, even if other subobjects are removed.

Replaced the two sentences with the proposed text.

-Ben
--------------AF11D4C94E0BC8C2DD27A4AD Content-Type: application/msword; name="draft-ietf-teas-lsp-diversity-10.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="draft-ietf-teas-lsp-diversity-10.doc" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAEAAAAuAEAAAAA AAAAEAAAuwEAAAEAAAD+////AAAAALQBAAC1AQAAtgEAALcBAAD///////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// ///////////////////////////////////spcEAJQAJBAAA+BK/AAAAAAAAEAAAAAAACAAA edsAAA4AYmpiamkSaRIAAAAAAAAAAAAAAAAAAAAAAAAJBBYASOQBAAt4QWQLeEFkYNAAAAAA AAAYAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAD//w8A AAAAAAAAAAAAAAAAAAAAALcAAAAAAExyAAAAAAAATHIAAJGAAAAAAAAAkYAAAAAAAACRgAAA AAAAAJGAAAAAAAAAkYAAABQAAAAAAAAAAAAAAP////8AAAAApYAAAAAAAAClgAAAAAAAAKWA AAA4AAAA3YAAADQDAAARhAAA9AAAAKWAAAAAAAAAIkcBAJwDAAAFhQAAIAIAACWHAAAoAAAA TYcAAAAAAABNhwAAAAAAAE2HAAAAAAAAgYgAAIoEAAALjQAAVAEAAF+OAACsAAAAeUYBAAIA AAB7RgEAAAAAAHtGAQAAAAAAe0YBAAAAAAB7RgEAAAAAAHtGAQAAAAAAe0YBACQAAAC+SgEA tgIAAHRNAQAUAQAAn0YBABUAAAAAAAAAAAAAAAAAAAAAAAAAkYAAAAAAAAALjwAAAAAAAAAA AAAAAAAAAAAAAAAAAACBiAAAAAAAAIGIAAAAAAAAC48AAAAAAAALjwAAAAAAAJ9GAQAAAAAA AAAAAAAAAACRgAAAAAAAAJGAAAAAAAAATYcAAAAAAAAAAAAAAAAAAE2HAAA0AQAAtEYBADIA AACtmwAAAAAAAK2bAAAAAAAArZsAAAAAAAALjwAATgcAAJGAAAAAAAAATYcAAAAAAACRgAAA AAAAAE2HAAAAAAAAeUYBAAAAAAAAAAAAAAAAAK2bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48AAAAAAAB5RgEAAAAAAAAAAAAAAAAA rZsAAAAAAACtmwAAJgUAAJH/AAAsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQgBAAAAAABNhwAA AAAAAP////8AAAAA8Ip06Qav0wEAAAAAAAAAAP////8AAAAAWZYAALgAAAC9AwEAaAAAAAAA AAAAAAAAZUYBABQAAADmRgEAPAAAACJHAQAAAAAAJQQBAOwDAACITgEAAAAAABGXAACcBAAA iE4BAMgAAAARCAEASgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbCAEAhgcAAIhOAQAAAAAAAAAAAAAAAACRgAAA AAAAAOEPAQCENgAAAAAAAAAAAAAAAAAAAAAAAK2bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48AAAAAAAALjwAAAAAAAAuPAAAAAAAA n0YBAAAAAACfRgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArZsAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuPAAAAAAAAC48AAAAAAAALjwAA AAAAACJHAQAAAAAAC48AAAAAAAALjwAAAAAAAAuPAAAAAAAAC48AAAAAAAAAAAAAAAAAAP// //8AAAAA/////wAAAAD/////AAAAAAAAAAAAAAAA/////wAAAAD/////AAAAAP////8AAAAA /////wAAAAD/////AAAAAP////8AAAAA/////wAAAAD/////AAAAAP////8AAAAA/////wAA AAD/////AAAAAP////8AAAAA/////wAAAAD/////AAAAAIhOAQAAAAAAC48AAAAAAAALjwAA AAAAAAuPAAAAAAAAC48AAAAAAAALjwAAAAAAAAuPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjwAAAAAAAAuPAAAAAAAA C48AAAAAAABMcgAACw0AAFd/AAA6AQAABQASAQAACQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAFJlc291cmNlIFJlc2VyVmF0aW9uIFByb3RvY29sLVRy YWZmaWMgRW5naW5lZXJpbmcgKFJTVlAtVEUpIFBhdGggRGl2ZXJzaXR5IHVzaW5nIEV4Y2x1 ZGUgUm91dGUNZHJhZnQtaWV0Zi10ZWFzLWxzcC1kaXZlcnNpdHktMDgxMC50eHQNU3RhdHVz IG9mIHRoaXMgTWVtbw1UaGlzIEludGVybmV0LURyYWZ0IGlzIHN1Ym1pdHRlZCBpbiBmdWxs IGNvbmZvcm1hbmNlIHdpdGggdGhlIHByb3Zpc2lvbnMgb2YgQkNQIDc4IGFuZCBCQ1AgNzku DUludGVybmV0LURyYWZ0cyBhcmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0 IEVuZ2luZWVyaW5nIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVyIGdyb3Vw cyBtYXkgYWxzbyBkaXN0cmlidXRlIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURy YWZ0cy4gIFRoZSBsaXN0IG9mIGN1cnJlbnQgSW50ZXJuZXQtRHJhZnRzIGlzIGF0IGh0dHA6 Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kcmFmdHMvY3VycmVudC8uDUludGVybmV0LURyYWZ0 cyBhcmUgZHJhZnQgZG9jdW1lbnRzIHZhbGlkIGZvciBhIG1heGltdW0gb2Ygc2l4IG1vbnRo cyBhbmQgbWF5IGJlIHVwZGF0ZWQsIHJlcGxhY2VkLCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIg ZG9jdW1lbnRzIGF0IGFueSB0aW1lLiAgSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2UgSW50 ZXJuZXQtRHJhZnRzIGFzIHJlZmVyZW5jZSBtYXRlcmlhbCBvciB0byBjaXRlIHRoZW0gb3Ro ZXIgdGhhbiBhcyAid29yayBpbiBwcm9ncmVzcy4iDVRoaXMgSW50ZXJuZXQtRHJhZnQgd2ls bCBleHBpcmUgb24gU2VwdGVtYmVyIEF1Z3VzdCB4eDI4LCAyMDE3OC4NDUNvcHlyaWdodCBO b3RpY2UNQ29weXJpZ2h0IChjKSAyMDE4NyBJRVRGIFRydXN0IGFuZCB0aGUgcGVyc29ucyBp ZGVudGlmaWVkIGFzIHRoZSBkb2N1bWVudCBhdXRob3JzLiAgQWxsIHJpZ2h0cyByZXNlcnZl ZC4NVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQgdGhlIElFVEYgVHJ1 c3QncyBMZWdhbCBQcm92aXNpb25zIFJlbGF0aW5nIHRvIElFVEYgRG9jdW1lbnRzIChodHRw Oi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0 ZSBvZiBwdWJsaWNhdGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0aGVz ZSBkb2N1bWVudHMgY2FyZWZ1bGx5LCBhcyB0aGV5IGRlc2NyaWJlIHlvdXIgcmlnaHRzIGFu ZCByZXN0cmljdGlvbnMgd2l0aCByZXNwZWN0IHRvIHRoaXMgZG9jdW1lbnQuICBDb2RlIENv bXBvbmVudHMgZXh0cmFjdGVkIGZyb20gdGhpcyBkb2N1bWVudCBtdXN0IGluY2x1ZGUgU2lt cGxpZmllZCBCU0QgTGljZW5zZSB0ZXh0IGFzIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDQuZSBv ZiB0aGUgVHJ1c3QgTGVnYWwgUHJvdmlzaW9ucyBhbmQgYXJlIHByb3ZpZGVkIHdpdGhvdXQg d2FycmFudHkgYXMgZGVzY3JpYmVkIGluIHRoZSBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlLg0M QWJzdHJhY3QNUmVzb3VyY2UgUmVTc2VyVmF0aW9uIFByb3RvY29sLVRyYWZmaWMgRW5naW5l ZXJpbmcgcHJvdmlkZXMgc3VwcG9ydCBmb3IgdGhlIGNvbW11bmljYXRpb24gb2YgZXhjbHVz aW9uIGluZm9ybWF0aW9uIGR1cmluZyBsYWJlbCBzd2l0Y2hlZCBwYXRoIChMU1ApIHNldHVw LiBBIHR5cGljYWwgTFNQIGRpdmVyc2l0eSB1c2UgY2FzZSBpcyBwcm90ZWN0aW9uLCB3aGVy ZSB0d28gTFNQcyBzaG91bGQgZm9sbG93IGRpZmZlcmVudCBwYXRocyB0aHJvdWdoIHRoZSBu ZXR3b3JrIGluIG9yZGVyIHRvIGF2b2lkIHNpbmdsZSBwb2ludHMgb2YgZmFpbHVyZSwgdGh1 cyBncmVhdGx5IGltcHJvdmluZyBzZXJ2aWNlIGF2YWlsYWJpbGl0eS4gVGhpcyBkb2N1bWVu dCBzcGVjaWZpZXMgdHdvIG5ldyBkaXZlcnNpdHkgc3Vib2JqZWN0cyBmb3IgdGhlIFJTVlAg ZVhjbHVkZSBSb3V0ZSBPYmplY3QgKFhSTykgYW5kIHRoZSBFeHBsaWNpdCBFeGNsdXNpb24g Um91dGUgU3Vib2JqZWN0IChFWFJTKSBzdWJvYmplY3RzLiBUaHJlZSBkaWZmZXJlbnQgbWVj aGFuaXNtcyBhcmUgc3VwcG9ydGVkIGRlZmluZWQgaG93dG8gYWNjb21wbGlzaCBMU1AgZGl2 ZXJzaXR5IGNhbiBiZSBhY2NvbXBsaXNoZWQgaW4gdGhlIHByb3ZpZGVyIG9yIGNvcmUgbmV0 d29yazogdGhlIHNpZ25hbGVkIGRpdmVyc2l0eSB0eXBlLCBpbiB0aGUgc2lnbmFsaW5nIG1l c3NhZ2UgaW5kaWNhdGVzIHdoZXRoZXIgZGl2ZXJzaXR5IGlzIGJhc2VkIGlkZW50aWZpZXJz IHRoYXQgYXJlIHByb3ZpZGVkIGJ5IHRoZSBvbiBjbGllbnQgZGV2aWNlLCBieSBhIHBhdGgg Y29tcHV0YXRpb24gZW5naW5lIChQQ0UpLCBvciBieSB0aGUgY29yZSBuZXR3b3JrIGFzc2ln bmVkIGlkZW50aWZpZXJzLg1MU1BzIGFyZSB0eXBpY2FsbHkgY3JlYXRlZCBhdCBhIHNsb3cg cmF0ZSBhbmQgZXhpc3QgZm9yIGEgbG9uZyB0aW1lLCBzbyB0aGF0IGl0IGlzIHJlYXNvbmFi bGUgdG8gYXNzdW1lIHRoYXQgYSBnaXZlbiAocmVmZXJlbmNlKSBwYXRoIGN1cnJlbnRseSBl eGlzdGluZywgd2l0aCBhIHdlbGwta25vd24gaWRlbnRpZmllciwgd2lsbCBjb250aW51ZSB0 byBleGlzdCBhbmQgY2FuIGJlIHVzZWQgYXMgYSByZWZlcmVuY2Ugd2hlbiBjcmVhdGluZyB0 aGUgbmV3IHBhdGguDVRoZSBzb2x1dGlvbiBkZXNjcmliZWQgaW4gdGhpcyBkb2N1bWVudCBp cyBiYXNlZCBvbiB0aGUgYXNzdW1wdGlvbiB0aGF0IExTUHMgYXJlIHJlcXVlc3RlZCBzZXF1 ZW50aWFsbHksIGkuZS4sIHRoZSB0aW1lIHBlcmlvZCBiZXR3ZWVuIHRoZSBMU1Agc2V0dXAg cmVxdWVzdHMgZm9yIHRoZSB0d28gTFNQcyBtYXkgYmUgbG9uZ2VyIChkYXlzLCB3ZWVrcywg bW9udGhzKS4NIFJlLXJvdXRpbmcgb2YgdGhlIGV4aXN0aW5nIChyZWZlcmVuY2UpdGhlIGZp cnN0IExTUCB0aGF0IHdhcyBlc3RhYmxpc2hlZCBiZWZvcmUgdGhlIG5ldyBwYXRobWF5IGhh dmUgZXhpc3RlZCBmb3IgYSBsb25nZXIgcGVyaW9kIG9mIHRpbWUgaXMgbm90IGNvbnNpZGVy ZWQuDQ1Db252ZW50aW9ucyB1c2VkIGluIHRoaXMgZG9jdW1lbnQNVGhlIGtleSB3b3JkcyAi TVVTVCIsICJNVVNUIE5PVCIsICJSRVFVSVJFRCIsICJTSEFMTCIsICJTSEFMTCBOT1QiLCAi U0hPVUxEIiwgIlNIT1VMRCBOT1QiLCAiUkVDT01NRU5ERUQiLCAiTUFZIiwgYW5kICJPUFRJ T05BTCIgaW4gdGhpcyBkb2N1bWVudCBhcmUgdG8gYmUgaW50ZXJwcmV0ZWQgYXMgZGVzY3Jp YmVkIGluIFJGQyAyMTE5IFtSRkMyMTE5XS4NVGFibGUgb2YgQ29udGVudHMNEyBUT0MgXG8g IjEtMyIgFFRlcm1zIGFuZCBBYmJyZXZpYXRpb25zCRMgUEFHRVJFRiBfVG9jNTAyNjYxODQ0 IFxoIAEUMxUNMS4gSW50cm9kdWN0aW9uCRMgUEFHRVJFRiBfVG9jNTAyNjYxODQ1IFxoIAEU MxUNMS4xLiBDbGllbnQtSW5pdGlhdGVkIElkZW50aWZpZXIJEyBQQUdFUkVGIF9Ub2M1MDI2 NjE4NDYgXGggARQ1FQ0xLjIuIFBDRS1hbGxvY2F0ZWQgSWRlbnRpZmllcgkTIFBBR0VSRUYg X1RvYzUwMjY2MTg0NyBcaCABFDYVDTEuMy4gTmV0d29yay1Bc3NpZ25lZCBJZGVudGlmaWVy CRMgUEFHRVJFRiBfVG9jNTAyNjYxODQ4IFxoIAEUNxUNMi4gUlNWUC1URSBzaWduYWxpbmcg ZXh0ZW5zaW9ucwkTIFBBR0VSRUYgX1RvYzUwMjY2MTg0OSBcaCABFDkVDTIuMS4gRGl2ZXJz aXR5IFhSTyBTdWJvYmplY3QJEyBQQUdFUkVGIF9Ub2M1MDI2NjE4NTAgXGggARQ5FQ0yLjIu IERpdmVyc2l0eSBFWFJTIFN1Ym9iamVjdAkTIFBBR0VSRUYgX1RvYzUwMjY2MTg1MSBcaCAB FDE2FQ0yLjMuIFByb2Nlc3NpbmcgcnVsZXMgZm9yIHRoZSBEaXZlcnNpdHkgWFJPIGFuZCBF WFJTIHN1Ym9iamVjdHMJEyBQQUdFUkVGIF9Ub2M1MDI2NjE4NTIgXGggARQxNhUNMy4gU2Vj dXJpdHkgQ29uc2lkZXJhdGlvbnMJEyBQQUdFUkVGIF9Ub2M1MDI2NjE4NTMgXGggARQyMBUN NC4gSUFOQSBDb25zaWRlcmF0aW9ucwkTIFBBR0VSRUYgX1RvYzUwMjY2MTg1NCBcaCABFDIw FQ00LjEuIE5ldyBYUk8gc3Vib2JqZWN0IHR5cGVzCRMgUEFHRVJFRiBfVG9jNTAyNjYxODU1 IFxoIAEUMjAVDTQuMi4gTmV3IEVYUlMgc3Vib2JqZWN0IHR5cGVzCRMgUEFHRVJFRiBfVG9j NTAyNjYxODU2IFxoIAEUMjEVDTQuMy4gTmV3IFJTVlAgZXJyb3Igc3ViLWNvZGVzCRMgUEFH RVJFRiBfVG9jNTAyNjYxODU3IFxoIAEUMjEVDTUuIEFja25vd2xlZGdlbWVudHMJEyBQQUdF UkVGIF9Ub2M1MDI2NjE4NTggXGggARQyMhUNNi4gUmVmZXJlbmNlcwkTIFBBR0VSRUYgX1Rv YzUwMjY2MTg1OSBcaCABFDIyFQ02LjEuIE5vcm1hdGl2ZSBSZWZlcmVuY2VzCRMgUEFHRVJF RiBfVG9jNTAyNjYxODYwIFxoIAEUMjIVDTYuMi4gSW5mb3JtYXRpdmUgUmVmZXJlbmNlcwkT IFBBR0VSRUYgX1RvYzUwMjY2MTg2MSBcaCABFDIzFQ0xLiBJbnRyb2R1Y3Rpb24JMw0xLjEu IENsaWVudC1Jbml0aWF0ZWQgSWRlbnRpZmllcgk1DTEuMi4gUENFLWFsbG9jYXRlZCBJZGVu dGlmaWVyCTYNMS4zLiBOZXR3b3JrLUFzc2lnbmVkIElkZW50aWZpZXIJNw0yLiBSU1ZQLVRF IHNpZ25hbGluZyBleHRlbnNpb25zCTkNMi4xLiBEaXZlcnNpdHkgWFJPIFN1Ym9iamVjdAk5 DTIuMi4gRGl2ZXJzaXR5IEVYUlMgU3Vib2JqZWN0CTE1DTIuMy4gUHJvY2Vzc2luZyBydWxl cyBmb3IgdGhlIERpdmVyc2l0eSBYUk8gYW5kIEVYUlMgc3Vib2JqZWN0cwkxNg0zLiBTZWN1 cml0eSBDb25zaWRlcmF0aW9ucwkyMA00LiBJQU5BIENvbnNpZGVyYXRpb25zCTIwDTQuMS4g TmV3IFhSTyBzdWJvYmplY3QgdHlwZXMJMjANNC4yLiBOZXcgRVhSUyBzdWJvYmplY3QgdHlw ZXMJMjENNC4zLiBOZXcgUlNWUCBlcnJvciBzdWItY29kZXMJMjENNS4gQWNrbm93bGVkZ2Vt ZW50cwkyMg02LiBSZWZlcmVuY2VzCTIyDTYuMS4gTm9ybWF0aXZlIFJlZmVyZW5jZXMJMjIN Ni4yLiBJbmZvcm1hdGl2ZSBSZWZlcmVuY2VzCTIzDRUNCVRlcm1zIGFuZCBBYmJyZXZpYXRp b25zDURpdmVyc2UgTFNQOiBhIGRpdmVyc2UgTGFiZWwtU3dpdGNoZWQgUGF0aCAoTFNQKSBp cyBhbiBMU1AgdGhhdCBoYXMgYSBwYXRoIHRoYXQgZG9lcyBub3QgaGF2ZSBhbnkgbGluayBv ciBTUkxHIGluIGNvbW1vbiB3aXRoIHRoZSBwYXRoIG9mIGEgZ2l2ZW4gTFNQLiBEaXZlcnNl IExTUHMgYXJlIG1lYW5pbmdmdWwgaW4gdGhlIGNvbnRleHQgb2YgcHJvdGVjdGlvbiBvciBy ZXN0b3JhdGlvbi4NRVJPOiBFeHBsaWNpdCBSb3V0ZSBPYmplY3QgYXMgZGVmaW5lZCBpbiBb UkZDMzIwOV0NRVhSUzogRXhwbGljaXQgZVhjbHVzaW9uIFJvdXRlIFN1Ym9iamVjdCBhcyBk ZWZpbmVkIGluIFtSRkMgNDg3NF0NU1JMRzogU2hhcmVkIFJpc2sgTGluayBHcm91cCBhcyBk ZWZpbmVkIGluIFtSRkM0MjAyXQ1SZWZlcmVuY2UgUGF0aDogdGhlIHJlZmVyZW5jZSBwYXRo IGlzIHRoZSBwYXRoIG9mIGFuIGV4aXN0aW5nIExTUCwgdG8gd2hpY2ggdGhlIHBhdGggb2Yg YSBkaXZlcnNlIExTUCBzaGFsbCBiZSBkaXZlcnNlLg1YUk86IGVYY2x1ZGUgUm91dGUgT2Jq ZWN0IGFzIGRlZmluZWQgaW4gW1JGQyA0ODc0XQ1JbnRyb2R1Y3Rpb24NUGF0aCBkaXZlcnNp dHkgZm9yIG11bHRpcGxlIGNvbm5lY3Rpb25zIGlzIGEgd2VsbC1rbm93biBTZXJ2aWNlIFBy b3ZpZGVyb3BlcmF0aW9uYWwgcmVxdWlyZW1lbnQuIERpdmVyc2l0eSBjb25zdHJhaW50cyBl bnN1cmUgdGhhdCBMYWJlbC1Td2l0Y2hlZCBQYXRocyAoTFNQcykgY2FuIGJlIGVzdGFibGlz aGVkIHdpdGhvdXQgc2hhcmluZyBuZXR3b3JrIHJlc291cmNlcywgdGh1cyBncmVhdGx5IHJl ZHVjaW5nIHRoZSBwcm9iYWJpbGl0eSBvZiBzaW11bHRhbmVvdXMgY29ubmVjdGlvbiBmYWls dXJlcy4NVGhlIHNvdXJjZSBub2RlIGNhbiBjb21wdXRlIGRpdmVyc2UgcGF0aHMgZm9yIExT UHMgd2hlbiBpdCBoYXMgZnVsbCBrbm93bGVkZ2Ugb2YgdGhlIG5ldHdvcmsgdG9wb2xvZ3kg YW5kIGlzIHBlcm1pdHRlZCB0byBzaWduYWwgYW4gRXhwbGljaXQgUm91dGUgT2JqZWN0IChF Uk8pLiBIb3dldmVyLCB0aGVyZSBhcmUgc2NlbmFyaW9zIHdoZXJlIGRpZmZlcmVudCBub2Rl cyBwZXJmb3JtIHBhdGggY29tcHV0YXRpb25zLCBhbmQgdGhlcmVmb3JlIHRoZXJlIGlzIGEg bmVlZCBmb3IgcmVsZXZhbnQgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIHRvIGJlIHNpZ25hbGVk IHRvIHRob3NlIG5vZGVzLiBUaGVzZSBpbmNsdWRlIChidXQgYXJlIG5vdCBsaW1pdGVkIHRv KToNTFNQcyB3aXRoIGxvb3NlIGhvcHMgaW4gdGhlIEV4cGxpY2l0IFJvdXRlIE9iamVjdCAo RVJPKSwgZS5nLiBpbnRlci1kb21haW4gTFNQcy4NR2VuZXJhbGl6ZWQgTXVsdGktUHJvdG9j b2wgTGFiZWwgU3dpdGNoaW5nIChHTVBMUykgVXNlci1OZXR3b3JrIEludGVyZmFjZSAoVU5J KSwgd2hlcmUgdGhlIGNvcmUgbm9kZSBtYXkgcGVyZm9ybSBwYXRoIGNvbXB1dGF0aW9uIFtS RkM0MjA4XS4NW1JGQzQ4NzRdIGludHJvZHVjZWQgYSBtZWFucyBvZiBzcGVjaWZ5aW5nIG5v ZGVzIGFuZCByZXNvdXJjZXMgdG8gYmUgZXhjbHVkZWQgZnJvbSBhIHJvdXRlLCB1c2luZyB0 aGUgZVhjbHVkZSBSb3V0ZSBPYmplY3QgKFhSTykgYW5kIEV4cGxpY2l0IEV4Y2x1c2lvbiBS b3V0ZSBTdWJvYmplY3QgKEVYUlMpLiBJdCBmYWNpbGl0YXRlcyB0aGUgY2FsY3VsYXRpb24g b2YgZGl2ZXJzZSBwYXRocyBmb3IgTFNQcyBiYXNlZCBvbiBrbm93biBwcm9wZXJ0aWVzIG9m IHRob3NlIHBhdGhzIGluY2x1ZGluZyBhZGRyZXNzZXMgb2YgbGlua3MgYW5kIG5vZGVzIHRy YXZlcnNlZCwgYW5kIFNoYXJlZCBSaXNrIExpbmsgR3JvdXBzIChTUkxHcykgb2YgdHJhdmVy c2VkIGxpbmtzLiBFbXBsb3lpbmcgdGhlc2UgbWVjaGFuaXNtcyByZXF1aXJlcyB0aGF0IHRo ZSBzb3VyY2Ugbm9kZSB0aGF0IGluaXRpYXRlcyBzaWduYWxpbmcga25vd3MgdGhlIHJlbGV2 YW50IHByb3BlcnRpZXMgb2YgdGhlIHBhdGgocykgZnJvbSB3aGljaCBkaXZlcnNpdHkgaXMg ZGVzaXJlZC4gSG93ZXZlciwgdGhlcmUgYXJlIGNpcmN1bXN0YW5jZXMgdW5kZXIgd2hpY2gg dGhpcyBtYXkgbm90IGJlIHBvc3NpYmxlIG9yIGRlc2lyYWJsZSwgaW5jbHVkaW5nIChidXQg bm90IGxpbWl0ZWQgdG8pOg1FeGNsdXNpb24gb2YgYSBwYXRoIHdoaWNoIGRvZXMgbm90IG9y aWdpbmF0ZSwgdGVybWluYXRlIG9yIHRyYXZlcnNlIHRoZSBzb3VyY2Ugbm9kZSBvZiB0aGUg ZGl2ZXJzZSBMU1AsIGluIHdoaWNoIGNhc2UgdGhlIGFkZHJlc3NlcyBvZiBsaW5rcyBhbmQg U1JMR3Mgb2YgdGhlIHBhdGggZnJvbSB3aGljaCBkaXZlcnNpdHkgaXMgcmVxdWlyZWQgYXJl IHVua25vd24gdG8gdGhlIHNvdXJjZSBub2RlLg1FeGNsdXNpb24gb2YgYSBwYXRoIHdoaWNo IGlzIGtub3duIHRvIHRoZSBzb3VyY2Ugbm9kZSBvZiB0aGUgZGl2ZXJzZSBMU1AgZm9yIHdo aWNoIHRoZSBub2RlIGhhcyBpbmNvbXBsZXRlIG9yIG5vIHBhdGggaW5mb3JtYXRpb24sIGUu Zy4gZHVlIHRvIG9wZXJhdG9yIHBvbGljeS4gSW4gdGhpcyBjYXNlLCB0aGUgc291cmNlIG5v ZGUgaXMgYXdhcmUgb2YgdGhlIGV4aXN0ZW5jZSBvZiB0aGUgcmVmZXJlbmNlIHBhdGggYnV0 IHRoZSBpbmZvcm1hdGlvbiByZXF1aXJlZCB0byBjb25zdHJ1Y3QgYW4gWFJPIG9iamVjdCB0 byBndWFyYW50ZWUgZGl2ZXJzaXR5IGZyb20gdGhlIHJlZmVyZW5jZSBwYXRoIGlzIG5vdCBm dWxseSBrbm93bi4gSW50ZXItZG9tYWluIGFuZCBHTVBMUyBvdmVybGF5IG5ldHdvcmtzIGNh biBpbXBvc2Ugc3VjaCByZXN0cmljdGlvbnMuDVRoaXMgaXMgZXhlbXBsaWZpZWQgaWxsdXN0 cmF0ZWQgaW4gdGhlIEZpZ3VyZSAxLCB3aGVyZSB0aGUgb3ZlcmxheSByZWZlcmVuY2UgbW9k ZWwgZnJvbSBbUkZDNDIwOF0gaXMgc2hvd24uDQ0gIE92ZXJsYXkgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE92ZXJsYXkNICBOZXR3b3JrICAg ICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKyAgICAgICBOZXR3b3Jr DSstLS0tLS0tLS0rICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg ICAgICstLS0tLS0tLS0rDXwgICstLS0tKyB8ICAgICB8ICArLS0tLS0rICAgICstLS0tLSsg ICAgKy0tLS0tKyAgIHwgICAgIHwgKy0tLS0rICB8DXwgIHwgICAgfCB8IFVOSSB8ICB8ICAg ICB8ICAgIHwgICAgIHwgICAgfCAgICAgfCAgIHwgVU5JIHwgfCAgICB8ICB8DXwgLSsgRU4x Ky0rLS0tLS0rLS0rIENOMSArLS0tLSsgQ04yICstLS0tKyBDTjMgKy0tLSstLS0tLSstKyBF TjMrLSB8DXwgIHwgICAgfCB8ICArLS0rLS0rICAgICB8ICAgIHwgICAgIHwgICAgfCAgICAg fCAgIHwgKy0tLSstfCAgICB8ICB8DXwgICstLS0tKyB8ICB8ICB8ICArLS0rLS0rICAgICst LSstLSsgICAgKy0tKy0tKyAgIHwgfCAgIHwgKy0tLS0rICB8DSstLS0tLS0tLS0rICB8ICB8 ICAgICB8ICAgICAgICAgIHwgICAgICAgICAgfCAgICAgIHwgfCAgICstLS0tLS0tLS0rDSAg ICAgICAgICAgICB8ICB8ICAgICB8ICAgICAgICAgIHwgICAgICAgICAgfCAgICAgIHwgfA0r LS0tLS0tLS0tKyAgfCAgfCAgKy0tKy0tKyAgICAgICB8ICAgICAgICstLSstLSsgICB8IHwg ICArLS0tLS0tLS0tKw18ICArLS0tLSsgfCAgfCAgfCAgfCAgICAgfCAgICAgICArLS0tLS0t LSsgICAgICstLS0tLSsgICB8ICstLS0tKyAgfA18ICB8ICAgICstKy0tKyAgfCAgfCBDTjQg Ky0tLS0tLS0tLS0tLS0tLSsgQ041IHwgICB8ICAgICB8IHwgICAgfCAgfA18IC0rIEVOMist Ky0tLS0tKy0tKyAgICAgfCAgICAgICAgICAgICAgIHwgICAgICstLS0rLS0tLS0rLSsgRU40 Ky0gfA18ICB8ICAgIHwgfCBVTkkgfCAgKy0tLS0tKyAgICAgICAgICAgICAgICstLS0tLSsg ICB8IFVOSSB8IHwgICAgfCAgfA18ICArLS0tLSsgfCAgICAgfCAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB8ICAgICB8ICstLS0tKyAgfA0rLS0tLS0tLS0tKyAgICAgKy0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rICAgICArLS0tLS0tLS0tKw0gIE92 ZXJsYXkgICAgICAgICAgICAgICAgIENvcmUgTmV0d29yayAgICAgICAgICAgICAgICAgICAg IE92ZXJsYXkNICBOZXR3b3JrICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBOZXR3b3JrDQ0gICAgICAgICAgICAgICAgICAgIExlZ2VuZDogICBF TiAgLSAgRWRnZSBOb2RlDSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENOICAtICBD b3JlIE5vZGUNDSAgICAgICAgICAgICAgRmlndXJlIDE6ICBPdmVybGF5IFJlZmVyZW5jZSBN b2RlbCBbUkZDNDIwOF0NDUZpZ3VyZSAxIGRlcGljdHMgdHdvIHR5cGVzIG9mIFVOSSBjb25u ZWN0aXZpdHk6IHNpbmdsZS1ob21lZCBhbmQgZHVhbC1ob21lZCBFTnMgKHdoaWNoIGFsc28g YXBwbGllcyB0byBoaWdoZXIgb3JkZXIgbXVsdGktaG9tZWQgY29ubmVjdGl2aXR5LikuIFNp bmdsZS1ob21lZCBFTiBkZXZpY2VzIGFyZSBjb25uZWN0ZWQgdG8gYSBzaW5nbGUgQ04gZGV2 aWNlIHZpYSBhIHNpbmdsZSBVTkkgbGluay4gVGhpcyBzaW5nbGUgVU5JIGxpbmsgbWF5IGNv bnN0aXR1dGUgYSBzaW5nbGUgcG9pbnQgb2YgZmFpbHVyZS4gVU5JIGNvbm5lY3Rpb24gYmV0 d2VlbiBFTjEgYW5kIENOMSBpcyBhbiBleGFtcGxlIG9mIHNpbmdsZWQtaG9tZWQgVU5JIGNv bm5lY3Rpdml0eS4NU3VjaCBhQSBzaW5nbGUgcG9pbnQgb2YgZmFpbHVyZSBjYXVzZWQgYnkg YSBzaW5nbGUtaG9tZWQgVU5JIGNhbiBiZSBhdm9pZGVkIHdoZW4gdGhlIEVOIGRldmljZSBp cyBjb25uZWN0ZWQgdG8gdHdvIGRpZmZlcmVudCBDTiBkZXZpY2VzLCBhcyBkZXBpY3RlZCBm b3IgRU4yIGluIEZpZ3VyZSAxLiBGb3IgdGhlIGR1YWwtaG9taW5nIGNhc2UsIGl0IGlzIHBv c3NpYmxlIHRvIGVzdGFibGlzaCB0d28gZGlmZmVyZW50IFVOSSBjb25uZWN0aW9ucyBmcm9t IHRoZSBzYW1lIHNvdXJjZSBFTiBkZXZpY2UgdG8gdGhlIHNhbWUgZGVzdGluYXRpb24gRU4g ZGV2aWNlLiBGb3IgZXhhbXBsZSwgdHdvIGNvbm5lY3Rpb25zIGZyb20gRU4yIHRvIEVOMyBt YXkgdXNlIHRoZSB0d28gVU5JIGxpbmtzIEVOMi1DTjEgYW5kIEVOMi1DTjQuIFRvIGF2b2lk IHNpbmdsZSBwb2ludHMgb2YgZmFpbHVyZSB3aXRoaW4gdGhlIHByb3ZpZGVyIG5ldHdvcmss IGl0IGlzIG5lY2Vzc2FyeSB0byBhbHNvIGVuc3VyZSBwYXRoIChMU1ApIGRpdmVyc2l0eSB3 aXRoaW4gdGhlIGNvcmUgbmV0d29yay4NSW4gYSBVTkkgbmV0d29yayBwcm92aWRpbmcgYSBz ZXQgb2YgVU5JIGludGVyZmFjZXMgYmV0d2VlbiBFTnMgYW5kIENOcyBzdWNoIGFzIHRoYXQg c2hvd24gaW4gRmlndXJlIDEsIHRoZSBDTnMgdHlwaWNhbGx5IHBlcmZvcm0gcGF0aCBjb21w dXRhdGlvbi4gSW5mb3JtYXRpb24gc2hhcmluZyBhY3Jvc3MgdGhlIFVOSSBib3VuZGFyeSBp cyByZXN0cmljdGVkIGJhc2VkIG9uIHRoZSBwb2xpY3kgcnVsZXMgaW1wb3NlZCBieSB0aGUg Y29yZSBuZXR3b3JrLiBUeXBpY2FsbHksIHRoZSBjb3JlIG5ldHdvcmsgdG9wb2xvZ3kgaW5m b3JtYXRpb24gYXMgd2VsbCBhcyBMU1AgcGF0aCBpbmZvcm1hdGlvbiBpcyBub3QgZXhwb3Nl ZCB0byB0aGUgRU5zLiBJbiB0aGUgbmV0d29yayBzaG93biBpbiBGaWd1cmUgMSwgY29uc2lk ZXIgYSB1c2UgY2FzZSB3aGVyZSBhbiBMU1AgZnJvbSBFTjIgdG8gRU40IG5lZWRzIHRvIGJl IFNSTEcgZGl2ZXJzZSBmcm9tIGFuIExTUCBmcm9tIEVOMSB0byBFTjMuIEluIHRoaXMgY2Fz ZSwgRU4yIG1heSBub3Qga25vdyBTUkxHIGF0dHJpYnV0ZXMgb2YgdGhlIEVOMS0gRU4zIExT UCBhbmQgaGVuY2UgY2Fubm90IGNvbnN0cnVjdCBhbiBYUk8gdG8gZXhjbHVkZSB0aGVzZSBT UkxHcy4gSW4gdGhpcyBleGFtcGxlIEVOMiBjYW5ub3QgdXNlIHRoZSBwcm9jZWR1cmVzIGRl c2NyaWJlZCBpbiBbUkZDNDg3NF0uIFNpbWlsYXJseSwgYW4gTFNQIGZyb20gRU4yIHRvIEVO MyB0cmF2ZXJzaW5nIENOMSBuZWVkcyB0byBiZSBkaXZlcnNlIGZyb20gYW4gTFNQIGZyb20g RU4yIHRvIEVOMyBnb2luZyB2aWEgQ040LiBBZ2FpbiBpbiB0aGlzIGNhc2UsIGV4Y2x1c2lv bnMgYmFzZWQgb24gW1JGQzQ4NzRdIGNhbm5vdCBiZSB1c2VkLg1UaGlzIGRvY3VtZW50IGFk ZHJlc3NlcyB0aGVzZSBkaXZlcnNpdHkgcmVxdWlyZW1lbnRzIGJ5IGludHJvZHVjaW5nIHRo ZSBub3Rpb24gb2YgZXhjbHVkaW5nIHRoZSBwYXRoIHRha2VuIGJ5IHBhcnRpY3VsYXIgTFNQ KHMpLiBUaGUgcmVmZXJlbmNlIExTUChzKSBvciByb3V0ZShzKSBmcm9tIHdoaWNoIGRpdmVy c2l0eSBpcyByZXF1aXJlZCBpcy9hcmUgaWRlbnRpZmllZCBieSBhbiBhYnN0cmFjdCAiaWRl bnRpZmllciIuIFRoZSB0eXBlIG9mIGlkZW50aWZpZXIgdG8gdXNlIGlzIGhpZ2hseSBkZXBl bmRlbnQgb24gdGhlIG5ldHdvcmtpbmcgZGVwbG95bWVudCBzY2VuYXJpbzsgaXQgY291bGQg YmUgY2xpZW50LWluaXRpYXRlZCAocHJvdmlkZWQgYnkgdGhlIEVOKSwgcHJvdmlkZWQgYnkg YSBQQ0Ugb3IgYWxsb2NhdGVkIGJ5IHRoZSAoY29yZSkgbmV0d29yayBvciBtYW5hZ2VkIGJ5 IGEgUENFLiBUaGlzIGRvY3VtZW50IGRlZmluZXMgdGhyZWUgZGlmZmVyZW50IHR5cGVzIG9m IGlkZW50aWZpZXJzIGNvcnJlc3BvbmRpbmcgdG8gdGhlc2UgdGhyZWUgY2FzZXM6IGEgY2xp ZW50LSBpbml0aWF0ZWQgaWRlbnRpZmllciwgYSBQQ0UgYWxsb2NhdGVkIElpZGVudGlmaWVy IGFuZCBDTiBpbmdyZXNzIG5vZGUgKFVOSS1OKSBhbGxvY2F0ZWQgSWlkZW50aWZpZXIgKD0g bmV0d29yay1hc3NpZ25lZCBpZGVudGlmaWVyKS4NQ2xpZW50LUluaXRpYXRlZCBJZGVudGlm aWVyDVRoZSBmb2xsb3dpbmcgZmllbGRzIE1VU1QgYmUgdXNlZCB0byByZXByZXNlbnQgdGhl IGNsaWVudC1jb250cm9sbGVkIGluaXRpYXRlZCBpZGVudGlmaWVyOiBJUHY0L0lQdjYgdHVu bmVsIHNlbmRlciBhZGRyZXNzLCBJUHY0L0lQdjYgdHVubmVsIGVuZHBvaW50IGFkZHJlc3Ms IFR1bm5lbCBJRCwgYW5kIEV4dGVuZGVkIFR1bm5lbCBJRC4gQmFzZWQgb24gbG9jYWwgcG9s aWN5LCBUdGhlIGNsaWVudCBNQVkgYWxzbyBpbmNsdWRlIHRoZSBMU1AgSUQgdG8gaWRlbnRp ZnkgYSBzcGVjaWZpYyBMU1Agd2l0aGluIHRoZSB0dW5uZWwuIFRoZXNlIGZpZWxkcyBhcmUg ZGVmaW5lZCBpbiBbUkZDMzIwOV0sIHNlY3Rpb25zIDQuNi4xLjEgYW5kIDQuNi4yLjEuIA1U aGUgdXNhZ2Ugb2YgdGhlIGNsaWVudC1pbml0aWF0ZWQgaWRlbnRpZmllciBpcyBpbGx1c3Ry YXRlZCBieSBGaWd1cmUgMS4gU3VwcG9zZSBhIExTUCBmcm9tIEVOMiB0byBFTjQgbmVlZHMg dG8gYmUgZGl2ZXJzZSB3aXRoIHJlc3BlY3QgdG8gYSBMU1AgZnJvbSBFTjEgdG8gRU4zLiBU aGUgTFNQIGlkZW50aWZpZXIgb2YgdGhlIEVOMS1FTjMgTFNQIGlzIExTUC1JREVOVElGSUVS MSwgd2hlcmUgTFNQLUlERU5USUZJRVIxIGlzIGRlZmluZWQgYnkgdGhlIHR1cGxlICh0dW5u ZWwtaWQgPSBUMSwgTFNQIElEID0gTDEsIHNvdXJjZSBhZGRyZXNzID0gRU4xLlJJRCAoUk9V VEUgSWRlbnRpZmllciAoUklEKSwgZGVzdGluYXRpb24gYWRkcmVzcyA9IEVOMy5SSUQsIGV4 dGVuZGVkIHR1bm5lbC1pZCA9IEVOMS5SSUQpLiBTaW1pbGFybHksIExTUCBpZGVudGlmaWVy IG9mIHRoZSBFTjItRU4zNCBMU1AgaXMgTFNQLUlERU5USUZJRVIyLCB3aGVyZSBMU1AtSURF TlRJRklFUjEyIGlzIGRlZmluZWQgYnkgdGhlIHR1cGxlICh0dW5uZWwtaWQgPSBUMiwgTFNQ IElTRCA9IEwxMiwgc291cmNlIGFkZHJlc3MgPSBFTjIuUklELCBkZXN0aW5hdGlvbiBhZGRy ZXNzID0gRU40LlJJRCwgZXh0ZW5kZWQgdHVubmVsLWlkID0gRU4yLlJJRCkuIFRoZSBFTjEt RU4zIExTUCBpcyBzaWduYWxlZCB3aXRoIGFuIGV4Y2x1c2lvbiByZXF1aXJlbWVudCBmcm9t IExTUC1JREVOVElGSUVSMiwgYW5kIHRoZSBFTjItRU4zNCBMU1AgaXMgc2lnbmFsZWQgd2l0 aCBhbiBleGNsdXNpb24gcmVxdWlyZW1lbnQgZnJvbSBMU1AtSURFTlRJRklFUjEuIEluIG9y ZGVyIHRvIG1haW50YWluIGRpdmVyc2l0eSBiZXR3ZWVuIHRoZXNlIHR3byBjb25uZWN0aW9u cyB3aXRoaW4gdGhlIGNvcmUgbmV0d29yaywgdGhlIGNvcmUgbmV0d29yayBTSE9VTEQgaW1w bGVtZW50IENyYW5rYmFjayBTaWduYWxpbmcgRXh0ZW5zaW9ucyBhcyBkZWZpbmVkIGluIFtS RkM0OTIwXS4gTm90ZSB0aGF0IGNyYW5rYmFjayBzaWduYWxpbmcgaXMga25vd24gdG8gbGVh ZCB0byBzbG93ZXIgc2V0dXAgdGltZXMgYW5kIHN1Yi1vcHRpbWFsIHBhdGhzIHVuZGVyIHNv bWUgY2lyY3Vtc3RhbmNlcyBhcyBkZXNjcmliZWQgYnkgW1JGQzQ5MjBdLg1QQ0UtYWxsb2Nh dGVkIElkZW50aWZpZXINSW4gc2NlbmFyaW9zIHdoZXJlIGEgUENFIGlzIGRlcGxveWVkIGFu ZCB1c2VkIHRvIHBlcmZvcm0gcGF0aCBjb21wdXRhdGlvbiwgdGhlIGNvcmUgZWRnZSBub2Rl IChlLmcuLCBub2RlIENOMSBpbiBGaWd1cmUgMSkgY291bGQgY29uc3VsdCBhIFBDRSB0byBh bGxvY2F0ZSBpZGVudGlmaWVycywgd2hpY2ggYXJlIHVzZWQgdG8gc2lnbmFsIHBhdGggZGl2 ZXJzaXR5IGNvbnN0cmFpbnRzLiBJbiBvdGhlciBzY2VuYXJpb3NzY2VuYXJpb3MsIGEgUENF IGlzIGRlcGxveWVkIGF0IG5ldHdvcmsgbm9kZShzKSBvciBhIFBDRSBpcyBwYXJ0IG9mIGEg TmV0d29yayBNYW5hZ2VtZW50IFN5c3RlbSAoTk1TKS4gSW4gYWxsIHRoZXNlIGNhc2VzLCB0 aGUgUGF0aCAtS2V5IGFzIGRlZmluZWQgaW4gW1JGQzU1MjBdIGNhbiBiZSB1c2VkIGluIFJT VlAgc2lnbmFsaW5nIGFzIHRoZSBpZGVudGlmaWVyIHRvIGVuc3VyZSBkaXZlcnNpdHkuDUFu IGV4YW1wbGUgb2Ygc3BlY2lmeWluZyBMU1AgZGl2ZXJzaXR5IHVzaW5nIGEgUGF0aCAtS2V5 IGlzIHNob3duIGluIEZpZ3VyZSAyLCB3aGVyZSBhIHNpbXBsZSBuZXR3b3JrIHdpdGggdHdv IGRvbWFpbnMgaXMgc2hvd24uIEl0IGlzIGRlc2lyZWQgdG8gc2V0IHVwIGEgcGFpciBvZiBw YXRoLWRpc2pvaW50IExTUHMgZnJvbSB0aGUgc291cmNlIGluIERvbWFpbiAxIHRvIHRoZSBk ZXN0aW5hdGlvbiBpbiBEb21haW4gMiwgYnV0IHRoZSBkb21haW5zIGtlZXAgc3RyaWN0IGNv bmZpZGVudGlhbGl0eSBhYm91dCBhbGwgcGF0aCBhbmQgdG9wb2xvZ3kgaW5mb3JtYXRpb24u DVRoZSBmaXJzdCBMU1AgaXMgc2lnbmFsZWQgYnkgdGhlIHNvdXJjZSB3aXRoIEVSTyB7QSwg QiwgbG9vc2UgRHN0fSBhbmQgaXMgc2V0IHVwIHdpdGggdGhlIHBhdGgge1NyYywgQSwgQiwg VSwgViwgVywgRHN0fS4gSG93ZXZlciwgd2hlbiBzZW5kaW5nIHRoZSBSZWNvcmQgUm91dGUg T2JqZWN0IChSUk8pIG91dCBvZiBEb21haW4gMiwgbm9kZSBVIHdvdWxkIG5vcm1hbGx5IHN0 cmlwIHRoZSBwYXRoIGFuZCByZXBsYWNlIGl0IHdpdGggYSBsb29zZSBob3AgdG8gdGhlIGRl c3RpbmF0aW9uLiBXaXRoIHRoaXMgbGltaXRlZCBpbmZvcm1hdGlvbiwgdGhlIHNvdXJjZSBp cyB1bmFibGUgdG8gaW5jbHVkZSBlbm91Z2ggZGV0YWlsIGluIHRoZSBFUk8gb2YgdGhlIHNl Y29uZCBMU1AgdG8gYXZvaWQgaXQgdGFraW5nLCBmb3IgZXhhbXBsZSwgdGhlIHBhdGgge1Ny YywgQywgRCwgWCwgViwgVywgRHN0fSBmb3IgcGF0aC1kaXNqb2ludG5lc3MuDSAgICAtLS0t LS0tLS0tLS0tLS0tLS0tLS0gICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NICAg fCBEb21haW4gMSAgICAgICAgICAgIHwgIHwgICAgICAgICAgICAgICAgICAgIERvbWFpbiAy IHwNICAgfCAgICAgICAgICAgICAgICAgICAgIHwgIHwgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwNICAgfCAgICAgICAgLS0tICAgIC0tLSAgIHwgIHwgICAtLS0gICAgLS0tICAg ICAtLS0gICAgICAgIHwNICAgfCAgICAgICB8IEEgfC0tfCBCIHwtLSstLSstLXwgVSB8LS18 IFYgfC0tLXwgVyB8ICAgICAgIHwNICAgfCAgICAgIC8gLS0tICAgIC0tLSAgIHwgIHwgICAt LS0gICAgLS0tICAgICAtLS0gXCAgICAgIHwNICAgfCAgLS0tLyAgICAgICAgICAgICAgIHwg IHwgICAgICAgICAgLyAgICAgICAvICAgIFwtLS0gIHwNICAgfCB8U3JjfCAgICAgICAgICAg ICAgIHwgIHwgICAgICAgICAvICAgICAgIC8gICAgIHxEc3R8IHwNICAgfCAgLS0tXCAgICAg ICAgICAgICAgIHwgIHwgICAgICAgIC8gICAgICAgLyAgICAgIC8tLS0gIHwNICAgfCAgICAg IFwgLS0tICAgIC0tLSAgIHwgIHwgICAtLS0gLyAgIC0tLSAvICAtLS0gLyAgICAgIHwNICAg fCAgICAgICB8IEMgfC0tfCBEIHwtLSstLSstLXwgWCB8LS0tfCBZIHwtLXwgWiB8ICAgICAg IHwNICAgfCAgICAgICAgLS0tICAgIC0tLSAgIHwgIHwgICAtLS0gICAgIC0tLSAgICAtLS0g ICAgICAgIHwNICAgfCAgICAgICAgICAgICAgICAgICAgIHwgIHwgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwNICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLSAgICAtLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLQ0NICAgICAgICAgIEZpZ3VyZSAyOiBBIFNpbXBsZSBNdWx0 aS1Eb21haW4gTmV0d29yaw0NSW4gb3JkZXIgdG8gaW1wcm92ZSB0aGUgc2l0dWF0aW9uc3Vw cG9ydCBMU1AgZGl2ZXJzaXR5LCBub2RlIFUgcGVyZm9ybXMgdGhlIFBDRSBmdW5jdGlvbiBh bmQgcmVwbGFjZXMgdGhlIHBhdGggc2VnbWVudCB7VSwgViwgV30gaW4gdGhlIFJSTyB3aXRo IGEgUGF0aCBLZXkgc3Vib2JqZWN0LiBUaGUgUGF0aCBLZXkgc3Vib2JqZWN0UENFIGZ1bmN0 aW9uIGFzc2lnbnMgYW4gImlkZW50aWZpZXIiIGFuZCBwdXRzIGl0IGludG8gdGhlIFB0YWgg S2V5IGZpZWxkIG9mIHRoZSBQYXRoIEtleSBzdWJvYmplY3QgdG8gdGhlIGtleS4gVGhlIFBD RSBJRCBpbiB0aGUgbWVzc2FnZSBpbmRpY2F0ZXMgdGhhdCBpdCB0aGlzIHJlcGxhY2VtZW50 IG9wZXJhdGlvbiB3YXMgcGVyZm9ybWVkIGJ5IG5vZGUgVSB0aGF0IG1hZGUgdGhlIHJlcGxh Y2VtZW50Lg0NV2l0aCB0aGlzIGFkZGl0aW9uYWwgaW5mb3JtYXRpb24sIHRoZSBzb3VyY2Ug bm9kZSBpcyBhYmxlIHRvIHNpZ25hbCB0aGUgc3Vic2VxdWVudCBMU1BzIHdpdGggdGhlIEVS TyBzZXQgdG8ge0MsIEQsIGV4Y2x1ZGUgUGF0aCBLZXkoRVhSUyksIGxvb3NlIERzdH0uIFdo ZW4gdGhlIHNpZ25hbGluZyBtZXNzYWdlIHJlYWNoZXMgbm9kZSBYLCBpdCBjYW4gY29uc3Vs dCB0aGUgUENFIGZ1bmN0aW9uIGFzc29jaWF0ZWQgd2l0aCBub2RlIFUgdG8gZXhwYW5kIHRo ZSBQYXRoIEtleSBhbmQga25vdyBob3cgdG8gYXZvaWQgdGhlIGluIG9yZGVyIHRvIGNhbGN1 bGF0ZSBhIHBhdGggdGhhdCBpcyBkaXZlcnNlIHdpdGggcmVzcGVjdCB0byBvZiB0aGUgZmly c3QgTFNQLiBBbHRlcm5hdGl2ZWx5LCB0aGUgc291cmNlIG5vZGUgY291bGQgdXNlIGFuIEVS TyBvZiB7QywgRCwgbG9vc2UgRHN0fSBhbmQgaW5jbHVkZSBhbiBYUk8gY29udGFpbmluZyB0 aGUgUGF0aCBLZXkuDQ1UaGlzIG1lY2hhbmlzbSBjYW4gd29yayB3aXRoIGFsbCB0aGUgUGF0 aC0gS2V5IHJlc29sdXRpb24gbWVjaGFuaXNtcywgYXMgZGV0YWlsZWQgaW4gW1JGQzU1NTNd IHNlY3Rpb24gMy4xLiBBIFBDRSwgY28tbG9jYXRlZCBvciBub3QsIG1heSBiZSB1c2VkIHRv IHJlc29sdmUgdGhlIFBhdGgtIEtleSwgYnV0IHRoZSBub2RlIChpLmUuLCBhIExhYmVsIFN3 aXRjaGluZyBSb3V0ZXIgKExTUikpIGNhbiBhbHNvIHVzZSB0aGUgUGF0aCBLZXkgaW5mb3Jt YXRpb24gdG8gaW5kZXggYSBQYXRoIFNlZ21lbnQgcHJldmlvdXNseSBzdXBwbGllZCB0byBp dCBieSB0aGUgZW50aXR5IHRoYXQgb3JpZ2luYXRlZCB0aGUgUGF0aC0gS2V5LCBmb3IgZXhh bXBsZSB0aGUgTFNSIHRoYXQgaW5zZXJ0ZWQgdGhlIFBhdGgtIEtleSBpbiB0aGUgUlJPIG9y IGEgbWFuYWdlbWVudCBzeXN0ZW0uDQ1OZXR3b3JrLUFzc2lnbmVkIElkZW50aWZpZXINVGhl cmUgYXJlIHNjZW5hcmlvcyBpbiB3aGljaCB0aGUgbmV0d29yayBwcm92aWRlcyBkaXZlcnNp dHktcmVsYXRlZCBpbmZvcm1hdGlvbiBmb3IgYSBzZXJ2aWNlIHRoYXQgYWxsb3dzIHRoZSBj bGllbnQgZGV2aWNlIHRvIGluY2x1ZGUgdGhpcyBpbmZvcm1hdGlvbiBpbiB0aGUgc2lnbmFs aW5nIG1lc3NhZ2UuIElmIHRoZSBTaGFyZWQgUmVzb3VyY2UgTGluayBHcm91cCAoU1JMRykg aWRlbnRpZmllciBpbmZvcm1hdGlvbiBpcyBib3RoIGF2YWlsYWJsZSBhbmQgc2hhcmVhYmxl IChieSBwb2xpY3kpIHdpdGggdGhlIEVOcywgdGhlIHByb2NlZHVyZSBkZWZpbmVkIGluIFtS RkM4MDAxXSBjYW4gYmUgdXNlZCB0byBjb2xsZWN0IFNSTEcgaWRlbnRpZmllcnMgYXNzb2Np YXRlZCB3aXRoIGFuIExTUCAoTFNQMSkuIFdoZW4gYSBzZWNvbmQgTFNQIChMU1AyKSBuZWVk cyB0byBiZSBkaXZlcnNlIHdpdGggcmVzcGVjdCB0byBMU1AxLCB0aGUgRU4gY29uc3RydWN0 aW5nIHRoZSBSU1ZQIHNpZ25hbGluZyBtZXNzYWdlIGZvciBzZXR0aW5nIHVwIExTUDIgY2Fu IGluc2VydCB0aGUgU1JMRyBpZGVudGlmaWVycyBhc3NvY2lhdGVkIHdpdGggTFNQMSBhcyBk aXZlcnNpdHkgY29uc3RyYWludHMgaW50byB0aGUgWFJPIHVzaW5nIHRoZSBwcm9jZWR1cmUg ZGVzY3JpYmVkIGluIFtSRkM0ODc0XS4gSG93ZXZlciwgaWYgdGhlIGNvcmUgbmV0d29yayBT UkxHIGlkZW50aWZpZXJzIGFyZSBlaXRoZXIgbm90IGF2YWlsYWJsZSBvciBub3Qgc2hhcmVh YmxlIHdpdGggdGhlIEVOcyBiYXNlZCBvbiBwb2xpY2llcyBlbmZvcmNlZCBieSBjb3JlIG5l dHdvcmssIGV4aXN0aW5nIG1lY2hhbmlzbXMgY2Fubm90IGJlIHVzZWQuDUluIHRoaXMgZHJh ZnQsIGEgc2lnbmFsaW5nIG1lY2hhbmlzbSBpcyBkZWZpbmVkIHdoZXJlIGluZm9ybWF0aW9u IHNpZ25hbGVkIHRvIHRoZSBDTiB2aWEgdGhlIFVOSSBkb2VzIG5vdCByZXF1aXJlIHNoYXJl ZCBrbm93bGVkZ2Ugb2YgY29yZSBuZXR3b3JrIFNSTEcgaW5mb3JtYXRpb24uIEZvciB0aGlz IHB1cnBvc2UsIHRoZSBjb25jZXB0IG9mIGEgUGF0aCBBZmZpbml0eSBTZXQgKFBBUykgaXMg ZGVmaW5lZCBmb3IgYWJzdHJhY3RpbmcgU1JMRyBpbmZvcm1hdGlvbi4gVGhlIG1vdGl2ZSBi ZWhpbmQgdGhlIGludHJvZHVjdGlvbiBvZiB0aGUgUEFTIGlzIHRvIG1pbmltaXplIHRoZSBl eGNoYW5nZSBvZiBkaXZlcnNpdHkgaW5mb3JtYXRpb24gYmV0d2VlbiB0aGUgY29yZSBuZXR3 b3JrIChDTnMpIGFuZCB0aGUgY2xpZW50IGRldmljZXMgKEVOcykuIFRoZSBQQVMgY29udGFp bnMgYW4gYWJzdHJhY3QgU1JMRyBpZGVudGlmaWVyIGFzc29jaWF0ZWQgd2l0aCBhIGdpdmVu IHBhdGggcmF0aGVyIHRoYW4gYSBkZXRhaWxlZCBTUkxHIGxpc3QuIFRoZSBQQVMgaXMgYSBz aW5nbGUgaWRlbnRpZmllciB0aGF0IGNhbiBiZSB1c2VkIHRvIHJlcXVlc3QgZGl2ZXJzaXR5 IGFuZCBhc3NvY2lhdGUgZGl2ZXJzaXR5LiBUaGUgbWVhbnMgYnkgd2hpY2ggdGhlIHByb2Nl c3Npbmcgbm9kZSBkZXRlcm1pbmVzIHRoZSBwYXRoIGNvcnJlc3BvbmRpbmcgdG8gdGhlIFBB UyBpcyBiZXlvbmQgdGhlIHNjb3BlIG9mIHRoaXMgZG9jdW1lbnQuDUEgQ04gb24gdGhlIGNv cmUgbmV0d29yayBib3VuZGFyeSBpbnRlcnByZXRzIHRoZSBzcGVjaWZpYyBQQVMgaWRlbnRp ZmllciAoZS5nLiAiMTIzIikgYXMgbWVhbmluZyB0byBleGNsdWRlIHRoZSBjb3JlIG5ldHdv cmsgU1JMRyBpbmZvcm1hdGlvbiAob3IgZXF1aXZhbGVudCkgdGhhdCBoYXMgYmVlbiBhbGxv Y2F0ZWQgYnkgTFNQcyBhc3NvY2lhdGVkIHdpdGggdGhpcyBQQVMgaWRlbnRpZmllciB2YWx1 ZS4gRm9yIGV4YW1wbGUsIGlmIGEgUGF0aCBleGlzdHMgZm9yIHRoZSBMU1Agd2l0aCB0aGUg UEFTIGlkZW50aWZpZXIgIjEyMyIsIHRoZSBDTiB3b3VsZCB1c2UgbG9jYWwga25vd2xlZGdl IG9mIHRoZSBjb3JlIG5ldHdvcmsgU1JMR3MgYXNzb2NpYXRlZCB3aXRoIHRoZSAiMTIzIiBM U1BzIHRhZ2dlZCB3aXRoIFBBUyBhdHRyaWJ1dGUgkzEyM5QgYW5kIHVzZSB0aG9zZSBTUkxH cyBhcyBjb25zdHJhaW50cyBmb3IgcGF0aCBjb21wdXRhdGlvbi4gSWYgYSBQQVMgaWRlbnRp ZmllciBpcyBpbmNsdWRlZCB1c2VkIGFzIGFuIGZvciBleGNsdXNpb24gaWRlbnRpZmllciBp biB0aGUgY29ubmVjdGlvbiByZXF1ZXN0LCB0aGUgQ04gKFVOSS1OKSBpbiB0aGUgY29yZSBu ZXR3b3JrIGlzIGFzc3VtZWQgdG8gYmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIGV4aXN0aW5n IGNvcmUgbmV0d29yayBTUkxHIGluZm9ybWF0aW9uIGFuZCBjYWxjdWxhdGUgYSBwYXRoIHRo YXQgbWVldHMgdGhlIGRldGVybWluZWQgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzLiANV2hlbiBh IENOIHNhdGlzZmllcyBhIGNvbm5lY3Rpb24gc2V0dXAgZm9yIGEgKFNSTEcpIGRpdmVyc2Ug c2lnbmFsZWQgcGF0aCwgdGhlIENOIG1heSBvcHRpb25hbGx5IHJlY29yZCB0aGUgY29yZSBu ZXR3b3JrIFNSTEcgaW5mb3JtYXRpb24gZm9yIHRoYXQgY29ubmVjdGlvbiBpbiB0ZXJtcyBv ZiBDTiBiYXNlZCBwYXJhbWV0ZXJzIGFuZCBhc3NvY2lhdGVzIHRoYXQgd2l0aCB0aGUgRU4g YWRkcmVzc2VzIGluIHRoZSBQYXRoIG1lc3NhZ2UuIFNwZWNpZmljYWxseSwgZm9yIExheWVy LSAxIFZpcnR1YWwgUHJpdmF0ZSBOZXR3b3JrcyAoTDFWUE5zKSwgUG9ydCBJbmZvcm1hdGlv biBUYWJsZXMgKFBJVCkgW1JGQzUyNTFdIGNhbiBiZSBsZXZlcmFnZWQgdG8gdHJhbnNsYXRl IGJldHdlZW4gY2xpZW50IChFTikgYWRkcmVzc2VzIGFuZCBjb3JlIG5ldHdvcmsgYWRkcmVz c2VzLg1UaGUgbWVhbnMgdG8gZGlzdHJpYnV0ZSB0aGUgUEFTIGluZm9ybWF0aW9uIHdpdGhp biB0aGUgY29yZSBuZXR3b3JrIGlzIGJleW9uZCB0aGUgc2NvcGUgb2YgdGhpcyBkb2N1bWVu dC4gRm9yIGV4YW1wbGUsIHRoZSBQQVMgYW5kIHRoZSBhc3NvY2lhdGVkIFNSTEcgaW5mb3Jt YXRpb24gY2FuIGJlIGRpc3RyaWJ1dGVkIHdpdGhpbiB0aGUgY29yZSBuZXR3b3JrIGJ5IGFu IEludGVyaW9yIEdhdGV3YXkgUHJvdG9jb2wgKElHUCkgb3IgYnkgb3RoZXIgbWVhbnMgc3Vj aCBhcyBjb25maWd1cmF0aW9uLiBSZWdhcmRsZXNzIG9mIG1lYW5zIHVzZWQgdG8gZGlzdHJp YnV0ZSB0aGUgUEFTIGluZm9ybWF0aW9uLCB0aGUgaW5mb3JtYXRpb24gaXMga2VwdCBpbnNp ZGUgY29yZSBuZXR3b3JrIGFuZCBpcyBub3Qgc2hhcmVkIHdpdGggdGhlIG92ZXJsYXkgbmV0 d29yayAoc2VlIEZpZ3VyZSAxKS4NDVJTVlAtVEUgc2lnbmFsaW5nIGV4dGVuc2lvbnMNVGhp cyBzZWN0aW9uIGRlc2NyaWJlcyB0aGUgc2lnbmFsaW5nIGV4dGVuc2lvbnMgcmVxdWlyZWQg dG8gYWRkcmVzcyB0aGUgYWZvcmVtZW50aW9uZWQgcmVxdWlyZW1lbnRzIGFuZCB1c2UgY2Fz ZXMuDURpdmVyc2l0eSBYUk8gU3Vib2JqZWN0DU5ldyBEaXZlcnNpdHkgWFJPIHN1Ym9iamVj dHMgYXJlIGRlZmluZWQgYmVsb3cgZm9yIHRoZSBJUHY0IGFuZCBJUHY2IGFkZHJlc3MgZmFt aWxpZXMuIE1vc3Qgb2YgdGhlIGZpZWxkcyBpbiB0aGUgSVB2NCBhbmQgSVB2NiBEaXZlcnNp dHkgWFJPIHN1Ym9iamVjdHMgYXJlIGNvbW1vbiBhbmQgYXJlIGRlc2NyaWJlZCBmb2xsb3dp bmcgdGhlIGRlZmluaXRpb24gb2YgdGhlIHR3byBzdWJvYmplY3RzLg0NICAgSVB2NCBEaXZl cnNpdHkgWFJPIHN1Ym9iamVjdCBpcyBkZWZpbmVkIGFzIGZvbGxvd3M6DSAgICAwICAgICAg ICAgICAgICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAgICAz ICAgDSAgICAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIDIg MyA0IDUgNiA3IDggOSAwIDEgDSAgICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rDSAgIHxMfCAgWFJPIFR5cGUgICB8 ICAgICBMZW5ndGggICAgfERJIFR5cGV8QS1GbGFnc3xFLUZsYWdzfCBSZXN2ZCB8DSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rDSAgIHwgICAgICAgICAgIElQdjQgRGl2ZXJzaXR5IElkZW50aWZpZXIgU291cmNl IEFkZHJlc3MgICAgICAgICAgICB8DSAgICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rDSAgIHwgICAgICAgICAgICAg ICAgICBEaXZlcnNpdHkgSWRlbnRpZmllciBWYWx1ZSAgICAgICAgICAgICAgICAgICB8DSAg IC8vICAgICAgICAgICAgICAgICAgICAgICAgICAgIC4uLiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIC8vDSAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICB8DSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rDQ0NU2ltaWxhcmx5LCB0 aGUgSVB2NiBEaXZlcnNpdHkgWFJPIHN1Ym9iamVjdCBpcyBkZWZpbmVkIGFzIGZvbGxvd3M6 DSAgICAwICAgICAgICAgICAgICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAg ICAgICAgICAgICAzDSAgICAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4 IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDENICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNICAgfEx8ICBYUk8g VHlwZSAgIHwgICAgIExlbmd0aCAgICB8REkgVHlwZXxBLUZsYWdzfEUtRmxhZ3N8IFJlc3Zk IHwNICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSsNICAgfCAgICAgICAgICAgSVB2NiBEaXZlcnNpdHkgSWRlbnRp ZmllciBzb3VyY2UgYWRkcmVzcyAgICAgICAgICAgIHwNICAgKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNICAgfCAg ICAgICAgIElQdjYgRGl2ZXJzaXR5IElkZW50aWZpZXIgc291cmNlIGFkZHJlc3MgKGNvbnQu KSAgICAgIHwNICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSsNICAgfCAgICAgICAgIElQdjYgRGl2ZXJzaXR5IElk ZW50aWZpZXIgc291cmNlIGFkZHJlc3MgKGNvbnQuKSAgICAgIHwNICAgKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsN ICAgfCAgICAgICAgIElQdjYgRGl2ZXJzaXR5IElkZW50aWZpZXIgc291cmNlIGFkZHJlc3Mg KGNvbnQuKSAgICAgIHwNICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNICAgfCAgICAgICAgICAgICAgICAgIERp dmVyc2l0eSBJZGVudGlmaWVyIFZhbHVlICAgICAgICAgICAgICAgICAgIHwNICAgLy8gICAg ICAgICAgICAgICAgICAgICAgICAgICAgLi4uICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgLy8NICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwNICAgKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNDQ1MOg1UaGUgTC1mbGFnIGlz IHVzZWQgaW4gdGhlIHNhbWUgd2F5IGFzIGZvciB0aGUgWFJPIHN1Ym9iamVjdHMgZGVmaW5l ZCBpbiBbUkZDNDg3NF0sIGkuZS4sDQ0wIGluZGljYXRlcyB0aGF0IHRoZSBhdHRyaWJ1dGUg c3BlY2lmaWVkZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIE1VU1QgYmUgZXhjbHVkZWRzYXRpc2Zp ZWQuDQ0xIGluZGljYXRlcyB0aGF0IHRoZSBhdHRyaWJ1dGUgc3BlY2lmaWVkZGl2ZXJzaXR5 IGNvbnN0cmFpbnRzIFNIT1VMRCBiZSBhdm9pZGVkc2F0aXNmaWVkLg0NWFJPIFR5cGUNDVRo ZSB2YWx1ZSBpcyBzZXQgdG8gVEJBMSBmb3IgdGhlIElQdjQgZERpdmVyc2l0eSBYUk8gc3Vi b2JqZWN0ICh2YWx1ZSB0byBiZSBhc3NpZ25lZCBieSBJQU5BKS4gU2ltaWxhcmx5LCB0VGhl IHZhbHVlIGlzIHNldCB0byBUQkEyIGZvciB0aGUgSVB2NiBkRGl2ZXJzaXR5IFhSTyBzdWJv YmplY3QgKHZhbHVlIHRvIGJlIGFzc2lnbmVkIGJ5IElBTkEpLg0NTGVuZ3RoDVBlciBbUkZD NDg3NF0sIHRoZSBMZW5ndGggY29udGFpbnMgdGhlIHRvdGFsIGxlbmd0aCBvZiB0aGUgSVB2 NC8gSVB2NiBzdWJvYmplY3QgaW4gYnl0ZXMsIGluY2x1ZGluZyB0aGUgWFJPIFR5cGUgYW5k IExlbmd0aCBmaWVsZHMuIFRoZSBMZW5ndGggaXMgdmFyaWFibGUsIGRlcGVuZGluZyBvbiB0 aGUgZGl2ZXJzaXR5IGlkZW50aWZpZXIgdmFsdWUuDURpdmVyc2l0eSBJZGVudGlmaWVyIFR5 cGUgKERJIFR5cGUpDQ1EaXZlcnNpdHkgSWRlbnRpZmllciBUeXBlIChESSBUeXBlKSBpbmRp Y2F0ZXMgdGhlIHdheSB0aGUgcmVmZXJlbmNlIExTUChzKSBvciByb3V0ZShzKSB3aXRoIHdo aWNoIGRpdmVyc2l0eSBpcyByZXF1aXJlZCBpcyBpZGVudGlmaWVkIGluIHRoZSBJUHY0LyBJ UHY2IERpdmVyc2l0eSBzdWJvYmplY3RzLiBUaGUgZm9sbG93aW5nIHRocmVlIERJIHR5cGUg dmFsdWVzIGFyZSBkZWZpbmVkIGluIHRoaXMgZG9jdW1lbnQ6DQ0gICBESSBUeXBlIHZhbHVl ICAgRGVmaW5pdGlvbg0gICAtLS0tLS0tLS0tLS0tICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NICAgICAgICAgMSAgICAgICAgIENsaWVudCBJbml0aWF0ZWQgSWRlbnRp Zmllcg0gICAgICAgICAyICAgICAgICAgUENFIEFsbG9jYXRlZCBJZGVudGlmaWVyDSAgICAg ICAgIDMgICAgICAgICBOZXR3b3JrIEFzc2lnbmVkIElkZW50aWZpZXINDUF0dHJpYnV0ZSBG bGFncyAoQS1GbGFncyk6DVRoZSBBdHRyaWJ1dGUgRmxhZ3MgKEEtRmxhZ3MpIGFyZSB1c2Vk IHRvIGNvbW11bmljYXRlIGRlc2lyYWJsZSBhdHRyaWJ1dGVzIG9mIHRoZSBMU1AgYmVpbmcg c2lnbmFsZWQgaW4gdGhlIElQdjQvIElQdjYgRGl2ZXJzaXR5IHN1Ym9iamVjdHMuIFRoZSBm b2xsb3dpbmcgZmxhZ3MgYXJlIGRlZmluZWQuIEVhY2ggZmxhZyBhY3RzIGluZGVwZW5kZW50 bHkuICBBbnkgY29tYmluYXRpb24gb2YgZmxhZ3MgaXMgcGVybWl0dGVkLiANICAgICAgMHgw MSA9IERlc3RpbmF0aW9uIG5vZGUgZXhjZXB0aW9uDUluZGljYXRlcyB0aGF0IHRoZSBleGNs dXNpb24gZG9lcyBub3QgYXBwbHkgdG8gdGhlIGRlc3RpbmF0aW9uIG5vZGUgb2YgdGhlIExT UCBiZWluZyBzaWduYWxlZC4NICAgICAgMHgwMiA9IFByb2Nlc3Npbmcgbm9kZSBleGNlcHRp b24NSW5kaWNhdGVzIHRoYXQgdGhlIGV4Y2x1c2lvbiBkb2VzIG5vdCBhcHBseSB0byB0aGUg bm9kZShzKSBwZXJmb3JtaW5nIEVSTyBleHBhbnNpb24gZm9yIHRoZSBMU1AgYmVpbmcgc2ln bmFsZWQuIEFuIGluZ3Jlc3MgVU5JLU4gbm9kZSBpcyBhbiBleGFtcGxlIG9mIHN1Y2ggYSBu b2RlLg0gICAgICAweDA0ID0gUGVudWx0aW1hdGUgbm9kZSBleGNlcHRpb24NSW5kaWNhdGVz IHRoYXQgdGhlIHBlbnVsdGltYXRlIG5vZGUgb2YgdGhlIExTUCBiZWluZyBzaWduYWxlZCBN QVkgYmUgc2hhcmVkIHdpdGggdGhlIGV4Y2x1ZGVkIHBhdGggZXZlbiB3aGVuIHRoaXMgdmlv bGF0ZXMgdGhlIGV4Y2x1c2lvbiBmbGFncy4gVGhpcyBmbGFnIGlzIHVzZWZ1bCwgZm9yIGV4 YW1wbGUsIHdoZW4gYW4gRU4gaXMgbm90IGR1YWwtaG9tZWQgKGxpa2UgRU40IGluIEZpZ3Vy ZSAxIHdoZXJlIGFsbCBMU1BzIGhhdmUgdG8gZ28gdGhyb3VnaCBDTjUpLg1UaGUgcGVudWx0 aW1hdGUgbm9kZSBleGNlcHRpb24gZmxhZyBpcyB0eXBpY2FsbHkgc2V0IHdoZW4gdGhlIGRl c3RpbmF0aW9uIG5vZGUgaXMgc2luZ2xlIGhvbWVkIChlLmcuIEVOMSBvciBFTjQgaW4gRmln dXJlIDEpLiBJbiBzdWNoIGEgY2FzZSwgTFNQIGRpdmVyc2l0eSBjYW4gb25seSBiZSBhY2Nv bXBsaXNoZWQgaW5zaWRlIHRoZSBjb3JlIG5ldHdvcmsgdXAgdG8gdGhlIGVncmVzcyBub2Rl IGFuZCB0aGUgcGVudWx0aW1hdGUgaG9wIG11c3QgYmUgdGhlIHNhbWUgZm9yIHRoZSBMU1Bz Lg0weDA4ID0gTFNQIElEIHRvIGJlIGlnbm9yZWQgDVRoaXMgZmxhZyBpcyB1c2VkIHRvIGlu ZGljYXRlIHR1bm5lbCBsZXZlbCBleGNsdXNpb24uIFNwZWNpZmljYWxseSwgdGhpcyBmbGFn IGlzIHVzZWQgdG8gaW5kaWNhdGUgdGhhdCBpZiBkaXZlcnNpdHkgaWRlbnRpZmllciBjb250 YWlucyBsc3AtaWRMU1AgSUQgZmllbGQsIHRoZSBsc3AtaWRMU1AgSUQgaXMgdG8gYmUgaWdu b3JlZCBhbmQgdGhlIGV4Y2x1c2lvbiBhcHBsaWVzIHRvIGFueSBMU1AgbWF0Y2hpbmcgdGhl IHJlc3Qgb2YgdGhlIGRpdmVyc2l0eSBpZGVudGlmaWVyLiANRXhjbHVzaW9uIEZsYWdzIChF LUZsYWdzKToNDVRoZSBFeGNsdXNpb24tIEZsYWdzIGFyZSB1c2VkIHRvIGNvbW11bmljYXRl IHRoZSBkZXNpcmVkIHR5cGUocykgb2YgZXhjbHVzaW9uIHJlcXVlc3RlZCBpbiB0aGUgSVB2 NC8gSVB2NiBkaXZlcnNpdHkgc3Vib2JqZWN0cy4gVGhlIGZvbGxvd2luZyBmbGFncyBhcmUg ZGVmaW5lZC4gQW55IGNvbWJpbmF0aW9uIG9mIHRoZXNlIGZsYWdzIGlzIHBlcm1pdHRlZC4g UGxlYXNlIG5vdGUgdGhhdCB0aGUgZXhjbHVzaW9uIHNwZWNpZmllZCBieSB0aGVzZSBmbGFn cyBtYXkgYmUgbW9kaWZpZWQgYnkgdGhlIHZhbHVlIG9mIHRoZSBBdHRyaWJ1dGUtZmxhZ3Mu IEZvciBleGFtcGxlLCBub2RlIGV4Y2x1c2lvbiBmbGFnIGlzIGlnbm9yZWQgZm9yIHRoZSAi UGVudWx0aW1hdGUgbm9kZSIgaWYgdGhlICJQZW51bHRpbWF0ZSBub2RlIGV4Y2VwdGlvbiIg ZmxhZyBvZiB0aGUgQXR0cmlidXRlLWZsYWdzIGlzIHNldC4NDTB4MDEgPSBTUkxHIGV4Y2x1 c2lvbg0gDUluZGljYXRlcyB0aGF0IHRoZSBwYXRoIG9mIHRoZSBMU1AgYmVpbmcgc2lnbmFs ZWQgaXMgcmVxdWVzdGVkIHRvIGJlIFNSTEctZGl2ZXJzZSBkaXNqb2ludCBmcm9tIHdpdGgg cmVzcGVjdCB0byB0aGUgZXhjbHVkZWQgcGF0aCBzcGVjaWZpZWQgYnkgdGhlIElQdjQvIElQ djYgRGl2ZXJzaXR5IFhSTyBzdWJvYmplY3QuDQ0weDAyID0gTm9kZSBleGNsdXNpb24NDUlu ZGljYXRlcyB0aGF0IHRoZSBwYXRoIG9mIHRoZSBMU1AgYmVpbmcgc2lnbmFsZWQgaXMgcmVx dWVzdGVkIHRvIGJlIG5vZGUtZGl2ZXJzZSBmcm9tIHRoZSBleGNsdWRlZCBwYXRoIHNwZWNp ZmllZCBieSB0aGUgSVB2NC8gSVB2NiBEaXZlcnNpdHkgWFJPIHN1Ym9iamVjdC4NMHgwNCA9 IExpbmsgZXhjbHVzaW9uDQ1JbmRpY2F0ZXMgdGhhdCB0aGUgcGF0aCBvZiB0aGUgTFNQIGJl aW5nIHNpZ25hbGVkIGlzIHJlcXVlc3RlZCB0byBiZSBsaW5rLWRpdmVyc2UgZnJvbSB0aGUg cGF0aCBzcGVjaWZpZWQgYnkgdGhlIElQdjQvIElQdjYgRGl2ZXJzaXR5IFhSTyBzdWJvYmpl Y3QuDQ0weDA4ID0gcmVzZXJ2ZWQNDVRoaXMgZmxhZyBpcyByZXNlcnZlZC4gSXQgTVVTVCBi ZSBzZXQgdG8gemVybyBvbiB0cmFuc21pc3Npb24sIGFuZCBNVVNUIGJlIGlnbm9yZWQgb24g cmVjZWlwdCBmb3IgYm90aCBJUHY0L0lQdjYgRGl2ZXJzaXR5IFhSTyBzdWJvYmplY3RzLg0N UmVzdmQNDVRoaXMgZmllbGQgaXMgcmVzZXJ2ZWQuIEl0IE1VU1QgYmUgc2V0IHRvIHplcm8g b24gdHJhbnNtaXNzaW9uLCBhbmQgTVVTVCBiZSBpZ25vcmVkIG9uIHJlY2VpcHQgZm9yIGJv dGggSVB2NC8gSVB2NiBEaXZlcnNpdHkgWFJPIHN1Ym9iamVjdHMuDQ0NSVB2NCAvIElQdjYg RGl2ZXJzaXR5IElkZW50aWZpZXIgc291cmNlIGFkZHJlc3M6DQ1UaGlzIGZpZWxkIE1VU1Qg YmUgc2V0IHRvIHRoZSBJUHY0LyBJUHY2IGFkZHJlc3Mgb2YgdGhlIG5vZGUgdGhhdCBhc3Np Z25zIHRoZSBkaXZlcnNpdHkgaWRlbnRpZmllci4gRGVwZW5kaW5nIG9uIHRoZSBkaXZlcnNp dHkgaWRlbnRpZmllciB0eXBlLCB0aGUgZGl2ZXJzaXR5IGlkZW50aWZpZXIgc291cmNlIG1h eSBiZSBhIGNsaWVudCBub2RlLCBQQ0UgZW50aXR5IG9yIG5ldHdvcmsgbm9kZS4gU3BlY2lm aWNhbGx5Og0gIFdoZW4gdGhlIGRpdmVyc2l0eSBpZGVudGlmaWVyIHR5cGUgaXMgc2V0IHRv ICJJUHY0LyBJUHY2IENsaWVudCBJbml0aWF0ZWQgSWRlbnRpZmllciIsIHRoZSB2YWx1ZSBN VVNUIGJlIHNldCB0byBJUHY0LyBJUHY2IHR1bm5lbCBzZW5kZXIgYWRkcmVzcyBvZiB0aGUg cmVmZXJlbmNlIExTUCBhZ2FpbnN0IHdoaWNoIGRpdmVyc2l0eSBpcyBkZXNpcmVkLiBJUHY0 LyBJUHY2IHR1bm5lbCBzZW5kZXIgYWRkcmVzcyBpcyBhcyBkZWZpbmVkIGluIFtSRkMzMjA5 XS4NICBXaGVuIHRoZSBkaXZlcnNpdHkgaWRlbnRpZmllciB0eXBlIGlzIHNldCB0byAiSVB2 NC8gSVB2NiBQQ0UgQWxsb2NhdGVkIElkZW50aWZpZXIiLCB0aGUgdmFsdWUgTVVTVCBiZSBz ZXQgdG8gdGhlIElQdjQvIElQdjYgYWRkcmVzcyBvZiB0aGUgbm9kZSB0aGF0IGFzc2lnbmVk IHRoZSBQYXRoIEtleSBpZGVudGlmaWVyIGFuZCB0aGF0IGNhbiByZXR1cm4gYW4gZXhwYW5z aW9uIG9mIHRoZSBQYXRoIEtleSBvciB1c2UgdGhlIFBhdGggS2V5IGFzIGV4Y2x1c2lvbiBp biBhIHBhdGggY29tcHV0YXRpb24uIFRoZSBQYXRoIEtleSBpcyBkZWZpbmVkIGluIFtSRkM1 NTUzXS4gVGhlIFBDRS1JRCBpcyBjYXJyaWVkIGluIHRoZSBEaXZlcnNpdHkgSWRlbnRpZmll ciBTb3VyY2UgQWRkcmVzcyBmaWVsZCBvZiB0aGUgc3Vib2JqZWN0Lg0gIFdoZW4gdGhlIGRp dmVyc2l0eSBpZGVudGlmaWVyIHR5cGUgaXMgc2V0IHRvICJJUHY0LyBJUHY2IE5ldHdvcmsg QXNzaWduZWQgSWRlbnRpZmllciIsIHRoZSB2YWx1ZSBNVVNUIGJlIHNldCB0byB0aGUgSVB2 NC8gSVB2NiBhZGRyZXNzIG9mIHRoZSBub2RlIGFsbG9jYXRpbmcgdGhlIFBhdGggQWZmaW5p dHkgU2V0IChQQVMpLg1EaXZlcnNpdHkgSWRlbnRpZmllciBWYWx1ZToNDUVuY29kaW5nIGZv ciB0aGlzIGZpZWxkIGRlcGVuZHMgb24gdGhlIGRpdmVyc2l0eSBpZGVudGlmaWVyIHR5cGUs IGFzIGRlZmluZWQgaW4gdGhlIGZvbGxvd2luZy4NV2hlbiB0aGUgZGl2ZXJzaXR5IGlkZW50 aWZpZXIgdHlwZSBpcyBzZXQgdG8gIkNsaWVudCBJbml0aWF0ZWQgSWRlbnRpZmllciIgaW4g dGhlIElQdjQgRGl2ZXJzaXR5IFhSTyBzdWJvYmplY3QsIHRoZSBkaXZlcnNpdHkgaWRlbnRp ZmllciB2YWx1ZSBNVVNUIGJlIGVuY29kZWQgYXMgZm9sbG93czoNDQ0gICAgMCAgICAgICAg ICAgICAgICAgICAxICAgICAgICAgICAgICAgICAgIDIgICAgICAgICAgICAgICAgICAgMyAg IA0gICAgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMg NCA1IDYgNyA4IDkgMCAxIA0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKw18ICAgICAgICAgICAgICAgICBJUHY0IHR1 bm5lbCBlbmQgcG9pbnQgYWRkcmVzcyAgICAgICAgICAgICAgICAgfA0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKw18 ICAgICAgICAgIE11c3QgQmUgWmVybyAgICAgICAgIHwgICAgIFR1bm5lbCBJRCAgICAgICAg ICAgICAgICAgfA0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKw18ICAgICAgICAgICAgICAgICAgICAgICBFeHRlbmRl ZCBUdW5uZWwgSUQgICAgICAgICAgICAgICAgICAgICAgfA0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKw18ICAgICAg ICAgIE11c3QgQmUgWmVybyAgICAgICAgIHwgICAgICAgICAgICBMU1AgSUQgICAgICAgICAg ICAgfA0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r LSstKy0rLSstKy0rLSstKw0NVGhlIElQdjQgdHVubmVsIGVuZCBwb2ludCBhZGRyZXNzLCBU dW5uZWwgSUQsIEV4dGVuZGVkIFR1bm5lbCBJRCBhbmQgTFNQIElEIGFyZSBhcyBkZWZpbmVk IGluIFtSRkMzMjA5XS4NV2hlbiB0aGUgZGl2ZXJzaXR5IGlkZW50aWZpZXIgdHlwZSBpcyBz ZXQgdG8gIklQdjYgQ2xpZW50IEluaXRpYXRlZCBJZGVudGlmaWVyIiBpbiB0aGUgSVB2NiBE aXZlcnNpdHkgWFJPIHN1Ym9iamVjdCwgdGhlIGRpdmVyc2l0eSBpZGVudGlmaWVyIHZhbHVl IE1VU1QgYmUgZW5jb2RlZCBhcyBmb2xsb3dzOg0NICAgIDAgICAgICAgICAgICAgICAgICAg MSAgICAgICAgICAgICAgICAgICAyICAgICAgICAgICAgICAgICAgIDMgICANICAgIDAgMSAy IDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5 IDAgMSANKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICAgICAgICAgSVB2NiB0dW5uZWwgZW5kIHBv aW50IGFkZHJlc3MgICAgICAgICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICAg ICBJUHY2IHR1bm5lbCBlbmQgcG9pbnQgYWRkcmVzcyAoY29udC4pICAgICAgICAgICAgIHwN Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSsNfCAgICAgICAgICAgICBJUHY2IHR1bm5lbCBlbmQgcG9pbnQgYWRkcmVz cyAoY29udC4pICAgICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICAgICBJUHY2 IHR1bm5lbCBlbmQgcG9pbnQgYWRkcmVzcyAoY29udC4pICAgICAgICAgICAgIHwNKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSsNfCAgICAgICAgICBNdXN0IEJlIFplcm8gICAgICAgICB8ICAgICBUdW5uZWwgSUQg ICAgICAgICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICAgICAgICAgICAgICAg RXh0ZW5kZWQgVHVubmVsIElEICAgICAgICAgICAgICAgICAgICAgIHwNKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsN fCAgICAgICAgICAgICAgICAgICBFeHRlbmRlZCBUdW5uZWwgSUQgKGNvbnQuKSAgICAgICAg ICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICAgICAgICAgICBFeHRlbmRlZCBU dW5uZWwgSUQgKGNvbnQuKSAgICAgICAgICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNfCAgICAg ICAgICAgICAgICAgICBFeHRlbmRlZCBUdW5uZWwgSUQgKGNvbnQuKSAgICAgICAgICAgICAg ICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSsNfCAgICAgICAgICBNdXN0IEJlIFplcm8gICAgICAgICB8ICAg ICAgICAgICAgTFNQIElEICAgICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsNDVRoZSBJUHY2IHR1 bm5lbCBlbmQgcG9pbnQgYWRkcmVzcywgVHVubmVsIElELCBJUHY2IEV4dGVuZGVkIFR1bm5l bCBJRCBhbmQgTFNQIElEIGFyZSBhcyBkZWZpbmVkIGluIFtSRkMzMjA5XS4gDVdoZW4gdGhl IGRpdmVyc2l0eSBpZGVudGlmaWVyIHR5cGUgaXMgc2V0IHRvICJQQ0UgQWxsb2NhdGVkIElk ZW50aWZpZXIiIGluIElQdjQgb3IgSVB2NiBEaXZlcnNpdHkgWFJPIHN1Ym9iamVjdCwgdGhl IGRpdmVyc2l0eSBpZGVudGlmaWVyIHZhbHVlIE1VU1QgYmUgZW5jb2RlZCBhcyBmb2xsb3dz Og0gICAgMCAgICAgICAgICAgICAgICAgICAxICAgICAgICAgICAgICAgICAgIDIgICAgICAg ICAgICAgICAgICAgMyAgIA0gICAgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2 IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIA0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKw18ICAgICAgICAg TXVzdCBCZSBaZXJvICAgICAgICAgIHwgICAgICAgICAgIFBhdGggS2V5ICAgICAgICAgICAg fA0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKw0NVGhlIFBhdGggS2V5IGlzIGRlZmluZWQgaW4gW1JGQzU1NTNdLg1X aGVuIHRoZSBkaXZlcnNpdHkgaWRlbnRpZmllciB0eXBlIGlzIHNldCB0byAiTmV0d29yayBB c3NpZ25lZCBJZGVudGlmaWVyIiBpbiBJUHY0IG9yIElQdjYgRGl2ZXJzaXR5IFhSTyBzdWJv YmplY3QsIHRoZSBkaXZlcnNpdHkgaWRlbnRpZmllciB2YWx1ZSBNVVNUIGJlIGVuY29kZWQg YXMgZm9sbG93czoNICAgIDAgICAgICAgICAgICAgICAgICAgMSAgICAgICAgICAgICAgICAg ICAyICAgICAgICAgICAgICAgICAgIDMgICANICAgIDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAx IDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSANKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsN fCAgICAgICAgICAgICBQYXRoIEFmZmluaXR5IFNldCAoUEFTKSBpZGVudGlmaWVyICAgICAg ICAgICAgICAgIHwNKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst Ky0rLSstKy0rLSstKy0rLSstKy0rLSsNDVRoZSBQYXRoIEFmZmluaXR5IFNldCAoUEFTKSBp ZGVudGlmaWVyIGZpZWxkIGlzIGEgMzItYml0IHZhbHVlIHRoYXQgaXMgc2NvcGVkIGJ5LCBp LmUuLCBpcyBvbmx5IG1lYW5pbmdmdWwgd2hlbiB1c2VkIGluIGNvbWJpbmF0aW9uIHdpdGgs IHRoZSBEaXZlcnNpdHkgSWRlbnRpZmllciBzb3VyY2UgYWRkcmVzcyBmaWVsZC4gVGhlcmUg YXJlIG5vIHJlc3RyaWN0aW9ucyBvbiBob3cgYSBub2RlIHNlbGVjdHMgYSBQQVMgaWRlbnRp ZmllciB2YWx1ZS4goKBTZWN0aW9uIDEuMyBkZWZpbmVzIHRoZSBQQVMgdGVybSBhbmQgcHJv dmlkZXMgY29udGV4dCBvbiBob3cgdmFsdWVzIG1heSBiZSBzZWxlY3RlZC4NDURpdmVyc2l0 eSBFWFJTIFN1Ym9iamVjdA1bUkZDNDg3NF0gZGVmaW5lcyB0aGUgRVhSUyBFUk8gc3Vib2Jq ZWN0LiBBbiBFWFJTIGlzIHVzZWQgdG8gaWRlbnRpZnkgYWJzdHJhY3Qgbm9kZXMgb3IgcmVz b3VyY2VzIHRoYXQgbXVzdCBub3Qgb3Igc2hvdWxkIG5vdCBiZSB1c2VkIG9uIHRoZSBwYXRo IGJldHdlZW4gdHdvIGluY2x1c2l2ZSBhYnN0cmFjdCBub2RlcyBvciByZXNvdXJjZXMgaW4g dGhlIGV4cGxpY2l0IHJvdXRlLiBBbiBFWFJTIGNvbnRhaW5zIG9uZSBvciBtb3JlIHN1Ym9i amVjdHMgb2YgaXRzIG93biwgY2FsbGVkIEVYUlMgc3Vib2JqZWN0cyBbUkZDNDg3NF0uDUFu IEVYUlMgTUFZIGluY2x1ZGUgYSBEaXZlcnNpdHkgc3Vib2JqZWN0IGFzIHNwZWNpZmllZCBp biB0aGlzIGRvY3VtZW50LiBUaGUgc2FtZSB0eXBlIHZhbHVlcyBUQkExIGFuZCBUQkEyIFNI QUxMIE1VU1QgYmUgdXNlZC4NUHJvY2Vzc2luZyBydWxlcyBmb3IgdGhlIERpdmVyc2l0eSBY Uk8gYW5kIEVYUlMgc3Vib2JqZWN0cw1UaGUgcHJvY2VkdXJlIGRlZmluZWQgaW4gW1JGQzQ4 NzRdIGZvciBwcm9jZXNzaW5nIHRoZSBYUk8gYW5kIEVYUlMgaXMgbm90IGNoYW5nZWQgYnkg dGhpcyBkb2N1bWVudC4gVGhlIHByb2Nlc3NpbmcgcnVsZXMgZm9yIHRoZSBEaXZlcnNpdHkg WFJPIGFuZCBFWFJTIHN1Ym9iamVjdHMgYXJlIHNpbWlsYXIgdW5sZXNzIHRoZSBkaWZmZXJl bmNlcyBhcmUgZXhwbGljaXRseSBkZXNjcmliZWQuIFNpbWlsYXJseSwgSVB2NCBhbmQgSVB2 NiBEaXZlcnNpdHkgWFJPIHN1Ym9iamVjdHMgYW5kIElQdjQgYW5kIElQdjYgRGl2ZXJzaXR5 IEVYUlMgc3Vib2JqZWN0cyBmb2xsb3cgdGhlIHNhbWUgcHJvY2Vzc2luZyBydWxlcy4gDUlm IHRoZSBwcm9jZXNzaW5nIG5vZGUgY2Fubm90IHJlY29nbml6ZSB0aGUgRGl2ZXJzaXR5IFhS Ty8gRVhSUyBzdWJvYmplY3QsIHRoZSBub2RlIGlzIGV4cGVjdGVkIHRvIGZvbGxvdyB0aGUg cHJvY2VkdXJlIGRlZmluZWQgaW4gW1JGQzQ4NzRdLg1BbiBYUk8vIEVYUlMgb2JqZWN0IE1B WSBjb250YWluIG11bHRpcGxlIERpdmVyc2l0eSBzdWJvYmplY3RzIG9mIHRoZSBzYW1lIERJ IFR5cGUuIEUuZy4sIGluIG9yZGVyIHRvIGV4Y2x1ZGUgbXVsdGlwbGUgUGF0aCBLZXlzLCBh IG5vZGUgTUFZIGluY2x1ZGUgbXVsdGlwbGUgRGl2ZXJzaXR5IFhSTyBzdWJvYmplY3RzIGVh Y2ggd2l0aCBhIGRpZmZlcmVudCBQYXRoIEtleS4gU2ltaWxhcmx5LCBpbiBvcmRlciB0byBl eGNsdWRlIHRoZSByb3V0ZXMgdGFrZW4gYnkgbXVsdGlwbGUgTFNQcywgYSBub2RlIE1BWSBp bmNsdWRlIG11bHRpcGxlIERpdmVyc2l0eSBYUk8vIEVYUlMgc3Vib2JqZWN0cyBlYWNoIHdp dGggYSBkaWZmZXJlbnQgTFNQIGlkZW50aWZpZXIuIExpa2V3aXNlLCB0byBleGNsdWRlIG11 bHRpcGxlIFBBUyBpZGVudGlmaWVycywgYSBub2RlIE1BWSBpbmNsdWRlIG11bHRpcGxlIERp dmVyc2l0eSBYUk8vIEVYUlMgc3Vib2JqZWN0cyBlYWNoIHdpdGggYSBkaWZmZXJlbnQgUEFT IGlkZW50aWZpZXIuIEhvd2V2ZXIsIGFsbCBEaXZlcnNpdHkgc3Vib2JqZWN0cyBpbiBhbiBY Uk8vIEVYUlMgTVVTVCBjb250YWluIHRoZSBzYW1lIERpdmVyc2l0eSBJZGVudGlmaWVyIFR5 cGUuIElmIGEgUGF0aCBtZXNzYWdlIGNvbnRhaW5zIGFuIFhSTy8gRVhSUyB3aXRoIG11bHRp cGxlIERpdmVyc2l0eSBzdWJvYmplY3RzIG9mIGRpZmZlcmVudCBESSBUeXBlcywgdGhlIHBy b2Nlc3Npbmcgbm9kZSBNVVNUIHJldHVybiBhIFBhdGhFcnIgd2l0aCB0aGUgZXJyb3IgY29k ZSAiUm91dGluZyBQcm9ibGVtIiAoMjQpIGFuZCBlcnJvciBzdWItY29kZSAiWFJPLyBFWFJT IFRvbyBDb21wbGV4IiAoNjgvIDY5KS4NSWYgdGhlIHByb2Nlc3Npbmcgbm9kZSByZWNvZ25p emVzIHRoZSBEaXZlcnNpdHkgWFJPLyBFWFJTIHN1Ym9iamVjdCBidXQgZG9lcyBub3Qgc3Vw cG9ydCB0aGUgREkgdHlwZSwgaXQgTVVTVCByZXR1cm4gYSBQYXRoRXJyIHdpdGggdGhlIGVy cm9yIGNvZGUgIlJvdXRpbmcgUHJvYmxlbSIgKDI0KSBhbmQgZXJyb3Igc3ViLWNvZGUgIlVu c3VwcG9ydGVkIERpdmVyc2l0eSBJZGVudGlmaWVyIFR5cGUiIChUQkEzKS4NSW4gY2FzZSBv ZiBESSB0eXBlICJDbGllbnQgSW5pdGlhdGVkIElkZW50aWZpZXIiLCBhbGwgbm9kZXMgYWxv bmcgdGhlIHBhdGggU0hPVUxEIHByb2Nlc3MgdGhlIGRpdmVyc2l0eSBpbmZvcm1hdGlvbiBz aWduYWxlZCBpbiB0aGUgWFJPLyBFWFJTIERpdmVyc2l0eSBzdWJvYmplY3RzIHRvIHZlcmlm eSB0aGF0IHRoZSBzaWduYWxlZCBkaXZlcnNpdHkgY29uc3RyYWludCBpcyBzYXRpc2ZpZWQu IElmIGEgZGl2ZXJzaXR5IHZpb2xhdGlvbiBpcyBkZXRlY3RlZCwgY3JhbmtiYWNrIHNpZ25h bGluZyBNQVkgYmUgaW5pdGlhdGVkLg1JbiBjYXNlIG9mIERJIHR5cGUgIlBDRSBBbGxvY2F0 ZWQgSWRlbnRpZmllciIgYW5kICJOZXR3b3JrIEFzc2lnbmVkIElkZW50aWZpZXIiLCB0aGUg bm9kZXMgaW4gdGhlIGRvbWFpbiB0aGF0IHBlcmZvcm0gcGF0aCBjb21wdXRhdGlvbiBTSE9V TEQgcHJvY2VzcyB0aGUgZGl2ZXJzaXR5IGluZm9ybWF0aW9uIHNpZ25hbGVkIGluIHRoZSBY Uk8vIEVYUlMgRGl2ZXJzaXR5IHN1Ym9iamVjdHMgYXMgZm9sbG93cy4gSW4gdGhlIFBDRSBj YXNlLCBUeXBpY2FsbHksIHRoZSBpbmdyZXNzIG5vZGUgb2YgYSBkb21haW4gc2VuZHMgYSBw YXRoIGNvbXB1dGF0aW9uIHJlcXVlc3QgZm9yIGEgcGF0aCBmcm9tIGluZ3Jlc3Mgbm9kZSB0 byBlZ3Jlc3Mgbm9kZSBpbmNsdWRpbmcgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIHRvIGEgUENF LiBvT3IsaW4gdGhlIFBBUyBjYXNlLCB0aGUgaW5ncmVzcyBub2RlIGlzIGNhcGFibGUgdG8g Y2FsY3VsYXRlIHRoZSBwYXRoIGZvciB0aGVhIG5ldyBMU1AgZnJvbSBpbmdyZXNzIG5vZGUg dG8gdGhlIGVncmVzcyBub2RlIHRha2luZyB0aGUgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIGlu dG8gYWNjb3VudC4gVGhlIGNhbGN1bGF0ZWQgcGF0aCBpcyB0aGVuIGNhcnJpZWQgaW4gdGhl IGV4cGxpY2l0IHJvdXRlIG9iamVjdCAoRVJPKS4gSGVuY2UsIHRoZSB0cmFuc2l0IG5vZGVz IGluIGEgZG9tYWluIGFuZCB0aGUgZG9tYWluIGVncmVzcyBub2RlIFNIT1VMRCBOT1QgcHJv Y2VzcyB0aGUgc2lnbmFsZWQgZGl2ZXJzaXR5IGluZm9ybWF0aW9uIHVubGVzcyBwYXRoIGNv bXB1dGF0aW9uIGlzIHBlcmZvcm1lZC4NV2hpbGUgcHJvY2Vzc2luZyBFWFJTIG9iamVjdCwg aWYgYSBsb29zZS0gaG9wIGV4cGFuc2lvbiByZXN1bHRzIGluIHRoZSBjcmVhdGlvbiBvZiBh bm90aGVyIGxvb3NlLSBob3AgaW4gdGhlIG91dGdvaW5nIEVSTywgdGhlIHByb2Nlc3Npbmcg bm9kZSBNQVkgaW5jbHVkZSB0aGUgRVhSUyBpbiB0aGUgbmV3bHkgY3JlYXRlZCBsb29zZSBo b3AgZm9yIGZ1cnRoZXIgcHJvY2Vzc2luZyBieSBkb3duc3RyZWFtIG5vZGVzLiANVGhlIGFB dHRyaWJ1dGUtZmxhZ3MgYWZmZWN0IHRoZSBwcm9jZXNzaW5nIG9mIHRoZSBEaXZlcnNpdHkg WFJPLyBFWFJTIHN1Ym9iamVjdCBhcyBmb2xsb3dzOiANV2hlbiB0aGUgInBQcm9jZXNzaW5n IG5vZGUgZXhjZXB0aW9uIiBmbGFnIGlzIHNldCwgdGhlIGV4Y2x1c2lvbiBNVVNUIGJlIGln bm9yZWQgZm9yIHRoZSBub2RlIHByb2Nlc3NpbmcgdGhlIFhSTyBvciBFWFJTIHN1Ym9iamVj dC4gDVdoZW4gdGhlICJkRGVzdGluYXRpb24gbm9kZSBleGNlcHRpb24iIGZsYWcgaXMgc2V0 LCB0aGUgZXhjbHVzaW9uIE1VU1QgYmUgaWdub3JlZCBmb3IgdGhlIGRlc3RpbmF0aW9uIG5v ZGUgaW4gcHJvY2Vzc2luZyB0aGUgWFJPIHN1Ym9iamVjdC4gVGhlIGRlc3RpbmF0aW9uIG5v ZGUgZXhjZXB0aW9uIGZvciB0aGUgRVhSUyBzdWJvYmplY3QgYXBwbGllcyB0byB0aGUgZXhw bGljaXQgbm9kZSBpZGVudGlmaWVkIGJ5IHRoZSBFUk8gc3Vib2JqZWN0IHRoYXQgaWRlbnRp ZmllcyB0aGUgbmV4dCBhYnN0cmFjdCBub2RlLiBXaGVuIHRoZSAiZGVzdGluYXRpb24gbm9k ZSBleGNlcHRpb24iIGZsYWcgaXMgc2V0IGluIHRoZSBFWFJTIHN1Ym9iamVjdCwgZXhjbHVz aW9uIE1VU1QgYmUgaWdub3JlZCBmb3IgdGhlIHNhaWQgbm9kZSAoaS5lLiwgdGhlIG5leHQg YWJzdHJhY3Qgbm9kZSkuDSBXaGVuIHRoZSAicFBlbnVsdGltYXRlIG5vZGUgZXhjZXB0aW9u IiBmbGFnIGlzIHNldCBpbiB0aGUgWFJPIHN1Ym9iamVjdCwgdGhlIGV4Y2x1c2lvbiBNVVNU IGJlIGlnbm9yZWQgZm9yIHRoZSBwZW51bHRpbWF0ZSBub2RlIG9uIHRoZSBwYXRoIG9mIHRo ZSBMU1AgYmVpbmcgZXN0YWJsaXNoZWQuIFRoZSBwZW51bHRpbWF0ZSBub2RlIGV4Y2VwdGlv biBmb3IgdGhlIEVYUlMgc3Vib2JqZWN0IGFwcGxpZXMgdG8gdGhlIG5vZGUgYmVmb3JlIHRo ZSBleHBsaWNpdCBub2RlIGlkZW50aWZpZWQgYnkgdGhlIEVSTyBzdWJvYmplY3QgdGhhdCBp ZGVudGlmaWVzIHRoZSBuZXh0IGFic3RyYWN0IG5vZGUuIFdoZW4gdGhlICJwZW51bHRpbWF0 ZSBub2RlIGV4Y2VwdGlvbiIgZmxhZyBpcyBzZXQgaW4gdGhlIEVYUlMgc3Vib2JqZWN0LCB0 aGUgZXhjbHVzaW9uIE1VU1QgYmUgaWdub3JlZCBmb3IgdGhlIHNhaWQgbm9kZSAoaS5lLiwg dGhlIG5vZGUgYmVmb3JlIHRoZSBuZXh0IGFic3RyYWN0IG5vZGUpLiANSWYgdGhlIEwtZmxh ZyBvZiB0aGUgZERpdmVyc2l0eSBYUk8gc3Vib2JqZWN0IG9yIGREaXZlcnNpdHkgRVhSUyBz dWJvYmplY3QgaXMgbm90IHNldCwgdGhlIHByb2Nlc3Npbmcgbm9kZSBwcm9jZWVkcyBhcyBm b2xsb3dzLiANSWYgdGhlIERpdmVyc2l0eSBJZGVudGlmaWVyIFR5cGUgaXMgc2V0IHRvICJJ UHY0L0lQdjYgQ2xpZW50IEluaXRpYXRlZCBJZGVudGlmaWVycyIsIHRoZSBwcm9jZXNzaW5n IG5vZGUgTVVTVCBlbnN1cmUgdGhhdCB0aGUgcGF0aCBjYWxjdWxhdGVkLyBleHBlYW5kZWQg Zm9yIHRoZSBzaWduYWxlZCBMU1AgaXMgZGl2ZXJzZSBmcm9tIHRoZSByb3V0ZSB0YWtlbiBi eSB0aGUgTFNQIGlkZW50aWZpZWQgaW4gdGhlIERpdmVyc2l0eSBJZGVudGlmaWVyIFZhbHVl IGZpZWxkLg1JZiB0aGUgRGl2ZXJzaXR5IElkZW50aWZpZXIgVHlwZSBpcyBzZXQgdG8gIklQ djQvSVB2NiBQQ0UgQWxsb2NhdGVkIElkZW50aWZpZXJzIiwgdGhlIHByb2Nlc3Npbmcgbm9k ZSBNVVNUIGVuc3VyZSB0aGF0IGFueSBwYXRoIGNhbGN1bGF0ZWQgZm9yIHRoZSBzaWduYWxl ZCBMU1AgaXMgZGl2ZXJzZSBmcm9tIHRoZSByb3V0ZSBpZGVudGlmaWVkIGJ5IHRoZSBQYXRo LSBLZXkuIFRoZSBwcm9jZXNzaW5nIG5vZGUgTUFZIHVzZSB0aGUgUENFIGlkZW50aWZpZWQg YnkgdGhlIElQdjQvSVB2NiBEaXZlcnNpdHkgSWRlbnRpZmllciBTb3VyY2UgQWRkcmVzcyBp biB0aGUgc3Vib2JqZWN0IGZvciByb3V0ZSBjb21wdXRhdGlvbi4gVGhlIHByb2Nlc3Npbmcg bm9kZSBNQVkgdXNlIHRoZSBQYXRoLSBLZXkgcmVzb2x1dGlvbiBtZWNoYW5pc21zIGRlc2Ny aWJlZCBpbiBbUkZDNTU1M10uDUlmIHRoZSBEaXZlcnNpdHkgSWRlbnRpZmllciBUeXBlIGlz IHNldCB0byAiSVB2NC9JUHY2IE5ldHdvcmsgQXNzaWduZWQgSWRlbnRpZmllcnMiLCB0aGUg cHJvY2Vzc2luZyBub2RlIE1VU1QgZW5zdXJlIHRoYXQgdGhlIHBhdGggY2FsY3VsYXRlZCBm b3IgdGhlIHNpZ25hbGVkIExTUCBpcyBkaXZlcnNlIHdpdGggcmVzcGVjdCB0byB0aGUgdmFs dWVzIGFzc29jaWF0ZWQgd2l0aCB0aGUgUEFTIGlkZW50aWZpZXIgYW5kIERpdmVyc2l0eSBJ ZGVudGlmaWVyIHNvdXJjZSBhZGRyZXNzIGZpZWxkcy4gDVJlZ2FyZGxlc3Mgb2Ygd2hldGhl ciB0aGUgcGF0aCBjb21wdXRhdGlvbiBpcyBwZXJmb3JtZWQgbG9jYWxseSBvciBhdCBhIHJl bW90ZSBub2RlIChlLmcuLCBQQ0UpLCB0aGUgcHJvY2Vzc2luZyBub2RlIE1VU1QgZW5zdXJl IHRoYXQgYW55IHBhdGggY2FsY3VsYXRlZCBmb3IgdGhlIHNpZ25hbGVkIExTUCBpcyBkaXZl cnNlIGZyb20gdGhlIHJlcXVlc3RlZCBFeGNsdXNpb24gRmxhZ3MuDUlmIHRoZSBleGNsdWRl ZCBwYXRoIHJlZmVyZW5jZWQgaW4gdGhlIFhSTyBzdWJvYmplY3QgaXMgdW5rbm93biB0byB0 aGUgcHJvY2Vzc2luZyBub2RlLCB0aGUgcHJvY2Vzc2luZyBub2RlIFNIT1VMRCBpZ25vcmUg dGhlIGREaXZlcnNpdHkgWFJPIHN1Ym9iamVjdCBhbmQgU0hPVUxEIHByb2NlZWQgd2l0aCB0 aGUgc2lnbmFsaW5nIHJlcXVlc3QuIEFmdGVyIHNlbmRpbmcgdGhlIFJlc3YgZm9yIHRoZSBz aWduYWxlZCBMU1AsIHRoZSBwcm9jZXNzaW5nIG5vZGUgTVVTVCByZXR1cm4gYSBQYXRoRXJy IHdpdGggdGhlIGVycm9yIGNvZGUgIk5vdGlmeSBFcnJvciIgKDI1KSBhbmQgZXJyb3Igc3Vi LWNvZGUgVEJBNCAiUm91dGUgb2YgWFJPIExTUCBpZGVudGlmaWVyIHVua25vd24iICh2YWx1 ZSB0byBiZSBhc3NpZ25lZCBieSBJQU5BKSBmb3IgdGhlIHNpZ25hbGVkIExTUC4NSWYgdGhl IHByb2Nlc3Npbmcgbm9kZSBmYWlscyB0byBmaW5kIGEgcGF0aCB0aGF0IG1lZXRzIHRoZSBy ZXF1ZXN0ZWQgY29uc3RyYWludCwgdGhlIHByb2Nlc3Npbmcgbm9kZSBNVVNUIHJldHVybiBh IFBhdGhFcnIgd2l0aCB0aGUgZXJyb3IgY29kZSAiUm91dGluZyBQcm9ibGVtIiAoMjQpIGFu ZCBlcnJvciBzdWItY29kZSAiUm91dGUgYmxvY2tlZCBieSBFeGNsdWRlIFJvdXRlIiAoNjcp Lg1JZiB0aGUgTC1mbGFnIG9mIHRoZSBEaXZlcnNpdHkgWFJPIGRpdmVyc2l0eSBzdWJvYmpl Y3Qgb3IgRGl2ZXJzaXR5IEVYUlMgZGl2ZXJzaXR5IHN1Ym9iamVjdCBpcyBzZXQsIHRoZSBw cm9jZXNzaW5nIG5vZGUgcHJvY2VlZHMgYXMgZm9sbG93czoNSWYgdGhlIERpdmVyc2l0eSBJ ZGVudGlmaWVyIFR5cGUgaXMgc2V0IHRvICJJUHY0L0lQdjYgQ2xpZW50IEluaXRpYXRlZCBJ ZGVudGlmaWVycyIsIHRoZSBwcm9jZXNzaW5nIG5vZGUgU0hPVUxEIGVuc3VyZSB0aGF0IHRo ZSBwYXRoIGNhbGN1bGF0ZWQvIGV4cGVuZGVkIGZvciB0aGUgc2lnbmFsZWQgTFNQIGlzIGRp dmVyc2UgZnJvbSB0aGUgcm91dGUgdGFrZW4gYnkgdGhlIExTUCBpZGVudGlmaWVkIGluIHRo ZSBEaXZlcnNpdHkgSWRlbnRpZmllciBWYWx1ZSBmaWVsZC4NSWYgdGhlIERpdmVyc2l0eSBJ ZGVudGlmaWVyIFR5cGUgaXMgc2V0IHRvICJJUHY0L0lQdjYgUENFIEFsbG9jYXRlZCBJZGVu dGlmaWVycyIsIHRoZSBwcm9jZXNzaW5nIG5vZGUgU0hPVUxEIGVuc3VyZSB0aGF0IHRoZSBw YXRoIGNhbGN1bGF0ZWQgZm9yIHRoZSBzaWduYWxlZCBMU1AgaXMgZGl2ZXJzZSBmcm9tIHRo ZSByb3V0ZSBpZGVudGlmaWVkIGJ5IHRoZSBQYXRoLSBLZXkuDUlmIHRoZSBEaXZlcnNpdHkg SWRlbnRpZmllciBUeXBlIGlzIHNldCB0byAiSVB2NC9JUHY2IE5ldHdvcmsgQXNzaWduZWQg SWRlbnRpZmllcnMiLCB0aGUgcHJvY2Vzc2luZyBub2RlIFNIT1VMRCBlbnN1cmUgdGhhdCB0 aGUgcGF0aCBjYWxjdWxhdGVkIGZvciB0aGUgc2lnbmFsZWQgTFNQIGlzIGRpdmVyc2Ugd2l0 aCByZXNwZWN0IHRvIHRoZSB2YWx1ZXMgYXNzb2NpYXRlZCB3aXRoIHRoZSBQQVMgaWRlbnRp ZmllciBhbmQgRGl2ZXJzaXR5IElkZW50aWZpZXIgc291cmNlIGFkZHJlc3MgZmllbGRzLg1J ZiB0aGUgcHJvY2Vzc2luZyBub2RlIGZhaWxzIHRvIGZpbmQgYSBwYXRoIHRoYXQgbWVldHMg dGhlIHJlcXVlc3RlZCBjb25zdHJhaW50LCBpdCBTSE9VTEQgcHJvY2VlZCB3aXRoIHNpZ25h bGluZyB1c2luZyBhIHN1aXRhYmxlIHBhdGggdGhhdCBtZWV0cyB0aGUgY29uc3RyYWludCBh cyBmYXIgYXMgcG9zc2libGUuIEFmdGVyIHNlbmRpbmcgdGhlIFJlc3YgZm9yIHRoZSBzaWdu YWxlZCBMU1AsIGl0IE1VU1QgcmV0dXJuIGEgUGF0aEVyciBtZXNzYWdlIHdpdGggZXJyb3Ig Y29kZSAiTm90aWZ5IEVycm9yIiAoMjUpIGFuZCBlcnJvciBzdWItY29kZSBUQkE1ICJGYWls ZWQgdG8gc2F0aXNmeSBFeGNsdWRlIFJvdXRlIiAodmFsdWU6IHRvIGJlIGFzc2lnbmVkIGJ5 IElBTkEpIHRvIHRoZSBzb3VyY2Ugbm9kZS4NSWYsIHN1YnNlcXVlbnQgdG8gdGhlIGluaXRp YWwgc2lnbmFsaW5nIG9mIGEgZGl2ZXJzZSBMU1AsIGFuIGV4Y2x1ZGVkIHBhdGggcmVmZXJl bmNlZCBpbiB0aGUgWFJPIHN1Ym9iamVjdCBiZWNvbWVzIGtub3duIHRvIHRoZSBwcm9jZXNz aW5nIG5vZGUsIG9yIGEgY2hhbmdlIGluIHRoZSBleGNsdWRlZCBwYXRoIGJlY29tZXMga25v d24gdG8gdGhlIHByb2Nlc3Npbmcgbm9kZSwgdGhlIHByb2Nlc3Npbmcgbm9kZSBNVVNUIHJl LWV2YWx1YXRlIHRoZSBleGNsdXNpb24gYW5kIGRpdmVyc2l0eSBjb25zdHJhaW50cyByZXF1 ZXN0ZWQgYnkgdGhlIGRpdmVyc2UgTFNQIHRvIGRldGVybWluZSB3aGV0aGVyIHRoZXkgYXJl IHN0aWxsIHNhdGlzZmllZC4NSW4gY2FzZSB0aGUgTC1mbGFnIHdhcyBub3Qgc2V0IGluIHRo ZSBpbml0aWFsIHNldHVwIG1lc3NhZ2UsIHRoZSBleGNsdXNpb24gYW5kIGRpdmVyc2l0eSBj b25zdHJhaW50cyB3ZXJlIHNhdGlzZmllZCBhdCB0aGUgdGltZSBvZiB0aGUgaW5pdGlhbCBz ZXR1cC4gSWYgdGhlIHByb2Nlc3Npbmcgbm9kZSByZS1ldmFsdWF0aW5nIHRoZSBleGNsdXNp b24gYW5kIGRpdmVyc2l0eSBjb25zdHJhaW50cyBmb3IgYSBkaXZlcnNlIExTUCBkZXRlY3Rz IHRoYXQgdGhlIGV4Y2x1c2lvbiBhbmQgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIGFyZSBubyBs b25nZXIgbWV0LCBpdCBNVVNUIHNlbmQgYSBQYXRoRXJyIG1lc3NhZ2UgZm9yIHRoZSBkaXZl cnNlIExTUCB3aXRoIHRoZSBlcnJvciBjb2RlICJSb3V0aW5nIFByb2JsZW0iICgyNCkgYW5k IGVycm9yIHN1Yi1jb2RlICJSb3V0ZSBibG9ja2VkIGJ5IEV4Y2x1ZGUgUm91dGUiICg2Nyku IFRoZSBQYXRoX1N0YXRlX1JlbW92ZWQgZmxhZyAoUFNSKSBbUkZDMzQ3M10gTVVTVCBOT1Qg YmUgc2V0LiBBIHNvdXJjZSBub2RlIHJlY2VpdmluZyBhIFBhdGhFcnIgbWVzc2FnZSB3aXRo IHRoaXMgZXJyb3IgY29kZSBhbmQgc3ViLWNvZGUgY29tYmluYXRpb24gU0hPVUxEIHRha2Ug YXBwcm9wcmlhdGUgYWN0aW9ucyBhbmQgbW92ZSB0aGUgZGl2ZXJzZSBMU1AgdG8gYSBuZXcg cGF0aCB0aGF0IG1lZXRzIHRoZSBvcmlnaW5hbCBjb25zdHJhaW50cy4NSW4gY2FzZSB0aGUg TC1mbGFnIHdhcyBzZXQgaW4gdGhlIGluaXRpYWwgc2V0dXAgbWVzc2FnZSwgdGhlIGV4Y2x1 c2lvbiBhbmQgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIG1heSBvciBtYXkgbm90IGJlIHNhdGlz ZmllZCBhdCBhbnkgZ2l2ZW4gdGltZS4gSWYgdGhlIGV4Y2x1c2lvbiBjb25zdHJhaW50cyBm b3IgYSBkaXZlcnNlIExTUCB3ZXJlIHNhdGlzZmllZCBiZWZvcmUgYW5kIGlmIHRoZSBwcm9j ZXNzaW5nIG5vZGUgcmUtZXZhbHVhdGluZyB0aGUgZXhjbHVzaW9uIGFuZCBkaXZlcnNpdHkg Y29uc3RyYWludHMgZm9yIGEgZGl2ZXJzZSBMU1AgZGV0ZWN0cyB0aGF0IGV4Y2x1c2lvbiBh bmQgZGl2ZXJzaXR5IGNvbnN0cmFpbnRzIGFyZSBubyBsb25nZXIgbWV0LCBpdCBNVVNUIHNl bmQgYSBQYXRoRXJyIG1lc3NhZ2UgZm9yIHRoZSBkaXZlcnNlIExTUCB3aXRoIHRoZSBlcnJv ciBjb2RlIGVycm9yIGNvZGUgIk5vdGlmeSBFcnJvciIgKDI1KSBhbmQgZXJyb3Igc3ViLWNv ZGUgVEJBNSAiRmFpbGVkIHRvIHNhdGlzZnkgRXhjbHVkZSBSb3V0ZSIgKHZhbHVlOiB0byBi ZSBhc3NpZ25lZCBieSBJQU5BKS4gVGhlIFBTUiBmbGFnIE1VU1QgTk9UIGJlIHNldC4gVGhl IHNvdXJjZSBub2RlIE1BWSB0YWtlIG5vIGNvbnNlcXVlbnQgYWN0aW9uIGFuZCBrZWVwIHRo ZSBMU1AgYWxvbmcgdGhlIHBhdGggdGhhdCBkb2VzIG5vdCBtZWV0IHRoZSBvcmlnaW5hbCBj b25zdHJhaW50cy4gU2ltaWxhcmx5LCBpZiB0aGUgZXhjbHVzaW9uIGNvbnN0cmFpbnRzIGZv ciBhIGRpdmVyc2UgTFNQIHdlcmUgbm90IHNhdGlzZmllZCBiZWZvcmUgYW5kIGlmIHRoZSBw cm9jZXNzaW5nIG5vZGUgcmUtZXZhbHVhdGluZyB0aGUgZXhjbHVzaW9uIGFuZCBkaXZlcnNp dHkgY29uc3RyYWludHMgZm9yIGEgZGl2ZXJzZSBMU1AgZGV0ZWN0cyB0aGF0IHRoZSBleGNs dXNpb24gY29uc3RyYWludHMgYXJlIG1ldCwgaXQgTVVTVCBzZW5kIGEgUGF0aEVyciBtZXNz YWdlIGZvciB0aGUgZGl2ZXJzZSBMU1Agd2l0aCB0aGUgZXJyb3IgY29kZSAiTm90aWZ5IEVy cm9yIiAoMjUpIGFuZCBhIG5ldyBlcnJvciBzdWItIGNvZGUgVEJBNiAiQ29tcGxpYW50IHBh dGggZXhpc3RzIiAodmFsdWU6IHRvIGJlIGFzc2lnbmVkIGJ5IElBTkEpLiBUaGUgUFNSIGZs YWcgTVVTVCBOT1QgYmUgc2V0LiBBIHNvdXJjZSBub2RlIHJlY2VpdmluZyBhIFBhdGhFcnIg bWVzc2FnZSB3aXRoIHRoaXMgZXJyb3IgY29kZSBhbmQgc3ViLWNvZGUgY29tYmluYXRpb24g TUFZIG1vdmUgdGhlIGRpdmVyc2UgTFNQIHRvIGEgbmV3IHBhdGggdGhhdCBtZWV0cyB0aGUg b3JpZ2luYWwgY29uc3RyYWludHMuSWYsIHN1YnNlcXVlbnQgdG8gdGhlIGluaXRpYWwgc2ln bmFsaW5nIG9mIGEgZGl2ZXJzZSBMU1AsIGFuIGV4Y2x1ZGVkIHBhdGggcmVmZXJlbmNlZCBp biB0aGUgWFJPIHN1Ym9iamVjdCBiZWNvbWVzIGtub3duIHRvIHRoZSBwcm9jZXNzaW5nIG5v ZGUsIG9yIGEgY2hhbmdlIGluIHRoZSBleGNsdWRlZCBwYXRoIGJlY29tZXMga25vd24gdG8g dGhlIHByb2Nlc3Npbmcgbm9kZSwgdGhlIHByb2Nlc3Npbmcgbm9kZSBNVVNUIHJlLWV2YWx1 YXRlIHRoZSBleGNsdXNpb24gYW5kIGRpdmVyc2l0eSBjb25zdHJhaW50cyByZXF1ZXN0ZWQg YnkgdGhlIGRpdmVyc2UgTFNQIHRvIGRldGVybWluZSB3aGV0aGVyIHRoZXkgYXJlIHN0aWxs IHNhdGlzZmllZC4NSWYsIHN1YnNlcXVlbnQgdG8gdGhlIGluaXRpYWwgc2lnbmFsaW5nIG9m IGEgZGl2ZXJzZSBMU1AsIHRoZSByZXF1ZXN0ZWQgZXhjbHVzaW9uIGNvbnN0cmFpbnRzIGZv ciB0aGUgZGl2ZXJzZSBMU1AgYXJlIG5vIGxvbmdlciBzYXRpc2ZpZWQgYW5kIGFuIGFsdGVy bmF0aXZlIHBhdGggZm9yIHRoZSBkaXZlcnNlIExTUCB0aGF0IGNhbiBzYXRpc2Z5IHRob3Nl IGNvbnN0cmFpbnRzIGV4aXN0cywgdGhlbjoNSWYgdGhlIEwtZmxhZyB3YXMgbm90IHNldCBp biB0aGUgb3JpZ2luYWwgZXhjbHVzaW9uLCB0aGUgcHJvY2Vzc2luZyBub2RlIE1VU1Qgc2Vu ZCBhIFBhdGhFcnIgbWVzc2FnZSBmb3IgdGhlIGRpdmVyc2UgTFNQIHdpdGggdGhlIGVycm9y IGNvZGUgIlJvdXRpbmcgUHJvYmxlbSIgKDI0KSBhbmQgZXJyb3Igc3ViLWNvZGUgIlJvdXRl IGJsb2NrZWQgYnkgRXhjbHVkZSBSb3V0ZSIgKDY3KS4gVGhlIFBhdGhfU3RhdGVfUmVtb3Zl ZCBmbGFnIChQU1IpIFtSRkMzNDczXSBNVVNUIE5PVCBiZSBzZXQuIEEgc291cmNlIG5vZGUg cmVjZWl2aW5nIGEgUGF0aEVyciBtZXNzYWdlIHdpdGggdGhpcyBlcnJvciBjb2RlIGFuZCBz dWItY29kZSBjb21iaW5hdGlvbiBTSE9VTEQgdGFrZSBhcHByb3ByaWF0ZSBhY3Rpb25zIHRv IG1pZ3JhdGUgdG8gYSBjb21wbGlhbnQgcGF0aC4NSWYgdGhlIEwtZmxhZyB3YXMgc2V0IGlu IHRoZSBvcmlnaW5hbCBleGNsdXNpb24sIHRoZSBwcm9jZXNzaW5nIG5vZGUgTVVTVCBzZW5k IGEgUGF0aEVyciBtZXNzYWdlIGZvciB0aGUgZGl2ZXJzZSBMU1Agd2l0aCB0aGUgZXJyb3Ig Y29kZSAiTm90aWZ5IEVycm9yIiAoMjUpIGFuZCBhIG5ldyBlcnJvciBzdWItY29kZSBUQkE2 ICJDb21wbGlhbnQgcGF0aCBleGlzdHMiICh2YWx1ZTogdG8gYmUgYXNzaWduZWQgYnkgSUFO QSkuIFRoZSBQU1IgZmxhZyBNVVNUIE5PVCBiZSBzZXQuIEEgc291cmNlIG5vZGUgcmVjZWl2 aW5nIGEgUGF0aEVyciBtZXNzYWdlIHdpdGggdGhpcyBlcnJvciBjb2RlIGFuZCBzdWItY29k ZSBjb21iaW5hdGlvbiBNQVkgc2lnbmFsIGEgbmV3IExTUCB0byBtaWdyYXRlIHRoZSBjb21w bGlhbnQgcGF0aC4gDUlmLCBzdWJzZXF1ZW50IHRvIHRoZSBpbml0aWFsIHNpZ25hbGluZyBv ZiBhIGRpdmVyc2UgTFNQLCB0aGUgcmVxdWVzdGVkIGV4Y2x1c2lvbiBjb25zdHJhaW50cyBm b3IgdGhlIGRpdmVyc2UgTFNQIGFyZSBubyBsb25nZXIgc2F0aXNmaWVkIGFuZCBubyBhbHRl cm5hdGl2ZSBwYXRoIGZvciB0aGUgZGl2ZXJzZSBMU1AgdGhhdCBjYW4gc2F0aXNmeSB0aG9z ZSBjb25zdHJhaW50cyBleGlzdHMsIHRoZW46DUlmIHRoZSBMLWZsYWcgd2FzIG5vdCBzZXQg aW4gdGhlIG9yaWdpbmFsIGV4Y2x1c2lvbiwgdGhlIHByb2Nlc3Npbmcgbm9kZSBNVVNUIHNl bmQgYSBQYXRoRXJyIG1lc3NhZ2UgZm9yIHRoZSBkaXZlcnNlIExTUCB3aXRoIHRoZSBlcnJv ciBjb2RlICJSb3V0aW5nIFByb2JsZW0iICgyNCkgYW5kIGVycm9yIHN1Yi1jb2RlICJSb3V0 ZSBibG9ja2VkIGJ5IEV4Y2x1ZGUgUm91dGUiICg2NykuIFRoZSBQU1IgZmxhZyBNVVNUIGJl IHNldC4NSWYgdGhlIEwtZmxhZyB3YXMgc2V0IGluIHRoZSBvcmlnaW5hbCBleGNsdXNpb24s IHRoZSBwcm9jZXNzaW5nIG5vZGUgTVVTVCBzZW5kIGEgUGF0aEVyciBtZXNzYWdlIGZvciB0 aGUgZGl2ZXJzZSBMU1Agd2l0aCB0aGUgZXJyb3IgY29kZSBlcnJvciBjb2RlICJOb3RpZnkg RXJyb3IiICgyNSkgYW5kIGVycm9yIHN1Yi1jb2RlIFRCQTUgIkZhaWxlZCB0byBzYXRpc2Z5 IEV4Y2x1ZGUgUm91dGUiICh2YWx1ZTogdG8gYmUgYXNzaWduZWQgYnkgSUFOQSkuIFRoZSBQ U1IgZmxhZyBNVVNUIE5PVCBiZSBzZXQuIFRoZSBzb3VyY2Ugbm9kZSBNQVkgdGFrZSBubyBh Y3Rpb24gYW5kIGtlZXAgdGhlIExTUCBhbG9uZyB0aGUgbm9uLWNvbXBsaWFudCBwYXRoLiAN DQ1TZWN1cml0eSBDb25zaWRlcmF0aW9ucw1UaGlzIGRvY3VtZW50IGRvZXMgbm90IGludHJv ZHVjZSBhbnkgYWRkaXRpb25hbCBzZWN1cml0eSBpc3N1ZXMgYWJvdmUgaW4gYWRkaXRpb24g dG8gdGhvc2UgaWRlbnRpZmllZCBpbiBbUkZDNTkyMF0sIFtSRkMyMjA1XSwgW1JGQzMyMDld LCBbUkZDMzQ3M10sIGFuZCBbUkZDMjc0N10sIFtSRkM0ODc0XSwgW1JGQzU1MjBdLCBhbmQg W1JGQzU1NTNdLiANVGhlIGRpdmVyc2l0eSBtZWNoYW5pc21zIGRlZmluZWQgaW4gdGhpcyBk b2N1bWVudCwgcmVseWllcyBvbiB0aGUgbmV3IGRpdmVyc2l0eSBzdWJvYmplY3QgdGhhdCBp cyBjYXJyaWVkIGluIHRoZSBYUk8gb3IgRVhSUywgcmVzcGVjdGl2ZWx5LiBJbiBzZWN0aW9u IDcgb2YgW1JGQzQ4NzRdLCBpdCBpcyBzdGF0ZWQgdGhhdCB0aGUgWFJPIGNvdWxkIGJlIGNv bnNpZGVyZWQgZm9yIHJlbW92YWwgZnJvbSB0aGUgUGF0aCBtZXNzYWdlIGR1ZSB0byBzZWN1 cml0eSBjb25jZXJucyBmb3IgZXhhbXBsZSBhdCBhZG1pbmlzdHJhdGl2ZSBib3VuZGFyaWVz LiBJbiB0aGlzIGNhc2UsIHRoZSBkaXZlcnNpdHkgc3Vib2JqZWN0IHdvdWxkIGFsc28gYmUg cmVtb3ZlZC4gSGVuY2UsIHRoZSBkaXZlcnNpdHkgc3Vib2JqZWN0IE1VU1QgYmUga2VwdCB3 aGlsZSBvdGhlciBzdWJvYmplY3RzIG1heSBiZSByZW1vdmVkLkhvd2V2ZXIsIHdoZW4gdGhl IGRpdmVyc2l0eSBzdWJvYmplY3RzIHNwZWNpZmllZCBpbiB0aGlzIGRvY3VtZW50IGFyZSB1 c2VkLCByZW1vdmluZyBhdCB0aGUgYWRtaW5pc3RyYXRpdmUgYm91bmRhcnkgYW4gWFJPIGNv bnRhaW5pbmcgdGhlc2UgZGl2ZXJzaXR5IHN1Ym9iamVjdHMgd291bGQgcmVzdWx0IGluIHRo ZSByZXF1ZXN0IGZvciBkaXZlcnNpdHkgYmVpbmcgZHJvcHBlZCBhdCB0aGUgYm91bmRhcnks IGFuZCBwYXRoIGNvbXB1dGF0aW9uIHdvdWxkIGJlIHVubGlrZWx5IHRvIHByb2R1Y2UgdGhl IHJlcXVlc3RlZCBkaXZlcnMgcGF0aC4gIEFzIHN1Y2gsIGRpdmVyc2l0eSBzdWJvYmplY3Rz IE1VU1QgYmUgcmV0YWluZWQgaW4gYW4gWFJPDWNyb3NzaW5nIGFuIGFkbWluaXN0cmF0aXZl IGJvdW5kYXJ5LCBldmVuIGlmIG90aGVyIHN1Ym9iamVjdHMgYXJlIHJlbW92ZWQuDUlBTkEg Q29uc2lkZXJhdGlvbnMNSUFOQSBpcyByZXF1ZXN0ZWQgdG8gYWRtaW5pc3RlciB0aGUgYXNz aWdubWVudCBvZiBuZXcgdmFsdWVzIGRlZmluZWQgaW4gdGhpcyBkb2N1bWVudCBhbmQgc3Vt bWFyaXplZCBpbiB0aGlzIHNlY3Rpb24uDU5ldyBYUk8gc3Vib2JqZWN0IHR5cGVzDUlBTkEg cmVnaXN0cnk6IFJTVlAgUEFSQU1FVEVSUw1TdWJzZWN0aW9uOiBDbGFzcyBOYW1lcywgQ2xh c3MgTnVtYmVycywgYW5kIENsYXNzIFR5cGVzDQ1UaGlzIGRvY3VtZW50IGRlZmluZXMgdHdv IG5ldyBzdWJvYmplY3RzIGZvciB0aGUgRVhDTFVERV9ST1VURSBvYmplY3QgW1JGQzQ4NzRd LCBDLVR5cGUgMS4gKHNlZTogaHR0cDovL3d3dy5pYW5hLm9yZy9hc3NpZ25tZW50cy9yc3Zw LXBhcmFtZXRlcnMvcnN2cC1wYXJhbWV0ZXJzLnhodG1sI3JzdnAtcGFyYW1ldGVycy05NCkN DSArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLSsNIHwgU3Vi b2JqZWN0IERlc2NyaXB0aW9uICAgICB8ICAgIFN1Ym9iamVjdCBUeXBlIHwNICstLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLSsgICAgICAtLS0tLS0tLS0tLS0tLS0tLS0tKw0gfCBJUHY0 IERpdmVyc2l0eSBzdWJvYmplY3QgIHwgICAgICAgVEJBMSAgICAgICAgfA0gfCBJUHY2IERp dmVyc2l0eSBzdWJvYmplY3QgIHwgICAgICAgVEJBMiAgICAgICAgfA0gKy0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0rDQ0NTmV3IEVYUlMgc3Vib2JqZWN0 IHR5cGVzDVRoZSBkRGl2ZXJzaXR5IFhSTyBzdWJvYmplY3RzIGFyZSBhbHNvIGRlZmluZWQg YXMgbmV3IEVYUlMgc3Vib2JqZWN0cy4gKEVYUExJQ0lUX1JPVVRFIHNlZTogEyBIWVBFUkxJ TksgImh0dHA6Ly93d3cuaWFuYS5vcmcvYXNzaWdubWVudHMvcnN2cC1wYXJhbWV0ZXJzL3Jz dnAtcGFyYW1ldGVycy54aHRtbCNyc3ZwLXBhcmFtZXRlcnMtMjQiIAEUaHR0cDovL3d3dy5p YW5hLm9yZy9hc3NpZ25tZW50cy9yc3ZwLXBhcmFtZXRlcnMvcnN2cC1wYXJhbWV0ZXJzLnho dG1sI3JzdnAtcGFyYW1ldGVycy0yNBUpLiBUaGUgc2FtZSBudW1lcmljIHN1Ym9iamVjdCB0 eXBlIHZhbHVlcyBUQkExIGFuZCBUQkEyIGFyZSBiZWluZyByZXF1ZXN0ZWQgZm9yIHRoZSB0 d28gbmV3IEVYUlMgc3Vib2JqZWN0cy4NDQ1OZXcgUlNWUCBlcnJvciBzdWItY29kZXMNSUFO QSByZWdpc3RyeTogUlNWUCBQQVJBTUVURVJTDVN1YnNlY3Rpb246IEVycm9yIENvZGVzIGFu ZCBHbG9iYWxseSBEZWZpbmVkIEVycm9yIFZhbHVlIFN1Yi1Db2Rlcy4gDUZvciBFcnJvciBD b2RlICJSb3V0aW5nIFByb2JsZW0iICgyNCkgKHNlZSBbUkZDMzIwOV0pIHRoZSBmb2xsb3dp bmcgc3ViLWNvZGVzIGFyZSBkZWZpbmVkLiAoc2VlOiBodHRwOi8vd3d3LmlhbmEub3JnL2Fz c2lnbm1lbnRzL3JzdnAtcGFyYW1ldGVycy9yc3ZwLXBhcmFtZXRlcnMueGh0bWwjcnN2cC1w YXJhbWV0ZXJzLTEwNSkNDSArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tKy0tLS0tLS0tLS0tLS0tLSsNIHwgRXJyb3IgVmFsdWUgfCBEZXNjcmlwdGlvbiAg ICAgICAgICAgICAgICB8IFJlZmVyZW5jZSAgICAgfA0gfCBTdWItY29kZXMgICB8ICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgICB8DSArLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSsNIHwgVEJB MyAgICAgICAgfCBVbnN1cHBvcnRlZCBEaXZlcnNpdHkgICAgICB8IFRoaXMgZG9jdW1lbnQg fA0gfCAgICAgICAgICAgICB8IElkZW50aWZpZXIgVHlwZSAgICAgICAgICAgIHwgICAgICAg ICAgICAgICB8DSArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t Ky0tLS0tLS0tLS0tLS0tLSsNDUZvciBFcnJvciBDb2RlICJOb3RpZnkgRXJyb3IiICgyNSkg KHNlZSBbUkZDMzIwOV0pIHRoZSBmb2xsb3dpbmcgc3ViLWNvZGVzIGFyZSBkZWZpbmVkLiAo c2VlOiBodHRwOi8vd3d3LmlhbmEub3JnL2Fzc2lnbm1lbnRzL3JzdnAtcGFyYW1ldGVycy9y c3ZwLXBhcmFtZXRlcnMueGh0bWwjcnN2cC1wYXJhbWV0ZXJzLTEwNSkNDSArLS0tLS0tLS0t LS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSsNIHwg RXJyb3IgVmFsdWUgfCBEZXNjcmlwdGlvbiAgICAgICAgICAgICAgICB8IFJlZmVyZW5jZSAg ICAgfA0gfCBTdWItY29kZXMgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAg ICAgICAgICAgICB8DSArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tKy0tLS0tLS0tLS0tLS0tLSsNIHwgVEJBNCAgICAgICAgfCBSb3V0ZSBvZiBYUk8gTFNQ ICAgICAgICAgICB8IFRoaXMgZG9jdW1lbnQgfA0gfCAgICAgICAgICAgICB8IGlkZW50aWZp ZXIgdW5rbm93biAgICAgICAgIHwgICAgICAgICAgICAgICB8DSB8IFRCQTUgICAgICAgIHwg RmFpbGVkIHRvIHNhdGlzZnkgICAgICAgICAgfCBUaGlzIGRvY3VtZW50IHwNIHwgICAgICAg ICAgICAgfCBFeGNsdWRlIFJvdXRlICAgICAgICAgICAgICB8ICAgICAgICAgICAgICAgfA0g fCBUQkE2ICAgICAgICB8IENvbXBsaWFudCBwYXRoIGV4aXN0cyAgICAgIHwgVGhpcyBkb2N1 bWVudCB8DSArLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0t LS0tLS0tLS0tLS0tLSsNDQ1BY2tub3dsZWRnZW1lbnRzDVRoZSBhdXRob3JzIHdvdWxkIGxp a2UgdG8gdGhhbmsgWGlodWEgRnUgZm9yIGhpcyBjb250cmlidXRpb25zLiBUaGUgYXV0aG9y cyBhbHNvIHdvdWxkIGxpa2UgdG8gdGhhbmsgTHV5dWFuIEZhbmcgYW5kIFdhbGlkIFdha2lt IGZvciB0aGVpciByZXZpZXcgY29tbWVudHMuIA0NUmVmZXJlbmNlcw1Ob3JtYXRpdmUgUmVm ZXJlbmNlcw1bUkZDMjExOV0gQnJhZG5lciwgUy4sICJLZXkgd29yZHMgZm9yIHVzZSBpbiBS RkNzIHRvIEluZGljYXRlIFJlcXVpcmVtZW50IExldmVscyIsIEJDUCAxNCwgUkZDIDIxMTks IE1hcmNoIDE5OTcuDVtSRkMyMjA1XSBCcmFkZW4sIFIuIChFZC4pLCBaaGFuZywgTC4sIEJl cnNvbiwgUy4sIEhlcnpvZywgUy4gYW5kIFMuIEphbWluLCAiUmVzb3VyY2UgUmVzZXJWYXRp b24gUHJvdG9jb2wgLS0gVmVyc2lvbiAxIEZ1bmN0aW9uYWwgU3BlY2lmaWNhdGlvbiIsIFJG QyAyMjA1LCBTZXB0ZW1iZXIgMTk5Ny4NW1JGQzI3NDddIEJha2VyLCBGLiwgTGluZGVsbCwg Qi4gYW5kIE0uIFRhbHdhciwgIlJTVlAgQ3J5cHRvZ3JhcGhpYyBBdXRoZW50aWNhdGlvbiIs IFJGQyAyNzQ3LCBKYW51YXJ5IDIwMDAuDVtSRkMzMjA5XSBBd2R1Y2hlLCBELiwgQmVyZ2Vy LCBMLiwgR2FuLCBELiwgTGksIFQuLCBTcmluaXZhc2FuLCBWLiwgYW5kIEcuIFN3YWxsb3cs ICJSU1ZQLVRFOiBFeHRlbnNpb25zIHRvIFJTVlAgZm9yIExTUCBUdW5uZWxzIiwgUkZDIDMy MDksIERlY2VtYmVyIDIwMDEuDVtSRkMzNDczXSBCZXJnZXIsIEwuLCAiR2VuZXJhbGl6ZWQg TXVsdGktUHJvdG9jb2wgTGFiZWwgU3dpdGNoaW5nIChHTVBMUykgU2lnbmFsaW5nIFJlc291 cmNlIFJlc2VyVmF0aW9uIFByb3RvY29sLVRyYWZmaWMgRW5naW5lZXJpbmcgKFJTVlAtVEUp IEV4dGVuc2lvbnMiLCBSRkMgMzQ3MywgSmFudWFyeSAyMDAzLiANW1JGQzQyMDJdIEtvbXBl bGxhLCBFZC4sIEssIFJla2h0ZXIsIFksIEVkLiwgIlJvdXRpbmcgRXh0ZW5zaW9ucyBpbiBT dXBwb3J0IG9mIEdlbmVyYWxpemVkIE11bHRpLVByb3RvY29sIExhYmVsIFN3aXRjaGluZyAo R01QTFMpIiwgUkZDIDQyMDIsIE9jdG9iZXIgMjAwNS4NW1JGQzQ4NzRdIExlZSwgQ1kuLCBG YXJyZWwsIEEuLCBhbmQgUy4gRGUgQ25vZGRlciwgIkV4Y2x1ZGUgUm91dGVzIC0gRXh0ZW5z aW9uIHRvIFJlc291cmNlIFJlc2VyVmF0aW9uIFByb3RvY29sLVRyYWZmaWMgRW5naW5lZXJp bmcgKFJTVlAtVEUpIiwgUkZDIDQ4NzQsIEFwcmlsIDIwMDcuDVtSRkM0OTIwXSBGYXJyZWws IEEuLCBFZC4sIFNhdHlhbmFyYXlhbmEsIEEuLCBJd2F0YSwgQS4sIEZ1aml0YSwgTi4sIGFu ZCBHLiBBc2gsICJDcmFua2JhY2sgU2lnbmFsaW5nIEV4dGVuc2lvbnMgZm9yIE1QTFMgYW5k IEdNUExTIFJTVlAtVEUiLCBSRkMgNDkyMCwgSnVseSAyMDA3Lg1bUkZDNTU1M10gRmFycmVs LCBBLiwgRWQuLCBCcmFkZm9yZCwgUi4sIGFuZCBKUC4gVmFzc2V1ciwgIlJlc291cmNlIFJl c2VydmF0aW9uIFByb3RvY29sIChSU1ZQKSBFeHRlbnNpb25zIGZvciBQYXRoIEtleSBTdXBw b3J0IiwgUkZDIDU1NTMsIE1heSAyMDA5Lg1bUkZDNTkyMF0gRmFuZywgTC4sIEVkLiwgIlNl Y3VyaXR5IEZyYW1ld29yayBmb3IgTVBMUyBhbmQgR01QTFMgTmV0d29ya3MiLCBSRkMgNTky MCwgSnVseSAyMDEwLg0NSW5mb3JtYXRpdmUgUmVmZXJlbmNlcw1bUkZDNDIwOF0gU3dhbGxv dywgRy4sIERyYWtlLCBKLiwgSXNoaW1hdHN1LCBILiwgYW5kIFkuIFJla2h0ZXIsICJHZW5l cmFsaXplZCBNdWx0aXByb3RvY29sIExhYmVsIFN3aXRjaGluZyAoR01QTFMpIFVzZXItTmV0 d29yayBJbnRlcmZhY2UgKFVOSSk6IFJlc291cmNlIFJlc2VyVmF0aW9uIFByb3RvY29sLVRy YWZmaWMgRW5naW5lZXJpbmcgKFJTVlAtVEUpIFN1cHBvcnQgZm9yIHRoZSBPdmVybGF5IE1v ZGVsIiwgUkZDIDQyMDgsIE9jdG9iZXIgMjAwNS4NW1JGQzQ5MjBdIEZhcnJlbCwgQS4sIEVk LiwgU2F0eWFuYXJheWFuYSwgQS4sIEl3YXRhLCBBLiwgRnVqaXRhLCBOLiwgYW5kIEcuIEFz aCwgIkNyYW5rYmFjayBTaWduYWxpbmcgRXh0ZW5zaW9ucyBmb3IgTVBMUyBhbmQgR01QTFMg UlNWUC1URSIsIFJGQyA0OTIwLCBKdWx5IDIwMDcuDVtSRkM1NTIwXSBCcmFkZm9yZCwgUi4s IEVkLiwgVmFzc2V1ciwgSlAuLCBhbmQgQS4gRmFycmVsLCAiUHJlc2VydmluZyBUb3BvbG9n eSBDb25maWRlbnRpYWxpdHkgaW4gSW50ZXItRG9tYWluIFBhdGggQ29tcHV0YXRpb24gVXNp bmcgYSBQYXRoLUtleS1CYXNlZCBNZWNoYW5pc20iLCBSRkMgNTUyMCwgQXByaWwgMjAwOS4N W1JGQzgwMDFdIEYuIFpoYW5nLCBELiBMaSwgTy4gR29uemFsZXogZGUgRGlvcywgQy4gTWFy Z2FyaWEsICJSU1ZQLVRFIEV4dGVuc2lvbnMgZm9yIENvbGxlY3RpbmcgU1JMRyBJbmZvcm1h dGlvbiIsIFJGQyA4MDAxLCBKYW51YXJ5IDIwMTcuDVtSRkMyMjA1XSBCcmFkZW4sIFIuIChF ZC4pLCBaaGFuZywgTC4sIEJlcnNvbiwgUy4sIEhlcnpvZywgUy4gYW5kIFMuIEphbWluLCAi UmVzb3VyY2UgUmVzZXJWYXRpb24gUHJvdG9jb2wgLS0gVmVyc2lvbiAxIEZ1bmN0aW9uYWwg U3BlY2lmaWNhdGlvbiIsIFJGQyAyMjA1LCBTZXB0ZW1iZXIgMTk5Ny4NW1JGQzUyNTFdIEZl ZHlrLCBELiAoRWQuKSwgUmVraHRlciwgWS4gKEVkLiksIFBhcGFkaW1pdHJpb3UsIEQuLCBS YWJiYXQsIFIuLCBhbmQgQmVyZ2VyLCBMLiwgIkxheWVyIDEgVlBOIEJhc2ljIE1vZGUiLCBS RkMgNTI1MSwgSnVseSAyMDA4Lg1bUkZDNTkyMF0gRmFuZywgTC4sIEVkLiwgIlNlY3VyaXR5 IEZyYW1ld29yayBmb3IgTVBMUyBhbmQgR01QTFMgTmV0d29ya3MiLCBSRkMgNTkyMCwgSnVs eSAyMDEwLg0NQ29udHJpYnV0b3JzJyBBZGRyZXNzZXMNICAgSWdvciBCcnlza2luDSAgIEh1 YXdlaSBUZWNobm9sb2dpZXMNICAgRW1haWw6IElnb3IuQnJ5c2tpbkBodWF3ZWkuY29tDQ0g ICBEYW5pZWxlIENlY2NhcmVsbGkNICAgRXJpY3Nzb24NICAgRW1haWw6IERhbmllbGUuQ2Vj Y2FyZWxsaUBlcmljc3Nvbi5jb20NDSAgIERocnV2IERob2R5DSAgIEh1YXdlaSBUZWNobm9s b2dpZXMNICAgRW1haWw6IGRocnV2LmlldGZAZ21haWwuY29tDQ0gICBPc2NhciBHb256YWxl eiBkZSBEaW9zDSAgIFRlbGVmb25pY2EgSStEDSAgIEVtYWlsOiBvZ29uZGlvQHRpZC5lcw0N ICAgRG9uIEZlZHlrDSAgIEhld2xldHQtUGFja2FyZCBFbnRlcnByaXNlDSAgIEVtYWlsOiBk b24uZmVkeWtAaHBlLmNvbQ0NICAgQ2xhcmVuY2UgRmlsc2ZpbHMgDSAgIENpc2NvIFN5c3Rl bXMsIEluYy4NICAgRW1haWw6IBMgSFlQRVJMSU5LICJtYWlsdG86Y2ZpbHNmaWxAY2lzY28u Y29tIiABFGNmaWxzZmlsQGNpc2NvLmNvbRUNDSAgIEdhYnJpZWxlIE1hcmlhIEdhbGltYmVy dGkNQ2lzY28gU3lzdGVtcw1FbWFpbDogEyBIWVBFUkxJTksgIm1haWx0bzpnZ2FsaW1iZUBj aXNjby5jb20iIAEUZ2dhbGltYmVAY2lzY28uY29tFQ0NCU9yaSBHZXJzdGVsDQlTRE4gU29s dXRpb25zIEx0ZC4NCUVtYWlsOiBvcmlnZXJzdGVsQGdtYWlsLmNvbQ0NTWF0dCBIYXJ0bGV5 DUNpc2NvIFN5c3RlbXMNRW1haWw6IBMgSFlQRVJMSU5LICJtYWlsdG86bWhhcnRsZXlAY2lz Y28uY29tIiABFG1oYXJ0bGV5QGNpc2NvLmNvbRUgDQkJDUtlbmppIEt1bWFraQ1LRERJIENv cnBvcmF0aW9uDUVtYWlsOiATIEhZUEVSTElOSyAibWFpbHRvOmtlLWt1bWFraUBrZGRpLmNv bSIgARRrZS1rdW1ha2lAa2RkaS5jb20VIA0NUnVlZGlnZXIgS3VuemUNRGV1dHNjaGUgVGVs ZWtvbSBBRw1FbWFpbDogEyBIWVBFUkxJTksgIm1haWx0bzpSdWVkaWdlci5LdW56ZUB0ZWxl a29tLmRlIiABFFJ1ZWRpZ2VyLkt1bnplQHRlbGVrb20uZGUVIA0NICAgTGlldmVuIExldnJh dQ0gICBOb2tpYQ0gICBFbWFpbDogTGlldmVuLkxldnJhdUBub2tpYS5jb20NDSAgIEN5cmls IE1hcmdhcmlhDSAgIGN5cmlsLm1hcmdhcmlhQGdtYWlsLmNvbQ0NSnVsaWVuIE1ldXJpYw1G cmFuY2UgVGVsZWNvbSBPcmFuZ2UNRW1haWw6IBMgSFlQRVJMSU5LICJtYWlsdG86anVsaWVu Lm1ldXJpY0BvcmFuZ2UuY29tIiABFGp1bGllbi5tZXVyaWNAb3JhbmdlLmNvbRUNDSAgIFl1 amkgVG9jaGlvDSAgIEZ1aml0c3UNICAgRW1haWw6IHRvY2hpb0BqcC5mdWppdHN1LmNvbQ0N ICAgWGlhbiBaaGFuZw0gICBIdWF3ZWkgVGVjaG5vbG9naWVzDSAgIEVtYWlsOiB6aGFuZy54 aWFuQGh1YXdlaS5jb20NDUF1dGhvcnMnIEFkZHJlc3Nlcw1aYWZhciBBbGkNQ2lzY28gU3lz dGVtcy4NRW1haWw6IBMgSFlQRVJMSU5LICJtYWlsdG86emFsaUBjaXNjby5jb20iIAEUemFs aUBjaXNjby5jb20VDQ0gICBEaWV0ZXIgQmVsbGVyDSAgIE5va2lhDSAgIEVtYWlsOiATIEhZ UEVSTElOSyAibWFpbHRvOkRpZXRlci5CZWxsZXJAbm9raWEuY29tIiABFERpZXRlci5CZWxs ZXJAbm9raWEuY29tFQ0NR2VvcmdlIFN3YWxsb3cNQ2lzY28gU3lzdGVtcw1FbWFpbDogEyBI WVBFUkxJTksgIm1haWx0bzpzd2FsbG93QGNpc2NvLmNvbSIgARRzd2FsbG93QGNpc2NvLmNv bRUNDSAgIEZhdGFpIFpoYW5nDSAgIEh1YXdlaSBUZWNobm9sb2dpZXMNICAgRW1haWw6IBMg SFlQRVJMSU5LICJtYWlsdG86emhhbmdmYXRhaUBodWF3ZWkuY29tIiABFHpoYW5nZmF0YWlA aHVhd2VpLmNvbRUNDQ0DDQ0EDQ0NDQMNDQQNDQ0NSW50ZXJuZXQgRHJhZnQgICAgICBkcmFm dC1pZXRmLXRlYXMtbHNwLWRpdmVyc2l0eS0wODEwLnR4dA0NDQ0JRXhwaXJlcyBKYW51YXJ5 IEF1Z3VzdCAyMDE4CVtQYWdlIBMgUEFHRSAUMjEVXQ0NDVRFQVMgV29ya2luZyBHcm91cCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFphZmFyIEFsaSwgRWQuDUludGVy bmV0IERyYWZ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHZW9yZ2UgU3dh bGxvdywgRWQuDUludGVuZGVkIHN0YXR1czogU3RhbmRhcmQgVHJhY2sgICAgICAgICAgICAg ICAgICAgICAgICBDaXNjbyBTeXN0ZW1zDVVwZGF0ZXMgUkZDNDg3NCAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBGLiBaaGFuZywgRWQuDUV4cGlyZXM6IEphbnVh cnkgQXVndXN0IDN5eSwgMjAxOCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgSHVhd2VpDSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIEQuIEJlbGxlciwgRWQuDSAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE5va2lhDSAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRmVicnVhcnlKdWx5 IHh4MiwgMjAxNzIwMTgNDQ0NDQ1BbGksIFN3YWxsb3csIFpoYW5nLCBCZWxsZXIsIGV0IGFs LiBFeHBpcmVzIEphbnVhcnkgQXVndXN0IDIwMTgJW1BhZ2UgEyBQQUdFIBQxFV0NDQ0NAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAADwIAABBCAAAXggAAF8IAAB9CAAAfggAAH8I AACBCAAAhQgAAIYIAADpCgAA6goAAPsKAAD8CgAA/QoAACALAAAqCwAAMAsAADELAAAzCwAA NAsAADULAAD58uvh2sq9s9r5rKWspayaiHxtYU89AAAAAAAAAAAiAAiBDCoHFWgXd4MAFmhB UTIAF2gXd4MAY0gBAGRoxGJiJwAiAAiBDCoHFWgXd4MAFmi9UygAF2gXd4MAY0gBAGRoxGJi JwAWAQiBBEgBAAVoxGJiJwwqBxZoF3eDAAAcAQiBBEgBAAVo0GJiJwwqBxVoF3eDABZoYAcC AAAWAQiBBEgBAAVo0GJiJwwqBxZoYAcCAAAiAAiBDCoHFWgXd4MAFmilTmcAF2hgBwIAY0gB AGRo0GJiJwAUFWjSBJEAFmhLA0YAbkgRBHRIEQQADBVo0gSRABZoTnrnAAAMFWjSBJEAFmhL A0YAABMBCIEESAEABWjNEmFHFmiwFzgAGQAIgRZoY2TRABdoX2+jAGNIAQBkaKwTWicfAAiB FWjSBJEAFmj2FM4AF2iwFzgAY0gBAGRozRJhRwwVaNIEkQAWaAx4nwAAEhVo0gSRABZopSFB ADUIgVwIgQAMFWjSBJEAFmilIUEAAAwVaNIEkQAWaDYhZAAADBVo0gSRABZo51s2ABYACAAA XwgAAIYIAACaCAAA+QgAAPgJAAD9CgAAPgsAAD8LAABQCwAAuQsAANENAADbDQAAQxEAAE0S AADzAAAAAAAAAAAAAAAA6gAAAAAAAAAAAAAAAOUAAAAAAAAAAAAAAADcAAAAAAAAAAAAAAAA 0wAAAAAAAAAAAAAAANwAAAAAAAAAAAAAAADKAAAAAAAAAAAAAAAAxQAAAAAAAAAAAAAAALwA AAAAAAAAAAAAAACaAAAAAAAAAAAAAAAAmgAAAAAAAAAAAAAAAJEAAAAAAAAAAAAAAACIAAAA AAAAAAAAAAAAfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIlwAPhAAAXoQAAGdkrF1+AAAI lwAPhAAAXoQAAGdkzHDdAAAIAAAPhAAAXoQAAGdkMS4HAAAhAAANxi8AD5QDKAe8ClAO5BF4 FQwZNCDII1wn8CqELhgyrDVAOQAAAAAAAAAAAAAAAAAAAA+EAABehAAAZ2TzIOEAAAgAAA+E AABehAAAZ2RCbA0AAASXAGdkSwNGAAAIlwAPhAAAXoQAAGdk8yDhAAAIAAAPhAAAXoQAAGdk OwleAAAIAAAPhAAAXoQAAGdk8yDhAAAEHwBnZEsDRgAACCcAD4QAAF6EAABnZKoZNgAACwAA AyQBD4QAAF6EAABhJAFnZKoZNgAADjULAAA2CwAANwsAADoLAAA7CwAAPAsAAD8LAABICwAA UAsAAF4LAABhCwAAYgsAAGMLAABkCwAAygsAANELAADRDQAA0g0AANsNAADmDQAA5w0AAOgN AABhDgAAYw4AAGgOAABuDgAA+fLr29HGv8aypZWCpbJ1snFqY1lJY0VjQQAGFmiIBioAAAYW aFRq6gAAHwAIgRVo0gSRABZoSmNsABdoPBM6AGNIAQBkaIEUW4cTAQiBBEgBAAVogRRbhxZo PBM6AAwVaNIEkQAWaEpjbAAADBVo0gSRABZofjUQAAAGFmgSWGQAABgVaNIEkQAWaG0RhgBQ SgMAbkgRBHRIEQQAJQAIgRZoYHH/ABdoPWDYAFBKAwBjSAEAZGjCYmInbkgRBHRIEQQfAQiB BEgBAAVowmJiJxZoPWDYAFBKAwBuSBEEdEgRBBgVaNIEkQAWaGcMZgBQSgMAbkgRBHRIEQQA GBVo0gSRABZoSwNGAFBKAwBuSBEEdEgRBAAMFWjSBJEAFmhLA0YAABQVaNIEkQAWaEsDRgBu SBEEdEgRBAATAQiBBEgBAAVow2JiJxZoF3eDAB8ACIEVaKVOZwAWaNIEkQAXaBd3gwBjSAEA ZGjDYmInDBVopU5nABZohmJIAAAMFWilTmcAFmhJWzoAAAwVaKVOZwAWaBJ6kwAZbg4AAHUO AAB2DgAAhQ4AAI4OAACaDgAAvA4AAOcOAADqDgAA7w4AABEPAAASDwAAGA8AACAPAAAqDwAA Pg8AAD8PAABYDwAAWw8AAFwPAABgDwAAgg8AAJYPAACXDwAAmA8AAJsPAACcDwAAoA8AAKQP AAClDwAAvw8AAMgPAADJDwAA+e/l7+Xb0ce9x7PHqcef2/mblPmbh31zm3ObaZtfUl8ZAQiB BEgBAAVoQBRaJxVoqngxABZoqngxABMBCIEESAEABWhAFFonFmiqeDEAEwEIgQRIAQAFaEEU WicWaKp4MQATAQiBBEgBAAVoOhRaJxZoFEbCABMBCIEESAEABWhFFFonFmiqeDEAGQEIgQRI AQAFaEUUWicVaNIEkQAWaKp4MQAMFWjSBJEAFmiIBioAAAYWaIgGKgAAEwEIgQRIAQAFaLZi YicWaKg3tgATAQiBBEgBAAVoempiRxZoi194ABMBCIEESAEABWh3amJHFmiLX3gAEwEIgQRI AQAFaLdiYicWaKg3tgATAQiBBEgBAAVotWJiJxZoqDe2ABMBCIEESAEABWi0YmInFmioN7YA EwEIgQRIAQAFaLNiYicWaPx6/QATAQiBBEgBAAVosmJiJxZo/Hr9ABMBCIEESAEABWisYmIn Fmj8ev0ADBVo0gSRABZoSmNsACDJDwAAzQ8AAM4PAADZDwAA2w8AANwPAAD1DwAA+g8AAAMQ AAAEEAAADBAAAA8QAAAcEAAAKxAAAD8QAABCEAAAThAAAFYQAABeEAAAXxAAAGAQAABhEAAA ZBAAAGwQAABtEAAAdxAAAHsQAAB8EAAAfRAAAIQQAACNEAAAjhAAAJYQAACfEAAA/PLl/OH8 4dTHvbCm/LD8ouGi4Zvhl4p6/Jttm2NZY1lVAAYWaHgdDwAAEwEIgQRIAQAFaM6EYqcWaIcS QQATAQiBBEgBAAVozYRipxZohxJBABkACIEWaN8+UAAXaEpYQwBjSAEAZGguFFonHwAIgRVo 0gSRABZoSmNsABdohxJBAGNIAQBkaM2EYqcZAAiBFmjfPlAAF2iHEkEAY0gBAGRozYRipwYW aN8+UAAADBVo0gSRABZoSmNsAAAGFmgxXnoAABMBCIEESAEABWjQE1onFmijROEAGQAIgRZo iAYqABdoo0ThAGNIAQBkaNATWicTAQiBBEgBAAVozRNaJxZoiQRhABkACIEWaIgGKgAXaIkE YQBjSAEAZGjNE1onGQAIgRZoaj/DABdoiQRhAGNIAQBkaM0TWicGFmhqP8MAABkACIEWaIgG KgAXaKp4MQBjSAEAZGhBFFonEwEIgQRIAQAFaEAUWicWaKp4MQAGFmiIBioAIZ8QAAC7EAAA 0BAAANgQAADgEAAA4xAAAOkQAADwEAAA8hAAAPcQAAAQEQAAExEAABQRAAAWEQAAGBEAABkR AAAlEQAALBEAAEERAABCEQAAQxEAAEwRAABWEQAAkhEAAJMRAADcEQAA3REAACESAAAiEgAA TBIAAE0SAABREgAAWhIAAHUSAAD88ujy29fNxujXxtfG/L+1xqXGm5GHkYeRh5GHkXptYG0A AAAAAAAAAAAAAAAAAAAAAAAAAAAAABkACIEWaJIfDwAXaBhxggBjSAEAZGjjEmFHGQAIgRZo kh8PABdorF1+AGNIAQBkaNqEYqcZAAiBFmisXX4AF2isXX4AY0gBAGRo2oRipxMBCIEESAEA BWjZhGKnFmisXX4AEwEIgQRIAQAFaNiEYqcWaKxdfgATAQiBBEgBAAVo14RipxZoSmNsAB8A CIEVaNIEkQAWaEpjbAAXaIcSQQBjSAEAZGjQhGKnEwEIgQRIAQAFaNCEYqcWaIcSQQAMFWjS BJEAFmjfPlAAAAwVaNIEkQAWaEpjbAAAEwEIgQRIAQAFaNKEYqcWaIcSQQAGFmgxXnoAABkA CIEWaN8+UAAXaIcSQQBjSAEAZGjOhGKnEwEIgQRIAQAFaM+EYqcWaIcSQQATAQiBBEgBAAVo zoRipxZohxJBAAYWaN8+UAAhdRIAAI8SAACUEgAAtBIAAMASAADEEgAAxRIAAMsSAADMEgAA 1xIAAAATAAADEwAABxMAAAkTAAAfEwAAIBMAACETAAAiEwAALRMAADwTAABIEwAATBMAAFIT AABbEwAAaxMAAH4TAACCEwAA8uXY5djly77Y5bHlpOXYmtiWjIJ1aJZeglEAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAGQAIgRZo7xm9ABdorF1+AGNIAQBkaNyEYqcTAQiBBEgBAAVo lhRbhxZov2KjABkACIEWaO8ZvQAXaL9iowBjSAEAZGiWFFuHGQAIgRZo7xm9ABdorF1+AGNI AQBkaNuEYqcTAQiBBEgBAAVo3IRipxZorF1+ABMBCIEESAEABWjbhGKnFmisXX4ABhZo7xm9 AAATAQiBBEgBAAVo2oRipxZorF1+ABkACIEWaJIfDwAXaDwTOgBjSAEAZGiHFFuHGQAIgRZo kh8PABdoPBM6AGNIAQBkaIYUW4cZAAiBFmjvGb0AF2j9J2wAY0gBAGRojWpiRxkACIEWaJIf DwAXaP0nbABjSAEAZGiNamJHGQAIgRZo7xm9ABdorF1+AGNIAQBkaNqEYqcZAAiBFmiSHw8A F2isXX4AY0gBAGRo2oRipxkACIEWaJIfDwAXaP0nbABjSAEAZGiIamJHABpNEgAAIRMAAL4T AAC/EwAA4RMAAK0UAAC/FAAABxUAADcVAAB4FQAAthUAAPcVAAA3FgAAdBYAALMWAAAUFwAA UBcAAIgXAADGFwAABRgAAEQYAAB5GAAAqBgAAOMYAAAgGQAAMhkAAPYAAAAAAAAAAAAAAAD2 AAAAAAAAAAAAAAAA7QAAAAAAAAAAAAAAAOgAAAAAAAAAAAAAAADfAAAAAAAAAAAAAAAA6AAA AAAAAAAAAAAAAN0AAAAAAAAAAAAAAADdAAAAAAAAAAAAAAAA2wAAAAAAAAAAAAAAANsAAAAA AAAAAAAAAADbAAAAAAAAAAAAAAAA3QAAAAAAAAAAAAAAANsAAAAAAAAAAAAAAADbAAAAAAAA AAAAAAAA2wAAAAAAAAAAAAAAAN0AAAAAAAAAAAAAAADdAAAAAAAAAAAAAAAA2wAAAAAAAAAA AAAAANsAAAAAAAAAAAAAAADbAAAAAAAAAAAAAAAA3QAAAAAAAAAAAAAAAN0AAAAAAAAAAAAA AADbAAAAAAAAAAAAAAAA2wAAAAAAAAAAAAAAAN0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQA AAETAAAIAAAPhAAAXoQAAGdk3wIRAAAEHwBnZGlAzAAACJcAD4QAAF6EAABnZMxw3QAACJcA D4QAAF6EAABnZKxdfgAAGYITAACGEwAAjBMAAI4TAACTEwAAphMAAKoTAACrEwAArRMAAL0T AAC+EwAAvxMAAO8TAADwEwAA9BMAAPUTAAD3EwAA+BMAAAAUAAABFAAAAxQAAAQUAAAMFAAA DRQAAA8UAAAQFAAAFRQAABYUAAAYFAAAGRQAACIUAAAjFAAAJRQAACYUAAAsFAAALRQAAC8U AAAwFAAAOhQAADsUAAA9FAAAPhQAAEkUAABKFAAASxQAAEwUAABNFAAAUBQAAFEUAABXFAAA WBQAAGAUAABhFAAAnBQAAJ0UAAChFAAAqxQAAL8UAADAFAAA8uXy5djl1NDUycK7tLu0u7S7 tLu0u7S7tLu0u7S7tLu0u7S7tLu0u7S7tK27tLu0u7S7tLumu6a7mwAAAAAAAAAAAAAAAAAA AAAVA2oAAAAAFWjSBJEAFmgCV88AVQgBDBVo0gSRABZoLVHGAAAMFWjSBJEAFmh3V9EAAAwV aNIEkQAWaE565wAADBVo0gSRABZoGW9vAAAMFWjSBJEAFmgpTjwAAAwVaNIEkQAWaO8ZvQAA BhZokh8PAAAGFmjvGb0AABkACIEWaO8ZvQAXaFYHpwBjSAEAZGiKFFuHGQAIgRZo7xm9ABdo rF1+AGNIAQBkaNyEYqcZAAiBFmiSHw8AF2isXX4AY0gBAGRo3IRipwA6wBQAAM4UAADPFAAA 5xQAAOgUAAACFQAAAxUAAAQVAAAFFQAABhUAAAcVAAAXFQAAGBUAADIVAAAzFQAANBUAADUV AAA2FQAANxUAAFgVAABZFQAAcxUAAHQVAAB1FQAAdhUAAHcVAAB4FQAAlhUAAJcVAACxFQAA shUAALMVAAC0FQAAtRUAALYVAADXFQAA2BUAAPIVAAD57uTV5MO75NWi5NXkkLvk1aLk1eR+ u+TVouTV5Gy75NWi5NXkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIgEIgQIIgQNqdwEA AARIAQAFaEgTYUcGCAEWaGwEMABVCAEAIgEIgQIIgQNq+gAAAARIAQAFaEgTYUcGCAEWaGwE MABVCAEAIgEIgQIIgQNqfQAAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEAMQEIgQRIAQAFaEgT YUcVaLwh+QAWaGwEMABDShYAT0oEAFBKAABRSgQAXkoAAGFKFgAPA2oAAAAAFmhsBDAAVQgB IgEIgQIIgQNqAAAAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEAHAEIgQNqAAAAAARIAQAFaEgT YUcWaGwEMABVCAEAEwEIgQRIAQAFaEgTYUcWaGwEMAAVA2oAAAAAFWjSBJEAFmgCV88AVQgB DBVo0gSRABZoAlfPACXyFQAA8xUAAPQVAAD1FQAA9hUAAPcVAAD5FQAAFxYAABgWAAAyFgAA MxYAADQWAAA1FgAANhYAADcWAABTFgAAVBYAAFUWAABvFgAAcBYAAHEWAAByFgAAcxYAAHQW AAB4FgAAghYAAJEWAACSFgAAkxYAAK0WAACuFgAArxYAALEWAACyFgAA7ubczbSf3M3cjebc zbR63M3caObczbR63HrczdxW5tzNAAAAIgEIgQIIgQNqawMAAARIAQAFaEgTYUcGCAEWaGwE MABVCAEAIgEIgQIIgQNq7gIAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEAJQEIgQRIAQAFaEgT YUcVaII9+gAWaGwEMABtSAAEbkgABHRIEQQiAQiBAgiBA2pxAgAABEgBAAVoSBNhRwYIARZo bAQwAFUIAQApAQiBBEgBAAVoSBNhRxVogj36ABZobAQwAFBKAwBtSAAEbkgABHRIEQQxAQiB BEgBAAVoSBNhRxVovCH5ABZobAQwAENKFgBPSgQAUEoAAFFKBABeSgAAYUoWABwBCIEDagAA AAAESAEABWhIE2FHFmhsBDAAVQgBABMBCIEESAEABWhIE2FHFmhsBDAADwNqAAAAABZobAQw AFUIASIBCIECCIEDavQBAAAESAEABWhIE2FHBggBFmhsBDAAVQgBIbIWAACzFgAA0RYAANsW AADyFgAA8xYAAPQWAAAOFwAADxcAABAXAAASFwAAExcAABQXAAAvFwAAMBcAAEoXAABLFwAA TBcAAE4XAABPFwAAUBcAAGcXAABoFwAAghcAAIMXAACEFwAAhhcAAIcXAACIFwAApBcAAKUX AACmFwAAwBcAAMEXAADCFwAAxBcAAMUXAADGFwAA5tnJ2b+wv56Wv7Dmv7C/hJa/sOa/sL9y lr+w5tm/sL9glr+w5gAAACIBCIECCIEDal8FAAAESAEABWhIE2FHBggBFmhsBDAAVQgBACIB CIECCIEDauIEAAAESAEABWhIE2FHBggBFmhsBDAAVQgBACIBCIECCIEDamUEAAAESAEABWhI E2FHBggBFmhsBDAAVQgBAA8DagAAAAAWaGwEMABVCAEiAQiBAgiBA2roAwAABEgBAAVoSBNh RwYIARZobAQwAFUIAQAcAQiBA2oAAAAABEgBAAVoSBNhRxZobAQwAFUIAQATAQiBBEgBAAVo SBNhRxZobAQwAB8BCIEESAEABWhIE2FHFmhsBDAAbUgABG5IAAR0SBEEGQEIgQRIAQAFaEgT YUcVaII9+gAWaGwEMAAxAQiBBEgBAAVoSBNhRxVovCH5ABZobAQwAENKFgBPSgQAUEoAAFFK BABeSgAAYUoWAAAlxhcAAOMXAADkFwAA5RcAAP8XAAAAGAAAARgAAAMYAAAEGAAABRgAACIY AAAjGAAAJBgAAD4YAAA/GAAAQBgAAEIYAABDGAAARBgAAFgYAABZGAAAcxgAAHQYAAB1GAAA dxgAAHgYAAB5GAAAhxgAAIgYAACiGAAAoxgAAKQYAACmGAAApxgAAKgYAADBGAAAwhgAAOzi 0+LBueLToJPi0+KBueLToOLT4m+54tOg4tPiXbni06CT4gAAIgEIgQIIgQNqUwcAAARIAQAF aEgTYUcGCAEWaGwEMABVCAEAIgEIgQIIgQNq1gYAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEA IgEIgQIIgQNqWQYAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEAGQEIgQRIAQAFaEgTYUcVaII9 +gAWaGwEMAAxAQiBBEgBAAVoSBNhRxVovCH5ABZobAQwAENKFgBPSgQAUEoAAFFKBABeSgAA YUoWAA8DagAAAAAWaGwEMABVCAEiAQiBAgiBA2rcBQAABEgBAAVoSBNhRwYIARZobAQwAFUI AQAcAQiBA2oAAAAABEgBAAVoSBNhRxZobAQwAFUIAQATAQiBBEgBAAVoSBNhRxZobAQwACUB CIEESAEABWhIE2FHFWiCPfoAFmhsBDAAbUgABG5IAAR0SBEEACTCGAAAwxgAAN0YAADeGAAA 3xgAAOEYAADiGAAA4xgAAP4YAAD/GAAAABkAABoZAAAbGQAAHBkAAB4ZAAAfGQAAIBkAADAZ AAAxGQAAMhkAAFMZAABUGQAAVRkAAHMZAAB0GQAAdRkAAJYZAACXGQAAmBkAAPHn1c3n8bSn 5/Hnlc3n8bSIe1mIe1mIe1mIe1kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA QwAIgRVoeB9bABZoE0m1ABdo0k6cAENKFgBPSgQAUEoAAFFKBABeSgAAYUoWAGNIAQBkaMNp WydtSAAEbkgABHRIBwQZAAiBFmjSTpwAF2jSTpwAY0gBAGRow2lbJxkACIEWaBNJtQAXaNJO nABjSAEAZGjDaVsnIgEIgQIIgQNqTQgAAARIAQAFaEgTYUcGCAEWaGwEMABVCAEAGQEIgQRI AQAFaEgTYUcVaII9+gAWaGwEMAAxAQiBBEgBAAVoSBNhRxVovCH5ABZobAQwAENKFgBPSgQA UEoAAFFKBABeSgAAYUoWAA8DagAAAAAWaGwEMABVCAEiAQiBAgiBA2rQBwAABEgBAAVoSBNh RwYIARZobAQwAFUIAQATAQiBBEgBAAVoSBNhRxZobAQwABwBCIEDagAAAAAESAEABWhIE2FH FmhsBDAAVQgBHDIZAABVGQAAdRkAAJgZAAC6GQAA2RkAAPoZAAA9GgAAWxoAAHUaAACVGgAA thoAANcaAADuGgAA/xoAABwbAAA7GwAAPRsAAFYbAAA2HAAAaRwAAKscAADgHAAAWB0AAIsd AACYHQAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA+wAAAAAAAAAA AAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAPsAAAAAAAAAAAAA AAD7AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA +wAAAAAAAAAAAAAAAPsAAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA/QAAAAAAAAAAAAAAAPIA AAAAAAAAAAAAAADqAAAAAAAAAAAAAAAA5QAAAAAAAAAAAAAAAOUAAAAAAAAAAAAAAADlAAAA AAAAAAAAAAAA5QAAAAAAAAAAAAAAAOUAAAAAAAAAAAAAAADlAAAAAAAAAAAAAAAA4AAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAEAZ2SVdSMAAAQAAGdk8mVQAAgBAAomAAtG AABnZGwEMAAACAAAD4QAAF6EAABnZAJXzwAAARMAAAEUAAAZmBkAAJoZAAC4GQAAuRkAALoZ AADWGQAA1xkAANgZAADZGQAA3RkAAOcZAAD2GQAA9xkAAPkZAAD6GQAAGBoAACIaAAA5GgAA OhoAADwaAAA9GgAAWBoAAFoaAABbGgAAchoAAHQaAAB1GgAAkRoAAJIaAACUGgAAlRoAALIa AACzGgAAtRoAALYaAADTGgAA1BoAANYaAADXGgAA6xoAAOfazauV2s2rldqV2oireGV42s2r 2s2r2s2reNrNq5Xazat42s2r2gAAACUACIEWaBNJtQAXaNJOnABjSAEAZGjDaVsnbUgABG5I AAR0SBEEHwAIgRVovWhzABZoE0m1ABdo0k6cAGNIAQBkaMNpWycZAAiBFmhUauoAF2i+U1AA Y0gBAGRouGlbJysACIEVaL1ocwAWaBNJtQAXaNJOnABjSAEAZGjDaVsnbUgABG5IAAR0SBEE QwAIgRVoeB9bABZoE0m1ABdo0k6cAENKFgBPSgQAUEoAAFFKBABeSgAAYUoWAGNIAQBkaMNp WydtSAAEbkgABHRIBwQZAAiBFmjSTpwAF2jSTpwAY0gBAGRow2lbJxkACIEWaBNJtQAXaNJO nABjSAEAZGjDaVsnLwAIgRVovWhzABZoE0m1ABdo0k6cAFBKAwBjSAEAZGjDaVsnbUgABG5I AAR0SBEEACfrGgAA7RoAAO4aAAD8GgAA/hoAAP8aAAAYGwAAGRsAABsbAAAcGwAANxsAADgb AAA6GwAAOxsAADwbAAA9GwAAPhsAAFUbAABWGwAAYRsAAGMbAABtGwAAghsAAIUbAACGGwAA ixsAAK8bAADy0MPy0LPD8tCzw/LQqKGXjYN2aV9VX1VfSwAAAAAAAAAAAAAAAAAAAAATAQiB BEgBAAVoZhNhRxZowm86ABMBCIEESAEABWhnE2FHFmjCbzoAEwEIgQRIAQAFaGUTYUcWaMJv OgAZAQiBBEgBAAVoUxNhRxVo8mVQABZo8mVQABkBCIEESAEABWhRE2FHFWjyZVAAFmjyZVAA EwEIgQRIAQAFaEcTYUcWaFc30gATAQiBBEgBAAVoOxNhRxZoVzfSABMBCIEESAEABWhIE2FH FmhsBDAADBVo0gSRABZocHQUAAAVA2oAAAAAFWjSBJEAFmgCV88AVQgBHwAIgRVovWhzABZo E0m1ABdo0k6cAGNIAQBkaMNpWycZAAiBFmgTSbUAF2jSTpwAY0gBAGRow2lbJ0MACIEVaHgf WwAWaBNJtQAXaNJOnABDShYAT0oEAFBKAABRSgQAXkoAAGFKFgBjSAEAZGjDaVsnbUgABG5I AAR0SAcEGQAIgRZo0k6cABdo0k6cAGNIAQBkaMNpWycAGq8bAAC4GwAAwBsAAMQbAADFGwAA 1BsAAOIbAADrGwAA7BsAADUcAAA5HAAAOhwAAF8cAABgHAAAZxwAAGgcAABtHAAAbxwAAHoc AACRHAAAoRwAAKkcAACqHAAAqxwAAK8cAACwHAAAsRwAANMcAADWHAAA1xwAAN4cAADfHAAA 4BwAAPXr9eH16+HX68q9s6mzqZySiHuIbojKnJJhqWFXYVecAAAAAAAAAAAAABMBCIEESAEA BWhVE2FHFmgNIR0AGQEIgQRIAQAFaFUTYUcVaPJlUAAWaA0hHQAZAQiBBEgBAAVoWhNhRxVo DSEdABZoDSEdABkBCIEESAEABWhaE2FHFWjSBJEAFmgNIR0AEwEIgQRIAQAFaFoTYUcWaA0h HQATAQiBBEgBAAVoWRNhRxZoDSEdABkBCIEESAEABWhSE2FHFWjyZVAAFmjyZVAAEwEIgQRI AQAFaFgTYUcWaA0hHQATAQiBBEgBAAVoVhNhRxZoDSEdABkBCIEESAEABWhTE2FHFWjyZVAA FmjyZVAAGQEIgQRIAQAFaFETYUcVaPJlUAAWaPJlUAATAQiBBEgBAAVoaBNhRxZowm86ABMB CIEESAEABWhmE2FHFmjCbzoAEwEIgQRIAQAFaGwTYUcWaIkMHgATAQiBBEgBAAVoahNhRxZo iQweAAAg4BwAAO4cAADvHAAA8BwAABUdAAAdHQAAMB0AADgdAAA5HQAAOh0AAE8dAABXHQAA WB0AAFsdAABdHQAAch0AAIEdAACJHQAAih0AAIsdAACXHQAAmB0AAKcdAADAHQAA0B0AAOAd AADrHQAA7B0AAPkdAAD6HQAAAh4AAPXr4dfN183DzdfNtqnhnJKckqmLhH12fWZcVX1VTgAA DBVo0gSRABZoZVsCAAAMFWjSBJEAFmjpSu0AABMBCIEESAEABWjxEmFHFmiIC3EAHwAIgRVo 0gSRABZo6UrtABdoiAtxAGNIAQBkaPESYUcMFWjSBJEAFmjZRkkAAAwVaNIEkQAWaNdUmwAA DBVo0gSRABZoGW9vAAAMFWjSBJEAFmgOZ44AABMBCIEESAEABWhcE2FHFmgNIR0AGQEIgQRI AQAFaFwTYUcVaA0hHQAWaA0hHQAZAQiBBEgBAAVoURNhRxVo8mVQABZo8mVQABkBCIEESAEA BWhSE2FHFWhsBDAAFmjyZVAAEwEIgQRIAQAFaHsTYUcWaFglOgATAQiBBEgBAAVoehNhRxZo WCU6ABMBCIEESAEABWh5E2FHFmhYJToAEwEIgQRIAQAFaFsTYUcWaA0hHQATAQiBBEgBAAVo VRNhRxZoDSEdABMBCIEESAEABWhSE2FHFmjyZVAAAB4CHgAAAx4AAA8eAAAVHgAAGh4AABse AAAuHgAALx4AADceAAA7HgAAWh4AAGIeAAC2HgAAtx4AALgeAADsHgAA8B4AAPIeAAAGHwAA Hh8AAFEfAABXHwAAWB8AAHYfAAB5HwAAex8AAHwfAAClHwAApx8AAKsfAAC1HwAA0h8AANwf AADoHwAA7h8AAPcfAAD6HwAAACAAAAUgAAAHIAAALyAAAGAgAABmIAAAfiAAAPny+fL56+Tr 3fnW+c/IwbrButa6sLr5qaKpwZuUopup8qmNqZup+ZuGdoYAAAAAAAAAAAAAAAAAAAAAAB8A CIEVaNIEkQAWaFRqMwAXaJh2pwBjSAEAZGiTE2FHDBVo0gSRABZoVGozAAAMFWjSBJEAFmiC dO8AAAwVaNIEkQAWaOkgnAAADBVo0gSRABZoGGoUAAAMFWjSBJEAFmgGCqIAAAwVaNIEkQAW aO954QAAEwEIgQRIAQAFaJATYUcWaAUx0QAMFWjSBJEAFmg6fj0AAAwVaNIEkQAWaEwv3gAA DBVo0gSRABZo01AAAAAMFWjSBJEAFmjweHIAAAwVaNIEkQAWaEFkzwAADBVo0gSRABZoYDrB AAAMFWjSBJEAFmhqcKMAAAwVaNIEkQAWaGFJXAAADBVo0gSRABZowVXBAAAMFWjSBJEAFmje NAgAK5gdAAC4HgAALyAAAIAgAAANIQAAnSMAAIEkAAAwJgAAnCYAAJ0mAADgJgAAIycAAPYA AAAAAAAAAAAAAADtAAAAAAAAAAAAAAAA5QAAAAAAAAAAAAAAAN0AAAAAAAAAAAAAAADUAAAA AAAAAAAAAAAAzAAAAAAAAAAAAAAAAMQAAAAAAAAAAAAAAAC/AAAAAAAAAAAAAAAAkgAAAAAA AAAAAAAAAGMAAAAAAAAAAAAAAABjAAAAAAAAAAAAAAAAAAAAAAAAAAAuAAAGJAENxjAXsAFg AxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAPhEoAEmTwAAEA FKQAADEkADckADgkAEgkAF6ESgBnZBwXeAAtAAANxjAXsAFgAxAFwAZwCCAK0AuADTAP4BCQ EkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAPhEgAEmTwAAEAFKQAADEkADckADgkAEgkAF6E SABnZNEB/AAABAAAZ2QXGCsACAAACiYAC0YhAGdkTizkAAgAAAomAAtGIQBnZMdkXAAACAAA D4RoAV6EaAFnZD8igwAIAAAKJgALRiUAZ2Qjc94ACAAACiYAC0YlAGdkVGozAAAIAAAPhGgB XoRoAWdk9VI0AAAIAAAPhGgBXoRoAWdkdRiRAAALfiAAAH8gAACAIAAArCAAALEgAACyIAAA uCAAALkgAADPIAAA0CAAANYgAADXIAAACyEAAAwhAAANIQAAciEAAHMhAAC6IQAAuyEAAL0h AAC/IQAA5yEAAOshAADtIQAA8SEAAPUhAAAZIgAAHyIAAIkiAACkIgAAtiIAAN8iAADgIgAA JyMAAIYjAACbIwAAnCMAAJ0jAACsIwAAsCMAAOUjAAD58uvk6+Td5NbP5MjBurOspbPPnqyX kKyJrIKse6x0bXRmkGasZoJmDBVo0gSRABZox3paAAAMFWjSBJEAFmjkfXIAAAwVaNIEkQAW aJFjSQAADBVo0gSRABZooh1BAAAMFWjSBJEAFmgrT04AAAwVaNIEkQAWaNxLLwAADBVo0gSR ABZo13TeAAAMFWjSBJEAFmjNOkIAAAwVaNIEkQAWaFsubQAADBVo0gSRABZoyS3hAAAMFWjS BJEAFmjkCEoAAAwVaNIEkQAWaDgNKgAADBVo0gSRABZoI3PeAAAMFWjSBJEAFmhzAEgAAAwV aNIEkQAWaEwv3gAADBVo0gSRABZozmvXAAAMFWjSBJEAFmjpIJwAAAwVaNIEkQAWaBhqFAAA DBVo0gSRABZo73nhAAAMFWjSBJEAFmjHZFwAAAwVaNIEkQAWaFRqMwAADBVo0gSRABZoHWvM ACjlIwAA7CMAAPAjAADxIwAA9CMAACEkAAAqJAAAOyQAAEAkAABsJAAAdCQAAHskAACAJAAA gSQAAJAkAACUJAAAmyQAAJ4kAACkJAAApiQAAKskAACyJAAAtiQAAMkkAADKJAAA1CQAANwk AADvJAAA8iQAAPYkAAACJQAACCUAABAlAAAYJQAAGSUAAB8lAAAgJQAAISUAACQlAAAtJQAA LiUAADMlAAA/JQAASiUAAG4lAAB3JQAAgyUAAKclAADWJQAA+fLr5Ovk693r1vnWz+vd68jr weu68uvBs8HryKzrpZ7ks8iel9azkNaJgonWe9azAAAMFWjSBJEAFmjVJeEAAAwVaNIEkQAW aA8lewAADBVo0gSRABZoDkvlAAAMFWjSBJEAFminAX8AAAwVaNIEkQAWaDtHzgAADBVo0gSR ABZosl07AAAMFWjSBJEAFmg2Y/0AAAwVaNIEkQAWaM06QgAADBVo0gSRABZoQW/2AAAMFWjS BJEAFmiMc/wAAAwVaNIEkQAWaH5xPwAADBVo0gSRABZoNDbUAAAMFWjSBJEAFmigH9IAAAwV aNIEkQAWaCB+PAAADBVo0gSRABZoK09OAAAMFWjSBJEAFmjkYvIAAAwVaNIEkQAWaMd6WgAA DBVo0gSRABZozmvXAAAMFWjSBJEAFmh3QgsAMNYlAADZJQAA3SUAAOMlAADqJQAA6yUAAPcl AAAJJgAAEiYAABYmAAAdJgAALyYAADAmAAA4JgAARCYAAE8mAABQJgAAZyYAAGsmAACbJgAA nCYAAPInAACWKgAAQSwAAEIsAACOLAAAkCwAAJEsAACZLAAAniwAAM4sAADPLAAA+fLr8uTd 5N3r1t3PyLiuociayJOKfYqTdm92aGFoUQAAAB8ACIEVaNIEkQAWaKhrbQAXaC0+YABjSAEA ZGjnhGKnDBVo0gSRABZobkLgAAAMFWjSBJEAFmioa20AAAwVaNIEkQAWaFRvzgAADBVo0gSR ABZoJCF9AAAYFWgcF3gAFmjRAfwAUEoFAG1IBwRzSAcEABAVaBwXeAAWaNEB/ABQSgUAAAwV aNIEkQAWaNEB/AAADBVo0gSRABZo5zX1AAAZAQiBBEgBAAVo34RipxVo0gSRABZoLT5gABMB CIEESAEABWjfhGKnFmgtPmAAHwAIgRVo0gSRABZoI3PeABdoLT5gAGNIAQBkaN+EYqcMFWjS BJEAFmgjc94AAAwVaNIEkQAWaAtcTgAADBVo0gSRABZoDyV7AAAMFWjSBJEAFmg7R84AAAwV aNIEkQAWaGALQwAADBVo0gSRABZoNDbUAAAMFWjSBJEAFmggfjwAAAwVaNIEkQAWaNUl4QAf IycAAGgnAACtJwAA8icAADcoAAB8KAAAwSgAAAYpAAA9KQAAgikAAMcpAAAMKgAAUSoAAJYq AADbKgAAICsAAGMrAACmKwAApysAANYrAAAFLAAABiwAANAAAAAAAAAAAAAAAADQAAAAAAAA AAAAAAAA0AAAAAAAAAAAAAAAANAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA0AAAAAAAAAAA AAAAANAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAAANAAAAAAAAAAAAAA AADQAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAAANAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA 0AAAAAAAAAAAAAAAANAAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAAANAA AAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgAABiQBDcYwF7ABYAMQ BcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAD4RKABJk8AABABSk AAAxJAA3JAA4JABIJABehEoAZ2QcF3gAABUGLAAAQSwAAEIsAAC4LQAA4C8AAE4zAAAENgAA IDYAAJU3AAD6OwAAEzwAAOg9AAAvPwAADEEAAEdBAACDQQAAv0EAANIAAAAAAAAAAAAAAADN AAAAAAAAAAAAAAAAzQAAAAAAAAAAAAAAAMgAAAAAAAAAAAAAAADDAAAAAAAAAAAAAAAAwwAA AAAAAAAAAAAAAL4AAAAAAAAAAAAAAAC1AAAAAAAAAAAAAAAAsAAAAAAAAAAAAAAAAKsAAAAA AAAAAAAAAACmAAAAAAAAAAAAAAAAoQAAAAAAAAAAAAAAAJoAAAAAAAAAAAAAAACOAAAAAAAA AAAAAAAAjgAAAAAAAAAAAAAAAI4AAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAYkAQ+ErwEUpAAA XoSvAWdkHBd4AAAGAAAUpAAAZ2TaMX0AAAQAAGdkqVN3AAAEAABnZLszhQAABAIAZ2SSAD0A AAQAAGdk/j3DAAAIAAAPhBgDXoQYA2dk+QQmAAAEAgBnZDA62wAABAAAZ2RwBLcAAAQAAGdk FD1oAAAEAABnZBcYKwAtAAANxjAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuw HGAeECDAIXAjICXQJgAPhEgAEmTwAAEAFKQAADEkADckADgkAEgkAF6ESABnZNEB/AAAEM8s AADQLAAA0iwAANMsAADhLAAABC0AAAYtAAAjLQAAJC0AAGMtAABkLQAAty0AALgtAAC+LQAA vy0AANgtAADqLQAA8C0AAPUtAAANLgAADy4AACsuAAA1LgAANy4AAD8uAABALgAAUS4AAFQu AABfLgAAYC4AAGEuAABiLgAAnC4AAKouAAC/LgAAxC4AAMsuAADNLgAA7S4AAO8uAAD2LgAA +fLr5PLd8uvy1s/WxbXypZWF8tbyftbyd/LW8tby1vJ38n7ycPJp8gAAAAAAAAwVaNIEkQAW aLw4UAAADBVo0gSRABZoYSOQAAAMFWjSBJEAFmgBWjkAAAwVaNIEkQAWaFRvzgAAHwAIgRVo 0gSRABZo0QH8ABdotDq1AGNIAQBkaOqEYqcfAAiBFWjSBJEAFmgBWjkAF2i0OrUAY0gBAGRo 6oRipx8ACIEVaNIEkQAWaFRvzgAXaLQ6tQBjSAEAZGjqhGKnHwAIgRVo0gSRABZo0QH8ABdo LT5gAGNIAQBkaOiEYqcTAQiBBEgBAAVo6oRipxZotDq1AAwVaNIEkQAWaHklLgAADBVo0gSR ABZo0QH8AAAMFWjSBJEAFmieAMYAAAwVaNIEkQAWaBcYKwAADBVo0gSRABZo2UZJAAAMFWjS BJEAFmgkIX0AAAwVaNIEkQAWaKhrbQAo9i4AAC0vAAA/LwAAVC8AAFUvAADSLwAA1i8AAOAv AADjLwAA5S8AAOkvAADxLwAAEzAAACcwAAA9MAAARzAAAE0wAABOMAAAcTAAAI4wAACSMAAA vzAAAMYwAADjMAAA5DAAABUxAAA0MQAANTEAAEMxAABMMQAATTEAAE4xAABQMQAAUzEAAFcx AABeMQAAcDEAALQxAAC7MQAAVDIAAFUyAAD58vny6+Tr3dbG1ryy1t2rpKvdnd2d3ZbkjILk e+Sk5HTWdNZ0bXSkAAAAAAAAAAAAAAAAAAAMFWjSBJEAFmjfKTwAAAwVaNIEkQAWaCNz3gAA DBVo0gSRABZoOVQaAAATAQiBBEgBAAVoxxNhRxZopwkMABMBCIEESAEABWjGE2FHFminCQwA DBVo0gSRABZodkk8AAAMFWjSBJEAFmioAi4AAAwVaNIEkQAWaG5C4AAADBVo0gSRABZoqUQL AAATAQiBBEgBAAVoqxNhRxZoNEKhABMBCIEESAEABWiqE2FHFmg0QqEAHwAIgRVo0gSRABZo q24HABdoIWVOAGNIAQBkaKkTYUcMFWjSBJEAFmirbgcAAAwVaNIEkQAWaFUriAAADBVo0gSR ABZoUz/XAAAMFWjSBJEAFmgkIX0AAAwVaNIEkQAWaFRvzgAADBVo0gSRABZoHDhsAChVMgAA VjIAAGkyAAB1MgAAeTIAAJoyAACcMgAApTIAAKYyAAC+MgAAyDIAAOEyAADlMgAADDMAACAz AAA0MwAATDMAAE0zAABcMwAAZjMAAGkzAABrMwAAgzMAAIUzAACOMwAAkTMAAKAzAACmMwAA qTMAAMozAADPMwAA5DMAAPAzAAD1MwAA+zMAABM0AAAXNAAAJjQAACg0AAAxNAAAMjQAADM0 AAD58vnr+eTd1t3r3c/dyOvByMHywbrBurO6s6ylrJ6XkInyl4mXgnhxagAAAAwVaNIEkQAW aE565wAADBVo0gSRABZo/FKjAAATAQiBBEgBAAVoyxNhRxZopwkMAAwVaNIEkQAWaAc1fAAA DBVo0gSRABZoxx+hAAAMFWjSBJEAFmjUK+UAAAwVaNIEkQAWaGhgOwAADBVo0gSRABZo/ANH AAAMFWjSBJEAFmjWOkMAAAwVaNIEkQAWaEUoDQAADBVo0gSRABZoEwXBAAAMFWjSBJEAFmhu SSgAAAwVaNIEkQAWaBFX2AAADBVo0gSRABZomGmkAAAMFWjSBJEAFmgjaCQAAAwVaNIEkQAW aDxC9gAADBVo0gSRABZoHS2DAAAMFWjSBJEAFmgjc94AAAwVaNIEkQAWaKtuBwAADBVo0gSR ABZobkLgAAAMFWjSBJEAFmgcLUUAKTM0AAA9NAAAQDQAAEs0AABXNAAAXjQAAJc0AACkNAAA qzQAAKw0AAC1NAAAxzQAAMk0AADKNAAAzDQAAOE0AADyNAAA+DQAAAA1AAABNQAABDUAAA81 AAAQNQAAFDUAABY1AAAXNQAAGzUAAFA1AABzNQAAdTUAAHc1AAB9NQAA+fLr5N3k1s/Wz8W7 xc+x1qrWmoqaem3k1mZf1l/WWAAAAAAAAAAAAAAAAAAAAAAADBVo0gSRABZoUkrhAAAMFWjS BJEAFmhcPsgAAAwVaNIEkQAWaG5C4AAAGQAIgRZoElhkABdoK2nOAGNIAQBkaPqEYqcfAAiB FWjSBJEAFmgXJkcAF2grac4AY0gBAGRo+oRipx8ACIEVaNIEkQAWaGMxYgAXaCtpzgBjSAEA ZGj6hGKnHwAIgRVo0gSRABZoq24HABdoK2nOAGNIAQBkaPqEYqcMFWjSBJEAFmjHH6EAABMB CIEESAEABWj6hGKnFmgrac4AEwEIgQRIAQAFaNATYUcWaCx2vAATAQiBBEgBAAVozxNhRxZo LHa8AAwVaNIEkQAWaGMxYgAADBVo0gSRABZoq24HAAAMFWjSBJEAFmhTMBcAAAwVaNIEkQAW aJ9RbQAADBVo0gSRABZozxjVAAAMFWjSBJEAFmgBe5oAAAwVaNIEkQAWaIFO5AAffTUAAH41 AAB/NQAAlDUAAJU1AACXNQAApTUAAKY1AACnNQAAtTUAALg1AAC/NQAAxjUAAMs1AADMNQAA 1zUAANg1AADZNQAA4jUAAAI2AAADNgAABDYAAAo2AAALNgAADDYAABU2AAAWNgAAHzYAACA2 AABaNgAAZTYAAG42AAD15d7X0NfAttevqK/XqNfAtteel5CJgnt0e3SJbV1TAAAAAAAAABMB CIEESAEABWjYE2FHFmgvZX0AHwAIgRVo+QQmABZo+QQmABdoL2V9AGNIAQBkaNgTYUcMFWj5 BCYAFmj5BCYAAAwVaNIEkQAWaIY3IQAADBVo0gSRABZoiXcoAAAMFWjSBJEAFmh1ekgAAAwV aNIEkQAWaDA62wAADBVo0gSRABZoZnN0AAAMFWjSBJEAFmiGdNAAABMBCIEESAEABWgVFGFH Fmgga7UADBVo0gSRABZoIBOPAAAMFWjSBJEAFmjHH6EAABMBCIEESAEABWjNE2FHFmgsdrwA HwAIgRVo0gSRABZoXD7IABdoLHa8AGNIAQBkaM0TYUcMFWjSBJEAFmirbgcAAAwVaNIEkQAW aFw+yAAADBVo0gSRABZoUkrhAAAfAAiBFWjSBJEAFmhSSuEAF2gga7UAY0gBAGRoExRhRxMB CIEESAEABWgTFGFHFmgga7UAAB9uNgAAbzYAAHk2AAB/NgAAhDYAAJw2AACgNgAApTYAAL42 AAC/NgAAyTYAAMo2AADNNgAAzjYAAOA2AADiNgAA+TYAAPo2AAD7NgAAFjcAABo3AABPNwAA lTcAAJ83AACtNwAAwjcAANE3AADUNwAA3DcAAOU3AADoNwAA7DcAAA84AAAfOAAAIjgAACY4 AAA3OAAAOjgAADs4AABJOAAAWTgAAF04AABgOAAAbzgAAHc4AACHOAAAsDgAAPLr5N3k1MvU 5NTk1OTU5MG0wbCmsOSfmJGfkZ+Kn4OffJ+Dn3Wfg5+Dn4Ofg58MFWjSBJEAFmg/JAEAAAwV aNIEkQAWaOwtEwAADBVo0gSRABZoSGOeAAAMFWjSBJEAFmiKRtUAAAwVaNIEkQAWaNAdswAA DBVo0gSRABZonVbTAAAMFWjSBJEAFmhHNhkAABMBCIEESAEABWhN0mGnFmhSKSAABhZowhN4 AAAZAAiBFmjCE3gAF2hSKSAAY0gBAGRoTNJhpxMBCIEESAEABWhM0mGnFmhSKSAAEBVo0gSR ABZo60IVAFBKBQAAEBVo0gSRABZoBRyQAFBKBQAADBVo0gSRABZo60IVAAAMFWjSBJEAFmgF HJAAAAwVaPkEJgAWaPkEJgAAGQEIgQRIAQAFaNgTYUcVaPkEJgAWaC9lfQAALrA4AAC9OAAA 0jgAANM4AADYOAAA3TgAAOc4AADpOAAA7DgAAO04AAA4OQAARjkAAFQ5AABVOQAAVjkAAFc5 AABbOQAAXjkAAG05AAB1OQAAgzkAAIQ5AACGOQAAlDkAAJg5AACvOQAAtDkAALU5AAC2OQAA ujkAALs5AAC8OQAAvjkAABY6AAD58uvh69rKurPy+fKjmfL58vny+Yn58uvy+Xlv+V9V+fIA EwEIgQRIAQAFaBEUYUcWaCBrtQAfAAiBFWjSBJEAFmhIY54AF2gga7UAY0gBAGRoERRhRxMB CIEESAEABWgMFGFHFmgga7UAHwAIgRVo0gSRABZoSGOeABdoIGu1AGNIAQBkaAwUYUcfAAiB FWjSBJEAFmhIY54AF2gga7UAY0gBAGRoDxRhRxMBCIEESAEABWgMFGFHFmgmKjsAHwAIgRVo 0gSRABZoRzYZABdoJio7AGNIAQBkaAwUYUcMFWjSBJEAFmidVtMAAB8ACIEVaNIEkQAWaEc2 GQAXaCBrtQBjSAEAZGgOFGFHHwAIgRVo0gSRABZo3yk8ABdoIGu1AGNIAQBkaA4UYUcMFWjS BJEAFmjfKTwAABMBCIEESAEABWgOFGFHFmgga7UADBVo0gSRABZogAfmAAAMFWjSBJEAFmhH NhkAAAwVaNIEkQAWaEhjngAhFjoAABo6AAAiOgAAJjoAADI6AAA5OgAAVToAAGQ6AABtOgAA dDoAAHU6AAB2OgAAdzoAAHs6AACHOgAAjjoAAKo6AAC5OgAAuzoAAOI6AAAROwAAKTsAADM7 AAA8OwAARzsAAFI7AABgOwAAajsAAGs7AABsOwAAiTsAAJQ7AACuOwAArzsAALA7AACzOwAA tDsAALg7AADEOwAA3jsAAN87AADvOwAA+TsAAPo7AAD9OwAA+fLr8vny6/ny29Hy6/L58uvy ysO/w7ixp52xlvmP+Y/5j4iP+Y/5j4GPenMAAAAAAAAMFWjSBJEAFmiSAD0AAAwVaNIEkQAW aIAH5gAADBVo0gSRABZodCyfAAAMFWjSBJEAFmg9UxIAAAwVaNIEkQAWaCttMAAADBVo0gSR ABZo/j3DAAATAQiBBEgBAAVoGBRhRxZoz2eSABMBCIEESAEABWhU0mGnFmjUTGsADBVo0gSR ABZoR3oRAAAMFWjSBJEAFmjfKTwAAAYWaKpPswAADBVo0gSRABZorAc8AAAMFWjSBJEAFmgR SyoAABMBCIEESAEABWgNFGFHFmgga7UAHwAIgRVo0gSRABZoRzYZABdoIGu1AGNIAQBkaA0U YUcMFWjSBJEAFmiBDNUAAAwVaNIEkQAWaEc2GQAADBVo0gSRABZoPyQBACz9OwAA/jsAACY8 AAAoPAAARDwAAEw8AABePAAAYjwAAGw8AAB9PAAAgTwAAJw8AACePAAApTwAALk8AADEPAAA zTwAANM8AADjPAAA7jwAAPA8AAD5PAAA+zwAAAI9AAAMPQAADT0AAA89AAATPQAAFj0AAB89 AAAqPQAALj0AAPny6/Lk8tfK18rXytfy1/LD8sPytqCKd2pd12rXUNcAGBVo0gSRABZoRgx/ AFBKBQBuSAQIdEgECAAYFWjSBJEAFmixZD4AUEoFAG5IBAh0SAQIABgVaNIEkQAWaARd4gBQ SgUAbkgECHRIBAgAJQEIgQRIAQAFaG78WkcVaNIEkQAWaGt3dQBQSgUAbkgECHRIBAgrAAiB FWjSBJEAFmgEXeIAF2hrd3UAUEoFAGNIAQBkaG78WkduSAQIdEgECCsACIEVaNIEkQAWaJl9 hAAXaGt3dQBQSgUAY0gBAGRobvxaR25IBAh0SAQIGBVo0gSRABZobkLgAFBKBQBuSAQIdEgE CAAMFWjSBJEAFmjREkUAABgVaNIEkQAWaNESRQBQSgUAbkgECHRIBAgAGBVo0gSRABZokgA9 AFBKBQBuSAQIdEgECAAMFWjSBJEAFmjsLRMAAAwVaNIEkQAWaLFkPgAADBVo0gSRABZokgA9 AAAMFWjSBJEAFmh1ekgAHy49AAAxPQAANT0AADc9AAA7PQAAPT0AAD49AABGPQAASD0AAGM9 AABmPQAAZz0AAGg9AABpPQAAfT0AAIE9AACFPQAAhj0AAIc9AACIPQAAmT0AAKM9AACqPQAA rz0AAME9AADSPQAA5j0AAOc9AADoPQAA8j0AABU+AAAXPgAA8+bZzL/mzLLmzObMpZiLmHVl sphbUVtRW1FbzLKYsgAAABIVaNIEkQAWaNESRQB3aAAA6QAAEhVo0gSRABZo2jF9AHdoAADp AAAfAQiBBEgBAAVoJRRhRxZohRWDAFBKBQBuSAQIdEgECCsACIEVaNIEkQAWaNoxfQAXaIUV gwBQSgUAY0gBAGRoJRRhR25IBAh0SAQIGBVo0gSRABZo0RJFAFBKBQBuSAQIdEgECAAYFWjS BJEAFmjaMX0AUEoFAG5IBAh0SAQIABgVaNIEkQAWaNBiuwBQSgUAbkgECHRIBAgAGBVo0gSR ABZodXpIAFBKBQBuSAQIdEgECAAYFWjSBJEAFmgEXeIAUEoFAG5IBAh0SAQIABgVaNIEkQAW aJIAPQBQSgUAbkgECHRIBAgAGBVo0gSRABZosWQ+AFBKBQBuSAQIdEgECAAYFWjSBJEAFmhH bnUAUEoFAG5IBAh0SAQIABgVaNIEkQAWaEYMfwBQSgUAbkgECHRIBAgfFz4AABs+AAAcPgAA HT4AACQ+AAAqPgAAPT4AALw+AAC9PgAA3j4AAPY+AAAvPwAAPT8AAD8/AAB2PwAAeD8AAKk/ AACyPwAAwz8AANg/AADbPwAA3D8AAPVAAAD4QAAABkEAAApBAAALQQAADEEAAGREAABlRAAA kkQAAPPdzfPA87nzubK586XzpfOl85XzlfOI83vzbvNh8wAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAYFWjSBJEAFmitVvYAUEoFAG5IBAh0SAQIABgVaNIEkQAW aLFkPgBQSgUAbkgECHRIBAgAGBVo0gSRABZopD1BAFBKBQBuSAQIdEgECAAYFWjSBJEAFmgh WB0AUEoFAG5IBAh0SAQIAB8BCIEESAEABWhfFGFHFmhyT4YAUEoFAG5IBAh0SAQIGBVo0gSR ABZo5xK2AFBKBQBuSAQIdEgECAAMFWjSBJEAFmi7M4UAAAwVaNIEkQAWaNoxfQAAGBVo0gSR ABZodXpIAFBKBQBuSAQIdEgECAAfAQiBBEgBAAVoJhRhRxZohRWDAFBKBQBuSAQIdEgECCsA CIEVaNIEkQAWaNoxfQAXaIUVgwBQSgUAY0gBAGRoJhRhR25IBAh0SAQIGBVo0gSRABZo2jF9 AFBKBQBuSAQIdEgECB6/QQAA+0EAADdCAABzQgAAr0IAAOtCAAAnQwAAY0MAAJ9DAADbQwAA F0QAAFJEAABTRAAAhUQAAIZEAAAsRgAALUYAABdIAAAYSAAA0EkAANFJAADtSQAARU0AADZQ AAAyUwAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAA AAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAA AADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA 7AAAAAAAAAAAAAAAAOwAAAAAAAAAAAAAAADsAAAAAAAAAAAAAAAA7AAAAAAAAAAAAAAAAOwA AAAAAAAAAAAAAADsAAAAAAAAAAAAAAAA7AAAAAAAAAAAAAAAAOMAAAAAAAAAAAAAAADeAAAA AAAAAAAAAAAA2QAAAAAAAAAAAAAAANQAAAAAAAAAAAAAAADPAAAAAAAAAAAAAAAAAAAABAAA Z2RqNoUAAAQAAGdkOwleAAAEAABnZF0OuAAABAIAZ2T2L5YAAAgAAA+EAABehAAAZ2RwBLcA AAYAABSkAABnZNoxfQAMAAAGJAEPhK8BFKQAAF6ErwFnZBwXeAAAGJJEAACeRAAAp0QAALxE AAC+RAAAzkQAANJEAADqRAAA60QAACJFAAAjRQAAK0UAADFFAAA7RQAAQ0UAAE9FAABbRQAA XEUAAGZFAABnRQAA6dPDtqmcqZy2koWSclxMtj+2MgAYFWjSBJEAFmgBe5oAUEoFAG5IBAh0 SAQIABgVaNIEkQAWaE565wBQSgUAbkgECHRIBAgAHwEIgQRIAQAFaGgUYUcWaFV1RgBQSgUA bkgECHRIBAgrAAiBFWjSBJEAFmjaMX0AF2hVdUYAUEoFAGNIAQBkaGgUYUduSAQIdEgECCUA CIEWaFIl1QAXaFV1RgBQSgUAY0gBAGRoaBRhR25IBAh0SAQIGBVo0gSRABZo3yk8AFBKBQBu SAQIdEgECAASFmhSJdUAUEoFAG5IBAh0SAQIABgVaNIEkQAWaLFkPgBQSgUAbkgECHRIBAgA GBVo0gSRABZooBpSAFBKBQBuSAQIdEgECAAYFWjSBJEAFmjaMX0AUEoFAG5IBAh0SAQIAB8B CIEESAEABWhjFGFHFmhyT4YAUEoFAG5IBAh0SAQIKwAIgRVo0gSRABZoWBw7ABdock+GAFBK BQBjSAEAZGhjFGFHbkgECHRIBAgrAAiBFWjSBJEAFmjaMX0AF2hyT4YAUEoFAGNIAQBkaGMU YUduSAQIdEgECAATZ0UAAH1FAACBRQAAk0UAAJxFAACdRQAApUUAAKZFAACwRQAAskUAALZF AADLRQAA20UAAN5FAADjRQAA70UAAPhFAAD5RQAA/UUAAApGAAAQRgAA79/vzO/MtqCThpN5 Y99T30B533kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlAQiBBEgBAAVodRRhRxVo0gSRABZo YHhPAFBKBQBuSAQIdEgECB8BCIEESAEABWh3FGFHFmhgeE8AUEoFAG5IBAh0SAQIKwAIgRVo 0gSRABZo2jF9ABdoYHhPAFBKBQBjSAEAZGh1FGFHbkgECHRIBAgYFWjSBJEAFmjaMX0AUEoF AG5IBAh0SAQIABgVaNIEkQAWaLFkPgBQSgUAbkgECHRIBAgAGBVo0gSRABZoilNCAFBKBQBu SAQIdEgECAArAAiBFWjSBJEAFmjaMX0AF2hgeE8AUEoFAGNIAQBkaHQUYUduSAQIdEgECCsA CIEVaNIEkQAWaAF7mgAXaGB4TwBQSgUAY0gBAGRodBRhR25IBAh0SAQIJQEIgQRIAQAFaHQU YUcVaNIEkQAWaGB4TwBQSgUAbkgECHRIBAgfAQiBBEgBAAVodRRhRxZoYHhPAFBKBQBuSAQI dEgECB8BCIEESAEABWh0FGFHFmhgeE8AUEoFAG5IBAh0SAQIABQQRgAAKkYAAFlGAABeRgAA dUYAAIBGAACDRgAAhEYAAIpGAACORgAA/kYAAB9HAAA9RwAARkcAAEpHAABXRwAAb0cAAHRH AACURwAAl0cAAL9HAADERwAAF0gAAEFIAADp3Mzcv9y/3L/cr9yZg5lz3HNd3MzcUAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBVo0gSRABZogkoLAFBKBQBu SAQIdEgECAArAAiBFWjSBJEAFmjaMX0AF2i9eGQAUEoFAGNIAQBkaHsUYUduSAQIdEgECB8B CIEESAEABWh6FGFHFmi9eGQAUEoFAG5IBAh0SAQIKwAIgRVo0gSRABZosWQ+ABdovXhkAFBK BQBjSAEAZGh6FGFHbkgECHRIBAgrAAiBFWjSBJEAFmjaMX0AF2i9eGQAUEoFAGNIAQBkaHoU YUduSAQIdEgECB8BCIEESAEABWh4FGFHFmi9eGQAUEoFAG5IBAh0SAQIGBVo0gSRABZosWQ+ AFBKBQBuSAQIdEgECAAfAQiBBEgBAAVoexRhRxZovXhkAFBKBQBuSAQIdEgECBgVaNIEkQAW aNoxfQBQSgUAbkgECHRIBAgAKwAIgRVo0gSRABZo2jF9ABdoYHhPAFBKBQBjSAEAZGh3FGFH bkgECHRIBAgAF0FIAABCSAAAQ0gAAL1IAAC+SAAAv0gAAOZIAADpSAAAdkkAAHdJAAB4SQAA p0kAAKhJAACpSQAA0EkAANFJAADSSQAA2EkAANlJAADiSQAA7EkAAO1JAAAOSgAAFUoAABZK AAAoSgAAKUoAAOnZzOnZzL/MqZnMqZnMkouEfXZvaGFaYVNMAAAAAAAAAAAAAAAAAAAAAAAA DBVo0gSRABZoNkSFAAAMFWjSBJEAFmghB1gAAAwVaNIEkQAWaLI5qwAADBVo0gSRABZoZ0lh AAAMFWjSBJEAFmj2L5YAAAwVaNIEkQAWaFB1/gAADBVo0gSRABZoXk4KAAAMFWjSBJEAFmh1 ekgAAAwVaNIEkQAWaKETQwAADBVo0gSRABZohjchAAAMFWjSBJEAFmiSAD0AAB8BCIEESAEA BWhKFGFHFmg5Ph0AUEoFAG5IBAh0SAQIKwAIgRVo0gSRABZogkoLABdoOT4dAFBKBQBjSAEA ZGhKFGFHbkgECHRIBAgYFWjSBJEAFmh0LJ8AUEoFAG5IBAh0SAQIABgVaNIEkQAWaIJKCwBQ SgUAbkgECHRIBAgAHwEIgQRIAQAFaEkUYUcWaDk+HQBQSgUAbkgECHRIBAgrAAiBFWjSBJEA FmiCSgsAF2g5Ph0AUEoFAGNIAQBkaEkUYUduSAQIdEgECAAaKUoAADFKAABpSgAAnUoAAJ5K AACfSgAApUoAAMhKAADJSgAAAEsAAANLAAAUSwAAFksAABdLAAAZSwAAHUsAADNLAAA6SwAA WEsAAGNLAAB6SwAAgUsAAIJLAACDSwAAlEsAAJVLAACWSwAAmksAAJtLAACcSwAApUsAAK9L AACwSwAAv0sAAMNLAADESwAAxUsAAMpLAADMSwAAzUsAANZLAADZSwAA40sAAOxLAADtSwAA BEwAAAhMAAD58uvk6/nd1t3P3cjBusGzrbOms5+z3ZiRmIqYis+KkaaRn5jBg+TBmMF8kcF1 DBVo0gSRABZoJDVeAAAMFWjSBJEAFmgJMn4AAAwVaNIEkQAWaIs/hQAADBVo0gSRABZoiyZt AAAMFWjSBJEAFmhgA2IAAAwVaNIEkQAWaDZEhQAADBVo0gSRABZopgRnAAAMFWjSBJEAFmix AAkAAAoWaCMCTQBQSgMAAAwVaNIEkQAWaN8wyAAADBVo0gSRABZoLEuWAAAMFWjSBJEAFmhI E04AAAwVaNIEkQAWaPJzUQAADBVo0gSRABZov1O2AAAMFWjSBJEAFmigGlIAAAwVaNIEkQAW aKhaZAAADBVo0gSRABZosWQ+AAAMFWjSBJEAFmhsMJYAAAwVaNIEkQAWaCEHWAAADBVo0gSR ABZokUJ7AC4ITAAADUwAABNMAAAUTAAAX0wAAGNMAABkTAAAakwAAG1MAACOTAAAj0wAAJBM AACfTAAAoEwAAK1MAACyTAAAvkwAAOhMAADzTAAA9EwAAPVMAAD+TAAAEE0AABJNAAATTQAA GE0AAB9NAABDTQAARE0AAEVNAABHTQAATU0AAFJNAABWTQAAYE0AAG1NAAB1TQAAl00AAJpN AAClTQAAy00AANhNAADdTQAA6E0AAOlNAADqTQAA/E0AAABOAAAITgAA+fLr8uvy5PLd1s/I wbrBs8GzurPBrKWsusGewZ66wZ7Bl8G6wbOXwZDBl8GJgnuQAAAMFWjSBJEAFmg2RIUAAAwV aNIEkQAWaPI7MAAADBVo0gSRABZo00xLAAAMFWjSBJEAFmgEfC4AAAwVaNIEkQAWaDdF0QAA DBVo0gSRABZoWwdJAAAMFWjSBJEAFmhdcrAAAAwVaNIEkQAWaD5rDQAADBVo0gSRABZosQAJ AAAMFWjSBJEAFmjZTLQAAAwVaNIEkQAWaKhaZAAADBVo0gSRABZokUJ7AAAMFWjSBJEAFmgB cdUAAAwVaNIEkQAWaL0AfwAADBVo0gSRABZo71BHAAAMFWjSBJEAFmgeX0oAAAwVaNIEkQAW aGADYgAADBVo0gSRABZoSBNOAAAMFWjSBJEAFmjGPfMAMAhOAAALTgAADU4AAChOAAAwTgAA Uk4AAGhOAAB8TgAAhk4AAJJOAADyTgAA9U4AAB9PAAAuTwAAL08AADBPAAA7TwAAXE8AAF1P AAC7TwAANVAAADZQAAA4UAAAV1AAAH9QAACEUAAAhVAAAIZQAACJUAAAilAAAItQAACmUAAA slAAAAlRAAAMUQAAGFEAAB1RAABSUQAAVlEAAGFRAABiUQAAZVEAAGZRAABsUQAAblEAAJBR AACcUQAAt1EAALhRAAD58vnr+eTy5PLk3eTW5M/k3eTIwbmyq7LIsqSypMiyq7KdspayjLKk sqSyq7KrsnwAAAAAHwAIgRVo0gSRABZoTnrnABdoik7rAGNIAQBkaK4aYWcTAQiBBEgBAAVo rxphZxZoik7rAAwVaNIEkQAWaG8IHwAADBVo0gSRABZob0tUAAAMFWjSBJEAFmhOeucAAAwV aNIEkQAWaDdF0QAADBVo0gSRABZoM218AAAPFWjSBJEAFmioWmQANwiBDBVo0gSRABZomXsa AAAMFWjSBJEAFmjDXfkAAAwVaNIEkQAWaEMVywAADBVo0gSRABZoE1PAAAAMFWjSBJEAFmib VdYAAAwVaNIEkQAWaIplbwAADBVo0gSRABZoKGXaAAAMFWjSBJEAFmgEfC4AAAwVaNIEkQAW aPI7MAAwuFEAALtRAAC8UQAAvVEAAMJRAADhUQAA4lEAAOZRAADpUQAA9lEAAAVSAAAJUgAA DlIAABlSAAAbUgAAMlIAADtSAABFUgAARlIAAEpSAABTUgAAXlIAAIFSAACJUgAAnVIAAKpS AADvUgAAAFMAAApTAAALUwAAMFMAADFTAAA5UwAAO1MAAIFTAACDUwAAnlMAAKpTAADcUwAA 3lMAAPRTAAD+UwAA79/v2M7B2LrYurPYs9isnJKFnKySrH6sd6xwfqx+d9iz2LPYs9iz2GkA DBVo0gSRABZoPHvGAAAMFWjSBJEAFmj6KlMAAAwVaNIEkQAWaJlqUgAADBVo0gSRABZowWp5 AAAZAQiBBEgBAAVo4dJiJxVo0gSRABZonDGNABMBCIEESAEABWjh0mInFmicMY0AHwAIgRVo 0gSRABZoajaFABdonDGNAGNIAQBkaOHSYicMFWjSBJEAFmhqNoUAAAwVaNIEkQAWaDQj3gAA DBVo0gSRABZoN0XRAAAZAQiBBEgBAAVorxphZxVoiH//ABZoik7rABMBCIEESAEABWivGmFn FmiKTusADBVo0gSRABZoM218AAAfAAiBFWjSBJEAFmhOeucAF2iKTusAY0gBAGRorhphZx8A CIEVaNIEkQAWaDNtfAAXaIpO6wBjSAEAZGiuGmFnACn+UwAADVQAAA9UAAAuVAAAL1QAADxU AABBVAAARlQAAEdUAABIVAAAZFQAAGpUAABrVAAAflQAAH9UAACDVAAAhFQAALtUAADGVAAA x1QAANVUAADhVAAA7FQAAO1UAAD3VAAABFUAAA1VAAAZVQAAMVUAAFdVAABlVQAAaFUAAGtV AABwVQAAdFUAAKNVAACqVQAArlUAALJVAAC7VQAA4VUAAAhWAAAKVgAASVYAAFlWAABkVgAA ZVYAAHlWAACcVgAAq1YAAK5WAADKVgAA+fL56+T53c3D3fnd+d358vny3fny+by1rrWup7Wg +ev5vPnd+fL53fndrpmnrpmnkpmLAAAAAAAAAAAAAAAAAAAAAAAAAAwVaNIEkQAWaMBv4AAA DBVo0gSRABZorVb2AAAMFWjSBJEAFmiMefsAAAwVaNIEkQAWaKVYyQAADBVo0gSRABZoZGwv AAAMFWjSBJEAFmhEbGgAAAwVaNIEkQAWaPReKwAADBVo0gSRABZoajaFAAATAQiBBEgBAAVo sxphZxZoik7rAB8ACIEVaNIEkQAWaAZ4AwAXaIpO6wBjSAEAZGizGmFnDBVo0gSRABZoBngD AAAMFWjSBJEAFmhKY2wAAAwVaNIEkQAWaNVN4AAADBVo0gSRABZoNCPeAAAMFWjSBJEAFmgz bXwAMzJTAADtVAAArVYAAK5WAADLVgAAPlcAAFZXAAA7WAAAPFgAAHNYAAC4WAAA/VgAAEJZ AACHWQAAyVkAAA5aAABTWgAA+gAAAAAAAAAAAAAAAPUAAAAAAAAAAAAAAAD6AAAAAAAAAAAA AAAA8AAAAAAAAAAAAAAAAOsAAAAAAAAAAAAAAADmAAAAAAAAAAAAAAAA4QAAAAAAAAAAAAAA AOEAAAAAAAAAAAAAAADYAAAAAAAAAAAAAAAA0wAAAAAAAAAAAAAAANMAAAAAAAAAAAAAAADT AAAAAAAAAAAAAAAA0wAAAAAAAAAAAAAAAMwAAAAAAAAAAAAAAADHAAAAAAAAAAAAAAAAmgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALQAADcYwF7ABYAMQ BcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAD4QAABJk8AABABSk AAAxJAA3JAA4JABIJABehAAAZ2TeRCYAAASYAGdk3kQmAAAGAAAUpAAAZ2TmSt8AAASYAGdk 5krfAAAIAAAPhAAAXoQAAGdkqUduAAAEAABnZKlHbgAABAIAZ2TQD0AAAAQAAGdk5S5RAAAE AQBnZMBv4AAABAAAZ2RCVlUAAAQAAGdk1U3gAAAQylYAAMtWAAD6VgAAE1cAACFXAAAiVwAA LlcAADxXAAA9VwAAPlcAAEdXAABIVwAATFcAAFVXAABWVwAAf1cAAIVXAACJVwAAjVcAABlY AAAkWAAAL1gAAD9YAABTWAAAclgAAHNYAADz7OXc1ezOxb6voJGCc2hgaGBoVWBoTWhCAAAA FBVo0gSRABZoSUrUAG5IEQR0SBEEAA4WaFIl1QBuSBEEdEgRBAAUFWjSBJEAFmiAZasAbkgR BHRIEQQADhZogGWrAG5IEQR0SBEEABQVaNIEkQAWaKlHbgBuSBEEdEgRBAAcFWjSBJEAFmiC BU8AXkoGAGFKGABuSBEEdEgRBAAcFWjSBJEAFmiyYdMAXkoGAGFKGABuSBEEdEgRBAAcFWjS BJEAFmjjSbwAXkoGAGFKGABuSBEEdEgRBAAcFWjSBJEAFmgiT3kAXkoGAGFKGABuSBEEdEgR BAAcFWjSBJEAFmjCEMoAXkoGAGFKGABuSBEEdEgRBAAMFWjSBJEAFmjjEJoAABAVaNIEkQAW aLJdOwBQSgAAAAwVaNIEkQAWaNww/wAADBVo0gSRABZogWWpAAAQFWjSBJEAFmiBZakAUEoA AAAMFWjSBJEAFmiAVx8AAAwVaNIEkQAWaIIFTwAAGBVo0gSRABZooxe1AFBKAwBuSBEEdEgR BBlzWAAAd1gAAEVZAABIWQAASlkAAE5ZAABPWQAAU1kAAFRZAABVWQAAVlkAAFdZAABZWQAA WlkAAFtZAABiWQAAY1kAAGRZAABlWQAAbVkAAHBZAAB2WQAAd1kAAHhZAAB+WQAAf1kAAIJZ AACFWQAAhlkAAIdZAADx4tPEtcTTpsTTl4iXeWqXeWpbauJql+KX05dM4gAAABwVaNIEkQAW aGB4lgBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaE1RDwBDShgAYUoYAG1ICQRzSAkEABwV aNIEkQAWaNRfzwBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaH0ZzgBDShgAYUoYAG1ICQRz SAkEABwVaNIEkQAWaA1L5QBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaHMXGABDShgAYUoY AG1ICQRzSAkEABwVaNIEkQAWaPdArgBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaM8XvABD ShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaAUbhABDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAW aIoy7QBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaOZK3wBDShgAYUoYAG1ICQRzSAkEABwV aNIEkQAWaPoaEwBDShgAYUoYAG1ICQRzSAkEHYdZAADJWQAAy1kAAMxZAADVWQAA1lkAANhZ AADdWQAA51kAAPFZAADyWQAA81kAAPlZAAD6WQAAAFoAAA1aAAAOWgAAUloAAFNaAABpWgAA c1oAAJZaAACbWgAAq1oAALZaAAC5WgAAvFoAAN1aAAD56Nfoxui1psbXldeV1+iGf3hvZG9b UltSW1IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBVo0gSRABZoYHiWAFBKAAAAEBVo0gSR ABZo1F/PAFBKAAAAFBVo0gSRABZoXk4KAG5IEQR0SBEEABAVaNIEkQAWaF5OCgBQSgAAAAwV aNIEkQAWaGB4lgAADBVo0gSRABZo3kQmAAAcFWjSBJEAFmjeRCYAQ0oYAGFKGABtSAkEc0gJ BAAgFWjSBJEAFmjXd8UAQ0oYAFBKAABhShgAbUgJBHNICQQAHBVo0gSRABZoXk4KAENKGABh ShgAbUgJBHNICQQAIBVo0gSRABZo1F/PAENKGABQSgAAYUoYAG1ICQRzSAkEACAVaNIEkQAW aF5OCgBDShgAUEoAAGFKGABtSAkEc0gJBAAgFWjSBJEAFmjeRCYAQ0oYAFBKAABhShgAbUgJ BHNICQQAIBVo0gSRABZoYHiWAENKGABQSgAAYUoYAG1ICQRzSAkEAAwVaNIEkQAWaOZK3wAb U1oAAJhaAADdWgAAIlsAAGRbAABlWwAAZlsAAKlbAADrWwAAL1wAAHRcAAC5XAAA/lwAAENd AACIXQAA0gAAAAAAAAAAAAAAANIAAAAAAAAAAAAAAADNAAAAAAAAAAAAAAAAxgAAAAAAAAAA AAAAAMYAAAAAAAAAAAAAAADSAAAAAAAAAAAAAAAAvAAAAAAAAAAAAAAAAH4AAAAAAAAAAAAA AAB+AAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAH4AAAAAAAAAAAAAAAB+AAAAAAAAAAAAAAAA fgAAAAAAAAAAAAAAAH4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgAABiQBDcZbFrABYAMQBcAG cAggCtALgA0wD+AQkBJAFPAVoBdQGQAbYB4QIMAhcCMgJdAmD5QDKAe8ClAO5BF4FQwZNCDI I1wn8CqELhgyrDVAOQAAAAAAAAAAAAAAAAAAAA+EAAASZPAAAQAUpAAAXoQAAGdkjU8dAAoA AAYkAQ+ErwFehK8BZ2SNTx0AAAYAABSkAABnZGB4lgAABJgAZ2RgeJYALQAADcYwF7ABYAMQ BcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAD4QAABJk8AABABSk AAAxJAA3JAA4JABIJABehAAAZ2RgeJYAAA7dWgAAIlsAAGRbAABlWwAAZlsAAHVbAACJWwAA qFsAAKlbAAA6YAAAPGAAAFJgAABiYAAAkGAAAJdgAACuYAAAwWAAANVgAADWYAAA32AAAOdg AADwYAAACGEAAPHq49rRy8K8r8LxnfGO8XZkUvF2ZPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMBCIEESAEABWjCGmFnFmhGWZ8AQ0oYAGFK GABtSAkEc0gJBCMBCIEESAEABWjBGmFnFmhGWZ8AQ0oYAGFKGABtSAkEc0gJBC8ACIEVaNIE kQAWaGB4lgAXaEZZnwBDShgAYUoYAGNIAQBkaMEaYWdtSAkEc0gJBBwVaNIEkQAWaJhnhwBD ShgAYUoYAG1ICQRzSAkEACMBCIEESAEABWi3GmFnFmiKTusAQ0oYAGFKGABtSAkEc0gJBBgV aI1PHQAWaI1PHQBQSgAAbkgHBHRIBwQAChZoqUduAFBKAAAAEBVo0gSRABZoqUduAFBKAAAA ChZoUiXVAFBKAAAAEBVo0gSRABZomjHYAFBKAAAAEBVo0gSRABZoYHiWAFBKAAAADBVo0gSR ABZoHmcyAAAMFWjSBJEAFmhgeJYAABwVaNIEkQAWaGB4lgBDShgAYUoYAG1ICQRzSAkEFohd AADNXQAAEl4AAFdeAACcXgAA4V4AACZfAABrXwAAsF8AAPVfAAA6YAAAwQAAAAAAAAAAAAAA AMEAAAAAAAAAAAAAAADBAAAAAAAAAAAAAAAAwQAAAAAAAAAAAAAAAMEAAAAAAAAAAAAAAADB AAAAAAAAAAAAAAAAwQAAAAAAAAAAAAAAAMEAAAAAAAAAAAAAAADBAAAAAAAAAAAAAAAAhAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAANxlsW sAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABtgHhAgwCFwIyAl0CYPlAMoB7wKUA7k EXgVDBk0IMgjXCfwKoQuGDKsNUA5AAAAAAAAAAAAAAAAAAAAD4QAABJk8AABABSkAABehAAA Z2SNTx0APgAABiQBDcZbFrABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbYB4QIMAh cCMgJdAmD5QDKAe8ClAO5BF4FQwZNCDII1wn8CqELhgyrDVAOQAAAAAAAAAAAAAAAAAAAA+E AAASZPAAAQAUpAAAXoQAAGdkjU8dAAAKOmAAADtgAAA8YAAAP2AAAJhgAACZYAAA8mAAAPNg AABNYQAATmEAAFdhAABYYQAAImIAACNiAAAqYgAA82IAANIAAAAAAAAAAAAAAADSAAAAAAAA AAAAAAAAyQAAAAAAAAAAAAAAAMAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAwAAAAAAAAAAA AAAAAMAAAAAAAAAAAAAAAAC3AAAAAAAAAAAAAAAAtwAAAAAAAAAAAAAAAK4AAAAAAAAAAAAA AACuAAAAAAAAAAAAAAAApQAAAAAAAAAAAAAAAJwAAAAAAAAAAAAAAACTAAAAAAAAAAAAAAAA igAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAA+EoAVehKAFZ2RNUQ8AAAgAAA+E 0AJehNACZ2RNUQ8AAAiYAA+EoAVehKAFZ2SKMu0AAAgAAA+EoAVehKAFZ2QkBEsAAAiYAA+E 0AJehNACZ2SKMu0AAAiYAA+EoAVehKAFZ2SqcHQAAAiYAA+EoAVehKAFZ2RgeJYAAAiYAA+E 0AJehNACZ2RgeJYALQAADcYwF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAD4QAABJk8AABABSkAAAxJAA3JAA4JABIJABehAAAZ2RgeJYAAA8IYQAA G2EAADBhAAA7YQAAQmEAAEthAABNYQAATmEAAFJhAABTYQAAWGEAAGxhAABxYQAAdWEAAHlh AAB+YQAAf2EAAIBhAACWYQAA59XGrpzGjX5vYFlSWU5ZPjRZAAAAAAAAAAAAABMBCIEESAEA BWhKI2GHFmiFVugAHwAIgRVo0gSRABZoqUduABdohVboAGNIAQBkaEojYYcGFmiLHmcAAAwV aNIEkQAWaEpjbAAADBVo0gSRABZoqUduAAAcFWjSBJEAFmiKMu0AQ0oYAGFKGABtSAkEc0gJ BAAcFWjSBJEAFmgbGWsAQ0oYAGFKGABtSAkEc0gJBAAcFWjSBJEAFmgoGdMAQ0oYAGFKGABt SAkEc0gJBAAcFWjSBJEAFmiqcHQAQ0oYAGFKGABtSAkEc0gJBAAjAQiBBEgBAAVowxphZxZo RlmfAENKGABhShgAbUgJBHNICQQvAAiBFWjSBJEAFmhgeJYAF2hGWZ8AQ0oYAGFKGABjSAEA ZGjDGmFnbUgJBHNICQQcFWjSBJEAFmhgeJYAQ0oYAGFKGABtSAkEc0gJBAAjAQiBBEgBAAVo whphZxZoRlmfAENKGABhShgAbUgJBHNICQQvAAiBFWjSBJEAFmhgeJYAF2hGWZ8AQ0oYAGFK GABjSAEAZGjCGmFnbUgJBHNICQQAEpZhAAC1YQAAt2EAAMJhAADDYQAAxGEAAMZhAADQYQAA 1mEAANthAADcYQAA4GEAAORhAADpYQAA6mEAAOthAAD4YQAA+WEAAAFiAAAgYgAAImIAACNi AAAqYgAAOmIAAGViAABqYgAAa2IAAHBiAACSYgAAlmIAAPNiAAAYYwAA+fLi0sjB8vnB+fK9 8q2j8p/y+fKQiYKJ+XL5iWiJWQAAAAAAAAAAAAAAAAAAAAAAAAAcFWjSBJEAFmhpb8IAQ0oY AGFKGABtSAkEc0gJBAATAQiBBEgBAAVoyRphZxZoxCyZAB8ACIEVaNIEkQAWaCQESwAXaN0a hwBjSAEAZGjbHVpHDBVo0gSRABZopVjJAAAMFWjSBJEAFmhNUQ8AABwVaNIEkQAWaDEyygBD ShgAYUoYAG1ICQRzSAkEAAYWaFIl1QAAEwEIgQRIAQAFaEsjYYcWaIVW6AAfAAiBFWjSBJEA FmipR24AF2iFVugAY0gBAGRoSyNhhwYWaIseZwAADBVo0gSRABZoSmNsAAATAQiBBEgBAAVo xRphZxZoxCyZAB8ACIEVaNIEkQAWaEpjbAAXaMQsmQBjSAEAZGjFGmFnHwAIgRVo0gSRABZo qUduABdoxCyZAGNIAQBkaMUaYWcMFWjSBJEAFmipR24AAAwVaNIEkQAWaCQESwAf82IAABdj AAAYYwAAB2QAAAhkAAAmZAAAWmQAAIlkAAC1ZAAA5GQAAOVkAAAAZQAA9WUAAB1mAAB8ZgAA o2YAAEdnAABvZwAAfGgAAJZpAAD2AAAAAAAAAAAAAAAA9gAAAAAAAAAAAAAAAO0AAAAAAAAA AAAAAADtAAAAAAAAAAAAAAAA7QAAAAAAAAAAAAAAAO0AAAAAAAAAAAAAAADtAAAAAAAAAAAA AAAA5AAAAAAAAAAAAAAAAOQAAAAAAAAAAAAAAADtAAAAAAAAAAAAAAAA2wAAAAAAAAAAAAAA ANIAAAAAAAAAAAAAAADNAAAAAAAAAAAAAAAAxAAAAAAAAAAAAAAAAM0AAAAAAAAAAAAAAADE AAAAAAAAAAAAAAAAzQAAAAAAAAAAAAAAALsAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAD4TABl6EwAZnZOAsdAAACAAAD4TABl6E wAZnZLldzwAACAAAD4TABl6EwAZnZGB4lgAABAAAZ2RgeJYAAAgAAA+EEAVehBAFZ2SjDzUA AAgAAA+E0AJehNACZ2RgeJYAAAiYAA+EoAVehKAFZ2ReTgoAAAiYAA+EoAVehKAFZ2Rpb8IA AAiYAA+E0AJehNACZ2Rpb8IAABMYYwAAMmMAADxjAACdYwAAqmMAAKtjAADEYwAAxmMAAMhj AADhYwAABWQAAAhkAABlZAAAbWQAAH5kAACIZAAAiWQAAJRkAACcZAAAqmQAALRkAAC1ZAAA wGQAAMhkAADZZAAA42QAAOVkAAD0ZAAA/mQAABRlAAAeZQAAZGUAAItlAADx4vHTu9PxrJ2s jn/TjnCOf9OOcI5/045wjmliaVtpVAAAAAAMFWjSBJEAFmijDzUAAAwVaNIEkQAWaPRwQQAA DBVo0gSRABZopR5qAAAMFWjSBJEAFmhgeJYAABwVaNIEkQAWaIRo6ABDShgAYUoYAG1ICQRz SAkEABwVaNIEkQAWaPNznABDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaF5OCgBDShgAYUoY AG1ICQRzSAkEABwVaNIEkQAWaEICNQBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaHkWrQBD ShgAYUoYAG1ICQRzSAkEAC8ACIEVaNIEkQAWaKMPNQAXaN0ahwBDShgAYUoYAGNIAQBkaNsd WkdtSAkEc0gJBBwVaNIEkQAWaKMPNQBDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaMY39gBD ShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaNQr5QBDShgAYUoYAG1ICQRzSAkEIItlAACNZQAA rmUAAMxlAADNZQAA82UAAPRlAAD+ZQAA/2UAACxmAAAwZgAAhWYAAIZmAACjZgAAsmYAALZm AAARZwAAEmcAABNnAAAXZwAAJGcAAClnAAA/ZwAAQWcAAEZnAABQZwAAUWcAAP5nAAASaAAA IWgAACVoAAAoaAAAKWgAAD9oAABEaAAAU2gAAHloAAB7aAAAfGgAAPnp+dn52fnS+cv50vnE y8T5xMvEvcTLxPnS+bOpn7OVi4F3bYtjAAAAABMBCIEESAEABWhSK1qHFmi5Xc8AEwEIgQRI AQAFaBobYWcWaApZYgATAQiBBEgBAAVoFxthZxZoClliABMBCIEESAEABWgZG2FnFmgKWWIA EwEIgQRIAQAFaBYbYWcWaApZYgATAQiBBEgBAAVoFBthZxZo4lCDABMBCIEESAEABWgVG2Fn FmjiUIMAEwEIgQRIAQAFaBgbYWcWaApZYgATAQiBBEgBAAVoFBthZxZoClliAAwVaNIEkQAW aK8O5wAADBVo0gSRABZoh3rNAAAMFWjSBJEAFmgUJi4AAAwVaNIEkQAWaChE/wAAHwAIgRVo 0gSRABZoYHiWABdo4lCDAGNIAQBkaBEbYWcfAAiBFWjSBJEAFmhgeJYAF2jiUIMAY0gBAGRo EhthZwwVaNIEkQAWaGB4lgAmfGgAAIFoAACaaAAApGgAAKVoAACraAAArGgAALFoAAC2aAAA 3GgAAOFoAAD4aAAACGkAAAppAAAOaQAASWkAAExpAABfaQAAZ2kAAIhpAACUaQAAlWkAAJZp AAA7agAAQWoAAERqAABFagAAR2oAAFNqAABZagAAX2oAAMRqAADFagAAxmoAANZqAAD16PXe 9d713vXU9cr1wLastqz1wKKblIR6cHqUhHCUaZRaAAAAAAAAHBVo0gSRABZoYHiWAENKGABh ShgAbUgJBHNICQQADBVo0gSRABZorjROAAATAQiBBEgBAAVoHhthZxZoClliABMBCIEESAEA BWgdG2FnFmgKWWIAHwAIgRVo0gSRABZoKlQkABdoClliAGNIAQBkaB0bYWcMFWjSBJEAFmgq VCQAAAwVaNIEkQAWaJJXSgAAEwEIgQRIAQAFaF8rWocWaDIz1AATAQiBBEgBAAVoXStahxZo MjPUABMBCIEESAEABWhcK1qHFmjgLHQAEwEIgQRIAQAFaF4rWocWaDIz1AATAQiBBEgBAAVo VitahxZo4Cx0ABMBCIEESAEABWhhK1qHFmgyM9QAEwEIgQRIAQAFaFQrWocWaOAsdAAZAQiB BEgBAAVoUytahxVo0gSRABZo4Cx0ABMBCIEESAEABWhTK1qHFmjgLHQAACKWaQAAs2kAAMZq AADhagAA4moAAKxsAACtbAAAw2wAAMVsAAB8bQAAfW0AAJNtAACUbQAAMm4AAEhuAABJbgAA 3m4AAN9uAADvbgAA9QAAAAAAAAAAAAAAAOwAAAAAAAAAAAAAAADjAAAAAAAAAAAAAAAA4wAA AAAAAAAAAAAAANoAAAAAAAAAAAAAAADVAAAAAAAAAAAAAAAAzAAAAAAAAAAAAAAAAMwAAAAA AAAAAAAAAADDAAAAAAAAAAAAAAAAwwAAAAAAAAAAAAAAAMwAAAAAAAAAAAAAAADMAAAAAAAA AAAAAAAAugAAAAAAAAAAAAAAAMwAAAAAAAAAAAAAAADMAAAAAAAAAAAAAAAAsQAAAAAAAAAA AAAAAKwAAAAAAAAAAAAAAACiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKmAAGJAEPhKAF XoSgBWdk3RqHAAAEAABnZKpo7gAACJgAD4RwCF6EcAhnZJJEQgAACAAAD4RwCF6EcAhnZGB4 lgAACJgAD4RwCF6EcAhnZGB4lgAACJgAD4SgBV6EoAVnZGB4lgAABJgAZ2RgeJYAAAiYAA+E oAVehKAFZ2QEMiUAAAiYAA+E0AJehNACZ2RgeJYAAAgAAA+EwAZehMAGZ2T7YbUACgAABiQB D4QSBV6EEgVnZI1PHQAAEtZqAADfagAA4GoAAO9qAADwagAA8WoAAC9rAABGawAAR2sAAGBr AACDawAAr2sAAFFsAABSbAAAYmwAAGRsAABrbAAAbGwAAIZsAACIbAAAq2wAAMRsAADFbAAA Dm0AAPHi07up05qCmtNzmmSaVZpkmlWa00PTAAAAAAAAAAAAAAAAAAAAIhVo0gSRABZoYHiW ABdo7DmrAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoAXuaAENKGABhShgAbUgJBHNICQQA HBVo0gSRABZoTnrnAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoFCYuAENKGABhShgAbUgJ BHNICQQALwAIgRVo0gSRABZoBDIlABdo3RqHAENKGABhShgAY0gBAGRo2x1aR21ICQRzSAkE HBVo0gSRABZoBDIlAENKGABhShgAbUgJBHNICQQAIwEIgQRIAQAFaCEbYWcWaIo3dABDShgA YUoYAG1ICQRzSAkELwAIgRVo0gSRABZoYHiWABdoijd0AENKGABhShgAY0gBAGRoIRthZ21I CQRzSAkEHBVo0gSRABZoYHiWAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoxhOWAENKGABh ShgAbUgJBHNICQQAHBVo0gSRABZopR5qAENKGABhShgAbUgJBHNICQQXDm0AAA9tAAAWbQAA H20AACBtAAAlbQAANG0AADVtAABYbQAAXW0AAF5tAABjbQAAbG0AAG1tAABxbQAAk20AAJRt AADdbQAA3m0AAA5uAADnz72uz72ZropyimOuVK5COzQ7AAAAAAAMFWjSBJEAFmgtLO4AAAwV aNIEkQAWaGB4lgAAIhVo0gSRABZoYHiWABdojXd5AENKGABhShgAbUgJBHNICQQAHBVo0gSR ABZoX3LtAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZooR48AENKGABhShgAbUgJBHNICQQA LwAIgRVo0gSRABZohRPOABdo3RqHAENKGABhShgAY0gBAGRo2B1aR21ICQRzSAkEHBVo0gSR ABZohRPOAENKGABhShgAbUgJBHNICQQAKQEIgQRIAQAFaEQbYWcVaNIEkQAWaEY08QBDShgA YUoYAG1ICQRzSAkEHBVo0gSRABZoYHiWAENKGABhShgAbUgJBHNICQQAIwEIgQRIAQAFaEQb YWcWaEY08QBDShgAYUoYAG1ICQRzSAkELwAIgRVo0gSRABZoYHiWABdoRjTxAENKGABhShgA Y0gBAGRoRBthZ21ICQRzSAkELwAIgRVo0gSRABZoLSzuABdoRjTxAENKGABhShgAY0gBAGRo RBthZ21ICQRzSAkEABMObgAAE24AABRuAAAZbgAAI24AACduAAAybgAASG4AAEluAACSbgAA k24AALpuAAC/bgAAwG4AAMVuAADPbgAA024AAN1uAADebgAA324AAPnp+eLb1MWzxaTFlX2V bl/FUEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUFWjSBJEAFmiq aO4AQ0oUAGFKFAAAHBVo0gSRABZoqmjuAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoxhOW AENKGABhShgAbUgJBHNICQQAHBVo0gSRABZo5kVZAENKGABhShgAbUgJBHNICQQALwAIgRVo 0gSRABZohRPOABdo3RqHAENKGABhShgAY0gBAGRo2B1aR21ICQRzSAkEHBVo0gSRABZohRPO AENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoLSzuAENKGABhShgAbUgJBHNICQQAIhVo0gSR ABZoYHiWABdojXd5AENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoYHiWAENKGABhShgAbUgJ BHNICQQADBVo0gSRABZoYHiWAAAMFWjSBJEAFmjGE5YAAAwVaNIEkQAWaKEePAAAHwAIgRVo 0gSRABZohRPOABdo3RqHAGNIAQBkaNgdWkcMFWjSBJEAFmiFE84AE99uAADjbgAA5m4AAO5u AADvbgAA8G4AAPVuAAD5bgAAYW8AAHlvAAB6bwAAe28AAHxvAACebwAA7djG2K6Xg5dul1pF NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBVo0gSRABZoLSzuAENKGABQ SgAAYUoYAG1ICQRzSAkEACkBCIEESAEABWjSHVpHFWjSBJEAFmjdGocAQ0oYAGFKGABtSAkE c0gJBCcBCIEESAEABWjUHVpHFmhUMHkAQ0oYAFBKAABhShgAbUgJBHNICQQpAQiBBEgBAAVo 1B1aRxVo0gSRABZo3RqHAENKGABhShgAbUgJBHNICQQnAQiBBEgBAAVo1R1aRxZo3RqHAENK GABQSgAAYUoYAG1ICQRzSAkELQEIgQRIAQAFaNQdWkcVaNIEkQAWaN0ahwBDShgAUEoAAGFK GABtSAkEc0gJBC8BCIEESAEABWjSHVpHFWjSBJEAFmhUMHkAF2iNd3kAQ0oYAGFKGABtSAkE c0gJBCMBCIEESAEABWjTHVpHFmjdGocAQ0oYAGFKGABtSAkEc0gJBCkBCIEESAEABWjSHVpH FWjSBJEAFmhUMHkAQ0oYAGFKGABtSAkEc0gJBCMBCIEESAEABWjSHVpHFmjdGocAQ0oYAGFK GABtSAkEc0gJBAAN724AAPBuAAB7bwAAfG8AAIJvAACDbwAAEHAAABFwAAAScAAAQ3AAAERw AAA0cQAAPXIAAN1zAACadAAAtnQAALd0AAD1AAAAAAAAAAAAAAAA7AAAAAAAAAAAAAAAAOMA AAAAAAAAAAAAAADZAAAAAAAAAAAAAAAAzwAAAAAAAAAAAAAAAMYAAAAAAAAAAAAAAADGAAAA AAAAAAAAAAAAxgAAAAAAAAAAAAAAAL0AAAAAAAAAAAAAAAC9AAAAAAAAAAAAAAAAtAAAAAAA AAAAAAAAAKwAAAAAAAAAAAAAAACkAAAAAAAAAAAAAAAArAAAAAAAAAAAAAAAAJsAAAAAAAAA AAAAAACbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI mAAPhNACXoTQAmdkpFMwAAgAAAomAQtGLABnZKVYyQAIAAAKJgELRiwAZ2T1UjQAAAgAAA+E EAVehBAFZ2Qmb18AAAiYAA+E0AJehNACZ2Qmb18AAAiYAA+EoAVehKAFZ2T1UjQACpgABiQB D4SgBV6EoAVnZB9sZwAKmAAGJAEPhNACXoTQAmdkH2xnAAAImAAPhHAIXoRwCGdk3RqHAAAI mAAPhHAIXoRwCGdkVDB5AAqYAAYkAQ+EoAVehKAFZ2TdGocAABCebwAAo28AAOFvAADwbwAA 8W8AAPZvAAAOcAAAEnAAABZwAAAXcAAAHXAAAB5wAAAocAAAQXAAAEJwAABEcAAAT3AAAFdw AABecAAAYnAAAGZwAABncAAA797Ns82k3pOId5Nok1doUElQQlA7AAAAAAAAAAAADBVo0gSR ABZolGoRAAAMFWjSBJEAFmgtLO4AAAwVaNIEkQAWaKVYyQAADBVo0gSRABZoJm9fAAAgFWjS BJEAFmhFezcAQ0oYAFBKAABhShgAbUgJBHNICQQAHBVo0gSRABZoJm9fAENKGABhShgAbUgJ BHNICQQAIBVo0gSRABZolGoRAENKGABQSgAAYUoYAG1ICQRzSAkEABQVaNIEkQAWaJRqEQBt SAkEc0gJBAAgFWjSBJEAFmgmb18AQ0oYAFBKAABhShgAbUgJBHNICQQAHBVo0gSRABZohRPO AENKGABhShgAbUgJBHNICQQAMwAIgRVo0gSRABZohRPOABdo3RqHAENKGABQSgAAYUoYAGNI AQBkaNkdWkdtSAkEc0gJBCAVaNIEkQAWaIUTzgBDShgAUEoAAGFKGABtSAkEc0gJBAAgFWjS BJEAFmgtLO4AQ0oYAFBKAABhShgAbUgJBHNICQQAIBVo0gSRABZopVjJAENKGABQSgAAYUoY AG1ICQRzSAkEFWdwAABocAAAbHAAAAZxAAAzcQAANHEAADZxAABJcQAAVHEAAFlxAABbcQAA XHEAAGNxAABkcQAAaHEAAGlxAABqcQAAbnEAAIpxAACLcQAAjXEAAJZxAACXcQAAnnEAAJ9x AACqcQAAq3EAAKxxAACwcQAAx3EAAMlxAAD+cQAABHIAAAVyAADv6OHa0ce9s6mfs6mVjujv 6I6HfXZva2Rv6O/ob3Zvdl0AAAAAAAAAAAAAAAAAAAAAAAwVaNIEkQAWaAIVSwAADBVo0gSR ABZoHkGBAAAGFmgeQYEAAAwVaNIEkQAWaOUGdAAADBVo0gSRABZotE+yAAASFWjSBJEAFmgB e5oAd2gAAOkAAAwVaNIEkQAWaAF7mgAADBVo0gSRABZoIz8CAAASFWjSBJEAFmhOeucAd2gA AOkAABIVaNIEkQAWaEElFQB3aAAA6QAAEhVo0gSRABZoIz8CAHdoAADpAAASFWjSBJEAFmhR YsYAd2gAAOkAABIVaNIEkQAWaPMKOQB3aAAA6QAAEhVo0gSRABZohGjoAHdoAADpAAAQFWjS BJEAFmjzCjkAUEoAAAAMFWjSBJEAFmjzCjkAAAwVaNIEkQAWaCZvXwAADBVo0gSRABZolGoR AAAfAAiBFWjSBJEAFmiUahEAF2jdGocAY0gBAGRo2h1aRwAhBXIAAAZyAAAKcgAAJHIAACdy AAA8cgAAPXIAAD9yAABscgAAbXIAAHJyAABzcgAAd3IAAHhyAACGcgAAkHIAAJNyAACdcgAA q3IAAKxyAACwcgAAtXIAALZyAAC6cgAAXHMAAO/o4drh08m/ta6ertOXkImCfndwZlNmSQAA AAAAAAAAAAAAAAAAAAAAAAAAAAASFWjSBJEAFmjwSVgAd2gAAOkAACUACIEVaNIEkQAWaHwp rQAXaN0ahwBjSAEAZGjaHVpHd2gAAOkAEhVo0gSRABZofCmtAHdoAADpAAAMFWjSBJEAFmjw SVgAAAwVaNIEkQAWaB5BgQAABhZoHkGBAAAMFWjSBJEAFmiEaOgAAAwVaNIEkQAWaAF7mgAA DBVo0gSRABZoIwWIAAAMFWjSBJEAFmi1eocAAB8ACIEVaNIEkQAWaHwprQAXaN0ahwBjSAEA ZGjaHVpHDBVo0gSRABZofCmtAAASFWjSBJEAFmhOeucAd2gAAOkAABIVaNIEkQAWaCM/AgB3 aAAA6QAAEhVo0gSRABZohGjoAHdoAADpAAAMFWjSBJEAFmgjPwIAAAwVaNIEkQAWaHJWmgAA DBVo0gSRABZotE+yAAAMFWjSBJEAFmgCFUsAAB8ACIEVaNIEkQAWaAIVSwAXaN0ahwBjSAEA ZGjaHVpHABhccwAAXXMAAF5zAACCcwAAg3MAAKFzAACrcwAA3HMAAN1zAAAMdAAADXQAABJ0 AAATdAAAF3QAADN0AAA2dAAAQHQAAE50AABPdAAAU3QAAFh0AABZdAAAXXQAAF50AABydAAA fHQAAH10AACBdAAAmXQAAJp0AAD27OXe183Xxryyq5urxpSNiYKNq3KrjWhhV2iNTQAAAAAA EhVo0gSRABZoJm9fAHdoAADpAAASFWjSBJEAFmhecwoAd2gAAOkAAAwWaF5zCgB3aAAA6QAA EhVo0gSRABZowRpLAHdoAADpAAAfAAiBFWjSBJEAFmh8Ka0AF2jdGocAY0gBAGRo2x1aRwwV aNIEkQAWaB5BgQAABhZoHkGBAAAMFWjSBJEAFmjBGksAAAwVaNIEkQAWaAF7mgAAHwAIgRVo 0gSRABZofCmtABdo3RqHAGNIAQBkaNodWkcMFWjSBJEAFmh8Ka0AABIVaNIEkQAWaE565wB3 aAAA6QAAEhVo0gSRABZohGjoAHdoAADpAAAMFWjSBJEAFmiEaOgAABMBCIEESAEABWiGG2Fn Fmh3EE8ADBVo0gSRABZopVjJAAAMFWjSBJEAFmj9fOkAAAwVaNIEkQAWaJ0e5gAAEhVo0gSR ABZo/XzpAHdoAADpAAASFWjSBJEAFmjzCjkAd2gAAOkAHZp0AACkdAAAtHQAALV0AAC3dAAA znQAAM90AADWdAAA93QAABZ1AAAbdQAAQ3UAAER1AABfdQAAYXUAAGR1AABodQAAfHUAAIV1 AADx4M/xyMG6wbOkkoBxYlZEVjUAAAAAAAAAAAAAAAAcFWjSBJEAFmgeIXsAQ0oYAGFKGABt SAkEc0gJBAAjAQiBBEgBAAVo9gpbZxZoBTGjAENKGABhShgAbUgJBHNICQQWFmhSJdUAQ0oY AGFKGABtSAkEc0gJBAAcFWjSBJEAFmgBe5oAQ0oYAGFKGABtSAkEc0gJBAAcFWjSBJEAFmhI XEgAQ0oYAGFKGABtSAkEc0gJBAAiFWjSBJEAFmhOeucAQ0oYAGFKGABtSAkEc0gJBHdoAADp AAAiFWjSBJEAFmhIXEgAQ0oYAGFKGABtSAkEc0gJBHdoAADpAAAcFWjSBJEAFmjfBQMAQ0oY AGFKGABtSAkEc0gJBAAMFWjSBJEAFmg5ABYAAAwVaNIEkQAWaCsjHAAADBVo0gSRABZopFMw AAAMFWjSBJEAFmhtSiQAACAVaNIEkQAWaEV7NwBDShgAUEoAAGFKGABtSAkEc0gJBAAgFWjS BJEAFmikUzAAQ0oYAFBKAABhShgAbUgJBHNICQQAHBVo0gSRABZopFMwAENKGABhShgAbUgJ BHNICQQSt3QAABZ1AADBdQAAwnUAAMN1AAAIdgAATXYAAI92AADRdgAAE3cAAFV3AACXdwAA 2XcAABt4AABdeAAAn3gAAKB4AAAJeQAAuXkAALp5AAD/eQAA9gAAAAAAAAAAAAAAAO0AAAAA AAAAAAAAAADoAAAAAAAAAAAAAAAA3wAAAAAAAAAAAAAAANkAAAAAAAAAAAAAAADZAAAAAAAA AAAAAAAA0QAAAAAAAAAAAAAAANEAAAAAAAAAAAAAAADRAAAAAAAAAAAAAAAA0QAAAAAAAAAA AAAAANEAAAAAAAAAAAAAAADRAAAAAAAAAAAAAAAA0QAAAAAAAAAAAAAAANEAAAAAAAAAAAAA AADKAAAAAAAAAAAAAAAAxQAAAAAAAAAAAAAAALwAAAAAAAAAAAAAAACzAAAAAAAAAAAAAAAA swAAAAAAAAAAAAAAAK4AAAAAAAAAAAAAAAAAAAAAAASYAGdkfCmtAAAImAAPhBAFXoQQBWdk fCmtAAAIAAAPhBAFXoQQBWdkHBFAAAAEAABnZD5gbQAABgAAFKQAAGdkMD7NAAgAAAYkARSk AABnZB8omgAGmAAGJAFnZB8omgAACJgAD4QQBV6EEAVnZPVSNAAABJgAZ2RlNs8AAAiYAA+E EAVehBAFZ2RlNs8AAAgAAA+EEAVehBAFZ2RlNs8AABSFdQAAhnUAAIp1AACUdQAApXUAAK11 AACzdQAAt3UAALh1AAC/dQAAwHUAAMN1AADHdQAATXYAAJ94AACgeAAApHgAAOx4AAAIeQAA 8eLTwrHCoMKPgHFiU0xFPjc+AAAAAAAAAAAAAAAAAAAAAAwVaNIEkQAWaDkAFgAADBVo0gSR ABZo8kpYAAAMFWjSBJEAFmg+YG0AAAwVaNIEkQAWaDA+zQAAHBVo0gSRABZoMD7NAENKGABh ShgAbUgJBHNICQQAHBVoHBd4ABZoOQAWAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZohEPC AENKGABhShgAbUgJBHNICQQAHBVo0gSRABZoIRkpAENKGABhShgAbUgJBHNICQQAIBVo0gSR ABZoIRkpAENKGABQSgAAYUoYAG1ICQRzSAkEACAVaNIEkQAWaEhcSABDShgAUEoAAGFKGABt SAkEc0gJBAAgFWjSBJEAFmhlNs8AQ0oYAFBKAABhShgAbUgJBHNICQQAIBVo0gSRABZoOQAW AENKGABQSgAAYUoYAG1ICQRzSAkEABwVaNIEkQAWaDkAFgBDShgAYUoYAG1ICQRzSAkEABwV aNIEkQAWaEhcSABDShgAYUoYAG1ICQRzSAkEABwVaNIEkQAWaHwprQBDShgAYUoYAG1ICQRz SAkEEgh5AAAJeQAADnkAADZ5AAA3eQAAPHkAAFd5AABZeQAAXHkAAGB5AAB0eQAAfHkAAIx5 AAC3eQAARHoAAB6AAABLgAAATIAAAGSAAABmgAAAhYAAAPnq2Mau6p+TgZNy6mHq+VdNV0M8 AAAAAAAAAAAAAAAAAAAAAAwWaFIl1QB3aAAA6QAAEhVo0gSRABZoAXuaAHdoAADpAAASFWjS BJEAFmhOeucAd2gAAOkAABIVaNIEkQAWaPBJWAB3aAAA6QAAIBVo0gSRABZofCmtAENKGABQ SgAAYUoYAG1ICQRzSAkEABwVaNIEkQAWaB4hewBDShgAYUoYAG1ICQRzSAkEACMBCIEESAEA BWj2CltnFmgFMaMAQ0oYAGFKGABtSAkEc0gJBBYWaFIl1QBDShgAYUoYAG1ICQRzSAkEABwV aNIEkQAWaAF7mgBDShgAYUoYAG1ICQRzSAkEAC8ACIEVaNIEkQAWaHwprQAXaAUxowBDShgA YUoYAGNIAQBkaPYKW2dtSAkEc0gJBCIVaNIEkQAWaE565wBDShgAYUoYAG1ICQRzSAkEd2gA AOkAACIVaNIEkQAWaHwprQBDShgAYUoYAG1ICQRzSAkEd2gAAOkAABwVaNIEkQAWaHwprQBD ShgAYUoYAG1ICQRzSAkEAAwVaNIEkQAWaHwprQAU/3kAAER6AACGegAAyHoAAAp7AABMewAA jnsAANB7AAASfAAAVHwAAJZ8AADYfAAAGn0AAFx9AACefQAA4H0AACJ+AABkfgAApn4AAOh+ AAAqfwAAbH8AAK5/AACvfwAAHoAAAPoAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAA AAAAAAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAA AAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAA AAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAA APMAAAAAAAAAAAAAAADzAAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADz AAAAAAAAAAAAAAAA4wAAAAAAAAAAAAAAAPMAAAAAAAAAAAAAAADaAAAAAAAAAAAAAAAA0QAA AAAAAAAAAAAAAAAAAAAAAAAIAAAPhBAFXoQQBWdkfCmtAAAIAAAPhAAAXoQAAGdkfCmtAAAP AAANxgcB0CYBBicADoSm/xSkAABdhKb/Z2R8Ka0AAAYAABSkAABnZHwprQAABJgAZ2R8Ka0A ABiFgAAAjYAAAI+AAACTgAAAnYAAAK6AAAC2gAAAyYAAAMqAAADLgAAAVIEAAJiBAACggQAA rIEAALaBAAAaggAAG4IAAECCAABBggAAboIAAG+CAACKggAAjIIAAKuCAACzggAAtYIAALmC AAD27OXa0cjR7LqrpJekl6SNpIZ8cmheV/ZoUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA DBVo0gSRABZohTv0AAAMFmhSJdUAd2gAAOkAABIVaNIEkQAWaAF7mgB3aAAA6QAAEhVo0gSR ABZohTv0AHdoAADpAAASFWjSBJEAFmhOeucAd2gAAOkAABIVaNIEkQAWaAMH/QB3aAAA6QAA DBVo0gSRABZofCmtAAASFWjSBJEAFmiBVi4Ad2gAAOkAABgVaNIEkQAWaIFWLgBQSgUAbkgE CHRIBAgADBVo0gSRABZogVYuAAAcFWjSBJEAFmiBVi4AQ0oYAGFKGABtSAkEc0gJBAAaFWjS BJEAFmiBVi4AbUgJBHNICQR3aAAA6QAAEBVo0gSRABZoSS5LAFBKAAAAEBVo0gSRABZo8ElY AFBKAAAAFBVo0gSRABZo8ElYAG5IEQR0SBEEAAwVaNIEkQAWaPBJWAAAEhVo0gSRABZo8ElY AHdoAADpAAASFWjSBJEAFmgeIXsAd2gAAOkAGh6AAADKgAAAD4EAAFSBAACWgQAA2IEAABqC AAAbggAAQYIAAPCCAAA1gwAAeoMAALyDAAD+gwAAQIQAAEGEAADwAAAAAAAAAAAAAAAA6wAA AAAAAAAAAAAAAOsAAAAAAAAAAAAAAADkAAAAAAAAAAAAAAAA5AAAAAAAAAAAAAAAAOQAAAAA AAAAAAAAAADZAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAAAMcAAAAAAAAAAAAAAADCAAAAAAAA AAAAAAAAwgAAAAAAAAAAAAAAALsAAAAAAAAAAAAAAAC7AAAAAAAAAAAAAAAAuwAAAAAAAAAA AAAAALIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAgAAA+EAABehAAAZ2T1UjQAAAYAABSkAABnZChlJQAABJgAZ2QoZSUAAAgAAA+E EAVehBAFZ2T1UjQAAAgAAA+EEAVehBAFZ2QeIXsAAAoAADEkADckADgkAEgkAGdk9VI0AAAG AAAUpAAAZ2SBVi4AAASYAGdkgVYuAAAOAAAPhBAFMSQANyQAOCQASCQAXoQQBWdk9VI0AAAP uYIAAMOCAADUggAA3IIAAO+CAADwggAA8YIAAPSCAAB6gwAAvIMAAMiDAADKgwAA3IMAAOKD AABAhAAAQYQAAEqEAABShAAAQYUAAEKFAABEhQAAmIUAAJmFAACjhQAAs4UAAPXs4+zZy7yt pp2UnZSdjYZ/hnVlhlpTRAAAAAAAAAAAAAAAABwVaNIEkQAWaJox2ABeSgYAYUoYAG5IEQR0 SBEEAAwVaNIEkQAWaJox2AAAFBVo0gSRABZoRXs3AG5IEQR0SBEEAB8ACIEVaNIEkQAWaLo+ jwAXaLMS9QBjSAEAZGhn/FpHEwEIgQRIAQAFaGf8WkcWaLMS9QAMFWjSBJEAFmgSWGQAAAwV aNIEkQAWaLo+jwAADBVo0gSRABZoyVEEAAAQFWjSBJEAFmgNOz8AUEoAAAAQFWjSBJEAFmgo ZSUAUEoAAAAMFWjSBJEAFmgoZSUAABwVaNIEkQAWaChlJQBDShgAYUoYAG1ICQRzSAkEABwV aNIEkQAWaG1NFABDShgAYUoYAG1ICQRzSAkEABoVaNIEkQAWaChlJQBtSAkEc0gJBHdoAADp AAASFWjSBJEAFmiFO/QAd2gAAOkAABAVaNIEkQAWaKVRfABQSgAAABAVaNIEkQAWaIU79ABQ SgAAABQVaNIEkQAWaIU79ABuSBEEdEgRBBhBhAAAmYUAAJqFAACzhQAA5IYAAGSHAACfhwAA AIkAAI6JAADmjAAA040AAAGPAAAskgAAHJMAAHmTAAD+kwAA0gAAAAAAAAAAAAAAAMYAAAAA AAAAAAAAAADBAAAAAAAAAAAAAAAAvAAAAAAAAAAAAAAAALcAAAAAAAAAAAAAAACyAAAAAAAA AAAAAAAArQAAAAAAAAAAAAAAAKgAAAAAAAAAAAAAAACoAAAAAAAAAAAAAAAAqAAAAAAAAAAA AAAAAKMAAAAAAAAAAAAAAACeAAAAAAAAAAAAAAAAowAAAAAAAAAAAAAAAJkAAAAAAAAAAAAA AACRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAomAQtG KQBnZKNfWwAABAAAZ2ShJBUAAAQAAGdkJBqOAAAEAABnZGs7YwAABAAAZ2Q2EokAAAQAAGdk ViK6AAAEAgBnZApSKAAABAAAZ2TSBJEAAAQAAGdkmjHYAAAEAgBnZJox2AAACwAAAyQDD4QA AF6EAABhJANnZJox2AAtAAANxjAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuw HGAeECDAIXAjICXQJgAPhKAFEmTwAAEAFKQAADEkADckADgkAEgkAF6EoAVnZB4hewAAD7OF AAD4hgAA+oYAACyHAAAthwAAUIcAAFWHAABWhwAAW4cAAGOHAABkhwAAfYcAAIaHAACHhwAA iocAAJOHAACUhwAAnYcAAJ6HAACfhwAA0YcAANWHAADYhwAA9ef12dHAr6HRl4yBdmtga1Vg jEpCSgAAAAAAAAAAAAAAAAAAAAAAAA4WaNZG5QBuSAQIdEgECAAUFWjSBJEAFmgGAsMAbkgE CHRIBAgAFBVo0gSRABZosmmJAF5KBgBhShgAABQVaNIEkQAWaFYiugBeSgYAYUoYAAAUFWjS BJEAFmgUBl8AXkoGAGFKGAAAFBVo0gSRABZowA+kAG5IEQR0SBEEABQVaNIEkQAWaNwsjwBu SBEEdEgRBAAUFWjSBJEAFmgKUigAXkoGAGFKGAAAEhVo0gSRABZoggYaAHdoAADpAAAbAQiB BEgBAAVooxthZxZoBGlAAG5IEQR0SBEEIQAIgRZoi2AjABdoBGlAAGNIAQBkaKMbYWduSBEE dEgRBCEACIEWaIBC9AAXaARpQABjSAEAZGijG2FnbkgRBHRIEQQOFmiLYCMAbkgRBHRIEQQA GhVo0gSRABZo0gSRABdo0gSRAG5IEQR0SBEEABsBCIEESAEABWiiG2FnFmgEaUAAbkgRBHRI EQQUFWjSBJEAFmiaMdgAbkgRBHRIEQQW2IcAAOGHAAADiAAAEogAACCIAAAqiAAAaYgAAHOI AAB0iAAAfYgAAH+IAACYiAAAoogAAMOIAADdiAAA44gAAOeIAADoiAAA7IgAAP2IAAD/iAAA AIkAACyJAAA2iQAAOYkAADqJAAA7iQAAP4kAAFSJAABjiQAAaokAAG6JAACNiQAAjokAAJSJ AAD16vXj2OPU49TjzcLNwrevt8K3wvWkmZLjguOSe6RwpGVeAAAAAAAAAAAAAAAAAAAMFWjS BJEAFmgTIAQAABUVaNIEkQAWaDYSiQBCKgFwaAAAAAAUFWjSBJEAFmh7QLwAbkgECHRIBAgA DBVo0gSRABZoe0C8AAAfAAiBFWjSBJEAFmhWIroAF2gEaUAAY0gBAGRopBthZwwVaNIEkQAW aOsWrAAAFBVo0gSRABZo6xasAG5IEQR0SBEEABQVaNIEkQAWaOsWrABuSAQIdEgECAAOFmjW RuUAbkgRBHRIEQQAFBVo0gSRABZoKx3hAG5IEQR0SBEEABQVaNIEkQAWaCcf8QBuSBEEdEgR BAAMFWjSBJEAFmgnH/EAAAYWaNZG5QAAFBVo0gSRABZoViK6AG5IEQR0SBEEAAwVaNIEkQAW aFYiugAAFBVo0gSRABZoBgLDAG5IBAh0SAQIABQVaNIEkQAWaFYiugBuSAQIdEgECCKUiQAA lYkAAJaJAACaiQAAy4kAAM+JAADTiQAA34kAAOGJAADniQAA6okAAA+KAAAVigAAFooAABqK AAArigAALIoAAFqKAABbigAAXooAAGCKAABvigAAg4oAAIeKAACMigAAjYoAAKaKAACsigAA rYoAALGKAADPigAA0IoAANGKAADVigAA94oAABGLAAA2iwAAPIsAAD2LAABBiwAAUosAAFOL AABfiwAAYIsAAGGLAABliwAAl4sAAKWLAAC5iwAAwosAAMOLAAD56fni+d754tfQ18nXwte7 17vXu9e0rbSttPm0prT5lvm0j9f516bXu9f5lvnXiIG7+QAAAAAMFWjSBJEAFmgld1oAAAwV aNIEkQAWaEkpSwAADBVo0gSRABZo2WUMAAAfAAiBFWjSBJEAFmgeN9AAF2h0MycAY0gBAGRo qRthZwwVaNIEkQAWaGs7YwAADBVo0gSRABZofm+MAAAMFWjSBJEAFmj5WN8AAAwVaNIEkQAW aGEGwwAADBVo0gSRABZoTirhAAAMFWjSBJEAFmieQQ4AAAwVaNIEkQAWaE0J1AAADBVo0gSR ABZo/QwRAAAGFmiLHmcAAAwVaNIEkQAWaBMgBAAAHwAIgRVo0gSRABZoHjfQABdoBGlAAGNI AQBkaKQbYWcMFWjSBJEAFmgeN9AAMsOLAADEiwAAyIsAAMmLAADOiwAA34sAAOCLAADpiwAA 6osAAPSLAAD1iwAAG4wAAByMAAAdjAAAIYwAACeMAAAwjAAARYwAAFKMAABUjAAAVYwAAFaM AABajAAAcIwAAHWMAACajAAAm4wAAKqMAACrjAAAxIwAAMWMAADIjAAAyYwAAMqMAADOjAAA 2owAANuMAADfjAAA4IwAAOGMAADjjAAA5IwAAOWMAADmjAAABo0AAO/o4drT4czhzOHT6O/o 08W+t+iw4bC+qb6ivqK+opvo7+ibopTohOi+m31yAAAAABQVaNIEkQAWaDYSiQBuSAQIdEgE CAAMFWjSBJEAFmhRJtAAAB8ACIEVaNIEkQAWaB430AAXaHQzJwBjSAEAZGisG2FnDBVo0gSR ABZoWUxYAAAMFWjSBJEAFmheTPQAAAwVaNIEkQAWaE565wAADBVo0gSRABZoAHLPAAAMFWjS BJEAFmjtJIYAAAwVaNIEkQAWaAUfVgAADBVo0gSRABZoSSlLAAAMFWjSBJEAFmgHHoMAAAwV aNIEkQAWaNUalwAADBVo0gSRABZoJXdaAAAMFWjSBJEAFmhfCzIAAAwVaNIEkQAWaGEGwwAA DBVo0gSRABZoHjfQAAAfAAiBFWjSBJEAFmgeN9AAF2h0MycAY0gBAGRoqRthZwAsBo0AAAeN AAAMjQAAFo0AABmNAAAajQAAG40AAB+NAAB4jQAAeY0AAHqNAACJjQAAio0AAI+NAACajQAA oo0AAKONAACkjQAAyY0AAMqNAADMjQAA0I0AANGNAADSjQAA040AAOaNAADnjQAAAo4AAAOO AAAejgAAJI4AAC2OAABbjgAAXI4AAHWOAACnjgAAqY4AAKqOAACzjgAA744AAPKOAAAAjwAA FI8AABWPAAAtjwAA8ebb1M29zdS2r9Svq9Sk1K/Unaukq53UmZKZkpmOmZJ+knp2enZ6cnqZ kpkAAAAABhZonRviAAAGFmj4R3YAAAYWaCQajgAAHwAIgRVo0gSRABZoA031ABdodDMnAGNI AQBkaKobYWcGFmiqT7MAAAwVaNIEkQAWaANN9QAABhZoA031AAAMFWjSBJEAFmgBe5oAAAwV aNIEkQAWaG0HCgAABhZobQcKAAAMFWjSBJEAFmhOeucAAAwVaNIEkQAWaEpjbAAAHwAIgRVo 0gSRABZoHjfQABdodDMnAGNIAQBkaKkbYWcMFWjSBJEAFmgeN9AAAAwVaNIEkQAWaDYSiQAA FBVo0gSRABZoNhKJAG5IEQR0SBEEABQVaNIEkQAWaDYSiQBuSAQIdEgECAAbAQiBBEgBAAVo rRthZxZodDMnAG5IBAh0SAQIACwtjwAALo8AADOPAAA0jwAAT48AAFCPAABTjwAAVY8AAIeP AACOjwAAwY8AAMWPAADGjwAAy48AAN+PAADqjwAA7I8AAP2PAAAIkAAARpAAAFGQAACakAAA m5AAAJyQAACdkAAAnpAAAJ+QAACwkAAA55AAAOqQAADrkAAAmJEAAM+RAAAFkgAAKpIAACuS AAAskgAAS5IAAFSSAAD59fn1+fXu5+7n4NDg58bnvK+roauXq4qXq5ervK+r54N/5/V4cQAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBVo0gSRABZoMjVhAAAMFWjSBJEAFmij X1sAAAYWaPhHdgAADBVo0gSRABZoaztjAAAZAAiBFmgkGo4AF2gYalYAY0gBAGRoQdNiJxMB CIEESAEABWhB02InFmgYalYAEwEIgQRIAQAFaDvTYicWaJAtPAAGFmgkGo4AABkACIEWaCQa jgAXaBhqVgBjSAEAZGhA02InEwEIgQRIAQAFaEDTYicWaBhqVgATAQiBBEgBAAVoRNNiJxZo GGpWAB8ACIEVaNIEkQAWaB430AAXaHQzJwBjSAEAZGiqG2FnDBVo0gSRABZoHjfQAAAMFWjS BJEAFmgjN2gAAAwVaNIEkQAWaARALwAABhZoA031AAAMFWjSBJEAFmgDTfUAJlSSAABVkgAA VpIAAIySAACNkgAAjpIAABuTAAAckwAAIJMAACGTAAAikwAAW5MAAFyTAABdkwAAYZMAAIKT AACDkwAAhJMAAIWTAACdkwAAn5MAALqTAAC/kwAAypMAANKTAADXkwAA4pMAAPuTAAD8kwAA /ZMAAAeUAAAIlAAA7+Xe7+Xe19DAttCvn6/QmIh+0HfQcGnQYtBi0FtimAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAADBVo0gSRABZoEDaiAAAMFWjSBJEAFmihJBUAAAwVaNIEkQAWaJIqtQAA DBVo0gSRABZoTEfFAAAMFWjSBJEAFmgBe5oAABMBCIEESAEABWg1HGFnFmjkRjwAHwAIgRVo 0gSRABZoABkZABdo5EY8AGNIAQBkaDUcYWcMFWjSBJEAFmhOeucAAB8ACIEVaNIEkQAWaH5L 7AAXaHQzJwBjSAEAZGiqG2FnDBVo0gSRABZofkvsAAATAQiBBEgBAAVoEBxhZxZoxwTXAB8A CIEVaNIEkQAWaAAZGQAXaMcE1wBjSAEAZGgQHGFnDBVo0gSRABZoABkZAAAMFWjSBJEAFmgj N2gAAAwVaNIEkQAWaDI1YQAAEwEIgQRIAQAFaA4cYWcWaPIOagAfAAiBFWjSBJEAFmgyNWEA F2jyDmoAY0gBAGRoDhxhZwAfCJQAAAmUAAAKlAAAI5QAACWUAAB7lAAAfpQAAIqUAAAllQAA VpUAAG6VAACElQAAjJUAAJCVAACllQAAt5UAALmVAAC6lQAAu5UAAMSVAADFlQAAxpUAAMeV AADglQAA4pUAAO2VAAAClgAAEpYAABaWAAAXlgAAJpYAADqWAABjlgAAZJYAABCXAAB/lwAA qZcAALaXAAC4lwAAuZcAALqXAADHlwAAz5cAANCXAADv5d7X3tDe0MnFycXJxcnFvq6+p66d vte+0L6Wvo++j77QycXJxdC+iIFxAAAAAAAAAB8ACIEVaNIEkQAWaGAQNgAXaIVW6ABjSAEA ZGhLI2GHDBVo0gSRABZoe0BJAAAMFWjSBJEAFmgfYSQAAAwVaNIEkQAWaJIqtQAADBVo0gSR ABZoTEfFAAATAQiBBEgBAAVoNhxhZxZo5EY8AAwVaNIEkQAWaE565wAAHwAIgRVo0gSRABZo ABkZABdo5EY8AGNIAQBkaDYcYWcMFWjSBJEAFmgAGRkAAAYWaGBx/wAADBVo0gSRABZoYHH/ AAAMFWjSBJEAFmiXEaUAAAwVaNIEkQAWaAF7mgAADBVo0gSRABZooSQVAAATAQiBBEgBAAVo NRxhZxZo5EY8AB8ACIEVaNIEkQAWaKEkFQAXaORGPABjSAEAZGg1HGFnACv+kwAAupUAALqX AAA7mAAASJkAAAObAAAgnAAA/pwAALaeAACWnwAAJKAAADKhAAALogAAKaMAAL+kAAAwpgAA BqkAAKivAACPsAAA9wAAAAAAAAAAAAAAAPcAAAAAAAAAAAAAAADyAAAAAAAAAAAAAAAA6gAA AAAAAAAAAAAAAOoAAAAAAAAAAAAAAADiAAAAAAAAAAAAAAAA2gAAAAAAAAAAAAAAANoAAAAA AAAAAAAAAADSAAAAAAAAAAAAAAAAzQAAAAAAAAAAAAAAAOoAAAAAAAAAAAAAAADFAAAAAAAA AAAAAAAAvQAAAAAAAAAAAAAAALUAAAAAAAAAAAAAAACwAAAAAAAAAAAAAAAAqAAAAAAAAAAA AAAAAKAAAAAAAAAAAAAAAACbAAAAAAAAAAAAAAAAAAQAAGdkejVmAAgAAAomAAtGKABnZGYr JwAIAAAKJgALRigAZ2Q8EzoAAAQAAGdkvlNQAAgAAAomAAtGKABnZNQ1qAAIAAAKJgALRigA Z2S6TPAACAAACiYAC0YoAGdkNwo+AAAEAABnZNQ1qAAIAAAKJgALRigAZ2SZexoACAAACiYA C0YoAGdkfHGZAAgAAAomAAtGKABnZIkEYAAIAAAKJgALRigAZ2RWO1kAAAQAAGdk+EC4AAgA AAomAQtGKQBnZCofLAAAEtCXAADRlwAA55cAAOiXAADrlwAA7JcAAO2XAAD2lwAABZgAAAiY AAAPmAAAJJgAACWYAAA4mAAAOZgAADqYAAA7mAAAPZgAAFiYAABmmAAAZ5gAAGyYAABwmAAA cZgAAIyYAAD17ufg0Ma/4Oe457Gqo5OxjIWMfmtbS0QAAAAAAAAAAAAAAAAMFWjSBJEAFmhW O1kAAB8ACIEVaNIEkQAWaFY7WQAXaAsO8QBjSAEAZGg5I2GHHwAIgRVo0gSRABZoVjtZABdo JFZ4AGNIAQBkaDgjYYclAAiBFWjSBJEAFmhWO1kAF2gkVngAY0gBAGRoOCNhh3doAADpAAwV aNIEkQAWaE565wAADBVo0gSRABZoym4TAAAMFWjSBJEAFmgHKK0AAB8ACIEVaNIEkQAWaJZ3 QQAXaORGPABjSAEAZGg5HGFnDBVo0gSRABZocivAAAAMFWjSBJEAFmhSS6AAAAwVaNIEkQAW aHxxmQAADBVo0gSRABZotmUWAAAMFWjSBJEAFmjJEeUAABMBCIEESAEABWhYI2GHFmjVbzQA HwAIgRVo0gSRABZoyRHlABdo1W80AGNIAQBkaFgjYYcMFWjSBJEAFmgNdoMAAAwVaNIEkQAW aB9hJAAADBVo0gSRABZoYBA2AAATAQiBBEgBAAVoSyNhhxZohVboAAAYjJgAAI2YAACQmAAA kZgAALWYAAC5mAAAyJgAAMmYAADKmAAAzZgAAM6YAADPmAAA05gAAP2YAAAQmQAAFJkAAB+Z AAAmmQAAMJkAAECZAABGmQAASJkAAHOZAAB0mQAAeZkAAH2ZAADv6OHa09rMvMy8sszaq6Ta nZKJgNp5cl9PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfAAiBFWjSBJEAFmhWO1kA F2gkVngAY0gBAGRoOSNhhyUACIEVaNIEkQAWaFY7WQAXaCRWeABjSAEAZGg5I2GHd2gAAOkA DBVo0gSRABZoTnrnAAAMFWjSBJEAFmjXd8UAABAVaNIEkQAWaNMgJQBQSgAAABAVaNIEkQAW aGJsFABQSgAAABQVaNIEkQAWaGJsFABuSBEEdEgRBAAMFWjSBJEAFmgdXJ8AAAwVaNIEkQAW aAcorQAADBVo0gSRABZoDm4oAAATAQiBBEgBAAVoOiNhhxZoCw7xAB8ACIEVaNIEkQAWaBUm 4AAXaAsO8QBjSAEAZGg6I2GHDBVo0gSRABZoFSbgAAAMFWjSBJEAFmjoMzAAAAwVaNIEkQAW aFY7WQAADBVo0gSRABZox3M1AAAMFWjSBJEAFmgBe5oAAB8ACIEVaNIEkQAWaFY7WQAXaOtn eABjSAEAZGhvI2GHABl9mQAAfpkAAJaZAACXmQAAmpkAAJuZAAAYmgAAGZoAABqaAAA7mgAA PpoAAE6aAABVmgAAWZoAAF6aAABfmgAAaZoAAHSaAAB1mgAAe5oAAHyaAACCmgAAg5oAAKua AACsmgAAz5oAANCaAADRmgAAA5sAAC6bAAAvmwAANJsAADmbAADv6NjRyui6sOjK6MqejJ7K g3qDeoPK6HPourDobGVS7yUACIEVaNIEkQAWaFY7WQAXaAsO8QBjSAEAZGg5I2GHd2gAAOkA DBVo0gSRABZoTnrnAAAMFWjSBJEAFmg4WUsAAAwVaNIEkQAWaDkxTAAAEBVo0gSRABZoMC5y AFBKAAAAEBVo0gSRABZox3M1AFBKAAAAIwAIgRVo0gSRABZo+VzeABdoCw7xAFBKAABjSAEA ZGhCI2GHIwAIgRVo0gSRABZox3M1ABdoCw7xAFBKAABjSAEAZGhCI2GHEwEIgQRIAQAFaEoU YUcWaDk+HQAfAAiBFWjSBJEAFmhWO1kAF2g5Ph0AY0gBAGRoShRhRwwVaNIEkQAWaMdzNQAA DBVo0gSRABZoAXuaAAAfAAiBFWjSBJEAFmhWO1kAF2irap8AY0gBAGRobyNhhwwVaNIEkQAW aFY7WQAAHwAIgRVo0gSRABZoVjtZABdoCw7xAGNIAQBkaDkjYYcAIDmbAABUmwAAVZsAAFib AABZmwAAfZsAAICbAACBmwAAsZsAAMCbAADLmwAAzJsAANubAAAHnAAACJwAAB2cAAAenAAA H5wAACCcAAAunAAANZwAAIKcAACPnAAAlJwAAKqcAACunAAAzpwAAM+cAADSnAAA/ZwAAP6c AAAenQAAMp0AAFydAAB4nQAAfJ0AAH2dAAD56eLb+dvUy8XL1MXL1Mu++bewqbCim5SNlNR+ y9R3cHdwd2AAAAAAAAAAAB8ACIEVaNIEkQAWaB1cnwAXaIVW6ABjSAEAZGhJI2GHDBVo0gSR ABZopyKfAAAMFWjSBJEAFmgdXJ8AABwVaNIEkQAWaHprEwBPSgcAUEoFAFFKBwBeSgcAAAwV aNIEkQAWaM06QgAADBVo0gSRABZoH2EkAAAMFWjSBJEAFmh2M78AAAwVaNIEkQAWaHxxmQAA DBVo0gSRABZoVSsxAAAMFWjSBJEAFmj+coAAAAwVaNIEkQAWaCBNGQAADBVo0gSRABZoiQRg AAAKFmgSd/gAUEoFAAAQFWjSBJEAFmh6axMAUEoFAAAMFWjSBJEAFmh6axMAAAwVaNIEkQAW aEofTwAADBVo0gSRABZoAXuaAAAfAAiBFWjSBJEAFmhWO1kAF2irap8AY0gBAGRocCNhhwwV aNIEkQAWaFY7WQAkfZ0AAH6dAAAFngAACZ4AAAqeAAAvngAAMJ4AADyeAAA9ngAAVp4AAFue AABcngAAbJ4AAG2eAAB/ngAAgJ4AALSeAAC1ngAAtp4AALieAADdngAA4Z4AAOeeAAD6ngAA +54AAAafAAAbnwAAIJ8AAEWfAABGnwAAVZ8AAFafAABbnwAAZp8AAG+fAABwnwAAjp8AAI+f AACUnwAAlZ8AAJafAACrnwAA9e7n4O7Z7tnu0tnSyNLZ7sHuurOss7qlnpeQl9mJ2YmXgtmJ 2YmXe3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwVaNIEkQAWaDZ/MQAADBVo0gSRABZowTOC AAAMFWjSBJEAFmjEBvYAAAwVaNIEkQAWaDVYJwAADBVo0gSRABZo/iq+AAAMFWjSBJEAFmh1 YwYAAAwVaNIEkQAWaGJqRAAADBVo0gSRABZo5iVqAAAMFWjSBJEAFmjNOkIAAAwVaNIEkQAW aE88hAAADBVo0gSRABZofHGZAAAMFWjSBJEAFmiZH38AABIVaNIEkQAWaEpjbAAXaEpjbAAA DBVo0gSRABZoSmNsAAAMFWjSBJEAFmhOeucAAAwVaNIEkQAWaHFN3wAADBVo0gSRABZoLC4v AAAMFWjSBJEAFmgdXJ8AABMBCIEESAEABWhJI2GHFmiFVugAACmrnwAArJ8AALWfAAC5nwAA w58AAMyfAADNnwAA0J8AANGfAADanwAA358AAOmfAADznwAA9p8AAA+gAAAioAAAJKAAAE+g AABQoAAAVaAAAFmgAAB2oAAAeaAAAH2gAACgoAAAo6AAALOgAAC9oAAA5qAAAPXo4dHhysO5 rMOcw8qVjpWHgG1djlaOT45PSE8MFWjSBJEAFmjoMzAAAAwVaNIEkQAWaFY7WQAADBVo0gSR ABZoAXuaAAAfAAiBFWjSBJEAFmhSS6AAF2iFVugAY0gBAGRoTCNhhyUACIEVaNIEkQAWaFJL oAAXaIVW6ABjSAEAZGhMI2GHd2gAAOkADBVo0gSRABZoTnrnAAAMFWjSBJEAFmj7Vm4AAAwV aNIEkQAWaFJLoAAADBVo0gSRABZo1DWoAAAfAAiBFWjSBJEAFmjJEeUAF2jVbzQAY0gBAGRo VyNhhxkBCIEESAEABWhXI2GHFWjSBJEAFmjVbzQAEwEIgQRIAQAFaFcjYYcWaNVvNAAMFWjS BJEAFmgNdoMAAAwVaNIEkQAWaDZ/MQAAHwAIgRVo0gSRABZoyRHlABdohVboAGNIAQBkaE0j YYcMFWjSBJEAFmhgEDYAABkBCIEESAEABWhNI2GHFWjSBJEAFmiFVugAEwEIgQRIAQAFaE0j YYcWaIVW6AAAHOagAAAQoQAAGqEAADGhAAAyoQAAXaEAAF6hAABjoQAAZ6EAAIGhAACEoQAA iKEAAKuhAACvoQAABKIAAAWiAAAGogAACqIAAAuiAAAoowAAKaMAAA+kAAATpAAAFKQAAD2k AAA+pAAASqQAAEykAABjpAAAaKQAAGmkAABqpAAAdKQAAPnu5d7X0L2t3qaf3p/ej4XegX12 b2hhb9Bvpm9ab9BvAAAAAAAAAAAAAAAAAAAAAAwVaNIEkQAWaEpjbAAADBVo0gSRABZocU3f AAAMFWjSBJEAFmidNJkAAAwVaNIEkQAWaP8sOgAADBVo0gSRABZoDi83AAAGFmhRYuYAAAYW aBN7pwAAEwEIgQRIAQAFaEoUYUcWaDk+HQAfAAiBFWjSBJEAFmhWO1kAF2g5Ph0AY0gBAGRo ShRhRwwVaNIEkQAWaFJLoAAADBVo0gSRABZoAXuaAAAfAAiBFWjSBJEAFmhWO1kAF2iFVugA Y0gBAGRoTCNhhyUACIEVaNIEkQAWaFY7WQAXaIVW6ABjSAEAZGhMI2GHd2gAAOkADBVo0gSR ABZoTnrnAAAMFWjSBJEAFmhPEikAAAwVaNIEkQAWaFY7WQAAEBVo0gSRABZo6DMwAFBKAAAA FBVo0gSRABZo6DMwAG5IEQR0SBEEAAwVaNIEkQAWaOgzMAAgdKQAAHykAACJpAAAi6QAAL6k AAC/pAAAMKYAADimAABjpgAAa6YAAHumAACJpgAAmaYAAMWmAAASpwAAE6cAACWnAAAypwAA QKcAAE6nAAC6qAAA06gAANioAADcqAAA4KgAAASpAAAGqQAADakAADWpAAA9qQAATakAAFup AACHqQAAiakAANupAAD58uvy5NrQ2sa8srzaqJ6UntqK2oDadtp22mzaYtpi2ljaAAATAQiB BEgBAAVoSRNbhxZoaEUaABMBCIEESAEABWhGE1uHFmhoRRoAEwEIgQRIAQAFaDoTW4cWaAJN GAATAQiBBEgBAAVoQxNbhxZoaEUaABMBCIEESAEABWhCE1uHFmhoRRoAEwEIgQRIAQAFaEUT W4cWaGhFGgATAQiBBEgBAAVoQRNbhxZoaEUaABMBCIEESAEABWhAE1uHFmhoRRoAEwEIgQRI AQAFaEATW4cWaAJNGAATAQiBBEgBAAVoOxNbhxZoAk0YABMBCIEESAEABWgsE1uHFmgCTRgA EwEIgQRIAQAFaEQTW4cWaGhFGgATAQiBBEgBAAVoNxNbhxZoAk0YABMBCIEESAEABWgsE1uH FmhmKycADBVo0gSRABZo1DWoAAAMFWjSBJEAFmgBe5oAAAwVaNIEkQAWaP8sOgAADBVo0gSR ABZoZGt7ACLbqQAAS6oAAFWqAABjqgAAfasAAIirAACuqwAA2qsAADCsAAA3rAAAS6wAAJus AADwrQAANq4AADeuAABvrgAAcK4AAHKuAACYrgAAoa4AAMuuAADMrgAADq8AAA+vAAAjrwAA J68AAKivAADgrwAA4a8AAPXr4evX683r1+vD67nrqZmJqXmpealpqVmpSZkAAB8ACIEVaNIE kQAWaHo1ZgAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZocU3fABdoZisnAGNIAQBkaCkT W4cfAAiBFWjSBJEAFminOHcAF2hmKycAY0gBAGRoKRNbhx8ACIEVaNIEkQAWaB1cnwAXaGYr JwBjSAEAZGgpE1uHHwAIgRVo0gSRABZogwmIABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEA Fmigd+AAF2hmKycAY0gBAGRoKRNbhx8ACIEVaNIEkQAWaOsAhAAXaGYrJwBjSAEAZGgpE1uH EwEIgQRIAQAFaEwTW4cWaGhFGgATAQiBBEgBAAVoSxNbhxZoaEUaABMBCIEESAEABWhNE1uH FmgYJw0AEwEIgQRIAQAFaEoTW4cWaGhFGgATAQiBBEgBAAVoSRNbhxZoaEUaABMBCIEESAEA BWgsE1uHFmhmKycAEwEIgQRIAQAFaEgTW4cWaGhFGgAAHOGvAADirwAAHLEAAB2xAAAssQAA LrEAAEaxAABHsQAAZbEAAGexAABxsQAAcrEAAI6xAACPsQAAmLEAAJmxAACdsQAALbIAADKy AACHsgAAi7IAAIyyAADLsgAAzLIAANiyAADasgAA97IAAPyyAAD9sgAA/rIAAO/fz9+/38/f v9+vna+Le2vfW99ba9/P37/fS9/PAB8ACIEVaNIEkQAWaEpjbAAXaGYrJwBjSAEAZGgpE1uH HwAIgRVo0gSRABZoF1+fABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmhxTd8AF2hmKycA Y0gBAGRoKRNbhx8ACIEVaNIEkQAWaJ1L1QAXaGYrJwBjSAEAZGgpE1uHIwAIgRVo0gSRABZo nUvVABdoZisnAFBKBQBjSAEAZGgpE1uHIwAIgRVo0gSRABZoHQT1ABdoZisnAFBKBQBjSAEA ZGgpE1uHHwAIgRVo0gSRABZoHQT1ABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmgBe5oA F2hmKycAY0gBAGRoKRNbhx8ACIEVaNIEkQAWaE565wAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo 0gSRABZoiWKTABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmh6NWYAF2hmKycAY0gBAGRo KRNbhwAdj7AAAEKyAADhswAAyLQAAMC1AAA0twAANbcAADa3AABOtwAAGLgAAFK7AACduwAA sbsAACe8AAA/vAAAXrwAAJa8AAD3AAAAAAAAAAAAAAAA9wAAAAAAAAAAAAAAAPIAAAAAAAAA AAAAAADqAAAAAAAAAAAAAAAA6gAAAAAAAAAAAAAAAN8AAAAAAAAAAAAAAADfAAAAAAAAAAAA AAAA2gAAAAAAAAAAAAAAANUAAAAAAAAAAAAAAADQAAAAAAAAAAAAAAAA0AAAAAAAAAAAAAAA AMsAAAAAAAAAAAAAAADGAAAAAAAAAAAAAAAAwQAAAAAAAAAAAAAAALwAAAAAAAAAAAAAAAC8 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAElwBnZAonZQAABAIAZ2TuKgoAAAQAAGdkmHLmAAAEAQBnZCNZBQAABAAAZ2QtNYEA AAQAAGdkzDxEAAAEAQBnZHk+HgAACgAAD4SvARSkAABehK8BZ2QGFBsACAAACiYAC0YoAGdk lkE/AAAEAABnZJZBPwAIAAAKJgALRigAZ2Tmc7gAABD+sgAACLMAABOzAAAVswAANrMAAEOz AABHswAAVLMAAOGzAAAbtAAAEbUAABa1AABVtQAAVrUAAGW1AABntQAAf7UAAIC1AACetQAA oLUAAKW1AACztQAAt7UAAL+1AAAFtgAACbYAAAq2AABUtgAAVbYAAGG2AABjtgAA79/P37+v v9+fj3+Pb4/Pj2+Pz49fr1+PT6+Pb4/PAAAAAB8ACIEVaNIEkQAWaJZBPwAXaGYrJwBjSAEA ZGgpE1uHHwAIgRVo0gSRABZoymi0ABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmhOeucA F2hmKycAY0gBAGRoKRNbhx8ACIEVaNIEkQAWaC1CTAAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo 0gSRABZo6wCEABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmjmc7gAF2hmKycAY0gBAGRo KRNbhx8ACIEVaNIEkQAWaHFN3wAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZo1ECRABdo ZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmgBe5oAF2hmKycAY0gBAGRoKRNbhx8ACIEVaNIE kQAWaIlikwAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZoSmNsABdoZisnAGNIAQBkaCkT W4cAHmO2AAB6tgAAf7YAAIC2AACBtgAAi7YAAJO2AACgtgAAorYAAMK2AADQtgAA1LYAAOC2 AAD1tgAACLcAADK3AAAztwAANLcAADa3AABOtwAAjrcAAO/f78/vv++v75+Pn39vf19YUUpD AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBVo0gSRABZoGxDhAAAMFWjSBJEAFmgZ b28AAAwVaNIEkQAWaMAL2QAADBVo0gSRABZo6wCEAAAfAAiBFWjSBJEAFmiWQT8AF2hmKycA Y0gBAGRoLBNbhx8ACIEVaNIEkQAWaIFcHAAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZo lkE/ABdoZisnAGNIAQBkaCkTW4cfAAiBFWjSBJEAFmhxTd8AF2hmKycAY0gBAGRoKRNbhx8A CIEVaNIEkQAWaOB14AAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZoAXuaABdoZisnAGNI AQBkaCkTW4cfAAiBFWjSBJEAFmhka3sAF2hmKycAY0gBAGRoKRNbhx8ACIEVaNIEkQAWaE56 5wAXaGYrJwBjSAEAZGgpE1uHHwAIgRVo0gSRABZoSmNsABdoZisnAGNIAQBkaCkTW4cfAAiB FWjSBJEAFmjrAIQAF2hmKycAY0gBAGRoKRNbhwAUjrcAAJS3AACitwAAo7cAAOG3AADitwAA 5rcAAOe3AADotwAA67cAAO+3AADytwAA9rcAAPu3AAD9twAAFbgAABa4AAAXuAAAGLgAABu4 AAAluAAAL7gAAO/l2NHHt9Gto5ati4Byx2dTSEE6QQAAAAAAAAAMFWjSBJEAFmgLT/sAAAwV aNIEkQAWaLc9WwAAFBVo0gSRABZowH41AG5IEQR0SBEEACcACIEVaNIEkQAWaHA9EQAXaOl1 vwBjSAEAZGiNI2GHbkgRBHRIEQQUFWjSBJEAFmjMPEQAbkgRBHRIEQQAGwEIgQRIAQAFaIwj YYcWaOl1vwBuSBEEdEgRBBQVaNIEkQAWaC9YTQBuSBEEdEgRBAAUFWjSBJEAFmgYVX0AbkgR BHRIEQQAGQEIgQRIAQAFaHrTYicVaNtQkQAWaNtQkQATAQiBBEgBAAVoetNiJxZo21CRABMB CIEESAEABWh502InFmjbUJEAHwAIgRVo0gSRABZoGxDhABdo6XW/AGNIAQBkaIwjYYcTAQiB BEgBAAVojCNhhxZo6XW/AAwVaNIEkQAWaBsQ4QAAGQEIgQRIAQAFaIsjYYcVaNIEkQAWaOl1 vwATAQiBBEgBAAVoiyNhhxZo6XW/AB8ACIEVaNIEkQAWaBsQ4QAXaOl1vwBjSAEAZGiLI2GH ABUvuAAAMLgAAE64AABPuAAAUrgAAJC4AACRuAAAlLgAAKO4AAAOuQAAKLkAADS5AABQuQAA UrkAAI+5AACuuQAAsrkAALO5AADhuQAAdroAAHe6AAC8ugAAvboAAAq7AAALuwAAnLsAAJ27 AACxuwAAJ7wAAD28AAD17uTU7s3uze7Nxs3utqaZiaZ/dX91f3V/bmdgVQAAAAAAAAAAAAAA AAAAAAAAAAAAABQVaNIEkQAWaIpOnQBeSgYAYUoYAAAMFWjSBJEAFmiYcuYAAAwVaNIEkQAW aCNZBQAADBVo0gSRABZoFCLPAAATAQiBBEgBAAVoX9NiJxZoLTWBABMBCIEESAEABWhe02In FmgtNYEAHwAIgRVo0gSRABZo5ygyABdoLTWBAGNIAQBkaGLTYicZAAiBFmjnKDIAF2gtNYEA Y0gBAGRoYtNiJx8ACIEVaNIEkQAWaAtP+wAXaC01gQBjSAEAZGhi02InHwAIgRVo0gSRABZo tz1bABdoLTWBAGNIAQBkaGLTYicMFWjSBJEAFmi7INUAAAwVaNIEkQAWaAtP+wAAHwAIgRVo 0gSRABZotz1bABdoLTWBAGNIAQBkaF3TYicTAQiBBEgBAAVoXdNiJxZoLTWBAAwVaNIEkQAW aLc9WwAAEwEIgQRIAQAFaFzTYicWaJZwoAAAHT28AAA+vAAAP7wAAJa8AACXvAAApbwAAK28 AACxvAAAvrwAAL+8AADWvAAA17wAAPG8AABRvQAAU70AAFS9AABVvQAAgb0AAIK9AACDvQAA hb0AAI+9AACavQAAnr0AAJ+9AACgvQAAob0AAKS9AAD16uPa0ci/tr/RrdGk0ZiMgIyYjNF3 yGVZyEcAAAAjAAiBFWjSBJEAFmgyXmgAF2jya1AAUEoAAGNIAQBkaAskYYcXAQiBBEgBAAVo lCNhhxZoMFAAAFBKAAAjAAiBFWjSBJEAFmgyXmgAF2gwUAAAUEoAAGNIAQBkaJQjYYcQFWjS BJEAFmgXEkcAUEoAAAAXAQiBBEgBAAVokiNhhxZo6XW/AFBKAAAXAQiBBEgBAAVokSNhhxZo 6XW/AFBKAAAXAQiBBEgBAAVoCiRhhxZo8mtQAFBKAAAQFWjSBJEAFmiYcuYAUEoAAAAQFWjS BJEAFmi2ZRYAUEoAAAAQFWjSBJEAFmgtac8AUEoAAAAQFWjSBJEAFmi/ZYwAUEoAAAAQFWjS BJEAFmgyXmgAUEoAAAAQFWjSBJEAFmjXGbkAUEoAAAAQFWjSBJEAFmgKJ2UAUEoAAAAMFWjS BJEAFmgKJ2UAABQVaNIEkQAWaJlWHgBeSgYAYUoYAAAUFWjSBJEAFmgwTFAAXkoGAGFKGAAb lrwAAJe8AABSvQAAU70AAIK9AAC1vQAA7b0AACC+AABTvgAAgr4AAIO+AACEvgAAnb4AAMYA AAAAAAAAAAAAAADGAAAAAAAAAAAAAAAAxgAAAAAAAAAAAAAAAMYAAAAAAAAAAAAAAADGAAAA AAAAAAAAAAAAxgAAAAAAAAAAAAAAAMYAAAAAAAAAAAAAAACNAAAAAAAAAAAAAAAAjQAAAAAA AAAAAAAAAMYAAAAAAAAAAAAAAADGAAAAAAAAAAAAAAAAiAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAABAIAZ2RDYlcAADgAAA3GWxawAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG2Ae ECDAIXAjICXQJg+UAygHvApQDuQReBUMGTQgyCNcJ/AqhC4YMqw1QDkAAAAAAAAAAAAAAAAA AAASZPAAAQAUpAAAZ2TuMIEAADgAAA3GWxawAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAX UBkAG2AeECDAIXAjICXQJg+UAygHvApQDuQReBUMGTQgyCNcJ/AqhC4YMqw1QDkAAAAAAAAA AAAAAAAAAAASZPAAAQAUpAAAZ2S2ZRYAAAykvQAArr0AALK9AAC0vQAAtb0AALa9AAC3vQAA xb0AAM+9AADSvQAA2L0AANm9AADcvQAA5r0AAOy9AADtvQAA7r0AAPC9AAD1vQAACL4AAAm+ AAAKvgAAC74AAAy+AAAPvgAAFr4AAB++AAAgvgAAIb4AACO+AAA7vgAA9+7i99bi983iu/ep 9533keKI7n9tYX9Pf2HukeKIAAAAACMACIEVaNIEkQAWaDJeaAAXaPJrUABQSgAAY0gBAGRo CyRhhxcBCIEESAEABWiVI2GHFmgwUAAAUEoAACMACIEVaNIEkQAWaDJeaAAXaDBQAABQSgAA Y0gBAGRolSNhhxAVaNIEkQAWaDJeaABQSgAAABAVaNIEkQAWaO4wgQBQSgAAABcBCIEESAEA BWgLJGGHFmjya1AAUEoAABcBCIEESAEABWiUI2GHFmgwUAAAUEoAACMACIEVaNIEkQAWaNcZ uQAXaPJrUABQSgAAY0gBAGRoCyRhhyMACIEVaNIEkQAWaDJeaAAXaOl1vwBQSgAAY0gBAGRo kiNhhxAVaNIEkQAWaP48hABQSgAAABcBCIEESAEABWgKJGGHFmjya1AAUEoAABcBCIEESAEA BWiSI2GHFmjpdb8AUEoAABAVaNIEkQAWaBcSRwBQSgAAABAVaNIEkQAWaNcZuQBQSgAAHju+ AAA8vgAAPb4AAD6+AAA/vgAAQr4AAEm+AABSvgAAU74AAFS+AACBvgAAgr4AAIO+AACEvgAA m74AAJy+AACdvgAAob4AAKK+AACjvgAAr74AALC+AAC5vgAA9+XZ98f32buvo5qRiHlqeWFP QzphiAAAEBVo0gSRABZoWBeJAFBKAAAAFwEIgQRIAQAFaEsjYYcWaIVW6ABQSgAAIwAIgRVo 0gSRABZoWBeJABdohVboAFBKAABjSAEAZGhLI2GHEBVo0gSRABZoYDMHAFBKAAAAHBVo0gSR ABZoMExQAF5KBgBhShgAbkgRBHRIEQQAHBVo0gSRABZoQ2JXAF5KBgBhShgAbkgRBHRIEQQA EBVo0gSRABZoQ2JXAFBKAAAAEBVo0gSRABZolQF3AFBKAAAAEBVo0gSRABZoMFAAAFBKAAAA FwEIgQRIAQAFaJYjYYcWaDBQAABQSgAAFwEIgQRIAQAFaAskYYcWaPJrUABQSgAAFwEIgQRI AQAFaJYjYYcWaO4wgQBQSgAAIwAIgRVo0gSRABZoMl5oABdo8mtQAFBKAABjSAEAZGgLJGGH FwEIgQRIAQAFaJUjYYcWaDBQAABQSgAAIwAIgRVo0gSRABZoMl5oABdoMFAAAFBKAABjSAEA ZGiVI2GHEBVo0gSRABZoMl5oAFBKAAAWub4AALq+AAC7vgAAvr4AAL++AADEvgAA4b4AAOK+ AADjvgAA5b4AAPS+AAD5vgAA+r4AAGC/AABhvwAAYr8AALq/AAC7vwAAvL8AACfAAAAowAAA KcAAACrAAABBwAAAQsAAAEPAAAB+wAAAjsAAAKTAAAD37OHs1uzh7MvAy7HAn7GSscvAh351 al9qWFFYAAAAAAAAAAAAAAAAAAAAAAAADBVo0gSRABZo3yk8AAAMFWjSBJEAFmh4BxwAABQV aNIEkQAWaDBMUABeSgYAYUoYAAAUFWjSBJEAFmjFCuYAXkoGAGFKGAAAEBVo0gSRABZo/jyE AFBKAAAAEBVo0gSRABZoxQrmAFBKAAAAFBVo0gSRABZoeE+JAG5IEQR0SBEEABgVaNIEkQAW aIkqVAAwSkUAbkgRBHRIEQQAIwIIgQNqyggAAAYIARVo0gSRABZowkapAFUIAW5IEQR0SBEE HQNqAAAAABVo0gSRABZoiSpUAFUIAW5IEQR0SBEEFBVo0gSRABZoiSpUAG5IEQR0SBEEABQV aNIEkQAWaDJeaABuSBEEdEgRBAAUFWjSBJEAFmg9dRMAbkgRBHRIEQQAFBVo0gSRABZoMExQ AG5IEQR0SBEEABQVaNIEkQAWaENiVwBuSBEEdEgRBAAQFWjSBJEAFmgwTFAAUEoAABydvgAA KMAAACnAAAAqwAAAQ8AAAGLAAACnwAAAY8EAAMYAAAAAAAAAAAAAAACNAAAAAAAAAAAAAAAA jQAAAAAAAAAAAAAAAIgAAAAAAAAAAAAAAACDAAAAAAAAAAAAAAAAfgAAAAAAAAAAAAAAAHkA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAABnZGEdZQAABJcAZ2RhHWUAAASXAGdkeAccAAAE AgBnZMUK5gAAOAAADcZbFrABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbYB4QIMAh cCMgJdAmD5QDKAe8ClAO5BF4FQwZNCDII1wn8CqELhgyrDVAOQAAAAAAAAAAAAAAAAAAABJk 8AABABSkAABnZLZlFgAAOAAADcZbFrABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAb YB4QIMAhcCMgJdAmD5QDKAe8ClAO5BF4FQwZNCDII1wn8CqELhgyrDVAOQAAAAAAAAAAAAAA AAAAABJk8AABABSkAABnZGsmtwAAB6TAAAClwAAApsAAALbAAAC3wAAAxsAAAMfAAABiwQAA Y8EAANjCAADZwgAAFcMAABbDAAAXwwAAJsMAACfDAAAzwwAANMMAADnDAABgwwAAYcMAAGLD AABlwwAAbsMAAM/DAADRwwAA0sMAAM/EAADQxAAA58QAAO/EAADyxAAA9cQAAPfEAAAExQAA K8UAAETFAABFxQAAS8UAAEzFAABgxQAAccUAAMfFAADIxQAA/8UAAD7GAAD58vnr2Ov52M/G z8C3sOuw66mworCisJuwlJuNm4Z/hpuUm5SblI2UeJSNlJsAAAAAAAAAAAAAAAwVaNIEkQAW aGRrewAADBVo0gSRABZo5zX1AAAMFWjSBJEAFmh6TCcAAAwVaNIEkQAWaEVc0AAADBVo0gSR ABZosX9PAAAMFWjSBJEAFmhaa0oAAAwVaNIEkQAWaDBMUAAADBVo0gSRABZoC3yXAAAMFWjS BJEAFmjFCuYAABAVaOYNiQAWaOYNiQBQSgAAAAoWaGEdZQBQSgAAABAVaOYNiQAWaEVc0ABQ SgAAABAVaOYNiQAWaGEdZQBQSgAAACUVaNIEkQAWaGEdZQBCKgFPSggAUEoFAFFKCABeSggA cGgAAAAADBVo0gSRABZoTnrnAAAMFWjSBJEAFmh4BxwAAAwVaNIEkQAWaGEdZQAtY8EAAGTB AACiwQAA4MEAAB7CAABcwgAAmsIAANjCAAAWwwAAF8MAANDDAADRwwAAD8QAAE3EAACLxAAA ycQAAAfFAABFxQAAg8UAAMHFAAD/xQAAxgAAAAAAAAAAAAAAAMYAAAAAAAAAAAAAAADGAAAA AAAAAAAAAAAAxgAAAAAAAAAAAAAAAMYAAAAAAAAAAAAAAADGAAAAAAAAAAAAAAAAxgAAAAAA AAAAAAAAAMYAAAAAAAAAAAAAAADGAAAAAAAAAAAAAAAAwQAAAAAAAAAAAAAAALwAAAAAAAAA AAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAA AAAAsgAAAAAAAAAAAAAAALIAAAAAAAAAAAAAAACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAA ALIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKlwAGJAEPhK8BXoSvAWdksX9PAAAElwBnZMUK 5gAABAAAZ2RhHWUAADgAAA3GWxawAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG2Ae ECDAIXAjICXQJg+UAygHvApQDuQReBUMGTQgyCNcJ/AqhC4YMqw1QDkAAAAAAAAAAAAAAAAA AAASZPAAAQAUpAAAZ2TmDYkAABT/xQAAPcYAAD7GAAA/xgAAUMYAAO3GAADuxgAA+cYAAA7H AAB/xwAALMgAAJnIAAA1yQAA68kAAIfKAAAtywAA0MsAAGbMAADGzAAAx8wAAPoAAAAAAAAA AAAAAAD6AAAAAAAAAAAAAAAA9QAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAADnAAAAAAAAAAAA AAAA5wAAAAAAAAAAAAAAAOIAAAAAAAAAAAAAAADdAAAAAAAAAAAAAAAA2AAAAAAAAAAAAAAA ANMAAAAAAAAAAAAAAADOAAAAAAAAAAAAAAAAyQAAAAAAAAAAAAAAAMQAAAAAAAAAAAAAAAC/ AAAAAAAAAAAAAAAAugAAAAAAAAAAAAAAALUAAAAAAAAAAAAAAAC1AAAAAAAAAAAAAAAAsAAA AAAAAAAAAAAAALoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASjAGdk CExVAAAEowBnZBM8bAAABKMAZ2TsK0oAAAQkAGdk/hcHAAAEJABnZO04vgAABCQAZ2QvLTAA AASjAGdk21CRAAAEowBnZC8tMAAABCQAZ2QtUcYAAAQCAGdkSVO4AAAEAQBnZElTuAAACJgA D4SwAV6EsAFnZH5M1gAABAEAZ2SyMboAAASXAGdk/jyEAAAElwBnZFprSgAAEz7GAAA/xgAA TsYAAE/GAABQxgAAfcYAAIHGAACQxgAAm8YAAJzGAAChxgAAtcYAAMXGAADRxgAA4cYAAOrG AADsxgAA7cYAAO7GAAD5xgAADscAABLHAAD38Oni08fTuKnHqZqLfG18XqlXTD0AAAAAAAAA AAAAAAAAHBVo0gSRABZoL1hNAG1ICQRuSBEEc0gJBHRIEQQAFBVo0gSRABZoSVO4AF5KBgBh ShgAAAwVaNIEkQAWaHk+HgAAHBVo0gSRABZoG0I2AENKGABhShgAbUgJBHNICQQAHBVo0gSR ABZoeXCmAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZo6krHAENKGABhShgAbUgJBHNICQQA HBVo0gSRABZo+GMvAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZo91k4AENKGABhShgAbUgJ BHNICQQAHBVo0gSRABZofkzWAENKGABhShgAbUgJBHNICQQAHBVo0gSRABZohGlkAENKGABh ShgAbUgJBHNICQQAFhZoqVA2AENKGABhShgAbUgJBHNICQQAHBVo0gSRABZo7HpSAENKGABh ShgAbUgJBHNICQQADBVo0gSRABZoOW9CAAAMFWjSBJEAFmgKJ2UAAAwVaNIEkQAWaLIxugAA EBVo0gSRABZoOz8IAFBKAAAVEscAACXHAAAmxwAAXscAAF/HAAB/xwAAgMcAABzIAAAlyAAA K8gAACzIAABhyAAAYsgAAJjIAACZyAAAvsgAAN3IAADtyAAA7sgAABnJAAAayQAAS8kAAEzJ AADPyQAA0MkAAOnJAADx4vHi8dTDtcOnloiWd2hZaOJo4mjiaOJoAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwVaNIEkQAWaGFSXwBtSAkEbkgR BHNICQR0SBEEABwVaNIEkQAWaO04vgBtSAkEbkgRBHNICQR0SBEEACEBCIEESAEABWhx02In FWjSBJEAFmjbUJEAbUgJBHNICQQbAQiBBEgBAAVoeNNiJxZo21CRAG1ICQRzSAkEIQEIgQRI AQAFaHfTYicVaNtQkQAWaNtQkQBtSAkEc0gJBBsBCIEESAEABWh302InFmgvLTAAbUgJBHNI CQQbAQiBBEgBAAVocdNiJxZoLy0wAG1ICQRzSAkEIQEIgQRIAQAFaHHTYicVaNIEkQAWaC8t MABtSAkEc0gJBBsBCIEESAEABWik02InFmitAkUAbUgJBHNICQQcFWjSBJEAFmhOeucAbUgJ BG5IEQRzSAkEdEgRBAAcFWjSBJEAFmgtUcYAbUgJBG5IEQRzSAkEdEgRBBnpyQAA6skAAOvJ AADzyQAA9ckAAP3JAAAHygAADsoAABPKAAAYygAAGcoAADnKAAA6ygAAbMoAAG3KAAB5ygAA 59XDsZyKnIp4Y054TmM8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAjAQiBBEgBAAVohRNhRxZo/hcHAG1ICQRuSBEEc0gJBHRIEQQpAQiBBEgBAAVohBNhRxVo /hcHABZo/hcHAG1ICQRuSBEEc0gJBHRIEQQpAQiBBEgBAAVohBNhRxVo0gSRABZo/hcHAG1I CQRuSBEEc0gJBHRIEQQjAQiBBEgBAAVohBNhRxZo/hcHAG1ICQRuSBEEc0gJBHRIEQQjAQiB BEgBAAVogxNhRxZo/hcHAG1ICQRuSBEEc0gJBHRIEQQpAQiBBEgBAAVogxNhRxVo/hcHABZo /hcHAG1ICQRuSBEEc0gJBHRIEQQjAQiBBEgBAAVoghNhRxZo/hcHAG1ICQRuSBEEc0gJBHRI EQQjAQiBBEgBAAVogRNhRxZo/hcHAG1ICQRuSBEEc0gJBHRIEQQjAQiBBEgBAAVogRNhRxZo 7Ti+AG1ICQRuSBEEc0gJBHRIEQQvAAiBFWjSBJEAFmjtOL4AF2j+FwcAY0gBAGRohRNhR21I CQRuSBEEc0gJBHRIEQQAD3nKAACFygAAhsoAAIfKAAC6ygAAu8oAABTLAAAVywAALMsAAC3L AADQywAACswAAAvMAABPzAAAUMwAAGbMAADGzAAAx8wAAN7MAADizAAA6MwAAB/NAAAgzQAA yc0AAMrNAADjzQAA5M0AAOrYyb6zvrO+qJeMgYyBjHBlWr5PRLNEs0RPAAAUFWjSBJEAFmhh Ul8AbUgJBHNICQQAFBVo0gSRABZo6k7VAG1ICQRzSAkEABQVaNIEkQAWaHk+HgBeSgYAYUoY AAAUFWjSBJEAFmjEfU0AbUgJBHNICQQAIQEIgQRIAQAFaHLTYicVaNIEkQAWaAhMVQBtSAkE c0gJBBQVaMN63gAWaE565wBtSAkEc0gJBAAUFWjDet4AFmjEfU0AbUgJBHNICQQAIQEIgQRI AQAFaMkdWkcVaNIEkQAWaBM8bABtSAkEc0gJBBQVaNIEkQAWaC4ptABtSAkEc0gJBAAUFWjS BJEAFmhOeucAbUgJBHNICQQAFBVo0gSRABZo7CtKAG1ICQRzSAkEABwVaNIEkQAWaP4XBwBt SAkEbkgRBHNICQR0SBEEACMBCIEESAEABWiFE2FHFmj+FwcAbUgJBG5IEQRzSAkEdEgRBCkB CIEESAEABWiFE2FHFWj+FwcAFmj+FwcAbUgJBG5IEQRzSAkEdEgRBAAax8wAAN7MAADkzQAA h84AAEDPAADLzwAAeNAAAATRAABk0QAAZdEAAH3RAACN0QAApNEAAMbRAADH0QAA3dEAAOnR AAAT0gAAFNIAACPSAAA60gAAWdIAAPoAAAAAAAAAAAAAAAD1AAAAAAAAAAAAAAAA9QAAAAAA AAAAAAAAAPAAAAAAAAAAAAAAAADrAAAAAAAAAAAAAAAA5gAAAAAAAAAAAAAAAOEAAAAAAAAA AAAAAADcAAAAAAAAAAAAAAAA1wAAAAAAAAAAAAAAAMoAAAAAAAAAAAAAAADFAAAAAAAAAAAA AAAAxQAAAAAAAAAAAAAAAMUAAAAAAAAAAAAAAADFAAAAAAAAAAAAAAAAwAAAAAAAAAAAAAAA AMAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAwAAAAAAAAAAAAAAAALoAAAAAAAAAAAAAAAC6 AAAAAAAAAAAAAAAAxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhEABiQBZ2ToBpIAAAQRAGdk 0CPPAAAEEQBnZPAo5AAADKMAD4QAABGEAABehAAAYIQAAGdkqWhAAAAEowBnZKloQAAABKMA Z2RdJi0AAASjAGdkkWZtAAAEowBnZJwTVAAABK8AZ2THWYsAAASjAGdknSrDAAAEowBnZGFS XwAABAIAZ2R5Ph4AABXkzQAANc4AADbOAABvzgAAcM4AAIbOAACHzgAAkc4AAMHOAADCzgAA J88AACjPAAA/zwAAQM8AAEHPAABIzwAAW88AAG7PAABwzwAAfc8AAH7PAACwzwAAs88AAL3P AADJzwAAy88AAOvX69frw7uwpbClsJqPhXhrj2tej1NLRY8AAAAAAAAAAAAKFmjCRqkAMEq4 AAAOFmjCRqkAbUgJBHNICQQAFBVo0gSRABZoAXuaAG1ICQRzSAkEABgVaNIEkQAWaE565wBQ SgAAbUgJBHNICQQAGBVo0gSRABZo9XUUAFBKAABtSAkEc0gJBAAYFWjSBJEAFmj1dRQAUEoD AG1ICQRzSAkEABIWaCMCTQBQSgMAbUgJBHNICQQAFBVo0gSRABZo9XUUAG1ICQRzSAkEABQV aNIEkQAWaFIVrABtSAkEc0gJBAAUFWjSBJEAFmhOeucAbUgJBHNICQQAFBVo0gSRABZoiAAN AG1ICQRzSAkEAA4WaBJYZABtSAkEc0gJBAAnAAiBFWjSBJEAFmgGSOEAF2gTPGwAY0gBAGRo yB1aR21ICQRzSAkEJwAIgRVo0gSRABZoTnrnABdoEzxsAGNIAQBkaMgdWkdtSAkEc0gJBCcA CIEVaNIEkQAWaIIQDQAXaBM8bABjSAEAZGjIHVpHbUgJBHNICQQAGcvPAAAX0AAAGNAAAFvQ AABc0AAAaNAAAHHQAAB40AAAgNAAAILQAACI0AAAk9AAAJ7QAACm0AAAs9AAALTQAAC30AAA udAAAL/QAADU0AAA1dAAANbQAADs0AAA7dAAAPfQAAD50AAAAtEAAATRAAAd0QAAHtEAAEzR AABN0QAAY9EAAGTRAABx0QAActEAAHzRAAB90QAA9er16vXi9drPxLzEvMS8xLzEvM/qxOq8 z7zPqJSolKiAdW11YgAAAAAAAAAUFWjSBJEAFmjaad8AbUgJBHNICQQADhZomwSkAG1ICQRz SAkEABQVaNIEkQAWaKloQABtSAkEc0gJBAAnAAiBFWjSBJEAFmipaEAAF2gITFUAY0gBAGRo ctNiJ21ICQRzSAkEJwAIgRVo0gSRABZoTnrnABdoCExVAGNIAQBkaHLTYidtSAkEc0gJBCcA CIEVaNIEkQAWaNpp3wAXaAhMVQBjSAEAZGhy02InbUgJBHNICQQOFmgSWGQAbUgJBHNICQQA FBVoElhkABZoElhkAG1ICQRzSAkEABQVaNIEkQAWaJFmbQBtSAkEc0gJBAAOFmh4MH0AbUgJ BHNICQQADhZox0kJAG1ICQRzSAkEABQVaNIEkQAWaE565wBtSAkEc0gJBAAUFWjSBJEAFmgc WHoAbUgJBHNICQQlfdEAAJDRAACj0QAArtEAAMXRAADH0QAAFNIAABfSAAA+0gAAP9IAAF3S AACg0gAAv9IAAMDSAADK0gAA4dIAAOLSAADo0gAA69IAAP7SAAAB0wAAFNMAABjTAAAf0wAA INMAAEfTAABI0wAASdMAAFvTAABc0wAAXdMAAGHTAACQ0wAAkdMAALjTAAC50wAAutMAAPny +ev55Pnd1t355My/5LXkrqeup66nnKeOnIWcp353bHdebAAAAAAbAgiBA2rGCgAABggBFWjS BJEAFmjBVcEAVQgBFQNqAAAAABVo0gSRABZoqWhAAFUIAQwVaNIEkQAWaKloQAAADBVo0gSR ABZotHeHAAAQFWjSBJEAFmghSzwAMEpFAAAbAgiBA2oJCgAABggBFWjSBJEAFmgfEZoAVQgB FQNqAAAAABVo0gSRABZoIUs8AFUIAQwVaNIEkQAWaCFLPAAADBVo0gSRABZopzh3AAATAQiB BEgBAAVo3x1aRxZoOXwzABkBCIEESAEABWjfHVpHFWg5fDMAFmg5fDMAEwEIgQRIAQAFaN4d WkcWaDcMBwAMFWgoL34AFmgLHtwAAAwVaCgvfgAWaPAo5AAADBVo0gSRABZo0CPPAAAMFWgq YAwAFmgqYAwAAAwVaCgvfgAWaCpgDAAADBVo0gSRABZo8CjkACRZ0gAAWtIAAHTSAACG0gAA n9IAAKDSAACt0gAAy9IAAOfSAADo0gAA/tIAABXTAABd0wAAXtMAAHvTAACJ0wAAztMAAM/T AADc0wAA8NMAAA3UAAAO1AAAG9QAACnUAABv1AAActQAAPoAAAAAAAAAAAAAAAD6AAAAAAAA AAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAD6AAAAAAAAAAAAAAAA9AAAAAAAAAAA AAAAAPQAAAAAAAAAAAAAAADvAAAAAAAAAAAAAAAA7wAAAAAAAAAAAAAAAPQAAAAAAAAAAAAA AAD0AAAAAAAAAAAAAAAA6gAAAAAAAAAAAAAAAOUAAAAAAAAAAAAAAADcAAAAAAAAAAAAAAAA 1wAAAAAAAAAAAAAAANcAAAAAAAAAAAAAAADXAAAAAAAAAAAAAAAA3AAAAAAAAAAAAAAAANwA AAAAAAAAAAAAAADcAAAAAAAAAAAAAAAA3AAAAAAAAAAAAAAAANcAAAAAAAAAAAAAAADXAAAA AAAAAAAAAAAA1wAAAAAAAAAAAAAAANwAAAAAAAAAAAAAAAAAAASRAGdkqWhAAAAIkQAPhAAA XoQAAGdkqWhAAAAEEQBnZOx6UgAABBEAZ2QAdPQAAAQRAGdk0CPPAAYRAAYkAWdkKmAMAAAE EQBnZPAo5AAAGbrTAADM0wAAzdMAAN3TAADv0wAAMNQAADHUAABY1AAAWdQAAFrUAABs1AAA bdQAAH/UAACQ1AAAl9QAAJjUAAC/1AAAwNQAAMHUAADT1AAA1NQAANfUAADa1AAAAdUAAALV AAAw1QAAMdUAADLVAABL1QAATNUAAE/VAABj1QAAaNUAAIHVAACG1QAAjNUAALvVAADJ1QAA 2NUAAN7VAADf1QAA5tUAAOfVAAAU1gAAFdYAABbWAAAu1gAAL9YAADDWAABs1gAAstYAAPfs 5dzl7OXO7Pfs5dzl7OXA7Pfs5bzl7OWu7Pfs5aegp6CnmeXc5dzl7OWL7Pfs5aeZAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAGwIIgQNqyA0AAAYIARVo0gSRABZowVXBAFUIAQwVaNIEkQAW aPAo5AAADBVo0gSRABZoZwxmAAAMFWjSBJEAFmjQI88AABsCCIEDav0MAAAGCAEVaNIEkQAW aMFVwQBVCAEGFmg/Zy0AABsCCIEDakAMAAAGCAEVaNIEkQAWaMFVwQBVCAEbAgiBA2qDCwAA BggBFWjSBJEAFmjBVcEAVQgBEBVo0gSRABZoqWhAAFBKAAAADBVo0gSRABZoqWhAAAAVA2oA AAAAFWjSBJEAFmipaEAAVQgBEBVo0gSRABZoqWhAADBKRQAyctQAAH/UAACQ1AAA1tQAANfU AADm1AAA+tQAAE7VAABP1QAAYNUAAGnVAACL1QAAjNUAAJ7VAAC61QAAu9UAAMnVAADf1QAA MNYAADHWAABA1gAAxgAAAAAAAAAAAAAAAL0AAAAAAAAAAAAAAAC9AAAAAAAAAAAAAAAAvQAA AAAAAAAAAAAAAL0AAAAAAAAAAAAAAAC9AAAAAAAAAAAAAAAAvQAAAAAAAAAAAAAAAL0AAAAA AAAAAAAAAAC4AAAAAAAAAAAAAAAAuAAAAAAAAAAAAAAAALgAAAAAAAAAAAAAAAC9AAAAAAAA AAAAAAAAswAAAAAAAAAAAAAAALMAAAAAAAAAAAAAAACzAAAAAAAAAAAAAAAAvQAAAAAAAAAA AAAAAMYAAAAAAAAAAAAAAAC9AAAAAAAAAAAAAAAAvQAAAAAAAAAAAAAAAK0AAAAAAAAAAAAA AAAAAAYRAAYkAWdkVzeYAAAEEQBnZPAo5AAABBEAZ2TQI88AAAgRAA+EsAFehLABZ2SpaEAA ADgAAA3GWxawAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG2AeECDAIXAjICXQJg+U AygHvApQDuQReBUMGTQgyCNcJ/AqhC4YMqw1QDkAAAAAAAAAAAAAAAAAAAASZPAAAQAUpAAA Z2SpaEAAABRA1gAAS9YAAGvWAABs1gAAetYAAJHWAACx1gAAstYAAMXWAADP1gAA3tYAABvX AAAc1wAALdcAADbXAACI1wAAidcAAJjXAACm1wAA6dcAAOrXAAD5AAAAAAAAAAAAAAAA9AAA AAAAAAAAAAAAAPQAAAAAAAAAAAAAAADuAAAAAAAAAAAAAAAA7gAAAAAAAAAAAAAAAOkAAAAA AAAAAAAAAAD0AAAAAAAAAAAAAAAA3QAAAAAAAAAAAAAAANcAAAAAAAAAAAAAAADXAAAAAAAA AAAAAAAA0gAAAAAAAAAAAAAAAMkAAAAAAAAAAAAAAADEAAAAAAAAAAAAAAAAxAAAAAAAAAAA AAAAAMQAAAAAAAAAAAAAAAC7AAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAAK0AAAAAAAAAAAAA AACyAAAAAAAAAAAAAAAAsgAAAAAAAAAAAAAAAAAAAASRAGdktlbUAAAIEQAPhLABXoSwAWdk tlbUAAAIkQAPhAAAXoQAAGdkigNrAAAEEQBnZKloQAAACBEAD4SwAV6EsAFnZK4LpAAABJEA Z2TOelkABpEABSQAZ2SyFPIAAAskAAUkAAYkARGEsPhghLD4Z2SyFPIAAAQRAGdk8CjkAAYR AAYkAWdkKmAMAAAEEQBnZNAjzwAGEQAGJAFnZFc3mAAAFLLWAAC51gAAutYAAMXWAADO1gAA z9YAANDWAADc1gAA3dYAAOXWAADm1gAACdcAAArXAAAL1wAAGdcAABrXAAAb1wAAHNcAADDX AAA11wAAQNcAAEHXAABt1wAAbtcAAG/XAACG1wAAh9cAAIjXAACm1wAArdcAAK7XAADU1wAA 9e315t/m2Obfzca4za/N36ihmqGPmoGPeI9xaqFfagAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAVA2oAAAAAFWjSBJEAFmi2VtQAVQgBDBVo0gSRABZotlbUAAAMFWjSBJEAFmhb BtoAABAVaNIEkQAWaGcMZgAwSkUAABsCCIEDakYPAAAGCAEVaNIEkQAWaMJGqQBVCAEVA2oA AAAAFWjSBJEAFmhnDGYAVQgBDBVo0gSRABZoZwxmAAAMFWjSBJEAFmipaEAAAAwVaNIEkQAW aK4LpAAAEBVo0gSRABZoVCEIADBKRQAAGwIIgQNqkQ4AAAYIARVo0gSRABZowVXBAFUIAQwV aNIEkQAWaFQhCAAAFQNqAAAAABVo0gSRABZoVCEIAFUIAQwVaNIEkQAWaOpKxwAADBVo0gSR ABZoKxKKAAAMFWjSBJEAFmhyd6UAAA4WaCpgDABtSAkEc0gJBAAUFWjSBJEAFmgib+wAbUgJ BHNICQQf1NcAANXXAADW1wAA59cAAOjXAADp1wAAGtgAABvYAABF2AAARtgAAEfYAABc2AAA XdgAAF7YAABg2AAAYdgAAGPYAABk2AAAaNgAAGnYAABr2AAAbNgAAHDYAACE2AAAotgAAKPY AACk2AAAptgAAKrYAACr2AAAt9gAAL7YAADx5t3m1s/Eva/EpsS9z56anpqemp6ako6BdGqO Y45UAAAAAAAAAAAAHAAIgQwqBxZofHrtABdo0k6cAGNIAQBkaN5pWycADBVoJzDmABZofHrt AAATAQiBBEgBAAVozhJhRxZosBc4ABkACIEWaHx67QAXaF9vowBjSAEAZGitE1onGQAIgRZo fHrtABdosBc4AGNIAQBkaM4SYUcGFmh8eu0AAA4WaHx67QBuSBIEdEgSBAAGFmi8CcoAAA8D agAAAAAWaLwJygBVCAEQFWjSBJEAFmhbBtoAMEpFAAAbAgiBA2rIEAAABggBFWjSBJEAFmgf EZoAVQgBDBVo0gSRABZoWwbaAAAVA2oAAAAAFWjSBJEAFmhbBtoAVQgBDBVo0gSRABZoqWhA AAAMFWjSBJEAFmi2VtQAABAVaNIEkQAWaLZW1AAwSkUAABUDagAAAAAVaNIEkQAWaLZW1ABV CAEbAgiBA2oNEAAABggBFWjSBJEAFmjBVcEAVQgBAB/q1wAA+dcAABDYAABe2AAAX9gAAGDY AABi2AAAY9gAAGXYAABm2AAAZ9gAAGjYAABq2AAAa9gAAG3YAABu2AAAb9gAAHDYAACr2AAA rNgAAK3YAACu2AAA3tgAAN/YAAD6AAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAPoAAAAAAAAA AAAAAADxAAAAAAAAAAAAAAAA+gAAAAAAAAAAAAAAAO8AAAAAAAAAAAAAAADvAAAAAAAAAAAA AAAA7wAAAAAAAAAAAAAAAO8AAAAAAAAAAAAAAADoAAAAAAAAAAAAAAAA7wAAAAAAAAAAAAAA AO8AAAAAAAAAAAAAAADvAAAAAAAAAAAAAAAA7wAAAAAAAAAAAAAAAO8AAAAAAAAAAAAAAADo AAAAAAAAAAAAAAAA7wAAAAAAAAAAAAAAANwAAAAAAAAAAAAAAADXAAAAAAAAAAAAAAAA0gAA AAAAAAAAAAAAANIAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAA7wAAAAAAAAAAAAAAAAAAAAAA AAkSAA3GBwFQKAGsJgJnZBMU0QAABBIAZ2SsOx0AAAQAAGdkSBcwAAALJwADJAAPhAAAXoQA AGEkAGdk4xETAAAGAAASZPAAAQAUpAAAAAEAAAAIEQAPhLABXoSwAWdktlbUAAAEEQBnZKlo QAAAF77YAAC/2AAAxdgAAMbYAADK2AAA0dgAANLYAADY2AAA2dgAANvYAADc2AAA5NgAAPrY AAAk2QAAO9kAAFbZAABk2QAAadkAAK/ZAAC32QAAvtkAAPTZAAD92QAABNoAAAXaAAAL2gAA DNoAAA3aAAAP2gAAFdoAADvaAABC2gAAeNoAAO7i08vHv8e/tr/Hr8evx6/Hr8eox6GSgHRl klnLx6/HAAAAAAAAAAAAAAAAAAAWAQiBBEgBAAVowmlbJwwqBxZo8mtQAAAcAQiBBEgBAAVo wmlbJwwqBxVoY2TRABZovlNQAAAWAQiBBEgBAAVoz2JiJwwqBxZoYAcCAAAiAAiBDCoHFWhj ZNEAFmh8eu0AF2i+U1AAY0gBAGRowmlbJwAcAAiBDCoHFmh8eu0AF2i+U1AAY0gBAGRowmlb JwAMFWjfC9cAFmh8eu0AAAwVaEpjbAAWaHx67QAADBVoXz0kABZofHrtAAARFmitAkUAbUgA BG5IAAR1CAEPA2oAAAAAFmh8eu0AVQgBBhZofHrtAAAPDCoHFWhjZNEAFmh8eu0AHAEIgQRI AQAFaN5pWycMKgcVaGNk0QAWaNJOnAAAFgEIgQRIAQAFaNBiYicMKgcWaGAHAgAAIgAIgQwq BxVoY2TRABZofHrtABdo0k6cAGNIAQBkaN5pWycg39gAAODYAAAl2QAAatkAAK/ZAAD02QAA QtoAAIfaAADM2gAAH9sAACDbAAAh2wAAItsAACPbAAAk2wAAdtsAAHfbAAB42wAAedsAAP0A AAAAAAAAAAAAAAD4AAAAAAAAAAAAAAAA8wAAAAAAAAAAAAAAAO4AAAAAAAAAAAAAAADjAAAA AAAAAAAAAAAA3gAAAAAAAAAAAAAAAN4AAAAAAAAAAAAAAADeAAAAAAAAAAAAAAAA3gAAAAAA AAAAAAAAANkAAAAAAAAAAAAAAAD9AAAAAAAAAAAAAAAA1AAAAAAAAAAAAAAAANQAAAAAAAAA AAAAAADUAAAAAAAAAAAAAAAA1AAAAAAAAAAAAAAAAP0AAAAAAAAAAAAAAAD9AAAAAAAAAAAA AAAAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAQRAGdkqWhAAAAEEgBnZMQQ9AAABBEAZ2TxVEsAAAQRAGdkgweiAAAK AAAPhAAAFKQAAF6EAABnZFxqLQAABBEAZ2S+VGMAAAQRAGdklwQ2AAAEEQBnZMQQ9AAAAQAA ABJ42gAAgdoAAIbaAACH2gAAxtoAAMvaAADM2gAA/9oAAATbAAAM2wAAENsAABHbAAAT2wAA FNsAABbbAAAZ2wAAGtsAAB3bAAAe2wAAIdsAACTbAABQ2wAAV9sAAFjbAABe2wAA+fX59e7n 9drOvLSl2ueViHtx9Wz1XUs/AAAWAQiBBEgBAAVo0GJiJwwqBxZoYAcCAAAiAAiBDCoHFWhj ZNEAFmh8eu0AF2i+U1AAY0gBAGRowmlbJwAcAAiBDCoHFmh8eu0AF2i+U1AAY0gBAGRowmlb JwAJDCoHFmh8eu0AEwEIgQRIAQAFaMwSYUcWaPQmPAAZAQiBBEgBAAVozBJhRxVoXz0kABZo 9CY8ABkACIEWaHx67QAXaPQmPABjSAEAZGjMEmFHHwAIgRVoXz0kABZofHrtABdo9CY8AGNI AQBkaMwSYUccAQiBBEgBAAVouWlbJwwqBxVoqAV+ABZoqAV+AAAPDCoHFWioBX4AFmh8eu0A IgAIgQwqBxVoqAV+ABZofHrtABdovlNQAGNIAQBkaLlpWycAFgEIgQRIAQAFaJwSYUcMKgcW aPx6/QAAGQAIgRZofHrtABdovlNQAGNIAQBkaLlpWycMFWhfPSQAFmh8eu0AAAwVaAx4nwAW aHx67QAABhZofHrtAAAMFWiDB6IAFmh8eu0AGF7bAABf2wAAY9sAAGrbAABr2wAAcdsAAHLb AABz2wAAdNsAAHfbAAB42wAAedsAAPHp5d3l3dTd5dDJAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwV aNIEkQAWaKloQAAABhZovAnKAAARFmitAkUAbUgABG5IAAR1CAEPA2oAAAAAFmh8eu0AVQgB BhZofHrtAAAPDCoHFWhjZNEAFmh8eu0AHAEIgQRIAQAFaMJpWycMKgcVaGNk0QAWaL5TUAAL RgAJMAAKMAEcUAEAJlABADGQaAE6cCQlpwAfsNIvILDiPSGwGwIisAUHI5CgBSSQsgQlsAAA F7CgBRiwsgQMkNACRHABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoA S6kLAgAAAAgAAAAOAAAAXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADQANAAAAH0AAABEAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAACNDJ6nn5us4RjIIAqgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgA NAA1AAAAfQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABv AGMANQAwADIANgA2ADEAOAA0ADYAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoAS6kL AgAAAAgAAAAOAAAAXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADQANwAAAH0AAABEAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA CNDJ6nn5us4RjIIAqgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgANAA4 AAAAfQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABvAGMA NQAwADIANgA2ADEAOAA0ADkAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoAS6kLAgAA AAgAAAAOAAAAXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADUAMAAAAH0AAABEAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACNDJ 6nn5us4RjIIAqgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgANQAxAAAA fQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABvAGMANQAw ADIANgA2ADEAOAA1ADIAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoAS6kLAgAAAAgA AAAOAAAAXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADUAMwAAAH0AAABEAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACNDJ6nn5 us4RjIIAqgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgANQA0AAAAfQAA AEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABvAGMANQAwADIA NgA2ADEAOAA1ADUAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoAS6kLAgAAAAgAAAAO AAAAXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADUANgAAAH0AAABEAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACNDJ6nn5us4R jIIAqgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgANQA3AAAAfQAAAEQA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABvAGMANQAwADIANgA2 ADEAOAA1ADgAAAB9AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjQyep5+brOEYyCAKoAS6kLAgAAAAgAAAAOAAAA XwBUAG8AYwA1ADAAMgA2ADYAMQA4ADUAOQAAAH0AAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACNDJ6nn5us4RjIIA qgBLqQsCAAAACAAAAA4AAABfAFQAbwBjADUAMAAyADYANgAxADgANgAwAAAAfQAAAEQAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAI0Mnqefm6zhGMggCqAEupCwIAAAAIAAAADgAAAF8AVABvAGMANQAwADIANgA2ADEA OAA2ADEAAAA/AQAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQyep5+brOEYyCAKoAS6kLAgAAAAsAAADgyep5+brO EYyCAKoAS6kLpAAAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBpAGEAbgBhAC4AbwByAGcALwBh AHMAcwBpAGcAbgBtAGUAbgB0AHMALwByAHMAdgBwAC0AcABhAHIAYQBtAGUAdABlAHIAcwAv AHIAcwB2AHAALQBwAGEAcgBhAG0AZQB0AGUAcgBzAC4AeABoAHQAbQBsAAAAeViB9Dsdf0iv LIJdxIUnYwAAAAClqwAAEwAAAHIAcwB2AHAALQBwAGEAcgBhAG0AZQB0AGUAcgBzAC0AMgA0 AAAAvQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA0Mnqefm6zhGMggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCq AEupC0wAAABtAGEAaQBsAHQAbwA6AGMAZgBpAGwAcwBmAGkAbABAAGMAaQBzAGMAbwAuAGMA bwBtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAAClqwAAvQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Mnqefm6zhGM ggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCqAEupC0wAAABtAGEAaQBsAHQAbwA6AGcAZwBh AGwAaQBtAGIAZQBAAGMAaQBzAGMAbwAuAGMAbwBtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAACl qwAAvQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA0Mnqefm6zhGMggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCq AEupC0wAAABtAGEAaQBsAHQAbwA6AG0AaABhAHIAdABsAGUAeQBAAGMAaQBzAGMAbwAuAGMA bwBtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAAClqwAAvQAAAEQAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Mnqefm6zhGM ggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCqAEupC0wAAABtAGEAaQBsAHQAbwA6AGsAZQAt AGsAdQBtAGEAawBpAEAAawBkAGQAaQAuAGMAbwBtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAACl qwAAywAAAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA0Mnqefm6zhGMggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCq AEupC1oAAABtAGEAaQBsAHQAbwA6AFIAdQBlAGQAaQBnAGUAcgAuAEsAdQBuAHoAZQBAAHQA ZQBsAGUAawBvAG0ALgBkAGUAAAB5WIH0Ox1/SK8sgl3EhSdjAAAAAKWrAADJAAAARAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAADQyep5+brOEYyCAKoAS6kLAgAAAAMAAADgyep5+brOEYyCAKoAS6kLWAAAAG0AYQBp AGwAdABvADoAagB1AGwAaQBlAG4ALgBtAGUAdQByAGkAYwBAAG8AcgBhAG4AZwBlAC4AYwBv AG0AAAB5WIH0Ox1/SK8sgl3EhSdjAAAAAKWrAAC1AAAARAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQyep5+brOEYyC AKoAS6kLAgAAAAMAAADgyep5+brOEYyCAKoAS6kLRAAAAG0AYQBpAGwAdABvADoAegBhAGwA aQBAAGMAaQBzAGMAbwAuAGMAbwBtAAAAeViB9Dsdf0ivLIJdxIUnYwAAAAClqwAAxwAAAEQA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA0Mnqefm6zhGMggCqAEupCwIAAAADAAAA4Mnqefm6zhGMggCqAEupC1YAAABt AGEAaQBsAHQAbwA6AEQAaQBlAHQAZQByAC4AQgBlAGwAbABlAHIAQABuAG8AawBpAGEALgBj AG8AbQAAAHlYgfQ7HX9IryyCXcSFJ2MAAAAApasAALsAAABEAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDJ6nn5us4R jIIAqgBLqQsCAAAAAwAAAODJ6nn5us4RjIIAqgBLqQtKAAAAbQBhAGkAbAB0AG8AOgBzAHcA YQBsAGwAbwB3AEAAYwBpAHMAYwBvAC4AYwBvAG0AAAB5WIH0Ox1/SK8sgl3EhSdjAAAAAKWr AADDAAAARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAADQyep5+brOEYyCAKoAS6kLAgAAAAMAAADgyep5+brOEYyCAKoA S6kLUgAAAG0AYQBpAGwAdABvADoAegBoAGEAbgBnAGYAYQB0AGEAaQBAAGgAdQBhAHcAZQBp AC4AYwBvAG0AAAB5WIH0Ox1/SK8sgl3EhSdjAAAAAKWrAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASBrsAEgABAHcB DwAHAAAABQAAAAAABAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAHACAABwAgAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAYAAAAAAAAIAAAACAAAAAAAAAAwBgAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2BgAAOAYAADYG AAA2BgAANgYAADYGAAA2BgAANgYAADYGAAAyBgAAGAAAAMADAADQAwAA4AMAAPADAAAABAAA EAQAACAEAAAwBAAAQAQAAFAEAABgBAAAcAQAAIgEAACYBAAAyAMAANADAADgAwAA8AMAAAAE AAAQBAAAMgYAACgCAADYAQAA6AEAACAEAAAwBAAAQAQAAFAEAABgBAAAcAQAAIAEAACQBAAA wAMAANADAADgAwAA8AMAAAAEAAAQBAAAIAQAADAEAABABAAAUAQAAGAEAABwBAAAgAQAAJAE AADAAwAA0AMAAOADAADwAwAAAAQAABAEAAAgBAAAMAQAAEAEAABQBAAAYAQAAHAEAACABAAA kAQAAMADAADQAwAA4AMAAPADAAAABAAAEAQAACAEAAAwBAAAQAQAAFAEAABgBAAAcAQAAIAE AACQBAAAwAMAANADAADgAwAA8AMAAAAEAAAQBAAAIAQAADAEAABABAAAUAQAAGAEAABwBAAA gAQAAJAEAADAAwAA0AMAAOADAADwAwAAAAQAABgEAAAoBAAAOAQAAEgEAABYBAAAYAQAAH4E AACABAAAkAQAADgBAABYAQAA+AEAAAgCAAAYAgAAVgIAAH4CAACABAAAkAQAADgBAABYAQAA +AEAAAgCAAAYAgAAVgIAAH4CAAAQAwAAIAMAADADAABAAwAA4AIAAPACAAAAAwAAEAMAACAD AAAwAwAAQAMAAOACAADwAgAAAAMAABADAAAgAwAAMAMAAEADAADgAgAA8AIAAAADAAAQAwAA IAMAADADAABAAwAA4AIAAPACAAAAAwAAEAMAACADAAAwAwAAQAMAAOACAADwAgAAAAMAABAD AAAgAwAAMAMAAEADAADgAgAA8AIAAAADAAAQAwAAIAMAADADAABAAwAA4AIAAPACAAAAAwAA EAMAACADAAAwAwAAQAMAAOACAADwAgAAAAMAABADAAAgAwAAMAMAAEADAADgAgAA8AIAAAAD AAAQAwAAIAMAADADAABAAwAA4AIAAPACAAAAAwAAEAMAACADAAAwAwAAQAMAAOACAADwAgAA AAMAABADAAAgAwAAMAMAAEADAADgAgAA8AIAAAADAAAQAwAAIAMAADADAABAAwAA4AIAADYG AAAYAAAAUEoFAF9IAQRtSAkEbkgJBHNICQR0SAkEAAAAAKwAAGDx/wIArAAOAQAAjzu5AAAA BgBOAG8AcgBtAGEAbAAAAF4AAAANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQ GQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAESZBD/AAAUpPAA XoSwASgAQ0oYAE9KBgBQSgkAUUoGAF5KBgBfSAEEYUoYAG1ICQRzSAkEdEgJBDwAAUABAAIA PAAMEAAARRgLAAAACQBIAGUAYQBkAGkAbgBnACAAMQAAAA8AAQAGJAEKJgALRgUAQCYAAAAA UgACQAEAAgBSAAwQAADDCI8AAAAJAEgAZQBhAGQAaQBuAGcAIAAyAAAAFwACAAYkAQomAQtG BQAPhLABQCYBXoSwAQAOAFwIgV0IgV5KAgBhShwASAADAAEAAgBIAAwQAABFGAsAAAAJAEgA ZQBhAGQAaQBuAGcAIAAzAAAADwADAAYkAQomAgtGBQBAJgIACwBcCIFeSgIAYUoaAABEAAQA AQACAEQADBAAAEUYCwAAAAkASABlAGEAZABpAG4AZwAgADQAAAAPAAQABiQBCiYDC0YFAEAm AwAHAFwIgWFKHAAARgAFAAEAAgBGAAwQAABFGAsAAAAJAEgAZQBhAGQAaQBuAGcAIAA1AAAA DwAFAAYkAQomBAtGBQBAJgQACgBcCIFdCIFhShoARAAGAAEAAgBEAAwQAABFGAsAAAAJAEgA ZQBhAGQAaQBuAGcAIAA2AAAADwAGAAYkAQomBQtGBQBAJgUABwBcCIFhShYAADwABwABAAIA PAAMEAAARRgLAAAACQBIAGUAYQBkAGkAbgBnACAANwAAAA8ABwAGJAEKJgYLRgUAQCYGAAAA QAAIAAEAAgBAAAwQAABFGAsAAAAJAEgAZQBhAGQAaQBuAGcAIAA4AAAADwAIAAYkAQomBwtG BQBAJgcAAwBdCIEARAAJAAEAAgBEAAwQAABFGAsAAAAJAEgAZQBhAGQAaQBuAGcAIAA5AAAA DwAJAAYkAQomCAtGBQBAJggACABeSgIAYUoWAEQAQSDy/6EARAAMAQAARRgLAAAAFgBEAGUA ZgBhAHUAbAB0ACAAUABhAHIAYQBnAHIAYQBwAGgAIABGAG8AbgB0AAAAAABWAGkA8/+zAFYA DAEAAEUYCwAAAAwAVABhAGIAbABlACAATgBvAHIAbQBhAGwAAAAgADpWCwAX9gMAADTWBgAB BQMAADTWBgABCgNsAGH2AwAAAgALAAAAKABrIPT/wQAoAAABAABFGAsAAAAHAE4AbwAgAEwA aQBzAHQAAAACAAwAAAAAADwAbQDEAPEAPAAAAQAARRgLAAAADwAxACAALwAgADEALgAxACAA LwAgADEALgAxAC4AMQAAAAYADwALRgEAMABsAMQAAQEwAAABAABFGAsAAAAJADEAIAAvACAA YQAgAC8AIABpAAAABgAQAAtGAgBuAB9AAQASAW4ADAAAALUkEAAAAAYASABlAGEAZABlAHIA AABHABEADcY2F7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl 0CYCsBNQKAECD4QAABSkAABehAAAAAAAMAAgQBEBIgEwAAwAAADEEPQAAAAGAEYAbwBvAHQA ZQByAAAAAgASAAgAbkgSBHRIEgR0ABNAAQACAHQABQAAAL1wpwBwAgUAVABPAEMAIAAxAAAA RAATAA3GMxewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAm AUQlCg+EAAAUpAAAXoQAAAsAbUgABG5IAAR1CAEAdAAUQAEAAgB0AAUAAAC9cKcAcAIFAFQA TwBDACAAMgAAAEQAFAANxjMXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAe ECDAIXAjICXQJgFEJQoPhGADFKQAAF6EYAMLAG1IAARuSAAEdQgBAHgAFQABAAIAeAAFAAAA wTk4AHACBQBUAE8AQwAgADMAAABEABUADcYzF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAV oBdQGQAbsBxgHhAgwCFwIyAl0CYBYCcKD4QAABSkAABehAAADwBtSAAEbkgABHRIEgR1CAEA QABuAMQAYQFAAAABAABFGAsAAAARAEEAcgB0AGkAYwBsAGUAIAAvACAAUwBlAGMAdABpAG8A bgAAAAYAFgALRgMAaAAWAAEAAgBoAA0BAABFGAsAAAAFAFQATwBDACAANAAAAEQAFwANxjMX sAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgFgJwoPhMAG FKQAAF6EwAYAAGgAFwABAAIAaAANAQAAS13gAAAABQBUAE8AQwAgADUAAABEABgADcYzF7AB YAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYBYCcKD4RwCBSk AABehHAIAABoABgAAQACAGgADQEAAEUYCwAAAAUAVABPAEMAIAA2AAAARAAZAA3GMxewAWAD EAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAWAnCg+EIAoUpAAA XoQgCgAAaAAZAAEAAgBoAA0BAABFGAsAAAAFAFQATwBDACAANwAAAEQAGgANxjMXsAFgAxAF wAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgFgJwoPhNALFKQAAF6E 0AsAAGgAGgABAAIAaAANAQAARRgLAAAABQBUAE8AQwAgADgAAABEABsADcYzF7ABYAMQBcAG cAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYBYCcKD4SADRSkAABehIAN AABoABsAAQACAGgADQEAAEUYCwAAAAUAVABPAEMAIAA5AAAARAAcAA3GMxewAWADEAXABnAI IArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAWAnCg+EMA8UpAAAXoQwDwAA RABUAAEA0gFEAAwBAABFGAsAAAAKAEIAbABvAGMAawAgAFQAZQB4AHQAAAAWAB0ADoSgBQ+E oAUUpHgAXYSgBV6EoAUAADIAQgABAOIBMgAMAQAARRgLAAAACQBCAG8AZAB5ACAAVABlAHgA dAAAAAYAHgAUpHgAAABMAP5PYQICAEwADAAAAEUYCwAAABYAUgBGAEMAIABIADEAIAAtACAA bgBvACAAVABPAEMAIABuAG8AIABuAHUAbQAAAAUAHwBAJgkAAAA+AB0AAQACAj4ADAEAAEUY CwAAAA0ARgBvAG8AdABuAG8AdABlACAAVABlAHgAdAAAAAIAIAAIAENKFABhShQAPgAqIPL/ EQI+AAwBAABFGAsAAAARAEUAbgBkAG4AbwB0AGUAIABSAGUAZgBlAHIAZQBuAGMAZQAAAAMA SCoAAEAAIgABAAIAQAAMEAAARRgLAAAABwBDAGEAcAB0AGkAbwBuAAAADwAiAAMkAQomAAtG FwBhJAEABwBcCIFhShQAAEAAJiDy/zECQAAMAQAARRgLAAAAEgBGAG8AbwB0AG4AbwB0AGUA IABSAGUAZgBlAHIAZQBuAGMAZQAAAAMASCoBAGIA/k9RAkICYgAMAKYAkDy5AAAAFwBSAEYA QwAgAFIAZQBmAGUAcgBlAG4AYwBlAHMAIABCAG8AbwBrAG0AYQByAGsAAAAZACQACiYAC0YA AA+EUAcRhGD6XoRQB2CEYPoAAABcAP5PAQBSAlwADAClAEUYCwAAAA4AUgBGAEMAIABSAGUA ZgBlAHIAZQBuAGMAZQBzAAAAFQAlAAUkAQomAAtGEAANxgYCsAFgAwAAEABeSgAAbUgAAHNI AAB0SAAAUAD+TwEAAgBQAAwBAABFGAsAAAAPAFIARgBDACAASAAxACAALQAgAG4AbwAgAG4A dQBtAAAAEAAmAAYkAQ+EAABAJgBehAAABwBQSgAAXAiBADwA/k8BAHICPAAMAAAARRgLAAAA CQBSAEYAQwAgAFQAaQB0AGwAZQAAAAwAJwADJAEUpOABYSQBBABQSgAAQAD+DwEAAgBAAAwB AADAfjUAAAAQAFIARgBDACAASQBuAHMAdAByAHUAYwB0AGkAbwBuAHMAAAACACgAAwA1CIEA SAD+DwEAkgJIAAwAAACGeH8AAAARAFIARgBDACAATABpAHMAdAAgAE4AdQBtAGIAZQByAGUA ZAAAAAwAKQAFJAEKJgALRhIAAAA0AP4PYQICADQADAAAAA8JoAAAAAcAUgBGAEMAIABBAHAA cAAAAAwAKgAHJAEKJgALRhQAAAA6AP4PYQICADoADAAAAA8JoAAAAAoAUgBGAEMAIABBAHAA cAAgAEgAMQAAAAwAKwAKJgELRhQAQCYBAAA6AP4PYQICADoADAAAAA8JoAAAAAoAUgBGAEMA IABBAHAAcAAgAEgAMgAAAAwALAAKJgILRhQAQCYCAAA8AFAAAQDSAjwADAEAAEUYCwAAAAsA QgBvAGQAeQAgAFQAZQB4AHQAIAAyAAAADAAtABJk4AEBABSkeAAAAD4AUQABAOICPgAMAQAA RRgLAAAACwBCAG8AZAB5ACAAVABlAHgAdAAgADMAAAAGAC4AFKR4AAgAQ0oQAGFKEABQAE0A 4QHyAlAADAEAAEUYCwAAABYAQgBvAGQAeQAgAFQAZQB4AHQAIABGAGkAcgBzAHQAIABJAG4A ZABlAG4AdAAAAAoALwARhNIAYITSAAAASABDAAEAAgNIAAwBAABFGAsAAAAQAEIAbwBkAHkA IABUAGUAeAB0ACAASQBuAGQAZQBuAHQAAAAOADAAD4RoARSkeABehGgBAABUAE4AAQMSA1QA DAEAAEUYCwAAABgAQgBvAGQAeQAgAFQAZQB4AHQAIABGAGkAcgBzAHQAIABJAG4AZABlAG4A dAAgADIAAAAKADEAEYTSAGCE0gAAAFIAUgABACIDUgAMAQAARRgLAAAAEgBCAG8AZAB5ACAA VABlAHgAdAAgAEkAbgBkAGUAbgB0ACAAMgAAABQAMgAPhGgBEmTgAQEAFKR4AF6EaAEAAFQA UwABADIDVAAMAQAARRgLAAAAEgBCAG8AZAB5ACAAVABlAHgAdAAgAEkAbgBkAGUAbgB0ACAA MwAAAA4AMwAPhGgBFKR4AF6EaAEIAENKEABhShAAMgA/AAEAQgMyAAwBAABFGAsAAAAHAEMA bABvAHMAaQBuAGcAAAAKADQAD4TgEF6E4BAAACQATAABAAIAJAAMAQAARRgLAAAABABEAGEA dABlAAAAAgA1AAAAPABbAAEAYgM8AAwBAABFGAsAAAAQAEUALQBtAGEAaQBsACAAUwBpAGcA bgBhAHQAdQByAGUAAAACADYAAAAuAFgg8v9xAy4ADBAAAEUYCwAAAAgARQBtAHAAaABhAHMA aQBzAAAABgA2CAFdCAFoACQAAQCCA2gADAEAAEUYCwAAABAARQBuAHYAZQBsAG8AcABlACAA QQBkAGQAcgBlAHMAcwAAACEAOAAPhEALGIT8/xmE9P8ahPAeGyaAK0S8By+EtABehEALAAwA T0oCAFFKAgBeSgIATgAlAAEAkgNOAAwBAABFGAsAAAAPAEUAbgB2AGUAbABvAHAAZQAgAFIA ZQB0AHUAcgBuAAAAAgA5ABQAQ0oUAE9KAgBRSgIAXkoCAGFKFABGAFYg8v+hA0YADAEAAEUY CwAAABEARgBvAGwAbABvAHcAZQBkAEgAeQBwAGUAcgBsAGkAbgBrAAAADAA+KgFCKgxwaIAA gAAwAF8AogCxAzAADAEAAEUYCwAAAAwASABUAE0ATAAgAEEAYwByAG8AbgB5AG0AAAAAADoA YAABAMIDOgAMAQAARRgLAAAADABIAFQATQBMACAAQQBkAGQAcgBlAHMAcwAAAAIAPAAGADYI gV0IgTAAYSDy/9EDMAAMAQAARRgLAAAACQBIAFQATQBMACAAQwBpAHQAZQAAAAYANggBXQgB PgBiIPL/4QM+AAwBAABFGAsAAAAJAEgAVABNAEwAIABDAG8AZABlAAAAFABDShQAT0oGAFFK BgBeSgYAYUoUADwAYyDy//EDPAAMAQAARRgLAAAADwBIAFQATQBMACAARABlAGYAaQBuAGkA dABpAG8AbgAAAAYANggBXQgBRgBkIPL/AQRGAAwBAABFGAsAAAANAEgAVABNAEwAIABLAGUA eQBiAG8AYQByAGQAAAAUAENKFABPSgYAUUoGAF5KBgBhShQAVgBlAAEAEgRWAAwBnwBFGAsA MAYRAEgAVABNAEwAIABQAHIAZQBmAG8AcgBtAGEAdAB0AGUAZAAAAAIAQQAYAENKFABeSgAA YUoUAG1IAABzSAAAdEgAADoAZiDy/yEEOgAMAQAARRgLAAAACwBIAFQATQBMACAAUwBhAG0A cABsAGUAAAAMAE9KBgBRSgYAXkoGAEoAZyDy/zEESgAMAQAARRgLAAAADwBIAFQATQBMACAA VAB5AHAAZQB3AHIAaQB0AGUAcgAAABQAQ0oUAE9KBgBRSgYAXkoGAGFKFAA4AGgg8v9BBDgA DAEAAEUYCwAAAA0ASABUAE0ATAAgAFYAYQByAGkAYQBiAGwAZQAAAAYANggBXQgBNgBVYPL/ UQQ2AAwAAABFGAsAMAYJAEgAeQBwAGUAcgBsAGkAbgBrAAAADAA+KgFCKgJwaAAA/wAuACgA ogBhBC4ADAEAAEUYCwAAAAsATABpAG4AZQAgAE4AdQBtAGIAZQByAAAAAAA0AC8AAQByBDQA DAEAAEUYCwAAAAQATABpAHMAdAAAABIARwAPhGgBEYSY/l6EaAFghJj+AAA4ADIAAQCCBDgA DAEAAEUYCwAAAAYATABpAHMAdAAgADIAAAASAEgAD4TQAhGEmP5ehNACYISY/gAAOAAzAAEA kgQ4AAwBAABFGAsAAAAGAEwAaQBzAHQAIAAzAAAAEgBJAA+EOAQRhJj+XoQ4BGCEmP4AADgA NAABAKIEOAAMAQAARRgLAAAABgBMAGkAcwB0ACAANAAAABIASgAPhKAFEYSY/l6EoAVghJj+ AAA4ADUAAQCyBDgADAEAAEUYCwAAAAYATABpAHMAdAAgADUAAAASAEsAD4QIBxGEmP5ehAgH YISY/gAAOgAwAAEAwgQ6AA0BAABFGAsAAAALAEwAaQBzAHQAIABCAHUAbABsAGUAdAAAAAkA TAAKJgALRgYAAAAAPgA2AAEA0gQ+AA0BAABFGAsAAAANAEwAaQBzAHQAIABCAHUAbABsAGUA dAAgADIAAAAJAE0ACiYAC0YHAAAAAD4ANwABAOIEPgANAQAARRgLAAAADQBMAGkAcwB0ACAA QgB1AGwAbABlAHQAIAAzAAAACQBOAAomAAtGCAAAAAA+ADgAAQDyBD4ADQEAAEUYCwAAAA0A TABpAHMAdAAgAEIAdQBsAGwAZQB0ACAANAAAAAkATwAKJgALRgkAAAAAPgA5AAEAAgU+AA0B AABFGAsAAAANAEwAaQBzAHQAIABCAHUAbABsAGUAdAAgADUAAAAJAFAACiYAC0YKAAAAAEIA RAABABIFQgAMAQAARRgLAAAADQBMAGkAcwB0ACAAQwBvAG4AdABpAG4AdQBlAAAADgBRAA+E aAEUpHgAXoRoAQAARgBFAAEAIgVGAAwBAABFGAsAAAAPAEwAaQBzAHQAIABDAG8AbgB0AGkA bgB1AGUAIAAyAAAADgBSAA+E0AIUpHgAXoTQAgAARgBGAAEAMgVGAAwBAABFGAsAAAAPAEwA aQBzAHQAIABDAG8AbgB0AGkAbgB1AGUAIAAzAAAADgBTAA+EOAQUpHgAXoQ4BAAARgBHAAEA QgVGAAwBAABFGAsAAAAPAEwAaQBzAHQAIABDAG8AbgB0AGkAbgB1AGUAIAA0AAAADgBUAA+E oAUUpHgAXoSgBQAARgBIAAEAUgVGAAwBAABFGAsAAAAPAEwAaQBzAHQAIABDAG8AbgB0AGkA bgB1AGUAIAA1AAAADgBVAA+ECAcUpHgAXoQIBwAAOgAxAAEAYgU6AAwBAABFGAsAAAALAEwA aQBzAHQAIABOAHUAbQBiAGUAcgAAAAkAVgAKJgALRgsAAAAAPgA6AAEAcgU+AAwBAABFGAsA AAANAEwAaQBzAHQAIABOAHUAbQBiAGUAcgAgADIAAAAJAFcACiYAC0YMAAAAAD4AOwABAIIF PgAMAQAARRgLAAAADQBMAGkAcwB0ACAATgB1AG0AYgBlAHIAIAAzAAAACQBYAAomAAtGDQAA AAA+ADwAAQCSBT4ADAEAAEUYCwAAAA0ATABpAHMAdAAgAE4AdQBtAGIAZQByACAANAAAAAkA WQAKJgALRg4AAAAAPgA9AAEAogU+AAwBAABFGAsAAAANAEwAaQBzAHQAIABOAHUAbQBiAGUA cgAgADUAAAAJAFoACiYAC0YPAAAAAKoASQABALIFqgAMAQAARRgLAAAADgBNAGUAcwBzAGEA ZwBlACAASABlAGEAZABlAHIAAABnAFsAD4Q4BBGEyPskZAYBAAElZAYBAAEmZAYBAAEnZAYB AAEtRAAQTcYKAAAA/wAAAP8EAE7GCAAAAP8GAQEAT8YIAAAA/wYBAQBQxggAAAD/BgEBAFHG CAAAAP8GAQEAXoQ4BGCEyPsADABPSgIAUUoCAF5KAgBAAF4AAQDCBUAADAEAAEUYCwAAAAwA TgBvAHIAbQBhAGwAIAAoAFcAZQBiACkAAAACAFwADABPSgAAUUoAAF5KAAA+ABwAAQDSBT4A DAEAAEUYCwAAAA0ATgBvAHIAbQBhAGwAIABJAG4AZABlAG4AdAAAAAoAXQAPhNACXoTQAgAA NABPAAEAAgA0AAwBAABFGAsAAAAMAE4AbwB0AGUAIABIAGUAYQBkAGkAbgBnAAAAAgBeAAAA LgApAKIA8QUuAAwBAABFGAsAAAALAFAAYQBnAGUAIABOAHUAbQBiAGUAcgAAAAAAMABLAAEA AgAwAAwBAABFGAsAAAAKAFMAYQBsAHUAdABhAHQAaQBvAG4AAAACAGAAAAA2AEAAAQASBjYA DAEAAEUYCwAAAAkAUwBpAGcAbgBhAHQAdQByAGUAAAAKAGEAD4TgEF6E4BAAACoAVyDy/yEG KgAMEAAARRgLAAAABgBTAHQAcgBvAG4AZwAAAAYANQgBXAgBRgBKAAEAMgZGAAwQAABFGAsA AAAIAFMAdQBiAHQAaQB0AGwAZQAAAA8AYwADJAEUpDwAQCYBYSQBAAwAT0oCAFFKAgBeSgIA PAKOALMAQwY8AgwBAABFGAsAAAASAFQAYQBiAGwAZQAgADMARAAgAGUAZgBmAGUAYwB0AHMA IAAxAAAAbQE6VmQAatYjCACB1gj///8ABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iME AILWCICAgAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWIwIAf9QI////AAYBAACF1ggA AAD/AAAAAIbWCAAAAP8AAAAAatYjAQCA1giAgIAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAA AABq1i4ABH/UCAAAAP8AAAAAgdYIAAAA/wAAAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYu AAh/1AgAAAD/AAAAAILWCAAAAP8AAAAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWLgABgNYI AAAA/wAAAACB1ggAAAD/AAAAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1i4AAoDWCAAAAP8A AAAAgtYIAAAA/wAAAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKwMDAAP///wABAABYAGQA DcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAE1AIXKCAQANQgBXAgBhcoVAQA1CAFC KgxcCAFgSgwAcGiAAIAAhcoPAAhCKglgSgkAcGgAAIAAAIwBjwCzAFMGjAEMAQAARRgLAAAA EgBUAGEAYgBsAGUAIAAzAEQAIABlAGYAZgBlAGMAdABzACAAMgAAAN0AOlZlAGrWLkAAf9QI gICAAAYBAACA1gj///8ABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMIAILWCP///wAG AQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWOQQAf9QIAAAA/wAAAACA1ggAAAD/AAAAAILW CICAgAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAEAhdYIAAAA/wAAAACG1ggAAAD/ AAAAAGrWGAAIhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCsDAwAD///8AAQCINAEAWABlAA3G RwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABFgCFyggBADUIAVwIAYXKCAAINQgBXAgB ygGQALMAYwbKAQwBAABFGAsAAAASAFQAYQBiAGwAZQAgADMARAAgAGUAZgBmAGUAYwB0AHMA IAAzAAAA9wA6VmYAatYuQAB/1AiAgIAABgEAAIDWCP///wAGAQAAhdYIAAAA/wAAAACG1ggA AAD/AAAAAGrWDxAAh9YKwMDAAP///wABAGrWDyAAh9YKwMDAAP///wAIAGrWIwgAgtYI//// AAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatY5BAB/1AgAAAD/AAAAAIDWCAAAAP8AAAAA gtYIgICAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYYAQCF1ggAAAD/AAAAAIbWCAAA AP8AAAAAatYYAAiF1ggAAAD/AAAAAIbWCAAAAP8AAAAAiDQBiTQBAFgAZgANxkcAF7ABYAMQ BcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA+EsAEUpPAAXoSwAToAhcoPEABCKgBgSgAAcGgAAAD/hcoPIABCKgBgSgAA cGgAAAD/hcoIAQA1CAFcCAGFyggACDUIAVwIAbgBcgCzAHMGuAEMAQAARRgLAAAADwBUAGEA YgBsAGUAIABDAGwAYQBzAHMAaQBjACAAMQAAAOwAOlZnABPWMAAAAAAMAQAAAAAA/wAAAAAA AAAADAEAAAAAAP8AAAAAAAAA/wAAAAAAAAD/AAAAAGrWIwQAgtYIAAAAAAYBAACF1ggAAAD/ AAAAAIbWCAAAAP8AAAAAatYjAgB/1AgAAAAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq 1iMBAIDWCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAAIhdYIAAAA/wAAAACG 1ggAAAD/AAAAAGrWGAABhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAP8AAAD/AABYAGcA DcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAE5AIXKDwIAQioAYEoAAHBoAAAA/4XK CAEANggBXQgBhcoIAAg1CAFcCAGFyg4AATUIATYIAFwIAV0IAADwAXMAswCDBvABDAEAAEUY CwAAAA8AVABhAGIAbABlACAAQwBsAGEAcwBzAGkAYwAgADIAAAAjATpWaAAT1jAAAAAADAEA AAAAAP8AAAAAAAAAAAwBAAAAAAD/AAAAAAAAAP8AAAAAAAAA/wAAAABq1iUEAIXWCAAAAP8A AAAAhtYIAAAA/wAAAACH1grAwMAA////AAEAatYjAgB/1AgAAAAABgEAAIXWCAAAAP8AAAAA htYIAAAA/wAAAABq1jABAIDWCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCoAA gAD///8AAQBq1hgACIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgAAYXWCAAAAP8AAAAAhtYI AAAA/wAAAABq1iUAAoXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1gqAAIAA////AAEAh9YKAAAA /wAAAP8AAABYAGgADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4Q IMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAE6AIXKCAQANQgB XAgBhcoPAQBCKghgSggAcGj///8AhcoPAAhCKglgSgkAcGgAAIAAhcoIAAE1CAFcCAGqAXQA swCTBqoBDAEAAEUYCwAAAA8AVABhAGIAbABlACAAQwBsAGEAcwBzAGkAYwAgADMAAADFADpW aQAT1jAAAAAADAEAAAAAAAAMAQAAAAAAAAwBAAAAAAAADAEAAAAAAP8AAAAAAAAA/wAAAABq 1hgEAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1jACAH/UCAAAAAAMAQAAhdYIAAAA/wAAAACG 1ggAAAD/AAAAAIfWCv///wD///8AAQBq1jABAIDWCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggA AAD/AAAAAIfWCgAAgAD///8AAQCH1grAwMAA////AAEAAFgAaQANxkcAF7ABYAMQBcAGcAgg CtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA+EsAEUpPAAXoSwAVEAQioJcGgAAIAAhcoVBAA1CAFCKgFcCAFgSgEAcGgAAAAAhcoP AgBCKglgSgkAcGgAAIAAhcobAQA1CAE2CAFCKghcCAFdCAFgSggAcGj///8AAOYBdQCzAKMG 5gEMAQAARRgLAAAADwBUAGEAYgBsAGUAIABDAGwAYQBzAHMAaQBjACAANAAAAPsAOlZqABPW MAAAAAAMAQAAAAAAAAYBAAAAAAAADAEAAAAAAAAGAQAAAAAA/wAAAAAAAAD/AAAAAGrWGAQA hdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWMAIAgNYIAAAAAAYBAACF1ggAAAD/AAAAAIbWCAAA AP8AAAAAh9YKAAAAAP///wAIAGrWMAEAgNYIAAAAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8A AAAAh9YKAACAAP///wAIAGrWGAAIhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAAChdYIAAAA /wAAAACG1ggAAAD/AAAAAIfWCgAAAP8AAAD/AAAAWABqAA3GRwAXsAFgAxAFwAZwCCAK0AuA DTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA D4SwARSk8ABehLABWACFyggEADUIAVwIAYXKDwIAQioJYEoJAHBoAACAAIXKGwEANQgBNggB QioIXAgBXQgBYEoIAHBo////AIXKDwAIQioJYEoJAHBoAACAAIXKCAACNQgBXAgBqAF2ALMA swaoAQwBAABFGAsAAAAQAFQAYQBiAGwAZQAgAEMAbwBsAG8AcgBmAHUAbAAgADEAAADXADpW awAT1jAAgIAADAEAAACAgAAMAQAAAICAAAwBAAAAgIAADAEAAAD//wAGAQAAAAAA/wAAAABq 1iUEAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAAIAA////AAEAatYlAQCF1ggAAAD/AAAA AIbWCAAAAP8AAAAAh9YKAAAAAP///wABAGrWGAAIhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrW JQAChdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAAD///8AAQCH1goAgIAA////AAEAAFgA awANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwATwAQioIcGj///8AhcoOBAA1CAE2 CAFcCAFdCAGFyg4BADUIATYIAVwIAV0IAYXKDgAINQgBNggAXAgBXQgAqgF3ALMAwwaqAQwB AABFGAsAAAAQAFQAYQBiAGwAZQAgAEMAbwBsAG8AcgBmAHUAbAAgADIAAADVADpWbAAT1jAA AAD/AAAAAAAAAP8AAAAAAAAAAAwBAAAAAAD/AAAAAAAAAP8AAAAAAAAA/wAAAABq1iUIAIXW CAAAAP8AAAAAhtYIAAAA/wAAAACH1grAwMAA////AAEAatYYBACF1ggAAAD/AAAAAIbWCAAA AP8AAAAAatYwAQCA1ggAAAAADAEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1gqAAAAA//// AAEAatYYAAiF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK//8AAP///wAEAABYAGwADcZHABew AWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFAAIXKDgQANQgBNggBXAgBXQgBhcobAQA1CAE2 CAFCKghcCAFdCAFgSggAcGj///8AhcoOAAg1CAE2CABcCAFdCACKAXgAswDTBooBDAEAAEUY CwAAABAAVABhAGIAbABlACAAQwBvAGwAbwByAGYAdQBsACAAMwAAAN0AOlZtABPWMAAAAAAS AQAAAAAAABIBAAAAAAAAEgEAAAAAAAASAQAAwMDAAAYBAAAAAAD/AAAAAGrWOwQAgdYIAAAA ACQBAACC1ggAAAAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAgIAA////AAEAatYw AQCA1ggAAAAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAgIAA////AAEAatYlAAKF 1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAAAP///wABAIfWCgCAgAD///8ABQAAWABtAA3G RwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABGACFyhUAAjUIAUIqCFwIAWBKCABwaP// /wAKAnkAswDjBgoCDAEAAEUYCwAAAA8AVABhAGIAbABlACAAQwBvAGwAdQBtAG4AcwAgADEA AAALATpWbgAT1jAAAAAADAEAAAAAAAAMAQAAAAAAAAwBAAAAAAAADAEAAAAAAP8AAAAAAAAA /wAAAABq1g8QAIfWCgAAAAD///8ABQBq1g8gAIfWCv//AAD///8ABQBq1hgIAIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1hgEAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgCAIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1iMBAIDWCAAAAAAGAwAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrW GAAIhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAABhdYIAAAA/wAAAACG1ggAAAD/AAAAAIk0 AQBYAG4ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMg JdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFsADUIgVwIgYXKDxAAQioA YEoAAHBoAAAA/4XKDyAAQioAYEoAAHBoAAAA/4XKCAgANQgAXAgAhcoIBAA1CABcCACFyggC ADUIAFwIAIXKCAEANQgAXAgAhcoIAAg1CAFcCAGFyggAATUIAVwIAewBegCzAPMG7AEMAQAA RRgLAAAADwBUAGEAYgBsAGUAIABDAG8AbAB1AG0AbgBzACAAMgAAANoAOlZvAGrWDxAAh9YK AAAAAP///wAGAGrWDyAAh9YKAP8AAP///wAFAGrWGAgAhdYIAAAA/wAAAACG1ggAAAD/AAAA AGrWGAQAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAIAhdYIAAAA/wAAAACG1ggAAAD/AAAA AGrWJQEAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAgAD///8AAQBq1hgACIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1hgAAYXWCAAAAP8AAAAAhtYIAAAA/wAAAACJNAFYAG8ADcZHABew AWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAGAADUIgVwIgYXKDxAAQioAYEoAAHBoAAAA/4XK DyAAQioAYEoAAHBoAAAA/4XKCAgANQgAXAgAhcoVBAA1CABCKgFcCABgSgEAcGgAAAAAhcoI AgA1CABcCACFyg8BAEIqCGBKCABwaP///wCFyggACDUIAVwIAYXKCAABNQgBXAgB+AF7ALMA Awf4AQwBAABFGAsAAAAPAFQAYQBiAGwAZQAgAEMAbwBsAHUAbQBuAHMAIAAzAAAA/QA6VnAA E9YwAACAAAYBAAAAAIAABgEAAAAAgAAGAQAAAACAAAYBAAAAAAD/AAAAAAAAgAAGAQAAatYP EACH1grAwMAA////AAEAatYPIACH1goAAAAA////AAMAatYYCACF1ggAAAD/AAAAAIbWCAAA AP8AAAAAatYYBACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYjAgB/1AgAAIAABgEAAIXWCAAA AP8AAAAAhtYIAAAA/wAAAABq1iUBAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAAIAA//// AAEAatYYAAGF1ggAAAD/AAAAAIbWCAAAAP8AAAAAiTQBAFgAcAANxkcAF7ABYAMQBcAGcAgg CtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA+EsAEUpPAAXoSwAWgANQiBXAiBhcoPEABCKgBgSgAAcGgAAAD/hcoPIABCKgBgSgAA cGgAAAD/hcoICAA1CABcCACFyggEADUIAFwIAIXKCAIANQgAXAgAhcoPAQBCKghgSggAcGj/ //8AhcoIAAE1CAFcCAFoAXwAswATB2gBDAEAAEUYCwAAAA8AVABhAGIAbABlACAAQwBvAGwA dQBtAG4AcwAgADQAAACJADpWcQBq1g8QAIfWCgCAgAD///8ACABq1g8gAIfWCgAAAAD///8A AwBq1hgIAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgCAIXWCAAAAP8AAAAAhtYIAAAA/wAA AABq1iUBAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAAAAA////AAEAiTQBAFgAcQANxkcA F7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwAUwAhcoPEABCKgBgSgAAcGgAAAD/hcoPIABC KgBgSgAAcGgAAAD/hcoICAA1CAFcCAGFyggCADUIAVwIAYXKDwEAQioIYEoIAHBo////ALYB fQCzACMHtgEMAQAARRgLAAAADwBUAGEAYgBsAGUAIABDAG8AbAB1AG0AbgBzACAANQAAAM4A OlZyABPWMICAgAAMAQAAgICAAAwBAACAgIAADAEAAICAgAAMAQAAAAAA/wAAAADAwMAABgEA AGrWDxAAh9YKwMDAAP///wABAGrWGAgAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAQAhdYI AAAA/wAAAACG1ggAAAD/AAAAAGrWIwIAf9QIgICAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8A AAAAatYjAQCA1giAgIAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACJNAFYAHIADcZHABew AWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFWAIXKDxAAQioAYEoAAHBoAAAA/4XKDyAAQioA YEoAAHBoAAAA/4XKCAgANQgBXAgBhcoIBAA1CAFcCAGFyggCADUIAVwIAYXKDgEANQgBNggB XAgBXQgBhgGRALMAMweGAQwBAABFGAsAAAASAFQAYQBiAGwAZQAgAEMAbwBuAHQAZQBtAHAA bwByAGEAcgB5AAAAsgA6VnMAE9YwAAAA/wAAAAAAAAD/AAAAAAAAAP8AAAAAAAAA/wAAAAD/ //8AEgEAAP///wASAQAAatYlQACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAAAP///wAC AGrWJYAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAAD///8ABABq1iUBAIXWCAAAAP8A AAAAhtYIAAAA/wAAAACH1goAAAAA////AAQAiDQBWABzAA3GRwAXsAFgAxAFwAZwCCAK0AuA DTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA D4SwARSk8ABehLABPACFyg9AAEIqAGBKAABwaAAAAP+Fyg+AAEIqAGBKAABwaAAAAP+FyhUB ADUIAUIqAFwIAWBKAABwaAAAAP8EAZIAswBDBwQBDAEAAEUYCwAAAA0AVABhAGIAbABlACAA RQBsAGUAZwBhAG4AdAAAAF8AOlZ0ABPWMAAAAAAGAwAAAAAAAAYDAAAAAAAABgMAAAAAAAAG AwAAAAAAAAYBAAAAAAAABgEAAGrWGAEAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAP8A AAD/AAAAWAB0AA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDA IXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABFQCFyhIBADsIAUIq AGBKAABwaAAAAP8AwACaALMAUwfAAAwBAABFGAsAAAAKAFQAYQBiAGwAZQAgAEcAcgBpAGQA AAA3ADpWdQAT1jAAAAD/BAEAAAAAAP8EAQAAAAAA/wQBAAAAAAD/BAEAAAAAAP8EAQAAAAAA /wQBAAAAWAB1AA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDA IXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABAAAcAX4AswBjBxwB DAEAAEUYCwAAAAwAVABhAGIAbABlACAARwByAGkAZAAgADEAAAB6ADpWdgAT1jAAAAAABgEA AAAAAAAGAQAAAAAAAAYBAAAAAAAABgEAAAAAAAAGAQAAAAAAAAYBAABq1hgIAIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1hgCAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goAAAD/AAAA/wAA WAB2AA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQ JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABFgCFyggIADYIAV0IAYXKCAIA NggBXQgBdAF/ALMAcwd0AQwBAABFGAsAAAAMAFQAYQBiAGwAZQAgAEcAcgBpAGQAIAAyAAAA uwA6VncAE9YwAAAA/wAAAAAAAAD/AAAAAAAAAP8AAAAAAAAA/wAAAAAAAAAABgEAAAAAAAAG AQAAatYYCACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYYBACF1ggAAAD/AAAAAIbWCAAAAP8A AAAAatYjAgB/1AgAAAAABgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgBAIXWCAAAAP8A AAAAhtYIAAAA/wAAAACH1goAAAD/AAAA/wAAAFgAdwANxkcAF7ABYAMQBcAGcAggCtALgA0w D+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+E sAEUpPAAXoSwASwAhcoICAA1CAFcCAGFyggEADUIAVwIAYXKCAIANQgBXAgBhcoIAQA1CAFc CAFQAYAAswCDB1ABDAEAAEUYCwAAAAwAVABhAGIAbABlACAARwByAGkAZAAgADMAAACtADpW eAAT1jAAAAAABgEAAAAAAAAMAQAAAAAAAAYBAAAAAAAADAEAAAAAAP8AAAAAAAAAAAYBAABq 1hgIAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgCAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq 1jABAIDWCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCv//AAD///8ABgCH1goA AAD/AAAA/wAAAFgAeAANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwARYAhcoICAA1 CAFcCAGFyggCADUIAVwIAZQBgQCzAJMHlAEMAQAARRgLAAAADABUAGEAYgBsAGUAIABHAHIA aQBkACAANAAAAMUAOlZ5ABPWMAAAAP8AAAAAAAAAAAwBAAAAAAD/AAAAAAAAAAAMAQAAAAAA AAYBAAAAAAAABgEAAGrWGAgAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWMAIAf9QIAAAAAAYB AACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK//8AAP///wAGAGrWMAEAgNYIAAAAAAYBAACF 1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK//8AAP///wAGAIfWCgAAAP8AAAD/AAAAWAB5AA3G RwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABQgCFyhUIADUIAUIqAFwIAWBKAABwaAAA AP+FyhUCADUIAUIqAFwIAWBKAABwaAAAAP+Fyg8BAEIqAGBKAABwaAAAAP9eAYIAswCjB14B DAEAAEUYCwAAAAwAVABhAGIAbABlACAARwByAGkAZAAgADUAAAC7ADpWegAT1jAAAAAADAEA AAAAAAAMAQAAAAAAAAwBAAAAAAAADAEAAAAAAAAGAQAAAAAAAAYBAABq1hgIAIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1hgCAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMBAIDWCAAAAAAM AQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAAChdYIAAAAAAYBAACG1ggAAAD/AAAAAIfW CgAAAP8AAAD/AAAAWAB6AA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuw HGAeECDAIXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABFgCFyggI ADUIAVwIAYXKCAIANQgBXAgBegGDALMAswd6AQwBAABFGAsAAAAMAFQAYQBiAGwAZQAgAEcA cgBpAGQAIAA2AAAAxgA6VnsAE9YwAAAAAAwBAAAAAAAADAEAAAAAAAAMAQAAAAAAAAwBAAAA AAD/AAAAAAAAAAAGAQAAatYYBACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYjAgB/1AgAAAAA BgEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMBAIDWCAAAAAAGAQAAhdYIAAAA/wAAAACG 1ggAAAD/AAAAAGrWGAAChdYIAAAAAAYBAACG1ggAAAD/AAAAAIfWCgAAAP8AAAD/AABYAHsA DcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAEoAIXKCAQANQgBXAgBhcoPAgBCKgBg SgAAcGgAAAD/hcoIAQA1CAFcCAGgAYQAswDDB6ABDAEAAEUYCwAAAAwAVABhAGIAbABlACAA RwByAGkAZAAgADcAAADhADpWfAAT1jAAAAAADAEAAAAAAAAMAQAAAAAAAAwBAAAAAAAADAEA AAAAAAAGAQAAAAAAAAYBAABq1hgIAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgEAIXWCAAA AP8AAAAAhtYIAAAA/wAAAABq1iMCAH/UCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAA AGrWIwEAgNYIAAAAAAwBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYYAAKF1ggAAAAABgEA AIbWCAAAAP8AAAAAh9YKAAAA/wAAAP8AAABYAHwADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLAB FKTwAF6EsAEyADUIgVwIgYXKCAgANQgAXAgAhcoIBAA1CABcCACFyggCADUIAFwIAIXKCAEA NQgAXAgAdgGFALMA0wd2AQwBAABFGAsAAAAMAFQAYQBiAGwAZQAgAEcAcgBpAGQAIAA4AAAA ogA6Vn0AE9YwAACAAAYBAAAAAIAABgEAAAAAgAAGAQAAAACAAAYBAAAAAIAABgEAAAAAgAAG AQAAatYYCACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYYAgCF1ggAAAD/AAAAAIbWCAAAAP8A AAAAatYlAQCF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAACAAP///wABAIfWCgAAAP8AAAD/ AABYAH0ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMg JdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFIAIXKFQgANQgBQioAXAgB YEoAAHBoAAAA/4XKFQIANQgBQioAXAgBYEoAAHBoAAAA/4XKFQEANQgBQioIXAgBYEoIAHBo ////AMwBhgCzAOMHzAEMAQAARRgLAAAADABUAGEAYgBsAGUAIABMAGkAcwB0ACAAMQAAAPEA OlZ+ABPWMACAgAAMAQAAAICAAAYBAAAAgIAADAEAAACAgAAGAQAAAAAA/wAAAAAAAAD/AAAA AGrWJUAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCsDAwAD///8AAQBq1hiAAIXWCAAAAP8A AAAAhtYIAAAA/wAAAABq1iMCAH/UCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrW MAEAgNYIAAAAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKwMDAAP///wABAGrWGAAI hdYIAAAA/wAAAACG1ggAAAD/AAAAAIg0AQBYAH4ADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLAB FKTwAF6EsAFNAIXKD0AAQioAYEoAAHBoAAAA/4XKD4AAQioAYEoAAHBoAAAA/4XKGwEANQgB NggBQioNXAgBXQgBYEoNAHBogAAAAIXKCAAINQgBXAgBAMYBhwCzAPMHxgEMAQAARRgLAAAA DABUAGEAYgBsAGUAIABMAGkAcwB0ACAAMgAAAPEAOlZ/ABPWMAAAAP8AAAAAAAAA/wAAAACA gIAADAEAAAAAAP8AAAAAAAAA/wAAAAAAAAD/AAAAAGrWJUAAhdYIAAAA/wAAAACG1ggAAAD/ AAAAAIfWCgD/AAD///8ABABq1hiAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMCAH/UCAAA AAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWMAEAgNYIAAAAAAYBAACF1ggAAAD/AAAA AIbWCAAAAP8AAAAAh9YKAICAAACAAAALAGrWGAAIhdYIAAAA/wAAAACG1ggAAAD/AAAAAIg0 AgBYAH8ADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMg JdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFHAIXKD0AAQioAYEoAAHBo AAAA/4XKD4AAQioAYEoAAHBoAAAA/4XKFQEANQgBQioIXAgBYEoIAHBo////AIXKCAAINQgB XAgBAGgBiACzAAMIaAEMAQAARRgLAAAADABUAGEAYgBsAGUAIABMAGkAcwB0ACAAMwAAAKsA OlaAABPWMAAAAAAMAQAAAAAA/wAAAAAAAAAADAEAAAAAAP8AAAAAAAAAAAYBAAAAAAD/AAAA AGrWIwIAf9QIAAAAAAwBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYjAQCA1ggAAAAADAEA AIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1hgACIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1goA AAD/AAAA/wAAAFgAgAANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwATAAhcoVAQA1 CAFCKglcCAFgSgkAcGgAAIAAhcoVAAg2CAFCKgldCAFgSgkAcGgAAIAAHAGJALMAEwgcAQwB AABFGAsAAAAMAFQAYQBiAGwAZQAgAEwAaQBzAHQAIAA0AAAAdwA6VoEAE9YwAAAAAAwBAAAA AAAADAEAAAAAAAAMAQAAAAAAAAwBAAAAAAAABgEAAAAAAP8AAAAAatYwAQCA1ggAAAAADAEA AIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1gqAgIAA////AAEAh9YKAAAA/wAAAP8AAABYAIEA DcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAEYAIXKFQEANQgBQioIXAgBYEoIAHBo ////ACgBigCzACMIKAEMAQAARRgLAAAADABUAGEAYgBsAGUAIABMAGkAcwB0ACAANQAAAIUA OlaCABPWMAAAAAAGAQAAAAAAAAYBAAAAAAAABgEAAAAAAAAGAQAAAAAAAAYBAAAAAAD/AAAA AGrWGAQAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWIwEAgNYIAAAAAAwBAACF1ggAAAD/AAAA AIbWCAAAAP8AAAAAh9YKAAAA/wAAAP8AAABYAIIADcZHABewAWADEAXABnAIIArQC4ANMA/g EJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLAB FKTwAF6EsAEWAIXKCAQANQgBXAgBhcoIAQA1CAFcCAFeAYsAswAzCF4BDAEAAEUYCwAAAAwA VABhAGIAbABlACAATABpAHMAdAAgADYAAAC7ADpWgwAT1jAAAAAABgEAAAAAAAAGAQAAAAAA AAYBAAAAAAAABgEAAAAAAP8AAAAAAAAA/wAAAABq1iVAAIXWCAAAAP8AAAAAhtYIAAAA/wAA AACH1goAAAAA////AAUAatYjBACC1ggAAAAADAEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq 1iMBAIDWCAAAAAAMAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAAD///8ACACINAEA WACDAA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQ JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLABFgCFyggEADUIAVwIAYXKCAEA NQgBXAgB5AGMALMAQwjkAQwBAABFGAsAAAAMAFQAYQBiAGwAZQAgAEwAaQBzAHQAIAA3AAAA GQE6VoQAE9YwAIAAAAwBAAAAgAAABgEAAACAAAAMAQAAAIAAAAYBAAAAAAAABgEAAAAAAP8A AAAAatYlQACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAAAP///wAEAGrWJYAAhdYIAAAA /wAAAACG1ggAAAD/AAAAAIfWCv//AAD///8ABQBq1hgIAIXWCAAAAP8AAAAAhtYIAAAA/wAA AABq1hgEAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMCAH/UCACAAAAMAQAAhdYIAAAA/wAA AACG1ggAAAD/AAAAAGrWMAEAgNYIAIAAAAwBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK wMDAAP///wABAIg0AQBYAIQADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkA G7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAE+AIXK D0AAQioAYEoAAHBoAAAA/4XKCAgANQgBXAgBhcoIBAA1CAFcCAGFyggCADUIAVwIAYXKCAEA NQgBXAgB6gGNALMAUwjqAQwBAABFGAsAAAAMAFQAYQBiAGwAZQAgAEwAaQBzAHQAIAA4AAAA GQE6VoUAE9YwAAAAAAYBAAAAAAAABgEAAAAAAAAGAQAAAAAAAAYBAAAAAAD/AAAAAAAAAAAG AQAAatYlQACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK//8AAP///wAFAGrWJYAAhdYIAAAA /wAAAACG1ggAAAD/AAAAAIfWCv8AAAD///8ACABq1hgIAIXWCAAAAP8AAAAAhtYIAAAA/wAA AABq1hgEAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMCAH/UCAAAAAAGAQAAhdYIAAAA/wAA AACG1ggAAAD/AAAAAGrWMAEAgNYIAAAAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK //8AAP///wABAIg0AQBYAIUADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTwFaAXUBkA G7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6EsAFEAIXK D0AAQioAYEoAAHBoAAAA/4XKCAgANQgBXAgBhcoIBAA1CAFcCAGFyggCADUIAVwIAYXKDgEA NQgBNggBXAgBXQgBHAGTALMAYwgcAQwBAABFGAsAAAASAFQAYQBiAGwAZQAgAFAAcgBvAGYA ZQBzAHMAaQBvAG4AYQBsAAAAbAA6VoYAE9YwAAAAAAYBAAAAAAAABgEAAAAAAAAGAQAAAAAA AAYBAAAAAAAABgEAAAAAAAAGAQAAatYlAQCF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAA AP///wABAIfWCgAAAP8AAAD/AABYAIYADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTw FaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6E sAEYAIXKFQEANQgBQioAXAgBYEoAAHBoAAAA/yABbwCzAHMIIAEMAQAARRgLAAAADgBUAGEA YgBsAGUAIABTAGkAbQBwAGwAZQAgADEAAACQADpWhwAT1jAAgAAADAEAAAAAAP8AAAAAAIAA AAwBAAAAAAD/AAAAAAAAAP8AAAAAAAAA/wAAAABq1iMCAH/UCACAAAAGAQAAhdYIAAAA/wAA AACG1ggAAAD/AAAAAGrWIwEAgNYIAIAAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YK AAAA/wAAAP8AAFgAhwANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwAQAAyAFwALMA gwjIAQwBAABFGAsAAAAOAFQAYQBiAGwAZQAgAFMAaQBtAHAAbABlACAAMgAAAOgAOlaIAGrW IwgAgdYIAAAAAAYBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYjBACC1ggAAAAADAEAAIXW CAAAAP8AAAAAhtYIAAAA/wAAAABq1iMCAH/UCAAAAAAGAQAAhdYIAAAA/wAAAACG1ggAAAD/ AAAAAGrWIwEAgNYIAAAAAAwBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYjAAh/1AgAAAD/ AAAAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAABq1iMAAYHWCAAAAP8AAAAAhdYIAAAA/wAAAACG 1ggAAAD/AAAAAFgAiAANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwAU8AhcoICAA1 CAFcCAGFyggEADUIAVwIAYXKFQIANQgBQioAXAgBYEoAAHBoAAAA/4XKCAEANQgBXAgBhcoI AAg1CAFcCAGFyggAATUIAVwIAQAUAXEAswCTCBQBDAEAAEUYCwAAAA4AVABhAGIAbABlACAA UwBpAG0AcABsAGUAIAAzAAAAbAA6VokAE9YwAAAAAAwBAAAAAAAADAEAAAAAAAAMAQAAAAAA AAwBAAAAAAD/AAAAAAAAAP8AAAAAatYlAQCF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAA AP///wABAIfWCgAAAP8AAAD/AABYAIkADcZHABewAWADEAXABnAIIArQC4ANMA/gEJASQBTw FaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhLABFKTwAF6E sAEYAIXKFQEANQgBQioIXAgBYEoIAHBo////AMYBlACzAKMIxgEMAQAARRgLAAAADgBUAGEA YgBsAGUAIABTAHUAYgB0AGwAZQAgADEAAAAgATpWigBq1jBAAIDWCAAAAAAGAQAAhdYIAAAA /wAAAACG1ggAAAD/AAAAAIfWCoCAAAD///8ABQBq1iMIAIHWCAAAAAAMAQAAhdYIAAAA/wAA AACG1ggAAAD/AAAAAGrWIwQAgtYIAAAAAAwBAACF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYw AgB/1AgAAAAADAEAAIXWCAAAAP8AAAAAhtYIAAAA/wAAAACH1gqAAIAA////AAUAatYuAQB/ 1AgAAAAABgEAAIDWCAAAAAAMAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWGAAIhdYIAAAA /wAAAACG1ggAAAD/AAAAAGrWGAABhdYIAAAA/wAAAACG1ggAAAD/AAAAAIg0AVgAigANxkcA F7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwARYAhcoIAAg1CAFcCAGFyggAATUIAVwIAcYB lQCzALMIxgEMAQAARRgLAAAADgBUAGEAYgBsAGUAIABTAHUAYgB0AGwAZQAgADIAAAAfATpW iwAT1jAAAAD/AAAAAAAAAAAGAQAAAAAA/wAAAAAAAAAABgEAAAAAAP8AAAAAAAAA/wAAAABq 1jAIAIHWCAAAAAAMAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCoCAAAD///8ABQBq1jAE AILWCAAAAAAMAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgCAAAD///8ABQBq1iMCAH/U CAAAAAAMAQAAhdYIAAAA/wAAAACG1ggAAAD/AAAAAGrWIwEAgNYIAAAAAAwBAACF1ggAAAD/ AAAAAIbWCAAAAP8AAAAAatYYAAiF1ggAAAD/AAAAAIbWCAAAAP8AAAAAatYYAAGF1ggAAAD/ AAAAAIbWCAAAAP8AAAAAAFgAiwANxkcAF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQ GQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwARYA hcoIAAg1CAFcCAGFyggAATUIAVwIAcIAmwCzAMMIwgAMAQAARRgLAAAACwBUAGEAYgBsAGUA IABUAGgAZQBtAGUAAAA3ADpWjAAT1jAAAAD/BAEAAAAAAP8EAQAAAAAA/wQBAAAAAAD/BAEA AAAAAP8EAQAAAAAA/wQBAAAAWACMAA3GRwAXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU8BWg F1AZABuwHGAeECDAIXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SwARSk8ABehLAB AAAEAZYAswDTCAQBDAEAAEUYCwAAAAsAVABhAGIAbABlACAAVwBlAGIAIAAxAAAAaAA6Vo0A E9YwAAAA/wYaAAAAAAD/BhoAAAAAAP8GGgAAAAAA/wYaAAAAAAD/BhoAAAAAAP8GGgAAM9YG AAEPAxQAatYYAQCF1ggAAAD/AAAAAIbWCAAAAP8AAAAAh9YKAAAA/wAAAP8AAFgAjQANxkcA F7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA+EsAEUpPAAXoSwARIAhcoPAQBCKgBgSgAAcGgAAAD/BAGXALMA 4wgEAQwBAABFGAsAAAALAFQAYQBiAGwAZQAgAFcAZQBiACAAMgAAAGgAOlaOABPWMAAAAP8G GwAAAAAA/wYbAAAAAAD/BhsAAAAAAP8GGwAAAAAA/wYbAAAAAAD/BhsAADPWBgABDwMUAGrW GAEAhdYIAAAA/wAAAACG1ggAAAD/AAAAAIfWCgAAAP8AAAD/AABYAI4ADcZHABewAWADEAXA BnAIIArQC4ANMA/gEJASQBTwFaAXUBkAG7AcYB4QIMAhcCMgJdAmAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAPhLABFKTwAF6EsAESAIXKDwEAQioAYEoAAHBoAAAA/wQBmACzAPMIBAEMAQAA RRgLAAAACwBUAGEAYgBsAGUAIABXAGUAYgAgADMAAABoADpWjwAT1jAAAAD/GBoAAAAAAP8Y GgAAAAAA/xgaAAAAAAD/GBoAAAAAAP8GGgAAAAAA/wYaAAAz1gYAAQ8DFABq1hgBAIXWCAAA AP8AAAAAhtYIAAAA/wAAAACH1goAAAD/AAAA/wAAWACPAA3GRwAXsAFgAxAFwAZwCCAK0AuA DTAP4BCQEkAU8BWgF1AZABuwHGAeECDAIXAjICXQJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA D4SwARSk8ABehLABEgCFyg8BAEIqAGBKAABwaAAAAP9WAD4AAQACCVYADBAAAEUYCwAAAAUA VABpAHQAbABlAAAAEwCQAAMkAROk8AAUpDwAQCYAYSQBAB4ANQiBQ0ogAEtIHABPSgIAUUoC AFwIgV5KAgBhSiAAOgD+TwEAEgk6AAwAAABFGAsAAAAKAFIARgBDACAARgBpAGcAdQByAGUA AAAMAJEABSQBBiQBFKQAAAAARAD+DwEAIglEAAwAAACGeH8AAAAPAFIARgBDACAATABpAHMA dAAgAEIAdQBsAGwAZQB0AAAADACSAAUkAQomAAtGEQAAADoA/g9hAgIAOgAMAAAADwmgAAAA CgBSAEYAQwAgAEEAcABwACAASAAzAAAADACTAAomAwtGFABAJgMAADoA/g9hAgIAOgAMAAAA DwmgAAAACgBSAEYAQwAgAEEAcABwACAASAA0AAAADACUAAomBAtGFABAJgQAADoA/g9hAgIA OgAMAAAADwmgAAAACgBSAEYAQwAgAEEAcABwACAASAA1AAAADACVAAomBQtGFABAJgUAADoA /g8BAAIAOgAMAQAAQRKkAAAADwBSAEYAQwAgAEIAbwBpAGwAZQByAHAAbABhAHQAZQAAAAIA lgAAADAA/k8BAHIJMAAMAJwAcD7WAAAACABSAEYAQwAgAFQAZQB4AHQAAAAGAJcAFKQAAAAA lgBaQAEAggmWAAwEngC1OLkAMAYKAFAAbABhAGkAbgAgAFQAZQB4AHQAAABHAJgADcYwF7AB YAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxgHhAgwCFwIyAl0CYAD4QAABJk8AAB ABSkAABehAAAACAAQ0oUAFBKAwBeSgAAYUoUAG1IAABuSBEEc0gAAHRIEQRIAJkAAQCSCUgA DAUAAORzNwAAAAwAQgBhAGwAbABvAG8AbgAgAFQAZQB4AHQAAAACAJkAFABDShAAT0oKAFFK CgBeSgoAYUoQAHoA/g8RAKIJegAMAAAApydNAAAADABSAEYAQwAgAEgAZQBhAGQAaQBuAGcA MQAAAEAAmgAKJgALRh8ADcYwF7ABYAMQBcAGcAggCtALgA0wD+AQkBJAFPAVoBdQGQAbsBxg HhAgwCFwIyAl0CYAFKQAAAgAS0ggAF5KAAA+AP4PoQkCAD4ADAAAAKcnTQAAAAwAUgBGAEMA IABIAGUAYQBkAGkAbgBnADIAAAAMAJsACiYBC0YfAEAmAQAAWgD+L/L/wQlaAAwAlwBoHUoA AAANAFIARgBDACAAVABlAHgAdAAgAEMAaABhAHIAAAAoAENKGABPSgYAUEoJAFFKBgBeSgYA X0gBBGFKGABtSAkEc0gJBHRICQQ4AP4PogDRCTgADAAAAAZLrwAAABAAYQBwAHAAbABlAC0A cwB0AHkAbABlAC0AcwBwAGEAbgAAAAAATgD+L/L/4QlOAAwAmAANRMcAMAYPAFAAbABhAGkA bgAgAFQAZQB4AHQAIABDAGgAYQByAAAAGABPSgYAUEoDAFFKBgBeSgYAbkgRBHRIEQRUAP4v 8v/xCVQADAFBAKUhQQAwBhYASABUAE0ATAAgAFAAcgBlAGYAbwByAG0AYQB0AHQAZQBkACAA QwBoAGEAcgAAABAAT0oGAFBKCQBRSgYAXkoGAEQA/i/y/wEKRAAMAAAApSFBAAAAAwBoADEA MQAAACYAEQiAGAgANQiBPAiAQ0oYAE9KBgBRSgYAXAiBXkoGAGFKGABvKACcAP4PAQASCpwA DACiAN40CAAAAAQAQgBvAGQAeQAAAE0AoQANxjYXsAFgAxAFwAZwCCAK0AuADTAP4BCQEkAU 8BWgF1AZABuwHGAeECDAIXAjICXQJgKgBVwNAAAPhAAAEmTcAAAAFKQ8AF6EAAAALABCKgFP SgAAUEoFAFFKAABeSgAAYUoUAGgIAG1IAABwaAAAAABzSAAAdEgAADoA/i/y/yEKOgAMAKEA 3jQIAAAACQBCAG8AZAB5ACAAQwBoAGEAcgAAABAAQioBQ0oYAGgIAHBoAAAAADYA/k9BAjIK NgAMEKcAYVJfAAAACQBSAGUAZgBlAHIAZQBuAGMAZQAAAAIAowAIAG5IEQR0SBEEQgAnIPL/ QQpCAAwEAABYPOsAAAARAEMAbwBtAG0AZQBuAHQAIABSAGUAZgBlAHIAZQBuAGMAZQAAAAgA Q0oQAGFKEABWAP4v8v9RClYADAAlAGFSXwAAABMAUgBGAEMAIABSAGUAZgBlAHIAZQBuAGMA ZQBzACAAQwBoAGEAcgAAABgAQ0oYAE9KBgBQSgkAUUoGAF5KBgBhShgAUAD+D1IKYQpQAAwA JABhUl8AAAAcAFIARgBDACAAUgBlAGYAZQByAGUAbgBjAGUAcwAgAEIAbwBvAGsAbQBhAHIA awAgAEMAaABhAHIAAAAAAFQA/i/y/3EKVAAMAKMAYVJfAAAADgBSAGUAZgBlAHIAZQBuAGMA ZQAgAEMAaABhAHIAAAAgAENKGABPSgYAUEoJAFFKBgBeSgYAYUoYAG5IEQR0SBEETAAeAAEA ggpMAAwEqQBYPOsAAAAMAEMAbwBtAG0AZQBuAHQAIABUAGUAeAB0AAAAAgCoABgAQ0oUAF5K AABhShQAbUgAAHNIAAB0SAAASgD+L/L/kQpKAAwAqABYPOsAAAARAEMAbwBtAG0AZQBuAHQA IABUAGUAeAB0ACAAQwBoAGEAcgAAABAAT0oGAFBKCQBRSgYAXkoGAEAAagCBCoIKQAAMBKsA WDzrAAAADwBDAG8AbQBtAGUAbgB0ACAAUwB1AGIAagBlAGMAdAAAAAIAqgAGADUIgVwIgVYA /i/y/7EKVgAMAKoAWDzrAAAAFABDAG8AbQBtAGUAbgB0ACAAUwB1AGIAagBlAGMAdAAgAEMA aABhAHIAAAAWADUIAU9KBgBQSgkAUUoGAFwIAV5KBgB2AP4v8f/CCnYADgQAABZU9gBwBBkA QwBvAGwAbwByAGYAdQBsACAARwByAGkAZAAgAC0AIABBAGMAYwBlAG4AdAAgADYAMQAAAAIA rAAoAENKGABPSgYAUEoJAFFKBgBeSgYAX0gBBGFKGABtSAkEc0gJBHRICQQgAP4PogDRCiAA DAAAAMcKZAAAAAQAZwByAGUAeQAAAAAAdgD+L/H/4gp2AA4EAAA/IoMAcAQZAEMAbwBsAG8A cgBmAHUAbAAgAEcAcgBpAGQAIAAtACAAQQBjAGMAZQBuAHQAIAA2ADIAAAACAK4AKABDShgA T0oGAFBKCQBRSgYAXkoGAF9IAQRhShgAbUgJBHNICQR0SAkELAD+T0EC8gosAAwQsAD1dRQA AAAEAEIAaQBiADIAAAACAK8ACABuSBEEdEgRBEoA/i/y/wELSgAMAK8A9XUUAAAACQBCAGkA YgAyACAAQwBoAGEAcgAAACAAQ0oYAE9KBgBQSgkAUUoGAF5KBgBhShgAbkgRBHRIEQR2AP4v 8f8SC3YADgUAAG5C4AAwBhkATABpAGcAaAB0ACAAUwBoAGEAZABpAG4AZwAgAC0AIABBAGMA YwBlAG4AdAAgADUAMQAAAAIAsQAoAENKGABPSgYAUEoJAFFKBgBeSgYAX0gBBGFKGABtSAkE c0gJBHRICQRwAP4v8f8iC3AADgUAACtUXgAwBhYATABpAGcAaAB0ACAATABpAHMAdAAgAC0A IABBAGMAYwBlAG4AdAAgADMAMQAAAAIAsgAoAENKGABPSgYAUEoJAFFKBgBeSgYAX0gBBGFK GABtSAkEc0gJBHRICQRMAFkAAQAyC0wADAS0ANdjsgAAAAwARABvAGMAdQBtAGUAbgB0ACAA TQBhAHAAAAACALMAGABPSgsAUUoLAF5KAABtSAAAc0gAAHRIAABSAP4v8v9BC1IADACzANdj sgAAABEARABvAGMAdQBtAGUAbgB0ACAATQBhAHAAIABDAGgAYQByAAAAGABDShgAT0oLAFBK CQBRSgsAXkoLAGFKGAB2AP4v8f9SC3YADgUAAHFN3wAwBhkATQBlAGQAaQB1AG0AIABMAGkA cwB0ACAAMgAgAC0AIABBAGMAYwBlAG4AdAAgADIAMQAAAAIAtQAoAENKGABPSgYAUEoJAFFK BgBeSgYAX0gBBGFKGABtSAkEc0gJBHRICQR8AP4v8f9iC3wADgUAAAYKogAwBhwAQwBvAGwA bwByAGYAdQBsACAAUwBoAGEAZABpAG4AZwAgAC0AIABBAGMAYwBlAG4AdAAgADEAMQAAAAIA tgAoAENKGABPSgYAUEoJAFFKBgBeSgYAX0gBBGFKGABtSAkEc0gJBHRICQR8AP4v8f9yC3wA DgUAAI87uQAwBhwAQwBvAGwAbwByAGYAdQBsACAAUwBoAGEAZABpAG4AZwAgAC0AIABBAGMA YwBlAG4AdAAgADEAMgAAAAIAtwAoAENKGABPSgYAUEoJAFFKBgBeSgYAX0gBBGFKGABtSAkE c0gJBHRICQQkAP5v8v+BCyQADAAAAMJGqQAAAAYAaQBuAHMAZQByAHQAAAAAAFQAsiDx/5IL VAAOBAAAAkOVAHAECABSAGUAdgBpAHMAaQBvAG4AAAACALkAKABDShgAT0oGAFBKCQBRSgYA XkoGAF9IAQRhShgAbUgJBHNICQR0SAkEQACzAAEAogtAAAwUAABsBDAAgAQOAEwAaQBzAHQA IABQAGEAcgBhAGcAcgBhAHAAaAAAAAoAugAPhNACXoTQAgAAUEsDBBQABgAIAAAAIQDp3g+/ /wAAABwCAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbKyRy07DMBBF90j8g+UtSpyyQAgl6YLH jseifMDImSQWydiyp1X790zSVEKoIBZsLNkz954743K9Hwe1w5icp0qv8kIrJOsbR12l3zdP 2a1WiYEaGDxhpQ+Y9Lq+vCg3h4BJiZpSpXvmcGdMsj2OkHIfkKTS+jgCyzV2JoD9gA7NdVHc GOuJkTjjyUPX5QO2sB1YPe7l+Zgk4pC0uj82TqxKQwiDs8CS1Oyo+UbJFkIuyrkn9S6kK4mh zVnCVPkZsOheZTXRNajeIPILjBLDsAyJX89nIBkt5r87nons29ZZbLzdjrKOfDZezE7B/xRg 9T/oE9PMf1t/AgAA//8DAFBLAwQUAAYACAAAACEApdan58AAAAA2AQAACwAAAF9yZWxzLy5y ZWxzhI/PasMwDIfvhb2D0X1R0sMYJXYvpZBDL6N9AOEof2giG9sb69tPxwYKuwiEpO/3qT3+ rov54ZTnIBaaqgbD4kM/y2jhdj2/f4LJhaSnJQhbeHCGo3vbtV+8UNGjPM0xG6VItjCVEg+I 2U+8Uq5CZNHJENJKRds0YiR/p5FxX9cfmJ4Z4DZM0/UWUtc3YK6PqMn/s8MwzJ5PwX+vLOVF BG43lExp5GKhqC/jU72QqGWq1B7Qtbj51v0BAAD//wMAUEsDBBQABgAIAAAAIQBreZYWgwAA AIoAAAAcAAAAdGhlbWUvdGhlbWUvdGhlbWVNYW5hZ2VyLnhtbAzMTQrDIBBA4X2hd5DZN2O7 KEVissuuu/YAQ5waQceg0p/b1+XjgzfO3xTVm0sNWSycBw2KZc0uiLfwfCynG6jaSBzFLGzh xxXm6XgYybSNE99JyHNRfSPVkIWttd0g1rUr1SHvLN1euSRqPYtHV+jT9yniResrJgoCOP0B AAD//wMAUEsDBBQABgAIAAAAIQC29GeYkwcAAMkgAAAWAAAAdGhlbWUvdGhlbWUvdGhlbWUx LnhtbOxZzYsbyRW/B/I/NH2X9dWtj8Hyok/P2jO2sWSHPdZIpe7yVHeJqtKMxWII3lMugcAm 5JCFve0hhCzswi655I8x2CSbPyKvqlvdVVLJnhkcMGFGMHSXfu/Vr9579d5T1d3PXibUu8Bc EJb2/Pqdmu/hdM4WJI16/rPZpNLxPSFRukCUpbjnb7DwP7v361/dRUcyxgn2QD4VR6jnx1Ku jqpVMYdhJO6wFU7huyXjCZLwyqPqgqNL0JvQaqNWa1UTRFLfS1ECah8vl2SOvZlS6d/bKh9T eE2lUANzyqdKNbYkNHZxXlcIsRFDyr0LRHs+zLNglzP8UvoeRULCFz2/pv/86r27VXSUC1F5 QNaQm+i/XC4XWJw39Jw8OismDYIwaPUL/RpA5T5u3B63xq1Cnwag+RxWmnGxdbYbwyDHGqDs 0aF71B416xbe0N/c49wP1cfCa1CmP9jDTyZDsKKF16AMH+7hw0F3MLL1a1CGb+3h27X+KGhb +jUopiQ930PXwlZzuF1tAVkyeuyEd8Ng0m7kyksUREMRXWqKJUvloVhL0AvGJwBQQIokST25 WeElmkMUDxElZ5x4JySKIfBWKGUChmuN2qTWhP/qE+gn7VF0hJEhrXgBE7E3pPh4Ys7JSvb8 B6DVNyBvf/75zesf37z+6c1XX715/fd8bq3KkjtGaWTK/fLdH/7zzW+9f//w7S9f/zGbehcv TPy7v/3u3T/++T71sOLSFG//9P27H79/++ff/+uvXzu09zk6M+EzkmDhPcKX3lOWwAId/PEZ v57ELEbElOinkUApUrM49I9lbKEfbRBFDtwA23Z8ziHVuID31y8swtOYryVxaHwYJxbwlDE6 YNxphYdqLsPMs3UauSfnaxP3FKEL19xDlFpeHq9XkGOJS+UwxhbNJxSlEkU4xdJT37FzjB2r +4IQy66nZM6ZYEvpfUG8ASJOk8zImRVNpdAxScAvGxdB8Ldlm9Pn3oBR16pH+MJGwt5A1EF+ hqllxvtoLVHiUjlDCTUNfoJk7CI53fC5iRsLCZ6OMGXeeIGFcMk85rBew+kPIc243X5KN4mN 5JKcu3SeIMZM5IidD2OUrFzYKUljE/u5OIcQRd4TJl3wU2bvEPUOfkDpQXc/J9hy94ezwTPI sCalMkDUN2vu8OV9zKz4nW7oEmFXqunzxEqxfU6c0TFYR1Zon2BM0SVaYOw9+9zBYMBWls1L 0g9iyCrH2BVYD5Adq+o9xQJ6JdXc7OfJEyKskJ3iiB3gc7rZSTwblCaIH9L8CLxu2nwMpS5x BcBjOj83gY8I9IAQL06jPBagwwjug1qfxMgqYOpduON1wy3/XWWPwb58YdG4wr4EGXxtGUjs psx7bTND1JqgDJgZgi7DlW5BxHJ/KaKKqxZbO+WW9qYt3QDdkdX0JCT9YAe00/uE/7veBzqM t3/5xrEPPk6/41ZsJatrdjqHksnxTn9zCLfb1QwZX5BPv6kZoXX6BEMd2c9Ytz3NbU/j/9/3 NIf2820nc6jfuO1kfOgwbjuZ/HDl43QyZfMCfY068MgOevSxT3Lw1GdJKJ3KDcUnQh/8CPg9 s5jAoJLTJ564OAVcxfCoyhxMYOEijrSMx5n8DZHxNEYrOB2q+0pJJHLVkfBWTMChkR526lZ4 uk5O2SI77KzX1cFmVlkFkuV4LSzG4aBKZuhWuzzAK9RrtpE+aN0SULLXIWFMZpNoOki0t4PK SPpYF4zmIKFX9lFYdB0sOkr91lV7LIBa4RX4we3Bz/SeHwYgAkJwHgfN+UL5KXP11rvamR/T 04eMaUUANNjbCCg93VVcDy5PrS4LtSt42iJhhJtNQltGN3gihp/BeXSq0avQuK6vu6VLLXrK FHo+CK2SRrvzPhY39TXI7eYGmpqZgqbeZc9vNUMImTla9fwlHBrDY7KC2BHqNxeiEdy8zCXP NvxNMsuKCzlCIs4MrpNOlg0SIjH3KEl6vlp+4Qaa6hyiudUbkBA+WXJdSCufGjlwuu1kvFzi uTTdbowoS2evkOGzXOH8VovfHKwk2RrcPY0Xl94ZXfOnCEIsbNeVARdEwN1BPbPmgsBlWJHI yvjbKUx52jVvo3QMZeOIrmKUVxQzmWdwncoLOvqtsIHxlq8ZDGqYJC+EZ5EqsKZRrWpaVI2M w8Gq+2EhZTkjaZY108oqqmq6s5g1w7YM7NjyZkXeYLU1MeQ0s8JnqXs35Xa3uW6nTyiqBBi8 sJ+j6l6hIBjUysksaorxfhpWOTsftWvHdoEfoHaVImFk/dZW7Y7dihrhnA4Gb1T5QW43amFo ue0rtaX1rbl5sc3OXkDyGEGXu6ZSaFfCyS5H0BBNdU+SpQ3YIi9lvjXgyVtz0vO/rIX9YNgI h5VaJxxXgmZQq3TCfrPSD8NmfRzWa6NB4xUUFhkn9TC7sZ/ABQbd5Pf2enzv7j7Z3tHcmbOk yvTdfFUT13f39cbhu3uPQNL5stWYdJvdQavSbfYnlWA06FS6w9agMmoN26PJaBh2upNXvneh wUG/OQxa406lVR8OK0Grpuh3upV20Gj0g3a/Mw76r/I2BlaepY/cFmBezevefwEAAP//AwBQ SwMEFAAGAAgAAAAhAA3RkJ+2AAAAGwEAACcAAAB0aGVtZS90aGVtZS9fcmVscy90aGVtZU1h bmFnZXIueG1sLnJlbHOEj00KwjAUhPeCdwhvb9O6EJEm3YjQrdQDhOQ1DTY/JFHs7Q2uLAgu h2G+mWm7l53JE2My3jFoqhoIOumVcZrBbbjsjkBSFk6J2TtksGCCjm837RVnkUsoTSYkUigu MZhyDidKk5zQilT5gK44o49W5CKjpkHIu9BI93V9oPGbAXzFJL1iEHvVABmWUJr/s/04Goln Lx8WXf5RQXPZhQUoosbM4CObqkwEylu6usTfAAAA//8DAFBLAQItABQABgAIAAAAIQDp3g+/ /wAAABwCAAATAAAAAAAAAAAAAAAAAAAAAABbQ29udGVudF9UeXBlc10ueG1sUEsBAi0AFAAG AAgAAAAhAKXWp+fAAAAANgEAAAsAAAAAAAAAAAAAAAAAMAEAAF9yZWxzLy5yZWxzUEsBAi0A FAAGAAgAAAAhAGt5lhaDAAAAigAAABwAAAAAAAAAAAAAAAAAGQIAAHRoZW1lL3RoZW1lL3Ro ZW1lTWFuYWdlci54bWxQSwECLQAUAAYACAAAACEAtvRnmJMHAADJIAAAFgAAAAAAAAAAAAAA AADWAgAAdGhlbWUvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQABgAIAAAAIQAN0ZCftgAAABsB AAAnAAAAAAAAAAAAAAAAAJ0KAAB0aGVtZS90aGVtZS9fcmVscy90aGVtZU1hbmFnZXIueG1s LnJlbHNQSwUGAAAAAAUABQBdAQAAmAsAAAAAPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGlu Zz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KPGE6Y2xyTWFwIHhtbG5zOmE9Imh0dHA6 Ly9zY2hlbWFzLm9wZW54bWxmb3JtYXRzLm9yZy9kcmF3aW5nbWwvMjAwNi9tYWluIiBiZzE9 Imx0MSIgdHgxPSJkazEiIGJnMj0ibHQyIiB0eDI9ImRrMiIgYWNjZW50MT0iYWNjZW50MSIg YWNjZW50Mj0iYWNjZW50MiIgYWNjZW50Mz0iYWNjZW50MyIgYWNjZW50ND0iYWNjZW50NCIg YWNjZW50NT0iYWNjZW50NSIgYWNjZW50Nj0iYWNjZW50NiIgaGxpbms9ImhsaW5rIiBmb2xI bGluaz0iZm9sSGxpbmsiLz4AAAAAedMAABMAAOQBAAAA/////wAAAAADAAAABgAAAAgAAAAL AAAADgAAABAAAAAQAAAATAAAAEwAAACAAAAAwQIAABcDAAAaAwAAAAgAADULAABuDgAAyQ8A AJ8QAAB1EgAAghMAAMAUAADyFQAAshYAAMYXAADCGAAAmBkAAOsaAACvGwAA4BwAAAIeAAB+ IAAA5SMAANYlAADPLAAA9i4AAFUyAAAzNAAAfTUAAG42AACwOAAAFjoAAP07AAAuPQAAFz4A AJJEAABnRQAAEEYAAEFIAAApSgAACEwAAAhOAAC4UQAA/lMAAMpWAABzWAAAh1kAAN1aAAAI YQAAlmEAABhjAACLZQAAfGgAANZqAAAObQAADm4AAN9uAACebwAAZ3AAAAVyAABccwAAmnQA AIV1AAAIeQAAhYAAALmCAACzhQAA2IcAAJSJAADDiwAABo0AAC2PAABUkgAACJQAANCXAACM mAAAfZkAADmbAAB9nQAAq58AAOagAAB0pAAA26kAAOGvAAD+sgAAY7YAAI63AAAvuAAAPbwA AKS9AAA7vgAAub4AAKTAAAA+xgAAEscAAOnJAAB5ygAA5M0AAMvPAAB90QAAutMAALLWAADU 1wAAvtgAAHjaAABe2wAAedsAAG4AAABwAAAAcQAAAHIAAABzAAAAdAAAAHYAAAB3AAAAeAAA AHkAAAB6AAAAewAAAH0AAAB+AAAAfwAAAIAAAACBAAAAgwAAAIQAAACFAAAAiAAAAIkAAACK AAAAiwAAAIwAAACNAAAAjgAAAI8AAACQAAAAkQAAAJIAAACUAAAAlQAAAJYAAACXAAAAmAAA AJkAAACaAAAAmwAAAJwAAACeAAAAnwAAAKAAAACiAAAApQAAAKYAAACoAAAAqQAAAKoAAACs AAAArQAAAK4AAACvAAAAsQAAALIAAACzAAAAtAAAALUAAAC3AAAAuAAAALoAAAC8AAAAvgAA AL8AAADAAAAAwQAAAMIAAADDAAAAxAAAAMUAAADHAAAAyAAAAMkAAADKAAAAywAAAMwAAADN AAAAzgAAAM8AAADQAAAA0gAAANMAAADUAAAA1QAAANYAAADYAAAA2QAAANoAAADcAAAA3wAA AOAAAADhAAAA4gAAAOQAAADlAAAA5gAAAOgAAADrAAAA7AAAAO4AAADwAAAA8QAAAAAIAABN EgAAMhkAAJgdAAAjJwAABiwAAL9BAAAyUwAAU1oAAIhdAAA6YAAA82IAAJZpAADvbgAAt3QA AP95AAAegAAAQYQAAP6TAACPsAAAlrwAAJ2+AABjwQAA/8UAAMfMAABZ0gAActQAAEDWAADq 1wAA39gAAHnbAABvAAAAdQAAAHwAAACCAAAAhgAAAIcAAACTAAAAnQAAAKEAAACjAAAApAAA AKcAAACrAAAAsAAAALYAAAC5AAAAuwAAAL0AAADGAAAA0QAAANcAAADbAAAA3QAAAN4AAADj AAAA5wAAAOkAAADqAAAA7QAAAO8AAAC/DAAAzgwAAOcMAAADDQAABQ0AABcNAAAzDQAANQ0A AFgNAAB0DQAAdg0AAJYNAACyDQAAtA0AANcNAADzDQAA9Q0AABcOAAAzDgAANQ4AAFQOAABw DgAAcg4AAJIOAACuDgAAsQ4AAPMOAAAPDwAAEg8AAC8PAABLDwAATg8AAGcPAACDDwAAhg8A AKUPAADBDwAAxA8AAOQPAAAAEAAAAxAAACMQAAA/EAAAQhAAAFgQAAB0EAAAdxAAAIcQAACj EAAAphAAAMIQAADeEAAA4RAAAP8QAAAbEQAAHhEAADsTAAD5tgAAYbcAALq3AAAfywAASMsA AFvLAACQywAAucsAAMzLAAAwzAAAWcwAAGzMAACXzAAAwMwAANPMAAABzQAAMc0AAEvNAADm zQAAFc4AAC7OAADlzgAACs8AABnPAABAzwAAbs8AAIbPAACtzwAA1c8AAOfPAAAa0AAARtAA AFzQAAB50wAAEw0U/xMl1P+VzBMlFP+VzBMlVP+VzBMllP+VzBMl1P+VzBMlFP+VzBMlVP+V zBMllP+VzBMl9P+VzBMlNP+VzBMlVP+VzBMllP+VzBMl1P+VzBMlFP+VzBMlVP+VzBMldP+V zBMltP+VzBMl9P+VzJWME1gU/xWME1gU/xWME1gU/xWME1gU/xWME1gU/xWME1gU/xWME1gU /xWME1gU/xWME1gU/xWME1gU/xWME1gU/xWMcQAAAHgAAAB7AAAACgMAABEDAAATAwAAGgMA ABMhlP+VgBMhlP+VgA8AAPBAAAAAAAAG8CAAAAABCAAAAwAAAAIAAAACAAAAAQAAAAIAAAAC AAAAAQAAAEAAHvEQAAAA//8AAAAA/wCAgIAA9wAAEAEPAALwSAAAACAACPAIAAAAAQAAAAAI AAAPAAPwMAAAAA8ABPAoAAAAAQAJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAgAK8AgAAAAACAAA BQAAAAAPAALwkgAAABAACPAIAAAAAQAAAAEEAAAPAAPwMAAAAA8ABPAoAAAAAQAJ8BAAAAAA AAAAAAAAAAAAAAAAAAAAAgAK8AgAAAAABAAABQAAAA8ABPBCAAAAEgAK8AgAAAABBAAAAA4A AFMAC/AeAAAAvwEAABAAywEAAAAA/wEAAAgABAMJAAAAPwMBAAEAAAAR8AQAAAABAAAA//8q AAAADQBfAFQAbwBjADIAOQA2ADgANQA3ADYAMgA2AA0AXwBIAGwAawA1ADAAMgA2ADUANgA1 ADkAMQANAF8AVABvAGMANQAwADIANgA2ADEAOAA0ADQADQBfAEgAbABrADUAMAAyADYANgA0 ADkAMgA4AA0AXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADQANQANAF8ASABsAGsANQAwADIANgA1 ADcAMQA1ADgADQBfAEgAbABrADUAMAAyADYANgAzADAAMgA3AA0AXwBIAGwAawA1ADAAMgA2 ADYANwA1ADgANAANAF8ASABsAGsANQAwADIANgA2ADkAMQAwADQADQBfAFQAbwBjADUAMAAy ADYANgAxADgANAA2AA0AXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADQANwANAF8AVABvAGMANQAw ADIANgA2ADEAOAA0ADgADQBfAFQAbwBjADUAMAAyADYANgAxADgANAA5AA0AXwBUAG8AYwA1 ADAAMgA2ADYAMQA4ADUAMAANAF8ASABsAGsANQAwADIANwA0ADAANwA2ADcADQBfAEgAbABr ADUAMAAyADcANAA1ADgANAA2AA0AXwBIAGwAawA1ADAAMgA3ADUAMQAxADUAOAANAF8ASABs AGsANQAwADIANwA1ADMAMQAzADcADQBfAFQAbwBjADUAMAAyADYANgAxADgANQAxAA0AXwBU AG8AYwA1ADAAMgA2ADYAMQA4ADUAMgANAF8AVABvAGMANAAwADEAOQAyADQANQA3ADcADQBf AFQAbwBjADQAMAAxADkAMgA0ADUANwA4AA0AXwBUAG8AYwAzADQANgA4ADgANgAxADMAMgAN AF8AVABvAGMAMwA0ADUAMwAzADcAOQA0ADQADQBfAFQAbwBjADMANAA2ADgAMAA5ADYAMAA0 AA0AXwBUAG8AYwAzADQANgA4ADgANgAxADMAMwANAF8AVABvAGMANQAwADIANgA2ADEAOAA1 ADMADQBfAFQAbwBjADUAMAAyADYANgAxADgANQA0AA0AXwBUAG8AYwA1ADAAMgA2ADYAMQA4 ADUANQANAF8AVABvAGMANQAwADIANgA2ADEAOAA1ADYADQBfAFQAbwBjADIAOQA2ADgANQA3 ADYAMwA2AA0AXwBUAG8AYwA1ADAAMgA2ADYAMQA4ADUANwANAF8AVABvAGMANQAwADIANgA2 ADEAOAA1ADgADQBfAFQAbwBjADUAMAAyADYANgAxADgANQA5AA0AXwBUAG8AYwA1ADAAMgA2 ADYAMQA4ADYAMAAMAF8AUgBlAGYAOAA2ADEANQA2ADIAOQAyAAwAXwBSAGUAZgA4ADYAMwAz ADMAMQAwADMADQBfAFQAbwBjADUAMAAyADYANgAxADgANgAxAAkATwBMAEUAXwBMAEkATgBL ADEACQBPAEwARQBfAEwASQBOAEsAMgANAF8AVABvAGMAMgAyADQAMwAyADkANgAzADQADQBf AFQAbwBjADIAMgA0ADMAMwA1ADMAMwA1AD8DAAC8CgAAPhMAAD4TAACLFQAAmBUAAHMZAADg JwAAcygAAAQuAAD6MwAA0UEAAK5OAAA+TwAAPFgAAP9fAACtZAAACXEAAJp9AABkfwAANK8A ADSvAAA0rwAANK8AADSvAAA0rwAANq8AAJ2zAAAntAAAhLYAACq4AAAquAAAP74AAO6+AAD5 vgAAf78AAH+/AADHxAAAcMwAAHDMAABwzAAAcMwAAHrTAAAAAAAAAQAAAAIAAAADAAAABAAA AAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAMAAAADQAAAA4AAAAPAAAAEAAAABEAAAAS AAAAEwAAABQAAAAVAAAAFgAAABcAAAAYAAAAGQAAABoAAAAbAAAAHAAAAB0AAAAeAAAAHwAA ACAAAAAhAAAAIgAAACMAAAAkAAAAJQAAACYAAAAnAAAAKAAAACkAAABPAwAAHwsAAFUTAACL FQAAlxUAAPgVAACHGQAARygAAE8pAAAfLgAAEjQAAOxBAADKTgAAVU8AAE5ZAAB7YAAAfWUA ALlxAACyfQAAnn8AADSvAAA0rwAANK8AADSvAAA0rwAANK8AAE2vAACwswAAPrQAAJy2AABB uAAAQrgAAE++AAD4vgAADb8AAMfEAADHxAAA3cQAAC/OAAAvzgAAL84AAC/OAAB60wAAAAAA AAkAAAAUAAAA5AUAAPAFAABqBwAAdAcAAIIHAACJBwAAvgcAAMcHAAB4FAAAgRQAAIgUAACR FAAAXRUAAGQVAABzGQAAehkAAKsZAAC0GQAA2B4AAN8eAACeIwAApSMAAEspAABPKQAAMzMA ADwzAAB1MwAAfjMAAG03AABwNwAAjzcAAJI3AACjNwAApjcAANw4AADfOAAA8DgAAPM4AAD+ OAAACjkAALU6AAC4OgAA5DoAAOc6AAAiPQAAKz0AAJw9AAClPQAAvj4AAME+AADmPwAA6T8A AExPAABVTwAAUlAAAFtQAABpUQAAfVEAAH9RAACEUQAAiFMAAJFTAACbVAAAr1QAALFUAAC2 VAAAjVkAAJZZAAD4WQAAAVoAAHBaAAB5WgAAulsAAMRbAABWYwAAYGMAAHFlAAB6ZQAAJ2YA ADBmAADTZgAA3GYAAG9nAAB5ZwAAfGcAAIFnAAAEaAAADmgAANJrAADbawAAe20AAIRtAABz cQAAfHEAAIR4AACNeAAAqnoAALN6AACpfQAAsn0AANJ9AADbfQAABH8AAA1/AABAgQAASYEA ANaCAADgggAAZoMAAHCDAACugwAAuIMAAH6EAACFhAAAIIUAACmFAABdhQAAZIUAAGuGAAB1 hgAA24YAAOSGAADVhwAA34cAAJ2IAACiiAAAYosAAGuLAADyiwAA+4sAAH+MAACIjAAAtowA AL+MAADzjAAA/IwAAGONAABsjQAA+Y0AAAKOAACRjgAAmo4AAN6OAADnjgAATo8AAFePAADe jwAA548AAPuPAAAEkAAAipIAAJOSAAAplQAAMpUAAIuVAACUlQAA1pUAANqVAAATlgAAGpYA ACmXAAAwlwAAw5cAAMyXAADplwAA8pcAAPGbAAD1mwAAHZwAACScAAAgnQAAKZ0AAHyfAACD nwAACaAAABugAABcoAAAY6AAAJGiAACYogAA0qQAANmkAACupQAAtaUAAGiwAABxsAAA/bEA AAeyAAB3sgAAgbIAACyzAAA2swAAhbMAAI+zAAAvtAAAOLQAAIW1AACOtQAApLUAAK21AAD/ tQAACLYAADK2AAA7tgAAjbYAAJa2AACwtgAAurYAAM+3AADYtwAAcL4AAHW+AAC1vgAAu74A AMu+AADQvgAAGL8AAB+/AAB/vwAAiL8AAKa/AACsvwAAxL8AAMm/AADVvwAA4L8AAKPAAACq wAAAksEAAJ3BAAD1wQAA/cEAAAfCAAAOwgAAm8IAAKHCAACxwgAAuMIAAOLCAADtwgAAN8MA AD3DAAB/wwAAiMMAANrDAADgwwAAAcQAAAjEAAAAxQAACcUAABbFAAAdxQAAecUAAITFAACk xgAAq8YAALnGAAC/xgAAc8cAAHvHAADyxwAA+McAABDIAAAVyAAAIcgAACzIAACCyAAAh8gA AJPIAACayAAAucgAAL/IAADSyQAA3MkAAB3KAAAiygAAp8oAAKzKAAD0ygAA/MoAAHjMAAB+ zAAAUs0AAFjNAABZzQAAX80AAJXNAACdzQAAOc4AAD/OAADtzwAA8s8AAGDQAABi0AAAY9AA AGXQAABm0AAAZ9AAAGjQAABq0AAAa9AAAG3QAABu0AAAb9AAAHDQAAAN0gAAD9IAAHfTAAB6 0wAABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH ABwABwAcAAcAHAAHAAQABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAc AAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAH ABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAcAAcAHAAHABwABwAH AAIABwACAAcAAgAHAAIABwACAAcAAgAHABwABwACAAAAAADnBgAA8gYAAK0fAACxHwAAxyEA AMshAABRIgAAVSIAAMUjAADKIwAA9CMAAPkjAAAMKwAAESsAALwrAADKKwAAuzIAAMYyAADo NQAAUrMAAH+/AACUvwAAd8oAAIHKAABg0AAA0dAAANzQAABq0wAAdNMAAHrTAAAHADMABwAz AAcAMwAHADMABwAzAAcAMwAHADMABwAzAAcAMwAHAAMABwAEAAcAMwAHAAIABwACAAcAAgAA AAAAXwAAAIYAAAD9AgAAPwMAANEFAADSBQAA2wUAAL8LAADhCwAArQwAAL8MAACLFQAAmBUA AFkXAAAwHgAAnx4AAGgfAACnIwAAFCQAANIkAAC4JQAAYiYAAOAnAABQKQAAzysAAAQuAAAg LgAAlS8AADcwAABrMwAA+jMAABI0AAATNAAA8DQAAGk2AACpNwAARzgAAAs5AAAMOQAAhjkA ABc8AABdPAAAhjwAANFBAACfQgAAg0MAAOpFAABSRgAAH0kAADJLAAAvTAAA7UwAAFdNAAAK TgAAVk8AAHdQAAC8UAAAZlMAAK1TAAAyVAAA4VYAAK1XAACwVwAAOlgAADxYAAA/WAAATlkA AFhZAAAjWgAAKloAAK5aAAAYWwAAxlsAAP9fAADGYgAA4mIAAGJjAAAdZAAArWQAAMVkAAB9 ZQAA3WYAAHxnAACDZwAAm2cAABJoAABEaAAAqGgAADRpAAAAagAAPWoAAJpsAAAWbQAAx20A AAxuAAAJcQAAvnEAAB54AADOeAAAG3oAAPR6AABKfAAAUnwAAOR+AABkfwAAn38AAI6BAABk ggAAiowAACWNAABljgAAEI8AAB+SAACrkgAAIJQAAP6UAAApmwAA35sAADavAABOrwAApLAA AI+xAACdswAAU7UAAIO1AAAgtgAAhLYAAJ22AAC+twAAQrgAAEO4AABiuAAAp7gAAAK5AADY ugAAFrsAAG+7AABQvgAA7r4AAH+/AACTvwAAmcAAAOrBAACHwgAALcMAANDDAAABxAAAx8QA AN3EAADexAAA5MUAAIfGAADLxwAAZckAAIDJAACNyQAAyskAAK3KAADrygAAXssAAHvLAADX zAAA5swAALLOAADFzgAANs8AAInPAABf0AAAYNAAAGLQAABj0AAAZdAAAGbQAABn0AAAaNAA AGrQAABr0AAAbdAAAG7QAABv0AAAcNAAAKrQAACv0AAA0dAAANzQAADe0AAA9NEAAHjSAADM 0gAAH9MAAEjTAABq0wAAdNMAAHXTAAB30wAAetMAAAgABwAIAAcACAAHAAgABwAIAAcACAAH AAUABwAIAAcABQAHAAUABwAIAAcACAAHAAgABwAIAAcACAAHAAgABQAHAAgABwAIAAcACAAH AAUACAAFAAgABwAIAAcACAAHAAgABwAIAAcACAAHAAgABwAFAAgABwAFAAcABQAHAAUABwAI AAcACAAHAAgABwAIAAcACAAHAAgABwAIAAcACAAHAAgABwAFAAgABwAIAAcACAAHAAgABwAI AAcABQAIAAcACAAHAAgABwAIAAcACAAHAAgABwAIAAcACAAHAAgABwAIAAcACAAHAAgABwAI AAcACAAHAAgABQAHAAUACAAHAAgABwAFAAgABwAIAAUABwAIAAcACAAEAAcACAAHAAgABwAI AAcACAAHAAgABwAIAAcABQAIAAUACAAHAAgABQAIAAUACAAFAAgABQAIAAcABwACAAcAAgAH AAIABwACAAcAAgAHAAIABQAHAAUABwAFAAcABQAHAAUABwAFAAcABQAHAAIALwAd////Uka4 +P8P/w//D/8P/w//D/8P/w//DwAAfP///6J5WqlaAP8P/w//D/8P/w//D/8P/w8BAH3///9U cBZ7WQD/D/8P/w//D/8P/w//D/8PAQB+////dMLqf1gA/w//D/8P/w//D/8P/w//DwEAf/// /8AiQPpXAP8P/w//D/8P/w//D/8P/w8BAID////o4OgQUAD/D/8P/w//D/8P/w//D/8PAQCB ////5jKaIE8A/w//D/8P/w//D/8P/w//DwEAgv///xhe7F9OAP8P/w//D/8P/w//D/8P/w8B AIP////otqboTQD/D/8P/w//D/8P/w//D/8PAQCI////aHkMqFYA/w//D/8P/w//D/8P/w// DwEAif///0zyygFMAP8P/w//D/8P/w//D/8P/w8BAMIcFABsvvLy/w//D/8P/w//D/8P/w// D/8PEABJPC4CwGS63/8P/w//D/8P/w//D/8P/w//DxAAqVt+AohNrvH/D/8P/w//D/8P/w// D/8P/w8AANAHigLUnhjK/w//D/8P/w//D/8P/w//D/8PEAC8cRgDTgX0J5IA/w//D/8P/w// D/8P/w//DxAA7TPOA4g/+Hj/D/8P/w//D/8P/w//D/8P/w8QALJofQTmhXCV/w//D/8P/w// D/8P/w//D/8PEABlAY0K2HxGMP8P/w//D/8P/w//D/8P/w//DwAAyW/aCgR1yF7/D/8P/w// D/8P/w//D/8P/w8QAG8/HhL+DmQV/w//D/8P/w//D/8P/w//D/8PEAD8TiQYbAo2qf8P/w// D/8P/w//D/8P/w//DwAAblLsIzhFmqwqACsALACTAJQAlQD/D/8P/w8AAJJMuieq3lqU/w// D/8P/w//D/8P/w//D/8PAAA/RtopWmqi0CkA/w//D/8P/w//D/8P/w//DxAAQC2OK/IOkOcB AAIAAwAEAAUABgAHAAgACQAAAMgXZzsCngxAmgCbAP8P/w//D/8P/w//D/8PEABVO2FC/lL8 zv8P/w//D/8P/w//D/8P/w//DxAA0C9tSFgeQvz/D/8P/w//D/8P/w//D/8P/w8QAPdm+EmI P/h4/w//D/8P/w//D/8P/w//D/8PEADfBEFNiE2u8SUA/w//D/8P/w//D/8P/w//DxAAylYt TqKGtIf/D/8P/w//D/8P/w//D/8P/w8QAIgVyE5GLX5g/w//D/8P/w//D/8P/w//D/8PEABW fmZRIwAJBP8P/w//D/8P/w//D/8P/w//DwAAEXmCUh0ACQT/D/8P/w//D/8P/w//D/8P/w8A AL4f41WWmajR/w//D/8P/w//D/8P/w//D/8PEAAfVbZZzn/GkP8P/w//D/8P/w//D/8P/w// DwAA8n1AW1SFHL3/D/8P/w//D/8P/w//D/8P/w8QAFIQrFvYfEYw/w//D/8P/w//D/8P/w// D/8PAACXJSBfACJAs/8P/w//D/8P/w//D/8P/w//DxAAXhPca0L+dIL/D/8P/w//D/8P/w// D/8P/w8QAMAU03AKZEqM/w//D/8P/w//D/8P/w//D/8PEAAlXIZ1HwAJBP8P/w//D/8P/w// D/8P/w//DwAA/Egjd9qusMX/D/8P/w//D/8P/w//D/8P/w8QALwVWHiQ8pCPIgD/D/8P/w// D/8P/w//D/8PEABKQL96xutMLP8P/w//D/8P/w//D/8P/w//DxAAmlz5e+51ULv/D/8P/w// D/8P/w//D/8P/w8AAAEAAAAXAAAAAAAAAAAAAAAAAAAAAAAAAAsYAAAPhAAAEYQAABXGBQAB AAAGXoQAAGCEAABPSgEAUUoBAG8oAAAAAQAAABcAAAAAAAAAAAAAAAAAAAAAAAAACxgAAA+E OAQRhJj+FcYFAAHQAgZehDgEYISY/k9KAQBRSgEAbygAAQC38AEAAAAXAAAAAAAAAAAAAAAA AAAAAAAAAAsYAAAPhAgHEYSY/hXGBQABoAUGXoQIB2CEmP5PSgYAUUoGAG8oAAEAbwABAAAA FwAAAAAAAAAAAAAAAAAAAAAAAAALGAAAD4TYCRGEmP4VxgUAAXAIBl6E2AlghJj+T0oNAFFK DQBvKAABAKfwAQAAABcAAAAAAAAAAAAAAAAAAAAAAAAACxgAAA+EqAwRhJj+FcYFAAFACwZe hKgMYISY/k9KDQBRSg0AbygAAQD68AEAAAAXAAAAAAAAAAAAAAAAAAAAAAAAAAsYAAAPhHgP EYSY/hXGBQABEA4GXoR4D2CEmP5PSgEAUUoBAG8oAAEAt/ABAAAAFwAAAAAAAAAAAAAAAAAA AAAAAAALGAAAD4RIEhGEmP4VxgUAAeAQBl6ESBJghJj+T0oGAFFKBgBvKAABAG8AAQAAABcA AAAAAAAAAAAAAAAAAAAAAAAACxgAAA+EGBURhJj+FcYFAAGwEwZehBgVYISY/k9KDQBRSg0A bygAAQCn8AEAAAAXAAAAAAAAAAAAAAAAAAAAAAAAAAsYAAAPhOgXEYSY/hXGBQABgBYGXoTo F2CEmP5PSg0AUUoNAG8oAAEA+vABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAGAAAD4QIBxGE mP4VxgUAAQgHBl6ECAdghJj+AgAAAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAABgAAA+E oAURhJj+FcYFAAGgBQZehKAFYISY/gIAAAAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAY AAAPhDgEEYSY/hXGBQABOAQGXoQ4BGCEmP4CAAAALgABAAAAAAABAAAAAAAAAAAAAAAAAAAA AAAAGAAAD4TQAhGEmP4VxgUAAdACBl6E0AJghJj+AgAAAC4AAQAAABcAAAAAAAAAAAAAAAAA AAAAAAAADxgAAA+ECAcRhJj+FcYFAAEIBwZehAgHYISY/k9KAQBRSgEAXkoBAG8oAAEAt/AB AAAAFwAAAAAAAAAAAAAAAAAAAAAAAAAPGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+T0oB AFFKAQBeSgEAbygAAQC38AEAAAAXAAAAAAAAAAAAAAAAAAAAAAAAAA8YAAAPhDgEEYSY/hXG BQABOAQGXoQ4BGCEmP5PSgEAUUoBAF5KAQBvKAABALfwAQAAABcAAAAAAAAAAAAAAAAAAAAA AAAADxgAAA+E0AIRhJj+FcYFAAHQAgZehNACYISY/k9KAQBRSgEAXkoBAG8oAAEAt/ABAAAA AAABAAAAAAAAAAAAAAAAAAAAAAAAGAAAD4RoARGEmP4VxgUAAWgBBl6EaAFghJj+AgAAAC4A AQAAABcAAAAAAAAAAAAAAAAAAAAAAAAADxgAAA+EaAERhJj+FcYFAAFoAQZehGgBYISY/k9K AQBRSgEAXkoBAG8oAAEAt/ABAAAAFxAAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4TQAhGEmP5e hNACYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAA AAAZEAAAD4SgBRGEmP5ehKAFYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAA ABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EcAgRhJj+XoRwCGCEmP5PSg0AUUoNAG8oAIdo AAAAAIhIAAABAKfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EQAsRhJj+XoRAC2CE mP5PSgEAUUoBAG8oAIdoAAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAGRAA AA+EEA4RhJj+XoQQDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXkAAA AAAAAAAAAABoAQAAAAAAABUQAAAPhOAQEYSY/l6E4BBghJj+T0oNAFFKDQBvKACHaAAAAACI SAAAAQCn8AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABUQAAAPhLATEYSY/l6EsBNghJj+T0oB AFFKAQBvKACHaAAAAACISAAAAQC38AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABkQAAAPhIAW EYSY/l6EgBZghJj+T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAA AAAAaAEAAAAAAAAVEAAAD4RQGRGEmP5ehFAZYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEA p/ABAAAAFxAAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4SABBGEmP5ehIAEYISY/k9KAQBRSgEA bygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAZEAAAD4RQBxGEmP5e hFAHYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeQAAAAAAAAAAAAAGgB AAAAAAAAFRAAAA+EIAoRhJj+XoQgCmCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAA ABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+E8AwRhJj+XoTwDGCEmP5PSgEAUUoBAG8oAIdo AAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAGRAAAA+EwA8RhJj+XoTAD2CE mP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXkAAAAAAAAAAAAABoAQAAAAAA ABUQAAAPhJASEYSY/l6EkBJghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAXkAAA AAAAAAAAAABoAQAAAAAAABUQAAAPhGAVEYSY/l6EYBVghJj+T0oBAFFKAQBvKACHaAAAAACI SAAAAQC38AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABkQAAAPhDAYEYSY/l6EMBhghJj+T0oG AFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAA D4QAGxGEmP5ehAAbYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAAAACAAAAAAAA AAAAAAAAAAAAAAANGAAAD4QQBRGEoPwVxgUAARAFBl6EEAVghKD8bygAh2gAAAAAiEgAAAMA WwAAAF0AAQAAAAQAAQAAAAAAAAAAALQAAAAAAAAAABgAAA+EUAcRhJj+FcYFAAFQBwZehFAH YISY/gIAAQAuAAEAAAACAgEAAAAAAAAAAAC0AAAAAAAAAAAYAAAPhCAKEYRM/xXGBQABIAoG XoQgCmCETP8CAAIALgABAAAAAAABAAAAAAAAAAAAtAAAAAAAAAAAGAAAD4TwDBGEmP4VxgUA AfAMBl6E8AxghJj+AgADAC4AAQAAAAQAAQAAAAAAAAAAALQAAAAAAAAAABgAAA+EwA8RhJj+ FcYFAAHADwZehMAPYISY/gIABAAuAAEAAAACAgEAAAAAAAAAAAC0AAAAAAAAAAAYAAAPhJAS EYRM/xXGBQABkBIGXoSQEmCETP8CAAUALgABAAAAAAABAAAAAAAAAAAAtAAAAAAAAAAAGAAA D4RgFRGEmP4VxgUAAWAVBl6EYBVghJj+AgAGAC4AAQAAAAQAAQAAAAAAAAAAALQAAAAAAAAA ABgAAA+EMBgRhJj+FcYFAAEwGAZehDAYYISY/gIABwAuAAEAAAACAgEAAAAAAAAAAAC0AAAA AAAAAAAYAAAPhAAbEYRM/xXGBQABABsGXoQAG2CETP8CAAgALgABAAAAFxAAAAAAAAAAAAAA aAEAAAAAAAAVEAAAD4SABBGEmP5ehIAEYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/AB AAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4RQBxGEmP5ehFAHYISY/k9KBgBRSgYAbygA h2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4QgChGEmP5ehCAK YISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAV EAAAD4TwDBGEmP5ehPAMYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAA AAAAAAAAaAEAAAAAAAAVEAAAD4TADxGEmP5ehMAPYISY/k9KBgBRSgYAbygAh2gAAAAAiEgA AAEAbwABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4SQEhGEmP5ehJASYISY/k9KDQBR Sg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4RgFRGE mP5ehGAVYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEA AAAAAAAVEAAAD4QwGBGEmP5ehDAYYISY/k9KBgBRSgYAbygAh2gAAAAAiEgAAAEAbwABAAAA F5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4QAGxGEmP5ehAAbYISY/k9KDQBRSg0AbygAh2gA AAAAiEgAAAEAp/ABAAAAFwAAAAAAAAAAAAAAsAEAAAAAAAAVGAAAD4RgAxGEUP4VxgUAAWAD Bl6EYANghFD+T0oGAFFKBgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAA AAAAABkYAAAPhKAFEYSY/hXGBQABoAUGXoSgBWCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACI SAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUYAAAPhHAIEYSY/hXGBQABcAgGXoRw CGCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAA FRgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/AB AAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAZGAAAD4QQDhGEmP4VxgUAARAOBl6EEA5ghJj+T0oG AFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVGAAA D4TgEBGEmP4VxgUAAeAQBl6E4BBghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAX gAAAAAAAAAAAAAAAAAAAAAAAABUYAAAPhLATEYSY/hXGBQABsBMGXoSwE2CEmP5PSgEAUUoB AG8oAIdoAAAAAIhIAAABALfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRgAAA+EgBYRhJj+ FcYFAAGAFgZehIAWYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeAAAAA AAAAAAAAAAAAAAAAAAAAFRgAAA+EUBkRhJj+FcYFAAFQGQZehFAZYISY/k9KDQBRSg0AbygA h2gAAAAAiEgAAAEAp/ABAAAAABABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4SABBGEmP5ehIAE YISY/odoAAAAAIhIAAACAAAALgABAAAABJABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4RQBxGE mP5ehFAHYISY/odoAAAAAIhIAAACAAEALgABAAAAApIBAAAAAAAAAAAAaAEAAAAAAAAKEAAA D4QgChGETP9ehCAKYIRM/4doAAAAAIhIAAACAAIALgABAAAAAJABAAAAAAAAAAAAaAEAAAAA AAAKEAAAD4TwDBGEmP5ehPAMYISY/odoAAAAAIhIAAACAAMALgABAAAABJABAAAAAAAAAAAA aAEAAAAAAAAKEAAAD4TADxGEmP5ehMAPYISY/odoAAAAAIhIAAACAAQALgABAAAAApIBAAAA AAAAAAAAaAEAAAAAAAAKEAAAD4SQEhGETP9ehJASYIRM/4doAAAAAIhIAAACAAUALgABAAAA AJABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4RgFRGEmP5ehGAVYISY/odoAAAAAIhIAAACAAYA LgABAAAABJABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4QwGBGEmP5ehDAYYISY/odoAAAAAIhI AAACAAcALgABAAAAApIBAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4QAGxGETP9ehAAbYIRM/4do AAAAAIhIAAACAAgALgAAAAAAFxAAAAAAAAAAAAAAsAEAAAAAAAATEAAAD4QYAxGEmP5ehBgD YISY/k9KBgBQSgkAUUoGAF5KBgBvKAABAC0AAQAAABcQAAAAAAAAAAAAALABAAAAAAAAFRAA AA+EoAURhJj+XoSgBWCEmP5PSgYAUUoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABcQAAAAAAAA AAAAALABAAAAAAAAFRAAAA+EcAgRhJj+XoRwCGCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAAB AKfwAQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+EQAsRhJj+XoRAC2CEmP5PSgEAUUoB AG8oAIdoAAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAALABAAAAAAAAGRAAAA+EEA4RhJj+ XoQQDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXkAAAAAAAAAAAAACw AQAAAAAAABUQAAAPhOAQEYSY/l6E4BBghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEA AAAXkAAAAAAAAAAAAACwAQAAAAAAABUQAAAPhLATEYSY/l6EsBNghJj+T0oBAFFKAQBvKACH aAAAAACISAAAAQC38AEAAAAXkAAAAAAAAAAAAACwAQAAAAAAABkQAAAPhIAWEYSY/l6EgBZg hJj+T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAAAAAAsAEAAAAA AAAVEAAAD4RQGRGEmP5ehFAZYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAAAAI AAAAAAAAAAAAAAAAAAAAAAApGAAAD4SwARGEAAAVxgUAAQAABl6EsAFghAAAMyoAR8ojXAgB Q0oYAE9KAgBQSgwAUUoCAHNIAAB0SAAAXkoCAF9IAAAIAEYAaQBnAHUAcgBlACAAAAABAAAA BAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAA iEgAAAIAAQAuAAEAAAACAgEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgG XoRwCGCETP+HaAAAAACISAAAAgACAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+E QAsRhJj+FcYFAAFACwZehEALYISY/odoAAAAAIhIAAACAAMALgABAAAABAABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUAARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEA AAACAgEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAA AACISAAAAgAFAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EsBMRhJj+FcYFAAGw EwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABAABAAAAAAAAAAAAAAAAAAAAAAAKGAAA D4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIABwAuAAEAAAACAgEAAAAAAAAA AAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+HaAAAAACISAAAAgAIAC4A AAAAABcAAAAAAAAAAAAAALABAAAAAAAAExAAAA+EGAMRhJj+XoQYA2CEmP5PSgYAUEoJAFFK BgBeSgYAbygAAQAtAAEAAAAXAAAAAAAAAAAAAAAAAAAAAAAAABkQAAAPhOgFEYSY/l6E6AVg hJj+T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAA AAAVEAAAD4S4CBGEmP5ehLgIYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF4AA AAAAAAAAAAAAAAAAAAAAAAAVEAAAD4SICxGEmP5ehIgLYISY/k9KAQBRSgEAbygAh2gAAAAA iEgAAAEAt/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAZEAAAD4RYDhGEmP5ehFgOYISY/k9K BgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRAA AA+EKBERhJj+XoQoEWCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAABeAAAAAAAAA AAAAAAAAAAAAAAAAFRAAAA+E+BMRhJj+XoT4E2CEmP5PSgEAUUoBAG8oAIdoAAAAAIhIAAAB ALfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRAAAA+EyBYRhJj+XoTIFmCEmP5PSgYAUUoG AF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUQAAAPhJgZ EYSY/l6EmBlghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AAAAAAXAAAAAAAAAAAAAAAA AAAAAAAAABMQAAAPhLwEEYSY/l6EvARghJj+T0oGAFBKCQBRSgYAXkoGAG8oAAEALQABAAAA F4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4SMBxGEmP5ehIwHYISY/k9KBgBRSgYAbygAh2gA AAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4RcChGEmP5ehFwKYISY /k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAA D4QsDRGEmP5ehCwNYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AAAAAAAAAA AAAAAAAAAAAAAAAVEAAAD4T8DxGEmP5ehPwPYISY/k9KBgBRSgYAbygAh2gAAAAAiEgAAAEA bwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4TMEhGEmP5ehMwSYISY/k9KDQBRSg0A bygAh2gAAAAAiEgAAAEAp/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4ScFRGEmP5e hJwVYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAA AAAVEAAAD4RsGBGEmP5ehGwYYISY/k9KBgBRSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF4AA AAAAAAAAAAAAAAAAAAAAAAAVEAAAD4Q8GxGEmP5ehDwbYISY/k9KDQBRSg0AbygAh2gAAAAA iEgAAAEAp/ABAAAAAAAIAAAAAAAAAAAAAAAAAAAAAABGGAAAD4SwARGEAAAVxgUAAQAABl6E sAFghAAANQgANggANwgAOAgAOQgAOwgAPAgAQ0oYAEgqAEtIAABDShgAT0oGAFFKBgBTKgBU CABYCABhShgAbygAh2gAAAAAiEgAAAgARgBpAGcAdQByAGUAIAAAAAEAAAAEAAEAAAAAAAAA AAAAAAAAAAAAAAoYAAAPhKAFEYSY/hXGBQABoAUGXoSgBWCEmP6HaAAAAACISAAAAgABAC4A AQAAAAICAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EcAgRhEz/FcYFAAFwCAZehHAIYIRM/4do AAAAAIhIAAACAAIALgABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RACxGEmP4VxgUA AUALBl6EQAtghJj+h2gAAAAAiEgAAAIAAwAuAAEAAAAEAAEAAAAAAAAAAAAAAAAAAAAAAAoY AAAPhBAOEYSY/hXGBQABEA4GXoQQDmCEmP6HaAAAAACISAAAAgAEAC4AAQAAAAICAQAAAAAA AAAAAAAAAAAAAAAAChgAAA+E4BARhEz/FcYFAAHgEAZehOAQYIRM/4doAAAAAIhIAAACAAUA LgABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SwExGEmP4VxgUAAbATBl6EsBNghJj+ h2gAAAAAiEgAAAIABgAuAAEAAAAEAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhIAWEYSY/hXG BQABgBYGXoSAFmCEmP6HaAAAAACISAAAAgAHAC4AAQAAAAICAQAAAAAAAAAAAAAAAAAAAAAA ChgAAA+EUBkRhEz/FcYFAAFQGQZehFAZYIRM/4doAAAAAIhIAAACAAgALgABAAAAAwAKAAAA AAAAAAACAAAAAAAAAAANEAAAD4QAABGEAABehAAAYIQAAG8oAIdoAAAAAIhIAAAMAEEAUABQ AEUATgBEAEkAWAAgAAAAOgAgAAEAAAAAAAEDAAAAAAAAAAIAAAAAAAAAAA0QAQAPhAAAEYQA AF6EAABghAAAbygAh2gAAAAAiEgAAAUAAAAuAAEALgAgAAEAAAAAAAEDBQAAAAAAAAIAAAAA AAAAAA0QAgAPhAAAEYQAAF6EAABghAAAbygAh2gAAAAAiEgAAAcAAAAuAAEALgACAC4AIAAB AAAAAAABAwUHAAAAAAACAAAAAAAAAAANEAMAD4QAABGEAABehAAAYIQAAG8oAIdoAAAAAIhI AAAJAAAALgABAC4AAgAuAAMALgAgAAEAAAAAAAEDBQcJAAAAAAIAAAAAAAAAAA0QBAAPhAAA EYQAAF6EAABghAAAbygAh2gAAAAAiEgAAAsAAAAuAAEALgACAC4AAwAuAAQALgAgAAEAAAAA AAEDBQcJCwAAAAIAAAAAAAAAAA0QBQAPhAAAEYQAAF6EAABghAAAbygAh2gAAAAAiEgAAA0A AAAuAAEALgACAC4AAwAuAAQALgAFAC4AIAABAAAAAgIBAAAAAAAAAAAAAAAAAAAAAAANGAYA D4QQBRGE4P4VxgUAARAFBl6EEAVghOD+bygAh2gAAAAAiEgAAAIABgApAAEAAAAEAAEAAAAA AAAAAAAAAAAAAAAAAA0YBwAPhKAFEYRQ/hXGBQABwAYGXoSgBWCEUP5vKACHaAAAAACISAAA AgAHAC4AAQAAAAICAQAAAAAAAAAAAAAAAAAAAAAADRgIAA+EMAYRhHD/FcYFAAEwBgZehDAG YIRw/28oAIdoAAAAAIhIAAACAAgALgABAAAAAAAIAAAAAAAAAAAAsAEAAAAAAABrGAAAD4Sw ARGEAAAVxgUAAQAABl6EsAFghAAAMyoAR8ojXAgBQ0oYAE9KAgBQSgwAUUoCAHNIAAB0SAAA XkoCAF9IAAA1CAA2CAA3CAA4CAA5CAA7CAA8CABDShgASCoAS0gAAE9KBgBRSgYAUyoAVAgA WAgAYUoYAG8oAIdoAAAAAIhIAAAIAEYAaQBnAHUAcgBlACAAAAABAAAABAABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAAiEgAAAIAAQAuAAEA AAACAgEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgGXoRwCGCETP+HaAAA AACISAAAAgACAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EQAsRhJj+FcYFAAFA CwZehEALYISY/odoAAAAAIhIAAACAAMALgABAAAABAABAAAAAAAAAAAAAAAAAAAAAAAKGAAA D4QQDhGEmP4VxgUAARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEAAAACAgEAAAAAAAAA AAAAAAAAAAAAAAoYAAAPhOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAAAACISAAAAgAFAC4A AQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EsBMRhJj+FcYFAAGwEwZehLATYISY/odo AAAAAIhIAAACAAYALgABAAAABAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SAFhGEmP4VxgUA AYAWBl6EgBZghJj+h2gAAAAAiEgAAAIABwAuAAEAAAACAgEAAAAAAAAAAAAAAAAAAAAAAAoY AAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+HaAAAAACISAAAAgAIAC4AAQAAAAAAAQAAAAAA AAAAALABAAAAAAAADRgAAA+EYAMRhFD+FcYFAAFgAwZehGADYIRQ/m8oAIdoAAAAAIhIAAAC AAAALgABAAAABIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVg hJj+h2gAAAAAiEgAAAIAAQAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM /xXGBQABcAgGXoRwCGCETP+HaAAAAACISAAAAgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAA AAAAChgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY/odoAAAAAIhIAAACAAMALgABAAAABIAB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUAARAOBl6EEA5ghJj+h2gAAAAAiEgA AAIABAAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhOAQEYRM/xXGBQAB4BAGXoTg EGCETP+HaAAAAACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EsBMR hJj+FcYFAAGwEwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABIABAAAAAAAAAAAAAAAA AAAAAAAKGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIABwAuAAEAAAAC ggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+HaAAAAACI SAAAAgAIAC4AAQAAAAAAAQAAAAAAAAAAAgAAAAAAAAAADRAAAA+EsAERhFD+XoSwAWCEUP5v KACHaAAAAACISAAAAwAAAC4AIAABAAAAAAABAwAAAAAAAAACAAAAAAAAAAANEAEAD4ScBhGE UP5ehJwGYIRQ/m8oAIdoAAAAAIhIAAAFAAAALgABAC4AIAABAAAAAAABAwUAAAAAAAACAAAA AAAAAAANEAIAD4SwARGEUP5ehLABYIRQ/m8oAIdoAAAAAIhIAAAHAAAALgABAC4AAgAuACAA AQAAAAAAAQMFBwAAAAAAAgAAAAAAAAAADRADAA+EsAERhFD+XoSwAWCEUP5vKACHaAAAAACI SAAACQAAAC4AAQAuAAIALgADAC4AIAABAAAAAAABAwUHCQAAAAACAAAAAAAAAAANEAQAD4Sw ARGEUP5ehLABYIRQ/m8oAIdoAAAAAIhIAAALAAAALgABAC4AAgAuAAMALgAEAC4AIAABAAAA AAABAwUHCQsAAAACAAAAAAAAAAANEAUAD4SwARGEUP5ehLABYIRQ/m8oAIdoAAAAAIhIAAAN AAAALgABAC4AAgAuAAMALgAEAC4ABQAuACAAAQAAAAAAAQMFBwkLDQAAAgAAAAAAAAAADRAG AA+EsAERhFD+XoSwAWCEUP5vKACHaAAAAACISAAADwAAAC4AAQAuAAIALgADAC4ABAAuAAUA LgAGAC4AIAABAAAAAAABAwUHCQsNDwACAAAAAAAAAAANEAcAD4SwARGEUP5ehLABYIRQ/m8o AIdoAAAAAIhIAAARAAAALgABAC4AAgAuAAMALgAEAC4ABQAuAAYALgAHAC4AIAABAAAAAAAB AwUHCQsNDxECAAAAAAAAAAANEAgAD4SwARGEUP5ehLABYIRQ/m8oAIdoAAAAAIhIAAATAAAA LgABAC4AAgAuAAMALgAEAC4ABQAuAAYALgAHAC4ACAAuACAAAAAAABcAAAAAAAAAAAAAAAAA AAAAAAAAExgAAA+E0AIRhJj+FcYFAAHQAgZehNACYISY/k9KBgBQSgAAUUoGAF5KBgBvKAAB AC0AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAA FRgAAA+EcAgRhJj+FcYFAAFwCAZehHAIYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/AB AAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVGAAAD4RACxGEmP4VxgUAAUALBl6EQAtghJj+T0oB AFFKAQBvKACHaAAAAACISAAAAQC38AEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABkYAAAPhBAO EYSY/hXGBQABEA4GXoQQDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAX gAAAAAAAAAAAAAAAAAAAAAAAABUYAAAPhOAQEYSY/hXGBQAB4BAGXoTgEGCEmP5PSg0AUUoN AG8oAIdoAAAAAIhIAAABAKfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRgAAA+EsBMRhJj+ FcYFAAGwEwZehLATYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AAAAAAAAAA AAAAAAAAAAAAAAAZGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+T0oGAFFKBgBeSgYAbygA h2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVGAAAD4RQGRGEmP4VxgUA AVAZBl6EUBlghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AAAAAAXAAAAAAAAAAAAAAAA AAAAAAAAABMQAAAPhBgDEYSY/l6EGANghJj+T0oGAFBKCQBRSgYAXkoGAG8oAAEALQABAAAA FwAAAAAAAAAAAAAAAAAAAAAAAAAZEAAAD4ToBRGEmP5ehOgFYISY/k9KBgBRSgYAXkoGAG8o AIdoAAAAAIhIAAABAG8AAQAAABcAAAAAAAAAAAAAAAAAAAAAAAAAFRAAAA+EuAgRhJj+XoS4 CGCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAA FRAAAA+EiAsRhJj+XoSIC2CEmP5PSgEAUUoBAG8oAIdoAAAAAIhIAAABALfwAQAAABeAAAAA AAAAAAAAAAAAAAAAAAAAGRAAAA+EWA4RhJj+XoRYDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAA AACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUQAAAPhCgREYSY/l6EKBFghJj+ T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUQAAAP hPgTEYSY/l6E+BNghJj+T0oBAFFKAQBvKACHaAAAAACISAAAAQC38AEAAAAXgAAAAAAAAAAA AAAAAAAAAAAAABkQAAAPhMgWEYSY/l6EyBZghJj+T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgA AAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4SYGRGEmP5ehJgZYISY/k9KDQBR Sg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAFxAAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4TQAhGE mP5ehNACYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEA AAAAAAAZEAAAD4SgBRGEmP5ehKAFYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8A AQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EcAgRhJj+XoRwCGCEmP5PSg0AUUoNAG8o AIdoAAAAAIhIAAABAKfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EQAsRhJj+XoRA C2CEmP5PSgEAUUoBAG8oAIdoAAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAA GRAAAA+EEA4RhJj+XoQQDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAX kAAAAAAAAAAAAABoAQAAAAAAABUQAAAPhOAQEYSY/l6E4BBghJj+T0oNAFFKDQBvKACHaAAA AACISAAAAQCn8AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABUQAAAPhLATEYSY/l6EsBNghJj+ T0oBAFFKAQBvKACHaAAAAACISAAAAQC38AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABkQAAAP hIAWEYSY/l6EgBZghJj+T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAA AAAAAAAAaAEAAAAAAAAVEAAAD4RQGRGEmP5ehFAZYISY/k9KDQBRSg0AbygAh2gAAAAAiEgA AAEAp/ABAAAAABABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4SABBGEmP5ehIAEYISY/odoAAAA AIhIAAACAAAALgABAAAABJABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4RQBxGEmP5ehFAHYISY /odoAAAAAIhIAAACAAEALgABAAAAApIBAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4QgChGETP9e hCAKYIRM/4doAAAAAIhIAAACAAIALgABAAAAAJABAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4Tw DBGEmP5ehPAMYISY/odoAAAAAIhIAAACAAMALgABAAAABJABAAAAAAAAAAAAaAEAAAAAAAAK EAAAD4TADxGEmP5ehMAPYISY/odoAAAAAIhIAAACAAQALgABAAAAApIBAAAAAAAAAAAAaAEA AAAAAAAKEAAAD4SQEhGETP9ehJASYIRM/4doAAAAAIhIAAACAAUALgABAAAAAJABAAAAAAAA AAAAaAEAAAAAAAAKEAAAD4RgFRGEmP5ehGAVYISY/odoAAAAAIhIAAACAAYALgABAAAABJAB AAAAAAAAAAAAaAEAAAAAAAAKEAAAD4QwGBGEmP5ehDAYYISY/odoAAAAAIhIAAACAAcALgAB AAAAApIBAAAAAAAAAAAAaAEAAAAAAAAKEAAAD4QAGxGETP9ehAAbYIRM/4doAAAAAIhIAAAC AAgALgABAAAAAAACAAAAAAAAAAAAAAAAAAAAAAANGAAAD4QQBRGEoPwVxgUAARAFBl6EEAVg hKD8bygAh2gAAAAAiEgAAAMAWwAAAF0AAQAAAAQAAQAAAAAAAAAAALQAAAAAAAAAABgAAA+E UAcRhJj+FcYFAAFQBwZehFAHYISY/gIAAQAuAAEAAAACAgEAAAAAAAAAAAC0AAAAAAAAAAAY AAAPhCAKEYRM/xXGBQABIAoGXoQgCmCETP8CAAIALgABAAAAAAABAAAAAAAAAAAAtAAAAAAA AAAAGAAAD4TwDBGEmP4VxgUAAfAMBl6E8AxghJj+AgADAC4AAQAAAAQAAQAAAAAAAAAAALQA AAAAAAAAABgAAA+EwA8RhJj+FcYFAAHADwZehMAPYISY/gIABAAuAAEAAAACAgEAAAAAAAAA AAC0AAAAAAAAAAAYAAAPhJASEYRM/xXGBQABkBIGXoSQEmCETP8CAAUALgABAAAAAAABAAAA AAAAAAAAtAAAAAAAAAAAGAAAD4RgFRGEmP4VxgUAAWAVBl6EYBVghJj+AgAGAC4AAQAAAAQA AQAAAAAAAAAAALQAAAAAAAAAABgAAA+EMBgRhJj+FcYFAAEwGAZehDAYYISY/gIABwAuAAEA AAACAgEAAAAAAAAAAAC0AAAAAAAAAAAYAAAPhAAbEYRM/xXGBQABABsGXoQAG2CETP8CAAgA LgABAAAAFxAAAAAAAAAAAAAAaAEAAAAAAAAVEAAAD4QJBRGEmP5ehAkFYISY/k9KAQBRSgEA bygAh2gAAAAAiEgAAAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAZEAAAD4TZBxGEmP5e hNkHYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeQAAAAAAAAAAAAAGgB AAAAAAAAFRAAAA+EqQoRhJj+XoSpCmCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAA ABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EeQ0RhJj+XoR5DWCEmP5PSgEAUUoBAG8oAIdo AAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAGRAAAA+ESRARhJj+XoRJEGCE mP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXkAAAAAAAAAAAAABoAQAAAAAA ABUQAAAPhBkTEYSY/l6EGRNghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAXkAAA AAAAAAAAAABoAQAAAAAAABUQAAAPhOkVEYSY/l6E6RVghJj+T0oBAFFKAQBvKACHaAAAAACI SAAAAQC38AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABkQAAAPhLkYEYSY/l6EuRhghJj+T0oG AFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAVEAAA D4SJGxGEmP5ehIkbYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/AAAAAAFwAAAAAAAAAA AAAAAAAAAAAAAAATEAAAD4Q4BBGEmP5ehDgEYISY/k9KAABQSgAAUUoAAF5KAABvKAABAC0A AQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRAAAA+ECAcRhJj+XoQIB2CEmP5PSgYAUUoGAF5K BgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUQAAAPhNgJEYSY /l6E2AlghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAXgAAAAAAAAAAAAAAAAAAA AAAAABUQAAAPhKgMEYSY/l6EqAxghJj+T0oBAFFKAQBvKACHaAAAAACISAAAAQC38AEAAAAX gAAAAAAAAAAAAAAAAAAAAAAAABkQAAAPhHgPEYSY/l6EeA9ghJj+T0oGAFFKBgBeSgYAbygA h2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4RIEhGEmP5ehEgS YISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAV EAAAD4QYFRGEmP5ehBgVYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AAAAAA AAAAAAAAAAAAAAAAAAAZEAAAD4ToFxGEmP5ehOgXYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAA AIhIAAABAG8AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRAAAA+EuBoRhJj+XoS4GmCEmP5P Sg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAAAEACQAAAAAAAAAAAAAAAAAAAAAAChgAAA+E AAARhAAAFcYFAAEIBwZehAAAYIQAAIdoAAAAAIhIAAAKAEEAcgB0AGkAYwBsAGUAIAAAAC4A AQAAABYECQsAAAAAAAAAAAAAAAAAAAAAChgAAA+EAAARhAAAFcYFAAEIBwZehAAAYIQAAIdo AAAAAIhIAAALAFMAZQBjAHQAaQBvAG4AIAAAAC4AAQABAAAABAACAAAAAAAAAAAAAAAAAAAA AAAKGAAAD4TQAhGEUP4VxgUAAdACBl6E0AJghFD+h2gAAAAAiEgAAAMAKAACACkAAQAAAAIC AgAAAAAAAAAAAAAAAAAAAAAAChgAAA+EYAMRhHD/FcYFAAFgAwZehGADYIRw/4doAAAAAIhI AAADACgAAwApAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhPADEYRQ/hXGBQAB8AMG XoTwA2CEUP6HaAAAAACISAAAAgAEACkAAQAAAAQAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+E gAQRhFD+FcYFAAGABAZehIAEYIRQ/odoAAAAAIhIAAACAAUAKQABAAAAAgIBAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4QQBRGE4P4VxgUAARAFBl6EEAVghOD+h2gAAAAAiEgAAAIABgApAAEA AAAEAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhKAFEYRQ/hXGBQABoAUGXoSgBWCEUP6HaAAA AACISAAAAgAHAC4AAQAAAAICAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EMAYRhHD/FcYFAAEw BgZehDAGYIRw/4doAAAAAIhIAAACAAgALgABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAKGAAA D4RoARGEmP4VxgUAAWgBBl6EaAFghJj+h2gAAAAAiEgAAAIAAAApAAEAAAAEAAEAAAAAAAAA AAAAAAAAAAAAAAoYAAAPhNACEYSY/hXGBQAB0AIGXoTQAmCEmP6HaAAAAACISAAAAgABACkA AQAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EOAQRhJj+FcYFAAE4BAZehDgEYISY/odo AAAAAIhIAAACAAIAKQABAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUA AaAFBl6EoAVghJj+h2gAAAAAiEgAAAMAKAADACkAAQAAAAQAAgAAAAAAAAAAAAAAAAAAAAAA ChgAAA+ECAcRhJj+FcYFAAEIBwZehAgHYISY/odoAAAAAIhIAAADACgABAApAAEAAAACAAIA AAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYSY/hXGBQABcAgGXoRwCGCEmP6HaAAAAACISAAA AwAoAAUAKQABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TYCRGEmP4VxgUAAdgJBl6E 2AlghJj+h2gAAAAAiEgAAAIABgAuAAEAAAAEAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhEAL EYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgAHAC4AAQAAAAIAAQAAAAAAAAAAAAAA AAAAAAAAChgAAA+EqAwRhJj+FcYFAAGoDAZehKgMYISY/odoAAAAAIhIAAACAAgALgAAAAAA FxAAAAAAAAAAAAAAsAEAAAAAAAATEAAAD4TYCRGEmP5ehNgJYISY/k9KBgBQSgkAUUoGAF5K BgBvKAABAC0AAQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+EYAwRhJj+XoRgDGCEmP5P SgYAUUoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+E MA8RhJj+XoQwD2CEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAABeQAAAAAAAAAAAA ALABAAAAAAAAFRAAAA+EABIRhJj+XoQAEmCEmP5PSgEAUUoBAG8oAIdoAAAAAIhIAAABALfw AQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+E0BQRhJj+XoTQFGCEmP5PSgYAUUoGAG8o AIdoAAAAAIhIAAABAG8AAQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+EoBcRhJj+XoSg F2CEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAABeQAAAAAAAAAAAAALABAAAAAAAA FRAAAA+EcBoRhJj+XoRwGmCEmP5PSgEAUUoBAG8oAIdoAAAAAIhIAAABALfwAQAAABeQAAAA AAAAAAAAALABAAAAAAAAFRAAAA+EQB0RhJj+XoRAHWCEmP5PSgYAUUoGAG8oAIdoAAAAAIhI AAABAG8AAQAAABeQAAAAAAAAAAAAALABAAAAAAAAFRAAAA+EECARhJj+XoQQIGCEmP5PSg0A UUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAAAAACAAAAAAAAAAAAAAAAAAAAAAARhgAAA+EsAER hAAAFcYFAAEAAAZehLABYIQAADUIADYIADcIADgIADkIADsIADwIAENKGABIKgBLSAAAQ0oY AE9KBgBRSgYAUyoAVAgAWAgAYUoYAG8oAIdoAAAAAIhIAAAKAEYAaQBnAHUAcgBlACAAAAA6 ACAAAQAAAAQAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /odoAAAAAIhIAAACAAEALgABAAAAAgIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RwCBGETP8V xgUAAXAIBl6EcAhghEz/h2gAAAAAiEgAAAIAAgAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAA AAoYAAAPhEALEYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAAQAAQAA AAAAAAAAAAAAAAAAAAAAChgAAA+EEA4RhJj+FcYFAAEQDgZehBAOYISY/odoAAAAAIhIAAAC AAQALgABAAAAAgIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TgEBGETP8VxgUAAeAQBl6E4BBg hEz/h2gAAAAAiEgAAAIABQAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhLATEYSY /hXGBQABsBMGXoSwE2CEmP6HaAAAAACISAAAAgAGAC4AAQAAAAQAAQAAAAAAAAAAAAAAAAAA AAAAChgAAA+EgBYRhJj+FcYFAAGAFgZehIAWYISY/odoAAAAAIhIAAACAAcALgABAAAAAgIB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RQGRGETP8VxgUAAVAZBl6EUBlghEz/h2gAAAAAiEgA AAIACAAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAMQAAAPhBgDEYSY/l6EGANghJj+bygA AgAAAC4AAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChAAAA+E6AURhJj+XoToBWCEmP6HaAAA AACISAAAAgABAC4AAQAAAAKCAQAAAAAAAAAAAAAAAAAAAAAAChAAAA+EuAgRhEz/XoS4CGCE TP+HaAAAAACISAAAAgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChAAAA+EiAsRhJj+ XoSIC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAASAAQAAAAAAAAAAAAAAAAAAAAAAChAAAA+E WA4RhJj+XoRYDmCEmP6HaAAAAACISAAAAgAEAC4AAQAAAAKCAQAAAAAAAAAAAAAAAAAAAAAA ChAAAA+EKBERhEz/XoQoEWCETP+HaAAAAACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAA AAAAAAAAChAAAA+E+BMRhJj+XoT4E2CEmP6HaAAAAACISAAAAgAGAC4AAQAAAASAAQAAAAAA AAAAAAAAAAAAAAAAChAAAA+EyBYRhJj+XoTIFmCEmP6HaAAAAACISAAAAgAHAC4AAQAAAAKC AQAAAAAAAAAAAAAAAAAAAAAAChAAAA+EmBkRhEz/XoSYGWCETP+HaAAAAACISAAAAgAIAC4A AQAAAAAACAAAAAAAAAAAAAAAAAAAAAAAKRgAAA+EsAERhAAAFcYFAAEAAAZehLABYIQAADMq AEfKI1wIAUNKGABPSgIAUEoMAFFKAgBzSAAAdEgAAF5KAgBfSAAACABGAGkAZwB1AHIAZQAg AAAAAQAAAAQAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EoAURhJj+FcYFAAGgBQZehKAFYISY /odoAAAAAIhIAAACAAEALgABAAAAAgIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RwCBGETP8V xgUAAXAIBl6EcAhghEz/h2gAAAAAiEgAAAIAAgAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAA AAoYAAAPhEALEYSY/hXGBQABQAsGXoRAC2CEmP6HaAAAAACISAAAAgADAC4AAQAAAAQAAQAA AAAAAAAAAAAAAAAAAAAAChgAAA+EEA4RhJj+FcYFAAEQDgZehBAOYISY/odoAAAAAIhIAAAC AAQALgABAAAAAgIBAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4TgEBGETP8VxgUAAeAQBl6E4BBg hEz/h2gAAAAAiEgAAAIABQAuAAEAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhLATEYSY /hXGBQABsBMGXoSwE2CEmP6HaAAAAACISAAAAgAGAC4AAQAAAAQAAQAAAAAAAAAAAAAAAAAA AAAAChgAAA+EgBYRhJj+FcYFAAGAFgZehIAWYISY/odoAAAAAIhIAAACAAcALgABAAAAAgIB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4RQGRGETP8VxgUAAVAZBl6EUBlghEz/h2gAAAAAiEgA AAIACAAuAAAAAAAXAAAAAAAAAAAAAAAAAAAAAAAAABMQAAAPhNACEYSY/l6E0AJghJj+T0oA AFBKAABRSgAAXkoAAG8oAAEALQABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAZEAAAD4SgBRGE mP5ehKAFYISY/k9KBgBRSgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeAAAAAAAAAAAAA AAAAAAAAAAAAFRAAAA+EcAgRhJj+XoRwCGCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfw AQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRAAAA+EQAsRhJj+XoRAC2CEmP5PSgEAUUoBAG8o AIdoAAAAAIhIAAABALfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRAAAA+EEA4RhJj+XoQQ DmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAA AAAAABUQAAAPhOAQEYSY/l6E4BBghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAX gAAAAAAAAAAAAAAAAAAAAAAAABUQAAAPhLATEYSY/l6EsBNghJj+T0oBAFFKAQBvKACHaAAA AACISAAAAQC38AEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABkQAAAPhIAWEYSY/l6EgBZghJj+ T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAV EAAAD4RQGRGEmP5ehFAZYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/AAAAAAFwAAAAAA AAAAAAAAsAEAAAAAAAATEAAAD4QYAxGEmP5ehBgDYISY/k9KBgBQSgkAUUoGAF5KBgBvKAAB AC0AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAGRAAAA+E6AURhJj+XoToBWCEmP5PSgYAUUoG AF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABUQAAAPhLgI EYSY/l6EuAhghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAXgAAAAAAAAAAAAAAA AAAAAAAAABUQAAAPhIgLEYSY/l6EiAtghJj+T0oBAFFKAQBvKACHaAAAAACISAAAAQC38AEA AAAXgAAAAAAAAAAAAAAAAAAAAAAAABkQAAAPhFgOEYSY/l6EWA5ghJj+T0oGAFFKBgBeSgYA bygAh2gAAAAAiEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVEAAAD4QoERGEmP5e hCgRYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF4AAAAAAAAAAAAAAAAAAAAAA AAAVEAAAD4T4ExGEmP5ehPgTYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AA AAAAAAAAAAAAAAAAAAAAAAAZEAAAD4TIFhGEmP5ehMgWYISY/k9KBgBRSgYAXkoGAG8oAIdo AAAAAIhIAAABAG8AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRAAAA+EmBkRhJj+XoSYGWCE mP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAAAAQAQAAAAAAAAAAAGgBAAAAAAAADRAA AA+EgAQRhJj+XoSABGCEmP5vKACHaAAAAACISAAAAgAAAC4AAQAAAASQAQAAAAAAAAAAAGgB AAAAAAAAChAAAA+EUAcRhJj+XoRQB2CEmP6HaAAAAACISAAAAgABAC4AAQAAAAKSAQAAAAAA AAAAAGgBAAAAAAAAChAAAA+EIAoRhEz/XoQgCmCETP+HaAAAAACISAAAAgACAC4AAQAAAACQ AQAAAAAAAAAAAGgBAAAAAAAAChAAAA+E8AwRhJj+XoTwDGCEmP6HaAAAAACISAAAAgADAC4A AQAAAASQAQAAAAAAAAAAAGgBAAAAAAAAChAAAA+EwA8RhJj+XoTAD2CEmP6HaAAAAACISAAA AgAEAC4AAQAAAAKSAQAAAAAAAAAAAGgBAAAAAAAAChAAAA+EkBIRhEz/XoSQEmCETP+HaAAA AACISAAAAgAFAC4AAQAAAACQAQAAAAAAAAAAAGgBAAAAAAAAChAAAA+EYBURhJj+XoRgFWCE mP6HaAAAAACISAAAAgAGAC4AAQAAAASQAQAAAAAAAAAAAGgBAAAAAAAAChAAAA+EMBgRhJj+ XoQwGGCEmP6HaAAAAACISAAAAgAHAC4AAQAAAAKSAQAAAAAAAAAAAGgBAAAAAAAAChAAAA+E ABsRhEz/XoQAG2CETP+HaAAAAACISAAAAgAIAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAAAAAA ChgAAA+EaAERhJj+FcYFAAFoAQZehGgBYISY/odoAAAAAIhIAAACAAAALgABAAAAAAABAwAA AAAAAAAAAAAAAAAAAAAKGAAAD4QYAxGEUP4VxgUAATgEBl6EGANghFD+h2gAAAAAiEgAAAQA AAAuAAEALgABAAAAAAABAwUAAAAAAAAAAAAAAAAAAAAKGAAAD4TIBBGECP4VxgUAAQgHBl6E yARghAj+h2gAAAAAiEgAAAYAAAAuAAEALgACAC4AAQAAAAAAAQMFBwAAAAAAAAAAAAAAAAAA ChgAAA+EwAYRhHj9FcYFAAHYCQZehMAGYIR4/YdoAAAAAIhIAAAIAAAALgABAC4AAgAuAAMA LgABAAAAAAABAwUHCQAAAAAAAAAAAAAAAAAKGAAAD4S4CBGE6PwVxgUAAUALBl6EuAhghOj8 h2gAAAAAiEgAAAoAAAAuAAEALgACAC4AAwAuAAQALgABAAAAAAABAwUHCQsAAAAAAAAAAAAA AAAKGAAAD4SwChGEWPwVxgUAARAOBl6EsApghFj8h2gAAAAAiEgAAAwAAAAuAAEALgACAC4A AwAuAAQALgAFAC4AAQAAAAAAAQMFBwkLDQAAAAAAAAAAAAAAChgAAA+EqAwRhMj7FcYFAAHg EAZehKgMYITI+4doAAAAAIhIAAAOAAAALgABAC4AAgAuAAMALgAEAC4ABQAuAAYALgABAAAA AAABAwUHCQsNDwAAAAAAAAAAAAAKGAAAD4SgDhGEOPsVxgUAAbATBl6EoA5ghDj7h2gAAAAA iEgAABAAAAAuAAEALgACAC4AAwAuAAQALgAFAC4ABgAuAAcALgABAAAAAAABAwUHCQsNDxEA AAAAAAAAAAAKGAAAD4TgEBGEYPoVxgUAAYAWBl6E4BBghGD6h2gAAAAAiEgAABIAAAAuAAEA LgACAC4AAwAuAAQALgAFAC4ABgAuAAcALgAIAC4AAgAAABcAAAAAAAAAAAAAAAAAAAAAAAAA ExgAAA+EGAMRhJj+FcYFAAEYAwZehBgDYISY/k9KBgBQSgkAUUoGAF5KBgBvKAABAC0AAQAA ABeAAAAAAAAAAAAAAAAAAAAAAAAAGRgAAA+E6AURhJj+FcYFAAHoBQZehOgFYISY/k9KBgBR SgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRgAAA+E uAgRhJj+FcYFAAG4CAZehLgIYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF4AA AAAAAAAAAAAAAAAAAAAAAAAVGAAAD4SICxGEmP4VxgUAAYgLBl6EiAtghJj+T0oBAFFKAQBv KACHaAAAAACISAAAAQC38AEAAAAXgAAAAAAAAAAAAAAAAAAAAAAAABkYAAAPhFgOEYSY/hXG BQABWA4GXoRYDmCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXgAAAAAAA AAAAAAAAAAAAAAAAABUYAAAPhCgREYSY/hXGBQABKBEGXoQoEWCEmP5PSg0AUUoNAG8oAIdo AAAAAIhIAAABAKfwAQAAABeAAAAAAAAAAAAAAAAAAAAAAAAAFRgAAA+E+BMRhJj+FcYFAAH4 EwZehPgTYISY/k9KAQBRSgEAbygAh2gAAAAAiEgAAAEAt/ABAAAAF4AAAAAAAAAAAAAAAAAA AAAAAAAZGAAAD4TIFhGEmP4VxgUAAcgWBl6EyBZghJj+T0oGAFFKBgBeSgYAbygAh2gAAAAA iEgAAAEAbwABAAAAF4AAAAAAAAAAAAAAAAAAAAAAAAAVGAAAD4SYGRGEmP4VxgUAAZgZBl6E mBlghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAAAAgAAAAAAAAAAACwAQAAAAAA AG8YAAAPhLABEYQAABXGBQABAAAGXoSwAWCEAAAzKgBHyiNcCAFDShgAT0oCAFBKDABRSgIA c0gAAHRIAABeSgIAX0gAADUIADYIADcIADgIADkIADsIADwIAENKGABIKgBLSAAAQ0oYAE9K BgBRSgYAUyoAVAgAWAgAYUoYAG8oAIdoAAAAAIhIAAAIAEYAaQBnAHUAcgBlACAAAAABAAAA BIABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SgBRGEmP4VxgUAAaAFBl6EoAVghJj+h2gAAAAA iEgAAAIAAQAuAAEAAAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhHAIEYRM/xXGBQABcAgG XoRwCGCETP+HaAAAAACISAAAAgACAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+E QAsRhJj+FcYFAAFACwZehEALYISY/odoAAAAAIhIAAACAAMALgABAAAABIABAAAAAAAAAAAA AAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUAARAOBl6EEA5ghJj+h2gAAAAAiEgAAAIABAAuAAEA AAACggEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhOAQEYRM/xXGBQAB4BAGXoTgEGCETP+HaAAA AACISAAAAgAFAC4AAQAAAACAAQAAAAAAAAAAAAAAAAAAAAAAChgAAA+EsBMRhJj+FcYFAAGw EwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABIABAAAAAAAAAAAAAAAAAAAAAAAKGAAA D4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgAAAIABwAuAAEAAAACggEAAAAAAAAA AAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQGWCETP+HaAAAAACISAAAAgAIAC4A AQAAABcQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+EGAMRhJj+XoQYA2CEmP5PSgEAUUoBAG8o AIdoAAAAAIhIAAABALfwAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAGRAAAA+E6AURhJj+XoTo BWCEmP5PSgYAUUoGAF5KBgBvKACHaAAAAACISAAAAQBvAAEAAAAXkAAAAAAAAAAAAABoAQAA AAAAABUQAAAPhLgIEYSY/l6EuAhghJj+T0oNAFFKDQBvKACHaAAAAACISAAAAQCn8AEAAAAX kAAAAAAAAAAAAABoAQAAAAAAABUQAAAPhIgLEYSY/l6EiAtghJj+T0oBAFFKAQBvKACHaAAA AACISAAAAQC38AEAAAAXkAAAAAAAAAAAAABoAQAAAAAAABkQAAAPhFgOEYSY/l6EWA5ghJj+ T0oGAFFKBgBeSgYAbygAh2gAAAAAiEgAAAEAbwABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAV EAAAD4QoERGEmP5ehCgRYISY/k9KDQBRSg0AbygAh2gAAAAAiEgAAAEAp/ABAAAAF5AAAAAA AAAAAAAAaAEAAAAAAAAVEAAAD4T4ExGEmP5ehPgTYISY/k9KAQBRSgEAbygAh2gAAAAAiEgA AAEAt/ABAAAAF5AAAAAAAAAAAAAAaAEAAAAAAAAZEAAAD4TIFhGEmP5ehMgWYISY/k9KBgBR SgYAXkoGAG8oAIdoAAAAAIhIAAABAG8AAQAAABeQAAAAAAAAAAAAAGgBAAAAAAAAFRAAAA+E mBkRhJj+XoSYGWCEmP5PSg0AUUoNAG8oAIdoAAAAAIhIAAABAKfwAQAAAAAACAAAAAAAAAAA AAAAAAAAAAAARhgAAA+EsAERhAAAFcYFAAEAAAZehLABYIQAADUIADYIADcIADgIADkIADsI ADwIAENKGABIKgBLSAAAQ0oYAE9KBgBRSgYAUyoAVAgAWAgAYUoYAG8oAIdoAAAAAIhIAAAI AEYAaQBnAHUAcgBlACAAAAABAAAABAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SgBRGEmP4V xgUAAaAFBl6EoAVghJj+h2gAAAAAiEgAAAIAAQAuAAEAAAACAgEAAAAAAAAAAAAAAAAAAAAA AAoYAAAPhHAIEYRM/xXGBQABcAgGXoRwCGCETP+HaAAAAACISAAAAgACAC4AAQAAAAAAAQAA AAAAAAAAAAAAAAAAAAAAChgAAA+EQAsRhJj+FcYFAAFACwZehEALYISY/odoAAAAAIhIAAAC AAMALgABAAAABAABAAAAAAAAAAAAAAAAAAAAAAAKGAAAD4QQDhGEmP4VxgUAARAOBl6EEA5g hJj+h2gAAAAAiEgAAAIABAAuAAEAAAACAgEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhOAQEYRM /xXGBQAB4BAGXoTgEGCETP+HaAAAAACISAAAAgAFAC4AAQAAAAAAAQAAAAAAAAAAAAAAAAAA AAAAChgAAA+EsBMRhJj+FcYFAAGwEwZehLATYISY/odoAAAAAIhIAAACAAYALgABAAAABAAB AAAAAAAAAAAAAAAAAAAAAAAKGAAAD4SAFhGEmP4VxgUAAYAWBl6EgBZghJj+h2gAAAAAiEgA AAIABwAuAAEAAAACAgEAAAAAAAAAAAAAAAAAAAAAAAoYAAAPhFAZEYRM/xXGBQABUBkGXoRQ GWCETP+HaAAAAACISAAAAgAIAC4ANAAAACVchnUAAAAAAAAAAAAAAAAReYJSAAAAAAAAAAAA AAAAVn5mUQAAAAAAAAAAAAAAALwVWHgAAAAAAAAAAAAAAABALY4rAAAAAAAAAAAAAAAAif// /wAAAAAAAAAAAAAAAIP///8AAAAAAAAAAAAAAACC////AAAAAAAAAAAAAAAAgf///wAAAAAA AAAAAAAAAID///8AAAAAAAAAAAAAAACI////AAAAAAAAAAAAAAAAf////wAAAAAAAAAAAAAA AH7///8AAAAAAAAAAAAAAAB9////AAAAAAAAAAAAAAAAfP///wAAAAAAAAAAAAAAAN8EQU0A AAAAAAAAAAAAAAC8cRgDAAAAAAAAAAAAAAAAP0baKQAAAAAAAAAAAAAAAD9G2ikAAAAAAAAA AAEAAABuUuwjAAAAAAAAAAAAAAAAqVt+AgAAAAAAAAAAAAAAAB9VtlkAAAAAAAAAAAAAAAC8 FVh4AAAAAAAAAAAAAAAA/E4kGAAAAAAAAAAAAAAAALwVWHgAAAAAAAAAAAEAAACaXPl7AAAA AAAAAAAAAAAAZQGNCgAAAAAAAAAAAAAAAFIQrFsAAAAAAAAAAAAAAACSTLonAAAAAAAAAAAA AAAAvBVYeAAAAAAAAAAAAQAAAMgXZzsAAAAAAAAAAAAAAAD8SCN3AAAAAAAAAAAAAAAASkC/ egAAAAAAAAAAAAAAAMIcFAAAAAAAAAAAAAAAAACXJSBfAAAAAAAAAAAAAAAAiBXITgAAAAAA AAAAAAAAANAvbUgAAAAAAAAAAAAAAADKVi1OAAAAAAAAAAAAAAAAXhPcawAAAAAAAAAAAAAA AMlv2goAAAAAAAAAAAAAAACyaH0EAAAAAAAAAAAAAAAAHf///wAAAAAAAAAAAAAAAG8/HhIA AAAAAAAAAAAAAABVO2FCAAAAAAAAAAAAAAAASTwuAgAAAAAAAAAAAAAAAO0zzgMAAAAAAAAA AAAAAADAFNNwAAAAAAAAAAAAACEA92b4SQAAAAAAAAAAAABdBkAtjisAAAAAAAAAAAAAAADy fUBbAAAAAAAAAAAAAAAAvh/jVQAAAAAAAAAAAAAAANAHigIAAAAAAAAAAAAAAAD///////// //////////////////////////////////////////////////////////////////////// ////////////////////AQAAAJACSgD///////////////////////////////8BAAAAEAAI AP//////////////////////////AQAAABAqAEf///////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////8xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAD//zEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgABAAkEAwAJBAUACQQBAAkEAwAJ BAUACQQBAAkEAwAJBAUACQQSAAEACQQDAAkEBQAJBAEACQQDAAkEBQAJBAEACQQDAAkEBQAJ BAAAEgABAAkEAwAJBAUACQQBAAkEAwAJBAUACQQBAAkEAwAJBAUACQQSAEYhrsoDAAkEBQAJ BAEACQQDAAkEBQAJBAEACQQDAAkEBQAJBBIADwAJBBkACQQbAAkEDwAJBBkACQQbAAkEDwAJ BBkACQQbAAkEEgCwswB3AwAJBAUACQQBAAkEAwAJBAUACQQBAAkEAwAJBAUACQQAABIAsLMA dwMACQQFAAkEAQAJBAMACQQFAAkEAQAJBAMACQQFAAkEEgB6bx7EAwAJBAUACQQBAAkEAwAJ BAUACQQBAAkEAwAJBAUACQQAAAAAAAASABaOJgQZAAkEGwAJBA8ACQQZAAkEGwAJBA8ACQQZ AAkEGwAJBAAAEgASlWofAwAdBAUAHQQBAB0EAwAdBAUAHQQBAB0EAwAdBAUAHQQSAKQAwAsD AAkEBQAJBAEACQQDAAkEBQAJBAEACQQDAAkEBQAJBBIAAQAJBAMACQQFAAkEAQAJBAMACQQF AAkEAQAJBAMACQQFAAkEEgAPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQS ACZ16LYDAAkEBQAJBAEACQQDAAkEBQAJBAEACQQDAAkEBQAJBBIAAQAJBAMACQQFAAkEAQAJ BAMACQQFAAkEAQAJBAMACQQFAAkEEgB+36yAAwAJBAUACQQBAAkEAwAJBAUACQQBAAkEAwAJ BAUACQQSAAbTUtwZAAkEGwAJBA8ACQQZAAkEGwAJBA8ACQQZAAkEGwAJBAAAEgCkAMALAwAJ BAUACQQBAAkEAwAJBAUACQQBAAkEAwAJBAUACQQAABIAYmV0MxkACQQbAAkEDwAJBBkACQQb AAkEDwAJBBkACQQbAAkEAAASAMql3KsDAAkEBQAJBAEACQQDAAkEBQAJBAEACQQDAAkEBQAJ BBIAoiD2MQMACQQFAAkEAQAJBAMACQQFAAkEAQAJBAMACQQFAAkEEgCgelIpGQAJBBsACQQP AAkEGQAJBBsACQQPAAkEGQAJBBsACQQAAAAAEgCUAY5sAwAJBAUACQQBAAkEAwAJBAUACQQB AAkEAwAJBAUACQQAABIAAQAJBAMACQQFAAkEAQAJBAMACQQFAAkEAQAJBAMACQQFAAkEEgDa eZDVGQAJBBsACQQPAAkEGQAJBBsACQQPAAkEGQAJBBsACQQAAAcAAAAAAAkEBgACAEAAAQAJ CAYAAgBAAAAABwQGAAIAQAABAAoMBgACAEAAAQAMBAYAAgBAAAAACQQAAAAAQAAAAAcEAAAA AEAAZwABAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAXFNAAAAAAAAAAAAAAAECAAIAbBP9 AAAAAAAAAAAAAAECAAIAMn1eAgAAAAAAAAAAAAECAAIArVhnAgAAAAAAAAAAAAECAAIAtQua AgAAAAAAAAAAAAECAAIAV3xaBQAAAAAAAAAAAAECAAIAYzN4BwAAAAAAAAAAAAECAAIAAXSs BwAAAAAAAAAAAAECAAIAaUGUDBU/Y20AAAAAAABLDL0OAAAAAAAAAAAAAQIAAgBXQa4PAAAA AAAAAAAAAQIAAgCOEX8QAAAAAAAAAAAAAQIAAgDoTzwRAAAAAAAAAAAAAQIAAgD1IlQTAAAA AAAAAAAAAQIAAgCwGJQUAAAAAAAAAAAAAQIAAgC2Sy8W5WdnGAAAAAAAAAUxlhYAAAAAAAAA AAABAgACAOA7GBdOYtEiAAAAAAAAnj3kFwAAAAAAAAAAAAECAAIA5WdnGAAAAAAAAAAAAAEC AAIAlT1AGgAAAAAAAAAAAAECAAIAJTbMGlsMbEgAAAAAAABGI0obAAAAAAAAAAAAAQIAAgCI aB4cAAAAAAAAAAAAAQIAAgCDTFAdAAAAAAAAAAAAAQIAAgDPZE8eAAAAAAAAAAAAAQIAAgBU K1wgAAAAAAAAAAAPARIAbwAAAG8AAABvAAAAbwAAAAIArRqzIAAAAAAAAAAAAAECAAIAv2ui IgAAAAAAAAAAAAECAAIATmLRIgAAAAAAAAAAAAECAAIAQiSxJQAAAAAAAAAAAAECAAIAFEL7 JQAAAAAAAAAAAAECAAIABQSeKwAAAAAAAAAAAAECAAIADXH8LAAAAAAAAAAAAAECAAIAk1c1 LlQ5VkkAAAAAAQAEANwFAABhOjYwAAAAAAAAAAAAAQIAAgBuUFswbXS7NQAAAAAAAJUt9DAA AAAAAAAAAAABAgACAPxhOTIAAAAAAAAAAA8BEgCWAAAAlgAAAJYAAACWAAAAAgC3VK4zAAAA AAAAAAAAAQIAAgBtdLs1AAAAAAAAAAAAAQIAAgAkV0s4AAAAAAAAAAAAAQIAAgCXQQY6AAAA AAAAAAAPARIAlgAAAJYAAACWAAAAlgAAAAIA4xvnPAAAAAAAAAAAAAECAAIAzydOPQAAAAAA AAAAAAECAAIA7xDHPgAAAAAAAAAAAAECAAIAizYUPwAAAAAAAAAAAAECAAIA8AZ7PwAAAAAA AAAAAAECAAIA+kKLQQAAAAAAAAAAAAECAAIADwPaQQAAAAAAAAAAAAECAAIARGmeQi5arGwA AAAAAAAXGlBDAAAAAAAAAAAAAQIAAgDbVxhGnj3kFwAAAAAAAHwSdEYAAAAAAAAAAAABAgAC AHFx30cAAAAAAAAAAAABAgACAFsMbEgAAAAAAAAAAAABAgACAFQ5VknzJ2NuAAAAAAAAaj3w SQAAAAAAAAAAAAECAAIAbQOcSgAAAAAAAAAADwESAJYAAACWAAAAlgAAAJYAAAACAGppzk4A AAAAAAAAAAABAgACAJ0b404AAAAAAAAAAAABAgACAJRMmVAAAAAAAAAAAAABAgACAJ8o0VBR YL1lAAAAAAAAYmk7UgAAAAAAAAAAAAECAAIA6jhAUgAAAAAAAAAAAAECAAIAvzZnVAAAAAAA AAAAAAECAAIA4AFyVwAAAAAAAAAAAAECAAIAb2OMVwAAAAAAAAAAAAECAAIA2yRHWgAAAAAA AAAAAAECAAIAwjyzWgAAAAAAAAAAAAECAAIAIlOqWwAAAAAAAAAAAAECAAIARUr6WwAAAAAA AAAAAAECAAIA3HtSXAAAAAAAAAAAAAECAAIADkCGXAAAAAAAAAAAAAECAAIA3zmJXAAAAAAA AAAAAAECAAIAxVzXXAAAAAAAAAAAAAECAAIABGhcXQAAAAAAAAAAAAECAAIABxRnXQAAAAAA AAAAAAECAAIARiYuXwAAAAAAAAAAAAECAAIAY0+ZYgAAAAAAAAAAAAECAAIAUWC9ZQAAAAAA AAAAAAECAAIA21CZagAAAAAAAAAAAAECAAIAEiDeagAAAAAAAAAAAAECAAIAsyj9awAAAAAA AAAAAAECAAIALlqsbAAAAAAAAAAAAAECAAIAFT9jbQAAAAAAAAAAAAECAAIAKhGrbQAAAAAA AAAAAAECAAIA8ydjbgAAAAAAAAAADwESAA8AAAAPAAAADwAAAA8AAAACACF/DXAAAAAAAAAA AAABAgACADBlTnIAAAAAAAAAAAABAgACAP81sXIAAAAAAAAAAA8BEgB4AAAAeAAAAHgAAAB4 AAAAAgD+dLlyAAAAAAAAAAAPARIAlgAAAJYAAACWAAAAlgAAAAIAdmzQcgAAAAAAAAAAAAEC AAIA53LBdAAAAAAAAAAAAAECAAIAqkvxdgAAAAAAAAAAAAECAAIAghYldwAAAAAAAAAAAAEC AAIADWBcdwAAAAAAAAAAAAECAAIAkzE/eQAAAAAAAAAAAAECAAIA8nyleQAAAAAAAAAAAAEC AAIAtmwvfAAAAAAAAAAAAAECAAIAlHEZfQAAAAAAAAAAAAECAAIAmw0AAAQAAAAIAAAA5QAA AAAAAABjDQAA6BIAAM4XAABlLQAA/EoAADBQAADTUAAAZ1MAAHtUAADCZAAAZHkAAFYBAQB9 BAEApQkBAGEKAQBxDwEAKR0BAKAiAQA/JAEAti0BAHU8AQAmRAEAn1EBAH1bAQDMYQEAFHAB AAJ3AQB4eAEArX4BAPkCAgBgBwIAJRkCAOQZAgA2LAIAIz8CANtGAgBETgIAVFECAGVbAgDf BQMAVBYDAP8sAwDAMAMAojUDAEA8AwArQgMAxUUDAG5JAwC1TwMAznEDAOV0AwDRdwMABngD AFJ8AwAufQMAowAEABMgBADMKgQA/j8EAL5ABACWRAQAyVEEADNaBADDAQUA/gcFABUIBQDo FwUARS0FACNZBQAXXQUATGIFANljBQD1ZgUAsn4FAFoSBgBdHgYAH1UGAHVjBgC6bwYAj3YG ADcMBwBdFQcA/hcHAIAdBwArIgcAXSIHABAkBwAxLgcAYDMHAIczBwDuNAcAOzsHAOY8BwBC TgcAbGUHAKtuBwCWcgcAqAgIAFQhCADeNAgAOz8IAP8/CAC6SggA9VAIAI1dCABEYQgAUmUI AJxoCABmdwgAsQAJAMAKCQA4DwkAaBYJAEoaCQDkIQkA8CoJAEUuCQA4PQkAVkIJAMdJCQDb VAkAGVYJAFkECgBtBwoAUQsKAPgcCgDVHwoAUCIKAKYnCgDuKgoAxi4KAOk9CgBeTgoAXnMK ANB2CgD+ewoAQhELAEUYCwDbGgsASjYLADBCCwB3QgsAQ0QLAKlECwCCSgsADlULAFtaCwDV WwsA0l0LAHNgCwAiYgsApwkMADgODACeFgwAGy0MABRADABWQwwAI0kMAI1KDADnUQwAq14M ACpgDADZZQwAv2sMAPt7DACIAA0AugANAN8BDQCCEA0A9RINABgnDQBFKA0A0y8NAC0wDQBq MA0AyUcNAKFMDQDjYg0APmsNAEJsDQCUdw0AVQQOAIgEDgCKCQ4AgQ4OAIMSDgApFw4AYhwO AIscDgD9Jg4AxCoOAHMsDgD8Lg4AfTAOAJ5BDgBxbQ4AZXAOAOp4DgCdeQ4AVgIPAAYbDwB4 HQ8AzR0PAJIfDwAvIA8AiS0PAKkzDwBLPw8A50IPAG1MDwBNUQ8AIlIPAJ9ZDwBMYA8AZmAP ABt0DwCGfQ8A2gsQADUkEAC1JBAASDAQABo0EAB+NRAA7D0QADlWEABNZRAAn3gQAFJ6EAAJ fBAA3wIRAP0MEQAsDxEA9ScRAHA9EQDTPxEAzFcRALJaEQCUahEAFG0RAEd6EQCJfxEA0AoS AM0cEgBqJxIAlk0SAD1TEgACZhIAlnMSAER3EgB1AhMA4xETAPoaEwDsLRMAlDsTADU+EwAa UBMAv1ETAJ5UEwCfXBMAoV0TAExfEwB/ZhMADGkTAHprEwD5bRMAym4TAD11EwDcDxQARBcU AFc4FAC4RBQAvUkUAG1NFACnXhQAGGoUAEVqFABibBQAZm4UAHB0FADddRQA9XUUACMBFQDy BRUAEwYVAF0WFQChJBUAQSUVANAoFQArNxUACTwVAOtCFQBDTBUApV4VAJ5fFQBOYxUAhWwV AOF9FQA5ABYA+wYWAE8JFgDvChYAxg0WAEMXFgCvIxYADCUWADolFgAaKBYAn0wWABxPFgAq YBYAtmUWAKFqFgDfbRYAfgcXAAYOFwBnHBcA1ScXAIouFwAbLxcAUzAXAKRBFwDLSRcAeUoX AE5PFwDAcxcAZXQXALR3FwB0BBgAShMYAHMXGADYIBgAwCUYAMUwGACfNxgAnEEYAAJNGAD5 UhgAq1cYADJbGAAlcRgA0noYAEQHGQCaCxkAhAwZAIYQGQASFRkAABkZAJkeGQBHNhkAaTgZ AHFFGQB7SRkAIE0ZAJ5VGQAPbxkAggYaAI8LGgC3FBoAihsaAAEdGgCJNxoAbDgaANk8GgBo RRoA70gaADlUGgBKWBoAZ10aAON1GgDTdhoAmnoaAJl7GgC1AhsABhQbAFMkGwA3LRsAyTob AMxAGwCcXRsAJWYbAIJpGwBPbBsAAnwbANN9GwB4BxwAwB0cAOMfHAArIxwAeSscAE0vHADq SBwAFkwcAM9NHADQVhwAaFccAIFcHAD+aBwAz3gcABcHHQBCDB0A2BkdAOcdHQANIR0AEiMd AI06HQCsOx0AOT4dAOJKHQDxTh0AjU8dAApRHQB1VB0AIVgdALFqHQCJfB0AiQweAOEdHgAi Ih4AlCQeADYoHgC1Kh4ATjweAOE9HgB5Ph4ArEYeAJpIHgC5SR4AIk8eACVVHgCZVh4AQVge ACtqHgCtbR4Asm4eAMR+HgBvCB8A+gofAMoQHwDXFB8A+RYfANsXHwBnGh8AkysfAEs5HwCD PB8A7z4fAE1KHwDsUB8AgFcfAIRbHwBQZR8AI3wfAFB+HwD7GyAAzCUgAAYmIABSKSAAdEQg ALVKIAD2ASEAfSshAIY3IQDnOSEAK0AhAEhAIQAbTyEAvGQhANN0IQCsDCIAOBciALgsIgAI LiIAt2MiAHl8IgCcACMAsQ0jACgvIwDvNiMAf0MjANBEIwA0SCMA4E4jADtQIwC9USMAi2Aj ACRrIwCGdCMAlXUjAJd2IwAXBCQAFgUkABYJJAAnCiQAziAkACMhJABfPSQAtEckAG1KJAA5 UiQAKlQkAIpaJAAfYSQAI2gkAJBpJADecCQAsnIkAIp9JAD5AiUAWholANMgJQAEMiUAfjgl ANZPJQB5YyUAKGUlAAxrJQCNciUAQ3MlAIwBJgD5BCYAcAUmAIAKJgBgCyYAqAwmAJYuJgDe RCYAUU8mAD5mJgBIZiYAYnYmAIF/JgDNAScA+xcnADUYJwBrGCcAmyEnAIApJwBmKycAdDMn AFQ6JwC9PycAekwnAMlQJwCGUicANVgnANdZJwDqXScAmWQnAJx1JwB1dicAYCgoAC4sKADn PSgAVT4oAIRFKABuSSgA50woAApSKAC9UygAA1coAN5XKACQWigA610oALVlKAAFaigADm4o ANd2KADhdigAiXcoAI93KAAWEikATxIpAL0XKQAhGSkAlBkpACgiKQC+RCkA5mIpAAdmKQDD fykA+gQqAC4FKgCIBioAOA0qAKkVKgD8JSoAxC4qABFLKgCpUSoAHWcqAHtwKgBvcSoABggr ABcYKwB3GSsAABorANpPKwBFUCsA9FkrAPReKwByaCsAJngrACofLABCHywA+CosAEI3LAAO PCwADUYsAHBfLACzaSwAaWssAOtyLACeBS0AXSYtABEvLQDUNC0AM0UtAB5bLQA/Zy0AxGct AFxqLQCHbi0AqAIuAGkSLgBtFi4A4RouANEiLgB5JS4AFCYuAN08LgCwQS4AfEUuAFxHLgDp Si4A00wuAIFWLgClXS4Aw10uAMxtLgCEby4AZXEuAJ96LgAEfC4Af38uAF4lLwAsLi8A3Dkv AARALwDcSy8AZ1AvACNZLwDzWS8A+GMvANtoLwBkbC8A8X0vAGwEMABIFzAAnCMwAPMpMAAv LTAABjIwAOgzMADyOzAApFMwADhYMACRWDAAFVswACttMAD+dDAAmXcwACl/MAAHATEAjwox ALIlMQBVKzEAez0xAJtGMQBBRzEA81IxABBbMQBuZjEACXIxAKp4MQBtfDEANn8xAF8LMgBw JjIA5ygyANowMgA9RDIAQVEyAJ5iMgBjYzIAHmcyAFh3MgBoATMAfgMzAG4KMwCfDjMAlxAz ALgSMwALIzMAY0EzAO5CMwCeRDMAQ0wzAENSMwD5UjMAPlkzALVeMwAoajMAVGozAA1tMwDB bzMAuXczAF95MwA5fDMAQAY0AC4XNABvGjQA+h80AFcpNABoKjQAtDA0AIsxNACgMzQAZDc0 APVSNAB0VDQA72E0AH9kNABcajQA1W80ADByNADaeDQA8H40AEICNQCjDzUAsRA1AP4eNQCS IjUA1Cg1ADozNQAxPDUAFT41AIJKNQBqYjUAP2c1ALJxNQDHczUAwH41AE4DNgCXBDYA0QQ2 AMkJNgBgEDYAKBk2AKoZNgBKIjYAdiY2ANc0NgDWNzYAG0I2AAJMNgAGTDYAqVA2AOdbNgCD djYA0QI3AB4ENwDFIjcA8y03AA4vNwCwOzcA1kE3APVJNwDEVTcAz143AAZiNwAnaDcA5HM3 AEV7NwBRBzgAMBU4AD4XOACwFzgAIDI4AME5OAAGPzgAZkw4AEFPOAD3WTgAVGM4AHtyOAAy dTgArns4APMKOQByEDkAahk5AG0fOQAKJTkAZSk5AHc0OQB2STkA60w5AAFaOQDEWzkA3Gw5 ACkTOgA8EzoAVRo6AFglOgCwJzoA2Cg6AP8sOgDWLjoAVzw6AMc9OgC5RToASVs6AAxgOgA7 YToAwm86AOp8OgB4BDsARAs7AG0VOwBYHDsAIh47ACYqOwA5ODsAwDg7AEo6OwAZPTsAjVI7 AMVSOwBnWDsAsl07AGhgOwANaTsAEm87AHZxOwCDAjwArAc8ALMJPACrEzwA0Rc8AKEePAD+ HzwA9CY8AN8pPACQLTwAmkI8AORGPAB2STwAIUs8AClOPADAdDwAdXU8ACB+PACSAD0AABM9 AGA5PQCXPD0A3EE9ABxGPQCAST0AQFo9AAxqPQAcdT0AOn49AIUEPgB4Bj4ANwo+ACUYPgAu KT4AwDg+AIo8PgD2PT4AN0M+ALFkPgDKbD4AxgA/ABMFPwCIID8ADTs/AFw+PwCWQT8AiEM/ AP9EPwBCRT8A2ko/AH5xPwDCcz8ApX0/AKJ/PwCtC0AA0A9AABwRQABuFEAALx5AAD4fQABR NEAAPTpAADlWQABgaEAAqWhAAARpQADxbkAAanxAAMwGQQCHEkEAthJBADYUQQCiHUEApSFB AKQ9QQDIRkEAHVdBAH1oQQD0cEEAlndBAEF7QQBnfUEAMwBCADkWQgDrGEIA5yBCAEoiQgBK KUIAnilCANQvQgDTM0IAzTpCAKQ/QgCSREIAhkpCAIpTQgAfWkIAb19CAANkQgBnakIAjW1C ADlvQgAUekIA4AZDAM4HQwAGCUMAYAtDAEsQQwChE0MAKR1DAKAkQwAGJ0MA/DFDAOw3QwCf OkMA1jpDAKNMQwBKWEMA/FlDAB9aQwAbW0MAdmJDAFFoQwAMbUMAcW5DAONyQwBIdUMA8w9E AFMWRADMPEQAsEBEABpKRAB4S0QAyFVEADJjRAARZ0QAYmpEAFxwRABmc0QAnXhEANl7RACp AEUArQJFAMYQRQDREkUASyNFAPUqRQAcLUUAvDhFAO84RQDbRkUAPktFABRRRQAoWkUAX2RF AL1nRQDuaEUAJHdFABx4RQBLA0YAAw5GAIYSRgAIJUYANTVGAMo6RgD6P0YA4EVGAFVKRgDb T0YAWFVGADFXRgCaZUYAVXVGANh/RgD8A0cAUwdHAI8RRwAXEkcACxRHABcmRwCsJkcA71BH AKlhRwA8b0cAnHBHAGh0RwBZe0cAcwBIAFkKSACJC0gAHAxIAA8kSADmLEgAUkVIAJBNSABt WkgASFxIAIpcSACjXkgAhmJIAE5rSAB1ekgAzwJJAE4ESQBbB0kAe0BJANlGSQDxR0kAE2FJ AJFjSQAyZEkAJntJAIN7SQDkCEoAsA9KAMQRSgCWFUoAaB1KAOwrSgDPMUoAkldKADVcSgAe X0oAmGRKAF1pSgBaa0oA2XdKACQESwDYBUsAswZLAA4JSwAAEEsAAhVLAMEaSwBJKUsASS5L AAdKSwDTTEsA61RLAPFUSwA4WUsA+39LAAAATACrAEwAKAxMAMQPTACmF0wAiRhMADMaTAAm HUwAkx1MADkxTACcPUwALUJMAA9RTADiUkwAFGFMAKVsTAD7fUwAIwJNAFERTQAkF00AGRlN AEUfTQCnJ00Agi1NAJMyTQCvQU0AL1hNAH9lTQBZa00A425NAGJyTQD1c00AxH1NAMgBTgAZ Ak4ASBNOAPclTgDEKk4ARjJOAK40TgArT04AKVhOAAtcTgAcXk4AIWVOAGMBTwD2Ak8AggVP AA4JTwB3EE8A7xJPAMETTwBKH08A6jFPAPcxTwC2PE8A00pPAHxdTwBRXk8A1HBPANZzTwBg eE8AsX9PAAsFUAAgEFAA/xBQAA8VUAATFlAA8xhQAM0bUAACMlAAvDhQACQ+UADfPlAAMExQ AClTUAC+U1AAPFRQABBVUADOYlAA8mVQAPJrUADDbVAAundQANh/UAApBFEAmA5RAAMRUQAp G1EA5S5RAKc5UQDqZVEAimZRABluUQCdblEA8nNRAOZ8UQCJCFIA7Q5SAKAaUgAwHlIAmR5S AIAfUgCmK1IA/DBSABUxUgDoNVIAq0BSAJVCUgD8U1IA/mNSAEpmUgCZalIAa25SABFwUgBf c1IAF3VSAOx6UgBwAFMAbQVTAIQIUwCrCVMA+ipTAAUwUwCdNFMA20pTAGNtUwA1AFQAHwhU AEIOVAC8D1QASBNUAJwTVADHGFQAtBtUAD0hVACJKlQA0DNUAHM3VADmOFQABEBUAG9LVADv TFQAL1BUACBwVADzdFQAMHZUAPB7VACME1UAmhlVAFQhVQAwKVUARTJVACc1VQAITFUAQlZV ACVmVQCTalUAXG5VAHtyVQBbf1UAtxNWAAUfVgBuQFYAokpWANZgVgArZ1YAGGpWAAt2VgAs f1YALA1XAPMbVwC8LFcAyVJXAENiVwBpbFcAgnNXAFh4VwDmfFcAIQdYAC8JWACdClgA4Q9Y AJcRWAAgElgACRRYAOsbWAAzOVgAg0VYAPBJWADySlgAWUxYAOxUWACYWlgAh29YABZ2WABA eVgAJxdZAPQtWQBuLlkAZzNZAP02WQBWO1kAzD1ZADlFWQDmRVkAgUpZAM1PWQARaVkAznpZ AG8IWgAaE1oA8BNaAKofWgCcQloA7U1aALJPWgBXa1oAgm9aACV3WgDHeloAg31aAIh+WgDv ClsAOw5bAAAUWwB4H1sAqipbALc9WwDLR1sAlEhbAJdPWwAOU1sA0VdbAKNfWwAWbFsAZm5b AP8DXADoBVwAjA1cALUmXADrNFwAYUlcAMdkXADsZVwA1mpcAGxrXABaI10AxkRdAIdIXQD+ Sl0AP1BdAO1kXQApZl0A6W9dAJV3XQCqBF4AOwleAIQNXgB+El4A8xNeAK0dXgDlH14AvCde AKcuXgCpL14AJDVeACtUXgCcWV4AZ2JeACR7XgApfl4AFAZfAHoJXwAdEV8AOR1fAP8jXwAU Ql8Ay0dfAEBJXwDATV8A9E1fAGFSXwC1XV8AJm9fAIkEYABROmAALT5gALdOYABDUmAA1Vpg AHxlYADlaGAAEGlgAHpvYACAA2EAiQRhAEgQYQAeE2EAfhlhAH4bYQD1JmEAMjVhAMI7YQCb PWEAZ0lhALlTYQDKZGEAUHZhAGADYgBjMWIAGTZiACVGYgC+S2IAClliAJFjYgAjaGIAS3Ni APsIYwB4FWMAghZjAO0lYwCnNmMAaztjAPhDYwBTSGMA1ExjADhQYwD8UGMAvlRjAAhXYwAs dWMAxwpkADYhZABVJmQA+i9kAJY/ZAAtTmQAElhkAKhaZACEaWQAuXJkAL14ZAA4emQAsX9k AGEdZQAKJ2UAdidlAEwqZQDqWWUAAVxlAJR1ZQBnDGYAchdmACIaZgCVH2YARyBmAHo1ZgA8 TWYAplpmANRhZgD8amYAa25mAPF/ZgClBGcApgRnAOkLZwB6GGcAix5nABkxZwCJN2cAPEhn AKVOZwAiY2cAH2xnAEt/ZwDmEmgAVC1oABkuaABSMWgAZTVoACM3aAAUPWgATT9oAMdIaAAy XmgAcV5oAI5gaABEbGgAnXdoAGAoaQAtLGkAuzFpAEFKaQAUTGkA7FhpACdlaQAraWkAvm5p AFQMagDyDmoAmBlqAJUeagClHmoA8R9qAKYkagDmJWoAd19qAMdsagD8dWoAInlqACB7agBn fWoAigNrAEkGawC3CWsAXhBrABsZawAmJ2sAHjhrAGE+awDUTGsAUlVrAEFYawBXZ2sA82lr AK9yawAWB2wAHCRsAP0nbABNLWwAFDRsAFg1bAAcOGwAEzxsAEJKbABKY2wAygFtAE8RbQC2 I20AiyZtAFsubQC2NG0AMjVtAOU4bQBGRG0AA01tAJ9RbQDlXW0APmBtAJFmbQCoa20AhHht AI4GbgAjEG4AjRluAMMabgAMLm4AJzZuAKlHbgDVR24AKk5uABRQbgD7Vm4AUFxuAIVwbgCz eG4AS3puAMt8bgAEf24AKgFvAHsfbwDSKm8Acy1vAHgvbwAlP28AdkBvACFRbwBoVG8AnVVv AP1fbwCkYm8AMWVvAIplbwAZb28A3HxvALwBcAD7CnAAnyhwAFoscACeU3AAGlRwANhccAAj bHAAF35wAIgLcQBVGXEApCRxAKskcQDEKnEAEjRxAHZScQBZVXEAUFxxAKJecQAWYHEAqXpx ANoJcgBeInIAsClyANMtcgAwLnIAmzNyAGZFcgDweHIA5H1yAKkocwB5UXMAplNzABdUcwBS YHMAc2pzAAJ3cwC6fXMAan5zADkEdADlBnQA+Ap0AOwTdAB/G3QAyCB0AOAsdACYLXQAijd0 ALM+dAC0RXQAXVN0AF1XdACqcHQAZnN0AEp2dABsdnQAY3d0AMB8dABEf3QAZgx1AH47dQCl RHUAlk91ABBjdQAqY3UAR251AJ50dQCRdnUAa3d1AGwLdgDREXYA8RJ2AC8idgDVI3YALTl2 ABNCdgD4R3YAwGp2AEFxdgCUdnYA9nt2AER9dgCVAXcAbBR3ALQvdwAHM3cAHDV3AKc4dwCp U3cAhF93AHhldwAwaXcAX213AMp0dwBfeHcAhwJ4ACMOeADCE3gAHBd4AL8ZeABePXgADFZ4 ACRWeADzWXgAi194AOtneAD4engAUgV5APcbeQAnI3kAVDB5AKdEeQAiT3kAIFB5AMFqeQBV b3kADHN5AEx0eQCNd3kAnHp5AG0BegC1AXoAnB96AMgvegDsPnoA1kp6AB9XegAcWHoAMV56 AEZkegDPZHoA7Ap7AGIcewAeIXsADyV7APk7ewCRQnsAuUZ7AIFpewBka3sAnHN7ALULfADH D3wAayJ8ALcwfAAHNXwAGjZ8AKVRfADVUXwAM218AGEAfQAkIX0AFC19AHgwfQCPMH0AejF9 ANoxfQDdNH0Arzh9AAJCfQBeUn0A4lN9ABhVfQDhVX0A0WF9AC9lfQAFcH0AgH99AH4FfgCo BX4AqRd+AIwrfgAoL34ACTJ+ALAzfgB0N34AyD9+AF5MfgD/TX4ArF1+AExefgDHX34AymJ+ AKN4fgDXen4AvQB/AKcBfwCnA38ARgx/AJkffwAuNX8Aa0R/AAlbfwBkeH8Ahnh/ACJ6fwD1 e38AtX1/AAAGgABXMYAABjSAAIA0gACEPoAAIU+AAHRVgACfZYAABmaAAP5ygAAYFYEAyyKB ANMigQCIKIEALy+BAO4wgQDTM4EALTWBAHs1gQAeQYEA+FGBAD9XgQDDY4EAPH+BAJACggDk BIIAsAmCAPEMggCEGYIA5CaCAMEzggCTO4IAj06CAMpgggCBY4IAGHGCAGEHgwCFFYMAPBaD AIAYgwCmG4MABx6DAIkfgwAsIoMAPyKDANUsgwAdLYMA7S+DAAczgwDgPYMAMEODAPdPgwDi UIMAUlaDAG9egwANdoMAF3eDAOsAhAAFG4QATzyEAP48hACPPoQA8D6EAO0/hAD4Q4QA40mE AK5KhABMT4QARGuEAJd0hACZfYQAb36EAJcChQCFH4UAcCOFALszhQBqNoUAiz+FADZEhQCT VIUA8VyFAORihQBQaYUAYHWFAKwEhgARC4YAVAuGAG0RhgB/GoYAPRuGABkghgDtJIYAYjqG AOg9hgDvP4YAv0iGAK9JhgByT4YAtlSGAEJmhgDScoYALn6GAK0KhwBJF4cA3RqHALRKhwBK ZocAmGeHALpshwAZb4cAD3SHALR3hwC1eocAIwWIAIMJiABhGIgAiCWIAK8miABTKYgAVSuI AEc8iAA5PYgA3kGIAEhCiADARIgAR1aIAGBfiADXX4gAzmOIAMB3iACnAIkA5g2JADYSiQAK FokAWBeJAP9FiQBlRokAeE+JALJpiQDZbokAZXKJAMp9iQC2fokAbgSKAB8RigArEooAux2K AMAgigBMKIoAlzSKAP88igCuP4oAxUWKAI9iigAYbIoA43uKADZ9igBoJ4sAzCmLANc4iwAl WIsAx1mLAPliiwBWaosAxXSLABYMjADDEowA/BmMAM0ajABKPIwAgz2MADtUjABdYowAv2WM AARrjAB+b4wAlXKMACZzjAAoc4wAcXOMANV2jABLfYwArQuNAMwMjQBaFY0A7RuNAGgdjQCc MY0AwziNAMBQjQAqVo0AyliNAD1rjQBmDY4A8RGOACQajgB1No4A30mOACNKjgChSo4A5E6O ACxbjgAOZ44A6GeOADJvjgDRB48AwwiPACATjwBFF48A3CyPALk+jwC6Po8APEOPAD1djwDq fI8AVgSQACMIkAAFHJAAYSOQAA8ykAClPJAAYj2QAHxvkACoAZEA0gSRAEQUkQBKFpEAdRiR ANklkQA4LJEA1ECRAIRBkQBPTpEAYE6RANtQkQChUpEADV2RAHtgkQAGAJIA6AaSANkMkgCI J5IArUSSAAtLkgDPZ5IAc2uSAOxwkgAYd5IAdxaTAJAekwAIUpMAiWKTAI1kkwBmapMAXGyT ABJ6kwBuepMAOn6TALwNlACnK5QA2DmUAHBelADvapQAImyUAPFwlADSc5QAwnaUAM5/lAB9 A5UAdgWVAMoFlQDPB5UAgR2VAOMglQDVMJUAMT2VAKlAlQACQ5UAAl2VACxolQCBc5UAHnaV ACx7lQAZBZYAxhOWAGsYlgC6HZYAeiaWADErlgDhLZYA9i+WAGwwlgBXN5YALEuWAPpQlgDs VJYAW2iWAJRplgBgeJYAUn6WAAQGlwDVGpcAtBuXAP0dlwBdJ5cAXj6XALlDlwALRJcA+lmX AANolwBTeJcAjniXAAt8lwBPEZgA8xiYAHkfmADWJZgAVzeYAGpCmAAJVZgAO12YAHABmQAv CpkAGBaZANsimQBLJZkA/SaZAMQsmQB1MpkAnTSZAEtBmQD8SJkAUEqZAE9PmQA5U5kAR2uZ AINrmQB8cZkA93GZAARymQA5fZkA+AuaAOMQmgAfEZoAcxmaAMslmgA9J5oAtSeaAB8omgD6 KpoA+zCaAIkzmgDnP5oAQEmaAKZUmgByVpoAK1eaAM9fmgABe5oAaQObABMJmwCzHpsAESWb ACUrmwBZLZsAx0qbANdUmwA2WpsA8WybAMgFnAAPHJwA6SCcAEkhnAA6JpwAfSecALounADf SZwAtE2cANJOnABtVZwAAV+cACFinAAQbJwA726cAPNznABbdpwA+AudALEZnQDvLJ0ADDWd AHhMnQDATJ0Aik6dALtQnQC1Up0AZGOdAN9vnQDAdJ0A+wCeAGUIngBIEJ4A2hCeAG4RngBS GJ4AahueADMmngAzPJ4AkVueAPJhngBIY54A62ueAC5/ngB/B58AuxOfAPMZnwCnIp8AdCyf ACFAnwBGWZ8AF1qfAB1cnwDRXJ8AAF6fABdfnwDoaZ8Aq2qfAFh0nwAMeJ8ARQKgAA8JoACk E6AAgRigAP0boAC4O6AAUkugAAJooAAlbqAAlW+gAJZwoADXdaAAI3ygAGACoQCPBKEAXAuh AJoQoQBLF6EAxx+hAIIooQBlLaEANEKhAD9eoQA/eKEA1XyhAKV9oQCDB6IABgqiAEUTogDV GaIA2C2iABA2ogCYOaIAaVyiAA1iogChY6IAOHGiAL57ogAFMaMAdzyjAJNLowD8UqMAX1yj AL9iowBfb6MAanCjAA9yowCyd6MAmwSkAGUKpACuC6QAwA+kAEESpAAZFaQAphWkAIccpADR HKQAcjOkAPdMpAD1VKQAmGmkAHZrpABHfKQAdX+kAP4MpQCXEaUAexalAFkXpQCgGqUAyzOl ALI/pQCsQ6UAYUSlAChdpQBpYKUAInSlACt1pQBUdaUAIXelAHJ3pQB3eKUAKQWmAF0UpgCS KqYAHDKmAGA2pgAcP6YAq0OmABFapgCMYqYAeXCmAMYDpwC8BqcAVgenAHIXpwC7HqcAfCCn AL0gpwAkJacAvDinAIlJpwDMTqcAP2GnANNppwANbqcAl2+nAL1wpwCYdqcAE3unAOx+pwAi JagAIy+oAFo1qADUNagAKkaoAJ9SqAADVagAKleoANxeqACEeqgArn2oAAISqQB/HKkAwTup AMBDqQDCRqkAIVepAOpZqQCDYakAgWWpAE9wqQDzdKkAMHipAKV5qQD6AaoAKgKqAGcXqgDK NqoABTuqAGNGqgDsXKoACG6qAJ53qgBpeqoAYgmrAHorqwCULKsAaTWrALI5qwDsOasARz2r AB1bqwCAW6sA1WCrAIBlqwDfaKsAO3OrAOMNrABSFawA6xasAGYwrAD+PawAQz6sAGlArABn QqwA5GGsAANyrADJdKwA6A+tAP0PrQB5Fq0AByitAAgprQB8Ka0AzSqtAH0wrQBuMq0ARDqt AGc6rQAYUa0AQXmtAKx+rQCfAK4AuwKuAEEFrgCvEK4A+RGuAFcxrgDgM64AgTeuAOY3rgBm O64A90CuAL53rgDGfq4ASQWvADsLrwDYEq8AGCavAM4zrwBIO68AJj6vAAZLrwD5CLAAIxCw AIsQsACdFrAAsRawAP4dsAClN7AAZj6wAEhVsABAXbAA0WewAClrsABdcrAAxwCxAJACsQBO BbEA9gaxAP0TsQARHrEA+zKxAPM0sQCsN7EAiUexAM9IsQDhS7EAR26xABB2sQBrfLEAM32x AJcbsgBbNLIAtE+yAKJXsgCaW7IASmKyANdjsgClZLIAWn+yAH4AswAXD7MAWRKzALUXswDB GbMAdRqzANAdswDOLrMAAC+zAHMyswADPLMA/D2zAA8+swCPQLMAPEyzAF5MswCqT7MAd1Gz AKJXswB7WLMAAwK0AIQDtAADDLQA1CO0AC4ptABgL7QArjm0ABQ/tACYQLQA2Uy0AAVitADK aLQAmXm0AEMOtQAEEbUAEhW1ADsXtQCjF7UAzRi1AJIqtQAJN7UAtDq1AB9AtQDvQrUAO0e1 APFHtQATSbUAgFG1ACJStQBTV7UAzmC1APthtQCOabUAIGu1AL94tQCne7UAHxC2AKURtgDn ErYA2ha2AGIftgCYJLYA/TC2AKg3tgCDPbYATUO2ALdGtgC/U7YAJ2G2AJx0tgBNdbYAbX22 AHAEtwBrJrcAXzC3ANVKtwDBTLcAPVK3AM1htwA9Z7cAeHC3AMp7twDCfLcAr323AFgBuABd DrgAcxi4AAMbuAD3KrgA+EC4ACRBuAD+QbgAKEu4AElTuACja7gA5nO4AJkGuQDeE7kAQxi5 ANcZuQAgIbkAtTi5AI87uQCQPLkAN0C5AFpKuQBQTLkAwU65AIVXuQAnYrkAOWO5AFhmuQBL arkAonK5ADRzuQAQE7oAViK6ALIxugB6O7oAmz66AH1BugA0RLoAn0a6AP5HugCxW7oAqWG6 AEgMuwC+H7sAMyi7AIguuwDiM7sARUC7AIlauwDQYrsA2wC8AM8XvACbMbwA0ju8AHtAvABN RbwA40m8ALZevACbX7wA8Gy8AMNzvAAsdrwA8wK9AHwOvQDvGb0AvBu9ALQtvQCYOL0Aq0q9 AI1PvQCJV70ALly9AABgvQDHa70APHS9AOJ0vQB+Ar4AiB++AP4qvgAkNb4AUTe+AO04vgDt eL4AIHm+ANkBvwDNBr8A9Qe/AFUTvwAKFb8AXxm/AJYavwCRHb8A8R+/AGoivwB2M78ARzW/ ABhCvwBjab8A6XW/AFF2vwCLBcAAdyHAAHIrwADwMMAAv0LAAHhNwAATU8AAzlnAABMFwQBO CMEAig/BAN0awQD4JsEAdSvBAGA6wQDhUMEAwVXBAMhnwQBga8EAkG/BAF4MwgDrD8IAoxnC AMgdwgAmOMIAzDrCAH4+wgCEQ8IAUkXCABRGwgDFTMIAIGPCAGtrwgCYbsIAaW/CADB8wgAG AsMAYQbDAEIRwwCdKsMACDXDALw2wwD+PcMAaj/DAItIwwCGVMMAd2bDAIhtwwDBc8MAr3XD ABN4wwAsecMA+n3DADkNxAD6G8QAZC7EABBBxAAwTMQAPU/EAKxbxAB2b8QAMnnEAFR/xAAw AsUAyATFADQWxQDdJcUAWy3FAOg0xQAROMUAdTnFAExHxQBsUMUAQ1TFAARqxQDXd8UAF3zF AJ4AxgBrAsYAaQbGACogxgDiKMYAJi7GABU6xgAtUcYAQljGAFFixgAsacYA/HDGAL9zxgA8 e8YA8RHHAAMVxwC5IscABTrHAA1ExwDmRMcA4EXHAOpKxwDhUscAwlzHANpdxwDVY8cA/GnH ALZzxwB2BsgAGw7IAIUQyADMJsgAKynIAM8uyADfMMgAXD7IABU/yACpVMgAd2DIALlpyAAq cMgAPXLIALN7yACqf8gAjhPJAGcZyQAHOMkA5jzJAJhFyQAPVckApVjJACFcyQDZY8kAZG3J ACVyyQBqc8kAvAnKANYNygAWDsoAwhDKANQRygDCHcoADCnKAEUxygAxMsoA9DbKADJIygD9 ScoABVPKAIdpygAndMoAi37KAEMVywBdIMsAmCzLANAsywD4OMsA3E/LANlvywAOF8wAUxnM AKIjzABIMswAujbMAGs6zADPPMwAoD3MAL0/zABpQMwA+U3MAItTzACWXcwAHWvMAH9uzADq b8wAj3rMAAB9zADuIc0AMiPNAHgrzQA5Ls0AMD7NACJCzQBuVs0AyGfNADZwzQA/cc0Ah3rN AOd/zQAZAs4AhRPOAPYUzgAKFc4AfRnOAJYvzgD+Mc4A7DfOAI4+zgA7R84AolLOACtpzgBU b84AzQDPAHELzwAPDM8AFCLPANAjzwDhLc8AHTPPAMY0zwDSNM8AJTbPAGU2zwAlQs8AkkbP AAVHzwACV88AIVzPALldzwDUX88ApWDPAEFkzwAtac8AAHLPAFt4zwB0fM8AXQTQANAG0ABR JtAAfCnQAB430AAPQtAAWUjQAOlU0AAnWtAAXlvQAEVc0AAebtAAhnTQAG920ACwfdAABgTR AD8G0QATFNEAlBvRAMsm0QD/J9EA+yvRAAUx0QBBONEAN0XRAPVQ0QBcVNEAd1fRAAVd0QDL X9EAY2TRABZu0QB0dtEAjxXSAKAf0gCGItIASyXSAFc30gBiXtIAqGLSADVj0gA0ZdIAemrS AKBq0gCkCtMAWBXTAKsY0wAoGdMAxSvTAOs+0wAFR9MABknTAH9L0wCdVtMAhVzTALJh0wCX aNMA/nHTAAp10wB7ddMALX3TAOZ+0wA7BtQATQnUAIUS1ACREtQAZjHUACoy1AAyM9QANDbU AHlD1ACNR9QASUrUAH9O1AC2VtQAtGPUAI9/1AAHANUAgQzVALoU1QDPGNUAuyDVAFIl1QB4 NNUAikbVAJ1L1QDqTtUAaGXVAIhl1QABcdUAUHPVALN01QBAC9YArQ/WABwU1gCVH9YA6izW AHA+1gBrRdYAfkzWAJtV1gC7XNYAo13WAKZe1gBcc9YAT3bWAMcE1wDkL9cAkjTXAGg81wDo PtcAUz/XAFxI1wDOa9cAcHPXAMx21wC1d9cAQ3vXAHgA2ACSA9gARQbYANYZ2ACAIdgAmjHY ACA12ABiPNgAPD3YABo+2ABOPtgAY0LYABFI2ACVUdgAEVfYAHFZ2AA9YNgAuGXYAEVm2ADw ZtgACGzYAOds2AB9AtkAwAvZANMQ2QDvHtkA2CLZABcm2QBiJtkAXFTZAGpa2QBnYdkAmWTZ AN942QD2eNkAfQHaAFsG2gDmCdoAQhvaAAom2gBtR9oA0EnaAMlR2gAoZdoA4mjaAHAB2wA2 FtsAyS/bAEYw2wAwOtsAzjrbAAk/2wBrSNsARF/bAJlj2wAxZNsAaGTbAChq2wCWb9sAcnPb AKoJ3ABtC9wACx7cAHAk3ABYMNwAL0bcACxN3ADeUNwADVLcACRY3ADIYdwAMHHcAAsB3QC7 LN0ArU7dAElP3QCIVt0A8lbdAHpl3QDMcN0AvXTdAKoS3gA0I94ARybeAEwv3gAfTt4A+Vze ACNz3gDXdN4AcnXeAMN63gCGe94AEH3eALsG3wARHN8A6h/fABQi3wBAPN8A5krfACNM3wBx Td8ARVjfAPlY3wDyYN8A2mnfABF53wDEfd8AKhrgAA4l4AAVJuAAuCvgANw+4ADrP+AAbkLg AF1D4ADVTeAA3FHgAEtd4ACxYOAAwG/gAHZ14ADgdeAAoHfgAMAD4QBeB+EAGxDhAD0a4QAQ HOEAKx3hAPMg4QDcI+EA1SXhAE4q4QDJLeEAEjHhAMg04QDhPeEAo0ThAAZI4QBSSuEA50/h ABFU4QBXXOEAe3LhAN104QDveeEABX7hAP8J4gDNCuIAkhbiAJ0b4gCjG+IADS3iAM9B4gDO VOIABF3iAHhf4gCzeOIAVXziANgC4wC6DuMA3SbjAO8x4wDMP+MAtkfjAPhH4wC+SOMA4FLj ADFi4wDjCeQAhBDkAGkk5ADSJuQA8CjkAE4s5ACwLOQA1zHkAJ5C5ACBTuQAg1HkAIpT5AB6 buQAuG7kAGJ55ACWfuQAlgblAMoL5QAAEOUAyRHlAOkl5QDUK+UA6jflANZG5QANS+UADkvl AG1R5QAlVOUAB2TlAIAE5gCAB+YAxQrmAKkc5gCdHuYAZy/mACcw5gBcTeYAUWLmAJhy5gCr eOYA3njmACl55gBzf+YArw7nAEk05wDAQOcAaWHnAE565wBbAOgAVgHoANYH6AACC+gAXBLo ADUW6ACRFugAEjToAOQ76ABAQugApkPoAIVW6ADxY+gAhGjoAJJv6ADsfegAOwDpALgB6QAW C+kA/hXpAKgX6QDJIukAOSjpAKJA6QDsV+kAamTpAJxq6QAtdekAJ3fpAMx56QD9fOkAUH7p AEcZ6gCsIeoAnzjqAPxa6gArYOoAVGrqAGNu6gB6c+oAmXrqAAl/6gC5AusAhRzrAOgi6wD7 I+sAjDDrAFg86wCXPOsA7EHrALhN6wCKTusA6VLrAIZr6wAKb+sA33LrAOhz6wCbd+sAOnzr AMp/6wCoA+wACgTsAAIg7ABkI+wArizsAEQ07AB+S+wADlfsAHJj7ADnaOwAIm/sADRv7AD1 c+wABQLtAAgQ7QBOG+0AEi3tAAAy7QCKMu0AFzjtACpF7QDpSu0AW03tALJj7QBfcu0A0HLt ACZz7QBJd+0AfHrtAC0s7gCCLO4AQT7uAGpP7gCET+4AmVDuAKJU7gB3aO4AqmjuAG1t7gC2 ce4AIHTuABl+7gBIAu8Axh/vAKUo7wA5M+8AKD7vAJFT7wD1be8AgnTvANcD8ACnPfAAZEbw ACZI8AC6TPAAaWDwAJZo8AAubPAAzn7wAAsO8QC7D/EA1BrxACcf8QDfI/EA/ivxAEY08QC+ RfEAV1DxALhb8QAYZPEA1nLxAHF48QCwfPEAJgTyADgM8gCyFPIAhiXyAG8m8gAUKfIAVSry ANIr8gDkYvIA+G3yAJoK8wDaF/MAxj3zAGdA8wCqRPMAxUfzAFNL8wCfV/MAd1rzAMpa8wDn XvMAxBD0ABwU9AAIGfQAHBz0AGId9ACFO/QAyDz0AIBC9ACVR/QAB0n0AF5M9ADgUvQA11f0 AHRk9ACoaPQALW70AAB09AAqAvUAHQT1ALcH9QCzEvUANxv1AOc19QADTfUAeVf1AKtZ9QDw XvUAYWv1AIN29QDEBvYASgz2APEM9gA0I/YAxjf2ADxC9gAWVPYArVb2AG9m9gBpafYAQW/2 ANF49gA1APcAwAT3AMwR9wAaEvcAoDf3AF489wAiUfcAdlf3AFx+9wBSBvgAbxH4AHoa+AAd HPgAFiT4AKko+ACzKPgA8ij4AHwv+ADwN/gAQjz4AHI9+AASd/gAXwX5AKsF+QCTDvkALxf5 AMke+QC8IfkAjzz5AP1A+QDFT/kAw135AHFl+QA3ZvkAu3b5ALp4+QCpDPoA2A76AP8d+gD1 LvoAGDT6ADBH+gBoS/oAQ1j6AMld+gA/b/oAlnj6AOAC+wB5D/sAQBz7ABof+wBWJPsA4Sr7 ABIt+wAsMfsAVjb7AG08+wALT/sAjHL7AIx5+wBtffsA0QH8ABEK/AB2EPwA/BL8ALY6/ACB PPwAtEf8AEdX/AAQZvwAOmv8AIxz/ABddPwAEnj8AAMH/QBuC/0AUxX9ANYY/QB5Gv0A4zP9 ANE+/QADSv0A7E79AAla/QDQYf0ANmP9ADFv/QC1d/0A/Hr9AKd9/QAeL/4A30f+ADVh/gCg bP4A43L+AC91/gBQdf4AN3f+AO0A/wDcMP8A5T//ABZB/wAoRP8A2UX/ACRG/wAxV/8Aj2n/ AGBx/wCIcv8AAAAAAGDQAABi0AAAAAAAAAEAAAD/QAGAAQCAvwAAgL8AAAAAAAABAAEAgL8A AAAAAACAvwAAAAAAAAIQAAAAAAAAAHnTAACYAAAQAEAAAP//AgAAAAcAVQBuAGsAbgBvAHcA bgANAEQAaQBlAHQAZQByACAAQgBlAGwAbABlAHIA//8CAAgAAAAAAAAAAAAAAAAAAAAAAAAA AQD//wIAAAAAAAAA//8AAAIA//8AAAAA//8AAAIA//8AAAAADwAAAEcekAEAAAICBgMFBAUC AwT/KgDgQXgAwAkAAAAAAAAA/wEAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEA bgAAADUekAECAAUFAQIBBwYCBQcAAAAAAAAAEAAAAAAAAAAAAAAAgAAAAABTAHkAbQBiAG8A bAAAADMukAEAAAILBgQCAgICAgT/KgDgQ3gAwAkAAAAAAAAA/wEAAAAAAABBAHIAaQBhAGwA AABHNZABgAoCAgYJBAIFCAME/wIA4Pv9x2oSAAAAAAAAAJ8AAgAAAAAATQBTACAATQBpAG4A YwBoAG8AAAAt/zP/IAAOZh1nAAA3LpABAAACDwUCAgIEAwIE/wIA4f+sAEAJAAAAAAAAAJ8B AAAAAAAAQwBhAGwAaQBiAHIAaQAAADsOkAGGBwIBBgADAQEBAQEDAAAAAACPKBYAAAAAAAAA AQAEAAAAAABTAGkAbQBTAHUAbgAAAItbU08AAD89kAEAAAIHAwkCAgUCBAT/KgDgQ3gAwAkA AAAAAAAA/wEAAAAAAABDAG8AdQByAGkAZQByACAATgBlAHcAAAA5PZABAAACCwYJAgIEAwIE /wIA4f/8AEAJAAAAAAAAAJ8BAAAAAAAAQwBvAG4AcwBvAGwAYQBzAAAANzWQAQAAAgcECQIC BQIEBAMAAAAAAAAAAAAAAAAAAAABAAAAAAAAAEMAbwB1AHIAaQBlAHIAAAA7HpABgQcCAwYA AAEBAQEBrwIAsPt812kwAAAAAAAAAJ8ACAAAAAAAQgBhAHQAYQBuAGcAAAAUvNXQAAA1LpAB AAACCwYEAwUEBAIE/y4A4VtgAMApAAAAAAAAAP8BAQAAAAAAVABhAGgAbwBtAGEAAABDBpAB AAACCwYABAUCAgIE7woA4f+hAFAAAAAAAAAAAL8BAAAAAAAATAB1AGMAaQBkAGEAIABHAHIA YQBuAGQAZQAAAEMuLAEAAAIPAwICAgQDAgTvAgCgeyAAQAAAAAAAAAAAnwEAAAAAAABDAGEA bABpAGIAcgBpACAATABpAGcAaAB0AAAAOw6QAQIABQAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA AAAAAACAAAAAAFcAaQBuAGcAZABpAG4AZwBzAAAAQR6QAQAAAgQFAwUEBgMCBP8CAOD/JABC AAAAAAAAAACfAQAAAAAAAEMAYQBtAGIAcgBpAGEAIABNAGEAdABoAAAAIgAEAEGAjBgA8NAC AABoAQAAAADOEmFHpdNiJ8NpWycYALMEAAAZHwAAR7EAABsAagAAAAQAAxB6AQAAGR8AAEex AAAbAGoAAAB6AQAAAAAAABEEAPAQAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAABsCoAW0ALQAgYESNAAAAAAAAAAAAAAAAAAA9s8AAPbPAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAA AAAAAAAADTODcQDwEADf3//9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgYWgAAAAAB8P8P AQgBPwAAAAAAAH0AAAD///9/AAAAAP///3////9/////f////3/kTo4AAAQAADIAAAAAAAAA AAAAAAAAAQAzAAAAAAAgBAAAAAAAAAAAAAAAAAAAAAAAABAcAAAOAAAAAAAAAAAAeAAAAHgA AAAAAAAAAAAAAKAFAAAKjvlPCwAAAAAAAADcAAAAAQAAAP//EgAAAAAAQABDADoAXABEAGEA dABhAFwARABvAGMAdQBtAGUAbgB0AHMAXABpAGUAdABmAF8AZAByAGEAZgB0AHMAXAB0AGUA bQBwAGwAZQB0AGUAcwBcADIALQBXAG8AcgBkAC0AdgAyAC4AMAAuAHQAZQBtAHAAbABhAHQA ZQAuAGQAbwB0ABUATgBlAHQAdwBvAHIAawAgAFcAbwByAGsAaQBuAGcAIABHAHIAbwB1AHAA AAAAAAAAEwBDAGkAcwBjAG8AIABTAHkAcwB0AGUAbQBzACwAIABJAG4AYwAuAA0ARABpAGUA dABlAHIAIABCAGUAbABsAGUAcgAAAAAAAAAAAAAAAAAAAAAAAAAAAMgAAAAGAAAALwAAAAAA DAABAAwAAgAMAAMADAAEAAwABQAMAAYADAAHAAwACAAMAAkADAAKAAwACwAMAAwADAANAAwA DgAMAA8ADAAQAAwAEQAMABIADAATAAwAFAAMABUADAAWAAwAFwAMABgADAAZAAwAGgAMABsA DAAcAAwAHQAMAB4ADAAfAAwAIAAMACEAFhAiABAQIwAMACQADAAlAAwAJgAMACcADAAoAAwA KQAMACoADxArAAwALAAMAC0ADAAuAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/wAABgECAAAAAAAAAAAA AAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAAC4AQAAEgAAAAEAAACYAAAAAgAAAKAA AAADAAAAwAAAAAQAAADMAAAABQAAAOgAAAAGAAAA9AAAAAcAAAAAAQAACAAAACQBAAAJAAAA PAEAABIAAABIAQAACgAAAGgBAAALAAAAdAEAAAwAAACAAQAADQAAAIwBAAAOAAAAmAEAAA8A AACgAQAAEAAAAKgBAAATAAAAsAEAAAIAAADkBAAAHgAAABgAAABOZXR3b3JrIFdvcmtpbmcg R3JvdXAAAAAeAAAABAAAAAAAAAAeAAAAFAAAAENpc2NvIFN5c3RlbXMsIEluYy4AHgAAAAQA AAAAAAAAHgAAAAQAAAAAAAAAHgAAABwAAAAyLVdvcmQtdjIuMC50ZW1wbGF0ZS5kb3QAAAAA HgAAABAAAABEaWV0ZXIgQmVsbGVyAAAAHgAAAAQAAAAyNAAAHgAAABgAAABNaWNyb3NvZnQg T2ZmaWNlIFdvcmQAAABAAAAAAPKhDqgAAABAAAAAAAIeD0Vc0wFAAAAAACQ7aLKD0wFAAAAA AObL4Aav0wEDAAAAGwAAAAMAAAAZHwAAAwAAAEexAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v8AAAYBAgAAAAAAAAAAAAAAAAAAAAAA AgAAAALVzdWcLhsQk5cIACss+a5EAAAABdXN1ZwuGxCTlwgAKyz5rkwBAAAIAQAADAAAAAEA AABoAAAADwAAAHAAAAAFAAAAiAAAAAYAAACQAAAAEQAAAJgAAAAXAAAAoAAAAAsAAACoAAAA EAAAALAAAAATAAAAuAAAABYAAADAAAAADQAAAMgAAAAMAAAA6gAAAAIAAADkBAAAHgAAABAA AABBbGNhdGVsLUx1Y2VudAAAAwAAAHoBAAADAAAAagAAAAMAAAD2zwAAAwAAAAAAEAALAAAA AAAAAAsAAAAAAAAACwAAAAAAAAALAAAAAAAAAB4QAAABAAAAFgAAAE5ldHdvcmsgV29ya2lu ZyBHcm91cAAMEAAAAgAAAB4AAAAGAAAAVGl0bGUAAwAAAAEAAAC0BQAABQAAAAAAAAAwAAAA AQAAAGcAAAACAAAAbwAAAAMAAACXBQAABAAAAJ8FAAADAAAAAgAAAAwAAABfUElEX0hMSU5L UwADAAAACQAAAF9Eb2NIb21lAAQAAAAGAAAAc2ZsYWcAAgAAAOQEAABBAAAAIAUAAEIAAAAD AAAAGgA7AAMAAABXAAAAAwAAAAAAAAADAAAABQAAAB8AAAAdAAAAbQBhAGkAbAB0AG8AOgB6 AGgAYQBuAGcAZgBhAHQAYQBpAEAAaAB1AGEAdwBlAGkALgBjAG8AbQAAAAAAHwAAAAEAAAAA AAAAAwAAADUAGgADAAAAVAAAAAMAAAAAAAAAAwAAAAUAAAAfAAAAGQAAAG0AYQBpAGwAdABv ADoAcwB3AGEAbABsAG8AdwBAAGMAaQBzAGMAbwAuAGMAbwBtAAAAAAAfAAAAAQAAAAAAAAAD AAAASQA5AAMAAABRAAAAAwAAAAAAAAADAAAABQAAAB8AAAAfAAAAbQBhAGkAbAB0AG8AOgBE AGkAZQB0AGUAcgAuAEIAZQBsAGwAZQByAEAAbgBvAGsAaQBhAC4AYwBvAG0AAAAAAB8AAAAB AAAAAAAAAAMAAABeAH8AAwAAAE4AAAADAAAAAAAAAAMAAAAFAAAAHwAAABYAAABtAGEAaQBs AHQAbwA6AHoAYQBsAGkAQABjAGkAcwBjAG8ALgBjAG8AbQAAAB8AAAABAAAAAAAAAAMAAAAT AHMAAwAAAEsAAAADAAAAAAAAAAMAAAAFAAAAHwAAACAAAABtAGEAaQBsAHQAbwA6AGoAdQBs AGkAZQBuAC4AbQBlAHUAcgBpAGMAQABvAHIAYQBuAGcAZQAuAGMAbwBtAAAAHwAAAAEAAAAA AAAAAwAAAFQAPAADAAAASAAAAAMAAAAAAAAAAwAAAAUAAAAfAAAAIQAAAG0AYQBpAGwAdABv ADoAUgB1AGUAZABpAGcAZQByAC4ASwB1AG4AegBlAEAAdABlAGwAZQBrAG8AbQAuAGQAZQAA AAAAHwAAAAEAAAAAAAAAAwAAAGwAFwADAAAARQAAAAMAAAAAAAAAAwAAAAUAAAAfAAAAGgAA AG0AYQBpAGwAdABvADoAawBlAC0AawB1AG0AYQBrAGkAQABrAGQAZABpAC4AYwBvAG0AAAAf AAAAAQAAAAAAAAADAAAAWQB0AAMAAABCAAAAAwAAAAAAAAADAAAABQAAAB8AAAAaAAAAbQBh AGkAbAB0AG8AOgBtAGgAYQByAHQAbABlAHkAQABjAGkAcwBjAG8ALgBjAG8AbQAAAB8AAAAB AAAAAAAAAAMAAABVAGQAAwAAAD8AAAADAAAAAAAAAAMAAAAFAAAAHwAAABoAAABtAGEAaQBs AHQAbwA6AGcAZwBhAGwAaQBtAGIAZQBAAGMAaQBzAGMAbwAuAGMAbwBtAAAAHwAAAAEAAAAA AAAAAwAAAFYAeQADAAAAPAAAAAMAAAAAAAAAAwAAAAUAAAAfAAAAGgAAAG0AYQBpAGwAdABv ADoAYwBmAGkAbABzAGYAaQBsAEAAYwBpAHMAYwBvAC4AYwBvAG0AAAAfAAAAAQAAAAAAAAAD AAAAOQBiAAMAAAA5AAAAAwAAAAAAAAADAAAABQAAAB8AAABGAAAAaAB0AHQAcAA6AC8ALwB3 AHcAdwAuAGkAYQBuAGEALgBvAHIAZwAvAGEAcwBzAGkAZwBuAG0AZQBuAHQAcwAvAHIAcwB2 AHAALQBwAGEAcgBhAG0AZQB0AGUAcgBzAC8AcgBzAHYAcAAtAHAAYQByAGEAbQBlAHQAZQBy AHMALgB4AGgAdABtAGwAAAAfAAAAEwAAAHIAcwB2AHAALQBwAGEAcgBhAG0AZQB0AGUAcgBz AC0AMgA0AAAAAAADAAAArambWx4AAAAMAAAAMTQwMzg1NDM3MAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFAAAABgAAAAcAAAAIAAAA CQAAAAoAAAALAAAADAAAAA0AAAAOAAAADwAAABAAAAARAAAAEgAAABMAAAAUAAAAFQAAABYA AAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAAACIAAAAjAAAA JAAAACUAAAAmAAAAJwAAACgAAAApAAAAKgAAACsAAAAsAAAALQAAAC4AAAAvAAAAMAAAADEA AAAyAAAAMwAAADQAAAA1AAAANgAAADcAAAA4AAAAOQAAADoAAAA7AAAAPAAAAD0AAAA+AAAA PwAAAEAAAABBAAAAQgAAAEMAAABEAAAARQAAAEYAAABHAAAASAAAAEkAAABKAAAASwAAAEwA AABNAAAATgAAAE8AAABQAAAAUQAAAFIAAABTAAAAVAAAAFUAAABWAAAAVwAAAFgAAABZAAAA WgAAAFsAAABcAAAAXQAAAF4AAABfAAAAYAAAAGEAAABiAAAAYwAAAGQAAABlAAAAZgAAAGcA AABoAAAAaQAAAGoAAABrAAAAbAAAAG0AAABuAAAAbwAAAHAAAABxAAAAcgAAAHMAAAB0AAAA dQAAAHYAAAB3AAAAeAAAAHkAAAB6AAAAewAAAHwAAAB9AAAAfgAAAH8AAACAAAAAgQAAAIIA AACDAAAAhAAAAIUAAACGAAAAhwAAAIgAAACJAAAAigAAAIsAAACMAAAAjQAAAI4AAACPAAAA kAAAAJEAAACSAAAAkwAAAJQAAACVAAAAlgAAAJcAAACYAAAAmQAAAJoAAACbAAAAnAAAAJ0A AACeAAAAnwAAAKAAAAChAAAAogAAAKMAAACkAAAApQAAAKYAAACnAAAAqAAAAKkAAACqAAAA qwAAAKwAAACtAAAArgAAAK8AAACwAAAAsQAAALIAAACzAAAAtAAAALUAAAC2AAAAtwAAALgA AAC5AAAAugAAALsAAAC8AAAAvQAAAL4AAAC/AAAAwAAAAMEAAADCAAAAwwAAAMQAAADFAAAA xgAAAMcAAADIAAAAyQAAAMoAAADLAAAAzAAAAM0AAADOAAAAzwAAANAAAADRAAAA0gAAANMA AADUAAAA1QAAANYAAADXAAAA2AAAANkAAADaAAAA2wAAANwAAADdAAAA3gAAAN8AAADgAAAA 4QAAAOIAAADjAAAA5AAAAOUAAADmAAAA5wAAAOgAAADpAAAA6gAAAOsAAADsAAAA7QAAAO4A AADvAAAA8AAAAPEAAADyAAAA/v////QAAAD1AAAA9gAAAPcAAAD4AAAA+QAAAPoAAAD7AAAA /v////0AAAD+AAAA/wAAAAABAAABAQAAAgEAAAMBAAAEAQAABQEAAAYBAAAHAQAACAEAAAkB AAAKAQAACwEAAAwBAAANAQAADgEAAA8BAAAQAQAAEQEAABIBAAATAQAAFAEAABUBAAAWAQAA FwEAABgBAAAZAQAAGgEAABsBAAAcAQAAHQEAAB4BAAAfAQAAIAEAACEBAAAiAQAAIwEAACQB AAAlAQAAJgEAACcBAAAoAQAAKQEAACoBAAArAQAALAEAAC0BAAAuAQAALwEAADABAAAxAQAA MgEAADMBAAA0AQAANQEAADYBAAA3AQAAOAEAADkBAAA6AQAAOwEAADwBAAA9AQAAPgEAAD8B AABAAQAAQQEAAEIBAABDAQAARAEAAEUBAABGAQAARwEAAEgBAABJAQAASgEAAEsBAABMAQAA TQEAAE4BAABPAQAAUAEAAFEBAABSAQAAUwEAAFQBAABVAQAAVgEAAFcBAABYAQAAWQEAAFoB AABbAQAAXAEAAF0BAABeAQAAXwEAAGABAABhAQAAYgEAAGMBAABkAQAAZQEAAGYBAABnAQAA aAEAAGkBAABqAQAAawEAAGwBAABtAQAAbgEAAG8BAABwAQAAcQEAAHIBAABzAQAAdAEAAHUB AAB2AQAAdwEAAHgBAAB5AQAAegEAAHsBAAB8AQAAfQEAAH4BAAB/AQAAgAEAAIEBAACCAQAA gwEAAIQBAACFAQAAhgEAAIcBAACIAQAAiQEAAIoBAACLAQAAjAEAAI0BAACOAQAAjwEAAJAB AACRAQAAkgEAAJMBAACUAQAAlQEAAJYBAACXAQAAmAEAAJkBAACaAQAAmwEAAJwBAACdAQAA ngEAAJ8BAACgAQAAoQEAAKIBAACjAQAA/v///6UBAACmAQAApwEAAKgBAACpAQAAqgEAAKsB AAD+////rQEAAK4BAACvAQAAsAEAALEBAACyAQAAswEAAP7////9/////f////3////9//// uQEAALoBAAD+/////v///70BAAD+//////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// ////////////////////////UgBvAG8AdAAgAEUAbgB0AHIAeQAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYABQH//////////wMAAAAGCQIAAAAAAMAA AAAAAABGAAAAAAAAAAAAAAAAMCd16Qav0wG8AQAAQAMAAAAAAABEAGEAdABhAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgACAf// /////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMAAACLEQAA AAAAADEAVABhAGIAbABlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAOAAIAAQAAAP//////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA/AAAAFBPAQAAAAAAVwBvAHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoAAgEKAAAABQAAAP////8AAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASOQBAAAAAAAFAFMAdQBtAG0A YQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA KAACAf///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKQB AAAAEAAAAAAAAAUARABvAGMAdQBtAGUAbgB0AFMAdQBtAG0AYQByAHkASQBuAGYAbwByAG0A YQB0AGkAbwBuAAAAAAAAAAAAAAA4AAIBBAAAAP//////////AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAArAEAAAAQAAAAAAAATQBzAG8ARABhAHQAYQBTAHQAbwByAGUA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoAAQD//////////wcA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAGArc+kGr9MB8Ip06Qav0wEAAAAAAAAAAAAAAAA1AFUA UQDFAFYAWAAxAM8AwgBFAEsAQgBEAFcAMgBSAMEAMgBTAEwASQBBAD0APQAAAAAAAAAAAAAA AAAAAAAAMgABAf//////////CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYCtz6Qav0wHwinTp Bq/TAQAAAAAAAAAAAAAAAEkAdABlAG0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAIB/////wkAAAD/////AAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4BAAAAAAAAUAByAG8AcABlAHIAdABpAGUA cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYAAgD///// //////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAVQEAAAAA AAABAEMAbwBtAHAATwBiAGoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAEgACAQIAAAAGAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAsAAAByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAIAAAADAAAA BAAAAP7///8GAAAABwAAAAgAAAAJAAAACgAAAP7///8MAAAA/v////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// //////////////////88P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCIgc3Rh bmRhbG9uZT0ibm8iPz48YjpTb3VyY2VzIFNlbGVjdGVkU3R5bGU9IlxBUEEuWFNMIiBTdHls ZU5hbWU9IkFQQSIgeG1sbnM6Yj0iaHR0cDovL3NjaGVtYXMub3BlbnhtbGZvcm1hdHMub3Jn L29mZmljZURvY3VtZW50LzIwMDYvYmlibGlvZ3JhcGh5IiB4bWxucz0iaHR0cDovL3NjaGVt YXMub3BlbnhtbGZvcm1hdHMub3JnL29mZmljZURvY3VtZW50LzIwMDYvYmlibGlvZ3JhcGh5 Ij48L2I6U291cmNlcz4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAADw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiBzdGFuZGFs b25lPSJubyI/Pg0KPGRzOmRhdGFzdG9yZUl0ZW0gZHM6aXRlbUlEPSJ7NTUyNTQ0N0QtRUY3 Ni00Mjg4LTgxMEQtNjcxMTg1QzQ4QjIwfSIgeG1sbnM6ZHM9Imh0dHA6Ly9zY2hlbWFzLm9w ZW54bWxmb3JtYXRzLm9yZy9vZmZpY2VEb2N1bWVudC8yMDA2L2N1c3RvbVhtbCI+PGRzOnNj aGVtYVJlZnM+PGRzOnNjaGVtYVJlZiBkczp1cmk9Imh0dHA6Ly9zY2hlbWFzLm9wZW54bWxm b3JtYXRzLm9yZy9vZmZpY2VEb2N1bWVudC8yMDA2L2JpYmxpb2dyYXBoeSIvPjwvZHM6c2No ZW1hUmVmcz48L2RzOmRhdGFzdG9yZUl0ZW0+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAEA/v8DCgAA/////wYJAgAAAAAAwAAAAAAAAEYgAAAATWljcm9z b2Z0IFdvcmQgOTctMjAwMyBEb2N1bWVudAAKAAAATVNXb3JkRG9jABAAAABXb3JkLkRvY3Vt ZW50LjgA9DmycQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA --------------AF11D4C94E0BC8C2DD27A4AD-- From nobody Tue Feb 27 02:27:14 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62E1F1200F1; Tue, 27 Feb 2018 02:27:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.91 X-Spam-Level: X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmG2OoaLrcfA; Tue, 27 Feb 2018 02:27:11 -0800 (PST) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00062.outbound.protection.outlook.com [40.107.0.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C4E41204DA; Tue, 27 Feb 2018 02:27:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fHzmxI9G//b3sqTrLhYPV37HzDbSn9B2+MqLshLBMnY=; b=BsjnpiLsMIuEdg+x0BIwUJi1vHdS19zURyLElUfvPX7bEEnoVo3dE/unLBgT0tkwL2Juyy3BDcAeUElrWkHMUF8UGmqQXy4kLRPEC8ix94iFoM2MLLDqGnkbe6DbLp8svEqgEq8bIoReYcoGA12Uoic1wUL7J6XvUROZamxgpb0= Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB1570.eurprd08.prod.outlook.com (10.168.6.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Tue, 27 Feb 2018 10:27:08 +0000 Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::7954:44ac:aab4:bc2c]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::7954:44ac:aab4:bc2c%14]) with mapi id 15.20.0527.021; Tue, 27 Feb 2018 10:27:07 +0000 From: Hannes Tschofenig To: Martin Thomson , Benjamin Kaduk CC: Alan DeKok , "draft-ietf-tls-record-limit@ietf.org" , IESG , "secdir@ietf.org" Thread-Topic: Secdir review of draft-ietf-tls-record-limit Thread-Index: AQHTrqGSa72OyyaNEUOT8kn5vxYs5KO4BpFg Date: Tue, 27 Feb 2018 10:27:07 +0000 Message-ID: References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> <20180223191714.GG50954@kduck.kaduk.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; x-originating-ip: [80.92.116.87] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR0801MB1570; 7:dmFg+BQHPuYKfCcnue5ITc/IQsmG1abDtlwnv77hSs4ZkRCnaOo9vOev8NHeUpbX+ZzsuXQRD51En4SVyAyG2tgPYGYyl04NAnXsaVuM5kV6YuJrPqp8jTr1i3MZdB+/6+ROPcDgZpQzQb7xuWCnI+AiEEHdoN4gOIhKeSDnEBMBsTEdkqiJ8NfuRSiDmJ33kr6hnB6BtUXKzA/j3C0f3VqH5vlhfsU1NSkbZGpSsIebcsBlyIXbeA4IYr0AMECn x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8939ecdb-b760-465e-e3c2-08d57dcca781 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB1570; x-ms-traffictypediagnostic: AM4PR0801MB1570: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(85827821059158)(240460790083961); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM4PR0801MB1570; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0801MB1570; x-forefront-prvs: 05961EBAFC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(39860400002)(39380400002)(366004)(376002)(40434004)(13464003)(189003)(199004)(59450400001)(186003)(7736002)(6506007)(74316002)(3280700002)(68736007)(8936002)(54906003)(6116002)(26005)(110136005)(3846002)(53936002)(7696005)(97736004)(53546011)(76176011)(102836004)(81166006)(2950100002)(81156014)(2171002)(305945005)(6436002)(8676002)(6246003)(93886005)(2900100001)(478600001)(105586002)(5250100002)(4326008)(5660300001)(72206003)(99286004)(39060400002)(2906002)(25786009)(5890100001)(33656002)(316002)(14454004)(9686003)(86362001)(3660700001)(66066001)(106356001)(55016002)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB1570; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Ap9GXFjY1Grt+N5zegHeWDQsisBBRVwfYAxgGDUZbKZhXBqCtoWjFAUaeZ6kMW9ijVKagCmtQhi9sjz1MMb7CC5Ap7fw/mKwkPoLyGFO5GdCvGhsUHqOj6GcBkv77jBiLbYVVpxsugDkizT33kaolCr32pYjR7UT04QMW0FprBk= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8939ecdb-b760-465e-e3c2-08d57dcca781 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2018 10:27:07.8807 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB1570 Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 10:27:13 -0000 TXkgNSBjZW50cy4gV2UgY3VycmVudGx5IG9ubHkgaGF2ZSBhIHZlcnkgYmFzaWMgaW1wbGVtZW50 YXRpb24gb2YgdGhlIE1heGltdW0gRnJhZ21lbnQgTGVuZ3RoIGV4dGVuc2lvbiBhbmQgaGF2ZSBi ZWVuIHdhaXRpbmcgZm9yIHRoZSBSU0wgZXh0ZW5zaW9uIHRvIGNvbXBsZXRlIGJlZm9yZSB3ZSBh ZGQgdGhlIGZ1bmN0aW9uYWxpdHkgdG8gdGhlIE1iZWQgVExTIHN0YWNrLg0KDQpUaGUgcHJvYmxl bSB3ZSBoYXZlIHdpdGggSW9UIGRldmljZXMgaXMgdGhhdCB0aGV5IGFyZSBxdWl0ZSBsaW1pdGVk IGluIHRlcm1zIG9mIGF2YWlsYWJsZSBSQU0qLiBBZGRpdGlvbmFsbHksIHB1YmxpYyBrZXkgY3J5 cHRvIHJlcXVpcmVzIGEgbG90IG9mIFJBTSB3aGVuIHBlcmZvcm1hbmNlIG9wdGltaXphdGlvbnMg YXJlIGVuYWJsZWQuIEhlbmNlLCB0aGVyZSBpcyBub3QgbXVjaCBsZWZ0IGZvciB0aGUgbWVzc2Fn ZSBidWZmZXJzLg0KDQpIZW5jZSwgd2Ugd2FudCB0byBsZXQgdGhlIG90aGVyIGNvbW11bmljYXRp b24gcGFydHkga25vdyB3aGF0IGxpbWl0cyB0aGVyZSBhcmUuIEFzIHBvaW50ZWQgb3V0IGluIHRo aXMgZGlzY3Vzc2lvbiB0aHJlYWQgdGhlcmUgaXMgYW4gaW50ZXJ3b3JraW5nIGJldHdlZW4gdGhl IE1UVS9QTVRVIGFuZCB0aGUgTUZML1JTTCBtZWNoYW5pc21zIHdoZW4gYSBzdGFjayBkZWNpZGVz IGFib3V0IGZyYWdtZW50aW5nIChvciBjb21iaW5pbmcpIG1lc3NhZ2VzIGludG8gcmVjb3Jkcy4N Cg0KTXkgdGhpbmtpbmcgd2FzIHRoYXQgdGhlIHJlbGF0aW9uc2hpcCBiZXR3ZWVuIE1UVS9QTVRV IGFuZCBNRkwvUlNMIGlzIGFjdHVhbGx5IGZhaXJseSBlYXN5LCBuYW1lbHkgc29tZXRoaW5nIGxp a2UgbWF4X2ZyYWdtZW50X3NpemU9bWluKE1UVS9QTVRVLCBNRkwvUlNMKQ0KDQpPZiBjb3Vyc2Us IGltcGxlbWVudGF0aW9ucyBhcmUgZ29pbmcgdG8gYmUgY29tcGxleCBzaW5jZSB0aGV5IGNhbm5v dCBqdXN0IGxvb2sgYXQgdGhlIGZyYWdtZW50IHNpemUgYWxvbmUuIEluc3RlYWQgeW91IGFsc28g aGF2ZSB0byBjb25zaWRlciB3aGF0IHRoZSBzdGFjayBvciB0aGUgYXBwbGljYXRpb24gc2hvdWxk IGRvIHdpdGggdGhlIHJlY2VpdmVkIGRhdGEuDQoNCkZvciBleGFtcGxlLCBpbWFnaW5lIGEgY2Vy dGlmaWNhdGUgbWVzc2FnZSB0aGF0IG1heSBjb250YWluIG11bHRpcGxlIGNlcnRpZmljYXRlcyB0 aGF0IHRoZW4gbmVlZCB0byBiZSBwcm9jZXNzZWQgb25lIGJ5IG9uZSBieSB0aGUgcmVjaXBpZW50 LiBIZXJlIHRoZSBzdGFjayBuZWVkcyB0byBiZSAic21hcnQiIGVub3VnaCB0byBzZW5kIGVub3Vn aCBkYXRhIHRoYXQgdGhlIHJlY2lwaWVudCBjYW4gYWN0dWFsbHkgZG8gc29tZXRoaW5nIHdpdGgg aXQgKGxpa2Ugb25lIGNvbXBsZXRlIGNlcnRpZmljYXRlKSBidXQgYWxzbyBub3QgdG9vIG11Y2gg c28gdGhhdCBpdCBzdGlsbCBmaXRzIGludG8gdGhlIGJ1ZmZlci4gRm9yIGFwcGxpY2F0aW9uIGRh dGEgaXQgbWF5IGJlIGxlc3MgY29tcGxpY2F0ZWQgc2luY2UgdGhlIGFwcGxpY2F0aW9uIGRldmVs b3BlciB3aG8gaGFkIHNldCB0aGUgUlNMIGxpbWl0IGlzIG1vc3QgbGlrZWx5IGF3YXJlIG9mIHdo YXQgdG8gZG8gd2hlbiB0aGUgc3RhY2sgY2Fubm90IHNlbmQgYWxsIHRoZSBkYXRhLg0KDQpJbiBt eSBlYXJsaWVyIHJldmlldyBJIHBvaW50ZWQgb3V0IHRoYXQgc2V0dGluZyByZWFzb25hYmxlIHZh bHVlcyBieSB0aGUgZGV2ZWxvcGVyIG1heSBhY3R1YWxseSBiZSBjb21wbGljYXRlZCBzaW5jZSB0 aGUgc2l6ZSBvZiB0cmFuc21pdHRlZCBtZXNzYWdlcyBpbiBEVExTL1RMUyBkZXBlbmRzIHZlcnkg bXVjaCBvbiB0aGUgc2VsZWN0ZWQgY2lwaGVyc3VpdGUgYW5kIHZhcmlvdXMgb3RoZXIgcGFyYW1l dGVycyAoa2V5IHNpemUsIHBhZGRpbmcgb2YgdGhlIGFsZ29yaXRobSwgcGFkZGluZyBmb3IgYXZv aWRpbmcgdHJhZmZpYyBhbmFseXNpcywgYXV0aGVudGljYXRpb24gdGFnIHNpemUsIHVzZSBvZiBj ZXJ0YWluIGV4dGVuc2lvbnMpLiBBZGRpdGlvbmFsbHksIHRoZXJlIGFyZSBoaWdoZXIgbGF5ZXIg cHJvdG9jb2xzIChzdWNoIGFzIENvQVApIHRoYXQgYWxzbyBhZGQgaGVhZGVyIGluZm9ybWF0aW9u LiBBIGRldmVsb3BlciB0aGVyZWZvcmUgaGFzIHRvIGtub3cgcXVpdGUgYSBiaXQgdG8gcGljayB0 aGUgdmFsdWVzIGFwcHJvcHJpYXRlbHkgd2hlbiB0aGV5IGFyZSB1c2luZyBhIGNvbnN0cmFpbmVk IGRldmljZS4NCg0KRldJVzogVGhlIGRyYWZ0IGN1cnJlbnRseSBzYXlzIHRoYXQgInVucHJvdGVj dGVkIG1lc3NhZ2VzIC0gaGFuZHNoYWtlIG1lc3NhZ2VzIGluIHBhcnRpY3VsYXIgLSBhcmUgbm90 IHN1YmplY3QgdG8gdGhpcyBsaW1pdC4iLiBJIGFtIG5vdCBzdXJlIHdoZXRoZXIgSSBmdWxseSB1 bmRlcnN0YW5kIHRoYXQgc2VudGVuY2UuIERvZXMgaXQgbWVhbiB0aGF0IHRoZSBsaW1pdCBkb2Vz IG5vdCBhcHBseSB0byBoYW5kc2hha2UgbWVzc2FnZXMgYXQgYWxsIG9yIG9ubHkgdG8gaGFuZHNo YWtlIG1lc3NhZ2VzIHRoYXQgYXJlIHVucHJvdGVjdGVkPyBJbiBlaXRoZXIgY2FzZSBJIGFtIG5v dCBzdXJlIHdoZXRoZXIgdGhhdCBzY29waW5nIG1ha2VzIHNlbnNlIHNpbmNlIGhhbmRzaGFrZSBt ZXNzYWdlcyBjYW4gYmVjb21lIGZhaXJseSBsYXJnZS4NCg0KQ2lhbw0KSGFubmVzDQoNClBTOiBU aGUgUkFNIGxpbWl0YXRpb24gaXMgb2J2aW91c2x5IGluZGVwZW5kZW50IG9mIHdoZXRoZXIgeW91 IHVzZSBUQ1Agb3IgVURQLiBIZW5jZSwgSSBleHBlY3QgdGhpcyBleHRlbnNpb24gdG8gYmUgYXBw bGljYWJsZSB0byBib3RoLiBPZiBjb3Vyc2UsIHdpdGggVENQIHlvdSBhZGRpdGlvbmFsbHkgaGF2 ZSBhIGxheWVyIGluIHRoZXJlIHRoYXQgb2ZmZXJzIGZyYWdtZW50YXRpb24uLi4NCg0KDQotLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTWFydGluIFRob21zb24gW21haWx0bzptYXJ0 aW4udGhvbXNvbkBnbWFpbC5jb21dDQpTZW50OiAyNiBGZWJydWFyeSAyMDE4IDAyOjMyDQpUbzog QmVuamFtaW4gS2FkdWs7IEhhbm5lcyBUc2Nob2ZlbmlnDQpDYzogQWxhbiBEZUtvazsgZHJhZnQt aWV0Zi10bHMtcmVjb3JkLWxpbWl0QGlldGYub3JnOyBJRVNHOyBzZWNkaXJAaWV0Zi5vcmcNClN1 YmplY3Q6IFJlOiBTZWNkaXIgcmV2aWV3IG9mIGRyYWZ0LWlldGYtdGxzLXJlY29yZC1saW1pdA0K DQpPbiBTYXQsIEZlYiAyNCwgMjAxOCBhdCA2OjE3IEFNLCBCZW5qYW1pbiBLYWR1ayA8a2FkdWtA bWl0LmVkdT4gd3JvdGU6DQo+IFRoZSByZWNvcmQgc2l6ZSBsaW1pdCBpcyBhIGNhcCwgbm90IGEg bWFuZGF0b3J5IHJlY29yZCBzaXplLg0KDQpUaGF0J3MgcmlnaHQuICBBbGFuLCBkb2VzIHRoYXQg YWRkcmVzcyB5b3VyIHByaW1hcnkgY29uY2Vybj8NCg0KPiBPbiBGcmksIEZlYiAyMywgMjAxOCBh dCAwOTo0OToxMUFNIC0wNTAwLCBBbGFuIERlS29rIHdyb3RlOg0KPj4gICBSRkMgNjM0NyBTZWN0 aW9uIDQuMS4xLjEgZ2l2ZXMgc29tZSBndWlkYW5jZSwgYnV0IEkgdGhpbmsgbm90IGVub3VnaC4g IEV4cG9zaW5nIHRoZSBNVFUgdG8gdGhlIGFwcGxpY2F0aW9uIGlzIGdvb2QsIGJ1dCB3aGF0IGRv ZXMgdGhlIGFwcGxpY2F0aW9uICpkbyogd2l0aCB0aGlzIGluZm9ybWF0aW9uPw0KDQpJbiBtYW55 IGNhc2VzLCBub3RoaW5nLg0KDQpNeSB1bmRlcnN0YW5kaW5nIG9mIERUTFMgaW1wbGVtZW50YXRp b25zIGlzIHRoYXQgdGhlIHNpemUgb2YgYSB3cml0ZSBkZXRlcm1pbmVzIHRoZSBzaXplIG9mIHRo ZSBwYWNrZXQgdGhhdCBpcyB1bHRpbWF0ZWx5IHNlbnQuICBTYXkgSSB3cml0ZSAxMDAgb2N0ZXRz IHRvIHRoZSBzb2NrZXQsIHNvIERUTFMgd3JpdGVzIG91dCBhIHJlY29yZCBvZiAxMjggb2N0ZXRz Lg0KDQpXaGF0IHN0YWNrcyBkbyB3aGVuIGEgd3JpdGUgZXhjZWVkcyBQTVRVIGRpZmZlcnMuICBU aGUgc2FtZSBhcHBsaWVzIHRvIHRoaXMgbmV3IGxpbWl0Og0KDQoqIFRoZSBzdGFjayBJIHdvcmsg b24gc3BsaXRzIHJlY29yZHMgYmFzZWQgb24gaXRzIHVuZGVyc3RhbmRpbmcgb2YgdGhlIE1UVSwg YnV0IGl0IG9ubHkgbGVhcm5zIHRoYXQgZHVyaW5nIHRoZSBoYW5kc2hha2UgYW5kIHNvIHJlbGll cyBtb3N0bHkgb24gdGhlIGFwcGxpY2F0aW9uIG1ha2luZyBzbWFsbGVyIHdyaXRlcy4gIChUaGVy ZSBpcyBjdXJyZW50bHkgbm8gd2F5IHRvIHNldCB0aGUgTVRVLCB3aGljaCBpcyBhbiBvcGVuIGJ1 Zy4pICBJdCBhbHNvIHNlbmRzIGEgc2luZ2xlIHJlY29yZCBpbiBlYWNoIHBhY2tldCBmb3IgYXBw bGljYXRpb24gZGF0YSwgc28gdGhlIG5ldCBlZmZlY3Qgb2YgYSBsYXJnZSB3cml0ZSBpcyBtdWx0 aXBsZSBVRFAgZGF0YWdyYW1zIHdpdGggb25lIHJlY29yZCBlYWNoLg0KDQpJZiB5b3VyIHN0YWNr IG9wZXJhdGVzIGxpa2UgdGhpcywgdGhlbiB0aGUgaW5mb3JtYXRpb24gaXMgcHJldHR5IG11Y2gg anVzdCBhZHZpc29yeS4gIFRoZSBvbmx5IHRoaW5nIHlvdSBtaWdodCBjb250ZW1wbGF0ZSBpcyBj aGFuZ2luZyBhbnkgY29hbGVzY2luZyBydWxlcyB5b3UgbWlnaHQgaGF2ZSB0byBjb21wZW5zYXRl Lg0KDQoqIElmIGEgc3RhY2sgZGlkIGF1dG9tYXRpYyBzcGxpdHMsIGJ1dCB0aGVuIHB1dCBtdWx0 aXBsZSByZWNvcmRzIGluIHRoZSBzYW1lIGRhdGFncmFtLCB0aGF0J3MgdGhlIHNhbWUgZm9yIGEg dXNpbmcgYXBwbGljYXRpb24uDQoNCiogSWYgYSBzdGFjayByZWplY3RzIGxhcmdlIHdyaXRlcyBh bmQgZm9yY2VzIHRoZSBhcHBsaWNhdGlvbiB0byB3cml0ZSB3aXRoaW4gaXRzIGNvbnN0cmFpbnRz LCB0aGVuIHRoYXQgc3RhY2sgbmVlZHMgdG8gYmUgY2xlYXIgYWJvdXQgd2hhdCBsaW1pdCB3YXMg aW4gZm9yY2UsIHN1Y2ggYXMgdGhyb3VnaCB0aGUgdXNlIG9mIHNwZWNpZmljIGVycm9yIGNvZGVz Lg0KU3VjaCBzdGFjayB0aGF0IGFkZHMgdGhpcyBmZWF0dXJlIHdvdWxkIG5lZWQgdG8gYmUgY2Fy ZWZ1bCBhYm91dCBpbnRyb2R1Y2luZyB0aGlzIGZlYXR1cmUuDQpJTVBPUlRBTlQgTk9USUNFOiBU aGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRl bnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRl bmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQg ZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQg Zm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkg bWVkaXVtLiBUaGFuayB5b3UuDQo= From nobody Tue Feb 27 02:57:40 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0D1128959; Tue, 27 Feb 2018 02:57:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.629 X-Spam-Level: X-Spam-Status: No, score=-2.629 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56L0JEvSXnJH; Tue, 27 Feb 2018 02:57:37 -0800 (PST) Received: from orange.com (mta241.mail.business.static.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4D9B1200F1; Tue, 27 Feb 2018 02:57:36 -0800 (PST) Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 7AD566149C; Tue, 27 Feb 2018 11:57:35 +0100 (CET) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.75]) by opfedar02.francetelecom.fr (ESMTP service) with ESMTP id 5BD15180073; Tue, 27 Feb 2018 11:57:35 +0100 (CET) Received: from OPEXCLILM21.corporate.adroot.infra.ftgroup ([fe80::e92a:c932:907e:8f06]) by OPEXCLILMA4.corporate.adroot.infra.ftgroup ([fe80::65de:2f08:41e6:ebbe%18]) with mapi id 14.03.0382.000; Tue, 27 Feb 2018 11:57:35 +0100 From: To: Benjamin Kaduk CC: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" , "Acee Lindem (acee)" Thread-Topic: secdir review of draft-ietf-rtgwg-backoff-algo-07 Thread-Index: AQHTpdhD0cjOCtUzOESk7b49x53dv6Ol+QIA///nyICAADYagIAAyZUggABqXICAENx48A== Date: Tue, 27 Feb 2018 10:57:34 +0000 Message-ID: <3035_1519729055_5A95399F_3035_25_10_53C29892C857584299CBF5D05346208A479AF8F3@OPEXCLILM21.corporate.adroot.infra.ftgroup> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216000410.GP12363@mit.edu> <23454_1518784454_5A86CFC6_23454_358_1_53C29892C857584299CBF5D05346208A4799CED8@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216182620.GA12363@mit.edu> In-Reply-To: <20180216182620.GA12363@mit.edu> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.4] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 10:57:38 -0000 SGkgQmVuamFtaW4sDQoNCj4gRnJvbTogQmVuamFtaW4gS2FkdWsgW21haWx0bzprYWR1a0BtaXQu ZWR1XQ0KID4gU2VudDogRnJpZGF5LCBGZWJydWFyeSAxNiwgMjAxOCA3OjI2IFBNDQo+IA0KID4g W2lubGluZSwgdHJpbW1pbmcgYSBidW5jaCBvZiBhZ3JlZWQtdXBvbiBzdHVmZl0NCj4gDQogPiBP biBGcmksIEZlYiAxNiwgMjAxOCBhdCAxMjozNDoxM1BNICswMDAwLCBicnVuby5kZWNyYWVuZUBv cmFuZ2UuY29tIHdyb3RlOg0KID4gPiBIaSBCZW5qYW1pbiwNCiA+ID4NCiA+ID4gPiBGcm9tOiBC ZW5qYW1pbiBLYWR1ayBbbWFpbHRvOmthZHVrQG1pdC5lZHVdDQogPiA+ICA+IFNlbnQ6IEZyaWRh eSwgRmVicnVhcnkgMTYsIDIwMTggMTowNCBBTQ0KID4gPiA+DQogPiA+ICA+IFthbHNvIGlubGlu ZV0NCiA+ID4NCiA+ID4gUGxlYXNlIHNlZSBpbmxpbmUgW0JydW5vMl0NCiA+ID4NCiA+ID4gID4g T24gVGh1LCBGZWIgMTUsIDIwMTggYXQgMDc6NTA6MzRQTSArMDAwMCwgQWNlZSBMaW5kZW0gKGFj ZWUpIHdyb3RlOg0KID4gPiAgPiA+IEhpIEJydW5vLCBCZW5qYW1pbiwNCiA+ID4gID4gPg0KID4g PiAgPiA+IFRoYW5rcyB0byBCZW5qYW1pbiBmb3IgcmV2aWV3IGFuZCBCcnVubyBmb3IgdGhlIGRl dGFpbGVkIHJlc3BvbnNlLiBTZWUgbXkgcmVzcG9uc2VzDQogPiBwcmVjZWRlZA0KID4gPiAgPiBi eSBbQWNlZV0uDQogPiA+ICA+ID4NCiA+ID4gID4gPg0KID4gPiAgPiA+IO+7v09uIDIvMTUvMTgs IDExOjE3IEFNLCAiYnJ1bm8uZGVjcmFlbmVAb3JhbmdlLmNvbSIgPGJydW5vLmRlY3JhZW5lQG9y YW5nZS5jb20+DQogPiB3cm90ZToNCiA+ID4gID4gPg0KID4gPiAgPiA+DQogPiA+ICA+ID4gICAg ICA+IEluIHNlY3Rpb24gMywgd2UgdGFsayBvZiAiY29tcHV0YXRpb24gb2YgdGhlIHJvdXRpbmcg dGFibGUsIGJ5IHRoZQ0KID4gPiAgPiA+ICAgICAgPiBJR1AiLCB3aGljaCBnZXRzIG1lIGNvbmZ1 c2VkIGFib3V0IHdoZXRoZXIgInRoZSBJR1AiIHJlcHJlc2VudHMgYQ0KID4gPiAgPiA+ICAgICAg PiBuZXR3b3JrIHByb3RvY29sIGZvciBjb252ZXlpbmcgKGUuZy4pIGxpbmsgc3RhdGUgaW5mb3Jt YXRpb24sIGFuDQogPiA+ICA+ID4gICAgICA+IGFsZ29yaXRobSBmb3IgU1BGIGNvbXB1dGF0aW9u LCBvciBhIHJvdXRlciB0aGF0IHBlcmZvcm1zIFNQRg0KID4gPiAgPiA+ICAgICAgPiBjb21wdXRh dGlvbnMuDQogPiA+ICA+ID4NCiA+ID4gID4gPiAgICAgW0JydW5vXSBJR1AgaXMgdXN1YWxseSBh IHByb3RvY29sLiBJbiB0aGlzIHNlbnRlbmNlLCBpdCBpcyBtZWFudCBhcyB0aGUgSUdQIHByb2Nl c3Mgb2YgdGhlDQogPiByb3V0ZXIuDQogPiA+ICA+ID4gICAgIEFnYWluLCBJJ20gb3BlbiB0byBy ZWZvcm11bGF0aW9uLiAiQWNlZSwgYW55IG9waW5pb24gb24gdGhpcz8iDQogPiA+ICA+ID4NCiA+ ID4gID4gPiBbQWNlZV0gSSBkb24ndCB0aGluayB3ZSBuZWVkIHRvIGNoYW5nZSB0aGlzLiBJR1Ag aXMgYSB3ZWxsLWtub3duIGFjcm9ueW0uDQogPiA+ICA+ID4gICAgICAgICAgICAgIGh0dHBzOi8v d3d3LnJmYy1lZGl0b3Iub3JnL21hdGVyaWFscy9hYmJyZXYuZXhwYW5zaW9uLnR4dA0KID4gPiAg Pg0KID4gPiAgPiBQZXJoYXBzIG15IHF1ZXN0aW9uIHdhcyBub3Qgd2VsbCBwaHJhc2VkLiAgSSBw cm9wb3NlDQogPiA+ICA+DQogPiA+ICA+IE9MRDogY29tcHV0YXRpb24gb2YgdGhlIHJvdXRpbmcg dGFibGUsIGJ5IHRoZSBJR1ANCiA+ID4gID4NCiA+ID4gID4gTkVXOiBjb21wdXRhdGlvbiBvZiB0 aGUgcm91dGluZyB0YWJsZSwgYnkgdGhlIElHUCBwYXJ0aWNpcGFudA0KID4gPiAgPg0KID4gPiAg PiAob3Igc29tZXRoaW5nIHNpbWlsYXIpLCBzaW5jZSB0aGUgSUdQIGp1c3Qgc2VydmVzIHRvIGRp c3RyaWJ1dGUgdGhlDQogPiA+ICA+IExTREIgKGNvbmNlcHR1YWxseSksIGFuZCB0aGUgY29tcHV0 YXRpb24gb2YgdGhlIHJvdXRpbmcgdGFibGUgaXMNCiA+ID4gID4gZG9uZSBieSBlYWNoIHJvdXRl ciBpbnRlcm5hbGx5IChpLmUuLCBub3QgZGlyZWN0bHkgdXNpbmcgdGhlIElHUCBpbg0KID4gPiAg PiBxdWVzdGlvbikuICBPciBpcyB0aGUgcHJldmlvdXMgc2VudGVuY2Ugbm90IHRydWU/DQogPiA+ DQogPiA+IFtCcnVubzJdIFdoYXQgYWJvdXQ6DQogPiA+IE5FVzogIENvbXB1dGF0aW9uIG9mIHRo ZSByb3V0aW5nIHRhYmxlLCBieSB0aGUgSUdQIGltcGxlbWVudGF0aW9uLA0KID4gPg0KID4gPiAo IklHUCBwYXJ0aWNpcGFudCIgZG9lcyBub3Qgc291bmQgbGlrZSBhbiB1c3VhbCB0ZXJtIHRvIG1l KQ0KID4gDQogPiBUaGF0IHdvcmtzIGZvciBtZS4gIFRoYW5rcyBhZ2FpbiENCg0KVGhhbmtzIHRv IHlvdS4NCg0KSnVzdCB0byBsZXQgeW91IGtub3cgdGhhdCAtMDggaGFzIGJlZW4gdXBsb2FkZWQu DQoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1ydGd3 Zy1iYWNrb2ZmLWFsZ28tMDgNCg0KRGlmZjogaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91 cmwyPWRyYWZ0LWlldGYtcnRnd2ctYmFja29mZi1hbGdvLTA4DQoNCi0tQnJ1bm8gDQogPiAtQmVu DQoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXwoKQ2UgbWVzc2FnZSBldCBzZXMgcGllY2VzIGpvaW50ZXMgcGV1dmVudCBjb250 ZW5pciBkZXMgaW5mb3JtYXRpb25zIGNvbmZpZGVudGllbGxlcyBvdSBwcml2aWxlZ2llZXMgZXQg bmUgZG9pdmVudCBkb25jCnBhcyBldHJlIGRpZmZ1c2VzLCBleHBsb2l0ZXMgb3UgY29waWVzIHNh bnMgYXV0b3Jpc2F0aW9uLiBTaSB2b3VzIGF2ZXogcmVjdSBjZSBtZXNzYWdlIHBhciBlcnJldXIs IHZldWlsbGV6IGxlIHNpZ25hbGVyCmEgbCdleHBlZGl0ZXVyIGV0IGxlIGRldHJ1aXJlIGFpbnNp IHF1ZSBsZXMgcGllY2VzIGpvaW50ZXMuIExlcyBtZXNzYWdlcyBlbGVjdHJvbmlxdWVzIGV0YW50 IHN1c2NlcHRpYmxlcyBkJ2FsdGVyYXRpb24sCk9yYW5nZSBkZWNsaW5lIHRvdXRlIHJlc3BvbnNh YmlsaXRlIHNpIGNlIG1lc3NhZ2UgYSBldGUgYWx0ZXJlLCBkZWZvcm1lIG91IGZhbHNpZmllLiBN ZXJjaS4KClRoaXMgbWVzc2FnZSBhbmQgaXRzIGF0dGFjaG1lbnRzIG1heSBjb250YWluIGNvbmZp ZGVudGlhbCBvciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uIHRoYXQgbWF5IGJlIHByb3RlY3RlZCBi eSBsYXc7CnRoZXkgc2hvdWxkIG5vdCBiZSBkaXN0cmlidXRlZCwgdXNlZCBvciBjb3BpZWQgd2l0 aG91dCBhdXRob3Jpc2F0aW9uLgpJZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIGVtYWlsIGluIGVy cm9yLCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgYW5kIGRlbGV0ZSB0aGlzIG1lc3NhZ2UgYW5k IGl0cyBhdHRhY2htZW50cy4KQXMgZW1haWxzIG1heSBiZSBhbHRlcmVkLCBPcmFuZ2UgaXMgbm90 IGxpYWJsZSBmb3IgbWVzc2FnZXMgdGhhdCBoYXZlIGJlZW4gbW9kaWZpZWQsIGNoYW5nZWQgb3Ig ZmFsc2lmaWVkLgpUaGFuayB5b3UuCgo= From nobody Tue Feb 27 03:14:44 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EED61274D2 for ; Tue, 27 Feb 2018 03:14:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.254 X-Spam-Level: X-Spam-Status: No, score=-1.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4afXqSdB9HvK for ; Tue, 27 Feb 2018 03:14:36 -0800 (PST) Received: from smtpproxy19.qq.com (smtpproxy19.qq.com [184.105.206.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE84D128959 for ; Tue, 27 Feb 2018 03:14:35 -0800 (PST) X-QQ-mid: bizesmtp5t1519730070t6a1y4rbg Received: from [192.168.3.3] (unknown [117.100.128.114]) by esmtp4.qq.com (ESMTP) with id ; Tue, 27 Feb 2018 19:14:27 +0800 (CST) X-QQ-SSF: 00400000004000F0FG40000A0000000 X-QQ-FEAT: pTE/Q6TrPPeyoiaMIungJVAJjjZZeojkhnuUCrPz72zbUsk/lZDRoEHQnWGkF OJs60jYpeHryq+zmoAgUMarVDJ9bAxBBymDkXewAeM+DPNYCoCjxYuPL44aLIq4Z5iWUxIs eEQO3RI3Wf8rafJaqoaJfpAx7TpN16nB1+FCIaexi1dZi7/DUpEA1fIl63mOGM9uS4jWUpS 8Acjcpu7aW/NF3kmsVFIRntGBRatZpnY6cintXCnheHQz4TzxvjPto4wAOv5tbrS02uRnxe PqtUHY93b16vRXhkuMewgYHDxlbu1VtHUtpQ== X-QQ-GoodBg: 2 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Di Ma In-Reply-To: <151913883228.4660.15594261925083651299@ietfa.amsl.com> Date: Tue, 27 Feb 2018 19:14:27 +0800 Cc: secdir , ietf@ietf.org, draft-ietf-sidr-slurm.all@ietf.org, sidr@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn> References: <151913883228.4660.15594261925083651299@ietfa.amsl.com> To: Daniel Migault X-Mailer: Apple Mail (2.3445.5.20) X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:zdns.cn:qybgforeign:qybgforeign2 X-QQ-Bgrelay: 1 Archived-At: Subject: Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 11:14:40 -0000 Daniel, Thanks for your review. Please see my responses in lines. > =E5=9C=A8 2018=E5=B9=B42=E6=9C=8820=E6=97=A5=EF=BC=8C23:00=EF=BC=8CDanie= l Migault =E5=86=99=E9=81=93=EF=BC=9A >=20 > Reviewer: Daniel Migault > Review result: Has Nits >=20 > Hi,=20 >=20 > I have reviewed this document as part of the security directorate's=20 > ongoing effort to review all IETF documents being processed by the=20 > IESG. These comments were written primarily for the benefit of the=20 > security area directors. Document editors and WG chairs should treat=20= > these comments just like any other last call comments. >=20 > The summary of the review is Ready with nits: >=20 > =E2=80=A2 section 1: Introduction >=20 > However, an RPKI relying party may want to override some of the > information expressed via putative TAs and the certificates >=20 > It seems that TA is being used for the first time here. The = acronym > should be extended to ease the reading of the document. I am reading = it=20 > as Trust Anchor. >=20 Yes. We will use Trust Anchor for its first use.=20 >=20 > =E2=80=A2 section 2. RPKI RPs with SLURM >=20 > SLURM provides a simple way to enable RPs to establish a local, >=20 > It seems to me the acronym RP is used for the first time. It = seems that=20 > it should be expanded to ease the reading of the document. I am = reading it=20 > as Relaying Party. Yes. We will use Relaying Party for its first use.=20 >=20 >=20 > =E2=80=A2 section 6 Security considerations >=20 > I My reading is that the section catches the criticality of the = SLURM=20 > files and that network operators are already familiar provisioning = critical=20 > data. As such I believe the section is sufficiently clear. >=20 > =E2=80=A2 whole document: >=20 > It seems that BGPSec, and BGPsec are used together. I believe = this=20 > should be harmonized to BGPsec. We will use BGPsec throughout this document as used by RFC 8205.=20 Di= From nobody Tue Feb 27 06:28:30 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDFD612D77B for ; Tue, 27 Feb 2018 06:28:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HwiYxHQBKC-F for ; Tue, 27 Feb 2018 06:28:21 -0800 (PST) Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE8712D7F2 for ; Tue, 27 Feb 2018 06:28:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519741699; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ep7NXBAMNvdckBzLLeYtiDS1kQ2WJpxg5EUM7+DDgac=; b=NiJB61oVJ9mOL0ern/MiTdozlIeIbxcG8Ty5ToG3NT1oCCxFPoZWJerbHZQj+YVL Ndr0INCcj/lnlXlKRpjmf1XIg5DfpX6JWF4PlU/Ld8hsUvPZ6cemnTs+mkAuyj7D q/g/iLTnkibLIZu0I+Swz5dhjhgl1oJ9RBbkeJ8V7hY=; X-AuditID: c6180641-835ff70000007a40-32-5a956b022bb3 Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usplmg21.ericsson.net (Symantec Mail Security) with SMTP id 5F.98.31296.20B659A5; Tue, 27 Feb 2018 15:28:19 +0100 (CET) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0352.000; Tue, 27 Feb 2018 09:28:18 -0500 From: Daniel Migault To: Di Ma CC: secdir , "ietf@ietf.org" , "draft-ietf-sidr-slurm.all@ietf.org" , "sidr@ietf.org" Thread-Topic: [sidr] Secdir last call review of draft-ietf-sidr-slurm-06 Thread-Index: AQHTr7wnUTKslLZqfEuSwcNPDeWDTqO4TsOw Date: Tue, 27 Feb 2018 14:28:17 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118DDDB6B@eusaamb107.ericsson.se> References: <151913883228.4660.15594261925083651299@ietfa.amsl.com> <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn> In-Reply-To: <5DC08C9A-C97E-4E8B-918B-A33E6D401FBD@zdns.cn> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.222] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJLMWRmVeSWpSXmKPExsUyuXRPiC5z9tQog8vT+SxutllZPNs4n8Xi 3pNiiw8LH7JYLJt0ntGB1WPJkp9MHu+6OhkDmKK4bFJSczLLUov07RK4MvovLGIq+CZRcXBu A2MD4xKJLkZODgkBE4k9/+exgNhCAkcYJaafALK5gOzljBIbj91kBEmwCRhJtB3qZ+9i5OAQ EZCQuPaZF6SGWWAto8Tejg52kBphAXeJrtP32EBsEQEPieWTVjFC2EYSJ35eZwKxWQRUJc5P vQZm8wr4SjQu2QO1uETi/rwGMJtTwFpi14lZrCA2o4CYxPdTa8DqmQXEJW49mc8EcbSAxJI9 55khbFGJl4//sYLcJiGgLLHoTB6IySygKbF+lz5Ep6LElO6H7BBbBSVOznzCMoFRdBaSobMQ OmYh6ZiFpGMBI8sqRo7S4oKc3HQjw02MwAg5JsHmuINxb6/nIUYBDkYlHt6fIVOjhFgTy4or cw8xSnAwK4nwrlw8OUqINyWxsiq1KD++qDQntfgQozQHi5I47zlP3ighgfTEktTs1NSC1CKY LBMHp1QDo5oFjxuPEo/e5tolc6OPtHlZcQrI6S02Vdx9fWXNkd13+w7dfc3wX/zAp6x9gZNs Tym5xZRMdzUWYja3TqlWPpnwzlZluXyMWju/Qp/d1qLa58KfDizJ6645w6pYffTi7n/br1tz NPYv1U5VuxG3rHzbgufKcs0KT/X0PLd4HVr6ebfly6wSJZbijERDLeai4kQAg8GabIwCAAA= Archived-At: Subject: Re: [secdir] [sidr] Secdir last call review of draft-ietf-sidr-slurm-06 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 14:28:23 -0000 SGkgRGksIA0KDQpUaGlzIGFkZHJlc3NlcyBteSBjb25jZXJucyB0aGFua3MhDQpZb3VycywgDQpE YW5pZWwNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IERpIE1hIFttYWlsdG86 bWFkaUB6ZG5zLmNuXSANClNlbnQ6IFR1ZXNkYXksIEZlYnJ1YXJ5IDI3LCAyMDE4IDY6MTQgQU0N ClRvOiBEYW5pZWwgTWlnYXVsdCA8ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPg0KQ2M6IHNl Y2RpciA8c2VjZGlyQGlldGYub3JnPjsgaWV0ZkBpZXRmLm9yZzsgZHJhZnQtaWV0Zi1zaWRyLXNs dXJtLmFsbEBpZXRmLm9yZzsgc2lkckBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtzaWRyXSBTZWNk aXIgbGFzdCBjYWxsIHJldmlldyBvZiBkcmFmdC1pZXRmLXNpZHItc2x1cm0tMDYNCg0KRGFuaWVs LA0KDQpUaGFua3MgZm9yIHlvdXIgcmV2aWV3Lg0KDQpQbGVhc2Ugc2VlIG15IHJlc3BvbnNlcyBp biBsaW5lcy4NCg0KDQo+IOWcqCAyMDE45bm0MuaciDIw5pel77yMMjM6MDDvvIxEYW5pZWwgTWln YXVsdCA8ZGFuaWVsLm1pZ2F1bHRAZXJpY3Nzb24uY29tPiDlhpnpgZPvvJoNCj4gDQo+IFJldmll d2VyOiBEYW5pZWwgTWlnYXVsdA0KPiBSZXZpZXcgcmVzdWx0OiBIYXMgTml0cw0KPiANCj4gSGks DQo+IA0KPiBJIGhhdmUgcmV2aWV3ZWQgdGhpcyBkb2N1bWVudCBhcyBwYXJ0IG9mIHRoZSBzZWN1 cml0eSBkaXJlY3RvcmF0ZSdzIA0KPiBvbmdvaW5nIGVmZm9ydCB0byByZXZpZXcgYWxsIElFVEYg ZG9jdW1lbnRzIGJlaW5nIHByb2Nlc3NlZCBieSB0aGUgDQo+IElFU0cuICBUaGVzZSBjb21tZW50 cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgDQo+IHNlY3Vy aXR5IGFyZWEgZGlyZWN0b3JzLiAgRG9jdW1lbnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3Vs ZCB0cmVhdCANCj4gdGhlc2UgY29tbWVudHMganVzdCBsaWtlIGFueSBvdGhlciBsYXN0IGNhbGwg Y29tbWVudHMuDQo+IA0KPiBUaGUgc3VtbWFyeSBvZiB0aGUgcmV2aWV3IGlzIFJlYWR5IHdpdGgg bml0czoNCj4gDQo+IOKAoglzZWN0aW9uIDE6IEludHJvZHVjdGlvbg0KPiANCj4gICBIb3dldmVy LCBhbiBSUEtJIHJlbHlpbmcgcGFydHkgbWF5IHdhbnQgdG8gb3ZlcnJpZGUgc29tZSBvZiB0aGUN Cj4gICBpbmZvcm1hdGlvbiBleHByZXNzZWQgdmlhIHB1dGF0aXZlIFRBcyBhbmQgdGhlIGNlcnRp ZmljYXRlcw0KPiANCj4gPG1nbHQ+SXQgc2VlbXMgdGhhdCBUQSBpcyBiZWluZyB1c2VkIGZvciB0 aGUgZmlyc3QgdGltZSBoZXJlLiBUaGUgDQo+IGFjcm9ueW0gc2hvdWxkIGJlIGV4dGVuZGVkIHRv IGVhc2UgdGhlIHJlYWRpbmcgb2YgdGhlIGRvY3VtZW50LiBJIGFtIA0KPiByZWFkaW5nIGl0IGFz IFRydXN0IEFuY2hvci48L21nbHQ+DQo+IA0KDQpZZXMuIFdlIHdpbGwgdXNlIFRydXN0IEFuY2hv ciBmb3IgaXRzIGZpcnN0IHVzZS4gDQoNCj4gDQo+IOKAoglzZWN0aW9uIDIuICBSUEtJIFJQcyB3 aXRoIFNMVVJNDQo+IA0KPiAgIFNMVVJNIHByb3ZpZGVzIGEgc2ltcGxlIHdheSB0byBlbmFibGUg UlBzIHRvIGVzdGFibGlzaCBhIGxvY2FsLA0KPiANCj4gPG1nbHQ+SXQgc2VlbXMgdG8gbWUgdGhl IGFjcm9ueW0gUlAgaXMgdXNlZCBmb3IgdGhlIGZpcnN0IHRpbWUuIEl0IA0KPiBzZWVtcyB0aGF0 IGl0IHNob3VsZCBiZSBleHBhbmRlZCB0byBlYXNlIHRoZSByZWFkaW5nIG9mIHRoZSBkb2N1bWVu dC4gDQo+IEkgYW0gcmVhZGluZyBpdCBhcyBSZWxheWluZyBQYXJ0eS48L21nbHQ+DQoNClllcy4g V2Ugd2lsbCB1c2UgUmVsYXlpbmcgUGFydHkgZm9yIGl0cyBmaXJzdCB1c2UuIA0KDQo+IA0KPiAN Cj4g4oCiCXNlY3Rpb24gNiBTZWN1cml0eSBjb25zaWRlcmF0aW9ucw0KPiANCj4gPG1nbHQ+SSBN eSByZWFkaW5nIGlzIHRoYXQgdGhlIHNlY3Rpb24gY2F0Y2hlcyB0aGUgY3JpdGljYWxpdHkgb2Yg dGhlIA0KPiBTTFVSTSBmaWxlcyBhbmQgdGhhdCBuZXR3b3JrIG9wZXJhdG9ycyBhcmUgYWxyZWFk eSBmYW1pbGlhciANCj4gcHJvdmlzaW9uaW5nIGNyaXRpY2FsIGRhdGEuIEFzIHN1Y2ggSSBiZWxp ZXZlIHRoZSBzZWN0aW9uIGlzIA0KPiBzdWZmaWNpZW50bHkgY2xlYXIuPC9tZ2x0Pg0KPiANCj4g 4oCiCXdob2xlIGRvY3VtZW50Og0KPiANCj4gPG1nbHQ+SXQgc2VlbXMgdGhhdCBCR1BTZWMsIGFu ZCBCR1BzZWMgYXJlIHVzZWQgdG9nZXRoZXIuIEkgYmVsaWV2ZSANCj4gdGhpcyBzaG91bGQgYmUg aGFybW9uaXplZCB0byBCR1BzZWMuPC9tZ2x0Pg0KDQpXZSB3aWxsIHVzZSBCR1BzZWMgdGhyb3Vn aG91dCB0aGlzIGRvY3VtZW50IGFzIHVzZWQgYnkgUkZDIDgyMDUuIA0KDQpEaQ0KDQo= From nobody Tue Feb 27 07:06:52 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0897012D963; Tue, 27 Feb 2018 07:06:51 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Sean Turner To: Cc: draft-ietf-hip-rfc4423-bis.all@ietf.org, hipsec@ietf.org, ietf@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151974401093.28581.6727583492292312298@ietfa.amsl.com> Date: Tue, 27 Feb 2018 07:06:51 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-hip-rfc4423-bis-19 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 15:06:51 -0000 Reviewer: Sean Turner Review result: Has Nits This is a bis draft of the HIP (Host Identity Protocol) Architecture and because of that I focused on what’s changed (i.e., I reviewed the diffs from https://www.ietf.org/rfcdiff?url1=rfc4423&url2=draft-ietf-hip-rfc4423-bis-18). It’s still HIP but with a slightly expanded scope; it’s still Informational. 1. s4: The one place where I’ll step out from not looking at the old is a similar-ish recommendation that was in the RF4423: In this document, the non-cryptographic forms of HI and HIP are presented to complete the theory of HI, but they should not be implemented as they could produce worse denial-of-service attacks than the Internet has without Host Identity. Should the should not be a SHOULD NOT? 2. (none security) s4.4: Is the paragraph about IPv4 vs IPv6 vs LSI really necessary? I.e., is this yet another thing that folks are going to use to not transition to IPv6? 3. s11.2: Isn’t an additional drawback the need to have a HIP-aware firewall? From nobody Tue Feb 27 12:37:32 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAC7E12D7F3; Tue, 27 Feb 2018 12:37:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aXjB7AI5scN; Tue, 27 Feb 2018 12:37:29 -0800 (PST) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDF29129C6B; Tue, 27 Feb 2018 12:37:28 -0800 (PST) X-AuditID: 12074425-adbff70000006d40-e4-5a95c18572a7 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 4F.37.27968.581C59A5; Tue, 27 Feb 2018 15:37:26 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w1RKbNlv032336; Tue, 27 Feb 2018 15:37:24 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1RKbJM1000845 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 27 Feb 2018 15:37:22 -0500 Date: Tue, 27 Feb 2018 14:37:19 -0600 From: Benjamin Kaduk To: bruno.decraene@orange.com Cc: "draft-ietf-rtgwg-backoff-algo.all@ietf.org" , "iesg@ietf.org" , "secdir@ietf.org" , "Acee Lindem (acee)" Message-ID: <20180227203719.GD50954@kduck.kaduk.org> References: <20180214211017.GI12363@mit.edu> <9677_1518711435_5A85B28A_9677_280_1_53C29892C857584299CBF5D05346208A4799B57B@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216000410.GP12363@mit.edu> <23454_1518784454_5A86CFC6_23454_358_1_53C29892C857584299CBF5D05346208A4799CED8@OPEXCLILM21.corporate.adroot.infra.ftgroup> <20180216182620.GA12363@mit.edu> <3035_1519729055_5A95399F_3035_25_10_53C29892C857584299CBF5D05346208A479AF8F3@OPEXCLILM21.corporate.adroot.infra.ftgroup> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3035_1519729055_5A95399F_3035_25_10_53C29892C857584299CBF5D05346208A479AF8F3@OPEXCLILM21.corporate.adroot.infra.ftgroup> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCKsWRmVeSWpSXmKPExsUixCmqrdt2cGqUwawebovJb+cxW/zYMYfZ 4vr2G2wWM/5MZLb4sPAhiwOrx5TfG1k9liz5yeTR8uwkWwBzFJdNSmpOZllqkb5dAlfGxsc9 rAU9zBWb9j5la2A8ytTFyMkhIWAi0Xd3K0sXIxeHkMBiJonDB1azQzgbGSU6/tyHylxlkng9 8wAbSAuLgKrEmmdLGUFsNgEViYbuy8wgtoiArMSfo42MIA3MAncYJfaefgO2Q1jATmLvjRtg DbxA+2Y9uMEEMXU2i8TUc/fZIBKCEidnPmEBsZkFtCRu/HsJVMQBZEtLLP/HAVLPKdDGKLG+ +Qw7SI2ogLLE3r5D7BMYBWYhaZ+FpH0WQvsCRuZVjLIpuVW6uYmZOcWpybrFyYl5ealFuhZ6 uZkleqkppZsYQUHN7qK6g3HOX69DjAIcjEo8vBnZU6OEWBPLiitzDzFKcjApifJu7AQK8SXl p1RmJBZnxBeV5qQWH2KU4GBWEuFduXhylBBvSmJlVWpRPkxKmoNFSZzXw0Q7SkggPbEkNTs1 tSC1CCYrw8GhJMHbfABoqGBRanpqRVpmTglCmomDE2Q4D9BwJZAa3uKCxNzizHSI/ClGY462 lU/amDluvHjdxizEkpeflyolzqsHUioAUppRmgc3DZSYJLL317xiFAd6TphXAqSKB5jU4Oa9 AlrFBLTqyOcpIKtKEhFSUg2Mk4OPTHzp3cn2kfvOvCqHpD+TYhTF91XN3vFUy1x8gc/blRtU HK5qmDmUvZz5pudvzJbvy9ff7ghkOj1h+q/24OrAB2p3TF9oucj5bNA/xPraMU3X9qdB5iNz 337T7ll87jtLHucc9w9PvWTE0F588bTf1pKX4hNWb9oz/ec2X/bfU/Pula96oMRSnJFoqMVc VJwIAGryi1knAwAA Archived-At: Subject: Re: [secdir] secdir review of draft-ietf-rtgwg-backoff-algo-07 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 20:37:30 -0000 Hi Bruno, On Tue, Feb 27, 2018 at 10:57:34AM +0000, bruno.decraene@orange.com wrote: > Hi Benjamin, > > Thanks to you. > > Just to let you know that -08 has been uploaded. > > https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-backoff-algo-08 > > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-rtgwg-backoff-algo-08 The updates look good to me -- thanks. -Benjamin From nobody Tue Feb 27 17:00:46 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9E28124D68; Tue, 27 Feb 2018 17:00:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvxkQ5GJ3ize; Tue, 27 Feb 2018 17:00:44 -0800 (PST) Received: from mail-ot0-x22c.google.com (mail-ot0-x22c.google.com [IPv6:2607:f8b0:4003:c0f::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 947B7124235; Tue, 27 Feb 2018 17:00:44 -0800 (PST) Received: by mail-ot0-x22c.google.com with SMTP id l5so720634otf.9; Tue, 27 Feb 2018 17:00:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=T7N4Nuj72Em0ztMDhDkoWJHHiTJS4xLcCDKMt8/69Nc=; b=lNKMRbcjhZwvYFmkZ/qbKrDD6JOVVYtQlTUwD4JoGzc4D1GPGy46p3pOWRBaw89K2T l66yWrHGDHBwhQjxdqg/C48/yiFmr1Jwfyp3B3817+INcbRwmsJHyDhe7hwD61woC7d6 L+7gbws8tbihZw5epPIkA6YrerYRPEkudmPOLF21B2Ju9qxG17jDcklOemGHvDHiPAP2 U3Y1/GKMSSrJDeKnra9EIF+p3onZELF5U+O6oBraaCMW2otmSvUshvVKC7tWkPnYCdVx cAq5Frfj+9deqjIwVOmZSeNzn9Q/f7BPC4+q8u2ccA3E49T5GtEgaIDxsjqZ3aJF1Wo6 Yy9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=T7N4Nuj72Em0ztMDhDkoWJHHiTJS4xLcCDKMt8/69Nc=; b=RAdalClxd828uZvKHrFR25IMNqV6iuXb9CTqSh3lxr8tzg7PUKM58lZMAF1wg+HjZk Pc/OXjiyx0+YuWn3sT2BfR9+8fnB7rDiUjna7vnPRlWZe4pvluPGQC0iq5jV+TjCiVjU B0ZAi6QCYVnHuZoG5sZbtI+0qd1eVxxZ4jl5ZbWqfMqH98SJDwFivWgqBoBkb62HRaq2 ejdslc2oEFI+4YLLV774ubhYUJ69kQ2Gk10b1aaw6pK8KVFh4ONMYdQ+GA6HsCHu1s58 edznkMX+yfffE0UubB/ihJBiMp3DJJ+j5/f7LrrhnFzTl9h18nZ04B7Zel3siWLUfeN2 4WXw== X-Gm-Message-State: APf1xPAJJwpksWN+OOvvlIpQ1ROCmCBVULzWDlkPln8VWUoK44U3uRRz 4OKbq+GoE7qSAEXdWI5nBzr6foek7G8zjrGW2L4= X-Google-Smtp-Source: AG47ELv2M2MccXnKENd51UCGJVPm+1xPWtMSXmRdraRY/BdDQMM/Y4DTshYF5xrce/KqTP+SUzIY0BcTNuQDqQn1NRY= X-Received: by 10.157.64.181 with SMTP id n50mr12089889ote.241.1519779643869; Tue, 27 Feb 2018 17:00:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.16.85 with HTTP; Tue, 27 Feb 2018 17:00:43 -0800 (PST) In-Reply-To: References: <5C2E06FE-8685-457D-ACED-5600092C1CB1@deployingradius.com> <20180223191714.GG50954@kduck.kaduk.org> From: Martin Thomson Date: Wed, 28 Feb 2018 12:00:43 +1100 Message-ID: To: Hannes Tschofenig Cc: Benjamin Kaduk , Alan DeKok , "draft-ietf-tls-record-limit@ietf.org" , IESG , "secdir@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [secdir] Secdir review of draft-ietf-tls-record-limit X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 01:00:46 -0000 Thanks Hannes, On Tue, Feb 27, 2018 at 9:27 PM, Hannes Tschofenig wrote: > For example, imagine a certificate message that may contain multiple cert= ificates that then need to be processed one by one by the recipient. Here t= he stack needs to be "smart" enough to send enough data that the recipient = can actually do something with it (like one complete certificate) but also = not too much so that it still fits into the buffer. For application data it= may be less complicated since the application developer who had set the RS= L limit is most likely aware of what to do when the stack cannot send all t= he data. Yeah, if you are so constrained that a single datagram is all the scratch space you have, then big certificates can be nigh on impossible to manage. My understanding is that raw public keys are more common in this context. > FWIW: The draft currently says that "unprotected messages - handshake mes= sages in particular - are not subject to this limit.". I am not sure whethe= r I fully understand that sentence. Does it mean that the limit does not ap= ply to handshake messages at all or only to handshake messages that are unp= rotected? In either case I am not sure whether that scoping makes sense sin= ce handshake messages can become fairly large. This was written with two things in mind. TCP makes it easy to apply back pressure and thereby enable progressive reads for larger cleartext messages, assuming that you can read it all without holding everything in memory at once. More critically, a ClientHello will be sent in ignorance of any preferences on a server, so a server has to cope somehow. If you remain concerned about constrained *clients*, maybe we can change the requirement and have it apply immediately for the server's handshake messages. In TLS 1.2, it would then also apply to the client Certificate, which I suppose is something. It's definitely possible to make this change. (Now that I think on it, my implementation may already do this. I should check.) From nobody Tue Feb 27 22:57:45 2018 Return-Path: X-Original-To: secdir@ietf.org Delivered-To: secdir@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E72B612DA14; Tue, 27 Feb 2018 22:57:43 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Joseph Salowey To: Cc: iesg@ietf.org, teas@ietf.org, draft-ietf-teas-rsvp-ingress-protection.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151980106388.5124.1750215397283002470@ietfa.amsl.com> Date: Tue, 27 Feb 2018 22:57:43 -0800 Archived-At: Subject: [secdir] Secdir last call review of draft-ietf-teas-rsvp-ingress-protection-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 06:57:44 -0000 Reviewer: Joseph Salowey Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. In general I felt that the document was a bit difficult to read and the issues raised in the Genart and RTG reviews should be addressed. >From a security point of view I believe the document is ready, but I have a comment below that might improve the document. I find the security considerations as reference to other documents a bit unsettling, however, based on my somewhat limited understanding of RSVP it think it is accurate in this case. The problem I have with the security considerations as reference is that most implementors are probably are not going to follow the links to the other documents to find out what security wisdom lies therein. If the document pointed to specific considerations in other documents that were particularly relevant to this document that would be an improvement. I couldn't work my way back through the chain of references to something specific, but someone with a bit more RSVP domain knowledge may be able to make some specific recommendations. From nobody Wed Feb 28 07:34:19 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625DE12EB12 for ; Wed, 28 Feb 2018 07:34:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.321 X-Spam-Level: X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUFIJT0W2AfT for ; Wed, 28 Feb 2018 07:34:08 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9A3812D960 for ; Wed, 28 Feb 2018 07:34:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1519832042; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=umqc2P2jMbmmF4SvTtMDbEfoqs/3IzA9/Z80YzCIYGU=; b=Lsa9Q+NpCOoZQ2rEaCiCIAdSU0qD4oM+Awjn8vEiFhvxmsZHzYReO4s9sVEmPwlG AFj9vdH6rkBthUurv1IfgRKBEBCIzAkDyVt+e16FeTr3wXuSb3/aw8v7AOCd5aI3 JUJw7qvNUl3nx+hdaCgcyeKkbrJmRYT9QPW6My44H+w=; X-AuditID: c1b4fb2d-4b1ff70000005540-9b-5a96cbea732a Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id A8.77.21824.AEBC69A5; Wed, 28 Feb 2018 16:34:02 +0100 (CET) Received: from [131.160.51.186] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.74) with Microsoft SMTP Server id 14.3.352.0; Wed, 28 Feb 2018 16:34:02 +0100 To: Sean Turner , CC: , , References: <151974401093.28581.6727583492292312298@ietfa.amsl.com> From: Miika Komu Organization: Ericsson AB Message-ID: <61df7006-3ce9-2929-b58d-af500fa40ea8@ericsson.com> Date: Wed, 28 Feb 2018 17:34:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <151974401093.28581.6727583492292312298@ietfa.amsl.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrMLMWRmVeSWpSXmKPExsUyM2K7h+6r09OiDE5ftLI4d+IYq8XURZOZ LZ5tnM9icWVVI7PFh4UPWRxYPZYs+cnkcfAgYwBTFJdNSmpOZllqkb5dAlfGhE8XmAp+yFY8 XjCXvYHxnngXIyeHhICJxJqPk1m6GLk4hAQOM0o8PnWOCSQhJLCGUeLQE6AEB4ewgKvEianZ IGERAWOJx30zwUqYBYIljs36wgJR7iyxeuZ0sDibgJbEqjvXmUFsfgFJiQ0Nu8FsXgF7ia0d z8DqWQRUJX50/WYDsUUFIiQ6V85ngagRlDg5E2Itp4CLxJJNBhCrLCRmzj/PCGGLS9x6Mh/q BG2JZQtfM4OUCwmoSFw8FjyBUWgWkkGzkHTPQtI9C0n3AkaWVYyixanFxbnpRsZ6qUWZycXF +Xl6eaklmxiBQX9wy2/dHYyrXzseYhTgYFTi4dXfMS1KiDWxrLgy9xCjBAezkgjv6e1AId6U xMqq1KL8+KLSnNTiQ4zSHCxK4rwnPXmjhATSE0tSs1NTC1KLYLJMHJxSDYydxt2z1qwrOSW9 ZMGy/NLW+RMnr9vSGRv6dInXhlqL48VTdW50bFJlPTfLiT9++VLNM6rtu/9pd7+XK6nzjp3n ZF9nWll1/vGlRy079CdKtXnOOHn3mde5SYmuDGFdGzymq+hdTfEtbHJ19/2REHCMq7qW77hJ GmOg9I7/HjPELuy6/zCf202JpTgj0VCLuag4EQA49RhQdgIAAA== Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-hip-rfc4423-bis-19 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 15:34:09 -0000 Hi Sean, On 02/27/2018 05:06 PM, Sean Turner wrote: > Reviewer: Sean Turner > Review result: Has Nits >=20 > This is a bis draft of the HIP (Host Identity Protocol) Architecture an= d > because of that I focused on what=E2=80=99s changed (i.e., I reviewed t= he diffs from > https://www.ietf.org/rfcdiff?url1=3Drfc4423&url2=3Ddraft-ietf-hip-rfc44= 23-bis-18). > It=E2=80=99s still HIP but with a slightly expanded scope; it=E2=80=99s= still Informational. >=20 > 1. s4: The one place where I=E2=80=99ll step out from not looking at th= e old is a > similar-ish recommendation that was in the RF4423: >=20 > In this document, the non-cryptographic forms of HI and HIP are > presented to complete the theory of HI, but they should not be > implemented as they could produce worse denial-of-service attacks > than the Internet has without Host Identity. >=20 > Should the should not be a SHOULD NOT? I can change this for sure but the whole document is written without the = capitalized terms due to its informal nature... actually, this sentence=20 is a bit moot since non-cryptographic forms of HI are only referenced in = the text. I would suggest rephrasing this as follows: "In this document, some non-cryptographic forms of HI and HIP are referenced, but cryptographic forms should be preferred because they are = more secure than their non-cryptographic counterparts." Would that work for you? > 2. (none security) s4.4: Is the paragraph about IPv4 vs IPv6 vs LSI rea= lly > necessary? I.e., is this yet another thing that folks are going to use= to not > transition to IPv6? I think the draft should discuss IPv4 compatibility because it is part=20 of architecture design. Btw, do you mean this paragraph or something else? The interoperability mechanism should not be used to avoid transition to IPv6; the authors firmly believe in IPv6 adoption and encourage developers to port existing IPv4-only applications to use IPv6. However, some proprietary, closed-source, IPv4-only applications may never see the daylight of IPv6, and the LSI mechanism is suitable for extending the lifetime of= such applications even in IPv6-only networks. IMHO, the LSIs should be supported mainly for the sake of proprietary,=20 legacy applications which should be supported for backwards=20 compatibility. The next paragraph also mentions a limitation of the LSIs:= The main disadvantage of an LSI is its local scope. Applications may violate layering principles and pass LSIs to each other in application-layer protocols. Let me know if you would like change or emphasize something? > 3. s11.2: Isn=E2=80=99t an additional drawback the need to have a HIP-a= ware firewall? Good point. It's both a benefit and drawback from the viewpoint of=20 firewalls. s11.1 mentions: [...] First, the use of HITs can potentially halve the size of access control lists because separate rules for IPv4 are not needed [komu-diss]. Second, HIT-based configuration rules in HIP-aware middleboxes remain static and independent of topology changes, thus simplifying administrative efforts particularly for mobile environments. As a drawback, I could add something like this to s11.2: In the current Internet, firewalls are commonly used to control access=20 to various services and devices. Since HIP introduces a new namespace,=20 it is expected that also the HIP namespace would be filtered for=20 unwanted connectivity. While this can be achieved with existing tools=20 directly in the end-hosts, filtering at the middleboxes requires=20 modifications to existing firewall software or new middleboxes [RFC6538].= How does this sound? From nobody Wed Feb 28 12:56:03 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C08F6124BFA; Wed, 28 Feb 2018 12:55:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.01 X-Spam-Level: X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8dM_YFtXSOf; Wed, 28 Feb 2018 12:55:46 -0800 (PST) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB6B9124BE8; Wed, 28 Feb 2018 12:55:45 -0800 (PST) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3zs7BQ45k3z261; Wed, 28 Feb 2018 21:55:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1519851342; bh=se9Jmij89OmsDCdfDtuFZbFlCmY21TKc8mCF0oP4X14=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=aFrA+6J0W5Io3mNTmdBjKb2oIEOe0l0uAXdBylxU66hY5+O5AiFF5RmytuNTolNP8 EQUp+uu1CGikLe2msovIoCoJdRqt39R1nCLUiW4By7dku5PUZFJLYtsiMvZTQ4Jm+c +nJ54l2/trom4TF4HsqL3c2EzOCz6SnqJQ1IlWPo= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 0NqSLETccM-g; Wed, 28 Feb 2018 21:55:39 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 28 Feb 2018 21:55:38 +0100 (CET) Received: by bofh.nohats.ca (Postfix, from userid 1000) id D2B0D36670A; Wed, 28 Feb 2018 15:55:37 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca D2B0D36670A Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C971644DA258; Wed, 28 Feb 2018 15:55:37 -0500 (EST) Date: Wed, 28 Feb 2018 15:55:37 -0500 (EST) From: Paul Wouters To: Susan Hares cc: secdir@ietf.org, i2rs@ietf.org, ietf@ietf.org, draft-ietf-i2rs-rib-info-model.all@ietf.org In-Reply-To: <002a01d3ae92$9b899660$d29cc320$@ndzh.com> Message-ID: References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> <002a01d3ae92$9b899660$d29cc320$@ndzh.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 20:55:48 -0000 On Sun, 25 Feb 2018, Susan Hares wrote: > The current I2RS RIB Data model is a yang model which can be access via > netconf and restconf with the restrictions in the network management > datastore architecture. Are you looking for us to specify the > netconf/restconf suite protocols, and the CBOR for binary in this section. > > If you are looking for more than that, are you looking for what is in > https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/ Thanks for the clarification. It was indeed a misunderstanding on my part. It seems I cannot update my review status from the tracker tool to "ready" though. Does anyone know how to update a review result? Paul From nobody Wed Feb 28 14:41:24 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E04E126FDC for ; Wed, 28 Feb 2018 14:41:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fubMjUolHmiK for ; Wed, 28 Feb 2018 14:41:22 -0800 (PST) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE467126FB3 for ; Wed, 28 Feb 2018 14:41:21 -0800 (PST) X-AuditID: 12074423-5fdff70000006b6c-41-5a97300fe067 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 59.11.27500.F00379A5; Wed, 28 Feb 2018 17:41:20 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w1SMfIbr005862; Wed, 28 Feb 2018 17:41:18 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1SMfEgb025615 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 28 Feb 2018 17:41:17 -0500 Date: Wed, 28 Feb 2018 16:41:14 -0600 From: Benjamin Kaduk To: Paul Wouters Cc: secdir@ietf.org Message-ID: <20180228224114.GM50954@kduck.kaduk.org> References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> <002a01d3ae92$9b899660$d29cc320$@ndzh.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFIsWRmVeSWpSXmKPExsUixCmqrStgMD3K4GCHkMX7W5eYLD4sfMji wOSxZMlPJo/v85gCmKK4bFJSczLLUov07RK4MmZuuMxcsI+9Yt+u84wNjD9Yuxg5OSQETCRa f+1m7mLk4hASWMwk8e77fyaQhJDARkaJnbeUIOyrTBINr4RAbBYBVYkp09vBatgEVCQaui8z g9giAooSk848YgGxmQWEJXq7F4DZwgLREle2nAGr5wVadnTpYnaIZcsYJbY0HmSHSAhKnJz5 BKpZS+LGv5dADRxAtrTE8n8cICangL3EkcsiIBWiAsoSe/sOsU9gFJiFpHkWkuZZCM0LGJlX Mcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zrp5WaW6KWmlG5iBAUou4vyDsaXfd6HGAU4GJV4eGcc nBYlxJpYVlyZe4hRkoNJSZS37yhQiC8pP6UyI7E4I76oNCe1+BCjBAezkgjv6e1AOd6UxMqq 1KJ8mJQ0B4uSOK+HiXaUkEB6YklqdmpqQWoRTFaGg0NJgldKf3qUkGBRanpqRVpmTglCmomD E2Q4D9DwAD2gGt7igsTc4sx0iPwpRmOOtpVP2pg5brx43cYsxJKXn5cqJc77FKRUAKQ0ozQP bhooyUhk7695xSgO9JwwbzbIUh5ggoKb9wpoFRPQqiOfp4CsKklESEk1MNo7WO/cHZxaWFuw WlPr+Ja7k6WjdvRNiL33pvxegYNDzfrt/A//BByMaeDdavfstlfuCxcH/RWnlRblrzAVsubZ mbhure7cw3b2sUXZPUbXXUqmulbvigic6y/GZtMldudr8kSpEw36BR6RvUVNAlfXHaqRso9P fyIRPd2Cj3OS0bnfhh2ySizFGYmGWsxFxYkAnLxLtA0DAAA= Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 22:41:23 -0000 On Wed, Feb 28, 2018 at 03:55:37PM -0500, Paul Wouters wrote: > On Sun, 25 Feb 2018, Susan Hares wrote: > > > The current I2RS RIB Data model is a yang model which can be access via > > netconf and restconf with the restrictions in the network management > > datastore architecture. Are you looking for us to specify the > > netconf/restconf suite protocols, and the CBOR for binary in this section. > > > > If you are looking for more than that, are you looking for what is in > > https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/ > > Thanks for the clarification. It was indeed a misunderstanding on my > part. > > It seems I cannot update my review status from the tracker tool to > "ready" though. Does anyone know how to update a review result? If you go to the datatracker page for the review request, there is a "correct review" button that seems to allow edits. At least, there is for me. -Ben From nobody Wed Feb 28 14:51:19 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB016126FDC for ; Wed, 28 Feb 2018 14:51:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.211 X-Spam-Level: X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vPlabE93QxH5 for ; Wed, 28 Feb 2018 14:51:15 -0800 (PST) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 548E5126FB3 for ; Wed, 28 Feb 2018 14:51:15 -0800 (PST) X-AuditID: 12074425-60dff70000000df0-53-5a97326083ac Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id E6.71.03568.162379A5; Wed, 28 Feb 2018 17:51:13 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w1SMp8cs015608; Wed, 28 Feb 2018 17:51:10 -0500 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w1SMp5Cx028890 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 28 Feb 2018 17:51:07 -0500 Date: Wed, 28 Feb 2018 16:51:05 -0600 From: Benjamin Kaduk To: Paul Wouters Cc: secdir@ietf.org Message-ID: <20180228225105.GN50954@kduck.kaduk.org> References: <151958515603.12934.11779217462614817262@ietfa.amsl.com> <002a01d3ae92$9b899660$d29cc320$@ndzh.com> <20180228224114.GM50954@kduck.kaduk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180228224114.GM50954@kduck.kaduk.org> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixG6noptoND3K4MQjHYv3ty4xWXxY+JDF gcljyZKfTB7f5zEFMEVx2aSk5mSWpRbp2yVwZXz5cJe14BVnxd8jT9gbGG+xdzFyckgImEj8 7ZjI2sXIxSEksJhJ4tnFc4wQzkZGic3rG6EyV5kktm94zwjSwiKgKrFzzhE2EJtNQEWiofsy M4gtIqAoMenMIxYQm1lAWKK3ewGYLSwQLXFlyxkmEJsXaN2k3bvYIIZeZJTYeGQLG0RCUOLk zCdQzVoSN/69BGrgALKlJZb/4wAJcwqYSjz90wt2g6iAssTevkPsExgFZiHpnoWkexZC9wJG 5lWMsim5Vbq5iZk5xanJusXJiXl5qUW6Fnq5mSV6qSmlmxjBYeqiuoNxzl+vQ4wCHIxKPLwO +6dFCbEmlhVX5h5ilORgUhLl7TsKFOJLyk+pzEgszogvKs1JLT7EKMHBrCTCe3o7UI43JbGy KrUoHyYlzcGiJM7rYaIdJSSQnliSmp2aWpBaBJOV4eBQkuBVA8ajkGBRanpqRVpmTglCmomD E2Q4D9BwPpAa3uKCxNzizHSI/ClGXY4bL163MQux5OXnpUqJ8y4yBCoSACnKKM2DmwNKLxLZ +2teMYoDvSXM6wFSxQNMTXCTXgEtYQJacuTzFJAlJYkIKakGxqDYlYIXnnc+PbzI6b1WyPLH yhNNPeSXsAX8eyOxa2JJ7YstM2Pr3P99fR/mOoHL2mZr4LHO3RF1EyZl3fkVs5LPt517e7P/ udYLExkznbbE8TN1V98+4VCcc9WqdOsPA0c3w5Mz9Z5YJUlK3Okzl8l0WlHwY0Hi1D1uyQy+ hhuzzPP81JakKbEUZyQaajEXFScCAC5oTscKAwAA Archived-At: Subject: Re: [secdir] [i2rs] Secdir last call review of draft-ietf-i2rs-rib-info-model-14 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2018 22:51:17 -0000 On Wed, Feb 28, 2018 at 04:41:14PM -0600, Benjamin Kaduk wrote: > On Wed, Feb 28, 2018 at 03:55:37PM -0500, Paul Wouters wrote: > > On Sun, 25 Feb 2018, Susan Hares wrote: > > > > > The current I2RS RIB Data model is a yang model which can be access via > > > netconf and restconf with the restrictions in the network management > > > datastore architecture. Are you looking for us to specify the > > > netconf/restconf suite protocols, and the CBOR for binary in this section. > > > > > > If you are looking for more than that, are you looking for what is in > > > https://datatracker.ietf.org/doc/draft-ietf-i2rs-security-environment-reqs/ > > > > Thanks for the clarification. It was indeed a misunderstanding on my > > part. > > > > It seems I cannot update my review status from the tracker tool to > > "ready" though. Does anyone know how to update a review result? > > If you go to the datatracker page for the review request, there is a > "correct review" button that seems to allow edits. > At least, there is for me. And to follow up, to get to the review *request* page (as opposed to the page for the review itself, which is linked from the document page), you can go to "my reviews" in the left sidebar. -Ben From nobody Wed Feb 28 18:37:24 2018 Return-Path: X-Original-To: secdir@ietfa.amsl.com Delivered-To: secdir@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE79F12DA16; Wed, 28 Feb 2018 18:37:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.23 X-Spam-Level: X-Spam-Status: No, score=-4.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ewp2OM9XN2ya; Wed, 28 Feb 2018 18:37:18 -0800 (PST) Received: from huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D162A127863; Wed, 28 Feb 2018 18:37:17 -0800 (PST) Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 5912AB8D21BB; Thu, 1 Mar 2018 02:37:14 +0000 (GMT) Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 1 Mar 2018 02:37:15 +0000 Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.168]) by SJCEML702-CHM.china.huawei.com ([169.254.4.179]) with mapi id 14.03.0382.000; Wed, 28 Feb 2018 18:37:11 -0800 From: Huaimo Chen To: Joseph Salowey , "secdir@ietf.org" CC: "iesg@ietf.org" , "teas@ietf.org" , "draft-ietf-teas-rsvp-ingress-protection.all@ietf.org" Thread-Topic: Secdir last call review of draft-ietf-teas-rsvp-ingress-protection-13 Thread-Index: AQHTsGF0bMS2tSZEukW0ApcMkK50nKO6bCJA Date: Thu, 1 Mar 2018 02:37:09 +0000 Message-ID: <5316A0AB3C851246A7CA5758973207D463A54A8D@sjceml521-mbs.china.huawei.com> References: <151980106388.5124.1750215397283002470@ietfa.amsl.com> In-Reply-To: <151980106388.5124.1750215397283002470@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.47.156.83] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [secdir] Secdir last call review of draft-ietf-teas-rsvp-ingress-protection-13 X-BeenThere: secdir@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Security Area Directorate List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 02:37:19 -0000 SGkgSm9zZXBoLA0KDQogICAgVGhhbmsgeW91IHZlcnkgbXVjaCBmb3IgeW91ciB0aW1lIGFuZCBj b21tZW50cy4NCiAgICBUaGUgc3BlY2lmaWMgcmVsZXZhbnQgZG9jdW1lbnRzIGhhdmUgYmVlbiBh ZGRlZC4gDQoNCkJlc3QgUmVnYXJkcywNCkh1YWltbw0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS0NCkZyb206IEpvc2VwaCBTYWxvd2V5IFttYWlsdG86am9lQHNhbG93ZXkubmV0XSANClNlbnQ6 IFdlZG5lc2RheSwgRmVicnVhcnkgMjgsIDIwMTggMTo1OCBBTQ0KVG86IHNlY2RpckBpZXRmLm9y Zw0KQ2M6IGllc2dAaWV0Zi5vcmc7IHRlYXNAaWV0Zi5vcmc7IGRyYWZ0LWlldGYtdGVhcy1yc3Zw LWluZ3Jlc3MtcHJvdGVjdGlvbi5hbGxAaWV0Zi5vcmcNClN1YmplY3Q6IFNlY2RpciBsYXN0IGNh bGwgcmV2aWV3IG9mIGRyYWZ0LWlldGYtdGVhcy1yc3ZwLWluZ3Jlc3MtcHJvdGVjdGlvbi0xMw0K DQpSZXZpZXdlcjogSm9zZXBoIFNhbG93ZXkNClJldmlldyByZXN1bHQ6IFJlYWR5DQoNCkkgaGF2 ZSByZXZpZXdlZCB0aGlzIGRvY3VtZW50IGFzIHBhcnQgb2YgdGhlIHNlY3VyaXR5IGRpcmVjdG9y YXRlJ3Mgb25nb2luZyBlZmZvcnQgdG8gcmV2aWV3IGFsbCBJRVRGIGRvY3VtZW50cyBiZWluZyBw cm9jZXNzZWQgYnkgdGhlIElFU0cuIFRoZXNlIGNvbW1lbnRzIHdlcmUgd3JpdHRlbiBwcmltYXJp bHkgZm9yIHRoZSBiZW5lZml0IG9mIHRoZSBzZWN1cml0eSBhcmVhIGRpcmVjdG9ycy4gRG9jdW1l bnQgZWRpdG9ycyBhbmQgV0cgY2hhaXJzIHNob3VsZCB0cmVhdCB0aGVzZSBjb21tZW50cyBqdXN0 IGxpa2UgYW55IG90aGVyIGxhc3QgY2FsbCBjb21tZW50cy4NCg0KSW4gZ2VuZXJhbCBJIGZlbHQg dGhhdCB0aGUgZG9jdW1lbnQgd2FzIGEgYml0IGRpZmZpY3VsdCB0byByZWFkIGFuZCB0aGUgaXNz dWVzIHJhaXNlZCBpbiB0aGUgR2VuYXJ0IGFuZCBSVEcgcmV2aWV3cyBzaG91bGQgYmUgYWRkcmVz c2VkLg0KDQo+RnJvbSBhIHNlY3VyaXR5IHBvaW50IG9mIHZpZXcgSSBiZWxpZXZlIHRoZSBkb2N1 bWVudCBpcyByZWFkeSwgYnV0IEkgDQo+aGF2ZSBhDQpjb21tZW50IGJlbG93IHRoYXQgbWlnaHQg aW1wcm92ZSB0aGUgZG9jdW1lbnQuDQoNCkkgZmluZCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlv bnMgYXMgcmVmZXJlbmNlIHRvIG90aGVyIGRvY3VtZW50cyBhIGJpdCB1bnNldHRsaW5nLCBob3dl dmVyLCBiYXNlZCBvbiBteSBzb21ld2hhdCBsaW1pdGVkIHVuZGVyc3RhbmRpbmcgb2YgUlNWUCBp dCB0aGluayBpdCBpcyBhY2N1cmF0ZSBpbiB0aGlzIGNhc2UuICBUaGUgcHJvYmxlbSBJIGhhdmUg d2l0aCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgYXMgcmVmZXJlbmNlIGlzIHRoYXQgbW9z dCBpbXBsZW1lbnRvcnMgYXJlIHByb2JhYmx5IGFyZSBub3QgZ29pbmcgdG8gZm9sbG93IHRoZSBs aW5rcyB0byB0aGUgb3RoZXIgZG9jdW1lbnRzIHRvIGZpbmQgb3V0IHdoYXQgc2VjdXJpdHkNCndp c2RvbSBsaWVzIHRoZXJlaW4uICAgSWYgdGhlIGRvY3VtZW50IHBvaW50ZWQgdG8gc3BlY2lmaWMg Y29uc2lkZXJhdGlvbnMgaW4NCm90aGVyIGRvY3VtZW50cyB0aGF0IHdlcmUgcGFydGljdWxhcmx5 IHJlbGV2YW50IHRvIHRoaXMgZG9jdW1lbnQgdGhhdCB3b3VsZCBiZSBhbiBpbXByb3ZlbWVudC4g IEkgY291bGRuJ3Qgd29yayBteSB3YXkgYmFjayB0aHJvdWdoIHRoZSBjaGFpbiBvZiByZWZlcmVu Y2VzIHRvIHNvbWV0aGluZyBzcGVjaWZpYywgYnV0IHNvbWVvbmUgd2l0aCBhIGJpdCBtb3JlIFJT VlAgZG9tYWluIGtub3dsZWRnZSBtYXkgYmUgYWJsZSB0byBtYWtlIHNvbWUgc3BlY2lmaWMgcmVj b21tZW5kYXRpb25zLg0KDQoNCg==